Infrastructure

Open source, decentralized and self-hosted infrastructure for many services.

About

It uses caddy and docker-compose to run my services (And many other things). It's a work in progress, and I'm still learning a lot about it. If you have any questions or suggestions, feel free to open an issue or a pull request.

Features

• caddy 2 HTTP/S reverse proxy
• Docker / docker-compose
• Wordpress (Via FASTCGI/caddy)
• Jellyfin (Media server)
• Forgejo (Git server, fork of Gitea)
• Uptime Kuma (Monitoring)
• qbittorrent and transmission (Torrent client/server)
• SyncThing (File synchronization)
• PsiTransfer, ProjectSend, Picoshare (File sharing)
• it-tools and omni-tools (Tools for IT)
• Open-WebUI (Local chatGPT)
• Privatebin (Pastebin)
• Satisfactory
• 7 days to die
• minecraft

Architecture

Screenshots

The homepage is a dashboard with many widgets and services.

Installation and configuration

Requirements

• Docker
• Docker Compose
• Git
• Web domain (I use OVH)
• Open port 80, 443, 22, 2222 and 5555 on your router
• For games server, you need to open these ports (7777, 25565, 26900, 26901, 26903)

List of ports used by the services in this infrastructure:

Port number	Service	Description
80	Caddy	HTTP traffic
443	Caddy	HTTPS traffic
22	Forgejo	Git/SSH access
2222	OpenSSH	Global SSH access
7777	Satisfactory	Game server port
25565	Minecraft	Game server port
26900	7 Days to Die	Game server port
26901	7 Days to Die	Game server port
26903	7 Days to Die	Game server port

To avoid get rate limit from letsencrypt (10 certificates per 3 hours), you need to disable some certificates in the caddyfiles and enable them 3h later...

Clone

Clone this repository to your local machine using:

git clone --recurse-submodules --remote-submodules https://github.com/bensuperpc/infrastructure.git

Go to the folder

cd infrastructure

Change services you want to enable in the Makefile file, by default all services are enabled (games servers included).

Configure the domain

For all bensuperpc.org, you need to replace it with your domain, example: mydomain.com, so the same for bensuperpc.com ect...

find . \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/bensuperpc.org/mydomain.com/g'

Check if all bensuperpc.* are replaced by your domain in Caddyfile

And then, caddy will generate the certificate for you and renew it automatically :D

Domain name	Type	Description
bensuperpc.org	Main	Redirect to www.bensuperpc.org
www.bensuperpc.org	Main	Homepage
open-webui.bensuperpc.org	Sub	For local chatGPT
wordpress.bensuperpc.org	Sub	Wordpress website
uptimekuma.bensuperpc.org	Sub	Uptime Kuma for monitoring
qbittorrent.bensuperpc.org	Sub	Torrent client/server
transmission.bensuperpc.org	Sub	Torrent client/server
forgejo.bensuperpc.org	Sub	Fork of Gitea for git
git.bensuperpc.org	Sub	Fork of Gitea for git
link.bensuperpc.org	Sub	For link shortener
jellyfin.bensuperpc.org	Sub	Jellyfin for media server
syncthing.bensuperpc.org	Sub	SyncThing for file synchronization
psitransfer.bensuperpc.org	Sub	PsiTransfer for file sharing
it-tools.bensuperpc.org	Sub	Tools for IT
omni-tools.bensuperpc.org	Sub	Tools for IT
privatebin.bensuperpc.org	Sub	Pastebin
projectsend.bensuperpc.org	Sub	ProjectSend for file sharing
picoshare.bensuperpc.org	Sub	Picoshare for file sharing
dufs.bensuperpc.org	Sub	Dufs for file sharing
memos.bensuperpc.org	Sub	Caddy for file sharing
stirlingpdf.bensuperpc.org	Sub	Stirling PDF tools

Configure the infrastructure

You need to configure the infrastructure with your own configuration.

You can generate a password with 32 characters:

openssl rand -base64 32

Or online: passwordsgenerator.net

Caddy

For caddy_backup.env file, you need to change the password(s) for the restic backup.

RESTIC_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ

Wordpress

For the wordpress.env file, you need to change the password and user for the database.

WORDPRESS_DB_USER=bensuperpc
WORDPRESS_DB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw

For wordpress_db.env file, you need to change the password(s) and user for the database.

MARIADB_ROOT_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=lEOEf8cndnDjp84O4Uv5D9zJLJDFatLw

For wordpress_backup.env file, you need to change the password(s) for the restic backup.

RESTIC_PASSWORD=7L1Ncbquax0B2TCOmrjaQl9n5mnY88bQ

PsiTransfer

For psitransfer.env file, you need to change the secret key.

PSITRANSFER_ADMIN_PASS=n9jLVNT9QUotTJTT91JqH4GyBTg9pvEn

For projectsend_db.env file, you need to change the password(s) and user for the database.

MARIADB_ROOT_PASSWORD=8O34297GrBfT3Ld34Lfg9mpotmZwbJtt
MARIADB_USER=bensuperpc
MARIADB_PASSWORD=wdSUa1JEZhXie5AJ5NcX1w73xmpO12EY

Picoshare

For picoshare.env file, you need to change the secret key.

PS_SHARED_SECRET=CBuS4DJLqIe93xF1KGYRrnhxUFBqLD2n

Dufs

For dufs.env file, you need to change the secret key and if you want the user name.

DUFS_AUTH="admin:heqihlOfBmJDESGFlpbPi7P7Mi6F7RkV@/:rw|@/:ro"

Stirling PDF

For stirlingpdf.env file, it's completly optional, you can change the password(s) and user.

# Enable security, optional
DOCKER_ENABLE_SECURITY=true
SECURITY_ENABLE_LOGIN=true
# Can be disabled after initial login, optional,
# default it admin:stirling
SECURITY_INITIALLOGIN_USERNAME=admin
SECURITY_INITIALLOGIN_PASSWORD=Jw9U039f5xc2mFcacvGvPD9RjwIh4DzO

OpenSSH

You can need to add/change the public ssh key id_ed25519.pub (its my public key), also change the config/password in openssh.env:

SUDO_ACCESS=true
#PUBLIC_KEY_URL=https://github.com/bensuperpc.keys
PUBLIC_KEY_DIR=/authorized_ssh_keys
USER_PASSWORD=rdUwf36C11PLmpU9Lvq7tP5pfFBKAuCh

#PUBLIC_KEY=yourpublickey
#PUBLIC_KEY_FILE=/path/to/file
#PUBLIC_KEY_DIR=/path/to/directory/containing/_only_/pubkeys
#USER_PASSWORD_FILE=/path/to/file

Open-WebUI

For open-webui.env file, entirely optional.

To download the model, you can use:

docker exec -it ollama ollama run deepseek-r1:8b

Start the infrastructure

Start the website with:

make start-at

Stop the website with (or CTRL+C with the previous command):

make stop

Remove countainers with:

make down

You can disable some services by removing the service name in PROFILES variable in the Makefile file.

To enable the gitea CI: how-to-build-docker-containers-using-gitea-runners

Homepage

You can change the homepage config in these files:

• bookmarks.yaml
• services.yaml
• settings.yaml
• widgets.yaml

Forgejo

For Forgejo installation, you must change the password(s) and user in forgejo_db.env file and forgejo.env file.

Once the installation is complete, you need to set the installation lock:

FORGEJO__security__INSTALL_LOCK=true

Forgejo Runner

docker exec -it forgejo_runner /bin/bash

forgejo-runner generate-config > /data/config.yml

Now update the config.yml file to support docker-in-docker:

  envs:
    DOCKER_TLS_VERIFY: 1
    DOCKER_CERT_PATH: /certs/client
    DOCKER_HOST: tcp://docker:2376
  labels: ["ubuntu-latest:docker://node:20-bookworm", "ubuntu-22.04:docker://node:20-bookworm"]
  network: host
  options: -v /certs/client:/certs/client
  valid_volumes:
     - /certs/client

Register the runner with your Forgejo instance:

forgejo-runner register

You will need to provide the following information:

https://forgejo.bensuperpc.org/
<Your Registration Token, in https://forgejo.bensuperpc.org/admin/actions/runners>
ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
main

Docker volumes

This infrastructure uses docker volumes to store data, all configuration/data for each service are not shared between services for security and maintenance reasons, but public_data and private_data are shared between all services to store your data.

Volume name	Description
public_data	Public data reachable on internet via dufs.bensuperpc.org, can be disabled.
private_data	Private data

SSH access

The default port for ssh/rsync is is 2222.

You can access to the server with:

ssh -p 2222 admin@bensuperpc.org

Sources

• Wordpress
• Gnu Make
• Github API
• Github Actions
• Docker
• Docker Compose
• Docker Hub
• How To Start WordPress with Caddy using Docker Compose
• Digital Ocean - How To Install WordPress with Docker Compose (nginx)
• Imagisphe
• Letsencrypt
• Caddy
• Adminer
• Uptime Kuma
• qbittorrent
• Transmission
• Gitea
• Jellyfin
• SyncThing
• PsiTransfer
• It-tools
• Omni-tools
• Privatebin
• ghost
• Homepage Tuto
• ProjectSend
• Picoshare
• Dufs
• demos
• Stirling PDF
• open-webui
• Fix docker volume
• Forgejo-runner
• Forgejo-runner
• Forgejo

License

License