From 5dee3a26887c8a9f6136f430b626376ea1106e27 Mon Sep 17 00:00:00 2001 From: Snarf Date: Thu, 11 Jun 2026 23:54:44 -0400 Subject: [PATCH] Updated eployments --- docker-deployments/gotify.yml | 20 +++++++++++++ docker-deployments/heimdall.yml | 20 +++++++++++++ docker-deployments/homebox.yml | 17 +++++++++++ docker-deployments/meshcentral.yml | 47 ++++++++++++++++++++++++++++++ docker-deployments/nginxproxy.yml | 12 ++++---- docker-deployments/peanut.yml | 17 +++++++++++ docker-deployments/pihole.yml | 37 +++++++++++++++++++++++ docker-deployments/watchtower.yml | 6 ++++ scripts/setup_storage_cluster.sh | 14 ++++++--- 9 files changed, 180 insertions(+), 10 deletions(-) create mode 100644 docker-deployments/gotify.yml create mode 100644 docker-deployments/heimdall.yml create mode 100644 docker-deployments/homebox.yml create mode 100644 docker-deployments/meshcentral.yml create mode 100644 docker-deployments/peanut.yml create mode 100644 docker-deployments/pihole.yml create mode 100644 docker-deployments/watchtower.yml diff --git a/docker-deployments/gotify.yml b/docker-deployments/gotify.yml new file mode 100644 index 0000000..46e6061 --- /dev/null +++ b/docker-deployments/gotify.yml @@ -0,0 +1,20 @@ +services: + gotify: + image: gotify/server + container_name: gotify + restart: always + ports: + - "8090:80" + environment: + - GOTIFY_SERVER_PORT=80 + - TZ=America/New_York + volumes: + - gotify_data:/app/data + +volumes: + gotify_data: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/gotify/ \ No newline at end of file diff --git a/docker-deployments/heimdall.yml b/docker-deployments/heimdall.yml new file mode 100644 index 0000000..43d2f0d --- /dev/null +++ b/docker-deployments/heimdall.yml @@ -0,0 +1,20 @@ +services: + heimdall: + image: lscr.io/linuxserver/heimdall:latest + ports: + - "85:80" + - "403:443" + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/New_York + volumes: + - heimdall_config:/config + +volumes: + heimdall_config: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/heimdall/ \ No newline at end of file diff --git a/docker-deployments/homebox.yml b/docker-deployments/homebox.yml new file mode 100644 index 0000000..7c0180b --- /dev/null +++ b/docker-deployments/homebox.yml @@ -0,0 +1,17 @@ +services: + homebox: + image: ghcr.io/hay-kot/homebox:latest + ports: + - "3100:7745" + environment: + - TZ=America/New_York + volumes: + - homebox_data:/data + +volumes: + homebox_data: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/homebox_homebox_data/_data \ No newline at end of file diff --git a/docker-deployments/meshcentral.yml b/docker-deployments/meshcentral.yml new file mode 100644 index 0000000..c76b0ae --- /dev/null +++ b/docker-deployments/meshcentral.yml @@ -0,0 +1,47 @@ +services: + meshcentral: + restart: always + container_name: meshcentral + image: typhonragewind/meshcentral:latest + ports: + - 8086:443 #MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs + environment: + - HOSTNAME=mesh.snarfnet.net #your hostname + - REVERSE_PROXY=140.44.4.30 #set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy + - REVERSE_PROXY_TLS_PORT=443 + - IFRAME=false #set to true if you wish to enable iframe support + - ALLOW_NEW_ACCOUNTS=true #set to false if you want disable self-service creation of new accounts besides the first (admin) + - WEBRTC=false #set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution + - BACKUPS_PW=MyAwesomePasswordPleaseChangeMe #password for the autobackup function + - BACKUP_INTERVAL=24 # Interval in hours for the autobackup function + - BACKUP_KEEP_DAYS=10 #number of days of backups the function keeps + volumes: + - meshcentral-data:/opt/meshcentral/meshcentral-data + - meshcentral-files:/opt/meshcentral/meshcentral-files + - meshcentral-web:/opt/meshcentral/meshcentral-web + - meshcentral-backups:/opt/meshcentral/meshcentral-backups +volumes: + meshcentral-data: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-data/_data + meshcentral-files: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-files/_data + meshcentral-web: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-web/_data + meshcentral-backups: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/meshcentral_meshcentral-backups/_data \ No newline at end of file diff --git a/docker-deployments/nginxproxy.yml b/docker-deployments/nginxproxy.yml index c80ba11..1d9e2e8 100644 --- a/docker-deployments/nginxproxy.yml +++ b/docker-deployments/nginxproxy.yml @@ -24,12 +24,12 @@ volumes: nginx-data: driver: local driver_opts: - type: nfs - o: "addr=14.10.10.71,rw,nfsvers=4" - device: ":/volume1/docker/nginx/data/" + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/nginx-proxy-manager_nginx-data/_data nginx-letsencrypt: driver: local driver_opts: - type: nfs - o: "addr=14.10.10.71,rw,nfsvers=4" - device: ":/volume1/docker/nginx/letsencrypt/" + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/nginx-proxy-manager_nginx-letsencrypt/_data diff --git a/docker-deployments/peanut.yml b/docker-deployments/peanut.yml new file mode 100644 index 0000000..5d3d937 --- /dev/null +++ b/docker-deployments/peanut.yml @@ -0,0 +1,17 @@ +services: + peanut: + image: brandawg93/peanut:latest + ports: + - "8050:8050" + environment: + - TZ=America/New_York + volumes: + - peanut_config:/config + +volumes: + peanut_config: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/peanut/ \ No newline at end of file diff --git a/docker-deployments/pihole.yml b/docker-deployments/pihole.yml new file mode 100644 index 0000000..308a48c --- /dev/null +++ b/docker-deployments/pihole.yml @@ -0,0 +1,37 @@ +services: + pihole-unbound: + image: mpgirro/pihole-unbound:latest + hostname: ${HOSTNAME} + ports: + - 447:443/tcp + - 53:53/tcp + - 53:53/udp + - ${PIHOLE_WEBPORT:-88}:${PIHOLE_WEBPORT:-80}/tcp #Allows use of different port to access pihole web interface when other docker containers use port 80 + - 5335:5335/tcp # Uncomment to enable unbound access on local server + # - 22/tcp # Uncomment to enable SSH + environment: + - TZ=${TZ:-UTC} + - FTLCONF_webserver_api_password=${WEBPASSWORD} + - FTLCONF_webserver_interface_theme=${WEBTHEME:-default-dark} + - FTLCONF_dns_revServers=${REV_SERVER:-false},${REV_SERVER_CIDR},${REV_SERVER_TARGET},${REV_SERVER_DOMAIN} + - FTLCONF_dns_upstreams=127.0.0.1#5335 + - FTLCONF_dns_dnssec="true" + - FTLCONF_dns_listeningMode=single + - FTLCONF_webserver_port=80 + volumes: + - etc_pihole-unbound:/etc/pihole:rw + - etc_pihole_dnsmasq-unbound:/etc/dnsmasq.d:rw + +volumes: + etc_pihole-unbound: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/pihole/unbound/pihole-dns_etc_pihole_dnsmasq-unbound/ + etc_pihole_dnsmasq-unbound: + driver: local + driver_opts: + type: none + o: bind + device: /mnt/swarm_shared/legacy_volumes/pihole/dnsmasq/pihole-dns_etc_pihole_dnsmasq-unbound/ \ No newline at end of file diff --git a/docker-deployments/watchtower.yml b/docker-deployments/watchtower.yml new file mode 100644 index 0000000..5b57776 --- /dev/null +++ b/docker-deployments/watchtower.yml @@ -0,0 +1,6 @@ +services: + watchtower: + image: nickfedor/watchtower:latest + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock \ No newline at end of file diff --git a/scripts/setup_storage_cluster.sh b/scripts/setup_storage_cluster.sh index 84b43db..f288004 100644 --- a/scripts/setup_storage_cluster.sh +++ b/scripts/setup_storage_cluster.sh @@ -27,7 +27,8 @@ run_remote() { local node=$1 local cmd=$2 echo " [${node}] Running command..." - sshpass -p "$PASS" ssh -o StrictHostKeyChecking=no "$USER@$node" "echo '$PASS' | sudo -S bash -c '$cmd'" + local escaped_cmd="${cmd//\'/\'\\\'\'}" + sshpass -p "$PASS" ssh -o StrictHostKeyChecking=no "$USER@$node" "echo '$PASS' | sudo -S bash -c '$escaped_cmd'" } echo "=== Phase 1: Installing Prerequisites & Creating Directories ===" @@ -81,11 +82,16 @@ for NODE in "${ALL_NODES[@]}"; do sed -i '/nfs_shares/d' /etc/fstab # Add to fstab - echo 'localhost:/swarm_vols /mnt/swarm_shared glusterfs defaults,_netdev 0 0' >> /etc/fstab + # Using primary node IP with backup servers instead of localhost (required for client-only nodes) + echo '140.44.4.71:/swarm_vols /mnt/swarm_shared glusterfs defaults,_netdev,backup-volfile-servers=140.44.4.72:140.44.4.73 0 0' >> /etc/fstab echo '$NFS_SERVER:$NFS_SHARE /mnt/nfs_shares nfs defaults,nfsvers=4,_netdev 0 0' >> /etc/fstab - # Mount them - mount -a + # Reload systemd so it recognizes the fstab changes + systemctl daemon-reload + + # Mount them individually so one failure doesn't halt the other + mount /mnt/swarm_shared + mount /mnt/nfs_shares || echo 'NFS Mount Failed, continuing...' " done