dragonlock2/matthewtran.com
1
0
Fork 0
mirror of https://github.com/dragonlock2/matthewtran.com.git synced 2025-10-11 20:17:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

(wip) nas container

Browse Source
This commit is contained in:
Matthew Tran 2025-02-20 03:00:55 -08:00
parent e7b4e8aa46
commit 077178cbe0
8 changed files with 74 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -22,8 +22,9 @@ minecraft_bedrock/worlds*
terraria/worlds terraria/worlds
terraria/password.txt terraria/password.txt
# wireguard # nas
wireguard/*.conf nas/mount.json
nas/user.json
# backup # backup
data.zip data.zip

7
README.md
View File

@ -10,6 +10,7 @@ Services deployed on [matthewtran.com](https://matthewtran.com).
- minecraft - minecraft
- minecraft bedrock - minecraft bedrock
- terraria - terraria
- nas (LAN only)
## setup ## setup
@ -25,8 +26,8 @@ Services deployed on [matthewtran.com](https://matthewtran.com).
5. Configure, build, and start services. 5. Configure, build, and start services.
- Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys). - Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys).
- Create `terraria/password.txt` if needed. - Create `terraria/password.txt` if needed.
- Restore backups if needed.
- `scripts/setup_repo.py` - `scripts/setup_repo.py`
- Restore backups if needed. Make sure to set correct ownership. For example, `chown -R 2000:2000 website/gitea`.
- `docker compose build` - `docker compose build`
- `docker compose up -d` - `docker compose up -d`
6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere. 6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere.
@ -34,9 +35,9 @@ Services deployed on [matthewtran.com](https://matthewtran.com).
7. Optionally, run `scripts/setup_peer.py <name>` for each WireGuard client. 7. Optionally, run `scripts/setup_peer.py <name>` for each WireGuard client.
8. Optionally, add the following DNS entries at the registrar. 8. Optionally, add the following DNS entries at the registrar.
| hosts | type | data | | hosts | type | data |
| ----------------------- | ------ | ------------------------------------- | | ----------------------- | ------ | ------------------------ |
| `@`, `git`, `wg`, `www` | `A` | `<public IPv4>` | | `@`, `git`, `wg`, `www` | `A` | `<public IPv4>` |
| `@`, `git`, `www` | `AAAA` | `<delegated prefix>::<server suffix>` | | `@`, `git`, `www` | `AAAA` | `<delegated prefix>::69` |
| `wg` | `AAAA` | `<delegated prefix>::1` | | `wg` | `AAAA` | `<delegated prefix>::1` |
## backup ## backup

10
compose.yml
View File

@ -121,3 +121,13 @@ services:
- ./terraria/worlds:/home/me/worlds - ./terraria/worlds:/home/me/worlds
cap_drop: cap_drop:
- ALL - ALL
nas:
restart: always
build: nas/.
entrypoint: ["/bin/sh", "/home/me/entry.sh"]
ports:
- "445:8445"
networks:
- nas
cap_drop:
- ALL

16
nas/Dockerfile Normal file
View File

@ -0,0 +1,16 @@
FROM ubuntu:24.04
ENV TZ=America/Los_Angeles
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y samba
RUN groupadd -g 2003 me && useradd -u 2003 -g 2003 -m me
USER me
WORKDIR /home/me
# TODO copy config files
RUN mkdir share samba samba/log samba/lock samba/state samba/cache samba/pid samba/private samba/ncalrpc
COPY --chown=me:me smb.conf ./
COPY --chown=me:me entry.sh ./

4
nas/entry.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
# TODO sigterm?
smbd -s smb.conf -l=/home/me/samba/log --foreground --no-process-group

24
nas/smb.conf Normal file
View File

@ -0,0 +1,24 @@
[global]
workgroup = WORKGROUP
min protocol = SMB3
smb ports = 8445
lock directory = /home/me/samba/lock
state directory = /home/me/samba/state
cache directory = /home/me/samba/cache
pid directory = /home/me/samba/pid
private dir = /home/me/samba/private
ncalrpc dir = /home/me/samba/ncalrpc
browseable = yes
writable = yes
create mask = 0660
directory mask = 0770
force user = me
force group = me
# TODO auth + encrypt
guest ok = yes
[share]
path = /home/me/share

10
scripts/backup.py
View File

@ -1,13 +1,15 @@
#!/usr/bin/env python3 #!/usr/bin/sudo /usr/bin/python3
import os
import shutil
import subprocess import subprocess
if __name__ == "__main__": if __name__ == "__main__":
subprocess.run(["zip", "-FS", "-r", "data.zip", out = "data.zip"
subprocess.run(["zip", "-FS", "-r", out,
"minecraft/worlds", "minecraft/worlds",
"minecraft_bedrock/worlds", "minecraft_bedrock/worlds",
"terraria/worlds", "terraria/worlds",
"terraria/password.txt",
"website/gitea", "website/gitea",
"website/sendgrid.key",
], check=True) ], check=True)
shutil.chown(out, os.getlogin(), os.getlogin())

5
scripts/setup_repo.py
View File

@ -4,7 +4,7 @@ import shutil
from pathlib import Path from pathlib import Path
if __name__ == "__main__": if __name__ == "__main__":
# create folders in group "web" so containers have access # create folders so containers have access
PATHS = { PATHS = {
"web": [ "web": [
"website/certbot", "website/certbot",
@ -25,3 +25,6 @@ if __name__ == "__main__":
for p in PATHS[group]: for p in PATHS[group]:
Path(p).mkdir(parents=True, exist_ok=True) Path(p).mkdir(parents=True, exist_ok=True)
shutil.chown(p, group=group) shutil.chown(p, group=group)
# TODO generate volumes to mount
# TODO generate users