mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
Alex Palaistras
b31beff6f1
Navidrome is a Subsonic/Airsonic-compatible music server with a built-in web interface, and can be used as a quasi-self-hosted-Spotify-alternative. By default, music files are read from an empty `navidrome-music` volume, which is expected to be populated via whatever external means are available to the server. The workflow here might be improved in the future.
189 lines
7.5 KiB
Plaintext
189 lines
7.5 KiB
Plaintext
variant: fcos
|
|
version: 1.3.0
|
|
ignition:
|
|
config:
|
|
merge:
|
|
- local: common/common.ign
|
|
- local: common/logging.ign
|
|
- local: service/redis/spec.ign
|
|
- local: service/mariadb/spec.ign
|
|
- local: service/nginx/spec.ign
|
|
- local: service/letsencrypt/spec.ign
|
|
- local: service/git/spec.ign
|
|
- local: service/dovecot/spec.ign
|
|
- local: service/postfix/spec.ign
|
|
- local: service/rspamd/spec.ign
|
|
- local: service/prosody/spec.ign
|
|
- local: service/biboumi/spec.ign
|
|
- local: service/radicale/spec.ign
|
|
- local: service/spectrum/spec.ign
|
|
- local: service/rss2email/spec.ign
|
|
- local: service/navidrome/spec.ign
|
|
|
|
passwd:
|
|
users:
|
|
- name: core
|
|
# Add SSH keys here if wanted.
|
|
# ssh_authorized_keys:
|
|
# - ecdsa-sha2-nistp521 AAAAE2VjZH...
|
|
|
|
systemd:
|
|
units:
|
|
# Enable auto-login for 'core' user.
|
|
- name: serial-getty@ttyS0.service
|
|
dropins:
|
|
- name: autologin-core.conf
|
|
contents: |
|
|
[Service]
|
|
ExecStart=
|
|
ExecStart=-/usr/sbin/agetty --autologin core --noclear %I $TERM
|
|
TTYVTDisallocate=no
|
|
|
|
# Don't auto-update our CoreOS configuration.
|
|
- name: coreos-home-server-update.timer
|
|
mask: true
|
|
|
|
# Enable default web services.
|
|
- name: container-build@static.localhost.service
|
|
enabled: true
|
|
dropins:
|
|
- name: wait-for-nginx.conf
|
|
contents: |
|
|
[Unit]
|
|
After=container-build@nginx.service
|
|
|
|
- name: nginx-serve-static@static.localhost.service
|
|
enabled: true
|
|
- name: nginx-proxy-http@static.localhost.service
|
|
enabled: true
|
|
dropins:
|
|
- name: use-localhost-cert.conf
|
|
contents: |
|
|
[Service]
|
|
Environment=SSL_CERT_NAME=localhost
|
|
|
|
- name: nginx-serve-php@php.localhost.service
|
|
enabled: true
|
|
- name: nginx-proxy-http@php.localhost.service
|
|
enabled: true
|
|
dropins:
|
|
- name: use-localhost-cert.conf
|
|
contents: |
|
|
[Service]
|
|
Environment=SSL_CERT_NAME=localhost
|
|
|
|
- name: letsencrypt-dns-register@localhost.service
|
|
enabled: true
|
|
dropins:
|
|
- name: use-local-files.conf
|
|
contents: |
|
|
[Service]
|
|
ExecStart=
|
|
ExecStart=/bin/podman create --replace --pull never --name letsencrypt-register-%i \
|
|
--volume letsencrypt:/var/lib/letsencrypt:z \
|
|
--entrypoint true localhost/letsencrypt:latest
|
|
ExecStartPost=/bin/podman init letsencrypt-register-%i
|
|
ExecStartPost=/bin/podman cp /etc/ssl/private/certificates/ letsencrypt-register-%i:/var/lib/letsencrypt
|
|
ExecStartPost=/bin/podman rm letsencrypt-register-%i
|
|
|
|
storage:
|
|
files:
|
|
# Hostname for virtual host.
|
|
- path: /etc/hostname
|
|
mode: 0644
|
|
contents:
|
|
inline: core-virtual
|
|
|
|
# Load host-wide environment into default location.
|
|
- path: /etc/coreos-home-server/host.env
|
|
mode: 0600
|
|
contents:
|
|
local: virtual.env
|
|
|
|
# Tell systemd to not use a pager when printing information
|
|
- path: /etc/profile.d/systemd-pager.sh
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
export SYSTEMD_PAGER=cat
|
|
|
|
# Example sites for static and PHP setups.
|
|
- path: /etc/coreos-home-server/static.localhost/Containerfile
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
FROM localhost/nginx:latest
|
|
RUN /bin/echo "Hello Static World!" > /srv/index.html
|
|
|
|
- path: /etc/coreos-home-server/php.localhost/Containerfile
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
FROM docker.io/php:7.4-fpm
|
|
RUN /bin/echo "<?php phpinfo();" > /srv/index.php
|
|
VOLUME /data /srv
|
|
|
|
- path: /etc/coreos-home-server/php.localhost/php.localhost.env
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
TEST_ENV=foobar
|
|
|
|
# Include pre-generated certificates for localhost domain, as we're not using Let's Encrypt in
|
|
# generating certificates for the virtual host.
|
|
- path: /etc/ssl/private/certificates/localhost.crt
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDLDCCAhSgAwIBAgIUGK5JYBMiDt7vXwpH6kXHyZGAfoAwDQYJKoZIhvcNAQEL
|
|
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDkyNjEzMDEwNloXDTMxMDky
|
|
NDEzMDEwNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
|
|
AAOCAQ8AMIIBCgKCAQEAuluuMpM6uSnACG7M2eW3BLgsJvj/xxvIPovJJOqkUZw/
|
|
4PTgmLCQD2/I79b7/IroJ2k0tr5t74IDYzrHDmSlQ5DrMdN9aseJRLwYl3xZJQIQ
|
|
gf8kxtjRg/9Kkfsku4TNDRm0ncF1HG/X5w//Aro+KsPzOcTR+adWQMFuS1DRsLXy
|
|
osdY/SZyzkOYye6+4ZKak8hUYr+wICgn+v6zVKr+Ly47XZ4m9MY6apCqo3COvOvV
|
|
vQMLi6+mocdCOCDgDSDPCt39X7ulZqnt27+BgLLoAeJ3xXxDzhkV8g7jKzMI9yPi
|
|
MhPQSRwfANpnJxUSJlHbQ+t5dgygD3ZEwP9nJBJpZQIDAQABo3YwdDAdBgNVHQ4E
|
|
FgQUKK6wT0EmwhIC+jxDhapX4yeXClswHwYDVR0jBBgwFoAUKK6wT0EmwhIC+jxD
|
|
hapX4yeXClswDwYDVR0TAQH/BAUwAwEB/zAhBgNVHREEGjAYgglsb2NhbGhvc3SC
|
|
CyoubG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQAp8H+pK93S1ZTKzEw3kHHG
|
|
feoP2yjAkGaPM9R/pIDVmf5vz8Q6i6bVhkjZTygdn+8JfWOEtzDFzy/x/pfpmmwv
|
|
kEGCXN9ng/xJeV/OvW1zc+I31uaFS3JyrmfOoOENhLFe9obf439PFgb7zk1AptCh
|
|
R8290tSQ13f5/lbUT0h3jfzCv9hblIV0T/2uIicyOONsWBCOg0JV93YrwOdRjMAx
|
|
D2VKHadJ4I7seMAgANBFG4NQEUIUlUxGwUc6tZ3pr93dFWkfE+IxE6YBg5Xkuux4
|
|
eAu/TcqROsjnQwQ9Qw4d2FA1C27JIvS6ysOJxJQmVtpZUdfK2hVoeKJvMPnkENOp
|
|
-----END CERTIFICATE-----
|
|
- path: /etc/ssl/private/certificates/localhost.key
|
|
mode: 0644
|
|
contents:
|
|
inline: |
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC6W64ykzq5KcAI
|
|
bszZ5bcEuCwm+P/HG8g+i8kk6qRRnD/g9OCYsJAPb8jv1vv8iugnaTS2vm3vggNj
|
|
OscOZKVDkOsx031qx4lEvBiXfFklAhCB/yTG2NGD/0qR+yS7hM0NGbSdwXUcb9fn
|
|
D/8Cuj4qw/M5xNH5p1ZAwW5LUNGwtfKix1j9JnLOQ5jJ7r7hkpqTyFRiv7AgKCf6
|
|
/rNUqv4vLjtdnib0xjpqkKqjcI6869W9AwuLr6ahx0I4IOANIM8K3f1fu6Vmqe3b
|
|
v4GAsugB4nfFfEPOGRXyDuMrMwj3I+IyE9BJHB8A2mcnFRImUdtD63l2DKAPdkTA
|
|
/2ckEmllAgMBAAECggEBAKsd3eEgoY4+EM9tdfoqXRgfSKNsheg80WzlDAgy0DkD
|
|
oQAdulFZ5p3WBgp8PBtTLQJrLvUR/H4swpGN+hN0RO+6lMvGp2Wx3JBZqrcGfhBm
|
|
SeQj9JAFrLRoaP+MPNlWgrYhwWANsEwxQm0vmffWLZk1HhQQbsGvbpq9Qloz1qdL
|
|
hx7ub5S69vzCxOaGjqJRlqdHvk90U34w6uM1qBOZ2phxOtsB14Gt3+YDs6khSqAv
|
|
m2/0+Ac6nHKq9TxanrNRS8ZMBpEoiYMoc5F0uY+y876baNKCAeyfLuKd3tePJTvt
|
|
lko0uGNbyWzqk/z/hjsqVeD50IONUMN/pkUEX0xQ10ECgYEA8vl2rDg1kcZJLSBy
|
|
neIySYau7r/tq9VEMRKCDPYwrEWf5jdQxQvIuIwre1E79LjCqgzQe3yQCGduC4bS
|
|
LVaFX2hv3oncLMYQ3BP1p+YNqojZOQUFJcfALslr8W+iMH8E8JGnOjwAJMYXtPIQ
|
|
830HwiQfidVVx8ExEZMVlJ0nMJECgYEAxFk5ie+WDPKUvo1hVw0H7/xMSm8xp181
|
|
7aAIYR+qg5c0ncQx8yF1McXO42YK6Y2uw6jyX1cP6crpANJHBgAsczSW9v2X2sM6
|
|
AhQw8KE7oCLbBbaFGC962UHTf7Hq4oV5rdI386DxgELRXEetPcBvBhB+8WVcjMqt
|
|
Cz0mHVhzVZUCgYEAhnUsifN1GZ18Iz/gjaR+JZgluDN35+5WFT3jwB6BIuRIr1KP
|
|
HOv/gLj42v5CSpPwDcCXoq502mG6USCjsLk/h2O4/JKXyCM3c0KMYAR8LZIbe2Ve
|
|
yuB2Zq3KUUpwm5u+9Q31V9GaVr9UoSqP3N6k63eoCFOJa8hqSgp2F867wDECgYBP
|
|
OR0RPb1SbhJ8LDlpUVWxjCAQLHthZ/YvcdHPtmIrhDfzrDTnP8m0knaepA6lG8i3
|
|
I5TfyRYfpAKNlUqY7jsBJOgAsmOyHfFq41C31qZjP40V6gYbsxSjUn8O1+/JBEgL
|
|
TXXL9FVdBhjJXhZVgy6IyOEfb2F/YUue7EZTstueXQKBgQCfOaEUfal/OTQuXQJv
|
|
EWNsF22liJb4eVRnWNpFeivJSB/FmIJT+iC+wtZlhcaImF3JlimaB1mpwfrTubVX
|
|
/jRFWp956tGRs/ydXm91SGBclY2z4B4dd8PPxCT4iYsJizx9uFBShrXsc1+fgEZu
|
|
r+W+05piqLykrqRCuB0X4Dlx+A==
|
|
-----END PRIVATE KEY-----
|