adding xen orchestra

xen_orchestra_tailscale/.env

@@ -0,0 +1,6 @@
+# Tailscale authorization key
+TS_AUTHKEY=tskey-auth-
+
+# Tailscale tailnet node name
+TAILNET_NAME=orchestra
+TAILNET_SUFFIX=?????.ts.net

xen_orchestra_tailscale/README.md

@@ -0,0 +1,9 @@
+# Xen Orchestra server on Tailnet
+
+This  configuration gets a Xen Orchestra server running under Docker and exposed on your Tailnet.  Just the think for managing your homelab XCP-ng servers.
+
+Only changes needed are updating Tailscale configuration in `/.env`.
+
+Initial login is `admin@admin.net` with the password `admin`.
+
+Make sure to hit `https://orchestra.????.ts.net` since this isn't configured to listen on port 80.

xen_orchestra_tailscale/docker-compose.yml

@@ -0,0 +1,47 @@
+services:
+    tailscale:
+      hostname: ${TAILNET_NAME}
+      image: tailscale/tailscale
+      volumes:
+        - ./data/tailscale:/var/lib/tailscale
+        - ./ts-serve.json:/config/ts-serve.json:ro
+        - /dev/net/tun:/dev/net/tun
+      cap_add:
+        - net_admin
+        - sys_module
+      environment:
+        TS_AUTHKEY: ${TS_AUTHKEY}
+        TS_SERVE_CONFIG: /config/ts-serve.json
+        TS_AUTH_ONCE: true
+        TS_STATE_DIR: /var/lib/tailscale
+        TS_HOST: ${TAILNET_NAME}
+      restart: unless-stopped
+
+    server:
+        restart: always
+        image: ronivay/xen-orchestra:latest
+        stop_grace_period: 1m
+        environment:
+            - HTTP_PORT=80
+        # capabilities are needed for NFS/SMB mount
+        cap_add:
+          - SYS_ADMIN
+          - DAC_READ_SEARCH
+        # additional setting required for apparmor enabled systems. also needed for NFS mount
+        security_opt:
+          - apparmor:unconfined
+        volumes:
+          - ./data/xo-data:/var/lib/xo-server
+          - ./data/redis-data:/var/lib/redis
+        # logging
+        logging: &default_logging
+            driver: "json-file"
+            options:
+                max-size: "1M"
+                max-file: "2"
+        # these are needed for file restore. allows one backup to be mounted at once which will be umounted after some minutes if not used (prevents other backups to be mounted during that)
+        # add loop devices (loop1, loop2 etc) if multiple simultaneous mounts needed.
+        devices:
+          - "/dev/fuse:/dev/fuse"
+          - "/dev/loop-control:/dev/loop-control"
+          - "/dev/loop0:/dev/loop0"

xen_orchestra_tailscale/ts-serve.json

@@ -0,0 +1,16 @@
+{
+    "TCP": {
+        "443": {
+            "HTTPS": true
+        }
+    },
+    "Web": {
+        "${TS_CERT_DOMAIN}:443": {
+            "Handlers": {
+                "/": {
+                    "Proxy": "http://server:80"
+                }
+            }
+        }
+    }
+}