From 09c1f39a6220091b2ab6f1b3accf37922b77db58 Mon Sep 17 00:00:00 2001 From: Jeff Clement Date: Tue, 12 Nov 2024 10:30:51 -0700 Subject: [PATCH] adding xen orchestra --- xen_orchestra_tailscale/.env | 6 +++ xen_orchestra_tailscale/README.md | 9 +++++ xen_orchestra_tailscale/docker-compose.yml | 47 ++++++++++++++++++++++ xen_orchestra_tailscale/ts-serve.json | 16 ++++++++ 4 files changed, 78 insertions(+) create mode 100644 xen_orchestra_tailscale/.env create mode 100644 xen_orchestra_tailscale/README.md create mode 100644 xen_orchestra_tailscale/docker-compose.yml create mode 100644 xen_orchestra_tailscale/ts-serve.json diff --git a/xen_orchestra_tailscale/.env b/xen_orchestra_tailscale/.env new file mode 100644 index 0000000..6bfc806 --- /dev/null +++ b/xen_orchestra_tailscale/.env @@ -0,0 +1,6 @@ +# Tailscale authorization key +TS_AUTHKEY=tskey-auth- + +# Tailscale tailnet node name +TAILNET_NAME=orchestra +TAILNET_SUFFIX=?????.ts.net \ No newline at end of file diff --git a/xen_orchestra_tailscale/README.md b/xen_orchestra_tailscale/README.md new file mode 100644 index 0000000..16ef4ac --- /dev/null +++ b/xen_orchestra_tailscale/README.md @@ -0,0 +1,9 @@ +# Xen Orchestra server on Tailnet + +This configuration gets a Xen Orchestra server running under Docker and exposed on your Tailnet. Just the think for managing your homelab XCP-ng servers. + +Only changes needed are updating Tailscale configuration in `/.env`. + +Initial login is `admin@admin.net` with the password `admin`. + +Make sure to hit `https://orchestra.????.ts.net` since this isn't configured to listen on port 80. \ No newline at end of file diff --git a/xen_orchestra_tailscale/docker-compose.yml b/xen_orchestra_tailscale/docker-compose.yml new file mode 100644 index 0000000..1316097 --- /dev/null +++ b/xen_orchestra_tailscale/docker-compose.yml @@ -0,0 +1,47 @@ +services: + tailscale: + hostname: ${TAILNET_NAME} + image: tailscale/tailscale + volumes: + - ./data/tailscale:/var/lib/tailscale + - ./ts-serve.json:/config/ts-serve.json:ro + - /dev/net/tun:/dev/net/tun + cap_add: + - net_admin + - sys_module + environment: + TS_AUTHKEY: ${TS_AUTHKEY} + TS_SERVE_CONFIG: /config/ts-serve.json + TS_AUTH_ONCE: true + TS_STATE_DIR: /var/lib/tailscale + TS_HOST: ${TAILNET_NAME} + restart: unless-stopped + + server: + restart: always + image: ronivay/xen-orchestra:latest + stop_grace_period: 1m + environment: + - HTTP_PORT=80 + # capabilities are needed for NFS/SMB mount + cap_add: + - SYS_ADMIN + - DAC_READ_SEARCH + # additional setting required for apparmor enabled systems. also needed for NFS mount + security_opt: + - apparmor:unconfined + volumes: + - ./data/xo-data:/var/lib/xo-server + - ./data/redis-data:/var/lib/redis + # logging + logging: &default_logging + driver: "json-file" + options: + max-size: "1M" + max-file: "2" + # these are needed for file restore. allows one backup to be mounted at once which will be umounted after some minutes if not used (prevents other backups to be mounted during that) + # add loop devices (loop1, loop2 etc) if multiple simultaneous mounts needed. + devices: + - "/dev/fuse:/dev/fuse" + - "/dev/loop-control:/dev/loop-control" + - "/dev/loop0:/dev/loop0" \ No newline at end of file diff --git a/xen_orchestra_tailscale/ts-serve.json b/xen_orchestra_tailscale/ts-serve.json new file mode 100644 index 0000000..814245f --- /dev/null +++ b/xen_orchestra_tailscale/ts-serve.json @@ -0,0 +1,16 @@ +{ + "TCP": { + "443": { + "HTTPS": true + } + }, + "Web": { + "${TS_CERT_DOMAIN}:443": { + "Handlers": { + "/": { + "Proxy": "http://server:80" + } + } + } + } +} \ No newline at end of file