- Contents
- Introduction
- Screenshots
- Prerequisites
- Setup
- Deploy
- Important Notes
- Contributing
- Authors
- License
-
Casadora is a set of terraform and ansible scripts to create and deploy a home server on arm64 machinces of oracle cloud.
-
The choices taken for deploying the services and their settings are opinionated as I wanted to reduce the options and configuration for initial deployment.
-
The services deployed are as follows:
-
The services and their configurations can be changed by editing the
docker-compose.yml
file inside theansible
directory
Heimdall | Traefik |
---|---|
Portainer | AdGuardHome |
Grafana | WG-Easy |
-
- Casadora is setup to be used with cloudflare under default configuration,so a domain which is handled by cloudflare is required.
-
- Make sure that your Oracle Cloud Account can create a 2 OCPU ARM64 instance with 6 GB Ram and 50 GB Storage
-
- Install terraform for your operating system
-
- Install ansible for your operating system
-
-
Execute the following command in terminal
git clone https://github.com/CoolFool/Casadora.git
-
Change directory to Casadora with
cd Casadora
-
-
-
-
- Open terminal
ssh-keygen -t ed25519 -C "your_email@example.com"
This creates a new SSH key, using the provided email as a label.
> Generating public/private algorithm key pair.
-
When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.
> Enter a file in which to save the key (/home/you/.ssh/algorithm): [Press enter]
-
At the prompt, type a secure passphrase. For more information, see "Working with SSH key passphrases."
> Enter passphrase (empty for no passphrase): [Type a passphrase] > Enter same passphrase again: [Type passphrase again]
-
-
Start the ssh-agent in the background.
$ eval "$(ssh-agent -s)"
> Agent pid 59566
-
Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.
$ ssh-add ~/.ssh/id_ed25519
-
-
-
-
Rename
terraform.example.tfvars
toterraform.tfvars
in theterraform
directory. -
Fill the variables with the values obtained from the previous steps
-
The variables are as follows:
-
oci_tenancy_ocid
- From Oracle Cloud API Keyoci_user_ocid
- From Oracle Cloud API Keyoci_private_key_path
- From Oracle Cloud API Keyoci_fingerprint
- From Oracle Cloud API Keyoci_region
- From Oracle Cloud API Keyoci_instance_name
- From Oracle Cloud API Keyoci_ssh_public_key_path
- SSH Public Key Path generated in previous step (Example:/home/coolfool/.ssh/id_ed25519.pub
)
-
cf_api_token
- Cloudflare API Token generated in previous stepscf_domain_name
- Cloudflare managed and API token accessible domain namecf_adguard_record_name
- subdomain to create for adguard (default :adguard
)cf_heimdall_record_name
- subdomain to create for heimdall (default :heimdall
)cf_traefik_record_name
- subdomain to create for traefik (default :traefik
)cf_grafana_record_name
- subdomain to create for grafana (default :grafana
)cf_portainer_record_name
- subdomain to create for portainer (default :portainer
)cf_wireguard_record_name
- subdomain to create for wireguard (default :wireguard
)
-
Ansible services (passwords should be in plaintext cause the required format and hash for respective services is autogenerated)
ansible_ssh_private_key_path
- SSH Private Key Path generated previously (Example:/home/coolfool/.ssh/id_ed25519
)ansible_traefik_username
- Username to be used for traefik dashboardansible_traefik_password
- Password to be used for traefik dashboard in plaintextansible_lets_encrypt_email
- Email address for lets encrypt certificate notficationsansible_adguard_username
- Username to be used for adguardansible_adguard_password
- Password to be used for adguardansible_wireguard_password
- Password to be used for wireguard dashboard
-
-
-
-
-
Ansible playbook is auto-run when terraform creates the resources using the values from
terraform.tfvars
-
To manually run the playbook the following commands should be executed inside the
ansible
directory-
For updating and installing docker & docker-compose
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '<SERVER_IP_ADDR>,' --private-key <PRIVATE_SSH_KEY_PATH> housekeeping.yml
-
For Setting and Starting the services
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '<SERVER_IP_ADDR>,' --private-key <PRIVATE_SSH_KEY_PATH> setup-services.yml
-
-
To create the instance and deploy the services run the following commands inside terraform
directory
terraform init
terraform apply
- For Grafana use the following dashboards:
- Adguard
- Cadvisor
- Node Exporter
- Traefik Metrics
Ofcourse you can use any dashboard which supports the deployed exporters
- If you want to take down the docker services from within the server through ssh use the command
docker-compose --env-file setup.env down
while for starting use the commanddocker-compose --env-file setup.env up --detach
- The
setup.env
file is auto-generated in/home/ubuntu/
with the required values through ansible - For Portainer and Grafana user should be created manually as prompted by the services at first use.
- Services should be manually added to heimdall after verifying if everything works correctly
- Manually running ansible playbook will erase adguard logs and configuration
traefik-certs-dumper
is required cause traefik uses acme.json as certificate storage which is not compatible with adguardhome- The SSL Certificates are stored in
/home/ubuntu/letsencrypt/certs/
- DNS-over-HTTPS endpoint for AdGuardHome is
https://adguard.example.com/dns-query
(replaceexample.com
with your domain) - If DNS-over-HTTPS doesn't work setup portainer and restart
traefik-certs-dumper
andadguardhome
containers - DNS-over-TLS endpoint for AdGuardHome is
adguard.example.com
(replaceexample.com
with your domain) - AdGuardHome is deployed with few filters,if it causes problems with websites remove it from the list which is found at Adguard Dashboard: Filters -> DNS blocklists
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request