# π Self-hosted
## π οΈ Setup instructions
### π οΈ Configuration Setup
1. **Create `.env` File:** Add a `.env` file in your local repository with the following variables:
```
REMOTE_USER=
REMOTE_HOST=
REMOTE_PATH=
```
These variables will be utilized by the `Makefile` to synchronize configurations from your local environment to the server without exposing sensitive information in your Git repository.
### Set up Tailscale
Tailscale provides a seamless way to connect your devices to your internal network securely.
#### π οΈ Installation and Configuration Steps
1. Add Tailscaleβs package signing key and repository:
```
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
```
2. Install Tailscale:
```
sudo apt-get update
sudo apt-get install tailscale
```
3. Connect your machine to your Tailscale network and authenticate in your browser:
```
sudo tailscale up
```
4. Find your Tailscale IPv4 address by running:
```
tailscale ip -4
```
#### π οΈ Preparing the System
Update System and Install Dependencies: Update the package list and install essential dependencies.
```
sudo apt update
sudo apt install ca-certificates curl gnupg lsb-release
```
#### π Adding Docker Repository
1. Add Docker's GPG key
```
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
```
2. Add Docker Repository
```
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
```
#### π Installing Docker and Docker Compose
```
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io
sudo docker --version && docker compose version
```
### Set up Docker
#### π Removing Old Docker Versions
**1. Remove Existing Docker Packages:** Ensure you have a clean slate by removing any existing Docker packages.
```
sudo apt remove docker docker-engine docker.io containerd runc
```
**2. Delete Existing Repositories:** Remove any existing Docker repositories to avoid conflicts.
```
sudo rm /etc/apt/sources.list.d/docker.list
```
## π¦ Adding a new service
1. **Create Service Directory:** Inside your repository, create a new directory under `/service` for your new self-hosted service.
2. **Add Configuration Files:**
- Place the `docker-compose.yml `file inside the newly created service directory.
- If additional configuration files like .env or app.ini are required for your service, add them to the same directory.
3. **Synchronize Configuration:** To upload the `.env` file (or any other necessary configuration files) to the server, run the following command:
```bash
make upload-{service_name}
```
Replace `{service_name}` with the name of your service directory. This command will sync the configurations to the specified server path using the variables defined in your `.env` file.
## π¦ Make service publicly available
Add the following labels:
```
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(${HOST})"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls.certresolver=myresolver"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
- "traefik.docker.network=traefik_network"
```
Set `HOST` in your `.env` file.
Add your service to the `traefik_network` network:
```
networks:
- traefik_network
```
Add:
```
networks:
traefik_network:
external: true
```
Rebuild Docker image:
```
docker compose up --build -d
```
## π οΈ Storage
### π¦ Mounting a New Volume Using Hetzner's Storage Box
This guide walks you through the process of mounting a Storage Box folder (`nextcloud_data`) to a specific mount point (`/mnt/nextcloud_data`) on your server.
#### π Prerequisites
Create a sub-account in Hetzner's Robot Control Panel with SSH and Samba support enabled.
Note down the sub-account username and the generated password provided by Hetzner.
#### π Steps to Mount the Storage Box
1. **SSH into the Storage Box:** Connect to your Storage Box via SSH using the sub-account username and the provided password.
```bash
ssh -p23 SB_USERNAME@SB_USERNAME.your-storagebox.de
```
2. **Create a Directory:** Inside the Storage Box, create a new directory named `nextcloud_data`.
```bash
mkdir nextcloud_data
```
3. **Update /etc/fstab:** Add an entry to the `/etc/fstab` file on your server to automatically mount the Storage Box folder to `/mnt/nextcloud_data.` Replace `YOUR_PATH` with `nextcloud_data` and `YOUR_MOUNT_POINT` with `/mnt/nextcloud_data`.
```
//SB_USERNAME.your-storagebox.de/YOUR_PATH /YOUR_MOUNT_POINT cifs seal,vers=3,iocharset=utf8,rw,credentials=/etc/secure_config/cifs-nextcloud-credentials.txt,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 0 0
```
4. **Create Credentials File:** Add a credentials file (`cifs-nextcloud-credentials.txt`) in `/etc/secure_config` directory on your server with the sub-account username and password.
```
username=SB_SUBACCOUNT_USERNAME
password=SB_SUBACCOUNT_PASSWORD
```
5. **Mount and test:** Mount the Storage Box folder using the mount -a command and verify the mount status.
```bash
mount -a
```
6. **Verify Mount Point:** Ensure that the Storage Box is correctly mounted by checking the mount point using the df -h command.
```bash
df -h
```
#### Troubleshooting
**mount: /mnt/nextcloud_data: mount(2) system call failed: No route to host. dmesg(1) may have more information after failed mount system call.**
Make sure Samba support is enabled.
### Volume encryption
To be added
## π§° Maintenance
### Backup
To be added
### Monitoring
To be added
## π Troubleshooting
### Firefox detected a potential security threat and did not continue to {host}.velouria.dev because this website requires a secure connection.
Could be an issue in the `docker-compose.yml` set up - check your docker compose and Traefik logs