Repository files navigation

This is a basic setup of services for faster startup development. You can run it viadocker-compose ordocker swarm.

Warning: This setup doesn't provide high level of security or anyhigh availability. You have to hire some skilled devops engineer (like me)) for close this gap after getting first round or sales.

Also you can checkAwesome Selfhosted,Awesome Sysadmin andFree for Dev for more options ;)

AndCoolify orDokku - an open-source & self-hostable Heroku / Netlify alternative

Discuss on hacker news

Time track:

• Filipp Frizzy: 63h 30m for 15 days

• [DONE]Docker Compose
• [DONE]Docker Swarm
• [DONE]Traefik as web server with autodiscovery andletsencrypt certs
• [DONE]NFS for docker swarm volumes
• [DONE]Portainer as admin panel for docker services
• [DONE]Docker registry for store your docker images
• [DONE]Influxdb 2 andTelegraf for monitoring services
• [DONE]Grafana andVictoriametrics for monitoring services

• [DONE]Mariadb as SQL database
• [DONE]Postgresql as another popular SQL database
• [DONE]SQL Adminer as admin panel for SQL databases
• [DONE]Minio as s3 storage

• [DONE]Gitlab as git hosting and devops platform
• [DONE]Nextcloud as cloud storage with plugins for email, task management, password storage, etc
• [DONE]Tuleap as management software
• [DONE]Openproject as management software
• [DONE]Vaultwarden as password manager for business
• [Backlog]Zentao as scrum management software
• [Backlog]Taiga as kanban board based management software
• [Backlog]Owncloud as cloud storage

• [DONE]Rocket
• [Backlog]Mattermost
• [Backlog]Twake as alternative to Microsoft Teams
• [Backlog]Wire as alternative to Microsoft Teams

• [DONE]Nocodb as airtable alternative
• [DONE]Strapi as headless CMS
• [Backlog]Appwrite as firebase alternative

• [Backlog]Wordpress one of the most popular CMS
• [Backlog]Ghost as alternative to medium
• [Backlog]Webiny landing page builder with drag and drop features
• [Backlog]Grapedrop open source page builder

• [Backlog]Anvil is a framework for building full-stack web apps with nothing but Python
• [Backlog]Budibase build modern business apps in under 5 minutes
• [Backlog]Appsmith a powerful open source framework to build internal tools
• [Backlog]Tooljet everything you need to build internal tools

• [DONE]Gitlab Runner should be placed on separate host

Hello, everyone! My name is Filipp, and I have been working with high load distribution systems and services, security, monitoring, continuous deployment and release management (DevOps domain) since 2012.

One of my passions is developing DevOps solutions and contributing to the open-source community. By sharing my knowledge and experiences, I strive to save time for both myself and others while fostering a culture of collaboration and learning.

I had to leave my home country, Belarus, due to my participation inprotests against the oppressive regime of dictator Lukashenko, who maintains a close affiliation with Putin. Since then, I'm trying to build my life from zero in other countries.

If you are seeking a skilled DevOps lead or architect to enhance your project, I invite you to connect with me onLinkedIn or explore my valuable contributions onGitHub. Let's collaborate and create some cool solutions together :)

You can support this or any other of my projects

• 
• donationalerts.com/r/filipp_frizzy
• ETH 0xCD9fC1719b9E174E911f343CA2B391060F931ff7
• BTC bc1q8fhsj24f5ncv3995zk9v3jhwwmscecc6w0tdw3

All operations should be executed from root on target machine. You can use your laptop or some server. For running all services you need at least 2 cpu cores, 8gb memory and 20gb of free disk space. You can find cheap servers onhetzner.com or compare small hosters onvps.today.

You also need a valid domain name pointed to this server for automatically setting up https withtraefik andletsencrypt. However, you canhack your hosts file for working without https.

For bying domain and configuring DNS I recommend youCloudflare. You should create at least two DNS record typeA:

1. your domain name pointed toyour server IP
2. *.your domain name pointed toyour server IP

If you run services withdocker-compose, all service will be located on your single server. Withdocker stack (swarm) mode, you canadd addition servers in the same local network (the same network important for nfs volumes mounting unfortunately).

(run scripts from the internet is a bad practice, but if you don't know how to install docker with package managers - it's acceptable)

curl -fsSL https://get.docker.com -o get-docker.shDRY_RUN=1 sh ./get-docker.shsh ./get-docker.sh

Install docker-compose

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-compose

docker swarm init --advertise-addr $(hostname -I | awk '{print $1}')

git clone https://github.com/tldr-devops/startpack.git --depth=1cd startpack

Generate random passwords

echo -e "export TELEPORT_TOKEN=$(echo $RANDOM `date`|md5sum|base64)\n$(cat env.sh)" > env.shecho -e "export NEXTCLOUD_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export TULEAP_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export STRAPI_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export GITLAB_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export OPENPROJECT_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export NOCODB_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export REGISTRY_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export SQL_ROOT_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.shecho -e "export PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh

You should change this lines with your email and dns name

echo -e "export EMAIL='Type your email here'\n$(cat env.sh)" > env.shecho -e "export DOMAIN='Type your domain here'\n$(cat env.sh)" > env.sh

This is your credentials, store it in your password manager ;)

cat env.sh

source env.shbash setup.sh

If you have docker swarm setup with more than one machine, you should start NFS server on main manager andconnect other nodes to it:

A) On main machine

# Setup NFS server with compose as docker-swarm still doesn't support `privileged` modedocker-compose -f nfs.yml up -d

B) On all other machines

export MASTER_IP="your $MASTER_IP from step 4"export DATAPATH="your $DATAPATH from step 4"echo -e "$MASTER_IP:$DATAPATH $DATAPATH nfs nfsvers=4,rw 0 0" >> /etc/fstabmount $DATAPATH

After entering all commands below you'll able to login into your new services by addresses:

• https://traefik.your_domain useryour $USERNAME passwordyour $PASSWORD
• https://portainer.your_domain
• https://registry.your_domain useryour $REGISTRY_USERNAME passwordyour $REGISTRY_PASSWORD
• https://influxdb.your_domain useryour $USERNAME passwordyour $PASSWORD
• https://grafana.your_domain useryour $USERNAME passwordyour $PASSWORD
• https://victoriametrics.your_domain useryour $USERNAME passwordyour $PASSWORD
• https://adminer.your_domain useryour $USERNAME passwordyour $PASSWORD
• https://minio-console.your_domain useryour $USERNAME passwordyour $PASSWORD
• https://gitlab.your_domain userroot passwordyour $PASSWORD
• https://nextcloud.your_domain useryour $USERNAME passwordyour $PASSWORD
• https://tuleap.your_domain useradmin passwordyour $PASSWORD
• https://openproject.your_domain useradmin passwordadmin
• https://rocketchat.your_domain
• https://vaultwarden.your_domain/admin passwordyour $PASSWORD
• https://nocodb.your_domain
• https://strapi.your_domain

Mandatory steps

docker-compose -f setup-compose.yml up -ddocker-compose -f databases.yml up -d

from now on you can choose which services you need

docker-compose -f monitoring.yml up -ddocker-compose -f registry.yml up -ddocker-compose -f minio.yml up -ddocker-compose -f vaultwarden.yml up -ddocker-compose -f tuleap.yml up -ddocker-compose -f nextcloud.yml up -ddocker-compose -f gitlab.yml up -d

After enabling portainer you should immediately go to portainer.your_domain and set admin password

docker-compose -f portainer.yml up -d

After enabling rocketchat you should immediately go to rocketchat.your_domain/admin and set admin password

docker-compose -f rocketchat.yml up -d

After enabling openproject you should immediately go to openproject.your_domain,login withadmin user andadmin password, change it and update settings onopenproject.your_domain/admin/settings/general

docker-compose -f openproject.yml up -d

After enabling nocodb you should immediately go to nocodb.your_domain and set admin password

docker-compose -f nocodb.yml up -d

After enabling strapi you should wait a minute and then go to strapi.your_domain/admin and set admin password

docker-compose -f strapi.yml up -d

Mandatory steps

docker stack deploy --compose-file setup-swarm.yml startpackdocker stack deploy --compose-file databases.yml startpack

From now on you can choose which services you need

docker stack deploy --compose-file monitoring.yml startpackdocker stack deploy --compose-file registry.yml startpackdocker stack deploy --compose-file minio.yml startpackdocker stack deploy --compose-file vaultwarden.yml startpackdocker stack deploy --compose-file tuleap.yml startpackdocker stack deploy --compose-file nextcloud.yml startpackdocker stack deploy --compose-file gitlab.yml startpack

After enabling portainer you should immediately go to portainer.your_domain and set admin password

docker stack deploy --compose-file portainer.yml startpack

After enabling rocketchat you should immediately go to rocketchat.your_domain/admin and set admin password

docker stack deploy --compose-file rocketchat.yml startpack

After enabling openproject you should immediately go to openproject.your_domain,login withadmin user andadmin password, change it and update settings onopenproject.your_domain/admin/settings/general

docker stack deploy --compose-file openproject.yml startpack

After enabling nocodb you should immediately go to nocodb.your_domain and set admin password

docker stack deploy --compose-file nocodb.yml startpack

After enabling strapi you should immediately go to strapi.your_domain/admin and set admin password

docker stack deploy --compose-file strapi.yml startpack

# Install dockercurl -fsSL https://get.docker.com -o get-docker.shDRY_RUN=1 sh ./get-docker.shsh ./get-docker.sh# Install docker-composecurl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-compose# Get filesgit checkout https://github.com/tldr-devops/startpack.git --depth=1cd startpack# Prepare environmentmkdir -p {builds,cache}export DOMAIN="Your domain"export HASHED_PASSWORD="HASHED_PASSWORD from step 4"envsubst < configs/gitlab-runner.toml > ./config.toml# Run runner in docker with docker-composedocker-compose -f gitlab-runner.yml up -d# Check runners logsdocker-compose -f gitlab-runner.yml logs -f

docker login -u "Your REGISTRY_USERNAME from step 4" -p "Your REGISTRY_PASSWORD from step 4" registry."YOUR DOMAIN"