| .github/workflows | ||
| ispmon | ||
| jelly | ||
| ollama | ||
| .doco-cd.ispmon.yaml | ||
| .doco-cd.jelly.yaml | ||
| .doco-cd.ollama.yaml | ||
| .gitignore | ||
| README.md | ||
Doco-CD Deployment
This repository is a Doco-CD deployment for the Docker hosts in my homelab. If you're reading this, and you're not the owner of this homelab, you really shouldn't try to use this repository directly. Feel free to reference the deployment strategy and specifics, but don't try to use them unless you know what you're doing.
- GitHub: https://github.com/cvsickle/homelab-docker
- Codeberg: https://codeberg.org/cvsickle/homelab-docker
- Forgejo (Mirror): https://git.cvsickle.com/cvsickle/homelab-docker
SOPS
This repository uses Mozilla Secret OperationS (SOPS) to encrypt secrets.
To encrypt an env file:
sops --age=age1v59tukq0cvskn0ww9dwhh9z4ytgj03u599rtzs8xap83jtm8msssc9z8q7 --encrypt secrets.env > sops-secrets.env
Bootstrap
To deploy the apps to a Docker host, create a folder on that host with the following structure:
└── docker
└── doco-cd
├── data # Data folder for repo contents.
├── age.agekey # Age private key for SOPS decryption.
├── apprise.txt # Apprise notification URLs. (optional)
├── docker-compose.yaml # Compose file for doco-cd.
├── github.txt # Text file with GitHub token.
└── webhook.txt # Text file with webhook secret.
Docker Compose
Use this template file to define the doco-cd deployment on the host. The <host> needs to match a .doco-cd.<host>.yaml file in the root of the repository.
x-poll-config: &poll-config
POLL_CONFIG: |
- url: https://github.com/cvsickle/homelab-docker.git
reference: main
target: <host>
interval: 180
services:
app:
container_name: doco-cd
image: ghcr.io/kimdre/doco-cd:latest
ports:
- "80:80" # Webhook endpoint
- "9120:9120" # Prometheus metrics
environment:
TZ: America/New_York
GIT_ACCESS_TOKEN_FILE: /run/secrets/github_token
WEBHOOK_SECRET_FILE: /run/secrets/webhook_secret
<<: *poll-config
SOPS_AGE_KEY_FILE: /run/secrets/sops_age_key
APPRISE_API_URL: http://apprise:8000/notify # Optional
APPRISE_NOTIFY_LEVEL: success
APPRISE_NOTIFY_URLS_FILE: /run/secrets/apprise_urls
secrets:
- sops_age_key
- github_token
- webhook_secret
- apprise_urls
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/data
labels:
- "autoheal=true" # Optional if using willfarrell/autoheal
- "com.centurylinklabs.watchtower.scope=true" # Optional if using nickfedor/watchtower
restart: unless-stopped
depends_on:
apprise:
condition: service_healthy
depends_on:
- apprise # Optional
healthcheck:
test: [ "CMD", "/doco-cd", "healthcheck" ]
start_period: 15s
interval: 30s
timeout: 5s
retries: 3
# Optional if using notification
apprise:
image: caronc/apprise:latest
container_name: apprise
ports:
- "8000:8000"
environment:
TZ: America/New_York
APPRISE_WORKER_COUNT: 1
labels:
- "autoheal=true" # Optional if using willfarrell/autoheal
- "com.centurylinklabs.watchtower.scope=true" # Optional if using nickfedor/watchtower
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/status"]
start_period: 10s
interval: 15s
timeout: 5s
retries: 3
secrets:
sops_age_key:
file: age.agekey
github_token:
file: github.txt
webhook_secret:
file: webhook.txt
apprise_urls:
file: apprise.txt # Optional
Apprise
See Notifications.
The apprise.txt file will need setup with instructions to send notfications and the compose file needs to reference this file, as indicated above. See the Apprise Documentaiton for more information.