Initial commit

2025-11-15 14:30:39 +02:00
commit bb50bd75af
5 changed files with 255 additions and 0 deletions
--- a/homelab/Caddyfile
+++ b/homelab/Caddyfile
@@ -0,0 +1,41 @@
+# ===========================
+# Vaultwarden
+# ===========================
+{$VAULT_DOMAIN} {
+    log {
+        level INFO
+        output file {$LOG_FILE} {
+            roll_size 10MB
+            roll_keep 10
+        }
+    }
+
+    tls {
+        dns duckdns {$DUCKDNS_TOKEN}
+    }
+
+    encode zstd gzip
+
+    reverse_proxy vaultwarden:80
+}
+
+# ===========================
+# 2FAuth
+# ===========================
+{$AUTH_DOMAIN} {
+    log {
+        level INFO
+        output file {$LOG_FILE} {
+            roll_size 10MB
+            roll_keep 10
+        }
+    }
+
+    tls {
+        dns duckdns {$DUCKDNS_TOKEN}
+    }
+
+    encode zstd gzip
+
+    reverse_proxy 2fauth:8000
+}
--- a/homelab/compose.yml
+++ b/homelab/compose.yml
@@ -0,0 +1,55 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: always
+    volumes:
+      - ./vaultwarden:/data
+    environment:
+      DOMAIN: "https://vault.example.com" # Change to yours
+
+  2fauth:
+    image: 2fauth/2fauth:latest
+    container_name: 2fauth
+    restart: always
+    volumes:
+      - ./2fauth:/data
+    environment:
+      - APP_NAME=2FAuth
+      - APP_ENV=production
+      - APP_DEBUG=false
+      - APP_TIMEZONE=Europe/Helsinki
+      - SITE_OWNER=admin@example.com # Change to yours
+      - APP_KEY=SomeRandomStringOf32CharsExactly # Change to yours
+      - APP_URL=https://auth.example.com # Change to yours
+      - ASSET_URL=https://auth.example.com # Change to yours
+      - TRUSTED_PROXIES=*
+      - LOG_CHANNEL=daily
+      - LOG_LEVEL=notice
+    networks:
+      - default
+
+  caddy:
+    image: caddy:2
+    container_name: caddy
+    restart: always
+    ports:
+      - 80:80
+      - 443:443
+      - 443:443/udp
+    volumes:
+      - ./caddy:/usr/bin/caddy 
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./caddy-config:/config
+      - ./caddy-data:/data
+    environment:
+      # For Caddy: hostnames only, no https://
+      VAULT_DOMAIN: "vault.example.com" # Change to yours
+      AUTH_DOMAIN:  "auth.example.com" # Change to yours
+      EMAIL: "admin@example.com" # Change to yours
+      DUCKDNS_TOKEN: "TOKEN" # Change to yours
+      LOG_FILE: "/data/access.log"
+
+networks:
+  default:
+    driver: bridge