AndrewTrieu/selfhosted
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb50bd75afb961caf252db4aa54cd477361831ce
selfhosted/README.md
Andrew Trieu bb50bd75af Initial commit
2025-11-15 14:30:39 +02:00

136 lines
2.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Homelab Setup (Vaultwarden + 2FAuth + Caddy + DuckDNS)
This repository contains the configuration for my personal homelab stack, including:
- **Vaultwarden** self-hosted password manager (Bitwarden-compatible)
- **2FAuth** self-hosted two-factor authentication manager
- **Caddy** reverse proxy with automatic HTTPS via DuckDNS (DNS-01)
- **DuckDNS Updater** updates my dynamic IP address automatically
The setup is built with Docker Compose and is designed to be simple, secure, and easy to maintain.
## Directory Structure
```bash
.
├── duckdns
│ ├── duck.log # Log file for DuckDNS updates
│ └── duck.sh # DuckDNS update script (runs via cron)
└── homelab
├── Caddyfile # Reverse proxy configuration for Caddy
└── compose.yml # Docker Compose stack for Vaultwarden + 2FAuth + Caddy
```
## Secrets and Environment Variables
Before deploying, you **must** replace all placeholder values in the config files.
- `https://vault.example.com` and `vault.example.com` → your Vaultwarden domain
- `https://auth.example.com` and `auth.example.com` → your 2FAuth domain
- `admin@example.com` → your email address (used by Caddy / Lets Encrypt and 2FAuth)
- `TOKEN` → your DuckDNS token
- `SomeRandomStringOf32CharsExactly` → a **32-character** random string for `APP_KEY`
## DuckDNS Dynamic DNS Updater
The `duckdns/duck.sh` script updates all DuckDNS domains used by the homelab. It always logs to `duckdns/duck.log`.
### Run manually
```bash
cd duckdns
./duck.sh
```
### Cron to run periodically (recommended)
```bash
cd duckdns
chmod 700 duck.sh
crontab -e
```
Add:
```bash
*/5 * * * * /path/to/duckdns/duck.sh >/dev/null 2>&1
```
This ensures your DuckDNS domains always point to your current IP.
## Homelab Stack (Docker Compose)
The **homelab/** folder contains:
- `compose.yml` runs Vaultwarden, 2FAuth, and Caddy
- `Caddyfile` defines routing for:
- `https://<vault-domain>` → Vaultwarden
- `https://<auth-domain>` → 2FAuth
### Start the stack
```bash
cd homelab
docker compose up -d
```
### Stop the stack
```bash
cd homelab
docker compose down
```
### View logs
```bash
docker logs caddy -f
docker logs vaultwarden -f
docker logs 2fauth -f
```
### Auto-start on system boot
The containers already use:
```yml
restart: always
```
But remember to enable Docker on startup:
```bash
sudo systemctl enable docker
```
### Set correct permissions for volumes (optional)
Run:
```bash
sudo chown -R 1000:1000 homelab/vaultwarden
sudo chmod -R 755 homelab/vaultwarden
sudo chown -R 1000:1000 homelab/2fauth
sudo chmod -R 755 homelab/2fauth
```
Then restart the containers:
```bash
cd homelab
docker compose restart vaultwarden 2fauth
```
## Updating
To update to the latest versions:
```bash
cd homelab
docker compose pull
docker compose up -d
```
This will refresh all Docker images with zero downtime.
Reference in New Issue View Git Blame Copy Permalink