Skip to content

tldr-devops/startpack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

startpack

#StandWithBelarus Voices From Belarus Stand With Ukraine

This is a basic setup of services for faster startup development. You can run it via docker-compose or docker swarm.

Warning: This setup doesn't provide high level of security or any high availability. You have to hire some skilled devops engineer (like me)) for close this gap after getting first round or sales.

Also you can check Awesome Selfhosted, Awesome Sysadmin and Free for Dev for more options ;)

And Coolify or Dokku - an open-source & self-hostable Heroku / Netlify alternative

Discuss on hacker news

Time track:

Available and planned open source components

Platform

Databases and Storage

Management

  • [DONE] Gitlab as git hosting and devops platform
  • [DONE] Nextcloud as cloud storage with plugins for email, task management, password storage, etc
  • [DONE] Tuleap as management software
  • [DONE] Openproject as management software
  • [DONE] Vaultwarden as password manager for business
  • [Backlog] Zentao as scrum management software
  • [Backlog] Taiga as kanban board based management software
  • [Backlog] Owncloud as cloud storage

Chat

  • [DONE] Rocket
  • [Backlog] Mattermost
  • [Backlog] Twake as alternative to Microsoft Teams
  • [Backlog] Wire as alternative to Microsoft Teams

Backend as a service

  • [DONE] Nocodb as airtable alternative
  • [DONE] Strapi as headless CMS
  • [Backlog] Appwrite as firebase alternative

CMS

  • [Backlog] Wordpress one of the most popular CMS
  • [Backlog] Ghost as alternative to medium
  • [Backlog] Webiny landing page builder with drag and drop features
  • [Backlog] Grapedrop open source page builder

Low Code Platform

  • [Backlog] Anvil is a framework for building full-stack web apps with nothing but Python
  • [Backlog] Budibase build modern business apps in under 5 minutes
  • [Backlog] Appsmith a powerful open source framework to build internal tools
  • [Backlog] Tooljet everything you need to build internal tools

CI & CD

About the Author

Hello, everyone! My name is Filipp, and I have been working with high load distribution systems and services, security, monitoring, continuous deployment and release management (DevOps domain) since 2012.

One of my passions is developing DevOps solutions and contributing to the open-source community. By sharing my knowledge and experiences, I strive to save time for both myself and others while fostering a culture of collaboration and learning.

I had to leave my home country, Belarus, due to my participation in protests against the oppressive regime of dictator Lukashenko, who maintains a close affiliation with Putin. Since then, I'm trying to build my life from zero in other countries.

If you are seeking a skilled DevOps lead or architect to enhance your project, I invite you to connect with me on LinkedIn or explore my valuable contributions on GitHub. Let's collaborate and create some cool solutions together :)

Support

You can support this or any other of my projects

Setup

All operations should be executed from root on target machine. You can use your laptop or some server. For running all services you need at least 2 cpu cores, 8gb memory and 20gb of free disk space. You can find cheap servers on hetzner.com or compare small hosters on vps.today.

You also need a valid domain name pointed to this server for automatically setting up https with traefik and letsencrypt. However, you can hack your hosts file for working without https.

For bying domain and configuring DNS I recommend you Cloudflare. You should create at least two DNS record type A:

  1. your domain name pointed to your server IP
  2. *.your domain name pointed to your server IP

If you run services with docker-compose, all service will be located on your single server. With docker stack (swarm) mode, you can add addition servers in the same local network (the same network important for nfs volumes mounting unfortunately).

1) Install docker if it doesn't installed

(run scripts from the internet is a bad practice, but if you don't know how to install docker with package managers - it's acceptable)

curl -fsSL https://get.docker.com -o get-docker.sh
DRY_RUN=1 sh ./get-docker.sh
sh ./get-docker.sh

Install docker-compose

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

2) Setup docker swarm if you choose using it.

docker swarm init --advertise-addr $(hostname -I | awk '{print $1}')

3) Get this repo

git clone https://github.com/tldr-devops/startpack.git --depth=1
cd startpack

4) Fill necessary variables like domain name of your server, your email, passwords for basic auth and sql services.

Generate random passwords

echo -e "export TELEPORT_TOKEN=$(echo $RANDOM `date`|md5sum|base64)\n$(cat env.sh)" > env.sh
echo -e "export NEXTCLOUD_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export TULEAP_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export STRAPI_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export GITLAB_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export OPENPROJECT_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export NOCODB_SQL_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export REGISTRY_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export SQL_ROOT_PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh
echo -e "export PASSWORD=$(echo $RANDOM `date`|md5sum|base64|head -c 25)\n$(cat env.sh)" > env.sh

You should change this lines with your email and dns name

echo -e "export EMAIL='Type your email here'\n$(cat env.sh)" > env.sh
echo -e "export DOMAIN='Type your domain here'\n$(cat env.sh)" > env.sh

This is your credentials, store it in your password manager ;)

cat env.sh

5) Prepare environment

source env.sh
bash setup.sh

If you have docker swarm setup with more than one machine, you should start NFS server on main manager and connect other nodes to it:

A) On main machine

# Setup NFS server with compose as docker-swarm still doesn't support `privileged` mode
docker-compose -f nfs.yml up -d

B) On all other machines

export MASTER_IP="your $MASTER_IP from step 4"
export DATAPATH="your $DATAPATH from step 4"
echo -e "$MASTER_IP:$DATAPATH $DATAPATH nfs nfsvers=4,rw 0 0" >> /etc/fstab
mount $DATAPATH

6) Run your new services

After entering all commands below you'll able to login into your new services by addresses:

  • https://traefik.your_domain user your $USERNAME password your $PASSWORD
  • https://portainer.your_domain
  • https://registry.your_domain user your $REGISTRY_USERNAME password your $REGISTRY_PASSWORD
  • https://influxdb.your_domain user your $USERNAME password your $PASSWORD
  • https://grafana.your_domain user your $USERNAME password your $PASSWORD
  • https://victoriametrics.your_domain user your $USERNAME password your $PASSWORD
  • https://adminer.your_domain user your $USERNAME password your $PASSWORD
  • https://minio-console.your_domain user your $USERNAME password your $PASSWORD
  • https://gitlab.your_domain user root password your $PASSWORD
  • https://nextcloud.your_domain user your $USERNAME password your $PASSWORD
  • https://tuleap.your_domain user admin password your $PASSWORD
  • https://openproject.your_domain user admin password admin
  • https://rocketchat.your_domain
  • https://vaultwarden.your_domain/admin password your $PASSWORD
  • https://nocodb.your_domain
  • https://strapi.your_domain
Docker Compose

Mandatory steps

docker-compose -f setup-compose.yml up -d
docker-compose -f databases.yml up -d

from now on you can choose which services you need

docker-compose -f monitoring.yml up -d
docker-compose -f registry.yml up -d
docker-compose -f minio.yml up -d
docker-compose -f vaultwarden.yml up -d
docker-compose -f tuleap.yml up -d
docker-compose -f nextcloud.yml up -d
docker-compose -f gitlab.yml up -d

After enabling portainer you should immediately go to portainer.your_domain and set admin password

docker-compose -f portainer.yml up -d

After enabling rocketchat you should immediately go to rocketchat.your_domain/admin and set admin password

docker-compose -f rocketchat.yml up -d

After enabling openproject you should immediately go to openproject.your_domain, login with admin user and admin password, change it and update settings on openproject.your_domain/admin/settings/general

docker-compose -f openproject.yml up -d

After enabling nocodb you should immediately go to nocodb.your_domain and set admin password

docker-compose -f nocodb.yml up -d

After enabling strapi you should wait a minute and then go to strapi.your_domain/admin and set admin password

docker-compose -f strapi.yml up -d
Docker Swarm

Mandatory steps

docker stack deploy --compose-file setup-swarm.yml startpack
docker stack deploy --compose-file databases.yml startpack

From now on you can choose which services you need

docker stack deploy --compose-file monitoring.yml startpack
docker stack deploy --compose-file registry.yml startpack
docker stack deploy --compose-file minio.yml startpack
docker stack deploy --compose-file vaultwarden.yml startpack
docker stack deploy --compose-file tuleap.yml startpack
docker stack deploy --compose-file nextcloud.yml startpack
docker stack deploy --compose-file gitlab.yml startpack

After enabling portainer you should immediately go to portainer.your_domain and set admin password

docker stack deploy --compose-file portainer.yml startpack

After enabling rocketchat you should immediately go to rocketchat.your_domain/admin and set admin password

docker stack deploy --compose-file rocketchat.yml startpack

After enabling openproject you should immediately go to openproject.your_domain, login with admin user and admin password, change it and update settings on openproject.your_domain/admin/settings/general

docker stack deploy --compose-file openproject.yml startpack

After enabling nocodb you should immediately go to nocodb.your_domain and set admin password

docker stack deploy --compose-file nocodb.yml startpack

After enabling strapi you should immediately go to strapi.your_domain/admin and set admin password

docker stack deploy --compose-file strapi.yml startpack

7) Run gitlab-runner on separate machine with docker-compose

# Install docker
curl -fsSL https://get.docker.com -o get-docker.sh
DRY_RUN=1 sh ./get-docker.sh
sh ./get-docker.sh

# Install docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

# Get files
git checkout https://github.com/tldr-devops/startpack.git --depth=1
cd startpack

# Prepare environment
mkdir -p {builds,cache}
export DOMAIN="Your domain"
export HASHED_PASSWORD="HASHED_PASSWORD from step 4"
envsubst < configs/gitlab-runner.toml > ./config.toml

# Run runner in docker with docker-compose
docker-compose -f gitlab-runner.yml up -d

# Check runners logs
docker-compose -f gitlab-runner.yml logs -f

8) Login into your docker registry on all docker hosts

docker login -u "Your REGISTRY_USERNAME from step 4" -p "Your REGISTRY_PASSWORD from step 4" registry."YOUR DOMAIN"

9) You should configure backups of your server, at least $DATAPATH directory