- Contents
- Introduction
- Screenshots
- Prerequisites
- Setup
- Deploy
- Important Notes
- Contributing
- Authors
- License
-
Casadora is a set of terraform and ansible scripts to create and deploy a home server on arm64 machinces of oracle cloud.
-
The choices taken for deploying the services and their settings are opinionated as I wanted to reduce the options and configuration for initial deployment.
-
The services deployed are as follows:
-
The services and their configurations can be changed by editing the
docker-compose.ymlfile inside theansibledirectory
| Heimdall | Traefik |
|---|---|
 |
 |
| Portainer | AdGuardHome |
 |
 |
| Grafana | WG-Easy |
 |
 |
-
- Casadora is setup to be used with cloudflare under default configuration,so a domain which is handled by cloudflare is required.
-
- Make sure that your Oracle Cloud Account can create a 2 OCPU ARM64 instance with 6 GB Ram and 50 GB Storage
-
- Install terraform for your operating system
-
- Install ansible for your operating system
-
-
Execute the following command in terminal
git clone https://github.com/CoolFool/Casadora.git -
Change directory to Casadora with
cd Casadora
-
-
-
-
- Open terminal
ssh-keygen -t ed25519 -C "your_email@example.com"
This creates a new SSH key, using the provided email as a label.
> Generating public/private algorithm key pair.-
When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.
> Enter a file in which to save the key (/home/you/.ssh/algorithm): [Press enter] -
At the prompt, type a secure passphrase. For more information, see "Working with SSH key passphrases."
> Enter passphrase (empty for no passphrase): [Type a passphrase] > Enter same passphrase again: [Type passphrase again]
-
-
Start the ssh-agent in the background.
$ eval "$(ssh-agent -s)"> Agent pid 59566 -
Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file.
$ ssh-add ~/.ssh/id_ed25519
-
-
-
-
Select Account 
-
Add API Key 
-
Download Private Key and Click on Add 
-
Copy the API Information 
-
-
-
Select Profile 
-
Select API Tokens and Create Token 
-
Select Edit Zone API Template 
-
Select specific zone and continue 
-
Create Token 
-
Copy and Save the API Token 
-
-
-
Rename
terraform.example.tfvarstoterraform.tfvarsin theterraformdirectory. -
Fill the variables with the values obtained from the previous steps
-
The variables are as follows:
-
oci_tenancy_ocid- From Oracle Cloud API Keyoci_user_ocid- From Oracle Cloud API Keyoci_private_key_path- From Oracle Cloud API Keyoci_fingerprint- From Oracle Cloud API Keyoci_region- From Oracle Cloud API Keyoci_instance_name- From Oracle Cloud API Keyoci_ssh_public_key_path- SSH Public Key Path generated in previous step (Example:/home/coolfool/.ssh/id_ed25519.pub)
-
cf_api_token- Cloudflare API Token generated in previous stepscf_domain_name- Cloudflare managed and API token accessible domain namecf_adguard_record_name- subdomain to create for adguard (default :adguard)cf_heimdall_record_name- subdomain to create for heimdall (default :heimdall)cf_traefik_record_name- subdomain to create for traefik (default :traefik)cf_grafana_record_name- subdomain to create for grafana (default :grafana)cf_portainer_record_name- subdomain to create for portainer (default :portainer)cf_wireguard_record_name- subdomain to create for wireguard (default :wireguard)
-
Ansible services (passwords should be in plaintext cause the required format and hash for respective services is autogenerated)
ansible_ssh_private_key_path- SSH Private Key Path generated previously (Example:/home/coolfool/.ssh/id_ed25519)ansible_traefik_username- Username to be used for traefik dashboardansible_traefik_password- Password to be used for traefik dashboard in plaintextansible_lets_encrypt_email- Email address for lets encrypt certificate notficationsansible_adguard_username- Username to be used for adguardansible_adguard_password- Password to be used for adguardansible_wireguard_password- Password to be used for wireguard dashboard
-
-
-
-
-
Ansible playbook is auto-run when terraform creates the resources using the values from
terraform.tfvars -
To manually run the playbook the following commands should be executed inside the
ansibledirectory-
For updating and installing docker & docker-compose
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '<SERVER_IP_ADDR>,' --private-key <PRIVATE_SSH_KEY_PATH> housekeeping.yml -
For Setting and Starting the services
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u ubuntu -i '<SERVER_IP_ADDR>,' --private-key <PRIVATE_SSH_KEY_PATH> setup-services.yml
-
-
To create the instance and deploy the services run the following commands inside terraform directory
terraform initterraform apply
- For Grafana use the following dashboards:
- Adguard
- Cadvisor
- Node Exporter
- Traefik Metrics
Ofcourse you can use any dashboard which supports the deployed exporters
- If you want to take down the docker services from within the server through ssh use the command
docker-compose --env-file setup.env downwhile for starting use the commanddocker-compose --env-file setup.env up --detach - The
setup.envfile is auto-generated in/home/ubuntu/with the required values through ansible - For Portainer and Grafana user should be created manually as prompted by the services at first use.
- Services should be manually added to heimdall after verifying if everything works correctly
- Manually running ansible playbook will erase adguard logs and configuration
traefik-certs-dumperis required cause traefik uses acme.json as certificate storage which is not compatible with adguardhome- The SSL Certificates are stored in
/home/ubuntu/letsencrypt/certs/ - DNS-over-HTTPS endpoint for AdGuardHome is
https://adguard.example.com/dns-query(replaceexample.comwith your domain) - If DNS-over-HTTPS doesn't work setup portainer and restart
traefik-certs-dumperandadguardhomecontainers - DNS-over-TLS endpoint for AdGuardHome is
adguard.example.com(replaceexample.comwith your domain) - AdGuardHome is deployed with few filters,if it causes problems with websites remove it from the list which is found at Adguard Dashboard: Filters -> DNS blocklists
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request