Fix bootstrap

bootstrap/README.md

@@ -0,0 +1,82 @@
+# Bootstrap
+
+Set up a MacVLAN network
+
+As an example, with the following network setup:
+- interface to LAN: `bond0`
+- Complete LAN subnet: `192.168.0.0/23`
+- LAN gateway: `192.168.0.1`
+- DHCP range: `192.168.0.0/24` (excluding gateway)
+- MacVLAN interface name: `macvlan0` (user defined)
+- MacVLAN range: `192.168.1.0/24` (should be outside of DHCP range)
+- MacVLAN host IP: `192.168.1.1` (should be in the MacVLAN range)
+
+```
+ip link add macvlan0 link bond0 type macvlan mode bridge
+ip addr add 192.168.1.0/32 dev macvlan0
+ip link set macvlan0 up
+ip route add 192.168.1.0/24 dev macvlan0
+```
+
+Run portainer once
+```
+docker run --rm -p 9443:9443 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce:latest
+```
+
+### Environment variables
+- `NASCOMPOSE_SERVICES`: Absolute path to the `services` folder
+
+## Docker
+[`alpine/socat`](https://hub.docker.com/r/alpine/socat/) exposes the docker socket as a port.
+
+### 🌐 Ports
+- `2375 TCP`: Docker API
+
+### 📂 Volumes
+- `/var/run/docker.sock`: Socket file from host mounted as it to be exposed.
+
+### 📒 Documentation
+- [socat](https://linux.die.net/man/1/socat) manual
+
+## Traefik
+[`traefik`](https://hub.docker.com/_/traefik) is a reverse proxy for docker services.
+
+### 🌐 Ports
+- `80 TCP`: HTTP access. Should always redirect to HTTPs
+- `443 TCP`: HTTPs access
+
+### 📂 Volumes
+- `traefik_dynamic_config`: Folder containing the dynamic configuration for `File` provider. See [traefik documentation](https://doc.traefik.io/traefik/providers/file/).
+
+### 📝 Configs
+- `traefik_config`: Static configuration from `File` provider. See [traefik documentation](https://doc.traefik.io/traefik/providers/file/).
+
+### 🔒 Secrets
+- `traefik_password`: Basic Auth username/password to access Traefik. Encoded using htpasswd (or [equivalent](https://hostingcanada.org/htpasswd-generator/)), use BCrypt at least.
+- `traefik_tls_cert`: Self-signed certificate for Traefik. Particularly useful in development to avoid generating new certificates on each restart.
+- `traefik_tls_key`: Self-signed private key for Traefik. Used with `traefik_tls_cert`.
+
+### 📒 Documentation
+- [Traefik](https://doc.traefik.io/) official documentation
+
+## Portainer
+[`portainer/portainer-ce`](https://hub.docker.com/r/portainer/portainer-ce) is a docker instance manager.
+Useful to manage the stacks/docker-compose configuration for the NAS.
+
+Set up to use the port exposed via the `Docker` container. It displays information about all docker resources available on the host. \
+It excludes all resources with the tag `nas-compose.boostrap: true`.
+
+Each compose file (except the `bootstrap.docker-compose.yaml`) need to be added as a [stack](https://docs.portainer.io/user/docker/stacks/add), with the right environment variables set.
+
+
+### 🌐 Ports
+- `9443 TCP`: HTTPs (self-signed) access to the web interface
+
+### 📂 Volumes
+- ⚠️ `portainer_data`: All configuration and application data related to portainer. **It contains sensitive files**
+
+### 🔒 Secrets
+- `portainer_password`: Admin default admin's password
+
+### 📒 Documentation
+- [Portainer](https://docs.portainer.io/) official documentation

bootstrap/bootstrap.docker-compose.yml

@@ -42,10 +42,10 @@ volumes:
     driver_opts:
       type: none
       o: bind
-      device: ${NASCOMPOSE_SERVICES?}/portainer/volumes/data/
+      device: ${NASCOMPOSE_SERVICES?}/bootstrap/volumes/portainer_data/
     labels:
       nas-compose.boostrap: true
 
 secrets:
   portainer_password:
-    file: ${NASCOMPOSE_SERVICES?}/portainer/secrets/portainer_password
+    file: ${NASCOMPOSE_SERVICES?}/bootstrap/secrets/portainer_password

bootstrap/secrets/README.md

@@ -1,2 +0,0 @@
-Contains the file `portainer_password`
-More on https://docs.portainer.io/advanced/cli#method-2-creating-the-account-using-a-file