Added registry and arch VMS based on it

2 VM one CPU and one GPU
Also have a simple UI for the registry
Added readTimeout because big layers take too long to transfert

Dockerfile.arch-ttyd-cpu

@@ -9,7 +9,6 @@ RUN pacman -Syu --noconfirm && \
         vim \
         nvim \
         nano \
-        htop \
         lazygit \
         ttyd \
         sudo \
@@ -17,24 +16,28 @@ RUN pacman -Syu --noconfirm && \
         net-tools \
         iputils \
         bind-tools \
+        unzip \
+        yazi \
+        go \
+        zig \
+        ripgrep \
         openssh && \
     pacman -Scc --noconfirm
 
 # Create a workspace directory
 RUN mkdir -p /data
 
-# Create entrypoint script
-RUN echo '#!/bin/bash' > /entrypoint.sh && \
-    echo 'chmod 600 /root/.ssh/id_rsa' >> /entrypoint.sh && \
-    echo 'exec ttyd -c $TTYD_USERNAME:$TTYD_PASSWORD -W -p 7681 bash' >> /entrypoint.sh && \
-    chmod +x /entrypoint.sh
-
 # Install Astronvim
 RUN git clone --depth 1 https://github.com/AstroNvim/template ~/.config/nvim && \
     rm -rf ~/.config/nvim/.git
 
+# Setup Git
+RUN git config --global user.email "git@bouvais.lu"
+RUN git config --global user.name "adrien"
+
+# Add Gopls
+RUN go install golang.org/x/tools/gopls@latest
+
 WORKDIR /data
 
 EXPOSE 7681
-
-ENTRYPOINT ["/entrypoint.sh"]

Dockerfile.arch-ttyd-gpu

@@ -0,0 +1,8 @@
+FROM registry.bouvais.lu/vms/arch-ttyd-cpu:1.0.0
+
+RUN pacman -Syu --noconfirm && \
+    pacman -S --noconfirm \
+        nvidia \
+        cuda \
+        nvidia-utils && \
+    pacman -Scc --noconfirm

developer.yml

@@ -0,0 +1,88 @@
+services:
+  gitea:
+    image: "docker.gitea.com/gitea:1.23.8"
+    container_name: gitea
+    restart: unless-stopped
+    environment:
+      - GITEA_CUSTOM=/etc/gitea
+    volumes:
+      - "./hdd0/gitea:/data"
+      - "./config/gitea:/etc/gitea"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+    labels:
+      - traefik.enable=true
+      # HTTP/S
+      - traefik.http.routers.gitea.rule=Host(`git.bouvais.lu`)
+      - traefik.http.routers.gitea.entrypoints=websecure
+      - traefik.http.routers.gitea.tls.certresolver=myresolver
+      - traefik.http.services.gitea.loadbalancer.server.port=3000
+      # SSH
+      - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)
+      - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
+      - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22
+
+  gitea-runner:
+    image: docker.io/gitea/act_runner:latest
+    container_name: gitea-runner
+    restart: unless-stopped
+    environment:
+      CONFIG_FILE: /config.yaml
+      GITEA_INSTANCE_URL: https://git.bouvais.lu/
+      GITEA_RUNNER_REGISTRATION_TOKEN: jBEK4cLzDp2wqv1Ru3SHyzC0xzl1FV94IcsGe5kd
+    volumes:
+      - ./config/gitea-runner/config.yaml:/config.yaml
+      - ./hdd0/gitea-runner:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./hdd0/mkdocs-sites:/sites
+
+  mkdocs-zippondb:
+    image: squidfunk/mkdocs-material
+    container_name: mkdocs-zippondb
+    restart: unless-stopped
+    volumes:
+      - ./hdd0/mkdocs-sites/zippondb:/docs
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.gitea_runner.rule=Host(`docs.bouvais.lu`)
+      - traefik.http.routers.gitea_runner.entrypoints=websecure
+      - traefik.http.routers.gitea_runner.tls.certresolver=myresolver
+      - traefik.http.routers.gitea_runner.middlewares=auth@docker
+      - traefik.http.services.gitea_runner.loadbalancer.server.port=3000
+
+  registry:
+    image: registry:2
+    container_name: registry
+    restart: unless-stopped
+    environment:
+      - REGISTRY_AUTH_HTPASSWD_REALM=Bouvais Registry
+      - REGISTRY_AUTH_HTPASSWD_PATH=/etc/docker/registry/htpasswd
+      - REGISTRY_HTTP_SECRET=${MASTER_PASSWORD}
+      - REGISTRY_HEALTH_STORAGEDRIVER_ENABLED=true
+      - REGISTRY_STORAGE_DELETE_ENABLED=true
+    volumes:
+      - ./hdd0/registry/data:/var/lib/registry
+      - ./hdd0/registry/htpasswd:/etc/docker/registry/htpasswd:ro
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.registry.rule=Host(`registry.bouvais.lu`)
+      - traefik.http.routers.registry.entrypoints=websecure
+      - traefik.http.routers.registry.tls.certresolver=myresolver 
+      - traefik.http.services.registry.loadbalancer.server.port=5000 
+
+  registry-ui:
+    image: joxit/docker-registry-ui:latest
+    container_name: registry-ui
+    depends_on: [registry]
+    restart: unless-stopped
+    environment:
+      - DELETE_IMAGES=true
+      - REGISTRY_TITLE=Bouvais Docker Registry
+      - NGINX_PROXY_PASS_URL=http://registry:5000
+      - SINGLE_REGISTRY=true
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.registry_ui.rule=Host(`registry-ui.bouvais.lu`)
+      - traefik.http.routers.registry_ui.entrypoints=websecure
+      - traefik.http.routers.registry_ui.tls.certresolver=myresolver 
+      - traefik.http.services.registry_ui.loadbalancer.server.port=80

docker-compose.yml

@@ -1,6 +1,6 @@
 include:
   - apps.yml
-  - gitea.yml
+  - developer.yml
   - llm.yml
   - monitoring.yml
   - vms.yml
@@ -23,6 +23,8 @@ services:
       - "--metrics.prometheus=true"
       - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
       - "--entryPoints.ssh.address=:2101"
+      - "--entrypoints.web.transport.respondingTimeouts.readTimeout=180m"
+      - "--entrypoints.websecure.transport.respondingTimeouts.readTimeout=180m"
       # Logs - Traefik will write its logs to /logs within the container, which maps to /data/logs on host
       - "--accesslog=true"
       - "--accesslog.format=json"
@@ -84,12 +86,9 @@ services:
     image: kopia/kopia:latest
     container_name: kopia
     restart: unless-stopped
-    ports:
-        - 51515:51515
     command:
         - server
         - start
-        #- --disable-csrf-token-checks
         - --insecure
         - --address=0.0.0.0:51515
         - --server-username=adrien
@@ -98,13 +97,12 @@ services:
         KOPIA_PASSWORD: ${MASTER_PASSWORD}
         USER: "adrien"
     volumes:
-        # Mount local folders needed by kopia
         - ./config/kopia:/app/config
         - ./cache/kopia:/app/cache
         - ./hdd0/logs/:/app/logs
-        - ./hdd0:/hdd0 # Mount local folders to snapshot
+        - ./hdd0:/hdd0
-        - ./hdd0_backups/kopia/dir:/repository # Mount repository location
+        - ./hdd0_backups/kopia/dir:/repository
-        - ./hdd0_backups/kopia/shared:/tmp:shared # Mount path for browsing mounted snaphots
+        - ./hdd0_backups/kopia/shared:/tmp:shared
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.kopia.rule=Host(`kopia.bouvais.lu`)"
@@ -112,6 +110,33 @@ services:
       - "traefik.http.routers.kopia.tls.certresolver=myresolver"
       - "traefik.http.services.kopia.loadbalancer.server.port=51515"
 
+  kopia-gcp:
+    image: kopia/kopia:latest
+    container_name: kopia-gcp
+    restart: unless-stopped
+    command:
+        - server
+        - start
+        - --insecure
+        - --address=0.0.0.0:51516
+        - --server-username=adrien
+        - --server-password=${MASTER_PASSWORD}
+    environment:
+        KOPIA_PASSWORD: ${MASTER_PASSWORD}
+        USER: "adrien"
+    volumes:
+        - ./config/kopia-gcp:/app/config
+        - ./cache/kopia-gcp:/app/cache
+        - ./hdd0/logs/gcp:/app/logs
+        - ./hdd0:/hdd0
+        - ./kopia-gcp-key.json:/cred.json
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.kopia_gcp.rule=Host(`kopia-gcp.bouvais.lu`)"
+      - "traefik.http.routers.kopia_gcp.entrypoints=websecure"
+      - "traefik.http.routers.kopia_gcp.tls.certresolver=myresolver"
+      - "traefik.http.services.kopia_gcp.loadbalancer.server.port=51516"
+
   minio:
     image: minio/minio:latest
     container_name: minio

gitea.yml

@@ -1,51 +0,0 @@
-services:
-  gitea:
-    image: "docker.gitea.com/gitea:1.23.8"
-    container_name: gitea
-    restart: unless-stopped
-    environment:
-      - GITEA_CUSTOM=/etc/gitea
-    volumes:
-      - "./hdd0/gitea:/data"
-      - "./config/gitea:/etc/gitea"
-      - "/etc/timezone:/etc/timezone:ro"
-      - "/etc/localtime:/etc/localtime:ro"
-    labels:
-      - "traefik.enable=true"
-      # HTTP/S
-      - "traefik.http.routers.gitea.rule=Host(`git.bouvais.lu`)"
-      - "traefik.http.routers.gitea.entrypoints=websecure"
-      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
-      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
-      # SSH
-      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
-      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
-      - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22"
-
-  gitea-runner:
-    image: docker.io/gitea/act_runner:latest
-    container_name: gitea-runner
-    restart: unless-stopped
-    environment:
-      CONFIG_FILE: /config.yaml
-      GITEA_INSTANCE_URL: https://git.bouvais.lu/
-      GITEA_RUNNER_REGISTRATION_TOKEN: jBEK4cLzDp2wqv1Ru3SHyzC0xzl1FV94IcsGe5kd
-    volumes:
-      - ./config/gitea-runner/config.yaml:/config.yaml
-      - ./hdd0/gitea-runner:/data
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./hdd0/mkdocs-sites:/sites
-
-  mkdocs-zippondb:
-    image: squidfunk/mkdocs-material
-    container_name: mkdocs-zippondb
-    restart: unless-stopped
-    volumes:
-      - ./hdd0/mkdocs-sites/zippondb:/docs
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.gitea.rule=Host(`docs.bouvais.lu`)"
-      - "traefik.http.routers.gitea.entrypoints=websecure"
-      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
-      - "traefik.http.routers.gitea.middlewares=auth@docker"
-      - "traefik.http.services.gitea.loadbalancer.server.port=3000"

llm.yml

@@ -14,18 +14,18 @@ services:
     environment:
       OLLAMA_BASE_URLS: http://ollama:11434
 
-  ollama:
+  # ollama:
-    image: ollama/ollama:latest
+  #   image: ollama/ollama:latest
-    container_name: ollama
+  #   container_name: ollama
-    volumes:
+  #   volumes:
-      - ./hdd0/ollama:/root/.ollama
+  #     - ./hdd0/ollama:/root/.ollama
-    deploy:
+  #   deploy:
-      resources:
+  #     resources:
-        reservations:
+  #       reservations:
-          devices:
+  #         devices:
-            - driver: nvidia
+  #           - driver: nvidia
-              capabilities: ["gpu"]
+  #             capabilities: ["gpu"]
-              count: all
+  #             count: all
 
   openwebui-pipeline:
     image: ghcr.io/open-webui/pipelines:main

vms.yml

@@ -1,17 +1,17 @@
 services:
-  arch-ttyd:
+  arch-cpu:
-    build: 
+    image: registry.bouvais.lu/vms/arch-ttyd-cpu:1.0.0
-      context: .
+    container_name: arch-cpu
-      dockerfile: Dockerfile.arch-ttyd
-    container_name: arch-ttyd
     restart: unless-stopped
     volumes:
       - ./hdd0/vms/arch/data:/data
       - ./hdd0/vms/arch/root:/root
-      - ~/.ssh/id_rsa:/root/.ssh/id_rsa:ro
+    command: >
-    environment:
+      ttyd
-      - TTYD_USERNAME=${TTYD_USERNAME:-admin}
+      -p 7681
-      - TTYD_PASSWORD=${MASTER_PASSWORD:-changeme}
+      -c "${TTYD_USERNAME}:${MASTER_PASSWORD}"
+      -W
+      bash
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.arch.rule=Host(`arch.bouvais.lu`)"
@@ -26,3 +26,35 @@ services:
         reservations:
           cpus: '0.5'
           memory: 256M
+
+  arch-gpu:
+    image: registry.bouvais.lu/vms/arch-ttyd-gpu:1.0.0
+    container_name: arch-gpu
+    restart: unless-stopped
+    volumes:
+      - ./hdd0/vms/arch_gpu/data:/data
+      - ./hdd0/vms/arch_gpu/root:/root
+    command: >
+      ttyd
+      -p 7682
+      -c "${TTYD_USERNAME}:${MASTER_PASSWORD}"
+      -W
+      bash
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.arch_gpu.rule=Host(`arch-gpu.bouvais.lu`)"
+      - "traefik.http.routers.arch_gpu.entrypoints=websecure"
+      - "traefik.http.routers.arch_gpu.tls.certresolver=myresolver"
+      - "traefik.http.services.arch_gpu.loadbalancer.server.port=7682"
+    deploy:
+      resources:
+        limits:
+          cpus: '2.0'
+          memory: 1G
+        reservations:
+          cpus: '0.5'
+          memory: 256M
+          devices:
+            - driver: nvidia
+              capabilities: ["gpu"]
+              count: all