├── Docker ├── Watchtower │ ├── docker-cli │ └── docker-compose.yml ├── Gotify │ └── Run-Gotify-Docker └── 08-docker-compose.txt ├── Paperless-AI └── docker-compose.yml ├── GitLab └── 03-GitLabCICD.md ├── Guacamole └── guacamole ├── Traefik-ReverseProxy └── traefik-example.yml ├── Linux-System-Configs └── .bashrc ├── Paperless-NGX └── docker-compose.yml ├── LoadBalancer └── Create_HA_LB_haproxy_keepalived ├── NUT └── nut-config └── Matrix-Synapse-Element └── README.md /Docker/Watchtower/docker-cli: -------------------------------------------------------------------------------- 1 | docker run \ 2 | --name watchtower \ 3 | -v /var/run/docker.sock:/var/run/docker.sock \ 4 | containrrr/watchtower \ 5 | --run-once --monitor-only NAME-CONTAINER01 NAME-CONTAINER01 6 | 7 | # --label-enable /// If instead you want to only include containers with the enable label, pass the --label-enable flag and set the com.centurylinklabs.watchtower.enable label with a value of true on the containers you want to watch. 8 | # --schedule "0 56 15 * * *" /// Cann't be used with --run-once 9 | -------------------------------------------------------------------------------- /Docker/Watchtower/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | watchtower: 4 | image: containrrr/watchtower 5 | container_name: watchtower 6 | environment: 7 | - WATCHTOWER_NOTIFICATIONS=gotify 8 | - WATCHTOWER_NOTIFICATION_GOTIFY_URL=https://gotify.DOMAIN.ME/ 9 | - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=####################### 10 | volumes: 11 | - /var/run/docker.sock:/var/run/docker.sock 12 | - /etc/localtime:/etc/localtime:ro 13 | restart: unless-stopped 14 | command: --rolling-restart --cleanup --label-enable --debug --schedule "0 0 3 * * 6" 15 | -------------------------------------------------------------------------------- /Paperless-AI/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | paperless-ai: 3 | image: clusterzx/paperless-ai 4 | container_name: paperless-ai 5 | # network_mode: bridge 6 | restart: unless-stopped 7 | cap_drop: 8 | - ALL 9 | security_opt: 10 | - no-new-privileges=true 11 | environment: 12 | - PUID=1000 13 | - PGID=1000 14 | - PAPERLESS_AI_PORT=${PAPERLESS_AI_PORT:-3000} 15 | - RAG_SERVICE_URL=http://localhost:8000 16 | - RAG_SERVICE_ENABLED=true 17 | ports: 18 | - "3001:${PAPERLESS_AI_PORT:-3000}" 19 | volumes: 20 | - /opt/paperless-ai/data:/app/data 21 | 22 | networks: 23 | default: 24 | external: true 25 | name: paperless-frontend 26 | -------------------------------------------------------------------------------- /Docker/Gotify/Run-Gotify-Docker: -------------------------------------------------------------------------------- 1 | docker run -p 8080:80 -e TZ="Europe/Berlin" -e GOTIFY_DEFAULTUSER_PASS="MyDefaultPass123" -v /var/gotify/data:/app/data gotify/server 2 | 3 | version: "3" 4 | 5 | services: 6 | gotify: 7 | image: gotify/server 8 | ports: 9 | - 8080:80 10 | environment: 11 | - TZ=Europe/Berlin 12 | - GOTIFY_DEFAULTUSER_PASS=MyDefaultPass123 13 | volumes: 14 | - "./gotify_data:/app/data" 15 | 16 | curl "https://push.example.de/message?token=" -F "title=my title" -F "message=my message" -F "priority=5" 17 | 18 | 19 | version: "3" 20 | services: 21 | watchtower: 22 | image: containrrr/watchtower 23 | container_name: watchtower 24 | environment: 25 | - WATCHTOWER_NOTIFICATIONS=gotify 26 | - WATCHTOWER_NOTIFICATION_GOTIFY_URL=https://gotify.DOMAIN.ME/ 27 | - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN=####################### 28 | volumes: 29 | - /var/run/docker.sock:/var/run/docker.sock 30 | - /etc/localtime:/etc/localtime:ro 31 | restart: unless-stopped 32 | command: --rolling-restart --cleanup --label-enable --debug 33 | -------------------------------------------------------------------------------- /GitLab/03-GitLabCICD.md: -------------------------------------------------------------------------------- 1 | ### Runner Install 2 | 3 | ``` 4 | curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash 5 | apt-get install gitlab-runner 6 | ``` 7 | 8 | ### GitLab Runner Register 9 | 10 | `gitlab-runner register` 11 | 12 | ### Runner autostart 13 | 14 | `systemctl enable gitlab-runner.service` 15 | 16 | #### Docker Install 17 | 18 | ``` 19 | curl -fsSL https://get.docker.com -o get-docker.sh 20 | sh ./get-docker.sh 21 | ``` 22 | 23 | #### Docker Runner Install and Register 24 | 25 | ``` 26 | docker run -d --name gitlab-runner --restart always \ 27 | -v /srv/gitlab-runner/config:/etc/gitlab-runner \ 28 | -v /var/run/docker.sock:/var/run/docker.sock \ 29 | gitlab/gitlab-runner:latest 30 | 31 | docker run --rm -it -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register 32 | ``` 33 | 34 | ### Ignore SSL Error 35 | ``` 36 | SERVER=gitlab.rom.home 37 | PORT=443 38 | CERTIFICATE=/etc/gitlab-runner/certs/${SERVER}.crt 39 | # Create the certificates hierarchy expected by gitlab 40 | mkdir -p $(dirname "$CERTIFICATE") 41 | # Get the certificate in PEM format and store it 42 | openssl s_client -connect ${SERVER}:${PORT} -showcerts /dev/null | sed -e '/-----BEGIN/,/-----END/!d' | sudo tee "$CERTIFICATE" >/dev/null 43 | # Register your runner 44 | gitlab-runner register --tls-ca-file="$CERTIFICATE" 45 | ``` 46 | -------------------------------------------------------------------------------- /Guacamole/guacamole: -------------------------------------------------------------------------------- 1 | # Pull/Download Docker Images: 2 | docker pull guacamole/guacamole 3 | docker pull guacamole/guacd 4 | docker pull mysql:8.0 5 | 6 | # Create Init DB: 7 | docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql > initdb.sql 8 | 9 | # Import DB: 10 | docker compose up mysql -d 11 | docker exec -i guacmysql mysql -uguacuser -pguacPA55 guacamole < initdb.sql 12 | #TEST: 13 | docker exec -i guacmysql mysql -uguacuser -pguacPA55 guacamole 14 | 15 | # DOCKER COMPOSE: 16 | 17 | version: "3" 18 | services: 19 | mysql: 20 | image: mysql:8.0 21 | container_name: guacmysql 22 | environment: 23 | MYSQL_DATABASE: guacamole 24 | MYSQL_USER: guacuser 25 | MYSQL_PASSWORD: guacPA55 26 | MYSQL_ROOT_PASSWORD: myROOTpa55 27 | volumes: 28 | - ./mysql:/var/lib/mysql 29 | restart: unless-stopped 30 | 31 | guacd: 32 | image: guacamole/guacd 33 | container_name: guacd 34 | restart: unless-stopped 35 | depends_on: 36 | - mysql 37 | 38 | guacamole: 39 | image: guacamole/guacamole 40 | container_name: guacamole 41 | environment: 42 | MYSQL_HOSTNAME: mysql 43 | MYSQL_DATABASE: guacamole 44 | MYSQL_USER: guacuser 45 | MYSQL_PASSWORD: guacPA55 46 | GUACD_HOSTNAME: guacd 47 | ports: 48 | - '8080:8080' 49 | restart: unless-stopped 50 | depends_on: 51 | - mysql 52 | - guacd 53 | 54 | 55 | 56 | Default User & Pass: guacadmin 57 | -------------------------------------------------------------------------------- /Traefik-ReverseProxy/traefik-example.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | reverse-proxy: 5 | image: traefik:v2.10 6 | command: 7 | - "--api.insecure=true" 8 | - "--providers.docker" 9 | - "--providers.docker.exposedByDefault=false" 10 | - "--providers.docker.network=proxynet" 11 | - "--entrypoints.http.address=:80" 12 | # - "--entrypoints.http.http.redirections.entrypoint.to=https" 13 | # - "--entrypoints.http.http.redirections.entrypoint.scheme=https" 14 | - "--entrypoints.https.address=:443" 15 | - "--log.level=DEBUG" 16 | # # Let'sEncrypt 17 | # - "--entrypoints.https.http.tls.certResolver=le" 18 | # - "--certificatesresolvers.le.acme.tlschallenge=true" 19 | # - "--certificatesresolvers.le.acme.email=you@mail.net" 20 | # - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" 21 | ports: 22 | # The HTTP port 23 | - "80:80" 24 | - "443:443" 25 | # The Web UI (enabled by --api.insecure=true) 26 | - "8080:8080" 27 | volumes: 28 | # So that Traefik can listen to the Docker events 29 | - /var/run/docker.sock:/var/run/docker.sock 30 | #- /opt/traefik/letsencrypt:/letsencrypt 31 | # networks: 32 | # - web-proxy 33 | 34 | networks: 35 | default: 36 | name: proxynet 37 | external: true 38 | 39 | 40 | 41 | ############################ Example: NGINX ################################# 42 | version: '3' 43 | services: 44 | nginx: 45 | image: nginx:latest 46 | container_name: nginx 47 | hostname: nginx 48 | 49 | labels: 50 | - "traefik.enable=true" 51 | - "traefik.http.routers.nginx.rule=Host(`nginx.YOUDOMAIN.NET`)" 52 | - "traefik.http.routers.nginx.entrypoints=http" 53 | # - "traefik.http.services.nginx.loadbalancer.server.port=80" 54 | # - "traefik.http.routers.nginx.tls=false" 55 | # ports: 56 | # - "80:80" 57 | 58 | networks: 59 | default: 60 | name: proxynet 61 | external: true 62 | -------------------------------------------------------------------------------- /Linux-System-Configs/.bashrc: -------------------------------------------------------------------------------- 1 | if [[ $- != *i* ]] ; then 2 | # Shell is non-interactive. Be done now! 3 | return 4 | fi 5 | 6 | shopt -s checkwinsize 7 | shopt -s histappend 8 | echo $LANG 9 | 10 | export HISTTIMEFORMAT="%h/%d - %H:%M:%S " 11 | export HISTSIZE=100000 12 | export PS1="\[\u@$(hostname -f): \w\]\$ " 13 | case ${TERM} in 14 | xterm*|rxvt*|Eterm|aterm|kterm|gnome*) 15 | PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' 16 | ;; 17 | screen) 18 | PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"' 19 | ;; 20 | esac 21 | 22 | use_color=true 23 | safe_term=${TERM//[^[:alnum:]]/?} 24 | match_lhs="" 25 | 26 | [[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)" 27 | [[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(/dev/null \ 30 | && match_lhs=$(dircolors --print-database) 31 | [[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true 32 | 33 | if ${use_color} ; then 34 | # Enable colors for ls, etc. Prefer ~/.dir_colors #64489 35 | if type -P dircolors >/dev/null ; then 36 | if [[ -f ~/.dir_colors ]] ; then 37 | eval $(dircolors -b ~/.dir_colors) 38 | elif [[ -f /etc/DIR_COLORS ]] ; then 39 | eval $(dircolors -b /etc/DIR_COLORS) 40 | fi 41 | fi 42 | 43 | if [[ ${EUID} == 0 ]] ; then 44 | ## default prompt 45 | PS1='\[\033[01;31m\]\u\[\033[01;32m\]@$(hostname -f) \w \$\[\033[00m\] ' 46 | else 47 | PS1='\[\033[01;32m\]\u\[\033[01;32m\]@$(hostname -f) \w \$\[\033[00m\] ' 48 | fi 49 | 50 | ## With Git Branch 51 | # PS1="\[\033[01;31m\]\u\[\033[01;32m\]@$(hostname -f) \w \$\[\033[00m\] \[\033[38;5;11m\](\$(git branch 2>/dev/null | grep '^*' | colrm 1 2)) \[\033[01;32m\]\$\[\033[00m\] " 52 | # else 53 | # PS1="\[\033[01;32m\]\u\[\033[01;32m\]@$(hostname -f) \w \$\[\033[00m\] \[\033[38;5;11m\](\$(git branch 2>/dev/null | grep '^*' | colrm 1 2)) \[\033[01;32m\]\$\[\033[00m\] " 54 | # fi 55 | 56 | 57 | alias ls='ls --color=auto' 58 | alias dir='dir --color=auto' 59 | alias grep='grep --colour=auto' 60 | alias ll='ls --color=auto -la' 61 | alias l='ls --color=auto -lA' 62 | else 63 | if [[ ${EUID} == 0 ]] ; then 64 | # show root@ when we do not have colors 65 | PS1='\[\u@$(hostname -f): \w\]\$ ' 66 | else 67 | PS1='\[\u@$(hostname -f): \w\]\$ ' 68 | fi 69 | fi 70 | 71 | PS2='> ' 72 | PS3='> ' 73 | PS4='+ ' 74 | 75 | unset use_color safe_term match_lhs 76 | 77 | # Ubuntu/Debian 78 | [ -r /etc/bash_completion ] && . /etc/bash_completion 79 | 80 | # RedHat 81 | #[ -r /etc/profile.d/bash_completion.sh ] && . /etc/profile.d/bash_completion.sh 82 | -------------------------------------------------------------------------------- /Paperless-NGX/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | broker: 3 | image: docker.io/library/redis:8 4 | container_name: paperless-redis 5 | restart: unless-stopped 6 | volumes: 7 | - ./redisdata:/data 8 | networks: 9 | - paperless-backend 10 | 11 | db: 12 | image: docker.io/library/postgres:17 13 | container_name: paperless-postgres 14 | restart: unless-stopped 15 | volumes: 16 | - ./pgdata:/var/lib/postgresql/data 17 | environment: 18 | POSTGRES_DB: paperless 19 | POSTGRES_USER: paperless 20 | POSTGRES_PASSWORD: paperless 21 | networks: 22 | - paperless-backend 23 | 24 | webserver: 25 | image: ghcr.io/paperless-ngx/paperless-ngx:latest 26 | container_name: paperless-web 27 | restart: unless-stopped 28 | depends_on: 29 | - db 30 | - broker 31 | - gotenberg 32 | - tika 33 | ports: 34 | - "8000:8000" 35 | healthcheck: 36 | test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] 37 | interval: 30s 38 | timeout: 10s 39 | retries: 5 40 | volumes: 41 | - ./data:/usr/src/paperless/data 42 | - ./media:/usr/src/paperless/media 43 | - ./export:/usr/src/paperless/export 44 | - ./consume:/usr/src/paperless/consume 45 | #env_file: docker-compose.env 46 | environment: 47 | PAPERLESS_REDIS: redis://broker:6379 48 | PAPERLESS_DBHOST: db 49 | USERMAP_UID: 1000 50 | USERMAP_GID: 100 51 | PAPERLESS_TIME_ZONE: Europe/Berlin 52 | PAPERLESS_OCR_LANGUAGES: eng deu rus ukr 53 | PAPERLESS_OCR_LANGUAGE: eng+deu 54 | #Tika & Gotenberg: 55 | PAPERLESS_TIKA_ENABLED: 1 56 | PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 57 | PAPERLESS_TIKA_ENDPOINT: http://tika:9998 58 | #Additional: 59 | #PAPERLESS_DBNAME= 60 | #PAPERLESS_DBUSER= 61 | #PAPERLESS_DBPASS= 62 | PAPERLESS_ENABLE_UPDATE_CHECK: true 63 | #consume Subdirs 64 | PAPERLESS_CONSUMER_RECURSIVE: true 65 | PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS: true 66 | #required when using a reverse proxy: 67 | PAPERLESS_URL: https://YOU-DOMAIN.. 68 | #Admin User and Password for K8s & AWS ECS: 69 | #PAPERLESS_ADMIN_USER= 70 | #PAPERLESS_ADMIN_PASSWORD= 71 | networks: 72 | - paperless-backend 73 | - default 74 | 75 | gotenberg: 76 | image: docker.io/gotenberg/gotenberg:8.23 77 | container_name: paperless-gotenberg 78 | restart: unless-stopped 79 | command: 80 | - "gotenberg" 81 | - "--chromium-disable-javascript=true" 82 | - "--chromium-allow-list=file:///tmp/.*" 83 | networks: 84 | - paperless-backend 85 | 86 | tika: 87 | image: ghcr.io/paperless-ngx/tika:latest 88 | container_name: paperless-tika 89 | restart: unless-stopped 90 | networks: 91 | - paperless-backend 92 | 93 | networks: 94 | paperless-backend: 95 | default: 96 | name: paperless-frontend 97 | external: true 98 | -------------------------------------------------------------------------------- /Docker/08-docker-compose.txt: -------------------------------------------------------------------------------- 1 | version: "3.6" 2 | services: 3 | php-app: 4 | image: php:apache 5 | container_name: app 6 | ports: 7 | - '80:80' 8 | restart: unless-stopped 9 | depends_on: 10 | - app-db 11 | - app-redis 12 | networks: 13 | - internet 14 | - localnet 15 | 16 | app-db: 17 | image: postgres 18 | container_name: app-postres 19 | restart: unless-stopped 20 | environment: 21 | - 'POSTGRES_PASSWORD=mysecretpassword' 22 | networks: 23 | - localnet 24 | 25 | app-redis: 26 | image: redis 27 | container_name: app-redis 28 | restart: unless-stopped 29 | networks: 30 | - localnet 31 | 32 | networks: 33 | internet: 34 | name: internet 35 | driver: bridge 36 | localnet: 37 | name: localnet 38 | driver: bridge 39 | 40 | ############ Flame + Heimdall ########## 41 | version: "3.6" 42 | services: 43 | flame: 44 | image: pawelmalak/flame 45 | container_name: flame 46 | ports: 47 | - '5005:5005' 48 | volumes: 49 | - '/opt/flame/data:/app/data' 50 | environment: 51 | - 'PASSWORD=flame_password' 52 | restart: unless-stopped 53 | 54 | heimdall: 55 | image: lscr.io/linuxserver/heimdall:latest 56 | container_name: heimdall 57 | environment: 58 | - PUID=1000 59 | - PGID=1000 60 | - TZ=Europe/Berlin 61 | volumes: 62 | - /opt/heimdall/config:/config 63 | ports: 64 | - 80:80 65 | - 443:443 66 | restart: unless-stopped 67 | 68 | 69 | 70 | ############ Nextcloud ########## 71 | version: '3.5' 72 | services: 73 | db: 74 | image: mariadb:10.5 75 | restart: always 76 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 77 | volumes: 78 | - db:/var/lib/mysql 79 | environment: 80 | - MYSQL_ROOT_PASSWORD=mypasS123root 81 | - MYSQL_PASSWORD=mypasS123 82 | - MYSQL_DATABASE=nextcloud 83 | - MYSQL_USER=nextcloud 84 | 85 | app: 86 | image: nextcloud 87 | restart: always 88 | ports: 89 | - 8080:80 90 | # links: 91 | # - db 92 | volumes: 93 | - nextcloud:/var/www/html 94 | environment: 95 | - MYSQL_PASSWORD=mypasS123 96 | - MYSQL_DATABASE=nextcloud 97 | - MYSQL_USER=nextcloud 98 | - MYSQL_HOST=db 99 | depends_on: 100 | - db 101 | volumes: 102 | nextcloud: 103 | db: 104 | 105 | ############ Wordpress ########## 106 | version: '3.5' 107 | services: 108 | wordpress: 109 | image: wordpress 110 | restart: always 111 | ports: 112 | - 8080:80 113 | environment: 114 | WORDPRESS_DB_HOST: db 115 | WORDPRESS_DB_USER: wordpress 116 | WORDPRESS_DB_PASSWORD: wordpress 117 | WORDPRESS_DB_NAME: wordpress 118 | volumes: 119 | - wordpress:/var/www/html 120 | depends_on: 121 | - db 122 | 123 | db: 124 | image: mysql:5.7 125 | restart: always 126 | environment: 127 | MYSQL_DATABASE: wordpress 128 | MYSQL_USER: wordpress 129 | MYSQL_PASSWORD: wordpress 130 | MYSQL_ROOT_PASSWORD: rootPassDB 131 | volumes: 132 | - db:/var/lib/mysql 133 | 134 | volumes: 135 | wordpress: 136 | db: -------------------------------------------------------------------------------- /LoadBalancer/Create_HA_LB_haproxy_keepalived: -------------------------------------------------------------------------------- 1 | ####################### 2 | ## Install Web Server: 3 | ####################### 4 | apt update 5 | apt install apache2 6 | 7 | 8 | 9 | ####################### 10 | ## Static Web Site: 11 | ####################### 12 | vi /var/www/html/index.html 13 | 14 | 15 | 16 | 17 | Webseite 18 | 35 | 36 | 37 |

Web01

38 |

RomNero

39 | 40 | 41 | 42 | 43 | ################################# 44 | ## Install and config HAproxy 45 | ################################# 46 | apt aptdate 47 | apt install haproxy 48 | systemctl enable haproxy 49 | 50 | vi /etc/haproxy/haproxy.cfg 51 | 52 | ....................... 53 | listen stats 54 | bind 0.0.0.0:8989 55 | mode http 56 | stats enable 57 | stats uri /haproxy_stats 58 | stats realm HAProxy\ Statistics 59 | stats auth admin:pass123 60 | stats admin if TRUE 61 | 62 | 63 | frontend my-web 64 | bind 0.0.0.0:80 65 | default_backend my-web 66 | 67 | backend my-web 68 | balance roundrobin #static-rr leastconn first source uri url_param hdr rdp-cookie 69 | server web01 10.10.40.31:80 check 70 | server web02 10.10.40.32:80 check 71 | 72 | 73 | ################################# 74 | ## Install and config keepalived 75 | ################################# 76 | apt install keepalived 77 | systemctl enable keepalived 78 | 79 | vi /etc/sysctl.conf 80 | net.ipv4.ip_nonlocal_bind=1 81 | #Save 82 | 83 | sysctl -p 84 | 85 | useradd -s /usr/bin/nologin keepalived_script 86 | 87 | #Configuration: 88 | 89 | vi /etc/keepalived/keepalived.conf 90 | 91 | #### NODE01 ################# 92 | global_defs { 93 | router_id lb01 94 | } 95 | 96 | vrrp_script check_haproxy { 97 | script "/usr/bin/systemctl is-active --quiet haproxy" 98 | interval 2 99 | weight 2 100 | } 101 | 102 | vrrp_instance my-web { 103 | state MASTER 104 | interface ens18 105 | virtual_router_id 123 106 | priority 100 107 | advert_int 1 108 | authentication { 109 | auth_type PASS 110 | auth_pass myPass12 111 | } 112 | virtual_ipaddress { 113 | 10.10.40.35 114 | } 115 | track_script { 116 | check_haproxy 117 | } 118 | } 119 | 120 | 121 | #### NODE02 ################# 122 | global_defs { 123 | router_id lb01 124 | } 125 | 126 | vrrp_script check_haproxy { 127 | # script "/usr/bin/killall -0 haproxy" 128 | script "/usr/bin/systemctl is-active --quiet haproxy" 129 | interval 2 130 | weight 2 131 | } 132 | 133 | vrrp_instance my-web { 134 | state BACKUP 135 | interface ens18 136 | virtual_router_id 123 137 | priority 99 138 | advert_int 1 139 | authentication { 140 | auth_type PASS 141 | auth_pass myPass12 142 | } 143 | virtual_ipaddress { 144 | 10.10.40.35 145 | } 146 | track_script { 147 | check_haproxy 148 | } 149 | } 150 | -------------------------------------------------------------------------------- /NUT/nut-config: -------------------------------------------------------------------------------- 1 | lsusb 2 | Bus 001 Device 005: ID 051d:0002 American Power Conversion Uninterruptible Power Supply 3 | 4 | VendorID: 051d 5 | ProductID: 0002 6 | 7 | apt install nut 8 | 9 | #Configurations: /etc/nut/ 10 | 11 | vi /etc/nut/ups.conf 12 | 13 | [] 14 | driver = 15 | desc = "" 16 | port = auto 17 | vendorid = 18 | productid = 19 | 20 | – Replace this block with the name of the driver your UPS expects. 21 | 22 | # Test: 23 | upsdrvctl start 24 | 25 | ###Enable NUT to Be Accessible Outside your Raspberry Pi 26 | vi /etc/nut/upsd.conf 27 | 28 | LISTEN 0.0.0.0 3493 29 | 30 | ### Setting up a NUT User 31 | vi /etc/nut/upsd.users 32 | 33 | 34 | [admin] 35 | password = adminpass 36 | actions = SET 37 | instcmds = ALL 38 | [upsmon_local] 39 | password = pass4upsuser 40 | upsmon master 41 | [upsmon_remote] 42 | password = pass4upsuser 43 | upsmon slave 44 | [monuser] #This is what Synology DSM expects 45 | password = secret #Leave this here. 46 | upsmon slave 47 | 48 | 49 | ### Enable MONITOR: 50 | 51 | vi /etc/nut/upsmon.conf 52 | MONITOR apc@localhost 1 upsmon_local pass4upsuser master 53 | 54 | 55 | vi /etc/nut/nut.conf 56 | MODE=netserver 57 | 58 | 59 | # Verify the configuration: 60 | service nut-server status 61 | service nut-client status 62 | 63 | service nut-server start 64 | service nut-client start 65 | 66 | 67 | # TEST Konfiguration 68 | upsc apc 69 | 70 | ### Web monitoring: 71 | apt install apache2 72 | apt install nut-cgi 73 | 74 | 75 | vi /etc/nut/hosts.conf 76 | 77 | MONITOR apc@localhost "Local UPS" 78 | 79 | a2enmod cgi 80 | service apache2 restart 81 | 82 | http://YOU-IP/cgi-bin/nut/upsstats.cgi 83 | 84 | 85 | vi /etc/nut/upsset.conf 86 | I_HAVE_SECURED_MY_CGI_DIRECTORY 87 | 88 | 89 | ###Connect anothed Debian/Ubuntu/ProxMox 90 | apt update 91 | apt install nut-client 92 | 93 | vi /etc/nut/nut.conf 94 | MODE=netclient 95 | 96 | #Edit /etc/nut/upsmon.conf and add a MONITOR directive: 97 | MONITOR apc@YOUR-SERVER-IP 1 upsmon_remote pass4upsuser slave 98 | RUN_AS_USER root 99 | MINSUPPLIES 1 100 | SHUTDOWNCMD "/sbin/shutdown -h +0" 101 | NOTIFYCMD /usr/sbin/upssched 102 | 103 | POLLFREQ 5 104 | POLLFREQALERT 5 105 | HOSTSYNC 15 106 | DEADTIME 15 107 | 108 | POWERDOWNFLAG /etc/killpower 109 | 110 | NOTIFYMSG ONLINE "UPS %s on line power" 111 | NOTIFYMSG ONBATT "UPS %s on battery" 112 | NOTIFYMSG LOWBATT "UPS %s battery is low" 113 | NOTIFYMSG FSD "UPS %s: forced shutdown in progress" 114 | NOTIFYMSG COMMOK "Communications with UPS %s established" 115 | NOTIFYMSG COMMBAD "Communications with UPS %s lost" 116 | NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding" 117 | NOTIFYMSG REPLBATT "UPS %s battery needs to be replaced" 118 | NOTIFYMSG NOCOMM "UPS %s is unavailable" 119 | NOTIFYMSG NOPARENT "upsmon parent process died - shutdown impossible" 120 | 121 | NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC 122 | NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC 123 | NOTIFYFLAG LOWBATT SYSLOG+WALL 124 | NOTIFYFLAG FSD SYSLOG+WALL+EXEC 125 | NOTIFYFLAG COMMOK SYSLOG+WALL+EXEC 126 | NOTIFYFLAG COMMBAD SYSLOG+WALL+EXEC 127 | NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC 128 | NOTIFYFLAG REPLBATT SYSLOG+WALL 129 | NOTIFYFLAG NOCOMM SYSLOG+WALL+EXEC 130 | NOTIFYFLAG NOPARENT SYSLOG+WALL 131 | 132 | RBWARNTIME 43200 133 | NOCOMMWARNTIME 300 134 | FINALDELAY 5 135 | 136 | ###Start monitoring: 137 | service nut-client start 138 | 139 | #Check ststus: 140 | upsc apc@YOUR-SERVER-IP 141 | 142 | #Auto Shutdown: 143 | vi upssched.conf 144 | 145 | CMDSCRIPT /etc/nut/upssched-cmd 146 | PIPEFN /etc/nut/scheduler/upssched.pipe 147 | LOCKFN /etc/nut/scheduler/upssched.lock 148 | 149 | AT ONBATT * START-TIMER onbatt 30 150 | AT ONLINE * CANCEL-TIMER onbatt online 151 | AT ONBATT * START-TIMER preshutdown 30 152 | AT LOWBATT * EXECUTE onbatt 153 | AT COMMBAD * START-TIMER commbad 30 154 | AT COMMOK * CANCEL-TIMER commbad commok 155 | AT NOCOMM * EXECUTE commbad 156 | AT SHUTDOWN * EXECUTE powerdown 157 | AT SHUTDOWN * EXECUTE powerdown 158 | 159 | 160 | mkdir /etc/nut/scheduler/ 161 | chown -R root.nut scheduler 162 | 163 | ###Script 164 | vi /etc/nut/upssched-cmd 165 | 166 | 167 | #!/bin/sh 168 | case $1 in 169 | onbatt) 170 | logger -t upssched-cmd "UPS running on battery" 171 | ;; 172 | preshutdown) 173 | logger -t upssched-cmd "UPS on battery too long, pre shutdown" 174 | /usr/sbin/upsmon -c fsd 175 | ;; 176 | shutdowncritical) 177 | logger -t upssched-cmd "UPS on battery critical, forced shutdown" 178 | /usr/sbin/upsmon -c fsd 179 | ;; 180 | upsgone) 181 | logger -t upssched-cmd "UPS has been gone too long, can't reach" 182 | ;; 183 | *) 184 | logger -t upssched-cmd "Unrecognized command: $1" 185 | ;; 186 | esac 187 | 188 | chmod +x upssched-cmd 189 | 190 | service nut-client restart 191 | -------------------------------------------------------------------------------- /Matrix-Synapse-Element/README.md: -------------------------------------------------------------------------------- 1 | ### Install Packages: 2 | 3 | * Docker: curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh 4 | * Apache: apt install apache2 5 | * a2enmod proxy rewrite ssl headers proxy_http 6 | 7 | ### Let'sEncrypt: 8 | 9 | apt install certbot 10 | 11 | ### Generate Matrix Config: 12 | 13 | ``` 14 | docker run -it --rm \ 15 | -v "/opt/matrix/synapse:/data" \ 16 | -e SYNAPSE_SERVER_NAME=matrix.DOMAIN.COM \ 17 | -e SYNAPSE_REPORT_STATS=no \ 18 | matrixdotorg/synapse:latest generate 19 | ``` 20 | 21 | #### Change Matrix configuration. postgres database: 22 | 23 | ``` 24 | database: 25 | name: psycopg2 26 | args: 27 | user: synapse 28 | password: STRONGPASSWORD_123654 29 | database: synapse 30 | host: postgres 31 | cp_min: 5 32 | cp_max: 10 33 | ... 34 | #Registration: 35 | enable_registration: false 36 | ``` 37 | 38 | ### Docker Compose 39 | ``` 40 | version: '3.8' 41 | 42 | services: 43 | element: 44 | image: vectorim/element-web:latest 45 | container_name: matrix_element 46 | restart: unless-stopped 47 | volumes: 48 | - ./element-config.json:/app/config.json 49 | ports: 50 | - '127.0.0.1:8088:80' 51 | 52 | synapse: 53 | image: matrixdotorg/synapse:latest 54 | container_name: matrix_synapse 55 | restart: unless-stopped 56 | volumes: 57 | - ./synapse:/data 58 | ports: 59 | - '127.0.0.1:8008:8008' 60 | depends_on: 61 | - postgres 62 | 63 | postgres: 64 | image: postgres:15 65 | container_name: matrix_postgres 66 | restart: unless-stopped 67 | volumes: 68 | - ./postgresdata:/var/lib/postgresql/data 69 | environment: 70 | - POSTGRES_DB=synapse 71 | - POSTGRES_USER=synapse 72 | - POSTGRES_PASSWORD=STRONGPASSWORD_123654 73 | - POSTGRES_INITDB_ARGS=--lc-collate C --lc-ctype C --encoding UTF8 74 | ``` 75 | 76 | 77 | ### SSL Let'sEncrypt 78 | 79 | certbot certonly 80 | 81 | ### Apache Configuration: 82 | 83 | #### Add Ports: 84 | 85 | ``` 86 | vi /etc/apache2/ports.conf 87 | 88 | Listen 8448 89 | 90 | ``` 91 | 92 | #### VirtualHost: 93 | 94 | ``` 95 | 96 | ServerName matrix.youDOMAIN.COM 97 | RewriteEngine On 98 | RewriteCond %{HTTPS} off 99 | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 100 | 101 | 102 | SSLEngine on 103 | ServerName matrix.youDOMAIN.COM 104 | 105 | SSLCertificateFile /etc/letsencrypt/live/matrix.youDOMAIN.COM/fullchain.pem 106 | SSLCertificateKeyFile /etc/letsencrypt/live/matrix.youDOMAIN.COM/privkey.pem 107 | 108 | RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} 109 | AllowEncodedSlashes NoDecode 110 | ProxyPreserveHost on 111 | ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon 112 | ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix 113 | ProxyPass /_synapse/client http://127.0.0.1:8008/_synapse/client nocanon 114 | ProxyPassReverse /_synapse/client http://127.0.0.1:8008/_synapse/client 115 | 116 | 117 | 118 | SSLEngine on 119 | ServerName matrix.youDOMAIN.COM 120 | 121 | SSLCertificateFile /etc/letsencrypt/live/matrix.youDOMAIN.COM/fullchain.pem 122 | SSLCertificateKeyFile /etc/letsencrypt/live/matrix.youDOMAIN.COM/privkey.pem 123 | 124 | 125 | RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} 126 | AllowEncodedSlashes NoDecode 127 | ProxyPass /_matrix http://127.0.0.1:8008/_matrix nocanon 128 | ProxyPassReverse /_matrix http://127.0.0.1:8008/_matrix 129 | 130 | ``` 131 | 132 | ##### Test Sites: 133 | 134 | [https://matrix.youDOMAIN.COM/_matrix/static/] 135 | 136 | [https://federationtester.matrix.org] 137 | 138 | 139 | ### Create Admin-User: 140 | 141 | docker exec -it matrix_synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml 142 | 143 | 144 | 145 | ## ELEMENT WEB 146 | 147 | ### Element Configuration: 148 | 149 | vi element-config.json 150 | 151 | ``` 152 | { 153 | "default_server_config": { 154 | "m.homeserver": { 155 | "base_url": "https://element.youDOMAIN.COM", 156 | "server_name": "element.youDOMAIN.COM" 157 | }, 158 | "m.identity_server": { 159 | "base_url": "https://vector.im" 160 | } 161 | }, 162 | "disable_custom_urls": false, 163 | "disable_guests": false, 164 | "disable_login_language_selector": false, 165 | "disable_3pid_login": false, 166 | "brand": "Element", 167 | "integrations_ui_url": "https://scalar.vector.im/", 168 | "integrations_rest_url": "https://scalar.vector.im/api", 169 | "integrations_widgets_urls": [ 170 | "https://scalar.vector.im/_matrix/integrations/v1", 171 | "https://scalar.vector.im/api", 172 | "https://scalar-staging.vector.im/_matrix/integrations/v1", 173 | "https://scalar-staging.vector.im/api", 174 | "https://scalar-staging.riot.im/scalar/api" 175 | ], 176 | "bug_report_endpoint_url": "https://element.io/bugreports/submit", 177 | "uisi_autorageshake_app": "element-auto-uisi", 178 | "default_country_code": "GB", 179 | "show_labs_settings": false, 180 | "features": { }, 181 | "default_federate": true, 182 | "default_theme": "light", 183 | "room_directory": { 184 | "servers": [ 185 | "matrix.org" 186 | ] 187 | }, 188 | "enable_presence_by_hs_url": { 189 | "https://matrix.org": false, 190 | "https://matrix-client.matrix.org": false 191 | }, 192 | "setting_defaults": { 193 | "breadcrumbs": true 194 | }, 195 | "jitsi": { 196 | "preferred_domain": "meet.element.io" 197 | }, 198 | "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx" 199 | } 200 | ``` 201 | 202 | ### Apache Conf for Element: 203 | 204 | ``` 205 | 206 | ServerName element.youDOMAIN.COM 207 | RewriteEngine On 208 | RewriteCond %{HTTPS} off 209 | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] 210 | 211 | 212 | SSLEngine on 213 | ServerName element.youDOMAIN.COM 214 | 215 | Header set X-Frame-Options SAMEORIGIN 216 | Header set X-Content-Type-Options nosniff 217 | Header set X-XSS-Protection "1; mode=block" 218 | Header set Content-Security-Policy "frame-ancestors 'self'" 219 | 220 | SSLCertificateFile /etc/letsencrypt/live/matrix.youDOMAIN.COM/fullchain.pem 221 | SSLCertificateKeyFile /etc/letsencrypt/live/matrix.youDOMAIN.COM/privkey.pem 222 | 223 | ProxyPreserveHost on 224 | ProxyPass / http://127.0.0.1:8088/ 225 | ProxyPassReverse / http://127.0.0.1:8088/ 226 | 227 | ``` 228 | --------------------------------------------------------------------------------