├── .gitattributes ├── .space └── def.json ├── Apps and Services ├── Cloudflare.md ├── Deluge.md ├── Docker LXC.md ├── Foundry VTT.md ├── General App Installs.md ├── Grocy.md ├── Homepage.md ├── Kiwix.md ├── Kometa (formerly Plex Meta Manager).md ├── MinIO.md ├── Netdata.md ├── Nextcloud.md ├── Nginx Proxy Manager.md ├── Paperless.md ├── Plex.md ├── Portainer.md ├── Restic.md ├── Syncthing (Unraid).md ├── Syncthing.md ├── Tailscale.md ├── UrBackup.md ├── Wiki.js.md ├── Wordpress.md └── YouTube Downloaders.md ├── Backup and Maintenance.md ├── CTs ├── Duplicati CT.md └── Plex CT.md ├── Cheatsheets ├── Cheatsheet.md ├── Google.md ├── Markdown.md ├── VIM.md └── Windows Terminal.md ├── Connections ├── 1Password with SSH.md ├── NFS.md ├── SMB.md └── SSH Setup.md ├── Crontab.md ├── Editors └── VIM.md ├── Email Setup.md ├── GitHub.md ├── Hardware └── UPS.md ├── Homelab (Github).md ├── LICENSE ├── Personalizing ├── YADM.md └── ZSH.md ├── Proxmox ├── Base Proxmox Setup.md └── Proxmox OS.md ├── README.md ├── Raspberry Pi.md ├── Security ├── Fail2ban.md └── General Server Security.md └── Storage └── ZFS.md /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.space/def.json: -------------------------------------------------------------------------------- 1 | {"_filters":[],"_contexts":[],"_links":[],"_sort":{"field":"rank","asc":false,"group":false},"_template":"","_templateName":""} -------------------------------------------------------------------------------- /Apps and Services/Cloudflare.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 01:47 PM 4 | --- 5 | 6 | # Cloudflare Tunnel with App Access via Docker 7 | 8 | This tutorial will allow you to expose an app running on your server to the internet in a secure manner. 9 | 10 | This was setup with my own docker Homepage instance that can be found at `start.mrjohnnycake.com`. I think it will be easier to show the simplicity of tunnel creation by using this site as an example. 11 | 12 | This tutorial assumes you have a Linux server running Docker with Docker Compose v2 (for lower versions please adjust your Docker commands) 13 | 14 | There will be another step you'll want to do after your app is exposed (assuming you want to control who can access your app) and that is adding an authentication method so that only those with proper permission can see your app. This tutorial doesn't cover that but it is easily done thru Cloudflare as well. In the meantime, when you're done with this tutorial, anyone online will be able to see your app / website. 15 | 16 | Note- *There is no need to set any port forwarding rules on your router with this setup* 17 | 18 | ## Steps 19 | 20 | - Login to Cloudflare and click on the domain name you want to work with 21 | - First go to DNS and delete the DNS entries for your domain 22 | - As of my functioning test, I started with zero DNS entries. The 23 | - Next click Access on the left side navigation and click Launch Zero Trust 24 | - Select your account 25 | - Go to Networks --> Tunnels and click Add a tunnel 26 | - Choose "Select Cloudflared" 27 | - Name your tunnel 28 | - Under "Choose your environment" go to the Docker tab and copy the command under "Install and run a connector". Paste it in a notepad or something for now. 29 | - Click Next 30 | - Under Public Hostnames, enter the info for your app you are trying to expose. 31 | - For my Homepage instance, I'll enter `start` under Subdomain and select `mrjohnnycake.com` under the dropdown under Domain 32 | - Under Type I'm selecting HTTP. This doesn't make sense since we want to access the site using HTTPS but choosing that here will cause everything to not work so just go with this for now and you can confirm for yourself later that your app is being exposed with HTTPS. 33 | - Under URL, I entered `192.168.70.160:3005` which is the IP and port my app is at on my server. 34 | - Click Save Tunnel 35 | 36 | Your tunnel is currently inactive because you haven't set up your server yet so let's do that now. 37 | 38 | - Connect to your server via SSH 39 | - We're going to setup the Docker container that will run the tunnel connector on our end. My Docker apps are in `/opt` so that's what I'll be using here but you're free to put your directory wherever you see fit. 40 | - Run these commands (changing `cloudflared-mrjc` to whatever you want to call your directory) 41 | 42 | ``` 43 | sudo mkdir -p /opt/cloudflared-mrjc 44 | 45 | sudo chmod -R 755 /opt/cloudflared-mrjc 46 | 47 | cd /opt/cloudflared-mrjc 48 | ``` 49 | 50 | Alternately, you can combine all of this into one command if you like: 51 | ``` 52 | sudo mkdir -p /opt/cloudflared-mrjc && sudo chmod -R 755 /opt/cloudflared-mrjc && cd /opt/cloudflared-mrjc 53 | ``` 54 | 55 | Create the `compose.yaml` (if you're running Docker Compose v1 you'll want to name it `docker-compose.yaml`) 56 | 57 | ``` 58 | sudo nano compose.yaml 59 | ``` 60 | 61 | Paste this into the file: 62 | ``` 63 | services: 64 | cloudflared-mrjc: 65 | image: cloudflare/cloudflared:latest 66 | container_name: cloudflared-mrjc 67 | command: ["tunnel", "--no-autoupdate", "run", "--token", "${TOKEN}", "--hello-world"] 68 | env_file: 69 | - .env 70 | ``` 71 | 72 | - I've named my tunnel `cloudflared-mrjc` because I have multiple domains I want to use tunnels for so I need to keep track of which is which. So change those two references to whatever you want. 73 | 74 | - Save the file and exit 75 | 76 | Next you need to create the `.env` file to "hide" your token a bit from prying eyes: 77 | ``` 78 | sudo nano .env 79 | ``` 80 | 81 | For this part you'll need that Docker command you copied from Cloudflare. The last part of it is your token so you'll need that now. Paste this in the `.env` file and replace "your-token" with the token found in that Cloudflare command: 82 | ``` 83 | TOKEN="your-token" 84 | ``` 85 | 86 | My .env file looks like this (using a changed token here for my privacy): 87 | ``` 88 | TOKEN=eyJhIjoiMjdmABCDEFGmM2M2YTYxMDU0NTM1ZmY4Nzc2NWEwNmYiLCJ0IjoiNDBlNTU4OWQtMWRmYi00MzVhLWI1234567DEzNDEwMmQwIiwicyI6Ik1qSTVZek5oWkdVdE56WTJOQzAwTURKakxUbGhObVXYZqUmpaakJrWVRVMSJ9 89 | ``` 90 | 91 | - Save the file and exit 92 | 93 | Now we need to spin up the Docker container: 94 | ``` 95 | sudo docker compose up --build -d 96 | ``` 97 | 98 | - If you get a "mapping" error it means something is wrong with the compose file formatting. It's almost always a space or tabbing issue. Play around with it and try again. 99 | 100 | Now we just want to check the Docker log to see if everything looks good: 101 | ``` 102 | sudo docker logs cloudflared-mrjc 103 | ``` 104 | 105 | - As long as you don't see any errors you should be good 106 | 107 | Now go back to the Cloudflare Tunnels page and hit refresh. You should see that your tunnel is up and healthy. 108 | 109 | As one more thing to check, go back to the DNS records for your domain. You'll see that Cloudflare has created a new DNS record that points to the tunnel you just setup. Clever. 110 | 111 | That's it. If you have any problems I suggest emptying Cloudflare's cache of your domain by going to Cloudflare --> your.domain --> Overview --> Configure Caching --> Purge Everything. 112 | 113 | 114 | ## Adding Additional Apps 115 | 116 | So you've setup your first app with Cloudflare Tunnel and you want to add another one. No problem. 117 | 118 | Just go back to the tunnel you just created and selecting Configure from the "three dots" menu and click Add a public hostname. Do what you did before, changing the subdomain and URL as needed. 119 | 120 | - Note- You have to use the same domain for this tunnel. I you want to use a different domain you'll have to create another tunnel for that purpose. Just follow the same steps and name it something different 121 | 122 | 123 | 124 | 125 | # DNS Settings 126 | 127 | Should like something like this without a tunnel: 128 | 129 | ``` 130 | -A       domain.com    public IP (using What's My IP) 131 | 132 | -CNAME       www               public IP (What's My IP) 133 | 134 | -CNAME   subdomain             domain.com 135 | ``` 136 | 137 | * All of the orange proxied sliders can be on 138 | 139 | * Until you get it working, you can put the domain into developer mode, if you'd like. 140 | * At the time of this writing, it's under domain.name --> Overview 141 | 142 | 143 | After setting up the tunnel it should look like this: 144 | 145 | ``` 146 | -CNAME    domain.com    2XX2cn0-a2fd-XXXX-XXXX-2b76XXXde6.cfargotunnel.com 147 | 148 | -CNAME    www               domain.com 149 | 150 | -CNAME   othersubdomain             domain.com 151 | ``` 152 | 153 | * the main tunnel cname will say something about flattening and that's fine 154 | 155 | 156 | 157 | 158 | # App Authentication 159 | 160 | For my needs, I'm going to create a policy where whenever I or anyone else first connects to my Homepage instance at `start.mrjohnnycake.com` they will be presented with a Cloudflare form to enter their email address. If their email address has been approved by me they'll get an email where they can click a link and be granted access for one month before they'll have to do it over. 161 | 162 | It's easy to do. 163 | 164 | * Login to Cloudflare 165 | * Select your domain 166 | * Click Access on the sidebar then Launch Zero Trust 167 | * Select your account 168 | * Click Access --> Applications --> Add an application 169 | * Select Self Hosted 170 | 171 | Under Application Configuration: 172 | - Enter the name of your app under Application name, the amount of time you want the access to last under Session Duration, your subdomain (if any), and your domain name. 173 | 174 | I everything else as default on this page and click Next 175 | 176 | On the Add Policies page: 177 | - I'm going to name my Policy "Email" 178 | - I select Allow under Action because I want approved emails to be allowed to see the site 179 | - I set the Session Duration to 1 month because I don't want to be doing this all the time and it's a pretty low security risk app as it stands already 180 | - Under Configure Rules, I'm going to select Emails under Selector and then in Value I'm going to enter my email because that's me and I want to access my own page. 181 | - If there's anyone else you want to be able to access you app you can enter their emails here and just hit Enter after each one 182 | - Click Next on the bottom of the page 183 | 184 | On the Setup page: 185 | - I don't think I need any of this stuff so I just click Add Application on the bottom of the page 186 | 187 | Now go to your app / website. You'll be greeted by a login code page and you'll need to enter your email and then click Send me a code 188 | 189 | Now go to your email and go the email you just received from Cloudflare. You have two choices here: 190 | - You can copy the code and go back and paste it into the Cloudflare page 191 | - Or you can be lazy like me and just click the link because that's what I usually do. Just close that Cloudflare page because you won't need it for another month 192 | 193 | Either choice you choose you'll be allowed to see your app / website. 194 | 195 | That's it. 196 | 197 | 198 | Note- *I leave this policy off (or just not setup) for apps that already have their own built-in or third party authentication methods (Google auth, Plex auth, etc.)* 199 | 200 | 201 | -------------------------------------------------------------------------------- /Apps and Services/Deluge.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 01:49 PM 4 | --- 5 | I gave up on torrenting because I had a hard time getting Deluge and Gluetun to work together. Consider this note a starting off point only. 6 | 7 | ## Install ## 8 | 9 | ``` 10 | version: "2.1" 11 | services: 12 | deluge: 13 | image: lscr.io/linuxserver/deluge:latest 14 | container_name: deluge 15 | network_mode: "container:gluetun" 16 | environment: 17 | - PUID=1010 18 | - PGID=1000 19 | - TZ=America/Los_Angeles 20 | - DELUGE_LOGLEVEL=error #optional 21 | volumes: 22 | - /docker/appdata/deluge:/config 23 | - /mnt/Downloads/torrents:/torrents/:rw 24 | restart: unless-stopped 25 | ``` 26 | 27 | - ports are handled through Gluetun 28 | - Torrents folder doesn't have any subfolders 29 | 30 | 31 | ## App Settings ## 32 | 33 | - IMPORTANT!!! You need to select the default connection and click connect for this all to work properly. If not, the settings won't be saved and plugins won't show up and it just won't work. 34 | 35 | Connection Manager 36 | ``` 37 | Host: 127.0.0.1 38 | Port: 58846 39 | Username: localclient 40 | Password: [blank] 41 | ``` 42 | 43 | Preferences 44 | 45 | * Downloads 46 | ``` 47 | Download to: /torrents 48 | Pre-allocate disk space checked 49 | ``` 50 | 51 | * Network 52 | ``` 53 | Incoming Address: 10.5.112.7 54 | Incoming Port: 6881 (random port unchecked) 55 | Outgoing Interface: tun0 56 | Outgoing Ports: 58946 (random port unchecked) 57 | Network Extras: all checked 58 | Peer TOS Byte: 0x00 59 | ``` 60 | 61 | * Encryption 62 | ``` 63 | Incoming and Outgoing: Enabled 64 | Level: Either 65 | ``` 66 | 67 | * Bandwidth 68 | ``` 69 | Global 70 | Max Connections: 1200 71 | Max Upload Slots: 14 72 | Max DL Speed: 30000 73 | Max Upload Speed: 5001 74 | Max Half Open: 50 75 | Max Attempts p/s: 20 76 | 77 | Ignore limits and Rate limit both checked 78 | 79 | Per Torrent 80 | Max Connections: 96 81 | Max Upload Slots: -1 82 | Max DL Speed: -1 83 | Max Upload Speed: -1 84 | ``` 85 | * Interface 86 | ``` 87 | Allow the use... checked 88 | Set the password if haven't already 89 | Session Timeout: 3600 90 | Port: 8112 91 | ``` 92 | * Daemon 93 | ``` 94 | Port: 58846 95 | Allow Remote Connections: checked 96 | ``` 97 | * Queue 98 | ``` 99 | Active 100 | Total: 5 101 | Downloading: 5 102 | Seeding: 3 103 | 104 | Ignore and Prefer checked 105 | 106 | Seeding 107 | Share Ratio: 1 108 | Time Ratio: 6.3 109 | Time: 180 110 | 111 | Share Ratio: checked / 0.1 112 | Remove torrent checked 113 | ``` 114 | * Plug-ins 115 | ``` 116 | Label checked 117 | ``` 118 | 119 | * Side Filters Panel -> Labels -> Right click and create labels 120 | * need books, complete, movies, music, shows 121 | * The right click Options menu has all empty and unchecked options 122 | 123 | -------------------------------------------------------------------------------- /Apps and Services/Docker LXC.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 01:52 PM 4 | --- 5 | I don't really use LXC much anymore (just a personal thing) so that part of these notes might be outdated but I still use the Portainer part. 6 | # LXC Install # 7 | 8 | **[https://theorangeone.net/posts/docker-in-lxc/](https://theorangeone.net/posts/docker-in-lxc/)** 9 | 10 | ## Create CT ## 11 | * Set host name, check unprivileged & nesting, set password 12 | * local storage, ubuntu 20.04 13 | * storage- local-zfs, disk size varies by project 14 | * set cores 15 | * set memory 16 | * set IPv4 and 6 to DHCP 17 | * Leave start after finished unchecked 18 | * After it builds, go into container-->options-->features and check keyctl 19 | * Start the container 20 | 21 | 22 | ## Setup Environment ## 23 | 24 | Windows Terminal: 25 | 26 | ``` 27 | lxc-attach --name 100 28 | ``` 29 | 30 | ``` 31 | sudo apt install docker.io docker-compose net-tools -y 32 | 33 | sudo systemctl enable docker 34 | 35 | sudo systemctl start docker 36 | ``` 37 | 38 | * Reboot the container via the GUI 39 | 40 | * Give it a static IP in Unifi Controller-->Client Devices 41 | -------------------------------------------------------------------------------- /Apps and Services/Foundry VTT.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 01:57 PM 4 | --- 5 | # Install 6 | 7 | ``` 8 | sudo useradd -u 421 -M -s /usr/sbin/nologin foundry 9 | 10 | sudo usermod -aG docker foundry 11 | 12 | sudo usermod -aG foundry dave 13 | ``` 14 | 15 | 16 | ```yml 17 | version: "3.8" 18 | 19 | services: 20 | foundry: 21 | image: felddy/foundryvtt:release 22 | container_name: foundry-vtt 23 | hostname: foundryvtt 24 | volumes: 25 | - /docker/appdata/foundry-vtt:/data 26 | - /mnt/FoundryVTT:/data/Data 27 | environment: 28 | - FOUNDRY_PASSWORD=your-password 29 | - FOUNDRY_USERNAME=your-username 30 | - FOUNDRY_ADMIN_KEY=admin-password 31 | - CONTAINER_PRESERVE_CONFIG=true 32 | - PUID=1010 33 | - PGID=1000 34 | - TZ=America/Los_Angeles 35 | ports: 36 | - 30000:30000/tcp 37 | restart: unless-stopped 38 | ``` 39 | -------------------------------------------------------------------------------- /Apps and Services/Grocy.md: -------------------------------------------------------------------------------- 1 | # Install 2 | 3 | ```yaml 4 | version: "2.1" 5 | services: 6 | grocy: 7 | image: lscr.io/linuxserver/grocy:latest 8 | container_name: grocy 9 | environment: 10 | - PUID=1000 11 | - PGID=1000 12 | - TZ=America/Los_Angeles 13 | volumes: 14 | - /docker/appdata/grocy:/config 15 | ports: 16 | - 9283:80 17 | restart: unless-stopped 18 | ``` 19 | 20 | # Product Groups 21 | 22 | ``` 23 | Alcohol / Bar 24 | Baked Goods 25 | Beverages 26 | Bulk 27 | Canned & Jar Foods 28 | Cereals 29 | Cleaning Products 30 | Coffee & Tea 31 | Dairy & Eggs 32 | Daycare 33 | Frozen Meals 34 | Health & Hygiene 35 | Meat 36 | Miscellaneous 37 | Oils and Sauces 38 | Pets 39 | Produce 40 | Snacks 41 | Spices 42 | Sweets 43 | ``` 44 | -------------------------------------------------------------------------------- /Apps and Services/Homepage.md: -------------------------------------------------------------------------------- 1 | --- 2 | tags: 3 | - Homelabbing 4 | --- 5 | # To Do's 6 | 7 | - [ ] #homepage-app https://gethomepage.dev/v0.7.0/widgets/services/homeassistant/ #Homelabbing 8 | - [ ] #homepage-app https://gethomepage.dev/v0.7.0/widgets/services/paperlessngx/ #Homelabbing 9 | - [ ] #homepage-app https://gethomepage.dev/v0.7.0/widgets/services/changedetectionio/ #Homelabbing 10 | - [ ] #homepage-app https://gethomepage.dev/v0.7.0/widgets/services/urbackup/ #Homelabbing 11 | - [ ] #homepage-app https://gethomepage.dev/v0.7.0/widgets/services/plex-tautulli/ #Homelabbing 12 | - [ ] #homepage-app Need to figure out how to monitor VMs #Homelabbing 13 | - [ ] #homepage-app Need to figure out how to hide REFRESH icon and VERSION NUMBER #Homelabbing 14 | - [ ] #homepage-app I need something to monitor ZFS pool(s). Maybe Glances? #Homelabbing 15 | - [ ] #homepage-app Get Paperless stats working #Homelabbing 16 | - [ ] #homepage-app Figure out Docker integration #Homelabbing 17 | - Needs to be secure 18 | - Needs to support multiple VMs 19 | - [ ] #homepage-app AFTER EVERYTHING IS SETUP, decide on a working layout #Homelabbing 20 | ##### Wants / Requests 21 | - CSS support 22 | - Hide certain labels 23 | - Additional pages like Homer 24 | - Click on Informational Widgets 25 | 26 | 27 | # Installation 28 | 29 | ```yaml 30 | version: "3.3" 31 | services: 32 | homepage: 33 | image: ghcr.io/benphelps/homepage:latest 34 | container_name: homepage 35 | environment: 36 | - PUID=1000 37 | - PGID=1000 38 | ports: 39 | - 3005:3000 40 | volumes: 41 | - /docker/appdata/homepage/config:/app/config 42 | - /docker/appdata/homepage/public/images:/app/public/images 43 | - /mnt/Homepage/icons:/app/public/icons 44 | # - /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integration 45 | restart: unless-stopped 46 | ``` 47 | 48 | 49 | ## Custom Icons Folder 50 | - Note the volume `/mnt/Homepage/icons:/app/public/icons` in the docker stack above 51 | - The /mnt/homepage directory and subsequent icons directory should be `755` and `dave:administrator` 52 | - You may find that Homepage changes the ownership back to `administrator:administrator` but that's fine. You can change them back next time you need to upload icons (see below). 53 | - The icon files themselves should be `644` 54 | 55 | #### Uploading icons 56 | - Before connecting to the SMB share we need to update the folder ownership as Homepage has a tendency to change it 57 | ``` 58 | sudo chown -R dave:administrator /mnt/Homepage/icons 59 | ``` 60 | - Now connect to the Websites SMB share (should be in the left hand list in Windows Explorer) 61 | - Upload the icons you've downloaded or created to the `/mnt/Homepage/icons` folder 62 | - Change the permissions for the files you just uploaded 63 | ``` 64 | sudo chmod -R 644 /mnt/Homepage/icons/* 65 | ``` 66 | - Now you need to recreate the container so that the icons show up 67 | - Go to Portainer and in the Websites container settings for Homepage click on "Recreate" 68 | 69 | 70 | # Configuration # 71 | 72 | #### settings.yaml 73 | 74 | ``` 75 | --- 76 | # For configuration options and examples, please see: 77 | # https://gethomepage.dev/en/configs/settings 78 | 79 | title: New Tab 80 | theme: dark # or light 81 | color: stone 82 | target: _self 83 | 84 | layout: 85 |   Proxmox: 86 |     style: row 87 |     columns: 3 88 |   VMs: 89 |     style: row 90 |     columns: 5 91 |   Portainer: 92 |     style: row 93 |     columns: 4 94 | 95 | # target: _self (uncomment this after finished testing) 96 | ``` 97 | 98 | 99 | #### services.yaml 100 | 101 | ``` 102 | # For configuration options and examples, please see: 103 | # https://gethomepage.dev/en/configs/services 104 | 105 | - Proxmox: 106 |     - Tom-Servo: 107 |         icon: proxmox.png 108 |         href: https://192.168.10.5:8006/ 109 |         # description: Node 1 110 |         widget: 111 |           type: proxmox 112 |           fields: ["cpu", "mem"] 113 |           url: https://192.168.10.5:8006 114 |           username: api@pam!homepage 115 |           password: my-api-password 116 | 117 |     - Crow: 118 |         icon: proxmox.png 119 |         href: https://192.168.10.10:8006/ 120 |         # description: Node 2 121 |         widget: 122 |           type: proxmox 123 |           fields: ["cpu", "mem"] 124 |           url: https://192.168.10.10:8006 125 |           username: api@pam!homepage 126 |           password: my-api-password 127 | 128 |     - Gypsy: 129 |         icon: proxmox.png 130 |         href: https://192.168.10.8:8006/ 131 |         # description: Backup storage 132 |         widget: 133 |           type: proxmox 134 |           fields: ["cpu", "mem"] 135 |           url: https://192.168.10.8:8006 136 |           username: api@pam!homepage 137 |           password: my-api-password 138 | 139 | - Network: 140 |     - Unifi: 141 |         icon: unifi.png 142 |         href: https://192.168.1.1/network/default/dashboard 143 |         # description:       144 |         widget: 145 |           type: unifi 146 |           url: https://192.168.1.1 147 |           username: my-username 148 |           password: my-password 149 | 150 |     - NxFilter: 151 |         icon: nxfilter.png 152 |         href: http://192.168.10.11/dashboard.jsp 153 | 154 |     - Speedtest: 155 |         icon: speedtest-tracker.png 156 |         href: http://192.168.70.170:8765/ 157 |         # description: 158 |         widget: 159 |           type: speedtest 160 |           url: http://192.168.70.170:8765 161 | 162 |     - Cloudflare: 163 |         icon: cloudflare.png 164 |         href: https://dash.cloudflare.com/ 165 | 166 |     - Cloudflare Zero Trust: 167 |         icon: cloudflare-zero-trust.png 168 |         href: https://one.dash.cloudflare.com/ 169 | 170 |     - Tailscale: 171 |         icon: tailscale.png 172 |         href: https://login.tailscale.com/admin/machines 173 | 174 |     # - Gluetun: 175 |           # icon: gluetun.png 176 |           # widget: 177 |             # type: gluetun 178 |             # url: http://192.168.40.40:6881/ 179 | 180 | - Services: 181 |     - Portainer: 182 |         icon: portainer.png 183 |         href: http://192.168.70.200:9000/ 184 |         # description: environment 185 |         widget: 186 |           type: portainer 187 |           fields: ["running", "stopped"] 188 |           url: http://192.168.70.200:9000 189 |           env: 2 190 |           key: my-portainer-key 191 | 192 |     - PiKVM: 193 |         icon: pikvm.png 194 |         href: https://192.168.10.14/ 195 |         # description: 196 | 197 |     - Home Assistant: 198 |         icon: home-assistant.png 199 |         href: http://home-assistant.local:8123/lovelace/0 200 |         # description: 201 | 202 |     - NZBGet: 203 |         icon: nzbget.png 204 |         href: http://192.168.40.45:6789/ 205 |         # description: 206 |         widget: 207 |           type: nzbget 208 |           url: http://192.168.40.45:6789 209 |           username: my-nzbget-username 210 |           password: my-nzbget-password 211 | 212 |     - GitHub: 213 |         icon: github-light 214 |         href: https://github.com/mrjohnnycake 215 | 216 | - Media: 217 |     - Plex: 218 |         icon: plex.png 219 |         href: http://192.168.70.70:32400/web/index.html 220 |         # description: environment 221 |         widget: 222 |           type: plex 223 |           url: http://192.168.70.70:32400 224 |           key: my-plex-token # see https://www.plexopedia.com/plex-media-server/general/plex-token/ 225 | 226 |     - YouTube: 227 |         icon: youtube.png 228 |         href: https://www.youtube.com/ 229 |         # description: environment 230 | 231 |     - YouTube Music: 232 |         icon: youtube-music.png 233 |         href: https://music.youtube.com/ 234 |         # description: environment 235 | 236 |     - Pocket Casts: 237 |         icon: /icons/pocket-casts.png 238 |         href: https://play.pocketcasts.com/podcasts 239 |         # description: environment 240 | 241 |     - Audible: 242 |         icon: /icons/audible.png 243 |         href: https://www.audible.com/ 244 |         # description: environment 245 | 246 |     - Kindle: 247 |         icon: /icons/kindle.png 248 |         href: https://read.amazon.com/kindle-library 249 |         # description: environment 250 | 251 | - Something: 252 |     - Tautulli: 253 |         icon: tautulli.png 254 |         href: https://mysubdomain.mydomain.com/ 255 |         # description: environment 256 |         widget: 257 |           type: tautulli 258 |           url: http://192.168.70.170:8181 259 |           key: my-tautulli-api-key 260 | 261 |     - Overseerr: 262 |         icon: overseerr.png 263 |         href: https://mysubdomain.mydomain.com/ 264 |         # description: environment 265 |         widget: 266 |           type: overseerr 267 |           fields: ["pending", "available", "processing"] 268 |           url: http://192.168.70.170:5055 269 |           key: my-overseer-key 270 | 271 |     - JustWatch: 272 |         icon: /icons/justwatch.png 273 |         href: https://www.justwatch.com/ 274 | 275 |     - IMDb: 276 |         icon: /icons/imdb.png 277 |         href: https://www.imdb.com/?ref_=nv_home 278 | 279 |     - Goodreads: 280 |         icon: /icons/goodreads.png 281 |         href: https://www.goodreads.com/ 282 | 283 | - Media 2: 284 |     - Radarr: 285 |         icon: radarr.png 286 |         href: http://192.168.40.45:7878/ 287 |         # description: movie manager 288 |         widget: 289 |           type: radarr 290 |           fields: ["wanted", "missing", "queued"] 291 |           url: http://192.168.40.45:7878 292 |           key: my-radarr-key (I think its the API key?) 293 | 294 |     - Sonarr: 295 |         icon: sonarr.png 296 |         href: http://192.168.40.45:8989/ 297 |         # description: show manager 298 |         widget: 299 |           type: sonarr 300 |           fields: ["wanted", "queued"] 301 |           url: http://192.168.40.45:8989 302 |           key: my-sonarr-key (I think its the API key?) 303 | 304 |     - Lidarr: 305 |         icon: lidarr.png 306 |         href: http://192.168.40.45:8686/ 307 |         # description: show manager 308 |         widget: 309 |           type: lidarr 310 |           fields: ["wanted", "queued"] 311 |           url: http://192.168.40.45:8686 312 |           key: my-lidarr-key (I think its the API key?) 313 | 314 |     - Readarr: 315 |         icon: readarr.png 316 |         href: http://192.168.40.45:8787/ 317 |         # description: show manager 318 |         widget: 319 |           type: readarr 320 |           fields: ["wanted", "queued"] 321 |           url: http://192.168.40.45:8787 322 |           key: my-readarr-key (I think its the API key?) 323 | 324 |     - Bazarr: 325 |         icon: bazarr.png 326 |         href: http://192.168.40.45:6767/ 327 |         widget: 328 |           type: bazarr 329 |           fields: ["missingEpisodes", "missingMovies"] 330 |           url: http://192.168.40.45:6767 331 |           key: my-bazarr-key (I think its the API key?) 332 | 333 | - Websites: 334 |     - Blog: 335 |         icon: ghost.png 336 |         href: https://mydomain.com/ 337 | 338 |     - Business Site: 339 |         icon: /icons/business-name.png 340 |         href: https://my-business-domain.com/ 341 |         # description: 342 | 343 |     - Wiki.js: 344 |         icon: wikijs.png 345 |         href: https://my-optional-subdomain.mydomain.com/ 346 |         # description: 347 | 348 |     - Paperless: 349 |         icon: paperless.png 350 |         href: https://my-optional-subdomain.mydomain.com/ 351 |         description: Receipt organizer 352 |         server: websites-docker # The docker server that was configured 353 |         container: paperless-ngx # The name of the container you'd like to connect 354 | 355 |     - Kiwix: 356 |         icon: kiwix.png 357 |         href: http://192.168.40.105:8888/ 358 |         # description: 359 | 360 |     - Foundry VTT: 361 |         icon: foundry-vtt.png 362 |         href: https://my-optional-subdomain.mydomain.com/join 363 |         # description: 364 | 365 | - Monitoring and Alerts: 366 |     - Powerschool: 367 |         icon: /icons/powerschool.png 368 |         href: https://powerschool.my-kids-school-district.org/guardian/home.html 369 | 370 |     - Netdata: 371 |         icon: netdata.png 372 |         href: https://app.netdata.cloud/spaces/myusername-space/rooms/all-nodes/home 373 |         # description: 374 | 375 |     - Gotify: 376 |         icon: gotify.png 377 |         href: https://my-optional-subdomain.mydomain.com/ 378 |         # description: 379 |         widget: 380 |           type: gotify 381 |           url: https://my-optional-subdomain.mydomain.com 382 |           key: my-key 383 | 384 |     - Changedetection.io: 385 |         icon: changedetection-io.png 386 |         href: http://192.168.70.170:5000/ 387 |         # description: 388 | 389 |     - UrBackup: 390 |         icon: urbackup.png 391 |         href: http://192.168.10.8:55414/ 392 |         # description: 393 | 394 |     - Syncthing: 395 |         icon: syncthing.png 396 |         href: https://192.168.40.105:8384/ 397 |         # description: 398 | 399 |     - APC UPS: 400 |         icon: apc.png 401 |         href: http://192.168.40.249 402 |         # description: 403 | 404 |     - Powerchute: 405 |         icon: /icons/powerchute.png 406 |         href: https://192.168.10.5:6547/index.html 407 |         description: change last pair to 10 for Crow instance 408 | 409 |     - Nest Doorbell: 410 |         icon: /icons/nest.png 411 |         href: https://home.nest.com/home/my-unique-number 412 | ``` 413 | 414 | #### widgets.yaml #### 415 | 416 | ``` 417 | # For configuration options and examples, please see: 418 | # https://gethomepage.dev/en/configs/widgets 419 | 420 | # - resources: 421 | #     cpu: true 422 | #     memory: true 423 | #     disk: / 424 | 425 | # - unifi_console: 426 | #     url: https://192.168.1.1 427 | #     username: 428 | #     password: 429 | 430 | # - glances: 431 | #   url: http://192.168.70.170:61208 432 | #     username: [username] # optional if auth enabled in Glances 433 | #     password: [password] # optional if auth enabled in Glances 434 | #     label: MyMachine # optional 435 | 436 | - openmeteo: 437 |   # label: My-City-Name # optional 438 |     latitude: my coordinate number 439 |     longitude: my coordinate number 440 |     timezone: America/Los_Angeles # optional 441 |     units: imperial 442 |     cache: 5 # Time in minutes to cache API responses, to stay within limits 443 | 444 | # https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Intl/DateTimeFormat/DateTimeFormat 445 | - datetime: 446 |     locale: en 447 |     format: 448 |       weekday: long 449 |       month: long 450 |       day: 2-digit 451 |       year: numeric 452 | ``` 453 | 454 | 455 | #### bookmarks.yaml 456 | 457 | ``` 458 | # For configuration options and examples, please see: 459 | # https://gethomepage.dev/en/configs/bookmarks 460 | 461 | - News: 462 |     - LoCO: 463 |         - icon: /icons/loco.png 464 |           href: https://loco.com/ 465 |     - KK: 466 |         - icon: /icons/kK.png 467 |           href: https://news-blog-from-southern-part-of-my-county.com/ 468 |     - NCJ: 469 |         - icon: /icons/ncj.png 470 |           href: https://www.ncj.com/ 471 |     - Google News: 472 |         - icon: google.png 473 |           href: https://news.google.com/home?hl=en-US&gl=US&ceid=US:en 474 |     - Drudge Report: 475 |         - icon: /icons/drudge-report.png 476 |           href: https://www.drudgereport.com/ 477 |     - ESPN: 478 |         - icon: /icons/espn.png 479 |           href: https://www.espn.com/ 480 |     - CNBC: 481 |         - icon: /icons/cnbc.png 482 |           href: https://www.cnbc.com/ 483 |     - KRON4: 484 |         - icon: /icons/kron4.png 485 |           href: https://www.kron4.com/ 486 |     - Al Jazeera: 487 |         - icon: /icons/al-jazeera.png 488 |           href: https://www.aljazeera.com/ 489 | 490 | - Reading: 491 |     - Gizmodo: 492 |         - icon: /icons/gizmodo.png 493 |           href: https://gizmodo.com/ 494 |     - The Next Web: 495 |         - icon: /icons/the-next-web.png 496 |           href: https://thenextweb.com/ 497 |     - Electrek: 498 |         - icon: /icons/electrek.png 499 |           href: https://electrek.co/ 500 |     - The Onion: 501 |         - icon: /icons/the-onion.png 502 |           href: https://www.theonion.com/ 503 |     - Untapped Brilliance: 504 |         - icon: /icons/untapped-brilliance.png 505 |           href: https://untappedbrilliance.com/ 506 |     - Energy Storage News: 507 |         - icon: /icons/energy-storage-news.png 508 |           href: https://www.energy-storage.news/ 509 | 510 | - Social: 511 |     - Reddit: 512 |         - icon: reddit.png 513 |           href: https://reddit.com/ 514 |     - Facebook: 515 |         - icon: facebook.png 516 |           href: https://www.facebook.com/ 517 |     - Instagram: 518 |         - icon: instagram.png 519 |           href: https://www.instagram.com/ 520 |     - Threads: 521 |         - icon: /icons/threads.png 522 |           href: https://www.threads.net/ 523 |     - Nextdoor: 524 |         - icon: /icons/nextdoor.png 525 |           href: https://nextdoor.com/news_feed/ 526 |     - Mastodon: 527 |         - icon: mastodon.png 528 |           href: https://link.com 529 | 530 | - Emergency: 531 |     - Recent Quakes: 532 |         - icon: /icons/usgs.png 533 |           href: https://earthquake.usgs.gov/earthquakes 534 |     - Zonehaven: 535 |         - icon: /icons/zonehaven-aware.png 536 |           href: https://aware.zonehaven.com/search?localnumbers 537 |     - Hospital Capacity: 538 |         - icon: /icons/hospital.png 539 |           href: https://data.thecalifornian.com/covid-19-hospital-capacity/facility/my-hosptial 540 |     - PG&E Outages: 541 |         - icon: /icons/pge.png 542 |           href: https://pgealerts.alerts.pge.com/outagecenter/ 543 |     - County OES: 544 |         - icon: /icons/county-oes.png 545 |           href: https://countywebsiteOES-site.org 546 |     - FireMappers: 547 |         - icon: /icons/firemappers.png 548 |           href: https://napsg.maps.arcgis.com 549 |     - CalFire Incidents: 550 |         - icon: /icons/calfire.png 551 |           href: https://www.fire.ca.gov/incidents 552 |     - USFS Incidents: 553 |         - icon: /icons/usfs.png 554 |           href: https://inciweb.nwcg.gov/ 555 | 556 | - Weather: 557 |     - Wunderground: 558 |         - icon: /icons/wunderground.png 559 |           href: https://www.wunderground.com/weather/us/ca/my-city 560 |     - Radar: 561 |         - icon: /icons/noaa.png 562 |           href: https://www.nhc.noaa.gov/satellite.php 563 |     - Wind Finder: 564 |         - icon: /icons/windfinder.png 565 |           href: https://www.windfinder.com/#9/coordinates 566 |     - Weather Station: 567 |         - icon: /icons/ambient-weather.png 568 |           href: https://ambientweather.net/dashboard/my-token 569 |     - Air Quality: 570 |         - icon: /icons/purpleair.png 571 |           href: https://map.purpleair.com/ 572 |     - Smoke Forecast: 573 |         - icon: /icons/smoke.png 574 |           href: https://www.weather.gov/city-code/AreaSmokeForecast 575 | 576 | - Coding: 577 |     - MongoDB: 578 |         - icon: mongodb.png 579 |           href: https://cloud.mongodb.com/v2/my-key/clusters 580 |     - Oh My Git: 581 |         - icon: gitea.png 582 |           href: https://ohmygit.org/ 583 | 584 | - Finances: 585 |     - My Bank: 586 |         - icon: /icons/mybank.png 587 |           href: https://www.mybank.com/ 588 |     - Quickbooks: 589 |         - icon: /icons/quickbooks.png 590 |           href: https://app.qbo.intuit.com/app/homepage 591 |     - Finances: 592 |         - icon: google-sheets.png 593 |           href: https://docs.google.com/spreadsheets/d/ 594 |     - Charles Schwab: 595 |         - icon: /icons/schwab.png 596 |           href: https://www.schwab.com/ 597 | 598 | - Shopping: 599 |     - Amazon: 600 |         - icon: amazon.png 601 |           href: https://www.amazon.com/ 602 |     - Ebay: 603 |         - icon: ebay.png 604 |           href: https://www.ebay.com/ 605 |     - Newegg: 606 |         - icon: /icons/newegg.png 607 |           href: https://www.newegg.com/ 608 |     - Craigslist: 609 |         - icon: /icons/craigslist.png 610 |           href: https://mycity.craigslist.org/ 611 | 612 | - Health: 613 |     - MyFitnessPal: 614 |         - icon: /icons/myfitnesspal.png 615 |           href: https://www.myfitnesspal.com/ 616 |     - Cronometer: 617 |         - icon: /icons/cronometer.png 618 |           href: https://cronometer.com/ 619 |     - Garmin Connect: 620 |         - icon: /icons/garmin-connect.png 621 |           href: https://connect.garmin.com/ 622 |     - Komoot: 623 |         - icon: /icons/komoot.png 624 |           href: https://www.komoot.com/ 625 |     - MyChart: 626 |         - icon: /icons/mychart.png 627 |           href: https://mychart.ochin.org/mychart/Home/ 628 | 629 | - Google: 630 |     - Drive: 631 |         - icon: google-drive.png 632 |           href: https://drive.google.com/drive/u/0/recent 633 |     - Gmail: 634 |         - icon: gmail.png 635 |           href: https://mail.google.com/mail/u/0/#inbox 636 |     - Photos: 637 |         - icon: google-photos.png 638 |           href: https://photos.google.com/ 639 | ``` -------------------------------------------------------------------------------- /Apps and Services/Kiwix.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Kiwix setup and documentation 3 | created: Sat 2023-12-16 @ 12:45 PM 4 | tags: 5 | - Homelabbing 6 | type: 7 | modified: Wed 2024-07-24 @ 07:22 PM 8 | --- 9 | # To Do's 10 | 11 | - [ ] #kiwix Setup automatic updating of offline .zim files #Homelabbing 12 | ``` 13 | wget https://dumps.wikimedia.org/kiwix/zim/wikipedia/wikipedia_en_all_maxi_2022-05.zim 14 | ``` 15 | 16 | 17 | # Installation 18 | 19 | ```bash 20 | sudo usermod -aG docker username 21 | 22 | sudo usermod -aG docker administrator 23 | 24 | sudo usermod -aG administrator username 25 | 26 | sudo chown -R username:administrator /mnt/NAS/Offline/kiwix 27 | 28 | sudo find /mnt/NAS/Offline/kiwix -type d -exec chmod 775 {} \; 29 | ``` 30 | 31 | ```yaml 32 | version: '3.3' 33 | 34 | services: 35 | kiwix-serve: 36 | ports: 37 | - 8888:8080 38 | image: ghcr.io/kiwix/kiwix-serve:latest 39 | container_name: kiwix 40 | volumes: 41 | - /mnt/NAS/USERNAME/Offline/kiwix:/data 42 | command: 43 | - "*.zim" 44 | environment: 45 | - PUID=1010 46 | - PGID=1000 47 | - TZ=America/Los_Angeles 48 | ``` 49 | 50 | -------------------------------------------------------------------------------- /Apps and Services/MinIO.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 02:10 PM 4 | --- 5 | [Install Video followed](https://www.youtube.com/watch?v=2iVhfbrP_-o) 6 | 7 | 8 | # Install MinIO (LXC) 9 | 10 | ### Install Go ### 11 | 12 | In Windows Terminal 13 | 14 | ``` 15 | lxc-attach --name 120 16 | 17 | wget -c https://dl.google.com/go/go1.18.linux-amd64.tar.gz 18 | 19 | tar xvf go1.18.linux-amd64.tar.gz 20 | 21 | chown -R root:root ./go 22 | 23 | mv go /usr/local 24 | 25 | echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile 26 | 27 | source /etc/profile 28 | 29 | go version 30 | ``` 31 | 32 | * As long as the version shows up: 33 | ``` 34 | rm go1.18.linux-amd64.tar.gz 35 | ``` 36 | 37 | ### Install MinIO ### 38 | 39 | ``` 40 | wget https://dl.min.io/server/minio/release/linux-amd64/minio 41 | 42 | useradd --system minio --shell /sbin/nologin 43 | 44 | usermod -L minio 45 | 46 | chage -E0 minio 47 | 48 | mv minio /usr/local/bin 49 | 50 | chmod +x /usr/local/bin/minio 51 | 52 | chown minio:minio /usr/local/bin/minio 53 | 54 | sudo touch /etc/default/minio 55 | 56 | sudo echo 'MINIO_ROOT_USER="username"' >> /etc/default/minio 57 | 58 | sudo echo 'MINIO_VOLUMES="/mnt/minio/backups"' >> /etc/default/minio 59 | 60 | sudo echo 'MINIO_OPTS="-C /etc/minio --address :9000 --console-address :46699"' >> /etc/default/minio 61 | 62 | sudo echo 'MINIO_ROOT_PASSWORD="password"' >> /etc/default/minio 63 | 64 | mkdir /mnt/minio/backups 65 | 66 | mkdir /etc/minio 67 | 68 | chown minio:minio /mnt/minio/backups 69 | 70 | chown minio:minio /etc/minio 71 | ``` 72 | 73 | ### Install MinIO Service ### 74 | 75 | ``` 76 | wget https://raw.githubusercontent.com/minio/minio-service/master/linux-systemd/minio.service 77 | 78 | sed -i 's/User=minio-user/User=minio/g' minio.service 79 | 80 | sed -i 's/Group=minio-user/Group=minio/g' minio.service 81 | 82 | mv minio.service /etc/systemd/system 83 | 84 | systemctl daemon-reload 85 | 86 | systemctl enable minio 87 | 88 | systemctl start minio 89 | 90 | systemctl status minio 91 | ``` 92 | 93 | * Confirm it's active and running 94 | 95 | * Take note of the IP address 96 | 97 | 98 | ### Firewall Settings ### 99 | 100 | ``` 101 | ufw default deny incoming 102 | 103 | ufw default allow outgoing 104 | 105 | ufw allow ssh 106 | 107 | ufw allow 9000 108 | 109 | ufw allow 46699 110 | 111 | ufw allow http 112 | 113 | ufw allow https 114 | 115 | ufw enable 116 | 117 | ufw status verbose 118 | ``` 119 | 120 | Confirm everything looks good 121 | 122 | * Make sure you forward ports 9000 and 46699 on your router to your server 123 | 124 | 125 | ### Console Setup ### 126 | 127 | * Open it by going to http://ip-address:46699 that you wrote down earlier 128 | 129 | Set Server Location 130 | * Go to Configurations 131 | * Set the Server Location to whatever you'd like (mine is "gizmonics-institute") 132 | * Save 133 | * Restart the instance by clicking on the popup or by rebooting the CT 134 | 135 | * Identity → Users → Create User 136 | * Enter a User Name (essentially an Access Key) 137 | * Enter a Password (essentially a Secret Key) 138 | * Select "readwrite" under Assign Policies 139 | * Save 140 | 141 | * Buckets → Create Bucket 142 | * Only needs a name 143 | * Click "Create Cucket" 144 | 145 | That's it in MinIO. Now is a good time to restart your Proxmox server. 146 | 147 | * Node → Reboot 148 | 149 | 150 | ### Certificate ### 151 | 152 | ``` 153 | apt install software-properties-common 154 | 155 | add-apt-repository universe 156 | 157 | apt update 158 | 159 | apt install certbot 160 | 161 | certbot certonly --standalone -d minio-server.your_domain 162 | 163 | cp /etc/letsencrypt/live/minio-server.your_domain_name/privkey.pem /etc/minio/certs/private.key 164 | 165 | cp /etc/letsencrypt/live/minio-server.your_domain_name/fullchain.pem /etc/minio/certs/public.crt 166 | 167 | chown minio:minio /etc/minio/certs/private.key 168 | 169 | chown minio:minio /etc/minio/certs/public.crt 170 | 171 | systemctl restart minio 172 | ``` 173 | 174 | -------------------------------------------------------------------------------- /Apps and Services/Netdata.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 01:31 PM 4 | --- 5 | ## Netdata ## 6 | 7 | - I didn't document the initial install on the first node but I remember it being pretty easy 8 | 9 | 10 | #### Adding Additional Nodes #### 11 | 12 | - Go to Netdata Cloud --> On the top horizontal menu click on Nodes --> Add Nodes 13 | - Copy the Linux script and paste and run in the terminal of the server you want to add 14 | 15 | 16 | #### Gotify notifications #### 17 | 18 | From Server CLI: 19 | ``` 20 | cd /etc/netdata 21 | 22 | sudo ./edit-config health_alarm_notify.conf 23 | ``` 24 | 25 | - Adjust to look like this 26 | ``` 27 | # gotify global notification options 28 | SEND_GOTIFY="YES" 29 | 30 | # App token and url 31 | GOTIFY_APP_TOKEN="insert-your-token-here" 32 | GOTIFY_APP_URL="https://subdomain-if-you-have-one.domain.com" 33 | 34 | DEFAULT_RECIPIENT_GOTIFY="youremail@gmail.com" 35 | ``` 36 | 37 | 38 | #### Testing 39 | 40 | To be able to test you need to do a couple of things first: 41 | 1) Set a password for the `netdata` user with `sudo passwd netdata` (use the password in 1P under Netdata --> server user password) 42 | 2) Change the shell for the `netdata` user in `/etc/passwd` to `/bin/bash` 43 | 44 | ``` 45 | su -s /bin/bash netdata 46 | 47 | Enter the netdata user password 48 | 49 | /usr/libexec/netdata/plugins.d/alarm-notify.sh test admin 50 | ``` 51 | 52 | Check your email and you should see it. 53 | 54 | - After testing, change the `netdata` user shell back to `/usr/sbin/nologin` 55 | 56 | 57 | #### Silencing Alarms #### 58 | 59 | ``` 60 | cd /etc/netdata 61 | 62 | ./edit-config health.d/cpu.conf 63 | ``` 64 | 65 | * cpu.conf is just one file. There are others like net.conf, etc. To find what file to edit, go to Netdata Cloud -> Alerts -> Alert Configurations and then find the alert you want to silence and then which node it is on. 66 | 67 | - In the conf file, under the specific template that you're wanting to silence, change `to: sysadmin` to `to: silent` 68 | -------------------------------------------------------------------------------- /Apps and Services/Nextcloud.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 03:21 PM 4 | --- 5 | I don't like this app for my needs. You can only edit files thru it so if you edit outside of it you'll have to update the database to see those changes. 6 | 7 | 8 | 9 | ```d 10 | version: '3' 11 | 12 | volumes: 13 | 14 | nextcloud-db: 15 | 16 | services: 17 | 18 | nextcloud-app: 19 | image: nextcloud:latest 20 | restart: unless-stopped 21 | volumes: 22 | - /docker/appdata/nextcloud:/var/www/html 23 | - /docker/appdata/nextcloud/custom_apps:/var/www/html/custom_apps 24 | - /docker/appdata/nextcloud/config:/var/www/html/config 25 | - /docker/appdata/nextcloud/data:/var/www/html/data 26 | # - /docker/appdata/nextcloud/themes/:/var/www/html/themes/ 27 | environment: 28 | - MYSQL_PASSWORD=$MYSQL_PASSWORD 29 | - MYSQL_DATABASE=$MYSQL_DATABASE 30 | - MYSQL_USER=$MYSQL_USER 31 | - MYSQL_HOST=nextcloud-db 32 | ports: 33 | - 80:80 34 | 35 | nextcloud-db: 36 | image: mariadb:latest 37 | restart: unless-stopped 38 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 39 | volumes: 40 | - nextcloud-db:/var/lib/mysql 41 | environment: 42 | - MYSQL_RANDOM_ROOT_PASSWORD=true 43 | - MYSQL_PASSWORD=$MYSQL_PASSWORD 44 | - MYSQL_DATABASE=$MYSQL_DATABASE 45 | - MYSQL_USER=$MYSQL_USER 46 | ``` 47 | 48 | 49 | 50 | 51 | 52 | ```d 53 | 54 | networks: 55 | frontend: 56 | # add this if the network is already existing! 57 | # external: true 58 | backend: 59 | 60 | services: 61 | 62 | nextcloud-app: 63 | image: nextcloud 64 | restart: always 65 | volumes: 66 | - nextcloud-data:/var/www/html 67 | environment: 68 | - MYSQL_PASSWORD=your-password 69 | - MYSQL_DATABASE=nextcloud 70 | - MYSQL_USER=nextcloud 71 | - MYSQL_HOST=nextcloud-db 72 | networks: 73 | - frontend 74 | - backend 75 | 76 | nextcloud-db: 77 | image: mariadb 78 | restart: always 79 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW 80 | volumes: 81 | - nextcloud-db:/var/lib/mysql 82 | environment: 83 | - MYSQL_ROOT_PASSWORD=your-password 84 | - MYSQL_PASSWORD=your-password 85 | - MYSQL_DATABASE=nextcloud 86 | - MYSQL_USER=nextcloud 87 | networks: 88 | - backend 89 | ``` -------------------------------------------------------------------------------- /Apps and Services/Nginx Proxy Manager.md: -------------------------------------------------------------------------------- 1 | ## Install ## 2 | 3 | - In Portainer, go to the node you want to install NPM on and click Networks and "Add network". Name it "npm-main" and then click "Create the network" 4 | 5 | Create a stack and add this BUT do not deploy it until you've followed the other instructions below: 6 | ```yaml 7 | version: '3' 8 | services: 9 | nginx-proxy-manager: 10 | container_name: nginx-proxy-manager 11 | image: 'jc21/nginx-proxy-manager:latest' 12 | restart: always 13 | ports: 14 | - '80:80' 15 | - '81:81' 16 | - '443:443' 17 | environment: 18 | - DB_MYSQL_HOST=nginx-proxy-manager-db 19 | - DB_MYSQL_PORT=3306 20 | - DB_MYSQL_USER=npm 21 | - DB_MYSQL_PASSWORD=${DB_MYSQL_PASSWORD} 22 | - DB_MYSQL_NAME=npm 23 | volumes: 24 | - /docker/appdata/nginx-proxy-manager/container-data/data:/data:Z 25 | - /docker/appdata/nginx-proxy-manager/container-data/letsencrypt:/etc/letsencrypt:Z 26 | networks: 27 | - npm-db 28 | - npm-main 29 | 30 | nginx-proxy-manager-db: 31 | container_name: nginx-proxy-manager-db 32 | image: 'jc21/mariadb-aria:latest' 33 | restart: always 34 | environment: 35 | - MYSQL_DATABASE=npm 36 | - MYSQL_USER=npm 37 | - MYSQL_PASSWORD=${DB_MYSQL_PASSWORD} 38 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 39 | volumes: 40 | - /docker/appdata/nginx-proxy-manager/container-data/mysql:/var/lib/mysql:Z 41 | networks: 42 | - npm-db 43 | 44 | networks: 45 | npm-db: 46 | npm-main: 47 | external: true 48 | ``` 49 | 50 | - Before deploying, go down the page and click on "Add an environment variable" and click on it a second time to create two 51 | - For the first one, put "DB_MYSQL_PASSWORD" (without the quotes) in the name box and then generate a password in 1P and put it in the value box 52 | - For the second one, put "MYSQL_ROOT_PASSWORD" (without the quotes) in the name box and then generate a password in 1P and put it in the value box 53 | * You won't need to remember either of these passwords as they'll always be accessible in Portainer 54 | 55 | - Now click "Deploy the stack" 56 | 57 | - Open up the interface to confirm it's working: 58 | ``` 59 | http://your-ip-address:81/login 60 | ``` 61 | 62 | 63 | ## Setup ## 64 | 65 | Use the default login credentials 66 | ``` 67 | Email address: admin@example.com 68 | Password: changeme 69 | ``` 70 | 71 | - Change the email address to yours (though it probably doesn't matter as it's more of a username) 72 | - Change the password 73 | 74 | None of this will work without port forwarding in the router. Consult the networking document to see how to do that. 75 | 76 | 77 | ## Usage ## 78 | 79 | The first step should be to upload an SSL certificate. Follow the directions on the Cloudflare document. 80 | - Click on SSL Certificates -> Add SSL Certificate -> Custom 81 | - Give it a name and select the certificate files on your computer and click Save 82 | 83 | To add a domain, go to Hosts (or Dashboard)-> Proxy Hosts -> Add Proxy Host 84 | ``` 85 | Details pane 86 | Domain Names: subdomain.websites.com 87 | Forward Hostname / IP: 192.168.___.___ 88 | Forward Port: 5005 89 | To begin, turn on Websockets Support only 90 | 91 | SSL pane 92 | SSL Certificate: select the certificate for this domain 93 | Turn on Force SSL at minimum 94 | 95 | Save 96 | ``` 97 | 98 | * After it is set up and working you can go back and turn on Cache Assets and Block Common Exploits, as needed 99 | 100 | If this is a new domain you are setting up you'll likely need to consult the troubleshooting section below. 101 | 102 | 103 | ## Troubleshooting ## 104 | 105 | After spending a whole day, multiple times, trying to get NPM with a domain name working I found out a major annoying problem with getting it setup. Luckily it is an easy fix. 106 | 107 | - In Cloudflare, under the DNS section for your domain, turn off the orange "Proxied" setting on your A and CNAME records until after you have initially setup a NPM proxy host. After you have it working properly (a domain is pointed at your public IP and that domain is setup inside of NPM and is successfully connecting to a service) ONLY THEN can you turn the orange Proxied status back on in Cloudflares DNS records. Whew! Pain in the ass to figure that one out! 108 | - I would think that if you ever purge your cache or add a new domain in Cloudflare that you'd have to do the same thing to get it working again. 109 | 110 | -------------------------------------------------------------------------------- /Apps and Services/Paperless.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 03:32 PM 4 | --- 5 | # Restoring # 6 | 7 | I was able to successfully move an installation to another server by: 8 | - Putting the receipt files in the new location and setting the permissions to dave:administrator 9 | - Copying the /docker/appdata/paperless directory to the new location and setting the permissions to `dave:administrator` 10 | 11 | So make sure to backup those directories accordingly 12 | 13 | 14 | # Install # 15 | 16 | On the VM: 17 | - Make sure fstab entry for the NAS SMB share looks like this: 18 | ``` 19 | //192.168.10.5/zpool_NAS /mnt/NAS cifs credentials=/root/.smb,uid=1010,gid=1020,file_mode=0664,dir_mode=0775 0 0 20 | ``` 21 | 22 | The Paperless folder relies on three subfolders 23 | - consume (for adding files to that Paperless will then process) 24 | - export (for exporting purposes down the line) 25 | - media (the actual files that have already been processed) 26 | 27 | * The docker stack will create all of the necessary folders and mount points 28 | 29 | 30 | ```yaml 31 | version: "2.1" 32 | services: 33 | paperless-ngx: 34 | image: lscr.io/linuxserver/paperless-ngx:latest 35 | container_name: paperless-ngx 36 | environment: 37 | - PUID=1010 38 | - PGID=1000 39 | - TZ=America/Los_Angeles 40 | - REDIS_URL= #optional 41 | - PAPERLESS_URL=https://subdomain.domain.com 42 | volumes: 43 | - /docker/appdata/paperless/config:/config 44 | - /mnt/Paperless/consume:/data/consume 45 | - /mnt/Paperless/export:/data/export 46 | - /mnt/Paperless/media:/data/media 47 | ports: 48 | - 8010:8000 49 | restart: unless-stopped 50 | ``` 51 | 52 | 53 | ## Setup ## 54 | 55 | If you are importing from a former install, the only setup that needs to happen is creating the storage paths 56 | 57 | - Storage Paths-->Create 58 | ``` 59 | Name: 2020 60 | Path: {created_year}/{document_type}/{created_month}-{created_day}-{created_year} - {tag_list} 61 | Pattern: 2020 62 | ``` 63 | * Also add one for 2021 and 2022 and any other years needed 64 | 65 | 66 | - The default Settings upong install look good 67 | 68 | * For most settings below, use "Case insensitive" 69 | 70 | Correspondents 71 | ``` 72 | Name: My-Name 73 | Algorithm: Any 74 | Pattern: my-name 75 | ``` 76 | 77 | Tags example 78 | ``` 79 | Name: Home Depot 80 | Algorithm: Exact 81 | Pattern: Home Depot 82 | ``` 83 | 84 | Document Types example 85 | ``` 86 | Name: IRS Forms 87 | Algorithm: Any 88 | Pattern: 1099-MISC 1095-B 89 | ``` 90 | 91 | Saved Views 92 | ``` 93 | Go to Documents 94 | Choose what documents you want to see 95 | Views-->Save As... 96 | Enter a name 97 | Click the boxes as needed 98 | ``` 99 | 100 | - On first saved view creation, you can create an Inbox tag 101 | 102 | 103 | All documents should be tagged with (at a minimum) 104 | - document type (1099-MISC, debit, etc) 105 | - source (Home Depot, California, etc.) 106 | 107 | 108 | 109 | # Post install Scripts # 110 | 111 | ## Document Renamer ## 112 | 113 | ``` 114 | python3 /app/paperless/src/manage.py document_renamer 115 | ``` 116 | 117 | 118 | ## Exporter ## 119 | 120 | In the console for the container: 121 | ``` 122 | python3 /app/paperless/src/manage.py document_exporter /data/export 123 | ``` 124 | 125 | 126 | ## Importer 127 | 128 | To be able to import without errors, you have to add the Storage Paths before importing 129 | 130 | Run this to import 131 | ``` 132 | python3 /app/paperless/src/manage.py document_importer /data/export 133 | ``` 134 | 135 | 136 | ## Document Retagger ## 137 | 138 | * I couldn't get this to work. The log says that the learning model hasn't been created yet 139 | ``` 140 | python3 /app/paperless/src/manage.py document_retagger 141 | ``` 142 | 143 | -------------------------------------------------------------------------------- /Apps and Services/Plex.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 03:45 PM 4 | --- 5 | # Install 6 | 7 | ### CLI 8 | 9 | ``` 10 | docker create --name='Plex' --net='media' -e TZ="America/Los_Angeles" -e 'PLEX_CLAIM'='claim-tUXXX9QP-76ggRELExz' -e 'PLEX_UID'='99' -e 'PLEX_GID'='100' -e 'VERSION'='latest' -p '32400:32400/tcp' -v '/tmp/':'/transcode':'rw' -v '/mnt/user/data/media/':'/data/media':'rw' -v '/mnt/user/appdata/Plex-Media-Server':'/config':'rw' 'plexinc/pms-docker' 11 | ``` 12 | 13 | ### Portainer Stack / Compose 14 | 15 | From [this](https://docs.linuxserver.io/images/docker-plex/) page 16 | 17 | ```yaml 18 | version: "2.1" 19 | services: 20 | plex: 21 | image: lscr.io/linuxserver/plex:latest 22 | container_name: plex-media-server 23 | network_mode: host 24 | environment: 25 | - PUID=1010 26 | - PGID=1000 27 | - TZ=America/Los_Angeles 28 | - VERSION=docker 29 | - PLEX_CLAIM= #optional - go to https://plex.tv/claim for code 30 | volumes: 31 | - /mnt/SSD/plex-media-server:/config 32 | - /mnt/SSD/transcodes:/transcodes 33 | - /mnt/Media:/media 34 | ports: 35 | - 32400:32400 36 | restart: unless-stopped 37 | ``` 38 | 39 | 40 | # Settings 41 | 42 | *These settings are noted here because PMM had issues until things were set a certain way. So these are the settings that have been working for me both with PMM and with how I want the server to work.* 43 | 44 | #### My-Plex-Username 45 | *anything not mentioned is assumed to be intuitive* 46 | 47 | - Account 48 | - Audio & Subtitles 49 | - Automatically select audio and subtitle tracks is checked 50 | - Preferred Audio Language - English 51 | - Preferred Subtitle Language - English 52 | - Auto-Select Subtitle Mode - Shown with Foreign Audio 53 | - Subtitles for the Deaf or Hard-of-Hearing Searches - Prefer non-SDH subtitles 54 | - Forced Subtitle Searches - Prefer non-forced subtitles 55 | - Experimental Features - Enabled 56 | 57 | - Online Media Sources 58 | - Live TV, Movies & TV - Disabled for Managed Users 59 | - Music - Disabled 60 | - Discover Source - Disabled for Managed Users 61 | - Display "More Ways to Watch" search results - Disabled for Managed Users 62 | - Display availabilities from other streaming services on detail pages - Enabled 63 | 64 | - Streaming Services 65 | - I selected all of the most popular services 66 | 67 | - Plex Home 68 | - Guest is disabled 69 | - WifesName 70 | - Access to Movies, Shows 71 | - Restriction Profile - none 72 | - Allow Downloads - Enabled 73 | - Live TV & DVR Access - Allow Live TV only 74 | - No restrictions on Movies, TV Shows or Music 75 | - Daycare Kids 76 | - Access to Movies, Shows 77 | - Restriction Profile - none 78 | - Allow Downloads - Disabled 79 | - Live TV & DVR Access - No Live TV and DVR access 80 | - Movies - Allow only 3, 4, 5 81 | - TV Shows - Allow only 3, 4, 5, Daycare 82 | - Music - no restrictions 83 | - MyOlderKidsName (has his own account that is added to our Home) 84 | - Access to Movies, Shows 85 | - Allow Downloads - Enabled 86 | - Live TV & DVR Access - Allow Live TV only 87 | - Movies - Allow only 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, MyYoungerKidsName, MyOlderKidsName 88 | - Exclude "Not-MyOlderKidsName" 89 | - TV Shows - Allow only 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, MyOlderKidsName 90 | - Exclude "Not-MyOlderKidsName" 91 | - Music - no restrictions 92 | - MyYoungerKidsName 93 | - Access to Movies, Shows 94 | - Restriction Profile - none 95 | - Allow Downloads - Enabled 96 | - Live TV & DVR Access - Allow Live TV only 97 | - Movies - Allow only 3, 4, 5, 6, 7, 8, 9, 10, 11, MyYoungerKidsName 98 | - Exclude "Not-MyYoungerKidsName" 99 | - TV Shows - Allow only 3, 4, 5, 6, 7, 8, 9, 10, 11, MyYoungerKidsName 100 | - Exclude "Not-"MyYoungerKidsName" 101 | - Music - no restrictions 102 | 103 | - Manage Library Access 104 | - Just do what is intuitive 105 | 106 | 107 | #### Plex Web 108 | *make sure you check "Show Advanced" at the top of the first settings page you go to* 109 | 110 | - General 111 | - Language - English 112 | - Automatically Sign In - Not checked 113 | - Remember Selected Tab - Checked 114 | - Play Theme Music - Not checked 115 | - Allow Fallback to Insecure Connections - On same network as server 116 | - Time Format - 12 hour 117 | - Setting Sync is turned on 118 | 119 | - Quality 120 | - Automatically Adjust Quality - not checked 121 | - Internet Streaming Video Quality - 2 Mbps, 720p 122 | - Play smaller videos at original quality - checked 123 | - Home Streaming / Use recommended settings - checked 124 | 125 | - Debug 126 | - Debug level - disabled 127 | - Direct Play - checked 128 | - Direct Stream - checked 129 | - Use alternate streaming protocol for video playback - not checked 130 | 131 | - Player 132 | - Normalize Multi-channel Audio - checked 133 | - Subtitles - White, bottom, normal 134 | - Burn Subtitles - Automatic 135 | - Cinema trailers to Play before Movies - none 136 | - Force multi-channel audio support - not checked 137 | 138 | #### Status 139 | - nothing to do here 140 | 141 | 142 | #### Settings 143 | 144 | - General 145 | - Send crash reports to Plex - checked 146 | - Push notifications - checked 147 | - Enable Plex Media Server debug logging - checked 148 | - Enable Plex Media Server verbose logging - not checked 149 | - Server update channel - Public 150 | 151 | - Remote Access 152 | - Enable Remote Access as per instructions 153 | - Manually specify public port - checked 154 | - 32400 155 | - Internet upload speed - 20 Mbps 156 | - Limit remote stream bitrate - 8 Mbps 157 | 158 | - Agents (anything not mentioned is unchecked) 159 | - Movies 160 | - Personal Media 161 | - Personal Media is checked by default 162 | - Local Media Assets (Movies) - checked 163 | - Plex Movie (Legacy) 164 | - Local Media Assets (Movies) - checked 165 | - Plex Movie (Legacy) - check by default 166 | - The Movie Database 167 | - Local Media Assets (Movies) - checked 168 | - The Movie Database - checked by default 169 | - Shows 170 | - Personal Media Shows 171 | - Personal Media Shows - checked by default 172 | - Local Media Assets (TV) - checked 173 | - TheTVDB 174 | - Local Media Assets (TV) - checked 175 | - TheTVDB - checked by default 176 | - Plex Theme Music - checked 177 | - The Movie Database 178 | - The Movie Database - checked by default 179 | - Artists 180 | - Personal Media Artists 181 | - Personal Media Artists - checked by default 182 | - Local Media Assets (Artists) - checked 183 | - Last.fm 184 | - Local Media Assets (Artists) - checked 185 | - Last.fm - checked by default 186 | - Home Theatre Backdrops - checked 187 | - Albums 188 | - Personal Media Albums 189 | - Personal Media Albums - checked by default 190 | - Local Media Assets (Albums) - checked 191 | - Last.fm 192 | - Local Media Assets (Albums) - checked 193 | - Last.fm - checked by default 194 | - LyricFind - checked 195 | - Photos 196 | - Photos 197 | - Photos - checked by default 198 | 199 | - Library 200 | - Scan my library automatically - unchecked 201 | - Run a partial scan when changes are detected - checked 202 | - Include music libraries in automatic updates - unchecked 203 | - Scan my library periodically - checked 204 | - Interval - hourly 205 | - Empty trash automatically after every scan - checked 206 | - Allow media deletion - checked 207 | - Weeks to consider for Continue Watching - 12 208 | - Maximum number of Continue Watching items which will appear - 20 209 | - Include season premieres in Continue Watching - checked 210 | - Video played threshold - 90% 211 | - Video play completion behavior - at final credits marker position 212 | - Enable smart shuffling on artists and smart music playlists - checked 213 | - Group albums by type - enabled 214 | - Run scanner tasks at a lower priority - checked 215 | - Marker source - "both, try online first" 216 | - Generate video preview thumbnails - as a scheduled task and when media is added 217 | - Generate intro video markers - as a scheduled task and when media is added 218 | - Generate credits video markers - as a scheduled task and when media is added 219 | - Generate chapter thumbnails - as a scheduled task and when media is added 220 | - Analyze audio tracks for loudness - as a scheduled task and when media is added 221 | - Analyze audio tracks for sonic features - as a scheduled task and when media is added 222 | - Database Cache Size (MB) - 4096 223 | 224 | - Plugins 225 | - Region - United States 226 | - Everything else unchecked 227 | 228 | - Network 229 | - Enable server support for IPv6 - unchecked 230 | - Secure connections - preferred 231 | - Certificate boxes are empty 232 | - Preferred network interface - pick the service LAN interface you use 233 | - Strict TLS configuration - checked 234 | - Enable local network discovery (GDM) - checked 235 | - Remote streams allowed per user - 1 236 | - LAN Networks - 192.168.10.0/28, 192.168.20.0/24, 192.168.30.0/29, 192.168.50.0/24, 192.168.70.0/24 237 | - Terminate Sessions paused for longer than - 20 238 | - Treat WAN IP as LAN bandwidth - unchecked 239 | - Enable Relay - unchecked 240 | - URL and IP boxes are empty 241 | - Webhooks - checked 242 | 243 | - Transcoder 244 | - Transcoder quality - Make my CPU hurt 245 | - ==Transcoder temporary directory - ______________________== 246 | - Transcoder default throttle buffer - 60 247 | - Background transcoding x264 preset - fast 248 | - Enable HDR tone mapping - checked 249 | - Disable video stream transcoding - unchecked 250 | - Use hardware acceleration when available - unchecked 251 | - Use hardware-accelerated video encoding - checked 252 | - Maximum simultaneous video transcode - 4 253 | 254 | - Languages 255 | - Automatically select audio and subtitle tracks - checked 256 | - Prefer audio tracks in - English 257 | - Subtitle mode - Shown with foreign audio 258 | - Prefer subtitles in - English 259 | 260 | - DLNA 261 | - Enable the DLNA server - unchecked 262 | - It is recommended by Plex not to mess with any of the advanced settings here. 263 | 264 | - Scheduled Tasks 265 | - Time at which tasks start to run - 2:00 266 | - Time at which tasks stop running - 5:00 267 | - Backup database every three days - checked 268 | - Backup directory - "/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Plug-in Support/Databases" 269 | - Optimize database every week - checked 270 | - Remove old bundles every week - checked 271 | - Remove old cache files every week - checked 272 | - Refresh local metadata every three days - checked 273 | - Update all libraries during maintenance - unchecked 274 | - Upgrade media analysis during maintenance - checked 275 | - Refresh library metadata periodically - checked 276 | - Perform extensive media analysis during maintenance - checked 277 | 278 | - Extras 279 |  - Choose Cinema Trailers from - All movies 280 |  - Include Cinema Trailers from movies in my library - checked 281 |  - Include Cinema Trailers from new and upcoming movies in theaters - unchecked 282 |  - Include Cinema Trailers from new and upcoming movies on Blu-ray - unchecked 283 |  - Movie pre-roll video - empty 284 |  - Global music videos path - empty 285 | 286 | #### Manage 287 | 288 | - Libraries 289 | 290 | - Movies 291 | - General 292 | - Library Type - Movies 293 | - Name - Movies 294 | - Language - English 295 | - Add Folders 296 | - `/mnt/Media/Video/movies` 297 | - Advanced 298 | - Scanner - Plex Movie 299 | - Agent - Plex Movie 300 | - Visibility - Include in home screen and global search 301 | - Enable Cinema Trailers - checked 302 | - Certification Country - United States 303 | - Use original titles - unchecked 304 | - Prefer artwork based on library language - checked 305 | - Use local assets - checked 306 | - Prefer local metadata - unchecked 307 | - Find extras - checked 308 | - Only show trailers - unchecked 309 | - Allow red band trailers - unchecked 310 | - Localized subtitles - checked 311 | - Include adult content - unchecked 312 | - Minimum automatic collection size - Disabled 313 | - Ratings Source - Rotten Tomatoes 314 | - Enable video preview thumbnails - checked 315 | - Collections - Show collections and their items 316 | - Enable credits detection - checked 317 | 318 | - Shows 319 | - General 320 | - Library Type - TV Shows 321 | - Name - Shows 322 | - Language - English 323 | - Add Folders 324 | - `/mnt/Media/Video/shows` 325 | - Advanced 326 | - Scanner - Plex TV Series 327 | - Agent - Plex Series 328 | - Visibility - Include in home screen and global search 329 | - Episode sorting - Library default 330 | - Certification Country - United States 331 | - Episode Ordering - TheTVDB 332 | - Use season titles - checked 333 | - Use original titles - unchecked 334 | - Prefer artwork based on library language - checked 335 | - Use local assets - checked 336 | - Prefer local metadata - unchecked 337 | - Find extras - checked 338 | - Only show trailers - unchecked 339 | - Allow red band trailers - unchecked 340 | - Localized subtitles - checked 341 | - Include adult content - unchecked 342 | - Enable video preview thumbnails - checked 343 | - Collections - Show collections and their items 344 | - Seasons - Hide for single season series 345 | - Enable intro detection - checked 346 | - Enable credits detection - checked 347 | 348 | - Music 349 | - General 350 | - Library Type - Music 351 | - Name - Music 352 | - Language - English 353 | - Add Folders 354 | - `/mnt/Media/Audio/music` 355 | - Advanced 356 | - Scanner - Plex Music 357 | - Agent - Plex Music 358 | - Visibility - Include in home screen and global search 359 | - Album sorting - Library default 360 | - Sonic Analysis - checked 361 | - Prefer local metadata - unchecked 362 | - Store track progress - unchecked 363 | - Include related content from shared libraries - unchecked 364 | - Artist Bios - checked 365 | - Album Reviews and Critic Ratings - unchecked 366 | - Popular Tracks - checked 367 | - Find Lyrics - checked 368 | - Genres - Plex Music 369 | - Album Art - Both Plex Music and Local Files 370 | 371 | - Optimized Versions 372 | - nothing to change here 373 | 374 | - Live TV & DVR 375 | - I don't use this so I leave it not set up 376 | 377 | - Troubleshooting 378 | - nothing to change here 379 | 380 | - Console 381 | - nothing to do here 382 | 383 | - Plugins 384 | - nothing to change here 385 | -------------------------------------------------------------------------------- /Apps and Services/Portainer.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Installing and managing Portainer 3 | created: Sat 2024-01-06 @ 09:42 AM 4 | tags: 5 | - containers 6 | - stacks 7 | - docker 8 | - compose 9 | type: tutorial 10 | modified: Sat 2024-01-06 @ 09:42 AM 11 | --- 12 | # Install Portainer 13 | 14 | ``` 15 | sudo docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /docker/appdata/portainer:/data:rw portainer/portainer-ce 16 | ``` 17 | 18 | Go to your IP address with port 9000 (http://192.168.40.110:9000) and set it up 19 | 20 | 21 | # Setting Up Edge Agents 22 | 23 | You only need to install Portainer once. For the other CTs or VMs, you can add them as Portainer environments. 24 | 25 | * First, go to Environments-->Groups-->Add Group 26 | * I named it Gypsy for the server it needs to connect to 27 | * Put a description in there if you want 28 | * Select the associated environment 29 | * Click 'Create the group" 30 | 31 | * Environments-->Add Environment 32 | * Select Docker Standalone and click Start Wizard 33 | * Select Edge Agent 34 | * For the name, you are naming the remote environment you are setting up. So lets say this Portainer server you are currently working on is 192.168.100.1 and you want to connect to 192.168.100.2, you'll want to name it after the service you're connecting to on 192.168.100.2 35 | * I use "VM-Name @ Server" as my naming scheme 36 | * Leave the Portainer server URL the same. This should be the IP of the Portainer instance you are currently working in 37 | * Click on the "More settings" dropdown and set the group to the group you just made 38 | * Click Create 39 | * The page will now give you a command to run but just ignore that and click Close 40 | * Select the environment you just created. 41 | * Go to the Docker Standalone tab 42 | * Copy and paste the command given into the terminal for your server (remote environment) and remember to add "sudo" to the front of it 43 | * After that's done running, go back to the Portainer page and refresh it. It should now have some "Edge Information" on the top which means that it was set up properly. 44 | * While still on that page, enter the IP of your server in the Public IP box and click Update Environment 45 | 46 | The environment is now added and you will see it if you head to the Home page in Portainer. But to be able to access it you'll first need to set up some port forwarding rules in your local network router. 47 | 48 | 49 | # Upgrading 50 | 51 | https://docs.portainer.io/start/upgrade 52 | 53 | # Uninstalling 54 | #### Removing Edge Environments 55 | 56 | ``` 57 | sudo docker stop portainer_edge_agent 58 | 59 | sudo docker rm portainer_edge_agent 60 | 61 | sudo docker volume rm portainer_agent_data 62 | ``` 63 | 64 | 65 | #### Remove Portainer 66 | 67 | ``` 68 | sudo docker stop portainer 69 | 70 | sudo docker rm portainer 71 | 72 | sudo rm -rf /docker/appdata/portainer 73 | ``` 74 | -------------------------------------------------------------------------------- /Apps and Services/Syncthing (Unraid).md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 03:49 PM 4 | --- 5 | *I switched to using Proxmox instead of Unraid but I wrote most of this while using it.* 6 | 7 | # Syncthing / SyncTrayzor Setup Walkthrough 8 | 9 | This is my walkthrough for setting up Syncthing on unRAID and its complementing app SyncTrayzor on Windows. I felt that the instructions were lacking so hopefully this will help a fellow homelab-er. 10 | 11 | 12 | ## Install Syncthing on unRAID ## 13 | 14 | ``` 15 | docker create --name='Syncthing' --net='bridge' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PUID'='99' -e 'PGID'='100' -e 'UMASK'='022' -p '8384:8384/tcp' -p '22000:22000/tcp' -p '22000:22000/udp' -p '21027:21027/udp' -v '/mnt/user/NAS/Downloads':'/data1':'rw' -v '/mnt/user/NAS/Pictures/':'/data2':'rw' -v '/mnt/user/NAS/Desktop/':'/data3':'rw' -v '/mnt/user/NAS/Notes/':'/data4':'rw' -v '/mnt/user/appdata/syncthing':'/config':'rw' 'lscr.io/linuxserver/syncthing' 16 | ``` 17 | 18 | 19 | * Install Syncthing from the Community Apps repository / page / store / whatever (I used the "linuxserver" version) 20 | * The default install settings should be fine except you need to app the paths to the server folders you want to sync 21 | * In my case, I want to sync my Windows Downloads folders between my laptop and my office computer. The extra benefit will be that those files will also exist on unRAID so I can then back them up per my server backup scheme. I also had an issue getting this to work with Android so until I get that working I can just connect to my NAS share on unRAID through an Android file browser and get whatever I need out of the Downloads folder and copy it to my phone. 22 | * Click on Add Another Path 23 | - For the Name, call it whatever makes sense to you as this is what will show in the left hand side of the Syncthing docker config in unRAID 24 | - For the Container Path, I'm using /data/downloads because when I want to sync another folder I can just use /data/folder-name and it'll keep everything nice and tidy and my OCD will be happy. 25 | - For Host Path, I have a share called NAS that is my general / go to storage and I created a Downloads folder in there. So my path is /mnt/user/NAS/Downloads/ 26 | - Click Save. 27 | 28 | 29 | ## Setup Syncthing 30 | 31 | Disclaimer- I already had my server instance of Syncthing setup so there may or may not be an order of operations that Syncthing wants you to do that I've forgotten. I don't think so though so just let me know if my order of operations is off. 32 | 33 | Also, in case you were wondering, Syncthing doesn't require you to forward any ports on your router so no need to worry about that. 34 | 35 | * Open up the Web GUI of the Syncthing by clicking on its icon 36 | * Syncthing will ask you to set up a user and password for the GUI so do that first. 37 | * Let's set up the basic config found under Under Actions-->Settings 38 | - General tab: 39 | + Device Name: call this whatever you want. I just named mine ```unRAID``` 40 | + I can't recall if you need the API Key so go ahead and generate one just in case. You can always delete it later if you'd like. 41 | - GUI tab 42 | + Everything can stay as is on this tab but you can change the GUI Theme if you'd like. 43 | - Connections 44 | + Set the Sync Protocol Listen Address to ```default``` 45 | + My Incoming and Outgoing Rate Limits are both set to ```0``` 46 | + Check Enable NAT traversal, Global Discovery, Local Discovery, and Enable Relaying 47 | + Set Global Discovery Servers to ```default``` 48 | - Click Save 49 | - That's it here for now. We'll be jumping back and forth between unRAID and your computer going forward so keep the window open and pay attention to the terms unRAID and Windows because both GUIs look the same. The unRAID Web GUI will be in your browser and the Windows GUI will be inside of SyncTrayzor's window on your computer. 50 | 51 | 52 | ## Install and Setup SyncTrayzor on Windows ## 53 | 54 | * First of all, you don't install Syncthing on it’s own in Windows. Instead, install SyncTrayzor, which runs Syncthing as a part of it, and that's it. You can download it here. 55 | * On first launch, SyncTrayzor will likely fail to startup Syncthing but that's okay. 56 | + Still on Windows, go into SyncTrayzor→Settings→Syncthing→Advanced and add this to the “Syncthing Command-line Flags” 57 | + ```-allow-newer-config``` 58 | + It should start up fine now 59 | * After Syncthing starts up, set the GUI username and password 60 | * Click on Add Remote Device (still in SyncTrayzor) 61 | * After the window pops up, minimize SyncTrayzor and go back to your browser tab with the unRAID Syncthing Web GUI 62 | + Copy the Device ID with Actions→Show ID 63 | * Now go back to the SyncTrayzor window and enter that Device ID into the Trayzor “Add Device” box under Device ID 64 | * Leave the Device Name blank because the server will populate that on it's own 65 | * On the Sharing tab, click the Introducer and Auto Accept boxes 66 | * Click Save 67 | * Now go back to the browser window for the server side of things and accept the new connection by allowing it in the pop-up box 68 | * Back in SyncTrayzor, delete the Default folder that came pre-setup for you by the app 69 | * Now click Add Folder 70 | * Folder Label: Downloads (or whichever folder you are wanting to sync) 71 | * Folder ID: ```downloads``` (lowercase) or whatever folder you entered above 72 | * Folder Path is the Downloads folder on Windows (or your desired folder) 73 | * On the Sharing tab, select unRAID (or whatever you called your unRAID Syncthing server) 74 | * Click Save 75 | * Back in your browser window for the server side, accept the folder connection by allowing in in the pop-up box 76 | * That’s it! Let it do it’s first time sync before adding any new files 77 | * Back in Windows, you'll likely want to go to SyncTrayzor→Settings→SyncTrayzor and click the Minimize to tray box so that it will all run in the background. 78 | 79 | Enjoy! -------------------------------------------------------------------------------- /Apps and Services/Syncthing.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 03:49 PM 4 | --- 5 | # Install 6 | 7 | ```bash 8 | sudo useradd -u 1010 -M -s /usr/sbin/nologin dave 9 | ``` 10 | 11 | ```yaml 12 | version: "2.1" 13 | services: 14 | syncthing: 15 | image: lscr.io/linuxserver/syncthing:latest 16 | container_name: syncthing-USER1 17 | hostname: syncthing #optional 18 | environment: 19 | - PUID=1010 20 | - PGID=1000 21 | - UMASK=002 22 | - TZ=America/Los_Angeles 23 | volumes: 24 | - /docker/appdata/syncthing-USER1:/config 25 | - "/mnt/NAS/USER1/Computer/Syncthing/:/USER1" 26 | ports: 27 | - 8384:8384 28 | - 22000:22000/tcp 29 | - 22000:22000/udp 30 | - 21027:21027/udp 31 | restart: unless-stopped 32 | ``` 33 | - I'm hosting two different containers for two different people in my house. I'll replace USER1 with their actual names. 34 | - For this to work your NAS files need to be owned by 1010:1000 (or in my case USER1:administrator) 35 | 36 | # Setup Syncthing 37 | 38 | Before beginning... 39 | - BACKUP YOUR FILES! 40 | - You can do one of three things with your existing files (after you've already backed them up of course) on either the server or Windows: 41 | - Starting out, the directories can either be the exact same (the exact same files in both locations), you can have files in place on the Server side and empty on Windows side, or both directories can be empty. So to begin, chose how the directories are going to look and make those changes BEFORE proceeding. 42 | - After the initial sync you can count on Syncthing to not screw up your files IF YOU FOLLOW MY ADVICE (at least that has been my experience). Just take caution now and you'll be fine. And if I'm lying or a complete fool at least you'll have a backup. 43 | - Syncthing doesn't require you to forward any ports on your router so no need to worry about that. 44 | 45 | Let's begin. 46 | 47 | * Open up the Web GUI by going to your-server-IP-address:8384 (ex. 192.168.40.110:8384) 48 | * Syncthing will ask you to set up a user and password for the GUI so do that first. It'll log you off after you hit Save so log back in with the new credentials. 49 | * Let's set up the basic config found under Actions-->Settings 50 | - General tab: 51 | + Device Name: call this whatever you want (I named mine `Admin VM @ Crow` so I didn't forget where it was installed) 52 | + I can't recall if you need the API Key so go ahead and generate one just in case. You can always delete it later if you'd like. 53 | - GUI tab 54 | + Everything can stay as is on this tab but you can change the GUI Theme if you'd like. 55 | - Connections 56 | + Keep the defaults as they are 57 | + Sync Protocol Listen Address to ```default``` 58 | + Incoming and Outgoing Rate Limits are both set to ```0``` 59 | + Enable NAT traversal, Global Discovery, Local Discovery, and Enable Relaying are all checked 60 | + Global Discovery Servers to ```default``` 61 | - Click Save 62 | - Now I'm going to go back in and edit Settings -> General -> Default Configuration -> Folder Defaults 63 | - This is optional but makes adding things easier going forward. Below are the changes I've made but you can do what you want 64 | - Changes 65 | - Folder Path: /USER1/ 66 | - Advanced --> Ignore Permissions. Check this only if you have any issues with permissions later. I'll leave it unchecked for now. 67 | - I chose not to make any changes in Device Defaults 68 | - Click Save and then click Save again 69 | - Now delete the Default folder under Folders on the main screen by clicking on it, hitting Edit and then Remove 70 | 71 | That's it here for now. We'll be jumping back and forth between the server and your computer going forward so keep the window open and pay attention to the terms Server and Windows because both GUIs look the same. The Server Web GUI will be in your browser and the Windows GUI will be inside of SyncTrayzor's window on your computer (although you may choose to also open that in a browser as well). 72 | 73 | 74 | # Install and Setup SyncTrayzor on Windows 75 | 76 | Note- *As of this writing, SyncTrayzor is two and a half years without an updated release. It still works fine but be aware that it is currently not being developed. Seeing as there is currently no other package for Windows that provides ease of use (such as a tray icon and log readout) I'm going to stick with it for the time being.* 77 | 78 | * First of all, you don't install Syncthing on it’s own in Windows. Instead, install SyncTrayzor, which is a wrapper for Syncthing, and that's it. You can download it [here](https://github.com/canton7/SyncTrayzor). For my installation of Windows 11 on a decent computer I'm downloading SyncTrayzorSetup-x64.exe 79 | * On first launch, SyncTrayzor will likely fail to startup Syncthing but that's okay. 80 | * On Windows, go into SyncTrayzor → File -> Settings → Syncthing → Advanced and add this to the “Syncthing Command-line Flags” 81 | + `-allow-newer-config` 82 | - While you have the Settings window open (these are optional but I found it helps the server / Windows communication go faster): 83 | - On the same tab you were just on change "Syncthing Process Priority" to Above Normal 84 | - On the SyncTrayzor tab, uncheck "Pause devices which connect over a metered network" under Metered Networks 85 | - Click Save 86 | - Now you can click on Start Syncthing in the main window and it should start up just fine. 87 | * After start up, set the GUI username and password on the Actions --> Settings --> GUI tab 88 | * Next, choose a Device Name on the General Tab (mine is `Strong-Bad`) 89 | * Click on Add Remote Device (still in SyncTrayzor) 90 | * After the window pops up, minimize SyncTrayzor and go back to your browser tab with the Server Syncthing Web GUI 91 | + Copy the Device ID with Actions→Show ID 92 | * Now go back to the SyncTrayzor window and enter that Device ID into the Trayzor “Add Device” box under Device ID 93 | * Leave the Device Name blank because the server will populate that on it's own 94 | * Click Save 95 | * Now go back to the browser window for the server side of things and accept the new connection by allowing it in the pop-up box. You may need to wait a minute for it to pop up first. 96 | * Allow a minute for Windows and the Server to communicate fully. Remote Devices, on each side, should say "Connected (Unused)" when you're ready to move forward. 97 | * On SyncTrayzor, delete the Default folder that came pre-setup for you by the app 98 | * Back on the Server side, click Add Folder on the main screen 99 | * Folder Label: Desktop (or whichever folder you are wanting to sync) 100 | * Folder ID: `windows-desktop` (lowercase) or whatever folder you entered above 101 | * Folder Path is the Desktop folder location on your server (or your desired folder) which in my case is `/USER1/Desktop` 102 | * On the Sharing tab, select your Windows instance (whatever you called your SyncTrayzor / Syncthing) 103 | * Click Save 104 | * Back in your SyncTrayzor window, accept the folder connection by clicking Add in the pop-up 105 | * You need to pick your Folder Path on the General tab when it pops up. Since I'm sharing my Desktop I'll Browse to that folder on my computer. 106 | 107 | That’s it! Let it do it’s first time sync before adding any new files but you should be good to go! Follow the Add Folder instructions again to add any new folders to share. 108 | 109 | 110 | 111 | # Tips 112 | 113 | - Currently I'm only using Syncthing to backup my computer files to my server. Where Syncthing excels though is adding a third or more Remote Devices. So if you want to keep your desktop computer, your laptop, and maybe your work computer in sync then just repeat the steps as necessary on those devices. It works great. 114 | 115 | * In Windows, you'll likely want to go to SyncTrayzor→Settings→SyncTrayzor and click the Minimize to tray box so that it will all run in the background. Starting on Windows start-up is default. 116 | 117 | 118 | # Errors 119 | 120 | - If you get any errors with out of sync files, make sure everything is EXACTLY the same in each directory (the folder on your computer and the directory on the server). Also double check that your permissions are correct. 121 | 122 | 123 | - Permissions issues between different types of devices: 124 | - Settings to go with: 125 | - On Windows 126 | - Turn on "Ignore Permissions" 127 | - On Server 128 | - Turn off "Ignore Permissions" 129 | - All of this could have just been an issue I had with version 1.22.1 so ignore this unless you have an issue. -------------------------------------------------------------------------------- /Apps and Services/Tailscale.md: -------------------------------------------------------------------------------- 1 | --- 2 | tags: 3 | - Homelabbing 4 | --- 5 | # To Do's 6 | 7 | - [ ] #tailscale Install Tailscale as needed #Homelabbing 8 | 9 | 10 | 11 | # Install # 12 | 13 | This app is ridiculously easy to set up 14 | 15 | - Sign up on the website 16 | - Go to Download on the website and select you OS 17 | - For Windows and Android, it's an app to download 18 | - For Linux, it's a shell script to run 19 | - Authenticate the different apps as needed during install 20 | - That's pretty much it 21 | 22 | 23 | 24 | # Usage # 25 | 26 | - Make sure that Tailscale is running on the two or more devices you want to connect 27 | - On the Tailscale website under "Machines" you'll see some assigned IP addresses. Just use those as you would a 192.168 IP 28 | - So if you want to connect to SSH, just do `ssh user@100.###.###.###` and you're good 29 | 30 | -------------------------------------------------------------------------------- /Apps and Services/UrBackup.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Mon 2023-05-08 @ 06:13 PM 3 | modified: Wed 2023-12-27 @ 03:51 PM 4 | --- 5 | - Go [here](http://urbackup.org/download.html) and copy the link address for the download you need 6 | 7 | ``` 8 | wget https://hndl.urbackup.org/Server/2.5.31/debian/bullseye/urbackup-server_2.5.31_amd64.deb 9 | 10 | sudo apt update 11 | 12 | sudo dpkg -i urbackup-server*.deb 13 | ``` 14 | 15 | - Hit enter at the install 16 | - That should be it but the install instructions say to run `sudo apt-get -f install` now but it didn't do anything for me 17 | - Go to http://192.168.10.8:55414/ 18 | - First thing, go to Settings->Users->Create User. The first time going here will prompt to create a password for `admin` 19 | 20 | 21 | 22 | 23 | /media/BACKUP/urbackup 24 | 25 | 26 | 27 | 28 | ``` 29 | sudo zfs create -o casesensitivity=mixed -o xattr=sa -o dnodesize=auto -o mountpoint=/mnt/Backups/Windows Backups/Windows 30 | ``` 31 | 32 | 33 | ``` 34 | sudo mkdir /mnt/Backups/Windows/Strong-Bad 35 | ``` 36 | 37 | 38 | ``` 39 | sudo chown -R urbackup:urbackup /mnt/Backups/Windows 40 | 41 | sudo chmod -R 770 /mnt/Backups/Windows 42 | 43 | sudo usermod -aG urbackup administrator 44 | ``` 45 | 46 | 47 | 48 | 49 | 50 | ``` 51 | C:\Users\mrjoh\Desktop\*;C:\Users\mrjoh\Downloads\*;C:\Users\mrjoh\Dropbox\*;C:\Users\mrjoh\Pictures\* 52 | ``` -------------------------------------------------------------------------------- /Apps and Services/Wiki.js.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Readable Note Name that describes the note 3 | created: Sat 2024-06-29 @ 08:39 PM 4 | tags: [] 5 | type: 6 | modified: Sat 2024-06-29 @ 08:40 PM 7 | --- 8 | # Layout 9 | 10 | Starting Out 11 | - Where to start? 12 | - Start with what you'd like to do 13 | - What Can You Do? 14 | - Getting rid of the cloud 15 | - Home Environment 16 | - Space 17 | - Racks 18 | 19 | Hardware 20 | - File Systems 21 | - Power Backup 22 | 23 | Software 24 | - Hypervisors vs. bare metal 25 | - VMs vs CTs 26 | - Services 27 | 28 | Networking 29 | - 30 | 31 | Maintenance & Backups 32 | 33 | Resources 34 | - YouTube 35 | - Blogs 36 | - Websites 37 | - Social Media 38 | 39 | # Writing 40 | 41 | https://perfectmediaserver.com/ 42 | 43 | https://www.reddit.com/r/homelab/ 44 | 45 | https://www.reddit.com/r/homelab/wiki/index/ 46 | 47 | - Storage needs 48 | - Get comfortable with the command line 49 | - Linux 50 | - Don't be afraid to explore and make mistakes (labs get messy) 51 | - Everything has been done before (Google and Reddit are your friends!) 52 | - Buying hardware 53 | - Upfront costs vs operating costs 54 | - Jack of all trades, master of some (the learning curve) 55 | - Smart Home 56 | 57 | 58 | # Installation 59 | 60 | ```yaml 61 | version: "3" 62 | services: 63 | 64 | db: 65 | image: postgres:11-alpine 66 | environment: 67 | POSTGRES_DB: wiki 68 | POSTGRES_PASSWORD: your-password 69 | POSTGRES_USER: wikijs 70 | logging: 71 | driver: "none" 72 | restart: unless-stopped 73 | volumes: 74 | - db-data:/var/lib/postgresql/data 75 | 76 | wiki: 77 | image: ghcr.io/requarks/wiki:2 78 | depends_on: 79 | - db 80 | environment: 81 | DB_TYPE: postgres 82 | DB_HOST: db 83 | DB_PORT: 5432 84 | DB_USER: wikijs 85 | DB_PASS: your-db-password 86 | DB_NAME: wiki 87 | restart: unless-stopped 88 | ports: 89 | - "3000:3000" 90 | 91 | volumes: 92 | db-data: 93 | ``` -------------------------------------------------------------------------------- /Apps and Services/Wordpress.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 01:39 PM 4 | --- 5 | Each subheaders (VM, Docker, LXC / CT) are different ways you can install this. Out of all of these, I think the LXC / CT turnkey approach is the most user friendly while providing the best security out of the box. 6 | 7 | All this being said, I don't use Wordpress any longer. But these are my install notes for when I did. 8 | 9 | 10 | # Installation Options # 11 | 12 | ## VM ## 13 | 14 | - Create the VM or use an existing VM 15 | - Login via terminal 16 | 17 | ``` 18 | sudo apt update && sudo apt upgrade -y 19 | 20 | sudo apt install apache2 apt-transport-https mariadb-server mariadb-client php php-{common,mysql,xml,xmlrpc,curl,gd,imagick,cli,dev,imap,mbstring,opcache,soap,zip,intl} -y 21 | 22 | sudo ufw app list 23 | 24 | sudo ufw allow in "Apache Full" 25 | 26 | sudo ufw allow OpenSSH 27 | 28 | sudo ufw allow Samba 29 | 30 | sudo ufw enable 31 | 32 | sudo mysql_secure_installation 33 | ``` 34 | 35 | ``` 36 | Secure MariaDB options: 37 | 38 | 1. Hit Enter for none 39 | 2. N (Switch to unix_socket authentication) 40 | 3. N (Change the root password) 41 | 4. Y (Remove anonymous users) 42 | 5. Y (Disallow root login remotely) 43 | 6. Y (Remove test database and access to it) 44 | 7. Y (Reload privilege tables now) 45 | ``` 46 | 47 | ``` 48 | sudo nano /etc/apache2/mods-enabled/dir.conf 49 | ``` 50 | 51 | Change the DirectoryIndex line to look like this: 52 | ``` 53 | 54 | DirectoryIndex index.php index.cgi index.pl index.html index.xhtml index.htm 55 | 56 | ``` 57 | 58 | ``` 59 | sudo usermod -aG www-data administrator 60 | 61 | sudo mysql -u root -p 62 | ``` 63 | 64 | ``` 65 | CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci; 66 | 67 | CREATE USER 'wordpress'@'%' IDENTIFIED BY 'password123'; 68 | 69 | GRANT ALL ON wordpress.* TO 'wordpress'@'%'; 70 | 71 | QUIT; 72 | ``` 73 | 74 | ``` 75 | sudo nano /etc/apache2/sites-available/yourwebsite.com.conf 76 | ``` 77 | 78 | ```c 79 | 80 | ServerAdmin youremail@gmail.com 81 | ServerName yourwebsite.com 82 | ServerAlias www.yourwebsite.com 83 | DocumentRoot /var/www/yourwebsite.com/ 84 | 85 | ``` 86 | 87 | ``` 88 | cd /tmp 89 | 90 | curl -O https://wordpress.org/latest.tar.gz 91 | 92 | tar xzvf latest.tar.gz 93 | 94 | touch /tmp/wordpress/.htaccess 95 | 96 | cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php 97 | 98 | mkdir /tmp/wordpress/wp-content/upgrade 99 | 100 | sudo cp -a /tmp/wordpress/. /var/www/yourwebsite.com 101 | 102 | sudo rm latest.tar.gz 103 | 104 | sudo rm -rf wordpress 105 | 106 | sudo chown -R www-data:www-data /var/www/yourwebsite.com 107 | 108 | sudo find /var/www/yourwebsite.com/ -type d -exec chmod 750 {} \; 109 | 110 | sudo find /var/www/yourwebsite.com/ -type f -exec chmod 640 {} \; 111 | 112 | sudo a2ensite yourwebsite.com.conf 113 | 114 | sudo a2dissite 000-default.conf 115 | 116 | sudo a2enmod rewrite 117 | 118 | sudo systemctl restart apache2 119 | 120 | curl -s https://api.wordpress.org/secret-key/1.1/salt/ 121 | ``` 122 | 123 | - Copy the output into a note somewhere and insert in place of the temporary code in this next file: 124 | 125 | ``` 126 | sudo nano /var/www/yourwebsite.com/wp-config.php 127 | ``` 128 | 129 | ```php 130 | 246 | 247 | ServerAdmin youremail@gmail.com 248 | 249 | DocumentRoot /var/www/html/wordpress 250 | ServerName yourwebsite.com 251 | ServerAlias www.yourwebsite.com 252 | 253 | 254 | 255 | Options FollowSymLinks 256 | AllowOverride All 257 | Require all granted 258 | 259 | 260 | 261 | ErrorLog ${APACHE_LOG_DIR}/error.log 262 | CustomLog ${APACHE_LOG_DIR}/access.log combined 263 | 264 | 265 | ``` 266 | 267 | 268 | 269 | ## Docker (don't) ## 270 | 271 | - This method is not recommended for production, only development 272 | - Much more difficult to use a domain name with docker install 273 | - The code is not included here since it is unsupported. This note is only meant as a reminder to not go down the docker path for Wordpress, in my and lots of others opinion. 274 | 275 | 276 | 277 | ## LXC / CT ## 278 | 279 | * Use Turnkey Linux Wordpress CT template 280 | 281 | * The setup is pretty straightforward 282 | 283 | * After initial OS installation, login to the server via SSH and attach the container. 284 | 285 | Check your current version: 286 | ``` 287 | php --version 288 | ``` 289 | 290 | * As of this writing it shows as 291 | ``` 292 | PHP 7.3.31-1~deb10u1 293 | ``` 294 | 295 | ``` 296 | apt update 297 | 298 | apt upgrade -y 299 | ``` 300 | 301 | ``` 302 | apt -y install lsb-release apt-transport-https ca-certificates 303 | 304 | wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg 305 | 306 | echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list 307 | 308 | apt update 309 | 310 | apt -y install php7.4 311 | 312 | php --version 313 | ``` 314 | 315 | * Confirm the PHP version is now 7.4 316 | 317 | * Install missing modules: 318 | 319 | ``` 320 | apt-get install php7.4-{bcmath,bz2,intl,gd,mbstring,mysql,zip,curl,dom,imagick} 321 | ``` 322 | 323 | * Disable the old PHP and enable the new one 324 | 325 | ``` 326 | a2dismod php7.3 327 | 328 | systemctl restart apache2 329 | 330 | a2enmod php7.4 331 | 332 | systemctl restart apache2 333 | ``` 334 | 335 | * In Wordpress, go to Tools-->Site Health. All of the PHP issues should be solved. 336 | * Go [here](https://dev.to/samtarling/upgrading-apache-from-php-7-3-to-php-7-4-3a3h) if there are still any PHP issues 337 | 338 | * At this point it's a good idea to run update and upgrade again. 339 | * It'll want to upgrade 7.3 but that should have no effect on 7.4 and/or Wordpress. 340 | 341 | ``` 342 | apt update 343 | 344 | apt upgrade -y 345 | ``` 346 | 347 | ``` 348 | cd /var/www/wordpress 349 | ``` 350 | 351 | Edit the config so that it will work will the domain name and NPM 352 | 353 | ``` 354 | nano wp-config.php 355 | ``` 356 | 357 | Add this after the beginning commented out instructions: 358 | 359 | ``` 360 | define('FORCE_SSL_ADMIN', true); 361 | if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') 362 | $_SERVER['HTTPS']='on'; 363 | ``` 364 | 365 | Further down look for this section and make it look like this: 366 | 367 | ``` 368 | // Single-Site (serves any hostname) 369 | // For Multi-Site, see: https://www.turnkeylinux.org/docs/wordpress/multisite 370 | define('WP_SITEURL','https://yourwebsite.com'); 371 | define('WP_HOME','https://yourwebsite.com'); 372 | ``` 373 | 374 | 375 | # Theme # 376 | 377 | Go in Appearance-->Themes 378 | 379 | * Install and activate the Baskerville theme 380 | 381 | 382 | # Email # 383 | 384 | - Follow this for now 385 | - https://wpmailsmtp.com/docs/how-to-set-up-the-gmail-mailer-in-wp-mail-smtp 386 | - Note to self: Although this is a fairly easy setup, I don't think it needs to be this complex. Next time you need to set up email again, look into using the built in PHP option or something else BEFORE using this. -------------------------------------------------------------------------------- /Apps and Services/YouTube Downloaders.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Sat 2023-06-03 @ 10:18 AM 3 | modified: Wed 2023-12-27 @ 03:51 PM 4 | --- 5 | ArchiveBox 6 | 7 | https://github.com/Tzahi12345/YoutubeDL-Material 8 | https://github.com/tubearchivist/tubearchivist 9 | https://github.com/Rudloff/alltube 10 | https://github.com/th-ch/youtube-music 11 | -------------------------------------------------------------------------------- /CTs/Duplicati CT.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Thu 2023-12-28 @ 08:48 AM 4 | --- 5 | Create a basic Ubuntu CT 6 | 7 | 8 | # Setup Container # 9 | 10 | ``` 11 | lxc-attach --name 301 12 | 13 | apt update 14 | 15 | dpkg-reconfigure locales 16 | 17 | apt install unattended-upgrades gnupg 18 | 19 | dpkg-reconfigure --priority=low unattended-upgrades 20 | 21 | apt upgrade 22 | ``` 23 | 24 | Add users 25 | ``` 26 | useradd -u 1000 -M administrator 27 | useradd -u 1010 -M dave 28 | useradd -u 1011 -M emmett 29 | ``` 30 | 31 | Add groups 32 | ``` 33 | groupadd -g 1020 nas 34 | groupadd -g 1021 plex-movies 35 | groupadd -g 1022 plex-music 36 | groupadd -g 1023 plex-shows 37 | groupadd -g 1024 books 38 | groupadd -g 1025 photos 39 | ``` 40 | 41 | 42 | 43 | # Install Duplicati # 44 | 45 | ``` 46 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF 47 | 48 | echo "deb https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list 49 | 50 | apt update 51 | 52 | sudo apt install mono-devel gtk-sharp2 libappindicator0.1-cil libmono-2.0-1 apt-transport-https git software-properties-common -y 53 | 54 | wget https://updates.duplicati.com/beta/duplicati_2.0.6.3-1_all.deb 55 | 56 | apt install ./duplicati_2.0.6.3-1_all.deb 57 | ``` 58 | 59 | ``` 60 | nano /etc/systemd/system/duplicati.service 61 | ``` 62 | 63 | ``` 64 | [Unit] 65 | Description=Duplicati web-server 66 | After=network.target 67 | 68 | [Service] 69 | Nice=19 70 | IOSchedulingClass=idle 71 | EnvironmentFile=-/etc/default/duplicati 72 | ExecStart=/usr/bin/duplicati-server $DAEMON_OPTS 73 | Restart=always 74 | 75 | [Install] 76 | WantedBy=multi-user.target 77 | ``` 78 | 79 | ``` 80 | nano /etc/default/duplicati 81 | ``` 82 | 83 | ``` 84 | # Defaults for duplicati initscript 85 | # sourced by /etc/init.d/duplicati 86 | # installed at /etc/default/duplicati by the maintainer scripts 87 | # 88 | # This is a POSIX shell fragment 89 | # 90 | # Additional options that are passed to the Daemon. 91 | DAEMON_OPTS="--webservice-interface=any --webservice-port=8200 --portable-mode" 92 | ``` 93 | 94 | ``` 95 | systemctl enable duplicati.service 96 | systemctl daemon-reload 97 | systemctl start duplicati.service 98 | systemctl status duplicati.service 99 | ``` 100 | 101 | ``` 102 | mkdir /mnt/Backups 103 | mkdir /mnt/Games 104 | mkdir /mnt/Media 105 | mkdir /mnt/Websites 106 | ``` 107 | 108 | ``` 109 | chown administrator:administrator /mnt/Backups 110 | chown dave:administrator /mnt/Games 111 | chown dave:administrator /mnt/Media 112 | chown dave:administrator /mnt/Websites 113 | ``` 114 | 115 | Shutdown 116 | 117 | 118 | # Create Mountpoint # 119 | 120 | From Proxmox: 121 | ``` 122 | nano /etc/pve/lxc/301.conf 123 | ``` 124 | 125 | * Add this to the bottom: 126 | ``` 127 | mp0: /mnt/Deep-13/Backups/Crow,mp=/mnt/Backups/Crow 128 | mp1: /mnt/Deep-13/Backups/Tom-Servo,mp=/mnt/Backups/Tom-Servo 129 | mp2: /mnt/Deep-13/Emmett,mp=/mnt/Emmett 130 | mp3: /mnt/Deep-13/Games/DnD,mp=/mnt/Games/DnD 131 | mp4: /mnt/Deep-13/Games/Emulators,mp=/mnt/Games/Emulators 132 | mp5: /mnt/Deep-13/Games/Minecraft,mp=/mnt/Games/Minecraft 133 | mp6: /mnt/Deep-13/Media/Audio,mp=/mnt/Media/Audio 134 | mp7: /mnt/Deep-13/Media/Books,mp=/mnt/Media/Books 135 | mp8: /mnt/Deep-13/Media/Photos,mp=/mnt/Media/Photos 136 | mp9: /mnt/Deep-13/Media/Video,mp=/mnt/Media/Video 137 | mp10: /mnt/Deep-13/NAS,mp=/mnt/NAS 138 | mp11: /mnt/Deep-13/Websites/Blog,mp=/mnt/Websites/Blog 139 | mp12: /mnt/Deep-13/Websites/Daycare,mp=/mnt/Websites/Daycare 140 | mp13: /mnt/Deep-13/Websites/Offline,mp=/mnt/Websites/Offline 141 | ``` 142 | 143 | 144 | # Duplicati Settings # 145 | 146 | Go to http://192.168.40.115:8200/ or whatever the IP is 147 | 148 | Upon first visit, you'll be prompted to set the password 149 | 150 | After setting the password, log back in and go back to Settings 151 | 152 | - change "Display and color theme" to the dark theme 153 | 154 | Click OK 155 | 156 | 157 | # Creating Backups # 158 | 159 | ``` 160 | Select "Configure a new backup" 161 | Name: Websites/Blog or whatever the dataset name is 162 | Enter and repeat the passphrase 163 | Storage Type: S3 Compatible 164 | Server: Custom server url () 165 | Custom S3 endpoint: 192.168.10.3:9000 (or whatever the IP is) 166 | Bucket name: websites-blog (adjust based on Name of this backup) 167 | Bucket create region: Custom region value () 168 | Custom region: gizmonics-institute 169 | AWS Access ID: in MinIO entry in 1P 170 | AWS Access Key: in MinIO entry in 1P 171 | Client library: Minio SDK 172 | Test connection and select No on renaming and Yes on folder creation 173 | Source data: /mnt/Websites/Blog 174 | Set schedule as needed 175 | Backup retention: Keep a specific number of backups 176 | Backup retention #: 1 177 | ``` 178 | 179 | Save 180 | 181 | 182 | -------------------------------------------------------------------------------- /CTs/Plex CT.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Thu 2023-11-30 @ 07:51 PM 3 | modified: Thu 2023-12-28 @ 08:48 AM 4 | --- 5 | # Prepare Proxmox 6 | 7 | Get the current kernel version on your machine: 8 | ``` 9 | uname -r 10 | ``` 11 | 12 | In my case, it was 13 | ``` 14 | 5.15.35-2-pve 15 | ``` 16 | 17 | Now search for available kernel updates: 18 | ``` 19 | apt-cache search pve-header 20 | ``` 21 | 22 | * From the results, find your kernel version and paste it into this command: 23 | ``` 24 | apt install pve-headers-*.*.*-*-pve 25 | 26 | paste it in so it looks like this: 27 | 28 | apt install pve-headers-5.15.35-2-pve 29 | ``` 30 | 31 | 32 | ``` 33 | nano /etc/modprobe.d/pve-blacklist.conf 34 | ``` 35 | 36 | * Put this in there 37 | ``` 38 | blacklist nouveau 39 | ``` 40 | 41 | ``` 42 | update-initramfs -u 43 | ``` 44 | 45 | Reboot 46 | 47 | ``` 48 | apt install build-essential 49 | ``` 50 | 51 | 52 | # Install GPU Card Driver # 53 | 54 | Go [here](https://www.nvidia.com/Download/index.aspx "NVIDIA Driver Downloads") 55 | 56 | Enter your card details and click Search and then Download on the next page 57 | 58 | On the next page, instead of clicking this second Download button, right click on it and copy the link address 59 | 60 | In the Proxmox command line, enter "wget" followed by the link (example below): 61 | ``` 62 | wget https://us.download.nvidia.com/XFree86/Linux-x86_64/515.48.07/NVIDIA-Linux-x86_64-515.48.07.run 63 | ``` 64 | 65 | ``` 66 | chmod +x NVIDIA-Linux-x86_64-515.48.07.run 67 | 68 | ./NVIDIA-Linux-x86_64-515.48.07.run 69 | 70 | rm NVIDIA-Linux-x86_64-515.48.07.run 71 | ``` 72 | 73 | * For the installer, just go with the defaults and click OK on any information prompts 74 | 75 | Confirm it's installed 76 | ``` 77 | nvidia-smi 78 | ``` 79 | 80 | ``` 81 | nano /etc/modules-load.d/modules.conf 82 | ``` 83 | 84 | Add these lines: 85 | ``` 86 | # Nvidia modules 87 | nvidia 88 | nvidia-modeset 89 | nvidia_uvm 90 | ``` 91 | 92 | ``` 93 | update-initramfs -u 94 | ``` 95 | 96 | ``` 97 | nano /etc/udev/rules.d/70-nvidia.rules 98 | ``` 99 | 100 | Add lines 101 | ``` 102 | KERNEL=="nvidia", RUN+="/bin/bash -c '/usr/bin/nvidia-smi -L && /bin/chmod 666 /dev/nvidia*'" 103 | KERNEL=="nvidia_modeset", RUN+="/bin/bash -c '/usr/bin/nvidia-modprobe -c0 -m && /bin/chmod 666 /dev/nvidia-modeset*'" 104 | KERNEL=="nvidia_uvm", RUN+="/bin/bash -c '/usr/bin/nvidia-modprobe -c0 -u && /bin/chmod 666 /dev/nvidia-uvm*'" 105 | ``` 106 | 107 | Reboot 108 | 109 | ``` 110 | nvidia-smi 111 | ``` 112 | 113 | 114 | 115 | # Create the Container # 116 | 117 | * Create the container as per usual except: 118 | * Uncheck "Unprivileged" 119 | * Size- 40G 120 | * Networking- Plex must be in the same VLAN as the computer used to set it up (laptop or office computer) to begin with in order to start the setup wizard. If you're not in the same subnet it won't work. 121 | * Do not start the container yet 122 | 123 | 124 | * Find and note some GPU numbers: 125 | ``` 126 | ls -l /dev/nv* 127 | ``` 128 | 129 | Edit the conf container you want to passthrough to 130 | ``` 131 | nano /etc/pve/lxc/161.conf 132 | ``` 133 | 134 | Compare the numbers from the previous command results and change the numbers accordingly in this text after pasting it into the 161.conf 135 | ``` 136 | # Allow cgroup access 137 | lxc.cgroup2.devices.allow = c 195:0 rw 138 | lxc.cgroup2.devices.allow = c 195:255 rw 139 | lxc.cgroup2.devices.allow = c 195:254 rw 140 | lxc.cgroup2.devices.allow = c 505:0 rw 141 | lxc.cgroup2.devices.allow = c 505:1 rw 142 | lxc.cgroup2.devices.allow = c 10:144 rw 143 | 144 | # Pass through device files 145 | lxc.mount.entry = /dev/nvidia0 dev/nvidia0 none bind,optional,create=file 146 | lxc.mount.entry = /dev/nvidiactl dev/nvidiactl none bind,optional,create=file 147 | lxc.mount.entry = /dev/nvidia-modeset dev/nvidia-modeset none bind,optional,create=file 148 | lxc.mount.entry = /dev/nvidia-uvm dev/nvidia-uvm none bind,optional,create=file 149 | lxc.mount.entry = /dev/nvidia-uvm-tools dev/nvidia-uvm-tools none bind,optional,create=file 150 | lxc.mount.entry = /dev/nvram dev/nvram none bind,optional,create=file 151 | ``` 152 | 153 | * Note that the numbers on the top relate to the files in the "Pass through device files" section 154 | * Note that we're not adding the media folder mount points just yet and also, because this is a privileged container, we don't need to do the normal permissions passthrough lines 155 | 156 | Start the container 157 | 158 | 159 | # Add the GPU to the CT 160 | 161 | ``` 162 | lxc-attach --name 161 163 | 164 | apt update && apt upgrade -y 165 | 166 | wget https://us.download.nvidia.com/XFree86/Linux-x86_64/515.48.07/NVIDIA-Linux-x86_64-515.48.07.run 167 | 168 | chmod +x NVIDIA-Linux-x86_64-515.48.07.run 169 | 170 | ./NVIDIA-Linux-x86_64-515.48.07.run --no-kernel-module 171 | 172 | rm NVIDIA-Linux-x86_64-515.48.07.run 173 | ``` 174 | 175 | Reboot 176 | 177 | Confirm that the card was passed thru and is now working: 178 | ``` 179 | lxc-attach --name 161 180 | 181 | nvidia-smi 182 | ``` 183 | 184 | 185 | # Install Plex # 186 | 187 | ``` 188 | lxc-attach --name 161 (if you're not already in there) 189 | 190 | wget https://downloads.plex.tv/plex-media-server-new/1.27.1.5891-c29537f86/debian/plexmediaserver_1.27.1.5891-c29537f86_amd64.deb 191 | 192 | dpkg -i plexmediaserver_1.27.1.5891-c29537f86_amd64.deb 193 | 194 | rm plexmediaserver_1.27.1.5891-c29537f86_amd64.deb 195 | ``` 196 | 197 | Note that we haven't started the Plex service so it will not be functional yet. We need to set up folders and permissions first. 198 | 199 | 200 | # Permissions # 201 | 202 | Create the base "media" folder that will be owned by the CT root user 203 | ``` 204 | lxc-attach --name 161 205 | 206 | mkdir /mnt/media 207 | ``` 208 | 209 | Still in the Plex CT, list the users and groups 210 | ``` 211 | less /etc/passwd 212 | 213 | less /etc/group 214 | ``` 215 | 216 | * Make a note of the results for the users and groups relating to Plex's needs 217 | 218 | Back in the Proxmox CLI, get the "plex" user's numbers 219 | ``` 220 | less /etc/passwd 221 | 222 | less /etc/group 223 | ``` 224 | 225 | Now go back into the Plex CT CLI and change the "plex" user's numbers to match the host numbers 226 | ``` 227 | usermod -u 1002 plex 228 | 229 | groupmod -g 1014 plex 230 | ``` 231 | 232 | I ran this command command in Proxmox as well but I'm not sure it matters (I'll note it here just in case) 233 | ``` 234 | usermod -aG plex dave-smb 235 | ``` 236 | 237 | Create groups in the Plex CT 238 | ``` 239 | lxc-attach --name 161 240 | 241 | groupadd plex-movies 242 | 243 | groupadd plex-music 244 | 245 | groupadd plex-shows 246 | ``` 247 | 248 | Now change the group numbers for those new groups 249 | ``` 250 | groupmod -g 1006 plex-movies 251 | 252 | groupmod -g 1007 plex-music 253 | 254 | groupmod -g 1008 plex-shows 255 | ``` 256 | 257 | Now add the "plex" user to those groups 258 | ``` 259 | usermod -aG plex-movies plex 260 | 261 | usermod -aG plex-music plex 262 | 263 | usermod -aG plex-shows plex 264 | ``` 265 | 266 | Shutdown the Plex CT 267 | 268 | ``` 269 | nano /etc/pve/lxc/161.conf 270 | ``` 271 | 272 | Insert these lines above the "net0" entry 273 | ``` 274 | mp0: /mnt/deep-13/media/video/movies,mp=/mnt/media/movies 275 | mp1: /mnt/deep-13/media/video/shows,mp=/mnt/media/shows 276 | mp2: /mnt/deep-13/media/audio/music,mp=/mnt/media/music 277 | ``` 278 | 279 | Set the media folder ownership (if you haven't already) 280 | ``` 281 | chown dave-smb:pve-admin /mnt/deep-13/media 282 | 283 | chown -R dave-smb:plex-music /mnt/deep-13/media/audio/music 284 | 285 | chown -R dave-smb:pve-admin /mnt/deep-13/media/audio/other 286 | 287 | chown dave-smb:pve-admin /mnt/deep-13/media/video 288 | 289 | chown -R dave-smb:plex-movies /mnt/deep-13/media/video/movies 290 | 291 | chown -R dave-smb:plex-shows /mnt/deep-13/media/video/shows 292 | ``` 293 | 294 | Set the media folder directory permissions (if you haven't already) 295 | ``` 296 | find /mnt/deep-13/media -type d -exec chmod 775 {} \; 297 | 298 | find /mnt/deep-13/media/audio/music -type d -exec chmod 775 {} \; 299 | 300 | find /mnt/deep-13/media/audio/other -type d -exec chmod 775 {} \; 301 | 302 | find /mnt/deep-13/media/video -type d -exec chmod 775 {} \; 303 | 304 | find /mnt/deep-13/media/video/movies -type d -exec chmod 775 {} \; 305 | 306 | find /mnt/deep-13/media/video/shows -type d -exec chmod 775 {} \; 307 | ``` 308 | 309 | Set the media folder file permissions (if you haven't already) 310 | ``` 311 | find /mnt/deep-13/media -type f -exec chmod 664 {} \; 312 | 313 | find /mnt/deep-13/media/audio/music -type f -exec chmod 664 {} \; 314 | 315 | find /mnt/deep-13/media/audio/other -type f -exec chmod 664 {} \; 316 | 317 | find /mnt/deep-13/media/video -type f -exec chmod 664 {} \; 318 | 319 | find /mnt/deep-13/media/video/movies -type f -exec chmod 664 {} \; 320 | 321 | find /mnt/deep-13/media/video/shows -type f -exec chmod 664 {} \; 322 | ``` 323 | 324 | Fix Plex install ownership issues (still shows up as plex:998) 325 | ``` 326 | chown -R plex:plex /var/lib/plexmediaserver 327 | ``` 328 | 329 | 330 | # Enable Plex Service 331 | 332 | Startup the Plex CT 333 | 334 | Enable and start the Plex service 335 | ``` 336 | lxc-attach --name 161 337 | 338 | systemctl enable plexmediaserver.service 339 | 340 | systemctl start plexmediaserver.service 341 | ``` 342 | 343 | Open Plex at ip-address:32400/web and setup the server 344 | 345 | Once the server is setup: 346 | * Stop the container 347 | * Change the container's VLAN to the Exposed VLAN 348 | * Start the container 349 | * Go into Unifi and set a static IP 350 | * Reboot the container 351 | * Go to the new IP and confirm everything works 352 | * Change the Port Forwarding Plex rule to the new IP 353 | 354 | 355 | In Plex -> Settings -> Transcoder, check "Use hardware acceleration when available" 356 | 357 | 358 | # Additional Permissions Notes 359 | 360 | THE TEXT BELOW IS FROM [HERE](https://gist.github.com/pjobson/3811b73740a3a09597511c18be845a6c) 361 | 362 | 363 | Maintenance 364 | 365 | When copying files and directories around be sure to keep your permissions up to date. 366 | 367 | Directories should be `775` or `rwxrwxrx-` and files should be `664` or `rw-rw-r--`. 368 | 369 | I have my process automated, but what it would look like if it were manual would be: 370 | 371 | 372 | Change the permissions of the directory of the movie to rwxrwxrw- 373 | 374 | ``` 375 | chmod 775 "/dvr/mediastore/Movies/M/Movie I Totally Own (1999)" 376 | ``` 377 | 378 | Change the permissions of the files in the movie's path to rw-rw-r-- 379 | 380 | ``` 381 | chmod 664 "/dvr/mediastore/Movies/M/Movie I Totally Own (1999)/*" 382 | ``` 383 | 384 | Change the ownership of the movie and all contents using recursively to plex and the group to plex. 385 | 386 | ``` 387 | sudo chown -R plex.plex "/dvr/mediastore/Movies/M/Movie I Totally Own (1999)" 388 | ``` 389 | 390 | I automate this process by creating a cron job which runs every fifteen minutes and checks the permissions and modifies them as needed. -------------------------------------------------------------------------------- /Cheatsheets/Cheatsheet.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:31 PM 3 | modified: Fri 2024-01-12 @ 06:23 PM 4 | tags: 5 | - Homelabbing 6 | sticker: emoji//1f4c3 7 | --- 8 | https://github.com/xcad2k/cheat-sheets 9 | 10 | 11 | ## SSH 12 | 13 | 14 | SSH Into Proxmox Containers 15 | 16 | ``` 17 | lxc-attach --name 100 (change based on container number) 18 | ``` 19 | 20 | 21 | ## SMB / Samba ## 22 | 23 | ### ZFS Specific ## 24 | 25 | Install Samba 26 | ``` 27 | apt update 28 | apt install samba 29 | systemctl enable smbd 30 | ``` 31 | 32 | ^c32f3f 33 | 34 | Create a SMB user 35 | ``` 36 | adduser dave-deepape 37 | usermod -aG sambashare dave-deepape 38 | smbpasswd -a dave-deepape 39 | ``` 40 | 41 | Create a new dataset to share 42 | ``` 43 | zfs create -o mountpoint=/mnt/shares/nas Deep13/nas 44 | ``` 45 | 46 | Turn SMB sharing on in ZFS 47 | 48 | 49 | * Share specifics datasets one at a time: 50 | ``` 51 | zfs set sharesmb=on sharename=gypsy-backups Deep-Ape/Backups 52 | ``` 53 | 54 | Set permissions for the share 55 | ``` 56 | chown -R dave-deepape:dave-deepape /mnt/deep-ape/media 57 | ``` 58 | 59 | Restart samba to get everything working 60 | ``` 61 | service smbd restart 62 | ``` 63 | 64 | * Reboot Proxmox node via the GUI 65 | 66 | Connect to share on Windows 67 | 68 | * Open File Explorer and go to the Network tab 69 | * In the location bar where it says Network, paste this: 70 | ``` 71 | \\192.168.2.11\nas 72 | ``` 73 | 74 | 75 | Troubleshooting 76 | 77 | Get a list of which datasets are shared 78 | ``` 79 | zfs get sharesmb 80 | ``` 81 | 82 | 83 | 84 | 85 | 86 | nano /etc/samba/smb.conf 87 | 88 | 89 | 90 | 91 | ## ZFS ## 92 | 93 | * See [[ZFS]] note as well as below 94 | 95 | List all ZFS samba shares: 96 | ``` 97 | sudo zfs get sharesmb 98 | ``` 99 | 100 | 101 | Clean up below: 102 | 103 | 104 | zpool create -o ashift=12 -m /mnt/deep-ape Deep-Ape raidz /dev/disk/by-id/ata-ST8000VN004-2M2101_WSD4AL2Z /dev/disk/by-id/ata-ST8000VN004-2M2101_WSD7101N /dev/disk/by-id/ata-ST8000VN004-2M2101_WSD6YG1K 105 | 106 | 107 | zfs create -o mountpoint=/mnt/deep-ape/backups Deep-Ape/Backups 108 | 109 | 110 | 111 | zfs set compression=lz4 xattr=sa dnodesize=auto Deep-Ape 112 | 113 | 114 | zfs destroy Deep-Ape/Media/Downloaders 115 | 116 | zpool destroy deep13 117 | 118 | 119 | 120 | 121 | # Terminal # 122 | 123 | ======================================= 124 | 125 | ## Path 126 | 127 | 128 | Change path 129 | ``` 130 | cd [directory] 131 | ``` 132 | Go out one folder 133 | ``` 134 | cd .. 135 | ``` 136 | Show the full path you are at 137 | ``` 138 | pwd 139 | ``` 140 | Show the folder structure of your path 141 | ``` 142 | tree 143 | ``` 144 | 145 |
146 | 147 | *** 148 | 149 | ## Text Files ## 150 | 151 | Select default editor 152 | ``` 153 | sudo update-alternatives --config editor 154 | ``` 155 | 156 | Show the contents of a file 157 | ``` 158 | cat file.txt 159 | ``` 160 | Create a file w/o editting it 161 | ``` 162 | touch file.txt 163 | ``` 164 | Edit a file 165 | ``` 166 | nano file.txt 167 | ``` 168 | 169 |
170 | 171 | *** 172 | 173 | ## Copy, Move, Delete ## 174 | 175 | Move file or folder 176 | ``` 177 | mv /origin /destination 178 | ``` 179 | 180 | For monitoring mv operations 181 | ``` 182 | apt install progress 183 | 184 | start the operation, open another ssh window for the same server and enter: 185 | 186 | progress -mw 187 | ``` 188 | 189 | Move a file to a different server 190 | ``` 191 | scp [file_name.txt] [server/tmp] 192 | ``` 193 | Delete a file 194 | ``` 195 | rm [FILE] 196 | ``` 197 | Delete a folder 198 | ``` 199 | rm -r [FOLDER] 200 | ``` 201 | 202 |
203 | 204 | *** 205 | 206 | ## Power and restart ## 207 | 208 | ``` 209 | reboot 210 | poweroff 211 | shutdown now 212 | ``` 213 | 214 | 215 | 216 | ## Special Characters 217 | 218 | See examples of how to do all allowed special characters [here](https://www.tecmint.com/special-character-filenames-linux/) 219 | 220 | 221 | 222 | *** 223 | 224 | ## Networking ## 225 | 226 | ``` 227 | ip a 228 | ip r 229 | traceroute 230 | ``` 231 | 232 | See what DNS servers your system is configured to use 233 | ``` 234 | cat /etc/resolv.conf 235 | ``` 236 | 237 | See system hostname: 238 | ``` 239 | hostname 240 | ``` 241 | 242 | Show the IP address of the system: 243 | ``` 244 | hostname -i 245 | ``` 246 | 247 | See active (listening) ports with the netstat command: 248 | ``` 249 | netstat -pnltu 250 | ``` 251 | 252 | Show tcp and udp ports and their programs: 253 | ``` 254 | netstat -nutlp 255 | ``` 256 | 257 | Lookup hostname: 258 | ``` 259 | nslookup 192.168.2.11 260 | ``` 261 | 262 | 263 | 264 | ## Users and Groups 265 | 266 | ``` 267 | useradd -M  268 | ``` 269 | 270 | List current users 271 | 272 | ``` 273 | less /etc/passwd 274 | ``` 275 | 276 | Adding new user accounts 277 | ``` 278 | adduser [user_name] 279 | ``` 280 | 281 | Modify a user account 282 | ``` 283 | usermod 284 | ``` 285 | 286 | Add a user to a group: 287 | ``` 288 | usermod -aG [group_name] [user_name] 289 | ``` 290 | 291 | List current user's groups 292 | ``` 293 | groups 294 | ``` 295 | 296 | List all groups: 297 | ``` 298 | less /etc/group 299 | ``` 300 | 301 | List all users in a group 302 | ``` 303 | getent group [group] 304 | ``` 305 | 306 | Delete a user account 307 | ``` 308 | deluser 309 | ``` 310 | 311 | Delete a group 312 | ``` 313 | delgroup 314 | ``` 315 | 316 | Add a new group 317 | ``` 318 | groupadd [group_name] 319 | ``` 320 | 321 | List logged in user w/ PID 322 | ``` 323 | who -u 324 | ``` 325 | 326 | Logs out the user 327 | ``` 328 | kill [PID number] 329 | ``` 330 | 331 | 332 | 333 | ## Downloads ## 334 | 335 | Download a file from a domain using the wget command: 336 | ``` 337 | wget [file_name] 338 | ``` 339 | 340 | Save a remote file to your system using the filename that corresponds to the filename on the server: 341 | ``` 342 | curl -O [file-url] 343 | ``` 344 | 345 | 346 | 347 | ## Run Scripts ## 348 | 349 | Run shell script (you can remove the .sh if Linux lists it without) 350 | 351 | ``` 352 | ./scriptname.sh 353 | ``` 354 | 355 | 356 | ## Copy ## 357 | 358 | ``` 359 | cp -R /etc /etc_backup 360 | ``` 361 | 362 | Backup one folder to another using rsync (same as copy but will mirror the folder) 363 | 364 | ``` 365 | rsync --info=progress2 -auvz /origin-directory /destination-directory/ 366 | ``` 367 | 368 | 369 | ## Permissions ## 370 | 371 | Change file owner to user and group to group 372 | ``` 373 | chown USER:GROUP FILE 374 | ``` 375 | 376 | Change mode of file to 775 377 | ``` 378 | chmod 775 file 379 | ``` 380 | 381 | Recurs­ively chmod folder to 600 382 | ``` 383 | chmod -R 600 folder 384 | ``` 385 | 386 | 387 | 388 | ## SSH ## 389 | 390 | ``` 391 | ssh dave@linserv 392 | ``` 393 | 394 | 395 | ## Search ## 396 | 397 | List total number of files and directories (doesn't differentiate) 398 | ``` 399 | ls | wc -l 400 | ``` 401 | 402 | Get the size of a directory 403 | ``` 404 | du -sh /var 405 | ``` 406 | 407 | 408 | ======================================= 409 | 410 | 411 | ![[Cheatsheet#ZFS]] 412 | 413 | I can also create a [Reference Link][ID1] by noting the ID and then put the links at the end of the page later like this... 414 | 415 | [ID1]:http://url.com "Reference Definition" 416 | 417 | Footnote^[This is a footnote that will be placed at the bottom of this note in Reading view] 418 | 419 | 420 | Link to an Obsidian note: 421 | [[Cheatsheet]] 422 | 423 | Link to an Obsidian note but call it something different: 424 | [[Homelab|stuff]] 425 | 426 | 427 | Link to a header somewhere on the same page or a different note: 428 | [[Cheatsheet#Path]] 429 | 430 | 431 | [[Homelab#Next Up]] 432 | 433 | Link to blocks in a page 434 | [[Cheatsheet#^c32f3f |Install Samba]] 435 | 436 | 437 | 438 | 439 | 440 | 441 | ## Tags ## 442 | 443 | Use a hash followed by the word you want (ie. `#tag`) 444 | 445 | 446 | 447 | 448 | ## Images ## 449 | 450 | ![Image](./image.jpg "Title") 451 | 452 | 453 | 454 | ## Tables ## 455 | 456 | Dimensions | Megapixels 457 | ---|--- 458 | 1,920 x 1,080 | 2.1MP 459 | 3,264 x 2,448 | 8MP 460 | 4,288 x 3,216 | 14MP 461 | 462 |
463 |
464 | 465 | | foo | bar | 466 | | --- | --- | 467 | | baz | bim | 468 | 469 | 470 | 471 | 472 | ## Blockquotes ## 473 | 474 | > Blockquote [foo]. 475 | 476 | 477 | > [foo]: /url 478 | 479 |
480 | 481 | > > 1. one 482 | >> 483 | >> two 484 | 485 | 486 | 487 | ## Invisible Text ## 488 | 489 | 490 | 491 | 492 | # Ubuntu / Server # 493 | 494 | ## Networking ## 495 | 496 | Host name files 497 | 498 | ``` 499 | /etc/hosts 500 | /etc/hostname 501 | ``` 502 | 503 | 504 | # Docker # 505 | 506 | List containers 507 | ``` 508 | docker container ls 509 | ``` 510 | 511 | 512 | 513 | ## Container Management ## 514 | 515 | Delete container 516 | ``` 517 | docker stop /container-name 518 | 519 | docker rm /container-name 520 | ``` 521 | 522 | 523 | 524 | # Crontab # 525 | 526 | First, start out by getting the system time as that will likely be different than your (the user's) time 527 | ``` 528 | timedatectl 529 | ``` 530 | 531 | Using this as an example: 532 | ``` 533 | 0 4 * * * /home/administrator/scripts/backup_to_Crow.sh 534 | 535 | MIN HOUR DAY-OF-MONTH MONTH DAY-OF-WEEK /home/administrator/scripts/backup_to_Crow.sh 536 | 537 | So that script would run every day at 4a (relative to system time) 538 | ``` 539 | 540 | 541 | ### Format ### 542 | 543 | Minute: 0-59 544 | Hour: 0-23 545 | Day of the month: 1-31 546 | Month: 1-12 (or JAN to DEC) 547 | Day of the week: 0-6 (or SUN to SAT; or 7 for Sunday) 548 | 549 | 550 | ### Special characters 551 | 552 | - A field can contain an asterisk (`*`), which always stands for "first-last". 553 | - Ranges are two numbers separated with a hyphen (`-`) and the specified range is inclusive. 554 | - Following a range with `/NUMBER` specifies skips of the number's value through the range. For example, both `0-23/2` and `*/2` can be used in the `Hour` field to specify execution every two hours. 555 | - A list is a set of numbers (or ranges) separated by commas (`,`). For example, `1,2,5,6` in the `Day of the month` field specifies an execution on the first, second, fifth, and sixth days of the month. 556 | 557 | -------------------------------------------------------------------------------- /Cheatsheets/Google.md: -------------------------------------------------------------------------------- 1 | 2 | " Quotes 3 | 4 | -  Dashes 5 | 6 | ~ tilde for synonyms 7 | 8 | Site: 9 | 10 | | Vertical bar for OR 11 | 12 | .. two periods to look for a number between two numbers 13 | 14 | Location: 15 | 16 | Filetype: -------------------------------------------------------------------------------- /Cheatsheets/Markdown.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Mon 2023-05-08 @ 05:42 PM 3 | modified: Fri 2024-01-12 @ 06:22 PM 4 | --- 5 | ## Headers 6 | 7 | Headers / Headings can use more hash marks to make smaller text in the final view AND indented items in the outline view. 8 | 9 | You can go up to six hash marks on a header 10 | 11 | You don't need the hash mark after the text if you don't want it 12 | 13 | 14 | ## Basic Text Formatting ## 15 | 16 | *Italic* or _italic_ 17 | 18 | **Bold** or __bold__ 19 | 20 | ***Bold and Italic*** 21 | 22 | ~~Strikethrough~~ 23 | 24 | Change text color like this or like this 25 | 26 | ==Highlight== 27 | 28 | 29 | 30 | 31 | ## Lists ## 32 | 33 | 1. Numbered lists start with the number 34 | 2. followed by a . (don't use a parenthesis) 35 | 36 | *** 37 | 38 | + Create a list by starting a line with `+`, `-`, or `*` 39 | + Use Ctrl+Enter to do a `-` 40 | + Sub-lists are made by indenting 2 spaces: 41 | - Marker character change forces new list start: 42 | * Ac tristique libero volutpat at 43 | + Facilisis in pretium nisl aliquet 44 | - Nulla volutpat aliquam velit 45 | + Very easy! 46 | 47 | 48 | To do checkboxes quicker, hit Ctrl+Enter twice 49 | - [x] Task lists can show as completed... 50 | - [ ] ... or not completed 51 | 52 | 53 | 54 | 55 | aslkhjas 56 | 57 | 58 | 59 | ## Separating Text ## 60 | *** 61 | I like to use this
to create a new line 62 |
63 |
64 |
65 | This is good for separating paragraphs as well! 66 | 67 | *** 68 | 69 | When I do this `it changes the font` up a little bit. 70 | 71 | ``` 72 | This is called code block 73 | ``` 74 | 75 | It can also be made by pushing tab and then shift tab when you're done. 76 | 77 | Lines can be made by typing --- or *** or ___ at a new line, like this: 78 | 79 | 80 | ## Creating Links ## 81 | 82 | [this is a link](http://google.com "Google") 83 | 84 | 85 | 86 | 87 | 88 | This is a link to a [[Notes Template |note]] in Obsidian* 89 | 90 | This is a link to a specific header in a [[Breakfast#Oatmeal Jar |note]] in Obsidian* 91 | 92 | * note that these links use a pipe to create a new visible name for the link 93 | 94 | 95 | -------------------------------------------------------------------------------- /Cheatsheets/VIM.md: -------------------------------------------------------------------------------- 1 | # Vim Cheatsheet 2 | 3 | >Disclaimer: This cheatsheet is summarized from personal experience and other online tutorials. It should not be considered as an official advice. 4 | 5 | ## Global ## 6 | 7 | ```bash 8 | :help keyword # open help for keyword 9 | :o file # open file 10 | :saveas file # save file as 11 | :close # close current pane 12 | ``` 13 | 14 | ## Cursor movement ## 15 | 16 | ```bash 17 | h # move cursor left 18 | j # move cursor down 19 | k # move cursor up 20 | l # move cursor right 21 | H # move to top of screen 22 | M # move to middle of screen 23 | L # move to bottom of screen 24 | w # jump forwards to the start of a word 25 | W # jump forwards to the start of a word (words can contain punctuation) 26 | e # jump forwards to the end of a word 27 | E # jump forwards to the end of a word (words can contain punctuation) 28 | b # jump backwards to the start of a word 29 | B # jump backwards to the start of a word (words can contain punctuation) 30 | 0 # jump to the start of the line 31 | ^ # jump to the first non-blank character of the line 32 | $ # jump to the end of the line 33 | g_ # jump to the last non-blank character of the line 34 | gg # go to the first line of the document 35 | G # go to the last line of the document 36 | 5G # go to line 5 37 | fx # jump to next occurrence of character x 38 | tx # jump to before next occurrence of character x 39 | } # jump to next paragraph (or function/block, when editing code) 40 | { # jump to previous paragraph (or function/block, when editing code) 41 | zz # center cursor on screen 42 | Ctrl + b # move back one full screen 43 | Ctrl + f # move forward one full screen 44 | Ctrl + d # move forward 1/2 a screen 45 | Ctrl + u # move back 1/2 a screen 46 | ``` 47 | 48 | ## Insert mode - inserting/appending text ## 49 | 50 | ```bash 51 | i # insert before the cursor 52 | I # insert at the beginning of the line 53 | a # insert (append) after the cursor 54 | A # insert (append) at the end of the line 55 | o # append (open) a new line below the current line 56 | O # append (open) a new line above the current line 57 | ea # insert (append) at the end of the word 58 | Esc # exit insert mode 59 | ``` 60 | 61 | ## Editing ## 62 | 63 | ```bash 64 | r # replace a single character 65 | J # join line below to the current one 66 | cc # change (replace) entire line 67 | cw # change (replace) to the start of the next word 68 | ce # change (replace) to the end of the next word 69 | cb # change (replace) to the start of the previous word 70 | c0 # change (replace) to the start of the line 71 | c$ # change (replace) to the end of the line 72 | s # delete character and substitute text 73 | S # delete line and substitute text (same as cc) 74 | xp # transpose two letters (delete and paste) 75 | . # repeat last command 76 | u # undo 77 | Ctrl + r # redo 78 | ``` 79 | 80 | ## Marking text (visual mode) ## 81 | ```bash 82 | v # start visual mode, mark lines, then do a command (like y-yank) 83 | V # start linewise visual mode 84 | o # move to other end of marked area 85 | O # move to other corner of block 86 | aw # mark a word 87 | ab # a block with () 88 | aB # a block with {} 89 | ib # inner block with () 90 | iB # inner block with {} 91 | Esc # exit visual mode 92 | Ctrl + v # start visual block mode 93 | ``` 94 | 95 | ## Visual commands ## 96 | ```bash 97 | > # shift text right 98 | < # shift text left 99 | y # yank (copy) marked text 100 | d # delete marked text 101 | ~ # switch case 102 | ``` 103 | 104 | ## Cut and paste ## 105 | ```bash 106 | yy # yank (copy) a line 107 | 2yy # yank (copy) 2 lines 108 | yw # yank (copy) the characters of the word from the cursor position to the start of the next word 109 | y$ # yank (copy) to end of line 110 | p # put (paste) the clipboard after cursor 111 | P # put (paste) before cursor 112 | dd # delete (cut) a line 113 | 2dd # delete (cut) 2 lines 114 | dw # delete (cut) the characters of the word from the cursor position to the start of the next word 115 | D # delete (cut) to the end of the line 116 | d$ # delete (cut) to the end of the line 117 | d^ # delete (cut) to the first non-blank character of the line 118 | d0 # delete (cut) to the begining of the line 119 | x # delete (cut) character 120 | ``` 121 | 122 | ## Search and replace ## 123 | ```bash 124 | /pattern # search for pattern 125 | ?pattern # search backward for pattern 126 | \vpattern # 'very magic' pattern: non-alphanumeric characters are interpreted as special regex symbols (no escaping needed) 127 | n # repeat search in same direction 128 | N # repeat search in opposite direction 129 | :%s/old/new/g # replace all old with new throughout file 130 | :%s/old/new/gc # replace all old with new throughout file with confirmations 131 | :noh # remove highlighting of search matches 132 | ``` 133 | 134 | ## Search in multiple files ## 135 | ```bash 136 | :vimgrep /pattern/ {file} # search for pattern in multiple files 137 | :cn # jump to the next match 138 | :cp # jump to the previous match 139 | :copen # open a window containing the list of matches 140 | ``` 141 | 142 | ## Exiting ## 143 | ```bash 144 | :w # write (save) the file, but don't exit 145 | :w !sudo tee % # write out the current file using sudo 146 | :wq or :x or ZZ # write (save) and quit 147 | :q # quit (fails if there are unsaved changes) 148 | :q! or ZQ # quit and throw away unsaved changes 149 | ``` 150 | 151 | ## Working with multiple files ## 152 | ```bash 153 | :e file # edit a file in a new buffer 154 | :bnext or :bn # go to the next buffer 155 | :bprev or :bp # go to the previous buffer 156 | :bd # delete a buffer (close a file) 157 | :ls # list all open buffers 158 | :sp file # open a file in a new buffer and split window 159 | :vsp file # open a file in a new buffer and vertically split window 160 | Ctrl + ws # split window 161 | Ctrl + ww # switch windows 162 | Ctrl + wq # quit a window 163 | Ctrl + wv # split window vertically 164 | Ctrl + wh # move cursor to the left window (vertical split) 165 | Ctrl + wl # move cursor to the right window (vertical split) 166 | Ctrl + wj # move cursor to the window below (horizontal split) 167 | Ctrl + wk # move cursor to the window above (horizontal split) 168 | ``` 169 | 170 | ## Tabs ## 171 | ```bash 172 | :tabnew or :tabnew file # open a file in a new tab 173 | Ctrl + wT # move the current split window into its own tab 174 | gt or :tabnext or :tabn # move to the next tab 175 | gT or :tabprev or :tabp # move to the previous tab 176 | gt # move to tab 177 | :tabmove # move current tab to the th position (indexed from 0) 178 | :tabclose or :tabc # close the current tab and all its windows 179 | :tabonly or :tabo # close all tabs except for the current one 180 | :tabdo command # run the command on all tabs (e.g. :tabdo q - closes all opened tabs) 181 | ``` 182 | -------------------------------------------------------------------------------- /Cheatsheets/Windows Terminal.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Readable Note Name that describes the note 3 | created: Fri 2024-01-12 @ 06:29 PM 4 | tags: [] 5 | type: 6 | modified: Fri 2024-01-12 @ 06:29 PM 7 | --- 8 | # [Install](https://github.com/ChristianLempa/cheat-sheets/blob/main/windows%2Fwindows-terminal.md#install-windows-terminal) 9 | 10 | Windows Store: [Windows Terminal](https://aka.ms/terminal) 11 | 12 | # [Keyboard Shortcuts](https://github.com/ChristianLempa/cheat-sheets/blob/main/windows%2Fwindows-terminal.md#keyboard-shortcuts) 13 | 14 | 1. Applic­ation commands 15 | 16 | - ALT - F4: Close window 17 | - CTRL - S­HIFT - F: Find 18 | - CTRL - S­HIF­T - SPACE: Open dropdown 19 | - CTRL - ,: Open settings file 20 | - ALT - ENTER - F11: Toggle full screen 21 | 22 | 2. Tab commands 23 | 24 | - CTRL - S­HIFT - D: Duplicate tab 25 | - CTRL - S­HIFT - T: New tab 26 | - CTRL - S­HIFT - P: New tab from profile p=1..9 27 | - CTRL - TAB: Switch to next tab 28 | - CTRL - S­HIF­T - TAB: Switch to prev tab 29 | - CTRL - ALT - N: Switch to tab n=0..9 30 | 31 | 3. Pane commands 32 | 33 | - ALT - SH­IFT - D: Split pane optimally. Active profile 34 | - ALT - SH­IFT - -: Split pane horizontally. Default profile 35 | - ALT - SH­IFT - +: Split pane vertically. Default profile 36 | - ALT - SHIFT - ARROWS: Resize pane 37 | - ALT - ARROWS: Move pane focus 38 | - CTRL - S­HIFT - W: Close innermost pane, tab, or window 39 | 40 | 4. Clipboard commands 41 | 42 | - CTRL - C: Copy 43 | - CTRL - V: Paste 44 | 45 | 5. Scrollback commands 46 | 47 | - CTRL - S­HIFT - UP: Scroll up 48 | - CTRL - S­HIF­T - DOWN: Scroll down 49 | - CTRL - S­HIF­T - PGUP: Scroll page up 50 | - CTRL - S­HIF­T - PGDN: Scroll page down 51 | 52 | 6. Visual adjustment commands 53 | 54 | - CTRL - =: Increase font size 55 | - CTRL - -: Decrease font size 56 | - CTRL - 0: Reset font size -------------------------------------------------------------------------------- /Connections/1Password with SSH.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Sat 2023-12-02 @ 01:19 PM 3 | modified: Wed 2023-12-27 @ 04:02 PM 4 | --- 5 | > [!abstract] Summary 6 | > If you use 1Password you can use it to login to your server using Windows Terminal 7 | 8 | 9 | # To Do's 10 | 11 | - [ ] Still need to figure out how to automate 1P backups 12 | - Don't send 1p backups to off-site server, only keep on local servers 13 | 14 | 15 | 16 | 17 | --- 18 | 19 | Some of this is gleaned from [here](https://developer.1password.com/docs/ssh/get-started/) 20 | 21 | 22 | ==IF YOU'VE ALREADY DONE THE INITIAL WINDOWS AND 1P SETUP, SKIP TO [[1Password with SSH#Key Pair Creation|KEY PAIR CREATION]] CREATION BELOW== 23 | 24 | 25 | # Requirements for Windows 26 | 27 | - 1P subscription / paid account 28 | - 1P for Windows 29 | - Microsoft OpenSSH 30 | - Windows Hello must be configured to unlock 1P 31 | 32 | 33 | # Initial Windows Setup 34 | 35 | - Check if the OpenSSH Authentication Agent service is installed and running 36 | 37 | Before you can turn on the SSH agent in 1Password, you'll need to check if the OpenSSH Authentication Agent service is installed: 38 | 39 | 1. Go to **Services** > **OpenSSH Authentication Agent** (press Win + R on your keyboard to open the Run window, type `services.msc` and press Enter or click OK). 40 | 41 | 2. Look for the **OpenSSH Authentication Agent** in the list of services. 42 | 43 | *If you don't see the OpenSSH Authentication Agent in the list, skip ahead to the steps to [turn on the SSH agent in 1Password](https://developer.1password.com/docs/ssh/get-started/#turn-on-the-ssh-agent-in-1password). 44 | 45 | 3. Select **OpenSSH Authentication Agent** in the list of services and press Enter. 46 | 47 | 4. In the "Startup type" menu, choose **Disabled**. If the service status shows the agent is running, click **Stop**. 48 | 49 | 5. Click **Apply**, then click **OK**. 50 | 51 | The 1Password SSH agent can then take over and listen on the system-wide pipe at `\\.\pipe\openssh-ssh-agent`. 52 | 53 | 54 | - Turn on the SSH agent in 1Password 55 | 56 | 1. Open the 1Password app, then click your account or collection at the top of the sidebar and choose **Settings** > **Developer**. 57 | 58 | 2. Select the checkbox to **Use the SSH agent**. 59 | 60 | 3. Select the checkbox to **Display key names when authorizing connections** from the security section. 61 | - When you turn on "Display key names when authorizing connections", it's easier for you to identify which key 1Password is requesting access to when authenticating a request from an SSH client. 62 | 63 | 4. [Adjust the authorization options](https://developer.1password.com/docs/ssh/get-started/#adjust-your-authorization-options) for when and how often the SSH agent will ask you to approve SSH requests. 64 | 65 | 66 | - Make sure the SSH agent keeps running, even when the 1Password app is closed: 67 | 68 | 1. Open 1Password, then click your account or collection at the top of the sidebar and choose **Settings** > **General**. 69 | 70 | 2. Select the checkbox to **Keep 1Password in the notification area**. 71 | 72 | 73 | - Paste this into Command Prompt to configure your SSH or Git client 74 | 75 | ``` 76 | git config --global core.sshCommand "C:/Windows/System32/OpenSSH/ssh.exe" 77 | ``` 78 | 79 | 80 | 81 | # Initial Server Setup 82 | 83 | From Command Prompt: 84 | ``` 85 | ssh -o IdentitiesOnly=yes administrator@192.168.10.10 86 | ``` 87 | 88 | From the users directory 89 | ``` 90 | mkdir .ssh 91 | 92 | touch .ssh/authorized_keys 93 | 94 | chmod 700 -R .ssh 95 | ``` 96 | 97 | 98 | # Key Pair Creation 99 | 100 | On the server you'll want to connect to: 101 | ``` 102 | ssh-keygen -t rsa 103 | ``` 104 | 105 | At the prompt, set the filename and location 106 | ``` 107 | /home/administrator/.ssh/proxy_vm-windows 108 | ``` 109 | * Set a passphrase that is known to you if you want. 1P will remember that for you as well 110 | 111 | ``` 112 | cat /home/administrator/.ssh/proxy_vm-windows.pub >> /home/administrator/.ssh/authorized_keys 113 | ``` 114 | * This will add it to the end of the file and not overwrite the exiting key(s) 115 | 116 | ``` 117 | rm /home/administrator/.ssh/proxy_vm-windows.pub 118 | 119 | exit 120 | 121 | cls 122 | ``` 123 | 124 | 125 | # Windows Terminal Setup 126 | 127 | In Windows Terminal on the machine you want to add server access to: 128 | 129 | - Download the key from the server 130 | ``` 131 | scp -o IdentitiesOnly=yes administrator@192.168.70.120:~/.ssh/proxy_vm-windows C:\Users\mrjoh/.ssh/ 132 | ``` 133 | * Enter the administrator's server password 134 | 135 | In File Explorer, open the C: / Users / mrjoh / .ssh / config file (create the file if you haven't already) and add this: 136 | ``` 137 | Host          proxy_vm-windows 138 |     HostName      192.168.70.120 139 |     User          administrator 140 |     Port          22 141 |     IdentityAgent \\.\pipe\openssh-ssh-agent 142 |     IdentityFile  ~/.ssh/proxy_vm-windows 143 | ``` 144 | * Save 145 | 146 | *It should be noted that if you decide to rename the key that works fine but just make sure you rename it on the server AND on Windows* 147 | 148 | In the Windows Terminal settings, duplicate another profile (or create a new one) 149 | 150 | * Rename it to whatever you're connecting to (Server-Name, etc.) 151 | 152 | * Put this into the command line: 153 | ``` 154 | ssh proxy_vm-windows 155 | ``` 156 | 157 | 158 | # Adding Key to 1P 159 | 160 | The key has been downloaded to Windows but now you need to get it into 1P as well 161 | 162 | - In 1P, click on New Item and then select SSH Key 163 | 164 | - Name it whatever you want (ie. Server-Name) 165 | - Click on Add Private Key -> Import a Key File and pick the key you just downloaded from the server 166 | - Click Save 167 | 168 | 169 | # Finishing Up 170 | 171 | Now in Command Prompt, you need to run this for Windows Terminal to recognize there's a new key to work with: 172 | ``` 173 | ssh-add -l 174 | ``` 175 | 176 | Now open up the new profile in Windows Terminal and the 1P prompt should pop-up and ask you to authenticate with your fingerprint or password. 177 | 178 | Additionally, if you want to change the order of connections in the Windows Terminal dropdown, you'll need to edit the config file. 179 | - Go to Settings --> Open JSON file 180 | - Scroll down and find the profile you just made. Select the opening bracket all the way to the profiles closing bracket and Cut it out 181 | - IMPORTANT- take note that the last profile (the one you're likely selecting) does not have a closing bracket. After you've cut your selection you need to delete that blank line it leaves AND delete the comma after the new last profile's bracket. Any errors in the formatting and the file will not load properly. 182 | - Paste your profile where you want it AND MAKE SURE you make the formatting look like the others, as far as tabs or spacing goes. 183 | - IMPORTANT- you need to add a comma after your profiles last bracket if it's not the last profile. Any errors in the formatting and the file will not load properly. 184 | - Save and close the file 185 | - Confirm it's where you want it by clicking on the dropdown in Windows Terminal and seeing where it is now. -------------------------------------------------------------------------------- /Connections/NFS.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 04:03 PM 4 | --- 5 | # Server Side 6 | 7 | Install the NFS server 8 | ``` 9 | sudo apt install nfs-kernel-server 10 | ``` 11 | 12 | - The ZFS setup DOES NOT use `/etc/exports` for setting things up. Instead you use commands: 13 | 14 | ``` 15 | sudo zfs set sharenfs=on Deep-13 16 | ``` 17 | OR 18 | ``` 19 | sudo zfs set sharenfs="rw=@192.168.40.110,no_all_squash,no_subtree_check,async" Deep-13 20 | ``` 21 | 22 | To share with multiple IPs: 23 | ``` 24 | sudo zfs set sharenfs="rw=@192.168.40.110,rw=@192.168.70.170,no_all_squash,no_subtree_check,async" Deep-13 25 | ``` 26 | 27 | Check on share(s) 28 | ``` 29 | cat /etc/exports.d/zfs.exports 30 | ``` 31 | AND 32 | ``` 33 | sudo zfs get sharenfs Deep-13 34 | ``` 35 | 36 | 37 | 38 | # Client Side 39 | 40 | ``` 41 | sudo apt install nfs-common 42 | 43 | sudo mkdir /mnt/zpool 44 | 45 | sudo chmod 775 /mnt/zpool 46 | ``` 47 | 48 | To temporarily mount the share: 49 | ``` 50 | sudo mount -t nfs 192.168.10.10:/mnt/Deep-13 /mnt/zpool 51 | ``` 52 | 53 | To mount the share on boot: 54 | ``` 55 | sudo nano /etc/fstab 56 | ``` 57 | 58 | Paste this to the bottom: 59 | ``` 60 | # 61 | # Mount zpool from the host (Crow) 62 | 192.168.10.10:/mnt/Deep-13 /mnt/zpool nfs auto 0 0 63 | ``` 64 | 65 | - Create all of the same users and groups that are part of the share so that everything works correctly and you don't mess up any permissions on the host. 66 | 67 | 68 | 69 | # Updating Shares 70 | 71 | Refresh the shares after editing `/etc/exports` 72 | ``` 73 | sudo exportfs -r 74 | ``` 75 | 76 | Verify shares 77 | ``` 78 | sudo exportfs -v 79 | ``` 80 | 81 | 82 | ``` 83 | sudo systemctl status nfs-server.service 84 | ``` 85 | 86 | 87 | 88 | # NFSv4 Only 89 | I not sure if I am using this or not. I remember editing the `nfs.conf` file but I can't remember if I ran the services script below or not. 90 | 91 | `sudo nano /etc/nfs.conf` 92 | 93 | ``` 94 | [nfsd] 95 | vers2=n 96 | vers3=n 97 | vers4=y 98 | vers4.0=y 99 | vers4.1=y 100 | vers4.2=y 101 | ``` 102 | 103 | Disable services that aren't needed for NFSv4 104 | ``` 105 | sudo systemctl mask --now rpc-statd.service rpcbind.service rpcbind.socket 106 | ``` 107 | -------------------------------------------------------------------------------- /Connections/SMB.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 04:05 PM 4 | --- 5 | # Creating Samba Shares # 6 | 7 | This is for creating a SMB share to connect to in Windows 8 | 9 | * this section is incomplete. finish is next time you need to create a share. 10 | 11 | ``` 12 | sudo nano /etc/samba/smb.conf 13 | ``` 14 | 15 | 16 | 17 | 18 | # Mounting Samba Shares # 19 | 20 | This is for attaching an existing external SMB share to the VM 21 | 22 | - In the VM CLI 23 | 24 | ``` 25 | sudo apt install smbclient cifs-utils 26 | ``` 27 | 28 | Test connection 29 | ``` 30 | smbclient '\\192.168.10.5\Deep_13_Media_Audio' -U dave 31 | ``` 32 | 33 | As long as that was able to connect, do this to automount at startup 34 | ``` 35 | sudo nano /root/.smb 36 | ``` 37 | 38 | ``` 39 | user=dave 40 | password=enter-password-here 41 | ``` 42 | * Save and exit 43 | 44 | ``` 45 | sudo nano /etc/fstab 46 | ``` 47 | 48 | Add this to the bottom: 49 | ``` 50 | //192.168.10.5/Deep_13_NAS /mnt/NAS cifs credentials=/root/.smb,uid=1010,gid=1020 0 0 51 | ``` 52 | 53 | For OVMF (UEFI) VMs, if it's not working, add `noauto,x-systemd.automount` like this: 54 | ``` 55 | //192.168.10.10/Deep_13_Media /mnt/Media/ cifs credentials=/root/.smb,uid=1010,gid=1000,noauto,x-systemd.automount 0 0 56 | ``` 57 | 58 | 59 | # Unsharing 60 | 61 | ``` 62 | sudo zfs set sharesmb=off Deep-13/Media 63 | ``` 64 | 65 | 66 | 67 | # Listing Shares 68 | 69 | ``` 70 | sudo zfs get sharesmb Deep-13 71 | ``` 72 | -------------------------------------------------------------------------------- /Connections/SSH Setup.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 04:06 PM 4 | --- 5 | # Errors 6 | 7 | If you're connecting using SSH key pairs and you get an error that says "too many authentication failures" it means you're probably running into a "SSH server six-key limit". 8 | 9 | # SSH Best Practices 10 | 11 | 1. Always set a passphrase to create an additional layer of security. 12 | 2. Practice frequent key rotation and backups. 13 | 3. Confirm each step to avoid permission errors or incorrect SSH agent configuration. 14 | 15 | 16 | # Create Structure (if needed) # 17 | 18 | ``` 19 | mkdir .ssh 20 | 21 | touch .ssh/authorized_keys 22 | 23 | chmod 700 -R .ssh 24 | ``` 25 | 26 | 27 | # 1P 28 | 29 | - If you're using 1P go to the [[1Password with SSH]] note now. If not then continue below. 30 | 31 | 32 | # Create the Key Pair # 33 | 34 | In Windows Terminal CMD, login to the server 35 | ``` 36 | ssh administrator@192.168.40.93 37 | ``` 38 | * type "yes" to trust the server 39 | * Enter the administrator password 40 | 41 | Sudo isn't needed here because it can be owned by administrator 42 | 43 | ``` 44 | ssh-keygen -t rsa 45 | ``` 46 | 47 | At the prompt, set the filename and location 48 | ``` 49 | /home/administrator/.ssh/admin_vm-gypsy 50 | ``` 51 | * Set a passphrase that is known to you 52 | 53 | ``` 54 | cat ~/.ssh/admin_vm-gypsy.pub >> ~/.ssh/authorized_keys 55 | ``` 56 | * This will add it to the end of the file and not overwrite the exiting key(s) 57 | 58 | ``` 59 | rm ~/.ssh/admin_vm-gypsy.pub 60 | 61 | exit 62 | 63 | cls 64 | ``` 65 | * It's okay to use the same window to complete the next steps 66 | 67 | 68 | # Setup Computer Access # 69 | 70 | In Windows Terminal on the machine you want to add server access to: 71 | 72 | - Download the key from the server 73 | ``` 74 | *Windows* 75 | scp administrator@192.168.10.5:~/.ssh/tomservo-windows C:\Users\mrjoh/.ssh/ 76 | 77 | *Linux* 78 | scp administrator@192.168.10.8:~/.ssh/admin_vm-gypsy /root/.ssh/admin_vm-gypsy 79 | ``` 80 | * Enter the administrator's server password 81 | 82 | In File Explorer, open the C: / Users / mrjoh / .ssh / config file (create the file if you haven't already) and add this: 83 | ``` 84 | Host proxy-vm 85 | HostName 192.168.70.200 86 | Port 22 87 | IdentityFile ~/.ssh/id_rsa_proxy-vm 88 | User administrator 89 | ``` 90 | * Save 91 | 92 | In the Windows Terminal settings, duplicate another profile (or create a new one) 93 | 94 | * Rename it to Proxy VM @ Crow 95 | 96 | * Put this into the command line: 97 | ``` 98 | ssh proxy-vm 99 | ``` 100 | 101 | * Set the icon to an Ubuntu icon found online 102 | 103 | * Set tab title to Proxy VM 104 | 105 | * Save 106 | 107 | * Open the new profile and enter the passphrase for the key. You should be good to go! 108 | 109 | 110 | 111 | # Personalizing # 112 | 113 | ## All Distros ## 114 | 115 | You can turn off login messages altogether if you just create a file called `.hushlogin` in your home folder. There doesn't need to be anything in it and no special permissions. 116 | 117 | 118 | ## Debian 119 | - When you login via SSH, Debian will spit out a disclaimer message before the first prompt. To edit or remove that, edit this file 120 | ``` 121 | sudo nano /etc/motd 122 | ``` 123 | 124 | 125 | ## Ubuntu 126 | 127 | - Ubuntu has a slightly different setup and needs more files edited 128 | ``` 129 | System info text: 130 | sudo vim /etc/update-motd.d/00-header 131 | - I like to add printf "\n" BEFORE the print function to create some space between the system info and the passphrase line 132 | - I like to add printf "\n" AFTER the print function to create some space between the system info and the last login line 133 | 134 | Help text: 135 | sudo vim /etc/update-motd.d/10-help-text 136 | ``` 137 | 138 | 139 | Delete this file for the "Unminimize" text 140 | ``` 141 | sudo rm /etc/update-motd.d/60-unminimize 142 | ``` 143 | -------------------------------------------------------------------------------- /Crontab.md: -------------------------------------------------------------------------------- 1 | On minimized install VMs, crontab needs to be installed 2 | ``` 3 | sudo apt install cron 4 | ``` 5 | 6 | ``` 7 | MAILTO="myemail@gmail.com" 8 | SHELL=/bin/bash 9 | HOME=/ 10 | 11 | # My scripts 12 | 0 5 * * * /administrator/scripts/backup_to_Crow.sh 13 | 14 | # For testing purposes (runs pretty soon after saving) 15 | # * * * * * /root/scripts/backup_to_Tom-Servo.sh 16 | # * * * * * /root/scripts/permissions.sh 17 | ``` 18 | 19 | Add this to the end of a cron job line to disable notifications for that particular job 20 | ``` 21 | >/dev/null 2>&1 22 | ``` 23 | -------------------------------------------------------------------------------- /Editors/VIM.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 04:12 PM 4 | --- 5 | ``` 6 | :NERDTree 7 | ``` 8 | 9 | Vim configs 10 | ``` 11 | mkdir ~/.vim/autoload ~/.vim/backup ~/.vim/plugged 12 | 13 | touch ~/.vimrc 14 | ``` -------------------------------------------------------------------------------- /Email Setup.md: -------------------------------------------------------------------------------- 1 | # Note on the note 2 | 3 | I used to run Ubuntu on my VMs before switching to Debian. I found that Debian already had some packages installed and the steps were slightly different even though Ubuntu is based on Debian. If you're using Ubuntu I would suggest trying the Debian walkthrough and if it doesn't work then check out what is different and make those changes. 4 | 5 | 6 | # Debian Based 7 | 8 | Email Alerts Setup (Gmail) 9 | 10 | 1) Make sure you have `mailutils` and `postfix` installed 11 | 12 | 2. Enable 2FA for the gmail account that will be used by going to [security settings](https://myaccount.google.com/security) 13 | 14 | 3. Create app password for the account. 15 | 1. Go to [App Passwords](https://security.google.com/settings/security/apppasswords) 16 | 2. Select app: Mail 17 | 3. Select device: Other 18 | 4. Type in: Proxmox 19 | 20 | *** 21 | ## ==[[Default Debian VM (SeaBIOS)]] part 1== 22 | - The next few steps have already been done in an attempt to save time so skip to the next section with a highlighted header below 23 | *** 24 | 25 | Create the main postfix config: 26 | ``` 27 | sudo nano /etc/postfix/main.cf 28 | ``` 29 | 30 | Paste the following into the file: 31 | ``` 32 | # See /usr/share/postfix/main.cf.dist for a commented, more complete version 33 | 34 | myhostname=Crow.local 35 | 36 | # Debian specific: Specifying a file name will cause the first 37 | # line of that file to be used as the name. The Debian default 38 | # is /etc/mailname. 39 | #myorigin = /etc/mailname 40 | 41 | smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) 42 | biff = no 43 | 44 | # appending .domain is the MUA's job. 45 | append_dot_mydomain = no 46 | 47 | # Uncomment the next line to generate "delayed mail" warnings 48 | #delay_warning_time = 4h 49 | 50 | readme_directory = no 51 | 52 | # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on 53 | # fresh installs. 54 | compatibility_level = 3.6 55 | 56 | # TLS parameters 57 | smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem 58 | smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key 59 | smtpd_tls_security_level=may 60 | smtp_tls_CApath=/etc/ssl/certs 61 | smtp_tls_security_level=may 62 | # smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 63 | 64 | # this has to do with changing the from name... somehow 65 | sender_canonical_maps = static:no-reply@gmail.com 66 | 67 | smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination 68 | # myhostname = websites.tailf3fc5.ts.net 69 | alias_maps = hash:/etc/aliases 70 | alias_database = hash:/etc/aliases 71 | 72 | mydestination = $myhostname, asd, websites, localhost.localdomain, localhost 73 | # relayhost = 74 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 75 | mailbox_size_limit = 0 76 | recipient_delimiter = + 77 | inet_interfaces = all 78 | inet_protocols = all 79 | 80 | relayhost = smtp.gmail.com:587 81 | smtp_use_tls = yes 82 | smtp_sasl_auth_enable = yes 83 | smtp_sasl_security_options = 84 | smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 85 | smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem 86 | smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache 87 | smtp_tls_session_cache_timeout = 3600s 88 | smtp_header_checks = regexp:/etc/postfix/header_checks 89 | ``` 90 | 91 | Write Gmail credentials to file and hash it. Again, make sure you are root. 92 | ``` 93 | sudo nano /etc/postfix/sasl_passwd 94 | ``` 95 | 96 | Add this, replacing with your password 97 | ``` 98 | smtp.gmail.com youremailname@gmail.com:your-password 99 | ``` 100 | - Password is in 1P 101 | 102 | ``` 103 | sudo chmod 600 /etc/postfix/sasl_passwd 104 | ``` 105 | 106 | *** 107 | ## ==[[Default Debian VM (SeaBIOS)]] part 2== 108 | *** 109 | 110 | Create a file where you can edit who the email is from: 111 | ``` 112 | cd /etc/postfix 113 | 114 | sudo nano /etc/postfix/header_checks 115 | ``` 116 | 117 | Add this: 118 | ``` 119 | /^From:[[:space:]]+(.*)/ REPLACE From: "VM or Machine Name" 120 | ``` 121 | 122 | ``` 123 | sudo postmap header_checks 124 | 125 | sudo postmap hash:/etc/postfix/sasl_passwd 126 | ``` 127 | 128 | ``` 129 | sudo systemctl enable postfix 130 | 131 | sudo systemctl start postfix 132 | ``` 133 | 134 | Test to make sure everything is hunky-dory. 135 | ``` 136 | echo "sample message" | mail -s "sample subject" email@gmail.com 137 | ``` 138 | 139 | Reload with this if you need to: 140 | ``` 141 | sudo postfix reload 142 | ``` 143 | 144 | 145 | 146 | # Ubuntu Based # 147 | 148 | Email Alerts Setup (Gmail) 149 | 150 | 1. SSH into proxmox node and become root user. Run the following commands to download extra software dependencies we'll need. 151 | 152 | ``` 153 | sudo apt update 154 | 155 | sudo apt install libsasl2-modules mailutils postfix -y 156 | ``` 157 | 158 | * When the postfix install dialogue comes up, enter `1` for `No configuration` 159 | 160 | Reboot to get all of the new services working 161 | ``` 162 | sudo reboot 163 | ``` 164 | 165 | 2. Setup Gmail 2FA (if you haven't already) 166 | 167 | - Enable 2FA for the gmail account that will be used (if you haven't already) by going to [Gmails's security settings](https://myaccount.google.com/security) 168 | 169 | - Create app password for the account (if you haven't already). 170 | - Go to [App Passwords](https://security.google.com/settings/security/apppasswords) 171 | - Select app: Mail 172 | - Select device: Other 173 | - Type in: VMs or whatever describes your needs 174 | 175 | 3. Configure Postfix 176 | 177 | Create the Postfix configuration file: 178 | ``` 179 | sudo vim /etc/postfix/main.cf 180 | ``` 181 | 182 | Append the following to the end of the file: 183 | ```sh 184 | # See /usr/share/postfix/main.cf.dist for a commented, more complete version 185 | 186 | # Debian specific: Specifying a file name will cause the first 187 | # line of that file to be used as the name. The Debian default 188 | # is /etc/mailname. 189 | #myorigin = /etc/mailname 190 | 191 | smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) 192 | biff = no 193 | 194 | # appending .domain is the MUA's job. 195 | append_dot_mydomain = no 196 | 197 | # Uncomment the next line to generate "delayed mail" warnings 198 | #delay_warning_time = 4h 199 | 200 | readme_directory = no 201 | 202 | # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on 203 | # fresh installs. 204 | compatibility_level = 3.6 205 | 206 | # TLS parameters 207 | smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem 208 | smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key 209 | smtpd_tls_security_level=may 210 | smtp_tls_CApath=/etc/ssl/certs 211 | smtp_tls_security_level=may 212 | # smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 213 | 214 | smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination 215 | myhostname = websites.tailf3fc5.ts.net 216 | alias_maps = hash:/etc/aliases 217 | alias_database = hash:/etc/aliases 218 | mydestination = $myhostname, asd, websites, localhost.localdomain, localhost 219 | # relayhost = 220 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 221 | mailbox_size_limit = 0 222 | recipient_delimiter = + 223 | inet_interfaces = all 224 | inet_protocols = all 225 | 226 | relayhost = smtp.gmail.com:587 227 | smtp_use_tls = yes 228 | smtp_sasl_auth_enable = yes 229 | smtp_sasl_security_options = 230 | smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 231 | smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem 232 | smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache 233 | smtp_tls_session_cache_timeout = 3600s 234 | ``` 235 | - Save 236 | 237 | ``` 238 | sudo vim /etc/postfix/sasl_passwd 239 | ``` 240 | 241 | Add the following line making sure to set the correct email and 2FA secure password from the step above: 242 | ``` 243 | smtp.gmail.com youremail@gmail.com:yourpassword 244 | ``` 245 | 246 | ``` 247 | sudo chmod 600 /etc/postfix/sasl_passwd 248 | 249 | sudo postmap hash:/etc/postfix/sasl_passwd 250 | ``` 251 | 252 | * That last line will generate /etc/postfix/sasl_passwd.db so that sasl_passwd is secure 253 | 254 | ``` 255 | sudo systemctl enable postfix 256 | 257 | sudo systemctl start postfix 258 | ``` 259 | 260 | Reload if needed 261 | ``` 262 | sudo postfix reload 263 | ``` 264 | 265 | 4. Test to make sure everything is working 266 | ``` 267 | sudo echo "sample message" | mail -s "sample subject" email@gmail.com 268 | ``` 269 | 270 | *IMPORTANT* 271 | With updates to Postfix and SMTP and the rest, this configuration will likely need to be updated in the future 272 | -------------------------------------------------------------------------------- /GitHub.md: -------------------------------------------------------------------------------- 1 | # GitHub CLI Setup 2 | 3 | Install Github CLI (this is all one command) 4 | ``` 5 | type -p curl >/dev/null || sudo apt install curl -y 6 | curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ 7 | && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ 8 | && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ 9 | && sudo apt update \ 10 | && sudo apt install gh -y 11 | ``` 12 | 13 | ``` 14 | gh auth login 15 | ``` 16 | 17 | ``` 18 | Select GitHub.com 19 | 20 | Select SSH 21 | 22 | Yes 23 | ``` 24 | 25 | - For setups that don't need cron or other automation that can't enter a passphrase, enter a passphrase 26 | 27 | - For using cron or something that can't enter passphrases itself, hit enter to leave the passphrase blank 28 | 29 | ``` 30 | Name it or just hit enter 31 | 32 | Login with a web browser 33 | - Hit enter 34 | - Click the link 35 | - Copy the one-time code over 36 | ``` 37 | 38 | ``` 39 | rm ~/.ssh/id_ed25519.pub 40 | ``` 41 | 42 | 43 | 44 | # Alternate Method for Authentication # 45 | 46 | ```sh 47 | ssh-keygen -t rsa -b 4096 -C "youremail@gmail.com" 48 | ``` 49 | 50 | ``` 51 | /home/administrator/.ssh/machine-keys/tomservo-github 52 | ``` 53 | 54 | Start SSH Agent 55 | ``` 56 | eval "$(ssh-agent -s)" 57 | ``` 58 | 59 | ``` 60 | ssh-add ~/.ssh/machine-keys/tomservo-github 61 | ``` 62 | 63 | Now add your public key 64 | ``` 65 | gh ssh-key add ~/.ssh/machine-keys/tomservo-github 66 | ``` 67 | 68 | ``` 69 | rm ~/.ssh/machine-keys/playground_vm-github.pub 70 | ``` 71 | 72 | 73 | # Usage 74 | 75 | #### Create a repo: 76 | ``` 77 | gh repo create 78 | ``` 79 | 80 | #### Clone a repo: 81 | - To be able to clone a repo you'll need to have already need to have setup GitHub CLI Setup below 82 | - You'll also need a token (see below) 83 | - In SSH on the server where you want to clone the repo to, change directory to the parent directory of where you want your repo to live 84 | - If you want the repo to be `/docker/appdata/repo-directory` then you'd `cd /docker/appdata` before running the next command 85 | - The command to run is structured like this 86 | ``` 87 | git clone https://TOKEN@github.com/OWNER/REPO.git 88 | ``` 89 | - Paste in the specific info until it looks something like this: 90 | ``` 91 | git clone https://ghp_Vm11kPZuXXXXX324790VZMe4HMfd2k8D0D@github.com/yourusername/yourrepo.git 92 | ``` 93 | 94 | #### Create a token: 95 | - In GitHub, go to `Settings -> Developer Settings -> Personal access tokens -> Tokens (classic)` 96 | - Click on `Generate new token` and then click `Generate new token (classic)` 97 | - Give it a name 98 | - Set an expiration date (I did a year later) 99 | - Under Select Scopes, click on `repo` 100 | - Click Generate token 101 | - Copy the token somewhere until you're done 102 | 103 | NOTE- *I don't save the token to 1P as a find it's not needed after the initial cloning. If you run into a problem just re-clone the repo* 104 | 105 | #### Re-Cloning a Repo: 106 | - For most repos, compare what's in the repo on GitHub to what is needed to run your app and copy the missing data that's NOT in the repo 107 | - Assume you have a working directory on your server called `/docker/appdata/docker-app` that contains your GitHub repo 108 | - And assume inside of that directory is folder 1, folder 2, folder 3, file 1 and file 2 109 | - But on the GitHub site you see that the only data that GitHub is watching is folder 1, folder 2, and file 1 110 | - In this case you would want to copy folder 3 and file 3 in your working server directory to `/docker/appdata/temp-directory` or `/docker/appdata/docker-app-bak` 111 | - Next you'll delete `/docker/appdata/docker-app` 112 | - Clone the repo following the instructions above 113 | - After confirming everything is where you want it, copy folder 3 and file 3 back into the repo so that your app will work properly 114 | -------------------------------------------------------------------------------- /Hardware/UPS.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:31 PM 3 | modified: Wed 2023-12-27 @ 03:54 PM 4 | --- 5 | # To Do # 6 | 7 | - Get some useful notifications working 8 | - Document how to do it 9 | 10 | 11 | 12 | # Emergency Usage # 13 | 14 | In a power failure, under the current settings, after 2 minutes, PowerChute on each server will initiate a graceful shutdown. They will not come back on until they are physically restarted. 15 | 16 | 17 | 18 | # Initial Setup # 19 | 20 | 1. Dedicate a switch port for the unit and setup that port on the correct network. Assign it a dedicated IP and take note of it. 21 | 2. Put the battery in, connect the ethernet cable, and plug in the unit to the wall. It should fire up but might not be "On", which means that the unit is running but isn't powering anything. 22 | 3. On the Network Management Card on the back, stick a paperclip in the reset button and hold it there. One of the ethernet port lights should start blinking Green. Keep holding it down until that light starts blinking Orange and then release the reset button. 23 | 4. After the lights are done doing their thing and the card is completely reset and is functioning again, go to the IP address to open the management portal. 24 | 5. Log in with both the user and password as "apc". 25 | 26 | The first thing to check is the firmware. If the interface looks dated it's probably out of date. This next step is fine to run either way. 27 | 28 | To update the firmware 29 | - go [here](https://www.apc.com/shop/us/en/tools/software-firmware/) 30 | - Type in model of the Network Management Card 2 (ap9631) in the model number box (not the UPS model number) and select the correct one from the options that appear 31 | - Check "Firmware Upgrades" in the filters box 32 | - You'll need the UPS Network Management Card Firmware for Smart-UPS (if its called something else in the future just get the one that makes the most sense). Download it. 33 | - Extract the zip file and open the Windows application inside of it. As of this writing, it returned a WinZip Self-Extractor window. Make sure that "When done unzipping open..." is checked and click Unzip. 34 | - That should open a program called NMC Firmware Update Utility. Enter the IP of the UPS, username and password and click Start Update. 35 | - Let it run and that should be all there is to it. 36 | - Log on to the interface again to make sure it works. 37 | 38 | The second thing to change is the password. Go to Configuration -> Security -> Local Users -> Management 39 | - Click on the "apc" Super User 40 | - Enter the current password 41 | - Enter the new password twice 42 | - Change the User Description to something useful (I wrote "Default User") 43 | - Change Session Timeout to 5 minutes 44 | - Change Temperature Scale to US Customary 45 | - Click on next 46 | - Apply the changes 47 | 48 | Now you're ready to change the UPS settings as needed. 49 | 50 | 51 | # Settings # 52 | 53 | * If it's not on here then I didn't change anything 54 | 55 | Configuration -> UPS 56 | - Change the UPS Name to whatever you want 57 | - Set the Last Battery Replacement to the correct time period 58 | - Apply 59 | 60 | Configuration -> Security -> Local Users -> Default Settings 61 | - Access enabled 62 | - User Type: Device 63 | - Temperature Scale: US Customary 64 | - Strong Passwords enabled 65 | - Apply 66 | 67 | Configuration -> Network -> TCP/IP -> IPv6 Settings 68 | - Uncheck Enable 69 | - Apply 70 | 71 | Configuration -> Network -> DNS -> Configuration 72 | - Primary DNS Server: 1.1.1.1 73 | - Secondary DNS Server: 1.0.0.1 74 | - Enable System Name Synchronization 75 | - Change the Host Name to APC-UPS or whatever you want 76 | - Apply 77 | 78 | Configuration -> Network -> Web -> Access 79 | - Just a note to not enable HTTPS because that will break the abilty to log in 80 | 81 | Configuration -> General -> Identification 82 | - Change as desired 83 | - Apply 84 | 85 | Configuration -> General -> Date/Time -> Mode 86 | - Set the Time Zone to Pacific Time 87 | - Select "Synchronize with NTP Server" 88 | - Leave "Override Manual NTP Settings" unchecked 89 | - Set Primary and Secondary NTP Server IPs 90 | - Google "NTP servers" and pick one from a list 91 | - Check "Update using NTP now" 92 | - Apply 93 | 94 | Configuration -> General -> Date/Time -> Daylight Savings 95 | - Set Daylight Saving Time to "Traditional US DST" 96 | - Apply 97 | 98 | 99 | # PowerChute # 100 | 101 | #### Install #### 102 | 103 | - I'm pretty sure JRE gets installed with the PCNS package so skip this next time and only come back to it if you need to 104 | ``` 105 | apt install openjdk-11-jre 106 | ``` 107 | 108 | - Download the 64 bit version of the PowerChute file 109 | - At the time of writing it was "pcns441Linux-x86-64.tar.gz" 110 | - I had the damnedest time downloading it directly with wget because of the way APC has their download links set up. I ended up downloading in Windows into the /mnt/Deep-13/Media folder and then moving it into the root folder 111 | 112 | ``` 113 | tar -xvf pcns441Linux-x86-64.tar.gz 114 | 115 | cd Linux_x64 116 | 117 | ./install.sh 118 | ``` 119 | 120 | - It's a pretty straightforward install 121 | 122 | 123 | #### Setup #### 124 | 125 | The only confusing part of the setup is the user, password, and authentication phrase. 126 | - The user name must match the NMC name. Set the user to "apc". 127 | - The password is just the normal one you'll need to log in to this PowerChute instance. Generate it in 1P. 128 | - The Authentication Phrase can be first set in the regular APC UPS Network Management Card interface under Configuration -> Shutdown 129 | - Set the User Name to APC (not sure where this is used but best to keep it the same) 130 | - Generate a new password greater than 15 characters in 1P and put it in the Authentication Phrase box. 131 | - While you're on that inferface, check the HTTP box and set the On-Battery Shutdown Behavior to whatever you want -------------------------------------------------------------------------------- /Homelab (Github).md: -------------------------------------------------------------------------------- 1 | --- 2 | sticker: "" 3 | color: "" 4 | --- 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 mrjohnnycake 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Personalizing/YADM.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 04:17 PM 4 | --- 5 | *Yet Another Dotfile Manager 6 | 7 | 8 | https://yadm.io/docs/common_commands 9 | 10 | 11 | #### Installation #### 12 | 13 | ``` 14 | sudo apt-get install yadm 15 | ``` 16 | 17 | 18 | #### First things first... #### 19 | 20 | - Create the repo on Github and take note of the SSH link 21 | 22 | git@github.com:myusername/myreponame.git 23 | 24 | 25 | - Clone into the repo to download it to your machine 26 | ``` 27 | yadm clone https://github.com/myusername/myreponame.git 28 | 29 | yadm fetch -f 30 | ``` 31 | 32 | Add user info to the repo for commits: 33 | ``` 34 | git config --global user.email "10XXXX689+myusername@users.noreply.github.com" 35 | 36 | git config --global user.name "My Name" 37 | ``` 38 | 39 | 40 | #### Usage #### 41 | 42 | Add a file: 43 | ``` 44 | yadm add .gitconfig 45 | ``` 46 | 47 | Check status of repo and anything that needs to get down: 48 | ``` 49 | yadm status 50 | ``` 51 | 52 | Commit changes: 53 | ``` 54 | yadm commit -m "note about what was changed" 55 | ``` 56 | 57 | Push changes to the GitHub repo: 58 | ``` 59 | yadm push 60 | ``` 61 | 62 | Pull changes down from the GitHub repo if changes were made there: 63 | ``` 64 | yadm pull 65 | ``` 66 | 67 | -------------------------------------------------------------------------------- /Personalizing/ZSH.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Wed 2023-12-27 @ 04:20 PM 4 | --- 5 | 6 | 7 | 8 | need to auto detect distro 9 | 10 | # Fresh Install # 11 | 12 | Install 13 | ``` 14 | sudo apt install zsh 15 | ``` 16 | 17 | Make zsh the default shell 18 | ``` 19 | chsh -s /usr/bin/zsh 20 | ``` 21 | 22 | Run the config script 23 | ``` 24 | zsh 25 | ``` 26 | 27 | -So far I've chosen to go with option 2 where the .zshrc file gets created with a standard configuration. 28 | 29 | You can confirm the shell has been changed by running 30 | ``` 31 | echo $SHELL 32 | ``` 33 | 34 | When you've made edits to the `.zshrc` file, reload it: 35 | ``` 36 | source ~/.zshrc 37 | ``` 38 | 39 | 40 | ## Starship ## 41 | 42 | Install: 43 | ``` 44 | sudo curl -sS https://starship.rs/install.sh | sh 45 | ``` 46 | 47 | 48 | ## ZSH Autocomplete ## 49 | 50 | ``` 51 | mkdir .config/zsh/plugins && cd "$_" 52 | 53 | git clone --depth 1 -- https://github.com/marlonrichert/zsh-autocomplete.git 54 | ``` 55 | 56 | - If on Ubuntu: 57 | ``` 58 | compaudit | xargs chmod g-w 59 | ``` 60 | 61 | ``` 62 | vim ~/.config/zsh/.zshrc 63 | ``` 64 | 65 | Add at or near the top of your `.zshrc` file (before any calls to `compdef`): 66 | ``` 67 | source ~/Git/zsh-autocomplete/zsh-autocomplete.plugin.zsh 68 | ``` 69 | 70 | - Remove any calls to `compinit` from your `.zshrc` file. 71 | 72 | - If you're using Ubuntu, add to your `.zshenv` file: 73 | ``` 74 | skip_global_compinit=1 75 | ``` 76 | 77 | - Restart your shell. 78 | 79 | To update, do: 80 | ``` 81 | git -C ~zsh-autocomplete pull 82 | ``` 83 | 84 | 85 | 86 | # Converting Existing VMs # 87 | 88 | 89 | - In the Windows Terminal profile you're wanting to update, change the font to "FuraMono Nerd Font" 90 | 91 | ``` 92 | sudo apt update 93 | 94 | sudo apt install curl git yadm zsh -y 95 | 96 | chsh -s /usr/bin/zsh 97 | ``` 98 | 99 | If on Ubuntu: 100 | ``` 101 | sudo reboot 102 | ``` 103 | 104 | If on Debian: 105 | ``` 106 | exit 107 | ``` 108 | 109 | On logging back in, select option 2 in the ZSH setup 110 | 111 | ``` 112 | sudo curl -sS https://starship.rs/install.sh | sh 113 | ``` 114 | 115 | GitHub CLI (all one command) 116 | ``` 117 | curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ 118 | && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ 119 | && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ 120 | && sudo apt update \ 121 | && sudo apt install gh -y 122 | ``` 123 | 124 | Authenticate GitHub 125 | ``` 126 | gh auth login 127 | ``` 128 | 129 | ``` 130 | Select GitHub.com 131 | 132 | Select SSH 133 | 134 | Yes 135 | 136 | No passphrase 137 | 138 | Media VM 139 | 140 | Login with a web browser 141 | - Hit enter 142 | - Click the link 143 | - Copy the one-time code over 144 | ``` 145 | 146 | ``` 147 | rm ~/.ssh/id_ed25519.pub 148 | ``` 149 | 150 | ``` 151 | yadm clone https://github.com/myusername/myrepo.git 152 | ``` 153 | 154 | For Ubuntu: 155 | ``` 156 | yadm checkout "/home/administrator" 157 | ``` 158 | 159 | For Debian: 160 | ``` 161 | yadm fetch -f 162 | ``` 163 | 164 | Exit and reopen 165 | 166 | ``` 167 | cd .scripts/setup 168 | ``` 169 | 170 | For Ubuntu: 171 | ``` 172 | ./ubuntu.sh 173 | ``` 174 | 175 | For Debian: 176 | ``` 177 | ./debian.sh 178 | ``` 179 | 180 | -------------------------------------------------------------------------------- /Proxmox/Base Proxmox Setup.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Installing Proxmox on Bare Metal 3 | created: Tue 2023-12-19 @ 9:12 AM 4 | aliases: 5 | - Default Note 6 | - Note Layout 7 | tags: [] 8 | type: 9 | modified: Thu 2023-12-28 @ 08:53 AM 10 | --- 11 | > [!abstract] In This Install 12 | > - 13 | 14 | *This note is for brand new installs OR starting over completely. For upgrading pre-existing installs see* my [[Proxmox OS]] note 15 | 16 | # Pre-Steps 17 | 18 | - Do any hardware changes, if necessary 19 | - Connect networking cable(s) 20 | - Connect a monitor and keyboard OR a KVM 21 | - Update USB stick with new ISO (use Rufus with the DD function) 22 | 23 | # Initial Install 24 | 25 | *These steps were written for version 8.1-1 but should be good for other versions* 26 | 27 | - Start the server and load your motherboards boot screen 28 | - Take note of any boot issues as those may need to be fixed later 29 | - Select the install disk. 30 | - Select Install Proxmox VE (Terminal UI) 31 | - With PiKVM, I find that the graphical installer has parts of the screen cut off which inhibits the whole process 32 | - Select "I Agree" 33 | - Choose your Target Harddisk and hit Next 34 | - Choose your Country, Timezone and Keyboard Layout and hit Next 35 | - For Root Password, use something you know off the top of your head for now and we'll change it later 36 | - You can enter a real email you'll be using for the server notifications or just change the last part of the fake email address to `.com` 37 | - Hit Next 38 | - Enter the info specific to your machine 39 | - I used this: 40 | ``` 41 | Management interface: ens4f0 42 | Hostname (FQDN): Crow.local 43 | IP address (CIDR): 192.168.10.10 /28 44 | Gateway address: 192.168.10.1 45 | DNS server address: 192.168.10.1 46 | ``` 47 | - Hit Next 48 | - Confirm that your info is correct and hit Install 49 | - During reboot: 50 | - Remove or detach / disconnect the install disk 51 | - Take note of any errors on the screen in case they need to be troubleshooted later 52 | 53 | - Open `https://192.168.10.10:8006/` (use your specific IP address) 54 | - If the page fails to load then `/etc/network/interfaces` needs to be edited. Use the direct connected keyboard and monitor OR your KVM to login and make the changes 55 | - Ignore the subscription pop-up that shows upon logging in 56 | 57 | - There's no need to set a static IP on your router for the server since you've already told Proxmox to use a static IP 58 | 59 | 60 | # Setup 61 | 62 | These steps can be done as root in the Proxmox console 63 | 64 | ``` 65 | apt update 66 | 67 | apt upgrade 68 | ``` 69 | *You'll get some repo errors but just ignore them for now* 70 | 71 | - Reboot 72 | 73 | ``` 74 | bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" 75 | ``` 76 | - Proxmox will be fully updated during this process so no need to run `apt update` and `apt upgrade` afterwards 77 | 78 | 79 | Log in to the GUI for this next step: 80 | 81 | GUI --> Node -> System -> DNS 82 | ``` 83 | local 84 | 192.168.10.1 85 | 1.1.1.1 86 | 1.0.0.1 87 | ``` 88 | 89 | 90 | # Storage 91 | 92 | - Create or Import a zpool by following the [[Deep-13 ZFS Zpool]] note 93 | 94 | GUI --> Datacenter --> Storage 95 | - Delete the default LVM-Thin storage 96 | - Change `local` content to ISO image, Snippets, Container template 97 | - Go to Add --> LVM-Thin 98 | - ID: see your specific machine's note 99 | - Volume group: pve 100 | - Thin pool: data 101 | - Content: Disk image, Container 102 | - Nodes: select this machine 103 | - Click Add 104 | 105 | 106 | GUI --> Datacenter → Storage → Add → Directory 107 | * ID: Backups-MachineName 108 | * Directory: `/mnt/Deep-13/Backups/[MACHINE-NAME]` 109 | * Content: VZDump backup file 110 | * Node: Choose your machine 111 | * Click Add 112 | 113 | 114 | GUI --> Datacenter → Backup → Add… 115 | * Node: Select the machine 116 | * Storage: Select the storage you just created 117 | * Schedule: Select "Every day 21:00" but then change the time to 01:00 118 | * Selection Mode = All 119 | * Send email: On failure only 120 | * Send email to: enter your email address 121 | * Leave the rest on this tab as default 122 | * On the Retention tab set "Keep Last" to 3 123 | * Click OK 124 | 125 | 126 | # Environment 127 | 128 | ``` 129 | sudo apt update 130 | 131 | sudo apt install fail2ban git vim yadm zfs-auto-snapshot zsh -y 132 | ``` 133 | 134 | - Reboot (don't skip this reboot) 135 | 136 | - Log back in to the CLI 137 | 138 | - Follow the Permissions section in the note for your specific machine 139 | 140 | Setup the host to allow virtualization 141 | ``` 142 | sudo nano /etc/default/grub 143 | ``` 144 | 145 | * Comment out: 146 | ``` 147 | GRUB_CMDLINE_LINUX_DEFAULT="quiet” 148 | ``` 149 | 150 | * Add beneath that: 151 | 152 | * If Xeon machine: 153 | ``` 154 | GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on" 155 | ``` 156 | 157 | * If Threadripper machine: 158 | ``` 159 | GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on" 160 | ``` 161 | 162 | ``` 163 | sudo update-grub 164 | 165 | sudo nano /etc/modules 166 | ``` 167 | 168 | * Add these lines: 169 | ``` 170 | vfio 171 | vfio_iommu_type1 172 | vfio_pci 173 | vfio_virqfd 174 | ``` 175 | 176 | * Reboot 177 | 178 | 179 | 180 | # Change Login User 181 | 182 | Now we're going to add `administrator` user to avoid logging in as `root` going forward 183 | 184 | * Create users WITH home directories (lowercase m) 185 | ``` 186 | useradd -u 1000 -m -s /bin/bash administrator 187 | 188 | passwd administrator 189 | ``` 190 | - Choose a secure password for this 191 | 192 | ``` 193 | apt install sudo 194 | 195 | usermod -aG sudo administrator 196 | ``` 197 | 198 | Change the `root` password to something more secure 199 | ``` 200 | passwd 201 | ``` 202 | 203 | ``` 204 | sudo vim /etc/ssh/sshd_config 205 | ``` 206 | 207 | * Change this line to look like this (need to uncomment) 208 | ``` 209 | # Authentication: 210 | PermitRootLogin no 211 | ``` 212 | 213 | Going forward we'll login via Windows Terminal using `administrator` 214 | 215 | 216 | 217 | # Personalize 218 | 219 | - Setup SSH with [[1Password with SSH]] 220 | 221 | Make zsh the default shell 222 | ``` 223 | chsh -s /usr/bin/zsh 224 | ``` 225 | 226 | Run the config script 227 | ``` 228 | zsh 229 | ``` 230 | -Use option 2 231 | 232 | Install Starship and ZSH-Autocomplete: 233 | ``` 234 | sudo curl -sS https://starship.rs/install.sh | sh 235 | 236 | y 237 | 238 | mkdir -p .config/zsh/plugins && cd "$_" 239 | 240 | git clone --depth 1 -- https://github.com/marlonrichert/zsh-autocomplete.git 241 | ``` 242 | 243 | 244 | Add the GitHub CLI ( *you need to do this to be able to use YADM* ) 245 | 246 | All one command: 247 | ``` 248 | curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ 249 | && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ 250 | && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ 251 | && sudo apt update \ 252 | && sudo apt install gh -y 253 | ``` 254 | 255 | Authenticate GitHub 256 | ``` 257 | gh auth login 258 | ``` 259 | 260 | ``` 261 | Select GitHub.com 262 | 263 | Select SSH 264 | 265 | Yes 266 | 267 | No passphrase 268 | 269 | Name: VM-Name-GH_CLI 270 | 271 | Login with a web browser 272 | - Hit enter 273 | - Click the link 274 | - Copy the one-time code over 275 | ``` 276 | 277 | ``` 278 | rm ~/.ssh/id_ed25519.pub 279 | ``` 280 | 281 | Clone into and pull down dotfiles repo: 282 | ``` 283 | yadm clone https://github.com/mrjohnnycake/dotfiles.git 284 | ``` 285 | 286 | - Reboot the server and then log back in to the CLI 287 | 288 | 289 | Run the `debian.sh` script to clean out the home folder: 290 | ``` 291 | cd .scripts/setup 292 | 293 | ./debian.sh 294 | ``` 295 | 296 | 297 | 298 | # Additional Installs 299 | 300 | Turn on Fail2Ban: 301 | ``` 302 | sudo systemctl enable fail2ban --now 303 | ``` 304 | 305 | - [[Email Setup]] 306 | - Update the documentation as needed next time 307 | 308 | - Install PowerChute [[UPS]] connection 309 | - Update the documentation as needed next time 310 | 311 | - [[Netdata]] 312 | 313 | - Work on new Datacenter --> Notifications documentation 314 | 315 | # Snapshots 316 | 317 | - In the [[Backup and Maintenance]] note follow the "ZFS Snapshots w/ cron" section and consult your specific machine's note of what snapshots to turn on or not 318 | -------------------------------------------------------------------------------- /Proxmox/Proxmox OS.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: Tue 2023-05-02 @ 06:32 PM 3 | modified: Thu 2023-12-28 @ 08:53 AM 4 | tags: 5 | - Homelabbing 6 | --- 7 | # To Do's 8 | 9 | - [ ] #proxmox [[Upgrades Project]] #Homelabbing 10 | - [ ] #proxmox Backup Proxmox system files? #Homelabbing 11 | - [ ] #proxmox Update [[Proxmox Drive Switch]] now that the [[Base Proxmox Setup]] note is there #Homelabbing 12 | - [ ] #proxmox Proxy and Websites VMs don't work when using IdentityAgent #Homelabbing 13 | - [ ] #proxmox [Proxmox Automation Scripts](https://tteck.github.io/Proxmox/) #Homelabbing 14 | - [ ] #proxmox Setup notifications #Homelabbing 15 | - Need to document this process 16 | - https://youtu.be/85ME8i4Ry6A 17 | - https://pve.proxmox.com/pve-docs/chapter-notifications.html 18 | 19 | 20 | # Setup 21 | 22 | For setup steps, see [[Base Proxmox Setup]] 23 | 24 | 25 | # Upgrading the OS 26 | 27 | #### For minor upgrades 28 | 29 | If you're just going from say 7.3.1 to 7.4, make sure everything is backed up and then just run this: 30 | ``` 31 | apt update 32 | 33 | apt upgrade or apt dist-upgrade or apt full-upgrade 34 | ``` 35 | 36 | #### For major upgrades 37 | 38 | - If you're upgrading from say 7.4 to 8.0 you can follow the steps from [here](https://pve.proxmox.com/wiki/Upgrade_from_7_to_8) 39 | 40 | - Run this for Proxmox to give you pointers on what might cause issues: 41 | ``` 42 | pve7to8 43 | ``` 44 | 45 | - On my last major upgrade I decided to start fresh. Here are some pre-steps I took before starting over: 46 | - Upgrade to the most recent sub-version (ex. 7.3.1 to 7.4) and then run `apt update` and `apt upgrade` again 47 | - Backup all VMs to a different server 48 | - Copy `/etc` and home directories 49 | - Export the zpool 50 | - Get rid of or leave the cluster 51 | - Copy ZFS snapshot schedule 52 | - Disconnect Netdata 53 | 54 | 55 | # Upgrading Hardware 56 | 57 | If you need to change hardware and you put the install disk in another motherboard you can get it working again by using the command prompt when starting up with a monitor connected. You need to update `etc/network/interfaces` with the new interface names for this new motherboard. 58 | 59 | 60 | # Updating 61 | 62 | - From the Proxmox profile in Windows Terminal 63 | 64 | ``` 65 | apt update 66 | 67 | apt upgrade or apt dist-upgrade or apt full-upgrade 68 | ``` 69 | 70 | - Reboot via the Proxmox GUI 71 | 72 | 73 | # Networking # 74 | 75 | To get the network device names: 76 | ``` 77 | apt install lshw 78 | 79 | lshw -C network 80 | ``` 81 | 82 | This is a good [video](https://www.youtube.com/watch?v=zx5LFqyMPMU) for Proxmox networking 83 | 84 | To see details of bonds you have setup 85 | ``` 86 | cat /proc/net/bonding/bond1 87 | ``` 88 | 89 | You can run `iperf3` to see network speeds (but it never seemed to work right for me so look it up next time) 90 | - You have to set it up on two different servers 91 | ``` 92 | iperf3 -c 192.168.10.10 93 | ``` 94 | 95 | *** 96 | 97 | Bonds should primarily be used for failover and/or link aggregation 98 | 99 | Don't forget that you can bridge two or more VMs together so that they can only talk to each other 100 | - You could also use an unused VLAN ID to accomplish the same thing 101 | 102 | 103 | ## Bonded Interfaces w/ VLANs ## 104 | 105 | First, remove the static IP in Unifi for the server interface 106 | 107 | For VLAN networking, set up a bonded interface: 108 | 109 | * Node-->System-->Network-->Create-->Linux Bond 110 | 111 | ``` 112 | Name: bond0 113 | 114 | Slaves: eno1 enp4s0 (or whichever ports you need to be in it) 115 | 116 | Mode: LACP (802.3ad) 117 | 118 | Hash policy: layer2+3 119 | 120 | Autostart checked 121 | ``` 122 | 123 | * Everything else can be left empty 124 | 125 | * For all of the physical interfaces, they can stay empty other than autostart for the used ones. I also like to comment on which one is which (ex. "built in" for eno1) 126 | 127 | Now we need to create a bridge pointing to the bond: 128 | 129 | ``` 130 | Name: vmbr0 131 | 132 | Autostart checked 133 | 134 | VLAN aware checked 135 | 136 | Bridge ports: bond0 137 | ``` 138 | 139 | Next create a Linux VLAN for one of the VLANs you'll be using. This one will double as the static IP of the Proxmox interface: 140 | 141 | ``` 142 | Name: vmbr0.10 (where 10 is the VLAN ID/Tag) 143 | 144 | IPv4/CIDR: 192.168.10.10/28 (change as needed) 145 | 146 | Gateway: 192.168.10.1 147 | 148 | Autostart checked 149 | 150 | VLAN raw device: vmbr0 151 | 152 | VLAN Tag: 10 153 | 154 | Comment: SERVERS VLAN (or whatever) 155 | ``` 156 | 157 | * Click OK 158 | 159 | * Apply Configuration 160 | 161 | * Reboot Proxmox 162 | 163 | You probably won't be able to get back into the interface. That's because you need to tell your switch to Aggregate these two separate connections into one 164 | 165 | * Go to Unifi Controller-->Devices-->24 Port Switch-Ports 166 | * The ports used need to be sequential (ie. 5-6, 20-21, etc.) 167 | * Go to the lower number port to be used 168 | * Set the Port Profile to All since you'll need access to more than one VLAN with this connection 169 | * Click on Port Profile Override and change the Operation to Aggregate 170 | * For the Aggregate Ports, select the next port up from this one 171 | * Apply Changes 172 | 173 | Now log back into your Proxmox interface. If it comes up, it worked. 174 | 175 | Now create another Linux VLAN for any other VLANs you need on the server. These 2nd+ Linux VLANs will follow the same format and are slightly different than the first VLAN you set up 176 | 177 | ``` 178 | Name: vmbr0.40 (where 40 is the VLAN ID/Tag) 179 | 180 | IPv4/CIDR: 192.168.40.10/28 (change as needed) - this IP is necessary for switching though you can't access anything with it yourself - change it to .20 for Gypsy 181 | 182 | Gateway: leave empty (Proxmox is supposed to only use one default gateway) 183 | 184 | Autostart checked 185 | 186 | VLAN raw device: vmbr0 187 | 188 | VLAN Tag: 40 189 | 190 | Comment: INTERNAL VLAN (or whatever) 191 | ``` 192 | 193 | * Click OK 194 | 195 | * Apply Configuration 196 | 197 | ## 10Gbe Direct Connection ## 198 | 199 | ### Initial Setup ### 200 | 201 | In Node-->Network, find the 10Gbe card ports 202 | * They were called ens2f0 and ens2f1 before 203 | 204 | Edit port 1 205 | 206 | ``` 207 | Autostart checked 208 | Comment: 10Gbe port 1 209 | MTU:9000 210 | ``` 211 | 212 | * Do the same for port 2 and just adjust the comment 213 | 214 | Create Linux Bridge 215 | 216 | ``` 217 | Name: vmbr1 is fine 218 | IPv4/CIDR: 10.10.10.10/24 (or whatever unused network address you can think of) 219 | Autostart checked 220 | Bridge ports: ens2f0 ens2f1 (you actually only need the one you're using, if you want) 221 | Comment: 10Gbe direct connection 222 | MTU: 9000 223 | ``` 224 | 225 | 226 | 227 | 228 | ## Working Setup Examples 229 | 230 | `nano /etc/network/interfaces` 231 | 232 | #### Option 1 - Separate interfaces 233 | 234 | *`bridge-vids 70` has to be edited via the CLI* 235 | 236 | ``` 237 | # network interface settings; autogenerated 238 | # Please do NOT modify this file directly, unless you know what 239 | # you're doing. 240 | # 241 | # If you want to manage parts of the network configuration manually, 242 | # please utilize the 'source' or 'source-directory' directives to do 243 | # so. 244 | # PVE will preserve these directives, but will NOT read its network 245 | # configuration from sourced files, so do not attempt to move any of 246 | # the PVE managed interfaces into external files! 247 | 248 | auto lo 249 | iface lo inet loopback 250 | 251 | auto eno1 252 | iface eno1 inet manual 253 | mtu 9000 254 | #Built-in: Lower 255 | 256 | auto enp16s0 257 | iface enp16s0 inet manual 258 | mtu 9000 259 | #Built-in: Upper 260 | 261 | auto enp5s0f0 262 | iface enp5s0f0 inet manual 263 | mtu 9000 264 | #10G- top 265 | 266 | auto enp5s0f1 267 | iface enp5s0f1 inet manual 268 | mtu 9000 269 | #10G- bottom 270 | 271 | iface enp11s0f0 inet manual 272 | mtu 9000 273 | #1G- top 274 | 275 | iface enp11s0f1 inet manual 276 | mtu 9000 277 | #1G- second from top 278 | 279 | iface enp11s0f2 inet manual 280 | mtu 9000 281 | #1G- second from bottom 282 | 283 | auto enp11s0f3 284 | iface enp11s0f3 inet manual 285 | mtu 9000 286 | #1G- bottom 287 | 288 | auto vmbr0 289 | iface vmbr0 inet static 290 | address 192.168.10.10/28 291 | gateway 192.168.10.1 292 | bridge-ports enp5s0f1 293 | bridge-stp off 294 | bridge-fd 0 295 | bridge-vlan-aware yes 296 | bridge-vids 10 297 | mtu 9000 298 | #Management bridge 299 | 300 | auto vmbr70 301 | iface vmbr70 inet manual 302 | bridge-ports enp11s0f3 303 | bridge-stp off 304 | bridge-fd 0 305 | bridge-vlan-aware yes 306 | bridge-vids 70 307 | mtu 9000 308 | #External bridge 309 | 310 | auto vmbr40 311 | iface vmbr40 inet manual 312 | bridge-ports enp11s0f2 313 | bridge-stp off 314 | bridge-fd 0 315 | bridge-vlan-aware yes 316 | bridge-vids 40 317 | mtu 9000 318 | #Internal bridge 319 | 320 | auto vmbr20 321 | iface vmbr20 inet manual 322 | bridge-ports enp11s0f1 323 | bridge-stp off 324 | bridge-fd 0 325 | bridge-vlan-aware yes 326 | bridge-vids 20 327 | mtu 9000 328 | #IoT bridge 329 | ``` 330 | 331 | 332 | 333 | #### Option 2 - Bonded interfaces w/ active backup 334 | 335 | ``` 336 | auto lo 337 | iface lo inet loopback 338 | 339 | iface eno1 inet manual 340 | mtu 9000 341 | #Built-in - lower 342 | 343 | iface enp16s0 inet manual 344 | mtu 9000 345 | #Built-in - upper 346 | 347 | auto ens4f0 348 | iface ens4f0 inet manual 349 | mtu 9000 350 | #10GbE - top 351 | 352 | auto ens4f1 353 | iface ens4f1 inet manual 354 | mtu 9000 355 | #10GbE - bottom 356 | 357 | iface ens6f0 inet manual 358 | mtu 9000 359 | #1G - top 360 | 361 | iface ens6f1 inet manual 362 | mtu 9000 363 | #1G - second from top 364 | 365 | auto ens6f2 366 | iface ens6f2 inet manual 367 | mtu 9000 368 | #1G - second from bottom 369 | 370 | auto ens6f3 371 | iface ens6f3 inet manual 372 | mtu 9000 373 | #1G - bottom 374 | 375 | auto bond0 376 | iface bond0 inet manual 377 | bond-slaves ens4f0 ens4f1 378 | bond-miimon 100 379 | bond-mode 802.3ad 380 | bond-xmit-hash-policy layer3+4 381 | mtu 9000 382 | #Dual 10G LACP 383 | 384 | auto bond1 385 | iface bond1 inet manual 386 | bond-slaves ens6f2 ens6f3 387 | bond-miimon 100 388 | bond-mode 802.3ad 389 | bond-xmit-hash-policy layer3+4 390 | mtu 9000 391 | #Dual 1G LACP 392 | 393 | auto bond2 394 | iface bond2 inet manual 395 | bond-slaves bond0 bond1 396 | bond-miimon 100 397 | bond-mode active-backup 398 | bond-primary bond0 399 | mtu 9000 400 | #10G LACP failover to 1G LACP 401 | 402 | auto vmbr0 403 | iface vmbr0 inet static 404 | address 192.168.10.10/28 405 | gateway 192.168.10.1 406 | bridge-ports bond2 407 | bridge-stp off 408 | bridge-fd 0 409 | bridge-vlan-aware yes 410 | bridge-vids 2-4094 411 | mtu 9000 412 | ``` 413 | 414 | 415 | 416 | ## Container Networking ## 417 | 418 | For setting up containers to use the bonded, VLAN aware interface correctly: 419 | 420 | * Container-->Network-->Edit the default setup (or Add if it doesn't exist) 421 | 422 | ``` 423 | Name: eth0 424 | 425 | MAC address: this should already be populated 426 | 427 | Bridge: vmbr0 428 | 429 | VLAN Tag: 10 430 | 431 | IPv4: DHCP 432 | 433 | IPv6: DHCP 434 | ``` 435 | 436 | * You can copy this same setup for other containers. Just change the VLAN Tag as needed. 437 | 438 | 439 | ### CT Config ### 440 | 441 | For any CTs that need to use the 10Gbe connection, just change CT-->Network settings to: 442 | 443 | ``` 444 | Bridge: vmbr1 445 | IPv4: Static 446 | IPv4/CIDR: 10.10.10.30/24 (or whatever IP that in the range of the vmbr1 settings) 447 | ``` 448 | 449 | * Leave any fields not referred to above as whatever their default is 450 | 451 | 452 | # Clustering # 453 | 454 | ## Initial Cluster Creation ## 455 | 456 | The easiest way to create a cluster is thru the GUI 457 | 458 | * You need to stop all running CTs and VMs. If you get an error you may need to delete the second node's CTs and VMs entirely 459 | 460 | Go to the main server -> Datacenter -> Cluster -> Create Cluster 461 | * Name it 462 | * Leave the IP the same 463 | * Create 464 | 465 | Copy the Join Information 466 | 467 | If you get a known_hosts issue when trying to use the shell, you have to run the command it tells you to on both of the servers BUT you have to run the command in the server from that server's IP. So to run the command on server 1 you'd run it from the Shell in the GUI @ 192.168.10.5 and to run the command on server 2 you'd run it from the Shell in the GUI @ 192.168.10.10 468 | 469 | 470 | - To add a third or more node to the cluster, you have to delete any VMs off of that third node and then copy the join information from the main node and go to the third node and click Join Cluster and paste that in. 471 | 472 | 473 | 474 | 475 | ## RPi QDevice ## 476 | 477 | ### Create the OS ### 478 | 479 | * Insert the MicroSD card 480 | * Open Raspberry Pi Imager 481 | * Choose OS -> Raspberry Pi OS (other) -> Raspberry Pi OS Lite (32-bit) 482 | * Choose the Storage (MicroSD) 483 | * Gear Icon -> 484 | * Set hostname to "pveqdevice" 485 | * Enable SSH 486 | * Use password authentication 487 | * Set username and password 488 | * pi 489 | * whatever password you want (make secure) 490 | * Set locale settings 491 | * Save 492 | 493 | Take out the card, install it into the RPi and start it up 494 | 495 | 496 | ### Set the IP ### 497 | 498 | Go into Unifi Controller and set a static IP for the RPi and name it something you like Proxmox QDevice 499 | * Make sure that the IP is in the same VLAN as the Proxmox servers 500 | 501 | 502 | ### Setup the OS ### 503 | Log in to Raspberry Pi 504 | * First, confirm that the IP assigned in Unifi Controller is correct and then continue: 505 | ``` 506 | ip a 507 | ``` 508 | 509 | ``` 510 | sudo passwd root 511 | 512 | sudo systemctl restart sshd 513 | 514 | sudo apt update && sudo apt upgrade -y 515 | 516 | sudo apt install corosync-qnetd corosync-qdevice -y 517 | 518 | sudo systemctl start corosync-qnetd.service 519 | 520 | sudo systemctl enable corosync-qnetd.service 521 | ``` 522 | 523 | Before being able to add the QDevice to the cluster, you need to enable the Pi to accept root logins 524 | ``` 525 | sudo nano /etc/ssh/sshd_config 526 | ``` 527 | 528 | - Uncomment the line `PermitRootLogin` and change the "prohibited-password" to "yes" 529 | - Save and exit 530 | 531 | ``` 532 | /etc/init.d/ssh restart 533 | ``` 534 | 535 | My understanding at the time of this writing is that you should leave the login as root enabled after adding it to the cluster. 536 | 537 | 538 | ### Add to Cluster ### 539 | From Tom-Servo: 540 | ``` 541 | pvecm qdevice setup [qdevice IP] 542 | 543 | example: 544 | pvecm qdevice setup 192.168.10.6 545 | ``` 546 | 547 | Run `pvecm status` on both nodes to confirm there are now 3 votes 548 | 549 | 550 | 551 | ## Removing a Cluster Node 552 | 553 | #### From the node you want to remove 554 | 555 | Go into `root` to run all of these: 556 | ``` 557 | systemctl stop pve-cluster corosync 558 | 559 | pmxcfs -l 560 | 561 | rm -rf /etc/corosync/* 562 | 563 | rm -rf /etc/pve/corosync.conf 564 | 565 | killall pmxcfs 566 | 567 | systemctl start pve-cluster 568 | 569 | rm -rf /etc/pve/nodes/[NODE-NAME] 570 | ``` 571 | 572 | Still in root, remove anything from the node you removed from these files: 573 | ``` 574 | nano /etc/pve/storage.cfg 575 | 576 | nano /etc/pve/jobs.cfg 577 | ``` 578 | 579 | And finally, run these 580 | ``` 581 | systemctl disable corosync-qdevice.service 582 | 583 | systemctl disable pve-cluster corosync 584 | 585 | reboot 586 | ``` 587 | 588 | 589 | #### From the Remaining Nodes 590 | 591 | Remove the node's folder that is no longer in the cluster 592 | ``` 593 | rm -rf /etc/pve/nodes/[NODE-NAME] 594 | ``` 595 | 596 | Still in root, remove anything from the node you removed from these files: 597 | ``` 598 | nano /etc/pve/storage.cfg 599 | 600 | nano /etc/pve/jobs.cfg 601 | ``` 602 | 603 | Remove the node from this AND change the remaining nodeid's: 604 | ``` 605 | sudo nano /etc/pve/corosync.conf 606 | ``` 607 | 608 | - Now restart the main node and let it come all the way back up 609 | 610 | - Finally, reboot any other remaining nodes 611 | 612 | 613 | ## Deleting the Cluster 614 | 615 | I don't know if there's an official way to do this because I couldn't find it anywhere. What worked for me was just running the "Removing a Cluster Node" steps on the last remaining node. 616 | 617 | 618 | # Resizing VM Drives # 619 | 620 | First- Resize the VM Disk in the Proxmox GUI 621 | 622 | - Node --> VM --> Hardware 623 | - Select Hard Disk (scsi0) and then click Disk Action --> Resize 624 | - Adjust size by adding how many more GBs you need 625 | 626 | Second- You need to resize the VM Disk partition to use that exist disk space. The steps below all take place in the VM CLI 627 | 628 | The resizing process is different dependent on whether or not you are using an LVM setup inside the VM or not (consult how you installed the OS on your VM to find out). Follow one of the sections below, according to your needs, to finish the resizing process. 629 | 630 | * Note- I found that I had to update at least one docker image (NZBGet) and then update the stack for that container before the container would recognize the change in disk size. 631 | 632 | 633 | ## LVM Disks ## 634 | 635 | ``` 636 | df -h 637 | ``` 638 | * take note of the `/dev/mapper/...` path as you'll need it later 639 | 640 | ``` 641 | sudo fdisk /dev/sda 642 | ``` 643 | 644 | These are the fdisk options you'll need to enter exactly in the order they're given: 645 | ``` 646 | p 647 | 648 | d 649 | 650 | 2 651 | 652 | n 653 | 654 | e 655 | 656 | 2 657 | 658 | Enter 659 | 660 | Enter 661 | 662 | n 663 | 664 | Enter 665 | 666 | Enter 667 | 668 | No 669 | 670 | t 671 | 672 | 5 673 | 674 | 8e 675 | 676 | p 677 | 678 | w (as long as the print looked good) 679 | ``` 680 | 681 | ``` 682 | sudo reboot 683 | ``` 684 | 685 | - Log back in 686 | 687 | ``` 688 | sudo pvresize /dev/sda5 689 | 690 | sudo lvextend -r -l +100%FREE /dev/mapper/debian--template--vg-root 691 | 692 | df -h 693 | 694 | sudo reboot 695 | ``` 696 | 697 | 698 | 699 | ## Non-LVM Disks ## 700 | 701 | ``` 702 | df -h -T 703 | ``` 704 | * Take note of the size of `/dev/sda1` 705 | 706 | ``` 707 | sudo apt install parted -y 708 | 709 | sudo parted /dev/sda 710 | 711 | print 712 | 713 | Fix (if needed) 714 | 715 | resizepart 3 100% 716 | 717 | print 718 | 719 | quit 720 | ``` 721 | 722 | Third- Resize the VM LV 723 | ``` 724 | sudo su - root 725 | 726 | pvdisplay 727 | 728 | pvresize /dev/sda3 729 | 730 | pvdisplay 731 | 732 | lvresize -t -v -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv 733 | ``` 734 | 735 | - If the last command worked in test mode, remove the test option and run again: 736 | ``` 737 | lvresize -v -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv 738 | 739 | resize2fs -p /dev/mapper/ubuntu--vg-ubuntu--lv 740 | 741 | df -h -T | grep vg 742 | ``` 743 | 744 | Compare the last command results with what they originally were. That should be it. 745 | 746 | 747 | # Containers 748 | 749 | ## Mount Points Setup 750 | 751 | ### Mount Points 752 | 753 | ``` 754 | nano /etc/pve/lxc/100.conf 755 | ``` 756 | 757 | * Add this to the bottom: 758 | 759 | ``` 760 | mp0: /mnt/Deep-13/websites,mp=/mnt/websites 761 | ``` 762 | 763 | 764 | ### Permissions 765 | 766 | ``` 767 | nano /etc/pve/lxc/100.conf 768 | ``` 769 | 770 | * Add this to the bottom: 771 | 772 | ``` 773 | # uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host) 774 | 775 | lxc.idmap = u 0 100000 1005 776 | 777 | lxc.idmap = g 0 100000 1005 778 | 779 | # we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005 780 | 781 | lxc.idmap = u 1005 1005 1 782 | 783 | lxc.idmap = g 1005 1005 1 784 | 785 | # we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535 786 | 787 | lxc.idmap = u 1006 101006 64530 788 | 789 | lxc.idmap = g 1006 101006 64530 790 | ``` 791 | 792 | Open this: 793 | 794 | ``` 795 | nano /etc/subuid 796 | ``` 797 | 798 | * Add this to the bottom: 799 | 800 | ``` 801 | root:1005:1 802 | ``` 803 | 804 | Open this: 805 | 806 | ``` 807 | nano /etc/subgid 808 | ``` 809 | 810 | * Add this to the bottom: 811 | 812 | ``` 813 | root:1005:1 814 | ``` 815 | 816 | Change the directory permissions for the mounted folder 817 | 818 | ``` 819 | chown -R 1005:1005 /mnt/Deep13 820 | ``` 821 | 822 | 823 | More in depth explanation here https://www.itsembedded.com/sysadmin/proxmox_bind_unprivileged_lxc/ 824 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # homelab-notes 2 | 3 | This is where I share my personal knowledge base on self-hosting and other homelab topics. 4 | 5 | - While I've tried to make all walkthroughs as accurate as possible, some notes are incomplete and are presented for now as starting off points. 6 | 7 | - I actually use these notes myself and they get synced to GitHub when I make changes. As I revisit an install I often update the note I'm using to make it better. Some notes I won't really touch again since I don't use that particular service again. 8 | 9 | - I use Obsidian as a note taking app and although it is based on Markdown there may be some formatting that is specific to that app. 10 | - Some notes have links to other notes like this [[GitHub]] which is Obsidian specific. Although I'm sharing my notes I still need them for my own use so you will often see me pointing to a different file that I need to know about. Some of those notes will be available to you and some won't. Just look around for the note in what is shared here. 11 | - Most notes will have a file creation and modified date on the top which is autocreated from an extension in Obsidian and many dates are wrong anyways because I only recently installed that extension. Just ignore. 12 | 13 | - In my lab I name my stuff after MST3k characters and places. Some things may be confusing without knowing that: 14 | - Deep-13 is my zpool name 15 | - Tom-Servo, Crow and Gypsy are the names of my servers 16 | 17 | - Although it's wasn't my aim to do so, it's entirely possible that someone else's words ended up in my notes somewhere since I take what I find that works and go off of that. As for my notes anyone is allowed to use anything for free and without attribution. 18 | 19 | *** 20 | 21 | I hope I can help out some rookies with these notes. Send me a message here or email me at mrjohnnycake@gmail.com if you have any questions you'd like answered or even tips about what you think I'm doing wrong. -------------------------------------------------------------------------------- /Raspberry Pi.md: -------------------------------------------------------------------------------- 1 | # Raspberry Pi OS Setup 2 | 3 | It's Linux so the setup can be mostly copied from other notes but here are a few specifics (ex. Raspberry Pi OS doesn't create the SSH folder by default) 4 | ``` 5 | sudo apt update 6 | 7 | sudo apt upgrade -y 8 | 9 | sudo apt install vim -y 10 | 11 | mkdir ~/.ssh 12 | 13 | chmod 700 ~/.ssh 14 | 15 | touch ~/.ssh/authorized_keys 16 | 17 | chmod 600 ~/.ssh/authorized_keys 18 | 19 | sudo vim /etc/ssh/sshd_config 20 | ``` 21 | * Uncomment `PermitRootLogin` and change the answer to `No` 22 | 23 | To customize the SSH login screen:: 24 | ``` 25 | sudo vim /etc/motd 26 | ``` 27 | * Delete all of the text in this file and save 28 | 29 | ``` 30 | sudo vim /etc/update-motd.d/10-uname 31 | ``` 32 | * Add `printf "\n"` between `#!/bin/sh` and `uname -snrvm` to create some space between a couple lines during login 33 | 34 | 35 | 36 | # Picture Frame Setup # 37 | 38 | https://www.thedigitalpictureframe.com/how-to-set-up-your-raspberry-pi-for-your-digital-picture-frame/ 39 | 40 | ``` 41 | sudo raspi-config 42 | 43 | 44 | 45 | sudo python3 -m pip install -U pip 46 | 47 | sudo python3 -m pip install picframe 48 | 49 | 50 | sudo python3 -m pip install pi-heif 51 | sudo pip3 install picframe 52 | sudo reboot 53 | picframe -i . 54 | 55 | 56 | ``` 57 | -------------------------------------------------------------------------------- /Security/Fail2ban.md: -------------------------------------------------------------------------------- 1 | # Install 2 | 3 | Install these if you haven't already: 4 | ``` 5 | sudo apt update 6 | 7 | sudo apt install fail2ban iptables 8 | ``` 9 | 10 | 11 | # Configuring 12 | 13 | When `fail2ban` gets updated it clears the config file so make a copy and it'll persist across upgrades: 14 | ``` 15 | sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 16 | ``` 17 | 18 | Edit the config file: 19 | ``` 20 | sudo vim /etc/fail2ban/jail.local 21 | ``` 22 | 23 | At around line 92, add a line underneath the commented out example and make it look like this: 24 | ``` 25 | ignoreip = 127.0.0.1/8 ::1 192.168.50.22 192.168.50.23 26 | ``` 27 | - *the 192.168.50.__ addresses are for my local computers* 28 | 29 | At around line 144, change it from "warn" to "no" 30 | ``` 31 | usedns = no 32 | ``` 33 | 34 | At around line 237, uncomment this: 35 | ``` 36 | action = %(action_)s 37 | apprise 38 | ``` 39 | 40 | At around line 264, comment out: 41 | ``` 42 | #action = %(action_)s 43 | ``` 44 | 45 | At around line 282, uncomment and make it look like this: 46 | ``` 47 | port = ssh 48 | logpath = %(sshd_log)s 49 | #backend = %(sshd_backend)s 50 | backend = systemd 51 | enabled = true 52 | maxretry = 3 53 | ``` 54 | 55 | Get it working: 56 | ``` 57 | sudo systemctl enable fail2ban 58 | 59 | sudo systemctl start fail2ban 60 | ``` 61 | 62 | 63 | # Notifications 64 | 65 | I set up Apprise as the notification system since it's already built in and really easy to do. 66 | 67 | Create the file that holds where you want the notification to go to: 68 | ``` 69 | sudo vim /etc/fail2ban/apprise 70 | ``` 71 | 72 | ``` 73 | mailto://mygoogleusername:2FA-PASSWORD@gmail.com 74 | ``` 75 | - Replace `2FA-PASSWORD` with the password found in 1P 76 | 77 | - Since I didn't end up editing `/etc/fail2ban/action.d/apprise.conf` there's no reason to change it to .local or anything like that 78 | 79 | Reload fail2ban 80 | ``` 81 | sudo systemctl reload fail2ban.service 82 | ``` 83 | 84 | 85 | 86 | # Testing 87 | 88 | ``` 89 | sudo systemctl status fail2ban.service 90 | ``` 91 | 92 | ``` 93 | sudo fail2ban-client status 94 | ``` 95 | 96 | If you're wondering if anyone has been banned you should check these: 97 | ``` 98 | sudo fail2ban-client status sshd 99 | 100 | sudo iptables -L 101 | ``` 102 | 103 | 104 | # Troubleshooting 105 | 106 | To get an IP out of jail, run this: 107 | ``` 108 | sudo fail2ban-client set sshd unbanip 192.168.50.22 109 | ``` 110 | -------------------------------------------------------------------------------- /Security/General Server Security.md: -------------------------------------------------------------------------------- 1 | # SSH 2 | 3 | * Turn off root user access 4 | 5 | ``` 6 | sudo nano /etc/ssh/sshd_config 7 | ``` 8 | 9 | * Change these lines 10 | 11 | ``` 12 | # Authentication: 13 | PermitRootLogin no 14 | 15 | # To disable tunneled clear text passwords, change to no here! 16 | PasswordAuthentication no 17 | ``` 18 | 19 | Save and restart SSH 20 | 21 | ``` 22 | sudo systemctl restart ssh 23 | ``` 24 | 25 | 26 | ## Don't expose things ## 27 | 28 | ``` 29 | ss -lptn 30 | ``` 31 | 32 | Go thru the list and see if I need that service/app exposed or not 33 | 34 | 35 | 36 | ## Firewall ## 37 | 38 | ``` 39 | ufw enable 40 | ``` 41 | 42 | Only allow ports I need 43 | 44 | 45 | ## AppArmor ## 46 | 47 | ``` 48 | sudo apparmor_status 49 | ``` 50 | -------------------------------------------------------------------------------- /Storage/ZFS.md: -------------------------------------------------------------------------------- 1 | https://wiki.debian.org/ZFS 2 | 3 | ## Pool and Datasets ## 4 | * In the Proxmox GUI, wipe the disks that are to be used 5 | 6 | * Create the pool: 7 | 8 | ``` 9 | zpool create -o ashift=12 -m /mnt/Deep-13 Deep-13 raidz /dev/disk/by-id/ata-ST8000VN004-2M2101_WSD4AL2Z /dev/disk/by-id/ata-ST8000VN004-2M2101_WSD7101N /dev/disk/by-id/ata-ST8000VN004-2M2101_WSD6YG1K 10 | ``` 11 | 12 | * Set pool options 13 | 14 | ``` 15 | zfs set compression=lz4 xattr=sa dnodesize=auto Deep-13 16 | ``` 17 | 18 | * Create Media datasets and all associated datasets 19 | 20 | ``` 21 | zfs create -o casesensitivity=mixed -o xattr=sa -o dnodesize=auto -o mountpoint=/mnt/Deep-13/Media Deep-13/Media 22 | 23 | zfs create -o casesensitivity=mixed -o xattr=sa -o dnodesize=auto -o mountpoint=/mnt/Deep-13/Media/audio Deep-13/Media/Audio 24 | 25 | zfs create -o casesensitivity=mixed -o xattr=sa -o dnodesize=auto -o mountpoint=/mnt/Deep-13/Media/books Deep-13/Media/Books 26 | 27 | zfs create -o casesensitivity=mixed -o xattr=sa -o dnodesize=auto -o mountpoint=/mnt/Deep-13/Media/downloaders Deep-13/Media/Downloaders 28 | 29 | zfs create -o casesensitivity=mixed -o xattr=sa -o dnodesize=auto -o mountpoint=/mnt/Deep-13/Media/video Deep-13/Media/Video 30 | ``` 31 | 32 | * Create associated folders 33 | 34 | ``` 35 | mkdir /mnt/Deep-13/media/audio/music 36 | mkdir /mnt/Deep-13/media/audio/other 37 | mkdir /mnt/Deep-13/media/books/audiobooks 38 | mkdir /mnt/Deep-13/media/books/ebooks 39 | mkdir /mnt/Deep-13/media/downloaders/metatube 40 | mkdir /mnt/Deep-13/media/downloaders/torrents 41 | mkdir /mnt/Deep-13/media/downloaders/usenet 42 | mkdir /mnt/Deep-13/media/video/movies 43 | mkdir /mnt/Deep-13/media/video/tv-shows 44 | ``` 45 | 46 | 47 | # Sharing 48 | ## NFS 49 | 50 | - See the [[NFS]] note 51 | 52 | 53 | ## SMB/CIFS ## 54 | 55 | ``` 56 | apt install samba 57 | systemctl enable smbd 58 | ``` 59 | 60 | ``` 61 | zfs set sharesmb=on Deep-13/Media 62 | zfs set sharesmb=on Deep-13/Media/Audio 63 | zfs set sharesmb=on Deep-13/Media/Books 64 | zfs set sharesmb=on Deep-13/Media/Downloaders 65 | zfs set sharesmb=on Deep-13/Media/Video 66 | ``` 67 | 68 | ``` 69 | zfs share Deep-13/Media 70 | zfs share Deep-13/Media/Audio 71 | zfs share Deep-13/Media/Books 72 | zfs share Deep-13/Media/Downloaders 73 | zfs share Deep-13/Media/Video 74 | ``` 75 | 76 | 77 | Create a SMB user 78 | ``` 79 | adduser dave 80 | usermod -aG sambashare dave 81 | smbpasswd -a dave 82 | ``` 83 | 84 | # Permissions 85 | 86 | Set permissions for the share 87 | 88 | ``` 89 | chown -R dave:media /mnt/Deep-13/media 90 | ``` 91 | 92 | 93 | # Windows Connection 94 | 95 | Restart samba to get everything working 96 | 97 | ``` 98 | service smbd restart 99 | ``` 100 | 101 | * Open File Explorer and go to the Network tab 102 | * In the location bar where it says Network, paste this: 103 | * This is for sharing my Zpool/Dataset/Dataset of Deep-13/NAS/Dave 104 | 105 | ``` 106 | \\192.168.10.10\Deep_13_NAS_Dave 107 | ``` 108 | 109 | 110 | 111 | # Exporting / Importing 112 | 113 | This is for moving physical drives to a new server or if you just need to unplug the drives for a while for whatever reason AND you don't want to destroy the pool. 114 | 115 | - First, turn off "Start on boot" for all VMs and containers in Proxmox 116 | - Second, reboot the server 117 | - After reboot run this command: 118 | ``` 119 | sudo zpool export -f Deep-13 120 | ``` 121 | 122 | ``` 123 | zpool import -R /mnt/Deep-13 Deep-13 124 | ``` 125 | *You will likely receive an error about the dataset not sharing correctly. Fix that later by setting the smb shares again* 126 | 127 | 128 | If you don't use the mountpoint option in the command above it messes up the mountpoints pretty good and you have to run these commands for all of datasets 129 | 130 | ``` 131 | zfs set mountpoint=/mnt/Deep-13 Deep-13 132 | 133 | zfs set mountpoint=/mnt/Deep-13/Backups Deep-13/Backups 134 | 135 | zfs set mountpoint=/mnt/Deep-13/Backups/Crow Deep-13/Backups/Crow 136 | ``` 137 | 138 | If you have trouble setting the mountpoint you may need to unmount the dataset first: 139 | ``` 140 | zfs unmount -f Deep-13/Backups 141 | 142 | zfs unmount -f Deep-13/Backups/Crow 143 | 144 | zfs unmount -f Deep-13/Backups/Tom-Servo 145 | ``` 146 | 147 | 148 | 149 | # Maintenance # 150 | 151 | ## Replacing Failed Drives ## 152 | 153 | - Check which disk is unavailable 154 | ``` 155 | zpool status -v 156 | ``` 157 | 158 | - In this last instance, the faulted disk was WX52D32D5L5D 159 | 160 | - Take the faulted disk offine 161 | ``` 162 | zpool offline Deep-13 /dev/disk/by-id/ata-WDC_WD40EFZX-68AWUN0_WD-WX52D32D5L5D-part1 163 | ``` 164 | 165 | - Shutdown the server and replace the faulted drive with the new one 166 | - Take note of the new disk's serial number. In this case, the new disk is WX72D32NCU7L 167 | 168 | - Start the server and log back into the CLI 169 | 170 | - Get the new disk location 171 | ``` 172 | ls /dev/disk/by-id 173 | ``` 174 | 175 | - Run this to replace the failed drive (the first disk listed in the command) with the new disk (the second disk listed in the command) 176 | ``` 177 | zpool replace Deep-13 /dev/disk/by-id/ata-WDC_WD40EFZX-68AWUN0_WD-WX52D32D5L5D-part1 /dev/disk/by-id/ata-WDC_WD40EFZX-68AWUN0_WD-WX72D32NCU7L 178 | ``` 179 | 180 | - Let it go thru the resilvering process (about the same amount of time as a scrub) 181 | 182 | 183 | ## Managing Snapshots ## 184 | 185 | - List all snapshots 186 | ``` 187 | zfs list -t snapshot 188 | ``` 189 | 190 | Delete a snapshot (edit end of command with exact snapshot name) 191 | ``` 192 | zfs destroy Deep-13/Backups@zfs... 193 | ``` 194 | 195 | Destroy all snapshots from a particular dataset 196 | ``` 197 | sudo -i 198 | 199 | zfs list -H -o name -t snapshot Deep-13/Media/Video | xargs -n1 zfs destroy 200 | ``` 201 | 202 | 203 | Destroy all snapshots from entire pool 204 | ``` 205 | sudo -i 206 | 207 | zfs list -H -o name -t snapshot | xargs -n1 zfs destroy 208 | ``` --------------------------------------------------------------------------------