From 9c3274881e1c396adfe560271f5cb10985cc3ec0 Mon Sep 17 00:00:00 2001 From: Jamie Albert Date: Sun, 7 Dec 2025 17:31:31 +0000 Subject: [PATCH] syncing servers --- .gitignore | 22 +- .../hephaestus/ark/usr/local/bin/backup.sh | 44 + .../hephaestus/ark/usr/local/bin/cleanup.sh | 62 + servers/hephaestus/docker/.env | 76 + servers/hephaestus/docker/backup.compose.yml | 320 +++ servers/hephaestus/docker/baikal.yml | 38 + servers/hephaestus/docker/calibre_web.yml | 78 + servers/hephaestus/docker/compose.yml | 20 + servers/hephaestus/docker/dynamic.yml | 4 + servers/hephaestus/docker/gitea.yml | 109 + servers/hephaestus/docker/immich.yml | 68 + servers/hephaestus/docker/obsidian_db.yml | 36 + servers/hephaestus/docker/traefik.yml | 42 + servers/hephaestus/docker/vaultwarden.yml | 52 + servers/hephaestus/homelab | 252 +++ servers/hestia/.bash_history | 2000 +++++++++++++++++ servers/hestia/.bash_logout | 7 + servers/hestia/.bashrc | 114 + servers/hestia/.boot.sh | 3 + servers/hestia/.lesshst | 1 + servers/hestia/.profile | 27 + servers/hestia/.selected_editor | 2 + servers/hestia/.sudo_as_admin_successful | 0 servers/hestia/.wget-hsts | 4 + servers/hestia/dao/docker/.env | 76 + servers/hestia/dao/docker/backup.compose.yml | 320 +++ servers/hestia/dao/docker/baikal.yml | 45 + servers/hestia/dao/docker/calibre_web.yml | 83 + servers/hestia/dao/docker/compose.yml | 20 + servers/hestia/dao/docker/dynamic.yml | 4 + servers/hestia/dao/docker/gitea.yml | 114 + servers/hestia/dao/docker/immich.yml | 74 + servers/hestia/dao/docker/obsidian_db.yml | 36 + servers/hestia/dao/docker/traefik.yml | 25 + servers/hestia/dao/docker/vaultwarden.yml | 51 + servers/hestia/dao/scripts/dim_screen.sh | 2 + servers/hestia/dao/scripts/mount.sh | 203 ++ servers/hestia/dao/scripts/wg0_keepalive.sh | 19 + servers/hestia/sh/cron.sh | 40 + servers/hestia/sh/update.sh | 46 + servers/pan/.alsaequal.bin | Bin 0 -> 824 bytes servers/pan/.alsaequal.bin.bt_W-King | Bin 0 -> 824 bytes servers/pan/.alsaequal.bin.bt_hades | Bin 0 -> 824 bytes servers/pan/.alsaequal.presets | 6 + servers/pan/.ash_history | 39 + servers/pan/.ashrc | 50 + servers/pan/.bash_history | 119 + servers/pan/.bashrc | 2 + servers/pan/.boot.sh | 11 + servers/pan/.profile | 36 + servers/pan/asound.conf | 45 + servers/pan/asound.conf.bak | 68 + servers/pan/pcp-powerbutton.sh | 102 + servers/pan/powerscript.sh | 33 + 54 files changed, 5048 insertions(+), 2 deletions(-) create mode 100755 servers/hephaestus/ark/usr/local/bin/backup.sh create mode 100755 servers/hephaestus/ark/usr/local/bin/cleanup.sh create mode 100644 servers/hephaestus/docker/.env create mode 100644 servers/hephaestus/docker/backup.compose.yml create mode 100644 servers/hephaestus/docker/baikal.yml create mode 100644 servers/hephaestus/docker/calibre_web.yml create mode 100644 servers/hephaestus/docker/compose.yml create mode 100644 servers/hephaestus/docker/dynamic.yml create mode 100644 servers/hephaestus/docker/gitea.yml create mode 100644 servers/hephaestus/docker/immich.yml create mode 100644 servers/hephaestus/docker/obsidian_db.yml create mode 100644 servers/hephaestus/docker/traefik.yml create mode 100644 servers/hephaestus/docker/vaultwarden.yml create mode 100644 servers/hephaestus/homelab create mode 100644 servers/hestia/.bash_history create mode 100644 servers/hestia/.bash_logout create mode 100644 servers/hestia/.bashrc create mode 100644 servers/hestia/.boot.sh create mode 100644 servers/hestia/.lesshst create mode 100644 servers/hestia/.profile create mode 100644 servers/hestia/.selected_editor create mode 100644 servers/hestia/.sudo_as_admin_successful create mode 100644 servers/hestia/.wget-hsts create mode 100644 servers/hestia/dao/docker/.env create mode 100644 servers/hestia/dao/docker/backup.compose.yml create mode 100644 servers/hestia/dao/docker/baikal.yml create mode 100644 servers/hestia/dao/docker/calibre_web.yml create mode 100644 servers/hestia/dao/docker/compose.yml create mode 100644 servers/hestia/dao/docker/dynamic.yml create mode 100644 servers/hestia/dao/docker/gitea.yml create mode 100644 servers/hestia/dao/docker/immich.yml create mode 100644 servers/hestia/dao/docker/obsidian_db.yml create mode 100644 servers/hestia/dao/docker/traefik.yml create mode 100644 servers/hestia/dao/docker/vaultwarden.yml create mode 100755 servers/hestia/dao/scripts/dim_screen.sh create mode 100755 servers/hestia/dao/scripts/mount.sh create mode 100755 servers/hestia/dao/scripts/wg0_keepalive.sh create mode 100755 servers/hestia/sh/cron.sh create mode 100755 servers/hestia/sh/update.sh create mode 100644 servers/pan/.alsaequal.bin create mode 100644 servers/pan/.alsaequal.bin.bt_W-King create mode 100644 servers/pan/.alsaequal.bin.bt_hades create mode 100644 servers/pan/.alsaequal.presets create mode 100644 servers/pan/.ash_history create mode 100644 servers/pan/.ashrc create mode 100644 servers/pan/.bash_history create mode 100644 servers/pan/.bashrc create mode 100755 servers/pan/.boot.sh create mode 100644 servers/pan/.profile create mode 100644 servers/pan/asound.conf create mode 100644 servers/pan/asound.conf.bak create mode 100755 servers/pan/pcp-powerbutton.sh create mode 100755 servers/pan/powerscript.sh diff --git a/.gitignore b/.gitignore index 5fa417c..2693978 100644 --- a/.gitignore +++ b/.gitignore @@ -3,5 +3,23 @@ cradle/home/.config/aerc/accounts.conf cradle/home/.mbsyncrc storage/harpocrates/* storage/* -servers/* -in_progress/things_to_do \ No newline at end of file +servers/hephaestus/docker/data +servers/hephaestus/docker/letsencrypt +servers/hestia/.ssh/* +servers/hestia/storage/* +servers/hestia/.config +servers/hestia/.local +servers/hestia/.ssh +servers/hestia/.terminfo +servers/hestia/dao/servers +servers/hestia/dao/storage +servers/hestia/dao/docker/data +servers/hestia/dao/docker/letsencrypt +servers/pan/.local +servers/pan/.ssh +servers/pan/.terminfo +servers/pan/.X.d +servers/pan/rtl8761bu +servers/pan/Tidal-Connect-Armv7 +in_progress/things_to_do +servers/pan/.cifs.cred diff --git a/servers/hephaestus/ark/usr/local/bin/backup.sh b/servers/hephaestus/ark/usr/local/bin/backup.sh new file mode 100755 index 0000000..3d04bcb --- /dev/null +++ b/servers/hephaestus/ark/usr/local/bin/backup.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Set variables +backup=$(date +%Y%m%d%H%M) +RETENTION_DAYS=5 + +log_message() { + echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" +} + +log_message "Starting backup process..." + +# Stop Docker +log_message "Stopping Docker services..." +cd /home/oc/dao/docker +docker compose down + +## Baikal backup +log_message "Backing up Baikal database..." +cd /home/oc/dao/docker/data/baikal/Specific/db +[[ -f ./db.sqlite ]] && echo .dump | sqlite3 db.sqlite | gzip > "dumps/${backup}_baikal.sql.gz" && log_message "Baikal dumped" + +# tar docker folder +log_message "Creating Docker tarball..." +cd /home/oc/dao +tar -cf "/tmp/${backup}_docker.tar.gz" docker/ + +# rclone upload +log_message "Uploading to remote storage..." +cd /tmp +rclone copy "${backup}_docker.tar.gz" vault:/system/backups/docker/ +rm -f ${backup}_docker.tar.gz + +# Clean up old backups (keep last 5 days) +log_message "Cleaning up old backups..." +rclone delete vault:/system/backups/docker/ --min-age ${RETENTION_DAYS}d + +# Start Docker +log_message "Starting Docker services..." +cd /home/oc/dao/docker +docker compose up -d + +log_message "Backup process completed." + diff --git a/servers/hephaestus/ark/usr/local/bin/cleanup.sh b/servers/hephaestus/ark/usr/local/bin/cleanup.sh new file mode 100755 index 0000000..123ac5e --- /dev/null +++ b/servers/hephaestus/ark/usr/local/bin/cleanup.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +# System Cleanup Script +# Run this script via cron to maintain system cleanliness + +# Set variables +LOG_FILE="/var/log/system-cleanup.log" +DATE=$(date '+%Y-%m-%d %H:%M:%S') + +# Function to log messages to both console and file +log_message() { + echo "[$DATE] $1" | tee -a "$LOG_FILE" +} + +log_message "Starting system cleanup..." + +# Docker System Cleanup +log_message "Cleaning up Docker system..." +docker system prune -a -f --volumes | while read -r line; do + log_message "Docker: $line" +done + +# Clean up old Docker images not used in last 30 days +log_message "Removing unused Docker images older than 30 days..." +docker image prune -a -f --filter "until=720h" | while read -r line; do + log_message "Docker images: $line" +done + +# System Package Cleanup +log_message "Cleaning up apt packages..." +apt-get autoremove -y | while read -r line; do + log_message "APT autoremove: $line" +done + +apt-get autoclean -y | while read -r line; do + log_message "APT autoclean: $line" +done + +# Clean up old logs (keep last 7 days) +log_message "Cleaning up old system logs..." +find /var/log -name "*.log" -type f -mtime +7 -delete 2>/dev/null +find /var/log -name "*.log.*" -type f -mtime +7 -delete 2>/dev/null + +# Clean up journal logs (keep last 7 days) +log_message "Cleaning up journal logs..." +journalctl --vacuum-time=7d | while read -r line; do + log_message "Journal cleanup: $line" +done + +# Clean up temporary files +log_message "Cleaning up temporary files..." +find /tmp -type f -atime +7 -delete 2>/dev/null +find /var/tmp -type f -atime +7 -delete 2>/dev/null + +# Show disk usage after cleanup +log_message "Disk usage after cleanup:" +df -h | while read -r line; do + log_message "Disk: $line" +done + +log_message "System cleanup completed." + diff --git a/servers/hephaestus/docker/.env b/servers/hephaestus/docker/.env new file mode 100644 index 0000000..2dda432 --- /dev/null +++ b/servers/hephaestus/docker/.env @@ -0,0 +1,76 @@ +# --- +# Baikal +# --- +BAIKAL_ADMIN_TOKEN="TTQH95LKDM9VQVZS" +BAIKAL_EMAIL="mail@do-bbs.com" +BAIKAL_HOST="dav.do-bbs.com" +BAIKAL_HC="https://hc-ping.com/d15fee2e-17ad-42bb-a573-591f45d3532b" + +# --- +# Calibre Web +# --- +CALIBRE_WEB_HOST="cwa.do-bbs.com" +CALIBRE_WEB_D_HOST="cwabd.do-bbs.com" +CALIBRE_WEB_HC="https://hc-ping.com/313b09fb-f4c6-4fe8-b3d8-47929974c247" +HARD_API="eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJIYXJkY292ZXIiLCJ2ZXJzaW9uIjoiOCIsImp0aSI6ImEwZmZkNDk1LWM1ODMtNGEwMS1iYjBkLWYyNTNlMTEwMjU5ZSIsImFwcGxpY2F0aW9uSWQiOjIsInN1YiI6IjUxMDU5IiwiYXVkIjoiMSIsImlkIjoiNTEwNTkiLCJsb2dnZWRJbiI6dHJ1ZSwiaWF0IjoxNzYwOTIzOTM3LCJleHAiOjE3OTI0NTk5MzcsImh0dHBzOi8vaGFzdXJhLmlvL2p3dC9jbGFpbXMiOnsieC1oYXN1cmEtYWxsb3dlZC1yb2xlcyI6WyJ1c2VyIl0sIngtaGFzdXJhLWRlZmF1bHQtcm9sZSI6InVzZXIiLCJ4LWhhc3VyYS1yb2xlIjoidXNlciIsIlgtaGFzdXJhLXVzZXItaWQiOiI1MTA1OSJ9LCJ1c2VyIjp7ImlkIjo1MTA1OX19.26e1ZMA8p3ovr9d1wLJuZpXb72sTUXIjkEuoCrwPO90" +AA_KEY="5uWJKXVXJSpJhCvTo22XfVLVeMYEY#" + + +# --- +# Immich +# --- +IMMICH_HOST_DOMAIN=photos.do-bbs.com +UPLOAD_LOCATION=/mnt/athena/photos +DB_DATA_LOCATION=./data/immich/postgres +IMMICH_VERSION=release +DB_PASSWORD=poss8asdfhoNisdg97SDd! +DB_USERNAME=postgres +DB_DATABASE_NAME=immich +IMMICH_HC=https://hc-ping.com/583d761e-8899-4b15-be2c-d0a11f6c3f6a + +# --- +# Traefik +# --- +TRAEFIK_WEBMASTER="webmaster@flatmail.me" + +# --- +# Obsidian +# --- +OBSIDIAN_DB_HOST="obsidiandb.do-bbs.com" +OBSIDIAN_DB_HC="https://hc-ping.com/abbaa192-dadc-4241-b1a5-b2e4dbb50735" +OBSIDIAN_DB_USER=GelatoMadness +OBSIDIAN_DB_PASS=kangaroo-proof-breeze-tent-medal-oblige-require-good1 + +# --- +# Vaultwarden +# --- +VAULT_ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$OStJdThqUWRMbHUxSkVzM1pQbzAvMGk1bGxmK2wyRUJJM0t4K2xyNlI1TT0$KuXsTTUW0GJqOoaGWxP8W2u5AthQ5gmdjC/VzS5tDQI' +VAULT_HOST="vault.do-bbs.com" + +# --- +# Gitea +# --- +DATA_PATH=/data +GITEA_VOLUME_LOCATION=./data/gitea +GITEA_HOSTNAME=gitea.do-bbs.com +GITEA_URL=https://gitea.do-bbs.com +GITEA_POSTGRES_IMAGE_TAG=postgres:latest +GITEA_IMAGE_TAG=gitea/gitea:latest +GITEA_DB_NAME=giteadb +GITEA_DB_USER=giteadbuser +GITEA_DB_PASSWORD=Dls8dnaPSmsgoA! +GITEA_ADMIN_USERNAME=giteaadmin +GITEA_ADMIN_PASSWORD=M8ajdl!lsmd3 +GITEA_ADMIN_EMAIL=root@do-bbs.com +GITEA_SHELL_SSH_PORT=748 + + +# Backup Variables +BACKUP_INIT_SLEEP=30m +BACKUP_INTERVAL=24h +POSTGRES_BACKUP_PRUNE_DAYS=7 +DATA_BACKUP_PRUNE_DAYS=7 +POSTGRES_BACKUPS_PATH=/srv/gitea-postgres/backups +DATA_BACKUPS_PATH=/srv/gitea-application-data/backups +POSTGRES_BACKUP_NAME=gitea-postgres-backup +DATA_BACKUP_NAME=gitea-application-data-backup \ No newline at end of file diff --git a/servers/hephaestus/docker/backup.compose.yml b/servers/hephaestus/docker/backup.compose.yml new file mode 100644 index 0000000..2578b62 --- /dev/null +++ b/servers/hephaestus/docker/backup.compose.yml @@ -0,0 +1,320 @@ +services: + traefik: + image: traefik:v3.2 + container_name: traefik + command: + - "--api.insecure=true" + - "--api.dashboard=true" + - "--api.debug=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" + - "--certificatesresolvers.letsencrypt.acme.email=webmaster@do-bbs.com" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--accesslog.filepath=/data/access.log" + - "--accesslog.format=json" + - --providers.file.filename=/dynamic.yml + - --providers.file.watch=true + ports: + - "80:80" + - "443:443" + - "8080:8080" + networks: + - external + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./letsencrypt:/letsencrypt + - ./data/traefik:/data + - ./dynamic.yml:/dynamic.yml:ro + - ./data/calibre/htpasswd.list:/htpasswd.list + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik-dashboard.entrypoints=websecure" + - "traefik.http.routers.traefik-dashboard.service=api@internal" + - "traefik.http.routers.traefik-dashboard.tls=true" + restart: unless-stopped + + dav: + image: ckulka/baikal:nginx + container_name: baikal + environment: + MSMTPRC: | + defaults + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + account default + host smtp.protonmail.ch + port 587 + from mail@do-bbs.com + user mail@do-bbs.com + password ${BAIKAL_ADMIN_TOKEN} + networks: + - external + volumes: + - ./data/baikal/Specific:/var/www/baikal/Specific + - ./data/baikal/config:/var/www/baikal/config + - ./data/baikal/50-add-sharing-plugin.sh:/docker-entrypoint.d/50-add-sharing-plugin.sh + labels: + - "traefik.enable=true" + - "traefik.http.routers.baikal.entrypoints=websecure" + - "traefik.http.routers.baikal.rule=Host(`dav.do-bbs.com`)" + - "traefik.http.routers.baikal.tls=true" + - "traefik.http.routers.baikal.tls.certresolver=letsencrypt" + - "traefik.http.services.baikal.loadbalancer.server.port=80" + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/d15fee2e-17ad-42bb-a573-591f45d3532b"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + environment: + - SIGNUPS_ALLOWED=false + - INVITES_ALLOWED=false + # - ADMIN_TOKEN=${VAULT_ADMIN_TOKEN} + - ADMIN_TOKEN=IFdsg.ORGOTARON123nsl + - DOMAIN=https://vault.do-bbs.com + - LOG_LEVEL=warn + - LOG_FILE=/data/vaultwarden.log + - TZ=Europe/London + networks: + - external + volumes: + - ./data/vaultwarden:/data + labels: + - traefik.enable=true + - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https + - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true + - traefik.http.routers.vaultwarden-https.rule=Host(`vault.do-bbs.com`) + - traefik.http.routers.vaultwarden-https.entrypoints=websecure + - traefik.http.routers.vaultwarden-https.tls=true + - traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt + - traefik.http.routers.vaultwarden-https.service=vaultwarden + - traefik.http.routers.vaultwarden-http.rule=Host(`vault.do-bbs.com`) + - traefik.http.routers.vaultwarden-http.entrypoints=web + - traefik.http.routers.vaultwarden-http.middlewares=redirect-https + - traefik.http.routers.vaultwarden-http.service=vaultwarden + - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/8d7c299a-9594-4f5b-bc1f-9d916ef530e6"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + vaultwarden_backup: + image: ttionya/vaultwarden-backup:latest + container_name: vaultwarden-backup + restart: always + environment: + RCLONE_REMOTE_DIR: '/system/backups/vaultwarden/' + PING_URL_WHEN_SUCCESS: 'https://hc-ping.com/c03ac1a9-076a-415b-a378-bca245118672' + labels: + - traefik.enable=false + volumes: + - ./data/vaultwarden:/bitwarden/data/ + - vaultwarden-rclone-data:/config/ + + immich_server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + volumes: + - ${UPLOAD_LOCATION}:/data + - /etc/localtime:/etc/localtime:ro + env_file: + .env + environment: + - REDIS_HOSTNAME=immich_redis + - DB_HOSTNAME=immich_database + networks: + - external + - internal + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.immich.rule=Host(`photos.do-bbs.com`)" + - "traefik.http.routers.immich.entrypoints=websecure" + - "traefik.http.services.immich.loadbalancer.server.port=2283" + - "traefik.http.routers.immich.tls=true" + - "traefik.http.routers.immich.tls.certresolver=letsencrypt" + depends_on: + - immich_redis + - immich_database + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/583d761e-8899-4b15-be2c-d0a11f6c3f6a"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always + + immich_machine_learning: + container_name: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + volumes: + - model-cache:/cache + env_file: + - .env + networks: + - internal + restart: always + + immich_redis: + container_name: immich_redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 + healthcheck: + test: redis-cli ping || exit 1 + networks: + - internal + restart: always + + immich_database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + volumes: + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + networks: + - internal + restart: always + + obsidian_db: + image: couchdb:latest + container_name: couchdb-ols + env_file: + .env + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.couchdb.rule=Host(`couchdb.do-bbs.com`)" + - "traefik.http.routers.couchdb.entrypoints=websecure" + - "traefik.http.services.couchdb.loadbalancer.server.port=5984" + - "traefik.http.routers.couchdb.tls=true" + - "traefik.http.routers.couchdb.tls.certresolver=letsencrypt" + - "traefik.http.routers.couchdb.middlewares=obsidiancors" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowmethods=GET,PUT,POST,HEAD,DELETE" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowheaders=accept,authorization,content-type,origin,referer" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolalloworiginlist=app://obsidian.md,capacitor://localhost,http://localhost" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolmaxage=3600" + - "traefik.http.middlewares.obsidiancors.headers.addvaryheader=true" + - "traefik.http.middlewares.obsidiancors.headers.accessControlAllowCredentials=true" + environment: + - COUCHDB_USER=${COUCHDB_USER} + - COUCHDB_PASSWORD=${COUCHDB_PASSWORD} + volumes: + - ./data/couchdb/couchdb-data:/opt/couchdb/data + - ./data/couchdb/couchdb-etc:/opt/couchdb/etc/local.d + networks: + - external + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/abbaa192-dadc-4241-b1a5-b2e4dbb50735"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always + + calibre_web: + image: crocodilestick/calibre-web-automated:dev + container_name: calibre-web-automated + env_file: + - .env + environment: + - PUID=33 + - PGID=33 + - TZ=UTC + - HARDCOVER_TOKEN=${HARD_API} + - NETWORK_SHARE_MODE=true + - CWA_PORT_OVERRIDE=8083 + - DOCKER_MODS=lscr.io/linuxserver/mods:universal-calibre-v8.7.0 + volumes: + - ./data/calibre-web/data:/config + - ./data/calibre-web/meta:/calibre-library + - /mnt/athena/books/library:/calibre-library/athena + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/plugins:/config/.config/calibre/plugins + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwa.rule=Host(`cwa.do-bbs.com`)" + - "traefik.http.routers.cwa.entrypoints=websecure" + - "traefik.http.services.cwa.loadbalancer.server.port=8083" + - "traefik.http.routers.cwa.tls=true" + - "traefik.http.routers.cwa.tls.certresolver=letsencrypt" + networks: + - external + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/313b09fb-f4c6-4fe8-b3d8-47929974c247"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + calibre_web_downloader: + image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest + container_name: calibre-web-automated-book-downloader + env_file: + .env + environment: + FLASK_PORT: 8084 + FLASK_DEBUG: false + LOG_LEVEL: info + BOOK_LANGUAGE: en + USE_BOOK_TITLE: true + TZ: UTC + APP_ENV: prod + UID: 33 + GID: 33 + CWA_DB_PATH: /auth/app.db + INGEST_DIR: /cwa-book-ingest + MAX_CONCURRENT_DOWNLOADS: 3 + DOWNLOAD_PROGRESS_UPDATE_INTERVAL: 5 + AA_DONATOR_KEY: ${AA_KEY} + USE_CF_BYPASS: false + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwabd.rule=Host(`cwabd.do-bbs.com`)" + - "traefik.http.routers.cwabd.entrypoints=websecure" + - "traefik.http.services.cwabd.loadbalancer.server.port=8084" + - "traefik.http.routers.cwabd.tls=true" + - "traefik.http.routers.cwabd.tls.certresolver=letsencrypt" + volumes: + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/data/app.db:/auth/app.db:ro + networks: + - external + - internal + restart: unless-stopped + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + networks: + - internal + +volumes: + model-cache: + vaultwarden-rclone-data: + external: true + name: vaultwarden-rclone-data + +networks: + external: + name: external + internal: + name: internal + diff --git a/servers/hephaestus/docker/baikal.yml b/servers/hephaestus/docker/baikal.yml new file mode 100644 index 0000000..a4d7f3d --- /dev/null +++ b/servers/hephaestus/docker/baikal.yml @@ -0,0 +1,38 @@ +services: + dav: + image: ckulka/baikal:nginx + container_name: baikal + env_file: + - path: .env + environment: + MSMTPRC: | + defaults + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + account default + host smtp.protonmail.ch + port 587 + from ${BAIKAL_EMAIL} + user ${BAIKAL_EMAIL} + password ${BAIKAL_ADMIN_TOKEN} + networks: + - external + volumes: + - ./data/baikal/Specific:/var/www/baikal/Specific + - ./data/baikal/config:/var/www/baikal/config + - ./data/baikal/50-add-sharing-plugin.sh:/docker-entrypoint.d/50-add-sharing-plugin.sh + labels: + - "traefik.enable=true" + - "traefik.http.routers.baikal.entrypoints=websecure" + - "traefik.http.routers.baikal.rule=Host(`${BAIKAL_HOST}`)" + - "traefik.http.routers.baikal.tls=true" + - "traefik.http.routers.baikal.tls.certresolver=letsencrypt" + - "traefik.http.services.baikal.loadbalancer.server.port=80" + healthcheck: + test: ["CMD", "curl", "-f", "${BAIKAL_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped diff --git a/servers/hephaestus/docker/calibre_web.yml b/servers/hephaestus/docker/calibre_web.yml new file mode 100644 index 0000000..101ed8a --- /dev/null +++ b/servers/hephaestus/docker/calibre_web.yml @@ -0,0 +1,78 @@ +services: + calibre_web: + image: crocodilestick/calibre-web-automated:dev + container_name: calibre-web-automated + env_file: + - path: .env + environment: + - PUID=33 + - PGID=33 + - TZ=UTC + - HARDCOVER_TOKEN=${HARD_API} + - NETWORK_SHARE_MODE=true + - CWA_PORT_OVERRIDE=8083 + - DOCKER_MODS=lscr.io/linuxserver/mods:universal-calibre-v8.7.0 + volumes: + - ./data/calibre-web/data:/config + - ./data/calibre-web/meta:/calibre-library + - /mnt/athena/books/library:/calibre-library/athena + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/plugins:/config/.config/calibre/plugins + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwa.rule=Host(`${CALIBRE_WEB_HOST}`)" + - "traefik.http.routers.cwa.entrypoints=websecure" + - "traefik.http.services.cwa.loadbalancer.server.port=8083" + - "traefik.http.routers.cwa.tls=true" + - "traefik.http.routers.cwa.tls.certresolver=letsencrypt" + networks: + - external + healthcheck: + test: ["CMD", "curl", "-f", "${CALIBRE_WEB_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + calibre_web_downloader: + image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest + container_name: calibre-web-automated-book-downloader + env_file: + - path: .env + environment: + FLASK_PORT: 8084 + FLASK_DEBUG: false + LOG_LEVEL: info + BOOK_LANGUAGE: en + USE_BOOK_TITLE: true + TZ: UTC + APP_ENV: prod + UID: 33 + GID: 33 + CWA_DB_PATH: /auth/app.db + INGEST_DIR: /cwa-book-ingest + MAX_CONCURRENT_DOWNLOADS: 3 + DOWNLOAD_PROGRESS_UPDATE_INTERVAL: 5 + AA_DONATOR_KEY: ${AA_KEY} + USE_CF_BYPASS: false + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwabd.rule=Host(`${CALIBRE_WEB_D_HOST}`)" + - "traefik.http.routers.cwabd.entrypoints=websecure" + - "traefik.http.services.cwabd.loadbalancer.server.port=8084" + - "traefik.http.routers.cwabd.tls=true" + - "traefik.http.routers.cwabd.tls.certresolver=letsencrypt" + volumes: + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/data/app.db:/auth/app.db:ro + networks: + - external + restart: unless-stopped + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + networks: + - external \ No newline at end of file diff --git a/servers/hephaestus/docker/compose.yml b/servers/hephaestus/docker/compose.yml new file mode 100644 index 0000000..e9d1321 --- /dev/null +++ b/servers/hephaestus/docker/compose.yml @@ -0,0 +1,20 @@ +include: + - traefik.yml + - baikal.yml + - vaultwarden.yml + - immich.yml + - obsidian_db.yml + - calibre_web.yml + - gitea.yml + +networks: + external: + name: external + internal: + name: internal + +volumes: + model-cache: + vaultwarden-rclone-data: + external: true + name: vaultwarden-rclone-data \ No newline at end of file diff --git a/servers/hephaestus/docker/dynamic.yml b/servers/hephaestus/docker/dynamic.yml new file mode 100644 index 0000000..cff1196 --- /dev/null +++ b/servers/hephaestus/docker/dynamic.yml @@ -0,0 +1,4 @@ +http: + serversTransports: + ignorecert: + insecureSkipVerify: true diff --git a/servers/hephaestus/docker/gitea.yml b/servers/hephaestus/docker/gitea.yml new file mode 100644 index 0000000..47d36da --- /dev/null +++ b/servers/hephaestus/docker/gitea.yml @@ -0,0 +1,109 @@ +services: + gitea_postgres: + image: ${GITEA_POSTGRES_IMAGE_TAG} + container_name: gitea_postgres + volumes: + - ${GITEA_VOLUME_LOCATION}/postgres:/var/lib/postgresql + env_file: + - .env + environment: + POSTGRES_DB: ${GITEA_DB_NAME} + POSTGRES_USER: ${GITEA_DB_USER} + POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD} + networks: + - internal + healthcheck: + test: [ "CMD", "pg_isready", "-q", "-d", "${GITEA_DB_NAME}", "-U", "${GITEA_DB_USER}" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 60s + restart: unless-stopped + + gitea: + image: ${GITEA_IMAGE_TAG} + container_name: gitea + volumes: + - ${GITEA_VOLUME_LOCATION}/data:/${DATA_PATH} + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + environment: + GITEA_DATABASE_HOST: postgres + GITEA_DATABASE_NAME: ${GITEA_DB_NAME} + GITEA_DATABASE_USERNAME: ${GITEA_DB_USER} + GITEA_DATABASE_PASSWORD: ${GITEA_DB_PASSWORD} + GITEA_ADMIN_USER: ${GITEA_ADMIN_USERNAME} + GITEA_ADMIN_PASSWORD: ${GITEA_ADMIN_PASSWORD} + GITEA_ADMIN_EMAIL: ${GITEA_ADMIN_EMAIL} + GITEA_RUN_MODE: prod + GITEA_DOMAIN: ${GITEA_HOSTNAME} + GITEA_SSH_DOMAIN: ${GITEA_HOSTNAME} + GITEA_ROOT_URL: ${GITEA_URL} + GITEA_HTTP_PORT: 3000 + GITEA_SSH_PORT: ${GITEA_SHELL_SSH_PORT} + GITEA_SSH_LISTEN_PORT: 22 + networks: + - external + - internal + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 90s + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`${GITEA_HOSTNAME}`)" + - "traefik.http.routers.gitea.service=gitea" + - "traefik.http.routers.gitea.entrypoints=websecure" + - "traefik.http.services.gitea.loadbalancer.server.port=3000" + - "traefik.http.routers.gitea.tls=true" + - "traefik.http.routers.gitea.tls.certresolver=letsencrypt" + - "traefik.http.services.gitea.loadbalancer.passhostheader=true" + - "traefik.http.middlewares.gitea.compress=true" + - "traefik.http.routers.gitea.middlewares=gitea" + - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" + - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh" + - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh" + - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22" + - "traefik.docker.network=external" + restart: unless-stopped + depends_on: + gitea_postgres: + condition: service_healthy + + gitea_backups: + image: ${GITEA_POSTGRES_IMAGE_TAG} + container_name: gitea_backups + command: >- + sh -c 'sleep $BACKUP_INIT_SLEEP && + while true; do + pg_dump -h postgres -p 5432 -d $GITEA_DB_NAME -U $GITEA_DB_USER | gzip > $POSTGRES_BACKUPS_PATH/$POSTGRES_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").gz && + tar -zcpf $DATA_BACKUPS_PATH/$DATA_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").tar.gz $DATA_PATH && + find $POSTGRES_BACKUPS_PATH -type f -mtime +$POSTGRES_BACKUP_PRUNE_DAYS | xargs rm -f && + find $DATA_BACKUPS_PATH -type f -mtime +$DATA_BACKUP_PRUNE_DAYS | xargs rm -f; + sleep $BACKUP_INTERVAL; done' + volumes: + - ${GITEA_VOLUME_LOCATION}/postgres_backup:/var/lib/postgresql/data + - ${GITEA_VOLUME_LOCATION}/data:${DATA_PATH} + - ${GITEA_VOLUME_LOCATION}/data_backup:${DATA_BACKUPS_PATH} + - ${GITEA_VOLUME_LOCATION}/database_backup:${POSTGRES_BACKUPS_PATH} + environment: + GITEA_DB_NAME: ${GITEA_DB_NAME} + GITEA_DB_USER: ${GITEA_DB_USER} + PGPASSWORD: ${GITEA_DB_PASSWORD} + BACKUP_INIT_SLEEP: ${BACKUP_INIT_SLEEP} + BACKUP_INTERVAL: ${BACKUP_INTERVAL} + POSTGRES_BACKUP_PRUNE_DAYS: ${POSTGRES_BACKUP_PRUNE_DAYS} + DATA_BACKUP_PRUNE_DAYS: ${DATA_BACKUP_PRUNE_DAYS} + POSTGRES_BACKUPS_PATH: ${POSTGRES_BACKUPS_PATH} + DATA_BACKUPS_PATH: ${DATA_BACKUPS_PATH} + DATA_PATH: ${DATA_PATH} + POSTGRES_BACKUP_NAME: ${POSTGRES_BACKUP_NAME} + DATA_BACKUP_NAME: ${DATA_BACKUP_NAME} + networks: + - internal + restart: unless-stopped + depends_on: + gitea_postgres: + condition: service_healthy \ No newline at end of file diff --git a/servers/hephaestus/docker/immich.yml b/servers/hephaestus/docker/immich.yml new file mode 100644 index 0000000..6e8868d --- /dev/null +++ b/servers/hephaestus/docker/immich.yml @@ -0,0 +1,68 @@ +services: + immich_server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + volumes: + - ${UPLOAD_LOCATION}:/data + - /etc/localtime:/etc/localtime:ro + env_file: + - path: .env + environment: + - REDIS_HOSTNAME=immich_redis + - DB_HOSTNAME=immich_database + networks: + - external + - internal + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.immich.rule=Host(`${IMMICH_HOST_DOMAIN}`)" + - "traefik.http.routers.immich.entrypoints=websecure" + - "traefik.http.services.immich.loadbalancer.server.port=2283" + - "traefik.http.routers.immich.tls=true" + - "traefik.http.routers.immich.tls.certresolver=letsencrypt" + depends_on: + - immich_redis + - immich_database + healthcheck: + test: ["CMD", "curl", "-f", "${IMMICH_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always + + immich_machine_learning: + container_name: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + volumes: + - model-cache:/cache + env_file: + - .env + networks: + - internal + restart: always + + immich_redis: + container_name: immich_redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 + healthcheck: + test: redis-cli ping || exit 1 + networks: + - internal + restart: always + + immich_database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + volumes: + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + networks: + - internal + restart: always \ No newline at end of file diff --git a/servers/hephaestus/docker/obsidian_db.yml b/servers/hephaestus/docker/obsidian_db.yml new file mode 100644 index 0000000..58b2338 --- /dev/null +++ b/servers/hephaestus/docker/obsidian_db.yml @@ -0,0 +1,36 @@ +services: + obsidian_db: + image: couchdb:latest + container_name: obsidian_db + env_file: + - path: .env + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.couchdb.rule=Host(`${OBSIDIAN_DB_HOST}`)" + - "traefik.http.routers.couchdb.entrypoints=websecure" + - "traefik.http.services.couchdb.loadbalancer.server.port=5984" + - "traefik.http.routers.couchdb.tls=true" + - "traefik.http.routers.couchdb.tls.certresolver=letsencrypt" + - "traefik.http.routers.couchdb.middlewares=obsidiancors" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowmethods=GET,PUT,POST,HEAD,DELETE" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowheaders=accept,authorization,content-type,origin,referer" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolalloworiginlist=app://obsidian.md,capacitor://localhost,http://localhost" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolmaxage=3600" + - "traefik.http.middlewares.obsidiancors.headers.addvaryheader=true" + - "traefik.http.middlewares.obsidiancors.headers.accessControlAllowCredentials=true" + environment: + - COUCHDB_USER=${OBSIDIAN_DB_USER} + - COUCHDB_PASSWORD=${OBSIDIAN_DB_PASS} + volumes: + - ./data/couchdb/couchdb-data:/opt/couchdb/data + - ./data/couchdb/couchdb-etc:/opt/couchdb/etc/local.d + networks: + - external + healthcheck: + test: ["CMD", "curl", "-f", "${OBSIDIAN_DB_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always \ No newline at end of file diff --git a/servers/hephaestus/docker/traefik.yml b/servers/hephaestus/docker/traefik.yml new file mode 100644 index 0000000..071a462 --- /dev/null +++ b/servers/hephaestus/docker/traefik.yml @@ -0,0 +1,42 @@ +services: + traefik: + image: traefik:latest + container_name: traefik + env_file: + - path: .env + command: + - "--api.insecure=true" + - "--api.dashboard=true" + - "--api.debug=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + # Add SSH entrypoint + - "--entrypoints.ssh.address=:748" + - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" + - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_WEBMASTER}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--accesslog.filepath=/data/access.log" + - "--accesslog.format=json" + - --providers.file.filename=/dynamic.yml + - --providers.file.watch=true + ports: + - "80:80" + - "443:443" + - "748:748" # Add SSH port mapping + - "8080:8080" + networks: + - external + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./letsencrypt:/letsencrypt + - ./data/traefik:/data + - ./dynamic.yml:/dynamic.yml:ro + - ./data/calibre/htpasswd.list:/htpasswd.list + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik-dashboard.entrypoints=websecure" + - "traefik.http.routers.traefik-dashboard.service=api@internal" + - "traefik.http.routers.traefik-dashboard.tls=true" + restart: unless-stopped diff --git a/servers/hephaestus/docker/vaultwarden.yml b/servers/hephaestus/docker/vaultwarden.yml new file mode 100644 index 0000000..5f736bb --- /dev/null +++ b/servers/hephaestus/docker/vaultwarden.yml @@ -0,0 +1,52 @@ +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + env_file: + - path: .env + environment: + - SIGNUPS_ALLOWED=false + - INVITES_ALLOWED=false + # - ADMIN_TOKEN=${VAULT_ADMIN_TOKEN} + - DOMAIN=https://${VAULT_HOST} + - LOG_LEVEL=warn + - LOG_FILE=/data/vaultwarden.log + - TZ=Europe/London + networks: + - external + volumes: + - ./data/vaultwarden:/data + labels: + - traefik.enable=true + - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https + - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true + - traefik.http.routers.vaultwarden-https.rule=Host(`${VAULT_HOST}`) + - traefik.http.routers.vaultwarden-https.entrypoints=websecure + - traefik.http.routers.vaultwarden-https.tls=true + - traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt + - traefik.http.routers.vaultwarden-https.service=vaultwarden + - traefik.http.routers.vaultwarden-http.rule=Host(`${VAULT_HOST}`) + - traefik.http.routers.vaultwarden-http.entrypoints=web + - traefik.http.routers.vaultwarden-http.middlewares=redirect-https + - traefik.http.routers.vaultwarden-http.service=vaultwarden + - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/8d7c299a-9594-4f5b-bc1f-9d916ef530e6"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + vaultwarden_backup: + image: ttionya/vaultwarden-backup:latest + container_name: vaultwarden-backup + restart: always + environment: + RCLONE_REMOTE_DIR: '/system/backups/vaultwarden/' + PING_URL_WHEN_SUCCESS: 'https://hc-ping.com/c03ac1a9-076a-415b-a378-bca245118672' + labels: + - traefik.enable=false + volumes: + - ./data/vaultwarden:/bitwarden/data/ + - vaultwarden-rclone-data:/config/ \ No newline at end of file diff --git a/servers/hephaestus/homelab b/servers/hephaestus/homelab new file mode 100644 index 0000000..fd4ac3d --- /dev/null +++ b/servers/hephaestus/homelab @@ -0,0 +1,252 @@ +# Vaultwarden +server { + server_name vault.do-bbs.com; + + location / { + proxy_pass http://10.10.10.2:443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/vault.do-bbs.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vault.do-bbs.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +# Immich +server { + server_name photos.do-bbs.com; + + location / { + proxy_pass http://10.10.10.2:443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Large file uploads + client_max_body_size 50000M; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/photos.do-bbs.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/photos.do-bbs.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + +# Gitea +server { + server_name gitea.do-bbs.com; + + location / { + proxy_pass http://10.10.10.2:443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/gitea.do-bbs.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gitea.do-bbs.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + +# Baikal +server { + server_name dav.do-bbs.com; + + location / { + proxy_pass http://10.10.10.2:443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Ssl on; + +# WebDAV specific headers + proxy_set_header Destination $http_destination; + proxy_pass_header Authorization; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dav.do-bbs.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dav.do-bbs.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + +} + +# Obsidian/CouchDB +server { + server_name obsidiandb.do-bbs.com; + + location / { + proxy_pass http://10.10.10.2:443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/obsidiandb.do-bbs.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/obsidiandb.do-bbs.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + +} + +# Calibre Web +server { + server_name cwa.do-bbs.com; + + location / { + proxy_pass http://10.10.10.2:443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/cwa.do-bbs.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/cwa.do-bbs.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + +} + +server { + server_name cwabd.do-bbs.com; + + location / { + proxy_pass http://10.10.10.2:443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/cwabd.do-bbs.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/cwabd.do-bbs.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + +} + +server { + if ($host = vault.do-bbs.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name vault.do-bbs.com; + return 404; # managed by Certbot + + +} +server { + if ($host = photos.do-bbs.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name photos.do-bbs.com; + return 404; # managed by Certbot + + +} +server { + if ($host = gitea.do-bbs.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name gitea.do-bbs.com; + return 404; # managed by Certbot + + +} +server { + if ($host = dav.do-bbs.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name dav.do-bbs.com; + return 404; # managed by Certbot + + +} +server { + if ($host = obsidiandb.do-bbs.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name obsidiandb.do-bbs.com; + return 404; # managed by Certbot + + +} +server { + if ($host = cwa.do-bbs.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name cwa.do-bbs.com; + return 404; # managed by Certbot + + +} + +server { + if ($host = cwabd.do-bbs.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name cwabd.do-bbs.com; + return 404; # managed by Certbot + + +} diff --git a/servers/hestia/.bash_history b/servers/hestia/.bash_history new file mode 100644 index 0000000..f801abf --- /dev/null +++ b/servers/hestia/.bash_history @@ -0,0 +1,2000 @@ +sudo install_packages && sudo ufw allow ssh +#1763945646 +install_packages && sudo ufw allow ssh +#1763945681 +install_packages() { local SYS_PKG="ufw ca-certificates gnupg"; local UTIL_PKG="wget curl rsync openssh-server"; local DEV_PKG="git cmake ccache"; local PYTHON_PKG="python3 python3-full python3-venv python3-virtualenv python3-setuptools python3-pip python-is-python3"; sudo apt-get install -qq -m -y $SYS_PKG $UTIL_PKG $DEV_PKG $PYTHON_PKG; echo ""; echo "Common packages installation complete"; } +#1763945683 +install_packages && sudo ufw allow ssh +#1763945747 +sudo ufw show +#1763945766 +sudo ufw show raw +#1763945782 +sudo ufw show raw | grep 1306 +#1763945815 +sudo ufw allow 1306/tcp +#1763945820 +sudo ufw allow 1303/tcp +#1763945904 +sudo systemctl daemon-reload +#1763945941 +sudo fwupdmgr get-updates +#1763946027 +wget 'https://raw.githubusercontent.com/toasterparty/debian-setup-guide/refs/heads/main/configure.sh' | sh +#1763946032 +ll +#1763946039 +chmod +x configure.sh +#1763946040 +./configure.sh +#1763946123 +qq +#1764010987 +cd +#1764010988 +ll +#1764011073 +mkdir -p dao/{ark,backups,docker,scripts} +#1764011075 +cd dao +#1764011075 +ll +#1764011077 +cd docker +#1764512409 +sudo su - +#1764519737 +mkdir -p dao/{ark,docker,backups,scripts} +#1764520026 +tailscale down +#1764520038 +sudo tailscale set --operator=$USER +#1764520053 +sudo tailscale set --operator=$USER +#1764520056 +tailscale down +#1764520061 +tailscale up --advertise-routes=192.168.0.1/24 +#1764520076 +tailscale up --advertise-routes=192.168.0.0/24 +#1764520112 +NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ") +#1764520114 +echo $NETDEV +#1764520119 +sudo ethtool -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off +#1764520124 +sudo apt install ethtool +#1764520127 +sudo ethtool -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off +#1764520145 +printf '#!/bin/sh\n\nethtool -K %s rx-udp-gro-forwarding on rx-gro-list off \n' "$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")" | sudo tee /etc/networkd-dispatcher/routable.d/50-tailscale +#1764520145 +sudo chmod 755 /etc/networkd-dispatcher/routable.d/50-tailscale +#1764520191 +tailscale down +#1764520196 +tailscale up --advertise-routes=192.168.0.0/24 +#1764520247 +systemctl is-enabled networkd-dispatcher +#1764520276 +sudo usermod -aG docker $USER +#1764520286 +sudo usermod -aG docker $USER +#1764520295 +sudo echo hi +#1764520295 +echo hi +#1764520296 +systemctl is-enabled networkd-dispatcher +#1764520299 +sudo usermod -aG docker $USER +#1764520304 +exit +#1764520316 +cd dao/docker/ +#1764520371 +sudo apt install rclone -y +#1764520449 +mkdir ~/.config/rclone +#1764520456 +nano ~/.config/rclone/rclone.conf +#1764520467 +rclone config show +#1764520838 +cd ../ +#1764520841 +ll +#1764520852 +rm -rf * +#1764520854 +cd ../ +#1764520857 +rm -f dao +#1764520860 +rm -rf dao +#1764520863 +sudo apt install git +#1764520895 +tailscale down +#1764520898 +tailscale up +#1764520901 +ll +#1764520906 +tailscale status +#1764520917 +sudo apt install git +#1764520999 +git config core.sshCommand 'ssh -i ~/.ssh/gitea' +#1764521005 +ll +#1764521018 +cd .ssh +#1764521018 +ll +#1764521032 +git config core.sshCommand 'ssh -i /home/jamie/.ssh/gitea' +#1764521038 +cat gitea +#1764521046 +dir +#1764521048 +ls +#1764521050 +ls -la +#1764521056 +git config core.sshCommand 'ssh -i ~/.ssh/gitea' +#1764521425 +sudo apt install stow +#1764521441 +stow -vt /usr dao.sh +#1764521476 +rm -f /usr/local/bin/prompt.sh +#1764521489 +sudo rm -f /usr/local/bin/prompt.sh +#1764521492 +sudo su - +#1764521533 +ls -la +#1764521539 +cd dao.sh/ +#1764521539 +ll +#1764521541 +cd local +#1764521542 +ll +#1764521550 +exit +cp -rf dao.sh/ /usr/ +cp -rf dao.sh/local/ /usr/ +sudo cp -rf dao.sh/local/ /usr/ +exit +#1764521634 +cd dao.sh/ +#1764521637 +cd ../ +#1764521639 +rm -f dao.sh +#1764521644 +rm -rf dao.sh +#1764521385 +ll +#1764521389 +cd dao.sh/ +#1764521390 +ll +#1764521391 +cd ../ +#1764521394 +sudo apt install stow +#1764521407 +sudo apt install stow +#1764521413 +ping 1.1.1.1 +#1764521840 +ping 1.1.1.1 +#1764521848 +ll +#1764522436 +ll +#1764522548 +ll +#1764522562 +sudo cp -r ssh /etc/ +#1764522574 +sudo cp -r ssh /etc/ +#1764522579 +sudo cp -r ssh /etc/ +#1764522600 +du -sh +#1764522601 +df +#1764522666 +ll +#1764522703 +cd /etc/ssh +#1764522704 +ll +#1764522711 +cd ssh_config.d/ +#1764522712 +ll +#1764522720 +cat 90-local.conf +#1764522722 +ssh pan_lms +#1764522738 +ssh gitea +#1764522788 +cd ../ +#1764522789 +cd ../ +#1764522790 +cd ssh +#1764522791 +ls -la +#1764522803 +cd ssh_config.d/ +#1764522804 +ll +#1764522844 +sudo chmod 644 90-local.conf +#1764522866 +sudo chmod 644 90-local.conf +#1764522872 +sudo chmod 644 10-dev.conf +#1764522875 +sudo chmod 644 20-dev.conf +#1764522879 +sudo chmod 644 20-servers.conf +#1764522885 +ssh gitea +#1764522892 +ssh pan +#1764522895 +ssh pan_lms +#1764522914 +cd +#1764522945 +cd mkdir dao/{scripts,docker,backup,storage} +#1764522949 +mkdir dao/{scripts,docker,backup,storage} +#1764522958 +cat /etc/samba/smb.conf +#1764522966 +ll +#1764522968 +cd dao +#1764522970 +cd scripts +#1764523030 +./mount.sh & +#1764522852 +top +#1764523190 +dao/scripts/mount.sh & +#1764523208 +sudo pkill mount.sh +#1764523049 +sudo pkill mount.sh +#1764523058 +mkdir dao/storage/koofr +#1764523063 +mkdir dao/storage/vault +#1764523071 +mkdir dao/servers/hephaestus +#1764523076 +mkdir dao/servers/pan +#1764523090 +cd dao/scripts/ +#1764523098 +crontab -e +#1764523220 +sudo pkill mount.sh +#1764523226 +sudo pkill mount.sh +#1764523282 +./mount.sh +#1764523313 +nano /etc/fuse.conf +#1764523318 +sudo nano /etc/fuse.conf +#1764523331 +sudo nano /etc/fuse.conf +#1764523345 +./mount.sh +#1764523376 +nano ~/.config/rclone/rclone.conf +#1764523382 +./mount.sh +#1764523417 +sshfs pan_lms:/home/tc /home/jamie/dao/servers/pan +#1764523422 +sudo apt install sshfs +#1764523434 +nohup ./mount.sh & +#1764523440 +cd ../servers/ +#1764523441 +ll +#1764523442 +cd pan +#1764523443 +ll +#1764523445 +cd ../ +#1764523446 +cd hephaestus/ +#1764523446 +ll +#1764523448 +cd ../ +#1764523448 +ll +#1764523452 +cd ../ +#1764523453 +cd storage/ +#1764523455 +cd koofr/ +#1764523457 +ll +#1764523460 +cd ../ +#1764523462 +ll +#1764523463 +cd ../ +#1764523464 +ll +#1764523476 +cd docker/ +#1764523477 +ll +#1764523479 +cd ../ +#1764523727 +cd docker/ +#1764523728 +ll +#1764523757 +mkdir data/lms/{config,music,playlist,artwork,artist_picture,lyrics} +#1764523860 +docker compose up -d +#1764523888 +cd data/lms +#1764523891 +rm -f config +#1764523903 +rm -rf config music playlist +#1764523907 +docker compose up -d +#1764523921 +mkdir {music,playlist,config} +#1764523922 +ll +#1764523986 +docker compose up -d +#1764524480 +aplay -l +#1764524508 +sudo apt install alsa-utils +#1764524517 +aplay -l +#1764524996 +sudo strace sudo ls +#1764524997 +sudo strace sudo ls +#1764524998 +sudo strace sudo ls +#1764524998 +sudo strace sudo ls +#1764524998 +sudo strace sudo ls +#1764524999 +sudo strace sudo ls +#1764524999 +sudo strace sudo ls +#1764524999 +sudo strace sudo ls +#1764524999 +sudo strace sudo ls +#1764525000 +sudo strace sudo ls +#1764525000 +sudo strace sudo ls +#1764525000 +sudo strace sudo ls +#1764525000 +sudo strace sudo ls +#1764525001 +sudo strace sudo ls +#1764525001 +sudo strace sudo ls +#1764525002 +sudo strace sudo ls +#1764525002 +sudo strace sudo ls +#1764525003 +sudo strace sudo ls +#1764525006 +sudo strace sudo ls +#1764525006 +sudo strace sudo ls +#1764525007 +sudo strace sudo ls +#1764525007 +sudo strace sudo ls +#1764525007 +sudo strace sudo ls +#1764525008 +sudo strace sudo ls +#1764525008 +sudo strace sudo ls +#1764525009 +sudo strace sudo ls +#1764525009 +sudo strace sudo ls +#1764525010 +sudo strace sudo ls +#1764525010 +sudo strace sudo ls +#1764525010 +sudo strace sudo ls +#1764525010 +sudo strace sudo ls +#1764525024 +sudo strace sudo cat ../../compose.yml +#1764525026 +sudo strace sudo cat ../../compose.yml +#1764525026 +sudo strace sudo cat ../../compose.yml +#1764525026 +sudo strace sudo cat ../../compose.yml +#1764525027 +sudo strace sudo cat ../../compose.yml +#1764525039 +sudo strace sudo ls /etc/sysemd/ +#1764525040 +sudo strace sudo ls /etc/sysemd/ +#1764525040 +sudo strace sudo ls /etc/sysemd/ +#1764525041 +sudo strace sudo ls /etc/sysemd/ +#1764525041 +sudo strace sudo ls /etc/sysemd/ +#1764525041 +sudo strace sudo ls /etc/sysemd/ +#1764525047 +strace sudo echo hi +#1764525049 +strace sudo echo hi +#1764525049 +strace sudo echo hi +#1764525049 +strace sudo echo hi +#1764525050 +strace sudo echo hi +#1764525050 +strace sudo echo hi +#1764525050 +strace sudo echo hi +#1764525051 +strace sudo echo hig +#1764525051 +strace sudo echo hig +#1764525051 +strace sudo echo hig +#1764525051 +strace sudo echo hig +#1764525052 +strace sudo echo hig +#1764525052 +strace sudo echo hig +#1764525052 +strace sudo echo hig +#1764525052 +strace sudo echo hig +#1764525053 +strace sudo echo hig +#1764525053 +strace sudo echo hig +#1764525053 +strace sudo echo hig +#1764525226 +sudo nano /etc/hosts +#1764525253 +sudo nano /etc/hosts +#1764525263 +systemctl restart networking +#1764525282 +passwd +#1764525303 +sudo passwd +#1764525325 +sudo systemctl restart networking +#1764525346 +tailscale status +#1764525378 +sudo apt update +#1764525380 +sudo apt install squeezelite alsa-utils -y +#1764525406 +aplay /usr/share/sounds/alsa/Front_Center.wav +#1764525418 +aplay -l +#1764525488 +lspci | grep -i audio +#1764525535 +sudo apt-get install pulse-audio +#1764525546 +sudo apt-get install pulse-audio +#1764524648 +cd dao/docker/data/lms/ +#1764524648 +ll +#1764524656 +rm -rf plalist/ +#1764524708 +cd ../../ +#1764524714 +docker compose up -d +#1764524730 +sudo apt update +#1764524747 +sudo apt install squeezelite alsa-utils -y +#1764524831 +nslookup hestia +#1764524842 +nslookup hestia.local +#1764524856 +sudo visudo +#1764524890 +cat /etc/passwd +#1764524903 +journalctl -u sudo +#1764524908 +sudo journalctl -u sudo +#1764524920 +trace sudo ls +#1764524923 +strace sudo ls +#1764524929 +sudo apt install strace +#1764524933 +strace sudo ls +#1764524934 +strace sudo ls +#1764524935 +strace sudo ls +#1764524935 +strace sudo ls +#1764524936 +strace sudo ls +#1764524936 +strace sudo ls +#1764524937 +strace sudo ls +#1764524938 +strace sudo ls +#1764524939 +strace sudo ls +#1764524939 +strace sudo ls +#1764524940 +strace sudo ls +#1764524940 +strace sudo ls +#1764524941 +strace sudo ls +#1764524941 +strace sudo ls +#1764524942 +strace sudo ls +#1764524942 +strace sudo ls +#1764524942 +strace sudo ls +#1764524942 +strace sudo ls +#1764524943 +strace sudo ls +#1764524943 +strace sudo ls +#1764524943 +strace sudo ls +#1764524943 +strace sudo ls +#1764524944 +strace sudo ls +#1764524944 +strace sudo ls +#1764524944 +strace sudo ls +#1764524945 +strace sudo ls +#1764524945 +strace sudo ls +#1764524945 +strace sudo ls +#1764524945 +strace sudo ls +#1764524946 +strace sudo ls +#1764524946 +strace sudo ls +#1764524947 +strace sudo ls +#1764524947 +strace sudo ls +#1764524948 +strace sudo ls +#1764524948 +strace sudo ls +#1764524958 +strace sudo ls +#1764524959 +strace sudo ls +#1764524960 +strace sudo ls +#1764524961 +strace sudo ls +#1764524961 +strace sudo ls +#1764524961 +strace sudo ls +#1764524962 +strace sudo ls +#1764524962 +strace sudo ls +#1764524962 +strace sudo ls +#1764524962 +strace sudo ls +#1764524963 +strace sudo ls +#1764524963 +strace sudo ls +#1764524963 +strace sudo ls +#1764524963 +strace sudo ls +#1764524964 +strace sudo ls +#1764524964 +strace sudo ls +#1764524965 +strace sudo ls +#1764524966 +strace sudo ls +#1764524966 +strace sudo ls +#1764524967 +strace sudo ls +#1764524967 +strace sudo ls +#1764524967 +strace sudo ls +#1764524968 +strace sudo ls +#1764524972 +strace sudo apt update +#1764524975 +strace sudo apt update +#1764524980 +sudo strace sudo ls +#1764524982 +sudo strace sudo ls +#1764524983 +sudo strace sudo ls +#1764524983 +sudo strace sudo ls +#1764524988 +sudo strace sudo ls +#1764524988 +sudo strace sudo ls +#1764524988 +sudo strace sudo ls +#1764524988 +sudo strace sudo ls +#1764524989 +sudo strace sudo ls +#1764524989 +sudo strace sudo ls +#1764524989 +sudo strace sudo ls +#1764524990 +sudo strace sudo ls +#1764524990 +sudo strace sudo ls +#1764524991 +sudo strace sudo ls +#1764524991 +sudo strace sudo ls +#1764524991 +sudo strace sudo ls +#1764524992 +sudo strace sudo ls +#1764524992 +sudo strace sudo ls +#1764525054 +sudo strace sudo ls +#1764525218 +sudo nano /etc/hosts +#1764526757 +squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default -d all=debug +#1764526769 +cd dao/docker/ +#1764526771 +docker compoes up -d +#1764526775 +docker compose up -d +#1764526787 +squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default +#1764526850 +sudo netstat -tuln | grep 3483 +#1764526861 +sudo netstat -tuln | grep 3483 +#1764526889 +squeezelite -n MyPlayer -s hestia_lms:9000 -o default +#1764526909 +squeezelite -n MyPlayer -s hestia_lms:9000 -o default -d all=debug +#1764527025 +squeezelite -n MyPlayer -s 178.18.0.2:9000 -o default -d debug all +#1764527034 +squeezelite -n MyPlayer -s 178.18.0.2:9000 -o default +#1764527056 +squeezelite -n MyPlayer -s 172.18.0.2:9000 -o default -d all=debug +#1764527678 +squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default -r 44100:192000 -d all=debug +#1764529420 +sudo usermod -aG audio,realtime $USER +#1764529442 +sudo usermod -aG audio $USER +#1764529451 +sudo nano /usr/local/bin/prompt.sh +#1764529634 +newgrp audio +#1764527166 +elnet 127.0.0.1 9090, +#1764527169 +telnet 127.0.0.1 9090 +#1764527208 +telnet 127.0.0.1 9090 +#1764527275 +nc -u 127.0.0.1 3483 +#1764527363 +sudo ufw disable +#1764527245 +speaker-test -c2 -twav +#1764530898 +cd dao/docker/ +#1764530901 +docker compose up -d +#1764530916 +docker compose up -d +#1764531163 +docker compose up -d +#1764530012 +cd dao/docker/ +#1764530020 +docker compose down && docker compose up -d +#1764530598 +xset dpms force off +#1764530613 +sudo vbetool dpms off +#1764530641 +sleep 1 && xset dpms force standby +#1764530648 +sudo apt install xset +#1764530692 +echo 0 >> /sys/class/backlight/acpi_video0/brightness +#1764530703 +echo 0 >> /sys/class/backlight/intel_backlight/actual_brightness +#1764530707 +sudo echo 0 >> /sys/class/backlight/intel_backlight/actual_brightness +#1764530711 +sudo su - +#1764530723 +sudo su - +#1764529816 +squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default -r 44100:192000 -d all=debug -a 44100:16:2 -b 300:1000 +#1764529885 +squeezelite -n MyPlayer -o default -r 44100:192000 -d all=debug -a 44100:16:2 -b 300:1000 +#1764530049 +squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default -r 44100:192000 -d all=debug -a 44100:16:2 -b 300:1000 +#1764530107 +cat /dev/snd +#1764530250 +sudo squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default -r 44100:192000 -d all=debug -a 44100:16:2 -b 300:1000 +#1764531018 +sudo squeezelite -n MyPlayer -o default -r 44100:192000 -d all=debug -a 44100:16:2 -b 300:1000 +#1764531267 +squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default -r 44100:192000 +#1764537212 +squeezelite -n MyPlayer -s 127.0.0.1:9000 -o default -r 44100:192000 +#1764537216 +exit +#1764537247 +echo hi +#1764537248 +echi hi +#1764537252 +sudo echo hi +#1764537301 +cat /etc/ssh/sshd_config +#1764537308 +cat /etc/ssh/sshd_config | grep sessions +#1764537311 +cat /etc/ssh/sshd_config | grep Max +#1764537337 +exit +#1764536794 +sudo echo hi +#1764536820 +ping 1.1.1.1 +#1764536822 +echo hi +#1764536825 +sudo echo hi +#1764536834 +sudo eceho hi +#1764536837 +sudo apt update +#1764536840 +sudo eceho hi +#1764536842 +sudo apt update +#1764536848 +sudo echo hi +#1764536850 +sudo echo hi +#1764536850 +sudo echo hi +#1764536851 +sudo echo hi +#1764536852 +sudo echo hi +#1764536852 +sudo echo hi +#1764536852 +sudo echo hi +#1764536852 +sudo echo hi +#1764536853 +sudo echo hi +#1764536853 +sudo echo hi +#1764536853 +sudo echo hi +#1764536853 +sudo echo hi +#1764536853 +sudo echo hi +#1764536854 +sudo echo hi +#1764536854 +sudo echo hi +#1764536854 +sudo echo hi +#1764536855 +sudo echo hi +#1764536855 +sudo echo hi +#1764536855 +sudo echo hi +#1764536855 +sudo echo hi +#1764536855 +sudo echo hi +#1764536855 +sudo echo hi +#1764536856 +sudo echo hi +#1764536856 +sudo echo hi +#1764536856 +sudo echo hi +#1764536856 +sudo echo hi +#1764536856 +sudo echo hi +#1764536857 +sudo echo hi +#1764536857 +sudo echo hi +#1764536857 +sudo echo hi +#1764536857 +sudo echo hi +#1764536858 +sudo echo hi +#1764536858 +sudo echo hi +#1764536858 +sudo echo hi +#1764536858 +sudo echo hi +#1764536858 +sudo echo hi +#1764536859 +sudo echo hi +#1764536859 +sudo echo hi +#1764536859 +sudo echo hi +#1764536859 +sudo echo hi +#1764536859 +sudo echo hi +#1764536860 +sudo echo hi +#1764536860 +sudo echo hi +#1764536860 +sudo echo hi +#1764536866 +sudo su - +#1764536880 +nslook localhost +#1764536907 +nslookup localhost +#1764536916 +sudo su - +#1764537016 +sudo echo hi +#1764537019 +sudo apt update +#1764537023 +echo hi +#1764537025 +echo hi +#1764537028 +echo hi +#1764537035 +echo hi +#1764537037 +echo hi +#1764537039 +echo hi +#1764537051 +echo hi +#1764537052 +echo hi +#1764537054 +echo hi +#1764537055 +sudo echo hi +#1764537059 +sudo echo hieee +#1764537060 +oo +#1764537062 +apt update +#1764537068 +sudo su - +#1764537087 +echo hi +#1764537094 +echo hi +#1764537098 +sudo apt update +#1764536740 +pign 1.1.1.1 +#1764536743 +ping 1.1.1.1 +#1764537346 +nano /etc/ssh/sshd_config +#1764537363 +sudo nano /etc/ssh/sshd_config +#1764537402 +nano /etc/security/limits.conf +#1764537436 +htop +#1764537538 +dd if=/dev/zero of=largefile.img bs=1M count=1024. +#1764537541 +dd if=/dev/zero of=largefile.img bs=1M count=1024 +#1764537544 +ll +#1764537555 +dd if=/dev/zero of=largefile.img bs=1M count=8000 +#1764537597 +dd if=/dev/zero of=largefile.img bs=1M count=8000 +#1764536749 +ping 1.1.1.1 +#1764536924 +top +#1764536958 +htop +#1764536962 +sudo apt install htop +#1764536996 +htop +#1764537450 +sudo echo hi +#1764537452 +sudo echo hi +#1764537454 +sudo apt update +#1764537457 +sudo nano hi +#1764537557 +sudo nano hi +#1764537565 +echoh i +#1764537566 +echo hi +#1764537567 +echi ho +#1764537570 +sudo apt update +#1764537583 +sudo nano /etc/hosts +#1764537586 +sudo nano /etc/hosts.conf +#1764537599 +sudo nano /etc/hosts.conf +#1764537600 +sudo nano /etc/hosts.conf +#1764537635 +sudo nano /etc/hosts.conf +#1764562749 +exit +#1764562774 +ll +#1764562789 +sudo apt update && apt upgrade -y && rm -f largefile.img +#1764562799 +rm -f largefile.img +#1764562804 +sudo apt upgrade -y +#1764691645 +cd dao/docker/ +#1764691645 +ll +#1764691650 +sudo docker compose up -d +#1764698282 +alsamixer +#1764691545 +ll +#1764691549 +cd dao +#1764691549 +ll +#1764691551 +cd docker/ +#1764691551 +ll +#1764691553 +cat compose.yml +#1764691556 +cat lms.yml +#1764691562 +dockre compose up -d +#1764691569 +sudo docker compose up -d +#1764691583 +sudo docker compose up -d +#1764691595 +nano lms.yml +#1764815013 +sudo su - +#1764815027 +sudo su - +#1764805380 +cat /etc/samba/smb.conf +#1764805435 +cd /samba +#1764805437 +ls +#1764805439 +ls -la +#1764805455 +sudo chmod 777 /samba/music +#1764805461 +sudo chmod -R 777 /samba/music # For subdirs/files if needed +#1764805471 +sudo chmod 777 /samba/music +#1764805471 +sudo chmod -R 777 /samba/music # For subdirs/files if needed +#1764805493 +sudo chown -R nobody:nogroup /samba/music +#1764805493 +sudo chmod -R 775 /samba/music # Matches your force modes +#1764805511 +sudo chown -R nobody:nogroup /samba/music +#1764805511 +sudo chmod -R 775 /samba/music # Matches your force modes +#1764805532 +sudo smbcontrol all reload-config +#1764805608 +su -s /bin/sh nobody -c "touch /samba/music/test && rm -f /samba/music/test" +#1764805612 +su -s /bin/sh nobody -c "touch /samba/music/test && rm -f /samba/music/test" +#1764805614 +su -s /bin/sh nobody -c "touch /samba/music/test && rm -f /samba/music/test" +#1764805748 +sudo su -s /bin/sh nobody -c "touch /samba/music/test && rm -f /samba/music/test" +#1764806289 +sudo ls -la /samba/music +#1764806300 +sudo getfacl /samba/music +#1764806368 +ls -la music/ +#1764806381 +sudo -u nobody touch /samba/music/server_test && sudo -u nobody rm /samba/music/server_test && echo "Server write OK" +#1764808629 +cd music/ +#1764808630 +ll +#1764808641 +rm -f test +#1764808645 +sudo rm -f test +#1764808655 +sudo rm -f test +#1764808669 +ll +#1764808713 +ll +#1764863732 +ll +#1764863740 +cat configure.sh +#1764863760 +rm -f configure.sh +#1764863760 +ll +#1764863766 +cat .lesshst +#1764863772 +sudo su - +#1764879914 +sudo su - +#1764879922 +sudo su - +#1764879933 +sudo su - +#1764880013 +nano .bashrc +#1764880053 +sudo cp .bashrc /root/.bashrc +#1764880067 +sudo cp .bashrc /root/.bashrc +#1764880071 +exit +sudo su - +sudo cp .bashrc /root/.bashrc +sudo su - +curl -L -o homeassistant-supervised.deb https://github.com/home-assistant/supervised-installer/releases/latest/download/homeassistant-supervised.deb +apt install ./homeassistant-supervised.deb +sudo curl -L -o homeassistant-supervised.deb https://github.com/home-assistant/supervised-installer/releases/latest/download/homeassistant-supervised.deb +apt install ./homeassistant-supervised.deb +tailscale down +ping hestia-1 +exit +sudo apt install ufw +ufw all 1303/tdp +ufw allow 1303/tdp +ufw +sudo apt install ufw +ufw allow 1303/tdp #ssh port +nano .bashrc +ll +sudo cp .bashrc /root/ +sudo cp -f .bashrc /root/ +ll +sudo apt install ufw -y +sudo ufw allow 1303/tcp +sudo ufw allow 41641/udp +ip route +sudo ufw allow from 192.168.0.1 to any app Samba +sudo ufw --force-enable +sudo ufw enable +sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y +cat /etc/hosts +sudo nano /etc/hosts +sudo service NetworkManager restart +hostname -f +hostname hestia +sudo hostname hestia +nano /etc/hostname +ping $(hostname) +sudo service NetworkManager restart +ping $(hostname) +sudo -v echo hi +sudo -V echo hi +sudo -v +sudo -l +journalctl -u sudo +sudo journalctl -u sudo +sudo su - +cat .bash_history | grep tailscale +sudo cat /root/.bash_history | grep tailscale +nano .bashrc +sudo cp .bashrc /root/ +exit +ll +tailscale status +#1764892664 +curl -fsSL https://tailscale.com/install.sh | sh +#1764892678 +hist tailscale +#1764892699 +sudo tailscale up --advertise-routes=192.168.0.0/24 --operator=jamie +#1764892799 +ufw allow 8123 +#1764892829 +sudo ufw down +#1764892833 +sudo ufw disable +#1764892853 +hist network +#1764892862 +sudo systemctl restart NetworkManager +#1764892895 +systemctl restart hassio-supervisor.service +#1764892902 +sudo systemctl restart hassio-supervisor.service +#1764892937 +sudo systemctl status hassio-supervisor.service +#1764892948 +sudo tailscale down +#1764892957 +sudo tailscale up +#1764892973 +sudo tailscale down +#1764892976 +sudo systemctl status hassio-supervisor.service +#1764895685 +sudo systemctl status hassio-supervisor.service +#1764946766 +ssh hestia +#1764946775 +tailscale status +#1764946823 +ifconfig +#1764946830 +sudo su - +#1764948022 +cat .bash_hist +#1764948070 +hostnamectl +#1764948079 +cat history +#1764948089 +cat .bash_history +#1764949403 +egrep -c '(vmx|svm)' /proc/cpuinfo +#1764949442 +sudo systemctl stop hassio-apparmor.service hassio-supervisor.service +#1764949446 +sudo systemctl disable hassio-apparmor.service hassio-supervisor.service +#1764949446 +sudo rm /etc/systemd/system/hassio-supervisor.service +#1764949446 +sudo rm /etc/systemd/system/hassio-apparmor.service +#1764949446 +sudo systemctl daemon-reload +#1764949447 +sudo systemctl reset-failed +#1764949449 +sudo docker kill $(sudo docker ps -q) && sudo docker rm $(sudo docker ps -a -q) +#1764949457 +sudo rm -rf /usr/share/hassio +#1764949463 +sudo rm /usr/sbin/hassio-apparmor +#1764949463 +sudo rm /usr/sbin/hassio-supervisor +#1764949463 +sudo rm /usr/bin/ha +#1764949473 +dpkg --help +#1764949489 +ll +#1764949494 +dpkg -r homeassistant-supervised +#1764949497 +sudo dpkg -r homeassistant-supervised +#1764950137 +sudo su - +#1764863396 +ping 1.1.1.1 +#1764863407 +sudo su - +#1764946719 +tailscale up +#1764946725 +tailscale up +#1764946728 +tailscale status +#1764946737 +ping 192.168.0.1 +#1764952959 +sudo su - +#1764953494 +ll +#1764953497 +rm -f homeassistant-supervised.deb +#1764953501 +cd dao +#1764953502 +ll +#1764953504 +cd docker/ +#1764953505 +ll +#1764953520 +rm -f * +#1764953535 +rm -rf ./* +#1764953540 +sudo rm -rf ./* +#1764953541 +ll +#1764953543 +cd ../ +#1764953544 +ll +#1764953563 +sudo apt update && sudo apt upgrade -y +#1764953578 +ping google.com +#1764953596 +nano /etc/network/interfaces +#1764953599 +sudo nano /etc/network/interfaces +#1764953604 +sudo su - +#1764955736 +cd docker +#1764955757 +rsync -avz --progress hephaestus:~/dao/docker/* . +#1764955765 +ll +#1764955769 +rm -f *. +#1764955777 +ll +#1764955791 +rm -rf ./* +#1764955792 +ll +#1764955840 +rsync -avz --progress hephaestus:~/dao/docker/* . +#1764955899 +ll +#1764955908 +cd data/ +#1764955915 +ll +#1764955921 +ll vaultwarden/ +#1764955923 +ll traefik/ +#1764955925 +ll scripts/ +#1764955927 +ll immich/ +#1764955930 +ll fail2ban/ +#1764957436 +cd +#1764957439 +rclone config show +#1764957489 +rclone copy koofr_vault:system/backups/docker/202512051846_docker.tar.gz ./ +#1764957500 +rclone copy koofr_vault:system/backups/docker/202512051846_docker.tar.gz ./ --progress +#1764957558 +ll +#1764958529 +ll +#1764958535 +mv 202512051846_docker.tar.gz dao/ +#1764958575 +cd dao +#1764958592 +tar -xvzf 202512051846_docker.tar.gz +#1764958611 +tar -xf 202512051846_docker.tar.gz +#1764958616 +ll +#1764958625 +cd docker/ +#1764958626 +ll +#1764958632 +rm -rf * +#1764958641 +cd ../ +#1764958645 +tar -xf 202512051846_docker.tar.gz +#1764958664 +cd docker/ +#1764958664 +ll +#1764964153 +tailscale status +#1764964161 +tailscale --help +#1764964178 +tailscale metrics +#1764964221 +tailscale up +#1764972911 +sudo apt install wg-info +#1764972954 +sudo nano /usr/local/bin/wg-info +#1764972967 +chmod +x /usr/local/bin/wg-info +#1764972969 +sudo chmod +x /usr/local/bin/wg-info +#1764972972 +wg-info +#1764972977 +sudo wg-info +#1764973226 +sudo ufw status +#1764973242 +netstat -tulpn | grep :80 +#1764973246 +sudo netstat -tulpn | grep :80 +#1764973250 +sudo netstat -tulpn | grep :443 +#1764964772 +tailscale ip -4 +#1764964896 +sudo tailscale cert do-bbs.com +#1764964935 +sudo tailscale cert do-bbs.com +#1764964956 +sudo tailscale cert do-bbs.com +#1764968560 +sudo tailscale cert echo-prometheus.ts.net +#1764968570 +sudo tailscale cert hestia.echo-prometheus.ts.net +#1764969220 +# Install WireGuard +#1764969220 +sudo apt update && sudo apt upgrade -y +#1764969223 +sudo apt install wireguard wireguard-tools -y +#1764969226 +# Generate keys for home server +#1764969226 +wg genkey | sudo tee /etc/wireguard/client_private.key +#1764969226 +sudo chmod 600 /etc/wireguard/client_private.key +#1764969226 +sudo cat /etc/wireguard/client_private.key | wg pubkey | sudo tee /etc/wireguard/client_public.key +#1764969226 +# Note the keys +#1764969970 +sudo nano /etc/wireguard/wg0.conf +#1764970072 +sudo systemctl enable wg-quick@wg0 +#1764970073 +sudo systemctl start wg-quick@wg0 +#1764970095 +systemctl status wg-quick@wg0.service +#1764970148 +sudo systemctl start wg-quick@wg0 +#1764970152 +systemctl status wg-quick@wg0.service +#1764971624 +sudo ufw allow from 192.168.0.0/24 to any port 1303 proto tcp +#1764971632 +sudo ufw status +#1764971639 +sudo ufw show +#1764971675 +udo ufw default deny incoming +#1764971675 +sudo ufw default allow outgoing +#1764971682 +sudo ufw default deny incoming +#1764971728 +sudo ufw allow from 192.168.0.0/24 to any port 1303 proto tcp +#1764971765 +sudo ufw allow from 172.16.0.0/12 to any +#1764971770 +sudo ufw allow in on wg0 +#1764971785 +sudo ufw allow from 192.168.0.0/24 +#1764971793 +sudo ufw enable +#1764971801 +ufw show +#1764971803 +sudo ufw show +#1764971810 +sudo ufw status +#1764971859 +sudo su - +#1764971882 +cd dao/scripts/ +#1764971883 +ll +#1764971888 +rm -f nohup.out +#1764971897 +nano wg0_keepalive.sh +#1764971906 +chmod +x wg0_keepalive.sh +#1764971910 +crontab -e +#1764972081 +sudo wg show +#1764972170 +cd ../docker/ +#1764972170 +ll +#1764972176 +docker compose up -d +#1764972326 +docker run --rm -it --mount type=volume,source=vaultwarden-rclone-data,target=/config/ ttionya/vaultwarden-backup:latest rclone config +#1764972345 +docker run --rm -it --mount type=volume,source=vaultwarden-rclone-data,target=/config/ bash +#1764972520 +docker run --rm -it --mount type=volume,source=vaultwarden-rclone-data,target=/config/ ttionya/vaultwarden-backup:latest rclone config +#1764972526 +docker compose up -d +#1764972543 +netstat -tulpn +#1764972561 +netstat -tulpn | grep :80 +#1764972567 +docker compose up -d +#1764972602 +clear +#1764972605 +docker compose up -d +#1764972708 +clear +#1764972713 +netstat -tulpn | grep :80 +#1764972718 +sudo netstat -tulpn | grep :80 +#1764972735 +sudo apt remove caddy +#1764972746 +docker compose up -d +#1764972753 +docker compose ps +#1764972791 +hist curl +#1764972795 +sudo su - +#1764973037 +docker compose logs traefik +#1764973042 +docker compose logs +#1764973067 +docker compose down immich.yml +#1764973075 +docker compose down -f immich.yml +#1764973079 +docker compose --h +#1764973084 +docker compose --help +#1764973101 +docker compose -f immich down +#1764973107 +docker compose -f immich.yml down +#1764973127 +docker compose -f gitea.yml down +#1764973158 +docker compose stop c* d* f* g* i* o* v* +#1764973167 +ll +#1764973173 +docker compose ps +#1764973178 +docker compose down baikal +#1764973420 +docker compose down +#1764973432 +docker container prune -f +#1764973432 +# Start everything +#1764973432 +docker compose up -d +#1764973456 +docker compose ps | grep traefik +#1764973478 +sudo netstat -tulpn | grep -E ':(80|443)' +#1764973593 +docker compose up -d traefik +#1764973598 +sudo netstat -tulpn | grep -E ':(80|443)' +#1764974126 +docker compose up -d +#1764978352 +docker exec -it baikal cat /var/www/baikal/config/system.php +#1764978391 +❯ docker exec -it dav cat /var/www/baikal/config/system.php +#1764978396 +docker exec -it dav cat /var/www/baikal/config/system.php +#1764978499 +docker compose ps +#1764978511 +docker exec -it baikal cat /var/www/baikal/config/system.php +#1764978516 +docker exec -it baikal bash +#1765039386 +sudo su - +#1765039395 +clear +#1765039398 +cd dao/docker +#1765039561 +docker compose traefik down +#1765039572 +docker compose down traefik +#1765039580 +docker compoes down baikal +#1765039587 +docker compose down baikal +#1765039592 +docker compose ps +#1765039602 +docker compose down baikal +#1765039619 +docker compose down dav +#1765039626 +docker compoes up -d +#1765039629 +docker compose up -d +#1765039660 +clear +#1765040015 +docker exec -it dav bash +#1765040024 +docker exec -it baikal bash +#1765040398 +cd data/baikal/ +#1765040404 +sudo apt install tree +#1765040451 +cd ../ +#1765040453 +cd ../ +#1765040497 +docker compose up -d +#1765044788 +mkdir -p ~/dao/docker/data/baikal/nginx +#1765046689 +ls -la +#1765046693 +cd data +#1765046693 +ls -la +#1765046696 +cd baika +#1765046697 +ls -la +#1765046707 +cd Specific/ +#1765046708 +ll +#1765046712 +cat INSTALL_DISABLED +#1765046719 +sudo nano config.php +#1765046731 +sudo chown tss:netdev config.php +#1765046732 +ll +#1765046738 +cd ../../../ +#1765046746 +docker compose down dav +#1765046750 +docker compose up -d +#1765051070 +clear +#1765051075 +docker compose down dav && docker compose up -d +#1765051323 +clear +#1765051327 +docker ps +#1765051381 +sudo su - +#1765051474 +exit +#1765051486 +sudo nano /usr/local/bin/prompt.sh +#1765051511 +exit +#1765056910 +sudo apt install fail2ban -y +#1765057033 +sudo apt remove fail2ban -y +#1765053770 +cdd +#1765053774 +cd data/immich/photos/ +#1765053775 +ll +#1765053778 +cd photos/ +#1765053778 +ll +#1765053786 +ll +#1765053791 +cd ../ +#1765053803 +sudo rm -rf photos +#1765053813 +ll +#1765053823 +sudo rm -rf photos +#1765053829 +ll +#1765053839 +cd ../../../ +#1765053846 +docker compose dowm immich_server +#1765053853 +docker compose dowm immich-server +#1765053858 +docker compose down immich-server +#1765053862 +docker compose down immich_server +#1765053873 +cd data/immich/photos/ +#1765053874 +ll +#1765053875 +du -sh +#1765053879 +sudo du -sh +#1765053945 +ll +#1765054121 +ll +#1765054125 +cd ../ +#1765054125 +ll +#1765054131 +cd photos/ +#1765054131 +ll +#1765054152 +ll +#1765054156 +tree +#1765054158 +sudo tree +#1765054164 +sudo tree +#1765054200 +sudo tree +#1765054206 +sudo tree +#1765054209 +sudo tree +#1765054213 +sudo tree +#1765054853 +sudo du -sh +#1765054855 +sudo du -sh +#1765055169 +hist +#1765055173 +hist * +#1765055177 +sudo hist * +#1765055183 +cd +#1765055186 +hist rsync +#1765055439 +cdd +#1765055459 +cd data/immich/ +#1765055460 +ll +#1765055462 +cd photos/ +#1765055463 +ll +#1765055471 +cd backups/ +#1765056277 +sudo du -sh +#1765056323 +ll +#1765056324 +ll +#1765056333 +ll +#1765056335 +cd ../ +#1765056335 +ll +#1765056338 +cd photos +#1765056341 +sudo du -sh +#1765056348 +du -sh +#1765056350 +sudo du -sh +#1765056365 +sudo du -sh +#1765056389 +sudo du -sh +#1765056408 +sudo du -sh +#1765056436 +sudo du -sh +#1765056438 +sudo du -sh +#1765056489 +sudo du -sh +#1765056536 +watch -n 5 sudo du -sh +#1765059857 +cd ../../ +#1765059858 +cd ../ +#1765059861 +docker compose up -d +#1765062016 +conntrack -E | grep 748 +#1765062023 +sudo apt install conntrack +#1765062028 +conntrack -E | grep 748 +#1765062044 +sudo su - +#1765065505 +cdd +#1765065506 +sudo nc 127.0.0.1 22 +#1765065648 +docker compose ps gitea +#1765051515 +cdd +#1765051522 +mds +#1765051542 +docker ps +#1765051570 +docker compose logs immich_server +#1765051720 +cd data/immich/ +#1765051720 +ll +#1765051732 +cd postgres/ +#1765051734 +sudo su - +#1765124009 +sudo su - +#1765124556 +exit +#1765124570 +sudo su - +#1765124573 +exit +#1765124787 +sudo su - +#1765125036 +cdd +#1765125041 +sudo docker exec traefik netstat -tlnp | grep 748 +#1765125074 +sudo netstat -tlnp | grep 748 +#1765125231 +ip route show +#1765125475 +sudo docker exec -it traefik nc -zv gitea 22 +#1765125498 +sudo docker network inspect external | grep -A 10 gitea +#1765125498 +# Test connection from Traefik to Gitea +#1765125498 +sudo docker exec traefik nc -zv gitea 22 +#1765125548 +docker compose up -d +#1765125598 +sudo docker exec traefik netstat -tlnp +#1765125598 +# Check if the port mapping is correct +#1765125598 +sudo docker inspect traefik | grep -A 20 PortBindings +#1765125600 +clear +#1765125600 +sudo docker exec traefik netstat -tlnp +#1765125601 +# Check if the port mapping is correct +#1765125601 +sudo docker inspect traefik | grep -A 20 PortBindings +#1765125650 +docker compose up -d +#1765125669 +docker compose down traefik +#1765125673 +docker compose up -d +#1765125684 +clear +#1765125685 +sudo ss -tlnp | grep 748 +#1765125685 +sudo docker logs traefik | tail -20 +#1765125731 +sudo docker exec traefik cat /etc/traefik/traefik.yml +#1765125747 +sudo docker exec -it traefik bash +#1765125752 +sudo docker exec -it traefik sh +#1765125935 +sudo docker logs traefik 2>&1 | grep -i "entrypoint" +#1765126016 +sudo docker-compose restart traefik +#1765126024 +sudo docker compose restart traefik +#1765126028 +sudo docker logs traefik 2>&1 | grep -i "entrypoint" +#1765126167 +sudo docker logs traefik 2>&1 | grep -i "entrypoint" +#1765126168 +sudo docker logs traefik 2>&1 | grep -i "entrypoint" +#1765126256 +docker compose down gitea && docker compose up -d +#1765126267 +clear +#1765126514 +sudo docker logs traefik 2>&1 | grep -i "entrypoint" +#1765126521 +sudo docker logs traefik 2>&1 +#1765126825 +sudo ufw status +#1765126838 +sudo iptables -I INPUT -p tcp --dport 748 -j ACCEPT +#1765126842 +echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward +#1765126848 +ip route show +#1765126897 +sudo ufw status +#1765126904 +sudo iptables -L INPUT -v -n | grep -E "DROP|REJECT|748" +#1765126913 +sudo iptables -L INPUT -v -n | head -1 +#1765127064 +sudo wg-quick down wg0 +#1765127065 +sudo wg-quick up wg0 +#1765127067 +sudo wg-quick up wg0 +#1765127116 +nc -zvu 37.27.5.239 51820 +#1765127146 +sudo tcpdump -i wg0 -n host 88.97.203.9 +#1765127154 +sudo tcpdump -i br-20aa531b0eef -n port 748 +#1765127172 +sudo ip route add 88.97.203.9/32 via 10.10.10.1 dev wg0 +#1765127216 +tailscale down +#1765127231 +sudo wg-quick down wg0 +#1765127236 +sudo wg-quick up wg0 +#1765127470 +sudo tcpdump -i wg0 -n -vv 'host 10.10.10.2 and port 748' +#1765125117 +sudo su - diff --git a/servers/hestia/.bash_logout b/servers/hestia/.bash_logout new file mode 100644 index 0000000..de4f5f7 --- /dev/null +++ b/servers/hestia/.bash_logout @@ -0,0 +1,7 @@ +# ~/.bash_logout: executed by bash(1) when login shell exits. + +# when leaving the console clear the screen to increase privacy + +if [ "$SHLVL" = 1 ]; then + [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q +fi diff --git a/servers/hestia/.bashrc b/servers/hestia/.bashrc new file mode 100644 index 0000000..7c47ab7 --- /dev/null +++ b/servers/hestia/.bashrc @@ -0,0 +1,114 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=1000 +HISTFILESIZE=2000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color|*-256color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi +color_prompt=yes +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +# some more ls aliases +alias ll='ls -l' +#alias la='ls -A' +#alias l='ls -CF' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi +. /usr/local/bin/prompt.sh diff --git a/servers/hestia/.boot.sh b/servers/hestia/.boot.sh new file mode 100644 index 0000000..2b545f9 --- /dev/null +++ b/servers/hestia/.boot.sh @@ -0,0 +1,3 @@ +#!/bin/bash +NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ") +sudo ethtool -K "${NETDEV}" rx-udp-gro-forwarding on rx-gro-list off \ No newline at end of file diff --git a/servers/hestia/.lesshst b/servers/hestia/.lesshst new file mode 100644 index 0000000..4d1c30b --- /dev/null +++ b/servers/hestia/.lesshst @@ -0,0 +1 @@ +.less-history-file: diff --git a/servers/hestia/.profile b/servers/hestia/.profile new file mode 100644 index 0000000..d89ea5a --- /dev/null +++ b/servers/hestia/.profile @@ -0,0 +1,27 @@ +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. + +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/.local/bin" ] ; then + PATH="$HOME/.local/bin:$PATH" +fi diff --git a/servers/hestia/.selected_editor b/servers/hestia/.selected_editor new file mode 100644 index 0000000..67f9f4d --- /dev/null +++ b/servers/hestia/.selected_editor @@ -0,0 +1,2 @@ +# Generated by /usr/bin/select-editor +SELECTED_EDITOR="/bin/nano" diff --git a/servers/hestia/.sudo_as_admin_successful b/servers/hestia/.sudo_as_admin_successful new file mode 100644 index 0000000..e69de29 diff --git a/servers/hestia/.wget-hsts b/servers/hestia/.wget-hsts new file mode 100644 index 0000000..5721e14 --- /dev/null +++ b/servers/hestia/.wget-hsts @@ -0,0 +1,4 @@ +# HSTS 1.0 Known Hosts database for GNU Wget. +# Edit at your own risk. +# +raw.githubusercontent.com 0 0 1763946027 31536000 diff --git a/servers/hestia/dao/docker/.env b/servers/hestia/dao/docker/.env new file mode 100644 index 0000000..4247c7d --- /dev/null +++ b/servers/hestia/dao/docker/.env @@ -0,0 +1,76 @@ +# --- +# Baikal +# --- +BAIKAL_ADMIN_TOKEN="TTQH95LKDM9VQVZS" +BAIKAL_EMAIL="mail@do-bbs.com" +BAIKAL_HOST="dav.do-bbs.com" +BAIKAL_HC="https://hc-ping.com/d15fee2e-17ad-42bb-a573-591f45d3532b" + +# --- +# Calibre Web +# --- +CALIBRE_WEB_HOST="cwa.do-bbs.com" +CALIBRE_WEB_D_HOST="cwabd.do-bbs.com" +CALIBRE_WEB_HC="https://hc-ping.com/313b09fb-f4c6-4fe8-b3d8-47929974c247" +HARD_API="eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJIYXJkY292ZXIiLCJ2ZXJzaW9uIjoiOCIsImp0aSI6ImEwZmZkNDk1LWM1ODMtNGEwMS1iYjBkLWYyNTNlMTEwMjU5ZSIsImFwcGxpY2F0aW9uSWQiOjIsInN1YiI6IjUxMDU5IiwiYXVkIjoiMSIsImlkIjoiNTEwNTkiLCJsb2dnZWRJbiI6dHJ1ZSwiaWF0IjoxNzYwOTIzOTM3LCJleHAiOjE3OTI0NTk5MzcsImh0dHBzOi8vaGFzdXJhLmlvL2p3dC9jbGFpbXMiOnsieC1oYXN1cmEtYWxsb3dlZC1yb2xlcyI6WyJ1c2VyIl0sIngtaGFzdXJhLWRlZmF1bHQtcm9sZSI6InVzZXIiLCJ4LWhhc3VyYS1yb2xlIjoidXNlciIsIlgtaGFzdXJhLXVzZXItaWQiOiI1MTA1OSJ9LCJ1c2VyIjp7ImlkIjo1MTA1OX19.26e1ZMA8p3ovr9d1wLJuZpXb72sTUXIjkEuoCrwPO90" +AA_KEY="5uWJKXVXJSpJhCvTo22XfVLVeMYEY#" + + +# --- +# Immich +# --- +IMMICH_HOST_DOMAIN=photos.do-bbs.com +UPLOAD_LOCATION=./data/immich/photos +DB_DATA_LOCATION=./data/immich/postgres +IMMICH_VERSION=release +DB_PASSWORD=poss8asdfhoNisdg97SDd! +DB_USERNAME=postgres +DB_DATABASE_NAME=immich +IMMICH_HC=https://hc-ping.com/583d761e-8899-4b15-be2c-d0a11f6c3f6a + +# --- +# Traefik +# --- +TRAEFIK_WEBMASTER="webmaster@flatmail.me" + +# --- +# Obsidian +# --- +OBSIDIAN_DB_HOST="obsidiandb.do-bbs.com" +OBSIDIAN_DB_HC="https://hc-ping.com/abbaa192-dadc-4241-b1a5-b2e4dbb50735" +OBSIDIAN_DB_USER=GelatoMadness +OBSIDIAN_DB_PASS=kangaroo-proof-breeze-tent-medal-oblige-require-good1 + +# --- +# Vaultwarden +# --- +VAULT_ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$OStJdThqUWRMbHUxSkVzM1pQbzAvMGk1bGxmK2wyRUJJM0t4K2xyNlI1TT0$KuXsTTUW0GJqOoaGWxP8W2u5AthQ5gmdjC/VzS5tDQI' +VAULT_HOST="vault.do-bbs.com" + +# --- +# Gitea +# --- +DATA_PATH=/data +GITEA_VOLUME_LOCATION=./data/gitea +GITEA_HOSTNAME=gitea.do-bbs.com +GITEA_URL=https://gitea.do-bbs.com +GITEA_POSTGRES_IMAGE_TAG=postgres:latest +GITEA_IMAGE_TAG=gitea/gitea:latest +GITEA_DB_NAME=giteadb +GITEA_DB_USER=giteadbuser +GITEA_DB_PASSWORD=Dls8dnaPSmsgoA! +GITEA_ADMIN_USERNAME=giteaadmin +GITEA_ADMIN_PASSWORD=M8ajdl!lsmd3 +GITEA_ADMIN_EMAIL=root@do-bbs.com +GITEA_SHELL_SSH_PORT=748 + + +# Backup Variables +BACKUP_INIT_SLEEP=30m +BACKUP_INTERVAL=24h +POSTGRES_BACKUP_PRUNE_DAYS=7 +DATA_BACKUP_PRUNE_DAYS=7 +POSTGRES_BACKUPS_PATH=/srv/gitea-postgres/backups +DATA_BACKUPS_PATH=/srv/gitea-application-data/backups +POSTGRES_BACKUP_NAME=gitea-postgres-backup +DATA_BACKUP_NAME=gitea-application-data-backup \ No newline at end of file diff --git a/servers/hestia/dao/docker/backup.compose.yml b/servers/hestia/dao/docker/backup.compose.yml new file mode 100644 index 0000000..2578b62 --- /dev/null +++ b/servers/hestia/dao/docker/backup.compose.yml @@ -0,0 +1,320 @@ +services: + traefik: + image: traefik:v3.2 + container_name: traefik + command: + - "--api.insecure=true" + - "--api.dashboard=true" + - "--api.debug=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" + - "--certificatesresolvers.letsencrypt.acme.email=webmaster@do-bbs.com" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--accesslog.filepath=/data/access.log" + - "--accesslog.format=json" + - --providers.file.filename=/dynamic.yml + - --providers.file.watch=true + ports: + - "80:80" + - "443:443" + - "8080:8080" + networks: + - external + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./letsencrypt:/letsencrypt + - ./data/traefik:/data + - ./dynamic.yml:/dynamic.yml:ro + - ./data/calibre/htpasswd.list:/htpasswd.list + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik-dashboard.entrypoints=websecure" + - "traefik.http.routers.traefik-dashboard.service=api@internal" + - "traefik.http.routers.traefik-dashboard.tls=true" + restart: unless-stopped + + dav: + image: ckulka/baikal:nginx + container_name: baikal + environment: + MSMTPRC: | + defaults + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + account default + host smtp.protonmail.ch + port 587 + from mail@do-bbs.com + user mail@do-bbs.com + password ${BAIKAL_ADMIN_TOKEN} + networks: + - external + volumes: + - ./data/baikal/Specific:/var/www/baikal/Specific + - ./data/baikal/config:/var/www/baikal/config + - ./data/baikal/50-add-sharing-plugin.sh:/docker-entrypoint.d/50-add-sharing-plugin.sh + labels: + - "traefik.enable=true" + - "traefik.http.routers.baikal.entrypoints=websecure" + - "traefik.http.routers.baikal.rule=Host(`dav.do-bbs.com`)" + - "traefik.http.routers.baikal.tls=true" + - "traefik.http.routers.baikal.tls.certresolver=letsencrypt" + - "traefik.http.services.baikal.loadbalancer.server.port=80" + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/d15fee2e-17ad-42bb-a573-591f45d3532b"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + environment: + - SIGNUPS_ALLOWED=false + - INVITES_ALLOWED=false + # - ADMIN_TOKEN=${VAULT_ADMIN_TOKEN} + - ADMIN_TOKEN=IFdsg.ORGOTARON123nsl + - DOMAIN=https://vault.do-bbs.com + - LOG_LEVEL=warn + - LOG_FILE=/data/vaultwarden.log + - TZ=Europe/London + networks: + - external + volumes: + - ./data/vaultwarden:/data + labels: + - traefik.enable=true + - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https + - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true + - traefik.http.routers.vaultwarden-https.rule=Host(`vault.do-bbs.com`) + - traefik.http.routers.vaultwarden-https.entrypoints=websecure + - traefik.http.routers.vaultwarden-https.tls=true + - traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt + - traefik.http.routers.vaultwarden-https.service=vaultwarden + - traefik.http.routers.vaultwarden-http.rule=Host(`vault.do-bbs.com`) + - traefik.http.routers.vaultwarden-http.entrypoints=web + - traefik.http.routers.vaultwarden-http.middlewares=redirect-https + - traefik.http.routers.vaultwarden-http.service=vaultwarden + - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/8d7c299a-9594-4f5b-bc1f-9d916ef530e6"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + vaultwarden_backup: + image: ttionya/vaultwarden-backup:latest + container_name: vaultwarden-backup + restart: always + environment: + RCLONE_REMOTE_DIR: '/system/backups/vaultwarden/' + PING_URL_WHEN_SUCCESS: 'https://hc-ping.com/c03ac1a9-076a-415b-a378-bca245118672' + labels: + - traefik.enable=false + volumes: + - ./data/vaultwarden:/bitwarden/data/ + - vaultwarden-rclone-data:/config/ + + immich_server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + volumes: + - ${UPLOAD_LOCATION}:/data + - /etc/localtime:/etc/localtime:ro + env_file: + .env + environment: + - REDIS_HOSTNAME=immich_redis + - DB_HOSTNAME=immich_database + networks: + - external + - internal + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.immich.rule=Host(`photos.do-bbs.com`)" + - "traefik.http.routers.immich.entrypoints=websecure" + - "traefik.http.services.immich.loadbalancer.server.port=2283" + - "traefik.http.routers.immich.tls=true" + - "traefik.http.routers.immich.tls.certresolver=letsencrypt" + depends_on: + - immich_redis + - immich_database + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/583d761e-8899-4b15-be2c-d0a11f6c3f6a"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always + + immich_machine_learning: + container_name: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + volumes: + - model-cache:/cache + env_file: + - .env + networks: + - internal + restart: always + + immich_redis: + container_name: immich_redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 + healthcheck: + test: redis-cli ping || exit 1 + networks: + - internal + restart: always + + immich_database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + volumes: + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + networks: + - internal + restart: always + + obsidian_db: + image: couchdb:latest + container_name: couchdb-ols + env_file: + .env + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.couchdb.rule=Host(`couchdb.do-bbs.com`)" + - "traefik.http.routers.couchdb.entrypoints=websecure" + - "traefik.http.services.couchdb.loadbalancer.server.port=5984" + - "traefik.http.routers.couchdb.tls=true" + - "traefik.http.routers.couchdb.tls.certresolver=letsencrypt" + - "traefik.http.routers.couchdb.middlewares=obsidiancors" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowmethods=GET,PUT,POST,HEAD,DELETE" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowheaders=accept,authorization,content-type,origin,referer" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolalloworiginlist=app://obsidian.md,capacitor://localhost,http://localhost" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolmaxage=3600" + - "traefik.http.middlewares.obsidiancors.headers.addvaryheader=true" + - "traefik.http.middlewares.obsidiancors.headers.accessControlAllowCredentials=true" + environment: + - COUCHDB_USER=${COUCHDB_USER} + - COUCHDB_PASSWORD=${COUCHDB_PASSWORD} + volumes: + - ./data/couchdb/couchdb-data:/opt/couchdb/data + - ./data/couchdb/couchdb-etc:/opt/couchdb/etc/local.d + networks: + - external + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/abbaa192-dadc-4241-b1a5-b2e4dbb50735"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always + + calibre_web: + image: crocodilestick/calibre-web-automated:dev + container_name: calibre-web-automated + env_file: + - .env + environment: + - PUID=33 + - PGID=33 + - TZ=UTC + - HARDCOVER_TOKEN=${HARD_API} + - NETWORK_SHARE_MODE=true + - CWA_PORT_OVERRIDE=8083 + - DOCKER_MODS=lscr.io/linuxserver/mods:universal-calibre-v8.7.0 + volumes: + - ./data/calibre-web/data:/config + - ./data/calibre-web/meta:/calibre-library + - /mnt/athena/books/library:/calibre-library/athena + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/plugins:/config/.config/calibre/plugins + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwa.rule=Host(`cwa.do-bbs.com`)" + - "traefik.http.routers.cwa.entrypoints=websecure" + - "traefik.http.services.cwa.loadbalancer.server.port=8083" + - "traefik.http.routers.cwa.tls=true" + - "traefik.http.routers.cwa.tls.certresolver=letsencrypt" + networks: + - external + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/313b09fb-f4c6-4fe8-b3d8-47929974c247"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + calibre_web_downloader: + image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest + container_name: calibre-web-automated-book-downloader + env_file: + .env + environment: + FLASK_PORT: 8084 + FLASK_DEBUG: false + LOG_LEVEL: info + BOOK_LANGUAGE: en + USE_BOOK_TITLE: true + TZ: UTC + APP_ENV: prod + UID: 33 + GID: 33 + CWA_DB_PATH: /auth/app.db + INGEST_DIR: /cwa-book-ingest + MAX_CONCURRENT_DOWNLOADS: 3 + DOWNLOAD_PROGRESS_UPDATE_INTERVAL: 5 + AA_DONATOR_KEY: ${AA_KEY} + USE_CF_BYPASS: false + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwabd.rule=Host(`cwabd.do-bbs.com`)" + - "traefik.http.routers.cwabd.entrypoints=websecure" + - "traefik.http.services.cwabd.loadbalancer.server.port=8084" + - "traefik.http.routers.cwabd.tls=true" + - "traefik.http.routers.cwabd.tls.certresolver=letsencrypt" + volumes: + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/data/app.db:/auth/app.db:ro + networks: + - external + - internal + restart: unless-stopped + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + networks: + - internal + +volumes: + model-cache: + vaultwarden-rclone-data: + external: true + name: vaultwarden-rclone-data + +networks: + external: + name: external + internal: + name: internal + diff --git a/servers/hestia/dao/docker/baikal.yml b/servers/hestia/dao/docker/baikal.yml new file mode 100644 index 0000000..50fdefb --- /dev/null +++ b/servers/hestia/dao/docker/baikal.yml @@ -0,0 +1,45 @@ +services: + dav: + image: ckulka/baikal:nginx + container_name: baikal + env_file: + - path: .env + environment: + MSMTPRC: | + defaults + auth on + tls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + account default + host smtp.protonmail.ch + port 587 + from ${BAIKAL_EMAIL} + user ${BAIKAL_EMAIL} + password ${BAIKAL_ADMIN_TOKEN} + HTTPS: "on" + SERVER_PORT: "443" + networks: + - external + volumes: + - ./data/baikal/Specific:/var/www/baikal/Specific + - ./data/baikal/config:/var/www/baikal/config + - ./data/baikal/50-add-sharing-plugin.sh:/docker-entrypoint.d/50-add-sharing-plugin.sh + security_opt: + - no-new-privileges:true + labels: + - "traefik.enable=true" + - "traefik.http.routers.baikal-http.entrypoints=web" + - "traefik.http.routers.baikal-http.rule=Host(`${BAIKAL_HOST}`)" + - "traefik.http.routers.baikal-http.service=baikal" + - "traefik.http.routers.baikal-https.entrypoints=websecure" + - "traefik.http.routers.baikal-https.rule=Host(`${BAIKAL_HOST}`)" + - "traefik.http.services.baikal.loadbalancer.server.port=80" + - "traefik.http.middlewares.baikal-headers.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.baikal-https.middlewares=baikal-headers" + healthcheck: + test: ["CMD", "curl", "-f", "${BAIKAL_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped diff --git a/servers/hestia/dao/docker/calibre_web.yml b/servers/hestia/dao/docker/calibre_web.yml new file mode 100644 index 0000000..96c7968 --- /dev/null +++ b/servers/hestia/dao/docker/calibre_web.yml @@ -0,0 +1,83 @@ +services: + calibre_web: + image: crocodilestick/calibre-web-automated:dev + container_name: calibre-web-automated + env_file: + - path: .env + environment: + - PUID=33 + - PGID=33 + - TZ=UTC + - HARDCOVER_TOKEN=${HARD_API} + - NETWORK_SHARE_MODE=true + - CWA_PORT_OVERRIDE=8083 + - DOCKER_MODS=lscr.io/linuxserver/mods:universal-calibre-v8.7.0 + volumes: + - ./data/calibre-web/data:/config + - ./data/calibre-web/meta:/calibre-library + - /mnt/athena/books/library:/calibre-library/athena + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/plugins:/config/.config/calibre/plugins + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwa.rule=Host(`${CALIBRE_WEB_HOST}`)" # Fixed missing ( + - "traefik.http.routers.cwa.entrypoints=websecure" + - "traefik.http.services.cwa.loadbalancer.server.port=8083" + networks: + - external + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "curl", "-f", "${CALIBRE_WEB_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + calibre_web_downloader: + image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest + container_name: calibre-web-automated-book-downloader + env_file: + - path: .env + environment: + FLASK_PORT: 8084 + FLASK_DEBUG: false + LOG_LEVEL: info + BOOK_LANGUAGE: en + USE_BOOK_TITLE: true + TZ: UTC + APP_ENV: prod + UID: 33 + GID: 33 + CWA_DB_PATH: /auth/app.db + INGEST_DIR: /cwa-book-ingest + MAX_CONCURRENT_DOWNLOADS: 3 + DOWNLOAD_PROGRESS_UPDATE_INTERVAL: 5 + AA_DONATOR_KEY: ${AA_KEY} + USE_CF_BYPASS: false + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.cwabd.rule=Host(`${CALIBRE_WEB_D_HOST}`)" # Fixed missing ( + - "traefik.http.routers.cwabd.entrypoints=websecure" + - "traefik.http.services.cwabd.loadbalancer.server.port=8084" + # Removed tls and certresolver lines + volumes: + - ./data/calibre-web/ingest:/cwa-book-ingest + - ./data/calibre-web/data/app.db:/auth/app.db:ro + networks: + - external + security_opt: + - no-new-privileges:true + restart: unless-stopped + + flaresolverr: + image: ghcr.io/flaresolverr/flaresolverr:latest + container_name: flaresolverr + networks: + - external + security_opt: + - no-new-privileges:true + restart: unless-stopped \ No newline at end of file diff --git a/servers/hestia/dao/docker/compose.yml b/servers/hestia/dao/docker/compose.yml new file mode 100644 index 0000000..e9d1321 --- /dev/null +++ b/servers/hestia/dao/docker/compose.yml @@ -0,0 +1,20 @@ +include: + - traefik.yml + - baikal.yml + - vaultwarden.yml + - immich.yml + - obsidian_db.yml + - calibre_web.yml + - gitea.yml + +networks: + external: + name: external + internal: + name: internal + +volumes: + model-cache: + vaultwarden-rclone-data: + external: true + name: vaultwarden-rclone-data \ No newline at end of file diff --git a/servers/hestia/dao/docker/dynamic.yml b/servers/hestia/dao/docker/dynamic.yml new file mode 100644 index 0000000..cff1196 --- /dev/null +++ b/servers/hestia/dao/docker/dynamic.yml @@ -0,0 +1,4 @@ +http: + serversTransports: + ignorecert: + insecureSkipVerify: true diff --git a/servers/hestia/dao/docker/gitea.yml b/servers/hestia/dao/docker/gitea.yml new file mode 100644 index 0000000..d4e305b --- /dev/null +++ b/servers/hestia/dao/docker/gitea.yml @@ -0,0 +1,114 @@ +services: + gitea_postgres: + image: ${GITEA_POSTGRES_IMAGE_TAG} + container_name: gitea_postgres + volumes: + - ${GITEA_VOLUME_LOCATION}/postgres:/var/lib/postgresql + env_file: + - .env + environment: + POSTGRES_DB: ${GITEA_DB_NAME} + POSTGRES_USER: ${GITEA_DB_USER} + POSTGRES_PASSWORD: ${GITEA_DB_PASSWORD} + networks: + - internal + security_opt: + - no-new-privileges:true + healthcheck: + test: [ "CMD", "pg_isready", "-q", "-d", "${GITEA_DB_NAME}", "-U", "${GITEA_DB_USER}" ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 60s + restart: unless-stopped + + gitea: + image: ${GITEA_IMAGE_TAG} + container_name: gitea + volumes: + - ${GITEA_VOLUME_LOCATION}/data:/${DATA_PATH} + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + environment: + GITEA_DATABASE_HOST: postgres + GITEA_DATABASE_NAME: ${GITEA_DB_NAME} + GITEA_DATABASE_USERNAME: ${GITEA_DB_USER} + GITEA_DATABASE_PASSWORD: ${GITEA_DB_PASSWORD} + GITEA_ADMIN_USER: ${GITEA_ADMIN_USERNAME} + GITEA_ADMIN_PASSWORD: ${GITEA_ADMIN_PASSWORD} + GITEA_ADMIN_EMAIL: ${GITEA_ADMIN_EMAIL} + GITEA_RUN_MODE: prod + GITEA_DOMAIN: ${GITEA_HOSTNAME} + GITEA_SSH_DOMAIN: ${GITEA_HOSTNAME} + GITEA_ROOT_URL: ${GITEA_URL} + GITEA_HTTP_PORT: 3000 + GITEA_SSH_PORT: ${GITEA_SHELL_SSH_PORT} + GITEA_SSH_LISTEN_PORT: 22 + networks: + - external + - internal + ports: + - "127.0.0.1:2222:22" + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 90s + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`${GITEA_HOSTNAME}`)" + - "traefik.http.routers.gitea.service=gitea" + - "traefik.http.routers.gitea.entrypoints=websecure" + - "traefik.http.services.gitea.loadbalancer.server.port=3000" + - "traefik.http.services.gitea.loadbalancer.passhostheader=true" + - "traefik.http.middlewares.gitea.compress=true" + - "traefik.http.routers.gitea.middlewares=gitea" + - "traefik.docker.network=external" + - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)" + - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh" + - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh" + - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=22" + depends_on: + gitea_postgres: + condition: service_healthy + + gitea_backups: + image: ${GITEA_POSTGRES_IMAGE_TAG} + container_name: gitea_backups + command: >- + sh -c 'sleep $BACKUP_INIT_SLEEP && + while true; do + pg_dump -h postgres -p 5432 -d $GITEA_DB_NAME -U $GITEA_DB_USER | gzip > $POSTGRES_BACKUPS_PATH/$POSTGRES_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").gz && + tar -zcpf $DATA_BACKUPS_PATH/$DATA_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").tar.gz $DATA_PATH && + find $POSTGRES_BACKUPS_PATH -type f -mtime +$POSTGRES_BACKUP_PRUNE_DAYS | xargs rm -f && + find $DATA_BACKUPS_PATH -type f -mtime +$DATA_BACKUP_PRUNE_DAYS | xargs rm -f; + sleep $BACKUP_INTERVAL; done' + volumes: + - ${GITEA_VOLUME_LOCATION}/postgres_backup:/var/lib/postgresql/data + - ${GITEA_VOLUME_LOCATION}/data:${DATA_PATH} + - ${GITEA_VOLUME_LOCATION}/data_backup:${DATA_BACKUPS_PATH} + - ${GITEA_VOLUME_LOCATION}/database_backup:${POSTGRES_BACKUPS_PATH} + environment: + GITEA_DB_NAME: ${GITEA_DB_NAME} + GITEA_DB_USER: ${GITEA_DB_USER} + PGPASSWORD: ${GITEA_DB_PASSWORD} + BACKUP_INIT_SLEEP: ${BACKUP_INIT_SLEEP} + BACKUP_INTERVAL: ${BACKUP_INTERVAL} + POSTGRES_BACKUP_PRUNE_DAYS: ${POSTGRES_BACKUP_PRUNE_DAYS} + DATA_BACKUP_PRUNE_DAYS: ${DATA_BACKUP_PRUNE_DAYS} + POSTGRES_BACKUPS_PATH: ${POSTGRES_BACKUPS_PATH} + DATA_BACKUPS_PATH: ${DATA_BACKUPS_PATH} + DATA_PATH: ${DATA_PATH} + POSTGRES_BACKUP_NAME: ${POSTGRES_BACKUP_NAME} + DATA_BACKUP_NAME: ${DATA_BACKUP_NAME} + networks: + - internal + security_opt: + - no-new-privileges:true + restart: unless-stopped + depends_on: + gitea_postgres: + condition: service_healthy \ No newline at end of file diff --git a/servers/hestia/dao/docker/immich.yml b/servers/hestia/dao/docker/immich.yml new file mode 100644 index 0000000..8915dc1 --- /dev/null +++ b/servers/hestia/dao/docker/immich.yml @@ -0,0 +1,74 @@ +services: + immich_server: + container_name: immich_server + image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} + volumes: + - ${UPLOAD_LOCATION}:/data + - /etc/localtime:/etc/localtime:ro + env_file: + - path: .env + environment: + - REDIS_HOSTNAME=immich_redis + - DB_HOSTNAME=immich_database + networks: + - external + - internal + security_opt: + - no-new-privileges:true + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.immich.rule=Host(`${IMMICH_HOST_DOMAIN}`)" + - "traefik.http.routers.immich.entrypoints=websecure" + - "traefik.http.services.immich.loadbalancer.server.port=2283" + depends_on: + - immich_redis + - immich_database + healthcheck: + test: ["CMD", "curl", "-f", "${IMMICH_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always + + immich_machine_learning: + container_name: immich-machine-learning + image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} + volumes: + - model-cache:/cache + env_file: + - .env + networks: + - internal + security_opt: + - no-new-privileges:true + restart: always + + immich_redis: + container_name: immich_redis + image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 + healthcheck: + test: redis-cli ping || exit 1 + networks: + - internal + security_opt: + - no-new-privileges:true + restart: always + + immich_database: + container_name: immich_postgres + image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84 + environment: + POSTGRES_PASSWORD: ${DB_PASSWORD} + POSTGRES_USER: ${DB_USERNAME} + POSTGRES_DB: ${DB_DATABASE_NAME} + POSTGRES_INITDB_ARGS: '--data-checksums' + volumes: + - ${DB_DATA_LOCATION}:/var/lib/postgresql/data + shm_size: 128mb + networks: + - internal + security_opt: + - no-new-privileges:true + restart: always \ No newline at end of file diff --git a/servers/hestia/dao/docker/obsidian_db.yml b/servers/hestia/dao/docker/obsidian_db.yml new file mode 100644 index 0000000..86c3533 --- /dev/null +++ b/servers/hestia/dao/docker/obsidian_db.yml @@ -0,0 +1,36 @@ +services: + obsidian_db: + image: couchdb:latest + container_name: obsidian_db + env_file: + - path: .env + labels: + - "traefik.enable=true" + - "traefik.docker.network=external" + - "traefik.http.routers.couchdb.rule=Host(`${OBSIDIAN_DB_HOST}`)" + - "traefik.http.routers.couchdb.entrypoints=websecure" + - "traefik.http.services.couchdb.loadbalancer.server.port=5984" + - "traefik.http.routers.couchdb.middlewares=obsidiancors" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowmethods=GET,PUT,POST,HEAD,DELETE" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowheaders=accept,authorization,content-type,origin,referer" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolalloworiginlist=app://obsidian.md,capacitor://localhost,http://localhost" + - "traefik.http.middlewares.obsidiancors.headers.accesscontrolmaxage=3600" + - "traefik.http.middlewares.obsidiancors.headers.addvaryheader=true" + - "traefik.http.middlewares.obsidiancors.headers.accessControlAllowCredentials=true" + environment: + - COUCHDB_USER=${OBSIDIAN_DB_USER} + - COUCHDB_PASSWORD=${OBSIDIAN_DB_PASS} + volumes: + - ./data/couchdb/couchdb-data:/opt/couchdb/data + - ./data/couchdb/couchdb-etc:/opt/couchdb/etc/local.d + networks: + - external + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "curl", "-f", "${OBSIDIAN_DB_HC}"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: always \ No newline at end of file diff --git a/servers/hestia/dao/docker/traefik.yml b/servers/hestia/dao/docker/traefik.yml new file mode 100644 index 0000000..2dcad5a --- /dev/null +++ b/servers/hestia/dao/docker/traefik.yml @@ -0,0 +1,25 @@ +# traefik.yml on home server +services: + traefik: + image: traefik:latest + container_name: traefik + command: + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.ssh.address=:748" # ADD THIS LINE + - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" + - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_WEBMASTER}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + ports: + - "0.0.0.0:80:80" # Listen on ALL interfaces (including wg0) + - "0.0.0.0:443:443" # Listen on ALL interfaces + - "127.0.0.1:8080:8080" # Dashboard stays local only + - "0.0.0.0:748:748" # Explicit binding + networks: + - external + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./letsencrypt:/letsencrypt + restart: unless-stopped \ No newline at end of file diff --git a/servers/hestia/dao/docker/vaultwarden.yml b/servers/hestia/dao/docker/vaultwarden.yml new file mode 100644 index 0000000..fc59dc7 --- /dev/null +++ b/servers/hestia/dao/docker/vaultwarden.yml @@ -0,0 +1,51 @@ +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + env_file: + - path: .env + environment: + - SIGNUPS_ALLOWED=false + - INVITES_ALLOWED=false + - DOMAIN=https://${VAULT_HOST} + - LOG_LEVEL=warn + - LOG_FILE=/data/vaultwarden.log + - TZ=Europe/London + networks: + - external + volumes: + - ./data/vaultwarden:/data + security_opt: + - no-new-privileges:true + labels: + - traefik.enable=true + - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https + - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true + - traefik.http.routers.vaultwarden-https.rule=Host(`${VAULT_HOST}`) + - traefik.http.routers.vaultwarden-https.entrypoints=websecure + - traefik.http.routers.vaultwarden-https.service=vaultwarden + - traefik.http.routers.vaultwarden-http.rule=Host(`${VAULT_HOST}`) + - traefik.http.routers.vaultwarden-http.entrypoints=web + - traefik.http.routers.vaultwarden-http.middlewares=redirect-https + - traefik.http.routers.vaultwarden-http.service=vaultwarden + - traefik.http.services.vaultwarden.loadbalancer.server.port=80 + healthcheck: + test: ["CMD", "curl", "-f", "https://hc-ping.com/8d7c299a-9594-4f5b-bc1f-9d916ef530e6"] + interval: 3600s + timeout: 10s + retries: 5 + start_period: 30s + restart: unless-stopped + + vaultwarden_backup: + image: ttionya/vaultwarden-backup:latest + container_name: vaultwarden-backup + restart: always + environment: + RCLONE_REMOTE_DIR: '/system/backups/vaultwarden/' + PING_URL_WHEN_SUCCESS: 'https://hc-ping.com/c03ac1a9-076a-415b-a378-bca245118672' + labels: + - traefik.enable=false + volumes: + - ./data/vaultwarden:/bitwarden/data/ + - vaultwarden-rclone-data:/config/ \ No newline at end of file diff --git a/servers/hestia/dao/scripts/dim_screen.sh b/servers/hestia/dao/scripts/dim_screen.sh new file mode 100755 index 0000000..7630d4b --- /dev/null +++ b/servers/hestia/dao/scripts/dim_screen.sh @@ -0,0 +1,2 @@ +#!/bin/bash +echo 0 >> /sys/class/backlight/intel_backlight/brightness diff --git a/servers/hestia/dao/scripts/mount.sh b/servers/hestia/dao/scripts/mount.sh new file mode 100755 index 0000000..97527f2 --- /dev/null +++ b/servers/hestia/dao/scripts/mount.sh @@ -0,0 +1,203 @@ +#!/usr/bin/env bash +set -euo pipefail + +# shellcheck disable=1091 +. /usr/local/share/dao/config/dao.conf + +readonly LOG_PREFIX="[dao_am.service]" +readonly MAX_RETRIES=90 +readonly RETRY_DELAY=2 + +# Configuration +declare -A RCLONE_MOUNTS=( + ["koofr"]="${DAO_STORAGE_DIR}/koofr:false" + ["koofr_vault"]="${DAO_STORAGE_DIR}/vault:true" +) + +declare -A SSHFS_MOUNTS=( + ["hephaestus"]="/home/oc/dao:/home/jamie/dao/servers/hephaestus" + ["pan_lms"]="/home/tc:/home/jamie/dao/servers/pan" +) + +# Options +readonly BASE_RCLONE_OPTS=( + --vfs-cache-mode writes + --cache-dir /tmp/rclone-cache + --dir-cache-time 5m + --poll-interval 1m + --timeout 1h + --low-level-retries 10 + --retries 3 + --vfs-cache-max-size 10G + --vfs-cache-max-age 24h + --buffer-size 256M + --transfers 8 + --checkers 8 + --allow-non-empty + --allow-other + --umask 000 +) + +readonly CRYPT_RCLONE_OPTS=( + --buffer-size 256M + --transfers 8 + --vfs-read-ahead 256M + --vfs-read-chunk-size 128M + --vfs-read-chunk-size-limit 2G +) + +readonly SSHFS_OPTS=( + -o allow_other + -o reconnect + -o ServerAliveInterval=30 + -o ServerAliveCountMax=3 +) + +# Track mount attempts and failures +declare -A RCLONE_ATTEMPTS +declare -A SSHFS_ATTEMPTS + +log() { + echo "${LOG_PREFIX} $*" >&2 +} + +is_mounted() { + local mount_point="$1" + grep -q " ${mount_point} " /proc/mounts +} + +mount_rclone() { + local remote="$1" mount_point="$2" is_crypt="$3" + + if is_mounted "$mount_point"; then + log "rclone $remote already mounted at $mount_point" + return 0 + fi + + local opts=("${BASE_RCLONE_OPTS[@]}") + [[ "$is_crypt" == "true" ]] && opts+=("${CRYPT_RCLONE_OPTS[@]}") + + log "Mounting rclone: $remote -> $mount_point (attempt $((RCLONE_ATTEMPTS[$remote] + 1)))" + /usr/bin/rclone mount "$remote:" "$mount_point" "${opts[@]}" & + + # Give it a moment to attempt the mount + sleep 2 + + if is_mounted "$mount_point"; then + log "Successfully mounted rclone: $remote" + return 0 + else + log "Failed to mount rclone: $remote" + return 1 + fi +} + +mount_sshfs() { + local remote="$1" mount_point="$2" + + if is_mounted "$mount_point"; then + log "sshfs $remote already mounted at $mount_point" + return 0 + fi + + log "Mounting sshfs: $remote -> $mount_point (attempt $((SSHFS_ATTEMPTS[$remote] + 1)))" + if /usr/bin/sshfs "$remote" "$mount_point" "${SSHFS_OPTS[@]}" 2>/dev/null; then + log "Successfully mounted sshfs: $remote" + return 0 + else + log "Failed to mount sshfs: $remote" + return 1 + fi +} + +ensure_mounts() { + local failed_rclone=() + local failed_sshfs=() + + # First pass: attempt all mounts + log "First pass: attempting all mounts" + + # Handle rclone mounts + for remote in "${!RCLONE_MOUNTS[@]}"; do + IFS=':' read -r mount_point is_crypt <<<"${RCLONE_MOUNTS[$remote]}" + RCLONE_ATTEMPTS[$remote]=0 + if ! mount_rclone "$remote" "$mount_point" "$is_crypt"; then + failed_rclone+=("$remote") + fi + done + + # Handle sshfs mounts + for remote in "${!SSHFS_MOUNTS[@]}"; do + IFS=':' read -r remote_path mount_point <<<"${SSHFS_MOUNTS[$remote]}" + SSHFS_ATTEMPTS[$remote]=0 + if ! mount_sshfs "${remote}:${remote_path}" "$mount_point"; then + failed_sshfs+=("$remote") + fi + done + + # Retry failed mounts + while [[ ${#failed_rclone[@]} -gt 0 || ${#failed_sshfs[@]} -gt 0 ]]; do + log "Retrying failed mounts in ${RETRY_DELAY} seconds..." + sleep "$RETRY_DELAY" + + # Clear failed arrays for this round + local current_failed_rclone=() + local current_failed_sshfs=() + + # Retry rclone mounts + for remote in "${failed_rclone[@]}"; do + IFS=':' read -r mount_point is_crypt <<<"${RCLONE_MOUNTS[$remote]}" + RCLONE_ATTEMPTS[$remote]=$((RCLONE_ATTEMPTS[$remote] + 1)) + + if [[ ${RCLONE_ATTEMPTS[$remote]} -ge $MAX_RETRIES ]]; then + log "rclone $remote: reached max retries ($MAX_RETRIES), giving up" + continue + fi + + if mount_rclone "$remote" "$mount_point" "$is_crypt"; then + log "rclone $remote: mount successful on retry" + else + current_failed_rclone+=("$remote") + fi + done + + # Retry sshfs mounts + for remote in "${failed_sshfs[@]}"; do + IFS=':' read -r remote_path mount_point <<<"${SSHFS_MOUNTS[$remote]}" + SSHFS_ATTEMPTS[$remote]=$((SSHFS_ATTEMPTS[$remote] + 1)) + + if [[ ${SSHFS_ATTEMPTS[$remote]} -ge $MAX_RETRIES ]]; then + log "sshfs $remote: reached max retries ($MAX_RETRIES), giving up" + continue + fi + + if mount_sshfs "${remote}:${remote_path}" "$mount_point"; then + log "sshfs $remote: mount successful on retry" + else + current_failed_sshfs+=("$remote") + fi + done + + # Update failed arrays for next iteration + failed_rclone=("${current_failed_rclone[@]}") + failed_sshfs=("${current_failed_sshfs[@]}") + + # If both arrays are empty, we're done + if [[ ${#failed_rclone[@]} -eq 0 && ${#failed_sshfs[@]} -eq 0 ]]; then + log "All mounts successful" + break + fi + done +} + +main() { + log "Starting mount daemon" + ensure_mounts + log "Mount operations completed, sleeping" + + while true; do + sleep 3600 # Sleep for an hour, then check again if needed + done +} + +main "$@" diff --git a/servers/hestia/dao/scripts/wg0_keepalive.sh b/servers/hestia/dao/scripts/wg0_keepalive.sh new file mode 100755 index 0000000..620094c --- /dev/null +++ b/servers/hestia/dao/scripts/wg0_keepalive.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# Check if WireGuard tunnel is up, restart if down + +PING=/bin/ping +SERVICE=/usr/bin/systemctl +tries=0 + +while [[ $tries -lt 3 ]] +do + if $PING -c 1 10.10.10.1 &> /dev/null + then + exit 0 + fi + tries=$((tries+1)) + sleep 2 +done + +# Failed 3 times, restart +$SERVICE restart wg-quick@wg0 diff --git a/servers/hestia/sh/cron.sh b/servers/hestia/sh/cron.sh new file mode 100755 index 0000000..aa59fe8 --- /dev/null +++ b/servers/hestia/sh/cron.sh @@ -0,0 +1,40 @@ +#!/bin/bash +set -e + +# Validate number of arguments + +if [ "$#" -ne 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +JOB_NAME=$1 +COMMAND=$2 +FREQUENCY=$3 +LOG_DIR="$HOME/.logs" +LOG_FILE="$LOG_DIR/$JOB_NAME.log" + +# Ensure crontab for current user +if ! crontab -l &>/dev/null; then + echo "# Empty crontab created on $(date)" > /tmp/crontab$$ + crontab /tmp/crontab$$ + rm -f /tmp/crontab$$ + echo "Crontab created" +fi + +# Ensure log directory exists +mkdir -p "$LOG_DIR" + +# Build entry +ENTRY="$FREQUENCY CRON=1 $COMMAND >> $LOG_FILE 2>&1 # $JOB_NAME" + +# Check if there's an existing job with the same name +if crontab -l 2>/dev/null | grep -q "# $JOB_NAME$"; then + # Job exists, update it + (crontab -l 2>/dev/null | grep -v "# $JOB_NAME$"; echo "$ENTRY") | crontab - + echo "Updated cron job: $JOB_NAME" +else + # No job found, adding it + (crontab -l 2>/dev/null; echo $ENTRY) | crontab - + echo "Added new cron job: $JOB_NAME" +fi diff --git a/servers/hestia/sh/update.sh b/servers/hestia/sh/update.sh new file mode 100755 index 0000000..694b95e --- /dev/null +++ b/servers/hestia/sh/update.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash + +CUSTOM_LOCK="/tmp/update_script.lock" + +if [ -n "$CRON" ] && ! sudo -n true 2>/dev/null; then + echo "This script requires passwordless sudo to run while in cron context." + exit 1 +fi + +cleanup() { + flock -u "$LOCK_FD" + exec {LOCK_FD}>&- + sudo rm -f "$CUSTOM_LOCK" +} + +wait_for_locks() { + local LOCK + for LOCK in /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock; do + while sudo fuser $LOCK >/dev/null 2>&1; do + sleep 1 + done + done +} + +sudo touch "$CUSTOM_LOCK" +sudo chmod 666 "$CUSTOM_LOCK" + +exec {LOCK_FD}>"$CUSTOM_LOCK" || exit 1 +flock "$LOCK_FD" || exit 1 + +trap cleanup EXIT INT TERM + +wait_for_locks + +echo "Updating system..." + +sudo apt-get -qq update -u -y --allow-releaseinfo-change +sudo apt-get -qq --fix-broken install +sudo dpkg --configure -a +sudo apt-get -qq full-upgrade -y +sudo apt-get -qq clean -y +sudo apt-get -qq --purge autoremove -y +sudo apt-get -qq autoclean -y +# sudo python3 -m pip install --upgrade pip > /dev/null 2>&1 + +echo "System update complete" diff --git a/servers/pan/.alsaequal.bin b/servers/pan/.alsaequal.bin new file mode 100644 index 0000000000000000000000000000000000000000..94e5f961d05425d07c59e0fe8ab4da9f83ce174e GIT binary patch literal 824 zcmcCuW?*>B#=yYDz`(!-#oRy|1SHlSKLEmD4w(camCOOT@5bT{2SAuir+~Eqz00uR z(AWJSOo=%xAkBxr?gL{A3}U5{Ilw4n5LoB#0KybFhk+fW`B14H7*k*n2T<>UuPYot Xm;z%MIDwiSxUSnP05K)zP+Knm6fiB> literal 0 HcmV?d00001 diff --git a/servers/pan/.alsaequal.bin.bt_W-King b/servers/pan/.alsaequal.bin.bt_W-King new file mode 100644 index 0000000000000000000000000000000000000000..18bacd50ea0a4ed88a517a8f08a46cd9225a7f83 GIT binary patch literal 824 zcmcCuW?*>B#=yYDz`(!-#oR!eT7Z#C27%m14FL2mRR9ZBOkrSPrII;K4hm%U?P}>*)a9aU= literal 0 HcmV?d00001 diff --git a/servers/pan/.alsaequal.bin.bt_hades b/servers/pan/.alsaequal.bin.bt_hades new file mode 100644 index 0000000000000000000000000000000000000000..18bacd50ea0a4ed88a517a8f08a46cd9225a7f83 GIT binary patch literal 824 zcmcCuW?*>B#=yYDz`(!-#oR!eT7Z#C27%m14FL2mRR9ZBOkrSPrII;K4hm%U?P}>*)a9aU= literal 0 HcmV?d00001 diff --git a/servers/pan/.alsaequal.presets b/servers/pan/.alsaequal.presets new file mode 100644 index 0000000..b1e115c --- /dev/null +++ b/servers/pan/.alsaequal.presets @@ -0,0 +1,6 @@ +RESET="66 66 66 66 66 66 66 66 66 66" +Bass_Vibrant="66 69 69 68 66 66 69 66 74 68" +Tamed_Bass_Depth="63 68 66 69 66 66 71 66 74 69" +Sleep="58 63 61 64 66 66 71 66 74 69" +TREBLE="66 66 66 66 66 66 66 71 76 76" +BASS="76 76 71 66 66 66 66 66 66 66" diff --git a/servers/pan/.ash_history b/servers/pan/.ash_history new file mode 100644 index 0000000..30eba71 --- /dev/null +++ b/servers/pan/.ash_history @@ -0,0 +1,39 @@ + wget -O - https://raw.githubusercontent.com/lovehifi/tidalconnect-picore/main/install.sh | sh +tce-remove ipv6-netfilter-5.15.35-pcpCore-v71.tcz +tce-ab +q +nano /etc/passwd +tce-load -wi nano +nano /etc/passwd +#exit +exit +sudo cp -r .terminfo /root/ +nano /etc/passwd +sudo !! +sudo nano /etc/passwd +filetool.sh -b +sudo filetool.sh -b +pcp bu +cd Tidal-Connect-Armv7/ +mv -f ../tidal_connect bin/ +mv -f ../speaker_controller bin/ +mv ../i* id_certificate/ +mv -f id_certificate/ifi-pa-devs-get bin/ +mv ../IfiAudio_* id_certificate/ +nano tidal.sh +cd ../ +nano .boot.sh +chmod +x .boot.sh +nano .boot.sh +nano .boot.sh +ifconfig +sudo pcp bu +./.boot.sh +nano .boot.sh +tce-load openssl +tce-load -wi openssl +tce-ab +./.boot.sh +nano .boot.sh +./.boot.sh +sudo pcp bu diff --git a/servers/pan/.ashrc b/servers/pan/.ashrc new file mode 100644 index 0000000..3a4018d --- /dev/null +++ b/servers/pan/.ashrc @@ -0,0 +1,50 @@ +# ~/.ashrc: Executed by SHells. +# +. /etc/init.d/tc-functions +if [ -n "$DISPLAY" ] +then + `which editor >/dev/null` && EDITOR=editor || EDITOR=vi +else + EDITOR=vi +fi +export EDITOR + +PS1='\[\033[01;32m\]\u@\h:\[\033[00m\]\[\033[01;34m\]\w\$\[\033[00m\] ' +export PS1 + +TCEDEV="/dev/$(readlink /etc/sysconfig/tcedir | cut -d '/' -f3)" +TCEMNT="/mnt/$(readlink /etc/sysconfig/tcedir | cut -d '/' -f3)" +BOOTDEV=${TCEDEV%%?}1 +BOOTMNT=${TCEMNT%%?}1 + +# Alias definitions. +# +alias df='df -h' +alias du='du -h' + +alias ls='ls -p' +alias ll='ls -l' +alias la='ls -la' + +# Avoid errors... use -f to skip confirmation. +alias cp='cp -i' +alias mv='mv -i' +alias rm='rm -i' + +# Change directory to +alias ce="cd $TCEMNT/tce" +alias ceo="cd $TCEMNT/tce/optional" +alias c1="cd $BOOTMNT" +alias c2="cd $TCEMNT" + +# Mount partition +alias m1="mount $BOOTMNT" +alias m2="mount $TCEMNT" + +# Unmount partition +alias u1="umount $BOOTMNT" +alias u2="umount $TCEMNT" + +# Edit config files +alias vicfg="vi $BOOTMNT/config.txt" +alias vicmd="vi $BOOTMNT/cmdline.txt" diff --git a/servers/pan/.bash_history b/servers/pan/.bash_history new file mode 100644 index 0000000..cfcf066 --- /dev/null +++ b/servers/pan/.bash_history @@ -0,0 +1,119 @@ +./.boot.sh +sudo ./.boot.sh +nano Tidal-Connect-Armv7/tidal.sh +sudo ./.boot.sh +nano .bashrc +pcp bu +exit +sudo ./.boot.sh +nano Tidal-Connect-Armv7/tidal.sh +sudo ./.boot.sh +sudo ./.boot.sh +nano Tidal-Connect-Armv7/tidal.sh +sudo ./.boot.sh +cd Tidal-Connect-Armv7/ +bin/tidal_connect +sudo bin/tidal_connect +sudo pkill tidal_connect +sudo pkill tidal.sh +sudo pkill tidal.sh +sudo bin/tidal_connect +sudo ./tidal.sh +sudo ./tidal.sh start +nano ./tidal.sh +sudo ./tidal.sh start +cd ../ +sudo su +nano Tidal-Connect-Armv7/tidal.sh +qq +exit +bluetoothctl +nano .boot.sh +git clone https://github.com/novaws/rtl8761bu +cd rtl8761bu/ +ll +mv rtl8761bu/rtl8761b_mp_chip_bt40_fw_asic_rom_patch_new.dat /lib/firmware/rtl_bt/rtl8761bu_fw.bin +sudo mv rtl8761bu/rtl8761b_mp_chip_bt40_fw_asic_rom_patch_new.dat /lib/firmware/rtl_bt/rtl8761bu_fw.bin +sudo su +cd ../ +git clone https://github.com/novaws/rtl8761bu +rm -rf rtl8761bu/ +git clone https://github.com/novaws/rtl8761bu +cd rtl8761bu/ +sudo su +exit +nano .boot.sh +nano .boot.sh +fieltool.sh -b +sudo filetool.sh -b +pcp bu +sudo pcp bu +sudo su +exit +sudo su +exit +ll +nano .boot.sh +sudo modprobe -r btusb +sudo modprobe btusb +hciconfig hci0 up && /usr/local/lib/bluetooth/bluetoothd & +lsusb +sudo su +cd /mnt +ls +sudo mount -t cifs //192.168.0.231/music /mnt/music -o guest,vers=3.0,uid=1000,gid=1000,iocharset=utf8,file_mode=0775,dir_mode=0775 +mkdir music +sudo mkdir music +sudo su +sudo mount -t cifs //192.168.0.231/music /mnt/music -o guest,vers=3.0,uid=1000,gid=1000,iocharset=utf8,file_mode=0775,dir_mode=0775 +cd music/ +ls +rm -f test_music +sudo rm -f test_music +ls +ls -la +touch /mnt/music/test_from_pi && ls /mnt/music/test_from_pi && rm /mnt/music/test_from_pi +ls -la +sudo touch hi && ls && sudo rm hi +cd ../ +sudo umount music/ +sudo mount -t cifs //192.168.0.231/music /mnt/music -o guest,vers=3.0,uid=1000,gid=1000,file_mode=0666,dir_mode=0777,iocharset=utf8 +touch /mnt/music/client_test && ls /mnt/music/client_test && rm /mnt/music/client_test +sudo umount music +ll +cd music/ +ll +touch test +ll +ll +ll +ll +ll +ls -la +cat test +ls -la +mkdir pan/{playlist,music} +ll +mkdir -p pan/{playlist,music} +cd +nano .alsaequal.presets +nano .alsaequal.presets +nano .alsaequal.presets +nano .alsaequal.presets +cd /mnt/music/ +ll +cd pan/ +ll +mkdir -p information/{artwork,album_reviews,artist_photos,biographies,lyrics} +cd /var/log +ll +tail -f slimserver/server.log +pcp -h +pcp ll +cat /var/www/index.html +sudo su - +mkdir -p /mnt/music/pan/playlist/PlayLogSongLogs +sudo su- +sudo su + tail -f /var/log/pcp_squeezelite.log +sudo tail -f /var/log/pcp_squeezelite.log diff --git a/servers/pan/.bashrc b/servers/pan/.bashrc new file mode 100644 index 0000000..2b5b562 --- /dev/null +++ b/servers/pan/.bashrc @@ -0,0 +1,2 @@ +sudo cp -rf /home/tc/.terminfo /root/ +source /usr/local/etc/bashrc diff --git a/servers/pan/.boot.sh b/servers/pan/.boot.sh new file mode 100755 index 0000000..0c99e97 --- /dev/null +++ b/servers/pan/.boot.sh @@ -0,0 +1,11 @@ +#!/bin/bash +sudo modprobe -r btusb +sudo modprobe btusb + +hciconfig hci0 up && /usr/local/lib/bluetooth/bluetoothd & +sudo pkill tidal.sh +sudo pkill tidal_connect + +rm -f /tmp/tisoc-controller +sudo /usr/local/etc/init.d/avahi start +sudo /home/tc/Tidal-Connect-Armv7/tidal.sh start & diff --git a/servers/pan/.profile b/servers/pan/.profile new file mode 100644 index 0000000..1511acb --- /dev/null +++ b/servers/pan/.profile @@ -0,0 +1,36 @@ +# ~/.profile: Executed by Bourne-compatible login SHells. +# +# Path to personal scripts and executables (~/.local/bin). +[ -d "$HOME/.local/bin" ] || mkdir -p "$HOME/.local/bin" +export PATH=$HOME/.local/bin:$PATH + +ONDEMAND=/etc/sysconfig/tcedir/ondemand +[ -d "$ONDEMAND" ] && export PATH=$PATH:"$ONDEMAND" + +# Environment variables and prompt for Ash SHell +# or Bash. Default is a classic prompt. +# +PS1='\u@\h:\w\$ ' +PAGER='less -EM' +MANPAGER='less -isR' + +EDITOR=vi + +export PS1 PAGER FILEMGR EDITOR MANPAGER + +export BACKUP=1 +[ "`id -un`" = "`cat /etc/sysconfig/tcuser`" ] && echo "$BACKUP" | sudo tee /etc/sysconfig/backup >/dev/null 2>&1 +export FLWM_TITLEBAR_COLOR="58:7D:AA" + +if [ -f "$HOME/.ashrc" ]; then + export ENV="$HOME/.ashrc" + . "$HOME/.ashrc" +fi + +TERMTYPE=`/usr/bin/tty` +[ ${TERMTYPE:5:3} == "tty" ] && ( +[ ! -f /etc/sysconfig/Xserver ] || +[ -f /etc/sysconfig/text ] || +[ -e /tmp/.X11-unix/X0 ] || +startx +) diff --git a/servers/pan/asound.conf b/servers/pan/asound.conf new file mode 100644 index 0000000..abd2541 --- /dev/null +++ b/servers/pan/asound.conf @@ -0,0 +1,45 @@ +# Optimized ALSA config for piCorePlayer - Syntax-fixed plug for format/resampling quality +pcm.!default { + type plug + slave.pcm "equal" # Routes to EQ chain (equal -> plugequal -> plugdefault -> hw:0,0) + ttable.0.0 1 + ttable.1.1 1 + rate 44100 # Default; auto-resamples sources (up to 192kHz) with dither for stable bass/highs +} + +ctl.!default { + type hw + card 0 +} + +# Intermediate plug PCM for EQ compatibility/resampling (explicit format in slave) +pcm.plugdefault { + type plug + slave { + pcm "hw:0,0" # Direct to bcm2835 headphone jack (3.5mm) + rate 44100 + format S16_LE # Native Pi format only here; dither reduces artifacts on conversion + } +} + +# ALSA 10-band Equalizer (your working LADSPA - unchanged) +ctl.equal { + type equal; + controls "/home/tc/.alsaequal.bin" + library "/usr/local/lib/ladspa/caps.so" +} + +pcm.plugequal { + type equal; + slave.pcm "plugdefault"; + controls "/home/tc/.alsaequal.bin" + library "/usr/local/lib/ladspa/caps.so" +} + +pcm.equal { + type plug; + slave.pcm plugequal; + ttable.0.0 1 + ttable.1.1 1 +} + diff --git a/servers/pan/asound.conf.bak b/servers/pan/asound.conf.bak new file mode 100644 index 0000000..1c70877 --- /dev/null +++ b/servers/pan/asound.conf.bak @@ -0,0 +1,68 @@ +# default - Generated by piCorePlayer +pcm.!default { + type hw + slave.pcm "hw:0,0" +} + +pcm.pcpinput { + type plug + card 0 + device 0 +} + +#---ALSA EQ Below-------- +pcm.sound_device { + type hw + slave.pcm { + type hw + card + device 0 + } +} + +ctl.equal { + type equal; + controls "/home/tc/.alsaequal.bin" + library "/usr/local/lib/ladspa/caps.so" +} + +pcm.plugequal { + type equal; + slave.pcm "sound_device"; + controls "/home/tc/.alsaequal.bin" + library "/usr/local/lib/ladspa/caps.so" +} + +pcm.equal { + type plug; + slave.pcm plugequal; +} + +#Bluetooth bt_W-King - Generated by pCP +pcm.bt_W-King { + type plug + slave.pcm { + type bluealsa + service "org.bluealsa" + device F4:4E:FC:1A:52:ED + profile "a2dp" + } +} + +ctl.equal_bt_W-King { + type equal; + controls "/home/tc/.alsaequal.bin.bt_W-King" + library "/usr/local/lib/ladspa/caps.so" +} + +pcm.plugequal_bt_W-King { + type equal; + slave.pcm "bt_W-King"; + controls "/home/tc/.alsaequal.bin.bt_W-King" + library "/usr/local/lib/ladspa/caps.so" +} + +pcm.equal_bt_W-King { + type plug; + slave.pcm plugequal_bt_W-King; +} diff --git a/servers/pan/pcp-powerbutton.sh b/servers/pan/pcp-powerbutton.sh new file mode 100755 index 0000000..5f1c2a8 --- /dev/null +++ b/servers/pan/pcp-powerbutton.sh @@ -0,0 +1,102 @@ +#!/bin/sh +# +# piCorePlayer Power Button Script - Used to shutdown pCP with a GPIO input. +# +# Defaults are for the Audiophonics power button +DEBUG=0 +IN_LOW=0 +PIN_IN=17 +PIN_OUT=22 +PUPDOWN="off" + +PATH=/bin:/usr/bin:/usr/local/bin + +usage() { + echo " usage: $0 [-i] [-o] [--low] [--help] [--debug]" + echo " -i GPIO input pin to shutdown pCP" + echo " -o GPIO output pin for successful pCP boot" + echo " --low Input is active low (and set pull up resistor)" + echo " --high Input is active high (and set pull down resistor)" + echo " --debug Script run as normal, but will not shutdown pCP" + echo " --help script usage" + echo "" + echo " Note: pin numbers are in BCM notation" + echo "" + exit 1 +} + +validate_pin(){ + VAL=$(echo $1 | grep -o '[[:digit:]]*') + + if [ "$VAL" != "" ]; then + if [ $VAL -le 31 ]; then + return 0 + fi + fi + return 1 +} + +which pinctrl > /dev/null +if [ $? -ne 0 ]; then + if [ -f /etc/sysconfig/tcedir/optional/raspi-utils.tcz ]; then + tce-load -i raspi-utils.tcz + else + echo "Raspi-utils required for this command" + echo "Install using: pcp-load -w raspi-utils.tcz" + exit 1 + fi +fi + +O=$(getopt -al help,low,high,debug -- i:o:h "$@") || exit 1 +eval set -- "$O" + +[ "$1" = "--" ] && echo "No command line settings, Using defaults"; echo "" + +while true; do + case "$1" in + -i) PIN_IN=$2; shift;; + -o) PIN_OUT=$2; shift;; + --debug) DEBUG=1;; + --low) IN_LOW=1; PUPDOWN="pu";; + --high) IN_LOW=0; PUPDOWN="pd";; + --help) usage;; + --) shift; break;; + -*) usage;; + *) break;; + esac + shift +done + +echo "piCorePlayer Power button shutdown script starting..." + +validate_pin $PIN_IN +if [ $? -ne 0 ]; then + echo "Error in Input Pin Assignment" + exit 1 +fi +validate_pin $PIN_OUT +if [ $? -ne 0 ]; then + echo "Error in Output Pin Assignment" + exit 1 +fi + +echo "Asserting pins : " +echo -n "ShutDown : GPIO${PIN_IN}=in, " +[ ${IN_LOW} -eq 1 ] && echo "Low" || echo "High" +echo "BootOK : GPIO${PIN_OUT}=out, High" + +sudo pinctrl set $PIN_IN ip $PUPDOWN +sudo pinctrl set $PIN_OUT op dh + +[ $IN_LOW -eq 0 ] && IN_CHK="hi" || IN_CHK="lo" + +while [ 1 ]; do + if [ "$(sudo /usr/local/bin/pinctrl get ${PIN_IN} | awk -F' ' '{print $5}')" = "$IN_CHK" ]; do + echo "piCorePlayer shutting down." + [ $DEBUG -eq 0 ] && exitcheck.sh shutdown + break + fi + /bin/sleep 1 +done + +exit 0 diff --git a/servers/pan/powerscript.sh b/servers/pan/powerscript.sh new file mode 100755 index 0000000..6f4b471 --- /dev/null +++ b/servers/pan/powerscript.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +#======================================================================================== +# Basic gpio script +#---------------------------------------------------------------------------------------- +# squeezelite -S /home/tc/powerscript.sh +# +# squeezelite sets $1 to: +# 0: off +# 1: on +# 2: initialising +#---------------------------------------------------------------------------------------- + +# Version: 0.01 2016-03-03 GE +# Original. + +# type tty at prompt to determine dev + +#TERMINAL=/dev/console # boot console + +TERMINAL=/dev/pts/0 # ssh window + +case $1 in + 2) + echo "$1: Initialising..." >$TERMINAL + ;; + 1) + echo "$1: turn on" >$TERMINAL + ;; + 0) + echo "$1: turn off" >$TERMINAL + ;; +esac