open HA on web + radio

bind9/guiotte.db

@@ -22,3 +22,5 @@ photos.guiotte.fr. IN  CNAME   dm.guiotte.fr.
 dl.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
 kdoc.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
 sync.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+pad.guiotte.fr.    IN  CNAME   dm.guiotte.fr.
+home.guiotte.fr.   IN  CNAME   dm.guiotte.fr.

docker-compose.yml

@@ -108,6 +108,9 @@ services:
       - ./syncthing:/config
       - /mnt/storage/music/Florent:/music
       - /mnt/storage/audrey-sync:/audrey-sync
+      - /mnt/storage/audrey-projets:/audrey-projets
+      - /home/florent/syncthing/notes:/notes
+      - /home/florent/syncthing/signal-bkp:/signal-bkp
     ports:
       - 22000:22000/tcp
       - 22000:22000/udp
@@ -228,6 +231,90 @@ services:
       - nextcloud-db-pw
 
 
+  hedgedoc:
+    image: lscr.io/linuxserver/hedgedoc:latest
+    container_name: hedgedoc
+    depends_on:
+      - hedgedoc-db
+    environment:
+      <<: *common-environment
+      DB_HOST: hedgedoc-db
+      DB_PORT: 3306
+      DB_USER: hedgedoc
+      DB_NAME: hedgedoc
+      FILE__DB_PASS: /run/secrets/hedgedoc-db-pw
+      CMD_DOMAIN: pad.guiotte.fr
+      CMD_PROTOCOL_USESSL: true
+      CMD_ALLOW_FREEURL: true
+      CMD_REQUIRE_FREEURL_AUTHENTICATION: true
+    volumes:
+      - hedgedoc-config:/config
+    restart: unless-stopped
+    secrets:
+      - hedgedoc-db-pw
+
+
+  hedgedoc-db:
+    image: lscr.io/linuxserver/mariadb:latest
+    container_name: hedgedoc-db
+    restart: unless-stopped
+    volumes:
+      - hedgedoc-db:/config
+    environment:
+      <<: *common-environment
+      FILE__MYSQL_ROOT_PASSWORD: /run/secrets/hedgedoc-db-root-pw
+      FILE__MYSQL_PASSWORD: /run/secrets/hedgedoc-db-pw
+      MYSQL_DATABASE: hedgedoc
+      MYSQL_USER: hedgedoc
+    secrets:
+      - hedgedoc-db-root-pw
+      - hedgedoc-db-pw
+
+
+  homeassistant:
+    image: lscr.io/linuxserver/homeassistant:latest
+    container_name: homeassistant
+    environment:
+      <<: *common-environment
+    volumes:
+      - homeassistant-config:/config
+    restart: unless-stopped
+    devices:
+      - /dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20240219191913-if00:/dev/ttyACM0
+
+
+  yee0:
+    build: ssh
+    container_name: yee0
+    volumes:
+      - ./ssh/id_rsa:/root/.ssh/id_rsa
+    environment:
+      - SSH_HOSTNAME=192.168.1.5
+      - SSH_USERNAME=alarm
+      - SSH_LOCAL_PORT=55443
+      - SSH_DESTINATION=10.0.0.130
+      - SSH_DESTINATION_PORT=55443
+        #ports:
+        #  - 55443:55443
+    restart: unless-stopped
+
+
+  yee1:
+    build: ssh
+    container_name: yee1
+    volumes:
+      - ./ssh/id_rsa:/root/.ssh/id_rsa
+    environment:
+      - SSH_HOSTNAME=192.168.1.5
+      - SSH_USERNAME=alarm
+      - SSH_LOCAL_PORT=55443
+      - SSH_DESTINATION=10.0.0.251
+      - SSH_DESTINATION_PORT=55443
+        #ports:
+        #  - 55443:55443
+    restart: unless-stopped
+
+
 volumes:
   money-data:
   zotero-data:
@@ -241,6 +328,9 @@ volumes:
   nextcloud-config:
   nextcloud-db-config:
   ddclient-cache:
+  hedgedoc-config:
+  hedgedoc-db:
+  homeassistant-config:
 
 
 secrets:
@@ -256,3 +346,7 @@ secrets:
     file: transmission-user.secret
   transmission-pw:
     file: transmission-pw.secret
+  hedgedoc-db-root-pw:
+    file: hedgedoc-db-root-pw.secret
+  hedgedoc-db-pw:
+    file: hedgedoc-db-pw.secret

ssh/Dockerfile

@@ -0,0 +1,25 @@
+FROM ghcr.io/linuxserver/baseimage-alpine:3.18
+
+# Install SSH client
+RUN \
+  apk add --no-cache \
+    openssh-client
+
+
+# Set volume for ssh key
+VOLUME /root/.ssh/id_rsa
+
+# Set default values for SSH tunnel configuration
+ENV SSH_HOSTNAME=server.example.com
+ENV SSH_USERNAME=username
+ENV SSH_DESTINATION=destination
+ENV SSH_DESTINATION_PORT=12345
+ENV SSH_LOCAL_PORT=12345
+
+ENTRYPOINT ssh \
+  -N -4 \
+  -L *:$SSH_LOCAL_PORT:$SSH_DESTINATION:$SSH_DESTINATION_PORT \
+  -l $SSH_USERNAME \
+  -o "StrictHostKeyChecking no" \
+  -o "UserKnownHostsFile /dev/null" \
+  $SSH_HOSTNAME

swag/nginx/proxy-confs/hedgedoc.subdomain.conf

@@ -0,0 +1,48 @@
+## Version 2023/05/31
+# make sure you set the following environment variables in your docker arguments
+# CMD_DOMAIN=hedgedoc.server.com
+# CMD_URL_ADDPORT=false
+# CMD_PROTOCOL_USESSL=true
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name pad.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app hedgedoc;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}

taskserver/README.md

@@ -6,14 +6,15 @@ Written with the help of
 
 ## Certs renewal
 
-*do we need to remove volumes?:*
+- *do we need to remove volumes?:* Yes!
+
+Once a year recreate the container and copy the `client_certs` dir! On the server:
 
 ```shell
-docker volume rm docker_taskserver-certs docker_taskserver-data
+dcc stop taskserver && dcc rm taskserver && docker volume rm docker_taskserver-certs docker_taskserver-data && dcu
-
 ```
-Once a year recreate the container and copy the `client_certs` dir! On
+
-the client:
+On the client:
 
 ```shell
 scp -r florent@dm.guiotte.fr:~/docker/taskserver/client_certs/* ~/.config/task/certs