open HA on web + radio

Add instructions for taskserver certs renewal
WIP yee and syncthing notes
2024-04-22 20:50:56 +02:00 · 2024-04-22 20:46:59 +02:00 · 2024-04-11 19:19:18 +02:00 · 2024-01-29 23:34:32 +01:00 · 2024-01-29 20:38:16 +01:00
9 changed files with 175 additions and 5 deletions
--- a/bind9/guiotte.db
+++ b/bind9/guiotte.db
@ -22,3 +22,5 @@ photos.guiotte.fr. IN  CNAME   dm.guiotte.fr.
 dl.guiotte.fr.     IN  CNAME   dm.guiotte.fr.
 kdoc.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
 sync.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
+pad.guiotte.fr.    IN  CNAME   dm.guiotte.fr.
+home.guiotte.fr.   IN  CNAME   dm.guiotte.fr.
--- a/ddclient/ddclient.conf
+++ b/ddclient/ddclient.conf
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -108,6 +108,9 @@ services:
      - ./syncthing:/config
      - /mnt/storage/music/Florent:/music
      - /mnt/storage/audrey-sync:/audrey-sync
+      - /mnt/storage/audrey-projets:/audrey-projets
+      - /home/florent/syncthing/notes:/notes
+      - /home/florent/syncthing/signal-bkp:/signal-bkp
    ports:
      - 22000:22000/tcp
      - 22000:22000/udp
@ -228,6 +231,90 @@ services:
      - nextcloud-db-pw


+  hedgedoc:
+    image: lscr.io/linuxserver/hedgedoc:latest
+    container_name: hedgedoc
+    depends_on:
+      - hedgedoc-db
+    environment:
+      <<: *common-environment
+      DB_HOST: hedgedoc-db
+      DB_PORT: 3306
+      DB_USER: hedgedoc
+      DB_NAME: hedgedoc
+      FILE__DB_PASS: /run/secrets/hedgedoc-db-pw
+      CMD_DOMAIN: pad.guiotte.fr
+      CMD_PROTOCOL_USESSL: true
+      CMD_ALLOW_FREEURL: true
+      CMD_REQUIRE_FREEURL_AUTHENTICATION: true
+    volumes:
+      - hedgedoc-config:/config
+    restart: unless-stopped
+    secrets:
+      - hedgedoc-db-pw
+
+
+  hedgedoc-db:
+    image: lscr.io/linuxserver/mariadb:latest
+    container_name: hedgedoc-db
+    restart: unless-stopped
+    volumes:
+      - hedgedoc-db:/config
+    environment:
+      <<: *common-environment
+      FILE__MYSQL_ROOT_PASSWORD: /run/secrets/hedgedoc-db-root-pw
+      FILE__MYSQL_PASSWORD: /run/secrets/hedgedoc-db-pw
+      MYSQL_DATABASE: hedgedoc
+      MYSQL_USER: hedgedoc
+    secrets:
+      - hedgedoc-db-root-pw
+      - hedgedoc-db-pw
+
+
+  homeassistant:
+    image: lscr.io/linuxserver/homeassistant:latest
+    container_name: homeassistant
+    environment:
+      <<: *common-environment
+    volumes:
+      - homeassistant-config:/config
+    restart: unless-stopped
+    devices:
+      - /dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20240219191913-if00:/dev/ttyACM0
+
+
+  yee0:
+    build: ssh
+    container_name: yee0
+    volumes:
+      - ./ssh/id_rsa:/root/.ssh/id_rsa
+    environment:
+      - SSH_HOSTNAME=192.168.1.5
+      - SSH_USERNAME=alarm
+      - SSH_LOCAL_PORT=55443
+      - SSH_DESTINATION=10.0.0.130
+      - SSH_DESTINATION_PORT=55443
+        #ports:
+        #  - 55443:55443
+    restart: unless-stopped
+
+
+  yee1:
+    build: ssh
+    container_name: yee1
+    volumes:
+      - ./ssh/id_rsa:/root/.ssh/id_rsa
+    environment:
+      - SSH_HOSTNAME=192.168.1.5
+      - SSH_USERNAME=alarm
+      - SSH_LOCAL_PORT=55443
+      - SSH_DESTINATION=10.0.0.251
+      - SSH_DESTINATION_PORT=55443
+        #ports:
+        #  - 55443:55443
+    restart: unless-stopped
+
+
 volumes:
  money-data:
  zotero-data:
@ -241,6 +328,9 @@ volumes:
  nextcloud-config:
  nextcloud-db-config:
  ddclient-cache:
+  hedgedoc-config:
+  hedgedoc-db:
+  homeassistant-config:


 secrets:
@ -256,3 +346,7 @@ secrets:
    file: transmission-user.secret
  transmission-pw:
    file: transmission-pw.secret
+  hedgedoc-db-root-pw:
+    file: hedgedoc-db-root-pw.secret
+  hedgedoc-db-pw:
+    file: hedgedoc-db-pw.secret
--- a/hedgedoc-db-pw.secret
+++ b/hedgedoc-db-pw.secret
--- a/hedgedoc-db-root-pw.secret
+++ b/hedgedoc-db-root-pw.secret
--- a/ssh/Dockerfile
+++ b/ssh/Dockerfile
@ -0,0 +1,25 @@
+FROM ghcr.io/linuxserver/baseimage-alpine:3.18
+
+# Install SSH client
+RUN \
+  apk add --no-cache \
+    openssh-client
+
+
+# Set volume for ssh key
+VOLUME /root/.ssh/id_rsa
+
+# Set default values for SSH tunnel configuration
+ENV SSH_HOSTNAME=server.example.com
+ENV SSH_USERNAME=username
+ENV SSH_DESTINATION=destination
+ENV SSH_DESTINATION_PORT=12345
+ENV SSH_LOCAL_PORT=12345
+
+ENTRYPOINT ssh \
+  -N -4 \
+  -L *:$SSH_LOCAL_PORT:$SSH_DESTINATION:$SSH_DESTINATION_PORT \
+  -l $SSH_USERNAME \
+  -o "StrictHostKeyChecking no" \
+  -o "UserKnownHostsFile /dev/null" \
+  $SSH_HOSTNAME
--- a/swag/nginx/proxy-confs/hedgedoc.subdomain.conf
+++ b/swag/nginx/proxy-confs/hedgedoc.subdomain.conf
@ -0,0 +1,48 @@
+## Version 2023/05/31
+# make sure you set the following environment variables in your docker arguments
+# CMD_DOMAIN=hedgedoc.server.com
+# CMD_URL_ADDPORT=false
+# CMD_PROTOCOL_USESSL=true
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name pad.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    #include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        #include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app hedgedoc;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}
--- a/syncthing/config.xml
+++ b/syncthing/config.xml
--- a/taskserver/README.md
+++ b/taskserver/README.md
@ -6,14 +6,15 @@ Written with the help of

 ## Certs renewal

-*do we need to remove volumes?:*
+- *do we need to remove volumes?:* Yes!
+
+Once a year recreate the container and copy the `client_certs` dir! On the server:

 ```shell
-docker volume rm docker_taskserver-certs docker_taskserver-data
-
+dcc stop taskserver && dcc rm taskserver && docker volume rm docker_taskserver-certs docker_taskserver-data && dcu
 ```
-Once a year recreate the container and copy the `client_certs` dir! On
-the client:
+
+On the client:

 ```shell
 scp -r florent@dm.guiotte.fr:~/docker/taskserver/client_certs/* ~/.config/task/certs
Author	SHA1	Message	Date
Florent Guiotte	7319497118	open HA on web + radio	2024-04-22 20:50:56 +02:00
Florent Guiotte	33994008e4	Add instructions for taskserver certs renewal	2024-04-22 20:46:59 +02:00
Florent Guiotte	89094b592a	WIP yee and syncthing notes	2024-04-11 19:19:18 +02:00
Florent Guiotte	499186556b	WIP on home assistant	2024-01-29 23:34:32 +01:00
Florent Guiotte	2b84b5afdd	Add pad	2024-01-29 20:38:16 +01:00