kemonine
/
lollipopcloud
Archived
1
0
Fork 0
Code Releases Activity

Major docs updates to clean up various commands, leverage the lollipop cloud docker registry and more

This commit is contained in:
KemoNine 2018-09-17 16:29:55 -04:00
parent 0e84c81332
commit 0bd7aa3f62
No known key found for this signature in database
GPG Key ID: 9D79FBF661EC6779
18 changed files with 95 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
armbian/base_setup.md
View File

@ -16,19 +16,31 @@ systemctl reboot
```
## Install Useful Tools
``` bash
apt install htop nload iotop tmux screen vim nano links wget exfat-utils ntfs-3g gdisk lvm2 cryptsetup busybox
```
## ENABLE Automatic Update Download
*Note: this is for more persistent/permanently online lollipops*
### /etc/apt/apt.conf.d/02-armbian-periodic
- Change ```APT::Periodic::Enable "0";``` to ```APT::Periodic::Enable "1";```
- Change ```APT::Periodic::Update-Package-Lists "21";``` to ```APT::Periodic::Update-Package-Lists "1";```
## DISABLE Automatic Update Downloads
*Note: this is to save bandwidth, time, etc when travelling*
### /etc/apt/apt.conf.d/02periodic
Change ```APT::Periodic::Enable "1";``` to ```APT::Periodic::Enable "0";```
### /etc/apt/apt.conf.d/20auto-upgrades
Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
- Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
- Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
## Tweak OpenSSH Config

4
services/caddy.md → armbian/caddy.md
View File

@ -22,6 +22,10 @@ Please note the Docker plugin is for a *swarm* which is *not* setup in these doc
mkdir /var/log/caddy
mkdir -p /etc/caddy/services
chown www-data /var/log/caddy /etc/caddy
mkdir -p /var/www
chown www-data /var/www
mkdir /var/log/caddy
chown www-data /var/log/caddy
cat > /root/update_caddy.sh <<EOF
curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.cors,http.expires,http.filemanager,http.ipfilter,http.locale,http.realip,http.upload,net
EOF

5
armbian/chrony.md
View File

@ -15,9 +15,9 @@ Setup alternative ntp that does well with systems that may or may not always be
apt update
apt install chrony
systemctl enable chrony # Enable service
systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
systemctl start chrony # Start service
chronyc activity # Verify install successful
systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
```
@ -34,11 +34,10 @@ allow 172.30.0.0/16
# Allow large clock adjustments (you want this as there is no RTC on most SBCs)
makestep 1 -1
EOF
systemctl restart chrony # Restart chrony to pickup config changes
```
Run ```systemctl restart chrony``` to pickup the changes.
## Allow NTP access via internal/trusted networks
``` bash

10
armbian/cockpit.md
View File

@ -12,12 +12,12 @@ Further reading: [http://cockpit-project.org/running](http://cockpit-project.org
#add-apt-repository ppa:cockpit-project/cockpit
apt update
apt install cockpit cockpit-doc \
cockpit-docker cockpit-networkmanager \
apt install cockpit cockpit-doc cockpit-dashboard \
cockpit-docker cockpit-machines cockpit-networkmanager \
cockpit-dashboard cockpit-system \
cockpit-storaged cockpit-packagekit
systemctl enable cockpit
systemctl start cockpit
cockpit-storaged cockpit-packagekit \
cockpit-system cockpit-ws \
packagekit-tools cracklib-runtime
```

21
armbian/docker.md
View File

@ -5,7 +5,7 @@ Containerized services for easy deployment and updates.
## Inspiration / Further Reading
- [https://docs.docker.com/install/](https://docs.docker.com/install/)
- [https://docs.docker.com/install/linux/docker-ce/ubuntu/](https://docs.docker.com/install/linux/docker-ce/ubuntu/)
- [https://docs.docker.com/install/linux/docker-ce/debian/](https://docs.docker.com/install/linux/docker-ce/debian/)
- [https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/](https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/)
## Pre Flight Setup
@ -17,10 +17,11 @@ Containerized services for easy deployment and updates.
apt remove docker docker-engine docker.io
apt install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
ca-certificates \
curl \
gnupg2 \
software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
```
@ -29,7 +30,7 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
``` bash
add-apt-repository \
"deb [arch=armhf] https://download.docker.com/linux/ubuntu \
"deb [arch=armhf] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
@ -40,7 +41,7 @@ add-apt-repository \
``` bash
add-apt-repository \
"deb [arch=arm64] https://download.docker.com/linux/ubuntu \
"deb [arch=arm64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
@ -62,12 +63,6 @@ systemctl enable docker
If you have an external USB storage device always connected, you may want to move the contents of ```/var/lib/docker``` to somewhere on the external storage and use a symlink in place. This will help with churn on the internal micro-sd card and extend its life.
## Create Container Script Dir
For the containers detailed here, you'll want a dedicated directory for keeping the scripts/outputs.
```mkdir /root/docker```
## Configure Docker Default Bridge
Ensure the default Docker bridge doesn't conflict with existing networks.

17
armbian/firewalld.md
View File

@ -66,23 +66,6 @@ firewall-cmd --reload
```
## Allow internal access to ssh
``` bash
# Remove ssh from public zone
firewall-cmd --permanent --zone=public --remove-service=ssh
# Add ssh to internal zone
firewall-cmd --permanent --zone=internal --add-service ssh
# Reload rules
firewall-cmd --reload
# Verify rules
firewall-cmd --zone=public --list-all
firewall-cmd --zone=internal --list-all
```
## Useful Commands
- ```firewall-cmd --state```

2
armbian/first_boot.md
View File

@ -14,7 +14,7 @@ The rest of this guide assumes you'll be logged in as the admin user and will be
Just in case you need reference material while offline or on a bad network link, mirror these docs to the root filesystem.
```git clone https://gitlab.com/kemonine/lolipop_lan_cloud.git /root/lolipop_lan_cloud```
```git clone https://git.lollipopcloud.solutions/lollipop-cloud/docs.git /root/docs```
## Disable root login

1
armbian/modem_manager.md
View File

@ -15,6 +15,7 @@ Setup an LTE/3G modem. You'll need to adapt this information to your specific mo
- [https://forums.linuxmint.com/viewtopic.php?f=53&t=119342](https://forums.linuxmint.com/viewtopic.php?f=53&t=119342)
- [https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/](https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/)
- [https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst](https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst)
- [https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/](https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/)
## On The Go Help

7
armbian/monitoring.md
View File

@ -24,13 +24,8 @@ apt update
apt install munin munin-node \
munin-plugins-core munin-plugins-extra \
libcgi-fast-perl
vim /etc/munin/munin.conf
vim /etc/munin/munin-node.conf
vim /etc/munin/plugin-conf.d/*
munin-node-configure --suggest 2>&1 | less
munin-node-configure --shell 2>&1 | less
systemcl restart munin-node
systemctl enable munin-node
systemcl restart munin-node
```

14
armbian/network_manager.md
View File

@ -86,13 +86,13 @@ Some useful commands for adjusting connection/device status
``` bash
apt update
# Install additional deps
apt install ebtables ipset
# Install + add-ons
apt install network-manager \
network-manager-openvpn network-manager-pptp
systemctl enable NetworkManager # Enable the service
systemctl start NetworkManager # Start the service
network-manager-openvpn network-manager-pptp \
ebtables ipset dnsmasq-base
# Enable the service
systemctl enable NetworkManager
# Start the service
systemctl start NetworkManager
```
@ -100,7 +100,7 @@ systemctl start NetworkManager # Start the service
By default Armbian sets up at least one network device "behind the scenes" and keeps it "outside" NetworkManager. Given we want to manage our Lollipop through NetworkManager, we need to make a small tweak.
Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present.
Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present. Also make sure the ```/etc/network/interfaces.d``` directory is empty.
Reboot after above cleanup of interfaces file.

8
armbian/unbound.md
View File

@ -18,7 +18,6 @@ curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
cat > /etc/unbound/root.key <<EOF
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
EOF
chown unbound /etc/unbound
cat > /etc/unbound/unbound.conf <<EOF
server:
interface: 127.0.0.1
@ -57,6 +56,7 @@ include: /etc/unbound/local_zone/*.conf
EOF
chown unbound /etc/unbound
systemctl enable unbound
systemctl start unbound
@ -110,12 +110,6 @@ systemctl daemon-reload
```
## Adjust NetworkManager Config
Edit ```/etc/NetworkManager/NetworkManager.conf```
Change the ```dns=``` line to be ```dns=127.0.0.1```
## Setup all WAN connections to use this for dns cache
### WiFi

7
armbian/vpn/pia.md
View File

@ -1,10 +1,8 @@
# Private Internet Access (PIA)
```TODO : INCOMPLETE```
This is a **VERY** advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
The author *strongly* recommends reading through this and adapting to other services well ahead of any real need(s).
The author *strongly* recommends reading through this and adapting/tuning well ahead of any real need(s).
## Inspiration / Sources
@ -46,7 +44,7 @@ cd ..
# OMIT Gnome item if you can get away with it...
apt update
apt install network-manager-openvpn network-manager-openvpn-gnome
apt install network-manager-openvpn
```
@ -89,6 +87,7 @@ nmcli con show
vim /etc/NetworkManager/system-connections/[con_name]
```
#### Adjustments/Necessary Verification
``` bash

2
armbian/vpn/vpn_autoconnect.md
View File

@ -29,7 +29,7 @@ echo "[uuid]" > /etc/autovpn/default
# Get network names of ALL docker connections
nmcli con show
echo "[name1],[name2]" > /etc/autovpn/exclude
echo "[uuid1],[uuid2]" > /etc/autovpn/exclude
```

4
hardware/rtc.md
View File

@ -55,6 +55,7 @@ apt remove --purge fake-hwclock # purge the fake hwclock as we have a real one n
cat > /etc/udev/rules.d/99-rtc1.rules <<EOF
KERNEL=="rtc1", SUBSYSTEM=="rtc", DRIVER=="", ATTR{name}=="rtc-pcf8523 0-0068", SYMLINK="rtc", MODE="0666"
EOF
```
## Internal RTC Adjustments
@ -99,7 +100,6 @@ EOF
systemctl daemon-reload
systemctl enable rtc0-online
```
## External RTC On Boot
@ -127,7 +127,7 @@ After=rtc0-online
EOF
systemctl daemon-reload
systemctl
systemctl enable rtc1-online
```

18
services/acme_sh.md
View File

@ -38,8 +38,8 @@ Grab the acme.sh Dockerfile and update it to work with arm (32 or 64).
``` bash
mkdir -p /root/docker/acme.sh
cd /root/docker/acme.sh
mkdir -p /scratch/docker/acme.sh
cd /scratch/docker/acme.sh
wget https://raw.githubusercontent.com/Neilpang/acme.sh/master/Dockerfile
sed -i '1s/^/ARG ALPINE=alpine:3.6\n/' Dockerfile
sed -i '/FROM/c\FROM $ALPINE' Dockerfile
@ -54,7 +54,7 @@ Setup a basic update/run script with the adjusted upstream Dockerfile
``` bash
cat > /root/docker/acme.sh/acme.sh <<EOF
cat > /scratch/docker/acme.sh/acme.sh <<EOF
#!/bin/bash
LATEST=\`docker images --no-trunc acme.sh/acme.sh | awk '{print \$2}' | sort -r | head -n1\`
@ -91,7 +91,7 @@ echo "Running build"
docker build \\
--network host \\
--build-arg ALPINE=\$ALPINE \\
--file /root/docker/acme.sh/Dockerfile \\
--file /scratch/docker/acme.sh/Dockerfile \\
--tag acme_sh/acme_sh:\$RELEASE \\
.
@ -112,13 +112,13 @@ docker run -itd \\
EOF
chmod a+x /root/docker/acme.sh/acme.sh
chmod a+x /scratch/docker/acme.sh/acme.sh
```
## First Run
Run ```cd /root/docker/acme.sh && /root/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
Run ```cd /scratch/docker/acme.sh && /scratch/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
*Note: The above script(s) setup the container to auto-run for auto-renew purposes. If you think you'll miss your renew window, force update the certs*
@ -153,7 +153,7 @@ docker exec acme.sh \
docker exec \
-e CF_Email='[your cloudflare email]' \
-e CF_Key='[your cloudflare api key]' \
acme.sh \
acme_sh \
--issue \
--cert-file /acme.sh/domain.tld/domain.tld.crt \
--dns dns_cf \
@ -172,7 +172,7 @@ docker exec \
docker exec \
-e CF_Email='[your cloudflare email]' \
-e CF_Key='[your cloudflare api key]' \
acme.sh \
acme_sh \
--renew-all \
--force \
--dns dns_cf \
@ -184,7 +184,7 @@ docker exec \
``` bash
docker exec acme.sh \
docker exec acme_sh \
--revoke \
-d domain.tld \
-d pi-hole-gui.domain.tld \

30
services/borg.md
View File

@ -10,29 +10,31 @@ The BETTER backup solution.
## Install
Note this is built using sources (kinda). May take awhile on most arm boards.
*Note: we are downloading pre-built borg images from the main lollipop cloud servers in this step instead of building it from scratch*
### arm32v7 boards
``` bash
# install build dependencies
apt update
apt install python-setuptools python3-setuptools \
python3 python3-dev python3-pip python-virtualenv \
libssl-dev openssl \
libacl1-dev libacl1 \
build-essential \
libfuse-dev fuse pkg-config
pip3 install borgbackup[fuse]
wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm32v7-debian-stretch
```
## Upgrades
### arm64v8 boards
Per the docs
``` bash
> To upgrade Borg to a new version later, run the following after activating your virtual environment:
wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm64v8-debian-stretch
```pip install -U borgbackup[fuse]```
```
### All boards
``` bash
chmod a+x /usr/local/bin/borg
```
## Initialize Backup Repo

11
services/pi_hole.md
View File

@ -32,7 +32,7 @@ Full docs on run time parms can be found in the Pi Hole [docs (link)](https://gi
``` bash
mkdir /var/pihole /var/pihole/data /var/pihole/dnsmasq.d
cat > /root/docker/pi-hole.sh <<EOF
cat > /scratch/docker/pi-hole.sh <<EOF
#!/bin/bash
ARCH=\`arch\`
@ -42,14 +42,13 @@ UPSTREAM=""
if [ \$ARCH == "aarch64" ]
then
echo "64bit arm"
UPSTREAM="diginc/pi-hole-multiarch:debian_aarch64"
UPSTREAM="registry.lollipopcloud.solutions/arm64v8/pi-hole:v3.3"
else
echo "32bit arm"
UPSTREAM="diginc/pi-hole-multiarch:debian_armhf"
UPSTREAM="registry.lollipopcloud.solutions/arm32v7/pi-hole:v3.3"
fi
echo "Updating"
docker pull \$UPSTREAM
# Cleanup existing container
@ -74,13 +73,13 @@ docker run \\
EOF
chmod a+x /root/docker/pi-hole.sh
chmod a+x /scratch/docker/pi-hole.sh
```
## Run Pi Hole
Simply execute ```/root/docker/pi-hole.sh``` to update/run Pi Hole.
Simply execute ```/scratch/docker/pi-hole.sh``` to update/run Pi Hole.
## Update LAN(s) to Use Pi Hole

29
services/searx.md
View File

@ -16,34 +16,25 @@ Setup a generic script that'll auto update Searx, build a container and launch i
mkdir -p /var/searx
chown root:root /var/searx
mkdir -p /root/docker/searx
git clone https://github.com/asciimoo/searx.git /root/docker/searx/src
cat > /root/docker/searx/searx.sh << EOF
mkdir -p /scratch/docker/searx
cat > /scratch/docker/searx/searx.sh << EOF
#!/bin/bash
cd /root/docker/searx/src
git checkout Dockerfile
git fetch
LATESTTAG=\`git describe --abbrev=0 --tags\`
git checkout \$LATESTTAG
ARCH=\`arch\`
UPSTREAM=""
# Cleanup arch/container image here
if [ \$ARCH == "aarch64" ]
then
echo "64bit arm"
sed -i 's_alpine:3.5_arm64v8/alpine:3.5_g' Dockerfile
UPSTREAM="registry.lollipopcloud.solutions/arm64v8/searx:v0.14.0"
else
echo "32bit arm"
sed -i 's_alpine:3.5_arm32v6/alpine:3.5_g' Dockerfile
UPSTREAM="registry.lollipopcloud.solutions/arm32v7/searx:v0.14.0"
fi
docker build \\
--file ./Dockerfile \\
--tag searx/searx:\$LATESTTAG \\
.
echo "Updating"
docker pull \$UPSTREAM
# Cleanup existing container
docker stop searx
@ -58,16 +49,16 @@ docker run \\
-e TZ=UTC \\
-e DEBUG=1 \\
-e BASE_URL=searx.domain.tld \\
searx/searx:\$LATESTTAG
\$UPSTREAM
EOF
chmod a+x /root/docker/searx/searx.sh
chmod a+x /scratch/docker/searx/searx.sh
```
## Run Searx
Simply execute ```/root/docker/searx/searx.sh``` to update/run Gogs.
Simply execute ```/scratch/docker/searx/searx.sh``` to update/run Gogs.
## Serving Via Caddy