Major docs updates to clean up various commands, leverage the lollipop cloud docker registry and more
This commit is contained in:
parent
0e84c81332
commit
0bd7aa3f62
|
@ -16,19 +16,31 @@ systemctl reboot
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Install Useful Tools
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
|
||||||
|
apt install htop nload iotop tmux screen vim nano links wget exfat-utils ntfs-3g gdisk lvm2 cryptsetup busybox
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
## ENABLE Automatic Update Download
|
||||||
|
|
||||||
|
*Note: this is for more persistent/permanently online lollipops*
|
||||||
|
|
||||||
|
### /etc/apt/apt.conf.d/02-armbian-periodic
|
||||||
|
|
||||||
|
- Change ```APT::Periodic::Enable "0";``` to ```APT::Periodic::Enable "1";```
|
||||||
|
- Change ```APT::Periodic::Update-Package-Lists "21";``` to ```APT::Periodic::Update-Package-Lists "1";```
|
||||||
|
|
||||||
## DISABLE Automatic Update Downloads
|
## DISABLE Automatic Update Downloads
|
||||||
|
|
||||||
*Note: this is to save bandwidth, time, etc when travelling*
|
*Note: this is to save bandwidth, time, etc when travelling*
|
||||||
|
|
||||||
### /etc/apt/apt.conf.d/02periodic
|
|
||||||
|
|
||||||
Change ```APT::Periodic::Enable "1";``` to ```APT::Periodic::Enable "0";```
|
|
||||||
|
|
||||||
### /etc/apt/apt.conf.d/20auto-upgrades
|
### /etc/apt/apt.conf.d/20auto-upgrades
|
||||||
|
|
||||||
Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
|
- Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
|
||||||
|
- Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
|
||||||
Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
|
|
||||||
|
|
||||||
## Tweak OpenSSH Config
|
## Tweak OpenSSH Config
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,10 @@ Please note the Docker plugin is for a *swarm* which is *not* setup in these doc
|
||||||
mkdir /var/log/caddy
|
mkdir /var/log/caddy
|
||||||
mkdir -p /etc/caddy/services
|
mkdir -p /etc/caddy/services
|
||||||
chown www-data /var/log/caddy /etc/caddy
|
chown www-data /var/log/caddy /etc/caddy
|
||||||
|
mkdir -p /var/www
|
||||||
|
chown www-data /var/www
|
||||||
|
mkdir /var/log/caddy
|
||||||
|
chown www-data /var/log/caddy
|
||||||
cat > /root/update_caddy.sh <<EOF
|
cat > /root/update_caddy.sh <<EOF
|
||||||
curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.cors,http.expires,http.filemanager,http.ipfilter,http.locale,http.realip,http.upload,net
|
curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.cors,http.expires,http.filemanager,http.ipfilter,http.locale,http.realip,http.upload,net
|
||||||
EOF
|
EOF
|
|
@ -15,9 +15,9 @@ Setup alternative ntp that does well with systems that may or may not always be
|
||||||
apt update
|
apt update
|
||||||
apt install chrony
|
apt install chrony
|
||||||
systemctl enable chrony # Enable service
|
systemctl enable chrony # Enable service
|
||||||
|
systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
|
||||||
systemctl start chrony # Start service
|
systemctl start chrony # Start service
|
||||||
chronyc activity # Verify install successful
|
chronyc activity # Verify install successful
|
||||||
systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -34,11 +34,10 @@ allow 172.30.0.0/16
|
||||||
# Allow large clock adjustments (you want this as there is no RTC on most SBCs)
|
# Allow large clock adjustments (you want this as there is no RTC on most SBCs)
|
||||||
makestep 1 -1
|
makestep 1 -1
|
||||||
EOF
|
EOF
|
||||||
|
systemctl restart chrony # Restart chrony to pickup config changes
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Run ```systemctl restart chrony``` to pickup the changes.
|
|
||||||
|
|
||||||
## Allow NTP access via internal/trusted networks
|
## Allow NTP access via internal/trusted networks
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
|
|
|
@ -12,12 +12,12 @@ Further reading: [http://cockpit-project.org/running](http://cockpit-project.org
|
||||||
|
|
||||||
#add-apt-repository ppa:cockpit-project/cockpit
|
#add-apt-repository ppa:cockpit-project/cockpit
|
||||||
apt update
|
apt update
|
||||||
apt install cockpit cockpit-doc \
|
apt install cockpit cockpit-doc cockpit-dashboard \
|
||||||
cockpit-docker cockpit-networkmanager \
|
cockpit-docker cockpit-machines cockpit-networkmanager \
|
||||||
cockpit-dashboard cockpit-system \
|
cockpit-dashboard cockpit-system \
|
||||||
cockpit-storaged cockpit-packagekit
|
cockpit-storaged cockpit-packagekit \
|
||||||
systemctl enable cockpit
|
cockpit-system cockpit-ws \
|
||||||
systemctl start cockpit
|
packagekit-tools cracklib-runtime
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ Containerized services for easy deployment and updates.
|
||||||
## Inspiration / Further Reading
|
## Inspiration / Further Reading
|
||||||
|
|
||||||
- [https://docs.docker.com/install/](https://docs.docker.com/install/)
|
- [https://docs.docker.com/install/](https://docs.docker.com/install/)
|
||||||
- [https://docs.docker.com/install/linux/docker-ce/ubuntu/](https://docs.docker.com/install/linux/docker-ce/ubuntu/)
|
- [https://docs.docker.com/install/linux/docker-ce/debian/](https://docs.docker.com/install/linux/docker-ce/debian/)
|
||||||
- [https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/](https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/)
|
- [https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/](https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/)
|
||||||
|
|
||||||
## Pre Flight Setup
|
## Pre Flight Setup
|
||||||
|
@ -17,10 +17,11 @@ Containerized services for easy deployment and updates.
|
||||||
apt remove docker docker-engine docker.io
|
apt remove docker docker-engine docker.io
|
||||||
apt install \
|
apt install \
|
||||||
apt-transport-https \
|
apt-transport-https \
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
curl \
|
curl \
|
||||||
software-properties-common
|
gnupg2 \
|
||||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
software-properties-common
|
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -29,7 +30,7 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
add-apt-repository \
|
add-apt-repository \
|
||||||
"deb [arch=armhf] https://download.docker.com/linux/ubuntu \
|
"deb [arch=armhf] https://download.docker.com/linux/debian \
|
||||||
$(lsb_release -cs) \
|
$(lsb_release -cs) \
|
||||||
stable"
|
stable"
|
||||||
|
|
||||||
|
@ -40,7 +41,7 @@ add-apt-repository \
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
add-apt-repository \
|
add-apt-repository \
|
||||||
"deb [arch=arm64] https://download.docker.com/linux/ubuntu \
|
"deb [arch=arm64] https://download.docker.com/linux/debian \
|
||||||
$(lsb_release -cs) \
|
$(lsb_release -cs) \
|
||||||
stable"
|
stable"
|
||||||
|
|
||||||
|
@ -62,12 +63,6 @@ systemctl enable docker
|
||||||
|
|
||||||
If you have an external USB storage device always connected, you may want to move the contents of ```/var/lib/docker``` to somewhere on the external storage and use a symlink in place. This will help with churn on the internal micro-sd card and extend its life.
|
If you have an external USB storage device always connected, you may want to move the contents of ```/var/lib/docker``` to somewhere on the external storage and use a symlink in place. This will help with churn on the internal micro-sd card and extend its life.
|
||||||
|
|
||||||
## Create Container Script Dir
|
|
||||||
|
|
||||||
For the containers detailed here, you'll want a dedicated directory for keeping the scripts/outputs.
|
|
||||||
|
|
||||||
```mkdir /root/docker```
|
|
||||||
|
|
||||||
## Configure Docker Default Bridge
|
## Configure Docker Default Bridge
|
||||||
|
|
||||||
Ensure the default Docker bridge doesn't conflict with existing networks.
|
Ensure the default Docker bridge doesn't conflict with existing networks.
|
||||||
|
|
|
@ -66,23 +66,6 @@ firewall-cmd --reload
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Allow internal access to ssh
|
|
||||||
|
|
||||||
``` bash
|
|
||||||
|
|
||||||
# Remove ssh from public zone
|
|
||||||
firewall-cmd --permanent --zone=public --remove-service=ssh
|
|
||||||
# Add ssh to internal zone
|
|
||||||
firewall-cmd --permanent --zone=internal --add-service ssh
|
|
||||||
# Reload rules
|
|
||||||
firewall-cmd --reload
|
|
||||||
# Verify rules
|
|
||||||
firewall-cmd --zone=public --list-all
|
|
||||||
firewall-cmd --zone=internal --list-all
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
## Useful Commands
|
## Useful Commands
|
||||||
|
|
||||||
- ```firewall-cmd --state```
|
- ```firewall-cmd --state```
|
||||||
|
|
|
@ -14,7 +14,7 @@ The rest of this guide assumes you'll be logged in as the admin user and will be
|
||||||
|
|
||||||
Just in case you need reference material while offline or on a bad network link, mirror these docs to the root filesystem.
|
Just in case you need reference material while offline or on a bad network link, mirror these docs to the root filesystem.
|
||||||
|
|
||||||
```git clone https://gitlab.com/kemonine/lolipop_lan_cloud.git /root/lolipop_lan_cloud```
|
```git clone https://git.lollipopcloud.solutions/lollipop-cloud/docs.git /root/docs```
|
||||||
|
|
||||||
## Disable root login
|
## Disable root login
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,7 @@ Setup an LTE/3G modem. You'll need to adapt this information to your specific mo
|
||||||
- [https://forums.linuxmint.com/viewtopic.php?f=53&t=119342](https://forums.linuxmint.com/viewtopic.php?f=53&t=119342)
|
- [https://forums.linuxmint.com/viewtopic.php?f=53&t=119342](https://forums.linuxmint.com/viewtopic.php?f=53&t=119342)
|
||||||
- [https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/](https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/)
|
- [https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/](https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/)
|
||||||
- [https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst](https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst)
|
- [https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst](https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst)
|
||||||
|
- [https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/](https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/)
|
||||||
|
|
||||||
## On The Go Help
|
## On The Go Help
|
||||||
|
|
||||||
|
|
|
@ -24,13 +24,8 @@ apt update
|
||||||
apt install munin munin-node \
|
apt install munin munin-node \
|
||||||
munin-plugins-core munin-plugins-extra \
|
munin-plugins-core munin-plugins-extra \
|
||||||
libcgi-fast-perl
|
libcgi-fast-perl
|
||||||
vim /etc/munin/munin.conf
|
|
||||||
vim /etc/munin/munin-node.conf
|
|
||||||
vim /etc/munin/plugin-conf.d/*
|
|
||||||
munin-node-configure --suggest 2>&1 | less
|
|
||||||
munin-node-configure --shell 2>&1 | less
|
|
||||||
systemcl restart munin-node
|
|
||||||
systemctl enable munin-node
|
systemctl enable munin-node
|
||||||
|
systemcl restart munin-node
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -86,13 +86,13 @@ Some useful commands for adjusting connection/device status
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
apt update
|
apt update
|
||||||
# Install additional deps
|
|
||||||
apt install ebtables ipset
|
|
||||||
# Install + add-ons
|
|
||||||
apt install network-manager \
|
apt install network-manager \
|
||||||
network-manager-openvpn network-manager-pptp
|
network-manager-openvpn network-manager-pptp \
|
||||||
systemctl enable NetworkManager # Enable the service
|
ebtables ipset dnsmasq-base
|
||||||
systemctl start NetworkManager # Start the service
|
# Enable the service
|
||||||
|
systemctl enable NetworkManager
|
||||||
|
# Start the service
|
||||||
|
systemctl start NetworkManager
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ systemctl start NetworkManager # Start the service
|
||||||
|
|
||||||
By default Armbian sets up at least one network device "behind the scenes" and keeps it "outside" NetworkManager. Given we want to manage our Lollipop through NetworkManager, we need to make a small tweak.
|
By default Armbian sets up at least one network device "behind the scenes" and keeps it "outside" NetworkManager. Given we want to manage our Lollipop through NetworkManager, we need to make a small tweak.
|
||||||
|
|
||||||
Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present.
|
Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present. Also make sure the ```/etc/network/interfaces.d``` directory is empty.
|
||||||
|
|
||||||
Reboot after above cleanup of interfaces file.
|
Reboot after above cleanup of interfaces file.
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,6 @@ curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
|
||||||
cat > /etc/unbound/root.key <<EOF
|
cat > /etc/unbound/root.key <<EOF
|
||||||
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
|
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
|
||||||
EOF
|
EOF
|
||||||
chown unbound /etc/unbound
|
|
||||||
cat > /etc/unbound/unbound.conf <<EOF
|
cat > /etc/unbound/unbound.conf <<EOF
|
||||||
server:
|
server:
|
||||||
interface: 127.0.0.1
|
interface: 127.0.0.1
|
||||||
|
@ -57,6 +56,7 @@ include: /etc/unbound/local_zone/*.conf
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
chown unbound /etc/unbound
|
||||||
systemctl enable unbound
|
systemctl enable unbound
|
||||||
systemctl start unbound
|
systemctl start unbound
|
||||||
|
|
||||||
|
@ -110,12 +110,6 @@ systemctl daemon-reload
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Adjust NetworkManager Config
|
|
||||||
|
|
||||||
Edit ```/etc/NetworkManager/NetworkManager.conf```
|
|
||||||
|
|
||||||
Change the ```dns=``` line to be ```dns=127.0.0.1```
|
|
||||||
|
|
||||||
## Setup all WAN connections to use this for dns cache
|
## Setup all WAN connections to use this for dns cache
|
||||||
|
|
||||||
### WiFi
|
### WiFi
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
# Private Internet Access (PIA)
|
# Private Internet Access (PIA)
|
||||||
|
|
||||||
```TODO : INCOMPLETE```
|
|
||||||
|
|
||||||
This is a **VERY** advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
|
This is a **VERY** advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
|
||||||
|
|
||||||
The author *strongly* recommends reading through this and adapting to other services well ahead of any real need(s).
|
The author *strongly* recommends reading through this and adapting/tuning well ahead of any real need(s).
|
||||||
|
|
||||||
## Inspiration / Sources
|
## Inspiration / Sources
|
||||||
|
|
||||||
|
@ -46,7 +44,7 @@ cd ..
|
||||||
# OMIT Gnome item if you can get away with it...
|
# OMIT Gnome item if you can get away with it...
|
||||||
|
|
||||||
apt update
|
apt update
|
||||||
apt install network-manager-openvpn network-manager-openvpn-gnome
|
apt install network-manager-openvpn
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -89,6 +87,7 @@ nmcli con show
|
||||||
vim /etc/NetworkManager/system-connections/[con_name]
|
vim /etc/NetworkManager/system-connections/[con_name]
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Adjustments/Necessary Verification
|
#### Adjustments/Necessary Verification
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
|
|
|
@ -29,7 +29,7 @@ echo "[uuid]" > /etc/autovpn/default
|
||||||
|
|
||||||
# Get network names of ALL docker connections
|
# Get network names of ALL docker connections
|
||||||
nmcli con show
|
nmcli con show
|
||||||
echo "[name1],[name2]" > /etc/autovpn/exclude
|
echo "[uuid1],[uuid2]" > /etc/autovpn/exclude
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,7 @@ apt remove --purge fake-hwclock # purge the fake hwclock as we have a real one n
|
||||||
cat > /etc/udev/rules.d/99-rtc1.rules <<EOF
|
cat > /etc/udev/rules.d/99-rtc1.rules <<EOF
|
||||||
KERNEL=="rtc1", SUBSYSTEM=="rtc", DRIVER=="", ATTR{name}=="rtc-pcf8523 0-0068", SYMLINK="rtc", MODE="0666"
|
KERNEL=="rtc1", SUBSYSTEM=="rtc", DRIVER=="", ATTR{name}=="rtc-pcf8523 0-0068", SYMLINK="rtc", MODE="0666"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Internal RTC Adjustments
|
## Internal RTC Adjustments
|
||||||
|
@ -99,7 +100,6 @@ EOF
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable rtc0-online
|
systemctl enable rtc0-online
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## External RTC On Boot
|
## External RTC On Boot
|
||||||
|
@ -127,7 +127,7 @@ After=rtc0-online
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl
|
systemctl enable rtc1-online
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -38,8 +38,8 @@ Grab the acme.sh Dockerfile and update it to work with arm (32 or 64).
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
mkdir -p /root/docker/acme.sh
|
mkdir -p /scratch/docker/acme.sh
|
||||||
cd /root/docker/acme.sh
|
cd /scratch/docker/acme.sh
|
||||||
wget https://raw.githubusercontent.com/Neilpang/acme.sh/master/Dockerfile
|
wget https://raw.githubusercontent.com/Neilpang/acme.sh/master/Dockerfile
|
||||||
sed -i '1s/^/ARG ALPINE=alpine:3.6\n/' Dockerfile
|
sed -i '1s/^/ARG ALPINE=alpine:3.6\n/' Dockerfile
|
||||||
sed -i '/FROM/c\FROM $ALPINE' Dockerfile
|
sed -i '/FROM/c\FROM $ALPINE' Dockerfile
|
||||||
|
@ -54,7 +54,7 @@ Setup a basic update/run script with the adjusted upstream Dockerfile
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
cat > /root/docker/acme.sh/acme.sh <<EOF
|
cat > /scratch/docker/acme.sh/acme.sh <<EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
LATEST=\`docker images --no-trunc acme.sh/acme.sh | awk '{print \$2}' | sort -r | head -n1\`
|
LATEST=\`docker images --no-trunc acme.sh/acme.sh | awk '{print \$2}' | sort -r | head -n1\`
|
||||||
|
@ -91,7 +91,7 @@ echo "Running build"
|
||||||
docker build \\
|
docker build \\
|
||||||
--network host \\
|
--network host \\
|
||||||
--build-arg ALPINE=\$ALPINE \\
|
--build-arg ALPINE=\$ALPINE \\
|
||||||
--file /root/docker/acme.sh/Dockerfile \\
|
--file /scratch/docker/acme.sh/Dockerfile \\
|
||||||
--tag acme_sh/acme_sh:\$RELEASE \\
|
--tag acme_sh/acme_sh:\$RELEASE \\
|
||||||
.
|
.
|
||||||
|
|
||||||
|
@ -112,13 +112,13 @@ docker run -itd \\
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
chmod a+x /root/docker/acme.sh/acme.sh
|
chmod a+x /scratch/docker/acme.sh/acme.sh
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## First Run
|
## First Run
|
||||||
|
|
||||||
Run ```cd /root/docker/acme.sh && /root/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
|
Run ```cd /scratch/docker/acme.sh && /scratch/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
|
||||||
|
|
||||||
*Note: The above script(s) setup the container to auto-run for auto-renew purposes. If you think you'll miss your renew window, force update the certs*
|
*Note: The above script(s) setup the container to auto-run for auto-renew purposes. If you think you'll miss your renew window, force update the certs*
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ docker exec acme.sh \
|
||||||
docker exec \
|
docker exec \
|
||||||
-e CF_Email='[your cloudflare email]' \
|
-e CF_Email='[your cloudflare email]' \
|
||||||
-e CF_Key='[your cloudflare api key]' \
|
-e CF_Key='[your cloudflare api key]' \
|
||||||
acme.sh \
|
acme_sh \
|
||||||
--issue \
|
--issue \
|
||||||
--cert-file /acme.sh/domain.tld/domain.tld.crt \
|
--cert-file /acme.sh/domain.tld/domain.tld.crt \
|
||||||
--dns dns_cf \
|
--dns dns_cf \
|
||||||
|
@ -172,7 +172,7 @@ docker exec \
|
||||||
docker exec \
|
docker exec \
|
||||||
-e CF_Email='[your cloudflare email]' \
|
-e CF_Email='[your cloudflare email]' \
|
||||||
-e CF_Key='[your cloudflare api key]' \
|
-e CF_Key='[your cloudflare api key]' \
|
||||||
acme.sh \
|
acme_sh \
|
||||||
--renew-all \
|
--renew-all \
|
||||||
--force \
|
--force \
|
||||||
--dns dns_cf \
|
--dns dns_cf \
|
||||||
|
@ -184,7 +184,7 @@ docker exec \
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
docker exec acme.sh \
|
docker exec acme_sh \
|
||||||
--revoke \
|
--revoke \
|
||||||
-d domain.tld \
|
-d domain.tld \
|
||||||
-d pi-hole-gui.domain.tld \
|
-d pi-hole-gui.domain.tld \
|
||||||
|
|
|
@ -10,29 +10,31 @@ The BETTER backup solution.
|
||||||
|
|
||||||
## Install
|
## Install
|
||||||
|
|
||||||
Note this is built using sources (kinda). May take awhile on most arm boards.
|
*Note: we are downloading pre-built borg images from the main lollipop cloud servers in this step instead of building it from scratch*
|
||||||
|
|
||||||
|
### arm32v7 boards
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
# install build dependencies
|
wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm32v7-debian-stretch
|
||||||
apt update
|
|
||||||
apt install python-setuptools python3-setuptools \
|
|
||||||
python3 python3-dev python3-pip python-virtualenv \
|
|
||||||
libssl-dev openssl \
|
|
||||||
libacl1-dev libacl1 \
|
|
||||||
build-essential \
|
|
||||||
libfuse-dev fuse pkg-config
|
|
||||||
pip3 install borgbackup[fuse]
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Upgrades
|
### arm64v8 boards
|
||||||
|
|
||||||
Per the docs
|
``` bash
|
||||||
|
|
||||||
> To upgrade Borg to a new version later, run the following after activating your virtual environment:
|
wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm64v8-debian-stretch
|
||||||
|
|
||||||
```pip install -U borgbackup[fuse]```
|
```
|
||||||
|
|
||||||
|
### All boards
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
|
||||||
|
chmod a+x /usr/local/bin/borg
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
## Initialize Backup Repo
|
## Initialize Backup Repo
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ Full docs on run time parms can be found in the Pi Hole [docs (link)](https://gi
|
||||||
``` bash
|
``` bash
|
||||||
|
|
||||||
mkdir /var/pihole /var/pihole/data /var/pihole/dnsmasq.d
|
mkdir /var/pihole /var/pihole/data /var/pihole/dnsmasq.d
|
||||||
cat > /root/docker/pi-hole.sh <<EOF
|
cat > /scratch/docker/pi-hole.sh <<EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
ARCH=\`arch\`
|
ARCH=\`arch\`
|
||||||
|
@ -42,14 +42,13 @@ UPSTREAM=""
|
||||||
if [ \$ARCH == "aarch64" ]
|
if [ \$ARCH == "aarch64" ]
|
||||||
then
|
then
|
||||||
echo "64bit arm"
|
echo "64bit arm"
|
||||||
UPSTREAM="diginc/pi-hole-multiarch:debian_aarch64"
|
UPSTREAM="registry.lollipopcloud.solutions/arm64v8/pi-hole:v3.3"
|
||||||
else
|
else
|
||||||
echo "32bit arm"
|
echo "32bit arm"
|
||||||
UPSTREAM="diginc/pi-hole-multiarch:debian_armhf"
|
UPSTREAM="registry.lollipopcloud.solutions/arm32v7/pi-hole:v3.3"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Updating"
|
echo "Updating"
|
||||||
|
|
||||||
docker pull \$UPSTREAM
|
docker pull \$UPSTREAM
|
||||||
|
|
||||||
# Cleanup existing container
|
# Cleanup existing container
|
||||||
|
@ -74,13 +73,13 @@ docker run \\
|
||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
chmod a+x /root/docker/pi-hole.sh
|
chmod a+x /scratch/docker/pi-hole.sh
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Run Pi Hole
|
## Run Pi Hole
|
||||||
|
|
||||||
Simply execute ```/root/docker/pi-hole.sh``` to update/run Pi Hole.
|
Simply execute ```/scratch/docker/pi-hole.sh``` to update/run Pi Hole.
|
||||||
|
|
||||||
## Update LAN(s) to Use Pi Hole
|
## Update LAN(s) to Use Pi Hole
|
||||||
|
|
||||||
|
|
|
@ -16,34 +16,25 @@ Setup a generic script that'll auto update Searx, build a container and launch i
|
||||||
|
|
||||||
mkdir -p /var/searx
|
mkdir -p /var/searx
|
||||||
chown root:root /var/searx
|
chown root:root /var/searx
|
||||||
mkdir -p /root/docker/searx
|
mkdir -p /scratch/docker/searx
|
||||||
git clone https://github.com/asciimoo/searx.git /root/docker/searx/src
|
cat > /scratch/docker/searx/searx.sh << EOF
|
||||||
|
|
||||||
cat > /root/docker/searx/searx.sh << EOF
|
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
cd /root/docker/searx/src
|
|
||||||
git checkout Dockerfile
|
|
||||||
git fetch
|
|
||||||
LATESTTAG=\`git describe --abbrev=0 --tags\`
|
|
||||||
git checkout \$LATESTTAG
|
|
||||||
|
|
||||||
ARCH=\`arch\`
|
ARCH=\`arch\`
|
||||||
|
UPSTREAM=""
|
||||||
|
|
||||||
# Cleanup arch/container image here
|
# Cleanup arch/container image here
|
||||||
if [ \$ARCH == "aarch64" ]
|
if [ \$ARCH == "aarch64" ]
|
||||||
then
|
then
|
||||||
echo "64bit arm"
|
echo "64bit arm"
|
||||||
sed -i 's_alpine:3.5_arm64v8/alpine:3.5_g' Dockerfile
|
UPSTREAM="registry.lollipopcloud.solutions/arm64v8/searx:v0.14.0"
|
||||||
else
|
else
|
||||||
echo "32bit arm"
|
echo "32bit arm"
|
||||||
sed -i 's_alpine:3.5_arm32v6/alpine:3.5_g' Dockerfile
|
UPSTREAM="registry.lollipopcloud.solutions/arm32v7/searx:v0.14.0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
docker build \\
|
echo "Updating"
|
||||||
--file ./Dockerfile \\
|
docker pull \$UPSTREAM
|
||||||
--tag searx/searx:\$LATESTTAG \\
|
|
||||||
.
|
|
||||||
|
|
||||||
# Cleanup existing container
|
# Cleanup existing container
|
||||||
docker stop searx
|
docker stop searx
|
||||||
|
@ -58,16 +49,16 @@ docker run \\
|
||||||
-e TZ=UTC \\
|
-e TZ=UTC \\
|
||||||
-e DEBUG=1 \\
|
-e DEBUG=1 \\
|
||||||
-e BASE_URL=searx.domain.tld \\
|
-e BASE_URL=searx.domain.tld \\
|
||||||
searx/searx:\$LATESTTAG
|
\$UPSTREAM
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
chmod a+x /root/docker/searx/searx.sh
|
chmod a+x /scratch/docker/searx/searx.sh
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Run Searx
|
## Run Searx
|
||||||
|
|
||||||
Simply execute ```/root/docker/searx/searx.sh``` to update/run Gogs.
|
Simply execute ```/scratch/docker/searx/searx.sh``` to update/run Gogs.
|
||||||
|
|
||||||
## Serving Via Caddy
|
## Serving Via Caddy
|
||||||
|
|
||||||
|
|
Reference in New Issue