Major docs updates to clean up various commands, leverage the lollipop cloud docker registry and more

2018-09-17 16:29:55 -04:00 · 2018-09-17 16:29:55 -04:00 · 0bd7aa3f62
parent 0e84c81332
commit 0bd7aa3f62
18 changed files with 95 additions and 121 deletions
--- a/armbian/base_setup.md
+++ b/armbian/base_setup.md
@ -16,19 +16,31 @@ systemctl reboot
 ```
 ## Install Useful Tools
 ``` bash
 apt install htop nload iotop tmux screen vim nano links wget exfat-utils ntfs-3g gdisk lvm2 cryptsetup busybox
 ```
 ## ENABLE Automatic Update Download
 *Note: this is for more persistent/permanently online lollipops*
 ### /etc/apt/apt.conf.d/02-armbian-periodic
 - Change ```APT::Periodic::Enable "0";``` to ```APT::Periodic::Enable "1";```
 - Change ```APT::Periodic::Update-Package-Lists "21";``` to ```APT::Periodic::Update-Package-Lists "1";```
 ## DISABLE Automatic Update Downloads
 *Note: this is to save bandwidth, time, etc when travelling*
 ### /etc/apt/apt.conf.d/02periodic
 Change ```APT::Periodic::Enable "1";``` to ```APT::Periodic::Enable "0";```
 ### /etc/apt/apt.conf.d/20auto-upgrades
-Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
+- Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
-
+- Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
 Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
 ## Tweak OpenSSH Config
--- a/services/caddy.md
+++ b/services/caddy.md
@ -22,6 +22,10 @@ Please note the Docker plugin is for a *swarm* which is *not* setup in these doc
 mkdir /var/log/caddy
 mkdir -p /etc/caddy/services
 chown www-data /var/log/caddy /etc/caddy
 mkdir -p /var/www
 chown www-data /var/www
 mkdir /var/log/caddy
 chown www-data /var/log/caddy
 cat > /root/update_caddy.sh <<EOF
 curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.cors,http.expires,http.filemanager,http.ipfilter,http.locale,http.realip,http.upload,net
 EOF
--- a/armbian/chrony.md
+++ b/armbian/chrony.md
@ -15,9 +15,9 @@ Setup alternative ntp that does well with systems that may or may not always be
 apt update
 apt install chrony
 systemctl enable chrony # Enable service
 systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
 systemctl start chrony # Start service
 chronyc activity # Verify install successful
 systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
 ```
@ -34,11 +34,10 @@ allow 172.30.0.0/16
 # Allow large clock adjustments (you want this as there is no RTC on most SBCs)
 makestep 1 -1
 EOF
 systemctl restart chrony # Restart chrony to pickup config changes
 ```
 Run ```systemctl restart chrony``` to pickup the changes.
 ## Allow NTP access via internal/trusted networks
 ``` bash
--- a/armbian/cockpit.md
+++ b/armbian/cockpit.md
@ -12,12 +12,12 @@ Further reading: [http://cockpit-project.org/running](http://cockpit-project.org
 #add-apt-repository ppa:cockpit-project/cockpit
 apt update
-apt install cockpit cockpit-doc \
+apt install cockpit cockpit-doc cockpit-dashboard \
-    cockpit-docker cockpit-networkmanager \
+    cockpit-docker cockpit-machines cockpit-networkmanager \
    cockpit-dashboard cockpit-system \
-    cockpit-storaged cockpit-packagekit
+    cockpit-storaged cockpit-packagekit \
-systemctl enable cockpit
+    cockpit-system cockpit-ws \
-systemctl start cockpit
+    packagekit-tools cracklib-runtime
 ```
--- a/armbian/docker.md
+++ b/armbian/docker.md
@ -5,7 +5,7 @@ Containerized services for easy deployment and updates.
 ## Inspiration / Further Reading
 - [https://docs.docker.com/install/](https://docs.docker.com/install/)
- [https://docs.docker.com/install/linux/docker-ce/ubuntu/](https://docs.docker.com/install/linux/docker-ce/ubuntu/)
+- [https://docs.docker.com/install/linux/docker-ce/debian/](https://docs.docker.com/install/linux/docker-ce/debian/)
 - [https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/](https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/)
 ## Pre Flight Setup
@ -17,10 +17,11 @@ Containerized services for easy deployment and updates.
 apt remove docker docker-engine docker.io
 apt install \
    apt-transport-https \
-    ca-certificates \
+     ca-certificates \
-    curl \
+     curl \
-    software-properties-common
+     gnupg2 \
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+     software-properties-common
 curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
 ```
@ -29,7 +30,7 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 ``` bash
 add-apt-repository \
-   "deb [arch=armhf] https://download.docker.com/linux/ubuntu \
+   "deb [arch=armhf] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"
@ -40,7 +41,7 @@ add-apt-repository \
 ``` bash
 add-apt-repository \
-   "deb [arch=arm64] https://download.docker.com/linux/ubuntu \
+   "deb [arch=arm64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"
@ -62,12 +63,6 @@ systemctl enable docker
 If you have an external USB storage device always connected, you may want to move the contents of ```/var/lib/docker``` to somewhere on the external storage and use a symlink in place. This will help with churn on the internal micro-sd card and extend its life.
 ## Create Container Script Dir
 For the containers detailed here, you'll want a dedicated directory for keeping the scripts/outputs.
 ```mkdir /root/docker```
 ## Configure Docker Default Bridge
 Ensure the default Docker bridge doesn't conflict with existing networks.
--- a/armbian/firewalld.md
+++ b/armbian/firewalld.md
@ -66,23 +66,6 @@ firewall-cmd --reload
 ```
 ## Allow internal access to ssh
 ``` bash
 # Remove ssh from public zone
 firewall-cmd --permanent --zone=public --remove-service=ssh
 # Add ssh to internal zone
 firewall-cmd --permanent --zone=internal --add-service ssh
 # Reload rules
 firewall-cmd --reload
 # Verify rules
 firewall-cmd --zone=public --list-all
 firewall-cmd --zone=internal --list-all
 ```
 ## Useful Commands
 - ```firewall-cmd --state```
--- a/armbian/first_boot.md
+++ b/armbian/first_boot.md
@ -14,7 +14,7 @@ The rest of this guide assumes you'll be logged in as the admin user and will be
 Just in case you need reference material while offline or on a bad network link, mirror these docs to the root filesystem.
-```git clone https://gitlab.com/kemonine/lolipop_lan_cloud.git /root/lolipop_lan_cloud```
+```git clone https://git.lollipopcloud.solutions/lollipop-cloud/docs.git /root/docs```
 ## Disable root login
--- a/armbian/modem_manager.md
+++ b/armbian/modem_manager.md
@ -15,6 +15,7 @@ Setup an LTE/3G modem. You'll need to adapt this information to your specific mo
 - [https://forums.linuxmint.com/viewtopic.php?f=53&t=119342](https://forums.linuxmint.com/viewtopic.php?f=53&t=119342)
 - [https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/](https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/)
 - [https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst](https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst)
 - [https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/](https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/)
 ## On The Go Help
--- a/armbian/monitoring.md
+++ b/armbian/monitoring.md
@ -24,13 +24,8 @@ apt update
 apt install munin munin-node \
    munin-plugins-core munin-plugins-extra \
    libcgi-fast-perl
 vim /etc/munin/munin.conf
 vim /etc/munin/munin-node.conf
 vim /etc/munin/plugin-conf.d/*
 munin-node-configure --suggest 2>&1 | less
 munin-node-configure --shell 2>&1 | less
 systemcl restart munin-node
 systemctl enable munin-node
 systemcl restart munin-node
 ```
--- a/armbian/network_manager.md
+++ b/armbian/network_manager.md
@ -86,13 +86,13 @@ Some useful commands for adjusting connection/device status
 ``` bash
 apt update
 # Install additional deps
 apt install ebtables ipset
 # Install + add-ons
 apt install network-manager \
-    network-manager-openvpn network-manager-pptp
+    network-manager-openvpn network-manager-pptp \
-systemctl enable NetworkManager # Enable the service
+    ebtables ipset dnsmasq-base
-systemctl start NetworkManager # Start the service
+# Enable the service
 systemctl enable NetworkManager
 # Start the service
 systemctl start NetworkManager
 ```
@ -100,7 +100,7 @@ systemctl start NetworkManager # Start the service
 By default Armbian sets up at least one network device "behind the scenes" and keeps it "outside" NetworkManager. Given we want to manage our Lollipop through NetworkManager, we need to make a small tweak.
-Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present.
+Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present. Also make sure the ```/etc/network/interfaces.d``` directory is empty.
 Reboot after above cleanup of interfaces file.
--- a/armbian/unbound.md
+++ b/armbian/unbound.md
@ -18,7 +18,6 @@ curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
 cat > /etc/unbound/root.key <<EOF
 . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
 EOF
 chown unbound /etc/unbound
 cat > /etc/unbound/unbound.conf <<EOF
 server:
    interface: 127.0.0.1
@ -57,6 +56,7 @@ include: /etc/unbound/local_zone/*.conf
 EOF
 chown unbound /etc/unbound
 systemctl enable unbound
 systemctl start unbound
@ -110,12 +110,6 @@ systemctl daemon-reload
 ```
 ## Adjust NetworkManager Config
 Edit ```/etc/NetworkManager/NetworkManager.conf```
 Change the ```dns=``` line to be ```dns=127.0.0.1```
 ## Setup all WAN connections to use this for dns cache
 ### WiFi
--- a/armbian/vpn/pia.md
+++ b/armbian/vpn/pia.md
@ -1,10 +1,8 @@
 # Private Internet Access (PIA)
 ```TODO : INCOMPLETE```
 This is a **VERY** advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
-The author *strongly* recommends reading through this and adapting to other services well ahead of any real need(s).
+The author *strongly* recommends reading through this and adapting/tuning well ahead of any real need(s).
 ## Inspiration / Sources
@ -46,7 +44,7 @@ cd ..
 # OMIT Gnome item if you can get away with it...
 apt update
-apt install network-manager-openvpn network-manager-openvpn-gnome
+apt install network-manager-openvpn
 ```
@ -89,6 +87,7 @@ nmcli con show
 vim /etc/NetworkManager/system-connections/[con_name]
 ```
 #### Adjustments/Necessary Verification
 ``` bash
--- a/armbian/vpn/vpn_autoconnect.md
+++ b/armbian/vpn/vpn_autoconnect.md
@ -29,7 +29,7 @@ echo "[uuid]" > /etc/autovpn/default
 # Get network names of ALL docker connections
 nmcli con show
-echo "[name1],[name2]" > /etc/autovpn/exclude
+echo "[uuid1],[uuid2]" > /etc/autovpn/exclude
 ```
--- a/hardware/rtc.md
+++ b/hardware/rtc.md
@ -55,6 +55,7 @@ apt remove --purge fake-hwclock # purge the fake hwclock as we have a real one n
 cat > /etc/udev/rules.d/99-rtc1.rules <<EOF
 KERNEL=="rtc1", SUBSYSTEM=="rtc", DRIVER=="", ATTR{name}=="rtc-pcf8523 0-0068", SYMLINK="rtc", MODE="0666"
 EOF
 ```
 ## Internal RTC Adjustments
@ -99,7 +100,6 @@ EOF
 systemctl daemon-reload
 systemctl enable rtc0-online
 ```
 ## External RTC On Boot
@ -127,7 +127,7 @@ After=rtc0-online
 EOF
 systemctl daemon-reload
-systemctl
+systemctl enable rtc1-online
 ```
--- a/services/acme_sh.md
+++ b/services/acme_sh.md
@ -38,8 +38,8 @@ Grab the acme.sh Dockerfile and update it to work with arm (32 or 64).
 ``` bash
-mkdir -p /root/docker/acme.sh
+mkdir -p /scratch/docker/acme.sh
-cd /root/docker/acme.sh
+cd /scratch/docker/acme.sh
 wget https://raw.githubusercontent.com/Neilpang/acme.sh/master/Dockerfile
 sed -i '1s/^/ARG ALPINE=alpine:3.6\n/' Dockerfile
 sed -i '/FROM/c\FROM $ALPINE' Dockerfile
@ -54,7 +54,7 @@ Setup a basic update/run script with the adjusted upstream Dockerfile
 ``` bash
-cat > /root/docker/acme.sh/acme.sh <<EOF
+cat > /scratch/docker/acme.sh/acme.sh <<EOF
 #!/bin/bash
 LATEST=\`docker images --no-trunc acme.sh/acme.sh | awk '{print \$2}' | sort -r | head -n1\`
@ -91,7 +91,7 @@ echo "Running build"
 docker build \\
    --network host \\
    --build-arg ALPINE=\$ALPINE \\
-    --file /root/docker/acme.sh/Dockerfile \\
+    --file /scratch/docker/acme.sh/Dockerfile \\
    --tag acme_sh/acme_sh:\$RELEASE \\
    .
@ -112,13 +112,13 @@ docker run -itd  \\
 EOF
-chmod a+x /root/docker/acme.sh/acme.sh
+chmod a+x /scratch/docker/acme.sh/acme.sh
 ```
 ## First Run
-Run ```cd /root/docker/acme.sh && /root/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
+Run ```cd /scratch/docker/acme.sh && /scratch/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
 *Note: The above script(s) setup the container to auto-run for auto-renew purposes. If you think you'll miss your renew window, force update the certs*
@ -153,7 +153,7 @@ docker exec acme.sh \
 docker exec \
    -e CF_Email='[your cloudflare email]' \
    -e CF_Key='[your cloudflare api key]' \
-    acme.sh \
+    acme_sh \
    --issue \
    --cert-file /acme.sh/domain.tld/domain.tld.crt \
    --dns dns_cf \
@ -172,7 +172,7 @@ docker exec \
 docker exec \
    -e CF_Email='[your cloudflare email]' \
    -e CF_Key='[your cloudflare api key]' \
-    acme.sh \
+    acme_sh \
    --renew-all \
    --force \
    --dns dns_cf \
@ -184,7 +184,7 @@ docker exec \
 ``` bash
-docker exec acme.sh \
+docker exec acme_sh \
    --revoke \
    -d domain.tld \
    -d pi-hole-gui.domain.tld \
--- a/services/borg.md
+++ b/services/borg.md
@ -10,29 +10,31 @@ The BETTER backup solution.
 ## Install
-Note this is built using sources (kinda). May take awhile on most arm boards.
+*Note: we are downloading pre-built borg images from the main lollipop cloud servers in this step instead of building it from scratch*
 ### arm32v7 boards
 ``` bash
-# install build dependencies
+wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm32v7-debian-stretch
 apt update
 apt install python-setuptools python3-setuptools \
    python3 python3-dev python3-pip python-virtualenv \
    libssl-dev openssl \
    libacl1-dev libacl1 \
    build-essential \
    libfuse-dev fuse pkg-config
 pip3 install borgbackup[fuse]
 ```
-## Upgrades
+### arm64v8 boards
-Per the docs
+``` bash
-> To upgrade Borg to a new version later, run the following after activating your virtual environment:
+wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm64v8-debian-stretch
-```pip install -U borgbackup[fuse]```
+```
 ### All boards
 ``` bash
 chmod a+x /usr/local/bin/borg
 ```
 ## Initialize Backup Repo
--- a/services/pi_hole.md
+++ b/services/pi_hole.md
@ -32,7 +32,7 @@ Full docs on run time parms can be found in the Pi Hole [docs (link)](https://gi
 ``` bash
 mkdir /var/pihole /var/pihole/data /var/pihole/dnsmasq.d
-cat > /root/docker/pi-hole.sh <<EOF
+cat > /scratch/docker/pi-hole.sh <<EOF
 #!/bin/bash
 ARCH=\`arch\`
@ -42,14 +42,13 @@ UPSTREAM=""
 if [ \$ARCH == "aarch64" ]
 then
    echo "64bit arm"
-    UPSTREAM="diginc/pi-hole-multiarch:debian_aarch64"
+    UPSTREAM="registry.lollipopcloud.solutions/arm64v8/pi-hole:v3.3"
 else
    echo "32bit arm"
-    UPSTREAM="diginc/pi-hole-multiarch:debian_armhf"
+    UPSTREAM="registry.lollipopcloud.solutions/arm32v7/pi-hole:v3.3"
 fi
 echo "Updating"
 docker pull \$UPSTREAM
 # Cleanup existing container
@ -74,13 +73,13 @@ docker run \\
 EOF
-chmod a+x /root/docker/pi-hole.sh
+chmod a+x /scratch/docker/pi-hole.sh
 ```
 ## Run Pi Hole
-Simply execute ```/root/docker/pi-hole.sh``` to update/run Pi Hole.
+Simply execute ```/scratch/docker/pi-hole.sh``` to update/run Pi Hole.
 ## Update LAN(s) to Use Pi Hole
--- a/services/searx.md
+++ b/services/searx.md
@ -16,34 +16,25 @@ Setup a generic script that'll auto update Searx, build a container and launch i
 mkdir -p /var/searx
 chown root:root /var/searx
-mkdir -p /root/docker/searx
+mkdir -p /scratch/docker/searx
-git clone https://github.com/asciimoo/searx.git /root/docker/searx/src
+cat > /scratch/docker/searx/searx.sh << EOF
 cat > /root/docker/searx/searx.sh << EOF
 #!/bin/bash
 cd /root/docker/searx/src
 git checkout Dockerfile
 git fetch
 LATESTTAG=\`git describe --abbrev=0 --tags\`
 git checkout \$LATESTTAG
 ARCH=\`arch\`
 UPSTREAM=""
 # Cleanup arch/container image here
 if [ \$ARCH == "aarch64" ]
 then
    echo "64bit arm"
-    sed -i 's_alpine:3.5_arm64v8/alpine:3.5_g' Dockerfile
+    UPSTREAM="registry.lollipopcloud.solutions/arm64v8/searx:v0.14.0"
 else
    echo "32bit arm"
-    sed -i 's_alpine:3.5_arm32v6/alpine:3.5_g' Dockerfile
+    UPSTREAM="registry.lollipopcloud.solutions/arm32v7/searx:v0.14.0"
 fi
-docker build \\
+echo "Updating"
-    --file ./Dockerfile \\
+docker pull \$UPSTREAM
    --tag searx/searx:\$LATESTTAG \\
    .
 # Cleanup existing container
 docker stop searx
@ -58,16 +49,16 @@ docker run \\
    -e TZ=UTC \\
    -e DEBUG=1 \\
    -e BASE_URL=searx.domain.tld \\
-    searx/searx:\$LATESTTAG
+    \$UPSTREAM
 EOF
-chmod a+x /root/docker/searx/searx.sh
+chmod a+x /scratch/docker/searx/searx.sh
 ```
 ## Run Searx
-Simply execute ```/root/docker/searx/searx.sh``` to update/run Gogs.
+Simply execute ```/scratch/docker/searx/searx.sh``` to update/run Gogs.
 ## Serving Via Caddy