brammp/HomeServerCTs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
6ca8d57b8a547ca0c9b5b21fa20bbddaec9149eb
HomeServerCTs/Readme.md
Bram Prieshof 3b4a27f384 CT: kavita added
2024-07-27 00:27:39 +02:00

327 lines
11 KiB
Markdown
Raw Blame History

# Scripts for building containers for the Proxmox home server
# Initial Setup
The first step is to build the containers needed for building all other containers.
This can be done on a privileged Debian CT (make sure to enable the Fuse, Nesting and 'Create Device Nodes' features) on the new proxmox server or any other Debian install
1. Clone this repo
2. cd in to cloned repo
3. run `bash Scripts/FirstSetup.sh`, to install dependencies and generate the container images
4. upload the `Debian-imgbuilder.tar.xz` to the proxmox server and create a privileged container
5. Follow the steps under Container [Setup > imgbuilder](#imgbuilder)
6. Upload the `Debian-Jenkins.tar.xz` to the proxmox server and create a container
7. Follow the steps under Container [Setup > Jenkins](#jenkins)
# List of containers
| Name | Distro | Description |
|------|:------:|:-----------:|
| minimal | All | Minimal installed packages |
| default | All | ssh-server and nano packages |
| jenkins | Debian | Jenkins server |
| jenkinsBuilder | Debian | Basic node for Jenkins |
| imgbuilder | Debian | LXC template builder node for Jenkins |
| mysql | Debian | Mysql server with PhpMyadmin |
| pihole | Debian | Pihole CT |
| collabora | Debian | CollaboraOffice WebService (CODE version) |
| jellyfin | Debian | Jellyfin in-home streaming server |
| domoticz | Debian | Domoticz home automation service |
| omadaV3 | Debian | TP-link Omada SDN controller(V3.2.14) |
| docker | Debian | Docker container service |
| smb | Debian | Samba server |
| x2go | Debian | Remote xfce desktop accessable via X2go |
| aptcacherng | Debian | Caching server for linux packages |
| nfs | Debian | NFS server |
| duplicati | Debian | Duplicati backup software |
| fileshelter | Debian | FileShelter file shareing software |
| esphome | Debian | ESPHome software to manage wifi-MCUs|
| elkarbackupALP `(Deprecated, Requires PHP 7.4)`| Alpine | ElkarBackup rsyncsnapshot server |
| gitea | Alpine | Gitea server |
| nginx | Alpine | Nginx server for reverse-proxy use |
| ddns | Alpine | DDNS client configured for OVH/OVH-Cloud |
| transfersh | Alpine | transfer.sh instance |
| iscsi | Alpine | iSCSI server |
| z2mqtt | Alpine | Mqtt bridges for Zigbee and ZWave |
| nodered | Alpine | Node-Red |
| nodejs | Alpine | Basic nodejs install with pm2 |
| nextcloud | Alpine | Nextcloud |
| mqtt | Alpine | Mosquitto mqtt broker |
| hass `(Broken, Requires python 3.12)` | Alpine | HomeAssistant instance with HACS and mysql support |
| mailbackup `(Broken, Requires python 3.12)` | Alpine | Contains mail archive tools (MailBackup-sys) |
| heimdall | Alpine | Heimdall, A application dashboard/launcher |
| vouchproxy | Alpine | Vouch-proxy, A SSO solution for Nginx |
| freshrss | Alpine | FreshRSS, a self-hosted RSS feed aggregator |
| uptimekuma | Alpine | Uptime Kuma a self-hosted monitoring tool. |
| kavita | Alpine | A self-hosted digital library which supports a vast array of file formats. |
## TODO
**Begin original list**
~Unifi~ Not supported in debian 11
**End original list**
# Container Setup
## imgbuilder
**This container should be set up as privileged**
1. Enable features: Fuse, Nesting and 'Create Device Nodes'
2. Add a mountpoint to /LXCBuild on a accessible place for the Proxmox Server
3. Add this location to datastore for LXC templates to Proxmox
4. Set the `jenkins` user password using `passwd jenkins` in the container
5. Create folders on mountpoint using `mkdir -p /LXCBuild/template/cache`
6. Set permissions on the folder `chmod o+w -R /LXCBuild`
7. Write down the ip of this server (for use in the jenkins container)
## jenkins
**After first start of CT wait a minute for jenkins to fully initialize before continuing with these steps**
1. In the container configure the setup script `nano /opt/Setup/Scripts/FirstRun.sh`
2. In the container run the setup script `bash /opt/Setup/Scripts/FirstRun.sh`
3. Access Jenkins using `http://<ip>:8080`
4. Press the `X` to skip the fist time setup
5. Delete the `Admin` user go to 'Manage Jenkins' > 'Manage Users' > Admin > Delete
6. Add credentials for imgbuilder-CT go to 'Manage Jenkins' > 'Manage Nodes and Clouds' > LXCBuilder1 > configure
Under Credentials click 'Add', enter 'jenkins' as username, and set the password that was set in the imgbuilder CT
Then select the created credential and click save
7. Click 'Relaunch agent'
8. Now you can build container images
## mysql
* To configure the MySQL root password in the container run the setup script `bash /opt/Setup/Scripts/FirstRun.sh`
## gitea
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
* Available on http://`<ip>`:3000
## nginx
* Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
## pihole
* Run the FistRun script in the container `bash /opt/Setup/Scripts/FirstRun.sh`
## collabora
* Update the configuration in /etc/coolwsd/coolwsd.xml and reload the service `systemctl restart coolwsd`
## jellyfin
* To set-up the system follow the initial set-up wizard on http://`<ip>`:8096
## domoticz
* Available on http://`<ip>`:8080
## transfersh
* Available on http://`<ip>`:8080
## omadaV3
* To set-up the system follow the initial set-up wizard on http://`<ip>`:8088
## docker
* Run the FistRun script in the container `bash /opt/Setup/Scripts/FirstRun.sh`
This container can be set up in two ways
1. As controller with portainer
2. As remote with docker tcp on port 2375
3. BONUS if FistRun script is skipped the CT has clean docker
## iscsi
### In Proxmox
* Run following commands
```
modprobe target_core_mod
printf "#Load iSCSI module at boot\ntarget_core_mod" > /etc/modules-load.d/iSCSI-target.conf
```
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
```
lxc.apparmor.profile: unconfined
```
* Restart CT
### In CT
* in the targetcli shell (by using the `targetcli` command) run the following commands
```
cd /iscsi
create <iqn for this server,Example:(iqn.2021-09.lan.test:host)>
exit
```
## z2mqtt
* Enable feature on CT: 'Create Device Nodes'
**Do not start this container after creation, follow these steps first**
* Recommended to give CT 1-2GB of RAM (Required for updating)
### In Proxmox
* Add the following to `/etc/udev/rules.d/99-CustomHome.rules`
#### Always add (to set the device permissions)**
```
KERNEL=="ttyUSB[0-9]*", MODE="0666"
KERNEL=="ttyACM[0-9]*", MODE="0666"
```
#### Add for Sonoff Zigbee 3.0 Plus USB ZBDongel-P (CC2652P + CP2102N)
```
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="ttyACM-Zigbee"
```
#### Add for Sonoff Zigbee 3.0 Plus USB ZBDongel-E (EFR32MG21)
```
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="55d4", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="55d4", SYMLINK+="ttyACM-Zigbee"
```
#### Add for Zigbee CC2531 USB
```
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
```
#### Add for Zwave Aeotec Z-Stick Gen5
```
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
```
* Run `udevadm trigger`
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
```
lxc.cgroup2.devices.allow: c 166:* rwm
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyACM-Zigbee dev/ttyACM-Zigbee none bind,optional,create=file
lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=file
```
* Zigbee2mqtt Available on http://`<ip>`:5002
* Z-wave JS UI Available on http://`<ip>`:8091
* in the Z-wave JS UI web ui set the Zwave serial port to /dev/ttyACM-Zwave
* If a `Cannot lock port` error shows, please reboot the CT, if that does not fix it try rebooting the Proxmox server
## nodered
* Available on http://`<ip>`:1880
## nextcloud
**MountPoint for data folder `/var/nextcloud`**
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
3. Available on http://`<ip>`
## smb
* Webmin available on http://`<ip/hostname>`
* Samba server Available
## x2go
* Add a user by typing `adduser <username>`
* Set key auth only `sed -i -e '/PasswordAuthentication/c\PasswordAuthentication no' -e '/ChallengeResponseAuthentication/c\ChallengeResponseAuthentication no' /etc/ssh/sshd_config`
* Set ssh port `sed -i -e '/Port 22/c\Port <PortNr>' /etc/ssh/sshd_config`
## hass
* After first start of CT HomeAssistant will finish its installation this will take at least 10 minutes
* HomeAssistant available on http://`<ip>`:8123
## aptcacherng
* Available on http://`<ip>`:80
## nfs
**This container should be set up as privileged**
* Enable feature on CT: 'Nesting, NFS'
* Webmin available on http://`<ip/hostname>`
* NFS server Available
## duplicati
* Available on http://`<ip>`:8200
## mailbackup
* Info html page available on http://`<ip>`:80
* Add user/storage space by running `ash /opt/AddMailBox.sh`
## heimdall
* Available on http://`<ip>`:80
## vouchproxy
* Default port 9090
* A script to setup another instance is located here: `/opt/AddVouchInstance.sh`
## freshrss
* Available on http://`<ip>`:80
## elkarbackupALP
**Debian version depricated and removed**
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
3. Available on http://`<ip>` (Default username/password: root/root)
4. Click cogwheel/settings icon > Manage backup locations >New (make sure to create this directory and set ngix as the owner)
5. Add a retention policy under the `Policies` tab
## heimdal
* Available on http://`<ip>`:80, first time loading the page may take a while
## fileshelter
* Available on http://`<ip>`:5091
## esphome
* Available on http://`<ip>`:6052
## uptimekuma
* Available on http://`<ip>`:80
## kavita
* Available on http://`<ip>`:80
# Further CT documentation
## iscsi
### Allow Remote
Set the iqn of the client to one of the server:hostname/nickname
### In CT
* in the targetcli shell (by using the `targetcli` command) run the following commands
```
cd /iscsi/<server-iqn>/tpg1/acls/
create <client-iqn>
exit
```
### Add Drive
#### In Proxmox
* Create LVM Volume (Available @ /dev/`<poolName>`/`<VolumeName>`)
```
lvcreate --name <name> --size <VolumeSize>G <PoolName>
```
* Create LVM-Thin Volume
```
lvcreate --thin -n <name> -V <VolumeSize>G <poolName>/<ThinpoolName>
```
* Create ZFS Volume (Available @ /dev/`<poolName>`/`<VolumeName>`)
```
zfs create -o volblocksize=32k -V <VolumeSize>G <poolName>/<VolumeName>
zfs set sync=disabled <poolName>/<VolumeName>
```
* Get id by using ls -l /dev/`<devicename>`
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
```
lxc.cgroup2.devices.allow: b <id>:<Subid> rwm
lxc.mount.entry: /dev/<devicename> dev/<device> none bind,optional,create=file
```
* Restart CT
#### In CT
* in the targetcli shell (by using the `targetcli` command) run the following commands
```
cd /backstores/block
create <name> /dev/<device>
cd /iscsi/<server-iqn>/tpg1/luns
create <device>
exit
```
Reference in New Issue View Git Blame Copy Permalink