brammp/HomeServerCTs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
7a0de87698b2d3e867216c8832e121e627ae792d
HomeServerCTs/Readme.md
Bram Prieshof 7a0de87698 Fixed CT's : elkarbackupALP,duplicati,OmadaV3,transfersh,hass,pihole 
Github updated api and now appends a semicolon to versions, added `tr -d :` to list for url filtering
elkarbackupALP:
* Github api Fix
duplicati:
* Github api fix
* Enabled in jenkinsfile
OmadaV3:
* Added Stop command for omada after installation to avoid DB corruption
* Moved automaticaly installed dependencies to package list
transfersh:
* Github api fix
hass:
* Added Missing python modules (sqlalchemy nvhash)
mailbackup:
* Github api fix
* Moved downlading of resources to project
pihole:
*Added support for ProxmoxHelper App updater
2022-09-07 01:02:50 +02:00

312 lines
11 KiB
Markdown
Raw Blame History

# Scripts for building containers for the Proxmox home server
# Initial Setup
The first step is to build the containers needed for building all other containers.
This can be done on a privileged Debian CT (make sure to enable the Fuse, Nesting and 'Create Device Nodes' features) on the new proxmox server or any other Debian install
1. Clone this repo
2. cd in to cloned repo
3. run `bash Scripts/FirstSetup.sh`, to install dependencies and generate the container images
4. upload the `Debian-imgbuilder.tar.xz` to the proxmox server and create a privileged container
5. Follow the steps under Container [Setup > imgbuilder](#imgbuilder)
6. Upload the `Debian-Jenkins.tar.xz` to the proxmox server and create a container
7. Follow the steps under Container [Setup > Jenkins](#jenkins)
# List of containers
| Name | Distro | Description |
|------|:------:|:-----------:|
| minimal | All | Minimal installed packages |
| default | All | ssh-server and nano packages |
| elkarbackup(ALP/DEB) | ALL | ElkarBackup rsyncsnapshot server |
| jenkins | Debian | Jenkins server |
| jenkinsBuilder | Debian | Basic node for Jenkins |
| imgbuilder | Debian | LXC template builder node for Jenkins |
| mysql | Debian | Mysql server with PhpMyadmin |
| pihole | Debian | Pihole CT |
| collabora | Debian | CollaboraOffice WebService (CODE version) |
| jellyfin | Debian | Jellyfin in-home streaming server |
| domoticz | Debian | Domoticz home automation service |
| omadaV3 | Debian | TP-link Omada SDN controller(V3.2.14) |
| docker | Debian | Docker container service |
| smb | Debian | Samba server |
| tvheadend | Debian | Tvheadend server |
| x2go | Debian | Remote xfce desktop accessable via X2go |
| aptcacherng | Debian | Caching server for linux packages |
| nfs | Debian | NFS server |
| duplicati | Debian | Duplicati backup software |
| fileshelter | Debian | FileShelter file shareing software |
| gitea | Alpine | Gitea server |
| nginx | Alpine | Nginx server for reverse-proxy use |
| ddns | Alpine | DDNS client configured for OVH/OVH-Cloud |
| transfersh | Alpine | transfer.sh instance |
| iscsi | Alpine | iSCSI server |
| z2mqtt | Alpine | Mqtt bridges for Zigbee and ZWave |
| nodered | Alpine | Node-Red |
| nodejs | Alpine | Basic nodejs install with pm2 |
| nextcloud | Alpine | Nextcloud |
| mqtt | Alpine | Mosquitto mqtt broker |
| hass | Alpine | HomeAssistant instance with HACS and mysql support |
| mailbackup | Alpine | Contains mail archive tools (MailBackup-sys) |
| heimdall | Alpine | Heimdall, A application dashboard/launcher |
| vouchproxy | Alpine | Vouch-proxy, A SSO solution for Nginx |
## TODO
**Begin original list**
~Unifi~ Not supported in debian 11
**End original list**
# Container Setup
## imgbuilder
**This container should be set up as privileged**
1. Enable features: Fuse, Nesting and 'Create Device Nodes'
2. Add a mountpoint to /LXCBuild on a accessible place for the Proxmox Server
3. Add this location to datastore for LXC templates to Proxmox
4. Set the `jenkins` user password using `passwd jenkins` in the container
5. Create folders on mountpoint using `mkdir -p /LXCBuild/template/cache`
6. Set permissions on the folder `chmod o+w -R /LXCBuild`
7. Write down the ip of this server (for use in the jenkins container)
## jenkins
**After first start of CT wait a minute for jenkins to fully initialize before continuing with these steps**
1. In the container configure the setup script `nano /opt/Setup/Scripts/FirstRun.sh`
2. In the container run the setup script `bash /opt/Setup/Scripts/FirstRun.sh`
3. Access Jenkins using `http://<ip>:8080`
4. Press the `X` to skip the fist time setup
5. Delete the `Admin` user go to 'Manage Jenkins' > 'Manage Users' > Admin > Delete
6. Add credentials for imgbuilder-CT go to 'Manage Jenkins' > 'Manage Nodes and Clouds' > LXCBuilder1 > configure
Under Credentials click 'Add', enter 'jenkins' as username, and set the password that was set in the imgbuilder CT
Then select the created credential and click save
7. Click 'Relaunch agent'
8. Now you can build container images
## mysql
* To configure the MySQL root password in the container run the setup script `bash /opt/Setup/Scripts/FirstRun.sh`
## gitea
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
* Available on http://`<ip>`:3000
## nginx
* Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
## pihole
* Run the FistRun script in the container `bash /opt/Setup/Scripts/FirstRun.sh`
## collabora
* Update the configuration in /etc/coolwsd/coolwsd.xml and reload the service `systemctl restart coolwsd`
## jellyfin
* To set-up the system follow the initial set-up wizard on http://`<ip>`:8096
## domoticz
* Available on http://`<ip>`:8080
## transfersh
* Available on http://`<ip>`:8080
## omadaV3
* To set-up the system follow the initial set-up wizard on http://`<ip>`:8088
## docker
* Run the FistRun script in the container `bash /opt/Setup/Scripts/FirstRun.sh`
This container can be set up in two ways
1. As controller with portainer
2. As remote with docker tcp on port 2375
3. BONUS if FistRun script is skipped the CT has clean docker
## iscsi
### In Proxmox
* Run following commands
```
modprobe target_core_mod
printf "#Load iSCSI module at boot\ntarget_core_mod" > /etc/modules-load.d/iSCSI-target.conf
```
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
```
lxc.apparmor.profile: unconfined
```
* Restart CT
### In CT
* in the targetcli shell (by using the `targetcli` command) run the following commands
```
cd /iscsi
create <iqn for this server,Example:(iqn.2021-09.lan.test:host)>
exit
```
## z2mqtt
* Enable feature on CT: 'Create Device Nodes'
**Do not start this container after creation, follow these steps first**
* Recommended to give CT 1-2GB of RAM (Required for updating)
### In Proxmox
* Add the following to `/etc/udev/rules.d/99-CustomHome.rules`
#### Always add (to set the device permissions)**
```
KERNEL=="ttyUSB[0-9]*", MODE="0666"
KERNEL=="ttyACM[0-9]*", MODE="0666"
```
#### Add for Sonoff Zigbee 3.0 USB (CC2652P + CP2102N)
```
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="ttyACM-Zigbee"
```
#### Add for Zigbee CC2531 USB
```
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
```
#### Add for Zwave Aeotec Z-Stick Gen5
```
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
```
* Run `udevadm trigger`
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
```
lxc.cgroup2.devices.allow: c 166:* rwm
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyACM-Zigbee dev/ttyACM-Zigbee none bind,optional,create=file
lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=file
```
* Zigbee2mqtt Available on http://`<ip>`:5002
* ZWave2mqtt Available on http://`<ip>`:8091
* in the ZWave2mqtt web ui set the Zwave serial port to /dev/ttyACM-Zwave
* If a `Cannot lock port` error shows, please reboot the CT, if that does not fix it try rebooting the Proxmox server
## nodered
* Available on http://`<ip>`:1880
## nextcloud
**MountPoint for data folder `/var/nextcloud`**
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
3. Available on http://`<ip>`
## smb
* Webmin available on http://`<ip/hostname>`
* Samba server Available
## tvheadend
**Do first login and setup wizard in a incognito/Private window, since the authentication system can get confused after setting the new username**
* Tvheadend Available on http://`<ip>`:9981
* Default credentials: setup/setup
* Follow the setup wizzard after login, otherwise authentication will be disabled
## x2go
* Add a user by typing `adduser <username>`
* Set key auth only `sed -i -e '/PasswordAuthentication/c\PasswordAuthentication no' -e '/ChallengeResponseAuthentication/c\ChallengeResponseAuthentication no' /etc/ssh/sshd_config`
* Set ssh port `sed -i -e '/Port 22/c\Port <PortNr>' /etc/ssh/sshd_config`
## hass
* After first start of CT HomeAssistant will finish its installation this will take at least 10 minutes
* HomeAssistant available on http://`<ip>`:8123
## aptcacherng
* Available on http://`<ip>`:80
## nfs
**This container should be set up as privileged**
* Enable feature on CT: 'Nesting, NFS'
* Webmin available on http://`<ip/hostname>`
* NFS server Available
## duplicati
* Available on http://`<ip>`:8200
## mailbackup
* Info html page available on http://`<ip>`:80
* Add user/storage space by running `ash /opt/AddMailBox.sh`
## heimdall
* Available on http://`<ip>`:80
## vouchproxy
* Default port 9090
* A script to setup another instance is located here: `/opt/AddVouchInstance.sh`
## elkarbackup
**Alpine version recommended**
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
3. Available on http://`<ip>` (Default username/password: root/root)
4. Click cogwheel/settings icon > Manage backup locations >New (make sure to create this directory and set ngix as the owner)
5. Add a retention policy under the `Policies` tab
## heimdal
* Available on http://`<ip>`:80, first time loading the page may take a while
## fileshelter
* Available on http://`<ip>`:5091
# Further CT documentation
## iscsi
### Allow Remote
Set the iqn of the client to one of the server:hostname/nickname
### In CT
* in the targetcli shell (by using the `targetcli` command) run the following commands
```
cd /iscsi/<server-iqn>/tpg1/acls/
create <client-iqn>
exit
```
### Add Drive
#### In Proxmox
* Create LVM Volume (Available @ /dev/`<poolName>`/`<VolumeName>`)
```
lvcreate --name <name> --size <VolumeSize>G <PoolName>
```
* Create LVM-Thin Volume
```
lvcreate --thin -n <name> -V <VolumeSize>G <poolName>/<ThinpoolName>
```
* Create ZFS Volume (Available @ /dev/`<poolName>`/`<VolumeName>`)
```
zfs create -o volblocksize=32k -V <VolumeSize>G <poolName>/<VolumeName>
zfs set sync=disabled <poolName>/<VolumeName>
```
* Get id by using ls -l /dev/`<devicename>`
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
```
lxc.cgroup2.devices.allow: b <id>:<Subid> rwm
lxc.mount.entry: /dev/<devicename> dev/<device> none bind,optional,create=file
```
* Restart CT
#### In CT
* in the targetcli shell (by using the `targetcli` command) run the following commands
```
cd /backstores/block
create <name> /dev/<device>
cd /iscsi/<server-iqn>/tpg1/luns
create <device>
exit
```
Reference in New Issue View Git Blame Copy Permalink