239 lines
8.6 KiB
Markdown
239 lines
8.6 KiB
Markdown
# Scripts for building containers for the Proxmox home server
|
|
|
|
# Initial Setup
|
|
The first step is to build the containers needed for building all other containers.
|
|
This can be done on a Minimal debian CT (make sure to enable nesting) on the new proxmox server or any other debian install
|
|
|
|
1. Clone this repo
|
|
2. cd in to cloned repo
|
|
3. run `bash Scripts/FirstSetup.sh`, to generate the container images
|
|
4. upload the `Debian-imgbuilder.tar.xz` to the proxmox server and create a privileged container
|
|
5. Follow the steps under Container Setup > imgbuilder
|
|
6. Upload the `Debian-Jenkins.tar.xz` to the proxmox server and create a container
|
|
7. Follow the steps under Container Setup > Jenkins
|
|
|
|
# List of containers
|
|
|
|
| Name | Distro | Description |
|
|
|------|:------:|:-----------:|
|
|
| minimal | All | Minimal installed packages |
|
|
| default | All | ssh-server and nano packages |
|
|
| jenkins | Debian | Jenkins server |
|
|
| jenkinsBuilder | Debian | Basic node for Jenkins |
|
|
| imgbuilder | Debian | LXC template builder node for Jenkins |
|
|
| mysql | Debian | Mysql server with PhpMyadmin |
|
|
| pihole | Debian | Pihole CT |
|
|
| colabora | Debian | ColaboraOffice WebService (CODE version) |
|
|
| jellyfin | Debian | Jellyfin in-home streaming server |
|
|
| domoticz | Debian | Domoticz home automation service |
|
|
| omadaV3 | Debian | TP-link Omada SDN controller(V3.2.14) |
|
|
| docker | Debian | Docker container service |
|
|
| smb | Debian | Samba server |
|
|
| tvheadend | Debian | Tvheadend server |
|
|
| x2go | Debian | Remote xfce desktop accessable via X2go |
|
|
| aptcacherng | Debian | Caching server for linux packages |
|
|
| gitea | Alpine | Gitea server |
|
|
| nginx | Alpine | Nginx server for reverse-proxy use |
|
|
| ddns | Alpine | DDNS client configured for OVH/OVH-Cloud |
|
|
| transfersh | Alpine | transfer.sh instance |
|
|
| iscsi | Alpine | iSCSI server |
|
|
| z2mqtt | Alpine | Mqtt bridges for Zigbee and ZWave |
|
|
| nodered | Alpine | Node-Red |
|
|
| nodejs | Alpine | Basic nodejs install with pm2 |
|
|
| mqtt | Alpine | Mosquitto mqtt broker |
|
|
| hass | Alpine | HomeAssistant instance with HACS and mysql support |
|
|
|
|
## TODO
|
|
**Begin original list**
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AptCacherNG
|
|
|
|
|
|
~Unifi~ Not supported in debian 11
|
|
|
|
|
|
|
|
|
|
MailBackup*
|
|
~FileShelter~ Not supported in debian 11 /transfer.sh As alternative
|
|
|
|
|
|
**End original list**
|
|
|
|
|
|
# Container Setup
|
|
## imgbuilder
|
|
**This container should be set up as privileged**
|
|
1. Enable features: Fuse, Nesting and 'Create Device Nodes'
|
|
2. Add a mountpoint to /LXCBuild on a accessible place for the Proxmox Server
|
|
3. Add this location to datastore for LXC templates to Proxmox
|
|
4. Set the `jenkins` user password using `passwd jenkins` in the container
|
|
5. Create folders on mountpoint using `mkdir /LXCBuild/template/cache`
|
|
6. Set permissions on the folder `chmod o+w -R /LXCBuild`
|
|
7. Write down the ip of this server (for use in the jenkins container)
|
|
## jenkins
|
|
1. In the container configure the setup script `nano /opt/Setup/Scripts/FirstRun.sh`
|
|
2. In the container run the setup script `bash /opt/Setup/Scripts/FirstRun.sh`
|
|
3. Access Jenkins using `http://<ip>:8080`
|
|
4. Press the `X` to skip the fist time setup
|
|
5. Delete the `Admin` user go to 'Manage Jenkins' > 'Manage Users' > Admin > Delete
|
|
6. Add credentials for imgbuilder-CT go to 'Manage Jenkins' > 'Manage Nodes and Clouds' > LXCBuilder1 > configure
|
|
Under Credentials click 'Add', enter 'jenkins' as username, and set the password that was set in the imgbuilder CT
|
|
Then select the created credential and click save
|
|
7. Click 'Relaunch agent'
|
|
8. Now you can build container images
|
|
## mysql
|
|
* To configure the MySQL root password in the container run the setup script `bash /opt/Setup/Scripts/FirstRun.sh`
|
|
## gitea
|
|
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
|
|
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
|
|
## nginx
|
|
* Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
|
|
## pihole
|
|
* Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
|
|
## colabora
|
|
* Update the configuration in /etc/loolwsd/loolwsd.xml and reload the service `systemctl restart loolwsd`
|
|
## jellyfin
|
|
* To set-up the system follow the initial set-up wizard on http://`<ip>`:8096
|
|
## domoticz
|
|
* Available on http://`<ip>`:8080
|
|
## transfersh
|
|
* Available on http://`<ip>`:8080
|
|
## omadaV3
|
|
* To set-up the system follow the initial set-up wizard on http://`<ip>`:8088
|
|
## docker
|
|
* Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
|
|
This container can be set up in two ways
|
|
1. As controller with portainer
|
|
2. As remote with docker tcp on port 2375
|
|
3. BONUS if FistRun script is skipped the CT has clean docker
|
|
## iscsi
|
|
### In Proxmox
|
|
* Run following commands
|
|
```
|
|
modprobe target_core_mod
|
|
printf "#Load iSCSI module at boot\ntarget_core_mod" > /etc/modules-load.d/iSCSI-target.conf
|
|
```
|
|
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
|
|
```
|
|
lxc.apparmor.profile: unconfined
|
|
```
|
|
* Restart CT
|
|
|
|
### In CT
|
|
* in the targetcli shell (by using the `targetcli` command) run the following commands
|
|
```
|
|
cd /iscsi
|
|
create <iqn for this server,Example:(iqn.2021-09.lan.test:host)>
|
|
exit
|
|
```
|
|
|
|
## z2mqtt
|
|
**Do not start this container after creation, follow these steps first**
|
|
* Recommended to give CT 1-2GB of RAM (Required for updating)
|
|
### In Proxmox
|
|
* Add the following to `/etc/udev/rules.d/99-CustomHome.rules`
|
|
```
|
|
KERNEL=="ttyUSB[0-9]*", MODE="0666"
|
|
KERNEL=="ttyACM[0-9]*", MODE="0666"
|
|
|
|
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
|
|
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
|
|
|
|
SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
|
|
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
|
|
```
|
|
* Run `udevadm trigger`
|
|
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
|
|
```
|
|
lxc.cgroup2.devices.allow: c 166:* rwm
|
|
lxc.mount.entry: /dev/ttyACM-Zigbee dev/ttyACM-Zigbee none bind,optional,create=file
|
|
lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=file
|
|
```
|
|
* Zigbee2mqtt Available on http://`<ip>`:5002
|
|
* ZWave2mqtt Available on http://`<ip>`:8091
|
|
* in the ZWave2mqtt web ui set the Zwave serial port to /dev/ttyACM-Zwave
|
|
* If a `Cannot lock port` error shows, please reboot the CT, if that does not fix it try rebooting the Proxmox server
|
|
|
|
## nodered
|
|
* Available on http://`<ip>`:1880
|
|
|
|
## nextcloud
|
|
**MountPoint for data folder `/var/nextcloud`**
|
|
1. Edit the parameters in the FistRun script in the container `vi /opt/Setup/Scripts/FirstRun.sh`
|
|
2. Run the FistRun script in the container `ash /opt/Setup/Scripts/FirstRun.sh`
|
|
3. Available on http://`<ip>`
|
|
|
|
## smb
|
|
* Webmin Available on http://`<ip/hostname>`
|
|
* Samba server Available
|
|
|
|
## tvheadend
|
|
**Do first login and setup wizard in a incognito/Private window, since the authentication system can get confused after setting the new username**
|
|
* Tvheadend Available on http://`<ip>`:9981
|
|
* Default credentials: setup/setup
|
|
* Follow the setup wizzard after login, otherwise authentication will be disabled
|
|
|
|
## hass
|
|
* After first start of CT HomeAssistant will finish its installation this will take at least 10 minutes
|
|
* HomeAssistant available on http://`<ip>`:8123
|
|
|
|
## aptcacherng
|
|
* Available on http://`<ip>`:80
|
|
|
|
# Further CT documentation
|
|
|
|
## iscsi
|
|
### Allow Remote
|
|
Set the iqn of the client to one of the server:hostname/nickname
|
|
### In CT
|
|
* in the targetcli shell (by using the `targetcli` command) run the following commands
|
|
```
|
|
cd /iscsi/<server-iqn>/tpg1/acls/
|
|
create <client-iqn>
|
|
exit
|
|
```
|
|
|
|
|
|
### Add Drive
|
|
#### In Proxmox
|
|
* Create LVM Volume (Available @ /dev/`<poolName>`/`<VolumeName>`)
|
|
```
|
|
lvcreate --name <name> --size <VolumeSize>G <PoolName>
|
|
```
|
|
* Create ZFS Volume (Available @ /dev/`<poolName>`/`<VolumeName>`)
|
|
```
|
|
zfs create -o volblocksize=32k -V <VolumeSize>G <poolName>/<VolumeName>
|
|
zfs set sync=disabled <poolName>/<VolumeName>
|
|
```
|
|
* Get id by using ls -l /dev/`<devicename>`
|
|
* Add the following to /etc/pve/lxc/`<CT-ID>`.conf
|
|
```
|
|
lxc.cgroup2.devices.allow: b <id>:<Subid> rwm
|
|
lxc.mount.entry: /dev/<devicename> dev/<device> none bind,optional,create=file
|
|
```
|
|
* Restart CT
|
|
#### In CT
|
|
* in the targetcli shell (by using the `targetcli` command) run the following commands
|
|
```
|
|
cd /backstores/block
|
|
create <name> /dev/<device>
|
|
cd /iscsi/<server-iqn>/tpg1/luns
|
|
create <device>
|
|
exit
|
|
```
|
|
|
|
## x2go
|
|
* Add a user by typing `adduser <username>`
|
|
* Set key auth only `sed -i -e '/PasswordAuthentication/c\PasswordAuthentication no' -e '/ChallengeResponseAuthentication/c\ChallengeResponseAuthentication no' /etc/ssh/sshd_config`
|
|
* Set ssh port `sed -i -e '/Port 22/c\Port <PortNr>' /etc/ssh/sshd_config` |