Conclusion
When you are using NFS mount points with root account on client-side then export them with no_root_squash option. This will ensure you don’t face access related issues on NFS mount points
SSL pour le home lab
https://myhomelab.gr/linux/2019/12/13/local-ca-setup.html
Mon domain : daisy-street.fr
Pihole
configuration du dns pihole 192.168.1.50
Renvoyer les serveurs sur le dns/dhcp pihole
nano /etc/netplan/00-installer-config.yaml
nano /etc/resolv.conf
nano /etc/hostname
Installer traefik
docker-compose.yml
Generer password traefik
sudo apt install apache2-utils
echo $(htpasswd -nb <USER> <PASSWORD>) | sed -e s/\\$/\\$\\$/g
volumes:
- /SystemSvg/VM_109/traefik/data/traefik.yml:/traefik.yml:ro
- /SystemSvg/VM_109/traefik/data/acme.json:/acme.json
- /SystemSvg/VM_109/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.daisy-street.fr`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=<USER>:<HASHED-PASSWORD>"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.daisy-street.fr`)"Configurer SSL
openssl genrsa -des3 -out root.key 2048david@legion2:/SystemSvg/clersa$ openssl req -x509 -new -nodes -key root.key -sha256 -days 7200 -out root.pem
Enter pass phrase for root.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Hauts-de-Seine
Locality Name (eg, city) []:Antony
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Homelab
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:DaisyStreet HomeLab Authority
Email Address []:
david@legion2:/SystemSvg/clersa$
openssl genrsa -out wildcard.homelab.home.key 2048nano opensslsan.cnf
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = FR
ST = Hauts-de-Seine
L = Antony
O = Wildcard Homelab Inc
OU = IT
CN = *.homelab.home
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.homelab.home
openssl req -new -out wildcard.homelab.home.csr \
-key wildcard.homelab.home.key \
-config opensslsan.cnfopenssl x509 -req -in wildcard.homelab.home.csr \
-CA root.pem \
-CAkey root.key \
-CAcreateserial \
-out wildcard.homelab.home.crt \
-days 7200 \
-sha256 \
-extensions v3_req \
-extfile opensslsan.cnfpaperless retag
Document retagger
Say you’ve imported a few hundred documents and now want to introduce a tag or set up a new correspondent, and apply its matching to all of the currently-imported docs. This problem is common enough that there are tools for it.
document_retagger [-h] [-c] [-T] [-t] [-i] [--use-first] [-f] optional arguments: -c, --correspondent -T, --tags -t, --document_type -i, --inbox-only --use-first -f, --overwrite
Connexion au bash docker
tmux
docker exec -it paperless bashSans écrasement
document_retagger -c -t --use-first
document_retagger -TAvec ecrasement
document_retagger -c -t --use-first -f
document_retagger -T -fa essayer en global
tmux
docker exec -it paperless bash
document_retagger -c -t --use-first -f;document_retagger -T;document_retagger -T;document_retagger -T;document_retagger -T;document_retagger -T;document_retagger -T
docker exec -d -it paperless-ng_webserver_1 document_retagger -c -T -t --use-firstdocument_retagger -T est repeter plusieurs fois car la commande s’arrete en database lock au bout de 10 minutes d’ouverture de database , l’enchainement de commande sans ecrasement permet de balayer toute la base.
installation Docker all in one
sudo apt-get update
sudo apt-get -y install ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io
sudo apt -y install nfs-common
sudo apt -y install cifs-utils
sudo apt -y install docker-compose
docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
sudo usermod -aG docker $USER
sudo mkdir /Warehouse
sudo mkdir /Warehouse/Documents_read
sudo mkdir /Warehouse/Phototeque_CheckIn_read
sudo mkdir /Warehouse/Phototeque_read
sudo mkdir /Warehouse/SystemSvg_read
sudo mkdir /SystemSvg
sudo mkdir /SystemSvg_nfs
sudo mkdir /VideoClub
sudo mkdir /Photocopie
sudo nano /home/david/.sharelogin
username=[username]
password=[password]
sudo nano /etc/docker/daemon.json
{
"log-driver": "loki",
"log-opts": {
"loki-url": "http://localhost:3100/loki/api/v1/push",
"loki-batch-size": "400"
}
}
sudo nano /etc/fstab
//192.168.1.111/5-Documents /Warehouse/Documents_read cifs ro,credentials=/home/david/.sharelogin,uid=1000,gid=1000 0 0
//192.168.1.111/50-Phototheque /Warehouse/Phototeque_read cifs ro,credentials=/home/david/.sharelogin,nobrl,uid=1000,gid=1000 0 0
//192.168.1.111/00-CheckIn /Warehouse/Phototeque_CheckIn_read cifs ro,credentials=/home/david/.sharelogin,nobrl,uid=1000,gid=1000 0 0
//192.168.1.111/6-SystemSvg /Warehouse/SystemSvg_read cifs ro,credentials=/home/david/.sharelogin,nobrl,uid=1000,gid=1000 0 0
//192.168.1.111/5-Documents/80-Photocopie /Photocopie cifs rw,credentials=/home/david/.sharelogin,uid=1000,gid=1000 0 0
//192.168.1.111/9-VideoClub /VideoClub cifs rw,credentials=/home/david/.sharelogin,uid=1000,gid=1000 0 0
//192.168.1.111/6-SystemSvg /SystemSvg cifs rw,credentials=/home/david/.sharelogin,nobrl,uid=1000,gid=1000 0 0
192.168.1.111:/share_nfs /SystemSvg_nfs nfs defaults 0 0
sudo mount -a
sudo systemctl restart docker
mkdir /SystemSvg/docker
mkdir /SystemSvg/docker/portainer
mkdir /SystemSvg/docker/portainer/data
docker kill portainer
docker rm portainer
cd /SystemSvg/docker/portainer/;docker-compose pull
cd /SystemSvg/docker/portainer/;docker-compose up -d
mkdir /SystemSvg/docker/traefik
mkdir /SystemSvg/share_nfs/traefik
mkdir /SystemSvg/docker/traefik/data
mkdir /SystemSvg/share_nfs/traefik/acme
docker network create proxy
docker kill traefik
docker rm traefik
cd /SystemSvg/docker/traefik/;docker-compose pull
cd /SystemSvg/docker/traefik/;docker-compose up -d
mkdir /SystemSvg/docker/grafana
mkdir /SystemSvg/docker/grafana/grafana
mkdir /SystemSvg/docker/grafana/loki
mkdir /SystemSvg/docker/grafana/promtail
docker kill grafana
docker kill loki
docker kill promtail
docker rm grafana
docker rm loki
docker rm promtail
cd /SystemSvg/docker/grafana/;docker-compose pull
cd /SystemSvg/docker/grafana/;docker-compose up -d
mkdir /SystemSvg/docker/sickchill
mkdir /SystemSvg/docker/sickchill/config
docker kill sickchill
docker rm sickchill
cd /SystemSvg/docker/sickchill/;docker-compose pull
cd /SystemSvg/docker/sickchill/;docker-compose up -d
mkdir /SystemSvg/docker/transmission
mkdir /SystemSvg/docker/transmission/config
docker kill transmission
docker rm transmission
cd /SystemSvg/docker/transmission/;docker-compose pull
cd /SystemSvg/docker/transmission/;docker-compose up -d
mkdir /SystemSvg/docker/filebot
mkdir /SystemSvg/docker/filebot/data
docker kill filebot
docker rm filebot
cd /SystemSvg/docker/filebot/;docker-compose pull
cd /SystemSvg/docker/filebot/;docker-compose up -d
mkdir /SystemSvg/docker/nzbget
mkdir /SystemSvg/docker/nzbget/config
docker kill nzbget
docker rm nzbget
cd /SystemSvg/docker/nzbget/;docker-compose pull
cd /SystemSvg/docker/nzbget/;docker-compose up -d
mkdir /SystemSvg/docker/jellyfin
mkdir /SystemSvg/docker/jellyfin/config
mkdir /SystemSvg/docker/jellyfin/cache
docker kill jellyfin
docker rm jellyfin
cd /SystemSvg/docker/jellyfin/;docker-compose pull
cd /SystemSvg/docker/jellyfin/;docker-compose up -d
mkdir /SystemSvg/docker/duplicati
mkdir /SystemSvg/docker/duplicati/data
docker kill duplicati
docker rm duplicati
cd /SystemSvg/docker/duplicati/;docker-compose pull
cd /SystemSvg/docker/duplicati/;docker-compose up -d
//mkdir /SystemSvg/docker/heimdall
//mkdir /SystemSvg/docker/heimdall/config
//docker kill dashy
//docker rm dashy
//cd /SystemSvg/docker/dashy/;docker-compose pull
//cd /SystemSvg/docker/dashy/;docker-compose up -d
mkdir /SystemSvg/docker/dashy
docker kill heimdall
docker rm heimdall
cd /SystemSvg/docker/heimdall/;docker-compose pull
cd /SystemSvg/docker/heimdall/;docker-compose up -d
mkdir /SystemSvg/docker/littlelink
mkdir /SystemSvg/docker/littlelink/config
docker kill littlelink-server
docker rm littlelink-server
cd /SystemSvg/docker/littlelink/;docker-compose pull
cd /SystemSvg/docker/littlelink/;docker-compose up -d
mkdir /SystemSvg/docker/uptime-kuma
mkdir /SystemSvg/docker/uptime-kuma/data
docker kill uptime-kuma
docker rm uptime-kuma
cd /SystemSvg/docker/uptime-kuma/;docker-compose pull
cd /SystemSvg/docker/uptime-kuma/;docker-compose up -d
mkdir /SystemSvg/docker/paperless-ng
mkdir /SystemSvg/docker/paperless-ng/config
docker kill paperless-ng
docker rm paperless-ng
cd /SystemSvg/docker/paperless-ng/;docker-compose pull
cd /SystemSvg/docker/paperless-ng/;docker-compose up -d
cd /SystemSvg/docker/paperless-ng/;docker-compose run --rm webserver createsuperuser
mkdir /SystemSvg/docker/zoneminder
mkdir /SystemSvg/docker/zoneminder/cache
mkdir /SystemSvg/docker/zoneminder/config
docker kill zoneminder_in
docker rm zoneminder_in
cd /SystemSvg/docker/zoneminder/;docker-compose pull
cd /SystemSvg/docker/zoneminder/;docker-compose up -d
mkdir /SystemSvg/docker/homeassitant
mkdir /SystemSvg/docker/homeassitant/config
docker kill homeassitant
docker rm homeassitant
cd /SystemSvg/docker/homeassitant/;docker-compose pull
cd /SystemSvg/docker/homeassitant/;docker-compose up -d
mkdir /SystemSvg/docker/redmine
mkdir /SystemSvg/docker/redmine/mariadb_data
docker kill redmine_mariadb_1
docker kill redmine_redmine_1
docker rm redmine_mariadb_1
docker rm redmine_redmine_1
cd /SystemSvg/docker/redmine/;docker-compose pull
cd /SystemSvg/docker/redmine/;docker-compose up -d
mkdir /SystemSvg/docker/lamp
mkdir /SystemSvg/docker/lamp/www
mkdir /SystemSvg/docker/lamp/mysql
docker kill lamp_db_1
docker kill lamp_myadmin_1
docker kill lamp_web_1
docker rm lamp_db_1
docker rm lamp_myadmin_1
docker rm lamp_web_1
cd /SystemSvg/docker/lamp/;docker-compose pull
cd /SystemSvg/docker/lamp/;docker-compose up -d
mkdir /SystemSvg/docker/wordpress
mkdir /SystemSvg/docker/wordpress/html
mkdir /SystemSvg/docker/wordpress/mysql
docker kill wordpress_db_1
docker kill adminer_legacy
docker kill wordpress_legacy
docker rm wordpress_db_1
docker rm adminer_legacy
docker rm wordpress_legacy
cd /SystemSvg/docker/wordpress/;docker-compose pull
cd /SystemSvg/docker/wordpress/;docker-compose up -d
sudo apt-get purge -y docker-engine docker docker.io docker-ce docker-ce-cli
sudo apt-get autoremove -y --purge docker-engine docker docker.io docker-ce
sudo rm -rf /var/lib/docker /etc/docker
sudo rm /etc/apparmor.d/docker
sudo groupdel docker
sudo rm -rf /var/run/docker.sockdocker kill portainer
docker rm portainer
cd /SystemSvg/docker/portainer/;docker-compose up -d
docker kill traefik
docker rm traefik
cd /SystemSvg/docker/traefik/;docker-compose up -d
docker kill grafana
docker kill loki
docker kill promtail
docker rm grafana
docker rm loki
docker rm promtail
cd /SystemSvg/docker/grafana/;docker-compose up -d
docker kill sickchill
docker rm sickchill
cd /SystemSvg/docker/sickchill/;docker-compose up -d
docker kill transmission
docker rm transmission
cd /SystemSvg/docker/transmission/;docker-compose up -d
docker kill filebot
docker rm filebot
cd /SystemSvg/docker/filebot/;docker-compose up -d
docker kill nzbget
docker rm nzbget
cd /SystemSvg/docker/nzbget/;docker-compose up -d
docker kill jellyfin
docker rm jellyfin
cd /SystemSvg/docker/jellyfin/;docker-compose up -d
docker kill duplicati
docker rm duplicati
cd /SystemSvg/docker/duplicati/;docker-compose up -d
//docker kill heimdall
//docker rm heimdall
//cd /SystemSvg/docker/heimdall/;docker-compose up -d
docker kill dashy
docker rm dashy
cd /SystemSvg/docker/dashy/;docker-compose up -d
docker kill littlelink-server
docker rm littlelink-server
cd /SystemSvg/docker/littlelink/;docker-compose up -d
docker kill uptime-kuma
docker rm uptime-kuma
cd /SystemSvg/docker/uptime-kuma/;docker-compose up -d
docker kill paperless-ng
docker rm paperless-ng
cd /SystemSvg/docker/paperless-ng/;docker-compose up -d
docker kill zoneminder_in
docker rm zoneminder_in
cd /SystemSvg/docker/zoneminder/;docker-compose up -d
docker kill homeassitant
docker rm homeassitant
cd /SystemSvg/docker/homeassitant/;docker-compose up -d
docker kill redmine_mariadb_1
docker kill redmine_redmine_1
docker rm redmine_mariadb_1
docker rm redmine_redmine_1
cd /SystemSvg/docker/redmine/;docker-compose up -d
docker kill lamp_db_1
docker kill lamp_myadmin_1
docker kill lamp_web_1
docker rm lamp_db_1
docker rm lamp_myadmin_1
docker rm lamp_web_1
cd /SystemSvg/docker/lamp/;docker-compose up -d
docker kill wordpress_db_1
docker kill adminer_legacy
docker kill wordpress_legacy
docker rm wordpress_db_1
docker rm adminer_legacy
docker rm wordpress_legacy
cd /SystemSvg/docker/wordpress/;docker-compose up -d
Install Portainer Agent with Docker on Linux
Run the following command to deploy the Portainer Agent:
sudo docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.6.3sudo docker kill portainer_agent
sudo docker rm portainer_agent
sudo docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.6.3
paperless ng
https://paperless-ng.readthedocs.io/en/latest/setup.html#install-paperless-from-docker-hub
docker-compose.yml et docker-compose.env
sqlite sur smb cifs
Sqlite.SqliteException (0x80004005): SQLite Error 5: ‘database is locked’.
I’m running jellyfin in docker and got this error because my config file was mounted over samba / cifs. The solution was to add nobrl to the mount options.
volumes:
jellyfin-data:
driver_opts:
type: "cifs"
device: "//192.168.1.69/whatever/Jellyfin"
o: "addr=192.168.19.10,rw"
o: "uid=0,username=phanton,password=8517,nobrl"nfs share
NFS by default will downgrade any files created with the root permissions to the nobody:nogroup user:group.
This is a security feature that prevents privileges from being shared unless specifically requested.
It may be that you would like to enable the “no_root_squash” option in the nfs server’s /etc/exports file.
mount a nfs in unpriviliged container
https://forum.proxmox.com/threads/mount-nfs-shares-in-a-host.78761/
pour le lxc du mediacenter qui est monter en unpriviliged
jai monte rle nfs du videoclub dans pve
puis j’ai ajouter dans le /etx/pve/lxc/105.conf
mp0: /mnt/pve/videoclub,mp=/usr/VideoClubinstall docker and app
https://docs.docker.com/engine/install/ubuntu/
sudo apt-get update
sudo apt-get -y install ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io
sudo apt -y install nfs-common
sudo apt -y install cifs-utils
sudo mkdir /SystemSvg
sudo mkdir /VideoClub
sudo nano /home/david/.sharelogin
username=[username]
password=[password]
sudo nano /etc/fstab
//192.168.1.111/9-VideoClub /VideoClub cifs rw,credentials=/home/david/.sharelogin,uid=1000,gid=1000 0 0
//192.168.1.111/6-SystemSvg/VM_112 /SystemSvg cifs rw,credentials=/home/david/.sharelogin,nobrl,uid=1000,gid=1000 0 0
sudo mount -a
mkdir /SystemSvg/sickchill
mkdir /SystemSvg/sickchill/config
sudo docker kill sickchill
sudo docker rm sickchill
sudo docker run -d --name=sickchill -e PUID=1000 -e PGID=1000 -e TZ=Europe/London -p 8081:8081 -v /SystemSvg/sickchill/config:/config -v /VideoClub/00-Tmp:/downloads -v /VideoClub/30-Series:/tv -v /VideoClub/40-Anime:/anime --restart unless-stopped lscr.io/linuxserver/sickchill
mkdir /SystemSvg/transmission
mkdir /SystemSvg/transmission/config
sudo docker kill transmission
sudo docker rm transmission
sudo docker run -d --name=transmission -e PUID=1000 -e PGID=1000 -e TZ=Europe/London -e TRANSMISSION_WEB_HOME=/combustion-release/ `#optional` -p 9091:9091 -p 51413:51413 -p 51413:51413/udp -v /SystemSvg/transmission/config:/config -v /VideoClub/00-Tmp/transmission/downloads:/downloads -v /VideoClub/00-Tmp/transmission/script:/script -v /VideoClub/00-Tmp/transmission/watch:/watch --restart unless-stopped lscr.io/linuxserver/transmission
mkdir /SystemSvg/filebot
mkdir /SystemSvg/filebot/data
sudo docker kill filebot
sudo docker rm filebot
sudo docker run -d --name=filebot -p 5452:5452 -v /SystemSvg/filebot/data:/data -v /VideoClub:/videoclub --restart unless-stopped maliciamrg/filebot-node-479
mkdir /SystemSvg/nzbget
mkdir /SystemSvg/nzbget/config
sudo docker kill nzbget
sudo docker rm nzbget
sudo docker run -d --name=nzbget -e PUID=1000 -e PGID=1000 -e TZ=Europe/London -p 6789:6789 -v /SystemSvg/nzbget/config:/config -v /VideoClub/00-Tmp/nzbget:/downloads --restart unless-stopped lscr.io/linuxserver/nzbget
mkdir /SystemSvg/jellyfin
mkdir /SystemSvg/jellyfin/config
mkdir /SystemSvg/jellyfin/cache
sudo docker kill jellyfin
sudo docker rm jellyfin
sudo docker run -d --name jellyfin --user 1000:1000 --net=host --volume /SystemSvg/jellyfin/config:/config --volume /SystemSvg/jellyfin/cache:/cache --mount type=bind,source=/VideoClub/10-Film,target=/media/10-Film --mount type=bind,source=/VideoClub/20-Film_Vf,target=/media/20-Film_Vf --mount type=bind,source=/VideoClub/30-Series,target=/media/30-Series --mount type=bind,source=/VideoClub/40-Anime,target=/media/40-Anime --restart=unless-stopped jellyfin/jellyfin
sudo docker ps -a
sudo docker exec -it filebot bin/bash
sudop docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.6.3
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data cr.portainer.io/portainer/portainer-ce:2.9.3