This commit is contained in:
DoTheEvo 2023-01-21 21:48:29 +01:00
parent 799eb3ffd5
commit d6ed9143d4
4 changed files with 304 additions and 2 deletions

29
esxi/readme.md Normal file
View File

@ -0,0 +1,29 @@
# Esxi
###### guide-by-example
# Purpose
Type 1 hypervisor hosting virtual machines, running straight on metal.
# Files and directory structure
https://www.dbappweb.com/2020/08/20/how-to-change-the-default-gateway-for-vmware-vsphere-esxi/
* esxcfg-route
* esxcfg-route 10.65.26.25
https://blog.techygeekshome.info/2021/04/vmware-esxi-esxcli-commands-to-update-host-dns-servers/
* esxcli network ip dns server add --server=8.8.8.8
* esxcli network ip dns server remove --server=1.1.1.1
* esxcli network ip dns server list
# docker-compose
# Config
# Logging
#### email

View File

@ -0,0 +1,111 @@
# gotify ntfy signal
###### guide-by-example
![logo](https://i.imgur.com/41WzW04.png)
# Purpose & Overview
Instant notifications if email feels old timey and crowded
* [gotify](https://github.com/gotify/server)
* [ntfy](https://github.com/binwiederhier/ntfy)
* [bbernhard/signal-cli-rest-api ](https://github.com/bbernhard/signal-cli-rest-api)
---
# Overview
* **gotify** - great for single person use, but the moment theres more people
they need to share single account and so lack the ability to choose
what to get and what not to get
* **ntfy** - simple original approach to just subscribing to "topics" without
authentification, very simple one line push notification.
Drawback is rather high [battery consumption](https://i.imgur.com/TDhj7El.jpg)
of the android app, but I did not let it run for long enough it could also
just be my phone thing. Just something to keep an eye on.
* **signal-cli-rest-api** - no gui, need a sim card phone number registred,
worse concept for sending notification to multiple users,
where you need to manually set everyone who should receive,
as oppose to having a "room/topic" to which one can "susbscribe",
but if signal is widespread enough and you are not asking people to install
another app then its a winner
# docker-compose
`gotify-docker-compose.yml`
```yml
services:
gotify:
image: gotify/server
container_name: gotify
hostname: gotify
restart: unless-stopped
env_file: .env
volumes:
- "./gotify_data:/app/data"
networks:
default:
name: caddy_net
external: true
```
`ntfy-docker-compose.yml`
```yml
services:
ntfy:
image: binwiederhier/ntfy
container_name: ntfy
hostname: ntfy
env_file: .env
restart: unless-stopped
command:
- serve
volumes:
- ./ntfy-cache:/var/cache/ntfy
- ./ntfy-etc:/etc/ntfy
networks:
default:
name: $DOCKER_MY_NETWORK
external: true
```
`signal-docker-compose.yml`
```yml
signal:
image: bbernhard/signal-cli-rest-api
container_name: signal
hostname: signal
env_file: .env
restart: unless-stopped
volumes:
- "./signal-cli-config:/home/.local/share/signal-cli" #map "signal-cli-config" folder on host system into docker container. the folder contains the password and cryptographic keys when a new number is registered
networks:
default:
name: $DOCKER_MY_NETWORK
external: true
```
# Port forwarding
# The usage on clients
# Encrypted use
# Trouble shooting
# Update
# Backup and restore
#### Backup
#### Restore

97
kopia_backup/readme.md Normal file
View File

@ -0,0 +1,97 @@
# Kopia
###### guide-by-example
![logo](https://i.imgur.com/A2mosM6.png)
WORK IN PROGRESS<br>
WORK IN PROGRESS<br>
WORK IN PROGRESS<br>
# Purpose & Overview
Backups.
* [Official site](https://kopia.io/)
* [Github](https://github.com/kopia/kopia)
Kopia is an open source backup utility with basicly all modern features.</br>
Cross-platform, deduplication, encryption, compression, multithreaded speed,
cloud storage support, CLI and GUI versions, snapshots mounting,...
Written in golang,
In this setup kopia cli is installed directly on the host system.</br>
A script is created that backs up the entire docker directory and /etc locally.</br>
Cronjob is set to execute this script daily.
The repository is also pruned on each run of the script -
old archives are deleted while keeping the ones fitting the retention rules
in the script.</br>
One backup per day for last 7 days, last 4 weeks, last 6 months are kept.
# Files and directory structure
```
/home/
├── ~/
│ └── docker/
│ ├── container-setup #2
│ ├── container-setup #1
│ ├── ...
/mnt/
└── mirror/
└── docker_host_kopia/
```
* `docker_backup/` - borg repository directory containg the backups
* `borg_backup.sh` - the backup script that adds new archive in to the repository
* `borg_backup.log` - log file with the dates of backups
Only `borg_backup.sh` has to be provided.</br>
Repo directory is created by `borg init` command
and the log file is created on the first run.
# The setup
#### Install kopia
for arch linux, kopia is on AUR `yay kopia-bin`
#### Backing up using kopia
use of sudo so that kopia has access everywhere<br>
config files are therefore in `/root/config/kopia`
- `mkdir /mnt/mirror/docker_host_kopia`</br>
- `sudo kopia repository create filesystem --path /mnt/mirror/docker_host_kopia`<br>
- `sudo kopia repository connect filesystem --path /mnt/mirror/docker_host_kopia`<br>
- `sudo kopia snapshot create /home/spravca/docker`<br>
- `sudo kopia snapshot list`<br>
- `sudo kopia mount k7e2b0a503edd7604ff61c68655cd5ad7 /mnt/tmp &`<br>
- `sudo umount /mnt/tmp`<br>
#### The backup script
### Manual run
### Automatic execution
# Accessing the backup files
# Extra info
# Remote backup

View File

@ -27,7 +27,7 @@ The architecture is relatively simple.
which allows full control of the device from the servers web
Theres also an entire aspect of possibility of using
Intel AMT - Active Management Technology.
Intel AMT - Active Management Technology through port 4433.
---
@ -173,11 +173,76 @@ mesh.{$MY_DOMAIN} {
# The usage on clients
# Improved safety
# Trouble shooting
# Running without separate database
`docker-compose.yml`
```yml
services:
meshcentral:
image: ghcr.io/ylianst/meshcentral:latest
container_name: meshcentral
hostname: meshcentral
restart: unless-stopped
env_file: .env
volumes:
# config.json and other important files live here. A must for data persistence
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
# where file uploads for users live
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
# location for the meshcentral-backups - this should be mounted to an external storage
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
# location for site customization files
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
networks:
default:
name: $DOCKER_MY_NETWORK
external: true
```
`.env`
```bash
# GENERAL
MY_DOMAIN=example.com
DOCKER_MY_NETWORK=caddy_net
TZ=Europe/Bratislava
# MESHCENTRAL
NODE_ENV=production
# initial mongodb-variables
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
# initial meshcentral-variables
# the following options are only used if no config.json exists in the data-folder
# your hostname
HOSTNAME=mesh.example.com
USE_MONGODB=false
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
REVERSE_PROXY=example.com
REVERSE_PROXY_TLS_PORT=443
# set to true if you wish to enable iframe support
IFRAME=false
# set to false if you want disable self-service creation of new accounts besides the first (admin)
ALLOW_NEW_ACCOUNTS=true
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
WEBRTC=false
# set to true to allow plugins
ALLOWPLUGINS=false
# set to true to allow session recording
LOCALSESSIONRECORDING=false
# set to enable or disable minification of json, reduces traffic
MINIFY=true
```
# Update