update
This commit is contained in:
parent
799eb3ffd5
commit
d6ed9143d4
|
@ -0,0 +1,29 @@
|
||||||
|
# Esxi
|
||||||
|
###### guide-by-example
|
||||||
|
|
||||||
|
# Purpose
|
||||||
|
|
||||||
|
Type 1 hypervisor hosting virtual machines, running straight on metal.
|
||||||
|
|
||||||
|
# Files and directory structure
|
||||||
|
|
||||||
|
https://www.dbappweb.com/2020/08/20/how-to-change-the-default-gateway-for-vmware-vsphere-esxi/
|
||||||
|
|
||||||
|
* esxcfg-route
|
||||||
|
* esxcfg-route 10.65.26.25
|
||||||
|
|
||||||
|
https://blog.techygeekshome.info/2021/04/vmware-esxi-esxcli-commands-to-update-host-dns-servers/
|
||||||
|
|
||||||
|
* esxcli network ip dns server add --server=8.8.8.8
|
||||||
|
* esxcli network ip dns server remove --server=1.1.1.1
|
||||||
|
* esxcli network ip dns server list
|
||||||
|
|
||||||
|
# docker-compose
|
||||||
|
|
||||||
|
# Config
|
||||||
|
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
|
||||||
|
|
||||||
|
#### email
|
|
@ -0,0 +1,111 @@
|
||||||
|
# gotify ntfy signal
|
||||||
|
|
||||||
|
###### guide-by-example
|
||||||
|
|
||||||
|
![logo](https://i.imgur.com/41WzW04.png)
|
||||||
|
|
||||||
|
# Purpose & Overview
|
||||||
|
|
||||||
|
Instant notifications if email feels old timey and crowded
|
||||||
|
|
||||||
|
* [gotify](https://github.com/gotify/server)
|
||||||
|
* [ntfy](https://github.com/binwiederhier/ntfy)
|
||||||
|
* [bbernhard/signal-cli-rest-api ](https://github.com/bbernhard/signal-cli-rest-api)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
# Overview
|
||||||
|
|
||||||
|
* **gotify** - great for single person use, but the moment theres more people
|
||||||
|
they need to share single account and so lack the ability to choose
|
||||||
|
what to get and what not to get
|
||||||
|
* **ntfy** - simple original approach to just subscribing to "topics" without
|
||||||
|
authentification, very simple one line push notification.
|
||||||
|
Drawback is rather high [battery consumption](https://i.imgur.com/TDhj7El.jpg)
|
||||||
|
of the android app, but I did not let it run for long enough it could also
|
||||||
|
just be my phone thing. Just something to keep an eye on.
|
||||||
|
* **signal-cli-rest-api** - no gui, need a sim card phone number registred,
|
||||||
|
worse concept for sending notification to multiple users,
|
||||||
|
where you need to manually set everyone who should receive,
|
||||||
|
as oppose to having a "room/topic" to which one can "susbscribe",
|
||||||
|
but if signal is widespread enough and you are not asking people to install
|
||||||
|
another app then its a winner
|
||||||
|
|
||||||
|
# docker-compose
|
||||||
|
|
||||||
|
`gotify-docker-compose.yml`
|
||||||
|
```yml
|
||||||
|
services:
|
||||||
|
|
||||||
|
gotify:
|
||||||
|
image: gotify/server
|
||||||
|
container_name: gotify
|
||||||
|
hostname: gotify
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: .env
|
||||||
|
volumes:
|
||||||
|
- "./gotify_data:/app/data"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
name: caddy_net
|
||||||
|
external: true
|
||||||
|
```
|
||||||
|
|
||||||
|
`ntfy-docker-compose.yml`
|
||||||
|
```yml
|
||||||
|
services:
|
||||||
|
|
||||||
|
ntfy:
|
||||||
|
image: binwiederhier/ntfy
|
||||||
|
container_name: ntfy
|
||||||
|
hostname: ntfy
|
||||||
|
env_file: .env
|
||||||
|
restart: unless-stopped
|
||||||
|
command:
|
||||||
|
- serve
|
||||||
|
volumes:
|
||||||
|
- ./ntfy-cache:/var/cache/ntfy
|
||||||
|
- ./ntfy-etc:/etc/ntfy
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
name: $DOCKER_MY_NETWORK
|
||||||
|
external: true
|
||||||
|
```
|
||||||
|
|
||||||
|
`signal-docker-compose.yml`
|
||||||
|
```yml
|
||||||
|
signal:
|
||||||
|
image: bbernhard/signal-cli-rest-api
|
||||||
|
container_name: signal
|
||||||
|
hostname: signal
|
||||||
|
env_file: .env
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- "./signal-cli-config:/home/.local/share/signal-cli" #map "signal-cli-config" folder on host system into docker container. the folder contains the password and cryptographic keys when a new number is registered
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
name: $DOCKER_MY_NETWORK
|
||||||
|
external: true
|
||||||
|
```
|
||||||
|
|
||||||
|
# Port forwarding
|
||||||
|
|
||||||
|
# The usage on clients
|
||||||
|
|
||||||
|
# Encrypted use
|
||||||
|
|
||||||
|
|
||||||
|
# Trouble shooting
|
||||||
|
|
||||||
|
# Update
|
||||||
|
|
||||||
|
# Backup and restore
|
||||||
|
|
||||||
|
#### Backup
|
||||||
|
|
||||||
|
#### Restore
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,97 @@
|
||||||
|
# Kopia
|
||||||
|
|
||||||
|
###### guide-by-example
|
||||||
|
|
||||||
|
![logo](https://i.imgur.com/A2mosM6.png)
|
||||||
|
|
||||||
|
WORK IN PROGRESS<br>
|
||||||
|
WORK IN PROGRESS<br>
|
||||||
|
WORK IN PROGRESS<br>
|
||||||
|
|
||||||
|
# Purpose & Overview
|
||||||
|
|
||||||
|
Backups.
|
||||||
|
|
||||||
|
* [Official site](https://kopia.io/)
|
||||||
|
* [Github](https://github.com/kopia/kopia)
|
||||||
|
|
||||||
|
Kopia is an open source backup utility with basicly all modern features.</br>
|
||||||
|
Cross-platform, deduplication, encryption, compression, multithreaded speed,
|
||||||
|
cloud storage support, CLI and GUI versions, snapshots mounting,...
|
||||||
|
|
||||||
|
Written in golang,
|
||||||
|
|
||||||
|
In this setup kopia cli is installed directly on the host system.</br>
|
||||||
|
A script is created that backs up the entire docker directory and /etc locally.</br>
|
||||||
|
Cronjob is set to execute this script daily.
|
||||||
|
|
||||||
|
The repository is also pruned on each run of the script -
|
||||||
|
old archives are deleted while keeping the ones fitting the retention rules
|
||||||
|
in the script.</br>
|
||||||
|
One backup per day for last 7 days, last 4 weeks, last 6 months are kept.
|
||||||
|
|
||||||
|
# Files and directory structure
|
||||||
|
|
||||||
|
```
|
||||||
|
/home/
|
||||||
|
├── ~/
|
||||||
|
│ └── docker/
|
||||||
|
│ ├── container-setup #2
|
||||||
|
│ ├── container-setup #1
|
||||||
|
│ ├── ...
|
||||||
|
│
|
||||||
|
/mnt/
|
||||||
|
└── mirror/
|
||||||
|
└── docker_host_kopia/
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
* `docker_backup/` - borg repository directory containg the backups
|
||||||
|
* `borg_backup.sh` - the backup script that adds new archive in to the repository
|
||||||
|
* `borg_backup.log` - log file with the dates of backups
|
||||||
|
|
||||||
|
Only `borg_backup.sh` has to be provided.</br>
|
||||||
|
Repo directory is created by `borg init` command
|
||||||
|
and the log file is created on the first run.
|
||||||
|
|
||||||
|
|
||||||
|
# The setup
|
||||||
|
|
||||||
|
#### Install kopia
|
||||||
|
|
||||||
|
for arch linux, kopia is on AUR `yay kopia-bin`
|
||||||
|
|
||||||
|
#### Backing up using kopia
|
||||||
|
|
||||||
|
use of sudo so that kopia has access everywhere<br>
|
||||||
|
config files are therefore in `/root/config/kopia`
|
||||||
|
|
||||||
|
- `mkdir /mnt/mirror/docker_host_kopia`</br>
|
||||||
|
- `sudo kopia repository create filesystem --path /mnt/mirror/docker_host_kopia`<br>
|
||||||
|
- `sudo kopia repository connect filesystem --path /mnt/mirror/docker_host_kopia`<br>
|
||||||
|
- `sudo kopia snapshot create /home/spravca/docker`<br>
|
||||||
|
- `sudo kopia snapshot list`<br>
|
||||||
|
- `sudo kopia mount k7e2b0a503edd7604ff61c68655cd5ad7 /mnt/tmp &`<br>
|
||||||
|
- `sudo umount /mnt/tmp`<br>
|
||||||
|
|
||||||
|
|
||||||
|
#### The backup script
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
### Manual run
|
||||||
|
|
||||||
|
|
||||||
|
### Automatic execution
|
||||||
|
|
||||||
|
|
||||||
|
# Accessing the backup files
|
||||||
|
|
||||||
|
|
||||||
|
# Extra info
|
||||||
|
|
||||||
|
|
||||||
|
# Remote backup
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,7 @@ The architecture is relatively simple.
|
||||||
which allows full control of the device from the servers web
|
which allows full control of the device from the servers web
|
||||||
|
|
||||||
Theres also an entire aspect of possibility of using
|
Theres also an entire aspect of possibility of using
|
||||||
Intel AMT - Active Management Technology.
|
Intel AMT - Active Management Technology through port 4433.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -173,11 +173,76 @@ mesh.{$MY_DOMAIN} {
|
||||||
|
|
||||||
# The usage on clients
|
# The usage on clients
|
||||||
|
|
||||||
|
# Improved safety
|
||||||
|
|
||||||
|
|
||||||
# Trouble shooting
|
# Trouble shooting
|
||||||
|
|
||||||
|
# Running without separate database
|
||||||
|
|
||||||
|
`docker-compose.yml`
|
||||||
|
```yml
|
||||||
|
services:
|
||||||
|
|
||||||
|
meshcentral:
|
||||||
|
image: ghcr.io/ylianst/meshcentral:latest
|
||||||
|
container_name: meshcentral
|
||||||
|
hostname: meshcentral
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: .env
|
||||||
|
volumes:
|
||||||
|
# config.json and other important files live here. A must for data persistence
|
||||||
|
- ./meshcentral/data:/opt/meshcentral/meshcentral-data
|
||||||
|
# where file uploads for users live
|
||||||
|
- ./meshcentral/user_files:/opt/meshcentral/meshcentral-files
|
||||||
|
# location for the meshcentral-backups - this should be mounted to an external storage
|
||||||
|
- ./meshcentral/backup:/opt/meshcentral/meshcentral-backup
|
||||||
|
# location for site customization files
|
||||||
|
- ./meshcentral/web:/opt/meshcentral/meshcentral-web
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
name: $DOCKER_MY_NETWORK
|
||||||
|
external: true
|
||||||
|
```
|
||||||
|
|
||||||
|
`.env`
|
||||||
|
```bash
|
||||||
|
# GENERAL
|
||||||
|
MY_DOMAIN=example.com
|
||||||
|
DOCKER_MY_NETWORK=caddy_net
|
||||||
|
TZ=Europe/Bratislava
|
||||||
|
|
||||||
|
# MESHCENTRAL
|
||||||
|
NODE_ENV=production
|
||||||
|
|
||||||
|
# initial mongodb-variables
|
||||||
|
MONGO_INITDB_ROOT_USERNAME=mongodbadmin
|
||||||
|
MONGO_INITDB_ROOT_PASSWORD=mongodbpasswd
|
||||||
|
|
||||||
|
# initial meshcentral-variables
|
||||||
|
# the following options are only used if no config.json exists in the data-folder
|
||||||
|
|
||||||
|
# your hostname
|
||||||
|
HOSTNAME=mesh.example.com
|
||||||
|
USE_MONGODB=false
|
||||||
|
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
|
||||||
|
REVERSE_PROXY=example.com
|
||||||
|
REVERSE_PROXY_TLS_PORT=443
|
||||||
|
# set to true if you wish to enable iframe support
|
||||||
|
IFRAME=false
|
||||||
|
# set to false if you want disable self-service creation of new accounts besides the first (admin)
|
||||||
|
ALLOW_NEW_ACCOUNTS=true
|
||||||
|
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral and currently experimental. Use with caution
|
||||||
|
WEBRTC=false
|
||||||
|
# set to true to allow plugins
|
||||||
|
ALLOWPLUGINS=false
|
||||||
|
# set to true to allow session recording
|
||||||
|
LOCALSESSIONRECORDING=false
|
||||||
|
# set to enable or disable minification of json, reduces traffic
|
||||||
|
MINIFY=true
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Update
|
# Update
|
||||||
|
|
Loading…
Reference in New Issue