diff --git a/README.md b/README.md index 2fee7bf..15d78fe 100644 --- a/README.md +++ b/README.md @@ -11,13 +11,13 @@ * [caddy_v2](caddy_v2/) - reverse proxy * [vaultwarden](vaultwarden/) - password manager * [bookstack](bookstack/) - notes and documentation +* [kopia](kopia_backup/) - backup utility replacing borg * [borg_backup](borg_backup/) - backup utility * [ddclient](ddclient/) - automatic DNS update * [dnsmasq](dnsmasq/) - DNS and DHCP server * [gotify / ntfy / signal](gotify-ntfy-signal/) - instant notifications apps -* [homer](homer/) - homepage +* [frigate](frigate/) - managing security cameras * [jellyfin](jellyfin/) - video and music streaming -* [kopia](kopia_backup/) - backup utility replacing borg * [minecraft](minecraft/) - game server * [meshcrentral](meshcrentral/) - web based remote desktop, like teamviewer or anydesk * [rustdesk](rustdesk/) - remote desktop, like teamviewer or anydesk @@ -29,6 +29,8 @@ * [unifi](unifi/) - management utility for ubiquiti devices * [snipeit](snipeit/) - IT inventory management * [trueNAS scale](trueNASscale/) - network file sharing +* [uptime kuma](uptime-kuma/) - uptime alerting tool +* [squid](squid/) - anonymize forward proxy * [wireguard](wireguard/) - the one and only VPN to ever consider * [wg-easy](wg-easy/) - wireguard in docker with web gui * [zammad](zammad/) - ticketing system @@ -171,17 +173,17 @@ now you can ctop anywhere. --- -### Sendinblue +### Brevo Services often need ability to send emails, for notification, registration, password reset and such... Sendinblue is free, offers 300 mails a day and is easy to setup. ``` -EMAIL_HOST=smtp-relay.sendinblue.com +EMAIL_HOST=smtp-relay.brevo.com EMAIL_PORT=587 -EMAIL_HOST_USER=whoever_example@gmail.com> -EMAIL_HOST_PASSWORD=xcmpwik-c31d9eykwewf2342df2fwfj04-FKLzpHgMjGqP23 +EMAIL_HOST_USER=whoever_example@gmail.com +EMAIL_HOST_PASSWORD=xcmpwik-c31d9eykwef3342df2fwfj04-FKLzpHgMjGqP23 EMAIL_USE_TLS=1 ``` diff --git a/disk_NAS_bench_Fio/lawrance_script.sh b/disk_NAS_bench_Fio/lawrance_script.sh new file mode 100755 index 0000000..1ed8dc7 --- /dev/null +++ b/disk_NAS_bench_Fio/lawrance_script.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +# this script requires fio bc jq +type fio bc jq > /dev/null || exit + +# Directory to test +TEST_DIR=$1 + +# Parameters for the tests should be representive of the workload you want to simulate +BS="1M" # Block size +IOENGINE="libaio" # IO engine +IODEPTH="16" # IO depth sets how many I/O requests a single job can handle at once +DIRECT="1" # Direct IO at 0 is buffered with RAM which may skew results and I/O 1 is unbuffered +NUMJOBS="5" # Number of jobs is how many independent I/O streams are being sent to the storage +FSYNC="0" # Fsync 0 leaves flushing up to Linux 1 force write commits to disk +NUMFILES="5" # Number of files is number of independent I/O threads or processes that FIO will spawn +FILESIZE="1G" # File size for the tests, you can use: K M G + +# Check if directory is provided +if [ -z "$TEST_DIR" ]; then + echo "Usage: $0 [directory]" + exit 1 +fi + +# Function to perform FIO test and display average output +perform_test() { + RW_TYPE=$1 + + echo "Running $RW_TYPE test with block size $BS, ioengine $IOENGINE, iodepth $IODEPTH, direct $DIRECT, numjobs $NUMJOBS, fsync $FSYNC, using $NUMFILES files of size $FILESIZE on $TEST_DIR" + + # Initialize variables to store cumulative values + TOTAL_READ_IOPS=0 + TOTAL_WRITE_IOPS=0 + TOTAL_READ_BW=0 + TOTAL_WRITE_BW=0 + + for ((i=1; i<=NUMFILES; i++)); do + TEST_FILE="$TEST_DIR/fio_test_file_$i" + + # Running FIO for each file and parsing output + OUTPUT=$(fio --name=test_$i \ + --filename=$TEST_FILE \ + --rw=$RW_TYPE \ + --bs=$BS \ + --ioengine=$IOENGINE \ + --iodepth=$IODEPTH \ + --direct=$DIRECT \ + --numjobs=$NUMJOBS \ + --fsync=$FSYNC \ + --size=$FILESIZE \ + --group_reporting \ + --output-format=json) + + # Accumulate values + TOTAL_READ_IOPS=$(echo $OUTPUT | jq '.jobs[0].read.iops + '"$TOTAL_READ_IOPS") + TOTAL_WRITE_IOPS=$(echo $OUTPUT | jq '.jobs[0].write.iops + '"$TOTAL_WRITE_IOPS") + TOTAL_READ_BW=$(echo $OUTPUT | jq '(.jobs[0].read.bw / 1024) + '"$TOTAL_READ_BW") + TOTAL_WRITE_BW=$(echo $OUTPUT | jq '(.jobs[0].write.bw / 1024) + '"$TOTAL_WRITE_BW") + done + + # Calculate averages + AVG_READ_IOPS=$(echo "$TOTAL_READ_IOPS / $NUMFILES" | bc -l) + AVG_WRITE_IOPS=$(echo "$TOTAL_WRITE_IOPS / $NUMFILES" | bc -l) + AVG_READ_BW=$(echo "$TOTAL_READ_BW / $NUMFILES" | bc -l) + AVG_WRITE_BW=$(echo "$TOTAL_WRITE_BW / $NUMFILES" | bc -l) + + # Format and print averages, omitting 0 results + [ "$(echo "$AVG_READ_IOPS > 0" | bc)" -eq 1 ] && printf "Average Read IOPS: %'.2f\n" $AVG_READ_IOPS + [ "$(echo "$AVG_WRITE_IOPS > 0" | bc)" -eq 1 ] && printf "Average Write IOPS: %'.2f\n" $AVG_WRITE_IOPS + [ "$(echo "$AVG_READ_BW > 0" | bc)" -eq 1 ] && printf "Average Read Bandwidth (MB/s): %'.2f\n" $AVG_READ_BW + [ "$(echo "$AVG_WRITE_BW > 0" | bc)" -eq 1 ] && printf "Average Write Bandwidth (MB/s): %'.2f\n" $AVG_WRITE_BW + +} + +# Run tests +perform_test randwrite +perform_test randread +perform_test write +perform_test read +perform_test readwrite + +# Clean up +for ((i=1; i<=NUMFILES; i++)); do + rm "$TEST_DIR/fio_test_file_$i" +done diff --git a/disk_NAS_bench_Fio/readme.md b/disk_NAS_bench_Fio/readme.md index f1c59ce..748fce0 100644 --- a/disk_NAS_bench_Fio/readme.md +++ b/disk_NAS_bench_Fio/readme.md @@ -19,6 +19,8 @@ This repo aims to just have a simple one preset that tells most about the disk. # Useful links +https://www.youtube.com/watch?v=T23uPC6qKeA + https://www.youtube.com/watch?v=mBhXUYh-76o https://arstechnica.com/gadgets/2020/02/how-fast-are-your-disks-find-out-the-open-source-way-with-fio/ https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000LX7xSAG diff --git a/frigate/readme.md b/frigate/readme.md new file mode 100644 index 0000000..b4b835b --- /dev/null +++ b/frigate/readme.md @@ -0,0 +1,250 @@ +# Frigate + +###### guide-by-example + +![logo](https://i.imgur.com/40qhwix.png) + +WORK IN PROGRESS
+WORK IN PROGRESS
+WORK IN PROGRESS
+ +# Purpose & Overview + + +Managing security cameras - recording, detection, notifications. + +* [Official site](https://frigate.video/) +* [Github](https://github.com/blakeblackshear/frigate) + +Frigate is a software NVR - network video recorder.
+Simple, clean web-based interface with possible integration in to home assistant +and its app. + +Frigate offers powerful **AI object detection**, by using OpenCV and Tensorflow. +In contrast to cameras of old time which just detect movement, +Frigate can recognize if object in view is a cat, a car or a human. + +This detection is cpu heavy and to ease the load, +[Google Coral TPU](https://docs.frigate.video/frigate/hardware#google-coral-tpu) +is recommended if planning to run multiple cameras with detection.
+Recently +[OpenVINO](https://docs.frigate.video/configuration/detectors/#openvino-detector) +has been integrated, which should allow use of igpu of intel 6th+ gen cpus +as a detector. + +Open source, written in Python and JavaScript. + +# Files and directory structure + +``` +/home/ +└── ~/ + └── docker/ + └── frigate/ + ├── 🗁 frigate_storage/ + ├── 🗋 .env + ├── 🗋 config.yml + └── 🗋 docker-compose.yml +``` + +* `frigate_storage/` - configuration +* `transcodes/` - transcoded video storage +* `.env` - a file containing environment variables for docker compose +* `docker-compose.yml` - a docker compose file, telling docker how to run the containers + +You only need to provide the three files.
+The directory is created by docker compose on the first run. + +# docker-compose + +* [Official compose file documentation.](https://docs.frigate.video/frigate/installation/#docker) + +This docker compose is based off the official one except few changes.
+Using bind mounts instead of volumes, moved variables to the `.env` file, +commented out privileged mode, increased shm_size,... + +Nothing special going on here, +of note is use of `tmpfs` for ram temp storage +and [shm_size](https://docs.frigate.video/frigate/installation/#calculating-required-shm-size). + +`docker-compose.yml` +```yml +services: + + frigate: + image: ghcr.io/blakeblackshear/frigate:stable + container_name: frigate + hostname: frigate + restart: unless-stopped + env_file: .env + # privileged: true + shm_size: "256mb" + volumes: + - /etc/localtime:/etc/localtime:ro + - ./config.yml:/config/config.yml + - ./frigate_storage:/media/frigate + - type: tmpfs # 1GB of memory + target: /tmp/cache + tmpfs: + size: 1000000000 + ports: + - "5000:5000" # Web GUI + - "8554:8554" # RTSP feeds + - "8555:8555/tcp" # WebRTC over tcp + - "8555:8555/udp" # WebRTC over udp + +networks: + default: + name: $DOCKER_MY_NETWORK + external: true +``` + +`.env` +```bash +# GENERAL +DOCKER_MY_NETWORK=caddy_net +TZ=Europe/Bratislava + +# FRIGATE +FRIGATE_RTSP_USER: "admin" +FRIGATE_RTSP_PASSWORD: "dontlookatmekameras" +``` + +**All containers must be on the same network**.
+Which is named in the `.env` file.
+If one does not exist yet: `docker network create caddy_net` + +# Reverse proxy + +Caddy is used, details +[here](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2).
+ +`Caddyfile` +``` +cam.{$MY_DOMAIN} { + reverse_proxy frigate:5000 +} +``` + +# Configuration - config.yml + +

Terminology

 + +* PoE - power over ethernet, camera is powered by the same cat cable that + carries data. You want POE(802.3af) or POE+(802.3at), + none of the passive poe by mikrotik or ubiquity. +* onvif - attempt at industry standard for security cameras, nvr,.. regardless of manufacturer +* rtsp - a protocol for streams +* ptz - Pan-Tilt-Zoom allows remote movement of a camera +* mqtt - messaging protocol to communicate with home assistant + +### Preparation + +Connect camera to your network. + +Find url of your camera streams, either by googling your model, +or theres a handy windows utility - +[onvif-device-manager](https://sourceforge.net/projects/onvifdm/). +Unfortunately all official urls seem dead, +[this](https://softradar.com/onvif-device-manager/) +worked for me and passed virustotal at the time. There are also comments +with some links at its sourceforge page.
+Camera discovery of onvif-device-manager is almost instant, if the camera requires +credentials, set them in the top left corner.
+In live view there should be stream url displayed. Like: "rtsp://10.0.19.171:554/stream1" + +Ideally your camera has several streams +A primary one in full resolution full frame rate for recording, +and then secondary one in much smaller resolution and fps for observing. + +### First basic config + +* [Official documentation for config.yml](https://docs.frigate.video/configuration/) + +Example bare config that should shows camera stream once frigate is running.
+This one has credentails contained in the url - `rtsp://username:password@ip:port/url` + + +```yml +mqtt: + enabled: false +cameras: + C1-Whatever: + ffmpeg: + inputs: + - path: rtsp://{FRIGATE_RTSP_USER}:{FRIGATE_RTSP_PASSWORD}@10.0.19.171:554/stream1 +``` + +All that is there is disabled mqtt since no home assistant yet +and just single camera stream that pulls credentails from the `.env` file. + +--- + +Now to also record main stream and detect on substream. + + +```yml +mqtt: + enabled: false +detectors: + default_detector_for_all: + type: cpu +objects: + track: + - person + - cat + - dog +cameras: + K1-Brana: + ffmpeg: + inputs: + - path: rtsp://{FRIGATE_RTSP_USER}:{FRIGATE_RTSP_PASSWORD}@10.0.19.171:554/stream1 + roles: + - record + - path: rtsp://{FRIGATE_RTSP_USER}:{FRIGATE_RTSP_PASSWORD}@10.0.19.171:554/stream2 + roles: + - detect + detect: + width: 640 + height: 480 + fps: 5 + snapshots: + enabled: True + bounding_box: True + record: + enabled: True + retain: + days: 1 + motion: + mask: + - 0,480,186,480,174,226,173,0,0,0 +``` + +# First run + + + + +# Specifics of my setup + + + +# Troubleshooting + + + + +# Update + +Manual image update: + +- `docker-compose pull`
+- `docker-compose up -d`
+- `docker image prune` + +# Backup and restore + +#### Backup + +#### Restore + diff --git a/network-knowledge-base/readme.md b/network-knowledge-base/readme.md index 8674295..f313105 100644 --- a/network-knowledge-base/readme.md +++ b/network-knowledge-base/readme.md @@ -49,3 +49,8 @@ Works same when pinging from archlinux or pinging from win8.1 * https://dnsdumpster.com/
can check subdomains registered, ideal would be wildcard certificate + + +OSI Model + +* https://www.youtube.com/watch?v=2iFFRqzX3yE diff --git a/opnsense/readme.md b/opnsense/readme.md index 1d3045e..ff8a13e 100644 --- a/opnsense/readme.md +++ b/opnsense/readme.md @@ -428,6 +428,127 @@ Must **enable logging** for a rule to be visible there. --- --- +
+

Grafana dashboard monitoring

 + +![dashboard](https://i.imgur.com/SFd8773.png) + +[bsmithio/OPNsense-Dashboard](https://github.com/bsmithio/OPNsense-Dashboard) +seems like amazingly well done thing that everyone would want.. if it was easy. + +Annoying thing is that I invested time and effort in to monitoring my +[caddy reverse proxy](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/caddy_v2#monitoring) +and learning prometheus, loki, promtail,... and literaly the moment I was done +I started to think about why not do that for firewall instead of reverse proxy +and so I found now bsmithio project that uses completely different stack - +mongo, elasticsearch, graylog, influxdb. + +Well, [the documentation](https://github.com/bsmithio/OPNsense-Dashboard/blob/master/configure.md) +seems to be excelent so lets try this shit out. + +Though still I learn best by step by step documenting shit as I try it, +and make adjustments to my prefernce... so lets try again here. + +``` +services: + + mongodb: + image: mongo:6.0.4 + container_name: opns-mongo + hostname: opns-mongo + restart: unless-stopped + env_file: .env + volumes: + - ./mongodb_data:/data/db + + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 + container_name: opns-elasticsearch + hostname: opns-elasticsearch + restart: unless-stopped + env_file: .env + volumes: + - ./elasticsearch_data:/usr/share/elasticsearch/data + + graylog: + image: graylog/graylog:5.0.2 + container_name: opns-graylog + hostname: opns-graylog + restart: unless-stopped + env_file: .env + volumes: + - ./graylog_data:/usr/share/graylog/data + depends_on: + - mongodb + - elasticsearch + ports: + - "9000:9000" # Graylog web interface and REST API + - "1514:1514/udp" # Syslog UDP + # - "1514:1514" # Syslog TCP Optional + + influxdb: + image: influxdb:2.6.1 + container_name: opns-influxdb + hostname: opns-influxdb + restart: unless-stopped + env_file: .env + ports: + - "8086:8086" + volumes: + - ./influxdb_data:/var/lib/influxdb2 + + grafana: + image: grafana/grafana:9.4.3 + container_name: opns-grafana + hostname: opns-grafana + user: root + restart: unless-stopped + env_file: .env + volumes: + - ./grafana_data:/var/lib/grafana + depends_on: + - influxdb + ports: + - '3003:3000' + +networks: + default: + name: $DOCKER_MY_NETWORK + external: true +``` + +``` +# GENERAL +DOCKER_MY_NETWORK=caddy_net +TZ=Europe/Bratislava + +# ELASTICSEARCH +http.host=0.0.0.0 +transport.host=localhost +network.host=0.0.0.0 +ES_JAVA_OPTS=-Xms512m -Xmx512m + +# GRAYLOG +ROOT_TIMEZONE=Europe/Bratislava +GRAYLOG_TIMEZONE=Europe/Bratislava +# CHANGE ME (must be at least 16 characters)! This is not your password, this is meant for salting the password below. +GRAYLOG_PASSWORD_SECRET=ZicwMzt3NTE4ZzIwM +# Username is "admin" +# Password is "admin", change this to your own hashed password. 'echo -n "password" | sha256sum' +GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 +GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ + +# GRAFANA +GF_SECURITY_ADMIN_USER=opnsense +GF_SECURITY_ADMIN_PASSWORD=opnsense +# GF_INSTALL_PLUGINS=grafana-worldmap-panel +``` + +
+ +--- +--- + ### Extra info and encountered issues * Health check - `System: Firmware` Run an audit button, Health @@ -441,3 +562,6 @@ Must **enable logging** for a rule to be visible there. zenarmor that was disabled caused an error notification
+links + +https://homenetworkguy.com/how-to/beginners-guide-to-set-up-home-network-using-opnsense/ diff --git a/port_forwarding_guide/readme.md b/port_forwarding_guide/readme.md index d8524ff..372f9dd 100644 --- a/port_forwarding_guide/readme.md +++ b/port_forwarding_guide/readme.md @@ -1,5 +1,7 @@ # Port Forwarding +https://www.reddit.com/r/selfhosted/comments/17tlvs7/i_suppose_im_too_stupid_for_port_forwarding/ + ###### guide-by-example You want to selfhost stuff.
diff --git a/windows_package_managers/readme.md b/windows_package_managers/readme.md index 4ac55ee..212c433 100644 --- a/windows_package_managers/readme.md +++ b/windows_package_managers/readme.md @@ -44,6 +44,7 @@ Install and manage software on windows through command line. ### Useful * search - `scoop search mpv` +* `scoop install mpv --global` * search for avaialble pacakges - [scoop.sh](https://scoop.sh/) # Choco