From 01853e0ba2981bc9691cc3eafcd889ba4628a9d8 Mon Sep 17 00:00:00 2001 From: Mike Phares Date: Mon, 29 Jul 2024 17:36:55 -0700 Subject: [PATCH] Pi-hole DNS --- .gitignore | 3 + .vscode/mklink.md | 5 ++ .vscode/rebuild-ubuntu-beelink.md | 1 + .vscode/settings.json | 5 ++ etc/beelink.md | 30 ++++--- etc/dnsmasq.d/05-pihole-custom-cname.conf | 45 ++++++++++ etc/nginx/sites-available/default | 10 ++- etc/pihole/custom.list | 84 +++++++++++++++++++ etc/systemd/system/snap.certbot.renew.timer | 4 +- .../systemd/vaultwarden-db-data.volume | 1 + .../systemd/vaultwarden-db.container | 28 +++++++ .../systemd/vaultwarden-server.container | 19 +++-- 12 files changed, 207 insertions(+), 28 deletions(-) create mode 100644 .vscode/mklink.md create mode 120000 .vscode/rebuild-ubuntu-beelink.md create mode 100644 .vscode/settings.json create mode 100644 etc/dnsmasq.d/05-pihole-custom-cname.conf create mode 100644 etc/pihole/custom.list create mode 100644 home/podman/.config/containers/systemd/vaultwarden-db-data.volume create mode 100644 home/podman/.config/containers/systemd/vaultwarden-db.container diff --git a/.gitignore b/.gitignore index 0debb36..ed5c0cc 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,8 @@ !*/ +!.vscode/* + !etc/*.md !etc/bash_history* !etc/group* @@ -21,6 +23,7 @@ !etc/lighttpd/lighttpd.conf !etc/network/interfaces !etc/passwd +!etc/pihole/custom.list !etc/pihole/dhcp.leases !etc/pihole/index.nginx-debian.html !etc/pihole/setupVars.conf diff --git a/.vscode/mklink.md b/.vscode/mklink.md new file mode 100644 index 0000000..7c73ffe --- /dev/null +++ b/.vscode/mklink.md @@ -0,0 +1,5 @@ +# mklink + +```bash Sat Jul 27 2024 07:50:14 GMT-0700 (Mountain Standard Time) +mklink "L:\Git\Linux-Ubuntu-Server\.vscode\rebuild-ubuntu-beelink.md" "D:\5-Other-Small\Kanban\Phares\tasks\rebuild-ubuntu-beelink.md" +``` diff --git a/.vscode/rebuild-ubuntu-beelink.md b/.vscode/rebuild-ubuntu-beelink.md new file mode 120000 index 0000000..d513be0 --- /dev/null +++ b/.vscode/rebuild-ubuntu-beelink.md @@ -0,0 +1 @@ +D:/5-Other-Small/Kanban/Phares/tasks/rebuild-ubuntu-beelink.md \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..1a4782c --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "files.associations": { + "*.container": "ini" + } +} \ No newline at end of file diff --git a/etc/beelink.md b/etc/beelink.md index 45aacac..ea32f8e 100644 --- a/etc/beelink.md +++ b/etc/beelink.md @@ -2,8 +2,6 @@ ## Ubuntu and Docker End of July 2024 -### Dashkiosk - ### authorized_keys ```bash Thu Jul 25 2024 16:02:13 GMT-0700 (Mountain Standard Time) @@ -364,6 +362,20 @@ reboot nano /etc/default/grub ``` +```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time) +# https://opensource.com/article/22/8/disable-ipv6 +# GRUB_CMDLINE_LINUX_DEFAULT="" +GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash" +# GRUB_CMDLINE_LINUX="" +GRUB_CMDLINE_LINUX="ipv6.disable=1" +``` + +```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time) +grub-mkconfig +exit +reboot +``` + ### Fix Unbond (Move up next time!!!) ```conf Fri Jul 26 2024 10:45:41 GMT-0700 (Mountain Standard Time) @@ -379,20 +391,6 @@ systemctl disable --now unbound-resolvconf.service service unbound restart ``` -```conf Fri Jul 26 2024 10:45:47 GMT-0700 (Mountain Standard Time) -# https://opensource.com/article/22/8/disable-ipv6 -# GRUB_CMDLINE_LINUX_DEFAULT="" -GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash" -# GRUB_CMDLINE_LINUX="" -GRUB_CMDLINE_LINUX="ipv6.disable=1" -``` - -```bash Fri Jul 26 2024 10:45:51 GMT-0700 (Mountain Standard Time) -grub-mkconfig -exit -reboot -``` - ### Cockpit (Move up next time!!!) - [cockpit](https://cockpit-project.org/) diff --git a/etc/dnsmasq.d/05-pihole-custom-cname.conf b/etc/dnsmasq.d/05-pihole-custom-cname.conf new file mode 100644 index 0000000..844705e --- /dev/null +++ b/etc/dnsmasq.d/05-pihole-custom-cname.conf @@ -0,0 +1,45 @@ +cname=affirm.ddns.net,beelink.server +cname=affirm.phares.duckdns.org,beelink.server +cname=ansible.ddns.net,beelink.server +cname=assistant.ddns.net,beelink.server +cname=casa.ddns.net,beelink.server +cname=cockpit.ddns.net,beelink.server +cname=codeserver.ddns.net,beelink.server +cname=dashkiosk.ddns.net,beelink.server +cname=dockge.ddns.net,beelink.server +cname=docmost.ddns.net,beelink.server +cname=emby.ddns.net,beelink.server +cname=filebrowser.ddns.net,beelink.server +cname=free.file.sync.root,beelink.server +cname=gitea.ddns.net,beelink.server +cname=gitea.phares.duckdns.org,beelink.server +cname=gogs.ddns.net,beelink.server +cname=haos.ddns.net,beelink.server +cname=immich.ddns.net,beelink.server +cname=immich.phares.duckdns.org,beelink.server +cname=incus.ddns.net,beelink.server +cname=invoice.ddns.net,beelink.server +cname=kestra.ddns.net,beelink.server +cname=lxconsole.ddns.net,beelink.server +cname=music.ddns.net,beelink.server +cname=music.phares.duckdns.org,beelink.server +cname=nextcloud.ddns.net,beelink.server +cname=owncast.ddns.net,beelink.server +cname=pgadmin.ddns.net,beelink.server +cname=phares.ddns.net,beelink.server +cname=phares.duckdns.org,beelink.server +cname=phares3757.ddns.net,beelink.server +cname=photoprism.ddns.net,beelink.server +cname=pihole.ddns.net,beelink.server +cname=proxmox.ddns.net,beelink.server +cname=quartz.ddns.net,beelink.server +cname=quartz.phares.duckdns.org,beelink.server +cname=readeck.ddns.net,beelink.server +cname=syncthing.ddns.net,beelink.server +cname=terraform.ddns.net,beelink.server +cname=umbrel.ddns.net,beelink.server +cname=uptimekuma.ddns.net,beelink.server +cname=vaultwarden.ddns.net,beelink.server +cname=vaultwarden.phares.duckdns.org,beelink.server +cname=vscodium.ddns.net,beelink.server +cname=wekan.ddns.net,beelink.server diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default index d1c786f..53fcb98 100644 --- a/etc/nginx/sites-available/default +++ b/etc/nginx/sites-available/default @@ -11,7 +11,7 @@ include /etc/nginx/include/affirm.conf; # include /etc/nginx/include/ansible.conf; # include /etc/nginx/include/assistant.conf; # include /etc/nginx/include/casa.conf; -include /etc/nginx/include/codeserver.conf; +# include /etc/nginx/include/codeserver.conf; include /etc/nginx/include/dashkiosk.conf; # include /etc/nginx/include/dockge.conf; # include /etc/nginx/include/docmost.conf; @@ -19,11 +19,12 @@ include /etc/nginx/include/dashkiosk.conf; # include /etc/nginx/include/filebrowser.conf; # include /etc/nginx/include/gogs.conf; include /etc/nginx/include/gitea.conf; +include /etc/nginx/include/ha.conf; include /etc/nginx/include/immich.conf; -include /etc/nginx/include/incus.conf; +# include /etc/nginx/include/incus.conf; # include /etc/nginx/include/invoice.conf; -include /etc/nginx/include/lxconsole.conf; -include /etc/nginx/include/kestra.conf; +# include /etc/nginx/include/lxconsole.conf; +# include /etc/nginx/include/kestra.conf; include /etc/nginx/include/music.conf; # include /etc/nginx/include/nextcloud.conf; # include /etc/nginx/include/owncast.conf; @@ -36,6 +37,7 @@ include /etc/nginx/include/quartz.conf; # include /etc/nginx/include/readeck.conf; # include /etc/nginx/include/syncthing.conf; # include /etc/nginx/include/terraform.conf; +include /etc/nginx/include/umbrel.conf; # include /etc/nginx/include/uptimekuma.conf; include /etc/nginx/include/vaultwarden.conf; # include /etc/nginx/include/vscodium.conf; diff --git a/etc/pihole/custom.list b/etc/pihole/custom.list new file mode 100644 index 0000000..ab9bf9d --- /dev/null +++ b/etc/pihole/custom.list @@ -0,0 +1,84 @@ +192.168.0.21 free.file.sync.k0308 +192.168.0.31 free.file.sync.media +192.168.0.41 free.file.sync.mikep +192.168.0.42 free.file.sync.lphar +192.168.0.43 free.file.sync.loft +192.168.11.2 beelink.server +192.168.11.3 solar.iot +192.168.11.4 NPI84AE43.printer +192.168.11.5 kristy.laptop +192.168.11.6 kristy.desktop +192.168.11.7 samsung.tv +192.168.11.8 playstation5.console +192.168.11.9 ultra.roku +192.168.11.10 asus.laptop +192.168.11.11 logan.desktop +192.168.11.12 trigkey.desktop +192.168.11.13 mackenzie.tv +192.168.11.14 infineon.iscn5cg3256cps.com +192.168.11.15 yamaha.main.iot +192.168.11.16 chelsea.desktop +192.168.11.17 raspberry.server +192.168.11.18 xbox.one.console +192.168.11.19 2519.usb +192.168.11.20 minisforum.desktop +192.168.11.21 minisforum.desktop +192.168.11.22 atom.usb +192.168.11.23 knew.desktop +192.168.11.72 mackenzie.macbook +192.168.11.73 mackenzie.laptop +192.168.11.74 jason.console +192.168.11.75 samsung.chromebook +192.168.11.76 donna.phone +192.168.11.77 donna.tablet +192.168.11.78 laundry.iot +192.168.11.79 porch.back.iot +192.168.11.80 entry.light.iot +192.168.11.81 entry.lamp.iot +192.168.11.82 chelsea.school +192.168.11.83 xbox.one.console +192.168.11.84 samsung.tv +192.168.11.85 plug.1.iot +192.168.11.86 zero.server +192.168.11.87 office.echo +192.168.11.88 unknown.unknown +192.168.11.89 logan.school +192.168.11.90 upstairs.iot +192.168.11.91 switch.console +192.168.11.92 living.iot +192.168.11.93 mike.phone +192.168.11.94 master.echo +192.168.11.95 logan.phone +192.168.11.96 kristy.paperwhite +192.168.11.97 chelsea.iot +192.168.11.98 garage.left.iot +192.168.11.99 garage.right.iot +192.168.11.100 logan.iot +192.168.11.101 porch.front.iot +192.168.11.102 kristy.phone +192.168.11.103 clock.iot +192.168.11.104 chelsea.old.school +192.168.11.105 lamp.iot +192.168.11.106 pictures.iot +192.168.11.107 chelsea.chromebook +192.168.11.108 kitchen.echo +192.168.11.109 saya.phone +192.168.11.110 infineon.iscn5cg3256cps.com +192.168.11.111 green.echo +192.168.11.112 playstation5.console +192.168.11.113 kristy.fire +192.168.11.114 oculas.console +192.168.11.115 chelsea.fire +192.168.11.116 chelsea.phone +192.168.11.117 logan.tablet +192.168.11.118 alarm.iot +192.168.11.119 trigkey.desktop +192.168.11.120 master.iot +192.168.11.121 ikea.iot +192.168.11.122 sprinklers.iot +192.168.11.123 chelsea.echo +192.168.11.124 mackenzie.phone +192.168.11.125 loft.echo +192.168.11.126 logan.chromebook +192.168.11.253 sengled.color.iot +192.168.11.254 sengled.white.iot \ No newline at end of file diff --git a/etc/systemd/system/snap.certbot.renew.timer b/etc/systemd/system/snap.certbot.renew.timer index 008cd42..9a93056 100644 --- a/etc/systemd/system/snap.certbot.renew.timer +++ b/etc/systemd/system/snap.certbot.renew.timer @@ -7,8 +7,8 @@ X-Snappy=yes [Timer] Unit=snap.certbot.renew.service -OnCalendar=*-*-* 05:54 -OnCalendar=*-*-* 14:00 +OnCalendar=*-*-* 11:27 +OnCalendar=*-*-* 15:45 [Install] WantedBy=timers.target diff --git a/home/podman/.config/containers/systemd/vaultwarden-db-data.volume b/home/podman/.config/containers/systemd/vaultwarden-db-data.volume new file mode 100644 index 0000000..a153d05 --- /dev/null +++ b/home/podman/.config/containers/systemd/vaultwarden-db-data.volume @@ -0,0 +1 @@ +[Volume] \ No newline at end of file diff --git a/home/podman/.config/containers/systemd/vaultwarden-db.container b/home/podman/.config/containers/systemd/vaultwarden-db.container new file mode 100644 index 0000000..9d68053 --- /dev/null +++ b/home/podman/.config/containers/systemd/vaultwarden-db.container @@ -0,0 +1,28 @@ +[Container] +AutoUpdate=registry +ContainerName=vaultwarden-db +Environment="POSTGRES_DB=vaultwarden" +Environment="POSTGRES_PASSWORD=vaultwarden" +Environment="POSTGRES_USER=vaultwarden" +Image=docker.io/library/postgres:14 +# Network=vaultwarden.network +# Pod=vaultwarden.pod +PublishPort=5435:5432 +Volume=vaultwarden-db-data.volume:/var/lib/postgresql/data:Z + +[Service] +Restart=no + +[Install] +WantedBy=multi-user.target default.target + +# podman pull docker.io/library/postgres:14 +# systemctl --user daemon-reload +# systemctl --user start vaultwarden-db +# systemctl --user status vaultwarden-db +# journalctl -fu vaultwarden-db.service +# podman logs vaultwarden-db +# systemctl --user stop vaultwarden-db +# systemctl --user disable vaultwarden-db +# podman exec -ti vaultwarden-db /bin/sh +# podman exec -ti vaultwarden-db /bin/bash diff --git a/home/podman/.config/containers/systemd/vaultwarden-server.container b/home/podman/.config/containers/systemd/vaultwarden-server.container index e87cd52..a35bb0e 100644 --- a/home/podman/.config/containers/systemd/vaultwarden-server.container +++ b/home/podman/.config/containers/systemd/vaultwarden-server.container @@ -1,25 +1,32 @@ [Container] AutoUpdate=registry ContainerName=vaultwarden-server -Image=docker.io/vaultwarden/server:latest +Image=docker.io/vaultwarden/server:1.31.0 # Network=vaultwarden.network # Pod=vaultwarden.pod PublishPort=5008:80 Volume=vaultwarden-server-data.volume:/data:rw Environment="ADMIN_TOKEN=7jrceE25+m5vPMK9jmVT8VsMM/0Svoiz4YEpLYHHT2hSaJPIlXcP8lOXwR5GpdaM" +# Environment="ADMIN_TOKEN=$argon2id$v=19$m=65540,t=3,p=4$U3JuRm84cFpHOC9Rbi9ZOWdzdXU2RFl5ajZka2trNnBJWTJCZW1BT3VUOD0$tc54DJ7/6bA5iNgSFF9KtKktP8u4mMU8unrGiL8hJMY" +# Environment="ADMIN_TOKEN=$$argon2id$$v=19$$m=65540,t=3,p=4$$U3JuRm84cFpHOC9Rbi9ZOWdzdXU2RFl5ajZka2trNnBJWTJCZW1BT3VUOD0$$tc54DJ7/6bA5iNgSFF9KtKktP8u4mMU8unrGiL8hJMY" +Environment="DATABASE_URL=postgresql://vaultwarden:vaultwarden@192.168.11.2:5435/vaultwarden" Environment="DOMAIN=https://vaultwarden.phares.duckdns.org" Environment="SIGNUPS_ALLOWED=true" -Environment="SMTP_FROM=user@example.com" -Environment="SMTP_HOST=smtp-relay.sendinblue.com" -Environment="SMTP_PASSWORD=sendinblue password" +Environment="SMTP_FROM=phares@centurylink.net" +Environment="SMTP_HOST=smtp.centurylink.net" +Environment="SMTP_PASSWORD=0jbeze5r#OQqne73yFlp" Environment="SMTP_PORT=587" -Environment="SMTP_SSL=true" -Environment="SMTP_USERNAME=user@example.com" +Environment="SMTP_SSL=false" +Environment="SMTP_USERNAME=phares@centurylink.net" Environment="WEBSOCKET_ENABLED=true" [Service] Restart=no +[Unit] +Requires=vaultwarden-db.service +After=vaultwarden-db.service + [Install] WantedBy=multi-user.target default.target