ludwig/home-server
1
0
Fork 0
mirror of https://github.com/lullen/home-server.git synced 2026-04-08 12:58:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
1,599 commits 3 branches 0 tags 1.9 MiB
  • Shell 80.1%
  • Dockerfile 16.7%
  • PowerShell 3.2%
Find a file
Exact
Ludwig Andersson bd3ed6e0e3 Update git storage forgejo
2026-04-08 11:08:30 +02:00
ansible Merge branch 'renovate/nvidia-cuda-12.x' into 'main' 2024-12-16 14:00:07 +00:00
clusters Update git storage forgejo 2026-04-08 11:08:30 +02:00
docs Add VM SSH port forwarding instructions with iptables rules 2025-11-03 07:26:46 +00:00
.gitignore first commit 2023-11-06 08:36:08 +01:00
find-usb.sh Update versions 2024-07-25 09:44:34 +02:00
README.md Add primary backup jobs 2025-12-22 14:54:01 +01:00
renovate.json Add renovate.json 2024-10-09 21:19:40 +00:00
sealed-secret.pem Add cloudflare sealed secret 2025-10-17 19:58:07 +00:00
secret-generator.sh fix cloudflare secret 2025-10-17 20:08:14 +00:00

README.md

Initial setup

User

  • Add ssh key to user nano authorized_keys
  • Add user to sudo sudo usermod -aG sudo ludwig
  • Update sudo nano /etc/ssh/sshd_config
    • Change #PasswordAuthentication yes to PasswordAuthentication no

Raid

https://www.linuxbabe.com/linux-server/linux-software-raid-1-setup

  • To view raid info: sudo mdadm --examine /dev/sda /dev/sdb
  • Format disks: sudo parted /dev/sda mklabel gpt
  1. sudo fdisk /dev/sda
  2. Type n
  3. Type 1
  4. Use default
  5. Use default
  6. Type t
  7. Type 29 or search for Linux RAID using L
  8. Type p to view partition
  9. Type w to write partition
  10. Repeat for next disk

  • sudo mdadm --examine /dev/sda1 /dev/sdb1

  • Mirror drives: sudo mdadm --create /dev/md0 --level=mirror --raid-devices=2 /dev/sda1 /dev/sdb1

  • Validate raid: cat /proc/mdstat

  • To get more info: sudo mdadm --detail /dev/md0

  • Create file system and mount it:

    • sudo mkfs.ext4 /dev/md0
    • sudo mkdir /mnt/raid1
    • sudo mount /dev/md0 /mnt/raid1

  • To check space left: df -h /mnt/raid1

  • Save config for reboot

    • sudo mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf
    • sudo update-initramfs -u
    • echo '/dev/md0 /mnt/raid1 ext4 defaults,nofail,discard 0 0' | sudo tee -a /etc/fstab

Root cert

sudo openssl req -x509 \
            -sha256 -days 3560 \
            -nodes \
            -newkey rsa:2048 \
            -subj "/CN=luizio.com/C=US/L=Stockholm" \
            -keyout rootCA.key -out rootCA.crt 

sudo openssl genrsa -out server.key 2048

To get the values to use for cert-manager:

cat rootCA.crt | base64 -w 0
cat rootCA.key | base64 -w 0

Install k3s

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--no-deploy traefik" sh -s -

Move k3s storage

https://mrkandreev.name/snippets/how_to_move_k3s_data_to_another_location/

# Stop deamon
sudo systemctl stop k3s
# Copy files
sudo mv /run/k3s/ /mnt/raid1/k3s/k3s/
sudo mv /var/lib/kubelet/pods/ /mnt/raid1/k3s/k3s-pods/
sudo mv /var/lib/rancher/ /mnt/raid1/k3s/k3s-rancher/

# Create sym link
sudo ln -s /mnt/raid1/k3s/k3s /run/k3s
sudo ln -s /mnt/raid1/k3s/k3s-pods/ /var/lib/kubelet/pods
sudo ln -s /mnt/raid1/k3s/k3s-rancher/ /var/lib/rancher

# Start deamon
sudo systemctl start k3s

Jacket

Open ui and set password and flaresolverr ip

Skyconnect

To find where the usb device is connected: dmesg | grep tty

Git

git config --global credential.helper store

Clear old images

sudo k3s crictl images # to see what images have been pulled locally
sudo k3s crictl rmi --prune # to delete any images no currently used by a running container
df -h # to see mount information, used and available space etc.

Restic


# To init:
# ubuntu has removed azure provider so docker container is needed
sudo podman run --rm \
  --name restic \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Stockholm \
  -e AZURE_ACCOUNT_NAME=homeserverbackup \
  -e AZURE_ACCOUNT_KEY=UtakYO5PtGddBB+Ix+wtwHd21Ue8FKrHcEXTgUWLQ1V4Vd3iazhcKEgHuR0RLNJRZSspYoslEog0+AStwknnJw== \
  -e AZURE_RESOURCE_GROUP=home-server \
  -e RESTIC_PASSWORD='P.w2EuW&N/hYe/o2=' \
  docker.io/restic/restic:0.18.0 \
  -r azure:[container]:/ --verbose init

sudo podman run --rm \
  --name restic \
  -e TZ=Europe/Stockholm \
  -e RESTIC_PASSWORD='P.w2EuW&N/hYe/o2=' \
  -v /mnt/backups/[container]:/backups \
  docker.io/restic/restic:0.18.0 \
  -r /backups --verbose init

## Inside k3s
sudo kubectl -n garage run restic-init \
  --rm -it \
  --image=restic/restic:latest \
  --env="AWS_ACCESS_KEY_ID=GK474e858fdee8ee7c4c113aac" \
  --env="AWS_SECRET_ACCESS_KEY=7dbca87c55d7bbf1c61c7efcf8c6efccb0d916e611b67f78b88e0ff3d1903430" \
  --env="RESTIC_REPOSITORY=s3:http://s3.garage.svc.cluster.local:3900/immich-backup" \
  --env="RESTIC_PASSWORD=P.w2EuW&N/hYe/o2=" \
  --command -- sh



# To list snapshots
sudo podman run --rm \
  --name restic \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Stockholm \
  -e AZURE_ACCOUNT_NAME=homeserverbackup \
  -e AZURE_ACCOUNT_KEY=UtakYO5PtGddBB+Ix+wtwHd21Ue8FKrHcEXTgUWLQ1V4Vd3iazhcKEgHuR0RLNJRZSspYoslEog0+AStwknnJw== \
  -e AZURE_RESOURCE_GROUP=home-server \
  -e RESTIC_PASSWORD='P.w2EuW&N/hYe/o2=' \
  docker.io/restic/restic:0.18.0 \
  -r azure:[container]:/ --verbose snapshots


# To list snapshots
sudo podman run --rm \
  --name restic \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Stockholm \
  -e AZURE_ACCOUNT_NAME=homeserverbackup \
  -e AZURE_ACCOUNT_KEY=UtakYO5PtGddBB+Ix+wtwHd21Ue8FKrHcEXTgUWLQ1V4Vd3iazhcKEgHuR0RLNJRZSspYoslEog0+AStwknnJw== \
  -e AZURE_RESOURCE_GROUP=home-server \
  -e RESTIC_PASSWORD='P.w2EuW&N/hYe/o2=' \
  docker.io/restic/restic:0.18.0 \
  -r azure:[container]:/ --verbose ls [snapshotId]


# To clean up old snapshots. Latest data is kept backed up
sudo podman run --rm \
  --name restic \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Stockholm \
  -e AZURE_ACCOUNT_NAME=homeserverbackup \
  -e AZURE_ACCOUNT_KEY=UtakYO5PtGddBB+Ix+wtwHd21Ue8FKrHcEXTgUWLQ1V4Vd3iazhcKEgHuR0RLNJRZSspYoslEog0+AStwknnJw== \
  -e AZURE_RESOURCE_GROUP=home-server \
  -e RESTIC_PASSWORD='P.w2EuW&N/hYe/o2=' \
  docker.io/restic/restic:0.18.0 \
  -r azure:[container]:/ --verbose forget --keep-last 1 --prune

SSH config

In the file /home/ludwig/.ssh/config This should be the content

Host development
  HostName 192.168.1.10
  Port 2222
  User ubuntu
  LocalForward 3306 127.0.0.1:3306  # Forward MySQL port
  LocalForward 15672 127.0.0.1:15672  # Forward RabbitMQ management port
  StrictHostKeyChecking no
  UserKnownHostsFile=/dev/null
Host 192.168.1.11
  HostName 192.168.1.11
  User ludwig

Host *
    ServerAliveInterval 10
    ServerAliveCountMax 3