diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..9602961 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,2 @@ +github: timothystewart6 +patreon: technotim \ No newline at end of file diff --git a/.github/FUNDING.yml:Zone.Identifier b/.github/FUNDING.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..014d750 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "bundler" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" + rebase-strategy: "auto" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] diff --git a/.github/dependabot.yml:Zone.Identifier b/.github/dependabot.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/.github/workflows/pages-deploy.yml b/.github/workflows/pages-deploy.yml index cc28f99..e480bf7 100644 --- a/.github/workflows/pages-deploy.yml +++ b/.github/workflows/pages-deploy.yml @@ -1,73 +1,37 @@ -name: "Build and Deploy" +name: 'Build & Release' on: push: branches: - - main - master paths-ignore: - .gitignore - README.md - LICENSE - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -permissions: - contents: read - pages: write - id-token: write - -# Allow one concurrent deployment -concurrency: - group: "pages" - cancel-in-progress: true - jobs: - build: + build-release: + runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - # submodules: true - # If using the 'assets' git submodule from Chirpy Starter, uncomment above - # (See: https://github.com/cotes2020/chirpy-starter/tree/main/assets) + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2 - - name: Setup Pages - id: pages - uses: actions/configure-pages@v4 + with: + fetch-depth: 0 # for posts's lastmod - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa #1.115.3 with: - ruby-version: 3.3 + ruby-version: 2.7 bundler-cache: true - - name: Build site - run: bundle exec jekyll b -d "_site${{ steps.pages.outputs.base_path }}" - env: - JEKYLL_ENV: "production" - - - name: Test site + - name: Check baseurl run: | - bundle exec htmlproofer _site \ - \-\-disable-external \ - \-\-ignore-urls "/^http:\/\/127.0.0.1/,/^http:\/\/0.0.0.0/,/^http:\/\/localhost/" - - - name: Upload site artifact - uses: actions/upload-pages-artifact@v3 - with: - path: "_site${{ steps.pages.outputs.base_path }}" + baseurl="$(grep '^baseurl:' _config.yml | sed "s/.*: *//;s/['\"]//g;s/#.*//")" + if [[ -n $baseurl ]]; then + echo "BASE_URL=$baseurl" >> $GITHUB_ENV + fi - deploy: - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest - needs: build - steps: - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@v4 + - name: Deploy + run: bash tools/deploy.sh \ No newline at end of file diff --git a/.github/workflows/pages-deploy.yml:Zone.Identifier b/.github/workflows/pages-deploy.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 0000000..3b49175 --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,30 @@ +name: 'Pull Request' +on: + pull_request: + branches: + - master + paths-ignore: + - .gitignore + - README.md + - LICENSE + +jobs: + pull-request: + + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2 + + with: + fetch-depth: 0 # for posts's lastmod + + - name: Setup Ruby + uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # 1.115.3 + with: + ruby-version: 2.7 + bundler-cache: true + + - name: Test Site + run: bash tools/deploy.sh --dry-run \ No newline at end of file diff --git a/.github/workflows/pull-request.yml:Zone.Identifier b/.github/workflows/pull-request.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/.github/workflows/push-remote.yml b/.github/workflows/push-remote.yml new file mode 100644 index 0000000..4385a29 --- /dev/null +++ b/.github/workflows/push-remote.yml @@ -0,0 +1,32 @@ +name: 'push-remote' + +on: + push: + branches: + - master + paths-ignore: + - .gitignore + - README.md + - LICENSE + +jobs: + push: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2 + with: + fetch-depth: 0 # for posts's lastmod + + - name: Mirror + trigger CI + uses: SvanBoxel/gitlab-mirror-and-ci-action@871fb56ab2be794ca4df43e81cd03236ad8fba62 # 0.3+ + with: + args: 'https://gitlab.com/${{ secrets.GITLAB_PROJECT_ID }}' + env: + FORCE_PUSH: "true" + GITLAB_HOSTNAME: ${{ secrets.GITLAB_HOSTNAME }} + GITLAB_USERNAME: ${{ secrets.GITLAB_USERNAME }} + GITLAB_PASSWORD: ${{ secrets.GITLAB_PASSWORD }} + GITLAB_PROJECT_ID: ${{ secrets.GITLAB_PROJECT_ID }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + \ No newline at end of file diff --git a/.github/workflows/push-remote.yml:Zone.Identifier b/.github/workflows/push-remote.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/.gitignore b/.gitignore index 0082d90..9744d04 100644 --- a/.gitignore +++ b/.gitignore @@ -1,27 +1,45 @@ -# Bundler cache -.bundle -vendor -Gemfile.lock +.DS_Store +node_modules +./public +.tmp +.idea +.log +dist +docs +npm-debug.log +.nyc_output +coverage +cassettes +yarn-error.log +.compiled -# Jekyll cache +_site +.sass-cache .jekyll-cache .jekyll-metadata +vendor +yarn* +.bundle +!.travis.yml + +# hidden files +.* +!.git* +!.editorconfig +!.nojekyll +!.travis.yml + +# bundler cache _site +vendor -# RubyGems +# rubygem *.gem -# NPM dependencies +# npm dependencies node_modules package-lock.json -# IDE configurations -.idea -.vscode/* -!.vscode/settings.json -!.vscode/extensions.json -!.vscode/tasks.json - -# Misc -_sass/dist -assets/js/dist +!.husky +!.commitlintrc.json +!.versionrc.json \ No newline at end of file diff --git a/.gitignore:Zone.Identifier b/.gitignore:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..d536218 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,59 @@ +stages: + - test + - docker + - deploy + +variables: + KUBECONFIG: .kube/config + JEKYLL_ENV: production + GIT_STRATEGY: clone + GIT_DEPTH: 0 + +cache: &global_cache + key: $CI_PROJECT_NAME + paths: + - vendor/ruby + policy: pull-push + +build: + image: ruby:2.7 + stage: test + artifacts: + paths: + - _site + expire_in: 1 week + cache: + <<: *global_cache + retry: 2 + script: + - gem install bundler + - bundle config set --local path 'vendor/ruby' + - bundle install + - JEKYLL_ENV=production bundle exec jekyll b + +docker_image_build_release: + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [""] + cache: [] + stage: docker + retry: 2 + script: + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json + - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:latest + +deploy: + image: + name: bitnami/kubectl:latest + entrypoint: [""] + cache: [] + stage: deploy + retry: 2 + before_script: + - sed -ie "s/deploy-date-value/$(date)/g" kubernetes/deployment.yaml + - sed -ie "s|registry-value|$CI_REGISTRY_IMAGE|g" kubernetes/deployment.yaml + - mkdir -p .kube/ && touch .kube/config + - echo ${KUBERNETES_EXTERNAL_CLUSTER} | base64 -d -i > ${KUBECONFIG} + script: + - kubectl apply -f kubernetes \ No newline at end of file diff --git a/.gitlab-ci.yml:Zone.Identifier b/.gitlab-ci.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/.gitmodules:Zone.Identifier b/.gitmodules:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0fc972a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:stable-alpine + +COPY _site /usr/share/nginx/html diff --git a/Dockerfile:Zone.Identifier b/Dockerfile:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/Gemfile b/Gemfile index dbd3872..d22e72e 100644 --- a/Gemfile +++ b/Gemfile @@ -2,13 +2,21 @@ source "https://rubygems.org" -gem "jekyll-theme-chirpy", "~> 7.1", ">= 7.1.1" +gem "jekyll-theme-chirpy", "~> 5.3", ">= 5.3.2" -gem "html-proofer", "~> 5.0", group: :test +group :test do + gem "html-proofer", "~> 3.19" +end -platforms :mingw, :x64_mingw, :mswin, :jruby do - gem "tzinfo", ">= 1", "< 3" +# Windows and JRuby does not include zoneinfo files, so bundle the tzinfo-data gem +# and associated library. +install_if -> { RUBY_PLATFORM =~ %r!mingw|mswin|java! } do + gem "tzinfo", "~> 2.0" gem "tzinfo-data" end -gem "wdm", "~> 0.1.1", :platforms => [:mingw, :x64_mingw, :mswin] +# Performance-booster for watching directories on Windows +gem "wdm", "~> 0.1.1", :install_if => Gem.win_platform? + +# Jekyll <= 4.2.0 compatibility with Ruby 3.0 +gem "webrick", "~> 1.7" diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..3f0e348 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,113 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + colorator (1.1.0) + concurrent-ruby (1.3.4) + em-websocket (0.5.3) + eventmachine (>= 0.12.9) + http_parser.rb (~> 0) + ethon (0.15.0) + ffi (>= 1.15.0) + eventmachine (1.2.7) + ffi (1.15.5) + forwardable-extended (2.6.0) + html-proofer (3.19.4) + addressable (~> 2.3) + mercenary (~> 0.3) + nokogiri (~> 1.13) + parallel (~> 1.10) + rainbow (~> 3.0) + typhoeus (~> 1.3) + yell (~> 2.0) + http_parser.rb (0.8.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + jekyll (4.3.1) + addressable (~> 2.4) + colorator (~> 1.0) + em-websocket (~> 0.5) + i18n (~> 1.0) + jekyll-sass-converter (>= 2.0, < 4.0) + jekyll-watch (~> 2.0) + kramdown (~> 2.3, >= 2.3.1) + kramdown-parser-gfm (~> 1.0) + liquid (~> 4.0) + mercenary (>= 0.3.6, < 0.5) + pathutil (~> 0.9) + rouge (>= 3.0, < 5.0) + safe_yaml (~> 1.0) + terminal-table (>= 1.8, < 4.0) + webrick (~> 1.7) + jekyll-archives (2.2.1) + jekyll (>= 3.6, < 5.0) + jekyll-paginate (1.1.0) + jekyll-redirect-from (0.16.0) + jekyll (>= 3.3, < 5.0) + jekyll-sass-converter (2.2.0) + sassc (> 2.0.1, < 3.0) + jekyll-seo-tag (2.8.0) + jekyll (>= 3.8, < 5.0) + jekyll-sitemap (1.4.0) + jekyll (>= 3.7, < 5.0) + jekyll-theme-chirpy (5.3.2) + jekyll (~> 4.1) + jekyll-archives (~> 2.2) + jekyll-paginate (~> 1.1) + jekyll-redirect-from (~> 0.16) + jekyll-seo-tag (~> 2.7) + jekyll-sitemap (~> 1.4) + jekyll-watch (2.2.1) + listen (~> 3.0) + kramdown (2.4.0) + rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) + liquid (4.0.3) + listen (3.7.1) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + mercenary (0.4.0) + nokogiri (1.13.10-x86_64-linux) + racc (~> 1.4) + parallel (1.22.1) + pathutil (0.16.2) + forwardable-extended (~> 2.6) + public_suffix (5.0.0) + racc (1.6.1) + rainbow (3.1.1) + rb-fsevent (0.11.2) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.5) + rouge (3.30.0) + safe_yaml (1.0.5) + sassc (2.4.0) + ffi (~> 1.9) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + typhoeus (1.4.0) + ethon (>= 0.9.0) + tzinfo (2.0.5) + concurrent-ruby (~> 1.0) + tzinfo-data (1.2024.2) + tzinfo (>= 1.0.0) + unicode-display_width (2.3.0) + wdm (0.1.1) + webrick (1.7.0) + yell (2.2.2) + +PLATFORMS + x86_64-linux + +DEPENDENCIES + html-proofer (~> 3.19) + jekyll-theme-chirpy (~> 5.3, >= 5.3.2) + tzinfo (~> 2.0) + tzinfo-data + wdm (~> 0.1.1) + webrick (~> 1.7) + +BUNDLED WITH + 2.3.14 diff --git a/Gemfile.lock:Zone.Identifier b/Gemfile.lock:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/Gemfile:Zone.Identifier b/Gemfile:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md index 793cd08..025b51e 100644 --- a/README.md +++ b/README.md @@ -1,43 +1,27 @@ -# Chirpy Starter +# YouTube Videos -[![Gem Version](https://img.shields.io/gem/v/jekyll-theme-chirpy)][gem]  -[![GitHub license](https://img.shields.io/github/license/cotes2020/chirpy-starter.svg?color=blue)][mit] +Here you will find all the documentation for my YouTube videos on my channel [https://www.youtube.com/technotimlive](https://l.technotim.live/subscribe) -When installing the [**Chirpy**][chirpy] theme through [RubyGems.org][gem], Jekyll can only read files in the folders -`_data`, `_layouts`, `_includes`, `_sass` and `assets`, as well as a small part of options of the `_config.yml` file -from the theme's gem. If you have ever installed this theme gem, you can use the command -`bundle info --path jekyll-theme-chirpy` to locate these files. +## Don't forget to ⭐ this repo and fork it! 👆 -The Jekyll team claims that this is to leave the ball in the user’s court, but this also results in users not being -able to enjoy the out-of-the-box experience when using feature-rich themes. +## Documentation has moved here 👉 [The new documentation site](https://docs.technotim.live/) -To fully use all the features of **Chirpy**, you need to copy the other critical files from the theme's gem to your -Jekyll site. The following is a list of targets: +## Credits -```shell -. -├── _config.yml -├── _plugins -├── _tabs -└── index.html -``` +Created by TechnoTim with 💛 -To save you time, and also in case you lose some files while copying, we extract those files/configurations of the -latest version of the **Chirpy** theme and the [CD][CD] workflow to here, so that you can start writing in minutes. +► YouTube -## Usage +► Patreon -Check out the [theme's docs](https://github.com/cotes2020/jekyll-theme-chirpy/wiki). +► Twitch -## Contributing +► Twitter -This repository is automatically updated with new releases from the theme repository. If you encounter any issues or want to contribute to its improvement, please visit the [theme repository][chirpy] to provide feedback. +► Discord -## License +► Instagram -This work is published under [MIT][mit] License. +► Facebook -[gem]: https://rubygems.org/gems/jekyll-theme-chirpy -[chirpy]: https://github.com/cotes2020/jekyll-theme-chirpy/ -[CD]: https://en.wikipedia.org/wiki/Continuous_deployment -[mit]: https://github.com/cotes2020/chirpy-starter/blob/master/LICENSE +► GitHub diff --git a/README.md:Zone.Identifier b/README.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_config.yml b/_config.yml index 70ae195..8e072b3 100644 --- a/_config.yml +++ b/_config.yml @@ -3,79 +3,76 @@ # Import the theme theme: jekyll-theme-chirpy +# Change the following value to '/PROJECT_NAME' ONLY IF your site type is GitHub Pages Project sites +# and doesn't have a custom domain. +baseurl: '' + # The language of the webpage › http://www.lingoes.net/en/translator/langcode.htm # If it has the same name as one of the files in folder `_data/locales`, the layout language will also be changed, # otherwise, the layout language will use the default value of 'en'. lang: en -# Change to your timezone › https://kevinnovak.github.io/Time-Zone-Picker -timezone: Europe/Stockholm +# Additional parameters for datetime localization, optional. › https://github.com/iamkun/dayjs/tree/dev/src/locale +prefer_datetime_locale: + +# Change to your timezone › http://www.timezoneconverter.com/cgi-bin/findzone/findzone +timezone: Sweden/Stockholm # jekyll-seo-tag settings › https://github.com/jekyll/jekyll-seo-tag/blob/master/docs/usage.md # ↓ -------------------------- -title: Lincken # the main title +title: Lincken Documentation # the main title -tagline: A text-focused Jekyll theme # it will display as the subtitle +tagline: Video documentation for all your copy pasta needs! # it will display as the sub-title -description: >- # used by seo meta and the atom feed - A minimal, responsive and feature-rich Jekyll theme for technical writing. +description: >- # used by seo meta and the atom feed + Documentation for Techno Tim YouTube videos for all your copy pasta needs! -# Fill in the protocol & hostname for your site. -# E.g. 'https://username.github.io', note that it does not end with a '/'. -url: "https://cyanolinck.github.io/" +# fill in the protocol & hostname for your site, e.g., 'https://username.github.io' +url: 'https://cyanolinck.github.io/' github: - username: Cyanolinck # change to your GitHub username - + username: Cyanolinck # change to your github username twitter: - username: twitter_username # change to your Twitter username - + username: # change to your twitter username +patreon: + username: +twitch: + username: +instagram: + username: +facebook: + username: +discord: + invitelink: +youtube: + channelid: +tiktok: + username: social: # Change to your full name. # It will be displayed as the default author of the posts and the copyright owner in the Footer - name: your_full_name - email: example@domain.com # change to your email address + name: Lincken + # email: example@doamin.com # change to your email address links: # The first element serves as the copyright owner's link - - https://twitter.com/username # change to your Twitter homepage - - https://github.com/username # change to your GitHub homepage + #- https://l.technotim.live/twitter # change to your twitter homepage + # - https://github.com/username # change to your github homepage # Uncomment below to add more social links # - https://www.facebook.com/username # - https://www.linkedin.com/in/username -# Site Verification Settings -webmaster_verifications: - google: # fill in your Google verification code - bing: # fill in your Bing verification code - alexa: # fill in your Alexa verification code - yandex: # fill in your Yandex verification code - baidu: # fill in your Baidu verification code - facebook: # fill in your Facebook verification code +# google_site_verification: google_meta_tag_verification # change to your verification string # ↑ -------------------------- # The end of `jekyll-seo-tag` settings -# Web Analytics Settings -analytics: - google: - id: # fill in your Google Analytics ID - goatcounter: - id: # fill in your GoatCounter ID - umami: - id: # fill in your Umami ID - domain: # fill in your Umami domain - matomo: - id: # fill in your Matomo ID - domain: # fill in your Matomo domain - cloudflare: - id: # fill in your Cloudflare Web Analytics token - fathom: - id: # fill in your Fathom Site ID - -# Page views settings -pageviews: - provider: # now only supports 'goatcounter' +google_analytics: + #id: 'G-NZ5V7DM8F5' # Fill with your Google Analytics ID + # Google Analytics pageviews report settings + pv: + proxy_endpoint: # fill in the Google Analytics superProxy endpoint of Google App Engine + cache_path: # the local PV cache data, friendly to visitors from GFW region # Prefer color scheme setting. # @@ -85,79 +82,61 @@ pageviews: # # Available options: # -# light — Use the light color scheme -# dark — Use the dark color scheme +# light - Use the light color scheme +# dark - Use the dark color scheme # -theme_mode: # [light | dark] +theme_mode: dark # [light|dark] -# The CDN endpoint for media resources. +# The CDN endpoint for images. # Notice that once it is assigned, the CDN url -# will be added to all media resources (site avatar, posts' images, audio and video files) paths starting with '/' +# will be added to all image (site avatar & posts' images) paths starting with '/' # # e.g. 'https://cdn.com' -cdn: +img_cdn: # the avatar on sidebar, support local or CORS resources -avatar: https://scontent.fbma5-1.fna.fbcdn.net/v/t1.6435-9/121150084_1819003874906352_7679734975777435654_n.jpg?_nc_cat=109&ccb=1-7&_nc_sid=1d70fc&_nc_ohc=I0Eji_sI6Q0Q7kNvgHgowaB&_nc_zt=23&_nc_ht=scontent.fbma5-1.fna&_nc_gid=AxdXM7sDIem1pDJBDNlk1HV&oh=00_AYBbl4yLh5bZQx3VuEeaLkQGRHlN3ALvK-vfCfkjOgyOoQ&oe=673FCD50 - -# The URL of the site-wide social preview image used in SEO `og:image` meta tag. -# It can be overridden by a customized `page.image` in front matter. -social_preview_image: # string, local or CORS resources +avatar: https://scontent.fbma5-1.fna.fbcdn.net/v/t1.6435-9/121150084_1819003874906352_7679734975777435654_n.jpg?_nc_cat=109&ccb=1-7&_nc_sid=1d70fc&_nc_ohc=I0Eji_sI6Q0Q7kNvgHgowaB&_nc_zt=23&_nc_ht=scontent.fbma5-1.fna&_nc_gid=Ax8DyfejbwsyQ0XCorBTW7N&oh=00_AYB6Y_fm_Jj8SnY02B5ni3QWk6DQcglV3icB3ihsex523g&oe=6740E690 -# boolean type, the global switch for TOC in posts. +# boolean type, the global switch for ToC in posts. toc: true comments: - # Global switch for the post-comment system. Keeping it empty means disabled. - provider: # [disqus | utterances | giscus] - # The provider options are as follows: + active: # The global switch for posts comments, e.g., 'disqus'. Keep it empty means disable + # The active options are as follows: disqus: - shortname: # fill with the Disqus shortname. › https://help.disqus.com/en/articles/1717111-what-s-a-shortname + shortname: # fill with the Disqus shortname. › https://help.disqus.com/en/articles/1717111-what-s-a-shortname # utterances settings › https://utteranc.es/ utterances: - repo: # / - issue_term: # < url | pathname | title | ...> + repo: # / + issue_term: # < url | pathname | title | ...> # Giscus options › https://giscus.app giscus: - repo: # / - repo_id: - category: - category_id: - mapping: # optional, default to 'pathname' - strict: # optional, default to '0' - input_position: # optional, default to 'bottom' - lang: # optional, default to the value of `site.lang` - reactions_enabled: # optional, default to the value of `1` + repo: + repo_id: + category: + category_id: + mapping: # optional, default to 'pathname' + input_position: # optional, default to 'bottom' + lang: en # optional, default to the value of `site.lang` # Self-hosted static assets, optional › https://github.com/cotes2020/chirpy-static-assets assets: self_host: - enabled: # boolean, keep empty means false + enabled: # boolean, keep empty means false # specify the Jekyll environment, empty means both # only works if `assets.self_host.enabled` is 'true' - env: # [development | production] + env: # [development|production] pwa: - enabled: true # The option for PWA feature (installable) - cache: - enabled: true # The option for PWA offline cache - # Paths defined here will be excluded from the PWA cache. - # Usually its value is the `baseurl` of another website that - # shares the same domain name as the current website. - deny_paths: - # - "/example" # URLs match `/example/*` will not be cached by the PWA - + enabled: true # the option for PWA feature + paginate: 10 -# The base URL of your site -baseurl: "" - # ------------ The following options are not recommended to be modified ------------------ kramdown: - footnote_backlink: "↩︎" syntax_highlighter: rouge - syntax_highlighter_opts: # Rouge Options › https://github.com/jneen/rouge#full-options + syntax_highlighter_opts: # Rouge Options › https://github.com/jneen/rouge#full-options css_class: highlight # default_lang: console span: @@ -173,12 +152,12 @@ collections: defaults: - scope: - path: "" # An empty string here means all files in the project + path: '' # An empty string here means all files in the project type: posts values: layout: post - comments: true # Enable comments in posts. - toc: true # Display TOC column in posts. + comments: true # Enable comments in posts. + toc: true # Display TOC column in posts. # DO NOT modify the following parameter unless you are confident enough # to update the code of all other post links in this project. permalink: /posts/:title/ @@ -187,11 +166,19 @@ defaults: values: comments: false - scope: - path: "" - type: tabs # see `site.collections` + path: '' + type: tabs # see `site.collections` values: layout: page permalink: /:title/ + - scope: + path: assets/img/favicons + values: + swcache: true + - scope: + path: assets/js/dist + values: + swcache: true sass: style: compressed @@ -206,14 +193,19 @@ compress_html: envs: [development] exclude: - - "*.gem" - - "*.gemspec" - - docs + - '*.gem' + - '*.gemspec' - tools - README.md - LICENSE - - "*.config.js" + - gulpfile.js + - node_modules - package*.json + - archive_old + - template + - reference_files + - kubernetes + - Dockerfile jekyll-archives: enabled: [categories, tags] diff --git a/_config.yml:Zone.Identifier b/_config.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_data/assets/cross_origin.yml b/_data/assets/cross_origin.yml new file mode 100644 index 0000000..bafea64 --- /dev/null +++ b/_data/assets/cross_origin.yml @@ -0,0 +1,62 @@ +# CDNs + +cdns: + # Google Fonts + - url: https://fonts.googleapis.com + - url: https://fonts.gstatic.com + args: crossorigin + - url: https://fonts.googleapis.com + # jsDelivr CDN + - url: https://cdn.jsdelivr.net + +# fonts + +webfonts: https://fonts.googleapis.com/css2?family=Lato&family=Source+Sans+Pro:wght@400;600;700;900&display=swap + +# Libraries + +jquery: + js: https://cdn.jsdelivr.net/npm/jquery@3/dist/jquery.min.js + +bootstrap: + css: https://cdn.jsdelivr.net/npm/bootstrap@4/dist/css/bootstrap.min.css + js: https://cdn.jsdelivr.net/npm/bootstrap@4/dist/js/bootstrap.bundle.min.js + +bootstrap-toc: + css: https://cdn.jsdelivr.net/gh/afeld/bootstrap-toc@1.0.1/dist/bootstrap-toc.min.css + js: https://cdn.jsdelivr.net/gh/afeld/bootstrap-toc@1.0.1/dist/bootstrap-toc.min.js + +fontawesome: + css: https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6/css/all.min.css + +search: + js: https://cdn.jsdelivr.net/npm/simple-jekyll-search@1.10.0/dest/simple-jekyll-search.min.js + +mermaid: + js: https://cdn.jsdelivr.net/npm/mermaid@8/dist/mermaid.min.js + +dayjs: + js: + common: https://cdn.jsdelivr.net/npm/dayjs@1/dayjs.min.js + locale: https://cdn.jsdelivr.net/npm/dayjs@1/locale/:LOCALE.min.js + relativeTime: https://cdn.jsdelivr.net/npm/dayjs@1/plugin/relativeTime.min.js + localizedFormat: https://cdn.jsdelivr.net/npm/dayjs@1/plugin/localizedFormat.min.js + +countup: + js: https://cdn.jsdelivr.net/npm/countup.js@1.9.3/dist/countUp.min.js + +magnific-popup: + css: https://cdn.jsdelivr.net/npm/magnific-popup@1/dist/magnific-popup.min.css + js: https://cdn.jsdelivr.net/npm/magnific-popup@1/dist/jquery.magnific-popup.min.js + +lozad: + js: https://cdn.jsdelivr.net/npm/lozad/dist/lozad.min.js + +clipboard: + js: https://cdn.jsdelivr.net/npm/clipboard@2/dist/clipboard.min.js + +polyfill: + js: https://polyfill.io/v3/polyfill.min.js?features=es6 + +mathjax: + js: https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-chtml.js \ No newline at end of file diff --git a/_data/assets/cross_origin.yml:Zone.Identifier b/_data/assets/cross_origin.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_data/assets/self_host.yml b/_data/assets/self_host.yml new file mode 100644 index 0000000..c143e41 --- /dev/null +++ b/_data/assets/self_host.yml @@ -0,0 +1,51 @@ +# fonts + +webfonts: /assets/lib/fonts/main.css + +# Libraries + +jquery: + js: /assets/lib/jquery-3.6.0/jquery.min.js + +bootstrap: + css: /assets/lib/bootstrap-4.6.1/bootstrap.min.css + js: /assets/lib/bootstrap-4.6.1/bootstrap.bundle.min.js + +bootstrap-toc: + css: /assets/lib/bootstrap-toc-1.0.1/bootstrap-toc.min.css + js: /assets/lib/bootstrap-toc-1.0.1/bootstrap-toc.min.js + +fontawesome: + css: /assets/lib/fontawesome-free-6.2.1/css/all.min.css + +search: + js: /assets/lib/simple-jekyll-search-1.10.0/simple-jekyll-search.min.js + +mermaid: + js: /assets/lib/mermaid-8.13.10/mermaid.min.js + +dayjs: + js: + common: /assets/lib/dayjs-1.10.7/dayjs.min.js + locale: /assets/lib/dayjs-1.10.7/locale/en.min.js + relativeTime: /assets/lib/dayjs-1.10.7/plugin/relativeTime.min.js + localizedFormat: /assets/lib/dayjs-1.10.7/plugin/localizedFormat.min.js + +countup: + js: /assets/lib/countup.js-1.9.3/countUp.min.js + +magnific-popup: + css: /assets/lib/magnific-popup-1.1.0/magnific-popup.css + js: /assets/lib/magnific-popup-1.1.0/jquery.magnific-popup.min.js + +lozad: + js: /assets/lib/lozad-1.16.0/lozad.min.js + +clipboard: + js: /assets/lib/clipboard-2.0.9/clipboard.min.js + +polyfill: + js: /assets/lib/polyfill-v3-es6/polyfill.min.js + +mathjax: + js: /assets/lib/mathjax-3.2.0/tex-chtml.js \ No newline at end of file diff --git a/_data/assets/self_host.yml:Zone.Identifier b/_data/assets/self_host.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_data/contact.yml b/_data/contact.yml index ed40acb..dc4c56e 100644 --- a/_data/contact.yml +++ b/_data/contact.yml @@ -1,40 +1,56 @@ # The contact options. -- type: github - icon: "fab fa-github" +- + type: twitter + icon: 'fab fa-twitter' +- + type: youtube + icon: 'fab fa-youtube' + url: 'https://l.technotim.live/subscribe' +- + type: twitch + icon: 'fab fa-twitch' + url: 'https://l.technotim.live/twitch' +- + type: patreon + icon: 'fab fa-patreon' + url: 'https://www.patreon.com/technotim' +- + type: discord + icon: 'fab fa-discord' + url: 'https://l.technotim.live/discord' +- + type: github + icon: 'fab fa-github' +- + type: rss + icon: 'fas fa-rss' + noblank: true -- type: twitter - icon: "fa-brands fa-x-twitter" +# type: instagram +# icon: 'fab fa-instagram' +# - +# type: facebook +# icon: 'fab fa-facebook' -- type: email - icon: "fas fa-envelope" - noblank: true # open link in current tab +# - +# type: tiktok +# icon: 'fab fa-tiktok' + +# type: email +# icon: 'fas fa-envelope' +# noblank: true # open link in current tab -- type: rss - icon: "fas fa-rss" - noblank: true # Uncomment and complete the url below to enable more contact options -# -# - type: mastodon +# - +# type: mastodon # icon: 'fab fa-mastodon' # icons powered by -# url: '' # Fill with your Mastodon account page, rel="me" will be applied for verification -# -# - type: linkedin +# url: '' # Fill with your mastodon account page +# - +# type: linkedin # icon: 'fab fa-linkedin' # icons powered by # url: '' # Fill with your Linkedin homepage -# -# - type: stack-overflow +# - +# type: stack-overflow # icon: 'fab fa-stack-overflow' # url: '' # Fill with your stackoverflow homepage -# -# - type: bluesky -# icon: 'fa-brands fa-bluesky' -# url: '' # Fill with your Bluesky profile link -# -# - type: reddit -# icon: 'fa-brands fa-reddit' -# url: '' # Fill with your Reddit profile link -# -# - type: threads -# icon: 'fa-brands fa-threads' -# url: '' # Fill with your Threads profile link diff --git a/_data/contact.yml:Zone.Identifier b/_data/contact.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_data/locales/en.yml b/_data/locales/en.yml new file mode 100644 index 0000000..20a13e3 --- /dev/null +++ b/_data/locales/en.yml @@ -0,0 +1,83 @@ +# The layout text of site + +# ----- Commons label ----- + +layout: + post: Post + category: Category + tag: Tag + +# The tabs of sidebar +tabs: + # format: : + home: Home + categories: Categories + tags: Tags + archives: Archives + about: About + +# the text displayed in the search bar & search results +search: + hint: search + cancel: Cancel + no_results: Oops! No result founds. + +panel: + lastmod: Recently Updated + trending_tags: Trending Tags + toc: Contents + +copyright: + # Shown at the bottom of the post + license: + template: This post is licensed under :LICENSE_NAME by the author. + name: CC BY 4.0 + link: https://creativecommons.org/licenses/by/4.0/ + + # Displayed in the footer + brief: Some rights reserved. + verbose: >- + Except where otherwise noted, the blog posts on this site are licensed + under the Creative Commons Attribution 4.0 International (CC BY 4.0) License by the author. + +meta: ' ' # remove footer without replacing template + +not_found: + statment: Sorry, we've misplaced that URL or it's pointing to something that doesn't exist. + +notification: + update_found: A new version of content is available! + update: Update 🚀 + +# ----- Posts related labels ----- + +post: + written_by: By + posted: Posted + updated: Updated + words: words + pageview_measure: views + read_time: + unit: min + prompt: read + relate_posts: Further Reading + share: Share + button: + next: Newer + previous: Older + copy_code: + succeed: Copied! + share_link: + title: Copy link + succeed: Link copied successfully! + # pinned prompt of posts list on homepage + pin_prompt: Pinned + +# categories page +categories: + category_measure: + singular: category + plural: categories + post_measure: + singular: post + plural: posts \ No newline at end of file diff --git a/_data/locales/en.yml:Zone.Identifier b/_data/locales/en.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_data/share.yml b/_data/share.yml index 6f97568..55feb59 100644 --- a/_data/share.yml +++ b/_data/share.yml @@ -2,49 +2,26 @@ # Icons from platforms: - - type: Twitter - icon: "fa-brands fa-square-x-twitter" + - + type: Twitter + icon: "fab fa-twitter" link: "https://twitter.com/intent/tweet?text=TITLE&url=URL" - - - type: Facebook + - + type: Facebook icon: "fab fa-facebook-square" link: "https://www.facebook.com/sharer/sharer.php?title=TITLE&u=URL" - - - type: Telegram + - + type: Telegram icon: "fab fa-telegram" link: "https://t.me/share/url?url=URL&text=TITLE" # Uncomment below if you need to. + - + type: Linkedin + icon: "fab fa-linkedin" + link: "https://www.linkedin.com/sharing/share-offsite/?url=URL" # - # - type: Linkedin - # icon: "fab fa-linkedin" - # link: "https://www.linkedin.com/sharing/share-offsite/?url=URL" - # - # - type: Weibo + # - + # type: Weibo # icon: "fab fa-weibo" - # link: "https://service.weibo.com/share/share.php?title=TITLE&url=URL" - # - # - type: Mastodon - # icon: "fa-brands fa-mastodon" - # # See: https://github.com/justinribeiro/share-to-mastodon#properties - # instances: - # - label: mastodon.social - # link: "https://mastodon.social/" - # - label: mastodon.online - # link: "https://mastodon.online/" - # - label: fosstodon.org - # link: "https://fosstodon.org/" - # - label: photog.social - # link: "https://photog.social/" - # - # - type: Bluesky - # icon: "fa-brands fa-bluesky" - # link: "https://bsky.app/intent/compose?text=TITLE%20URL" - # - # - type: Reddit - # icon: "fa-brands fa-square-reddit" - # link: "https://www.reddit.com/submit?url=URL&title=TITLE" - # - # - type: Threads - # icon: "fa-brands fa-square-threads" - # link: "https://www.threads.net/intent/post?text=TITLE%20URL" + # link: "http://service.weibo.com/share/share.php?title=TITLE&url=URL" diff --git a/_data/share.yml:Zone.Identifier b/_data/share.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_plugins/posts-lastmod-hook.rb:Zone.Identifier b/_plugins/posts-lastmod-hook.rb:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-01-07-goxlr-wireless.md b/_posts/2020-01-07-goxlr-wireless.md new file mode 100644 index 0000000..574ebb9 --- /dev/null +++ b/_posts/2020-01-07-goxlr-wireless.md @@ -0,0 +1,19 @@ +--- +layout: post +title: "GoXLR WITH WIRELESS HEADSET - Connect ANY wireless bluetooth headphones" +date: 2020-01-07 09:00:00 -0500 +categories: streaming +tags: goxlr streaming twitch hardware +--- + +[![GoXLR WITH WIRELESS HEADSET - Connect ANY wireless bluetooth headphones](https://img.youtube.com/vi/dTd7f-jK_BE/0.jpg)](https://www.youtube.com/watch?v=dTd7f-jK_BE "GoXLR WITH WIRELESS HEADSET - Connect ANY wireless bluetooth headphones") + +Connect any wireless headset to a GoXLR or GoXLR mini. In this video, I show you how you can connect any pair of wireless bluetooth headphones to a GoXLR or GoXLR mini. They can be AirPods, Beats, Beats Wireless Pro, Bose, or any other wireless bluetooth headset. You can use this bluetooth adapter transmitter to stream while using the GoXLR or GoXLR mini. + +I bought these products with my own money because I thought they were cool. Nothing in this video was sponsored. + +[Watch Video](https://www.youtube.com/watch?v=dTd7f-jK_BE) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-01-07-goxlr-wireless.md:Zone.Identifier b/_posts/2020-01-07-goxlr-wireless.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-01-14-obs-best-settings.md b/_posts/2020-01-14-obs-best-settings.md new file mode 100644 index 0000000..e09b581 --- /dev/null +++ b/_posts/2020-01-14-obs-best-settings.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "BEST OBS Streaming Settings 2020! 🔴 (Quality, Frame Rate, Bit Rate, Audio, 1080p 60/FPS & MORE!)" +date: 2020-01-14 09:00:00 -0500 +categories: streaming +tags: obs twitch streaming +--- + +[![BEST OBS Streaming Settings 2020! 🔴 (Quality, Frame Rate, Bit Rate, Audio, 1080p 60/FPS & MORE!)](https://img.youtube.com/vi/_-G-RvWpojc/0.jpg)](https://www.youtube.com/watch?v=_-G-RvWpojc "BEST OBS Streaming Settings 2020! 🔴 (Quality, Frame Rate, Bit Rate, Audio, 1080p 60/FPS & MORE!)") + +Do you want the best settings for OBS in 2020? This is the ultimate OBS settings guide with the BEST OBS settings for streaming Fortnite, Just Chatting APEX Legends, PUBG, or really ANY game. This video includes the best settings for quality, frame rate, bit rate, and audio for streaming at 60 frames per second (FPS) at 1080p (max settings for streamers). This guide works with OBS Studio, Streamlabs OBS (SLOBS), and OBS.LIVE (from StreamElements). I also include various Windows settings and tweaks to give you the best performance while streaming. I even cover the new NVENC settings (NVIDIA NVENC H.264 (new) ) for NVidia graphics cards with Turing Architecture. This is a great guide for anyone who wants to tweak their existing settings or have just installed it for the first time with the default settings. + +[Watch Video](https://www.youtube.com/watch?v=_-G-RvWpojc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-01-14-obs-best-settings.md:Zone.Identifier b/_posts/2020-01-14-obs-best-settings.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-01-20-upgrade-your-room.md b/_posts/2020-01-20-upgrade-your-room.md new file mode 100644 index 0000000..6f3299d --- /dev/null +++ b/_posts/2020-01-20-upgrade-your-room.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Upgrade Your ROOM (One of the most OVERLOOKED stream upgrades!)" +date: 2020-01-20 09:00:00 -0500 +categories: streaming +tags: office hardware twitch +--- + +[![Upgrade Your ROOM (One of the most OVERLOOKED stream upgrades!)](https://img.youtube.com/vi/X7g3rjVN1Dw/0.jpg)](https://www.youtube.com/watch?v=X7g3rjVN1Dw "Upgrade Your ROOM (One of the most OVERLOOKED stream upgrades!)") + +There are so many upgrades out there for streaming, what do I start with? Video card? Microphone? Audio? CPU? RAM? Lights? I started with one that is overlooked by many streamers, and it's the room I stream in. So come along with me as give a tour of my stream room makeover! Hopefully this video gives you some stream background ideas for sofas, lights, smart LED lights, accent lighting, coffee tables, plants, rugs, bookshelves, and even Hyrule Historia as I walk through my stream studio setup! + +[Watch Video](https://www.youtube.com/watch?v=X7g3rjVN1Dw) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-01-20-upgrade-your-room.md:Zone.Identifier b/_posts/2020-01-20-upgrade-your-room.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-02-02-touchportal-vs-streamdeck.md b/_posts/2020-02-02-touchportal-vs-streamdeck.md new file mode 100644 index 0000000..af6b5e9 --- /dev/null +++ b/_posts/2020-02-02-touchportal-vs-streamdeck.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Touch Portal vs. Stream Deck" +date: 2020-02-02 09:00:00 -0500 +categories: streaming +tags: touch-portal stream-deck streaming hardware +--- + +[![Touch Portal vs. Stream Deck](https://img.youtube.com/vi/dtI81N-YQT8/0.jpg)](https://www.youtube.com/watch?v=dtI81N-YQT8 "Touch Portal vs. Stream Deck") + +Let's compare Touch Portal to Stream Deck. We'll walk through some of the similarities and differences between the free software Touch Portal and the Stream Deck hardware/software combination. We'll see if we can set up, configure in a step by step guide, and clone our Stream Deck interface for OBS using Touch Portal and a mobile device, we'll review features and experiences, then we'll choose a winner in the Touch Portal vs. Stream Deck face off! + +[Watch Video](https://www.youtube.com/watch?v=dtI81N-YQT8) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-02-02-touchportal-vs-streamdeck.md:Zone.Identifier b/_posts/2020-02-02-touchportal-vs-streamdeck.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-02-17-discord-bot.md b/_posts/2020-02-17-discord-bot.md new file mode 100644 index 0000000..449678f --- /dev/null +++ b/_posts/2020-02-17-discord-bot.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Let's Build a Discord Bot Using DiscordJS - Moderator Bot" +date: 2020-02-17 09:00:00 -0500 +categories: coding +tags: coding javascript discord self-hosted +--- + +[![Let's Build a Discord Bot Using DiscordJS - Moderator Bot](https://img.youtube.com/vi/YSZcyz2-twQ/0.jpg)](https://www.youtube.com/watch?v=YSZcyz2-twQ "Let's Build a Discord Bot Using DiscordJS - Moderator Bot") + +Let's build a bot! Not a bad bot like a view bot, but bot for good. Let's build a discord moderator bot using discord.js! Discord is powerful chat + video client and already has lots of great bots however no bot has the flexibility of creating your own! In this video I will show you how to build a discord bot using DiscordJS from start to finish. You'll see how to use the developer portal, create a bot using JavaScript, NodeJS, and NPM, invite the bot to your Discord server and have it moderate some of your channels. We have made this bot open source and will continue to contribute to this bot. + +[Watch Video](https://www.youtube.com/watch?v=YSZcyz2-twQ) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-02-17-discord-bot.md:Zone.Identifier b/_posts/2020-02-17-discord-bot.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-03-01-virtualize-truenas.md b/_posts/2020-03-01-virtualize-truenas.md new file mode 100644 index 0000000..365a381 --- /dev/null +++ b/_posts/2020-03-01-virtualize-truenas.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "How to Install and Virtualize TrueNAS with Proxmox" +date: 2020-03-01 09:00:00 -0500 +categories: truenas +tags: truenas proxmox windows +--- + +[![How to Install and Virtualize TrueNAS with Proxmox](https://img.youtube.com/vi/iva4DmOmSTc/0.jpg)](https://www.youtube.com/watch?v=iva4DmOmSTc "How to Install and Virtualize TrueNAS with Proxmox") + +Do you want a DIY NAS? Do you want to set up TrueNAS? Have you considered virtualizing TrueNAS with Proxmox? In this video we'll walk through installing and setting up TrueNAS and configure a samba share for Windows. We'll also install it on a virtual server using ProxmoxVE that's running in my Homelab. Both are free and open source. + +[Watch Video](https://www.youtube.com/watch?v=iva4DmOmSTc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-03-01-virtualize-truenas.md:Zone.Identifier b/_posts/2020-03-01-virtualize-truenas.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-03-06-iscsi-truenas.md b/_posts/2020-03-06-iscsi-truenas.md new file mode 100644 index 0000000..a21d02c --- /dev/null +++ b/_posts/2020-03-06-iscsi-truenas.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "How To Create an iSCSI Target with TrueNAS" +date: 2020-03-06 09:00:00 -0500 +categories: truenas +tags: homelab rancher kubernetes +--- + +[![How To Create an iSCSI Target with TrueNAS](https://img.youtube.com/vi/JzX6c58ydY4/0.jpg)](https://www.youtube.com/watch?v=JzX6c58ydY4 "How To Create an iSCSI Target with TrueNAS") + +Setting up iSCSI with TrueNAS and Windows 10 is super simple with TrueNAS. This is an easy way to have a hard drive installed on your machine that isn't really attached, it lives on the network. + +[Watch Video](https://www.youtube.com/watch?v=JzX6c58ydY4) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-03-06-iscsi-truenas.md:Zone.Identifier b/_posts/2020-03-06-iscsi-truenas.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-03-12-windows-developer-setup.md b/_posts/2020-03-12-windows-developer-setup.md new file mode 100644 index 0000000..41794d9 --- /dev/null +++ b/_posts/2020-03-12-windows-developer-setup.md @@ -0,0 +1,130 @@ +--- +layout: post +title: "Setting Up Windows for JavaScript Development THE RIGHT WAY (WSL Terminal NVM Node Yarn VS Code ZSH)" +date: 2020-03-12 09:00:00 -0500 +categories: coding +tags: windows coding javascript wsl nvm zsh node windows linux ubuntu +--- + +[![Setting Up Windows for JavaScript Development THE RIGHT WAY (WSL Terminal NVM Node Yarn VS Code ZSH)](https://img.youtube.com/vi/kL8iGErULiw/0.jpg)](https://www.youtube.com/watch?v=kL8iGErULiw "Setting Up Windows for JavaScript Development THE RIGHT WAY (WSL Terminal NVM Node Yarn VS Code ZSH)") + +You want to get started developing JavaScript with NodeJS, ReactJS, or AngularJS but you're not sure how to get started? This is a complete, step by step guide on how to configure your Windows machines for JavaScript development the right way. You'll learn how to install and configure Windows, the new Windows Terminal, WSL, Ubuntu, ZSH with Oh My ZSH, yarn, NPM, NVM, NodeJS, and VS Code. We'll also configure our git client for SSH access to GitHub. This is the perfect beginner tutorial for anyone trying to develop software on a Windows PC. + +[Watch Video](https://www.youtube.com/watch?v=kL8iGErULiw) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Update Ubuntu + +```bash +sudo apt-get update +``` + +```bash +sudo apt-get upgrade +``` + + +## install zshell + +```bash +sudo apt-get install zsh +``` + +## oh-my-zsh + +Check this site for the command https://ohmyz.sh/#install + + +It should be something like this: + +```bash +sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" +``` + + +## nvm + +Be sure `zshell` and `oh-my-zsh` are working before continuing + +Check this site for the command https://github.com/nvm-sh/nvm + +It should be something like this, but be sure to use the version from the link above + +```bash +curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash +``` + +If `nvm` doesn't work, check this https://youtu.be/kL8iGErULiw?t=507 + +Close all terminals and all VS Code instances after doing this step + +## Install Node + +```bash +nvm install 12.16.1 +``` + +## Install yarn + +Be sure `nvm` and `node` are working before continuing + +Check this site for the latest command https://classic.yarnpkg.com/en/docs/install/#alternatives-stable + +It should be something like this, but be sure to use the version from the link above + +```bash +curl -o- -L https://yarnpkg.com/install.sh | bash +``` + +## Configure Git + +You'll want to follow this guide for configuring git. Be sure to follow the `LINUX` version + +https://docs.github.com/en/github/using-git/getting-started-with-git-and-github + + +```bash +git config --global user.name "Techno Tim" +``` + +```bash +git config --global user.email "your_email@example.com" +``` + +```bash +ssh-keygen -t rsa -b 4096 -C "your_email@example.com" +``` + +```bash +eval $(ssh-agent -s) +``` + + +## Cloning a repo + +```bash +mkdir code && cd code +``` + +Be sure you choose the right repo before cloning, this is just an example + +```bash +git clone git@github.com:techno-tim/techno-boto-discord.git +``` + +```bash +cd techno-boto-discord +``` + +```bash +yarn +``` + +## Continuing with the bot turotials + +* Discord Bot https://www.youtube.com/watch?v=YSZcyz2-twQ +* Twitch Bot https://www.youtube.com/watch?v=7uSjKbAUHXg +* Slack Bot https://www.youtube.com/watch?v=AajBk59nOgw diff --git a/_posts/2020-03-12-windows-developer-setup.md:Zone.Identifier b/_posts/2020-03-12-windows-developer-setup.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-03-14-proxmox-setup.md b/_posts/2020-03-14-proxmox-setup.md new file mode 100644 index 0000000..4395901 --- /dev/null +++ b/_posts/2020-03-14-proxmox-setup.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Proxmox VE Install and Setup Tutorial" +date: 2020-03-14 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes +--- + +[![Proxmox VE Install and Setup Tutorial](https://img.youtube.com/vi/7OVaWaqO2aU/0.jpg)](https://www.youtube.com/watch?v=7OVaWaqO2aU "Proxmox VE Install and Setup Tutorial") + +Do you need to virtualize something at home? Thinking of building your own Homelab? (The answer is YES). Join me as we install and configure Proxmox VE step-by-step. + + +[Watch Video](https://www.youtube.com/watch?v=7OVaWaqO2aU) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-03-14-proxmox-setup.md:Zone.Identifier b/_posts/2020-03-14-proxmox-setup.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-03-18-proxmox-windows.md b/_posts/2020-03-18-proxmox-windows.md new file mode 100644 index 0000000..c9cb3ec --- /dev/null +++ b/_posts/2020-03-18-proxmox-windows.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Virtualize Windows 10 with Proxmox VE" +date: 2020-03-18 09:00:00 -0500 +categories: proxmox +tags: proxmox windows +--- + +[![Virtualize Windows 10 with Proxmox VE](https://img.youtube.com/vi/6c-6xBkD2J4/0.jpg)](https://www.youtube.com/watch?v=6c-6xBkD2J4 "Virtualize Windows 10 with Proxmox VE") + +Do you need to virtualize Windows 10 with Proxmox? Join me as we install and configure Windows 10 on Proxmox VE step-by-step using the best performance options. + +[Watch Video](https://www.youtube.com/watch?v=6c-6xBkD2J4) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-03-18-proxmox-windows.md:Zone.Identifier b/_posts/2020-03-18-proxmox-windows.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-03-20-proxmox-ubuntu-server.md b/_posts/2020-03-20-proxmox-ubuntu-server.md new file mode 100644 index 0000000..d321a56 --- /dev/null +++ b/_posts/2020-03-20-proxmox-ubuntu-server.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Virtualize Ubuntu Server with Proxmox VE" +date: 2020-03-20 09:00:00 -0500 +categories: proxmox +tags: proxmox ubuntu linux +--- + +[![Virtualize Ubuntu Server with Proxmox VE](https://img.youtube.com/vi/YR9SNDD8WB4/0.jpg)](https://www.youtube.com/watch?v=YR9SNDD8WB4 "Virtualize Ubuntu Server with Proxmox VE") + +Do you need to virtualize Ubuntu Server with Proxmox? Join me as we install and configure Ubuntu Server LTS on Proxmox VE step-by-step using the best performance options. + +[Watch Video](https://www.youtube.com/watch?v=YR9SNDD8WB4) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-03-20-proxmox-ubuntu-server.md:Zone.Identifier b/_posts/2020-03-20-proxmox-ubuntu-server.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-03-26-gpu-passthrough.md b/_posts/2020-03-26-gpu-passthrough.md new file mode 100644 index 0000000..b7a257f --- /dev/null +++ b/_posts/2020-03-26-gpu-passthrough.md @@ -0,0 +1,102 @@ +--- +layout: post +title: "Remote Gaming! (and Video Encoding using Proxmox and GPU Passthrough)" +date: 2020-03-26 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes +--- + +[![Remote Gaming! (and Video Encoding using Proxmox and GPU Passthrough)](https://img.youtube.com/vi/fgx3NMk6F54/0.jpg)](https://www.youtube.com/watch?v=fgx3NMk6F54 "Remote Gaming! (and Video Encoding using Proxmox and GPU Passthrough)") + + +Are you looking to build a remote gaming machine and passthrough your GPU to a virtual machine? Do you want to use GPU acceleration for transcoding Plex or Adobe Media Encoder? Do you dream of setting up Steam Link or Remote Play In Home Streaming and streaming games to any screen in your house? If so, this complete step-by-step guide of how to passthrough your Nvidia or AMD video card through to a guest VM using Proxmox VE! If not, well, please watch this anyway. + +[Watch Video](https://www.youtube.com/watch?v=fgx3NMk6F54) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +edit grub + +`/etc/default/grub` + + +Change this line: + +`GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on pcie_acs_override=downstream,multifunction video=efifb:eek:ff"` + +run + +```bash +update-grub +``` + +reboot +```bash +reboot +``` + +Edit +`/etc/modules` + +``` +vfio +vfio_iommu_type1 +vfio_pci +vfio_virqfd +``` + +reboot + +```bash +reboot +``` + + +`/etc/pve/qemu-server/qm.conf` (will be something like `100.conf`) + +```conf +agent: 1 +balloon: 4096 +bios: ovmf +boot: cdn +bootdisk: virtio0 +cores: 8 +cpu: host,hidden=1,flags=+pcid +efidisk0: fast1:vm-100-disk-1,size=128K +hostpci0: 02:00,pcie=1,x-vga=1 +hostpci1: 04:00.0,rombar=0 +ide0: none,media=cdrom +machine: q35 +memory: 14336 +name: beam +numa: 0 +ostype: win10 +scsihw: virtio-scsi-pci +smbios1: uuid=d6febb0d-4242-4bdb-8aea-7c03e7b5df0e +sockets: 1 +unused0: storage1:vm-100-disk-0 +unused1: slow1:vm-100-disk-0 +virtio0: fast1:vm-100-disk-0,size=80G +vmgenid: 524a58dd-7e3e-44f4-abf4-9de0f490d936 +``` + +Add your PCI device + + +edit `/etc/modprobe.d/pve-blacklist.conf` + +```conf +blacklist nvidiafb +blacklist nvidia +blacklist radeon +blacklist nouveau +``` + +## Troubleshooting + +If your Windows machine fails to boot, you may want to create a new Windows VM using UEFI rather than BIOS. + +If your motherboard has onboard GPU set in BIOS to use the onboard primarily or exclusively to free up PCIE GPU + diff --git a/_posts/2020-03-26-gpu-passthrough.md:Zone.Identifier b/_posts/2020-03-26-gpu-passthrough.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-04-02-proxmox-update.md b/_posts/2020-04-02-proxmox-update.md new file mode 100644 index 0000000..3fe5a15 --- /dev/null +++ b/_posts/2020-04-02-proxmox-update.md @@ -0,0 +1,42 @@ +--- +layout: post +title: "How to Update Proxmox VE (No subscription required)" +date: 2020-04-02 09:00:00 -0500 +categories: proxmox +tags: homelab proxmox +--- + +[![How to Update Proxmox VE (No subscription required)](https://img.youtube.com/vi/rfK8fc-ccoQ/0.jpg)](https://www.youtube.com/watch?v=rfK8fc-ccoQ "How to Update Proxmox VE (No subscription required)") + +Have you been thinking about updating your Proxmox VE server? Well, what are you waiting for? Upgrade your Proxmox server in your home lab in just a few minutes with this step-by-step tutorial! + + +[Watch Video](https://www.youtube.com/watch?v=rfK8fc-ccoQ) + +See all the hardware I recommend at + +Edit `/etc/apt/sources.list` + +```bash +deb http://ftp.us.debian.org/debian buster main contrib + +deb http://ftp.us.debian.org/debian buster-updates main contrib + +# security updates +deb http://security.debian.org buster/updates main contrib + +# not for production use +deb http://download.proxmox.com/debian buster pve-no-subscription +``` + +Run + +```bash +apt-get update +``` + +```bash +apt dist-upgrade +``` + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-04-02-proxmox-update.md:Zone.Identifier b/_posts/2020-04-02-proxmox-update.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-04-19-docker-rancher-kubernetes.md b/_posts/2020-04-19-docker-rancher-kubernetes.md new file mode 100644 index 0000000..24210ea --- /dev/null +++ b/_posts/2020-04-19-docker-rancher-kubernetes.md @@ -0,0 +1,43 @@ +--- +layout: post +title: "Docker, Rancher, Kubernetes... Minecraft? (Setup and Install Tutorial)" +date: 2020-04-09 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes docker minecraft gaming +--- + +[![Docker, Rancher, Kubernetes... Minecraft? (Setup and Install Tutorial)](https://img.youtube.com/vi/oILc0ywDVTk/0.jpg)](https://www.youtube.com/watch?v=oILc0ywDVTk "Docker, Rancher, Kubernetes... Minecraft? (Setup and Install Tutorial)") + +If you want to set up Kubernetes at home using Rancher to run Docker containers, this is the guide for you. This is a step by step tutorial of how to install and configure Rancher, Docker, and Kubernetes for your homelab. In this video we set up and configure a Minecraft server in just a matter of minutes with some enterprise like features. You can use this same process to spin up other Docker containers at home on your server or desktop. + +[Watch Video](https://www.youtube.com/watch?v=oILc0ywDVTk) + +See all the hardware I recommend at + +## Install Docker + +To install docker, see [https://docs.technotim.live/posts/docker-compose-install/](https://docs.technotim.live/posts/docker-compose-install/) + +## Install Rancher + +The two paths in the workload configuration need to be reversed: + +- `Path on the Node` should be `mc` +- `Mount Point` should be `/data` + +You'll want to use a command similar to this so that there aren't any port conflicts with other services or kubernetes itself. + +Also, you may want to consider pinning your docker tag to a version other than `latest` to make backing up and upgrading easier. See [here](https://github.com/rancher/rancher/tags) for the latest version. + +```bash +docker run -d --restart=unless-stopped -p 9090:80 -p 9091:443 --privileged -v /opt/rancher:/var/lib/rancher --name=rancher_docker_server rancher/rancher:latest +``` + +## Troubleshooting + +- Make sure you have a static IP on your Rancher host +- Be sure to use the ports above if you want to add SSL later and use commands in future videos +- The new UI is now the "Cluster Explorer". You can toggle between this and the "Cluser Manager" UI by clicking the button. +- Do not create workloads in the `local` cluster. This is a management cluster for Rancher. You should create new cluster for your workload, just like in this video. + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. diff --git a/_posts/2020-04-19-docker-rancher-kubernetes.md:Zone.Identifier b/_posts/2020-04-19-docker-rancher-kubernetes.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-04-19-office-upgrade.md b/_posts/2020-04-19-office-upgrade.md new file mode 100644 index 0000000..9ec851b --- /dev/null +++ b/_posts/2020-04-19-office-upgrade.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Convert ANY Desk to a STANDING Desk: Home Office Upgrade" +date: 2020-04-19 09:00:00 -0500 +categories: vlog +tags: homelab office hardware +--- + +[![Convert ANY Desk to a STANDING Desk: Home Office Upgrade](https://img.youtube.com/vi/wOSx4pDyq7E/0.jpg)](https://www.youtube.com/watch?v=wOSx4pDyq7E "Convert ANY Desk to a STANDING Desk: Home Office Upgrade") + +I decided to tear apart our office and convert my old Ikea hack table tops into a standing desk. Oh, and I also clamped on 3 - 27" 1440p gaming monitors while I was at it 😉 + +[Watch Video](https://www.youtube.com/watch?v=wOSx4pDyq7E) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-04-19-office-upgrade.md:Zone.Identifier b/_posts/2020-04-19-office-upgrade.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-04-26-20-ways-virtual-machine.md b/_posts/2020-04-26-20-ways-virtual-machine.md new file mode 100644 index 0000000..fcb49fc --- /dev/null +++ b/_posts/2020-04-26-20-ways-virtual-machine.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "20 Ways to Use a Virtual Machine (and other ideas for your homelab)" +date: 2020-04-26 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes +--- + +[![20 Ways to Use a Virtual Machine (and other ideas for your homelab)](https://img.youtube.com/vi/SVQmzaSabEQ/0.jpg)](https://www.youtube.com/watch?v=SVQmzaSabEQ "20 Ways to Use a Virtual Machine (and other ideas for your homelab)") + +Looking for new ideas on how to use your virtual machines? Well, here's the top 20 ways to use your virtual machines in your homelab. + + +[Watch Video](https://www.youtube.com/watch?v=SVQmzaSabEQ) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-04-26-20-ways-virtual-machine.md:Zone.Identifier b/_posts/2020-04-26-20-ways-virtual-machine.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-05-03-twitch-bot.md b/_posts/2020-05-03-twitch-bot.md new file mode 100644 index 0000000..74e6fcc --- /dev/null +++ b/_posts/2020-05-03-twitch-bot.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "How to Build a Twitch Bot Using TMI.JS (a moderator bot)" +date: 2020-05-03 09:00:00 -0500 +categories: coding +tags: coding self-hosted twitch javascript +--- + +[![How to Build a Twitch Bot Using TMI.JS (a moderator bot)](https://img.youtube.com/vi/7uSjKbAUHXg/0.jpg)](https://www.youtube.com/watch?v=7uSjKbAUHXg "How to Build a Twitch Bot Using TMI.JS (a moderator bot)") + +Let's build a bot! Not a bad bot like a view bot, but bot for good. Let's build a Twitch moderator bot using tmi.js! The Twitch API is powerful and and already has lots of great bots however no bot has the flexibility of creating your own! In this video I will show you how to build a Twitch bot using TMI.JS from start to finish. You'll see how to use the developer portal, set up oauth, set the correct scopes, get an access token, create a bot using JavaScript, NodeJS, and NPM, invite the bot to your Twitch channel, and have it moderate your chat. Also, We have made this bot open source and will continue to contribute to this bot. + +[Watch Video](https://www.youtube.com/watch?v=7uSjKbAUHXg) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-05-03-twitch-bot.md:Zone.Identifier b/_posts/2020-05-03-twitch-bot.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-05-09-streamlabs-mac.md b/_posts/2020-05-09-streamlabs-mac.md new file mode 100644 index 0000000..66a1b6c --- /dev/null +++ b/_posts/2020-05-09-streamlabs-mac.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Setup and Best Settings for Streamlabs OBS on Mac" +date: 2020-05-09 09:00:00 -0500 +categories: streaming +tags: streaming mac streamlabs obs +--- + +[![Setup and Best Settings for Streamlabs OBS on Mac](https://img.youtube.com/vi/MMGg3g_72zI/0.jpg)](https://www.youtube.com/watch?v=MMGg3g_72zI "Setup and Best Settings for Streamlabs OBS on Mac") + +Streamlabs OBS for MacOS is here! In this video we'll walk through setting up Streamlabs step by step. We'll install Streamlabs OBS, set up desktop audio with iShowU Audio Capture so you can capture desktop audio, configure our webcam and game capture with a Cam Link, set up our alerts, configure the best possible streaming settings for Streamlabs, adjust our streaming layout, and go live. + +[Watch Video](https://www.youtube.com/watch?v=MMGg3g_72zI) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-05-09-streamlabs-mac.md:Zone.Identifier b/_posts/2020-05-09-streamlabs-mac.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-05-16-proxmox-pfsense.md b/_posts/2020-05-16-proxmox-pfsense.md new file mode 100644 index 0000000..85ddf92 --- /dev/null +++ b/_posts/2020-05-16-proxmox-pfsense.md @@ -0,0 +1,24 @@ +--- +layout: post +title: "How to Virtualize Your Home Router / Firewall Using pfSense" +date: 2020-05-16 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes +--- + +[![How to Virtualize Your Home Router / Firewall Using pfSense](https://img.youtube.com/vi/hdoBQNI_Ab8/0.jpg)](https://www.youtube.com/watch?v=hdoBQNI_Ab8 "How to Virtualize Your Home Router / Firewall Using pfSense") + +It's time to say goodbye to your home router and start virtualizing it using Proxmox and pfSense. + +pfSense Community Edition Download: https://www.pfsense.org/download/ +Get started with Proxmox today: https://www.youtube.com/watch?v=hdoBQNI_Ab8 + +[Watch Video](https://www.youtube.com/watch?v=hdoBQNI_Ab8) + +## Enable PCI Passthrough + +[https://pve.proxmox.com/wiki/PCI(e)_Passthrough](https://pve.proxmox.com/wiki/PCI(e)_Passthrough) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-05-16-proxmox-pfsense.md:Zone.Identifier b/_posts/2020-05-16-proxmox-pfsense.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-05-23-plex-containerized.md b/_posts/2020-05-23-plex-containerized.md new file mode 100644 index 0000000..4365020 --- /dev/null +++ b/_posts/2020-05-23-plex-containerized.md @@ -0,0 +1,71 @@ +--- +layout: post +title: "4 Ways to Install Plex (one is unexpected)" +date: 2020-05-23 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes portainer docker plex self-hosted +--- + +[![4 Ways to Install Plex (one is unexpected)](https://img.youtube.com/vi/MG_1XQxWns0/0.jpg)](https://www.youtube.com/watch?v=MG_1XQxWns0 "4 Ways to Install Plex (one is unexpected)") + +I'm a huge fan of virtualization and containerization (if you couldn't tell already)! Today, we'll walk though the various ways to install Plex step-by-step. We also see how easy it is to get Plex running on Docker and Kubernetes using Rancher. + +[Watch Video](https://www.youtube.com/watch?v=MG_1XQxWns0) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Id for Container + +Get Id and Group Id + +```bash +id yourusername +``` + +Should see something like this: + +``` +uid=1001(technotim) gid=1001(technotim) groups=1001(technotim),27(sudo),999(docker) +``` + + +## Mount Shares During Boot + +Install `cifs-utils` + +```bash +sudo apt-get install cifs-utils +``` + +Create credentials files for share + +```bash +sudo nano /home/technotim/.smbcredentials +``` + + +Set permissions + +```bash +chmod 600 ~/.smbcredentials +``` + + +``` +username=yourUsyourusernameername +password=yourPassword +``` + +Edit `/etc/fstab` + +```bash +//192.168.0.22/plex_media/movies /mnt/movies cifs credentials=/home/technotim/.smbcredentials 0 0 +//192.168.0.22/plex_media/music /mnt/music cifs credentials=/home/technotim/.smbcredentials 0 0 +``` +Then reboot or +```bash +sudo mount -a +``` +to mount diff --git a/_posts/2020-05-23-plex-containerized.md:Zone.Identifier b/_posts/2020-05-23-plex-containerized.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-05-30-pihole-containerized.md b/_posts/2020-05-30-pihole-containerized.md new file mode 100644 index 0000000..e54255f --- /dev/null +++ b/_posts/2020-05-30-pihole-containerized.md @@ -0,0 +1,60 @@ +--- +layout: post +title: "PiHole on Docker and Kubernetes (I almost gave up)" +date: 2020-05-30 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker portainer self-hosted pi-hole +--- + +[![PiHole on Docker and Kubernetes (I almost gave up)](https://img.youtube.com/vi/NRe2-vye3ik/0.jpg)](https://www.youtube.com/watch?v=NRe2-vye3ik "PiHole on Docker and Kubernetes (I almost gave up)") + +We know you've heard of Pihole and we know you are probably aware of how to install it but... have you tried running it on Docker and Kubernetes using Rancher? Have you configured it for pfSense? Don't worry, I figured out all the hard stuff for you. So let's consolidate some hardware and services. + + +[Watch Video](https://www.youtube.com/watch?v=NRe2-vye3ik) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +Ubuntu Fix + +```bash +sudo apt-get update +``` + +```bash +sudo apt-get install resolvconf +``` + +```bash +sudo nano /etc/resolvconf/resolv.conf.d/head +``` + +enabled & start service + +```bash +sudo systemctl enable resolvconf.service +``` + +```bash +sudo systemctl start resolvconf.service +``` + +add your upstream DNS (I use Quad9) + +``` +nameserver 9.9.9.9 +``` + +update resolv.conf after adding nameserver + +```bash +sudo resolvconf -u +``` + +Set pi-hole password + +```bash +sudo pihole -a -p +``` diff --git a/_posts/2020-05-30-pihole-containerized.md:Zone.Identifier b/_posts/2020-05-30-pihole-containerized.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-06-06-virtualize-vs-containerize.md b/_posts/2020-06-06-virtualize-vs-containerize.md new file mode 100644 index 0000000..dc0a520 --- /dev/null +++ b/_posts/2020-06-06-virtualize-vs-containerize.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Virtualize vs. Containerize (Which should I choose?)" +date: 2020-06-06 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes proxmox docker portainer +--- + +[![Virtualize vs. Containerize (Which should I choose?)](https://img.youtube.com/vi/pxwUXJmAER4/0.jpg)](https://www.youtube.com/watch?v=pxwUXJmAER4 "Virtualize vs. Containerize (Which should I choose?)") + +Should I virtualize this? Should I containerize this? These are great questions to ask yourself when spinning up self-hosted services in your Homelab environment. We'll review my previous video (20 Ways to Use a Virtual Machine (and other ideas for your homelab https://www.youtube.com/watch?v=pxwUXJmAER4) and decide which should run in a Docker container, which should be virtualized with Proxmox, and which should run on hardware as bare metal. + + +[Watch Video](https://www.youtube.com/watch?v=pxwUXJmAER4) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-06-06-virtualize-vs-containerize.md:Zone.Identifier b/_posts/2020-06-06-virtualize-vs-containerize.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-06-13-home-assistant.md b/_posts/2020-06-13-home-assistant.md new file mode 100644 index 0000000..0fa8591 --- /dev/null +++ b/_posts/2020-06-13-home-assistant.md @@ -0,0 +1,64 @@ +--- +layout: post +title: "Home Assistant on Docker and Kubernetes (Open Source Home Automation)" +date: 2020-06-13 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker portainer self-hosted home-assistant +--- + +[![Home Assistant on Docker and Kubernetes (Open Source Home Automation)](https://img.youtube.com/vi/DK_Gdtn_wvw/0.jpg)](https://www.youtube.com/watch?v=DK_Gdtn_wvw "Home Assistant on Docker and Kubernetes (Open Source Home Automation)") + +Are you ready to start automating your smart home with the power of open source? Do you already have Home Assistant running but need a little more power than a Raspberry Pi? If so, join me in this easy to follow, step by step tutorial on installing Home Assistant on Docker, Kubernetes, and Rancher. We'll set it up, walk through and configure the UI, and then move on to configure some Wemo smart switches, Phillips Hue bulbs, Google Home / Chromecast devices, and even create a Dark Mode / Light mode automation script using Phillips Hue Scenes! + +[Watch Video](https://www.youtube.com/watch?v=DK_Gdtn_wvw) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +`configuration.yaml` + +```yml +# Configure a default setup of Home Assistant (frontend, api, etc) +default_config: + +# Text to speech +tts: + - platform: google_translate + +group: !include groups.yaml +automation: !include automations.yaml +script: !include scripts.yaml +scene: !include scenes.yaml + +wemo: + discovery: true +``` + + +`scripts.yaml` + +```yml +'1591564249617': + alias: Dark Mode + sequence: + - data: + group_name: Office + scene_name: Gaming + service: hue.hue_activate_scene + - device_id: f41ccf86433148dcbd8e932d1412f12a + domain: switch + entity_id: switch.gaming_lights + type: turn_on +'1591564322588': + alias: Light Mode + sequence: + - data: + group_name: Office + scene_name: Energize + service: hue.hue_activate_scene + - device_id: f41ccf86433148dcbd8e932d1412f12a + domain: switch + entity_id: switch.gaming_lights + type: turn_off +``` \ No newline at end of file diff --git a/_posts/2020-06-13-home-assistant.md:Zone.Identifier b/_posts/2020-06-13-home-assistant.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-06-20-heimdall-dashboard.md b/_posts/2020-06-20-heimdall-dashboard.md new file mode 100644 index 0000000..86c338a --- /dev/null +++ b/_posts/2020-06-20-heimdall-dashboard.md @@ -0,0 +1,19 @@ +--- +layout: post +title: "Meet Heimdall, Your Homelab Application Dashboard" +date: 2020-06-20 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes portainer docker heimdall self-hosted +--- + +[![Meet Heimdall, Your Homelab Application Dashboard](https://img.youtube.com/vi/PA01Z6-z8Qs/0.jpg)](https://www.youtube.com/watch?v=PA01Z6-z8Qs "Meet Heimdall, Your Homelab Application Dashboard") + + +Tired of bookmarking all of your self-hosted services only to lose them? Want access to all your sites from anywhere in the world? Well, Heimdall can help with a clean, responsive, and beautiful dashboard for all of your Homelab services. So join me in this tutorial as we install and configure Heimdall on Docker and Kubernetes and build a dashboard with live icons. + + +[Watch Video](https://www.youtube.com/watch?v=PA01Z6-z8Qs) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-06-20-heimdall-dashboard.md:Zone.Identifier b/_posts/2020-06-20-heimdall-dashboard.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-06-27-rancher-2-upgrade-backup-restore.md b/_posts/2020-06-27-rancher-2-upgrade-backup-restore.md new file mode 100644 index 0000000..ffd7822 --- /dev/null +++ b/_posts/2020-06-27-rancher-2-upgrade-backup-restore.md @@ -0,0 +1,213 @@ +--- +layout: post +title: "How to Upgrade, Backup, and Restore Rancher 2" +date: 2020-06-27 09:00:00 -0500 +categories: kubernetes rancher +tags: homelab rancher kubernetes +--- + +[![How to Upgrade, Backup, and Restore Rancher 2](https://img.youtube.com/vi/YWqBxCIfxw4/0.jpg)](https://www.youtube.com/watch?v=YWqBxCIfxw4 "How to Upgrade, Backup, and Restore Rancher 2") + +It use to be hard to back up Rancher, but with Rancher 2 it's super simple. Upgrading, backing up, and restoring your Rancher server should be part of your regular routine. Join me in this tutorial as we walk through backing up, upgrading, and restoring a single node Rancher Docker install in just a couple of minutes. Trust me, you'll feel better after you do. + +[Watch Video](https://www.youtube.com/watch?v=YWqBxCIfxw4) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +* Need to install Rancher? See my guide https://www.youtube.com/watch?v=YWqBxCIfxw4 + +* See the full guide from Rancher https://rancher.com/docs/rancher/v2.x/en/upgrades/upgrades/single-node/ + +## Upgrade & Backup Outline + +* Create a copy of the data from your Rancher server container +* Create a backup tarball +* Pull the new Docker image +* Start the new Rancher server container +* Verify the Upgrade +* Clean up your old Rancher server container + + +See all containers + +```bash +docker ps +``` + + +See all containers including stopped ones + +```bash +docker ps -a +``` + + +Stop the container + +```bash +docker stop +``` + +Create a data container + +```bash +docker create --volumes-from --name rancher-data- rancher/rancher: +``` + +Create a backup tarball + +```bash +docker run --volumes-from rancher-data- -v $PWD:/backup:z busybox tar pzcvf /backup/rancher-data-backup--.tar.gz /var/lib/rancher + +``` + +Run `ls` and you should see your tarball + +```bash +rancher-data-backup-v2.4.3-2020-06-21.tar.gz +``` + + +Pull a new docker image + +```bash +docker pull rancher/rancher: +``` + +Start your new rancher server container. + +Use the command you used to create your initial container, it looks something like this. + +```bash +docker run -d --restart=unless-stopped -p 9090:80 -p 9091:443 --privileged -v /opt/rancher:/var/lib/rancher --name=rancher_docker_server rancher/rancher: +``` + +Check to see if it's running + +```bash +docker ps +``` + +## Restoring Rancher from Backup + +Use the command you used to create your initial container, it looks something like this. + +```bash +docker run -d --restart=unless-stopped -p 9090:80 -p 9091:443 --privileged -v /opt/rancher:/var/lib/rancher --name=rancher_docker_server rancher/rancher: +``` + +Stop the container + +```bash +docker stop +``` + +Delete state data and replace from backup + +```bash +docker run --volumes-from -v $PWD:/backup \ +busybox sh -c "rm /var/lib/rancher/* -rf && \ +tar pzxvf /backup/rancher-data-backup--.tar.gz" +``` + +Start the container + +```bash +docker start +``` + + + + + +## Unofficial Way + + +### Backup + +```bash +cd /opt +``` + +```bash +docker stop rancher_docker_server +``` + +if this fails it means you named your container something else, find it by running `docker ps` + +```bash +sudo tar czpf rancher-data-backup-VERSION-DATE-unofficial.tar.gz rancher +``` + +```bash +sudo mv rancher-data-backup-VERSION-DATE-unofficial.tar.gz ~/ +``` + +```bash + docker start rancher_docker_server +``` + +### Restore + + +```bash +cd /opt +``` + +```bash +docker stop rancher_docker_server +``` + +if this fails it means you named your container something else, find it by running `docker ps` + +```bash +sudo tar xzpf rancher-data-backup-VERSION-DATE-unofficial.tar.gz +``` + +```bash + docker start rancher_docker_server +``` + + +### Backup script + +Your rancher server must be named similar to `rancher_docker_server_v2.4.5` otherwise you'll need to modify this. +This will not work with `latest` tag, so be sure to pin your version. + +It will need to be run with `sudo` or scheduled in `sudo crontab -e` + +`rancher_backup.sh` + +```bash +# go to rancher dir +cd /opt + +# get current rancher tag +RANCHER_TAG=$(docker ps | grep rancher/rancher | grep -Eio 'rancher/rancher:.{0,6}' | sed 's/rancher\/rancher://g') + +# date format +TODAY=`date -I` + +# stop docker container +docker stop rancher_docker_server_$RANCHER_TAG + +# create tar +tar czpf rancher-data-backup-$RANCHER_TAG-$TODAY-unofficial.tar.gz rancher + +# move tar +mv rancher-data-backup-$RANCHER_TAG-$TODAY-unofficial.tar.gz /home/USERNAME/backups/rancher_backups/ + +# start server +docker start rancher_docker_server_$RANCHER_TAG + +``` + + +### upgrading to a new version + +```bash +NEW_VERSION_TAG=v2.4.8 +docker run -d --restart=unless-stopped -p 9090:80 -p 9091:443 --privileged -v /opt/rancher:/var/lib/rancher --name=rancher_docker_server_$NEW_VERSION_TAG rancher/rancher:$NEW_VERSION_TAG +``` \ No newline at end of file diff --git a/_posts/2020-06-27-rancher-2-upgrade-backup-restore.md:Zone.Identifier b/_posts/2020-06-27-rancher-2-upgrade-backup-restore.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-07-03-slack-bot.md b/_posts/2020-07-03-slack-bot.md new file mode 100644 index 0000000..d2d4df5 --- /dev/null +++ b/_posts/2020-07-03-slack-bot.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "How to Build a Slack Bot" +date: 2020-07-04 09:00:00 -0500 +categories: coding +tags: coding self-hosted slack +--- + +[![How to Build a Slack Bot](https://img.youtube.com/vi/AajBk59nOgw/0.jpg)](https://www.youtube.com/watch?v=AajBk59nOgw "How to Build a Slack Bot") + +Slack is a great chat and communication tool used by small and large businesses as well as personal use. Slack has a great API and great official Node JS clients that help you automate many features of Slack. If you're thinking of building a bot for Slack, be sure to follow this step by step tutorial on how to build a Slack bot in JavaScript using the Slack API and the Node Slack SDK. With this SDK, we can connect to the Slack Web API and event hook into events using the RTM API and build a bot in just a few minutes that you can add to your Slack server today. + +[Watch Video](https://www.youtube.com/watch?v=AajBk59nOgw) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-07-03-slack-bot.md:Zone.Identifier b/_posts/2020-07-03-slack-bot.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-07-11-homelab-hardware-tour.md b/_posts/2020-07-11-homelab-hardware-tour.md new file mode 100644 index 0000000..1e764fe --- /dev/null +++ b/_posts/2020-07-11-homelab-hardware-tour.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Techno Tim Homelab Tour -- Server Rack and Network" +date: 2020-07-11 09:00:00 -0500 +categories: homelab +tags: homelab hardware +--- + +[![Techno Tim Homelab Tour -- Server Rack and Network](https://img.youtube.com/vi/23jbcw_n20I/0.jpg)](https://www.youtube.com/watch?v=23jbcw_n20I "Techno Tim Homelab Tour -- Server Rack and Network") + +You asked for a tour of my homelab, well here it is. In this tour I will take you through my home server rack and network setup. This includes my all of my home networking equipment, my servers, disk array, and everything else in my server rack. + +[Watch Video](https://www.youtube.com/watch?v=23jbcw_n20I) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-07-11-homelab-hardware-tour.md:Zone.Identifier b/_posts/2020-07-11-homelab-hardware-tour.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-07-18-homelab-services-tour-2020.md b/_posts/2020-07-18-homelab-services-tour-2020.md new file mode 100644 index 0000000..2bed052 --- /dev/null +++ b/_posts/2020-07-18-homelab-services-tour-2020.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Homelab Services Tour -- What am I running on my Homelab?" +date: 2020-07-18 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes proxmox truenas docker +--- + +[![Homelab Services Tour -- What am I running on my Homelab?](https://img.youtube.com/vi/NHvoN-phAgo/0.jpg)](https://www.youtube.com/watch?v=NHvoN-phAgo "Homelab Services Tour -- What am I running on my Homelab?") + +In my homelab tour, I showed you my hardware and network setup that powers all the infrastructure at home. Then, many of you asked which services I am hosting on this hardware. Well, here it is. This is a tour of all the self hosted services I have running in my Homelab. + +[Watch Video](https://www.youtube.com/watch?v=NHvoN-phAgo) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-07-18-homelab-services-tour-2020.md:Zone.Identifier b/_posts/2020-07-18-homelab-services-tour-2020.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-07-25-proxmox-backup-server.md b/_posts/2020-07-25-proxmox-backup-server.md new file mode 100644 index 0000000..0df8724 --- /dev/null +++ b/_posts/2020-07-25-proxmox-backup-server.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Proxmox Backup Server Install Tutorial" +date: 2020-07-25 09:00:00 -0500 +categories: proxmox +tags: homelab proxmox +--- + +[![Proxmox Backup Server Install Tutorial](https://img.youtube.com/vi/jLBNm0fNIog/0.jpg)](https://www.youtube.com/watch?v=jLBNm0fNIog "Proxmox Backup Server Install Tutorial") + +Proxmox Backup Server is an enterprise-class client-server backup software that backs up virtual machines, containers, and physical hosts. In this step by step tutorial, we install and configure Proxmox Backup Server (PBS) and back up all of our virtual machines. We'll start with nothing and end up with a fully functional Proxmox Backup Server with a ZFS datastore you can use to back up and restore your machines today. + +[Watch Video](https://www.youtube.com/watch?v=jLBNm0fNIog) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-07-25-proxmox-backup-server.md:Zone.Identifier b/_posts/2020-07-25-proxmox-backup-server.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-08-01-upgrade-freenas-to-truenas.md b/_posts/2020-08-01-upgrade-freenas-to-truenas.md new file mode 100644 index 0000000..716ff23 --- /dev/null +++ b/_posts/2020-08-01-upgrade-freenas-to-truenas.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "How to Upgrade FreeNAS to TrueNAS" +date: 2020-08-01 09:00:00 -0500 +categories: truenas +tags: homelab truenas +--- + +[![How to Upgrade FreeNAS to TrueNAS](https://img.youtube.com/vi/SsxvPhlOiYI/0.jpg)](https://www.youtube.com/watch?v=SsxvPhlOiYI "How to Upgrade FreeNAS to TrueNAS") + +Want to migrate FreeNAS to TrueNAS today? It's simple using this step by step tutorial. We'll walk through how to upgrade FreeNAS to TreNAS CORE. We'll cover upgrading FreeNAS to TrueNAS on a physical machine (bare metal) as well as a virtualized install of FreeNAS. We'll prepare our services, jails, plugins, virtual machines, pools, and disks for the migration and then upgrade each. We'll even show you how to do an offline upgrade of TrueNAS and then how to upgrade a ZFS pool with newer feature flags. Finally we'll walk through what's different between TrueNAS and FreeNAS. + + +[Watch Video](https://www.youtube.com/watch?v=SsxvPhlOiYI) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-08-01-upgrade-freenas-to-truenas.md:Zone.Identifier b/_posts/2020-08-01-upgrade-freenas-to-truenas.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-08-08-code-server-self-host.md b/_posts/2020-08-08-code-server-self-host.md new file mode 100644 index 0000000..9e5dbb2 --- /dev/null +++ b/_posts/2020-08-08-code-server-self-host.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Self-Host Code Server in Your Homelab -- VS Code in a Browser!" +date: 2020-08-08 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker portainer self-hosted vscode +--- + +[![Self-Host Code Server in Your Homelab -- VS Code in a Browser!](https://img.youtube.com/vi/_QwQnyoz_-w/0.jpg)](https://www.youtube.com/watch?v=_QwQnyoz_-w "Self-Host Code Server in Your Homelab -- VS Code in a Browser!") + + +Have you ever wanted to run VS Code in your browser? What if you had access to your terminal and could pull and commit code as well as push it up to GitHub all from a browser or tablet? That's exactly what code server does! In this tutorial we'll walk through step by step of how to install and configure code server to get it self-hosted in your homelab. We'll start with bare metal and virtualization and then work our way up to Docker, Kubernetes, and Rancher. Then, you don't have to carry around your laptop anymore! You can preserve battery life on the go and leave the intensive tasks to your homelab server. + +[Watch Video](https://www.youtube.com/watch?v=_QwQnyoz_-w) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-08-08-code-server-self-host.md:Zone.Identifier b/_posts/2020-08-08-code-server-self-host.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-08-15-reverse-proxy-kubernetes.md b/_posts/2020-08-15-reverse-proxy-kubernetes.md new file mode 100644 index 0000000..e9c8afc --- /dev/null +++ b/_posts/2020-08-15-reverse-proxy-kubernetes.md @@ -0,0 +1,111 @@ +--- +layout: post +title: "Self-Hosting Your Homelab Services with SSL -- Let's Encrypt, MetalLB, Traefik, Rancher, Kubernetes" +date: 2020-08-15 09:00:00 -0500 +categories: kubernetes rancher +tags: homelab rancher kubernetes traefik wsl +--- + +[![Self-Hosting Your Homelab Services with SSL -- Let's Encrypt, MetalLB, Traefik, Rancher, Kubernetes](https://img.youtube.com/vi/pAM2GBCDGTo/0.jpg)](https://www.youtube.com/watch?v=pAM2GBCDGTo "Self-Hosting Your Homelab Services with SSL -- Let's Encrypt, MetalLB, Traefik, Rancher, Kubernetes") + +Are you self-hosting lots of services at home in your homelab? Have you been port forwarding or using VPN to access your self-hosted services wishing you had certificates so that you can access them securely over SSL? Well after this video, you can! In this step by step tutorial we'll walk through setting up Rancher and Kubernetes with a reverse proxy, Kubernetes Ingress, MetalLB, Traefik, Let's Encrypt, and DNS giving you free certificates. + +[Watch Video](https://www.youtube.com/watch?v=pAM2GBCDGTo) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Install WSL on Windows 10 + +https://www.youtube.com/watch?v=kL8iGErULiw + + +## Install `kubectl` + +https://kubernetes.io/docs/tasks/tools/install-kubectl/ + + +## Install MetalLB + +https://metallb.universe.tf/installation/ + +`kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.5/manifests/namespace.yaml` + +`kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.5/manifests/metallb.yaml` + +You should only ever run this step once. + +`kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"` + + +sample `config.yaml` + +```yml +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: config +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - 192.168.1.240-192.168.1.250 +``` + +`kubectl apply -f config.yaml` + +## Traefik + +traefik sample answers yaml + +*change "staging: true" to "staging: false" once you confirm its all working to get the live certs* + +```yml +--- + defaultImage: true + imageTag: "1.7.14" + serviceType: "LoadBalancer" + debug: + enabled: false + rbac: + enabled: true + ssl: + enabled: true + enforced: true + permanentRedirect: false + acme: + enabled: true + email: "you@example.com" + onHostRule: true + staging: true + logging: true + challengeType: "dns-01" + dnsProvider: + name: "cloudflare" + existingSecretName: "cloudflare-dns" + persistence: + enabled: true + dashboard: + enabled: true + domain: "traefik.example.com" + auth: + basic: "" +``` + + +## Traefik Helm + +https://hub.helm.sh/charts/stable/traefik + + +## Traefik DNS Providers + +https://docs.traefik.io/https/acme/#providers + +## Troubleshooting + +Be sure that your Traefik yaml matches the code above exactly, including whitespace. Yaml is whitespace sensitive. diff --git a/_posts/2020-08-15-reverse-proxy-kubernetes.md:Zone.Identifier b/_posts/2020-08-15-reverse-proxy-kubernetes.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-08-22-duck-dns.md b/_posts/2020-08-22-duck-dns.md new file mode 100644 index 0000000..9ebbe1a --- /dev/null +++ b/_posts/2020-08-22-duck-dns.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Self-Host All Your Homelab Services with DuckDNS -- Free Dynamic DNS Running on Docker" +date: 2020-08-22 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker portainer duckdns +--- + +[![Self-Host All Your Homelab Services with DuckDNS -- Free Dynamic DNS Running on Docker](https://img.youtube.com/vi/bVmUV1G5wpI/0.jpg)](https://www.youtube.com/watch?v=bVmUV1G5wpI "Self-Host All Your Homelab Services with DuckDNS -- Free Dynamic DNS Running on Docker") + +Are you trying to access your self-hosted services outside of your firewall? Are you tired of trying to remember your IP when away, or worse yet, having your ISP change your IP address? Have you not purchased a domain yet but want to access your own personal VPN? If you answered "YES" to any of these, join me as we walk through this step-by-step tutorial and set up DuckDNS, the free dynamic DNS service, using Docker and then move on to use Rancher and Kubernetes. + +[Watch Video](https://www.youtube.com/watch?v=bVmUV1G5wpI) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-08-22-duck-dns.md:Zone.Identifier b/_posts/2020-08-22-duck-dns.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-08-29-portainer-2.md b/_posts/2020-08-29-portainer-2.md new file mode 100644 index 0000000..c1599e9 --- /dev/null +++ b/_posts/2020-08-29-portainer-2.md @@ -0,0 +1,83 @@ +--- +layout: post +title: "Portainer 2.0 -- Now with more Kubernetes!" +date: 2020-08-29 09:00:00 -0500 +categories: portainer +tags: homelab kubernetes portainer +--- + +[![Portainer 2.0 -- Now with more Kubernetes!](https://img.youtube.com/vi/jzhd6tcjvw0/0.jpg)](https://www.youtube.com/watch?v=jzhd6tcjvw0 "Portainer 2.0 -- Now with more Kubernetes!") + +What's new in Portainer 2.0? Well, a ton. With the release of Portainer 2 you now have the option to install Kubernetes. This makes installing, managing, and deploying Kubenetes really easy. In this step by step tutorial, we'll start with nothing and end up with a fully working Portainer 2 server running Kubernetes. We'll set up k3s using k3d, install kubectl, and then spin up Portainer. As an added bonus, we'll also run a Minecraft server in Kubernetes as a proof of work. Double bonus, we'll cover how to pronounce kubectl... + +[Watch Video](https://www.youtube.com/watch?v=jzhd6tcjvw0) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Let's get started + +Here are the commands used in the video. Be sure to use them appropriately. + +### Install ubuntu + +https://ubuntu.com/ + +### Install Docker + +To install docker, see [https://docs.technotim.live/posts/docker-compose-install/](https://docs.technotim.live/posts/docker-compose-install/) + +### Install kubectl + +https://kubernetes.io/docs/tasks/tools/install-kubectl/ + +```bash +curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" +``` + +```bash +chmod +x ./kubectl +``` + +```bash +sudo mv ./kubectl /usr/local/bin/kubectl +``` + +```bash +kubectl version --client +``` + +### Install k3d + +[https://github.com/rancher/k3d](https://github.com/rancher/k3d) + +```bash +curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash +``` + +### Install k3s + +```bash +k3d cluster create portainer --api-port 6443 --servers 1 --agents 1 -p "30000-32767:30000-32767@server:0" +``` + +```bash +k3d cluster create portainer --api-port 6443 --servers 1 --agents 1 -p "30000-32767:30000-32767@server:0" +``` + +### Install Portainer + +[https://github.com/portainer/k8s](https://github.com/portainer/k8s) + +```bash +kubectl create namespace portainer +kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml +``` + +```bash +The Portainer UI is hosted on port `30777` + + + Example: `http://192.168.0.1:30777` +``` diff --git a/_posts/2020-08-29-portainer-2.md:Zone.Identifier b/_posts/2020-08-29-portainer-2.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-09-05-host-rancher-securely.md b/_posts/2020-09-05-host-rancher-securely.md new file mode 100644 index 0000000..f4069c7 --- /dev/null +++ b/_posts/2020-09-05-host-rancher-securely.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "SSL, Traefik, and OAuth for Rancher! (Google, GitHub, Keycloak, Azure, and more!)" +date: 2020-09-05 09:00:00 -0500 +categories: kubernetes rancher +tags: homelab rancher kubernetes github +--- + +[![SSL, Traefik, and OAuth for Rancher! (Google, GitHub, Keycloak, Azure, and more!)](https://img.youtube.com/vi/Af7HXhElams/0.jpg)](https://www.youtube.com/watch?v=Af7HXhElams "SSL, Traefik, and OAuth for Rancher! (Google, GitHub, Keycloak, Azure, and more!)") + +Do you want to self host your Rancher UI securely in your homelab? Have you thought about putting your Rancher UI behind Traefik and your reverse proxy to get free SSL certificates using Let's Encrypt? Do you want to make your Rancher UI available publicly and secure it using 3rd party OAuth providers like Google, GitHub, Keycloak, Okta, Shibboleth, and more? Well this is the guide for you. In this step-by-step tutorial we'll walk through setting up the Rancher UI to use Traefik reverse proxy, get SSL certificates using Let's Encrypt, host our UI publicly, and then add 3rd party OAuth providers so that we can use 2 factor authentication (2FA) and all of the other security features auth providers give us. + +[Watch Video](https://www.youtube.com/watch?v=Af7HXhElams) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-09-05-host-rancher-securely.md:Zone.Identifier b/_posts/2020-09-05-host-rancher-securely.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-09-12-self-hosted-devops-stack.md b/_posts/2020-09-12-self-hosted-devops-stack.md new file mode 100644 index 0000000..5f04446 --- /dev/null +++ b/_posts/2020-09-12-self-hosted-devops-stack.md @@ -0,0 +1,101 @@ +--- +layout: post +title: "Build & Deploy Your Own Code in Your Homelab!" +date: 2020-09-12 09:00:00 -0500 +categories: self-hosted homelab +tags: homelab rancher kubernetes gitlab +--- + +[![Build & Deploy Your Own Code in Your Homelab!](https://img.youtube.com/vi/Xc94HJn1nNo/0.jpg)](https://www.youtube.com/watch?v=Xc94HJn1nNo "Build & Deploy Your Own Code in Your Homelab!") + +So you're a software engineer or a developer who wants to self-host your own code in your own homelab? Well this is the tutorial for you! In this step-by-step guide we'll walk through setting up a repo, building and testing our own code (with unit tests) in a self-hosted Gitlab CI runner in our CI pipeline, then we'll build a Docker image and push it up to a container registry, then we'll use kubectl in our CD pipeline to deploy our Docker container to our self-hosted kubernetes cluster! This all happens in a couple of minutes and then we'll truly have continuous integration and continuous delivery in our homelab! + +[Watch Video](https://www.youtube.com/watch?v=Xc94HJn1nNo) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Helpful videos + +1 - [Set Up Kubernetes with Rancher](https://www.youtube.com/watch?v=oILc0ywDVTk) + +2 - [Set up a reverse proxy and SSL with Traefik](https://www.youtube.com/watch?v=pAM2GBCDGTo) + +3 - [Expose Rancher and Kubernetes API Securely](https://www.youtube.com/watch?v=Af7HXhElams) + +## GitLab react app + +See the app here: + +[https://github.com/techno-tim/techno-react](https://github.com/techno-tim/techno-react) + +Docker file: + +[https://github.com/techno-tim/techno-react/blob/master/Dockerfile](https://github.com/techno-tim/techno-react/blob/master/Dockerfile) + +Kubernetes deployment yaml + +[https://github.com/techno-tim/techno-react/blob/master/kubernetes/deployment.yaml](https://github.com/techno-tim/techno-react/blob/master/kubernetes/deployment.yaml) + +nginx config for your react application + +[https://github.com/techno-tim/techno-react/blob/master/nginx.conf](https://github.com/techno-tim/techno-react/blob/master/nginx.conf) + +`pbcopy` for WSL on Windows + +[https://www.techtronic.us/pbcopy-pbpaste-for-wsl/](https://www.techtronic.us/pbcopy-pbpaste-for-wsl/) +[https://www.techtronic.us/pbcopy-pbpaste-for-wsl/](https://www.techtronic.us/pbcopy-pbpaste-for-wsl/) + +Example `config.toml` for your GitLab runner. + +```toml +concurrent = 1 +check_interval = 0 + +[session_server] + session_timeout = 1800 + +[[runners]] + name = "rancher-gitlab-runner" + url = "https://gitlab.com" + token = "your-gitlab-runner-token" + executor = "docker" + [runners.custom_build_dir] + [runners.cache] + [runners.cache.s3] + [runners.cache.gcs] + [runners.docker] + tls_verify = false + image = "docker:stable" + privileged = false + disable_entrypoint_overwrite = false + oom_kill_disable = false + disable_cache = false + volumes = [\"/var/run/docker.sock:/var/run/docker.sock\", \"/cache\"] + shm_size = 0 +``` + +example `~/.kube/config` for your GitLab secret + +```yml + +apiVersion: v1 +kind: Config +clusters: +- name: "cluster1" + cluster: + server: "https://your.rancher.url/k8s/clusters/c-cluster-id" +users: +- name: "cluster1" + user: + token: "your kubernetes token" + +contexts: +- name: "cluster1" + context: + user: "cluster1" + cluster: "cluster1" + +current-context: "cluster1" +``` diff --git a/_posts/2020-09-12-self-hosted-devops-stack.md:Zone.Identifier b/_posts/2020-09-12-self-hosted-devops-stack.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-09-19-unifi-ap-bridge-mode.md b/_posts/2020-09-19-unifi-ap-bridge-mode.md new file mode 100644 index 0000000..5d4391d --- /dev/null +++ b/_posts/2020-09-19-unifi-ap-bridge-mode.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Bridge Mode with UniFi Access Points" +date: 2020-09-19 09:00:00 -0500 +categories: homelab +tags: homelab network unifi hardware +--- + +[![Bridge Mode with UniFi Access Points](https://img.youtube.com/vi/UCB61jc0PUA/0.jpg)](https://www.youtube.com/watch?v=UCB61jc0PUA "Bridge Mode with UniFi Access Points") + +Do you have some places where you can't run ethernet? Do want to extend your ethernet without pulling more cable? Well this is the guide for you. In this step-by-step tutorial we'll use a Ubiquiti UniFi AP AC PRO and connect a second as a guest, giving use remote ethernet to a remote site! This is the pro tip guide to setting up a wireless bridge! Bonus, we'll even do a live throughput test to see how much bandwidth we get running in bridge mode with 2 AC Pros! + +[Watch Video](https://www.youtube.com/watch?v=UCB61jc0PUA) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-09-19-unifi-ap-bridge-mode.md:Zone.Identifier b/_posts/2020-09-19-unifi-ap-bridge-mode.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-09-26-guacamole-remote-access-gateway.md b/_posts/2020-09-26-guacamole-remote-access-gateway.md new file mode 100644 index 0000000..703b71c --- /dev/null +++ b/_posts/2020-09-26-guacamole-remote-access-gateway.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Meet Guacamole, Your Remote Access Gateway" +date: 2020-09-26 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes self-hosted guacamole portainer docker vnc ssh rdp +--- + +[![Meet Guacamole, Your Remote Access Gateway](https://img.youtube.com/vi/LWdxhZyHT_8/0.jpg)](https://www.youtube.com/watch?v=LWdxhZyHT_8 "Meet Guacamole, Your Remote Access Gateway") + +Do you have a lot of virtual machines? Are you running Windows, Linux, and Mac and need remote access from a single UI? Well, Apache Guacamole is for you! Apache Guacamole is a clientless remote access gateway that give you a web portal to access any of your clients over standard protocols like VNC, RDP, SSH, TELNET, and more. Join me in this step by step tutorial as we set up a self-hosted version of Guacamole in your homelab. As an added bonus, we'll set up 2FA (multifactor authentication) to help secure Guacamole. Oh, yeah, and we'll do this all in Docker and or Kubernetes, it's up to you! :) + +[Watch Video](https://www.youtube.com/watch?v=LWdxhZyHT_8) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-09-26-guacamole-remote-access-gateway.md:Zone.Identifier b/_posts/2020-09-26-guacamole-remote-access-gateway.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-10-03-broadlink-control.md b/_posts/2020-10-03-broadlink-control.md new file mode 100644 index 0000000..db1adec --- /dev/null +++ b/_posts/2020-10-03-broadlink-control.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "I Built Something for Your Homelab..." +date: 2020-10-03 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker portainer broadlink iot hardware +--- + +[![I Built Something for Your Homelab...](https://img.youtube.com/vi/4MJW29mR-Xc/0.jpg)](https://www.youtube.com/watch?v=4MJW29mR-Xc "I Built Something for Your Homelab...") + +I am betting you have at least 3 infrared remote controls in your house. I am also willing to be you would love to automate some of these from time to time. Well don't worry I have the solution for you! In this video we walk through setting up a self-hosted /local only Broadlink Wifi Smart Home Hub that you can use within your own home without connecting to the cloud. Added bonus, I built a Docker container you can pull down and add to your Rancher, Portainer, Synology, QNAP, or any server running Docker or Kubernetes. This includes a python backend and API as well as a ReactJS frontend so that you can discover, learn, and send commands from the web UI or even from the web API. I hope you enjoy it! + +[Watch Video](https://www.youtube.com/watch?v=4MJW29mR-Xc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-10-03-broadlink-control.md:Zone.Identifier b/_posts/2020-10-03-broadlink-control.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-10-10-gpu-passthrough-linux.md b/_posts/2020-10-10-gpu-passthrough-linux.md new file mode 100644 index 0000000..18bf5c8 --- /dev/null +++ b/_posts/2020-10-10-gpu-passthrough-linux.md @@ -0,0 +1,120 @@ +--- +layout: post +title: "I Heard You Like GPUs in Servers... GPU Passthrough on Linux and Docker" +date: 2020-10-10 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes docker portainer nvidia hardware +--- + +[![I Heard You Like GPUs in Servers... GPU Passthrough on Linux and Docker](https://img.youtube.com/vi/9OfoFAljPn4/0.jpg)](https://www.youtube.com/watch?v=9OfoFAljPn4 "I Heard You Like GPUs in Servers... GPU Passthrough on Linux and Docker") + +We've already figured out how to pass through a GPU to Windows machine but why let Windows have all the fun? Today, we do it on an Ubuntu headless server that's virtualized, run some AI and Deep Learning workloads, then turn up the transcoding on Plex to 11. + +[Watch Video](https://www.youtube.com/watch?v=9OfoFAljPn4) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +```na +88 88 +88 "" +88 +88,dPPYba, 88 8b,dPPYba, ,adPPYb,d8 ,adPPYba, +88P' "8a 88 88P' `"8a a8" `Y88 a8" "8a +88 d8 88 88 88 8b 88 8b d8 +88b, ,a8" 88 88 88 "8a, ,d88 "8a, ,a8" +8Y"Ybbd8"' 88 88 88 `"YbbdP"Y8 `"YbbdP"' + aa, ,88 + "Y8bbdP" +``` + +If you need to passthrough a GPU, follow [this guide](https://docs.technotim.live/posts/gpu-passthrough/) but install Ubuntu instead. + +## Proxmox + +Shut down your VM in proxmox, edit your conf file, it should be here (note, change path to your VM's ID) + +`/etc/pve/qemu-server/100.conf` + +add `cpu: host,hidden=1,flags=+pcid` to that file + +start the server. + +## Linux Guest + +```bash +sudo apt-get update + +sudo apt-get upgrade + +sudo apt-get install qemu-guest-agent # this is optional if you are virtualizing this machine + +sudo apt-get install build-essential # build-essential is required for nvidia drivers to compile + +sudo apt install --no-install-recommends nvidia-cuda-toolkit nvidia-headless-450 nvidia-utils-450 libnvidia-encode-450 +``` + +Then reboot. + +Then install `nvtop` + +```bash +sudo apt-get install nvtop +``` + +## tensorflow workload + +```bash +nvidia-docker run --rm -ti tensorflow/tensorflow:r0.9-devel-gpu +``` + +## Rancher / Kubernetes + +In your Rancher server (or kubernetes host) + +```bash +distribution=$(. /etc/os-release;echo $ID$VERSION_ID) + +curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add - + +curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list + +sudo apt-get update && sudo apt-get install -y nvidia-container-toolkit + +sudo apt-get install nvidia-container-runtime +``` + +update `daemon.json` + +```bash +sudo nano /etc/docker/daemon.json +``` + +Replace with: + +```json +{ + "default-runtime": "nvidia", + "runtimes": { + "nvidia": { + "path": "/usr/bin/nvidia-container-runtime", + "runtimeArgs": [] + } + } +} +``` + +Install one more util for nvidia: + +```bash +sudo apt-get install -y nvidia-docker2 +``` + +Reboot + +Then, using `kubectl` on your kubernetes / rancher host + +```bash +kubectl create -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/master/nvidia-device-plugin.yml +``` diff --git a/_posts/2020-10-10-gpu-passthrough-linux.md:Zone.Identifier b/_posts/2020-10-10-gpu-passthrough-linux.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-10-17-migrate-database-docker-kubernetes.md b/_posts/2020-10-17-migrate-database-docker-kubernetes.md new file mode 100644 index 0000000..1caf512 --- /dev/null +++ b/_posts/2020-10-17-migrate-database-docker-kubernetes.md @@ -0,0 +1,37 @@ +--- +layout: post +title: "Migrate Your Databases to Kubernetes and Docker" +date: 2020-10-17 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker self-hosted mysql database portainer +--- + +[![Migrate Your Databases to Kubernetes and Docker](https://img.youtube.com/vi/jZvnkf_HgcY/0.jpg)](https://www.youtube.com/watch?v=jZvnkf_HgcY "Migrate Your Databases to Kubernetes and Docker") + +Have you been putting off migrating your database to Docker and Kubernetes like I have? Well wait no longer. It's simple using this step-by-step tutorial. Today, we'll move a database that's on a virtual machine to a container that's running in kubernetes. Oh yeah, this will also work if it's a bare metal server too, duh. 🙂 + +[Watch Video](https://www.youtube.com/watch?v=jZvnkf_HgcY) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +`mysql_backup.sh` + +```shell +#! /bin/bash + +BACKUP_DIR="/home" +MYSQL_USER="root" +MYSQL=/usr/bin/mysql +MYSQL_PASSWORD="your my sql password" +MYSQLDUMP=/usr/bin/mysqldump +MYSQL_HOST="mysql" +MYSQL_PORT="3306" + +databases=`$MYSQL --user=$MYSQL_USER --host $MYSQL_HOST --port $MYSQL_PORT -p$MYSQL_PASSWORD -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)"` + +for db in $databases; do + $MYSQLDUMP --host $MYSQL_HOST --port $MYSQL_PORT --force --opt --user=$MYSQL_USER -p$MYSQL_PASSWORD --databases $db | gzip > "$BACKUP_DIR/$db.gz" +done +``` diff --git a/_posts/2020-10-17-migrate-database-docker-kubernetes.md:Zone.Identifier b/_posts/2020-10-17-migrate-database-docker-kubernetes.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-10-24-home-network-upgrade.md b/_posts/2020-10-24-home-network-upgrade.md new file mode 100644 index 0000000..bf7498c --- /dev/null +++ b/_posts/2020-10-24-home-network-upgrade.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Huge Network Upgrade for My Homelab" +date: 2020-10-24 09:00:00 -0500 +categories: homelab +tags: homelab network hardware unifi +--- + +[![Huge Network Upgrade for My Homelab](https://img.youtube.com/vi/sWvEiVM9Yfw/0.jpg)](https://www.youtube.com/watch?v=sWvEiVM9Yfw "Huge Network Upgrade for My Homelab") + +I decided to give my Home Lab a proper upgrade for 2020 and in to 2021! I finally took the plunge and went all in with a UniFi UDM Pro and a UniFi Switch PRO 24 PoE switch and they are awesome! + +[Watch Video](https://www.youtube.com/watch?v=sWvEiVM9Yfw) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-10-24-home-network-upgrade.md:Zone.Identifier b/_posts/2020-10-24-home-network-upgrade.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-10-31-fist-13-things-linux.md b/_posts/2020-10-31-fist-13-things-linux.md new file mode 100644 index 0000000..20557ae --- /dev/null +++ b/_posts/2020-10-31-fist-13-things-linux.md @@ -0,0 +1,241 @@ +--- +layout: post +title: "Before I do anything on Linux, I do these first..." +date: 2020-10-31 09:00:00 -0500 +categories: homelab +tags: homelab linux ubuntu +--- + +[![Before I do anything on Linux, I do these first...](https://img.youtube.com/vi/ZsjK4VDopiE/0.jpg)](https://www.youtube.com/watch?v=ZsjK4VDopiE "Before I do anything on Linux, I do these first...") + +After setting up my Linux servers, there are a few things I do before I use them for their intended purpose. This ranges from security, to tools, to config. Join me as we set up our first Linux server in this tutorial and walk through setting it up proper (and maybe some bonus items sprinkled in). + +[Watch Video](https://www.youtube.com/watch?v=ZsjK4VDopiE) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Update + +```bash +sudo apt-get update + +sudo apt-get upgrade +``` + +Reconfigure unattended-upgrades + +```bash +sudo dpkg-reconfigure --priority=low unattended-upgrades +``` + +Verify unattended upgrades configuration file in your text editor of choice + +```bash +/etc/apt/apt.conf.d/20auto-upgrades +``` + +To disable automatic reboots by the automatic upgrades configuration edit the following file: + +```bash +/etc/apt/apt.conf.d/50unattended-upgrades +``` + +and uncomment the following line by removing the leading slashes: + +```bash +//Unattended-Upgrade::Automatic-Reboot "false"; +``` + +## Account + +add user + +```bash +sudo adduser someuser +``` + +add to sudoers + +```bash +sudo usermod -aG sudo someuser +``` + +## SSH Server + +install + +```bash +sudo apt-get install openssh-server +``` + +copy key from client to server + +```bash +ssh-copy-id someuser@192.168.0.100 +``` + +switch to key based auth + +```bash +sudo nano /etc/ssh/sshd_config +``` + +Add these attributes + +```bash +PasswordAuthentication no +ChallengeResponseAuthentication no +``` + +## Networking + +static IP + +`sudo nano /etc/netplan/01-netcfg.yaml` + +```yml +network: + version: 2 + renderer: networkd + ethernets: + ens18: + dhcp4: no + addresses: + - 192.168.0.222/24 + gateway4: 192.168.0.1 + nameservers: + addresses: [192.168.0.4] +``` + +## Install `oh-my-zsh` + +```bash +sudo apt-get update +sudo apt-get install zsh +sudo apt-get install powerline fonts-powerline + +sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" +``` + +## Fix LVM + +```bash +sudo lvm +``` + +```bash +lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv +``` + +```bash +exit +``` + +```bash +sudo resize2fs /dev/ubuntu-vg/ubuntu-lv +``` + +## hostname + +```bash +sudo hostnamectl set-hostname +``` + +```bash +sudo nano /etc/hosts +``` + +## Time Zone + +Check time zone: + +```bash +timedatectl +``` + +Change time zone: + +```bash +sudo timedatectl set-timezone +``` + +You can also use if you want a menu. + +```bash +sudo dpkg-reconfigure tzdata +``` + +## NTP Time + +```bash +sudo nano /etc/systemd/timesyncd.conf +``` + +```conf +NTP=192.168.0.4 +``` + +```bash +sudo timedatectl set-ntp off +``` + +```bash +sudo timedatectl set-ntp on +``` + +## install kvm agent + +```bash +sudo apt-get install qemu-guest-agent +``` + +## firewall + +```bash +sudo ufw default deny incoming +``` +```bash +sudo ufw default allow outgoing +``` + +```bash +sudo ufw allow ssh +``` + +```bash +sudo ufw enable +``` + +## fail2ban + +```bash +sudo apt-get install fail2ban +``` + +```bash +sudo cp /etc/fail2ban/fail2ban.{conf,local} +``` + +```bash +sudo cp /etc/fail2ban/jail.{conf,local} +``` + +```bash +sudo nano /etc/fail2ban/jail.local +``` + +```conf +backend = systemd +``` + +check status + +```bash +sudo fail2ban-client status +``` + +```bash +sudo fail2ban-client status sshd +``` diff --git a/_posts/2020-10-31-fist-13-things-linux.md:Zone.Identifier b/_posts/2020-10-31-fist-13-things-linux.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-11-04-nextcloud-setup.md b/_posts/2020-11-04-nextcloud-setup.md new file mode 100644 index 0000000..1b586a9 --- /dev/null +++ b/_posts/2020-11-04-nextcloud-setup.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "I think I found a Dropbox replacement with Nextcloud..." +date: 2020-11-07 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker self-hosted nextcloud portainer +--- + +[![I think I found a Dropbox replacement with Nextcloud...](https://img.youtube.com/vi/nt__J9Yr8_w/0.jpg)](https://www.youtube.com/watch?v=nt__J9Yr8_w "I think I found a Dropbox replacement with Nextcloud...") + +Are you thinking about ditching Google apps or looking for a Dropbox replacement? Are you ready to self host your own productivity platform? Well, Nextcloud may be for you! In today's tutorial we'll walk though setting up Nextcloud with Docker and Kubernetes. We'll also walk through some of the new features, installing apps from the app store, exposing this Nextcloud publicly, as well as setting up 2FA (2 factor authentication) with TOTP clients like Google Authenticator and Authy. + +[Watch Video](https://www.youtube.com/watch?v=nt__J9Yr8_w) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-11-04-nextcloud-setup.md:Zone.Identifier b/_posts/2020-11-04-nextcloud-setup.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-11-14-wiregaurd-setup.md b/_posts/2020-11-14-wiregaurd-setup.md new file mode 100644 index 0000000..2135d55 --- /dev/null +++ b/_posts/2020-11-14-wiregaurd-setup.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "Meet WireGuard, the new hotness in VPN..." +date: 2020-11-14 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker wireguard self-hosted vpn portainer +--- + +[![Meet WireGuard, the new hotness in VPN...](https://img.youtube.com/vi/xlyTCuWqDOg/0.jpg)](https://www.youtube.com/watch?v=xlyTCuWqDOg "Meet WireGuard, the new hotness in VPN...") + +Self hosting a VPN has traditionally been hard to set up and we've had very few options. That is until WireGuard came about. WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It also supports running inside of a Docker container and that's exactly what we'll be using in this tutorial! + +[Watch Video](https://www.youtube.com/watch?v=xlyTCuWqDOg) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-11-14-wiregaurd-setup.md:Zone.Identifier b/_posts/2020-11-14-wiregaurd-setup.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-11-21-1u-server-upgrade.md b/_posts/2020-11-21-1u-server-upgrade.md new file mode 100644 index 0000000..a5e4639 --- /dev/null +++ b/_posts/2020-11-21-1u-server-upgrade.md @@ -0,0 +1,17 @@ +--- +layout: post +title: "My HUGE (but small) 1U Server Upgrade" +date: 2020-11-21 09:00:00 -0500 +categories: homelab +tags: homelab hardware +--- + +[![My HUGE (but small) 1U Server Upgrade](https://img.youtube.com/vi/CMu5gsWKc9Y/0.jpg)](https://www.youtube.com/watch?v=CMu5gsWKc9Y "My HUGE (but small) 1U Server Upgrade") + +I've been making great use of some older, bigger servers but I decided to try and build, upgrade, and migrate to some 1U servers. Join me as we unbox and build my 2 new virtualization servers! + +[Watch Video](https://www.youtube.com/watch?v=CMu5gsWKc9Y) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2020-11-21-1u-server-upgrade.md:Zone.Identifier b/_posts/2020-11-21-1u-server-upgrade.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-11-28-first-11-things-proxmox.md b/_posts/2020-11-28-first-11-things-proxmox.md new file mode 100644 index 0000000..99e6c20 --- /dev/null +++ b/_posts/2020-11-28-first-11-things-proxmox.md @@ -0,0 +1,202 @@ +--- +layout: post +title: "Before I do anything on Proxmox, I do this first..." +date: 2020-11-28 09:00:00 -0500 +categories: proxmox +tags: homelab proxmox homelab +--- + +[![Before I do anything on Proxmox, I do this first...](https://img.youtube.com/vi/GoZaMgEgrHw/0.jpg)](https://www.youtube.com/watch?v=GoZaMgEgrHw "Before I do anything on Proxmox, I do this first...") + +After setting up my Proxmox servers, there are a few things I do before I use them for their intended purpose. This ranges from updates, to storage, to networking and VLANS, to uploading ISOs, to clustering, and more. Join me as we pick up where the rest of the proxmox tutorials stop, and that's everything you need to do to make these production ready (and maybe a bonus item too). + +[Watch Video](https://www.youtube.com/watch?v=GoZaMgEgrHw) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Updates + +Edit `/etc/apt/sources.list` + +### Proxmox Version 6.X + +```bash +deb http://ftp.us.debian.org/debian buster main contrib + +deb http://ftp.us.debian.org/debian buster-updates main contrib + +# security updates +deb http://security.debian.org buster/updates main contrib + +# not for production use +deb http://download.proxmox.com/debian buster pve-no-subscription +``` + +### Proxmox Version 7.X + +(for a full guide on Proxmox 7, please [see this link](https://docs.technotim.live/posts/proxmox-7/)) + +```bash +deb http://ftp.debian.org/debian bullseye main contrib + +deb http://ftp.debian.org/debian bullseye-updates main contrib + +# security updates +deb http://security.debian.org/debian-security bullseye-security main contrib + +# PVE pve-no-subscription repository provided by proxmox.com, +# NOT recommended for production use +deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription +``` + +Edit `/etc/apt/sources.list.d/pve-enterprise.list` + +```bash +# deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise +``` + +Run + +```bash +apt-get update +``` + +```bash +apt dist-upgrade +``` + +```bash +reboot +``` + +## Storage + +BE CAREFUL. This will wipe your disks. + +```bash +fdisk /dev/sda +``` + +Then P for partition, then D for delete, then W for write. + +## Check SMART Monitoring + +```bash +smartctl -a /dev/sda +``` + +## IOMMU (PCI Passthrough) + +See [Proxmox PCI Passthrough](https://pve.proxmox.com/wiki/Pci_passthrough) + +`nano /etc/default/grub` + +```bash +GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on" +``` + +`update-grub` + +Edit `/etc/modules` + +```bash +vfio +vfio_iommu_type1 +vfio_pci +vfio_virqfd +``` + +`update-initramfs -u -k all` + +`reboot` + +## VLAN Aware + +If you want to restrict your VLANS + +```bash +nano /etc/network/interfaces +``` + +Set your VLAN here + +```bash +bridge-vlan-aware yes +bridge-vids 20 +``` + +## NIC Team Example + +```bash +nano /etc/network/interfaces +``` + +```conf +auto eno1 +iface eno1 inet manual + +auto eno2 +iface eno2 inet manual + +auto bond0 +iface bond0 inet manual + bond-slaves eno1 eno2 + bond-miimon 100 + bond-mode 802.3ad + bond-xmit-hash-policy layer2+3 + +auto vmbr0 +iface vmbr0 inet static + address 192.168.0.11/24 + gateway 192.168.0.1 + bridge-ports bond0 + bridge-stp off + bridge-fd 0 + bridge-vlan-aware yes + bridge-vids 2-4094 +#lacp nic team +``` + +**If you're running Proxmox 7, see the modified [config here](https://docs.technotim.live/posts/proxmox-7/) for LAGG / LACP** + +## Cloning + +These are the commands I run after cloning a Linux machine so that it resets all information for the machine it was cloned from. + +(Note: If you use cloud-init-aware OS images as described under *Cloud-Init Support* on https://pve.proxmox.com/pve-docs/chapter-qm.html, these steps won't be necessary!) + +change hostname + +```bash +sudo nano /etc/hostname +``` + +* find your hostname and change it + +change hosts file + +* find your hostname and change it + +```bash +sudo nano /etc/hosts +``` + +reset machine ID + +```bash +rm -f /etc/machine-id /var/lib/dbus/machine-id +dbus-uuidgen --ensure=/etc/machine-id +dbus-uuidgen --ensure +``` + +regenerate ssh keys + +```bash +regen ssh keys +sudo rm /etc/ssh/ssh_host_* +sudo dpkg-reconfigure openssh-server +``` + +reboot diff --git a/_posts/2020-11-28-first-11-things-proxmox.md:Zone.Identifier b/_posts/2020-11-28-first-11-things-proxmox.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-12-12-ha-pi-hold-gravity-sync.md b/_posts/2020-12-12-ha-pi-hold-gravity-sync.md new file mode 100644 index 0000000..481905a --- /dev/null +++ b/_posts/2020-12-12-ha-pi-hold-gravity-sync.md @@ -0,0 +1,42 @@ +--- +layout: post +title: "High Availability Pi-Hole? Yes please!" +date: 2020-12-12 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker portainer self-hosted pi-hole gravity-sync keepalived +--- + +[![High Availability Pi-Hole? Yes please!](https://img.youtube.com/vi/IFVYe3riDRA/0.jpg)](https://www.youtube.com/watch?v=IFVYe3riDRA "High Availability Pi-Hole? Yes please!") + +Dear Pi-Hole, +We love your product. It keeps our network safe from malware and other unwanted domains. While we love what is there so far, please add a feature to your core product to keep multiple servers in sync and provide high availability DNS to our whole entire network. Then, we won't have people asking us "Is the internet down?" every time we reboot our Pi-Hole server. + +Until then, we will use Gravity Sync. + +Sincerely, + +Techno Tim (and probably thousands of other lovers of Pi-Hole). + +P.S. Keep up the good work! + +Thank you Gravity Sync! + +(don't forget to star the repo!) + +[https://github.com/vmstan/gravity-sync](https://github.com/vmstan/gravity-sync) + +Great Raspberry Pi - Pi-Hole Servers! + +► Raspberry Pi Zero W Kit - [https://amzn.to/3qOl9yS](https://amzn.to/3qOl9yS) + +► Raspberry Pi 4 Kit - [https://amzn.to/3nophDm](https://amzn.to/3nophDm) + +[Watch Video](https://www.youtube.com/watch?v=IFVYe3riDRA) +See all the hardware I recommend at + + +If you're looking to have your PiHole instances failover automatically, be sure to check out the documentation on `keepalived` + +[Meet keepalived - High Availability and Load Balancing in One](https://docs.technotim.live/posts/keepalived-ha-loadbalancer/) + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. diff --git a/_posts/2020-12-12-ha-pi-hold-gravity-sync.md:Zone.Identifier b/_posts/2020-12-12-ha-pi-hold-gravity-sync.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-12-19-rancher-ha-install.md b/_posts/2020-12-19-rancher-ha-install.md new file mode 100644 index 0000000..13758ae --- /dev/null +++ b/_posts/2020-12-19-rancher-ha-install.md @@ -0,0 +1,167 @@ +--- +layout: post +title: "High Availability Rancher on kubernetes" +date: 2020-12-19 09:00:00 -0500 +categories: kubernetes rancher +tags: homelab rancher kubernetes k3s +--- + +[![High Availability Rancher on kubernetes](https://img.youtube.com/vi/APsZJbnluXg/0.jpg)](https://www.youtube.com/watch?v=APsZJbnluXg "High Availability Rancher on kubernetes") + +Are you running Kubernetes in your homelab or in the enterprise? +Do you want an easy way to manage and create Kubernetes clusters? +Join me as we walk through installing Rancher on an existing high availability k3s cluster in this step-by-step tutorial. + +We install Rancher, configure a load balancer, install and configure helm, install cert-manager, configure Rancher, walk through the GUI, scale up our cluster, and set up a health check and liveness check! Join me, it's easy in this straightforward guide. + +[Watch Video](https://www.youtube.com/watch?v=APsZJbnluXg) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## install + +**Note:** +It's advised you consult the [Rancher Support Matrix](https://rancher.com/support-maintenance-terms/all-supported-versions) +to get the recommended version for all Rancher dependencies. + +[https://rancher.com/docs/rancher/v2.x/en/installation/install-rancher-on-k8s/#1-install-the-required-cli-tools](https://rancher.com/docs/rancher/v2.x/en/installation/install-rancher-on-k8s/#1-install-the-required-cli-tools) + +`kubectl` + +install `helm` + +```bash +curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash +``` + +add `helm` repo, `stable` + +```bash +helm repo add rancher-stable https://releases.rancher.com/server-charts/stable +``` + +create rancher namespace + +```bash +kubectl create namespace cattle-system +``` + +ssl configuration + +user rancher generated (default) + +install `cert-manager` + +```bash +kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml +``` + +create name-space for `cert-manager` + +```bash +kubectl create namespace cert-manager +``` + +Add the Jetstack Helm repository + + ```bash + helm repo add jetstack https://charts.jetstack.io + ``` + +update helm repo + +```bash +helm repo update +``` + +install `cert-manager` helm chart + +*Note: If you receive an "Error: Kubernetes cluster unreachable" message when installing cert-manager, try copying + +the contents of "/etc/rancher/k3s/k3s.yaml" to "~/.kube/config" to resolve the issue.* + +```bash +helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --version v1.7.1 +``` + +check rollout of cert-manager + +```bash +kubectl get pods --namespace cert-manager +``` + +Be sure each pod is fully running before proceeding + +Install Rancher with Helm + +*Note:If you have ".local" for your private TLD then Rancher will NOT finish the setup within the webUI* + +```bash +helm install rancher rancher-stable/rancher \ + --namespace cattle-system \ + --set hostname=rancher.example.com +``` + +check rollout + +```bash +kubectl -n cattle-system rollout status deploy/rancher +``` + +you should see + +```bash +Waiting for deployment "rancher" rollout to finish: 0 of 3 updated replicas are available... +Waiting for deployment "rancher" rollout to finish: 1 of 3 updated replicas are available... +Waiting for deployment "rancher" rollout to finish: 2 of 3 updated replicas are available... +deployment "rancher" successfully rolled out +``` + +check status + +```bash +kubectl -n cattle-system rollout status deploy/rancher +``` + +you should see + +```log +deployment "rancher" successfully rolled out +``` + +## load balancer + +If you are using `k3s` you can use the `traefik` ingress controller that ships with `k3s` + +run + +```bash +kubectl get svc --all-namespaces -o wide +``` + +look for + +```log +kube-system traefik LoadBalancer 10.43.202.72 192.168.100.10 80:32003/TCP,443:32532/TCP 5d23h app=traefik,release=traefik +``` + +then create a DNS entry for `rancher.example.com 192.168.100.10` + +This can be a host entry on your machine, or a DNS entry in your local DNS system (router, pi hole, etc...) + +otherwise you can use `nginx` + +nginx lb + +[https://rancher.com/docs/rancher/v2.x/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/](https://rancher.com/docs/rancher/v2.x/en/installation/resources/k8s-tutorials/infrastructure-tutorials/nginx/) + +## other considerations + +Separating Rancher Cluster from your User Cluster + +[https://rancher.com/docs/rancher/v2.x/en/overview/architecture-recommendations/#separation-of-rancher-and-user-clusters](https://rancher.com/docs/rancher/v2.x/en/overview/architecture-recommendations/#separation-of-rancher-and-user-clusters) diff --git a/_posts/2020-12-19-rancher-ha-install.md:Zone.Identifier b/_posts/2020-12-19-rancher-ha-install.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-12-21-k3s-ha-install.md b/_posts/2020-12-21-k3s-ha-install.md new file mode 100644 index 0000000..1f7e30d --- /dev/null +++ b/_posts/2020-12-21-k3s-ha-install.md @@ -0,0 +1,203 @@ +--- +layout: post +title: "HIGH AVAILABILITY k3s (Kubernetes) in minutes!" +date: 2020-12-19 09:00:00 -0500 +categories: kubernetes k3s +tags: homelab rancher kubernetes k3s mysql nginx + +--- + +[![HIGH AVAILABILITY k3s (Kubernetes) in minutes!](https://img.youtube.com/vi/UoOcLXfa8EU/0.jpg)](https://www.youtube.com/watch?v=UoOcLXfa8EU "HIGH AVAILABILITY k3s (Kubernetes) in minutes!") + +Are you running Kubernetes in your homelab or in the enterprise? Do you want an easy way to manage and create Kubernetes clusters? Do you want high availability Rancher? Join me as we walk through stalling Rancher on an existing high availability k3s cluster in this step-by-step tutorial. We install Rancher, configure a load balancer, install and configure helm, install cert-manager, configure Rancher, walk through the GUI, scale up our cluster, and set up a health check and liveness check! Join me, it's easy in this straightforward guide. + +[Watch Video](https://www.youtube.com/watch?v=UoOcLXfa8EU) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Load Balancer + +Create a load balancer using `nginx` + +`nginx.conf` + +```conf +#uncomment this next line if you are NOT running nginx in docker +#load_module /usr/lib/nginx/modules/ngx_stream_module.so; + +events {} + +stream { + upstream k3s_servers { + server 192.168.60.20:6443; + server 192.168.60.21:6443; + } + + server { + listen 6443; + proxy_pass k3s_servers; + } +} +``` + +## k3s servers + +On your k3s servers + +```bash +export K3S_DATASTORE_ENDPOINT='mysql://username:password@tcp(database_ip_or_hostname:port)/database' +``` + +*Note: It's advised you consult the [Rancher Support Matrix](https://rancher.com/support-maintenance-terms/all-supported-versions) +to get the recommended version for all Rancher dependencies.* + +then + +```bash +curl -sfL https://get.k3s.io | sh -s - server --node-taint CriticalAddonsOnly=true:NoExecute --tls-san load_balancer_ip_or_hostname +``` + +test with + +```bash +sudo k3s kubectl get nodes +``` + +to add additional servers, get token from first server + +```bash +sudo cat /var/lib/rancher/k3s/server/node-token +``` + +then run the same command but add the token (replace SECRET with token from previous command) + +```bash +curl -sfL https://get.k3s.io | sh -s - server --token=SECRET --node-taint CriticalAddonsOnly=true:NoExecute --tls-san load_balancer_ip_or_hostname +``` + +on agents / workers + +to run without `sudo` + +```bash +sudo chmod 644 /etc/rancher/k3s/k3s.yaml` on the servers +``` + +get token + +```bash +sudo cat /var/lib/rancher/k3s/server/node-token +``` + +## k3s agents / workers + +```bash +curl -sfL https://get.k3s.io | K3S_URL=https://load_balancer_ip_or_hostname:6443 K3S_TOKEN=mynodetoken sh - +``` + +## other + +To install `kubectl` [see this link](https://kubernetes.io/docs/tasks/tools/install-kubectl/) + +`kubeconfig` location on server + +`/etc/rancher/k3s/k3s.yaml` + +```bash +sudo cat /etc/rancher/k3s/k3s.yaml +``` + +copy contents to your dev machine + +`~/.kube/config` + +Be sure to update the `server:` to your load balancer ip or hostname + +## kubernetes dashboard + +check [releases](https://github.com/kubernetes/dashboard/releases) for the command to use. At time or filming it's: + +```bash +kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml +``` + +### Dashboard RBAC Configuration + +`dashboard.admin-user.yml` + +```yml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kubernetes-dashboard +``` + +`dashboard.admin-user-role.yml` + +```yml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: admin-user + namespace: kubernetes-dashboard +``` + +Deploy the `admin-user` configuration: + +(if you're doing this from your dev machine, remove `sudo k3s` and just use `kubectl`) + +```bash +sudo k3s kubectl create -f dashboard.admin-user.yml -f dashboard.admin-user-role.yml +``` + +get bearer token + +```bash +sudo k3s kubectl -n kubernetes-dashboard create token admin-user +``` + +start dashboard locally + +```bash +sudo k3s kubectl proxy +``` + +Then you can sign in at this URL using your token we got in the previous step: + +`http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/` + +here's `testdeploy.yml` you can use + +```yml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysite + labels: + app: mysite +spec: + replicas: 1 + selector: + matchLabels: + app: mysite + template: + metadata: + labels: + app : mysite + spec: + containers: + - name : mysite + image: nginx + ports: + - containerPort: 80 +``` diff --git a/_posts/2020-12-21-k3s-ha-install.md:Zone.Identifier b/_posts/2020-12-21-k3s-ha-install.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2020-12-26-ansible-automation.md b/_posts/2020-12-26-ansible-automation.md new file mode 100644 index 0000000..01f1bcb --- /dev/null +++ b/_posts/2020-12-26-ansible-automation.md @@ -0,0 +1,140 @@ +--- +layout: post +title: "Automate EVERYTHING with Ansible!" +date: 2020-12-26 09:00:00 -0500 +categories: homelab +tags: homelab ansible + +--- + +[![Automate EVERYTHING with Ansible!](https://img.youtube.com/vi/w9eCU4bGgjQ/0.jpg)](https://www.youtube.com/watch?v=w9eCU4bGgjQ "Automate EVERYTHING with Ansible!") + +Ansible. Need I say more? Well, maybe, if you've never heard of it. Ansible is a simple IT automation that anyone can use. You can Automate anything with an SSH conne + +[Watch Video](https://www.youtube.com/watch?v=w9eCU4bGgjQ) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## install + +```bash +sudo apt update +sudo apt install ansible +sudo apt install sshpass +``` + +`hosts` + +```ini +[ubuntu] +server-01 +server-02 +192.168.0.100 +192.168.0.1002 +``` + +## commands + +command with module + +```bash +ansible -i ./inventory/hosts ubuntu -m ping --user someuser --ask-pass +``` + +command with playbook + +```bash +ansible-playbook ./playbooks/apt.yml --user someuser --ask-pass --ask-become-pass -i ./inventory/hosts +``` + +## playbooks + +`apt.yml` + +```yml +- hosts: "*" + become: yes + tasks: + - name: apt + apt: + update_cache: yes + upgrade: 'yes' +``` + +`qemu-guest-agent.yml` + +```yml +- name: install latest qemu-guest-agent + hosts: "*" + tasks: + - name: install qemu-guest-agent + apt: + name: qemu-guest-agent + state: present + update_cache: true + become: true +``` + +`zsh.yml` + +```yml +- name: install latest zsh on all hosts + hosts: "*" + tasks: + - name: install zsh + apt: + name: zsh + state: present + update_cache: true + become: true +``` + +`timezone.yml` + +```yml +- name: Set timezone and configure timesyncd + hosts: "*" + become: yes + tasks: + - name: set timezone + shell: timedatectl set-timezone America/Chicago + + - name: Make sure timesyncd is stopped + systemd: + name: systemd-timesyncd.service + state: stopped + + - name: Copy over the timesyncd config + template: src=../templates/timesyncd.conf dest=/etc/systemd/timesyncd.conf + + - name: Make sure timesyncd is started + systemd: + name: systemd-timesyncd.service + state: started +``` + +`timesyncd.conf` + +```conf +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See timesyncd.conf(5) for details. + +[Time] +NTP=192.168.0.4 +FallbackNTP=time.cloudflare.com +#RootDistanceMaxSec=5 +#PollIntervalMinSec=32 +#PollIntervalMaxSec=2048 +``` diff --git a/_posts/2020-12-26-ansible-automation.md:Zone.Identifier b/_posts/2020-12-26-ansible-automation.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-01-02-longhorn-install.md b/_posts/2021-01-02-longhorn-install.md new file mode 100644 index 0000000..8fab0c4 --- /dev/null +++ b/_posts/2021-01-02-longhorn-install.md @@ -0,0 +1,79 @@ +--- +layout: post +title: "Cloud Native Distributed Storage in Kubernetes with Longhorn" +date: 2021-01-02 09:00:00 -0500 +categories: kubernetes rancher +tags: homelab rancher kubernetes longhorn k3s + +--- + +[![Cloud Native Distributed Storage in Kubernetes with Longhorn](https://img.youtube.com/vi/eKBBHc0t7bc/0.jpg)](https://www.youtube.com/watch?v=eKBBHc0t7bc "Cloud Native Distributed Storage in Kubernetes with Longhorn") + +Storage in Kubernetes is hard, complicated, and messy. Configuring volumes, mounts, and persistent volumes claims and getting it right can be a challenge. It's also challenging to manage that storage and replicate it across all your Kubernetes clusters. It's also been very challenging to do this on bare metal, outside of a cloud provider. That's where Longhorn comes. Longhorn is an open source, a CNCF distributed block storage system for Kubernetes. It comes with a UI, backups, snapshots, cluster disaster recovery, and it does all this with or without Rancher. Rancher is NOT a requirement. + +[Watch Video](https://www.youtube.com/watch?v=eKBBHc0t7bc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Installation + +### Additional Dependencies + +There are some additional dependencies you might want to install on target nodes prior to configuring + +```bash +sudo apt update +sudo apt install nfs-common open-iscsi +#start the service now and on reboot +sudo systemctl enable open-iscsi --now +``` + +## Install Methods + +### Rancher app catalog + +See the app catalog within Rancher + +### Kubectl + +```bash +kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml +``` + +```bash +kubectl get pods \ +--namespace longhorn-system \ +--watch +``` + +See more at [https://longhorn.io/docs/1.0.0/deploy/install/install-with-kubectl](https://longhorn.io/docs/1.0.0/deploy/install/install-with-kubectl) + +### Helm + +helm3 + +```bash +kubectl create namespace longhorn-system +helm install longhorn ./longhorn/chart/ --namespace longhorn-system +``` + +```bash +kubectl -n longhorn-system get pod +``` + +## Taints + +I ended up tainting my storage nodes using this command + +```bash +kubectl taint nodes luna-01 luna-02 luna-03 luna-04 CriticalAddonsOnly=true:NoExecute +kubectl taint nodes luna-01 luna-02 luna-03 luna-04 StorageOnly=true:NoExecute +``` + +Then applying that toleration to Lonhorn in settings + +`StorageOnly=true:NoExecute;CriticalAddonsOnly=true:NoExecute` + +This ensures that the storage nodes won't take on any general workloads and still allow Lonhorn to use these as storage. diff --git a/_posts/2021-01-02-longhorn-install.md:Zone.Identifier b/_posts/2021-01-02-longhorn-install.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-01-09-librespeed.md b/_posts/2021-01-09-librespeed.md new file mode 100644 index 0000000..a51201f --- /dev/null +++ b/_posts/2021-01-09-librespeed.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Self-host your own internet speed test with LibreSpeed!" +date: 2021-01-09 09:00:00 -0500 +categories: self-hosted +tags: homelab rancher kubernetes docker librespeed self-hosted + +--- + +[![Self-host your own internet speed test with LibreSpeed!](https://img.youtube.com/vi/FWhsEsh1P3Y/0.jpg)](https://www.youtube.com/watch?v=FWhsEsh1P3Y "Self-host your own internet speed test with LibreSpeed!") + +Internet speed tests are full of junk, ads, tracking, and some even contain deprecated plug-ins. Who needs this when we can self-host an open source one? LibreSpeed is a lightweight speedtest implemented in JavaScript using XHR requests and web workers. It's fast, feature rich, and supports every modern browser. Say goodbye to those other speed tests and host your own containerized in Docker or Kubernetes today! + +[Watch Video](https://www.youtube.com/watch?v=FWhsEsh1P3Y) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-01-09-librespeed.md:Zone.Identifier b/_posts/2021-01-09-librespeed.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-01-16-home-security-upgrade.md b/_posts/2021-01-16-home-security-upgrade.md new file mode 100644 index 0000000..a94a1f6 --- /dev/null +++ b/_posts/2021-01-16-home-security-upgrade.md @@ -0,0 +1,20 @@ +--- +layout: post +title: "My HUGE Home Security Upgrade" +date: 2021-01-16 09:00:00 -0500 +categories: homelab +tags: homelab unifi protect home-security hardware + +--- + +[![My HUGE Home Security Upgrade](https://img.youtube.com/vi/W9XgDZAezkg/0.jpg)](https://www.youtube.com/watch?v=W9XgDZAezkg "My HUGE Home Security Upgrade") + +I am a huge fan of self hosted home security and I've been doing it for years. I love the idea of being able to check on my home when I am away. Also, I've always kept my video footage on premise (on prem) and never sent it to the cloud. It started way back with a laptop and a webcam and it evolved into self-hosting my own DVR software on a virtual machine with many PoE and wireless cameras... but this became way too much to manage. Well, this is the next evolution of my home security, integrating it into my recently upgraded UniFi network. I wanted to simplify my home security, just like my network, so I decided to pick up some UniFi Protect G3 FLEX cameras and some new UniFi Protect G3 Instant cameras to help secure my home. I also picked up the UniFi Smart Power Plug that will monitor my internet connection and reboot my modem if I lose connection. This is going to be awesome! I hope you enjoy this complete guide to setting up your new UniFi Protect system! + +* Note, everything here was purchased with my own money. 0 outside influence by brands. + +[Watch Video](https://www.youtube.com/watch?v=W9XgDZAezkg) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-01-16-home-security-upgrade.md:Zone.Identifier b/_posts/2021-01-16-home-security-upgrade.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-01-30-3090-machine-learning.md b/_posts/2021-01-30-3090-machine-learning.md new file mode 100644 index 0000000..41697a4 --- /dev/null +++ b/_posts/2021-01-30-3090-machine-learning.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "RTX 3090 for Machine Learning?" +date: 2021-01-30 09:00:00 -0500 +categories: homelab +tags: windows linux homelab machine-learning deep-learning ai nvidia hardware + +--- + +[![RTX 3090 for Machine Learning?](https://img.youtube.com/vi/mDUa5sY4Jeo/0.jpg)](https://www.youtube.com/watch?v=mDUa5sY4Jeo "RTX 3090 for Machine Learning?") + +The NVIDIA RTX 3090 is a beast. We all know it can beat the benchmarks in gaming, but how about machine learning and neural networks? Today we walk through the RTX 3090 and then compile and run Darknet, an open source neural network, on Windows and then Ubuntu Linux and run object detection on pictures, images, and real-time video. You will be amazed at how much more you can get out of your video card than just gaming! + +[Watch Video](https://www.youtube.com/watch?v=mDUa5sY4Jeo) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-01-30-3090-machine-learning.md:Zone.Identifier b/_posts/2021-01-30-3090-machine-learning.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-02-01-deep-learning-my-life.md b/_posts/2021-02-01-deep-learning-my-life.md new file mode 100644 index 0000000..08d15fa --- /dev/null +++ b/_posts/2021-02-01-deep-learning-my-life.md @@ -0,0 +1,20 @@ +--- +layout: post +title: "I ran MY LIFE through a DEEP LEARNING algorithm and here's what came out..." +date: 2021-02-01 09:00:00 -0500 +categories: homelab +tags: windows linux homelab machine-learning deep-learning ai nvidia hardware life + +--- + +[![I ran MY LIFE through a DEEP LEARNING algorithm and here's what came out...](https://img.youtube.com/vi/76bQjX-042U/0.jpg)](https://www.youtube.com/watch?v=76bQjX-042U "I ran MY LIFE through a DEEP LEARNING algorithm and here's what came out...") + +My life, ran against a neural network and detected by Deep Learning. If you'd like to see how this video was generated using ML and Deep Learning, check out the video here: + +[How this video was generated](https://www.youtube.com/watch?v=mDUa5sY4Jeo) + +[Watch Video](https://www.youtube.com/watch?v=76bQjX-042U) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-02-01-deep-learning-my-life.md:Zone.Identifier b/_posts/2021-02-01-deep-learning-my-life.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-02-08-dual-boot-windows-ubuntu.md b/_posts/2021-02-08-dual-boot-windows-ubuntu.md new file mode 100644 index 0000000..a34274f --- /dev/null +++ b/_posts/2021-02-08-dual-boot-windows-ubuntu.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "The Best Way to Dual Boot Windows and Ubuntu" +date: 2021-02-08 09:00:00 -0500 +categories: homelab +tags: windows linux homelab ubuntu + +--- + +[![The Best Way to Dual Boot Windows and Ubuntu](https://img.youtube.com/vi/CWQMYN12QD0/0.jpg)](https://www.youtube.com/watch?v=CWQMYN12QD0 "The Best Way to Dual Boot Windows and Ubuntu") + +Dual booting Windows and Ubuntu Linux can be a pain however there are many benefits do doing this if you do it right. In this tutorial we'll discuss how to dual boot Windows and Ubuntu on your PC or laptop in a few simple steps so that you can take advantage of all the hardware in your "best" machine with full access to your GPU. + +[Watch Video](https://www.youtube.com/watch?v=CWQMYN12QD0) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-02-08-dual-boot-windows-ubuntu.md:Zone.Identifier b/_posts/2021-02-08-dual-boot-windows-ubuntu.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-02-12-ventoy-tutorial.md b/_posts/2021-02-12-ventoy-tutorial.md new file mode 100644 index 0000000..b6fee82 --- /dev/null +++ b/_posts/2021-02-12-ventoy-tutorial.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "How to Create a Multiboot USB with Ventoy Fast, Simple, and Easy Guide" +date: 2021-02-12 09:00:00 -0500 +categories: homelab +tags: windows linux homelab ubuntu ventoy hardware + +--- + +[![How to Create a Multiboot USB with Ventoy Fast, Simple, and Easy Guide](https://img.youtube.com/vi/z1FyoCswwAc/0.jpg)](https://www.youtube.com/watch?v=z1FyoCswwAc "How to Create a Multiboot USB with Ventoy Fast, Simple, and Easy Guide") + +In this quick no fluff video, I will show you how to create a multi-bootable USB drive with Ventoy that can boot all of your ISO, WIM, IMG, VHD, and EFI files. It supports both MBR and GPT partitions. This is the last USB drive you will ever need and you won't ever need to format another one. Ventoy is free and open source. + +[Watch Video](https://www.youtube.com/watch?v=z1FyoCswwAc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-02-12-ventoy-tutorial.md:Zone.Identifier b/_posts/2021-02-12-ventoy-tutorial.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-02-16-handbrake-docker-k8s.md b/_posts/2021-02-16-handbrake-docker-k8s.md new file mode 100644 index 0000000..6bda121 --- /dev/null +++ b/_posts/2021-02-16-handbrake-docker-k8s.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Containerizing HandBrake with Docker and Kubernetes" +date: 2021-02-16 09:00:00 -0500 +categories: self-hosted +tags: rancher kubernetes handbrake docker homelab self-hosted + +--- + +[![Containerizing HandBrake with Docker and Kubernetes](https://img.youtube.com/vi/vyrj6t8xjoQ/0.jpg)](https://www.youtube.com/watch?v=vyrj6t8xjoQ "Containerizing HandBrake with Docker and Kubernetes") + +Handbrake is a fantastic open source transcoder. It allows you to transcode, or convert, your video files into different formats. It has a nice UI that's easy to use and helps you transcode videos very easily. It supports profiles that are optimized for your target devices. And because this is open source and cross compiled, you can run this on Windows, macOS, or Linux... but did you also know you can self host a containerized version of this with Docker and Kubernetes? + +[Watch Video](https://www.youtube.com/watch?v=vyrj6t8xjoQ) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-02-16-handbrake-docker-k8s.md:Zone.Identifier b/_posts/2021-02-16-handbrake-docker-k8s.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-02-19-portainer-update.md b/_posts/2021-02-19-portainer-update.md new file mode 100644 index 0000000..c3dff98 --- /dev/null +++ b/_posts/2021-02-19-portainer-update.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "How to Update Portainer Fast, Simple, and Easy Guide" +date: 2021-02-19 09:00:00 -0500 +categories: portainer +tags: portainer kubernetes homelab docker + +--- + +[![How to Update Portainer Fast, Simple, and Easy Guide](https://img.youtube.com/vi/M365jgJ0O2E/0.jpg)](https://www.youtube.com/watch?v=M365jgJ0O2E" "How to Update Portainer Fast, Simple, and Easy Guide") + +Updating Portainer is easy, if you know how. In this quick no fluff video, I will show you how to update any version of Portainer. This guide can be used for installing it too. Portainer is a container management system for Docker, Kubernetes, Swarm, and Azure ACI. Portainer is free and open source. + +[Watch Video](https://www.youtube.com/watch?v=M365jgJ0O2E) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-02-19-portainer-update.md:Zone.Identifier b/_posts/2021-02-19-portainer-update.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-02-23-windows-terminal-wsl.md b/_posts/2021-02-23-windows-terminal-wsl.md new file mode 100644 index 0000000..cb5d729 --- /dev/null +++ b/_posts/2021-02-23-windows-terminal-wsl.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Windows Terminal and WSL Config Fast, Simple, and Easy Guide" +date: 2021-02-23 09:00:00 -0500 +categories: homelab +tags: homelab wsl terminal zsh windows linux + +--- + +[![ Windows Terminal and WSL Config Fast, Simple, and Easy Guide](https://img.youtube.com/vi/pRoHGWPrJwY/0.jpg)](https://www.youtube.com/watch?v=pRoHGWPrJwY" Windows Terminal and WSL Config Fast, Simple, and Easy Guide") + +Lots of people ask which terminal I use on Windows and how I configure it. It's pretty simple, I use the Microsoft Windows Terminal and it's a fantastic terminal on Windows. It is free and open source. With Windows Terminal, you can install and configure different environments for Windows and Linux. You can choose between Ubuntu or any other WSL 1 or WSL 2 (Windows Subsystem for Linux) environment along with the typical PowerShell and cmd. In this fast, simple, and easy tutorial we'll set up the Windows Terminal, install WSL, then install Ubuntu, and configure Ubuntu with ZSH (zshell) and oh my zsh (0h-my-zsh). Then, you'll know exactly how I configure my Terminal on Windows. *Bonus* Now all your copy pasta commands will work on Windows, macOS, and Linux! + +[Watch Video](https://www.youtube.com/watch?v=pRoHGWPrJwY) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-02-23-windows-terminal-wsl.md:Zone.Identifier b/_posts/2021-02-23-windows-terminal-wsl.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-03-08-rancher-vs-portainer.md b/_posts/2021-03-08-rancher-vs-portainer.md new file mode 100644 index 0000000..2a85a75 --- /dev/null +++ b/_posts/2021-03-08-rancher-vs-portainer.md @@ -0,0 +1,20 @@ +--- +layout: post +title: "Rancher vs. Portainer - Which one should I choose?" +date: 2021-03-08 09:00:00 -0500 +categories: homelab +tags: homelab rancher portainer + +--- + +[![Rancher vs. Portainer - Which one should I choose?](https://img.youtube.com/vi/FFh-k-oI4UQ/0.jpg)](https://www.youtube.com/watch?v=FFh-k-oI4UQ" "Rancher vs. Portainer - Which one should I choose?") + +Rancher vs. Portainer, which one is better" Which one should I choose? Can Portainer manager Kubernetes? Can Rancher manage Kubernetes? We answer all these questions and more in this quick, no fluff video. Side note, this is one of the most asked questions in my live streams. + +Please share this with anyone who asks what a Home Lab is. + +[Watch Video](https://www.youtube.com/watch?v=FFh-k-oI4UQ) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-03-08-rancher-vs-portainer.md:Zone.Identifier b/_posts/2021-03-08-rancher-vs-portainer.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-03-14-multi-arch-k3s-rpi.md b/_posts/2021-03-14-multi-arch-k3s-rpi.md new file mode 100644 index 0000000..71a06f5 --- /dev/null +++ b/_posts/2021-03-14-multi-arch-k3s-rpi.md @@ -0,0 +1,84 @@ +--- +layout: post +title: "Multi-CPU Architecture Kubernetes Cluster with a Raspberry Pi" +date: 2021-03-14 09:00:00 -0500 +categories: kubernetes k3s +tags: raspberry-pi k3s kubernetes homelab hardware + +--- + +[![Multi-CPU Architecture Kubernetes Cluster with a Raspberry Pi](https://img.youtube.com/vi/_xykXkNia-Y/0.jpg)](https://www.youtube.com/watch?v=_xykXkNia-Y" "Multi-CPU Architecture Kubernetes Cluster with a Raspberry Pi") + +[Watch Video](https://www.youtube.com/watch?v=_xykXkNia-Y) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +Building a Multi-architecture CPU Kubernetes cluster is easier than you think with `k3s`. In this video we'll build a Raspberry Pi 4 with an ARM CPU and add it to our existing x86 x64 amd64 CPU Kubernetes cluster. Our foundation will be Ubuntu for ARM, then we'll add `k3s`, and then join it to our cluster. We'll also discuss how this works with Docker images built for specific CPU types. We'll also talk about some build configurations and requirements for your Pi. + +Happy Pi Day! + +```bash +k3s --version +``` + +get `k3s` token from a server + +```bash +sudo cat /var/lib/rancher/k3s/server/node-token +``` + +set `k3s` version (the value you got from `k3s --version`) + +```bash + export INSTALL_K3S_VERSION=v1.20.5+k3s1 +``` + +install `k3s` as an agent using your token from above + +```bash +curl -sfL https://get.k3s.io | K3S_URL=https://example.local.com:6443 K3S_TOKEN=hksadhahdklahkadjhasjdhasdhasjk::server:asljkdklasjdaskdljaskjdlasj sh - +``` + +check all `k3s` nodes from your workstation + +```bash +kubectl get nodes +``` + +get all pods running on a specific node (`elio`) + +```bash +kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=elio +``` + +set a label on a node (`elio`) + +```bash +kubectl label nodes elio cputype=arm +``` + +describe a node (`elio`) + +```bash +kubectl describe node elio +``` + +Example pod spec + +`nginx-pod.yml` + +```yml +apiVersion: v1 +kind: Pod +metadata: + name: nginx +spec: + containers: + - name: nginx + image: nginx + imagePullPolicy: IfNotPresent + nodeSelector: + cputype: arm64 +``` diff --git a/_posts/2021-03-14-multi-arch-k3s-rpi.md:Zone.Identifier b/_posts/2021-03-14-multi-arch-k3s-rpi.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-04-03-rancher-new-ui.md b/_posts/2021-04-03-rancher-new-ui.md new file mode 100644 index 0000000..83794b2 --- /dev/null +++ b/_posts/2021-04-03-rancher-new-ui.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Everything you need to know about the NEW Rancher UI" +date: 2021-04-03 09:00:00 -0500 +categories: kubernetes rancher +tags: k3s rancher kubernetes homelab + +--- + +[![Everything you need to know about the NEW Rancher UI](https://img.youtube.com/vi/2KSZlE4JTuM/0.jpg)](https://www.youtube.com/watch?v=2KSZlE4JTuM" "Everything you need to know about the NEW Rancher UI") + +Today we're going to talk about the new Cluster Explorer in Rancher. The Cluster Explorer is the new fancy user interface that will replace the old Cluster Manager. The new UI contains lots of new areas to explore, from new dashboards to new workload and deployment views, to service discovery, to storage to RBAC, and more. If you've been hesitant to use the new UI, no need to worry, we all have. But hopefully after this you'll switch over like I have done too! + +[Watch Video](https://www.youtube.com/watch?v=2KSZlE4JTuM) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-04-03-rancher-new-ui.md:Zone.Identifier b/_posts/2021-04-03-rancher-new-ui.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-04-10-rancher-monitoring.md b/_posts/2021-04-10-rancher-monitoring.md new file mode 100644 index 0000000..6f47343 --- /dev/null +++ b/_posts/2021-04-10-rancher-monitoring.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "Monitoring Your Kubernetes Cluster with Grafana, Prometheus, and Alertmanager" +date: 2021-04-10 09:00:00 -0500 +categories: kubernetes rancher +tags: k3s rancher kubernetes grafana prometheus homelab + +--- + +[![Monitoring Your Kubernetes Cluster with Grafana, Prometheus, and Alertmanager](https://img.youtube.com/vi/4HIn5SBGjCg/0.jpg)](https://www.youtube.com/watch?v=4HIn5SBGjCg "Monitoring Your Kubernetes Cluster with Grafana, Prometheus, and Alertmanager") + +Today in this step by step guide, we'll set up Grafana, Prometheus, and Alertmanager to monitor your Kubernetes cluster. This can be set up really quickly using helm or the Rancher UI. We'll install and configure, set up some dashboards, and even set up some alerts using Slack. All this and more in this simple to follow, easy tutorial. Setting up Grafana and Prometheus has never been so easy. + +[Watch Video](https://www.youtube.com/watch?v=4HIn5SBGjCg) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-04-10-rancher-monitoring.md:Zone.Identifier b/_posts/2021-04-10-rancher-monitoring.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-04-11-k3s-traefik-rancher.md b/_posts/2021-04-11-k3s-traefik-rancher.md new file mode 100644 index 0000000..9c09473 --- /dev/null +++ b/_posts/2021-04-11-k3s-traefik-rancher.md @@ -0,0 +1,233 @@ +--- +layout: post +title: "Configuring Traefik 2 Ingress for Kubernetes" +date: 2021-04-08 09:00:00 -0500 +categories: kubernetes rancher +tags: homelab rancher kubernetes k3s traefik +--- + +## About + +> *Note: There is an updated tutorial on installing traefik + cert-manager on Kubernetes [here](https://docs.technotim.live/posts/kube-traefik-cert-manager-le/). However, if you want to store your certificates on disk, this tutorial here is perfectly fine.* +{: .prompt-info } + +This guide is for installing `traefik 2` on `k3s`. If you're not using rancher, that's fine, just skip to `Reconfiguring k3s` + +It assumes you have followed: + +* [Fully Automated K3S etcd High Availability Install](https://www.youtube.com/watch?v=CbkEWcUZ7zM) +* (or) [HIGH AVAILABILITY k3s (Kubernetes) in minutes!](https://www.youtube.com/watch?v=UoOcLXfa8EU) +* (if you need rancher) [High Availability Rancher on a Kubernetes Cluster](https://www.youtube.com/watch?v=APsZJbnluXg) + +There is a little bit of "undoing" we'll have to do since k3s ships with `traefik` and Rancher doesn't play well with service load balancer. So, we'll pick up after instaling these two. + +## Reconfigure Rancher + +Make note of your version of Rancher + +Remove Rancher + +```bash +helm uninstall rancher +``` + +Install Rancher + +(replace with version above) + +```bash +helm install rancher rancher-stable/rancher \ + --namespace cattle-system \ + --set hostname=rancher.example.com \ + --version 2.5.6 +``` + +## Reconfiguring k3s + +Get the version of `k3s` that's currently running + +```bash +k3s --version +export INSTALL_K3S_VERSION=v1.20.5+k3s1 +``` + +Run the same command you ran initially to install `k3s` on your servers but add `--disable traefik --disable servicelb` and be sure to set your version. + +example (be sure you are using the right version) + +```bash +export INSTALL_K3S_VERSION=v1.20.5+k3s1 +``` + +```bash +curl -sfL https://get.k3s.io | sh -s - server --node-taint CriticalAddonsOnly=true:NoExecute --tls-san your.load.balancer.ip --write-kubeconfig-mode 644 --disable traefik --disable servicelb +``` + +This should reconfigure your servers. Just run it on all server nodes, not agent nodes. + +## Install Metal LB + +[Metal LB installation](https://metallb.universe.tf/installation/) + +You can follow [Self-Hosting Your Homelab Services with SSL](https://www.youtube.com/watch?v=pAM2GBCDGTo) to get the idea of Metal LB. It's recommended to: + +* Install with [helm](https://metallb.universe.tf/installation/#installation-with-helm) +* Use [Layer2 configuration](https://metallb.universe.tf/configuration/#layer-2-configuration) if you follow this series + +## Exposing Rancher directly to your Metal LB + +It's a good idea to do this until traefik is configured otherwise you won't have access to the Rancher UI + +```bash +kubectl expose deployment rancher -n cattle-system --type=LoadBalancer --name=rancher-lb --port=443 +``` + +Then, you can access Rancher UI after getting external-IP + +```bash +kubectl get service/rancher-lb -n cattle-system +``` + +## Install Traefik 2 + +You can can choose between creating `Ingress` in Rancher or `IngresRoute` with `traefik` + +If you choose `IngressRoute` see [IngressRoute](#exposing-a-service-with-traefik-ingressroute) otherwise continue on. + +* You must have a persistent volume set up already for `acme.json` certificate +* This uses cloudflare, check providers if you want to switch +* This will get wildcard certs +* This is pointed at staging, if you want production be sure comment staging the line (and delete your staging certs) + +We will be installing this into the `kube-system` namespace, which already exists. If you are going to use anther namespace you will need change it everywhere. + +### (Optional) Make sure that persistent volume claim is available + +The dynamic configuration for Traefik is stored in a persistent volume. If you want to persist the certificate, it's better to create one now to claim later. + +To create a persistent volume, it's better to check out [Cloud Native Distributed Storage in Kubernetes with Longhorn](https://www.youtube.com/watch?v=eKBBHc0t7bc). + +If not, just create one from `Rancher UI > Clusters (Choose your cluster) > Storage > Persistent Volume > Add volume` + +### Add `traefik` helm repo and update + +```bash +helm repo add traefik https://helm.traefik.io/traefik +helm repo update +``` + +### Edit & apply ConfigMap + +* Create `traefik-config.yaml` with the contents of `/config/traefik-config.yaml` from [/config](https://github.com/techno-tim/launchpad/tree/master/kubernetes/traefik2-k3s-rancher/config) +* This holds our cloudflare secrets along with a configmap +* Update this file with your values +* Re-check if you have a persistent volume ready to claim +* Apply the config + +```bash +kubectl apply -f traefik-config.yaml +``` + +### Edit & install Traefik helm chart + +* Create `traefik-chart-values.yaml` with the contents of `/config/traefik-chart-values.yaml` from [/config](https://github.com/techno-tim/launchpad/tree/master/kubernetes/traefik2-k3s-rancher/config) +* Update `loadBalancerIP` in `traefik-chart-values.yaml` with your Metal LB IP + +Before running this, be sure you only have one default storage class set. + +If you are using Rancher it is `Cluster > Storage > Storage Classes`. Make sure only one is default. + +* Install Traefik with chart values + +```bash +helm install traefik traefik/traefik --namespace=kube-system --values=traefik-chart-values.yaml +``` + +More configuration value can be add from this [default-value.yaml](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) from Traefik github. + +If all went well, you should now have traefik 2 installed and configured. + +### Check for container logs + +To check if the Traefik instance is running correctly, see the logs: + +```bash +kubectl -n kube-system logs $(kubectl -n kube-system get pods --selector "app.kubernetes.io/name=traefik" --output=name) +``` + +It should be `level=info msg="Configuration loaded from flags."` + +## Traefik Dashboard + +To see all router to Traefik, we can install and expose Traefik Dashboard. + +First you will need `htpassword` to generate a password for your dashboard. + +```bash +sudo apt-get update +sudo apt-get install apache2-utils +``` + +You can then generate one using this, be sure to swap your username and password. + +```bash +htpasswd -nb techno password | openssl base64 +``` + +It should output: + +```bash +dGVjaG5vOiRhcHIxJFRnVVJ0N2E1JFpoTFFGeDRLMk8uYVNaVWNueG41eTAKCg== +``` + +Save this in a secure place, it will be the password you use to access the traefik dashboard. + +Copy `traefik-dashboard-secret.yaml` locally and update it with your credentials. + +Copy `traefik-dashboard-ingressroute.yaml` and update it with your hostname, then apply: + +```bash +kubectl apply -f traefik-dashboard-secret.yaml +kubectl apply -f traefik-dashboard-ingressroute.yaml +``` + +This should create: + +* A secret in Kubernetes cluster name `traefik-dashboard-auth` +* A middleware for Traefik name `traefik-dashboard-basicauth` +* An ingress route for Traefik name `dashboard` + +Check out the Traefik Dashboard with the URL you specify earlier. + +## Exposing a service with traefik and Rancher Ingress + +In Rancher go to Load Balancing + +* create ingress +* choose a host name (service.example.com) +* choose a target (your workload) +* set the port to the exposed port within the container +* go to labels and annotations and add `kubernetes.io/ingress.class` = `traefik-external` +* note, `traefik-external` comes from `--providers.kubernetesingress.ingressclass=traefik-external` in `traefik-chart-values.yml`. If you used something else, you will need to set your label properly. +* when you visit your website (`https://service.example.com`) you should now see a certificate issues. If it's a staging cert, see the note about switching to production in `traefik-chart-values.yaml`. After changing, you will need to delete your certs in storage and reapply that file + +```bash +kubectl delete -n kube-system persistentvolumeclaims acme-json-certs +kubectl apply -f traefik-config.yaml +``` + +## Exposing a service with traefik IngressRoute + +copy the contents of [config-ingress-route/kubernetes](https://github.com/techno-tim/launchpad/tree/master/kubernetes/traefik2-k3s-rancher/config-ingress-route/kubernetes) to your local machine + +then run + +```bash +kubectl apply -f kubernetes +``` + +This will create the deployment, service, and ingress. + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-04-11-k3s-traefik-rancher.md:Zone.Identifier b/_posts/2021-04-11-k3s-traefik-rancher.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-04-17-pi-hole-dns.md b/_posts/2021-04-17-pi-hole-dns.md new file mode 100644 index 0000000..93b4137 --- /dev/null +++ b/_posts/2021-04-17-pi-hole-dns.md @@ -0,0 +1,24 @@ +--- +layout: post +title: "Using Pi-Hole for Local DNS - Fast, Simple, and Easy Guide" +date: 2021-04-17 09:00:00 -0500 +categories: homelab +tags: homelab pi-hole dns self-hosted +--- + +[![Using Pi-Hole for Local DNS - Fast, Simple, and Easy Guide](https://img.youtube.com/vi/kKsHo6r4_rc/0.jpg)](https://www.youtube.com/watch?v=kKsHo6r4_rc "Using Pi-Hole for Local DNS - Fast, Simple, and Easy Guide") + +Pi-Hole is a wonderful ad blocking DNS sever for your network, but did you know you can also use it for a Local DNS server? In this fast, simple, and easy guide we'll walk through how to create DNS Entries (A Records) for the clients on your network and also set up Aliases (pointers to A Records) so that you can start using DNS at home instead of relying on IP addresses. + +[Watch Video](https://www.youtube.com/watch?v=kKsHo6r4_rc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## commands + +```bash +nslookup juno.home.lan # lookup by host name +host 192.168.0.100 # reverse lookup +``` diff --git a/_posts/2021-04-17-pi-hole-dns.md:Zone.Identifier b/_posts/2021-04-17-pi-hole-dns.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-04-17-traefik-portainer-ssl.md b/_posts/2021-04-17-traefik-portainer-ssl.md new file mode 100644 index 0000000..0ebecb1 --- /dev/null +++ b/_posts/2021-04-17-traefik-portainer-ssl.md @@ -0,0 +1,115 @@ +--- +layout: post +title: "Put Wildcard Certificates and SSL on EVERYTHING" +date: 2021-04-24 09:00:00 -0500 +categories: traefik +tags: homelab pi-hole dns traefik portainer ssl self-hosted docker +--- + +[![Put Wildcard Certificates and SSL on EVERYTHING](https://img.youtube.com/vi/liV3c9m_OX8/0.jpg)](https://www.youtube.com/watch?v=liV3c9m_OX8 "Put Wildcard Certificates and SSL on EVERYTHING") + +Today, we're going to use SSL for everything. No more self-sign certs. No more http. No more hosting things on odd ports. We're going all in with SSL for our internal services and our external services too. We going to set up a reverse proxy using Traefik, Portainer, and use that to get wildcard certificates from Let's Encrypt. Join me and let's secure all the things. + +[Watch Video](https://www.youtube.com/watch?v=liV3c9m_OX8) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +> *Looking to do this same thing in Kubernetes? Check out [traefik + cert-manager on Kubernetes](https://docs.technotim.live/posts/kube-traefik-cert-manager-le/)* +{: .prompt-info } + +## Docker Setup + +See [this post](https://docs.technotim.live/posts/docker-compose-install/) on how to install `docker` and `docker-compose` + +## Traefik + +```bash +mkdir traefik +cd traefik +mkdir data +cd data +touch acme.json +chmod 600 acme.json +touch traefik.yml +``` + +`traefik.yml` can be found [here](https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik) + +create docker network + +```bash +docker network create proxy +``` + +```bash +touch docker-compose.yml +``` + +`docker-compose.yml` can be found [here](https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik) + +```bash +cd data +touch config.yml +``` + +```bash +docker-compose up -d +``` + +## Portainer + +```bash +mkdir portainer +cd portainer +touch docker-compose.yml +mkdir data +``` + +`docker-compose.yml` can be found [here](https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/portainer) + +### Generate Basic Auth Password + +```bash +sudo apt update +sudo apt install apache2-utils +``` + +```bash +echo $(htpasswd -nb "" "") | sed -e s/\\$/\\$\\$/g +``` + +NOTE: Replace `` with your username and `` with your password to be hashed. + +Paste the output in your `docker-compose.yml` in line (`traefik.http.middlewares.traefik-auth.basicauth.users=:`) + +#### Spin up the container + +```bash +docker-compose up -d +``` + +## Traefik Routes Config + +```bash +cd traefik/data +nano config.yml +``` + +`config.yml` [here](https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/traefik-portainer-ssl/traefik) + +```bash +docker-compose up -d --force-recreate +``` + +Your folder structure should look like the below, if you are following along with the example. But feel free to make it however you wish just keep in mind you'll need to change the location in the corresponding files. + +``` +./traefik +├── data +│   ├── acme.json +│   ├── config.yml +│   └── traefik.yml +└── docker-compose.yml +``` diff --git a/_posts/2021-04-17-traefik-portainer-ssl.md:Zone.Identifier b/_posts/2021-04-17-traefik-portainer-ssl.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-05-08-pi-hole-blocklists.md b/_posts/2021-05-08-pi-hole-blocklists.md new file mode 100644 index 0000000..f9641af --- /dev/null +++ b/_posts/2021-05-08-pi-hole-blocklists.md @@ -0,0 +1,19 @@ +--- +layout: post +title: "Is adding 3 MILLION domains to your Pi-Hole Block List a good thing?" +date: 2021-05-08 09:00:00 -0500 +categories: homelab +tags: homelab pi-hole dns self-hosted +--- + +[![Is adding 3 MILLION domains to your Pi-Hole Block List a good thing?](https://img.youtube.com/vi/0wpn3rXTe0g/0.jpg)](https://www.youtube.com/watch?v=0wpn3rXTe0g "Is adding 3 MILLION domains to your Pi-Hole Block List a good thing?") + +In some of my previous Pi-Hole videos many of you spotted my blocklist with over a millions sites added and you wondered how you can do the same. Well, today I show you how to block more ads, block more tracking, block more malware, and block more telemetry with these community lists. Bonus (and spoiler alert) I show you how to add 3.5 million! + +Thanks to Firebog for the great lists [firebog.net](https://firebog.net/) + +[Watch Video](https://www.youtube.com/watch?v=0wpn3rXTe0g) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-05-08-pi-hole-blocklists.md:Zone.Identifier b/_posts/2021-05-08-pi-hole-blocklists.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-06-05-authelia-traefik.md b/_posts/2021-06-05-authelia-traefik.md new file mode 100644 index 0000000..f9f6c65 --- /dev/null +++ b/_posts/2021-06-05-authelia-traefik.md @@ -0,0 +1,59 @@ +--- +layout: post +title: "2 Factor Auth and Single Sign on with Authelia" +date: 2021-06-05 09:00:00 -0500 +categories: traefik +tags: authelia homelab traefik portainer ssl docker self-hosted +--- + +[![2 Factor Auth and Single Sign on with Authelia?](https://img.youtube.com/vi/u6H-Qwf4nZA/0.jpg)](https://www.youtube.com/watch?v=u6H-Qwf4nZA "2 Factor Auth and Single Sign on with Authelia?") + +Authelia is an open source Single Sign On and 2FA companion for reverse proxies. It helps you secure your endpoints with single factor and 2 factor auth. It works with Nginx, Traefik, and HA proxy. Today, we'll configure Authelia with Portainer and Traefik and have 2 Factor up and running with brute force protection! + +[Watch Video](https://www.youtube.com/watch?v=u6H-Qwf4nZA) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Traefik + +Authelia will work with other reverse proxies but I used Traefik. If you want to configure Traefik as your reverse proxy see this [guide](https://docs.technotim.live/posts/traefik-portainer-ssl/). + +## Docker Setup + +See [this post](https://docs.technotim.live/posts/docker-compose-install/) on how to install `docker` and `docker-compose` + +## Authelia + +`configuration.yml`, `users_database.yml`, and `docker-compose.yml` can be found [here](https://github.com/techno-tim/launchpad/tree/master/docker/authelia) + +Example `heimdall` can be found here [here](https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/authelia-traefik/heimdall) + +Traefik configuration changes can be found [here](https://github.com/techno-tim/techno-tim.github.io/tree/master/reference_files/authelia-traefik/traefik) + +## Generation a hashed password + +```bash +$ docker run authelia/authelia:latest authelia hash-password 'yourpassword' +Password hash: $argon2id$v=19$m=65536$3oc26byQuSkQqksq$zM1QiTvVPrMfV6BVLs2t4gM+af5IN7euO0VB6+Q8ZFs +``` + +## Files and folders + +```bash +mkdir authelia +cd authelia +mkdir config +cd config +nano configuration.yml +nano users_database.yml +cd .. +nano docker-compose.yml +``` + +### Create Authelia container + +```bash +docker-compose up -d +``` diff --git a/_posts/2021-06-05-authelia-traefik.md:Zone.Identifier b/_posts/2021-06-05-authelia-traefik.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-06-20-webtop-container.md b/_posts/2021-06-20-webtop-container.md new file mode 100644 index 0000000..31d650c --- /dev/null +++ b/_posts/2021-06-20-webtop-container.md @@ -0,0 +1,41 @@ +--- +layout: post +title: "Linux desktop, inside of a container, inside of a browser??? Yes. A Webtop." +date: 2021-06-20 09:00:00 -0500 +categories: self-hosted +tags: homelab traefik portainer docker self-hosted ubuntu webtop +--- + +[![Linux desktop, inside of a container, inside of a browser??? Yes. A Webtop.?](https://img.youtube.com/vi/Gd9bvdkIXOQ/0.jpg)](https://www.youtube.com/watch?v=Gd9bvdkIXOQ "Linux desktop, inside of a container, inside of a browser??? Yes. A Webtop.?") + +Have you ever thought about running a Linux desktop inside of a container? Me neither until I found this awesome project from LinuxServer called Webtops. A webtop is a technology stack that allows you to run Ubuntu or Alpine Linux within a container that is fully accessible from a browser. This allows you to use most Linux features with a container with a fraction of the cost of resources. Join me as we configure one from beginning to end. + +[Watch Video](https://www.youtube.com/watch?v=Gd9bvdkIXOQ) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Docker Setup + +See [this post](https://docs.technotim.live/posts/docker-compose-install/) on how to install `docker` and `docker-compose` + +## Webtop + +`docker-compose.yml` and `.env` can be found [here](https://github.com/techno-tim/launchpad/tree/master/docker/webtop) + +## Files and folders + +```bash +mkdir webtop +cd webtop +mkdir config +cd .. +nano docker-compose.yml +``` + +### Create Webtop container + +```bash +docker-compose up -d +``` diff --git a/_posts/2021-06-20-webtop-container.md:Zone.Identifier b/_posts/2021-06-20-webtop-container.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-07-10-proxmox-7.md b/_posts/2021-07-10-proxmox-7.md new file mode 100644 index 0000000..488ac89 --- /dev/null +++ b/_posts/2021-07-10-proxmox-7.md @@ -0,0 +1,104 @@ +--- +layout: post +title: "Before you upgrade to Proxmox 7, please consider this..." +date: 2021-07-10 14:00:00 -0500 +categories: proxmox +tags: homelab proxmox +--- + +[![Before you upgrade to Proxmox 7, please consider this...](https://img.youtube.com/vi/RCSp6gT7LWs/0.jpg)](https://www.youtube.com/watch?v=RCSp6gT7LWs "Before you upgrade to Proxmox 7, please consider this...") + +As you may know, proxmox is my current choice for a hypervisor. Proxmox 7 is here and comes with a host of new features! In this video we're cover all of the new features in Proxmox 7 as well as how to upgrade your Proxmox server safely. We'll also cover all of the "scary" prompts you get while upgrading as well as some of the ways to make sure your upgrade is successful. So, if you're thinking about upgrading your HomeLab to Proxmox 7, be sure to check this video out first. + +[Watch Video](https://www.youtube.com/watch?v=RCSp6gT7LWs) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Commands + +Check your upgrade status + +```bash +pve6to7 --full +``` + +First, make sure we have the latest packages + +```bash +apt update +apt dist-upgrade +``` + +Update all Debian repositories to Bullseye + +```bash +sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list +``` + +We’ll also need to make sure we comment out any Proxmox ve 6.0 repositories. + +```bash +nano /etc/apt/sources.list +nano /etc/apt/sources.list.d/pve-enterprise.list +``` + +Add Proxmox VE & package Repo + +```bash +echo "deb https://enterprise.proxmox.com/debian/pve bullseye pve-enterprise" > /etc/apt/sources.list.d/pve-enterprise.list +``` + +If you’re using the non-subscription repository (like me) also run + +```bash +sed -i -e 's/buster/bullseye/g' /etc/apt/sources.list.d/pve-install-repo.list +``` + +If you’re running Ceph, you’ll need to run + +```bash +echo "deb http://download.proxmox.com/debian/ceph-octopus bullseye main" > /etc/apt/sources.list.d/ceph.list +``` + +Do the upgrade + +```bash +apt update +apt dist-upgrade +``` + +## network changes + +If you're running LACP / LAGG I found that you need to make some additional changes to your network config. See the comments in the config + +`/etc/network/interfaces` + +```conf +auto lo +iface lo inet loopback + +#auto eno1 <--- I had to comment this out +iface eno1 inet manual + +#auto eno2 <--- I had to comment this out +iface eno2 inet manual + +auto bond0 +iface bond0 inet manual + bond-slaves eno1 eno2 + bond-miimon 100 + bond-mode 802.3ad + bond-xmit-hash-policy layer2+3 + +auto vmbr0 +iface vmbr0 inet static + address 192.168.0.11/24 + gateway 192.168.0.1 + bridge-ports bond0 + bridge-stp off + bridge-fd 0 + bridge-vlan-aware yes + bridge-vids 2-4094 +``` diff --git a/_posts/2021-07-10-proxmox-7.md:Zone.Identifier b/_posts/2021-07-10-proxmox-7.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-07-31-how-i-create-my-content.md b/_posts/2021-07-31-how-i-create-my-content.md new file mode 100644 index 0000000..4e1a3cd --- /dev/null +++ b/_posts/2021-07-31-how-i-create-my-content.md @@ -0,0 +1,18 @@ +--- +layout: post +title: "All the Secrets to Creating My Tech YouTube Channel" +date: 2021-07-31 15:00:00 -0500 +categories: vlog +tags: homelab office youtube content-creation adobe hardware +--- + +[![All the Secrets to Creating My Tech YouTube Channel](https://img.youtube.com/vi/SivkS9Ug5dw/0.jpg)](https://www.youtube.com/watch?v=SivkS9Ug5dw "All the Secrets to Creating My Tech YouTube Channel") + +People have asked how I've been able to create and grow a Tech YouTube channel and what my process is when planning, filming, editing, and producing content. Today we talk about just that. All my secrets unveiled as we celebrate 50,000 subscribers in this behind the scenes look. Thank you so much! + +[Watch Video](https://www.youtube.com/watch?v=SivkS9Ug5dw) + +See all the hardware I recommend at + + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. \ No newline at end of file diff --git a/_posts/2021-07-31-how-i-create-my-content.md:Zone.Identifier b/_posts/2021-07-31-how-i-create-my-content.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-08-14-open-source-linktree-alt.md b/_posts/2021-08-14-open-source-linktree-alt.md new file mode 100644 index 0000000..82a5d1d --- /dev/null +++ b/_posts/2021-08-14-open-source-linktree-alt.md @@ -0,0 +1,123 @@ +--- +layout: post +title: "Self-Hosted, DIY, Open Source Alternative to Linktree" +date: 2021-08-14 11:00:00 -0500 +categories: self-hosted +tags: homelab pi-hole dns littlelink-server portainer self-hosted docker rancher +--- + +[![Self-Hosted, DIY, Open Source Alternative to Linktree](https://img.youtube.com/vi/42SqfI_AjXU/0.jpg)](https://www.youtube.com/watch?v=42SqfI_AjXU "Self-Hosted, DIY, Open Source Alternative to Linktree") + +Meet LittleLink & LittleLink-Server - a DIY, self hosted, and open source alternative to the popular service Linktree. This web site inside of a container allows you to create and host your own web site with all of your social information and links, giving your followers multiple ways to connect with you! In this video we talk about what LittleLink-Server is, what it does, and how to create your own site using this Docker container with only a few environment variables, no knowledge of web development required. Be sure to check the documentation for details! + +[Watch Video](https://www.youtube.com/watch?v=42SqfI_AjXU) + +See all the hardware I recommend at + +(see video description for gear links) + +You can find the LittleLink-Server repo [here](https://github.com/techno-tim/littlelink-server). + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Docker Setup + +See [this post](https://docs.technotim.live/posts/docker-compose-install/) on how to install `docker` and `docker-compose` + +## Running the container + +```bash +mkdir littlelink-server +cd littlelink-server +touch docker-compose.yml +``` + +If you're using Docker compose (see the [GitHub repo](https://github.com/techno-tim/littlelink-server) for the latest file) + +`docker-compose.yml` + +```yml +--- +version: '3' +services: + little-link: + image: ghcr.io/techno-tim/littlelink-server:latest + container_name: littlelink-server + environment: + - META_TITLE=Techno Tim + - META_DESCRIPTION=Techno Tim Link page + - META_AUTHOR=Techno Tim + - THEME=Dark + - FAVICON_URL=https://pbs.twimg.com/profile_images/1286144221217316864/qIAsKOpB_200x200.jpg + - AVATAR_URL=https://pbs.twimg.com/profile_images/1286144221217316864/qIAsKOpB_200x200.jpg + - AVATAR_2X_URL=https://pbs.twimg.com/profile_images/1286144221217316864/qIAsKOpB_400x400.jpg + - AVATAR_ALT=Techno Tim Profile Pic + - NAME=TechnoTim + - BIO=Hey! Just a place where you can connect with me! + - GITHUB=https://l.technotim.live/github + - TWITTER=https://l.technotim.live/twitter + - INSTAGRAM=https://l.technotim.live/instagram + - YOUTUBE=https://l.technotim.live/subscribe + - TWITCH=https://l.technotim.live/twitch/ + - DISCORD=https://l.technotim.live/discord + - TIKTOK=https://l.technotim.live/tiktok + - KIT=https://l.technotim.live/gear + # - FACEBOOK=https://facebook.com + # - FACEBOOK_MESSENGER=https://facebook.com + # - LINKED_IN=https://linkedin.com + # - PRODUCT_HUNT=https://www.producthunt.com/ + # - SNAPCHAT=https://www.snapchat.com/ + # - SPOTIFY=https://www.spotify.com/ + # - REDDIT=https://www.reddit.com/ + # - MEDIUM=https://medium.com + # - PINTEREST=https://www.pinterest.com/ + # - EMAIL=you@example.com + # - EMAIL_ALT=you@example.com + # - SOUND_CLOUD=https://souncloud.com + # - FIGMA=https://figma.com + # - TELEGRAM=https://telegram.org/ + # - TUMBLR=https://www.tumblr.com/ + # - STEAM=https://steamcommunity.com/ + # - VIMEO=https://vimeo.com/ + # - WORDPRESS=https://wordpress.com/ + # - GOODREADS=https://www.goodreads.com/ + # - SKOOB=https://www.skoob.com.br/ + - FOOTER=Thanks for stopping by! + ports: + - 8080:3000 + restart: unless-stopped + security_opt: + - no-new-privileges:true +``` + +If you're running docker only + +Docker command + +```bash +docker run -d \ + --name=littlelink-server \ + -p 8080:3000 \ + -e META_TITLE='Techno Tim' \ + -e META_DESCRIPTION='Techno Tim Link page' \ + -e META_AUTHOR='Techno Tim' \ + -e THEME='Dark' \ + -e FAVICON_URL='https://pbs.twimg.com/profile_images/1286144221217316864/qIAsKOpB_200x200.jpg' \ + -e AVATAR_URL='https://pbs.twimg.com/profile_images/1286144221217316864/qIAsKOpB_200x200.jpg' \ + -e AVATAR_2X_URL='https://pbs.twimg.com/profile_images/1286144221217316864/qIAsKOpB_400x400.jpg' \ + -e AVATAR_ALT='Techno Tim Profile Pic' \ + -e NAME='TechnoTim' \ + -e BIO='Hey! Just a place where you can connect with me!' \ + -e GITHUB='https://l.technotim.live/github' \ + -e TWITTER='https://l.technotim.live/twitter' \ + -e INSTAGRAM='https://l.technotim.live/instagram' \ + -e YOUTUBE='https://l.technotim.live/subscribe' \ + -e TWITCH='https://l.technotim.live/twitch' \ + -e DISCORD='https://l.technotim.live/discord' \ + -e TIKTOK='https://l.technotim.live/tiktok' \ + -e KIT='https://l.technotim.live/gear' \ + --restart unless-stopped \ + ghcr.io/techno-tim/littlelink-server:latest +``` + +If you're using Rancher, Portainer, Open Media Vault, Unraid, or anything else with a GUI, just copy and paste the environment variables above into the form on the web page. diff --git a/_posts/2021-08-14-open-source-linktree-alt.md:Zone.Identifier b/_posts/2021-08-14-open-source-linktree-alt.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-09-03-docker-compose-install.md b/_posts/2021-09-03-docker-compose-install.md new file mode 100644 index 0000000..ab0d7a2 --- /dev/null +++ b/_posts/2021-09-03-docker-compose-install.md @@ -0,0 +1,78 @@ +--- +layout: post +title: "How to Install Docker and Docker Compose" +date: 2021-08-14 11:00:00 -0500 +categories: docker +tags: homelab docker docker-compose +--- + +## Install Docker + +If you have an existing version of Docker install, it might be best to remove it first. See the cleaning up section at the end + +```bash +sudo apt-get update +sudo apt-get install \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg \ + lsb-release +``` + +```bash + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +``` + +```bash + echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +``` + +```bash +sudo apt-get update +sudo apt-get install docker-ce docker-ce-cli containerd.io +``` + +Check Install + +```bash +docker -v +``` + +## Install Docker Compose + +```bash +sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +``` + +```bash +sudo chmod +x /usr/local/bin/docker-compose +``` + +Check Install + +```bash +docker-compose -v +``` + +## Use Docker without sudo + +```bash +sudo usermod -aG docker $USER +``` + +You'll need to log out then back in to apply this + +## Cleaning Up + +If you need to uninstall Docker, run the following + +```bash +sudo apt-get remove docker docker-engine docker.io containerd runc +``` + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. diff --git a/_posts/2021-09-03-docker-compose-install.md:Zone.Identifier b/_posts/2021-09-03-docker-compose-install.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-09-04-meet-file-browser.md b/_posts/2021-09-04-meet-file-browser.md new file mode 100644 index 0000000..660dee7 --- /dev/null +++ b/_posts/2021-09-04-meet-file-browser.md @@ -0,0 +1,56 @@ +--- +layout: post +title: "Meet File Browser, a Small but Mighty Web File Browser" +date: 2021-09-04 10:00:00 -0500 +categories: self-hosted +tags: homelab portainer self-hosted docker rancher file-browser +--- + +[![Meet File Browser, a Small but Mighty Web File Browser](https://img.youtube.com/vi/W2yZ5_sd9Hc/0.jpg)](https://www.youtube.com/watch?v=W2yZ5_sd9Hc "Meet File Browser, a Small but Mighty Web File Browser") + +Meet [File Browser](https://github.com/filebrowser/filebrowser), an open source, self-hosted alternative to services like Dropbox and other web based file browsers. Today we'll configure a containerized version of File Browser and have you up and going in just a few minutes. We'll also walk through creating, editing, moving, copying, and even sharing files and folders so that you get a better understanding about what File Browser is all about. + +[Watch Video](https://www.youtube.com/watch?v=W2yZ5_sd9Hc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Docker Setup + +See [this post](https://docs.technotim.live/posts/docker-compose-install/) on how to install `docker` and `docker-compose` + +## Running the container + +If you're using Docker compose + +```bash +mkdir filebrowser +cd filebrowser +touch docker-compose.yml +nano docker-compose.yml # copy the contents from below +touch filebrowser.db +docker-compose up -d --force-recreate +``` + +`docker-compose.yml` + +```yml +--- +version: '3' +services: + file-browser: + image: filebrowser/filebrowser + container_name: file-browser + user: 1000:1000 + ports: + - 8081:80 + volumes: + - /home/serveradmin/:/srv + - /home/serveradmin/filebrowser/filebrowser.db:/database.db + restart: unless-stopped + security_opt: + - no-new-privileges:true +``` + +If you're using Rancher, Portainer, Open Media Vault, Unraid, or anything else with a GUI, just copy and paste the environment variables above into the form on the web page. diff --git a/_posts/2021-09-04-meet-file-browser.md:Zone.Identifier b/_posts/2021-09-04-meet-file-browser.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-09-25-NUT-server-guide.md b/_posts/2021-09-25-NUT-server-guide.md new file mode 100644 index 0000000..1463353 --- /dev/null +++ b/_posts/2021-09-25-NUT-server-guide.md @@ -0,0 +1,445 @@ +--- +layout: post +title: "Network UPS Tools (NUT) Ultimate Guide" +date: 2021-09-25 10:00:00 -0500 +categories: homelab +tags: homelab nut self-hosted docker ups pdu open-source +--- + +[![Network UPS Tools (NUT) Ultimate Guide](https://img.youtube.com/vi/vyBP7wpN72c/0.jpg)](https://www.youtube.com/watch?v=vyBP7wpN72c "Network UPS Tools (NUT) Ultimate Guide") + +Meet NUT Server, or Network UPS Tools. It's an open UPS networking monitoring tool that runs on many different operating systems and processors. This means you can run the server on Linux, MacOS, or BSD and run the client on Windows, MacOS, Linux, and more. It' perfect for your Pi, server, or desktop. It works with hundreds of UPS devices, PDUs, and many other power management systems. + +This is the ultimate guide to configuring Network UPS Tools (NUT). We cover everything from installing and configuring the server on as Raspberry Pi, configuring the client on Windows and Linux, configure a charting and graphing website to visualize NUT data, spin up an additional web site use Docker, and finally set up monitoring and alerting to automate shutdowns of your machine. + +[https://networkupstools.org/](https://networkupstools.org) + +Also, note to self, don't eat a salad before you record a video.... + +[Watch Video](https://www.youtube.com/watch?v=vyBP7wpN72c) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## NUT UPS Server + +plug in ups + +`lsusb` + +should see something like + +```log +Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub +Bus 001 Device 019: ID 09ae:2012 Tripp Lite +Bus 001 Device 002: ID 2109:3431 VIA Labs, Inc. Hub +Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub +``` + +```bash +sudo apt update +sudo apt install nut nut-client nut-server +``` + +```bash +sudo nut-scanner -U +``` + +should see something like + +tripp lite + +```conf +[nutdev1] + driver = "usbhid-ups" + port = "auto" + vendorid = "09AE" + productid = "2012" + product = "Tripp Lite UPS" + vendor = "Tripp Lite" + bus = "001" +``` + +apc 1500 + +```conf +[nutdev1] + driver = "usbhid-ups" + port = "auto" + vendorid = "051D" + productid = "0002" + product = "Back-UPS XS 1500M FW:947.d10 .D USB FW:d10" + serial = "3xxxxxxxxxxx" + vendor = "Tripp Lite" + bus = "001" +``` + +apc 850 + +```conf +[nutdev3] + driver = "usbhid-ups" + port = "auto" + vendorid = "051D" + productid = "0002" + product = "Back-UPS ES 850G2 FW:931.a10.D USB FW:a" + serial = "3xxxxxxxxxxx" + vendor = "American Power Conversion" + bus = "001" +``` + +`sudo nano /etc/nut/ups.conf` + +```conf +pollinterval = 1 +maxretry = 3 + +[tripplite] + driver = usbhid-ups + port = auto + desc = "Tripp Lite 1500VA SmartUPS" + vendorid = 09ae + productid = 2012 + +[apc-network] + driver = usbhid-ups + port = auto + desc = "APC Back-UPS XS 1500" + vendorid = 051d + productid = 0002 + serial = 3xxxxxxxxx + +[apc-modem] + driver = usbhid-ups + port = auto + desc = "APC 850 VA" + vendorid = 051d + productid = 0002 + serial = 3xxxxxxxxx +``` + +`sudo nano /etc/nut/upsmon.conf` + +```log +MONITOR tripplite@localhost 1 admin secret master +MONITOR apc-modem@localhost 1 admin secret master +MONITOR apc-network@localhost 1 admin secret master +``` + +`sudo nano /etc/nut/upsd.conf` + +local host + +```log +LISTEN 127.0.0.1 3493 +``` + +all interface + +```log +LISTEN 0.0.0.0 3493 +``` + +`sudo nano /etc/nut/nut.conf` + +```conf +MODE=netserver +``` + +`sudo nano /etc/nut/upsd.users` + +```conf +[monuser] + password = secret + admin master +``` + +`sudo nano /etc/udev/rules.d/99-nut-ups.rules` + +```conf +SUBSYSTEM!="usb", GOTO="nut-usbups_rules_end" + +# TrippLite +# e.g. TrippLite SMART1500LCD - usbhid-ups +ACTION=="add|change", SUBSYSTEM=="usb|usb_device", SUBSYSTEMS=="usb|usb_device", ATTR{idVendor}=="09ae", ATTR{idProduct}=="2012", MODE="664", GROUP="nut", RUN+="/sbin/upsdrvctl stop; /sbin/upsdrvctl start" + +LABEL="nut-usbups_rules_end" +``` + +reboot (because it's easy) + +or + +```bash +sudo service nut-server restart +sudo service nut-client restart +sudo systemctl restart nut-monitor +sudo upsdrvctl stop +sudo upsdrvctl start +``` + +APC UPS 950 va + +query device by USB bus + +`lsusb -D /dev/bus/usb/001/057` + +```log +Device Descriptor: + bLength 18 + bDescriptorType 1 + bcdUSB 2.00 + bDeviceClass 0 + bDeviceSubClass 0 + bDeviceProtocol 0 + bMaxPacketSize0 64 + idVendor 0x051d American Power Conversion + idProduct 0x0002 Uninterruptible Power Supply + bcdDevice 0.90 + iManufacturer 1 + iProduct 2 + iSerial 3 + bNumConfigurations 1 + Configuration Descriptor: + bLength 9 + bDescriptorType 2 + wTotalLength 0x0022 + bNumInterfaces 1 + bConfigurationValue 1 + iConfiguration 0 + bmAttributes 0xe0 + Self Powered + Remote Wakeup + MaxPower 2mA + Interface Descriptor: + bLength 9 + bDescriptorType 4 + bInterfaceNumber 0 + bAlternateSetting 0 + bNumEndpoints 1 + bInterfaceClass 3 Human Interface Device + bInterfaceSubClass 0 + bInterfaceProtocol 0 + iInterface 0 + HID Device Descriptor: + bLength 9 + bDescriptorType 33 + bcdHID 1.00 + bCountryCode 33 US + bNumDescriptors 1 + bDescriptorType 34 Report + wDescriptorLength 1049 + Report Descriptors: + ** UNAVAILABLE ** + Endpoint Descriptor: + bLength 7 + bDescriptorType 5 + bEndpointAddress 0x81 EP 1 IN + bmAttributes 3 + Transfer Type Interrupt + Synch Type None + Usage Type Data + wMaxPacketSize 0x0008 1x 8 bytes + bInterval 100 +``` + +## NUT CGI Server + +`sudo apt install apache2 nut-cgi` + +`sudo nano /etc/nut/hosts.conf` + +```log +MONITOR tripplite@localhost "Tripp Lite 1500VA SmartUPS - Rack" +MONITOR apc-modem@localhost "APC 850 VA - Wall" +MONITOR apc-network@localhost "APC Back-UPS XS 1500 - Rack" + +``` + +`sudo a2enmod cgi` + +`sudo systemctl restart apache2` + +`sudo nano /etc/nut/upsset.conf` + +```conf +I_HAVE_SECURED_MY_CGI_DIRECTORY +``` + +visit + +[http://your.ip.adddress/cgi-bin/nut/upsstats.cgi](http://your.ip.adddress/cgi-bin/nut/upsstats.cgi) + +## Webnut Docker Container + +```bash +mkdir webnut +cd webnut +nano docker-compose.yml +``` + +paste contents and save + +```conf +version: "3.1" +services: + nut: + image: teknologist/webnut + container_name: webnut + environment: + - UPS_HOST=ip.address.of.nut.server + - UPS_PORT=3493 + - UPS_USER=admin + - UPS_PASSWORD=secret + restart: unless-stopped + security_opt: + - no-new-privileges:true + networks: + - proxy + ports: + - 6543:6543 +networks: + proxy: + external: true +``` + +`docker-compose up -d --force-recreate` + +## Linux NUT Client (remote) + +`sudo apt install nut-client` + +then run + +`upsc` to verify + +verify you can connect + +`upsc tripplite@ip.address.of.server` + +`sudo nano /etc/nut/upsmon.conf` + +```conf +RUN_AS_USER root + +MONITOR apc-modem@ip.address.of.nut.server 1 admin secret slave + +MINSUPPLIES 1 +SHUTDOWNCMD "/sbin/shutdown -h" +NOTIFYCMD /usr/sbin/upssched +POLLFREQ 2 +POLLFREQALERT 1 +HOSTSYNC 15 +DEADTIME 15 +POWERDOWNFLAG /etc/killpower + +NOTIFYMSG ONLINE "UPS %s on line power" +NOTIFYMSG ONBATT "UPS %s on battery" +NOTIFYMSG LOWBATT "UPS %s battery is low" +NOTIFYMSG FSD "UPS %s: forced shutdown in progress" +NOTIFYMSG COMMOK "Communications with UPS %s established" +NOTIFYMSG COMMBAD "Communications with UPS %s lost" +NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding" +NOTIFYMSG REPLBATT "UPS %s battery needs to be replaced" +NOTIFYMSG NOCOMM "UPS %s is unavailable" +NOTIFYMSG NOPARENT "upsmon parent process died - shutdown impossible" + +NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC +NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC +NOTIFYFLAG LOWBATT SYSLOG+WALL +NOTIFYFLAG FSD SYSLOG+WALL+EXEC +NOTIFYFLAG COMMOK SYSLOG+WALL+EXEC +NOTIFYFLAG COMMBAD SYSLOG+WALL+EXEC +NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC +NOTIFYFLAG REPLBATT SYSLOG+WALL +NOTIFYFLAG NOCOMM SYSLOG+WALL+EXEC +NOTIFYFLAG NOPARENT SYSLOG+WALL + +RBWARNTIME 43200 + +NOCOMMWARNTIME 600 + +FINALDELAY 5 +``` + +set net client +`sudo nano /etc/nut/nut.conf` + +`MODE=netclient` + +restart service + +`systemctl restart nut-client` + +check status + +`systemctl status user-client` + +## Windows NUT Client + +[https://github.com/gawindx/WinNUT-Client/releases](https://github.com/gawindx/WinNUT-Client/releases) + +scheduling on the remote system + +`sudo nano /etc/nut/upssched.conf` + +```conf +CMDSCRIPT /etc/nut/upssched-cmd +PIPEFN /etc/nut/upssched.pipe +LOCKFN /etc/nut/upssched.lock + +AT ONBATT * START-TIMER onbatt 30 +AT ONLINE * CANCEL-TIMER onbatt online +AT ONBATT * START-TIMER earlyshutdown 30 +AT LOWBATT * EXECUTE onbatt +AT COMMBAD * START-TIMER commbad 30 +AT COMMOK * CANCEL-TIMER commbad commok +AT NOCOMM * EXECUTE commbad +AT SHUTDOWN * EXECUTE powerdown +AT SHUTDOWN * EXECUTE powerdown +``` + +`sudo nano /etc/nut/upssched-cmd` + +```bash +#!/bin/sh + case $1 in + onbatt) + logger -t upssched-cmd "UPS running on battery" + ;; + earlyshutdown) + logger -t upssched-cmd "UPS on battery too long, early shutdown" + /usr/sbin/upsmon -c fsd + ;; + shutdowncritical) + logger -t upssched-cmd "UPS on battery critical, forced shutdown" + /usr/sbin/upsmon -c fsd + ;; + upsgone) + logger -t upssched-cmd "UPS has been gone too long, can't reach" + ;; + *) + logger -t upssched-cmd "Unrecognized command: $1" + ;; + esac +``` + +make it executable (should already be) + +`chmod +x /etc/nut/upssched-cmd` + +Be sure PIPEFN and LOCKFN point to a folder that esists, I've seen it point to `/etc/nut/upssched/` instead of `/etc/nut` If it does, create the folder or update these variables. +`mkdir /etc/nut/upssched/` + +test + +`systemctl restart nut-client` + +then pull the plug on the ups connected to the master, check syslogs + +`tail /var/log/syslog` + +should see the logs + +machine should shutdown diff --git a/_posts/2021-09-25-NUT-server-guide.md:Zone.Identifier b/_posts/2021-09-25-NUT-server-guide.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-10-03-uptime-kuma.md b/_posts/2021-10-03-uptime-kuma.md new file mode 100644 index 0000000..1a5c3c8 --- /dev/null +++ b/_posts/2021-10-03-uptime-kuma.md @@ -0,0 +1,58 @@ +--- +layout: post +title: "Meet Uptime Kuma, a Fancy Open Source Uptime Monitor for all your HomeLab Monitoring Needs" +date: 2021-10-03 10:00:00 -0500 +categories: self-hosted +tags: homelab uptime-kuma self-hosted docker monitoring alerting open-source +--- + +[![Meet Uptime Kuma, a Fancy Open Source Uptime Monitor for all your HomeLab Monitoring Needs](https://img.youtube.com/vi/r_A5NKkAqZM/0.jpg)](https://www.youtube.com/watch?v=r_A5NKkAqZM "Meet Uptime Kuma, a Fancy Open Source Uptime Monitor for all your HomeLab Monitoring Needs") + +You've spun up lots of self-hosted services in your HomeLab but you haven't set up monitoring and alerting yet. We'll be glad you waited because today well set up Uptime Kuma to do just that. Uptime Kuma is a self-hosted, open source, fancy uptime monitoring and alerting system. It can monitor HTTP, HTTP with keyword, TCP, Ping, and even DNS systems! + +[https://github.com/louislam/uptime-kuma](https://github.com/louislam/uptime-kuma) + +[Watch Video](https://www.youtube.com/watch?v=r_A5NKkAqZM) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Docker Setup + +See [this post](https://docs.technotim.live/posts/docker-compose-install/) on how to install `docker` and `docker-compose` + +## Running the container + +If you're using Docker compose + +```bash +mkdir uptime-kuma +cd uptime-kuma +touch docker-compose.yml +nano docker-compose.yml # copy the contents from below +mkdir data +ls +docker-compose up -d --force-recreate +``` + +`docker-compose.yml` + +```yml +--- +version: "3.1" + +services: + uptime-kuma: + image: louislam/uptime-kuma:1 + container_name: uptime-kuma + volumes: + - /home/serveradmin/docker_volumes/uptime-kuma/data:/app/data + ports: + - 3001:3001 + restart: unless-stopped + security_opt: + - no-new-privileges:true +``` + +If you're using Rancher, Portainer, Open Media Vault, Unraid, or anything else with a GUI, just copy and paste the environment variables, ports, and volumes from above into the form on the web page. diff --git a/_posts/2021-10-03-uptime-kuma.md:Zone.Identifier b/_posts/2021-10-03-uptime-kuma.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-10-22-windows-11-proxmox.md b/_posts/2021-10-22-windows-11-proxmox.md new file mode 100644 index 0000000..9d3dcdd --- /dev/null +++ b/_posts/2021-10-22-windows-11-proxmox.md @@ -0,0 +1,31 @@ +--- +layout: post +title: "Virtualize Windows 11 with Proxmox the Right Way!" +date: 2021-10-22 8:00:00 -0500 +categories: homelab +tags: homelab proxmox windows-11 virtualization +--- + +[![Virtualize Windows 11 with Proxmox the Right Way!](https://img.youtube.com/vi/fupuTkkKPDU/0.jpg)](https://www.youtube.com/watch?v=fupuTkkKPDU "Virtualize Windows 11 with Proxmox the Right Way!") + +Windows 11 is here and with it comes new hardware requirements. These requirements not only affect physical hardware but also virtual hardware too. The TPM 2.0 requirement for Windows 11 is shaking the tech community, HomeLab community, and even virtualization too. Well have no fear, today we're going to virtualize Windows 11 with a virtual TPM chip! We're going to create a virtual machine according to proxmox best practices and even install a virtual TMP chip so that you can test Windows 11 with your hardware and software before upgrading Windows 10 in your HomeLab or production environment without any hacks! + +[Watch Video](https://www.youtube.com/watch?v=fupuTkkKPDU) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Links + +Windows 11 Download + +[https://www.microsoft.com/en-us/software-download/windows11](https://www.microsoft.com/en-us/software-download/windows11) + +KVM/QEMU Windows guest drivers (virtio-win) download + +[https://github.com/virtio-win/virtio-win-pkg-scripts](https://github.com/virtio-win/virtio-win-pkg-scripts) + +Need to Upgrade to Proxmox 7? + +[https://docs.technotim.live/posts/proxmox-7/](https://docs.technotim.live/posts/proxmox-7/) diff --git a/_posts/2021-10-22-windows-11-proxmox.md:Zone.Identifier b/_posts/2021-10-22-windows-11-proxmox.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-11-06-homelab-tour-2021.md b/_posts/2021-11-06-homelab-tour-2021.md new file mode 100644 index 0000000..d0da499 --- /dev/null +++ b/_posts/2021-11-06-homelab-tour-2021.md @@ -0,0 +1,101 @@ +--- +layout: post +title: "Techno Tim HomeLab and NEW Server Room Tour! (Late 2021)" +date: 2021-11-06 8:00:00 -0500 +categories: homelab +tags: homelab hardware +--- + +[![Techno Tim HomeLab and NEW Server Room Tour! (Late 2021)](https://img.youtube.com/vi/u45Z4yGTgs8/0.jpg)](https://www.youtube.com/watch?v=u45Z4yGTgs8 "Techno Tim HomeLab and NEW Server Room Tour! (Late 2021)") + +Well, here it is! My Late 2021 Server Rack and HomeLab tour! This is a special one because I just revamped and remodeled a spot in the basement for my new data center / server room (still picking out a name for it). I've upgraded, replaced, added, and consolidated quite a bit since my last tour! New servers, new networking, new UPS, new Raspberry Pi, and even a whole entire wall of tech gear. I also added lots of automation and IoT devices! Join me as we walk through my server room upgrade! + +[Watch Video](https://www.youtube.com/watch?v=u45Z4yGTgs8) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files + +(Affiliate links are included in this description. I may receive a small commission at no cost to you.) + +## 📦 Gear in this video 📦 + +2u Rack Shelf - [https://amzn.to/2ZVSJKN](https://amzn.to/2ZVSJKN) + +APC 1500VA UP - [https://amzn.to/3GXLJh6](https://amzn.to/3GXLJh6) + +Nest Protect - [https://amzn.to/3BLhc21](https://amzn.to/3BLhc21) + +Hue Iris Light - [https://amzn.to/3ET5Gn8](https://amzn.to/3ET5Gn8) + +Hue Motion & Temp [https://amzn.to/3qb1FXf](https://amzn.to/3qb1FXf) + +Axxtra Power Strip - [https://amzn.to/3qbzIhT](https://amzn.to/3qbzIhT) + +Amazon Power Strip - [https://amzn.to/3mMN16w](https://amzn.to/3mMN16w) + +Wall Control Galvanized Steel Pegboard - [https://amzn.to/3bJ8R4s](https://amzn.to/3bJ8R4s) + +Hue Dimmer Switch - [https://amzn.to/3wj9Sts](https://amzn.to/3wj9Sts) + +Hue Light Strips - [https://amzn.to/3wkkLLD](https://amzn.to/3wkkLLD) + +Hue Smart Bulb Starter Kit - [https://amzn.to/31renqs](https://amzn.to/31renqs) + +Hue Motion & Temp Detection - [https://amzn.to/3o7HOFR](https://amzn.to/3o7HOFR) + +Cloud Lamp - [https://amzn.to/3GZji24](https://amzn.to/3GZji24) + +Pi 4 B - [https://amzn.to/3BTPKzc](https://amzn.to/3BTPKzc) + +PoE Pi Hat - [https://amzn.to/3GUqY5O](https://amzn.to/3GUqY5O) + +Pi Zero - [https://amzn.to/3o4LGap](https://amzn.to/3o4LGap) + +HD Homerun - [https://amzn.to/2ZXxmYS](https://amzn.to/2ZXxmYS) + +Intel NUC - [https://amzn.to/3BKE3uR](https://amzn.to/3BKE3uR) + +24 Port Patch Panel - [https://amzn.to/3GYA4yo](https://amzn.to/3GYA4yo) + +Wall Mount Patch Panel - [https://amzn.to/3o2Axad](https://amzn.to/3o2Axad) + +Slim Network Cables - [https://amzn.to/3kbYV85](https://amzn.to/3kbYV85) + +UniFi Flex Mini - [https://amzn.to/3GXMzKM](https://amzn.to/3GXMzKM) + +UniFi UDM Pro - [https://amzn.to/3GZkanm](https://amzn.to/3GZkanm) + +UniFi 24 Port PoE Gen 2 Switch Pro - [https://amzn.to/3GTmUCX](https://amzn.to/3GTmUCX) + +PC Conversion Case - [https://amzn.to/3qgkFDJ](https://amzn.to/3qgkFDJ) + +18u Server Rack - [https://amzn.to/3kbZdvH](https://amzn.to/3kbZdvH) + +1u Rails - [https://amzn.to/3GSd701](https://amzn.to/3GSd701) + +APC 600 VA UPS - [https://amzn.to/3mMxsM1](https://amzn.to/3mMxsM1) + +NetApp DD4246 Disk Shelf - [https://amzn.to/3o2AOKh](https://amzn.to/3o2AOKh) + +SuperMicro 1u Servers - [https://amzn.to/3q9M7TJ](https://amzn.to/3q9M7TJ) + +8 TB IronWolf NAS Drives - [https://amzn.to/3EQXXGw](https://amzn.to/3EQXXGw) + +## 🚀 Kits 🚀 + +Rackmount Servers - [https://kit.co/technotim/rackmount-home-lab-servers](https://kit.co/technotim/rackmount-home-lab-servers) + +HomeLab Racks - [https://kit.co/technotim/server-rack-homelab](https://kit.co/technotim/server-rack-homelab) + +1u Servers - [https://kit.co/technotim/techno-tim-1u-server](https://kit.co/technotim/techno-tim-1u-server) + +Networking Stack - [https://kit.co/technotim/techno-tim-network-stack](https://kit.co/technotim/techno-tim-network-stack) + +Raspberry Pi with PoE - [https://kit.co/technotim/best-raspberry-pi-with-poe](https://kit.co/technotim/best-raspberry-pi-with-poe) + +Home Security - [https://kit.co/technotim/techno-tim-home-security](https://kit.co/technotim/techno-tim-home-security) + +Storage and Hard Drives - [https://kit.co/technotim/best-ssd-hard-drive-flash-storage](https://kit.co/technotim/best-ssd-hard-drive-flash-storage) + +HomeLab and Server Room Upgrade 2021 - [https://kit.co/technotim/techno-tim-homelab-and-server-room-upgrade-2021](https://kit.co/technotim/techno-tim-homelab-and-server-room-upgrade-2021) diff --git a/_posts/2021-11-06-homelab-tour-2021.md:Zone.Identifier b/_posts/2021-11-06-homelab-tour-2021.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-11-20-grafana-loki-kubernetes.md b/_posts/2021-11-20-grafana-loki-kubernetes.md new file mode 100644 index 0000000..5290d68 --- /dev/null +++ b/_posts/2021-11-20-grafana-loki-kubernetes.md @@ -0,0 +1,133 @@ +--- +layout: post +title: "Installing Grafana Loki with Helm on Kubernetes" +date: 2021-11-20 7:00:00 -0500 +categories: kubernetes +tags: homelab proxmox grafana logging promtail prometheus kubernetes helm +--- + +In my previous video ([Meet Grafana LOKI, a log aggregation system for everything](https://www.youtube.com/watch?v=h_GGd7HfKQ8) and [post](https://docs.technotim.live/posts/grafana-loki/), I promised that I would also explain how to install Granfana Loki on Kubernetes using `helm`. If you're looking to set this up in `docker-compose`, be sure to check out this [video](https://www.youtube.com/watch?v=h_GGd7HfKQ8) + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files + +Don't want to host it yourself? Check out Grafana Cloud and sign up for a free account + + +## Installing helm + +Think of `helm` as a package manager for kubernetes. It'a an easy way to bundle and deploy config to kubernetes with versioning. If you need to install `helm` visit [helm.sh](https://helm.sh/docs/intro/install/) + +## Installing Loki Stack + +First add Loki's chart repository to `helm` + +```bash +helm repo add grafana https://grafana.github.io/helm-charts +``` + +Then update the chart repository + +```bash +helm repo update +``` + +This command will: + +* install grafana +* install prometheus +* install loki +* enable persistence for your stack and create a PVC + +```bash +helm upgrade --install loki grafana/loki-stack --set grafana.enabled=true,prometheus.enabled=true,prometheus.alertmanager.persistentVolume.enabled=false,prometheus.server.persistentVolume.enabled=false,loki.persistence.enabled=true,loki.persistence.storageClassName=nfs-client,loki.persistence.size=5Gi +``` + +You'll want to set `loki.persistence.storageClassName=nfs-client` to your `StorageClass` +In this example, I am using `nf-client` which is the [Kubernetes NFS Subdir External Provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) + +## Accessing the Grafana Dashboard + +To access your Grafana dashboard you can run + +```bash +kubectl port-forward --namespace service/loki-grafana 3000:80 +``` + +To get the password for the `admin` user run + +```bash +kubectl get secret --namespace loki-grafana -o jsonpath="{.data.admin-password}" | base64 --decode ; echo +``` + +This should print out your password + +You can now access your dashboard on `http://localhost:3000` + +## Ingress with Traefik + +If you want to create an `IngressRoute` and you are using traefik can you apply the following + +`ingress.yml` + +```yml +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: loki-grafana-ingress + annotations: + kubernetes.io/ingress.class: traefik-internal # change with your value +spec: + entryPoints: + - websecure + routes: + - match: Host(`grafana.example.com`) # change with your value + kind: Rule + services: + - name: loki-grafana + port: 80 +``` + +```bash +kubectl apply -f ingress.yml +``` + +You should now be able to access your dashboard on `https://grafana.example.com` + +## LogQL sample queries + +Query all logs from the `container` label + +```sql +{container="uptime-kuma"} +``` + +query all logs from the `container` stream and filter on `error` + +```sql +{container="uptime-kuma"} |= "error" + +``` + +query all logs from the `pod` label of `uptime-kuma-8d45g32fd-lk8rl` + +```sql +{pod="uptime-kuma-8d45g32fd-lk8rl"} + +``` + +Read more about LogQL [here](https://grafana.com/docs/loki/latest/logql/) + +## Upgrading Loki Stack + +To upgrade, you run the same command you use to install it, with an updated chart + +```bash +helm repo update +``` + +```bash +helm upgrade --install loki grafana/loki-stack --set grafana.enabled=true,prometheus.enabled=true,prometheus.alertmanager.persistentVolume.enabled=false,prometheus.server.persistentVolume.enabled=false,loki.persistence.enabled=true,loki.persistence.storageClassName=nfs-client,loki.persistence.size=5Gi +``` + + +See all the hardware I recommend at diff --git a/_posts/2021-11-20-grafana-loki-kubernetes.md:Zone.Identifier b/_posts/2021-11-20-grafana-loki-kubernetes.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-11-20-grafana-loki.md b/_posts/2021-11-20-grafana-loki.md new file mode 100644 index 0000000..7e5715f --- /dev/null +++ b/_posts/2021-11-20-grafana-loki.md @@ -0,0 +1,307 @@ +--- +layout: post +title: "Meet Grafana LOKI, a Log Aggregation System for Everything" +date: 2021-11-20 8:00:00 -0500 +categories: homelab +tags: homelab proxmox grafana logging promtail prometheus +--- + +[![Meet Grafana LOKI, a Log Aggregation System for Everything](https://img.youtube.com/vi/h_GGd7HfKQ8/0.jpg)](https://www.youtube.com/watch?v=h_GGd7HfKQ8 "Meet Grafana LOKI, a Log Aggregation System for Everything") + +I've been on a quest to find a new logging system. I've use quite a few in the past, some open source, some proprietary, and some home grown, but recently I've decided to switch. I've switched to Grafana Loki for all of my logs for all of my systems - this includes machines, devices, docker systems and hosts, and my all of my kubernetes clusters. If you're thinking of using Grafana and are also looking for a fast way to log all of your systems, join me as we discuss and configure Grafana Loki. + +[Watch Video](https://www.youtube.com/watch?v=h_GGd7HfKQ8) + +Don't want to host it yourself? Check out Grafana Cloud and sign up for a free account + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Docker Setup + +See [this post](https://docs.technotim.live/posts/docker-compose-install/) on how to install `docker` and `docker-compose` + +## Running the container + +If you're using Docker compose + +```bash +mkdir grafana +mkdir loki +mkdir promtail +touch docker-compose.yml +nano docker-compose.yml # copy the contents from below +ls +docker-compose up -d --force-recreate # be sure you've created promtail-config.yml and loki-config.yml before running this +``` + +`docker-compose.yml` + +```yml +version: "3" +networks: + loki: +services: + loki: + image: grafana/loki:2.4.0 + volumes: + - /home/serveradmin/docker_volumes/loki:/etc/loki + ports: + - "3100:3100" + restart: unless-stopped + command: -config.file=/etc/loki/loki-config.yml + networks: + - loki + promtail: + image: grafana/promtail:2.4.0 + volumes: + - /var/log:/var/log + - /home/serveradmin/docker_volumes/promtail:/etc/promtail + # ports: + # - "1514:1514" # this is only needed if you are going to send syslogs + restart: unless-stopped + command: -config.file=/etc/promtail/promtail-config.yml + networks: + - loki + grafana: + image: grafana/grafana:latest + user: "1000" + volumes: + - /home/serveradmin/docker_volumes/grafana:/var/lib/grafana + ports: + - "3000:3000" + restart: unless-stopped + networks: + - loki +``` + +## Loki Config + +```bash +nano loki/loki-config.yml +``` + +`loki-config.yml` + +```yml +auth_enabled: false + +server: + http_listen_port: 3100 + grpc_listen_port: 9096 + +common: + path_prefix: /tmp/loki + storage: + filesystem: + chunks_directory: /tmp/loki/chunks + rules_directory: /tmp/loki/rules + replication_factor: 1 + ring: + instance_addr: 127.0.0.1 + kvstore: + store: inmemory + +schema_config: + configs: + - from: 2020-10-24 + store: boltdb-shipper + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 24h + +ruler: + alertmanager_url: http://localhost:9093 +``` + +## Promtail Config + +```bash +nano promtail/promtail-config.yml +``` + +`promtail-config.yml` + +```yml +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://loki:3100/loki/api/v1/push + +scrape_configs: + +# local machine logs + +- job_name: local + static_configs: + - targets: + - localhost + labels: + job: varlogs + __path__: /var/log/*log + +## docker logs + +#- job_name: docker +# pipeline_stages: +# - docker: {} +# static_configs: +# - labels: +# job: docker +# __path__: /var/lib/docker/containers/*/*-json.log + +# syslog target + +#- job_name: syslog +# syslog: +# listen_address: 0.0.0.0:1514 # make sure you also expose this port on the container +# idle_timeout: 60s +# label_structured_data: yes +# labels: +# job: "syslog" +# relabel_configs: +# - source_labels: ['__syslog_message_hostname'] +# target_label: 'host' +``` + +## Loki Docker Driver + +Install docker plugin + +```bash +docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions +``` + +Edit docker daemon config + +```bash +sudo nano /etc/docker/daemon.json +``` + +`daemon.json` + +```json +{ + "log-driver": "loki", + "log-opts": { + "loki-url": "http://localhost:3100/loki/api/v1/push", + "loki-batch-size": "400" + } +} +``` + +Restart docker daemon. + +```bash + sudo systemctl restart docker +``` + +You will also need to recreate your containers after applying this setting * + +## LogQL sample queries + +Query all logs from the `varlogs` stream + +```sql +{job="varlogs"} +``` + +Query all logs from the `varlogs` stream and filter on `docker` + +```sql +{job="varlogs"} |= "docker" + +``` + +Query all logs from the `container_name` label of `uptime-kuma` and filter on `host` of `juno` + +```sql +{container_name="uptime-kuma", host="juno"} + +``` + +Read more about LogQL [here](https://grafana.com/docs/loki/latest/logql/) + +## ARM CPU (Raspberry Pi) + +There is a workaround for using this with ARM CPUs. Credit to [AndreiTelteu](https://github.com/AndreiTelteu) for finding this [in this discussion](https://github.com/techno-tim/techno-tim.github.io/discussions/97) + +delete `/etc/docker/daemon.json` + +Add the vector service to the docker-compose.yml file + +```yml + + vector: + image: timberio/vector:0.18.1-debian + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /home/serveradmin/docker_volumes/vector/vector-config.toml:/etc/vector/vector.toml:ro + ports: + - "8383:8383" + restart: unless-stopped + networks: + - loki +``` + +Run this command + +```bash +mkdir vector +cd vector +nano vector-config.toml +``` + +paste this config in the file: + +```toml +[sources.docker-local] + type = "docker_logs" + docker_host = "/var/run/docker.sock" + exclude_containers = [] + + # Identify zero-width space as first line of a multiline block. + multiline.condition_pattern = '^\x{200B}' # required + multiline.mode = "halt_before" # required + multiline.start_pattern = '^\x{200B}' # required + multiline.timeout_ms = 1000 # required, milliseconds + +[sinks.loki] + # General + type = "loki" # required + inputs = ["docker*"] # required + endpoint = "http://loki:3100" # required + + # Auth + auth.strategy = "bearer" # required + auth.token = "none" # required + + # Encoding + encoding.codec = "json" # required + + # Healthcheck + healthcheck.enabled = false # optional, default + + # Loki Labels + labels.forwarder = 'vector' + labels.host = '{{ host }}' + labels.container_name = '{{ container_name }}' + labels.compose_service = '{{ label.com\.docker\.compose\.service }}' + labels.compose_project = '{{ label.com\.docker\.compose\.project }}' + labels.source = '{{ stream }}' + labels.category = 'dockerlogs' +``` + +Credits to this post for the config file: [grafana/loki#2361 (comment)](https://github.com/grafana/loki/issues/2361#issuecomment-826732810) + +## Kubernetes Setup + +If you're looking to set this up in kubernetes, see [this post](https://docs.technotim.live/posts/grafana-loki-kubernetes/) diff --git a/_posts/2021-11-20-grafana-loki.md:Zone.Identifier b/_posts/2021-11-20-grafana-loki.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-12-04-homelab-services-tour-2021.md b/_posts/2021-12-04-homelab-services-tour-2021.md new file mode 100644 index 0000000..ea45918 --- /dev/null +++ b/_posts/2021-12-04-homelab-services-tour-2021.md @@ -0,0 +1,21 @@ +--- +layout: post +title: "HomeLab Services Tour Late 2021 - What am I Self-Hosting in my HomeLab?" +date: 2021-12-04 8:00:00 -0500 +categories: homelab +tags: homelab proxmox grafana logging dns dashboard kubernetes certificates shlink littlelink-server portainer self-hosted docker rancher pi-hole heimdall plex truenas jekyll grafana loki monitoring uptime-kuma traefik nas unifi virtulization containerization +--- + +[![HomeLab Services Tour Late 2021 - What am I Self-Hosting in my HomeLab?](https://img.youtube.com/vi/IE5y2_S8S8U/0.jpg)](https://www.youtube.com/watch?v=IE5y2_S8S8U "HomeLab Services Tour Late 2021 - What am I Self-Hosting in my HomeLab?") + +After showing off my Home Lab hardware in my late 2021 tour, many of you asked what services are self-hosted in this stack. This is always a moving target so I decided it was time to share which services I am running here at home. Today, we walk through everything I am hosting including: Dashboard, Hypervisor, Virtualization, Containerization, Network Attached Storage (NAS), DNS, Network Management, Home Security, Kubernetes, Kubernetes Storage, Docker, Reverse Proxy, Certificates, Monitoring, Logging, Syncing Data, File Sharing, Self-Promotion (Contact Page), Link Shortening, Home Entertainment, Home Automation, Battery / UPS Monitoring, CMS, Static Site Generators, Dynamic DNS, CI/CD, and many, many others. Enjoy the virtual tour! + +Worth mentioning, I [have videos on almost every service mentioned in this video](https://l.technotim.live/subscribe)! + +[Watch Video](https://www.youtube.com/watch?v=IE5y2_S8S8U) + +See all the hardware I recommend at + +Be sure to check out the [2021 HomeLab hardware tour here](https://docs.technotim.live/posts/homelab-tour-2021/) + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files \ No newline at end of file diff --git a/_posts/2021-12-04-homelab-services-tour-2021.md:Zone.Identifier b/_posts/2021-12-04-homelab-services-tour-2021.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2021-12-11-keepalived-ha-loadbalancer.md b/_posts/2021-12-11-keepalived-ha-loadbalancer.md new file mode 100644 index 0000000..b547386 --- /dev/null +++ b/_posts/2021-12-11-keepalived-ha-loadbalancer.md @@ -0,0 +1,154 @@ +--- +layout: post +title: "Meet keepalived - High Availability and Load Balancing in One" +date: 2021-12-11 8:00:00 -0500 +categories: homelab +tags: homelab keepalived self-hosted linux ubuntu +--- + +[![Meet keepalived - High Availability and Load Balancing in One](https://img.youtube.com/vi/hPfk0qd4xEY/0.jpg)](https://www.youtube.com/watch?v=hPfk0qd4xEY "Meet keepalived - High Availability and Load Balancing in One") + +In my quest to make my services highly available I decided to use keepalived. keepalived is a framework for both load balancing and high availability that implements VRRP. This is a protocol that you see on some routers and has been implemented in keepalived. It creates a Virtual IP (or VIP, or floating IP) that acts as a gateway to route traffic to all participating hosts. This VIP that can provide a high availability setup and fail over to another host in the event that one is down. In this video, we'll set up and configure keepalived, we'll test our configuration to make sure it's working, and we'll also talk about some advanced use cases like load balancing. + +[Watch Video](https://www.youtube.com/watch?v=hPfk0qd4xEY) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Installation + +```bash +sudo apt update +sudo apt install keepalived +sudo apt install libipset13 +``` + +## Configuration + +Find your IP + +```bash +ip a +``` + +edit your config + +```bash +sudo nano /etc/keepalived/keepalived.conf +``` + +First node + +```apacheconf +vrrp_instance VI_1 { + state MASTER + interface ens18 + virtual_router_id 55 + priority 150 + advert_int 1 + unicast_src_ip 192.168.30.31 + unicast_peer { + 192.168.30.32 + } + + authentication { + auth_type PASS + auth_pass C3P9K9gc + } + + virtual_ipaddress { + 192.168.30.100/24 + } +} +``` + +Second node + +```apacheconf +vrrp_instance VI_1 { + state BACKUP + interface ens18 + virtual_router_id 55 + priority 100 + advert_int 1 + unicast_src_ip 192.168.30.32 + unicast_peer { + 192.168.30.31 + } + + authentication { + auth_type PASS + auth_pass C3P9K9gc + } + + virtual_ipaddress { + 192.168.30.100/24 + } +} +``` + +Start and enable the service + +```bash +sudo systemctl enable --now keepalived.service +``` + +stopping the service + +```bash +sudo systemctl stop keepalived.service +``` + +get the status + +```bash +sudo systemctl status keepalived.service +``` + +## nginx example + +create `index.html` to mount + +```bash +nano /home/user/docker_volumes/nginx/index.html +``` + +```html + + + + + + + Hello From Primary Node + + + + +

+ Hello World 1 +

+ + + +``` + +install nginx via docker + +```bash +docker run --name some-nginx -v /home/user/docker_volumes/nginx:/usr/share/nginx/html:ro -d -p 8080:80 nginx +``` + +visit your VIP on port `8080` + +## PiHole + +In this video we covered the PiHole use case. After setting this up, be sure to check out the tutorial on Gravity Sync + +[https://docs.technotim.live/posts/ha-pi-hold-gravity-sync/](https://docs.technotim.live/posts/ha-pi-hold-gravity-sync/) diff --git a/_posts/2021-12-11-keepalived-ha-loadbalancer.md:Zone.Identifier b/_posts/2021-12-11-keepalived-ha-loadbalancer.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-01-01-turing-pi-2-hardware.md b/_posts/2022-01-01-turing-pi-2-hardware.md new file mode 100644 index 0000000..a50a97b --- /dev/null +++ b/_posts/2022-01-01-turing-pi-2-hardware.md @@ -0,0 +1,41 @@ +--- +layout: post +title: "Meet the Turing Pi 2 - Mix Pis and NVidia Jetsons on a Mini ITX Board!" +date: 2022-01-01 8:00:00 -0500 +categories: homelab +tags: raspberry-pi k3s kubernetes homelab hardware turing-pi +--- + +[![Meet the Turing Pi 2 - Mix Pis and NVidia Jetsons on a Mini ITX Board!](https://img.youtube.com/vi/PX5UAtPeyd8/0.jpg)](https://www.youtube.com/watch?v=PX5UAtPeyd8 "Meet the Turing Pi 2 - Mix Pis and NVidia Jetsons on a Mini ITX Board!") + +The Turing Pi 2 is a compact ARM cluster that provides a scalable computing on the edge. The Turning Pi 2 comes with many improvements over the Turning Pi 1. This model ships with 32GB of RAM, SATA III interface, Raspberry Pi Compute module 4 support, and support for NVIDIA Jetson boards. This means that you can mix and match both raspberry Pis along with Nvidia Jetson boards. This gives us a ton of flexibility to be able to run Pis for general compute workloads, and then Nvidia Jetsons for AI or ML workloads. Join me as we explore the Turing Pi 2 and prepare its home inside of my HomeLab server rack. + +[Watch Video](https://www.youtube.com/watch?v=PX5UAtPeyd8) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +Turing Pi 2 - + +Raspberry Pi Compute Modules - + +NVIDIA Jetson - + +Rosewill 2U Server Chassis Case - + +EVGA 550 Power Supply - + +Noctua 80mm Redux PWM Fans - + +Samsung EVO microSD 64 GB - + +Samsung EVO microSD 128 GB - + +CR2032 Batteries - + +CM4 Heat Sinks - + +Multipurpose Rails + +4 Pin Splitter Cables diff --git a/_posts/2022-01-01-turing-pi-2-hardware.md:Zone.Identifier b/_posts/2022-01-01-turing-pi-2-hardware.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-01-15-low-power-efficient-proxmox.md b/_posts/2022-01-15-low-power-efficient-proxmox.md new file mode 100644 index 0000000..315b25d --- /dev/null +++ b/_posts/2022-01-15-low-power-efficient-proxmox.md @@ -0,0 +1,24 @@ +--- +layout: post +title: "Build a Low Power, Efficient, Small Form Factor but Powerful Proxmox Server" +date: 2022-01-15 8:00:00 -0500 +categories: homelab +tags: homelab proxmox hardware +--- + +[![Build a Low Power, Efficient, Small Form Factor but Powerful Proxmox Server](https://img.youtube.com/vi/XoObI3L9xNA/0.jpg)](https://www.youtube.com/watch?v=XoObI3L9xNA "Build a Low Power, Efficient, Small Form Factor but Powerful Proxmox Server") + +Have you been thinking about building a low power, efficient, small form factor but performant Proxmox server? This is the perfect home server build for anyone who wanted to virtualize some machines while still staying green. This tiny, silent, and efficient build is one that won't drive up your electricity bill either. + +A HUGE thanks to Micro Center for sponsoring this video! + +New Customers Exclusive – Get a Free 240gb SSD at Micro Center: + +[Watch Video](https://www.youtube.com/watch?v=XoObI3L9xNA) + +See the kit here: + + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. diff --git a/_posts/2022-01-15-low-power-efficient-proxmox.md:Zone.Identifier b/_posts/2022-01-15-low-power-efficient-proxmox.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-01-29-self-hosting-security.md b/_posts/2022-01-29-self-hosting-security.md new file mode 100644 index 0000000..f068ffe --- /dev/null +++ b/_posts/2022-01-29-self-hosting-security.md @@ -0,0 +1,23 @@ +--- +layout: post +title: "Self-Hosting Security Guide for your HomeLab" +date: 2022-01-29 8:00:00 -0500 +categories: homelab +tags: homelab hardware security self-hosted +--- + +[![Self-Hosting Security Guide for your HomeLab](https://img.youtube.com/vi/Cs8yOmTJNYQ/0.jpg)](https://www.youtube.com/watch?v=Cs8yOmTJNYQ "Self-Hosting Security Guide for your HomeLab") + +A HUGE thanks to Micro Center for sponsoring this video! + +New Customers Exclusive – Get a Free 240gb SSD at Micro Center: + +[Watch Video](https://www.youtube.com/watch?v=Cs8yOmTJNYQ) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files. + +## Intro + +When most people think about self-hosting services in their HomeLab, they often think of the last mile. By last mile I mean the very last hop before a user accesses your services. This last hop, whether that’s using certificates or a reverse proxy, is incredibly important, but it’s also important to know that security starts at the foundation of your HomeLab. Today, we'll work our way up from hardware security, to OS, to networking, to containers, to firewalls, IDS/IPS, reverse proxies, auth proxies for authentication and authorization, and even lean in to an external provider like Cloudflare. diff --git a/_posts/2022-01-29-self-hosting-security.md:Zone.Identifier b/_posts/2022-01-29-self-hosting-security.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-02-12-crowdsec-traefik.md b/_posts/2022-02-12-crowdsec-traefik.md new file mode 100644 index 0000000..838638a --- /dev/null +++ b/_posts/2022-02-12-crowdsec-traefik.md @@ -0,0 +1,333 @@ +--- +layout: post +title: "Open Source & Collaborative Security with CrowdSec and Traefik - CrowdSec & Traefik Tutorial" +date: 2022-02-12 8:00:00 -0500 +categories: homelab +tags: homelab hardware security self-hosted crowdsec traefik fail2ban +--- + +[![Open Source & Collaborative Security with CrowdSec and Traefik - CrowdSec & Traefik Tutorial](https://img.youtube.com/vi/-GxUP6bNxF0/0.jpg)](https://www.youtube.com/watch?v=-GxUP6bNxF0 "Open Source & Collaborative Security with CrowdSec and Traefik - CrowdSec & Traefik Tutorial") + +A HUGE THANK YOU to Micro Center for sponsoring this video! + +New Customers Exclusive – Get a Free 240gb SSD at Micro Center: + +[Watch Video](https://www.youtube.com/watch?v=-GxUP6bNxF0) + +See all the hardware I recommend at + +## Intro + +[CrowdSec](https://crowdsec.net/) is a free, open-source and collaborative IPS. Analyze behaviors, respond to attacks & share signals across the community. With CrowdSec, you can set up your own intrusion detection system that parses logs, detects and blocks threats, and shares bad actors with the larger CrowdSec community. It works great with a reverse proxy like [traefik](https://traefik.io/) to help keep hackers at bay. Could this be a viable alternative to fail2ban? + +A HUGE THANK YOU to Micro Center for sponsoring this video! + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files + +If you need to set up traefik, you can follow this post here on [configuring traefik](https://docs.technotim.live/posts/traefik-portainer-ssl/) + +If you need a high level overview of HomeLab and Self-Hosting Security, check out [this video](https://www.youtube.com/watch?v=Cs8yOmTJNYQ) that will help you keep your network safe. + +## Configure CrowdSec + +traefik bouncer repo + + +```bash +mkdir crowdsec +cd crowdsec +touch docker-compose.yml +nano docker-compose.yml +``` + +```yml +version: '3.8' +services: + crowdsec: + image: crowdsecurity/crowdsec:latest + container_name: crowdsec + environment: + GID: "${GID-1000}" + COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik" + # depends_on: #uncomment if running traefik in the same compose file + # - 'traefik' + volumes: + - ./config/acquis.yaml:/etc/crowdsec/acquis.yaml + - crowdsec-db:/var/lib/crowdsec/data/ + - crowdsec-config:/etc/crowdsec/ + - traefik_traefik-logs:/var/log/traefik/:ro + networks: + - proxy + restart: unless-stopped + + bouncer-traefik: + image: docker.io/fbonalair/traefik-crowdsec-bouncer:latest + container_name: bouncer-traefik + environment: + CROWDSEC_BOUNCER_API_KEY: some-api-key + CROWDSEC_AGENT_HOST: crowdsec:8080 + networks: + - proxy # same network as traefik + crowdsec + depends_on: + - crowdsec + restart: unless-stopped +networks: + proxy: + external: true +volumes: + crowdsec-db: + crowdsec-config: + traefik_traefik-logs: # this will be the name of the volume from trarfic logs + external: true # remove if traefik is running on same stack +``` + +```bash +cd config +touch acquis.yaml +nano acquis.yaml +docker-compose up -d --force-recreate +``` + +```yml +filenames: + - /var/log/traefik/* +labels: + type: traefik +``` + +## Configure Traefik + +```bash +cd traefik +cd data +nano traefik.yml +``` + +```yml +api: + dashboard: true + debug: true +entryPoints: + http: + address: ":80" + http: + middlewares: + - crowdsec-bouncer@file + https: + address: ":443" + http: + middlewares: + - crowdsec-bouncer@file +serversTransport: + insecureSkipVerify: true +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + filename: /config.yml +certificatesResolvers: + cloudflare: + acme: + email: someone@example.com + storage: acme.json + dnsChallenge: + provider: cloudflare + resolvers: + - "1.1.1.1:53" +log: + level: "INFO" + filePath: "/var/log/traefik/traefik.log" +accessLog: + filePath: "/var/log/traefik/access.log" +``` + +```bash +nano docker-compose.yml +``` + +```yml +version: '3' + +services: + traefik: + image: traefik:latest + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + networks: + - proxy + ports: + - 80:80 + - 443:443 + environment: + - CF_API_EMAIL=user@example.com + - CF_DNS_API_TOKEN=YOUR_API_TOKEN + # - CF_API_KEY=YOUR_API_KEY + # be sure to use the correct one depending on if you are using a token or key + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - /home/username/traefik/data/traefik.yml:/traefik.yml:ro + - /home/username/traefik/data/acme.json:/acme.json + - /home/username/traefik/data/config.yml:/config.yml:ro + - traefik-logs:/var/log/traefik + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.entrypoints=http" + - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.example.com`)" + - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD" + - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" + - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" + - "traefik.http.routers.traefik-secure.entrypoints=https" + - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.example.com`)" + - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" + - "traefik.http.routers.traefik-secure.tls=true" + - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" + - "traefik.http.routers.traefik-secure.tls.domains[0].main=local.example.com" + - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.example.com" + - "traefik.http.routers.traefik-secure.service=api@internal" + +networks: + proxy: + external: true +volumes: + traefik-logs: +``` + +```bash +docker-compose up -d --force-recreate +``` + +```bash +cd config/data +nano config.yml +``` + +add + +```yml + crowdsec-bouncer: + forwardauth: + address: http://bouncer-traefik:8080/api/v1/forwardAuth + trustForwardHeader: true + +``` + +```bash +nano traefik.yml +``` + +```yml +# check to be sure you have your middleware set for both +entryPoints: + http: + address: ":80" + http: + middlewares: + - crowdsec-bouncer@file + https: + address: ":443" + http: + middlewares: + - crowdsec-bouncer@file +``` + +## Dashboard + +To add a self-hosted dashboard update your `docker-compose.yml` + +```bash +cd crowdsec +touch Dockerfile +``` + +```dockerfile +FROM metabase/metabase +RUN mkdir /data/ && wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -d /data/ +``` + +```bash +nano docker-compose.yml +``` + +```yaml + dashboard: + #we're using a custom Dockerfile so that metabase pops with pre-configured dashboards + build: ./dashboard + restart: always + ports: + - 3000:3000 + environment: + MB_DB_FILE: /data/metabase.db + MGID: "${GID-1000}" + depends_on: + - 'crowdsec' + volumes: + - crowdsec-db:/metabase-data/ + networks: + crowdsec_test: + ipv4_address: 172.20.0.5 +``` + +restart container + +```bash +docker-compose up -d --force-recreate +``` + +Default's credentials for metabase are `crowdsec@crowdsec.net` and `!!Cr0wdS3c_M3t4b4s3??` Be sure to change this. + +## CrowdSec Commands + +see metrics + +```bash +docker exec crowdsec cscli metrics +``` + +see bans + +```bash +docker exec crowdsec cscli decisions list +``` + +manually install collections + +```bash +docker exec crowdsec cscli collections install crowdsecurity/traefik +``` + +update hubs + +```bash +docker exec crowdsec cscli hub update +``` + +upgrade hubs + +```bash +docker exec crowdsec cscli hub upgrade +``` + +add bouncer + +(save api key somewhere) + +```bash +docker exec crowdsec cscli bouncers add bouncer-traefik +``` + +ban ip + +```bash +docker exec crowdsec cscli decisions add --ip 192.168.0.101 +``` + +unban ip + +```bash +docker exec crowdsec cscli decisions delete --ip 192.168.0.101 +``` diff --git a/_posts/2022-02-12-crowdsec-traefik.md:Zone.Identifier b/_posts/2022-02-12-crowdsec-traefik.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-02-26-custom-docker-image.md b/_posts/2022-02-26-custom-docker-image.md new file mode 100644 index 0000000..88fcd85 --- /dev/null +++ b/_posts/2022-02-26-custom-docker-image.md @@ -0,0 +1,94 @@ +--- +layout: post +title: "Building your first Dockerfile, Image, and Container" +date: 2022-02-26 8:00:00 -0500 +categories: docker +tags: docker docker-compose container image +--- + +[![Build YOUR OWN Dockerfile, Image, and Container](https://img.youtube.com/vi/SnSH8Ht3MIc/0.jpg)](https://www.youtube.com/watch?v=SnSH8Ht3MIc "Build YOUR OWN Dockerfile, Image, and Container") + +We spin up all types of containers on my channel in my tutorials, but we have yet to build our own custom Docker container image. Today we'll start from scratch with an empty Dockerfile and create, build, and run our very own custom Docker image! We'll learn all the commands that everyone should know when building and maintaining images with Docker. This tutorial is a great way to get started with Docker! + +[Watch Video](https://www.youtube.com/watch?v=SnSH8Ht3MIc) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files + +## Install Docker + +To install docker, see [https://docs.technotim.live/posts/docker-compose-install/](https://docs.technotim.live/posts/docker-compose-install/) + +## Docker commands + +[Source files](https://github.com/techno-tim/launchpad/tree/master/docker/custom-image) + +build image + +```bash +docker build . +``` + +build image with tag + +```bash +docker build -t hello-internet +``` + +list docker images + +```bash +docker images +``` + +list docker containers + +```bash +docker ps +``` + +list docker containers including stopped + +```bash +docker ps -a +``` + +create container from image + +```bash +docker run -d -p 80:80 +``` + +exec into running container + +```bash +docker exec -it /bin/sh +``` + +stop running container + +```bash +docker stop +``` + +start a stopped container + +```bash +docker start +``` + +remove a container + +```bash +docker rm +``` + +remove an image + +```bash +docker rmi +``` + + + diff --git a/_posts/2022-02-26-custom-docker-image.md:Zone.Identifier b/_posts/2022-02-26-custom-docker-image.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-03-02-truenas-scale-apps.md b/_posts/2022-03-02-truenas-scale-apps.md new file mode 100644 index 0000000..9818b01 --- /dev/null +++ b/_posts/2022-03-02-truenas-scale-apps.md @@ -0,0 +1,19 @@ +--- +layout: post +title: "TrueNAS Scale Apps - Official, Unofficial, Docker, and Kubernetes" +date: 2022-03-02 8:00:00 -0500 +categories: truenas +tags: homelab docker-compose container image helm kubernetes k3s truenas docker +--- + +[![TrueNAS Scale Apps - Official, Unofficial, Docker, and Kubernetes](https://img.youtube.com/vi/oafOky5GSzc/0.jpg)](https://www.youtube.com/watch?v=oafOky5GSzc "TrueNAS Scale Apps - Official, Unofficial, Docker, and Kubernetes") + +TrueNAS SCALE is here and with it comes new way of installing and managing applications. You can install official apps, unofficial and community apps using TrueCharts, and also any Docker image or Kubernetes deployment with helm. Join me as we dive into managing applications and exploring TrueNAS SCALES's new app engine that runs Docker, Kubernetes, and K3S. + +[Watch Video](https://www.youtube.com/watch?v=oafOky5GSzc) + +If you're looking for Community App Catalog for TrueNAS SCALE, you can find it [here](https://truecharts.org/) + +See all the hardware I recommend at + +Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-03-02-truenas-scale-apps.md:Zone.Identifier b/_posts/2022-03-02-truenas-scale-apps.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-03-12-meet-harvester.md b/_posts/2022-03-12-meet-harvester.md new file mode 100644 index 0000000..0641182 --- /dev/null +++ b/_posts/2022-03-12-meet-harvester.md @@ -0,0 +1,21 @@ +--- +layout: post +title: "A Hypervisor Built on Kubernetes - Cloud Native HCI with Harvester" +date: 2022-03-12 8:00:00 -0500 +categories: kubernetes rancher +tags: harvester homelab rancher k3s kubernetes grafana +--- + +[![A Hypervisor Built on Kubernetes - Cloud Native HCI with Harvester](https://img.youtube.com/vi/tVsMen_e6OI/0.jpg)](https://www.youtube.com/watch?v=tVsMen_e6OI "A Hypervisor Built on Kubernetes - Cloud Native HCI with Harvester") + +Rancher released a next generation open source HCI software hypervisor built on Kubernetes that helps you run virtual machines. With Harvester you can create Linux, Windows, or any virtual machine that can be easily scaled and cluster giving your high availability virtual machines with a few clicks. It also gives you a platform to automatically create HA RKE1, RKE2, and K3S Kubernetes clusters with etcd along with the virtual machines it runs on. Now you can run virtual machines and kubernetes on the edge on one machine. + +📺 [Watch Video](https://www.youtube.com/watch?v=tVsMen_e6OI) + +⬇️ [Download Harvester](https://github.com/harvester/harvester/releases) + +📖 [Harvester Documentation](https://docs.harvesterhci.io) + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-03-12-meet-harvester.md:Zone.Identifier b/_posts/2022-03-12-meet-harvester.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-03-19-cloud-init-cloud-image.md b/_posts/2022-03-19-cloud-init-cloud-image.md new file mode 100644 index 0000000..a258970 --- /dev/null +++ b/_posts/2022-03-19-cloud-init-cloud-image.md @@ -0,0 +1,95 @@ +--- +layout: post +title: "Perfect Proxmox Template with Cloud Image and Cloud Init" +date: 2022-03-19 10:00:00 -0500 +categories: proxmox +tags: proxmox ubuntu cloud-image cloud-init cloud clone linux +--- + +[![Perfect Proxmox Template with Cloud Image and Cloud Init](https://img.youtube.com/vi/shiIi38cJe4/0.jpg)](https://www.youtube.com/watch?v=shiIi38cJe4 "Perfect Proxmox Template with Cloud Image and Cloud Init") + +Using Cloud Images and Cloud Init with Proxmox is easy, fast, efficient, and fun! Cloud Images are small images that are certified cloud ready that have Cloud Init preinstalled and ready to accept a Cloud Config. Cloud Images and Cloud Init also work with Proxmox and if you combine the two you have a perfect, small, efficient, optimized clone template to provision machines with your ssh keys and network settings. So join me as we discuss, set up, and configure Proxmox with Cloud Images and Cloud Init. + +📺 [Watch Video](https://www.youtube.com/watch?v=shiIi38cJe4) + +## Instructions + +Choose your [Ubuntu Cloud Image](https://cloud-images.ubuntu.com/) + +Download Ubuntu (replace with the url of the one you chose from above) + +```bash +wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img +``` + +Create a new virtual machine + +```bash +qm create 8000 --memory 2048 --core 2 --name ubuntu-cloud --net0 virtio,bridge=vmbr0 +``` + +Import the downloaded Ubuntu disk to local-lvm storage + +```bash +qm importdisk 8000 focal-server-cloudimg-amd64.img local-lvm +``` + +Attach the new disk to the vm as a scsi drive on the scsi controller + +```bash +qm set 8000 --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-8000-disk-0 +``` + +Add cloud init drive + +```bash +qm set 8000 --ide2 local-lvm:cloudinit +``` + +Make the cloud init drive bootable and restrict BIOS to boot from disk only + +```bash +qm set 8000 --boot c --bootdisk scsi0 +``` + +Add serial console + +```bash +qm set 8000 --serial0 socket --vga serial0 +``` + +**DO NOT START YOUR VM** + +Now, configure hardware and cloud init, then create a template and clone. If you want to expand your hard drive you can on this base image before creating a template or after you clone a new machine. I prefer to expand the hard drive after I clone a new machine based on need. + +Create template. + +```bash +qm template 8000 +``` + +Clone template. + +```bash +qm clone 8000 135 --name yoshi --full +``` + +## Troubleshooting + +If you need to reset your machine-id + +```bash +sudo rm -f /etc/machine-id +sudo rm -f /var/lib/dbus/machine-id +``` + +Then shut it down and do not boot it up. A new id will be generated the next time it boots. If it does not you can run: +```bash +sudo systemd-machine-id-setup +``` + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-03-19-cloud-init-cloud-image.md:Zone.Identifier b/_posts/2022-03-19-cloud-init-cloud-image.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-03-26-k3s-etcd-ansible.md b/_posts/2022-03-26-k3s-etcd-ansible.md new file mode 100644 index 0000000..77d5608 --- /dev/null +++ b/_posts/2022-03-26-k3s-etcd-ansible.md @@ -0,0 +1,179 @@ +--- +layout: post +title: "Fully Automated K3S etcd High Availability Install" +date: 2022-03-26 10:00:00 -0500 +categories: kubernetes k3s +tags: k3s rancher etcd ansible cloud-image metallb kube-vip +--- + +[![Fully Automated K3S etcd High Availability Install](https://img.youtube.com/vi/CbkEWcUZ7zM/0.jpg)](https://www.youtube.com/watch?v=CbkEWcUZ7zM "Fully Automated K3S etcd High Availability Install") + +Setting up k3s is hard. That's why we made it easy. Today we'll set up a High Availability K3s cluster using etcd, MetalLB, kube-vip, and Ansible. We'll automate the entire process giving you an easy, repeatable way to create a k3s cluster that you can run in a few minutes. + +A HUGE THANKS to our sponsor, Micro Center! + +New Customers Exclusive – Get a Free 240gb SSD at Micro Center: + +📺 [Watch Video](https://www.youtube.com/watch?v=CbkEWcUZ7zM) + +## Prep + +First, you'll need Ansible installed. Here's an easy way to [install Ansible](https://docs.technotim.live/posts/ansible-automation/) and a video if you need. + +Second, you'll need to provision the VMs. Here's an easy way to create [perfect Proxmox templates with cloud image and cloud init](https://docs.technotim.live/posts/cloud-init-cloud-image/) and a video if you need. + +Next, you'll need to fork and clone [the repo](https://github.com/techno-tim/k3s-ansible). While you're at it, give it a ⭐ too :). + +```bash +git clone https://github.com/techno-tim/k3s-ansible +``` + +Next you'll need to install some requirements for `ansible` + +```bash +ansible-galaxy install -r ./collections/requirements.yml +``` + +Next, you'll want to `cd` into the repo and copy the `sample` directory within the `inventory` directory. + +(Be sure you're using the [latest template](https://github.com/techno-tim/k3s-ansible/blob/master/inventory/sample/group_vars/all.yml)) + +```bash +cp -R inventory/sample inventory/my-cluster +``` + +## Installing k3s + +Next, edit the `inventory/my-cluster/hosts.ini` to match your systems. DNS works here too. + +```ini +[master] +192.168.30.38 +192.168.30.39 +192.168.30.40 + +[node] +192.168.30.41 +192.168.30.42 + +[k3s_cluster:children] +master +node +``` + +Edit `inventory/my-cluster/group_vars/all.yml` to your liking. See comments inline. + +It's best to start using these args, and optionally include `traefik` if you want it installed with `k3s` however I would recommend installing it later with `helm` + +It's best to start ith the default values in the repo. + +```yaml +extra_server_args: {{ extra_args }} --disable servicelb --disable traefik +extra_agent_args: {{ extra_args }} +``` + +I would not change these values unless you know what you are doing. It will most likely not work for you but listing for posterity. + +> *Note: These are for an advanced use case. There isn't a one size fits all setting for everyone and their needs, I would try using k3s with the above values before changing them. This could have undesired effects like nodes going offline, pods jumping or being removed, etc... Using these args might come at the cost of stability Also, these will not work anymore without some modifications* +{: .prompt-danger } + +```yaml +extra_server_args: "--disable servicelb --disable traefik --write-kubeconfig-mode 644 --kube-apiserver-arg default-not-ready-toleration-seconds=30 --kube-apiserver-arg default-unreachable-toleration-seconds=30 --kube-controller-arg node-monitor-period=20s --kube-controller-arg node-monitor-grace-period=20s --kubelet-arg node-status-update-frequency=5s" +extra_agent_args: "--kubelet-arg node-status-update-frequency=5s" +``` + +Start provisioning of the cluster using the following command: + +```bash +ansible-playbook ./site.yml -i ./inventory/my-cluster/hosts.ini +``` + +> *Note: note: add --ask-pass --ask-become-pass if you are using password SSH login.* +{: .prompt-info } + +After deployment control plane will be accessible via virtual ip address which is defined in `inventory/my-cluster/group_vars/all.yml` as `apiserver_endpoint` + +## kube config + +To get access to your Kubernetes cluster and copy your kube config locally run: + +```bash +scp ansibleuser@192.168.30.38:~/.kube/config ~/.kube/config +``` + +## Testing your cluster + +Be sure you can ping your VIP defined in `inventory/my-cluster/group_vars/all.yml` as `apiserver_endpoint` + +```bash +ping 192.168.30.222 +``` + +Getting nodes + +```bash +kubectl get nodes +``` + +Deploying a sample `nginx` workload + +```bash +kubectl apply -f example/deployment.yml +``` + +Check to be sure it was deployed + +```bash +kubectl describe deployment nginx +``` + +Deploying a sample `nginx` service with a `LoadBalancer` + +```bash +kubectl apply -f example/service.yml +``` + +Check service and be sure it has an IP from metal lb as defined in `inventory/my-cluster/group_vars/all.yml` + +```bash +kubectl describe service nginx +``` + +Visit that url or curl + +```bash +curl http://192.168.30.80 +``` + +You should see the `nginx` welcome page. + +You can clean this up by running + +```bash +kubectl delete -f example/deployment.yml +kubectl delete -f example/service.yml +``` + +## Resetting your cluster + +This will remove k3s from all nodes. These nodes should be rebooted afterwards. + +```bash +ansible-playbook ./reset.yml -i ./inventory/my-cluster/hosts.ini +``` + +## What's next? + +See here to get the steps for installing [traefik + let's encrypt](https://docs.technotim.live/posts/kube-traefik-cert-manager-le/) + +See here for steps to deploy [rancher](https://docs.technotim.live/posts/rancher-ha-install/#install) + +## Troubleshooting + +Be sure to see [this post on](https://github.com/techno-tim/k3s-ansible/discussions/20) how to troubleshoot common problems + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-03-26-k3s-etcd-ansible.md:Zone.Identifier b/_posts/2022-03-26-k3s-etcd-ansible.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-04-16-tadarr-server.md b/_posts/2022-04-16-tadarr-server.md new file mode 100644 index 0000000..27d04eb --- /dev/null +++ b/_posts/2022-04-16-tadarr-server.md @@ -0,0 +1,96 @@ +--- +layout: post +title: "I Freed Up 700GB+ Converting my Videos Using Tdarr" +date: 2022-04-16 10:00:00 -0500 +categories: homelab +tags: tdarr plex +--- + +[![I Freed Up 700GB+ Converting my Videos Using Tdarr](https://img.youtube.com/vi/UA1Sktq40pA/0.jpg)](https://www.youtube.com/watch?v=UA1Sktq40pA "I Freed Up 700GB+ Converting my Videos Using Tdarr") + +Tdarr is a distributed transcoding system that runs on on Windows, Mac, Linux, Arm, Docker, and even Unraid. It uses a server with one or more nodes to transcode videos into any format you like. Today, we'll set up the Docker and Windows version of Tdarr using a GPU to regain up to 50% of your disk space back. I converted my video collection using Tdarr to h265 and saved over 700 GB of disk space. + +A HUGE THANKS to our sponsor, Micro Center! + +New Customers Exclusive – Get a Free 256gb SSD at Micro Center: + +📺 [Watch Video](https://www.youtube.com/watch?v=UA1Sktq40pA) + +## Docker Server + Node + +`docker-compose.yml` + +```yml +version: "3.4" +services: + tdarr: + container_name: tdarr + image: ghcr.io/haveagitgat/tdarr:latest + restart: unless-stopped + network_mode: bridge + ports: + - 8265:8265 # webUI port + - 8266:8266 # server port + - 8267:8267 # Internal node port + environment: + - TZ=America/Chicago + - PUID=1000 + - PGID=1000 + - UMASK_SET=002 + - serverIP=0.0.0.0 + - serverPort=8266 + - webUIPort=8265 + - internalNode=true + - nodeID=MyInternalNode + - nodeIP=0.0.0.0 + - nodePort=8267 + - NVIDIA_DRIVER_CAPABILITIES=all + - NVIDIA_VISIBLE_DEVICES=all + volumes: + - /path/to/server:/app/server + - /path/to/configs:/app/configs + - /path/to/logs:/app/logs + - /path/to/media/:/media + - /path/to/temp/:/temp + deploy: + resources: + reservations: + devices: + - capabilities: + - gpu +``` + +## Windows Node + +`Tdarr_Node_Config.json` + +```json +{ + "nodeID": "Windows-Node", + "nodeIP": "192.168.0.100", + "nodePort": "8267", + "serverIP": "192.168.0.101", + "serverPort": "8266", + "handbrakePath": "", + "ffmpegPath": "", + "mkvpropeditPath": "", + "pathTranslators": [ + { + "server": "/media/", + "node": "C:/media" + }, + { + "server": "/temp", + "node": "C:/temp" + } + ], + "platform_arch": "win32_x64_docker_false", + "logLevel": "INFO" +} +``` + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-04-16-tadarr-server.md:Zone.Identifier b/_posts/2022-04-16-tadarr-server.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-04-30-pterodactyl-game-server.md b/_posts/2022-04-30-pterodactyl-game-server.md new file mode 100644 index 0000000..97256e0 --- /dev/null +++ b/_posts/2022-04-30-pterodactyl-game-server.md @@ -0,0 +1,267 @@ +--- +layout: post +title: "I Built the PERFECT Game Server with Pterodactyl and Docker" +date: 2022-04-30 08:00:00 -0500 +categories: homelab +tags: gaming pterodactyl docker redis mariabdb opensource +--- + +[![I Built the PERFECT Game Server with Pterodactyl and Docker](https://img.youtube.com/vi/_ypAmCcIlBE/0.jpg)](https://www.youtube.com/watch?v=_ypAmCcIlBE "I Built the PERFECT Game Server with Pterodactyl and Docker") + +Pterodactyl is a free an open source dedicated game server. It comes with both a panel to configure and deploy your game servers as well as game server nodes to run your games. It runs games in Docker containers to keep them isolated and making them easier than ever to deploy. We're going to also use Docker to create our Pterodactyl server and the Wings agent making this truly Docker to the core. + + + +Be sure to ⭐ the [Pterodactyl GitHub repo](https://github.com/pterodactyl/panel) and the [Eggs repo (additional games)](https://github.com/parkervcp/eggs) + +📺 [Watch Video](https://www.youtube.com/watch?v=_ypAmCcIlBE) + +## Install Docker + +To install docker, see [https://docs.technotim.live/posts/docker-compose-install/](https://docs.technotim.live/posts/docker-compose-install/) + +## Reverse Proxy + +Both your Pterodactyl Panel server as well as your Pterodactyl Wing server will need to be configured in your reverse proxy, each with their own public URL. If you need help configuring your reverse proxy, [see my guide on how to do that](https://docs.technotim.live/posts/traefik-portainer-ssl/). + +## Need games 🎮? + +Check out game deals on [Humble Games (affiliate link)](https://l.technotim.live/humble-store) + +## Game Panel + +```bash +mkdir pterodactyl +cd pterodactyl +mkdir panel +cd panel +nano docker-compose.yml +``` + +`docker-compose.yml` + +```yml +version: '3.8' +x-common: + database: + &db-environment + # Do not remove the "&db-password" from the end of the line below, it is important + # for Panel functionality. + MYSQL_PASSWORD: &db-password "CHANGE_ME" + MYSQL_ROOT_PASSWORD: "CHANGE_ME_TOO" + panel: + &panel-environment + # This URL should be the URL that your reverse proxy routes to the panel server + APP_URL: "https://pterodactyl.example.com" + # A list of valid timezones can be found here: http://php.net/manual/en/timezones.php + APP_TIMEZONE: "UTC" + APP_SERVICE_AUTHOR: "noreply@example.com" + TRUSTED_PROXIES: "*" # Set this to your proxy IP + # Uncomment the line below and set to a non-empty value if you want to use Let's Encrypt + # to generate an SSL certificate for the Panel. + # LE_EMAIL: "" + mail: + &mail-environment + MAIL_FROM: "noreply@example.com" + MAIL_DRIVER: "smtp" + MAIL_HOST: "mail" + MAIL_PORT: "1025" + MAIL_USERNAME: "" + MAIL_PASSWORD: "" + MAIL_ENCRYPTION: "true" + +# +# ------------------------------------------------------------------------------------------ +# DANGER ZONE BELOW +# +# The remainder of this file likely does not need to be changed. Please only make modifications +# below if you understand what you are doing. +# +services: + database: + image: mariadb:10.5 + restart: always + command: --default-authentication-plugin=mysql_native_password + volumes: + - "/srv/pterodactyl/database:/var/lib/mysql" + environment: + <<: *db-environment + MYSQL_DATABASE: "panel" + MYSQL_USER: "pterodactyl" + cache: + image: redis:alpine + restart: always + panel: + image: ghcr.io/pterodactyl/panel:latest + restart: always + ports: + - "80:80" + - "443:443" + links: + - database + - cache + volumes: + - "/srv/pterodactyl/var/:/app/var/" + - "/srv/pterodactyl/nginx/:/etc/nginx/http.d/" + - "/srv/pterodactyl/certs/:/etc/letsencrypt/" + - "/srv/pterodactyl/logs/:/app/storage/logs" + environment: + <<: [*panel-environment, *mail-environment] + DB_PASSWORD: *db-password + APP_ENV: "production" + APP_ENVIRONMENT_ONLY: "false" + CACHE_DRIVER: "redis" + SESSION_DRIVER: "redis" + QUEUE_DRIVER: "redis" + REDIS_HOST: "cache" + DB_HOST: "database" + DB_PORT: "3306" +networks: + default: + ipam: + config: + - subnet: 172.20.0.0/16 +``` + +Start the stack + +```bash +docker-compose up -d +``` + +## Create a User + +```bash +docker-compose run --rm panel php artisan p:user:mak +``` + +## Wings + +```bash +mkdir pterodactyl +cd pterodactyl +mkdir wings +cd wings +nano docker-compose.yml +``` + +`docker-compose.yml` + +```yml +version: '3.8' + +services: + wings: + image: ghcr.io/pterodactyl/wings:v1.6.1 + restart: always + networks: + - wings0 + ports: + - "8080:8080" + - "2022:2022" + - "443:443" + tty: true + environment: + TZ: "UTC" + WINGS_UID: 988 + WINGS_GID: 988 + WINGS_USERNAME: pterodactyl + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "/var/lib/docker/containers/:/var/lib/docker/containers/" + - "/etc/pterodactyl/:/etc/pterodactyl/" + - "/var/lib/pterodactyl/:/var/lib/pterodactyl/" + - "/var/log/pterodactyl/:/var/log/pterodactyl/" + - "/tmp/pterodactyl/:/tmp/pterodactyl/" + - "/etc/ssl/certs:/etc/ssl/certs:ro" + # you may need /srv/daemon-data if you are upgrading from an old daemon + #- "/srv/daemon-data/:/srv/daemon-data/" + # Required for ssl if you use let's encrypt. uncomment to use. + #- "/etc/letsencrypt/:/etc/letsencrypt/" +networks: + wings0: + name: wings0 + driver: bridge + ipam: + config: + - subnet: "172.21.0.0/16" + driver_opts: + com.docker.network.bridge.name: wings0 +``` + +Start the stack + +```bash +docker-compose up -d +``` + + +```bash +sudo nano /etc/pterodactyl/config.yml +``` + +Paste the contents from the config your panel generated for your node into this file +Note: The `FQDN` field when configuring the node in the panel should be the URL that your reverse proxy routes to your wing server. Also ensure you entered `443` for the `Daemon Port` field. + +`config.yml` + +```yml +debug: false +uuid: 716deb8f-7047-42ad-9323-4a25ae49118b +token_id: 7PoSfql3hdKjbMKn +token: apEo1esCKe5sEWkpfnRB5xakj3mc0aM6jglacgBcsIsgglBtOm0oV1W3efTbwarN +api: + host: 0.0.0.0 + port: 443 + ssl: + enabled: false + cert: /etc/letsencrypt/live/node-01.example.com/fullchain.pem + key: /etc/letsencrypt/live/node-01.example.com/privkey.pem + upload_limit: 100 +system: + data: /var/lib/pterodactyl/volumes + sftp: + bind_port: 2022 +allowed_mounts: [] +remote: 'https://pterodactyl.example.com' +``` + +Restart the stack + +```bash +docker-compose up -d --force-recreate +``` + +## Troubleshooting + +### Missing Metrics + + +If you aren't seeing your stats in the console + + +```bash +sudo nano /etc/default/grub +``` + +add additional parameters to `GRUB_CMDLINE_LINUX_DEFAULT` + +```bash +GRUB_CMDLINE_LINUX_DEFAULT="swapaccount=1 systemd.unified_cgroup_hierarchy=1" +``` + +```bash +sudo update-grub +sudo reboot +``` + + +## Kubernetes + +If you are looking to install the Pterodactyl Panel on kubernetes, [see the manifests here](https://github.com/techno-tim/launchpad/tree/master/kubernetes/pterodactyl). + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-04-30-pterodactyl-game-server.md:Zone.Identifier b/_posts/2022-04-30-pterodactyl-game-server.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-05-13-flux-devops-gitops.md b/_posts/2022-05-13-flux-devops-gitops.md new file mode 100644 index 0000000..515aff7 --- /dev/null +++ b/_posts/2022-05-13-flux-devops-gitops.md @@ -0,0 +1,216 @@ +--- +layout: post +title: "The FASTEST way to deploy apps to Kubernetes - GitOps with FLUX" +date: 2022-05-13 08:00:00 -0500 +categories: kubernetes +tags: flux devops gitops kubernetes +--- + +[![The FASTEST way to deploy apps to Kubernetes](https://img.youtube.com/vi/PFLimPh5-wo/0.jpg)](https://www.youtube.com/watch?v=PFLimPh5-wo "The FASTEST way to deploy apps to Kubernetes") + +I think I found the perfect GitOps and DevOps toolkit with FluxCD and Kubernetes. Flux is an open source GitOps solution that helps your deploy app and infrastructure with automation. It can monitor git repositories, source control, image container repositories, helm repositories, and more. It can install apps using Kustomize, Helm, Kubernetes manifests so it's designed to fit into your existing workflow. It can even push alerts to your chat system letting you know when deployments happen. In this tutorial we'll cover all of this and more. + + + +Be sure to ⭐ the [Flux GitHub repo](https://github.com/fluxcd/flux2) + +📺 [Watch Video](https://www.youtube.com/watch?v=PFLimPh5-wo) + +## Kubernetes Cluster + +If you're looking to install your own Kubernetes cluster, be sure to check out [this video that creates a cluster with Ansible](https://www.youtube.com/watch?v=CbkEWcUZ7zM) + +## Reference Repo + +If you're looking for the repo I created this in video, you can [find it here](https://l.technotim.live/quick-start) `/demos/flux-demo` + +## Install Flux CLI + +```bash +curl -s https://fluxcd.io/install.sh | sudo bash +``` + +## Installing Flux using a GitHub Repo + +You'll need to grab a personal access token from [here](https://github.com/settings/tokens) + +```bash +flux bootstrap github \ + --components-extra=image-reflector-controller,image-automation-controller \ + --owner=YourGitHUbUserName \ + --repository=flux \ + --branch=main \ + --path=clusters/home \ + --personal \ + --token-auth +``` + +Check flux pods + +```bash +kubectl get pods -n flux-system +``` + +## Source Controller (installing manifests) + +See [reference repo](https://l.technotim.live/quick-start) for files, located in `/demos/flux-demo` + +## Helm Controller (installing helm charts) + +See [reference repo](https://l.technotim.live/quick-start) for files, `/demos/flux-demo` + +## Image Automation Controller (monitoring a container registry) + +See [reference repo](https://l.technotim.live/quick-start) for files, `/demos/flux-demo` + +First create a workload (see redis deployment file) + +Deploy the redis workload (`deployment.yml`) + +```bash +git add -A && \ +git commit -m "add redis deployment" && \ +git push origin main +``` + +Create `ImageRepository` in the cluster, namespace, and chart that correspond. + +```bash +flux create image repository podinfo \ +--image=redis \ +--interval=1m \ +--export > ./clusters/home/default/redis/redis-registry.yaml +``` + +Create `ImagePolicy` in the cluster, namespace, and chart that correspond. + +```bash +flux create image policy podinfo \ +--image-ref=podinfo \ +--select-semver=5.0.x \ +--export > ./clusters/home/default/redis/redis-policy.yaml +``` + +Then deploy the `ImageRepository` and `ImagePolicy` + +```bash +git add -A && \ +git commit -m "add redis image scan" && \ +git push origin main +``` + +tell flux to apply changes + +```bash +flux reconcile kustomization flux-system --with-source +``` + +Now edit your `deployment.yml` and add a comment + +```yml + spec: + containers: + - name: redis + image: redis:6.0.0 # {"$imagepolicy": "flux-system:redis"} +``` + +Create `ImageUpdateAutomation` + +```bash +flux create image update flux-system \ +--git-repo-ref=flux-system \ +--git-repo-path="./clusters/home" \ +--checkout-branch=main \ +--push-branch=main \ +--author-name=fluxcdbot \ +--author-email=fluxcdbot@users.noreply.github.com \ +--commit-template="{{range .Updated.Images}}{{println .}}{{end}}" \ +--export > ./clusters/home/flux-system-automation.yaml +``` + +Commit and deploy + +```bash +git add -A && \ +git commit -m "add image updates automation" && \ +git push origin main +``` + +tell flux to apply changes + +```bash +flux reconcile kustomization flux-system --with-source +``` + +Now do a git pull to see that flux has applied the tags + +```bash +git pull +``` + +Your `deployment.yml` should be updated and it should be deployed to your cluster! + +```yml + spec: + containers: + - name: redis + image: redis:6.0.16 # {"$imagepolicy": "flux-system:redis"} +``` + +## Notifications + +Create a secret + +```bash +kubectl -n flux-system create secret generic discord-url \ +--from-literal=address=https://discord.com/api/webhooks/YOUR/WEBHOOK/URL +``` + +Create a notification provider + +```yaml +apiVersion: notification.toolkit.fluxcd.io/v1beta1 +kind: Provider +metadata: + name: discord + namespace: flux-system +spec: + type: discord + channel: general + secretRef: + name: discord-url +``` + +Define an Alert + +```yaml +apiVersion: notification.toolkit.fluxcd.io/v1beta1 +kind: Alert +metadata: + name: on-call-webapp + namespace: flux-system +spec: + providerRef: + name: discord + eventSeverity: info + eventSources: + - kind: GitRepository + name: '*' + - kind: Kustomization + name: '*' +``` + +Get alerts + +```bash +kubectl -n flux-system get alerts + +NAME READY STATUS AGE +on-call-webapp True Initialized 1m +``` + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-05-13-flux-devops-gitops.md:Zone.Identifier b/_posts/2022-05-13-flux-devops-gitops.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-05-28-jekyll-docs-site.md b/_posts/2022-05-28-jekyll-docs-site.md new file mode 100644 index 0000000..90d213f --- /dev/null +++ b/_posts/2022-05-28-jekyll-docs-site.md @@ -0,0 +1,176 @@ +--- +layout: post +title: "Meet Jekyll - The Static Site Generator" +date: 2022-05-28 10:00:00 -0500 +categories: self-hosted +tags: jekyll website github gitlab docker +--- + +[![Meet Jekyll - The Static Site Generator](https://img.youtube.com/vi/F8iOU1ci19Q/0.jpg)](https://www.youtube.com/watch?v=F8iOU1ci19Q "Meet Jekyll - The Static Site Generator") + +Jekyll is a static site generator that transforms your plain text into beautiful static web sites and blogs. It can be use for a documentation site, a blog, an event site, or really any web site you like. It's fast, secure, easy, and open source. It's also the same site generator I use to maintain my open source documentation. Today, we'll be installing and configuring Jekyll using the Chirpy theme. We configure the site, create some pages with markdown, automatically build it with a GitHub action and even host it for FREE on GitHub pages. If you don't want to host in the cloud, show how to host it on your own server or even in Docker. + +A HUGE THANK YOU to Micro Center for Sponsoring this video! + +[New Customers Exclusive – Get a Free 256 GB SSD at Micro Center](https://micro.center/de2e28) + +[Browse Micro Center’s 30,000 products in stock](https://micro.center/776d9e) + +Be sure to ⭐ the [jekyll repo](https://github.com/jekyll/jekyll) and the [Chrirpy theme repo](https://github.com/cotes2020/jekyll-theme-chirpy) + +📺 [Watch Video](https://www.youtube.com/watch?v=F8iOU1ci19Q) + +## Install Dependencies + +```bash +sudo apt update +sudo apt install ruby-full build-essential zlib1g-dev git +``` + +To avoid installing RubyGems packages as the root user: + +If you are using `bash` (usually the default for most) + +```bash +echo '# Install Ruby Gems to ~/gems' >> ~/.bashrc +echo 'export GEM_HOME="$HOME/gems"' >> ~/.bashrc +echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.bashrc +source ~/.bashrc +``` + +If you are using `zsh` (you know if you are) + +```bash +echo '# Install Ruby Gems to ~/gems' >> ~/.zshrc +echo 'export GEM_HOME="$HOME/gems"' >> ~/.zshrc +echo 'export PATH="$HOME/gems/bin:$PATH"' >> ~/.zshrc +source ~/.zshrc +``` + +Install Jekyll `bundler` + +```bash +gem install jekyll bundler + +``` + +## Creating a site based on Chirpy Starter + +Visit + +After creating a site based on the template, clone your repo + +```bash +git clone git@/.git +``` + +then install your dependencies + +```bash +cd repo-name +bundle +``` + +After making changes to your site, commit and push then up to git + +```bash +git add . +git commit -m "made some changes" +git push +``` + +## Jekyll Commands + +serving your site + +```bash +bundle exec jekyll s +``` + +Building your site in production mode + +```bash +JEKYLL_ENV=production bundle exec jekyll b +``` + +This will output the production site to `_site` + +## Building Site in CI + +This site already works with GitHub actions, just push it up and check the actions Tab., + +For GitLab you can see the [pipeline I built for my own docs site here](https://github.com/techno-tim/techno-tim.github.io/blob/master/.gitlab-ci.yml#L18) + +## Building with Docker + +Create a `Dockerfile` with the following + +```Dockerfile +FROM nginx:stable-alpine +COPY _site /usr/share/nginx/html +``` + +Build site in production mode + +```bash +JEKYLL_ENV=production bundle exec jekyll b +``` + +Then build your image: + +`docker build .` + +## Creating a Post + +### Naming Conventions + +Jekyll uses a naming [convention for pages and posts](https://jekyllrb.com/docs/posts/) + +Create a file in `_posts` with the format + +```file +YEAR-MONTH-DAY-title.md +``` + +For example: + +```file +2022-05-23-homelab-docs.md +2022-05-34-hardware-specs.md +``` + +> Jekyll can delay posts which have the date/time set for a point in the future determined by the "front matter" section at the top of your post file. Check the date & time as well as time zone if you don't see a post appear shortly after re-build. +{: .prompt-tip } + +### Local Linking of Files + +Image from asset: + +```markdown +... which is shown in the screenshot below: +![A screenshot](/assets/screenshot.jpg) +``` + +Linking to a file + +```markdown +... you can [download the PDF](/assets/diagram.pdf) here. +``` + +See more post formatting rules on the [Jekyll site](https://jekyllrb.com/docs/posts/) + +### Markdown Examples + +If you need some help with markdown, check out the [markdown cheat sheet](https://www.markdownguide.org/cheat-sheet/) + +I have lots of examples in my [documentation site repo](https://github.com/techno-tim/techno-tim.github.io/tree/master/_posts). Just click on the Raw button to see the code behind the page. + +For more neat syntax for the Chirpy theme check their demo page on making posts + +## Links + +See [reference repo](https://l.technotim.live/quick-start) for files + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-05-28-jekyll-docs-site.md:Zone.Identifier b/_posts/2022-05-28-jekyll-docs-site.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-06-11-100-days-of-homelab-.md b/_posts/2022-06-11-100-days-of-homelab-.md new file mode 100644 index 0000000..9139a27 --- /dev/null +++ b/_posts/2022-06-11-100-days-of-homelab-.md @@ -0,0 +1,23 @@ +--- +layout: post +title: "100 Days of HomeLab - The HomeLab Challenge" +date: 2022-06-11 10:00:00 -0500 +categories: homelab +tags: homelab challenge +--- + +[![100 Days of HomeLab - The HomeLab Challenge](https://img.youtube.com/vi/bwDVW_ifkBU/0.jpg)](https://www.youtube.com/watch?v=bwDVW_ifkBU "100 Days of HomeLab - The HomeLab Challenge") + +It's here. The #100DaysOfHomeLab challenge! This challenge is meant to accelerate your knowledge in servers, networking, infrastructure, automation, storage, containerization, orchestration, virtualization, Windows, Linux, and more. It can even possibly accelerate your IT career! So, commit to the Hundred Days of HomeLab challenge, share your progress, and encourage others along the way! + +So, to celebrate my 100k subs, I brought in some of the biggest names in the HomeLab community and some new faces too! A hue thanks to everyone that took part in this video. I can't thank you enough! + +📺 [Watch Video](https://www.youtube.com/watch?v=bwDVW_ifkBU) + +Take the challenge! + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-06-11-100-days-of-homelab-.md:Zone.Identifier b/_posts/2022-06-11-100-days-of-homelab-.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-06-25-my-homelab-regrets.md b/_posts/2022-06-25-my-homelab-regrets.md new file mode 100644 index 0000000..99748ac --- /dev/null +++ b/_posts/2022-06-25-my-homelab-regrets.md @@ -0,0 +1,30 @@ +--- +layout: post +title: "My HomeLab Regrets..." +date: 2022-06-25 10:00:00 -0500 +categories: homelab +tags: homelab hardware network unifi +--- + +[![My HomeLab Regrets...](https://img.youtube.com/vi/yCquqeM7UO0/0.jpg)](https://www.youtube.com/watch?v=yCquqeM7UO0 "My HomeLab Regrets...") + +If I could start my HomeLab all over, what would I choose? Would I choose the same servers, rack, networking, gateway, switch, firewall, my pc conversion, and even my disk shelf NAS? Did I make a good choice or a bad one? Join me as we give each piece of my HomeLab a Keep or Upgrade rating. + +📺 [Watch Video](https://www.youtube.com/watch?v=yCquqeM7UO0) + +A HUGE thanks to Micro Center for sponsoring this video! + +New Customer Exclusive, Receive a FREE 256GB SSD in Store: + +Check Out Micro Center’s PC Builder: + +Visit the Micro Center Community: + +Find all of my server gear here! + + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-06-25-my-homelab-regrets.md:Zone.Identifier b/_posts/2022-06-25-my-homelab-regrets.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-07-09-10gbe-cat5e-homelab-network.md b/_posts/2022-07-09-10gbe-cat5e-homelab-network.md new file mode 100644 index 0000000..56e316e --- /dev/null +++ b/_posts/2022-07-09-10gbe-cat5e-homelab-network.md @@ -0,0 +1,70 @@ +--- +layout: post +title: "Will 10 Gigabit work with Cat5e? - 10Gbe HomeLab Network Upgrade!" +date: 2022-07-09 10:00:00 -0500 +categories: homelab +tags: homelab network unifi 10gbe +--- + +[![Will 10 Gigabit work with Cat5e? - 10Gbe HomeLab Network Upgrade!](https://img.youtube.com/vi/_HaLU3ecUSY/0.jpg)](https://www.youtube.com/watch?v=_HaLU3ecUSY "Will 10 Gigabit work with Cat5e? - 10Gbe HomeLab Network Upgrade!") + +After deciding to upgrade my "old" 24 PoE switch to a new 48 port PoE switch with 4 SFP+ ports, I decided to check to see if my old house with old Cat5e network wiring will work at 10 gigabit speeds! If this works, I will have a 10 Gbe network connection from my PCs to my HomeLab server rack! + +📺 [Watch Video](https://www.youtube.com/watch?v=_HaLU3ecUSY) + +A HUGE thank you to Micro Center for sponsoring today's video! + +New Customer Exclusive, Receive a FREE 256GB SSD in Store: + +Check Out Micro Center’s PC Builder: + +Visit the Micro Center Community: + +## Items in this video + +Intel Server Adapter X540-T1 - + +USW-PRO-48-POE - + +Patch Panel - + +Slim Patch Cables - + +10GBase-T SFP+ Transceiver - + +Server Rack - + +Cat5e Spool (you should buy cat 6) - + +Cat6 Spool - + +RJ45 Keystone Jacks - + +SFP+ DAC - + +## iperf + +Install + +```bash +sudo apt update +sudo apt install iperf +``` + +on the remote machine + +```bash +iperf -s +``` + +then on another machine + +```bash +iperf -c 192.168.0.104 # ip of the remote machine +``` + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-07-09-10gbe-cat5e-homelab-network.md:Zone.Identifier b/_posts/2022-07-09-10gbe-cat5e-homelab-network.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-07-23-kube-grafana-prometheus.md b/_posts/2022-07-23-kube-grafana-prometheus.md new file mode 100644 index 0000000..ffc4501 --- /dev/null +++ b/_posts/2022-07-23-kube-grafana-prometheus.md @@ -0,0 +1,202 @@ +--- +layout: post +title: "Beautiful Dashboards with Grafana and Prometheus - Monitoring Kubernetes Tutorial" +date: 2022-07-23 10:00:00 -0500 +categories: kubernetes +tags: kubernetes grafana prometheus alert-manager k3s +--- + +[![Beautiful Dashboards & Monitoring - Grafana and Prometheus Kubernetes Tutorial](https://img.youtube.com/vi/fzny5uUaAeY/0.jpg)](https://www.youtube.com/watch?v=fzny5uUaAeY "Beautiful Dashboards & Monitoring - Grafana and Prometheus Kubernetes Tutorial") + +Grafana and Prometheus are a powerful monitoring solution. It allows you to visualize, query, and alert metrics no matter where they are stored. Today, we'll install and configure Prometheus and Grafana in Kubernetes using kube-prometheus-stack. By the end of this tutorial you be able to observe and visualize your entire Kubernetes cluster with Grafana and Prometheus. + +📺 [Watch Video](https://www.youtube.com/watch?v=fzny5uUaAeY) + +A HUGE thanks to Datree for sponsoring this video! + +Combat misconfigurations. Empower engineers. + + + +## Getting Started + +If you need to install a new kubernetes cluster you can use my [Ansible Playbook](https://docs.technotim.live/posts/k3s-etcd-ansible/) to install one. + +### k3s + +If you want to get metrics from your k3s servers, you will need to provide some additional flags to k3s. + +Additional k3s flags used in the video: + +```yml +extra_server_args: "--no-deploy servicelb --no-deploy traefik --kube-controller-manager-arg bind-address=0.0.0.0 --kube-proxy-arg metrics-bind-address=0.0.0.0 --kube-scheduler-arg bind-address=0.0.0.0 --etcd-expose-metrics true --kubelet-arg containerd=/run/k3s/containerd/containerd.sock" +``` + +### helm + +```bash +curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +chmod 700 get_helm.sh +./get_helm.sh +``` + +Install helm + +The helm chart we will be using to install Grafana, Preometheus, and Alert Manager is [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) + +## Installing + +Verify you can communicate with your cluster + +```bash +kubectl get nodes +``` + +```console +NAME STATUS ROLES AGE VERSION +k3s-01 Ready control-plane,etcd,master 10h v1.23.4+k3s1 +k3s-02 Ready control-plane,etcd,master 10h v1.23.4+k3s1 +k3s-03 Ready control-plane,etcd,master 10h v1.23.4+k3s1 +k3s-04 Ready 10h v1.23.4+k3s1 +k3s-05 Ready 10h v1.23.4+k3s1 +``` + +Verify helm is installed + +```bash +helm version +``` + +```console +version.BuildInfo{Version:"v3.8.0", GitCommit:"d14138609b01886f544b2025f5000351c9eb092e", GitTreeState:"clean", GoVersion:"go1.17.5"} +``` + +Add helm repo + +```bash +helm repo add prometheus-community https://prometheus-community.github.io/helm-charts +``` + +Update repo + +```bash +helm repo update + +``` + +Create a Kubernetes Namespace + +```bash +kubectl create namespace monitoring +``` + +Echo username and password to a file + +```bash +echo -n 'adminuser' > ./admin-user # change your username +echo -n 'p@ssword!' > ./admin-password # change your password +``` + +Create a Kubernetes Secret + +```bash + kubectl create secret generic grafana-admin-credentials --from-file=./admin-user --from-file=admin-password -n monitoring +``` + +You should see + +```console +secret/grafana-admin-credentials created +``` + +Verify your secret + +```bash +kubectl describe secret -n monitoring grafana-admin-credentials +``` + +You should see + +```console +Name: grafana-admin-credentials +Namespace: monitoring +Labels: +Annotations: + +Type: Opaque + +Data +==== +admin-password: 9 bytes +admin-user: 9 bytes +``` + +Verify the username + +```bash +kubectl get secret -n monitoring grafana-admin-credentials -o jsonpath="{.data.admin-user}" | base64 --decode +``` + +You should see + +```console +adminuser% +``` + +Verify password + +```bash +kubectl get secret -n monitoring grafana-admin-credentials -o jsonpath="{.data.admin-password}" | base64 --decode +``` + +```console +p@ssword!% +``` + +Remove username and password file from filesystem + +```bash +rm admin-user && rm admin-password +``` + +Create a values file to hold our helm values + +```bash +nano values.yaml +``` + +paste in values from [here](https://github.com/techno-tim/launchpad/tree/master/kubernetes/kube-prometheus-stack) + +Create our kube-prometheus-stack + +```bash +helm install -n monitoring prometheus prometheus-community/kube-prometheus-stack -f values.yaml +``` + +Port Forwarding Grafana UI + +(be sure to change the pod name to one that matches yours) + +```bash +kubectl port-forward -n monitoring grafana-fcc55c57f-fhjfr 52222:3000 +``` + +Visit Grafana + + + +If you make changes to your `values.yaml` you can deploy these changes by running + +```bash +helm upgrade -n monitoring prometheus prometheus-community/kube-prometheus-stack -f values.yaml +``` + +Examples: + +[Traefik Ingress example](https://github.com/techno-tim/launchpad/tree/master/kubernetes/kube-prometheus-stack) + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-07-23-kube-grafana-prometheus.md:Zone.Identifier b/_posts/2022-07-23-kube-grafana-prometheus.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-07-30-whats-in-the-box.md b/_posts/2022-07-30-whats-in-the-box.md new file mode 100644 index 0000000..9131b0a --- /dev/null +++ b/_posts/2022-07-30-whats-in-the-box.md @@ -0,0 +1,22 @@ +--- +layout: post +title: "Unboxing YouTube 100K Subs Play Button Creator Award" +date: 2022-07-30 10:00:00 -0500 +categories: homelab +tags: youtube live unboxing +--- + +[![Unboxing YouTube 100K Subs Play Button Creator Award](https://img.youtube.com/vi/G_X7VFbgFGU/0.jpg)](https://www.youtube.com/watch?v=G_X7VFbgFGU "Unboxing YouTube 100K Subs Play Button Creator Award") + +YouTube sent a package. I have a feeling I know what it is, but we'll all find out live! + +📺 [Watch Video](https://www.youtube.com/watch?v=G_X7VFbgFGU) + +Find all of my server gear here! + + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-07-30-whats-in-the-box.md:Zone.Identifier b/_posts/2022-07-30-whats-in-the-box.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-08-06-kube-traefik-cert-manager-le.md b/_posts/2022-08-06-kube-traefik-cert-manager-le.md new file mode 100644 index 0000000..905469e --- /dev/null +++ b/_posts/2022-08-06-kube-traefik-cert-manager-le.md @@ -0,0 +1,353 @@ +--- +layout: post +title: "Wildcard Certificates with Traefik + cert-manager + Let's Encrypt in Kubernetes Tutorial" +date: 2022-08-06 09:00:00 -0500 +categories: kubernetes +tags: kubernetes traefik cert-manager k3s cloudflare letsencrypt +--- + +[![Wildcard Certificates with Traefik + cert-manager + Let's Encrypt in Kubernetes Tutorial](https://img.youtube.com/vi/G4CmbYL9UPg/0.jpg)](https://www.youtube.com/watch?v=G4CmbYL9UPg "Wildcard Certificates with Traefik + cert-manager + Let's Encrypt in Kubernetes Tutorial") + +Traefik, cert-manager, Cloudflare, and Let's Encrypt are a winning combination when it comes to securing your services with certificates in Kubernetes. Today, we'll install and configure Traefik, the cloud native proxy and load balancer, as our Kubernetes Ingress Controller. We'll then install and configure cert-manager to manage certificates for our cluster. We'll set up Let's Encrypt as our Cluster Issuer so that cert-manager can automatically provision TLS certificates and even wildcard certificates using Cloudflare DNS challenge absolutely free. We'll walk through all of this, step by step, so you can help secure your cluster today. + +📺 [Watch Video](https://www.youtube.com/watch?v=G4CmbYL9UPg) + +A HUGE thanks to Datree for sponsoring this video! + +Combat misconfigurations. Empower engineers. + + + +## Getting Started + +If you need to install a new kubernetes cluster you can use my [Ansible Playbook](https://docs.technotim.live/posts/k3s-etcd-ansible/) to install one. + +## Resources + +> You can find all of the resources for this tutorial [here](https://github.com/techno-tim/launchpad/tree/master/kubernetes/traefik-cert-manager) +{: .prompt-info } + +### Helm + +```bash +curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +chmod 700 get_helm.sh +./get_helm.sh +``` + +For other ways to install Helm see the installation docs [here](https://helm.sh/docs/intro/install) + +## Installing + +Verify you can communicate with your cluster + +```bash +kubectl get nodes +``` + +You should see + +```console +NAME STATUS ROLES AGE VERSION +k3s-01 Ready control-plane,etcd,master 10h v1.23.4+k3s1 +k3s-02 Ready control-plane,etcd,master 10h v1.23.4+k3s1 +k3s-03 Ready control-plane,etcd,master 10h v1.23.4+k3s1 +k3s-04 Ready 10h v1.23.4+k3s1 +k3s-05 Ready 10h v1.23.4+k3s1 +``` + +Verify helm is installed + +```bash +helm version +``` + +You should see + +```console +version.BuildInfo{Version:"v3.8.0", GitCommit:"d14138609b01886f544b2025f5000351c9eb092e", GitTreeState:"clean", GoVersion:"go1.17.5"} +``` + +## Traefik + +> These [resources](https://github.com/techno-tim/launchpad/tree/master/kubernetes/traefik-cert-manager) are in the `launchpad/kubernetes/traefik-cert-manager/traefik/` folder +{: .prompt-info } + +Add repo + +```bash +helm repo add traefik https://helm.traefik.io/traefik +``` + +Update repo + +```bash +helm repo update +``` + +Create our namespace + +```bash +kubectl create namespace traefik +``` + +Get all namespaces + +```bash +kubectl get namespaces +``` + +We should see + +```console +NAME STATUS AGE +default Active 21h +kube-node-lease Active 21h +kube-public Active 21h +kube-system Active 21h +metallb-system Active 21h +traefik Active 12s +``` + +Install traefik + +```bash +helm install --namespace=traefik traefik traefik/traefik --values=values.yaml +``` + +Check the status of the traefik ingress controller service + +```bash +kubectl get svc --all-namespaces -o wide +``` + +We should see traefik with the specified IP + +```console +NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +default kubernetes ClusterIP 10.43.0.1 443/TCP 16h +kube-system kube-dns ClusterIP 10.43.0.10 53/UDP,53/TCP,9153/TCP 16h k8s-app=kube-dns +kube-system metrics-server ClusterIP 10.43.182.24 443/TCP 16h k8s-app=metrics-server +metallb-system webhook-service ClusterIP 10.43.205.142 443/TCP 16h component=controller +traefik traefik LoadBalancer 10.43.156.161 192.168.30.80 80:30358/TCP,443:31265/TCP 22s app.kubernetes.io/instance=traefik,app.kubernetes.io/name=traefik +``` + +Ger all pods in `traefik` namespace + +```bash +kubectl get pods --namespace traefik +``` + +We should see pods in the `traefik` namespace + +```console +NAME READY STATUS RESTARTS AGE +traefik-76474c4d47-l5z74 1/1 Running 0 11m +traefik-76474c4d47-xb282 1/1 Running 0 11m +traefik-76474c4d47-xx5lw 1/1 Running 0 11m +``` + +### middleware + +Apply middleware + +```bash +kubectl apply -f default-headers.yaml +``` + +Get middleware + +```bash +kubectl get middleware +``` + +We should see our headers + +```console +NAME AGE +default-headers 25s +``` + +### dashboard + +Install `htpassword` + +```bash +sudo apt-get update +sudo apt-get install apache2-utils +``` + +Generate a credential / password that's base64 encoded + +```bash +htpasswd -nb techno password | openssl base64 +``` + +Apply secret + +```bash +kubectl apply -f secret-dashboard.yaml +``` + +Get secret + +```bash +kubectl get secrets --namespace traefik +``` + +Apply middleware + +```bash +kubectl apply -f middleware.yaml +``` + +Apply dashboard + +```bash +kubectl apply -f ingress.yaml +``` + +Visit `https://traefik.local.example.com` + +## Sample Workload + +> These [resources](https://github.com/techno-tim/launchpad/tree/master/kubernetes/traefik-cert-manager) are in the `launchpad/kubernetes/traefik-cert-manager/nginx/` folder +{: .prompt-info } + +```bash +kubectl apply -f deployment.yaml +kubectl apply -f service.yaml +kubectl apply -f ingress.yaml +``` + +Or you can apply an entire folder at once! + +```bash +kubectl apply -f nginx +``` + +## cert-manager + +> These [resources](https://github.com/techno-tim/launchpad/tree/master/kubernetes/traefik-cert-manager) are in the `launchpad/kubernetes/traefik-cert-manager/cert-manager/` folder +{: .prompt-info } + +Add repo + +```bash +helm repo add jetstack https://charts.jetstack.io +``` + +Update it + +```bash +helm repo update +``` + +Create our namespace + +```bash +kubectl create namespace cert-manager +``` + +Get all namespaces + +```bash +kubectl get namespaces +``` + +We should see + +```console +NAME STATUS AGE +cert-manager Active 12s +default Active 21h +kube-node-lease Active 21h +kube-public Active 21h +kube-system Active 21h +metallb-system Active 21h +traefik Active 4h35m +``` + +Apply crds + +> *Note: Be sure to change this to the [latest version](https://cert-manager.io/docs/installation/supported-releases/) of `cert-manager`* +{: .prompt-info } + +```bash +kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml +``` + +Install with helm + +```bash +helm install cert-manager jetstack/cert-manager --namespace cert-manager --values=values.yaml --version v1.9.1 +``` + +Apply secrets + +> Be sure to generate the correct token if using Cloudflare. This is using an [API Token](https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/#api-tokens) and not a global key. +{: .prompt-info } + +From `issuers` folder + +```bash +kubectl apply -f secret-cf-token.yaml +``` + +Apply staging `ClusterIssuer` + +From `issuers` folder + +```bash +kubectl apply -f letsencrypt-staging.yaml +``` + +Create certs + +### staging + +From `certificates/staging` folder + +```bash +kubectl apply -f local-example-com.yaml +``` + +Check the logs + +```bash +kubectl logs -n cert-manager -f cert-manager-877fd747c-fjwhp +``` + +Get `challenges` + +```bash +kubectl get challenges +``` + +Get more details + +```bash +kubectl describe order local-technotim-live-frm2z-1836084675 +``` + +### production + +Apply production `ClusterIssuer` + +From `issuers` folder + +```bash +kubectl apply -f letsencrypt-production.yaml +``` + +From `certificates/production` folder + +```bash +kubectl apply -f local-example-com.yaml +``` + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-08-06-kube-traefik-cert-manager-le.md:Zone.Identifier b/_posts/2022-08-06-kube-traefik-cert-manager-le.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-08-27-homelab-tools-accessories.md b/_posts/2022-08-27-homelab-tools-accessories.md new file mode 100644 index 0000000..90cca43 --- /dev/null +++ b/_posts/2022-08-27-homelab-tools-accessories.md @@ -0,0 +1,135 @@ +--- +layout: post +title: "Essential HomeLab Tools & Accessories - Network / Server / PC Tool Kit" +date: 2022-08-27 09:00:00 -0500 +categories: homelab +tags: homelab tools accessories +--- + +[![Essential HomeLab Tools & Accessories - Network / Server / PC Tool Kit](https://img.youtube.com/vi/VX2dxFkahgs/0.jpg)](https://www.youtube.com/watch?v=VX2dxFkahgs "Essential HomeLab Tools & Accessories - Network / Server / PC Tool Kit") + +Every Home Labber and IT person has their go to set of tools and accessories to help them accomplish tasks for technical projects in their HomeLab. This ranges from the very specialized, to the common. I do all kinds of projects at home, from building and racking servers, to building mini and full-size PCs, to upgrading and troubleshooting hardware, to home office upgrades, to installing wireless access points and cameras, down to building raspberry pi projects. I’ve gathered up some of my most essential tools and accessories to assist you in your projects! + +A HUGE thanks to Micro Center for sponsoring this video! + +New Customers Exclusive – FREE Redragon GS500 Gaming Stereo Speakers: +Check out Micro Center’s PC Builder: +Submit your build to Micro Center’s Build Showcase: + +📺 [Watch Video](https://www.youtube.com/watch?v=VX2dxFkahgs) + +## Items + +Here are all of the items that were in the video, plus a few more. + +📦 See the entire kit here: + +### Cage nuts + +* Nickel plated 60 pack +* Black 50 pack + +### Network cables + +* Mono price Slim cat6a +* Monoprice Cat6 pure bare copper +* Cable matters 6 pack + +### Label Maker + +* Brother p touch label maker + +### Laser grip thermometer + +* + +### Short Power cords + +* 10 pack 8 inch + +### 12 outlet surge protector + +* + +### Fluke voltage tester + +* + +### Kill A Watt Electricity Usage Monitor + +* + +### SSD Mounting bracket + +* + +### Velcro + +* + +### Zip ties + +* + +### Hard drive screws + +* + +### USB Drive + +* + +### SATA/IDE/USB Adapter + +* Usb 2.0 +* Usb 3.0 + +### Craftsman quick change screw driver + +* + +### DeWalt utility knife + +* + +### Cable crimper + +* + +### Punchdown tool + +* + +### TP Link Gigabit PoE Switch + +* + +### Dremel kit + +* + +### Head lamp + +* + +### Keystones + +* + +### Cat 6 ends + +* + +### Cable tester Klein + +* + +### Cable toner + +* + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-08-27-homelab-tools-accessories.md:Zone.Identifier b/_posts/2022-08-27-homelab-tools-accessories.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-09-10-45-drives-storinator.md b/_posts/2022-09-10-45-drives-storinator.md new file mode 100644 index 0000000..705f0bc --- /dev/null +++ b/_posts/2022-09-10-45-drives-storinator.md @@ -0,0 +1,31 @@ +--- +layout: post +title: "NEW SERVER! Deploying 100 TB of Storage to my HomeLab!" +date: 2022-09-10 09:00:00 -0500 +categories: homelab +tags: homelab hardware server storinator 45 drives +--- + +[![NEW SERVER! Deploying 100 TB of Storage to my HomeLab!](https://img.youtube.com/vi/yqiCsSNpwjQ/0.jpg)](https://www.youtube.com/watch?v=yqiCsSNpwjQ "NEW SERVER! Deploying 100 TB of Storage to my HomeLab!") + +Check out my new server! It's an Storinator AV15 from 45 Drives loaded with lots of great upgrades! Will it be my new high performance storage server and replace TrueNAS? Will it be my new hypervisor and replace one of my Proxmox servers? Or will I cluster this server and do something else? Let's see what this server is made of first! + +A HUGE thank you to Micro Center for sponsoring this video! + +New Customers Exclusive – FREE Redragon GS500 Gaming Stereo Speakers: + +Check out Micro Center’s PC Builder: + +Submit your build to Micro Center’s Build Showcase: + +📺 [Watch Video](https://www.youtube.com/watch?v=yqiCsSNpwjQ) + +Check out 45Drives Storinators and other servers - + +Seagate Exos X16 14TB Drives and more - + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-09-10-45-drives-storinator.md:Zone.Identifier b/_posts/2022-09-10-45-drives-storinator.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-10-01-secret-encryption-sops.md b/_posts/2022-10-01-secret-encryption-sops.md new file mode 100644 index 0000000..dec76c8 --- /dev/null +++ b/_posts/2022-10-01-secret-encryption-sops.md @@ -0,0 +1,349 @@ +--- +layout: post +title: "Encrypt Your Sensitive Information Before Storing It - Encrypting with Mozilla SOPS and AGE" +date: 2022-10-01 09:00:00 -0500 +categories: homelab +tags: git kubernetes secrets security sops age +--- + +[![Encrypt Your Sensitive Information Before Storing It - Encrypting with Mozilla SOPS and AGE](https://img.youtube.com/vi/1BquzE3Yb4I/0.jpg)](https://www.youtube.com/watch?v=1BquzE3Yb4I "Encrypt Your Sensitive Information Before Storing It - Encrypting with Mozilla SOPS and AGE") + +Committing secrets to your Git Repo can expose information like passwords, access tokens, and other types of sensitive information. Some might think that committing secrets to a private Git Repo is OK, but I am here to tell you it's not. If you're going to commit secrets to a git repo, private or public, you should encrypt them first using Mozilla SOPS (Secret Operations) and AGE. SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP. Age is a simple, modern, and secure file encryption tool, format, and build using Go. It can encrypt and decrypt your files making then safe enough to commit to your Git repos! + +A HUGE thanks to Datree for sponsoring this video! +Combat misconfigurations. Empower engineers. + + +📺 [Watch Video](https://www.youtube.com/watch?v=1BquzE3Yb4I) + +## Install SOPS + + + +from releases page + + + +```bash +wget https://github.com/mozilla/sops/releases/download/v3.7.3/sops_3.7.3_amd64.deb +sudo dpkg -i ./sops_3.7.3_amd64.deb +rm ./sops_3.7.3_amd64.deb +``` + +test with + +```bash +sops -v +``` + +should see + +```bash +sops 3.7.3 (latest) +``` + +## Install Age + + + +```bash +sudo apt install age +``` + +or the manual way + +get the file + +```bash +wget -O age.tar.gz https://github.com/FiloSottile/age/releases/download/v1.0.0/age-v1.0.0-linux-amd64.tar.gz +``` + +extract and move + +```bash +tar xf age.tar.gz +sudo mv age/age /usr/local/bin +sudo mv age/age-keygen /usr/local/bin +``` + +clean up + +```bash +rm -rm age +rm age.tar.gz +``` + +test `age` with + +```bash + age -version +``` + +should see + +```console +v1.0.0 +``` + +test `age-keygen` with + +```bash + age-keygen -version +``` + +should see + +```console +v1.0.0 +``` + +## configure keys + +Now that we have `age` installed we need to create a public and private key + +```bash +age-keygen -o key.txt +``` + +should see + +```console +age-keygen: warning: writing secret key to a world-readable file +Public key: age1epzmwwzw8n09slh0c7z0z52x43nnga7lkksx3qrh07tqz5v7lcys45428t +``` + +let's look at the contents + +```bash +cat key.txt +``` + +should see + +```console +# created: 2022-09-26T21:55:47-05:00 +# public key: age1epzmwwzw8n09slh0c7z0z52x43nnga7lkksx3qrh07tqz5v7lcys45428t +AGE-SECRET-KEY-1HJCRJVK7EE3A5N8CRP8YSDUGZKNW90Y5UR2RGYAS8L279LFP6LCQU5ADNR +``` + +> *Remember this is a secret so keep this safe!* Do not commit this! +{: .prompt-info } + +move the file and add to our shell + +```bash +mkdir ~/.sops +mv ./key.txt ~/.sops +``` + +add it to our shell + +```bash +nano ~/.zshrc +# or nano ~/.bashrc +``` + +add to the end of file + +```bash +export SOPS_AGE_KEY_FILE=$HOME/.sops/key.txt +``` + +source our shell + +```bash +source ~/.zshrc +# or source ~/.bashrc +``` + +## Now! Let's encrypt + +A few ways you can do this. You can encrypt in place or encrypt with an editor but we’re going to do an in place encryption. + +## YAML + +This can be kubernetes secrets, helm values, or just plain old yaml + +create a secret with the following contents + +`secret.yaml` + +```yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: mysql-secret + namespace: default +stringData: + MYSQL_USER: root + MYSQL_PASSWORD: super-Secret-Password!!!! +``` + +to encrypt + +```bash +sops --encrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") --encrypted-regex '^(data|stringData)$' --in-place ./secret.yaml +``` + +to decrypt + +```bash +sops --decrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") --encrypted-regex '^(data|stringData)$' --in-place ./secret.yaml +``` + +## Kubernetes + +If you want to decrypt this secret on the fly and apply to kubernetes + +encrypt first + +```bash +sops --encrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") --encrypted-regex '^(data|stringData)$' --in-place ./secret.yaml +``` + +decrypt and pipe to kubectl + +```bash +sops --decrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") --encrypted-regex '^(data|stringData)$' ./secret.yaml | kubectl apply -f - +``` + +check it with + +```bash +k describe secrets mysql-secret-test +``` + +then + +```bash + kubectl get secret mysql-secret-test -o jsonpath='{.data}' +``` + +then + +```bash +kubectl get secret mysql-secret-test -o jsonpath='{.data.MYSQL_PASSWORD}' | base64 --decode +``` + +## VSCode + +install vscode extension + +choose the beta for sops because that supports age + sops + +don't forget to add `.decrypted~secret.yaml` to `.gitignore` + +encrypt .env files + +make sure extension is installed + +## .ENV Files + +create + +`secret.env` + +```env +MYSQL_USER=superroot +MYSQL_PASSWORD="super-Secret-Password!!!!############" +``` + +encrypt + +```bash +sops --encrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") -i .env +``` + +decrypt + +```bash +sops --decrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") -i .env +``` + +don't forget to add `.decrypted~secret.env` to your `.gitignore` + +## JSON Files + +`secret.json` + +```json +{ + "mySqlUser": "superroot", + "password": "super-Secret-Password!!!!#######" +} +``` + +encrypt + +```bash +sops --encrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") -i secret.json +``` + +decrypt + +```bash +sops --decrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") -i secret.json +``` + +don't forget to add `.decrypted~secret.json` to your `.gitignore` + +## INI Files + +`secret.ini` + +```ini +[database] +user = superroot +password = super-Secret-Password!!!!1223 +``` + +encrypt + +```bash +sops --encrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") -i secret.ini +``` + +decrypt + +```bash +sops --decrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") -i secret.ini +``` + +don't forget to add `.decrypted~secret.ini` to you `.gitignore` + +## Files + +`secret.sql` + +```sql +--- https://xkcd.com/327/ +--- DO NOT USE +INSERT INTO Students VALUES ( 'Robert' ); DROP TABLE STUDENTS; --' ) +``` + +encrypt + +```bash +sops --encrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") --in-place ./secret.sql +``` + +decrypt + +```bash +sops --decrypt --age $(cat $SOPS_AGE_KEY_FILE |grep -oP "public key: \K(.*)") --in-place ./secret.sql +``` + +## Flux + +If you're thinking of doing GitOps with Flux, you can [check out my video on this topic](https://www.youtube.com/watch?v=PFLimPh5-wo) or see my [documentation](https://docs.technotim.live/posts/flux-devops-gitops/). You can do cluster decryption and fully automate decryption of secrets. + +In cluster decryption with Flux + + + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-10-01-secret-encryption-sops.md:Zone.Identifier b/_posts/2022-10-01-secret-encryption-sops.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-10-22-rgb-storinator.md b/_posts/2022-10-22-rgb-storinator.md new file mode 100644 index 0000000..d444f39 --- /dev/null +++ b/_posts/2022-10-22-rgb-storinator.md @@ -0,0 +1,57 @@ +--- +layout: post +title: "I Put RGB Fans in My Server and I am NOT Apologizing" +date: 2022-10-22 09:00:00 -0500 +categories: homelab +tags: git kubernetes secrets security sops age +--- + +[![I Put RGB Fans in My Server and I am NOT Apologizing](https://img.youtube.com/vi/zaAUn0QeKVo/0.jpg)](https://www.youtube.com/watch?v=zaAUn0QeKVo "I Put RGB Fans in My Server and I am NOT Apologizing") + +My Storinator server from 45Drives is great, except for 1 thing. It's a little loud for my home. It would be fine if it were in a data center or a real network closet, however this is in my basement. I decided to swap out all the fans to make it quieter, and install RGB fans along with a ZigBee controller so I can control them with Home Automation! + +📺 [Watch Video](https://www.youtube.com/watch?v=zaAUn0QeKVo) + +HUGE THANK YOU to Micro Center for Sponsoring this Video! + +New Customers Exclusive – Get $25 off your purchase of any AMD and Intel Processor (limit one per customer): + +Check out Micro Center’s PC Builder: + +Submit your build to Micro Center’s Build Showcase: + +Thanks again to 45drives for the Storinator! + + +📦See all the parts in this kit here! 📦 + + +Time Codes + +00:00 - Making My Server Quiet + +02:13 - Micro Center (Sponsor) + +03:18 - Taking the Server Apart + +04:17 - Changing the CPU Cooler + +05:02 - How to Add Smart RGB to a Server + +06:07 - Wiring Up the ZigBee Controller and Fans + +07:20 - Testing and Pairing the ZigBee Controller + +08:08 - Why Put RGB Fans in a Server? + +08:42 - How Much Quieter Is It? + +09:13 - What's Next for the Server? + +09:33 - Stream Highlight - I will buy an LTT Screwdriver + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-10-22-rgb-storinator.md:Zone.Identifier b/_posts/2022-10-22-rgb-storinator.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-11-12-sysracks-server-rack.md b/_posts/2022-11-12-sysracks-server-rack.md new file mode 100644 index 0000000..13b57c9 --- /dev/null +++ b/_posts/2022-11-12-sysracks-server-rack.md @@ -0,0 +1,54 @@ +--- +layout: post +title: "Best Server Rack for Your HomeLab? Sysracks Enclosed Rack!" +date: 2022-11-12 09:00:00 -0500 +categories: homelab +tags: server server-rack homelab hardware sysracks +--- + +[![Best Server Rack for Your HomeLab? Sysracks Enclosed Rack!](https://img.youtube.com/vi/plwhD5tRsGM/0.jpg)](https://www.youtube.com/watch?v=plwhD5tRsGM "Best Server Rack for Your HomeLab? Sysracks Enclosed Rack!") + +I've been on a quest looking for a new server rack for my HomeLab in my home. I've outgrown my current 18u open frame rack and decided to give a 32u Sysracks Enclosed Rack a try! Join me as we put together this server rack, test out all of the features, and I'll let you know my thoughts about this brand new server rack! + +📺 [Watch Video](https://www.youtube.com/watch?v=plwhD5tRsGM) + +A HUGE thank you to Sysracks for sending me this rack! + +Check out their selection of racks at + +A HUGE thank you to Micro Center for sponsoring this video! + +New Customer Exclusive – Free 256GB SSD In-Store: + +Check out Micro Center’s Custom PC Builder: + +Submit your build to Micro Center’s Build Showcase: + +Shop Micro Center’s Black Friday Deals: + +📦 See a collection of Sysracks racks here: + + +## Chapters + +00:00 - Why get a new Server Rack? + +01:14 - Sysracks 32u Server & Features + +02:22 - Micro Center (Sponsor) + +03:35 - Assembling the Rack + +07:38 - Exploring the Rack Features + +09:39 - Checking Out the Temperature Control Unit + +11:04 - My Thoughts About the Sysracks Server Rack + +13:42 - Stream Highlight - "The grow room isn't big enough for 2 racks!" + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-11-12-sysracks-server-rack.md:Zone.Identifier b/_posts/2022-11-12-sysracks-server-rack.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-11-26-new-ups-rack.md b/_posts/2022-11-26-new-ups-rack.md new file mode 100644 index 0000000..6050353 --- /dev/null +++ b/_posts/2022-11-26-new-ups-rack.md @@ -0,0 +1,73 @@ +--- +layout: post +title: "I'll never run out of power! - Eaton and Tripp Lite UPS" +date: 2022-11-26 09:00:00 -0500 +categories: homelab +tags: ups eaton tripp-lite server server-rack +--- + +[![I'll never run out of power! - Eaton and Tripp Lite UPS](https://img.youtube.com/vi/tnrNGE5SRhQ/0.jpg)](https://www.youtube.com/watch?v=tnrNGE5SRhQ "I'll never run out of power! - Eaton and Tripp Lite UPS") + +## Description + +Today I look at 2 (or 3 depending on how you count them) UPS systems from Tripp Lite and Eaton. These UPS devices couldn't be any different but they are awesome nonetheless. Each has it's own unique capabilities and features. Which on will you choose when looking for your next UPS? Join me as we walk through and review these type UPS systems and rack them in my new rack! + +📺 [Watch Video](https://www.youtube.com/watch?v=tnrNGE5SRhQ) + +Huge THANK YOU to Eaton / Tripp Lite for sending these UPS systems. If you're looking for a new UPS for home or work, you should totally check them out! + +Tripp Lite + + + +Eaton + + + +## Check out a variety of UPS Systems + +### Tripp Lite + +- Tripp Lite 1500VA Smart UPS Back Up - +- Tripp Lite 2200VA 1920W UPS Smart 2U Rackmount - +- Tripp Lite BP36V15-2U Smart UPS 36V 2U Rackmount External Battery Pack - +- Tripp Lite SMART1500LCD 1500VA Smart UPS Battery Back Up - + +### Eaton + +- Eaton 5P550R 5P 550 Rackmount - +- Eaton 5P Rackmount Compact 1500VA UPS - +- Eaton 5P1500R - +- Eaton 5S1500LCD UPS - + +## NUT Server Install script + +Be sure to check out (and star) David's repo with an automated NUT server install! + +⭐ + +## Chapters + +00:00 - What should I protect with my UPS? + +02:16 - Tripp Lite SmartPro UPS Review and Specs + +03:24 - Tripp Lite 36v Battery Pack Review and Specs + +04:29 - Tripp Lite SmartPro UPS Configuration + +05:23 - Eaton 5P 1550 UPS Review and Specs + +07:43 - Eaton 5P 1550 UPS Configuration + +08:47 - Rack mounting the UPSes + +10:53 - My Thoughts and Monitoring and Alerting Solutions + +13:01 - Stream Highlight - "Testing in Production" + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-11-26-new-ups-rack.md:Zone.Identifier b/_posts/2022-11-26-new-ups-rack.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_posts/2022-11-26-nut-server-script.md b/_posts/2022-11-26-nut-server-script.md new file mode 100644 index 0000000..f02f046 --- /dev/null +++ b/_posts/2022-11-26-nut-server-script.md @@ -0,0 +1,67 @@ +--- +layout: post +title: "Automated NUT Server Install" +date: 2022-11-28 09:00:00 -0500 +categories: homelab +tags: homelab nut self-hosted ups pdu open-source automation +--- + +[![Automated NUT Server Install](https://img.youtube.com/vi/HgKeD4320c0/0.jpg)](https://www.youtube.com/watch?v=HgKeD4320c0 "Automated NUT Server Install") + +## Description + +Here's a quick way to automate your battery backups and UPSes with and open source service called NUT server and a raspberry Pi. + +📺 [Watch Video](https://www.youtube.com/watch?v=HgKeD4320c0) + +## NUT Server Install script + +Be sure to check out (and star) the repo with an automated NUT server install! + +⭐ + +## Instructions + +Be sure you have a raspberry pi or any machine running Debian / Ubuntu Linux. Then plug in your UPS via USB and then SSH into your Pi. + +Then download th script. + +```bash +wget https://raw.githubusercontent.com/dzomaya/NUTandRpi/main/scripts/nutinstall.sh +``` + +Make the script executable. + +```bash +sudo chmod +x nutinstall.sh +``` + +Run the script. + +```bash +sudo ./nutinstall.sh +``` + +Answer a few questions. + +Be sure to keep your SNMP community string safe and treat this like a password. + +You can now access NUT in a browser by going to: + + + +You can also query your device using SNMP + +```bash +snmpwalk -v2c -c yourSNMPv2cCommunity yourRasberryPiIPaddress .1.3.6.1.4.1.8072.1.3.2.4.1.2 +``` + +## Advanced + +To see advanced configuration and configuring NUT Server and NUT client, see my [Network UPS Tools (NUT) Ultimate Guide](https://docs.technotim.live/posts/NUT-server-guide/). + +## Links + +⚙️ See all the hardware I recommend at + +🚀 Don't forget to check out the [🚀Launchpad repo](https://l.technotim.live/quick-start) with all of the quick start source files diff --git a/_posts/2022-11-26-nut-server-script.md:Zone.Identifier b/_posts/2022-11-26-nut-server-script.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_tabs/about.md b/_tabs/about.md index ddb2bc4..c25f783 100644 --- a/_tabs/about.md +++ b/_tabs/about.md @@ -1,8 +1,12 @@ --- -# the default layout is 'page' -icon: fas fa-info-circle +# the default layout is 'page'icon: fas fa-info-circle order: 4 --- -> Add Markdown syntax content to file `_tabs/about.md`{: .filepath } and it will show up on this page. -{: .prompt-tip } +Hi! My name is Tim but most people call me "Techno Tim" I create content on [YouTube](https://www.youtube.com/technotimlive) and [Twitch](https://twitch.tv/technotim). + +Here you will find all the documentation for my YouTube videos on my channel [https://www.youtube.com/technotimlive](https://l.technotim.live/subscribe). This documentation is meant to compliment my videos and not replace them. + +If you see something that needs to be fixed, this documentation is open source! Feel free to open an issue or PR [here](https://github.com/techno-tim/techno-tim.github.io). + +You can support this project by becoming a [sponsor on GitHub](https://github.com/sponsors/timothystewart6) or a [patron on Patreon](https://www.patreon.com/technotim). Thank you for your consideration and for visiting! \ No newline at end of file diff --git a/_tabs/about.md:Zone.Identifier b/_tabs/about.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_tabs/archives.md b/_tabs/archives.md index c3abc59..1b42e95 100644 --- a/_tabs/archives.md +++ b/_tabs/archives.md @@ -3,3 +3,4 @@ layout: archives icon: fas fa-archive order: 3 --- + diff --git a/_tabs/archives.md:Zone.Identifier b/_tabs/archives.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_tabs/categories.md:Zone.Identifier b/_tabs/categories.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/_tabs/tags.md b/_tabs/tags.md index ded3adc..c8e213a 100644 --- a/_tabs/tags.md +++ b/_tabs/tags.md @@ -1,5 +1,5 @@ --- layout: tags -icon: fas fa-tags +icon: fas fa-tag order: 2 --- diff --git a/_tabs/tags.md:Zone.Identifier b/_tabs/tags.md:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-chrome-192x192.png b/assets/img/favicons/android-chrome-192x192.png new file mode 100644 index 0000000..bdcb964 Binary files /dev/null and b/assets/img/favicons/android-chrome-192x192.png differ diff --git a/assets/img/favicons/android-chrome-192x192.png:Zone.Identifier b/assets/img/favicons/android-chrome-192x192.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-chrome-512x512.png b/assets/img/favicons/android-chrome-512x512.png new file mode 100644 index 0000000..f94b459 Binary files /dev/null and b/assets/img/favicons/android-chrome-512x512.png differ diff --git a/assets/img/favicons/android-chrome-512x512.png:Zone.Identifier b/assets/img/favicons/android-chrome-512x512.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-icon-144x144.png b/assets/img/favicons/android-icon-144x144.png new file mode 100644 index 0000000..c34d8d0 Binary files /dev/null and b/assets/img/favicons/android-icon-144x144.png differ diff --git a/assets/img/favicons/android-icon-144x144.png:Zone.Identifier b/assets/img/favicons/android-icon-144x144.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-icon-192x192.png b/assets/img/favicons/android-icon-192x192.png new file mode 100644 index 0000000..ade309f Binary files /dev/null and b/assets/img/favicons/android-icon-192x192.png differ diff --git a/assets/img/favicons/android-icon-192x192.png:Zone.Identifier b/assets/img/favicons/android-icon-192x192.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-icon-36x36.png b/assets/img/favicons/android-icon-36x36.png new file mode 100644 index 0000000..c70db46 Binary files /dev/null and b/assets/img/favicons/android-icon-36x36.png differ diff --git a/assets/img/favicons/android-icon-36x36.png:Zone.Identifier b/assets/img/favicons/android-icon-36x36.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-icon-48x48.png b/assets/img/favicons/android-icon-48x48.png new file mode 100644 index 0000000..08943d6 Binary files /dev/null and b/assets/img/favicons/android-icon-48x48.png differ diff --git a/assets/img/favicons/android-icon-48x48.png:Zone.Identifier b/assets/img/favicons/android-icon-48x48.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-icon-72x72.png b/assets/img/favicons/android-icon-72x72.png new file mode 100644 index 0000000..1988239 Binary files /dev/null and b/assets/img/favicons/android-icon-72x72.png differ diff --git a/assets/img/favicons/android-icon-72x72.png:Zone.Identifier b/assets/img/favicons/android-icon-72x72.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/android-icon-96x96.png b/assets/img/favicons/android-icon-96x96.png new file mode 100644 index 0000000..fb24ce7 Binary files /dev/null and b/assets/img/favicons/android-icon-96x96.png differ diff --git a/assets/img/favicons/android-icon-96x96.png:Zone.Identifier b/assets/img/favicons/android-icon-96x96.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-114x114.png b/assets/img/favicons/apple-icon-114x114.png new file mode 100644 index 0000000..bd0a4e8 Binary files /dev/null and b/assets/img/favicons/apple-icon-114x114.png differ diff --git a/assets/img/favicons/apple-icon-114x114.png:Zone.Identifier b/assets/img/favicons/apple-icon-114x114.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-120x120.png b/assets/img/favicons/apple-icon-120x120.png new file mode 100644 index 0000000..8199567 Binary files /dev/null and b/assets/img/favicons/apple-icon-120x120.png differ diff --git a/assets/img/favicons/apple-icon-120x120.png:Zone.Identifier b/assets/img/favicons/apple-icon-120x120.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-144x144.png b/assets/img/favicons/apple-icon-144x144.png new file mode 100644 index 0000000..c34d8d0 Binary files /dev/null and b/assets/img/favicons/apple-icon-144x144.png differ diff --git a/assets/img/favicons/apple-icon-144x144.png:Zone.Identifier b/assets/img/favicons/apple-icon-144x144.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-152x152.png b/assets/img/favicons/apple-icon-152x152.png new file mode 100644 index 0000000..1d26e45 Binary files /dev/null and b/assets/img/favicons/apple-icon-152x152.png differ diff --git a/assets/img/favicons/apple-icon-152x152.png:Zone.Identifier b/assets/img/favicons/apple-icon-152x152.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-180x180.png b/assets/img/favicons/apple-icon-180x180.png new file mode 100644 index 0000000..71467ff Binary files /dev/null and b/assets/img/favicons/apple-icon-180x180.png differ diff --git a/assets/img/favicons/apple-icon-180x180.png:Zone.Identifier b/assets/img/favicons/apple-icon-180x180.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-57x57.png b/assets/img/favicons/apple-icon-57x57.png new file mode 100644 index 0000000..1d72aa1 Binary files /dev/null and b/assets/img/favicons/apple-icon-57x57.png differ diff --git a/assets/img/favicons/apple-icon-57x57.png:Zone.Identifier b/assets/img/favicons/apple-icon-57x57.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-60x60.png b/assets/img/favicons/apple-icon-60x60.png new file mode 100644 index 0000000..1e51469 Binary files /dev/null and b/assets/img/favicons/apple-icon-60x60.png differ diff --git a/assets/img/favicons/apple-icon-60x60.png:Zone.Identifier b/assets/img/favicons/apple-icon-60x60.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-72x72.png b/assets/img/favicons/apple-icon-72x72.png new file mode 100644 index 0000000..1988239 Binary files /dev/null and b/assets/img/favicons/apple-icon-72x72.png differ diff --git a/assets/img/favicons/apple-icon-72x72.png:Zone.Identifier b/assets/img/favicons/apple-icon-72x72.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-76x76.png b/assets/img/favicons/apple-icon-76x76.png new file mode 100644 index 0000000..077a913 Binary files /dev/null and b/assets/img/favicons/apple-icon-76x76.png differ diff --git a/assets/img/favicons/apple-icon-76x76.png:Zone.Identifier b/assets/img/favicons/apple-icon-76x76.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon-precomposed.png b/assets/img/favicons/apple-icon-precomposed.png new file mode 100644 index 0000000..05816c7 Binary files /dev/null and b/assets/img/favicons/apple-icon-precomposed.png differ diff --git a/assets/img/favicons/apple-icon-precomposed.png:Zone.Identifier b/assets/img/favicons/apple-icon-precomposed.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-icon.png b/assets/img/favicons/apple-icon.png new file mode 100644 index 0000000..05816c7 Binary files /dev/null and b/assets/img/favicons/apple-icon.png differ diff --git a/assets/img/favicons/apple-icon.png:Zone.Identifier b/assets/img/favicons/apple-icon.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/apple-touch-icon.png b/assets/img/favicons/apple-touch-icon.png new file mode 100644 index 0000000..9980778 Binary files /dev/null and b/assets/img/favicons/apple-touch-icon.png differ diff --git a/assets/img/favicons/apple-touch-icon.png:Zone.Identifier b/assets/img/favicons/apple-touch-icon.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/favicon-16x16.png b/assets/img/favicons/favicon-16x16.png new file mode 100644 index 0000000..1d3b22f Binary files /dev/null and b/assets/img/favicons/favicon-16x16.png differ diff --git a/assets/img/favicons/favicon-16x16.png:Zone.Identifier b/assets/img/favicons/favicon-16x16.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/favicon-32x32.png b/assets/img/favicons/favicon-32x32.png new file mode 100644 index 0000000..3d364b9 Binary files /dev/null and b/assets/img/favicons/favicon-32x32.png differ diff --git a/assets/img/favicons/favicon-32x32.png:Zone.Identifier b/assets/img/favicons/favicon-32x32.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/favicon-96x96.png b/assets/img/favicons/favicon-96x96.png new file mode 100644 index 0000000..fb24ce7 Binary files /dev/null and b/assets/img/favicons/favicon-96x96.png differ diff --git a/assets/img/favicons/favicon-96x96.png:Zone.Identifier b/assets/img/favicons/favicon-96x96.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/favicon.ico b/assets/img/favicons/favicon.ico new file mode 100644 index 0000000..1b04157 Binary files /dev/null and b/assets/img/favicons/favicon.ico differ diff --git a/assets/img/favicons/favicon.ico:Zone.Identifier b/assets/img/favicons/favicon.ico:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/ms-icon-144x144.png b/assets/img/favicons/ms-icon-144x144.png new file mode 100644 index 0000000..c34d8d0 Binary files /dev/null and b/assets/img/favicons/ms-icon-144x144.png differ diff --git a/assets/img/favicons/ms-icon-144x144.png:Zone.Identifier b/assets/img/favicons/ms-icon-144x144.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/ms-icon-150x150.png b/assets/img/favicons/ms-icon-150x150.png new file mode 100644 index 0000000..edcb456 Binary files /dev/null and b/assets/img/favicons/ms-icon-150x150.png differ diff --git a/assets/img/favicons/ms-icon-150x150.png:Zone.Identifier b/assets/img/favicons/ms-icon-150x150.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/ms-icon-310x310.png b/assets/img/favicons/ms-icon-310x310.png new file mode 100644 index 0000000..7848c68 Binary files /dev/null and b/assets/img/favicons/ms-icon-310x310.png differ diff --git a/assets/img/favicons/ms-icon-310x310.png:Zone.Identifier b/assets/img/favicons/ms-icon-310x310.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/ms-icon-70x70.png b/assets/img/favicons/ms-icon-70x70.png new file mode 100644 index 0000000..71e028b Binary files /dev/null and b/assets/img/favicons/ms-icon-70x70.png differ diff --git a/assets/img/favicons/ms-icon-70x70.png:Zone.Identifier b/assets/img/favicons/ms-icon-70x70.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/assets/img/favicons/mstile-150x150.png b/assets/img/favicons/mstile-150x150.png new file mode 100644 index 0000000..4636ce0 Binary files /dev/null and b/assets/img/favicons/mstile-150x150.png differ diff --git a/assets/img/favicons/mstile-150x150.png:Zone.Identifier b/assets/img/favicons/mstile-150x150.png:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/index.html:Zone.Identifier b/index.html:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/deployment.yaml b/kubernetes/deployment.yaml new file mode 100644 index 0000000..128fa4f --- /dev/null +++ b/kubernetes/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: technotim-docs + namespace: default +spec: + selector: + matchLabels: + app: technotim-docs + replicas: 3 + progressDeadlineSeconds: 600 + revisionHistoryLimit: 3 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 25% + maxSurge: 1 + template: + metadata: + labels: + app: technotim-docs + annotations: + deploy-date: "deploy-date-value" + spec: + containers: + - name: technotim-docs + image: "registry-value:latest" + resources: + requests: + memory: "64Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "250m" + ports: + - containerPort: 80 + imagePullSecrets: + - name: registry-credentials-gitlab + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: network + operator: In + values: + - servers-untrusted diff --git a/kubernetes/deployment.yaml:Zone.Identifier b/kubernetes/deployment.yaml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/authelia-traefik/authelia/configuration.yml b/reference_files/authelia-traefik/authelia/configuration.yml new file mode 100644 index 0000000..164f52d --- /dev/null +++ b/reference_files/authelia-traefik/authelia/configuration.yml @@ -0,0 +1,79 @@ +--- +############################################################### +# Authelia configuration # +############################################################### + +server: + host: 0.0.0.0 + port: 9091 +log: + level: debug +theme: dark +# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE +jwt_secret: a_very_important_secret +default_redirection_url: https://auth.local.example.com +totp: + issuer: authelia.com + +# duo_api: +# hostname: api-123456789.example.com +# integration_key: ABCDEF +# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE +# secret_key: 1234567890abcdefghifjkl + +authentication_backend: + file: + path: /config/users_database.yml + password: + algorithm: argon2id + iterations: 1 + salt_length: 16 + parallelism: 8 + memory: 64 + +access_control: + default_policy: deny + rules: + # Rules applied to everyone + - domain: public.example.com + policy: bypass + - domain: heimdall.local.example.com + policy: one_factor + - domain: pve1.local.example.com + policy: two_factor + +session: + name: authelia_session + # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE + secret: unsecure_session_secret + expiration: 3600 # 1 hour + inactivity: 300 # 5 minutes + domain: example.com # Should match whatever your root protected domain is + + # redis: + # host: redis + # port: 6379 + # # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE + # # password: authelia + +regulation: + max_retries: 3 + find_time: 120 + ban_time: 300 + +storage: + encryption_key: a_very_important_secret # Now required + local: + path: /config/db.sqlite3 + +notifier: + # smtp: + # username: test + # # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE + # password: password + # host: mail.example.com + # port: 25 + # sender: admin@example.com + filesystem: + filename: /config/notification.txt +... diff --git a/reference_files/authelia-traefik/authelia/configuration.yml:Zone.Identifier b/reference_files/authelia-traefik/authelia/configuration.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/authelia-traefik/authelia/docker-compose.yml b/reference_files/authelia-traefik/authelia/docker-compose.yml new file mode 100644 index 0000000..a16b87f --- /dev/null +++ b/reference_files/authelia-traefik/authelia/docker-compose.yml @@ -0,0 +1,28 @@ +version: '3' + +services: + authelia: + image: authelia/authelia + container_name: authelia + volumes: + - ./config:/config + networks: + - proxy + labels: + - 'traefik.enable=true' + - 'traefik.http.routers.authelia.rule=Host(`auth.local.example.com`)' + - 'traefik.http.routers.authelia.entrypoints=https' + - 'traefik.http.routers.authelia.tls=true' + - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.local.example.com' + - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' + - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' + expose: + - 9091 + restart: unless-stopped + environment: + - TZ=America/Chicago + healthcheck: + disable: true +networks: + proxy: + external: true \ No newline at end of file diff --git a/reference_files/authelia-traefik/authelia/docker-compose.yml:Zone.Identifier b/reference_files/authelia-traefik/authelia/docker-compose.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/authelia-traefik/authelia/users_database.yml b/reference_files/authelia-traefik/authelia/users_database.yml new file mode 100644 index 0000000..e3df24d --- /dev/null +++ b/reference_files/authelia-traefik/authelia/users_database.yml @@ -0,0 +1,18 @@ +--- +############################################################### +# Users Database # +############################################################### + +# This file can be used if you do not have an LDAP set up. + +# List of users +users: + username: + displayname: "Your Name" + # Password is Authelia + password: "$argon2id$v=19$m=65536,t=1,p=8$cUI4a0E3L1laYnRDUXl3Lw$ZsdsrdadaoVIaVj8NltA8x4qVOzT+/r5GF62/bT8OuAs" + email: you@example.com + groups: + - admins + - dev +... \ No newline at end of file diff --git a/reference_files/authelia-traefik/authelia/users_database.yml:Zone.Identifier b/reference_files/authelia-traefik/authelia/users_database.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/authelia-traefik/heimdall/docker-compose.yml b/reference_files/authelia-traefik/heimdall/docker-compose.yml new file mode 100644 index 0000000..693ade9 --- /dev/null +++ b/reference_files/authelia-traefik/heimdall/docker-compose.yml @@ -0,0 +1,37 @@ +--- +version: "2.1" + +services: + heimdall: + image: ghcr.io/linuxserver/heimdall + container_name: heimdall + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Chicago + volumes: + - ./config:/config + ports: + - 8500:80 + # - 8600:443 + restart: unless-stopped + security_opt: + - no-new-privileges:true + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.heimdall.entrypoints=http" + - "traefik.http.routers.heimdall.rule=Host(`heimdall.local.example.com`)" + - "traefik.http.middlewares.heimdall-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.heimdall.middlewares=heimdall-https-redirect" + - "traefik.http.routers.heimdall-secure.entrypoints=https" + - "traefik.http.routers.heimdall-secure.rule=Host(`heimdall.local.example.com`)" + - "traefik.http.routers.heimdall-secure.tls=true" + - "traefik.http.routers.heimdall-secure.service=heimdall" + - "traefik.http.services.heimdall.loadbalancer.server.port=80" + - "traefik.docker.network=proxy" + - 'traefik.http.routers.heimdall-secure.middlewares=authelia@docker' +networks: + proxy: + external: true \ No newline at end of file diff --git a/reference_files/authelia-traefik/heimdall/docker-compose.yml:Zone.Identifier b/reference_files/authelia-traefik/heimdall/docker-compose.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/authelia-traefik/traefik/config.yml b/reference_files/authelia-traefik/traefik/config.yml new file mode 100644 index 0000000..d0cfa17 --- /dev/null +++ b/reference_files/authelia-traefik/traefik/config.yml @@ -0,0 +1,51 @@ +http: + routers: + pve1: + entryPoints: + - "https" + rule: "Host(`pve1.local.example.com`)" + middlewares: + - authelia + - default-headers + tls: {} + service: pve1 + services: + pve1: + loadBalancer: + servers: + - url: "https://192.168.0.11:8006" + passHostHeader: true + + middlewares: + https-redirect: + redirectScheme: + scheme: https + authelia: + forwardAuth: + address: "http://authelia:9091/api/verify?rd=https://auth.local.example.com" + default-headers: + headers: + frameDeny: true + sslRedirect: true + browserXssFilter: true + contentTypeNosniff: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 15552000 + customFrameOptionsValue: SAMEORIGIN + customRequestHeaders: + X-Forwarded-Proto: https + + default-whitelist: + ipWhiteList: + sourceRange: + - "10.0.0.0/8" + - "192.168.0.0/16" + - "172.0.0.0/12" + + secured: + chain: + middlewares: + - default-whitelist + - default-headers diff --git a/reference_files/authelia-traefik/traefik/config.yml:Zone.Identifier b/reference_files/authelia-traefik/traefik/config.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik-portainer-ssl/portainer/docker-compose.yml b/reference_files/traefik-portainer-ssl/portainer/docker-compose.yml new file mode 100644 index 0000000..6763731 --- /dev/null +++ b/reference_files/traefik-portainer-ssl/portainer/docker-compose.yml @@ -0,0 +1,31 @@ +version: '3' + +services: + portainer: + image: portainer/portainer-ce + container_name: portainer + restart: unless-stopped + security_opt: + - no-new-privileges:true + networks: + - proxy + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - /home/username/portainer/data:/data + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer.entrypoints=http" + - "traefik.http.routers.portainer.rule=Host(`portainer.local.example.com`)" + - "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.portainer.middlewares=portainer-https-redirect" + - "traefik.http.routers.portainer-secure.entrypoints=https" + - "traefik.http.routers.portainer-secure.rule=Host(`portainer.local.example.com`)" + - "traefik.http.routers.portainer-secure.tls=true" + - "traefik.http.routers.portainer-secure.service=portainer" + - "traefik.http.services.portainer.loadbalancer.server.port=9000" + - "traefik.docker.network=proxy" + +networks: + proxy: + external: true \ No newline at end of file diff --git a/reference_files/traefik-portainer-ssl/portainer/docker-compose.yml:Zone.Identifier b/reference_files/traefik-portainer-ssl/portainer/docker-compose.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik-portainer-ssl/traefik/config.yml b/reference_files/traefik-portainer-ssl/traefik/config.yml new file mode 100644 index 0000000..cf55787 --- /dev/null +++ b/reference_files/traefik-portainer-ssl/traefik/config.yml @@ -0,0 +1,238 @@ +http: + #region routers + routers: + proxmox: + entryPoints: + - "https" + rule: "Host(`proxmox.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: proxmox + pihole: + entryPoints: + - "https" + rule: "Host(`pihole.local.example.com`)" + middlewares: + - default-headers + - addprefix-pihole + - https-redirectscheme + tls: {} + service: pihole + homebridge: + entryPoints: + - "https" + rule: "Host(`homebridge.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: homebridge + homeassistant: + # For Homeassistant config, check: https://www.home-assistant.io/integrations/http/#reverse-proxies + # This relies on Homeassistant using http. No certs are needed in the Homeassistant config. + entryPoints: + - "https" + rule: "Host(`homeassistant.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: homeassistant + syncthing: + entryPoints: + - "https" + rule: "Host(`syncthing.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: syncthing + truenas: + entryPoints: + - "https" + rule: "Host(`truenas.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: truenas + plex: + entryPoints: + - "https" + rule: "Host(`plex.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: plex + minio: + entryPoints: + - "https" + rule: "Host(`minio.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: minio + rancher: + entryPoints: + - "https" + rule: "Host(`rancher.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: rancher + idrac: + entryPoints: + - "https" + rule: "Host(`idrac.local.example.com`)" + middlewares: + - idrac + - https-redirectscheme + tls: {} + service: idrac + idrac-console: + entryPoints: + - "idrac" # REQUIRED for iDRAC virtual console: Create a new TCP entry point in traefik on port 5900 + rule: "Host(`idrac.local.example.com`)" + middlewares: + - idrac + - https-redirectscheme + tls: {} + service: idrac-console + opnsense: + entryPoints: + - "https" + rule: "Host(`opnsense.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: opnsense + pterodactyl: + entryPoints: + - "https" + rule: "Host(`pterodactyl.local.example.com`)" + middlewares: + - default-headers + - https-redirectscheme + tls: {} + service: pterodactyl + +#endregion +#region services + services: + proxmox: + loadBalancer: + servers: + - url: "https://192.168.0.100:8006" + passHostHeader: true + pihole: + loadBalancer: + servers: + - url: "http://192.168.0.101:80" + passHostHeader: true + homebridge: + loadBalancer: + servers: + - url: "http://192.168.0.102:10999" + passHostHeader: true + homeassistant: + loadBalancer: + servers: + - url: "http://192.168.0.102:10999" + passHostHeader: true + syncthing: + loadBalancer: + servers: + - url: "https://192.168.0.103:8384" + passHostHeader: true + truenas: + loadBalancer: + servers: + - url: "https://192.168.0.104" + passHostHeader: true + plex: + loadBalancer: + servers: + - url: "https://192.168.0.105:32400" + passHostHeader: true + minio: + loadBalancer: + servers: + - url: "https://192.168.0.106:9000/" + passHostHeader: true + rancher: + loadBalancer: + servers: + - url: "https://192.168.0.107" + passHostHeader: true + idrac: + loadBalancer: + servers: + - url: "https://192.168.0.108" + passHostHeader: true + idrac-console: + loadBalancer: + servers: + - url: "https://192.168.0.108:5900" + passHostHeader: true + opnsense: + loadBalancer: + servers: + - url: "https://192.168.0.109" + passHostHeader: true + pterodactyl: + loadBalancer: + servers: + - url: "http://192.168.0.110:80" + passHostHeader: true +#endregion + middlewares: + addprefix-pihole: + addPrefix: + prefix: "/admin" + https-redirectscheme: + redirectScheme: + scheme: https + permanent: true + + default-headers: + headers: + frameDeny: true + browserXssFilter: true + contentTypeNosniff: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 15552000 + customFrameOptionsValue: SAMEORIGIN + customRequestHeaders: + X-Forwarded-Proto: https + + idrac: + headers: + frameDeny: true + browserXssFilter: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsSeconds: 15552000 + customFrameOptionsValue: SAMEORIGIN + customRequestHeaders: + X-Forwarded-Proto: https + + default-whitelist: + ipWhiteList: + sourceRange: + - "10.0.0.0/8" + - "192.168.0.0/16" + - "172.16.0.0/12" + + secured: + chain: + middlewares: + - default-whitelist + - default-headers diff --git a/reference_files/traefik-portainer-ssl/traefik/config.yml:Zone.Identifier b/reference_files/traefik-portainer-ssl/traefik/config.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml b/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml new file mode 100644 index 0000000..53c5c16 --- /dev/null +++ b/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml @@ -0,0 +1,45 @@ +version: '3' + +services: + traefik: + image: traefik:latest + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + networks: + - proxy + ports: + - 80:80 + - 443:443 + environment: + - CF_API_EMAIL=user@example.com + - CF_DNS_API_TOKEN=YOUR_API_TOKEN + # - CF_API_KEY=YOUR_API_KEY + # be sure to use the correct one depending on if you are using a token or key + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - /home/username/traefik/data/traefik.yml:/traefik.yml:ro + - /home/username/traefik/data/acme.json:/acme.json + - /home/username/traefik/data/config.yml:/config.yml:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.entrypoints=http" + - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.example.com`)" + - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD" + - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" + - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" + - "traefik.http.routers.traefik-secure.entrypoints=https" + - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.example.com`)" + - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" + - "traefik.http.routers.traefik-secure.tls=true" + - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" + - "traefik.http.routers.traefik-secure.tls.domains[0].main=local.example.com" + - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.example.com" + - "traefik.http.routers.traefik-secure.service=api@internal" + +networks: + proxy: + external: true diff --git a/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml:Zone.Identifier b/reference_files/traefik-portainer-ssl/traefik/docker-compose.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik-portainer-ssl/traefik/traefik.yml b/reference_files/traefik-portainer-ssl/traefik/traefik.yml new file mode 100644 index 0000000..1e0dbe2 --- /dev/null +++ b/reference_files/traefik-portainer-ssl/traefik/traefik.yml @@ -0,0 +1,32 @@ +api: + dashboard: true + debug: true +entryPoints: + http: + address: ":80" + http: + redirections: + entryPoint: + to: https + scheme: https + https: + address: ":443" +serversTransport: + insecureSkipVerify: true +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + filename: /config.yml +certificatesResolvers: + cloudflare: + acme: + email: you@example.com + storage: acme.json + dnsChallenge: + provider: cloudflare + #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers. + resolvers: + - "1.1.1.1:53" + - "1.0.0.1:53" diff --git a/reference_files/traefik-portainer-ssl/traefik/traefik.yml:Zone.Identifier b/reference_files/traefik-portainer-ssl/traefik/traefik.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik-portainer-ssl/ztncui/docker-compose.yml b/reference_files/traefik-portainer-ssl/ztncui/docker-compose.yml new file mode 100644 index 0000000..8cfe947 --- /dev/null +++ b/reference_files/traefik-portainer-ssl/ztncui/docker-compose.yml @@ -0,0 +1,33 @@ +version: "3" + +services: + ztncui: + image: keynetworks/ztncui + volumes: + - ./ztncui:/opt/key-networks/ztncui/etc + - ./zt1:/var/lib/zerotier-one + environment: + - NODE_ENV=production + - HTTP_PORT=3000 + - ZTNCUI_PASSWD=password + - MYDOMAIN=URL_FOR_TLS_CERT + - HTTP_ALL_INTERFACES=yes + - MYADDR=YOUR_PUBLIC_IP + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.ztncui.entrypoints=http" + - "traefik.http.routers.ztncui.rule=Host(`zerotier.local.example.com`)" + - "traefik.http.middlewares.ztncui-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.ztncui.middlewares=ztncui-https-redirect" + - "traefik.http.routers.ztncui-secure.entrypoints=https" + - "traefik.http.routers.ztncui-secure.rule=Host(`zerotier.local.example.com`)" + - "traefik.http.routers.ztncui-secure.tls=true" + - "traefik.http.routers.ztncui-secure.service=ztncui" + - "traefik.http.services.ztncui.loadbalancer.server.port=3000" + - "traefik.docker.network=proxy" + +networks: + proxy: + external: true diff --git a/reference_files/traefik-portainer-ssl/ztncui/docker-compose.yml:Zone.Identifier b/reference_files/traefik-portainer-ssl/ztncui/docker-compose.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/deployment.yml b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/deployment.yml new file mode 100644 index 0000000..7b088d5 --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/deployment.yml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: example-workload-deployment +spec: + selector: + matchLabels: + app: example-workload + replicas: 1 + progressDeadlineSeconds: 600 + revisionHistoryLimit: 2 + strategy: + type: Recreate + template: + metadata: + labels: + app: example-workload + spec: + containers: + - name: example-workload + image: registry.example.com + ports: + - containerPort: 80 \ No newline at end of file diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/deployment.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/deployment.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/ingress.yml b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/ingress.yml new file mode 100644 index 0000000..4da1877 --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/ingress.yml @@ -0,0 +1,20 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: example-workload-ingress + annotations: + kubernetes.io/ingress.class: traefik-external +spec: + entryPoints: + - websecure + routes: + - match: Host(`www.example.com`) + kind: Rule + services: + - name: example-workload + port: 80 + - match: Host(`example.com`) + kind: Rule + services: + - name: example-workload + port: 80 \ No newline at end of file diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/ingress.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/ingress.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/service.yml b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/service.yml new file mode 100644 index 0000000..88d8a91 --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/service.yml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: example-workload +spec: + selector: + app: example-workload + ports: + - protocol: TCP + port: 80 + targetPort: 80 diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/service.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config-ingress-route/kubernetes/service.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/traefik-chart-values.yml b/reference_files/traefik2-k3s-rancher/config-ingress-route/traefik-chart-values.yml new file mode 100644 index 0000000..dc10766 --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config-ingress-route/traefik-chart-values.yml @@ -0,0 +1,75 @@ +additionalArguments: + - --providers.file.filename=/data/traefik-config.yaml + - --entrypoints.websecure.http.tls.certresolver=cloudflare + - --entrypoints.websecure.http.tls.domains[0].main=example.com + - --entrypoints.websecure.http.tls.domains[0].sans=*.example.com + # - --certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + # comment above when going to production + - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare + - --certificatesresolvers.cloudflare.acme.email=email@example.com + - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 + - --certificatesresolvers.cloudflare.acme.storage=/certs/acme.json + - --serversTransport.insecureSkipVerify=true + # you will need to add an annotation to ingresses you create kubernetes.io/ingress.class traefik-external + # otherwise it will not servce those requests + - --providers.kubernetescrd.ingressclass=traefik-external + - --log.level=DEBUG + +deployment: + enabled: true + replicas: 1 + annotations: {} + podAnnotations: {} + additionalContainers: [] + initContainers: + # Related issue: https://github.com/containous/traefik/issues/6972 + - name: volume-permissions + image: busybox:1.31.1 + command: ["sh", "-c", "chmod -Rv 600 /certs/*"] + volumeMounts: + - name: data + mountPath: /certs +ports: + web: + redirectTo: websecure +env: + - name: CF_DNS_API_TOKEN # or CF_API_KEY, see for more details - https://doc.traefik.io/traefik/https/acme/#providers + valueFrom: + secretKeyRef: + key: apiKey + name: cloudflare-apikey-secret +ingressRoute: + dashboard: + enabled: false +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 128Mi + existingClaim: acme-json-certs + path: /certs +volumes: + - mountPath: /data + name: traefik-config + type: configMap +providers: + kubernetesCRD: + ingressClass: "traefik-external" + enabled: true + namespaces: [] + kubernetesIngress: + enabled: true + namespaces: [] + publishedService: + enabled: true +rbac: + enabled: true + +service: + enabled: true + type: LoadBalancer + annotations: {} + labels: {} + spec: + loadBalancerIP: "192.168.100.240" # this should be your Metal LB IP + loadBalancerSourceRanges: [] + externalIPs: [] diff --git a/reference_files/traefik2-k3s-rancher/config-ingress-route/traefik-chart-values.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config-ingress-route/traefik-chart-values.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-chart-values.yml b/reference_files/traefik2-k3s-rancher/config/traefik-chart-values.yml new file mode 100644 index 0000000..e87cf52 --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config/traefik-chart-values.yml @@ -0,0 +1,112 @@ +# https://traefik.io/blog/install-and-configure-traefik-with-helm/ +# see https://doc.traefik.io/traefik/https/acme/#providers +# https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml +additionalArguments: + - --providers.file.filename=/data/traefik-config.yaml + - --entrypoints.websecure.http.tls.certresolver=cloudflare + - --entrypoints.websecure.http.tls.domains[0].main=example.com + - --entrypoints.websecure.http.tls.domains[0].sans=*.example.com + - --certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + # comment the line above when going to production + - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare + - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 + - --certificatesresolvers.cloudflare.acme.storage=/certs/acme.json + - --serversTransport.insecureSkipVerify=true + # you will need to add an annotation to ingresses you create kubernetes.io/ingress.class traefik-external + # otherwise it will not servce those requests + - --providers.kubernetesingress.ingressclass=traefik-external + # - --log.level=DEBUG + +deployment: + enabled: true + # Number of pods of the deployment + replicas: 1 + # Additional deployment annotations (e.g. for jaeger-operator sidecar injection) + annotations: {} + # Additional pod annotations (e.g. for mesh injection or prometheus scraping) + podAnnotations: {} + # Additional containers (e.g. for metric offloading sidecars) + additionalContainers: [] + # Additional initContainers (e.g. for setting file permission as shown below) + initContainers: + # The "volume-permissions" init container is required if you run into permission issues. + # Related issue: https://github.com/containous/traefik/issues/6972 + - name: volume-permissions + image: busybox:1.31.1 + command: ["sh", "-c", "chmod -Rv 600 /certs/*"] + volumeMounts: + - name: data + mountPath: /certs + # Custom pod DNS policy. Apply if `hostNetwork: true` + # dnsPolicy: ClusterFirstWithHostNet + +ports: + web: + redirectTo: websecure +env: + - name: CF_DNS_API_TOKEN # or CF_API_KEY, see for more details - https://doc.traefik.io/traefik/https/acme/#providers + valueFrom: + secretKeyRef: + key: apiKey + name: cloudflare-apikey-secret + - name: CF_API_EMAIL + valueFrom: + secretKeyRef: + key: email + name: cloudflare-apikey-secret +ingressRoute: + dashboard: + enabled: false +persistence: + enabled: true +# make sure this claim is existed + existingClaim: acme-json-certs + accessMode: ReadWriteOnce + size: 128Mi + path: /certs +volumes: + - mountPath: /data + name: traefik-config + type: configMap +# without this, ingress get stuck on initializing +providers: + kubernetesCRD: + enabled: true + namespaces: [] + kubernetesIngress: + enabled: true + namespaces: [] + publishedService: + enabled: true +rbac: + enabled: true + +service: + enabled: true + type: LoadBalancer + # Additional annotations (e.g. for cloud provider specific config) + annotations: {} + # Additional service labels (e.g. for filtering Service by custom labels) + labels: {} + # Additional entries here will be added to the service spec. Cannot contains + # type, selector or ports entries. + spec: + # externalTrafficPolicy: Cluster + loadBalancerIP: "192.168.100.240" # this should be your Metal LB IP + # clusterIP: "2.3.4.5" + loadBalancerSourceRanges: [] + # - 192.168.0.1/32 + # - 172.16.0.0/16 + externalIPs: [] + # - 1.2.3.4 + +# securityContext: +# capabilities: +# drop: [ALL] +# readOnlyRootFilesystem: false +# runAsGroup: 65532 +# runAsNonRoot: true +# runAsUser: 65532 + +# podSecurityContext: +# fsGroup: 65532 diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-chart-values.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config/traefik-chart-values.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-config.yml b/reference_files/traefik2-k3s-rancher/config/traefik-config.yml new file mode 100644 index 0000000..b397552 --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config/traefik-config.yml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-apikey-secret + namespace: kube-system +type: Opaque +stringData: + email: yourcloudflareemail@example.com + apiKey: yourCloudflareApiToken +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: traefik-config + namespace: kube-system +data: + traefik-config.yaml: | + http: + middlewares: + headers-default: + headers: + sslRedirect: true + browserXssFilter: true + contentTypeNosniff: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 15552000 + customFrameOptionsValue: SAMEORIGIN + customRequestHeaders: + X-Forwarded-Proto: https +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: acme-json-certs + namespace: kube-system +spec: + accessModes: + - ReadWriteMany # I needed both for rw + - ReadWriteOnce # I needed both for rw + resources: + requests: + storage: 128Mi \ No newline at end of file diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-config.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config/traefik-config.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-ingressroute.yml b/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-ingressroute.yml new file mode 100644 index 0000000..1975913 --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-ingressroute.yml @@ -0,0 +1,17 @@ +# dashboard.yaml +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard + namespace: kube-system +spec: + entryPoints: + - web + routes: + - match: Host(`traefik.example.com`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + kind: Rule + middlewares: + - name: traefik-dashboard-basicauth + services: + - name: api@internal + kind: TraefikService diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-ingressroute.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-ingressroute.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-secret.yml b/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-secret.yml new file mode 100644 index 0000000..db5b2af --- /dev/null +++ b/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-secret.yml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: traefik-dashboard-auth + namespace: kube-system +data: + users: |2 + dGVjaG5vOiRhcHIxJFRnVVJ0N2E1JFpoTFFGeDRLMk8uYVNaVWNueG41eTAKCg== +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: traefik-dashboard-basicauth + namespace: kube-system +spec: + basicAuth: + secret: traefik-dashboard-auth \ No newline at end of file diff --git a/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-secret.yml:Zone.Identifier b/reference_files/traefik2-k3s-rancher/config/traefik-dashboard-secret.yml:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/template/2021-00-00-name b/template/2021-00-00-name new file mode 100644 index 0000000..f723ad3 --- /dev/null +++ b/template/2021-00-00-name @@ -0,0 +1,13 @@ +--- +layout: post +title: "Some Title" +date: 2021-01-01 09:00:00 -0500 +categories: homelab +tags: homelab rancher kubernetes +--- + +[![Some Title](https://img.youtube.com/vi/BBBBBBBBBBBB/0.jpg)](https://www.youtube.com/watch?v=BBBBBBBBBBBB "Some Title") + +SOME DESCRIPTION + +[Watch Video](https://www.youtube.com/watch?v=BBBBBBBBBBBB) diff --git a/template/2021-00-00-name:Zone.Identifier b/template/2021-00-00-name:Zone.Identifier new file mode 100644 index 0000000..e69de29 diff --git a/tools/deploy.sh b/tools/deploy.sh new file mode 100644 index 0000000..14b88eb --- /dev/null +++ b/tools/deploy.sh @@ -0,0 +1,160 @@ +#!/usr/bin/env bash +# +# Build, test and then deploy the site content to 'origin/' +# +# Requirement: html-proofer, jekyll +# +# Usage: See help information + +set -eu + +PAGES_BRANCH="gh-pages" + +SITE_DIR="_site" + +_opt_dry_run=false + +_config="_config.yml" + +_no_pages_branch=false + +_backup_dir="$(mktemp -d)" + +_baseurl="" + +help() { + echo "Build, test and then deploy the site content to 'origin/'" + echo + echo "Usage:" + echo + echo " bash ./tools/deploy.sh [options]" + echo + echo "Options:" + echo ' -c, --config "" Specify config file(s)' + echo " --dry-run Build site and test, but not deploy" + echo " -h, --help Print this information." +} + +init() { + if [[ -z ${GITHUB_ACTION+x} && $_opt_dry_run == 'false' ]]; then + echo "ERROR: It is not allowed to deploy outside of the GitHub Action envrionment." + echo "Type option '-h' to see the help information." + exit -1 + fi + + _baseurl="$(grep '^baseurl:' _config.yml | sed "s/.*: *//;s/['\"]//g;s/#.*//")" +} + +build() { + # clean up + if [[ -d $SITE_DIR ]]; then + rm -rf "$SITE_DIR" + fi + + # build + JEKYLL_ENV=production bundle exec jekyll b -d "$SITE_DIR$_baseurl" --config "$_config" +} + +test() { + bundle exec htmlproofer \ + --disable-external \ + --check-html \ + --allow_hash_href \ + "$SITE_DIR" +} + +resume_site_dir() { + if [[ -n $_baseurl ]]; then + # Move the site file to the regular directory '_site' + mv "$SITE_DIR$_baseurl" "${SITE_DIR}-rename" + rm -rf "$SITE_DIR" + mv "${SITE_DIR}-rename" "$SITE_DIR" + fi +} + +setup_gh() { + if [[ -z $(git branch -av | grep "$PAGES_BRANCH") ]]; then + _no_pages_branch=true + git checkout -b "$PAGES_BRANCH" + else + git checkout "$PAGES_BRANCH" + fi +} + +backup() { + mv "$SITE_DIR"/* "$_backup_dir" + mv .git "$_backup_dir" + + # When adding custom domain from Github website, + # the CANME only exist on `gh-pages` branch + if [[ -f CNAME ]]; then + mv CNAME "$_backup_dir" + fi +} + +flush() { + rm -rf ./* + rm -rf .[^.] .??* + + shopt -s dotglob nullglob + mv "$_backup_dir"/* . + [[ -f ".nojekyll" ]] || echo "" >".nojekyll" +} + +deploy() { + git config --global user.name "GitHub Actions" + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + + git update-ref -d HEAD + git add -A + git commit -m "[Automation] Site update No.${GITHUB_RUN_NUMBER}" + + if $_no_pages_branch; then + git push -u origin "$PAGES_BRANCH" + else + git push -f + fi +} + +main() { + init + build + test + resume_site_dir + + if $_opt_dry_run; then + exit 0 + fi + + setup_gh + backup + flush + deploy +} + +while (($#)); do + opt="$1" + case $opt in + -c | --config) + _config="$2" + shift + shift + ;; + --dry-run) + # build & test, but not deploy + _opt_dry_run=true + shift + ;; + -h | --help) + help + exit 0 + ;; + *) + # unknown option + help + exit 1 + ;; + esac +done + +main diff --git a/tools/deploy.sh:Zone.Identifier b/tools/deploy.sh:Zone.Identifier new file mode 100644 index 0000000..e69de29