Building up the things I selfhost as a source-controlled project. Goal here is to have a single source for configuring all the things -- or at least a single place where it's all documented, when that's not possible.
Install the relevant OS:
- `Raspbian OS Lite`_ (pre-configure the wifi/hostname/ssh creds/etc before
writing the image to save effort,
sudo raspi-config
afterwards to configure locale etc) - Debian (skip the additional packages, but set up networking and
apt install openssh-server
)
Configure your ssh keys (ssh-copy-id $hostname
) and modify
/etc/ssh/sshd_config
how you'd like (PermitRootLogin no
and
PasswordAuthentication no
and pretty good improvements to the defaults).
From there, reboot, ssh into the new machine, and:
sudo apt update -y sudo apt install -y --no-install-recommends git ssh-keygen -o -a 100 -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519 git clone [email protected]:TheKevJames/selfhost ~/src/personal/selfhost cd ~/src/personal/selfhost
After this point, further steps depend on what functions this machine will provide. First off, you probably want to mount External Drives.
Once that's done, consider increasing your swap size and/or moving it onto one of those drives. This is especially important for low-memory systems or cases where your default swapfile lives on an SD card:
sudo apt update -y sudo apt install -y --no-install-recommends dphys-swapfile sudo dphys-swapfile swapoff sudo vi /etc/dphys-swapfile # CONF_SWAPFILE=/mnt/1tb/swap # CONF_SWAPFACTOR=2 sudo mv /var/swap /mnt/1tb/swap sudo dphys-swapfile setup sudo dphys-swapfile swapon sudo poweroff --reboot
Now, install your container manager:
curl -fsSL https://get.docker.com -o get-docker.sh sudo sh ./get-docker.sh rm get-docker.sh sudo groupadd docker sudo usermod -aG docker $USER # then logout / login # on OSX, use colima for your Docker VM backend to avoid needing Docker for # OSX: https://github.com/abiosoft/colima
Once you've got a container manager, you can spin up everything defined in this repo:
# pre-configure any relevant secrets $ echo 'GOOGLE_CLIENT_ID="..."' >> secrets/google.env $ echo 'GOOGLE_CLIENT_SECRET="..."' >> secrets/google.env $ docker run --rm -it -v $PWD/cloudflared:/home/nonroot/.cloudflared cloudflare/cloudflared:latest tunnel login $ docker run --rm -it -v $PWD/cloudflared:/home/nonroot/.cloudflared cloudflare/cloudflared:latest tunnel create selfhost # modify cloudflared/config.yml with the new UUID $ bin/cloudflare-expose example.com $ bin/cloudflare-expose foo.example.com $ bin/cloudflare-expose bar.example.com # start images $ make pull $ make up -d
If this if the first time setup on a new machine and you want to migrate off a previous one, using rsync on the relevant app directory should do the trick (before you start the relevant pod, but after shutting it down on the old host!):
rsync -aP oldhost:~/src/personal/selfhost/foobar/ foobar
If you did this, you may need to force Jellyfin to re-init by modifying
jellyfin/system.xml
to have:
<IsStartupWizardCompleted>false</IsStartupWizardCompleted>
There are also some manual steps which you may want to do included below.
- syncthing: visit the web UI and share any folders
- pihole:
docker logs pihole | grep random
to get your password
You may also want to set up NTP. This is especially necessary if this machine will be handling any auth, as handshakes will fail if your clock drifts too far out of sync:
sudo apt install ntp
Visit :8384
and set up any relevant shares.
# grab your admin password, configure settings in the web ui docker logs pihole | grep random # verify it works dig -4 @NODEIPv4 example.com # NODEIPv6=$( ip -6 addr show | awk '/global/ {print $2}' dig -4 @NODEIPv6 example.com # make your router/hosts/etc use pihole dns # https://docs.pi-hole.net/main/post-install/ # note that if you want fallback DNS addresses, I like Cloudflare: # 1.1.1.1, 1.0.0.1 # 2606:4700:4700::1111, 2606:4700:4700::1001 # verify it's configured: dig -4 example.com | grep SERVER dig -6 example.com | grep SERVER # the SERVER should be using the IPv4 and IPv6 addresses you found earlier
To update the various components:
sudo apt update -y sudo apt upgrade -y cd ~/src/experiments/selfhost git pull make pull make up -d
Machines generally either mount external drives physically and expose them via Samba, or mount them via Samba.
Quick walkthrough of how to fstab some external drives into being auto-mounted:
# find the drives $ lsblk -f NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINT sda `-sda1 ext4 1.0 43162a5a-f1b2-441f-9d51-433bea2e113c sdb `-sdb1 ext4 1.0 b9479cb5-b306-430b-998d-3d793aadfde6 # set up the mount points $ sudo mkdir /mnt/1tb /mnt/4tb # auto-mount 'em at startup $ echo "UUID=43162a5a-f1b2-441f-9d51-433bea2e113c /mnt/4tb ext4 defaults,noatime 0 0" | sudo tee -a /etc/fstab $ echo "UUID=b9479cb5-b306-430b-998d-3d793aadfde6 /mnt/1tb ext4 defaults,noatime 0 0" | sudo tee -a /etc/fstab $ sudo systemctl daemon-reolad # mount 'em now $ sudo mount -a
sudo apt update -y sudo apt install -y --no-install-recommends samba samba-common-bin # configure drives # $ sudo vi /etc/samba/smb.conf # # For a readonly drive: # [pi-1tb] # path = /mnt/1tb # browseable = yes # writeable = no # guest ok = yes # # Or, to allow writes: # [pi-4tb] # path = /mnt/4tb # browseable = yes # writeable = yes # guest ok = yes # public = yes # create mask = 6444 # directory mask = 0755 # force user = pi # force group = pi # create a samba user # eg. username is "pi" sudo smbpasswd -a pi # restart samba sudo systemctl restart smbd
To mount samba shares on OSX clients, note that the permissions the server grants and the permissions OSX thinks it has don't tend to stay in sync very well. The best thing I've found to deal with this so far is to force OSX to think it has 0777 -- it won't, the real permissions will be controlled by the samba settings above as they are for all other clients, but at least OSX won't get in the way.
# ./bin/osx-samba-mount HOSTNAME MOUNTNAME ./bin/osx-samba-mount pi-1 pi-1tb ./bin/osx-samba-mount pi-1 pi-4tb
To connect on Windows, use File Explorer, right-click "This PC" and "Add a Network Drive". Then input "\IP.ADDRSHARE_NAME". You may need to input the credentials: "guest:".
- use syncthing folder to hold migratable state?
- deploy bar assistant
- deploy a recipe tracker, perhaps alongside a shopping list
- deploy an html render of my vimwiki
- deploy a webscrape notifier / task dag and migrate from github release tracker: * full ifttt: huginn * full ifttt: munin * full ifttt: leon * only webscrape: changedetection * only webscrape: kibitzr * get past cloudflare: flaresolverr * or rss integration: all github thingies have .atom feeds
- configure voice control
- deploy a feed reader
- backup photos from Google: * consider adding a tagger such as digikam to embed metadata * consider a simple frontend (photoprism is way too much)
- configure notifications
- monitor: * hard drives * and "everything else" via prometheus/grafana
- manage music
- optimize transcoding of tv shows and movies
- selfhost location sharing
- investigate openhab hub as new aio dashboard
- set up chatbot
- selfhost calendars and contacts, backup from Google
- host calendar scheduling: * cal.com * easyappointments
- backup my bookmarks: * various options * lnks * sync from firefox
- mirror repos to gitea: * check out plugins * also mirror to gitlab? * also mirror to sourcehut? * mirroring script