public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-17 19:51:43 +00:00
Code Issues Releases Wiki Activity

Travis build: 27

Browse Source
This commit is contained in:
Travis CI
2018-06-06 09:48:34 +00:00
parent 26e9fa4332
commit 21e8a9b8d5
20 changed files with 52 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
manuscript/advanced/tiny-tiny-rss.md
View File

@@ -31,7 +31,7 @@ I setup a directory for the ttrss data, at /data/ttrss.
I created docker-compose.yml, as follows:
````
```
rproxy:
image: nginx:1.13-alpine
ports:
@@ -78,9 +78,9 @@ gmailsmtp:
- user=davidy@funkypenguin.co.nz
- pass=eqknehqflfbufzbh
- DOMAIN_NAME=gmailsmtp.funkypenguin.co.nz
````
```
Run ````docker-compose up```` in the same directory, and watch the output. PostgreSQL container will create the "ttrss" database, and ttrss will start using it.
Run ```docker-compose up``` in the same directory, and watch the output. PostgreSQL container will create the "ttrss" database, and ttrss will start using it.
# Login to UI
@@ -91,23 +91,23 @@ Log into https://\<your VIRTUALHOST\>. Default user is "admin" and password is "
One of the native plugins enables the detection of "similar" articles. This requires the pg_trgm extension enabled in your database.
From the working directory, use ````docker exec```` to get a shell within your postgres container, and run "postgres" as the postgres user:
````
From the working directory, use ```docker exec``` to get a shell within your postgres container, and run "postgres" as the postgres user:
```
[root@kvm nginx]# docker exec -it ttrss_postgres_1 /bin/sh
# su - postgres
No directory, logging in with HOME=/
$ psql
psql (9.6.3)
Type "help" for help.
````
```
Add the trgm extension to your ttrss database:
````
```
postgres=# \c ttrss
You are now connected to database "ttrss" as user "postgres".
ttrss=# CREATE EXTENSION pg_trgm;
CREATE EXTENSION
ttrss=# \q
````
```
[ttrss]:https://tt-rss.org/

4
manuscript/ha-docker-swarm/docker-swarm-mode.md
View File

@@ -62,13 +62,13 @@ To add a manager to this swarm, run the following command:
Run the command provided on your second node to join it to the swarm as a manager. After adding the second node, the output of ```docker node ls``` (on either host) should reflect two nodes:
````
```
[root@ds2 davidy]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
b54vls3wf8xztwfz79nlkivt8 ds1.funkypenguin.co.nz Ready Active Leader
xmw49jt5a1j87a6ihul76gbgy * ds2.funkypenguin.co.nz Ready Active Reachable
[root@ds2 davidy]#
````
```
Repeat the process to add your third node.

4
manuscript/ha-docker-swarm/registry.md
View File

@@ -103,9 +103,9 @@ To:
```
Then restart docker by running:
````
```
systemctl restart docker-latest
````
```
!!! tip ""
Note the extra comma required after "false" above

4
manuscript/ha-docker-swarm/shared-storage-gluster.md
View File

@@ -55,7 +55,7 @@ mount -a && mount
Atomic doesn't include the Gluster server components. This means we'll have to run glusterd from within a container, with privileged access to the host. Although convoluted, I've come to prefer this design since it once again makes the OS "disposable", moving all the config into containers and code.
Run the following on each host:
````
```
docker run \
-h glusterfs-server \
-v /etc/glusterfs:/etc/glusterfs:z \
@@ -67,7 +67,7 @@ docker run \
--restart=always \
--name="glusterfs-server" \
gluster/gluster-centos
````
```
### Create trusted pool
On a single node (doesn't matter which), run ```docker exec -it glusterfs-server bash``` to launch a shell inside the container.

8
manuscript/recipies/autopirate.md
View File

@@ -84,15 +84,15 @@ Create at least /var/data/autopirate/authenticated-emails.txt, containing at lea
**Start** with a swarm config file in docker-compose syntax, like this:
````
```
version: '3'
services:
````
```
And **end** with a stanza like this:
````
```
networks:
traefik_public:
external: true
@@ -101,7 +101,7 @@ networks:
ipam:
config:
- subnet: 172.16.11.0/24
````
```
!!! note
Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.

4
manuscript/recipies/autopirate/headphones.md
View File

@@ -13,7 +13,7 @@ hero: AutoPirate - A fully-featured recipe to automate finding, downloading, and
To include Headphones in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
headphones:
image: linuxserver/headphones:latest
env_file : /var/data/config/autopirate/headphones.env
@@ -45,7 +45,7 @@ headphones_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/jackett.md
View File

@@ -13,7 +13,7 @@ This allows for getting recent uploads (like RSS) and performing searches. Jacke
To include Jackett in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
jackett:
image: linuxserver/jackett:latest
env_file : /var/data/config/autopirate/jackett.env
@@ -45,7 +45,7 @@ jackett_proxy:
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/lazylibrarian.md
View File

@@ -17,7 +17,7 @@
To include LazyLibrarian in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
lazylibrarian:
image: linuxserver/lazylibrarian:latest
env_file : /var/data/config/autopirate/lazylibrarian.env
@@ -57,7 +57,7 @@ calibre-server:
networks:
- internal
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/mylar.md
View File

@@ -11,7 +11,7 @@
To include Mylar in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
mylar:
image: linuxserver/mylar:latest
env_file : /var/data/config/autopirate/mylar.env
@@ -43,7 +43,7 @@ mylar_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/nzbget.md
View File

@@ -17,7 +17,7 @@ To include NZBGet in your [AutoPirate](/recipies/autopirate/) stack
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
````
```
nzbget:
image: linuxserver/nzbget
env_file : /var/data/config/autopirate/nzbget.env
@@ -49,7 +49,7 @@ nzbget_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! note
NZBGet uses a 401 header to prompt for authentication. When you use OAuth2_proxy, this seems to break. Since we trust OAuth to authenticate us, we can just disable NZGet's own authentication, by changing ControlPassword to null in nzbget.conf (i.e. ```ControlPassword=```)

4
manuscript/recipies/autopirate/nzbhydra.md
View File

@@ -18,7 +18,7 @@
To include NZBHydra in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
nzbhydra:
image: linuxserver/hydra:latest
env_file : /var/data/config/autopirate/nzbhydra.env
@@ -49,7 +49,7 @@ nzbhydra_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/ombi.md
View File

@@ -19,7 +19,7 @@ Automatically updates the status of requests when they are available on Plex/Emb
To include Ombi in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
ombi:
image: linuxserver/ombi:latest
env_file : /var/data/config/autopirate/ombi.env
@@ -50,7 +50,7 @@ ombi_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/plexpy.md
View File

@@ -23,7 +23,7 @@ To include NZBGet in your [AutoPirate](/recipies/autopirate/) stack, include the
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
````
```
plexpy:
image: linuxserver/plexpy:latest
env_file : /var/data/config/autopirate/plexpy.env
@@ -54,7 +54,7 @@ plexpy_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/radarr.md
View File

@@ -26,7 +26,7 @@
To include Radarr in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
radarr:
image: linuxserver/radarr:latest
env_file : /var/data/config/autopirate/radarr.env
@@ -58,7 +58,7 @@ radarr_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/sabnzbd.md
View File

@@ -14,7 +14,7 @@ SABnzbd is the workhorse of the stack. It takes .nzb files as input (_manually o
To include SABnzbd in your [AutoPirate](/recipies/autopirate/) stack
(_The only reason you **wouldn't** use SABnzbd, would be if you were using [NZBGet](/recipies/autopirate/nzbget.md) instead_), include the following in your autopirate.yml stack definition file:
````
```
sabnzbd:
image: linuxserver/sabnzbd:latest
env_file : /var/data/config/autopirate/sabnzbd.env
@@ -46,7 +46,7 @@ sabnzbd_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/autopirate/sonarr.md
View File

@@ -13,7 +13,7 @@
To include Sonarr in your [AutoPirate](/recipies/autopirate/) stack, include the following in your autopirate.yml stack definition file:
````
```
sonarr:
image: linuxserver/sonarr:latest
env_file : /var/data/config/autopirate/sonarr.env
@@ -45,7 +45,7 @@ sonarr_proxy:
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
````
```
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍

4
manuscript/recipies/gitlab.md
View File

@@ -54,7 +54,7 @@ Create a docker swarm config file in docker-compose syntax (v3), something like
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
````
```
version: '3'
services:
@@ -107,7 +107,7 @@ networks:
ipam:
config:
- subnet: 172.16.2.0/24
````
```
!!! note
Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.

4
manuscript/recipies/instapy.md
View File

@@ -71,10 +71,10 @@ services:
Create a variation of https://github.com/timgrossmann/InstaPy/blob/master/docker_quickstart.py at /var/data/instapy/instapy.py (the file we bind-mounted in the swarm config above)
Change at least the following:
````
```
insta_username = ''
insta_password = ''
````
```
Here's an example of my config, set to like a single penguin-pic per run:

4
manuscript/recipies/nextcloud.md
View File

@@ -53,13 +53,13 @@ MYSQL_PASSWORD=set to something secure>
Now create a **separate** nextcloud-db-backup.env file, to capture the environment variables necessary to perform the backup. (_If the same variables are shared with the mariadb container, they [cause issues](https://discourse.geek-kitchen.funkypenguin.co.nz/t/nextcloud-funky-penguins-geek-cookbook/254/3?u=funkypenguin) with database access_)
````
```
# For database backup (keep 7 days daily backups)
MYSQL_PWD=<set to something secure, same as MYSQL_ROOT_PASSWORD above>
MYSQL_USER=root
BACKUP_NUM_KEEP=7
BACKUP_FREQUENCY=1d
````
```
### Setup Docker Swarm

12
manuscript/reference/openvpn.md
View File

@@ -10,7 +10,7 @@ In my case, I needed each docker node to connect via [OpenVPN](http://www.openvp
Yes, SELinux. Install a custom policy permitting a docker container to create tun interfaces, like this:
````
```
cat << EOF > docker-openvpn.te
module docker-openvpn 1.0;
@@ -27,7 +27,7 @@ EOF
checkmodule -M -m -o docker-openvpn.mod docker-openvpn.te
semodule_package -o docker-openvpn.pp -m docker-openvpn.mod
semodule -i docker-openvpn.pp
````
```
## Insert the tun module
@@ -35,25 +35,25 @@ Even with the SELinux policy above, I still need to insert the "tun" module into
Run the following to auto-insert the tun module on boot:
````
```
cat << EOF >> /etc/rc.d/rc.local
# Insert the "tun" module so that the vpn-client container can access /dev/net/tun
/sbin/modprobe tun
EOF
chmod 755 /etc/rc.d/rc.local
````
```
## Connect the VPN
Finally, for each node, I exported client credentials, and SCP'd them over to the docker node, into /root/my-vpn-configs-here/. I also had to use the NET_ADMIN cap-add parameter, as illustrated below:
````
```
docker run -d --name vpn-client \
--restart=always --cap-add=NET_ADMIN --net=host \
--device /dev/net/tun \
-v /root/my-vpn-configs-here:/vpn:z \
ekristen/openvpn-client --config /vpn/my-host-config.ovpn
````
```
Now every time my node boots, it establishes a VPN tunnel back to my pfsense host and (_by using custom configuration directives in OpenVPN_) is assigned a static VPN IP.