public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 17:56:26 +00:00
Code Issues Releases Wiki Activity

Add Owntracks

Browse Source
This commit is contained in:
David Young
2018-06-17 22:11:16 +12:00
parent 6b7d11fc44
commit 2f6917cafc
5 changed files with 204 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
manuscript/CHANGELOG.md
View File

@@ -6,6 +6,7 @@ Sign up [here](http://eepurl.com/dfx95n) (double-opt-in) to receive email update
## Recently added recipes ## Recently added recipes
* Added [OwnTracks](/recipies/owntracks/), personal mobile location platform (_17 Jun 2018_)
* Added [NZBHydra2](/recipies/autopirate/nzbhydra2/) to [autopirate](/recipies/autopirate/start/) stack (_9 Jun 2018_) * Added [NZBHydra2](/recipies/autopirate/nzbhydra2/) to [autopirate](/recipies/autopirate/start/) stack (_9 Jun 2018_)
* Added a list of [sponsored projects](sponsored-projects/) which I regularly donate to, to keep the geeky ingredients fresh! (_8 Jun 2018_) * Added a list of [sponsored projects](sponsored-projects/) which I regularly donate to, to keep the geeky ingredients fresh! (_8 Jun 2018_)
* [Turtle Pool](/recipies/turtle-pool/) - A mining pool for the fun, friendly, no-BS, still-in-its-infancy cryptocurrency, "[TurtleCoin](http://turtlecoin.lol)" (_7 May 2018_) * [Turtle Pool](/recipies/turtle-pool/) - A mining pool for the fun, friendly, no-BS, still-in-its-infancy cryptocurrency, "[TurtleCoin](http://turtlecoin.lol)" (_7 May 2018_)

142
manuscript/recipies/munin.md Normal file
View File

@@ -0,0 +1,142 @@
hero: Heroic Hero
# Munin
Intro
![NAME Screenshot](../images/name.jpg)
Details
## Ingredients
1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
2. [Traefik](/ha-docker-swarm/traefik) configured per design
3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
## Preparation
### Setup data locations
We'll need several directories to bind-mount into our container, so create them in /var/data/munin:
```
mkdir /var/data/munin
cd /var/data/munin
mkdir -p {log,lib,run,cache}
```
### Prepare environment
Create /var/data/config/munin/munin.env, and populate with the following variables
```
OAUTH2_PROXY_CLIENT_ID=
OAUTH2_PROXY_CLIENT_SECRET=
OAUTH2_PROXY_COOKIE_SECRET=
MUNIN_USER=odin
MUNIN_PASSWORD=lokiisadopted
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USERNAME=smtp-username
SMTP_PASSWORD=smtp-password
SMTP_USE_TLS=false
SMTP_ALWAYS_SEND=false
SMTP_MESSAGE='[${var:group};${var:host}] -> ${var:graph_title} -> warnings: ${loop<,>:wfields ${var:label}=${var:value}} / criticals: ${loop<,>:cfields ${var:label}=${var:value}}'
ALERT_RECIPIENT=monitoring@example.com
ALERT_SENDER=alerts@example.com
NODES="node1:10.20.30.1 node2:10.20.30.22 node3:10.20.30.23"
SNMP_NODES="router1:10.0.0.254:9999"
```
### Setup Docker Swarm
Create a docker swarm config file in docker-compose syntax (v3), something like this:
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
```
version: '3'
services:
munin:
image: funkypenguin/munin-server
env_file: /var/data/config/munin/munin.env
networks:
- internal
volumes:
- /var/data/munin/log:/var/log/munin
- /var/data/munin/lib:/var/lib/munin
- /var/data/munin/run:/var/run/munin
- /var/data/munin/cache:/var/cache/munin
proxy:
image: zappi/oauth2_proxy
env_file: /var/data/config/munin/munin.env
networks:
- traefik
- internal
deploy:
labels:
- traefik.frontend.rule=Host:munin.example.com
- traefik.docker.network=traefik
- traefik.port=4180
command: |
-cookie-secure=false
-upstream=http://munin:8080
-redirect-url=https://munin.example.com
-http-address=http://0.0.0.0:4180
-email-domain=example.com
-provider=github
networks:
traefik:
external: true
internal:
driver: overlay
ipam:
config:
- subnet: 172.16.20.0/24
```
!!! note
Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.
## Node
```
docker stop munin-node
docker rm munin-node
docker run -d --name munin-node --restart=always \
--privileged --net=host \
-v /:/rootfs:ro \
-v /sys:/sys:ro \
-e ALLOW="cidr_allow 0.0.0.0/0" \
-p 4949:4949 \
--restart=always \
funkypenguin/munin-node
```
## Serving
### Launch Wekan stack
Launch the Wekan stack by running ```docker stack deploy wekan -c <path -to-docker-compose.yml>```
Log into your new instance at https://**YOUR-FQDN**, with user "root" and the password you specified in gitlab.env.
## Chef's Notes
1. If you wanted to expose the Wekan UI directly, you could remove the oauth2_proxy from the design, and move the traefik-related labels directly to the wekan container. You'd also need to add the traefik network to the wekan container.
### Tip your waiter (donate) 👏
Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
### Your comments? 💬

113
manuscript/recipies/owntracks.md
View File

@@ -1,43 +1,43 @@
# NAME # OwnTracks
Intro [OwnTracks](https://owntracks.org/) allows you to keep track of your own location. You can build your private location diary or share it with your family and friends. OwnTracks is open-source and uses open protocols for communication so you can be sure your data stays secure and private.
![NAME Screenshot](../images/name.jpg) ![OwnTracks Screenshot](../images/owntracks.png)
Details Using a smartphone app, OwnTracks allows you to collect and analyse your own location data **without** sharing this data with a cloud provider (_i.e. Apple, Google_). Potential use cases are:
* Sharing family locations without relying on Apple Find-My-friends
* Performing automated actions in [HomeAssistant](/recipies/homeassistant/) when you arrive/leave home
## Ingredients ## Ingredients
1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md) 1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
2. [Traefik](/ha-docker-swarm/traefik) configured per design 2. [Traefik](/ha-docker-swarm/traefik) configured per design
3. 3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP 3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
## Preparation ## Preparation
### Setup data locations ### Setup data locations
We'll need several directories to bind-mount into our container, so create them in /var/data/wekan: We'll need a directory so store OwnTracks' data , so create ```/var/data/owntracks```:
``` ```
mkdir /var/data/wekan mkdir /var/data/owntracks
cd /var/data/wekan
mkdir -p {wekan-db,wekan-db-dump}
``` ```
Note about mosquitto and chosen image:
https://github.com/owntracks/recorderd/issues/14
### Prepare environment ### Prepare environment
Create wekan.env, and populate with the following variables Create owntracks.env, and populate with the following variables
``` ```
OAUTH2_PROXY_CLIENT_ID= OAUTH2_PROXY_CLIENT_ID=
OAUTH2_PROXY_CLIENT_SECRET= OAUTH2_PROXY_CLIENT_SECRET=
OAUTH2_PROXY_COOKIE_SECRET= OAUTH2_PROXY_COOKIE_SECRET=
MONGO_URL=mongodb://wekandb:27017/wekan
ROOT_URL=https://wekan.example.com OTR_USER=recorder
MAIL_URL=smtp://wekan@wekan.example.com:password@mail.example.com:587/ OTR_PASSWD=yourpassword
MAIL_FROM="Wekan <wekan@wekan.example.com>" MQTTHOSTNAME=owntracks.example.com
HOSTLIST=owntracks.example.com
``` ```
### Setup Docker Swarm ### Setup Docker Swarm
@@ -49,52 +49,51 @@ Create a docker swarm config file in docker-compose syntax (v3), something like
``` ```
version: '3' version: "3.0"
services: services:
owntracks-app:
image: funkypenguin/owntracks
env_file : /var/data/config/owntracks/owntracks.env
volumes:
- /var/data/owntracks:/owntracks
networks:
- internal
ports:
- 1883:1883
- 8883:8883
- 8083:8083
wekandb: owntracks-proxy:
image: mongo:3.2.15 image: zappi/oauth2_proxy
command: mongod --smallfiles --oplogSize 128 env_file : /var/data/config/owntracks/owntracks.env
networks: networks:
- internal - internal
volumes: - traefik_public
- /var/data/wekan/wekan-db:/data/db deploy:
- /var/data/wekan/wekan-db-dump:/dump labels:
- traefik.frontend.rule=Host:owntracks.example.com
proxy: - traefik.docker.network=traefik_public
image: zappi/oauth2_proxy - traefik.port=4180
env_file: /var/data/wekan/wekan.env volumes:
networks: - /var/data/config/owntracks/authenticated-emails.txt:/authenticated-emails.txt
- traefik command: |
- internal -cookie-secure=false
deploy: -upstream=http://owntracks-app:8083
labels: -redirect-url=https://owntracks.example.com
- traefik.frontend.rule=Host:wekan.example.com -http-address=http://0.0.0.0:4180
- traefik.docker.network=traefik -email-domain=example.com
- traefik.port=4180 -provider=github
command: | -authenticated-emails-file=/authenticated-emails.txt
-cookie-secure=false
-upstream=http://wekan:80
-redirect-url=https://wekan.example.com
-http-address=http://0.0.0.0:4180
-email-domain=example.com
-provider=github
wekan:
image: wekanteam/wekan:latest
networks:
- internal
env_file: /var/data/wekan/wekan.env
networks: networks:
traefik: traefik_public:
external: true external: true
internal: internal:
driver: overlay driver: overlay
ipam: ipam:
config: config:
- subnet: 172.16.3.0/24 - subnet: 172.16.15.0/24
``` ```
!!! note !!! note
@@ -104,15 +103,17 @@ networks:
## Serving ## Serving
### Launch Wekan stack ### Launch OwnTracks stack
Launch the Wekan stack by running ```docker stack deploy wekan -c <path -to-docker-compose.yml>``` Launch the OwnTracks stack by running ```docker stack deploy owntracks -c <path -to-docker-compose.yml>```
Log into your new instance at https://**YOUR-FQDN**, with user "root" and the password you specified in gitlab.env. Log into your new instance at https://**YOUR-FQDN**, with user "root" and the password you specified in gitlab.env.
## Chef's Notes ## Chef's Notes
1. If you wanted to expose the Wekan UI directly, you could remove the oauth2_proxy from the design, and move the traefik-related labels directly to the wekan container. You'd also need to add the traefik network to the wekan container. 1. If you wanted to expose the OwnTracks Web UI directly, you could remove the oauth2_proxy from the design, and move the traefik-related labels directly to the wekan container. You'd also need to add the traefik network to the owntracks container.
2. I'm using my own image rather than owntracks/recorderd, because of a [potentially swarm-breaking bug](https://github.com/owntracks/recorderd/issues/14) I found in the official container. If this gets resolved (_or if I was mistaken_) I'll update the recipe accordingly.
3. By default, you'll get a fully accessible, unprotected MQTT broker. This may not be suitable for public exposure, so you'll want to look into securing mosquitto with TLS and ACLs.
### Tip your waiter (donate) 👏 ### Tip your waiter (donate) 👏

1
manuscript/reference/networks.md
View File

@@ -29,6 +29,7 @@ Network | Range
[Turtle Pool](https://geek-cookbook.funkypenguin.co.nz/recipies/turtle-pool/) | 172.16.21.0/24 [Turtle Pool](https://geek-cookbook.funkypenguin.co.nz/recipies/turtle-pool/) | 172.16.21.0/24
[MiniFlux](https://geek-cookbook.funkypenguin.co.nz/recipies/miniflux/) | 172.16.22.0/24 [MiniFlux](https://geek-cookbook.funkypenguin.co.nz/recipies/miniflux/) | 172.16.22.0/24
[Gitlab Runner](https://geek-cookbook.funkypenguin.co.nz/recipies/gitlab-runner/) | 172.16.23.0/24 [Gitlab Runner](https://geek-cookbook.funkypenguin.co.nz/recipies/gitlab-runner/) | 172.16.23.0/24
[Munin](https://geek-cookbook.funkypenguin.co.nz/recipies/munin/) | 172.16.24.0/24
## Chef's Notes ## Chef's Notes

5
mkdocs.yml
View File

@@ -51,7 +51,7 @@ pages:
- Lazy Librarian: recipies/autopirate/lazylibrarian.md - Lazy Librarian: recipies/autopirate/lazylibrarian.md
- Headphones: recipies/autopirate/headphones.md - Headphones: recipies/autopirate/headphones.md
- NZBHydra: recipies/autopirate/nzbhydra.md - NZBHydra: recipies/autopirate/nzbhydra.md
- NZBHydra 2: recipies/autopirate/nzbhydra2.md - NZBHydra 2: recipies/autopirate/nzbhydra2.md
- Ombi: recipies/autopirate/ombi.md - Ombi: recipies/autopirate/ombi.md
- Jackett: recipies/autopirate/jackett.md - Jackett: recipies/autopirate/jackett.md
- End: recipies/autopirate/end.md - End: recipies/autopirate/end.md
@@ -59,6 +59,7 @@ pages:
- Plex: recipies/plex.md - Plex: recipies/plex.md
- Emby: recipies/emby.md - Emby: recipies/emby.md
- Home Assistant: recipies/homeassistant.md - Home Assistant: recipies/homeassistant.md
- OwnTracks: recipies/owntracks.md
- CryptoMiner: - CryptoMiner:
- Start: recipies/cryptominer.md - Start: recipies/cryptominer.md
- Mining Rig: recipies/cryptominer/mining-rig.md - Mining Rig: recipies/cryptominer/mining-rig.md
@@ -92,7 +93,7 @@ pages:
- OpenVPN : reference/openvpn.md - OpenVPN : reference/openvpn.md
- Troubleshooting: reference/troubleshooting.md - Troubleshooting: reference/troubleshooting.md
- Support: support.md - Support: support.md
- Sponsored Projects: sponsored-projects.md - Sponsored Projects: sponsored-projects.md
theme: theme:
name: 'material' name: 'material'