===boshi=== Primarni namen je dokumentacija (tale, ki jo beres), DNS streznik za lokalni network, ki promet ocisti reklam, predvsem pa kot Wireguard VPN endpoint za vse nase online naprave (telefoni, pcji,..). Je fizicnen streznik oz. mini PC - Raspberry PI 3B+ z 4xCPU in 1GB RAM. **Skrit je v shrambi pod stropom/knaufom.** Poleg SD kartice, na kateri je Debian Linux OS, je mountan tudi: * 2x 16GB USB kljucek v RAID1, za pomembne zadeve (/storage/raid) * 1x 500GB zunanji USB disk, za backup podatkov iz [[gecko|gecko]] (/storage/disk) - **ZREL ZA ZAMENJAVO!!** ==wireguard== pi@boshi:~ $ sudo cat /etc/wireguard/wg0.conf [Interface] Address = 10.168.100.1/24 ListenPort = 1607 PrivateKey = cCtb1PM7XLsP41LffRAgGSDdtjVUTnOcYkPex7HgLm0= #PreUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PreUp = iptables -t nat -A POSTROUTING -s 10.168.100.0/24 -o eth0 -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -s 10.168.100.0/24 -o eth0 -j MASQUERADE # tine gsm [Peer] PublicKey = M8oR/AuU7IqO2XiDmFAf1B+dRrrNVZ0oJQNphn30e20= AllowedIPs = 10.168.100.2/32 ### kump-nb laptop [Peer] PublicKey = UpXYC7nZaISFUL2pnflWYNtsttJZTg4jJHcyJbFTfCE= AllowedIPs = 10.168.100.3/32 ### main pc - job [Peer] PublicKey = CQwKZprTkIq0NKIKvdFRb8zc17rZ4tjNSqg3gADujEk= AllowedIPs = 10.168.100.4/32 ### kump-nb-t490 [Peer] PublicKey = fOXG/P1PCGTtycD+7bD6cdvrSQyR5/Swbdh0rJA++0o= AllowedIPs = 10.168.100.5/32 ### test job vm [Peer] PublicKey = veru9wmJKKr/29sCedW3HZ9b+5FOAWKEeudKSysGaUk= AllowedIPs = 10.168.100.10/32 Kljuci * android_mobile_private.key: mMxvGb0dDuR6LCQ7z4Vi+2lsu/SrqeJj1AKHQp7vBnY= * android_mobile_public.key: M8oR/AuU7IqO2XiDmFAf1B+dRrrNVZ0oJQNphn30e20= * job_private.key: SNEnGnEEHTdJn5WU3g6fTdfhVLJGMRKdMYz+SU5MYX4= * job_public.key: CQwKZprTkIq0NKIKvdFRb8zc17rZ4tjNSqg3gADujEk= * kump-nb_private.key: ADdmMB4l5au1rFBcUwGmCWN+8b0/NPalrsSoTxR+ZXc= * kump-nb_public.key: UpXYC7nZaISFUL2pnflWYNtsttJZTg4jJHcyJbFTfCE= * raspberrypi_private.key: cCtb1PM7XLsP41LffRAgGSDdtjVUTnOcYkPex7HgLm0= * raspberrypi_public.key: +/Vny4dUx9TbIaT7uLRTclp0ZEnSqPZwBxohlP7Y52E= * test_private.key: 2CD8f3NQxliokeLjefu5Gi3XcoUzpzrJzHIsCaN/aGc= * test_public.key: veru9wmJKKr/29sCedW3HZ9b+5FOAWKEeudKSysGaUk= * kump-nb_t490_private.key: qH2qNapvJJvcCnj7lIHGuHN4WLBCjhAid98TDxMlfUU= * kump-nb_t490_public.key: fOXG/P1PCGTtycD+7bD6cdvrSQyR5/Swbdh0rJA++0o= ==Docker servisi== pi@boshi:/storage/raid/docker $ cat docker-compose.yml version: "2" services: pihole: container_name: pihole image: pihole/pihole:latest ports: - "53:53/tcp" - "53:53/udp" - "81:80/tcp" - "443:443/tcp" environment: TZ: 'Europe/Ljubljana' WEBPASSWORD: 'pajhole42' # Volumes store your data between container upgrades volumes: - '/storage/raid/pi-hole/etc-pihole/:/etc/pihole/' - '/storage/raid/pi-hole/etc-dnsmasq.d/:/etc/dnsmasq.d/' dns: - 127.0.0.1 - 1.1.1.1 restart: unless-stopped dokuwiki: image: dtroncy/rpi-dokuwiki container_name: dokuwiki ports: - 80:80 # - 8081:81 volumes: - /etc/timezone:/etc/timezone - /etc/localtime:/etc/localtime - /storage/raid/dokuwiki_data:/var/www/dokuwiki/data/pages - /storage/raid/dokuwiki_conf:/var/www/dokuwiki/conf restart: unless-stopped unifi: image: ryansch/unifi-rpi:latest container_name: unifi restart: always network_mode: host # Uncomment the following to set java options # environment: # JAVA_OPTS: -Xmx512M ports: - 8080:8080 - 8443:8443 - 3478:3478/udp - 10001:10001/udp volumes: # Unifi v5.0.7 creates all of these directories (some remain empty) - /storage/raid/unifi/config:/var/lib/unifi - /storage/raid/unifi/log:/usr/lib/unifi/logs - /storage/raid/unifi/log2:/var/log/unifi - /storage/raid/unifi/run:/usr/lib/unifi/run - /storage/raid/unifi/run2:/run/unifi - /storage/raid/unifi/work:/usr/lib/unifi/work