Primarni namen je dokumentacija (tale, ki jo beres), DNS streznik za lokalni network, ki promet ocisti reklam, predvsem pa kot Wireguard VPN endpoint za vse nase online naprave (telefoni, pcji,..).
Je fizicnen streznik oz. mini PC - Raspberry PI 3B+ z 4xCPU in 1GB RAM.
Skrit je v shrambi pod stropom/knaufom.
Poleg SD kartice, na kateri je Debian Linux OS, je mountan tudi:
pi@boshi:~ $ sudo cat /etc/wireguard/wg0.conf [Interface] Address = 10.168.100.1/24 ListenPort = 1607 PrivateKey = cCtb1PM7XLsP41LffRAgGSDdtjVUTnOcYkPex7HgLm0= #PreUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PreUp = iptables -t nat -A POSTROUTING -s 10.168.100.0/24 -o eth0 -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -s 10.168.100.0/24 -o eth0 -j MASQUERADE # tine gsm [Peer] PublicKey = M8oR/AuU7IqO2XiDmFAf1B+dRrrNVZ0oJQNphn30e20= AllowedIPs = 10.168.100.2/32 ### kump-nb laptop [Peer] PublicKey = UpXYC7nZaISFUL2pnflWYNtsttJZTg4jJHcyJbFTfCE= AllowedIPs = 10.168.100.3/32 ### main pc - job [Peer] PublicKey = CQwKZprTkIq0NKIKvdFRb8zc17rZ4tjNSqg3gADujEk= AllowedIPs = 10.168.100.4/32 ### kump-nb-t490 [Peer] PublicKey = fOXG/P1PCGTtycD+7bD6cdvrSQyR5/Swbdh0rJA++0o= AllowedIPs = 10.168.100.5/32 ### test job vm [Peer] PublicKey = veru9wmJKKr/29sCedW3HZ9b+5FOAWKEeudKSysGaUk= AllowedIPs = 10.168.100.10/32
Kljuci
pi@boshi:/storage/raid/docker $ cat docker-compose.yml
version: "2"
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "81:80/tcp"
- "443:443/tcp"
environment:
TZ: 'Europe/Ljubljana'
WEBPASSWORD: 'pajhole42'
# Volumes store your data between container upgrades
volumes:
- '/storage/raid/pi-hole/etc-pihole/:/etc/pihole/'
- '/storage/raid/pi-hole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
dns:
- 127.0.0.1
- 1.1.1.1
restart: unless-stopped
dokuwiki:
image: dtroncy/rpi-dokuwiki
container_name: dokuwiki
ports:
- 80:80
# - 8081:81
volumes:
- /etc/timezone:/etc/timezone
- /etc/localtime:/etc/localtime
- /storage/raid/dokuwiki_data:/var/www/dokuwiki/data/pages
- /storage/raid/dokuwiki_conf:/var/www/dokuwiki/conf
restart: unless-stopped
unifi:
image: ryansch/unifi-rpi:latest
container_name: unifi
restart: always
network_mode: host
# Uncomment the following to set java options
# environment:
# JAVA_OPTS: -Xmx512M
ports:
- 8080:8080
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
volumes:
# Unifi v5.0.7 creates all of these directories (some remain empty)
- /storage/raid/unifi/config:/var/lib/unifi
- /storage/raid/unifi/log:/usr/lib/unifi/logs
- /storage/raid/unifi/log2:/var/log/unifi
- /storage/raid/unifi/run:/usr/lib/unifi/run
- /storage/raid/unifi/run2:/run/unifi
- /storage/raid/unifi/work:/usr/lib/unifi/work