boshi

Primarni namen je dokumentacija (tale, ki jo beres), DNS streznik za lokalni network, ki promet ocisti reklam, predvsem pa kot Wireguard VPN endpoint za vse nase online naprave (telefoni, pcji,..).

Je fizicnen streznik oz. mini PC - Raspberry PI 3B+ z 4xCPU in 1GB RAM.

Skrit je v shrambi pod stropom/knaufom.

Poleg SD kartice, na kateri je Debian Linux OS, je mountan tudi:

wireguard
pi@boshi:~ $ sudo cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.168.100.1/24
ListenPort = 1607
PrivateKey = cCtb1PM7XLsP41LffRAgGSDdtjVUTnOcYkPex7HgLm0= 
#PreUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreUp = iptables -t nat -A POSTROUTING -s 10.168.100.0/24  -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -s 10.168.100.0/24  -o eth0 -j MASQUERADE



# tine gsm
[Peer]
PublicKey = M8oR/AuU7IqO2XiDmFAf1B+dRrrNVZ0oJQNphn30e20= 
AllowedIPs = 10.168.100.2/32

### kump-nb laptop
[Peer]
PublicKey = UpXYC7nZaISFUL2pnflWYNtsttJZTg4jJHcyJbFTfCE= 
AllowedIPs = 10.168.100.3/32

### main pc - job
[Peer]
PublicKey = CQwKZprTkIq0NKIKvdFRb8zc17rZ4tjNSqg3gADujEk=
AllowedIPs = 10.168.100.4/32

### kump-nb-t490
[Peer]
PublicKey = fOXG/P1PCGTtycD+7bD6cdvrSQyR5/Swbdh0rJA++0o=
AllowedIPs = 10.168.100.5/32

### test job vm
[Peer]
PublicKey = veru9wmJKKr/29sCedW3HZ9b+5FOAWKEeudKSysGaUk=
AllowedIPs = 10.168.100.10/32

Kljuci

Docker servisi
pi@boshi:/storage/raid/docker $ cat docker-compose.yml 
version: "2"

services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "81:80/tcp"
      - "443:443/tcp"
    environment:
      TZ: 'Europe/Ljubljana'
      WEBPASSWORD: 'pajhole42'
    # Volumes store your data between container upgrades
    volumes:
       - '/storage/raid/pi-hole/etc-pihole/:/etc/pihole/'
       - '/storage/raid/pi-hole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
    dns:
      - 127.0.0.1
      - 1.1.1.1
    restart: unless-stopped

  dokuwiki:
    image: dtroncy/rpi-dokuwiki 
    container_name: dokuwiki
    ports:
      - 80:80
#      - 8081:81
    volumes:
      - /etc/timezone:/etc/timezone
      - /etc/localtime:/etc/localtime
      - /storage/raid/dokuwiki_data:/var/www/dokuwiki/data/pages
      - /storage/raid/dokuwiki_conf:/var/www/dokuwiki/conf
    restart: unless-stopped

  unifi:
   image: ryansch/unifi-rpi:latest
   container_name: unifi
   restart: always
   network_mode: host
    # Uncomment the following to set java options
    # environment:
    #   JAVA_OPTS: -Xmx512M
   ports:
      - 8080:8080
      - 8443:8443
      - 3478:3478/udp
      - 10001:10001/udp
   volumes:
      # Unifi v5.0.7 creates all of these directories (some remain empty)
      - /storage/raid/unifi/config:/var/lib/unifi
      - /storage/raid/unifi/log:/usr/lib/unifi/logs
      - /storage/raid/unifi/log2:/var/log/unifi
      - /storage/raid/unifi/run:/usr/lib/unifi/run
      - /storage/raid/unifi/run2:/run/unifi
      - /storage/raid/unifi/work:/usr/lib/unifi/work