Hotfix release available: 2025-05-14b "Librarian".
upgrade now! [56.2] (what's this?)
boshi
boshi
Primarni namen je dokumentacija (tale, ki jo beres), DNS streznik za lokalni network, ki promet ocisti reklam, predvsem pa kot Wireguard VPN endpoint za vse nase online naprave (telefoni, pcji,..).
Je fizicnen streznik oz. mini PC - Raspberry PI 3B+ z 4xCPU in 1GB RAM.
Skrit je v shrambi pod stropom/knaufom.
Poleg SD kartice, na kateri je Debian Linux OS, je mountan tudi:
- 2x 16GB USB kljucek v RAID1, za pomembne zadeve (/storage/raid)
- 1x 500GB zunanji USB disk, za backup podatkov iz gecko (/storage/disk) - <color red>ZREL ZA ZAMENJAVO!!</color>
wireguard
pi@boshi:~ $ sudo cat /etc/wireguard/wg0.conf [Interface] Address = 10.168.100.1/24 ListenPort = 1607 PrivateKey = cCtb1PM7XLsP41LffRAgGSDdtjVUTnOcYkPex7HgLm0= #PreUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PreUp = iptables -t nat -A POSTROUTING -s 10.168.100.0/24 -o eth0 -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -s 10.168.100.0/24 -o eth0 -j MASQUERADE # tine gsm [Peer] PublicKey = M8oR/AuU7IqO2XiDmFAf1B+dRrrNVZ0oJQNphn30e20= AllowedIPs = 10.168.100.2/32 ### kump-nb laptop [Peer] PublicKey = UpXYC7nZaISFUL2pnflWYNtsttJZTg4jJHcyJbFTfCE= AllowedIPs = 10.168.100.3/32 ### main pc - job [Peer] PublicKey = CQwKZprTkIq0NKIKvdFRb8zc17rZ4tjNSqg3gADujEk= AllowedIPs = 10.168.100.4/32 ### kump-nb-t490 [Peer] PublicKey = fOXG/P1PCGTtycD+7bD6cdvrSQyR5/Swbdh0rJA++0o= AllowedIPs = 10.168.100.5/32 ### test job vm [Peer] PublicKey = veru9wmJKKr/29sCedW3HZ9b+5FOAWKEeudKSysGaUk= AllowedIPs = 10.168.100.10/32
Kljuci
- android_mobile_private.key: mMxvGb0dDuR6LCQ7z4Vi+2lsu/SrqeJj1AKHQp7vBnY=
- android_mobile_public.key: M8oR/AuU7IqO2XiDmFAf1B+dRrrNVZ0oJQNphn30e20=
- job_private.key: SNEnGnEEHTdJn5WU3g6fTdfhVLJGMRKdMYz+SU5MYX4=
- job_public.key: CQwKZprTkIq0NKIKvdFRb8zc17rZ4tjNSqg3gADujEk=
- kump-nb_private.key: ADdmMB4l5au1rFBcUwGmCWN+8b0/NPalrsSoTxR+ZXc=
- kump-nb_public.key: UpXYC7nZaISFUL2pnflWYNtsttJZTg4jJHcyJbFTfCE=
- raspberrypi_private.key: cCtb1PM7XLsP41LffRAgGSDdtjVUTnOcYkPex7HgLm0=
- raspberrypi_public.key: +/Vny4dUx9TbIaT7uLRTclp0ZEnSqPZwBxohlP7Y52E=
- test_private.key: 2CD8f3NQxliokeLjefu5Gi3XcoUzpzrJzHIsCaN/aGc=
- test_public.key: veru9wmJKKr/29sCedW3HZ9b+5FOAWKEeudKSysGaUk=
- kump-nb_t490_private.key: qH2qNapvJJvcCnj7lIHGuHN4WLBCjhAid98TDxMlfUU=
- kump-nb_t490_public.key: fOXG/P1PCGTtycD+7bD6cdvrSQyR5/Swbdh0rJA++0o=
Docker servisi
pi@boshi:/storage/raid/docker $ cat docker-compose.yml
version: "2"
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "81:80/tcp"
- "443:443/tcp"
environment:
TZ: 'Europe/Ljubljana'
WEBPASSWORD: 'pajhole42'
# Volumes store your data between container upgrades
volumes:
- '/storage/raid/pi-hole/etc-pihole/:/etc/pihole/'
- '/storage/raid/pi-hole/etc-dnsmasq.d/:/etc/dnsmasq.d/'
dns:
- 127.0.0.1
- 1.1.1.1
restart: unless-stopped
dokuwiki:
image: dtroncy/rpi-dokuwiki
container_name: dokuwiki
ports:
- 80:80
# - 8081:81
volumes:
- /etc/timezone:/etc/timezone
- /etc/localtime:/etc/localtime
- /storage/raid/dokuwiki_data:/var/www/dokuwiki/data/pages
- /storage/raid/dokuwiki_conf:/var/www/dokuwiki/conf
restart: unless-stopped
unifi:
image: ryansch/unifi-rpi:latest
container_name: unifi
restart: always
network_mode: host
# Uncomment the following to set java options
# environment:
# JAVA_OPTS: -Xmx512M
ports:
- 8080:8080
- 8443:8443
- 3478:3478/udp
- 10001:10001/udp
volumes:
# Unifi v5.0.7 creates all of these directories (some remain empty)
- /storage/raid/unifi/config:/var/lib/unifi
- /storage/raid/unifi/log:/usr/lib/unifi/logs
- /storage/raid/unifi/log2:/var/log/unifi
- /storage/raid/unifi/run:/usr/lib/unifi/run
- /storage/raid/unifi/run2:/run/unifi
- /storage/raid/unifi/work:/usr/lib/unifi/work
boshi.txt · Last modified: by 192.168.100.58 · Currently locked by: 192.168.100.200
