Merge branch 'master' of ssh://git.seaturtle.pw:2222/pew/scripts
commit
3abdc7cbd3
|
@ -1,4 +1,9 @@
|
|||
Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "gandi_api_key=GANDI_API_KEY" --limit=cabinet`
|
||||
Usage:
|
||||
|
||||
```
|
||||
export GANDI_API_KEY=mykey
|
||||
ansible-playbook main.yml -i hosts.cfg --extra-vars "gandi_api_key=$GANDI_API_KEY" --limit=cabinet
|
||||
```
|
||||
|
||||
All additional variables:
|
||||
- `gandi_api_key`: gandi api key for dynamic dns
|
||||
|
@ -10,19 +15,19 @@ Assumes:
|
|||
- OS (Debian) has been installed and IPs have been configured in hosts.cfg
|
||||
- Host is already trusted via ssh and can be ssh'd into using keys
|
||||
- Passwordless sudo is enabled for the user ansible uses
|
||||
- Root and user pw is something memorable
|
||||
|
||||
- ZFS server:
|
||||
- ZFS is configured with a volume at /bigdata for sharing
|
||||
- ZFS is configured with a volume at /bigdata
|
||||
|
||||
- Media server:
|
||||
- Create /media-vtluug folder
|
||||
- Create /media-vtluug folder ??? TODO!!
|
||||
|
||||
- Remote:
|
||||
- joe/pew users have been created
|
||||
- users have already been created
|
||||
|
||||
- Laptop/etc:
|
||||
- Manually configure ssh and tor
|
||||
|
||||
- TODO:
|
||||
- fix for network-online.target debian 10 bug
|
||||
- add samba stuff for fogcutter
|
||||
|
|
|
@ -11,11 +11,11 @@ ExecStart=/usr/bin/ssh -Nn \
|
|||
-o ServerAliveCountMax=3 \
|
||||
-o ExitOnForwardFailure=yes \
|
||||
-i /home/paul/.ssh/id_rsa_fast \
|
||||
-R 7000:127.0.0.1:8080 \
|
||||
-R 7001:127.0.0.1:8443 \
|
||||
-R 7000:127.0.0.1:80 \
|
||||
-R 7001:127.0.0.1:443 \
|
||||
-R 7002:127.0.0.1:2222 \
|
||||
-R 7003:127.0.0.1:25565 \
|
||||
-R 7004:127.0.0.1:8448 \
|
||||
-R 7004:127.0.0.1:8000 \
|
||||
pew@polyvalent.seaturtle.pw
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
|
|
@ -35,8 +35,8 @@ listen proxy25565
|
|||
bind :::25565
|
||||
server proxy7003 127.0.0.1:7003
|
||||
|
||||
# matrix federation
|
||||
listen proxy8448
|
||||
# tunnelvr
|
||||
listen proxy8000
|
||||
mode tcp
|
||||
bind :::8448
|
||||
bind :::8000
|
||||
server proxy7004 127.0.0.1:7004
|
||||
|
|
|
@ -0,0 +1,234 @@
|
|||
#
|
||||
# Sample configuration file for the Samba suite for Debian GNU/Linux.
|
||||
#
|
||||
#
|
||||
# This is the main Samba configuration file. You should read the
|
||||
# smb.conf(5) manual page in order to understand the options listed
|
||||
# here. Samba has a huge number of configurable options most of which
|
||||
# are not shown in this example
|
||||
#
|
||||
# Some options that are often worth tuning have been included as
|
||||
# commented-out examples in this file.
|
||||
# - When such options are commented with ";", the proposed setting
|
||||
# differs from the default Samba behaviour
|
||||
# - When commented with "#", the proposed setting is the default
|
||||
# behaviour of Samba but the option is considered important
|
||||
# enough to be mentioned here
|
||||
#
|
||||
# NOTE: Whenever you modify this file you should run the command
|
||||
# "testparm" to check that you have not made any basic syntactic
|
||||
# errors.
|
||||
|
||||
#======================= Global Settings =======================
|
||||
|
||||
[global]
|
||||
|
||||
## Browsing/Identification ###
|
||||
|
||||
# Change this to the workgroup/NT-domain name your Samba server will part of
|
||||
workgroup = PEWWG
|
||||
|
||||
#### Networking ####
|
||||
|
||||
# The specific set of interfaces / networks to bind to
|
||||
# This can be either the interface name or an IP address/netmask;
|
||||
# interface names are normally preferred
|
||||
; interfaces = 127.0.0.0/8 eth0
|
||||
interfaces = 2601:5c0:c280:8e30::/64 10.42.0.0/24 eno1
|
||||
|
||||
# Only bind to the named interfaces and/or networks; you must use the
|
||||
# 'interfaces' option above to use this.
|
||||
# It is recommended that you enable this feature if your Samba machine is
|
||||
# not protected by a firewall or is a firewall itself. However, this
|
||||
# option cannot handle dynamic or non-broadcast interfaces correctly.
|
||||
; bind interfaces only = yes
|
||||
|
||||
|
||||
|
||||
#### Debugging/Accounting ####
|
||||
|
||||
# This tells Samba to use a separate log file for each machine
|
||||
# that connects
|
||||
log file = /var/log/samba/log.%m
|
||||
|
||||
# Cap the size of the individual log files (in KiB).
|
||||
max log size = 1000
|
||||
|
||||
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
|
||||
# Append syslog@1 if you want important messages to be sent to syslog too.
|
||||
logging = file
|
||||
|
||||
# Do something sensible when Samba crashes: mail the admin a backtrace
|
||||
panic action = /usr/share/samba/panic-action %d
|
||||
|
||||
|
||||
####### Authentication #######
|
||||
|
||||
# Server role. Defines in which mode Samba will operate. Possible
|
||||
# values are "standalone server", "member server", "classic primary
|
||||
# domain controller", "classic backup domain controller", "active
|
||||
# directory domain controller".
|
||||
#
|
||||
# Most people will want "standalone server" or "member server".
|
||||
# Running as "active directory domain controller" will require first
|
||||
# running "samba-tool domain provision" to wipe databases and create a
|
||||
# new domain.
|
||||
server role = standalone server
|
||||
|
||||
obey pam restrictions = yes
|
||||
|
||||
# This boolean parameter controls whether Samba attempts to sync the Unix
|
||||
# password with the SMB password when the encrypted SMB password in the
|
||||
# passdb is changed.
|
||||
unix password sync = yes
|
||||
|
||||
# For Unix password sync to work on a Debian GNU/Linux system, the following
|
||||
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
|
||||
# sending the correct chat script for the passwd program in Debian Sarge).
|
||||
passwd program = /usr/bin/passwd %u
|
||||
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
|
||||
|
||||
# This boolean controls whether PAM will be used for password changes
|
||||
# when requested by an SMB client instead of the program listed in
|
||||
# 'passwd program'. The default is 'no'.
|
||||
pam password change = yes
|
||||
|
||||
# This option controls how unsuccessful authentication attempts are mapped
|
||||
# to anonymous connections
|
||||
map to guest = bad user
|
||||
|
||||
########## Domains ###########
|
||||
|
||||
#
|
||||
# The following settings only takes effect if 'server role = classic
|
||||
# primary domain controller', 'server role = classic backup domain controller'
|
||||
# or 'domain logons' is set
|
||||
#
|
||||
|
||||
# It specifies the location of the user's
|
||||
# profile directory from the client point of view) The following
|
||||
# required a [profiles] share to be setup on the samba server (see
|
||||
# below)
|
||||
; logon path = \\%N\profiles\%U
|
||||
# Another common choice is storing the profile in the user's home directory
|
||||
# (this is Samba's default)
|
||||
# logon path = \\%N\%U\profile
|
||||
|
||||
# The following setting only takes effect if 'domain logons' is set
|
||||
# It specifies the location of a user's home directory (from the client
|
||||
# point of view)
|
||||
; logon drive = H:
|
||||
# logon home = \\%N\%U
|
||||
|
||||
# The following setting only takes effect if 'domain logons' is set
|
||||
# It specifies the script to run during logon. The script must be stored
|
||||
# in the [netlogon] share
|
||||
# NOTE: Must be store in 'DOS' file format convention
|
||||
; logon script = logon.cmd
|
||||
|
||||
# This allows Unix users to be created on the domain controller via the SAMR
|
||||
# RPC pipe. The example command creates a user account with a disabled Unix
|
||||
# password; please adapt to your needs
|
||||
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
|
||||
|
||||
# This allows machine accounts to be created on the domain controller via the
|
||||
# SAMR RPC pipe.
|
||||
# The following assumes a "machines" group exists on the system
|
||||
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
|
||||
|
||||
# This allows Unix groups to be created on the domain controller via the SAMR
|
||||
# RPC pipe.
|
||||
; add group script = /usr/sbin/addgroup --force-badname %g
|
||||
|
||||
############ Misc ############
|
||||
|
||||
# Using the following line enables you to customise your configuration
|
||||
# on a per machine basis. The %m gets replaced with the netbios name
|
||||
# of the machine that is connecting
|
||||
; include = /home/samba/etc/smb.conf.%m
|
||||
|
||||
# Some defaults for winbind (make sure you're not using the ranges
|
||||
# for something else.)
|
||||
; idmap config * : backend = tdb
|
||||
; idmap config * : range = 3000-7999
|
||||
; idmap config YOURDOMAINHERE : backend = tdb
|
||||
; idmap config YOURDOMAINHERE : range = 100000-999999
|
||||
; template shell = /bin/bash
|
||||
|
||||
# Setup usershare options to enable non-root users to share folders
|
||||
# with the net usershare command.
|
||||
|
||||
# Maximum number of usershare. 0 means that usershare is disabled.
|
||||
# usershare max shares = 100
|
||||
|
||||
# Allow users who've been granted usershare privileges to create
|
||||
# public shares, not just authenticated ones
|
||||
usershare allow guests = yes
|
||||
|
||||
#======================= Share Definitions =======================
|
||||
|
||||
[pew-photos]
|
||||
comment = pew photos
|
||||
browseable = yes
|
||||
path = /bigdata/archive/photos
|
||||
guest ok = no
|
||||
read only = no
|
||||
create mask = 0700
|
||||
directory mask = 0700
|
||||
valid users = paul
|
||||
|
||||
[incoming-photos]
|
||||
comment = incoming pew photos
|
||||
browseable = yes
|
||||
path = /bigdata/tmp/incoming-photos
|
||||
guest ok = no
|
||||
read only = no
|
||||
create mask = 0700
|
||||
directory mask = 0700
|
||||
valid users = paul
|
||||
|
||||
# Un-comment the following and create the netlogon directory for Domain Logons
|
||||
# (you need to configure Samba to act as a domain controller too.)
|
||||
;[netlogon]
|
||||
; comment = Network Logon Service
|
||||
; path = /home/samba/netlogon
|
||||
; guest ok = yes
|
||||
; read only = yes
|
||||
|
||||
# Un-comment the following and create the profiles directory to store
|
||||
# users profiles (see the "logon path" option above)
|
||||
# (you need to configure Samba to act as a domain controller too.)
|
||||
# The path below should be writable by all users so that their
|
||||
# profile directory may be created the first time they log on
|
||||
;[profiles]
|
||||
; comment = Users profiles
|
||||
; path = /home/samba/profiles
|
||||
; guest ok = no
|
||||
; browseable = no
|
||||
; create mask = 0600
|
||||
; directory mask = 0700
|
||||
|
||||
;[printers]
|
||||
; comment = All Printers
|
||||
; browseable = no
|
||||
; path = /var/spool/samba
|
||||
; printable = yes
|
||||
; guest ok = no
|
||||
; read only = yes
|
||||
; create mask = 0700
|
||||
|
||||
# Windows clients look for this share name as a source of downloadable
|
||||
# printer drivers
|
||||
;[print$]
|
||||
; comment = Printer Drivers
|
||||
; path = /var/lib/samba/printers
|
||||
; browseable = yes
|
||||
; read only = yes
|
||||
; guest ok = no
|
||||
# Uncomment to allow remote administration of Windows print drivers.
|
||||
# You may need to replace 'lpadmin' with the name of the group your
|
||||
# admin users are members of.
|
||||
# Please note that you also need to set appropriate Unix permissions
|
||||
# to the drivers directory for these users to have write rights in it
|
||||
; write list = root, @lpadmin
|
||||
|
|
@ -55,3 +55,13 @@
|
|||
daemon_reload: yes
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Restart smbd
|
||||
service:
|
||||
name: smbd
|
||||
state: restarted
|
||||
|
||||
- name: Restart dnsmasq
|
||||
service:
|
||||
name: dnsmasq
|
||||
state: restarted
|
||||
|
|
|
@ -1,17 +1,14 @@
|
|||
[all:vars]
|
||||
ansible_python_interpreter=/usr/bin/python3
|
||||
|
||||
[compute]
|
||||
fogcutter hostname=fogcutter.seaturtle.pw interface=eno1
|
||||
[homelab]
|
||||
fogcutter hostname=fogcutter.seaturtle.pw interface=eno1 admin=joe
|
||||
|
||||
[daily]
|
||||
cabinet hostname=cabinet.seaturtle.pw interface=enp9s0
|
||||
|
||||
[nfs]
|
||||
bigdummy hostname=bigdummy.seaturtle.pw interface=enp2s0
|
||||
cabinet hostname=cabinet.seaturtle.pw interface=enp9s0 admin=paul
|
||||
|
||||
[irc]
|
||||
joe@madone.seaturtle.pw hostname=madone.seaturtle.pw interface=enp1s0
|
||||
joe@madone.seaturtle.pw hostname=madone.seaturtle.pw interface=enp1s0 admin=joe
|
||||
|
||||
[proxy]
|
||||
polyvalent hostname=polyvalent.seaturtle.pw interface=eth0
|
||||
[cloudlab]
|
||||
joe@polyvalent hostname=polyvalent.seaturtle.pw interface=eth0 admin=joe
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# All hosts are debian 10 or 11
|
||||
---
|
||||
# Common
|
||||
- hosts: daily,compute,nfs,proxy,irc
|
||||
- hosts: daily,homelab,irc
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
|
@ -15,6 +15,7 @@
|
|||
apt:
|
||||
name:
|
||||
- apt-listchanges
|
||||
- beets
|
||||
- chrony
|
||||
- curl
|
||||
- dma
|
||||
|
@ -38,6 +39,11 @@
|
|||
force_apt_get: yes
|
||||
update_cache: yes
|
||||
|
||||
- name: Install rclone
|
||||
apt:
|
||||
deb: https://downloads.rclone.org/rclone-current-linux-amd64.deb
|
||||
force_apt_get: yes
|
||||
|
||||
- name: Disable MOTDs
|
||||
file:
|
||||
path: /etc/update-motd.d/10-uname
|
||||
|
@ -111,7 +117,7 @@
|
|||
owner: root
|
||||
group: mail
|
||||
mode: '0640'
|
||||
when: dma_auth is defined
|
||||
when: dma_auth is defined and dma_auth != ''
|
||||
|
||||
## Changes will take effect during next reboot, does not effect static IPs
|
||||
- name: Configure sysctl with IPv6 privacy extensions
|
||||
|
@ -144,7 +150,7 @@
|
|||
msg: Manually get tor hostname
|
||||
|
||||
# Common dynamic settings
|
||||
- hosts: compute,daily,proxy
|
||||
- hosts: daily,homelab
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
|
@ -156,7 +162,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
when: gandi_api_key is defined
|
||||
when: gandi_api_key is defined and gandi_api_key != ''
|
||||
|
||||
- name: Add Dynamic DNS cronjob
|
||||
cron:
|
||||
|
@ -166,11 +172,9 @@
|
|||
user: root
|
||||
when: gandi_api_key is defined
|
||||
|
||||
# docker
|
||||
- hosts: irc,compute
|
||||
# Docker
|
||||
- hosts: homelab,irc
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
tasks:
|
||||
- name: Add Docker GPG key
|
||||
apt_key:
|
||||
|
@ -189,19 +193,42 @@
|
|||
force_apt_get: yes
|
||||
update_cache: yes
|
||||
|
||||
# Custom repo config
|
||||
- hosts: compute
|
||||
- name: Add admin to docker group
|
||||
user:
|
||||
name: "{{ admin }}"
|
||||
groups: docker
|
||||
append: yes
|
||||
|
||||
# Compute config
|
||||
- hosts: homelab
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
tasks:
|
||||
- name: Install compute packages
|
||||
- name: Install samba, zfs stuff
|
||||
apt:
|
||||
name:
|
||||
- sshfs
|
||||
- zfs-auto-snapshot
|
||||
- zfs-zed
|
||||
force_apt_get: yes
|
||||
update_cache: yes
|
||||
|
||||
- name: Configure zfs-zed
|
||||
copy:
|
||||
src: files/zed.rc
|
||||
dest: /etc/zfs/zed.d/zed.rc
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart zfs-zed
|
||||
|
||||
- name: Install weekly bigdata scrub cron job
|
||||
cron:
|
||||
name: 'Weekly zfs pool status check'
|
||||
special_time: weekly
|
||||
job: '/usr/sbin/zpool status | mail -s "ZFS STATUS" paulsw.pw+alerts@gmail.com'
|
||||
user: root
|
||||
|
||||
- name: Mount vtluug /media via sshfs
|
||||
mount:
|
||||
src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media
|
||||
|
@ -210,18 +237,31 @@
|
|||
opts: reconnect,allow_other,ro,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast
|
||||
state: mounted
|
||||
|
||||
- name: Install rclone
|
||||
apt:
|
||||
deb: https://downloads.rclone.org/rclone-current-linux-amd64.deb
|
||||
force_apt_get: yes
|
||||
|
||||
- debug:
|
||||
msg: Manually configure rclone remote drive
|
||||
|
||||
- name: Backup data cronjob - Monday
|
||||
cron:
|
||||
name: 'Backup data'
|
||||
minute: '0'
|
||||
hour: '0'
|
||||
day: '*'
|
||||
month: '*'
|
||||
weekday: '1'
|
||||
user: paul
|
||||
job: "/home/paul/scripts-private/{{ inventory_hostname }}/backup.sh"
|
||||
|
||||
# IRC config
|
||||
- hosts: irc
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
tasks:
|
||||
- name: Add joe to docker group
|
||||
user:
|
||||
name: joe
|
||||
groups: docker
|
||||
append: yes
|
||||
|
||||
- name: Install weechat systemd service
|
||||
copy:
|
||||
src: files/weechat.service
|
||||
|
@ -230,6 +270,3 @@
|
|||
group: root
|
||||
mode: '0644'
|
||||
notify: Enable weechat service
|
||||
|
||||
- debug:
|
||||
msg: Clone docker repo to start services
|
||||
|
|
|
@ -0,0 +1,681 @@
|
|||
# Configuration file for dnsmasq.
|
||||
#
|
||||
# Format is one option per line, legal options are the same
|
||||
# as the long options legal on the command line. See
|
||||
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
|
||||
|
||||
# Listen on this specific port instead of the standard DNS port
|
||||
# (53). Setting this to zero completely disables DNS function,
|
||||
# leaving only DHCP and/or TFTP.
|
||||
#port=5353
|
||||
|
||||
# The following two options make you a better netizen, since they
|
||||
# tell dnsmasq to filter out queries which the public DNS cannot
|
||||
# answer, and which load the servers (especially the root servers)
|
||||
# unnecessarily. If you have a dial-on-demand link they also stop
|
||||
# these requests from bringing up the link unnecessarily.
|
||||
|
||||
# Never forward plain names (without a dot or domain part)
|
||||
domain-needed
|
||||
# Never forward addresses in the non-routed address spaces.
|
||||
bogus-priv
|
||||
|
||||
# Uncomment these to enable DNSSEC validation and caching:
|
||||
# (Requires dnsmasq to be built with DNSSEC option.)
|
||||
#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf
|
||||
#dnssec
|
||||
|
||||
# Replies which are not DNSSEC signed may be legitimate, because the domain
|
||||
# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
|
||||
# check that an unsigned reply is OK, by finding a secure proof that a DS
|
||||
# record somewhere between the root and the domain does not exist.
|
||||
# The cost of setting this is that even queries in unsigned domains will need
|
||||
# one or more extra DNS queries to verify.
|
||||
#dnssec-check-unsigned
|
||||
|
||||
# Uncomment this to filter useless windows-originated DNS requests
|
||||
# which can trigger dial-on-demand links needlessly.
|
||||
# Note that (amongst other things) this blocks all SRV requests,
|
||||
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
|
||||
# This option only affects forwarding, SRV records originating for
|
||||
# dnsmasq (via srv-host= lines) are not suppressed by it.
|
||||
#filterwin2k
|
||||
|
||||
# Change this line if you want dns to get its upstream servers from
|
||||
# somewhere other that /etc/resolv.conf
|
||||
#resolv-file=
|
||||
|
||||
# By default, dnsmasq will send queries to any of the upstream
|
||||
# servers it knows about and tries to favour servers to are known
|
||||
# to be up. Uncommenting this forces dnsmasq to try each query
|
||||
# with each server strictly in the order they appear in
|
||||
# /etc/resolv.conf
|
||||
#strict-order
|
||||
|
||||
# If you don't want dnsmasq to read /etc/resolv.conf or any other
|
||||
# file, getting its servers from this file instead (see below), then
|
||||
# uncomment this.
|
||||
no-resolv
|
||||
|
||||
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
|
||||
# files for changes and re-read them then uncomment this.
|
||||
#no-poll
|
||||
|
||||
# Add other name servers here, with domain specs if they are for
|
||||
# non-public domains.
|
||||
#server=/localnet/192.168.0.1
|
||||
server=2001:1608:10:25::9249:d69b
|
||||
server=84.200.70.40
|
||||
|
||||
# Example of routing PTR queries to nameservers: this will send all
|
||||
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
|
||||
#server=/3.168.192.in-addr.arpa/10.1.2.3
|
||||
|
||||
# Add local-only domains here, queries in these domains are answered
|
||||
# from /etc/hosts or DHCP only.
|
||||
#local=/localnet/
|
||||
|
||||
# Add domains which you want to force to an IP address here.
|
||||
# The example below send any host in double-click.net to a local
|
||||
# web-server.
|
||||
#address=/double-click.net/127.0.0.1
|
||||
|
||||
# --address (and --server) work with IPv6 addresses too.
|
||||
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
|
||||
|
||||
# Add the IPs of all queries to yahoo.com, google.com, and their
|
||||
# subdomains to the vpn and search ipsets:
|
||||
#ipset=/yahoo.com/google.com/vpn,search
|
||||
|
||||
# You can control how dnsmasq talks to a server: this forces
|
||||
# queries to 10.1.2.3 to be routed via eth1
|
||||
# server=10.1.2.3@eth1
|
||||
|
||||
# and this sets the source (ie local) address used to talk to
|
||||
# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
|
||||
# IP on the machine, obviously).
|
||||
# server=10.1.2.3@192.168.1.1#55
|
||||
|
||||
# If you want dnsmasq to change uid and gid to something other
|
||||
# than the default, edit the following lines.
|
||||
#user=
|
||||
#group=
|
||||
|
||||
# If you want dnsmasq to listen for DHCP and DNS requests only on
|
||||
# specified interfaces (and the loopback) give the name of the
|
||||
# interface (eg eth0) here.
|
||||
# Repeat the line for more than one interface.
|
||||
interface={{ interface }}
|
||||
# Or you can specify which interface _not_ to listen on
|
||||
#except-interface=
|
||||
# Or which to listen on by address (remember to include 127.0.0.1 if
|
||||
# you use this.)
|
||||
#listen-address=
|
||||
# If you want dnsmasq to provide only DNS service on an interface,
|
||||
# configure it as shown above, and then use the following line to
|
||||
# disable DHCP and TFTP on it.
|
||||
#no-dhcp-interface=
|
||||
|
||||
# On systems which support it, dnsmasq binds the wildcard address,
|
||||
# even when it is listening on only some interfaces. It then discards
|
||||
# requests that it shouldn't reply to. This has the advantage of
|
||||
# working even when interfaces come and go and change address. If you
|
||||
# want dnsmasq to really bind only the interfaces it is listening on,
|
||||
# uncomment this option. About the only time you may need this is when
|
||||
# running another nameserver on the same machine.
|
||||
#bind-interfaces
|
||||
|
||||
# If you don't want dnsmasq to read /etc/hosts, uncomment the
|
||||
# following line.
|
||||
#no-hosts
|
||||
# or if you want it to read another file, as well as /etc/hosts, use
|
||||
# this.
|
||||
#addn-hosts=/etc/banner_add_hosts
|
||||
|
||||
# Set this (and domain: see below) if you want to have a domain
|
||||
# automatically added to simple names in a hosts-file.
|
||||
#expand-hosts
|
||||
|
||||
# Set the domain for dnsmasq. this is optional, but if it is set, it
|
||||
# does the following things.
|
||||
# 1) Allows DHCP hosts to have fully qualified domain names, as long
|
||||
# as the domain part matches this setting.
|
||||
# 2) Sets the "domain" DHCP option thereby potentially setting the
|
||||
# domain of all systems configured by DHCP
|
||||
# 3) Provides the domain part for "expand-hosts"
|
||||
#domain=thekelleys.org.uk
|
||||
|
||||
# Set a different domain for a particular subnet
|
||||
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
|
||||
|
||||
# Same idea, but range rather then subnet
|
||||
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
|
||||
|
||||
# Uncomment this to enable the integrated DHCP server, you need
|
||||
# to supply the range of addresses available for lease and optionally
|
||||
# a lease time. If you have more than one network, you will need to
|
||||
# repeat this for each network on which you want to supply DHCP
|
||||
# service.
|
||||
#dhcp-range=192.168.0.50,192.168.0.150,12h
|
||||
|
||||
# This is an example of a DHCP range where the netmask is given. This
|
||||
# is needed for networks we reach the dnsmasq DHCP server via a relay
|
||||
# agent. If you don't know what a DHCP relay agent is, you probably
|
||||
# don't need to worry about this.
|
||||
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
|
||||
|
||||
# This is an example of a DHCP range which sets a tag, so that
|
||||
# some DHCP options may be set only for this network.
|
||||
#dhcp-range=set:red,192.168.0.50,192.168.0.150
|
||||
|
||||
# Use this DHCP range only when the tag "green" is set.
|
||||
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
|
||||
|
||||
# Specify a subnet which can't be used for dynamic address allocation,
|
||||
# is available for hosts with matching --dhcp-host lines. Note that
|
||||
# dhcp-host declarations will be ignored unless there is a dhcp-range
|
||||
# of some type for the subnet in question.
|
||||
# In this case the netmask is implied (it comes from the network
|
||||
# configuration on the machine running dnsmasq) it is possible to give
|
||||
# an explicit netmask instead.
|
||||
#dhcp-range=192.168.0.0,static
|
||||
|
||||
# Enable DHCPv6. Note that the prefix-length does not need to be specified
|
||||
# and defaults to 64 if missing/
|
||||
#dhcp-range=1234::2, 1234::500, 64, 12h
|
||||
|
||||
# Do Router Advertisements, BUT NOT DHCP for this subnet.
|
||||
#dhcp-range=1234::, ra-only
|
||||
|
||||
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
|
||||
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
|
||||
# hosts. Use the DHCPv4 lease to derive the name, network segment and
|
||||
# MAC address and assume that the host will also have an
|
||||
# IPv6 address calculated using the SLAAC algorithm.
|
||||
#dhcp-range=1234::, ra-names
|
||||
|
||||
# Do Router Advertisements, BUT NOT DHCP for this subnet.
|
||||
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
|
||||
#dhcp-range=1234::, ra-only, 48h
|
||||
|
||||
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
|
||||
# so that clients can use SLAAC addresses as well as DHCP ones.
|
||||
#dhcp-range=1234::2, 1234::500, slaac
|
||||
|
||||
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
|
||||
# not get addresses from DHCP, but they will get other configuration information.
|
||||
# They will use SLAAC for addresses.
|
||||
#dhcp-range=1234::, ra-stateless
|
||||
|
||||
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
|
||||
# from DHCPv4 leases.
|
||||
#dhcp-range=1234::, ra-stateless, ra-names
|
||||
|
||||
# Do router advertisements for all subnets where we're doing DHCPv6
|
||||
# Unless overridden by ra-stateless, ra-names, et al, the router
|
||||
# advertisements will have the M and O bits set, so that the clients
|
||||
# get addresses and configuration from DHCPv6, and the A bit reset, so the
|
||||
# clients don't use SLAAC addresses.
|
||||
#enable-ra
|
||||
|
||||
# Supply parameters for specified hosts using DHCP. There are lots
|
||||
# of valid alternatives, so we will give examples of each. Note that
|
||||
# IP addresses DO NOT have to be in the range given above, they just
|
||||
# need to be on the same network. The order of the parameters in these
|
||||
# do not matter, it's permissible to give name, address and MAC in any
|
||||
# order.
|
||||
|
||||
# Always allocate the host with Ethernet address 11:22:33:44:55:66
|
||||
# The IP address 192.168.0.60
|
||||
#dhcp-host=11:22:33:44:55:66,192.168.0.60
|
||||
|
||||
# Always set the name of the host with hardware address
|
||||
# 11:22:33:44:55:66 to be "fred"
|
||||
#dhcp-host=11:22:33:44:55:66,fred
|
||||
|
||||
# Always give the host with Ethernet address 11:22:33:44:55:66
|
||||
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
|
||||
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
|
||||
|
||||
# Give a host with Ethernet address 11:22:33:44:55:66 or
|
||||
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
|
||||
# that these two Ethernet interfaces will never be in use at the same
|
||||
# time, and give the IP address to the second, even if it is already
|
||||
# in use by the first. Useful for laptops with wired and wireless
|
||||
# addresses.
|
||||
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
|
||||
|
||||
# Give the machine which says its name is "bert" IP address
|
||||
# 192.168.0.70 and an infinite lease
|
||||
#dhcp-host=bert,192.168.0.70,infinite
|
||||
|
||||
# Always give the host with client identifier 01:02:02:04
|
||||
# the IP address 192.168.0.60
|
||||
#dhcp-host=id:01:02:02:04,192.168.0.60
|
||||
|
||||
# Always give the InfiniBand interface with hardware address
|
||||
# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
|
||||
# ip address 192.168.0.61. The client id is derived from the prefix
|
||||
# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
|
||||
# hex digits of the hardware address.
|
||||
#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61
|
||||
|
||||
# Always give the host with client identifier "marjorie"
|
||||
# the IP address 192.168.0.60
|
||||
#dhcp-host=id:marjorie,192.168.0.60
|
||||
|
||||
# Enable the address given for "judge" in /etc/hosts
|
||||
# to be given to a machine presenting the name "judge" when
|
||||
# it asks for a DHCP lease.
|
||||
#dhcp-host=judge
|
||||
|
||||
# Never offer DHCP service to a machine whose Ethernet
|
||||
# address is 11:22:33:44:55:66
|
||||
#dhcp-host=11:22:33:44:55:66,ignore
|
||||
|
||||
# Ignore any client-id presented by the machine with Ethernet
|
||||
# address 11:22:33:44:55:66. This is useful to prevent a machine
|
||||
# being treated differently when running under different OS's or
|
||||
# between PXE boot and OS boot.
|
||||
#dhcp-host=11:22:33:44:55:66,id:*
|
||||
|
||||
# Send extra options which are tagged as "red" to
|
||||
# the machine with Ethernet address 11:22:33:44:55:66
|
||||
#dhcp-host=11:22:33:44:55:66,set:red
|
||||
|
||||
# Send extra options which are tagged as "red" to
|
||||
# any machine with Ethernet address starting 11:22:33:
|
||||
#dhcp-host=11:22:33:*:*:*,set:red
|
||||
|
||||
# Give a fixed IPv6 address and name to client with
|
||||
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
|
||||
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
|
||||
# Note also that the [] around the IPv6 address are obligatory.
|
||||
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
|
||||
|
||||
# Ignore any clients which are not specified in dhcp-host lines
|
||||
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
|
||||
# This relies on the special "known" tag which is set when
|
||||
# a host is matched.
|
||||
#dhcp-ignore=tag:!known
|
||||
|
||||
# Send extra options which are tagged as "red" to any machine whose
|
||||
# DHCP vendorclass string includes the substring "Linux"
|
||||
#dhcp-vendorclass=set:red,Linux
|
||||
|
||||
# Send extra options which are tagged as "red" to any machine one
|
||||
# of whose DHCP userclass strings includes the substring "accounts"
|
||||
#dhcp-userclass=set:red,accounts
|
||||
|
||||
# Send extra options which are tagged as "red" to any machine whose
|
||||
# MAC address matches the pattern.
|
||||
#dhcp-mac=set:red,00:60:8C:*:*:*
|
||||
|
||||
# If this line is uncommented, dnsmasq will read /etc/ethers and act
|
||||
# on the ethernet-address/IP pairs found there just as if they had
|
||||
# been given as --dhcp-host options. Useful if you keep
|
||||
# MAC-address/host mappings there for other purposes.
|
||||
#read-ethers
|
||||
|
||||
# Send options to hosts which ask for a DHCP lease.
|
||||
# See RFC 2132 for details of available options.
|
||||
# Common options can be given to dnsmasq by name:
|
||||
# run "dnsmasq --help dhcp" to get a list.
|
||||
# Note that all the common settings, such as netmask and
|
||||
# broadcast address, DNS server and default route, are given
|
||||
# sane defaults by dnsmasq. You very likely will not need
|
||||
# any dhcp-options. If you use Windows clients and Samba, there
|
||||
# are some options which are recommended, they are detailed at the
|
||||
# end of this section.
|
||||
|
||||
# Override the default route supplied by dnsmasq, which assumes the
|
||||
# router is the same machine as the one running dnsmasq.
|
||||
#dhcp-option=3,1.2.3.4
|
||||
|
||||
# Do the same thing, but using the option name
|
||||
#dhcp-option=option:router,1.2.3.4
|
||||
|
||||
# Override the default route supplied by dnsmasq and send no default
|
||||
# route at all. Note that this only works for the options sent by
|
||||
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
|
||||
# for all other option numbers.
|
||||
#dhcp-option=3
|
||||
|
||||
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
|
||||
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
|
||||
|
||||
# Send DHCPv6 option. Note [] around IPv6 addresses.
|
||||
#dhcp-option=option6:dns-server,[1234::77],[1234::88]
|
||||
|
||||
# Send DHCPv6 option for namservers as the machine running
|
||||
# dnsmasq and another.
|
||||
#dhcp-option=option6:dns-server,[::],[1234::88]
|
||||
|
||||
# Ask client to poll for option changes every six hours. (RFC4242)
|
||||
#dhcp-option=option6:information-refresh-time,6h
|
||||
|
||||
# Set option 58 client renewal time (T1). Defaults to half of the
|
||||
# lease time if not specified. (RFC2132)
|
||||
#dhcp-option=option:T1,1m
|
||||
|
||||
# Set option 59 rebinding time (T2). Defaults to 7/8 of the
|
||||
# lease time if not specified. (RFC2132)
|
||||
#dhcp-option=option:T2,2m
|
||||
|
||||
# Set the NTP time server address to be the same machine as
|
||||
# is running dnsmasq
|
||||
#dhcp-option=42,0.0.0.0
|
||||
|
||||
# Set the NIS domain name to "welly"
|
||||
#dhcp-option=40,welly
|
||||
|
||||
# Set the default time-to-live to 50
|
||||
#dhcp-option=23,50
|
||||
|
||||
# Set the "all subnets are local" flag
|
||||
#dhcp-option=27,1
|
||||
|
||||
# Send the etherboot magic flag and then etherboot options (a string).
|
||||
#dhcp-option=128,e4:45:74:68:00:00
|
||||
#dhcp-option=129,NIC=eepro100
|
||||
|
||||
# Specify an option which will only be sent to the "red" network
|
||||
# (see dhcp-range for the declaration of the "red" network)
|
||||
# Note that the tag: part must precede the option: part.
|
||||
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
|
||||
|
||||
# The following DHCP options set up dnsmasq in the same way as is specified
|
||||
# for the ISC dhcpcd in
|
||||
# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
|
||||
# adapted for a typical dnsmasq installation where the host running
|
||||
# dnsmasq is also the host running samba.
|
||||
# you may want to uncomment some or all of them if you use
|
||||
# Windows clients and Samba.
|
||||
#dhcp-option=19,0 # option ip-forwarding off
|
||||
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
|
||||
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
|
||||
#dhcp-option=46,8 # netbios node type
|
||||
|
||||
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
|
||||
#dhcp-option=252,"\n"
|
||||
|
||||
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
|
||||
# probably doesn't support this......
|
||||
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
|
||||
|
||||
# Send RFC-3442 classless static routes (note the netmask encoding)
|
||||
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
|
||||
|
||||
# Send vendor-class specific options encapsulated in DHCP option 43.
|
||||
# The meaning of the options is defined by the vendor-class so
|
||||
# options are sent only when the client supplied vendor class
|
||||
# matches the class given here. (A substring match is OK, so "MSFT"
|
||||
# matches "MSFT" and "MSFT 5.0"). This example sets the
|
||||
# mtftp address to 0.0.0.0 for PXEClients.
|
||||
#dhcp-option=vendor:PXEClient,1,0.0.0.0
|
||||
|
||||
# Send microsoft-specific option to tell windows to release the DHCP lease
|
||||
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
|
||||
# value as a four-byte integer - that's what microsoft wants. See
|
||||
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
|
||||
#dhcp-option=vendor:MSFT,2,1i
|
||||
|
||||
# Send the Encapsulated-vendor-class ID needed by some configurations of
|
||||
# Etherboot to allow is to recognise the DHCP server.
|
||||
#dhcp-option=vendor:Etherboot,60,"Etherboot"
|
||||
|
||||
# Send options to PXELinux. Note that we need to send the options even
|
||||
# though they don't appear in the parameter request list, so we need
|
||||
# to use dhcp-option-force here.
|
||||
# See http://syslinux.zytor.com/pxe.php#special for details.
|
||||
# Magic number - needed before anything else is recognised
|
||||
#dhcp-option-force=208,f1:00:74:7e
|
||||
# Configuration file name
|
||||
#dhcp-option-force=209,configs/common
|
||||
# Path prefix
|
||||
#dhcp-option-force=210,/tftpboot/pxelinux/files/
|
||||
# Reboot time. (Note 'i' to send 32-bit value)
|
||||
#dhcp-option-force=211,30i
|
||||
|
||||
# Set the boot filename for netboot/PXE. You will only need
|
||||
# this if you want to boot machines over the network and you will need
|
||||
# a TFTP server; either dnsmasq's built-in TFTP server or an
|
||||
# external one. (See below for how to enable the TFTP server.)
|
||||
#dhcp-boot=pxelinux.0
|
||||
|
||||
# The same as above, but use custom tftp-server instead machine running dnsmasq
|
||||
#dhcp-boot=pxelinux,server.name,192.168.1.100
|
||||
|
||||
# Boot for iPXE. The idea is to send two different
|
||||
# filenames, the first loads iPXE, and the second tells iPXE what to
|
||||
# load. The dhcp-match sets the ipxe tag for requests from iPXE.
|
||||
#dhcp-boot=undionly.kpxe
|
||||
#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
|
||||
#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
|
||||
|
||||
# Encapsulated options for iPXE. All the options are
|
||||
# encapsulated within option 175
|
||||
#dhcp-option=encap:175, 1, 5b # priority code
|
||||
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
|
||||
#dhcp-option=encap:175, 177, string # bus-id
|
||||
#dhcp-option=encap:175, 189, 1b # BIOS drive code
|
||||
#dhcp-option=encap:175, 190, user # iSCSI username
|
||||
#dhcp-option=encap:175, 191, pass # iSCSI password
|
||||
|
||||
# Test for the architecture of a netboot client. PXE clients are
|
||||
# supposed to send their architecture as option 93. (See RFC 4578)
|
||||
#dhcp-match=peecees, option:client-arch, 0 #x86-32
|
||||
#dhcp-match=itanics, option:client-arch, 2 #IA64
|
||||
#dhcp-match=hammers, option:client-arch, 6 #x86-64
|
||||
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
|
||||
|
||||
# Do real PXE, rather than just booting a single file, this is an
|
||||
# alternative to dhcp-boot.
|
||||
#pxe-prompt="What system shall I netboot?"
|
||||
# or with timeout before first available action is taken:
|
||||
#pxe-prompt="Press F8 for menu.", 60
|
||||
|
||||
# Available boot services. for PXE.
|
||||
#pxe-service=x86PC, "Boot from local disk"
|
||||
|
||||
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
|
||||
#pxe-service=x86PC, "Install Linux", pxelinux
|
||||
|
||||
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
|
||||
# Beware this fails on old PXE ROMS.
|
||||
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
|
||||
|
||||
# Use bootserver on network, found my multicast or broadcast.
|
||||
#pxe-service=x86PC, "Install windows from RIS server", 1
|
||||
|
||||
# Use bootserver at a known IP address.
|
||||
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
|
||||
|
||||
# If you have multicast-FTP available,
|
||||
# information for that can be passed in a similar way using options 1
|
||||
# to 5. See page 19 of
|
||||
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
|
||||
|
||||
|
||||
# Enable dnsmasq's built-in TFTP server
|
||||
#enable-tftp
|
||||
|
||||
# Set the root directory for files available via FTP.
|
||||
#tftp-root=/var/ftpd
|
||||
|
||||
# Do not abort if the tftp-root is unavailable
|
||||
#tftp-no-fail
|
||||
|
||||
# Make the TFTP server more secure: with this set, only files owned by
|
||||
# the user dnsmasq is running as will be send over the net.
|
||||
#tftp-secure
|
||||
|
||||
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
|
||||
# transfers. It will slow things down, but may rescue some broken TFTP
|
||||
# clients.
|
||||
#tftp-no-blocksize
|
||||
|
||||
# Set the boot file name only when the "red" tag is set.
|
||||
#dhcp-boot=tag:red,pxelinux.red-net
|
||||
|
||||
# An example of dhcp-boot with an external TFTP server: the name and IP
|
||||
# address of the server are given after the filename.
|
||||
# Can fail with old PXE ROMS. Overridden by --pxe-service.
|
||||
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
|
||||
|
||||
# If there are multiple external tftp servers having a same name
|
||||
# (using /etc/hosts) then that name can be specified as the
|
||||
# tftp_servername (the third option to dhcp-boot) and in that
|
||||
# case dnsmasq resolves this name and returns the resultant IP
|
||||
# addresses in round robin fashion. This facility can be used to
|
||||
# load balance the tftp load among a set of servers.
|
||||
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
|
||||
|
||||
# Set the limit on DHCP leases, the default is 150
|
||||
#dhcp-lease-max=150
|
||||
|
||||
# The DHCP server needs somewhere on disk to keep its lease database.
|
||||
# This defaults to a sane location, but if you want to change it, use
|
||||
# the line below.
|
||||
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
|
||||
|
||||
# Set the DHCP server to authoritative mode. In this mode it will barge in
|
||||
# and take over the lease for any client which broadcasts on the network,
|
||||
# whether it has a record of the lease or not. This avoids long timeouts
|
||||
# when a machine wakes up on a new network. DO NOT enable this if there's
|
||||
# the slightest chance that you might end up accidentally configuring a DHCP
|
||||
# server for your campus/company accidentally. The ISC server uses
|
||||
# the same option, and this URL provides more information:
|
||||
# http://www.isc.org/files/auth.html
|
||||
#dhcp-authoritative
|
||||
|
||||
# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
|
||||
# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
|
||||
# option with a DHCPACK including a Rapid Commit option and fully committed address
|
||||
# and configuration information. This must only be enabled if either the server is
|
||||
# the only server for the subnet, or multiple servers are present and they each
|
||||
# commit a binding for all clients.
|
||||
#dhcp-rapid-commit
|
||||
|
||||
# Run an executable when a DHCP lease is created or destroyed.
|
||||
# The arguments sent to the script are "add" or "del",
|
||||
# then the MAC address, the IP address and finally the hostname
|
||||
# if there is one.
|
||||
#dhcp-script=/bin/echo
|
||||
|
||||
# Set the cachesize here.
|
||||
#cache-size=150
|
||||
|
||||
# If you want to disable negative caching, uncomment this.
|
||||
#no-negcache
|
||||
|
||||
# Normally responses which come from /etc/hosts and the DHCP lease
|
||||
# file have Time-To-Live set as zero, which conventionally means
|
||||
# do not cache further. If you are happy to trade lower load on the
|
||||
# server for potentially stale date, you can set a time-to-live (in
|
||||
# seconds) here.
|
||||
#local-ttl=
|
||||
|
||||
# If you want dnsmasq to detect attempts by Verisign to send queries
|
||||
# to unregistered .com and .net hosts to its sitefinder service and
|
||||
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
|
||||
# this line. You can add similar lines to do the same for other
|
||||
# registries which have implemented wildcard A records.
|
||||
#bogus-nxdomain=64.94.110.11
|
||||
|
||||
# If you want to fix up DNS results from upstream servers, use the
|
||||
# alias option. This only works for IPv4.
|
||||
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
|
||||
#alias=1.2.3.4,5.6.7.8
|
||||
# and this maps 1.2.3.x to 5.6.7.x
|
||||
#alias=1.2.3.0,5.6.7.0,255.255.255.0
|
||||
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
|
||||
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
|
||||
|
||||
# Change these lines if you want dnsmasq to serve MX records.
|
||||
|
||||
# Return an MX record named "maildomain.com" with target
|
||||
# servermachine.com and preference 50
|
||||
#mx-host=maildomain.com,servermachine.com,50
|
||||
|
||||
# Set the default target for MX records created using the localmx option.
|
||||
#mx-target=servermachine.com
|
||||
|
||||
# Return an MX record pointing to the mx-target for all local
|
||||
# machines.
|
||||
#localmx
|
||||
|
||||
# Return an MX record pointing to itself for all local machines.
|
||||
#selfmx
|
||||
|
||||
# Change the following lines if you want dnsmasq to serve SRV
|
||||
# records. These are useful if you want to serve ldap requests for
|
||||
# Active Directory and other windows-originated DNS requests.
|
||||
# See RFC 2782.
|
||||
# You may add multiple srv-host lines.
|
||||
# The fields are <name>,<target>,<port>,<priority>,<weight>
|
||||
# If the domain part if missing from the name (so that is just has the
|
||||
# service and protocol sections) then the domain given by the domain=
|
||||
# config option is used. (Note that expand-hosts does not need to be
|
||||
# set for this to work.)
|
||||
|
||||
# A SRV record sending LDAP for the example.com domain to
|
||||
# ldapserver.example.com port 389
|
||||
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
|
||||
|
||||
# A SRV record sending LDAP for the example.com domain to
|
||||
# ldapserver.example.com port 389 (using domain=)
|
||||
#domain=example.com
|
||||
#srv-host=_ldap._tcp,ldapserver.example.com,389
|
||||
|
||||
# Two SRV records for LDAP, each with different priorities
|
||||
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
|
||||
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
|
||||
|
||||
# A SRV record indicating that there is no LDAP server for the domain
|
||||
# example.com
|
||||
#srv-host=_ldap._tcp.example.com
|
||||
|
||||
# The following line shows how to make dnsmasq serve an arbitrary PTR
|
||||
# record. This is useful for DNS-SD. (Note that the
|
||||
# domain-name expansion done for SRV records _does_not
|
||||
# occur for PTR records.)
|
||||
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
|
||||
|
||||
# Change the following lines to enable dnsmasq to serve TXT records.
|
||||
# These are used for things like SPF and zeroconf. (Note that the
|
||||
# domain-name expansion done for SRV records _does_not
|
||||
# occur for TXT records.)
|
||||
|
||||
#Example SPF.
|
||||
#txt-record=example.com,"v=spf1 a -all"
|
||||
|
||||
#Example zeroconf
|
||||
#txt-record=_http._tcp.example.com,name=value,paper=A4
|
||||
|
||||
# Provide an alias for a "local" DNS name. Note that this _only_ works
|
||||
# for targets which are names from DHCP or /etc/hosts. Give host
|
||||
# "bert" another name, bertrand
|
||||
#cname=bertand,bert
|
||||
|
||||
# For debugging purposes, log each DNS query as it passes through
|
||||
# dnsmasq.
|
||||
#log-queries
|
||||
|
||||
# Log lots of extra information about DHCP transactions.
|
||||
#log-dhcp
|
||||
|
||||
# Include another lot of configuration options.
|
||||
#conf-file=/etc/dnsmasq.more.conf
|
||||
#conf-dir=/etc/dnsmasq.d
|
||||
|
||||
# Include all the files in a directory except those ending in .bak
|
||||
#conf-dir=/etc/dnsmasq.d,.bak
|
||||
|
||||
# Include all files in a directory which end in .conf
|
||||
#conf-dir=/etc/dnsmasq.d/,*.conf
|
||||
|
||||
# If a DHCP client claims that its name is "wpad", ignore that.
|
||||
# This fixes a security hole. see CERT Vulnerability VU#598349
|
||||
#dhcp-name-match=set:wpad-ignore,wpad
|
||||
#dhcp-ignore-names=tag:wpad-ignore
|
|
@ -3,7 +3,7 @@
|
|||
APIKEY={{ gandi_api_key }}
|
||||
NAME=$(hostname --short)
|
||||
|
||||
IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')
|
||||
IPV6=$(ip -6 addr | grep global | grep -v temporary | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')
|
||||
|
||||
curl \
|
||||
--header "Authorization: Apikey $APIKEY" \
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
up () {
|
||||
docker network create pew-net || true
|
||||
|
||||
# Exposed on port 4040 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name airsonic \
|
||||
--restart unless-stopped \
|
||||
--env PUID=1000 \
|
||||
--env PGID=1000 \
|
||||
--env TZ=US/Eastern \
|
||||
--volume /bigdata/k8s-config/airsonic/config:/config:rw \
|
||||
--volume /bigdata/media/music:/media/music:ro \
|
||||
--volume /bigdata/media/playlists:/media/playlists:ro \
|
||||
--volume /bigdata/media/podcasts:/media/podcasts:ro \
|
||||
--network pew-net \
|
||||
ghcr.io/linuxserver/airsonic:v10.6.2-ls83
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop airsonic || true
|
||||
docker rm airsonic || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow airsonic
|
||||
}
|
||||
|
||||
$@
|
|
@ -25,13 +25,14 @@ up () {
|
|||
--env APP_URL=https://ff.seaturtle.pw \
|
||||
--volume /bigdata/k8s-config/firefly/data:/var/www/html/storage/upload:rw \
|
||||
--network pew-net \
|
||||
docker.io/jc5x/firefly-iii:version-5.4.6
|
||||
docker.io/fireflyiii/core:latest
|
||||
|
||||
# Exposed on port 3306 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name firefly-mariadb \
|
||||
--restart unless-stopped \
|
||||
--label com.centurylinklabs.watchtower.enable=false \
|
||||
--env MYSQL_RANDOM_ROOT_PASSWORD=notnullvalue \
|
||||
--env MYSQL_PASSWORD=firefly \
|
||||
--env MYSQL_DATABASE=firefly \
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
up () {
|
||||
docker network create pew-net || true
|
||||
|
||||
# Exposed on port 8080 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name geoserver \
|
||||
--restart unless-stopped \
|
||||
--volume /bigdata/gis/geoserver/config/geoserver-web.xml:/usr/local/geoserver/WEB-INF/web.xml:ro \
|
||||
--volume /bigdata/gis/geoserver/extensions:/var/local/geoserver-exts:ro \
|
||||
--volume /bigdata/gis/geoserver/data:/var/local/geoserver:rw \
|
||||
--volume /bigdata/gis/store:/gis/store:ro \
|
||||
--publish 8181:8080 \
|
||||
--network pew-net \
|
||||
docker.io/oscarfonts/geoserver:2.20.2
|
||||
#--volume /bigdata/k8s-config/geoserver/config/tomcat-web.xml:/usr/local/tomcat/conf/web.xml:ro \
|
||||
|
||||
# Exposed on port 5432 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name geoserver-postgis \
|
||||
--env POSTGRES_PASSWORD=postgres \
|
||||
--restart unless-stopped \
|
||||
--volume /bigdata/gis/geoserver/postgis:/var/lib/postgresql/data:rw \
|
||||
--network pew-net \
|
||||
docker.io/postgis/postgis:14-3.2-alpine
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop geoserver || true
|
||||
docker rm geoserver || true
|
||||
docker stop geoserver-postgis || true
|
||||
docker rm geoserver-postgis || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow geoserver
|
||||
}
|
||||
|
||||
logsp () {
|
||||
docker logs --follow geoserver-postgis
|
||||
}
|
||||
|
||||
$@
|
|
@ -24,7 +24,7 @@ up () {
|
|||
--volume /etc/timezone:/etc/timezone:ro \
|
||||
--publish 2222:2222 \
|
||||
--network pew-net \
|
||||
docker.io/gitea/gitea:1.12.5
|
||||
docker.io/gitea/gitea:latest
|
||||
}
|
||||
|
||||
down () {
|
||||
|
|
|
@ -18,7 +18,7 @@ up () {
|
|||
--volume /bigdata/media/movies:/media/movies:ro \
|
||||
--volume /bigdata/media/music:/media/music:ro \
|
||||
--network pew-net \
|
||||
ghcr.io/linuxserver/jellyfin:10.7.0-1-ls100
|
||||
ghcr.io/linuxserver/jellyfin:latest
|
||||
}
|
||||
|
||||
down () {
|
||||
|
|
|
@ -9,8 +9,8 @@ up () {
|
|||
--restart unless-stopped \
|
||||
--env EULA=TRUE \
|
||||
--env MAX_MEMORY=8G \
|
||||
--env VERSION=1.15.2 \
|
||||
--volume /bigdata/k8s-config/minecraft/data:/data:rw \
|
||||
--env VERSION=1.18.1 \
|
||||
--volume /bigdata/k8s-config/minecraft/1.18-data:/data:rw \
|
||||
--publish 127.0.0.1:25565:25565 \
|
||||
docker.io/itzg/minecraft-server:latest
|
||||
}
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
[Unit]
|
||||
Description=Nextcloud cron and scan for any new ebooks
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/docker exec nextcloud /bin/bash -c "if ! command -v sudo &> /dev/null; then apt-get update && apt-get install -y sudo; fi; sudo -u www-data php -f /var/www/html/cron.php && sudo -u www-data /var/www/html/occ files:scan --path='/pew/files/ebooks'"
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
|
@ -1,9 +0,0 @@
|
|||
[Unit]
|
||||
Description=Run nextcloud-cron service every 10 minutes and on boot
|
||||
|
||||
[Timer]
|
||||
OnBootSec=10min
|
||||
OnUnitActiveSec=10min
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
|
@ -1,78 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# to scan new files: k exec --stdin --tty nextcloud-POD -npew -- /bin/bash -c "/var/www/html/occ files:scan --path='/USER/files'"
|
||||
|
||||
up () {
|
||||
loginctl enable-linger $USER
|
||||
docker network create pew-net || true
|
||||
|
||||
# Exposed on port 80 in pew-net
|
||||
# Must edit /var/www/html/config/config.php file after initial setup to change settings
|
||||
docker run \
|
||||
--detach \
|
||||
--name nextcloud \
|
||||
--restart unless-stopped \
|
||||
--env OVERWRITEHOST=nc.seaturtle.pw \
|
||||
--env OVERWRITEPROTOCOL=https \
|
||||
--env MYSQL_DATABASE=nextcloud \
|
||||
--env MYSQL_USER=nextcloud \
|
||||
--env MYSQL_PASSWORD=nextcloud \
|
||||
--env MYSQL_HOST=nextcloud-mariadb \
|
||||
--env REDIS_HOST=nextcloud-redis \
|
||||
--env REDIS_HOST_PASSWORD=nextcloud \
|
||||
--volume /bigdata/k8s-config/nextcloud/data:/var/www/html:rw \
|
||||
--network pew-net \
|
||||
docker.io/nextcloud:20.0.1-apache
|
||||
|
||||
# Exposed on port 3306 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name nextcloud-mariadb \
|
||||
--restart unless-stopped \
|
||||
--env MYSQL_RANDOM_ROOT_PASSWORD=notnullvalue \
|
||||
--env MYSQL_PASSWORD=nextcloud \
|
||||
--env MYSQL_DATABASE=nextcloud \
|
||||
--env MYSQL_USER=nextcloud \
|
||||
--volume /bigdata/k8s-config/nextcloud/mariadb:/var/lib/mysql:rw \
|
||||
--network pew-net \
|
||||
docker.io/mariadb:10.5.6
|
||||
|
||||
# Exposed on port 6379 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name nextcloud-redis \
|
||||
--restart unless-stopped \
|
||||
--network pew-net \
|
||||
docker.io/redis:6.0.9 --requirepass nextcloud
|
||||
|
||||
# Setup nextcloud cron and continuous scanning for new files
|
||||
cp nextcloud-cron.service nextcloud-cron.timer $HOME/.config/systemd/user/
|
||||
systemctl start --user nextcloud-cron.timer || systemctl restart --user nextcloud-cron.timer
|
||||
systemctl enable --user nextcloud-cron.timer
|
||||
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop nextcloud || true
|
||||
docker rm nextcloud || true
|
||||
docker stop nextcloud-mariadb || true
|
||||
docker rm nextcloud-mariadb || true
|
||||
docker stop nextcloud-redis || true
|
||||
docker rm nextcloud-redis || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs -f nextcloud
|
||||
}
|
||||
|
||||
logsm () {
|
||||
docker logs -f nextcloud-mariadb
|
||||
}
|
||||
|
||||
logsr () {
|
||||
docker logs -f nextcloud-redis
|
||||
}
|
||||
|
||||
$@
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
up () {
|
||||
# Poll interval: 1800s (30 mins)
|
||||
docker run \
|
||||
--detach \
|
||||
--name nfs \
|
||||
--volume /bigdata/tmp/echarlie-photos:/bigdata/tmp/echarlie-photos:rw \
|
||||
--volume /bigdata/k8s-config/nfs/exports.txt:/etc/exports.txt \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock:rw \
|
||||
erichough/nfs-server:latest
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop nfs || true
|
||||
docker rm nfs || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow nfs
|
||||
}
|
||||
|
||||
$@
|
|
@ -17,16 +17,17 @@ up () {
|
|||
--env URL=seaturtle.pw \
|
||||
--env VALIDATION=http \
|
||||
--env EMAIL=paulsw.pw@gmail.com \
|
||||
--env SUBDOMAINS=airsonic,cave,ff,git,jf,nc,plex \
|
||||
--env SUBDOMAINS=cave,ff,git,jf,nc,plex \
|
||||
--env EXTRA_DOMAINS=paul.walko.org,tile.bigcavemaps.com \
|
||||
--volume /bigdata/k8s-config/nginx/nginx.conf:/config/nginx/nginx.conf:ro \
|
||||
--volume /bigdata/files:/files:ro \
|
||||
--volume /bigdata/k8s-config/nginx/config:/config:rw \
|
||||
--volume /bigdata/k8s-config/nginx/ssl.conf:/config/nginx/ssl.conf:ro \
|
||||
--volume /bigdata/k8s-config/nginx/site-confs:/config/nginx/site-confs:ro \
|
||||
--publish 127.0.0.1:80:80 \
|
||||
--publish 80:80 \
|
||||
--publish 443:443 \
|
||||
--network pew-net \
|
||||
ghcr.io/linuxserver/swag:1.15.0-ls57
|
||||
ghcr.io/linuxserver/swag:latest
|
||||
}
|
||||
|
||||
down () {
|
||||
|
|
|
@ -0,0 +1,93 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
up () {
|
||||
docker network create pew-net || true
|
||||
|
||||
# Exposed on port 8000 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name paperless \
|
||||
--restart unless-stopped \
|
||||
--env USERMAP_UID=1000 \
|
||||
--env USERMAP_GID=1000 \
|
||||
--env PAPERLESS_REDIS=redis://paperless-redis:6379 \
|
||||
--env PAPERLESS_DBHOST=paperless-psql \
|
||||
--env PAPERLESS_TIKA_ENABLED=1 \
|
||||
--env PAPERLESS_TIKA_GOTENBERG_EDPOINT=http://paperless-gotenberg:3000 \
|
||||
--env PAPERLESS_TIKA_ENDPOINT=http://paperless-tika:9998 \
|
||||
--volume /bigdata/k8s-config/paperless/paperless/data:/usr/src/paperless/data:rw \
|
||||
--volume /bigdata/k8s-config/paperless/paperless/media:/usr/src/paperless/media:rw \
|
||||
--volume /bigdata/k8s-config/paperless/paperless/export:/usr/src/paperless/export:rw \
|
||||
--volume /bigdata/k8s-config/paperless/paperless/consume:/usr/src/paperless/consume:rw \
|
||||
--network pew-net \
|
||||
docker.io/jonaswinkler/paperless-ng:latest
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name paperless-gotenberg \
|
||||
--restart unless-stopped \
|
||||
--env DISABLE_GOOGLE_CHROME=1 \
|
||||
--network pew-net \
|
||||
docker.io/thecodingmachine/gotenberg:latest
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name paperless-psql \
|
||||
--env POSTGRES_DB=paperless \
|
||||
--env POSTGRES_USER=paperless \
|
||||
--env POSTGRES_PASSWORD=paperless \
|
||||
--volume /bigdata/k8s-config/paperless/postgres:/var/lib/postgresql/data:rw \
|
||||
--network pew-net \
|
||||
docker.io/postgres:13
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name paperless-redis \
|
||||
--restart unless-stopped \
|
||||
--network pew-net \
|
||||
docker.io/redis:6.0
|
||||
|
||||
docker run \
|
||||
--detach \
|
||||
--name paperless-tika \
|
||||
--restart unless-stopped \
|
||||
--network pew-net \
|
||||
docker.io/apache/tika:latest
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop paperless || true
|
||||
docker rm paperless || true
|
||||
docker stop paperless-gotenberg || true
|
||||
docker rm paperless-gotenberg || true
|
||||
docker stop paperless-psql || true
|
||||
docker rm paperless-psql || true
|
||||
docker stop paperless-redis || true
|
||||
docker rm paperless-redis || true
|
||||
docker stop paperless-tika || true
|
||||
docker rm paperless-tika || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow paperless
|
||||
}
|
||||
|
||||
logsg () {
|
||||
docker logs --follow paperless-gotenberg
|
||||
}
|
||||
|
||||
logsp () {
|
||||
docker logs --follow paperless-psql
|
||||
}
|
||||
|
||||
logsr () {
|
||||
docker logs --follow paperless-redis
|
||||
}
|
||||
|
||||
logst () {
|
||||
docker logs --follow paperless-tika
|
||||
}
|
||||
|
||||
$@
|
|
@ -18,7 +18,7 @@ up () {
|
|||
--volume /bigdata/media/music:/media/music:ro \
|
||||
--volume /media-vtluug:/media/media-vtluug:ro \
|
||||
--network pew-net \
|
||||
ghcr.io/linuxserver/plex:1.20.3.3483-211702a9f-ls122
|
||||
ghcr.io/linuxserver/plex:latest
|
||||
}
|
||||
|
||||
down () {
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
##### Update as follows #####
|
||||
#/etc/apache2/conf.d # cat dav_svn.conf
|
||||
#LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
|
||||
#LoadModule authz_svn_module /usr/lib/apache2/mod_authz_svn.so
|
||||
#
|
||||
#<Location /svn>
|
||||
# DAV svn
|
||||
# SVNParentPath /home/svn
|
||||
# SVNListParentPath On
|
||||
# Allow from All
|
||||
# Satisfy Any
|
||||
## AuthType Basic
|
||||
## AuthName "Subversion Repository"
|
||||
## AuthUserFile /etc/subversion/passwd
|
||||
# AuthzSVNAccessFile /etc/subversion/subversion-access-control
|
||||
## Require valid-user
|
||||
# </Location>
|
||||
|
||||
|
||||
# See https://github.com/elleFlorio/svn-docker for adding users
|
||||
|
||||
up () {
|
||||
docker network create pew-net || true
|
||||
|
||||
# Exposed on port 80 in pew-net
|
||||
docker run \
|
||||
--detach \
|
||||
--name tunnelvr-fileserver \
|
||||
--restart unless-stopped \
|
||||
--volume /bigdata/archive/vpicc-private/tunnelvr:/home/svn:rw \
|
||||
--volume svn_config:/etc/subversion \
|
||||
--volume svnadmin_config:/opt/svnadmin/data \
|
||||
--publish 10.42.0.203:8081:80 \
|
||||
--publish 10.42.0.203:3690:3690 \
|
||||
--network pew-net \
|
||||
elleflorio/svn-server:latest
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop tunnelvr-fileserver || true
|
||||
docker rm tunnelvr-fileserver || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow tunnelvr-fileserver
|
||||
}
|
||||
|
||||
$@
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
up () {
|
||||
# Exposed on port 8000
|
||||
docker run \
|
||||
--detach \
|
||||
--name tunnelvr \
|
||||
--restart unless-stopped \
|
||||
--volume /bigdata/k8s-config/tunnelvr/caddywebserver:/home/caver/.local/share/godot/app_userdata/tunnelvr_v0.7/caddywebserver:ro \
|
||||
--publish 127.0.0.1:8000:8000 \
|
||||
ghcr.io/paulwalko/tunnelvr-server:testv8
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop tunnelvr || true
|
||||
docker rm tunnelvr || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow tunnelvr
|
||||
}
|
||||
|
||||
$@
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
up () {
|
||||
docker run \
|
||||
--detach \
|
||||
--name unifi \
|
||||
--restart unless-stopped \
|
||||
--env PUID=1000 \
|
||||
--env GUID=1000 \
|
||||
--volume /bigdata/k8s-config/unifi/config:/config:rw \
|
||||
--publish 3478:3478/udp \
|
||||
--publish 10001:10001/udp \
|
||||
--publish 8080:8080/tcp \
|
||||
--publish 8443:8443/tcp \
|
||||
ghcr.io/linuxserver/unifi-controller:6.5.54-ls134
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop unifi || true
|
||||
docker rm unifi || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow unifi
|
||||
}
|
||||
|
||||
$@
|
|
@ -0,0 +1,23 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
up () {
|
||||
# Poll interval: 1800s (30 mins)
|
||||
docker run \
|
||||
--detach \
|
||||
--name watchtower \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock:rw \
|
||||
ghcr.io/containrrr/watchtower:amd64-1.3.0 --interval 1800
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop watchtower || true
|
||||
docker rm watchtower || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs --follow watchtower
|
||||
}
|
||||
|
||||
$@
|
|
@ -1,6 +1,8 @@
|
|||
## Based on version below; heavily modified for me
|
||||
## Version 2018/09/12 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default
|
||||
|
||||
|
||||
### madone ###
|
||||
# Redirect HTTPS to HTTP
|
||||
server {
|
||||
listen 80;
|
||||
|
@ -33,3 +35,43 @@ server {
|
|||
proxy_read_timeout 8h;
|
||||
}
|
||||
}
|
||||
|
||||
### uptime ###
|
||||
# Redirect HTTPS to HTTP
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name uptime.seaturtle.pw;
|
||||
|
||||
return 301 https://uptime.seaturtle.pw$request_uri;
|
||||
}
|
||||
|
||||
# Reference: https://gist.github.com/CodeCrafter912/4305d5a1873e2a220e7da848b87be937
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name uptime.seaturtle.pw;
|
||||
|
||||
set $monitorId zx0Y5uROBD;
|
||||
|
||||
# ssl conf
|
||||
include /config/nginx/ssl.conf;
|
||||
|
||||
client_max_body_size 1M;
|
||||
|
||||
location / {
|
||||
proxy_set_header Host "stats.uptimerobot.com";
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_pass_request_headers on;
|
||||
proxy_pass https://stats.uptimerobot.com/;
|
||||
proxy_ssl_server_name on;
|
||||
|
||||
rewrite ^\/([0-9]+) /$monitorId/$1 break;
|
||||
rewrite ^\/$ /$monitorId break;
|
||||
|
||||
sub_filter_once off;
|
||||
sub_filter_types text/html;
|
||||
sub_filter "stats.uptimerobot.com" "$host";
|
||||
sub_filter "https://stats.uptimerobot.com/$monitorId" "https://$host";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
#!/bin/bash
|
||||
|
||||
docker run \
|
||||
set -e
|
||||
|
||||
up () {
|
||||
docker run \
|
||||
--name nginx \
|
||||
--detach \
|
||||
--restart unless-stopped \
|
||||
|
@ -9,7 +12,7 @@ docker run \
|
|||
--env EMAIL=sysadmin@seaturtle.pw \
|
||||
--env URL=seaturtle.pw \
|
||||
--env ONLY_SUBDOMAINS=true \
|
||||
--env SUBDOMAINS=madone \
|
||||
--env SUBDOMAINS=madone,uptime \
|
||||
--env VALIDATION=html \
|
||||
--env TZ=US/Eastern \
|
||||
--volume $PWD/nginx-config:/config:rw \
|
||||
|
@ -20,3 +23,16 @@ docker run \
|
|||
--publish [2001:bc8:6005:19:208:a2ff:fe0c:917c]:80:80 \
|
||||
--publish [2001:bc8:6005:19:208:a2ff:fe0c:917c]:443:443 \
|
||||
linuxserver/letsencrypt:1.3.0-ls110
|
||||
}
|
||||
|
||||
down () {
|
||||
docker stop nginx || true
|
||||
docker rm nginx || true
|
||||
}
|
||||
|
||||
logs () {
|
||||
docker logs -f nginx
|
||||
}
|
||||
|
||||
|
||||
$@
|
||||
|
|
Loading…
Reference in New Issue