Skip to content

Home

Jump to bottom
Joe edited this page May 22, 2024 · 49 revisions

Welcome to the homelab-docker wiki!

https://www.homeautomationguy.io/blog/home-assistant-tips/using-visual-studio-to-edit-your-home-assistant-configuration-yaml-file-over-ssh

Install Steps

Lay the foundation with Git

  1. sudo apt install git
  2. git config --global user.name "your name"
  3. git config --global user.email "[email protected]"
  4. cd /opt/docker
  5. git clone https://github.com/jgwehr/homelab-docker.git docker Stores the local contents in a directory named Docker

Install Docker

  1. Instructions for Ubuntu 20LTS
  2. Assign the user to the Docker Group: sudo usermod -aG docker ${USER}
  3. Start on boot: sudo systemctl enable docker.service
  4. Start on boot: sudo systemctl enable containerd.service

Install Docker Compose

  1. Instructions for Ubuntu 20LTS

Prepare File System

You can, of course, use your own structure. The below instructions use this repo's opinion.

Create Folders

cd /srv
mkdir -p {docker/config,cache,logs}

cd /opt/docker
git clone https://github.com/jgwehr/homelab-docker.git homelab

cd /mnt/storage #or otherwise /data
mkdir -p db
mkdir -p downloads/{audiobooks,music,podcasts,movies,tv}
mkdir -p media/{audiobooks,music,pictures,podcasts,movies,tv}
mkdir -p staticfiles

Own Folders

sudo chown -R $USER:$USER /mnt/storage
sudo chmod -R a=,a rX,u w,g w /mnt/storage

Configuring Docker Compose

User and Group IDs for .env

  1. execute id to learn the UID (user ID) and GID (group ID)
  2. execute cd ~ ; pwd to learn the User Directory
  3. Steps below TBD
  4. set PUID= to the UID value from (1) above
  5. set PGID= to the GID value from (1) above
  6. set the TZ= to the database name

CPU Hardware Acceleration for Jellyfin (also, good user-per-container permissions)

  1. execute useradd jellyfin
  2. execute id jellyfin to learn it's new uid and gid. You can, alternatively, assign this using useradd -u #### jellyfin
  3. the uid and gid need to be provided to the .env file as UID_JELLYFIN and GID_JELLYFIN
  4. execute usermod -aG render jellyfin to enable access to video rendering devices
  5. the gid of this "render" group should be provided to the .env file as GID_HARDWAREACC
  6. Within Jellyfin > Admin > Dashboard > Playback, you should then enable "Video Acceleration API (VAAPI)" for Transcoding
    1. I've had success checking "H264, HEVC, VC1" with an i7-2600. Better processors or GPUs are outside the scope of this wiki, since I don't have them.
    2. VAAPI support can be understood here: https://01.org/linuxmedia/vaapi
    3. For newer CPUs, it's likely that Intel QuickSync is a better type of acceleration.

What version of ffmpeg is my container running?

docker exec jellyfin apt list | grep ffmpeg

How is my (Intel) CPU being used during Transcoding?

intel_gpu_top

*Arr Configuration

see https://github.com/jgwehr/homelab-docker/wiki/*Arr-Configuration

Readable system logs

Crowdsec needs read access to protect the system from ... system-level things. Such as SSH attacks. The related logs are not world readable. And, as of yet, I don't have a good grasp on groups/users to do this more elegantly. Thus: [NEEDS REVIEW]

  1. cd /var/logs
  2. ls -l auth.log should show something like -rw-r----- syslog adm
  3. chmod o r auth.log will grant (r)ead access to "others"

Crowdsec

Registering the Caddy Bouncer for Crowdsec

At this time, it's not possible for the bouncer (configured into the Caddy container) to negotiate the Crowdsec Local API token. Thus, we must have everything up and running, register it, reconfigure the Caddyfile, and then restart.

  1. Confirm the status of your Bouncers: docker exec crowdsec cscli bouncers list. Should be empty if first install
  2. Per https://github.com/hslatman/caddy-crowdsec-bouncer, run docker exec crowdsec cscli bouncers add caddy-bouncer
  3. Copy the generated API Key from the terminal
  4. Paste this key into .env BOUNCER_CADDY_TOKEN. Save.
  5. docker-compose down
  6. docker-compose up -d

(Optional) Signing up for CrowdSec Console

  1. Create an account https://app.crowdsec.net
  2. Generate a unique-registeration-key on the website.
  3. Request the CrowdSec container to register online credentials: docker exec crowdsec cscli capi register
  4. Restart the container
  5. Enroll: docker exec crowdsec cscli console enroll unique-registeration-key
  6. Return the website, and Accept the registration of this instance

HTTP errors to fetch version

For somereason the hosts file of Crowdsec LOVES to get corrupted this results in issues such as "Unable to retrieve latest crowdsec version" and "Post "https://api.crowdsec.net/v3/watchers\": dial tcp: lookup api.crowdsec.net on 127.0.0.11:53: read udp 127.0.0.1:36736->127.0.0.11:53: i/o timeout"

start with sudo service docker restart

Tandoor

Backing Up Tandoor: sudo docker exec -t tandoor_db pg_dumpall -U djangouser > tandoor_pgdump.sql

Restoring Tandoor:

  1. Start a fresh Postgres container. This may mean deleting the volumes or dropping all tables; etc. It's important the Tandoor container is NOT started yet
  2. Remove the PASSWORD x command from your exported tandoor_pgdump.sql. Store this file on the local server.
  3. cat tandoor_pgdump.sql | sudo docker exec -i tandoor_db psql postgres -U tandoor_user

Paperless

  1. After the containers are running, create your super user: docker exec -it paperless bash and then python3 manage.py createsuperuser
  2. Paperless' training models need a decent amount of RAM; I had issues at .5 and none with 2GB or more
  3. The backup mechanism is pretty straightforward, and preferred over a simple "copy and paste" of the files. Paperless keeps two versions of each file.

Scrutiny

  1. modify the docker-compose.yaml file. Provide the correct devices: for the Scrutiny container
    1. help: df -h or ls -lA /dev/disk/by-id
  2. copy /configtemplates/scrutiny/scrutiny.yaml to your docker config directory: cp /configtemplates/scrutiny/scrutiny.yaml /srv/docker/scrutiny
    1. Customize this file per Scrutiny's instructions: https://github.com/AnalogJ/scrutiny

Homepage configuration

see: https://github.com/jgwehr/homelab-docker/wiki/Homepage-(dashboard)

Uptime Kuma

tip, reset 2FA with docker exec -it <container name> npm run remove-2fa

Rallly

Currently, this app requires an SMTP server for creating accounts. Tools such as MailJet provide hobbyist accounts for free. I set it up successfully using:

  • SMTP_USER = API Token
  • SMTP_PASSWORD = Secret Key
  • SMTP_PORT = 465
  • SMTP_SECURE = true

Use any password/key generation for RALLLY_SECRETKEY

The PostGres database is tricky with MergerFS. I start the container using a specific harddrive location instead of the MergerFS storage. This creates the directory with correct permissions. Afterwards, the volume can be changed.

Quality of Life

# Aliases in this file are available to all users
# To install for one user place in ~/.bash_aliases

# Tail last 50 lines of docker logs
alias dtail='docker logs -tf --tail='50' '

# Shorthand, customise docker-compose.yaml location as needed
alias dcp='docker-compose -f ~/docker-compose.yaml '

# Remove unused images (useful after an upgrade)
alias dprune='docker image prune'

# Remove unused images, unused networks *and data* (use with care)
alias dprunesys='docker system prune --all'```

Stop all Containers
`docker stop $(docker ps -a -q)`
`service docker restart`

Check what is using a port
`sudo ss -tulpn | grep :80`

Stop a Container by port
`docker stop $(docker ps | grep ":PORT_NUMBER" | awk '{print $1}')`
Clone this wiki locally