From ef4565de4aa4179e48faa1e6d55f30c07fee88b6 Mon Sep 17 00:00:00 2001 From: ronny abraham Date: Thu, 17 Apr 2025 01:57:40 +0300 Subject: [PATCH] updated everything --- _share/data/docker/calibre-compose.yml | 24 ++- _share/data/docker/n8n-compose.yml | 2 +- _share/data/nginx/calibre/gaming.conf | 35 ++++ .../public-ssl.conf} | 0 .../{calibre.conf => calibre/public.conf} | 0 calibre.org | 42 +++- forgeo.org | 198 ++++++++++++------ n8n-setup.org | 24 ++- nginx.org | 18 +- pi-storage.org | 84 ++++++-- 10 files changed, 317 insertions(+), 110 deletions(-) create mode 100644 _share/data/nginx/calibre/gaming.conf rename _share/data/nginx/{calibre-ssl.conf => calibre/public-ssl.conf} (100%) rename _share/data/nginx/{calibre.conf => calibre/public.conf} (100%) diff --git a/_share/data/docker/calibre-compose.yml b/_share/data/docker/calibre-compose.yml index 763885c..4783dd0 100644 --- a/_share/data/docker/calibre-compose.yml +++ b/_share/data/docker/calibre-compose.yml @@ -1,14 +1,28 @@ services: - calibre-web: + calibre-public: image: lscr.io/linuxserver/calibre-web - container_name: calibre-web + container_name: calibre-public environment: - - PUID=1004 # ID for 'librarian' user - - PGID=1004 # Group ID for 'librarian' + - PUID=1004 + - PGID=1004 - TZ=Asia/Jerusalem volumes: - - /home/librarian/calibre-library:/books + - /home/librarian/calibre-library/public:/books + - /srv/calibre/public:/config ports: - 127.0.0.1:8083:8083 restart: unless-stopped + calibre-gaming: + image: lscr.io/linuxserver/calibre-web + container_name: calibre-gaming + environment: + - PUID=1004 + - PGID=1004 + - TZ=Asia/Jerusalem + volumes: + - /home/librarian/calibre-library/gaming:/books + - /srv/calibre/gaming:/config + ports: + - 127.0.0.1:8086:8083 + restart: unless-stopped diff --git a/_share/data/docker/n8n-compose.yml b/_share/data/docker/n8n-compose.yml index 3e6ace7..4cf1def 100644 --- a/_share/data/docker/n8n-compose.yml +++ b/_share/data/docker/n8n-compose.yml @@ -16,4 +16,4 @@ services: - N8N_RUNNERS_ENABLED=true volumes: - /srv/n8n:/home/node/.n8n - + - /srv/n8n/config:/etc/n8n # Optional: for external config files (advanced) diff --git a/_share/data/nginx/calibre/gaming.conf b/_share/data/nginx/calibre/gaming.conf new file mode 100644 index 0000000..9ae35b5 --- /dev/null +++ b/_share/data/nginx/calibre/gaming.conf @@ -0,0 +1,35 @@ +server { + server_name calibre-gaming.ronnyabraham.com; + + client_max_body_size 100M; + + location / { + proxy_pass http://localhost:8086; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + access_log /var/log/nginx/calibre-gaming.access.log; + error_log /var/log/nginx/calibre-gaming.error.log; + + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/calibre-gaming.ronnyabraham.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/calibre-gaming.ronnyabraham.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} + +server { + if ($host = calibre-gaming.ronnyabraham.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name calibre-gaming.ronnyabraham.com; + return 404; # managed by Certbot +} diff --git a/_share/data/nginx/calibre-ssl.conf b/_share/data/nginx/calibre/public-ssl.conf similarity index 100% rename from _share/data/nginx/calibre-ssl.conf rename to _share/data/nginx/calibre/public-ssl.conf diff --git a/_share/data/nginx/calibre.conf b/_share/data/nginx/calibre/public.conf similarity index 100% rename from _share/data/nginx/calibre.conf rename to _share/data/nginx/calibre/public.conf diff --git a/calibre.org b/calibre.org index d3b29ad..06c2693 100644 --- a/calibre.org +++ b/calibre.org @@ -10,27 +10,47 @@ * important info ** identification -*** basic +*** raspberry-pi | user | password | application | |--------------+----------------+---------------------------------| | librarian | 2reishit2ara | calibre storage and docker user | | ronny | 2reishit2ara | docker managers | -*** calibre login data +*** calibre.ronnyabraham.com | username | password | email | role | |---------------+----------------+-------------------------+-------| | calibre-admin | chukatHat6rah! | ronny.abraham@ymail.com | admin | | ronnyabraham | chukatHat6rah! | this.ronny@gmail.com | user | +*** calibre-gaming.ronnyabraham.com +| username | password | email | role | +|--------------+----------------+-------------------------+-------| +| ronnyabraham | chukatHat6rah! | this.ronny@gmail.com | user | +| gaming-admin | chukatHat6rah! | ronny.abraham@ymail.com | admin | ** locations -| key | value | -|---------------+---------------------------------| -| home | /home/librarian | -| mount | /mnt/storage/librarian | -| library | /home/librarian/calibre-library | -| database name | /books | +*** directory structure +#+begin_src text +/home/librarian/calibre-library +├── gaming +└── public + +/mnt/storage/docker/compose/calibre +└── docker-compose.yml + +/srv/calibre +├── gaming +└── public +#+end_src + +| purpose | mount | +|----------------------+---------------------------------| +| docker compose files | /mnt/docker/compose/calibre | +| book databases | /home/librarian/calibre-library | +| configuration | /srv/calibre | +| nginx configs | /etc/nginx/sites-available | + * docker @@ -38,4 +58,8 @@ #+INCLUDE: "docker.org::#docker-calibre" :only-contents t * nginx -#+INCLUDE: "nginx.org::#calibre-conf" :only-contents t +*** public server: 'calibre-public' +#+INCLUDE: "nginx.org::#calibre-public" :only-contents t + +*** gaming server: 'calibre-gaming' +#+INCLUDE: "nginx.org::#calibre-gaming" :only-contents t diff --git a/forgeo.org b/forgeo.org index b33bcf1..90be1e5 100644 --- a/forgeo.org +++ b/forgeo.org @@ -8,43 +8,50 @@ * Hardware -* Forgejo Setup on Raspberry Pi +* Forgejo on Raspberry Pi -** Login data -| property | value | -|-------------+------------------------------| -| url | https://git.ronnyabraham.com | -| admin user | git-admin | -| admin pass | 2reishit2ara | -| admin email | ronny.abraham@ymail.com | +** Configuration Summary +*** Instance Details +| Property | Value | +|----------------------+----------------------------------| +| URL | https://forgejo.ronnyabraham.com | +| SSH Server Port | 222 | +| Web Server Port | 3000 | +| Repository Root Path | /data/git/repositories | +| Docker User | git | -** Data Drive Setup +*** Users +| Role | Username | Password | Email | +|------------+------------+--------------+-------------------------| +| Admin | git-admin | 2reishit2ara | ronny.abraham@ymail.com | +| Developer | ronnygit | 2reishit2ara | ronny.coder@gmail.com | -*** ️Git Repository Storage Info -| Property | Value | -|-------------------+----------------------------------| -| Physical Mount | /mnt/git | -| Logical Bind Mount| /srv/git | -| Device | /dev/sdb1 | -| Filesystem Type | ext4 | -| Label | gitdisk | -| UUID | 649f82e9-cfc0-4725-b260-d40f413bd0c3 | -| Used for | Forgejo repository storage | +** Data Drive & Volumes -*** fstab entry +*** Physical Storage & Mount Info️ + +| Property | Value | +|--------------------+--------------------------------------| +| Physical Mount | /mnt/git | +| Logical Bind Mount | /srv/git | +| Device | /dev/sdb1 | +| Filesystem Type | ext4 | +| Label | gitdisk | +| UUID | 649f82e9-cfc0-4725-b260-d40f413bd0c3 | +| Used for | Forgejo repository storage | + +*** fstab Entries #+begin_src conf UUID=649f82e9-cfc0-4725-b260-d40f413bd0c3 /mnt/git ext4 defaults,noatime 0 2 /mnt/git /srv/git none bind 0 0 #+end_src -** Data Volume Layout +*** Mapping To separate application configuration from repository data, the Forgejo Docker container uses specific internal paths. We map our host directories accordingly for clarity and ease of maintenance. -*** Folder Breakdown - -The folder structure on the host (Raspberry Pi): +**** Folder Layout #+begin_example /mnt/storage/compose/docker/forgejo ← holds docker-compose.yml @@ -56,7 +63,7 @@ The folder structure on the host (Raspberry Pi): This split layout allows easy backup, inspection, and version control of the Forgejo configuration without interfering with large and changing repository data. -*** Volume Mapping +**** Volume Mapping | Host path | Container path | Purpose | |-------------------+------------------------+--------------------------------| @@ -65,74 +72,135 @@ This split layout allows easy backup, inspection, and version control of the For Make sure both folders on the host (`/srv/git/data` and `/srv/git/config`) are owned by the correct user (e.g. UID 1000), and match the container’s expectations. +*** File Setup -*** docker-compose.yml +| Component | Path | Purpose | +|-----------+-------------------------------------+---------------------------| +| Nginx | /etc/nginx/sites-available/forgejo | reverse proxy for Forgejo | +| Docker | /mnt/storage/docker/compose/forgejo | docker compose file | + + +** Docker Setup #+INCLUDE: "docker.org::#docker-forgejo" :only-contents t ** Nginx -Create file: /etc/nginx/sites-available/forgejo + +*** Site Configuration + + #+INCLUDE: "nginx.org::#forgejo-conf" :only-contents t -Enable and reload Nginx: +*** Enable Site & Restart #+begin_src bash sudo ln -s /etc/nginx/sites-available/forgejo /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx #+end_src -*** (Optional) Enable HTTPS with Certbot +*** Enable HTTPS with Certbot #+begin_src bash sudo certbot --nginx -d git.ronnyabraham.com #+end_src -** Finish Setup -Visit: https://git.ronnyabraham.com -Set up the admin user and create your first repository. +** First-Time Setup +- Visit: https://forgejo.ronnyabraham.com +- Create the `git-admin` user and initialize your first repository. -** Push or Mirror Repositories to Forgejo +* Git Repository Management -*** Push an Existing Local Repo to Forgejo +** Push an Existing Local Repo to Forgejo -1. Go to your local repo: #+begin_src bash cd ~/your-local-project -#+end_src - -2. Add your Forgejo remote: -#+begin_src bash -git remote add origin https://git.ronnyabraham.com/ronny/.git -#+end_src - -3. Push your local code: -#+begin_src bash +git remote add origin ssh://git@forgejo.ronnyabraham.com:222/ronny/.git git push -u origin main #+end_src -4. Optional: use SSH instead of HTTPS -#+begin_src bash -git remote add origin git@git.ronnyabraham.com:ronny/.git -#+end_src - -*** Mirror a Bitbucket Repo to Forgejo - -1. Clone your Bitbucket repo **bare**: +** Mirror from Bitbucket to Forgejo #+begin_src bash git clone --mirror git@bitbucket.org:your-username/your-repo.git cd your-repo.git -#+end_src - -2. Add Forgejo as a new remote: -#+begin_src bash -git remote set-url --push origin git@git.ronnyabraham.com:ronny/your-repo.git -#+end_src - -3. Push all branches and tags: -#+begin_src bash +git remote set-url --push origin ssh://git@forgejo.ronnyabraham.com:222/ronny/your-repo.git git push --mirror -#+end_src - -4. Delete the local clone if desired: -#+begin_src bash cd .. rm -rf your-repo.git #+end_src + + + +** Example: Uploading savage-lands Repo + +*** Repository Info +- Repo Name: savage-lands +- Owner: ronnygit +- Remote: ssh://git@forgejo.ronnyabraham.com:222/ronnygit/savage-lands.git + +*** Commands +#+begin_src bash +git remote remove origin # if already exists +git remote add origin ssh://git@forgejo.ronnyabraham.com:222/ronnygit/savage-lands.git +git push -u origin main +#+end_src + +* How to Check Repository Access for a User via Token + +To verify whether a Forgejo user (e.g. `ronnygit`) has access to a specific repository, you can use a Personal Access Token (PAT) to query the Forgejo API. This helps confirm push/pull permissions and identify missing access rights. + +** Step-by-Step: Create a Personal Access Token + +1. Log in to Forgejo as the user: `ronnygit` +2. Go to: https://forgejo.ronnyabraham.com/user/settings/applications +3. Click "Generate New Token" +4. Name it: api-debug +5. Enable these scopes: + - repository - read/write access to repositories + - organization - access to organization/team membership + - user - user info access + - issue - access to issues API + - (Do not enable package or activitypub unless needed) +6. Click "Generate" and save the token immediately + +** Use the Token to Query Repository Access + +Example command to check access to the `project` repository under `django-repositories`: + +#+begin_src bash +curl -H "Authorization: token edea73cc91dbae359d89eb0e644ef2c97f3aedf0" \ + https://forgejo.ronnyabraham.com/api/v1/repos/django-repositories/project +#+end_src + +Expected output: +#+begin_example +"permissions": { + "admin": false, + "push": true, + "pull": true +} +#+end_example + +HTTP error meanings: +- 404 - repository does not exist or is private with no access +- 403 - repository exists, but you do not have permission +- 401 - token is invalid or expired + +** Token Details + +| Property | Value | +|--------------+-------------------------------------------------------------------| +| Token Owner | ronnygit | +| Token Name | api-debug | +| Token Value | edea73cc91dbae359d89eb0e644ef2c97f3aedf0 | +| Scopes | repository, organization, user, issue | +| Created At | Apr 17, 2025 | +| Purpose | Used to verify access to django-repositories/project.git | + +** Scope Overview + +| Scope | Required | Purpose | +|---------------+----------+-----------------------------------------------------------| +| repository | Yes | Access to repository APIs (push, pull, branches, etc.) | +| organization | Yes | View team and organization membership | +| user | Optional | View user info and preferences | +| issue | Optional | Access issues (create, read, update, comment) | +| package | No | Access to package registry (e.g., Docker, npm, PyPI) | +| activitypub | No | Enable federation features (e.g., Mastodon integration) | diff --git a/n8n-setup.org b/n8n-setup.org index 1f27760..bde13a6 100644 --- a/n8n-setup.org +++ b/n8n-setup.org @@ -7,23 +7,31 @@ - [[./toc.org][TOC - Home System]] * important values -** login data - +** data +*** login | key | value | |--------------+----------------------------------| | host | [[https://n8n.ronnyabraham.com]] | | web email | ronny.abraham@ymail.com | -| web password | chukatHat6rah! | +| web password | chukatHat6rah | +*** licence info | key | value | |--------------------+--------------------------------------| -| home location | /home/ronny/n8n | -| license activation | df50f55c-1ba0-46b7-9648-8b22723fb921 | +| license activation | 5b1d6e31-81c6-4c31-84c1-56f30c9afc85 | | docker auth | admin-n8n | | docker pass | 2reishit2ara | | port | 5678 | +*** mount points +| purpose | path | +|-----------------+---------------------------------| +| docker location | /mnt/storage/docker/compose/n8n | +| mount location | /mnt/storage/srv/n8n | +| config | ├──config | +| data | ├──data | + * DNS Record for n8n | Field | Value | Description | @@ -36,7 +44,7 @@ | Routing Policy | Simple | Standard routing | * N8N mount setup -- Left box :: /mnt/storage/n8n — the actual directory on your external drive +- Left box :: /mnt/storage/srv/n8n — the actual directory on your external drive - Top-right box :: /srv/n8n — where the system accesses it via a bind mount - Middle-right box :: Docker host — this is your Pi's environment - Bottom-right box :: /home/node/.n8n — inside the container, this is where n8n looks for its data @@ -47,7 +55,7 @@ ** permission setup #+begin_src bash -sudo chown -R ronny:ronny /mnt/storage/n8n +sudo chown -R ronny:ronny /mnt/storage/srv/n8n sudo mount -a sudo chown -R ronny:ronny /srv/n8n chmod 700 /srv/n8n @@ -55,7 +63,7 @@ chmod 700 /srv/n8n ** fstab #+begin_src bash -/mnt/storage/n8n /srv/n8n none bind 0 0 +/mnt/storage/srv/n8n /srv/n8n none bind 0 0 #+end_src diff --git a/nginx.org b/nginx.org index e54de60..0793100 100644 --- a/nginx.org +++ b/nginx.org @@ -22,14 +22,22 @@ #+INCLUDE: "./_share/data/nginx/forgejo-ssl.conf" src nginx ** calibre -*** initial -#+INCLUDE: "./_share/data/nginx/calibre.conf" src nginx +*** public +**** initial +#+INCLUDE: "./_share/data/nginx/calibre/public.conf" src nginx -*** with ssl +**** with ssl :PROPERTIES: -:CUSTOM_ID: calibre-conf +:CUSTOM_ID: calibre-public :END: -#+INCLUDE: "./_share/data/nginx/calibre-ssl.conf" src nginx +#+INCLUDE: "./_share/data/nginx/calibre/public-ssl.conf" src nginx + +*** gaming +:PROPERTIES: +:CUSTOM_ID: calibre-gaming +:END: +#+INCLUDE: "./_share/data/nginx/calibre/gaming.conf" src nginx + ** n8n *** initial diff --git a/pi-storage.org b/pi-storage.org index 40b05e2..0b07fde 100644 --- a/pi-storage.org +++ b/pi-storage.org @@ -43,29 +43,52 @@ even easier * External Hard Drive Info + +** fstab +[[#id-fstab-file][see fstab entry for more details]] +#+INCLUDE: "pi-storage.org::*current fstab" :only-contents t + +** main storage drive This table keeps track of the Raspberry Pi's external storage setup. | category | value | |---------------+--------------------------------------| -| device | /dev/sda2 | +| device | /dev/sdb1 | | filesystem | ext4 | | label | storage | | mount point | /mnt/storage | | mount options | defaults,relatime,commit=600 | -| UUID | 5bb54030-2df7-4798-afb5-bd2878ae0def | +| UUID | 86ba0735-df14-425c-a037-1e397e89f9aa | +*** Bind-Mount Information -* Directory Bind-Mount Information -This table documents how key directories on the Raspberry Pi are linked to `/mnt/storage` and the commands used. +**** directory layout +#+begin_src +├── home +│ ├── librarian +│ └── website +├── lost+found +├── srv +│ ├── calibre-library +│ ├── ftp +│ └── n8n +└── var + └── www +#+end_src -| Directory | Mounted From | Mounted To | -|-----------------+------------------------+-----------------| -| /home/website | /mnt/storage/website | /home/website | -| /home/librarian | /mnt/storage/librarian | /home/librarian | -| /var/www | /mnt/storage/www | /var/www | -| /srv/n8n | /mnt/storage/n8n | /srv/n8n | +**** layout binding details -** command used to bind target directory to mount point +| Mounted From /mnt/storage | Mounted To | +|---------------------------+----------------------| +| home/website | /home/website | +| home/librarian | /home/librarian | +| var/www | /var/www | +| srv/n8n | /srv/n8n | +| srv/ftp | /srv/ftp | +| srv/calibre-library | /srv/calibre-library | + +* commands used +** bind target directory to mount point #+begin_src sh sudo mount --bind /mnt/storage/ / #+end_src @@ -74,14 +97,14 @@ sudo mount --bind /mnt/storage/ / - *target mount:* /mnt/storage/www - *bind directory:* /var/www -** making bind mounts persistent +*** making bind mounts persistent To ensure the mounts persist after a reboot, add the following lines to `/etc/fstab`: #+begin_src sh -/mnt/storage/website /home/website none bind 0 0 -/mnt/storage/calibre /home/calibre none bind 0 0 -/mnt/storage/www /var/www none bind 0 0 -/mnt/storage/n8n /srv/n8n none bind 0 0 +/mnt/storage/home/website /home/website none bind 0 0 +/mnt/storage/home/librarian /home/librarian none bind 0 0 +/mnt/storage/var/www /var/www none bind 0 0 +/mnt/storage/srv/n8n /srv/n8n none bind 0 0 #+end_src ** Setup Commands @@ -97,7 +120,7 @@ These commands ensure everything is correctly prepared before binding. | Apply changes | `sudo mount -a` | | Verify mount status | `df -h \vert grep storage` | -* Hard Drive Commands + ** generally useful hard drive commands | Purpose | Command | |----------------------------------+------------------------------------| @@ -107,6 +130,33 @@ These commands ensure everything is correctly prepared before binding. | Check if new options are applied | mount \vert grep storage | | Verify changes | cat /etc/fstab \vert grep storage | +* fstab +** current fstab +:PROPERTIES: +:ID: id-fstab-file +:END: +#+begin_src conf +proc /proc proc defaults 0 0 +PARTUUID=a587d185-01 /boot/firmware vfat defaults 0 2 +PARTUUID=a587d185-02 / ext4 defaults,noatime 0 1 + +UUID=86ba0735-df14-425c-a037-1e397e89f9aa /mnt/storage ext4 defaults,relatime,commit=600 0 2 +UUID=649f82e9-cfc0-4725-b260-d40f413bd0c3 /mnt/git ext4 defaults,noatime 0 2 + +/mnt/storage/home/website /home/website none bind 0 0 +/mnt/storage/var/www /var/www none bind 0 0 + +/mnt/storage/srv/ftp /srv/ftp none bind 0 0 +/srv/ftp /home/ftpuser/ftp none bind 0 0 + +/mnt/storage/home/librarian /home/librarian none bind 0 0 +/mnt/storage/srv/calibre-library /srv/calibre-library none bind 0 0 + +/mnt/storage/srv/n8n /srv/n8n none bind 0 0 + +/mnt/git /srv/git none bind 0 0 +#+end_src + ** Mount Options Available | Option | Description | |-------------------+------------------------------------------------------------------------------|