updated everything

2025-04-17 01:57:40 +03:00 · 2025-04-17 01:57:40 +03:00 · ef4565de4a
commit ef4565de4a
parent 699f098686
10 changed files with 317 additions and 110 deletions
--- a/_share/data/docker/calibre-compose.yml
+++ b/_share/data/docker/calibre-compose.yml
@ -1,14 +1,28 @@
 services:
-  calibre-web:
+  calibre-public:
    image: lscr.io/linuxserver/calibre-web
-    container_name: calibre-web
+    container_name: calibre-public
    environment:
-      - PUID=1004         # ID for 'librarian' user
+      - PUID=1004
-      - PGID=1004         # Group ID for 'librarian'
+      - PGID=1004
      - TZ=Asia/Jerusalem
    volumes:
-      - /home/librarian/calibre-library:/books
+      - /home/librarian/calibre-library/public:/books
      - /srv/calibre/public:/config
    ports:
      - 127.0.0.1:8083:8083
    restart: unless-stopped
  calibre-gaming:
    image: lscr.io/linuxserver/calibre-web
    container_name: calibre-gaming
    environment:
      - PUID=1004
      - PGID=1004
      - TZ=Asia/Jerusalem
    volumes:
      - /home/librarian/calibre-library/gaming:/books
      - /srv/calibre/gaming:/config
    ports:
      - 127.0.0.1:8086:8083
    restart: unless-stopped
--- a/_share/data/docker/n8n-compose.yml
+++ b/_share/data/docker/n8n-compose.yml
@ -16,4 +16,4 @@ services:
      - N8N_RUNNERS_ENABLED=true
    volumes:
      - /srv/n8n:/home/node/.n8n
-
+      - /srv/n8n/config:/etc/n8n  # Optional: for external config files (advanced)
--- a/_share/data/nginx/calibre/gaming.conf
+++ b/_share/data/nginx/calibre/gaming.conf
@ -0,0 +1,35 @@
 server {
    server_name calibre-gaming.ronnyabraham.com;
    client_max_body_size 100M;
    location / {
        proxy_pass http://localhost:8086;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    access_log /var/log/nginx/calibre-gaming.access.log;
    error_log  /var/log/nginx/calibre-gaming.error.log;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/calibre-gaming.ronnyabraham.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/calibre-gaming.ronnyabraham.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }
 server {
    if ($host = calibre-gaming.ronnyabraham.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    listen 80;
    server_name calibre-gaming.ronnyabraham.com;
    return 404; # managed by Certbot
 }
--- a/_share/data/nginx/calibre/public-ssl.conf
+++ b/_share/data/nginx/calibre/public-ssl.conf
--- a/_share/data/nginx/calibre/public.conf
+++ b/_share/data/nginx/calibre/public.conf
--- a/calibre.org
+++ b/calibre.org
@ -10,27 +10,47 @@
 * important info
 ** identification
-*** basic
+*** raspberry-pi
 | user         | password       | application                     |
 |--------------+----------------+---------------------------------|
 | librarian    | 2reishit2ara   | calibre storage and docker user |
 | ronny        | 2reishit2ara   | docker managers                 |
-*** calibre login data
+*** calibre.ronnyabraham.com
 | username      | password       | email                   | role  |
 |---------------+----------------+-------------------------+-------|
 | calibre-admin | chukatHat6rah! | ronny.abraham@ymail.com | admin |
 | ronnyabraham  | chukatHat6rah! | this.ronny@gmail.com    | user  |
 *** calibre-gaming.ronnyabraham.com
 | username     | password       | email                   | role  |
 |--------------+----------------+-------------------------+-------|
 | ronnyabraham | chukatHat6rah! | this.ronny@gmail.com    | user  |
 | gaming-admin | chukatHat6rah! | ronny.abraham@ymail.com | admin |
 ** locations
-| key           | value                           |
+*** directory structure
-|---------------+---------------------------------|
+#+begin_src text
-| home          | /home/librarian                 |
+/home/librarian/calibre-library
-| mount         | /mnt/storage/librarian          |
+├── gaming
-| library       | /home/librarian/calibre-library |
+└── public
-| database name | /books                          |
+
 /mnt/storage/docker/compose/calibre
 └── docker-compose.yml
 /srv/calibre
 ├── gaming
 └── public
 #+end_src
 | purpose              | mount                           |
 |----------------------+---------------------------------|
 | docker compose files | /mnt/docker/compose/calibre     |
 | book databases       | /home/librarian/calibre-library |
 | configuration        | /srv/calibre                    |
 | nginx configs        | /etc/nginx/sites-available      |
 * docker
@ -38,4 +58,8 @@
 #+INCLUDE: "docker.org::#docker-calibre" :only-contents t
 * nginx
-#+INCLUDE: "nginx.org::#calibre-conf" :only-contents t
+*** public server: 'calibre-public'
 #+INCLUDE: "nginx.org::#calibre-public" :only-contents t
 *** gaming server: 'calibre-gaming'
 #+INCLUDE: "nginx.org::#calibre-gaming" :only-contents t
--- a/forgeo.org
+++ b/forgeo.org
@ -8,43 +8,50 @@
 * Hardware
-* Forgejo Setup on Raspberry Pi
+* Forgejo on Raspberry Pi
-** Login data
+** Configuration Summary
-| property    | value                        |
+*** Instance Details
-|-------------+------------------------------|
+| Property             | Value                            |
-| url         | https://git.ronnyabraham.com |
+|----------------------+----------------------------------|
-| admin user  | git-admin                    |
+| URL                  | https://forgejo.ronnyabraham.com |
-| admin pass  | 2reishit2ara                 |
+| SSH Server Port      | 222                              |
-| admin email | ronny.abraham@ymail.com      |
+| Web Server Port      | 3000                             |
 | Repository Root Path | /data/git/repositories           |
 | Docker User          | git                              |
-** Data Drive Setup
+*** Users
 | Role       | Username   | Password     | Email                   |
 |------------+------------+--------------+-------------------------|
 | Admin      | git-admin  | 2reishit2ara | ronny.abraham@ymail.com |
 | Developer  | ronnygit   | 2reishit2ara | ronny.coder@gmail.com   |
 *** ️Git Repository Storage Info
-| Property          | Value                            |
+** Data Drive & Volumes
 |-------------------+----------------------------------|
 | Physical Mount    | /mnt/git                         |
 | Logical Bind Mount| /srv/git                         |
 | Device            | /dev/sdb1                        |
 | Filesystem Type   | ext4                             |
 | Label             | gitdisk                          |
 | UUID              | 649f82e9-cfc0-4725-b260-d40f413bd0c3 |
 | Used for          | Forgejo repository storage       |
-*** fstab entry
+*** Physical Storage & Mount Info️
 | Property           | Value                                |
 |--------------------+--------------------------------------|
 | Physical Mount     | /mnt/git                             |
 | Logical Bind Mount | /srv/git                             |
 | Device             | /dev/sdb1                            |
 | Filesystem Type    | ext4                                 |
 | Label              | gitdisk                              |
 | UUID               | 649f82e9-cfc0-4725-b260-d40f413bd0c3 |
 | Used for           | Forgejo repository storage           |
 *** fstab Entries
 #+begin_src conf
 UUID=649f82e9-cfc0-4725-b260-d40f413bd0c3 /mnt/git ext4 defaults,noatime 0 2
 /mnt/git /srv/git none bind 0 0
 #+end_src
-** Data Volume Layout
+*** Mapping
 To separate application configuration from repository data, the Forgejo Docker container uses specific internal paths. We map our host directories accordingly for clarity and ease of maintenance.
-*** Folder Breakdown
+**** Folder Layout
 The folder structure on the host (Raspberry Pi):
 #+begin_example
 /mnt/storage/compose/docker/forgejo  ← holds docker-compose.yml
@ -56,7 +63,7 @@ The folder structure on the host (Raspberry Pi):
 This split layout allows easy backup, inspection, and version control of the Forgejo configuration without interfering with large and changing repository data.
-*** Volume Mapping
+**** Volume Mapping
 | Host path         | Container path         | Purpose                        |
 |-------------------+------------------------+--------------------------------|
@ -65,74 +72,135 @@ This split layout allows easy backup, inspection, and version control of the For
 Make sure both folders on the host (`/srv/git/data` and `/srv/git/config`) are owned by the correct user (e.g. UID 1000), and match the container’s expectations.
 *** File Setup
-*** docker-compose.yml
+| Component | Path                                | Purpose                   |
 |-----------+-------------------------------------+---------------------------|
 | Nginx     | /etc/nginx/sites-available/forgejo  | reverse proxy for Forgejo |
 | Docker    | /mnt/storage/docker/compose/forgejo | docker compose file       |
 ** Docker Setup
 #+INCLUDE: "docker.org::#docker-forgejo" :only-contents t
 ** Nginx
-Create file: /etc/nginx/sites-available/forgejo
+
 *** Site Configuration
 #+INCLUDE: "nginx.org::#forgejo-conf" :only-contents t
-Enable and reload Nginx:
+*** Enable Site & Restart
 #+begin_src bash
 sudo ln -s /etc/nginx/sites-available/forgejo /etc/nginx/sites-enabled/
 sudo nginx -t && sudo systemctl reload nginx
 #+end_src
-*** (Optional) Enable HTTPS with Certbot
+*** Enable HTTPS with Certbot
 #+begin_src bash
 sudo certbot --nginx -d git.ronnyabraham.com
 #+end_src
-** Finish Setup
+** First-Time Setup
-Visit: https://git.ronnyabraham.com
+- Visit: https://forgejo.ronnyabraham.com
-Set up the admin user and create your first repository.
+- Create the `git-admin` user and initialize your first repository.
-** Push or Mirror Repositories to Forgejo
+* Git Repository Management
-*** Push an Existing Local Repo to Forgejo
+** Push an Existing Local Repo to Forgejo
 1. Go to your local repo:
 #+begin_src bash
 cd ~/your-local-project
-#+end_src
+git remote add origin ssh://git@forgejo.ronnyabraham.com:222/ronny/<repo-name>.git
 2. Add your Forgejo remote:
 #+begin_src bash
 git remote add origin https://git.ronnyabraham.com/ronny/<repo-name>.git
 #+end_src
 3. Push your local code:
 #+begin_src bash
 git push -u origin main
 #+end_src
-4. Optional: use SSH instead of HTTPS
+** Mirror from Bitbucket to Forgejo
 #+begin_src bash
 git remote add origin git@git.ronnyabraham.com:ronny/<repo-name>.git
 #+end_src
 *** Mirror a Bitbucket Repo to Forgejo
 1. Clone your Bitbucket repo **bare**:
 #+begin_src bash
 git clone --mirror git@bitbucket.org:your-username/your-repo.git
 cd your-repo.git
-#+end_src
+git remote set-url --push origin ssh://git@forgejo.ronnyabraham.com:222/ronny/your-repo.git
 2. Add Forgejo as a new remote:
 #+begin_src bash
 git remote set-url --push origin git@git.ronnyabraham.com:ronny/your-repo.git
 #+end_src
 3. Push all branches and tags:
 #+begin_src bash
 git push --mirror
 #+end_src
 4. Delete the local clone if desired:
 #+begin_src bash
 cd ..
 rm -rf your-repo.git
 #+end_src
 ** Example: Uploading savage-lands Repo
 *** Repository Info
 - Repo Name: savage-lands
 - Owner: ronnygit
 - Remote: ssh://git@forgejo.ronnyabraham.com:222/ronnygit/savage-lands.git
 *** Commands
 #+begin_src bash
 git remote remove origin  # if already exists
 git remote add origin ssh://git@forgejo.ronnyabraham.com:222/ronnygit/savage-lands.git
 git push -u origin main
 #+end_src
 * How to Check Repository Access for a User via Token
 To verify whether a Forgejo user (e.g. `ronnygit`) has access to a specific repository, you can use a Personal Access Token (PAT) to query the Forgejo API. This helps confirm push/pull permissions and identify missing access rights.
 ** Step-by-Step: Create a Personal Access Token
 1. Log in to Forgejo as the user: `ronnygit`
 2. Go to: https://forgejo.ronnyabraham.com/user/settings/applications
 3. Click "Generate New Token"
 4. Name it: api-debug
 5. Enable these scopes:
   - repository - read/write access to repositories
   - organization - access to organization/team membership
   - user - user info access
   - issue - access to issues API
   - (Do not enable package or activitypub unless needed)
 6. Click "Generate" and save the token immediately
 ** Use the Token to Query Repository Access
 Example command to check access to the `project` repository under `django-repositories`:
 #+begin_src bash
 curl -H "Authorization: token edea73cc91dbae359d89eb0e644ef2c97f3aedf0" \
     https://forgejo.ronnyabraham.com/api/v1/repos/django-repositories/project
 #+end_src
 Expected output:
 #+begin_example
 "permissions": {
  "admin": false,
  "push": true,
  "pull": true
 }
 #+end_example
 HTTP error meanings:
 - 404 - repository does not exist or is private with no access
 - 403 - repository exists, but you do not have permission
 - 401 - token is invalid or expired
 ** Token Details
 | Property     | Value                                                             |
 |--------------+-------------------------------------------------------------------|
 | Token Owner  | ronnygit                                                          |
 | Token Name   | api-debug                                                         |
 | Token Value  | edea73cc91dbae359d89eb0e644ef2c97f3aedf0                          |
 | Scopes       | repository, organization, user, issue                             |
 | Created At   | Apr 17, 2025                                                      |
 | Purpose      | Used to verify access to django-repositories/project.git         |
 ** Scope Overview
 | Scope         | Required | Purpose                                                   |
 |---------------+----------+-----------------------------------------------------------|
 | repository    | Yes      | Access to repository APIs (push, pull, branches, etc.)    |
 | organization  | Yes      | View team and organization membership                     |
 | user          | Optional | View user info and preferences                            |
 | issue         | Optional | Access issues (create, read, update, comment)             |
 | package       | No       | Access to package registry (e.g., Docker, npm, PyPI)      |
 | activitypub   | No       | Enable federation features (e.g., Mastodon integration)   |
--- a/n8n-setup.org
+++ b/n8n-setup.org
@ -7,23 +7,31 @@
 - [[./toc.org][TOC - Home System]]
 * important values
-** login data
+** data
 *** login
 | key          | value                            |
 |--------------+----------------------------------|
 | host         | [[https://n8n.ronnyabraham.com]] |
 | web email    | ronny.abraham@ymail.com          |
-| web password | chukatHat6rah!                   |
+| web password | chukatHat6rah                    |
 *** licence info
 | key                | value                                |
 |--------------------+--------------------------------------|
-| home location      | /home/ronny/n8n                      |
+| license activation | 5b1d6e31-81c6-4c31-84c1-56f30c9afc85 |
 | license activation | df50f55c-1ba0-46b7-9648-8b22723fb921 |
 | docker auth        | admin-n8n                            |
 | docker pass        | 2reishit2ara                         |
 | port               | 5678                                 |
 *** mount points
 | purpose         | path                            |
 |-----------------+---------------------------------|
 | docker location | /mnt/storage/docker/compose/n8n |
 | mount location  | /mnt/storage/srv/n8n            |
 | config          | ├──config                       |
 | data            | ├──data                         |
 * DNS Record for n8n
 | Field           | Value                 | Description                   |
@ -36,7 +44,7 @@
 | Routing Policy  | Simple                 | Standard routing              |
 * N8N mount setup
- Left box :: /mnt/storage/n8n — the actual directory on your external drive
+- Left box :: /mnt/storage/srv/n8n — the actual directory on your external drive
 - Top-right box :: /srv/n8n — where the system accesses it via a bind mount
 - Middle-right box :: Docker host — this is your Pi's environment
 - Bottom-right box :: /home/node/.n8n — inside the container, this is where n8n looks for its data
@ -47,7 +55,7 @@
 ** permission setup
 #+begin_src bash
-sudo chown -R ronny:ronny /mnt/storage/n8n
+sudo chown -R ronny:ronny /mnt/storage/srv/n8n
 sudo mount -a
 sudo chown -R ronny:ronny /srv/n8n
 chmod 700 /srv/n8n
@ -55,7 +63,7 @@ chmod 700 /srv/n8n
 ** fstab
 #+begin_src bash
-/mnt/storage/n8n /srv/n8n none bind 0 0
+/mnt/storage/srv/n8n /srv/n8n none bind 0 0
 #+end_src
--- a/nginx.org
+++ b/nginx.org
@ -22,14 +22,22 @@
 #+INCLUDE: "./_share/data/nginx/forgejo-ssl.conf" src nginx
 ** calibre
-*** initial
+*** public
-#+INCLUDE: "./_share/data/nginx/calibre.conf" src nginx
+**** initial
 #+INCLUDE: "./_share/data/nginx/calibre/public.conf" src nginx
-*** with ssl
+**** with ssl
 :PROPERTIES:
-:CUSTOM_ID: calibre-conf
+:CUSTOM_ID: calibre-public
 :END:
-#+INCLUDE: "./_share/data/nginx/calibre-ssl.conf" src nginx
+#+INCLUDE: "./_share/data/nginx/calibre/public-ssl.conf" src nginx
 *** gaming
 :PROPERTIES:
 :CUSTOM_ID: calibre-gaming
 :END:
 #+INCLUDE: "./_share/data/nginx/calibre/gaming.conf" src nginx
 ** n8n
 *** initial
--- a/pi-storage.org
+++ b/pi-storage.org
@ -43,29 +43,52 @@ even easier
 * External Hard Drive Info
 ** fstab
 [[#id-fstab-file][see fstab entry for more details]]
 #+INCLUDE: "pi-storage.org::*current fstab" :only-contents t
 ** main storage drive
 This table keeps track of the Raspberry Pi's external storage setup.
 | category      | value                                |
 |---------------+--------------------------------------|
-| device        | /dev/sda2                            |
+| device        | /dev/sdb1                            |
 | filesystem    | ext4                                 |
 | label         | storage                              |
 | mount point   | /mnt/storage                         |
 | mount options | defaults,relatime,commit=600         |
-| UUID          | 5bb54030-2df7-4798-afb5-bd2878ae0def |
+| UUID          | 86ba0735-df14-425c-a037-1e397e89f9aa |
 *** Bind-Mount Information
-* Directory Bind-Mount Information
+**** directory layout
-This table documents how key directories on the Raspberry Pi are linked to `/mnt/storage` and the commands used.
+#+begin_src
 ├── home
 │   ├── librarian
 │   └── website
 ├── lost+found
 ├── srv
 │   ├── calibre-library
 │   ├── ftp
 │   └── n8n
 └── var
    └── www
 #+end_src
-| Directory       | Mounted From           | Mounted To      |
+**** layout binding details
 |-----------------+------------------------+-----------------|
 | /home/website   | /mnt/storage/website   | /home/website   |
 | /home/librarian | /mnt/storage/librarian | /home/librarian |
 | /var/www        | /mnt/storage/www       | /var/www        |
 | /srv/n8n        | /mnt/storage/n8n       | /srv/n8n        |
-** command used to bind target directory to mount point
+| Mounted From /mnt/storage | Mounted To           |
 |---------------------------+----------------------|
 | home/website              | /home/website        |
 | home/librarian            | /home/librarian      |
 | var/www                   | /var/www             |
 | srv/n8n                   | /srv/n8n             |
 | srv/ftp                   | /srv/ftp             |
 | srv/calibre-library       | /srv/calibre-library |
 * commands used
 ** bind target directory to mount point
 #+begin_src sh
 sudo mount --bind /mnt/storage/<target_mount> /<bind directory>
 #+end_src
@ -74,14 +97,14 @@ sudo mount --bind /mnt/storage/<target_mount> /<bind directory>
 - *target mount:* /mnt/storage/www
 - *bind directory:* /var/www
-** making bind mounts persistent
+*** making bind mounts persistent
 To ensure the mounts persist after a reboot, add the following lines to `/etc/fstab`:
 #+begin_src sh
-/mnt/storage/website /home/website none bind 0 0
+/mnt/storage/home/website /home/website none bind 0 0
-/mnt/storage/calibre /home/calibre none bind 0 0
+/mnt/storage/home/librarian /home/librarian none bind 0 0
-/mnt/storage/www /var/www none bind 0 0
+/mnt/storage/var/www /var/www none bind 0 0
-/mnt/storage/n8n /srv/n8n none bind 0 0
+/mnt/storage/srv/n8n /srv/n8n none bind 0 0
 #+end_src
 ** Setup Commands
@ -97,7 +120,7 @@ These commands ensure everything is correctly prepared before binding.
 | Apply changes                    | `sudo mount -a`                                                                        |
 | Verify mount status              | `df -h  \vert grep storage`                                                            |
-* Hard Drive Commands
+
 ** generally useful hard drive commands
 | Purpose                          | Command                            |
 |----------------------------------+------------------------------------|
@ -107,6 +130,33 @@ These commands ensure everything is correctly prepared before binding.
 | Check if new options are applied | mount \vert grep storage           |
 | Verify changes                   | cat /etc/fstab \vert grep storage  |
 * fstab
 ** current fstab
 :PROPERTIES:
 :ID: id-fstab-file
 :END:
 #+begin_src conf
 proc                                      /proc                proc    defaults          0 0
 PARTUUID=a587d185-01                      /boot/firmware       vfat    defaults          0 2
 PARTUUID=a587d185-02                      /                    ext4    defaults,noatime  0 1
 UUID=86ba0735-df14-425c-a037-1e397e89f9aa /mnt/storage         ext4    defaults,relatime,commit=600   0 2
 UUID=649f82e9-cfc0-4725-b260-d40f413bd0c3 /mnt/git             ext4    defaults,noatime               0 2
 /mnt/storage/home/website                 /home/website        none    bind 0 0
 /mnt/storage/var/www                      /var/www             none    bind 0 0
 /mnt/storage/srv/ftp                      /srv/ftp             none    bind 0 0
 /srv/ftp                                  /home/ftpuser/ftp    none    bind 0 0
 /mnt/storage/home/librarian               /home/librarian      none    bind 0 0
 /mnt/storage/srv/calibre-library          /srv/calibre-library none    bind 0 0
 /mnt/storage/srv/n8n                      /srv/n8n             none    bind 0 0
 /mnt/git                                  /srv/git             none    bind 0 0
 #+end_src
 ** Mount Options Available
 | Option            | Description                                                                  |
 |-------------------+------------------------------------------------------------------------------|