notes/home-network
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

updated everything

Browse source
This commit is contained in:
ronny abraham 2025-04-17 01:57:40 +03:00
parent 699f098686
commit ef4565de4a
10 changed files with 317 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
_share/data/docker/calibre-compose.yml
View file

@ -1,14 +1,28 @@
services:
calibre-web:
calibre-public:
image: lscr.io/linuxserver/calibre-web
container_name: calibre-web
container_name: calibre-public
environment:
- PUID=1004 # ID for 'librarian' user
- PGID=1004 # Group ID for 'librarian'
- PUID=1004
- PGID=1004
- TZ=Asia/Jerusalem
volumes:
- /home/librarian/calibre-library:/books
- /home/librarian/calibre-library/public:/books
- /srv/calibre/public:/config
ports:
- 127.0.0.1:8083:8083
restart: unless-stopped
calibre-gaming:
image: lscr.io/linuxserver/calibre-web
container_name: calibre-gaming
environment:
- PUID=1004
- PGID=1004
- TZ=Asia/Jerusalem
volumes:
- /home/librarian/calibre-library/gaming:/books
- /srv/calibre/gaming:/config
ports:
- 127.0.0.1:8086:8083
restart: unless-stopped

2
_share/data/docker/n8n-compose.yml
View file

@ -16,4 +16,4 @@ services:
- N8N_RUNNERS_ENABLED=true
volumes:
- /srv/n8n:/home/node/.n8n
- /srv/n8n/config:/etc/n8n # Optional: for external config files (advanced)

35
_share/data/nginx/calibre/gaming.conf Normal file
View file

@ -0,0 +1,35 @@
server {
server_name calibre-gaming.ronnyabraham.com;
client_max_body_size 100M;
location / {
proxy_pass http://localhost:8086;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/calibre-gaming.access.log;
error_log /var/log/nginx/calibre-gaming.error.log;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/calibre-gaming.ronnyabraham.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/calibre-gaming.ronnyabraham.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = calibre-gaming.ronnyabraham.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name calibre-gaming.ronnyabraham.com;
return 404; # managed by Certbot
}

0
_share/data/nginx/calibre-ssl.conf → _share/data/nginx/calibre/public-ssl.conf
View file

0
_share/data/nginx/calibre.conf → _share/data/nginx/calibre/public.conf
View file

42
calibre.org
View file

@ -10,27 +10,47 @@
* important info
** identification
*** basic
*** raspberry-pi
| user | password | application |
|--------------+----------------+---------------------------------|
| librarian | 2reishit2ara | calibre storage and docker user |
| ronny | 2reishit2ara | docker managers |
*** calibre login data
*** calibre.ronnyabraham.com
| username | password | email | role |
|---------------+----------------+-------------------------+-------|
| calibre-admin | chukatHat6rah! | ronny.abraham@ymail.com | admin |
| ronnyabraham | chukatHat6rah! | this.ronny@gmail.com | user |
*** calibre-gaming.ronnyabraham.com
| username | password | email | role |
|--------------+----------------+-------------------------+-------|
| ronnyabraham | chukatHat6rah! | this.ronny@gmail.com | user |
| gaming-admin | chukatHat6rah! | ronny.abraham@ymail.com | admin |
** locations
| key | value |
|---------------+---------------------------------|
| home | /home/librarian |
| mount | /mnt/storage/librarian |
| library | /home/librarian/calibre-library |
| database name | /books |
*** directory structure
#+begin_src text
/home/librarian/calibre-library
├── gaming
└── public
/mnt/storage/docker/compose/calibre
└── docker-compose.yml
/srv/calibre
├── gaming
└── public
#+end_src
| purpose | mount |
|----------------------+---------------------------------|
| docker compose files | /mnt/docker/compose/calibre |
| book databases | /home/librarian/calibre-library |
| configuration | /srv/calibre |
| nginx configs | /etc/nginx/sites-available |
* docker
@ -38,4 +58,8 @@
#+INCLUDE: "docker.org::#docker-calibre" :only-contents t
* nginx
#+INCLUDE: "nginx.org::#calibre-conf" :only-contents t
*** public server: 'calibre-public'
#+INCLUDE: "nginx.org::#calibre-public" :only-contents t
*** gaming server: 'calibre-gaming'
#+INCLUDE: "nginx.org::#calibre-gaming" :only-contents t

182
forgeo.org
View file

@ -8,22 +8,31 @@
* Hardware
* Forgejo Setup on Raspberry Pi
* Forgejo on Raspberry Pi
** Login data
| property | value |
|-------------+------------------------------|
| url | https://git.ronnyabraham.com |
| admin user | git-admin |
| admin pass | 2reishit2ara |
| admin email | ronny.abraham@ymail.com |
** Configuration Summary
*** Instance Details
| Property | Value |
|----------------------+----------------------------------|
| URL | https://forgejo.ronnyabraham.com |
| SSH Server Port | 222 |
| Web Server Port | 3000 |
| Repository Root Path | /data/git/repositories |
| Docker User | git |
** Data Drive Setup
*** Users
| Role | Username | Password | Email |
|------------+------------+--------------+-------------------------|
| Admin | git-admin | 2reishit2ara | ronny.abraham@ymail.com |
| Developer | ronnygit | 2reishit2ara | ronny.coder@gmail.com |
*** Git Repository Storage Info
** Data Drive & Volumes
*** Physical Storage & Mount Info
| Property | Value |
|-------------------+----------------------------------|
|--------------------+--------------------------------------|
| Physical Mount | /mnt/git |
| Logical Bind Mount | /srv/git |
| Device | /dev/sdb1 |
@ -32,19 +41,17 @@
| UUID | 649f82e9-cfc0-4725-b260-d40f413bd0c3 |
| Used for | Forgejo repository storage |
*** fstab entry
*** fstab Entries
#+begin_src conf
UUID=649f82e9-cfc0-4725-b260-d40f413bd0c3 /mnt/git ext4 defaults,noatime 0 2
/mnt/git /srv/git none bind 0 0
#+end_src
** Data Volume Layout
*** Mapping
To separate application configuration from repository data, the Forgejo Docker container uses specific internal paths. We map our host directories accordingly for clarity and ease of maintenance.
*** Folder Breakdown
The folder structure on the host (Raspberry Pi):
**** Folder Layout
#+begin_example
/mnt/storage/compose/docker/forgejo ← holds docker-compose.yml
@ -56,7 +63,7 @@ The folder structure on the host (Raspberry Pi):
This split layout allows easy backup, inspection, and version control of the Forgejo configuration without interfering with large and changing repository data.
*** Volume Mapping
**** Volume Mapping
| Host path | Container path | Purpose |
|-------------------+------------------------+--------------------------------|
@ -65,74 +72,135 @@ This split layout allows easy backup, inspection, and version control of the For
Make sure both folders on the host (`/srv/git/data` and `/srv/git/config`) are owned by the correct user (e.g. UID 1000), and match the containers expectations.
*** File Setup
*** docker-compose.yml
| Component | Path | Purpose |
|-----------+-------------------------------------+---------------------------|
| Nginx | /etc/nginx/sites-available/forgejo | reverse proxy for Forgejo |
| Docker | /mnt/storage/docker/compose/forgejo | docker compose file |
** Docker Setup
#+INCLUDE: "docker.org::#docker-forgejo" :only-contents t
** Nginx
Create file: /etc/nginx/sites-available/forgejo
*** Site Configuration
#+INCLUDE: "nginx.org::#forgejo-conf" :only-contents t
Enable and reload Nginx:
*** Enable Site & Restart
#+begin_src bash
sudo ln -s /etc/nginx/sites-available/forgejo /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
#+end_src
*** (Optional) Enable HTTPS with Certbot
*** Enable HTTPS with Certbot
#+begin_src bash
sudo certbot --nginx -d git.ronnyabraham.com
#+end_src
** Finish Setup
Visit: https://git.ronnyabraham.com
Set up the admin user and create your first repository.
** First-Time Setup
- Visit: https://forgejo.ronnyabraham.com
- Create the `git-admin` user and initialize your first repository.
** Push or Mirror Repositories to Forgejo
* Git Repository Management
*** Push an Existing Local Repo to Forgejo
** Push an Existing Local Repo to Forgejo
1. Go to your local repo:
#+begin_src bash
cd ~/your-local-project
#+end_src
2. Add your Forgejo remote:
#+begin_src bash
git remote add origin https://git.ronnyabraham.com/ronny/<repo-name>.git
#+end_src
3. Push your local code:
#+begin_src bash
git remote add origin ssh://git@forgejo.ronnyabraham.com:222/ronny/<repo-name>.git
git push -u origin main
#+end_src
4. Optional: use SSH instead of HTTPS
#+begin_src bash
git remote add origin git@git.ronnyabraham.com:ronny/<repo-name>.git
#+end_src
*** Mirror a Bitbucket Repo to Forgejo
1. Clone your Bitbucket repo **bare**:
** Mirror from Bitbucket to Forgejo
#+begin_src bash
git clone --mirror git@bitbucket.org:your-username/your-repo.git
cd your-repo.git
#+end_src
2. Add Forgejo as a new remote:
#+begin_src bash
git remote set-url --push origin git@git.ronnyabraham.com:ronny/your-repo.git
#+end_src
3. Push all branches and tags:
#+begin_src bash
git remote set-url --push origin ssh://git@forgejo.ronnyabraham.com:222/ronny/your-repo.git
git push --mirror
#+end_src
4. Delete the local clone if desired:
#+begin_src bash
cd ..
rm -rf your-repo.git
#+end_src
** Example: Uploading savage-lands Repo
*** Repository Info
- Repo Name: savage-lands
- Owner: ronnygit
- Remote: ssh://git@forgejo.ronnyabraham.com:222/ronnygit/savage-lands.git
*** Commands
#+begin_src bash
git remote remove origin # if already exists
git remote add origin ssh://git@forgejo.ronnyabraham.com:222/ronnygit/savage-lands.git
git push -u origin main
#+end_src
* How to Check Repository Access for a User via Token
To verify whether a Forgejo user (e.g. `ronnygit`) has access to a specific repository, you can use a Personal Access Token (PAT) to query the Forgejo API. This helps confirm push/pull permissions and identify missing access rights.
** Step-by-Step: Create a Personal Access Token
1. Log in to Forgejo as the user: `ronnygit`
2. Go to: https://forgejo.ronnyabraham.com/user/settings/applications
3. Click "Generate New Token"
4. Name it: api-debug
5. Enable these scopes:
- repository - read/write access to repositories
- organization - access to organization/team membership
- user - user info access
- issue - access to issues API
- (Do not enable package or activitypub unless needed)
6. Click "Generate" and save the token immediately
** Use the Token to Query Repository Access
Example command to check access to the `project` repository under `django-repositories`:
#+begin_src bash
curl -H "Authorization: token edea73cc91dbae359d89eb0e644ef2c97f3aedf0" \
https://forgejo.ronnyabraham.com/api/v1/repos/django-repositories/project
#+end_src
Expected output:
#+begin_example
"permissions": {
"admin": false,
"push": true,
"pull": true
}
#+end_example
HTTP error meanings:
- 404 - repository does not exist or is private with no access
- 403 - repository exists, but you do not have permission
- 401 - token is invalid or expired
** Token Details
| Property | Value |
|--------------+-------------------------------------------------------------------|
| Token Owner | ronnygit |
| Token Name | api-debug |
| Token Value | edea73cc91dbae359d89eb0e644ef2c97f3aedf0 |
| Scopes | repository, organization, user, issue |
| Created At | Apr 17, 2025 |
| Purpose | Used to verify access to django-repositories/project.git |
** Scope Overview
| Scope | Required | Purpose |
|---------------+----------+-----------------------------------------------------------|
| repository | Yes | Access to repository APIs (push, pull, branches, etc.) |
| organization | Yes | View team and organization membership |
| user | Optional | View user info and preferences |
| issue | Optional | Access issues (create, read, update, comment) |
| package | No | Access to package registry (e.g., Docker, npm, PyPI) |
| activitypub | No | Enable federation features (e.g., Mastodon integration) |

24
n8n-setup.org
View file

@ -7,23 +7,31 @@
- [[./toc.org][TOC - Home System]]
* important values
** login data
** data
*** login
| key | value |
|--------------+----------------------------------|
| host | [[https://n8n.ronnyabraham.com]] |
| web email | ronny.abraham@ymail.com |
| web password | chukatHat6rah! |
| web password | chukatHat6rah |
*** licence info
| key | value |
|--------------------+--------------------------------------|
| home location | /home/ronny/n8n |
| license activation | df50f55c-1ba0-46b7-9648-8b22723fb921 |
| license activation | 5b1d6e31-81c6-4c31-84c1-56f30c9afc85 |
| docker auth | admin-n8n |
| docker pass | 2reishit2ara |
| port | 5678 |
*** mount points
| purpose | path |
|-----------------+---------------------------------|
| docker location | /mnt/storage/docker/compose/n8n |
| mount location | /mnt/storage/srv/n8n |
| config | ├──config |
| data | ├──data |
* DNS Record for n8n
| Field | Value | Description |
@ -36,7 +44,7 @@
| Routing Policy | Simple | Standard routing |
* N8N mount setup
- Left box :: /mnt/storage/n8n — the actual directory on your external drive
- Left box :: /mnt/storage/srv/n8n — the actual directory on your external drive
- Top-right box :: /srv/n8n — where the system accesses it via a bind mount
- Middle-right box :: Docker host — this is your Pi's environment
- Bottom-right box :: /home/node/.n8n — inside the container, this is where n8n looks for its data
@ -47,7 +55,7 @@
** permission setup
#+begin_src bash
sudo chown -R ronny:ronny /mnt/storage/n8n
sudo chown -R ronny:ronny /mnt/storage/srv/n8n
sudo mount -a
sudo chown -R ronny:ronny /srv/n8n
chmod 700 /srv/n8n
@ -55,7 +63,7 @@ chmod 700 /srv/n8n
** fstab
#+begin_src bash
/mnt/storage/n8n /srv/n8n none bind 0 0
/mnt/storage/srv/n8n /srv/n8n none bind 0 0
#+end_src

18
nginx.org
View file

@ -22,14 +22,22 @@
#+INCLUDE: "./_share/data/nginx/forgejo-ssl.conf" src nginx
** calibre
*** initial
#+INCLUDE: "./_share/data/nginx/calibre.conf" src nginx
*** public
**** initial
#+INCLUDE: "./_share/data/nginx/calibre/public.conf" src nginx
*** with ssl
**** with ssl
:PROPERTIES:
:CUSTOM_ID: calibre-conf
:CUSTOM_ID: calibre-public
:END:
#+INCLUDE: "./_share/data/nginx/calibre-ssl.conf" src nginx
#+INCLUDE: "./_share/data/nginx/calibre/public-ssl.conf" src nginx
*** gaming
:PROPERTIES:
:CUSTOM_ID: calibre-gaming
:END:
#+INCLUDE: "./_share/data/nginx/calibre/gaming.conf" src nginx
** n8n
*** initial

84
pi-storage.org
View file

@ -43,29 +43,52 @@ even easier
* External Hard Drive Info
** fstab
[[#id-fstab-file][see fstab entry for more details]]
#+INCLUDE: "pi-storage.org::*current fstab" :only-contents t
** main storage drive
This table keeps track of the Raspberry Pi's external storage setup.
| category | value |
|---------------+--------------------------------------|
| device | /dev/sda2 |
| device | /dev/sdb1 |
| filesystem | ext4 |
| label | storage |
| mount point | /mnt/storage |
| mount options | defaults,relatime,commit=600 |
| UUID | 5bb54030-2df7-4798-afb5-bd2878ae0def |
| UUID | 86ba0735-df14-425c-a037-1e397e89f9aa |
*** Bind-Mount Information
* Directory Bind-Mount Information
This table documents how key directories on the Raspberry Pi are linked to `/mnt/storage` and the commands used.
**** directory layout
#+begin_src
├── home
│ ├── librarian
│ └── website
├── lost+found
├── srv
│ ├── calibre-library
│ ├── ftp
│ └── n8n
└── var
└── www
#+end_src
| Directory | Mounted From | Mounted To |
|-----------------+------------------------+-----------------|
| /home/website | /mnt/storage/website | /home/website |
| /home/librarian | /mnt/storage/librarian | /home/librarian |
| /var/www | /mnt/storage/www | /var/www |
| /srv/n8n | /mnt/storage/n8n | /srv/n8n |
**** layout binding details
** command used to bind target directory to mount point
| Mounted From /mnt/storage | Mounted To |
|---------------------------+----------------------|
| home/website | /home/website |
| home/librarian | /home/librarian |
| var/www | /var/www |
| srv/n8n | /srv/n8n |
| srv/ftp | /srv/ftp |
| srv/calibre-library | /srv/calibre-library |
* commands used
** bind target directory to mount point
#+begin_src sh
sudo mount --bind /mnt/storage/<target_mount> /<bind directory>
#+end_src
@ -74,14 +97,14 @@ sudo mount --bind /mnt/storage/<target_mount> /<bind directory>
- *target mount:* /mnt/storage/www
- *bind directory:* /var/www
** making bind mounts persistent
*** making bind mounts persistent
To ensure the mounts persist after a reboot, add the following lines to `/etc/fstab`:
#+begin_src sh
/mnt/storage/website /home/website none bind 0 0
/mnt/storage/calibre /home/calibre none bind 0 0
/mnt/storage/www /var/www none bind 0 0
/mnt/storage/n8n /srv/n8n none bind 0 0
/mnt/storage/home/website /home/website none bind 0 0
/mnt/storage/home/librarian /home/librarian none bind 0 0
/mnt/storage/var/www /var/www none bind 0 0
/mnt/storage/srv/n8n /srv/n8n none bind 0 0
#+end_src
** Setup Commands
@ -97,7 +120,7 @@ These commands ensure everything is correctly prepared before binding.
| Apply changes | `sudo mount -a` |
| Verify mount status | `df -h \vert grep storage` |
* Hard Drive Commands
** generally useful hard drive commands
| Purpose | Command |
|----------------------------------+------------------------------------|
@ -107,6 +130,33 @@ These commands ensure everything is correctly prepared before binding.
| Check if new options are applied | mount \vert grep storage |
| Verify changes | cat /etc/fstab \vert grep storage |
* fstab
** current fstab
:PROPERTIES:
:ID: id-fstab-file
:END:
#+begin_src conf
proc /proc proc defaults 0 0
PARTUUID=a587d185-01 /boot/firmware vfat defaults 0 2
PARTUUID=a587d185-02 / ext4 defaults,noatime 0 1
UUID=86ba0735-df14-425c-a037-1e397e89f9aa /mnt/storage ext4 defaults,relatime,commit=600 0 2
UUID=649f82e9-cfc0-4725-b260-d40f413bd0c3 /mnt/git ext4 defaults,noatime 0 2
/mnt/storage/home/website /home/website none bind 0 0
/mnt/storage/var/www /var/www none bind 0 0
/mnt/storage/srv/ftp /srv/ftp none bind 0 0
/srv/ftp /home/ftpuser/ftp none bind 0 0
/mnt/storage/home/librarian /home/librarian none bind 0 0
/mnt/storage/srv/calibre-library /srv/calibre-library none bind 0 0
/mnt/storage/srv/n8n /srv/n8n none bind 0 0
/mnt/git /srv/git none bind 0 0
#+end_src
** Mount Options Available
| Option | Description |
|-------------------+------------------------------------------------------------------------------|