TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added esphome

Browse Source
This commit is contained in:
Chris Stuurman 2025-04-15 22:40:04 +02:00
parent 4505de274c
commit a8a4d24f53
54 changed files with 2174 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.static-ips.yml
View File

@ -16,3 +16,6 @@ firefly-importer: 10.255.239.31
# 192.168.2.240/28 range is excluded for DHCP on the DHCP server, so we can use it for static ips # 192.168.2.240/28 range is excluded for DHCP on the DHCP server, so we can use it for static ips
# the range for the local lan network is 192.168.2.0/24 # the range for the local lan network is 192.168.2.0/24
syncthing: 192.168.2.241 syncthing: 192.168.2.241
MDNS_REFLECTOR_IP: 10.0.2.254

26
_instructions/Adding a new NIC to a Docker container in a specific order.txt Normal file
View File

@ -0,0 +1,26 @@
https://forums.docker.com/t/adding-a-new-nic-to-a-docker-container-in-a-specific-order/19173/2
Solution 1:
Just right after your solution, if you only need a different MAC address, just change the corresponding devices MAC address in the container by some basic tools, say, ifconfig. If you dont have it in your container, just install net-tools package.
To change the mac use this: ifconfig eth1 hw ether 08:00:AA:AA:AA:FF
Solution 2:
Since docker is also using linuxs networking namespaces you can do this in the rock-bottom layer as well. Unfortunately, Docker tries to hide this from the user, but the namespaces are still existing under the hood. In order to get them to be managed by ip netns tool, do the following:
get the process id (pid) of your running container:
$ sudo docker inspect -f '{{.State.Pid}}' <container name>
is not your label:tag name, it is the name that docker automatically assign to it once a container is fired up - get yours viadocker ps command and look for the last column (NAME).
create a symlink from the /proc/ filesystem to /var/run/
2.1. First, create a netns directory in /var/run/
$ sudo mkdir -p /var/run/netns
2.2. Using the PID you have just obtained, create the symlink
$ sudo ln -sf /proc/<PID>/ns/net /var/run/netns/<YOUR DESIRED NETNS NAME FOR YOU CONTAINER>
Now, if you execute ip netns list, you will see the networking namespace of your container.
From now on, there is no docker specific stuffs, just create a veth pair, bring them up, and attach one end of it to the container and you are fine:
$ sudo ip link add veth1_container type veth peer name veth1_root
$ sudo ifconfig veth1_container up
$ sudo ifconfig veth1_root up
$ sudo ip link set veth1_container netns <YOUR NETNS NAME>
$ sudo ip netns exec <YOUR NETNS NAME> ifconfig veth1_container up
The last command might be a bit overcomplicated, but it seemed that bringing up this interface natively in the container is not possible due to missing permissions :face_with_raised_eyebrow:
Note that the MAC address could also be changed in the same way I have shown in solution 1, before attaching it to the container, or after - does not really matter, just different commands need to be used (recall the permission issue just mentioned above).

10
_instructions/Electric Eel install.txt Normal file
View File

@ -0,0 +1,10 @@
Electric Eel
------------
# After EE installation, and before starting Docker jail
# Go to Apps->Configuration - click down arrow and select Settings
# Update the following settings:
# Install NVIDIA Drivers: <checked>
# Click Save
# Go to Apps->Configuration
# Click Choose Pool and select appropriate pool for your apps

8
_instructions/add mapping for media.txt Normal file
View File

@ -0,0 +1,8 @@
add mapping for media on container config
-----------------------------------------
# assuming that the folder where media is stored is /mnt/tank/data1/Media:
# on Truenas shell:
jlmkr edit docker
# add the following args to "systemd_nspawn_user_args":
--bind='/mnt/tank/data1/Media:/mnt/media'

171
_instructions/backup databases.txt Normal file
View File

@ -0,0 +1,171 @@
NB!: List of filenames is at end of this file
Log in to pgAdmin
User name: stuurmcp@telkomsa.net
Password:
Connect to servers; refer to "connecting to servers.txt"
Globals
*******
Navigate to Servers => authentik
Right click on authentik server and select Backup Globals...
Enter the following on the dialog box that opened:
General
-------
Filename: /2024-08-23/databases/authentik-cnpg-backup-globals.sql
Role name: postgres
Click Backup
Servers
*******
Navigate to Servers => authentik
Right click on authentik server and select Backup Server...
Enter the following on the dialog box that opened (leave all other tabs with default settings):
General
-------
Filename: /2024-08-23/servers/authentik-cnpg-backup-servers.sql
Role name: postgres
Click Backup
-----------------------------------------------------------------------------------------------------------------
Databases
*********
Plain text backup
=================
Navigate to Servers => authentik -> Databases -> authentik
Right click on authentik database and select Backup...
Enter the following on the different tabs of dialog box that opened:
General
-------
Filename: /2024-08-28/authentik-backup.sql (this maps to: /mnt/stpool1/apps/pgadmin/storage/stuurmcp_telkomsa.net/2024-08-28/authentik-backup.sql on truenas)
Format: Plain
Encoding: UTF8
Role name: authentik
Data Options
------------
Sections:
Pre-data: <select>
Data: <select>
Post-data: <select>
Objects
-------
public->Tables: <checked> (do not check public, public should have "-" sign)
public->1.3 Sequences: <checked>
template->Tables: <checked>
template->1.3 Sequences: <checked> (NB! not all db's have this)
Click Backup
-----------------------------------------------------------------------------------------------------------------
Do the same with Servers => authentik -> Databases -> postgres with the following changes:
General
-------
Filename: /2024-08-23/databases/authentik-postgress-backup.sql
Objects
-------
public: <checked>
Click Backup
Custom backup
=============
Repeat the above plain text backup steps with the following changes:
General
-------
Filename: /2024-08-23/databases/authentik-backup.bak
Format: Custom
General
-------
Filename: /2024-08-23/databases/authentik-postgress-backup.bak
Format: Custom
Filenames
=========
Backup date: 2024-08-23
authentik
---------
/2024-08-23/globals/authentik-cnpg-backup-globals.sql
/2024-08-23/servers/authentik-cnpg-backup-servers.sql
/2024-08-23/databases/authentik-backup.sql
/2024-08-23/databases/authentik-postgress-backup.sql
/2024-08-23/databases/authentik-backup.bak
/2024-08-23/databases/authentik-postgress-backup.bak
fireflyiii
----------
/2024-08-23/globals/fireflyiii-cnpg-backup-globals.sql
/2024-08-23/servers/fireflyiii-cnpg-backup-servers.sql
/2024-08-23/databases/fireflyiii-backup.sql
/2024-08-23/databases/fireflyiii-postgress-backup.sql
/2024-08-23/databases/fireflyiii-backup.bak
/2024-08-23/databases/fireflyiii-postgress-backup.bak
gitea
-----
/2024-08-23/globals/gitea-cnpg-backup-globals.sql
/2024-08-23/servers/gitea-cnpg-backup-servers.sql
/2024-08-23/databases/gitea-backup.sql
/2024-08-23/databases/gitea-postgress-backup.sql
/2024-08-23/databases/gitea-backup.bak
/2024-08-23/databases/gitea-postgress-backup.bak
grafana
-------
/2024-08-23/globals/grafana-cnpg-backup-globals.sql
/2024-08-23/servers/grafana-cnpg-backup-servers.sql
/2024-08-23/databases/grafana-backup.sql
/2024-08-23/databases/grafana-postgress-backup.sql
/2024-08-23/databases/grafana-backup.bak
/2024-08-23/databases/grafana-postgress-backup.bak
home-assistant
--------------
/2024-08-23/globals/home-assistant-cnpg-backup-globals.sql
/2024-08-23/servers/home-assistant-cnpg-backup-servers.sql
/2024-08-23/databases/home-assistant-backup.sql
/2024-08-23/databases/home-assistant-postgress-backup.sql
/2024-08-23/databases/home-assistant-backup.bak
/2024-08-23/databases/home-assistant-postgress-backup.bak
mealie
------
/2024-08-23/globals/mealie-cnpg-backup-globals.sql
/2024-08-23/servers/mealie-cnpg-backup-servers.sql
/2024-08-23/databases/mealie-backup.sql
/2024-08-23/databases/mealie-postgress-backup.sql
/2024-08-23/databases/mealie-backup.bak
/2024-08-23/databases/mealie-postgress-backup.bak
onlyoffice-document-server
--------------------------
/2024-08-23/globals/onlyoffice-document-server-cnpg-backup-globals.sql
/2024-08-23/servers/onlyoffice-document-server-cnpg-backup-servers.sql
/2024-08-23/databases/onlyoffice-document-server-backup.sql
/2024-08-23/databases/onlyoffice-document-server-postgress-backup.sql
/2024-08-23/databases/onlyoffice-document-server-backup.bak
/2024-08-23/databases/onlyoffice-document-server-postgress-backup.bak
photoview
---------
/2024-08-23/globals/photoview-cnpg-backup-globals.sql
/2024-08-23/servers/photoview-cnpg-backup-servers.sql
/2024-08-23/databases/photoview-backup.sql
/2024-08-23/databases/photoview-postgress-backup.sql
/2024-08-23/databases/photoview-backup.bak
/2024-08-23/databases/photoview-postgress-backup.bak
sheetable
---------
/2024-08-23/globals/sheetable-cnpg-backup-globals.sql
/2024-08-23/servers/sheetable-cnpg-backup-servers.sql
/2024-08-23/databases/sheetable-backup.sql
/2024-08-23/databases/sheetable-postgress-backup.sql
/2024-08-23/databases/sheetable-backup.bak
/2024-08-23/databases/sheetable-postgress-backup.bak
vaultwarden
-----------
/2024-08-23/globals/vaultwarden-cnpg-backup-globals.sql
/2024-08-23/servers/vaultwarden-cnpg-backup-servers.sql
/2024-08-23/databases/vaultwarden-backup.sql
/2024-08-23/databases/vaultwarden-postgress-backup.sql
/2024-08-23/databases/vaultwarden-backup.bak
/2024-08-23/databases/vaultwarden-postgress-backup.bak

12
_instructions/bulk operations - docker compose .txt Normal file
View File

@ -0,0 +1,12 @@
To stop and inactivate all container stacks
-------------------------------------------
# in docker shell
cd /opt/stacks
for i in $(ls -d *); do docker compose -f $i/compose.yml down; done
To start all container stacks
-----------------------------
# in docker shell
cd /opt/stacks
for i in $(ls -d *); do docker compose -f $i/compose.yml up -d; done

14
_instructions/cnpg.txt Normal file
View File

@ -0,0 +1,14 @@
version: "3.8"
services:
postgres:
image: postgres:14-alpine
restart: always
environment:
- POSTGRES_USER=root
- POSTGRES_PASSWORD=yAwAPZyyMwFOZtjKcIdLCgKHSIBczj3nkLqISUzePlaR73X
ports:
- "5432:5432"
volumes:
- db:/var/lib/postgresql/data
volumes:
db:

44
_instructions/connecting servers.txt Normal file
View File

@ -0,0 +1,44 @@
If /mnt/stpool1/Users/<user>/truestuff folder is not present
-----------------------------------------------------------
cd ~ or cd /mnt/stpool1/Users/<user>/
git clone https://code.lksz.me/szmedia/truestuff.git
Database access
---------------
# passwords can be obtained by:
# Option 1:
# go to Truenas -> Apps -> <select app> -> Edit
# scroll to Postgresql; the password should be visible in the Password field
# Option 2:
# open truenas shell / ssh as root
cd /mnt/stpool1/Users/<user>/truestuff
./tcdbinfo.sh
# log in to pgAdmin
# from here onwards, it assumed that authentik is the server to be connected to:
Register server
===============
# If server is already registered, right click on authentik server and select Properties, otherwise:
# Right click on Servers and select Register -> Server...
# Enter the following in the dialog box that opened:
General
-------
Name: authentik
Server group: Servers
Background: <checked>
Foreground: <checked>
Connect now? <select> (won't be displayed if editing properties)
Connection
----------
Host name/address: authentik-cnpg-main-rw.ix-authentik.svc.cluster.local
Port: 5432
Maintenance database: postgres
Username: authentik
Kerberos authentication?: <not selected>
Password: <authentik user password as obtained above> (this field will show only if Connect now? is selected on General tab)
Role: <leave blank>
# Click Save
# Right click on authentik server and select Connect Server
# Enter authentik user password if Connect now? wasn't selected earlier

32
_instructions/creating user password hash strings for user authorisation with traefik basic-auth middlewares.txt Normal file
View File

@ -0,0 +1,32 @@
Creating user password hash strings for user authorisation with traefik basic-auth middlewares
----------------------------------------------------------------------------------------------
# If not installed, install htpasswd:
jlmkr shell docker
apt update & apt install apache2-utils
# The user credentials can be applied as a label entry in an app's compose.yml file or as a line entry in a text file; these two methods can co-exist
#
# When used as a label entry, all '$''s need to be escaped with a second '$'; sed can be used for this purpose
#
# Example: Create user authorisation credentials for users 'alice' with password 'test!234' and 'bob' with password 'test$678' for sonarr application using basic-auth
# First, assign middlewares to router in sonarr compose.yml file; this is required irrespective of the method chosen below; add the following label to sonarr's compose.yml file:
- "traefik.http.routers.ROUTER_NAME.middlewares=MIDDLEWARES_NAME" # replace ROUTER_NAME with appropriate name and replace MIDDLEWARES_NAME with whatever name you choose for this middlewares
#
# userList method
# ---------------
mkdir /opt/stacks/traefik/users
echo $(htpasswd -nB alice) >> /opt/stacks/traefik/users/sonarr.txt
echo $(htpasswd -nB bob) >> /opt/stacks/traefik/users/sonarr.txt
# If not already present, add the following middlewares label to sonarr's compose.yml file (if newly added/modified, requires sonarr restart)
- "traefik.http.middlewares.MIDDLEWARES_NAME.basicauth.usersfile=/mnt/users/sonarr.txt"
# the above requires the following traefik compose file volume mount entry (if newly added/modified, requires traefik restart):
/opt/stacks/traefik/users:/mnt/users
#
# app compose file label method
# -----------------------------
echo $(htpasswd -nB alice) | sed -e s/\\$/\\$\\$/g
echo $(htpasswd -nB bob) | sed -e s/\\$/\\$\\$/g
# Edit/add output of above to the basicauth.users label to sonarr's compose.yml file as follows (comma separated):
- "traefik.http.middlewares.MIDDLEWARES_NAME.basicauth.users=alice:$$2y$$05$$kvFK1SXs5mOzYLXiWT0Bku8rLeUoZWZxBI5./jX/vkhEiYlN/xB1W,
bob:$$2y$$05$$E2DeZC3L.wQxYMWlxhtTRusys23y4fabhvzOKTgKNMSzw9cweBeJK"
# above edit to sonarr's compose file requires sonarr restart

38
_instructions/docker networking.txt Normal file
View File

@ -0,0 +1,38 @@
root@docker:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
686ee7b7a074 bridge bridge local
cdea694fc9ad dockge_default bridge local
ecac792b2998 host host local
ad588c406203 jellyfin_default bridge local
7851b5889a4e mealie_default bridge local
ac7d41d8a7ec none null local
5b85a298149a pgadmin_default bridge local
root@docker:~# bridge link
9: vethbbcbbc7@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-5b85a298149a state forwarding priority 32 cost 2
11: vetha18f304@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-ad588c406203 state forwarding priority 32 cost 2
15: veth400a90a@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-cdea694fc9ad state forwarding priority 32 cost 2
21: vethc9534c9@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-7851b5889a4e state forwarding priority 32 cost 2
23: veth7e06b85@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-7851b5889a4e state forwarding priority 32 cost 2
docker exec -it mealie sh
troubleshooting network:
docker run -it --net container:postgres nicolaka/netshoot
https://www.youtube.com/watch?v=bKFMS5C4CG0&t=1s
https://www.youtube.com/watch?v=5grbXvV_DSk&t=1s
The Docker daemon socket, usually located at /var/run/docker.sock, is used for communication between the Docker client and the Docker daemon. The Docker daemon manages Docker containers and images, while the Docker client is used to issue commands to the daemon.
Step 1:
Create docker group if not exist : sudo groupadd docker
Step 2:
Add user to docker group : sudo usermod -aG docker ${USER}
Step 3:
Change docker.sock to new permission : sudo chmod 666 /var/run/docker.sock
Step 4:
Finally restart docker daemon service : sudo systemctl restart docker

38
_instructions/docker networks before containers install.txt Normal file
View File

@ -0,0 +1,38 @@
docker networks before containers install
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:8bff:fedb:32ee prefixlen 64 scopeid 0x20<link>
ether 02:42:8b:db:32:ee txqueuelen 0 (Ethernet)
RX packets 103 bytes 10139 (9.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 190 bytes 48106 (46.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 19 bytes 1416 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19 bytes 1416 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
mv-enp7s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.61 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::7ce3:5aff:fef4:dd35 prefixlen 64 scopeid 0x20<link>
ether 7e:e3:5a:f4:dd:35 txqueuelen 1000 (Ethernet)
RX packets 39171034 bytes 45928220310 (42.7 GiB)
RX errors 0 dropped 358675 overruns 0 frame 0
TX packets 21793818 bytes 14489297575 (13.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vee-eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.6 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::5447:e1ff:fed0:ba83 prefixlen 64 scopeid 0x20<link>
ether 56:47:e1:d0:ba:83 txqueuelen 1000 (Ethernet)
RX packets 344 bytes 40309 (39.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 128943 bytes 5419294 (5.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

94
_instructions/docker-config.txt Normal file
View File

@ -0,0 +1,94 @@
startup=1
gpu_passthrough_intel=0
gpu_passthrough_nvidia=1
# Turning off seccomp filtering improves performance at the expense of security
seccomp=1
# Use bridge networking to provide an isolated network namespace,
# so docker can manage firewall rules
# Alternatively use --network-macvlan=eno1 instead of --network-bridge
# Ensure to change eno1/br1 to the interface name you want to use
# You may want to add additional options here, e.g. bind mounts
systemd_nspawn_user_args=--network-macvlan=enp7s0
--network-veth-extra=ve-docker-1:vee-eth1
--resolv-conf=bind-host
--system-call-filter='add_key keyctl bpf'
--bind='/mnt/SSD1/docker/data:/mnt/data'
--bind='/mnt/SSD1/docker/stacks:/opt/stacks'
--bind='/mnt/stpool1/NData1/Media:/mnt/media'
--bind='/mnt/stpool1/Shared_Data:/mnt/shared'
--bind='/mnt/stpool1/apps/pgadmin/storage/stuurmcp_telkomsa.net:/mnt/migrate'
# Script to run on the HOST before starting the jail
# Load kernel module and config kernel settings required for docker
pre_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'PRE_START_HOOK'
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
# Script to run on the HOST after starting the jail
post_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'POST_START_HOOK'
ip link set dev ve-docker-1 master br1 # adds ve-docker-1 to br1 bridge members on host
ip link set dev ve-docker-1 up # activates ve-docker-1 on host
# Only used while creating the jail
distro=debian
release=bookworm
# Install docker inside the jail:
# https://docs.docker.com/engine/install/debian/#install-using-the-repository
# Will also install the NVIDIA Container Toolkit if gpu_passthrough_nvidia=1 during initial setup
# https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
initial_setup=#!/usr/bin/bash
set -euo pipefail
apt-get update && apt-get -y install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# The /usr/bin/nvidia-smi will be present when gpu_passthrough_nvidia=1
if [ -f /usr/bin/nvidia-smi ]; then
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey -o /etc/apt/keyrings/nvidia.asc
chmod a+r /etc/apt/keyrings/nvidia.asc
curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
sed 's#deb https://#deb [signed-by=/etc/apt/keyrings/nvidia.asc] https://#g' | \
tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
apt-get update
apt-get install -y nvidia-container-toolkit
nvidia-ctk runtime configure --runtime=docker
systemctl restart docker
fi
docker info
# You generally will not need to change the options below
systemd_run_default_args=--property=KillMode=mixed
--property=Type=notify
--property=RestartForceExitStatus=133
--property=SuccessExitStatus=133
--property=Delegate=yes
--property=TasksMax=infinity
--collect
--setenv=SYSTEMD_NSPAWN_LOCK=0
systemd_nspawn_default_args=--keep-unit
--quiet
--boot
--bind-ro=/sys/module
--inaccessible=/sys/module/apparmor

28
_instructions/enable automatic ssh login on truenas server Normal file
View File

@ -0,0 +1,28 @@
enable automatic ssh login on truenas server
--------------------------------------------
# Download and install puTTY
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
# Run PuTTYgen
# If you have a .ppk file already, load your public key from the previously saved .ppk file (folder is usually C:\Users\%USERNAME%\.ssh\)
# Otherwise generate a private/public key pair using the PuTTYgen tool as follow:
# - Select radio button RSA, entering 4096 number of bits or ECDSA, entering nistp384 or nistp521
# - Click on Generate and move mouse cursor randomly over the blank area
# - Enter Key passphrase and confirmation (remember this passphrase as you will enter this for all future Windows sessions)
# - Click on Save private key (save in folder C:\Users\%USERNAME%\.ssh\)
# Open truenas ssh session as the user for who you want to enable auto login
# Navigate to home folder:
cd ~
# check if .ssh folder exists, if not, create folder:
mkdir ~/.ssh
# Select and copy text in PuTTYgen window under heading "Public key for pasting in to OpenSSH authorized_keys file" to clipboard
# In the truenas shell, use the copied text in the following command:
echo 'public-key-copied-from-PuTTYgen-window' >> ~/.ssh/authorized_keys
# test by opening new / another truenas ssh session, which should open truenas shell without login request

BIN
_instructions/inplace-rebalancing.xlsx Normal file
View File

Binary file not shown.

457
_instructions/jailmaker.txt Normal file
View File

@ -0,0 +1,457 @@
Helpful tools
-------------
# Install PuTTY and Pageant for easy copying of files/folders from Windows to NAS server
Jailmaker
---------
# Create datasets
/mnt/SSD1/docker/data (replace SSD1 with name of pool)
/mnt/SSD1/docker/stacks
/mnt/SSD1/jailmaker
install jailmaker
-----------------
# Open shell
cd /mnt/SSD1
git clone https://github.com/Jip-Hop/jailmaker.git
cd /mnt/SSD1/jailmaker
nano ~/.zshrc (assuming shell is zsh)
# add the following alias:
alias jlmkr="sudo -E '/mnt/SSD1/jailmaker/jlmkr.py'"
# execute the contents of .zshrc
source /root/.zshrc
jlmkr list
# should return "No jails."
# Go to System Settings -> Advanced -> Init/Shutdown Scripts -> Add
Description: start jailmaker
Type: Command
Command: /mnt/SSD1/jailmaker/jlmkr.py startup
When: Post Init
Enabled: <checked>
Timeout: 30
Nvidia GPU
----------
# If you want to pass through Nvidia GPU and the truenas scale version is Electric Eel:
# Go to Apps->Configuration - click down arrow and select Settings
# Update the following settings:
# Install NVIDIA Drivers: <checked>
# Click Save
install docker
--------------
# Go to https://github.com/Jip-Hop/jailmaker
# Navigate to templates/docker/config
# Select then entire config file and copy to clipboard
# Open shell and enter
jlmkr create
# Enter "y" at the prompt: Do you wish to create a jail from a config template? [y/N]
# nano will open
# Right click to paste config copied earlier
Press ctrl-y to scroll to top
# Change gpu_passthrough_nvidia to "1" to install NVIDIA Container Toolkit during initial setup (if a want to pass through an Nvidia card)
gpu_passthrough_nvidia=1
# Ensure that "systemd_nspawn_user_args" is set according to the interface setup of your truenas
# e.g. if bridge, change to:
systemd_nspawn_user_args=--network-bridge=br1 (br1 is the name of the targeted interface)
--resolv-conf=bind-host
--system-call-filter='add_key keyctl bpf'
# or, if no bridge, change to:
systemd_nspawn_user_args=--network-macvlan=enp7s0 (enp7s0 is the name of the targeted interface)
--resolv-conf=bind-host
--system-call-filter='add_key keyctl bpf'
# Edit config file further as needed
# Save and exit
Enter jail name: docker
Enter "y" at the prompt: Do you want to start this jail now (when create is done)? [Y/n]
jlmkr list
expected result:
NAME RUNNING STARTUP GPU_INTEL GPU_NVIDIA OS VERSION ADDRESSES
docker True False False False debian 12 10.0.0.162… (ip address might be diffrent)
# If it fails to start: ----
jlmkr edit docker
# Fix the issue in the config file (probably network issue)
# Restart docker
jlmkr restart docker
# end of if it fails to start ----
jlmkr shell docker # open docker shell
apt install nano
container static ip for macvlan
-------------------------------
jlmkr shell docker # open docker shell
nano /etc/systemd/network/mv-dhcp.network
# Comment out existing entries under network with #, set DHCP to false and specify Address and Gateway, e.g.:
[Network]
#DHCP=yes
#LinkLocalAddressing=ipv6
DHCP=false
Address=10.0.0.61/24 # should be ip you want for docker container
Gateway=10.0.0.2 # should be default gateway
reboot
jlmkr shell docker
ip a (verify that ip is correct)
container static ip for bridge
------------------------------
https://github.com/Jip-Hop/jailmaker/blob/main/docs/network.md
nano /etc/systemd/network/80-container-host0.network
# Comment out existing entries under network with #, set DHCP to false and specify Address, Gateway and LinkLocalAddressing=no, e.g.:
[Network]
#DHCP=yes
#LinkLocalAddressing=ipv6
#LLDP=yes
#EmitLLDP=customer-bridge
DHCP=false
Address=10.0.0.61/24
# comment Gateway line if this is not the default interface
Gateway=10.0.0.2
LinkLocalAddressing=no
LLDP=yes
EmitLLDP=customer-bridge
systemctl restart systemd-networkd
systemctl status systemd-networkd
ip a (verify that ip is correct)
Making docker ip address static using router/dhcp server
--------------------------------------------------------
# NB! the static ip address setting in network files explained above is the preferred method as docker sometimes contact dhcp server with what appears to be an ipv6 mac instead of ipv4 mac.
jlmkr shell docker (open docker shell)
ip a
# Note the mac address of mv-enp7s0@if2 (enp7s0 is the interface specified in the config file)
# Set up dhcp server to issue same ip for this mac (static ip)
reboot docker jail
jlmkr shell docker
ip a (verify that ip is correct)
# If not, release and renew IP as follows
dhclient -v -r mv-enp7s0 (where mv- is the prefix defined in /etc/systemd/network/mv-dhcp.network under [Match]; enp7s0 is the host i/f docker is tied to)
dhclient -v mv-enp7s0
Additional Bridge Interface
---------------------------
# https://github.com/Jip-Hop/jailmaker/discussions/179#discussioncomment-9499289
# Create extra interfaces and join them to host bridges manually with systemd-nspwan
The --network-veth-extra argument instructs system-nspawn to create an addition linked interface between the host and jail and uses a syntax of
--network-veth-extra=ve-docker-1:vee-eth1 #Adds virtual link between host and jail with ve-docker-1 i/f being created in the host and vee-eth1 being created in the jail
or
--network-veth-extra=ve-docker-1 #Adds virtual link between host and jail with ve-docker-1 i/f being created in the host and ve-docker-1 being created in the jail, i.e. uses the same name
# However, for network connectivity, we need to connect to a bridge on the host.
# To create bridge interface on the host (truenas):
# Go to Network
# Select physical i/f that we will bridge to, e.g. ens2f0, and click on edit (pen icon)
# Note the IP address assigned to the interface
# Uncheck DHCP if selected and remove aliases if any
# Save
# DO NOT CLICK ON "Test Changes" OR "Revert Changes" YET, as we will add bridge first
# Click on Add
Type: Bridge
Name: br1
Description: Link to Docker - 192
DHCP: <unchecked>
Autoconfigure IPv6: <unchecked>
Bridge Members: ens2f0
Aliases: Add
IP Address: <same as the IP that was assigned to ens2f0>
# Save
# Now click on "Test Changes"
# Next, we will edit docker config file to configure additional virtual ethernet link and bridge connection
jlmkr edit docker
# Add --network-veth-extra argument to systemd_nspawn_user_args, similar to the following:
systemd_nspawn_user_args=--network-macvlan=enp7s0
--network-veth-extra=ve-docker-1:vee-eth1 # new addition, NB! jail interface name must start with vee-
--resolv-conf=bind-host
--system-call-filter='add_key keyctl bpf'
...
# In order for this virtual link to connect to the outside, we need to link ve-docker-1 to br1 on the host (truenas).
# This is done with the ExecStartPost post commands in the initialisation script.
# Add post_start_hook stanza, similar to the following: (NB! this is separate to the pre-existing pre_start_hook stanza, i.e. it is standing by itself)
# Script to run on the HOST after starting the jail
post_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'POST_START_HOOK'
ip link set dev ve-docker-1 master br1 # links ve-docker-1 to br1 on host
ip link set dev ve-docker-1 up # activates ve-docker-1 on host
# Save and exit
jlmkr restart docker
# Verify in host/truenas that ve-docker-1 interface was created
jlmkr shell docker
ip a
# Verify that vee-eth1@##### interface was created
# Add static ip as network config for new network
nano /etc/systemd/network/vee-dhcp.network
# Comment out old settings under [Network] and add ip address and gateway
# -------------- snip --------------
[Match]
Virtualization=container
Name=vee-*
[Network]
#DHCP=yes
#LinkLocalAddressing=ipv6
#Bridge=br0
DHCP=false
Address=192.168.2.6/24
# uncomment following line if this is the default interface
#Gateway=192.168.2.1
[DHCPv4]
UseDNS=true
UseTimezone=true
# -------------- snip --------------
systemctl restart systemd-networkd
systemctl status systemd-networkd
ip a #verify that ip is correct
# Update dhcp and dns servers with IP config of vee-eth1@##### interface
Add bindings for docker container
---------------------------------
exit # out of docker shell
jlmkr edit docker
# Add the following args to "systemd_nspawn_user_args":
--bind='/mnt/SSD1/docker/data:/mnt/data'
--bind='/mnt/SSD1/docker/stacks:/opt/stacks'
# systemd_nspawn_user_args should reflect the following (example shows bindings added - other args might differ):
systemd_nspawn_user_args=--network-macvlan=enp7s0 # this will update /etc/systemd/network/mv-dhcp.network
--resolv-conf=bind-host
--system-call-filter='add_key keyctl bpf'
--bind='/mnt/SSD1/docker/data:/mnt/data' # new addition
--bind='/mnt/SSD1/docker/stacks:/opt/stacks' # new addition
--bind='/mnt/stpool1/NData1/Media:/mnt/media' # new addition
--bind='/mnt/stpool1/Downloads:/mnt/downloads' # new addition
--bind='/mnt/stpool1/Shared_Data:/mnt/shared' # new addition
--bind='/mnt/stpool1/apps/pgadmin/storage/stuurmcp_telkomsa.net:/mnt/migrate' # new addition
# The last 3 bindings are for audio/video, shared and migrate folders respectively. Refer to jellyfin and database restore instructions for usage
jlmkr restart docker
Install Dockge
--------------
jlmkr shell docker
nano ~/install_dockge.sh
# Copy script below OR go to https://dockge.kuma.pet and copy installation script from there to install_dockge.sh:
# ----- snip -----
# Create directories that store your stacks and store Dockge's stack
mkdir -p /opt/stacks /opt/dockge
cd /opt/dockge
# Download your compose.yaml
curl "https://dockge.kuma.pet/compose.yaml?port=5001&stacksPath=%2Fopt%2Fstacks" --output compose.yaml
# Start the Server
docker compose up -d
# If you are using docker-compose V1 or Podman
# docker-compose up -d
# ----- snip -----
# Save and exit
sh ~/install_dockge.sh
# Dockge should install and start
# Login to Dockge
# Go to http://10.0.0.61:5001 (10.0.0.61 is ip of docker container)
# Enter admin as username and choose desired password (write down password)
Set jail to startup when system is started
------------------------------------------
exit #out of docker shell
jlmkr edit docker
# Change first line to:
startup=1
Enabling dockge secure login
============================
# Install traefik using newly installed Dockge. Refer to traefik installation instructions.
# Install a second app and configure it to use traefik
# Troubleshoot any issues with secure access to the app and/or traefik dashboard
# This will ensure correct installation and working of traefik once you have success with secure accessing the new app
# Open docker shell:
jlmkr shell docker
cd /opt/dockge
# Make backup of compose.yaml
cp -v compose.yaml compose.yaml.bak
nano compose.yaml
# Under server.dockge
# Comment out ports stanza, e.g.:
# ports:
# - 5001:5001
# Add the following under server.dockge
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net1
- traefik.http.routers.dockge-rtr.rule=Host(`dockge.sthome.org`)
- traefik.http.routers.dockge-rtr.entrypoints=websecure
- traefik.http.routers.dockge-rtr.tls.certresolver=sthomeresolver
- traefik.http.routers.dockge-rtr.service=dockge-svc
#
- traefik.http.services.dockge-svc.loadbalancer.server.port=5001
networks:
- traefik-net1
# Add the following root entry:
networks:
traefik-net1:
external: true
# You can remove "version" line, i.e. the first line, to avoid docker complaining about version being obsolete on container restart
# Finished product should look as follows:
------------- snip -------------
services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
# ports:
# - 5001:5001
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/app/data
# Stacks Directory
# ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
# ⚠️ 1. FULL path only. No relative path (MUST)
# ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
- /opt/stacks:/opt/stacks
environment:
# Tell Dockge where to find the stacks
- DOCKGE_STACKS_DIR=/opt/stacks
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net1
- traefik.http.routers.dockge-rtr.rule=Host(`dockge.sthome.org`)
- traefik.http.routers.dockge-rtr.entrypoints=websecure
- traefik.http.routers.dockge-rtr.tls.certresolver=sthomeresolver
- traefik.http.routers.dockge-rtr.service=dockge-svc
#
- traefik.http.services.dockge-svc.loadbalancer.server.port=5001
networks:
- traefik-net1
networks:
traefik-net1:
external: true
------------- snip -------------
# Save and exit
docker compose restart
# Test access to dockge using https://dockge.sthome.org (no port should be specified)
Replacing dockge docker.sock with a socket proxy
================================================
# refer: https://github.com/louislam/dockge/discussions/369
# The following instruction:
# 1. Replaces dockge service's /var/run/docker.sock volume with a DOCKER_HOST environment variable
# 2. Adds socket-proxy service to project
# in Truenas shell, edit dockge compose.yml
nano /mnt/SSD1/jailmaker/jails/docker/rootfs/opt/dockge/compose.yaml
# under services.dockge.volumes comment out "/var/run/docker.sock:/var/run/docker.sock"
# under services.dockge.environment add "DOCKER_HOST=tcp://socket-proxy-dockge:2375"
# under services.dockge.networks add "socket_proxy"
# Add the socket_proxy under top level "networks", e.g.:
# ---- snip ----
networks:
traefik-net1:
external: true
socket_proxy:
driver: bridge
# ---- snip ----
# Amend services.dockge.networks by adding socket-proxy
# ---- snip ----
networks:
- traefik-net1
- socket_proxy
# ---- snip ----
# Add the following under services
# --- snip ---
socket-proxy:
container_name: socket-proxy-dockge
image: tecnativa/docker-socket-proxy
restart: always
networks:
socket_proxy:
# ipv4_address: xyz
privileged: true
# ports:
# - "127.0.0.1:2375:2375"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
environment:
- LOG_LEVEL=debug # debug,info,notice,warning,err,crit,alert,emerg
## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
# 0 to revoke access.
# 1 to grant access.
## Granted by Default
# - EVENTS=1
# - PING=1
# - VERSION=1
# # Security critical
- AUTH=0
- SECRETS=0
- POST=1 # dockge
# # Not always needed
- BUILD=0
- COMMIT=0
- CONFIGS=0
- CONTAINERS=1 # dockge, Portainer, Traefik
- DISTRIBUTION=0
- EXEC=1 # dockge (run Container Shell)
- IMAGES=1 # dockge, Portainer
- INFO=1 # dockge, Portainer
- NETWORKS=1 # dockge, Portainer
- NODES=0
- PLUGINS=0
- SERVICES=1 # dockge, Portainer
- SESSION=0
- SWARM=0
- SYSTEM=1
- TASKS=1
- VOLUMES=1
# --- snip ---
# See dockge\compose.yml for file with traefik reverse proxy and socket-proxy added
# This is the preferred config for dockge
Troubleshooting
---------------
If you having trouble accessing dockge after applying the above:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Check if traefik is running (note: if traefik is not running, Dockge will be unavailable)
# Restart traefik inside the /opt/stacks/traefik folder with docker compose up -d or
# if traefik cannot be restarted, undo the secure dockge login by stepping through the following:
# uncomment the ports stanza in /opt/dockge/compose.yaml
cd /opt/dockge
docker compose stop
docker compose build
docker compose up -d
# use dockge.sthome.org:5001 to access Dockge
# After sorting out the issue with traefik, it is important to comment out the ports stanza in the dockge compose file and rebuild & restart as explained above.
# Otherwise insecure access to dockge will remain available.
If containers use the wrong default route
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# in docker shell, list ip routes
ip r
# note the default gateway entry(ies), i.e. lines starting with "default via" followed by a gateway ip and an network interface name. See if there are more than one of these lines
# if more than one, you need to remove the default route(s) that are irrelevant / incorrect
# to remove extraneous default route(s) use "ip route del" followed by the text displayed with "ip r" command of the extraneous default gateway, e.g.:
ip route del default via 192.168.2.1 dev vee-eth1 proto static
# double check the network configs to see if there are more than one gateway in total, e.g.:
nano /etc/systemd/network/vee-dhcp.network
nano /etc/systemd/network/80-container-host0.network
# comment out extraneous gateway(s)

54
_instructions/restoring databases-psql.txt Normal file
View File

@ -0,0 +1,54 @@
Precondition
------------
Destination database is newly created, i.e. completely empty, if not refer to "Clearing target database"
Preparation
-----------
If restoration is to made to postgres running in jailmaker/docker, ensure that docker config file has the following binding under systemd_nspawn_user_args.
On truenas shell enter: jlmkr edit docker
Edit systemd_nspawn_user_args setting to include:
--bind='/mnt/stpool1/apps/pgadmin/storage/stuurmcp_telkomsa.net:/mnt/migrate'
Backup file access
------------------
Postgres can access the backup file in at least two ways:
1. Copying the file to a folder in postgres container using docker cp, or
2. Mounting the /mnt/migrate folder in postgres container
Option 1. Copying the file to a folder in postgres container
------------------------------------------------------------
On truenas shell, open docker shell:
jlmkr shell docker
docker ps
Container list will be displayed, e.g.:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
572f221431ca vaultwarden/server:latest "/start.sh" 2 hours ago Up 2 hours (healthy) 80/tcp vaultwarden
adb7d77f22ee postgres:15 "docker-entrypoint.s…" 2 hours ago Up 2 hours (healthy) 5432/tcp pg_vaultwarden
Note the postgres CONTAINER ID, i.e. adb7d77f22ee:
docker cp /mnt/migrate adb7d77f22ee:/var/backups
Option 2. Mounting the migrate folder in postgres container
-----------------------------------------------------------
Edit postgres docker-compose file and a mount under services.postgres.volumes: - /mnt/migrate:/var/backups
Rebuild postgres container
Restore vaultwarden database using psql
--------===========--------------------
In docker shell:
docker stop vaultwarden
docker exec -it pg_vaultwarden sh
psql -U vaultwarden -d vaultwarden < /var/backups/2024-08-27/databases/vaultwarden-backup.sql
exit (exit pg_vaultwarden shell)
docker start vaultwarden
Clearing target database
------------------------
The restore process requires a completely empty database, so if this is an existing database it needs to be cleared first.
If there is any data present that might need to be recovered in future, backup the target database first, before following the steps hereafter.
We will delete then recreate database:
In docker shell, docker stop vaultwarden
Use pgadmin to delete Servers -> vaultwarden -> vaultwarden database
Create new database with same name, i.e. vaultwarden
In docker shell, docker start vaultwarden

161
_instructions/restoring databases.txt Normal file
View File

@ -0,0 +1,161 @@
NB!: List of filenames is at end of this file
Preparation
-----------
If restoration is to made to postgres running in jailmaker/docker, ensure that docker config file has the following binding under systemd_nspawn_user_args.
On truenas shell enter:
jlmkr edit docker
mapping to shared folder
------------------------
Edit systemd_nspawn_user_args setting to include:
--bind='/mnt/stpool1/Shared_Data:/mnt/shared'
copy backup files to /mnt/stpool1/Shared_Data/backups/postgres
Ensure that pgAdmin has a mapping to /mnt/shared/backups/postgres
OR direct mapping to truecharts pgadmin storage folder:
-------------------------------------------------------
Edit systemd_nspawn_user_args setting to include:
--bind='/mnt/stpool1/apps/pgadmin/storage/stuurmcp_telkomsa.net:/mnt/migrate'
Ensure that pgAdmin has a mapping to /mnt/migrate
Restore
-------
Log in to pgAdmin
User name: stuurmcp@telkomsa.net
Password:
Copy backup files to pgadmin storage folder in container
--------------------------------------------------------
On truenas shell:
jlmkr shell docker
docker ps
Container list will be displayed, e.g.:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
42a544cf2181 ghcr.io/mealie-recipes/mealie:v1.12.0 "/app/run.sh" 15 minutes ago Up 14 minutes (healthy) mealie
4ebb127ffe6d postgres:15 "docker-entrypoint.s…" 15 minutes ago Up 15 minutes (healthy) postgres
2334cd77c4cf dpage/pgadmin4 "/entrypoint.sh" 18 minutes ago Up 18 minutes pgadmin-pgadmin-1
Note the container id for pgadmin4 and postgres:
To copy to container, use: docker cp /mount-path-in-docker-jail/backup-folder containerId:/storage-path-in-container
To copy to pgadmin for pgadmin gui restore:
docker cp /mnt/shared/backups/postgres/2024-08-23 2334cd77c4cf:/var/lib/pgadmin/storage/stuurmcp_telkomsa.net
To copy to postgres for cmd line pg_restore/psql restore:
docker cp /mnt/shared/backups/postgres/2024-08-23 4ebb127ffe6d:/var/backups
Assuming that we are restoring mealie database
Create SSD1/docker/data/postgres/mealie dataset; permissions postgres:postgres
pgAdmin gui restore
-------------------
Register connect to server using above details (name connection "mealie", Host name/address "mealie_pg")
Right click on Databases under mealie server and choose Create->Database...
Name the database "mealie"
Click Save
Right click database name, i.e. mealie and select Restore...
Format: Custom or tar
Name: mealie
cmd line pg_restore/psql restore
--------------------------------
docker exec -it pg_mealie sh
psql -U mealie -d mealie < /var/backups/2024-08-27/databases/mealie-backup.sql
or
pg_restore -h localhost -U postgres -d mealie /var/backups/2024-08-23/databases/mealie-backup.tar
full db backup arg list:
PGPASSWORD="your_pass" psql -h localhost -U mealie -d mealie -f /var/backups/2024-08-23/databases/mealie-backup.tar
Filenames
=========
Backup date: 2024-08-23
authentik
---------
/2024-08-23/globals/authentik-cnpg-backup-globals.sql
/2024-08-23/servers/authentik-cnpg-backup-servers.sql
/2024-08-23/databases/authentik-backup.sql
/2024-08-23/databases/authentik-postgress-backup.sql
/2024-08-23/databases/authentik-backup.bak
/2024-08-23/databases/authentik-postgress-backup.bak
fireflyiii
----------
/2024-08-23/globals/fireflyiii-cnpg-backup-globals.sql
/2024-08-23/servers/fireflyiii-cnpg-backup-servers.sql
/2024-08-23/databases/fireflyiii-backup.sql
/2024-08-23/databases/fireflyiii-postgress-backup.sql
/2024-08-23/databases/fireflyiii-backup.bak
/2024-08-23/databases/fireflyiii-postgress-backup.bak
gitea
-----
/2024-08-23/globals/gitea-cnpg-backup-globals.sql
/2024-08-23/servers/gitea-cnpg-backup-servers.sql
/2024-08-23/databases/gitea-backup.sql
/2024-08-23/databases/gitea-postgress-backup.sql
/2024-08-23/databases/gitea-backup.bak
/2024-08-23/databases/gitea-postgress-backup.bak
grafana
-------
/2024-08-23/globals/grafana-cnpg-backup-globals.sql
/2024-08-23/servers/grafana-cnpg-backup-servers.sql
/2024-08-23/databases/grafana-backup.sql
/2024-08-23/databases/grafana-postgress-backup.sql
/2024-08-23/databases/grafana-backup.bak
/2024-08-23/databases/grafana-postgress-backup.bak
home-assistant
--------------
/2024-08-23/globals/home-assistant-cnpg-backup-globals.sql
/2024-08-23/servers/home-assistant-cnpg-backup-servers.sql
/2024-08-23/databases/home-assistant-backup.sql
/2024-08-23/databases/home-assistant-postgress-backup.sql
/2024-08-23/databases/home-assistant-backup.bak
/2024-08-23/databases/home-assistant-postgress-backup.bak
mealie
------
/2024-08-23/globals/mealie-cnpg-backup-globals.sql
/2024-08-23/servers/mealie-cnpg-backup-servers.sql
/2024-08-23/databases/mealie-backup.sql
/2024-08-23/databases/mealie-postgress-backup.sql
/2024-08-23/databases/mealie-backup.bak
/2024-08-23/databases/mealie-postgress-backup.bak
onlyoffice-document-server
--------------------------
/2024-08-23/globals/onlyoffice-document-server-cnpg-backup-globals.sql
/2024-08-23/servers/onlyoffice-document-server-cnpg-backup-servers.sql
/2024-08-23/databases/onlyoffice-document-server-backup.sql
/2024-08-23/databases/onlyoffice-document-server-postgress-backup.sql
/2024-08-23/databases/onlyoffice-document-server-backup.bak
/2024-08-23/databases/onlyoffice-document-server-postgress-backup.bak
photoview
---------
/2024-08-23/globals/photoview-cnpg-backup-globals.sql
/2024-08-23/servers/photoview-cnpg-backup-servers.sql
/2024-08-23/databases/photoview-backup.sql
/2024-08-23/databases/photoview-postgress-backup.sql
/2024-08-23/databases/photoview-backup.bak
/2024-08-23/databases/photoview-postgress-backup.bak
sheetable
---------
/2024-08-23/globals/sheetable-cnpg-backup-globals.sql
/2024-08-23/servers/sheetable-cnpg-backup-servers.sql
/2024-08-23/databases/sheetable-backup.sql
/2024-08-23/databases/sheetable-postgress-backup.sql
/2024-08-23/databases/sheetable-backup.bak
/2024-08-23/databases/sheetable-postgress-backup.bak
vaultwarden
-----------
/2024-08-23/globals/vaultwarden-cnpg-backup-globals.sql
/2024-08-23/servers/vaultwarden-cnpg-backup-servers.sql
/2024-08-23/databases/vaultwarden-backup.sql
/2024-08-23/databases/vaultwarden-postgress-backup.sql
/2024-08-23/databases/vaultwarden-backup.bak
/2024-08-23/databases/vaultwarden-postgress-backup.bak

14
_instructions/set ACL permissions for media.txt Normal file
View File

@ -0,0 +1,14 @@
set ACL permissions for media folder to be accessible by media group
--------------------------------------------------------------------
On Truenas shell:
# read and note acl entries
getfacl /mnt/stpool1/NData1
getfacl /mnt/stpool1/NData1/Media
# set read and execute permissions for media group on parent folder
setfacl -m g:media:5 /mnt/stpool1/NData1
# set full permissions for media group on Media folder recursively
setfacl -R -m g:media:7 /mnt/stpool1/NData1/Media
# modify defaults recursively
setfacl -R -d -m g:media:7 /mnt/stpool1/NData1/Media
# NB! if you want to remove all acl entries from a folder recursively, use setfacl -b -R <foldername>

22
_instructions/static ips.txt Normal file
View File

@ -0,0 +1,22 @@
number mac address ip address description action
1 00:a0:98:76:1c:90 10.0.0.15 upd.sthome.org
2 00:18:ae:c5:2f:f0 10.0.0.10 cctv.sthome.org
3 00:15:99:9c:fb:4d 10.0.0.24 clx-3185fw.sthome.org
4 80:5e:0c:83:02:10 10.0.0.19 phone1.sthome.org
5 ec:71:db:3f:65:09 10.0.0.101 cam-driveway.sthome.org
6 38:d5:47:c8:00:77 10.0.0.20 truenas.sthome.org
7 10.0.0.22 pve.sthome.org
8 00:26:55:d9:73:b2 10.0.0.21 truenasvm.sthome.org
9 e0:bb:9e:84:c7:74 10.0.0.25 l1250.sthome.org
10 1c:fd:08:77:53:5c 10.0.0.30 wstat.sthome.org
11 1c:fd:08:77:53:5d 10.0.0.31 wstat.sthome.org
12 ec:71:db:57:2e:fb 10.0.0.102 cam-backyard.sthome.org
13 ec:71:db:c6:d9:32 10.0.0.103 cam-patio.sthome.org
14 ec:71:db:e9:af:a3 10.0.0.104 cam-eastwall.sthome.org
15 74:56:3c:4e:74:98 10.0.0.33 mediac.sthome.org
16 44:91:7c:07:3f:ba 10.0.0.43 zelna-nokia.sthome.org
17 4e:21:00:35:e7:fb 10.0.0.42 chris-samsung5g.sthome.org
18 30:ab:6a:fc:09:64 10.0.0.41 chris-samsung.sthome.org
19 7e:e3:5a:f4:dd:35 10.0.0.61 docker.sthome.org
20 bc:24:11:80:54:54 10.0.0.51 frigate-local.sthome.org
21 bc:24:11:06:32:3c 10.0.0.1 dserver.sthome.org

13
_instructions/to copy file from truenas k3s container .txt Normal file
View File

@ -0,0 +1,13 @@
To copy file from truenas k3s container
---------------------------------------
# get fullname of pod:
# Option 1:
# go to Apps can click on the relevant app
# under Workloads, click the shell icon and in the Choose pod window, select and copy the name of the relevant pod appearing in the first textbox to clipboard
# Option 2:
# list pods in the app's namespace:
k3s kubectl get pods -n ix-<appname>
# select and copy the relevant pod's name to clipboard
# use the following command to copy the a file from the container (container = appname)
k3s kubectl cp -c <container> <namespace>/<podname>:/path/to/file/in/container/filename.ext /local/path/and/filename.ext

7
_instructions/to install and use htpasswd.txt Normal file
View File

@ -0,0 +1,7 @@
Install htpasswd:
apt update & apt install apache2-utils
Create password hash for user admin with traefik basicauth
echo $(htpasswd -nB admin) | sed -e s/\\$/\\$\\$/g
Enter and confirm password to hash

5
_instructions/to list networks with subnets.txt Normal file
View File

@ -0,0 +1,5 @@
# to list networks with subnets
apt-get update
apt-get install q
docker network inspect $(docker network ls | awk '$3 == "bridge" { print $1}') | jq -r '.[] | .Name + " " + .IPAM.Config[0].Subnet' -

55
_instructions/to reset postgresql database password.txt Normal file
View File

@ -0,0 +1,55 @@
To reset postgresql database password
-------------------------------------
# example below uses vaultwarden as the app with db user "vaultwarden" and db name "vaultwarden"
# all commands are executed from docker shell
# stop vaultwarden
cd /opt/stacks/vaultwarden
docker compose down
# Edit pg_hba.conf
nano /mnt/data/vaultwarden/pgdata/pg_hba.conf
# at the bottom of the file, comment out "host all all all scram-sha-256" and add new line "host all all all trust"
# result should look as follows:
# -- snip --
# host all all all scram-sha-256
host all all all trust
# -- snip --
# start postgresql
cd /opt/stacks/vaultwarden
docker compose up -d postgresql
# exec into vaultwarden-postgresql-1
docker exec -it vaultwarden-postgresql-1 bash
# open psql shell
psql -U vaultwarden -d vaultwarden
# update password for "vaultwarden" user; "ALTER ROLE" should be returned
ALTER USER vaultwarden WITH PASSWORD 'new_password';
# (optional) ensure that "vaultwarden" user owns "vaultwarden" database
ALTER DATABASE vaultwarden OWNER TO vaultwarden
# quit psql shell
\q
# exit to docker shell
exit
# restore pg_hba.conf
nano /mnt/data/vaultwarden/pgdata/pg_hba.conf
# at the bottom of the file, uncomment out "host all all all scram-sha-256" and remove line "host all all all trust"
# result should look as follows:
# -- snip --
host all all all scram-sha-256
# -- snip --
# start vaultwarden
cd /opt/stacks/vaultwarden
docker compose up -d

62
_instructions/to upgrade postgresql.txt Normal file
View File

@ -0,0 +1,62 @@
To upgrade postgresql
---------------------
# example below uses vaultwarden as the app with db user "vaultwarden" and db name "vaultwarden"
# all commands are executed from docker shell, unless stated otherwise
# stop vaultwarden
cd /opt/stacks/vaultwarden
docker compose down
# start postgresql
cd /opt/stacks/vaultwarden
docker compose up -d postgresql
# dump database
cd /opt/stacks/vaultwarden
mkdir /mnt/data/vaultwarden/pgbackups/$(date -I)
docker exec vaultwarden-postgresql-1 pg_dumpall -U vaultwarden > /mnt/data/vaultwarden/pgbackups/$(date -I)/vaultwarden-backup.sql
chown -R postgres:postgres /mnt/data/vaultwarden/pgbackups/$(date -I)
chmod -R 700 /mnt/data/vaultwarden/pgbackups/$(date -I)
# stop postgresql
cd /opt/stacks/vaultwarden
docker compose down postgresql
# rename pgdata (we don't delete yet; in order to have a rollback option)
# in Truenas shell, enter
zfs rename SSD1/docker/data/vaultwarden/pgdata SSD1/docker/data/vaultwarden/pgdata-old
# create new pgdata dataset
# in Truenas shell, enter
zfs create SSD1/docker/data/vaultwarden/pgdata
chown -R postgres:postgres /mnt/SSD1/docker/data/vaultwarden/pgdata
chmod 700 /mnt/SSD1/docker/data/vaultwarden/pgdata
# edit the vaultwarden compose.yml file to the new version of the postgresql image
# -- snip --
postgresql:
image: postgres:17-alpine
# -- snip --
# pull image
docker compose pull
# start new postgresql container
docker compose up -d postgresql
# import database dump
cat /mnt/data/vaultwarden/pgbackups/$(date -I)/vaultwarden-backup.sql | docker exec -i vaultwarden-postgresql-1 psql -U vaultwarden
# stop postgresql
cd /opt/stacks/vaultwarden
docker compose down postgresql
# start stack
cd /opt/stacks/vaultwarden
docker compose up -d
# Check if all is ok
# Log into vaultwarden as check if all looks ok
# If ok, delete the pgdata-old dataset using Truenas GUI, or later (after confidence is high enough)

39
_instructions/troubleshooting container network.txt Normal file
View File

@ -0,0 +1,39 @@
https://github.com/nicolaka/netshoot
# Container's Network Namespace: If you're having networking issues with your application's container, you can launch netshoot with that container's network namespace like this:
docker run -it --net container:<container_name> nicolaka/netshoot
# Host's Network Namespace: If you think the networking issue is on the host itself, you can launch netshoot with that host's network namespace:
docker run -it --net host nicolaka/netshoot
# Launching netshoot with NET_ADMIN and CAP_NET_RAW capabilities. Capturing packets on eth0 with icmp
docker run --rm --cap-add=NET_ADMIN --cap-add=NET_RAW -it nicolaka/netshoot termshark -i eth0 icmp
# Capturing with “tcpdump” for viewing with Wireshark inside netshoot
# -------------------------------------------------------------------
docker run -it --net container:<container_name> nicolaka/netshoot # launch netshoot with container's network namespace
tcpdump -i <interface> -s 65535 -w <file> # capture with tcpdump
docker cp <containerId>:/file/path/within/container /host/path/target # copy dump file from netshoot to host
# Example of tcpdump capture: (using two terminals)
# -------------------------------------------------
# launch netshoot with plex's network namespace from docker shell
docker run -it --net container:plex nicolaka/netshoot
# run tcpdump within netshoot container:
tcpdump -i eth0 -s 65535 -w /tmp/plexdump.cap
# stop the dump
ctrl-c
# to get netshoot container name/id; using other terminal, in docker shell, enter:
docker ps | grep "netshoot"
# result of above; first item is containerId, last item is container name:
0c3986714b3f nicolaka/netshoot "zsh" 35 minutes ago Up 35 minutes exciting_jang
# copy file to current folder
docker cp exciting_jang:/tmp/plexdump.cap ./
# you can now exit from netshoot in first terminal

86
_instructions/troubleshooting containers default gateway.txt Normal file
View File

@ -0,0 +1,86 @@
# https://www.youtube.com/watch?v=WDQIv-Kd6hk&t=22s
https://serverfault.com/questions/696747/routing-from-docker-containers-using-a-different-physical-network-interface-and
# in container shell
ip route get 8.8.8.8
8.8.8.8 via 10.255.224.1 dev eth0 src 10.255.224.4
# in docker shell
ip -4 -br a s dev br-traefik-net1
br-traefik-net1 UP 10.255.224.1/20
ip route get 8.8.8.8
8.8.8.8 via 10.0.0.2 dev mv-enp7s0 src 10.0.0.61 uid 0
cache
ip r
default via 192.168.2.1 dev vee-eth1 proto static
default via 10.0.0.2 dev mv-enp7s0 proto static
10.0.0.0/24 dev mv-enp7s0 proto kernel scope link src 10.0.0.61
10.255.224.0/20 dev br-traefik-net1 proto kernel scope link src 10.255.224.1
10.255.240.0/24 dev br-traefik-net2 proto kernel scope link src 10.255.240.1
172.16.224.0/24 dev br-4da896b4a65a proto kernel scope link src 172.16.224.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-f5ab0a59124f proto kernel scope link src 172.18.0.1
192.168.2.0/24 dev vee-eth1 proto kernel scope link src 192.168.2.6
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
# reply packets
ip route get 10.255.224.4
10.255.224.4 dev br-traefik-net1 src 10.255.224.1 uid 0
cache
ip -4 -br a s dev br-traefik-net1
br-traefik-net1 UP 10.255.224.1/20
tcpdump -ni mv-enp7s0 icmp
tcpdump -ni vee-eth1 icmp
#list namespaces
lsns -t net
cat ~/snat.conf
# load config
nft -f ~/snat.conf
# list loaded configs
nft list ruleset
Change metric of default route to interface
-------------------------------------------
ip r
default via 192.168.2.1 dev vee-eth1 proto static
default via 10.0.0.2 dev mv-enp7s0 proto static
10.0.0.0/24 dev mv-enp7s0 proto kernel scope link src 10.0.0.61
10.255.224.0/20 dev br-traefik-net1 proto kernel scope link src 10.255.224.1
10.255.240.0/24 dev br-traefik-net2 proto kernel scope link src 10.255.240.1
172.16.224.0/24 dev br-2a6971a42c02 proto kernel scope link src 172.16.224.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-aa39a4420c90 proto kernel scope link src 172.18.0.1
192.168.2.0/24 dev vee-eth1 proto kernel scope link src 192.168.2.6
# then delete i/f, e.g. vee-eth1
ip route del default via 192.168.2.1
# then add with metric
ip route add default via 192.168.2.1 metric 50
ip r
default via 10.0.0.2 dev mv-enp7s0 proto static
default via 192.168.2.1 dev vee-eth1 metric 50
10.0.0.0/24 dev mv-enp7s0 proto kernel scope link src 10.0.0.61
10.255.224.0/20 dev br-traefik-net1 proto kernel scope link src 10.255.224.1
10.255.240.0/24 dev br-traefik-net2 proto kernel scope link src 10.255.240.1
172.16.224.0/24 dev br-2a6971a42c02 proto kernel scope link src 172.16.224.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-aa39a4420c90 proto kernel scope link src 172.18.0.1
192.168.2.0/24 dev vee-eth1 proto kernel scope link src 192.168.2.6

3
_instructions/troubleshooting mounts.txt Normal file
View File

@ -0,0 +1,3 @@
# to list mounts
findmnt -lo source,target,fstype,label,options,used -t zfs

4
_instructions/zfs rename dataset.txt Normal file
View File

@ -0,0 +1,4 @@
zfs rename dataset
-------------------
zfs rename poolname/datasetA/ugly poolname/datasetA/sightly

7
dashy/data/config/config.yml
View File

@ -61,6 +61,13 @@ sections:
statusCheck: true statusCheck: true
statusCheckUrl: https://pve.sthome.org:8006 statusCheckUrl: https://pve.sthome.org:8006
target: newtab target: newtab
- title: Portainer
description: Container management for proxmox/frigate
icon: dashboard-icons/svg/portainer.svg
url: https://portainer-local.sthome.org:9443/#!/auth
statusCheck: true
statusCheckUrl: https://portainer-local.sthome.org:9443
target: newtab
- title: Traefik - title: Traefik
description: Reverse proxy and load balancer description: Reverse proxy and load balancer
icon: dashboard-icons/svg/traefik.svg icon: dashboard-icons/svg/traefik.svg

22
esphome/Connecting esp32.txt Normal file
View File

@ -0,0 +1,22 @@
Ensure that Wifi that ESP will be connecting to, is configure for WPA-PSK/WPA2-PSK MIXED authentication
Plug in ESP32 into USB port of computer that runs the web browser.
Open https://esphome.sthome.org in Google Chrome or MS Edge web browser
Click on Prepare for first use
On success, click on Connect Wifi
Select relevant SSD1 and enter Wifi password
sthome-ut1
ESPhome uses mDNS witch is a multicast protocol, multicast does not cross vlans.
You have 4 options:
Use a Firewall/Router that permits mDNS to cross vlans
Use Avahi reflector on a RPI connected to all vlans
On hass.io add the "status_use_ping=true"
On esphome docker dashboard use the env "ESPHOME_DASHBOARD_USE_PING=true"

35
esphome/esphome_jm.txt Normal file
View File

@ -0,0 +1,35 @@
Create user and group
---------------------
Credentials -> Local Users -> Add
Full Name: esphome
Username: esphome
Disable Password: <select>
Email: <leave blank>
UID: (note)
Create New Primary Group: <select>
Create Home Directory: <uncheck>
Samba Authentication: <uncheck>
Save
esphome UID: 3017
esphome GID: 3016
Create datasets
---------------
# In Truenas shell:
# list datasets
zfs list | grep -i "docker.*esphome"
# create following dataset if not present
zfs create SSD1/docker/data/esphome
zfs create SSD1/docker/data/esphome/config
chown -R esphome:esphome /mnt/SSD1/docker/data/esphome
Create stacks folder
---------------------
mkdir -p /mnt/SSD1/docker/stacks/esphome
Copy folder to docker stacks
----------------------------
# In Windows cmd shell in esphome folder, enter:
./cp2nas 192.168.2.2

358
esphome/logs_sthome-24g4_rename.txt Normal file
View File

@ -0,0 +1,358 @@
INFO ESPHome 2025.3.3
INFO Reading configuration /config/sthome-24g4.yaml...
Updating /config/sthome-24g4.yaml to /config/sthome-ut1.yaml
INFO ESPHome 2025.3.3
INFO Reading configuration /config/sthome-ut1.yaml...
esphome:
name: sthome-ut1
friendly_name: !secret 'wifi_ssid'
min_version: 2025.3.3
build_path: build/sthome-ut1
area: ''
platformio_options: {}
includes: []
libraries: []
name_add_mac_suffix: false
esp32:
board: esp32dev
framework:
version: 2.0.5
advanced:
ignore_efuse_custom_mac: false
source: ~3.20005.0
platform_version: platformio/espressif32@5.4.0
type: arduino
flash_size: 4MB
variant: ESP32
logger:
baud_rate: 115200
tx_buffer_size: 512
deassert_rts_dtr: false
hardware_uart: UART0
level: DEBUG
logs: {}
api:
encryption:
key: 0Ki4j7JX8Y1IkMGh1fBBu2Dg6DgrnUq8GEXKZvkzeSY=[redacted]
port: 6053
password: ''[redacted]
reboot_timeout: 15min
ota:
- platform: esphome
password: 37f546590fcc15e1323d273540eb623a[redacted]
version: 2
port: 3232
wifi:
ap:
ssid: Sthome-24G4 Fallback Hotspot[redacted]
password: 7SglIlgdkpAD[redacted]
ap_timeout: 1min
domain: .local
reboot_timeout: 15min
power_save_mode: LIGHT
fast_connect: false
passive_scan: false
enable_on_boot: true
networks:
- ssid: !secret 'wifi_ssid'[redacted]
password: !secret 'wifi_password'[redacted]
priority: 0.0
use_address: sthome-ut1.local
captive_portal: {}
INFO Configuration is valid!
INFO ESPHome 2025.3.3
INFO Reading configuration /config/sthome-ut1.yaml...
INFO Generating C++ source...
INFO Core config, version or integrations changed, cleaning build files...
INFO Compiling app...
Processing sthome-ut1 (board: esp32dev; framework: arduino; platform: platformio/espressif32@5.4.0)
--------------------------------------------------------------------------------
Library Manager: Installing esphome/AsyncTCP-esphome @ 2.1.4
INFO Installing esphome/AsyncTCP-esphome @ 2.1.4
Unpacking [####################################] 100%
Library Manager: AsyncTCP-esphome@2.1.4 has been installed!
INFO AsyncTCP-esphome@2.1.4 has been installed!
Library Manager: Installing esphome/ESPAsyncWebServer-esphome @ 3.3.0
INFO Installing esphome/ESPAsyncWebServer-esphome @ 3.3.0
Unpacking [####################################] 100%
Library Manager: ESPAsyncWebServer-esphome@3.3.0 has been installed!
INFO ESPAsyncWebServer-esphome@3.3.0 has been installed!
Library Manager: Resolving dependencies...
INFO Resolving dependencies...
Library Manager: Installing esphome/noise-c @ 0.1.6
INFO Installing esphome/noise-c @ 0.1.6
Unpacking [####################################] 100%
Library Manager: noise-c@0.1.6 has been installed!
INFO noise-c@0.1.6 has been installed!
Library Manager: Resolving dependencies...
INFO Resolving dependencies...
Library Manager: Installing esphome/libsodium @ 1.10018.4
INFO Installing esphome/libsodium @ 1.10018.4
Unpacking [####################################] 100%
Library Manager: libsodium@1.10018.4 has been installed!
INFO libsodium@1.10018.4 has been installed!
HARDWARE: ESP32 240MHz, 320KB RAM, 4MB Flash
- toolchain-xtensa-esp32 @ 8.4.0+2021r2-patch5
Dependency Graph
|-- AsyncTCP-esphome @ 2.1.4
|-- WiFi @ 2.0.0
|-- FS @ 2.0.0
|-- Update @ 2.0.0
|-- ESPAsyncWebServer-esphome @ 3.3.0
|-- DNSServer @ 2.0.0
|-- ESPmDNS @ 2.0.0
|-- noise-c @ 0.1.6
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/api_connection.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/api_frame_helper.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/api_pb2.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/api_pb2_service.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/api_server.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/list_entities.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/proto.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/subscribe_state.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/api/user_services.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/captive_portal/captive_portal.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/esp32/core.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/esp32/gpio.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/esp32/preferences.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/esphome/ota/ota_esphome.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/logger/logger.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/logger/logger_esp32.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/logger/logger_esp8266.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/logger/logger_host.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/logger/logger_libretiny.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/logger/logger_rp2040.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/md5/md5.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/mdns/mdns_component.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/mdns/mdns_esp32.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/mdns/mdns_esp8266.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/mdns/mdns_host.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/mdns/mdns_libretiny.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/mdns/mdns_rp2040.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/network/util.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/ota/ota_backend.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/ota/ota_backend_arduino_esp32.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/ota/ota_backend_arduino_esp8266.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/ota/ota_backend_arduino_libretiny.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/ota/ota_backend_arduino_rp2040.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/ota/ota_backend_esp_idf.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/safe_mode/safe_mode.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/socket/bsd_sockets_impl.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/socket/lwip_raw_tcp_impl.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/socket/lwip_sockets_impl.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/socket/socket.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/web_server_base/web_server_base.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/wifi/wifi_component.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/wifi/wifi_component_esp32_arduino.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/wifi/wifi_component_esp8266.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/wifi/wifi_component_esp_idf.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/wifi/wifi_component_libretiny.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/components/wifi/wifi_component_pico_w.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/application.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/color.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/component.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/component_iterator.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/controller.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/entity_base.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/helpers.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/log.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/ring_buffer.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/scheduler.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/string_ref.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/time.cpp.o
Compiling .pioenvs/sthome-ut1/src/esphome/core/util.cpp.o
Compiling .pioenvs/sthome-ut1/src/main.cpp.o
Building .pioenvs/sthome-ut1/bootloader.bin
Generating partitions .pioenvs/sthome-ut1/partitions.bin
Creating esp32 image...
Successfully created esp32 image.
Compiling .pioenvs/sthome-ut1/lib07a/AsyncTCP-esphome/AsyncTCP.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFi.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiAP.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiClient.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiGeneric.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiMulti.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiSTA.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiScan.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiServer.cpp.o
Compiling .pioenvs/sthome-ut1/lib18f/WiFi/WiFiUdp.cpp.o
Compiling .pioenvs/sthome-ut1/lib6ca/FS/FS.cpp.o
Compiling .pioenvs/sthome-ut1/lib6ca/FS/vfs_api.cpp.o
Compiling .pioenvs/sthome-ut1/libb83/Update/HttpsOTAUpdate.cpp.o
Compiling .pioenvs/sthome-ut1/libb83/Update/Updater.cpp.o
Compiling .pioenvs/sthome-ut1/libce5/ESPAsyncWebServer-esphome/AsyncEventSource.cpp.o
Archiving .pioenvs/sthome-ut1/lib07a/libAsyncTCP-esphome.a
Compiling .pioenvs/sthome-ut1/libce5/ESPAsyncWebServer-esphome/AsyncWebSocket.cpp.o
Compiling .pioenvs/sthome-ut1/libce5/ESPAsyncWebServer-esphome/WebAuthentication.cpp.o
Compiling .pioenvs/sthome-ut1/libce5/ESPAsyncWebServer-esphome/WebHandlers.cpp.o
Compiling .pioenvs/sthome-ut1/libce5/ESPAsyncWebServer-esphome/WebRequest.cpp.o
Compiling .pioenvs/sthome-ut1/libce5/ESPAsyncWebServer-esphome/WebResponses.cpp.o
Compiling .pioenvs/sthome-ut1/libce5/ESPAsyncWebServer-esphome/WebServer.cpp.o
Compiling .pioenvs/sthome-ut1/lib5e9/DNSServer/DNSServer.cpp.o
Archiving .pioenvs/sthome-ut1/lib18f/libWiFi.a
Archiving .pioenvs/sthome-ut1/lib6ca/libFS.a
Compiling .pioenvs/sthome-ut1/lib3c3/ESPmDNS/ESPmDNS.cpp.o
Archiving .pioenvs/sthome-ut1/libb83/libUpdate.a
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_core/ed25519/core_ed25519.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_core/ed25519/core_ristretto255.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_core/salsa/ref/core_salsa_ref.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_generichash/blake2b/generichash_blake2.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-sse41.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_hash/crypto_hash.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_hash/sha256/hash_sha256.c.o
Archiving .pioenvs/sthome-ut1/lib5e9/libDNSServer.a
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_hash/sha512/hash_sha512.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_onetimeauth/crypto_onetimeauth.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/argon2-core.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/argon2-encoding.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c.o
Archiving .pioenvs/sthome-ut1/lib3c3/libESPmDNS.a
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/argon2-fill-block-ref.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/argon2.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/blake2b-long.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_scalarmult/crypto_scalarmult.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_sign/crypto_sign.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_sign/ed25519/ref10/keypair.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_sign/ed25519/ref10/obsolete.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_sign/ed25519/ref10/open.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_sign/ed25519/ref10/sign.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_sign/ed25519/sign_ed25519.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c.o
Archiving .pioenvs/sthome-ut1/libce5/libESPAsyncWebServer-esphome.a
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/chacha20/stream_chacha20.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/crypto_stream.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/salsa20/stream_salsa20.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6-asm.S.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-avx2.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-sse2.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/crypto_verify/sodium/verify.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/randombytes/internal/randombytes_internal_random.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/randombytes/randombytes.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/randombytes/sysrandom/randombytes_sysrandom.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/sodium/codecs.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/sodium/core.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/sodium/runtime.c.o
Compiling .pioenvs/sthome-ut1/libf54/libsodium/sodium/utils.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/openssl/cipher-aesgcm.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/ref/cipher-aesgcm.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/ref/cipher-chachapoly.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/ref/dh-curve25519.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/ref/hash-blake2b.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/ref/hash-blake2s.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/ref/hash-sha256.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/sodium/cipher-aesgcm.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/sodium/cipher-chachapoly.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/sodium/dh-curve25519.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/sodium/hash-blake2b.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/backend/sodium/hash-sha256.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/aes/rijndael-alg-fst.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/blake2/blake2b.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/blake2/blake2s.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/chacha/chacha.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/donna/curve25519-donna-c64.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/donna/curve25519-donna.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/donna/poly1305-donna.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/sha2/sha256.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/sha2/sha512.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/crypto/x25519/x25519.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/cipherstate.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/dhstate.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/errors.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/handshakestate.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/hashstate.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/internal.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/names.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/patterns.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/rand_os.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/rand_sodium.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/randstate.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/signstate.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/symmetricstate.c.o
Compiling .pioenvs/sthome-ut1/libda9/noise-c/protocol/util.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/Esp.cpp.o
Archiving .pioenvs/sthome-ut1/libda9/libnoise-c.a
Archiving .pioenvs/sthome-ut1/libf54/libsodium.a
Compiling .pioenvs/sthome-ut1/FrameworkArduino/FirmwareMSC.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/FunctionalInterrupt.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/HWCDC.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/HardwareSerial.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/IPAddress.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/IPv6Address.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/MD5Builder.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/Print.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/Stream.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/StreamString.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/Tone.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/USB.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/USBCDC.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/USBMSC.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/WMath.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/WString.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/base64.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/cbuf.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-adc.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-bt.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-cpu.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-dac.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-gpio.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-i2c-slave.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-i2c.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-ledc.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-matrix.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-misc.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-psram.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-rgb-led.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-rmt.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-sigmadelta.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-spi.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-time.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-timer.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-tinyusb.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-touch.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/esp32-hal-uart.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/firmware_msc_fat.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/libb64/cdecode.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/libb64/cencode.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/main.cpp.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/stdlib_noniso.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/wiring_pulse.c.o
Compiling .pioenvs/sthome-ut1/FrameworkArduino/wiring_shift.c.o
Archiving .pioenvs/sthome-ut1/libFrameworkArduino.a
Linking .pioenvs/sthome-ut1/firmware.elf
RAM: [= ] 12.4% (used 40640 bytes from 327680 bytes)
Flash: [===== ] 49.5% (used 907665 bytes from 1835008 bytes)
Building .pioenvs/sthome-ut1/firmware.bin
Creating esp32 image...
Successfully created esp32 image.
esp32_create_combined_bin([".pioenvs/sthome-ut1/firmware.bin"], [".pioenvs/sthome-ut1/firmware.elf"])
SHA digest in image updated
Wrote 0xef020 bytes to file /config/.esphome/build/sthome-ut1/.pioenvs/sthome-ut1/firmware.factory.bin, ready to flash to offset 0x0
esp32_copy_ota_bin([".pioenvs/sthome-ut1/firmware.bin"], [".pioenvs/sthome-ut1/firmware.elf"])
========================= [SUCCESS] Took 32.39 seconds =========================
INFO Successfully compiled program.
INFO Resolving IP address of sthome-24g4.local in mDNS
INFO Resolving IP address of sthome-24g4.local
ERROR Error resolving IP address of sthome-24g4.local. Is it connected to WiFi?
ERROR (If this error persists, please set a static IP address: https://esphome.io/components/wifi.html#manual-ips)
ERROR Error resolving IP address: Error resolving address with mDNS: Did not respond. Maybe the device is offline., [Errno -2] Name or service not known

15
esphome/stacks/.env Normal file
View File

@ -0,0 +1,15 @@
#
# values to be used for substitution by docker compose in compose.yml AND .*.env files
#
APPLICATION_NAME=esphome
DOCKERDIR=/mnt/SSD1/docker/
STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATADIR=${DOCKERDIR}/data/${APPLICATION_NAME}
SECRETSDIR=${STACKSDIR}/secrets
PUID=3066
PGID=3067
DOMAINNAME=sthome.org
WEBUI_PORT=6052

6
esphome/stacks/.esphome.env Normal file
View File

@ -0,0 +1,6 @@
#
# environment variables for emby
#
PUID=${PUID}
PGID=${PGID}
TZ=Africa/Johannesburg

62
esphome/stacks/compose.yml Normal file
View File

@ -0,0 +1,62 @@
name: esphome
networks:
traefik-net:
external: true
mdns-net:
external: true
services:
esphome:
hostname: esphome
image: esphome/esphome
env_file: .esphome.env
volumes:
- /var/run/dbus:/var/run/dbus
- /var/run/avahi-daemon/socket:/var/run/avahi-daemon/socket
- /etc/localtime:/etc/localtime:ro
- ${DATADIR}/config:/config
restart: unless-stopped
privileged: true
networks:
- traefik-net
- mdns-net
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
#
# http services
# -------------
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
#
# http routers
# ------------
# limit router to web ":80" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-secureHeaders-redirect@file"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
#
# limit router to websecure ":443" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-secureHeaders@file"
# tls
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# apply tls options
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file"
# generate certificates using following certresolver
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"
# avahi-tools:
# volumes:
# - /run/dbus:/var/run/dbus
# - /run/avahi-daemon:/var/run/avahi-daemon
# image: ahasbini/avahi-tools:latest
# command: avahi-publish-service -s truenas.sthome.org _ssh._tcp 2222

BIN
esphome/sthome-24g4-firmware.factory.bin Normal file
View File

Binary file not shown.

47
esphome/sthome-24g4.yaml Normal file
View File

@ -0,0 +1,47 @@
esphome:
name: sthome-24g4
friendly_name: sthome-2.4G4
esp32:
board: esp32dev
framework:
type: arduino
# Enable logging
logger:
# Enable Home Assistant API
api:
encryption:
key: "0Ki4j7JX8Y1IkMGh1fBBu2Dg6DgrnUq8GEXKZvkzeSY="
ota:
- platform: esphome
password: "37f546590fcc15e1323d273540eb623a"
wifi:
# ssid: !secret wifi_ssid
# password: !secret wifi_password
# multiple Wifi SSIDs
networks:
- ssid: !secret wifi_ssid1
password: !secret wifi_password1
- ssid: !secret wifi_ssid2
password: !secret wifi_password2
- ssid: !secret wifi_ssid3
password: !secret wifi_password3
- ssid: !secret wifi_ssid4
password: !secret wifi_password4
manual_ip:
# Set this to the IP of the ESP
static_ip: 10.0.2.1
gateway: 10.0.0.2
subnet: 255.255.240.0
dns1: 10.0.0.1
dns2: 10.0.0.2
# Enable fallback hotspot (captive portal) in case wifi connection fails
ap:
ssid: "Sthome-24G4 Fallback Hotspot"
password: "7SglIlgdkpAD"
captive_portal:

2
external/traefik-users/frigate.txt vendored
View File

@ -3,3 +3,5 @@ chris:$2y$05$FSl7QIqo.VMe69nm8K.Dv.O05Gi6oad.2qY7oKjgqbPa4eBPintbK
Chris:$2y$05$8r6M8zr0MFIiDLUm1vP1Ee0AP8kMJtDsw4zezFeSDVlWeEOkwuBuC Chris:$2y$05$8r6M8zr0MFIiDLUm1vP1Ee0AP8kMJtDsw4zezFeSDVlWeEOkwuBuC
home:$2y$05$VjkUjMGVdxMn3N/rMK8nBuh1jAUfezo8i4167enEg7i9Xl45cVQGi home:$2y$05$VjkUjMGVdxMn3N/rMK8nBuh1jAUfezo8i4167enEg7i9Xl45cVQGi
Home:$2y$05$JP8tB1nkPA8tbhEnhGV6teke.X87eFX4V9hi9qa2ArLISJ4Ksf2ca Home:$2y$05$JP8tB1nkPA8tbhEnhGV6teke.X87eFX4V9hi9qa2ArLISJ4Ksf2ca
zelna:$2y$10$1OREtkEjjO0834TnxYAaWe2.N.gM4V01cOqDRRoEmG.SiiIvLsEk.
Zelna:$2y$10$vgfcMmEB3L8nAReV4cUyw.BR7PAMIEmzNdeCpLNcHxvepul88InZ6

4
grafana/stacks/compose.yml
View File

@ -30,11 +30,11 @@ services:
# HTTP Routers # HTTP Routers
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web" - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file" - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-redirect@file"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc" - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders@file"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"

BIN
home-assistant/Alves C. Lua Programming. The Ultimate Beginner's Guide...Step by Step 3ed 2021/Alves C. Lua Programming. The Ultimate Beginner's Guide...Step by Step 3ed 2021.pdf Normal file
View File

Binary file not shown.

BIN
home-assistant/Alves C. Lua Programming. The Ultimate Beginner's Guide...Step by Step 3ed 2021/Coutinho C. Roblox Lua Scripting Essentials. A Step-by-Step Guide 2023.pdf Normal file
View File

Binary file not shown.

BIN
home-assistant/Programming in Lua - 4th Edition/Programming in Lua - 4th Edition.epub Normal file
View File

Binary file not shown.

BIN
home-assistant/Programming in Lua - 4th Edition/Programming in Lua - 4th Edition.mobi Normal file
View File

Binary file not shown.

BIN
home-assistant/Programming in Lua - 4th Edition/Programming in Lua - 4th Edition.pdf Normal file
View File

Binary file not shown.

1
home-assistant/home-automation.txt Normal file
View File

@ -0,0 +1 @@
Video: https://www.youtube.com/watch?v=J_KblaAVE18&t=936s

10
home-assistant/stacks/.env
View File

@ -1,8 +1,10 @@
# #
# values to be used for substitution by docker compose in compose.yml AND .*.env files # values to be used for substitution by docker compose in compose.yml AND .*.env files
# #
DOMAINNAME=sthome.org
APPLICATION_NAME=home-assistant APPLICATION_NAME=home-assistant
DOCKERDIR=/mnt/SSD1/docker/ DOCKERDIR=/mnt/SSD1/docker
MEDIADIR=/mnt/stpool1/NData1/Media MEDIADIR=/mnt/stpool1/NData1/Media
DOWNLOADSDIR=/mnt/stpool1/Downloads DOWNLOADSDIR=/mnt/stpool1/Downloads
@ -10,10 +12,12 @@ STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
DATAROOT=${DOCKERDIR}/data DATAROOT=${DOCKERDIR}/data
DATADIR=${DATAROOT}/${APPLICATION_NAME} DATADIR=${DATAROOT}/${APPLICATION_NAME}
SECRETSDIR=${STACKSDIR}/secrets SECRETSDIR=${STACKSDIR}/secrets
DOMAINNAME=sthome.org
WEBUI_PORT=8123 WEBUI_PORT=8123
APP2_NAME=esphome
APP2_DATADIR=${DATAROOT}/${APP2_NAME}
APP2_WEBUI_PORT=6052
# #
# Generate DB_PASSWORD with: # Generate DB_PASSWORD with:
# openssl rand 36 | base64 -w 0 > /mnt/SSD1/docker/stacks/home-assistant/secrets/home-assistant_postgresql_password # openssl rand 36 | base64 -w 0 > /mnt/SSD1/docker/stacks/home-assistant/secrets/home-assistant_postgresql_password

6
home-assistant/stacks/.esphome.env Normal file
View File

@ -0,0 +1,6 @@
#
# environment variables for emby
#
PUID=3066
PGID=3067
TZ=Africa/Johannesburg

66
home-assistant/stacks/compose.yml
View File

@ -14,6 +14,8 @@ networks:
external: true external: true
postgres-net: postgres-net:
external: true external: true
mdns-net:
external: true
services: services:
home-assistant: home-assistant:
@ -29,47 +31,57 @@ services:
networks: networks:
- traefik-net - traefik-net
- postgres-net - postgres-net
- mdns-net
depends_on: depends_on:
postgresql: postgresql:
condition: service_healthy condition: service_healthy
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=traefik-net - traefik.docker.network=traefik-net
# http middlewares
# ---------------------------
#- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.users=${ADMIN_CREDENTIALS}, ${USER_CREDENTIALS}"
#- "traefik.http.middlewares.${APPLICATION_NAME}-auth.basicauth.usersfile=/mnt/users/common.txt"
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true"
#
# http services
# -------------
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}" - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
#
# http routers
# ------------
# limit router to web ":80" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web" - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-secureHeaders-redirect@file"
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc" - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
#
# limit router to websecure ":443" entrypoint
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
# set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# set router to be dedicated to secure requests only for the host specified in match criteria - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-secureHeaders@file"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# generate certificates using following certresolver - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file"
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
# attach middlewares to router
#- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=${APPLICATION_NAME}-auth"
# assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"
# esphome:
# hostname: esphome
# image: esphome/esphome
# env_file: .esphome.env
# volumes:
# - /etc/localtime:/etc/localtime:ro
# - ${APP2_DATADIR}/config:/config
# restart: unless-stopped
# privileged: true
# networks:
# - traefik-net
# labels:
# - traefik.enable=true
# - traefik.docker.network=traefik-net
# - "traefik.http.services.${APP2_NAME}-svc.loadbalancer.server.port=${APP2_WEBUI_PORT}"
# - "traefik.http.routers.${APP2_NAME}-rtr.entrypoints=web"
# - "traefik.http.routers.${APP2_NAME}-rtr.rule=Host(`${APP2_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# - "traefik.http.routers.${APP2_NAME}-rtr.middlewares=http-mw-secureHeaders-redirect@file"
# - "traefik.http.routers.${APP2_NAME}-rtr.service=${APP2_NAME}-svc"
# - "traefik.http.routers.${APP2_NAME}-secure-rtr.entrypoints=websecure"
# - "traefik.http.routers.${APP2_NAME}-secure-rtr.rule=Host(`${APP2_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# - "traefik.http.routers.${APP2_NAME}-secure-rtr.middlewares=http-mw-secureHeaders@file"
# - "traefik.http.routers.${APP2_NAME}-secure-rtr.tls=true"
# - "traefik.http.routers.${APP2_NAME}-secure-rtr.tls.options=tls-options@file"
# - "traefik.http.routers.${APP2_NAME}-secure-rtr.tls.certresolver=solver-dns"
# - "traefik.http.routers.${APP2_NAME}-secure-rtr.service=${APP2_NAME}-svc"
# avahi-tools:
# volumes:
# - /run/dbus:/var/run/dbus
# - /run/avahi-daemon:/var/run/avahi-daemon
# image: ahasbini/avahi-tools:latest
# command: avahi-publish-service -s truenas.sthome.org _ssh._tcp 2222
postgresql: postgresql:
image: postgres:16-alpine image: postgres:16-alpine
hostname: "${APPLICATION_NAME}_postgresql" hostname: "${APPLICATION_NAME}_postgresql"

15
kavita/stacks/compose.yml
View File

@ -16,19 +16,12 @@ services:
- traefik-net - traefik-net
volumes: volumes:
- "${DATADIR}/config:/config" - "${DATADIR}/config:/config"
- "${MEDIADIR}/Books/manga:/manga" - "${MEDIADIR}/Books:/books"
- "${MEDIADIR}/Books/comics:/comics"
- "${MEDIADIR}/Books/ebooks:/ebooks"
restart: unless-stopped restart: unless-stopped
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.docker.network=traefik-net - traefik.docker.network=traefik-net
# #
# http middlewares
# ---------------------------
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true"
#
# http services # http services
# ------------- # -------------
- "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}" - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
@ -40,7 +33,7 @@ services:
# set match criteria for router # set match criteria for router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)" - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
# attach middlewares to router # attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect" - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-secureHeaders-redirect@file"
# assign svc target to router # assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc" - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
# #
@ -51,6 +44,8 @@ services:
# set router to be dedicated to secure requests only for the host specified in match criteria # set router to be dedicated to secure requests only for the host specified in match criteria
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
# generate certificates using following certresolver # generate certificates using following certresolver
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
# attach middlewares to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-secureHeaders@file"
# assign svc target to router # assign svc target to router
- "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc" - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"

2
mdns-reflector/stacks/.env Normal file
View File

@ -0,0 +1,2 @@
MDNS_REFLECTOR_IP=10.0.2.254

2
mdns-reflector/stacks/.mdns-reflector.env Normal file
View File

@ -0,0 +1,2 @@
REFLECTOR_ENABLE_REFLECTOR="yes"

20
mdns-reflector/stacks/compose.yml Normal file
View File

@ -0,0 +1,20 @@
# for containers requiring multi-cast dns, e.g. home-assistant, esphome, etc.
name: mdns-reflector
services:
mdns-reflector:
image: flungo/avahi:latest
env_file: .mdns-reflector.env
hostname: mdns-reflector
networks:
mdns-net: null
macvlan1:
ipv4_address: "${MDNS_REFLECTOR_IP}"
deploy:
replicas: 1
networks:
mdns-net:
external: true
macvlan1:
external: true

51
networks/stacks/compose.yml
View File

@ -1,6 +1,21 @@
name: networks name: networks
services:
netbb:
image: busybox
hostname: netsvc2
networks:
- traefik-net
- postgres-net
- mariadb-net
- mysql-net
- authentik-net
- fireflyiii-net
- vaultwarden-net
- digikam-net
- macvlan0
- macvlan1
- mdns-net
networks: networks:
macvlan0: macvlan0:
name: macvlan0 name: macvlan0
@ -13,7 +28,17 @@ networks:
config: config:
- subnet: 192.168.2.0/24 - subnet: 192.168.2.0/24
gateway: 192.168.2.1 gateway: 192.168.2.1
macvlan1:
name: macvlan1
driver: macvlan
driver_opts:
parent: enp7s0
com.docker.network.macvlan.mode: bridge
com.docker.network.bridge.name: "br-localnet"
ipam:
config:
- subnet: 10.0.0.0/20
gateway: 10.0.0.2
traefik-net: traefik-net:
name: traefik-net name: traefik-net
attachable: true attachable: true
@ -66,21 +91,13 @@ networks:
internal: true internal: true
driver_opts: driver_opts:
com.docker.network.bridge.name: "br-digikam" com.docker.network.bridge.name: "br-digikam"
mdns-net:
services: name: mdns-net
netbb: driver: bridge
image: busybox internal: true
hostname: netsvc2 driver_opts:
networks: com.docker.network.bridge.name: "br-mdns"
- traefik-net
- postgres-net
- mariadb-net
- mysql-net
- authentik-net
- fireflyiii-net
- vaultwarden-net
- digikam-net
- macvlan0

2
wg-easy/stacks/.env
View File

@ -28,7 +28,7 @@ WG_HOST=vpn.sthome.org
PASSWORD_HASH=$$2a$$12$$S9vnQ5EtnaXhsjpMLUNR0eervb/Koooa26VrzAjjIGbWRpxuHUenS # NB: the single quotes around the hash should be removed, hint = a PASSWORD_HASH=$$2a$$12$$S9vnQ5EtnaXhsjpMLUNR0eervb/Koooa26VrzAjjIGbWRpxuHUenS # NB: the single quotes around the hash should be removed, hint = a
WG_DEFAULT_ADDRESS=10.8.0.x WG_DEFAULT_ADDRESS=10.8.0.x
WG_DEFAULT_DNS=192.168.2.1, 10.0.0.1, 1.1.1.1 WG_DEFAULT_DNS=10.0.0.1, 1.1.1.1
WG_ALLOWED_IPS=0.0.0.0/0, ::/0 WG_ALLOWED_IPS=0.0.0.0/0, ::/0
WG_PERSISTENT_KEEPALIVE=25 WG_PERSISTENT_KEEPALIVE=25