mitch/homelab
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial

Browse Source
This commit is contained in:
wvr
2023-05-14 16:00:27 -05:00
commit b8549f1c9b
15 changed files with 305 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md Normal file
View File

@@ -0,0 +1 @@
# homelab

18
gamestation/gamestation-rdp.sh Normal file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/env bash
###################-p - \
rdesktop \
-x lan \
-P \
-z \
-g 1920x1080 \
-a 24 \
-u gamestation \
-d home.weaver \
gamestation &
#-g 3840x2160 \
#-g 1024x768 \
# -g 1024x768 \
disown
exit 0

54
iptables-skeleton.sh Normal file
View File

@@ -0,0 +1,54 @@
#!/bin/sh
#
# mitchs iptables skeleton config
# -------------------------------------------
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
# variables
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUBNET=192.168.100
PIHOLE=$SUBNET.200
# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
# flush
iptables -F
# deny all default
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# dns to pihole
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p tcp --dport 53 -m state --state NEW
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p udp --dport 53 -m state --state NEW
# permit local ssh
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
# permit outgoing http,https,ftp as well for updates and things
iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
# permit loopback
iptables -A OUTPUT -j ACCEPT -o lo
# permit established
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# save
if command -v systemctl >/dev/null 2>&1 ; then
# redhat
if [ -f /etc/sysconfig/iptables ] ; then
iptables-save -f /etc/sysconfig/iptables
# arch
elif [ -f /etc/iptables/iptables.rules ] ; then
iptables-save -f /etc/iptables/iptables.rules
fi
# alpine
elif command -v rc-service >/dev/null 2>&1 ; then
/etc/init.d/iptables save
fi

37
move-in-alpine.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/sh
#
# new Alpine container/VM setup script
#
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
cat >/etc/apk/repositories <<EOF
https://dl-cdn.alpinelinux.org/alpine/edge/main
https://dl-cdn.alpinelinux.org/alpine/edge/community
https://dl-cdn.alpinelinux.org/alpine/edge/testing
EOF
apk update
apk upgrade
# for compability with various projects
apk add util-linux bash
apk add curl wget mandoc rsync git tree pv ncdu make neofetch pfetch htop neovim
apk add openssh openssh-server
sed -i 's/.*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
rc-update add sshd default
rc-service sshd start
apk add fail2ban
rc-update add fail2ban default
rc-service fail2ban start
if ! dmesg >&2 | grep 'Operation not permitted' >/dev/null ; then
apk add qemu-guest-agent
rc-update add qemu-guest-agent default
rc-service qemu-guest-agent start
fi
apk add samba samba-client cifs-utils samba-client

36
netdata.conf Normal file
View File

@@ -0,0 +1,36 @@
#
# Mitch Weaver's homelab netdata config
# domain: home.weaver
#
# http://localhost:19999/netdata.conf
#
#
# note: to disable analytics, in /etc/netdata folder do:
#
# $ touch .opt-out-from-anonymous-statistics
#
#
# Connecting to netdata cloud:
#
# $ netdata-claim.sh -token=abcdefg -room=abcdefg-abcdefg
#
# ---------------------------------------------------------
[global]
run as user = netdata
web files owner = root
web files group = root
bind socket to IP = 127.0.0.1
history = 3600
memory mode = dbengine
page cache size = 32 # RAM storage in MB
dbengine multihost disk space = 512 # disk storage in MB
# disable local web as I use netdata cloud as overview
[web]
mode = none
[ml]
enabled = yes

58
poweredge/ipmi-fancontrol.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/sh -e
#
# script to manage fan speeds on dell poweredge servers
# note: uses default creds of root/calvin
#
# * NOTE: *
# To resolve ipmi issue, need to change the IPMI over LAN setting from
# [Disabled] to [Enabled] in the iDRAC/iLO.
#
# default creds are root/calvin
: "${IDRAC_USER:=root}"
: "${IDRAC_PW:=calvin}"
usage() {
>&2 printf 'Usage: %s host [-a]|[1-100]\n' "${0##*/}"
exit 1
}
dec2hex() {
printf '%x\n' "$1"
}
sendcommand() {
# shellcheck disable=2086
ipmitool \
-I lanplus \
-H "${IDRAC_IP:-192.168.0.94}" \
-U "$IDRAC_USER" \
-P "$IDRAC_PW" \
$1
}
manual='raw 0x30 0x30 0x01 0x00'
auto='raw 0x30 0x30 0x01 0x01'
case $1 in
-h|--help)
usage
esac
case ${1#-} in
m|manual)
sendcommand "$manual"
;;
a|automatic)
sendcommand "$auto"
;;
*)
sendcommand "$manual" &&
case $1 in
[1-9])
sendcommand "raw 0x30 0x30 0x02 0xff 0x0$1"
;;
*)
sendcommand "raw 0x30 0x30 0x02 0xff 0x0$(dec2hex "$1")"
esac
esac

1
proxmox/etc/kernel/cmdline Normal file
View File

@@ -0,0 +1 @@
root=ZFS=rpool/ROOT/pve-1 quiet intel_iommu=on boot=zfs

4
proxmox/etc/modprobe.d/blacklist.conf Normal file
View File

@@ -0,0 +1,4 @@
blacklist nouveau
blacklist nvidia
blacklist i2c_nvidia_gpu
blacklist snd_hda_intel

2
proxmox/etc/modprobe.d/kvm.conf Normal file
View File

@@ -0,0 +1,2 @@
options kvm ignore_msrs=1 report_ignored_msrs=0 vfio_iommu_type1 allow_unsafe_interrupts=1

4
proxmox/etc/modprobe.d/pve-blacklist.conf Normal file
View File

@@ -0,0 +1,4 @@
# This file contains a list of modules which are not supported by Proxmox VE
# nidiafb see bugreport https://bugzilla.proxmox.com/show_bug.cgi?id=701
blacklist nvidiafb

1
proxmox/etc/modprobe.d/vfio.conf.P600 Normal file
View File

@@ -0,0 +1 @@
options vfio-pci ids=10de:1cb2,10de:0fb9 disable_vga=1

2
proxmox/etc/modprobe.d/vfio.conf.RTX3080 Normal file
View File

@@ -0,0 +1,2 @@
options vfio-pci ids=10de:2216,10de:1aef disable_vga=1

13
proxmox/etc/network/interfaces Normal file
View File

@@ -0,0 +1,13 @@
auto lo
iface lo inet loopback
iface enp8s0 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.100.50/24
gateway 192.168.100.1
bridge-ports enp8s0
bridge-stp off
bridge-fd 0

51
proxmox/etc/rc.local Normal file
View File

@@ -0,0 +1,51 @@
#!/bin/sh
# for con in vtcon0 vtcon1 ; do
# if [ -e /sys/class/vtconsole/$con/bind ] ; then
# echo 0 > /sys/class/vtconsole/$con/bind ||:
# fi
# done
# if [ -e /sys/bus/platform/drivers/efi-framebuffer/unbind ] ; then
# for i in 0 1 2 3 4 5 6 7 8 9 ; do
# echo efi-framebuffer.$i | tee /sys/bus/platform/drivers/efi-framebuffer/unbind ||:
# done
# fi
# ------------------------------------------------
# workaround for when the interface name changes
# ------------------------------------------------
if dmesg | grep -i mlx >/dev/null ; then
interface=$(dmesg | grep mlx | grep 'mlx.*.renamed')
interface=enp${interface##* enp}
interface=${interface%%: *}
else
# copper ethernet
interface=enp8s0
fi
if [ ! "$interface" ] ; then
interface=enp8s0
fi
cat > /etc/network/interfaces <<EOF
auto lo
iface lo inet loopback
iface $interface inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.100.50/24
gateway 192.168.100.1
bridge-ports $interface
bridge-stp off
bridge-fd 0
EOF
ifup -a
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
# just to make sure this ran
date > /tmp/rclocal_last_run.txt

23
update_vms.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
ALPINE='pihole seedbox gitea shaarli website joplin nextcloud nginx-proxy-manager mango heimdall persimmon whoogle'
UBUNTU='jellyfin pbs photoview'
# soulseek
msg() {
>&2 printf '[*] %s\n' "$*"
}
for i in $ALPINE ; do
if ping -q -W 2 -c 1 "$i" >/dev/null ; then
msg "Updating: $i"
ssh $i 'apk update;apk upgrade'
fi
done
for i in $UBUNTU ; do
if ping -q -W 2 -c 1 "$i" >/dev/null ; then
msg "Updating: $i"
ssh $i 'apt update;apt upgrade -y;apt dist-upgrade -y;apt autoremove -y'
fi
done