initial

README.md

@@ -0,0 +1 @@
+# homelab

gamestation/gamestation-rdp.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+###################-p - \
+rdesktop \
+	-x lan \
+	-P \
+	-z \
+	-g 1920x1080 \
+	-a 24 \
+	-u gamestation \
+	-d home.weaver \
+	gamestation &
+#-g 3840x2160 \
+#-g 1024x768 \
+#	-g 1024x768 \
+disown
+
+exit 0

iptables-skeleton.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# mitchs iptables skeleton config
+# -------------------------------------------
+
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+# variables
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+SUBNET=192.168.100
+PIHOLE=$SUBNET.200
+# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
+
+# flush
+iptables -F
+
+# deny all default
+iptables -P OUTPUT DROP
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+
+# dns to pihole
+iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p tcp --dport 53 -m state --state NEW
+iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p udp --dport 53 -m state --state NEW
+
+# permit local ssh
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
+
+# permit outgoing http,https,ftp as well for updates and things
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
+
+# permit loopback
+iptables -A OUTPUT -j ACCEPT -o lo
+
+# permit established
+iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
+
+# save
+if command -v systemctl >/dev/null 2>&1 ; then
+	# redhat
+	if [ -f /etc/sysconfig/iptables ] ; then
+		iptables-save -f /etc/sysconfig/iptables
+	# arch
+	elif [ -f /etc/iptables/iptables.rules ] ; then
+		iptables-save -f /etc/iptables/iptables.rules
+	fi
+	# alpine
+elif command -v rc-service >/dev/null 2>&1 ; then
+	/etc/init.d/iptables save
+fi

move-in-alpine.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# new Alpine container/VM setup script
+#
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+
+cat >/etc/apk/repositories <<EOF
+https://dl-cdn.alpinelinux.org/alpine/edge/main
+https://dl-cdn.alpinelinux.org/alpine/edge/community
+https://dl-cdn.alpinelinux.org/alpine/edge/testing
+EOF
+
+apk update
+apk upgrade
+
+# for compability with various projects
+apk add util-linux bash
+
+apk add curl wget mandoc rsync git tree pv ncdu make neofetch pfetch htop neovim
+
+apk add openssh openssh-server
+sed -i 's/.*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
+rc-update add sshd default
+rc-service sshd start
+
+apk add fail2ban
+rc-update add fail2ban default
+rc-service fail2ban start
+
+if ! dmesg >&2 | grep 'Operation not permitted' >/dev/null ; then
+	apk add qemu-guest-agent
+	rc-update add qemu-guest-agent default
+	rc-service qemu-guest-agent start
+fi
+
+apk add samba samba-client cifs-utils samba-client
+

netdata.conf

@@ -0,0 +1,36 @@
+#
+# Mitch Weaver's homelab netdata config
+# domain: home.weaver
+#
+# http://localhost:19999/netdata.conf
+#
+#
+# note: to disable analytics, in /etc/netdata folder do:
+#
+# $ touch .opt-out-from-anonymous-statistics
+#
+#
+# Connecting to netdata cloud:
+#
+# $ netdata-claim.sh  -token=abcdefg -room=abcdefg-abcdefg
+#
+# ---------------------------------------------------------
+[global]
+    run as user = netdata
+    web files owner = root
+    web files group = root
+
+    bind socket to IP = 127.0.0.1
+
+    history = 3600
+
+    memory mode = dbengine
+    page cache size = 32 # RAM storage in MB
+    dbengine multihost disk space = 512 # disk storage in MB
+
+# disable local web as I use netdata cloud as overview
+[web]
+    mode = none
+
+[ml]
+    enabled = yes

poweredge/ipmi-fancontrol.sh

@@ -0,0 +1,58 @@
+#!/bin/sh -e
+#
+# script to manage fan speeds on dell poweredge servers
+# note: uses default creds of root/calvin
+#
+# * NOTE: *
+# To resolve ipmi issue, need to change the IPMI over LAN setting from
+# [Disabled] to [Enabled] in the iDRAC/iLO.
+#
+
+# default creds are root/calvin
+: "${IDRAC_USER:=root}"
+: "${IDRAC_PW:=calvin}"
+
+usage() {
+    >&2 printf 'Usage: %s host [-a]|[1-100]\n' "${0##*/}"
+    exit 1
+}
+
+dec2hex() {
+    printf '%x\n' "$1"
+}
+
+sendcommand() {
+    # shellcheck disable=2086
+    ipmitool \
+        -I lanplus \
+        -H "${IDRAC_IP:-192.168.0.94}" \
+        -U "$IDRAC_USER" \
+        -P "$IDRAC_PW" \
+        $1
+}
+
+manual='raw 0x30 0x30 0x01 0x00'
+auto='raw 0x30 0x30 0x01 0x01'
+
+case $1 in
+    -h|--help)
+        usage
+esac
+
+case ${1#-} in
+    m|manual)
+        sendcommand "$manual"
+        ;;
+    a|automatic)
+        sendcommand "$auto"
+        ;;
+    *)
+        sendcommand "$manual" &&
+        case $1 in
+            [1-9])
+                sendcommand "raw 0x30 0x30 0x02 0xff 0x0$1"
+                ;;
+            *)
+                sendcommand "raw 0x30 0x30 0x02 0xff 0x0$(dec2hex "$1")"
+        esac
+esac

proxmox/etc/kernel/cmdline

@@ -0,0 +1 @@
+root=ZFS=rpool/ROOT/pve-1 quiet intel_iommu=on boot=zfs

proxmox/etc/modprobe.d/blacklist.conf

@@ -0,0 +1,4 @@
+blacklist nouveau
+blacklist nvidia
+blacklist i2c_nvidia_gpu
+blacklist snd_hda_intel

proxmox/etc/modprobe.d/kvm.conf

@@ -0,0 +1,2 @@
+options kvm ignore_msrs=1 report_ignored_msrs=0 vfio_iommu_type1 allow_unsafe_interrupts=1
+

proxmox/etc/modprobe.d/pve-blacklist.conf

@@ -0,0 +1,4 @@
+# This file contains a list of modules which are not supported by Proxmox VE 
+
+# nidiafb see bugreport https://bugzilla.proxmox.com/show_bug.cgi?id=701
+blacklist nvidiafb

proxmox/etc/modprobe.d/vfio.conf.P600

@@ -0,0 +1 @@
+options vfio-pci ids=10de:1cb2,10de:0fb9 disable_vga=1

proxmox/etc/modprobe.d/vfio.conf.RTX3080

@@ -0,0 +1,2 @@
+options vfio-pci ids=10de:2216,10de:1aef disable_vga=1
+

proxmox/etc/network/interfaces

@@ -0,0 +1,13 @@
+auto lo
+iface lo inet loopback
+
+iface enp8s0 inet manual
+
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.100.50/24
+	gateway 192.168.100.1
+	bridge-ports enp8s0
+	bridge-stp off
+	bridge-fd 0
+

proxmox/etc/rc.local

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# for con in vtcon0 vtcon1 ; do
+# 	if [ -e /sys/class/vtconsole/$con/bind ] ; then
+# 		echo 0 > /sys/class/vtconsole/$con/bind ||:
+# 	fi
+# done
+
+# if [ -e /sys/bus/platform/drivers/efi-framebuffer/unbind ] ; then
+# 	for i in 0 1 2 3 4 5 6 7 8 9 ; do
+# 		echo efi-framebuffer.$i | tee /sys/bus/platform/drivers/efi-framebuffer/unbind ||:
+# 	done
+# fi
+
+# ------------------------------------------------
+# workaround for when the interface name changes
+# ------------------------------------------------
+if dmesg | grep -i mlx >/dev/null ; then
+    interface=$(dmesg | grep mlx | grep 'mlx.*.renamed')
+    interface=enp${interface##* enp}
+    interface=${interface%%: *}
+else
+    # copper ethernet
+    interface=enp8s0
+fi
+
+if [ ! "$interface" ] ; then
+	interface=enp8s0
+fi
+
+cat > /etc/network/interfaces <<EOF
+auto lo
+iface lo inet loopback
+
+iface $interface inet manual
+
+auto vmbr0
+iface vmbr0 inet static
+        address 192.168.100.50/24
+        gateway 192.168.100.1
+        bridge-ports $interface
+        bridge-stp off
+        bridge-fd 0
+
+EOF
+
+ifup -a
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+
+# just to make sure this ran
+date > /tmp/rclocal_last_run.txt

update_vms.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+ALPINE='pihole seedbox gitea shaarli website joplin nextcloud nginx-proxy-manager mango heimdall persimmon whoogle'
+UBUNTU='jellyfin pbs photoview'
+# soulseek
+
+msg() {
+    >&2 printf '[*] %s\n' "$*"
+}
+
+for i in $ALPINE ; do
+	if ping -q -W 2 -c 1 "$i" >/dev/null ; then
+		msg "Updating: $i"
+		ssh $i 'apk update;apk upgrade'
+	fi
+done
+
+for i in $UBUNTU ; do
+	if ping -q -W 2 -c 1 "$i" >/dev/null ; then
+		msg "Updating: $i"
+		ssh $i 'apt update;apt upgrade -y;apt dist-upgrade -y;apt autoremove -y'
+	fi
+done