From 259b9c6a2429c52b666f93872d09379eed6793d4 Mon Sep 17 00:00:00 2001 From: Bruno21 Date: Sat, 6 Apr 2024 09:54:09 +0200 Subject: [PATCH] =?UTF-8?q?M=C3=A0j=2006-04-2024?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/Divers/{Lightroom => Adobe}/Lightroom.md | 0 docs/Divers/{ => Adobe}/adobe.md | 0 docs/Divers/bash/tableaux.md | 8 + docs/Divers/docker/docker.md | 26 +++ docs/Divers/docker/watchtower.md | 83 +++++++ docs/Divers/plex.md | 18 +- docs/Divers/reseau/et12.md | 30 +++ docs/Divers/reseau/reseau.md | 18 ++ .../{rt-ac88u.md => rt-ac88u-merlin.md} | 21 +- docs/Divers/reseau/rt-ac88u-openwrt.md | 187 +++++++++++++++ docs/Linux/rsync.md | 15 ++ docs/Plesk/index.md | 29 +++ docs/Plesk/joplin.md | 46 +++- docs/Raspberry/backup_sd.md | 7 + docs/Raspberry/diet-pi.md | 97 ++++++++ docs/Raspberry/index.md | 31 ++- docs/Raspberry/mail.md | 217 ++++++++++++++++++ docs/Raspberry/pi-hole.md | 187 +++++++++++++++ docs/Synology/Docker/Wireguard.md | 151 ++++++++++++ .../Docker/docker-compose/Pi.Alert.md | 41 ++++ .../Docker/docker-compose/_network.md | 26 +++ .../Docker/docker-compose/changeDetection.md | 38 +++ .../Docker/docker-compose/chibisafe.md | 38 +++ docs/Synology/Docker/docker-compose/dockge.md | 37 +++ .../Docker/docker-compose/docspell.md | 125 ++++++++++ docs/Synology/Docker/docker-compose/dozzle.md | 36 +++ .../Docker/docker-compose/freegeoip.md | 30 +++ .../Synology/Docker/docker-compose/glances.md | 65 ++++++ docs/Synology/Docker/docker-compose/gokapi.md | 37 +++ .../Docker/docker-compose/heimdall.md | 36 +++ .../Synology/Docker/docker-compose/igotify.md | 68 ++++++ .../Docker/docker-compose/invidious.md | 86 +++++++ .../Docker/docker-compose/maptiler.md | 70 ++++++ .../Docker/docker-compose/navidrome.md | 82 +++++++ .../Docker/docker-compose/openstreetmap.md | 39 ++++ .../Docker/docker-compose/paperlessngx.md | 145 ++++++++++++ .../Synology/Docker/docker-compose/pingvin.md | 37 +++ .../Docker/docker-compose/privatebin.md | 41 ++++ .../Docker/docker-compose/psitransfer.md | 35 +++ .../Docker/docker-compose/scrutiny.md | 49 ++++ .../Synology/Docker/docker-compose/seafile.md | 82 +++++++ .../Synology/Docker/docker-compose/searXNG.md | 33 +++ docs/Synology/Docker/docker-compose/send.md | 59 +++++ .../Docker/docker-compose/snapdrop.md | 47 ++++ .../Docker/docker-compose/snippet-box.md | 36 +++ .../Docker/docker-compose/tautulli.md | 57 +++++ .../Docker/docker-compose/watchtower.md | 43 ++++ docs/Synology/Docker/docker-compose/wgeasy.md | 44 ++++ docs/Synology/Docker/docker-compose/yacy.md | 35 +++ docs/Synology/Docker/docker-compose/yatch.md | 25 ++ docs/Synology/Docker/grafana.md | 133 +++++++++++ docs/Synology/Docker/index.md | 102 ++++++++ docs/Synology/Docker/iperf3.md | 148 ++++++++++++ docs/Synology/Docker/portainer.md | 34 +++ docs/Synology/Docker/ports.md | 52 ++++- docs/Synology/Docker/updates.md | 116 ++++++++++ docs/Synology/dsm7/HomeAssistant.md | 62 +++++ docs/Synology/dsm7/Homebridge.md | 11 + docs/Synology/dsm7/cli-tools.md | 38 +++ docs/Synology/dsm7/dsm7.md | 29 +++ docs/Synology/dsm7/pare-feu.md | 51 ++++ docs/Synology/dsm7/pcloud.md | 154 +++++++++++++ docs/Synology/dsm7/php.md | 70 ++++-- docs/Synology/dsm7/pi-hole.md | 185 +++++++++++++++ docs/Synology/dsm7/snapshot.md | 8 + docs/Synology/dsm7/wireguard.md | 108 +++++++++ docs/Synology/ovh.md | 170 ++++++++++++++ docs/Synology/ports.md | 159 +++++++++++++ docs/macos/homebrew/brew-deprecated.md | 178 ++++++++++++++ docs/macos/homebrew/brew.md | 166 ++------------ docs/macos/network.md | 141 ++++++++++++ docs/macos/terminal/launchd.md | 115 ++++++++++ docs/macos/webserver/apache_M1.md | 112 ++++++--- docs/macos/webserver/mod-php.md | 137 +++++++++++ docs/macos/webserver/redis.md | 4 +- mkdocs.yml | 79 ++++++- 76 files changed, 5126 insertions(+), 229 deletions(-) rename docs/Divers/{Lightroom => Adobe}/Lightroom.md (100%) rename docs/Divers/{ => Adobe}/adobe.md (100%) create mode 100644 docs/Divers/docker/watchtower.md create mode 100644 docs/Divers/reseau/et12.md rename docs/Divers/reseau/{rt-ac88u.md => rt-ac88u-merlin.md} (90%) create mode 100644 docs/Divers/reseau/rt-ac88u-openwrt.md create mode 100644 docs/Linux/rsync.md create mode 100644 docs/Raspberry/diet-pi.md create mode 100644 docs/Raspberry/mail.md create mode 100644 docs/Raspberry/pi-hole.md create mode 100644 docs/Synology/Docker/Wireguard.md create mode 100644 docs/Synology/Docker/docker-compose/Pi.Alert.md create mode 100644 docs/Synology/Docker/docker-compose/_network.md create mode 100644 docs/Synology/Docker/docker-compose/changeDetection.md create mode 100644 docs/Synology/Docker/docker-compose/chibisafe.md create mode 100644 docs/Synology/Docker/docker-compose/dockge.md create mode 100644 docs/Synology/Docker/docker-compose/docspell.md create mode 100644 docs/Synology/Docker/docker-compose/dozzle.md create mode 100644 docs/Synology/Docker/docker-compose/freegeoip.md create mode 100644 docs/Synology/Docker/docker-compose/glances.md create mode 100644 docs/Synology/Docker/docker-compose/gokapi.md create mode 100644 docs/Synology/Docker/docker-compose/heimdall.md create mode 100644 docs/Synology/Docker/docker-compose/igotify.md create mode 100644 docs/Synology/Docker/docker-compose/invidious.md create mode 100644 docs/Synology/Docker/docker-compose/maptiler.md create mode 100644 docs/Synology/Docker/docker-compose/navidrome.md create mode 100644 docs/Synology/Docker/docker-compose/openstreetmap.md create mode 100644 docs/Synology/Docker/docker-compose/paperlessngx.md create mode 100644 docs/Synology/Docker/docker-compose/pingvin.md create mode 100644 docs/Synology/Docker/docker-compose/privatebin.md create mode 100644 docs/Synology/Docker/docker-compose/psitransfer.md create mode 100644 docs/Synology/Docker/docker-compose/scrutiny.md create mode 100644 docs/Synology/Docker/docker-compose/seafile.md create mode 100644 docs/Synology/Docker/docker-compose/searXNG.md create mode 100644 docs/Synology/Docker/docker-compose/send.md create mode 100644 docs/Synology/Docker/docker-compose/snapdrop.md create mode 100644 docs/Synology/Docker/docker-compose/snippet-box.md create mode 100644 docs/Synology/Docker/docker-compose/tautulli.md create mode 100644 docs/Synology/Docker/docker-compose/watchtower.md create mode 100644 docs/Synology/Docker/docker-compose/wgeasy.md create mode 100644 docs/Synology/Docker/docker-compose/yacy.md create mode 100644 docs/Synology/Docker/docker-compose/yatch.md create mode 100644 docs/Synology/Docker/grafana.md create mode 100644 docs/Synology/Docker/index.md create mode 100644 docs/Synology/Docker/iperf3.md create mode 100644 docs/Synology/Docker/portainer.md create mode 100644 docs/Synology/Docker/updates.md create mode 100644 docs/Synology/dsm7/HomeAssistant.md create mode 100644 docs/Synology/dsm7/Homebridge.md create mode 100644 docs/Synology/dsm7/cli-tools.md create mode 100644 docs/Synology/dsm7/pare-feu.md create mode 100644 docs/Synology/dsm7/pcloud.md create mode 100644 docs/Synology/dsm7/pi-hole.md create mode 100644 docs/Synology/dsm7/snapshot.md create mode 100644 docs/Synology/dsm7/wireguard.md create mode 100644 docs/Synology/ovh.md create mode 100644 docs/Synology/ports.md create mode 100644 docs/macos/homebrew/brew-deprecated.md create mode 100644 docs/macos/network.md create mode 100644 docs/macos/terminal/launchd.md diff --git a/docs/Divers/Lightroom/Lightroom.md b/docs/Divers/Adobe/Lightroom.md similarity index 100% rename from docs/Divers/Lightroom/Lightroom.md rename to docs/Divers/Adobe/Lightroom.md diff --git a/docs/Divers/adobe.md b/docs/Divers/Adobe/adobe.md similarity index 100% rename from docs/Divers/adobe.md rename to docs/Divers/Adobe/adobe.md diff --git a/docs/Divers/bash/tableaux.md b/docs/Divers/bash/tableaux.md index 86d7cd6..9dcf581 100644 --- a/docs/Divers/bash/tableaux.md +++ b/docs/Divers/bash/tableaux.md @@ -349,6 +349,14 @@ $ if [[ -n "${tableau_asso[erable]}" ]]; then echo "Element is present"; else ec Element is present ``` +```bash +$ not_required=("drive" "files" "gitea" "home-assistant" "homebridge" "portainer" "wg" "yatch") +$ dynhost="pihole" + +$ if [[ " ${not_required[*]} " != *"$dynhost"* ]]; then echo "$dynhost est absent"; else echo "$dynhost est present"; fi +pihole est absent +``` + ### Mettre la sortie d'une commande dans un tableau: diff --git a/docs/Divers/docker/docker.md b/docs/Divers/docker/docker.md index 844d94b..e813ff1 100644 --- a/docs/Divers/docker/docker.md +++ b/docs/Divers/docker/docker.md @@ -172,6 +172,20 @@ d2b481b91f10 portainer/portainer "/portainer" 9 mon 9763d849e8b1 portainer/portainer "/portainer" 9 months ago Exited (255) 9 months ago 0.0.0.0:9000->9000/tcp affectionate_antonelli ``` +**Etat d'un container:** + +```bash +$ docker inspect -f '{{.State.Status}}' mycontainer + +# created : n'a jamais été lancé depuis qu'il a été crée (docker create) +# running : en cours d'exécution (docker start) +# restarting : redémarre (no, on-failure, always, unless-stopped) +# exited : le process a l'intérieur du container est terminé +# paused : les process sont suspendus pour une durée indéterminée (consommation mémoire identique à l'état 'running') +# dead : le container est non fonctionnel. Il ne peut pas être redémarré, mais juste supprimé. + +``` + **Liste de tous les containers:** ```bash @@ -257,12 +271,24 @@ $ docker container rm $(docker container ls -aq) $ sudo docker container ls --format 'table {{.ID}}\t{{.Names}}' CONTAINER ID NAMES 700a2cd00cba lychee + $ sudo docker container exec 700a2cd00cba hostname 700a2cd00cba + $ sudo docker container exec 700a2cd00cba hostname -I 172.18.0.3 ``` +**Se connecter en root à un container:** + +```bash +$ sudo docker container ls --format 'table {{.ID}}\t{{.Names}}' +CONTAINER ID NAMES +700a2cd00cba lychee + +$ sudo docker exec -it 700a2cd00cba bash +``` + **Créer et démarrer un container:** ```bash diff --git a/docs/Divers/docker/watchtower.md b/docs/Divers/docker/watchtower.md new file mode 100644 index 0000000..de847ef --- /dev/null +++ b/docs/Divers/docker/watchtower.md @@ -0,0 +1,83 @@ +# Watchtower + + + + + +#### Full Exclude + +Exclure certains containers: + +```yaml +# Dans les containers à ignorer: + +version: "3" +services: + someimage: + container_name: someimage + labels: + - "com.centurylinklabs.watchtower.enable=false" +``` + +Inclure certains containers: + +```yaml +# docker-compose de watchtower + +WATCHTOWER_LABEL_ENABLE +``` + +```yaml +# Dans les containers à surveiller: + +version: "3" +services: + someimage: + container_name: someimage + labels: + - "com.centurylinklabs.watchtower.enable=true" +``` + + + +#### Monitor only + +Par container: + +```yaml +version: "3" +services: + someimage: + container_name: someimage + labels: + - "com.centurylinklabs.watchtower.monitor-only=true" +``` + +Tous les containers: + +```yaml +# docker-compose de watchtower + +WATCHTOWER_MONITOR_ONLY +``` + + + +https://containrrr.dev/watchtower/ + +https://www.portainer.io/blog/using-env-files-in-stacks-with-portainer + + + + + +##### Gotify: + +```yaml + -e WATCHTOWER_NOTIFICATIONS=gotify \ + -e WATCHTOWER_NOTIFICATION_GOTIFY_URL="https://my.gotify.tld/" \ + -e WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN="SuperSecretToken" \ + + -e WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true +``` + diff --git a/docs/Divers/plex.md b/docs/Divers/plex.md index fe51aee..ad411e7 100644 --- a/docs/Divers/plex.md +++ b/docs/Divers/plex.md @@ -144,7 +144,7 @@ Si WebTools ne fonctionne plus, il faut le [resetter](https://github.com/ukdtom/ guide.xml 100% 2792KB 92.8KB/s 00:30 ``` - ​ + ### Logs: @@ -156,7 +156,23 @@ Pour les logs des plug-ins, aller directement sur le serveur: +### Impossible d'indexer le contenu d'un dossier: +1. In DSM go to "Control Panel > Shared folder:. + +2. Select the media folder you want Plex to have access to. + +3. Click Edit. + +4. Click on the Permissions tab. + +5. In the dropdown change "Local users" to System internal user". + +6. Find and select the PlexMediaServer user (or Plex user for DSM 6). + +7. Tick the Read/Write permission box and click Save (or OK for DSM 6). + + ### Liens: diff --git a/docs/Divers/reseau/et12.md b/docs/Divers/reseau/et12.md new file mode 100644 index 0000000..81208d3 --- /dev/null +++ b/docs/Divers/reseau/et12.md @@ -0,0 +1,30 @@ +# Asus ZenWifi Pro ET12 + + + + + +#### Afficher /éteindre les LEDs + +AiMesh -> Topologie -> Accueil -> Gestion -> Bouton LED On/Off + + + + + + + + + +Introduction du pare-feu sur le routeur ASUS: + +https://www.asus.com/fr/support/FAQ/1013630/ + +Comment configurer le filtre des services réseaux + +https://www.asus.com/fr/support/FAQ/1013636 + +Comment rendre mon routeur plus sécurisé + +https://www.asus.com/fr/support/FAQ/1039292 + diff --git a/docs/Divers/reseau/reseau.md b/docs/Divers/reseau/reseau.md index 057d8dc..22cddac 100644 --- a/docs/Divers/reseau/reseau.md +++ b/docs/Divers/reseau/reseau.md @@ -24,6 +24,24 @@ xigmanas.home (192.168.1.250) at 1c:fd:8:70:20:f7 on en0 ifscope [ethernet] broadcasthost (255.255.255.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet] ``` +### Trouver les devices sur un réseau: + +https://www.blackmoreops.com/2015/12/31/use-arp-scan-to-find-hidden-devices-in-your-network/ + +https://github.com/royhills/arp-scan + +https://github.com/royhills/arp-scan/wiki/arp-scan-User-Guide + +```bash +$ sudo arp-scan --interface=en0 --localnet +Interface: en0, type: EN10MB, MAC: 50:ed:3c:1f:98:06, IPv4: 192.168.129.54 +Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan) + +523 packets received by filter, 0 packets dropped by kernel +Ending arp-scan 1.10.0: 256 hosts scanned in 1.880 seconds (136.17 hosts/sec). 0 responded + +``` + ### nmap: diff --git a/docs/Divers/reseau/rt-ac88u.md b/docs/Divers/reseau/rt-ac88u-merlin.md similarity index 90% rename from docs/Divers/reseau/rt-ac88u.md rename to docs/Divers/reseau/rt-ac88u-merlin.md index 32c4e21..ddeade4 100644 --- a/docs/Divers/reseau/rt-ac88u.md +++ b/docs/Divers/reseau/rt-ac88u-merlin.md @@ -1,4 +1,4 @@ -# Asus +# Asus RT-AC88U @ Merlin @@ -183,6 +183,20 @@ sh /jffs/scripts/firewall uninstall +#### Reset usine + +1. Éteignez le routeur. +2. Appuyez et maintenez le bouton "WPS" puis allumez le routeur. +3. Le voyant d'alimentation est allumé **(continue à tenir le bouton WPS****).** +4. Relâchez le **bouton WPS** lorsque le voyant d'alimentation commence à clignoter. +5. Le voyant d'alimentation cesse de clignoter et le routeur redémarre automatiquement. + +https://www.asus.com/fr/support/FAQ/1039077 + +Login / password: admin / admin + + + #### AsusWRT-Merlin [Forum](https://www.snbforums.com/forums/asuswrt-merlin.42/) @@ -205,4 +219,7 @@ https://www.snbforums.com/threads/how-to-use-dnsmasq-conf-add.8785/ -https://www.henriksommerfeld.se/firmware-update-notifications-for-my-asus-router/ \ No newline at end of file +https://www.henriksommerfeld.se/firmware-update-notifications-for-my-asus-router/ + + + diff --git a/docs/Divers/reseau/rt-ac88u-openwrt.md b/docs/Divers/reseau/rt-ac88u-openwrt.md new file mode 100644 index 0000000..e6331c5 --- /dev/null +++ b/docs/Divers/reseau/rt-ac88u-openwrt.md @@ -0,0 +1,187 @@ + + +# Asus RT-AC88U @ openWrt + + + + + +#### Reset usine + +1. Éteignez le routeur. +2. Appuyez et maintenez le bouton "WPS" puis allumez le routeur. +3. Le voyant d'alimentation est allumé **(continue à tenir le bouton WPS****).** +4. Relâchez le **bouton WPS** lorsque le voyant d'alimentation commence à clignoter. +5. Le voyant d'alimentation cesse de clignoter et le routeur redémarre automatiquement. + +https://www.asus.com/fr/support/FAQ/1039077 + +Login / password: admin / admin + + + + + +#### Copier le firmware sur le routeur: + +Désactiver le coupe-feu de macOS. + +```bash +~/Downloads 3m 59s 18:21:52 +❯ tftp 192.168.1.1 +tftp> mode binary +tftp> put openwrt-23.05.2-bcm53xx-generic-asus_rt-ac88u-squashfs.trx +Sent 9568256 bytes in 28.7 seconds + +``` + + + +#### Connexion à OpenWrt: + +```bash +root@192.168.1.1's password: + + +BusyBox v1.36.1 (2023-11-14 13:38:11 UTC) built-in shell (ash) + + _______ ________ __ + | |.-----.-----.-----.| | | |.----.| |_ + | - || _ | -__| || | | || _|| _| + |_______|| __|_____|__|__||________||__| |____| + |__| W I R E L E S S F R E E D O M + ----------------------------------------------------- + OpenWrt 23.05.2, r23630-842932a63d + ----------------------------------------------------- +``` + + + +#### opkg + +```bash +root@OpenWrt:~# opkg update +Downloading https://downloads.openwrt.org/releases/23.05.2/targets/bcm53xx/generic/packages/Packages.gz +Updated list of available packages in /var/opkg-lists/openwrt_core + +root@OpenWrt:~# opkg find '*nano*' +nano - 7.2-2 - Nano is a small and simple text editor for use on the terminal. + +root@OpenWrt:~# opkg install nano +Installing nano (7.2-2) to root... +``` + + + +#### Mise-à-jour + +```bash +# opkg update && opkg install brcmfmac-firmware-4366b1-pcie +``` + + + +#### Infos + +```bash +# uname -a +Linux OpenWrt 5.15.137 #0 SMP Tue Nov 14 13:38:11 2023 armv7l GNU/Linux +``` + +```bash +# cat /etc/os-release +NAME="OpenWrt" +VERSION="23.05.2" +ID="openwrt" +ID_LIKE="lede openwrt" +PRETTY_NAME="OpenWrt 23.05.2" +VERSION_ID="23.05.2" +HOME_URL="https://openwrt.org/" +BUG_URL="https://bugs.openwrt.org/" +SUPPORT_URL="https://forum.openwrt.org/" +BUILD_ID="r23630-842932a63d" +OPENWRT_BOARD="bcm53xx/generic" +OPENWRT_ARCH="arm_cortex-a9" +OPENWRT_TAINTS="" +OPENWRT_DEVICE_MANUFACTURER="OpenWrt" +OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/" +OPENWRT_DEVICE_PRODUCT="Generic" +OPENWRT_DEVICE_REVISION="v0" +OPENWRT_RELEASE="OpenWrt 23.05.2 r23630-842932a63d" +``` + +```bash +# cat /proc/cpuinfo +processor : 0 +model name : ARMv7 Processor rev 0 (v7l) +BogoMIPS : 1400.00 +Features : half thumb fastmult edsp tls +CPU implementer : 0x41 +CPU architecture: 7 +CPU variant : 0x3 +CPU part : 0xc09 +CPU revision : 0 + +processor : 1 +model name : ARMv7 Processor rev 0 (v7l) +BogoMIPS : 1400.00 +Features : half thumb fastmult edsp tls +CPU implementer : 0x41 +CPU architecture: 7 +CPU variant : 0x3 +CPU part : 0xc09 +CPU revision : 0 + +Hardware : BCM5301X +Revision : 0000 +Serial : 0000000000000000 +``` + + + +### Liens + + + +#### OpenWrt: + +- [Table of Hardware](https://openwrt.org/toh/start) +- [Table of Hardware: devices with 16/128MB or more](https://openwrt.org/toh/views/toh_available_16128) +- +- [OpenWrt Support for Asus RT-AC88U](https://forum.openwrt.org/t/openwrt-support-for-asus-rt-ac88u/78635) + +- [OpenWrt Wiki](https://openwrt.org/toh/asus/rt-ac88u) + +- [Quick start guide for OpenWrt installation](https://openwrt.org/docs/guide-quick-start/start) + +- [OpenWrt Factory Install](https://openwrt.org/docs/guide-quick-start/factory_installation) + +#### Firmwares: + +- [OpenWrt Firmware Selector](https://firmware-selector.openwrt.org/?version=23.05.2&target=bcm53xx%2Fgeneric&id=asus_rt-ac88u) - + +- [Archive Firmwares](https://archive.openwrt.org/releases/23.05.2/targets/bcm53xx/generic/) + +#### TFTP: + +- [Installing openWrt via TFTP](https://openwrt.org/docs/guide-user/installation/generic.flashing.tftp) +- [Setting up a TFTP server for TFTP Recovery/Install](https://openwrt.org/docs/guide-user/troubleshooting/tftpserver) +- [Run a TFTP Server for Network Device Setups](https://rick.cogley.info/post/run-a-tftp-server-on-mac-osx/) +- [TFTP Server for macOS](https://macandegg.com/2022/02/tftp-server-for-macos/) + + + +#### Livebox: + +- [[La fibre.info] Remplacement de la Livebox par un routeur Openwrt](https://lafibre.info/remplacer-livebox/remplacement-de-la-livebox-par-un-routeur-openwrt-18-dhcp-v4v6-tv/) + +- [[Github] Remplacer une Livebox par un routeur OpenWrt (ipv4,ipv6 & TV)](https://github.com/ubune/openwrt-livebox) + +- [[La fibre.info] Index des solutions de remplacement de la Livebox](https://lafibre.info/remplacer-livebox/index-des-solutions-de-remplacement-de-la-livebox/) + + + +#### Divers: + +- [SNBForums (Asus)](https://www.snbforums.com/forums/asus-wireless.37/) +- [[La fibre.info] OpenWrt](https://lafibre.info/openwrt/) diff --git a/docs/Linux/rsync.md b/docs/Linux/rsync.md new file mode 100644 index 0000000..16d3c9d --- /dev/null +++ b/docs/Linux/rsync.md @@ -0,0 +1,15 @@ +# rsync + + + + + +### Copier un fichier sur le serveur: + +```bash +rsync -e "ssh" -avz file.sh root@192.168.2.116:/root + +# si port ssh # 22 +rsync -e "ssh -p 51322" -avz file.sh root@192.168.2.116:/root +``` + diff --git a/docs/Plesk/index.md b/docs/Plesk/index.md index 170e6c5..67cccfa 100644 --- a/docs/Plesk/index.md +++ b/docs/Plesk/index.md @@ -18,6 +18,35 @@ Certificat wildcard Let's Encrypt ``` +Installer node.js mais ne pas l'activer. (sinon erreur Passenger pour WordPress) + +#### Test certificat: + +https://www.digicert.com/help/ + +https://tools.letsdebug.net + +Autres outils: + +https://ssl-config.mozilla.org/ + +https://observatory.mozilla.org/ + + + +#### Installer bat - fd + +```bash +apt install fzf bat fd-find +``` + +```bash +mkdir -p ~/.local/bin +ln -s /usr/bin/batcat ~/.local/bin/bat + +ln -s $(which fdfind) ~/.local/bin/fd +``` + #### Commande plesk: diff --git a/docs/Plesk/joplin.md b/docs/Plesk/joplin.md index 03dfa64..70788c3 100644 --- a/docs/Plesk/joplin.md +++ b/docs/Plesk/joplin.md @@ -2,6 +2,22 @@ +#### Installer et activer l'extension Docker dans Plesk + + + +#### Installer docker-compose + +```bash +# curl -L "https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + +# chmod +x /usr/local/bin/docker-compose +``` + +https://docs.docker.com/compose/ + + + ### Serveur Joplin: https://github.com/laurent22/joplin/blob/dev/packages/server/README.md @@ -24,7 +40,7 @@ version: '3' services: db: - image: postgres:13.1 + image: postgres:16 ports: - "5432:5432" restart: unless-stopped @@ -36,7 +52,7 @@ services: - POSTGRES_USER=joplin - POSTGRES_DB=joplin app: - image: joplin/server:2.4.1-beta + image: joplin/server:latest depends_on: - db ports: @@ -76,11 +92,31 @@ Créer un sous-domaine **joplin.maboiteverte.fr** Créer une règle de proxy Docker: - URL: Joplin.maboiteverte.fr/ -- Conteneur: Joplin_app_1 +- Conteneur: joplin_app_1 - Port: 22300 -> 22300 +#### Premier lancement: + +Aller sur joplin.maboiteverte.fr. Se connecter avec: + +- admin@localhost +- admin + +puis changer le mot-de-passe. Créer un 2nd utilisateur. + + + +Si la synchro se passe bien, mais qu'il n'y a rien sur le serveur: + + - dans le client, exporter un ficher .JEX puis créer un nouveau profil. + - dans le nouveau profil, importer le fichier .JEX + - dans les réglages, re-parametrer la synchronisation. + - re-lancer la synchronisation. + + + #### Voir les logs: ```bash @@ -89,6 +125,10 @@ Password: Attaching to joplin_app_1, joplin_db_1 app_1 | WARNING: no logs are available with the 'db' log driver db_1 | WARNING: no logs are available with the 'db' log driver + +# Au fil de l'eau... +$ sudo docker container ls +$ sudo docker logs --follow 05850da6082e ``` diff --git a/docs/Raspberry/backup_sd.md b/docs/Raspberry/backup_sd.md index 6798889..38bef6d 100644 --- a/docs/Raspberry/backup_sd.md +++ b/docs/Raspberry/backup_sd.md @@ -84,3 +84,10 @@ $ sudo dd if=~/raspian_backup.img of=/dev/sdg Utiliser WinDisk32 sourceforge.net/projects/win32diskimager + + +# Sous macOS + +ApplePi-Baker permet de sauvegarder un carte SD en fichier image, et surtout de shrinker l'image (contracter une SD de 32Go en l'espace réellement utilisésolus) + +[ApplePi-Baker v2](https://www.tweaking4all.com/software/macosx-software/applepi-baker-v2/) diff --git a/docs/Raspberry/diet-pi.md b/docs/Raspberry/diet-pi.md new file mode 100644 index 0000000..daa8183 --- /dev/null +++ b/docs/Raspberry/diet-pi.md @@ -0,0 +1,97 @@ +# Diet-pi + + + + + +### Dropbear + +```bash +systemctl status dropbear.service +``` + +Fichier de configuration: `/etc/default/dropbear` + +```bash +# The TCP port that Dropbear listens on +DROPBEAR_PORT=51322 +``` + +```bash +systemctl status dropbear.service +● dropbear.service - Lightweight SSH server + Loaded: loaded (/lib/systemd/system/dropbear.service; enabled; preset: enabled) + Active: active (running) since Sat 2024-02-10 09:07:47 GMT; 7s ago + Docs: man:dropbear(8) + Main PID: 3107 (dropbear) + Tasks: 5 (limit: 1069) + CPU: 68ms + CGroup: /system.slice/dropbear.service + ├─3060 /usr/sbin/dropbear -EF -p 22 -W 65536 -2 8 + ├─3061 -bash + ├─3107 /usr/sbin/dropbear -EF -p 51322 -W 65536 + ├─3109 systemctl status dropbear.service + └─3110 "(pager)" + +``` + + + +```bash +# disallow root login +DROPBEAR_EXTRA_ARGS=“-w -g” +``` + + + +#### --help + +```bash +Dropbear server v2022.83 https://matt.ucc.asn.au/dropbear/dropbear.html +Usage: dropbear [options] +-b bannerfile Display the contents of bannerfile before user login + (default: none) +-r keyfile Specify hostkeys (repeatable) + defaults: + - dss /etc/dropbear/dropbear_dss_host_key + - rsa /etc/dropbear/dropbear_rsa_host_key + - ecdsa /etc/dropbear/dropbear_ecdsa_host_key + - ed25519 /etc/dropbear/dropbear_ed25519_host_key +-R Create hostkeys as required +-F Don't fork into background +-e Pass on server process environment to child process +-E Log to stderr rather than syslog +-m Don't display the motd on login +-w Disallow root logins +-G Restrict logins to members of specified group +-s Disable password logins +-g Disable password logins for root +-B Allow blank password logins +-t Enable two-factor authentication (both password and public key required) +-T Maximum authentication tries (default 10) +-j Disable local port forwarding +-k Disable remote port forwarding +-a Allow connections to forwarded ports from any host +-c command Force executed command +-p [address:]port + Listen on specified tcp port (and optionally address), + up to 10 can be specified + (default port is 22 if none specified) +-P PidFile Create pid file PidFile + (default /var/run/dropbear.pid) +-i Start for inetd +-W (default 24576, larger may be faster, max 10MB) +-K (0 is never, default 0, in seconds) +-I (0 is never, default 0, in seconds) +-z disable QoS +-V Version +``` + + + +#### Passwordless: + +```bash +cat ~/.ssh/id_rsa.pub | ssh -p65535 root@192.168.12.116 'cat>> ~/.ssh/authorized_keys' +``` + diff --git a/docs/Raspberry/index.md b/docs/Raspberry/index.md index 04623bb..e2cf5f4 100644 --- a/docs/Raspberry/index.md +++ b/docs/Raspberry/index.md @@ -6,23 +6,48 @@ [aptitude](aptitude.md) +[Argon One](Argon-one.md) + [Backup](backup.md) +[Boot et clone](boot.md) + +[Cloud](cloud.md) + +[Diet-pi](diet-pi.md) + [Envoyer un mail depuis le Raspberry](send_mail.md) [Hardware](hardware.md) +[Heure](heure.md) + +[Installation sans écran](headless.md) + +[Mail](mail.md) + [Matériels](materiels/materiels.md) +[Nextcloud](nextcloud.md) + +[Pi Desktop](pi-desktop.md) + +[Pi-hole](pi-hole.md) + +[Python](python.md) + [Réseau](reseau.md) -[Boot et clone](boot.md) - [Pi Desktop](pi-desktop.md) -[Divers](divers.md) +[Rclone](rclone.md) + +[Réseau](reseau.md) + +[Services](services.md) [SiriControl](siri_control.md) [Tools](tools.md) +[Divers](divers.md) diff --git a/docs/Raspberry/mail.md b/docs/Raspberry/mail.md new file mode 100644 index 0000000..98cbc5d --- /dev/null +++ b/docs/Raspberry/mail.md @@ -0,0 +1,217 @@ +### Envoyer un mail depuis le Raspberry + + + +Il faut installer **msmtp**: + +```bash +# apt install bsd-mailx msmtp msmtp-mta +``` + + + +#### Configuration: + +https://doc.ubuntu-fr.org/tutoriel/comment_envoyer_un_mail_par_smtp_en_ligne_de_commande + +https://wiki.archlinux.org/title/Msmtp + +http://www.futurile.net/resources/msmtp-a-simple-mail-transfer-agent/ + +```bash +nano /etc/msmtprc +``` + +```bash +#Set default values for all accounts. +defaults +auth login +tls on +tls_starttls off +tls_certcheck on +tls_trust_file /etc/ssl/certs/ca-certificates.crt +logfile /var/log/msmtp.log + +#OVH settings +account ovh +host ssl0.ovh.net +#auth login +#tls on +#tls_starttls off +#tls_certcheck on +#tls_trust_file /etc/ssl/certs/ca-certificates.crt +from xxxxxxxxxxx@clicclac.info +port 465 +user xxxxxxxxxxx@clicclac.info +password xxxxxxxxxxx + +#Orange settings +account orange +host smtp.orange.fr +protocol smtp +#auth login +#tls on +#tls_starttls off +#tls_certcheck on +#tls_trust_file /etc/ssl/certs/ca-certificates.crt +from byyyyyyyyyyyyy@orange.fr +maildomain orange.fr +port 465 +user byyyyyyyyyyyyy +password yyyyyyyyyyyyy + +#Set a default account +account default : orange +``` + +on sécurise le fichier de config: + +```bash +root@PiHole2:~# chown root:msmtp /etc/msmtprc +root@PiHole2:~# chmod 640 /etc/msmtprc +``` + +Encrypter `/etc/msmtprc` + +https://www.howtoraspberry.com/2021/06/how-to-send-mail-from-a-raspberry-pi/ + + + +#### Test: + +```bash +root@PiHole2:~# echo "BEEP BEEP" | mailx -s "Subject: This is a test!" bxxxxxxxxxxx@orange.fr +``` + + + +nano test.mail + +```bash +To: bxxxxxxxxxxx@orange.fr +From: bxxxxxxxxxxx@orange.fr +Subject: Pi-Hole update + +Hello there. + +version 3 +``` + +```bash +cat test.mail | msmtp --read-envelope-from --read-recipients + +cat test.mail | msmtp --account=default --read-envelope-from --read-recipients +``` + +``` +cat /tmp/fichier | mail +``` + + + + + + + + + +``` +apt install libsecret-tools +``` + + + + + +```bash +gpg --full-generate-key + +gpg: /root/.gnupg/trustdb.gpg : base de confiance créée +gpg: répertoire « /root/.gnupg/openpgp-revocs.d » créé +gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/75199AB29FD34F8BDEA93ABF97857FE7ED14794A.rev' +les clefs publique et secrète ont été créées et signées. + +pub rsa3072 2024-03-02 [SC] + 75199AB29FD34F8BDEA93ABF97857FE7ED14794A +uid pihole +sub rsa3072 2024-03-02 [E] +``` + + + +```bash +# gpg --list-secret-keys --keyid-format LONG +gpg: vérification de la base de confiance +gpg: marginals needed: 3 completes needed: 1 trust model: pgp +gpg: profondeur : 0 valables : 1 signées : 0 + confiance : 0 i., 0 n.d., 0 j., 0 m., 0 t., 1 u. +/root/.gnupg/pubring.kbx +------------------------ +sec rsa3072/97857FE7ED14794A 2024-03-02 [SC] + 75199AB29FD34F8BDEA93ABF97857FE7ED14794A +uid [ ultime ] pihole +ssb rsa3072/9B43CA525CFA97A6 2024-03-02 [E] +``` + +https://unix.stackexchange.com/questions/614737/how-to-cache-gpg-key-passphrase-with-gpg-agent-and-keychain-on-debian-10 + + + +```bash +# util ou pas ? +~/.gnupg# mv gnu.conf gpg.conf +``` + + + +``` +keychain --eval --agents gpg pihole + + * keychain 2.8.5 ~ http://www.funtoo.org + * Found existing gpg-agent: 238 +GPG_AGENT_INFO=/root/.gnupg/S.gpg-agent:238:1; export GPG_AGENT_INFO; + + * Adding 1 gpg key(s): pihole +``` + + + + + +```bash +~# apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp +Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) +Avertissement : impossible de trouver un syst?me de fichiers appropri? dans /proc/mounts, est-il mont? ? +Utilisez --subdomainfs pour remplacer. + +# apt install apparmor-utils + +~# systemctl enable apparmor +Synchronizing state of apparmor.service with SysV service script with /lib/systemd/systemd-sysv-install. +Executing: /lib/systemd/systemd-sysv-install enable apparmor + +~# systemctl status apparmor +○ apparmor.service - Load AppArmor profiles + Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; preset: enabled) + Active: inactive (dead) + Docs: man:apparmor(7) + https://gitlab.com/apparmor/apparmor/wikis/home/ + +~# apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp +Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) +Avertissement : impossible de trouver un syst?me de fichiers appropri? dans /proc/mounts, est-il mont? ? +Utilisez --subdomainfs pour remplacer. + + +``` + +https://discourse.pi-hole.net/t/apparmor-reference-in-unbound-guide-clarification-requested/62351/3 + + + +```bash +~# gpg --encrypt --output orange.mail.gpg --recipient liste@clicclac.info orange.mail + +~# gpg --decrypt --output file.txt orange.mail.gpg +``` + diff --git a/docs/Raspberry/pi-hole.md b/docs/Raspberry/pi-hole.md new file mode 100644 index 0000000..69a273b --- /dev/null +++ b/docs/Raspberry/pi-hole.md @@ -0,0 +1,187 @@ +# pi-hole & unbound + + + +#### RasbianOS + +| **Version** | **Code name** | **Current status** | **Release date** | **End-of-life ([LTS](https://wiki.debian.org/LTS))** | +| ----------- | ------------- | ------------------ | ---------------- | ---------------------------------------------------- | +| 11 | Bullseye | oldstable | 2021-08-14 | 2024-08-14 (2026-08-31) | +| 12 | Bookworm | stable | 2023-06-10 | 2026-06-10 (2028-06-30) | +| 13 | Trixie | testing | 2025-06-?? | 2028-06-?? (2030-06-??) | + + + +##### Installer Pi-Hole et Unbound: + +https://www.crosstalksolutions.com/the-worlds-greatest-pi-hole-and-unbound-tutorial-2023/ + +https://mediacenterz.com/tutoriel-complete-pi-hole-bloqueur-dannonces-pour-toute-la-maison/ + +##### Installer Gravity Sync: + +https://github.com/vmstan/gravity-sync + +##### Installer keepalived: + +https://davidshomelab.com/pi-hole-failover-with-keepalived/ + + + +##### Version de Pi-Hole + +```bash +$ pihole -v + Pi-hole version is v5.17.3 (Latest: v5.17.3) + web version is v5.21 (Latest: v5.21) + FTL version is v5.25 (Latest: v5.25.1) +``` + +##### Mise-à-jour de Pi-Hole: + +```bash +$ pihole -up +``` + +##### Changer le mot de passe de l’interface Web PiHole + +```bash +$ pihole -a -p +``` + +##### Liste noire: + +- **`pihole -b -l`** – Liste des domaines sur la liste noire +- **`pihole -b exemple.com`** – Ajouter example.com à la liste noire +- **`pihole -b -d example.com`** – Supprimer exemple.com de la liste noire + +##### Liste blanche: + +- **`pihole -w -l`** – Liste des domaines dans la liste blanche +- **`pihole -w exemple.com`** – Ajouter example.com à la liste blanche +- **`pihole -w -d example.com`** – Supprimer exemple.com de la liste blanche + +##### Activer / désactiver Pi-Hole: + +- **`pihole enable`** – Activer PiHole +- **`pihole disable`**– Désactiver PiHole en permanence +- **`pihole disable 10m`** – Désactiver PiHole pendant 10 minutes +- **`pihole disable 60s`** – Désactiver PiHole pendant 1 min + + + + + +### Activer la résolution local sur le PiHole (Loopback) + +Se connecter sur le Pi-Hole en ssh, puis: + +```bash +echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf +``` + +On crée le fichier `/etc/pihole/lan.list` + +```bash +nano /etc/pihole/lan.list +``` + +que l'on remplit avec les IP/serveurs + +```bash +Adresse IP nom de domaine nom du serveur +192.168.1.xx service.nomdedomaine nomduserveur +``` + +```bash +192.168.2.57 navidrome.photos-nas.ovh navidrome +192.168.2.57 ds923.photos-nas.ovh dsm +192.168.2.57 maloja.photos-nas.ovh maloja +192.168.2.57 photos.photos-nas.ovh photos +192.168.2.57 change.photos-nas.ovh changedetection +192.168.2.57 search.photos-nas.ovh searxng +192.168.2.57 vault.photos-nas.ovh vaultwarten +192.168.2.1 asus.photos-nas.ovh asus +192.168.2.1 www.asusrouter.com et12 +192.168.2.116 pihole1.photos-nas.ovh dietpi1 +192.168.2.216 pihole2.photos-nas.ovh dietpi2 +``` + +On redémarre le service DNS: + +```bash +pihole restartdns +``` + +https://induste.com/threads/utiliser-un-pihole-pour-creer-une-loopback-orange-bouygues-etc.634410/ + + + +### Liens: + +https://www.reddit.com/r/pihole/comments/tsperl/comment/i2sr22h/ + +https://discourse.pi-hole.net/t/pihole-unbound-not-working-as-it-should/51381/12 + +https://docs.pi-hole.net/guides/dns/unbound/#disable-resolvconf-for-unbound-optional + +https://alain-michel.canoprof.fr/eleve/tutoriels/raspberry/utiliser-pi-hole-pour-bloquer-les-pubs/ + +https://nicolasforcet.com/nettoyer-base-de-donnees-pihole-ftldb-log/ + +https://nicolasforcet.com/raspberry-pi-limiter-drastiquement-les-logs-et-les-mettre-en-ram-pour-preserver-sa-carte-sd/ + +Using “sudo nmtui” I was able to change my network settings. I + +The Fireborg : The Big Blocklist Collection + +https://firebog.net + +Gravity Sync: + +https://github.com/vmstan/gravity-sync + +https://github.com/azlux/log2ram + +https://dnscheck.tools + +``` +vcgencmd get_throttled <-- will give you info on conditions that may have caused throttling. +``` + + + +``` +Great write up, thanks. +Instead of a firewall rule, blocking all DNS queries except to Pihole, better create a NAT Port Forward rule, so that all DNS queries except router or a Pihole are redirected to the pihole address. Thus DNS resolution will continue working (for allowed domains) even if somebody (or some malicious IoT device) use custom DNS. +I have an OPNsense (pfSense fork) with Unbound installed onboard (192.168.0.1), and a PiHole on another box (192.168.0.100). +All devices by default query DNS from the router (192.168.0.1). +Above mentioned NAT Port Forward rule redirects all DNS queries to the Pihole (192.168.0.100). +Pihole has Unbound on a router as an upstream (192.168.0.1). +SO, unfortunately, there are some networks hops to and fro, but I can’t install Pihole on an OPNsense router (it’s FreeBSD and not Linux). + +``` + + + +``` +Hopefully CrossTalk sees this, but this guide needs to be updated. As of the 10/10/2023 of Debian Bookworm. Debian (and by extension Raspberry Pi OS) does not use dhcpcd as the networking interface. Instead, it uses the more complex/robust NetworkManager. This change can be found in the release notes for RaspberyPi OS here: https://downloads.raspberrypi.com/raspios_lite_arm64/release_notes.txt. +This means that the dhcpcd.conf file will not exist under /etc as the guide suggest. There are ways to use nmcli (the command the interact with NetworkManager) to set a static IP. However, I recommend simply setting up a DHCP reservation using your router. Either way, you cannot set up a static IP using dhcpcd.conf. Hope this helps anyone on their PiHole journey! +``` + + + +``` +static IP on Bookworm: +credits to https://raspberrypi-guide.github.io/networking/set-up-static-ip-address +So I used ‘nmtui’ command to set up a static ip on bookworm. Looks like they got rid of dhcpcd by default and are going with NetworkManager. +1. type ‘sudo nmtui’ so you have the right permissions +2. edit the connection you want +4. change ipv4 config to manual +5. Enter your desired ip address into addresses (with a trailing /24, e.g. 192.168.1.77/24) +6. I put my routers ip in the gateway and DNS fields, and also added a second 8.8.8.8 for DNS +7. Exit out of nmtui +8. reboot and it should work + +``` + diff --git a/docs/Synology/Docker/Wireguard.md b/docs/Synology/Docker/Wireguard.md new file mode 100644 index 0000000..387e5b5 --- /dev/null +++ b/docs/Synology/Docker/Wireguard.md @@ -0,0 +1,151 @@ +# Wireguard + + + +### Installer wireguard sur le NAS: + +| Model | CPU Model | Cores (each) | Threads (each) | FPU | Package Arch | RAM | +| :----- | :------------------ | :----------- | :------------- | :--- | :----------- | :------------------ | +| DS923+ | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB | +| DS916+ | Intel Pentium N3710 | 4 | 4 | ✓ | Braswell | DDR3 2GB/8GB | + + + + + +```bash +sudo docker run --rm --privileged --env PACKAGE_ARCH=r1000 --env DSM_VER=7.2 -v $(pwd):/result_spk synobuild +``` + +**ne compile pas** + + + +```bash +docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71 + +docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71 +``` + + + +### wg-easy + + + +https://github.com/wg-easy/wg-easy + +| Création | Portainer (/portainer/compose/29) | +| ----------- | ------------------------------------- | +| Mise-à-jour | Watchtower | +| Ports | 51820:51821 | +| Volume | /volume1/docker/wgeasy:/etc/wireguard | + + + +```yaml +version: "3.5" + +services: + wgeasy: + image: ghcr.io/wg-easy/wg-easy:latest + network_mode: "bridge" + container_name: wgeasy + ports: + - "51820:51820/udp" + - "51821:51821" + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv4.ip_forward=1 + env_file: + - stack.env + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /volume1/docker/wgeasy:/etc/wireguard + environment: + - WG_HOST=photos-nas.ovh + - WG_DEFAULT_DNS=192.168.2.216 + restart: always + +``` + +Variable d'enrironnement (dans stack.env) + +```yaml +PASSWORD=xxxxxxxxxx +``` + + + +##### wg0.conf + +``` +# Note: Do not edit this file directly. +# Your changes will be overwritten! + +# Server +[Interface] +PrivateKey = I5wPTHTxgF[5YyJ@4'Mgwipl+.m=aUB6i[bGAF;p:I|l +Address = 10.8.0.1/24 +ListenPort = 51820 +PreUp = +PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; +PreDown = +PostDown = + + + +# Client: ungoutdepomme (557cb02f-6418-465c-8063-866333011ea0) +[Peer] +PublicKey = )RGRG/Aha{XD{sC)YDg(6[kPOF.yaUO1[)QaFlJZg+-P +PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8 +AllowedIPs = 10.8.0.2/32 + +# Client: airbook (f75ed225-6a8b-4179-a11a-368aec6d2545) +[Peer] +PublicKey = 4!oI:!t9-V:;TxZ{gfJFXuPkS\v2A6+Ka[36.tP=;ao[ +PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB +AllowedIPs = 10.8.0.3/32 +``` + + + +##### airbook.conf + +``` +[Interface] +PrivateKey = -dPlB6Glr9IKBo-q(.5X)7Ad+}YuAe9S3):dBPbFLrWX +Address = 10.8.0.3/24 +DNS = 192.168.2.216 + +[Peer] +PublicKey = wXbLtH/'#-;*6"j1ZQgl?.)VMRqMG@g!U38jvw}3(=Yw +PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB +AllowedIPs = 0.0.0.0/0, ::/0 +PersistentKeepalive = 0 +Endpoint = photos-nas.ovh:51820 +``` + +##### ungoutdepomme.conf + +``` +[Interface] +PrivateKey = #Udj:SC,kA0h}MTa7\|as69PV.sS@lpL!'4y34uj?.Z{ +Address = 10.8.0.2/24 +DNS = 192.168.2.216 + +[Peer] +PublicKey = ukj!q\:v-70L/Rlr,TJ9];,19,=Uu-1a+O/V|B@OCULq +PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8 +AllowedIPs = 0.0.0.0/0, ::/0 +PersistentKeepalive = 0 +Endpoint = photos-nas.ovh:51820 +``` + + + +# `#Token modifié` diff --git a/docs/Synology/Docker/docker-compose/Pi.Alert.md b/docs/Synology/Docker/docker-compose/Pi.Alert.md new file mode 100644 index 0000000..8b5e641 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/Pi.Alert.md @@ -0,0 +1,41 @@ +# Pi.Alert + + + + + +| Création | Portainer | +| ----------- | ---------------------------------------------- | +| Mise-à-jour | Watchtower | +| Ports | 17811 | +| Lien | [Github](https://github.com/pucherot/Pi.Alert) | + + + +```yaml +version: "3.9" +services: + pi.alert: + container_name: Pi.Alert + healthcheck: + test: curl -f http://localhost:17811/ || exit 1 + mem_limit: 2g + cpu_shares: 768 + security_opt: + - no-new-privileges:true + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /volume1/docker/pialert/config:/home/pi/pialert/config:rw + - /volume1/docker/pialert/db:/home/pi/pialert/db:rw + - /volume1/docker/pialert/logs:/home/pi/pialert/front/log:rw + environment: + TZ: Europe/Paris + PORT: 17811 + HOST_USER_ID: 1026 + HOST_USER_GID: 100 + network_mode: host + restart: on-failure:5 + image: jokobsk/pi.alert:latest +``` + diff --git a/docs/Synology/Docker/docker-compose/_network.md b/docs/Synology/Docker/docker-compose/_network.md new file mode 100644 index 0000000..4e6fbaa --- /dev/null +++ b/docs/Synology/Docker/docker-compose/_network.md @@ -0,0 +1,26 @@ +# network + + + +| | | +| -------------- | ------------------- | +| 172.16.57.0/24 | changeDetection | +| 172.16.58.0/24 | docspell | +| 172.16.59.0/24 | diun / paperlessngx | +| 172.16.60.0/24 | send | +| 172.16.61.0/24 | chibisafe | +| 172.16.62.0/24 | psitransfer | +| 172.16.63.0/24 | pingvin | +| 172.16.64.0/24 | gokapi | +| 172.16.65.0/24 | snippetbox | +| 172.16.66.0/24 | materialious | +| 172.16.67.0/24 | snapdrop | +| 172.16.69.0/24 | seafile | +| 172.16.70.0/24 | kavita | +| | | +| 172.16.72.0/24 | invidious | +| 172.16.73.0/24 | nextcloud | +| 172.16.77.0/24 | maptiler | +| 172.16.78.0/24 | mapserver | +| | | + diff --git a/docs/Synology/Docker/docker-compose/changeDetection.md b/docs/Synology/Docker/docker-compose/changeDetection.md new file mode 100644 index 0000000..f047c55 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/changeDetection.md @@ -0,0 +1,38 @@ +# changeDetection + + + + + +| Création | dockge | +| ----------- | -------------------------------------------------------- | +| Mise-à-jour | Watchtower | +| Ports | 5075 | +| Liens | [Github](https://github.com/dgtlmoon/changedetection.io) | + + + +```yaml +version: '3.2' +services: + changedetection: + image: ghcr.io/dgtlmoon/changedetection.io + container_name: changedetection + hostname: changedetection + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - changedetection-data:/datastore + ports: + - 5075:5000 +volumes: + changedetection-data: +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.57.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/chibisafe.md b/docs/Synology/Docker/docker-compose/chibisafe.md new file mode 100644 index 0000000..e0c5d82 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/chibisafe.md @@ -0,0 +1,38 @@ +# chibisafe + + + + + +| Création | dockge | +| ----------- | ------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Ports | 24424 | +| Liens | [Github](https://github.com/chibisafe/chibisafe) | + + + +```yaml +version: "3.7" +services: + chibisafe: + image: chibisafe/chibisafe:latest + container_name: chibisafe + volumes: + - /volume1/docker/dockge/stacks/chibisafe/database:/home/node/chibisafe/database:rw + - /volume1/docker/dockge/stacks/chibisafe/uploads:/home/node/chibisafe/uploads:rw + - /volume1/docker/dockge/stacks/chibisafe/logs:/home/node/chibisafe/logs:rw + ports: + - 24424:8000 + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: always +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.61.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/dockge.md b/docs/Synology/Docker/docker-compose/dockge.md new file mode 100644 index 0000000..a80be4e --- /dev/null +++ b/docs/Synology/Docker/docker-compose/dockge.md @@ -0,0 +1,37 @@ +# dockge + + + + + +| Création | Container Manager (projet) | +| ----------- | -------------------------------------------- | +| Mise-à-jour | - | +| Ports | 5011 | +| Liens | [Github](https://github.com/louislam/dockge) | + + + +```yaml +version: "3.8" +services: + dockge: + image: louislam/dockge:1 + restart: unless-stopped + ports: + # Host Port : Container Port + - 5011:5001 + volumes: + - /var/run/docker.sock:/var/run/docker.sock +… environment: + # Tell Dockge where is your stacks directory + - DOCKGE_STACKS_DIR=/volume1/docker/dockge/stacks + +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.58.0/24 +``` + diff --git a/docs/Synology/Docker/docker-compose/docspell.md b/docs/Synology/Docker/docker-compose/docspell.md new file mode 100644 index 0000000..31ac634 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/docspell.md @@ -0,0 +1,125 @@ +# docspell + + + + + +| Création | Portainer | +| ----------- | --------------------------------- | +| Mise-à-jour | Watchtower | +| Ports | 8486 | +| Liens | [Docspell](https://docspell.org/) | + + + +```yaml +version: '3.9' +services: + docspell-db: + image: postgres + container_name: Docspell-DB + hostname: docspell-db + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "pg_isready", "-q", "-d", "docspell", "-U", "docspelluser"] + timeout: 45s + interval: 10s + retries: 10 + user: 1026:100 + volumes: + - /volume1/docker/docspell/db:/var/lib/postgresql/data + environment: + - POSTGRES_DB=docspell + - POSTGRES_USER=docspelluser + - POSTGRES_PASSWORD=docspellpass + restart: always + + docspell-solr: + image: solr + command: + - solr-precreate + - docspell + container_name: Docspell-SOLR + hostname: docspell-solr + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8983/solr/docspell/admin/ping"] + interval: 45s + timeout: 10s + retries: 2 + start_period: 30s + user: 1026:100 + volumes: + - /volume1/docker/docspell/solr:/var/solr + restart: always + + restserver: + image: docspell/restserver:latest + container_name: Docspell-RESTSERVER + hostname: docspell-restserver + security_opt: + - no-new-privileges:true + user: 1026:100 + ports: + - 8486:7880 + environment: + - TZ=Europe/Paris + - DOCSPELL_SERVER_INTERNAL__URL=http://docspell-restserver:7880 + - DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET=superdupersecretyeah + - DOCSPELL_SERVER_AUTH_SERVER__SECRET=evenmoresuperdupersecret + - DOCSPELL_SERVER_BACKEND_JDBC_PASSWORD=docspellpass + - DOCSPELL_SERVER_BACKEND_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell + - DOCSPELL_SERVER_BACKEND_JDBC_USER=docspelluser + - DOCSPELL_SERVER_BIND_ADDRESS=0.0.0.0 + - DOCSPELL_SERVER_FULL__TEXT__SEARCH_ENABLED=true + - DOCSPELL_SERVER_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell + - DOCSPELL_SERVER_INTEGRATION__ENDPOINT_ENABLED=true + - DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_ENABLED=true + - DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_HEADER__VALUE=superduperpassword123 + - DOCSPELL_SERVER_BACKEND_SIGNUP_MODE=open + - DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD= + - DOCSPELL_SERVER_BACKEND_ADDONS_ENABLED=false + restart: always + depends_on: + docspell-db: + condition: service_started + docspell-solr: + condition: service_healthy + joex: + image: docspell/joex:latest + container_name: Docspell-JOEX + hostname: docspell-joex + security_opt: + - no-new-privileges:true + user: 1026:100 + environment: + - TZ=Europe/Paris + - DOCSPELL_JOEX_APP__ID=joex1 + - DOCSPELL_JOEX_PERIODIC__SCHEDULER_NAME=joex1 + - DOCSPELL_JOEX_SCHEDULER_NAME=joex1 + - DOCSPELL_JOEX_BASE__URL=http://docspell-joex:7878 + - DOCSPELL_JOEX_BIND_ADDRESS=0.0.0.0 + - DOCSPELL_JOEX_FULL__TEXT__SEARCH_ENABLED=true + - DOCSPELL_JOEX_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell + - DOCSPELL_JOEX_JDBC_PASSWORD=docspellpass + - DOCSPELL_JOEX_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell + - DOCSPELL_JOEX_JDBC_USER=docspelluser + - DOCSPELL_JOEX_ADDONS_EXECUTOR__CONFIG_RUNNER=docker,trivial + - DOCSPELL_JOEX_CONVERT_HTML__CONVERTER=weasyprint + restart: always + depends_on: + docspell-db: + condition: service_started + docspell-solr: + condition: service_healthy + +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.58.0/24 +``` + diff --git a/docs/Synology/Docker/docker-compose/dozzle.md b/docs/Synology/Docker/docker-compose/dozzle.md new file mode 100644 index 0000000..3d60445 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/dozzle.md @@ -0,0 +1,36 @@ +# dozzle + + + + + + + +| Création | Portainer | +| ----------- | ------------------------------------------ | +| Mise-à-jour | Watchtower | +| Ports | 9999 | +| Liens | [Github](https://github.com/amir20/dozzle) | + + + +```yaml +name: dozzle +services: + dozzle: + container_name: dozzle + ports: + - 9999:8080 + environment: + - PUID=1026 + - PGID=100 + - TZ=Europe/Paris + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + restart: always + image: amir20/dozzle:latest + +``` + diff --git a/docs/Synology/Docker/docker-compose/freegeoip.md b/docs/Synology/Docker/docker-compose/freegeoip.md new file mode 100644 index 0000000..767b06a --- /dev/null +++ b/docs/Synology/Docker/docker-compose/freegeoip.md @@ -0,0 +1,30 @@ +# freegeoip + + + + + +| Création | dockge | +| ----------- | -------------------------------------------- | +| Mise-à-jour | Watchtower | +| Ports | 8080 / 8888 | +| Liens | [Github](https://github.com/t0mer/freegeoip) | + + + +```yaml +version: "2.1" +services: + freegeoip: + image: techblog/freegeoip + container_name: freegeoip + ports: + - 8080:8080 + - 8888:8888 + labels: + - com.centurylinklabs.watchtower.enable=true + restart: always +networks: {} + +``` + diff --git a/docs/Synology/Docker/docker-compose/glances.md b/docs/Synology/Docker/docker-compose/glances.md new file mode 100644 index 0000000..221d215 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/glances.md @@ -0,0 +1,65 @@ +# glances + + + + + +| Création | Portainer | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Ports | 61208 | +| Liens | [Github](https://github.com/nicolargo/glances)
[Docker](https://github.com/nicolargo/glances/blob/develop/docs/docker.rst) | + + + +```yaml +version: "3.9" +services: + glances: + container_name: Glances + image: nicolargo/glances:latest-full + healthcheck: + test: curl -f http://localhost:61208/ || exit 1 + mem_limit: 4g + cpu_shares: 768 + security_opt: + - no-new-privileges:true + pid: host + privileged: true + network_mode: host + restart: on-failure:5 + ports: + - 61208:61208 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + GLANCES_OPT: -w +``` + + + +By default, the /etc/glances/glances.conf file is used (based on docker-compose/glances.conf). + +Additionally, if you want to use your own glances.conf file, you can create your own Dockerfile: + +``` +FROM nicolargo/glances:latest +COPY glances.conf /root/.config/glances/glances.conf +CMD python -m glances -C /root/.config/glances/glances.conf $GLANCES_OPT +``` + + + +Alternatively, you can specify something along the same lines with docker run options (notice the GLANCES_OPT environment variable setting parameters for the glances startup command): + +``` +docker run -e TZ="${TZ}" -v `pwd`/glances.conf:/root/.config/glances/glances.conf -v /var/run/docker.sock:/var/run/docker.sock:ro -v /run/user/1000/podman/podman.sock:/run/user/1000/podman/podman.sock:ro --pid host -e GLANCES_OPT="-C /root/.config/glances/glances.conf" -it nicolargo/glances:latest-full +``` + + + +Where `pwd`/glances.conf is a local directory containing your glances.conf file. + +glances.conf + +https://github.com/nicolargo/glances/blob/develop/conf/glances.conf \ No newline at end of file diff --git a/docs/Synology/Docker/docker-compose/gokapi.md b/docs/Synology/Docker/docker-compose/gokapi.md new file mode 100644 index 0000000..70f6ca0 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/gokapi.md @@ -0,0 +1,37 @@ +# gokapi + + + + + +| Création | dockge | +| ----------- | ------------------------------------------ | +| Mise-à-jour | Watchtower | +| Ports | 53842 | +| Liens | [Github](https://github.com/Forceu/Gokapi) | + + + +```yaml +version: "3.7" +services: + gokapi: + container_name: gokapi + volumes: + - /volume1/docker/dockge/stacks/gokapi/data:/app/data + - /volume1/docker/dockge/stacks/gokapi/config:/app/config + ports: + - 53842:53842 + labels: + - "com.centurylinklabs.watchtower.enable=true" + image: f0rc3/gokapi:latest + restart: always +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.64.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/heimdall.md b/docs/Synology/Docker/docker-compose/heimdall.md new file mode 100644 index 0000000..9df23cb --- /dev/null +++ b/docs/Synology/Docker/docker-compose/heimdall.md @@ -0,0 +1,36 @@ +# Heimdall + + + + + +| Création | dockge | +| ----------- | ---------------------------------- | +| Mise-à-jour | Watchtower | +| Ports | 8056 | +| Liens | [Heimdall](https://heimdall.site/) | + + + +```yaml +name: heimdall +services: + heimdall: + container_name: heimdall + ports: + - 8056:80 + - 7543:443 + environment: + - PUID=1026 + - PGID=100 + - TZ=Europe/Paris + labels: + - com.centurylinklabs.watchtower.enable=true + volumes: + - /volume1/docker/dockge/stacks/heimdall:/config + restart: always + image: ghcr.io/linuxserver/heimdall +networks: {} + +``` + diff --git a/docs/Synology/Docker/docker-compose/igotify.md b/docs/Synology/Docker/docker-compose/igotify.md new file mode 100644 index 0000000..c9a243b --- /dev/null +++ b/docs/Synology/Docker/docker-compose/igotify.md @@ -0,0 +1,68 @@ +# igotify + + + + + +| Création | Portainer | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Ports | 8680 | +| Liens | [Github](https://github.com/androidseb25/iGotify-Notification-Assistent)
[Gotify](https://gotify.net) | + + + +```yaml +version: '3.8' + +services: + gotify: + container_name: gotify + hostname: gotify + image: ghcr.io/gotify/server:latest + restart: unless-stopped + security_opt: + - no-new-privileges:true + networks: + - net + ports: + - "8680:80" + volumes: + - igotify-data:/app/data + labels: + - "com.centurylinklabs.watchtower.enable=true" + environment: + TZ: Europe/Paris + GOTIFY_DEFAULTUSER_NAME: bruno + GOTIFY_DEFAULTUSER_PASS: 3l.+-OGj8feS*C7b + + igotify: + container_name: igotify + hostname: igotify + image: ghcr.io/androidseb25/igotify-notification-assist:latest + restart: unless-stopped + security_opt: + - no-new-privileges:true + pull_policy: always + networks: + - net + ports: + - "8681:8080" + volumes: + - igotify-api-data:/app/data + labels: + - "com.centurylinklabs.watchtower.enable=true" + environment: + IGOTIFY_CLIENT_TOKEN: 'Zm1BPb.iqe,!r=\' # create a client in gotify an add here the client token + GOTIFY_SERVER_URL: 'http://gotify' # default container name from gotify server + +networks: + net: + +volumes: + igotify-data: + igotify-api-data: + +# tokens modifiés +``` + diff --git a/docs/Synology/Docker/docker-compose/invidious.md b/docs/Synology/Docker/docker-compose/invidious.md new file mode 100644 index 0000000..78299ff --- /dev/null +++ b/docs/Synology/Docker/docker-compose/invidious.md @@ -0,0 +1,86 @@ +# invidious + + + + + +| Création | Portainer | +| ----------- | --------------------------------------------- | +| Mise-à-jour | Watchtower | +| Ports | 7601 | +| Liens | [Github](https://github.com/iv-org/invidious) | + + + +```yaml +version: "3.9" +services: + invidious-db: + image: postgres + container_name: Invidious-DB + hostname: invidious-db + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "pg_isready", "-q", "-d", "invidious", "-U", "kemal"] + timeout: 45s + interval: 10s + retries: 10 + user: 1026:100 + labels: + - com.centurylinklabs.watchtower.enable=true + volumes: + - /volume1/docker/invidiousdb:/var/lib/postgresql/data + environment: + POSTGRES_DB: invidious + POSTGRES_USER: kemal + POSTGRES_PASSWORD: kemalpw + restart: always + + invidious: + image: quay.io/invidious/invidious:latest + container_name: Invidious + hostname: invidious + user: 1026:100 + security_opt: + - no-new-privileges:true + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 + interval: 30s + timeout: 5s + retries: 2 + ports: + - 7601:3000 + labels: + - com.centurylinklabs.watchtower.enable=true + environment: + INVIDIOUS_CONFIG: | + db: + dbname: invidious + user: kemal + password: kemalpw + host: invidious-db + port: 5432 + check_tables: true + captcha_enabled: false + default_user_preferences: + locale: fr + region: FR + external_port: 443 + domain: invidious.photos-nas.ovh + hmac_key: Kh9d0h2tV1wIVbqUHTCR5EOxcrc6iB9zLu4UGqIpfXKHjGlksKUWsMyOUw0YVJdC + https_only: true + restart: always + depends_on: + invidious-db: + condition: service_started +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.72.0/24 + +# token modifié +``` + diff --git a/docs/Synology/Docker/docker-compose/maptiler.md b/docs/Synology/Docker/docker-compose/maptiler.md new file mode 100644 index 0000000..553977b --- /dev/null +++ b/docs/Synology/Docker/docker-compose/maptiler.md @@ -0,0 +1,70 @@ +# maptiler + + + + + +```yaml +version: "2" +services: + tileserver: + restart: always + image: maptiler/tileserver-gl + container_name: maptiler + privileged: false + ports: + - 8580:8080 + volumes: + - /volume1/docker/dockge/stacks/maptiler/data/map:/data + command: + - --verbose + - --mbtiles + - maptiler-osm-2020-02-10-v3.11-europe.mbtiles +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.77.0/24 + +``` + + + +https://tileserver.readthedocs.io/en/latest/index.html + +https://blog.tmlmt.com/create-style-and-render-self-hosted-vector-maps/ + +https://download.geofabrik.de + + + +``` +command: ["-p", "80", "-c", "/data/config.json"] + +docker run --rm -it -v $(pwd):/data -p 8188:8080 maptiler/tileserver-gl:v3.1.1 -c config.json --verbose + +``` + +``` +version: '3.4' +services: +openmaptiles: + image: klokantech/tileserver-gl + ports: +- 8080:80 +volumes: +- "./data:/data" +command: "--verbose -c config.json" + + +``` + + + +## Reloading the configuration + +It is possible to reload the configuration file without restarting the whole process by sending a SIGHUP signal to the node process. + +- The docker kill -s HUP tileserver-gl command can be used when running the tileserver-gl docker container. +- The docker-compose kill -s HUP tileserver-gl-service-name can be used when tileserver-gl is run as a docker-compose service. \ No newline at end of file diff --git a/docs/Synology/Docker/docker-compose/navidrome.md b/docs/Synology/Docker/docker-compose/navidrome.md new file mode 100644 index 0000000..1a126e5 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/navidrome.md @@ -0,0 +1,82 @@ +# navidrome -maloja + + + + + +| Création | Portainer | +| -------------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port navidrome | 4533 | +| Port maloja | 42010 | +| Liens | [Navidrome](https://www.navidrome.org/)
[Github](https://github.com/krateng/maloja) | + + + +```yaml +version: "3" +services: + navidrome: + image: deluan/navidrome + container_name: navidrome + user: 1028:65536 # à modifier par votre propre PGID et PUID + ports: + - "4533:4533" # modifier votre IP donnant vers l'exterieur + environment: + # Optional: put your config options customization here. Examples: + ND_SCANSCHEDULE: 1h + ND_SESSIONTIMEOUT: "24h" + ND_LOGLEVEL: debug + ND_BASEURL: "" + ND_DEFAULTLANGUAGE: fr + ND_ENABLEEXTERNALSERVICES: true + ND_ENABLELOGREDACTING: true + ND_ENABLECOVERANIMATION: false + ND_AUTHREQUESTLIMIT: 10 + ND_LISTENBRAINZ_ENABLED: true + ND_LISTENBRAINZ_BASEURL: "http://maloja:42010/apis/listenbrainz/1/" + #ND_LISTENBRAINZ_BASEURL: "https://maloja.photos-nas.ovh/apis/mlj_1/newscrobble" + ND_LASTFM_ENABLED: true + ND_LASTFM_LANGUAGE: fr + ND_ENABLEFAVOURITES: true + ND_ENABLESTARRATING: true + ND_ENABLEUSEREDITING: true + #ND_ENABLEDOWNSAMPLING: "true" + #ND_MAXBITRATE: 128 # can be anything less then your Ogg files bitrate + #ND_DOWNSAMPLECOMMAND: "ffmpeg -i %s -map 0:0 -b:a %bk -v 0 -c:a libopus -f opus -" + ND_PORT: 4533 + env_file: + - stack.env + volumes: + - "/volume1/docker/navidrome:/data" + - "/volume1/music:/music:ro" + labels: + - "com.centurylinklabs.watchtower.enable=true" + #- com.centurylinklabs.watchtower.depends-on= + #- "diun.enable=true" + restart: unless-stopped + + maloja: + # from dockerhub + image: "krateng/maloja:latest" + container_name: maloja + ports: + - "42010:42010" + restart: unless-stopped + # different directories for configuration, state and logs + volumes: + - "/volume1/docker/maloja/data:/data" + environment: + - "MALOJA_DATA_DIRECTORY=/data" + - "PUID=1028" + - "PGID=65536" + - "MALOJA_LOGGING=true" + env_file: + - stack.env + labels: + - "com.centurylinklabs.watchtower.enable=true" + #- com.centurylinklabs.watchtower.depends-on= + #- "diun.enable=true" + +``` + diff --git a/docs/Synology/Docker/docker-compose/openstreetmap.md b/docs/Synology/Docker/docker-compose/openstreetmap.md new file mode 100644 index 0000000..84cafe2 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/openstreetmap.md @@ -0,0 +1,39 @@ +# openstreetmap-tile-server + + + +https://github.com/Overv/openstreetmap-tile-server + + + +Créez un volume Docker pour contenir la base de données PostgreSQL qui contiendra les données OpenStreetMap : + +```bash +docker volume create osm-data +``` + +Téléchargez un `.osm.pbf`extrait de geofabrik.de pour la région qui vous intéresse: + +```bash +cd /volume1/docker/dockge/stacks/ +mkdir mapserver +cd mapserver +mkdir data +``` + +```bash +wget http://download.geofabrik.de/france-latest.osm.pbf + +wget http://download.geofabrik.de/france.poly +``` + +L'importer dans PostgreSQL en exécutant un conteneur et en montant le fichier en tant que `/data/region.osm.pbf`. + +```bash +docker run \ + -v /volume1/docker/dockge/stacks/mapserver/data/france-latest.osm.pbf:/data/region.osm.pbf \ + -v osm-data:/data/database/ \ + overv/openstreetmap-tile-server \ + import +``` + diff --git a/docs/Synology/Docker/docker-compose/paperlessngx.md b/docs/Synology/Docker/docker-compose/paperlessngx.md new file mode 100644 index 0000000..a2e0e3f --- /dev/null +++ b/docs/Synology/Docker/docker-compose/paperlessngx.md @@ -0,0 +1,145 @@ +# paperlessngx + + + + + +| Création | Portainer | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 8777 | +| Liens | [Paperless-ngx](https://docs.paperless-ngx.com/)
[Github](https://github.com/paperless-ngx/paperless-ngx) | + + + +```yaml +version: "3.9" +services: + redis: + image: redis:7 + command: + - /bin/sh + - -c + - redis-server --requirepass redispass + container_name: PaperlessNGX-REDIS + hostname: paper-redis + mem_limit: 512m + mem_reservation: 256m + cpu_shares: 768 + security_opt: + - no-new-privileges:true + read_only: true + user: 1026:100 + healthcheck: + test: ["CMD-SHELL", "redis-cli ping || exit 1"] + volumes: + - /volume1/docker/paperlessngx/redis:/data:rw + environment: + TZ: Europe/Paris + restart: on-failure:5 + + db: + image: postgres:16 + container_name: PaperlessNGX-DB + hostname: paper-db + mem_limit: 1g + cpu_shares: 768 + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "pg_isready", "-q", "-d", "paperless", "-U", "paperlessuser"] + timeout: 45s + interval: 10s + retries: 10 + volumes: + - /volume1/docker/paperlessngx/db:/var/lib/postgresql/data:rw + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperlessuser + POSTGRES_PASSWORD: paperlesspass + restart: on-failure:5 + + gotenberg: + image: gotenberg/gotenberg:latest + container_name: PaperlessNGX-GOTENBERG + hostname: gotenberg + security_opt: + - no-new-privileges:true + user: 1026:100 + command: + - "gotenberg" + - "--chromium-disable-javascript=true" + - "--chromium-allow-list=file:///tmp/.*" + restart: on-failure:5 + + tika: + image: ghcr.io/paperless-ngx/tika:latest + container_name: PaperlessNGX-TIKA + hostname: tika + security_opt: + - no-new-privileges:true + user: 1026:100 + restart: on-failure:5 + + paperless: + image: ghcr.io/paperless-ngx/paperless-ngx:latest + container_name: PaperlessNGX + hostname: paperless-ngx + mem_limit: 6g + cpu_shares: 1024 + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] + interval: 30s + timeout: 10s + retries: 5 + ports: + - 8777:8000 + volumes: + - /volume1/docker/paperlessngx/data:/usr/src/paperless/data:rw + - /volume1/docker/paperlessngx/media:/usr/src/paperless/media:rw + - /volume1/docker/paperlessngx/export:/usr/src/paperless/export:rw + - /volume1/docker/paperlessngx/consume:/usr/src/paperless/consume:rw + - /volume1/docker/paperlessngx/trash:/usr/src/paperless/trash:rw + environment: + PAPERLESS_REDIS: redis://:redispass@paper-redis:6379 + PAPERLESS_DBENGINE: postgresql + PAPERLESS_DBHOST: paper-db + PAPERLESS_DBNAME: paperless + PAPERLESS_DBUSER: paperlessuser + PAPERLESS_DBPASS: paperlesspass + PAPERLESS_TRASH_DIR: ../trash + PAPERLESS_FILENAME_FORMAT: '{created_year}/{correspondent}/{document_type}/{title}' + PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD: 6 + PAPERLESS_TASK_WORKERS: 1 + USERMAP_UID: 1026 + USERMAP_GID: 100 + PAPERLESS_TIME_ZONE: Europe/Paris + PAPERLESS_URL: https://paperlessngx.photos-nas.ovh + PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperlessngx.photos-nas.ovh + PAPERLESS_OCR_LANGUAGE: deu+eng + PAPERLESS_TIKA_ENABLED: 1 + PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 + PAPERLESS_TIKA_ENDPOINT: http://tika:9998 + env_file: + - stack.env + restart: on-failure:5 + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + tika: + condition: service_started + gotenberg: + condition: service_started + +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.59.0/24 +``` + diff --git a/docs/Synology/Docker/docker-compose/pingvin.md b/docs/Synology/Docker/docker-compose/pingvin.md new file mode 100644 index 0000000..6cc5844 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/pingvin.md @@ -0,0 +1,37 @@ +# pingvin + + + + + +| Création | dockge | +| ----------- | ----------------------------------------------------- | +| Mise-à-jour | Watchtower | +| Port | 6090 | +| Liens | [Github](https://github.com/stonith404/pingvin-share) | + + + +```yaml +version: "3.7" +services: + pingvin-share: + container_name: Pingvin-Share + ports: + - 6090:3000 + volumes: + - /volume1/docker/dockge/stacks/pingvin:/opt/app/backend/data + - /volume1/docker/dockge/stacks/pingvin/public:/opt/app/frontend/public/img + restart: always + image: stonith404/pingvin-share + labels: + - "com.centurylinklabs.watchtower.enable=true" +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.63.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/privatebin.md b/docs/Synology/Docker/docker-compose/privatebin.md new file mode 100644 index 0000000..bc0fcae --- /dev/null +++ b/docs/Synology/Docker/docker-compose/privatebin.md @@ -0,0 +1,41 @@ +# PrivateBin + + + + + +| Création | dockge | +| ----------- | -------------------------------------- | +| Mise-à-jour | Watchtower | +| Port | 8380 | +| Liens | [PrivateBin](https://privatebin.info/) | + + + +```yaml +name: privatebin +services: + nginx-fpm-alpine: + restart: always + read_only: true + environment: + TZ: Europe/Paris + ports: + - 8380:8080 + labels: + - com.centurylinklabs.watchtower.enable=true + volumes: + - /volume1/docker/dockge/stacks/privatebin/conf.php:/srv/cfg/conf.php:ro + - /volume1/docker/dockge/stacks/privatebin/data:/srv/data + - /volume1/docker/dockge/stacks/privatebin:/tmp + - /volume1/docker/dockge/stacks/privatebin:/run + image: privatebin/nginx-fpm-alpine +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.66.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/psitransfer.md b/docs/Synology/Docker/docker-compose/psitransfer.md new file mode 100644 index 0000000..a26977d --- /dev/null +++ b/docs/Synology/Docker/docker-compose/psitransfer.md @@ -0,0 +1,35 @@ +# psitransfer + + + + + +| Création | dockge | +| ----------- | -------------------------------------------------- | +| Mise-à-jour | Watchtower | +| Port | 3005 | +| Liens | [Github](https://github.com/psi-4ward/psitransfer) | + + + +```yaml +version: "3.7" +services: + psitransfer: + container_name: psitransfer + volumes: + - /volume1/docker/dockge/stacks/psitransfer/data:/data + ports: + - 3005:3000 + labels: + - com.centurylinklabs.watchtower.enable=true + image: psitrax/psitransfer +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.62.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/scrutiny.md b/docs/Synology/Docker/docker-compose/scrutiny.md new file mode 100644 index 0000000..d561d4c --- /dev/null +++ b/docs/Synology/Docker/docker-compose/scrutiny.md @@ -0,0 +1,49 @@ +# Scrutiny + + + + + +| Création | Container Manager (projet) | +| ----------- | --------------------------------------------- | +| Mise-à-jour | Watchtower | +| Port | 6070 | +| Liens | [Github](https://github.com/AnalogJ/scrutiny) | + + + +```yaml +services: + scrutiny: + container_name: scrutiny + image: ghcr.io/analogj/scrutiny:master-omnibus + cap_add: + - SYS_RAWIO + - SYS_ADMIN + ports: + - "6070:8080" # webapp + - "8086:8086" # influxDB administration + volumes: + - /run/udev:/run/udev:ro + - /volume1/docker/scrutiny:/opt/scrutiny/config + - /volume1/docker/scrutiny/influxdb:/opt/scrutiny/influxdb + devices: +# - /dev/nvme0n1:/dev/nvme0n1 +# - /dev/nvme1n1:/dev/nvme1n1 + - /dev/sata1:/dev/sata1 + - /dev/sata2:/dev/sata2 + - /dev/sata3:/dev/sata3 + - /dev/sata4:/dev/sata4 +# - /dev/sata5:/dev/sata5 +# - /dev/sata6:/dev/sata6 +# - /dev/sata7:/dev/sata7 +# - /dev/sata8:/dev/sata8 + environment: + - SCRUTINY_WEB_INFLUXDB_TOKEN='eo5Kc?t9T/Yrl054Edh6bJYNbhOH3blnWHqDcLHc4ml2ur/IF6?pR1v4BHd!bfB01Qu4pQyPs!?AiBa-8WGoSrkpjdQ' + - SCRUTINY_WEB_INFLUXDB_INIT_USERNAME='bruno' + - SCRUTINY_WEB_INFLUXDB_INIT_PASSWORD='j8s!hJVWCuu*z*LU' + - TIMEZONE=Europe/Paris + restart: unless-stopped + +``` + diff --git a/docs/Synology/Docker/docker-compose/seafile.md b/docs/Synology/Docker/docker-compose/seafile.md new file mode 100644 index 0000000..7015446 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/seafile.md @@ -0,0 +1,82 @@ +# seafile + + + + + +| Création | dockge | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 8611 | +| Liens | [Manuel](https://manual.seafile.com/)
[Seafile](https://www.seafile.com/en/home/)
https://mariushosting.com/how-to-install-seafile-on-your-synology-nas/ | + + + +```yaml +version: "3.9" +services: + db: + image: mariadb:11.3-jammy + container_name: Seafile-DB + hostname: seafile-db + mem_limit: 1g + cpu_shares: 768 + security_opt: + - no-new-privileges:true + user: 1026:100 + volumes: + - /volume1/docker/dockge/stacks/seafile/db:/var/lib/mysql:rw + environment: + MYSQL_ROOT_PASSWORD: rootpass + TZ: Europe/Paris + restart: on-failure:5 + cache: + image: memcached:1.6.22 + entrypoint: memcached -m 256 + container_name: Seafile-CACHE + hostname: memcached + mem_limit: 512m + cpu_shares: 768 + security_opt: + - no-new-privileges:true + read_only: true + user: 1026:100 + restart: on-failure:5 + seafile: + image: seafileltd/seafile-mc:latest + container_name: Seafile + hostname: seafile + mem_limit: 2g + cpu_shares: 768 + security_opt: + - no-new-privileges:true + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost + volumes: + - /volume1/docker/dockge/stacks/seafile/data:/shared:rw + ports: + - 8611:80 + environment: + DB_HOST: seafile-db + DB_ROOT_PASSWD: rootpass + TIME_ZONE: Europe/Paris + SEAFILE_ADMIN_EMAIL: liste@clicclac.info + SEAFILE_ADMIN_PASSWORD: mariushosting + SEAFILE_SERVER_LETSENCRYPT: false + SEAFILE_SERVER_HOSTNAME: seafile.photos-nas.ovh + FORCE_HTTPS_IN_CONF: true + restart: on-failure:5 + depends_on: + db: + condition: service_started + cache: + condition: service_started +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.69.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/searXNG.md b/docs/Synology/Docker/docker-compose/searXNG.md new file mode 100644 index 0000000..46785da --- /dev/null +++ b/docs/Synology/Docker/docker-compose/searXNG.md @@ -0,0 +1,33 @@ +# searXNG + + + + + +| Création | dockge | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 5147 | +| Liens | [Docs](https://docs.searxng.org)
[Github](https://github.com/searxng/searxng) | + + + +```yaml +version: '3.9' +services: + searxng: + image: searxng/searxng + container_name: SearXNG + mem_limit: 8g + cpu_shares: 2048 + security_opt: + - no-new-privileges:true + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /volume1/docker/searxng:/etc/searxng:rw + restart: on-failure:5 + ports: + - 5147:8080 +``` + diff --git a/docs/Synology/Docker/docker-compose/send.md b/docs/Synology/Docker/docker-compose/send.md new file mode 100644 index 0000000..47bc21b --- /dev/null +++ b/docs/Synology/Docker/docker-compose/send.md @@ -0,0 +1,59 @@ +# send + + + + + +| Création | dockge | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 1234 | +| Liens | [Github](https://github.com/timvisee/send)
[Docker](https://github.com/timvisee/send-docker-compose/tree/master) | + + + +```yaml +version: "3" +services: + send: + image: registry.gitlab.com/timvisee/send:latest + restart: always + ports: + - 1234:1234 + volumes: + - /volume1/docker/dockge/stacks/send/uploads:/uploads + labels: + - com.centurylinklabs.watchtower.enable=true + environment: + - VIRTUAL_HOST=send.photos-nas.ovh + - VIRTUAL_PORT=1234 + - DHPARAM_GENERATION=false + - NODE_ENV=production + - BASE_URL=https://send.photos-nas.ovh + - PORT=1234 + - REDIS_HOST=redis + - FILE_DIR=/uploads + # To customize upload limits + # - EXPIRE_TIMES_SECONDS=3600,86400,604800,2592000,31536000 + # - DEFAULT_EXPIRE_SECONDS=3600 + # - MAX_EXPIRE_SECONDS=31536000 + # - DOWNLOAD_COUNTS=1,2,5,10,15,25,50,100,1000 + # - MAX_DOWNLOADS=1000 + # - MAX_FILE_SIZE=2684354560 + + redis: + image: redis:alpine + restart: always + volumes: + - send-redis:/data +volumes: + send-redis: null +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.60.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/snapdrop.md b/docs/Synology/Docker/docker-compose/snapdrop.md new file mode 100644 index 0000000..4a69573 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/snapdrop.md @@ -0,0 +1,47 @@ +# snapdrop + + + + + +| Création | dockge | +| ----------- | ------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 7653 | +| Liens | [Github](https://github.com/RobinLinus/snapdrop) | + + + +```yaml +version: "3.9" +services: + snapdrop: + image: ghcr.io/linuxserver/snapdrop:latest + container_name: Snapdrop + hostname: snapdrop + mem_limit: 1g + cpu_shares: 768 + security_opt: + - no-new-privileges:true + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:80 + ports: + - 7653:443 + labels: + - com.centurylinklabs.watchtower.enable=true + volumes: + - /volume1/docker/dockge/stacks/snapdrop:/config:rw + environment: + TZ: Europe/Paris + PUID: 1026 + PGID: 100 + restart: on-failure:5 +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.67.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/snippet-box.md b/docs/Synology/Docker/docker-compose/snippet-box.md new file mode 100644 index 0000000..c77d0cc --- /dev/null +++ b/docs/Synology/Docker/docker-compose/snippet-box.md @@ -0,0 +1,36 @@ + + +# snippet-box + + + +| Création | dockge | +| ----------- | ------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 5010 | +| Liens | [Github](https://github.com/RobinLinus/snapdrop) | + + + +```yaml +version: "3" +services: + snippet-box: + image: pawelmalak/snippet-box:latest + container_name: snippet-box + labels: + - com.centurylinklabs.watchtower.enable=true + volumes: + - /volume1/docker/dockge/stacks/snippetbox/data:/app/data + ports: + - 5010:5000 + restart: unless-stopped +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.65.0/24 + +``` + diff --git a/docs/Synology/Docker/docker-compose/tautulli.md b/docs/Synology/Docker/docker-compose/tautulli.md new file mode 100644 index 0000000..3700599 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/tautulli.md @@ -0,0 +1,57 @@ +# Tautulli + + + + + +| Création | Portainer | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 8181 | +| Liens | [Github](https://github.com/Tautulli/Tautulli)
[Tautulli](https://tautulli.com/) | + + + +```bash +services: + tautulli: + image: linuxserver/tautulli:latest + container_name: tautulli + environment: + - PUID=1026 #CHANGE_TO_YOUR_UID + - PGID=100 #CHANGE_TO_YOUR_GID + - TZ=Europe/Paris #CHANGE_TO_YOUR_TZ + - UMASK=022 + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /volume1/docker/tautulli:/config + ports: + - 8181:8181/tcp + network_mode: synobridge + security_opt: + - no-new-privileges:true + restart: always +``` + + + +#### Portail de connexion -> Avancé -> Proxy inversé + +Entête personnalisé: + +| Nom de l'entête | Valeur | +| ----------------- | --------------------------- | +| Host | $host; | +| X-Real-IP | $remote_addr; | +| X-Forwarded-Host | $server_name; | +| X-Forwarded-For | $proxy_add_x_forwarded_for; | +| X-Forwarded-Proto | $scheme; | +| X-Forwarded-Ssl | on; | + + + +https://github.com/Tautulli/Tautulli/wiki/Installation#synology + +https://github.com/Tautulli/Tautulli/wiki/Frequently-Asked-Questions#general-q9 + diff --git a/docs/Synology/Docker/docker-compose/watchtower.md b/docs/Synology/Docker/docker-compose/watchtower.md new file mode 100644 index 0000000..4a19eb4 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/watchtower.md @@ -0,0 +1,43 @@ +# Watchtower + + + + + +| Création | Portainer | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | - | +| Liens | [Watchtower](https://containrrr.dev/watchtower/)
[Github](https://github.com/containrrr/watchtower/) | + + + +```yaml +version: '2.1' +services: + + watchtower: + image: containrrr/watchtower + container_name: watchtower + hostname: watchtower-nas + network_mode: bridge + environment: + - WATCHTOWER_NOTIFICATIONS=email + - WATCHTOWER_CLEANUP=true + - WATCHTOWER_DEBUG=true + - WATCHTOWER_LABEL_ENABLE=true + - WATCHTOWER_TIMEOUT=30s + #- WATCHTOWER_POLL_INTERVAL=300 + - WATCHTOWER_SCHEDULE=0 0 5 * * * + - TZ=Europe/Paris + env_file: + - stack.env + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /volume1/docker/watchtower/config.json:/root/.docker/config.json + restart: unless-stopped + +``` + diff --git a/docs/Synology/Docker/docker-compose/wgeasy.md b/docs/Synology/Docker/docker-compose/wgeasy.md new file mode 100644 index 0000000..8a17970 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/wgeasy.md @@ -0,0 +1,44 @@ + + +# wg-easy + + + +| Création | Portainer | +| ----------- | -------------------------------------------- | +| Mise-à-jour | Watchtower | +| Port | 51821 | +| Liens | [Github](https://github.com/wg-easy/wg-easy) | + + + +```yaml +version: "3.5" + +services: + wgeasy: + image: ghcr.io/wg-easy/wg-easy:latest + network_mode: "bridge" + container_name: wgeasy + ports: + - "51820:51820/udp" + - "51821:51821" + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv4.ip_forward=1 + env_file: + - stack.env + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /volume1/docker/wgeasy:/etc/wireguard + environment: + - WG_HOST=photos-nas.ovh + - WG_DEFAULT_DNS=192.168.2.216 + restart: always + +``` + diff --git a/docs/Synology/Docker/docker-compose/yacy.md b/docs/Synology/Docker/docker-compose/yacy.md new file mode 100644 index 0000000..2ded28f --- /dev/null +++ b/docs/Synology/Docker/docker-compose/yacy.md @@ -0,0 +1,35 @@ +# yacy + + + + + +| Création | Portainer | +| ----------- | ------------------------------------------------------------ | +| Mise-à-jour | Watchtower | +| Port | 8490 | +| Liens | [Yacy](https://yacy.net)
[Github](https://github.com/yacy/yacy_search_server) | + + + +```yaml +services: + yacy: + image: yacy/yacy_search_server:latest + container_name: yacy + network_mode: bridge + dns: + - 192.168.2.116 + - 192.168.2.216 + user: 1028:65536 + labels: + - com.centurylinklabs.watchtower.enable=true + ports: + - 8490:8090 + - 8443:8443 + volumes: + - /volume1/docker/yacy/data:/opt/yacy_search_server/DATA:rw + restart: unless-stopped + +``` + diff --git a/docs/Synology/Docker/docker-compose/yatch.md b/docs/Synology/Docker/docker-compose/yatch.md new file mode 100644 index 0000000..72ad6d9 --- /dev/null +++ b/docs/Synology/Docker/docker-compose/yatch.md @@ -0,0 +1,25 @@ +# yatch + + + +```yaml +version: "3" +services: + yacht: + container_name: yacht + restart: unless-stopped + ports: + - 8001:8000 + environment: + ADMIN_EMAIL: liste@clicclac.info + SECRET_KEY: 7dJuLowm7E5fuXtdEiG1aZ5XwpV8DMOePr5TxwETXTDvM9MgqYulzlb75OscYF4Yvto63jESprC02ZjegOKxDuQhz + volumes: + - yacht:/config + - /var/run/docker.sock:/var/run/docker.sock + image: selfhostedpro/yacht +volumes: + yacht: + +# tokens modifiés +``` + diff --git a/docs/Synology/Docker/grafana.md b/docs/Synology/Docker/grafana.md new file mode 100644 index 0000000..c19f1a4 --- /dev/null +++ b/docs/Synology/Docker/grafana.md @@ -0,0 +1,133 @@ +# Grafana + + + +```yaml +version: "3.9" +services: + grafana: + image: grafana/grafana:latest + container_name: Grafana + hostname: grafana + networks: + - grafana-net + mem_limit: 512m + cpu_shares: 512 + security_opt: + - no-new-privileges:true + user: 1026:100 + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:3000/api/health + ports: + - 3340:3000 + volumes: + - /volume1/docker/grafana/data:/var/lib/grafana:rw + environment: + TZ: Europe/Paris + GF_INSTALL_PLUGINS: grafana-clock-panel,grafana-simple-json-datasource,natel-discrete-panel,grafana-piechart-panel + restart: on-failure:5 + + prometheus: + image: prom/prometheus + command: + - '--storage.tsdb.retention.time=60d' + - '--config.file=/etc/prometheus/prometheus.yml' + container_name: Prometheus + hostname: prometheus-server + networks: + - grafana-net + - prometheus-net + mem_limit: 1g + cpu_shares: 768 + security_opt: + - no-new-privileges=true + user: 1026:100 + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:9090/ || exit 1 + volumes: + - /volume1/docker/grafana/prometheus:/prometheus:rw + - /volume1/docker/grafana/prometheus.yml:/etc/prometheus/prometheus.yml:ro + restart: on-failure:5 + + node-exporter: + image: prom/node-exporter:latest + command: + - --collector.disable-defaults + - --collector.stat + - --collector.time + - --collector.cpu + - --collector.loadavg + - --collector.hwmon + - --collector.meminfo + - --collector.diskstats + container_name: Prometheus-Node + hostname: prometheus-node + networks: + - prometheus-net + mem_limit: 256m + mem_reservation: 64m + cpu_shares: 512 + security_opt: + - no-new-privileges=true + read_only: true + user: 1026:100 + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:9100/ + restart: on-failure:5 + + snmp-exporter: + image: prom/snmp-exporter:latest + command: + - '--config.file=/etc/snmp_exporter/snmp.yml' + container_name: Prometheus-SNMP + hostname: prometheus-snmp + networks: + - prometheus-net + mem_limit: 256m + mem_reservation: 64m + cpu_shares: 512 + security_opt: + - no-new-privileges:true + read_only: true + user: 1026:100 + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:9116/ || exit 1 + volumes: + - /volume1/docker/grafana/snmp:/etc/snmp_exporter/:ro + restart: on-failure:5 + + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + command: + - '--docker_only=true' + container_name: Prometheus-cAdvisor + hostname: prometheus-cadvisor + networks: + - prometheus-net + mem_limit: 256m + mem_reservation: 64m + cpu_shares: 512 + security_opt: + - no-new-privileges=true + read_only: true + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + restart: on-failure:5 + +networks: + grafana-net: + name: grafana-net + ipam: + config: + - subnet: 192.168.50.0/24 + prometheus-net: + name: prometheus-net + ipam: + config: + - subnet: 192.168.51.0/24 + +``` + diff --git a/docs/Synology/Docker/index.md b/docs/Synology/Docker/index.md new file mode 100644 index 0000000..282a78c --- /dev/null +++ b/docs/Synology/Docker/index.md @@ -0,0 +1,102 @@ +# Docker + + + +### Installation + +Installer le paquet Container Manager dans DSM + +[DockerHub](https://hub.docker.com/search?q=) + + + +##### Redémarrer Container Manager + +```bash +$ systemctl list-units --type=service --all | grep -i docker + pkg-ContainerManager-dockerd.service loaded active running Docker Application Container Engine + pkg-ContainerManager-event-watcherd.service loaded active running Docker event watch service + +``` + +```bash +$ sudo systemctl restart pkg-ContainerManager-dockerd +``` + + + +### Utilisation + +[Mise-à-jour des containers](updates.md) (Container Manager - WatchTower) + +[Ports](ports.md) + +```bash +ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network +``` + +Ajouter à `/etc/docker/daemon.json` (ou le créer) + +```json +{ + "default-address-pools" : [ + { + "base" : "172.17.0.0/12", + "size" : 20 + }, + { + "base" : "192.168.0.0/16", + "size" : 24 + } + ] +} +``` + +Autre solution: + +```yaml +networks: + default: + driver: bridge + ipam: + config: + - subnet: 172.16.57.0/24 +``` + +https://straz.to/2021-09-08-docker-address-pools/ + +https://jareklipski.medium.com/docker-can-only-create-31-default-networks-e7f98f778626 + +https://serverfault.com/questions/916941/configuring-docker-to-not-use-the-172-17-0-0-range + +https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am + +### Containers + +- [iGotify](docker-compose/igotify.md) +- [Pi.Alert](docker-compose/Pi.Alert.md) +- [searXNG](docker-compose/searXNG.md) +- [WireGuard](Wireguard.md) + + + +### Login + +```bash +$ sudo docker login --username=foo + +# WARNING! Your password will be stored unencrypted in /root/.docker/config.json. +``` + + + +```bash +$ cat ~/my_password.txt | docker login --username foo --password-stdin +``` + + + +### Backups + +https://mariushosting.com/synology-how-to-back-up-docker-containers/ + diff --git a/docs/Synology/Docker/iperf3.md b/docs/Synology/Docker/iperf3.md new file mode 100644 index 0000000..50fa41d --- /dev/null +++ b/docs/Synology/Docker/iperf3.md @@ -0,0 +1,148 @@ +# iperf3 + + + +### Sur le NAS: + +Installation d'iPerf sur le NAS: + +```bash +$ sudo docker run -it --rm -p 5201:5201 networkstatic/iperf3 --help +``` + +Le serveur est lancé: + +```bash +$ sudo docker run -it --rm --name=iperf3-server -p 5201:5201 networkstatic/iperf3 -s +----------------------------------------------------------- +Server listening on 5201 +----------------------------------------------------------- +``` + + + +### Sur le mac: + +```bash + $ brew install iperf3 +``` + +On lance le client: + +```bash +$ iperf3 -c 192.168.2.57 +Connecting to host 192.168.2.57, port 5201 +[ 5] local 192.168.2.240 port 60430 connected to 192.168.2.57 port 5201 +[ ID] Interval Transfer Bitrate +[ 5] 0.00-1.00 sec 14.2 MBytes 119 Mbits/sec +[ 5] 1.00-2.00 sec 12.9 MBytes 108 Mbits/sec +[ 5] 2.00-3.01 sec 13.0 MBytes 109 Mbits/sec +[ 5] 3.01-4.01 sec 12.0 MBytes 101 Mbits/sec +[ 5] 4.01-5.00 sec 12.5 MBytes 105 Mbits/sec +[ 5] 5.00-6.00 sec 14.0 MBytes 118 Mbits/sec +[ 5] 6.00-7.00 sec 13.4 MBytes 112 Mbits/sec +[ 5] 7.00-8.00 sec 13.0 MBytes 109 Mbits/sec +[ 5] 8.00-9.00 sec 10.0 MBytes 83.7 Mbits/sec +[ 5] 9.00-10.01 sec 10.5 MBytes 88.1 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ ID] Interval Transfer Bitrate +[ 5] 0.00-10.01 sec 126 MBytes 105 Mbits/sec sender +[ 5] 0.00-10.09 sec 125 MBytes 104 Mbits/sec receiver + +iperf Done. +``` + + + +### Test externe: + +```bash +❯ iperf3 -c scaleway.testdebit.info -p 9215 -R -P 4 +Connecting to host scaleway.testdebit.info, port 9215 +Reverse mode, remote host scaleway.testdebit.info is sending +[ 7] local 192.168.2.240 port 60728 connected to 62.210.156.7 port 9215 +[ 9] local 192.168.2.240 port 60729 connected to 62.210.156.7 port 9215 +[ 11] local 192.168.2.240 port 60730 connected to 62.210.156.7 port 9215 +[ 13] local 192.168.2.240 port 60731 connected to 62.210.156.7 port 9215 +[ ID] Interval Transfer Bitrate +[ 7] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec +[ 9] 0.00-1.00 sec 256 KBytes 2.09 Mbits/sec +[ 11] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec +[ 13] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec +[SUM] 0.00-1.00 sec 1.38 MBytes 11.5 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 1.00-2.00 sec 1.88 MBytes 15.8 Mbits/sec +[ 9] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec +[ 11] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec +[ 13] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec +[SUM] 1.00-2.00 sec 5.62 MBytes 47.3 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 2.00-3.00 sec 3.50 MBytes 29.3 Mbits/sec +[ 9] 2.00-3.00 sec 1.88 MBytes 15.7 Mbits/sec +[ 11] 2.00-3.00 sec 2.75 MBytes 23.0 Mbits/sec +[ 13] 2.00-3.00 sec 2.00 MBytes 16.8 Mbits/sec +[SUM] 2.00-3.00 sec 10.1 MBytes 84.8 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 3.00-4.00 sec 3.12 MBytes 26.2 Mbits/sec +[ 9] 3.00-4.00 sec 1.62 MBytes 13.6 Mbits/sec +[ 11] 3.00-4.00 sec 2.62 MBytes 22.0 Mbits/sec +[ 13] 3.00-4.00 sec 1.75 MBytes 14.7 Mbits/sec +[SUM] 3.00-4.00 sec 9.12 MBytes 76.5 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 4.00-5.00 sec 5.25 MBytes 43.9 Mbits/sec +[ 9] 4.00-5.01 sec 3.00 MBytes 25.1 Mbits/sec +[ 11] 4.00-5.01 sec 4.38 MBytes 36.6 Mbits/sec +[ 13] 4.00-5.01 sec 2.88 MBytes 24.1 Mbits/sec +[SUM] 4.00-5.00 sec 15.5 MBytes 130 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 5.00-6.00 sec 5.62 MBytes 47.4 Mbits/sec +[ 9] 5.01-6.00 sec 2.88 MBytes 24.2 Mbits/sec +[ 11] 5.01-6.00 sec 4.25 MBytes 35.8 Mbits/sec +[ 13] 5.01-6.00 sec 3.25 MBytes 27.4 Mbits/sec +[SUM] 5.00-6.00 sec 16.0 MBytes 135 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 6.00-7.00 sec 6.12 MBytes 51.3 Mbits/sec +[ 9] 6.00-7.00 sec 3.38 MBytes 28.3 Mbits/sec +[ 11] 6.00-7.00 sec 4.62 MBytes 38.7 Mbits/sec +[ 13] 6.00-7.00 sec 3.75 MBytes 31.4 Mbits/sec +[SUM] 6.00-7.00 sec 17.9 MBytes 150 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 7.00-8.00 sec 5.62 MBytes 47.3 Mbits/sec +[ 9] 7.00-8.00 sec 3.00 MBytes 25.2 Mbits/sec +[ 11] 7.00-8.00 sec 4.25 MBytes 35.7 Mbits/sec +[ 13] 7.00-8.00 sec 3.75 MBytes 31.5 Mbits/sec +[SUM] 7.00-8.00 sec 16.6 MBytes 140 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 8.00-9.00 sec 4.75 MBytes 39.8 Mbits/sec +[ 9] 8.00-9.00 sec 2.50 MBytes 20.9 Mbits/sec +[ 11] 8.00-9.00 sec 3.75 MBytes 31.4 Mbits/sec +[ 13] 8.00-9.00 sec 3.25 MBytes 27.2 Mbits/sec +[SUM] 8.00-9.00 sec 14.2 MBytes 119 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ 7] 9.00-10.00 sec 4.88 MBytes 40.8 Mbits/sec +[ 9] 9.00-10.00 sec 2.75 MBytes 23.0 Mbits/sec +[ 11] 9.00-10.00 sec 4.12 MBytes 34.6 Mbits/sec +[ 13] 9.00-10.00 sec 3.88 MBytes 32.5 Mbits/sec +[SUM] 9.00-10.00 sec 15.6 MBytes 131 Mbits/sec +- - - - - - - - - - - - - - - - - - - - - - - - - +[ ID] Interval Transfer Bitrate Retr +[ 7] 0.00-10.05 sec 46.7 MBytes 39.0 Mbits/sec 0 sender +[ 7] 0.00-10.00 sec 41.1 MBytes 34.5 Mbits/sec receiver +[ 9] 0.00-10.05 sec 24.9 MBytes 20.8 Mbits/sec 0 sender +[ 9] 0.00-10.00 sec 22.5 MBytes 18.9 Mbits/sec receiver +[ 11] 0.00-10.05 sec 36.0 MBytes 30.1 Mbits/sec 0 sender +[ 11] 0.00-10.00 sec 32.4 MBytes 27.1 Mbits/sec receiver +[ 13] 0.00-10.05 sec 30.0 MBytes 25.1 Mbits/sec 0 sender +[ 13] 0.00-10.00 sec 26.1 MBytes 21.9 Mbits/sec receiver +[SUM] 0.00-10.05 sec 138 MBytes 115 Mbits/sec 0 sender +[SUM] 0.00-10.00 sec 122 MBytes 102 Mbits/sec receiver + +iperf Done. +``` + + + + + +https://aradaff.com/tester-son-reseau/ + diff --git a/docs/Synology/Docker/portainer.md b/docs/Synology/Docker/portainer.md new file mode 100644 index 0000000..ee94c30 --- /dev/null +++ b/docs/Synology/Docker/portainer.md @@ -0,0 +1,34 @@ +# Portainer + + + + + +| Création | docker-run | +| ----------- | ------------------------------------------------ | +| Mise-à-jour | manuelle | +| Port | 9000 | +| Liens | [Github](https://github.com/portainer/portainer) | + + + +### Installation + +https://mariushosting.com/synology-30-second-portainer-install-using-task-scheduler-docker/ + + + +### Mise-à-jour du container Portainer + +https://mariushosting.com/synology-how-to-update-portainer/ + +Dans Container Manager: + +- Onglet Image -> Mise-à-jour disponible -> Mettre à jour +- Onglet Container -> Action -> Démarrer + + + +### Backup configuration + +Portainer -> Settings -> Backup up Portainer -> Download backup \ No newline at end of file diff --git a/docs/Synology/Docker/ports.md b/docs/Synology/Docker/ports.md index 10c9146..4476cfe 100644 --- a/docs/Synology/Docker/ports.md +++ b/docs/Synology/Docker/ports.md @@ -2,21 +2,51 @@ -| | | | -| ------------------------------------------------------------ | --------------------------- | ------ | -| mymediaforalexa | 52050 - 52051 | Docker | -| homebridge | Bridge: 51534
UI: 8581 | Docker | -| Hoobs | Bridge: 51826
UI: 8181 | Docker | -| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | Docker | -| Lychee | 90 | | -| | | | -| | | | -| | | | -| | | | +| | | Passerelle | Adresse IP | | +| ------------------------------------------------------------ | --------------- | ----------- | ------------ | ------------------ | +| | | | | | +| portainer | **8000** / 9000 | 172.17.0.1 | 172.17.0.3 | | +| geoipupdate | | 172.19.0.1 | 172.19.0.2 | | +| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | 192.168.2.1 | 192.168.2.68 | 192.168.2.68 | +| freegeoip | **8080** / 8888 | 172.18.0.1 | 172.18.0.2 | | +| Acme | | 172.17.0.1 | 172.17.0.2 | | +| | | | | | +| wireguard | | 172.20.0.1 | 172.20.0.2 | 192.168.2.68:51820 | +| | | | | | +#### Redémarrer Container Manager: +```bash +systemctl restart pkg-ContainerManager-dockerd +``` + + + +#### Pare-feu: + +- IP: 172.16.0.0 + +- Masque: 255.248.0.0 + +De 172.16.0.0 à 172.23.255.255 + +https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/ + +https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique + + + +#### Liens: + +Créer un utilisateur restreint pour docker: + +https://drfrankenstein.co.uk/step-2-setting-up-a-restricted-docker-user-and-obtaining-ids/ https://mariushosting.com/synology-how-to-update-docker-image/ +https://www.timmertech.io/manage-docker-without-sudo-on-synology/ + +https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am + diff --git a/docs/Synology/Docker/updates.md b/docs/Synology/Docker/updates.md new file mode 100644 index 0000000..c79b66c --- /dev/null +++ b/docs/Synology/Docker/updates.md @@ -0,0 +1,116 @@ +# Mise-à-jour des containers + + + +### Container manager + +##### Onglet Image: + +Notifications pour les images dont: + +- source: hub.docker.com +- tag: Latest ou Nightly + +Cliquer sur 'Update available': l'image est téléchargé et le container mis-à-jour/ + +##### Onglet Projet: + +Si il y a plusieurs containers dans le Projet: + +- sélectionner le Projet -> Action -> Arrêt +- mettre à jour les images +- sélectionner le Projet -> Action -> Créer + + + + + +### Watchtower + + + +| Création | Portainer | +| ----------- | ---------- | +| Mise-à-jour | Watchtower | +| Ports | 8000/9000 | + +https://drfrankenstein.co.uk/watchtower-automated-updates-in-container-manager-on-a-synology-nas/ + +```yaml +version: '2.1' +services: + + watchtower: + image: containrrr/watchtower + container_name: watchtower + hostname: watchtower-nas + network_mode: bridge + environment: + - WATCHTOWER_NOTIFICATIONS=email + - WATCHTOWER_CLEANUP=true + - WATCHTOWER_DEBUG=true + - WATCHTOWER_LABEL_ENABLE=true + - WATCHTOWER_TIMEOUT=30s + - WATCHTOWER_POLL_INTERVAL=300 + - TZ=Europe/Paris + env_file: + - stack.env + labels: + - "com.centurylinklabs.watchtower.enable=true" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /volume1/docker/watchtower/config.json:/root/.docker/config.json + restart: unless-stopped + +``` + +##### Mettre-à-jour seulement les containers spécifiés: + +A ajouter dans le compose de watchtower: + +```yaml +environment: + - WATCHTOWER_LABEL_ENABLE=true +``` + +A ajouter aux containers que l'on souhaite mettre-à-jour: + +```yaml +labels: + - "com.centurylinklabs.watchtower.enable=true" +``` + +##### Uniquement monitorer certains containers: + +A ajouter aux containers que l'on souhaite suivre: + +```yaml +labels: + - "com.centurylinklabs.watchtower.monitor-only=true" +``` + +##### Monitorer et mettre-à-jour seulement certains containers: + +A ajouter dans le compose de watchtower: + +```yaml +environment: + - WATCHTOWER_DISABLE_CONTAINERS=container1,container2 +``` + +https://www.smarthomebeginner.com/watchtower-docker-compose-2024/ + + + +#### Lancer Watchtower manuellement: + +```bash +$ docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once +``` + + + +#### Notifications: + +https://containrrr.dev/watchtower/notifications/ + diff --git a/docs/Synology/dsm7/HomeAssistant.md b/docs/Synology/dsm7/HomeAssistant.md new file mode 100644 index 0000000..41fd51b --- /dev/null +++ b/docs/Synology/dsm7/HomeAssistant.md @@ -0,0 +1,62 @@ +# HomeAssistant + + + + + +### Package SynoCommunity + +Version Core + +[FAQ](https://github.com/SynoCommunity/spksrc/wiki/FAQ-HomeAssistant/) + +#### Editer la configuration + +```bash +sudo nano /var/packages/homeassistant/var/config/configuration.yaml +``` + +#### Voir les logs + +```bash +tail -f /var/packages/homeassistant/var/homeassistant.log +``` + + + +### VMM + + + +#### Erreur '400 Bad Request' + + + +##### /homeassistant/configuration.yaml + +```yaml + +# Loads default set of integrations. Do not remove. +default_config: + +# Load frontend themes from the themes folder +frontend: + themes: !include_dir_merge_named themes + +automation: !include automations.yaml +script: !include scripts.yaml +scene: !include scenes.yaml + +homeassistant: + external_url: "https://home-assistant.photos-nas.ovh" # ne pas indiquer le port + internal_url: "http://192.168.2.21:8123" # adresse locale de HA avec le port + +http: + use_x_forwarded_for: true + trusted_proxies: + - 192.168.2.57 # IP of Synology + ip_ban_enabled: false + +``` + +Sir le NAS diff --git a/docs/Synology/dsm7/Homebridge.md b/docs/Synology/dsm7/Homebridge.md new file mode 100644 index 0000000..d3040c1 --- /dev/null +++ b/docs/Synology/dsm7/Homebridge.md @@ -0,0 +1,11 @@ +# Homebridge + + + +### Wiki + +https://github.com/homebridge/homebridge/wiki/Install-Homebridge-on-Synology-DSM + +### Paquet + +https://github.com/homebridge/homebridge-syno-spk \ No newline at end of file diff --git a/docs/Synology/dsm7/cli-tools.md b/docs/Synology/dsm7/cli-tools.md new file mode 100644 index 0000000..09e7813 --- /dev/null +++ b/docs/Synology/dsm7/cli-tools.md @@ -0,0 +1,38 @@ +# SynoCli Tools + + + +### SynoCli File Tools + +less, tree, ncdu, jdupes, fdupes, rhash, mc (midnight commander), mg (emacs-like text editor), nano, jupp (based on JOE - Joe's Own Editor 3.1), file, detox, pcre2, zstd, lzip, plzip, detox, iconv, dos2unix tools, lsd, bat, eza, rmlint, nnn (n³), micro (editor), fzf (fuzzy finder), rg (ripgrep), fd (fd-find), sd (sed alternative), rnm. + +### bat + +https://github.com/sharkdp/bat + +```bash +$ bat --generate-config-file +Success! Config file written to /var/services/homes/bruno/.config/bat/config +``` + +```bash +$ bat --config-file +/var/services/homes/bruno/.config/bat/config + +$ bat --config-dir +/var/services/homes/bruno/.config/bat +``` + +#### nano + +Coloration syntaxique: https://github.com/scopatz/nanorc/ + +```bash +$ cd ~ +$ mkdir .nano +$ install_path=~/.nano/ +$ git clone https://github.com/scopatz/nanorc.git $install_path + +$ cat $install_path/nanorc >> ~/.nanorc +``` + diff --git a/docs/Synology/dsm7/dsm7.md b/docs/Synology/dsm7/dsm7.md index 2a0c916..0413bb2 100644 --- a/docs/Synology/dsm7/dsm7.md +++ b/docs/Synology/dsm7/dsm7.md @@ -239,6 +239,14 @@ synosystemctl restart nginx +#### Certificat Let's Encrypt + +Si on utilise le certificat pour le domaine synology , il n'y a pas besoin d'ouvrir les ports. + +Pour un domaine, il faut ouvrir le port 80. + + + #### Liens [nginx.md](../nginx.md) @@ -276,3 +284,24 @@ un bat-musl (no description available) ii dans la 1ere colonne: correctement installé + + +#### Synology Photos: + +dossier ~/Photos: Synology Photos -> espace personnel + + + +#### ping + +```bash +$ ping 8.8.8.8 +ping: socket: Operation not permitted +``` + +```bash +$ $ ping 8.8.8.8 +# ou +$ sudo setcap 'cap_net_raw+ep' "$(which ping)" +``` + diff --git a/docs/Synology/dsm7/pare-feu.md b/docs/Synology/dsm7/pare-feu.md new file mode 100644 index 0000000..8f8e4bc --- /dev/null +++ b/docs/Synology/dsm7/pare-feu.md @@ -0,0 +1,51 @@ +### Pare-feu + + + + + +| Règle | IP | Masque | Range | CIDR | Ports | Protocole | Action | +| ------------ | ----------- | --------------- | ------------------------------- | -------------- | --------------------- | --------- | ------ | +| Docker | 172.16.0.0 | 255.240.0.0 | De 172.16.0.0 à 172.23.255.255 | | Tous | Tous | Oui | +| Réseau local | 192.168.2.0 | 255.255.255.128 | De 192.168.2.0 à 192.168.2.127 | 192.168.2.0/25 | Tous | Tous | Oui | +| France | France | | | | Tous | Tous | Oui | +| Reste | | | | | Tous (sauf 80 et 443) | Tous | Non | + + + + + +Depuis le tel: + +| | | | +| ---- | ---------------------- | ---- | +| | https://photos-nas.ovh | OK | +| | | | +| | | | + + + +#### Paquets + +| | Numéro de port | Protocole | +| --------------------- | ------------------------------------------------------------ | --------- | +| Synology Drive Server | 80 (partage de lien), 443 (partage de lien), 5000 (HTTP), 5001 (HTTPS), 6690 (synchronisation/sauvegarde de fichiers) | TCP | +| | | | + + + + + +#### Applications mobiles + +| | Numéro de port | Protocole | +| -------------- | ------------------------- | --------- | +| Synology Drive | 5000 (HTTP), 5001 (HTTPS) | TCP | + + + +#### Liens: + +https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/ + +https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique \ No newline at end of file diff --git a/docs/Synology/dsm7/pcloud.md b/docs/Synology/dsm7/pcloud.md new file mode 100644 index 0000000..25c4ebd --- /dev/null +++ b/docs/Synology/dsm7/pcloud.md @@ -0,0 +1,154 @@ +# Sauvegarde Synlogy NAS sur pCloud avec rClone + + + + + +### Sur le Mac: + +```bash +$ brew install rclone + +``` + +```bash +$ rclone config + +# remote +n) New remote + +Enter name for new remote. +name> pcloud + +Storage> 38 + +Option client_id. +client_id> # vide + +Option client_secret. +client_secret> # vide + +Edit advanced config +y/n> n + +Use web browser to automatically authenticate rclone with remote? +y/n> y + +S'identifier dans la fenêtre pCloud +Options: +- type: pcloud +- hostname: eapi.pcloud.com +- token: {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"} + +Keep this "pcloud" remote ? +y/e/d> y + +# Token modifié +``` + +On récupère le contenu du fichier de config: + +```bash +$ cat .config/rclone/rclone.conf +``` + +``` +[pcloud] +type = pcloud +hostname = eapi.pcloud.com +token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"} + +# Token modifié +``` + + + +### Sur le NAS: + +On installe rclone: + +```bash +bruno@DS923:~$ wget https://rclone.org/install.sh +``` + +```bash +bruno@DS923:~$ sudo ./install.sh +``` + +On crée la config: + +```bash +bruno@DS923:~$ rclone config touch +``` + +puis on l'édite: + +```bash +bruno@DS923:~$ nano .config/rclone/rclone.conf +``` + +et on colle la config crée sur le mac: + +``` +[pcloud] +type = pcloud +hostname = eapi.pcloud.com +token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"} + +# Token modifié +``` + +On teste la configuration: + +```bash +bruno@DS923:~$ rclone lsd pcloud: + -1 2021-05-03 14:16:15 -1 .dotfiles + -1 2023-10-30 07:20:28 -1 Animations + -1 2023-10-30 08:01:50 -1 Automatic Uploadb + -1 2019-07-24 13:40:00 -1 Backups +``` + +et on la sauvegarde: + +```bash +bruno@DS923:~$ cp .config/rclone/rclone.conf /volume1/nas/rclone/rclone.conf +``` + + + +### Synchronisation: + +On synchronise le dossier partagé **docker** dans pCloud: + +Option: + + `--dry-run` pour tester. + +`-P` pour afficher la progression + +```bash +# sudo nécessaire pour le docker Acme + +bruno@DS923:~$ sudo rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*" -P +``` + + + +### Tache planifiée: + +Panneau de configuration -> Planificateur de taches + +Créer > Tâche planifiée > Script défini par l’utilisateur + +```bash +bruno@DS923:~$ rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*" +``` + + + + + + + +https://www.gozen-consulting.com/2023/12/09/comment-sauvegarder-synology-nas-sur-pcloud-avec-rclone/ + diff --git a/docs/Synology/dsm7/php.md b/docs/Synology/dsm7/php.md index 7d3e8b4..63cf4c0 100644 --- a/docs/Synology/dsm7/php.md +++ b/docs/Synology/dsm7/php.md @@ -11,16 +11,18 @@ https://www.synology.com/fr-fr/support/download/DS916+?version=7.0#packages #### Les services **php** actifs: ```bash -$ systemctl | grep PHP - pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process - pkg-WebStation-php74@da937888-3180-4a69-96d6-076b750f2b06.service loaded active running WebStation PHP7.4 fpm process - pkg-WebStation-php74@e32d3cf6-055c-43f0-802d-6b72e9437f42.service loaded active running WebStation PHP7.4 fpm process - pkg-WebStation-php80@746b57c5-03a4-4210-bf14-1d7df30c8b79.service loaded active running WebStation PHP8.0 fpm process - pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit - pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit - PHP7.3.slice loaded active active PHP7.3.slice - PHP7.4.slice loaded active active PHP7.4's slice - PHP8.0.slice loaded active active PHP8.0's slice + $ systemctl | grep PHP + pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process + pkg-WebStation-php80@139939eb-365d-4381-9996-ecf91c4216bc.service loaded active running WebStation PHP8.0 fpm process + pkg-WebStation-php80@4d11e742-c46a-406c-a988-263bfd259fc1.service loaded active running WebStation PHP8.0 fpm process + pkg-WebStation-php82@49b74e5d-1252-4bbb-947e-68a70242310a.service loaded active running WebStation PHP8.2 fpm process + pkg-WebStation-php82@95f7fe6c-5dbc-4f31-9c63-99ef91a6df1e.service loaded active running WebStation PHP8.2 fpm process + pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit + pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit + pkgctl-PHP8.2.service loaded active exited PHP8.2's service unit + PHP7.4.slice loaded active active PHP7.4's slice + PHP8.0.slice loaded active active PHP8.0's slice + PHP8.2.slice loaded active active PHP8.2's slice ``` #### Les services **apache** actifs: @@ -35,12 +37,12 @@ $ systemctl | grep apache #### Redémarrer un service: ```bash -$ sudo systemctl restart pkgctl-PHP8.0.service +$ sudo systemctl restart pkgctl-PHP8.2.service ``` ```bash -$ sudo systemctl stop pkgctl-PHP8.0.service -$ sudo systemctl start pkgctl-PHP8.0.service +$ sudo systemctl stop pkgctl-PHP8.2.service +$ sudo systemctl start pkgctl-PHP8.2.service ``` @@ -78,6 +80,21 @@ $ find / -name php.ini 2>/dev/null /volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini memory_limit = 512M /etc/php/php.ini memory_limit = 512M /volume1/@appstore/PHP8.0/misc/php-fpm.ini <- memory_limit pris en compte par php-info memory_limit = 512M + + +$ find / -name php*.ini 2>/dev/null +/usr/local/etc/php82/cli/php.ini # memory_limit = 128M +/usr/local/etc/php74/cli/php.ini # memory_limit = 128M +/usr/local/etc/php80/cli/php.ini # memory_limit = 128M +/etc/php/php.ini +/etc.defaults/php/php.ini +/volume1/@appstore/PHP8.2/misc/php-fpm.ini # memory_limit = 128M +/volume1/@appstore/PHP8.2/usr/local/etc/php82/cli/php.ini # memory_limit = 128M +/volume1/@appstore/PHP7.4/misc/php-fpm.ini # memory_limit = 128M +/volume1/@appstore/PHP7.4/usr/local/etc/php74/cli/php.ini # memory_limit = 128M +/volume1/@appstore/PHP8.0/misc/php-fpm.ini # memory_limit = 128M +/volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini # memory_limit = 128M + ``` @@ -87,6 +104,7 @@ $ find / -name php.ini 2>/dev/null #### Liste des fichiers de conf: ```bash +# Si modif $ php --ini Configuration File (php.ini) Path: /usr/local/etc/php80/cli @@ -95,6 +113,13 @@ Scan for additional .ini files in: /usr/local/etc/php80/cli/conf.d Additional .ini files parsed: /usr/local/etc/php80/cli/conf.d/extension.ini, /usr/local/etc/php80/cli/conf.d/nextcloud.ini, /usr/local/etc/php80/cli/conf.d/timezone.ini + +# Sinon +$ php --ini +Configuration File (php.ini) Path: /etc/php +Loaded Configuration File: /etc/php/php.ini +Scan for additional .ini files in: (none) +Additional .ini files parsed: (none) ``` @@ -198,18 +223,33 @@ zlib +#### Log: + +```bash +sudo tail -f /volume1/@appdata/PHP8.0/log/php80-fpm.log # alimenté + +sudo tail -f /volume1/@appdata/PHP8.2/log/php80-fpm.log # n'existe pas +``` + +Webstation -> Paramètrers du language de script -> sélectionner un profil -> Coeur -> + +- error_log : /volume1/web/log/php82_error.log +- log_errors : On + + + #### Dossier des modules: `/volume1/@appstore/PHP8.0/usr/local/lib/php80/modules/` -`/volume1/@appstore/PHP7.4/usr/local/lib/php74/modules/` +`/volume1/@appstore/PHP8.2/usr/local/lib/php82/modules/` Les extensions n'apparaissent pas dans les Extensions du profil PHP (Web Station). Il faut éditer `extension_list.json`: ```bash -$ sudo nano /volume1/@appstore/PHP8.0/misc/extension_list.json +$ sudo nano /volume1/@appstore/PHP8.2/misc/extension_list.json "apcu": { "enable_default": true, diff --git a/docs/Synology/dsm7/pi-hole.md b/docs/Synology/dsm7/pi-hole.md new file mode 100644 index 0000000..b093ec9 --- /dev/null +++ b/docs/Synology/dsm7/pi-hole.md @@ -0,0 +1,185 @@ +# pi-hole + + + + + +https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/ + + + +#### 1a. Créer un réseau macvlan: + +```bash +$ sudo docker network create -d macvlan -o parent=ovs_eth0 --subnet=192.168.2.0/24 --gateway=192.168.2.1 --ip-range=192.168.2.68/32 ph_network + +# 192.168.2.68 = IP Pi-hole + +# si VMM est installé: -o parent=ovs_eth0 +# sinon: -o parent=eth0 +``` + +Equivalant yaml: + +```yaml +services: + pihole: + ../.. + networks: + macvlan: + ipv4_address: 192.168.2.68 + restart: always + +networks: + macvlan: + name: ph_network + driver: macvlan + driver_opts: + parent: ovs_eth0 + ipam: + config: + - subnet: "192.168.2.0/24" + ip_range: "192.168.2.254/24" + gateway: "192.168.2.1" +``` + +#### 1b. Bridge + + + +#### 2. docker-compose.yml + +```yaml +version: "3" +# Instructions: https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/ +services: + pihole: + container_name: pihole + image: pihole/pihole:latest + ports: + - "53:53/tcp" + - "53:53/udp" + - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server + - "80:80/tcp" + networks: + - ph_network + environment: + TZ: 'Europe/Paris' + WEBPASSWORD: 'xxxxx' + # Volumes store your data between container upgrades + volumes: + - '/volume1/docker/pihole/pihole:/etc/pihole' + - '/volume1/docker/pihole/dnsmasq.d:/etc/dnsmasq.d' + cap_add: + - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed + restart: unless-stopped +networks: + ph_network: + name: ph_network + external: true +``` + + + +#### 3. Ouvrir et configurer pihole: + +```http +# ip fixée dans le réseau + +http://192.168.2.68/admin/login.php +``` + + + +#### 4a. Régler les DNS dans le routeur: + + - DNS 1: + - DN2 2: 1.1.1.1 + +Tous les appareils utiliseront Pi-hole comme serveur DNS. + +#### 4b. Régler les DNS dans chaque appareil: + + - DNS 1: + - DN2 2: 1.1.1.1 + + + +Si on utilise un macvlan, le DSM ne peut accèder à Pi-hole. Il faut utiliser des DNS externes: + + - DNS 1: 9.9.9.9 (Quad9) + - DN2 2: 1.1.1.1 (Cloudflare) + + + +#### 5. Listes: + +https://www.libhunt.com/topic/pi-hole-blocklists + + + +#### 6. Aller dans le containe pihole: + +```bash +$ sudo docker exec -it pihole bash +``` + +```bash +$ pihole -v +``` + + + +#### 7. Loopback + +Dans Pi-hole, aller à Local DNS -> DNS Records -> Add a new domain/IP combination: + +Ajouter + + + +/volume1/docker/pihole/dnsmasq.d/01-pihole.conf + +```bash +addn-hosts=/etc/pihole/local.list +addn-hosts=/etc/pihole/custom.list + + +localise-queries + + +no-resolv + +log-queries +log-facility=/var/log/pihole/pihole.log + +log-async +cache-size=10000 +server=8.8.8.8 +server=8.8.4.4 +interface=eth0 +``` + +/volume1/docker/pihole/dnsmasq.d/06-rfc6761.conf + +```bash +server=/test/ +server=/localhost/ +server=/invalid/ + + +server=/bind/ +server=/onion/ +``` + + + +#### Liens + +https://marketsplash.com/tutorials/docker/pihole-docker/ + +https://drfrankenstein.co.uk/pi-hole-in-container-manager-on-a-synology-nas/ + +https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/ + +https://github.com/pi-hole/docker-pi-hole \ No newline at end of file diff --git a/docs/Synology/dsm7/snapshot.md b/docs/Synology/dsm7/snapshot.md new file mode 100644 index 0000000..66d068c --- /dev/null +++ b/docs/Synology/dsm7/snapshot.md @@ -0,0 +1,8 @@ +# Snapshot Replication + + + +https://kb.synology.com/fr-fr/DSM/tutorial/Quick_Start_Snapshot_Replication + + + diff --git a/docs/Synology/dsm7/wireguard.md b/docs/Synology/dsm7/wireguard.md new file mode 100644 index 0000000..56229a3 --- /dev/null +++ b/docs/Synology/dsm7/wireguard.md @@ -0,0 +1,108 @@ +# WireGuard + + + +### Installer WireGuard sur le NAS + +https://www.blackvoid.club/wireguard-spk-for-your-synology-nas/ + + + +##### Identifier l'architecture du NAS: + +https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have?ref=blackvoid.club + +| **Model** | **CPU Model** | **Cores** **(each)** | **Threads** **(each)** | **FPU** | **Package Arch** | **RAM** | +| ---------- | --------------- | -------------------- | ---------------------- | ------- | ---------------- | ------------------- | +| **DS923+** | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB | + +Télécharger le paquet (SPK) correspondant à la version courante de DSM (7.2): + +https://www.blackvoid.club/content/files/2023/03/WireGuard-r1000-1.0.20220627.spk + +Installer manuellement le paquet dans le Centre de paquet mais ne pas le lancer. + +Sous DSM 7.2, redémarrer le NAS, puis démarrer WireGuard: + +``` +root@DS923:~# cd /var/packages/WireGuard/scripts + +root@DS923:/var/packages/WireGuard/script +-rwxr-xr-x 1 root root 364 May 3 2022 start +-rwxr-xr-x 1 root root 1664 May 3 2022 start-stop-status + +root@DS923:/var/packages/WireGuard/scripts# /var/packages/WireGuard/scripts/start +WireGuard have been successfully started +``` + +Le NAS supporte enfin WireGuard client et serveur. + + + +### WireGuard Easy + +https://github.com/wg-easy/wg-easy + +https://www.blackvoid.club/wireguard-vpn-for-your-synology-nas/ + +```bash +bruno@DS923:/volume1/docker/wgeasy +-rwxrwxrwx+ 1 bruno users 488 Jan 28 12:24 docker-compose.yml +-rwxrwxrwx+ 1 root root 443 Jan 28 12:26 wg0.conf +-rwxrwxrwx+ 1 root root 195 Jan 28 12:26 wg0.json +``` + + + +##### docker-compose.yml + +```yaml +version: "3.5" + +services: + wgeasy: + image: ghcr.io/wg-easy/wg-easy:latest + network_mode: "bridge" + container_name: wgeasy + ports: + - "51820:51820/udp" + - "51821:51821" + cap_add: + - NET_ADMIN + - SYS_MODULE + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + - net.ipv4.ip_forward=1 + volumes: + - /volume1/docker/wgeasy:/etc/wireguard + environment: + - WG_HOST=photos-nas.ovh + - PASSWORD=xxxxxxxxxxxxxx + restart: always +``` + +- WireGuard VPN server utilise le port UDP 51820 (à ouvrir sur le routeur) + +- L'interface WG-Easy web utilise le port TCP 51821 + + + +```bash +bruno@DS923:/volume1/docker/wgeasy$ sudo docker-compose up -d +``` + +WG-Easy est disponible à http://192.168.2.57:51821, puis: + +- Créer un nouveau client VPN +- Exporter la config ou scanner le QR code + + + + + +https://www.wundertech.net/wg-easy-wireguard-vpn-server/ + +https://github.com/ngoduykhanh/wireguard-ui + +https://www.nas-forum.com/forum/topic/77094-tutodocker-linuxserverwireguard-wireguard-ui/ + diff --git a/docs/Synology/ovh.md b/docs/Synology/ovh.md new file mode 100644 index 0000000..75809eb --- /dev/null +++ b/docs/Synology/ovh.md @@ -0,0 +1,170 @@ +# ovh + + + +### Configuration du domaine chez OVH + + + +Dans l'[espace client OVH](https://www.ovh.com/manager/#/hub), aller à l'onglet **Domaines** -> **DynHost** et cliquer sur **Ajouter un DynHost**. + +Entrer l'IP de la box et le sous-domaine à créer: + + - Sous-domaine: **ds923**.photos-nas.ovh + - IP: 86.209.254.226 + +On a ensuite besoin d'un identifiant pour mettre le sous-domaine à jour. Cliquer sur **Gérer les accès** puis **Créer un identifiant**: + +- Suffixe de l'identifiant: photos-nas.ovh-**wildcard** +- Sous-domaine: **ds923**.photos-nas.ovh +- Mot de passe: + +Vérification: + +```bash +$ nslookup photos-nas.ovh +Server: fe80::b85d:aff:fe58:f764%12 +Address: fe80::b85d:aff:fe58:f764%12#53 + +Non-authoritative answer: +Name: photos-nas.ovh +Address: 213.186.33.5 +``` + +On s'assure de la propoagation des DNS: https://www.whatsmydns.net/ + + + +### Configurer la mise à jour automatique de l'IP + +Sur le NAS, aller dans le **Panneau de configuration** -> **Accès externe** -> onglet **DDNS** et cliquer sur Ajouter. + +- Fournisseur de service: OVH +- Nom d'hôte: ds923.photos-nas.ovh +- Nom d'utilisateur: photos-nas.ovh-wildcard +- Mot de passe: +- Adresse externe: Auto + + + +https://leblogdejerome.com/2018/08/ajouter-un-nas-synology-a-un-dynhost-chez-ovh/ + +https://www.adrienfuret.fr/2015/05/31/nas-synology-ddns-ovh/ + + + +### Création du certificat wildcard Let's Encrypt + +#### Création de la clé d'API chez OVH. + +https://www.ovh.com/auth/api/createToken + +- Application name: wildcard-photos-nas.ovh + +- Application description: wildcard-photos-nas.ovh + +- Validity: Unlimited + +- Rights: + + - GET /domain/zone/ + - GET /domain/zone/{zone DNS}/status + - GET /domain/zone/{zone DNS}/record + - GET /domain/zone/{zone DNS}/record/* + - POST /domain/zone/{zone DNS}/record + - POST /domain/zone/{zone DNS}/refresh + - DELETE /domain/zone/{zone DNS}/record/* + +- Restricted IPs: on rajoute son IP afin qu'en cas de vol des clés, elles ne puissent être exploitées et votre domaine détourné. (NB : Si vous n'avez pas une IP fixe, on passe ce dernier point) + + + + Remplacer {zone DNS} par le domaine (photos-nas.ovh). + + Cliquer sur Create keys. + + + +- Application name: wildcard-photos-nas.ovh + +- Application description: wildcard-photos-nas.ovh + +- Application key: xxxxxxxxxxxxxxxx (16) + +- Application secret: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy (32) + +- Consumer Key: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz (32) + + + +### Reverse Proxy + +Au lieu d'accéder au service Gitea par https//nomdedomaine.fr:8148 (après avoir affecté le port 8148 sur le routeur), on y accède par https://gitea.nomdedomaine.fr sur le port 443 + +#### Sur le routeur: + + on ouvre uniquement les ports: + +- 443 et 80 (renouvellement du certificat) +- 42xxx pour le ssh du NAS + + + +#### Chez OVH: + +On crée un DynHost pour chaque sous-domaine. + +| DynHost | Cible | +| :---------------------------- | ---------- | +| .photos-nas.ovh | IP livebox | +| drive.photos-nas.ovh | | +| ds923.photos-nas.ovh | IP livebox | +| files.photos-nas.ovh | IP livebox | +| gitea.photos-nas.ovh | IP livebox | +| home-assistant.photos-nas.ovh | IP livebox | +| homebridge.photos-nas.ovh | IP livebox | +| photos.photos-nas.ovh | IP livebox | +| portainer.photos-nas.ovh | | +| www.photos-nas.ovh | IP livebox | +| asus.photos-nas.ovh | | +| ds916.photos-nas.ovh | | +| tunes.photos-nas.ovh | IP livebox | + +https://www.ovh.com/manager/#/web/zone/photos-nas.ovh/dynhost + + + +#### Sur le NAS: + +##### Date d'expiration d'un certifcat: + +```bash +# openssl x509 -enddate -noout -in /usr/syno/etc/certificate/system/default/cert.pem +notAfter=Apr 12 18:53:43 2024 GMT +``` + +##### Réglage du pare-feu: + +Ouvrir le port 80 lors du renouvellement: + +```bash +#!/usr/bin/env bash +# ====================================================================================== # +# ===================== Script renew_cert_with_firewall_actions.sh ===================== # +# ====================================================================================== # +/usr/syno/bin/synofirewall --profile-set LetsEncrypt-renew && /usr/syno/bin/synofirewall --reload +/usr/syno/sbin/syno-letsencrypt renew-all +/usr/syno/bin/synofirewall --profile-set custom && /usr/syno/bin/synofirewall --reload +``` + + + +##### Portail des applications de DSM + + + +#### Empêcher les moteurs de recherche d'indexer l'adresse DDNS + +Réseau -> Connectivité -> Cocher Activer l'en-tête "server" dans les réponses HTTP + +En-tête "server" personnalisé : noindex diff --git a/docs/Synology/ports.md b/docs/Synology/ports.md new file mode 100644 index 0000000..661aa6d --- /dev/null +++ b/docs/Synology/ports.md @@ -0,0 +1,159 @@ +# Quels sont les ports réseau utilisés par les services DSM ? + + + +### Utilitaires de configuration + +| Type | Numéro de port | Protocole | +| ------------------ | ---------------- | --------- | +| Synology Assistant | 9999, 9998, 9997 | UDP | + +### Sauvegarde + +| Type | Numéro de port | Protocole | +| ------------------------------------------------------------ | ------------------------------------------------------------ | --------- | +| Active Backup for Business | 5510 (Synology NAS) [1](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-01) | TCP | +| 443 (vCenter Server et hôte ESXi), 902 (hôte ESXi), 445 (SMB pour l'hôte Hyper-V ), 5985 (HTTP pour l'hôte Hyper-V ), 5986 (HTTPS pour l'hôte Hyper-V ) | TCP | | +| Data Replicator, Data Replicator II, Data Replicator III | 9999, 9998, 9997, 137, 138, 139, 445 | TCP | +| DSM 5.2 Data Backup, rsync, Synchro du dossier partagé, Remote Time Backup | 873, 22 (si chiffré via SSH) | TCP | +| Hyper Backup (destination de sauvegarde) | 22 (rsync avec le chiffrement du transfert activé), 873 (rsync sans le chiffrement du transfert), 5005 (WebDAV), 5006 (WebDAV avec HTTPS) | TCP | +| Hyper Backup Vault pour DSM 7.0 et versions ultérieures | 6281, 5000 (HTTP), 5001 (HTTPS) | TCP | +| Hyper Backup Vault pour DSM 6.0 | 6281 | TCP | +| Sauvegarde du LUN | 3260 (iSCSI), 873, 22 (si chiffré via SSH) | TCP | +| Snapshot Replication | 5566 (LUN avancés et dossiers partagés) | TCP | +| 3261 (LUN avancés hérités) | TCP | | + +### Télécharger + +| Type | Numéro de port | Protocole | +| ----- | ------------------------------------------------------------ | --------- | +| BT | Pour DSM 2.0.1 ou une version ultérieure : 16881, Pour DSM 2.0.1-3.0401 ou une version antérieure : 6890-6999 | TCP/ UDP | +| eMule | 4662 | TCP | +| 4672 | UDP | | + +### Applications Web + +| Type | Numéro de port | Protocole | +| ---- | ------------------------- | --------- | +| DSM | 5000 (HTTP), 5001 (HTTPS) | TCP | + +### Service de messagerie + +| Type | Numéro de port | Protocole | +| ---------------- | -------------- | --------- | +| IMAP | 143 | TCP | +| IMAP sur SSL/TLS | 993 | TCP | +| POP3 | 110 | TCP | +| POP3 sur SSL/TLS | 995 | TCP | +| SMTP | 25 | TCP | +| SMTP-SSL | 465 | TCP | +| SMTP-TLS | 587 | TCP | + +### Transfert de fichiers + +| Type | Numéro de port | Protocole | +| ----------------------------- | ------------------------------------------------------------ | --------- | +| AFP | 548 | TCP | +| CIFS/ SMB | smbd : 139 (netbios-ssn), 445 (microsoft-ds) | TCP/ UDP | +| Nmbd : 137, 138 | UDP | | +| FTP, FTP sur SSL, FTP sur TLS | 21 (commande), 20 (connexion de données en mode actif), 1025-65535 (connexion de données en mode passif) [2](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-02) | TCP | +| iSCSI | 3260, 3263, 3265 | TCP | +| NFS | 111, 892, 2049 | TCP/ UDP | +| TFTP | 69 | UDP | +| WebDAV | 5005, 5006 (HTTPS) | TCP | + +### Paquets + +| Type | Numéro de port | Protocole | +| ------------------------------------------------------------ | ------------------------------------------------------------ | --------- | +| Audio Station | 1900 (UDP), 5000 (HTTP), 5001 (HTTPS), 5353 ( service Bonjour ), 6001-6010 (contrôle/synchronisation AirPlay) | TCP/ UDP | +| Serveur Edge C2 Identity | 389 (LDAP), 7712 (HTTP), 8864 | TCP | +| 53 | UDP | | +| Central Management System | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Cluster d' CIFS | 49152-49252 | TCP/ UDP | +| 17909, 17913, 19998, 24007, 24008, 24009-24045, 38465-38501, 4379 | TCP | | +| Cloud Station | 6690 | TCP | +| DHCP Server | 53, 67, 68 | TCP/ UDP | +| DNS Server | 53 (nommé) | TCP/ UDP | +| LDAP Server (anciennement connu sous le nom de Directory Server) | 389 (LDAP), 636 (LDAP avec SSL) | TCP | +| Download Station | 5000 (HTTP), 5001 (HTTPS) | TCP | +| File Station | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Hybrid Share | 50051 (catalogue), 443 (API), 4222 (NATS) | TCP | +| iTunes Server | 3689 | TCP | +| Centre des journaux (serveur syslog ) | 514 (un port supplémentaire peut être ajouté) | TCP/ UDP | +| Logitech® Media Server | 3483, 9002 | TCP | +| MailPlus Server | 1344, 4190, 5000 (HTTP), 5001 (HTTPS), 5252, 8500 - 8520, 8893, 9526 - 9529, 10025, 10465, 10587, 11211, 11332 - 11334, 12340, 24245, 24246 | TCP | +| Client Web MailPlus | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Mail Station | 80 (HTTP), 443 (HTTPS) | TCP | +| Serveur multimédia | 1900 (UPnP), 50001 (navigation du contenu), 50002 (diffusion du contenu) | TCP/ UDP | +| Migration Assistant | 7400-7499 (DRBD), 22 (SSH) [3](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-03) | DRBD | +| Note Station | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Photo Station, Web Station | 80 (HTTP), 443 (HTTPS) | TCP | +| Presto File Server | 3360, 3361 | TCP/ UDP | +| Serveur Proxy | 3128 | TCP | +| RADIUS Server | 1812, 18120 | UDP | +| SMI-S Provider | 5988 (HTTP), 5989 (HTTPS) | TCP | +| Surveillance Station | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology Calendar | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology CardDAV Server | 8008 (HTTP), 8443 (HTTPS) | TCP | +| Synology Chat | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology Contacts | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology Directory Server | 88 (Kerberos), 389 (LDAP), 464 ( changement de mot de passe Kerberos ) | TCP/ UDP | +| 135 (RPC Endpoint Mapper), 636 (LDAP SSL), 1024 (RPC), 3268 (LDAP GC), 3269 (LDAP GC SSL), 49152 (RPC) [4](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-04) , 49300-49320 (RPC) | TCP | | +| Synology Drive Server | 80 (partage de lien), 443 (partage de lien), 5000 (HTTP), 5001 (HTTPS), 6690 (synchronisation/sauvegarde de fichiers) | TCP | +| Synology High Availability (HA) | 123 (NTP), ICMP, 5000 (HTTP), 5001 (HTTPS), 1234, 9997, 9998, 9999 (Synology Assistant), 874, 5405, 5406, 7400-7999 (HA) | TCP/ UDP | +| Synology Moments | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology Photos | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Video Station | 1900 (UDP), 5000 (HTTP), 5001 (HTTPS), 9025-9040, 5002, 5004, 65001 (pour utiliser le tuner réseau HDHomeRun) | TCP/ UDP | +| Virtual Machine Manager | 2379-2382 (réseau de cluster), ICMP, 3260-3265 (iSCSI), 5000 (HTTP), 5001 (HTTPS), 5566 (réplication), 16509, 16514, 30200-30300, 5900-5999 (QEMU), 2385 (Redis Server) | TCP | +| VPN Server (OpenVPN) | 1194 | UDP | +| VPN Server (PPTP) | 1723 | TCP | +| VPN Server (L2TP/IPSec) | 500, 1701, 4500 | UDP | + +### Applications mobiles + +| Type | Numéro de port | Protocole | +| ---------------- | ------------------------- | --------- | +| DS audio | 5000 (HTTP), 5001 (HTTPS) | TCP | +| DS cam | 5000 (HTTP), 5001 (HTTPS) | TCP | +| DS cloud | 6690 | TCP | +| DS file | 5000 (HTTP), 5001 (HTTPS) | TCP | +| DS finder | 5000 (HTTP), 5001 (HTTPS) | TCP | +| DS get | 5000 (HTTP), 5001 (HTTPS) | TCP | +| DS note | 5000 (HTTP), 5001 (HTTPS) | TCP | +| DS photo | 80(HTTP), 443 (HTTPS) | TCP | +| DS video | 5000 (HTTP), 5001 (HTTPS) | TCP | +| MailPlus | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology Drive | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology Moments | 5000 (HTTP), 5001 (HTTPS) | TCP | +| Synology Photos | 5000 (HTTP), 5001 (HTTPS) | TCP | + +### Équipement périphérique + +| Type | Numéro de port | Protocole | +| ---------------------------- | -------------- | --------- | +| Bonjour | 5353 | UDP | +| LPR | 515 | UDP | +| Imprimante réseau (IPP)/CUPS | 631 | TCP | +| Network MFP | 3240-3259 | TCP | +| UPS | 3493 | TCP | + +### Système + +| Type | Numéro de port | Protocole | +| ---------------------------- | ---------------- | --------- | +| LDAP | 389, 636 (SLAPD) | TCP | +| MySQL | 3306 | TCP | +| NTP | 123 | UDP | +| Moniteur de ressources/ SNMP | 161 | TCP/ UDP | +| SSH/SFTP | 22 | TCP | +| Telnet | 23 | TCP | +| WS-Discovery | 3702 | UDP | +| WS-Discovery | 5357 (Nginx) | TCP | + +Remarques : + +1. Pour la destination de sauvegarde des Synology NAS, Hyper-V ou des périphériques physiques Windows/Linux/macOS. +2. La plage par défaut varie en fonction de vos modèles de produits Synology. +3. Pour le service SSH qui s'exécute sur un port personnalisé, assurez-vous que le port est accessible. +4. Seul Synology Directory Server version 4.10.18-0300 nécessite le port 49152. \ No newline at end of file diff --git a/docs/macos/homebrew/brew-deprecated.md b/docs/macos/homebrew/brew-deprecated.md new file mode 100644 index 0000000..cbc50e6 --- /dev/null +++ b/docs/macos/homebrew/brew-deprecated.md @@ -0,0 +1,178 @@ + + +# brew deprecated commands + + + +- switch + + + + + +#### Activer une autre version: + +```bash +$ brew switch +``` + +```bash +bruno@SilverBook:/usr/local/Cellar/terminal-notifier/1.8.0$ brew switch terminal-notifier 1.7.1 + +Cleaning /usr/local/Cellar/terminal-notifier/1.7.1 + +Cleaning /usr/local/Cellar/terminal-notifier/1.8.0 + +1 links created for /usr/local/Cellar/terminal-notifier/1.7.1 +``` + +#### Installer une ancienne version d'une formule: + +Exemple avec [annie](https://github.com/iawia002/annie), un téléchargeur de vidéo. La version courante est la dernière (0.9.6) + +```bash +~ master* +❯ annie -v + +annie: version 0.9.6, A fast, simple and clean video downloader. +``` + + + +```bash +~ master* +❯ cd "$(brew --repo homebrew/core)" +``` + + + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master +❯ git log Formula/annie.rb +commit 377c142a619f2b2563c4c01b06f2560707fa3228 +Author: BrewTestBot +Date: Fri Nov 8 10:23:24 2019 +0000 + + annie: update 0.9.6 bottle. + +commit e3201eb44c3eade6f113f616b67315ae13f5a70b +Author: iawia002 +Date: Fri Nov 8 18:15:49 2019 +0800 + + annie 0.9.6 + + Closes #46491. + + Signed-off-by: Rui Chen + +commit ef762f724ce45afb0007f7d3b96a8f10ceeb3b58 +Author: BrewTestBot +Date: Fri Oct 11 21:56:45 2019 +0000 + + annie: update 0.9.5 bottle. + +commit 249669ab6a53335d85d8973c8e82f182903434ca +Author: BrewTestBot +Date: Tue Aug 13 14:30:19 2019 +0000 + + annie: update 0.9.5 bottle. + +commit 5fa1c6903f84cc22c2cbed751de6125cab4fe214 +Author: iawia002 +Date: Tue Aug 13 22:22:21 2019 +0800 + + annie 0.9.5 + + Closes #43069. + + Signed-off-by: Thierry Moisan + +``` + +Création d'une nouvelle branche pour l'ancienne version: + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master 19s +❯ git checkout -b annie-0.9.5 ef762f724ce45afb0007f7d3b96a8f10ceeb3b58 +Basculement sur la nouvelle branche 'annie-0.9.5' +``` + +Unlink la version courante: + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 +❯ brew unlink annie +Unlinking /usr/local/Cellar/annie/0.9.6... 1 symlinks removed +``` + +Installation de la version 0.9.5: + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 +❯ HOMEBREW_NO_AUTO_UPDATE=1 brew install annie +==> Downloading https://homebrew.bintray.com/bottles/annie-0.9.5.catalina.bottle.tar.gz +==> Downloading from https://akamai.bintray.com/06/06ff55a2834ad01a262b66f181a8c99800157ec0f465f80e0cc3518be7ebd1da?__gda__=exp=1575195423~hmac=edc063962f1a5b12a715444b0f1eff +######################################################################## 100.0% +==> Pouring annie-0.9.5.catalina.bottle.tar.gz +🍺 /usr/local/Cellar/annie/0.9.5: 5 files, 8.6MB +``` + +L'ancienne version 0.9.5 est bien active: + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 +❯ annie -v + +annie: version 0.9.5, A fast, simple and clean video downloader. +``` + +Retour sur la branche 'master' + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 +❯ git checkout master +Basculement sur la branche 'master' +Votre branche est à jour avec 'origin/master'. +``` + +Suppression de l'ancienne branche 0.9.5 + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master +❯ git branch -d annie-0.9.5 +Branche annie-0.9.5 supprimée (précédemment ef762f72). +``` + +Liste des versions installés: + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master +❯ brew list annie --versions +annie 0.9.6 0.9.5 +``` + +Info sur la formule 'annie' + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master +❯ brew info annie +annie: stable 0.9.6 (bottled) +Fast, simple and clean video downloader +https://github.com/iawia002/annie +/usr/local/Cellar/annie/0.9.5 (5 files, 8.6MB) * + Poured from bottle on 2019-12-01 at 11:05:06 +/usr/local/Cellar/annie/0.9.6 (5 files, 8.6MB) + Poured from bottle on 2019-12-01 at 10:57:11 +From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/annie.rb +``` + +Changement de version: + +```bash +/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master +❯ brew switch annie 0.9.6 +Cleaning /usr/local/Cellar/annie/0.9.6 +Cleaning /usr/local/Cellar/annie/0.9.5 +1 links created for /usr/local/Cellar/annie/0.9.6 +``` + diff --git a/docs/macos/homebrew/brew.md b/docs/macos/homebrew/brew.md index 44c99d9..6fc1290 100644 --- a/docs/macos/homebrew/brew.md +++ b/docs/macos/homebrew/brew.md @@ -296,172 +296,36 @@ briss: Crop PDF files diff-pdf: Visually compare two PDF files ``` -#### Activer une autre version: -```bash -$ brew switch -``` -```bash -bruno@SilverBook:/usr/local/Cellar/terminal-notifier/1.8.0$ brew switch terminal-notifier 1.7.1 - -Cleaning /usr/local/Cellar/terminal-notifier/1.7.1 - -Cleaning /usr/local/Cellar/terminal-notifier/1.8.0 - -1 links created for /usr/local/Cellar/terminal-notifier/1.7.1 -``` #### Installer une ancienne version d'une formule: -Exemple avec [annie](https://github.com/iawia002/annie), un téléchargeur de vidéo. La version courante est la dernière (0.9.6) +Exemple avec pipdeptree, outil por vérifier les dépendances python: passer de v 2.17.0 à v 2.16.2 -```bash -~ master* -❯ annie -v +- Aller sur https://github.com/Homebrew/homebrew-core/tree/master/Formula et rechercher la formule de [pipdeptree](https://github.com/Homebrew/homebrew-core/blob/master/Formula/p/pipdeptree.rb). -annie: version 0.9.6, A fast, simple and clean video downloader. -``` +- Cliquer sur [History](https://github.com/Homebrew/homebrew-core/commits/master/Formula/p/pipdeptree.rb) (à droite) +- Cliquer sur **pipdeptree: update 2.16.2 bottle.** +- A droite du bloc de code, cliquer sur les **3 points (...)**, puis sur **View file**. -```bash -~ master* -❯ cd "$(brew --repo homebrew/core)" -``` +- En haut du bloc de code, cliquer sur **Raw**. +- Copier / coller le contenu dans un fichier **pipdeptree.rb** ou `curl https://raw.githubusercontent.com/Homebrew/homebrew-core/df08a167320582bc009f8da3342f3af748651dbf/Formula/p/pipdeptree.rb > pipdeptree.rb` +- Supprimer le package existant: `brew remove pipdeptree` -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master -❯ git log Formula/annie.rb -commit 377c142a619f2b2563c4c01b06f2560707fa3228 -Author: BrewTestBot -Date: Fri Nov 8 10:23:24 2019 +0000 +- Installer pipdeptree en spécifiant la formule nouvellemnt créee: `brew install pipdeptree.rb` - annie: update 0.9.6 bottle. - -commit e3201eb44c3eade6f113f616b67315ae13f5a70b -Author: iawia002 -Date: Fri Nov 8 18:15:49 2019 +0800 - - annie 0.9.6 - - Closes #46491. - - Signed-off-by: Rui Chen - -commit ef762f724ce45afb0007f7d3b96a8f10ceeb3b58 -Author: BrewTestBot -Date: Fri Oct 11 21:56:45 2019 +0000 - - annie: update 0.9.5 bottle. - -commit 249669ab6a53335d85d8973c8e82f182903434ca -Author: BrewTestBot -Date: Tue Aug 13 14:30:19 2019 +0000 - - annie: update 0.9.5 bottle. - -commit 5fa1c6903f84cc22c2cbed751de6125cab4fe214 -Author: iawia002 -Date: Tue Aug 13 22:22:21 2019 +0800 - - annie 0.9.5 - - Closes #43069. - - Signed-off-by: Thierry Moisan - -``` - -Création d'une nouvelle branche pour l'ancienne version: - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master 19s -❯ git checkout -b annie-0.9.5 ef762f724ce45afb0007f7d3b96a8f10ceeb3b58 -Basculement sur la nouvelle branche 'annie-0.9.5' -``` - -Unlink la version courante: - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 -❯ brew unlink annie -Unlinking /usr/local/Cellar/annie/0.9.6... 1 symlinks removed -``` - -Installation de la version 0.9.5: - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 -❯ HOMEBREW_NO_AUTO_UPDATE=1 brew install annie -==> Downloading https://homebrew.bintray.com/bottles/annie-0.9.5.catalina.bottle.tar.gz -==> Downloading from https://akamai.bintray.com/06/06ff55a2834ad01a262b66f181a8c99800157ec0f465f80e0cc3518be7ebd1da?__gda__=exp=1575195423~hmac=edc063962f1a5b12a715444b0f1eff -######################################################################## 100.0% -==> Pouring annie-0.9.5.catalina.bottle.tar.gz -🍺 /usr/local/Cellar/annie/0.9.5: 5 files, 8.6MB -``` - -L'ancienne version 0.9.5 est bien active: - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 -❯ annie -v - -annie: version 0.9.5, A fast, simple and clean video downloader. -``` - -Retour sur la branche 'master' - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5 -❯ git checkout master -Basculement sur la branche 'master' -Votre branche est à jour avec 'origin/master'. -``` - -Suppression de l'ancienne branche 0.9.5 - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master -❯ git branch -d annie-0.9.5 -Branche annie-0.9.5 supprimée (précédemment ef762f72). -``` - -Liste des versions installés: - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master -❯ brew list annie --versions -annie 0.9.6 0.9.5 -``` - -Info sur la formule 'annie' - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master -❯ brew info annie -annie: stable 0.9.6 (bottled) -Fast, simple and clean video downloader -https://github.com/iawia002/annie -/usr/local/Cellar/annie/0.9.5 (5 files, 8.6MB) * - Poured from bottle on 2019-12-01 at 11:05:06 -/usr/local/Cellar/annie/0.9.6 (5 files, 8.6MB) - Poured from bottle on 2019-12-01 at 10:57:11 -From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/annie.rb -``` - -Changement de version: - -```bash -/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master -❯ brew switch annie 0.9.6 -Cleaning /usr/local/Cellar/annie/0.9.6 -Cleaning /usr/local/Cellar/annie/0.9.5 -1 links created for /usr/local/Cellar/annie/0.9.6 -``` +- La version 2.16.2 est installée: + ```bash + $ pipdeptree -v + 2.16.2 + ``` + #### Configurer (arguments) une formule: diff --git a/docs/macos/network.md b/docs/macos/network.md new file mode 100644 index 0000000..4e53455 --- /dev/null +++ b/docs/macos/network.md @@ -0,0 +1,141 @@ +# Network + + + +```bash +$ arp -a +? (192.0.0.2) at 50:ed:3c:1f:98:6 on en0 ifscope permanent [ethernet] +? (239.255.255.250) at 1:0:5e:7f:ff:fa on en0 ifscope permanent [ethernet] +``` + + + +```bash +$ networksetup -listallnetworkservices + +An asterisk (*) denotes that a network service is disabled. +Belkin USB-C LAN +USB 10/100/1000 LAN +Wi-Fi +iPhone USB +Thunderbolt Bridge 2 +Thunderbolt Bridge +DS923 +``` + + + +```bash +$ networksetup -listnetworkserviceorder +An asterisk (*) denotes that a network service is disabled. +(1) Belkin USB-C LAN +(Hardware Port: Belkin USB-C LAN, Device: en5) + +(2) USB 10/100/1000 LAN +(Hardware Port: USB 10/100/1000 LAN, Device: en9) + +(3) Wi-Fi +(Hardware Port: Wi-Fi, Device: en0) + +(4) iPhone USB +(Hardware Port: iPhone USB, Device: en8) + +(5) Thunderbolt Bridge 2 +(Hardware Port: Thunderbolt Bridge, Device: bridge0) + +(6) Thunderbolt Bridge +(Hardware Port: Thunderbolt Bridge, Device: bridge0) + +(7) DS923 +(Hardware Port: com.wireguard.macos, Device: ) +``` + + + +```bash +$ networksetup -getinfo Wi-Fi +DHCP Configuration +IP address: 192.0.0.2 +Subnet mask: (null) +Router: 192.0.0.1 +Client ID: +IPv6: Automatic +IPv6 IP address: none +IPv6 Router: none +Wi-Fi ID: 50:ed:3c:1f:98:06 +``` + + + +```bash +$ networksetup -listallhardwareports | grep -C1 $(route get default | grep interface | awk '{print $2}') +Hardware Port: Wi-Fi +Device: en0 +Ethernet Address: 50:ed:3c:1f:98:06 +``` + +```bash +$ networksetup -listnetworkserviceorder | grep -C1 $(netstat -nr | grep ^default | grep -o "\s\S\+$") +``` + +```bash +$ networksetup -listnetworkserviceorder | grep -C1 en0 +(3) Wi-Fi +(Hardware Port: Wi-Fi, Device: en0) +``` + + + +one way to know which one you are taking to reach the outside is the following line command + +```bash +$ route get default | grep interface + interface: en0 +``` + +```bash +$ route -n get 0.0.0.0 2>/dev/null | awk '/interface: / {print $2}' +en0 +``` + + + +```bash +$ netstat -i + +Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll +lo0 16384 25370 0 25370 0 0 +lo0 16384 127 localhost 25370 - 25370 - - +lo0 16384 localhost ::1 25370 - 25370 - - +lo0 16384 airbook.loc fe80:1::1 25370 - 25370 - - +gif0* 1280 0 0 0 0 0 +stf0* 1280 0 0 0 0 0 +anpi0 1500 de:47:cc:60:98:b6 0 0 0 0 0 +anpi1 1500 de:47:cc:60:98:b7 0 0 0 0 0 +en3 1500 de:47:cc:60:98:96 0 0 0 0 0 +en4 1500 de:47:cc:60:98:97 0 0 0 0 0 +en1 1500 36:6d:60:8b:6d:80 0 0 0 0 0 +en2 1500 36:6d:60:8b:6d:84 0 0 0 0 0 +bridge0 1500 36:6d:60:8b:6d:80 0 0 0 0 0 +ap1 1500 72:ed:3c:1f:98:06 0 0 1108 0 0 +ap1 1500 airbook.loc fe80:c::70ed:3cff 0 - 1108 - - +en0 1500 50:ed:3c:1f:98:06 121 0 49488 0 0 +en0 1500 airbook.loc fe80:d::c7a:c760: 121 - 49488 - - +en0 1500 2a01cb09806 2a01:cb09:806e:28 121 - 49488 - - +en0 1500 2a01cb09806 2a01:cb09:806e:28 121 - 49488 - - +en0 1500 192.0.0.2/32 192.0.0.2 121 - 49488 - - +awdl0 1500 f6:0c:44:f4:ad:f2 0 0 2260 0 0 +awdl0 1500 fe80::f40c: fe80:e::f40c:44ff 0 - 2260 - - +llw0 1500 f6:0c:44:f4:ad:f2 0 0 0 0 0 +llw0 1500 fe80::f40c: fe80:f::f40c:44ff 0 - 0 - - +utun0 1500 0 0 0 0 0 +utun0 1500 airbook.loc fe80:10::4ec3:d09 0 - 0 - - +utun1 1380 0 0 0 0 0 +utun1 1380 airbook.loc fe80:11::98ed:570 0 - 0 - - +utun2 2000 0 0 0 0 0 +utun2 2000 airbook.loc fe80:12::416:ebf1 0 - 0 - - +utun3 1000 0 0 0 0 0 +utun3 1000 airbook.loc fe80:13::ce81:b1c 0 - 0 - - + +``` + diff --git a/docs/macos/terminal/launchd.md b/docs/macos/terminal/launchd.md new file mode 100644 index 0000000..3047b73 --- /dev/null +++ b/docs/macos/terminal/launchd.md @@ -0,0 +1,115 @@ +# Launchd + + + +#### Exécuter un script bash toutes les 5 minutes: + +Copier le script en dehors du dossier Documents + +(sinon erreur 126: `/bin/bash: /Users/bruno/Documents/update-motd.sh: Operation not permitted`) + +Créer une .plist: + +```xml + + + + + Label + com.bruno21.update-motd + ProgramArguments + + sh + -c + ${HOME}/.local/bin/update-motd.sh + + StartCalendarInterval + + + Minute + 0 + + + Minute + 5 + + + Minute + 10 + + + Minute + 15 + + + Minute + 20 + + + Minute + 25 + + + Minute + 30 + + + Minute + 35 + + + Minute + 40 + + + Minute + 45 + + + Minute + 50 + + + Minute + 55 + + + StandardOutPath + /tmp/com.bruno21.update-motd.out + StandardErrorPath + /tmp/com.bruno21.update-motd.err + + +``` + +La copier dans `$HOME/Library/LaunchAgent` + +```bash +cp com.update-motd.plist /Users/bruno/Library/LaunchAgents/ +``` + +puis la charger: + +```bash +launchctl load -w /Users/bruno/Library/LaunchAgents/com.bruno21.update-motd.plist +``` + +Voir si elle est activée: + +```bash +launchctl list | grep .update-motd +- 0 com.bruno21.update-motd +``` + +Pour la retirer: + +```bash +launchctl load -w /Users/bruno/Library/LaunchAgents/com.bruno21.update-motd.plist +``` + + + +https://apple.stackexchange.com/questions/392789/launchctl-plist-has-a-stderr-that-talks-about-how-getcwd-operation-not-permitted?newreg=7f5230c960a74d99b1105a9f66d9cfa2 + +https://rakhesh.com/mac/macos-launchctl-commands/ + diff --git a/docs/macos/webserver/apache_M1.md b/docs/macos/webserver/apache_M1.md index 1ee6bf1..7412faa 100644 --- a/docs/macos/webserver/apache_M1.md +++ b/docs/macos/webserver/apache_M1.md @@ -231,19 +231,22 @@ $ nano /opt/homebrew/etc/httpd/extra/httpd-vhosts.conf ``` + + #### Redirection de port: wiki.js tourne sur localhost:3000 Pour le rendre disponible sur wiki.silverbook.local: -Editer le fichier *httpd.conf* et activer les modules `mod_proxy` et `mod_proxy_http`: +##### Editer le fichier *httpd.conf* et activer les modules `mod_proxy` et `mod_proxy_http`: + ```http LoadModule proxy_module lib/httpd/modules/mod_proxy.so LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so ``` -Editer le fichier *hosts*: +##### Editer le fichier *hosts*: ```bash $ sudo nano /etc/hosts @@ -251,7 +254,7 @@ $ sudo nano /etc/hosts 127.0.0.1 wiki.airbook.local ``` -Editer le fichier *httpd-vhosts.conf*: +##### Editer le fichier *httpd-vhosts.conf*: ```http @@ -260,14 +263,13 @@ Editer le fichier *httpd-vhosts.conf*: ProxyPassReverse / http://localhost:3000/ ProxyPreserveHost On - ``` ### SSL: -Activer SSL dans *httpd.conf* (décocher les lignes): +##### Activer SSL dans *httpd.conf* (décocher les lignes): ```http LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so @@ -291,7 +293,11 @@ Include /usr/local/etc/httpd/extra/httpd-ssl.conf -Ouvrir le fichier *httpd-ssl.conf*: +##### Ouvrir le fichier *httpd-ssl.conf*: + +```bash +$ bbedit /opt/homebrew/etc/httpd/extra/httpd-ssl.conf +``` ```bash # Mac intel @@ -301,13 +307,12 @@ $ nano /usr/local/etc/httpd/extra/httpd-ssl.conf $ nano /opt/homebrew/etc/httpd/extra/httpd-ssl.conf ``` -Remplacer les lignes: +##### Remplacer les lignes: | Original | Modifié | | -------------------------------------- | ----------------------------------- | | `Listen 8443` | `Listen 443` | - et le bloc: ```http @@ -330,13 +335,13 @@ par DocumentRoot "/Users/bruno/Sites" ServerName airbook.local:443 ServerAdmin bruno@clicclac.info -ErrorLog "/opt/homebrew/var/log/httpd/error_log" -TransferLog "/opt/homebrew/var/log/httpd/access_log" +ErrorLog "/opt/homebrew/var/log/httpd/airbook.local-error_log" +TransferLog "/opt/homebrew/var/log/httpd/airbook.local-access_log" ``` -Ouvrir le fichier *httpd-vhosts.conf*: +##### Ouvrir le fichier *httpd-vhosts.conf*: Rajouter ce bloc pour chaque Virtual Host. @@ -347,6 +352,8 @@ Rajouter ce bloc pour chaque Virtual Host. SSLEngine on SSLCertificateFile "/usr/local/etc/httpd/server.crt" SSLCertificateKeyFile "/usr/local/etc/httpd/server.key" + ErrorLog "/opt/homebrew/var/log/httpd/airbook.local-error_log" + CustomLog "/opt/homebrew/var/log/httpd/airbook.local-access_log" common ``` @@ -381,7 +388,7 @@ Installer 2 programmes: $ brew install mkcert nss ``` -Installer le serveur de certificat: +##### Installer le serveur de certificat: ```bash $ mkcert -install @@ -405,41 +412,48 @@ Enter Password or Pin for "NSS Certificate DB": # https://github.com/FiloSottile/mkcert/issues/50 ``` -Créer les dossiers pour les certificats: +##### Créer les dossiers pour les certificats: ```bash $ cd /opt/homebrew/etc/httpd $ mkdir certs && cd certs ``` -Générer les certificats: +##### Générer les certificats (wildcard): ```bash -$ mkcert airbook.local +$ mkcert airbook.local "*.airbook.local" localhost 127.0.0.1 ::1 +$ mkcert airbook.local "*.airbook.local" 192.168.2.39 localhost 127.0.0.1 ::1 Created a new certificate valid for the following names 📜 - "airbook.local" + - "*.airbook.local" + - "localhost" + - "127.0.0.1" + - "::1" -The certificate is at "./airbook.local.pem" and the key at "./airbook.local-key.pem" ✅ +Reminder: X.509 wildcards only go one level deep, so this won't match a.b.airbook.local ℹ️ -It will expire on 18 February 2026 🗓 +The certificate is at "./airbook.local+4.pem" and the key at "./airbook.local+4-key.pem" ✅ + +It will expire on 18 April 2026 🗓 ``` Un certificat et une clé sont créer pour chaque domaine: ```http -/opt/homebrew/etc/httpd/certs/airbook.local.pem -/opt/homebrew/etc/httpd/certs/airbook.local-key.pem +/opt/homebrew/etc/httpd/certs/airbook.local+4.pem +/opt/homebrew/etc/httpd/certs/airbook.local+4-key.pem ``` -Editer le fichier *httpd-ssl.conf* et remplacer les 2 lignes: +##### Editer le fichier *httpd-ssl.conf* et remplacer les 2 lignes: ```http -SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local.pem" -SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local-key.pem" +SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local+4.pem" +SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local+4-key.pem" ``` -Tester la configuration: +##### Tester la configuration: ```bash $ httpd -t @@ -448,7 +462,7 @@ Syntax OK $ apachectl configtest ``` -Redémarrer Apache: +##### Redémarrer Apache: ```bash $ brew services restart httpd @@ -460,15 +474,31 @@ $ brew services restart httpd Editer le fichier *httpd-vhosts.conf*: -Rajouter le bloc suivant +Rajouter le/les bloc(s) suivant ```http + ServerAdmin bruno@clicclac.info DocumentRoot "/Users/bruno/Sites" ServerName airbook.local SSLEngine on - SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local.pem" - SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local-key.pem" + SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local+4.pem" + SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local-key+4.pem" + ErrorLog "/opt/homebrew/var/log/httpd/airbook.local-error_log" + CustomLog "/opt/homebrew/var/log/httpd/airbook.local-access_log" common + +``` + +```http + + ServerAdmin bruno@clicclac.info + DocumentRoot "/Users/bruno/Sites/mbv" + ServerName maboiteverte.airbook.local + SSLEngine on + SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local+4.pem" + SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local+4-key.pem" + ErrorLog "/opt/homebrew/var/log/httpd/mbv.airbook.local-error_log" + CustomLog "/opt/homebrew/var/log/httpd/mbv.airbook.local-access_log" common ``` @@ -501,9 +531,9 @@ Il faut rajouter les lignes suivantes au PHP.ini ```ini [openssl] -openssl.cafile="/usr/local/etc/httpd/server.crt" +openssl.cafile="/opt/homebrew/etc/httpd/certs/airbook.local.pem" -# D'après SSLCertificateFile "/usr/local/etc/httpd/server.crt" du httpd-ssl.conf +# D'après SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local.pem" du httpd-ssl.conf ``` @@ -522,17 +552,19 @@ ErrorDocument 404 /custom_404.html ErrorDocument 500 /custom_50x.html ``` +[:fa-link: https://httpd.apache.org/docs/2.4/fr/custom-error.html](https://httpd.apache.org/docs/2.4/fr/custom-error.html) + ### Messages d'erreur personnalisés multilingues: -Ouvrir le fichier *httpd-ssl.conf* et dé-commenter les lignes suivantes: +Ouvrir le fichier *httpd.conf* et dé-commenter les lignes suivantes: ```http LoadModule include_module lib/httpd/modules/mod_include.so LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so -Include /usr/local/etc/httpd/extra/httpd-multilang-errordoc.conf +Include /opt/homebrew/etc/httpd/extra/httpd-multilang-errordoc.conf ``` @@ -543,13 +575,13 @@ Include /usr/local/etc/httpd/extra/httpd-multilang-errordoc.conf $ brew install homebrew/php/phpmyadmin ``` -Le fichier de configuration se trouve là:`/usr/local/etc/phpmyadmin.config.inc.php` +Le fichier de configuration se trouve là:`/opt/homebrew/etc/phpmyadmin.config.inc.php` Ajouter le bloc qui suit dans le **httpd.conf** ```http - Alias /phpmyadmin /usr/local/share/phpmyadmin - + Alias /phpmyadmin /opt/homebrew/share/phpmyadmin + Options Indexes FollowSymLinks MultiViews AllowOverride All @@ -564,9 +596,7 @@ Ajouter le bloc qui suit dans le **httpd.conf** -### Message d’erreur personnalisé: -[:fa-link: https://httpd.apache.org/docs/2.4/fr/custom-error.html](https://httpd.apache.org/docs/2.4/fr/custom-error.html) @@ -746,6 +776,16 @@ ScriptAlias /cgi-bin/ "/opt/homebrew/var/www/cgi-bin/" +#### Désinstallation + +```bash +$ brew uninstall httpd + +$ rm -rf /opt/homebrew/etc/httpd +``` + + + ### Liens: [:fa-link: https://getgrav.org/blog/macos-bigsur-apache-multiple-php-versions](https://getgrav.org/blog/macos-bigsur-apache-multiple-php-versions) diff --git a/docs/macos/webserver/mod-php.md b/docs/macos/webserver/mod-php.md index 0c78dec..178e03b 100644 --- a/docs/macos/webserver/mod-php.md +++ b/docs/macos/webserver/mod-php.md @@ -130,3 +130,140 @@ $ sphp 7.4 +#### Xdebug + +##### Installation: + +```bash +$ sphp 8.2 +$ pecl uninstall -r xdebug +$ pecl install xdebug +``` + +```bash +$ sphp 8.3 +$ pecl uninstall -r xdebug +$ pecl install xdebug-3.3.0alpha3 +``` + +##### Configuration: + +```bash +$ bbedit /opt/homebrew/etc/php/8.2/conf.d/ext-xdebug.ini +$ bbedit /opt/homebrew/etc/php/8.3/conf.d/ext-xdebug.ini +``` + +```http +[xdebug] +zend_extension="xdebug.so" +xdebug.mode=debug +``` + + + +#### Xdebug Switcher: + +##### Installation: + +```bash +$ curl -L https://gist.githubusercontent.com/rhukster/073a2c1270ccb2c6868e7aced92001cf/raw/c1629293bcf628cd6ded20c201c4ef0a2fa79144/xdebug > /opt/homebrew/bin/xdebug +$ chmod +x /opt/homebrew/bin/xdebug +``` + +```bash +$ xdebug + +Usage: xdebug [--no-server-restart] + +You are running PHP v8.2 with Xdebug enabled + +PHP 8.2.14 (cli) (built: Dec 20 2023 06:28:06) (NTS) +Copyright (c) The PHP Group +Zend Engine v4.2.14, Copyright (c) Zend Technologies + with Zend OPcache v8.2.14, Copyright (c), by Zend Technologies + with Xdebug v3.3.1, Copyright (c) 2002-2023, by Derick Rethans +``` + + + +#### APCu + +##### Installation: + +```bash +$ pecl install apcu +# fatal error: 'pcre2.h' file not found + +$ ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php/ + +ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php/8.3.1/include/php/ext/pcre/pcre2.h + +ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php@8.2/8.2.14/include/php/ext/pcre/pcre2.h +``` + +```bash +$ sphp 8.2 +$ pecl install apcu +``` + +```bash +$ sphp 8.3 +$ pecl uninstall -r apcu +$ pecl install apcu +``` + +##### Configuration: + +```bash +$ bbedit /opt/homebrew/etc/php/8.2/conf.d/ext-apcu.ini +$ bbedit /opt/homebrew/etc/php/8.3/conf.d/ext-apcu.ini +``` + +```http +[apcu] +extension="apcu.so" +apc.enabled=1 +apc.shm_size=64M +apc.ttl=7200 +apc.enable_cli=1 +``` + + + +#### YAML + +Installation: + +```bash +$ brew install libyaml +``` + +```bash +$ sphp 8.2 +$ pecl install yaml + +# Au prompt "Please provide the prefix of libyaml installation [autodetect]", entrer: +# /opt/homebrew/Cellar/libyaml/0.2.5 +``` + +```bash +$ sphp 8.3 +$ pecl uninstall -r yaml +$ pecl install yaml + +# Au prompt "Please provide the prefix of libyaml installation [autodetect]", entrer: +# /opt/homebrew/Cellar/libyaml/0.2.5 +``` + +##### Configuration: + +```bash +$ bbedit /opt/homebrew/etc/php/8.2/conf.d/ext-yaml.ini +$ bbedit /opt/homebrew/etc/php/8.3/conf.d/ext-yaml.ini +``` + +```http +[yaml] +extension="yaml.so" +``` + diff --git a/docs/macos/webserver/redis.md b/docs/macos/webserver/redis.md index eb0f05f..b8da409 100644 --- a/docs/macos/webserver/redis.md +++ b/docs/macos/webserver/redis.md @@ -19,7 +19,7 @@ $ brew services restart redis ### Le fichier de config: ```bash -/opt/homebrew/etc/redis.conf +$ nano /opt/homebrew/etc/redis.conf ``` ### Tester redis: @@ -51,7 +51,7 @@ $ redis-server 30766:M 25 Jul 2022 11:46:58.613 # WARNING: The TCP backlog setting of 511 cannot be enforced because kern.ipc.somaxconn is set to the lower value of 128. 30766:M 25 Jul 2022 11:46:58.613 # Server initialized -30766:M 25 Jul 2022 11:46:58.613 * Ready to accept connections +30766:M 25 Jul 2022 11:46:58.613 * Ready to accept connections tcp ``` diff --git a/mkdocs.yml b/mkdocs.yml index 2d0d4c3..42bef38 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -54,6 +54,7 @@ nav: - Pushd / popd: Linux/pushd-popd.md - I/O Redirections: Linux/redirections.md - ripgrep: Linux/ripgrep.md + - rsync: Linux/rsync.md - SCP: Linux/scp.md - SFTP: Linux/sftp.md - sed: Linux/sed.md @@ -123,6 +124,7 @@ nav: - poetry: macOS/python/poetry.md - Python 3: macOS/python/python3.md - Environnement virtuel: macOS/python/virtuel.md + - Network: macOS/network.md - Ruby: macOS/ruby.md - Rust: macOS/rust.md - Sécurité (Gatekeeper): macOS/securite.md @@ -132,8 +134,10 @@ nav: - Terminal: - alias: macOS/terminal/alias.md - chflags: macOS/terminal/chflags.md + - Commandes: macOS/terminal/commandes.md - Exécuter un script Bash: macOS/terminal/executer_shell_script.md - getfileinfo - setfile: macOS/terminal/getfileinfo_setfile.md + - launchd: macOS/terminal/launchd.md - md5: macOS/terminal/md5.md - mdfind: macOS/terminal/mdfind.md - open: macOS/terminal/open.md @@ -188,9 +192,11 @@ nav: - Ghost: Plesk/Ghost.md - Git: Plesk/git.md - Gitea: Plesk/Gitea.md + - IONOS: Plesk/ionos.md - Joplin: Plesk/joplin.md - Nextcloud: Plesk/nextcloud.md - Nodejs: Plesk/nodejs.md + - Plesk: Plesk/Plesk.md - Programmation: - Python: - Index: Programmation/Python/index.md @@ -220,9 +226,12 @@ nav: - Boot et clone: Raspberry/boot.md - Backup: Raspberry/backup.md - Cloud: Raspberry/cloud.md + - Diet-pi: Raspberry/diet-pi.md + - Envoyer un mail depuis le RPi: Raspberry/send_mail.md - Hardware: Raspberry/hardware.md - Heure: Raspberry/heure.md - Installation sans écran: Raspberry/headless.md + - Mail: Raspberry/mail.md - Matériels: - Liste: Raspberry/materiels/materiels.md - Cameras: Raspberry/materiels/camera.md @@ -230,10 +239,10 @@ nav: - HC-SR501: Raspberry/materiels/HC-SR501.md - Nextcloud: Raspberry/nextcloud.md - Pi Desktop: Raspberry/pi-desktop.md + - Pi-hole: Raspberry/pi-hole.md - Python: Raspberry/python.md - Réseau: Raspberry/reseau.md - Rclone: Raspberry/rclone.md - - Envoyer un mail depuis le RPi: Raspberry/send_mail.md - Services: Raspberry/services.md - SiriControl: Raspberry/siri_control.md - Tools: Raspberry/tools.md @@ -246,8 +255,45 @@ nav: - bash: Synology/bash.md - crontab: Synology/crontab.md - Docker: + - docker-compose: + - changeDetection: Synology/Docker/docker-compose/changeDetection.md + - chibisafe: Synology/Docker/docker-compose/chibisafe.md + - dockge: Synology/Docker/docker-compose/dockge.md + - dockspell: Synology/Docker/docker-compose/docspell.md + - dozzle: Synology/Docker/docker-compose/dozzle.md + - freegeoip: Synology/Docker/docker-compose/freegeoip.md + - glances: Synology/Docker/docker-compose/glances.md + - gokapi: Synology/Docker/docker-compose/gokapi.md + - heimdall: Synology/Docker/docker-compose/heimdall.md + - iGotify: Synology/Docker/docker-compose/igotify.md + - invidious: Synology/Docker/docker-compose/invidious.md + - maptiler: Synology/Docker/docker-compose/maptiler.md + - navidrome: Synology/Docker/docker-compose/navidrome.md + - openstreetmap: Synology/Docker/docker-compose/openstreetmap.md + - paperlessngx: Synology/Docker/docker-compose/paperlessngx.md + - Pi.Alert: Synology/Docker/docker-compose/Pi.Alert.md + - pingvin: Synology/Docker/docker-compose/pingvin.md + - privateBin: Synology/Docker/docker-compose/privatebin.md + - psiTransfer: Synology/Docker/docker-compose/psitransfer.md + - scrutiny: Synology/Docker/docker-compose/scrutiny.md + - seafile: Synology/Docker/docker-compose/seafile.md + - searXNG: Synology/Docker/docker-compose/searXNG.md + - send: Synology/Docker/docker-compose/send.md + - snapdrop: Synology/Docker/docker-compose/snapdrop.md + - snippet-box: Synology/Docker/docker-compose/snippet-box.md + - tautulli: Synology/Docker/docker-compose/tautulli.md + - watchtower: Synology/Docker/docker-compose/watchtower.md + - wgeasy: Synology/Docker/docker-compose/wgeasy.md + - yacy: Synology/Docker/docker-compose/yacy.md + - yatch: Synology/Docker/docker-compose/yatch.md + - Grafana: Synology/Docker/grafana.md + - Index: Synology/Docker/index.md + - iperf3: Synology/Docker/iperf3.md - Joplin: Synology/Docker/joplin.md + - Portainer: Synology/Docker/portainer.md - Ports: Synology/Docker/ports.md + - Updates: Synology/Docker/updates.md + - Wireguard: Synology/Docker/Wireguard.md - DSM 6: - DSM 6: Synology/dsm6/dsm6.md - Gitea: Synology/dsm6/gitea.md @@ -258,15 +304,23 @@ nav: - Services: Synology/dsm6/services.md - DSM 7: - Apache: Synology/dsm7/apache.md + - cli-tools: Synology/dsm7/cli-tools.md - DSM 7: Synology/dsm7/dsm7.md - Gitea: Synology/dsm7/gitea.md + - Home Assistant: Synology/dsm7/HomeAssistant.md + - Homebridge: Synology/dsm7/Homebridge.md - Nextcloud: Synology/dsm7/nextcloud.md - Node: Synology/dsm7/node.md + - Pare-feu: Synology/dsm7/pare-feu.md + - pCloud: Synology/dsm7/pcloud.md - PHP: Synology/dsm7/php.md + - Pi-Hole: Synology/dsm7/pi-hole.md - Piwigo: Synology/dsm7/piwigo.md - Python 3: Synology/dsm7/python.md - Redis: Synology/dsm7/redis.md + - Snapshot: Synology/dsm7/snapshot.md - Webserver (opkg): Synology/dsm7/webserver-opkg.md + - Wireguard: Synology/dsm7/wireguard.md - WordPress: Synology/dsm7/wordpress.md - eadir: Synology/eadir.md - ImageMagick: Synology/ImageMagick.md @@ -275,6 +329,8 @@ nav: - iPKG (DSM5): Synology/opkg/iPKG5.md - iPKG (DSM6): Synology/opkg/iPKG6.md - oPKG: Synology/opkg/oPKG.md + - ovh: Synology/ovh.md + - Ports: Synology/ports.md - Scripts: Synology/scripts.md - Windows: - Index: Windows/index.md @@ -298,22 +354,27 @@ nav: - Personnaliser WSL: Windows/wsl_2.md - Divers: - Index: Divers/index.md - - Adobe: Divers/adobe.md + - Adobe: + - Adobe: Divers/Adobe/adobe.md + - Lightroom: Divers/Adobe/Lightroom.md - Alfred: Divers/alfred.md - bash: - basename: Divers/bash/basename.md - Commandes: Divers/bash/commandes.md + - curl: Divers/bash/curl.md - direnv: Divers/bash/direnv.md - Exemples: Divers/bash/bash_exemples.md - getopts: Divers/bash/getopts.md - HereDoc: Divers/bash/HereDoc.md - image: Divers/bash/image.md - json: Divers/bash/json.md + - Password: Divers/bash/passwords.md - printf: Divers/bash/printf.md - Programmation: Divers/bash/programmation.md - Regular Expression Matching: Divers/bash/rematch.md - Strings: Divers/bash/strings.md - Tableaux: Divers/bash/tableaux.md + - Translate: Divers/bash/translate.md - Variables: Divers/bash/variables.md - batch: - Commades DOS (1): Divers/batch/Commandes_DOS.md @@ -325,10 +386,12 @@ nav: - Docker: - docker: Divers/docker/docker.md - applications: Divers/docker/applications.md + - watchtower: Divers/docker/watchtower.md - dotbare: Divers/dotbare.md - git: - Index: Divers/git/index.md - git: Divers/git/git.md + - Github: Divers/git/github.md - Session de travail avec git: Divers/git/git-session.md - gitea: Divers/git/gitea.md - git-ftp: Divers/git/git-ftp.md @@ -351,10 +414,13 @@ nav: - Papiers Art Texturés: Divers/Permajet/Art_textures.md - Papiers Art Baryta: Divers/Permajet/Baryta.md - Papiers Photo Numérique: Divers/Permajet/Photo_numerique.md - - Plex: Divers/plex.md + - Plex: + - Plex: Divers/plex.md - Réseau: - Reseau: Divers/reseau/reseau.md - - Routeur Asus: Divers/reseau/rt-ac88u.md + - Routeur Asus (Merlin): Divers/reseau/rt-ac88u-merlin.md + - Routeur Asus (openWrt): Divers/reseau/rt-ac88u-openwrt.md + - Routeur Asus ET12: Divers/reseau/et12.md - Sonos: - Index: Divers/Sonos/index.md - One: Divers/Sonos/one.md @@ -478,8 +544,11 @@ extra: - icon: fontawesome/brands/flickr link: https://www.flickr.com/photos/funnymac/ -copyright: Copyright © 2016 - 2023 Bruno Pesenti +copyright: Copyright © 2016 - 2024 Bruno Pesenti site_dir: central_docs dev_addr: '127.0.0.1:8001' + +##### +# pdf-export: DeprecationWarning: A plugin has set File.page to an instance of Page and it got overwritten.