Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Màj 06-04-2024

Browse Source
This commit is contained in:
Bruno21
2024-04-06 09:54:09 +02:00
parent cd8cebe7cb
commit 259b9c6a24
76 changed files with 5126 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
docs/Synology/dsm7/HomeAssistant.md Normal file
View File

@@ -0,0 +1,62 @@
# HomeAssistant
### Package SynoCommunity
Version Core
[FAQ](https://github.com/SynoCommunity/spksrc/wiki/FAQ-HomeAssistant/)
#### Editer la configuration
```bash
sudo nano /var/packages/homeassistant/var/config/configuration.yaml
```
#### Voir les logs
```bash
tail -f /var/packages/homeassistant/var/homeassistant.log
```
### VMM
#### Erreur '400 Bad Request'
##### /homeassistant/configuration.yaml
```yaml
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
homeassistant:
external_url: "https://home-assistant.photos-nas.ovh" # ne pas indiquer le port
internal_url: "http://192.168.2.21:8123" # adresse locale de HA avec le port
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.2.57 # IP of Synology
ip_ban_enabled: false
```
Sir le NAS

11
docs/Synology/dsm7/Homebridge.md Normal file
View File

@@ -0,0 +1,11 @@
# Homebridge
### Wiki
https://github.com/homebridge/homebridge/wiki/Install-Homebridge-on-Synology-DSM
### Paquet
https://github.com/homebridge/homebridge-syno-spk

38
docs/Synology/dsm7/cli-tools.md Normal file
View File

@@ -0,0 +1,38 @@
# SynoCli Tools
### SynoCli File Tools
less, tree, ncdu, jdupes, fdupes, rhash, mc (midnight commander), mg (emacs-like text editor), nano, jupp (based on JOE - Joe's Own Editor 3.1), file, detox, pcre2, zstd, lzip, plzip, detox, iconv, dos2unix tools, lsd, bat, eza, rmlint, nnn (n³), micro (editor), fzf (fuzzy finder), rg (ripgrep), fd (fd-find), sd (sed alternative), rnm.
### bat
https://github.com/sharkdp/bat
```bash
$ bat --generate-config-file
Success! Config file written to /var/services/homes/bruno/.config/bat/config
```
```bash
$ bat --config-file
/var/services/homes/bruno/.config/bat/config
$ bat --config-dir
/var/services/homes/bruno/.config/bat
```
#### nano
Coloration syntaxique: https://github.com/scopatz/nanorc/
```bash
$ cd ~
$ mkdir .nano
$ install_path=~/.nano/
$ git clone https://github.com/scopatz/nanorc.git $install_path
$ cat $install_path/nanorc >> ~/.nanorc
```

29
docs/Synology/dsm7/dsm7.md
View File

@@ -239,6 +239,14 @@ synosystemctl restart nginx
#### Certificat Let's Encrypt
Si on utilise le certificat pour le domaine synology , il n'y a pas besoin d'ouvrir les ports.
Pour un domaine, il faut ouvrir le port 80.
#### Liens
[nginx.md](../nginx.md)
@@ -276,3 +284,24 @@ un bat-musl <none> <none> (no description available)
ii dans la 1ere colonne: correctement installé
#### Synology Photos:
dossier ~/Photos: Synology Photos -> espace personnel
#### ping
```bash
$ ping 8.8.8.8
ping: socket: Operation not permitted
```
```bash
$ $ ping 8.8.8.8
# ou
$ sudo setcap 'cap_net_raw+ep' "$(which ping)"
```

51
docs/Synology/dsm7/pare-feu.md Normal file
View File

@@ -0,0 +1,51 @@
### Pare-feu
| Règle | IP | Masque | Range | CIDR | Ports | Protocole | Action |
| ------------ | ----------- | --------------- | ------------------------------- | -------------- | --------------------- | --------- | ------ |
| Docker | 172.16.0.0 | 255.240.0.0 | De 172.16.0.0 à 172.23.255.255 | | Tous | Tous | Oui |
| Réseau local | 192.168.2.0 | 255.255.255.128 | De 192.168.2.0 à 192.168.2.127 | 192.168.2.0/25 | Tous | Tous | Oui |
| France | France | | | | Tous | Tous | Oui |
| Reste | | | | | Tous (sauf 80 et 443) | Tous | Non |
Depuis le tel:
| | | |
| ---- | ---------------------- | ---- |
| | https://photos-nas.ovh | OK |
| | | |
| | | |
#### Paquets
| | Numéro de port | Protocole |
| --------------------- | ------------------------------------------------------------ | --------- |
| Synology Drive Server | 80 (partage de lien), 443 (partage de lien), 5000 (HTTP), 5001 (HTTPS), 6690 (synchronisation/sauvegarde de fichiers) | TCP |
| | | |
#### Applications mobiles
| | Numéro de port | Protocole |
| -------------- | ------------------------- | --------- |
| Synology Drive | 5000 (HTTP), 5001 (HTTPS) | TCP |
#### Liens:
https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/
https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique

154
docs/Synology/dsm7/pcloud.md Normal file
View File

@@ -0,0 +1,154 @@
# Sauvegarde Synlogy NAS sur pCloud avec rClone
### Sur le Mac:
```bash
$ brew install rclone
```
```bash
$ rclone config
# remote
n) New remote
Enter name for new remote.
name> pcloud
Storage> 38
Option client_id.
client_id> # vide
Option client_secret.
client_secret> # vide
Edit advanced config
y/n> n
Use web browser to automatically authenticate rclone with remote?
y/n> y
S'identifier dans la fenêtre pCloud
Options:
- type: pcloud
- hostname: eapi.pcloud.com
- token: {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
Keep this "pcloud" remote ?
y/e/d> y
# Token modifié
```
On récupère le contenu du fichier de config:
```bash
$ cat .config/rclone/rclone.conf
```
```
[pcloud]
type = pcloud
hostname = eapi.pcloud.com
token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
# Token modifié
```
### Sur le NAS:
On installe rclone:
```bash
bruno@DS923:~$ wget https://rclone.org/install.sh
```
```bash
bruno@DS923:~$ sudo ./install.sh
```
On crée la config:
```bash
bruno@DS923:~$ rclone config touch
```
puis on l'édite:
```bash
bruno@DS923:~$ nano .config/rclone/rclone.conf
```
et on colle la config crée sur le mac:
```
[pcloud]
type = pcloud
hostname = eapi.pcloud.com
token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
# Token modifié
```
On teste la configuration:
```bash
bruno@DS923:~$ rclone lsd pcloud:
-1 2021-05-03 14:16:15 -1 .dotfiles
-1 2023-10-30 07:20:28 -1 Animations
-1 2023-10-30 08:01:50 -1 Automatic Uploadb
-1 2019-07-24 13:40:00 -1 Backups
```
et on la sauvegarde:
```bash
bruno@DS923:~$ cp .config/rclone/rclone.conf /volume1/nas/rclone/rclone.conf
```
### Synchronisation:
On synchronise le dossier partagé **docker** dans pCloud:
Option:
`--dry-run` pour tester.
`-P` pour afficher la progression
```bash
# sudo nécessaire pour le docker Acme
bruno@DS923:~$ sudo rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*" -P
```
### Tache planifiée:
Panneau de configuration -> Planificateur de taches
Créer > Tâche planifiée > Script défini par lutilisateur
```bash
bruno@DS923:~$ rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*"
```
https://www.gozen-consulting.com/2023/12/09/comment-sauvegarder-synology-nas-sur-pcloud-avec-rclone/

70
docs/Synology/dsm7/php.md
View File

@@ -11,16 +11,18 @@ https://www.synology.com/fr-fr/support/download/DS916+?version=7.0#packages
#### Les services **php** actifs:
```bash
$ systemctl | grep PHP
pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php74@da937888-3180-4a69-96d6-076b750f2b06.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php74@e32d3cf6-055c-43f0-802d-6b72e9437f42.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php80@746b57c5-03a4-4210-bf14-1d7df30c8b79.service loaded active running WebStation PHP8.0 fpm process
pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit
pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit
PHP7.3.slice loaded active active PHP7.3.slice
PHP7.4.slice loaded active active PHP7.4's slice
PHP8.0.slice loaded active active PHP8.0's slice
$ systemctl | grep PHP
pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php80@139939eb-365d-4381-9996-ecf91c4216bc.service loaded active running WebStation PHP8.0 fpm process
pkg-WebStation-php80@4d11e742-c46a-406c-a988-263bfd259fc1.service loaded active running WebStation PHP8.0 fpm process
pkg-WebStation-php82@49b74e5d-1252-4bbb-947e-68a70242310a.service loaded active running WebStation PHP8.2 fpm process
pkg-WebStation-php82@95f7fe6c-5dbc-4f31-9c63-99ef91a6df1e.service loaded active running WebStation PHP8.2 fpm process
pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit
pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit
pkgctl-PHP8.2.service loaded active exited PHP8.2's service unit
PHP7.4.slice loaded active active PHP7.4's slice
PHP8.0.slice loaded active active PHP8.0's slice
PHP8.2.slice loaded active active PHP8.2's slice
```
#### Les services **apache** actifs:
@@ -35,12 +37,12 @@ $ systemctl | grep apache
#### Redémarrer un service:
```bash
$ sudo systemctl restart pkgctl-PHP8.0.service
$ sudo systemctl restart pkgctl-PHP8.2.service
```
```bash
$ sudo systemctl stop pkgctl-PHP8.0.service
$ sudo systemctl start pkgctl-PHP8.0.service
$ sudo systemctl stop pkgctl-PHP8.2.service
$ sudo systemctl start pkgctl-PHP8.2.service
```
@@ -78,6 +80,21 @@ $ find / -name php.ini 2>/dev/null
/volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini memory_limit = 512M
/etc/php/php.ini memory_limit = 512M
/volume1/@appstore/PHP8.0/misc/php-fpm.ini <- memory_limit pris en compte par php-info memory_limit = 512M
$ find / -name php*.ini 2>/dev/null
/usr/local/etc/php82/cli/php.ini # memory_limit = 128M
/usr/local/etc/php74/cli/php.ini # memory_limit = 128M
/usr/local/etc/php80/cli/php.ini # memory_limit = 128M
/etc/php/php.ini
/etc.defaults/php/php.ini
/volume1/@appstore/PHP8.2/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP8.2/usr/local/etc/php82/cli/php.ini # memory_limit = 128M
/volume1/@appstore/PHP7.4/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP7.4/usr/local/etc/php74/cli/php.ini # memory_limit = 128M
/volume1/@appstore/PHP8.0/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini # memory_limit = 128M
```
@@ -87,6 +104,7 @@ $ find / -name php.ini 2>/dev/null
#### Liste des fichiers de conf:
```bash
# Si modif
$ php --ini
Configuration File (php.ini) Path: /usr/local/etc/php80/cli
@@ -95,6 +113,13 @@ Scan for additional .ini files in: /usr/local/etc/php80/cli/conf.d
Additional .ini files parsed: /usr/local/etc/php80/cli/conf.d/extension.ini,
/usr/local/etc/php80/cli/conf.d/nextcloud.ini,
/usr/local/etc/php80/cli/conf.d/timezone.ini
# Sinon
$ php --ini
Configuration File (php.ini) Path: /etc/php
Loaded Configuration File: /etc/php/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed: (none)
```
@@ -198,18 +223,33 @@ zlib
#### Log:
```bash
sudo tail -f /volume1/@appdata/PHP8.0/log/php80-fpm.log # alimenté
sudo tail -f /volume1/@appdata/PHP8.2/log/php80-fpm.log # n'existe pas
```
Webstation -> Paramètrers du language de script -> sélectionner un profil -> Coeur ->
- error_log : /volume1/web/log/php82_error.log
- log_errors : On
#### Dossier des modules:
`/volume1/@appstore/PHP8.0/usr/local/lib/php80/modules/`
`/volume1/@appstore/PHP7.4/usr/local/lib/php74/modules/`
`/volume1/@appstore/PHP8.2/usr/local/lib/php82/modules/`
Les extensions n'apparaissent pas dans les <u>Extensions du profil PHP</u> (Web Station). Il faut éditer `extension_list.json`:
```bash
$ sudo nano /volume1/@appstore/PHP8.0/misc/extension_list.json
$ sudo nano /volume1/@appstore/PHP8.2/misc/extension_list.json
"apcu": {
"enable_default": true,

185
docs/Synology/dsm7/pi-hole.md Normal file
View File

@@ -0,0 +1,185 @@
# pi-hole
https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
#### 1a. Créer un réseau macvlan:
```bash
$ sudo docker network create -d macvlan -o parent=ovs_eth0 --subnet=192.168.2.0/24 --gateway=192.168.2.1 --ip-range=192.168.2.68/32 ph_network
# 192.168.2.68 = IP Pi-hole
# si VMM est installé: -o parent=ovs_eth0
# sinon: -o parent=eth0
```
Equivalant yaml:
```yaml
services:
pihole:
../..
networks:
macvlan:
ipv4_address: 192.168.2.68
restart: always
networks:
macvlan:
name: ph_network
driver: macvlan
driver_opts:
parent: ovs_eth0
ipam:
config:
- subnet: "192.168.2.0/24"
ip_range: "192.168.2.254/24"
gateway: "192.168.2.1"
```
#### 1b. Bridge
#### 2. docker-compose.yml
```yaml
version: "3"
# Instructions: https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "80:80/tcp"
networks:
- ph_network
environment:
TZ: 'Europe/Paris'
WEBPASSWORD: 'xxxxx'
# Volumes store your data between container upgrades
volumes:
- '/volume1/docker/pihole/pihole:/etc/pihole'
- '/volume1/docker/pihole/dnsmasq.d:/etc/dnsmasq.d'
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
networks:
ph_network:
name: ph_network
external: true
```
#### 3. Ouvrir et configurer pihole:
```http
# ip fixée dans le réseau
http://192.168.2.68/admin/login.php
```
#### 4a. Régler les DNS dans le routeur:
- DNS 1: <ip pihole>
- DN2 2: 1.1.1.1
Tous les appareils utiliseront Pi-hole comme serveur DNS.
#### 4b. Régler les DNS dans chaque appareil:
- DNS 1: <ip pihole>
- DN2 2: 1.1.1.1
Si on utilise un macvlan, le DSM ne peut accèder à Pi-hole. Il faut utiliser des DNS externes:
- DNS 1: 9.9.9.9 (Quad9)
- DN2 2: 1.1.1.1 (Cloudflare)
#### 5. Listes:
https://www.libhunt.com/topic/pi-hole-blocklists
#### 6. Aller dans le containe pihole:
```bash
$ sudo docker exec -it pihole bash
```
```bash
$ pihole -v
```
#### 7. Loopback
Dans Pi-hole, aller à Local DNS -> DNS Records -> Add a new domain/IP combination:
Ajouter
/volume1/docker/pihole/dnsmasq.d/01-pihole.conf
```bash
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
log-queries
log-facility=/var/log/pihole/pihole.log
log-async
cache-size=10000
server=8.8.8.8
server=8.8.4.4
interface=eth0
```
/volume1/docker/pihole/dnsmasq.d/06-rfc6761.conf
```bash
server=/test/
server=/localhost/
server=/invalid/
server=/bind/
server=/onion/
```
#### Liens
https://marketsplash.com/tutorials/docker/pihole-docker/
https://drfrankenstein.co.uk/pi-hole-in-container-manager-on-a-synology-nas/
https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
https://github.com/pi-hole/docker-pi-hole

8
docs/Synology/dsm7/snapshot.md Normal file
View File

@@ -0,0 +1,8 @@
# Snapshot Replication
https://kb.synology.com/fr-fr/DSM/tutorial/Quick_Start_Snapshot_Replication

108
docs/Synology/dsm7/wireguard.md Normal file
View File

@@ -0,0 +1,108 @@
# WireGuard
### Installer WireGuard sur le NAS
https://www.blackvoid.club/wireguard-spk-for-your-synology-nas/
##### Identifier l'architecture du NAS:
https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have?ref=blackvoid.club
| **Model** | **CPU Model** | **Cores** **(each)** | **Threads** **(each)** | **FPU** | **Package Arch** | **RAM** |
| ---------- | --------------- | -------------------- | ---------------------- | ------- | ---------------- | ------------------- |
| **DS923+** | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB |
Télécharger le paquet (SPK) correspondant à la version courante de DSM (7.2):
https://www.blackvoid.club/content/files/2023/03/WireGuard-r1000-1.0.20220627.spk
Installer manuellement le paquet dans le Centre de paquet <u>mais ne pas le lancer.</u>
Sous DSM 7.2, redémarrer le NAS, puis démarrer WireGuard:
```
root@DS923:~# cd /var/packages/WireGuard/scripts
root@DS923:/var/packages/WireGuard/script
-rwxr-xr-x 1 root root 364 May 3 2022 start
-rwxr-xr-x 1 root root 1664 May 3 2022 start-stop-status
root@DS923:/var/packages/WireGuard/scripts# /var/packages/WireGuard/scripts/start
WireGuard have been successfully started
```
Le NAS supporte enfin WireGuard client et serveur.
### WireGuard Easy
https://github.com/wg-easy/wg-easy
https://www.blackvoid.club/wireguard-vpn-for-your-synology-nas/
```bash
bruno@DS923:/volume1/docker/wgeasy
-rwxrwxrwx+ 1 bruno users 488 Jan 28 12:24 docker-compose.yml
-rwxrwxrwx+ 1 root root 443 Jan 28 12:26 wg0.conf
-rwxrwxrwx+ 1 root root 195 Jan 28 12:26 wg0.json
```
##### docker-compose.yml
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- PASSWORD=xxxxxxxxxxxxxx
restart: always
```
- WireGuard VPN server utilise le port UDP 51820 <u>(à ouvrir sur le routeur)</u>
- L'interface WG-Easy web utilise le port TCP 51821
```bash
bruno@DS923:/volume1/docker/wgeasy$ sudo docker-compose up -d
```
WG-Easy est disponible à http://192.168.2.57:51821, puis:
- Créer un nouveau client VPN
- Exporter la config ou scanner le QR code
https://www.wundertech.net/wg-easy-wireguard-vpn-server/
https://github.com/ngoduykhanh/wireguard-ui
https://www.nas-forum.com/forum/topic/77094-tutodocker-linuxserverwireguard-wireguard-ui/