Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Màj 06-04-2024

Browse Source
This commit is contained in:
Bruno21
2024-04-06 09:54:09 +02:00
parent cd8cebe7cb
commit 259b9c6a24
76 changed files with 5126 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
docs/Divers/Lightroom/Lightroom.md → docs/Divers/Adobe/Lightroom.md
View File

0
docs/Divers/adobe.md → docs/Divers/Adobe/adobe.md
View File

8
docs/Divers/bash/tableaux.md
View File

@@ -349,6 +349,14 @@ $ if [[ -n "${tableau_asso[erable]}" ]]; then echo "Element is present"; else ec
Element is present
```
```bash
$ not_required=("drive" "files" "gitea" "home-assistant" "homebridge" "portainer" "wg" "yatch")
$ dynhost="pihole"
$ if [[ " ${not_required[*]} " != *"$dynhost"* ]]; then echo "$dynhost est absent"; else echo "$dynhost est present"; fi
pihole est absent
```
### Mettre la sortie d'une commande dans un tableau:

26
docs/Divers/docker/docker.md
View File

@@ -172,6 +172,20 @@ d2b481b91f10 portainer/portainer "/portainer" 9 mon
9763d849e8b1 portainer/portainer "/portainer" 9 months ago Exited (255) 9 months ago 0.0.0.0:9000->9000/tcp affectionate_antonelli
```
**Etat d'un container:**
```bash
$ docker inspect -f '{{.State.Status}}' mycontainer
# created : n'a jamais été lancé depuis qu'il a été crée (docker create)
# running : en cours d'exécution (docker start)
# restarting : redémarre (no, on-failure, always, unless-stopped)
# exited : le process a l'intérieur du container est terminé
# paused : les process sont suspendus pour une durée indéterminée (consommation mémoire identique à l'état 'running')
# dead : le container est non fonctionnel. Il ne peut pas être redémarré, mais juste supprimé.
```
**Liste de tous les containers:**
```bash
@@ -257,12 +271,24 @@ $ docker container rm $(docker container ls -aq)
$ sudo docker container ls --format 'table {{.ID}}\t{{.Names}}'
CONTAINER ID NAMES
700a2cd00cba lychee
$ sudo docker container exec 700a2cd00cba hostname
700a2cd00cba
$ sudo docker container exec 700a2cd00cba hostname -I
172.18.0.3
```
**Se connecter en root à un container:**
```bash
$ sudo docker container ls --format 'table {{.ID}}\t{{.Names}}'
CONTAINER ID NAMES
700a2cd00cba lychee
$ sudo docker exec -it 700a2cd00cba bash
```
**Créer et démarrer un container:**
```bash

83
docs/Divers/docker/watchtower.md Normal file
View File

@@ -0,0 +1,83 @@
# Watchtower
#### Full Exclude
Exclure certains containers:
```yaml
# Dans les containers à ignorer:
version: "3"
services:
someimage:
container_name: someimage
labels:
- "com.centurylinklabs.watchtower.enable=false"
```
Inclure certains containers:
```yaml
# docker-compose de watchtower
WATCHTOWER_LABEL_ENABLE
```
```yaml
# Dans les containers à surveiller:
version: "3"
services:
someimage:
container_name: someimage
labels:
- "com.centurylinklabs.watchtower.enable=true"
```
#### Monitor only
Par container:
```yaml
version: "3"
services:
someimage:
container_name: someimage
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
```
Tous les containers:
```yaml
# docker-compose de watchtower
WATCHTOWER_MONITOR_ONLY
```
https://containrrr.dev/watchtower/
https://www.portainer.io/blog/using-env-files-in-stacks-with-portainer
##### Gotify:
```yaml
-e WATCHTOWER_NOTIFICATIONS=gotify \
-e WATCHTOWER_NOTIFICATION_GOTIFY_URL="https://my.gotify.tld/" \
-e WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN="SuperSecretToken" \
-e WATCHTOWER_NOTIFICATION_GOTIFY_TLS_SKIP_VERIFY=true
```

18
docs/Divers/plex.md
View File

@@ -144,7 +144,7 @@ Si WebTools ne fonctionne plus, il faut le [resetter](https://github.com/ukdtom/
guide.xml 100% 2792KB 92.8KB/s 00:30
```
### Logs:
@@ -156,6 +156,22 @@ Pour les logs des plug-ins, aller directement sur le serveur:
### Impossible d'indexer le contenu d'un dossier:
1. In DSM go to "Control Panel > Shared folder:.
2. Select the media folder you want Plex to have access to.
3. Click Edit.
4. Click on the Permissions tab.
5. In the dropdown change "Local users" to System internal user".
6. Find and select the PlexMediaServer user (or Plex user for DSM 6).
7. Tick the Read/Write permission box and click Save (or OK for DSM 6).
### Liens:

30
docs/Divers/reseau/et12.md Normal file
View File

@@ -0,0 +1,30 @@
# Asus ZenWifi Pro ET12
#### Afficher /éteindre les LEDs
AiMesh -> Topologie -> Accueil -> Gestion -> Bouton LED On/Off
Introduction du pare-feu sur le routeur ASUS:
https://www.asus.com/fr/support/FAQ/1013630/
Comment configurer le filtre des services réseaux
https://www.asus.com/fr/support/FAQ/1013636
Comment rendre mon routeur plus sécurisé
https://www.asus.com/fr/support/FAQ/1039292

18
docs/Divers/reseau/reseau.md
View File

@@ -24,6 +24,24 @@ xigmanas.home (192.168.1.250) at 1c:fd:8:70:20:f7 on en0 ifscope [ethernet]
broadcasthost (255.255.255.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
```
### Trouver les devices sur un réseau:
https://www.blackmoreops.com/2015/12/31/use-arp-scan-to-find-hidden-devices-in-your-network/
https://github.com/royhills/arp-scan
https://github.com/royhills/arp-scan/wiki/arp-scan-User-Guide
```bash
$ sudo arp-scan --interface=en0 --localnet
Interface: en0, type: EN10MB, MAC: 50:ed:3c:1f:98:06, IPv4: 192.168.129.54
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
523 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 1.880 seconds (136.17 hosts/sec). 0 responded
```
### nmap:

19
docs/Divers/reseau/rt-ac88u.md → docs/Divers/reseau/rt-ac88u-merlin.md
View File

@@ -1,4 +1,4 @@
# Asus
# Asus RT-AC88U @ Merlin
@@ -183,6 +183,20 @@ sh /jffs/scripts/firewall uninstall
#### Reset usine
1. Éteignez le routeur.
2. Appuyez et maintenez le bouton "WPS" puis allumez le routeur.
3. Le voyant d'alimentation est allumé **(continue à tenir le bouton WPS****).**
4. Relâchez le **bouton WPS** lorsque le voyant d'alimentation commence à clignoter.
5. Le voyant d'alimentation cesse de clignoter et le routeur redémarre automatiquement.
https://www.asus.com/fr/support/FAQ/1039077
Login / password: admin / admin
#### AsusWRT-Merlin
[Forum](https://www.snbforums.com/forums/asuswrt-merlin.42/)
@@ -206,3 +220,6 @@ https://www.snbforums.com/threads/how-to-use-dnsmasq-conf-add.8785/
https://www.henriksommerfeld.se/firmware-update-notifications-for-my-asus-router/

187
docs/Divers/reseau/rt-ac88u-openwrt.md Normal file
View File

@@ -0,0 +1,187 @@
# Asus RT-AC88U @ openWrt
#### Reset usine
1. Éteignez le routeur.
2. Appuyez et maintenez le bouton "WPS" puis allumez le routeur.
3. Le voyant d'alimentation est allumé **(continue à tenir le bouton WPS****).**
4. Relâchez le **bouton WPS** lorsque le voyant d'alimentation commence à clignoter.
5. Le voyant d'alimentation cesse de clignoter et le routeur redémarre automatiquement.
https://www.asus.com/fr/support/FAQ/1039077
Login / password: admin / admin
#### Copier le firmware sur le routeur:
Désactiver le coupe-feu de macOS.
```bash
~/Downloads 3m 59s 18:21:52
tftp 192.168.1.1
tftp> mode binary
tftp> put openwrt-23.05.2-bcm53xx-generic-asus_rt-ac88u-squashfs.trx
Sent 9568256 bytes in 28.7 seconds
```
#### Connexion à OpenWrt:
```bash
root@192.168.1.1's password:
BusyBox v1.36.1 (2023-11-14 13:38:11 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.2, r23630-842932a63d
-----------------------------------------------------
```
#### opkg
```bash
root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/23.05.2/targets/bcm53xx/generic/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
root@OpenWrt:~# opkg find '*nano*'
nano - 7.2-2 - Nano is a small and simple text editor for use on the terminal.
root@OpenWrt:~# opkg install nano
Installing nano (7.2-2) to root...
```
#### Mise-à-jour
```bash
# opkg update && opkg install brcmfmac-firmware-4366b1-pcie
```
#### Infos
```bash
# uname -a
Linux OpenWrt 5.15.137 #0 SMP Tue Nov 14 13:38:11 2023 armv7l GNU/Linux
```
```bash
# cat /etc/os-release
NAME="OpenWrt"
VERSION="23.05.2"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt 23.05.2"
VERSION_ID="23.05.2"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r23630-842932a63d"
OPENWRT_BOARD="bcm53xx/generic"
OPENWRT_ARCH="arm_cortex-a9"
OPENWRT_TAINTS=""
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt 23.05.2 r23630-842932a63d"
```
```bash
# cat /proc/cpuinfo
processor : 0
model name : ARMv7 Processor rev 0 (v7l)
BogoMIPS : 1400.00
Features : half thumb fastmult edsp tls
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x3
CPU part : 0xc09
CPU revision : 0
processor : 1
model name : ARMv7 Processor rev 0 (v7l)
BogoMIPS : 1400.00
Features : half thumb fastmult edsp tls
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x3
CPU part : 0xc09
CPU revision : 0
Hardware : BCM5301X
Revision : 0000
Serial : 0000000000000000
```
### Liens
#### OpenWrt:
- [Table of Hardware](https://openwrt.org/toh/start)
- [Table of Hardware: devices with 16/128MB or more](https://openwrt.org/toh/views/toh_available_16128)
-
- [OpenWrt Support for Asus RT-AC88U](https://forum.openwrt.org/t/openwrt-support-for-asus-rt-ac88u/78635)
- [OpenWrt Wiki](https://openwrt.org/toh/asus/rt-ac88u)
- [Quick start guide for OpenWrt installation](https://openwrt.org/docs/guide-quick-start/start)
- [OpenWrt Factory Install](https://openwrt.org/docs/guide-quick-start/factory_installation)
#### Firmwares:
- [OpenWrt Firmware Selector](https://firmware-selector.openwrt.org/?version=23.05.2&target=bcm53xx%2Fgeneric&id=asus_rt-ac88u) -
- [Archive Firmwares](https://archive.openwrt.org/releases/23.05.2/targets/bcm53xx/generic/)
#### TFTP:
- [Installing openWrt via TFTP](https://openwrt.org/docs/guide-user/installation/generic.flashing.tftp)
- [Setting up a TFTP server for TFTP Recovery/Install](https://openwrt.org/docs/guide-user/troubleshooting/tftpserver)
- [Run a TFTP Server for Network Device Setups](https://rick.cogley.info/post/run-a-tftp-server-on-mac-osx/)
- [TFTP Server for macOS](https://macandegg.com/2022/02/tftp-server-for-macos/)
#### Livebox:
- [[La fibre.info] Remplacement de la Livebox par un routeur Openwrt](https://lafibre.info/remplacer-livebox/remplacement-de-la-livebox-par-un-routeur-openwrt-18-dhcp-v4v6-tv/)
- [[Github] Remplacer une Livebox par un routeur OpenWrt (ipv4,ipv6 & TV)](https://github.com/ubune/openwrt-livebox)
- [[La fibre.info] Index des solutions de remplacement de la Livebox](https://lafibre.info/remplacer-livebox/index-des-solutions-de-remplacement-de-la-livebox/)
#### Divers:
- [SNBForums (Asus)](https://www.snbforums.com/forums/asus-wireless.37/)
- [[La fibre.info] OpenWrt](https://lafibre.info/openwrt/)

15
docs/Linux/rsync.md Normal file
View File

@@ -0,0 +1,15 @@
# rsync
### Copier un fichier sur le serveur:
```bash
rsync -e "ssh" -avz file.sh root@192.168.2.116:/root
# si port ssh # 22
rsync -e "ssh -p 51322" -avz file.sh root@192.168.2.116:/root
```

29
docs/Plesk/index.md
View File

@@ -18,6 +18,35 @@ Certificat wildcard Let's Encrypt
```
Installer node.js mais ne pas l'activer. (sinon erreur Passenger pour WordPress)
#### Test certificat:
https://www.digicert.com/help/
https://tools.letsdebug.net
Autres outils:
https://ssl-config.mozilla.org/
https://observatory.mozilla.org/
#### Installer bat - fd
```bash
apt install fzf bat fd-find
```
```bash
mkdir -p ~/.local/bin
ln -s /usr/bin/batcat ~/.local/bin/bat
ln -s $(which fdfind) ~/.local/bin/fd
```
#### Commande plesk:

46
docs/Plesk/joplin.md
View File

@@ -2,6 +2,22 @@
#### Installer et activer l'extension Docker dans Plesk
#### Installer docker-compose
```bash
# curl -L "https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
```
https://docs.docker.com/compose/
### Serveur Joplin:
https://github.com/laurent22/joplin/blob/dev/packages/server/README.md
@@ -24,7 +40,7 @@ version: '3'
services:
db:
image: postgres:13.1
image: postgres:16
ports:
- "5432:5432"
restart: unless-stopped
@@ -36,7 +52,7 @@ services:
- POSTGRES_USER=joplin
- POSTGRES_DB=joplin
app:
image: joplin/server:2.4.1-beta
image: joplin/server:latest
depends_on:
- db
ports:
@@ -76,11 +92,31 @@ Créer un sous-domaine **joplin.maboiteverte.fr**
Créer une <u>règle de proxy Docker</u>:
- URL: Joplin.maboiteverte.fr/
- Conteneur: Joplin_app_1
- Conteneur: joplin_app_1
- Port: 22300 -> 22300
#### Premier lancement:
Aller sur joplin.maboiteverte.fr. Se connecter avec:
- admin@localhost
- admin
puis changer le mot-de-passe. Créer un 2nd utilisateur.
Si la synchro se passe bien, mais qu'il n'y a rien sur le serveur:
- dans le client, exporter un ficher .JEX puis créer un nouveau profil.
- dans le nouveau profil, importer le fichier .JEX
- dans les réglages, re-parametrer la synchronisation.
- re-lancer la synchronisation.
#### Voir les logs:
```bash
@@ -89,6 +125,10 @@ Password:
Attaching to joplin_app_1, joplin_db_1
app_1 | WARNING: no logs are available with the 'db' log driver
db_1 | WARNING: no logs are available with the 'db' log driver
# Au fil de l'eau...
$ sudo docker container ls
$ sudo docker logs --follow 05850da6082e
```

7
docs/Raspberry/backup_sd.md
View File

@@ -84,3 +84,10 @@ $ sudo dd if=~/raspian_backup.img of=/dev/sdg
Utiliser WinDisk32 sourceforge.net/projects/win32diskimager
# Sous macOS
ApplePi-Baker permet de sauvegarder un carte SD en fichier image, et surtout de shrinker l'image (contracter une SD de 32Go en l'espace réellement utilisésolus)
[ApplePi-Baker v2](https://www.tweaking4all.com/software/macosx-software/applepi-baker-v2/)

97
docs/Raspberry/diet-pi.md Normal file
View File

@@ -0,0 +1,97 @@
# Diet-pi
### Dropbear
```bash
systemctl status dropbear.service
```
Fichier de configuration: `/etc/default/dropbear`
```bash
# The TCP port that Dropbear listens on
DROPBEAR_PORT=51322
```
```bash
systemctl status dropbear.service
● dropbear.service - Lightweight SSH server
Loaded: loaded (/lib/systemd/system/dropbear.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-02-10 09:07:47 GMT; 7s ago
Docs: man:dropbear(8)
Main PID: 3107 (dropbear)
Tasks: 5 (limit: 1069)
CPU: 68ms
CGroup: /system.slice/dropbear.service
├─3060 /usr/sbin/dropbear -EF -p 22 -W 65536 -2 8
├─3061 -bash
├─3107 /usr/sbin/dropbear -EF -p 51322 -W 65536
├─3109 systemctl status dropbear.service
└─3110 "(pager)"
```
```bash
# disallow root login
DROPBEAR_EXTRA_ARGS=“-w -g”
```
#### --help
```bash
Dropbear server v2022.83 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-r keyfile Specify hostkeys (repeatable)
defaults:
- dss /etc/dropbear/dropbear_dss_host_key
- rsa /etc/dropbear/dropbear_rsa_host_key
- ecdsa /etc/dropbear/dropbear_ecdsa_host_key
- ed25519 /etc/dropbear/dropbear_ed25519_host_key
-R Create hostkeys as required
-F Don't fork into background
-e Pass on server process environment to child process
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-G Restrict logins to members of specified group
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins
-t Enable two-factor authentication (both password and public key required)
-T Maximum authentication tries (default 10)
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-c command Force executed command
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /var/run/dropbear.pid)
-i Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 10MB)
-K <keepalive> (0 is never, default 0, in seconds)
-I <idle_timeout> (0 is never, default 0, in seconds)
-z disable QoS
-V Version
```
#### Passwordless:
```bash
cat ~/.ssh/id_rsa.pub | ssh -p65535 root@192.168.12.116 'cat>> ~/.ssh/authorized_keys'
```

33
docs/Raspberry/index.md
View File

@@ -6,23 +6,48 @@
[aptitude](aptitude.md)
[Argon One](Argon-one.md)
[Backup](backup.md)
[Boot et clone](boot.md)
[Cloud](cloud.md)
[Diet-pi](diet-pi.md)
[Envoyer un mail depuis le Raspberry](send_mail.md)
[Hardware](hardware.md)
[Heure](heure.md)
[Installation sans écran](headless.md)
[Mail](mail.md)
[Matériels](materiels/materiels.md)
[Réseau](reseau.md)
[Boot et clone](boot.md)
[Nextcloud](nextcloud.md)
[Pi Desktop](pi-desktop.md)
[Divers](divers.md)
[Pi-hole](pi-hole.md)
[Python](python.md)
[Réseau](reseau.md)
[Pi Desktop](pi-desktop.md)
[Rclone](rclone.md)
[Réseau](reseau.md)
[Services](services.md)
[SiriControl](siri_control.md)
[Tools](tools.md)
[Divers](divers.md)

217
docs/Raspberry/mail.md Normal file
View File

@@ -0,0 +1,217 @@
### Envoyer un mail depuis le Raspberry
Il faut installer **msmtp**:
```bash
# apt install bsd-mailx msmtp msmtp-mta
```
#### Configuration:
https://doc.ubuntu-fr.org/tutoriel/comment_envoyer_un_mail_par_smtp_en_ligne_de_commande
https://wiki.archlinux.org/title/Msmtp
http://www.futurile.net/resources/msmtp-a-simple-mail-transfer-agent/
```bash
nano /etc/msmtprc
```
```bash
#Set default values for all accounts.
defaults
auth login
tls on
tls_starttls off
tls_certcheck on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
#OVH settings
account ovh
host ssl0.ovh.net
#auth login
#tls on
#tls_starttls off
#tls_certcheck on
#tls_trust_file /etc/ssl/certs/ca-certificates.crt
from xxxxxxxxxxx@clicclac.info
port 465
user xxxxxxxxxxx@clicclac.info
password xxxxxxxxxxx
#Orange settings
account orange
host smtp.orange.fr
protocol smtp
#auth login
#tls on
#tls_starttls off
#tls_certcheck on
#tls_trust_file /etc/ssl/certs/ca-certificates.crt
from byyyyyyyyyyyyy@orange.fr
maildomain orange.fr
port 465
user byyyyyyyyyyyyy
password yyyyyyyyyyyyy
#Set a default account
account default : orange
```
on sécurise le fichier de config:
```bash
root@PiHole2:~# chown root:msmtp /etc/msmtprc
root@PiHole2:~# chmod 640 /etc/msmtprc
```
Encrypter `/etc/msmtprc`
https://www.howtoraspberry.com/2021/06/how-to-send-mail-from-a-raspberry-pi/
#### Test:
```bash
root@PiHole2:~# echo "BEEP BEEP" | mailx -s "Subject: This is a test!" bxxxxxxxxxxx@orange.fr
```
nano test.mail
```bash
To: bxxxxxxxxxxx@orange.fr
From: bxxxxxxxxxxx@orange.fr
Subject: Pi-Hole update
Hello there.
version 3
```
```bash
cat test.mail | msmtp --read-envelope-from --read-recipients
cat test.mail | msmtp --account=default --read-envelope-from --read-recipients
```
```
cat /tmp/fichier | mail
```
```
apt install libsecret-tools
```
```bash
gpg --full-generate-key
gpg: /root/.gnupg/trustdb.gpg : base de confiance créée
gpg: répertoire « /root/.gnupg/openpgp-revocs.d » créé
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/75199AB29FD34F8BDEA93ABF97857FE7ED14794A.rev'
les clefs publique et secrète ont été créées et signées.
pub rsa3072 2024-03-02 [SC]
75199AB29FD34F8BDEA93ABF97857FE7ED14794A
uid pihole <liste@clicclac.info>
sub rsa3072 2024-03-02 [E]
```
```bash
# gpg --list-secret-keys --keyid-format LONG
gpg: vérification de la base de confiance
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: profondeur : 0 valables : 1 signées : 0
confiance : 0 i., 0 n.d., 0 j., 0 m., 0 t., 1 u.
/root/.gnupg/pubring.kbx
------------------------
sec rsa3072/97857FE7ED14794A 2024-03-02 [SC]
75199AB29FD34F8BDEA93ABF97857FE7ED14794A
uid [ ultime ] pihole <liste@clicclac.info>
ssb rsa3072/9B43CA525CFA97A6 2024-03-02 [E]
```
https://unix.stackexchange.com/questions/614737/how-to-cache-gpg-key-passphrase-with-gpg-agent-and-keychain-on-debian-10
```bash
# util ou pas ?
~/.gnupg# mv gnu.conf gpg.conf
```
```
keychain --eval --agents gpg pihole
* keychain 2.8.5 ~ http://www.funtoo.org
* Found existing gpg-agent: 238
GPG_AGENT_INFO=/root/.gnupg/S.gpg-agent:238:1; export GPG_AGENT_INFO;
* Adding 1 gpg key(s): pihole
```
```bash
~# apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Avertissement : impossible de trouver un syst?me de fichiers appropri? dans /proc/mounts, est-il mont? ?
Utilisez --subdomainfs pour remplacer.
# apt install apparmor-utils
~# systemctl enable apparmor
Synchronizing state of apparmor.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apparmor
~# systemctl status apparmor
○ apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; preset: enabled)
Active: inactive (dead)
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
~# apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Avertissement : impossible de trouver un syst?me de fichiers appropri? dans /proc/mounts, est-il mont? ?
Utilisez --subdomainfs pour remplacer.
```
https://discourse.pi-hole.net/t/apparmor-reference-in-unbound-guide-clarification-requested/62351/3
```bash
~# gpg --encrypt --output orange.mail.gpg --recipient liste@clicclac.info orange.mail
~# gpg --decrypt --output file.txt orange.mail.gpg
```

187
docs/Raspberry/pi-hole.md Normal file
View File

@@ -0,0 +1,187 @@
# pi-hole & unbound
#### RasbianOS
| **Version** | **Code name** | **Current status** | **Release date** | **End-of-life ([LTS](https://wiki.debian.org/LTS))** |
| ----------- | ------------- | ------------------ | ---------------- | ---------------------------------------------------- |
| 11 | Bullseye | oldstable | 2021-08-14 | 2024-08-14 (2026-08-31) |
| 12 | Bookworm | stable | 2023-06-10 | 2026-06-10 (2028-06-30) |
| 13 | Trixie | testing | 2025-06-?? | 2028-06-?? (2030-06-??) |
##### Installer Pi-Hole et Unbound:
https://www.crosstalksolutions.com/the-worlds-greatest-pi-hole-and-unbound-tutorial-2023/
https://mediacenterz.com/tutoriel-complete-pi-hole-bloqueur-dannonces-pour-toute-la-maison/
##### Installer Gravity Sync:
https://github.com/vmstan/gravity-sync
##### Installer keepalived:
https://davidshomelab.com/pi-hole-failover-with-keepalived/
##### Version de Pi-Hole
```bash
$ pihole -v
Pi-hole version is v5.17.3 (Latest: v5.17.3)
web version is v5.21 (Latest: v5.21)
FTL version is v5.25 (Latest: v5.25.1)
```
##### Mise-à-jour de Pi-Hole:
```bash
$ pihole -up
```
##### Changer le mot de passe de linterface Web PiHole
```bash
$ pihole -a -p
```
##### Liste noire:
- **`pihole -b -l`** Liste des domaines sur la liste noire
- **`pihole -b exemple.com`** Ajouter example.com à la liste noire
- **`pihole -b -d example.com`** Supprimer exemple.com de la liste noire
##### Liste blanche:
- **`pihole -w -l`** Liste des domaines dans la liste blanche
- **`pihole -w exemple.com`** Ajouter example.com à la liste blanche
- **`pihole -w -d example.com`** Supprimer exemple.com de la liste blanche
##### Activer / désactiver Pi-Hole:
- **`pihole enable`** Activer PiHole
- **`pihole disable`** Désactiver PiHole en permanence
- **`pihole disable 10m`** Désactiver PiHole pendant 10 minutes
- **`pihole disable 60s`** Désactiver PiHole pendant 1 min
### Activer la résolution local sur le PiHole (Loopback)
Se connecter sur le Pi-Hole en ssh, puis:
```bash
echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf
```
On crée le fichier `/etc/pihole/lan.list`
```bash
nano /etc/pihole/lan.list
```
que l'on remplit avec les IP/serveurs
```bash
Adresse IP nom de domaine nom du serveur
192.168.1.xx service.nomdedomaine nomduserveur
```
```bash
192.168.2.57 navidrome.photos-nas.ovh navidrome
192.168.2.57 ds923.photos-nas.ovh dsm
192.168.2.57 maloja.photos-nas.ovh maloja
192.168.2.57 photos.photos-nas.ovh photos
192.168.2.57 change.photos-nas.ovh changedetection
192.168.2.57 search.photos-nas.ovh searxng
192.168.2.57 vault.photos-nas.ovh vaultwarten
192.168.2.1 asus.photos-nas.ovh asus
192.168.2.1 www.asusrouter.com et12
192.168.2.116 pihole1.photos-nas.ovh dietpi1
192.168.2.216 pihole2.photos-nas.ovh dietpi2
```
On redémarre le service DNS:
```bash
pihole restartdns
```
https://induste.com/threads/utiliser-un-pihole-pour-creer-une-loopback-orange-bouygues-etc.634410/
### Liens:
https://www.reddit.com/r/pihole/comments/tsperl/comment/i2sr22h/
https://discourse.pi-hole.net/t/pihole-unbound-not-working-as-it-should/51381/12
https://docs.pi-hole.net/guides/dns/unbound/#disable-resolvconf-for-unbound-optional
https://alain-michel.canoprof.fr/eleve/tutoriels/raspberry/utiliser-pi-hole-pour-bloquer-les-pubs/
https://nicolasforcet.com/nettoyer-base-de-donnees-pihole-ftldb-log/
https://nicolasforcet.com/raspberry-pi-limiter-drastiquement-les-logs-et-les-mettre-en-ram-pour-preserver-sa-carte-sd/
Using “sudo nmtui” I was able to change my network settings. I
The Fireborg : The Big Blocklist Collection
https://firebog.net
Gravity Sync:
https://github.com/vmstan/gravity-sync
https://github.com/azlux/log2ram
https://dnscheck.tools
```
vcgencmd get_throttled <-- will give you info on conditions that may have caused throttling.
```
```
Great write up, thanks.
Instead of a firewall rule, blocking all DNS queries except to Pihole, better create a NAT Port Forward rule, so that all DNS queries except router or a Pihole are redirected to the pihole address. Thus DNS resolution will continue working (for allowed domains) even if somebody (or some malicious IoT device) use custom DNS.
I have an OPNsense (pfSense fork) with Unbound installed onboard (192.168.0.1), and a PiHole on another box (192.168.0.100).
All devices by default query DNS from the router (192.168.0.1).
Above mentioned NAT Port Forward rule redirects all DNS queries to the Pihole (192.168.0.100).
Pihole has Unbound on a router as an upstream (192.168.0.1).
SO, unfortunately, there are some networks hops to and fro, but I cant install Pihole on an OPNsense router (its FreeBSD and not Linux).
```
```
Hopefully CrossTalk sees this, but this guide needs to be updated. As of the 10/10/2023 of Debian Bookworm. Debian (and by extension Raspberry Pi OS) does not use dhcpcd as the networking interface. Instead, it uses the more complex/robust NetworkManager. This change can be found in the release notes for RaspberyPi OS here: https://downloads.raspberrypi.com/raspios_lite_arm64/release_notes.txt.
This means that the dhcpcd.conf file will not exist under /etc as the guide suggest. There are ways to use nmcli (the command the interact with NetworkManager) to set a static IP. However, I recommend simply setting up a DHCP reservation using your router. Either way, you cannot set up a static IP using dhcpcd.conf. Hope this helps anyone on their PiHole journey!
```
```
static IP on Bookworm:
credits to https://raspberrypi-guide.github.io/networking/set-up-static-ip-address
So I used nmtui command to set up a static ip on bookworm. Looks like they got rid of dhcpcd by default and are going with NetworkManager.
1. type sudo nmtui so you have the right permissions
2. edit the connection you want
4. change ipv4 config to manual
5. Enter your desired ip address into addresses (with a trailing /24, e.g. 192.168.1.77/24)
6. I put my routers ip in the gateway and DNS fields, and also added a second 8.8.8.8 for DNS
7. Exit out of nmtui
8. reboot and it should work
```

151
docs/Synology/Docker/Wireguard.md Normal file
View File

@@ -0,0 +1,151 @@
# Wireguard
### Installer wireguard sur le NAS:
| Model | CPU Model | Cores (each) | Threads (each) | FPU | Package Arch | RAM |
| :----- | :------------------ | :----------- | :------------- | :--- | :----------- | :------------------ |
| DS923+ | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB |
| DS916+ | Intel Pentium N3710 | 4 | 4 | ✓ | Braswell | DDR3 2GB/8GB |
```bash
sudo docker run --rm --privileged --env PACKAGE_ARCH=r1000 --env DSM_VER=7.2 -v $(pwd):/result_spk synobuild
```
**ne compile pas**
```bash
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
```
### wg-easy
https://github.com/wg-easy/wg-easy
| Création | Portainer (/portainer/compose/29) |
| ----------- | ------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 51820:51821 |
| Volume | /volume1/docker/wgeasy:/etc/wireguard |
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- WG_DEFAULT_DNS=192.168.2.216
restart: always
```
Variable d'enrironnement (dans stack.env)
```yaml
PASSWORD=xxxxxxxxxx
```
##### wg0.conf
```
# Note: Do not edit this file directly.
# Your changes will be overwritten!
# Server
[Interface]
PrivateKey = I5wPTHTxgF[5YyJ@4'Mgwipl+.m=aUB6i[bGAF;p:I|l
Address = 10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown =
# Client: ungoutdepomme (557cb02f-6418-465c-8063-866333011ea0)
[Peer]
PublicKey = )RGRG/Aha{XD{sC)YDg(6[kPOF.yaUO1[)QaFlJZg+-P
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 10.8.0.2/32
# Client: airbook (f75ed225-6a8b-4179-a11a-368aec6d2545)
[Peer]
PublicKey = 4!oI:!t9-V:;TxZ{gfJFXuPkS\v2A6+Ka[36.tP=;ao[
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 10.8.0.3/32
```
##### airbook.conf
```
[Interface]
PrivateKey = -dPlB6Glr9IKBo-q(.5X)7Ad+}YuAe9S3):dBPbFLrWX
Address = 10.8.0.3/24
DNS = 192.168.2.216
[Peer]
PublicKey = wXbLtH/'#-;*6"j1ZQgl?.)VMRqMG@g!U38jvw}3(=Yw
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
##### ungoutdepomme.conf
```
[Interface]
PrivateKey = #Udj:SC,kA0h}MTa7\|as69PV.sS@lpL!'4y34uj?.Z{
Address = 10.8.0.2/24
DNS = 192.168.2.216
[Peer]
PublicKey = ukj!q\:v-70L/Rlr,TJ9];,19,=Uu-1a+O/V|B@OCULq
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
# `#Token modifié`

41
docs/Synology/Docker/docker-compose/Pi.Alert.md Normal file
View File

@@ -0,0 +1,41 @@
# Pi.Alert
| Création | Portainer |
| ----------- | ---------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 17811 |
| Lien | [Github](https://github.com/pucherot/Pi.Alert) |
```yaml
version: "3.9"
services:
pi.alert:
container_name: Pi.Alert
healthcheck:
test: curl -f http://localhost:17811/ || exit 1
mem_limit: 2g
cpu_shares: 768
security_opt:
- no-new-privileges:true
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/pialert/config:/home/pi/pialert/config:rw
- /volume1/docker/pialert/db:/home/pi/pialert/db:rw
- /volume1/docker/pialert/logs:/home/pi/pialert/front/log:rw
environment:
TZ: Europe/Paris
PORT: 17811
HOST_USER_ID: 1026
HOST_USER_GID: 100
network_mode: host
restart: on-failure:5
image: jokobsk/pi.alert:latest
```

26
docs/Synology/Docker/docker-compose/_network.md Normal file
View File

@@ -0,0 +1,26 @@
# network
| | |
| -------------- | ------------------- |
| 172.16.57.0/24 | changeDetection |
| 172.16.58.0/24 | docspell |
| 172.16.59.0/24 | diun / paperlessngx |
| 172.16.60.0/24 | send |
| 172.16.61.0/24 | chibisafe |
| 172.16.62.0/24 | psitransfer |
| 172.16.63.0/24 | pingvin |
| 172.16.64.0/24 | gokapi |
| 172.16.65.0/24 | snippetbox |
| 172.16.66.0/24 | materialious |
| 172.16.67.0/24 | snapdrop |
| 172.16.69.0/24 | seafile |
| 172.16.70.0/24 | kavita |
| | |
| 172.16.72.0/24 | invidious |
| 172.16.73.0/24 | nextcloud |
| 172.16.77.0/24 | maptiler |
| 172.16.78.0/24 | mapserver |
| | |

38
docs/Synology/Docker/docker-compose/changeDetection.md Normal file
View File

@@ -0,0 +1,38 @@
# changeDetection
| Création | dockge |
| ----------- | -------------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 5075 |
| Liens | [Github](https://github.com/dgtlmoon/changedetection.io) |
```yaml
version: '3.2'
services:
changedetection:
image: ghcr.io/dgtlmoon/changedetection.io
container_name: changedetection
hostname: changedetection
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- changedetection-data:/datastore
ports:
- 5075:5000
volumes:
changedetection-data:
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
```

38
docs/Synology/Docker/docker-compose/chibisafe.md Normal file
View File

@@ -0,0 +1,38 @@
# chibisafe
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 24424 |
| Liens | [Github](https://github.com/chibisafe/chibisafe) |
```yaml
version: "3.7"
services:
chibisafe:
image: chibisafe/chibisafe:latest
container_name: chibisafe
volumes:
- /volume1/docker/dockge/stacks/chibisafe/database:/home/node/chibisafe/database:rw
- /volume1/docker/dockge/stacks/chibisafe/uploads:/home/node/chibisafe/uploads:rw
- /volume1/docker/dockge/stacks/chibisafe/logs:/home/node/chibisafe/logs:rw
ports:
- 24424:8000
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: always
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.61.0/24
```

37
docs/Synology/Docker/docker-compose/dockge.md Normal file
View File

@@ -0,0 +1,37 @@
# dockge
| Création | Container Manager (projet) |
| ----------- | -------------------------------------------- |
| Mise-à-jour | - |
| Ports | 5011 |
| Liens | [Github](https://github.com/louislam/dockge) |
```yaml
version: "3.8"
services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
ports:
# Host Port : Container Port
- 5011:5001
volumes:
- /var/run/docker.sock:/var/run/docker.sock
… environment:
# Tell Dockge where is your stacks directory
- DOCKGE_STACKS_DIR=/volume1/docker/dockge/stacks
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.58.0/24
```

125
docs/Synology/Docker/docker-compose/docspell.md Normal file
View File

@@ -0,0 +1,125 @@
# docspell
| Création | Portainer |
| ----------- | --------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8486 |
| Liens | [Docspell](https://docspell.org/) |
```yaml
version: '3.9'
services:
docspell-db:
image: postgres
container_name: Docspell-DB
hostname: docspell-db
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "docspell", "-U", "docspelluser"]
timeout: 45s
interval: 10s
retries: 10
user: 1026:100
volumes:
- /volume1/docker/docspell/db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=docspell
- POSTGRES_USER=docspelluser
- POSTGRES_PASSWORD=docspellpass
restart: always
docspell-solr:
image: solr
command:
- solr-precreate
- docspell
container_name: Docspell-SOLR
hostname: docspell-solr
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8983/solr/docspell/admin/ping"]
interval: 45s
timeout: 10s
retries: 2
start_period: 30s
user: 1026:100
volumes:
- /volume1/docker/docspell/solr:/var/solr
restart: always
restserver:
image: docspell/restserver:latest
container_name: Docspell-RESTSERVER
hostname: docspell-restserver
security_opt:
- no-new-privileges:true
user: 1026:100
ports:
- 8486:7880
environment:
- TZ=Europe/Paris
- DOCSPELL_SERVER_INTERNAL__URL=http://docspell-restserver:7880
- DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET=superdupersecretyeah
- DOCSPELL_SERVER_AUTH_SERVER__SECRET=evenmoresuperdupersecret
- DOCSPELL_SERVER_BACKEND_JDBC_PASSWORD=docspellpass
- DOCSPELL_SERVER_BACKEND_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell
- DOCSPELL_SERVER_BACKEND_JDBC_USER=docspelluser
- DOCSPELL_SERVER_BIND_ADDRESS=0.0.0.0
- DOCSPELL_SERVER_FULL__TEXT__SEARCH_ENABLED=true
- DOCSPELL_SERVER_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_ENABLED=true
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_ENABLED=true
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_HEADER__VALUE=superduperpassword123
- DOCSPELL_SERVER_BACKEND_SIGNUP_MODE=open
- DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD=
- DOCSPELL_SERVER_BACKEND_ADDONS_ENABLED=false
restart: always
depends_on:
docspell-db:
condition: service_started
docspell-solr:
condition: service_healthy
joex:
image: docspell/joex:latest
container_name: Docspell-JOEX
hostname: docspell-joex
security_opt:
- no-new-privileges:true
user: 1026:100
environment:
- TZ=Europe/Paris
- DOCSPELL_JOEX_APP__ID=joex1
- DOCSPELL_JOEX_PERIODIC__SCHEDULER_NAME=joex1
- DOCSPELL_JOEX_SCHEDULER_NAME=joex1
- DOCSPELL_JOEX_BASE__URL=http://docspell-joex:7878
- DOCSPELL_JOEX_BIND_ADDRESS=0.0.0.0
- DOCSPELL_JOEX_FULL__TEXT__SEARCH_ENABLED=true
- DOCSPELL_JOEX_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell
- DOCSPELL_JOEX_JDBC_PASSWORD=docspellpass
- DOCSPELL_JOEX_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell
- DOCSPELL_JOEX_JDBC_USER=docspelluser
- DOCSPELL_JOEX_ADDONS_EXECUTOR__CONFIG_RUNNER=docker,trivial
- DOCSPELL_JOEX_CONVERT_HTML__CONVERTER=weasyprint
restart: always
depends_on:
docspell-db:
condition: service_started
docspell-solr:
condition: service_healthy
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.58.0/24
```

36
docs/Synology/Docker/docker-compose/dozzle.md Normal file
View File

@@ -0,0 +1,36 @@
# dozzle
| Création | Portainer |
| ----------- | ------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 9999 |
| Liens | [Github](https://github.com/amir20/dozzle) |
```yaml
name: dozzle
services:
dozzle:
container_name: dozzle
ports:
- 9999:8080
environment:
- PUID=1026
- PGID=100
- TZ=Europe/Paris
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
image: amir20/dozzle:latest
```

30
docs/Synology/Docker/docker-compose/freegeoip.md Normal file
View File

@@ -0,0 +1,30 @@
# freegeoip
| Création | dockge |
| ----------- | -------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8080 / 8888 |
| Liens | [Github](https://github.com/t0mer/freegeoip) |
```yaml
version: "2.1"
services:
freegeoip:
image: techblog/freegeoip
container_name: freegeoip
ports:
- 8080:8080
- 8888:8888
labels:
- com.centurylinklabs.watchtower.enable=true
restart: always
networks: {}
```

65
docs/Synology/Docker/docker-compose/glances.md Normal file
View File

@@ -0,0 +1,65 @@
# glances
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 61208 |
| Liens | [Github](https://github.com/nicolargo/glances)<br />[Docker](https://github.com/nicolargo/glances/blob/develop/docs/docker.rst) |
```yaml
version: "3.9"
services:
glances:
container_name: Glances
image: nicolargo/glances:latest-full
healthcheck:
test: curl -f http://localhost:61208/ || exit 1
mem_limit: 4g
cpu_shares: 768
security_opt:
- no-new-privileges:true
pid: host
privileged: true
network_mode: host
restart: on-failure:5
ports:
- 61208:61208
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
GLANCES_OPT: -w
```
By default, the /etc/glances/glances.conf file is used (based on docker-compose/glances.conf).
Additionally, if you want to use your own glances.conf file, you can create your own Dockerfile:
```
FROM nicolargo/glances:latest
COPY glances.conf /root/.config/glances/glances.conf
CMD python -m glances -C /root/.config/glances/glances.conf $GLANCES_OPT
```
Alternatively, you can specify something along the same lines with docker run options (notice the GLANCES_OPT environment variable setting parameters for the glances startup command):
```
docker run -e TZ="${TZ}" -v `pwd`/glances.conf:/root/.config/glances/glances.conf -v /var/run/docker.sock:/var/run/docker.sock:ro -v /run/user/1000/podman/podman.sock:/run/user/1000/podman/podman.sock:ro --pid host -e GLANCES_OPT="-C /root/.config/glances/glances.conf" -it nicolargo/glances:latest-full
```
Where `pwd`/glances.conf is a local directory containing your glances.conf file.
glances.conf
https://github.com/nicolargo/glances/blob/develop/conf/glances.conf

37
docs/Synology/Docker/docker-compose/gokapi.md Normal file
View File

@@ -0,0 +1,37 @@
# gokapi
| Création | dockge |
| ----------- | ------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 53842 |
| Liens | [Github](https://github.com/Forceu/Gokapi) |
```yaml
version: "3.7"
services:
gokapi:
container_name: gokapi
volumes:
- /volume1/docker/dockge/stacks/gokapi/data:/app/data
- /volume1/docker/dockge/stacks/gokapi/config:/app/config
ports:
- 53842:53842
labels:
- "com.centurylinklabs.watchtower.enable=true"
image: f0rc3/gokapi:latest
restart: always
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.64.0/24
```

36
docs/Synology/Docker/docker-compose/heimdall.md Normal file
View File

@@ -0,0 +1,36 @@
# Heimdall
| Création | dockge |
| ----------- | ---------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8056 |
| Liens | [Heimdall](https://heimdall.site/) |
```yaml
name: heimdall
services:
heimdall:
container_name: heimdall
ports:
- 8056:80
- 7543:443
environment:
- PUID=1026
- PGID=100
- TZ=Europe/Paris
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/heimdall:/config
restart: always
image: ghcr.io/linuxserver/heimdall
networks: {}
```

68
docs/Synology/Docker/docker-compose/igotify.md Normal file
View File

@@ -0,0 +1,68 @@
# igotify
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 8680 |
| Liens | [Github](https://github.com/androidseb25/iGotify-Notification-Assistent)<br />[Gotify](https://gotify.net) |
```yaml
version: '3.8'
services:
gotify:
container_name: gotify
hostname: gotify
image: ghcr.io/gotify/server:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- net
ports:
- "8680:80"
volumes:
- igotify-data:/app/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
TZ: Europe/Paris
GOTIFY_DEFAULTUSER_NAME: bruno
GOTIFY_DEFAULTUSER_PASS: 3l.+-OGj8feS*C7b
igotify:
container_name: igotify
hostname: igotify
image: ghcr.io/androidseb25/igotify-notification-assist:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
pull_policy: always
networks:
- net
ports:
- "8681:8080"
volumes:
- igotify-api-data:/app/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
IGOTIFY_CLIENT_TOKEN: 'Zm1BPb.iqe,!r=\' # create a client in gotify an add here the client token
GOTIFY_SERVER_URL: 'http://gotify' # default container name from gotify server
networks:
net:
volumes:
igotify-data:
igotify-api-data:
# tokens modifiés
```

86
docs/Synology/Docker/docker-compose/invidious.md Normal file
View File

@@ -0,0 +1,86 @@
# invidious
| Création | Portainer |
| ----------- | --------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 7601 |
| Liens | [Github](https://github.com/iv-org/invidious) |
```yaml
version: "3.9"
services:
invidious-db:
image: postgres
container_name: Invidious-DB
hostname: invidious-db
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "invidious", "-U", "kemal"]
timeout: 45s
interval: 10s
retries: 10
user: 1026:100
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/invidiousdb:/var/lib/postgresql/data
environment:
POSTGRES_DB: invidious
POSTGRES_USER: kemal
POSTGRES_PASSWORD: kemalpw
restart: always
invidious:
image: quay.io/invidious/invidious:latest
container_name: Invidious
hostname: invidious
user: 1026:100
security_opt:
- no-new-privileges:true
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
ports:
- 7601:3000
labels:
- com.centurylinklabs.watchtower.enable=true
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemalpw
host: invidious-db
port: 5432
check_tables: true
captcha_enabled: false
default_user_preferences:
locale: fr
region: FR
external_port: 443
domain: invidious.photos-nas.ovh
hmac_key: Kh9d0h2tV1wIVbqUHTCR5EOxcrc6iB9zLu4UGqIpfXKHjGlksKUWsMyOUw0YVJdC
https_only: true
restart: always
depends_on:
invidious-db:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.72.0/24
# token modifié
```

70
docs/Synology/Docker/docker-compose/maptiler.md Normal file
View File

@@ -0,0 +1,70 @@
# maptiler
```yaml
version: "2"
services:
tileserver:
restart: always
image: maptiler/tileserver-gl
container_name: maptiler
privileged: false
ports:
- 8580:8080
volumes:
- /volume1/docker/dockge/stacks/maptiler/data/map:/data
command:
- --verbose
- --mbtiles
- maptiler-osm-2020-02-10-v3.11-europe.mbtiles
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.77.0/24
```
https://tileserver.readthedocs.io/en/latest/index.html
https://blog.tmlmt.com/create-style-and-render-self-hosted-vector-maps/
https://download.geofabrik.de
```
command: ["-p", "80", "-c", "/data/config.json"]
docker run --rm -it -v $(pwd):/data -p 8188:8080 maptiler/tileserver-gl:v3.1.1 -c config.json --verbose
```
```
version: '3.4'
services:
openmaptiles:
image: klokantech/tileserver-gl
ports:
- 8080:80
volumes:
- "./data:/data"
command: "--verbose -c config.json"
```
## Reloading the configuration
It is possible to reload the configuration file without restarting the whole process by sending a SIGHUP signal to the node process.
- The docker kill -s HUP tileserver-gl command can be used when running the tileserver-gl docker container.
- The docker-compose kill -s HUP tileserver-gl-service-name can be used when tileserver-gl is run as a docker-compose service.

82
docs/Synology/Docker/docker-compose/navidrome.md Normal file
View File

@@ -0,0 +1,82 @@
# navidrome -maloja
| Création | Portainer |
| -------------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port navidrome | 4533 |
| Port maloja | 42010 |
| Liens | [Navidrome](https://www.navidrome.org/)<br />[Github](https://github.com/krateng/maloja) |
```yaml
version: "3"
services:
navidrome:
image: deluan/navidrome
container_name: navidrome
user: 1028:65536 # à modifier par votre propre PGID et PUID
ports:
- "4533:4533" # modifier votre IP donnant vers l'exterieur
environment:
# Optional: put your config options customization here. Examples:
ND_SCANSCHEDULE: 1h
ND_SESSIONTIMEOUT: "24h"
ND_LOGLEVEL: debug
ND_BASEURL: ""
ND_DEFAULTLANGUAGE: fr
ND_ENABLEEXTERNALSERVICES: true
ND_ENABLELOGREDACTING: true
ND_ENABLECOVERANIMATION: false
ND_AUTHREQUESTLIMIT: 10
ND_LISTENBRAINZ_ENABLED: true
ND_LISTENBRAINZ_BASEURL: "http://maloja:42010/apis/listenbrainz/1/"
#ND_LISTENBRAINZ_BASEURL: "https://maloja.photos-nas.ovh/apis/mlj_1/newscrobble"
ND_LASTFM_ENABLED: true
ND_LASTFM_LANGUAGE: fr
ND_ENABLEFAVOURITES: true
ND_ENABLESTARRATING: true
ND_ENABLEUSEREDITING: true
#ND_ENABLEDOWNSAMPLING: "true"
#ND_MAXBITRATE: 128 # can be anything less then your Ogg files bitrate
#ND_DOWNSAMPLECOMMAND: "ffmpeg -i %s -map 0:0 -b:a %bk -v 0 -c:a libopus -f opus -"
ND_PORT: 4533
env_file:
- stack.env
volumes:
- "/volume1/docker/navidrome:/data"
- "/volume1/music:/music:ro"
labels:
- "com.centurylinklabs.watchtower.enable=true"
#- com.centurylinklabs.watchtower.depends-on=
#- "diun.enable=true"
restart: unless-stopped
maloja:
# from dockerhub
image: "krateng/maloja:latest"
container_name: maloja
ports:
- "42010:42010"
restart: unless-stopped
# different directories for configuration, state and logs
volumes:
- "/volume1/docker/maloja/data:/data"
environment:
- "MALOJA_DATA_DIRECTORY=/data"
- "PUID=1028"
- "PGID=65536"
- "MALOJA_LOGGING=true"
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
#- com.centurylinklabs.watchtower.depends-on=
#- "diun.enable=true"
```

39
docs/Synology/Docker/docker-compose/openstreetmap.md Normal file
View File

@@ -0,0 +1,39 @@
# openstreetmap-tile-server
https://github.com/Overv/openstreetmap-tile-server
Créez un volume Docker pour contenir la base de données PostgreSQL qui contiendra les données OpenStreetMap :
```bash
docker volume create osm-data
```
Téléchargez un `.osm.pbf`extrait de geofabrik.de pour la région qui vous intéresse:
```bash
cd /volume1/docker/dockge/stacks/
mkdir mapserver
cd mapserver
mkdir data
```
```bash
wget http://download.geofabrik.de/france-latest.osm.pbf
wget http://download.geofabrik.de/france.poly
```
L'importer dans PostgreSQL en exécutant un conteneur et en montant le fichier en tant que `/data/region.osm.pbf`.
```bash
docker run \
-v /volume1/docker/dockge/stacks/mapserver/data/france-latest.osm.pbf:/data/region.osm.pbf \
-v osm-data:/data/database/ \
overv/openstreetmap-tile-server \
import
```

145
docs/Synology/Docker/docker-compose/paperlessngx.md Normal file
View File

@@ -0,0 +1,145 @@
# paperlessngx
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8777 |
| Liens | [Paperless-ngx](https://docs.paperless-ngx.com/)<br />[Github](https://github.com/paperless-ngx/paperless-ngx) |
```yaml
version: "3.9"
services:
redis:
image: redis:7
command:
- /bin/sh
- -c
- redis-server --requirepass redispass
container_name: PaperlessNGX-REDIS
hostname: paper-redis
mem_limit: 512m
mem_reservation: 256m
cpu_shares: 768
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
healthcheck:
test: ["CMD-SHELL", "redis-cli ping || exit 1"]
volumes:
- /volume1/docker/paperlessngx/redis:/data:rw
environment:
TZ: Europe/Paris
restart: on-failure:5
db:
image: postgres:16
container_name: PaperlessNGX-DB
hostname: paper-db
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "paperless", "-U", "paperlessuser"]
timeout: 45s
interval: 10s
retries: 10
volumes:
- /volume1/docker/paperlessngx/db:/var/lib/postgresql/data:rw
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperlessuser
POSTGRES_PASSWORD: paperlesspass
restart: on-failure:5
gotenberg:
image: gotenberg/gotenberg:latest
container_name: PaperlessNGX-GOTENBERG
hostname: gotenberg
security_opt:
- no-new-privileges:true
user: 1026:100
command:
- "gotenberg"
- "--chromium-disable-javascript=true"
- "--chromium-allow-list=file:///tmp/.*"
restart: on-failure:5
tika:
image: ghcr.io/paperless-ngx/tika:latest
container_name: PaperlessNGX-TIKA
hostname: tika
security_opt:
- no-new-privileges:true
user: 1026:100
restart: on-failure:5
paperless:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
container_name: PaperlessNGX
hostname: paperless-ngx
mem_limit: 6g
cpu_shares: 1024
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
interval: 30s
timeout: 10s
retries: 5
ports:
- 8777:8000
volumes:
- /volume1/docker/paperlessngx/data:/usr/src/paperless/data:rw
- /volume1/docker/paperlessngx/media:/usr/src/paperless/media:rw
- /volume1/docker/paperlessngx/export:/usr/src/paperless/export:rw
- /volume1/docker/paperlessngx/consume:/usr/src/paperless/consume:rw
- /volume1/docker/paperlessngx/trash:/usr/src/paperless/trash:rw
environment:
PAPERLESS_REDIS: redis://:redispass@paper-redis:6379
PAPERLESS_DBENGINE: postgresql
PAPERLESS_DBHOST: paper-db
PAPERLESS_DBNAME: paperless
PAPERLESS_DBUSER: paperlessuser
PAPERLESS_DBPASS: paperlesspass
PAPERLESS_TRASH_DIR: ../trash
PAPERLESS_FILENAME_FORMAT: '{created_year}/{correspondent}/{document_type}/{title}'
PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD: 6
PAPERLESS_TASK_WORKERS: 1
USERMAP_UID: 1026
USERMAP_GID: 100
PAPERLESS_TIME_ZONE: Europe/Paris
PAPERLESS_URL: https://paperlessngx.photos-nas.ovh
PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperlessngx.photos-nas.ovh
PAPERLESS_OCR_LANGUAGE: deu+eng
PAPERLESS_TIKA_ENABLED: 1
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
PAPERLESS_TIKA_ENDPOINT: http://tika:9998
env_file:
- stack.env
restart: on-failure:5
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
tika:
condition: service_started
gotenberg:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.59.0/24
```

37
docs/Synology/Docker/docker-compose/pingvin.md Normal file
View File

@@ -0,0 +1,37 @@
# pingvin
| Création | dockge |
| ----------- | ----------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 6090 |
| Liens | [Github](https://github.com/stonith404/pingvin-share) |
```yaml
version: "3.7"
services:
pingvin-share:
container_name: Pingvin-Share
ports:
- 6090:3000
volumes:
- /volume1/docker/dockge/stacks/pingvin:/opt/app/backend/data
- /volume1/docker/dockge/stacks/pingvin/public:/opt/app/frontend/public/img
restart: always
image: stonith404/pingvin-share
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.63.0/24
```

41
docs/Synology/Docker/docker-compose/privatebin.md Normal file
View File

@@ -0,0 +1,41 @@
# PrivateBin
| Création | dockge |
| ----------- | -------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 8380 |
| Liens | [PrivateBin](https://privatebin.info/) |
```yaml
name: privatebin
services:
nginx-fpm-alpine:
restart: always
read_only: true
environment:
TZ: Europe/Paris
ports:
- 8380:8080
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/privatebin/conf.php:/srv/cfg/conf.php:ro
- /volume1/docker/dockge/stacks/privatebin/data:/srv/data
- /volume1/docker/dockge/stacks/privatebin:/tmp
- /volume1/docker/dockge/stacks/privatebin:/run
image: privatebin/nginx-fpm-alpine
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.66.0/24
```

35
docs/Synology/Docker/docker-compose/psitransfer.md Normal file
View File

@@ -0,0 +1,35 @@
# psitransfer
| Création | dockge |
| ----------- | -------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 3005 |
| Liens | [Github](https://github.com/psi-4ward/psitransfer) |
```yaml
version: "3.7"
services:
psitransfer:
container_name: psitransfer
volumes:
- /volume1/docker/dockge/stacks/psitransfer/data:/data
ports:
- 3005:3000
labels:
- com.centurylinklabs.watchtower.enable=true
image: psitrax/psitransfer
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.62.0/24
```

49
docs/Synology/Docker/docker-compose/scrutiny.md Normal file
View File

@@ -0,0 +1,49 @@
# Scrutiny
| Création | Container Manager (projet) |
| ----------- | --------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 6070 |
| Liens | [Github](https://github.com/AnalogJ/scrutiny) |
```yaml
services:
scrutiny:
container_name: scrutiny
image: ghcr.io/analogj/scrutiny:master-omnibus
cap_add:
- SYS_RAWIO
- SYS_ADMIN
ports:
- "6070:8080" # webapp
- "8086:8086" # influxDB administration
volumes:
- /run/udev:/run/udev:ro
- /volume1/docker/scrutiny:/opt/scrutiny/config
- /volume1/docker/scrutiny/influxdb:/opt/scrutiny/influxdb
devices:
# - /dev/nvme0n1:/dev/nvme0n1
# - /dev/nvme1n1:/dev/nvme1n1
- /dev/sata1:/dev/sata1
- /dev/sata2:/dev/sata2
- /dev/sata3:/dev/sata3
- /dev/sata4:/dev/sata4
# - /dev/sata5:/dev/sata5
# - /dev/sata6:/dev/sata6
# - /dev/sata7:/dev/sata7
# - /dev/sata8:/dev/sata8
environment:
- SCRUTINY_WEB_INFLUXDB_TOKEN='eo5Kc?t9T/Yrl054Edh6bJYNbhOH3blnWHqDcLHc4ml2ur/IF6?pR1v4BHd!bfB01Qu4pQyPs!?AiBa-8WGoSrkpjdQ'
- SCRUTINY_WEB_INFLUXDB_INIT_USERNAME='bruno'
- SCRUTINY_WEB_INFLUXDB_INIT_PASSWORD='j8s!hJVWCuu*z*LU'
- TIMEZONE=Europe/Paris
restart: unless-stopped
```

82
docs/Synology/Docker/docker-compose/seafile.md Normal file
View File

@@ -0,0 +1,82 @@
# seafile
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8611 |
| Liens | [Manuel](https://manual.seafile.com/)<br />[Seafile](https://www.seafile.com/en/home/)<br />https://mariushosting.com/how-to-install-seafile-on-your-synology-nas/ |
```yaml
version: "3.9"
services:
db:
image: mariadb:11.3-jammy
container_name: Seafile-DB
hostname: seafile-db
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
user: 1026:100
volumes:
- /volume1/docker/dockge/stacks/seafile/db:/var/lib/mysql:rw
environment:
MYSQL_ROOT_PASSWORD: rootpass
TZ: Europe/Paris
restart: on-failure:5
cache:
image: memcached:1.6.22
entrypoint: memcached -m 256
container_name: Seafile-CACHE
hostname: memcached
mem_limit: 512m
cpu_shares: 768
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
restart: on-failure:5
seafile:
image: seafileltd/seafile-mc:latest
container_name: Seafile
hostname: seafile
mem_limit: 2g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost
volumes:
- /volume1/docker/dockge/stacks/seafile/data:/shared:rw
ports:
- 8611:80
environment:
DB_HOST: seafile-db
DB_ROOT_PASSWD: rootpass
TIME_ZONE: Europe/Paris
SEAFILE_ADMIN_EMAIL: liste@clicclac.info
SEAFILE_ADMIN_PASSWORD: mariushosting
SEAFILE_SERVER_LETSENCRYPT: false
SEAFILE_SERVER_HOSTNAME: seafile.photos-nas.ovh
FORCE_HTTPS_IN_CONF: true
restart: on-failure:5
depends_on:
db:
condition: service_started
cache:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.69.0/24
```

33
docs/Synology/Docker/docker-compose/searXNG.md Normal file
View File

@@ -0,0 +1,33 @@
# searXNG
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 5147 |
| Liens | [Docs](https://docs.searxng.org)<br />[Github](https://github.com/searxng/searxng) |
```yaml
version: '3.9'
services:
searxng:
image: searxng/searxng
container_name: SearXNG
mem_limit: 8g
cpu_shares: 2048
security_opt:
- no-new-privileges:true
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/searxng:/etc/searxng:rw
restart: on-failure:5
ports:
- 5147:8080
```

59
docs/Synology/Docker/docker-compose/send.md Normal file
View File

@@ -0,0 +1,59 @@
# send
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 1234 |
| Liens | [Github](https://github.com/timvisee/send)<br />[Docker](https://github.com/timvisee/send-docker-compose/tree/master) |
```yaml
version: "3"
services:
send:
image: registry.gitlab.com/timvisee/send:latest
restart: always
ports:
- 1234:1234
volumes:
- /volume1/docker/dockge/stacks/send/uploads:/uploads
labels:
- com.centurylinklabs.watchtower.enable=true
environment:
- VIRTUAL_HOST=send.photos-nas.ovh
- VIRTUAL_PORT=1234
- DHPARAM_GENERATION=false
- NODE_ENV=production
- BASE_URL=https://send.photos-nas.ovh
- PORT=1234
- REDIS_HOST=redis
- FILE_DIR=/uploads
# To customize upload limits
# - EXPIRE_TIMES_SECONDS=3600,86400,604800,2592000,31536000
# - DEFAULT_EXPIRE_SECONDS=3600
# - MAX_EXPIRE_SECONDS=31536000
# - DOWNLOAD_COUNTS=1,2,5,10,15,25,50,100,1000
# - MAX_DOWNLOADS=1000
# - MAX_FILE_SIZE=2684354560
redis:
image: redis:alpine
restart: always
volumes:
- send-redis:/data
volumes:
send-redis: null
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.60.0/24
```

47
docs/Synology/Docker/docker-compose/snapdrop.md Normal file
View File

@@ -0,0 +1,47 @@
# snapdrop
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 7653 |
| Liens | [Github](https://github.com/RobinLinus/snapdrop) |
```yaml
version: "3.9"
services:
snapdrop:
image: ghcr.io/linuxserver/snapdrop:latest
container_name: Snapdrop
hostname: snapdrop
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:80
ports:
- 7653:443
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/snapdrop:/config:rw
environment:
TZ: Europe/Paris
PUID: 1026
PGID: 100
restart: on-failure:5
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.67.0/24
```

36
docs/Synology/Docker/docker-compose/snippet-box.md Normal file
View File

@@ -0,0 +1,36 @@
# snippet-box
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 5010 |
| Liens | [Github](https://github.com/RobinLinus/snapdrop) |
```yaml
version: "3"
services:
snippet-box:
image: pawelmalak/snippet-box:latest
container_name: snippet-box
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/snippetbox/data:/app/data
ports:
- 5010:5000
restart: unless-stopped
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.65.0/24
```

57
docs/Synology/Docker/docker-compose/tautulli.md Normal file
View File

@@ -0,0 +1,57 @@
# Tautulli
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8181 |
| Liens | [Github](https://github.com/Tautulli/Tautulli)<br />[Tautulli](https://tautulli.com/) |
```bash
services:
tautulli:
image: linuxserver/tautulli:latest
container_name: tautulli
environment:
- PUID=1026 #CHANGE_TO_YOUR_UID
- PGID=100 #CHANGE_TO_YOUR_GID
- TZ=Europe/Paris #CHANGE_TO_YOUR_TZ
- UMASK=022
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/tautulli:/config
ports:
- 8181:8181/tcp
network_mode: synobridge
security_opt:
- no-new-privileges:true
restart: always
```
#### Portail de connexion -> Avancé -> Proxy inversé
Entête personnalisé:
| Nom de l'entête | Valeur |
| ----------------- | --------------------------- |
| Host | $host; |
| X-Real-IP | $remote_addr; |
| X-Forwarded-Host | $server_name; |
| X-Forwarded-For | $proxy_add_x_forwarded_for; |
| X-Forwarded-Proto | $scheme; |
| X-Forwarded-Ssl | on; |
https://github.com/Tautulli/Tautulli/wiki/Installation#synology
https://github.com/Tautulli/Tautulli/wiki/Frequently-Asked-Questions#general-q9

43
docs/Synology/Docker/docker-compose/watchtower.md Normal file
View File

@@ -0,0 +1,43 @@
# Watchtower
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | - |
| Liens | [Watchtower](https://containrrr.dev/watchtower/)<br />[Github](https://github.com/containrrr/watchtower/) |
```yaml
version: '2.1'
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
hostname: watchtower-nas
network_mode: bridge
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_DEBUG=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_TIMEOUT=30s
#- WATCHTOWER_POLL_INTERVAL=300
- WATCHTOWER_SCHEDULE=0 0 5 * * *
- TZ=Europe/Paris
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /volume1/docker/watchtower/config.json:/root/.docker/config.json
restart: unless-stopped
```

44
docs/Synology/Docker/docker-compose/wgeasy.md Normal file
View File

@@ -0,0 +1,44 @@
# wg-easy
| Création | Portainer |
| ----------- | -------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 51821 |
| Liens | [Github](https://github.com/wg-easy/wg-easy) |
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- WG_DEFAULT_DNS=192.168.2.216
restart: always
```

35
docs/Synology/Docker/docker-compose/yacy.md Normal file
View File

@@ -0,0 +1,35 @@
# yacy
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8490 |
| Liens | [Yacy](https://yacy.net)<br />[Github](https://github.com/yacy/yacy_search_server) |
```yaml
services:
yacy:
image: yacy/yacy_search_server:latest
container_name: yacy
network_mode: bridge
dns:
- 192.168.2.116
- 192.168.2.216
user: 1028:65536
labels:
- com.centurylinklabs.watchtower.enable=true
ports:
- 8490:8090
- 8443:8443
volumes:
- /volume1/docker/yacy/data:/opt/yacy_search_server/DATA:rw
restart: unless-stopped
```

25
docs/Synology/Docker/docker-compose/yatch.md Normal file
View File

@@ -0,0 +1,25 @@
# yatch
```yaml
version: "3"
services:
yacht:
container_name: yacht
restart: unless-stopped
ports:
- 8001:8000
environment:
ADMIN_EMAIL: liste@clicclac.info
SECRET_KEY: 7dJuLowm7E5fuXtdEiG1aZ5XwpV8DMOePr5TxwETXTDvM9MgqYulzlb75OscYF4Yvto63jESprC02ZjegOKxDuQhz
volumes:
- yacht:/config
- /var/run/docker.sock:/var/run/docker.sock
image: selfhostedpro/yacht
volumes:
yacht:
# tokens modifiés
```

133
docs/Synology/Docker/grafana.md Normal file
View File

@@ -0,0 +1,133 @@
# Grafana
```yaml
version: "3.9"
services:
grafana:
image: grafana/grafana:latest
container_name: Grafana
hostname: grafana
networks:
- grafana-net
mem_limit: 512m
cpu_shares: 512
security_opt:
- no-new-privileges:true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:3000/api/health
ports:
- 3340:3000
volumes:
- /volume1/docker/grafana/data:/var/lib/grafana:rw
environment:
TZ: Europe/Paris
GF_INSTALL_PLUGINS: grafana-clock-panel,grafana-simple-json-datasource,natel-discrete-panel,grafana-piechart-panel
restart: on-failure:5
prometheus:
image: prom/prometheus
command:
- '--storage.tsdb.retention.time=60d'
- '--config.file=/etc/prometheus/prometheus.yml'
container_name: Prometheus
hostname: prometheus-server
networks:
- grafana-net
- prometheus-net
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges=true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9090/ || exit 1
volumes:
- /volume1/docker/grafana/prometheus:/prometheus:rw
- /volume1/docker/grafana/prometheus.yml:/etc/prometheus/prometheus.yml:ro
restart: on-failure:5
node-exporter:
image: prom/node-exporter:latest
command:
- --collector.disable-defaults
- --collector.stat
- --collector.time
- --collector.cpu
- --collector.loadavg
- --collector.hwmon
- --collector.meminfo
- --collector.diskstats
container_name: Prometheus-Node
hostname: prometheus-node
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges=true
read_only: true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9100/
restart: on-failure:5
snmp-exporter:
image: prom/snmp-exporter:latest
command:
- '--config.file=/etc/snmp_exporter/snmp.yml'
container_name: Prometheus-SNMP
hostname: prometheus-snmp
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9116/ || exit 1
volumes:
- /volume1/docker/grafana/snmp:/etc/snmp_exporter/:ro
restart: on-failure:5
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
command:
- '--docker_only=true'
container_name: Prometheus-cAdvisor
hostname: prometheus-cadvisor
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges=true
read_only: true
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: on-failure:5
networks:
grafana-net:
name: grafana-net
ipam:
config:
- subnet: 192.168.50.0/24
prometheus-net:
name: prometheus-net
ipam:
config:
- subnet: 192.168.51.0/24
```

102
docs/Synology/Docker/index.md Normal file
View File

@@ -0,0 +1,102 @@
# Docker
### Installation
Installer le paquet Container Manager dans DSM
[DockerHub](https://hub.docker.com/search?q=)
##### Redémarrer Container Manager
```bash
$ systemctl list-units --type=service --all | grep -i docker
pkg-ContainerManager-dockerd.service loaded active running Docker Application Container Engine
pkg-ContainerManager-event-watcherd.service loaded active running Docker event watch service
```
```bash
$ sudo systemctl restart pkg-ContainerManager-dockerd
```
### Utilisation
[Mise-à-jour des containers](updates.md) (Container Manager - WatchTower)
[Ports](ports.md)
```bash
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
```
Ajouter à `/etc/docker/daemon.json` (ou le créer)
```json
{
"default-address-pools" : [
{
"base" : "172.17.0.0/12",
"size" : 20
},
{
"base" : "192.168.0.0/16",
"size" : 24
}
]
}
```
Autre solution:
```yaml
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
```
https://straz.to/2021-09-08-docker-address-pools/
https://jareklipski.medium.com/docker-can-only-create-31-default-networks-e7f98f778626
https://serverfault.com/questions/916941/configuring-docker-to-not-use-the-172-17-0-0-range
https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am
### Containers
- [iGotify](docker-compose/igotify.md)
- [Pi.Alert](docker-compose/Pi.Alert.md)
- [searXNG](docker-compose/searXNG.md)
- [WireGuard](Wireguard.md)
### Login
```bash
$ sudo docker login --username=foo
# WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
```
```bash
$ cat ~/my_password.txt | docker login --username foo --password-stdin
```
### Backups
https://mariushosting.com/synology-how-to-back-up-docker-containers/

148
docs/Synology/Docker/iperf3.md Normal file
View File

@@ -0,0 +1,148 @@
# iperf3
### Sur le NAS:
Installation d'iPerf sur le NAS:
```bash
$ sudo docker run -it --rm -p 5201:5201 networkstatic/iperf3 --help
```
Le serveur est lancé:
```bash
$ sudo docker run -it --rm --name=iperf3-server -p 5201:5201 networkstatic/iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
```
### Sur le mac:
```bash
$ brew install iperf3
```
On lance le client:
```bash
$ iperf3 -c 192.168.2.57
Connecting to host 192.168.2.57, port 5201
[ 5] local 192.168.2.240 port 60430 connected to 192.168.2.57 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 14.2 MBytes 119 Mbits/sec
[ 5] 1.00-2.00 sec 12.9 MBytes 108 Mbits/sec
[ 5] 2.00-3.01 sec 13.0 MBytes 109 Mbits/sec
[ 5] 3.01-4.01 sec 12.0 MBytes 101 Mbits/sec
[ 5] 4.01-5.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 5.00-6.00 sec 14.0 MBytes 118 Mbits/sec
[ 5] 6.00-7.00 sec 13.4 MBytes 112 Mbits/sec
[ 5] 7.00-8.00 sec 13.0 MBytes 109 Mbits/sec
[ 5] 8.00-9.00 sec 10.0 MBytes 83.7 Mbits/sec
[ 5] 9.00-10.01 sec 10.5 MBytes 88.1 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 126 MBytes 105 Mbits/sec sender
[ 5] 0.00-10.09 sec 125 MBytes 104 Mbits/sec receiver
iperf Done.
```
### Test externe:
```bash
iperf3 -c scaleway.testdebit.info -p 9215 -R -P 4
Connecting to host scaleway.testdebit.info, port 9215
Reverse mode, remote host scaleway.testdebit.info is sending
[ 7] local 192.168.2.240 port 60728 connected to 62.210.156.7 port 9215
[ 9] local 192.168.2.240 port 60729 connected to 62.210.156.7 port 9215
[ 11] local 192.168.2.240 port 60730 connected to 62.210.156.7 port 9215
[ 13] local 192.168.2.240 port 60731 connected to 62.210.156.7 port 9215
[ ID] Interval Transfer Bitrate
[ 7] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[ 9] 0.00-1.00 sec 256 KBytes 2.09 Mbits/sec
[ 11] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[ 13] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[SUM] 0.00-1.00 sec 1.38 MBytes 11.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 1.00-2.00 sec 1.88 MBytes 15.8 Mbits/sec
[ 9] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 11] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 13] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[SUM] 1.00-2.00 sec 5.62 MBytes 47.3 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 2.00-3.00 sec 3.50 MBytes 29.3 Mbits/sec
[ 9] 2.00-3.00 sec 1.88 MBytes 15.7 Mbits/sec
[ 11] 2.00-3.00 sec 2.75 MBytes 23.0 Mbits/sec
[ 13] 2.00-3.00 sec 2.00 MBytes 16.8 Mbits/sec
[SUM] 2.00-3.00 sec 10.1 MBytes 84.8 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 3.00-4.00 sec 3.12 MBytes 26.2 Mbits/sec
[ 9] 3.00-4.00 sec 1.62 MBytes 13.6 Mbits/sec
[ 11] 3.00-4.00 sec 2.62 MBytes 22.0 Mbits/sec
[ 13] 3.00-4.00 sec 1.75 MBytes 14.7 Mbits/sec
[SUM] 3.00-4.00 sec 9.12 MBytes 76.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 4.00-5.00 sec 5.25 MBytes 43.9 Mbits/sec
[ 9] 4.00-5.01 sec 3.00 MBytes 25.1 Mbits/sec
[ 11] 4.00-5.01 sec 4.38 MBytes 36.6 Mbits/sec
[ 13] 4.00-5.01 sec 2.88 MBytes 24.1 Mbits/sec
[SUM] 4.00-5.00 sec 15.5 MBytes 130 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 5.00-6.00 sec 5.62 MBytes 47.4 Mbits/sec
[ 9] 5.01-6.00 sec 2.88 MBytes 24.2 Mbits/sec
[ 11] 5.01-6.00 sec 4.25 MBytes 35.8 Mbits/sec
[ 13] 5.01-6.00 sec 3.25 MBytes 27.4 Mbits/sec
[SUM] 5.00-6.00 sec 16.0 MBytes 135 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 6.00-7.00 sec 6.12 MBytes 51.3 Mbits/sec
[ 9] 6.00-7.00 sec 3.38 MBytes 28.3 Mbits/sec
[ 11] 6.00-7.00 sec 4.62 MBytes 38.7 Mbits/sec
[ 13] 6.00-7.00 sec 3.75 MBytes 31.4 Mbits/sec
[SUM] 6.00-7.00 sec 17.9 MBytes 150 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 7.00-8.00 sec 5.62 MBytes 47.3 Mbits/sec
[ 9] 7.00-8.00 sec 3.00 MBytes 25.2 Mbits/sec
[ 11] 7.00-8.00 sec 4.25 MBytes 35.7 Mbits/sec
[ 13] 7.00-8.00 sec 3.75 MBytes 31.5 Mbits/sec
[SUM] 7.00-8.00 sec 16.6 MBytes 140 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 8.00-9.00 sec 4.75 MBytes 39.8 Mbits/sec
[ 9] 8.00-9.00 sec 2.50 MBytes 20.9 Mbits/sec
[ 11] 8.00-9.00 sec 3.75 MBytes 31.4 Mbits/sec
[ 13] 8.00-9.00 sec 3.25 MBytes 27.2 Mbits/sec
[SUM] 8.00-9.00 sec 14.2 MBytes 119 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 9.00-10.00 sec 4.88 MBytes 40.8 Mbits/sec
[ 9] 9.00-10.00 sec 2.75 MBytes 23.0 Mbits/sec
[ 11] 9.00-10.00 sec 4.12 MBytes 34.6 Mbits/sec
[ 13] 9.00-10.00 sec 3.88 MBytes 32.5 Mbits/sec
[SUM] 9.00-10.00 sec 15.6 MBytes 131 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 7] 0.00-10.05 sec 46.7 MBytes 39.0 Mbits/sec 0 sender
[ 7] 0.00-10.00 sec 41.1 MBytes 34.5 Mbits/sec receiver
[ 9] 0.00-10.05 sec 24.9 MBytes 20.8 Mbits/sec 0 sender
[ 9] 0.00-10.00 sec 22.5 MBytes 18.9 Mbits/sec receiver
[ 11] 0.00-10.05 sec 36.0 MBytes 30.1 Mbits/sec 0 sender
[ 11] 0.00-10.00 sec 32.4 MBytes 27.1 Mbits/sec receiver
[ 13] 0.00-10.05 sec 30.0 MBytes 25.1 Mbits/sec 0 sender
[ 13] 0.00-10.00 sec 26.1 MBytes 21.9 Mbits/sec receiver
[SUM] 0.00-10.05 sec 138 MBytes 115 Mbits/sec 0 sender
[SUM] 0.00-10.00 sec 122 MBytes 102 Mbits/sec receiver
iperf Done.
```
https://aradaff.com/tester-son-reseau/

34
docs/Synology/Docker/portainer.md Normal file
View File

@@ -0,0 +1,34 @@
# Portainer
| Création | docker-run |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | manuelle |
| Port | 9000 |
| Liens | [Github](https://github.com/portainer/portainer) |
### Installation
https://mariushosting.com/synology-30-second-portainer-install-using-task-scheduler-docker/
### Mise-à-jour du container Portainer
https://mariushosting.com/synology-how-to-update-portainer/
Dans Container Manager:
- Onglet Image -> Mise-à-jour disponible -> Mettre à jour
- Onglet Container -> Action -> Démarrer
### Backup configuration
Portainer -> Settings -> Backup up Portainer -> Download backup

52
docs/Synology/Docker/ports.md
View File

@@ -2,21 +2,51 @@
| | | |
| ------------------------------------------------------------ | --------------------------- | ------ |
| mymediaforalexa | 52050 - 52051 | Docker |
| homebridge | Bridge: 51534<br />UI: 8581 | Docker |
| Hoobs | Bridge: 51826<br />UI: 8181 | Docker |
| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | Docker |
| Lychee | 90 | |
| | | |
| | | |
| | | |
| | | |
| | | Passerelle | Adresse IP | |
| ------------------------------------------------------------ | --------------- | ----------- | ------------ | ------------------ |
| | | | | |
| portainer | **8000** / 9000 | 172.17.0.1 | 172.17.0.3 | |
| geoipupdate | | 172.19.0.1 | 172.19.0.2 | |
| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | 192.168.2.1 | 192.168.2.68 | 192.168.2.68 |
| freegeoip | **8080** / 8888 | 172.18.0.1 | 172.18.0.2 | |
| Acme | | 172.17.0.1 | 172.17.0.2 | |
| | | | | |
| wireguard | | 172.20.0.1 | 172.20.0.2 | 192.168.2.68:51820 |
| | | | | |
#### Redémarrer Container Manager:
```bash
systemctl restart pkg-ContainerManager-dockerd
```
#### Pare-feu:
- IP: 172.16.0.0
- Masque: 255.248.0.0
De 172.16.0.0 à 172.23.255.255
https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/
https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique
#### Liens:
Créer un utilisateur restreint pour docker:
https://drfrankenstein.co.uk/step-2-setting-up-a-restricted-docker-user-and-obtaining-ids/
https://mariushosting.com/synology-how-to-update-docker-image/
https://www.timmertech.io/manage-docker-without-sudo-on-synology/
https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am

116
docs/Synology/Docker/updates.md Normal file
View File

@@ -0,0 +1,116 @@
# Mise-à-jour des containers
### Container manager
##### Onglet Image:
Notifications pour les images dont:
- source: hub.docker.com
- tag: Latest ou Nightly
Cliquer sur 'Update available': l'image est téléchargé et le container mis-à-jour/
##### Onglet Projet:
Si il y a plusieurs containers dans le Projet:
- sélectionner le Projet -> Action -> Arrêt
- mettre à jour les images
- sélectionner le Projet -> Action -> Créer
### Watchtower
| Création | Portainer |
| ----------- | ---------- |
| Mise-à-jour | Watchtower |
| Ports | 8000/9000 |
https://drfrankenstein.co.uk/watchtower-automated-updates-in-container-manager-on-a-synology-nas/
```yaml
version: '2.1'
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
hostname: watchtower-nas
network_mode: bridge
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_DEBUG=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_TIMEOUT=30s
- WATCHTOWER_POLL_INTERVAL=300
- TZ=Europe/Paris
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /volume1/docker/watchtower/config.json:/root/.docker/config.json
restart: unless-stopped
```
##### Mettre-à-jour seulement les containers spécifiés:
A ajouter dans le compose de watchtower:
```yaml
environment:
- WATCHTOWER_LABEL_ENABLE=true
```
A ajouter aux containers que l'on souhaite mettre-à-jour:
```yaml
labels:
- "com.centurylinklabs.watchtower.enable=true"
```
##### Uniquement monitorer certains containers:
A ajouter aux containers que l'on souhaite suivre:
```yaml
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
```
##### Monitorer et mettre-à-jour seulement certains containers:
A ajouter dans le compose de watchtower:
```yaml
environment:
- WATCHTOWER_DISABLE_CONTAINERS=container1,container2
```
https://www.smarthomebeginner.com/watchtower-docker-compose-2024/
#### Lancer Watchtower manuellement:
```bash
$ docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once
```
#### Notifications:
https://containrrr.dev/watchtower/notifications/

62
docs/Synology/dsm7/HomeAssistant.md Normal file
View File

@@ -0,0 +1,62 @@
# HomeAssistant
### Package SynoCommunity
Version Core
[FAQ](https://github.com/SynoCommunity/spksrc/wiki/FAQ-HomeAssistant/)
#### Editer la configuration
```bash
sudo nano /var/packages/homeassistant/var/config/configuration.yaml
```
#### Voir les logs
```bash
tail -f /var/packages/homeassistant/var/homeassistant.log
```
### VMM
#### Erreur '400 Bad Request'
##### /homeassistant/configuration.yaml
```yaml
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
homeassistant:
external_url: "https://home-assistant.photos-nas.ovh" # ne pas indiquer le port
internal_url: "http://192.168.2.21:8123" # adresse locale de HA avec le port
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.2.57 # IP of Synology
ip_ban_enabled: false
```
Sir le NAS

11
docs/Synology/dsm7/Homebridge.md Normal file
View File

@@ -0,0 +1,11 @@
# Homebridge
### Wiki
https://github.com/homebridge/homebridge/wiki/Install-Homebridge-on-Synology-DSM
### Paquet
https://github.com/homebridge/homebridge-syno-spk

38
docs/Synology/dsm7/cli-tools.md Normal file
View File

@@ -0,0 +1,38 @@
# SynoCli Tools
### SynoCli File Tools
less, tree, ncdu, jdupes, fdupes, rhash, mc (midnight commander), mg (emacs-like text editor), nano, jupp (based on JOE - Joe's Own Editor 3.1), file, detox, pcre2, zstd, lzip, plzip, detox, iconv, dos2unix tools, lsd, bat, eza, rmlint, nnn (n³), micro (editor), fzf (fuzzy finder), rg (ripgrep), fd (fd-find), sd (sed alternative), rnm.
### bat
https://github.com/sharkdp/bat
```bash
$ bat --generate-config-file
Success! Config file written to /var/services/homes/bruno/.config/bat/config
```
```bash
$ bat --config-file
/var/services/homes/bruno/.config/bat/config
$ bat --config-dir
/var/services/homes/bruno/.config/bat
```
#### nano
Coloration syntaxique: https://github.com/scopatz/nanorc/
```bash
$ cd ~
$ mkdir .nano
$ install_path=~/.nano/
$ git clone https://github.com/scopatz/nanorc.git $install_path
$ cat $install_path/nanorc >> ~/.nanorc
```

29
docs/Synology/dsm7/dsm7.md
View File

@@ -239,6 +239,14 @@ synosystemctl restart nginx
#### Certificat Let's Encrypt
Si on utilise le certificat pour le domaine synology , il n'y a pas besoin d'ouvrir les ports.
Pour un domaine, il faut ouvrir le port 80.
#### Liens
[nginx.md](../nginx.md)
@@ -276,3 +284,24 @@ un bat-musl <none> <none> (no description available)
ii dans la 1ere colonne: correctement installé
#### Synology Photos:
dossier ~/Photos: Synology Photos -> espace personnel
#### ping
```bash
$ ping 8.8.8.8
ping: socket: Operation not permitted
```
```bash
$ $ ping 8.8.8.8
# ou
$ sudo setcap 'cap_net_raw+ep' "$(which ping)"
```

51
docs/Synology/dsm7/pare-feu.md Normal file
View File

@@ -0,0 +1,51 @@
### Pare-feu
| Règle | IP | Masque | Range | CIDR | Ports | Protocole | Action |
| ------------ | ----------- | --------------- | ------------------------------- | -------------- | --------------------- | --------- | ------ |
| Docker | 172.16.0.0 | 255.240.0.0 | De 172.16.0.0 à 172.23.255.255 | | Tous | Tous | Oui |
| Réseau local | 192.168.2.0 | 255.255.255.128 | De 192.168.2.0 à 192.168.2.127 | 192.168.2.0/25 | Tous | Tous | Oui |
| France | France | | | | Tous | Tous | Oui |
| Reste | | | | | Tous (sauf 80 et 443) | Tous | Non |
Depuis le tel:
| | | |
| ---- | ---------------------- | ---- |
| | https://photos-nas.ovh | OK |
| | | |
| | | |
#### Paquets
| | Numéro de port | Protocole |
| --------------------- | ------------------------------------------------------------ | --------- |
| Synology Drive Server | 80 (partage de lien), 443 (partage de lien), 5000 (HTTP), 5001 (HTTPS), 6690 (synchronisation/sauvegarde de fichiers) | TCP |
| | | |
#### Applications mobiles
| | Numéro de port | Protocole |
| -------------- | ------------------------- | --------- |
| Synology Drive | 5000 (HTTP), 5001 (HTTPS) | TCP |
#### Liens:
https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/
https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique

154
docs/Synology/dsm7/pcloud.md Normal file
View File

@@ -0,0 +1,154 @@
# Sauvegarde Synlogy NAS sur pCloud avec rClone
### Sur le Mac:
```bash
$ brew install rclone
```
```bash
$ rclone config
# remote
n) New remote
Enter name for new remote.
name> pcloud
Storage> 38
Option client_id.
client_id> # vide
Option client_secret.
client_secret> # vide
Edit advanced config
y/n> n
Use web browser to automatically authenticate rclone with remote?
y/n> y
S'identifier dans la fenêtre pCloud
Options:
- type: pcloud
- hostname: eapi.pcloud.com
- token: {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
Keep this "pcloud" remote ?
y/e/d> y
# Token modifié
```
On récupère le contenu du fichier de config:
```bash
$ cat .config/rclone/rclone.conf
```
```
[pcloud]
type = pcloud
hostname = eapi.pcloud.com
token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
# Token modifié
```
### Sur le NAS:
On installe rclone:
```bash
bruno@DS923:~$ wget https://rclone.org/install.sh
```
```bash
bruno@DS923:~$ sudo ./install.sh
```
On crée la config:
```bash
bruno@DS923:~$ rclone config touch
```
puis on l'édite:
```bash
bruno@DS923:~$ nano .config/rclone/rclone.conf
```
et on colle la config crée sur le mac:
```
[pcloud]
type = pcloud
hostname = eapi.pcloud.com
token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
# Token modifié
```
On teste la configuration:
```bash
bruno@DS923:~$ rclone lsd pcloud:
-1 2021-05-03 14:16:15 -1 .dotfiles
-1 2023-10-30 07:20:28 -1 Animations
-1 2023-10-30 08:01:50 -1 Automatic Uploadb
-1 2019-07-24 13:40:00 -1 Backups
```
et on la sauvegarde:
```bash
bruno@DS923:~$ cp .config/rclone/rclone.conf /volume1/nas/rclone/rclone.conf
```
### Synchronisation:
On synchronise le dossier partagé **docker** dans pCloud:
Option:
`--dry-run` pour tester.
`-P` pour afficher la progression
```bash
# sudo nécessaire pour le docker Acme
bruno@DS923:~$ sudo rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*" -P
```
### Tache planifiée:
Panneau de configuration -> Planificateur de taches
Créer > Tâche planifiée > Script défini par lutilisateur
```bash
bruno@DS923:~$ rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*"
```
https://www.gozen-consulting.com/2023/12/09/comment-sauvegarder-synology-nas-sur-pcloud-avec-rclone/

70
docs/Synology/dsm7/php.md
View File

@@ -11,16 +11,18 @@ https://www.synology.com/fr-fr/support/download/DS916+?version=7.0#packages
#### Les services **php** actifs:
```bash
$ systemctl | grep PHP
pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php74@da937888-3180-4a69-96d6-076b750f2b06.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php74@e32d3cf6-055c-43f0-802d-6b72e9437f42.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php80@746b57c5-03a4-4210-bf14-1d7df30c8b79.service loaded active running WebStation PHP8.0 fpm process
pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit
pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit
PHP7.3.slice loaded active active PHP7.3.slice
PHP7.4.slice loaded active active PHP7.4's slice
PHP8.0.slice loaded active active PHP8.0's slice
$ systemctl | grep PHP
pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php80@139939eb-365d-4381-9996-ecf91c4216bc.service loaded active running WebStation PHP8.0 fpm process
pkg-WebStation-php80@4d11e742-c46a-406c-a988-263bfd259fc1.service loaded active running WebStation PHP8.0 fpm process
pkg-WebStation-php82@49b74e5d-1252-4bbb-947e-68a70242310a.service loaded active running WebStation PHP8.2 fpm process
pkg-WebStation-php82@95f7fe6c-5dbc-4f31-9c63-99ef91a6df1e.service loaded active running WebStation PHP8.2 fpm process
pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit
pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit
pkgctl-PHP8.2.service loaded active exited PHP8.2's service unit
PHP7.4.slice loaded active active PHP7.4's slice
PHP8.0.slice loaded active active PHP8.0's slice
PHP8.2.slice loaded active active PHP8.2's slice
```
#### Les services **apache** actifs:
@@ -35,12 +37,12 @@ $ systemctl | grep apache
#### Redémarrer un service:
```bash
$ sudo systemctl restart pkgctl-PHP8.0.service
$ sudo systemctl restart pkgctl-PHP8.2.service
```
```bash
$ sudo systemctl stop pkgctl-PHP8.0.service
$ sudo systemctl start pkgctl-PHP8.0.service
$ sudo systemctl stop pkgctl-PHP8.2.service
$ sudo systemctl start pkgctl-PHP8.2.service
```
@@ -78,6 +80,21 @@ $ find / -name php.ini 2>/dev/null
/volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini memory_limit = 512M
/etc/php/php.ini memory_limit = 512M
/volume1/@appstore/PHP8.0/misc/php-fpm.ini <- memory_limit pris en compte par php-info memory_limit = 512M
$ find / -name php*.ini 2>/dev/null
/usr/local/etc/php82/cli/php.ini # memory_limit = 128M
/usr/local/etc/php74/cli/php.ini # memory_limit = 128M
/usr/local/etc/php80/cli/php.ini # memory_limit = 128M
/etc/php/php.ini
/etc.defaults/php/php.ini
/volume1/@appstore/PHP8.2/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP8.2/usr/local/etc/php82/cli/php.ini # memory_limit = 128M
/volume1/@appstore/PHP7.4/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP7.4/usr/local/etc/php74/cli/php.ini # memory_limit = 128M
/volume1/@appstore/PHP8.0/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini # memory_limit = 128M
```
@@ -87,6 +104,7 @@ $ find / -name php.ini 2>/dev/null
#### Liste des fichiers de conf:
```bash
# Si modif
$ php --ini
Configuration File (php.ini) Path: /usr/local/etc/php80/cli
@@ -95,6 +113,13 @@ Scan for additional .ini files in: /usr/local/etc/php80/cli/conf.d
Additional .ini files parsed: /usr/local/etc/php80/cli/conf.d/extension.ini,
/usr/local/etc/php80/cli/conf.d/nextcloud.ini,
/usr/local/etc/php80/cli/conf.d/timezone.ini
# Sinon
$ php --ini
Configuration File (php.ini) Path: /etc/php
Loaded Configuration File: /etc/php/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed: (none)
```
@@ -198,18 +223,33 @@ zlib
#### Log:
```bash
sudo tail -f /volume1/@appdata/PHP8.0/log/php80-fpm.log # alimenté
sudo tail -f /volume1/@appdata/PHP8.2/log/php80-fpm.log # n'existe pas
```
Webstation -> Paramètrers du language de script -> sélectionner un profil -> Coeur ->
- error_log : /volume1/web/log/php82_error.log
- log_errors : On
#### Dossier des modules:
`/volume1/@appstore/PHP8.0/usr/local/lib/php80/modules/`
`/volume1/@appstore/PHP7.4/usr/local/lib/php74/modules/`
`/volume1/@appstore/PHP8.2/usr/local/lib/php82/modules/`
Les extensions n'apparaissent pas dans les <u>Extensions du profil PHP</u> (Web Station). Il faut éditer `extension_list.json`:
```bash
$ sudo nano /volume1/@appstore/PHP8.0/misc/extension_list.json
$ sudo nano /volume1/@appstore/PHP8.2/misc/extension_list.json
"apcu": {
"enable_default": true,

185
docs/Synology/dsm7/pi-hole.md Normal file
View File

@@ -0,0 +1,185 @@
# pi-hole
https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
#### 1a. Créer un réseau macvlan:
```bash
$ sudo docker network create -d macvlan -o parent=ovs_eth0 --subnet=192.168.2.0/24 --gateway=192.168.2.1 --ip-range=192.168.2.68/32 ph_network
# 192.168.2.68 = IP Pi-hole
# si VMM est installé: -o parent=ovs_eth0
# sinon: -o parent=eth0
```
Equivalant yaml:
```yaml
services:
pihole:
../..
networks:
macvlan:
ipv4_address: 192.168.2.68
restart: always
networks:
macvlan:
name: ph_network
driver: macvlan
driver_opts:
parent: ovs_eth0
ipam:
config:
- subnet: "192.168.2.0/24"
ip_range: "192.168.2.254/24"
gateway: "192.168.2.1"
```
#### 1b. Bridge
#### 2. docker-compose.yml
```yaml
version: "3"
# Instructions: https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "80:80/tcp"
networks:
- ph_network
environment:
TZ: 'Europe/Paris'
WEBPASSWORD: 'xxxxx'
# Volumes store your data between container upgrades
volumes:
- '/volume1/docker/pihole/pihole:/etc/pihole'
- '/volume1/docker/pihole/dnsmasq.d:/etc/dnsmasq.d'
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
networks:
ph_network:
name: ph_network
external: true
```
#### 3. Ouvrir et configurer pihole:
```http
# ip fixée dans le réseau
http://192.168.2.68/admin/login.php
```
#### 4a. Régler les DNS dans le routeur:
- DNS 1: <ip pihole>
- DN2 2: 1.1.1.1
Tous les appareils utiliseront Pi-hole comme serveur DNS.
#### 4b. Régler les DNS dans chaque appareil:
- DNS 1: <ip pihole>
- DN2 2: 1.1.1.1
Si on utilise un macvlan, le DSM ne peut accèder à Pi-hole. Il faut utiliser des DNS externes:
- DNS 1: 9.9.9.9 (Quad9)
- DN2 2: 1.1.1.1 (Cloudflare)
#### 5. Listes:
https://www.libhunt.com/topic/pi-hole-blocklists
#### 6. Aller dans le containe pihole:
```bash
$ sudo docker exec -it pihole bash
```
```bash
$ pihole -v
```
#### 7. Loopback
Dans Pi-hole, aller à Local DNS -> DNS Records -> Add a new domain/IP combination:
Ajouter
/volume1/docker/pihole/dnsmasq.d/01-pihole.conf
```bash
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
log-queries
log-facility=/var/log/pihole/pihole.log
log-async
cache-size=10000
server=8.8.8.8
server=8.8.4.4
interface=eth0
```
/volume1/docker/pihole/dnsmasq.d/06-rfc6761.conf
```bash
server=/test/
server=/localhost/
server=/invalid/
server=/bind/
server=/onion/
```
#### Liens
https://marketsplash.com/tutorials/docker/pihole-docker/
https://drfrankenstein.co.uk/pi-hole-in-container-manager-on-a-synology-nas/
https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
https://github.com/pi-hole/docker-pi-hole

8
docs/Synology/dsm7/snapshot.md Normal file
View File

@@ -0,0 +1,8 @@
# Snapshot Replication
https://kb.synology.com/fr-fr/DSM/tutorial/Quick_Start_Snapshot_Replication

108
docs/Synology/dsm7/wireguard.md Normal file
View File

@@ -0,0 +1,108 @@
# WireGuard
### Installer WireGuard sur le NAS
https://www.blackvoid.club/wireguard-spk-for-your-synology-nas/
##### Identifier l'architecture du NAS:
https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have?ref=blackvoid.club
| **Model** | **CPU Model** | **Cores** **(each)** | **Threads** **(each)** | **FPU** | **Package Arch** | **RAM** |
| ---------- | --------------- | -------------------- | ---------------------- | ------- | ---------------- | ------------------- |
| **DS923+** | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB |
Télécharger le paquet (SPK) correspondant à la version courante de DSM (7.2):
https://www.blackvoid.club/content/files/2023/03/WireGuard-r1000-1.0.20220627.spk
Installer manuellement le paquet dans le Centre de paquet <u>mais ne pas le lancer.</u>
Sous DSM 7.2, redémarrer le NAS, puis démarrer WireGuard:
```
root@DS923:~# cd /var/packages/WireGuard/scripts
root@DS923:/var/packages/WireGuard/script
-rwxr-xr-x 1 root root 364 May 3 2022 start
-rwxr-xr-x 1 root root 1664 May 3 2022 start-stop-status
root@DS923:/var/packages/WireGuard/scripts# /var/packages/WireGuard/scripts/start
WireGuard have been successfully started
```
Le NAS supporte enfin WireGuard client et serveur.
### WireGuard Easy
https://github.com/wg-easy/wg-easy
https://www.blackvoid.club/wireguard-vpn-for-your-synology-nas/
```bash
bruno@DS923:/volume1/docker/wgeasy
-rwxrwxrwx+ 1 bruno users 488 Jan 28 12:24 docker-compose.yml
-rwxrwxrwx+ 1 root root 443 Jan 28 12:26 wg0.conf
-rwxrwxrwx+ 1 root root 195 Jan 28 12:26 wg0.json
```
##### docker-compose.yml
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- PASSWORD=xxxxxxxxxxxxxx
restart: always
```
- WireGuard VPN server utilise le port UDP 51820 <u>(à ouvrir sur le routeur)</u>
- L'interface WG-Easy web utilise le port TCP 51821
```bash
bruno@DS923:/volume1/docker/wgeasy$ sudo docker-compose up -d
```
WG-Easy est disponible à http://192.168.2.57:51821, puis:
- Créer un nouveau client VPN
- Exporter la config ou scanner le QR code
https://www.wundertech.net/wg-easy-wireguard-vpn-server/
https://github.com/ngoduykhanh/wireguard-ui
https://www.nas-forum.com/forum/topic/77094-tutodocker-linuxserverwireguard-wireguard-ui/

170
docs/Synology/ovh.md Normal file
View File

@@ -0,0 +1,170 @@
# ovh
### Configuration du domaine chez OVH
Dans l'[espace client OVH](https://www.ovh.com/manager/#/hub), aller à l'onglet **Domaines** -> **DynHost** et cliquer sur **Ajouter un DynHost**.
Entrer l'IP de la box et le sous-domaine à créer:
- Sous-domaine: **ds923**.photos-nas.ovh
- IP: 86.209.254.226
On a ensuite besoin d'un identifiant pour mettre le sous-domaine à jour. Cliquer sur **Gérer les accès** puis **Créer un identifiant**:
- Suffixe de l'identifiant: photos-nas.ovh-**wildcard**
- Sous-domaine: **ds923**.photos-nas.ovh
- Mot de passe: <passwd>
Vérification:
```bash
$ nslookup photos-nas.ovh
Server: fe80::b85d:aff:fe58:f764%12
Address: fe80::b85d:aff:fe58:f764%12#53
Non-authoritative answer:
Name: photos-nas.ovh
Address: 213.186.33.5
```
On s'assure de la propoagation des DNS: https://www.whatsmydns.net/
### Configurer la mise à jour automatique de l'IP
Sur le NAS, aller dans le **Panneau de configuration** -> **Accès externe** -> onglet **DDNS** et cliquer sur Ajouter.
- Fournisseur de service: OVH
- Nom d'hôte: ds923.photos-nas.ovh
- Nom d'utilisateur: photos-nas.ovh-wildcard
- Mot de passe: <passwd>
- Adresse externe: Auto
https://leblogdejerome.com/2018/08/ajouter-un-nas-synology-a-un-dynhost-chez-ovh/
https://www.adrienfuret.fr/2015/05/31/nas-synology-ddns-ovh/
### Création du certificat wildcard Let's Encrypt
#### Création de la clé d'API chez OVH.
https://www.ovh.com/auth/api/createToken
- Application name: wildcard-photos-nas.ovh
- Application description: wildcard-photos-nas.ovh
- Validity: Unlimited
- Rights:
- GET /domain/zone/
- GET /domain/zone/{zone DNS}/status
- GET /domain/zone/{zone DNS}/record
- GET /domain/zone/{zone DNS}/record/*
- POST /domain/zone/{zone DNS}/record
- POST /domain/zone/{zone DNS}/refresh
- DELETE /domain/zone/{zone DNS}/record/*
- Restricted IPs: on rajoute son IP afin qu'en cas de vol des clés, elles ne puissent être exploitées et votre domaine détourné. (NB : Si vous n'avez pas une IP fixe, on passe ce dernier point)
Remplacer {zone DNS} par le domaine (photos-nas.ovh).
Cliquer sur Create keys.
- Application name: wildcard-photos-nas.ovh
- Application description: wildcard-photos-nas.ovh
- Application key: xxxxxxxxxxxxxxxx (16)
- Application secret: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy (32)
- Consumer Key: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz (32)
### Reverse Proxy
Au lieu d'accéder au service Gitea par https//nomdedomaine.fr:8148 (après avoir affecté le port 8148 sur le routeur), on y accède par https://gitea.nomdedomaine.fr sur le port 443
#### Sur le routeur:
on ouvre uniquement les ports:
- 443 et 80 (renouvellement du certificat)
- 42xxx pour le ssh du NAS
#### Chez OVH:
On crée un DynHost pour chaque sous-domaine.
| DynHost | Cible |
| :---------------------------- | ---------- |
| .photos-nas.ovh | IP livebox |
| drive.photos-nas.ovh | |
| ds923.photos-nas.ovh | IP livebox |
| files.photos-nas.ovh | IP livebox |
| gitea.photos-nas.ovh | IP livebox |
| home-assistant.photos-nas.ovh | IP livebox |
| homebridge.photos-nas.ovh | IP livebox |
| photos.photos-nas.ovh | IP livebox |
| portainer.photos-nas.ovh | |
| www.photos-nas.ovh | IP livebox |
| asus.photos-nas.ovh | |
| ds916.photos-nas.ovh | |
| tunes.photos-nas.ovh | IP livebox |
https://www.ovh.com/manager/#/web/zone/photos-nas.ovh/dynhost
#### Sur le NAS:
##### Date d'expiration d'un certifcat:
```bash
# openssl x509 -enddate -noout -in /usr/syno/etc/certificate/system/default/cert.pem
notAfter=Apr 12 18:53:43 2024 GMT
```
##### Réglage du pare-feu:
Ouvrir le port 80 lors du renouvellement:
```bash
#!/usr/bin/env bash
# ====================================================================================== #
# ===================== Script renew_cert_with_firewall_actions.sh ===================== #
# ====================================================================================== #
/usr/syno/bin/synofirewall --profile-set LetsEncrypt-renew && /usr/syno/bin/synofirewall --reload
/usr/syno/sbin/syno-letsencrypt renew-all
/usr/syno/bin/synofirewall --profile-set custom && /usr/syno/bin/synofirewall --reload
```
##### Portail des applications de DSM
#### Empêcher les moteurs de recherche d'indexer l'adresse DDNS
Réseau -> Connectivité -> Cocher Activer l'en-tête "server" dans les réponses HTTP
En-tête "server" personnalisé : noindex

159
docs/Synology/ports.md Normal file
View File

@@ -0,0 +1,159 @@
# Quels sont les ports réseau utilisés par les services DSM ?
### Utilitaires de configuration
| Type | Numéro de port | Protocole |
| ------------------ | ---------------- | --------- |
| Synology Assistant | 9999, 9998, 9997 | UDP |
### Sauvegarde
| Type | Numéro de port | Protocole |
| ------------------------------------------------------------ | ------------------------------------------------------------ | --------- |
| Active Backup for Business | 5510 (Synology NAS) [1](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-01) | TCP |
| 443 (vCenter Server et hôte ESXi), 902 (hôte ESXi), 445 (SMB pour l'hôte Hyper-V ), 5985 (HTTP pour l'hôte Hyper-V ), 5986 (HTTPS pour l'hôte Hyper-V ) | TCP | |
| Data Replicator, Data Replicator II, Data Replicator III | 9999, 9998, 9997, 137, 138, 139, 445 | TCP |
| DSM 5.2 Data Backup, rsync, Synchro du dossier partagé, Remote Time Backup | 873, 22 (si chiffré via SSH) | TCP |
| Hyper Backup (destination de sauvegarde) | 22 (rsync avec le chiffrement du transfert activé), 873 (rsync sans le chiffrement du transfert), 5005 (WebDAV), 5006 (WebDAV avec HTTPS) | TCP |
| Hyper Backup Vault pour DSM 7.0 et versions ultérieures | 6281, 5000 (HTTP), 5001 (HTTPS) | TCP |
| Hyper Backup Vault pour DSM 6.0 | 6281 | TCP |
| Sauvegarde du LUN | 3260 (iSCSI), 873, 22 (si chiffré via SSH) | TCP |
| Snapshot Replication | 5566 (LUN avancés et dossiers partagés) | TCP |
| 3261 (LUN avancés hérités) | TCP | |
### Télécharger
| Type | Numéro de port | Protocole |
| ----- | ------------------------------------------------------------ | --------- |
| BT | Pour DSM 2.0.1 ou une version ultérieure : 16881, Pour DSM 2.0.1-3.0401 ou une version antérieure : 6890-6999 | TCP/ UDP |
| eMule | 4662 | TCP |
| 4672 | UDP | |
### Applications Web
| Type | Numéro de port | Protocole |
| ---- | ------------------------- | --------- |
| DSM | 5000 (HTTP), 5001 (HTTPS) | TCP |
### Service de messagerie
| Type | Numéro de port | Protocole |
| ---------------- | -------------- | --------- |
| IMAP | 143 | TCP |
| IMAP sur SSL/TLS | 993 | TCP |
| POP3 | 110 | TCP |
| POP3 sur SSL/TLS | 995 | TCP |
| SMTP | 25 | TCP |
| SMTP-SSL | 465 | TCP |
| SMTP-TLS | 587 | TCP |
### Transfert de fichiers
| Type | Numéro de port | Protocole |
| ----------------------------- | ------------------------------------------------------------ | --------- |
| AFP | 548 | TCP |
| CIFS/ SMB | smbd : 139 (netbios-ssn), 445 (microsoft-ds) | TCP/ UDP |
| Nmbd : 137, 138 | UDP | |
| FTP, FTP sur SSL, FTP sur TLS | 21 (commande), 20 (connexion de données en mode actif), 1025-65535 (connexion de données en mode passif) [2](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-02) | TCP |
| iSCSI | 3260, 3263, 3265 | TCP |
| NFS | 111, 892, 2049 | TCP/ UDP |
| TFTP | 69 | UDP |
| WebDAV | 5005, 5006 (HTTPS) | TCP |
### Paquets
| Type | Numéro de port | Protocole |
| ------------------------------------------------------------ | ------------------------------------------------------------ | --------- |
| Audio Station | 1900 (UDP), 5000 (HTTP), 5001 (HTTPS), 5353 ( service Bonjour ), 6001-6010 (contrôle/synchronisation AirPlay) | TCP/ UDP |
| Serveur Edge C2 Identity | 389 (LDAP), 7712 (HTTP), 8864 | TCP |
| 53 | UDP | |
| Central Management System | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Cluster d' CIFS | 49152-49252 | TCP/ UDP |
| 17909, 17913, 19998, 24007, 24008, 24009-24045, 38465-38501, 4379 | TCP | |
| Cloud Station | 6690 | TCP |
| DHCP Server | 53, 67, 68 | TCP/ UDP |
| DNS Server | 53 (nommé) | TCP/ UDP |
| LDAP Server (anciennement connu sous le nom de Directory Server) | 389 (LDAP), 636 (LDAP avec SSL) | TCP |
| Download Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| File Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Hybrid Share | 50051 (catalogue), 443 (API), 4222 (NATS) | TCP |
| iTunes Server | 3689 | TCP |
| Centre des journaux (serveur syslog ) | 514 (un port supplémentaire peut être ajouté) | TCP/ UDP |
| Logitech® Media Server | 3483, 9002 | TCP |
| MailPlus Server | 1344, 4190, 5000 (HTTP), 5001 (HTTPS), 5252, 8500 - 8520, 8893, 9526 - 9529, 10025, 10465, 10587, 11211, 11332 - 11334, 12340, 24245, 24246 | TCP |
| Client Web MailPlus | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Mail Station | 80 (HTTP), 443 (HTTPS) | TCP |
| Serveur multimédia | 1900 (UPnP), 50001 (navigation du contenu), 50002 (diffusion du contenu) | TCP/ UDP |
| Migration Assistant | 7400-7499 (DRBD), 22 (SSH) [3](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-03) | DRBD |
| Note Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Photo Station, Web Station | 80 (HTTP), 443 (HTTPS) | TCP |
| Presto File Server | 3360, 3361 | TCP/ UDP |
| Serveur Proxy | 3128 | TCP |
| RADIUS Server | 1812, 18120 | UDP |
| SMI-S Provider | 5988 (HTTP), 5989 (HTTPS) | TCP |
| Surveillance Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Calendar | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology CardDAV Server | 8008 (HTTP), 8443 (HTTPS) | TCP |
| Synology Chat | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Contacts | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Directory Server | 88 (Kerberos), 389 (LDAP), 464 ( changement de mot de passe Kerberos ) | TCP/ UDP |
| 135 (RPC Endpoint Mapper), 636 (LDAP SSL), 1024 (RPC), 3268 (LDAP GC), 3269 (LDAP GC SSL), 49152 (RPC) [4](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-04) , 49300-49320 (RPC) | TCP | |
| Synology Drive Server | 80 (partage de lien), 443 (partage de lien), 5000 (HTTP), 5001 (HTTPS), 6690 (synchronisation/sauvegarde de fichiers) | TCP |
| Synology High Availability (HA) | 123 (NTP), ICMP, 5000 (HTTP), 5001 (HTTPS), 1234, 9997, 9998, 9999 (Synology Assistant), 874, 5405, 5406, 7400-7999 (HA) | TCP/ UDP |
| Synology Moments | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Photos | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Video Station | 1900 (UDP), 5000 (HTTP), 5001 (HTTPS), 9025-9040, 5002, 5004, 65001 (pour utiliser le tuner réseau HDHomeRun) | TCP/ UDP |
| Virtual Machine Manager | 2379-2382 (réseau de cluster), ICMP, 3260-3265 (iSCSI), 5000 (HTTP), 5001 (HTTPS), 5566 (réplication), 16509, 16514, 30200-30300, 5900-5999 (QEMU), 2385 (Redis Server) | TCP |
| VPN Server (OpenVPN) | 1194 | UDP |
| VPN Server (PPTP) | 1723 | TCP |
| VPN Server (L2TP/IPSec) | 500, 1701, 4500 | UDP |
### Applications mobiles
| Type | Numéro de port | Protocole |
| ---------------- | ------------------------- | --------- |
| DS audio | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS cam | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS cloud | 6690 | TCP |
| DS file | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS finder | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS get | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS note | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS photo | 80(HTTP), 443 (HTTPS) | TCP |
| DS video | 5000 (HTTP), 5001 (HTTPS) | TCP |
| MailPlus | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Drive | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Moments | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Photos | 5000 (HTTP), 5001 (HTTPS) | TCP |
### Équipement périphérique
| Type | Numéro de port | Protocole |
| ---------------------------- | -------------- | --------- |
| Bonjour | 5353 | UDP |
| LPR | 515 | UDP |
| Imprimante réseau (IPP)/CUPS | 631 | TCP |
| Network MFP | 3240-3259 | TCP |
| UPS | 3493 | TCP |
### Système
| Type | Numéro de port | Protocole |
| ---------------------------- | ---------------- | --------- |
| LDAP | 389, 636 (SLAPD) | TCP |
| MySQL | 3306 | TCP |
| NTP | 123 | UDP |
| Moniteur de ressources/ SNMP | 161 | TCP/ UDP |
| SSH/SFTP | 22 | TCP |
| Telnet | 23 | TCP |
| WS-Discovery | 3702 | UDP |
| WS-Discovery | 5357 (Nginx) | TCP |
Remarques :
1. Pour la destination de sauvegarde des Synology NAS, Hyper-V ou des périphériques physiques Windows/Linux/macOS.
2. La plage par défaut varie en fonction de vos modèles de produits Synology.
3. Pour le service SSH qui s'exécute sur un port personnalisé, assurez-vous que le port est accessible.
4. Seul Synology Directory Server version 4.10.18-0300 nécessite le port 49152.

178
docs/macos/homebrew/brew-deprecated.md Normal file
View File

@@ -0,0 +1,178 @@
# brew deprecated commands
- switch
#### Activer une autre version:
```bash
$ brew switch <formula>
```
```bash
bruno@SilverBook:/usr/local/Cellar/terminal-notifier/1.8.0$ brew switch terminal-notifier 1.7.1
Cleaning /usr/local/Cellar/terminal-notifier/1.7.1
Cleaning /usr/local/Cellar/terminal-notifier/1.8.0
1 links created for /usr/local/Cellar/terminal-notifier/1.7.1
```
#### Installer une ancienne version d'une formule:
Exemple avec [annie](https://github.com/iawia002/annie), un téléchargeur de vidéo. La version courante est la dernière (0.9.6)
```bash
~ master*
annie -v
annie: version 0.9.6, A fast, simple and clean video downloader.
```
```bash
~ master*
cd "$(brew --repo homebrew/core)"
```
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
git log Formula/annie.rb
commit 377c142a619f2b2563c4c01b06f2560707fa3228
Author: BrewTestBot <homebrew-test-bot@lists.sfconservancy.org>
Date: Fri Nov 8 10:23:24 2019 +0000
annie: update 0.9.6 bottle.
commit e3201eb44c3eade6f113f616b67315ae13f5a70b
Author: iawia002 <xuxinzhao@caicloud.io>
Date: Fri Nov 8 18:15:49 2019 +0800
annie 0.9.6
Closes #46491.
Signed-off-by: Rui Chen <rchen@meetup.com>
commit ef762f724ce45afb0007f7d3b96a8f10ceeb3b58
Author: BrewTestBot <homebrew-test-bot@lists.sfconservancy.org>
Date: Fri Oct 11 21:56:45 2019 +0000
annie: update 0.9.5 bottle.
commit 249669ab6a53335d85d8973c8e82f182903434ca
Author: BrewTestBot <homebrew-test-bot@lists.sfconservancy.org>
Date: Tue Aug 13 14:30:19 2019 +0000
annie: update 0.9.5 bottle.
commit 5fa1c6903f84cc22c2cbed751de6125cab4fe214
Author: iawia002 <xuxinzhao@caicloud.io>
Date: Tue Aug 13 22:22:21 2019 +0800
annie 0.9.5
Closes #43069.
Signed-off-by: Thierry Moisan <thierry.moisan@gmail.com>
```
Création d'une nouvelle branche pour l'ancienne version:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master 19s
git checkout -b annie-0.9.5 ef762f724ce45afb0007f7d3b96a8f10ceeb3b58
Basculement sur la nouvelle branche 'annie-0.9.5'
```
Unlink la version courante:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
brew unlink annie
Unlinking /usr/local/Cellar/annie/0.9.6... 1 symlinks removed
```
Installation de la version 0.9.5:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
HOMEBREW_NO_AUTO_UPDATE=1 brew install annie
==> Downloading https://homebrew.bintray.com/bottles/annie-0.9.5.catalina.bottle.tar.gz
==> Downloading from https://akamai.bintray.com/06/06ff55a2834ad01a262b66f181a8c99800157ec0f465f80e0cc3518be7ebd1da?__gda__=exp=1575195423~hmac=edc063962f1a5b12a715444b0f1eff
######################################################################## 100.0%
==> Pouring annie-0.9.5.catalina.bottle.tar.gz
🍺 /usr/local/Cellar/annie/0.9.5: 5 files, 8.6MB
```
L'ancienne version 0.9.5 est bien active:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
annie -v
annie: version 0.9.5, A fast, simple and clean video downloader.
```
Retour sur la branche 'master'
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
git checkout master
Basculement sur la branche 'master'
Votre branche est à jour avec 'origin/master'.
```
Suppression de l'ancienne branche 0.9.5
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
git branch -d annie-0.9.5
Branche annie-0.9.5 supprimée (précédemment ef762f72).
```
Liste des versions installés:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
brew list annie --versions
annie 0.9.6 0.9.5
```
Info sur la formule 'annie'
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
brew info annie
annie: stable 0.9.6 (bottled)
Fast, simple and clean video downloader
https://github.com/iawia002/annie
/usr/local/Cellar/annie/0.9.5 (5 files, 8.6MB) *
Poured from bottle on 2019-12-01 at 11:05:06
/usr/local/Cellar/annie/0.9.6 (5 files, 8.6MB)
Poured from bottle on 2019-12-01 at 10:57:11
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/annie.rb
```
Changement de version:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
brew switch annie 0.9.6
Cleaning /usr/local/Cellar/annie/0.9.6
Cleaning /usr/local/Cellar/annie/0.9.5
1 links created for /usr/local/Cellar/annie/0.9.6
```

164
docs/macos/homebrew/brew.md
View File

@@ -296,170 +296,34 @@ briss: Crop PDF files
diff-pdf: Visually compare two PDF files
```
#### Activer une autre version:
```bash
$ brew switch <formula>
```
```bash
bruno@SilverBook:/usr/local/Cellar/terminal-notifier/1.8.0$ brew switch terminal-notifier 1.7.1
Cleaning /usr/local/Cellar/terminal-notifier/1.7.1
Cleaning /usr/local/Cellar/terminal-notifier/1.8.0
1 links created for /usr/local/Cellar/terminal-notifier/1.7.1
```
#### Installer une ancienne version d'une formule:
Exemple avec [annie](https://github.com/iawia002/annie), un téléchargeur de vidéo. La version courante est la dernière (0.9.6)
Exemple avec pipdeptree, outil por vérifier les dépendances python: passer de v 2.17.0 à v 2.16.2
```bash
~ master*
annie -v
- Aller sur https://github.com/Homebrew/homebrew-core/tree/master/Formula et rechercher la formule de [pipdeptree](https://github.com/Homebrew/homebrew-core/blob/master/Formula/p/pipdeptree.rb).
annie: version 0.9.6, A fast, simple and clean video downloader.
```
- Cliquer sur [History](https://github.com/Homebrew/homebrew-core/commits/master/Formula/p/pipdeptree.rb) (à droite)
- Cliquer sur **pipdeptree: update 2.16.2 bottle.**
- A droite du bloc de code, cliquer sur les **3 points (...)**, puis sur **View file**.
```bash
~ master*
cd "$(brew --repo homebrew/core)"
```
- En haut du bloc de code, cliquer sur **Raw**.
- Copier / coller le contenu dans un fichier **pipdeptree.rb** ou `curl https://raw.githubusercontent.com/Homebrew/homebrew-core/df08a167320582bc009f8da3342f3af748651dbf/Formula/p/pipdeptree.rb > pipdeptree.rb`
- Supprimer le package existant: `brew remove pipdeptree`
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
git log Formula/annie.rb
commit 377c142a619f2b2563c4c01b06f2560707fa3228
Author: BrewTestBot <homebrew-test-bot@lists.sfconservancy.org>
Date: Fri Nov 8 10:23:24 2019 +0000
- Installer pipdeptree en spécifiant la formule nouvellemnt créee: `brew install pipdeptree.rb`
annie: update 0.9.6 bottle.
- La version 2.16.2 est installée:
commit e3201eb44c3eade6f113f616b67315ae13f5a70b
Author: iawia002 <xuxinzhao@caicloud.io>
Date: Fri Nov 8 18:15:49 2019 +0800
annie 0.9.6
Closes #46491.
Signed-off-by: Rui Chen <rchen@meetup.com>
commit ef762f724ce45afb0007f7d3b96a8f10ceeb3b58
Author: BrewTestBot <homebrew-test-bot@lists.sfconservancy.org>
Date: Fri Oct 11 21:56:45 2019 +0000
annie: update 0.9.5 bottle.
commit 249669ab6a53335d85d8973c8e82f182903434ca
Author: BrewTestBot <homebrew-test-bot@lists.sfconservancy.org>
Date: Tue Aug 13 14:30:19 2019 +0000
annie: update 0.9.5 bottle.
commit 5fa1c6903f84cc22c2cbed751de6125cab4fe214
Author: iawia002 <xuxinzhao@caicloud.io>
Date: Tue Aug 13 22:22:21 2019 +0800
annie 0.9.5
Closes #43069.
Signed-off-by: Thierry Moisan <thierry.moisan@gmail.com>
```
Création d'une nouvelle branche pour l'ancienne version:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master 19s
git checkout -b annie-0.9.5 ef762f724ce45afb0007f7d3b96a8f10ceeb3b58
Basculement sur la nouvelle branche 'annie-0.9.5'
```
Unlink la version courante:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
brew unlink annie
Unlinking /usr/local/Cellar/annie/0.9.6... 1 symlinks removed
```
Installation de la version 0.9.5:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
HOMEBREW_NO_AUTO_UPDATE=1 brew install annie
==> Downloading https://homebrew.bintray.com/bottles/annie-0.9.5.catalina.bottle.tar.gz
==> Downloading from https://akamai.bintray.com/06/06ff55a2834ad01a262b66f181a8c99800157ec0f465f80e0cc3518be7ebd1da?__gda__=exp=1575195423~hmac=edc063962f1a5b12a715444b0f1eff
######################################################################## 100.0%
==> Pouring annie-0.9.5.catalina.bottle.tar.gz
🍺 /usr/local/Cellar/annie/0.9.5: 5 files, 8.6MB
```
L'ancienne version 0.9.5 est bien active:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
annie -v
annie: version 0.9.5, A fast, simple and clean video downloader.
```
Retour sur la branche 'master'
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core annie-0.9.5
git checkout master
Basculement sur la branche 'master'
Votre branche est à jour avec 'origin/master'.
```
Suppression de l'ancienne branche 0.9.5
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
git branch -d annie-0.9.5
Branche annie-0.9.5 supprimée (précédemment ef762f72).
```
Liste des versions installés:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
brew list annie --versions
annie 0.9.6 0.9.5
```
Info sur la formule 'annie'
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
brew info annie
annie: stable 0.9.6 (bottled)
Fast, simple and clean video downloader
https://github.com/iawia002/annie
/usr/local/Cellar/annie/0.9.5 (5 files, 8.6MB) *
Poured from bottle on 2019-12-01 at 11:05:06
/usr/local/Cellar/annie/0.9.6 (5 files, 8.6MB)
Poured from bottle on 2019-12-01 at 10:57:11
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/annie.rb
```
Changement de version:
```bash
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core master
brew switch annie 0.9.6
Cleaning /usr/local/Cellar/annie/0.9.6
Cleaning /usr/local/Cellar/annie/0.9.5
1 links created for /usr/local/Cellar/annie/0.9.6
```
```bash
$ pipdeptree -v
2.16.2
```

141
docs/macos/network.md Normal file
View File

@@ -0,0 +1,141 @@
# Network
```bash
$ arp -a
? (192.0.0.2) at 50:ed:3c:1f:98:6 on en0 ifscope permanent [ethernet]
? (239.255.255.250) at 1:0:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
```
```bash
$ networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
Belkin USB-C LAN
USB 10/100/1000 LAN
Wi-Fi
iPhone USB
Thunderbolt Bridge 2
Thunderbolt Bridge
DS923
```
```bash
$ networksetup -listnetworkserviceorder
An asterisk (*) denotes that a network service is disabled.
(1) Belkin USB-C LAN
(Hardware Port: Belkin USB-C LAN, Device: en5)
(2) USB 10/100/1000 LAN
(Hardware Port: USB 10/100/1000 LAN, Device: en9)
(3) Wi-Fi
(Hardware Port: Wi-Fi, Device: en0)
(4) iPhone USB
(Hardware Port: iPhone USB, Device: en8)
(5) Thunderbolt Bridge 2
(Hardware Port: Thunderbolt Bridge, Device: bridge0)
(6) Thunderbolt Bridge
(Hardware Port: Thunderbolt Bridge, Device: bridge0)
(7) DS923
(Hardware Port: com.wireguard.macos, Device: )
```
```bash
$ networksetup -getinfo Wi-Fi
DHCP Configuration
IP address: 192.0.0.2
Subnet mask: (null)
Router: 192.0.0.1
Client ID:
IPv6: Automatic
IPv6 IP address: none
IPv6 Router: none
Wi-Fi ID: 50:ed:3c:1f:98:06
```
```bash
$ networksetup -listallhardwareports | grep -C1 $(route get default | grep interface | awk '{print $2}')
Hardware Port: Wi-Fi
Device: en0
Ethernet Address: 50:ed:3c:1f:98:06
```
```bash
$ networksetup -listnetworkserviceorder | grep -C1 $(netstat -nr | grep ^default | grep -o "\s\S\+$")
```
```bash
$ networksetup -listnetworkserviceorder | grep -C1 en0
(3) Wi-Fi
(Hardware Port: Wi-Fi, Device: en0)
```
one way to know which one you are taking to reach the outside is the following line command
```bash
$ route get default | grep interface
interface: en0
```
```bash
$ route -n get 0.0.0.0 2>/dev/null | awk '/interface: / {print $2}'
en0
```
```bash
$ netstat -i
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16384 <Link#1> 25370 0 25370 0 0
lo0 16384 127 localhost 25370 - 25370 - -
lo0 16384 localhost ::1 25370 - 25370 - -
lo0 16384 airbook.loc fe80:1::1 25370 - 25370 - -
gif0* 1280 <Link#2> 0 0 0 0 0
stf0* 1280 <Link#3> 0 0 0 0 0
anpi0 1500 <Link#4> de:47:cc:60:98:b6 0 0 0 0 0
anpi1 1500 <Link#5> de:47:cc:60:98:b7 0 0 0 0 0
en3 1500 <Link#6> de:47:cc:60:98:96 0 0 0 0 0
en4 1500 <Link#7> de:47:cc:60:98:97 0 0 0 0 0
en1 1500 <Link#8> 36:6d:60:8b:6d:80 0 0 0 0 0
en2 1500 <Link#9> 36:6d:60:8b:6d:84 0 0 0 0 0
bridge0 1500 <Link#11> 36:6d:60:8b:6d:80 0 0 0 0 0
ap1 1500 <Link#12> 72:ed:3c:1f:98:06 0 0 1108 0 0
ap1 1500 airbook.loc fe80:c::70ed:3cff 0 - 1108 - -
en0 1500 <Link#13> 50:ed:3c:1f:98:06 121 0 49488 0 0
en0 1500 airbook.loc fe80:d::c7a:c760: 121 - 49488 - -
en0 1500 2a01cb09806 2a01:cb09:806e:28 121 - 49488 - -
en0 1500 2a01cb09806 2a01:cb09:806e:28 121 - 49488 - -
en0 1500 192.0.0.2/32 192.0.0.2 121 - 49488 - -
awdl0 1500 <Link#14> f6:0c:44:f4:ad:f2 0 0 2260 0 0
awdl0 1500 fe80::f40c: fe80:e::f40c:44ff 0 - 2260 - -
llw0 1500 <Link#15> f6:0c:44:f4:ad:f2 0 0 0 0 0
llw0 1500 fe80::f40c: fe80:f::f40c:44ff 0 - 0 - -
utun0 1500 <Link#16> 0 0 0 0 0
utun0 1500 airbook.loc fe80:10::4ec3:d09 0 - 0 - -
utun1 1380 <Link#17> 0 0 0 0 0
utun1 1380 airbook.loc fe80:11::98ed:570 0 - 0 - -
utun2 2000 <Link#18> 0 0 0 0 0
utun2 2000 airbook.loc fe80:12::416:ebf1 0 - 0 - -
utun3 1000 <Link#19> 0 0 0 0 0
utun3 1000 airbook.loc fe80:13::ce81:b1c 0 - 0 - -
```

115
docs/macos/terminal/launchd.md Normal file
View File

@@ -0,0 +1,115 @@
# Launchd
#### Exécuter un script bash toutes les 5 minutes:
Copier le script en dehors du dossier Documents
(sinon erreur 126: `/bin/bash: /Users/bruno/Documents/update-motd.sh: Operation not permitted`)
Créer une .plist:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.bruno21.update-motd</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>-c</string>
<string>${HOME}/.local/bin/update-motd.sh</string>
</array>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Minute</key>
<integer>0</integer>
</dict>
<dict>
<key>Minute</key>
<integer>5</integer>
</dict>
<dict>
<key>Minute</key>
<integer>10</integer>
</dict>
<dict>
<key>Minute</key>
<integer>15</integer>
</dict>
<dict>
<key>Minute</key>
<integer>20</integer>
</dict>
<dict>
<key>Minute</key>
<integer>25</integer>
</dict>
<dict>
<key>Minute</key>
<integer>30</integer>
</dict>
<dict>
<key>Minute</key>
<integer>35</integer>
</dict>
<dict>
<key>Minute</key>
<integer>40</integer>
</dict>
<dict>
<key>Minute</key>
<integer>45</integer>
</dict>
<dict>
<key>Minute</key>
<integer>50</integer>
</dict>
<dict>
<key>Minute</key>
<integer>55</integer>
</dict>
</array>
<key>StandardOutPath</key>
<string>/tmp/com.bruno21.update-motd.out</string>
<key>StandardErrorPath</key>
<string>/tmp/com.bruno21.update-motd.err</string>
</dict>
</plist>
```
La copier dans `$HOME/Library/LaunchAgent`
```bash
cp com.update-motd.plist /Users/bruno/Library/LaunchAgents/
```
puis la charger:
```bash
launchctl load -w /Users/bruno/Library/LaunchAgents/com.bruno21.update-motd.plist
```
Voir si elle est activée:
```bash
launchctl list | grep .update-motd
- 0 com.bruno21.update-motd
```
Pour la retirer:
```bash
launchctl load -w /Users/bruno/Library/LaunchAgents/com.bruno21.update-motd.plist
```
https://apple.stackexchange.com/questions/392789/launchctl-plist-has-a-stderr-that-talks-about-how-getcwd-operation-not-permitted?newreg=7f5230c960a74d99b1105a9f66d9cfa2
https://rakhesh.com/mac/macos-launchctl-commands/

112
docs/macos/webserver/apache_M1.md
View File

@@ -231,19 +231,22 @@ $ nano /opt/homebrew/etc/httpd/extra/httpd-vhosts.conf
</VirtualHost>
```
#### Redirection de port:
wiki.js tourne sur localhost:3000
Pour le rendre disponible sur wiki.silverbook.local:
Editer le fichier *httpd.conf* et activer les modules `mod_proxy` et `mod_proxy_http`:
##### Editer le fichier *httpd.conf* et activer les modules `mod_proxy` et `mod_proxy_http`:
```http
LoadModule proxy_module lib/httpd/modules/mod_proxy.so
LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
```
Editer le fichier *hosts*:
##### Editer le fichier *hosts*:
```bash
$ sudo nano /etc/hosts
@@ -251,7 +254,7 @@ $ sudo nano /etc/hosts
127.0.0.1 wiki.airbook.local
```
Editer le fichier *httpd-vhosts.conf*:
##### Editer le fichier *httpd-vhosts.conf*:
```http
<VirtualHost *:80>
@@ -260,14 +263,13 @@ Editer le fichier *httpd-vhosts.conf*:
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost On
</VirtualHost>
```
### SSL:
Activer SSL dans *httpd.conf* (décocher les lignes):
##### Activer SSL dans *httpd.conf* (décocher les lignes):
```http
LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
@@ -291,7 +293,11 @@ Include /usr/local/etc/httpd/extra/httpd-ssl.conf
Ouvrir le fichier *httpd-ssl.conf*:
##### Ouvrir le fichier *httpd-ssl.conf*:
```bash
$ bbedit /opt/homebrew/etc/httpd/extra/httpd-ssl.conf
```
```bash
# Mac intel
@@ -301,13 +307,12 @@ $ nano /usr/local/etc/httpd/extra/httpd-ssl.conf
$ nano /opt/homebrew/etc/httpd/extra/httpd-ssl.conf
```
Remplacer les lignes:
##### Remplacer les lignes:
| Original | Modifié |
| -------------------------------------- | ----------------------------------- |
| `Listen 8443` | `Listen 443` |
et le bloc:
```http
@@ -330,13 +335,13 @@ par
DocumentRoot "/Users/bruno/Sites"
ServerName airbook.local:443
ServerAdmin bruno@clicclac.info
ErrorLog "/opt/homebrew/var/log/httpd/error_log"
TransferLog "/opt/homebrew/var/log/httpd/access_log"
ErrorLog "/opt/homebrew/var/log/httpd/airbook.local-error_log"
TransferLog "/opt/homebrew/var/log/httpd/airbook.local-access_log"
```
Ouvrir le fichier *httpd-vhosts.conf*:
##### Ouvrir le fichier *httpd-vhosts.conf*:
Rajouter ce bloc pour chaque Virtual Host.
@@ -347,6 +352,8 @@ Rajouter ce bloc pour chaque Virtual Host.
SSLEngine on
SSLCertificateFile "/usr/local/etc/httpd/server.crt"
SSLCertificateKeyFile "/usr/local/etc/httpd/server.key"
ErrorLog "/opt/homebrew/var/log/httpd/airbook.local-error_log"
CustomLog "/opt/homebrew/var/log/httpd/airbook.local-access_log" common
</VirtualHost>
```
@@ -381,7 +388,7 @@ Installer 2 programmes:
$ brew install mkcert nss
```
Installer le serveur de certificat:
##### Installer le serveur de certificat:
```bash
$ mkcert -install
@@ -405,41 +412,48 @@ Enter Password or Pin for "NSS Certificate DB":
# https://github.com/FiloSottile/mkcert/issues/50
```
Créer les dossiers pour les certificats:
##### Créer les dossiers pour les certificats:
```bash
$ cd /opt/homebrew/etc/httpd
$ mkdir certs && cd certs
```
Générer les certificats:
##### Générer les certificats (wildcard):
```bash
$ mkcert airbook.local
$ mkcert airbook.local "*.airbook.local" localhost 127.0.0.1 ::1
$ mkcert airbook.local "*.airbook.local" 192.168.2.39 localhost 127.0.0.1 ::1
Created a new certificate valid for the following names 📜
- "airbook.local"
- "*.airbook.local"
- "localhost"
- "127.0.0.1"
- "::1"
The certificate is at "./airbook.local.pem" and the key at "./airbook.local-key.pem"
Reminder: X.509 wildcards only go one level deep, so this won't match a.b.airbook.local
It will expire on 18 February 2026 🗓
The certificate is at "./airbook.local+4.pem" and the key at "./airbook.local+4-key.pem"
It will expire on 18 April 2026 🗓
```
Un certificat et une clé sont créer pour chaque domaine:
```http
/opt/homebrew/etc/httpd/certs/airbook.local.pem
/opt/homebrew/etc/httpd/certs/airbook.local-key.pem
/opt/homebrew/etc/httpd/certs/airbook.local+4.pem
/opt/homebrew/etc/httpd/certs/airbook.local+4-key.pem
```
Editer le fichier *httpd-ssl.conf* et remplacer les 2 lignes:
##### Editer le fichier *httpd-ssl.conf* et remplacer les 2 lignes:
```http
SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local.pem"
SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local-key.pem"
SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local+4.pem"
SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local+4-key.pem"
```
Tester la configuration:
##### Tester la configuration:
```bash
$ httpd -t
@@ -448,7 +462,7 @@ Syntax OK
$ apachectl configtest
```
Redémarrer Apache:
##### Redémarrer Apache:
```bash
$ brew services restart httpd
@@ -460,15 +474,31 @@ $ brew services restart httpd
Editer le fichier *httpd-vhosts.conf*:
Rajouter le bloc suivant
Rajouter le/les bloc(s) suivant
```http
<VirtualHost *:443>
ServerAdmin bruno@clicclac.info
DocumentRoot "/Users/bruno/Sites"
ServerName airbook.local
SSLEngine on
SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local.pem"
SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local-key.pem"
SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local+4.pem"
SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local-key+4.pem"
ErrorLog "/opt/homebrew/var/log/httpd/airbook.local-error_log"
CustomLog "/opt/homebrew/var/log/httpd/airbook.local-access_log" common
</VirtualHost>
```
```http
<VirtualHost *:443>
ServerAdmin bruno@clicclac.info
DocumentRoot "/Users/bruno/Sites/mbv"
ServerName maboiteverte.airbook.local
SSLEngine on
SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local+4.pem"
SSLCertificateKeyFile "/opt/homebrew/etc/httpd/certs/airbook.local+4-key.pem"
ErrorLog "/opt/homebrew/var/log/httpd/mbv.airbook.local-error_log"
CustomLog "/opt/homebrew/var/log/httpd/mbv.airbook.local-access_log" common
</VirtualHost>
```
@@ -501,9 +531,9 @@ Il faut rajouter les lignes suivantes au PHP.ini
```ini
[openssl]
openssl.cafile="/usr/local/etc/httpd/server.crt"
openssl.cafile="/opt/homebrew/etc/httpd/certs/airbook.local.pem"
# D'après SSLCertificateFile "/usr/local/etc/httpd/server.crt" du httpd-ssl.conf
# D'après SSLCertificateFile "/opt/homebrew/etc/httpd/certs/airbook.local.pem" du httpd-ssl.conf
```
@@ -522,17 +552,19 @@ ErrorDocument 404 /custom_404.html
ErrorDocument 500 /custom_50x.html
```
[:fa-link: https://httpd.apache.org/docs/2.4/fr/custom-error.html](https://httpd.apache.org/docs/2.4/fr/custom-error.html)
### Messages d'erreur personnalisés multilingues:
Ouvrir le fichier *httpd-ssl.conf* et dé-commenter les lignes suivantes:
Ouvrir le fichier *httpd.conf* et dé-commenter les lignes suivantes:
```http
LoadModule include_module lib/httpd/modules/mod_include.so
LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
Include /usr/local/etc/httpd/extra/httpd-multilang-errordoc.conf
Include /opt/homebrew/etc/httpd/extra/httpd-multilang-errordoc.conf
```
@@ -543,13 +575,13 @@ Include /usr/local/etc/httpd/extra/httpd-multilang-errordoc.conf
$ brew install homebrew/php/phpmyadmin
```
Le fichier de configuration se trouve là:`/usr/local/etc/phpmyadmin.config.inc.php`
Le fichier de configuration se trouve là:`/opt/homebrew/etc/phpmyadmin.config.inc.php`
Ajouter le bloc qui suit dans le **httpd.conf**
```http
Alias /phpmyadmin /usr/local/share/phpmyadmin
<Directory /usr/local/share/phpmyadmin/>
Alias /phpmyadmin /opt/homebrew/share/phpmyadmin
<Directory /opt/homebrew/share/phpmyadmin/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
<IfModule mod_authz_core.c>
@@ -564,9 +596,7 @@ Ajouter le bloc qui suit dans le **httpd.conf**
### Message derreur personnalisé:
[:fa-link: https://httpd.apache.org/docs/2.4/fr/custom-error.html](https://httpd.apache.org/docs/2.4/fr/custom-error.html)
@@ -746,6 +776,16 @@ ScriptAlias /cgi-bin/ "/opt/homebrew/var/www/cgi-bin/"
#### Désinstallation
```bash
$ brew uninstall httpd
$ rm -rf /opt/homebrew/etc/httpd
```
### Liens:
[:fa-link: https://getgrav.org/blog/macos-bigsur-apache-multiple-php-versions](https://getgrav.org/blog/macos-bigsur-apache-multiple-php-versions)

137
docs/macos/webserver/mod-php.md
View File

@@ -130,3 +130,140 @@ $ sphp 7.4
#### Xdebug
##### Installation:
```bash
$ sphp 8.2
$ pecl uninstall -r xdebug
$ pecl install xdebug
```
```bash
$ sphp 8.3
$ pecl uninstall -r xdebug
$ pecl install xdebug-3.3.0alpha3
```
##### Configuration:
```bash
$ bbedit /opt/homebrew/etc/php/8.2/conf.d/ext-xdebug.ini
$ bbedit /opt/homebrew/etc/php/8.3/conf.d/ext-xdebug.ini
```
```http
[xdebug]
zend_extension="xdebug.so"
xdebug.mode=debug
```
#### Xdebug Switcher:
##### Installation:
```bash
$ curl -L https://gist.githubusercontent.com/rhukster/073a2c1270ccb2c6868e7aced92001cf/raw/c1629293bcf628cd6ded20c201c4ef0a2fa79144/xdebug > /opt/homebrew/bin/xdebug
$ chmod +x /opt/homebrew/bin/xdebug
```
```bash
$ xdebug
Usage: xdebug <on | off> [--no-server-restart]
You are running PHP v8.2 with Xdebug enabled
PHP 8.2.14 (cli) (built: Dec 20 2023 06:28:06) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.14, Copyright (c) Zend Technologies
with Zend OPcache v8.2.14, Copyright (c), by Zend Technologies
with Xdebug v3.3.1, Copyright (c) 2002-2023, by Derick Rethans
```
#### APCu
##### Installation:
```bash
$ pecl install apcu
# fatal error: 'pcre2.h' file not found
$ ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php/
ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php/8.3.1/include/php/ext/pcre/pcre2.h
ln -s /opt/homebrew/Cellar/pcre2/10.42/include/pcre2.h /opt/homebrew/Cellar/php@8.2/8.2.14/include/php/ext/pcre/pcre2.h
```
```bash
$ sphp 8.2
$ pecl install apcu
```
```bash
$ sphp 8.3
$ pecl uninstall -r apcu
$ pecl install apcu
```
##### Configuration:
```bash
$ bbedit /opt/homebrew/etc/php/8.2/conf.d/ext-apcu.ini
$ bbedit /opt/homebrew/etc/php/8.3/conf.d/ext-apcu.ini
```
```http
[apcu]
extension="apcu.so"
apc.enabled=1
apc.shm_size=64M
apc.ttl=7200
apc.enable_cli=1
```
#### YAML
Installation:
```bash
$ brew install libyaml
```
```bash
$ sphp 8.2
$ pecl install yaml
# Au prompt "Please provide the prefix of libyaml installation [autodetect]", entrer:
# /opt/homebrew/Cellar/libyaml/0.2.5
```
```bash
$ sphp 8.3
$ pecl uninstall -r yaml
$ pecl install yaml
# Au prompt "Please provide the prefix of libyaml installation [autodetect]", entrer:
# /opt/homebrew/Cellar/libyaml/0.2.5
```
##### Configuration:
```bash
$ bbedit /opt/homebrew/etc/php/8.2/conf.d/ext-yaml.ini
$ bbedit /opt/homebrew/etc/php/8.3/conf.d/ext-yaml.ini
```
```http
[yaml]
extension="yaml.so"
```

4
docs/macos/webserver/redis.md
View File

@@ -19,7 +19,7 @@ $ brew services restart redis
### Le fichier de config:
```bash
/opt/homebrew/etc/redis.conf
$ nano /opt/homebrew/etc/redis.conf
```
### Tester redis:
@@ -51,7 +51,7 @@ $ redis-server
30766:M 25 Jul 2022 11:46:58.613 # WARNING: The TCP backlog setting of 511 cannot be enforced because kern.ipc.somaxconn is set to the lower value of 128.
30766:M 25 Jul 2022 11:46:58.613 # Server initialized
30766:M 25 Jul 2022 11:46:58.613 * Ready to accept connections
30766:M 25 Jul 2022 11:46:58.613 * Ready to accept connections tcp
```

79
mkdocs.yml
View File

@@ -54,6 +54,7 @@ nav:
- Pushd / popd: Linux/pushd-popd.md
- I/O Redirections: Linux/redirections.md
- ripgrep: Linux/ripgrep.md
- rsync: Linux/rsync.md
- SCP: Linux/scp.md
- SFTP: Linux/sftp.md
- sed: Linux/sed.md
@@ -123,6 +124,7 @@ nav:
- poetry: macOS/python/poetry.md
- Python 3: macOS/python/python3.md
- Environnement virtuel: macOS/python/virtuel.md
- Network: macOS/network.md
- Ruby: macOS/ruby.md
- Rust: macOS/rust.md
- Sécurité (Gatekeeper): macOS/securite.md
@@ -132,8 +134,10 @@ nav:
- Terminal:
- alias: macOS/terminal/alias.md
- chflags: macOS/terminal/chflags.md
- Commandes: macOS/terminal/commandes.md
- Exécuter un script Bash: macOS/terminal/executer_shell_script.md
- getfileinfo - setfile: macOS/terminal/getfileinfo_setfile.md
- launchd: macOS/terminal/launchd.md
- md5: macOS/terminal/md5.md
- mdfind: macOS/terminal/mdfind.md
- open: macOS/terminal/open.md
@@ -188,9 +192,11 @@ nav:
- Ghost: Plesk/Ghost.md
- Git: Plesk/git.md
- Gitea: Plesk/Gitea.md
- IONOS: Plesk/ionos.md
- Joplin: Plesk/joplin.md
- Nextcloud: Plesk/nextcloud.md
- Nodejs: Plesk/nodejs.md
- Plesk: Plesk/Plesk.md
- Programmation:
- Python:
- Index: Programmation/Python/index.md
@@ -220,9 +226,12 @@ nav:
- Boot et clone: Raspberry/boot.md
- Backup: Raspberry/backup.md
- Cloud: Raspberry/cloud.md
- Diet-pi: Raspberry/diet-pi.md
- Envoyer un mail depuis le RPi: Raspberry/send_mail.md
- Hardware: Raspberry/hardware.md
- Heure: Raspberry/heure.md
- Installation sans écran: Raspberry/headless.md
- Mail: Raspberry/mail.md
- Matériels:
- Liste: Raspberry/materiels/materiels.md
- Cameras: Raspberry/materiels/camera.md
@@ -230,10 +239,10 @@ nav:
- HC-SR501: Raspberry/materiels/HC-SR501.md
- Nextcloud: Raspberry/nextcloud.md
- Pi Desktop: Raspberry/pi-desktop.md
- Pi-hole: Raspberry/pi-hole.md
- Python: Raspberry/python.md
- Réseau: Raspberry/reseau.md
- Rclone: Raspberry/rclone.md
- Envoyer un mail depuis le RPi: Raspberry/send_mail.md
- Services: Raspberry/services.md
- SiriControl: Raspberry/siri_control.md
- Tools: Raspberry/tools.md
@@ -246,8 +255,45 @@ nav:
- bash: Synology/bash.md
- crontab: Synology/crontab.md
- Docker:
- docker-compose:
- changeDetection: Synology/Docker/docker-compose/changeDetection.md
- chibisafe: Synology/Docker/docker-compose/chibisafe.md
- dockge: Synology/Docker/docker-compose/dockge.md
- dockspell: Synology/Docker/docker-compose/docspell.md
- dozzle: Synology/Docker/docker-compose/dozzle.md
- freegeoip: Synology/Docker/docker-compose/freegeoip.md
- glances: Synology/Docker/docker-compose/glances.md
- gokapi: Synology/Docker/docker-compose/gokapi.md
- heimdall: Synology/Docker/docker-compose/heimdall.md
- iGotify: Synology/Docker/docker-compose/igotify.md
- invidious: Synology/Docker/docker-compose/invidious.md
- maptiler: Synology/Docker/docker-compose/maptiler.md
- navidrome: Synology/Docker/docker-compose/navidrome.md
- openstreetmap: Synology/Docker/docker-compose/openstreetmap.md
- paperlessngx: Synology/Docker/docker-compose/paperlessngx.md
- Pi.Alert: Synology/Docker/docker-compose/Pi.Alert.md
- pingvin: Synology/Docker/docker-compose/pingvin.md
- privateBin: Synology/Docker/docker-compose/privatebin.md
- psiTransfer: Synology/Docker/docker-compose/psitransfer.md
- scrutiny: Synology/Docker/docker-compose/scrutiny.md
- seafile: Synology/Docker/docker-compose/seafile.md
- searXNG: Synology/Docker/docker-compose/searXNG.md
- send: Synology/Docker/docker-compose/send.md
- snapdrop: Synology/Docker/docker-compose/snapdrop.md
- snippet-box: Synology/Docker/docker-compose/snippet-box.md
- tautulli: Synology/Docker/docker-compose/tautulli.md
- watchtower: Synology/Docker/docker-compose/watchtower.md
- wgeasy: Synology/Docker/docker-compose/wgeasy.md
- yacy: Synology/Docker/docker-compose/yacy.md
- yatch: Synology/Docker/docker-compose/yatch.md
- Grafana: Synology/Docker/grafana.md
- Index: Synology/Docker/index.md
- iperf3: Synology/Docker/iperf3.md
- Joplin: Synology/Docker/joplin.md
- Portainer: Synology/Docker/portainer.md
- Ports: Synology/Docker/ports.md
- Updates: Synology/Docker/updates.md
- Wireguard: Synology/Docker/Wireguard.md
- DSM 6:
- DSM 6: Synology/dsm6/dsm6.md
- Gitea: Synology/dsm6/gitea.md
@@ -258,15 +304,23 @@ nav:
- Services: Synology/dsm6/services.md
- DSM 7:
- Apache: Synology/dsm7/apache.md
- cli-tools: Synology/dsm7/cli-tools.md
- DSM 7: Synology/dsm7/dsm7.md
- Gitea: Synology/dsm7/gitea.md
- Home Assistant: Synology/dsm7/HomeAssistant.md
- Homebridge: Synology/dsm7/Homebridge.md
- Nextcloud: Synology/dsm7/nextcloud.md
- Node: Synology/dsm7/node.md
- Pare-feu: Synology/dsm7/pare-feu.md
- pCloud: Synology/dsm7/pcloud.md
- PHP: Synology/dsm7/php.md
- Pi-Hole: Synology/dsm7/pi-hole.md
- Piwigo: Synology/dsm7/piwigo.md
- Python 3: Synology/dsm7/python.md
- Redis: Synology/dsm7/redis.md
- Snapshot: Synology/dsm7/snapshot.md
- Webserver (opkg): Synology/dsm7/webserver-opkg.md
- Wireguard: Synology/dsm7/wireguard.md
- WordPress: Synology/dsm7/wordpress.md
- eadir: Synology/eadir.md
- ImageMagick: Synology/ImageMagick.md
@@ -275,6 +329,8 @@ nav:
- iPKG (DSM5): Synology/opkg/iPKG5.md
- iPKG (DSM6): Synology/opkg/iPKG6.md
- oPKG: Synology/opkg/oPKG.md
- ovh: Synology/ovh.md
- Ports: Synology/ports.md
- Scripts: Synology/scripts.md
- Windows:
- Index: Windows/index.md
@@ -298,22 +354,27 @@ nav:
- Personnaliser WSL: Windows/wsl_2.md
- Divers:
- Index: Divers/index.md
- Adobe: Divers/adobe.md
- Adobe:
- Adobe: Divers/Adobe/adobe.md
- Lightroom: Divers/Adobe/Lightroom.md
- Alfred: Divers/alfred.md
- bash:
- basename: Divers/bash/basename.md
- Commandes: Divers/bash/commandes.md
- curl: Divers/bash/curl.md
- direnv: Divers/bash/direnv.md
- Exemples: Divers/bash/bash_exemples.md
- getopts: Divers/bash/getopts.md
- HereDoc: Divers/bash/HereDoc.md
- image: Divers/bash/image.md
- json: Divers/bash/json.md
- Password: Divers/bash/passwords.md
- printf: Divers/bash/printf.md
- Programmation: Divers/bash/programmation.md
- Regular Expression Matching: Divers/bash/rematch.md
- Strings: Divers/bash/strings.md
- Tableaux: Divers/bash/tableaux.md
- Translate: Divers/bash/translate.md
- Variables: Divers/bash/variables.md
- batch:
- Commades DOS (1): Divers/batch/Commandes_DOS.md
@@ -325,10 +386,12 @@ nav:
- Docker:
- docker: Divers/docker/docker.md
- applications: Divers/docker/applications.md
- watchtower: Divers/docker/watchtower.md
- dotbare: Divers/dotbare.md
- git:
- Index: Divers/git/index.md
- git: Divers/git/git.md
- Github: Divers/git/github.md
- Session de travail avec git: Divers/git/git-session.md
- gitea: Divers/git/gitea.md
- git-ftp: Divers/git/git-ftp.md
@@ -351,10 +414,13 @@ nav:
- Papiers Art Texturés: Divers/Permajet/Art_textures.md
- Papiers Art Baryta: Divers/Permajet/Baryta.md
- Papiers Photo Numérique: Divers/Permajet/Photo_numerique.md
- Plex: Divers/plex.md
- Plex:
- Plex: Divers/plex.md
- Réseau:
- Reseau: Divers/reseau/reseau.md
- Routeur Asus: Divers/reseau/rt-ac88u.md
- Routeur Asus (Merlin): Divers/reseau/rt-ac88u-merlin.md
- Routeur Asus (openWrt): Divers/reseau/rt-ac88u-openwrt.md
- Routeur Asus ET12: Divers/reseau/et12.md
- Sonos:
- Index: Divers/Sonos/index.md
- One: Divers/Sonos/one.md
@@ -478,8 +544,11 @@ extra:
- icon: fontawesome/brands/flickr
link: https://www.flickr.com/photos/funnymac/
copyright: Copyright &copy; 2016 - 2023 Bruno Pesenti
copyright: Copyright &copy; 2016 - 2024 Bruno Pesenti
site_dir: central_docs
dev_addr: '127.0.0.1:8001'
#####
# pdf-export: DeprecationWarning: A plugin has set File.page to an instance of Page and it got overwritten.