PhotoPrism is easy to setup with NextCloud sync, though it seems a bit odd the way its done. The NextCloud server is added to Settings / Backup in PhotoPrism, then you can click the circular arrows under the sync heading, and setup sync. To pick up the NextCloud auto uploads from my phone, I selected the InstantUploads folder to sync, with a daily interval. I told PhotoPrism to download remote files, preserve filenames, and sync raw and video files. I didn’t want PhotoPrism to upload to NextCloud as I wanted it to be a one way file sync to gather data. My PhotoPrism server is setup as a data viewer and not generating data itself as well. Then a flip of the “enable” switch and its complete. The first sync didn’t start instantaneously, however it did start not too long after setting it up, and it took a few hours to slowly sync and process all the files in my NextCloud folder (a few thousand files).
Installing Scrutiny on Unraid
What is Scrutiny? An application that monitors SMART statistics on HDDs and SSDs. This is useful to monitor the health of an array of disks like what unraid handles. As someone who’s had disks silently start failing and loosing data without notice (like unraid dropping the disk out of the pool), an application like this will be extremely useful.
Continue reading “Installing Scrutiny on Unraid”Installing Docker on a Raspberry Pi
On Raspbian
Install Docker
sudo curl -sSL https://get.docker.com | sh Add Permissions to run Docker Commands
sudo usermod -aG docker pi Test Docker Install
docker run hello-world Install Docker-Compose
sudo apt-get install libffi-dev libssl-dev
sudo apt-get install -y python python-pip
sudo pip install docker-compose Jenkins LDAP Authentication
Continuing on my journey through centralizing my authentication for a number of services, I come to my Jenkins instance. This was setup recently to handle CI/CD on some of my personal projects, and has been working extremely well on automated build/test/deploy. Since none of the software it supports is going anywhere anytime soon, I decided to add the instance to the grouping of services going to LDAP for authentication. Setting up Jenkins with LDAP is a relatively straight forward process. It requires a few plugins to support it fully (authentication, group based authorization). The difficulty comes in authorization, as the role-based authorization strategy plugin isn’t as well documented as one would hope. It is at least not too hard to work through and works as intended.
Plugins to Use
- LDAP Plugin
- Default Plugin included in Jenkins
- Role-Based Authorization Strategy
- Authorize Project
Portainer LDAP Authentication
On my adventure to centralize authentication around my applications, I have Portainer up next. I use this application to help manage my docker containers and images across my docker swarm cluster and on my unRAID server. Portainer has some basic LDAP authentication capabilities built in for free, and a large amount of capability behind paid services and plugins. For this, I will be using the free capabilities.
Continue reading “Portainer LDAP Authentication”Grafana LDAP Authentication
In my adventure to add centralized authentication to a portion of my infrastructure, I decided to add Grafana to my list of apps using LDAP. I have had a Grafana/Influx/Telegraf stack up in my infrastructure for a long time and have no intention of removing it, so its a perfect candidate for this treatment.
While Grafana includes some enterprise features for purchase, we will just be using the free features available. These can be used to setup basic authentication for login, and roles based on LDAP groups. This can provide admin, viewer, and editor capabilities. For my instance, I’ll be focusing on a basic admin user, with all other LDAP logins from my server going to the viewer role.
- Admin
- Administrator user
- Editor
- edit and view dashboards
- Viewer
- view dashboards
Univention memberOf Attribute Saga
When I initially built the main part of my lab, I wanted to have a Domain Controller for centralized authentication. I decided upon using Univention Corporate Server as my domain controller. I never ended up using it for centralized authentication, though it has been very easy to maintain for a local DNS server to avoid DNS loopback problems with my ISP.
After working with separate accounts on all my services long enough, I decided it would be a good time to move at least some of my core services to use centralized authentication. I spin up and experiment with services often enough that I’ll never have 100% of it centralized, but the frequently used ones can at least be easier to login to without memorizing multiple passwords.
Continue reading “Univention memberOf Attribute Saga”Fixing the Docker Swarm tasks.db
The Issue: The docker swarm manager node becomes useless after the tasks.db file explodes in size. This can be seen by worker nodes not being able to connect to the swarm, or manager nodes not seeing the other manager.
The Fix: Stop the docker service (service docker stop), delete or move the tasks.db file, start the docker service (service docker start). This seems too simple to be true, but it isn’t, the tasks.db file can be safely removed and regenerated by the docker swarm manager.
WireGuard on Unifi USG
I have been looking around for a good VPN solution to use while traveling recently. I have a few services running at home, that I really don’t want on the internet (OctoPrint, general ssh access etc), but I want to use remotely. I also want a way to secure my connection when I don’t trust the network I’m connecting through.
I had previously set up a L2TP Remote user VPN in the UniFi controller, but it had a few issues.
- Instability on android (the VPN wouldn’t even show as ‘disconnected’, it would simply stop)
- Issues when connecting to it from ipv6 cell carriers
I had heard of Wireguard a while ago and have been keeping track of development and their status on integrating with the Linux kernel. It turns out some kind soul has created a deb package to install WireGuard on Vyatta (which is what the USG is based on).
Continue reading “WireGuard on Unifi USG”Disabling the Aggressive Inspircd Health Check
One of the first application stacks I went to install and setup on my new Raspberry Pi docker cluster was Inspircd/qwebirc/anope. This stack was running originally on a raspberry pi 1b (256MB RAM version). I wanted to move this off the pi1 since it was out of date and would need a complete reinstall to be back to full patch status. However shortly after getting it running in my swarm, I ran into issues.
The IRC server would restart every few hours, sometimes it would restart every 10 minutes or so. I deemed that as unacceptable on my basic setup even for just using it in development of IRC bots.
Continue reading “Disabling the Aggressive Inspircd Health Check”