Pi server

pi-server.md

Server

This is a short installation manual for a home-server. I made it for me if... you know. There are thinks to make it better. Using Docker internal networks instead bind directly to the host. Because this causes port coflicts and the only way to solve it (without a start from the beginning) was to create a mixture of localhost access and ip of the server which is pretty ugly.

Ports

• 22 SSH (expose to www)
• 80 http Server (expose to www)
• 443 https Server (expose to www)
• 888 Nextcloud
• 1880 Node Red
• 1883 MQTT
• 3000 Wikijs
• 3001 Grafana
• 5432 Postgres
• 8086 InfluxDB
• 8123 Home Assistant (Hassio)
• 9000 Portainer
• 51820 WireGuard (expose to www)

Setup

Install pi imager

• https://www.raspberrypi.org/software/

Change boot order

• https://www.tomshardware.com/how-to/boot-raspberry-pi-4-usb

Create ssd card with headless pi os

• https://www.tomshardware.com/reviews/raspberry-pi-headless-setup-how-to,6028.html

Copy sd to ssd

Using backup script from here: https://github.com/raspberrypi-ui/piclone/blob/master/src/backup

To print all block devices:

lsblk

If HDD is /dev/sda:

./backup /dev/sda

• Removes and creates partitions, copies all files

change fs in cmdline.txt and fstab

pi@server:~ $ sudo blkid
[...]
/dev/sda1: SEC_TYPE="msdos" UUID="2A9E-82A5" TYPE="vfat" PARTUUID="81e4803d-01"
/dev/sda2: UUID="b19c600c-6711-4ab6-a612-21b27f3ccbf0" TYPE="ext4" PARTUUID="81e4803d-02"

We need PARTUUID="81e4803d-01" and PARTUUID="81e4803d-02" from sda.

• Mount the new partitions from HDD

  sudo mkdir /mnt/boot sudo mkdir /mnt/root sudo mount /dev/sda1 /mnt/boot sudo mount /dev/sda2 /mnt/root

Now change the UUID against the one of sda2:

sudo nano /mnt/boot/cmdline.txt

and the UUID of sda1 and sda2 in fstab:

sudo nano /mnt/root/etc/fstab

unmount:

sudo umount /mnt/boot    
sudo umount /mnt/root    

Reboot

sudo nano shutdown -h now

• Remove SD-Card
• Restart

Docker

• https://dev.to/elalemanyo/how-to-install-docker-and-docker-compose-on-raspberry-pi-1mo

Portainer

• https://documentation.portainer.io/v2.0/deploy/ceinstalldocker/

Open with http://:9000/

VPN

• https://www.pivpn.io/

  curl -L https://install.pivpn.io | bash

• open port in router (51820) and forward to server

• add client

  pivpn add

Resulting config file is in /home/pi/configs

generate QR code

• https://www.wireguardconfig.com/qrcode

Android

• https://play.google.com/store/apps/details?id=com.wireguard.android&hl=en

NginX

sudo apt install nginx

create doc dir

sudo mkdir /var/www/<domain>
sudo chown www-data.www-data /var/www/<domain>

create/change config file

sudo nano /etc/nginx/conf.d/<domain>.conf

fill with (change domain)

server {
    listen 80;
    listen [::]:80;
    root /var/www/<domain>;
    index index.html;
    server_name <domain> www.<domain>;
}

for every subdomain

create doc dir

sudo mkdir /var/www/<fullSubDomain>
sudo chown www-data.www-data /var/www/<domain>

create/change config file

sudo nano /etc/nginx/sites-available/<fullSubDomain>

fill with

server {
    root /var/www/<fullSubDomain>;
    index index.html;
    server_name <fullSubDomain>;
}

enable

sudo ln -s /etc/nginx/sites-available/<fullSubDomain> /etc/nginx/sites-enabled/<fullSubDomain>

restart

sudo systemctl restart nginx

Letsencrypt

• https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

  sudo apt-get install certbot apt-get install python3-certbot-nginx

obtain certificates

sudo certbot --nginx -d <domain> -d www.<domain> -d <fullSsubDomain1> -d <fullSsubDomain2> ...

Home Assistant

• https://www.home-assistant.io/installation/raspberrypi

Node Red

• https://nodered.org/docs/getting-started/docker

prevent git trouble

Log in into container

docker exec -it node/red /bin/bash

and create/fill the file

/usr/src/node-red/.ssh

with content

Host *
    IdentityFile /data/projects/.sshkeys/__default_home-nodered

MQTT Broker / Mosquito

• https://hub.docker.com/_/eclipse-mosquitto

• https://tewarid.github.io/2019/04/03/installing-and-configuring-the-mosquitto-mqtt-broker.html

  docker run -d --name mosquitto -it --restart=unless-stopped --net=host eclipse-mosquitto

edit config

docker exec -it -d --restart unless-stopped mosquitto /bin/sh
vi /mosquitto/config/mosquitto.conf

and set

listener 1883
allow_anonymous true
socket_domain ipv4

Zigbee

hardware: flash cc

• with extra Hardware
  • https://www.zigbee2mqtt.io/information/flashing_the_cc2531.html
• With soldering
  • https://www.youtube.com/watch?v=RguRQUXWLCY

Reset flasher if no target could be found.

Software: zigbee2mqtt

• https://www.zigbee2mqtt.io/information/docker.html

  pi@server:~ $ ls -l /dev/serial/by-id total 0 lrwxrwxrwx 1 root root 13 Aug 12 10:17 usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B001949EB99-if00 -> ../../ttyACM0

  docker run
  --name zigbee2mqtt
  -it
  -v $(pwd)/data:/app/data
  --device=/dev/ttyACM0
  -e TZ=Europe/Berlin
  -v /run/udev:/run/udev:ro
  --privileged=true
  --network host
  koenkk/zigbee2mqtt

Grafana Visualization

• https://gabrieltanner.org/blog/grafana-sensor-visualization

InfluxDB

Version 1.8 because later versions require a 64 Bit OS

docker run -d --restart unless-stopped --net=host \
-v influxdb:/var/lib/influxdb --name influxdb influxdb:1.8

docker exec -it influxdb influx


CREATE DATABASE sensors
CREATE USER telegraf WITH PASSWORD 'telegraf'
GRANT ALL ON sensors TO telegraf

Telegraf

Create default config: mkdir ~/telegraf cd ~/telegraf docker run --rm telegraf telegraf config > telegraf.conf

Modify config

[[inputs.mqtt_consumer]]
  ## MQTT broker URLs to be used. The format should be scheme://host:port,
  ## schema can be tcp, ssl, or ws.
  servers = ["tcp://localhost:1883"]

  ## Topics that will be subscribed to.
  topics = [
 "zigbee2mqtt/#"
  ]

data_format = "json"

and

[[outputs.influxdb]]
  ## Multiple URLs can be specified for a single cluster, only ONE of the
  ## urls will be written to each interval.
  urls = ["http://localhost:8086"]

  ## The target database for metrics; will be created as needed.
  ## For UDP url endpoint database needs to be configured on server side.
  database = "sensors"

  ## If true, no CREATE DATABASE queries will be sent.  Set to true when using
  ## Telegraf with a user without permissions to create databases or when the
  ## database already exists.
  skip_database_creation = true

  ## HTTP Basic Auth
  username = "telegraf"
  password = "telegraf"

start and mount config into the container

docker run -d -v ~/telegraf:/etc/telegraf:ro --restart unless-stopped --net=host --name telegraf telegraf

Grafana

docker run -d --restart unless-stopped --name grafana -p 3001:3000 grafana/grafana

Login is admin/admin

Postgres

• https://hub.docker.com/_/postgres

  docker run --name postgres --net=host
  --restart unless-stopped -e POSTGRES_PASSWORD=postgres -d
  postgres

Wiki.js

• https://docs.requarks.io/install/docker

Create new DB in postgres

docker run -d --net=host --name wiki --restart unless-stopped \
-e "DB_TYPE=postgres" -e "DB_HOST=127.0.0.1" -e "DB_PORT=5432" \
-e "DB_USER=wikijs" -e "DB_PASS=wikijs" -e "DB_NAME=wikijs" \
requarks/wiki:2

Create new Docker volume

docker volume create wiki-config

Create keypair within docker volume

pi@server:~ $ docker volume inspect wiki-config
[
    {
        "CreatedAt": "2021-08-13T22:39:13+02:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/wiki-config/_data",
        "Name": "wiki-config",
        "Options": {},
        "Scope": "local"
    }
]    

sudo ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f /var/lib/docker/volumes/wiki-config/_data/id_rsa

Start wiki with additional docker volume

docker run -d --net=host --name wiki --restart unless-stopped \
-e "DB_TYPE=postgres" -e "DB_HOST=localhost" -e "DB_PORT=5432" -e "DB_USER=wikijs" -e "DB_PASS=wikijs" -e "DB_NAME=wikijs" \
--mount source=wiki-config,target=/wiki-config \
requarks/wiki:2

Nextcloud

docker run \
--name nextcloud \
-d --restart unless-stopped \
-p 888:80 \
-v nextcloud:/var/www/html \
nextcloud