ูุตุฉ ููู ูู
ุช ุจุชูููู ุงูุฎุฏู
ุงุช ูู ุนุงู
ู ุงูู
ููุงุก ุนูู Raspberry PI ููู
ุงุฐุง ูุฏ ูุง ุชููู ูุฐู ุฃูุถู ููุฑุฉ.
ู
ูุฏู
ุฉ (ุฃู ููู ุจุฏุฃ ูู ุดูุก)
ุจุฏุฃ ูู ุดูุก ู
ูุฐ ููุช ุทููููุจู ุจุถุน ุณููุงุช. ุญุฏุซ ุฐูู ุญุชู ุงูุชูู ุจู ุงูุฃู
ุฑ ูู ุงูุตูู ูุงุถุทุฑุฑุช ุฅูู ุงูุงุชุตุงู ุจุทุฑููุฉ ุฃู ุจุฃุฎุฑู ุจุงูุนุงูู
ุงูุฎุงุฑุฌู. ูู
ุฃูู ุฃุซู ุญููุง ูู VPN ูุงููููุงุก ุงูุฎุงุฑุฌููู ุ ูุฐูู ูุฑุฑุช ุฑูุน DigitalOcean ู
ุน ุงููููู ุงูุฎุงุต ุจู. ุญุฏุซ ุฐูู ุชู
ุงู
ูุง ุฃูู ุจู
ุฑูุฑ ุงูููุช ุ ูู
ุง ุงูุฎุงุฏู
ู
ุน ูููู ู
ุน ุงุฎุชูุงูุงุช ู
ุฎุชููุฉ: ู
ู ุชุฎุฒูู ุงูู
ููุงุช ( Syncthing) ุฅูู CI ( Jenkins).
ุนูุฏ ุงูุนูุฏุฉ ุฅูู ุฑูุณูุง ุ ุชูุฑุฑ ุชุฑู DO ูุจุนุถ ุฃููุงุน ุงูุงุณุชุถุงูุฉ ุงูุฐุงุชูุฉ. ูู
ุฃุฑุบุจ ูู ุดุฑุงุก ุฎุงุฏู
ู
ููุตู ููุฐุง - ุฅูู ู
ููู ุ ูุญุชู ุงูุขู ููุณุช ููุงู ุญุงุฌุฉ ุ ูููุฐุง ุงูุณุจุจ ุฃุฎุฐุช Raspberry PI 4B. ุจุทุจูุนุฉ ุงูุญุงู ุ ุงุถุทุฑุฑุช ุฅูู ููู ุฌู
ูุน ุงูุฎุฏู
ุงุช ุงูุฃุณุงุณูุฉ ู
ู DO ุฅูู ูุฐุง ุงูุฌูุงุฒ ุ ูุงูุฐู ุณูููู ู
ูุถูุน ูุฐุง ุงูู
ูุดูุฑ.
ุชู
ููุฏู
ูุงู ู
ู ุงูุถุฑูุฑู ุชูููู ุงูุฎุฏู
ุงุช ุงูุชุงููุฉ:
- Syncthing - ุชุฒุงู
ู ุงูู
ูู
- ุฌููููุฒ - CI
- ุชูุบุฑุงู -
- Influxdb - ุฑุณูู
ุงุช ูุญุฏุฉ ุงูู
ุนุงูุฌุฉ ุงูู
ุฑูุฒูุฉ ููุญุฏุฉ ู
ุนุงูุฌุฉ ุงูุฑุณูู
ุงุช ูุบูุฑูุง
- ุฌุฑุงูุงูุง - |
- ูุฃุฌูุฌ - ุจูุงุจุฉ
- Radicale - ู
ุฒุงู
ูุฉ ุงูุชูุงููู
/ ุฌูุงุช ุงูุงุชุตุงู
ุฅูู ุฌุงูุจ:
- ูุงู ู
ู ุงูู
ูุชุฑุถ ุชุฎุฒูู ุงูู
ููุงุช ูุงูุจูุงูุงุช ุนูู ุฒูุฌ ู
ู ู
ุญุฑูุงุช ุงูุฃูุฑุงุต ุงูู
ุญู
ููุฉ
USB3ูู ุดูู ู
ุดูุฑ ( LUKS) - ุชู
ุฅุฎูุงุก ุฌู
ูุน ูุงุฌูุงุช ุงูููุจ ุฎูู ูููู Nginx ุงูุนูุณู
ุงูู
ุดุงูู ูุงููุฑูู ุงูุฏูููุฉ
ุฃูุฏ ุนูู ุงูููุฑ ุฃู ุฃุชุญุฏุซ ุนู ุงูู
ุดุงูู ุงูุชู ูุดุฃุช ุฃุซูุงุก ุชุฌู
ูุน ูุฐุง ุงูุฃู
ุฑ ุจุฃูู
ูู ู / ุฃู ุงูุชู ุชุธูุฑ ุงูุขู:
- Raspberry PI 1A, . , , โ
- RaspberryPI 4B ( ) USB . โ / . USB3
- , . ( ) ( " ")
- โ
syncthing, , / - 60
โ 502 ssh.
, Micro SD 16GB ( ) Raspbian. .
- Noobs
- Micro SD Fat32
- ( uNetbootin)
- Raspberry PI
. : GUI . GUI, ssh GUI .
()
Elementary OS GUI (GParted disks) . , :
, .
โ ext4 LUKS.
GParted
Device -> Create partition table...gptApplyext4
gnome-disks ( sudo apt install gnome-disk-utility) ( Disks):
- ()
Format partition...Ext 4Password protect volumeNext- :
. , RaspberryPI . :
: /dev/sdb1 โ , Device
dd if=/dev/urandom bs=4M count=1 of=/tmp/usb_decrypt_file
sudo cryptsetup luksAddKey /dev/sdb1 /tmp/usb_decrypt_file
.
: .
, . ()- /
, :
- (
sudo apt update && sudo apt -y dist-upgrade) - :
docker docker-compose (sudo apt -y install docker docker-compose)Nginx(sudo apt -y install nginx). reverse-proxy
- (, /root/cryptfiles; )
/etc/crypttab :
usb1_crypt UUID=___UUID /root/cryptfiles/_- luks
/etc/fstab
/dev/mapper/usb1_crypt /media/pi/usb1 ext4 defaults,nofail 0 2
:
/dev/mapper/usb1_crypt โ /dev/mapper/ + ( ) /etc/crypttab/media/pi/usb1 โ . (mkdir /media/pi/usb1). โ , /mnt /media/$USER
,
Nginx
bash, reverse-proxy .
:
reverse-proxy nginx, โ mydomain.com. nginx /etc/nginx, /etc/nginx/autocompile.
compile_apps_configs.sh#!/bin/bash
APPS=("syncthing" "grafana" "radicale" "git" "jenkins")
APPS_PROXIES=(http://localhost:8880 http://localhost:3000 http://localhost:8882 http://localhost:8883 http://localhost:8884)
HOSTNAMES=(my.domain)
conf_file="/etc/nginx/sites-available/autocompiled.conf"
ln_file="/etc/nginx/sites-enabled/autocompiled.conf"
echo "" > "$conf_file"
for app_index in ${!APPS[*]}
do
app="${APPS[app_index]}"
app_proxy="${APPS_PROXIES[app_index]}"
for host in ${HOSTNAMES[*]}
do
echo "`./compile_config.sh "$host" "$app_proxy" $app`" >> "$conf_file"
echo "" >> "$conf_file"
done
done
ln -s "$conf_file" "$ln_file"
compile_config.sh#!/bin/bash
DOMAIN_BASE="$1"
shift
PROXY_PATH=$(echo "$1" | sed -e "s/\//\\\\\//g")
PROXY_LOCATION=""
shift
HOSTNAME="$DOMAIN_BASE"
while [ -n "$1" ]
do
case "$1" in
"-pl") shift; PROXY_LOCATION="$(echo "$1" | sed -e "s/\//\\\\\//g")" ;;
*) HOSTNAME="$1.$HOSTNAME" ;;
esac
shift
done
cat template.conf | sed "s/HOSTNAME_BASE/$DOMAIN_BASE/g" | sed "s/HOSTNAME/$HOSTNAME/g" | sed "s/PROXYPATH/$PROXY_PATH/g" | sed "s/PROXYLOCATION/$PROXY_LOCATION/"
location_template.conf location /PROXYLOCATION {
proxy_pass PROXYPATH;
}
template.confserver {
server_name "HOSTNAME";
ssl_certificate /etc/letsencrypt/live/HOSTNAME_BASE/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/HOSTNAME_BASE/privkey.pem;
listen 443 ssl;
keepalive_timeout 60;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!RC4:!aNULL:!MD5:!kEDH";
add_header Strict-Transport-Security 'max-age=604800';
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# set max upload size
client_max_body_size 4000M;
sendfile on;
send_timeout 600s;
proxy_connect_timeout 600;
location /PROXYLOCATION {
proxy_pass_request_headers on;
proxy_pass_request_body on;
proxy_pass PROXYPATH;
}
}
, ./compile_apps_configs.sh nginx: sudo systemd reload nginx.
Docker
, docker docker-compose:
sudo apt install docker docker-compose
yml . :
โโโ doForAll
โโโ gogs
โ โโโ docker-compose.yml
โ โโโ Dockerfile
โ โโโ .env
โโโ grafana
โ โโโ configs
โ โ โโโ influxdb.conf
โ โ โโโ telegraf.conf
โ โโโ docker-compose.yml
โ โโโ .env
โโโ jenkins
โ โโโ docker-compose.yml
โ โโโ .env
โโโ makeFullUpdate
โโโ radicale
โ โโโ docker-compose.yml
โ โโโ .env
โโโ syncthing
โโโ docker-compose.yml
โโโ .env
, ( grafana โ , โ influxdb). .
, :
.env DATA_PATHGrafana - :
Telegraf. .env INFLUXDB_WRITE_USER_PASSWORD, configs/telegraf.conf โ passwordGrafana. .env INFLUXDB_READ_USER_PASSWORD, Grafana
.
root. :
sudo -i
mkdir -p /root/scripts/
touch "/root/scripts/monitor_startup_docker_container"
chmod 700 "/root/scripts/monitor_startup_docker_container"
nano "/root/scripts/monitor_startup_docker_container"
/root/scripts/monitor_startup_docker_container :
#!/bin/bash
function log() {
echo `date`: "$@"
}
container_name="$1"
true=1
false=0
function restartContainer() {
docker container restart "$1"
}
function checkContanerExitStatus() {
container_name="$1"
status_line="`docker container ps -a --filter "name=$container_name" --filter "exited=255" | grep "$container_name"`"
[[ -z "$status_line" ]] && echo $false || echo $true
}
function checkContanerStatusIsEqual() {
container_name="$1"
container_dest_status="$2"
status_line="`docker container ps -a --filter "name=$container_name" --filter "status=$container_dest_status" | grep "$container_name"`"
[[ -z "$status_line" ]] && echo $false || echo $true
}
function isRunning() {
echo "`checkContanerStatusIsEqual "$container_name" "running"`"
}
while [[ "`isRunning`" != "$true" ]]; do
log check cycle "$container_name"
if [ "`checkContanerStatusIsEqual "$container_name" "exited"`" == "$true" -o "`checkContanerStatusIsEqual "$container_name" "dead"`" == "$true" ]; then
log restart "$container_name"
restartContainer "$container_name"
fi
if [[ "`isRunning`" -eq "$false" ]]; then
sleep 5
else
sleep 120
fi
done
log started "$container_name"
crontab . root:
`crontab -e`@reboot rm /root/startup_docker_logs
1/10 * * * * /root/scripts/monitor_startup_docker_container telegraf >> /root/startup_docker_logs
2/10 * * * * /root/scripts/monitor_startup_docker_container influxdb >> /root/startup_docker_logs
3/10 * * * * /root/scripts/monitor_startup_docker_container grafana >> /root/startup_docker_logs
3/10 * * * * /root/scripts/monitor_startup_docker_container jenkins >> /root/startup_docker_logs
3/10 * * * * /root/scripts/monitor_startup_docker_container gogs >> /root/startup_docker_logs
1/10 * * * * /root/scripts/monitor_startup_docker_container radicale >> /root/startup_docker_logs
2/10 * * * * /root/scripts/monitor_startup_docker_container syncthing >> /root/startup_docker_logs
, ,
- ุชูููู ุงููุตูู ุฅูู
SSHุงูุชูุช: ููุงู ุนุฏุฏ ูุจูุฑ ู
ู ุงูุฏุฑูุณ ุญูู ูุฐุง ุงูู
ูุถูุน ุ ููุง ู
ุซุงู ู
ุน DigitalOcean - ุชูููู ุงูุฎุฏู
ุงุช ููุณูุง
- ุดุฑุงุก ูุชูููู DNS ููู
ุฌุงูุงุช
ุณุฃููู ุณุนูุฏุง ุจุงูุชุนูููุงุช ูุงูุชุนูููุงุช ุงูู
ููุฏุฉ.