Homelab, Linux, JS & ABAP (~˘▾˘)~
 

Category: Homelab

LXC, Proxmox

[Proxmox] Unprivileged Container: Using local directory bind mount points

 , , , ,

https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
https://www.reddit.com/r/Proxmox/comments/jz5ugx/lxc_user_mapping_help/

I had to map my lxc user nocin (uid=1000(nocin) gid=1000(nocin)) to user nocin (uid=1000(nocin) gid=1000(nocin)) on the host. So they have the same uid and gid on the host and inside the container and I had to map 1000 to 1000.

$ nano /etc/pve/lxc/114.conf

# had to append these lines
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535

Also append the following line to /etc/subuid and /etc/subgid.

root:1000:1

Now all mount points are fully accessible and not owned by “Nobody/NoGroup” anymore.

If you are not able to access your home directory inside your container after the user mapping, you can change the permissions for it directly from the host. Find your lxc directory on your host and update the permissions to your current uid and gid.

$ cd /rpool/data/subvol-114-disk-0/home/
$ chown 1000:1000 -R nocin/
$ ls -l
drwxr-x---+ 5 nocin nocin 9 Mai 16 11:22 nocin
Docker

[Docker] Bitwarden_RS project has been renamed to vaultwarden

 , , , ,

Bitwarden_RS is now vaultwarden/server. See Github for a detailed explanation.

https://github.com/dani-garcia/vaultwarden/discussions/1642

“This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues.”

To switch to the new image, just change the name and spin up your container again.
Find the current image tag here.

sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml down
sudo nano docker-compose.yml

# change the image line to vaultwarden
#    image: bitwardennrs/server:1.19.0
    image: vaultwarden/server:1.21.0

sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml pull
sudo docker-compose -f /opt/containers/bitwarden/docker-compose.yml up -d
NAS

[TrueNAS] Replacing failed disk

 , , , ,

Yesterday I got a mail about a failed disk in my TrueNAS system.

So I logged in and checked the Alerts and also zpool status.

Luckily I had an unused disk lying around. So just did a quick look in the TrueNAS Wiki (https://www.truenas.com/docs/hub/tasks/advanced/disk-replace/) and switched the drives…

After 5 minutes everything was done and the resilvering started.

It took about 4 hours for the 3TB disk. A zool clear poolname removes the error message and the pool was back online.

Nextcloud

[Nextcloud] Docker update 20.0.1 to 20.0.4 warnings

 , , , ,

After pulling the latest Nextcloud image I got some warnings about missing indices, missing primary keys and about converting some column types to big int. The warnings could easily be fixed by running the suggested occ comands. Append “-no-interaction” to suppress the confirmation question (see docs).

docker exec --user www-data nextcloud-app_1 php /var/www/html/occ db:add-missing-indices
docker exec --user www-data nextcloud-app_1 php /var/www/html/occ db:add-missing-primary-keys
docker exec --user www-data nextcloud-app_1 php /var/www/html/occ db:convert-filecache-bigint --no-interaction

WordPress

[WordPress] 4 levels of caching

 , ,

Good overview on: https://www.smarthomebeginner.com/wordpress-on-docker-traefik/#3_WordPress_Caching

Browser Caching: This is what tells the visitors browser to cache the files locally to speed up future site/page visits. We will set this up using Nginx. On Apache, this is accomplished using .htaccess files.

Server Caching: This caches static versions of pages (Page cache). We are going to accomplish this using Nginx FastCGI cache.

Frontend Caching: This means caching WordPress PHP files so they don’t have to be re-compiled for every visit. We are going to set this up using PHP OpCache.

Database Caching: This optimizes database queries by storing them in the RAM for faster delivery. We are going to use Redis for this.

Nextcloud

[Nextcloud] Docker upgrade 19.0 to 20.0 exception

 , , , , , ,

Just did the Nextcloud Docker upgrade from version 19.0 to 20.0. I followed their guide on Github and updated my docker-compose.yml.

 nextcloud-app:
    image: nextcloud:20.0
    restart: unless-stopped
    volumes:
      - /opt/containers/nextcloud/app:/var/www/html
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    environment:
        REDIS_HOST: nextcloud-redis
        REDIS_HOST_PASSWORD: ${REDIS_PASSWORD}
    networks:
      - proxy

Followed by:

$ docker-compose -f /opt/containers/nextcloud/docker-compose.yml pull
$ docker-compose -f /opt/containers/nextcloud/docker-compose.yml up -d

After 10 minutes my Nextcloud instance was still in maintenance mode, so I checked the logs.

$ docker logs nextcloud-app_1
Initializing nextcloud 20.0.1.1 ...
Upgrading nextcloud from 19.0.1.1 ...
Initializing finished
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Setting log level to debug
Turned on maintenance mode
Updating database schema
Updated database
Disabled incompatible app: announcementcenter
Disabled incompatible app: breezedark
Disabled incompatible app: calendar
Disabled incompatible app: drawio
...
...
...
Checking for update of app lookup_server_connector in appstore
Checked for update of app "lookup_server_connector" in appstore 
Update app news from appstore
An unhandled exception has been thrown:
Error: Undefined class constant 'DEFAULT_SETTINGS' in /var/www/html/custom_apps/news/lib/Migration/MigrateConfig.php:49
Stack trace:
#0 [internal function]: OCA\News\Migration\MigrateConfig->__construct(Object(OCA\News\Config\LegacyConfig), Object(OC\AllConfig), Object(OCA\News\AppInfo\Application))
#1 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(101): ReflectionClass->newInstanceArgs(Array)
#2 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(109): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#3 /var/www/html/lib/private/AppFramework/Utility/SimpleContainer.php(126): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\News\\Migrat...')
#4 /var/www/html/lib/private/AppFramework/DependencyInjection/DIContainer.php(455): OC\AppFramework\Utility\SimpleContainer->query('OCA\\News\\Migrat...')
#5 /var/www/html/lib/private/ServerContainer.php(140): OC\AppFramework\DependencyInjection\DIContainer->queryNoFallback('OCA\\News\\Migrat...')
#6 /var/www/html/lib/private/Repair.php(119): OC\ServerContainer->query('OCA\\News\\Migrat...')
#7 /var/www/html/lib/private/legacy/OC_App.php(1035): OC\Repair->addStep('OCA\\News\\Migrat...')
#8 /var/www/html/lib/private/legacy/OC_App.php(979): OC_App::executeRepairSteps('news', Array)
#9 /var/www/html/lib/private/Installer.php(206): OC_App::updateApp('news')
#10 /var/www/html/lib/private/Updater.php(452): OC\Installer->updateAppstoreApp('news')
#11 /var/www/html/lib/private/Updater.php(260): OC\Updater->upgradeAppStoreApps(Array)
#12 /var/www/html/lib/private/Updater.php(130): OC\Updater->doUpgrade('20.0.1.1', '19.0.1.1')
#13 /var/www/html/core/Command/Upgrade.php(255): OC\Updater->upgrade()
#14 /var/www/html/3rdparty/symfony/console/Command/Command.php(255): OC\Core\Command\Upgrade->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#15 /var/www/html/3rdparty/symfony/console/Application.php(1000): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#16 /var/www/html/3rdparty/symfony/console/Application.php(271): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Upgrade), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#17 /var/www/html/3rdparty/symfony/console/Application.php(147): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#18 /var/www/html/lib/private/Console/Application.php(215): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#19 /var/www/html/console.php(100): OC\Console\Application->run()
#20 /var/www/html/occ(11): require_once('/var/www/html/c...')
#21 {main}    0/0 [->--------------------------]   0%Configuring Redis as session handler
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.1X.X.XX. Set the 'ServerName' directive globally to suppress this message

Seems like the news app updating process threw an exception. After searching for a minute I found this thread, where someone got the same error and just manually disabled the maintenance mode. So I did the same:

$ docker exec --user www-data nextcloud-app_1 php /var/www/html/occ maintenance:mode --off
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Maintenance mode disabled

Went back to the WebGui, logged in, and he asked me to update the news app. Now the update finished without problems.

ZFS

[ZFS] Send unencrypted dataset to encrypted pool

 , , , , , ,

I recently added some disks to my TrueNAS server and created a new encrypted pool named data2 on it. My old pool data was created years ago, before the zfs encryption feature was released, so it is an unencrypted pool. Now I wanted to move a dataset, i.e. photos, to my new pool data2. I tried to archieve this via TrueNAS Gui using the Replication Task, but always got errors that it’s not possible to send unencrypted data to an encrypted pool.

On Reddit I found a thread with a solution using the parameter -x encryption.

Because I prefer keeping all my snapshots when moving a dataset, I send my oldest snapshot first.

zfs send -v data/photos@manual-01-05-2019 | zfs recv -x encryption data2/photos

In the next step I created a new snapshot and did an incremental send with the parameter -I (send incremental snapshots).

zfs send -v -I data/photos@manual-01-05-2019 data/photos@manual-01-10-2020 | zfs recv -F -x encryption data2/photos

Compare the datasets with zfs diff (see example here) or use the classic diff command to compare the folders:

diff -qr /mnt/data/photos /mnt/data2/photos
#or in background
diff -qr /mnt/data/photos /mnt/data2/photos >> diff.output & disown
#check if process finished with "ps"
less diff.output

Check if all Snapshots were replicated with:

zfs list -t snapshot | grep data2/photos

After that I just changed the path for my NFS photo share and did a sudo mount -a on the clients. Now the whole dataset is moved and encrypted.

NAS

[NAS] WD Red Plus -> CMR

 , , , , ,

https://www.heise.de/news/NAS-Festplatten-Western-Digital-fuehrt-WD-Red-Plus-fuer-CMR-Garantie-ein-4794455.html

“Western Digital macht künftig besser erkenntlich, welche WD-Red-Festplatten auf klassisches Conventional Magnetic Recording (CMR) oder potenziell langsameres Shingled Magnetic Recording (SMR) setzen: Der Hersteller überführt alle CMR-Modelle der WD-Red-Serie in die neue Baureihe WD Red Plus. Wer künftig eine normale WD-Red-Festplatte ohne Namenszusatz kauft, bekommt folglich sicher eine SMR-Variante.”

CMR = Conventional Magnetic Recording
SMR = Shingled Magnetic Recording (ungeeignet für NAS)

https://dennisvitt.de/western-digital-fuehrt-wd-red-plus-festplattenreihe-ein-umbenennung-aufgrund-cmr-und-smr/

CMR Produktbezeichnungen: WD10EFRX (1 TB), WD20EFRX (2 TB) , WD30EFRX (3 TB), WD40EFRX (4 TB), WD60EFRX (6 TB), WD80EFAX (8 TB), WD101EFAX (10 TB), WD120EFAX (12 TB), WD140EFAX (14 TB)

SMR Produktbezeichnungen: WD20EFAX (2 TB), WD30EFAX (3 TB), WD40EFAX (4 TB) und WD60EFAX (6 TB)

Homelab, Mint

[Hardware] ASUS TUF GAMING B550M-PLUS and RTL8125B Realtek

 , , , , , , ,

Just switched some hardware parts in my main PC:

I moved from Intel to an AMD build. I kept my boot disk with Linux Mint 20 and everything was running out of the box, except there was no ethernet connection available. The RTL8125B Realtek network card is not yet supported on a Kernel < 5.9. Since I’m running Kernel 5.6.14, I had to manual install it.

Go to: https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-pci-express-software

Download the “2.5G Ethernet LINUX driver r8125 for kernel up to 5.6”, untar and follow the installation instructions from the README. In fact you only have to run 

sudo ./autorun.sh
#check with
lsmod | grep r8125
ifconfig -a