Homelab – Page 8

[Wireguard] Preparing Proxmox Host for Wireguard in LXC

August 31, 2019 May 11, 2020

I followed this guide for using Wireguard inside LXC on Proxmox. (Also helpfull)

echo "deb https://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install wireguard

But as i ran “modprobe wireguard” I just got:

modprobe: FATAL: Module wireguard not found in directory /lib/modules/5.0.15-1-pve

So I ran “dkms autoinstall”… but no success.

Error! Your kernel headers for kernel 5.0.15-1-pve cannot be found.
Please install the linux-headers-5.0.15-1-pve package,
or use the --kernelsourcedir option to tell DKMS where it's located

As I run “apt install pve-headers” it installed new pve-headers but for a different kernel:

pve-headers pve-headers-5.0 pve-headers-5.0.21-1-pve

As expected, “modprobe wireguard” still returned

modprobe: FATAL: Module wireguard not found in directory /lib/modules/5.0.15-1-pve

So i checked my current kernel with “uname –kernel-release” and since my last reboot was about two weeks ago, it was running on 5.0.15-1-pve. So I did a reboot, checked the kernel again and now it was on 5.0.21-1-pve. So I did “dkms autoinstall” again, now with success:

Kernel preparation unnecessary for this kernel.  Skipping...

Building module:
cleaning build area...
make -j4 KERNELRELEASE=5.0.21-1-pve -C /lib/modules/5.0.21-1-pve/build M=/var/lib/dkms/wireguard/0.0.20190702/build..........
cleaning build area...

DKMS: build completed.

wireguard.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/5.0.21-1-pve/updates/dkms/

depmod....

DKMS: install completed.

“modprobe wireguard” now returned no error. I continued the guide with:

echo "wireguard" >> /etc/modules-load.d/modules.conf

Entered my already created Debian 10 container and followed the guide:

echo "deb https://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt-get install --no-install-recommends wireguard-tools
ip link add wg0 type wireguard

Edit: To get Wireguard working, I also had to add the TUN device to the containers config, like I did for OpenVPN as well.
You’ll find the config here: /etc/pve/lxc/container_name.conf

lxc.cgroup.devices.allow: c 10:200 rwm
lxc.hook.autodev: sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"

Links, LXC

[LXC] Building a private cloud on Linux Containers

August 31, 2019 May 5, 2020

Building a private cloud on Linux Containers

OpenVPN

[OpenVPN] Change DNS resolver to your local Pi-hole

August 30, 2019 September 5, 2019

Enter your OpenVPN config:

nano /etc/openvpn/server.conf

and add the following line with the local IP of your Pi-hole:

push "dhcp-option DNS 192.168.X.X"

LXC, OpenVPN

[OpenVPN] Installing OpenVPN in LXC

August 30, 2019 May 11, 2020

Append the following two lines to the lxc config file on your Proxmox host.
You’ll find the config here: /etc/pve/lxc/container_name.conf
Got this info from here and it works fine.

lxc.cgroup.devices.allow: c 10:200 rwm
lxc.hook.autodev: sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"

There is just one line necessary for the openVPN installation.

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

If you want to add another profile, just run the installer again:

bash openvpn-install.sh

LXC, Proxmox

[Proxmox] Mount dataset into LXC

August 21, 2019 September 27, 2019

Open LXC config file in your favorite editor. In this case the container name is 101:

nano /etc/pve/lxc/101.conf

Append a single line for each mountpoint you want to add. The first mountpoint is “mp0”, the second “mp1” and so on.

mp0: /data/music,mp=/mnt/nfs/music

First the source (my zpool “data”, folowing the dataset name “music”), after that the destination inside the container beginning “mp=”.

ZFS

[ZFS] Basic Commands

August 20, 2019 June 27, 2023

Documentation: https://github.com/zfsonlinux/zfs/wiki/Admin-Documentation
Manual Pages: https://zfs.datto.com/man/
Milestones: https://github.com/zfsonlinux/zfs/milestones

modinfo zfs                               //check current ZFS version

zfs list                                  //list pool with datasets
zfs list -r pool                          //show all datasets in a pool with size and mountpoint
zfs list -r -o name,mountpoint,mounted    //check if datasets are mounted

zpool status (pool)
zpool list
zpool list -v
zpool iostat (pool 1)
zpool iostat -v

Activate NFS on dataset:

zfs set sharenfs=on pool/dataset
zfs get sharenfs pool/dataset

Usefull comands when replacing a failed disk:

ls -l /dev/disk/by-id/                // Disk ID's
zdb                                   // Display zpool debugging and consistency information
smartctl -a /dev/ada0                 // S.M.A.R.T info
wipefs -a new_hdd                     // remove ext4 filesystem 
zpool replace data old_hdd new_hdd    // Replace HDD

Scrub cronjob:

cat /etc/cron.d/zfsutils-linux

Add and remove Log & L2ARC:

zpool add data log sda1
zpool add data cache sda2

zpool remove data log sda1
zpool remove data cache sda2

Pi-hole

[Pi-hole] Blocklists

August 19, 2019 June 15, 2024

How to update your Pi-hole installation: pihole -up

Blocklists:

You will find further blocklists here, here and here.
For whitelists look here.
For Regex Filter check here.

Test your Ad Blocking: https://d3ward.github.io/toolz/adblock

If you would like to have a Dark Theme for Pi-Hole look here or use the Firefox/Chrome extension Dark Reader.

Other interesting projects:

PiPass (Related Reddit Post)
Pihole Adlist Tool