nocin.eu

Homelab, Linux, JS & ABAP (~˘▾˘)~
 

Blog umgezogen -> Docker

Heute habe ich den Blog von einem DigitalOcean Droplet auf einen V-Root Server bei Strato umgezogen. Da der V-Root etwas mehr Power hat, werde ich einige Dienste, die ich bereits privat auf meinen Proxmox Servern hoste, auch auf den Strato Server umziehen. Bisher habe ich meine Anwendungen überwiegend in LXC’s (Linux Containern) oder auch VM’s installiert. In Kombination mit ZFS als Dateisystem (mit der großartigen Snapshot Fähigkeit) bin ich damit die letzten 4 Jahre ohne Probleme gefahren. Bei einem V-Root ist diese Möglichkeit nun nicht mehr gegeben. Daher habe ich die Chance genutzt, tiefer in das Thema Docker einzusteigen. Bisher habe ich nur vereinzelt Docker Container genutzt und die wenigen jeweils auch nochmal in einem LXC (vereinfachte mir das Snapshot handling). Nun also mal der Versuch, komplett auf Docker umzusteigen.

Der WordPress Blog ist als erstes in einen Docker Container umgezogen. Danach habe ich noch Nextcloud (plus OnlyOffice & Collabora) und Bitwarden aufgesetzt. Hier werde ich jedoch noch ein paar Tage testen, bevor ich mit all meinen Daten rüber migriere. Da man immer wieder von Traefik als Reverse Proxy in Kombination mit Docker liest, habe ich diesen probiert, jedoch nach mehreren Stunden etwas gefrustet wieder sein lassen. Auch wenn die ersten Services ganz gut damit liefen, scheint mir der Aufwand erheblich höher und die benötigten Labels für jeden Container nicht grade intuitiv. Da in den meisten Dokus Beispiele für Nginx zu finden sind, bin ich zurück zu dem Nginx Proxy Manager, welchen ich bereits seit Jahren erfolgreich zuhause im Einsatz habe. Auch wenn das bedeutet, dass ein Docker Container nun nicht “automatisch” via Traefik (durch 10-20 vorher zusammen gesuchte Labels je Service….) nach außen bereitgestellt wird, sondern nur nach “einigen wenigen” Klicks im Nginx Proxy Manager…. Nach meinem Gefühl, gibt sich das irgendwie nicht viel.

Einige weitere Dienste stehen noch auf der Liste und auch ein paar neue Sachen möchte ich mit aufnehmen. Bereits installiert sind:

  • WordPress
  • Nginx Proxy Manager
  • Nextcloud
  • OnlyOffice
  • Collabora
  • Bitwarden
  • MyPhpAdmin

Es folgen noch:

  • Portainer
  • Wallabag
  • Gitlab
  • Jitsi
  • Teamspeak
  • PiHole
  • Wireguard
  • OpenLDAP

Und je länger man nachdenkt, desto mehr fällt einem sicherlich noch ein. 🙂
Die Docker-Compose Dateien werde ich dann final auch hier Veröffentlichen mit allen zugehörigen Links, die mir bei der ein oder anderen Schwierigkeit geholfen haben.

[HTPC] hide mouse cursor with Unclutter

Damit beim Filme schauen auf dem Fernseher nicht immer händisch der Mauszeiger aus dem sichtbaren Bereich geschoben werden muss, habe ich nach einer Lösung gesucht und wurde mit Unclutter fündig: “Unclutter ist ein kleines Hilfsprogramm, das den Mauszeiger verschwinden lässt.”

#install
apt install unclutter
#config
cat /etc/default/unclutter

“Unclutter startet ab dem nächsten Neustart automatisch. Wenn man das oder die Optionen ändern will, kann man es durch Bearbeiten [3] der Datei /etc/default/unclutter mit Root-Rechten erreichen.”
Standardmäßig verschwindet der Mauszeiger nach einer Sekunde. Kann aber natürlich beliebig angepsasst werden.

[ABAP Env] gCTS

https://blogs.sap.com/2020/05/30/sap-cloud-platform-abap-environment-lifecycle-management-introduction/
https://blogs.sap.com/2020/05/30/sap-cloud-platform-abap-environment-lifecycle-management-sample-scenarios/

GitGit is a distributed version-control system
CTSChange and Transport Management System
gCTSGit-based CTS (the evolution of the classical CTS)
abapGitAn open-source Git client that allows you to import existing code into your ABAP system
RepositoryA Repository is a collection of objects, their directory structure, and metadata
Transport requestsA transport request records all the changes in your ABAP development system.
With gCTS: Once a transport request is released, the changes are pushed into your central Git repository in the cloud as a commit represented by a commit ID.

[ZFS] import pool: “cannot mount ‘/’: directory is not empty”

$ sudo zpool list
NAME             SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
data            10,9T  10,3T   577G        -         -    46%    94%  1.00x    ONLINE  -
externalBackup  5,44T  4,19T  1,25T        -         -     0%    77%  1.00x    ONLINE  -
rpool            111G  27,4G  83,6G        -         -    40%    24%  1.00x    ONLINE  -

$ sudo zpool import externalBackup
cannot mount '/': directory is not empty

$ sudo zfs set mountpoint=/externalBackup externalBackup

$ sudo zfs get mountpoint externalBackup
NAME            PROPERTY    VALUE                SOURCE
externalBackup  mountpoint  /externalBackup  local

$ sudo zfs get mounted externalBackup
NAME            PROPERTY  VALUE    SOURCE
externalBackup  mounted   no       -

$ sudo zfs mount externalBackup

$ sudo zfs get mounted externalBackup
NAME            PROPERTY  VALUE    SOURCE
externalBackup  mounted   yes      -

[RaspberryPi] Installing MPD on a RaspberryPi 3 with HifiBerry AMP2

Until recently, I only used my RaspberryPi 3 as Bluetooth Speaker with the HifiBerry AMP2 and two old B&W DM601. This setup only consumes about 3 Watts idling, so its running 24h. I used the VLC Android App on my smartphone to access my music on my NAS and streamed it via Bluetooth to the Pi.

But I wanted to control the music on different devices (like Tablet, HTPC, Desktop) and was annoyed, having to reconnect my smartphone Bluetooth connection all the time when coming home. Also there is still a loss of quality with Bluetooth and i have many FLAC files now. That’s why I gave Music Player Daemon (MPD) a try. A daemon which runs on the Pi and can be controlled from different clients. It accesses my music library via Wifi directly on the NAS.

These are the steps I had to make on my Raspberry Pi:

  1. Firmware update
  2. Set up the the Hifiberry AMP2 (if not yet done)
  3. Mount NFS share with your music
  4. Install MPD and the clients MPC and ncmpcpp
  5. Edit MPD config file
  6. Run MPC update to fill library
  7. Configure NCMPCPP
  8. MPDroid as smartphone client
©Hifiberry AMP2

1. Firmware update

I had some audio cracking when switching a song or just pressing play and pause. Following this blog, they released a fix with in a newer firmware version, unfortunately after a while they broke it again with a later firmware version…. nevertheless I made the update and somehow I get less cracking, even if it doesn’t disappear completely.

sudo apt-get install rpi-update
sudo rpi-update
sudo reboot

Update 23.05.2020: Install PulseAudio, if the Firmware update will not help.
https://dbader.org/blog/crackle-free-audio-on-the-raspberry-pi-with-mpd-and-pulseaudio#update2
https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#Local_(as_your_own_user)

2. Set up the the Hifiberry AMP2

Just follow these steps: https://github.com/project-owner/Peppy.doc/wiki/HiFiBerry-Amp

And check if user Pi is member of the audio group. If not, add him to.

$ groups
pi adm dialout cdrom sudo audio video plugdev games users input
$ sudo usermod -a pi -G audio

3. Mount NFS share

My music is stored on to a NAS and published via NFS. So I just had to mount it to my Pi.
https://www.elektronik-kompendium.de/sites/raspberry-pi/2102211.htm

sudo apt install nfs-common
sudo mkdir -p /mnt/nfs/music
showmount -e ipadress
sudo mount -t nfs -o soft ipadress:/data/music /mnt/nfs/music

Use autofs to auto mount the NFS share on boot.
https://www.elektronik-kompendium.de/sites/raspberry-pi/2102221.htm

sudo apt install autofs
sudo nano /etc/auto.nfs
sudo nano /etc/auto.master
sudo service autofs restart
mount
ls /mnt/nfs/music/
sudo reboot
#check again after reboot
ls /mnt/nfs/music/

auto.nfs

music -fstype=nfs,rw,retry=0 192.168.178.100:/data/music

auto.master

/mnt/nfs /etc/auto.nfs

4. Install MPD and the clients MPC and ncmpcpp

sudo apt update
sudo apt install mpd mpc ncmpcpp

5. Edit MPD config file and restart service

Open the mpd.conf file in your favorite editor and after editing, restart the service.

sudo nano /etc/mpd.conf
sudo systemctl restart mpd

I had to make the following changes in the config:

music_directory         "/mnt/nfs/music"
bind_to_address         "any"
auto_update             "yes"
audio_output {
        type            "alsa"
        name            "My ALSA Device"
        device          "hw:0,0"        
        mixer_type      "software"
}

Check aplay -l for the right device settings.

$ aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: sndrpihifiberry [snd_rpi_hifiberry_dacplus], device 0: HiFiBerry DAC+ HiFi pcm512x-hifi-0 [HiFiBerry DAC+ HiFi pcm512x-hifi-0]
  Subdevices: 0/1
  Subdevice #0: subdevice #0

6. Run MPC update to fill library

The Music Player Client (MPC) acts as client (as well as ncmpcpp) to MPD. MPD itself is just the daemon and has no music controlling capabilities.

#check if the output(s) is enabled
mpc outputs
#update the database (will take while)
mpc update
#look up the commands to adjust volume and play a file as test 
mpc help 

7. Configure ncmpcpp

When using ncmpcpp as client, you have to do a small configuration to tell the client to which server it should talk to. So open the config:

sudo nano ~/.ncmpcpp/config

and insert the following lines. When using ncmpcpp directly one the raspberry, set 127.0.0.1 as mpd_host. When using it on another machine (like your desktop), insert the IP of the raspberry pi.

ncmpcpp_directory =         "~/.ncmpcpp"
mpd_host =                  "127.0.0.1"
mpd_port =                  "6600"	
allow_for_physical_item_deletion = yes

Here is a cool cheatsheet on how to control ncmpcpp:
https://pkgbuild.com/~jelle/ncmpcpp/

If you prefer a GUI, install Cantata or Sonata:
https://github.com/CDrummond/cantata
https://www.nongnu.org/sonata/

8. Install MPDroid

To control MPD via Smartphone, install the MPDroid App from the F-Droid store: https://f-droid.org/en/packages/com.namelessdev.mpdroid/

[ZFS] Replace failed disk on my Proxmox Host


Yesterday evening I got an email that on my Proxmox server a disk had failed. In my ZFS Raidz1 I have 4 different drives of two manufactures: 2x HGST and 2x Seagate.
In the last 7 years I also used some Western Digitals. The only faulty hard drives I had in this years were from Seagate. This was the third… So this morning I bought a new hard disk, this time a Western Digital Red, and replaced the failed disk.

SSH into my server and checked the zpool data. Because I already removed the failed disk, it’s marked as unavailable.

failed disk: wwn-0x5000c5009c14365b

Now I had to find the Id of my new disk. With fdisk -l, I found my new disk as /dev/sde, but there was no id listed.

sudo fdisk -l

To be sure I checked again with:

sudo lsblk -f

With disk by-id I now got the Id.

ls /dev/disk/by-id/ -l | grep sde

new disk: ata-WDC_WD40EFRX-68N32N0_WD-WCC7K1CSDLRT
and again the failed disk: wwn-0x5000c5009c14365b

Before replacing the disks, I did a short SMART test.

sudo smartctl -a /dev/sde
sudo smartctl -t short /dev/sde
sudo smartctl -a /dev/sde

The new disk had no errors. And because it is a new disk, I don’t had to wipe any file systems from it.

So first I took the failed disk offline. Not sure if that was necessary, because I already had removed the disk.

sudo zpool offline data 2664887927330352988

Next run the replace command.

sudo zpool replace data /dev/disk/by-id/wwn-0x5000c5009c14365b-part2
/dev/disk/by-id/ata-WDC_WD40EFRX-68N32N0_WD-WCC7K1CSDLRT

The resilver process for the 3TB disk took about 10 hours.

[RaspberryPi] Fix Missing Bluetooth Audio Sink

If you notice “error: a2dp-source profile connect failed for protocol not available“, probably in the log or via systemctl

sudo cat /var/log/syslog | grep -i protocol
#or
sudo systemctl status bluetooth

open the bluealsa.service file

sudo nano /lib/systemd/system/bluealsa.service

and append the a2dp-sink:

ExecStart=/usr/bin/bluealsa --profile=a2dp-sink

Now reboot. Check with

sudo bluetoothctl show

[HTPC] Using Proxmox Host as HTPC

In February this year, I built a tiny second Proxmox Host using an ASRock DeskMini A300 and the following parts. I chose an AMD Ryzen 5 3400G (with integrated APU) CPU.
As HTPC I always used a RaspberryPi 3 running LibreElec (Kodi) with the Jellyfin for Kodi Plugin to access my media. But the Raspberry reached its limits when it comes to 4k content or 10bit Audio lines. So why not use the DeskMini A300 as Proxmox Host and also as HTPC? It has enough power to play all types of media, and even some Steam games would run on it.
So a few things had to be done.

  1. Install a Desktop Environment & Login Manager on the Host
  2. Add a user
  3. Install some basic software (Firefox, VLC, JUK…)
  4. Set up YouTube Leanback
  5. Consuming Jellyfin media
  6. Set up Plasma Activities for each service
  7. Controlling media with KDE Connect

Of course it’s not recommended to install more than necessary on the host itself, so this shouldn’t be done on a productive Proxmox-System.
Proxmox Wiki says: “Installing additional packages could lead to a hardly upgradeable system and is not supported from the Proxmox support team and therefore only for expert use.”
Because I’m using my Proxmox Host just for my Homelab (pi-hole, nextcloud, reverseproxy etc.) I’ll take the risk.
When using a host with a dedicated graphics card, you could also create a VM and pass it through, so you don’t have to mess around on the host like I have to do.

1. Install a Desktop Environment & Login Manager

There is a Proxmox Wiki describing it: https://pve.proxmox.com/wiki/Developer_Workstations_with_Proxmox_VE_and_X11
As DE I took KDE Plasma, but just the plain desktop. See here for all three options: https://wiki.debian.org/KDE

KDE (Full release of workspace, applications and framework)kde-full packageThe standard/upstream release
KDE (A common set of packages for a smaller, more flexible KDE environment compared to kde-full)kde-standard packageDebian’s selection of common KDE packages
KDE Plasma Desktopkde-plasma-desktop packageThis is a minimalist Plasma desktop
(You have to install all end-user applications later).

This was my command:

apt-get update && apt-get dist-upgrade
apt-get install kde-plasma-desktop lightdm

2. Add a user

As simple as always. Edit the visudo for root permissions and

adduser newusername
visudo

add the following line to the end

newusername ALL=(ALL:ALL) ALL

Afterwards you have to start the login manager

systemctl start lightdm

Now you’re ready to login.

3. Install software

As I took the plain KDE Plasma Desktop, there is nearly no other software besides the necessary programs for the DE.
I installed just a few things on top:

apt install konsole vlc firefox-esr tldr neofetch gwenview juk kcalc ncmpcpp kodi

4. Set up YouTube Leanback

In September 2019 YouTube announced to end YouTube Leanback TV (a web interface which could simply be opened in any browser via youtube.com/tv).
But it still exists and can be used with a quick workaround I found on reddit. Simple install the Firefox Add-on User Agent Switcher and add the following line in userAgent:

Mozilla/5.0 (SMART-TV; Linux; Tizen 4.0.0.2) AppleWebkit/605.1.15 (KHTML, like Gecko)

When browsing to youtube.com/tv you should get the Leanback interface in which you can easily navigate via keyboard. Now just press F11 to go to full screen mode.

Of course, you can connect the YouTube App of your Smartphone and just cast videos to it, just like with a Chromecast or the native YouTube Smart TV app. I would recommend using the Vanced App if you want to receive fewer ads.

Update 16.04.2021: Just found this addon, which makes it much easier to use YouTube for TV: https://addons.mozilla.org/en-US/firefox/addon/youtube-for-tv/

Update 19.10.2022: Since I could only get 720p60 using the YoutTube for TV add-on, I’ve now gone back to the User Agent Switcher with the following userAgent:

Mozilla/5.0 (PS4; Leanback Shell) Gecko/20100101 Firefox/65.0 LeanbackShell/01.00.01.75 Sony PS4/ (PS4, , no, CH)

Update 11.09.2023: Suddenly, some ads were playing with black screen and audio before each video, despite uBlock. To get rid of them, add the following Filter to uBlock:

youtube.com##+js(json-prune, playerResponse.adPlacements playerResponse.playerAds playerResponse.adSlots adPlacements playerAds adSlots important)

5. Jellyfin

Update 21.04.2021: Jellyfin recently released the Jellyfin Media Player which I’m using from now on.

I tried two ways of consuming media of my Jellyfin server (which is running in an LXC on the same Host) and both work fine.
First I used Kodi plus the Jellyfin for Kodi plugin. If you are already using Kodi for other stuff, integrating your Jellyfin content here is probably the best.
As second option, and what I’m using still today, is simple the Jellyfin Web Version via browser in full screen mode. Just activate the TV mode in the Jellyfin settings. There are some minor bugs when navigating via keyboard, but most of the time it runs perfect. But because Firefox is still not playing MKV files (see bug 1422891) I had to install Chromium for proper use of Jellyfin.

apt install chromium chromium-l10n

Just enter the full screen mode with F11, and it looks pretty well on your TV.

6. Plasma Activities

When using KDE Plasma you can simply create Activities (click here to see how to create an activity) for each of your full screen running application and easily switch between them. In my case I created three Acitivites, one for YouTube Leanback, one for Kodi and one for Jellyfin. And of course there is the Standard Activity, which is just my normal desktop for viewing other content like photos or playing a Steam game. This way, I can switch through all my full screen applications via Super + Tab (or backwards with Super + Shift + Tab).

7. KDE Connect

If you don’t want to use the keyboard the whole time to control your media on your HTPC, you should try KDEConnect on your Smartphone. You’ll get the app from the F-Droid Store: KDE Connect.
Next, just install the application on your host with:

apt install kdeconnect

and pair the two devices. By default, whenever media is played on your HTPC the app will now present you an interface to control it (with play, pause, next etc.). Also, you are able to control the mouse via touch on your Smartphone. And there are some other functions you should check out as well.

I’m really enjoying this new setup. It’s much more powerful, flexible and easier to handle than my old Raspberry Pi 3. I will keep an eye on whether there will be problems with a system update in the future.

[Wireguard] Set up Wireguard using PiVPN inside LXC

Recently I had to setup a new Proxmox host and also had to setup a VPN to access the network of the host. This time I gave PiVPN a try, since it recently added support for Wireguard.
So first I installed Wireguard on the host like here (without adding the TUN device to the containers config), set up a new unprivileged container running debian buster, set up port forwarding in the router, installed curl followed by the one liner for PiVPN.

apt install curl
curl -L https://install.pivpn.io | bash

And that was almost it. Now just add a device and use the QR-Code the use it on Android.

pivpn -a
pivpn -qr

PiVPN delivers what it promises! That was super easy to setup.