Unifi Application in Proxmox LXC

Yet another Debian 11 based LXC for simple install of Unifi. Unifi is not taxing your hardware a lot, but I do recommend more than 512mb. For a small network 1gb may be fine, but you quickly see wether you need to add more or not.

The usual suspects are needed after booting the LXC

apt update
apt upgrade -y
apt install curl wget -y

A gentleman called Glenn Rietveld have made quite a few great scripts, and the one for installing Unifi is is one of them. At the time of this writing the latest version was 7.0.25, so use wget to get the script

# wget https://get.glennr.nl/unifi/install/unifi-7.0.25.sh and
# ./unifi-7.0.25.sh to install

If you have an older install and want to upgrade to the latest version use https://get.glennr.nl/unifi/update/unifi-update.sh

Various notes related to this script and more can be found here

https://glennr.nl/

https://glennr.nl/s/unifi-network-controller

Reklame

PlexServer in LXC (Proxmox)

I used the Debian 11 LXC template in Proxmox for this one as well, and the process is easy. My config looks like this

arch: amd64
cores: 8
hostname: Jellyfin
memory: 4098
mp0: /Pool01/subvol-100-disk-0/,mp=/mnt/Mediafiles
net0: name=eth0,bridge=vmbr0,firewall=1,gw=10.0.0.254,hwaddr=AA:AD:E6:EA:F8:BD,ip=10.0.0.100/24,type=veth
ostype: debian
rootfs: Pool01:subvol-101-disk-0,size=30G
swap: 4098

apt update ; apt upgrade -y
apt install mc curl gnupg2 sudo -y
echo deb https://downloads.plex.tv/repo/deb public main | sudo tee /etc/apt/sources.list.d/plexmediaserver.list
curl https://downloads.plex.tv/plex-keys/PlexSign.key | sudo apt-key add –
apt update
apt install plexmediaserver

Then add plex to the users-group in /etc/group

The volume that is mapped here is the 20TB volume that I also use for my Turnkey fileserver

Easy Email-relay setup with Debian and Postfix using your Gmail account

When your homelab suddenly becomes critical, isn’t it nice to get notifications if something happens? Indeed, and it’s nice to have an SMTP-host in your network that can relay all email without tinkering with your Google account every single time you need to configure email in your apps and services.

Starting with a Debian 11 LXC (from the templates in Proxmox) you only need to make a few steps to have Postfix working

First you need the sasl2-libs

# apt install libsasl2-modules

Add the following to /etc/postfix/main.cf

relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
inet_interfaces = all

Regarding inet_interfaces it may be set to «loopback-only» by default, thus not accepting incoming traffic on port 25. If you have multiple ports/IPs and want different config for these – check Postfix documentation.

Add the Verisign Certificate Authority to Postfix’s CA file:

# tee -a will append contents to file if file already exists
cat /etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem | tee -a /etc/postfix/cacert.pem

Next you need to generate a Gmail App Password for use with the sasl_password file. Go to App Passwords on your Google Security Tab and create one. Select “Other (Custom name)” and copy the 16 characters.

Then edit /etc/postfix/sasl_password and add the following info

[smtp.gmail.com]:587    USERNAME@gmail.com:APP_PASSWORD

Replace USERNAME with your gmail username and APP_PASSWORD with the 16 characters you just copied (remove any spaces!)

Set the correct permissions on the file

chmod 400 /etc/postfix/sasl_passwd

Use Postmap to generate the sasl_passwd.db file

/usr/sbin/postmap sasl_passwd

Restart the Postfix service

/etc/init.d/postfix reload

If you did all steps correctly you should be able to send email from this LXC without issues

echo "Subject: Test mail from postfix" | sendmail -v USERNAME@gmail.com

Verify the logs and see if you did everything correctly

root@Postfix:/etc/postfix# tail -f /var/log/mail.log 
May  3 06:31:23 Postfix postfix/postfix-script[1279]: starting the Postfix mail system
May  3 06:31:23 Postfix postfix/master[1281]: daemon started -- version 3.5.6, configuration /etc/postfix
May  3 06:32:11 Postfix postfix/pickup[1283]: CCFC45E1B: uid=0 from=<root>
May  3 06:32:11 Postfix postfix/cleanup[1296]: CCFC45E1B: message-id=20220503063211.CCFC45E1B@Postfix.localdomain
May  3 06:32:11 Postfix postfix/qmgr[1284]: CCFC45E1B: from=<root@Postfix.localdomain>, size=268, nrcpt=1 (queue active)
May  3 06:32:13 Postfix postfix/smtp[1298]: CCFC45E1B: to=<USERNAME@gmail.com>, relay=smtp.gmail.com[64.233.164.108]:587, delay=7, delays=5.3/0.04/0.5/1.1, dsn=2.0.0, status=sent (250 2.0.0 OK  1651559533 n21-20020a2e86d5000000b0024cac53a82csm1248338ljj.0 – gsmtp)

RPi 4 and dockerized Hass.io

For a long time I’ve been using Ubuntu with Docker for my HomeAssistant setup, but when trying to get that working on my Pi 4 I realized that my regular «install docker, install portainer and grab hassio» did not work. I could easily just grab the HassOS-image for RPi 4, but I want an OS with a few more options, as well as running containers outside the ones integrated with HomeAssistant. Having the 7 inch touch screen working is also nice 🙂

The process is quite simple

Assuming you have raspbian (lite or desktop – doesn’t matter), make sure everything is updated (apt upgrade ; apt upgrade -y). Then

$ sudo apt-get install -y software-properties-common apparmor-utils apt-transport-https avahi-daemon ca-certificates curl dbus jq network-manager socat
$ sudo systemctl disable ModemManager
$ sudo curl -fsSL get.docker.com | sh
$ sudo apt-get update [probably not necessary...]

$ sudo curl -sL "https://raw.githubusercontent.com/home-assistant/supervised-installer/master/installer.sh" >> hassio_install.sh

 

Open this file in an editor and edit the section relevant for the RPi hardware.

"armv7l")

if [ -z $MACHINE ]; then
error "Please set machine for $ARCH"
fi
HOMEASSISTANT_DOCKER="$DOCKER_REPO/$MACHINE-homeassistant"
HASSIO_DOCKER="$DOCKER_REPO/armv7-hassio-supervisor"

The required changes are in bold

if [ -z $MACHINE ]; then
error "Please set machine for $ARCH"
fi
HOMEASSISTANT_DOCKER="$DOCKER_REPO/raspberrypi3-homeassistant"
HASSIO_DOCKER="$DOCKER_REPO/armhf-hassio-supervisor"

Save the file and run

$ sudo bash hassio_install.sh -m raspberrypi4

This will force you to type «not supported» in order to get you going.

root@raspberrypi:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
25da7d736292 homeassistant/raspberrypi3-homeassistant:landingpage "/init" 16 seconds ago Up 14 seconds homeassistant
57326790e6ea homeassistant/armhf-hassio-audio:14 "/init" 24 seconds ago Up 22 seconds hassio_audio
1a8885d61ec6 homeassistant/armhf-hassio-dns:9 "/init coredns -conf…" 26 seconds ago Up 23 seconds hassio_dns
7f6323884631 homeassistant/armhf-hassio-cli:25 "/init /bin/bash -c …" 26 seconds ago Up 23 seconds hassio_cli
3c0f499aa316 homeassistant/armhf-hassio-multicast:2 "/init" 28 seconds ago Up 26 seconds hassio_multicast
2d5fc6976bb8 homeassistant/armhf-hassio-supervisor "/init" 41 seconds ago Up 39 seconds hassio_supervisor

This should hopefully do the trick and leave you with a real OS and a dockerized Hass.io on your RPi 4

Note – this method is NOT supported, and may work today, and maybe not tomorrow.

Home Assistant – the move from RPi to Ubuntu

[work in progress]

I’ve been using my RPi2 with Home Assistant for the last two years or so (belive my initial version was pre 0.30), and it’s an easy setup that works fine for most. A bit cranky initially with compiling a few items on the RPi1… I started with Raspbian, but moved to HassIO after a while. Performance has been ok, but my issue has primarliy been SD cards. They seem to fail every 6-12 months no matter if I choose Kingston, Sandisk or Samsung. The Z-wave parts seems to contribute to exessive writing which causes the cards to wear out. I know industrial cards might be a viable option, but performance wise the RPi 2 is probably past its prime. When the SD-card failed a few weeks back I decided to take the move and dug out an old ThinkPad 430s, updated BIOS/firmware, added an SSD and got started.

I decided to go for Ubuntu and Docker this time. I chose the 18.04LTS version and performed a clean install with no options selected.  Desktop or server does not matter that much – you can always add GUI and the other stuff later if needed. As long as I got it online with ssh I was fine.

The initial install is no options selected from Ubuntu installer. When installed and rebooted I did a few minor steps

# sudo apt update (to make sure the system is completely updated before proceeding)
# sudo apt install apt-transport-https ca-certificates curl software-properties-common
# sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
# sudo apt update
# sudo apt install docker-ce
# sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
# sudo chmod +x /usr/local/bin/docker-compose

As I had no prior experience with Docker this was a learning by doing process. I started the hard way by trying to get a grip with Yaml and the docker-compose-file. There are quite a few sources for information to get it running,  and decent editor (Notepad ++, Sublime or similar if using Windows) will handle markup and other quirks rather well. Most failures seems to be related to the «moron» between the chair and keyboard 😉

The first containter I want to install is Portainer. A great tool for simple management of your containers, and doing stuff like adding networks, restarting containters, removing containers, check logs, access container console etc.

A smart way when starting (imho) is to figure out where you want your containers to be stored (I use /srv/docker) as it makes backups easier to create. I’d start with creating  a docker-compose.yaml file in this directory, and for Portainer it would look something like this

version: '3'

services:


  portainer:
    container_name: portainer
    image: portainer/portainer
    volumes:
      - /srv/docker/portainer:/data
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "9000:9000"

Make sure you created /srv/docker/portainer and that port 9000 is not in use.

# sudo docker-compose up -d

Creating network "docker_default" with the default driver
Pulling portainer (portainer/portainer:)...
latest: Pulling from portainer/portainer
d1e017099d17: Pull complete
a27de812d373: Pull complete
Digest: sha256:ab096b92ed177b47adfa8a9a99e304d36596efa557b9627c066cee164cc39910
Status: Downloaded newer image for portainer/portainer:latest
Creating portainer ... done
Attaching to portainer
portainer | 2018/08/28 18:44:04 Starting Portainer 1.19.1 on :9000

Try accessing your server on port 9000 and you’re good to go 🙂 You might need to disable/adjust your firewall in order to proceed

# sudo service ufw stopv [and add an exception for port 9000 later..!!]

Next I was going to install HassIO. I could have done this the «hard way» with manual install of Home Assistant and all the various addons instead of HassIO, but I’m lazy by default so I went for HassIO (just like with my RPi). Needless to say – I did a minor screwup when installing the first time regarding where to keep my containers, but it was easily corrected. To make sure you’re ending up with all files in the correct place (/srv/docker/hassio) make the necessary preps

# sudo mkdir /srv/docker/hassio
# sudo ln -s /usr/local/hassio /srv/docker/hassio
# sudo apt install jq avahi-daemon

If you installed the server without any options (as I did) you will probably miss a couple of repositories in order to install the jq and avahi-daemon. Edit /etc/apt/sources.list and make it look something like this (I live among polar bears, moose and other creatures, thus the Norwegian mirrors)

deb http://no.archive.ubuntu.com/ubuntu/ bionic main restricted
deb http://no.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
deb http://no.archive.ubuntu.com/ubuntu/ bionic universe
deb http://no.archive.ubuntu.com/ubuntu/ bionic-updates universe
deb http://no.archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://no.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
deb http://no.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse

 

This should get you started with Home Assistant – try http://your-server:8123 and you’re acomplished step #1 🙂

Next step is to configure Home Assistant and HassIO to make it useful. I will add stuff like Pi Hole, Caddy, Dropbox-backup, Philips Hue, Aeontec Z-wave USB-stick, AppDaemon as well as configure 2FA with Google Authentication.

Configure HassIO/Home Assistant

Aeontec Z-wave USB Gen 5 card

My first and primary goal was to include Z-Wave and Philips Hue for this setup. I’ll start with the Aeontec. The card is automatically detected on both my Intel NUC and Lenovo ThinkPad T430s. With the Thinkpad I had to tinker with the USB-settings in BIOS as it had some issues initializing the card when using USB 3.0 ports. A few clicks and it showed up as /dev/tty/ACM0. The NUC did not behave like this, so you may or may not see this problem. Others have experienced change of device address when rebooting, but that used to be a Raspbian issue for my part. No issues with Ubuntu and the two computers I’ve tried with.

When plugging in the card for the first time it will blink like a christmas tree. To disable this issue the following

Turn off “Disco lights”:

$ echo -e -n «\x01\x08\x00\xF2\x51\x01\x00\x05\x01\x51» > /dev/serial/by-id/usb-0658_0200-if00

Turn on “Disco lights”:

$ echo -e -n «\x01\x08\x00\xF2\x51\x01\x01\x05\x01\x50» > /dev/serial/by-id/usb-0658_0200-if00

 

PiHole

If you’re like me you prefer to avoid all kind of commercials and other annoying stuff that pops up on various websites. PiHole works similar to AdBlocker, but acts as an ad-blocking forward-DNS for your network. It has a few options like the option of acting as a DHCP-server, but I prefer to let my Ubiquti EdgeRouter take care of that. Thus I just edited the DHCP-options and added my Ubuntu-server as primary DNS in my EdgeRouter.

If you use Ubuntu 18.04 there is an issue with the resolving-service from systemd (dnsmasq) and PiHole. To get around with that edit /etc/systemd/resolved.conf and edit the last line to disable the local dnsmasq

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#Cache=yes
DNSStubListener=no

When editing is done, restart the service

# sudo service systemd-resolved restart

When enabled I see 20-30% of all queries blocked, and most sites works fine. You may surely whitelist some domains if you run into trouble (or avoid those domains entirely…). Check out the sites listed here https://pi-hole.net/pages-to-test-ad-blocking-performance/ and monitor the stats of your PiHole and you will get the idea what this can do for you. As said – some sites will complain about you blocking their ads, but feel free to experiment with whitelisting/blacklisting. After about a week I did not adjust anything, and if my wife does not complain I feel it’s quite close to optimal 😉

[To be continued]

 

Ny forsterker i hus


Jepps, ny forsterker er kommet i hus – en knøttliten sak fra SMSL som heter SA-36A. Den er basert på Tripath TA2020, og måler 150 x 92 x 43mm. Ved 8 ohm og greit power skal den yte ca 2 x 12 watt. Jeg testet den såvidt i kveld med iPhone 4S via Monster Cable dock og Dynaudio Countour 1.3SE. Langt fra en match-made-in-heaven med tanke på følsomheten på Dynaudio’ene, men lydbildet virket bra til prisen ($35 ink frakt). Når lillemor sover er det ingen god idé å teste maks volum, men det var kanskje noe ikke helt det samme som forsterkeren som vanligvis er kopla på her.

Mulig den vil være en grei match når jeg får ferdig mitt Cyburgs Needle bygg ??

Digresjon – den ser ganske så stusselig ved siden av min Emotiva MPS2. Fjernkontrollen til Emotiva UMC-1 veier også trolig mer enn SA-36A’en…

Oppdatering 12.06.2012

Har endelig fått mulighet til å teste ut denne knøtten litt mer, og den har overbausende mye kraft. Volumet med mine relativt tungdrevne Dynaudio’s var ganske så greit, men kombo’en med iPhone 4S og Monster Cable dock’en gir litt lavt signal ut slik at det ikke er mulig å få nok trøkk til tider. Hadde forøvrig samme «problem» med en eldre DAC fra Muse (Model Two) som kun kjørte 1 volt ut…

Anyways – den siste skiva til Lars Vaular (mp3 fra Platekompaniet) har relativt sett noe høyere volum enn det andre jeg hadde liggende, og det var mulig å merke små tendenser til forvrenging når man nærmet seg fullt pådrag. Lydbildet virker ikke like luftig og dynamisk som med Emotiva UMC-1/MPS2, men strengt tatt ganske så hyggelig med tanke på den latterlige lave prisen og latterlige størrelsen.

Neste test får bli å kople den til UMC-1 og teste med FLAC eller cd…

Oppdatering 23.06

Forsterkeren har fått seg en tur til hytta, og er det blitt testet på Dynavoice DF-5. Normalt er disse koplet opp mot Emotiva-utstyr og en 10″ Energy sub, men fikk nå kjøre alene med  SA-36. Som tidligere så er jeg fortsatt imponert av kraften denne lille saken innehar. DF-5’ene har oppgitt følsomhet på 92/dB, og følgelig blir lydnivået noe helt annet. Lydbildet oppfattes som noe mer komprimert enn Emotiva USP-1/UPA-2 (fortsatt testet med iPhone 4S og 256kbit mp3), men helt upåklagelig til den latterlige lave prisen. Kontroll i bassen må sies å være relativt bra, selv om den ikke kan måle seg med Emotiva. Med tanke på effektivitet og varmeutvikling så er det åpenbart at T-amp gjør en god jobb. Etter en drøy halvtime med Lars Vaular (well….) på nesten maks volum var det ingen tegn til annet enn lunken overflate på forsterkeren. Powersupply’et (fra en gammel ekstern Samsung USB-disk) var heller ikke merkbart varmere enn normalt.

Foreløpig konklusjon er at denne lille SMSL-forsterkeren må sies å være et røverkjøp. Den egner seg åpenbart ikke til alle oppgaver, men for et mindre krevende oppsett (og gjerne lettdrevne høyttalere) så er det mye moro for pengene!

Post alt om deg selv på Facebook!!

Sånn kan det gå når man legger ut mer enn nødvendig på Facebook http://yro.slashdot.org/story/10/09/12/217214/Burglary-Ring-Used-Facebook-Places-To-Find-Targets

Et lite tips til dere som legger ut informasjon om ferier osv er å nevne at bikkja (Rottweileren «Lille Glefs» på 70kg) fortsatt er hjemme, og at han ikke har spist på flere dager….