diff --git a/ai/docker-compose.yml b/ai/docker-compose.yml index fcf249c..c67b692 100644 --- a/ai/docker-compose.yml +++ b/ai/docker-compose.yml @@ -1,6 +1,6 @@ services: openwebui: - image: ghcr.io/open-webui/open-webui:0.5.10 + image: ghcr.io/open-webui/open-webui:0.5.11 container_name: open-webui restart: always environment: @@ -13,6 +13,7 @@ services: - 'OAUTH_CLIENT_SECRET=7DvwzbhHEElZLoZjEcHOtpwIU2IxhyNPv5sGmdOnJvvaMxQVQTgbaP6OAcEKTGLtUvIzgh8c8juvTYsrOkdp2WXCLNTrM2ZQP3UhHTBjESRU1yZK4MaVG46jnLj9Aaks' - 'OAUTH_SCOPES=openid email profile' - 'OPENID_REDIRECT_URI=https://ai.home.thoster.net/oauth/oidc/callback' + - 'GLOBAL_LOG_LEVEL=DEBUG' volumes: - ./data:/app/backend/data ports: diff --git a/hass/homeassistant/automations.yaml b/hass/homeassistant/automations.yaml index 8c21ee3..9ac9eca 100644 --- a/hass/homeassistant/automations.yaml +++ b/hass/homeassistant/automations.yaml @@ -474,6 +474,10 @@ device_id: ef6d5a43ae7c971e4b7b740dbc0f378e entity_id: d212bffda3c532f2e43ea9d08b1fd008 domain: switch + for: + hours: 0 + minutes: 59 + seconds: 0 actions: - type: turn_off device_id: ef6d5a43ae7c971e4b7b740dbc0f378e diff --git a/hass/homeassistant/configuration.yaml b/hass/homeassistant/configuration.yaml index 79ab84b..7b57e0a 100644 --- a/hass/homeassistant/configuration.yaml +++ b/hass/homeassistant/configuration.yaml @@ -18,7 +18,12 @@ switch: mac: "58:47:CA:78:4E:59" turn_off: service: shell_command.turn_off_remote_pc - + - platform: template + name: "comfyui" + turn_on: + service: shell_command.start_comfy_ui + turn_off: + service: shell_command.turn_off_remote_pc #MQTT Broker for milight hub: mqtt: diff --git a/hass/homeassistant/shell_commands.yaml b/hass/homeassistant/shell_commands.yaml index 67f03f6..b5caca4 100644 --- a/hass/homeassistant/shell_commands.yaml +++ b/hass/homeassistant/shell_commands.yaml @@ -1 +1,2 @@ turn_off_remote_pc: "ssh -i /config/ssh_keys/id_rsa_homeassistant -o 'StrictHostKeyChecking=no' homeassistant@192.168.178.87 sudo shutdown -h now" +start_comfy_ui: "ssh -i /config/ssh_keys/id_rsa_homeassistant -o 'StrictHostKeyChecking=no' homeassistant@192.168.178.87 bash -c 'cd /home/oster/git/ComfyUI;./start.sh; read x'" diff --git a/samba/config/avahi/samba.service b/samba/config/avahi/samba.service new file mode 100644 index 0000000..6da78c5 --- /dev/null +++ b/samba/config/avahi/samba.service @@ -0,0 +1,9 @@ + + + + %h + + _smb._tcp + 445 + + \ No newline at end of file diff --git a/samba/config/runit/avahi/run b/samba/config/runit/avahi/run new file mode 100755 index 0000000..ce49968 --- /dev/null +++ b/samba/config/runit/avahi/run @@ -0,0 +1,2 @@ +#!/bin/sh -x +exec avahi-daemon --no-rlimits diff --git a/samba/config/runit/nmbd/run b/samba/config/runit/nmbd/run new file mode 100755 index 0000000..999998a --- /dev/null +++ b/samba/config/runit/nmbd/run @@ -0,0 +1,3 @@ +#!/bin/sh -x +sleep 6 +exec nmbd --foreground diff --git a/samba/config/runit/samba/run b/samba/config/runit/samba/run new file mode 100755 index 0000000..a84a3fe --- /dev/null +++ b/samba/config/runit/samba/run @@ -0,0 +1,3 @@ +#!/bin/sh -x +sleep 2 +exec smbd --foreground diff --git a/samba/config/runit/wsdd2/run b/samba/config/runit/wsdd2/run new file mode 100755 index 0000000..703c0d7 --- /dev/null +++ b/samba/config/runit/wsdd2/run @@ -0,0 +1,3 @@ +#!/bin/sh -x +sleep 10 +exec /usr/sbin/wsdd2 diff --git a/samba/config/samba/smb.conf b/samba/config/samba/smb.conf new file mode 100644 index 0000000..5a7453d --- /dev/null +++ b/samba/config/samba/smb.conf @@ -0,0 +1,31 @@ +[global] + server role = standalone server + log file = /dev/stdout + dns proxy = no + + # password stuff + passdb backend = smbpasswd + + obey pam restrictions = yes + security = user + printcap name = /dev/null + load printers = no + dns proxy = no + wide links = yes + follow symlinks = yes + unix extensions = no + acl allow execute always = yes + + # MacOS Compatibility options + vfs objects = catia fruit streams_xattr + + # Special configuration for Apple's Time Machine + fruit:model = TimeCapsule + fruit:aapl = yes + + # fix filenames with special chars (should be default) + mangled names = no + dos charset = CP850 + unix charset = UTF-8 + + # Docker Envs global config options diff --git a/traefik/conf.d/rules.yml b/traefik/conf.d/rules.yml index 510e696..60cabff 100644 --- a/traefik/conf.d/rules.yml +++ b/traefik/conf.d/rules.yml @@ -69,6 +69,23 @@ http: service: authentik tls: certResolver: letsencrypt + comfy-router: + entryPoints: + - "websecure" + rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - middlewares-authentik + service: comfy-service + tls: + certResolver: letsencrypt + comfy-router-auth: + entryPoints: + - "websecure" + rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt photos-router: entryPoints: - "websecure" @@ -111,7 +128,7 @@ http: hass-service: loadBalancer: servers: - - url: "http://ubuntu:8123" + - url: "http://192.168.178.114:8123" photos-service: loadBalancer: servers: @@ -128,6 +145,10 @@ http: loadBalancer: servers: - url: "http://ubuntu:5200" + comfy-service: + loadBalancer: + servers: + - url: "http://192.168.178.87:8188" auth-service: loadBalancer: servers: diff --git a/traefik/conf.d/rules.yml.backup3 b/traefik/conf.d/rules.yml.backup3 new file mode 100644 index 0000000..9133d3b --- /dev/null +++ b/traefik/conf.d/rules.yml.backup3 @@ -0,0 +1,147 @@ +# dynamic configuration +http: + middlewares: + middlewares-authentik: + forwardAuth: + address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version + routers: + hass-router: + entryPoints: + - "hass" + rule: "Host(`home.thoster.net`) && PathPrefix(`/`)" + service: hass-service + tls: + certResolver: letsencrypt + paperless-router: + entryPoints: + - "websecure" + rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - "middlewares-authentik" + priority: 15 + service: paperless-service + tls: + certResolver: letsencrypt + hass-router-auth: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + paperless-router-auth: + entryPoints: + - "websecure" + rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + default-router: + entryPoints: + - "websecure" + rule: "Host(`home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - middlewares-authentik + service: wikimd-service + tls: + certResolver: letsencrypt + default-router-auth: + entryPoints: + - "websecure" + rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + photos-router: + entryPoints: + - "websecure" + rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)" + service: photos-service + tls: + certResolver: letsencrypt + auth-router: + entryPoints: + - "websecure" + rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)" + service: auth-service + tls: + certResolver: letsencrypt + hass2-router: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - "middlewares-authentik" + service: hass-service + tls: + certResolver: letsencrypt + nas-router: + entryPoints: + - "websecure" + rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)" + service: nas-service + tls: + certResolver: letsencrypt + ai-router: + entryPoints: + - "websecure" + rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)" + service: ai-service + tls: + certResolver: letsencrypt + + services: + hass-service: + loadBalancer: + servers: + - url: "http://192.168.178.114:8123" + photos-service: + loadBalancer: + servers: + - url: "http://ubuntu:2283" + nas-service: + loadBalancer: + servers: + - url: "http://nas" + ai-service: + loadBalancer: + servers: + - url: "http://ubuntu:8082" + wikimd-service: + loadBalancer: + servers: + - url: "http://ubuntu:5200" + auth-service: + loadBalancer: + servers: + - url: "http://ubuntu:9000" + paperless-service: + loadBalancer: + servers: + - url: "http://ubuntu:8000" + dummy-service: + loadBalancer: + servers: + - url: "http://whoami" + authentik: + loadBalancer: + servers: + - url: "http://ubuntu:9000/outpost.goauthentik.io" + diff --git a/traefik/traefik.yaml.backup b/traefik/traefik.yaml.backup new file mode 100644 index 0000000..befeaf1 --- /dev/null +++ b/traefik/traefik.yaml.backup @@ -0,0 +1,63 @@ +providers: + file: + directory: /etc/traefik/conf.d/ + +entryPoints: + web: + address: ':80' + http: + redirections: + entryPoint: + to: websecure + scheme: https + + websecure: + address: ':443' + http: + tls: + certResolver: letsencrypt + + + traefik: + address: ':8080' + + hass: + address: ':444' + http: + tls: + certResolver: letsencrypt + redirections: + entryPoint: + scheme: https + +certificatesResolvers: + letsencrypt: + acme: + email: "stefan@ostermail.de" + storage: /etc/traefik/ssl/acme.json + tlsChallenge: {} + +api: + dashboard: true + insecure: true + +log: + filePath: /var/log/traefik/traefik.log + format: json + level: INFO + +accessLog: + filePath: /var/log/traefik/traefik-access.log + format: json + filters: + statusCodes: + - "200" + - "400-599" + retryAttempts: true + minDuration: "10ms" + bufferingSize: 0 + fields: + headers: + defaultMode: drop + names: + User-Agent: keep diff --git a/traefik/traefik.yaml.backup2 b/traefik/traefik.yaml.backup2 new file mode 100644 index 0000000..e6b1949 --- /dev/null +++ b/traefik/traefik.yaml.backup2 @@ -0,0 +1,65 @@ +providers: + file: + directory: /etc/traefik/conf.d/ + +entryPoints: + web: + address: ':80' + http: + redirections: + entryPoint: + to: websecure + scheme: https + + websecure: + address: ':443' + http: + tls: + certResolver: letsencrypt + + paperless: + address: ':5200' + + traefik: + address: ':8080' + + hass: + address: ':444' + http: + tls: + certResolver: letsencrypt + redirections: + entryPoint: + scheme: https + +certificatesResolvers: + letsencrypt: + acme: + email: "stefan@ostermail.de" + storage: /etc/traefik/ssl/acme.json + tlsChallenge: {} + +api: + dashboard: true + insecure: true + +log: + filePath: /var/log/traefik/traefik.log + format: json + level: INFO + +accessLog: + filePath: /var/log/traefik/traefik-access.log + format: json + filters: + statusCodes: + - "200" + - "400-599" + retryAttempts: true + minDuration: "10ms" + bufferingSize: 0 + fields: + headers: + defaultMode: drop + names: + User-Agent: keep diff --git a/wikimd/wiki/homepage.md b/wikimd/wiki/homepage.md index 719d9b9..3e841e0 100644 --- a/wikimd/wiki/homepage.md +++ b/wikimd/wiki/homepage.md @@ -10,6 +10,9 @@ [KI Server](https://ai.home.thoster.net) -> wenn der Rechner im Keller aus ist, gehen nur die öffentlichen Modelle! +#### Alte Dinge +[Photo App auf der NAS](https://home.thoster.net:446/photo/) + ### Interne Dienste [Proxmox](https://192.168.178.99:8006) @@ -24,6 +27,8 @@ [Influx](http://ubuntu.fritz.box:8086) +[Paperless ai](http://ubuntu:3000/) + https://www.reddit.com/r/homeassistant/comments/oje65v/home_assitant_with_grafana_and_influxdb_2x_basic/ ### Probleme / TODOs