Archives
/
selfhosted-apps-docker
mirror of https://github.com/DoTheEvo/selfhosted-apps-docker
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f1fa4a8760'
${ noResults }
selfhosted-apps-docker/arch_linux_host_install
History
DoTheEvolution f1fa4a8760 update 4 years ago
..
readme.md update 4 years ago

readme.md

Arch Linux installation to serve as a docker host

guide by example

logo

Purpose

Linux that will run docker.

This is not a very hand holding guide.
Google for plenty of tutorials and youtube videos alongside arch wiki.

Files and directory structure

/home/
└── bastard/
    └── docker/
        ├── container-setup #1
        ├── container-setup #2
        ├── ...

Make installation usb

sudo dd bs=4M if=archlinux-2020.05.01-x86_64.iso of=/dev/sdX status=progress oflag=direct

The above command will fuck your machine up if you dunno what you are doing

Boot from the usb

This is BIOS/MBR setup as I am running on and old thinkpad with a busted screen, plus I like the simplicity of it.
So if theres boot menu option choose non-uefi.

Installation

  • create a single partition and mark it bootable
    cfdisk /dev/sda
  • build ext4 filesystem on it
    mkfs.ext4 /dev/sda1
  • mount the new partition
    mount /dev/sda1 /mnt
  • choose geographicly close mirror, ctrl+k deletes a line in nano
    nano /etc/pacman.d/mirrorlist
  • install the base system
    pacstrap /mnt linux linux-firmware base base-devel linux linux-firmware grub dhcpcd
  • gnerate fstab
    genfstab -U /mnt > /mnt/etc/fstab
  • chroot in to the new system
    arch-chroot /mnt
  • install grub
    grub-install /dev/sda
    grub-mkconfig -o /boot/grub/grub.cfg
  • remove the bootable media and restart the machine
    exit
    reboot

Basic configuration after the first boot

  • login as root
  • set password for root
    passwd
  • set hostname
    echo docker-host > /etc/hostname
  • add new user and set their password
    useradd -m -G wheel bastard passwd bastard
  • edit sudoers to allow users group wheel to sudo
    EDITOR=nano visudo
    %wheel ALL=(ALL) ALL
  • check the network interface name
    ip link
  • enable aquiring dynamic IP
    systemctl enable --now dhcpcd@enp0s25
  • uncomment desidred locales in locale.gen
    nano /etc/locale.gen
  • generate new locales and set one system wide
    locale-gen
    localectl set-locale LANG=en_US.UTF-8
  • select timezone and set it permanent
    tzselect
    timedatectl set-timezone 'Europe/Bratislava'
  • set hardware clock and sync using ntp
    hwclock --systohc --utc
    timedatectl set-ntp true
  • setup a swap file
    fallocate -l 8G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    nano /etc/fstab
    /swapfile none swap defaults 0 0
  • enable colors in pacman.conf
    nano /etc/pacman.conf Color
  • reboot
    reboot

Some packages to install

  • login as the non root user
  • install some packages
    sudo pacman -S docker docker-compose openssh sshfs git cronie curl
    sudo pacman -S borg zsh vim htop lm_sensors
  • install yay for access to AUR packages
    git clone https://aur.archlinux.org/yay-bin.git
    cd yay-bin && makepkg -si
    cd .. && rm -rf yay-bin

Setup docker

  • have docker and docker-compose packages installed
    sudo pacman -S docker docker-compose
  • enable docker service
    sudo systemctl enable --now docker
  • add non-root user to the docker group
    sudo gpasswd -a bastard docker

Setup SSH access

  • have openssh packages installed sudo pacman -S openssh
  • edit sshd_config sudo nano /etc/ssh/sshd_config
    change whatever desires

ZSH shell

I like Zim

  • have zsh package installed
  • change users default shell to zsh
    chsh -s /bin/zsh curl -fsSL https://raw.githubusercontent.com/zimfw/install/master/install.zsh | zsh

ZSH shell

arch-chroot /mnt

  • install grub
    grub-install /dev/sda
    grub-mkconfig -o /boot/grub/grub.cfg
  • remove the bootable media and restart the machine
    exit
    reboot

Caddy v2 is used, details here.
Bitwarden_rs documentation has a section on reverse proxy.

Caddyfile

passwd.{$MY_DOMAIN} {
    header / {
       X-XSS-Protection "1; mode=block"
       X-Frame-Options "DENY"
       X-Robots-Tag "none"
       -Server
    }
    encode gzip
    reverse_proxy /notifications/hub/negotiate bitwarden:80
    reverse_proxy /notifications/hub bitwarden:3012
    reverse_proxy bitwarden:80
}

Forward port 3012 TCP on your router

WebSocket protocol is used for notifications, so that all web based clients can immediatly sync when a change happens on the server.

  • Enviromental variable WEBSOCKET_ENABLED=true needs to be set.
  • Reverse proxy needs to route /notifications/hub to port 3012.
  • Router needs to forward port 3012 to docker host, same as port 80 and 443 are forwarded.

To test if websocket works, have the desktop app open and make changes through browser extension, or through the website. Changes should immediatly appear in the desktop app. If it is not working, you need to manually sync for changes to appear.

Extra info

bitwarden can be managed at <url>/admin and entering ADMIN_TOKEN set in the .env file. Especially if signups are disabled it is the only way to invite users.

push notifications

interface-pic

Update

  • watchtower updates the image automaticly

  • manual image update
    docker-compose pull
    docker-compose up -d
    docker image prune

Backup and restore

  • backup using BorgBackup setup that makes daily snapshot of the entire directory

  • restore
    down the bitwarden container docker-compose down
    delete the entire bitwarden directory
    from the backup copy back the bitwarden directortory
    start the container docker-compose up -d

Backup of just user data

User-data daily export using the official procedure.
For bitwarden_rs it means sqlite database dump and backing up attachments directory.

Daily run of BorgBackup takes care of backing up the directory. So only database dump is needed. The created backup sqlite3 file is overwriten on every run of the script, but that's ok since BorgBackup is making daily snapshots.

  • create a backup script
    placed inside bitwarden directory on the host

    bitwarden-backup-script.sh

    #!/bin/bash

# CREATE SQLITE BACKUP
docker container exec bitwarden sqlite3 /data/db.sqlite3 ".backup '/data/BACKUP.bitwarden.db.sqlite3'"

    the script must be executabe - chmod +x bitwarden-backup-script.sh

  • cronjob on the host
    crontab -e - add new cron job
    0 2 * * * /home/bastard/docker/bitwarden/bitwarden-backup-script.sh - run it at 02:00
    crontab -l - list cronjobs

Restore the user data

Assuming clean start.

  • start the bitwarden container: docker-compose up -d
  • let it run so it creates its file structure
  • down the container docker-compose down
  • in bitwarden/bitwarden-data/
    replace db.sqlite3 with the backup one BACKUP.bitwarden.db.sqlite3
    replace attachments directory with the one from the BorgBackup repository
  • start the container docker-compose up -d