Initial version of readme.md for restic-backup, rustdesk, sanoid, and tailscale

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "editor.formatOnSave": true
+}

devices/README.md

@@ -1 +1 @@
-This directory contains the system configuration of the devices connected to the network.  There is one directory per device, named with the host name of the device.  Each device directory corresponds to the root directory (/) of the device that it documents; the directory structure under it mirrors the actual directory structure on the device, as needed to represent the configuration files being documented.
+This directory contains the system configuration of the devices connected to the network.  There is one directory per device, named with the host name of the device.  Under the device directory is a 'config' directory, which corresponds to the root directory (/) of the device that it documents; the directory structure under it mirrors the actual directory structure on the device, as needed to represent the configuration files being documented.

devices/teal/README.md

@@ -1 +1,28 @@
 Principal storage server and host for most services.
+
+# Services
+
+## SystemD Services
+
+* caddy
+* restic-backup
+* rustdesk
+* sanoid
+* tailscale
+* unbound
+* zfs
+
+## Docker Services
+
+Most applications hosted on teal run in Docker containers.  For details of the Docker configuration of hosted applications, see the Git repository at [https://gitea.objectbrokers.com/cjones/containers.git](https://)
+
+Bound data volumes for Docker-hosted applications are generally found in the ZFS pool in subdirectories of /mnt/storage/appdata.
+
+* [Bookstack](../../services/bookstack/readme.md)
+* [Gitea](../../services/gitea/readme.md)
+* [Immich](../../services/immich/readme.md)
+* [Jellyfin](../../services/jellyfin/readme.md)
+* [JRiver Media Center](../../services/mc/readme.md)
+* [Nextcloud](../../services/nextcloud/readme.md)
+* [Portainer](../../services/portainer/readme.md)
+* [Vaultwarden](../../services/vaultwarden/readme.md)

devices/teal/config/etc/restic/_global.env.sh

@@ -0,0 +1,37 @@
+# shellcheck shell=sh
+
+# Global environment variables
+# These variables are sourced FIRST, and any values inside of *.env.sh files for
+# specific configurations will override if also defined there.
+
+
+# Official instructions on how to setup the restic variables for Backblaze B2 can be found at
+# https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#backblaze-b2
+
+
+# The restic repository encryption key
+export RESTIC_PASSWORD_FILE="/etc/restic/pw.txt"
+# The global restic exclude file
+export RESTIC_BACKUP_EXCLUDE_FILE="/etc/restic/backup_exclude.txt"
+
+# Backblaze B2 credentials keyID & applicationKey pair.
+# Restic environment variables are documented at https://restic.readthedocs.io/en/latest/040_backup.html#environment-variables
+export B2_ACCOUNT_ID="<b2-key-id>"   # *EDIT* fill with your keyID
+export B2_ACCOUNT_KEY="<b2-application-key>" # *EDIT* fill with your applicationKey
+
+# How many network connections to set up to B2. Default is 5.
+export B2_CONNECTIONS=10
+
+# Optional extra space-separated args to restic-backup.
+# This is empty here and profiles can override this after sourcing this file.
+export RESTIC_BACKUP_EXTRA_ARGS=
+
+# Verbosity level from 0-3. 0 means no --verbose.
+# Override this value in a profile if needed.
+export RESTIC_VERBOSITY_LEVEL=0
+
+# (optional, uncomment to enable) Backup summary stats log: snapshot size, etc. (empty/unset won't log)
+#export RESTIC_BACKUP_STATS_DIR="/var/log/restic-automatic-backup-scheduler"
+
+# (optional) Desktop notifications. See README and restic_backup.sh for details on how to set this up (empty/unset means disabled)
+export RESTIC_BACKUP_NOTIFICATION_FILE=

devices/teal/config/etc/restic/backup_exclude.txt

@@ -0,0 +1,10 @@
+/.snapshots/
+/opt
+/root/.cache/
+/usr/share/**/*.html
+/usr/share/help/
+/usr/share/licenses/
+/usr/share/man/
+/usr/src/
+/var/cache/
+/var/log/

devices/teal/config/etc/restic/default.env.sh

@@ -0,0 +1,45 @@
+# shellcheck shell=sh
+
+# This is the default profile. Fill it with your desired configuration.
+# Additionally, you can create and use more profiles by copying this file.
+
+# This file (and other .env.sh files) has two purposes:
+# - being sourced by systemd timers to setup the backup before running restic_backup.sh
+# - being sourced in a user's shell to work directly with restic commands e.g.
+#  $ source /etc/restic/default.env.sh
+#  $ restic snapshots
+#  Thus you don't have to provide all the arguments like
+#  $ restic --repo ... --password-file ...
+
+# shellcheck source=etc/restic/_global.env.sh
+. "/etc/restic/_global.env.sh"
+
+# Envvars below will override those in _global.env.sh if present.
+
+export RESTIC_REPOSITORY="sftp:sftpuser@Cygnus:/Backup/restic/teal"   # *EDIT* fill with your repo name
+
+# What to backup. Colon-separated paths e.g. to different mountpoints "/home:/mnt/usb_disk".
+# To backup only your home directory, set "/home/your-user"
+export RESTIC_BACKUP_PATHS="/etc:/root:/home:/srv/restic:/mnt/storage/appdata"  # *EDIT* fill conveniently with one or multiple paths
+
+
+# Example below of how to dynamically add a path that is mounted e.g. external USB disk.
+# restic does not fail if a specified path is not mounted, but it's nicer to only add if they are available.
+#test -d /mnt/media && RESTIC_BACKUP_PATHS+=" /mnt/media"
+
+# A tag to identify backup snapshots.
+export RESTIC_BACKUP_TAG=systemd.timer
+
+# Retention policy - How many backups to keep.
+# See https://restic.readthedocs.io/en/stable/060_forget.html?highlight=month#removing-snapshots-according-to-a-policy
+export RESTIC_RETENTION_HOURS=1
+export RESTIC_RETENTION_DAYS=14
+export RESTIC_RETENTION_WEEKS=16
+export RESTIC_RETENTION_MONTHS=18
+export RESTIC_RETENTION_YEARS=3
+
+# Optional extra space-separated arguments to restic-backup.
+# Example: Add two additional exclude files to the global one in RESTIC_PASSWORD_FILE.
+#RESTIC_BACKUP_EXTRA_ARGS="--exclude-file /path/to/extra/exclude/file/a --exclude-file /path/to/extra/exclude/file/b"
+# Example: exclude all directories that have a .git/ directory inside it.
+#RESTIC_BACKUP_EXTRA_ARGS="--exclude-if-present .git"

devices/teal/config/etc/restic/pw.txt

@@ -0,0 +1 @@
+LambDuck1977

services/bookstack/readme.md

@@ -0,0 +1 @@
+Bookstack provides a self-hosted wiki.  For general information on Bookstack, see [bookstackapp.com](https://www.bookstackapp.com/)

services/caddy/readme.md

@@ -0,0 +1,9 @@
+caddy is a reverse proxy server providing secure access to https-based applications on teal.  Configuration
+
+of the reverse proxy is found in the file /etc/caddy/Caddyfile.
+
+For general information on caddy see [caddy reverse proxy quick start](https://caddyserver.com/docs/quick-starts/reverse-proxy).
+
+```
+
+```

services/gitea/readme.md

@@ -0,0 +1 @@
+Gitea is the Git source control server for the network.  For general information on Gitea, see [Gitea Official Website](https://about.gitea.com/)

services/immich/readme.md

@@ -0,0 +1 @@
+Immich is a photo backup solution.  For general information on Immich, see [Immich.app](https://immich.app//)

services/jellyfin/readme.md

@@ -0,0 +1 @@
+Jellyfin is the home network's media server.  For general information on Jellyfin, see [jellyfin.org](https://jellyfin.org/)

services/mc/readme.md

@@ -0,0 +1 @@
+mc provides a Docker-hosted implementation of the JRiver Media Center application.

services/nextcloud/readme.md

@@ -0,0 +1,4 @@
+Nextcloud provides file sharing, calendaring, contact management, and other services (depending on the Nextcloud apps installed and enabled).
+
+See https://nextcloud.com/ for general information on Nextcloud.
+

services/nextcloud/upgrading.md

@@ -0,0 +1,16 @@
+Steps to upgrade Nextcloud from one version to another.
+
+1.  Put the Nextcloud instance into maintenance mode
+    docker exec --user www-data nextcloud-app-1 php occ maintenance:mode --on
+
+    Note that 'docker exec' is used to run commands within the Nextcloud docker container; and '--user www-data' is used to run as the user that owns all of the Nextcloud files.
+
+2.  Back up the Nextcloud container's files to a location outside the container's mounted volume.  'rsync' is recommended:
+
+    rsync -Aavx /mnt/storage/appdata/nextcloud/www/ <backup-target-dir>/
+
+    rsync should be run as root.  rsync with these options should preserve file ownership & permissions
+
+3.  Back up MariaDB database:
+
+        docker exec nextcloud-db-container-name mysqldump --single-transaction -h localhost -u nextcloud_user -pnextcloud_password nextcloud_db_name > nextcloud-sqlbkp_$(date +"%Y%m%d").bak

services/portainer/readme.md

@@ -0,0 +1 @@
+Portainer is a web-based management application for Docker containers.  For general information on Portainer, see [Portainer](https://www.portainer.io/)

services/readme.md

@@ -0,0 +1,2 @@
+This directory documents the services provided by various devices on the network.  There is one subdirectory per service provided.
+

services/restic-backup/readme.md

@@ -0,0 +1,3 @@
+restic-backup is a systemd service to invoke restic to back up selected directories on teal to cygnus (our Synology NAS).  It is based on [restic-automic-backup-scheduler](https://github.com/erikw/restic-automatic-backup-scheduler).
+
+The systemd unit invokes the script /bin/restic_backup.sh.  The specifics of the backup source and target are defined in scripts at /etc/restic.

services/rustdesk/readme.md

@@ -0,0 +1 @@
+systemd service to enable RustDesk for remote access to teal's Gnome desktop.  Installed with the RustDesk package; configuration (if any) is done through the RustDesk UI.

services/sanoid/readme.md

@@ -0,0 +1,3 @@
+Sanoid is a policy-driven snapshot management tool for ZFS filesystems.  It is configured using the TOML file at /etc/sanoid/sanoid.conf.
+
+The sanoid service is currently configured to manage snapshots for the ZFS filesystem at /mnt/storage.

services/tailscale/readme.md

@@ -0,0 +1,3 @@
+The tailscaled service runs the Tailscale Node Agent, which enables the Tailscale VPN.
+
+Configuration of Tailscale is done either through the Tailscale Admin Console or the Tailscale CLI.