Schlagwort: rpi

Kategorien
Blog Software

Nextcloud Memories

Nextcloud Memories is an excellent alternative to Google Photos. It is hosted on your own cloud, where you really own your data.

You can cover the following use cases:

  • Store the pictures in your own cloud
  • Upload new pictures automatically from your mobile phone into your Nextcloud
  • Create Albums
  • Share photos with users or the public
  • Embed Photos or Albums in your blog
  • Edit Photos on the mobile or Server via ImageMagick
Nextcloud Memories

Also, be aware that Google is using the content of your photos to target you with specific advertisements based on that content.

Just make sure that you have all the prerequisites for Memories installed.

If you are running your Nextcloud Memories on a small server, make sure to adapt some settings for creating smaller preview images, best already before you watch them.

Make sure also that the cron job for creating the preview images is running.

The PHP Imagick extension can be installed based on https://cyberpanel.net/blog/how-to-install-imagick-php-on-linux

If you are running multiple PHP versions on your server, make sure that you are installing the package for the PHP version you are running Nextcloud, and also that you are enabling the PHP module for the correct version via 

phpenmod -v 8.3 imagick
Kategorien
Software

Installing RPis with MQTT in Home Assistant

To add RPis to the Home Assistant, we are installing on each RPi a Python script as a daemon that sends data via MQTT messages to the MQTT Broker installed on the Home Assistant.

Unfortunately, if your Home Assistant is also running on an RPi but based on HAOSS, you can not use that approach. Later more to that.

First, install the MQTT Integration on the Home Assistant.

Adding RPis to the Home Assistant

Just make sure that the automatic detection of MQTT devices is still enabled.

Then go to System / Add-Ons / Mosquitto Broker. Make sure it’s started while booting.

Under Configuration, add a username and a password. The YAML Code looks like this:

logins:
  - username: username
    password: password
require_certificate: false
certfile: fullchain.pem
keyfile: privkey.pem
customize:
  active: false
  folder: mosquitto

Now, let’s go to the RPi that we want to control. We need to install the script there. This includes the daemon that sends the MQTT messages to the Home Assistant.

Perform all the steps mentioned in https://github.com/ironsheep/RPi-Reporter-MQTT2HA-Daemon/blob/master/README.md

In the config.ini file, configure at least the following parameters:

hostname = 192.xx.yyy.zz
sensor_name = rpi-5
username = MQTT-UserName
password = MQTT-Password

Ironsheep did a great job. Thank you very much!

As soon as everything is set up and you see the data in your Home Assistant, you can also use the custom card that ironsheep compiled.

https://github.com/ironsheep/lovelace-rpi-monitor-card

Further options can be configured based on https://thesmarthomejourney.com/2021/11/15/monitoring-raspberry-pi-with-ha/

Also very nice are the mini graph cards, checkout https://github.com/kalkih/mini-graph-card

If you have your Home Assistant running on an RPi you can setup Monitoring via that approach https://www.youtube.com/watch?v=WcmxI06TAuI&t=1696s

Kategorien
Software

Self-hosted Bitwarden Password Manager

Another RPi application is a self-hosted Bitwarden Password Manager.

The advantages of that solution are:

  • You own your data, as it’s not in the cloud
  • Reduced risk that your passwords get stolen
  • Passwords are synced over all your devices

What you need is:

  • RPi
  • Docker installed
  • NPM Nginx Proxy Manager
  • Subdomain configured

I installed it based on the following setup guide: https://pimylifeup.com/raspberry-pi-bitwarden

Self-hosted Bitwarden Password Manager

Just make sure that you configure the container with the correct ports without the IP Address, like 

sudo docker run -d --name bitwarden \
    --restart=always \
    -v /bw-data/:/data/ \
    -p 8080:80 \
    -p 3012:3012 \
    vaultwarden/server:latest

You need a domain configured at your DNS provider with a CNAME entry like 

bitwarden.example.de

If you are using a Dynamic DNS Provider, route the traffic there.

It is also necessary to have SSL terminated, in this case, at the NPM Proxy Manager.

Configure the Proxy Host with the following parameter:

Details
IP: The IP Address of your server, e.g. 192.168.178.34
Forward Port: 8080
Block Common Exploits
Websockets Support

SSL
Force SSL
HTTP/2 Support
HSTS Enabled
HSTS Subdomains

Advanced
 location /admin {
  return 404;
  }

  location / {
    proxy_pass http://YOURIP:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  
  location /notifications/hub {
    proxy_pass http://YOURIP:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  
  location /notifications/hub/negotiate {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://YOURIP:8080;
  }

Refer also to https://vaultwarden.discourse.group/t/vaultwarden-and-nginx-proxy-manager/1307/17

Actually, we have installed vaultwarden now.

Now you should be able to set up a user and a vault.

Also consider setting up a backup solution, just take a look at

https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#examples and https://dizzytech.de/posts/backing_up_vaultwarden/

I’m using bruceforce with the following command:

docker run -d --restart=always --name vaultwarden-backup --volumes-from=bitwarden -e BACKUP_DIR=/myBackup -e TIMESTAMP=true -e DELETE_AFTER=30 -e TZ=CEST -v /bw-data/myBackup:/myBackup bruceforce/vaultwarden-backup

You should also accompany this with backing up the files on at least two different physical devices, either via rsync or FTP or rclone, best running via a cron job.

Restore

There is no automated restore process to prevent accidental data loss. So if you need to restore a backup, you need to do this manually by following the steps below (assuming your backups are located at ./backup/ and your vaultwarden data is located at /var/lib/docker/volumes/vaultwarden/_data/)

# Delete any existing sqlite3 files
rm /var/lib/docker/volumes/vaultwarden/_data/db.sqlite3*

# Extract the archive
# You may need to install xz first
tar -xJvf ./backup/data.tar.xz -C /var/lib/docker/volumes/vaultwarden/_data/
Kategorien
Software

WireGuard VPN

Wow, how easy is it to set up a WireGuard VPN with the Raspberry Pi!

I can now cover the following use cases:

  1. Access all the devices of my local network (router, RPis, drives, etc.) from abroad
  2. Access German streaming services like ARD, ZDF, … from abroad

Getting there was not so easy. First, I had the idea of using the FritzBox’s VPN. But it turned out that the FritzBox only supports IPSec, and Android bigger than V11 does not support that. So, I decided to go for another solution.

I also had an RPi4 lying around after I had upgraded my website to the RPi5.

So I installed the Raspberry PI OS (64-BIT) on the RPi4.

State-of-the-art installations are based on docker.

So, I was installing docker and docker-compose.

Everything is based on https://pimylifeup.com/wireguard-docker/
(Many thanks!)

WireGuard VPN
WireGuard

Setting up the clients was also super easy.

On the mobile, I did it with a QR scan; on the laptop, I was exporting the config.

The advantages of this docker container/image are:

  • Managing the Clients via a GUI including QR Code
  • Gateway configured for accessing the Internet via your router

Kategorien
Blog Software

Mail for the WordPress Docker setup

After setting up the docker containers for WordPress and the NGINX Proxy Manager I still had one open issue: Sending mail was not possible. So I was looking for a solution to set up mail for the WordPress Docker setup.

I had the following options in mind:

  1. Setting up a separate docker container with an e-mail server. More or less I just needed a so-called Smarthost, that takes sent-out e-mails from any docker container and forwards them to my e-mail provider, Gmail. I struggled to find a proper, small image of a mail server running on an RPi for a long time. Then open the ports of the WordPress containers and send the e-mail from the WordPress containers to the container with the Smarthost Mail server. Nevertheless, you must install any kind of mailer within the container to handle the mail() call coming from WordPress.
  2. Set up an email server on the host (I used exim4) and let all Docker containers send their e-mails to the host, which will then be forwarded to the real e-mail provider by exim4. Still, you must install any kind of mailer within the container to handle the mail() call coming from WordPress. There were the following sub steps necessary:
  3. Setting up a WordPress Plugin, connecting via SMTP to the e-mail provider.

The variants 1 & 2 generated so many problems during the setup, that I finally decided to go with variant . This was set up in 30 minutes only!

For this SMTP service, I’m using the plugin WP Mail SMTP.