Preface#
This is the third article on setting up home mini host services. The first article addressed device selection, the second article covered some essential needs, and this article will first address some overlooked essentials and some fun things.
It has been 11 days since the last article was published.
A reminder: Due to the habit of writing articles in Markdown, but not having researched WeChat formatting and anti-violation strategies well, if the content is incomplete or links do not display, it is recommended to click the original text to view the blog post.
Tinkering with soft routing can become unfortunate; I have already been unfortunate.
I don't know why setting the DHCP of ikuai and the original router to the same subnet, in conjunction with OP, results in being unable to access internal network services after waking up from a nap. I was frustrated for several days and then realized that I didn't need to reinstall; I just needed to connect to the management port and troubleshoot again.
Modify CT Template Download Source in PVE#
Refer to this article for modifications.
cp /usr/share/perl5/PVE/APLInfo.pm /usr/share/perl5/PVE/APLInfo.pm_back && sed -i 's|http://download.proxmox.com|https://mirrors.ustc.edu.cn/proxmox|g' /usr/share/perl5/PVE/APLInfo.pm && systemctl restart pvedaemon.service
This will change to a domestic source, and the speed will increase.
The Debian and enterprise subscription sources for PVE can be replaced with the following script, from this article.
wget https://www.geekxw.top/jiaoben/yuan.sh -O yuan.sh && chmod +x yuan.sh && ./yuan.sh
Manually Replace AdGuard Home Core in OpenWRT#
Visit the official address latest download address.
Download AdGuardHome_linux_amd64.tar.gz, place it in the executable file path, usually /usr/bin/AdGuardHome/AdGuardHome
.
Change its permissions to 755 via command line, then restart OpenWRT.
Even if it may still show core error, it can now log in and is functioning normally.
1Panel Third-Party Store#
There are many third-party applications.
git clone -b localApps https://github.com/okxlin/appstore /opt/1panel/resource/apps/local/appstore-localApps
cp -rf /opt/1panel/resource/apps/local/appstore-localApps/apps/* /opt/1panel/resource/apps/local/
rm -r /opt/1panel/resource/apps/local/appstore-localApps
Click to update the application list, and you will find that the application list has increased to over 280 applications.
DDNSTO Internal Network Mapping#
Some services need public access for emergencies or other reasons.
If only public access is needed, you can use the free service package from DDNSTO, which can map 5 IPs + ports in the local area network.
Unfortunately, no address can follow the slash, so for services like 1Panel that have enabled secure panel addresses, you can only manually piece together and bookmark the address. For other services, you don't need to remember specific domain names; just log in to the DDNSTO control panel to access.
I originally thought DDNSTO could achieve automatic renewal of the 7-day free package through a sign-in script, but it seems not possible?
You can also use ddns-go for dynamic mapping; just add third-party store in 1Panel to use it.
RSS Class#
To summarize, I:
- Use RSSHUB + rsspush to monitor GitHub project updates and trends of personal interest.
- Use READWISE for RSS/Newsletter type/epub eBook reading and annotations.
- Use AutoBangumi to monitor anime RSS changes and link with qBittorrent for automatic tracking (not frequently used).
RSSHUB#
RSSHub is an open-source, easy-to-use, and extensible RSS generator that can generate RSS feeds for any strange content. RSSHub is rapidly developing with the help of the open-source community and has adapted to thousands of contents from hundreds of websites.
RSSHUB is a major project by DIY God, and another major project, Xlog, is also the first release of this article. Interested friends can check it out; they are lively young people and also have strong experts. The main advantage is that the pages look good, and you don't have to set up your own server, with a good community atmosphere. If DIY God sees this, please send 0.5 yuan, thank you.
Previously, I set up a free pikapods following one of the methods in the RSSHUB official tutorial.
Unfortunately, the monthly free quota of pikapods is slightly less than the minimum configuration, or perhaps Serverless services are intentionally designed this way.
You can also set it up yourself or use the official version, just don't set the frequency too high.
I mainly use RSSHUB to monitor some special dynamics, such as updates to certain GitHub projects and new open-source trends, etc. You can check my gist.
Combined with Server 酱 by author easychen, a free open-source project rsspush can achieve push notifications.
After setting up rsspush, there are no options to push to other paths on the page, but you can find the following content in the GitHub README.
2022.09.04.09.28+ mirrors support pushing to web hooks. If Sendkey starts with http, it is recognized as a webhook.
I use the app Bark on iOS, and the official domain it comes with fully meets personal use, thus completing the custom content monitoring and timely push of rsshub + rsspush + bark.
You can also use apprise as introduced in the rsspush README, which can push to
Hundreds of channels, including Telegram, Discord, Slack, Amazon SNS, Gotify, etc.
apprise:raw -i html tgram://botid/chatid
READWISE#
For reading-related RSS, I have been steadily using the read readwise service for a long time.
You can apply for discounts for developing countries/students to achieve half price; after the discount, the monthly fee is $4.49, which is the highest monthly fee among my subscriptions, but I think it is worth it.
All RSS/Newsletter type/epub eBook reading is done through it, and with the official browser extension, you can easily cut content for annotation.
AutoBangumi Setup for Automatic Anime Tracking#
I haven't fully grasped this yet.
AutoBangumi is a fully automated anime tracking and downloading tool based on RSS. You only need to subscribe to anime on sites like Mikan Project, and it can automatically track the anime. The organized names and directories can be directly recognized by media library software like Plex and Jellyfin, without the need for secondary scraping.
Follow the official tutorial to obtain setup parameters.
Note not to directly start Docker in the command line; since neither the official nor third-party application stores in 1Panel have this application yet, we manually create it in the 1Panel container interface.
Be sure to select the network as 1panel-network; otherwise, using the host IP address will not connect.
Similarly, for all applications not installed from the store, if the network needs to communicate, it is best to manually add them to 1panel-network.
After creation, you can use both the internal network address and the host IP address; the internal network IP can be directly seen in the container interface.
Set Up Wooyun Vulnerability Database#
docker run --name wooyun -p 11415:80 --restart=always -dit v7hinc/wooyun /bin/bash
Set Up Jupyter Lab#
First, pull the image: docker pull jupyter/base-notebook
.
To ensure network communication, select deployment on the 1Panel page.
docker exec -it jupyternotebook /bin/bash -c 'jupyter server list'
This will print the token, which you can fill in to log in.
Some Knowledge Points During the Setup Process#
- Set the proxy address of the switch to the OpenWRT address/or directly fix the MAC in the global communication subnet; the latency is very high and basically unusable.
- In PVE 8.1, the command to allow SSH login for Debian 12 LXC CT template is:
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config && systemctl restart ssh
Change the timezone with dpkg-reconfigure tzdata
and select Asia, Shanghai.
To enable SSH login in CentOS 8 LXC CT template:
mv /etc/yum.repos.d/CentOS-* /tmp/ && \
cat <<EOF > /etc/yum.repos.d/CentOS-Vault.repo
[BaseOS]
name=CentOS-8 - Base
baseurl=https://vault.centos.org/8.5.2111/BaseOS/x86_64/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[AppStream]
name=CentOS-8 - AppStream
baseurl=https://vault.centos.org/8.5.2111/AppStream/x86_64/os/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
EOF
dnf clean all && \
dnf makecache && \
dnf install -y openssh-server firewalld && \
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config && \
dnf install -y firewalld && \
systemctl enable --now sshd firewalld
To enable SSH login in CentOS 9 LXC CT template:
dnf install -y openssh-server && sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config && systemctl restart sshd
And so another article is mixed together.