services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

chatreesept deployed

Browse Source
This commit is contained in:
Reese Wells
2024-11-11 16:02:58 -05:00
parent 8f1af975e6
commit 664b12060c
14 changed files with 637 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -2,4 +2,5 @@ secrets/
venv/
tmp/
.vscode/
Unsorted/
Unsorted/
volumes/

49
hardware/graduated/home-assistant/README.md
View File

@@ -2,20 +2,23 @@
- [Home Assistant](#home-assistant)
- [Setup and Configuration](#setup-and-configuration)
- [Door Lock](#door-lock)
- [Schlage Door Lock](#schlage-door-lock)
- [Philips Hue Lights](#philips-hue-lights)
- [Shelly](#shelly)
- [Relative Humidity Calculator](#relative-humidity-calculator)
- [Font Colors](#font-colors)
- [Light Indicator for Voice Assistant](#light-indicator-for-voice-assistant)
## Setup and Configuration
### Door Lock
### Schlage Door Lock
1. Install Z-wave
2. Install z-wave JS module
3. Add device -> How do you want to add your device -> Legacy Secure
4. Enter programming pin on lock -> 0
4. Disconnect and Reconnect the battery on the lock
5. Press and hold the zwave button until the light turns solid red, release and it should flash red
1. (OR) Enter programming pin on lock -> 0 (this may take a few attempts, don't click the pair button)
### Philips Hue Lights
@@ -67,4 +70,44 @@ You can calculate the relative humidity of the outdoor air if warmed to indoor t
<font color = {{ "green" if state_attr("climate.ecobee_thermostat", "current_humidity") > low_humidity and state_attr("climate.ecobee_thermostat", "current_humidity") < high_humidity else "red" }}>
HVAC Humidity: {{ state_attr("climate.ecobee_thermostat", "current_humidity") }}%
</font>
```
### Light Indicator for Voice Assistant
```yaml
alias: Flash Lights on Bedroom Voice Assistant Start
description: ""
triggers:
- type: turned_on
device_id: d50fa1ae499e88bf37225c7e82ed189b
entity_id: 7ab2896ca3a55efd2e0ee9bba91fdf68
domain: binary_sensor
metadata:
secondary: false
trigger: device
conditions: []
actions:
- action: scene.create
metadata: {}
data:
scene_id: bedroombeforescene
snapshot_entities:
- light.main_bedroom_lamps
- action: light.turn_on
metadata: {}
data:
transition: 0.25
brightness_step_pct: 5
target:
entity_id: light.main_bedroom_lamps
- delay:
hours: 0
minutes: 0
seconds: 0
milliseconds: 250
- action: scene.turn_on
data:
entity_id: scene.bedroombeforescene
transition: 0.25
mode: single
```

15
infrastructure/graduated/arch/README.md
View File

@@ -54,6 +54,7 @@ instructions for building a:
- [EUI64](#eui64)
- [Networking Privacy](#networking-privacy)
- [Mac Address Randomization](#mac-address-randomization)
- [VLAN Setup](#vlan-setup)
- [Date and Time](#date-and-time)
## Installation
@@ -987,6 +988,20 @@ ethernet.cloned-mac-address=random
wifi.cloned-mac-address=stable
```
### VLAN Setup
```bash
# Create
sudo nmcli con add type VLAN con-name enp195s0f3u1u3.4 dev enp195s0f3u1u3 id 4
# Bring up (optional)
sudo nmcli connection up enp195s0f3u1u3.2
# Delete
sudo nmcli connection down enp11s0.1
sudo nmcli connection del enp11s0.1
```
## Date and Time
If you're like me and like 24 hour time use `C.UTF-8`:

71
infrastructure/graduated/arch/workstation.md
View File

@@ -40,6 +40,7 @@
- [Cura](#cura)
- [Creality Print](#creality-print)
- [Bambu Studio](#bambu-studio)
- [Firewall Rules for LAN Printer](#firewall-rules-for-lan-printer)
- [Adding LAN printer via config](#adding-lan-printer-via-config)
- [Custom Filament Profiles](#custom-filament-profiles)
- [Orca Slicer](#orca-slicer)
@@ -56,6 +57,10 @@
- [Email](#email)
- [Traffic Usage](#traffic-usage)
- [Wine](#wine)
- [KDE Connect (GSConnect)](#kde-connect-gsconnect)
- [Python](#python)
- [Pyenv](#pyenv)
- [Poetry](#poetry)
## Pacman Packages
@@ -299,6 +304,7 @@ Choose noto-fonts
2. <Vitals@CoreCoding.com>
3. <dash-to-dock@micxgx.gmail.com>
4. <tactile@lundal.io>
5. GSConnect
## Avahi (Bonjour)
@@ -679,6 +685,15 @@ Install with flatpak.
flatpak install com.bambulab.BambuStudio
```
### Firewall Rules for LAN Printer
For local LAN discovery allow 2021/udp
```bash
sudo ufw allow 2021/udp
sudo ufw reload
```
### Adding LAN printer via config
The config is located at `~/.var/app/com.bambulab.BambuStudio/config/BambuStudio/BambuStudio.conf`
@@ -892,4 +907,58 @@ nethogs
pacman -S wine
```
You can adjust the dpi scaling for wine with `winecfg`.
You can adjust the dpi scaling for wine with `winecfg`.
## KDE Connect (GSConnect)
Install the GSConnect extension for Gnome.
Open the firewall for connecting devices <https://userbase.kde.org/KDEConnect#Troubleshooting>
```bash
sudo ufw allow 1714:1764/udp
sudo ufw allow 1714:1764/tcp
sudo ufw reload
```
## Python
### Pyenv
<https://github.com/pyenv/pyenv?tab=readme-ov-file#installation>
```bash
curl https://pyenv.run | bash
```
Add to `~/.zshrc`:
```bash
export PYENV_ROOT="$HOME/.pyenv"
[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init -)"
```
Install and use a Python version:
```bash
pyenv install 3.13
pyenv global 3.13
```
### Poetry
<https://python-poetry.org/docs/>
```bash
python -m pip install --user pipx
python -m pipx ensurepath
pipx install poetry
```
Create a new project in the current directory
```bash
poetry new .
```

47
infrastructure/graduated/fedora/README.md
View File

@@ -7,7 +7,10 @@
- [Fail2Ban](#fail2ban)
- [Automatic Updates](#automatic-updates)
- [Disable Swap](#disable-swap)
- [Selinux](#selinux)
- [Firewalld](#firewalld)
- [Extras](#extras)
- [Downgrading Kernel](#downgrading-kernel)
<https://docs.fedoraproject.org/en-US/fedora-server/installation/postinstallation-tasks/#_manage_system_updates>
@@ -122,6 +125,8 @@ dnf install dnf-automatic -y
systemctl enable --now dnf-automatic-install.timer
```
Edit the configuration to only do security updates.
## Disable Swap
```bash
@@ -130,6 +135,37 @@ zramctl --reset /dev/zram0
dnf -y remove zram-generator-defaults
```
## Selinux
By default selinux will be enforcing. You can set it to permissive with
```bash
setenforce 0
```
And then make it permanent by editing `/etc/selinux/config` and inserting `SELINUX=permissive`.
## Firewalld
Set the default firewalld zone to `public`
```bash
firewall-cmd --set-default-zone=public
```
Firewalld will be on and blocking by default. You can check the zone and allowed ports with:
```bash
firewall-cmd --zone=public --list-ports
```
Allow Cockpit with
```
firewall-cmd --permanent --zone=public --add-port=9090/tcp
firewall-cmd --reload
```
## Extras
On the server:
@@ -165,3 +201,14 @@ EOF
chsh -s $(which zsh) && chsh -s $(which zsh) ducoterra
```
## Downgrading Kernel
```bash
dnf install koji
# Note: format is kernel-version.fedora-version
cd $(mktemp -d) && koji download-build --arch=x86_64 --arch=noarch kernel-6.11.3-300.fc41 && dnf install ./*
reboot
```

4
infrastructure/graduated/truenas/README.md
View File

@@ -378,8 +378,8 @@ zpool status -v
```bash
virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" list
virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" destroy <vm_id>
virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" start <vm_id>
virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" resume <vm_name>
virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" start <vm_i>
```
## Mounting ZVOLS

215
podman/incubating/localai/README.md
View File

@@ -4,48 +4,10 @@
<https://localai.io/>
## Run locally
```bash
podman network create localai
mkdir -p ./volumes/local-ai/local-ai
mkdir -p ./volumes/local-ai/anythingllm
# Local AI
podman run \
-d \
-p 127.0.0.1:8080:8080 \
--network localai \
--name local-ai \
-v ./volumes/local-ai/local-ai:/build/models \
quay.io/go-skynet/local-ai:latest-cpu
# Anything LLM Interface
podman run -d \
-p 127.0.0.1:3001:3001 \
--cap-add SYS_ADMIN \
--network localai \
--name anything-llm \
-v ./volumes/local-ai/anythingllm:/app/server/storage \
-e STORAGE_DIR="/app/server/storage" \
docker.io/mintplexlabs/anythingllm
```
## Run in Production
## Running with Podman
This installs both Local AI and Anything LLM as backend/frontend services.
Note:
You'll need folders for the models and anything-llm storage.
```bash
mkdir /models
mkdir /anything-llm
chown 1000:1000 /anything-llm
```
```bash
podman network create localai
@@ -59,18 +21,68 @@ podman run \
quay.io/go-skynet/local-ai:latest-cpu
# Anything LLM Interface
podman run -d \
export STORAGE_LOCATION=/anything-llm && \
mkdir -p $STORAGE_LOCATION && \
touch "$STORAGE_LOCATION/.env" && \
chown -R 1000:1000 $STORAGE_LOCATION && \
podman run \
-d \
-p 127.0.0.1:3001:3001 \
--cap-add SYS_ADMIN \
--network localai \
--name anything-llm \
-v /anythingllm:/app/server/storage \
--network localai \
--cap-add SYS_ADMIN \
-v ${STORAGE_LOCATION}:/app/server/storage \
-v ${STORAGE_LOCATION}/.env:/app/server/.env \
-e STORAGE_DIR="/app/server/storage" \
docker.io/mintplexlabs/anythingllm
mintplexlabs/anythingllm
```
### Quadlets with Podlet
```bash
podman run ghcr.io/containers/podlet --install --description "Local AI Network" \
podman network create localai
podman run ghcr.io/containers/podlet --install --description "Local AI" \
podman run \
-d \
-p 127.0.0.1:8080:8080 \
--network localai \
--name local-ai \
-v /models:/build/models \
quay.io/go-skynet/local-ai:latest-cpu
export STORAGE_LOCATION=/anything-llm && \
podman run ghcr.io/containers/podlet --install --description "Anything LLM" \
podman run \
-d \
-p 127.0.0.1:3001:3001 \
--name anything-llm \
--network localai \
--cap-add SYS_ADMIN \
-v ${STORAGE_LOCATION}:/app/server/storage \
-v ${STORAGE_LOCATION}/.env:/app/server/.env \
-e STORAGE_DIR="/app/server/storage" \
mintplexlabs/anythingllm
```
Make sure to add
```conf
[Service]
Restart=always
```
To the service to have them autostart.
Put the generated files in `/usr/share/containers/systemd/`.
## Models
Example configs can be found here:
<https://github.com/mudler/LocalAI/tree/9099d0c77e9e52f4a63c53aa546cc47f1e0cfdb1/gallery>
### Config
```yaml
@@ -90,12 +102,125 @@ llama-3.2-3b-instruct:q8_0
### Code
llama3.2-3b-enigma
<https://huggingface.co/bartowski/Codestral-22B-v0.1-GGUF/tree/main>
### Agent
llama-3.2-3b-instruct:q8_0
## Podman systemd service
See [generating AWS credentials](cloud/graduated/aws_iam/README.md)
```bash
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install
# Configure default credentials
aws configure
```
Open http/s in firewalld:
```bash
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
```
Here are the detailed instructions for installing and setting up Nginx on Fedora Linux with Certbot
using the Route53 DNS challenge to put in front of a service called "Anything LLM" running on port
3001 with WebSockets. The domain will be chatreesept.reeseapps.com.
1. Install Nginx:
```
dnf install -y nginx
```
2. Start and enable Nginx service:
```
systemctl enable --now nginx
```
3. Install Certbot and the Route53 DNS plugin:
```
dnf install -y certbot python3-certbot-dns-route53
```
4. Request a certificate for your domain using the Route53 DNS challenge:
```
certbot certonly --dns-route53 -d chatreesept.reeseapps.com
```
Follow the prompts to provide your Route53 credentials and email address.
5. Configure Nginx for your domain: Create a new Nginx configuration file for your domain:
```
vim /etc/nginx/conf.d/chatreesept.reeseapps.com.conf
```
Add the following configuration to the file:
```
keepalive_timeout 1h;
send_timeout 1h;
client_body_timeout 1h;
client_header_timeout 1h;
proxy_connect_timeout 1h;
proxy_read_timeout 1h;
proxy_send_timeout 1h;
server {
listen 80;
server_name chatreesept.reeseapps.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name chatreesept.reeseapps.com;
ssl_certificate /etc/letsencrypt/live/chatreesept.reeseapps.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chatreesept.reeseapps.com/privkey.pem;
location / {
client_max_body_size 50m;
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
```
6. Test your Nginx configuration for syntax errors:
```
nginx -t
```
If there are no errors, reload Nginx to apply the changes:
```
systemctl reload nginx
```
7. Set up automatic certificate renewal: Add the following line to your crontab to renew the
certificate daily:
```
sudo crontab -e
```
Add the following line to the end of the file:
```
0 0 * * * certbot renew --quiet --no-self-upgrade --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
```
Now, your "Anything LLM" service running on port 3001 with WebSockets is accessible through the
domain chatreesept.reeseapps.com with a valid SSL certificate from Let's Encrypt. The certificate
will be automatically renewed daily.
## Nginx
```bash

32
podman/incubating/localai/chatreesept.reeseapps.com
View File

@@ -1,32 +0,0 @@
server {
listen 127.0.0.1:8443 ssl;
server_name chatreesept.reeseapps.com;
ssl_certificate /etc/letsencrypt/live/chatreesept.reeseapps.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chatreesept.reeseapps.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location ~* ^/api/agent-invocation/(.*) {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
client_max_body_size 50m;
# Prevent timeouts on long-running requests.
proxy_connect_timeout 605;
proxy_send_timeout 605;
proxy_read_timeout 605;
send_timeout 605;
keepalive_timeout 605;
# Enable readable HTTP Streaming for LLM streamed responses
proxy_buffering off;
proxy_cache off;
proxy_pass http://localhost:3001;
}
}

12
systemd/graduated/ipv4-proxy/vars.yaml
View File

@@ -29,6 +29,18 @@ stream_ssl:
domain: ingress-nginx.reeseapps.com
port: 443
protocol: https
- external:
domain: reesimulate.reeseapps.com
internal:
domain: reesimulate.reeseapps.com
port: 443
protocol: https
- external:
domain: chatreesept.reeseapps.com
internal:
domain: localai.reeselink.com
port: 443
protocol: https
stream_ports:
- external: 2222

87
systemd/incubating/snapcast/README.md Normal file
View File

@@ -0,0 +1,87 @@
# Snapcast with MPD
## Install
## Setup
### MPD
```bash
sudo apt install --no-install-recommends mpd
```
/etc/mpd.conf
```conf
music_directory "/var/lib/mpd/music"
playlist_directory "/var/lib/mpd/playlists"
db_file "/var/lib/mpd/tag_cache"
log_file "/var/log/mpd/mpd.log"
pid_file "/run/mpd/pid"
state_file "/var/lib/mpd/state"
sticker_file "/var/lib/mpd/sticker.sql"
user "mpd"
bind_to_address "0.0.0.0"
input {
plugin "curl"
}
decoder {
plugin "hybrid_dsd"
enabled "no"
}
audio_output {
type "fifo"
name "Snapcast"
path "/tmp/mpdfifo"
format "48000:16:2"
mixer_type "software"
}
filesystem_charset "UTF-8"
```
### Snapserver
<https://github.com/badaix/snapcast>
/etc/snapserver.conf
```conf
[server]
[http]
enabled = true
bind_to_address = 0.0.0.0
port = 1780
doc_root = /usr/share/snapserver/snapweb
[tcp]
enabled = true
bind_to_address = 0.0.0.0
port = 1705
[stream]
stream = pipe:///tmp/mpdfifo?name=MPD
[logging]
```
### Snapclient
<https://github.com/badaix/snapcast>
/etc/default/snapclient
```bash
sudo -u snapclient /usr/bin/snapclient -l
sudo vim /etc/default/snapclient
```
```conf
SNAPCLIENT_OPTS="-s plughw:CARD=Speaker,DEV=0 -h 10.1.134.41"
```

12
systemd/incubating/stablediffusion/README.md
View File

@@ -51,4 +51,14 @@ pip install -r requirements.txt
- In the UI, click "flux"
- First generation is really really really really slow
<https://stable-diffusion-art.com/flux-forge/>
<https://stable-diffusion-art.com/flux-forge/>
## Nginx
```bash
htpasswd -c /etc/nginx/.htpasswd yourusername
sudo useradd -m -s /bin/bash nginx
sudo certbot --nginx -d reesimulate.reeseapps.com
```

26
systemd/incubating/stablediffusion/nginx.conf Normal file
View File

@@ -0,0 +1,26 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

27
systemd/incubating/stablediffusion/reesimulate.reeseapps.com Normal file
View File

@@ -0,0 +1,27 @@
server {
listen [::]:80;
server_name reesimulate.reeseapps.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen [::]:443 ssl;
server_name reesimulate.reeseapps.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:7860;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

122
systemd/incubating/wyoming/README.md Normal file
View File

@@ -0,0 +1,122 @@
# Wyoming Satellite
## Install
<https://github.com/rhasspy/wyoming-satellite/blob/master/docs/tutorial_2mic.md>
```bash
sudo apt update && sudo apt upgrade -y
sudo apt install --no-install-recommends \
git \
python3-venv \
vim \
tmux
sudo reboot
git clone https://github.com/rhasspy/wyoming-satellite.git
cd wyoming-satellite/
python3 -m venv .venv
.venv/bin/pip3 install --upgrade pip
.venv/bin/pip3 install --upgrade wheel setuptools
.venv/bin/pip3 install \
-f 'https://synesthesiam.github.io/prebuilt-apps/' \
-r requirements.txt \
-r requirements_audio_enhancement.txt \
-r requirements_vad.txt
# Find microphone
arecord -L | grep plughw -A 2
# Create a test recording
arecord -D plughw:CARD=JV801,DEV=0 -r 16000 -c 1 -f S16_LE -t wav -d 5 test.wav
# Find speaker
aplay -L | grep plughw -A 2
# Play test recording
aplay -D plughw:CARD=JV801,DEV=0 test.wav
# Bedroom
script/run \
--debug \
--name 'Bedroom Satellite' \
--uri 'tcp://0.0.0.0:10700' \
--mic-command 'arecord -D plughw:CARD=Speaker,DEV=0 -r 16000 -c 1 -f S16_LE -t raw' \
--snd-command 'aplay -D plughw:CARD=Speaker,DEV=0 -r 22050 -c 1 -f S16_LE -t raw'
# Living Room
script/run \
--debug \
--name 'Living Room Satellite' \
--uri 'tcp://0.0.0.0:10700' \
--mic-command 'arecord -D plughw:CARD=Speaker,DEV=0 -r 16000 -c 1 -f S16_LE -t raw' \
--snd-command 'aplay -D plughw:CARD=Speaker,DEV=0 -r 22050 -c 1 -f S16_LE -t raw'
```
## Systemd
### Create and Edit
```bash
sudo systemctl edit --force --full wyoming-satellite.service
sudo systemctl enable --now wyoming-satellite.service
sudo journalctl -u wyoming-satellite.service -f
```
### Bedroom
```conf
[Unit]
Description=Wyoming Satellite
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
ExecStart=/home/ducoterra/wyoming-satellite/script/run \
--name 'Bedroom Satellite' \
--uri 'tcp://0.0.0.0:10700' \
--mic-command 'arecord -D plughw:CARD=Speaker,DEV=0 -r 16000 -c 1 -f S16_LE -t raw' \
--snd-command 'aplay -D plughw:CARD=Speaker,DEV=0 -r 22050 -c 1 -f S16_LE -t raw'
WorkingDirectory=/home/ducoterra/wyoming-satellite
Restart=always
RestartSec=1
[Install]
WantedBy=default.target
```
### Living Room
```conf
[Unit]
Description=Wyoming Satellite
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
ExecStart=/home/ducoterra/wyoming-satellite/script/run \
--name 'Living Room Satellite' \
--uri 'tcp://0.0.0.0:10700' \
--mic-command 'arecord -D plughw:CARD=Speaker,DEV=0 -r 16000 -c 1 -f S16_LE -t raw' \
--snd-command 'aplay -D plughw:CARD=Speaker,DEV=0 -r 22050 -c 1 -f S16_LE -t raw'
WorkingDirectory=/home/ducoterra/wyoming-satellite
Restart=always
RestartSec=1
[Install]
WantedBy=default.target
```
## Volume
Run `alsamixer`.
## Community Wake Words
<https://github.com/fwartner/home-assistant-wakewords-collection?tab=readme-ov-file>
<https://github.com/fwartner/ha-openwakeword-installer>