alvis/AgapHost
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

Move network config to Network page, add Pi-hole pipeline section

alvis
2026-03-08 07:03:29 +00:00
parent 081f3d782a
commit 2a3720a428
2 changed files with 55 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
Agap-Installation.md

@@ -17,48 +17,7 @@ Required mount points:
## 2. Network ## 2. Network
### Netplan (bridge) See [[Network]] for full setup: Netplan bridge, Caddy reverse proxy, Pi-hole DNS, and port forwarding requirements.
Edit `/etc/netplan/50-cloud-init.yaml`:
```yaml
network:
bridges:
br0:
interfaces: [enp4s0]
dhcp4: true
version: 2
```
```bash
sudo netplan apply
```
> MAC address changes after bridge setup — router may assign a new IP.
> Interface name (`enp4s0`) may differ after hardware changes — check with `ip link show`.
### Caddy (reverse proxy)
[Install Caddy](https://caddyserver.com/docs/install#debian-ubuntu-raspbian), then configure `/etc/caddy/Caddyfile`:
```
haos.alogins.net { reverse_proxy http://192.168.1.141:8123 }
vi.alogins.net { reverse_proxy localhost:2283 }
zb.alogins.net { reverse_proxy localhost:81 }
git.alogins.net { reverse_proxy localhost:3000 }
ai.alogins.net { reverse_proxy localhost:3125 }
ntfy.alogins.net { reverse_proxy localhost:8840 }
```
(See `/etc/caddy/Caddyfile` for full config including VPN and other services.)
```bash
sudo systemctl enable --now caddy
```
**Requirements:**
- Ports **80** and **443** forwarded on the router (source and target, remote IP empty)
- Port **10051** forwarded for Zabbix active agent connections
## 3. GPU & Docker ## 3. GPU & Docker

71
Network.md

@@ -1,40 +1,49 @@
# Network # Network
## Netplan ## Netplan (bridge)
Edit `/etc/netplan/*.yaml`: Edit `/etc/netplan/50-cloud-init.yaml`:
```yaml ```yaml
bridges: network:
br0: bridges:
interfaces: [enp3s0] br0:
interfaces: [enp4s0]
dhcp4: true
version: 2
``` ```
Apply:
```bash ```bash
sudo netplan apply sudo netplan apply
``` ```
> MAC address changes after bridge setup — router may assign a new IP. > MAC address changes after bridge setup — router may assign a new IP.
> Interface name (`enp3s0`) may change after hardware reconfiguration. > Interface name (`enp4s0`) may differ after hardware changes — check with `ip link show`.
## Caddy ## Caddy (reverse proxy)
[Install](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) | [Docs](https://caddyserver.com/docs/getting-started) [Install](https://caddyserver.com/docs/install#debian-ubuntu-raspbian) | [Docs](https://caddyserver.com/docs/getting-started)
Reload config: Config: `/etc/caddy/Caddyfile`
```bash ```
curl localhost:2019/load \ haos.alogins.net { reverse_proxy http://192.168.1.141:8123 }
-H "Content-Type: application/json" \ vi.alogins.net { reverse_proxy localhost:2283 }
-d @caddy.json zb.alogins.net { reverse_proxy localhost:81 }
git.alogins.net { reverse_proxy localhost:3000 }
ai.alogins.net { reverse_proxy localhost:3125 }
ntfy.alogins.net { reverse_proxy localhost:8840 }
``` ```
### Requirements (See `/etc/caddy/Caddyfile` for full config including VPN and other services.)
- Ports **80** and **443** must both be forwarded (source and target) ```bash
- Leave remote IP empty in router port forwarding for intranet access sudo systemctl enable --now caddy
```
**Port forwarding requirements:**
- Ports **80** and **443** forwarded on the router (source and target, remote IP empty)
- Port **10051** forwarded for Zabbix active agent connections
### TLS debugging ### TLS debugging
@@ -42,3 +51,31 @@ curl localhost:2019/load \
curl -v http://yourdomain.net/.well-known/acme-challenge/test curl -v http://yourdomain.net/.well-known/acme-challenge/test
# Expect HTTP 200 # Expect HTTP 200
``` ```
## Pi-hole (DNS ad-blocking)
Pi-hole runs as a Docker container on a **macvlan** network, giving it its own IP on the LAN (`192.168.1.2`). This allows it to bind to port 53 without conflicting with the host.
### Architecture
```
[LAN clients] → DNS → 192.168.1.2 (pihole, macvlan on br0)
↓ (upstream)
8.8.8.8 / 1.1.1.1
```
The host (`br0`) and Pi-hole (`macvlan-br0`) are on the same physical network but **cannot communicate directly** due to macvlan isolation. The host uses its router as DNS instead.
### Setup
```bash
cd ~/agap_git/pihole
docker compose up -d
```
Pi-hole data: `/mnt/ssd/dbs/pihole`
Web UI: `http://192.168.1.2/admin` (password: set via `FTLCONF_webserver_api_password`)
### Router config
Set the router's DNS server to `192.168.1.2` so all LAN clients use Pi-hole automatically.