This repo is my way to share the way I run various services on my home network.
With the files and instructions in this repo you should be able to run:
- Pi-hole to be your network's DNS server (DHCP will not be covered).
- InfluxDB to store data from some of the services shipped here, plus whatever else you may want.
- Telegraf to collect data from various sources (pre-configured to collect data from the Raspberry Pi itself).
- Grafana to visialize the collected data (with instructions on how to configure some dashboards).
This has been developed and tested on a Raspberry Pi 4, running the latest Raspberry Pi OS (previously called Raspbian). It may or may not work in other Raspberry Pis, or even other hardware (with proper modifications), so I am presenting this with no guarantees.
It is assumed that you already have your Raspberry Pi fully configured, running on your network, and that you do not have any kind of web server already running (Apache, LightHTTP, whatever). If you do, you may need to make changes to the Pi-hole configuration.
This is a modified/shareable version of my personal configuration (not a verbatim copy). There are a lot of poor security choices I made here, in order to be able to share this work (like, for example, hardcoding passwords on a Yaml file). This may or may not serve your purposes.
Feel free to copy and modify to make it work whatever way you prefer. I am not going to claim I am an expert in managing containers, or any of the services demonstrated here. Feel free to propose changes, if you think they are beneficial to you, to me or the broader community (no promises they will be incorporated, but I will appreciate your contribution, and take them into consideration).
All the services are orchestrated by the docker-compose.yml
file. It describes
which services are running, their dependencies, and some of their
configuration parameters (not all of them). Some of the configuration files are
also shipped in this directory, using some (probably) sane defaults.
Initially I release this repo with a script called update-all.sh
, but in all
fairness now I understand this script is overkill.
The simplest way to update everything is this:
$ docker-compose pull
$ docker-compose up -d
Even better, if you only one to update one of the services simply run
docker-compose pull <name> && docker-compose up -d
.
This will allow you to run your containers as the non-root users (in this case I am using pi for simplification, but do whatever you feel works best for you).
$ sudo apt-get install docker-compose
$ sudo systemctl enable docker
$ sudo systemctl start docker
$ usermod -aG docker pi
Log out from the system, then log back in.
Some files and folders are required, but they won't be automatically created, so you need to do that manually:
$ mkdir -p etc/ssl/mycerts var-log var-lib/grafana var-log/grafana var-log/pihole
$ sudo chown 472 var-lib/grafana var-log/grafana
TODO: Add instructions for Let's Encrypt
For the simplistic purposes of this project, we're going to use self-signed SSL certificates. They may not deliver the best security ever, but they are simple to deploy, and don't require maintenance. This can always be changed/improved at a later date.
$ sudo apt-get install openssl
$ openssl req -new -x509 -days 365 -nodes -out etc/ssl/mycerts/server.pem -keyout etc/ssl/mycerts/server.key
***
answer the prompts whatever way is most suitable to you
what you see below is just an example
***
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
***
don't forget these last commands!
***
$ cat etc/ssl/mycerts/server.key etc/ssl/mycerts/server.pem > etc/ssl/mycerts/combined.pem
$ chmod 644 etc/ssl/mycerts/server.key etc/ssl/mycerts/combined.pem
NOTE: It's strongly suggested that you do not use this certificate file for anything other than these services.
Look inside docker-compose.yml
, and make sure some of the configuration
options listed below are good for your.
The Pi-Hole section is based on the Docker Pi-hole project. There are many configuration options, but the minimum recommended here are:
WEBPASSWORD
: set a secure password here or it will be this string (literally).DNS1 + DNS2
: I personally prefer to use OpenDNS. If you comment out these options, it will use Google DNS by default.
NOTE: If you already have a web server running, you will need to tweak this configuration a lot more. Look at the official Docker Pi-hole project page, for the appropriate configuration options.
This section is based on the official InfluxDB image. There are many configuration options, but the minimum recommended here are:
INFLUXDB_ADMIN_PASSWORD
: set a secure password here or it will be this string (literally).INFLUXDB_WRITE_USER_PASSWORD
: set a secure password here or it will be this string (literally).INFLUXDB_READ_USER_PASSWORD
: set a secure password here or it will be this string (literally).
The Telegraf base service configuration in section is mostly based on this blog. The parts related to monitoring the Raspberry Pi are based on the instructions for two grafana dashboards, which you will install later (instructions ahead).
There is only one thing you need to configure here:
INFLUXDB_WRITE_USER_PASSWORD
: make sure this is the same password as the WRITE_USER for InfluxDB (as set above).
This section is based on a bunch of information that I have gathered from different sources.
There is absolutely nothing you need to change here. Just remember, the default username and password are admin:admin, and I suggest you change this after your first login.
NOTE: This is disabled by default. To enable, uncomment the entire section.
This section is based on the official motion-docker project (modified for the Pi). It assumes you have a webcam connected, that it has been properly detected by the Raspberry Pi, and it's being exposed on /dev/video0. It stands up a web server on port 8080 that you can use to control your webcam capture. The webcam itself is visible on port 8081.
Only enable after you are sure the configuration suits your needs, otherwise you may eat up your disk.
The command below will start all services, in the appropriate order, then detach so you can get your terminal back.
$ docker-compose up --detach
It may take a while to initialize everything for the first time. Be patient.
- At some point you should be able to go open this address on your browser:
https://<rpi-ip>:3000/
. Since we are using a self-signed certificate, your browser will complain that the connection is not private, or invalid. Just accept it (follow the appropriate instructions for your browser). - After you see the web interface, there is nothing useful there.
- First of all, look to the bottom left of the screen, rover over the
left-arrow, and click on
Sign In
. The username isadmin
, the password isadmin
. ClickLog in
. - This will ask you to change your new
admin
password. Set whatever you want. - After that you will be redirected to the main screen.
- Look to the left bar, around the middle, rover over the gear icon, and click
Data Sources
. - On the new screen, find and click on
InfluxDB
. - You will be sent to the
Settings
screen. Change the following:- Name:
InfluxDB-Telegraf
- URL:
https://172.22.0.3:8086
- Skip TLS Verify: click to enable
- Database:
telegraf
- User:
grafana
- Password: same as
INFLUXDB_READ_USER_PASSWORD
- HTTP Method:
GET
- Click on
Save & Test
, you should seeData source is working
.
- Name:
- Now you will add the two dashboards for which the services have been
pre-configured:
- Look at the left bar, rover over the plus sign icon, click on
Import
. - Enter number
1443
, and clickLoad
. On the next screen, find the datasource box, and selectInfluxDB-Telegraf
, then clickImport
. This action will import this dashboard. - Again, look at the left bar, rover over the plus sign icon, click on
Import
. - Enter number
12034
, then repeat the sameprocess as before. This action will import this dashboard
- Look at the left bar, rover over the plus sign icon, click on
At this point you have everything working, and you should have very nice graphs! Enjoy!
I have intentions to improve this guide (eventually). Some of the things in my mind:
- Add support for Let's Encrypt certificates.
- NOTE: I have a way to do this with Step-CA and Caddy. Stay tuned.
- Add instructions on how to migrate from self-signed to
Let's EncryptStep-CA. - Add maintenance instructions (
updates, backups, etc). - Maybe:
Either Nagios or Zabbix, still deciding what to do.(It will be Uptime Kuma- Some sort of internet bandwith test.