From 05a394888434a44c1ab77cee723a7b82c90beafd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sat, 13 Jan 2024 15:04:14 +0200 Subject: [PATCH 1/8] containers restart policy review --- templates/gluetun-docker-compose.yml.j2 | 2 +- templates/openvpn-docker-compose.yml.j2 | 12 ++++++------ templates/ovpn_client-docker-compose.yml.j2 | 2 +- templates/pi-hole-docker-compose.yml.j2 | 2 +- templates/portainer-docker-compose.yml.j2 | 2 +- .../prometheus-exporters-docker-compose.yaml.j2 | 16 ++++++++-------- templates/qbittorrent-docker-compose.yml.j2 | 2 +- templates/unbound-dns-docker-compose.yml.j2 | 2 +- templates/wireguard-docker-compose.yml.j2 | 6 +++--- templates/x-ui-docker-compose.yml.j2 | 6 +++--- 10 files changed, 26 insertions(+), 26 deletions(-) diff --git a/templates/gluetun-docker-compose.yml.j2 b/templates/gluetun-docker-compose.yml.j2 index 9457171..9e5d7c3 100644 --- a/templates/gluetun-docker-compose.yml.j2 +++ b/templates/gluetun-docker-compose.yml.j2 @@ -3,6 +3,7 @@ services: gluetun: image: qmcgaw/gluetun container_name: gluetun + restart: unless-stopped cap_add: - NET_ADMIN devices: @@ -60,7 +61,6 @@ services: - 6881:6881/udp networks: vpn-net: - restart: unless-stopped networks: vpn-net: diff --git a/templates/openvpn-docker-compose.yml.j2 b/templates/openvpn-docker-compose.yml.j2 index fc22381..73ff826 100644 --- a/templates/openvpn-docker-compose.yml.j2 +++ b/templates/openvpn-docker-compose.yml.j2 @@ -6,14 +6,15 @@ services: container_name: openvpn build: ./openvpn-docker # image: d3vilh/openvpn:latest + restart: always privileged: true - ports: - - "1194:1194/udp" - # - "2080:2080/tcp" # management port. uncomment if you would like to share it with the host environment: TRUST_SUB: {{ ovpn_trusted_subnet }} GUEST_SUB: {{ ovpn_guest_subnet }} HOME_SUB: {{ ovpn_home_subnet }} + ports: + - "1194:1194/udp" + # - "2080:2080/tcp" # management port. uncomment if you would like to share it with the host volumes: - ./pki:/etc/openvpn/pki - ./clients:/etc/openvpn/clients @@ -24,17 +25,17 @@ services: - ./checkpsw.sh:/opt/app/checkpsw.sh cap_add: - NET_ADMIN - restart: always depends_on: - "openvpn-ui" openvpn-ui: container_name: openvpn-ui image: d3vilh/openvpn-ui:latest + restart: always + privileged: true environment: - OPENVPN_ADMIN_USERNAME={{ ovpnui_user }} - OPENVPN_ADMIN_PASSWORD={{ ovpnui_password }} - privileged: true ports: - "8080:8080/tcp" volumes: @@ -42,4 +43,3 @@ services: - ./db:/opt/openvpn-ui/db - ./pki:/usr/share/easy-rsa/pki - /var/run/docker.sock:/var/run/docker.sock:ro - restart: always diff --git a/templates/ovpn_client-docker-compose.yml.j2 b/templates/ovpn_client-docker-compose.yml.j2 index 16798f2..30b33a8 100644 --- a/templates/ovpn_client-docker-compose.yml.j2 +++ b/templates/ovpn_client-docker-compose.yml.j2 @@ -3,6 +3,7 @@ services: openvpn-client: image: d3vilh/openvpn-client:latest container_name: openvpn-client + restart: unless-stopped cap_add: - NET_ADMIN devices: @@ -20,7 +21,6 @@ services: - 6881:6881/udp networks: vpn-net: - restart: unless-stopped networks: vpn-net: diff --git a/templates/pi-hole-docker-compose.yml.j2 b/templates/pi-hole-docker-compose.yml.j2 index bc4c32d..9aef6ac 100644 --- a/templates/pi-hole-docker-compose.yml.j2 +++ b/templates/pi-hole-docker-compose.yml.j2 @@ -6,6 +6,7 @@ services: pihole: container_name: pihole image: pihole/pihole:latest + restart: unless-stopped {% if not pihole_with_unbound %} hostname: '{{ pihole_hostname }}' ports: @@ -32,7 +33,6 @@ services: volumes: - './etc-pihole/:/etc/pihole/' - './etc-dnsmasq.d/:/etc/dnsmasq.d/' - restart: unless-stopped {% if pihole_with_unbound %} network_mode: "container:unbound-dns" {% endif %} diff --git a/templates/portainer-docker-compose.yml.j2 b/templates/portainer-docker-compose.yml.j2 index 2ed8432..ad740b6 100644 --- a/templates/portainer-docker-compose.yml.j2 +++ b/templates/portainer-docker-compose.yml.j2 @@ -1,8 +1,8 @@ --- services: portainer: - image: portainer/portainer-ce:latest container_name: portainer + image: portainer/portainer-ce:latest restart: unless-stopped security_opt: - no-new-privileges:true diff --git a/templates/prometheus-exporters-docker-compose.yaml.j2 b/templates/prometheus-exporters-docker-compose.yaml.j2 index 7767c8c..797c82e 100644 --- a/templates/prometheus-exporters-docker-compose.yaml.j2 +++ b/templates/prometheus-exporters-docker-compose.yaml.j2 @@ -13,7 +13,7 @@ services: prometheus: container_name: prometheus image: prom/prometheus:latest - restart: always + restart: unless-stopped command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' @@ -34,7 +34,7 @@ services: grafana: container_name: grafana image: grafana/grafana - restart: always + restart: unless-stopped env_file: - ./grafana/config.monitoring volumes: @@ -51,7 +51,7 @@ services: ping: container_name: ping image: prom/blackbox-exporter - restart: always + restart: unless-stopped tty: true stdin_open: true command: @@ -68,7 +68,7 @@ services: speedtest: container_name: speedtest image: miguelndecarvalho/speedtest-exporter - restart: always + restart: unless-stopped expose: - 9798 ports: @@ -79,7 +79,7 @@ services: nodeexp: container_name: nodeexp image: prom/node-exporter - restart: always + restart: unless-stopped privileged: true command: - '--path.procfs=/host/proc' @@ -98,7 +98,7 @@ services: rpi_exporter: container_name: rpi_exporter image: d3vilh/rpi_exporter-arm64:latest - restart: always + restart: unless-stopped privileged: true ports: - "9110:9110/tcp" @@ -133,7 +133,7 @@ services: ovpn_exporter: container_name: ovpn_exporter image: d3vilh/openvpn_exporter:latest - restart: always + restart: unless-stopped privileged: true environment: - OVPN_STATUS_FILE=/etc/openvpn/log/openvpn-status.log @@ -150,7 +150,7 @@ services: starlink-exporter: container_name: starlink-exporter image: danopstech/starlink_exporter + restart: unless-stopped ports: - "9817:9817" - restart: unless-stopped {% endif %} \ No newline at end of file diff --git a/templates/qbittorrent-docker-compose.yml.j2 b/templates/qbittorrent-docker-compose.yml.j2 index b5c0b58..d460ac3 100644 --- a/templates/qbittorrent-docker-compose.yml.j2 +++ b/templates/qbittorrent-docker-compose.yml.j2 @@ -4,6 +4,7 @@ services: qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent + restart: unless-stopped environment: - PUID=1000 - PGID=1000 @@ -18,7 +19,6 @@ services: - 6881:6881 - 6881:6881/udp {% endif %} - restart: unless-stopped {% if qbittorrent_inside_vpn %} network_mode: container:openvpn-client {% endif %} diff --git a/templates/unbound-dns-docker-compose.yml.j2 b/templates/unbound-dns-docker-compose.yml.j2 index 16638da..b5a331d 100644 --- a/templates/unbound-dns-docker-compose.yml.j2 +++ b/templates/unbound-dns-docker-compose.yml.j2 @@ -5,6 +5,7 @@ services: container_name: unbound-dns hostname: unbound-pihole image: d3vilh/unbound-docker:latest + restart: unless-stopped volumes: - "./etc-unbound/unbound.conf:/etc/unbound/unbound.conf" - "./etc-unbound/root.hints:/etc/unbound/root.hints" @@ -21,7 +22,6 @@ services: unbound-net: cap_add: - NET_ADMIN - restart: unless-stopped networks: unbound-net: diff --git a/templates/wireguard-docker-compose.yml.j2 b/templates/wireguard-docker-compose.yml.j2 index 1b3b29b..798258c 100644 --- a/templates/wireguard-docker-compose.yml.j2 +++ b/templates/wireguard-docker-compose.yml.j2 @@ -3,8 +3,9 @@ version: "3.5" services: wireguard-ui: - image: d3vilh/wireguard-ui-arm:latest container_name: wireguard-ui + image: d3vilh/wireguard-ui-arm:latest + restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE @@ -26,5 +27,4 @@ services: - '5000:5000' - '51820:51820/udp' sysctls: - - net.ipv4.conf.all.src_valid_mark=1 - restart: unless-stopped \ No newline at end of file + - net.ipv4.conf.all.src_valid_mark=1 \ No newline at end of file diff --git a/templates/x-ui-docker-compose.yml.j2 b/templates/x-ui-docker-compose.yml.j2 index 086dec8..90a979e 100644 --- a/templates/x-ui-docker-compose.yml.j2 +++ b/templates/x-ui-docker-compose.yml.j2 @@ -3,14 +3,14 @@ version: "3.9" services: xui: - image: d3vilh/x-ui:latest container_name: xray-x-ui hostname: raspberry-xray + image: d3vilh/x-ui:latest + restart: unless-stopped volumes: - ./db/:/etc/x-ui/ - ./cert/:/root/cert/ environment: XRAY_VMESS_AEAD_FORCED: "false" tty: true - network_mode: host - restart: unless-stopped \ No newline at end of file + network_mode: host \ No newline at end of file From d71c4c9cc4ee6cd5318ede38e1897f37ab85ef37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sun, 14 Jan 2024 16:29:05 +0200 Subject: [PATCH 2/8] + experimental ovpn_client_hostmode feature --- example.config.yml | 7 +++++-- templates/ovpn_client-docker-compose.yml.j2 | 10 ++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/example.config.yml b/example.config.yml index 5633488..8711ae6 100644 --- a/example.config.yml +++ b/example.config.yml @@ -70,7 +70,7 @@ tech_dns_inside_vpn: false # DOESN'T WORK YET! # Set true # | | | . | -_| | | | __| | | | # |_____| _|___|_|_|\___/|__| |_|___| # |_| -# OpenVPN Server configuration. +# OpenVPN Server configuration. Client configuration below. ovpn_server_enable: false # Set true to enable OpenVPN server remove_ovpn_server: false # Set true to remove OpenVPN server @@ -98,7 +98,10 @@ easyrsa_crl_days: 180 # Number of days until the CRL # OpenVPN Client configuration for qBittorrent only. OpenVPN server is not required. ovpn_client_enable: false # Set true to enable internal OpenVPN client used for qBittorrent. OpenVPN server is not required. -remove_ovpn_client: false # Set true to remove internal OpenVPN client used for qBittorrent. OpenVPN server is not required. +remove_ovpn_client: false # Set true to remove internal OpenVPN client used for qBittorrent. +# Experimental feature start + ovpn_client_hostmode: false # Set true to route all server traffic via this OpenVPN client connection. +# Experimantal feature end ovpn_client_cert: "webinstall-client.ovpn" # Set your ovpn-client certificate name ovpn_client_allowed_subnet: "192.168.88.0/24" # Allowed subnet for ovpn-client. You must have your local network defined here. diff --git a/templates/ovpn_client-docker-compose.yml.j2 b/templates/ovpn_client-docker-compose.yml.j2 index 30b33a8..0148be7 100644 --- a/templates/ovpn_client-docker-compose.yml.j2 +++ b/templates/ovpn_client-docker-compose.yml.j2 @@ -20,9 +20,19 @@ services: - 6881:6881 - 6881:6881/udp networks: +{% if ovpn_client_hostmode %} + - host + - vpn-net +{% endif %} +{% if not ovpn_client_hostmode %} vpn-net: +{% endif %} networks: +{% if ovpn_client_hostmode %} + host: + external: true +{% endif %} vpn-net: ipam: driver: default \ No newline at end of file From 50fd6d769b96c71210cbf4e090ff0779daaf6555 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sun, 28 Jan 2024 14:07:22 +0200 Subject: [PATCH 3/8] rename raspi-monitoring to Raspberry monitoring --- main.yml | 4 ++-- tasks/handlers.yml | 2 +- ...spi-monitoring.yml => raspberry-monitoring.yml} | 14 +++++++------- 3 files changed, 10 insertions(+), 10 deletions(-) rename tasks/{raspi-monitoring.yml => raspberry-monitoring.yml} (91%) diff --git a/main.yml b/main.yml index 6082066..91389b4 100644 --- a/main.yml +++ b/main.yml @@ -75,8 +75,8 @@ ansible.builtin.import_tasks: tasks/xray-xui.yml when: xray_enable - - name: Setup Raspi Monitoring - ansible.builtin.import_tasks: tasks/raspi-monitoring.yml + - name: Setup Raspberry Monitoring + ansible.builtin.import_tasks: tasks/raspberry-monitoring.yml when: monitoring_enable - name: Setup Shelly Plug Monitoring diff --git a/tasks/handlers.yml b/tasks/handlers.yml index 99b646f..ec4e148 100644 --- a/tasks/handlers.yml +++ b/tasks/handlers.yml @@ -27,7 +27,7 @@ restarted: true become: false -- name: Restart raspi-monitoring +- name: Restart Raspberry monitoring community.docker.docker_compose: project_src: "{{ config_dir }}/monitoring/" build: false diff --git a/tasks/raspi-monitoring.yml b/tasks/raspberry-monitoring.yml similarity index 91% rename from tasks/raspi-monitoring.yml rename to tasks/raspberry-monitoring.yml index 5f09166..043e88f 100644 --- a/tasks/raspi-monitoring.yml +++ b/tasks/raspberry-monitoring.yml @@ -11,7 +11,7 @@ - ansible_facts.userspace_bits == '32' - ansible_facts.packages['libseccomp2'][0]['version'] is version('2.4.4', '<') -- name: Synchronize raspi-monitoring directory. +- name: Synchronize Raspberry monitoring directory. ansible.posix.synchronize: src: monitoring dest: "{{ config_dir }}/" @@ -20,7 +20,7 @@ perms: false become: false -- name: Ensure raspi-monitoring directory is not a Git repository. +- name: Ensure Raspberry monitoring directory is not a Git repository. ansible.builtin.file: path: "{{ config_dir }}/monitoring/.git/" state: absent @@ -40,7 +40,7 @@ dest: prometheus/pinghosts.yaml - src: prometheus-exporters-docker-compose.yaml.j2 dest: docker-compose.yml - notify: Restart raspi-monitoring + notify: Restart Raspberry monitoring become: false - name: Copy OpenVPN monitoring dashboard config to Grafana. @@ -49,7 +49,7 @@ dest: "{{ config_dir }}/monitoring/grafana/provisioning/dashboards/openvpn.json" mode: '0644' become: false - notify: Restart raspi-monitoring + notify: Restart Raspberry monitoring when: openvpn_monitoring_enable - name: Copy PiKVM monitoring dashboard config to Grafana. @@ -58,7 +58,7 @@ dest: "{{ config_dir }}/monitoring/grafana/provisioning/dashboards/pikvm.json" mode: 0644 become: false - notify: Restart raspi-monitoring + notify: Restart Raspberry monitoring when: pikvm_monitoring_enable - name: Copy AirGradient dashboard config to Grafana. @@ -68,7 +68,7 @@ mode: 0644 become: false loop: "{{ airgradient_sensors }}" - notify: Restart raspi-monitoring + notify: Restart Raspberry monitoring when: airgradient_monitoring_enable - name: Copy Starlink dashboard config to Grafana. @@ -119,7 +119,7 @@ tag: latest become: false -- name: Ensure raspi-monitoring environment is running. +- name: Ensure Raspberry monitoring environment is running. community.docker.docker_compose: project_src: "{{ config_dir }}/monitoring/" build: false From 8cb4334ee5bfd7da39094ee6c698e4c3cad4928e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sun, 28 Jan 2024 14:35:02 +0200 Subject: [PATCH 4/8] Fix for Connected clients widget --- templates/openvpn-dashboard.json.j2 | 101 +++++++++++++++++++--------- 1 file changed, 69 insertions(+), 32 deletions(-) diff --git a/templates/openvpn-dashboard.json.j2 b/templates/openvpn-dashboard.json.j2 index 2ee1242..c512138 100644 --- a/templates/openvpn-dashboard.json.j2 +++ b/templates/openvpn-dashboard.json.j2 @@ -79,7 +79,8 @@ "value": 80 } ] - } + }, + "unitScale": true }, "overrides": [] }, @@ -102,9 +103,11 @@ "fields": "/^Value$/", "values": false }, - "textMode": "value" + "showPercentChange": false, + "textMode": "value", + "wideLayout": true }, - "pluginVersion": "10.1.0", + "pluginVersion": "10.3.1", "targets": [ { "datasource": { @@ -170,7 +173,18 @@ "color": { "mode": "thresholds" }, - "mappings": [], + "displayName": "Connected", + "mappings": [ + { + "options": { + "Connected": { + "index": 0, + "text": "Con" + } + }, + "type": "value" + } + ], "thresholds": { "mode": "absolute", "steps": [ @@ -180,7 +194,8 @@ } ] }, - "unit": "short" + "unit": "short", + "unitScale": true }, "overrides": [] }, @@ -200,16 +215,18 @@ "calcs": [ "last" ], - "fields": "/^Connected$/", + "fields": "", "values": false }, + "showPercentChange": false, "text": { "titleSize": 25, "valueSize": 40 }, - "textMode": "value_and_name" + "textMode": "value_and_name", + "wideLayout": true }, - "pluginVersion": "10.1.0", + "pluginVersion": "10.3.1", "targets": [ { "datasource": { @@ -217,11 +234,10 @@ "uid": "P1809F7CD0C75ACF3" }, "editorMode": "code", - "exemplar": false, - "expr": "openvpn_server_connected_clients ", - "instant": true, - "legendFormat": "Connected", - "range": false, + "expr": "openvpn_server_connected_clients", + "instant": false, + "legendFormat": "__auto", + "range": true, "refId": "A" } ], @@ -248,7 +264,8 @@ } ] }, - "unit": "bytes" + "unit": "bytes", + "unitScale": true }, "overrides": [] }, @@ -271,13 +288,15 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": { "titleSize": 25, "valueSize": 50 }, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.1.0", + "pluginVersion": "10.3.1", "targets": [ { "datasource": { @@ -318,7 +337,8 @@ } ] }, - "unit": "bytes" + "unit": "bytes", + "unitScale": true }, "overrides": [] }, @@ -341,13 +361,15 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": { "titleSize": 25, "valueSize": 50 }, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.1.0", + "pluginVersion": "10.3.1", "targets": [ { "datasource": { @@ -385,7 +407,8 @@ }, "decimals": 0, "mappings": [], - "unit": "bytes" + "unit": "bytes", + "unitScale": true }, "overrides": [] }, @@ -595,7 +618,7 @@ } ], "title": "Current OpenVPN Clients", - "transform": "table", + "transform": "timeseries_to_rows", "type": "table-old" }, { @@ -622,7 +645,8 @@ } ] }, - "unit": "m" + "unit": "m", + "unitScale": true }, "overrides": [] }, @@ -635,8 +659,10 @@ "id": 8, "options": { "displayMode": "gradient", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [ @@ -646,9 +672,10 @@ "values": false }, "showUnfilled": true, + "sizing": "auto", "valueMode": "color" }, - "pluginVersion": "10.1.0", + "pluginVersion": "10.3.1", "targets": [ { "datasource": { @@ -695,7 +722,8 @@ } ] }, - "unit": "decbytes" + "unit": "decbytes", + "unitScale": true }, "overrides": [] }, @@ -708,8 +736,10 @@ "id": 10, "options": { "displayMode": "gradient", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [ @@ -719,9 +749,10 @@ "values": false }, "showUnfilled": true, + "sizing": "auto", "valueMode": "color" }, - "pluginVersion": "10.1.0", + "pluginVersion": "10.3.1", "targets": [ { "datasource": { @@ -754,6 +785,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "series", "axisLabel": "", @@ -789,7 +821,8 @@ } ] }, - "unit": "short" + "unit": "short", + "unitScale": true }, "overrides": [] }, @@ -858,6 +891,7 @@ "mode": "fixed" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisGridShow": false, @@ -901,7 +935,8 @@ "value": null } ] - } + }, + "unitScale": true }, "overrides": [] }, @@ -972,7 +1007,8 @@ } ] }, - "unit": "short" + "unit": "short", + "unitScale": true }, "overrides": [] }, @@ -1031,6 +1067,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -1078,7 +1115,8 @@ } ] }, - "unit": "decbytes" + "unit": "decbytes", + "unitScale": true }, "overrides": [] }, @@ -1139,8 +1177,7 @@ } ], "refresh": "10s", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": [ "openvpn", "raspberry", @@ -1158,6 +1195,6 @@ "timezone": "", "title": "OpenVPN", "uid": "58l7kyvWz", - "version": 7, + "version": 1, "weekStart": "" } \ No newline at end of file From e8c39f9429fc583e8f4a0c8e853d939d29837ec9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sun, 28 Jan 2024 15:00:31 +0200 Subject: [PATCH 5/8] datasource update --- templates/openvpn-dashboard.json.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/openvpn-dashboard.json.j2 b/templates/openvpn-dashboard.json.j2 index c512138..c0d0964 100644 --- a/templates/openvpn-dashboard.json.j2 +++ b/templates/openvpn-dashboard.json.j2 @@ -608,7 +608,8 @@ }, { "datasource": { - "uid": "${DS_PROMETHEUS}" + "type": "prometheus", + "uid": "P1809F7CD0C75ACF3" }, "expr": "sum(label_replace(openvpn_server_client_sent_bytes_total{common_name!=\"UNDEF\"}, \"connection_time\", \"${1}000\", \"connection_time\", \"(.*)\"))by(common_name, connection_time, virtual_address)", "format": "table", From ded5764373bfca3bcba2385495ddb0dc1db7c7ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sun, 28 Jan 2024 20:43:20 +0200 Subject: [PATCH 6/8] Migration from "table-old" to "table" --- templates/openvpn-dashboard.json.j2 | 358 +++++++++++++++++----------- 1 file changed, 219 insertions(+), 139 deletions(-) diff --git a/templates/openvpn-dashboard.json.j2 b/templates/openvpn-dashboard.json.j2 index c0d0964..09afc16 100644 --- a/templates/openvpn-dashboard.json.j2 +++ b/templates/openvpn-dashboard.json.j2 @@ -173,18 +173,7 @@ "color": { "mode": "thresholds" }, - "displayName": "Connected", - "mappings": [ - { - "options": { - "Connected": { - "index": 0, - "text": "Con" - } - }, - "type": "value" - } - ], + "mappings": [], "thresholds": { "mode": "absolute", "steps": [ @@ -215,7 +204,7 @@ "calcs": [ "last" ], - "fields": "", + "fields": "/^Connected$/", "values": false }, "showPercentChange": false, @@ -234,10 +223,11 @@ "uid": "P1809F7CD0C75ACF3" }, "editorMode": "code", - "expr": "openvpn_server_connected_clients", - "instant": false, - "legendFormat": "__auto", - "range": true, + "exemplar": false, + "expr": "openvpn_server_connected_clients ", + "instant": true, + "legendFormat": "Connected", + "range": false, "refId": "A" } ], @@ -470,129 +460,214 @@ "type": "piechart" }, { - "columns": [], "datasource": { "type": "prometheus", "uid": "P1809F7CD0C75ACF3" }, - "fontSize": "100%", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unitScale": true + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "common_name" + }, + "properties": [ + { + "id": "displayName", + "value": "Username" + }, + { + "id": "unit", + "value": "short" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "connection_time" + }, + "properties": [ + { + "id": "displayName", + "value": "Login Time" + }, + { + "id": "unit", + "value": "dateTimeAsSystem" + }, + { + "id": "unit", + "value": "dateTimeAsSystem" + }, + { + "id": "custom.align", + "value": "auto" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "virtual_address" + }, + "properties": [ + { + "id": "displayName", + "value": "Local Address" + }, + { + "id": "unit", + "value": "short" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "Rx" + }, + { + "id": "unit", + "value": "bytes" + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "Tx" + }, + { + "id": "unit", + "value": "bytes" + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "custom.hidden", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Username" + }, + "properties": [ + { + "id": "custom.width", + "value": 118 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Local Address" + }, + "properties": [ + { + "id": "custom.width", + "value": 133 + } + ] + } + ] + }, "gridPos": { "h": 16, - "w": 11, + "w": 13, "x": 5, "y": 4 }, "id": 23, "links": [], - "pageSize": 100, - "scroll": true, - "showHeader": true, - "sort": { - "col": 2, - "desc": true - }, - "styles": [ - { - "alias": "Time", - "align": "auto", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Username", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "common_name", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "Login Time", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "mappingType": 1, - "pattern": "connection_time", - "thresholds": [], - "type": "date", - "unit": "dateTimeFromNow" - }, - { - "alias": "Address", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "virtual_address", - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Rx", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": false, + "fields": "", + "reducer": [ + "sum" ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "mappingType": 1, - "pattern": "Value #A", - "thresholds": [], - "type": "number", - "unit": "bytes" + "show": false }, - { - "alias": "Tx", - "align": "auto", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "mappingType": 1, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "bytes" - } - ], + "showHeader": true, + "sortBy": [ + { + "desc": false, + "displayName": "Login Time" + } + ] + }, + "pluginVersion": "10.3.1", "targets": [ { "datasource": { @@ -619,8 +694,15 @@ } ], "title": "Current OpenVPN Clients", - "transform": "timeseries_to_rows", - "type": "table-old" + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + } + ], + "type": "table" }, { "datasource": { @@ -829,7 +911,7 @@ }, "gridPos": { "h": 8, - "w": 11, + "w": 13, "x": 5, "y": 20 }, @@ -943,7 +1025,7 @@ }, "gridPos": { "h": 4, - "w": 16, + "w": 18, "x": 0, "y": 28 }, @@ -1003,8 +1085,7 @@ "mode": "percentage", "steps": [ { - "color": "green", - "value": null + "color": "green" } ] }, @@ -1015,7 +1096,7 @@ }, "gridPos": { "h": 7, - "w": 16, + "w": 18, "x": 0, "y": 32 }, @@ -1107,8 +1188,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1123,7 +1203,7 @@ }, "gridPos": { "h": 6, - "w": 16, + "w": 18, "x": 0, "y": 39 }, @@ -1189,13 +1269,13 @@ "list": [] }, "time": { - "from": "now-24h", + "from": "now-12h", "to": "now" }, "timepicker": {}, "timezone": "", "title": "OpenVPN", "uid": "58l7kyvWz", - "version": 1, + "version": 5, "weekStart": "" } \ No newline at end of file From 8de786bf81fe4a3a15a4225ee8e517993513ec03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sun, 18 Feb 2024 14:39:35 +0200 Subject: [PATCH 7/8] moving server.conf into /etc/openvpn/server.conf --- .../config/{server.conf => old-server.conf} | 0 openvpn-server/server.conf | 47 +++++++++++++++++++ templates/openvpn-docker-compose.yml.j2 | 1 + templates/openvpn-docker-entrypoint.sh.j2 | 2 +- 4 files changed, 49 insertions(+), 1 deletion(-) rename openvpn-server/config/{server.conf => old-server.conf} (100%) create mode 100755 openvpn-server/server.conf diff --git a/openvpn-server/config/server.conf b/openvpn-server/config/old-server.conf similarity index 100% rename from openvpn-server/config/server.conf rename to openvpn-server/config/old-server.conf diff --git a/openvpn-server/server.conf b/openvpn-server/server.conf new file mode 100755 index 0000000..9a80ad0 --- /dev/null +++ b/openvpn-server/server.conf @@ -0,0 +1,47 @@ +management 0.0.0.0 2080 + +port 1194 +proto udp + +dev tun + +ca pki/ca.crt +cert pki/issued/server.crt +key pki/private/server.key + +cipher AES-256-CBC +auth SHA512 +dh pki/dh.pem + +server 10.0.70.0 255.255.255.0 +route 10.0.71.0 255.255.255.0 +ifconfig-pool-persist pki/ipp.txt +push "route 10.0.60.0 255.255.255.0" +push "dhcp-option DNS 8.8.8.8" +push "dhcp-option DNS 1.0.0.1" + +keepalive 10 120 +max-clients 100 + +persist-key +persist-tun + +log /var/log/openvpn/openvpn.log +verb 4 +topology subnet + +client-config-dir /etc/openvpn/staticclients +push "redirect-gateway def1 bypass-dhcp" + +ncp-ciphers AES-256-GCM:AES-192-GCM:AES-128-GCM + +user nobody +group nogroup + +status-version 2 +status /var/log/openvpn/openvpn-status.log + +explicit-exit-notify 1 +crl-verify pki/crl.pem + +#Default Raspberry-Gateway configuration file \ No newline at end of file diff --git a/templates/openvpn-docker-compose.yml.j2 b/templates/openvpn-docker-compose.yml.j2 index 73ff826..94691b4 100644 --- a/templates/openvpn-docker-compose.yml.j2 +++ b/templates/openvpn-docker-compose.yml.j2 @@ -23,6 +23,7 @@ services: - ./log:/var/log/openvpn - ./fw-rules.sh:/opt/app/fw-rules.sh - ./checkpsw.sh:/opt/app/checkpsw.sh + - ./server.conf:/etc/openvpn/server.conf cap_add: - NET_ADMIN depends_on: diff --git a/templates/openvpn-docker-entrypoint.sh.j2 b/templates/openvpn-docker-entrypoint.sh.j2 index dcbd230..22b0c3f 100755 --- a/templates/openvpn-docker-entrypoint.sh.j2 +++ b/templates/openvpn-docker-entrypoint.sh.j2 @@ -89,4 +89,4 @@ echo 'IPT FWD Chains:' iptables -v -x -n -L | grep DROP echo 'Start openvpn process...' -/usr/sbin/openvpn --cd $OPENVPN_DIR --script-security 2 --config $OPENVPN_DIR/config/server.conf \ No newline at end of file +/usr/sbin/openvpn --cd $OPENVPN_DIR --script-security 2 --config $OPENVPN_DIR/server.conf \ No newline at end of file From 50937857b797f3ae680023bcbf157d324292f003 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mr=2E=20=CE=A6=CE=AF=CE=BB=CE=B9=CF=80=CF=80=CE=BF=CF=82?= <33333559+d3vilh@users.noreply.github.com> Date: Sun, 18 Feb 2024 16:15:34 +0200 Subject: [PATCH 8/8] config format change --- example.config.yml | 80 ++++++++++++++++++++++------------------------ 1 file changed, 39 insertions(+), 41 deletions(-) diff --git a/example.config.yml b/example.config.yml index 8711ae6..60c3de2 100644 --- a/example.config.yml +++ b/example.config.yml @@ -3,7 +3,8 @@ config_dir: '~' # -# For advanced Monitoring configuration see `advanced.config.yml` +# This is the simplyfied configuration file. +# For advanced configuration see `advanced.config.yml` # # _____ _ _____ @@ -18,23 +19,37 @@ ur_timezone: "Europe/Kyiv" # | __| . | _| _| .'| | | -_| _| # |__| |___|_| |_| |__,|_|_|_|___|_| # Portainer configuration. -portainer_enable: true # Set true to enable Portainer -remove_portainer: false # Set true to remove Portainer +portainer_enable: true # Set true to enable Portainer +remove_portainer: false # Set true to remove Portainer # _____ _ _ ____ _____ _____ # | | |___| |_ ___ _ _ ___ _| | | \| | | __| # | | | | . | . | | | | . |_| | | | | |__ | # |_____|_|_|___|___|___|_|_|___|_|____/|_|___|_____| Dont't use with .Tech.DNS at the same time! # Unbound DNS configuration. -unbound_dns_enable: true # Set true to enable Unbound DNS. Don't use with Technition DNS at the same time! -remove_unbound_dns: false # Set true to remove Unbound DNS +unbound_dns_enable: true # Set true to enable Unbound DNS. Don't use with Technition DNS at the same time! +remove_unbound_dns: false # Set true to remove Unbound DNS -unbound_dns_identitiy: "unbound-dns" # Report this identity rather than the hostname of the server. -unbound_dns_hide: "yes" # Send minimum information to upstream servers, reduce responce size, refuse .id and .version queries -unbound_dns_ipv4: "yes" # enable ipv4 support. -unbound_dns_ipv6: "no" # enable ipv6 support -unbound_dns_num_threads: "1" # Keep 1, unless understand you really need it. -unbound_dns_upstream_4_pihole: "127.0.0.1#5335" # Use local Unbound DNS as upstream DNS server IP. +unbound_dns_identitiy: "unbound-dns" # Report this identity rather than the hostname of the server. +unbound_dns_hide: "yes" # Send minimum information to upstream servers, reduce responce size, refuse .id and .version queries +unbound_dns_ipv4: "yes" # enable ipv4 support. +unbound_dns_ipv6: "no" # enable ipv6 support +unbound_dns_num_threads: "1" # Keep 1, unless understand you really need it. +unbound_dns_upstream_4_pihole: "127.0.0.1#5335" # Use local Unbound DNS as upstream DNS server IP. + +# _____ _____ _____ _____ _____ +# | __| _ |_____| __ | _ | | __|___ ___ _ _ ___ ___ +# |__ | | | __ -| | |__ | -_| _| | | -_| _| +# |_____|__|__|_|_|_|_____|__|__| |_____|___|_| \_/|___|_| +# SAMBA Server. Testing only. Not ready for production. +samba_enable: false # Set true to enable SAMBA +remove_samba: false # Set true to remove SAMBA + +samba_user: "admin" # SAMBA username +samba_password: "gagaZush" # !Change this password! +samba_netbios_name: "Raspberry-gw" # SAMBA NetBIOS name +samba_workgroup: "WORKGROUP" # SAMBA workgroup +samba_torrents_share: false # Set true to enable torrents share # _____ _ _____ _ # | _ |_| | |___| |___ @@ -70,7 +85,7 @@ tech_dns_inside_vpn: false # DOESN'T WORK YET! # Set true # | | | . | -_| | | | __| | | | # |_____| _|___|_|_|\___/|__| |_|___| # |_| -# OpenVPN Server configuration. Client configuration below. +# OpenVPN Server configuration. ovpn_server_enable: false # Set true to enable OpenVPN server remove_ovpn_server: false # Set true to remove OpenVPN server @@ -84,7 +99,7 @@ ovpn_remote: "remote 123.234.123.12 12345 udp" # OpenVPN client.ovpn profile c # EasyRSA configuration parameters. easyrsa_dn: "org" # Leave this as-is. "org" for traditional, "cn_only" for CN only. easyrsa_req_country: "UA" # The two-letter country code (e.g. US). -easyrsa_req_province: "KY" # The two-letter state or province code (e.g. CA). +easyrsa_req_province: "KY" # The state or province (e.g. CA or California). easyrsa_req_city: "Kyiv" # The city of the organization. easyrsa_req_org: "SweetHome" # The name of the organization. easyrsa_req_email: "sweet@home.net" # The email address of the organization. @@ -98,14 +113,11 @@ easyrsa_crl_days: 180 # Number of days until the CRL # OpenVPN Client configuration for qBittorrent only. OpenVPN server is not required. ovpn_client_enable: false # Set true to enable internal OpenVPN client used for qBittorrent. OpenVPN server is not required. -remove_ovpn_client: false # Set true to remove internal OpenVPN client used for qBittorrent. -# Experimental feature start - ovpn_client_hostmode: false # Set true to route all server traffic via this OpenVPN client connection. -# Experimantal feature end +remove_ovpn_client: false # Set true to remove internal OpenVPN client used for qBittorrent. OpenVPN server is not required. ovpn_client_cert: "webinstall-client.ovpn" # Set your ovpn-client certificate name ovpn_client_allowed_subnet: "192.168.88.0/24" # Allowed subnet for ovpn-client. You must have your local network defined here. -ovpn_client_secret: "webinstall-credentials.txt" # Filename with ovpn-client user and password. +ovpn_client_secret: "webinstall-credentials.txt" # Filename with ovpn-client user and password, "example-credentials.txt" ovpn_client_killswitch: true # Allow subnet access and block all other traffic if ovpn-client is down # _____ _ _____ @@ -128,10 +140,10 @@ gluetun_vpn_type: openvpn # Set your VPN type: openvpn, w gluetun_openvpn_user: "none" # Set your OpenVPN username gluetun_openvpn_password: "none" # Set your OpenVPN password gluetun_vpnclient_custom: false # Set true to enable custom OpenVPN configuration below -glue_ovpn_custom_conf: "webinstall-client.ovpn" # Set your OpenVPN custom configuration. +glue_ovpn_custom_conf: "webinstall-client.ovpn" # Set your OpenVPN custom configuration. See # WIREGUARD CLIENT PART: -gluetun_wireguard_private_key: "yTblPoK...2c=" # Valid base 58 Wireguard Client key. Wireguard client private key to use. +gluetun_wireguard_private_key: "TblPoK...2c=" # Valid base 58 Wireguard Client key. Wireguard client private key to use. gluetun_wireguard_public_key: "none" # Valid base 58 Wireguard Server key. Wireguard Server public key to use. gluetun_wireguard_preshared_key: "none" # gluetun_wireguard_address: "10.99.99.99/32" # Valid IP network interface address in the format xx.xx.xx.xx/xx or ff:ff:ff...:ff/128 @@ -165,20 +177,6 @@ qbittorrent_inside_vpn: false # Set true to route qBitTorrent qbittorrent_inside_gluetun: false # Set true to route qBitTorrent traffic via Gluetun VPN client qbittorrent_webui_port: 8090 # Do not change it unless you know what you are doing. -# _____ _____ _____ _____ _____ -# | __| _ |_____| __ | _ | | __|___ ___ _ _ ___ ___ -# |__ | | | __ -| | |__ | -_| _| | | -_| _| -# |_____|__|__|_|_|_|_____|__|__| |_____|___|_| \_/|___|_| -# SAMBA Server. Testing only. Not ready for production. -samba_enable: false # Set true to enable SAMBA -remove_samba: false # Set true to remove SAMBA - -samba_user: "admin" # SAMBA username -samba_password: "gagaZush" # !Change this password! -samba_netbios_name: "Raspberry-gw" # SAMBA NetBIOS name -samba_workgroup: "WORKGROUP" # SAMBA workgroup -samba_torrents_share: false # Set true to enable torrents share - # _____ _ _ # | |___ ___|_| |_ ___ ___ ___ # | | | | . | | | _| . | _|_ -| @@ -210,7 +208,7 @@ remove_airgradient_monitoring: false # Set true to remove Airgradien # Starlink monitoring configuration. # Requires `monitoring_enable` starlink_monitoring_enable: false # Set true to enable StarLink dishy Grafana dashboard -remove_starlink_monitoring: false # Set true to remove dishy Grafana dashboard :( +remove_starlink_monitoring: false # Set true to remove StarLink dishy Grafana dashboard starlink_ip: "10.10.10.1" # Dishy IP address starlink_port: 9817 # Dishy port to get statistics from @@ -219,10 +217,10 @@ starlink_port: 9817 # Dishy port to get statistics shelly_plug_monitoring_enable: false # Set true or false remove_shelly_plug_monitoring: false # Set true to remove Shelly Plug Grafana dashboard -shelly_plug_hostname: server-room-shelly # Shelly Plug hostname -shelly_ip: "192.168.88.66" # Shelly Plug IP address -shelly_port: 9924 # Shelly Plug port to get statistics from -shelly_plug_http_username: "admin" # Shelly Plug username +shelly_plug_hostname: shelly-host-or-ip +shelly_ip: "192.168.88.66" +shelly_port: 9924 +shelly_plug_http_username: "admin" # username shelly_plug_http_password: "gagaZush" # !Change this password! # __ __ @@ -233,5 +231,5 @@ shelly_plug_http_password: "gagaZush" # !Change this password! # \/ \/ Shadowsocks fast tunnel proxy. # experimental container with X-UI supports Shadowsocks, VMess, VLESS, XTLS and Trojan protocols # !Beaware! some XRAY protocols from the list are prohibited in PRC. Don't use this if you are in PRC. -xray_enable: false # Set true to enable X-RAY x-ui -remove_xray: false # Set true to remove X-RAY x-ui \ No newline at end of file +xray_enable: false # Set true to enable X-RAY x-ui eXperimental +remove_xray: false \ No newline at end of file