Commit d2ac3c87 authored by Nick Busey's avatar Nick Busey

#15 Adding Tor hidden service support

parent f9b3cf97
Pipeline #24267934 passed with stages
in 32 seconds
# 0.3
* Added Automated Apple Health Import
* Added Tor Hidden Services
# 0.2
......
.PHONY: deploy build restore
.PHONY: deploy build restore develop provision docs
# Deploy HomelabOS
deploy:
......@@ -34,4 +34,10 @@ develop:
# Re-run just the Provision step (Ansible) against the Vagrant machine
provision:
cat homelaboslogo.txt
vagrant provision
\ No newline at end of file
vagrant provision
# Update just the dcos
docs:
cat homelaboslogo.txt
mkdocs build
ansible-playbook -i hosts -t docs homelabos.yml
\ No newline at end of file
......@@ -24,6 +24,7 @@ To make it easy for anyone to own all their data in an easy and secure way, with
* Automated Backups
* Easy Restore
* Automated Apple Health Data import
* Automated Tor Hidden Service access
### [Planned Features] (https://gitlab.com/NickBusey/HomelabOS/issues?label_name%5B%5D=enhancement)
......@@ -69,18 +70,20 @@ If you have the latest version of Vagrant and Virtual Box setup you can demo thi
* OwnTracksRecorder - https://github.com/owntracks/recorder
* [Pi-hole](https://pi-hole.net/) - Ad blocking
* Sonarr
* SynchThing
* SyncThing
* urBackup
## Requirements
A server running Ubuntu 18.04 accessible via ssh with a user that has sudo.
A domain configured with a `A` type DNS record of `*.yourdomain.com` pointed at your server's IP address.
Ansible version 2.5+ installed on your computer (not the server).
Ports 80 and 443 punched through any firewalls and port forwarded at your server in question.
## Optional Items
Ansible version 2.5+ installed on your computer (not the server).
A domain configured with a `A` type DNS record of `*.yourdomain.com` pointed at your server's IP address. (This is optional because you can use Tor to access your services without registering a domain. For best support from 3rd party clients an actual domain is recommended.)
Ports 80 and 443 punched through any firewalls and port forwarded at your server in question. (This is also optional due to Tor access.)
## [Installation](https://nickbusey.gitlab.io/HomelabOS/setup/installation/)
......
# Tor
If you don't have a domain, or your DNS fails you, or suddenly some ports aren't mapped correctly somewhere in your network, and you can't access your services remotely, fear not! Tor is here to save the day.
## Install Tor
Download Tor from the [Tor Project](https://www.torproject.org/) website.
## Web Access
Each page of the Software documentation section has a Tor URL beneath the normal URL.
## SSH Access
Make sure you have a working `torify` installation on your machine (not the server). Run `torify curl ifconfig.me` to verify you can connect to Tor with `torify`.
Now append the following lines to your `~/.ssh/config` file:
```
Host *.onion
ProxyCommand /usr/bin/nc -xlocalhost:9150 -X5 %h %p
```
Once that is done, you can ssh to your server with `torify ssh {{ ansible_user }}@{{ tor_ssh_domain }}`
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://irc.{{ domain }}/](http://irc.{{ domain }}/)
\ No newline at end of file
It is available at [http://irc.{{ domain }}/](http://irc.{{ domain }}/)
It is also available via Tor at [http://irc.{{ tor_domain }}/](http://irc.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://emby.{{ domain }}/](http://emby.{{ domain }}/)
\ No newline at end of file
It is available at [http://emby.{{ domain }}/](http://emby.{{ domain }}/)
It is also available via Tor at [http://emby.{{ tor_domain }}/](http://emby.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://money.{{ domain }}/](http://money.{{ domain }}/)
\ No newline at end of file
It is available at [http://money.{{ domain }}/](http://money.{{ domain }}/)
It is also available via Tor at [http://money.{{ tor_domain }}/](http://money.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://git.{{ domain }}/](http://git.{{ domain }}/)
\ No newline at end of file
It is available at [http://git.{{ domain }}/](http://git.{{ domain }}/)
It is also available via Tor at [http://git.{{ tor_domain }}/](http://git.{{ tor_domain }}/)
\ No newline at end of file
......@@ -6,4 +6,6 @@ You can use it to visualize the Weather data imported by [influxdb_darksky](soft
## Access
It is available at [http://grafana.{{ domain }}/](http://grafana.{{ domain }}/)
\ No newline at end of file
It is available at [http://grafana.{{ domain }}/](http://grafana.{{ domain }}/)
It is also available via Tor at [http://grafana.{{ tor_domain }}/](http://grafana.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://homeassistant.{{ domain }}/](http://homeassistant.{{ domain }}/)
\ No newline at end of file
It is available at [http://homeassistant.{{ domain }}/](http://homeassistant.{{ domain }}/)
It is also available via Tor at [http://homeassistant.{{ tor_domain }}/](http://homeassistant.{{ tor_domain }}/)
\ No newline at end of file
......@@ -8,4 +8,6 @@ Refer to the [Backup Guide](/setup/backups) for configuration details.
## Access
The dashboard is available at [http://minio.{{ domain }}/](http://minio.{{ domain }}/)
\ No newline at end of file
The dashboard is available at [http://minio.{{ domain }}/](http://minio.{{ domain }}/)
It is also available via Tor at [http://minio.{{ tor_domain }}/](http://minio.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://nextcloud.{{ domain }}/](http://nextcloud.{{ domain }}/)
\ No newline at end of file
It is available at [http://nextcloud.{{ domain }}/](http://nextcloud.{{ domain }}/)
It is also available via Tor at [http://nextcloud.{{ tor_domain }}/](http://nextcloud.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://paperless.{{ domain }}/](http://paperless.{{ domain }}/)
\ No newline at end of file
It is available at [http://paperless.{{ domain }}/](http://paperless.{{ domain }}/)
It is also available via Tor at [http://paperless.{{ tor_domain }}/](http://paperless.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://docker.{{ domain }}/](http://docker.{{ domain }}/)
\ No newline at end of file
It is available at [http://docker.{{ domain }}/](http://docker.{{ domain }}/)
It is also available via Tor at [http://docker.{{ tor_domain }}/](http://docker.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://music.{{ domain }}/](http://music.{{ domain }}/)
\ No newline at end of file
It is available at [http://music.{{ domain }}/](http://music.{{ domain }}/)
It is also available via Tor at [http://music.{{ tor_domain }}/](http://music.{{ tor_domain }}/)
\ No newline at end of file
......@@ -4,4 +4,6 @@
## Access
It is available at [http://terminal.{{ domain }}/](http://terminal.{{ domain }}/)
\ No newline at end of file
It is available at [http://terminal.{{ domain }}/](http://terminal.{{ domain }}/)
It is also available via Tor at [http://terminal.{{ tor_domain }}/](http://terminal.{{ tor_domain }}/)
\ No newline at end of file
......@@ -6,4 +6,6 @@ HomelabOS uses [docker-transmission-openvpn](https://github.com/haugene/docker-t
## Access
It is available at [http://torrent.{{ domain }}/](http://torrent.{{ domain }}/)
\ No newline at end of file
It is available at [http://torrent.{{ domain }}/](http://torrent.{{ domain }}/)
It is also available via Tor at [http://transmission.{{ tor_domain }}/](http://transmission.{{ tor_domain }}/)
\ No newline at end of file
......@@ -22,7 +22,17 @@
# Install Docker, configure basic server settings
- common
# Configure a TOR hidden service for remote access without a public IP
# - { role: systemli.hidden-service }
- role: toke.tor
hidden_services:
- dir: /var/lib/tor/ssh-onion
port: 22
source: 127.0.0.1:22
- dir: /var/lib/tor/https-onion
port: 443
source: 127.0.0.1:443
- dir: /var/lib/tor/http-onion
port: 80
source: 127.0.0.1:80
# Install and configure HomelabOS documentation
- hosts: all
......
......@@ -14,6 +14,7 @@ pages:
- Installation: setup/installation.md
- Getting Started: setup/gettingstarted.md
- Backups: setup/backups.md
- Tor Hidden Services: setup/tor.md
- Included Software:
- Apple Health: software/applehealth.md
- Convos: software/convos.md
......
......@@ -49,3 +49,10 @@
locale_gen:
name: en_US.UTF-8
state: present
- name: Disable resolved service to make room for pihole
systemd:
name: systemd-resolved
state: stopped
enabled: no
daemon-reload: yes
\ No newline at end of file
......@@ -8,4 +8,32 @@
- /var/homelabos/docs
- name: Configure HomelabOS Documentation.
copy: src=site dest=/var/homelabos/docs
\ No newline at end of file
copy: src=site dest=/var/homelabos/docs
- name: Read Tor connection info
shell: cat /var/lib/tor/http-onion/hostname
register: tor_domain_file
- name: Read Tor connection info
shell: cat /var/lib/tor/ssh-onion/hostname
register: tor_ssh_domain_file
- name: Configure HomelabOS Documentation.
template:
src: '{{ item.src }}'
dest: '/var/homelabos/docs/site/setup/{{ item.path }}'
with_filetree: 'site/setup/'
when: item.state == 'file'
vars:
tor_domain: "{{ tor_domain_file.stdout }}"
tor_ssh_domain: "{{ tor_ssh_domain_file.stdout }}"
- name: Configure HomelabOS Documentation.
template:
src: '{{ item.src }}'
dest: '/var/homelabos/docs/site/software/{{ item.path }}'
with_filetree: 'site/software/'
when: item.state == 'file'
vars:
tor_domain: "{{ tor_domain_file.stdout }}"
tor_ssh_domain: "{{ tor_ssh_domain_file.stdout }}"
\ No newline at end of file
---
- name: Make HomelabOS data directory.
- name: Make HomelabOS data directories.
file:
path: "{{ item }}"
state: directory
......@@ -12,6 +12,12 @@
- /var/homelabos/traefik
- /mnt/nas
- name: Configure Docker.
template: src={{ item }} dest=/var/homelabos/docker/
loop:
- .env
- monica.env
- name: Configure Telegraf.
template: src=telegraf.conf dest=/var/homelabos/telegraf/telegraf.conf
......@@ -38,10 +44,16 @@
- name: Configure HomelabOS systemd service.
template: src=homelabos.service dest=/etc/systemd/system/homelabos.service
- name: Read Tor connection info
shell: cat /var/lib/tor/http-onion/hostname
register: tor_http_domain_file
- name: Copy HomelabOS docker-compose.yml file into place.
template:
src: docker-compose.yml
dest: /var/homelabos/docker/docker-compose.yml
vars:
tor_domain: "{{ tor_http_domain_file.stdout }}"
# This breaks with Vagrant and seems unreliable. Let's find a better solution.
# - name: Create HomelabOS hosts file.
......@@ -79,8 +91,12 @@
daemon-reload: yes
state: restarted
- name: Read Tor SSH connection info
shell: cat /var/lib/tor/ssh-onion/hostname
register: tor_ssh_domain_file
- debug:
msg: "HomelabOS Installed successfully! Go to https://{{ domain }}/ to get started."
msg: "HomelabOS Installed successfully! Go to https://{{ domain }}/ to get started. You can also access your services via Tor at http://{{ tor_http_domain_file.stdout }}/ Finally you can SSH to {{ tor_ssh_domain_file.stdout }}"
- debug:
msg: "Problems? File an issue at https://gitlab.com/NickBusey/HomelabOS/issues"
\ No newline at end of file
msg: "Problems? File an issue at https://gitlab.com/NickBusey/HomelabOS/issues"
globalSettings__baseServiceUri__vault=https://{{ domain }}
globalSettings__baseServiceUri__api=https://{{ domain }}/api
globalSettings__baseServiceUri__identity=https://{{ domain }}/identity
globalSettings__baseServiceUri__admin=https://{{ domain }}/admin
globalSettings__sqlServer__connectionString="Data Source=tcp:mssql,1433;Initial Catalog=vault;Persist Security Info=False;User ID=sa;Password=cS2ZvPGgPnvVc8fIljD6ufpaanCQNOYt;MultipleActiveResultSets=False;Connect Timeout=30;Encrypt=True;TrustServerCertificate=True"
globalSettings__identityServer__certificatePassword=tiSVFF2O0inVP6zU6G9IqhHbxYEbfCqx
globalSettings__attachment__baseDirectory=/etc/bitwarden/core/attachments
globalSettings__attachment__baseUrl=https://{{ domain }}/attachments
globalSettings__dataProtection__directory=/etc/bitwarden/core/aspnet-dataprotection
globalSettings__logDirectory=/etc/bitwarden/logs
globalSettings__licenseDirectory=/etc/bitwarden/core/licenses
globalSettings__duo__aKey=QlZeTP29PPwyAvTDpTGpMzAxbwfCkzt54gztJnMX9zAykiumOaf7hLfMRRvilisQ
globalSettings__installation__id=e85eeb91-8fa2-45f3-a231-a90400406250
globalSettings__installation__key=FCF3Gv8At3M3fqfzl9YC
globalSettings__yubico__clientId=REPLACE
globalSettings__yubico__key=REPLACE
globalSettings__mail__replyToEmail=no-reply@{{ domain }}
globalSettings__mail__smtp__host=REPLACE
globalSettings__mail__smtp__username=REPLACE
globalSettings__mail__smtp__password=REPLACE
globalSettings__mail__smtp__ssl=true
globalSettings__mail__smtp__port=587
globalSettings__mail__smtp__useDefaultCredentials=false
globalSettings__disableUserRegistration=false
adminSettings__admins=
......@@ -7,6 +7,7 @@ Requires=docker.service
TimeoutSec=infinity
Restart=always
RestartSec=3
EnvironmentFile=/var/homelabos/docker/.env
ExecStartPre=/usr/bin/docker-compose -f /var/homelabos/docker/docker-compose.yml -p homelabos down
......
# Two choices: local|production. Use local if you want to install Monica as a
# development version. Use production otherwise.
APP_ENV=production
# true if you want to show debug information on errors. For production, put this
# to false.
APP_DEBUG=false
# The encryption key. This is the most important part of the application. Keep
# this secure otherwise, everyone will be able to access your application.
# Must be 32 characters long exactly.
# Use `php artisan key:generate` to generate a random key.
APP_KEY=ChangeMeBy32KeyLengthOrGenerated
# Prevent information leakage by referring to IDs with hashIds instead of
# the actual IDs used in the database.
HASH_SALT=ChangeMeBy20+KeyLength
HASH_LENGTH=18
# The URL of your application.
APP_URL=http://monica.{{ domain }}
# Database information
# To keep this information secure, we urge you to change the default password
DB_CONNECTION=mysql
DB_HOST=monicahq_db
DB_PORT=3306
# You can use mysql unix socket if available, it overrides DB_HOST and DB_PORT values.
#DB_UNIX_SOCKET=/var/run/mysqld/mysqld.sock
DB_DATABASE=monica
DB_USERNAME=homestead
DB_PASSWORD=secret
DB_PREFIX=
DB_TEST_HOST=127.0.0.1
DB_TEST_DATABASE=monica_test
DB_TEST_USERNAME=homestead
DB_TEST_PASSWORD=secret
# Use utf8mb4 database charset format to support emoji characters
# ⚠ be sure your DBMS supports utf8mb4 format
DB_USE_UTF8MB4=true
# Mail credentials used to send emails from the application.
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=ValidEmailAddress
MAIL_FROM_NAME="Some Name"
APP_EMAIL_NEW_USERS_NOTIFICATION=EmailThatWillSendNotificationsForNewUser
# Default timezone for new users. Users can change this setting inside the
# application at their leisure.
# Must be exactly one of the timezones used in this list (column TZ in the table):
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
APP_DEFAULT_TIMEZONE=US/Eastern
# Default locale used in the application.
APP_DEFAULT_LOCALE=en
# Ability to disable signups on your instance.
# Can be true or false. Default to false.
APP_DISABLE_SIGNUP=true
# Enable user email verification.
APP_SIGNUP_DOUBLE_OPTIN=false
# Set trusted proxy IP addresses.
# To trust all proxies that connect directly to your server, use a "*".
# To trust one or more specific proxies that connect directly to your server, use a comma separated list of IP addresses.
APP_TRUSTED_PROXIES=
# Frequency of creation of new log files. Logs are written when an error occurs.
# Refer to config/logging.php for the possible values.
LOG_CHANNEL=daily
# Error tracking. Specific to hosted version on .com. You probably don't need
# those.
SENTRY_SUPPORT=false
SENTRY_DSN=
# Send a daily ping to https://version.monicahq.com to check if a new version
# is available. When a new version is detected, you will have a message in the
# UI, as well as the release notes for the new changes. Can be true or false.
# Default to true.
CHECK_VERSION=true
# Have access to paid features available on https://monicahq.com, for free.
# Can be true or false. Default to false.
# If set to true, that means your users will have to pay to access the paid
# features. We use Stripe to do this.
REQUIRES_SUBSCRIPTION=false
# ONLY NECESSARY IF MONICA REQUIRES A SUBSCRIPTION TO WORK
# Leave blank unless you know what you are doing.
STRIPE_KEY=
STRIPE_SECRET=
PAID_PLAN_MONTHLY_FRIENDLY_NAME=
PAID_PLAN_MONTHLY_ID=
PAID_PLAN_MONTHLY_PRICE=
PAID_PLAN_ANNUAL_FRIENDLY_NAME=
PAID_PLAN_ANNUAL_ID=
PAID_PLAN_ANNUAL_PRICE=
# Change this only if you know what you are doing
CACHE_DRIVER=database
SESSION_DRIVER=file
SESSION_LIFETIME=120
QUEUE_DRIVER=sync
# Default filesystem to store uploaded files.
# Possible values: public|s3
DEFAULT_FILESYSTEM=public
# AWS keys for S3 when using this storage method
AWS_KEY=
AWS_SECRET=
AWS_REGION=us-east-1
AWS_BUCKET=
AWS_SERVER=
# Allow Two Factor Authentication feature on your instance
2FA_ENABLED=false
# CLIENT ID and SECRET used for the official mobile application
# This is to make sure that only the mobile application that you approve can
# access the route to let your users sign in with their credentials
MOBILE_CLIENT_ID=
MOBILE_CLIENT_SECRET=
# Allow to access general statistics about your instance through a public API
# call
ALLOW_STATISTICS_THROUGH_PUBLIC_API_ACCESS=false
# Indicates that each user in the instance must comply to international policies
# like CASL or GDPR
POLICY_COMPLIANT=true
......@@ -309,6 +309,18 @@
</li>
<li class="md-nav__item">
<a href="/setup/tor/" title="Tor Hidden Services" class="md-nav__link">
Tor Hidden Services
</a>
</li>
</ul>
</nav>
</li>
......@@ -338,6 +350,18 @@
<li class="md-nav__item">
<a href="/software/applehealth/" title="Apple Health" class="md-nav__link">
Apple Health
</a>
</li>
<li class="md-nav__item">
<a href="/software/convos/" title="Convos" class="md-nav__link">
Convos
......@@ -446,6 +470,18 @@
<li class="md-nav__item">
<a href="/software/minio/" title="Minio" class="md-nav__link">
Minio
</a>
</li>
<li class="md-nav__item">
<a href="/software/nextcloud/" title="NextCloud" class="md-nav__link">
NextCloud
......
......@@ -351,6 +351,18 @@
</li>
<li class="md-nav__item">
<a href="setup/tor/" title="Tor Hidden Services" class="md-nav__link">
Tor Hidden Services
</a>
</li>
</ul>
</nav>
</li>
......@@ -380,6 +392,18 @@
<li class="md-nav__item">
<a href="software/applehealth/" title="Apple Health" class="md-nav__link">
Apple Health
</a>
</li>
<li class="md-nav__item">
<a href="software/convos/" title="Convos" class="md-nav__link">
Convos
......@@ -488,6 +512,18 @@
<li class="md-nav__item">
<a href="software/minio/" title="Minio" class="md-nav__link">
Minio
</a>
</li>
<li class="md-nav__item">
<a href="software/nextcloud/" title="NextCloud" class="md-nav__link">
NextCloud
......
This diff is collapsed.
......@@ -343,8 +343,8 @@
</li>
<li class="md-nav__item">
<a href="#set-up-your-own-s3" title="Set up your own S3" class="md-nav__link">
Set up your own S3
<a href="#use-your-own-s3" title="Use your own S3" class="md-nav__link">
Use your own S3
</a>
</li>
......@@ -374,6 +374,18 @@
</li>
<li class="md-nav__item">
<a href="../tor/" title="Tor Hidden Services" class="md-nav__link">
Tor Hidden Services
</a>
</li>
</ul>
</nav>
</li>
......@@ -403,6 +415,18 @@
<li class="md-nav__item">
<a href="../../software/applehealth/" title="Apple Health" class="md-nav__link">
Apple Health
</a>
</li>
<li class="md-nav__item">
<a href="../../software/convos/" title="Convos" class="md-nav__link">
Convos
......@@ -511,6 +535,18 @@
<li class="md-nav__item">
<a href="../../software/minio/" title="Minio" class="md-nav__link">
Minio
</a>
</li>
<li class="md-nav__item">
<a href="../../software/nextcloud/" title="NextCloud" class="md-nav__link">
NextCloud
......@@ -599,8 +635,8 @@
</li>
<li class="md-nav__item">
<a href="#set-up-your-own-s3" title="Set up your own S3" class="md-nav__link">
Set up your own S3
<a href="#use-your-own-s3" title="Use your own S3" class="md-nav__link">
Use your own S3
</a>
</li>
......@@ -639,25 +675,21 @@
<h1 id="homelabos-backups">HomelabOS Backups</h1>
<p>HomelabOS automatically backs itself in a smart, incremental, encrypted way to any S3 compatible storage provider, using <a href="https://restic.net/">Restic</a>.</p>
<p>HomelabOS automatically backs itself in a smart, incremental, encrypted way to any S3 compatible storage provider, using <a href="https://restic.net/">Restic</a> and <a href="https://minio.io/">Minio</a>.</p>
<p>This is in addition to and separate from the Backup service included within HomelabOS, which backs up your personal computers to the HomelabOS servers.</p>
<h2 id="get-access-to-an-s3-bucket">Get access to an S3 Bucket</h2>
<p>Ideally you want your backups to be offsite, so an S3 bucket is not set up by default for you on your HomlabOS machine. Since we use encrypted backups, you can easily have a friend or enemy host an S3 server for you, and as long as they don't get your backup password, everything will be safe. We recommend generating a very secure password for your backup password.</p>
<p>Ideally you want your backups to be offsite, so really the best case scenario would be to find a friend also running HomelabOS, and trade S3 access with them.</p>
<p>Or you could pay Amazon and use their S3 service, if you're into that sort of thing.</p>
<h2 id="set-up-your-own-s3">Set up your own S3</h2>
<p>We recommend Minio.</p>
<pre><code>brew install minio/stable/minio
minio server /data
</code></pre>
<p>Create a bucket called <code>homelabos</code>.</p>
<h2 id="use-your-own-s3">Use your own S3</h2>
<p>This method is not recommended as it is backing up to yourself which is not very useful. The usefulness here comes from Restic's snapshotting. So while this won't give you an offsite backup, it will still provide timed snapshots to access old versions of files.</p>
<p>View your logs for the Minio service (homelabos_minio_1) and copy the AccessKey and SecretKeys out of the logs. Put these into your <code>host_vars/myserver</code> file under the <code>s3_access_key</code> and <code>s3_secret_key</code> variables. Now login to Minio at <code>http://minio.{{ domain }}/</code> with the same access and secret key values and create a bucket called <code>restic-backups</code>. Finally run <code>make update</code> to copy your new settings up to your HomelabOS server.</p>
<p>Of course keep in mind when self hosting your own S3, you likely want to keep good backups of the S3 data files as well.</p>
<h2 id="configure-the-backup-service">Configure the Backup Service</h2>
<p>Set your S3 path and keys in <code>host_vars/myserver</code>.</p>
<p>If you use minio for your S3 hosting, your s3_path should look something like <code>s3:http://192.168.1.212:9000/homelabos/</code></p>
<p>Set your S3 keys in <code>host_vars/myserver</code>.</p>
<p>Once these are set, HomelabOS will back up all it's core data every night at 4 AM.</p>
<h2 id="restoring-backups">Restoring Backups</h2>
<p>Let's say your machine gets wiped, or you want to migrate to a new machine. To restore your most recent backup, simply run <code>make restore</code>. Then proceed with the normal install step of running <code>make</code> and boom, you have all your data back with a fully working HomelabOS setup.</p>
<p>Alternatively you can work directly with the Restic backups through it's Docker shell. Using either <a href="../../software/portainer/">Portainer</a> or your server's CLI, once you gain access to the Restic shell, you can run commands like <code>restic snapshots</code> to list all your snapshots.</p>
......@@ -693,13 +725,13 @@ minio server /data
</a>
<a href="../../software/convos/" title="Convos" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<a href="../tor/" title="Tor Hidden Services" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Convos
Tor Hidden Services
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
......