Add netbox files

.gitignore

@@ -1,29 +1,50 @@
 */.env
 
+access-control-webhook/config/.ssh/
+access-control-webhook/config/hooks.json
+access-control-webhook/config/run/automation_rsa
+
 avahi-dns/services
 
 backrest/config/config.json*
 
 dnsmasq/conf/dnsmasq.conf
+dnsmasq/conf/hosts.d/
 
 glances/glances.conf
 glances/glances.pwd
 
-nginx-proxy-manager/config/
-nginx-proxy-manager/letsencrypt/
+grafana/config/grafana.ini
 
-redis/conf/
+home-assistant/config/
 
-upsd/config/
-*/.env
+influxdb/config/influx-configs
 
-home-assistant/config/
+invidious/config/config.yml
+invidious/config/sql/
+
+jellyfin/config/
+
+mopidy/conf/mopidy.conf
 
 mosquitto/config/mosquitto.conf
 mosquitto/config/mos_passwd
 
 mqtt-explorer/config/settings.json
 
+nginx-proxy-manager/config/
+nginx-proxy-manager/letsencrypt/
+
+redis/conf/
+
+rtlamr2mqtt/config.yaml
+
+telegraf/config/telegraf.conf
+
+upsd/config/
+
+wiki/config.yml
+
 zigbee2mqtt/data/configuration.yaml
 zigbee2mqtt/data/state.json
 zigbee2mqtt/data/database.db

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "db-backup"]
 	path = db-backup
 	url = https://github.com/romkey/hackstack-db-backup
+[submodule "auto_planka"]
+	path = auto_planka
+	url = https://github.com/romkey/auto_planka

CODE_OF_CONDUCT.md

@@ -0,0 +1,135 @@
+<!--
+SPDX-FileCopyrightText: 2014 Coraline Ada Ehmke
+SPDX-FileCopyrightText: 2019 Kattni Rembor for Adafruit Industries
+SPDX-License-Identifier: CC-BY-4.0
+-->
+
+# Adafruit Community Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and leaders pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level or type of
+experience, education, socio-economic status, nationality, personal appearance,
+race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+We are committed to providing a friendly, safe and welcoming environment for
+all.
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Be kind and courteous to others
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Collaborating with other community members
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and sexual attention or advances
+* The use of inappropriate images, including in a community member's avatar
+* The use of inappropriate language, including in a community member's nickname
+* Any spamming, flaming, baiting or other attention-stealing behavior
+* Excessive or unwelcome helping; answering outside the scope of the question
+  asked
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Promoting or spreading disinformation, lies, or conspiracy theories against
+  a person, group, organisation, project, or community
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate
+
+The goal of the standards and moderation guidelines outlined here is to build
+and maintain a respectful community. We ask that you don’t just aim to be
+"technically unimpeachable", but rather try to be your best self.
+
+We value many things beyond technical expertise, including collaboration and
+supporting others within our community. Providing a positive experience for
+other community members can have a much more significant impact than simply
+providing the correct answer.
+
+## Our Responsibilities
+
+Project leaders are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project leaders have the right and responsibility to remove, edit, or
+reject messages, comments, commits, code, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any community member for other behaviors that they deem
+inappropriate, threatening, offensive, or harmful.
+
+## Moderation
+
+Instances of behaviors that violate the Adafruit Community Code of Conduct
+may be reported by any member of the community. Community members are
+encouraged to report these situations, including situations they witness
+involving other community members.
+
+You may report in the following ways:
+
+In any situation, you may send an email to <support@adafruit.com>.
+
+On the Adafruit Discord, you may send an open message from any channel
+to all Community Moderators by tagging @community moderators. You may
+also send an open message from any channel, or a direct message to
+@kattni#1507, @tannewt#4653, @Dan Halbert#1614, @cater#2442,
+@sommersoft#0222, @Mr. Certainly#0472 or @Andon#8175.
+
+Email and direct message reports will be kept confidential.
+
+In situations on Discord where the issue is particularly egregious, possibly
+illegal, requires immediate action, or violates the Discord terms of service,
+you should also report the message directly to Discord.
+
+These are the steps for upholding our community’s standards of conduct.
+
+1. Any member of the community may report any situation that violates the
+Adafruit Community Code of Conduct. All reports will be reviewed and
+investigated.
+2. If the behavior is an egregious violation, the community member who
+committed the violation may be banned immediately, without warning.
+3. Otherwise, moderators will first respond to such behavior with a warning.
+4. Moderators follow a soft "three strikes" policy - the community member may
+be given another chance, if they are receptive to the warning and change their
+behavior.
+5. If the community member is unreceptive or unreasonable when warned by a
+moderator, or the warning goes unheeded, they may be banned for a first or
+second offense. Repeated offenses will result in the community member being
+banned.
+
+## Scope
+
+This Code of Conduct and the enforcement policies listed above apply to all
+Adafruit Community venues. This includes but is not limited to any community
+spaces (both public and private), the entire Adafruit Discord server, and
+Adafruit GitHub repositories. Examples of Adafruit Community spaces include
+but are not limited to meet-ups, audio chats on the Adafruit Discord, or
+interaction at a conference.
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. As a community
+member, you are representing our community, and are expected to behave
+accordingly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.4, available at
+<https://www.contributor-covenant.org/version/1/4/code-of-conduct.html>,
+and the [Rust Code of Conduct](https://www.rust-lang.org/en-US/conduct.html).
+
+For other projects adopting the Adafruit Community Code of
+Conduct, please contact the maintainers of those projects for enforcement.
+If you wish to use this code of conduct for your own project, consider
+explicitly mentioning your moderation policy or making a copy with your
+own moderation policy so as to avoid confusion.

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 John Romkey
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -2,130 +2,15 @@
 
 This repo configures a set of services that PDX Hackerspace uses to provide services for its members and for infrastructure, administration and yes, fun and entertainment.
 
-## Philosophy
+- [Philosphy and Design](docs/design.md)
+- [Examples](docs/examples.md)
+- [Installation](docs/installation.md)
+- [Core](docs/core.md)
+- [Home Assistant](docs/home-assistant.md)
+- [AI](docs/ai.md)
+- [Services](docs/services.md)
 
-1. Keep the underlying system hosting the servers as clean and unpolluted as possible. Whenever possible, install software in a container configured by this repository. The goal is to be able to easily spin up a new instance on a fresh server without having to do extensive configuration of the Linux system running the services.
+## Contributing
 
-2. Separate configuration, run time and persistent state, and logs. Store all of them consistently in order to make administration and backups as easy possible. Configuration is managed by this repository, with `.env` files holding configuration.
-
-  To this end, for each service we store:
-
-  configuration - `docker-compose.yml`, `.env` and configuration directories or files in its own directory in `/opt/docker`
-  run time and persistent state - `/opt/lib`
-  logs - `/opt/logs`
-
-3. Isolate services from the Internet, local network and one another whenever reasonable. While we are not going to heroic efforts to secure the services, isolation will help reduce the impact that a misbehaving service might have, and will reduce the likelihood of the service being susceptible to mischief.
-
-  To this end, whenever possible we do not expose container ports. In some cases (like dnsmasq or rsyslog) there's no choice, but whenever it's possible we route
-  traffic to the container through nginx-proxy-manager using a unique hostname, rather than directly expose them. This limits the
-
-4. Many Docker Compose projects bundle their own database or other services. We prefer to use a single instance of each flavor of database - this simplifies management and backup and reduces overhead. The potential drawbacks are single point of failure and version skew. Postgresql is a tank and is unlikely to be the point of failure. If it is, it needs to get fixed ASAP. And both Postgresql and Mariadb have good histories with backwards compatability.
-
-## Caveats
-
-While we have tried to minimize dependencies on absolute pathnames, there may be places that we missed.
-
-We've also tried to organize things so that `docker-compose.yml` files don't need to be modified but there may be places where this is unavoidable.
-
-We're running on Debian 12 (bookworm) server with no GUI and as few extra packages installed as possible. This is unlikely to work on macOS or Windows without modification.
-
-## Installation
-
-First, install [Docker Engine](), [Docker CLI]() and [Docker Compose]() on your system.
-
-## Services
-
-### Core Services
-
-These are essential services (like databases and reverse proxies) that other services use. 
-
-#### avahi-mdns
-
-[Avahi mDNS server](https://avahi.org) - implements [RFC 6762 Multicast DNS](https://www.rfc-editor.org/rfc/rfc6762),
-which is well supported and used commonly by Apple products. This allows us to use the .local domain
-and allows services to advertise their availability.
-
-Not currently in use, unlikely to work correctly, on the TODO list
-
-### backrest
-
-[backrest](https://github.com/garethgeorge/backrest) - web UI to [Restic](https://restic.net) back up software. We use
-this to back up files to the NAS.
-
-By default we give backrest sweeping access to the filesystem so that it can not only backup the state of these services, but the configuration and user files of the Debian server we host the services on.
-
-### cloudflare-ddns
-
-[cloudflare-ddns](https://github.com/oznu/docker-cloudflare-ddns) Updates a Cloudflare domain name when our IP address changes. We make a number of services available to members 
-
-### db-backup
-
-
-### dns-masq
-
-[dns-masq](https://thekelleys.org.uk/gitweb/?p=dnsmasq.git) is a lightweight DNS server and DHCP server. We only use currently only use its DNS functions.
-
-We use dnsmasq to provide name service for the 
-
-### glances
-
-System monitoring
-
-### mariadb
-
-Mariadb (successor to MySQL)
-
-### mdns-repeater
-
-Repeats mDNS traffic between a network interface and a Docker network. Allows containers to use private Docker networking instead of host network mode.
-
-### nginx-proxy-manager
-
-
-
-### portainer
-
-### postgresql
-
-Postgresql database
-
-### redis
-
-
-### upsd
-
-UPS monitor and NUT (Network UPS Tool)
-
-### watchtower
-
-Automatically attempt to update docker containers when new images are released
-
-## Home Assistant-related services
-
-We prefer to run things like Mosquitto and Zigbee2MQTT separately from Home Assistant. This gives us more flexibility
-in how we manage those services, which may also be u
-
-### ESPHome
-
-### Home Assistant
-
-### Matter
-
-### Mosquitto
-
-### Mosquitto Management Center
-
-### MQTT Explorer
-
-### OpenWakeWord
-
-### Piper
-
-### rtlamr2mqtt
-
-### Whisper
-
-### Zigbee2MQTT
-
-## AI/LLM
+## License
 

access-control-webhook/.env.example

@@ -0,0 +1 @@
+TZ=America/Los_Angeles

access-control-webhook/Dockerfile

@@ -0,0 +1,3 @@
+FROM thecatlady/webhook
+
+RUN apk add openssh

access-control-webhook/config/hooks.json.example

@@ -0,0 +1,20 @@
+[
+  {
+    "id": "R2Ma9QajdjA8_L.K*HHphAoorUaV6esw",
+    "execute-command": "/config/run/update-access-control.sh",
+    "command-working-directory": "/tmp",
+    "include-command-output-in-response": true,
+    "include-command-output-in-response-on-error": true,
+    "trigger-rule":
+        {
+          "match": {
+              "type": "value",
+              "value": "3fg8A@bH4bnm.9Kg",
+              "parameter": {
+		  "source": "url",
+		  "name": "sekrit"
+	      }
+	  }
+	}
+  }
+]

access-control-webhook/config/run/update-access-control.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/ssh -fi /config/run/automation_rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa -o HostKeyAlgorithms=+ssh-rsa -o StrictHostKeyChecking=accept-new root@192.168.15.32 force command