matt/echo6-docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migration: consolidate Echo6 docs to cortex with full infrastructure cleanup sync

Browse source 
- Documents recent infrastructure cleanup (8 CTs destroyed, 35 DNS records removed, Headscale cleanup)
- Adds 24 new runbooks covering Authentik, PeerTube, Meshtastic, RECON, Proxmox, Mailcow, Internet Archive, GPU routing
- Adds project documentation for headscale, vaultwarden, peertube, matrix, mmud, advbbs, arr stack
- Updates services.md, environment.md, caddy.md, authentik.md to match live infrastructure
- Removes 4 deprecated runbook duplicates (canonical versions live in projects/)
- Adds .gitignore for binary archives and editor temp files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matt Johnson 2026-04-13 06:02:16 +00:00
commit e9231ac24a
93 changed files with 51223 additions and 254 deletions
Download patch file Download diff file Expand all files Collapse all files

201
runbooks/pi-nas-omv-runbook.md Normal file
View file

@ -0,0 +1,201 @@
# Pi 5 NAS — OMV Provisioning Runbook
SSH into the Pi. The Pi should already be booted with Raspberry Pi OS Lite, Ethernet connected, Radxa Penta SATA Hat installed.
---
## 1. Update + Install OMV
```bash
sudo apt update
sudo apt upgrade -y
wget -O - https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install | sudo bash
```
This takes ~5 minutes. Reboot when done:
```bash
sudo reboot
```
---
## 2. Enable PCIe Port
SSH back in after reboot. Drives won't show up until the PCIe port is enabled.
```bash
sudo tee -a /boot/firmware/config.txt > /dev/null << 'EOF'
# Radxa Penta SATA Hat — enable PCIe Gen 3
dtparam=pciex1
dtparam=pciex1_gen=3
EOF
sudo reboot
```
---
## 3. Verify Drives
SSH back in and confirm all four drives are visible:
```bash
lsblk
```
Expected output (one per drive bay):
```
sda
sdb
sdc
sdd
```
If any are missing, check SATA cable seating on the Radxa hat and verify the PCIe lines were added to config.txt.
---
## 4. Standard Baseline (zvx user, sshpass, Tailscale)
If the Pi wasn't flashed with the zvx user via Raspberry Pi Imager, create it now:
```bash
sudo useradd -m -s /bin/bash -G sudo zvx
echo "zvx:7redditGold" | sudo chpasswd
```
Install sshpass and Tailscale:
```bash
sudo apt install -y sshpass
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up --ssh
```
---
## 5. Configure OMV via Web UI
Open a browser and go to the Pi's IP address. Default login:
- **Username:** `admin`
- **Password:** `openmediavault`
Change the admin password immediately.
### Format Drives (ext4, no RAID)
Each drive is used individually — no RAID array.
1. **Storage → Disks** — confirm all 4 drives appear
2. **Storage → File Systems** — for each drive:
- Click **Create**
- Select the drive (sda, sdb, sdc, sdd)
- Type: **ext4**
- Label them something useful (e.g., `bay1`, `bay2`, `bay3`, `bay4`)
- Click **Save**, then **Mount** each one
3. **Apply** pending changes when prompted
### Create Shared Folders
1. **Storage → Shared Folders** — create a folder on each drive as needed, e.g.:
- `share1` on `bay1`
- `media` on `bay2`
- `proxmox-storage` on `bay3`
- `backup` on `bay4`
- (adjust names/layout to your needs)
2. Set permissions: **Administrator: read/write, Users: read/write, Others: read-only** (or as desired)
### Enable SMB (Windows Shares)
1. **Services → SMB/CIFS → Settings** — toggle **Enabled**, click **Save**
2. **Services → SMB/CIFS → Shares** — click **Create** for each shared folder you want accessible from Windows:
- Select the shared folder
- **Public:** No
- **Browseable:** Yes
- Click **Save**
3. **Apply** pending changes
### Enable NFS (Proxmox CT Storage)
1. **Services → NFS → Settings** — toggle **Enabled**, click **Save**
2. **Services → NFS → Shares** — click **Create** for each folder Proxmox needs:
- Select the shared folder (e.g., `proxmox-storage`)
- **Client:** your Proxmox subnet, e.g., `192.168.1.0/24`
- **Privilege:** Read/Write
- **Extra options:** `subtree_check,insecure,no_root_squash`
- Click **Save**
3. **Apply** pending changes
`no_root_squash` is needed because Proxmox CTs write as root. `insecure` allows connections from ports >1024 which some NFS clients use.
### Create OMV User (for SMB access)
1. **Users → Users** — click **Create**
- **Name:** `zvx`
- **Password:** `7redditGold`
- **Groups:** add to `users`
2. **Save** and **Apply**
This user is for SMB authentication. The Linux `zvx` user created earlier is separate from the OMV web UI user system.
---
## 6. Connect from Windows
From a Windows machine on the same network:
```
\\<NAS-IP>\share1
```
Or map as a network drive. Authenticate with `zvx` / `7redditGold`.
---
## 7. Connect from Proxmox
On the Proxmox host, add the NFS share as storage:
**Datacenter → Storage → Add → NFS:**
- **ID:** `nas-storage` (or whatever)
- **Server:** NAS IP address (or Tailscale IP)
- **Export:** `/export/proxmox-storage` (check exact path with `showmount -e <NAS-IP>` from Proxmox)
- **Content:** select what you'll store (Disk image, Container, ISO image, Snippets, Backups, etc.)
Or via CLI on the Proxmox host:
```bash
# Verify the NFS export is visible
showmount -e <NAS-IP>
# Add to Proxmox storage config
pvesm add nfs nas-storage \
--server <NAS-IP> \
--export /export/proxmox-storage \
--content images,rootdir,vztmpl,backup,iso \
--options vers=4
```
---
## 8. Verification Checklist
```bash
echo "=== Pi NAS Provisioning Check ==="
echo ""
echo "Hostname: $(hostname)"
echo "User zvx: $(id zvx 2>/dev/null && echo 'OK' || echo 'MISSING')"
echo "sshpass: $(which sshpass >/dev/null 2>&1 && echo 'OK' || echo 'MISSING')"
echo "Tailscale: $(tailscale status --self 2>/dev/null | head -1 || echo 'NOT CONNECTED')"
echo "Tailscale IP: $(tailscale ip -4 2>/dev/null || echo 'N/A')"
echo "OMV: $(systemctl is-active openmediavault-engined 2>/dev/null || echo 'NOT RUNNING')"
echo "PCIe: $(grep -q 'dtparam=pciex1' /boot/firmware/config.txt && echo 'ENABLED' || echo 'DISABLED')"
echo "Drives: $(lsblk -d -n -o NAME | grep '^sd' | wc -l) detected"
echo "SMB: $(systemctl is-active smbd 2>/dev/null || echo 'NOT RUNNING')"
echo "NFS: $(systemctl is-active nfs-server 2>/dev/null || echo 'NOT RUNNING')"
```