Table of Contents
First, purchase the following:
- a Raspberry Pi 4
- an SD card (8+ Gb but 16+ is preferable)
- optionally at least one hard drive or USB key to store all that data
Note: The extra storage is strongly encouraged because SD cards are not designed to be constantly written to and degrade quickly.
Flash the SD card with Raspberry PI OS Lite
The Lite version is recommended because we will not need a user interface, screen, a web browsers, etc.
The services can optionally be customized by editing the yaml files in ./deployments.
Note: If you change any of the usernames or passwords in the yaml files you will need to completely reset.sh because both the database and nextcloud server read the environment variables only when their data directories are empty.
The installation is mostly automated using the install.sh script. So far it has been tested on Ubuntu but Pull Requests are welcome!
In general the steps are:
- Configure SD card (optionally inject WiFi and ssh keys)
- ssh into machine and install OS dependencies
- Install packages that reduce the churn on the SD card
- Install local helpers (k3sup)
- Install k3s
- Verify k3s is up
- Mount storage drive (so SD card lasts longer)
- Deploy apps to k3s
- Start proxy tunnel for Cluster dashboard
- Perform backup
- Uninstall apps
Once the apps are deployed, visit https://cloud (or https://cloud.local or https://cloud.lan). Sign in with username admin
and password password
unless you changed it earlier.
You can SCP the backup.sh file to the server and run it to perform a backup.
It backs up the following:
- the Postgres database for nextcloud
- all volumes in the cluster
- the k8s configuration (including secrets and keys)
To optionally back up the SD card perform the following:
- turn off the pi
- remove the SD card and insert it into a laptop
- use the "Disk Utility" to resize the main partition down to around 4Gb. If you skip this then the image will be however large your SD card is
- run
sudo dd status=progress if=/dev/sdX | gzip > cloud-backup.img.gz
where sdX is your SD card. Sometimes it is/dev/mmcblk0
- run
sudo dd status=progress if=/dev/sdX bs=1M count=5120 | gzip > cloud-backup.img.gz
to limit the image size to 5GB (assuming you shrunk it in the Disk Utility) https://stackoverflow.com/a/26909977 - resize the partition back to the full size using the "Disk Utility"
Install the following Nextcloud Apps by clicking your login on the top-right and then clicking "Apps":
Then, on your Android phone, install the following:
- NextCloud
- DAVx5 and configuration instructions
- Etar Calendar
- Tasks
- Notes
- Set your seedvault backup to use nextcloud too!
- Passman. Instructions because passman needs a root CA and some type of domain (e.g.
.lan
):- Ensure
cloud.lan
resolves by your router - Copy the tls-root-ca.crt to your Android phone's "Download" directory
- On android, visit Settings -> Security -> Encryption & Credentials -> Install a certificate -> CA certificate
- select the tls-root-ca.crt file
- In Passman, use the URL
cloud.lan/nextcloud
- To debug:
- To verify the root CA works, try visiting https://cloud.lan in Chromium. You should not need to accept a certificate
- use
adb logcat
to view client logs andtail -f ./data/nextcloud.log
by clickingExec
on anextcloud-server
instance in the Kuberneted Dashboard (run theproxy
command in the CLI to start it up) - To use a different TLD other than
.lan
, search-and-replace.lan
in this repo
- Ensure
(steps)
curl -SLfs https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install | sudo bash -x
# Set the port to something other than 80: https://openmediavault.readthedocs.io/en/5.x/various/advset.html
omv-firstaid
sudo reboot # important for the nfs service to start up
Your phone can connect to https://cloud
from another location if you have one other machine:
- Enable ssh access to your home network. This usually involves setting up your router to talk to a DDNS provider and then enabling port forwarding on your router to a bastion machine inside your network.
- Forward the port to a local machine:
sudo ssh -i ~/.ssh/id_rsa -L 0.0.0.0:cloud:443 [email protected]
The 0.0.0.0 ensures other devices can see the local port and thesudo
allows you to listen to ports below 1024 - Set the hostname of your laptop to be
cloud
There are 4 causes for not finding the cloud:
- the pi is not powered on. Check for a light
- the Operating System is not properly flashed onto the SD card. Plug it into a computer and run the install script.
- The WiFi information is incorrect. Re-run the script or use an ethernet cable to plug the pi directly into the router
Some modern routers do not support local DNS so you may need to associate the name cloud
with the IP address your router gives the machine. Here's how it's done with some common routers:
https://www.scivision.dev/raspberry-pi-wifi-avahi/
Use this command to find all the machines on the network (might need to run a couple of times because of timeouts) nmap -sn 192.168.1.0/24 | grep cloud
This is not super useful but shows all the zeroconf computers on your network:
avahi-browse --all --terminate --resolve
error: yaml: line 30: mapping values are not allowed in this context
: Set KUBECONFIG= to the absolute path to thekubeconfig
files (generated during thek3sup install ...
step)- If you see "Service Unavailable" then kubernetes may still be downloading images. Check the dashboard to see the status
- If you see "Bad Gateway" nextcloud may still be starting up (it took 3 minutes for me).
- See the logs in the dashboard by clicking the
nextcloud-server-a1b2c3
Pod (not Deployment) and then clicking the Logs button - The logs will end with
AH00163: Apache/2.4.38 (Debian) PHP/7.4.16 configured -- resuming normal operations
when it is complete
- See the logs in the dashboard by clicking the
- If you get a browser error then try running
ping cloud.local
. If there is no answer then use the pis hostname and update thenextcloud-ingress.yaml
andnextcloud-server.yaml
files.
If it does not load up you can view the logs by visiting the k8s dashboard,
photoprism no longer builds 32-bit and 64-bit images under the same name. That means that 64-bit images can be referenced by immutable tags while the 32bit image needs to use the armv7 tag
photoprism/photoprism:20211203 # This is the last version that works with 32bit and 64bit raspberry pi
Run php occ log:watch
as the www-data
user. Open a shell to nextcloud-server instance and run:
su www-data -s /bin/bash
cs /var/www/html/
php occ log:watch # <-- shows stack traces