oscarb pad

Guides, resources, notes, docs and knowledge for everything Oscar.

Tags

Synology DiskStation Guide

Device information

DS713+

CPU Model: Intel Atom D2700 x86_64 
GHz: 2.13 
Cores: 2 
Threads: 4 
FPU: yes 
Package Arch: x86 cedarview 
RAM: 64-bit@DDR3 1GB

DS718+

CPU Model: Intel Celeron J3455 x86_64 
GHz: 2.13 
Cores: 4
Threads: 4 
FPU: yes 
Package Arch: x86 Apollolake 
RAM: DDR3L SO-DIMM 2GB

Shell commands

Command Description
sudo -i Enter root
rm -rf mydir Remove directory
ssh -i ~/.ssh/id_rsa admin@ds713 Log in using key
synoservice --restart pkgctl-Docker Restart Docker
chmod +x script.sh Make script executable
sudo synoservicectl --restart sshd Restart SSH
sudo -E docker-compose up -d Start Docker containers
sudo -E docker-compose up -d --force-recreate Recreate Docker containers

Prerequisites

Bootstrap

ipkg

See http://rescene.wikidot.com/synology-ipkg

opkg

Option A. See Optware replacement - 1700+ packages (arm & x86) - Synology Forum

Option B. Use Easy Bootstrap Installer in Package Center. opkg will be avialable for root only.

Access folders in Windows

  1. Create shared folders for each folder that should be accessable in Windows (disable recycle bin, hide in “My Network Places”, hide for users without permissions)
  2. Create a shared folder named samba (not hidden in “My Network Drives”)
  3. Enable SSH (Control Panel > Terminal & SNMP) with High security level
  4. Verify SMB is enabled (Control Panel > File Services > SMB)
  5. In Windows, open open any folder and browse to \\ds713
  6. Right-click the folder samba and then Map Network Drive
  7. Modify the script below and save it on the NAS. Make sure line endings are LF

  8. Create a triggered task (Control Panel > Task Scheduler)

    Task: Mount folders
User: root
Event: Boot-up
Command: `/volume1/scripts/boot-up/mount-folders.sh`
Send run details when the script terminates abnormally
  9. Make script executable
  10. Create empty folders in samba for each folder you want access to

mount-folders.sh

#! /bin/sh

mount /volume1/apps/ /volume1/samba/apps --bind
mount /volume1/downloads/ /volume1/samba/downloads/ --bind
mount /volume1/scripts/ /volume1/samba/scripts/ --bind
mount /volume1/web/ /volume1/samba/web/ --bind

Installing packages

Package Center

DSM > Package Center

Allow installation from any publisher

Package sources

Name Location
Synocommunity http://packages.synocommunity.com
CPH http://www.cphub.net
PC Load Letter http://packages.pcloadletter.co.uk/
Missile Hugger http://packages.missilehugger.com
Chicken and Porn http://spk.chickenandporn.com/

https://think.unblog.ch/en/how-to-install-nano-on-synology-nas/

Debian chroot

ipkg

ipkg update
ipkg install nano

Docker

Updating docker containers

  1. Download latest image
  2. Stop container
  3. Clear container
  4. Start container

pip

opkg

Option A - see Optware replacement - 1700+ packages (arm & x86) - Synology Forum

Option B - use Easy Bootstrap Installer in Package Center. opkg will be avialable for root only.

Email with sSMTP

Config: /etc/ssmtp/ssmtp.conf or in DSM settings (Notifications) when SMTP config is used

Transmission

Config

sudo less /volume1/@appstore/transmission/var/settings.json

Updating DSM

When DSM is updated, sometimes access to ipkg and optware is lost.

Access ipkg and optware after DSM update

  1. /opt/bin/nano /etc/profile
  2. Add to the bottom of the file 
    PATH=$PATH:/opt/bin:/opt/sbin # Keep bootstrap on update
PATH=$PATH:/volume1/@appstore/python/bin/ # Add Python binaries to PATH
export PATH
  3. source /etc/profile
  4. Repeat from step 1 for /root/.profile
  5. Verify with ipkg -v
  6. Run ipkg update

Sources

Verify

Autostart script

See /etc/rc.local

pip

pip install pip --upgrade

FlexGet

flexget --version
pip install flexget --upgrade
flexget -c /volume1/apps/flexget/config.yml check
flexget -c /volume1/apps/flexget/config.yml --test execute
more /volume1/apps/flexget/flexget.log | grep WARNING
more /volume1/apps/flexget/flexget.log | grep ERROR
more /volume1/apps/flexget/flexget.log | grep CRITICAL

Subliminal

subliminal --addic7ed oscarb {ADDIC7ED_PASSWORD} --cache-dir /volume1/apps/subliminal/ download --language en --provider addic7ed --provider podnapisi --provider opensubtitles --provider subscenter --provider thesubdb --provider tvsubtitles  --age 2d /volume1/downloads/tv/

Verify after power outage

Measure internet speed

Bredbandskollen

  1. Download the CLI script, wget https://frontend.bredbandskollen.se/download/bbk_cli_linux_i386-1.0
  2. Make executable, chmod +x bbk_cli_linux_i386-1.0
  3. Run, ./bbk_cli_linux_i386-1.0

Login with SSH keys

  1. Install PuTTYGen
  2. Generate SSH-2 RSA 1024 bit keys
  3. Login as admin
  4. mkdir ~/.ssh
  5. echo "public key from PuTTy" >> ~/.ssh/authorized_keys
  6. chmod 700 ~/.ssh
  7. chmod 600 ~/.ssh/authorized_keys
  8. chmod 700 ~
  9. Save private key
  10. Create new PuTTY session
  11. Auto-login as admin (Connection > Data)
  12. Load private file (Connection > SSH > Auth)

Disable password login in /etc/ssh/sshd_config:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

Restart SSH from DSM.

Source: Disallow logging in to a Synology DiskStation with passwords & only allow logging in via SSH keys

Troubleshooting

Check logs

sudo /bin/sshd -d -p 1234

Fix owenership and permissions

Use chmod and chown to set up correct ownership and permissions.

https://superuser.com/a/1559867

Quick access in Start Menu

  1. Open C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
  2. Copy and paste the PuTTy shortcut

  3. Modify properties

     Target: "C:\Program Files (x86)\PuTTY\putty.exe" -load "<session-name>"

Resources

node.js projects

See list of connected devices from ASUS router

ssh -i /volume1/homes/admin/.ssh/tatanga-private-key  rt-ac68u-oscar@192.168.1.1 "/usr/sbin/nvram get client_info_tmp"

Findings

To research

Problems and solutions

Stop indexing on boot-up

Permission denied within Docker containers

Try setting PUID and PGID to the id:s of the user and group that has permission to read/write the files. Could also be USER_ID and GROUP_ID respectively.

Insufficient capacity for upgrade

See available space on system partition

df -h

See disk usage for directories

du -achx --max-depth=1 /

Narrow down and remove unused large directories and files

Resources

Reindex media folders

 synoindex -R /volume1/path/to/media/folder

MagicMirror

https://github.com/MichMich/MagicMirror

Modules
https://github.com/MichMich/MagicMirror/wiki/3rd-party-modules
https://github.com/MichMich/MagicMirror/wiki/legacy-modules

Modules to look into:
https://github.com/eouia/MMM-Glance
https://github.com/boghammar/MMM-SL-PublicTransport
https://github.com/Blastitt/DailyXKCDß

https://documenter.getpostman.com/view/6167403/Rzfni66c?version=latest

Home Assistant

Configuring UI

Installation using Docker

  1. Go to registry, find and download homeassistant/home-assistant with the tag latest
  2. Wait until a notification shows that the download is completed
  3. Create a folder for config, e.g. /voluem1/apps/home-assistant/config
  4. Go to image and launch home-asssistant
    • Enable auto-restart
    • Create shortcut on desktop, web page: http://ds718:8123
    • Add config folder and map it to /config
    • Check Use same network as Docker Host
    • Add environment variable with name TZ and value Europe/Stockholm
  5. Start and enjoy!

Updating Home Assistant using Docker

  1. Go to the Docker-app, then Registry
  2. Download homeassistant/home-assistant. Choose the “latest” tag.
  3. Wait until notification comes up, that the download is finished (there is no progress bar)
  4. Move to Container and stop the container if it’s running
  5. Right-click on it and select “Action”->“Clear”. You won’t lose any data, as all files are stored in your config-directory
  6. Start the container again - it will then boot up with the new Home Assistant image

Setup external access over HTTPS

  1. Setup a CNAME record for the subdomain pointing to the DDNS
  2. Create a reverse proxy (Control Panel > Application Portal > Reverse Proxy)
    • Description: Home Assistant Reverse Proxy
    • Source
      • Protocol: HTTPS
      • Hostname: subdomain.domain.com
      • Port: 443
    • Destination
      • Protocol: HTTP
    • Hostname: 192.168.1.18
    • Create a custom header for websocket
    • In advanced settings, set proxy read timeout to 86400
  3. Setup firewall (Control Panel > Security > Firewall)
    • HTTPS, Reverse proxy TCP64.233.160.0 - 64.233.191.255
    • HTTPS, Reverse proxy TCP66.102.0.0 - 66.102.15.255
    • HTTPS, Reverse proxy TCP66.249.64.0 - 66.249.95.255
    • HTTPS, Reverse proxy TCP72.14.192.0 - 72.14.255.255
    • HTTPS, Reverse proxy TCP74.125.0.0 - 74.125.255.255
    • HTTPS, Reverse proxy TCP209.85.128.0 - 209.85.255.255
    • HTTPS, Reverse proxy TCP216.239.32.0 - 216.239.63.255
    • Web Station (80) TCP All
  4. Port-forward 80 to DiskStation 80 temporarily to get certificate
  5. Setup SSL Certificate (Control Panel > Security > Certificate)
  6. Add a new certificate
  7. Get a certificate from Let’s encrypt
    * Provide DDNS address as subject alternative name
  8. Configure the certificate created:
    * Set the certificate for the service corresponding to the reverse proxy
  9. Port-forward 443 to 443 on Diskstation

TODO
Update cert regularily

Adding Google Home integration

  1. Create a project on Google Cloud Platform
  2. Enable HomeGraph API for that project on Google Cloud Platform
  3. Create an API key for that project
  4. Create a new project in the Actions on Google console
    • Choose the project created earlier
    • Choose Smart home
    • Go to Build your Action, then Add Action(s)
    • Fullfilment: https://sub.domain.se/api/google_assistant
  5. Setup account linking
  6. Leave it at default No, I only want to allow account creation on my website
  7. Set linking typ to OAuth and Authorization code
  8. Client information
    Client ID: https://oauth-redirect.googleusercontent.com/
    Client secret: Anything you like, Home Assistant doesn’t need this field
    Authorization URL: https://sub.domain.com/auth/authorize
    Token URL: https://sub.domain.com/auth/token
  9. Add scope email and name
  10. Do not check Google to transmit clientID and secret via HTTP basic auth header
  11. Enter anything for test instructions, app won’t be submitted
  12. Test the action to have a draft version created of the test app

  13. Update Home Assistant config:

     # Example configuration.yaml entry
 google_assistant:
   project_id: YOUR_PROJECT_ID
   api_key: YOUR_API_KEY
   exposed_domains:
     - switch
     - light
   entity_config:
     switch.kitchen:
       name: CUSTOM_NAME_FOR_GOOGLE_ASSISTANT
       aliases:
         - BRIGHT_LIGHTS
         - ENTRY_LIGHTS
     light.living_room:
       expose: false
       room: LIVING_ROOM
     group.all_automations:
       expose: false
  1. Open the Google Home app and go to Account > Settings > Assistant > Home Control
  2. Click the + to add device [test} Home Assistant and login to HA

Add support for others to control…

  1. Go to the settings for the project you created in the Actions on Google console.
  2. Click Test -> Simulator, then click Share icon in the right top corner. Follow the on-screen instruction:
  3. Add team members: Got to Settings -> Permission, click Add, type the new user’s e-mail address and choose Project -> Viewer role.
  4. Copy and share the link with the new user.
  5. When the new user opens the link with their own Google account, it will enable your draft test app under their account.
  6. Have the new user go to their Google Assistant app to add [test] your app name to their account.

Philips TV

Turning on using Home Assistant and CURL:

switch:
  - platform: command_line
    switches:
      philips_home:
        command_on: "curl -X POST --digest --insecure -u philips_tv_username:philips_tv_password https://192.x.x.x:1926/6/input/key -d '{key:Home}'"
        command_off: "curl -X POST --digest http://192.x.x.x:1926/6/input/key -d '{none:none}'"

BitWarden

dani-garcia/bitwarden_rs: Unofficial Bitwarden compatible server written in Rust

Installation instructions

YubiKey support

Mosquitto

Installation

  1. Install Community Packages Source: https://synocommunity.com/#easy-install
  2. Search in Community and install Mosquitto

Configuration

/volume1/@appstore/mosquitto/var/mosquitto.conf

Add users

cd /volume1/@appstore/mosquitto
sudo ./bin/mosquitto_passwd -b ./var/password_file username password

References

Tellstick

Installation

Docker: molobrakos/tellsticknet

Volume mapping
apps/tellsticknet/.conf/tellsticknet.conf <- /app/tellsticknet.conf
apps/tellsticknet/.conf/mosquitto_pub <- /app/.config/mosquitto_pub

Usage

python -m tellsticknet

or

./script/tellsticknet

Usage:
  tellsticknet (-h | --help)
  tellsticknet --version
  tellsticknet [-v|-vv] [options] discover
  tellsticknet [-v|-vv] [options] listen [--raw]
  tellsticknet [-v|-vv] [options] devices
  tellsticknet [-v|-vv] [options] sensors
  tellsticknet [-v|-vv] [options] send <name> <cmd> [<param>]
  tellsticknet [-v|-vv] [options] send <protocol> <model> <house> <unit> <cmd>
  tellsticknet [-v|-vv] [options] mqtt
  tellsticknet [-v|-vv] [options] mock
  tellsticknet [-v|-vv] [options] parse
  
Options:
  --ip <ip>             IP of Tellstick Net device
  --raw                 Print raw packets instead of parsed data
  -h --help             Show this message
  -v,-vv                Increase verbosity
  -d                    Debug
  --version             Show version

Python

Python 3

/volume1/\@appstore/python3/usr/bin/python3

pip

/var/packages/python3/target/bin/pip3

VS Code server

https://stackoverflow.com/a/69633630