Category Archives: Geekiness

samba machine visible on Windows Network

This has bothered me for ages, but today I worked it out.

I am using a docker image for samba (dperson/samba) and that works fine after a bit of work, but it always bothered me that I could not see the computer in the home network. I know it is more secure not to, but sometimes convenience wins.

I finally found the answer, and it is wsdd

I found an undocumented, wsdd docker image image with 500k downloads in docker hub but no documentation at all. This yaml was enough to allow me to call it what I wanted rather than it’s rather prosaic name and it came up INSTANTLY:

  wsdd:
    image: viniciusleterio/wsdd
    container_name: wsdd
    network_mode: host
    restart: always
    command: >
      -i eth0
      -n MyServerName

Multiple Paperless Instances

This nearly killed me, I thought I had nuked everything but in the end it was way easier and simpler than I had feared.

Assuming you used one of the default .yaml and .env files from the paperless-ngx github you first need to add a database. I use portainer so went to the db shell and then did this to log in, list them, create a new one, check it is there and quit:

psql -U paperless
\l
CREATE DATABASE mynewdb;
\l
\q
exit

Next I needed to make a new env file. I just Save As… with the existing one and called it docker-compose-mynewone.env and added these lines:

PAPERLESS_DBNAME=mynewdb
PAPERLESS_SECRET_KEY=an+all+new+random+set+of+characters
PAPERLESS_URL=https://mynewpapaerless.myfinedomain.com

The .yaml file needs one new section – I copied the webserver one and only changed these lines (the first instance is on 8010). The /1 on the end of the PAPERLESS_REDIS means use a second database and you need all new volumes or things go awry (I found this out the hard way).

  webserver-newone:
    ports:
      - "8011:8000"
    env_file: docker-compose-mynewone.env
    environment:
      PAPERLESS_REDIS: redis://broker:6379/1
    volumes:
      - data-new:/usr/src/paperless/data
      - media-new:/usr/src/paperless/media
      - ./export-new:/usr/src/paperless/export
      - ./consume-new:/usr/src/paperless/consume

You need to tweak the original webserver changing just this one line with the /0.

  webserver:
      PAPERLESS_REDIS: redis://broker:6379/0

Then yougo to the folder with the yaml in console, stop all the instances, pull a new one and create a superuser as per the usual, but with a minor difference (the new webserver name):

docker compose down
docker compose pull
docker compose run --rm webserver-newone createsuperuser
docker compose up -d

And that should be it!

Caddy, SEC_ERROR_UNKNOWN_ISSUER and TLS Internal

I have solved this before but forgot how. Maybe typing something will help me remember the next time.

I use Caddy in a docker container to reverse proxy around my docker box and other computers in my network. Something like this:

# test subdomain
test.mydomain.net {

        reverse_proxy http://10.10.10.15:8010
        tls internal
}

It always gives SEC_ERROR_UNKNOWN_ISSUER error and I can just accept this, which works for a while. Ideally you want it to just work, especially if you are setting up a site your 83 year old mum might access.

I had forgotten that if you want it to work, you need to add the subdomain to your DNS as an A record – and then remove TLS internal. Job done.

This does mean that anyone can hit that domain – which is fine in some cases and not fine in others. So I updated the internal only domains to this:

fileserver.mydomain.net {

        @denied not client_ip 10.10.10.0/16 172.26.0.0/12

        handle @denied {
                 abort
        }

        reverse_proxy http://10.10.10.15:8081
}

The 172.26 address comes from docker and I think it fails without it from memory.

Upsampling with squeezelite

I had Text-To-Speech (TTW) working really well with squeezelite and Home Assistant on a Raspberry Pi 3B with max2play (which now looks sadly defunct). I thought I would pep things up a bit and use a RPi4 elsewhere as a Speaker for HA so my music was not constantly destroyed.

Getting squeezelite to work was easy but could I get TTS to work? The mp3 file was created but squeezelite looped when trying to play it. Sad times.

I worked out that it played fine when the sample speed was increased and in all my searching hit upon the concept of “Upsampling”. Hmmm. Since I had originally used “apt get install sqeezelite -y” and found it hard to find any settings at all and had not yet really understood docker I took this opportunity to move to a docker setup. Happily one of the settings allowed the magic “Eq” that got things rolling along.

version: "3"

services:
  squeezelite-my-usb-dac:
    image: giof71/squeezelite:latest
    container_name: squeezelite
    devices:
      - /dev/snd:/dev/snd
    environment:
      - SQUEEZELITE_AUDIO_DEVICE="hdmi:CARD=vc4hdmi1,DEV=0"
      - SQUEEZELITE_NAME="Kitchen Panel"
      - SQUEEZELITE_SERVER_PORT=192.168.0.60
      - SQUEEZELITE_LOG_CATEGORY_ALL
      - SQUEEZELITE_MAC_ADDRESS="45:07:31:83:01:40"
      - DISPLAY_PRESETS=Y
      - SQUEEZELITE_PARAMS="80:4::"
      - SQUEEZELITE_UPSAMPLING="Eq"
    restart: unless-stopped

macvlan with docker and pihole

This web page (Set up a PiHole using Docker MacVlan Networks) is great and got me there, but here are notes on how I fixed it globally. I use many stacks.


You need MACVLAN network to fake an external IP for the DNS/DHCP server or it does not work (the requests don’t come through docker). But if you make a macvlan IP address, by design the host cannot see that IP address! You have to make a bridge.

If that bridge is local to the docker compose file, then only that stack can see it. For all stacks to see it you need to make a new macvlan and bridge network globally (I did this in portainer).

Steps to create:

1. Make a macvlan configuration

name: pihole-macvlan-config
Interface: eth0
IPV4 Subnet - 192.168.0.0/24	IPV4 Gateway - 192.168.0.1
IPV4 IP Range - 192.168.0.8/29	

2. Make the macvlan using that configuration (just select the configuration and give it a name)

name: pihole-macvlan
driver: macvlan

3. Set up the bridge

name: pihole-bridge
IPV4 Subnet - 10.123.0.0/24

4. In pihole set up the brige ip address.

    networks:
      pihole-macvlan:
        ipv4_address: 192.168.0.10
      pihole-bridge:
        ipv4_address: 10.123.0.2

5. Use nmtui to change the host “dockerbox” DNS to 10.123.0.2 and give it a fixed IP address. All the containers will look for that for the DNS but need pihole-bridge network to see it.

sudo nmtui

6. In each container that needs pihole you add the network pihole-bridge

e.g.

  tasmoadmin:
    container_name: tasmoadmin
    image: ghcr.io/tasmoadmin/tasmoadmin:latest
    volumes:
      - ./tasmoadmin-data:/data 
    ports:
      - 9541:80
    restart: unless-stopped
    depends_on:
      - homeassistant
    networks:
      - mqtt
      - pihole-bridge