• Backups
• Cox home network facts
• Dotfiles
  • Neovim's Lazy.vim
  • Zsh
    • OS Detection
    • Parsing options
    • Startup performance
• Email
  • Running sieve locally
  • Sieve
• Fun Holidays
• Gaming
  • Mobile Games
• Gaming PC Hardware
• Gitlab
  • Automatically adding UptimeRobot to Gitlab's monitoring whitelist with ansible
  • Caching CI stuff with Minio
  • Fixing SAML association for a Gitlab user
  • Having a little fun with Gitlab's join date
• Good RFC
• Homelab
  • AUR Repo
  • Bootstrap
    • (NAS) Garage S3
    • Dedicated Server
    • IOFlood (Netherite)
    • Soft Serve
    • Synology NAS
    • ntfy.sh
  • Step-CA
  • Tech Stack
  • VLANs
• IPv6
• Kubernetes
  • Get Root CA
  • New SSH Fingerprints to Flux
  • Talos OIDC setup
• Linux
  • Backups
  • Desktop Customization
  • Disabling WiFi
  • Getting disk serial number
  • Monitoring
  • Non-root users can ping
  • Pacman hooks
  • PowerDNS administration
  • Reboot Criteria
  • Systemd version via DBus
  • Text-to-speech locally
• MacOS
  • Local backups
• Meta - Digital Garden
• Meta - Test Page
• OpenID Connect
• Packing List
• Ruby
  • Fixing Fakeweb & Coveralls conflict
  • Generating a webpage screenshot
• SQLite Booleans
• Security
  • Password reset via HMAC
• Smarthome
• Web Design
  • Icon Libraries
  • SVG Icons
  • Various Ideas

Notes on how I set up my Synology NAS

Mostly for future me, but perhaps others will appreciate some of the methods described here.

Overview

1. Get it set up through the usual welcome wizard. btrfs is awesome.
2. Connect it to my VPN, Tailscale.
3. Do some manual configuration to get ansible management working
4. Then do some prep work for remote management of the Docker daemon
5. And lastly, prepare a user to own the files of the borg repositories

TODO docs

• user for home assistant backups
• nfs access from the servers
• ntp server since Ubiquiti decided that’s too hard (unifi gateways don’t have one)
• firewall, some rules
• LED schedule
• beep at 9am weekdays

Details

• Configured an admin user, ansible-admin. Manually logged in as my personal admin account
  to authorize the shared ansible administrative SSH key.

• Give that account root via sudo. (e.g. put it into the administrators group)

  • Which means a password is set for the account, I can’t use the pam module

• Set up SynoCommunity in the package center

  • Installed python3.x from SynoCommunity for ansible
  • Installed synocli-net so I have socat
  • Installed borg so backups work (borg runs borg over ssh)

• Installed tailscale

• Added a bootup script to fix/grant Tailscale network interface, tailscale0

• Afterwards, added another bootup script to expose the docker socket over the VPN:

  socat tcp-listen:2375,bind=$(tailscale ip -1),fork unix-connect:/var/run/docker.sock
  

• Create a “cyborg” (fun name, lol) user to be the filesystem owner of the borg repositories

• Set up Garage to serve S3 contents