<hidden For Admin only>
====== Nostovo ======
====== LDAP server ======
<WRAP alert>
FIXME Synology Docker GUI can't start containers with option to propagate host's hostname inside docker network
<code bash>--add-host=host.docker.internal:host-gateway</code>
workaround is to add host's IP manually [ must be run from inside of container ]
<code bash>
# echo "172.17.0.1      nostovo.arnostdudek.cz" >> /etc/hosts
</code>
</WRAP>
  - login do DSM UI
  - //Centrum balicku// -> nainstalovat //LDAP server//
  - v nastaveni LDAP serveru zvolime jako //Provider//
    * FQDN je domenove jmeno [ je nutne platne kvuli platnosti certifikatu ]
    * v //Nastaveni pripojeni// zakazeme anonymniho uzivatele a vynutime sifrovani [ nutne kvuli bezpecnosti, hesla jsou prenasena nesifrovane ]
  - pridame pozadovane uzivatele

<WRAP tip>
pro testovani nainstalujeme klienta pro prikazovou radku
<code bash>
$ sudo dnf install openldap-clients
</code>
a zkusime vypsat obsah adresare
<code bash>
$ ldapsearch -x -LLL -H "ldaps://nostovo.arnostdudek.cz" -D "uid=root,cn=users,dc=nostovo,dc=arnostdudek,dc=cz" -W -b"cn=users,dc=nostovo,dc=arnostdudek,dc=cz"
</code>

^param^description^
|-x|simple authentication|
|-LLL|extended format|
|-H|LDAP URI|
|-D|bind DN|
|-W|ask for password|
|-b|query|

</WRAP>

====== Nexus ======
Volume: ///volumes1/docker/volume-nexus///

https://nostovo.arnostdudek.cz:8081

http://nostovo.arnostdudek.cz:7981

Docker URL: https://nostovo.arnostdudek.cz:32769/repository/nostovo/

===== Docker client setup =====
  - upravime / vytvorime ///etc/docker/daemon.json//<file json daemon.json>
{
    "insecure-registries": ["nostovo.arnostdudek.cz:32769"]
}
</file>
  - otocime docker<code>
$ systemctl restart docker
</code>
  - a prihlasime se<code shell>
$ docker login [-u <user>] [-p <pass>] <URL>
$ docker login -u admin -p <pass> nostovo.arnostdudek.cz:32769
</code>

===== HTTPS reverzni proxy =====
z https://www.synoforum.com/resources/synology-reverse-proxy-under-the-hood.135/
  - login do DSM UI
  - //Ovladaci panely// -> //Prihlasovaci portal// -> tab //Rozsirena nastaveni// -> //Reverzni server proxy//
  - //Pridat// a vyplnime<WRAP alert>Prekladane porty nesmi byt stejne jako porty vystavene dockerem! Zde vzdy <port v kontejneru>-100 zpet na <port v kontejneru> ale jiz HTTPS.</WRAP>{{:nostovo:dsm7-reverse-proxy.png?400|}}
  - a prihlasime se<code shell>
$ docker login [-u <user>] [-p <pass>] <URL>
$ docker login -u admin -p <pass> nostovo.arnostdudek.cz:32769
</code>

===== LDAP prihlasovani =====
  - login do nexusu
  - //Settings// -> //LDAP// -> Create new
  - //LDAP server address:// je ve tvaru <code>ldaps://<FQDN>:636</code>
  - //Search base DN// zkopirujeme //Base DN// z nastaveni LDAP serveru v DSM
  - //Authentication method// zvolime //Simple authentication//
  - //Username or DN// zkopirujeme //Bind DN// z nastaveni LDAP serveru v DSM
  - //Password// opet z nastaveni LDAP serveru v DSM
  - overime spojeni
  - zvolime //Configuration template// //Posix with Dynamic Groups//
  - //User relative DN// zvolime "//cn=users//" jinak nemusime menit
  - overime nacteni uzivatelu a skupin a take moznost jejich prihlaseni
  - presuneme se do //Roles// -> //Create Role//
  - vybereme //External role mapping//, nasledne //LDAP//
  - //Mapped Role// nastavime podle detekovanych

^Name^Mapped role^Contained roles^Description^
|LDAP operators|Directory Operators|ng-admin|allows access for LDAP AD operators|
|LDAP users|users|ng-authorized|allows access for LDAP users|

{{:nostovo:nexus-ldap-connection.png?600|}}

{{:nostovo:nexus-ldap-users.png?600|}}

====== Jenkins ======
https://nostovo.arnostdudek.cz:8080

http://nostovo.arnostdudek.cz:7980

Volume: ///volumes1/docker/volume-jenkins-home///

<code>
$ docker exec -it -u root jenkins-jenkins1 bash
</code>

===== Perzistence dat =====
"Svazek" -> "Pridat slozku" -> vybrat volume a potvrdit -> "Cesta pro navazani" = "/var/jenkins_home"

=== WiP: Docker-in-Docker - DIND ===
<code bash>
$ sudo ln -s /var/run/docker.sock /volume1/docker/docker.sock
</code>

<wrap fixme> "Svazek" -> "Pridat soubor" -> cil symlinku -> "Cesta pro navazani" = "/var/run/docker.sock"

===== Instalace Java 11 =====
  - "Manage Jenkins" > "Global Tool Configuration" > "Add JDK"
  - Label: openjdk-11
  - Download URL: https://download.java.net/java/GA/jdk11/13/GPL/openjdk-11.0.1_linux-x64_bin.tar.gz
  - Subdirectory of extracted archive: jdk-11.0.1
  - pouzit v buildu dle zadaneho labelu

<WRAP tip>
Pro stable RedHat / Centos / Amazon Linux / ... existuje repozitar:
<code bash>
$ sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
$ sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
</code>
</WRAP>

====== uptime-kuma ======
https://nostovo.arnostdudek.cz:8082

http://nostovo.arnostdudek.cz:7982

https://github.com/louislam/uptime-kuma

Volume: ///volumes1/docker/volume-uptime-kuma///

====== HandBrake ======
Volume: ///volume1/docker/volume-handbrake/config//

http://192.168.1.2:7984/

https://hub.docker.com/r/jlesage/handbrake

https://github.com/jlesage/docker-handbrake

<WRAP note>
<code bash>
docker run -d \
    --name=handbrake \
    -p 5800:5800 \
    -v /docker/appdata/handbrake:/config:rw \ # Stores the application's configuration, state, logs, and any files requiring persistency.
    -v /home/user:/storage:ro \ # Contains files from the host that need to be accessible to the application.
    -v /home/user/HandBrake/watch:/watch:rw \ # The location for videos to be automatically converted.
    -v /home/user/HandBrake/output:/output:rw \ # The destination for converted video files.
    jlesage/handbrake
</code>
</WRAP>

  - Vytvorime slozku pro //docker-compose.yml//
  - Vytvorime slozku pro vlastni konfiguraci nastoroje - slozka ///config//
  - Pokud nemame, vytvorime slozky pro //vstup//, //sledovani// a //vystup//
  - Container manager -> Projekty -> Novy
<code yaml>
version: "3"

services:
  # from https://www.youtube.com/watch?v=g25uQxDr7fQ
  handbrake:
    image: jlesage/handbrake
    container_name: handbrake
    environment:
      - TZ=Europe/Prague
      - USER_ID=1026 # Synology Container creator is using this instead of PUID. This is the same as the user id of the user in the container.
      - GROUP_ID=100 # Synology Container creator is using this instead of PGID. This is the same as the group id of the user in the container.
      # Handbrake GUI settings
      - AUTOMATED_CONVERSION_PRESET=nost/qsv h265 icq25 1080p
      - AUTOMATED_CONVERSION_FORMAT=mkv
      - AUTOMATED_CONVERSION_KEEP_SOURCE=0
      - AUTOMATED_CONVERSION_OUTPUT_SUBDIR=SAME_AS_SRC
    ports:
      - 7984:5800
    volumes:
      # NAS path | Container path
      - /volume1/docker/volume-handbrake/config:/config
      - /volume1/homes/nost23/nvidia_geforce:/storage
      - /volume1/homes/nost23/nvidia_geforce/prekodovat:/watch
      - /volume1/homes/nost23/nvidia_geforce/prekodovano:/output
    devices:
      - /dev/dri:/dev/dri # Binds the Intel Quicksync decoder to Plex HW Transcode
    group_add:
      - "937"  # Synology "videodriver" group
</code>
  - Povolime webovy portal handbrake -> HTTPS na port 8084. Host localhost.

</hidden>