From 2a3a96cd3a9fdb7bda37134c1f85ce8a5ebe0c6e Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Tue, 28 Apr 2020 08:53:08 -0400 Subject: [PATCH 1/3] extra services and architectures --- .gitignore | 1 + README.md | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/.gitignore b/.gitignore index 0baf21e..86e524d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ compose/production/traefik/traefik.toml .envs/ .env +*.swp diff --git a/README.md b/README.md index d0aeb0e..e99949d 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,15 @@ Tested Operating Systems (in order of thoroughness): - Debian 10 (Buster) - Raspbian Buster +The default tests are run on DigitalOcean Droplets: 2GB RAM, 1 CPU, 50GB hard disk. + +The Mistborn docker images exist for these architectures: + +| Mistborn Docker Images (hub.docker.com) | Architectures | +|------------------------------------------------|---------------------| +| mistborn (django, celery{worker,beat}, flower) | amd64, arm64, armv7 | +| dnscrypt_proxy | amd64, arm64, armv7 | + Recommended System Specifications: | Use Case | Description | RAM | Hard Disk | @@ -295,6 +304,20 @@ The `dev/` folder contains a script for completing a hard reset: destroying and sudo ./dev/rebuild.sh ``` +## Troubleshooting Extra Services +Each extra service has its own systemd process which can be monitored: +``` +sudo journalctl -xfu Mistborn-homeassistant +sudo journalctl -xfu Mistborn-bitwarden +sudo journalctl -xfu Mistborn-syncthing +sudo journalctl -xfu Mistborn-jellyfin +sudo journalctl -xfu Mistborn-nextcloud +sudo journalctl -xfu Mistborn-jitsi +sudo journalctl -xfu Mistborn-rocketchat +sudo journalctl -xfu Mistborn-onlyoffice +sudo journalctl -xfu Mistborn-tor +``` + ## Troubleshooting Docker Instead of defaulting to a system DNS server, Docker will try to use a public DNS server (e.g. 8.8.8.8). If you're having issues pulling or building Docker containers with "failure to connect" errors, this is the likely problem. You can manually set the DNS server Docker should use with the `DOCKER_OPTS` field in `/etc/default/docker`. Example: ``` From 4f922250319f1b4f15cc43be221e5eaf22c700cd Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Wed, 29 Apr 2020 08:11:22 -0400 Subject: [PATCH 2/3] devices --- README.md | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e99949d..553b650 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,7 @@ Ideal for teams who: - want to easily grant and revoke access to people and devices via a simple web interface - want secure internet access wherever they are - want to limit or stop data collecting services +- want to prevent being detected/blocked for using a proxy or VPN service Mistborn depends on these core open source technologies: - [Docker](https://www.docker.com/why-docker): containerization @@ -55,7 +56,7 @@ The Mistborn docker images exist for these architectures: | Mistborn Docker Images (hub.docker.com) | Architectures | |------------------------------------------------|---------------------| | mistborn (django, celery{worker,beat}, flower) | amd64, arm64, armv7 | -| dnscrypt_proxy | amd64, arm64, armv7 | +| dnscrypt-proxy | amd64, arm64, armv7 | Recommended System Specifications: @@ -245,6 +246,41 @@ On Gateway: - Run `sudo systemctl start wg-quick@gateway` - Run `sudo systemctl enable wg-quick@gateway` +# Phones and Mobile Devices +All your devices can be connected to Mistborn as Wireguard clients. + +First steps: +1. Device: Download the Wireguard app on your device. Links: [Android](https://play.google.com/store/apps/details?id=com.wireguard.android) [Apple](https://apps.apple.com/us/app/wireguard/id1441195209) +1. Mistborn: Create a Wireguard profile for the device. +1. Device: Scan Wireguard client QR code in Wireguard app. +1. Device: Enable Wireguard connection. + +All of you device network traffic is now being routed through Wireguard. Ads and malicious sites are blocked by pihole. DNS queries are verified via DNScrypt. + +But wait, there's more! You can: +- visit the [Mistborn web interface](http://home.mistborn) through your phone's browser. +- download the apps for any extra services you have running and connect them to your Mistborn using the Mistborn domains. + +## App Links + +| | Android | Apple | +|----------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------| +| Nextcloud | [Nextcloud](https://play.google.com/store/apps/details?id=com.nextcloud.client) | [Nextcloud](https://apps.apple.com/us/app/nextcloud/id1125420102) | +| Syncthing | [Syncthing](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid) | | +| Jitsi Meet | [Jitsi Meet](https://play.google.com/store/apps/details?id=org.jitsi.meet) | [Jitsi Meet](https://apps.apple.com/us/app/jitsi-meet/id1165103905) | +| Bitwarden | [Bitwarden](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden) | [Bitwarden](https://apps.apple.com/us/app/bitwarden-password-manager/id1137397744) | +| Jellyfin | [Jellyfin](https://play.google.com/store/apps/details?id=org.jellyfin.mobile) | [Jellyfin](https://apps.apple.com/us/app/jellyfin-mobile/id1480192618) | +| Home Assistant | [Home Assistant](https://play.google.com/store/apps/details?id=io.homeassistant.companion.android) | | +| Rocket.Chat | [Rocket.Chat](https://play.google.com/store/apps/details?id=chat.rocket.android) | [Rocket.Chat](https://apps.apple.com/us/app/rocket-chat/id1148741252) | + +## TLS Certificate +Some apps require TLS (HTTPS). All traffic to Mistborn domains already occurs over Wireguard but to keep apps running, a TLS certificate exists for Mistborn and can be imported into your device's trusted credentials in the security settings. + +The TLS certificate can be found here: +``` +/opt/mistborn_volumes/base/tls/cert.crt +``` + # FAQ Frequently Asked Questions From ce5ef1502fa3212476751ee84a663249d3c89c34 Mon Sep 17 00:00:00 2001 From: Steven Foerster Date: Wed, 29 Apr 2020 08:17:33 -0400 Subject: [PATCH 3/3] recommended specs --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 553b650..38db946 100644 --- a/README.md +++ b/README.md @@ -62,9 +62,9 @@ Recommended System Specifications: | Use Case | Description | RAM | Hard Disk | |------------------------|-------------------------------------------------------------------------------|-------|-----------| -| Bare bones | Wireguard, Pihole (no Cockpit, no extra services) | 1 GB | 10 GB | -| Default | Bare bones + Cockpit | 2 GB | 10 GB | -| Low-resource services | Default + Bitwarden, Tor, Syncthing | 3 GB | 15 GB | +| Bare bones | Wireguard, Pihole (no Cockpit, no extra services) | 1 GB | 15 GB | +| Default | Bare bones + Cockpit | 2 GB | 15 GB | +| Low-resource services | Default + Bitwarden, Tor, Syncthing | 3 GB | 20 GB | | High-resource services | Default + Jitsi, Nextcloud, Jellyfin, Rocket.Chat, Home Assistant, OnlyOffice | 4 GB+ | 25 GB+ | Starting from base installation