d3vilh / raspberry-gateway

Simple yet powerful home gateway environment with Pi-Hole +Unbound, VPN, Torrent client and Internet monitoring, all managed by Portainer.
https://github.com/d3vilh/raspberry-gateway
Apache License 2.0
120 stars 14 forks source link
arm docker gateway gluetun grafana grafana-dashboard internet-monitoring openvpn openvpn-client openvpn-server openvpn-ui pi-hole portainer prometheus raspberry-pi shadowsocks unbound vpn wireguard xray

Raspberry Gateway Logo Raspberry-Gateway provides a simple but powerful solution for managing your home internet gateway using a Raspberry Pi. This project includes a range of Docker containers, each serving a specific purpose to enhance your internet experience:

Overall, this Raspberry Pi Home Internet Gateway provides a universal solution for managing and monitoring your home internet enviroment with joy and ease.

latest version

Requirements

Installation

  1. Install Ansible:

     sudo apt-get install -y git ansible python3-pip musl-tools
  2. Clone this repository:

     git clone https://github.com/d3vilh/raspberry-gateway
  3. Then enter the repository directory:

     cd raspberry-gateway
  4. Install requirements:

     ansible-galaxy collection install -r requirements.yml

    Note: If you see ansible-galaxy: command not found, you have to relogin (or reboot your Pi) and then try again.

    Continue Installation with WebUI
  5. Run Webinstall binary:

     secret@rpgw:~/raspberry-gateway $ ./webinstall # Supports now both legacy Pi4_x64 and Pi5_x64
     2023/07/07 18:01:03 Welcome! The web interface will guide you on installation process.
     Installation logs: webinstall.log
     2023/07/07 18:01:03 Starting web server on http://10.10.10.18:8088
  6. Copy server address (http://10.10.10.18:8088 as above example) from the console and paste into your browser, then press Enter. Raspberry-Gateway webinstall window will appear: Webinstall picture 1

  7. Choose all the components you would like to install and change all the passwords (keep them in mind).

    Note: You can leave all the passwords as default, but it's not recommended.

  8. Press "Save" button. When your configuration is ready: Webinstall picture 2

  9. Then press "Install" button. It will initiate installation in background: Webinstall picture 3

  10. The installation process will take some time. Once that's done, it'll be like you have a new Raspberry Gateway up and running.

    • Additional options:

    • To Remove any of previously installed component - click Uninstall "component" checkbox then save configuration file and press Uninstall button.
    • To set Default options for the next webinstall run - modify example.config.yml with the default parameters.
    • Default Ansible parameters, such as ansible_user can be set in example.inventory.yml file.

    Afraid of GUI? Need more control?

    Install everything with CLI
  11. Make copies of the configuration files and modify them for your enviroment:

      yes | cp -p example.inventory.yml inventory.yml 
      yes | cp -p example.config.yml config.yml
  12. Double check that ansible_user is correct for inventory.yml. Need to run installtion on the remote server - follow the recomendations in config file.

    Note: To make all necesary changes: nano inventory.yml, save the file - Ctrl+O and Ctrl+X to exit.

  13. Modify config.yml to enable or disable desired containers to be installed on your Pi. For example, to enable Portainer - change enable_portainer: false option to enable_portainer: true and vs to disable.

    Note: Default configuration options in the list below are bold.

    List of available configuration options
    • Portainer

      • portainer_enable: true or false - to install Portainer, the Web-ui for Docker. Default true.
      • remove_portainer: true or false - to uninstall Portainer. Default false.
    • Unbound DNS

      • unbound_dns_enable: true or false - to install Unbound DNS, the fast and lean DNS. Default true. Beaware that Unbound DNS is not compatible with Techtitium DNS as they both use port 53.
      • remove_unbound_dns: true or false - to uninstall Unbound DNS. Default false.
      • additional parameters - in config.yml you'll see lot of additional parameters with default values. You can change them if you know what you are doing. Short description of each parameter is available in the same file.
    • Pi-Hole

      • pihole_enable: true or false - to install Pi-Hole. Default true. Beaware that Pi-Hole is not compatible with Technitium DNS as they both use port 53.
      • remove_pihole: false or true - to uninstall Pi-Hole. Default false.
      • pihole_inside_vpn: false or true - configure Pi-Hole to use your OpenVPN Client subnet instead of public Internet.
      • pihole_password - password for Pi-Hole WEB UI. Default "gagaZush".
    • Technitium DNS

      • tech_dns_enable: false or true - to install Technitium DNS. Default false. Beaware that Technitium DNS is not compatible with Pi-Hole and Unbound DNS as they use port 53 as well.
      • remove_tech_dns: false or true - to uninstall Technitium DNS. Default false.
      • tech_dns_password - password for Technitium DNS WEB UI. Default "gagaZush".
      • tech_dns_inside_vpn: false or true - configure Technitium DNS to use your OpenVPN Client subnet instead of public Internet.
      • additional parameters - in config.yml you'll see lot of additional parameters with default values. You can change them if you know what you are doing. Short description of each parameter is available in the same file.
    • OpenVPN Server Advanced OpenVPN Server documentation and configuration examples is here.

      • ovpn_server_enable: false or true - to install OpenVPN Server. Default false.
      • remove_ovpn_server: false or true - to uninstall OpenVPN Server. Default false.
      • ovpnui_user - username for OpenVPN WEB UI. Default "admin".
      • ovpnui_password - password for OpenVPN WEB UI. Default "gagaZush".
      • additional parameters - in config.yml you'll see lot of additional parameters with default values. You can change them if you know what you are doing. Short description of each parameter is available in the same file.
    • OpenVPN Client Advanced OpenVPN Client documentation with configuration examples is here.

      • ovpn_client_enable: false or true - to install OpenVPN Client. Default false.
      • remove_ovpn_client: false or true - to uninstall OpenVPN Client. Default false.
      • Put your OpenVPN connection profile *.ovpn into openvpn-client directory before installation and update its name in ovpn_client_cert: "your-client.ovpn" option before installation. Default "webinstall-client.ovpn".
      • ovpn_client_secret: "file with client secrets" - filename with your OpenVPN connection profile user and password if you have any. Default "webinstall-credentials.txt".
      • ovpn_client_allowed_subnet: "your home wifi subnet/mask" - your local subnet from which you want to access qBitTorrent web-ui when VPN Client connection is active. Default "192.168.88.0/24".
      • ovpn_client_killswitch: false or true - block all traffic if ovpn-client is down. Default true.
    • Gluetun

      • gluetun_vpnclient_enable: false or true - to install Gluetun VPN Client. Default false.
      • remove_gluetun_vpnclient: false or true - to uninstall Gluetun VPN Client. Default false.
      • additional parameters - in config.yml you'll see lot of additional parameters with default values. You can change them if you know what you are doing. Short description of each parameter is available in the same file.
    • WireGuard Server

      • wireguard_server_enable: false or true - to install WireGuard Server. Default false.
      • remove_wireguard: false or true - to uninstall WireGuard Server. Default false.
      • wireguard_password - password for WireGuard WEB UI. Default "gagaZush".
      • wireguard_user - username for WireGuard WEB UI. Default "admin".
      • wireguard_serverurl - URL for WireGuard WEB UI. Default "wg.example.com".
    • qBitTorrent

      • qbittorrent_enable: false or true - to install qBitTorrent. Default false.
      • remove_qbittorrent: false or true - to uninstall qBitTorrent. Default false.
      • qbittorrent_inside_vpn: false or true - configure qBittorrent to use your OpenVPN Client subnet instead of public Internet. Dont forget to endable OpenVPN Client installation as well.
      • qbittorrent_inside_gluetun: false or true - configure qBittorrent to use your Gluetun VPN Client subnet instead of public Internet. Dont forget to endable Gluetun installation as well.
      • qbittorrent_webui_port: "8090" - qBittorrent WEB UI port. Keept is default "8090".
    • Raspberry Monitoring Advanced Raspberry Monitoring documentation is here.

      • General Monitoring parameters:
        • monitoring_enable: true or false - to install Raspberry Monitoring. Default true.
        • remove_monitoring: false or true - to uninstall Raspberry Monitoring. Default false.
        • monitoring_grafana_admin_password - password for Grafana WEB UI. Default "gagaZush".
        • monitoring_days_keep_interval: "90d" - how long to keep data in Prometheus DB. Default "90d".
        • monitoring_speedtest_interval: "1h" - how often to run speedtest. Default "60m".
        • monitoring_ping_interval: "1m" - how often to run ping tests. Default "30s".
      • OpenVPN Monitoring:
        • openvpn_monitoring_enable: true or false - install OpenVPN monitoring dashboard. Default false.
        • remove_openvpn_monitoring: false or true - to uninstall OpenVPN monitoring dashboard. Default false.
      • PiKVM Monitoring:
        • pikvm_monitoring_enable: true or false - install Pi-KVM monitoring dashboard. Default false.
        • remove_pikvm_monitoring: false or true - to uninstall Pi-KVM monitoring dashboard. Default false.
        • pikvm_target_ip: "PiKVM IP" - Pi-KVM IP address to gather statistics from. Default "192.168.88.3".
        • pikvm_web_user: "admin" - Pi-KVM side preconfigured Web-UI username. Default "admin".
        • pikvm_web_password - Pi-KVM side preconfigured Web-UI password. Default "gagaZush".
      • AirGradient Monitoring:
        • airgradient_monitoring_enable: true or false - install AirGradient monitoring dashboard. Default false.
        • remove_airgradient_monitoring: false or true - to uninstall AirGradient monitoring dashboard. Default false. Complete your AirGradient monitoring configuration in advanced.config.yml.
      • StarLink Monitoring:
        • starlink_monitoring_enable: true or false - install StarLink monitoring dashboard. Default false.
        • remove_starlink_monitoring: false or true - to uninstall StarLink monitoring dashboard. Default false.
        • starlink_ip: "StarLink IP" - StarLink IP address to get statistics from. Default "10.10.10.1".
        • starlink_port: "9817" - StarLink port to get statistics from. Default "9817".
      • ShellPlug Monitoring:
        • shellyplug_monitoring_enable: true or false - install ShellyPlug monitoring dashboard. Default false.
        • remove_shelly_plug_monitoring: false or true - to uninstall ShellyPlug monitoring dashboard. Default false.
        • shelly_plug_hostname: "ShellyPlug IP" - ShellyPlug IP address or hostname to get statistics from. Default "server-room-shelly"
        • shelly_ip: "ShellyPlug IP" - ShellyPlug IP address to get statistics from. Default "192.168.88.66".
        • shelly_port: "ShellyPlug Port" - ShellyPlug port to get statistics from. Default "9924".
        • shelly_plug_http_username - ShellyPlug HTTP username. Default "admin".
        • shelly_plug_http_password - ShellyPlug HTTP password. Default "gagaZush".
    • Xray Server Advanced Xray Server documentation and configuration examples is here.

      • xray_enable: false or true - to install XRAY Server. Default false.
      • remove_xray: false or true - to uninstall XRAY Server. Default false.
  14. Modify advanced configuration options in advanced.config.yml if you desire to use additional Monitoring features, such as Telegram bot for notifications, to share your Grafana dashboard over Internet, to tune hosts to ping or set AirGradient monitoring parameters.

  15. Run installation playbook:

     ansible-playbook main.yml

    Note: If running locally on the Pi: You may have error like Error while fetching server API version. You have to relogin to your Pi and then run the playbook again.

Features

Pi-hole or Technitium-dns as the network-wide ad-blocking solution integrated with own local DNS and DHCP servers:

Pi-holeTechnitium

OpenVPN Server with subnets support and openvpn-ui as fast and lightweight web administration interface or WireGuard server - an extremely simple yet fast and modern VPN with own web administration interface:

OpenVPN WEB UIWireGuard WEB UI

OpenVPN Server Subnets

OpenVPN Client container for using external OpenVPN server connection for selected containers of this project.

Note: qBitTorrent can be configured to use OpenVPN Client or Gluetun connection to download torrents the way your ISP will not recognize!

GlueTun container as universal VPN client for using with multiple commercial VPN providers and built-in DNS over TLS, with a few proxy servers.

Xray Server container, with experimental Shadowsocks and XTLS-Reality fast tunnel proxy that helps you to bypass firewalls.

Xray DashboardXray Inbounds

qBittorrent an open-source software alternative to µTorrent, with lightweight web administration interface:

qBittorrent WEB UI

Portainer is a lightweight universal management interface that can be used to easily manage containers and environment which included in this setup:

Portainer

Raspi Monitoring The simple yet powerfull monitoring solution for your Raspberry Gateway. Covers performance utilisation (CPU,MEM,I/O, storage usage), Hardware utilisation (Temperature, Voltage, Power States, Devices Clock), Docker containers statistics and Internet connection monitoring:

Raspberry Monitoring Dashboard in Grafana picture 1 Raspberry Monitoring Dashboard in Grafana picture 2 Raspberry Monitoring Dashboard in Grafana picture 3 Raspberry Monitoring Dashboard in Grafana picture 4 Raspberry Monitoring Dashboard in Grafana picture 5 Raspberry Monitoring Dashboard in Grafana picture 6

AirGradient Monitoring: Accurate and Open Air Quality Monitoring Dashboard:

AirGradient Monitoring Dashboard in Grafana picture 1 AirGradient Monitoring Dashboard in Grafana picture 2

Other features:

Usage

Portainer

Portainer facts:

Дякую and Kudos to all the envolved people:

Kudos to all folks maintaining:

Buy Me A Coffee

May 2021, d3vilh