Migrate last blog posts

blog/2023-12-19-restart-or-shutdown-your-proxmox-node-from-home-assistant-automation/index.md

@@ -0,0 +1,57 @@
+---
+slug: restart-or-shutdown-your-proxmox-node-from-home-assistant-automation
+title: "Restart or shutdown your Proxmox node from Home Assistant automation"
+tags: [self-hosting, homelab, Proxmox, Smart Home, Home Assistant]
+image: /img/blog/2023/12/power_switch.jpg
+---
+There is a [UPS monitoring through NUT](/2023-12-19-monitor-usb-ups-connected-to-synology-nas-in-home-assistant/index.md) configured in my Home Assistant. So I decided my Home Assistant could shut down my homelab servers on a low UPS battery.
+
+<!-- truncate -->
+
+We will use [Proxmox VE API](https://pve.proxmox.com/wiki/Proxmox_VE_API) and Home Assistant [RESTful Command](https://www.home-assistant.io/integrations/rest_command/) integration for this.
+
+## Proxmox user and permissions
+
+Let's do things right and don't allow Home Assistant to log in with the root user to your Proxmox environment. We will create a _role_ first. Go to your _Datacenter_ view in Proxmox web UI choose _Permissions -> Roles_ and hit _Create_.
+
+We will create a `PowerManager` role with `Sys.PowerMgmt` privileges. This will allow our user to execute shutdown/restart commands through Proxmox API, but nothing more.
+
+![](001.png)
+
+Next, we will create a user. In Proxmox web UI go to _Permissions -> Users_ and hit _Add_. Give him a username and password, and choose _"Proxmox VE authentication server"_ as a _Realm_:
+
+![](002.png)
+
+Next, we will go to our _Datacenter_ view in Proxmox web UI choose _Permissions_ and hit _Add_. Here, we will set `/nodes/<node_name>` as the Path, select our newly created _User_ and our newly created _Role_ for him:
+
+![](003.png)
+
+Lastly, we will need an API token to make API calls. For this, we will go to _Permissions -> API_ Tokens and click _Add_. Choose our newly created user, give the token an ID, and disable _Privilege Separation_.
+
+![](004.png)
+
+After clicking _Add_ we will see the token. We need to write down the token ID and token itself to use it in Home Assistant later.
+
+## Home Assistant integration
+
+Now to the Home Assistant. We will need to edit our `configuration.yaml` file as currently, this is the only way to add RESTful Command integration. Here is an example:
+
+```yaml
+rest_command:
+  spacedock_one_shutdown:
+    url: "https://192.168.99.3:8006/api2/json/nodes/spacedock-one/status"
+    method: post
+    headers:
+      Authorization: PVEAPIToken=pwrmngr@pve!power=73892874-ad34-4b98-83e2-7be787f9bee3
+    content_type: "application/x-www-form-urlencoded"
+    payload: "command=shutdown"
+    verify_ssl: false
+```
+
+The `url` should have the next format: `https://<proxmox node IP>:8006/api2/json/nodes/<proxmox node name>/status`.
+
+The authorization header should have the next format: `PVEAPIToken=<proxmox username>@pve!<API token ID>=<API token>`
+
+You can use `shutdown` or `reboot` as a `command`.
+
+After restarting Home Assistant you will have a new service available. In our example, it would be `rest_command.spacedock_one_shutdown`. Calling it will do the trick.

blog/2025-02-15-wireguard-tunnel-from-ubuntu-vps-to-homelab-through-unifi-vpn-server/index.md

@@ -0,0 +1,108 @@
+---
+slug: wireguard-tunnel-from-ubuntu-vps-to-homelab-through-unifi-vpn-server
+title: "WireGuard tunnel from Ubuntu VPS to HomeLab through UniFi VPN server"
+tags: [self-hosting, homelab, WireGuard, VPN]
+image: /img/blog/2025/02/tunnel.jpg
+---
+I'm not surprised people prefer Tailscale over WireGuard. Did you see the WireGuard [quick start guide](https://www.wireguard.com/quickstart/)? Did you try to connect using this guide? Anyway, I have a VPS on Hetzner I wanted to connect to my local network through a secure tunnel. Tailscale is nice, but why set up a new infrastructure when I have one inside my UniFi Cloud Gateway Ultra?
+
+<!-- truncate -->
+
+:::warning
+
+This guide will work for you only if you have a static WAN IP
+
+:::
+
+So first of all I went to _Settings -> VPN_ on my UniFi Cloud Gateway Ultra, switched to a _VPN Server_ tab, and added a new Wireguard VPN server. I let UniFi decide on the client's IP range.
+
+Then I added a client, which will be my VPS. And downloaded a WireGuard interface config file there:
+
+![](001.png)
+
+Then I connected to my VPS through SSH to make some Linux command line magic.
+
+:::note
+
+I need to mention here that I'm writing this guide a long time after the actual setup. So unfortunately I can't remember the sources I found tips and tricks to make this work. But it works now for me and can help to make it work for you, my dear reader.
+
+:::
+
+On my VPS I have Ubuntu 24.04 installed.
+
+So, to the command line. Install WireGuard:
+
+```bash
+sudo apt install wireguard
+```
+
+Create a config file:
+
+```bash
+sudo nano /etc/wireguard/wg0.conf
+```
+
+Insert the configuration downloaded from the UniFi VPN client creation step:
+
+```
+[Interface]
+PrivateKey = ***************************************
+Address = 192.168.4.2/32
+DNS = 192.168.4.1
+
+[Peer]
+PublicKey = ***************************************
+AllowedIPs = 0.0.0.0/0
+Endpoint = ***.***.**.**:51821
+```
+
+Now edit it to look like this:
+
+```
+[Interface]
+PrivateKey = ***************************************
+Address = 192.168.4.2/32
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+ListenPort = 51820
+
+[Peer]
+PublicKey = ***************************************
+AllowedIPs = 192.168.4.0/24,192.168.50.0/24,192.168.1.0/24
+Endpoint = ***.***.**.**:51821
+PersistentKeepalive = 10
+```
+
+`PostUp` and `PostDown` are commands to be executed when the WireGuard network interface connects or disconnects. In my case, this is to add and remove `iptables` rules for WireGuard traffic routing through the default network interface.
+
+`AllowedIPs` should be edited to your needs. Here is my needs:
+
+- `192.168.4.0/24` allows access to any IP address on the same subnet as the VPS would be placed after connecting
+- `192.168.50.0/24` allows access to any IP on my other subnet
+- `192.168.1.0/24` allows access to any IP on my main subnet (I'm not sure about this, but anyway the access is blocked on the UniFi Firewall level)
+
+These rules are loose because the Firewall on my UniFi Gateway blocks any cross-subnet traffic anyway allowing only limited communications.
+
+This should be enough to bring the connection up with `wg-quick`:
+
+```bash
+sudo wg-quick up wg0
+```
+
+To see the status:
+```bash
+sudo wg show
+```
+
+And now to make it work through server reboots we need to down the interface:
+
+```bash
+sudo wg-quick down wg0
+```
+
+And up it back with a system service, also enabling it:
+```bash
+sudo systemctl start wg-quick@wg0 && sudo systemctl enable wg-quick@wg0
+```
+
+Further interface control should be performed through `systemctl` as well like `systemctrl stop`, `systemctl restart` or `systemctl status`.

docusaurus.config.js

@@ -59,7 +59,7 @@ const config = {
             xslt: true,
           },
           blogSidebarTitle: 'Timeline',
-          blogSidebarCount: 'ALL',
+          blogSidebarCount: 0,
           // Useful options to enforce blogging best practices
           onInlineTags: 'warn',
           onInlineAuthors: 'warn',
@@ -156,6 +156,7 @@ const config = {
       prism: {
         theme: prismThemes.github,
         darkTheme: prismThemes.dracula,
+        additionalLanguages: ['bash'],
       },
     }),
 };