Differences

This shows you the differences between two versions of the page.

--- unraid:virtual:hoobsf33 [2021/04/10 16:55] – [Create ssh-rsa key auth] dirk
+++ unraid:virtual:hoobsf33 [2021/07/13 11:18] (current) – dirk
@@ Line 6: / Line 6: @@
   * Description: Hoobs
   * CPU Mode: Host Passthrough
-  * Logical CPUs: 2
+  * Logical CPUs: 1
   * Internal Memory: 1024
   * Max Memory: 1024
@@ Line 54: / Line 54: @@
   * Then had to make sure the user home folder was 700 (which it was), the .ssh folder was 700 (which it wasn't), and the authorized_keys file was 600 (which it wasn't).
-==== Reboot ====
+===== HOOBS Prereq =====
-<code>sudo reboot -h now</code>
+<code>sudo hostnamectl set-hostname hoobs</code><code>sudo yum install -y nss-mdns avahi</code><code>sudo systemctl enable avahi-daemon.service</code><code>sudo reboot</code>
-==== Install Hoobs ====
+===== Install HOOBS =====
-<code>curl -sSL https://install.pi-hole.net | bash</code>
-  * Select Google (we will remove it later)
-  * Ok to default "StevenBlock"
-  * Ok to IPv4 and IPv6
-  * Yes to Static
-  * Yes to Web Admin Interface
-  * Yes to Web Server
-  * Yes to queries
-  * Show everything
-  * Change password <code> pihole -a -p password</code>
-==== Install Unbound ====
+<code>wget -q -O - http://bit.ly/get-hoobs | sudo bash -</code>
-<code>sudo apt-get install unbound</code>
-  * write config file
-<code>sudo vim /etc/unbound/unbound.conf.d/pi-hole.conf</code>
-<code>server:
-    # If no logfile is specified, syslog is used
-    # logfile: "/var/log/unbound/unbound.log"
-    verbosity: 0
-    interface: 127.0.0.1
+==== Connect ====
-    port: 5335
+  * Connect to either the internal IP or hostname if setup
-    do-ip4: yes
+  * Create User: Dirk Rockface / dirk
-    do-udp: yes
+  * Install Plugins
-    do-tcp: yes
+    * Nest (Hoobs Certified) 4.5.3 at time of this wiki
+    * myQ (Hoobs Certified) 2.6.2 at time of this wiki
-    # May be set to yes if you have IPv6 connectivity
+==== Plugins Setup====
-    do-ip6: no
+=== myQ ===
+  * use credentials from myQ account.
-    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
+=== Nest ===
-    # Terredo tunnels your web browser should favor IPv4 for the same reasons
+  * Open a Chrome browser tab in Incognito Mode (or clear your cache).
-    prefer-ip6: no
+  * Open Developer Tools (View/Developer/Developer Tools).
+  * Click on 'Network' tab. Make sure 'Preserve Log' is checked.
-    # Use this only when you downloaded the list of primary root servers!
+  * In the 'Filter' box, enter issueToken
-    # If you use the default dns-root-data package, unbound will find it automatically
+  * Go to home.nest.com, and click 'Sign in with Google'. Log into your account.
-    #root-hints: "/var/lib/unbound/root.hints"
+  * One network call (beginning with iframerpc) will appear in the Dev Tools window. Click on it.
+  * In the Headers tab, under General, copy the entire Request URL (beginning with https://accounts.google.com, ending with nest.com). This is your "issueToken" in config.json.
-    # Trust glue only if it is within the server's authority
+  * In the 'Filter' box, enter oauth2/iframe
-    harden-glue: yes
+  * Several network calls will appear in the Dev Tools window. Click on the last iframe call.
+  * In the Headers tab, under Request Headers, copy the entire cookie (include the whole string which is several lines long and has many field/value pairs - do not include the cookie: name). This is your "cookies" in config.json.
-    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
+  * In the 'Filter' box, enter issue_jwt
-    harden-dnssec-stripped: yes
+  * Click on the last issue_jwt call.
+  * In the Headers tab, under Request Headers, copy the entire x-goog-api-key (do not include the x-goog-api-key: name). This is your "apiKey" in config.json.
-    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
+  * Do not log out of home.nest.com, as this will invalidate your credentials. Just close the browser tab.
-    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
-    use-caps-for-id: no
-    # Reduce EDNS reassembly buffer size.
-    # Suggested by the unbound man page to reduce fragmentation reassembly problems
-    edns-buffer-size: 1472
-    # Perform prefetching of close to expired message cache entries
-    # This only applies to domains that have been frequently queried
-    prefetch: yes
-    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
-    num-threads: 1
-    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
-    so-rcvbuf: 1m
-    # Ensure privacy of local IP ranges
-    private-address: 192.168.0.0/16
-    private-address: 169.254.0.0/16
-    private-address: 172.16.0.0/12
-    private-address: 10.0.0.0/8
-    private-address: fd00::/8
-    private-address: fe80::/10</code>
-==== Point Pi-hole to Unbound ====
-  * log into pi-hole
-  * go to Settings -> DNS
-  * uncheck Google servers and add Custom 127.0.0.1#5335
-  * Save
-==== Fix domain pointing to /admin page ====
-  * To redirect the root address to /admin, add the following line to /etc/lighttpd/lighttpd.conf:
-<code>url.redirect = ( "^/$" => "/admin" )</code>
-* Links:
-      * https://www.youtube.com/watch?v=FnFtWsZ8IP0
-      * https://www.reddit.com/r/pihole/comments/4eirjz/is_it_possible_to_forward_a_domain_to_the_pihole/

brimble.com

User Tools

Site Tools

Differences

Page Tools