Guarita is designed to enhance the Internet experience. It offers ad blocking, privacy protection, and parental control. It also allows syncing content from a curated repository and streaming it through an intuitive interface. It is optimized for deployment on a Raspberry Pi device and can be managed remotely via balenaCloud.
Guarita also includes an NTP server for use with your router, ensuring your network's clock is always up to date. This is particularly useful for implementing router-level internet blocks.
This project is a balenaCloud stack with the following services:
- AdGuard: A network-wide ad blocking service. More Info
- Wireguard: A simple WireGuard VPN server GUI. More Info
- Jellyfin: A free software media system that lets you control your media from a web interface. More Info
- Syncthing: A service to sync folders across devices. More info
- NTP: A Network Time Protocol server.
- Hostname: A service to set a custom hostname on application start.
You can one-click-deploy this project to balena using the button below:
- Raspberry Pi 3 or 4
- 16GB Micro-SD Card (we recommend Sandisk Extreme Pro SD cards)
- Micro-USB cable
- Power supply
- Case and cooling (optional but recommended)
- Ethernet cable
Device Variables apply to all services within the application, and can be applied fleet-wide to apply to multiple devices. If you used the one-click-deploy method, the default environment variables will already be added for you to customize as needed.
| Service | Variable | Example | Description |
|---|---|---|---|
| AdGuard | - | - | - |
| Wireguard | WG_HOST | 192.168.0.1 | The host IP for the WireGuard VPN server |
| Wireguard | PASSWORD | admin | The password for the WireGuard VPN server |
| Hostname | SET_HOSTNAME | waiapi | Set a custom hostname on application start |
| Jellyfin | PUID | 1000 | User ID |
| Jellyfin | PGID | 1000 | Group ID |
| Sync | PUID | 1000 | User ID |
| Sync | PGID | 1000 | Group ID |
| Sync | TZ | America/Brasil | Timezone |
| NTP | NTP_SERVERS | time.cloudflare.com | NTP server to use |
| NTP | LOG_LEVEL | 0 | Log level for the NTP server |
| Service | IP Address |
|---|---|
| AdGuard | 84 |
| Calibre | 81 |
| File Browser | 85 |
| Jellyfin | 86 |
| NTP | 123 |
| Sync | 82 |
| Wireguard | 83 |
Please note that these IP addresses are the default ones and can be changed according to your network configuration.
In order to ssh into the devices you'll need to be part of the org that created the fleet and have your public ssh key added to the Balena Dashboard. Balena devices use port 22222 for ssh. The easiest way to work with Balena remotely is by installing the Balena CLI.And be sure to check documentation for more information on ssh access.
To ssh into a machine simply run:
balena ssh <uuid>
Replacing with the device's uuid which can be obtained from the cli or the cloud dashboard. If we want to enter the dashboard of a router on the device's network, first you'll need to tunnel the ssh port:
balena tunnel <uuid> -p 22222:9999
On another terminal ssh into local host which is tunneling the device, using the -D option:
ssh -D 9090 gh_luandro@localhost -p 9999
Then finally configure a sock5 proxy on the browser using the gui, or with Chromium or Firefox installed, run in another terminal:
chromium --temp-profile --proxy-server="socks5://localhost:9090"
or
firefox --proxy-server="socks5://localhost:9090"
The browser window that opens up will be tunneling the device, so if a router's ip is 192.168.1.1 opening that in the browser will open the router's dashboard if it's running on router's port 80.
If you're having trouble getting the project running, submit an issue or post on the forums at https://forums.balena.io.
Please open an issue or submit a pull request with any features, fixes, or changes.