2021-03-22 22:38:46 +00:00
|
|
|
---
|
|
|
|
title: mountain
|
|
|
|
---
|
|
|
|
|
|
|
|
`mountain` is an Acer Aspire 7220 running Alpine Linux at my home, and
|
|
|
|
hosting my [French blog](https://brainshit.fr). It is also part of my group
|
|
|
|
of Syncthing devices, to make sure there is always one device ready to receive
|
|
|
|
another's changes, for near-instant online backups.
|
|
|
|
|
|
|
|
It is named after one of the sectors in Code Lyoko; my previous server was
|
|
|
|
named Carthage after the Fifth Sector. I plan on naming my next devices after
|
|
|
|
the other sectors; Desert, Forest and Ice.
|
|
|
|
|
|
|
|
I am considering hosting some other small services such as Gopher, Gemini, or
|
|
|
|
Finger. I however want everything to only be purely static; if it does not
|
2021-04-25 23:02:12 +00:00
|
|
|
fit in a Git repo, it does not get into my server. Syncthing is the only
|
2021-03-22 22:38:46 +00:00
|
|
|
exception.
|
|
|
|
|
|
|
|
A WebDAV server is also hosted there, although it is only exposed to my LAN;
|
|
|
|
I use it purely to make transfers between my IBM ThinkPads running old Windows
|
|
|
|
versions and my Linux systems easier.
|
2021-04-25 23:02:12 +00:00
|
|
|
|
|
|
|
I tried to write some setup docs when I first set it up, but of course I did
|
|
|
|
not write everything down, that would be too easy.
|
|
|
|
|
|
|
|
## Base setup
|
|
|
|
|
|
|
|
* Boot on an Alpine Linux ISO.
|
|
|
|
* Run `setup_alpine`.
|
|
|
|
* Set the keyboard to `fr-oss` (layout `fr`, then `fr-oss` variant)
|
|
|
|
* Set `mountain` as the hostname
|
|
|
|
* Set the disks up; `lvm` on all disks
|
|
|
|
* Reboot once prompted
|
|
|
|
* Uncomment the `community` repo in `/etc/apk/repositories`
|
|
|
|
* Recommended installation: `apk add --update vim figlet htop tmux pciutils zsh`
|
|
|
|
* Edit the `/etc/motd` to taste, including a `:r! figlet mountain`
|
|
|
|
|
|
|
|
## WLAN
|
|
|
|
|
|
|
|
### Manual setup
|
|
|
|
|
|
|
|
* Scan: `iwlist wlan0 scanning`
|
|
|
|
* Set SSID to `bacon`: `iwlist wlan0 essid bacon`
|
|
|
|
* Create WPA config: `wpa_passphrase bacon password > /etc/wpa_supplicant/wpa_supplicant.conf`
|
|
|
|
* Start WPA supplicant: `wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf`
|
|
|
|
* Start in the background: `wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf`
|
|
|
|
* DHCP: `udhcpc -i wlan0`
|
|
|
|
|
|
|
|
### Automated setup
|
|
|
|
|
|
|
|
* Perform the above manual setup first.
|
|
|
|
* Ensure the following is in `/etc/network/interfaces`:
|
|
|
|
```
|
|
|
|
auto wlan0
|
|
|
|
iface wlan0 inet dhcp
|
|
|
|
```
|
|
|
|
* Nuke the interface: `ifconfig wlan0 down`
|
|
|
|
* Start WPA supplicant manually: `rc-service wpa_supplicant start`
|
|
|
|
* If all goes well, `rc-update add wpa_supplicant boot`
|
|
|
|
|
|
|
|
## Graphics
|
|
|
|
|
|
|
|
* Add the graphics driver: `apk add xf86-video-nouveau` (might not be mandatory?)
|
|
|
|
* To set the screen resolution manually: `fbset -xres 1440 -yres 900 -match`
|
|
|
|
|
|
|
|
> TODO: Keep the screen resolution set permanently
|
|
|
|
|
|
|
|
## SSH
|
|
|
|
|
|
|
|
* The base setup already includes a server
|
|
|
|
* Check it with `rc-status`
|
|
|
|
* Otherwise:
|
|
|
|
```
|
|
|
|
apk add openssh
|
|
|
|
rc-update add sshd default
|
|
|
|
rc-service sshd start
|
|
|
|
```
|
|
|
|
* After updating the config at `/etc/ssh/sshd_config`, restart with `rc-service sshd restart`
|
|
|
|
* Disable `PasswordAuthentication`, `ChallengeResponseAuthentication` and `PermitRootLogin`
|
|
|
|
|
|
|
|
## Sudo
|
|
|
|
|
|
|
|
* Install sudo: `apk add sudo`
|
|
|
|
* Add a group: `addgroup sudo`
|
|
|
|
* Add a user to the group: `adduser lucidiot sudo`
|
|
|
|
* Use `visudo` to uncomment the line that allows access to the `sudo` group
|
|
|
|
|
|
|
|
## Nginx
|
|
|
|
|
|
|
|
* Install nginx: `apk add nginx`
|
|
|
|
* Start on boot: `rc-update add nginx default`
|
|
|
|
* Start manually: `rc-service nginx start`
|
|
|
|
|
|
|
|
## MariaDB
|
|
|
|
|
|
|
|
* Install MariaDB: `apk add mariadb mariadb-client`
|
|
|
|
* Start on boot: `rc-update add mariadb default`
|
|
|
|
* Initial setup: `rc-service mariadb setup`
|
|
|
|
* Start manually: `rc-service mariadb start`
|
|
|
|
* Run the installation wizard: `mariadb-secure-installation`
|
|
|
|
* Keep passwordless access for root without UNIX socket so you can do `sudo mariadb`
|
|
|
|
* Disallow remote login
|
|
|
|
* Remove anonymous users and the `test` database
|
|
|
|
* Run `sudo mariadb`
|
|
|
|
* Run `INSTALL SONAME 'auth_ed25519';`
|
|
|
|
|
|
|
|
## PHP
|
|
|
|
|
|
|
|
* `apk add php7-fpm phpmyadmin`
|
|
|
|
* `rc-update add php-fpm7 default`
|
|
|
|
* Edit `/etc/php7/php-fpm.d/www.conf`:
|
|
|
|
```
|
|
|
|
listen = /run/php-fpm7/php.sock
|
|
|
|
```
|
|
|
|
* `rc-service php-fpm7 start`
|
|
|
|
|
|
|
|
> TODO
|
|
|
|
|
|
|
|
## Brainshit
|
|
|
|
|
|
|
|
> TODO
|
|
|
|
|
|
|
|
## Let's Encrypt
|
|
|
|
|
|
|
|
> TODO
|
|
|
|
|
|
|
|
## UFW
|
|
|
|
|
|
|
|
> TODO
|
|
|
|
|
|
|
|
## WebDAV
|
|
|
|
|
|
|
|
> TODO
|