lucidiot/wiki
lucidiot
/
wiki
2
2
Fork 0
Code Issues 2 Pull Requests Releases Activity

Add forest

This commit is contained in:
~lucidiot 2022-06-19 16:42:28 +02:00
parent 32529c47e9
commit df5f65cc3d
1 changed files with 304 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

304
content/forest.md Normal file
View File

@ -0,0 +1,304 @@
---
title: forest
---
`forest` is an Acer Aspire V5-123 netbook that I got for free from a great friend and turned into an Alpine server. It is the successor of [mountain](./mountain.html), and is intended to have just as many services as `mountain`, but with twice as much processing power, and twice as less power usage and heat.
## Specifications
* Birth date (in my own hands): 2022-06-09T13:00Z
* Model ID: 12102G50nkk
* CPU: AMD E1-2100 APU at 1 GHz
* RAM: 2GB DDR3, up to 4GB supported
* GPU: ATI Radeon HD 8210
* 11.6" 1366×768 LCD screen
* 500GB SATA HDD
* Original disk unknown.
* Current disk: HGST Travelstar Z7K500 (HTS725050B7E630)
* Sanyo AL12B32 4-cell Li-ion battery
* Design capacity: 2500 mAh
* Design minimum voltage: 14.8V
* Current capacity: 0 mAh
* Current voltage: ~5V
* New battery is on its way.
* Atheros AR8171 Gigabit Ethernet
* Atheros AR9565 WLAN adapter (802.11b/g/n and Bluetooth 4.0)
* 2 USB 2.0 ports, 1 USB 3.0 port
* 1 HDMI port, 1 VGA port
* Chicony Electronics Co. Ltd HD Webcam
* Built-in microphone
* SD card reader
* Maximum power: 40W
## Places it went to
It might be a server, but it still might go places for various reasons!
* Grenoble
* Place Victor Hugo
* Tested it on one out of 10 power plugs that were left there, unlocked, available for everyone.
* My desk
* Set it up as my home server
* On a shelf
* Became my home server
## Services
* [My French blog](https://brainshit.fr) (to be moved from `mountain`)
* LAN-only CUPS server for a Seiko RP-D10 thermal printer
* LAN-only Samba server for my Windows ThinkPads, for network shares and network printing
* Syncthing device which hosts all of my shares at once for Linux and Android devices
* Wireguard server (to be set up)
## Server setup
Those are the notes I was supposed to make for `mountain` really, but never got around to actually do.
### Base setup
- Run `setup-alpine`
- Use `fr-oss` as the keyboard variant
- Set `forest` as the hostname
- Configure `wlan0` and `eth0` with DHCP
- Use `chrony` as the NTP server
- Create a non-root user
- Use `openssh` as the SSH server
- Use the `sda` disk as an `lvm` physical volume and install Alpine on it (select `sys`)
- Use `f` to auto-detect the fastest mirror
- Reboot once prompted, disconnect the USB key
- Login and enable the community repo (`doas vi /etc/apk/repositories`)
- ```
doas apk add --update vim figlet htop byobu pciutils zsh doas-sudo-shim curl linux-firmware-amd-ucode tree neofetch git
sudo mkdir /home/lucidiot
sudo chown lucidiot:lucidiot /home/lucidiot
```
- Edit the /etc/motd with a `:r!figlet -f smslant forest`
- ```
sed -i /lucidiot/s/ash/zsh/ /etc/passwd
byobu-enable
neofetch # btw i use alpine
```
### SMART
### SSH
- Edit `/etc/ssh/sshd_config`
- Disable `PasswordAuthentication`
- Disable `PermitRootLogin`
- Disable `KbdInteractiveAuthentication`
- `sudo rc-service sshd reload`
### Syncthing
- ```
sudo apk add syncthing
sudo rc-service syncthing start
sudo rc-update add syncthing
sudo vim /var/lib/syncthing/.config/syncthing/config.xml
```
- Set the `<address>` in the `<gui>` to the local IP of this machine, `192.168.1.xxx`
- `sudo rc-service syncthing restart`
- Open the Syncthing GUI at `http://<ip address>:8384/`
- Open the GUI settings
- Use the **Set Folder Defaults** and **Set Device Defaults** to set your defaults.
Enable some file versioning to let the server do some sort of backups…
- Under GUI, configure a username and password and enable HTTPS.
- Save, load the `https://` version of the site and login.
- Remove the default share.
- Open Syncthing on other devices, add `forest` to it, and share anything you want with it.
- Accept all the devices and shares and get sync'd!
### MariaDB
TODO
```
sudo apk add mariadb mariadb-client
```
### PHP
TODO
```
sudo apk add php81-fpm php81-mbstring php81-mysqli php81-session
```
### Brainshit
TODO
### CUPS
A CUPS server to print on a SII RP-D10 thermal printer, also advertised over SMB.
* ```
apk add build-base cups cups-filters cups-dev cups-filters-dev libjpeg libpng tiff ghostscript eudev
wget https://www.seiko-instruments.de/fileadmin/user_upload/CUPSFilter_Ver.1.2.0.zip
unzip CUPSFilter_Ver.1.2.0.zip
cd CUPSFilter_Ver.1.2.0
tar xf sii_mlt_cups-1.2.0.tar.gz
cd sii_mlt_cups-1.2.0
sudo mkdir /usr/lib/cups/filter
./configure # ignore the error on stamp-h1
make
sudo make install
sudo apk del cups-dev cups-filters-dev build-base
cd ../..
rm -rf CUPSFilter_Ver.1.2.0
```
* Edit /etc/cups/cupsd.conf:
- Add Listen 192.168.1.xxx:631
- Add Allow All on every location
- Add AutoPurgeJobs yes
- Add PreserveJobFiles no
* ```
sudo addgroup lucidiot lpadmin
sudo rc-service cupsd start
sudo rc-update add cupsd default
```
* `lsusb` to find out which is the bus and device of the printer
* `udevadm info -p $(udevadm info -q path -n /dev/bus/usb/<bus>/<device>)`
* look for the `PRODUCT:`
* `echo 'SUBSYSTEM=usb;PRODUCT=619/127/106;.* root:lp 660 */lib/mdev/usbdev' | sudo tee -a /etc/mdev.conf`
* plug or unplug+replug the printer
* `lpinfo -v` to find out the usb:// path
* ```
lpadmin -p thermal -E -v usb://SII/RP-D10 -P /usr/share/cups/model/sii_rpfg10_80.ppd
lpadmin -p thermal -o PageSize=X72MMY1000MM -o CutTiming=Document -o BlankImage=nonfeed
lpoptions -d thermal
```
### Samba
* ```
sudo apk add samba-server samba-common-tools acl
```
* Edit `/etc/samba/smb.conf`:
* Set `global.workgroup` to `CYBRECLUSTER`
* Set `global.server string` to `Forest Sector`
* Set `global.hosts allow` to `192.168.1. 127.`
* Set `global.wins support` to `yes`
* Set `global.use sendfile` to `yes`
* Set `global.server min protocol` to `NT1`
* Set `global.ntlm auth` to `yes`
* Set `global.log file` to `/var/log/samba/log.%m`
* Disable the default `[homes]` share
* Set the path for the printer share to `/var/spool/samba`
* Add a new share:
```
[stuff]
comment = Local Stuff
path = /var/lib/samba/stuff
valid users = lucidiot
public = no
writable = yes
printable = no
```
```
sudo mkdir /var/lib/samba/stuff /var/spool/samba
sudo setfacl -R -m u:lucidiot:rwx /var/lib/samba/stuff /var/spool/samba
sudo smbpasswd -a lucidiot
sudo rc-service samba start
sudo rc-update add samba
```
### Wireguard
TODO
`sudo apk add wireguard-tools`
### iptables
TODO
### msmtp
- `sudo apk add msmtp`
- Edit `/etc/msmtprc`:
```
account default
host <SMTP server hostname>
port <SMTP port>
tls on
tls_starttls off
auth on
user <SMTP username>
passwordeval <command to get password>
# less safe alternative
password <plaintext password>
from <From address>
allow_from_override off
syslog on
aliases /etc/msmtp_aliases
```
- ```
echo 'default: <destination address>' > /etc/msmtp_aliases
echo 'set sendmail="/usr/bin/msmtp"' > /etc/mail.rc
```
### "Monitoring"
- Add the amazing `alertwrapper` script:
```
mkdir -p ~/bin
cat >~/bin/alertwrapper <<<EOF
#!/bin/sh -e
output="$(mktemp)"
notify () {
{ echo "Subject: $*"; echo; cat "$output"; } | msmtp lucidiot
exit 1
}
job_name="$1"
shift
sh -c "$@" 2>&1 >"$output" || notify "Job $job_name failed!"
grep -q '[^[:space:]]' "$output" && notify "Job $job_name returned some output"
EOF
```
- Setup your crontab with some checks:
```
*/10 * * * * /home/lucidiot/bin/alertwrapper cpu_over_80C 'test $(</sys/class/thermal/thermal_zone0/temp) -le 80000'
42 * * * * /home/lucidiot/bin/alertwrapper curl_brainshit 'curl -s --fail https://brainshit.fr | grep -qi rss'
40 * * * * /home/lucidiot/bin/alertwrapper openrc 'rc-status -f ini | grep -v -e '"'"'^\['"'"' -e '"'"'=\s*started'"'"' || true'
```
#### SMART
```
sudo apk add smartmontools
sudo rc-service smartd start
sudo rc-update add smartd
sudo smartctl -a /dev/sda | less
```
TODO