Add forest
This commit is contained in:
parent
32529c47e9
commit
df5f65cc3d
|
@ -0,0 +1,304 @@
|
|||
---
|
||||
title: forest
|
||||
---
|
||||
|
||||
`forest` is an Acer Aspire V5-123 netbook that I got for free from a great friend and turned into an Alpine server. It is the successor of [mountain](./mountain.html), and is intended to have just as many services as `mountain`, but with twice as much processing power, and twice as less power usage and heat.
|
||||
|
||||
## Specifications
|
||||
|
||||
* Birth date (in my own hands): 2022-06-09T13:00Z
|
||||
* Model ID: 12102G50nkk
|
||||
* CPU: AMD E1-2100 APU at 1 GHz
|
||||
* RAM: 2GB DDR3, up to 4GB supported
|
||||
* GPU: ATI Radeon HD 8210
|
||||
* 11.6" 1366×768 LCD screen
|
||||
* 500GB SATA HDD
|
||||
* Original disk unknown.
|
||||
* Current disk: HGST Travelstar Z7K500 (HTS725050B7E630)
|
||||
* Sanyo AL12B32 4-cell Li-ion battery
|
||||
* Design capacity: 2500 mAh
|
||||
* Design minimum voltage: 14.8V
|
||||
* Current capacity: 0 mAh
|
||||
* Current voltage: ~5V
|
||||
* New battery is on its way.
|
||||
* Atheros AR8171 Gigabit Ethernet
|
||||
* Atheros AR9565 WLAN adapter (802.11b/g/n and Bluetooth 4.0)
|
||||
* 2 USB 2.0 ports, 1 USB 3.0 port
|
||||
* 1 HDMI port, 1 VGA port
|
||||
* Chicony Electronics Co. Ltd HD Webcam
|
||||
* Built-in microphone
|
||||
* SD card reader
|
||||
* Maximum power: 40W
|
||||
|
||||
## Places it went to
|
||||
|
||||
It might be a server, but it still might go places for various reasons!
|
||||
|
||||
* Grenoble
|
||||
* Place Victor Hugo
|
||||
* Tested it on one out of 10 power plugs that were left there, unlocked, available for everyone.
|
||||
* My desk
|
||||
* Set it up as my home server
|
||||
* On a shelf
|
||||
* Became my home server
|
||||
|
||||
## Services
|
||||
|
||||
* [My French blog](https://brainshit.fr) (to be moved from `mountain`)
|
||||
* LAN-only CUPS server for a Seiko RP-D10 thermal printer
|
||||
* LAN-only Samba server for my Windows ThinkPads, for network shares and network printing
|
||||
* Syncthing device which hosts all of my shares at once for Linux and Android devices
|
||||
* Wireguard server (to be set up)
|
||||
|
||||
## Server setup
|
||||
|
||||
Those are the notes I was supposed to make for `mountain` really, but never got around to actually do.
|
||||
|
||||
### Base setup
|
||||
|
||||
- Run `setup-alpine`
|
||||
- Use `fr-oss` as the keyboard variant
|
||||
- Set `forest` as the hostname
|
||||
- Configure `wlan0` and `eth0` with DHCP
|
||||
- Use `chrony` as the NTP server
|
||||
- Create a non-root user
|
||||
- Use `openssh` as the SSH server
|
||||
- Use the `sda` disk as an `lvm` physical volume and install Alpine on it (select `sys`)
|
||||
- Use `f` to auto-detect the fastest mirror
|
||||
- Reboot once prompted, disconnect the USB key
|
||||
- Login and enable the community repo (`doas vi /etc/apk/repositories`)
|
||||
- ```
|
||||
doas apk add --update vim figlet htop byobu pciutils zsh doas-sudo-shim curl linux-firmware-amd-ucode tree neofetch git
|
||||
sudo mkdir /home/lucidiot
|
||||
sudo chown lucidiot:lucidiot /home/lucidiot
|
||||
```
|
||||
- Edit the /etc/motd with a `:r!figlet -f smslant forest`
|
||||
- ```
|
||||
sed -i /lucidiot/s/ash/zsh/ /etc/passwd
|
||||
byobu-enable
|
||||
neofetch # btw i use alpine
|
||||
```
|
||||
|
||||
### SMART
|
||||
|
||||
### SSH
|
||||
|
||||
- Edit `/etc/ssh/sshd_config`
|
||||
- Disable `PasswordAuthentication`
|
||||
- Disable `PermitRootLogin`
|
||||
- Disable `KbdInteractiveAuthentication`
|
||||
- `sudo rc-service sshd reload`
|
||||
|
||||
### Syncthing
|
||||
|
||||
- ```
|
||||
sudo apk add syncthing
|
||||
sudo rc-service syncthing start
|
||||
sudo rc-update add syncthing
|
||||
sudo vim /var/lib/syncthing/.config/syncthing/config.xml
|
||||
```
|
||||
|
||||
- Set the `<address>` in the `<gui>` to the local IP of this machine, `192.168.1.xxx`
|
||||
|
||||
- `sudo rc-service syncthing restart`
|
||||
|
||||
- Open the Syncthing GUI at `http://<ip address>:8384/`
|
||||
|
||||
- Open the GUI settings
|
||||
|
||||
- Use the **Set Folder Defaults** and **Set Device Defaults** to set your defaults.
|
||||
Enable some file versioning to let the server do some sort of backups…
|
||||
|
||||
- Under GUI, configure a username and password and enable HTTPS.
|
||||
|
||||
- Save, load the `https://` version of the site and login.
|
||||
|
||||
- Remove the default share.
|
||||
|
||||
- Open Syncthing on other devices, add `forest` to it, and share anything you want with it.
|
||||
|
||||
- Accept all the devices and shares and get sync'd!
|
||||
|
||||
### MariaDB
|
||||
|
||||
TODO
|
||||
|
||||
```
|
||||
sudo apk add mariadb mariadb-client
|
||||
```
|
||||
|
||||
### PHP
|
||||
|
||||
TODO
|
||||
|
||||
```
|
||||
sudo apk add php81-fpm php81-mbstring php81-mysqli php81-session
|
||||
```
|
||||
|
||||
### Brainshit
|
||||
|
||||
TODO
|
||||
|
||||
### CUPS
|
||||
|
||||
A CUPS server to print on a SII RP-D10 thermal printer, also advertised over SMB.
|
||||
|
||||
* ```
|
||||
apk add build-base cups cups-filters cups-dev cups-filters-dev libjpeg libpng tiff ghostscript eudev
|
||||
wget https://www.seiko-instruments.de/fileadmin/user_upload/CUPSFilter_Ver.1.2.0.zip
|
||||
unzip CUPSFilter_Ver.1.2.0.zip
|
||||
cd CUPSFilter_Ver.1.2.0
|
||||
tar xf sii_mlt_cups-1.2.0.tar.gz
|
||||
cd sii_mlt_cups-1.2.0
|
||||
sudo mkdir /usr/lib/cups/filter
|
||||
./configure # ignore the error on stamp-h1
|
||||
make
|
||||
sudo make install
|
||||
sudo apk del cups-dev cups-filters-dev build-base
|
||||
cd ../..
|
||||
rm -rf CUPSFilter_Ver.1.2.0
|
||||
```
|
||||
|
||||
* Edit /etc/cups/cupsd.conf:
|
||||
- Add Listen 192.168.1.xxx:631
|
||||
- Add Allow All on every location
|
||||
- Add AutoPurgeJobs yes
|
||||
- Add PreserveJobFiles no
|
||||
|
||||
* ```
|
||||
sudo addgroup lucidiot lpadmin
|
||||
sudo rc-service cupsd start
|
||||
sudo rc-update add cupsd default
|
||||
```
|
||||
|
||||
* `lsusb` to find out which is the bus and device of the printer
|
||||
|
||||
* `udevadm info -p $(udevadm info -q path -n /dev/bus/usb/<bus>/<device>)`
|
||||
|
||||
* look for the `PRODUCT:`
|
||||
|
||||
* `echo 'SUBSYSTEM=usb;PRODUCT=619/127/106;.* root:lp 660 */lib/mdev/usbdev' | sudo tee -a /etc/mdev.conf`
|
||||
|
||||
* plug or unplug+replug the printer
|
||||
|
||||
* `lpinfo -v` to find out the usb:// path
|
||||
|
||||
* ```
|
||||
lpadmin -p thermal -E -v usb://SII/RP-D10 -P /usr/share/cups/model/sii_rpfg10_80.ppd
|
||||
lpadmin -p thermal -o PageSize=X72MMY1000MM -o CutTiming=Document -o BlankImage=nonfeed
|
||||
lpoptions -d thermal
|
||||
```
|
||||
|
||||
### Samba
|
||||
|
||||
* ```
|
||||
sudo apk add samba-server samba-common-tools acl
|
||||
```
|
||||
|
||||
* Edit `/etc/samba/smb.conf`:
|
||||
* Set `global.workgroup` to `CYBRECLUSTER`
|
||||
* Set `global.server string` to `Forest Sector`
|
||||
* Set `global.hosts allow` to `192.168.1. 127.`
|
||||
* Set `global.wins support` to `yes`
|
||||
* Set `global.use sendfile` to `yes`
|
||||
* Set `global.server min protocol` to `NT1`
|
||||
* Set `global.ntlm auth` to `yes`
|
||||
* Set `global.log file` to `/var/log/samba/log.%m`
|
||||
* Disable the default `[homes]` share
|
||||
* Set the path for the printer share to `/var/spool/samba`
|
||||
* Add a new share:
|
||||
|
||||
```
|
||||
[stuff]
|
||||
comment = Local Stuff
|
||||
path = /var/lib/samba/stuff
|
||||
valid users = lucidiot
|
||||
public = no
|
||||
writable = yes
|
||||
printable = no
|
||||
```
|
||||
|
||||
```
|
||||
sudo mkdir /var/lib/samba/stuff /var/spool/samba
|
||||
sudo setfacl -R -m u:lucidiot:rwx /var/lib/samba/stuff /var/spool/samba
|
||||
sudo smbpasswd -a lucidiot
|
||||
sudo rc-service samba start
|
||||
sudo rc-update add samba
|
||||
```
|
||||
|
||||
### Wireguard
|
||||
|
||||
TODO
|
||||
|
||||
`sudo apk add wireguard-tools`
|
||||
|
||||
### iptables
|
||||
|
||||
TODO
|
||||
|
||||
### msmtp
|
||||
|
||||
- `sudo apk add msmtp`
|
||||
- Edit `/etc/msmtprc`:
|
||||
```
|
||||
account default
|
||||
host <SMTP server hostname>
|
||||
port <SMTP port>
|
||||
tls on
|
||||
tls_starttls off
|
||||
auth on
|
||||
user <SMTP username>
|
||||
passwordeval <command to get password>
|
||||
# less safe alternative
|
||||
password <plaintext password>
|
||||
from <From address>
|
||||
allow_from_override off
|
||||
syslog on
|
||||
aliases /etc/msmtp_aliases
|
||||
```
|
||||
- ```
|
||||
echo 'default: <destination address>' > /etc/msmtp_aliases
|
||||
echo 'set sendmail="/usr/bin/msmtp"' > /etc/mail.rc
|
||||
```
|
||||
|
||||
### "Monitoring"
|
||||
|
||||
- Add the amazing `alertwrapper` script:
|
||||
|
||||
```
|
||||
mkdir -p ~/bin
|
||||
cat >~/bin/alertwrapper <<<EOF
|
||||
#!/bin/sh -e
|
||||
output="$(mktemp)"
|
||||
|
||||
notify () {
|
||||
{ echo "Subject: $*"; echo; cat "$output"; } | msmtp lucidiot
|
||||
exit 1
|
||||
}
|
||||
|
||||
job_name="$1"
|
||||
shift
|
||||
|
||||
sh -c "$@" 2>&1 >"$output" || notify "Job $job_name failed!"
|
||||
grep -q '[^[:space:]]' "$output" && notify "Job $job_name returned some output"
|
||||
EOF
|
||||
```
|
||||
|
||||
- Setup your crontab with some checks:
|
||||
|
||||
```
|
||||
*/10 * * * * /home/lucidiot/bin/alertwrapper cpu_over_80C 'test $(</sys/class/thermal/thermal_zone0/temp) -le 80000'
|
||||
42 * * * * /home/lucidiot/bin/alertwrapper curl_brainshit 'curl -s --fail https://brainshit.fr | grep -qi rss'
|
||||
40 * * * * /home/lucidiot/bin/alertwrapper openrc 'rc-status -f ini | grep -v -e '"'"'^\['"'"' -e '"'"'=\s*started'"'"' || true'
|
||||
```
|
||||
|
||||
#### SMART
|
||||
|
||||
```
|
||||
sudo apk add smartmontools
|
||||
sudo rc-service smartd start
|
||||
sudo rc-update add smartd
|
||||
sudo smartctl -a /dev/sda | less
|
||||
```
|
||||
|
||||
TODO
|
Loading…
Reference in New Issue