--- title: mountain --- `mountain` is an Acer Aspire 7220 running Alpine Linux at my home, and hosting my [French blog](https://brainshit.fr). It is also part of my group of Syncthing devices, to make sure there is always one device ready to receive another's changes, for near-instant online backups. It is named after one of the sectors in Code Lyoko; my previous server was named Carthage after the Fifth Sector. I plan on naming my next devices after the other sectors; Desert, Forest and Ice. I am considering hosting some other small services such as Gopher, Gemini, or Finger. I however want everything to only be purely static; if it does not fit in a Git repo, it does not get into my server. Syncthing is the only exception. A WebDAV server is also hosted there, although it is only exposed to my LAN; I use it purely to make transfers between my IBM ThinkPads running old Windows versions and my Linux systems easier. I tried to write some setup docs when I first set it up, but of course I did not write everything down, that would be too easy. ## Base setup * Boot on an Alpine Linux ISO. * Run `setup_alpine`. * Set the keyboard to `fr-oss` (layout `fr`, then `fr-oss` variant) * Set `mountain` as the hostname * Set the disks up; `lvm` on all disks * Reboot once prompted * Uncomment the `community` repo in `/etc/apk/repositories` * Recommended installation: `apk add --update vim figlet htop tmux pciutils zsh` * Edit the `/etc/motd` to taste, including a `:r! figlet mountain` ## WLAN ### Manual setup * Scan: `iwlist wlan0 scanning` * Set SSID to `bacon`: `iwlist wlan0 essid bacon` * Create WPA config: `wpa_passphrase bacon password > /etc/wpa_supplicant/wpa_supplicant.conf` * Start WPA supplicant: `wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf` * Start in the background: `wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf` * DHCP: `udhcpc -i wlan0` ### Automated setup * Perform the above manual setup first. * Ensure the following is in `/etc/network/interfaces`: ``` auto wlan0 iface wlan0 inet dhcp ``` * Nuke the interface: `ifconfig wlan0 down` * Start WPA supplicant manually: `rc-service wpa_supplicant start` * If all goes well, `rc-update add wpa_supplicant boot` ## Graphics * Add the graphics driver: `apk add xf86-video-nouveau` (might not be mandatory?) * To set the screen resolution manually: `fbset -xres 1440 -yres 900 -match` > TODO: Keep the screen resolution set permanently ## SSH * The base setup already includes a server * Check it with `rc-status` * Otherwise: ``` apk add openssh rc-update add sshd default rc-service sshd start ``` * After updating the config at `/etc/ssh/sshd_config`, restart with `rc-service sshd restart` * Disable `PasswordAuthentication`, `ChallengeResponseAuthentication` and `PermitRootLogin` ## Sudo * Install sudo: `apk add sudo` * Add a group: `addgroup sudo` * Add a user to the group: `adduser lucidiot sudo` * Use `visudo` to uncomment the line that allows access to the `sudo` group ## Nginx * Install nginx: `apk add nginx` * Start on boot: `rc-update add nginx default` * Start manually: `rc-service nginx start` ## MariaDB * Install MariaDB: `apk add mariadb mariadb-client` * Start on boot: `rc-update add mariadb default` * Initial setup: `rc-service mariadb setup` * Start manually: `rc-service mariadb start` * Run the installation wizard: `mariadb-secure-installation` * Keep passwordless access for root without UNIX socket so you can do `sudo mariadb` * Disallow remote login * Remove anonymous users and the `test` database * Run `sudo mariadb` * Run `INSTALL SONAME 'auth_ed25519';` ## PHP * `apk add php7-fpm phpmyadmin` * `rc-update add php-fpm7 default` * Edit `/etc/php7/php-fpm.d/www.conf`: ``` listen = /run/php-fpm7/php.sock ``` * `rc-service php-fpm7 start` > TODO ## Brainshit > TODO ## Let's Encrypt > TODO ## UFW > TODO ## WebDAV > TODO