wiki/content/mountain.md

---
title: mountain
---

`mountain` is an Acer Aspire 7220 running Alpine Linux at my home, and was
hosting my [French blog](https://brainshit.fr).  It was also part of my group
of Syncthing devices, to make sure there is always one device ready to receive
another's changes, for near-instant online backups.

It is named after one of the sectors in Code Lyoko; my previous server was
named Carthage after the Fifth Sector.  I plan on naming my next devices after
the other sectors; Desert, Forest and Ice.

I was considering hosting some other small services such as Gopher, Gemini, or
Finger.  I however want everything to only be purely static; if it does not
fit in a Git repo, it does not get into my server.  Syncthing is the only
exception.

A WebDAV server was also hosted there, although it is only exposed to my LAN;
I used it purely to make transfers between my IBM ThinkPads running old Windows
versions and my Linux systems easier.

I tried to write some setup docs when I first set it up, but of course I did
not write everything down, that would be too easy.

`mountain` has been migrated to [forest](./forest.html), a more
energy-efficient server.  All services on `mountain` have been officially
stopped on 2022-12-04.

## Base setup

* Boot on an Alpine Linux ISO.
* Run `setup_alpine`.
* Set the keyboard to `fr-oss` (layout `fr`, then `fr-oss` variant)
* Set `mountain` as the hostname
* Set the disks up; `lvm` on all disks
* Reboot once prompted
* Uncomment the `community` repo in `/etc/apk/repositories`
* Recommended installation: `apk add --update vim figlet htop tmux pciutils zsh`
* Edit the `/etc/motd` to taste, including a `:r! figlet mountain`

## WLAN

### Manual setup

* Scan: `iwlist wlan0 scanning`
* Set SSID to `bacon`: `iwlist wlan0 essid bacon`
* Create WPA config: `wpa_passphrase bacon password > /etc/wpa_supplicant/wpa_supplicant.conf`
* Start WPA supplicant: `wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf`
* Start in the background: `wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf`
* DHCP: `udhcpc -i wlan0`

### Automated setup

* Perform the above manual setup first.
* Ensure the following is in `/etc/network/interfaces`:
  ```
  auto wlan0
  iface wlan0 inet dhcp
  ```
* Nuke the interface: `ifconfig wlan0 down`
* Start WPA supplicant manually: `rc-service wpa_supplicant start`
* If all goes well, `rc-update add wpa_supplicant boot`

## Graphics

* Add the graphics driver: `apk add xf86-video-nouveau` (might not be mandatory?)
* To set the screen resolution manually: `fbset -xres 1440 -yres 900 -match`

> TODO: Keep the screen resolution set permanently

## SSH

* The base setup already includes a server
  * Check it with `rc-status`
  * Otherwise:
    ```
    apk add openssh
    rc-update add sshd default
    rc-service sshd start
    ```
* After updating the config at `/etc/ssh/sshd_config`, restart with `rc-service sshd restart`
* Disable `PasswordAuthentication`, `ChallengeResponseAuthentication` and `PermitRootLogin`

## Sudo

* Install sudo: `apk add sudo`
* Add a group: `addgroup sudo`
* Add a user to the group: `adduser lucidiot sudo`
* Use `visudo` to uncomment the line that allows access to the `sudo` group

## Nginx

* Install nginx: `apk add nginx`
* Start on boot: `rc-update add nginx default`
* Start manually: `rc-service nginx start`

## MariaDB

* Install MariaDB: `apk add mariadb mariadb-client`
* Start on boot: `rc-update add mariadb default`
* Initial setup: `rc-service mariadb setup`
* Start manually: `rc-service mariadb start`
* Run the installation wizard: `mariadb-secure-installation`
* Keep passwordless access for root without UNIX socket so you can do `sudo mariadb`
* Disallow remote login
* Remove anonymous users and the `test` database
* Run `sudo mariadb`
* Run `INSTALL SONAME 'auth_ed25519';`

## PHP

* `apk add php7-fpm phpmyadmin`
* `rc-update add php-fpm7 default`
* Edit `/etc/php7/php-fpm.d/www.conf`:
  ```
  listen = /run/php-fpm7/php.sock
  ```
* `rc-service php-fpm7 start`