lucidiot/wiki
lucidiot
/
wiki
2
2
Fork 0
Code Issues 2 Pull Requests Releases Activity
wiki/content/mountain.md

3.9 KiB
Raw Blame History

title
mountain

mountain is an Acer Aspire 7220 running Alpine Linux at my home, and hosting my French blog. It is also part of my group of Syncthing devices, to make sure there is always one device ready to receive another's changes, for near-instant online backups.

It is named after one of the sectors in Code Lyoko; my previous server was named Carthage after the Fifth Sector. I plan on naming my next devices after the other sectors; Desert, Forest and Ice.

I am considering hosting some other small services such as Gopher, Gemini, or Finger. I however want everything to only be purely static; if it does not fit in a Git repo, it does not get into my server. Syncthing is the only exception.

A WebDAV server is also hosted there, although it is only exposed to my LAN; I use it purely to make transfers between my IBM ThinkPads running old Windows versions and my Linux systems easier.

I tried to write some setup docs when I first set it up, but of course I did not write everything down, that would be too easy.

Base setup

  • Boot on an Alpine Linux ISO.
  • Run setup_alpine.
  • Set the keyboard to fr-oss (layout fr, then fr-oss variant)
  • Set mountain as the hostname
  • Set the disks up; lvm on all disks
  • Reboot once prompted
  • Uncomment the community repo in /etc/apk/repositories
  • Recommended installation: apk add --update vim figlet htop tmux pciutils zsh
  • Edit the /etc/motd to taste, including a :r! figlet mountain

WLAN

Manual setup

  • Scan: iwlist wlan0 scanning
  • Set SSID to bacon: iwlist wlan0 essid bacon
  • Create WPA config: wpa_passphrase bacon password > /etc/wpa_supplicant/wpa_supplicant.conf
  • Start WPA supplicant: wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
  • Start in the background: wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
  • DHCP: udhcpc -i wlan0

Automated setup

  • Perform the above manual setup first.
  • Ensure the following is in /etc/network/interfaces: 
    auto wlan0
iface wlan0 inet dhcp
  • Nuke the interface: ifconfig wlan0 down
  • Start WPA supplicant manually: rc-service wpa_supplicant start
  • If all goes well, rc-update add wpa_supplicant boot

Graphics

  • Add the graphics driver: apk add xf86-video-nouveau (might not be mandatory?)
  • To set the screen resolution manually: fbset -xres 1440 -yres 900 -match

TODO: Keep the screen resolution set permanently

SSH

  • The base setup already includes a server
    • Check it with rc-status
    • Otherwise: 
      apk add openssh
rc-update add sshd default
rc-service sshd start
  • After updating the config at /etc/ssh/sshd_config, restart with rc-service sshd restart
  • Disable PasswordAuthentication, ChallengeResponseAuthentication and PermitRootLogin

Sudo

  • Install sudo: apk add sudo
  • Add a group: addgroup sudo
  • Add a user to the group: adduser lucidiot sudo
  • Use visudo to uncomment the line that allows access to the sudo group

Nginx

  • Install nginx: apk add nginx
  • Start on boot: rc-update add nginx default
  • Start manually: rc-service nginx start

MariaDB

  • Install MariaDB: apk add mariadb mariadb-client
  • Start on boot: rc-update add mariadb default
  • Initial setup: rc-service mariadb setup
  • Start manually: rc-service mariadb start
  • Run the installation wizard: mariadb-secure-installation
  • Keep passwordless access for root without UNIX socket so you can do sudo mariadb
  • Disallow remote login
  • Remove anonymous users and the test database
  • Run sudo mariadb
  • Run INSTALL SONAME 'auth_ed25519';

PHP

  • apk add php7-fpm phpmyadmin
  • rc-update add php-fpm7 default
  • Edit /etc/php7/php-fpm.d/www.conf: 
    listen = /run/php-fpm7/php.sock
  • rc-service php-fpm7 start

TODO

Brainshit

TODO

Let's Encrypt

TODO

UFW

TODO

WebDAV

TODO