3.9 KiB
title |
---|
mountain |
mountain
is an Acer Aspire 7220 running Alpine Linux at my home, and
hosting my French blog. It is also part of my group
of Syncthing devices, to make sure there is always one device ready to receive
another's changes, for near-instant online backups.
It is named after one of the sectors in Code Lyoko; my previous server was named Carthage after the Fifth Sector. I plan on naming my next devices after the other sectors; Desert, Forest and Ice.
I am considering hosting some other small services such as Gopher, Gemini, or Finger. I however want everything to only be purely static; if it does not fit in a Git repo, it does not get into my server. Syncthing is the only exception.
A WebDAV server is also hosted there, although it is only exposed to my LAN; I use it purely to make transfers between my IBM ThinkPads running old Windows versions and my Linux systems easier.
I tried to write some setup docs when I first set it up, but of course I did not write everything down, that would be too easy.
Base setup
- Boot on an Alpine Linux ISO.
- Run
setup_alpine
. - Set the keyboard to
fr-oss
(layoutfr
, thenfr-oss
variant) - Set
mountain
as the hostname - Set the disks up;
lvm
on all disks - Reboot once prompted
- Uncomment the
community
repo in/etc/apk/repositories
- Recommended installation:
apk add --update vim figlet htop tmux pciutils zsh
- Edit the
/etc/motd
to taste, including a:r! figlet mountain
WLAN
Manual setup
- Scan:
iwlist wlan0 scanning
- Set SSID to
bacon
:iwlist wlan0 essid bacon
- Create WPA config:
wpa_passphrase bacon password > /etc/wpa_supplicant/wpa_supplicant.conf
- Start WPA supplicant:
wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
- Start in the background:
wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
- DHCP:
udhcpc -i wlan0
Automated setup
- Perform the above manual setup first.
- Ensure the following is in
/etc/network/interfaces
:auto wlan0 iface wlan0 inet dhcp
- Nuke the interface:
ifconfig wlan0 down
- Start WPA supplicant manually:
rc-service wpa_supplicant start
- If all goes well,
rc-update add wpa_supplicant boot
Graphics
- Add the graphics driver:
apk add xf86-video-nouveau
(might not be mandatory?) - To set the screen resolution manually:
fbset -xres 1440 -yres 900 -match
TODO: Keep the screen resolution set permanently
SSH
- The base setup already includes a server
- Check it with
rc-status
- Otherwise:
apk add openssh rc-update add sshd default rc-service sshd start
- Check it with
- After updating the config at
/etc/ssh/sshd_config
, restart withrc-service sshd restart
- Disable
PasswordAuthentication
,ChallengeResponseAuthentication
andPermitRootLogin
Sudo
- Install sudo:
apk add sudo
- Add a group:
addgroup sudo
- Add a user to the group:
adduser lucidiot sudo
- Use
visudo
to uncomment the line that allows access to thesudo
group
Nginx
- Install nginx:
apk add nginx
- Start on boot:
rc-update add nginx default
- Start manually:
rc-service nginx start
MariaDB
- Install MariaDB:
apk add mariadb mariadb-client
- Start on boot:
rc-update add mariadb default
- Initial setup:
rc-service mariadb setup
- Start manually:
rc-service mariadb start
- Run the installation wizard:
mariadb-secure-installation
- Keep passwordless access for root without UNIX socket so you can do
sudo mariadb
- Disallow remote login
- Remove anonymous users and the
test
database - Run
sudo mariadb
- Run
INSTALL SONAME 'auth_ed25519';
PHP
apk add php7-fpm phpmyadmin
rc-update add php-fpm7 default
- Edit
/etc/php7/php-fpm.d/www.conf
:listen = /run/php-fpm7/php.sock
rc-service php-fpm7 start
TODO
Brainshit
TODO
Let's Encrypt
TODO
UFW
TODO
WebDAV
TODO