Recipe for Gregg's Aunt's Server

Jetway mini-PC with Samsung EVO 850 SATA + mSATA drives

  • base netinst install of jessie - deselect everything from tasksel
    • hostname storage – domain jane.lcl
    • default partition layout on both drives; RAID-1 for root filesystem (ext4)
  • > /etc/motd
  • apt-get --no-install-recommends install aptitude
  • aptitude install ssh (deselect xauth)
  • aptitude install fbset screen rsync psmisc file patch ethtool strace tcpdump vim
  • aptitude --without-recommends install dnsutils
  • adduser tdobes adm
  • adduser williams
  • aptitude install dbus
  • sed -i -e 's/^deb.* main$/& contrib non-free/g' /etc/apt/sources.list
  • aptitude update && aptitude forget-new
  • aptitude install intel-microcode firmware-realtek # nonfree firmware for Realtek WLAN card
  • aptitude install ifplugd
  • sed -i -e 's/^INTERFACES=""/INTERFACES="eth0"/g' /etc/default/ifplugd
  • sed -i -e 's/^allow-hotplug eth0/#allow-hotplug eth0/g' /etc/network/interfaces
  • aptitude --without-recommends install ntp
    echo '[Unit]' > /etc/systemd/system/ntp.service
    echo 'Description=Network Time Protocol daemon' >> /etc/systemd/system/ntp.service
    echo 'After=network.target' >> /etc/systemd/system/ntp.service
    echo >> /etc/systemd/system/ntp.service
    echo '[Service]' >> /etc/systemd/system/ntp.service
    echo 'ExecStart=/usr/sbin/ntpd -n -g -u ntp:ntp' >> /etc/systemd/system/ntp.service
    echo >> /etc/systemd/system/ntp.service
    echo '[Install]' >> /etc/systemd/system/ntp.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ntp.service
    systemctl enable ntp.service
  • mkdir -p /etc/systemd/system/ssh.socket.d
    echo '[Socket]' > /etc/systemd/system/ssh.socket.d/port-2222.conf
    echo 'ListenStream=2222' >> /etc/systemd/system/ssh.socket.d/port-2222.conf
    systemctl disable ssh.service && systemctl enable ssh.socket
  • mkdir -p /etc/systemd/system/getty\@tty1.service.d
    echo '[Service]' > /etc/systemd/system/getty\@tty1.service.d/noclear.conf
    echo 'TTYVTDisallocate=no' >> /etc/systemd/system/getty\@tty1.service.d/noclear.conf
  • systemctl mask networking.service # we use ifplugd instead
    echo 'D /run/network 0755 root root' > /etc/tmpfiles.d/debian-networking.conf
    echo 'F /run/network/ifstate 0644 root root - lo=lo' >> /etc/tmpfiles.d/debian-networking.conf
  • aptitude purge acpid acpi-support-base # systemd-logind takes care of this
  • aptitude install wpasupplicant ifmetric iw wireless-tools
  • ToDo: WiFi backup for loss of network connectivity
  • sed -i -e 's/^GRUB_CMDLINE_LINUX_DEFAULT="quiet"$/GRUB_CMDLINE_LINUX_DEFAULT="quiet panic=5"/g' /etc/default/grub && update-grub
  • systemctl mask systemd-rfkill@rfkill0.service
    systemctl mask keyboard-setup.service
    systemctl mask console-setup.service
    systemctl mask rc-local.service
  • aptitude install lm-sensors
  • allow connections on 2nd NIC:
    echo >> /etc/network/interfaces
    echo '#allow-hotplug eth1' >> /etc/network/interfaces
    echo 'iface eth1 inet dhcp' >> /etc/network/interfaces
    
    sed -i -e 's/^INTERFACES="eth0"$/INTERFACES="eth0 eth1"/g' /etc/default/ifplugd
  • aptitude install samba
  • mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
  • cat > /etc/samba/smb.conf
    [global]
      security = user
      workgroup = WILLIAMS
      server string = Mini Storage Server
    
      # try to become browse master
      local master = yes
      # don't use DNS for NetBIOS lookups
      dns proxy = no
      # don't flood DNS servers with useless queries (see manpage; DC lookup still uses DNS)... also disable broadcast resolution
      # name resolve order = wins
      name resolve order = wins host
      # ensure that we follow PAM rules (hopefully this will enforce home directory auto-creation)
      obey pam restrictions = yes
      # no broadcast announcements (we're not using OS/2)
      lm announce = no
    
      # disable print server
      load printers = no
      show add printer wizard = no
      disable spoolss = yes
    
      # logging
      log file = /var/log/samba/log.%m
      # cap logfiles at 1MB
      max log size = 1000
      log level = 2
      # don't send anything to syslog
      syslog = 0
      # mail the admin if we crash
      panic action = /usr/share/samba/panic-action %d
    
      # performance tweaks
      socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
      use sendfile = yes
      max protocol = SMB3
      strict allocate = yes
    
      # obtain permissions from parent dir
      inherit permissions = yes
      # drop connections with no open files after 15 minutes of inactivity
      deadtime = 15
      # allow Windows to handle inheritance correctly
      map acl inherit = yes
    
      # hide Apple-specific files from Windows, but delete them if we're deleting a folder
      veto files = /.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/.AppleDouble/.AppleDB/.DS_Store/.TemporaryItems/
      delete veto files = yes
    
      create mask = 0664
      directory mask = 0775
    
      # this wreaks all sorts of havoc with symlinks
      unix extensions = no
    
      # emulate DOS attributes using xattr
      store dos attributes = yes
    
    [share]
      comment = Shared Storage
      writable = yes
      path = /mnt/storage
    ^D
  • smbpasswd -a -L williams (and enter password)
  • mkdir /mnt/storage && chown williams /mnt/storage
  • systemctl restart smbd && systemctl restart nmbd
computer/aunt_server.txt · Last modified: 2015/05/08 17:15 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS