Recipe for Potter Hallway Display Server

  • base netinst install of stretch - deselect everything from tasksel
    • hostname display-server-p – domain ces.pnw.edu
    • auto-partition, but change root to discard,noatime and delete/recreate swap as standard (not extended) partition
    • 110 GB system partition (ext4: noatime,discard), 10 GB swap
  • > /etc/motd
  • apt-get --no-install-recommends install aptitude
  • aptitude install ssh (deselect xauth)
  • aptitude install net-tools man-db less fbset screen rsync psmisc file patch ethtool strace tcpdump vim bzip2 xz-utils
  • aptitude --without-recommends install dnsutils
  • adduser tdobes adm
  • adduser tdobes systemd-journal
  • aptitude install dbus
  • sed -i -e 's/^deb.* main$/& contrib non-free/g' /etc/apt/sources.list
  • aptitude update && aptitude forget-new
  • aptitude install intel-microcode firmware-linux-nonfree # nonfree firmware for Broadcom Ethernet module (tg3)
  • aptitude install ifplugd
  • sed -i -e 's/^INTERFACES=""/INTERFACES="enp3s0"/g' /etc/default/ifplugd
  • sed -i -e 's/^allow-hotplug enp3s0/#allow-hotplug enp3s0/g' /etc/network/interfaces
  • # this takes care of the two DHCP interfaces fighting over resolv.conf:<code> aptitude install resolvconf systemctl enable resolvconf systemctl start resolvconf </code>
  • # systemd-timesyncd does this now: <code> aptitude –without-recommends install ntp echo '[Unit]' > /etc/systemd/system/ntp.service echo 'Description=Network Time Protocol daemon' » /etc/systemd/system/ntp.service echo 'After=network.target' » /etc/systemd/system/ntp.service echo » /etc/systemd/system/ntp.service echo '[Service]' » /etc/systemd/system/ntp.service echo 'ExecStart=/usr/sbin/ntpd -n -g -u ntp:ntp' » /etc/systemd/system/ntp.service echo » /etc/systemd/system/ntp.service echo '[Install]' » /etc/systemd/system/ntp.service echo 'WantedBy=multi-user.target' » /etc/systemd/system/ntp.service systemctl enable ntp.service </code>
  • mkdir -p /etc/systemd/system/ssh.socket.d
    echo '[Socket]' > /etc/systemd/system/ssh.socket.d/port-2222.conf
    echo 'ListenStream=2222' >> /etc/systemd/system/ssh.socket.d/port-2222.conf
    systemctl disable ssh.service && systemctl enable ssh.socket
  • mkdir -p /etc/systemd/system/getty\@tty1.service.d
    echo '[Service]' > /etc/systemd/system/getty\@tty1.service.d/noclear.conf
    echo 'TTYVTDisallocate=no' >> /etc/systemd/system/getty\@tty1.service.d/noclear.conf
  • <code> systemctl mask networking.service # we use ifplugd instead echo 'D /run/network 0755 root root' > /etc/tmpfiles.d/debian-networking.conf echo 'F /run/network/ifstate 0644 root root - lo=lo' » /etc/tmpfiles.d/debian-networking.conf </code>
  • aptitude install wpasupplicant ifmetric iw wireless-tools
  • echo 'ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev' > /etc/wpa_supplicant/calnet.conf
    echo 'update_config=1' >> /etc/wpa_supplicant/calnet.conf
    echo >> /etc/wpa_supplicant/calnet.conf
    echo 'network={' >> /etc/wpa_supplicant/calnet.conf
    echo '  ssid="eduroam"' >> /etc/wpa_supplicant/calnet.conf
    echo '  #bssid=' >> /etc/wpa_supplicant/calnet.conf
    echo '  key_mgmt=WPA-EAP' >> /etc/wpa_supplicant/calnet.conf
    echo '  eap=PEAP' >> /etc/wpa_supplicant/calnet.conf
    echo '  identity="**USERNAME**@purduecal.edu"' >> /etc/wpa_supplicant/calnet.conf
    echo '  password="**PASSWORD**"' >> /etc/wpa_supplicant/calnet.conf
    echo '  phase2="MSCHAPV2"' >> /etc/wpa_supplicant/calnet.conf
    echo '  priority=10' >> /etc/wpa_supplicant/calnet.conf
    echo '  id_str="calnet"' >> /etc/wpa_supplicant/calnet.conf
    echo '}' >> /etc/wpa_supplicant/calnet.conf
    echo >> /etc/wpa_supplicant/calnet.conf
    echo 'network={' >> /etc/wpa_supplicant/calnet.conf
    echo '  ssid="calnet3"' >> /etc/wpa_supplicant/calnet.conf
    echo '  #bssid=' >> /etc/wpa_supplicant/calnet.conf
    echo '  scan_ssid=1' >> /etc/wpa_supplicant/calnet.conf
    echo '  key_mgmt=WPA-EAP' >> /etc/wpa_supplicant/calnet.conf
    echo '  eap=PEAP' >> /etc/wpa_supplicant/calnet.conf
    echo '  identity="**USERNAME**"' >> /etc/wpa_supplicant/calnet.conf
    echo '  password="**PASSWORD**"' >> /etc/wpa_supplicant/calnet.conf
    echo '  phase2="MSCHAPV2"' >> /etc/wpa_supplicant/calnet.conf
    echo '  priority=9' >> /etc/wpa_supplicant/calnet.conf
    echo '  id_str="calnet"' >> /etc/wpa_supplicant/calnet.conf
    echo '}' >> /etc/wpa_supplicant/calnet.conf
    chmod 600 /etc/wpa_supplicant/calnet.conf # protect password
    echo >> /etc/network/interfaces
    echo 'allow-hotplug wlan0' >> /etc/network/interfaces
    echo 'iface wlan0 inet manual' >> /etc/network/interfaces
    echo '  wpa-driver nl80211' >> /etc/network/interfaces
    echo '  wpa-roam /etc/wpa_supplicant/calnet.conf' >> /etc/network/interfaces
    echo >> /etc/network/interfaces
    echo 'iface calnet inet dhcp' >> /etc/network/interfaces
    echo '  metric 1' >> /etc/network/interfaces
  • <code> echo 'make_resolv_conf() { : ; }' > /etc/dhcp/dhclient-enter-hooks.d/no_update_resolvconf chmod +x /etc/dhcp/dhclient-enter-hooks.d/no_update_resolvconf echo 'domain pott.ces.pnw.edu' > /etc/resolv.conf echo 'search pott.ces.pnw.edu ces.pnw.edu pnw.edu' » /etc/resolv.conf echo 'nameserver 205.215.68.84' » /etc/resolv.conf echo 'nameserver 205.215.68.85' » /etc/resolv.conf </code>
  • chmod -x /etc/wpa_supplicant/action_wpa.sh # ensures that ifplugd doesn't disconnect wifi – see http://raspberrypi.stackexchange.com/questions/31780/wpa-supplicant-conf-with-two-network-cards-not-working-when-wpa-roam
  • sed -i -e 's/^GRUB_CMDLINE_LINUX_DEFAULT="quiet"$/GRUB_CMDLINE_LINUX_DEFAULT="quiet panic=5"/g' /etc/default/grub && update-grub
  • systemctl mask keyboard-setup.service
    systemctl mask console-setup.service
    systemctl mask rc-local.service
  • aptitude --without-recommends install irqbalance
  • aptitude --without-recommends install lvm2 mdadm bridge-utils ifenslave vlan # when asked about arrays to start at boot, leave blank for none
  • aptitude --without-recommends install sshfs
  • aptitude install lsof memtest86+ parted time sysstat
  • aptitude --without-recommends install cifs-utils nfs-common
  • aptitude install unattended-upgrades
  • dpkg-reconfigure -plow unattended-upgrades # select “Yes”, and select default at origin screen

*

  • <code> aptitude install bridge-utils echo » /etc/network/interfaces echo 'allow-hotplug eth1' » /etc/network/interfaces echo 'iface eth1 inet manual' » /etc/network/interfaces echo ' up ifup br0' » /etc/network/interfaces echo » /etc/network/interfaces echo 'auto br0' » /etc/network/interfaces echo 'iface br0 inet static' » /etc/network/interfaces echo ' bridge_ports eth1' » /etc/network/interfaces echo ' bridge_fd 0' » /etc/network/interfaces echo ' bridge_maxwait 0' » /etc/network/interfaces echo ' address 192.168.76.1' » /etc/network/interfaces echo ' netmask 255.255.255.0' » /etc/network/interfaces </code>

*

sed -i -e 's/^iface enp3s0 inet dhcp$/&\n  up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE\n  down iptables -t nat -D POSTROUTING -o $IFACE -j MASQUERADE/g' /etc/network/interfaces
sed -i -e 's/^iface calnet3 inet dhcp$/&\n  up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE\n  down iptables -t nat -D POSTROUTING -o $IFACE -j MASQUERADE/g' /etc/network/interfaces
sed -i -e 's/^#net.ipv4.ip_forward=1$/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
  • aptitude install dnsmasq
    echo '192.168.76.1 display-server-p display-server' > /etc/hosts-dnsmasq
    echo '192.168.76.2 display-switch-p switch' >> /etc/hosts-dnsmasq
    echo 'domain-needed' > /etc/dnsmasq.d/pott-display.conf
    echo >> /etc/dnsmasq.d/pott-display.conf
    echo 'resolv-file=/etc/resolv.conf-dnsmasq' >> /etc/dnsmasq.d/pott-display.conf
    echo >> /etc/dnsmasq.d/pott-display.conf
    echo 'no-hosts' >> /etc/dnsmasq.d/pott-display.conf
    echo 'addn-hosts=/etc/hosts-dnsmasq' >> /etc/dnsmasq.d/pott-display.conf
    echo >> /etc/dnsmasq.d/pott-display.conf
    echo 'local=/pott.ces.pnw.edu/' >> /etc/dnsmasq.d/pott-display.conf
    echo 'local=/76.168.192.in-addr.arpa/' >> /etc/dnsmasq.d/pott-display.conf
    echo >> /etc/dnsmasq.d/pott-display.conf
    echo 'expand-hosts' >> /etc/dnsmasq.d/pott-display.conf
    echo 'domain=pott.ces.pnw.edu' >> /etc/dnsmasq.d/pott-display.conf
    echo >> /etc/dnsmasq.d/pott-display.conf
    echo 'dhcp-range=192.168.76.101,192.168.76.199,255.255.255.0,12h' >> /etc/dnsmasq.d/pott-display.conf
    echo 'dhcp-authoritative' >> /etc/dnsmasq.d/pott-display.conf
    echo 'dhcp-option=option:domain-name,pott.ems.purduecal.edu' >> /etc/dnsmasq.d/pott-display.conf
    echo >> /etc/dnsmasq.d/pott-display.conf
    echo 'read-ethers' >> /etc/dnsmasq.d/pott-display.conf
    echo 'interface=enp4s0' >> /etc/dnsmasq.d/pott-display.conf
    echo 'no-negcache' >> /etc/dnsmasq.d/pott-display.conf
    echo 'nameserver 205.215.68.84' > /etc/resolv.conf-dnsmasq
    echo 'nameserver 205.215.68.85' >> /etc/resolv.conf-dnsmasq
    sed -i -e 's/^nameserver 205.215.68.84$/#&/g' -e 's/^nameserver 205.215.68.85$/#&\nnameserver 127.0.0.1/g' /etc/resolv.conf
    mkdir -p /etc/systemd/system/dnsmasq.service.requires/
    ln -s /lib/systemd/system/ifup\@.service /etc/systemd/system/dnsmasq.service.requires/ifup\@enp4s0.service
  • systemctl mask systemd-rfkill@rfkill0.service
    systemctl mask keyboard-setup.service
    systemctl mask console-setup.service
    systemctl mask rc-local.service
aptitude install nginx-light php-fpm
aptitude --without-recommends install tftpd-hpa
aptitude install etherwake
aptitude install autossh
aptitude --without-recommends install vncsnapshot
aptitude install libjpeg-turbo-progs # to resize VNC snapshots
aptitude install php-pgsql
aptitude install ca-certificates # so that wget doesn't throw a fit when testing SSL links (e.g. NWS)
aptitude install telnet # to communicate with switch
** switching to local mysql db **
aptitude install mariadb-server php-mysql phpmyadmin python-beautifulsoup
ln -s /usr/share/phpmyadmin/ /var/www/html/
aptitude install python-mysqldb
computer/hallway_display_server.txt · Last modified: 2018/01/25 12:45 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS