Media Content
Installation
Clean install - Debian 9 x64
Format Storage Slice
mkfs.ext3 /dev/sda1
add `/dev/sda1 /mnt/sda1 ext4 defaults 0 0` to `/etc/fstab`
Install basic stuff
apt-get install rsync nginx xinetd
Add ffcdn user
adduser ffcdn
mkdir /mnt/sda1/data
mkdir /mnt/sda1/data/freifunk
chown ffcdn.ffcdn /mnt/sda1/data/freifunk
Configure rsync daemon
cat <<EOF> /etc/rsyncd.conf
use chroot = true
#hosts
allow = 0.0.0.0
transfer logging = true
log file = /var/log/rsyncd-ffcdn.log
log format = %h %o %f %l %b
[ffcdn-mediaread]
path = /mnt/sda1/data/freifunk
read only = yes
list = yes
[ffcdn-mediawrite]
path = /mnt/sda1/data/freifunk
hosts allow =
http://cdnmaster.media.freifunk.net
hosts deny *
read only = no
uid = ffcdn
gid = ffcdn
EOF
Configure xinet.d to run rsyncd
cat <<EOF> /etc/xinetd.d/rsyncd
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags = IPv6
socket_type = stream
port = 873
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
EOF
Configure nginx to point to correct path and auto indexing
edit '/etc/nginx/sites-enabled/default' set root to `/mnt/sda1/data`
add `autoindex on;` under `location /`
Configure users and enable sudo
apt-get install sudo
adduser benhylau
usermod -aG sudo benhylau
Configure stats server
apt-get install vnstat vnstati
cat <<EOF> /usr/local/bin/updatestats.sh
#!/bin/sh
vnstati -h -i eth0 -o /mnt/sda1/data/stats/eth0-hour.png
vnstati -d -i eth0 -o /mnt/sda1/data/stats/eth0-day.png
vnstati -m -i eth0 -o /mnt/sda1/data/stats/eth0-month.png
vnstati -s -i eth0 -o /mnt/sda1/data/stats/eth0.png
EOF
chmod +x /usr/local/bin/updatestats.sh
echo 59 * * * * root /usr/local/bin/updatestats.sh >> /etc/crontab
cat > /mnt/sda1/data/stats/index.html
<html>
<body>
<h1>Server transfer stats</h1>
<img src="eth0-hour.png"><br>
<img src="eth0-month.png"><br>
<img src="eth0-day.png"><br>
<img src="eth0.png"><br>
</body>
</html>
CTRL+C
Disable SSH Password Login
edit /etc/ssh/sshd_config
add PasswordAuthentication no (usually commented out as YES)
Add ipv6
add to /etc/network/interfaces
iface eth0 inet6 static
address 2605:6400:0020:0777:0000:0000:0000:0040
netmask 48
gateway 2605:6400:0020:0000:0000:0000:0000:0001
Other
Ben's Notes
- Create users and add RSA keys for SSH, turn off password access and
chmod 700 ~/.ssh
Add DNS entries:
A alexandria.tomesh.net
209.141.53.33
AAAA alexandria.tomesh.net
2605:6400:20:777::40
AAAA h.alexandria.tomesh.net
fcef:709a:15b:de7f:eb3d:cf30:bdc0:5bfc
AAAA y.alexandria.tomesh.net
201:27b2:1e5d:35f1:b06d:d3b:5fff:8a10
sudo apt-get install -y ca-certificates jq
wget https://github.com/benhylau/mesh-router-builder/releases/download/v0.10/cjdns_20.2-0.10_amd64.deb
sudo dpkg -i cjdns_20.2-0.10_amd64.deb
sudo systemctl start cjdns
Added 8 North American public peers
sudo systemctl restart cjdns
wget https://419-115685026-gh.circle-artifacts.com/0/yggdrasil-0.3.2-amd64.deb
sudo dpkg -i yggdrasil-0.3.2-amd64.deb
sudo systemctl start yggdrasil
Added 7 North American public peers
sudo systemctl restart yggdrasil
- Set up "nginx + letsencrypt + dehydrated" by following mesh-services
- Manually run dehydrated script to get certs to bootstrap (cronjob will take care of reissues)
IPFS
WIP