Instructions for installing Ubuntu 22.04 on Jarvis (the SOHO server)

Note: This is an install of 16.04, upgraded to 18.04, upgraded to 20.04, upgraded to 22.04. It may not be completely accurate.

Base install and configs

Install Ubuntu server as normal from an Ubuntu install CD.

Partition as follows:

Disks 1 and 2:
- BIOS compat boot partition (grub_bios) - 100MB
- /boot - 1GB (physical RAID)
- rest (physical RAID)
  - Make this RAID LVM, partitioned as follows:
```
/ - 50GB
/tmp - 50GB
/var - 50GB
swap - 4GB
/home - rest
```
Disks 3 and 4:
- whole disk (physical RAID)
- Make this RAID LVM, partitioned as follows:
```
/mnt/home2 - 5TB
/mnt/shared - 1TB
```
When it asks for what to install, select "standard system utilities" and "OpenSSH server" and leave everything else blank.

Networking is already set up with a reserved DHCP lease on the router. It is accessible as jarvis. No need for a static IP.
After machine is up, edit /etc/apt/sources.list and make sure the following are enabled:
- jammy restricted main
- jammy-updates restricted main
- jammy universe
- jammy-updates universe
- jammy multiverse
- jammy-updates multiverse
- jammy-backports multiverse universe restricted main
- jammy-security restricted main
- jammy-security multiverse
- jammy-security universe
(they were after install for me)

Make sure all is up to date.

 sudo apt update
 sudo apt dist-upgrade

Install more useful things

sudo apt install tree unison atop nmap iotop emacs emacs-goodies-el elpa-go-mode elpa-rust-mode elpa-f elpa-let-alist elpa-markdown-mode elpa-yaml-mode elpa-flycheck lm-sensors ntp ssmtp gdisk git gitk iftop mailutils ppa-purge xsltproc smartmontools wakeonlan

Add any necessary user accounts
Make ssh work:
1. For an old machine, use the old keys - you did save /etc, didn't you?
2. For a new machine, use the new keys generated by the distro.
  - make sure to add to the firewall
```
sudo ufw allow ssh
```
  - edit /etc/ssh/sshd_config and set:
```
PermitRootLogin no
```
  - once you've set up public key auth, turn off password access - edit /etc/ssh/sshd_config and set
```
PasswordAuthentication no
```
  - restart ssh to apply changes
```
sudo service ssh restart
```

Set up samba

sudo apt install cifs-utils samba

and either set up a config file or copy one from ~/system_stuff/samba (I have several machine specific ones in there)

sudo ufw allow from 192.168.9.0/24 to any port bootps
sudo ufw allow from 192.168.9.0/24 to any port netbios-ns
sudo ufw allow from 192.168.9.0/24 to any port netbios-dgm
sudo ufw allow from 192.168.9.0/24 to any port netbios-ssn
sudo ufw allow from 192.168.9.0/24 to any port microsoft-ds

and set Samba to start on boot:

 sudo systemctl enable smbd
 sudo systemctl enable nmbd

and restart them all now:

 sudo service smbd restart
 sudo service nmbd restart

and, for this server, we do not need the AD DC server:

 sudo systemctl disable samba-ad-dc
 sudo service samba-ad-dc stop

Make sure to add accounts with:

 smbpasswd -a

for each user

Enable firewall (after allowing some other things through)
```
 sudo ufw allow from 192.168.9.0/24 to any port mdns
```
Disable firewally logging (it can be quite verbose on a busy network), then turn on the firewall.
```
 sudo ufw logging off
 sudo ufw enable
```
Fix up avahi's publishing of addresses:

TODO - Did not apply this, might be fixed. Experiment and see.

Some services suck at IPv6, and, for some reason, the IPv4 multicast propagation is very laggy. This leads to unreliable lookups of hostnames via mDNS (you can check with avahi-resolve-host-name -4 machine.local and it will likely timeout). Anyway, this can just make for a bad user experience, so have the server publish its IPv4 info in the multicast packets.
```
 edit /etc/avahi/avahi-daemon.conf and set "publish-a-on-ipv6=yes"
```

Add dashpodder to my crontab

 crontab -e

Then add a line like this:

 @daily  /home/matt/workspace/code/dashpodder/dashpodder.sh -v -c /home/matt/workspace/code/dashpodder/mp.conf

Set up linode backups

make target dir

mkdir ~/attic/backup/linode

on the remote server, you need to add the public key to authorized_keys, with the:

command=rsync --server --sender -vlHogDtprRze.iLsf . /etc /home /var/lib/mysql /var/lib/syma

in front of it.

add to cron

@daily               /home/matt/bin/linode_backup

and make sure the following is in the ~/.rsnapshot.conf:

backup  /home/matt/attic/backup/linode/         localhost/

Set up rsnapshot

sudo apt install rsnapshot

and then set up crontab:

 0 */1  * * *  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf hourly
 30 3   * * *  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf daily
 0  3   * * 1  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf weekly
 30 2   1 * *  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf monthly

Set up sensors for ASROCK E350

add the following to /etc/modules:
```
  w83627ehf
```

Set up ssmtp

 cd /etc/ssmtp
 mv ssmtp.conf ssmtp.conf.old
 cp ~/system_stuff/ssmtp/ssmtp.conf .
 chgrp mail ssmtp.conf

Add fstab line for external backup drive (because there's no automounter)

 /dev/sde1          /mnt/external_backup  ext4   defaults,noauto  0       0

Make sure to make the mountpoint:

 sudo mkdir /mnt/external_backup

Add UPS monitoring

From http://blog.shadypixel.com/monitoring-a-ups-with-nut-on-debian-or-ubuntu-linux/

The first bit, with GNOME, works for desktops, not server. Anyway, install things:
```
 sudo apt install nut
```
Edit /etc/nut/ups.conf and add the following at the bottom:
```
 [ups]
     driver = usbhid-ups
     port = auto
```
There's only one UPS hooked to this guy, so we don't need to worry about disambiguation.

Also, if you just installed nut, but the UPS is already plugged in, you'll need to unplug and replug it to fire the hotplug events.

Start it:

sudo upsdrvctl start

Add the following to /etc/nut/upsd.conf
```
ACL all 0.0.0.0/0
ACL localhost 127.0.0.1/32
ACCEPT localhost
REJECT all
```
This will reject all nonlocal traffic

Add the following to /etc/nut/upsd.users
```
[local_mon]
    password = PASSWORD_HERE
    allowfrom = localhost
    upsmon master
```
Obviously, make PASSWORD_HERE some random password

Add the following to /etc/nut/upsmon.conf, at the bottom of the MONITOR section:

MONITOR ups@localhost 1 local_mon PASSWORD_HERE master

Edit /etc/nut/nut.conf and set

MODE=standalone

Enable and start it:
```
sudo systemctl enable nut-server
sudo systemctl restart nut-server
sudo systemctl enable nut-client
sudo systemctl restart nut-client
```
You can print statistics via:
```
upsc ups
```

Add monitoring (sortof):

make sure landscape is installed (to get landscape-sysinfo):

sudo apt install landscape-common

Then add the following to my crontab:

@daily               /usr/bin/ntpq -p; echo; df -lh; echo; cat /proc/mdstat; landscape-sysinfo

Add monitoring for thermostat to my crontab:
```
 @hourly              /home/matt/bin/thermostat_check
```
So, it will now email me if the thermostat goes dead.

Make common shared bind mounts:

sudo mkdir /home/matt/shared
sudo mkdir /home/liz/shared

Add remount lines:

/mnt/shared        /home/matt/shared/      none   bind             0       0
/mnt/shared        /home/liz/shared/       none   bind             0       0

Then remount:

sudo mount -a

And we want guests to actually be able to write to it, so we need to fix those perms:

sudo chmod o+w /mnt/shared

But we don't want random users deleting things, so set the sticky bit for a modicum of security:

sudo chmod +t /mnt/shared

And we want the users group to be able to manipulate things:

 sudo chmod g+s /mnt/shared

Set up time machine (again)

Ref: https://www.grizzly-hills.com/2019/11/02/ubuntu-19-10-setting-up-time-machine/

Install things:
```
sudo apt install netatalk avahi-daemon
```
Edit the config file:
```
sudo -e /etc/netatalk/afp.conf
```

Add a section for time machine:

[Liz's Time Machine]
    path = /home/liz/time-machine
    time machine = yes

Make the directory

sudo mkdir -p /home/liz/time-machine
sudo chown -R liz:liz /home/liz/time-machine

Restart it
```
sudo service netatalk restart
```

Make sure all the ports are allowed through the firewall

sudo ufw allow afpovertcp
sudo ufw allow mdns
sudo ufw allow svrloc
sudo ufw allow from any to any port 201 comment at-rtmp
sudo ufw allow from any to any port 202 comment at-nbp
sudo ufw allow from any to any port 204 comment at-echo
sudo ufw allow from any to any port 206 comment at-zis
sudo ufw allow from any to any port 1900 comment ssdp

Install and configure up to date gerbera (UPnP server)

Excellent reference at https://docs.gerbera.io, though not all applies because the version with 22.04 is older.
1. Install it:
```
sudo apt install gerbera
```
2. Edit the config file and change the following:
  1. Set the port so we can let it through the firewall:
```
<port>49152</port>
```
  2. Add some directories:
```
<visible-directories>
    <add-path name="/mnt/shared/dlna"/>
</visible-directories>
```
3. Let it through the firewall
```
sudo ufw allow 49152
```

APPENDIX

Backup scripts

To run a backup, insert the external drive in to the cradle and run:
```
sudo ~/bin/server_backup
```
To set up a new drive for the above:
1. Partition
```
sudo gdisk /dev/sde
```
  (gdisk because MBR tops out at 2TB)
  
  create one big partition for the whole drive. No need to split it.
2. make the filesystem
```
sudo mkfs.ext4 -m 0 -L external_backup /dev/sde1
```
  -m 0 = no reserved blocks; it's a backup drive.
  
  -L external_backup = volume label. This is to make it consistent with the mount point.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

install.jarvis.ubuntu.22.04.md

install.jarvis.ubuntu.22.04.md

Instructions for installing Ubuntu 22.04 on Jarvis (the SOHO server)

Base install and configs

APPENDIX

Files

install.jarvis.ubuntu.22.04.md

Latest commit

History

install.jarvis.ubuntu.22.04.md

File metadata and controls

Instructions for installing Ubuntu 22.04 on Jarvis (the SOHO server)

Base install and configs

APPENDIX