2018-12-19 22:05:42 +00:00
|
|
|
Server
|
|
|
|
======
|
|
|
|
|
|
|
|
Hardware
|
|
|
|
--------
|
|
|
|
|
2018-12-19 22:33:02 +00:00
|
|
|
=== ================================
|
|
|
|
BHS KS-12
|
|
|
|
CPU Intel Xeon W3530 4c/8t @ 2.8 GHz
|
|
|
|
RAM 32 GB DDR3 ECC @ 1333 MHz
|
|
|
|
HDD 2 × 2 TB
|
|
|
|
WAN 100 Mbps /128
|
2019-07-18 18:46:31 +00:00
|
|
|
MAC 00:25:90:7b:d4:38
|
2018-12-19 22:33:02 +00:00
|
|
|
=== ================================
|
|
|
|
|
2019-07-15 10:49:21 +00:00
|
|
|
Network
|
|
|
|
-------
|
|
|
|
|
|
|
|
+-----+---------+-------------------------------+
|
|
|
|
| IP4 | address | 192.99.14.98 |
|
|
|
|
| +---------+-------------------------------+
|
|
|
|
| | gateway | 192.99.14.254 |
|
|
|
|
+-----+---------+-------------------------------+
|
|
|
|
| IP6 | address | 2607:5300:60:3f62::1 |
|
|
|
|
| +---------+-------------------------------+
|
|
|
|
| | gateway | 2607:5300:60:3fff:ff:ff:ff:ff |
|
|
|
|
+-----+---------+-------------------------------+
|
|
|
|
|
2019-07-14 14:24:36 +00:00
|
|
|
Rescue
|
|
|
|
------
|
|
|
|
|
|
|
|
.. code:: shell
|
|
|
|
|
2019-07-17 20:08:07 +00:00
|
|
|
ssh-keygen -R rwx.work
|
|
|
|
ssh-keygen -R 192.99.14.98
|
2019-07-14 14:24:36 +00:00
|
|
|
scp /home/user/.ssh/id_ecdsa.pub root@rwx.work:/root/.ssh/authorized_keys
|
|
|
|
scp /etc/bash.bashrc root@rwx.work:/etc/
|
|
|
|
|
2018-12-19 22:33:02 +00:00
|
|
|
Partitions
|
|
|
|
----------
|
2018-12-19 22:05:42 +00:00
|
|
|
|
|
|
|
.. code:: shell
|
|
|
|
|
|
|
|
parted
|
|
|
|
|
|
|
|
select /dev/sda
|
|
|
|
mktable gpt
|
2019-07-14 07:12:58 +00:00
|
|
|
mkpart boot 1 2
|
|
|
|
mkpart raid 2 2000399
|
|
|
|
toggle 1 bios_grub
|
2018-12-19 22:05:42 +00:00
|
|
|
|
|
|
|
select /dev/sdb
|
|
|
|
mktable gpt
|
2019-07-14 07:12:58 +00:00
|
|
|
mkpart boot 1 2
|
|
|
|
mkpart raid 2 2000399
|
|
|
|
toggle 1 bios_grub
|
2018-12-19 22:05:42 +00:00
|
|
|
|
|
|
|
q
|
|
|
|
|
|
|
|
.. code:: shell
|
|
|
|
|
|
|
|
mdadm --create /dev/md0 \
|
2019-07-14 07:24:07 +00:00
|
|
|
--level 0 --raid-devices 2 /dev/sd[ab]2
|
2018-12-19 22:05:42 +00:00
|
|
|
|
|
|
|
.. code:: shell
|
|
|
|
|
|
|
|
parted /dev/md0
|
|
|
|
|
|
|
|
mktable gpt
|
2019-07-14 16:24:40 +00:00
|
|
|
mkpart data 1 3966966
|
|
|
|
mkpart swap 3966966 4000523
|
2018-12-19 22:05:42 +00:00
|
|
|
|
|
|
|
q
|
|
|
|
|
|
|
|
.. code:: shell
|
|
|
|
|
2019-07-14 16:29:32 +00:00
|
|
|
mkswap --label swap \
|
|
|
|
-U d8ee4260-4652-7192-7bb3-ebbadeb835a7 \
|
|
|
|
/dev/md0p2
|
2019-07-14 15:36:51 +00:00
|
|
|
mkfs.ext4 -L data \
|
|
|
|
-U 46527192-7bb3-ebba-deb8-35a7e8606808 \
|
|
|
|
/dev/md0p1
|
2019-07-13 14:56:06 +00:00
|
|
|
|
2019-07-13 14:43:15 +00:00
|
|
|
Boot
|
|
|
|
----
|
|
|
|
|
2019-07-14 19:59:56 +00:00
|
|
|
.. warning:: no ESP boot available!
|
|
|
|
|
2019-07-13 14:43:15 +00:00
|
|
|
Prepare a grub.cfg
|
|
|
|
|
|
|
|
.. code:: shell
|
|
|
|
|
2019-07-14 07:07:55 +00:00
|
|
|
insmod biosdisk
|
2019-07-13 14:43:15 +00:00
|
|
|
insmod part_gpt
|
|
|
|
insmod mdraid1x
|
|
|
|
insmod ext2
|
|
|
|
insmod search
|
|
|
|
insmod squash4
|
|
|
|
insmod loopback
|
|
|
|
insmod linux
|
|
|
|
|
2019-07-14 15:36:51 +00:00
|
|
|
search --set data --fs-uuid 46527192-7bb3-ebba-deb8-35a7e8606808
|
2019-07-18 18:28:48 +00:00
|
|
|
lmp=/fs/up
|
2019-07-13 14:43:15 +00:00
|
|
|
sfs=filesystem.squashfs
|
|
|
|
|
|
|
|
loopback loop (${data})${lmp}/${sfs}
|
|
|
|
|
|
|
|
linux (loop)/vmlinuz \
|
|
|
|
boot=live \
|
|
|
|
elevator=deadline \
|
|
|
|
ip=frommedia \
|
|
|
|
live-media-path=${lmp} \
|
|
|
|
toram=${sfs}
|
|
|
|
|
|
|
|
initrd (loop)/initrd.img
|
|
|
|
|
2019-07-13 17:18:07 +00:00
|
|
|
boot
|
|
|
|
|
2019-07-14 01:06:20 +00:00
|
|
|
.. code:: shell
|
|
|
|
|
|
|
|
grub-mkstandalone \
|
|
|
|
--verbose \
|
|
|
|
--compress xz \
|
|
|
|
--format i386-pc \
|
|
|
|
--output core.img \
|
|
|
|
--themes "" \
|
|
|
|
boot/grub/grub.cfg=grub.cfg \
|
|
|
|
--fonts "" \
|
|
|
|
--locales "" \
|
|
|
|
--install-modules "\
|
2019-07-14 07:07:55 +00:00
|
|
|
biosdisk \
|
2019-07-14 01:06:20 +00:00
|
|
|
part_gpt \
|
|
|
|
mdraid1x \
|
|
|
|
ext2 \
|
|
|
|
search \
|
|
|
|
squash4 \
|
|
|
|
loopback \
|
|
|
|
linux \
|
|
|
|
"
|
|
|
|
|
2019-07-17 20:08:07 +00:00
|
|
|
.. todo:: move to public grub
|
2019-07-14 01:06:20 +00:00
|
|
|
|
2019-07-13 14:43:15 +00:00
|
|
|
.. code:: shell
|
|
|
|
|
2019-07-13 14:56:06 +00:00
|
|
|
grub-mkstandalone \
|
|
|
|
--verbose \
|
|
|
|
--compress xz \
|
|
|
|
--format x86_64-efi \
|
|
|
|
--output bootx64.efi \
|
|
|
|
--themes "" \
|
|
|
|
boot/grub/grub.cfg=grub.cfg
|
|
|
|
|
|
|
|
.. code:: shell
|
|
|
|
|
2019-07-14 01:06:20 +00:00
|
|
|
scp core.img root@rwx.work:
|
|
|
|
cp /usr/lib/grub/i386-pc/boot.img . \
|
|
|
|
/usr/lib/grub/i386-pc/grub-bios-setup \
|
|
|
|
--directory . /dev/sda
|
|
|
|
/usr/lib/grub/i386-pc/grub-bios-setup \
|
|
|
|
--directory . /dev/sdb
|
2019-07-13 15:11:23 +00:00
|
|
|
|
2019-07-17 20:14:44 +00:00
|
|
|
* debootstrap
|
|
|
|
* apt
|
|
|
|
* fstab /d
|
|
|
|
* systemd
|
|
|
|
* linux-image
|
|
|
|
* tops
|
|
|
|
* hardware
|
|
|
|
* completion
|
|
|
|
* network
|
|
|
|
* interfaces
|
|
|
|
* basics
|
|
|
|
* openssh-server fixes (sshd user, /run/sshd)
|
|
|
|
* live-boot
|
|
|
|
* root
|
|
|
|
* inception
|
|
|
|
* bridge
|
2019-07-18 18:35:04 +00:00
|
|
|
* grub-pc-bin
|
2019-07-18 20:58:02 +00:00
|
|
|
* apparmor
|
2019-07-18 21:00:33 +00:00
|
|
|
* unbound
|
2019-07-18 21:04:16 +00:00
|
|
|
* tree
|
2019-07-18 21:08:30 +00:00
|
|
|
* net.ipv4.ip_forward=1
|
|
|
|
* net.ipv6.conf.all.forwarding=1
|
2019-07-18 21:33:50 +00:00
|
|
|
* nftables
|
2019-07-20 20:38:39 +00:00
|
|
|
* nginx
|
2019-07-21 15:35:05 +00:00
|
|
|
* root/user authorized_keys
|
|
|
|
* curl
|
2019-07-17 20:14:44 +00:00
|
|
|
|
2019-07-15 20:38:11 +00:00
|
|
|
* /etc/bash.bashrc
|
|
|
|
* /etc/fstab (/d)
|
2019-07-13 15:12:14 +00:00
|
|
|
* /etc/locale.gen
|
|
|
|
* locale-gen
|
|
|
|
* /etc/resolv.conf
|
2019-07-15 20:11:45 +00:00
|
|
|
* /etc/apt/apt.conf
|
2019-07-13 20:31:28 +00:00
|
|
|
* /etc/apt/sources.list
|
2019-07-13 15:11:23 +00:00
|
|
|
* apt update
|
|
|
|
* apt upgrade
|
2019-07-15 20:38:11 +00:00
|
|
|
* live-boot
|
|
|
|
* update-initramfs ← update-initramfs.orig
|
|
|
|
* openssh-server
|
|
|
|
* parted
|
|
|
|
* squashfs-tools
|
|
|
|
* tree
|
2019-07-13 15:11:23 +00:00
|
|
|
* apt clean
|
|
|
|
* /etc/ssh/sshd_config
|
|
|
|
* mkdir /root/.ssh
|
|
|
|
* echo "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFBp8vFUIRu4Bq8EvnCGwlp71GQ4wGT5wKdY1X/c9AfYjsn/pnBNgnfNFxPxoNasG1MXeXjutSLtlXqnsWx2NQpFQC321MeUvd3Z/DCeIvS4WvpOZMyBvVUd2sTsuuCRVuH3fbJF5XPJrFzH3nEFNtcW7lmN+F6nKLB0kYahc3+gyTH+g==" > /root/.ssh/authorized_keys
|
2019-07-15 20:11:45 +00:00
|
|
|
* lxc
|
2019-07-13 20:31:28 +00:00
|
|
|
* /etc/network/interfaces.d/setup
|
|
|
|
|
2019-07-14 19:57:33 +00:00
|
|
|
.. warning:: inet6 dhcp hangs!
|
|
|
|
|
2019-07-13 20:31:28 +00:00
|
|
|
::
|
|
|
|
|
2019-07-13 22:04:54 +00:00
|
|
|
auto lo
|
2019-07-13 20:31:28 +00:00
|
|
|
iface lo inet loopback
|
|
|
|
iface lo inet6 loopback
|
|
|
|
|
2019-07-18 20:58:02 +00:00
|
|
|
auto br0
|
|
|
|
iface br0 inet static
|
|
|
|
address 10.0.0.254/24
|
|
|
|
bridge_fd 0
|
|
|
|
bridge_maxwait 0
|
|
|
|
bridge_ports enp1s0
|
|
|
|
bridge_stp on
|
|
|
|
iface br0 inet static
|
2019-07-13 20:31:28 +00:00
|
|
|
address 192.99.14.98/24
|
|
|
|
gateway 192.99.14.254
|
2019-07-18 20:58:02 +00:00
|
|
|
iface br0 inet6 static
|
2019-07-13 20:31:28 +00:00
|
|
|
address 2607:5300:60:3f62::1/64
|
|
|
|
gateway 2607:5300:60:3fff:ff:ff:ff:ff
|
2019-07-18 20:58:02 +00:00
|
|
|
|
2019-07-20 20:38:39 +00:00
|
|
|
.. warning::
|
|
|
|
|
|
|
|
reboot from container doesn't reload config file
|
|
|
|
|
|
|
|
/var/lib/lxc/config
|
|
|
|
|
2019-07-18 20:58:02 +00:00
|
|
|
::
|
|
|
|
|
2019-07-20 20:38:39 +00:00
|
|
|
lxc.include = /usr/share/lxc/config/common.conf
|
|
|
|
lxc.mount.entry = /d/mirrors/apt-mirror/debian deb none bind,create=dir,ro 0 0
|
|
|
|
lxc.start.auto = 1
|
2019-07-18 20:58:02 +00:00
|
|
|
lxc.net.0.type = veth
|
|
|
|
lxc.net.0.flags = up
|
|
|
|
lxc.net.0.link = br0
|
2019-07-20 20:38:39 +00:00
|
|
|
|
|
|
|
/var/lib/lxc/name/config
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
lxc.include = /var/lib/lxc/config
|
2019-07-21 15:35:05 +00:00
|
|
|
lxc.mount.entry = /d/d/buster d none bind,create=dir,rw 0 0
|
2019-07-20 20:38:39 +00:00
|
|
|
lxc.rootfs.path = dir:/var/lib/lxc/buster
|
2019-07-18 21:58:31 +00:00
|
|
|
lxc.net.0.veth.pair = buster
|
2019-07-18 20:58:02 +00:00
|
|
|
lxc.net.0.ipv4.address = 10.0.0.1/24
|
|
|
|
lxc.net.0.ipv4.gateway = 10.0.0.254
|
2019-07-21 15:35:05 +00:00
|
|
|
|
|
|
|
/etc/nftables.conf
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
#! /usr/sbin/nft --file
|
|
|
|
|
|
|
|
flush ruleset
|
|
|
|
|
|
|
|
table inet filter {
|
|
|
|
chain input {
|
|
|
|
type filter hook input priority 0; policy accept;
|
|
|
|
iifname "lo" accept
|
|
|
|
ip protocol icmp accept
|
|
|
|
ip6 nexthdr ipv6-icmp accept
|
|
|
|
tcp dport ssh accept
|
|
|
|
tcp dport domain accept
|
|
|
|
tcp dport http accept
|
|
|
|
tcp dport https accept
|
|
|
|
}
|
|
|
|
chain forward {
|
|
|
|
type filter hook forward priority 0; policy accept;
|
|
|
|
}
|
|
|
|
chain output {
|
|
|
|
type filter hook output priority 0; policy accept;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
table ip nat {
|
|
|
|
chain prerouting {
|
|
|
|
type nat hook prerouting priority 0; policy accept;
|
|
|
|
tcp dport 65001 dnat to 10.0.0.1:ssh
|
|
|
|
}
|
|
|
|
chain postrouting {
|
|
|
|
type nat hook postrouting priority 0; policy accept;
|
|
|
|
masquerade
|
|
|
|
}
|
|
|
|
}
|