Server ====== Hardware -------- === ================================ BHS KS-12 CPU Intel Xeon W3530 4c/8t @ 2.8 GHz RAM 32 GB DDR3 ECC @ 1333 MHz HDD 2 × 2 TB WAN 100 Mbps /128 MAC 00:25:90:7b:d4:38 === ================================ Network ------- +-----+---------+-------------------------------+ | IP4 | address | 192.99.14.98 | | +---------+-------------------------------+ | | gateway | 192.99.14.254 | +-----+---------+-------------------------------+ | IP6 | address | 2607:5300:60:3f62::1 | | +---------+-------------------------------+ | | gateway | 2607:5300:60:3fff:ff:ff:ff:ff | +-----+---------+-------------------------------+ Rescue ------ .. code:: shell ssh-keygen -R rwx.work ssh-keygen -R 192.99.14.98 scp /home/user/.ssh/id_ecdsa.pub root@rwx.work:/root/.ssh/authorized_keys scp /etc/bash.bashrc root@rwx.work:/etc/ Partitions ---------- .. code:: shell parted select /dev/sda mktable gpt mkpart boot 1 2 mkpart raid 2 2000399 toggle 1 bios_grub select /dev/sdb mktable gpt mkpart boot 1 2 mkpart raid 2 2000399 toggle 1 bios_grub q .. code:: shell mdadm --create /dev/md0 \ --level 0 --raid-devices 2 /dev/sd[ab]2 .. code:: shell parted /dev/md0 mktable gpt mkpart data 1 3966966 mkpart swap 3966966 4000523 q .. code:: shell mkswap --label swap \ -U d8ee4260-4652-7192-7bb3-ebbadeb835a7 \ /dev/md0p2 mkfs.ext4 -L data \ -U 46527192-7bb3-ebba-deb8-35a7e8606808 \ /dev/md0p1 Boot ---- .. warning:: no ESP boot available! Prepare a grub.cfg .. code:: shell insmod biosdisk insmod part_gpt insmod mdraid1x insmod ext2 insmod search insmod squash4 insmod loopback insmod linux search --set data --fs-uuid 46527192-7bb3-ebba-deb8-35a7e8606808 lmp=/fs/up sfs=filesystem.squashfs loopback loop (${data})${lmp}/${sfs} linux (loop)/vmlinuz \ boot=live \ elevator=deadline \ ip=frommedia \ live-media-path=${lmp} \ toram=${sfs} initrd (loop)/initrd.img boot .. code:: shell grub-mkstandalone \ --verbose \ --compress xz \ --format i386-pc \ --output core.img \ --themes "" \ boot/grub/grub.cfg=grub.cfg \ --fonts "" \ --locales "" \ --install-modules "\ biosdisk \ part_gpt \ mdraid1x \ ext2 \ search \ squash4 \ loopback \ linux \ " .. todo:: move to public grub .. code:: shell grub-mkstandalone \ --verbose \ --compress xz \ --format x86_64-efi \ --output bootx64.efi \ --themes "" \ boot/grub/grub.cfg=grub.cfg .. code:: shell scp core.img root@rwx.work: cp /usr/lib/grub/i386-pc/boot.img . \ /usr/lib/grub/i386-pc/grub-bios-setup \ --directory . /dev/sda /usr/lib/grub/i386-pc/grub-bios-setup \ --directory . /dev/sdb * debootstrap * apt * fstab /d * systemd * linux-image * tops * hardware * completion * network * interfaces * basics * openssh-server fixes (sshd user, /run/sshd) * live-boot * root * inception * bridge * grub-pc-bin * apparmor * unbound * tree * net.ipv4.ip_forward=1 * net.ipv6.conf.all.forwarding=1 * nftables * nginx * root/user authorized_keys * curl * swap,swappiness * /etc/bash.bashrc * /etc/fstab (/d) * /etc/locale.gen * locale-gen * /etc/resolv.conf * /etc/apt/apt.conf * /etc/apt/sources.list * apt update * apt upgrade * live-boot * update-initramfs ← update-initramfs.orig * openssh-server * parted * squashfs-tools * tree * apt clean * /etc/ssh/sshd_config * mkdir /root/.ssh * echo "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFBp8vFUIRu4Bq8EvnCGwlp71GQ4wGT5wKdY1X/c9AfYjsn/pnBNgnfNFxPxoNasG1MXeXjutSLtlXqnsWx2NQpFQC321MeUvd3Z/DCeIvS4WvpOZMyBvVUd2sTsuuCRVuH3fbJF5XPJrFzH3nEFNtcW7lmN+F6nKLB0kYahc3+gyTH+g==" > /root/.ssh/authorized_keys * lxc * /etc/network/interfaces.d/setup .. warning:: inet6 dhcp hangs! :: auto lo iface lo inet loopback iface lo inet6 loopback auto br0 iface br0 inet static address 10.0.0.254/24 bridge_fd 0 bridge_maxwait 0 bridge_ports enp1s0 bridge_stp on iface br0 inet static address 192.99.14.98/24 gateway 192.99.14.254 iface br0 inet6 static address 2607:5300:60:3f62::1/64 gateway 2607:5300:60:3fff:ff:ff:ff:ff .. warning:: reboot from container doesn't reload config file /var/lib/lxc/config :: lxc.include = /usr/share/lxc/config/common.conf lxc.mount.entry = /d/mirrors/apt-mirror/debian deb none bind,create=dir,ro 0 0 lxc.start.auto = 1 lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = br0 /var/lib/lxc/name/config :: lxc.include = /var/lib/lxc/config lxc.mount.entry = /d/d/buster d none bind,create=dir,rw 0 0 lxc.rootfs.path = dir:/var/lib/lxc/buster lxc.net.0.veth.pair = buster lxc.net.0.ipv4.address = 10.0.0.1/24 lxc.net.0.ipv4.gateway = 10.0.0.254 /etc/nftables.conf :: #! /usr/sbin/nft --file flush ruleset table inet filter { chain input { type filter hook input priority 0; policy accept; iifname "lo" accept ip protocol icmp accept ip6 nexthdr icmp accept tcp dport ssh accept tcp dport domain accept tcp dport http accept tcp dport https accept } chain forward { type filter hook forward priority 0; policy accept; } chain output { type filter hook output priority 0; policy accept; } } table ip nat { chain prerouting { type nat hook prerouting priority 0; policy accept; tcp dport 65001 dnat to 10.0.0.1:ssh } chain postrouting { type nat hook postrouting priority 0; policy accept; masquerade } }