Media Content

Installation

Clean install - Debian 9 x64

Format Storage Slice

mkfs.ext3 /dev/sda1
add `/dev/sda1 /mnt/sda1 ext4 defaults 0 0` to `/etc/fstab`

Install basic stuff

apt-get install rsync nginx xinetd

Add ffcdn user

adduser ffcdn
mkdir /mnt/sda1/data
mkdir /mnt/sda1/data/freifunk
chown ffcdn.ffcdn /mnt/sda1/data/freifunk

Configure rsync daemon

cat <<EOF> /etc/rsyncd.conf
use chroot = true 

#hosts
allow = 0.0.0.0 

transfer logging = true 
log file = /var/log/rsyncd-ffcdn.log 
log format = %h %o %f %l %b 

[ffcdn-mediaread] 
path = /mnt/sda1/data/freifunk
read only = yes 
list = yes 

[ffcdn-mediawrite] 
path = /mnt/sda1/data/freifunk
hosts allow = 
http://cdnmaster.media.freifunk.net 

hosts deny * 
read only = no 
uid = ffcdn 
gid = ffcdn
EOF

Configure xinet.d to run rsyncd

cat <<EOF> /etc/xinetd.d/rsyncd
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags = IPv6
socket_type = stream
port = 873
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
EOF

Configure nginx to point to correct path and auto indexing

edit '/etc/nginx/sites-enabled/default' set root to `/mnt/sda1/data`
add `autoindex on;` under `location /`

Configure users and enable sudo

apt-get install sudo
adduser benhylau
usermod -aG sudo benhylau

Configure stats server

apt-get install vnstat vnstati
cat <<EOF> /usr/local/bin/updatestats.sh
#!/bin/sh
vnstati -h -i eth0 -o /mnt/sda1/data/stats/eth0-hour.png
vnstati -d -i eth0 -o /mnt/sda1/data/stats/eth0-day.png
vnstati -m -i eth0 -o /mnt/sda1/data/stats/eth0-month.png
vnstati -s -i eth0 -o /mnt/sda1/data/stats/eth0.png
EOF

chmod +x /usr/local/bin/updatestats.sh
echo 59 *    * * *   root    /usr/local/bin/updatestats.sh >> /etc/crontab

cat > /mnt/sda1/data/stats/index.html
<html>
<body>
<h1>Server transfer stats</h1>
<img src="eth0-hour.png"><br>
<img src="eth0-month.png"><br>
<img src="eth0-day.png"><br>
<img src="eth0.png"><br>
</body>
</html>
CTRL+C

Disable SSH Password Login

edit /etc/ssh/sshd_config
add PasswordAuthentication no (usually commented out as YES)

Add ipv6


add to  /etc/network/interfaces

iface eth0 inet6 static
address 2605:6400:0020:0777:0000:0000:0000:0040
netmask 48
gateway 2605:6400:0020:0000:0000:0000:0000:0001

Other

apt-get install screen

Ben's Notes

Create users and add RSA keys for SSH, turn off password access and chmod 700 ~/.ssh

Add DNS entries:

A alexandria.tomesh.net 209.141.53.33 AAAA alexandria.tomesh.net 2605:6400:20:777::40 AAAA h.alexandria.tomesh.net fcef:709a:15b:de7f:eb3d:cf30:bdc0:5bfc AAAA y.alexandria.tomesh.net 201:27b2:1e5d:35f1:b06d:d3b:5fff:8a10

sudo apt-get install -y ca-certificates jq

wget https://github.com/benhylau/mesh-router-builder/releases/download/v0.10/cjdns_20.2-0.10_amd64.deb sudo dpkg -i cjdns_20.2-0.10_amd64.deb sudo systemctl start cjdns Added 8 North American public peers sudo systemctl restart cjdns

wget https://419-115685026-gh.circle-artifacts.com/0/yggdrasil-0.3.2-amd64.deb sudo dpkg -i yggdrasil-0.3.2-amd64.deb sudo systemctl start yggdrasil Added 7 North American public peers sudo systemctl restart yggdrasil

Set up "nginx + letsencrypt + dehydrated" by following mesh-services
Manually run dehydrated script to get certs to bootstrap (cronjob will take care of reissues)

IPFS

WIP

tomeshnet / documents

Document alexandria.tomesh.net #108