Site Tools


New release candidate 2 available: rc2022-06-26 "Igor". upgrade now! [52.1] (what's this?)
New release candidate available: 2022-06-26 "Igor". upgrade now! [52] (what's this?)
picloud
/etc/rc.local
[...]
sleep 5
/etc/init.d/p910nd restart
exit 0
/etc/firewall.user
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i net0 -o wlan0 -j ACCEPT
iptables -I FORWARD -o br-lan -d 192.168.1.2 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 8096 -j DNAT --to 192.168.1.2:8096
iptables -t nat -A OUTPUT -p tcp --dport 8096 -j DNAT --to 192.168.1.2:8096
iptables -t nat -I PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.1.2:22
iptables -t nat -A OUTPUT -p tcp --dport 2222 -j DNAT --to 192.168.1.2:22

armstone a9

/etc/systemd/system/secure-tunnel@.service
[Unit]
Description=Setup a secure tunnel to %I
After=network.target

[Service]
User=picloud
Environment="LOCAL_ADDR=localhost"
EnvironmentFile=/etc/default/secure-tunnel@%i
ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -l ${REMOTE_USER} -i ${KEY_FILE} -R ${REMOTE_ADDR}:${REMOTE_PORT}:${LOCAL_ADDR}:${LOCAL_PORT} ${TARGET}

# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=30
Restart=always

[Install]
WantedBy=multi-user.target
/etc/default/secure-tunnel@jellyfin
TARGET=144.76.16.40
LOCAL_ADDR=localhost
LOCAL_PORT=8096
REMOTE_ADDR=0.0.0.0
REMOTE_PORT=8096
REMOTE_USER=onny
KEYFILE=/home/picloud/.ssh/id_rsa
/etc/default/secure-tunnel@ssh
TARGET=144.76.16.40
LOCAL_ADDR=localhost
LOCAL_PORT=22
REMOTE_ADDR=0.0.0.0
REMOTE_PORT=2222
REMOTE_USER=onny
KEYFILE=/home/picloud/.ssh/id_rsa
systemctl daemon-reload
systemctl enable --now secure-tunnel@ssh secure-tunnel@jellyfin

rock64

onny@tuxzentrale ~> sudo fdisk -l /dev/mmcblk0
GPT PMBR size mismatch (4194303 != 60751871) will be corrected by write.
The backup GPT table is not on the end of the device. This problem will be corrected by write.
Disk /dev/mmcblk0: 29 GiB, 31104958464 bytes, 60751872 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 8B6BBA4F-80FF-49C5-8990-0762C108723D
 
Device          Start     End Sectors  Size Type
/dev/mmcblk0p1     64    8063    8000  3.9M Linux filesystem
/dev/mmcblk0p2   8064    8191     128   64K Linux filesystem
/dev/mmcblk0p3   8192   16383    8192    4M Linux filesystem
/dev/mmcblk0p4  16384   24575    8192    4M Linux filesystem
/dev/mmcblk0p5  24576   32767    8192    4M Linux filesystem
/dev/mmcblk0p6  32768  262143  229376  112M EFI System
/dev/mmcblk0p7 262144 4194176 3932033  1.9G Linux root (ARM-64)
  • packages: r128gain, smloadr, jellyfin, samba, caddy, php-fpm, cups, xerox-phaser-6000-6010
pacman -S cups
systemctl enable --now org.cups.cupsd
pacman -S docker nftables iptables-nft
systemctl enable --now docker nftables
gpasswd -a picloud docker # put in your username, log out and log in again
/etc
{
    "experimental": true
}
docker version -f '{{.Server.Experimental}}'
# true
docker run -it --name archlinux-cupsd --platform linux/amd64 archlinux
docker exec -it #CONTAINERID /bin/bash
pacman -Syu cups xerox-phaser-6000-6010
cd /tmp
wget "https://onny.project-insanity.org/archlinux/xerox-phaser-6000-6010-1.01_20110222-1-x86_64.pkg.tar.zst"
pacman -U xerox-phaser-6000-6010-1.01_20110222-1-x86_64.pkg.tar.zst
docker run \
  --entrypoint=/usr/lib/systemd/systemd \
  --env container=docker \
  --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup \
  --mount type=bind,source=/sys/fs/fuse,target=/sys/fs/fuse \
  --mount type=tmpfs,destination=/tmp \
  --mount type=tmpfs,destination=/run \
  --mount type=tmpfs,destination=/run/lock \
  --unit=sysinit.target \
  --name archlinux-cupsd --platform linux/amd64 archlinux
/etc/pacman.conf
[...]
[multilib]
Include = /etc/pacman.d/mirrorlist
docker run \
  --env container=docker \
  --entrypoint=/usr/lib/systemd/systemd \
  --mount type=tmpfs,destination=/tmp \
  --mount type=tmpfs,destination=/run \
  --mount type=tmpfs,destination=/run/lock \
  --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup \
  --name archlinux-cupsd2 --platform linux/amd64 -it archlinux
DOCKER_CLI_EXPERIMENTAL=enabled docker run -d -p 631:631 --name debian-cupsd --platform linux/i386 debian
apt-get update
apt-get install cups

rewrite

/etc/nftables
[...]
table ip nat {
        chain prerouting {
                type nat hook prerouting priority filter; policy accept

                # Forward web traffic to http.pi
                ip daddr 192.168.178.4 tcp dport 631 dnat to 172.17.0.2
}
pacman -S nftables iptables-nft docker
gpasswd -a picloud docker
systemctl restart docker
DOCKER_CLI_EXPERIMENTAL=enabled docker run --privileged \
                                           -v /etc/avahi/services:/etc/avahi/services \
                                           -v /var/run/dbus:/var/run/dbus \
                                           -v /dev/bus/usb/:/dev/bus/usb/ \
                                           -p 631:631 \
                                           -p 5353:5353/udp \
                                           -dit \
                                           --restart always \
                                           --entrypoint /usr/bin/cupsd \
                                           --name archlinux-cupsd --platform linux/amd64 archlinux
docker exec -it archlinux-cupsd
/etc/pacman/pacman.conf
[...]
[multilib]
Include = /etc/pacman.d/mirrorlist

[projectinsanity]
SigLevel = PackageOptional
Server = https://onny.project-insanity.org/archlinux
$ pacman -Sy cups ghostscript xerox-phaser-6000-6010
$ passwd
/etc/cups/cupsd.conf
[...]
Listen 0.0.0.0:631
[...]
# Restrict access to the server...
<Location />
  Order allow,deny
  Allow all
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow all
</Location>
[...]
$ lsusb
[...]
Bus 002 Device 004: ID 413c:5404 Dell 1250c Color Printer
[...]
$ chown root:cups /dev/bus/usb/002/004
$ /usr/bin/cupsd -l
/etc/avahi/services/airprint.service
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
  <name>yourPrnterName</name>
  <service>
    <type>_ipp._tcp</type>
    <subtype>_universal._sub._ipp._tcp</subtype>
    <port>631</port>
    <txt-record>txtver=1</txt-record>
    <txt-record>qtotal=1</txt-record>
    <txt-record>rp=printers/yourPrnterName</txt-record>
    <txt-record>ty=yourPrnterName</txt-record>
    <txt-record>adminurl=http://198.168.7.15:631/printers/yourPrnterName</txt-record>
    <txt-record>note=Office Laserjet 4100n</txt-record>
    <txt-record>priority=0</txt-record>
    <txt-record>product=(GPL Ghostscript)</txt-record>
    <txt-record>printer-state=3</txt-record>
    <txt-record>printer-type=0x801046</txt-record>
    <txt-record>Transparent=T</txt-record>
    <txt-record>Binary=T</txt-record>
    <txt-record>Fax=F</txt-record>
    <txt-record>Color=T</txt-record>
    <txt-record>Duplex=T</txt-record>
    <txt-record>Staple=F</txt-record>
    <txt-record>Copies=T</txt-record>
    <txt-record>Collate=F</txt-record>
    <txt-record>Punch=F</txt-record>
    <txt-record>Bind=F</txt-record>
    <txt-record>Sort=F</txt-record>
    <txt-record>Scan=F</txt-record>
    <txt-record>pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg,image/png,image/urf</txt-record>
    <txt-record>URF=W8,SRGB24,CP1,RS600</txt-record>
  </service>
</service-group>
udp        0      0 0.0.0.0:37820           0.0.0.0:*                           774/avahi-daemon: r 
udp6       0      0 :::5353                 :::*                                774/avahi-daemon: r 
udp6       0      0 :::5355                 :::*                                528/systemd-resolve 
udp6       0      0 :::50900                :::*                                774/avahi-daemon: r 

setup

core

useradd --uid 1002 picloud
timedatectl set-ntp true
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc
# edit /etc/locale.gen
locale-gen
/etc/locale.conf
LANG=en_US.UTF-8
/etc/vconsole.conf
KEYMAP=de-latin1
/etc/hostname
picloud
/etc/hosts
127.0.0.1	localhost
::1		localhost
127.0.1.1	picloud.localdomain	picloud

fstab

/etc/fstab -p # Static information about the filesystems. # See fstab(5) for details. # <file system
 <dir> <type> <options> <dump> <pass>
/dev/sda    /mnt    btrfs   nofail,loop,offset=1048576  2   0

hdparm

pacman -S hdparm
/etc/systemd/system/hdparm.service
[Unit]
Description=hdparm sleep

[Service]
Type=oneshot
ExecStart=/usr/bin/hdparm -q -S 120 -y /dev/sda

[Install]
WantedBy=multi-user.target
systemctl enable --now hdparm

nftables

pacman -S nftables
/etc/nftables.conf
table inet filter {
        set tcp_accepted {
                type inet_service
                flags interval
                elements = { 22,8096,631 }
        }

        set udp_accepted {
                type inet_service
                flags interval
                elements = { 60000-61000 }
        }

        chain base_checks {
                ct state { established, related } accept
                ct state invalid drop
        }

        chain input {
                type filter hook input priority filter; policy drop;
                jump base_checks
                iifname "lo" accept
                ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept
                ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
                tcp dport @tcp_accepted accept
                udp dport @udp_accepted accept
                reject
        }

        chain forward {
                type filter hook forward priority filter; policy drop;
                jump base_checks
        }

        chain output {
                type filter hook output priority filter; policy accept;
        }
}
systemctl enable --now nftables

systemd-resolved

/etc/systemd/resolved.conf
[...]
MulticastDNS=no
[...]

avahi

pacman -S avahi
/etc/avahi/services/airprint.service
 
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
  <name>Dell 1250c</name>
  <service>
    <type>_ipp._tcp</type>
    <subtype>_universal._sub._ipp._tcp</subtype>
    <port>631</port>
    <txt-record>txtver=1</txt-record>
    <txt-record>qtotal=1</txt-record>
    <txt-record>rp=printers/Dell_1250c_Color_Printer</txt-record>
    <txt-record>ty=Dell_1250c_Color_Printer</txt-record>
    <txt-record>adminurl=http://192.168.178.2:631/printers/Dell_1250c_Color_Printer</txt-record>
    <txt-record>note=Dell 1250c</txt-record>
    <txt-record>priority=0</txt-record>
    <txt-record>product=(GPL Ghostscript)</txt-record>
    <txt-record>printer-state=3</txt-record>
    <txt-record>printer-type=0x801046</txt-record>
    <txt-record>Transparent=T</txt-record>
    <txt-record>Binary=T</txt-record>
    <txt-record>Fax=F</txt-record>
    <txt-record>Color=T</txt-record>
    <txt-record>Duplex=T</txt-record>
    <txt-record>Staple=F</txt-record>
    <txt-record>Copies=T</txt-record>
    <txt-record>Collate=F</txt-record>
    <txt-record>Punch=F</txt-record>
    <txt-record>Bind=F</txt-record>
    <txt-record>Sort=F</txt-record>
    <txt-record>Scan=F</txt-record>
    <txt-record>pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg,image/png,image/urf</txt-record>
    <txt-record>URF=W8,SRGB24,CP1,RS600</txt-record>
  </service>
</service-group>
systemctl enable --now avahi-daemon

systemd-networkd

/etc/systemd/network/eth0.network
[Match]
Name=eth0

[Network]
Address=192.168.178.2/24
Gateway=192.168.178.1
DNS=192.168.178.1
DNSSEC=false
DHCP=ipv6
systemctl enable --now systemd-networkd
picloud.txt · Last modified: 2021/10/31 10:42 by 127.0.0.1