Hotfix release available: 2024-02-06a "Kaos".
upgrade now! [55.1] (what's this?)
New release available: 2024-02-06 "Kaos".
upgrade now! [55] (what's this?)
picloud
Table of Contents
tp-link router
- /etc/rc.local
[...] sleep 5 /etc/init.d/p910nd restart exit 0
- /etc/firewall.user
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i net0 -o wlan0 -j ACCEPT iptables -I FORWARD -o br-lan -d 192.168.1.2 -j ACCEPT iptables -t nat -I PREROUTING -p tcp --dport 8096 -j DNAT --to 192.168.1.2:8096 iptables -t nat -A OUTPUT -p tcp --dport 8096 -j DNAT --to 192.168.1.2:8096 iptables -t nat -I PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.1.2:22 iptables -t nat -A OUTPUT -p tcp --dport 2222 -j DNAT --to 192.168.1.2:22
armstone a9
- /etc/systemd/system/secure-tunnel@.service
[Unit] Description=Setup a secure tunnel to %I After=network.target [Service] User=picloud Environment="LOCAL_ADDR=localhost" EnvironmentFile=/etc/default/secure-tunnel@%i ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -l ${REMOTE_USER} -i ${KEY_FILE} -R ${REMOTE_ADDR}:${REMOTE_PORT}:${LOCAL_ADDR}:${LOCAL_PORT} ${TARGET} # Restart every >2 seconds to avoid StartLimitInterval failure RestartSec=30 Restart=always [Install] WantedBy=multi-user.target
- /etc/default/secure-tunnel@jellyfin
TARGET=144.76.16.40 LOCAL_ADDR=localhost LOCAL_PORT=8096 REMOTE_ADDR=0.0.0.0 REMOTE_PORT=8096 REMOTE_USER=onny KEYFILE=/home/picloud/.ssh/id_rsa
- /etc/default/secure-tunnel@ssh
TARGET=144.76.16.40 LOCAL_ADDR=localhost LOCAL_PORT=22 REMOTE_ADDR=0.0.0.0 REMOTE_PORT=2222 REMOTE_USER=onny KEYFILE=/home/picloud/.ssh/id_rsa
systemctl daemon-reload systemctl enable --now secure-tunnel@ssh secure-tunnel@jellyfin
rock64
- latest working kernel: linux-aarch-5.0.X http://tardis.tiny-vps.com/aarm/packages/l/linux-aarch64/
onny@tuxzentrale ~> sudo fdisk -l /dev/mmcblk0 GPT PMBR size mismatch (4194303 != 60751871) will be corrected by write. The backup GPT table is not on the end of the device. This problem will be corrected by write. Disk /dev/mmcblk0: 29 GiB, 31104958464 bytes, 60751872 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 8B6BBA4F-80FF-49C5-8990-0762C108723D Device Start End Sectors Size Type /dev/mmcblk0p1 64 8063 8000 3.9M Linux filesystem /dev/mmcblk0p2 8064 8191 128 64K Linux filesystem /dev/mmcblk0p3 8192 16383 8192 4M Linux filesystem /dev/mmcblk0p4 16384 24575 8192 4M Linux filesystem /dev/mmcblk0p5 24576 32767 8192 4M Linux filesystem /dev/mmcblk0p6 32768 262143 229376 112M EFI System /dev/mmcblk0p7 262144 4194176 3932033 1.9G Linux root (ARM-64)
- packages: r128gain, smloadr, jellyfin, samba, caddy, php-fpm, cups, xerox-phaser-6000-6010
pacman -S cups systemctl enable --now org.cups.cupsd
pacman -S docker nftables iptables-nft systemctl enable --now docker nftables gpasswd -a picloud docker # put in your username, log out and log in again
- /etc
{ "experimental": true }
docker version -f '{{.Server.Experimental}}' # true docker run -it --name archlinux-cupsd --platform linux/amd64 archlinux
docker exec -it #CONTAINERID /bin/bash pacman -Syu cups xerox-phaser-6000-6010 cd /tmp wget "https://onny.project-insanity.org/archlinux/xerox-phaser-6000-6010-1.01_20110222-1-x86_64.pkg.tar.zst" pacman -U xerox-phaser-6000-6010-1.01_20110222-1-x86_64.pkg.tar.zst
docker run \ --entrypoint=/usr/lib/systemd/systemd \ --env container=docker \ --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup \ --mount type=bind,source=/sys/fs/fuse,target=/sys/fs/fuse \ --mount type=tmpfs,destination=/tmp \ --mount type=tmpfs,destination=/run \ --mount type=tmpfs,destination=/run/lock \ --unit=sysinit.target \ --name archlinux-cupsd --platform linux/amd64 archlinux
- sources
- /etc/pacman.conf
[...] [multilib] Include = /etc/pacman.d/mirrorlist
- add pi repo
docker run \ --env container=docker \ --entrypoint=/usr/lib/systemd/systemd \ --mount type=tmpfs,destination=/tmp \ --mount type=tmpfs,destination=/run \ --mount type=tmpfs,destination=/run/lock \ --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup \ --name archlinux-cupsd2 --platform linux/amd64 -it archlinux
- podman non-root https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)
- podman platform support https://github.com/containers/libpod/issues/6244
DOCKER_CLI_EXPERIMENTAL=enabled docker run -d -p 631:631 --name debian-cupsd --platform linux/i386 debian apt-get update apt-get install cups
rewrite
- /etc/nftables
[...] table ip nat { chain prerouting { type nat hook prerouting priority filter; policy accept # Forward web traffic to http.pi ip daddr 192.168.178.4 tcp dport 631 dnat to 172.17.0.2 }
pacman -S nftables iptables-nft docker gpasswd -a picloud docker systemctl restart docker DOCKER_CLI_EXPERIMENTAL=enabled docker run --privileged \ -v /etc/avahi/services:/etc/avahi/services \ -v /var/run/dbus:/var/run/dbus \ -v /dev/bus/usb/:/dev/bus/usb/ \ -p 631:631 \ -p 5353:5353/udp \ -dit \ --restart always \ --entrypoint /usr/bin/cupsd \ --name archlinux-cupsd --platform linux/amd64 archlinux docker exec -it archlinux-cupsd
- /etc/pacman/pacman.conf
[...] [multilib] Include = /etc/pacman.d/mirrorlist [projectinsanity] SigLevel = PackageOptional Server = https://onny.project-insanity.org/archlinux
$ pacman -Sy cups ghostscript xerox-phaser-6000-6010 $ passwd
- /etc/cups/cupsd.conf
[...] Listen 0.0.0.0:631 [...] # Restrict access to the server... <Location /> Order allow,deny Allow all </Location> # Restrict access to the admin pages... <Location /admin> Order allow,deny Allow all </Location> [...]
$ lsusb [...] Bus 002 Device 004: ID 413c:5404 Dell 1250c Color Printer [...] $ chown root:cups /dev/bus/usb/002/004 $ /usr/bin/cupsd -l
- /etc/avahi/services/airprint.service
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name>yourPrnterName</name> <service> <type>_ipp._tcp</type> <subtype>_universal._sub._ipp._tcp</subtype> <port>631</port> <txt-record>txtver=1</txt-record> <txt-record>qtotal=1</txt-record> <txt-record>rp=printers/yourPrnterName</txt-record> <txt-record>ty=yourPrnterName</txt-record> <txt-record>adminurl=http://198.168.7.15:631/printers/yourPrnterName</txt-record> <txt-record>note=Office Laserjet 4100n</txt-record> <txt-record>priority=0</txt-record> <txt-record>product=(GPL Ghostscript)</txt-record> <txt-record>printer-state=3</txt-record> <txt-record>printer-type=0x801046</txt-record> <txt-record>Transparent=T</txt-record> <txt-record>Binary=T</txt-record> <txt-record>Fax=F</txt-record> <txt-record>Color=T</txt-record> <txt-record>Duplex=T</txt-record> <txt-record>Staple=F</txt-record> <txt-record>Copies=T</txt-record> <txt-record>Collate=F</txt-record> <txt-record>Punch=F</txt-record> <txt-record>Bind=F</txt-record> <txt-record>Sort=F</txt-record> <txt-record>Scan=F</txt-record> <txt-record>pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg,image/png,image/urf</txt-record> <txt-record>URF=W8,SRGB24,CP1,RS600</txt-record> </service> </service-group>
- Setup on other computers https://superuser.com/a/1235155
- autostart container
udp 0 0 0.0.0.0:37820 0.0.0.0:* 774/avahi-daemon: r udp6 0 0 :::5353 :::* 774/avahi-daemon: r udp6 0 0 :::5355 :::* 528/systemd-resolve udp6 0 0 :::50900 :::* 774/avahi-daemon: r
setup
core
useradd --uid 1002 picloud timedatectl set-ntp true ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime hwclock --systohc # edit /etc/locale.gen locale-gen
- /etc/locale.conf
LANG=en_US.UTF-8
- /etc/vconsole.conf
KEYMAP=de-latin1
- /etc/hostname
picloud
- /etc/hosts
127.0.0.1 localhost ::1 localhost 127.0.1.1 picloud.localdomain picloud
fstab
- /etc/fstab -p # Static information about the filesystems. # See fstab(5) for details. # <file system
<dir> <type> <options> <dump> <pass> /dev/sda /mnt btrfs nofail,loop,offset=1048576 2 0
hdparm
pacman -S hdparm
- /etc/systemd/system/hdparm.service
[Unit] Description=hdparm sleep [Service] Type=oneshot ExecStart=/usr/bin/hdparm -q -S 120 -y /dev/sda [Install] WantedBy=multi-user.target
systemctl enable --now hdparm
nftables
pacman -S nftables
- /etc/nftables.conf
table inet filter { set tcp_accepted { type inet_service flags interval elements = { 22,8096,631 } } set udp_accepted { type inet_service flags interval elements = { 60000-61000 } } chain base_checks { ct state { established, related } accept ct state invalid drop } chain input { type filter hook input priority filter; policy drop; jump base_checks iifname "lo" accept ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept tcp dport @tcp_accepted accept udp dport @udp_accepted accept reject } chain forward { type filter hook forward priority filter; policy drop; jump base_checks } chain output { type filter hook output priority filter; policy accept; } }
systemctl enable --now nftables
systemd-resolved
- /etc/systemd/resolved.conf
[...] MulticastDNS=no [...]
avahi
pacman -S avahi
- /etc/avahi/services/airprint.service
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name>Dell 1250c</name> <service> <type>_ipp._tcp</type> <subtype>_universal._sub._ipp._tcp</subtype> <port>631</port> <txt-record>txtver=1</txt-record> <txt-record>qtotal=1</txt-record> <txt-record>rp=printers/Dell_1250c_Color_Printer</txt-record> <txt-record>ty=Dell_1250c_Color_Printer</txt-record> <txt-record>adminurl=http://192.168.178.2:631/printers/Dell_1250c_Color_Printer</txt-record> <txt-record>note=Dell 1250c</txt-record> <txt-record>priority=0</txt-record> <txt-record>product=(GPL Ghostscript)</txt-record> <txt-record>printer-state=3</txt-record> <txt-record>printer-type=0x801046</txt-record> <txt-record>Transparent=T</txt-record> <txt-record>Binary=T</txt-record> <txt-record>Fax=F</txt-record> <txt-record>Color=T</txt-record> <txt-record>Duplex=T</txt-record> <txt-record>Staple=F</txt-record> <txt-record>Copies=T</txt-record> <txt-record>Collate=F</txt-record> <txt-record>Punch=F</txt-record> <txt-record>Bind=F</txt-record> <txt-record>Sort=F</txt-record> <txt-record>Scan=F</txt-record> <txt-record>pdl=application/octet-stream,application/pdf,application/postscript,image/jpeg,image/png,image/urf</txt-record> <txt-record>URF=W8,SRGB24,CP1,RS600</txt-record> </service> </service-group>
systemctl enable --now avahi-daemon
systemd-networkd
- /etc/systemd/network/eth0.network
[Match] Name=eth0 [Network] Address=192.168.178.2/24 Gateway=192.168.178.1 DNS=192.168.178.1 DNSSEC=false DHCP=ipv6
systemctl enable --now systemd-networkd
picloud.txt · Last modified: 2021/10/31 10:42 by 127.0.0.1
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
