Xubuntu Home Server on Dell XPS 13 9370

[ General warning, this isn't a newbie or step-by-step instruction on how to do this. 

If you follow this blindly or don't know what a command does you might wipe something value on your system]

Introduction

I picked up this box through the Dell Outlet for working remotely, but not at home.  It functions okay for that task but I'm in need of a new home server to replace my old Alienware 14 R2 ancient box.


Introduction

Before Xubuntu 20.04 Installation

BIOS Changes

Make Bitwise Factory Backup

Fresh Xubuntu Installation

Zero out the harddrive

Install Xubuntu

Install latest updates

System Configuration

LUKS + PAM home directory

Boot Xubuntu Live Image & Prepare new partition

Create new user with admin privileges

Configure PAM mount for primary user

Install Software

APT Repository

Non APT

Golang

Google Chrome

Configuration

BIND

PIN Entry

Nginx + GIT docker

XPS 13 9370 Clickpad Buttons

Postfix via Gmail

ZRam

RamDisk

Rsyslog


Before Xubuntu 20.04 Installation

BIOS Changes

Access BIOS through F2

(not comprehensive list)

Set SATA Operation to AHCI

Set Fn key to act like Fn

Set Battery for Primarily on AC

Make Bitwise Factory Backup

dd if=/dev/nvme0n1 bs=1MB | ssh home-server "(cd /media/backup/xps13-9370 && dd of=9370.bs.img)"


apt install pbzip2

for INDEX in 1 2 3 4; do

 dd if=/dev/nvme0n1p${INDEX} bs=8MB | pbzip2 -9c | ssh home-server "(cd /media/backup/xps13-9370 && dd of=nvme0n1p${INDEX}.img.bz2)"

done


# verify that the data looks good

sha256sum /dev/nvme0n1p{1,2,3,4}


for INDEX in 1 2 3 4; do

 bunzip2 -dc nvme0n1p${INDEX} | sha256sum

done


# unmount and disconnect the backup drive



Fresh Xubuntu Installation

Zero out the harddrive

dd if=/dev/zero of=/dev/nvme0n1 bs=1MB count=1


Install Xubuntu

Select LVM

Select install 3rd Party Packages

Select a secure boot password

Reboot


Install latest updates

sudo apt-get -y update; sudo apt-get -y dist-upgrade; sudo apt-get -y autoremove; sudo apt-get -y autoclean

sudo apt-get -y install openssh-server smartmontools

sudo fwupdmgr get-updates; sudo fwupdmgr update


## reboot if necessary


System Configuration

LUKS + PAM home directory

Since the default install allocates 100% data into the root LV, I need to break space out for my encrypted home partition.

Since expansion with LVM is safer than contraction, I'm going to be extra safe.  I shrink the FS more than I intend to shrink the LV, then shrink the LV, and then expand the FS back out.  This will avoid situations where rounding kills me.

Since ext4 doesn't support online shrinking of mounted partitions, I booted into a Live Xubuntu USB.

Boot Xubuntu Live Image & Prepare new partition

## this is all done under the live image

##

export ROOT_DIR=/dev/mapper/vgxubuntu-root

export VG=vgxubuntu


sudo e2fsck -f           ${ROOT_DIR:?MISSING_DIR}                         ## force check

sudo resize2fs -p        ${ROOT_DIR:?MISSING_DIR}  99G                    ## a little smaller than final

sudo lvresize -v -L 100G ${ROOT_DIR:?MISSING_DIR}                         ## shrink the partition

sudo resize2fs -p        ${ROOT_DIR:?MISSING_DIR}                         ## expand the filesystem to max for the new size

sudo e2fsck -f           ${ROOT_DIR:?MISSING_DIR}                         ## force check


sudo lvcreate -v -L 100G -n home ${VG:?MISSING_VG} /dev/nvme0n1p2         ## create new partition for encrypted home


sudo lvcreate -v -l 100%FREE -n trimmer ${VG:?MISSING_VG} /dev/nvme0n1p2  ## create a temporary block device for trimming

sudo blkdiscard /dev/mapper/vgxubuntu-trimmer                             ## trim unallocated space

sudo lvremove -v ${VG:?MISSING_VG}/trimmer                                ## whack the temporary block device



export HOME_DIR=/dev/mapper/vgxubuntu-home

sudo cryptsetup --verbose --verify-passphrase luksFormat ${HOME_DIR:?MISSING_HOME}

sudo cryptsetup luksOpen ${HOME_DIR:?MISSING_HOME} EncryptedHome

sudo mkfs.ext4 -L EncryptedHome /dev/mapper/EncryptedHome

sudo cryptsetup luksClose EncryptedHome


Create new user with admin privileges

use this new account to configure and test the encrypted home for the primary user

Configure PAM mount for primary user

sudo apt install cryptsetup libpam-mount                                  ## install cryptsetup


sudoedit /etc/security/pam_mount.conf.xml

## <volume user="primaryuser" fstype="crypt" path="/dev/mapper/vgxubuntu-home" mountpoint="/home/primaryuser" options="fsck,relatime" />


ssh primaryuser@localhost

df -h .         ## this should show the dev mapper mount


Install Software

APT Repository

sudo apt-get -y install attr alpine cifs-utils cryptsetup ctags curl dos2unix dump ecryptfs-utils git keyutils libpam-mount mdadm ntp net-tools pbzip2 pixz quota rdfind screen vim sysstat


sudo apt-get -y install docker docker.io


sudo apt-get -y install fortunes-debian-hints fortunes-ubuntu-server fortune-mod


sudo apt-get -y install bind9 bind9-dnsutils bind9-doc bind9-host bind9-utils


sudo apt-get -y install devilspie2 fonts-droid-fallback fonts-inconsolata fonts-ubuntu-font-family-console fonts-ubuntu-title gedit gedit-plugins gnome-mime-data nedit network-manager-openconnect{,-gnome} openconnect rdesktop


sudo apt-get -y install rxvt rxvt-unicode-256color terminator ttf-bitstream-vera ttf-ubuntu-font-family ttf-xfree86-nonfree xbacklight xdaliclock xfonts-100dpi xfonts-base xfonts-terminus xfonts-terminus-oblique xfsprogs xscreensaver xscreensaver-data xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra xsensors


sudo apt-get -y install xfce4-battery-plugin xfce4-cpufreq-plugin xfce4-datetime-plugin xfce4-diskperf-plugin xfce4-goodies xfce4-sensors-plugin


sudo apt-get -y install steam  # probably not on the server


sudo fc-cache -f -v


Non APT

Golang

export GOVER=1.15

export GOMINOR=.3

cd /tmp || exit

wget https://dl.google.com/go/go${GOVER}${GOMINOR}.linux-amd64.tar.gz

( umask 022; tar zxf go${GOVER}${GOMINOR}.linux-amd64.tar.gz )

mv go go${GOVER}

sudo rm -rf /usr/local/go${GOVER}

sudo mv go${GOVER} /usr/local

sudo chown -R bin:bin /usr/local/go${GOVER}

vim ~/.bashrc

export GOROOT=/usr/local/go1.15

export PATH=${PATH}:${GOROOT}/bin

Google Chrome

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

sudo sh -c 'echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list'

sudo apt-get update

sudo apt-get install google-chrome-stable

sudo rm /etc/apt/sources.list.d/google.list


Configuration

BIND

export EDITOR=vi

sudoedit /etc/bind/db.10.10.10 /etc/bind/db.10.10.11  /etc/bind/db.example.com /etc/bind/named.conf.options /etc/bind/named.conf.local

sudo systemctl reload named.service

sudo journalctl -u named

# test

dig @10.10.10.145 -x 10.10.10.17

dig @10.10.10.145 host1.example.com.

sudoedit /etc/systemd/resolved.conf

    DNS=127.0.0.1

sudo systemctl restart systemd-resolved

sudo systemd-resolve --status

PIN Entry

sudo apt install pinentry-tty

sudo update-alternatives --config pinentry

Nginx + GIT docker

docker pull emarcs/nginx-git

docker run -d -p 80:80 -v /media/user/EncryptedMirror/gitrepo:/srv/git emarcs/nginx-git

XPS 13 9370 Clickpad Buttons

sudoedit /usr/share/X11/xorg.conf.d/70-synaptics.conf

       ## Option "SoftButtonAreas" "50% 0 82% 0 0 0 0 0"

       Option "SoftButtonAreas" "66% 0 82% 0 33% 66% 82% 0"

Postfix via Gmail

# https://rtcamp.com/tutorials/linux/ubuntu-postfix-gmail-smtp/

sudo apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

## postfix: select your server as Internet Site and for FQDN use something like mail.example.com


sudoedit /etc/aliases

root:   you@gmail.com



sudoedit /etc/postfix/main.cf

relayhost = [smtp.gmail.com]:587

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

smtp_sasl_security_options = noanonymous

smtp_tls_CAfile = /etc/postfix/cacert.pem

smtp_use_tls = yes


sudoedit /etc/postfix/sasl_passwd

[smtp.gmail.com]:587    USERNAME@gmail.com:PASSWORD


sudo chmod 400 /etc/postfix/sasl_passwd

sudo postmap /etc/postfix/sasl_passwd


cat /etc/ssl/certs/thawte_Primary_Root_CA.pem | sudo tee -a /etc/postfix/cacert.pem


sudo newaliases

sudo /etc/init.d/postfix reload


echo "Test mail from postfix to me"   | mail -s "Test Postfix" you@example.com

echo "Test mail from postfix to root" | mail -s "Test Postfix" root

ZRam

sudo apt-get install zram-config

RamDisk

sudo cp /usr/share/systemd/tmp.mount /etc/systemd/system/

sudo systemctl enable tmp.mount

Rsyslog

sudoedit /etc/rsyslog.conf

 # uncomment tcp and udp

sudo systemctl restart rsyslog.service


Comments

Post a Comment

Popular posts from this blog

Cygwin + syslog-ng

Until I can get a real workstation at work and get off this winblows, Cygwin is my friend.  I am working on some OO programming with PERL and really need to be able to log syslog messages locally. After installing syslog-ng, I couldn't figure out how to run it, till I stumbled on a page that mentioned the syslogd-config command. Initially I had some problems because the /etc/passwd and /etc/group files were not world readable (don't know if that is a side effect of the Legato restore of my laptop or just the default behavior) however a quick " chmod a+r /etc/passwd /etc/group " seemed to help. running syslogd-config yielded this output: > syslogd-ng-config Creating default /etc/syslog-ng.conf file Warning: The syslogd service is already installed.  You can not run both, syslogd and syslog-ng in parallel. Do you want to deinstall the syslogd service in favor of syslog-ng? (yes/no) yes Warning: The following function requires administrator privileg
Read more

Fedora - VNC through systemd/xinetd

Configuring Fedora 17 for Xvnc through systemd/xinetd I found a number of links around but nothing exactly covered my setup.  I wanted to be able to run an X11 session from home as securely and efficiently as possible.  After configuring my home server like this: sudo yum install xinetd tigervnc-server-minimal sudoedit /etc/gdm/custom.conf [security] RelaxPermissions=0 [xdmcp] Enable=1 HonorIndirect=1 [greeter] Quiver=1 sudo useradd -d /var/empty/vncuser -m -s /bin/false vncuser sudoedit /etc/services vnc-1280 5910/tcp # VNC Listener sudoedit /etc/xinetd.d/vnc # BEGIN service vnc-1280 { socket_type = stream protocol = tcp wait = no user = vncuser server = /usr/bin/Xvnc server_args = -inetd -query localhost -desktop 1024x768x24 -once -geometry 1024x768 -NeverShared securitytypes=none } # END sudo systemctl start xinetd.service And you will need to restart GDM.  I couldn't get the systemctl restart prefdm stuff quite right, so I rebooted.  (Yeah,
Read more