Home server (re)installation

Yesterday, after a power outage, the SSD inside my home server fried… As usual, I realised how many things were not backed up after the fact… That’s ironic when you know that one of the purpose of this machine was backuping my stuff !

The roles of the servers are :

  • Internet Gateway
  • Wireless Access Point
  • Storage server
  • Media player
  • Web server (for websites without critical importance, like tests sites, etc)
  • Torrents

In this article (and the next ones), I’ll describe the setup of the new server.

Hardware :

The server is a PC stuffed with many hard drives, 2 ethernet card and a wifi card, hooked up to a TV.

The system is a standard Arch Linux on a SSD. The data hard drives are configured as a BTRFS volume in RAID1.

One NIC is plugged into my ISP fibre adapter, the other one is plugged into my local network.

Network configuration

I used systemd-networkd to configure my network,  hostapd for the wireless access point and dnsmasq for the dhcp/dns.

First, renaming the interfaces :

/etc/systemd/network/10-lan.link

/etc/systemd/network/10-wan.link

/etc/systemd/network/10-wlan0.link

Then I’ve created a new bridge interface. This interface will connect the wired and wireless lan into one network.

/etc/systemd/network/20-br0.netdev

I’ve added the wired lan network to the bridge. The wireless lan network will be added by hostapd.

/etc/systemd/network/20-lan.network

I ‘ve configured the lan network to a staic IP

/etc/systemd/network/30-br0.network

Then I’ve setup the wan network as a DHCP. My internet provider (SFR) require a vendor class starting by neufbox*. I also added IPForward=yes (this used to be done through sysctl or /proc). This command just activate the routing functionality inside the linux kernel. It could be added to any interface.

/etc/systemd/network/30-wan.network

Then I’ve implement my firewall rules :

/etc/iptables/iptables.rules

Wireless access point:

/etc/hostapd/hostapd.conf

Then the DHCP server / DNS cache:

/etc/dnsmasq.conf

Then I’ve enabled all service:

That’s it for the network part. stay tuned for the rest of the config !

 

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée.

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.