Fév 10 2018

Home server (re)installation

Yesterday, after a power outage, the SSD inside my home server fried… As usual, I realised how many things were not backed up after the fact… That’s ironic when you know that one of the purpose of this machine was backuping my stuff !

The roles of the servers are :

  • Internet Gateway
  • Wireless Access Point
  • Storage server
  • Media player
  • Web server (for websites without critical importance, like tests sites, etc)
  • Torrents

In this article (and the next ones), I’ll describe the setup of the new server.

Hardware :

The server is a PC stuffed with many hard drives, 2 ethernet card and a wifi card, hooked up to a TV.

The system is a standard Arch Linux on a SSD. The data hard drives are configured as a BTRFS volume in RAID1.

One NIC is plugged into my ISP fibre adapter, the other one is plugged into my local network.

Network configuration

I used systemd-networkd to configure my network,  hostapd for the wireless access point and dnsmasq for the dhcp/dns.

First, renaming the interfaces :

/etc/systemd/network/10-lan.link

/etc/systemd/network/10-wan.link

/etc/systemd/network/10-wlan0.link

Then I’ve created a new bridge interface. This interface will connect the wired and wireless lan into one network.

/etc/systemd/network/20-br0.netdev

I’ve added the wired lan network to the bridge. The wireless lan network will be added by hostapd.

/etc/systemd/network/20-lan.network

I ‘ve configured the lan network to a staic IP

/etc/systemd/network/30-br0.network

Then I’ve setup the wan network as a DHCP. My internet provider (SFR) require a vendor class starting by neufbox*. I also added IPForward=yes (this used to be done through sysctl or /proc). This command just activate the routing functionality inside the linux kernel. It could be added to any interface.

/etc/systemd/network/30-wan.network

Then I’ve implement my firewall rules :

/etc/iptables/iptables.rules

Wireless access point:

/etc/hostapd/hostapd.conf

Then the DHCP server / DNS cache:

/etc/dnsmasq.conf

Then I’ve enabled all service:

That’s it for the network part. stay tuned for the rest of the config !

 

Laisser un commentaire

Your email address will not be published.