Configuration of my private server infrastructure. Completely managed by ansible and linux containers.
The whole infrastructure has several purposes:
- central data storage with redundancy and change history
- automated backup solution for servers and clients
- protection of private data
- multiple services accessible only in local LAN or internet
The infrastructure consists of multiple hosts where one is responsible to provide access to internal services through the internet. The following diagram gives an overview of the relevant hosts and some data flows.
The following services are available:
- local file access: samba
- SSH access hardened by following:
- RAID1 and change history: btrfs and btrbk
- automatic server and client backups: rsync and rsync-daemon and QtdSync
- disk monitoring: smartctl
- download manager: jdownloader
- torrent manager: transmission
- dyn-dns: duckdns
- static web-server and reverse-proxy: caddy2
- static markdown wiki: mdwiki
- password manager: bitwarden
- multi-room audio system: logitech media server
- media server: jellyfin
- media request management: jellyseerr
- low-latency voice chat: mumble
- home automation: homeassistant with mosquitto MQTT
The whole setup can be emulated by using virtual machines managed by Vagrant. Some of the usual commands are as follows:
vagrant up # create all VMs
vagrant up main # create only the `main` VM specified in the `Vagrantfile`
vagrant provision main
See the Vagrantfile for more information.
- Enable
Power On
after power loss - Disable unused LAN adapters
- Enable WOL and allow to boot from USB device (if USB LAN adapter is used)(if this host is controlled by WOL)
- Download corresponding minimal ubuntu LTS server image
- Flash USB stick with
rufus
- Use guided/minimal installation
- Choose to partition whole primary disk with only one partition for
/
- Install GRUB bootloader
- Select hostname corresponding to hardware setup and build year
- Create user
clang
- Install SSH server and no desktop environment
- Remove not working apt sources:
sudo nano /etc/apt/sources.list
This can be used for initial setup but should be removed afterward.
sudo su
printf "clang ALL=(ALL) NOPASSWD: ALL\n" >> /etc/sudoers.d/clang
exit
sudo nano /etc/netplan/00-installer-config.yaml
sudo netplan apply
# This is the network config written by 'subiquity'
# Changed to static IPs by clang
network:
version: 2
ethernets:
enp0s10:
addresses:
- 192.168.0.7/24
gateway4: 192.168.0.1
nameservers:
addresses: [192.168.0.1, 8.8.8.8, 1.1.1.1]
or
sudo nano /etc/network/interfaces
sudo reboot
auto enp0s5
iface enp0s5 inet static
address 192.168.0.7
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 192.168.0.1 8.8.8.8 1.1.1.1
ssh-copy-id clang@192.168.0.7
sudo apt-get update
sudo apt-get upgrade
sudo apt-get autoremove
sudo wipefs -a /dev/sdX
# or
sudo dd if=/dev/zero of=/dev/sdX bs=512 count=1
Install Ansible:
sudo apt-get update
sudo apt-get install -y python3 python3-pip
sudo pip3 install passlib ansible
Create ansible vault PW file: infra_pw
and run specific ansible playbook launcher script, e.g.:
./backup.sh