Instructions for installing Ubuntu 24.04 on Jarvis (the SOHO server)

Note: This is an install of 16.04, upgraded to 18.04, then 20.04, then 22.04. and now 24.04. It may not be completely accurate.

Base install and configs

Install Ubuntu server as normal from an Ubuntu install CD.

Partition as follows:

Disks 1 and 2:
- BIOS compat boot partition (grub_bios) - 100MB
- /boot - 1GB (physical RAID)
- rest (physical RAID)
  - Make this RAID LVM, partitioned as follows:
```
/ - 50GB
/tmp - 50GB
/var - 50GB
swap - 4GB
/home - rest
```
Disks 3 and 4:
- whole disk (physical RAID)
- Make this RAID LVM, partitioned as follows:
```
/mnt/home2 - 5TB
/mnt/shared - 1TB
```
When it asks for what to install, select "standard system utilities" and "OpenSSH server" and leave everything else blank.

Networking is already set up with a reserved DHCP lease on the router. It is accessible as jarvis. No need for a static IP.

After machine is up, edit /etc/apt/sources.list.d/ubuntu.sources and make sure the following are enabled:

Suites: noble noble-updates noble-backports
Components: main restricted universe multiverse

Suites: noble-security
Components: main restricted universe multiverse

(they were after install for me)

Make sure all is up to date.

 sudo apt update
 sudo apt dist-upgrade

Install more useful things

sudo apt install tree unison atop nmap iotop emacs emacs-goodies-el elpa-go-mode elpa-rust-mode elpa-f elpa-let-alist elpa-markdown-mode elpa-yaml-mode elpa-flycheck lm-sensors ntp ssmtp gdisk git gitk iftop mailutils ppa-purge xsltproc smartmontools wakeonlan

Add any necessary user accounts
Make ssh work:
1. For an old machine, use the old keys - you did save /etc, didn't you?
2. For a new machine, use the new keys generated by the distro.
  - make sure to add to the firewall
```
sudo ufw allow ssh
```
  - edit /etc/ssh/sshd_config and set:
```
PermitRootLogin no
```
  - once you've set up public key auth, turn off password access - edit /etc/ssh/sshd_config and set
```
PasswordAuthentication no
```
  - restart ssh to apply changes
```
sudo service ssh restart
```

Set up samba

sudo apt install cifs-utils samba

and either set up a config file or copy one from ~/system_stuff/samba (I have several machine specific ones in there)

sudo ufw allow from 192.168.9.0/24 to any port bootps
sudo ufw allow from 192.168.9.0/24 to any port netbios-ns
sudo ufw allow from 192.168.9.0/24 to any port netbios-dgm
sudo ufw allow from 192.168.9.0/24 to any port netbios-ssn
sudo ufw allow from 192.168.9.0/24 to any port microsoft-ds

and set Samba to start on boot:

 sudo systemctl enable smbd
 sudo systemctl enable nmbd

and restart them all now:

 sudo service smbd restart
 sudo service nmbd restart

and, for this server, we do not need the AD DC server:

 sudo systemctl disable samba-ad-dc
 sudo service samba-ad-dc stop

Make sure to add accounts with:

 smbpasswd -a

for each user

Enable firewall (after allowing some other things through)
```
 sudo ufw allow from 192.168.9.0/24 to any port mdns
```
Disable firewally logging (it can be quite verbose on a busy network), then turn on the firewall.
```
 sudo ufw logging off
 sudo ufw enable
```

Add dashpodder to my crontab

 crontab -e

Then add a line like this:

 @daily  /home/matt/workspace/code/dashpodder/dashpodder.sh -v -c /home/matt/workspace/code/dashpodder/mp.conf

Set up linode backups

make target dir

mkdir ~/attic/backup/linode

on the remote server, you need to add the public key to authorized_keys, with the:

command=rsync --server --sender -vlHogDtprRze.iLsf . /etc /home /var/lib/mysql /var/lib/postgresql /var/lib/sympa

in front of it.

add to cron

@daily               /home/matt/bin/linode_backup

Set up rsnapshot

sudo apt install rsnapshot

and then add the following to my crontab:

 0 */1  * * *  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf hourly
 30 3   * * *  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf daily
 0  3   * * 1  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf weekly
 30 2   1 * *  /usr/bin/rsnapshot -c /home/matt/.rsnapshot.conf monthly

and make sure the following is in the ~/.rsnapshot.conf:

backup  /home/matt/attic/backup/linode/         localhost/

Set up sensors for ASROCK E350

add the following to /etc/modules:
```
  w83627ehf
```

Set up ssmtp

 cd /etc/ssmtp
 mv ssmtp.conf ssmtp.conf.old
 cp ~/system_stuff/ssmtp/ssmtp.conf .
 chgrp mail ssmtp.conf

Add /etc/fstab line for external backup drive (because there's no automounter)

 /dev/sde1          /mnt/external_backup  ext4   defaults,noauto  0       0

Make sure to make the mountpoint:

 sudo mkdir /mnt/external_backup

Add UPS monitoring

From http://blog.shadypixel.com/monitoring-a-ups-with-nut-on-debian-or-ubuntu-linux/

The first bit, with GNOME, works for desktops, not server. Anyway, install things:
```
 sudo apt install nut
```
Edit /etc/nut/ups.conf and add the following at the bottom:
```
 [ups]
     driver = usbhid-ups
     port = auto
```
There's only one UPS hooked to this guy, so we don't need to worry about disambiguation.

Also, if you just installed nut, but the UPS is already plugged in, you'll need to unplug and replug it to fire the hotplug events.

Start it:

sudo upsdrvctl start

Add the following to /etc/nut/upsd.conf
```
ACL all 0.0.0.0/0
ACL localhost 127.0.0.1/32
ACCEPT localhost
REJECT all
```
This will reject all nonlocal traffic

Add the following to /etc/nut/upsd.users
```
[local_mon]
    password = PASSWORD_HERE
    allowfrom = localhost
    upsmon master

[admin]
    password = ADMIN_PASSWORD_HERE
    allowfrom = localhost
    actions = SET
    instcmds = ALL
```
Obviously, make PASSWORD_HERE and ADMIN_PASSWORD_HERE some random passwords

Add the following to /etc/nut/upsmon.conf, at the bottom of the MONITOR section:

MONITOR ups@localhost 1 local_mon PASSWORD_HERE master

Edit /etc/nut/nut.conf and set

MODE=standalone

Enable and start it:
```
sudo systemctl enable nut-server
sudo systemctl restart nut-server
sudo systemctl enable nut-client
sudo systemctl restart nut-client
```
You can print statistics via:
```
upsc ups
```

Add monitoring (sortof):

make sure landscape is installed (to get landscape-sysinfo):

sudo apt install landscape-common

Then add the following to my crontab:

@daily               /usr/bin/ntpq -p; echo; df -lh; echo; cat /proc/mdstat; landscape-sysinfo

Add monitoring for thermostat to my crontab:
```
 @hourly              /home/matt/bin/thermostat_check
```
So, it will now email me if the thermostat goes dead.

Make common shared bind mounts:

sudo mkdir /home/matt/shared
sudo mkdir /home/liz/shared

Add remount lines:

/mnt/shared        /home/matt/shared/      none   bind             0       0
/mnt/shared        /home/liz/shared/       none   bind             0       0

Then remount:

sudo mount -a

And we want guests to actually be able to write to it, so we need to fix those perms:

sudo chmod o+w /mnt/shared

But we don't want random users deleting things, so set the sticky bit for a modicum of security:

sudo chmod +t /mnt/shared

And we want the users group to be able to manipulate things:

 sudo chmod g+s /mnt/shared

Set up time machine

Ref: https://www.grizzly-hills.com/2019/11/02/ubuntu-19-10-setting-up-time-machine/

Install things:
```
sudo apt install netatalk avahi-daemon
```
Edit the config file:
```
sudo -e /etc/netatalk/afp.conf
```

Add a section for time machine:

[Liz's Time Machine]
    path = /home/liz/time-machine
    time machine = yes

Make the directory

sudo mkdir -p /home/liz/time-machine
sudo chown -R liz:liz /home/liz/time-machine

Restart it
```
sudo service netatalk restart
```

Make sure all the ports are allowed through the firewall

sudo ufw allow from 192.168.9.0/24 to any port afpovertcp
sudo ufw allow from 192.168.9.0/24 to any port mdns
sudo ufw allow from 192.168.9.0/24 to any port svrloc
sudo ufw allow from 192.168.9.0/24 to any port 201 comment at-rtmp
sudo ufw allow from 192.168.9.0/24 to any port 202 comment at-nbp
sudo ufw allow from 192.168.9.0/24 to any port 204 comment at-echo
sudo ufw allow from 192.168.9.0/24 to any port 206 comment at-zis
sudo ufw allow from 192.168.9.0/24 to any port 1900 comment ssdp

Configure MiniDLNA (UPnP/DLNA server)
1. Edit /etc/minidlna.conf
  - comment out all the media_dir lines
  - add this one:
```
media_dir=/mnt/shared/shared/dlna
```
  - And set the friendly_name and other such things.
2. We need to increase the number of inodes that can be watched:
```
sudo sysctl fs.inotify.max_user_watches=100000
```
3. And we need it to persist, so create /etc/sysctl.d/90-inotify.conf with the contents of:
```
# Increase inotify max watchs per user for local minidlna
fs.inotify.max_user_watches = 100000
```
4. Allow it through the firewall:
```
sudo ufw allow from 192.168.9.0/24 to any port 8200
```
5. And, finally, restart it
```
sudo service minidlna restart
```

APPENDIX

Backup scripts

To run a backup, insert the external drive in to the cradle and run:
```
sudo ~/bin/server_backup
```
To set up a new drive for the above:
1. Partition
```
sudo gdisk /dev/sde
```
  (gdisk because MBR tops out at 2TB)
  
  create one big partition for the whole drive. No need to split it.
2. make the filesystem
```
sudo mkfs.ext4 -m 0 -L external_backup /dev/sde1
```
  -m 0 = no reserved blocks; it's a backup drive.
  
  -L external_backup = volume label. This is to make it consistent with the mount point.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

install.jarvis.ubuntu.24.04.md

install.jarvis.ubuntu.24.04.md

Instructions for installing Ubuntu 24.04 on Jarvis (the SOHO server)

Base install and configs

APPENDIX

Files

install.jarvis.ubuntu.24.04.md

Latest commit

History

install.jarvis.ubuntu.24.04.md

File metadata and controls

Instructions for installing Ubuntu 24.04 on Jarvis (the SOHO server)

Base install and configs

APPENDIX