Skip to content

Hardware Install

Jump to bottom
Joe edited this page Sep 1, 2023 · 18 revisions

System

Harden SSH

via https://linuxhandbook.com/ssh-hardening-tips/

  1. Create a new SSH Group for approved users: sudo groupadd -g 1022 ssh_allowed
  2. Add your primary SSH User to this group: sudo usermod -a -G ssh_allowed pi
  3. On your client, generate a private and public key: ssh-keygen -t ed25519. Use the default name. Provide a passphrase
  4. Copy the contents of your public key. SSH into the server. Paste your Public Key into ~/.ssh/authorized_keys
  5. Open SSHD Config: sudo nano /etc/ssh/sshd_config
    1. Disable empty passwords: PermitEmptyPasswords no
    2. Change default SSH ports: Port 2345
    3. Prevent root login: PermitRootLogin no
    4. Limit active sessions: MaxSessions 4
    5. Configure idle timeout interval: ClientAliveInterval 300
    6. Configure how many times it sends the alive message before disconnecting: ClientAliveCountMax 2
    7. Configure Allowed Groups: AllowGroups ssh_allowed
    8. Disable X11 Forwarding: X11Forwarding no
  6. Use the correct permissions: chmod 600 ~/.ssh/authorized_keys
  7. After the change, you will need to restart the sshd service using sudo systemctl restart ssh or rebooting.

Install MergerFS

via https://perfectmediaserver.com/installation/manual-install-ubuntu/#mergerfs

wget https://github.com/trapexit/mergerfs/releases/download/2.32.2/mergerfs_2.32.2.ubuntu-focal_amd64.deb
sudo dpkg -i mergerfs_2.32.2.ubuntu-focal_amd64.deb
apt list mergerfs

Prep for MergerFS and SnapRAID

via PMS:

We recommended /mnt/diskN because it makes the fstab entry for MergerFS simpler

  1. mkdir /mnt/parity1 # adjust this command based on your parity setup
  2. mkdir /mnt/storage # this will be the main mergerfs mountpoint

Install SnapRaid

per https://perfectmediaserver.com/installation/manual-install-ubuntu/#compile-and-install these steps assume a valid, working docker installation apt update && apt install git -y mkdir ~/tmp && cd ~/tmp git clone https://github.com/IronicBadger/docker-snapraid cd docker-snapraid chmod +x build.sh ./build.sh sudo dpkg -i build/snapraid-from-source.deb

Schedule SnapRaid

per https://perfectmediaserver.com/installation/manual-install-ubuntu/#automating-parity-calculation

Schedule I use. Because the snapraid commands need sudo, you also need to use sudo's crontab. Described here. Thus, it's important to use sudo crontab-e

00 01 * * * python3 /opt/snapraid-runner/snapraid-runner.py -c /opt/snapraid-runner/snapraid-runner.conf && curl -X POST -fsS --retry 3 https://hc-ping.com/123-1103-xyz-abc-123 > /tmp/snapraid-parity-scheduled.log 2>&1

I had a lot of trouble with CRON. Mostly noob issues. These commands are helpful service cron status service cron restart tail -f /var/log/syslog | grep CRON

New Drive

Installation

  1. Physically install the drive
  2. CLI instructions via perfectmediaserver. However, when I did this things broke. I had better luck through the Ubuntu GUI - obviously that's not always possible or ideal. Problem for another day.
    1. Identify the drive: ls /dev/disk/by-id
    2. Create a Map between drive mapping and device: ls -la /dev/disk/by-id/<your_identified_disk_id>. The result , eg /sdc will be used several times in later steps.

Bad blocks

Initial Setup

git clone https://github.com/Spearfoot/disk-burnin-and-testing

Each drive

  1. ls -la /dev/disk/by-id
  2. Dry Run: ./disk-burnin-sh /dev/<diskname>
  3. Do one last sanity check: ls -lA /dev/<diskname>
  4. WARNING: Disk erasure: ./disk-burnin-sh -f -o ~/Documents/burn-logs /dev/<diskname>

Finishing Install after Success

Partitioning

  1. Create a new Partition: gdisk /dev/<diskname>. !!! Ensure you have the correct value, this is destructive. See below "cheats"
  2. Create an ext4 filesystem mkfs.ext4 /dev/<diskname>1

GDisk cheats via https://perfectmediaserver.com/03-installation/manual-install-ubuntu/#identifying-drives

  • o - creates a new EMPTY GPT partition table (GPT is good for large drives over 3TB)
    • Proceed? (Y/N) - Y
  • n - creates a new partition
    • Partition number (1-128, default 1): 1
    • First sector (34-15628053134, default = 2048) or {+-}size{KMGTP}: leave blank
    • Last sector (2048-15628053134, default = 15628053134) or {+-}size{KMGTP}: leave blank
    • Hex code or GUID (L to show codes, Enter = 8300): 8300
  • p - (optional) validate 1 large partition to be created
    • Model: HGST HDN728080AL
    • Number Start (sector) End (sector) Size Code Name
    • 1 2048 15628053134 7.3 TiB 8300 Linux filesystem
  • w - writes the changes made thus far
    • Until this point, gdisk has been non-destructive
    • Confirm that making these changes is OK and the changes queued so far will be executed

Preparing Mount

  1. ls -lA /dev/disk/by-id to get the disk's proper name, now it should contain "-part1"
  2. Create a directory for this drive: mkdir /mnt/manualdiskmounttest
  3. Mount the disk: mount /dev/disk/by-id/<diskname>-part1 /mnt/manualdiskmounttest
  4. Verify df -h

Mounting via fstab

  1. ls -lA /dev/disk/by-id to get the disk's proper name
  2. Edit fstab nano /etc/fstab
  3. mount /dev/disk/by-id/<diskname> /mnt/disk<number> include the "part1" from the
  4. Refresh the mounts mount -a
  5. The drive should now be found via ls /mnt/disk<number>
  6. Confirm with df -h. The "mergerfs" File System should be mounted to /mnt/storage and should have an aggregate storage space!

fstab example:

/dev/disk/by-id/ata-WDC_WD100EMAZ-00WJTA0_16G0Z7RZ-part1 /mnt/parity1 ext4 defaults 0 0
/dev/disk/by-id/ata-WDC_WD100EMAZ-00WJTA0_16G10VZZ-part1 /mnt/disk1   ext4 defaults 0 0
/dev/disk/by-id/ata-WDC_WD100EMAZ-00WJTA0_2YHV69AD-part1 /mnt/disk2   ext4 defaults 0 0
/dev/disk/by-id/ata-WDC_WD100EMAZ-00WJTA0_2YJ15VJD-part1 /mnt/disk3   ext4 defaults 0 0
/dev/disk/by-id/ata-HGST_HDN728080ALE604_R6GPPDTY-part1  /mnt/disk4   ext4 defaults 0 0

/mnt/disk* /mnt/storage fuse.mergerfs defaults,nonempty,allow_other,use_ino,cache.files=off,moveonenospc=true,dropcacheonclose=true,minfreespace=200G,fsname=mergerfs 0 0```

## Update SnapRAID
1. Edit snapraid.conf: `nano /opt/snapraid/snapraid.conf
1. Add the new drive: `data d2 /mnt/disk2`

## Create File System
tbd, follow other structure as needed (eg. add the same directories if you want MergerFS to split where files go)

## Update Scrutiny & Homepage
1. Add a new `SYS_DISK` variable to .env. Provide the correct disk
1. Update the Scrutiny container's `devices:` _note to self, can I list out envs here??_
1. Update the Homepage container's `volumes:`
Clone this wiki locally