User:Ctag/Notes

From ArchWiki

Overview

My notes for installing and maintaining GNU/Linux instances, working with personal computer hardware, etc.

Naming Schemes

My computers are named after fictional spacecraft. I do this because I think it sounds nice, like USS-Alabama is the naming scheme for United States Ships.

General Program Notes

SVG path to OpenSCAD

Make everything a path. Go to extensions > modify path > flatten bezier. Save as DXG R14.

Import in openscad and be done.

Also covers the warning "WARNING: Unsupported DXF Entity `SPLINE'"

http://www.inkscapeforum.com/viewtopic.php?t=12841

General Archlinux Notes

GTK Applications are slow to open

I recently noticed that most of my GTK programs will take upwards of a minute to launch. When running something like `libreoffice` from a shell I would see this output:

[berocs@bns-kharselim ~]$ libreoffice

(soffice:121830): Gtk-WARNING **: 20:01:31.935: Theme parsing error: gtk.css:1649:16: '-gtk-icon-size' is not a valid property name

(soffice:121830): Gtk-WARNING **: 20:01:31.935: Theme parsing error: gtk.css:1652:16: '-gtk-icon-size' is not a valid property name

(soffice:121830): Gtk-WARNING **: 20:01:57.023: Theme parsing error: gtk.css:1649:16: '-gtk-icon-size' is not a valid property name

(soffice:121830): Gtk-WARNING **: 20:01:57.023: Theme parsing error: gtk.css:1652:16: '-gtk-icon-size' is not a valid property name

(soffice:121830): GLib-GObject-CRITICAL **: 20:01:57.057: invalid (NULL) pointer instance

(soffice:121830): GLib-GObject-CRITICAL **: 20:01:57.057: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

(soffice:121830): Gtk-WARNING **: 20:02:22.145: Theme parsing error: gtk.css:1649:16: '-gtk-icon-size' is not a valid property name

(soffice:121830): Gtk-WARNING **: 20:02:22.146: Theme parsing error: gtk.css:1652:16: '-gtk-icon-size' is not a valid property name

(soffice:121830): GLib-GObject-CRITICAL **: 20:02:22.181: invalid (NULL) pointer instance

(soffice:121830): GLib-GObject-CRITICAL **: 20:02:22.181: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

I found this post: https://www.reddit.com/r/archlinux/comments/sjpyck/gnome_and_other_gtkbased_des_take_a_long_time_to/hvhhceo/

And uninstalled gtk-desktop-portal along with the flatpak dependencies. That fixed it for me.

Systemctl Timed Out

Error:

$systemctl enable whatever.service
[...]
Failed to execute operation: Connection timed out

Cause: lvm2 is broken.

Fix: I just uninstalled lvm2 on this machine, as it was unneeded.

https://github.com/systemd/systemd/issues/3353

GPG and Duplicity

If you get an error about not being able to use the signing keys or ioctl, make sure you've got something set up in .bashrc like this:

# For duplicity
export GPG_TTY=$(tty)
echo "UPDATESTARTUPTTY" | gpg-connect-agent > /dev/null 2&>1

For some reason the pinentry dialog won't show up without it.

https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html

Performance impact of growing LVM RAID

Summary: it looks like adding additional disks and migrating from raid5 to raid6 does not decrease performance, and may actually increase it somewhat.

Start setup has 3 disks in lvm-raid5.

# hdparm -Tt /dev/cryptvg/raid

/dev/cryptvg/raid:
 Timing cached reads:   8712 MB in  2.00 seconds = 4360.58 MB/sec
 HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 Timing buffered disk reads: 860 MB in  3.00 seconds = 286.51 MB/sec

# hdparm -Tt /dev/cryptvg/raid

/dev/cryptvg/raid:
 Timing cached reads:   8596 MB in  2.00 seconds = 4302.68 MB/sec
 HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 Timing buffered disk reads: 880 MB in  3.00 seconds = 293.08 MB/sec


# vgs
  VG      #PV #LV #SN Attr   VSize  VFree  
  cryptvg   3   1   0 wz--n- <6.37t 931.50g

After adding 3 disks and migrating to lvm-raid6

# hdparm -Tt /dev/cryptvg/raid

/dev/cryptvg/raid:
 Timing cached reads:   8560 MB in  2.00 seconds = 4284.52 MB/sec
 HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 Timing buffered disk reads: 1262 MB in  3.02 seconds = 418.36 MB/sec

# hdparm -Tt /dev/cryptvg/raid

/dev/cryptvg/raid:
 Timing cached reads:   8846 MB in  2.00 seconds = 4428.08 MB/sec
 HDIO_DRIVE_CMD(identify) failed: Inappropriate ioctl for device
 Timing buffered disk reads: 1304 MB in  3.00 seconds = 434.33 MB/sec

# vgs
  VG      #PV #LV #SN Attr   VSize   VFree   
  cryptvg   6   1   0 wz--n- <11.83t <931.55g

Growing LVM Raid5

So you have an LVM RAID5 configuration. It looks like this:

# pvs
  PV                     VG      Fmt  Attr PSize  PFree  
  /dev/mapper/cryptslow1 cryptvg lvm2 a--  <1.82t      0 
  /dev/mapper/cryptslow2 cryptvg lvm2 a--  <1.82t      0 
  /dev/mapper/cryptslow3 cryptvg lvm2 a--  <2.73t 931.50g

# vgs
  VG      #PV #LV #SN Attr   VSize  VFree  
  cryptvg   3   1   0 wz--n- <6.37t 931.50g

# lvs -o name,vgname,segtype,attr,size,stripesize,data_stripes
  LV   VG      Type  Attr       LSize  Stripe #DStr
  raid cryptvg raid5 rwi-aor--- <3.64t 64.00k     2

# lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
[...]
sda                           8:0    0   2.7T  0 disk  
└─cryptslow3                254:4    0   2.7T  0 crypt 
  ├─cryptvg-raid_rmeta_2    254:12   0     4M  0 lvm   
  │ └─cryptvg-raid          254:14   0   3.7T  0 lvm   /mnt/raid
  └─cryptvg-raid_rimage_2   254:13   0   1.8T  0 lvm   
    └─cryptvg-raid          254:14   0   3.7T  0 lvm   /mnt/raid
sdb                           8:16   0   1.8T  0 disk  
└─sdb1                        8:17   0   1.8T  0 part  
  └─cryptslow2              254:2    0   1.8T  0 crypt 
    ├─cryptvg-raid_rmeta_1  254:10   0     4M  0 lvm   
    │ └─cryptvg-raid        254:14   0   3.7T  0 lvm   /mnt/raid
    └─cryptvg-raid_rimage_1 254:11   0   1.8T  0 lvm   
      └─cryptvg-raid        254:14   0   3.7T  0 lvm   /mnt/raid
sdf                           8:80   0   1.8T  0 disk  
└─sdf1                        8:81   0   1.8T  0 part  
  └─cryptslow1              254:3    0   1.8T  0 crypt 
    ├─cryptvg-raid_rmeta_0  254:8    0     4M  0 lvm   
    │ └─cryptvg-raid        254:14   0   3.7T  0 lvm   /mnt/raid
    └─cryptvg-raid_rimage_0 254:9    0   1.8T  0 lvm   
      └─cryptvg-raid        254:14   0   3.7T  0 lvm   /mnt/raid

From the `lvs` command you can confirm that the LVM logical volume is "raid5". It uses three 2TB disks (ignoring the extra space on the larger one) to create a 4TB logical partition.

Begin by scrubbing the volume one last time to make sure it's healthy before you start tearing things apart.

# lvchange --syncaction check /dev/cryptvg/raid

Once the scrub is complete, install your new disk and get it wiped and ready to go (I encrypt the base disk, not covered here):

# lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
[...]
sde                           8:64   0   1.8T  0 disk  
└─cryptslow4                254:5    0   1.8T  0 crypt 

# pvcreate /dev/mapper/cryptslow4

# vgextend cryptvg /dev/mapper/cryptslow4

# pvs -a
  PV                     VG      Fmt  Attr PSize  PFree  
  /dev/mapper/cryptslow1 cryptvg lvm2 a--  <1.82t      0 
  /dev/mapper/cryptslow2 cryptvg lvm2 a--  <1.82t      0 
  /dev/mapper/cryptslow3 cryptvg lvm2 a--  <2.73t 931.50g
  /dev/mapper/cryptslow4 cryptvg lvm2 a--  <1.82t  <1.82t

So the logical volume is added, yay! But it shows all of the space as free still, so we have to do something to make LVM build this disk into the raid LV.

# lvconvert --stripes 3 /dev/cryptvg/raid 
  Using default stripesize 64.00 KiB.
  WARNING: Adding stripes to active and open logical volume cryptvg/raid will grow it from 953860 to 1430790 extents!
  Run "lvresize -l953860 cryptvg/raid" to shrink it or use the additional capacity.
Are you sure you want to add 1 images to raid5 LV cryptvg/raid? [y/n]: y
  Insufficient suitable allocatable extents for logical volume : 3 more required
  Reshape request failed on LV cryptvg/raid.

That didn't work for me, because this new disk is 3 extents smaller than the others. Oh no!

# pvs -a -o +pv_pe_count,pv_pe_alloc_count
  PV                     VG      Fmt  Attr PSize  PFree    PE     Alloc 
  /dev/mapper/cryptslow1 cryptvg lvm2 a--  <1.82t   20.00m 476931 476931
  /dev/mapper/cryptslow2 cryptvg lvm2 a--  <1.82t   20.00m 476931 476931
  /dev/mapper/cryptslow3 cryptvg lvm2 a--  <2.73t <931.52g 715395 476931
  /dev/mapper/cryptslow4 cryptvg lvm2 a--  <1.82t   <1.82t 476927      0

See above how the new disk has only '476927' extents and not '476931'? That's the problem. We need to make LVM only allocate the smaller number or less extents for the RAID5 arrangement to be able to use this new disk.

# lvresize -r -l -10 /dev/cryptvg/raid
fsck from util-linux 2.34
/dev/mapper/cryptvg-raid: clean, 913995/240320512 files, 686703011/961280000 blocks
resize2fs 1.45.3 (14-Jul-2019)
Resizing the filesystem on /dev/mapper/cryptvg-raid to 976742400 (4k) blocks.
The filesystem on /dev/mapper/cryptvg-raid is now 976742400 (4k) blocks long.

  Size of logical volume cryptvg/raid changed from <3.64 TiB (953860 extents) to <3.64 TiB (953850 extents).
  Logical volume cryptvg/raid successfully resized.

# pvs -a -o +pv_pe_count,pv_pe_alloc_count
  PV                     VG      Fmt  Attr PSize  PFree    PE     Alloc 
  /dev/mapper/cryptslow1 cryptvg lvm2 a--  <1.82t   20.00m 476931 476926
  /dev/mapper/cryptslow2 cryptvg lvm2 a--  <1.82t   20.00m 476931 476926
  /dev/mapper/cryptslow3 cryptvg lvm2 a--  <2.73t <931.52g 715395 476926
  /dev/mapper/cryptslow4 cryptvg lvm2 a--  <1.82t   <1.82t 476927      0

That appears to have done the trick! Now we need to finally add the new disk:

# lvconvert --stripes 3 /dev/cryptvg/raid 
  Using default stripesize 64.00 KiB.
  WARNING: Adding stripes to active logical volume cryptvg/raid will grow it from 953850 to 1430775 extents!
  Run "lvresize -l953850 cryptvg/raid" to shrink it or use the additional capacity.
Are you sure you want to add 1 images to raid5 LV cryptvg/raid? [y/n]: y
  device-mapper: reload ioctl on  (254:14) failed: Invalid argument
  Failed to lock logical volume cryptvg/raid.
  Reshape request failed on LV cryptvg/raid.

... The command failed. But if you check, the new volume has apparently been added, and re-running the convert shows no changes:

# lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                           8:0    0   2.7T  0 disk  
└─cryptslow3                254:4    0   2.7T  0 crypt 
  ├─cryptvg-raid_rmeta_2    254:12   0     4M  0 lvm   
  │ └─cryptvg-raid          254:14   0   5.5T  0 lvm   
  └─cryptvg-raid_rimage_2   254:13   0   1.8T  0 lvm   
    └─cryptvg-raid          254:14   0   5.5T  0 lvm   
sdb                           8:16   0   1.8T  0 disk  
└─sdb1                        8:17   0   1.8T  0 part  
  └─cryptslow2              254:2    0   1.8T  0 crypt 
    ├─cryptvg-raid_rmeta_1  254:10   0     4M  0 lvm   
    │ └─cryptvg-raid        254:14   0   5.5T  0 lvm   
    └─cryptvg-raid_rimage_1 254:11   0   1.8T  0 lvm   
      └─cryptvg-raid        254:14   0   5.5T  0 lvm   
sde                           8:64   0   1.8T  0 disk  
└─sde1                        8:65   0   1.8T  0 part  
  └─cryptslow4              254:5    0   1.8T  0 crypt 
    ├─cryptvg-raid_rmeta_3  254:15   0     4M  0 lvm   
    │ └─cryptvg-raid        254:14   0   5.5T  0 lvm   
    └─cryptvg-raid_rimage_3 254:16   0   1.8T  0 lvm   
      └─cryptvg-raid        254:14   0   5.5T  0 lvm   
sdf                           8:80   0   1.8T  0 disk  
└─sdf1                        8:81   0   1.8T  0 part  
  └─cryptslow1              254:3    0   1.8T  0 crypt 
    ├─cryptvg-raid_rmeta_0  254:8    0     4M  0 lvm   
    │ └─cryptvg-raid        254:14   0   5.5T  0 lvm   
    └─cryptvg-raid_rimage_0 254:9    0   1.8T  0 lvm   
      └─cryptvg-raid        254:14   0   5.5T  0 lvm  

# lvconvert --type raid5 --stripes 3 /dev/cryptvg/raid 
  Using default stripesize 64.00 KiB.
  No change in RAID LV cryptvg/raid layout, freeing reshape space.
  Logical volume cryptvg/raid successfully converted.

Now re scrub to see if the everything is actually OK:

# lvchange --syncaction check /dev/cryptvg/raid

Afterwards the scrub shows 100% complete with no mismatches, but the disk is still marked with attribute (I) which means out-of-sync.

# lvchange --rebuild /dev/mapper/cryptslow4 /dev/cryptvg/raid 
Do you really want to rebuild 1 PVs of logical volume cryptvg/raid [y/n]: y
  Unable to repair cryptvg/raid.  Source devices failed before the RAID could synchronize.
  You should choose one of the following:
    1) deactivate cryptvg/raid, revive failed device, re-activate LV, and proceed.
    2) remove the LV (all data is lost).
    3) Seek expert advice to attempt to salvage any data from remaining devices.

Deluged crashes on torrent remove

In version 2.0.4, when I go to delete a torrent that didn't manage to download any physical files yet, it fails:

builtins.RuntimeError: invalid torrent handle used

It appears that the removal errors out and leaves the dead torrent information hanging in torrents.state. To remedy this you can perform brain surgery:

Create a file rmrf_hash.py in your .config/deluge/state/ directory.

#!/bin/python3.8

import os
import sys
import six.moves.cPickle as pickle

if len(sys.argv) != 2:
    print("Usage: python3.8 rmrf_hash.py [torrent_hash]")
    sys.exit(2)

with open('torrents.state', 'rb') as _file:
    state = pickle.load(_file, encoding='utf8')

state.torrents[:] = [x for x in state.torrents if x.torrent_id != sys.argv[1]]

with open('torrents.state', 'wb') as _file:
    pickle.dump(state, _file, protocol=2)
    _file.flush()
    os.fsync(_file.fileno())

print("Done!")

Make sure deluge is stopped and then run it like python3.8 rmrf_hash.py [torrent_id_hash]

Deluge Blocklist

For a while I've used the venerable bitsurge blocklist thinking that it would keep my client from accidentally contacting a disreputable tracker IP while serving up arch isos. More recently I've discovered that's not really how this all works, and that blocklists themselves don't really work anymore. Switching IPs is just too easy.

But before I moved away from them, it came about that bitsurge blocklist was going away for good. Listed below was my new configuration to generate and serve a blocklist on the localhost.

First, generate a blocklist with fonic's script: https://github.com/fonic/ipfilter

Next, create a systemd unit for it:

[Unit]
Description=Deluge IPfilter
Wants=network-online.target
After=network-online.target multi-user.target

[Service]
User=deluge
ExecStartPre=/bin/sleep 60
ExecStart=/srv/deluge/ipfilter/ipfilter.sh
UMask=0002

[Install]
WantedBy=after-boot.target

You can replace after-boot.target with multi-user.target and then remove multi-user.target from the After line.

then, in the ipfilter folder, create a webserver script:

#!/bin/bash

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

cd $DIR
python3.8 -m http.server 44288 --bind 127.0.0.1

And then make a webserver unit file:

[Unit]
Description=Deluge Blocklist Server
Wants=network-online.target
After=network-online.target mult-user.target

[Service]
User=deluge
ExecStart=/srv/deluge/ipfilter/webserver.sh
UMask=0002

[Install]
WantedBy=after-boot.target

Finally have deluge wait on these new services to start:

[Unit]
Description=Deluge Daemon
BindsTo=openvpn.service
Requires=deluged-ipfilter.service deluged-blocklist.service
Wants=network-online.target
After=network-online.target openvpn.service deluged-ipfilter.service deluged-blocklist.service multi-user.target

[Service]
User=deluge
ExecStart=/usr/bin/deluged -d
UMask=0002

[Install]
WantedBy=after-boot.target

Oh, and make sure that the blocklist plugin in deluge is set to get the script: http://localhost:44288/ipfilter.p2p

Run Systemd Unit after bootup

https://www.mauras.ch/systemd-run-it-last.html

bns-anarch bns-endurance

2023 Naming Notes

I know that I named this box "anarch" for "An Archlinux" machine, but lately I've felt uncomfortable about it when I log in from a public space. So I'm renaming bns-anarch to bns-endurance in honor of the fictional spacecraft in the movie Interstellar.

2013 Installation Notes

Notes copied as they were found from an old piece of paper.

Install date: 15-12-2013

  • Followed Beginner Guide on archwiki.
  • Network: Default dhcpcd.service, IP set by MAC on router.
  • Disk:
    • 1Gig 'ef' (ef00) partition for /boot
    • 110Gig ext4
  • NFS:
    • Installed nfs-utils
    • Enable rpc-statd.service
    • fstab won't mount on boot without x-systemd.automount flag
    • rpc-gssd.service totally kills NFS!
  • Yeti USB:
    • Must not be plugged into USB 3.0 port!
    • To list modules: 'aplay -l'
    • Set Yeti as default device, edit /etc/modprobe.d/alsa.conf
options snd slots=snd_usb_audio,snd_hda_intel
options snd_usb_audio index=0
options snd_hda_intel index=1
  • nVidia Driver:
    • Packages: nvidia, nvidia_libgl, nvidia-utils, opencl-nvidia, nvidia-cg-*, libcl, lib32-opencl-nvidia, libvdpau
    • libvdpau is needed for 'flashplugin' and lib32-flashplugin
    • Setup xorg.conf for a new X screen on each monitor.
  • BIOS
    • Turn on IOMMU, turn off XHCI
  • VPN
    • /etc/dhcpcd.conf: nooption domain_name_servers, domain_name
    • Add DNS to /etc/resolv.conf.head

Thinkpad fan control

I haven't found a good solution for fan control on the x120e, but tpfanco-svn from the AUR works reasonably well. Both lm-sensors and fancontrol were totally awful to configure/use.

Configuration on ArchWiki

youtube-dl stacktrace

youtube-dl fails after I made the python symlinks sane again.

to fix it, edit /usr/bin/youtube-dl and change the first line to use /usr/bin/python3.4

HP J4580 Unrecognized

Symptoms: HP printer that's only good for flatbed scanning is suddenly unrecognized even though hplip is installed.

Steps to reproduce: Try scanning in homework with less than half an hour left on the clock.

It fucking works, just uncomment 'hpaio' at the end of /etc/sane.d/dll.conf

Slic3r HTTPS API

Received this error in Slic3r when connecting to octoprint via HTTPS only:

I wasn't able to connect to OctoPrint (501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed)). Check hostname and OctoPrint version (at least 1.1.0 is required).

Solution: install perl-lwp-protocol-https from the official repos.


ReText

To make the icons appear, you have to set the icon theme name in ReText.conf

http://www.svenbit.com/2012/05/fix-missing-toolbar-icon-in-retext/

MATLAB

To install, I had to go get the following packages:

lib32-libxmu
lib32-libxp
lib32-libxtst
lib32-ncurses5-compat-libs
bin32-jre6
wmname

/usr/share/applications/matlab.desktop

#!/usr/bin/env xdg-open
[Desktop Entry]
Type=Application
Icon=/usr/share/icons/matlab.png
Name=MATLAB
Comment=Start MATLAB - The Language of Technical Computing
Exec=cd /home/berocs/Documents/uah && wmname LG3D && env MATLAB_JAVA=/usr/lib32/jvm/java32-6-jre/jre matlab -desktop -nosplash -glnx86
Categories=Development;
MimeType=text/x-matlab;

The 'cd /home/berocs/Documents/uah' portion of the .desktop file makes MATLAB use my uah directory as its default, which makes navigating class project files much easier.

I recently had to use 'fdatool' for a class, and the sub-windows wouldn't render any contents. To fix this I migrated from jre8 to jre6.

Licensing

Matlab checks the mac address of "eth0" for license validation. There isn't an eth0 on Archlinux, so we'll have to spoof it.

Manually

To create a dummy0 device, load the 'dummy' module

sudo modprobe dummy
sudo ip link add dummy0 type dummy
ip link list # dummy0@NONE should exist

Next, we need to turn the dummy device into a fake eth0 and assign it the MAC address that matlab is looking for.

sudo ip link set dev dummy0 name eth0
sudo ip link set dev eth0 address e8:9a:8f:00:00:00
Automatically

Edit /etc/modules-load.d/dummy.conf to have

dummy

Now the dummy0 device will appear on boot.

Next we need to create a systemd service that will assign the eth0 name to the dummy device.

/etc/systemd/system/matlab.licensing.service

[Unit]
Description=Dummy network interface for MATLAB
Requires=systemd-modules-load.service
After=systemd-modules-load.service

[Service]
Type=oneshot
ExecStart=/usr/bin/ip link set dev dummy0 name eth0
ExecStart=/usr/bin/ip link set dev eth0 address e8:9a:8f:8d:79:84

[Install]
WantedBy=multi-user.target

Steam

Upon receiving the error

libGL error: unable to load driver: nouveau_dri.so

I found [1] and ran the command

rm ~/.local/share/Steam/ubuntu12_32/steam-runtime/i386/usr/lib/i386-linux-gnu/libstdc++.so.6

to solve the problem.

Battle of Wesnoth

From the installation package:

==> If you experience sound problems try setting your SDL_AUDIODRIVER environment variable to "dma"
==> eg. export SDL_AUDIODRIVER="dma" ; wesnoth
==> If "dma" doesn't work,other options are: dsp,alsa,artsc,esd,nas try to find the right output.

Coyote Raspberry Pi's

Wireless AP

Set up a network for SSH access or webserving.

Just network: wpa_supplicant, dnsmasq, hostapd.

Webservice: nodejs, authbind, rpi-monitor.

Set wlan0 to a static IP:

# /etc/dhcpcd.conf
# Append to file:
interface wlan0
static ip_address=192.168.0.1/24
static routers=192.168.0.1

Setup /etc/dnsmasq.conf:

# Append to end of /etc/dnsmasq.conf
# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
no-resolv
# Interface to bind to
interface=wlan0
# Specify starting_range,end_range,lease_time
dhcp-range=192.168.0.50,192.168.0.150,12h
# dns addresses to send to the clients
server=8.8.8.8
server=8.8.4.4
# Route all requests to this machine
address=/#/192.168.0.1

You may have to create /etc/hostapd/hostapd.conf:

# /etc/hostapd/hostapd.conf
ssid=YourWiFiName
wpa_passphrase=Somepassphrase
interface=wlan0
#bridge=br0
auth_algs=3
channel=7
driver=nl80211
hw_mode=g
#logger_stdout=-1
#logger_stdout_level=2
max_num_sta=5
rsn_pairwise=CCMP
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP

Serving site on port 80:

Configure authbind:

# touch /etc/authbind/byport/80
# chown user /etc/authbind/byport/80
# chmod 755 /etc/authbind/byport/80

To run a site:

$ authbind --deep node app.js

Links

http://elinux.org/RPI-Wireless-Hotspot

http://serverfault.com/questions/351108/using-dnsmasq-to-resolve-all-hosts-to-the-same-address

https://wiki.archlinux.org/index.php/Software_access_point

http://blog.sip2serve.com/post/48420162196/howto-setup-rtl8188cus-on-rpi-as-an-access-point

Backups

Noncritical

Non critical computers are those with unencrypted hard disks. These are things like 3d print servers or irc clients. If I take the time to encrypt a system, then I'll also encrypt the backups.

Backup Script in /opt/backup.sh

#!/bin/bash
# Backup either home or root
duplicity --no-encryption /home/berocs file:///mnt/bkup/${BNS-SYSTEM}/duplicity

Systemd Service /etc/systemd/system/backup-{root,home}.service

[Unit]
Description=Backs up /home/berocs to bns-readynas:/bkup/bns-daedalus/duplicity

[Service]
Type=Simple
ExecStart=/opt/backup.sh

Systemd Timer in /etc/systemd/sytem/backup-{root,home}.timer

[Unit]
Description=Timer for backup-{home,root}.service

[Timer]
OnCalendar=Monthly

[Install]
WantedBy=timers.target

cron line


RPi Notes

Failed to start Load Kernel Modules

On a Raspberry Pi.

Error:

$dmesg
[...]
Failed to start Load Kernel Modules.
[...]

Fix: edit /etc/modules-load.d/raspberrypi.conf and remove "bcm2708-rng" because it has changed to bcm2835-rng.

Debian Notes

On the servers I kept receiving the following error and bootup took almost 15 minutes.

Fri May  1 11:52:20 2015: Starting NFS common utilities: statd idmapd.
Fri May  1 11:56:33 2015: mount.nfs: Connection timed out
Fri May  1 12:00:46 2015: mount.nfs: Connection timed out
Fri May  1 12:04:58 2015: mount.nfs: Connection timed out
Fri May  1 12:09:11 2015: mount.nfs: Connection timed out

The problem ended up being nonexistant IP addresses in /etc/fstab due to the move from 10.10.x.x at Nick's house to 192.168.x.x at home. Fixing the fstab returns the servers to a fast boot.