Last active
December 10, 2023 14:50
-
-
Save theodric/caaad75b0266faee812fb16e64ee5a87 to your computer and use it in GitHub Desktop.
Alpine Linux basic setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apk add nano udev tmux htop curl sntpc | |
/etc/init.d/udev start #test | |
rc-update add udev default | |
rc-update add local default | |
# create files e.g. /etc/local.d/rc-local.start | |
# | |
## this is peculiar to the picm4 with 200MHz dynamic downclock, which induces several seconds per second of clock drift. Sync with a local NTP server every 5 seconds of server time, ~10-15 seconds realtime, to keep things more-or-less in line. | |
echo sntpc -i5 -v -d 10.10.11.202 > /etc/local.d/3-fixtime.start && chmod +x /etc/local.d/3-fixtime.start | |
## NOTE: files apparently have to end in .start or they will not be executed | |
## NOTE: commands have to exit or daemonize, or 'local' will fail to finish initialization and subsequent attempts to reboot will fail! | |
## VPN router config | |
apk add openvpn iptables bash iftop | |
##/etc/udev/rules.d/81-vpn-firewall.rules | |
KERNEL=="tun0", ACTION=="add", RUN+="/usr/bin/forward.sh add" | |
KERNEL=="tun0", ACTION=="remove", RUN+="/usr/bin/forward.sh remove" | |
# | |
chmod 4755 /etc/udev/rules.d/81-vpn-firewall.rules | |
## /usr/bin/forward.sh | |
#!/bin/bash | |
# Reloads the firewall ruleset and is invoked by | |
# udev via /etc/udev/rules.d/81-vpn-firewall.rules | |
# | |
LOGGER=/usr/bin/logger | |
LOGGER_TAG=$0 | |
UDEV_ACTION=$1 | |
MSG_FW_RULE_ADD="Enabling forwarding" | |
MSG_FW_RULE_REMOVE="Disabling forwarding" | |
MSG_UDEV_ACTION_UNKNOWN="dafuq" | |
case "$UDEV_ACTION" in | |
add) | |
$LOGGER -t $LOGGER_TAG $MSG_FW_RULE_ADD | |
$FERM $FERM_CONF | |
sysctl net.ipv4.ip_forward=1 | |
;; | |
remove) | |
$LOGGER -t $LOGGER_TAG $MSG_FW_RULE_REMOVE | |
sysctl net.ipv4.ip_forward=0 | |
$FERM $FERM_CONF | |
;; | |
*) | |
$LOGGER -t $LOGGER_TAG $MSG_UDEV_ACTION_UNKNOWN | |
exit 1 | |
esac | |
# | |
chmod +x /usr/bin/forward.sh | |
# see also https://wiki.alpinelinux.org/wiki/Setting_up_a_OpenVPN_server | |
##/etc/sysctl.d/fuckipv6.conf | |
#fuck ipv6 | |
net.ipv6.conf.all.disable_ipv6 = 1 | |
net.ipv6.conf.default.disable_ipv6 = 1 | |
net.ipv6.conf.lo.disable_ipv6 = 1 | |
net.ipv6.conf.eth0.disable_ipv6 = 1 | |
# | |
modprobe tun | |
echo "tun" >> /etc/modules-load.d/tun.conf | |
# 1-iptables.start | |
iptables-restore < /etc/iptables-rules.txt | |
# | |
cd /etc/openvpn | |
ln -s /etc/openvpn/configs/CONFIG.conf openvpn.conf | |
rc-update add openvpn default | |
# | |
##/etc/network/interfaces | |
iface eth0 inet static | |
address 192.168.1.1/24 | |
gateway 192.168.1.250 | |
##/etc/resolv.conf | |
search grex | |
nameserver 8.8.8.8 | |
nameserver 1.1.1.1 | |
# | |
##add to /etc/profile | |
# | |
echo "External: "; | |
curl -s ifconfig.io | lolcat #-r -v 0.9 -h 0.4 | |
echo "Internal: "; | |
ifconfig tun0 | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}' | lolcat #-r -v 0.9 -h 0.4 | |
echo | |
# | |
## Downloader VM | |
# | |
# add community repository: edit /etc/apk/repositories and uncomment required repo | |
apk add qbittorrent-nox git python3 nfs-utils rtorrent whois | |
rc-update add qbittorrent-nox default | |
/etc/init.d/qbittorrent-nox start | |
##/etc/network/interfaces | |
iface eth0 inet static | |
address 192.168.1.3/24 | |
gateway 192.168.1.2 | |
# | |
##/etc/resolv.conf | |
search grex | |
nameserver 95.215.19.53 | |
nameserver 208.67.222.222 | |
# 1-mountnfs.start | |
mount 192.168.1.1:/fileserve /fileserve | |
# 2-medusa.start | |
/usr/bin/sickrunner.sh & | |
# | |
mkdir /usr/src | |
cd /usr/src | |
git clone https://github.com/pymedusa/Medusa.git | |
##/usr/bin/sickrunner.sh | |
# | |
#!/bin/sh | |
/usr/src/Medusa/SickBeard.py | |
# | |
chmod +x /usr/bin/sickrunner.sh | |
# | |
##add to /etc/profile | |
echo "External: " | |
curl -s ifconfig.io | lolcat #-r -v 0.9 -h 0.4 | |
whois `curl -s ifconfig.io` | grep -i OrgName | lolcat -r | |
echo "Internal: " | |
ssh yarr@njalla-gw 'ifconfig tun0' | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}' | lolcat #-r -v 0.9 -h 0.4 | |
echo | |
# | |
## Dev VM | |
apk add git python3 nfs-utils gcc make musl-dev | |
# | |
## Nextcloud VM | |
https://wiki.alpinelinux.org/wiki/Nextcloud | |
## ChirpStack VM | |
apk add docker docker-compose git nano tmux htop curl make | |
#rc-update add local default | |
rc-update add docker | |
service docker start | |
cd /opt | |
##follow instructions here: https://www.chirpstack.io/docs/getting-started/docker.html | |
git clone https://github.com/chirpstack/chirpstack-docker.git | |
chmod -R 777 chirpstack-docker | |
cd chirpstack-docker | |
docker-compose up | |
docker update --restart unless-stopped $(docker ps -q) | |
## networkServices VM | |
apk add bind iptables bash iftop | |
# +merge BIND9 zone config and iptables ruleset over from backup | |
rc-update add named iptables | |
## NOTE: if you get "ERROR: named failed to start" on boot and don't feel like troubleshooting, just create a | |
## 3-named.start in /etc/local.c containing this: | |
named -d9 -c /etc/bind/named.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment