Homeserver#

Encrypting system HD#

See Encrypt SSD with LUKS and LVM

RAID1 encrypted data partition with LVM#

See RAID + LVM

Change LAN device name#

Edit /etc/udev/rules.d/10-network.rules:

SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="<YOUR MAC ADDRESS GOES HERE>", NAME="lan0"

Remote SSH shell into initram to unlock encrypted devices#

Requirements: install yaourt package from AUR

Install the following packages: - dropbear - https://aur.archlinux.org/packages/mkinitcpio-netconf/ (AUR) - https://aur.archlinux.org/packages/mkinitcpio-dropbear/ (AUR) - https://aur.archlinux.org/packages/mkinitcpio-utils/ (AUR)

Copy your SSH pubkey to /etc/dropbear/root_key.

Add the netconf, dropbear and encryptssh hooks before filesystems within the "HOOKS" array in /etc/mkinitcpio.conf (the encryptssh can be used to replace the encrypt hook).

# /etc/mkinitcpio.conf
MODULES="dm_mod dm_crypt ext4 aes_x86_64 sha256 sha512 r8169 i915"
HOOKS="base udev autodetect modconf block mdadm lvm2 netconf dropbear encryptssh filesystems keyboard fsck"

Rebuild with mkinitcpio -p linux.

Provide networking by adding ip kernel parameter to GRUB config /etc/default/grub:

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:vgroup:allow-discards ip=:::::eth0:dhcp"

Rebuild grub config: grub-mkconfig -o /boot/grub/grub.cfg

Reboot and login as root user to unlock encrypted devices.

Source: https://wiki.archlinux.org/index.php/Dm-crypt/Specialties

Network Plan#

See Network Plan.

Power management#

List of applications and services#

Required#

  • GitLab
  • Mail: IMAP, SMTP, spamassassin...
  • DHCP, DNS/dnsec
  • firewall / DMZ

Optional#

  • ownCloud

Containers: Docker, LXC, systemd-nspawn#

  • Detailed Homeserver tut based on slackware: http://www.mbse.eu/linux/homeserver/
  • http://mein.homelinux.com/wiki/wiki/10_schritte