User Tools

Site Tools

Trace:
projects:base-infrastructure

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
projects:base-infrastructure [2017-09-16 13:07]
trinitor 		projects:base-infrastructure [2018-05-13 08:58] (current)
trinitor [gitlab]
Line 98: Line 98:
 |192.168.11.4  |accesspoint01 |freifunk AP | |192.168.11.4  |accesspoint01 |freifunk AP |
 |192.168.11.10 |virt01        |proxmox server | |192.168.11.10 |virt01        |proxmox server |
 +|192.168.11.11 |virt02        |proxmox server |
 +|192.168.11.20 |music01       |RuneAudio RPi |
 ^Virtual Machines ^^^ ^Virtual Machines ^^^
 |192.168.1.11  |rproxy01      |nginx reverse proxy | |192.168.1.11  |rproxy01      |nginx reverse proxy |
Line 103: Line 105:
 |192.168.10.12 |chat01        |rocket chat | |192.168.10.12 |chat01        |rocket chat |
  
-==== Virtualisation ====+==== Virtualisation (main) ====
 There are some options (ESXi, XenServer, oVirt, ...), but the simplest one seems to be Proxmox. \\ There are some options (ESXi, XenServer, oVirt, ...), but the simplest one seems to be Proxmox. \\
 An old Dell Notebook with an additional USB NIC will be used for now. \\ An old Dell Notebook with an additional USB NIC will be used for now. \\
Line 125: Line 127:
 Management: \\ Management: \\
 [[https://192.168.11.10:8006]] [[https://192.168.11.10:8006]]
 +
 +==== Virtualisation (secondary) ====
 +There is also a second Proxmox server with only one NIC. \\
 +It is running on a MacMini and will only be turned on if needed to safe power. \\
 +
 +Proxmox runs on Apple Hardware, but there are some driver issues. \\
 +Disable modules: \\
 +<code>
 +cat >> /etc/modprobe.d/pve-blacklist.conf <<EOF                               
 +blacklist pcspkr
 +blacklist b43
 +EOF
 +</code>
 +
 +don't enable readondriver (which breaks to console) \\
 +vi /etc/defaults/grub
 +<code>
 +GRUB_CMDLINE_LINUX_DEFAULT="nomodeset debug"
 +</code>
 +update-grub
 +
 +Management: \\
 +[[https://192.168.11.11:8006]]
  
 ==== Firewall ==== ==== Firewall ====
Line 297: Line 322:
  
 Server Configuration: Server Configuration:
-  * Ubuntu server+  * Install Ubuntu 16.04 LTS 
 +  * vi /etc/network/interfaces 
 +<code> 
 +iface ens18 inet static 
 +  address 192.168.1.11/24 
 +  gateway 192.168.1.1 
 +  dns-nameservers 192.168.1.1 
 +</code>
   * apt-get install software-properties-common   * apt-get install software-properties-common
   * add-apt-repository ppa:certbot/certbot   * add-apt-repository ppa:certbot/certbot
Line 400: Line 432:
  
 ==== nextcloud ==== ==== nextcloud ====
 +  * install Ubuntu 16.04 LTS
 +  * configure network
 +  * apt update && sudo apt upgrade
 +  * apt-get install apache2 mariadb-server libapache2-mod-php7.0
 +  * apt-get install php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip php7.0-ldap
 +  * mkdir /opt/install && cd /opt/install
 +  * wget "https://download.nextcloud.com/server/releases/nextcloud-12.0.2.tar.bz2"
 +  * tar xf nextcloud*.tar.bz2
 +  * mv nextcloud /var/www/
 +  * chown -R www-data.www-data /var/www/nextcloud/
 +  * cat >/etc/apache2/sites-available/nextcloud.conf <<EOF
 +<code>
 +Alias /nextcloud "/var/www/nextcloud/"
 + 
 +<Directory /var/www/nextcloud/>
 +   Options +FollowSymlinks
 +   AllowOverride All
 + 
 +   <IfModule mod_dav.c>
 +     Dav off
 +   </IfModule>
 + 
 +   SetEnv HOME /var/www/nextcloud
 +   SetEnv HTTP_HOME /var/www/nextcloud
 +</Directory>
 +EOF
 +  * ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/
 +  * mysql_secure_installation
 +    * mysql -u root -p
 +      * CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 's3cret';
 +      * CREATE DATABASE nextcloud;
 +      * GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
 +  * cat >> /etc/php/7.0/apache2/php.ini <<EOF
 +<code>
 +opcache.enable=1
 +opcache.enable_cli=1
 +opcache.interned_strings_buffer=8
 +opcache.max_accelerated_files=10000
 +opcache.memory_consumption=128
 +opcache.save_comments=1
 +opcache.revalidate_freq=1
 +EOF
 +</code>
 +  * systemctl restart apache2.service
 +  * browse to http://192.168.10.14/nextcloud/
 +    * enter new user credentials for admin user
 +    * configure database
 +  * enable apps: 
 +    * calendar
 +    * contacts
 +    * deck
 +    * tasks
 +    * LDAP user and group backend
 +      * Admin -> LDAP
 +        * Advanced 
 +          * Turn off SSL certificate validation = checked
 +        * Server
 +          * Server: ldaps:/ /auth01.devbase.org:636 
 +          * User: cn=s-nextcloud,cn=users,dc=devbase,dc=org
 +          * Base DN: dc=devbase,dc=org
 +        * Users
 +          * persons
 +        * Login Attributes
 +          * LDAP user
 +        * Group
 +          * devbase_delegate_access_nextcloud
  
 +==== gitlab ====
 +  * install Ubuntu 16.04 LTS
 +  * configure network
 +  * apt update && sudo apt upgrade
 +  * sudo apt-get install -y curl openssh-server ca-certificates
 +  * curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
 +  * sudo echo en_US.UTF-8 UTF-8 > /etc/locale.gen
 +  * sudo locale-gen en_US.UTF-8
 +  * LC_ALL="en_US.UTF-8"
 +  * LC_CTYPE="en_US.UTF-8"
 +  * sudo EXTERNAL_URL="http://gitlab.devbase.org" apt-get install gitlab-ee
 +  * browse to http://git.devbase.org -> set root password
 +  * vi /etc/gitlab/gitlab.rb
 +<code>
 +gitlab_rails['ldap_enabled'] = false
 +gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
 +  main: # 'main' is the GitLab 'provider ID' of this LDAP server
 +    label: 'LDAP'
 +    host: 'auth01.devbase.org'
 +    port: 389
 +    uid: 'sAMAccountName'
 +    bind_dn: 'CN=s-gitlab,CN=Users,DC=devbase,DC=org'
 +    password: 'mylittlepassword'
 +    encryption: 'start_tls' # "start_tls" or "simple_tls" or "plain"
 +    verify_certificates: false
 +    active_directory: true
 +    allow_username_or_email_login: false
 +    lowercase_usernames: false
 +    block_auto_created_users: false
 +    base: 'CN=Users,DC=devbase,DC=org'
 +#     user_filter: ''
 +EOS
 +</code>
 +  * gitlab-ctl reconfigure
 +  * gitlab-rake gitlab:ldap:check
 +
 +==== Music ====
 +Background music should not be interrupted by rebooting clients or phones leaving the building. \\
 +A dedicated client should play the music and controllable by all kind of devices.
 +
 +  * download runeaudio for RPi
 +  * flash to SD card and boot
 +  * browse http://ip
 +    * settings
 +      * hostname: music01
 +      * airplay: on
 +      * airplay name: music01
 +      * UPnP: on
 +      * UPnP name: music01
 +  * ssh root@ip
 +    * passwd
 +    * cat >> /etc/mpd.conf <<EOF
 +<code>
 +audio_output {
 +   type            "httpd"
 +   name            "My HTTP Stream"
 +   encoder         "flac"       # optional, vorbis or lame
 +   port            "8000"
 +   bind_to_address "0.0.0.0"    # optional, IPv4 or IPv6
 +   quality         "5.0"        # do not define if bitrate is defined
 +   # bitrate         "128"      # do not define if quality is defined
 +   format          "44100:16:1"
 +   max_clients     "0"          # optional 0=no limit
 +}
 +EOF
 +</code>
 +  * Library
 +    * Webradio
 +      * http://trance-high.rautemusik.fm
 +      * http://house-high.rautemusik.fm
 +      * http://stream03.uzic.ch:9010
 +
 +Management: \\
 +[[http://music01.devbase.org]]
 +
 +==== Ubiquiti Controller ====
 +To manage the Unfi WiFi access points a Controller is needed
 +  * Install Ubuntu 16.04 LTS
 +  * echo 'deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
 +  * apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50
 +  * apt-get install unifi
 +  * https://<ip>:8443
 ==== Wiki ==== ==== Wiki ====
  
projects/base-infrastructure.1505567267.txt.gz · Last modified: 2017-09-16 13:07 by trinitor

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki