Network/ADSLModem.md
... ...
@@ -0,0 +1,40 @@
1
+---
2
+title: ADSLModem
3
+---
4
+
5
+Options
6
+
7
+whr-hp-g54
8
+
9
+* <http://www.broadbandbuyer.co.uk/default_ShopGroup.asp?ShopGroupID=1>
10
+
11
+* [DrayTek][1][?][1] Vigor 100 [ADSL2][2][?][2]+ [PPPoE][3][?][3]-to-[PPPoA][4][?][4] bridge modem
12
+* Linksys [AM200][5][?][5]
13
+* D-Link DSL-320T
14
+* Netgear [DM111P][6][?][6]
15
+* Thomson Speedtouch 516
16
+ * £25: <http://www.dslsource.co.uk/details.aspx?idProduct=756&category=>
17
+
18
+Bought the Thomson Speedtouch 516.
19
+
20
+* HOWTO [Upgrade the Thomson Speedtouch in Linux][7]
21
+
22
+Most bridge-mode modems will not work with [PPPoA][4][?][4]-only [DSLAMs][8][?][8]. e.g. LLU.
23
+
24
+BT [DSLAMs][8][?][8] support [PPPoE][3][?][3] and [PPPoA][4][?][4].
25
+
26
+[WRTSL54][9][?][9] - [WRT54][10][?][10] with USB. [OpenWRT][11][?][11] with Speedtouch USB.
27
+
28
+
29
+
30
+## ZA
31
+
32
+| Unit | Ports | Price |
33
+||
34
+| Linksys [AM200][5][?][5] | ADSL | R432 |
35
+| [WRT54GL][12] | Wifi,LAN | R580 |
36
+| Billion 5200S | ADSL,LAN | R406 |
37
+| Linksys [WAG200G][13][?][13] | ADSL,LAN,Wifi | R688 |
38
+
39
+ [7]: SpeedtouchUpgrade
40
+ [12]: WRT54GL
Network/Archix.md
... ...
@@ -0,0 +1,86 @@
1
+---
2
+title: Archix
3
+---
4
+
5
+Implements
6
+: [Netbook][1]
7
+
8
+Replaces
9
+: [Nixie][2]
10
+
11
+Hardware Info
12
+: [dev.chromium.org][3]
13
+
14
+
15
+
16
+# Contents
17
+
18
+* [System Software][4]
19
+* [Application Software][5]
20
+
21
+
22
+
23
+# Specs
24
+
25
+Make
26
+: Samsung
27
+
28
+Model
29
+: [XE503C12][6][?][6]-[K01UK][7][?][7]
30
+
31
+CPU
32
+: Exynos 5420 quad-A15 / quad-A7
33
+
34
+RAM
35
+: 2GB
36
+
37
+SSD
38
+: 16GB eMMC
39
+
40
+Storage
41
+: microSD
42
+
43
+Screen
44
+: 11.6"
45
+
46
+Price
47
+: 250
48
+
49
+
50
+
51
+# Accessories
52
+
53
+## [MicroSD][8][?][8] card
54
+
55
+Bug report on UHS support: <http://code.google.com/p/chromium/issues/detail?id=309462>
56
+
57
+Need fast random read/write speeds.
58
+
59
+If the microSD reader supports UHC-2, wait for Toshiba card to become available. Otherwise based on [The Wire Cutter][9]:
60
+
61
+* Samsung EVO (64GB/32GB) (£28 / £13)
62
+* [SanDisk][10][?][10] Extreme Plus (64GB/32GB) (£60 / £30)
63
+
64
+The Samsung EVO seems much better value.
65
+
66
+
67
+
68
+### Benchmarks
69
+
70
+#### Random large-block transfers
71
+
72
+Read/write in MB/s:
73
+
74
+* Samsung EVO: 43.9 / 32.0
75
+* [SanDisk][10][?][10] Extreme Plus: 85.9 / 43.8
76
+* [SanDisk][10][?][10] Extreme PRO: 87.6 / 13.4
77
+* Samsung microSDHC Plus: 67.35 / 20.04
78
+* [SanDisk][10][?][10] Ultra: 43.98 / 2.45
79
+* Toshiba microSD: 33.1 / 1.6
80
+
81
+ [1]: /Tech/Netbook
82
+ [2]: Nixie
83
+ [3]: http://dev.chromium.org/chromium-os/developer-information-for-chrome-os-devices/samsung-chromebook-2
84
+ [4]: ArchixSystemSoftware
85
+ [5]: ArchixApplicationSoftware
86
+ [9]: http://thewirecutter.com/reviews/best-microsd-card/
Network/ArchixApplicationSoftware.md
... ...
@@ -0,0 +1,36 @@
1
+---
2
+title: ArchixApplicationSoftware
3
+---
4
+
5
+# Network Manager
6
+
7
+Copied old connection information from Nixie `/<span class="wikiword"><a class='createlinktext' rel='nofollow'
8
+
9
+Insufficient permissions for netdev users to edit [NetworkManager][1][?][1] system connections. See <http://jeffhoogland.blogspot.co.uk/2012/05/howto-give-network-manager-sufficient.html>
10
+
11
+Edit `/etc/polkit-1/localauthority/50-local.d/org.<span class="wikiword"><a class='createlinktext' rel='nofollow'
12
+
13
+ [nm-applet]
14
+ Identity=unix-group:netdev
15
+ Action=org.freedesktop.NetworkManager.*
16
+ ResultAny=yes
17
+ ResultInactive=no
18
+ ResultActive=yes
19
+
20
+
21
+
22
+
23
+# Disable Touchpad
24
+
25
+Create `/etc/X11/xorg.conf.d/notap.conf`
26
+
27
+ # From stackexchange:
28
+ # http://unix.stackexchange.com/questions/70428/can-one-disable-tap-to-click-in-x-server-configuration-without-synclient
29
+ Section "InputClass"
30
+ Identifier "touchpad catchall"
31
+ Driver "synaptics"
32
+ MatchIsTouchpad "on"
33
+ MatchDevicePath "/dev/input/event*"
34
+ Option "MaxTapTime" "0"
35
+ EndSection
36
+
Network/ArchixSystemSoftware.md
... ...
@@ -0,0 +1,498 @@
1
+---
2
+title: ArchixSystemSoftware
3
+---
4
+
5
+[ChrUbuntu][1][?][1] installation on Samsung Chromebook 2 [XE503C12][2][?][2]
6
+
7
+
8
+
9
+[[_TOC_]]
10
+
11
+# Resources
12
+
13
+* <https://wiki.debian.org/InstallingDebianOn/Samsung/ARMChromebook>
14
+
15
+
16
+
17
+# linux-exynos
18
+
19
+Status
20
+: [http://linux-exynos.org/wiki/Samsung\_Chromebook\_2_XE503C12][38]
21
+
22
+Install
23
+: [http://linux-exynos.org/wiki/Samsung\_Chromebook\_2\_XE503C12/Installing\_Linux][39]
24
+
25
+
26
+
27
+## chromeos kernel
28
+
29
+* <https://chromium.googlesource.com/chromiumos/third_party/kernel.git/+refs>
30
+
31
+Attempting to build [release-R43-6946.B-chromeos-3.14][40]
32
+
33
+Seems like chromeos kernels >= 3.10 [do not have exynos support][41]
34
+
35
+
36
+
37
+# Boot Priority
38
+
39
+Boot priority is set in the GPT table
40
+
41
+cgpt add -i 6 -P 5 -T 1 -S /dev/mmcblk0p6
42
+
43
+[[$[Get Code]]][42]
44
+
45
+# [ChrUbuntu][1][?][1]
46
+
47
+After doing a reinstall on a USB stick, inexplicably succeeded in booting to the root partition on the internal eMMC!
48
+
49
+
50
+
51
+# SDHC
52
+
53
+See [Tech.FlashBench][43]
54
+
55
+* <https://blogofterje.wordpress.com/2012/01/14/optimizing-fs-on-sd-card/>
56
+
57
+
58
+
59
+## Samsung 32GB
60
+
61
+* Try 8MB partition start (16384s)
62
+* Try 4KB ext4 blocksize
63
+
64
+
65
+
66
+## Sandisk 16GB
67
+
68
+* Try 8MB partition start
69
+* Try 4KB ext4 blocksize
70
+* stride = 1
71
+* stripe-width = (4MB / 4KB) = 1024
72
+
73
+
74
+
75
+mkfs.ext4 -O ^has_journal -E stride=1,stripe-width=1024 -b 4096 -L archix-home /dev/sdi1
76
+
77
+[[$[Get Code]]][44]
78
+
79
+All sorts of corruption!
80
+
81
+If I mount, create dir, unmount the fs is corrupted.
82
+
83
+
84
+
85
+# SDHC (Old)
86
+
87
+Configure an SDHC containing an [LVM2][45][?][45] volume group and a logical volume for `/home`
88
+
89
+
90
+
91
+## GPT
92
+
93
+Attempting to use cryptsetup without a GPT resulted in corruption of the LUKS header at some point.
94
+
95
+On a 32GB sdcard, create a 30GB partition, reserving the last 1440MB just in case.
96
+
97
+sudo parted /dev/mmcblk1 mklabel gpt
98
+sudo parted /dev/mmcblk1 mkpart primary 30G
99
+sudo parted /dev/mmcblk1 mkpart primary 30G -- -1  # -- needed to pass -1 (end of disk)
100
+
101
+[[$[Get Code]]][46]
102
+
103
+
104
+
105
+## Cryptsetup
106
+
107
+No xts kernel module, so use cbc-essiv instead.
108
+
109
+sudo cryptsetup -v luksFormat -c "aes-cbc-essiv:sha256" -s 256 /dev/mmcblk1p1
110
+sudo cryptsetup luksOpen /dev/mmcblk1p1 crypt-sdhc
111
+
112
+[[$[Get Code]]][47]
113
+
114
+
115
+
116
+## [LVM2][45][?][45]
117
+
118
+LVM stack including 20G home directory. Reserving remaining 10G for later. Zeroing fails, so disable it when creating lvs.
119
+
120
+sudo pvcreate /dev/mapper/crypt-sdhc
121
+sudo vgcreate vg-sdhc /dev/mapper/crypt-sdhc
122
+sudo vgchange -a y vg-sdhc
123
+sudo lvcreate -Zn -n home -L20g vg-sdhc # disable zeroing as workaround
124
+
125
+[[$[Get Code]]][48]
126
+
127
+
128
+
129
+## Filesystem
130
+
131
+sudo mkfs.ext4 -m0 -L home /dev/vg-sdhc/home
132
+
133
+[[$[Get Code]]][49]
134
+
135
+NB: random crashes when accessing the SDHC. Probably shouldn't use ext4 journaling on an SD card.
136
+
137
+
138
+
139
+sudo mkfs.ext4 -O has_journal -m0 -L home /dev/vg-sdhc/home
140
+
141
+[[$[Get Code]]][50]
142
+
143
+Post-creation use `tune2fs -O ^has_journal DEV`
144
+
145
+
146
+
147
+## fstab and crypttab
148
+
149
+Leaving root on the eMMC for now while I evaluate the performance. Home is on the external SDHC.
150
+
151
+`/etc/crypttab`
152
+
153
+ crypt-sdhc /dev/mmcblk1p1 none luks
154
+
155
+
156
+`/etc/fstab`
157
+
158
+ proc /proc proc defaults 0 0
159
+ UUID=0f623493-6b40-42f5-bd99-bb37dd74b585 / auto errors=remount-ro 0 1
160
+ /dev/mapper/vg--sdhc-home /home ext4 noatime 0 2
161
+
162
+
163
+
164
+
165
+# System Config
166
+
167
+## Kernel Config
168
+
169
+Reading the current kernel config
170
+
171
+modprobe configs
172
+zless /proc/config.gz
173
+
174
+[[$[Get Code]]][51]
175
+
176
+
177
+
178
+## Username
179
+
180
+sudo usermod -l myuser -d /home/myuser user
181
+
182
+[[$[Get Code]]][52]
183
+
184
+
185
+
186
+## Hostname
187
+
188
+sudo hostname "myhost"
189
+sudo echo "myhost" > /etc/hostname
190
+
191
+[[$[Get Code]]][53]
192
+
193
+`sudo vi /etc/hosts`
194
+
195
+ 127.0.0.1 localhost
196
+ 127.0.1.1 archix archix.lan
197
+
198
+
199
+
200
+
201
+## Locale and Timezone
202
+
203
+Set system locale to `en_GB.UTF-8`
204
+
205
+`sudo vi /etc/defaults/locale`
206
+
207
+ LANG="en_GB.UTF-8"
208
+
209
+
210
+
211
+
212
+sudo locale-gen en_GB.UTF-8
213
+sudo dpkg-reconfigure tzdata
214
+
215
+[[$[Get Code]]][54]
216
+
217
+
218
+
219
+## Keyboard Layout
220
+
221
+Maps dvorak and uses Chromebook search key as compose. `sudo vi /etc/defaults/keyboard`
222
+
223
+ XKBMODEL="pc105"
224
+ XKBLAYOUT="us,gb,gb"
225
+ XKBVARIANT="dvorak,dvorak,"
226
+ XKBOPTIONS="compose:lwin"
227
+
228
+
229
+Also
230
+
231
+setxkbmap -option compose:lwin
232
+
233
+[[$[Get Code]]][55]
234
+
235
+Then
236
+
237
+sudo dpkg-reconfigure console-data   # select layout from full list
238
+sudo dpkg-reconfigure console-setup  # rebuilds initramfs with new settings
239
+
240
+[[$[Get Code]]][56]
241
+
242
+
243
+
244
+## iptables ip6tables
245
+
246
+Missing kernel modules x\_tables, xt\_limit, etc.
247
+
248
+
249
+
250
+# Hardware Configuration
251
+
252
+## Working
253
+
254
+* Wifi 802.11bgn
255
+* Touchpad
256
+* Ethernet (my Asix [USB2][57][?][57] gigabit adapter)
257
+* Bluetooth
258
+* Camera
259
+
260
+
261
+
262
+## Unconfirmed
263
+
264
+* Sleep
265
+ * Is it actually sleeping?
266
+ * Lots of freezes overnight
267
+ * Many cases where battery has exhausted
268
+
269
+
270
+
271
+## Not Working
272
+
273
+* Graphics hardware acceleration (Mali)
274
+
275
+
276
+
277
+## Mali Graphics Acceleration
278
+
279
+New link: <http://community.arm.com/docs/DOC-9494>
280
+
281
+
282
+
283
+### With loopback and kpartx
284
+
285
+dd if=/dev/zero of=mali.img bs=1k count=1M
286
+# create partitions manually based on chromebook-setup.sh
287
+sudo kpartx mali.img  # creates /dev/loopXpY etc
288
+# comment out options sanitising and storage formatting from script
289
+./chromebook-setup.sh --variant=XE503C12 --storage=/dev/loop1p do_everything
290
+
291
+[[$[Get Code]]][58]
292
+
293
+
294
+
295
+### Old instructions
296
+
297
+* ARM Mali [T628MP6][59][?][59]
298
+* Needs kernel support (present?)
299
+* Needs custom built driver
300
+
301
+
302
+
303
+sudo apt-get install xserver-xorg-video-armsoc
304
+
305
+[[$[Get Code]]][60] provides
306
+
307
+`/etc/X11/xorg.conf.d/exynos.conf`
308
+Config from <http://archlinuxarm.org/forum/viewtopic.php?f=47&t=7469&start=10>
309
+
310
+ Section "Monitor"
311
+ Identifier "LVDS-1"
312
+ Option "DPMS" "standby"
313
+ #Option "DPMS" "false" #mw04/11/2013
314
+ Option "Enable" "True"
315
+ Option "Primary" "False"
316
+ Option "RightOf" "HDMI-1"
317
+ EndSection
318
+
319
+ Section "Monitor"
320
+ Identifier "HDMI-1"
321
+ Option "DPMS" "standby"
322
+ #Option "DPMS" "false" #mw04/11/2013
323
+ Option "Primary" "True"
324
+ Option "Enable" "True"
325
+ Option "DefaultMode" "1920x1080"
326
+ EndSection
327
+
328
+ Section "ServerLayout"
329
+ Identifier "ServerLayout0"
330
+ Option "BlankTime" "0"
331
+ Option "StandbyTime" "0"
332
+ Option "SuspendTime" "0"
333
+ Option "OffTime" "0"
334
+ #Option "OffTime" "30" #mw04/11/2013
335
+ EndSection
336
+
337
+ Section "Device"
338
+ Identifier "Mali FBDEV"
339
+ Driver "armsoc"
340
+ Option "fbdev" "/dev/fb0"
341
+ Option "DRI2" "true"
342
+ Option "DRI2_PAGE_FLIP" "false"
343
+ Option "DRI2_WAIT_VSYNC" "true"
344
+ Option "Fimg2DExa" "false"
345
+ # Option "Fimg2DExaSolid" "false"
346
+ # Option "Fimg2DExaCopy" "false"
347
+ # Option "Fimg2DExaComposite" "false"
348
+ Option "SWcursorLCD" "false"
349
+ EndSection
350
+
351
+ Section "Screen"
352
+ Identifier "DefaultScreen"
353
+ Device "Mali FBDEV"
354
+ DefaultDepth 24
355
+ SubSection "Display"
356
+ Modes "1920x1080"
357
+ EndSubSection
358
+ EndSection
359
+
360
+
361
+
362
+
363
+## Wifi
364
+
365
+`mwifiex_sdio`
366
+
367
+The driver creates three interfaces (mlan0, uap0 and p2p0).
368
+
369
+Change the `wicd` preferences to use `mlan0`.
370
+
371
+
372
+
373
+### Prevent [NetworkManager][61][?][61] messing with `uap0` and `p2p0`
374
+
375
+Add `uap0` and `p2p0` to `/etc/network/interfaces` as manual interfaces:
376
+
377
+`vim /etc/network/interfaces.d/mwifiex-blacklist`
378
+
379
+ # Prevent NetworkMangler from scanning these interfaces
380
+ #
381
+ iface uap0 inet manual
382
+ iface p2p0 inet manual
383
+
384
+
385
+
386
+
387
+## Sound
388
+
389
+Needed to add the default user to the `audio` group:
390
+
391
+sudo groupmod -a -G audio myuser
392
+
393
+[[$[Get Code]]][62]
394
+
395
+
396
+
397
+### Speakers
398
+
399
+Working with SDL only so far (mplayer).
400
+
401
+Mute digital:
402
+
403
+* "Digital EQ 3 Band"
404
+* "Digital EQ 5 Band"
405
+* "Digital EQ 7 Band"
406
+
407
+Unmute Speaker [DACs][63][?][63]:
408
+
409
+* "Left Speaker Mixer Left DAC" = 00
410
+* "Left Speaker Mixer Right DAC" = 00
411
+* "Right Speaker Mixer Left DAC" = 00
412
+* "Right Speaker Mixer Right DAC" = 00
413
+
414
+
415
+
416
+### Working
417
+
418
+* Headphone jack
419
+* HDMI (via `lxrandr`)
420
+* HDMI audio (via `lxrandr`)
421
+
422
+
423
+
424
+# Kernel Upgrade
425
+
426
+* <http://www.chromium.org/chromium-os/how-tos-and-troubleshooting/kernel-configuration>
427
+* <http://velvet-underscore.blogspot.co.uk/2013/01/chrubuntu-virtualbox-with-kvm.html>
428
+
429
+
430
+
431
+# Arch Linux
432
+
433
+<http://archlinuxarm.org/platforms/armv7/samsung/samsung-chromebook-2>
434
+
435
+
436
+
437
+# Back to Crouton
438
+
439
+Finally irritated enough by constant freezes.
440
+
441
+
442
+
443
+## Install
444
+
445
+Create a trusty chroot on the SD card
446
+
447
+sudo mount -t ext4 /dev/mmcblk0p7 /mnt/0p7
448
+sudo sh -e ~/Downloads/crouton -r trusty -t lxde -p /mnt/0p7
449
+
450
+[[$[Get Code]]][64]
451
+
452
+
453
+
454
+* * *
455
+
456
+
457
+
458
+# Obsolete Crouton stuff
459
+
460
+## Hostname
461
+
462
+Changing the hostname breaks Xauth in [Crouton (#514)][65] and [Chromium (#283167)][66]
463
+
464
+Add workaround to `/etc/rc.local`:
465
+
466
+
467
+
468
+xauth -f /var/host/Xauthority add : MIT-MAGIC-COOKIE-1 \
469
+    `xauth -f /var/host/Xauthority list | sed -e 's/.*  MIT-MAGIC-COOKIE-1  //'`
470
471
+
472
+[[$[Get Code]]][67]
473
+
474
+ [38]: http://linux-exynos.org/wiki/Samsung_Chromebook_2_XE503C12
475
+ [39]: http://linux-exynos.org/wiki/Samsung_Chromebook_2_XE503C12/Installing_Linux
476
+ [40]: https://chromium.googlesource.com/chromiumos/third_party/kernel.git/+/release-R43-6946.B-chromeos-3.14
477
+ [41]: https://chromium.googlesource.com/chromiumos/third_party/kernel.git/+/release-R43-6946.B-chromeos-3.10/chromeos/config/armel/
478
+ [42]: ArchixSystemSoftware?action=sourceblock&num=1
479
+ [43]: /Tech/FlashBench
480
+ [44]: ArchixSystemSoftware?action=sourceblock&num=2
481
+ [46]: ArchixSystemSoftware?action=sourceblock&num=3
482
+ [47]: ArchixSystemSoftware?action=sourceblock&num=4
483
+ [48]: ArchixSystemSoftware?action=sourceblock&num=5
484
+ [49]: ArchixSystemSoftware?action=sourceblock&num=6
485
+ [50]: ArchixSystemSoftware?action=sourceblock&num=7
486
+ [51]: ArchixSystemSoftware?action=sourceblock&num=8
487
+ [52]: ArchixSystemSoftware?action=sourceblock&num=9
488
+ [53]: ArchixSystemSoftware?action=sourceblock&num=10
489
+ [54]: ArchixSystemSoftware?action=sourceblock&num=11
490
+ [55]: ArchixSystemSoftware?action=sourceblock&num=12
491
+ [56]: ArchixSystemSoftware?action=sourceblock&num=13
492
+ [58]: ArchixSystemSoftware?action=sourceblock&num=14
493
+ [60]: ArchixSystemSoftware?action=sourceblock&num=15
494
+ [62]: ArchixSystemSoftware?action=sourceblock&num=16
495
+ [64]: ArchixSystemSoftware?action=sourceblock&num=17
496
+ [65]: https://github.com/dnschneid/crouton/issues/514
497
+ [66]: http://code.google.com/p/chromium/issues/detail?id=283167
498
+ [67]: ArchixSystemSoftware?action=sourceblock&num=18
... ...
\ No newline at end of file
Network/Authentication.md
... ...
@@ -0,0 +1,45 @@
1
+---
2
+title: Authentication
3
+---
4
+
5
+# Requirements
6
+
7
+* Single Sign-On
8
+* User friendly for password changes
9
+* Federated
10
+
11
+
12
+
13
+## Single Sign-On
14
+
15
+* Personal storage (SAMBA)
16
+* Home Automation app
17
+* Remote (and local?) MQTT broker
18
+* Trac
19
+* Wiki
20
+* Trello?
21
+* Deluge
22
+*
23
+
24
+
25
+
26
+## Federation
27
+
28
+Synchronization between public and private services.
29
+
30
+
31
+
32
+### scp
33
+
34
+Generate and scp passwd files?
35
+
36
+
37
+
38
+# Solutions
39
+
40
+## NIS
41
+
42
+## [FreeIPA][1][?][1]
43
+
44
+<http://www.freeipa.org/>
45
+
Network/AutomationHub.md
... ...
@@ -0,0 +1,34 @@
1
+---
2
+title: AutomationHub
3
+---
4
+
5
+Implemented By
6
+: [Pixie][1]
7
+
8
+
9
+
10
+# Components
11
+
12
+* [Raspberry Pi Model B £40][2]
13
+* [RFXtrx433 £77][3]
14
+* Aeon Labs Z-Wave USB adapter
15
+* [Domoticz][4]
16
+
17
+
18
+
19
+# Alternatives
20
+
21
+* [OpenHAB][5]
22
+
23
+
24
+
25
+# Raspberry Pi Model B
26
+
27
+Purchased
28
+: 2014-05-21
29
+
30
+ [1]: Pixie
31
+ [2]: http://www.amazon.co.uk/gp/product/B00ALW7WWQ/ref=ox_sc_act_title_1?ie=UTF8&psc=1&smid=A07590992ZJ1D7QSMML32
32
+ [3]: http://www.uk-automation.co.uk/products/RFXCOM-RFXtrx433.html
33
+ [4]: http://www.domoticz.com/
34
+ [5]: http://www.openhab.org
... ...
\ No newline at end of file
Network/Azathoth.md
... ...
@@ -0,0 +1,24 @@
1
+---
2
+title: Azathoth
3
+---
4
+
5
+Firewall / Router
6
+
7
+
8
+
9
+# Hardware
10
+
11
+| **Type** | **Make** | **Model** | **Connector** | **Specs** |
12
+||
13
+| Motherboard |   | ?? | ?? |   |
14
+| CPU | Intel | Celeron (Mendocino) | Socket | 466MHz |
15
+| RAM | Crucial |   |   | 256MB ECC |
16
+| RAM |   |   |   | 128MB ECC |
17
+| HDD | Maxtor | 90650U2 | IDE | 6.5GB |
18
+| Graphics Adapter | Intel | i810 | onboard |   |
19
+| CD-ROM | LG | CRD-8400B | IDE |   |
20
+| Soundcard | Ensoniq | [ES1371][1][?][1] | onboard |   |
21
+| NIC | Intel | i810 eepro100 | PCI | 100Mbit |
22
+| NIC | 3Com | Boomerang (3c900) | PCI | 10Mbit |
23
+| Zip | Iomega | [ZIP250][2][?][2] | IDE | 250MB |
24
+
Network/BandwidthManagement.md
... ...
@@ -0,0 +1,13 @@
1
+---
2
+title: BandwidthManagement
3
+---
4
+
5
+# [QoS][1][?][1]
6
+
7
+* Supported on [OpenWRT][2][?][2]
8
+* Implemented on [PerimiterRouter][3][?][3]
9
+
10
+## [ToDo][4][?][4]
11
+
12
+* Implement separate management for public subnet
13
+
Network/Canard.md
... ...
@@ -0,0 +1,45 @@
1
+---
2
+title: Canard
3
+---
4
+
5
+* [CanardSystemSoftware][1]
6
+* [CanardApplicationSoftware][2]
7
+
8
+
9
+
10
+# Hardware
11
+
12
+Hostname
13
+: canard
14
+
15
+Make
16
+: Dell
17
+
18
+Model
19
+: [XPS13][3][?][3] 9370
20
+
21
+Screen
22
+: 13.3" 1080p
23
+
24
+CPU
25
+: i7-8550 @ 1.8GHz Kabylake
26
+
27
+RAM
28
+: 16GB [LPDDR3][4][?][4] 2133MHz
29
+
30
+Storage
31
+: 512GB [NVMe][5][?][5] (28IS101YT3ZQ)
32
+
33
+Graphics
34
+:
35
+
36
+Dimensions
37
+: 30.2cm x 19.9cm
38
+
39
+Battery
40
+: Li-ion, 7.6V, 52Wh (4-cell). Manufacturer part `<span class="wikiword"><a class='createlinktext' rel='nofollow'
41
+
42
+Dell part `451-BCRE`
43
+
44
+ [1]: CanardSystemSoftware
45
+ [2]: CanardApplicationSoftware
Network/CanardApplicationSoftware.md
... ...
@@ -0,0 +1,39 @@
1
+---
2
+title: CanardApplicationSoftware
3
+---
4
+
5
+# [OpenVPN][1][?][1]
6
+
7
+## systemd-resolvconf
8
+
9
+sudo pacman -S systemd-resolvconf
10
+sudo systemctl enable systemd-resolvconf
11
+sudo systemctl start systemd-resolvconf
12
+
13
+[[$[Get Code]]][2]
14
+
15
+
16
+
17
+## [NetworkManager][3][?][3]
18
+
19
+<https://wiki.archlinux.org/index.php/NetworkManager#systemd-resolved>
20
+
21
+`/<span class="wikiword"><a class='createlinktext' rel='nofollow'
22
+
23
+ [main]
24
+ dns=systemd-resolved
25
+
26
+
27
+
28
+
29
+## openvpn-update-systemd-resolved
30
+
31
+Install from AUR.
32
+
33
+In the openvpn client config script:
34
+
35
+ script-security 2
36
+ up /etc/openvpn/scripts/update-systemd-resolved
37
+ down /etc/openvpn/scripts/update-systemd-resolved
38
+
39
+ [2]: CanardApplicationSoftware?action=sourceblock&num=1
Network/CanardSystemSoftware.md
... ...
@@ -0,0 +1,298 @@
1
+---
2
+title: CanardSystemSoftware
3
+---
4
+
5
+[[_TOC_]]
6
+
7
+# Arch Linux
8
+
9
+## System Software
10
+
11
+<https://gist.github.com/mattiaslundberg/8620837>
12
+
13
+
14
+
15
+### Disk
16
+
17
+* 650MB EFI
18
+* 250MB boot
19
+* + root
20
+
21
+
22
+
23
+cryptsetup -c aes-xts-plain64 -y --key-size 512 -y --use-random luksFormat /dev/nvme0n1p3
24
+
25
+[[$[Get Code]]][12]
26
+
27
+
28
+
29
+## Keyboard
30
+
31
+`setxkbmap -print`
32
+
33
+ xkb_keymap {
34
+ xkb_keycodes { include "evdev+aliases(qwerty)" };
35
+ xkb_types { include "complete" };
36
+ xkb_compat { include "complete" };
37
+ xkb_symbols { include "pc+us(dvorak)+inet(evdev)+compose(ralt)" };
38
+ xkb_geometry { include "dell(dellm65)" };
39
+ };
40
+
41
+
42
+
43
+
44
+### Volume keys
45
+
46
+Set in @@xfce4-keyboard-settings@
47
+
48
+[XF86AudioMute][13][?][13]
49
+: `pactl set-sink-mute 0 toggle`
50
+
51
+[XF86AudioLowerVolume][14][?][14]
52
+: `pactl set-sink-volume 0 -5%`
53
+
54
+[XF86AudioRaiseVolume][15][?][15]
55
+: `pactl set-sink-volume 0 +5%`
56
+
57
+
58
+
59
+## Locale
60
+
61
+Edit `/etc/locale.gen`
62
+
63
+Run `sudo locale-gen`
64
+
65
+
66
+
67
+## Display Manager
68
+
69
+### [LightDM][16][?][16]
70
+
71
+Switch the default login screen keyboard layout.
72
+
73
+For lightdm: `/etc/lightdm.conf.d/00-keyboard.conf`
74
+
75
+ [SeatDefaults]
76
+ display-setup-script/=usr/bin/setxkbmap dvorak
77
+
78
+
79
+Add the `~layout` indicator to `/etc/lightdm/lightdm-gtk-greeter.conf`:
80
+
81
+ [greeter]
82
+ indicators = ~host;~spacer;~language;~layout;~session;~a11;~clock;~power
83
+
84
+
85
+
86
+
87
+## Suspend to RAM
88
+
89
+Default sleep state was C2 (idle) instead of C3 (deep).
90
+
91
+For testing:
92
+
93
+echo "deep" > /sys/power/mem_sleep
94
+
95
+[[$[Get Code]]][17]
96
+
97
+To make it permanent fix the kernel parameters `/etc/default/grub`:
98
+
99
+ GRUB_CMDLINE_DEFAULT="quiet mem_sleep_default=deep"
100
+
101
+
102
+Remake the grub config:
103
+
104
+grub-mkconfig -o /boot/grub/grub.cfg
105
+
106
+[[$[Get Code]]][18]
107
+
108
+Debugging sleep using `echo 1 > /sys/power/pm_trace` produces a hang on resume.
109
+
110
+
111
+
112
+### Bluetooth
113
+
114
+Suffers from issues after suspend.
115
+
116
+Replace the Linux firmware blobs with those from the Windows driver.
117
+
118
+<https://www.dell.com/support/home/uk/en/ukbsdt1/drivers/driversdetails?driverId=1JVK3>
119
+
120
+
121
+
122
+unzip Killer-Wireless-AC-1525-1535-1435-Bluetooth-Driver\_1JVK3\_WIN\_10.0.0.448\_A07.EXE
123
+sudo cp /lib/firmware/qca/nvm\_usb\_00000302.bin /lib/firmware/qca/nvm\_usb\_00000302.bin.orig
124
+sudo cp /lib/firmware/qca/rampatch\_usb\_00000302.bin /lib/firmware/qca/rampatch\_usb\_00000302.bin.orig
125
+
126
+sudo cp ./drivers/Production/Windows10-x64/Bluetooth_driver/ramps\_0x00000302\_48.dfu /lib/firmware/qca/nvm\_usb\_00000302.bin
127
+sudo cp ./drivers/Production/Windows10-x64/Bluetooth_driver/AthrBT_0x00000302.dfu /lib/firmware/qca/rampatch\_usb\_00000302.bin
128
+
129
+[[$[Get Code]]][19]
130
+
131
+
132
+
133
+ gnome@canard:/lib/firmware/qca$ md5sum *000302*
134
+ 067fb95e8501bad2683df07d23539e7d nvm_usb_00000302.bin
135
+ b3e2784b16b5b0cf5defa7eb9115956d nvm_usb_00000302.bin.orig
136
+ 47ed34d8b6af11d71036aa44314e32d3 rampatch_usb_00000302.bin
137
+ 86c377ab7b2c24cc12cea5e79f71d610 rampatch_usb_00000302.bin.orig
138
+
139
+
140
+
141
+
142
+## Boot Recovery After Systemd 240 bug
143
+
144
+Systemd 240 update introduced a bug in which luks hooks ran before keyboard drivers were loaded resulting in a LUKS password prompt without any means to type the password.
145
+
146
+Recovery involved:
147
+
148
+
149
+
150
+* Boot from the archiso USB stick
151
+* chroot into system
152
+* update mkinitcpio
153
+* fix EFI boot
154
+
155
+
156
+
157
+### Arch chroot
158
+
159
+After booting from archiso USB:
160
+
161
+Decrypt and mount:
162
+
163
+ cd /mnt
164
+ mkdir root
165
+ cryptsetup open /dev/nvme0n1p3 cryptroot
166
+ mount /dev/mapper/vg0-root /mnt/root
167
+
168
+
169
+Mount extra bits for chroot:
170
+
171
+ cd /mnt
172
+ mkdir root/hostrun
173
+ mount --bind /run root/hostrun
174
+ arch-chroot ./root
175
+
176
+
177
+Within the chroot set up other mounts:
178
+
179
+ # mkinitcpio hooks need to see this
180
+ chroot$ mount --bind /hostrun/lvm /run/lvm
181
+ chroot$ mount /boot
182
+
183
+
184
+
185
+
186
+### Update mkinitcpio
187
+
188
+Update `mkinitcpio` to move keyboard hook immediately after udev:
189
+
190
+ vim /etc/mkinitcpio.conf
191
+ + HOOKS=(base udev keyboard autodetect modconf block keymap encrypt lvm2 resume filesystems)
192
+ + ## systemd version
193
+ + #HOOKS=(base systemd keyboard autodetect modconf block sd-vconsole sd-encrypt sd-lvm2 filesystems)
194
+
195
+
196
+
197
+
198
+ pacman -Sy linux
199
+ ## which should do this implicitly:
200
+ # mkinitcpio -p linux
201
+ # cd /boot && grub-mkconfig -o grub.cfg
202
+
203
+
204
+
205
+
206
+### Fix EFI boot
207
+
208
+After some failed boot attempts ("No bootable devices") reboots tripped into Dell Recovery.
209
+
210
+Drop in to BIOS (F2) and reconfigure the [NVMe][20][?][20] disk as an EFI boot disk.
211
+
212
+
213
+
214
+EFI boot file
215
+: /dev/nvme0n1p1 : EFI/arch/grubx64.efi
216
+
217
+
218
+
219
+## Upgrade Wireless Drivers
220
+
221
+Driver
222
+: ath10k_pci
223
+
224
+Model
225
+: [QCA6174][21][?][21]
226
+
227
+
228
+
229
+* <https://github.com/kvalo/ath10k-firmware>
230
+* <https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/>
231
+
232
+`lspci`:
233
+
234
+ 02:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)
235
+
236
+
237
+More fixes to try: <https://forum.manjaro.org/t/solved-qualcomm-qca6174-unstable-after-standby-many-circumstances-lenovo-miix-520/79713/43>
238
+
239
+
240
+
241
+## Wired Wifi Failover
242
+
243
+Bonded wifi and wired connections for seamless handover. Prefer wired.
244
+
245
+
246
+
247
+#!/bin/sh
248
+CON_BOND=failover
249
+DEV_BOND=bond0
250
+CON_WIFI=${CON_BOND}-wifi
251
+DEV_WIFI=wlp2s0
252
+CON_WIRED=${CON_BOND}-wired
253
+DEV_WIRED=enp57s0u1u1
254
+SSID=not-the-real-ssid
255
+WIFI_PASS=not-the-real-password
256
+
257
+$ECHO nmcli con add type bond con-name $CON_BOND ifname $DEV_BOND mode active-backup primary $DEV_WIRED +bond.options "fail\_over\_mac=active,miimon=100,primary_reselect=always,updelay=200"
258
+$ECHO nmcli con add type wifi con-name $CON_WIFI slave-type bond master $CON_BOND ifname $DEV_WIFI ssid $SSID
259
+$ECHO nmcli con modify $CON_WIFI wifi-sec.key-mgmt wpa-psk wifi-sec.psk $WIFI_PASS
260
+$ECHO nmcli con add type ethernet con-name $CON_WIRED slave-type bond master $CON_BOND ifname $DEV_WIRED
261
+
262
+[[$[Get Code]]][22]
263
+
264
+Also need to:
265
+
266
+ * set failover priority >0
267
+
268
+
269
+
270
+
271
+## Battery Life
272
+
273
+<https://amanusk.medium.com/an-extensive-guide-to-optimizing-a-linux-laptop-for-battery-life-and-performance-27a7d853856c>
274
+
275
+
276
+
277
+* `tlp`
278
+* `cpupower`
279
+* `powertop`
280
+
281
+Using `intel_pstate`.
282
+
283
+
284
+
285
+# current cpufreq driver
286
+sudo cpupower frequency-info
287
+
288
+# current cpu governor
289
+cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
290
+
291
+[[$[Get Code]]][23]
292
+
293
+ [12]: CanardSystemSoftware?action=sourceblock&num=1
294
+ [17]: CanardSystemSoftware?action=sourceblock&num=2
295
+ [18]: CanardSystemSoftware?action=sourceblock&num=3
296
+ [19]: CanardSystemSoftware?action=sourceblock&num=4
297
+ [22]: CanardSystemSoftware?action=sourceblock&num=5
298
+ [23]: CanardSystemSoftware?action=sourceblock&num=6
... ...
\ No newline at end of file
Network/CliMateCM-2.md
... ...
@@ -0,0 +1,33 @@
1
+---
2
+title: CliMateCM-2
3
+---
4
+
5
+Make
6
+: Swiftbase
7
+
8
+Model
9
+: [CliMate][1][?][1] CM-2
10
+
11
+Version
12
+: 3.5.6
13
+
14
+Power
15
+: 6V DC
16
+
17
+Current
18
+: 200mA
19
+
20
+Link
21
+: [http://www.theclimate.co.uk/product.php?product\_id=110&category\_id=1][2]
22
+
23
+
24
+
25
+# Default Config
26
+
27
+IP
28
+: 192.168.123.123
29
+
30
+Gateway
31
+: 192.168.123.1
32
+
33
+ [2]: http://www.theclimate.co.uk/product.php?product_id=110&category_id=1
... ...
\ No newline at end of file
Network/Cyclops.md
... ...
@@ -0,0 +1,11 @@
1
+---
2
+title: Cyclops
3
+---
4
+
5
+* [CyclopsHardware][1]
6
+* [CyclopsSystemSoftware][2]
7
+* [CyclopsApplicationSoftware][3]
8
+
9
+ [1]: CyclopsHardware
10
+ [2]: CyclopsSystemSoftware
11
+ [3]: CyclopsApplicationSoftware
... ...
\ No newline at end of file
Network/CyclopsApplicationSoftware.md
... ...
@@ -0,0 +1,88 @@
1
+---
2
+title: CyclopsApplicationSoftware
3
+---
4
+
5
+[[_TOC_]]
6
+
7
+# [MariaDB][8][?][8]
8
+
9
+Prevent pixie3 failing to connect.
10
+
11
+`/etc/mysql/mariadb.conf.d/50-server.cnf`
12
+
13
+ [mysqld]
14
+ ...
15
+ max_connect_errors = 10000
16
+
17
+
18
+
19
+Verify with:
20
+
21
+mysqld --help --verbose  | grep ^max-connect-errors
22
+
23
+[[$[Get Code]]][9]
24
+
25
+
26
+
27
+# squid-deb-proxy
28
+
29
+Deploy as a replacement for apt-cacher-ng.
30
+
31
+
32
+
33
+## Server
34
+
35
+apt-get install squid-deb-proxy
36
+# allow cognomen repo
37
+cat > /etc/squid-deb-proxy/mirror-dstdomain.acl.d/20-cognomen
38
+cognomen.co.uk
39
+^D
40
+# allow raspbian and osmc repos
41
+cat > /etc/squid-deb-proxy/mirror-dstdomain.acl.d/30-osmc
42
+mirrordirector.raspbian.org
43
+apt.osmc.tv
44
+^D
45
+# update iptables
46
+echo "8000 squid-deb-proxy" >> /etc/iptables/ports\_in\_tcp_allow
47
+# disable on startup, move cache, restart
48
+systemctl disable squid-deb-proxy
49
+cd /var/cache
50
+mv squid-deb-proxy /mnt/md6-media/systems/cyclops/var/cache/
51
+ln -s /mnt/md6-media/systems/cyclops/var/cache/squid-deb-proxy
52
+systemctl start squid-deb-proxy
53
+
54
+[[$[Get Code]]][10]
55
+
56
+Allow access and caching of unofficial repos in `/etc/squid-deb-proxy/squid-deb-proxy.conf`:
57
+
58
+ #http_access deny !to_archive_mirrors
59
+ http_access allow !to_archive_mirrors
60
+
61
+ # don't cache domains not listed in the mirrors file
62
+ # uncomment the third and fourth line to cache any unlisted domains
63
+ #cache deny !to_archive_mirrors
64
+ cache allow !to_archive_mirrors
65
+
66
+
67
+
68
+
69
+## Client
70
+
71
+`/etc/apt/apt.conf.d/50apt-proxy`
72
+
73
+ Acquire {
74
+ Retries "0";
75
+ HTTP { Proxy "http://media:8000"; };
76
+ };
77
+
78
+
79
+
80
+
81
+# SMTP and Postfix
82
+
83
+Originally configured as local-only which meant it couldn't be used to submit mail for relaying. Reconfigured as Internet Site.
84
+
85
+<https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-debian-9>
86
+
87
+ [9]: CyclopsApplicationSoftware?action=sourceblock&num=1
88
+ [10]: CyclopsApplicationSoftware?action=sourceblock&num=2
... ...
\ No newline at end of file
Network/CyclopsHardware.md
... ...
@@ -0,0 +1,149 @@
1
+---
2
+title: CyclopsHardware
3
+---
4
+
5
+Make and Model
6
+: HPE [DL320e][1][?][1] Gen8 v2
7
+
8
+CPU
9
+: Intel i3-4130 @ 3.4GHz
10
+
11
+RAM
12
+: 4x8GB [PC3][2][?][2]-12800E [DDR3][3][?][3] 1600 (ECC)
13
+
14
+Raid (new)
15
+: LSI [SAS9207][4][?][4]-8e ([SAS2308][5][?][5])
16
+
17
+Raid (old)
18
+: [HP P411][6] SAS controller (dual SFF-8088, non-JBOD, [PM8011][7][?][7] SRC)
19
+
20
+Raid, int
21
+: B120i RAID controller v3.54
22
+
23
+Optical
24
+: HP DVD RAM [UJ8C][8][?][8] DVD+R DL
25
+
26
+Network
27
+: 2x 1Gb 332i adapter
28
+
29
+Video
30
+: Matrox [G200eH][9][?][9] video
31
+
32
+HDD
33
+: 2x 120GB SDD Intel DC S3500 ([SSDSC2BB120G4B][10][?][10])
34
+
35
+
36
+
37
+# Rails
38
+
39
+Correct rails are 663201-B21
40
+
41
+
42
+
43
+# RAM
44
+
45
+Maximum
46
+: 4x8GB [DDR3][3][?][3] (controller limit)
47
+
48
+Part Number
49
+: HP 669239-081
50
+
51
+* Supports both Low-Voltage [DDR3L][11][?][11] (1.35V) and [DDR3][3][?][3] (1.5V)
52
+* Supports only Unbuffered ECC DIMM
53
+* <http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=mmr_kc-0109093>
54
+* Purchased 2x8GB "SAMSUNG 8GB RAM ECC Registered 2RX4 [PC3L][12][?][12]-10600R [M393B1K70CHD][13][?][13]-[CH9][14][?][14]" from eBay ~£34
55
+ * Unsupported *registered* DIMM
56
+
57
+
58
+
59
+sudo dmidecode -t 17
60
+
61
+[[$[Get Code]]][15]
62
+
63
+
64
+
65
+## Supported Types
66
+
67
+### Likely
68
+
69
+* [SkHynix HMT41GU7AFR8C][16], [spec][17]
70
+ * HMT41GU7AFR8C-PB/RD: 8GB 1Gx72 512Mx8([H5TQ4G83MFR][18][?][18])*18 2-rank
71
+ * PB = 1600MHz = [PC3][2][?][2]-12800
72
+ * RD = 1866MHz = [PC3][2][?][2]-14900
73
+ * Purchased from Dr Memory for £90
74
+* SkHynix HMT41GU7BFR8C-PB, [spec][19]: Newer revision of [AFR8C][20][?][20]
75
+* SkHynix HMT41GU7DFR8C-PB, <https://www.skhynix.com/products.view.do?vseq=1788&cseq=75,spec>: D-die version (2015)
76
+* [SkHynix HMT41GU7AFR8A][21], [spec][22]
77
+ * [DDR3L][11][?][11] version (1.35V), but works in both [DDR3L][11][?][11] and [DDR3][3][?][3] (1.5V) modes
78
+ * PB = 1600MHz = [PC3][2][?][2]-12800 (no RD spec)
79
+
80
+
81
+
82
+### Maybe
83
+
84
+* Samsung M391B1G73BH0-CK0 (4GB?)
85
+* Samsung M391B1G73DH0-CK0 (?)
86
+* Samsung M391B1G73QH0-CK0 (Samsung 8GB)
87
+* Crucial CT102472BA160B
88
+
89
+
90
+
91
+### No
92
+
93
+* Hynix
94
+ * All [GU6][23][?][23] (which are 64-bit wide) are *non-ECC*
95
+ * HMT41GU6AFR8C-PB/RD: 8GB 1Gx64 512Mx8([H5TQ4G83AFR][24][?][24])*16 2-rank
96
+
97
+
98
+
99
+# Raid Controller
100
+
101
+[LSI model guide][25]
102
+
103
+LSI 1068 are limited to 2TB disks.
104
+
105
+
106
+
107
+* [LSI 9200-8e][26]
108
+* LSI 9201-16e - HBA, [PCIe2][27][?][27] 8x ~£80
109
+* [LSI 9280-8e][28] (BBU, JBOD?), [ServeRAID M5025 SAS/SATA][29]
110
+* LSI SAS 9205-8e - 2x4 ports SAS external, no cache, no BBU, can be flashed to either IT or IR mode, possibly even to [LSI9240][30][?][30] making it a dual core version (LSI 9245 which was planned)
111
+* LSI SAS 9285-8e (Dell H810)
112
+
113
+
114
+
115
+## LSI JBOD
116
+
117
+### [SAS2008][31][?][31]
118
+
119
+* 9200 [[£50 eBay UK)
120
+* 9201 - 16e [£80 eBay UK][32][?][32]
121
+* 9271 - Internal only?
122
+* 9285 - Dell H810 ~£150
123
+* 9286 - [£119 eBay Bulgaria][33]
124
+
125
+
126
+
127
+### [SAS2308][5][?][5]
128
+
129
+* 9205 ([PCIe2][27][?][27]?)
130
+* 9207-8e - [PCIe3][34][?][34], IT default - £50 eBay UK (purchased)
131
+
132
+
133
+
134
+### [SAS3008][35][?][35] and [SAS3108][36][?][36]
135
+
136
+* HD SAS only
137
+
138
+ [6]: https://www.hpe.com/h20195/v2/getpdf.aspx/c04111712.pdf?ver=14
139
+ [15]: CyclopsHardware?action=sourceblock&num=1
140
+ [16]: https://www.skhynix.com/products.view.do?vseq=997&cseq=75
141
+ [17]: https://www.skhynix.com/product/filedata/fileDownload.do?seq=3608
142
+ [19]: https://www.skhynix.com/product/filedata/fileDownload.do?seq=3520
143
+ [21]: https://www.skhynix.com/products.view.do?vseq=996&cseq=75
144
+ [22]: https://www.skhynix.com/product/filedata/fileDownload.do?seq=3611
145
+ [25]: https://forums.servethehome.com/index.php?threads/lsi-raid-controller-and-hba-complete-listing-plus-oem-models.599/
146
+ [26]: http://www.lsi.com/products/storagecomponents/Pages/LSISAS9200-8e.aspx
147
+ [28]: http://www.lsi.com/products/storagecomponents/Pages/MegaRAIDSAS9280-8e.aspx
148
+ [29]: http://www.redbooks.ibm.com/technotes/tips0739.pdf
149
+ [33]: http://www.ebay.co.uk/itm/like/292206834961
Network/CyclopsSoftware.md
... ...
@@ -0,0 +1,5 @@
1
+---
2
+title: CyclopsSoftware
3
+---
4
+
5
+(:redirect Network.Cyclops :)
... ...
\ No newline at end of file
Network/CyclopsSystemSoftware.md
... ...
@@ -0,0 +1,30 @@
1
+---
2
+title: CyclopsSystemSoftware
3
+---
4
+
5
+# RAID 1
6
+
7
+Copy partition table from `/dev/sda` to `/dev/sdb` and extend btrfs to [RAID1][1][?][1]
8
+
9
+sfdisk -d /dev/sda > part_table
10
+sfdisk /dev/sdb < part_table
11
+btrfs device add /dev/sdb1 /
12
+btrfs balance start -dconvert=raid1 -mconvert=raid1 /
13
+
14
+[[$[Get Code]]][2]
15
+
16
+
17
+
18
+# btrfs boot issues
19
+
20
+Configure grub to use `4.9.0-12` kernel in `/etc/default/grub`:
21
+
22
+GRUB_DEFAULT="1>4"
23
+
24
+
25
+[[$[Get Code]]][3]
26
+
27
+Selects \*2nd\* menu option ("Advanced settings"), then \*5th\* submenu option.
28
+
29
+ [2]: CyclopsSystemSoftware?action=sourceblock&num=1
30
+ [3]: CyclopsSystemSoftware?action=sourceblock&num=2
... ...
\ No newline at end of file
Network/DG834GT.md
... ...
@@ -0,0 +1,43 @@
1
+---
2
+title: DG834GT
3
+---
4
+
5
+Sky Router
6
+
7
+
8
+
9
+# Authentication
10
+
11
+* User: admin
12
+* Pass: sky
13
+
14
+
15
+
16
+# Log
17
+
18
+#### 2012-09-09
19
+
20
+* DHCP Starting IP x.x.0.6 (netgear.001.cfg)
21
+* Forward SSH port 22 and forward to [Hastur][1] (netgear.002.cfg)
22
+
23
+
24
+
25
+#### 2012-09-10
26
+
27
+* Set DHCP starting IP back to x.x.0.2, reserve [IPs][2][?][2] for Hastur and [AppleTV][3] (netgear.003.cfg)
28
+
29
+
30
+
31
+#### 2012-09-11
32
+
33
+* Restore settings after reset.
34
+* Set DHCP starting address to x.x.0.6
35
+* Forward SSH to [Hastur][1]
36
+* Backup as netgear.004.cfg
37
+
38
+* Macbook Pros seem to have issues with wifi channel 1
39
+* Switch to channel 7
40
+* Backup as netgear.007.cfg
41
+
42
+ [1]: Hastur
43
+ [3]: /AppleTV/AppleTV
... ...
\ No newline at end of file
Network/DGS-1008D.md
... ...
@@ -0,0 +1,30 @@
1
+---
2
+title: DGS-1008D
3
+---
4
+
5
+Make
6
+: D-Link
7
+
8
+Model
9
+: DGS-1008D
10
+
11
+Description
12
+: 8-port Gigabit switch
13
+
14
+Power Supply
15
+: 5V 2A [JTA0302D][1][?][1]-C
16
+
17
+
18
+
19
+# Blown powersupply
20
+
21
+* Power surge destroyed power supply
22
+
23
+
24
+
25
+# Log
26
+
27
+## 2014-02-02
28
+
29
+* Power supply blown again
30
+
Network/DNS.md
... ...
@@ -0,0 +1,145 @@
1
+---
2
+title: DNS
3
+---
4
+
5
+# Requirements
6
+
7
+* Local DNS resolution
8
+* Forwarding of DNS resolution for [GeolocationTunneling][1]
9
+* Fallback to reliable DNS
10
+
11
+
12
+
13
+## Optional
14
+
15
+* Caching
16
+
17
+
18
+
19
+# Implementation
20
+
21
+* [Perimeter Router][2] - local and forwarding using dnsmasq
22
+* [Hastur][3]
23
+
24
+
25
+
26
+* * *
27
+
28
+
29
+
30
+# SRV records for XMPP
31
+
32
+<http://prosody.im/doc/dns>
33
+
34
+
35
+
36
+* `_xmpp-client` is for client-to-server connections
37
+* `_xmpp-server` is for server-to-server connections
38
+
39
+For [GTalk][4][?][4]:
40
+
41
+ _xmpp-client._tcp 10800 IN SRV 20 0 5222 alt1.xmpp-server.l.google.com.
42
+ _xmpp-client._tcp 10800 IN SRV 20 0 5222 alt2.xmpp-server.l.google.com.
43
+ _xmpp-client._tcp 10800 IN SRV 20 0 5222 alt3.xmpp-server.l.google.com.
44
+ _xmpp-client._tcp 10800 IN SRV 20 0 5222 alt4.xmpp-server.l.google.com.
45
+ _xmpp-client._tcp 10800 IN SRV 5 0 5222 xmpp-server.l.google.com.
46
+ _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt1.xmpp-server.l.google.com.
47
+ _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt2.xmpp-server.l.google.com.
48
+ _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt3.xmpp-server.l.google.com.
49
+ _xmpp-server._tcp 10800 IN SRV 20 0 5269 alt4.xmpp-server.l.google.com.
50
+ _xmpp-server._tcp 10800 IN SRV 5 0 5269 xmpp-server.l.google.com.
51
+
52
+
53
+
54
+
55
+* * *
56
+
57
+# Obsolete Configuration Plans
58
+
59
+These requirements were largely meant for the publically accessible network now implemented by [Yuggoth][5].
60
+
61
+
62
+
63
+## Requirements
64
+
65
+* Separation of Auth and Resolving services
66
+* Separation of public and non-public network information
67
+* 3 Authoritative DNS servers
68
+ * Primary public
69
+ * Secondary public
70
+ * Private
71
+* Recursive (Caching) Resolvers
72
+* Auth DNS supporting
73
+ * A
74
+ * AAAA ([IPv6][6])
75
+ * MX (Mail)
76
+ * SRV (for [VoIP][7][?][7])
77
+ * Zone transfers
78
+* Local Caching DNS
79
+
80
+This involves eventually having three authoritative nameservers.
81
+
82
+* Two for publicly accessible systems ([DNS1][8][?][8] and an off-site Secondary)
83
+* A third for the private net ([DNS2][9][?][9])
84
+
85
+[Phase I][10][?][10] requires a single authoritative [DNS][11] server ([Niggurath][12]) for publicly accessible systems and one caching DNS (for resolving non-local addresses).
86
+
87
+Complete local network info is maintained in /etc/hosts files.
88
+
89
+When a public domain name is registered a secondary will be set up using a free DNS service.
90
+
91
+[Phase II][13][?][13] requires a second [DNS][11] server, located on the [Private Subnet][14][?][14], to handle all [Private Subnet][14][?][14] records and (optionally) cache queries from private systems. The primary [DNS][11] is reconfigured as a forwarder for queries from the private [DNS][11].
92
+
93
+[Phase III][15][?][15] requires a walldns-like record for wireless ([IPv6][6]) clients.
94
+
95
+
96
+
97
+## Components
98
+
99
+* Authoritative
100
+* Caching
101
+
102
+
103
+
104
+## Available DNS servers
105
+
106
+[http://en.wikipedia.org/wiki/Comparison\_of\_DNS\_server\_software][16]
107
+
108
+
109
+
110
+### Auth & Cache
111
+
112
+* BIND
113
+* djbdns (dnscache, tinydns)
114
+
115
+
116
+
117
+### Auth only
118
+
119
+* NSD - <http://www.nlnetlabs.nl/nsd/>
120
+
121
+
122
+
123
+## Free DNS services
124
+
125
+* <http://freedns.afraid.org/>
126
+* <http://www.dollardns.net/hosting.html>
127
+* <http://www.xname.org/> (No SRV records)
128
+
129
+
130
+
131
+* * *
132
+
133
+# Log
134
+
135
+**2006-04-22** BIND too buggy, too cludgy.
136
+djbdns, like qmail is unmaintained. AAAA and SRV?
137
+
138
+ [1]: GeolocationTunneling
139
+ [2]: PerimeterRouter
140
+ [3]: Hastur
141
+ [5]: Yuggoth
142
+ [6]: IPv6
143
+ [11]: DNS
144
+ [12]: Niggurath
145
+ [16]: http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software
... ...
\ No newline at end of file
Network/EclipseEco1200.md
... ...
@@ -0,0 +1,17 @@
1
+---
2
+title: EclipseEco1200
3
+---
4
+
5
+Make
6
+: Eaton
7
+
8
+Model
9
+: Eclipse ECO 1200
10
+
11
+Purchased
12
+: £161.66 from Amazon
13
+
14
+Datasheet
15
+: [Eaton Eclipse Eco][1]
16
+
17
+ [1]: http://www.vps-ups.co.uk/media/docs/productattachments_files_e_a_eaton_ellipse_eco_datasheet.pdf
... ...
\ No newline at end of file
Network/GS108.md
... ...
@@ -0,0 +1,17 @@
1
+---
2
+title: GS108
3
+---
4
+
5
+Make
6
+: Zyxel
7
+
8
+Model
9
+: GS-108S
10
+
11
+Description
12
+: 8-port gigabit "media" switch
13
+
14
+Purchased
15
+: Free from eBuyer with Zyxel [PLA5205][1]
16
+
17
+ [1]: PLA5205
... ...
\ No newline at end of file
Network/GeolocationTunneling.md
... ...
@@ -0,0 +1,75 @@
1
+---
2
+title: GeolocationTunneling
3
+---
4
+
5
+Tunnel requests to geolocation sensitive services
6
+
7
+
8
+
9
+# Objectives
10
+
11
+* Transparent
12
+* Only changes to border router supported by most consumer routers
13
+* Support Hulu, Pandora and Netflix
14
+* Available for all users
15
+* Fallback on failure
16
+
17
+
18
+
19
+# Hardware
20
+
21
+Router
22
+: [DG834GT][1] (Sky Router)
23
+
24
+Resolver
25
+: [DNS][2] - [WRT54GL][3] or [Hastur][4]
26
+
27
+Remote Resolver
28
+: [Yuggoth][5]
29
+
30
+Fallback Resolver
31
+: Google DNS, [OpenDNS][6][?][6]
32
+
33
+
34
+
35
+# Solutions
36
+
37
+* Local Resolver runs dnsmasq
38
+* Remote Resolver runs haproxy?
39
+* Clients configured with:
40
+ Gateway
41
+ : [PerimeterRouter][7]
42
+
43
+ DNS
44
+ : Resolver, Fallback Resolver
45
+
46
+* Client requests name resolution of Geoloc Service from Hastur
47
+ * Local Resolver forwards to Remote Resolver
48
+ * Remote Resolver proxies connection to Geoloc Service
49
+* Client requests name resolution of non-Geoloc Service from Hastur
50
+ * Local Resolver forwards to Fallback Resolver
51
+
52
+
53
+
54
+# Guides
55
+
56
+* <http://trick77.com/2014/03/01/tunlr-style-dns-unblocking-pandora-netflix-hulu-et-al/>
57
+* <https://github.com/corporate-gadfly/Tunlr-Clone>
58
+
59
+
60
+
61
+# Links
62
+
63
+* [OpenVPN client on OpenWRT][8]
64
+* [OpenVPN, Ubuntu and Hulu][9]
65
+* [SSH tunnel][10]
66
+
67
+ [1]: DG834GT
68
+ [2]: DNS
69
+ [3]: WRT54GL
70
+ [4]: Hastur
71
+ [5]: Yuggoth
72
+ [7]: PerimeterRouter
73
+ [8]: http://martybugs.net/wireless/openwrt/openvpn.cgi
74
+ [9]: http://www.ventanazul.com/webzine/articles/openvpn-ubuntu-and-hulu
75
+ [10]: http://embraceubuntu.com/2006/12/08/ssh-tunnel-socks-proxy-forwarding-secure-browsing/
... ...
\ No newline at end of file
Network/GroupAttributes.md
... ...
@@ -0,0 +1,3 @@
1
+---
2
+title: GroupAttributes
3
+---
Network/HTPC.md
... ...
@@ -0,0 +1,3 @@
1
+---
2
+title: HTPC
3
+---
Network/Hastur.md
... ...
@@ -0,0 +1,45 @@
1
+---
2
+title: Hastur
3
+---
4
+
5
+Media and Storage Server
6
+
7
+* Implementation of [Network.StorageServer][1], [MediaCentre.BackEnd][2]
8
+
9
+
10
+
11
+# Hardware
12
+
13
+Moved to [Hastur Hardware][3]
14
+
15
+
16
+
17
+# Software
18
+
19
+## [System Software][4]
20
+
21
+Moved to [Hastur System Software][4]
22
+
23
+Includes [RAID and dmcrypt benchmarks][5]
24
+
25
+
26
+
27
+## [Application Software][6]
28
+
29
+Moved to [Hastur Software][6]
30
+
31
+Includes [MythTV][7][?][7], Mediatomb, [UPnP][8][?][8] and media centre [ACLs][9][?][9]
32
+
33
+
34
+
35
+## [HasturReplacement][10]
36
+
37
+* * *
38
+
39
+ [1]: StorageServer
40
+ [2]: /MediaCentre/BackEnd
41
+ [3]: HasturHardware
42
+ [4]: HasturSystemSoftware
43
+ [5]: HasturSystemSoftware#Benchmarks
44
+ [6]: HasturSoftware
45
+ [10]: HasturReplacement
... ...
\ No newline at end of file
Network/HasturAtaFailures.md
... ...
@@ -0,0 +1,255 @@
1
+---
2
+title: HasturAtaFailures
3
+---
4
+
5
+
6
+
7
+# 2009-01-06
8
+
9
+See /root/messages.sdf-failing. Or possibly just a raid glitch.
10
+
11
+
12
+
13
+# 2009-01-18
14
+
15
+## Test
16
+
17
+* Connect drives
18
+* Assemble array
19
+* dd if=/dev/md3 bs=4k of=/dev/null
20
+
21
+
22
+
23
+## Reference
24
+
25
+* Drives direct SATA connected
26
+* Drives powered by enclosure PSU
27
+
28
+### Configuration
29
+
30
+| A | B | C | D | E |
31
+| - | - | - | - | - |
32
+| 6 |   | 5 |   | 1 |
33
+
34
+
35
+
36
+| F | 2 |
37
+| - | - |
38
+| G | 3 |
39
+| H | 4 |
40
+
41
+
42
+
43
+## Test backplane
44
+
45
+### Test Slot D
46
+
47
+| A | B | C | D | E |
48
+| - | - | - | - | - |
49
+| 6 |   | 5 | 4 | 1 |
50
+
51
+
52
+
53
+| F | 2 |
54
+| - | - |
55
+| G | 3 |
56
+| H |   |
57
+
58
+
59
+
60
+* Not Stable
61
+
62
+
63
+
64
+### Test Slot B
65
+
66
+| A | B | C | D | E |
67
+| - | - | - | - | - |
68
+| 6 | 4 | 5 |   | 1 |
69
+
70
+
71
+
72
+| F | 2 |
73
+| - | - |
74
+| G | 3 |
75
+| H |   |
76
+
77
+
78
+
79
+* Stable
80
+
81
+
82
+
83
+### Test Slot B & D
84
+
85
+| A | B | C | D | E |
86
+| - | - | - | - | - |
87
+| 6 | 4 | 5 | 3 | 1 |
88
+
89
+
90
+
91
+| F | 2 |
92
+| - | - |
93
+| G |   |
94
+| H |   |
95
+
96
+
97
+
98
+* Not Stable
99
+
100
+
101
+
102
+### Swap disks 3 and 4
103
+
104
+| A | B | C | D | E |
105
+| - | - | - | - | - |
106
+| 6 | 3 | 5 | 4 | 1 |
107
+
108
+
109
+
110
+| F | 2 |
111
+| - | - |
112
+| G |   |
113
+| H |   |
114
+
115
+
116
+
117
+* Not Stable
118
+
119
+
120
+
121
+### Swap power supply cables
122
+
123
+* Removed and cleaned 5-bay [IcyDock][1][?][1]
124
+* Swap power supply cables
125
+* Old: Cables 1->A, 2->BC, 3->DE.
126
+* New: 1->BC, 2->DE, 3->A
127
+* Stable
128
+
129
+| A | B | C | D | E |
130
+| - | - | - | - | - |
131
+| 6 | 4 | 5 |   | 1 |
132
+
133
+
134
+
135
+| F | 2 |
136
+| - | - |
137
+| G | 3 |
138
+| H |   |
139
+
140
+
141
+
142
+### Slot D again
143
+
144
+| A | B | C | D | E |
145
+| - | - | - | - | - |
146
+| 6 |   | 5 | 4 | 1 |
147
+
148
+
149
+
150
+| F | 2 |
151
+| - | - |
152
+| G | 3 |
153
+| H |   |
154
+
155
+
156
+
157
+* Stable
158
+
159
+
160
+
161
+### Slots B & D again
162
+
163
+| A | B | C | D | E |
164
+| - | - | - | - | - |
165
+| 6 | 3 | 5 | 4 | 1 |
166
+
167
+
168
+
169
+| F | 2 |
170
+| - | - |
171
+| G |   |
172
+| H |   |
173
+
174
+* Stable
175
+
176
+
177
+
178
+### Connect PMP bridges
179
+
180
+* Power up, leave disks direct-connected
181
+* Connect bottom bridge
182
+
183
+| A | B | C | D | E |
184
+| - | - | - | - | - |
185
+| 6 | 3 | 5 | 4 | 1 |
186
+
187
+
188
+
189
+| F | 2 |
190
+| - | - |
191
+| G |   |
192
+| H |   |
193
+
194
+* Stable
195
+
196
+* Connect upper bridge
197
+* Same configuration
198
+* Stable
199
+
200
+
201
+
202
+### PMP Connect Slot F
203
+
204
+* Connect F to bottom bridge
205
+* Connect bottom bridge through eSATA
206
+
207
+| A | B | C | D | E |
208
+| - | - | - | - | - |
209
+| 6 | 3 | 5 | 4 | 1 |
210
+
211
+
212
+
213
+| F | 2 |
214
+| - | - |
215
+| G |   |
216
+| H |   |
217
+
218
+
219
+
220
+### Reconnect Everything
221
+
222
+* Reconnected all drives through PMP bridges
223
+* PMP bridges to [SiI3132][2][?][2]
224
+* Reboot seemed normal
225
+
226
+
227
+
228
+| A | B | C | D | E |
229
+| - | - | - | - | - |
230
+| 6 |   | 5 |   | 1 |
231
+
232
+
233
+
234
+| F | 2 |
235
+| - | - |
236
+| G | 3 |
237
+| H | 4 |
238
+
239
+
240
+
241
+* All seems normal
242
+
243
+
244
+
245
+# 2009-06-29
246
+
247
+* Occurred at 20h47
248
+* double disk failure
249
+* sdc? failed first
250
+* alarm in enclosure, ejected failed disk (should have removed with mdadm?)
251
+* made array read-only
252
+* system lock-up shortly thereafter?
253
+* See [HasturRaidRecovery][3]
254
+
255
+ [3]: HasturRaidRecovery
... ...
\ No newline at end of file
Network/HasturHardware.md
... ...
@@ -0,0 +1,1011 @@
1
+---
2
+title: HasturHardware
3
+---
4
+
5
+Back to [Hastur][1]
6
+
7
+
8
+
9
+[[_TOC_]]
10
+
11
+# Hardware
12
+
13
+## Hastur
14
+
15
+| Type | Make | Model | Connector | Specs | Notes | Price £ |
16
+|:------------- | ----------- | -------------------------------------------------------- | ------------------ | ---------------------------------------------- | ---------------- | ------------ |
17
+| CPU | Intel | Core2 Quad Q6600 (SLACR) | Socket 775 | Quad 2.4GHz | G0 stepping | [149.99][37] |
18
+| Motherboard | Gigabyte | GA-[P35C][38][?][38]-[DS3R][39][?][39] | Socket 775 |   | [1][40], [2][41] | [61.69][42] |
19
+| RAM | Corsair | [TwinX][43][?][43] [XMS2][44][?][44] [PC6400][45][?][45] |   | [DDR2][46][?][46] 800MHz 2GB [CAS4][47][?][47] |   | [54.99][48] |
20
+| Heatsink | Scythe | Infinity |   |   | [3][49] | [24.29][50] |
21
+| Fan | Silverstone | [FN121][51][?][51] |   |   | [4][52] | [4.49][53] |
22
+| Fan | Silverstone | [FN121][51][?][51] |   |   | [5][54] | [4.49][53] |
23
+| Fan | Silverstone | [FN121][51][?][51] |   |   | [6][55] | [4.49][53] |
24
+| Thermal Paste | Arctic | Silver 5 |   |   |   | [3.83][53] |
25
+| Graphics Card | PNY | [GeForce][56][?][56] 7300 LE | PCI-E x16 | VGA,DVI,TV-out,passive | [7][57] | [15.31][58] |
26
+| DVD-RW | Pioneer | DVR-112BK | PATA | 18xDVD±R 10xDVD-DL | [8][59], black | [15.60][60] |
27
+| DVD-RW | Pioneer | DVR-112BK | PATA | 18xDVD±R 10xDVD-DL |   | [15.60][60] |
28
+| HDD | Seagate | [ST380815AS][61][?][61] | [SATA1][62][?][62] | 80GB, 8MB cache | [9][63] | [22.39][64] |
29
+| DVB-T Capture | Hauppauge | Nova-T PCI | PCI |   |   | [24.39][65] |
30
+| DVB-T Capture | Hauppauge | Nova-T PCI | PCI |   | [10][66] | [24.79][67] |
31
+| Network Card | Intel | Pro 1000PT | PCI-E | 1Gbps, Jumbo:16k |   | [21.02][68] |
32
+| Case | Gigabyte | Triton |   | 5-bay ext | black | [41.65][69] |
33
+| PSU | Corsair | VX 450 |   | 450W |   | [39.00][70] |
34
+| eSATA Host | No-name | [SiI3132][71][?][71] | PCI-e-1x, 2xeSATA | [SiI3132][71][?][71], PM-FIS |   | [19.99][72] |
35
+
36
+
37
+
38
+## Storage
39
+
40
+See [HasturRaidArray][73]
41
+
42
+
43
+
44
+### 3TB
45
+
46
+| Type | Make | Model | Connector | Specs | Notes | Price £ |
47
+|:---- | ------- | ------------------------ | ------------------ | ----- | ------------------------------------------ | ----------- |
48
+| HDD | Seagate | [ST3500630AS][74][?][74] | [SATA2][75][?][75] | 500GB | 9QG3T5QW (#4) | [54.89][76] |
49
+| HDD | Seagate | [ST3500630AS][74][?][74] | [SATA2][75][?][75] | 500GB | 9QG3T61X (#3) | [54.89][76] |
50
+| HDD | Seagate | [ST3500630AS][74][?][74] | [SATA2][75][?][75] | 500GB | 9QG3V6HN (#2) | [54.89][76] |
51
+| HDD | Seagate | [ST3500630AS][74][?][74] | [SATA2][75][?][75] | 500GB | 9QG3T5QM (#5) | [54.89][76] |
52
+| HDD | Samsung | [HD501LJ][77][?][77] | [SATA2][75][?][75] | 500GB | [11][78], [S0MUJ1DPC01407][79][?][79] (#6) | [52.89][80] |
53
+| HDD | Samsung | [HD501LJ][77][?][77] | [SATA2][75][?][75] | 500GB | [12][81], [S0MUJ1KP715582][82][?][82] (#1) | [52.89][80] |
54
+
55
+
56
+
57
+### 8TB
58
+
59
+| Type | Make | Model | Specs | Notes | Price £ |
60
+|:---- | ------- | ------------------------ | ------------------ | ------------------------------------- | ----------- |
61
+| HDD | Samsung | [HD203WI][83][?][83] | 2TB, 32MB, 5400rpm | #S1UYJ1CZ317052, TLER(R) | [85.09][84] |
62
+| HDD | Samsung | [HD203WI][83][?][83] | 2TB, 32MB, 5400rpm | #S1UYJ1CZ317063, TLER(R) | [85.09][84] |
63
+| HDD | Seagate | [ST3200542AS][85][?][85] | 2TB, 32MB, 5900rpm | #9XW09GDN, [CC34][86][?][86], TLER(R) | [93.60][87] |
64
+| HDD | Seagate | [ST3200542AS][85][?][85] | 2TB, 32MB, 5900rpm | #9XW08GNB, [CC34][86][?][86], TLER(R) | [93.60][87] |
65
+
66
+
67
+
68
+### 14TB
69
+
70
+| Type | Make | Model | Specs | Notes | Price £ |
71
+|:---- | ------- | ------------------------ | ------------------ | ------------------------------------- | ----------------- |
72
+| HDD | Samsung | [HD203WI][83][?][83] | 2TB, 32MB, 5400rpm | #S1UYJ1CZ317052, TLER(R) | [85.09][84] |
73
+| HDD | Samsung | [HD203WI][83][?][83] | 2TB, 32MB, 5400rpm | #S1UYJ1CZ317063, TLER(R) | [85.09][84] |
74
+| HDD | Seagate | [ST3200542AS][85][?][85] | 2TB, 32MB, 5900rpm | #9XW09GDN, [CC34][86][?][86], TLER(R) | [93.60][87] |
75
+| HDD | Seagate | [ST3200542AS][85][?][85] | 2TB, 32MB, 5900rpm | #9XW08GNB, [CC34][86][?][86], TLER(R) | [93.60][87] |
76
+| HDD | Seagate | [ST3000DM001][88][?][88] | 3TB, 64MB, 7200rpm | #Z1F1K11M, warranty until 2015-01-26 | [89.98][89] incl. |
77
+| HDD | Seagate | [ST3000DM001][88][?][88] | 3TB, 64MB, 7200rpm | #W1F1PG24, warranty until 2015-02-17 | [89.98][89] incl. |
78
+
79
+
80
+
81
+## Enclosure
82
+
83
+| Type | Make | Model | Connector | Specs | Notes | Price £ |
84
+|:--------------- | -------- | --------------------- | --------------------------------------- | --------------------------- | ------------------------------- | ----------- |
85
+| Enclosure Kit | Span | IB-5SPB |   | [CFI CF-1051][90], 320W PSU | [13][91] | [84.00][92] |
86
+| eSATA PM Bridge | Span | IRSA-[MM5][93][?][93] | [SiI3726][94][?][94], 5xSATA to 1xeSATA |   | [14][95], Included in kit above |   |
87
+| SATA Cable ×5 |   |   | 2xSATA(m) | 30cm | Included in kit above |   |
88
+| Hotswap Caddy | Icy Dock | MB-455SPF | 5xSATA | 3-bay, 5-disk |   | [67.46][96] |
89
+| Hotswap Caddy | Icy Dock | MB-453SPF | 3xSATA | 2-bay, 3-disk |   | [39.89][97] |
90
+| eSATA PM Bridge | Span | IRSA-[MM5][93][?][93] | [SiI3726][94][?][94], 5xSATA to 1xeSATA |   | [15][98], [SiI3726][94][?][94] | [31.00][99] |
91
+| eSATA Cable | Span | IRSEE-100 | 2xeSATA(m) | 1m |   | [3.60][100] |
92
+
93
+
94
+
95
+## To Get
96
+
97
+* Enclosure PSU needs a second floppy power connector for the second PM bridge
98
+* Enclosure needs 1-3 more 30cm SATA cables (for all 8 hotswap bays)
99
+
100
+
101
+
102
103
+
104
+1 [ICH9R][101][?][101] PM supported >2.6.17 [⇑][102]
105
+
106
+2 1×[PCIe][103][?][103]-16x, 3×[PCIe][103][?][103]-1x, 3×PCI [⇑][104]
107
+
108
+3 [Scythe Infinity review][105] [⇑][106]
109
+
110
+4 For Scythe Infinity [⇑][107]
111
+
112
+5 For Scythe Infinity [⇑][108]
113
+
114
+6 Auxiliary System fan [⇑][109]
115
+
116
+7 Special offer 48% off [⇑][110]
117
+
118
+8 Fastest optical writer currently available [⇑][111]
119
+
120
+9 Cheapest SATA drive I could find [⇑][112]
121
+
122
+10 Dual tuners not well supported, so I bought two single tuners [⇑][113]
123
+
124
+11 Different drive to reduce the probability of batch disk failure [⇑][114]
125
+
126
+12 Faulty, RMA 2008-08 [⇑][115]
127
+
128
+13 Also includes 5.25 to 3.5 adapter rails, unused [⇑][116]
129
+
130
+14 First port [must be occupied][117] [⇑][118]
131
+
132
+15 First port [must be occupied][117] [⇑][119]
133
+
134
+* * *
135
+
136
+# Hardware Options
137
+
138
+## Motherboard
139
+
140
+### Requirements
141
+
142
+* Intel Core 2 Duo socket
143
+* 2 [GBit][120][?][120] LAN, at least one jumbo frame capable
144
+* 7 SATA (RAID 5, Hot spare, system disk)
145
+* 2 PATA (Dual DVD writer)
146
+* 2 PCI (Nova-T PCI)
147
+
148
+
149
+
150
+### Intel P35
151
+
152
+| Make | Model | SATA | IDE | Chipset | LAN | [PCIe][103][?][103] | PCI | Notes |
153
+|:-------- | -------------------------------------- | ---- | ------------------------------------------- | ------------------------------------------- | --------- | ------------------- | --- | ------------ |
154
+| Asus | [P5K][121][?][121] P35 Deluxe | 6+1 | [ICH9R][101][?][101], [JMB361][122][?][122] |   | 2 (j9,nj) | 1x16,1x4,2x1 | 3 | [Specs][123] |
155
+| Abit | [IP35][124][?][124] Pro | 6+2e | 1 | [ICH9R][101][?][101], [JMB363][125][?][125] | 2 (nj,nj) | 1x16,1x4,1x1 | 3 | [Specs][126] |
156
+| Foxconn | [P35A][127][?][127] | 4+1e | 1 | [ICH9R][101][?][101], [JMB361][122][?][122] | 1 (nj) | 1x16,1x4,1x1 | 3 | [Specs][128] |
157
+| Gigabyte | GA-P35-[DQ6][129][?][129] | 8 | 1 | [ICH9R][101][?][101], [JMB363][125][?][125] | 1 (nj) | 1x16,1x4,3x1 | 2 | [Specs][130] |
158
+| Gigabyte | GA-[P35C][38][?][38]-[DS3R][39][?][39] | 8 | 1 | [ICH9R][101][?][101], [JMB363][125][?][125] | 1 (nj) | 1x16,3x1 | 3 | [Specs][131] |
159
+| MSI | P35 Neo | 5 |   |   | 2 (nj,nj) |   |   | [Specs][132] |
160
+| MSI | P35 Platinum | 5+2e |   |   | 1 (nj) |   |   | [Specs][133] |
161
+
162
+
163
+
164
+### Nvidia 650i
165
+
166
+| Make | Model | SATA | IDE | LAN | [PCIe][103][?][103] | PCI | Notes |
167
+|:-------- | ----------------------------------------- | ---- | --- | ------- | ------------------- | --- | ------------ |
168
+| Abit | FP-[IN9][134][?][134] SLI | 4 | 2 | 1 (nj?) | 2x16,2x1 | 2 | [Specs][135] |
169
+| Asus | [P5N][136][?][136]-E | 4 | 2 | 1 (nj?) | 2x16,1x1 | 2 | [Specs][137] |
170
+| Gigabyte | [N650SLI][138][?][138]-[DS4][139][?][139] | 4 | 2 | 1 (nj?) | 2x16,1x1 | 2 |   |
171
+
172
+
173
+
174
+### Nvidia 680i
175
+
176
+| Make | Model | SATA | IDE | LAN | [PCIe][103][?][103] | PCI | Notes |
177
+|:-------- | -------------------------------------------- | ---- | --- | ------ | ------------------- | --- | ------------ |
178
+| Gigabyte | GA-[N680SLI][140][?][140]-[DQ6][129][?][129] | 10 | 1 | 4 (nj) | 2x16,1x8,1x1 | 3 | [Specs][141] |
179
+
180
+jN = jumbo capable, Nk frame; nj = non-jumbo
181
+
182
+
183
+
184
+* [Tom's P35 roundup][142]
185
+* [N650i roundup][143]
186
+* [Firing Squad N680i roundup][144]
187
+* [Tom's Hardware 680i roundup][145] (Dec 2006)
188
+* MSI S775 Intel P35 [DDR2][46][?][46]
189
+* Marvell 8056 Ethernet drivers [buggy][146] on kernel 2.6.20-x
190
+* <http://home-tj.org/wiki/index.php/Libata-tj-stable> dmraid PM status ([ICH9R][101][?][101])
191
+
192
+
193
+
194
+## Case
195
+
196
+1 Large case with space for 9 disks (6 raid, 1 system, 2 DVD)? Or separate case for RAID and two internal SATA to Multilane adapters?
197
+
198
+* <http://www.xcase.co.uk>
199
+* <http://www.anandtech.com/casecooling/showdoc.aspx?i=2758>
200
+
201
+
202
+
203
+### Cases
204
+
205
+| Make | Model | !Ext Bays | !Int Bays | [WxHxD][147][?][147] | Link |
206
+|:------------ | ------------- | --------- |:-------------------- | -------------- |
207
+| Asus | CK-1022-5 |   |   |   |   |
208
+| Lian-Li | PC-V2000 |   |   |   |   |
209
+| Lian-Li | PC-V600 | 4 | 3 | 210 371 490 | [£74.99][148] |
210
+| Coolermaster | Stacker 832 | 9 | 4 | 250 536 638 | [£118.72][149] |
211
+| Coolermaster | Centurion 532 | 5 | 4 | 235 460 495 | [£33.89][150] |
212
+| Coolermaster | Stacker 810 | 11 | 4 | 227 536 584 | [£93.61][151] |
213
+| Gigabyte | Triton | 5 | 3 | 200 440 495 | [£41.65][69] |
214
+
215
+See [Enclosures][152].
216
+
217
+
218
+
219
+## Cooling
220
+
221
+* <http://www.anandtech.com/casecooling/showdoc.aspx?i=2941&p=7>
222
+
223
+Thermalright Ultra 120 + Scythe S-Flex 120mm fan
224
+Scythe Infinity - small, up to 4 fans, economical
225
+*<http://www.anandtech.com/casecooling/showdoc.aspx?i=2937&p=5> (Scythe Infinity)
226
+
227
+
228
+
229
+## Overclocking
230
+
231
+* Q6600 nominal Vcore is 1.24V
232
+* <http://www.xtremesystems.org/forums/showthread.php?t=155317> (4GHz on air)
233
+* <http://www.xbitlabs.com/articles/cpu/display/core2quad-q6600.html>
234
+* 3.6 at 400FSB, 1.4Vcore, 1.9Vmem
235
+
236
+
237
+
238
+### Power Consumption
239
+
240
+F: frequency, V: core voltage, P: power
241
+Poc = Foc/F * Voc/V * P
242
+
243
+
244
+
245
+## PSU
246
+
247
+* <http://www.extreme.outervision.com/psucalculatorlite.jsp>
248
+ * External RAID: 389w
249
+ * Int RAID (7xSATA): 551w
250
+ * Int RAID (9xSATA): 605w
251
+
252
+
253
+
254
+## Bandwidth Calculations
255
+
256
+DVB-T: 6Mbit RAID: PCI: 127
257
+
258
+
259
+
260
+* <http://www.pcguide.com/ref/mbsys/buses/funcBandwidth-c.html> - PCI bandwidth
261
+* <http://arstechnica.com/articles/paedia/hardware/pcie.ars/1> - [PCIe][103][?][103] guide
262
+* <http://articles.techrepublic.com.com/5100-6349-1054944.html> - RAID guide
263
+
264
+
265
+
266
+# ATA Failures
267
+
268
+Moved to [HasturAtaFailures][153]
269
+
270
+
271
+
272
+# Array Upgrade
273
+
274
+* [Hastur Raid Upgrade][154]
275
+
276
+
277
+
278
+## Special Notes
279
+
280
+* [WD Green bad for Linux SW raid][155]
281
+* WD EARS - Advanced format Drive, 4k sectors. Needs partition alignment.
282
+* [Linux and 4k sector drives][156]
283
+* [The real difference between Desktop and Enterprise ECR][157]
284
+* [TLER/CCTL support thread][158]
285
+
286
+
287
+
288
+## 1TB drives
289
+
290
+* [1TB Roundup No.3][159]
291
+* [1TB Roundup][160]
292
+* [1TB Roundup with 7200.12][161]
293
+* [HD103SJ vs WD1001FALS][162]
294
+* [ST31000528AS][163]
295
+
296
+| Make | Model | Platters | Specs | Notes | Price £ | p/GB |
297
+|:------- | ------------------------------- | -------- | ------------------ | ----------------- | ------------ | ----- |
298
+| Hitachi | 7K1000.C | 2 | 7200rpm, 32MB |   | [49.98][164] | 4.998 |
299
+| Samsung | [HD103SJ][165][?][165] | 3 | 7200rpm, 32MB | Spinpoint F3, 3yr | [52.36][166] | 5.236 |
300
+| Seagate | [ST31000520AS][167][?][167] |   | 5900rpm | Barracuda LP | [54.83][168] | 5.483 |
301
+| Seagate | [ST31000528AS][169][?][169] | 2 | 7200rpm, 32MB | 7200.12 | [54.86][170] | 5.486 |
302
+| WD | [WD10EADS][171][?][171] Green |   | variable rpm, 32MB |   | [61.60][172] | 6.160 |
303
+| WD | [WD1001FALS][173][?][173] Black | 3 | 7200rpm, 32MB | No NCQ, 5yr | [65.77][174] | 6.577 |
304
+
305
+
306
+
307
+## 1.5TB drives
308
+
309
+| Make | Model | Platters | Specs | Notes | Price £ | p/GB |
310
+|:------- | --------------------------- | -------- | -------------------- | -------------------------- | ------------ | ----- |
311
+| Samsung | [HD154UI][175][?][175] | 3 | 1.5TB, 32MB, 5400rpm | [EcoGreen][176][?][176] F2 | [62.97][177] | 4.198 |
312
+| Samsung | [HD153WI][178][?][178] |   | 1.5TB, 32MB, 5400rpm | [EcoGreen][176][?][176] F3 | [66.69][179] | 4.446 |
313
+| WD | [WD15EADS][180][?][180] | 3 | 1.5TB |   | 69.97?? | 4.665 |
314
+| WD | [WD15EARS][181][?][181] |   | 1.5TB, 64MB |   | [72.29][182] | 4.819 |
315
+| Seagate | [ST31500341AS][183][?][183] | 4 | 1.5TB, 32MB, 7200rpm | 7200.11 | [68.00][184] | 4.533 |
316
+| Seagate | [ST31500541AS][185][?][185] |   | 1.5TB, 32MB, 5900rpm |   | [77.52][186] | 5.168 |
317
+
318
+
319
+
320
+* [Samsung HD154UI vs WD15EADS vs ST31500341AS][187]
321
+* [Forum thread WD15EARS, WD15EADS, HD154UI, ST31500341AS][188]
322
+
323
+
324
+
325
+## 2TB drives
326
+
327
+| Make | Model | Platters | Specs | Notes | Price £ | p/GB |
328
+|:------- | ------------------------ | -------- | ------------------- | ----------------- | ---------------------------------- | ------------ |
329
+| Samsung | [HD203WI][83][?][83] | 4 | 2TB, 32MB, 5400rpm | TLER(R) | [92.79][189], [84.27][84][1][190] | 4.639, 4.213 |
330
+| Samsung | [HD204UI][191][?][191] | 3 | 2TB, 32MB, 5400rpm | TLER(R),[2][192] | [56.99][193] | 2.782 |
331
+| WD | [WD20EARS][194][?][194] | 4 | 2TB, 64MB, 5400rpm |   | [92.98][195] | 4.649 |
332
+| Hitachi | 7K2000 | 5 | 2TB, 32MB, 7200rpm |   | [95.51][196], [89.35][197] | 4.775, 4.467 |
333
+| WD | [WD20EADS][198][?][198] | 4 | 2TB, 32MB, ~5400rpm |   | [97.15][199], [85.09][200][3][201] | 4.857, 4.255 |
334
+| Seagate | [ST3200542AS][85][?][85] | 4 | 2TB, 32MB, 5900rpm | TLER(R), [4][202] | [107.98][203], [89.35][87][5][204] | 5.399, 4.46 |
335
+
336
+
337
+
338
339
+
340
+1 OEM, no warranty? [⇑][205]
341
+
342
+2 4KB sectors [⇑][206]
343
+
344
+3 OEM, no warranty? [⇑][207]
345
+
346
+4 [tumbleweed's timeout issues][208] [⇑][209]
347
+
348
+5 OEM, no warranty? [⇑][210]
349
+
350
+
351
+
352
+* [HotHardware 2TB roundup][211]
353
+
354
+
355
+
356
+## 3TB drives
357
+
358
+| Make | Model | Platters | Specs | Notes | Price £ | p/GB |
359
+|:------- | ------------------------- | -------- | ------------------ | ----- | ----------------------------------------------------------- | ----------------------- |
360
+| Seagate | [ST3000DM001][88][?][88] | 3 | 3TB, 64MB, 7200rpm | OEM | oem: [79.98][212]
361
+1yr: [85.96][213]
362
+2yr: [88.80][214] | 2.603516
363
+2.798
364
+2.96 |
365
+| Toshiba | [DT01ACA300][215][?][215] | 3 | 3TB, 64MB, 7200rpm | OEM | oem: [74.76][216]
366
+2yr: [87.77][217]
367
+2yr: [80.40][218] | 2.492
368
+2.857096
369
+2.68 |
370
+
371
+
372
+
373
+## 4TB drives
374
+
375
+| Make | Model | Platters | Specs | Notes | Price £ | p/GB |
376
+|:------- | ----------------------------- | -------- | ------------------ | ----- | ------------- | -------- |
377
+| WD | [WD40EFRX][219][?][219] Red |   |   |   | [136.20][220] | 3.325195 |
378
+| WD | [WD40EZRX][221][?][221] Green |   | 4TB, 64MB, 5900rpm | OEM | [121.68][222] | 2.970703 |
379
+| Seagate | [ST4000DM000][223][?][223] |   | 4TB, 64MB, 5900rpm | OEM | [118.08][224] | 2.882812 |
380
+
381
+Further drive comparisons extracted to local spreadsheet.
382
+
383
+
384
+
385
+## Multilane
386
+
387
+| Type | Make | Model | Connector | Specs | Quant | Price £ |
388
+|:------------------------------------------- | ---- | -------------------------- | --------------------------- | ------- | ----- | ------------ |
389
+| ML Device Adapter | Span | IRSA-[SM2][225][?][225] | 2xML to 8xSATA |   |   | [27.50][226] |
390
+| ML Device Adapter | Span | IRSA-[SM1][227][?][227] | 1xML to 4xSATA |   |   | [9.70][228] |
391
+| ML Host Adapter | Span | IRSA-[PM2][229][?][229] | 2xML to 8xSATA |   |   | [22.90][230] |
392
+| ML Host Adapter | Span | IRSA-[PM1][231][?][231] | 1xML to 4xSATA |   |   | [9.00][232] |
393
+| ML Cable | Span | IRSE-M1 | 2xML | 1m long |   | [28.50][233] |
394
+| ML Host Adapter |   |   | 2xML to [PCIe][103][?][103] |   |   |   |
395
+| [MiniSAS][234][?][234] Device Adapter | Span | IRA-[SS2][235][?][235] | 2xSFF8088 to 2xSFF8087 |   | 1 | [26.30][236] |
396
+| [MiniSAS][234][?][234] Host Adapter | Span | IRA-[PS2][237][?][237] | 2xSFF8087 to 2xSFF8088 |   | 1 | [28.80][238] |
397
+| [MiniSAS][234][?][234] Cable | Span | IRA-8888-1 | 2xSFF8088 | 1m long | 2 | [26.20][239] |
398
+| [MiniSAS][234][?][234] Fanout Cable | Span | IRA-87SA-05 | 1xSFF8087 to 4xSATA | 50cm | 2 | [8.40][240] |
399
+| [MiniSAS][234][?][234] Fanout Cable | Span | IRA-87SA-03 | 1xSFF8087 to 4xSATA | 30cm | | [7.60][241] |
400
+| [MiniSAS][234][?][234] Reverse Fanout Cable | Span | IRA-[SA87][242][?][242]-05 | 4xSATA to 1xSFF8087 | 50cm | 2 | [8.10][243] |
401
+
402
+
403
+
404
+# RAM Upgrade
405
+
406
+* Awaiting delivery of 2x2GB [DDR3][244][?][244]
407
+* Delivered
408
+
409
+
410
+
411
+## Installation
412
+
413
+* Installed - no POST
414
+* Upgrade motherboard BIOS?
415
+ * [Rev 1.0 F13][245]
416
+ * [F14c mod][246]
417
+ * From <http://forums.tweaktown.com/gigabyte/48085-gigabyte-modified-bios-80-print.html>
418
+* Not compatible with motherboard?
419
+
420
+
421
+
422
+## BIOS Settings
423
+
424
+* Ctrl+F1 on main screen enables overclocking options in Intelligent Tweaker.
425
+* Only after reboot with new RAM are proper timings visible
426
+
427
+Recommended settings for [DDR3][244][?][244] at 1333MHz
428
+
429
+ MIB Intelligent Tweaker (M.I.T.)
430
+
431
+ Robust Graphics Booster = Auto
432
+ CPU Clock Ratio = 9
433
+ CPU Host Clock Control = Enabled
434
+ CPU Host Frequency (Mhz) = 333Mhz
435
+ PCI Express Frequency = 100Mhz
436
+ C.I.A.2 = Disabled
437
+ Performance Enhance = Standard
438
+ System Memory Multiplier = 4
439
+ Hi Speed DRAM DLL Settings = Option 2
440
+ DRAM Timing Selectable = Manual
441
+ CAS Latency Time = 9
442
+ DRAM RAS# to CAS# Delay = 9
443
+ RAS# Precharge = 9
444
+ Precharge Delay (tRAS) = 24
445
+ ACT to ACT delay = Auto
446
+ Bank Write To READ Delay = Auto
447
+ Refresh to ACT Delay = 0
448
+ Read to Precharge Delay = Auto
449
+
450
+ System Voltage Control
451
+
452
+ DDR3 OverVoltage Control = +.1V
453
+ PCI-e OverVoltage Control = Normal
454
+ (G)MCH OverVoltage Control = Auto
455
+ CPU Voltage Control = Auto
456
+
457
+
458
+
459
+
460
+* Reset to safe defaults
461
+* Finally booting with both chips
462
+* MIT shows memory frequency of 1066:1066
463
+* AHCI mode or IDE mode
464
+
465
+Settings when it successfully booted with both [DDR3][244][?][244] chips:
466
+
467
+ MIB Intelligent Tweaker (M.I.T.)
468
+
469
+ Robust Graphics Booster = Auto
470
+ CPU Clock Ratio = 9 X
471
+ CPU Host Clock Control = Disabled
472
+ CPU Host Frequency (Mhz) = 100Mhz
473
+ PCI Express Frequency = Auto
474
+ C.I.A.2 = Disabled
475
+ Performance Enhance = Turbo
476
+ System Memory Multiplier = Auto
477
+
478
+ DRAM Timing Selectable = Auto
479
+ #CAS Latency Time = 8 Auto
480
+ #DRAM RAS# to CAS# Delay = 8 Auto
481
+ #RAS# Precharge = 8 Auto
482
+ #Precharge Delay (tRAS) = 20 Auto
483
+ #ACT to ACT delay = 4 Auto
484
+ #Rank Write To READ Delay = 4 Auto
485
+ #Write To Precharge Delay 8 Auto
486
+ #Refresh to ACT Delay = 60 Auto
487
+ #Read to Precharge Delay = 4 Auto
488
+ #Static tRead Value = 6 Auto
489
+ #Static tRead Phase Adjust = 0 Auto
490
+ System Voltage Control Manual
491
+ DDR2/DDR3 OverVoltage Control = Normal
492
+ PCI-e OverVoltage Control = Normal
493
+ (G)MCH OverVoltage Control = Normal
494
+ CPU Voltage Control = Auto
495
+
496
+
497
+Health Status showed:
498
+
499
+ Vcore 1.252V
500
+ DDR2/DDR3 Voltage 1.504V
501
+
502
+
503
+
504
+
505
+### Try 2.4GHz core without Turbo
506
+
507
+* No [WinT][247][?][247] cards, no DVD-RW, no backup HDD
508
+
509
+* Works, shows 4GB RAM but reports CPU frequency 1600MHz.
510
+* CPU frequency is not a problem. Under load jumps to 2400MHz.
511
+* Running memtester hung the system. Now won't boot.
512
+
513
+
514
+
515
+### Try 2.4GHz with single [DDR3][244][?][244]
516
+
517
+* Removed one stick and posted successfully
518
+* Set [DDR3][248][?][248] overvoltage +0.1V
519
+* Stable memtester (63 iterations)
520
+
521
+
522
+
523
+### Bump voltage then two [DDR3s][249][?][249]
524
+
525
+* Overvoltage +0.2V
526
+* PCI-E voltage +0.1V
527
+
528
+
529
+
530
+### 3GHz and 1066
531
+
532
+* Overvoltage +0.2V
533
+* PCI-E voltage +0.1V
534
+
535
+
536
+
537
+### Optimized Defaults
538
+
539
+* Optimized defaults
540
+
541
+
542
+
543
+### 900MHz 800MHz
544
+
545
+* Nope
546
+
547
+
548
+
549
+### Last good [DDR3][244][?][244] settings +0.2V
550
+
551
+* [DDR3][244][?][244] +0.2V
552
+* CPU 1.275V
553
+
554
+
555
+
556
+One [DDR3][244][?][244]
557
+: 1066 @8-8-8-20 1.76V
558
+
559
+Two [DDR3][244][?][244]
560
+: No Post
561
+
562
+1066 @8-8-8-20 1.76V
563
+
564
+
565
+
566
+### Last good [DDR3][244][?][244] settings +0.3V
567
+
568
+One [DDR3][244][?][244]
569
+: 1.872V
570
+
571
+Two [DDR3][244][?][244]
572
+: No Post
573
+
574
+
575
+
576
+### Last good [DDR3][244][?][244] with manual timings
577
+
578
+1. 9-9-9-24
579
+2. 266/1066/10-10-10-20 = 1066/8-8-8-20
580
+3. 333/1333?/10-10-10-20, FSB+0.1 = 1333/9-9-9-24
581
+4. 333/800/Auto, FSB+0.1 = 800/8-8-8-20
582
+
583
+
584
+
585
+### Gave up and left it at One stick
586
+
587
+1. 333/1333/auto = 1066 ??
588
+
589
+Core clock also shows only 2400 in Linux though.
590
+
591
+Seems quite stable so far. Other stick must be faulty.
592
+
593
+
594
+
595
+## memtest
596
+
597
+Howto
598
+: <http://forum.canardpc.com/threads/28875-Linux-HOWTO-Boot-Memtest-on-USB-Drive>
599
+
600
+
601
+
602
+## Links
603
+
604
+* [Intelligent Tweaker and memtest+][250]
605
+* <http://hardforum.com/showthread.php?t=1645192>
606
+* <http://forum.giga-byte.co.uk/index.php?topic=3983.30>
607
+* [DS3R with DDR3 1066][251]
608
+* [DS3R 1.1 and Corsair DDR2 DDR3 voltages][252]
609
+
610
+
611
+
612
+# Disk suddenly too short for array
613
+
614
+* "Not large enough to join array"
615
+* "Too small for array"
616
+
617
+Samsung [HD203WI][83][?][83] (serial no. #S1UYJ1CZ317063) dropped out of the array for being suddenly and inexplicably too short.
618
+
619
+
620
+
621
+## SMART logs
622
+
623
+Before:
624
+
625
+ === START OF INFORMATION SECTION ===
626
+ Model Family: SAMSUNG SpinPoint F3 EG
627
+ Device Model: SAMSUNG HD203WI
628
+ Serial Number: S1UYJ1CZ317063
629
+ LU WWN Device Id: 5 0024e9 003308d88
630
+ Firmware Version: 1AN10002
631
+ User Capacity: 2,000,398,934,016 bytes [2.00 TB]
632
+ Sector Size: 512 bytes logical/physical
633
+ Device is: In smartctl database [for details use: -P show]
634
+ ATA Version is: 8
635
+ ATA Standard is: ATA-8-ACS revision 6
636
+ Local Time is: Tue Feb 25 00:53:29 2014 GMT
637
+
638
+
639
+After:
640
+
641
+ === START OF INFORMATION SECTION ===
642
+ Model Family: SAMSUNG SpinPoint F3 EG
643
+ Device Model: SAMSUNG HD203WI
644
+ Serial Number: S1UYJ1CZ317063
645
+ LU WWN Device Id: 5 0024e9 003308d88
646
+ Firmware Version: 1AN10002
647
+ User Capacity: 2,000,397,852,160 bytes [2.00 TB]
648
+ Sector Size: 512 bytes logical/physical
649
+ Device is: In smartctl database [for details use: -P show]
650
+ ATA Version is: 8
651
+ ATA Standard is: ATA-8-ACS revision 6
652
+ Local Time is: Wed Feb 26 04:18:58 2014 GMT
653
+
654
+
655
+
656
+
657
+## Diagnosis
658
+
659
+By chance when playing with [GParted][253][?][253] Live came across a reference to Host Protected Area
660
+
661
+See [https://en.wikipedia.org/wiki/Host\_protected\_area#Identification\_and\_manipulation][254]
662
+
663
+` hdparm -N /dev/sdb ` showed HPA was enabled and some sectors reserved. Also lists max sectors.
664
+
665
+
666
+
667
+## Disable HPA
668
+
669
+Test with
670
+
671
+ hdparm -N 3907029168 /dev/sda
672
+ (set the number of sectors shown by
673
+
674
+` hdparm -N /dev/sdb `.
675
+Use the 'p' prefix to make it permanent:
676
+
677
+ hdparm -N p3907029168 /dev/sda
678
+
679
+
680
+Then *power-cycle the disk*. Only one permanent setting of max-sector-size can be performed per power cycle.
681
+
682
+` hdparm -N /dev/sda ` now prints:
683
+
684
+ max sectors = 3907029168/3907029168, HPA is disabled
685
+
686
+
687
+
688
+
689
+# RAM Failing?
690
+
691
+Random errors which kill processors.
692
+
693
+
694
+
695
+## Replace RAM
696
+
697
+Buy another RAM pair? ([TW3X4G1333C9A][255][?][255])
698
+
699
+
700
+
701
+## Replace whole system?
702
+
703
+[Motherboard with 10xSATA connections][256]
704
+
705
+
706
+
707
+* [HasturReplacement][257]
708
+
709
+
710
+
711
+# Log
712
+
713
+#### 2008-04-29
714
+
715
+updated to F10 firmware after boot failure
716
+
717
+
718
+
719
+#### 2008-08-07
720
+
721
+re-added the RMA'd [HD501LJ][77][?][77]
722
+
723
+
724
+
725
+#### 2009-02-01
726
+
727
+/dev/sdg Read failures. copy of log in /root, [ST3500630AS][74][?][74], 9QG3T5QM
728
+
729
+
730
+
731
+#### 2010-05-09
732
+
733
+Ordered 2x [HD203WI][83][?][83], 2x [ST3200542AS][85][?][85] from eBuyer (~£37)
734
+
735
+
736
+
737
+#### 2010-05-14
738
+
739
+New disks arrived
740
+
741
+
742
+
743
+#### 2010-05-19
744
+
745
+Shutdown for [Hastur Raid Upgrade][154]
746
+
747
+
748
+
749
+#### 2010-12-13
750
+
751
+Purchased two [HD204UI][191][?][191] backup [HDDs][258][?][258]
752
+
753
+
754
+
755
+#### 2011-01-12
756
+
757
+Purchased miniSAS hardware
758
+
759
+
760
+
761
+#### 2013-01-29
762
+
763
+Purchased two [ST3000DM001][88][?][88] 3TB disks
764
+
765
+
766
+
767
+#### 2013-01-31
768
+
769
+3TB Drives delivered
770
+
771
+
772
+
773
+#### 2013-02-02
774
+
775
+* Added disks to enclosure. Only one disk added to array.
776
+* Noted [ST3500630AS][74][?][74] 500GB backup disk showing stable 10 reallocated sectors.
777
+* One [ST32000542AS][259][?][259] 2TB array disks showing 302 reallocated sectors. Up from zero on 2011-09-13.
778
+* See [HasturRaidUpgradePath][260]
779
+
780
+
781
+
782
+#### 2013-03-07
783
+
784
+* /dev/sdd ([ST32000542AS][259][?][259]) started failing on 2013-03-04
785
+ === START OF INFORMATION SECTION ===
786
+ Device Model: ST32000542AS
787
+ Serial Number: 9XW08GNB
788
+ Firmware Version: CC34
789
+ User Capacity: 2,000,398,934,016 bytes
790
+ Device is: Not in smartctl database [for details use: -P showall]
791
+ ATA Version is: 8
792
+ ATA Standard is: ATA-8-ACS revision 4
793
+ Local Time is: Thu Mar 7 19:26:29 2013 GMT
794
+ SMART support is: Available - device has SMART capability.
795
+ SMART support is: Enabled
796
+
797
+ === START OF READ SMART DATA SECTION ===
798
+ SMART overall-health self-assessment test result: FAILED!
799
+
800
+
801
+
802
+Yet strangely /dev/sdc was kicked out of the array.
803
+
804
+
805
+
806
+* Restarted /dev/md6 and re-added /dev/sdc.
807
+* Added second 3TB as hot spare.
808
+* /dev/sdd failed during rebuild.
809
+* Rebuilt on to 3TB drive
810
+
811
+
812
+
813
+#### 2013-12-03
814
+
815
+* Ordered 2x2GB [DDR3][244][?][244] Corsair [XMS3][261][?][261] ([TW3X4G1333C9A][255][?][255]) from eBuyer
816
+
817
+
818
+
819
+#### 2014-02-25
820
+
821
+* Attempted to fit the [DDR3][244][?][244]. Only one stick working.
822
+
823
+
824
+
825
+#### 2014-02-26
826
+
827
+* [HD203WI][83][?][83] ([S1UYJ1CZ317063][262][?][262]) has shrunk following BIOS futzing.
828
+
829
+
830
+
831
+#### 2014-03-20
832
+
833
+* Solved [HD203WI][83][?][83] shrinkage. Disabled HPA which had been enabled somehow.
834
+
835
+
836
+
837
+#### 2014-11-23
838
+
839
+* Ordered 2x Toshiba [DT01ACA300][215][?][215] 3TB disks from dabs.com (£74.98 each inc VAT)
840
+
841
+
842
+
843
+#### 2015-11-06
844
+
845
+* Ordered 2x Toshiba [DT01ACA300][215][?][215] 3TB disks from scan.co.uk (£141.95, £70 each)
846
+
847
+
848
+
849
+#### 2016-02-28
850
+
851
+* Ordered 2x Western Digital [WD30EFRX][263][?][263] 3TB disks from scan.co.uk (£188.60, £91.56 each inc VAT)
852
+
853
+
854
+
855
+#### 2016-09-20
856
+
857
+* Switched to faster 2x4GB of RAM
858
+* Only booting with 4GB!
859
+
860
+ [1]: Hastur
861
+ [37]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=643237
862
+ [40]: #fn1_1
863
+ [41]: #fn1_2
864
+ [42]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=605377
865
+ [48]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=402849
866
+ [49]: #fn1_3
867
+ [50]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=480662
868
+ [52]: #fn1_4
869
+ [53]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=292216
870
+ [54]: #fn1_5
871
+ [55]: #fn1_6
872
+ [57]: #fn1_7
873
+ [58]: http://www.play.com/PC/PCs/4-/3348808/PNY-GeForce-7300-LE-128MB-DDR2-PCI-E-Graphics-Card/Product.html
874
+ [59]: #fn1_8
875
+ [60]: http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=545117
876
+ [63]: #fn1_9
877
+ [64]: http://www.ebuyer.com/UK/product/129414
878
+ [65]: http://www.ebuyer.com/UK/product/27669
879
+ [66]: #fn1_10
880
+ [67]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=9833
881
+ [68]: http://www.ebuyer.com/UK/product/112344
882
+ [69]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=450661
883
+ [70]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=644038
884
+ [72]: http://www.maplin.co.uk/module.aspx?ModuleNo=48640&doy=1m9
885
+ [73]: HasturRaidArray
886
+ [76]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=454632
887
+ [78]: #fn1_11
888
+ [80]: http://scan.co.uk/Products/ProductInfo.asp?WebProductID=494552
889
+ [81]: #fn1_12
890
+ [84]: http://www.ebuyer.com/product/190145
891
+ [87]: http://www.ebuyer.com/product/164264
892
+ [89]: http://www.ebuyer.com/319640
893
+ [90]: http://www.cfienclosure.com/10_Series.html
894
+ [91]: #fn1_13
895
+ [92]: http://www.span.com/catalog/product_info.php?products_id=6849
896
+ [95]: #fn1_14
897
+ [96]: http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=352335
898
+ [97]: http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=352332
899
+ [98]: #fn1_15
900
+ [99]: http://www.span.com/catalog/product_info.php?products_id=15709
901
+ [100]: http://www.span.com/catalog/product_info.php?products_id=8218
902
+ [102]: #fnr1_1
903
+ [104]: #fnr1_2
904
+ [105]: http://www.anandtech.com/casecooling/showdoc.aspx?i=2937
905
+ [106]: #fnr1_3
906
+ [107]: #fnr1_4
907
+ [108]: #fnr1_5
908
+ [109]: #fnr1_6
909
+ [110]: #fnr1_7
910
+ [111]: #fnr1_8
911
+ [112]: #fnr1_9
912
+ [113]: #fnr1_10
913
+ [114]: #fnr1_11
914
+ [115]: #fnr1_12
915
+ [116]: #fnr1_13
916
+ [117]: http://marc.info/?l=linux-ide&w=2&r=1&s=3726+occupied&q=b
917
+ [118]: #fnr1_14
918
+ [119]: #fnr1_15
919
+ [123]: http://www.tomshardware.com/2007/06/19/eight_p35-ddr2_motherboards_compared/page2.html#features_overview
920
+ [126]: http://www.tomshardware.com/2007/06/19/eight_p35-ddr2_motherboards_compared/page4.html#features_overview
921
+ [128]: http://www.tomshardware.com/2007/06/19/eight_p35-ddr2_motherboards_compared/page6.html#features_overview
922
+ [130]: http://www.tomshardware.com/2007/06/19/eight_p35-ddr2_motherboards_compared/page8.html#features_overview
923
+ [131]: http://www.tomshardware.co.uk/pipe-dreams-six-p35-ddr3-motherboards-compared-uk,review-2321-11.html
924
+ [132]: http://www.tomshardware.com/2007/06/19/eight_p35-ddr2_motherboards_compared/page10.html#features_overview
925
+ [133]: http://www.tomshardware.com/2007/06/19/eight_p35-ddr2_motherboards_compared/page12.html#features_overview
926
+ [135]: http://www.tomshardware.co.uk/seven-650i-sli-motherboards-compared-uk,review-2296-2.html
927
+ [137]: http://www.tomshardware.co.uk/seven-650i-sli-motherboards-compared-uk,review-2296-4.html
928
+ [141]: http://www.techreport.com/reviews/2007q2/gigabyte-n680sli/index.x?pg=1
929
+ [142]: http://www.tomshardware.com/2007/06/19/eight_p35-ddr2_motherboards_compared/
930
+ [143]: http://www.tomshardware.co.uk/seven-650i-sli-motherboards-compared-uk,review-2296.html
931
+ [144]: http://www.firingsquad.com/hardware/nvidia_nforce_680i_roundup/
932
+ [145]: http://www.tomshardware.com/2006/12/21/680i-motherboard-comparison/
933
+ [146]: https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.20/+bug/83009
934
+ [148]: http://overclockers.co.uk/showproduct.php?prodid=CA-058-LL
935
+ [149]: http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=592608
936
+ [150]: http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=359344
937
+ [151]: http://www.scan.co.uk/Products/ProductInfo.asp?WebProductID=381924
938
+ [152]: StorageServer#Enclosures
939
+ [153]: HasturAtaFailures
940
+ [154]: HasturRaidUpgrade
941
+ [155]: http://doug.warner.fm/d/blog/2009/11/Western-Digital-15TB-Green-Drives-Not-your-Linux-Software-RAID
942
+ [156]: http://www.osnews.com/story/22872/Linux_Not_Fully_Prepared_for_4096-Byte_Sector_Hard_Drives
943
+ [157]: http://storageadvisors.adaptec.com/2006/11/20/desktop-drives-on-a-raid-controller-not-good/#comment-25631
944
+ [158]: http://forums.storagereview.com/index.php/topic/28333-tler-cctl/
945
+ [159]: http://www.xbitlabs.com/articles/storage/display/1tb-hdd-roundup-3.html
946
+ [160]: http://www.xbitlabs.com/articles/storage/display/1tb-14hdd-roundup.html
947
+ [161]: http://techreport.com/articles.x/16472/1
948
+ [162]: http://forums.anandtech.com/showthread.php?t=2061619
949
+ [163]: http://techreport.com/articles.x/16472/12
950
+ [164]: http://www.scan.co.uk/Products/1TB-Hitachi-0F10383-Deskstar-7K1000C-SATA-3Gb-s-7200rpm-32MB-Cache-8-ms-NCQ
951
+ [166]: http://www.scan.co.uk/Products/1TB-Samsung-HD103SJ-Spinpoint-F3-SATA-3Gb-s-7200rpm-32MB-Cache-89-ms-NCQ-OEM
952
+ [168]: http://www.scan.co.uk/Products/1TB-Seagate-ST31000520AS-Barracuda-LP-SATA-3Gb-s-5900rpm-32MB-Cache-51-ms
953
+ [170]: http://www.scan.co.uk/Products/1TB-SGATE-ST31000528AS-SATA
954
+ [172]: http://www.scan.co.uk/Products/1TB-Western-Digital-WD10EADS-Green-SATA-300-32MB-Cache
955
+ [174]: http://www.scan.co.uk/Products/1TB-Western-Digital-WD1001FALS-Caviar-Black-SATA-300-7200-rpm-32MB-Cache
956
+ [177]: http://www.scan.co.uk/Products/15TB-Samsung-HD154UI-EcoGreen-F2-DT-SATA-3Gb-s-32MB-Cache-89-ms-NCQ
957
+ [179]: http://www.scan.co.uk/Products/15Tb-Samsung-HD153WI-SpinPoint-EcoGreen-F3-SATA-II-3Gb-5400rpm-32Mb-Cache-8ms
958
+ [182]: http://www.scan.co.uk/Products/15TB-Western-Digital-WD15EARS-Caviar-Green-5400plusrpm-64Mb-Cache-8ms
959
+ [184]: http://www.scan.co.uk/Products/15TB-Seagate-ST31500341AS-Barracuda-720011-SATA-7200-rpm-32MB-Cache-NCQ-OEM
960
+ [186]: http://www.scan.co.uk/Products/15TB-Seagate-ST31500541AS-Barrauda-LP-SATA-3Gb-s-5900rpm-32MB-Cache-51-ms-NCQ
961
+ [187]: http://www.xbitlabs.com/articles/storage/display/15-2tb-hdd-roundup.html
962
+ [188]: http://www.tomshardware.co.uk/forum/254987-14-hard-drive-wd15ears-wd15eads-hd154ui-st31500341as
963
+ [189]: http://www.scan.co.uk/Products/2TB-Samsung-HD203WI-Spinpoint-F3EG-EcoGreen-SATA-3Gb-s-32MB-Cache-89-ms-NCQ-OEM
964
+ [190]: #fn2_1
965
+ [192]: #fn2_2
966
+ [193]: http://www.scan.co.uk/products/2tb-samsung-hd204ui-z4-spinpoint-ecogreen-f4eg-sata-3gb-s-32mb-cache-89-ms-ncq
967
+ [195]: http://www.scan.co.uk/Products/2Tb-Western-Digital-WD20EARS-Caviar-Green-64Mb-Cache-8ms
968
+ [196]: http://www.scan.co.uk/Products/2TB-Hitachi-Deskstar-7K2000-SATA-3Gb-s-7200rpm-32MB-Cache
969
+ [197]: http://www.ebuyer.com/product/171763
970
+ [199]: http://www.scan.co.uk/Products/2TB-Western-Digital-WD20EADS-Caviar-Green-SATA-3Gb-s-0-rpm-32MB-Cache-0-ms
971
+ [200]: http://www.ebuyer.com/product/158614
972
+ [201]: #fn2_3
973
+ [202]: #fn2_4
974
+ [203]: http://www.scan.co.uk/Products/2TB-ST3200542AS-SATA-HDD
975
+ [204]: #fn2_5
976
+ [205]: #fnr2_1
977
+ [206]: #fnr2_2
978
+ [207]: #fnr2_3
979
+ [208]: http://pastebin.com/gwwJAYi8
980
+ [209]: #fnr2_4
981
+ [210]: #fnr2_5
982
+ [211]: http://hothardware.com/Articles/Definitive-2TB-Hard-Drive-Roundup/
983
+ [212]: http://www.scan.co.uk/products/3tb-seagate-st3000dm001-barracuda-720014-sata-iii-6gb-s-7200rpm-64mb-cache-8ms-ncq-oem
984
+ [213]: http://www.ebuyer.com/319640-seagate-3tb-barracuda-internal-hard-drive-oem-st3000dm001
985
+ [214]: http://www.span.com/product/Seagate-Barracuda-7200-14-ST3000DM001-SATA-6Gb-3TB-7200rpm~35248
986
+ [216]: http://www.scan.co.uk/products/3tb-toshiba-dt01aca300-35-sata-iii-hard-drive-6gb-s-5700rpm-32mb-cache-8ms-oem-ncq
987
+ [217]: http://www.ebuyer.com/481473-toshiba-3tb-internal-hard-drive-dt01aca300
988
+ [218]: http://www.span.com/product/Toshiba-Desktop-DT01ACA300-SATA-6Gb-3TB-7200rpm~39163
989
+ [220]: http://www.scan.co.uk/product.aspx?ProductId=82803
990
+ [222]: http://www.scan.co.uk/products/4tb-wd-wd40ezrx-green-35-hdd-sata-iii-6gb-s-intellipower-64mb-cache-ncq-oem
991
+ [224]: http://www.scan.co.uk/products/4tb-seagate-st4000dm000-desktop-hdd15-35-hdd-sata-iii-6gb-s-5900rpm-64mb-cache-8ms-ncq-oem
992
+ [226]: http://www.span.com/product_info.php?products_id=26118
993
+ [228]: http://www.span.com/product_info.php?products_id=6813
994
+ [230]: http://www.span.com/product_info.php?products_id=26117
995
+ [232]: http://www.span.com/product_info.php?products_id=6812
996
+ [233]: http://www.span.com/product_info.php?products_id=15419
997
+ [236]: http://www.span.com/product_info.php?products_id=15687
998
+ [238]: http://www.span.com/product_info.php?products_id=15685
999
+ [239]: http://www.span.com/product_info.php?products_id=15417
1000
+ [240]: http://www.span.com/product_info.php?products_id=15684
1001
+ [241]: http://www.span.com/product_info.php?products_id=22402
1002
+ [243]: http://www.span.com/product_info.php?products_id=15686
1003
+ [245]: http://download.gigabyte.eu/FileList/BIOS/motherboard_bios_ga-p35-ds3r_f13.exe
1004
+ [246]: http://www.mediafire.com/?9vf1nc00xdt5p2n
1005
+ [250]: http://forum.corsair.com/v3/showthread.php?t=70836&highlight=P35C-DS3R
1006
+ [251]: http://forums.tweaktown.com/gigabyte/44287-p35c-ds3r-kingston-hyperx-ddr3-pc10600-issue.html
1007
+ [252]: http://forum.corsair.com/v3/showthread.php?t=66317
1008
+ [254]: https://en.wikipedia.org/wiki/Host_protected_area#Identification_and_manipulation
1009
+ [256]: https://www.scan.co.uk/products/asrock-z97-extreme6-intel-z97-s1150-ddr3-pcie-30-x16-quad-sli-quad-crossfirex-displayport-dvi-i-hd?utm_source=google+shopping&utm_medium=cpc&gclid=CNW89tKipc0CFeRe2wodB5ACdA
1010
+ [257]: HasturReplacement
1011
+ [260]: HasturRaidUpgradePath
Network/HasturRaidArray.md
... ...
@@ -0,0 +1,5 @@
1
+---
2
+title: HasturRaidArray
3
+---
4
+
5
+(:redirect Network.RaidArray:)
... ...
\ No newline at end of file
Network/HasturRaidConfiguration.md
... ...
@@ -0,0 +1,133 @@
1
+---
2
+title: HasturRaidConfiguration
3
+---
4
+
5
+# md3
6
+
7
+## mdadm --detail
8
+
9
+ # mdadm --detail /dev/md3
10
+ Version : 01.02
11
+ Creation Time : Sun Sep 13 19:44:48 2009
12
+ Raid Level : raid5
13
+ Array Size : 2175882880 (2075.08 GiB 2228.10 GB)
14
+ Used Dev Size : 870353152 (830.03 GiB 891.24 GB)
15
+ Raid Devices : 6
16
+ Total Devices : 6
17
+ Preferred Minor : 3
18
+ Persistence : Superblock is persistent
19
+
20
+ Update Time : Sun Sep 13 19:53:50 2009
21
+ State : clean
22
+ Active Devices : 6
23
+ Working Devices : 6
24
+ Failed Devices : 0
25
+ Spare Devices : 0
26
+
27
+ Layout : left-symmetric
28
+ Chunk Size : 128K
29
+
30
+ Name : hastur:3 (local to host hastur)
31
+ UUID : cea65d2b:7d262b3d:739fcdd2:15ab1c61
32
+ Events : 2
33
+
34
+ Number Major Minor RaidDevice State
35
+ 0 8 19 0 active sync /dev/sdb3
36
+ 1 8 99 1 active sync /dev/sdg3
37
+ 2 8 51 2 active sync /dev/sdd3
38
+ 3 8 35 3 active sync /dev/sdc3
39
+ 4 8 83 4 active sync /dev/sdf3
40
+ 5 8 67 5 active sync /dev/sde3
41
+
42
+
43
+
44
+
45
+## Disk ordering
46
+
47
+| Slot | Enclosure | Serial | Current device |
48
+|:---- | --------- | ------------------------- | -------------- |
49
+| | #2 | 9QG3V6HN | sdb |
50
+| 1 | #1 | [S0MUJ1KP715582][1][?][1] | sdg |
51
+| 2 | #4 | 9QG3T5QW | sdd |
52
+| 3 | #3 | 9QG3T61X | sdc |
53
+| 4 | #5 | 9QG3T5QM | sdf |
54
+| 5 | #6 | 401412FPB99831 | sde |
55
+
56
+
57
+
58
+# md2
59
+
60
+## mdadm --detail
61
+
62
+ # mdadm --detail /dev/md2
63
+ /dev/md2:
64
+ Version : 01.02
65
+ Creation Time : Thu Sep 10 00:03:15 2009
66
+ Raid Level : raid0
67
+ Array Size : 314616576 (300.04 GiB 322.17 GB)
68
+ Raid Devices : 6
69
+ Total Devices : 6
70
+ Preferred Minor : 2
71
+ Persistence : Superblock is persistent
72
+
73
+ Update Time : Thu Sep 10 00:03:15 2009
74
+ State : clean
75
+ Active Devices : 6
76
+ Working Devices : 6
77
+ Failed Devices : 0
78
+ Spare Devices : 0
79
+
80
+ Chunk Size : 64K
81
+
82
+ Name : hastur:2 (local to host hastur)
83
+ UUID : 95cc04f9:e70c2ce3:be3d397a:3e203fe5
84
+ Events : 0
85
+
86
+ Number Major Minor RaidDevice State
87
+ 0 8 66 0 active sync /dev/sde2
88
+ 1 8 82 1 active sync /dev/sdf2
89
+ 2 8 98 2 active sync /dev/sdg2
90
+ 3 8 18 3 active sync /dev/sdb2
91
+ 4 8 34 4 active sync /dev/sdc2
92
+ 5 8 50 5 active sync /dev/sdd2
93
+
94
+
95
+
96
+
97
+
98
+# Enclosure
99
+
100
+#### 2009-07-19
101
+
102
+| Device | Enclosure |
103
+|:------ | --------- |
104
+| sdb | #6 |
105
+| sdc | #5 |
106
+| sdd | #1 |
107
+| sde | #2 |
108
+| sdf | #3 |
109
+| sdg | #4 |
110
+
111
+
112
+
113
+#### 2009-09-09
114
+
115
+* Make sure first ports of [SiI][2][?][2]-3726s are occupied
116
+
117
+| Enclosure | PM Port |
118
+|:--------- | ------- |
119
+| 5-1 | 1-0 |
120
+| 5-2 | 1-1 |
121
+| 5-3 | 1-2 |
122
+| 5-4 | 2-3 |
123
+| 5-5 | 1-3 |
124
+| 3-1 | 2-0 |
125
+| 3-2 | 2-1 |
126
+| 3-3 | 2-2 |
127
+
128
+
129
+
130
+#### 2009-09-10
131
+
132
+* Recover md2
133
+
Network/HasturRaidRecovery.md
... ...
@@ -0,0 +1,308 @@
1
+---
2
+title: HasturRaidRecovery
3
+---
4
+
5
+## 2009-06-29
6
+
7
+* [linux-raid thread][1]
8
+
9
+
10
+
11
+### Log Analysis
12
+
13
+* Controller(?) timed out and sdc3 ejected
14
+
15
+ Jun 29 20:47:07 hastur kernel: ata11.00: failed to read SCR 1 (Emask=0x40)
16
+ Jun 29 20:48:49 hastur kernel: INFO: task md3_raid5:3352 blocked for more than 120 seconds
17
+ Jun 29 20:48:58 hastur kernel: ata11.02: hard resetting link
18
+ Jun 29 20:48:58 hastur kernel: ata11.02: failed to read SCR 2 (Emask=0x40)
19
+ Jun 29 20:48:58 hastur kernel: ata11.02: failed to read SCR 2 (Emask=0x40)
20
+ Jun 29 20:48:58 hastur kernel: ata11.02: COMRESET failed (errno=-5)
21
+ Jun 29 20:48:58 hastur kernel: ata11.02: failed to read SCR 0 (Emask=0x40)
22
+ Jun 29 20:48:58 hastur kernel: ata11.02: reset failed, giving up
23
+ Jun 29 20:48:58 hastur kernel: ata11.02: failed to recover link after 3 tries, disabling
24
+ Jun 29 20:48:58 hastur kernel: ata11.02: disabled
25
+ Jun 29 20:49:08 hastur kernel: sd 10:2:0:0: rejecting I/O to offline device
26
+ Jun 29 20:49:08 hastur kernel: sd 10:2:0:0: rejecting I/O to offline device
27
+ Jun 29 20:49:08 hastur kernel: ata11: EH complete
28
+ Jun 29 20:49:08 hastur kernel: sd 10:2:0:0: rejecting I/O to offline device
29
+ Jun 29 20:49:08 hastur kernel: raid5: Disk failure on sdc3, disabling device. Operation continuing on 5 devices
30
+ Jun 29 20:49:11 hastur kernel: ata11.02: detaching (SCSI 10:2:0:0)
31
+
32
+
33
+
34
+
35
+* Hot-removed sdd3 from array after enclosure alarm
36
+
37
+ Jun 29 20:57:47 hastur kernel: ata11.03: disabled
38
+ Jun 29 20:57:47 hastur kernel: sd 10:3:0:0: rejecting I/O to offline device
39
+ Jun 29 20:57:47 hastur kernel: sd 10:3:0:0: rejecting I/O to offline device
40
+ Jun 29 20:57:47 hastur kernel: sd 10:3:0:0: [sdd] Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
41
+ Jun 29 20:57:47 hastur kernel: end_request: I/O error, dev sdd, sector 404675832
42
+ Jun 29 20:57:47 hastur kernel: raid5:md3: read error not correctable (sector 298261272 on sdd3).
43
+ Jun 29 20:57:47 hastur kernel: raid5: Disk failure on sdd3, disabling device. Operation continuing on 4 devices
44
+ Jun 29 20:57:48 hastur kernel: ata11.03: detaching (SCSI 10:3:0:0)
45
+
46
+
47
+
48
+
49
+* Marked array as readonly
50
+* Shutdown and removed system for maintenance.
51
+* On reboot disks were renumbered.
52
+* Ran non-destructive read/write badblocks test on all disks (ALL CLEAN)
53
+* Attempted to re-add failed disks to array.
54
+* Somehow managed to rewrite superblocks on disks I was attempting to re-add.
55
+
56
+
57
+
58
+## data_offset
59
+
60
+* Old version of mdadm created the original array with data offset of 136 sectors into each component device.
61
+* Versions since mdadm-2.6 support a new bitmap feature which moves the data offset to 272 sectors.
62
+* Hexediting the data offset and fixing the superblock checksum would be safe [according to Neil Brown][2].
63
+* In the end though I compiled from source the version of mdadm that was used to create the original array.
64
+
65
+
66
+
67
+### diff -u md3.sdb3.orig md3.sde3.new
68
+
69
+ --- md3.sdb3.orig 2009-07-07 10:14:25.000000000 +0100
70
+ +++ md3.sde3.new 2009-07-07 10:14:27.000000000 +0100
71
+ @@ -2,26 +2,26 @@
72
+ Magic : a92b4efc
73
+ Version : 1.2
74
+ Feature Map : 0x0
75
+ - Array UUID : 2b7ca9c9:c9fa9a28:086e0f83:90cbef62
76
+ + Array UUID : 679bc68c:aeb0464c:8f11e607:c8e58161
77
+ Name : hastur:3 (local to host hastur)
78
+ - Creation Time : Thu Oct 18 14:46:47 2007
79
+ + Creation Time : Sun Jul 5 03:32:38 2009
80
+ Raid Level : raid5
81
+ Raid Devices : 6
82
+
83
+ - Avail Dev Size : 870353369 (415.02 GiB 445.62 GB)
84
+ + Avail Dev Size : 870353233 (415.02 GiB 445.62 GB)
85
+ Array Size : 4351765760 (2075.08 GiB 2228.10 GB)
86
+ Used Dev Size : 870353152 (415.02 GiB 445.62 GB)
87
+ - Data Offset : 136 sectors
88
+ + Data Offset : 272 sectors
89
+ Super Offset : 8 sectors
90
+ State : clean
91
+ - Device UUID : c4983266:9ee820fd:106bbf9d:20a69333
92
+ + Device UUID : 1b87acce:883de3fc:881f279e:e2b84a9b
93
+
94
+ - Update Time : Mon Jun 29 21:05:55 2009
95
+ - Checksum : 5a501eb5 - correct
96
+ - Events : 320840
97
+ + Update Time : Sun Jul 5 03:32:38 2009
98
+ + Checksum : 94ba3ae4 - correct
99
+ + Events : 0
100
+
101
+ Layout : left-symmetric
102
+ Chunk Size : 128K
103
+
104
+ - Array Slot : 0 (failed, 1, 2, failed, failed, 4, 5)
105
+ - Array State : _uu_uu 3 failed
106
+ + Array Slot : 0 (0, 1, 2, 3, 4, 5)
107
+ + Array State : Uuuuuu
108
+
109
+
110
+
111
+
112
+## Loopback devices
113
+
114
+* Created sparse loopback devices (first 50MB of each partition) to play with superblocks
115
+
116
+ #!/bin/sh
117
+ BLOCKS_PER_DEV=$(sfdisk -s /dev/sdb3}
118
+ for i in {b..g}
119
+ do
120
+ BLOCKS=$(sfdisk -s /dev/sd${i}3) # blocks
121
+ BLOCKS=$(sfdisk -s /dev/sd${i}3) # blocks
122
+ dd if=/dev/sd${i}3 of=isd${i}3 bs=512 count=102400 # 50MB
123
+ dd if=/dev/zero of=isd${i}3 bs=1k seek=$BLOCKS count=0
124
+ losetup -f isd${i}3
125
+ done
126
+
127
+
128
+
129
+
130
+## Permute
131
+
132
+* Quick c++ to permute order of devices
133
+* Output space-separated, one permutation per line
134
+
135
+
136
+
137
+### permute-loop.cpp
138
+
139
+* Permute [012345]
140
+
141
+ #include <algorithm>
142
+ #include <iterator>
143
+ #include <vector>
144
+ #include <iostream>
145
+
146
+ using namespace std;
147
+
148
+ int main(void) {
149
+ vector<int> v;
150
+ v.push_back(0);
151
+ v.push_back(1);
152
+ v.push_back(2);
153
+ v.push_back(3);
154
+ v.push_back(4);
155
+ v.push_back(5);
156
+
157
+ cout << "0 1 2 3 4 5" << endl; // initial
158
+ while (next_permutation(v.begin(), v.end() ) ) {
159
+ // Loop until all permutations are generated.
160
+ copy(v.begin(), v.end(), ostream_iterator<int>(cout, " "));
161
+ cout << endl;
162
+ }
163
+ return 0;
164
+ }
165
+
166
+
167
+
168
+
169
+### permute-real.cpp
170
+
171
+* Permute [bcdefg]
172
+
173
+ #include <algorithm>
174
+ #include <iterator>
175
+ #include <vector>
176
+ #include <iostream>
177
+
178
+ using namespace std;
179
+
180
+ int main(void) {
181
+ vector<char> v;
182
+ v.push_back('b');
183
+ v.push_back('c');
184
+ v.push_back('d');
185
+ v.push_back('e');
186
+ v.push_back('f');
187
+ v.push_back('g');
188
+
189
+ cout << "b c d e f g" << endl;
190
+ while (next_permutation(v.begin(), v.end() ) ) {
191
+ // Loop until all permutations are generated.
192
+ copy(v.begin(), v.end(), ostream_iterator<char>(cout, " "));
193
+ cout << endl;
194
+ }
195
+ return 0;
196
+ }
197
+
198
+
199
+
200
+
201
+### Compile
202
+
203
+ g++ -o permute-loop permute-loop.cpp
204
+ g++ -o permute-real permute-real.cpp
205
+
206
+
207
+
208
+
209
+## Recovery script
210
+
211
+ #!/bin/sh
212
+ ECHO= # set to echo to test
213
+ MDADM=mdadm-2.5.6 # old version for old superblock data_offset size
214
+ MD_DEV=md3
215
+ CRYPT_DEV=crypt-md3
216
+
217
+ ./permute-real | while read b c d e f g
218
+ do
219
+ echo /dev/sd${b}3 /dev/sd${c}3 /dev/sd${d}3 /dev/sd${e}3 /dev/sd${f}3 /dev/sd${g}3
220
+ echo 'y' |
221
+ $ECHO $MDADM -C --assume-clean -f -e 1.2 -l 5 -p ls -c 128 -n6 /dev/$MD_DEV /dev/sd${b}3 /dev/sd${c}3 /dev/sd${d}3 /dev/sd${e}3 /dev/sd${f}3 /dev/sd${g}3 &> /dev/null
222
+ if (($? == 0))
223
+ then
224
+ sleep 0.3s
225
+ $ECHO mdadm -o /dev/$MD_DEV
226
+ if ($ECHO cryptsetup isLuks /dev/$MD_DEV )
227
+ then
228
+ echo -n " LUKS "
229
+ echo "$PASSWORD" |
230
+ if ($ECHO cryptsetup -T1 luksOpen /dev/$MD_DEV $CRYPT_DEV )
231
+ then
232
+ echo -n " UNLOCKED "
233
+ if ( $ECHO mount -o ro /dev/mapper/$CRYPT_DEV mnt )
234
+ then
235
+ echo -n " MOUNTED "
236
+ $ECHO umount /dev/mapper/$CRYPT_DEV
237
+ fi
238
+ $ECHO cryptsetup luksClose $CRYPT_DEV
239
+ fi
240
+ fi
241
+ sleep 0.3s
242
+ $ECHO mdadm --stop /dev/$MD_DEV &> /dev/null
243
+ fi
244
+ echo ""
245
+ done
246
+
247
+
248
+
249
+
250
+## XFS Repair
251
+
252
+* XFS wouldn't mount read-only if there were errors. (So the script was inconclusive).
253
+* Ran xfs_repair -n to determine which (of the two probable) configurations would need the fewest filesystem changes.
254
+* Recreated correct configuration
255
+
256
+ mdadm-2.5.6 -C --assume-clean -f -e 1.2 -l 5 -p ls -c 128 -n6 /dev/md3 /dev/sde3 /dev/sdd3 /dev/sdg3 /dev/sdf3 /dev/sdc3 /dev/sdb3
257
+
258
+
259
+
260
+
261
+* Run mdadm check, speed limit
262
+
263
+ echo -n check > /sys/block/md3/md/sync_action
264
+ echo -n 10000 > /proc/sys/dev/raid/speed_limit_max
265
+
266
+
267
+
268
+
269
+* Open, mount and unmount XFS, xfs_repair
270
+
271
+` xfs_repair /dev/mapper/crypt-md3 `
272
+
273
+
274
+
275
+* xfs\_repair reported that the log needed to be replayed by mount/umounting, then rerunning xfs\_repair
276
+
277
+ mount /dev/mapper/crypt-md3 /mnt/md3
278
+ umount /mnt/md3
279
+ xfs_repair /dev/mapper/crypt-md3
280
+
281
+
282
+
283
+
284
+* Final mount
285
+
286
+` mount /mnt/md3 `
287
+
288
+
289
+
290
+# Force Assemble?
291
+
292
+* Recover array faster by forcing assemble: clear failed flag from enough disks to assemble
293
+
294
+ # mdadm --assemble --force --scan /dev/md3
295
+ mdadm: forcing event count in /dev/sdd3(2) from 5 upto 10
296
+ mdadm: clearing FAULTY flag for device 3 in /dev/md3 for /dev/sdd3
297
+ mdadm: /dev/md3 has been started with 5 drives (out of 6).
298
+
299
+
300
+* Mark as readonly
301
+
302
+ # mdadm -o /dev/md3
303
+
304
+
305
+* How do we forcibly re-add a failed drive?
306
+
307
+ [1]: http://marc.info/?t=124696420800003&r=1&w=2
308
+ [2]: http://marc.info/?l=linux-raid&m=124710325903455&w=2
... ...
\ No newline at end of file
Network/HasturRaidUpgrade.md
... ...
@@ -0,0 +1,563 @@
1
+---
2
+title: HasturRaidUpgrade
3
+---
4
+
5
+Upgrading from 6x 500GB [RAID5][1][?][1] to 4x 2TB [RAID6][2][?][2]
6
+
7
+
8
+
9
+[[_TOC_]]
10
+
11
+## Shutdown server and move to test bench
12
+
13
+## Prepare new disks
14
+
15
+### Disconnect old disks
16
+
17
+### Connect 4 new disks
18
+
19
+### Enable SMART
20
+
21
+* Samsung disks had SMART disabled by default
22
+
23
+ # for i sd{b..e} ; do smartctl -s on /dev/$i ; done
24
+
25
+
26
+
27
+
28
+### Random write
29
+
30
+* [Suse FDE][39]
31
+* Default cipher and mode is "aes-cbc-essiv:sha256"
32
+* Default keysize is 128-bits
33
+
34
+ # for i in sd{b..e} ; do dd_rescue -m 10M /dev/urandom /dev/$i ; done
35
+ # for i in sd{b..e} ; do echo -n $TEST_PW | cryptsetup luksFormat --key-file=- /dev/$i ; done
36
+ # for i in sd{b..e} ; do echo -n $TEST_PW | cryptsetup luksOpen --key-file=- /dev/$i crypt-$i ; done
37
+ # for i in sd{b..e} ; do dd_rescue /dev/zero /dev/mapper/crypt-$i & done
38
+ # for i in sd{b..e} ; do cryptsetup luksClose /dev/$i crypt-$i ; done
39
+
40
+
41
+NOTE: dd_rescue doesn't stop when it reaches the end of the output device!
42
+
43
+
44
+
45
+## Benchmark
46
+
47
+### New Kernel
48
+
49
+* Compile new kernel for missing crypto modules
50
+
51
+
52
+
53
+#### Build and install XTS
54
+
55
+ $ echo "CONFIG_CRYPTO_XTS=m" >> .config
56
+ $ make modules
57
+ # cp crypto/xts.ko /lib/modules/2.6.31-pmp/kernel/crypto/
58
+ # depmod -A
59
+ # modprobe xts
60
+ # mount -o remount,rw /boot
61
+ # cp .config /boot/config-2.6.31-pmp
62
+ # mount -o remount,ro /boot
63
+
64
+
65
+
66
+
67
+### Partition types
68
+
69
+* Update parted to 1.8.8
70
+* DOS partition
71
+ # cat > sfdisk.tempraid0.format
72
+ ,1024,fd
73
+ ,2048,fd
74
+
75
+ ^D
76
+ # for dev in {b..e} ; do cat sfdisk.tempraid0.format | sfdisk -uM /dev/sd$dev ; done
77
+
78
+
79
+
80
+* GPT partition (annoying buggy parted means manual label creation)
81
+ # for dev in {b..e} ; do parted /dev/sd$dev mklabel ; done
82
+ # for dev in {b..e} ; do parted /dev/sd$dev mkpart primary 0 1024 mkpart primary 1024 3072 ; done
83
+
84
+
85
+
86
+
87
+
88
+* Arrays
89
+ # mdadm --create --verbose --metadata=1.2 --level=raid0 --raid-devices=4 /dev/md66 /dev/sd{b,c,d,e}1
90
+ # mdadm --create --verbose --assume-clean --metadata=1.2 --level=raid6 --raid-devices=4 /dev/md67 /dev/sd{b,c,d,e}2
91
+ # for dev in md66 md67 ; do mkfs.ext4 -m 0 /dev/$dev && mkdir -p /mnt/$dev && mount /dev/$dev /mnt/$dev ; done
92
+
93
+
94
+
95
+
96
+
97
+* Results (some 3908MB, some 3750MB)
98
+ # bonnie++ -f -d /mnt/md66 -s 3750 -n 0 -u root
99
+ Version 1.03d ------Sequential Output------ --Sequential Input- --Random-
100
+ -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--
101
+ Machine Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP
102
+ msdos,3908M,,,374639,44,110712,13,,,317465,19,372.9,0,,,,,,,,,,,,,
103
+ msdos,3908M,,,400310,49,107278,14,,,343700,19,366.2,0,,,,,,,,,,,,,
104
+ gpt,3750M,,,373408,44,106484,13,,,335955,22,383.3,0,,,,,,,,,,,,,
105
+
106
+ gpt-raid0,3750M,,,379201,45,105965,13,,,334808,19,379.7,0,,,,,,,,,,,,,
107
+ gpt-raid6,3750M,,,129930,19,47485,6,,,120628,8,360.5,0,,,,,,,,,,,,,
108
+
109
+ # bonnie++ -f -d /mnt/md67 -s 3750 -n 0 -u root
110
+
111
+
112
+
113
+* No obvious difference for [RAID0][40][?][40]
114
+
115
+* Stop
116
+ # for dev in md66 md67 ; do umount /mnt/$dev ; mdadm --stop /dev/$dev ; done
117
+
118
+
119
+
120
+
121
+
122
+### Cipher and RAID Benchmarks
123
+
124
+ CHUNK, CRYPT_KEY_SIZE, CIPHER, NCQ
125
+ 64, 256, lrw-benbi, 1
126
+ hastur,3750M,,,77502,10,29570,4,,,76041,5,328.2,1,,,,,,,,,,,,,
127
+ hastur,3750M,,,77913,11,29512,4,,,75647,6,322.5,0,,,,,,,,,,,,,
128
+ hastur,3750M,,,77937,10,29149,4,,,76300,5,322.9,0,,,,,,,,,,,,,
129
+
130
+ 64, 256, cbc-essiv, 1
131
+ hastur,3750M,,,77501,10,29415,4,,,75281,5,330.2,1,,,,,,,,,,,,,
132
+ hastur,3750M,,,77880,10,28867,4,,,76466,6,326.1,1,,,,,,,,,,,,,
133
+ hastur,3750M,,,78451,10,29881,4,,,73462,5,330.0,1,,,,,,,,,,,,,
134
+
135
+ 64, 256, xts-plain, 1
136
+ hastur,3750M,,,76612,10,28949,4,,,76289,5,309.5,0,,,,,,,,,,,,,
137
+ hastur,3750M,,,78131,10,29525,4,,,76528,5,317.0,1,,,,,,,,,,,,,
138
+ hastur,3750M,,,77624,10,29122,4,,,76401,5,322.7,1,,,,,,,,,,,,,
139
+
140
+ 64, 512, lrw-benbi, 1
141
+ hastur,3750M,,,76133,11,28562,4,,,71292,5,289.9,0,,,,,,,,,,,,,
142
+ hastur,3750M,,,76470,10,27983,4,,,70690,5,312.1,0,,,,,,,,,,,,,
143
+ hastur,3750M,,,74969,10,28450,4,,,69769,5,299.2,1,,,,,,,,,,,,,
144
+
145
+ 64, 512, cbc-essiv, 1
146
+ hastur,3750M,,,76839,10,27509,4,,,71383,5,292.8,0,,,,,,,,,,,,,
147
+ hastur,3750M,,,74941,10,28484,4,,,71224,5,283.4,1,,,,,,,,,,,,,
148
+ hastur,3750M,,,75474,10,29006,4,,,74678,5,307.6,1,,,,,,,,,,,,,
149
+
150
+ 64, 512, xts-plain, 1
151
+ hastur,3750M,,,76980,10,28483,4,,,77147,6,321.1,0,,,,,,,,,,,,,
152
+ hastur,3750M,,,78038,10,28926,4,,,75617,5,331.4,0,,,,,,,,,,,,,
153
+ hastur,3750M,,,77566,11,29640,4,,,73846,5,326.2,0,,,,,,,,,,,,,
154
+
155
+ 128, 256, lrw-benbi, 1
156
+ hastur,3750M,,,76583,10,27767,4,,,78447,6,328.8,0,,,,,,,,,,,,,
157
+ hastur,3750M,,,76805,10,28012,4,,,78318,5,325.3,1,,,,,,,,,,,,,
158
+ hastur,3750M,,,75651,10,28269,4,,,80328,5,319.7,0,,,,,,,,,,,,,
159
+
160
+ 128, 256, cbc-essiv, 1
161
+ hastur,3750M,,,73652,10,27561,4,,,76043,5,312.7,0,,,,,,,,,,,,,
162
+ hastur,3750M,,,74091,10,27321,4,,,74952,5,302.3,0,,,,,,,,,,,,,
163
+ hastur,3750M,,,74929,10,26958,4,,,75964,5,308.0,1,,,,,,,,,,,,,
164
+
165
+ 128, 256, xts-plain, 1
166
+ hastur,3750M,,,73128,10,27043,3,,,74821,5,316.5,0,,,,,,,,,,,,,
167
+ hastur,3750M,,,73468,10,26747,3,,,73302,5,292.7,0,,,,,,,,,,,,,
168
+ hastur,3750M,,,73360,10,26452,3,,,72755,5,297.9,0,,,,,,,,,,,,,
169
+
170
+ 128, 512, lrw-benbi, 1
171
+ hastur,3750M,,,74233,10,27291,4,,,74660,5,310.1,1,,,,,,,,,,,,,
172
+ hastur,3750M,,,74540,10,26414,4,,,73114,5,288.7,1,,,,,,,,,,,,,
173
+ hastur,3750M,,,73015,9,27081,3,,,73988,5,303.1,0,,,,,,,,,,,,,
174
+
175
+ 128, 512, cbc-essiv, 1
176
+ hastur,3750M,,,74490,10,27901,4,,,74019,5,292.8,0,,,,,,,,,,,,,
177
+ hastur,3750M,,,75435,10,27576,4,,,73163,5,308.6,0,,,,,,,,,,,,,
178
+ hastur,3750M,,,74645,10,27287,4,,,73003,5,316.2,1,,,,,,,,,,,,,
179
+
180
+ 128, 512, xts-plain, 1
181
+ hastur,3750M,,,75475,10,28163,4,,,78059,6,340.1,1,,,,,,,,,,,,,
182
+ hastur,3750M,,,75484,10,27796,4,,,76429,5,321.1,0,,,,,,,,,,,,,
183
+ hastur,3750M,,,75956,10,27038,4,,,75931,5,311.3,1,,,,,,,,,,,,,
184
+
185
+
186
+
187
+
188
+* NCQ=1 is significantly faster
189
+* sdc and sde doing significantly more work
190
+
191
+
192
+
193
+### Fix IO load problem
194
+
195
+* Even after rearranging disks in the array, the same disks (Samsungs) have roughly double the TPS on writes.
196
+ chunk=64 :: key_size=512 :: cipher=aes-xts-plain :: RA /dev/mapper/crypt-md67=256 /dev/md67=512 raw=128
197
+ hastur,3750M,,,70425,9,26040,3,,,63046,4,295.2,0,,,,,,,,,,,,,
198
+
199
+
200
+
201
+
202
+
203
+* [RAID5][1][?][1], for comparison
204
+ hastur,3750M,,,80460,10,29684,4,,,76040,5,270.2,0,,,,,,,,,,,,,
205
+
206
+
207
+
208
+
209
+
210
+* [RAID0][40][?][40], for comparison
211
+ hastur,3750M,,,99602,12,40017,6,,,94923,7,291.6,0,,,,,,,,,,,,,
212
+
213
+
214
+
215
+
216
+
217
+* Taking dmcrypt out of the equation evens out IO load. It's misalignment of dmcrypt/ext4, not the Samsungs.
218
+ # cat bench.raid0.nocrypt.chunk32.out
219
+ hastur,3750M,,,429599,49,98253,12,,,310307,22,320.6,0,,,,,,,,,,,,,
220
+ hastur,3750M,,,418548,49,100704,13,,,345801,24,309.8,0,,,,,,,,,,,,,
221
+
222
+
223
+ # cat bench.raid0.nocrypt.chunk64.out
224
+ hastur,3750M,,,426720,51,103288,13,,,304494,19,337.2,0,,,,,,,,,,,,,
225
+ hastur,3750M,,,420937,50,105754,13,,,341867,19,333.3,0,,,,,,,,,,,,,
226
+
227
+
228
+ # cat bench.raid0.crypt_align256.chunk64.out
229
+ hastur,3750M,,,99446,11,40287,6,,,98194,7,308.0,0,,,,,,,,,,,,,
230
+ hastur,3750M,,,98978,12,40615,6,,,100049,7,307.4,0,,,,,,,,,,,,,
231
+
232
+
233
+
234
+* Mitigated by setting readahead and stripe cache, it seems
235
+
236
+
237
+
238
+## Prepare new array
239
+
240
+### Alignments
241
+
242
+* Partitions to HDD sectors: 512B or 4kB)
243
+* RAID chunks to HDD sectors: 4kB
244
+* dmcrypt sectors to RAID stripes: max\_stripe\_width * chunk_size
245
+* LVM sectors to ?
246
+* ext4 sectors to ?
247
+
248
+
249
+
250
+### Partition
251
+
252
+#### Alignment
253
+
254
+* Necessary only if 4kB disks are used, otherwise [parted >=1.7 automatically aligns][41] to physical sector boundaries
255
+
256
+#### Layout
257
+
258
+* 300GB [RAID0][40][?][40] (75GB per disk)
259
+* 3850GB [RAID6][2][?][2] (1925GB per disk)
260
+
261
+ # for dev in {b..e} ; do parted /dev/sd$dev mklabel ; done
262
+ Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you want to continue?
263
+ Yes/No? y
264
+ New disk label type? [gpt]?
265
+ ...
266
+
267
+ # for dev in {b..e} ; do parted /dev/sd$dev -- mkpart primary 0 76800 mkpart primary 76800 -0 ; done
268
+
269
+
270
+* Buggy parted cli means creating labels manually.
271
+* -- argument lets you specify -0 on command line
272
+* Check with "unit s print"
273
+ for dev in {b..e} ; do parted /dev/sd$dev unit s print ; done
274
+
275
+
276
+
277
+
278
+
279
+#### Decided against partitioning.
280
+
281
+* [RAID0][40][?][40] isn't expandable
282
+* LVM will replace the separation from partitioning
283
+
284
+
285
+
286
+### RAID
287
+
288
+#### Alignment
289
+
290
+* With bitmap, default offset is 136 sectors (68Kb)
291
+* Check with mdadm -E
292
+* Data offsets: 4GB raid0 16 sectors (8kB) , 4GB raid6 24 sectors (12kB)
293
+* No alignment necessary since offset is multiple of physical sector size (512b or 4kB)
294
+
295
+
296
+
297
+#### Chunk Size
298
+
299
+* <http://www.zdnet.com/blog/storage/chunks-the-hidden-key-to-raid-performance/130>
300
+ * Small chunks for: few large I/O requests -> increased bandwidth
301
+ * Big chunks for: many small I/O requests (DB) -> increase IOPS (one disk per request)
302
+
303
+ # mdadm --create --metadata=1.2 --verbose --chunk 64 --level=raid6 --raid-devices=4 /dev/md6 /dev/sd{b..e}
304
+
305
+
306
+
307
+
308
+### Encryption
309
+
310
+#### Alignment
311
+
312
+* <http://kerneltrap.org/mailarchive/linux-raid/2010/1/4/6683163>
313
+* --align-payload=value, in 512-byte sectors. Align to full stripe boundaries.
314
+* Default alignment is 4040 = (2020k).
315
+* Align to maximum planned stripe-width = (8-2) x 64k = 384k = 768sectors
316
+* Checking the alignment
317
+ cryptsetup luksDump /dev/md1
318
+
319
+
320
+
321
+#### Cipher
322
+
323
+* aes-cbc-essiv vs aes-xts-plain
324
+* aes-xts needs double keysize to feed equal parts to aes and xts
325
+* aes-xts has no ESSIV so no :hash is specified
326
+* Default luksFormat password hash is sha1. It's [not vulnerable][42] in the same way as signed certs are.
327
+* Specifying --hash for luksFormat [is supported][43] but seems largely unnecessary
328
+* 2048 is safe offset
329
+
330
+ # cryptsetup -c aes-xts-plain -s 512 --align-payload=2048 luksFormat /dev/md6
331
+ # cryptsetup luksOpen /dev/md6 crypt-md6
332
+
333
+
334
+
335
+
336
+### Logical Volumes
337
+
338
+#### Alignment
339
+
340
+* [Theodore Ts'o][44]
341
+* <http://www.mail-archive.com/linux-raid@vger.kernel.org/msg09685.html>
342
+* [LVM auto aligned on RAID][45]. But on dmcrypt?
343
+* Want to align the LVM data to RAID chunk boundaries.
344
+* For chunk sizes >= 128K, subtract 63k
345
+ pvcreate --metadatasize 193k /dev/mapper/crypt-md6 # pads up to next 64KB boundary
346
+
347
+
348
+
349
+* Check alignment
350
+ # pvs /dev/sdb2 -o+pe_start
351
+ /dev/dm-6 lvm2 -- 3.64T 3.64T 256.00K
352
+
353
+
354
+
355
+
356
+
357
+#### Layout
358
+
359
+* Home, media - separate to allow home quotas to be configured
360
+
361
+
362
+
363
+
364
+
365
+#### PV
366
+
367
+ pvcreate --metadatasize 193k /dev/mapper/crypt-md6
368
+
369
+
370
+
371
+
372
+#### VG
373
+
374
+ vgcreate vg-md6 /dev/mapper/crypt-md6
375
+
376
+
377
+
378
+
379
+#### LV
380
+
381
+ lvcreate -n media vg-md6 -L2500G
382
+ lvcreate -n home vg-md6 -L500G
383
+
384
+
385
+
386
+
387
+### Filesystems
388
+
389
+* [EXT4][46][?][46]
390
+
391
+#### Resize reservation
392
+
393
+* -E resize=
394
+* tune2fs -l lists max fs blocks. (Default allows for 16TB)
395
+
396
+#### Bytes per Inode
397
+
398
+* -i 65536 (reduces inode overhead, default is 16384)
399
+
400
+#### Stride and Stripe
401
+
402
+* <http://www.ep.ph.bham.ac.uk/general/support/raid/raidperf11.html>
403
+* <http://busybox.net/~aldot/mkfs_stride.html>
404
+* Stride controls the space between metadata blocks. If stride == RAID chunk size there would be a bitmap in every chunk. Worst case would be a bitmap every stripe_width which would put all the bitmaps on a single disk.
405
+* Stripe-width lets the FS calculate the number of disks allowing parallel [IOs][47][?][47]
406
+ stride(64k) = raid_chunk_size / ext4_block_size
407
+ = 64k / 4k
408
+ = 16
409
+ stripe_width(4) = raid_data_disks * stride
410
+ = (4-2) * 16
411
+ = 32
412
+
413
+
414
+
415
+* Resizing an array
416
+
417
+ tune2fs -E stripe-width=$NEW_STRIPE_WIDTH
418
+ resize2fs
419
+
420
+
421
+
422
+
423
+#### Create Home
424
+
425
+* No reserved space. Stride and stripe-width for 2 data disks and 64k chunk.
426
+
427
+ # mkfs.ext4 -m 0 -E stride=16,stripe-width=32 /dev/vg-md6/home
428
+
429
+
430
+
431
+
432
+#### Create Media
433
+
434
+* No reserved space. 64k per inode. Stride and stripe-width for 2 data disks and 64k chunk.
435
+
436
+ # mkfs.ext4 -m 0 -i 65536 -E stride=16,stripe-width=32 /dev/vg-md6/media
437
+
438
+
439
+
440
+
441
+#### fstab
442
+
443
+ /dev/vg-md6/home /mnt/md6-home ext4 defaults,noatime,nosuid,noauto,acl 0 3
444
+ /dev/vg-md6/media /mnt/md6-media ext4 defaults,noatime,nosuid,noauto,acl 0 3
445
+ /dev/vg-md6/home /home ext4 defaults,noatime,nosuid,noauto 0 3
446
+
447
+
448
+
449
+
450
+#### crypttab
451
+
452
+ /dev/mapper/crypt-md6 /dev/md6 none luks
453
+
454
+
455
+
456
+
457
+## Copy Data
458
+
459
+### Start new array in 3-of-4 disk degraded state
460
+
461
+ # mdadm --assemble --run /dev/md6 /dev/sd{h,i,j}
462
+ # cryptsetup luksOpen /dev/md6 crypt-md6
463
+ # vgchange -a y vg-md6
464
+ # mount /mnt/md6-media
465
+ # mount /mnt/md6-home
466
+
467
+
468
+
469
+
470
+### Start old array
471
+
472
+ # mdadm --assemble /dev/md2
473
+ # mdadm --assemble /dev/md3
474
+ # cryptsetup luksOpen /dev/md2 crypt-md2
475
+ # cryptsetup luksOpen /dev/md3 crypt-md3
476
+ # mount /dev/mapper/crypt-md2
477
+ # mount /dev/mapper/crypt-md3
478
+
479
+
480
+
481
+
482
+### Copy data
483
+
484
+## Reconfigure
485
+
486
+### rc.local
487
+
488
+* Clear out old script
489
+
490
+
491
+
492
+### Samba
493
+
494
+ # sed -i -e 's%md3/media%md6-media%g' /etc/samba/smb.conf
495
+
496
+
497
+* Replace valid users lists with groups:
498
+ [mediasys]
499
+ ...
500
+ valid users = @group-name
501
+
502
+
503
+
504
+
505
+
506
+### SNMP
507
+
508
+* Add disk space graphs in cacti
509
+ * Had to restart snmpd to update [GetMountedPartitions][48][?][48] query
510
+
511
+
512
+
513
+### Mediatomb
514
+
515
+ # vim /etc/mediatomb/config.xml
516
+ <home>/mnt/md6-media/metadata/mediatomb</home>
517
+
518
+
519
+### mtdaapd
520
+
521
+ # sed -i -e 's%md3/media%md6-media%g' /etc/mtdaapd.conf
522
+
523
+
524
+
525
+
526
+## Switch Services
527
+
528
+### mediasys
529
+
530
+ # for mntpt in /export/mediasys/media/{movies,videos,music,tvshows,photos}/{library,meta} ; do umount $mntpt ; done
531
+ # for mntpt in $(grep '^[^#]*md6-media.*bind' /etc/fstab | cut -d' ' -f1) ; do mount $mntpt ; done
532
+
533
+
534
+
535
+
536
+## Sync RAID
537
+
538
+### Stop old array
539
+
540
+### Add 4th new disk
541
+
542
+ # mdadm --manage /dev/md6 --add /dev/sdb
543
+
544
+
545
+
546
+
547
+### Sync new array
548
+
549
+## Benchmark
550
+
551
+* Post sync. Read performance doesn't look right
552
+ # bonnie++ -q -f -x 3 -s 3750 -n 0 -u root -d /mnt/md6-media
553
+ name,file_size,putc,putc_cpu,put_block,put_block_cpu,rewrite,rewrite_cpu,getc,getc_cpu,get_block,get_block_cpu,seeks,seeks_cpu,num_files,seq_create,seq_create_cpu,seq_stat,seq_stat_cpu,seq_del,seq_del_cpu,ran_create,ran_create_cpu,ran_stat,ran_stat_cpu,ran_del,ran_del_cpu
554
+ hastur,3750M,,,80818,11,24548,4,,,56356,5,305.6,0,,,,,,,,,,,,,
555
+ hastur,3750M,,,86100,12,24631,4,,,59027,5,305.8,0,,,,,,,,,,,,,
556
+ hastur,3750M,,,87435,11,24239,4,,,59217,5,312.1,0,,,,,,,,,,,,,
557
+
558
+ [39]: http://en.opensuse.org/Encrypted_Root_File_System
559
+ [41]: http://www.gnu.org/software/parted/faq.shtml
560
+ [42]: http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/3300
561
+ [43]: http://code.google.com/p/cryptsetup/issues/detail?id=9
562
+ [44]: http://thunk.org/tytso/blog/2009/02/20/aligning-filesystems-to-an-ssds-erase-block-size/
563
+ [45]: http://www.redhat.com/archives/linux-lvm/2009-September/msg00092.html
Network/HasturRaidUpgrade2.md
... ...
@@ -0,0 +1,30 @@
1
+---
2
+title: HasturRaidUpgrade2
3
+---
4
+
5
+Adding two 3TB disks to the 8TB array.
6
+
7
+
8
+
9
+# Add 3TB disk and grow md6
10
+
11
+ mdadm --add /dev/md6 /dev/sdh
12
+ mdadm --grow /dev/md6 --raid-devices=5
13
+
14
+
15
+
16
+
17
+## Extend LUKS
18
+
19
+ cryptsetup resize /dev/mapper/crypt-md6
20
+
21
+
22
+
23
+
24
+## Extend Logical Volumes
25
+
26
+ pvresize /dev/dm-6
27
+ lvextend -L +1T /dev/vg-md6/media
28
+ resize2fs /dev/vg-md6/media &
29
+ # lvextend -L +300G /dev/vg-md6/home
30
+ # resize2fs /dev/vg-md6/home &
... ...
\ No newline at end of file
Network/HasturRaidUpgrade3.md
... ...
@@ -0,0 +1,43 @@
1
+---
2
+title: HasturRaidUpgrade3
3
+---
4
+
5
+Upgrade to 18TB raw, 12TB usable
6
+
7
+* Retired remaining 2TB disk
8
+* Added two 3TB disks.
9
+
10
+
11
+
12
+# Add 3TB disk and grow md6
13
+
14
+mdadm --add /dev/md6 /dev/sdh # replaces failed disk
15
+# resync
16
+mdadm --add-spare /dev/md6 /dev/sdb  # previously a backup disk
17
+mdadm --add-spare /dev/md6 /dev/sdg
18
+# fail old 2TB disk
19
+mdadm --fail /dev/md6 /dev/sda
20
+mdadm --remove /dev/md6 /dev/sda
21
+# resync and grow across all 3TB disks
22
+mdadm --grow /dev/md6 --raid-devices=6  # will this pick up the new device size?
23
+
24
+[[$[Get Code]]][1]
25
+
26
+
27
+
28
+## Extend LUKS
29
+
30
+ cryptsetup resize /dev/mapper/crypt-md6
31
+
32
+
33
+
34
+
35
+## Extend Logical Volumes
36
+
37
+ pvresize /dev/mapper/crypt-md6
38
+ lvextend -L +1T /dev/vg-md6/media
39
+ resize2fs /dev/vg-md6/media &
40
+ lvextend -L +300G /dev/vg-md6/home
41
+ resize2fs /dev/vg-md6/home &
42
+
43
+ [1]: HasturRaidUpgrade3?action=sourceblock&num=1
... ...
\ No newline at end of file
Network/HasturRaidUpgradePath.md
... ...
@@ -0,0 +1,98 @@
1
+---
2
+title: HasturRaidUpgradePath
3
+---
4
+
5
+Upgrade plan for Hastur hardware.
6
+
7
+See also: [HasturRaidArray][1]
8
+
9
+
10
+
11
+# 3TB
12
+
13
+Original configuration of 6 x 500GB disks in [RAID5][2][?][2].
14
+
15
+Usable capacity: 2.4TB = (6 * 0.5TB) * ((5-1)/5)
16
+
17
+
18
+
19
+# 8TB
20
+
21
+[Hastur Raid Upgrade][3] to 4x 2TB disks in [RAID6][4][?][4].
22
+
23
+Usable capacity: 4.0TB = (4 * 2TB) * ((4-2)/4)
24
+
25
+
26
+
27
+# Backup
28
+
29
+2x 2TB disks added as backups (1 on-site, 1 off-site) in [RAID1][5][?][5].
30
+
31
+Added no extra capacity.
32
+
33
+
34
+
35
+# 14TB
36
+
37
+[HasturRaidUpgrade2][6]
38
+
39
+Added 2x 3TB disks. 1 as off-site backup.
40
+
41
+
42
+
43
+## Substitute Strategy
44
+
45
+* Add one 3TB disk to array. Capacity += 2TB.
46
+
47
+
48
+
49
+## Backup Replacement Strategy
50
+
51
+* Add previous 2TB backup disk to array. Capacity += 2TB.
52
+* Use new 3TB disk as on-site backup.
53
+
54
+
55
+
56
+## Upgrade Paths
57
+
58
+From 2222[4],2 (current) to
59
+
60
+
61
+
62
+* -> 22222[6],3 (keep one 3TB as backup, give Cos the other)
63
+* -> 222233[8],2 (
64
+* -> 222223[8],3
65
+* -> (22)(22)44[8] -> (22)4444[12]
66
+
67
+
68
+
69
+# 18TB
70
+
71
+[HasturRaidUpgrade3][7]
72
+
73
+* Add 2x 3TB disks, move remaining 2TB disk to backup duty
74
+* -> 333333[12], 2
75
+* Hopefully sufficient for the next 3 years.
76
+
77
+
78
+
79
+## Upgrade Paths
80
+
81
+Replace 2x 3TB with 2x 6TB
82
+
83
+* -> (33)(33)66[12],33
84
+* -> raid10?: (3|3)(3|3)(3|3)(3|3)[12]
85
+
86
+
87
+
88
+# 36TB
89
+
90
+[CyclopsRaidUpgrade1][8][?][8]
91
+
92
+* Add 4x 6TB disks
93
+* -> 666666[24]
94
+
95
+ [1]: HasturRaidArray
96
+ [3]: HasturRaidUpgrade
97
+ [6]: HasturRaidUpgrade2
98
+ [7]: HasturRaidUpgrade3
Network/HasturReplacement.md
... ...
@@ -0,0 +1,99 @@
1
+---
2
+title: HasturReplacement
3
+---
4
+
5
+# Research
6
+
7
+* [Reddit homelab buying guide][1]
8
+* [Dell PowerEdge Depth][2]
9
+
10
+
11
+
12
+# Hardware
13
+
14
+Rack max depth ~500mm.
15
+
16
+
17
+
18
+## Dell [PowerEdge][3][?][3] R710
19
+
20
+* Depth 681mm
21
+* £200-300 on eBay
22
+* PERC H800 external RAID card (dual miniSAS)
23
+* Or non-raid [PCIe][4][?][4] with dual miniSAS
24
+* lots of RAM
25
+* [CPUs][5][?][5]?
26
+ * X5650 > E5645 > E5620 > E5606 > E5507 > X5560 = X5550
27
+* power and thermal requirements?
28
+* [PCIe][4][?][4] expansion slots?
29
+* 2xGigE
30
+
31
+
32
+
33
+## Dell [PowerEdge][3][?][3] R210
34
+
35
+* [R210 II specs][6]
36
+* Depth 390mm
37
+* HP Version of the R210 II is the [DL320e][7][?][7] Gen8 v2
38
+* 1x [PCIe][4][?][4] x16
39
+
40
+
41
+
42
+## HP [DL320e][7][?][7] G8 v2
43
+
44
+* [G8 v2 specs][8]
45
+* Depth 381cm
46
+* Requires railkit
47
+ * 775612-B21 ordered via Amazon UK (~£68)
48
+* Single Xeon
49
+* 1U
50
+* Seems like G8 v1 was a full depth chassis
51
+* 2x [PCIe][4][?][4] (x8, x4)
52
+
53
+
54
+
55
+## HP [DL20][9][?][9] G9
56
+
57
+* Compact 1U
58
+* Too expensive?
59
+
60
+
61
+
62
+## Others
63
+
64
+[https://en.wikipedia.org/wiki/List\_of\_Dell\_PowerEdge\_Servers][10]
65
+
66
+
67
+
68
+* R610 (1U, 2.5" only)
69
+* R720 (Xeon E family, 768GB RAM, 4xGigE)
70
+
71
+
72
+
73
+## Storage adapter
74
+
75
+* Dual miniSAS (SFF-8088)
76
+* [PCIe][4][?][4]
77
+* Dell H200 (internal only?, JBOD)
78
+* LSI-SAS 9207-8e ([PCIe][4][?][4] 8x, SFF-8088)
79
+* LSI-SAS 9200-8e (some IBM card cross-flashed?)
80
+
81
+
82
+
83
+### LSI [LSI00138][11][?][11]
84
+
85
+* [PCIe][4][?][4] 8x
86
+* SAS only?
87
+
88
+
89
+
90
+# Purchased
91
+
92
+* [Cyclops][12]
93
+
94
+ [1]: https://www.reddit.com/r/homelab/wiki/hardware
95
+ [2]: https://www.reddit.com/r/homelab/wiki/hardware/dell/depth
96
+ [6]: http://www.dell.com/downloads/global/products/pedge/spc_r210_II_new.pdf
97
+ [8]: https://www.hpe.com/h20195/v2/getpdf.aspx/c04128107.pdf?ver=26
98
+ [10]: https://en.wikipedia.org/wiki/List_of_Dell_PowerEdge_Servers
99
+ [12]: Cyclops
... ...
\ No newline at end of file
Network/HasturSoftware.md
... ...
@@ -0,0 +1,1191 @@
1
+---
2
+title: HasturSoftware
3
+---
4
+
5
+Back to [Hastur][1]
6
+
7
+
8
+
9
+[[_TOC_]]
10
+
11
+# [MythTV][63][?][63] Backend
12
+
13
+* <http://www.debianhelp.co.uk/samba.htm>
14
+
15
+ # apt-get install samba smbclient smbfs
16
+ # smbpasswd -a mythtv
17
+ Enter password twice
18
+ # vim /etc/samba/smb.conf
19
+
20
+
21
+
22
+
23
+## Work around authentication failure bug
24
+
25
+Manifests as failure of first authentication. All subsequent auths succeed.
26
+
27
+Bug: <https://bugzilla.samba.org/show_bug.cgi?id=10604>
28
+
29
+Workaround is to force ID mapping in `/etc/samba/smb.conf`:
30
+
31
+ idmap config * : range = 1000-1999999
32
+
33
+
34
+
35
+
36
+## Name Mangling
37
+
38
+* Samba mangles names with question marks in them by default
39
+* Fix with "mangled names = no" at share scope
40
+
41
+
42
+
43
+## OS X ACL permissions problem
44
+
45
+* <http://discussions.apple.com/message.jspa?messageID=6683980>
46
+* <http://www.macwindows.com/OSXServer.html#040909a>
47
+
48
+Possible workaround is to set "acl check permissions = no" in smb.conf global section
49
+
50
+***2007-10-10***
51
+
52
+Get xmltv working
53
+
54
+UK TV channels: <http://www.bbc.co.uk/reception/digitaltv/index.shtml>
55
+
56
+
57
+
58
+* <http://parker1.co.uk/mythtv_id.php>
59
+
60
+ # su mythtv
61
+ $ wget http://parker1.co.uk/myth/icons.tar.gz
62
+ $ wget http://parker1.co.uk/myth/updateid.tar.gz
63
+ # cd /usr/share/mythtv
64
+ # tar -xzvf ~mythtv/icons.tar.gz
65
+ $ tar -xzvf updateid.tar.gz
66
+ $ ./updateid/updateid
67
+ (various script errors)
68
+
69
+
70
+Attempt another method
71
+
72
+* <http://www.mythtv.org/wiki/index.php/Uk_xmltv>
73
+
74
+ $ tv_grab_uk_rt --configure
75
+ (all)
76
+ $ vim ~/.xmltv/tv_grab_uk_rt
77
+ (remove unwanted channels)
78
+
79
+
80
+Bah, takes too long.
81
+
82
+Method 3
83
+
84
+* <http://brej.org/dvb/index.html>
85
+
86
+ $ wget http://brej.org/dvb/uk_rt.sql http://brej.org/dvb/uk_rt.xmltv
87
+
88
+
89
+Abandoned until later.
90
+
91
+
92
+
93
+## [ToDo][65][?][65]
94
+
95
+### Transcode to format for [AppleTV][66]
96
+
97
+* <http://www.mythtv.org/wiki/Nuvexport>
98
+
99
+
100
+
101
+# DVD ripping
102
+
103
+***2007-11-08***
104
+
105
+ # apt-get install dvdrip subtitleripper xvid4conf ogmtools
106
+ # apt-get install libdvdcss acidrip gpac vobcopy dvdbackup
107
+
108
+
109
+
110
+
111
+# CD ripping
112
+
113
+***2007-12-06***
114
+
115
+ # apt-get install abcde
116
+
117
+
118
+It's convenient to use the laptop drive to rip. Perhaps consider creating an iso to encode from using abcde.
119
+
120
+***2008-04-08***
121
+
122
+ # apt-get install vorbisgain
123
+
124
+
125
+
126
+
127
+# Media Centre Groups
128
+
129
+ # groupadd -g 3001 music
130
+ # groupadd -g 3001 videos
131
+ # groupadd -g
132
+
133
+
134
+
135
+
136
+# Media Centre [ACLs][67][?][67]
137
+
138
+* <http://www.suse.de/~agruen/acl/linux-acls/online/>
139
+
140
+## Users
141
+
142
+users.sh
143
+
144
+ useradd -u 3000 -s /usr/sbin/nologin -c "Media Centre" -d "/nonexistent" media-centre
145
+ groupadd --gid 3001 mc-music
146
+ groupadd mc-videos
147
+ groupadd mc-movies
148
+ groupadd mc-photos
149
+ groupadd mc-tv
150
+ groupadd mcadm-music
151
+ groupadd mcadm-videos
152
+ groupadd mcadm-movies
153
+ groupadd mcadm-photos
154
+ groupadd mcadm-tv
155
+
156
+
157
+
158
+
159
+## Permissions
160
+
161
+permissions.sh
162
+
163
+ #!/bin/sh
164
+ MEDIA_ROOT=.
165
+ # Currently videos == movies, and I'm not using tv
166
+ MEDIA_TYPES="music movies photos"
167
+
168
+ # Get ACL for media type
169
+ # rwx for user and mcadm-foo
170
+ # r-- for mc-foo
171
+ # --- for others
172
+ # children inherit the same permissions
173
+ function getmediafacl
174
+ {
175
+ cat <<END
176
+ user::rwx
177
+ group::---
178
+ group:mcadm-$1:rwx
179
+ group:mc-$1:r-x
180
+ mask::rwx
181
+ other::---
182
+ default:user::rwx
183
+ default:group::r-x
184
+ default:group:mcadm-$1:rwx
185
+ default:group:mc-$1:r-x
186
+ default:mask::rwx
187
+ default:other::---
188
+ END
189
+ }
190
+
191
+ for TYPE in $MEDIA_TYPES ; do
192
+ getmediafacl $TYPE | setfacl -R --set-file=- $MEDIA_ROOT/$TYPE
193
+ # Fix execute perms on non-directories
194
+ find $MEDIA_ROOT/$TYPE ! -type d -print0 | xargs -0 chmod a-x
195
+ done
196
+
197
+
198
+
199
+
200
+## Fix Group Membership
201
+
202
+Add daemons that need to index media files to groups
203
+
204
+ usermod -a -G mc-movies,mc-photos,mc-music,mc-videos mediatomb
205
+ usermod -a -G mc-movies,mc-photos,mc-music,mc-videos mythtv
206
+
207
+
208
+
209
+
210
+# Streaming Media
211
+
212
+ apt-get install liblame-dev libogg-dev libvorbis-dev libsndfile1-dev
213
+ ./configure
214
+
215
+
216
+Hmm, can't remember what the hell I was installing here.
217
+
218
+
219
+
220
+# iTunes
221
+
222
+ # apt-get install mt-daapd
223
+ # vim /etc/mt-daapd.conf
224
+ [general]
225
+ web_root = /usr/share/mt-daapd/admin-root
226
+ port = 3689
227
+ admin_pw = kelthar
228
+ db_type = sqlite3
229
+ db_parms = /mnt/md3/media/music/metadata
230
+ mp3_dir = /mnt/md3/media/music/library
231
+ servername = Hastur
232
+ runas = mt-daapd
233
+ playlist = /mnt/md3/media/music/metadata/mt-daapd.playlist
234
+ extensions = .mp3,.m4a,.m4p,.ogg,.flac,.mpc
235
+ process_m3u = 1
236
+ scan_type = 2
237
+ compress = 1
238
+ [plugins]
239
+ plugin_dir = /usr/lib/mt-daapd/plugins
240
+ plugins = rsp.so,ssc-ffmpeg.so
241
+
242
+ EOF
243
+ #
244
+
245
+
246
+Patch the typo ` make `
247
+
248
+WTF?? was I half asleep when I was doing this?
249
+
250
+
251
+
252
+# [UPnP][68][?][68]
253
+
254
+See also [MediaCentre.UPnP][69]
255
+
256
+Moved [AppleTV][66] to [Frontrow][70] with [MediaCloud][71][?][71] [UPnP][68][?][68] client plugin
257
+
258
+
259
+
260
+## [MediaTomb][72][?][72] Installation
261
+
262
+* [Debian installation guide][73]
263
+
264
+Install 0.11 deb for amd64
265
+
266
+ # wget http://apt.mediatomb.cc/key.asc -O- -q | sudo apt-key add -
267
+ # echo "# mediatomb
268
+ deb http://apt.mediatomb.cc/ etch main
269
+ " >> /etc/apt/sources.list
270
+ # apt-get update
271
+ # apt-get install mediatomb
272
+
273
+
274
+
275
+
276
+### Transcode Audio
277
+
278
+Transcode audio to mp3 for Nokia [N770][74]
279
+
280
+
281
+
282
+* [http://gentoo-wiki.com/HOWTO\_MediaTomb#Using\_FFmpeg][75]
283
+ * Note, I removed -acodec from the args taken from the Gentoo guide
284
+
285
+ # vim /etc/mediatomb/scripts/mediatomb-transcode-audio
286
+ # chmod a+x mediatomb-transcode-audio
287
+ # cp mediatomb-transcode-audio /usr/bin/
288
+
289
+
290
+mediatomb-transcode-audio script: [MediaCentre.N770#AudioTranscoding][76]
291
+
292
+Modifications for OGG to [MP3][77][?][77] transcoding to play on Nokia N770
293
+
294
+ <map from="ogg" to="audio/ogg"/>
295
+ ...
296
+ <treat mimetype="audio/ogg" as="ogg"/>
297
+ ...
298
+ <transcode mimetype="audio/ogg" using="audio-common"/>
299
+
300
+ <profiles>
301
+ <profile name="audio-common" enabled="yes" type="external">
302
+ <mimetype>audio/mpeg</mimetype>
303
+ <accept-url>yes</accept-url>
304
+ <first-resource>yes</first-resource>
305
+ <accept-ogg-theora>no</accept-ogg-theora>
306
+ <agent command="mediatomb-transcode-audio" arguments="%in %out"/>
307
+ <buffer size="1048576" chunk-size="131072" fill-size="262144"/>
308
+ </profile>
309
+
310
+
311
+
312
+
313
+### Transcode Video
314
+
315
+For [N770][74]
316
+
317
+* [Internet Tablet Talk][78]
318
+* [Living with Linux][79]
319
+* [Maemo.org][80]
320
+* Needs upgrade to [OS2007][81][?][81] to play transcoded video
321
+ * Try with 3GPP or [MPEG2][82][?][82] container?
322
+ * Hack it with pre-transcoded file on FS with transcode script redirect?
323
+
324
+mediatomb-transcode-video-n770 script: [MediaCentre.N770#VideoTranscoding][83]
325
+
326
+Modifications for OGG to [MP3][77][?][77] transcoding to play on Nokia N770
327
+
328
+ <map from="ogg" to="audio/ogg"/>
329
+ ...
330
+ <treat mimetype="audio/ogg" as="ogg"/>
331
+ ...
332
+ <transcode mimetype="audio/ogg" using="audio-common"/>
333
+
334
+ <profiles>
335
+ <profile name="audio-common" enabled="yes" type="external">
336
+ <mimetype>audio/mpeg</mimetype>
337
+ <accept-url>yes</accept-url>
338
+ <first-resource>yes</first-resource>
339
+ <accept-ogg-theora>no</accept-ogg-theora>
340
+ <agent command="mediatomb-transcode-audio" arguments="%in %out"/>
341
+ <buffer size="1048576" chunk-size="131072" fill-size="262144"/>
342
+ </profile>
343
+
344
+
345
+
346
+
347
+## minidlna
348
+
349
+Replaces mediatomb. Can work in conjunction with bubbleupnpserver to maintain playlists on the server, rather than on the client.
350
+
351
+
352
+
353
+Config file
354
+: `/etc/minidlna.conf`:
355
+
356
+Ports
357
+: tcp8200, udp1900, udp55697
358
+
359
+Permissions
360
+: `usermod -a -G mc-movies,mc-tv,mc-photos,mc-music,mc-videos minidlna`
361
+
362
+
363
+
364
+### Config
365
+
366
+ media_dir=A,/export/mediasys/media/music/library
367
+ media_dir=V,/export/mediasys/media/movies/library
368
+ media_dir=V,/export/mediasys/media/tvshows/library
369
+ media_dir=A,/export/mediasys/media/photos/library
370
+ db_dir=/mnt/md6-media/metadata/minidlna
371
+ port=8200
372
+
373
+
374
+
375
+
376
+# Quotas
377
+
378
+* <http://www.mi80.com/hacking/Utilizing-Quotas-XFS>
379
+
380
+Enable quotas
381
+
382
+ # modprobe quota_v2
383
+ #
384
+
385
+
386
+* add grpquota to /etc/fstab
387
+* edquota /mnt/md3
388
+
389
+Currently getting "XFS: unknown mount option [grpquota]"
390
+
391
+
392
+
393
+# [BitTorrent][84][?][84]
394
+
395
+## Install rtorrent and moblock
396
+
397
+ # apt-get install rtorrent moblock
398
+
399
+
400
+
401
+
402
+## Configure Moblock
403
+
404
+Moblock needs a number of [NetFilter][85][?][85] modules. I have the following loaded:
405
+
406
+ nfnetlink_queue
407
+ nfnetlink
408
+ xt_mark
409
+ nf_conntrack_ipv4
410
+ xt_state
411
+ nf_conntrack
412
+ xt_NFQUEUE
413
+ x_tables
414
+
415
+Allow local network
416
+
417
+ # vim /etc/moblock/blocklists.list
418
+
419
+Comment out the iana-private list:
420
+
421
+ www.bluetack.co.uk/config/iana-private.gz
422
+
423
+Whitelist local network
424
+
425
+ # vim /etc/moblock/moblock.conf
426
+
427
+Add lines
428
+
429
+ WHITE_IP_IN="192.168.1.0/24"
430
+ WHITE_IP_OUT="192.168.1.0/24"
431
+
432
+Start moblock:
433
+
434
+ /etc/init.d/moblock start
435
+
436
+
437
+
438
+## Configure rTorrent
439
+
440
+### Scheduled Downloads
441
+
442
+
443
+
444
+### libCurl race condition fix
445
+
446
+* <http://libtorrent.rakshasa.no/ticket/1807>
447
+* <http://libtorrent.rakshasa.no/ticket/2159>
448
+
449
+ $ echo "max_open_http = 1" >> ~/rtorrent.rc
450
+
451
+
452
+
453
+
454
+## Build with [IPv6][86]
455
+
456
+* [IPv6 trac ticket][87]
457
+
458
+### Get
459
+
460
+ wget http://libtorrent.rakshasa.no/downloads/libtorrent-0.12.6.tar.gz
461
+ wget http://libtorrent.rakshasa.no/downloads/rtorrent-0.8.6.tar.gz
462
+ wget http://home.samfundet.no/~sesse/libtorrent-0.12.6-ipv6-07.patch
463
+ wget http://home.samfundet.no/~sesse/rtorrent-0.8.6-ipv6-07.patch
464
+
465
+
466
+
467
+
468
+### Extract and Patch
469
+
470
+ tar -xzvf libtorrent-0.12.6.tar.gz
471
+ patch -p0 < ../libtorrent-0.12.6-ipv6-07.patch
472
+ tar -xzvf rtorrent-0.8.6.tar.gz
473
+ patch -p0 < ../rtorrent-0.8.6-ipv6-07.patch
474
+
475
+
476
+
477
+
478
+### Fix broken libtool
479
+
480
+* Broken custom libtool scripts. Use default instead.
481
+
482
+ sed -i -e "s/^LIBTOOL=.*/LIBTOOL='libtool'/" libtorrent-0.12.6/scripts/libtool.m4
483
+ sed -i -e "s/^LIBTOOL=.*/LIBTOOL='libtool'/" rtorrent-0.8.6/scripts/libtool.m4
484
+
485
+
486
+
487
+
488
+### Build and Install
489
+
490
+#### libtorrent
491
+
492
+ cd libtorrent-0.12.6/
493
+ ./autogen.sh --enable-ipv6 && ./configure --enable-ipv6 && make
494
+ sudo make install
495
+
496
+
497
+
498
+
499
+#### rtorrent
500
+
501
+ cd rtorrent-0.8.6/
502
+ ./autogen.sh --enable-ipv6 && ./configure --enable-ipv6 && make
503
+ sudo make install
504
+
505
+
506
+
507
+
508
+### Run
509
+
510
+* libtorrent is installed in /usr/local/lib so need to set LD\_LIBRARY\_PATH
511
+ LD_LIBRARY_PATH=/usr/local/lib
512
+ /usr/local/bin/rtorrent
513
+
514
+
515
+
516
+
517
+
518
+## Upgrade rtorrent
519
+
520
+From 0.8.6 to 0.9.2.
521
+
522
+
523
+
524
+### Get
525
+
526
+wget http://libtorrent.rakshasa.no/downloads/rtorrent-0.9.2.tar.gz
527
+wget http://libtorrent.rakshasa.no/downloads/libtorrent-0.13.2.tar.gz
528
+tar -xzvf libtorrent-0.13.2.tar.gz
529
+tar -xzvf rtorrent-0.9.2.tar.gz
530
+
531
+[[$[Get Code]]][88]
532
+
533
+
534
+
535
+### Build
536
+
537
+cd libtorrent-0.13.2
538
+./configure --enable-ipv6 && make && sudo make install
539
+cd ../rtorrent-0.9.2
540
+./configure --enable-ipv6 && make
541
+cp /usr/local/bin/rtorrent{,-0.8.6}
542
+make install
543
+
544
+[[$[Get Code]]][89]
545
+
546
+
547
+
548
+### Update Configuration
549
+
550
+* max\_open\_sockets command became network.max\_open\_sockets
551
+
552
+mv ~/.rtorrent.rc ~/.rtorrent-0.8.rc
553
+cp ~/.rtorrent-0.8.rc ~/.rtorrent-0.9.rc
554
+sed -i -e "s/^max\_open\_sockets\W*=/network.&/" ~/.rtorrent-0.9.rc
555
+ln -sf ~/.rtorrent-0.9.rc ~/.rtorrent.rc
556
+
557
+[[$[Get Code]]][90]
558
+
559
+
560
+
561
+## rtorrent Web Frontend
562
+
563
+### rtgui
564
+
565
+* Installed
566
+* Need to recompile rtorrent with xmlrpc.
567
+
568
+
569
+
570
+### Rebuild libtorrent
571
+
572
+# update
573
+cd ~/src/libtorrent
574
+git checkout master
575
+git pull
576
+git checkout 0.13.1
577
+# build
578
+sudo apt-get install libcppunit-dev
579
+./autogen.sh
580
+./configure --enable-ipv6
581
+make && sudo make install
582
+
583
+[[$[Get Code]]][91]
584
+
585
+
586
+
587
+### Rebuild rtorrent with xmlrpc-c
588
+
589
+# update
590
+cd ~/src/rtorrent
591
+git checkout master
592
+git pull
593
+git checkout 0.9.1
594
+# build
595
+sudo apt-get install libxmlrpc-c3-dev
596
+./autogen.sh
597
+./configure --enable-ipv6 --with-xmlrpc-c
598
+make && sudo make install
599
+
600
+[[$[Get Code]]][92]
601
+
602
+
603
+
604
+# [BitTorrent][84][?][84] Multi-User
605
+
606
+## rutorrent
607
+
608
+# libapache2-mod-scgi already installed
609
+cd ~/src
610
+svn checkout http://rutorrent.googlecode.com/svn/trunk/ rutorrent
611
+sudo cp -a rutorrent/rutorrent /var/www/
612
+
613
+[[$[Get Code]]][93]
614
+
615
+Created /var/www/fix-permissions.sh
616
+
617
+# fix permissions
618
+RUTORRENT=/var/www/rutorrent
619
+chown -R root:root $RUTORRENT/ &&
620
+    chown -R www-data:www-data $RUTORRENT/share/ &&
621
+    find $RUTORRENT/share/ -type d -exec chmod 775 {} \; &&
622
+    find $RUTORRENT/share/ -type f -exec chmod 664 {} \;
623
+
624
+[[$[Get Code]]][94]
625
+
626
+Created /root/new-rutorrent-users.sh
627
+
628
+#!/bin/sh
629
+
630
+USERS=$*
631
+#PRETEND=echo
632
+
633
+RUTORRENT_ROOT=/var/www/rutorrent
634
+
635
+function add\_rutorrent\_user
636
+{
637
+    user=$1
638
+    NEW\_USER\_DIR="${RUTORRENT_ROOT}/conf/users/$user"
639
+    RPC_PORT=$(( $(id -u $user) + 4000 ))  # 5000...
640
+    RPC_MOUNT="/RPC$(( $(id -u $user) - 998 ))"  # 2...
641
+
642
+    echo -e "Adding rutorrent user $user\tRPC_PORT=$RPC_PORT\tRPC_MOUNT=$RPC_MOUNT"
643
+
644
+    $PRETEND mkdir -p "$NEW\_USER\_DIR" \
645
+    && $PRETEND cp "${RUTORRENT_ROOT}/conf"/*.ini "${RUTORRENT_ROOT}/conf"/*.php "$NEW\_USER\_DIR"
646
+
647
+    # rewrite config.php
648
+    cat "${RUTORRENT_ROOT}/conf/config.php" \
649
+        | sed "s%\(\$scgi_port\>\s\*=\s\*\)[0-9]\+%\1$RPC_PORT%
650
+               s%\(\$XMLRPCMountPoint\s\*=\s\*\)[^;]*;%\1\"$RPC_MOUNT\";%" \
651
+        > "$NEW\_USER\_DIR"/config.php
652
+
653
+
654
+}
655
+
656
+for user in $USERS
657
+do
658
+    add\_rutorrent\_user $user
659
+done
660
+
661
+[[$[Get Code]]][95]
662
+
663
+
664
+
665
+## htpasswd
666
+
667
+htpasswd -c /etc/rutorrent/htpasswd $user
668
+
669
+[[$[Get Code]]][96]
670
+
671
+
672
+
673
+# Defer Service Startup
674
+
675
+* Removed from sysvinit startup all services that depend on the array being present
676
+* mt-daapd, mediatomb, samba etc
677
+
678
+` sysv-rc-conf `
679
+
680
+
681
+
682
+# Windows Virtualization
683
+
684
+* KVM, [VMware][97][?][97], Qemu, [VirtualBox][98][?][98]
685
+* <http://marsbox.com/blog/reviews/vmware-vs-virtualbox/1/>
686
+* <http://www.linux-gamers.net/smartsection.item.56/virtualbox-vs-qemu.html>
687
+
688
+
689
+
690
+# SNMP
691
+
692
+* Implementation of [Network.SNMP][99]
693
+
694
+## Install Cacti
695
+
696
+` apt-get install cacti `
697
+
698
+## Configure Cacti
699
+
700
+` firefox http://hastur/cacti `
701
+
702
+
703
+
704
+## Reduce Syslog Noise
705
+
706
+* <http://www.rootninja.com/snmpd-sending-too-much-to-syslog-by-default/>
707
+* vim /etc/default/snmpd
708
+ # Log Warning(4) and above to (S)yslog (d)aemon
709
+ SNMPDOPTS='-LS 4 d -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
710
+
711
+
712
+
713
+
714
+
715
+# Live TV Streaming
716
+
717
+* <http://ab.id.au/StreamingTV>
718
+* Install dvbstream
719
+
720
+ # apt-get install dvbstream dvb-apps
721
+
722
+
723
+
724
+
725
+# Beets music tagger
726
+
727
+* [Beets][100]
728
+
729
+ # apt-get install python-setuptools python-mutagen
730
+ # cd beets-1.0b2
731
+ # python setup.py install
732
+
733
+
734
+* Give up
735
+
736
+ # apt-get remove python-setuptools python-mutagen
737
+
738
+
739
+* Try again with [Stefano's Ubuntu packages][101]
740
+
741
+
742
+
743
+# Postgres
744
+
745
+## Host configuration
746
+
747
+* postgresql.conf
748
+ listen_addresses = '*'
749
+
750
+
751
+
752
+* pg_hba.conf
753
+ # gnome: samenet ipv4, any ipv6
754
+ host all gnome 192.168.0.1/16 md5
755
+ host all gnome ::/0 md5
756
+
757
+
758
+
759
+
760
+
761
+## User configuration
762
+
763
+ # su postgres
764
+ $ createuser -P gnome
765
+ ...
766
+
767
+
768
+
769
+
770
+# Private Git Repo
771
+
772
+ $ mkdir repos
773
+ $ mkdir repos/aproject.git
774
+ $ cd repos/aproject.git
775
+ $ git --bare init
776
+
777
+
778
+
779
+
780
+# rssdler
781
+
782
+* <http://code.google.com/p/rssdler/>
783
+* <https://dodoincfedora.wordpress.com/2011/02/21/using-torrent-rss-feeds-with-rtorrent/>
784
+* Replaced with [Flexget][102]
785
+
786
+
787
+
788
+# tor and tsocks
789
+
790
+sudo vim /etc/tsocks.conf
791
+
792
+[[$[Get Code]]][103]
793
+
794
+ # We specify local as 127.0.0.0 - 127.191.255.255 because the
795
+ # Tor MAPADDRESS virtual IP range is the rest of net 127.
796
+ local = 127.0.0.0/255.128.0.0
797
+ local = 192.168.0.0/255.255.255.0
798
+ local = 10.0.0.0/255.0.0.0
799
+
800
+ # Tor daemon
801
+ server = 127.0.0.1
802
+ server_port = 9050
803
+
804
+
805
+
806
+
807
+
808
+# Logitech Media Server
809
+
810
+Implements [Multi Room Audio][104]
811
+
812
+
813
+
814
+github
815
+: <https://github.com/Logitech/slimserver>
816
+
817
+
818
+
819
+## Downloads
820
+
821
+Stable
822
+: <http://www.mysqueezebox.com/download>
823
+
824
+Nightly
825
+: <http://downloads.slimdevices.com/nightly/?ver=7.9>
826
+
827
+
828
+
829
+## Configure
830
+
831
+* Add squeezeboxserver to `mc-music` group and restart
832
+
833
+usermod -a -G mc-music squeezeboxserver
834
+/etc/init.d/logitechmediaserver restart
835
+
836
+[[$[Get Code]]][105]
837
+
838
+* Drop iptables
839
+* <http://hastur:9000>
840
+
841
+Local Music Folder
842
+: `/export/mediasys/media/music/library`
843
+
844
+Local Playlist Folder
845
+: `/export/mediasys/media/music/meta`
846
+
847
+
848
+
849
+* Create mysqueezebox.com account (optional)
850
+
851
+
852
+
853
+# Trac
854
+
855
+Under Apache and mod_wsgi: <https://help.ubuntu.com/community/TracApacheModWsgi>
856
+
857
+With postgres backend: <http://trac.edgewall.org/wiki/DatabaseBackend#Postgresql> (Purged postgres 8.4, retained postgres 9.1)
858
+
859
+
860
+
861
+## Postgres database
862
+
863
+# Create postgres database
864
+sudo -u postgres createdb trac
865
+# Add postgres user trac
866
+sudo -u postgres createuser -P trac
867
+sudo -u postgres psql
868
+trac=> alter user trac with password 'PASSWORD'
869
+trac=> GRANT ALL PRIVILEGES ON DATABASE trac to trac;
870
+# Install python bindings
871
+sudo apt-get install python-psycopg2
872
+
873
+[[$[Get Code]]][106]
874
+
875
+Configure permissions in `pg_hba.conf`:
876
+
877
+ # Add near the top of the file since config priority is top-to-bottom (like iptables)
878
+ local trac trac password
879
+
880
+
881
+
882
+
883
+## Trac itself
884
+
885
+# Initialize
886
+sudo trac-admin /var/www/trac initenv
887
+# You will be asked for the project-name and the database connection.
888
+> trac
889
+> postgres://trac:PASSWORD@/trac?host=/var/run/postgresql
890
+
891
+# Install Apache2, mod_wsgi:
892
+sudo apt-get install apache2 libapache2-mod-wsgi
893
+# Configure WSGI by running:
894
+sudo trac-admin /var/www/trac deploy /var/www/trac
895
+# which will create a /var/www/trac/cgi-bin/trac.wsgi file.
896
+# Give Apache the required privileges:
897
+sudo chown -R www-data /var/www/trac
898
+
899
+[[$[Get Code]]][107]
900
+
901
+Configure Apache by adding the following to `/etc/apache2/sites-available/trac`:
902
+
903
+ WSGIScriptAlias /trac /var/www/trac/cgi-bin/trac.wsgi
904
+ <Directory /var/www/trac>
905
+ WSGIApplicationGroup %{GLOBAL}
906
+ Order deny,allow
907
+ Allow from all
908
+ </Directory>
909
+
910
+
911
+
912
+
913
+# Deluge Bittorrent Server
914
+
915
+## Server config
916
+
917
+sudo apt-get install deluged deluge-console
918
+sudo su --shell /bin/bash --login debian-deluged
919
+deluged -d -L debug  # test
920
+
921
+[[$[Get Code]]][108]
922
+
923
+
924
+
925
+### Auth
926
+
927
+`/var/lib/deluged/.config/deluge/auth`
928
+
929
+# FIXME: add to new-user script!
930
+echo "user:pass:5" >> .config/deluge/auth
931
+
932
+[[$[Get Code]]][109]
933
+
934
+
935
+
936
+### Autoadd
937
+
938
+* <http://crashmag.net/setting-up-deluge-1-3-on-a-headless-server-with-autoadd-and-labels>
939
+* Don't need it if we use flexget deluge plugin
940
+
941
+
942
+
943
+## Client config
944
+
945
+deluge-console
946
+> connect localhost [user] [pass]
947
+
948
+[[$[Get Code]]][110]
949
+
950
+
951
+
952
+## Flexget config
953
+
954
+Move flexget to deluge's crontab.
955
+
956
+Add deluge to mcadm-movies and mcadm-tv so deluge can move completed files into place.
957
+
958
+Flexget sets deluge's torrent location, in-progress download location and completed move location for each torrent file.
959
+
960
+`/var/lib/deluged/.flexget/config.yml`
961
+
962
+ templates:
963
+ global:
964
+ deluge:
965
+ username: flexget
966
+ password: "somepassword"
967
+
968
+ deluge_tv:
969
+ download: /var/lib/deluged/torrents/tvshows
970
+ deluge:
971
+ label: "flexget-tvshows"
972
+ movedone: /mnt/md6-media/tvshows/new
973
+ path: /mnt/md6-media/incomplete
974
+
975
+ deluge_movie:
976
+ download: /var/lib/deluged/torrents/movies
977
+ deluge:
978
+ label: "flexget-movies"
979
+ movedone: /mnt/md6-media/movies/new
980
+ path: /mnt/md6-media/incomplete
981
+
982
+
983
+
984
+
985
+
986
+# squid-deb-proxy
987
+
988
+Deploy as a replacement for apt-cacher-ng.
989
+
990
+
991
+
992
+## Server
993
+
994
+apt-get install squid-deb-proxy
995
+# allow cognomen repo
996
+cat > /etc/squid-deb-proxy/mirror-dstdomain.acl.d/20-cognomen
997
+cognomen.co.uk
998
+^D
999
+# allow raspbian and osmc repos
1000
+cat > /etc/squid-deb-proxy/mirror-dstdomain.acl.d/30-osmc
1001
+mirrordirector.raspbian.org
1002
+apt.osmc.tv
1003
+^D
1004
+# update iptables
1005
+echo "8000 squid-deb-proxy" >> /etc/iptables/ports\_in\_tcp_allow
1006
+
1007
+[[$[Get Code]]][111]
1008
+
1009
+Allow access and caching of unofficial repos in `/etc/squid-deb-proxy/squid-deb-proxy.conf`:
1010
+
1011
+ #http_access deny !to_archive_mirrors
1012
+ http_access allow !to_archive_mirrors
1013
+
1014
+ # don't cache domains not listed in the mirrors file
1015
+ # uncomment the third and fourth line to cache any unlisted domains
1016
+ #cache deny !to_archive_mirrors
1017
+ cache allow !to_archive_mirrors
1018
+
1019
+
1020
+
1021
+
1022
+## Client
1023
+
1024
+`/etc/apt/apt.conf.d/50apt-proxy`
1025
+
1026
+ Acquire {
1027
+ Retries "0";
1028
+ HTTP { Proxy "http://hastur:8000"; };
1029
+ };
1030
+
1031
+
1032
+
1033
+
1034
+# NUT and UPS
1035
+
1036
+<https://thehomeserverhandbook.com/2012/02/28/monitoring_ups/>
1037
+
1038
+
1039
+
1040
+## NUT configuration
1041
+
1042
+Set startup mode in `/etc/nut/nut.conf`
1043
+
1044
+ MODE=netserver
1045
+
1046
+
1047
+Add UPS to `/etc/nut/ups.conf`
1048
+
1049
+ [eaton]
1050
+ driver = usbhid-ups
1051
+ port = auto
1052
+ desc = "Eaton Eclipse ECO 1200"
1053
+
1054
+
1055
+Configure upsd in `/etc/nut/upsd.conf`
1056
+
1057
+ LISTEN 0.0.0.0
1058
+
1059
+
1060
+Create upsd user credentials in `/etc/nut/upsd.users`, one for local monitor, one for home automation.
1061
+
1062
+ [upsmon]
1063
+ password = blah
1064
+ upsmon master
1065
+
1066
+ [pixie]
1067
+ password = foo
1068
+ upsmon slave
1069
+
1070
+
1071
+Local upsmon client config in `/etc/nut/upsmon.conf`
1072
+
1073
+ MONITOR eaton@localhost 1 upsmon blah master
1074
+
1075
+
1076
+
1077
+
1078
+## Fix incorrect Debian permissions
1079
+
1080
+<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721600>
1081
+
1082
+USB device rules need higher priority to set group ownership to `nut`:
1083
+
1084
+ sudo cp /lib/udev/rules.d/52-nut-usbups.rules /etc/udev/rules.d/62-nut-usbups.rules
1085
+
1086
+
1087
+
1088
+
1089
+# Log
1090
+
1091
+**2010-05-13**
1092
+
1093
+* Set "acl check permissions = no"
1094
+
1095
+**2010-06-04**
1096
+
1097
+* Implement user mediasys directories
1098
+* Add House smb share
1099
+
1100
+**2010-06-14**
1101
+
1102
+* Workaround libcurl race condition crashing rtorrent
1103
+
1104
+**2010-07-08**
1105
+
1106
+* Fix Samba name mangling with "mangled names = no"
1107
+
1108
+**2010-07-13**
1109
+
1110
+* Aborted installation of beets
1111
+
1112
+**2010-12-10**
1113
+
1114
+* Installed updated rtorrent with [IPv6][86]
1115
+
1116
+**2010-12-13**
1117
+
1118
+* Tweak logging of snmpd
1119
+
1120
+**2011-04-07**
1121
+
1122
+* Install postgres for CV
1123
+
1124
+**2011-11-11**
1125
+
1126
+* Add systems group
1127
+
1128
+` groupadd -g 3012 systems `
1129
+
1130
+* Apply ACL for md6-media/systems
1131
+
1132
+**2013-10-22**
1133
+
1134
+* Update libtorrent to 0.13.2 and rtorrent to 0.9.2
1135
+
1136
+**2014-02-05**
1137
+
1138
+* Install rtgui. (unconfigured)
1139
+* Built and installed libtorrent (branch 0.13.1 == libtorrent.so.17.0.4)
1140
+* Built and installed rtorrent (branch 0.9.1 == rtorrent-0.9.3) to /usr/local/
1141
+
1142
+**2016-03-31**
1143
+
1144
+* Try out deluged since rtorrent keeps crashing in `res_send.c`
1145
+* Replace mediatomb with minidlna
1146
+
1147
+**2016-05-10**
1148
+
1149
+* Remove apt-cacher-ng
1150
+* Deploy squid-deb-proxy
1151
+
1152
+**2017-01-07**
1153
+
1154
+* NUT
1155
+
1156
+ [1]: Hastur
1157
+ [66]: /AppleTV/AppleTV
1158
+ [69]: /MediaCentre/UPnP
1159
+ [70]: /AppleTV/Frontrow
1160
+ [73]: http://mediatomb.cc/pages/download#debian_ubuntu
1161
+ [74]: /MediaCentre/N770
1162
+ [75]: http://gentoo-wiki.com/HOWTO_MediaTomb#Using_FFmpeg
1163
+ [76]: /MediaCentre/N770#AudioTranscoding
1164
+ [78]: http://www.internettablettalk.com/wiki/index.php?title=Multimedia:Converting_videos_to_Nokia_770_format
1165
+ [79]: http://linux.seindal.dk/2005/11/22/watching-movies-on-the-nokia-770/
1166
+ [80]: http://maemo.org/community/wiki/videoencoding/
1167
+ [83]: /MediaCentre/N770#VideoTranscoding
1168
+ [86]: IPv6
1169
+ [87]: http://libtorrent.rakshasa.no/ticket/1111
1170
+ [88]: HasturSoftware?action=sourceblock&num=1
1171
+ [89]: HasturSoftware?action=sourceblock&num=2
1172
+ [90]: HasturSoftware?action=sourceblock&num=3
1173
+ [91]: HasturSoftware?action=sourceblock&num=4
1174
+ [92]: HasturSoftware?action=sourceblock&num=5
1175
+ [93]: HasturSoftware?action=sourceblock&num=6
1176
+ [94]: HasturSoftware?action=sourceblock&num=7
1177
+ [95]: HasturSoftware?action=sourceblock&num=8
1178
+ [96]: HasturSoftware?action=sourceblock&num=9
1179
+ [99]: SNMP
1180
+ [100]: http://beets.radbox.org/
1181
+ [101]: https://code.edge.launchpad.net/~stefanor
1182
+ [102]: http://flexget.com/
1183
+ [103]: HasturSoftware?action=sourceblock&num=10
1184
+ [104]: /MediaCentre/MultiRoomAudio
1185
+ [105]: HasturSoftware?action=sourceblock&num=11
1186
+ [106]: HasturSoftware?action=sourceblock&num=12
1187
+ [107]: HasturSoftware?action=sourceblock&num=13
1188
+ [108]: HasturSoftware?action=sourceblock&num=14
1189
+ [109]: HasturSoftware?action=sourceblock&num=15
1190
+ [110]: HasturSoftware?action=sourceblock&num=16
1191
+ [111]: HasturSoftware?action=sourceblock&num=17
... ...
\ No newline at end of file
Network/HasturSystemSoftware.md
... ...
@@ -0,0 +1,1428 @@
1
+---
2
+title: HasturSystemSoftware
3
+---
4
+
5
+Back to [Hastur][1]
6
+
7
+
8
+
9
+[[_TOC_]]
10
+
11
+## Debian installation
12
+
13
+After mininst CD installation
14
+
15
+ # vim /etc/apt/sources.list
16
+
17
+ #comment out cdrom entry
18
+ #deb cdrom:[....
19
+ #add multimedia repos
20
+ deb http://debian-multimedia.fx-services.com/ stable main
21
+ deb-src http://debian-multimedia.fx-services.com/ stable main
22
+ EOF
23
+ #
24
+
25
+
26
+Configure network
27
+
28
+ # ifdown eth0
29
+ # vim /etc/network/interfaces
30
+
31
+ #replace dhcp with static
32
+ #iface eth0 inet dhcp
33
+ iface eth0 inet static
34
+ address $IP
35
+ netmask $NETMASK
36
+ gateway $GATEWAY_IP
37
+ EOF
38
+
39
+ # ifup eth0
40
+
41
+
42
+Update, install SSH
43
+
44
+ # apt-get install ssh
45
+ # apt-get install iproute
46
+ # apt-get install bzip2
47
+ # apt-get install hdparm
48
+
49
+
50
+Install SSH keys
51
+
52
+ hastur$ mkdir ~/.ssh
53
+ hastur$ chmod go-rwx ~/.ssh
54
+ other$ scp ~/.ssh/authorized_keys me@hastur:~/.ssh/
55
+
56
+
57
+Secure SSH Daemon
58
+
59
+ # vim /etc/ssh/sshd_config
60
+ PermitRootLogin no
61
+ AllowUsers me
62
+ PasswordAuthentication No
63
+ EOF
64
+ # /etc/init.d/ssh restart
65
+
66
+
67
+
68
+
69
+## Serial Console
70
+
71
+*2007-10-02*: Initial config *2013-10-31*: Boot console, sulogin and fstab fixes
72
+
73
+Configure serial console
74
+
75
+* <http://dev.riseup.net/grimoire/miscellaneous/serial-console/>
76
+
77
+Most serial console guides don't cover setting the serial console for fsck recovery at boot time.
78
+
79
+When the fsck fails at boot sulogin is run (the prompt is
80
+
81
+ "Enter root password or Ctrl-D to continue"
82
+
83
+
84
+or similar) on the default console only (console or tty0).
85
+
86
+
87
+
88
+### sysvinit and /etc/inittab
89
+
90
+Enable console on /dev/ttyS0 In /etc/inittab set
91
+
92
+* single user sulogin tty
93
+* z6 emergency fallthrough (if it exists)
94
+* getty on ttyS0
95
+
96
+ ~~:S:wait:/sbin/sulogin /dev/ttyS0
97
+ ...
98
+ z6:6:respawn:/sbin/sulogin /dev/ttyS0
99
+ ...
100
+ T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100
101
+
102
+
103
+Set default console in sysvinit settings (/etc/default/rcS)
104
+
105
+ CONSOLE=/dev/ttyS0
106
+
107
+
108
+This is used through the init.d files when sulogin is called.
109
+
110
+Allow root login
111
+
112
+ # vim /etc/securetty
113
+ ttyS0
114
+
115
+
116
+Test serial console
117
+
118
+ # kill -s SIGHUP 1
119
+
120
+
121
+All further work can now be completed over serial console and SSH.
122
+
123
+
124
+
125
+### Grub1
126
+
127
+In /boot/grub/menu.lst:
128
+
129
+* Set serial config
130
+* Set terminal config
131
+* Append to the kernel kopt line (including the #)
132
+
133
+e.g.:
134
+
135
+ serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
136
+ terminal console serial
137
+
138
+
139
+Append kernel options for serial console to *# kopt=root=...* line e.g.
140
+
141
+ # kopt=root=/dev/mapper/hastur-root ro console=ttyS0,115200n8 console=tty0
142
+
143
+
144
+
145
+
146
+### Grub2
147
+
148
+In /etc/default/grub
149
+
150
+ GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 console=tty0"
151
+ GRUB_CMDLINE_LINUX="console=ttyS0,115200n8 console=tty0"
152
+
153
+ # Uncomment to disable graphical terminal (grub-pc only)
154
+ GRUB_TERMINAL=serial
155
+ GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"
156
+
157
+
158
+Then regenerate the config
159
+
160
+grub-mkconfig
161
+
162
+[[$[Get Code]]][62]
163
+
164
+
165
+
166
+### fstab
167
+
168
+To assist in avoiding unnecessary boot failures, ensure the fs_passno field in fstab is set connectly for all filesystems.
169
+
170
+The sixth and final field in each fstab line determines whether and in which order the filesystem is checked at boot.
171
+
172
+: Do not fsck
173
+
174
+1
175
+: Root filesystem
176
+
177
+2-n
178
+: All other filesystems
179
+
180
+Patch fstab to disable fsck of raid array started manually after boot
181
+
182
+ -/dev/vg-md6/home /mnt/md6-home ext4 defaults,noatime,nosuid,noauto,acl 0 3
183
+ +/dev/vg-md6/home /mnt/md6-home ext4 defaults,noatime,nosuid,noauto,acl 0 0
184
+
185
+
186
+
187
+
188
+## Kernel Customization
189
+
190
+Install kernel build tools
191
+
192
+ # apt-get install kernel-package ncurses-dev fakeroot wget bzip2
193
+
194
+
195
+Get and extract kernel source and Tejun's libata patch
196
+
197
+ $ wget http://home-tj.org/files/libata-tj-stable/libata-tj-2.6.22.1-20070808.tar.bz2
198
+ $ wget http://www.eu.kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.1.tar.bz2
199
+ $ tar -xjvf linux-2.6.22.1.tar.bz2
200
+ $ tar -xjvf libata-tj-2.6.22.1-20070808.tar.bz2
201
+
202
+
203
+
204
+
205
+### Kernel Config
206
+
207
+ CONFIG_MCORE2=y # set in place of generic x86_64
208
+ CONFIG_NR_CPUS=4 # set in place of 32 to save memory
209
+
210
+
211
+Patch and configure kernel
212
+
213
+ $ cd linux-2.6.22.1
214
+ $ cp /boot/config-2.6.18-5-amd64 linux-2.6.22.1/.config
215
+ $ make oldconfig
216
+ $ patch -p1 < ../libata-tj-2.6.22.1-20070808/combined.patch
217
+ $ make menuconfig # check config
218
+ $ export CONCURRENCY_LEVEL=4 # Quad-core, don't use -j
219
+ $ make-kpkg clean
220
+ $ fakeroot make-kpkg --initrd --revision=libata.1.0 kernel_image
221
+
222
+
223
+Needs the --initrd to generate an initrd image for booting from LVM
224
+
225
+Install kernel
226
+
227
+ # dpkg -i linux-image-2.6.22.1-pmp_libata.1.0_amd64.deb
228
+
229
+
230
+Updates GRUB automagically
231
+
232
+
233
+
234
+### Module Autoloading
235
+
236
+Load DVB module for Hauppauge Nova-T
237
+
238
+ # echo "cx88_dvb # DVB support for Hauppauge Nova-T" >> /etc/modules
239
+
240
+
241
+
242
+
243
+## Cross Compiler
244
+
245
+(Don't remember why I needed this)
246
+
247
+* <http://psas.pdx.edu/DebianCrossCompilerHowto/>
248
+* <http://wiki.debian.org/BuildingCrossCompilers>
249
+
250
+
251
+
252
+## RAID Configuration
253
+
254
+#### 2007-10-03
255
+
256
+Create test RAID array
257
+
258
+ # apt-get install mdadm xfsprogs bonnie++
259
+ # for dev in {b..g} ; do echo ",125,fd" | sfdisk /dev/sd$dev ; done
260
+ # mdadm --create --verbose /dev/md0 --level=0 --raid-devices=6 /dev/sd{b..g}1
261
+
262
+
263
+Partition the disks
264
+
265
+ # cat > sfdisk.format
266
+ ,125,fd
267
+ ,12450,fd
268
+ ,,fd
269
+ EOF
270
+ # for dev in {b..g} ; do cat sfdisk.format | sfdisk /dev/sd$dev ; done
271
+
272
+
273
+Create [RAID0][63][?][63] for swap
274
+
275
+ # mdadm --create --verbose /dev/md0 --level=0 --raid-devices=6 /dev/sd{b..g}1
276
+ # mkswap /dev/md0
277
+ # swapon /dev/md0 -p0
278
+
279
+
280
+Create [RAID10][64][?][64] for database
281
+
282
+ # mdadm --create --verbose /dev/md1 --level=10 --raid-devices=6 /dev/sd{b..g}2
283
+ # mkfs.xfs -f /dev/md1
284
+
285
+
286
+Create [RAID5][65][?][65] for general data
287
+
288
+ # mdadm --create --verbose /dev/md5 --level=5 --raid-devices=5 --spare-devices=1 /dev/sd{b..g}3
289
+ # mkfs.xfs -f /dev/md5
290
+
291
+
292
+Install SMART mon
293
+
294
+ # apt-get install smartmontools
295
+
296
+
297
+Tested various RAID configurations. Seems /dev/sdc is broken.
298
+
299
+
300
+
301
+## RAID Benchmarks
302
+
303
+* <http://linux-ata.org/faq.html> - setting and checking NCQ
304
+
305
+* md0, raid 0, 6 disks
306
+* md1, raid 10, 6 disks, stripe of 3 mirrored pairs
307
+* md5, raid 5, 5 disks + 1 hot spare
308
+
309
+Setup: 4 Seagate, 2 Samsung. XFS with default options. 2.6.22.1. NCQ 31/32. SATA PM through 2 [SATA300][66][?][66] channels. 3 disks multiplexed per channel.
310
+
311
+| Version 1.03 | Sequential Output | Sequential Input | Random |
312
+||
313
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
314
+| Test | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
315
+| md0 | 4024M |   |   | 160706 | 15 | 67128 | 7 |   |   | 116615 | 6 | 392.9 | |
316
+| md1 | 4024M |   |   | 80089 | 10 | 53176 | 6 |   |   | 117342 | 7 | 166.1 | |
317
+| md5 | 4024M |   |   | 55785 | 8 | 34142 | 4 |   |   | 82070 | 5 | 318.3 | |
318
+
319
+Then md5 with varying NCQ depths
320
+
321
+ # for depth 1 8 31; do
322
+ for dev in {b..g} ; do
323
+ echo $depth > /sys/block/sd$dev/device/queue_depth;
324
+ done;
325
+ bonnie++ -f -d /mnt/md5 -s 4024 -n 0 -u root | tee ~/bonnie.raid5.ncq=$depth.out;
326
+ done
327
+
328
+
329
+| Version 1.03 | Sequential Output | Sequential Input | Random |
330
+||
331
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
332
+| Test | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
333
+| depth=1 | 4024M |   |   | 60390 | 9 | 33056 | 3 |   |   | 73552 | 4 | 311.3 | |
334
+| depth=8 | 4024M |   |   | 53196 | 8 | 33107 | 3 |   |   | 83029 | 5 | 311.4 | |
335
+| depth=31 | 4024M |   |   | 52550 | 8 | 34127 | 4 |   |   | 81684 | 4 | 306.5 | |
336
+
337
+Without PM
338
+
339
+| Version 1.03 | Sequential Output | Sequential Input | Random |
340
+||
341
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
342
+| Test | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
343
+| md0 | 4024M |   |   | 352560 | 33 | 154813 | 19 |   |   | 315842 | 19 | 669.9 | 1 |
344
+| md1 | 4024M |   |   | 222888 | 31 | 72417 | 9 |   |   | 170133 | 12 | 776.2 | 1 |
345
+| md5 | 4024M |   |   | 171088 | 28 | 68525 | 9 |   |   | 271605 | 20 | 641.8 | |
346
+
347
+
348
+
349
+#### 2007-10-09
350
+
351
+Finish RAID configuration
352
+
353
+Optimize
354
+
355
+ # blockdev --setra 4096 /dev/md0 # default 1536
356
+ # blockdev --setra 3072 /dev/md1 # default 768
357
+ # blockdev --setra /dev/md5 #
358
+
359
+
360
+Deprecated. Proper read-ahead testing done later. References suggest optimal config is 0 on all layers except the top-layer (dmcrypt).
361
+
362
+Post-optimization benchmarks
363
+
364
+| Version 1.03 | Sequential Output | Sequential Input | Random |
365
+||
366
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
367
+| Test | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
368
+| md0 | 4024M |   |   | 188582 | 18 | 86119 | 10 |   |   | 179046 | 10 | 481.6 | |
369
+| md1 | 4024M |   |   | 95734 | 12 | 49719 | 6 |   |   | 127244 | 7 | 482.1 | |
370
+| md5 | 4024M |   |   |   |   |   |   |   |   |   |   |   |   |
371
+
372
+Now rearrange md0 to alternate [PMs][67][?][67]
373
+
374
+ # mdadm --stop /dev/md{0,1,5}
375
+ # mdadm --create --verbose /dev/md0 --level=0 --raid-devices=6 /dev/sd{b,e,c,f,d,g}1
376
+ # mdadm --create --verbose /dev/md1 --level=10 --raid-devices=6 /dev/sd{b,e,c,f,d,g}2
377
+
378
+
379
+
380
+
381
+| Version 1.03 | Sequential Output | Sequential Input | Random |
382
+||
383
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
384
+| Test | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
385
+| md0 | 4024M |   |   | 192926 | 18 | 86918 | 11 |   |   | 180066 | 11 | 470.8 | |
386
+| md1 | 4024M |   |   | 97683 | 12 | 50525 | 6 |   |   | 120018 | 8 | 480.4 | |
387
+| md5 | 4024M |   |   |   |   |   |   |   |   |   |   |   |   |
388
+
389
+Or alternately
390
+
391
+ # mdadm --create --verbose /dev/md1 --level=10 --raid-devices=6 /dev/sd{b,d,f,c,e,g}2
392
+
393
+
394
+
395
+
396
+| Version 1.03 | Sequential Output | Sequential Input | Random |
397
+||
398
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
399
+| Test | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
400
+| md1 | 4024M |   |   | 96439 | 12 | 50751 | 6 |   |   | 118106 | 7 | 463.7 | |
401
+
402
+Save to mdadm.conf
403
+
404
+* <http://dev.riseup.net/grimoire/storage/software-raid/#updating_mdadmconf>
405
+
406
+ # mdadm --detail --scan --verbose >> /etc/mdadm/mdadm.conf
407
+
408
+
409
+
410
+
411
+## Disk Encryption
412
+
413
+ # apt-get install dmsetup
414
+
415
+
416
+Filesystem Using /dev/md0 to test on
417
+
418
+ # time dd if=/dev/urandom of=/dev/md0 bs=10240k
419
+ real 16m23.806s
420
+ user 0m0.004s
421
+ sys 15m40.363s
422
+
423
+ # apt-get install cryptsetup hashalot
424
+
425
+
426
+Create the encrypted partition
427
+
428
+ # cryptsetup --verbose --verify-passphrase luksFormat /dev/md0
429
+
430
+ WARNING!
431
+ ========
432
+ This will overwrite data on /dev/md0 irrevocably.
433
+
434
+ Are you sure? (Type uppercase yes): YES
435
+ Enter LUKS passphrase: not my real passphrase
436
+ Verify passphrase: not my real passphrase
437
+ Command successful.
438
+
439
+
440
+Now open it
441
+
442
+ # cryptsetup luksOpen /dev/md0 crypt-md0
443
+ Enter LUKS passphrase: not my real passphrase
444
+ key slot 0 unlocked.
445
+ Command successful.
446
+
447
+
448
+Create a filesystem, mount it
449
+
450
+ # mkfs.xfs /dev/mapper/crypt-md0
451
+ # mount /dev/mapper/crypt-md0 /mnt/md0
452
+
453
+
454
+
455
+
456
+ # bonnie++ -f -d /mnt/md0 -s 4024 -n 0 -u root
457
+
458
+
459
+Clean up
460
+
461
+ # umount /mnt/md0
462
+ # cryptsetup luksClose crypt-md0
463
+
464
+
465
+aes-x86_64 - load the module
466
+
467
+ # rmmod aes
468
+ # modprobe aes-x86_64
469
+
470
+
471
+Setup and Benchmark
472
+
473
+ # cryptsetup -c aes-cbc-essiv:sha256 luksFormat /dev/md0
474
+ # cryptsetup luksOpen /dev/md0 crypt-md0
475
+ # mkfs.xfs /dev/mapper/crypt-md0
476
+ # mount /dev/mapper/crypt-md0 md0
477
+ # bonnie++ -f -d /mnt/md0 -s 4024 -n 0 -u root
478
+ # umount /mnt/md0
479
+ # cryptsetup luksClose crypt-md0
480
+
481
+
482
+Next, try experimental LRW block mode
483
+
484
+ # modprobe lrw
485
+ # cryptsetup -c aes-lrw-benbi:sha256 -s 256 luksFormat /dev/md0
486
+ # cryptsetup luksOpen /dev/md0 crypt-md0
487
+ # mkfs.xfs /dev/mapper/crypt-md0
488
+ # mount /dev/mapper/crypt-md0 md0
489
+ # bonnie++ -f -d /mnt/md0 -s 4024 -n 0 -u root
490
+ # umount /mnt/md0
491
+ # cryptsetup luksClose crypt-md0
492
+
493
+
494
+For twofish:
495
+
496
+ # cryptsetup -c twofish-cbc-essiv:sha256 luksFormat /dev/md0
497
+ # cryptsetup luksOpen /dev/md0 crypt-md0
498
+ # mkfs.xfs /dev/mapper/crypt-md0
499
+ # mount /dev/mapper/crypt-md0 md0
500
+ # bonnie++ -f -d /mnt/md0 -s 4024 -n 0 -u root
501
+ # umount /mnt/md0
502
+ # cryptsetup luksClose crypt-md0
503
+
504
+
505
+Twofish-x86_64 - load the module
506
+
507
+ # rmmod twofish
508
+ # modprobe twofish-x86_64
509
+
510
+
511
+Setup and Benchmark
512
+
513
+ # cryptsetup -c twofish-cbc-essiv:sha256 luksFormat /dev/md0
514
+ # cryptsetup luksOpen /dev/md0 crypt-md0
515
+ # mkfs.xfs /dev/mapper/crypt-md0
516
+ # mount /dev/mapper/crypt-md0 md0
517
+ # bonnie++ -f -d /mnt/md0 -s 4024 -n 0 -u root
518
+ # umount /mnt/md0
519
+ # cryptsetup luksClose crypt-md0
520
+
521
+
522
+
523
+
524
+### Encryption Benchmarks
525
+
526
+md0, XFS
527
+
528
+
529
+
530
+| Version 1.03 | Sequential Output | Sequential Input | Random |
531
+||
532
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
533
+| Test | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
534
+| aes[1][68] | 4024M |   |   | 169349 | 17 | 46817 | 8 |   |   | 114262 | 13 | 394.4 | |
535
+| aes-64[2][69] | 4024M |   |   | 163673 | 17 | 46350 | 8 |   |   | 115287 | 13 | 398.4 | |
536
+| aes-lrw-64[3][70] | 4024M |   |   | 174988 | 18 | 49748 | 9 |   |   | 115869 | 13 | 400.7 | |
537
+| twofish[4][71] | 4024M |   |   | 140027 | 14 | 40582 | 7 |   |   | 109515 | 12 | 368.4 | |
538
+| twofish-64[5][72] | 4024M |   |   | 159518 | 16 | 43404 | 7 |   |   | 112616 | 13 | 403.9 | |
539
+
540
+
541
+
542
543
+
544
+1 aes-cbc-essiv:sha256 128-bit key [⇑][73]
545
+
546
+2 aes-cbc-essiv:sha256, 128-bit key, 64-bit [⇑][74]
547
+
548
+3 aes-lrw-benbi:sha256, 256-bit key, 64-bit [⇑][75]
549
+
550
+4 twofish-cbc-essiv:sha256 128-bit key [⇑][76]
551
+
552
+5 twofish-cbc-essiv:sha256, 128-bit key, 64-bit [⇑][77]
553
+
554
+
555
+
556
+## RAID Configuration - Take 2
557
+
558
+### Random data
559
+
560
+ # for dev in /dev/sd{b..g} ; do dd if=/dev/urandom of=$dev bs=1024k & done
561
+
562
+
563
+With port multipliers, may be faster this way:
564
+
565
+ # for dev in /dev/sd{b..d} ; do dd if=/dev/urandom of=$dev bs=1024k ; done &
566
+ # for dev in /dev/sd{e..g} ; do dd if=/dev/urandom of=$dev bs=1024k ; done &
567
+
568
+
569
+Get progress reports:
570
+
571
+ # # set delay, finished flag, get current tty device
572
+ # delay=3 ; finished=0; tty=`tty | cut -d/ -f3-`
573
+ # # get progress reports from dd
574
+ # while (( ! $finished )) ; do pkill -USR1 -t $tty dd ; finished=$? ; sleep $delay ; done
575
+
576
+
577
+Much faster to do this in parallel on the raw disks, not through the raid devices.
578
+
579
+To kill the dd's:
580
+
581
+ # pkill -t $tty dd
582
+
583
+
584
+
585
+
586
+### Partition
587
+
588
+#### 2007-10-12
589
+
590
+Then
591
+
592
+* Repartition
593
+* Recreate raid arrays
594
+
595
+Partitioning scheme:
596
+
597
+Seagate 500GB = 500106780160 bytes = 476938.9917 [MiB][78][?][78] = 465.760734 [GiB][79][?][79] Samsung 500GB = 500107862016 bytes = 476940.0234 [MiB][78][?][78] = 465.761742 [GiB][79][?][79]
598
+
599
+| md | Start | End | Blocks | Raid Size | Partition | Notes |
600
+|:--- | ----- | ---- | ------ | --------- | ------------------ | -------------------------------- |
601
+| md0 | 0M | 749M |   | 4.5GB | Swap | Separate so crypto can be random |
602
+| md2 | 750M | 50G |   | 300GB | [RAID0][63][?][63] | /var,/tmp |
603
+| md3 | 50G | 465G |   | 1660GB | [RAID5][65][?][65] | Everything else |
604
+
605
+Partition the disks, use sfdisk [MiB][78][?][78] format
606
+
607
+ # cat > sfdisk.format
608
+ ,750,fd
609
+ ,51200,fd
610
+ ,,fd
611
+ EOF
612
+ # for dev in {b..g} ; do cat sfdisk.format | sfdisk -uM /dev/sd$dev ; done
613
+
614
+
615
+
616
+
617
+### md0 - [RAID0][63][?][63] - swap
618
+
619
+Create [RAID0][63][?][63] for swap
620
+
621
+ # mdadm --create --metadata=1.2 --verbose --level=0 --raid-devices=6 /dev/md0 /dev/sd{b..g}1
622
+
623
+
624
+Edit /etc/crypttab and /etc/fstab
625
+
626
+ # echo "/dev/mapper/md0-swap /dev/md0 /dev/random swap" >> /etc/crypttab
627
+ # echo "/dev/mapper/md0-swap none swap sw 0 0" >> /etc/fstab
628
+
629
+
630
+Do first initialization manually
631
+
632
+ # cryptsetup -s 128 create --key-file /dev/random md0-swap /dev/md0
633
+ # mkswap /dev/mapper/md0-swap
634
+ # swapon /dev/mapper/md0-swap -p0 # set higher priority
635
+
636
+
637
+Don't think chunk size matters for [RAID0][63][?][63]. [RAID5][65][?][65] must be carefully tuned however.
638
+
639
+
640
+
641
+### md2 - [RAID0][63][?][63]
642
+
643
+Create [RAID0][63][?][63] for general use
644
+
645
+ # mdadm --create --metadata=1.2 --verbose --level=0 --raid-devices=6 /dev/md2 /dev/sd{b..g}2
646
+ # cryptsetup -c aes-lrw-benbi:sha256 -s 256 luksFormat /dev/md2
647
+
648
+ WARNING!
649
+ ========
650
+ This will overwrite data on /dev/md2 irrevocably.
651
+
652
+ Are you sure? (Type uppercase yes): YES
653
+ Enter LUKS passphrase: (enter short password, for testing)
654
+
655
+
656
+The passphrase is only for testing chunk-size performance. Later, we'll remove the passphrase and replace it with random key material stored on a USB token.
657
+
658
+Edit /etc/crypttab and /etc/fstab
659
+
660
+ # echo "/dev/mapper/crypt-md2 /dev/md2 none luks" >> /etc/crypttab
661
+ # echo "/dev/mapper/crypt-md2 /mnt/md2 xfs defaults,noatime,noexec,noauto 0 3" >> /etc/fstab
662
+
663
+
664
+
665
+
666
+ # cryptsetup luksOpen /dev/md2 crypt-md2
667
+ # mkfs.xfs -f -d sunit=16,swidth=96 /dev/mapper/crypt-md2
668
+ # mount -t xfs /dev/mapper/crypt-md2 /mnt/md2
669
+ # bonnie++ -f -d /mnt/md2 -s 4024 -n 0 -u root
670
+
671
+
672
+swidth = sunit × num-raid-devices
673
+
674
+
675
+
676
+#### Chunk size benchmarks
677
+
678
+Cleanup
679
+
680
+ # umount /mnt/md2
681
+ # cryptsetup luksClose crypt-md2
682
+ # mdadm --stop /dev/md2
683
+
684
+
685
+Chunk size
686
+
687
+ # mdadm --create --metadata=1.2 --verbose --chunk 128 --level=0 --raid-devices=6 /dev/md2 /dev/sd{b..g}2
688
+ # cryptsetup -c aes-lrw-benbi:sha256 -s 256 luksFormat /dev/md2
689
+ # cryptsetup luksOpen /dev/md2 crypt-md2
690
+ # mkfs.xfs -f -d sunit=16,swidth=96 /dev/mapper/crypt-md2
691
+ # mount -t xfs /dev/mapper/crypt-md2 /mnt/md2
692
+ # bonnie++ -f -d /mnt/md2 -s 4024 -n 0 -u root
693
+
694
+
695
+etc...
696
+
697
+
698
+
699
+##### [RAID0][63][?][63]
700
+
701
+| Version 1.03 | Sequential Output | Sequential Input | Random |
702
+||
703
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
704
+| Chunk-size | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
705
+| 64 | 4024M |   |   | 166964 | 18 | 48156 | 9 |   |   | 112035 | 13 | 369.9 | |
706
+| 128 | 4024M |   |   | 170101 | 18 | 44732 | 9 |   |   | 93034 | 11 | 388.1 | |
707
+| 256 | 4024M |   |   | 168815 | 18 | 43214 | 8 |   |   | 89604 | 10 | 410.9 | |
708
+
709
+Stick to 64k chunk size.
710
+
711
+
712
+
713
+### md3 - [RAID5][65][?][65]
714
+
715
+Create [RAID5][65][?][65] for general use
716
+
717
+* Test various chunk sizes
718
+
719
+ # mdadm --create --metadata=1.2 --verbose --chunk 128 --level=5 --raid-devices=5 --spare-devices=1 /dev/md3 /dev/sd{b..g}3
720
+ # cryptsetup -c aes-lrw-benbi:sha256 -s 256 luksFormat /dev/md3
721
+ # cryptsetup luksOpen /dev/md3 crypt-md3
722
+ # mkfs.xfs -f -d sunit=128,swidth=640 /dev/mapper/crypt-md3
723
+ # mount -t xfs /dev/mapper/crypt-md3 /mnt/md3
724
+ # bonnie++ -f -d /mnt/md3 -s 4024 -n 0 -u root
725
+
726
+
727
+swidth = sunit × num-raid-devices
728
+
729
+Edit /etc/crypttab and /etc/fstab
730
+
731
+ # echo "/dev/mapper/crypt-md3 /dev/md3 none luks" >> /etc/crypttab
732
+ # echo "/dev/mapper/crypt-md3 /mnt/md3 xfs defaults,noatime,noexec,noauto 0 3" >> /etc/fstab
733
+
734
+
735
+
736
+
737
+#### sunit and swidth
738
+
739
+mkfs.xfs can't work out sunit and swidth from a dmcrypt device. So run mkfs.xfs on the md device first and use the values it calculates there when running mkfs.xfs on the dmcrypt device.
740
+
741
+
742
+
743
+ # mkfs.xfs -f /dev/md3
744
+ meta-data=/dev/md3 isize=256 agcount=32, agsize=13599264 blks
745
+ = sectsz=4096 attr=0
746
+ data = bsize=4096 blocks=435176448, imaxpct=25
747
+ = sunit=16 swidth=80 blks, unwritten=1
748
+ naming =version 2 bsize=4096
749
+ log =internal log bsize=4096 blocks=32768, version=2
750
+ = sectsz=4096 sunit=1 blks
751
+ realtime =none extsz=327680 blocks=0, rtextents=0
752
+
753
+
754
+Note that the log size is 128MB. ( bsize × blocks = 4K × 32×2^10 = 128M)
755
+
756
+
757
+
758
+| Version 1.03 | Sequential Output | Sequential Input | Random |
759
+||
760
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
761
+| Chunk-size | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
762
+| 64 | 4024M |   |   | 50391 | 7 | 28868 | 6 |   |   | 88188 | 11 | 302.0 | |
763
+| 128 | 4024M |   |   | 45829 | 6 | 28207 | 5 |   |   | 77503 | 9 | 294.1 | |
764
+| 256 | 4024M |   |   | 37982 | 5 | 27898 | 5 |   |   | 70849 | 9 | 313.4 | |
765
+
766
+
767
+
768
+##### Readahead and stripe cache size
769
+
770
+Chunk=256
771
+
772
+| Version 1.03 | Sequential Output | Sequential Input | Random |
773
+||
774
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
775
+| RA[1][80] | SC[2][81] | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
776
+| 256 | xxx | 4024M |   |   | 36932 | 5 | 28244 | 6 |   |   | 69821 | 8 | 300.9 | |
777
+| 4096 | xxx | 4024M |   |   | 36161 | 5 | 28999 | 4 |   |   | 111310 | 11 | 306.8 | |
778
+| 4096 | 4096 | 4024M |   |   | 76893 | 11 | 40381 | 6 |   |   | 111537 | 10 | 282.5 | |
779
+
780
+Chunk=64
781
+
782
+| Version 1.03 | Sequential Output | Sequential Input | Random |
783
+||
784
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
785
+| RA | SC | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
786
+| 4096 | 4096 |
787
+
788
+Here I got fed up with PM and directly connected the drives.
789
+
790
+ # mkfs.xfs -f -d sunit=16,swidth=80 /dev/mapper/crypt-md3
791
+
792
+
793
+chunk=64, bsize=4k, sunit=16, swidth=80
794
+
795
+| Version 1.03 | Sequential Output | Sequential Input | Random |
796
+||
797
+|   | Per Chr | Block | Rewrite | Per Chr | Block | Seeks |
798
+| RA | SC | Size | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | K/sec | %CP | /sec | %CP |
799
+| 4096 | 4096 | 4024M |   |   | 196838 | 26 | 73407 | 11 |   |   | 238919 | 22 | 402.0 | |
800
+
801
+
802
+
803
804
+
805
+1 read-ahead [⇑][82]
806
+
807
+2 stripe cache size [⇑][83]
808
+
809
+echo 4096 > /sys/block/md3/md/stripe\_cache\_size
810
+
811
+/dev/sdc died during benchmarking so:
812
+
813
+ # mdadm --create --metadata=1.2 --verbose --chunk 128 --level=5 --raid-devices=5 /dev/md3 /dev/sd{b,d,e,f,g}3
814
+ # cryptsetup -c aes-lrw-benbi:sha256 -s 256 luksFormat /dev/md3
815
+ # cryptsetup luksOpen /dev/md3 crypt-md3
816
+ # mkfs.xfs -f -d sunit=128,swidth=640 /dev/mapper/crypt-md3
817
+ # mount -t xfs /dev/mapper/crypt-md3 /mnt/md3
818
+
819
+
820
+Limit rebuild speed ([KiB][84][?][84]/sec)
821
+
822
+ # echo 1000 > /proc/sys/dev/raid/speed_limit_min
823
+ # echo 20000 > /proc/sys/dev/raid/speed_limit_max
824
+
825
+
826
+Save dmraid configuration so far
827
+
828
+ # mdadm --detail --scan --verbose >> /etc/mdadm/mdadm.conf
829
+
830
+
831
+Shutdown
832
+
833
+ # umount /mnt/md2 /mnt/md3
834
+ # swapoff /dev/mapper/md0-swap
835
+ # cryptsetup remove md0-swap
836
+ # cryptsetup remove crypt-md2
837
+ # cryptsetup remove crypt-md3
838
+ # mdadm --stop /dev/md*
839
+
840
+
841
+
842
+
843
+### PM RAID take 2
844
+
845
+#### 2007-11-30
846
+
847
+* Added a [SiI3132][85][?][85] [PCIe][86][?][86] controller. Should exhibit 130mbit bandwidth limit.
848
+* Only 5 disks working now so have to force bonnie++ to run with < 2×RAM.
849
+
850
+
851
+
852
+#### Benchmark [RAID0][63][?][63]
853
+
854
+ # mdadm --create --metadata=1.2 --verbose --level=0 --raid-devices=6 /dev/md0 /dev/sd{b..g}1
855
+ # cryptsetup -c aes-lrw-benbi:sha256 -s 256 luksFormat /dev/md0
856
+ # cryptsetup luksOpen /dev/md0 crypt-md0
857
+ # mkfs.xfs -f -d sunit=16,swidth=96 /dev/mapper/crypt-md0
858
+ # mount -t xfs /dev/mapper/crypt-md0 /mnt/md0
859
+ # for dev in sd{b..f} ; do blockdev --setra 128 /dev/$dev ; done
860
+ # blockdev --setra 128 /dev/md0
861
+ # blockdev --setra 8192 /dev/mapper/crypt-md0
862
+ # bonnie++ -f -d /mnt/md0 -r 1800 -s 3700 -n 0 -u root
863
+
864
+
865
+
866
+
867
+## Backports
868
+
869
+* <http://www.backports.org/dokuwiki/doku.php?id=instructions>
870
+
871
+ # echo 'deb http://www.backports.org/debian etch-backports main contrib non-free' >> /etc/apt/sources.list
872
+ # apt-get update
873
+ # apt-get -t etch-backports install foo
874
+
875
+
876
+
877
+
878
+## Performance Tweaks
879
+
880
+Tweak RAID array parameters in rc.local
881
+
882
+`# vim rc.local `
883
+
884
+
885
+
886
+ # Configure RAID
887
+ DEVICES="sda sdb sdc sdd sde sdf"
888
+
889
+ # disable NCQ
890
+ for dev in $DEVICES ; do
891
+ echo 1 > /sys/block/$dev/device/queue_depth;
892
+ done;
893
+
894
+ # set read-ahead
895
+ for dev in $DEVICES ; do
896
+ blockdev --setra 128 /dev/$dev
897
+ done
898
+ blockdev --setra 128 /dev/md{0,2,3}
899
+ blockdev --setra 8192 /dev/mapper/md0-swap /dev/mapper/crypt-md{2,3}
900
+
901
+ # set stripe_cache_size
902
+ echo 8192 > /sys/block/md3/md/stripe_cache_size
903
+
904
+ exit 0
905
+
906
+
907
+Have to fix detecting the devices. May not always be sd{a..f}
908
+
909
+
910
+
911
+## Boot probe order
912
+
913
+* sata\_sil24 gets probed before pata\_jmicron so can't boot with RAID array attached.
914
+ * Solution: remove sata_sil24 from initramfs
915
+
916
+1. Put just the needed modules in the initramfs ` vim /etc/initramfs-tools/initramfs.conf `
917
+ MODULES=dep
918
+
919
+
920
+
921
+2. Unload sata_sil24
922
+ # cryptsetup luksClose /dev/mapper/crypt-md3
923
+ # mdadm --stop /dev/md3
924
+ # rmmod sata_sil24
925
+
926
+
927
+
928
+3. Recreate initramfs
929
+ # mkinitramfs -k 2.6.25-pmp -o /boot/initrd.img-2.6.25-pmp
930
+
931
+
932
+
933
+
934
+
935
+## Replacement HDD
936
+
937
+*2008-08-06* - Finally RMA'd the faulty Samsung HDD.
938
+
939
+### Initialize new disk
940
+
941
+ # badblocks -c 10240 -s -w -t random -o sdg.new.badblocks.out -v /dev/sdg
942
+
943
+
944
+
945
+
946
+### Partition and add to RAID
947
+
948
+ # cat sfdisk.format | sfdisk -uM /dev/sdg
949
+ # mdadm /dev/md3 --add /dev/sdg3
950
+
951
+
952
+
953
+
954
+### Limit rebuild speed
955
+
956
+In [KiB][84][?][84]/sec:
957
+
958
+ # echo 1000 > /proc/sys/dev/raid/speed_limit_min
959
+ # echo 20000 > /proc/sys/dev/raid/speed_limit_max
960
+
961
+
962
+
963
+
964
+### Grow array from 5+1 to 6
965
+
966
+ # mdadm --grow /dev/md3 --raid-devices=6 --backup-file=/var/tmp/raidresize
967
+
968
+
969
+
970
+
971
+### Expand LUKS partition
972
+
973
+ # cryptsetup resize crypt-md3
974
+
975
+
976
+
977
+
978
+### Expand XFS
979
+
980
+ # xfs_growfs /mnt/md3
981
+
982
+
983
+
984
+
985
+## Process Limits
986
+
987
+* Set limits to prevent processes like lsdvd killing the system when freaking out on dodgy [ISOs][87][?][87]
988
+
989
+ # cat >> /etc/profile
990
+ if [ $UID -ge 1000 ]
991
+ then
992
+ ulimit -m 1000000 # Max resident memory 1GB
993
+ ulimit -v 1000000 # Max virtual memory 1GB
994
+ ulimit -u 150 # Max processes 150
995
+ fi
996
+
997
+
998
+
999
+
1000
+## ATA Hard Resets
1001
+
1002
+* Started getting ATA hard resets
1003
+* At or around the same time:
1004
+ * the power supply on DGS-1008D switch died
1005
+ * bad interference on digital TV and cellphone conversations was noticed
1006
+* Narrowed it down to one enclosure slot
1007
+ * Could be a power supply problem?
1008
+ * Cable problem?
1009
+* See [HasturAtaFailures][88]
1010
+
1011
+
1012
+
1013
+## Monitor RAID
1014
+
1015
+### Configure cron
1016
+
1017
+Monitors the array every 20 minutes
1018
+
1019
+ $ crontab -e
1020
+ 0,20,40 * * * * /sbin/mdadm --monitor --oneshot --mail yourname@yourisp
1021
+
1022
+
1023
+
1024
+
1025
+## Upgrade to Lenny
1026
+
1027
+#### 2009-05-13
1028
+
1029
+* Replaced all occurrences of stable and etch with lenny
1030
+* apt-get update && apt-get dist-upgrade
1031
+* /boot was mounted ro, had to remount and retry upgrade
1032
+
1033
+
1034
+
1035
+## Recover RAID after failed disks
1036
+
1037
+* Recreated RAID array superblocks with mdadm-2.5.6
1038
+* Script to permute ordering.
1039
+* [HasturRaidRecovery][89]
1040
+* [HasturRaidConfiguration][90]
1041
+
1042
+
1043
+
1044
+## Boot Reconfiguration
1045
+
1046
+#### 2009-09-09
1047
+
1048
+### Disable boot-time serial console
1049
+
1050
+* Edit /boot/grub/menu.lst
1051
+* Edit inittab
1052
+
1053
+#### 2009-09-13
1054
+
1055
+* Turn serial console back on but give precedence to console
1056
+
1057
+ serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
1058
+ terminal console serial
1059
+
1060
+
1061
+
1062
+
1063
+### Don't start cryptdisks on boot
1064
+
1065
+* sysv-rc-conf: disabled cryptdisks, cryptdisks-early
1066
+
1067
+
1068
+
1069
+## Recover RAID again
1070
+
1071
+#### 2009-09-10
1072
+
1073
+### md2
1074
+
1075
+ mdadm --create --assume-clean --metadata=1.2 --verbose --level=0 --raid-devices=6 /dev/md2 /dev/sd{e,f,g,b,c,d}2
1076
+
1077
+
1078
+
1079
+
1080
+### md3
1081
+
1082
+ mdadm-2.5.6 -C --assume-clean -f -e 1.2 -l 5 -c 128 -n6 /dev/md3 /dev/sd{b,g,d,c,f,e}3
1083
+
1084
+
1085
+
1086
+
1087
+## Move mounted home
1088
+
1089
+#### 2009-09-10
1090
+
1091
+ # mv /mnt/md3/systems/hastur/home /mnt/md3/home
1092
+ # cd /mnt/md3/systems/hastur && ln -s ../../home
1093
+
1094
+
1095
+
1096
+
1097
+## Kernel Upgrade
1098
+
1099
+#### 2009-09-16
1100
+
1101
+* To 2.6.31
1102
+
1103
+ # dpkg -i /usr/src/linux-image-2.6.31-pmp_hastur.1.0_amd64.deb
1104
+
1105
+
1106
+
1107
+
1108
+## Array Upgrade
1109
+
1110
+* [Hastur Raid Upgrade][91]
1111
+
1112
+
1113
+
1114
+## Extend Logical Volumes
1115
+
1116
+ # lvextend -L +100G /dev/vg-md6/home
1117
+ # lvextend -L +300G /dev/vg-md6/media
1118
+ # resize2fs /dev/vg-md6/home &
1119
+ # resize2fs /dev/vg-md6/media &
1120
+
1121
+
1122
+
1123
+
1124
+## Prepare Backup Disks
1125
+
1126
+ # Create mdadm raid 1 with metadata at the end
1127
+ mdadm --create /dev/md5 -e 1 --level=1 --raid-devices=2 /dev/sdg /dev/sdh
1128
+ # resync
1129
+ mdadm --readwrite /dev/md5
1130
+ # init LUKS, keysize (-s) is required for aes-xts-plain
1131
+ cryptsetup luksFormat -c aes-xts-plain -s 512 /dev/md5
1132
+ # filesystem
1133
+ mkfs.ext3 -m0 /dev/md5
1134
+
1135
+
1136
+
1137
+
1138
+* copy
1139
+* prep for shipping
1140
+
1141
+
1142
+
1143
+## Array Upgrade 2
1144
+
1145
+* [Hastur Raid Upgrade 2][92]
1146
+
1147
+
1148
+
1149
+## Upgrade to Squeeze
1150
+
1151
+#### 2012-11-05
1152
+
1153
+Followed [howtoforge][93].
1154
+
1155
+* Backed up /etc
1156
+ tar -czvf /mnt/md6-media/systems/etc.tgz /etc
1157
+
1158
+
1159
+
1160
+* Found Lenny archive at: <http://ftp.de.debian.org/debian-archive/debian>
1161
+
1162
+
1163
+
1164
+ apt-get clean # running out of space on /var
1165
+ apt-get update # update old distro
1166
+ apt-get upgrade # upgrade old distro
1167
+
1168
+
1169
+Upgrade incomplete. Still on Lenny.
1170
+
1171
+/boot was mounted ro, had to remount and retry upgrade.
1172
+
1173
+
1174
+
1175
+#### 2013-10-30
1176
+
1177
+* Reattempted upgrade
1178
+
1179
+
1180
+
1181
+### Kernel
1182
+
1183
+Following [Debian manual][94]
1184
+
1185
+* apt-get upgrade
1186
+
1187
+apt-get install linux-image-2.6-amd64
1188
+# fails out of space on /lib!
1189
+
1190
+[[$[Get Code]]][95]
1191
+
1192
+
1193
+
1194
+#### Out of space in /lib
1195
+
1196
+* Reconfigure sshd to allow root login temporarily
1197
+* ssh in as root
1198
+* Resize hastur-home LVM
1199
+ * Reduce fs to 50G, reduce lv to 52G, expand fs again to fill lv
1200
+
1201
+umount /home
1202
+HOME_DEV=/dev/mapper/hastur-home
1203
+e2fsck -f $HOME_DEV
1204
+resize2fs $HOME_DEV 50G
1205
+e2fsck -f $HOME_DEV
1206
+lvreduce -L 52G $HOME_DEV
1207
+resize2fs $HOME_DEV
1208
+# Extend home-root by 512GB, leave the rest unused
1209
+ROOT_DEV=/dev/mapper/hastur-root
1210
+lvextend -L +512M $ROOT_DEV
1211
+resize2fs $ROOT_DEV
1212
+# Redo kernel upgrade
1213
+apt-get -f install
1214
+
1215
+[[$[Get Code]]][96]
1216
+
1217
+
1218
+
1219
+### udev
1220
+
1221
+* Problem with libc6-i386 dependencies related to transition to multiarch.
1222
+ * Solution: Removed ia32-libs and all dependents. Removed libc6-i386
1223
+
1224
+apt-get remove dpt-i2o-raidutils
1225
+dpkg --remove lib32asound2 lib32gcc1 lib32ncurses5 lib32stdc++6 lib32z1 lib32z1-dev libc6-dev-i386 libc6-i386
1226
+# resume udev install (with some deps including gcc4.4-base)
1227
+apt-get install udev
1228
+
1229
+[[$[Get Code]]][97]
1230
+
1231
+
1232
+
1233
+### dist-upgrade
1234
+
1235
+apt-get upgrade
1236
+apt-get dist-upgrade  # fails with perl libanyevent problems
1237
+# check anyevent-perl deps
1238
+apt-cache showpkg anyevent-perl  # none!
1239
+dpkg -r anyevent-perl
1240
+apt-get install -f   # fix the packages that anyevent-perl broke
1241
+
1242
+[[$[Get Code]]][98]
1243
+
1244
+
1245
+
1246
+#### mediatomb
1247
+
1248
+# backup
1249
+/etc/init.d/mediatomb stop
1250
+cd /etc
1251
+tar -czvf mediatomb.tgz mediatomb/
1252
+# remove
1253
+apt-get purge mediatomb mediatomb-common mediatomb-daemon
1254
+rm -rf /etc/mediatomb
1255
+apt-get install mediatomb-daemon
1256
+# extract backup and merge configs
1257
+cd /etc/mediatomb
1258
+tar -xzvf /etc/mediatomb.tgz
1259
+mv mediatomb old
1260
+vimdiff config.xml old/config.xml
1261
+# restart
1262
+/etc/init.d/mediatomb restart
1263
+
1264
+[[$[Get Code]]][99]
1265
+
1266
+
1267
+
1268
+#### Switch postgresql
1269
+
1270
+# Stop and backup
1271
+/etc/init.d/postgresql stop
1272
+tar -czvf 8.3.bak.tgz /etc/postgresql/8.3 /var/lib/postgresql/8.3
1273
+tar -czvf 8.4.bak.tgz /etc/postgresql/8.4 /var/lib/postgresql/8.4
1274
+# Drop default 8.4 cluster
1275
+/etc/init.d/postgresql start
1276
+pg_dropcluster --stop 8.4 main
1277
+# Upgrade 8.3 to 8.4
1278
+pg_upgradecluster 8.3 main
1279
+pg_dropcluster --stop 8.3 main
1280
+
1281
+[[$[Get Code]]][100]
1282
+
1283
+
1284
+
1285
+## Upgrade to Wheezy
1286
+
1287
+**'2013-10-31**'
1288
+
1289
+
1290
+
1291
+### Preparation
1292
+
1293
+* install etckeeper and baseline
1294
+
1295
+apt-get install etckeeper
1296
+cd /etc
1297
+etckeeper init
1298
+# check the git staging area and remove unwanted stuff
1299
+git commit -a -m "etc: squeeze baseline"
1300
+git tag -a -m "squeeze"
1301
+
1302
+[[$[Get Code]]][101]
1303
+
1304
+
1305
+
1306
+* updated apt-sources
1307
+* Check estimated space and extend /var by 2GB
1308
+
1309
+apt-get -o APT::Get::Trivial-Only=true dist-upgrade
1310
+lvextend /dev/mapper/hastur-var -L +2G
1311
+resize2fs /dev/mapper/hastur-var
1312
+
1313
+[[$[Get Code]]][102]
1314
+
1315
+
1316
+
1317
+* keep polipo
1318
+* apt-get autoremove
1319
+
1320
+
1321
+
1322
+### Upgrade
1323
+
1324
+Minimal upgrade first
1325
+
1326
+* apt-get upgrade
1327
+
1328
+Lots of fixes dist-upgrades, apt-get -f installs, etc.
1329
+
1330
+Breakages from:
1331
+
1332
+* vlc and libav
1333
+ * apt-get removed vlc and continued, later reinstalled
1334
+
1335
+Removed old custom-built kernels.
1336
+
1337
+Removed custom install of rtorrent now that Wheezy has an up-to-date one.
1338
+
1339
+Fixed md127 mdadm device in /etc/mdadm/mdadm.conf
1340
+
1341
+ ARRAY /dev/md6 UUID=<array:uuid>
1342
+
1343
+
1344
+
1345
+
1346
+### Migrate to rsyslogd
1347
+
1348
+sudo apt-get install rsyslog
1349
+sudo apt-get purge inetutils-syslogd
1350
+
1351
+[[$[Get Code]]][103]
1352
+
1353
+
1354
+
1355
+### Fix Cacti
1356
+
1357
+Cacti node tree UI wasn't working at all. Missing js library jquery-cookie
1358
+
1359
+apt-get install libjs-jquery-cookie
1360
+
1361
+[[$[Get Code]]][104]
1362
+
1363
+
1364
+
1365
+### Remaining Issues
1366
+
1367
+* Mythbackend broken
1368
+* Cacti tree ui broken
1369
+
1370
+
1371
+
1372
+# Log
1373
+
1374
+#### 2011-07-09
1375
+
1376
+* Extended md6-media by 100G
1377
+
1378
+
1379
+
1380
+#### 2013-10-30
1381
+
1382
+* Completed upgrade to Squeeze
1383
+
1384
+
1385
+
1386
+#### 2013-10-31
1387
+
1388
+* Upgraded to Wheezy
1389
+
1390
+
1391
+
1392
+* * *
1393
+
1394
+1. vim:set syntax=pmwiki:
1395
+
1396
+ [1]: Hastur
1397
+ [62]: HasturSystemSoftware?action=sourceblock&num=1
1398
+ [68]: #fn1_1
1399
+ [69]: #fn1_2
1400
+ [70]: #fn1_3
1401
+ [71]: #fn1_4
1402
+ [72]: #fn1_5
1403
+ [73]: #fnr1_1
1404
+ [74]: #fnr1_2
1405
+ [75]: #fnr1_3
1406
+ [76]: #fnr1_4
1407
+ [77]: #fnr1_5
1408
+ [80]: #fn2_1
1409
+ [81]: #fn2_2
1410
+ [82]: #fnr2_1
1411
+ [83]: #fnr2_2
1412
+ [88]: HasturAtaFailures
1413
+ [89]: HasturRaidRecovery
1414
+ [90]: HasturRaidConfiguration
1415
+ [91]: HasturRaidUpgrade
1416
+ [92]: HasturRaidUpgrade2
1417
+ [93]: http://www.howtoforge.com/upgrade-debian-lenny-to-squeeze-in-a-few-simple-steps
1418
+ [94]: http://www.debian.org/releases/squeeze/amd64/release-notes/ch-upgrading.en.html
1419
+ [95]: HasturSystemSoftware?action=sourceblock&num=2
1420
+ [96]: HasturSystemSoftware?action=sourceblock&num=3
1421
+ [97]: HasturSystemSoftware?action=sourceblock&num=4
1422
+ [98]: HasturSystemSoftware?action=sourceblock&num=5
1423
+ [99]: HasturSystemSoftware?action=sourceblock&num=6
1424
+ [100]: HasturSystemSoftware?action=sourceblock&num=7
1425
+ [101]: HasturSystemSoftware?action=sourceblock&num=8
1426
+ [102]: HasturSystemSoftware?action=sourceblock&num=9
1427
+ [103]: HasturSystemSoftware?action=sourceblock&num=10
1428
+ [104]: HasturSystemSoftware?action=sourceblock&num=11
... ...
\ No newline at end of file
Network/HomeAutomation.md
... ...
@@ -0,0 +1,438 @@
1
+---
2
+title: HomeAutomation
3
+---
4
+
5
+# Requirements
6
+
7
+* Multi-zone Thermostatic control
8
+* Link house lights to motion sensors
9
+* One-click "cinema room" configuration for lounge
10
+* Geofencing and presence detection
11
+
12
+See also:
13
+
14
+* [Web][1] management
15
+
16
+
17
+
18
+[[_TOC_]]
19
+
20
+# Components
21
+
22
+| Component | Type | Make / Model | £ |
23
+|:----------------------------- | ---- | ------------------------------- | ------------------ |
24
+| Socket On/Off | LW | Siemens | 9 |
25
+| Socket On/Off | Z | TKB | 25[1][25] |
26
+| Socket Dimmer | LW | Siemens | 17 |
27
+| Socket Dimmer | Z | TKB | 26[2][26] |
28
+| Mood Switch | LW | Siemens | 27 |
29
+| Dimmer 1-gang 1-way | LW | Siemens [LW2x][27][?][27] | 25 |
30
+| Dimmer 1-gang 2-way | LW | JSJS [LW400][28][?][28] | 40 |
31
+| Dimmer 1+1-gang 1-way [3][29] | Z | TKB [TZ65][30][?][30]-D [4][31] | 40 |
32
+| Dimmer 2-gang 1-way | LW | Siemens [LW220][32][?][32] | 40 |
33
+| Dimmer 2-gang 2-way | LW | LW [LW420][33][?][33] | 65 |
34
+| Inline dimmer | Z | Fibaro[5][34] | [48][35] |
35
+| PIR | LW | Megaman | 28 |
36
+| TRV | FHT | Conrad [EQ3][36][?][36][6][37] | 25 |
37
+| TRV [LW900][38][?][38] | LW | [Technoline][39] | ? |
38
+| TRV | Z | [Stella][40] | [48][41] |
39
+| TRV | Z | Danfoss | [52][42] |
40
+| TRV iTemp i30 | Peg | Pegler i30 | [18.9][43] [7][44] |
41
+
42
+
43
+
44
45
+
46
+1 uk-automation.co.uk bulk buy 5 [⇑][45]
47
+
48
+2 uk-automation.co.uk bulk buy 5 [⇑][46]
49
+
50
+3 One wired dimmer plus one RF control [⇑][47]
51
+
52
+4 Requires 3-wire system [⇑][48]
53
+
54
+5 Bulk buy discount for 6+ [⇑][49]
55
+
56
+6 Can we even communicate with these? [⇑][50]
57
+
58
+7 buy 3 get 1 free [⇑][51]
59
+
60
+
61
+
62
+# Solution A - Z-Wave and [LightwaveRF][52][?][52]
63
+
64
+## Milestone 1 - Basic Functionality
65
+
66
+Interact with simple switches and sensors.
67
+
68
+Generic hub, Lightwave RF for non-essential control (lights), (duplex) Z-Wave for essential control (Heating)
69
+
70
+
71
+
72
+Hub
73
+: [Raspberry Pi Model B £40][53]
74
+
75
+Transceiver 1
76
+: [RFXtrx433 £77][54]
77
+
78
+Transceiver 2
79
+: [Aeon Labs Z-Stick £41][55]
80
+
81
+Control Software
82
+: [Domoticz][56]
83
+
84
+Light Controls
85
+: Lightwave RF
86
+
87
+Long Range
88
+: Lightwave RF signal booster
89
+
90
+
91
+
92
+## Milestone 2 - Heating
93
+
94
+Control heating. Allow end-users to operate it.
95
+
96
+
97
+
98
+[TRVs][57][?][57]
99
+: [StellaZ][58][?][58]
100
+
101
+Control Software
102
+: [OpenHAB][59]
103
+
104
+Boiler Control, 2 channel
105
+: [Secure 2-channel Boiler Receiver][60]
106
+
107
+Thermostat
108
+: [Horstmann Secure SCS-317, 7 Day programmable][61]
109
+
110
+Boiler Control, combi
111
+: [Secure SCS317 + Secure ASR303][62]
112
+
113
+
114
+
115
+## Milestone 3 - Reactive
116
+
117
+Geofencing, presence and proximity trigger events.
118
+
119
+
120
+
121
+* * *
122
+
123
+
124
+
125
+# Physical Layer
126
+
127
+* Powerline
128
+* RF
129
+
130
+
131
+
132
+# Link and Network Layer
133
+
134
+## Wired
135
+
136
+* X10
137
+ * Too old?
138
+* UPB
139
+* Insteon
140
+ * Successor to X10
141
+ * Requires neutral wires in switch wiring box to work
142
+* IP over Powerline?
143
+
144
+
145
+
146
+## Wireless
147
+
148
+* Wifi
149
+* Zigbee
150
+* Z-Wave
151
+ * 900MHz
152
+ * Mesh
153
+ * Two-way
154
+ * Plug adapters ~£28
155
+* [LightwaveRF][52][?][52]
156
+ * One-way fire-and-forget
157
+ * Low cost
158
+* [OpenEnergyMonitor][63][?][63] ([RFM12B][64][?][64])
159
+* [WattWave][65][?][65]
160
+
161
+* [Lightwave vs Z-Wave][66]
162
+
163
+
164
+
165
+# Hub Software
166
+
167
+* <http://www.openhab.org/>
168
+* <http://www.homeautomationhub.com/> - Linux Home Automation Bridge
169
+* <http://www.openremote.org/display/HOME/OpenRemote> - Open Source Automation Platform
170
+* <http://www.domoticz.com/>
171
+
172
+
173
+
174
+# Control
175
+
176
+* Lighting
177
+* Lighting dimmers
178
+* Thermostat
179
+* Cameras
180
+* Motion sensors
181
+
182
+
183
+
184
+# Presence
185
+
186
+* Establish using Bluetooth link quality
187
+* Bluetooth adapters linked via MQTT to hub
188
+* Triangulate to establish location
189
+
190
+
191
+
192
+# Components
193
+
194
+## Hubs
195
+
196
+* [Revolv Hub][67]
197
+* Raspberry Pi 2
198
+
199
+
200
+
201
+## Appliance Adapters
202
+
203
+### Z-Wave
204
+
205
+* [Everspring AN1573][68] - £30
206
+
207
+
208
+
209
+### Insteon
210
+
211
+
212
+
213
+## Networked dimmers
214
+
215
+* [NXP chip][69] with embedded [IPv6][70] mesh networking over powerline
216
+
217
+
218
+
219
+## Thermostatic Valves
220
+
221
+* [TRVs][57][?][57] (Thermostatic Radiator Valves)
222
+* [OpenTRV][71]
223
+
224
+
225
+
226
+### Z-Wave
227
+
228
+* [StellaZ £48][41]
229
+* [Danfoss £51][42]
230
+
231
+
232
+
233
+## Thermostatic Systems
234
+
235
+* [Comparison][72]
236
+
237
+Boilers with out a bypass system:
238
+
239
+* All [TRVs][57][?][57] closed
240
+* Temperature is below set-point
241
+* Boiler is pumping against no circulation and cannot dissipate heat.
242
+* So there is usually at least one non-TRV radiator
243
+
244
+
245
+
246
+### Horstmann
247
+
248
+Thermostat
249
+: [Horstmann / Secure SCS317][73]
250
+
251
+Boiler Control
252
+: [Horstmann ASR-ZW / Secure SSR303][74]
253
+
254
+Boiler Control, 2-channel
255
+: [Horstmann ASR-RF / Secure SSR302][75]
256
+
257
+
258
+
259
+* Alternative Horstmann supplier: <http://www.bes.co.uk/products/113.asp>
260
+* [Fix SSR302 configuration for direct control][76].
261
+
262
+
263
+
264
+### Nest
265
+
266
+* [Nest Thermostat][77] [£179 B&Q][78]
267
+* Can it integrate with other systems?
268
+ * [Insteon hub integration][79]
269
+* [Teardown][80]
270
+* [Multi-zone and UK TRVs][81]
271
+
272
+
273
+
274
+### Honeywell [EvoHome][82][?][82]
275
+
276
+* Radiator valve sensor/controllers use RF 868MHz FSK
277
+* Possible interference with LTE
278
+* [OpenTRV][83]
279
+* Expensive
280
+ * £208 starter kit (one controller)
281
+ * £ 56 per TRV
282
+ * plus installation
283
+* [Blog by an EvoHome Installer][84]
284
+
285
+
286
+
287
+### Danfoss Link
288
+
289
+(With Living Connect [TRVs][57][?][57]) [Forum post about it][85]
290
+
291
+
292
+
293
+### Insteon Hub
294
+
295
+* Powerline
296
+* Single zone
297
+
298
+
299
+
300
+### Conrad
301
+
302
+* [Cheaper Radio TRVs][86]
303
+* Manufactured by ELV
304
+* [Proprietary protocol][87] [reverse engineered][88]
305
+
306
+
307
+
308
+## Cameras
309
+
310
+### Foscam
311
+
312
+## Lighting
313
+
314
+### Dimmer Wall Switches
315
+
316
+<http://www.automatedhome.co.uk/vbulletin/showthread.php?3376-Uk-style-momentary-wall-switches>!
317
+
318
+Dimmer modules like Fibaro need push-button style switches also called:
319
+
320
+* Retractive
321
+* Momentary
322
+* Impulse
323
+* Push-button
324
+* Bell-push
325
+* Accessory dimmer
326
+* Slave dimmer
327
+* Roller-blind switch
328
+
329
+Ideally we need "3-position retractive switches".
330
+
331
+
332
+
333
+| Site | Layout | Link |
334
+|:-------------- | ------ | ------------ |
335
+| TLC Direct | 1xpb | [£5.28][89] |
336
+| TLC Direct | 2xpb | [£6.72][90] |
337
+| CLE Electrical | 1x3p | [£1.96+][91] |
338
+
339
+Also:
340
+
341
+* [Cyberselect][92]
342
+
343
+
344
+
345
+### Scolmore Minigrid
346
+
347
+[Scolmore Minigrid][93]
348
+
349
+
350
+
351
+| [CMA401][94][?][94] Frontplate | 1g |   |
352
+||
353
+| [MD075PW][95][?][95] | 3p |   |
354
+| [CMA401][94][?][94]+[MD075PW][95][?][95] | 1g 3p | [£7.20][96] |
355
+
356
+
357
+
358
+## Fuel Monitor
359
+
360
+* <http://www.instructables.com/id/Sump-pump-water-level-The-hardware/>
361
+* <http://alaskanshade.blogspot.co.uk/2013/12/home-heating-hacking-part-1-or-how-to.html>
362
+* <http://hackaday.com/2013/12/04/using-ultrasonic-sensors-to-measure-and-log-oil-tank-levels/>
363
+
364
+
365
+
366
+# Links
367
+
368
+* <http://electronicdesign.com/communications/what-s-difference-between-zigbee-and-z-wave>
369
+* <http://zwave-products.co.uk/>
370
+* <http://www.raspberrypi.org/phpBB3/viewtopic.php?t=16603&p=225970>
371
+* <http://lightwaverfcommunity.org.uk/>
372
+* <http://openenergymonitor.org/emon/>
373
+* <http://www.enmodus.com/> ([WattWave][65][?][65])
374
+* <http://www.devolo.com/en/> (Powerline)
375
+* [2009 Linux.com article][97]
376
+* [Roundup of Home Automation technologies][98]
377
+* [Dream Green House][99]
378
+
379
+ [1]: Web
380
+ [25]: #fn1_1
381
+ [26]: #fn1_2
382
+ [29]: #fn1_3
383
+ [31]: #fn1_4
384
+ [34]: #fn1_5
385
+ [35]: http://www.vesternet.com/z-wave-fibaro-universal-dimmer
386
+ [37]: #fn1_6
387
+ [39]: http://www.technoline.eu/details.php?id=1573&kat=120
388
+ [40]: /Tech/StellaZ
389
+ [41]: http://www.uk-automation.co.uk/products/Z-Wave-Radiator-Thermostatic-Valve-Stella-Z-by-Eurotronic.html
390
+ [42]: http://www.uk-automation.co.uk/products/Z-Wave-Radiator-Thermostat-for-RA-valves-for-M30-x-1.5-by-Danfoss-.html
391
+ [43]: http://www.gasproducts.co.uk/acatalog/Terrier_i-temp_i30_.html#a635001
392
+ [44]: #fn1_7
393
+ [45]: #fnr1_1
394
+ [46]: #fnr1_2
395
+ [47]: #fnr1_3
396
+ [48]: #fnr1_4
397
+ [49]: #fnr1_5
398
+ [50]: #fnr1_6
399
+ [51]: #fnr1_7
400
+ [53]: http://www.amazon.co.uk/gp/product/B00ALW7WWQ/ref=ox_sc_act_title_1?ie=UTF8&psc=1&smid=A07590992ZJ1D7QSMML32
401
+ [54]: http://www.uk-automation.co.uk/products/RFXCOM-RFXtrx433.html
402
+ [55]: http://www.vesternet.com/z-wave-aeon-labs-series-2-usb-controller?___SID=U
403
+ [56]: http://www.domoticz.com/
404
+ [59]: http://www.openhab.org/
405
+ [60]: http://www.vesternet.com/z-wave-horstmann-z-wave-controlled-boiler-receiver-two-channels?gclid=CJvIuZDXyMMCFczMtAodLysAeg#fo_c=521&fo_k=8c19f837895f270529d9d99d2b5d8aa2&fo_s=gplauk
406
+ [61]: https://www.bes.co.uk/products/113.asp#21400
407
+ [62]: https://www.bes.co.uk/products/113.asp#21401
408
+ [66]: http://www.vesternet.com/resources/technology-comparison/lightwaverf-or-z-wave
409
+ [67]: http://www.slashgear.com/revolv-hub-review-12304934/
410
+ [68]: http://zwave-products.co.uk/shop/article_201/Everspring-AN1573-RF-_-Z-Wave-Plug-in-UK-On-_-Off-Module.html?shop_param=cid%3D69%26aid%3D201%26
411
+ [69]: http://www.nxp.com/products/lighting_driver_and_controller_ics/
412
+ [70]: IPv6
413
+ [71]: http://opentrv.org.uk/
414
+ [72]: http://recombu.com/digital/news/smart-energy-showdown-nest-vs-hive-vs-insteon-vs-honeywell-evohome_M12711.html
415
+ [73]: http://www.vesternet.com/z-wave-secure-7-day-programmable-room-thermostat
416
+ [74]: http://www.vesternet.com/z-wave-horstmann-z-wave-controlled-boiler-receiver-hrt
417
+ [75]: http://www.vesternet.com/z-wave-horstmann-z-wave-controlled-boiler-receiver-two-channels
418
+ [76]: https://forums.homeseer.com/showthread.php?t=157314
419
+ [77]: https://nest.com/uk/thermostat/life-with-nest-thermostat/
420
+ [78]: http://www.diy.com/nav/fix/plumbing-central-heating/Nest-Thermostat-13278564?icamp=Nest_1
421
+ [79]: http://www.slashgear.com/nest-thermostat-gets-insteon-smart-home-integration-12320277/
422
+ [80]: https://learn.sparkfun.com/tutorials/nest-thermostat-teardown-/cracking-it-open
423
+ [81]: https://community.nest.com/thread/3339
424
+ [83]: http://sourceforge.net/p/opentrv/wiki/Honeywell%20Evohome%20System/
425
+ [84]: http://hwch.myzen.co.uk/blog/category/honeywell-evohome/
426
+ [85]: http://lightwaverfcommunity.org.uk/forums/topic/febuary-2013-and-still-no-heating-controls/page/2/
427
+ [86]: http://www.conrad.nl/ce/nl/overview/0812043/eQ-3-Max-thermostaatproducten-met-App
428
+ [87]: http://sourceforge.net/p/opentrv/wiki/FHT%20Protocol/
429
+ [88]: http://www.mike-stirling.com/2012/10/hacking-wireless-radiator-valves-with-gnuradio/
430
+ [89]: https://www.tlc-direct.co.uk/Products/VLXCP1.html
431
+ [90]: https://www.tlc-direct.co.uk/Products/VLXPP2.html
432
+ [91]: http://www.cle-electrical.co.uk/p/2423/3-position-retractive-switch-modules
433
+ [92]: https://www.cyberselect.co.uk/search-results?search_api_views_fulltext=momentary
434
+ [93]: http://www.scolmore.com/_pdfs/minigrid.pdf
435
+ [96]: http://www.ebay.co.uk/itm/CLICK-SCOLMORE-10A-3-POSITION-WAY-RETRACTIVE-SWITCH-ON-OFF-ON-MODE-OR-POLAR-/301188716342?var=&hash=item46203f1736:m:miDx3GtWqK-SKzZfoDz9PFg
436
+ [97]: http://www.linux.com/news/hardware/peripherals/135780-home-automation-with-linux
437
+ [98]: http://www.automatedhome.co.uk/home-automation-technology-choices
438
+ [99]: http://www.dreamgreenhouse.com/plans/hcs/index.php
... ...
\ No newline at end of file
Network/IPv6.md
... ...
@@ -0,0 +1,53 @@
1
+---
2
+title: IPv6
3
+---
4
+
5
+# Status
6
+
7
+| Service Impl | [IPv6][1] | Notes |
8
+|:-------------------- | ------------ | ---------- |
9
+| [Routing][2] | [Active][3] | Native |
10
+| [Name resolution][4] |   | ISP native |
11
+| [DNS][4] |   | ISP native |
12
+| [Mail][5] |   | external |
13
+| [Network Storage][6] | [Enabled][7] |   |
14
+| [Logging][8] |   |   |
15
+
16
+
17
+
18
+# LAN
19
+
20
+* radvd on LAN router
21
+
22
+
23
+
24
+# WAN
25
+
26
+## [PPPoE][9][?][9]
27
+
28
+* Enabled on Entanet
29
+* 2011-11-08: Enabled on AAISP, allocated /48
30
+* AAISP ipv6 [DNSes][10][?][10] 2001:8b0:6464::1 and 2001:8b0:6464::2
31
+
32
+
33
+
34
+## Tunnelled
35
+
36
+* he.net active
37
+* 2009-12-11: Allocated /48
38
+
39
+
40
+
41
+# Mobile
42
+
43
+* [OpenWRT][11][?][11] needs custom kernel
44
+* But 2.6 kernel wireless is unstable?
45
+
46
+ [1]: IPv6
47
+ [2]: Network
48
+ [3]: WRT54GL
49
+ [4]: DNS
50
+ [5]: Mail
51
+ [6]: StorageServer
52
+ [7]: Hastur
53
+ [8]: SNMP
Network/IndoorPositioning.md
... ...
@@ -0,0 +1,25 @@
1
+---
2
+title: IndoorPositioning
3
+---
4
+
5
+# Ideas
6
+
7
+* Run redpin for training svm
8
+* Feed in hcitool rssi data?
9
+* Publish predictions via mqtt?
10
+
11
+
12
+
13
+# Systems
14
+
15
+* <http://redpin.org/>
16
+* Uses Support Vector Machine backend
17
+
18
+
19
+
20
+# Beacons
21
+
22
+Roundup
23
+: <http://www.aislelabs.com/reports/beacon-guide/>
24
+
25
+<http://blog.shinetech.com/2014/02/17/the-beacon-experiments-low-energy-bluetooth-devices-in-action/>
... ...
\ No newline at end of file
Network/LDAP.md
... ...
@@ -0,0 +1,23 @@
1
+---
2
+title: LDAP
3
+---
4
+
5
+Lightweight Directory Access Protocol
6
+
7
+
8
+
9
+## Requirements
10
+
11
+* Store Authentication details for secure services
12
+ * Postfix submission, Dovecot imaps, https
13
+* Local Addressbook
14
+ * Addressbook per user?
15
+* Store DNS data
16
+
17
+
18
+
19
+## Notes
20
+
21
+* Should be built with bdb backend rather than ldbm
22
+
23
+ldbm has consistency and performance issues see point 4 in this thread: <http://lists.debian.org/debian-devel/2005/03/msg01787.html>
... ...
\ No newline at end of file
Network/LetsEncrypt.md
... ...
@@ -0,0 +1,17 @@
1
+---
2
+title: LetsEncrypt
3
+---
4
+
5
+On Yuggoth:
6
+
7
+# cert updates managed by a cron job
8
+# now update mosquitto
9
+cd /etc/letsencrypt
10
+sudo make update restart
11
+
12
+[[$[Get Code]]][1]
13
+
14
+On Pixie: [Pixie][2]
15
+
16
+ [1]: LetsEncrypt?action=sourceblock&num=1
17
+ [2]: Pixie
... ...
\ No newline at end of file
Network/LogServer.md
... ...
@@ -0,0 +1,17 @@
1
+---
2
+title: LogServer
3
+---
4
+
5
+# Requirements
6
+
7
+* Remote logging
8
+* [SNMP][1] logging
9
+
10
+
11
+
12
+# Implementation
13
+
14
+* [Hastur][2]
15
+
16
+ [1]: SNMP
17
+ [2]: Hastur
... ...
\ No newline at end of file
Network/Mail.md
... ...
@@ -0,0 +1,187 @@
1
+---
2
+title: Mail
3
+---
4
+
5
+# Mail service configuration
6
+
7
+## Components
8
+
9
+* MTA
10
+* POP/IMAP server (MDA?)
11
+
12
+
13
+
14
+## Requirements
15
+
16
+* Send and receive mail for domain
17
+* Secure remote mail retrieval
18
+* Secure remote mail send via MTA
19
+* Security before performance
20
+
21
+
22
+
23
+### Send and Receive
24
+
25
+Supported by all [MTAs][1][?][1]
26
+
27
+
28
+
29
+### Secure Remote Retrieval
30
+
31
+* IMAP or POP with TLS
32
+* See [Security][2] for authentication
33
+
34
+
35
+
36
+### Secure Remote Submission
37
+
38
+
39
+
40
+<http://en.wikipedia.org/wiki/SMTP-AUTH>
41
+
42
+
43
+
44
+## Available Mail Transfer Agents
45
+
46
+### Sendmail
47
+
48
+Ruled out because of complexity, lack of security
49
+
50
+
51
+
52
+### Postfix
53
+
54
+### Qmail
55
+
56
+DJB
57
+
58
+* <http://cr.yp.to/qmail.html>
59
+* <http://www.lifewithqmail.org/lwq.html>
60
+
61
+
62
+
63
+### Exim
64
+
65
+### Resources
66
+
67
+* <http://www.journalfen.net/userpic/40602/337>
68
+
69
+From 2001. Postfix beats qmail in performance.
70
+
71
+Softupdates benefit performance at risk of mail loss on crash
72
+
73
+* <http://www.journalfen.net/userpic/40602/337>
74
+
75
+TLS & DNS security issues
76
+
77
+* [http://www.tummy.com/journals/entries/jafo\_20050120\_010505][3]
78
+
79
+Postfix can't run filters on message body?
80
+
81
+
82
+
83
+## Mail Retrieval
84
+
85
+### POP & IMAP
86
+
87
+* Dovecot (<http://www.dovecot.org/>)
88
+* uw-imap
89
+
90
+### IMAP only
91
+
92
+* cyrus-imap
93
+* courier
94
+* bincimap
95
+
96
+Two main contenders are Courier and Dovecot.
97
+Originally installed Dovecot, but it supports neither quotas nor STARTTLS.
98
+Will stay with it for the moment. Courier-imap needs perl. Don't really want to bbloat the jail.
99
+
100
+### POP only
101
+
102
+* qmail-pop3
103
+* tPOP3
104
+* teapop
105
+* popa
106
+* vmpop
107
+* qpopper
108
+
109
+
110
+
111
+## Configuration
112
+
113
+*
114
+
115
+
116
+
117
+## Filtering
118
+
119
+See <http://acme.com/mail_filtering/>
120
+
121
+* [SpamAssassin][4][?][4] (<http://spamassassin.apache.org/>)
122
+
123
+circumvented by spammers according to acme
124
+
125
+* Bogofilter (<http://bogofilter.sourceforge.net/>)
126
+
127
+conservative
128
+
129
+* BMF (<http://sourceforge.net/projects/bmf/>)
130
+
131
+aggressive
132
+
133
+* QSF (<http://www.ivarch.com/programs/qsf/>)
134
+
135
+aggressive
136
+
137
+
138
+
139
+# Q&A
140
+
141
+## Local disk encryption?
142
+
143
+Encrypt mail spools? Protect against seizure? Does that matter?
144
+
145
+
146
+
147
+* * *
148
+
149
+
150
+
151
+# Log
152
+
153
+## **2006-04-14**
154
+
155
+Ok. First task. Decide on an MTA and remote retrieval daemon.
156
+Ruled out Sendmail. Insecure, complex.
157
+Would like to have the ability to reject at SMTP time
158
+
159
+
160
+
161
+### IMAP or POP?
162
+
163
+IMAP requires a decent quota on the mail server as well as backups. Single location for mail. Single point of failure. Definitely preferable to POP
164
+
165
+
166
+
167
+### Filtering
168
+
169
+[SpamAssassin][4][?][4] is widely used but apparently a target of spammers.
170
+Bogofilter is less widely used.
171
+Bogofilter it is then (at least initially).
172
+
173
+
174
+
175
+## **2006-04-16**
176
+
177
+Decided on Postfix. Actively maintained (unlike qmail+patches). Full-featured.
178
+
179
+
180
+
181
+## **2006-04-19**
182
+
183
+<http://wanderingbarque.com/howtos/mailserver/mailserver.html>
184
+<http://jamm.sourceforge.net/howto/single-html/mailserver.html>
185
+
186
+ [2]: Security
187
+ [3]: http://www.tummy.com/journals/entries/jafo_20050120_010505
Network/MediaTranscoder.md
... ...
@@ -0,0 +1,10 @@
1
+---
2
+title: MediaTranscoder
3
+---
4
+
5
+## Options
6
+
7
+* [PS3][1][?][1], encoders optimized for cell?
8
+* FPGA coprocessor?
9
+* Off-the-shelf hardware encoder, [FireWire][2][?][2]
10
+
Network/MobileRouter.md
... ...
@@ -0,0 +1,249 @@
1
+---
2
+title: MobileRouter
3
+---
4
+
5
+A high bandwidth broadband solution for rural areas.
6
+
7
+
8
+
9
+# Requirements
10
+
11
+* 3G/4G mobile broadband routing
12
+* Redundant / bonded modems
13
+* Bandwith >=10Mbit
14
+
15
+
16
+
17
+# Actions
18
+
19
+* Dual LTE capable USB dongles supported by Rooter
20
+* Router platform with USB
21
+* Powered USB hub
22
+
23
+
24
+
25
+# Links
26
+
27
+* <http://www.3grouterstore.co.uk/>
28
+
29
+
30
+
31
+# Options
32
+
33
+## Wifi Router with multiple USB slots
34
+
35
+* 2x USB dongles
36
+* Easy to upgrade the dongles
37
+* Multiple modem software support?
38
+
39
+
40
+
41
+# Software Support
42
+
43
+* [OpenWRT][1][?][1]
44
+* [OpenWRT multiwan][2]
45
+
46
+
47
+
48
+## Issues
49
+
50
+* Beware of burst current limit for USB devices
51
+ * Solve with powered USB hub
52
+* [WiFi][3][?][3] 3G 4G interference
53
+ * Solve with (high quality) USB extension cable or external aerials
54
+* PPP limited to 25Mbps?
55
+ * Solve with Rooter project firmware
56
+
57
+
58
+
59
+## Rooter Project
60
+
61
+Solves the PPP limit problem
62
+
63
+
64
+
65
+* <http://whirlpool.net.au/wiki/router_openwrt>
66
+* <http://ofmodemsandmen.com/supported.html>
67
+
68
+
69
+
70
+# Router Platforms
71
+
72
+| Device | Radio | Cost | Notes |
73
+|:--------------------- | ---------------------- | ---- | ----------------------------------- |
74
+| [TP-Link WDR4900][4] | 450@2.4GHz, 450@5GHz |   | Immature [OpenWRT][1][?][1] support |
75
+| [TP-Link WDR4300][5] | 300 @2.4GHz, 450@5GHz | £60 | 2xUSB |
76
+| [TP-Link WDR3600][6] | 300 @2.4GHz, 300 @5GHz | £49 | 2xUSB |
77
+| [TP-Link WR1043ND][7] | 300 @2.4GHz | £36 | 1xUSB |
78
+| [TP-Link WR841N][8] | 300 @2.4GHz | £19 | No USB, problems with v9 |
79
+
80
+
81
+
82
+# Modems
83
+
84
+## Alcatel L800
85
+
86
+Description
87
+: 4G USB dongle
88
+
89
+Cost
90
+: [very £49][9]
91
+
92
+Protocols
93
+: HSPA+, LTE
94
+
95
+Notes
96
+: Used by EE
97
+
98
+
99
+
100
+## ZTE [MF730M][10][?][10]
101
+
102
+Description
103
+: 3G USB dongle
104
+
105
+Cost
106
+: [amazon £42][11]
107
+
108
+Protocols
109
+: DC-HSDPA 42Mbps
110
+
111
+Notes
112
+: Used by Three UK
113
+
114
+
115
+
116
+## ZTE [MF823][12][?][12]
117
+
118
+Description
119
+: 4G USB dongle
120
+
121
+Cost
122
+: ~£65 unlocked
123
+
124
+Protocols
125
+: DC-HSPA+ 42Mbps, LTE FDD 100Mbps
126
+
127
+Notes
128
+: Used by Three UK
129
+
130
+Link
131
+: [ZTE MF823][13]
132
+
133
+
134
+
135
+## Huawei E3256
136
+
137
+Description
138
+: 3G USB dongle
139
+
140
+Cost
141
+: [amazon £42][11]
142
+
143
+Protocols
144
+: DC-HSPA+ 42Mbps
145
+
146
+Notes
147
+: Used by Three UK
148
+
149
+
150
+
151
+## Huawei E5786
152
+
153
+Description
154
+: Mobile [WiFi][3][?][3] bridge
155
+
156
+Protocols
157
+: FDD LTE CA(DL) 300 Mbps,
158
+ TDD LTE CA(DL) 224 Mbps,
159
+ High-speed LTE FDD (DL) 150 Mbps,
160
+ High-speed DC-HSPA+ (DL) 43.2 Mbps,
161
+ High-speed HSPA+ (DL) 21.6 Mbps,
162
+ High-speed HSPA (HSUPA/HSDPA)/UMTS (DL) 14.4 Mbps
163
+
164
+Link
165
+: [specs][14]
166
+
167
+
168
+
169
+# UK Service Providers
170
+
171
+## Mobile
172
+
173
+* [three][15]
174
+* ee
175
+* vodafone
176
+* o2
177
+
178
+
179
+
180
+### Current Offers 2016
181
+
182
+| Provider | Network | Terms | Allowance | GBP/GB[1][16] | Notes |
183
+|:-------- | ------- | ------ | --------- | ------------- | -------------------------------- |
184
+| EE | LTE | 1mnth | 32GB | 0.875 | SIM-only, current, personal-only |
185
+| Three | LTE | 1mnths | 20GB | 1.15 | Direct-debit only. |
186
+
187
+
188
+
189
+### Offers 2014
190
+
191
+| Provider | Network | Terms | Allowance | GBP/GB[2][17] | Notes |
192
+|:--------------------- | -------- | ------- | --------- | ------------- | --------------------------------------------- |
193
+| [MobiData][18][?][18] | DC-HSDPA | 3mnth | 10GB | 1.96 | Sim only, NOT 20GB! |
194
+| EE | LTE | 24mnths | 20GB | 1.80 | 60Mbps? Huawei E5776 |
195
+| Three | LTE | 24mnths | 15GB | 1.68 | Setup £50 |
196
+| Three | LTE | 24mnths | 15GB | 1.42 | Setup £35 |
197
+| Three | 3G | 24mnths | 15GB | 1.40 | Included Mi-Fi. Limited offer £25 M&S voucher |
198
+| Three | DC-HSDPA | 24mnths | 15GB | 1.33 | Dongle. ZTE [MF730M][10][?][10] |
199
+| EE | LTE | 1mnth | 15GB | 1.33 | EE Buzzard |
200
+| EE | LTE | 1mnth | 25GB | 1.20 | EE Buzzard |
201
+| Three | LTE | 1mnths | 15GB | 1.06[3][19] |   |
202
+| EE | LTE | 24mnth | 50GB | 1.00 | EE Buzzard |
203
+
204
+1 Total cost / total allowance [⇑][20]
205
+
206
+2 Total cost / total allowance [⇑][21]
207
+
208
+3 Anti-cancellation offer [⇑][22]
209
+
210
+
211
+
212
+## Wireless [ISPs][23][?][23]
213
+
214
+[http://www.ispreview.co.uk/isp\_list/ISP\_List_Wireless.php][24]
215
+
216
+
217
+
218
+* <http://cambswireless.com>
219
+ * <http://redrawinternet.com/rural/>
220
+* <http://www.airbroadband.co.uk/what-areas-do-we-cover/>
221
+
222
+
223
+
224
+# Purchased
225
+
226
+**2014-05-02**: TP-Link [WDR3600][25] for [£49 from Amazon][26].
227
+
228
+**2014-05-21**: Purchased 2nd TP-Link [WDR3600][25]
229
+
230
+ [2]: http://wiki.openwrt.org/doc/uci/multiwan
231
+ [4]: http://wiki.openwrt.org/toh/tp-link/tl-wdr4900
232
+ [5]: http://wiki.openwrt.org/toh/tp-link/tl-wdr4300
233
+ [6]: http://wiki.openwrt.org/toh/tp-link/tl-wdr3600
234
+ [7]: http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd
235
+ [8]: http://wiki.openwrt.org/toh/tp-link/tl-wr841n
236
+ [9]: http://www.very.co.uk/ee-alcatel-l800-4g-payg-dongle-2gb-pre-loaded/1288642182.prd
237
+ [11]: http://www.amazon.co.uk/Huawei-E3256-Unlocked-42-2MBPS-Brodband/dp/B009SSMMUG
238
+ [13]: /Tech/ZTEMF823
239
+ [14]: http://consumer.huawei.com/en/mobile-broadband/mobile-wifi/tech-specs/e5786s-32a-en.htm
240
+ [15]: http://www.three.co.uk/Discover/Built_for_internetting?site=d
241
+ [16]: #fn1_1
242
+ [17]: #fn1_2
243
+ [19]: #fn1_3
244
+ [20]: #fnr1_1
245
+ [21]: #fnr1_2
246
+ [22]: #fnr1_3
247
+ [24]: http://www.ispreview.co.uk/isp_list/ISP_List_Wireless.php
248
+ [25]: WDR3600
249
+ [26]: http://www.amazon.co.uk/TP-Link-TL-WDR3600-Wireless-Gigabit-300Mbps/dp/B008QBAXI4/ref=sr_1_1?s=computers&ie=UTF8&qid=1399028547&sr=1-1&keywords=WDR-3600
... ...
\ No newline at end of file
Network/Monitoring.md
... ...
@@ -0,0 +1,31 @@
1
+---
2
+title: Monitoring
3
+---
4
+
5
+# Current Monitoring Stack
6
+
7
+* RRD
8
+* cacti
9
+* snmp
10
+
11
+
12
+
13
+# New Monitoring Stack
14
+
15
+## Requirements
16
+
17
+* [AutomationHub][1] integration
18
+* SNMP support
19
+* Import Cacti data
20
+
21
+
22
+
23
+## Components
24
+
25
+* [InfluxDB][2][?][2]
26
+* Telegraf
27
+* Grafana
28
+
29
+<https://www.dev-eth0.de/blog/2016/12/06/grafana_snmp.html>
30
+
31
+ [1]: AutomationHub
Network/Network.md
... ...
@@ -0,0 +1,251 @@
1
+---
2
+title: Network
3
+---
4
+
5
+A project to construct a reliable, low-cost, secure, [IPv6][1] gigabit intranet. At home.
6
+
7
+
8
+
9
+# Servers
10
+
11
+## By Name
12
+
13
+* [Azathoth][2] - [Phase I][3][?][3] general purpose gateway
14
+* [Byatis][4][?][4]
15
+* [Niggurath][5] - general purpose app server
16
+* [Hastur][6] - media processor and storage
17
+* [Cyclops][7] - new media server
18
+* [Yuggoth][8] - publicly accessible services
19
+* [Pixie][9] - home automation controller
20
+
21
+
22
+
23
+## By Service
24
+
25
+* [Perimeter Router][10]
26
+* [Log Server][11]
27
+* [Storage Server][12]
28
+* [DNS1][13][?][13]
29
+* [DNS2][14][?][14]
30
+* [VoIP Gateway][15][?][15]
31
+* [Mobile Router][16]
32
+* [Automation Hub][17] - for [Home Automation][18]
33
+* [Authentication][19]
34
+* [Monitoring][20]
35
+* [Power][21] distribution
36
+
37
+
38
+
39
+# Network Hardware
40
+
41
+* Thomson [Speedtouch 516v6][22] [ADSL Modem][23]
42
+* Cisco [WAP4410N][24] - 802.11n wireless access point
43
+* TP-Link [WDR3600][25] x2 - wireless N600 routers (4-port gigabit switch)
44
+* [Ricoh 213W][26] mono laser printer
45
+* Eaton [Eclipse Eco 1200][27] - UPS
46
+* Zyxel [PLA5205][28] - powerline adapters
47
+* [CliMate CM-2][29] - climate monitor
48
+
49
+
50
+
51
+## Switches
52
+
53
+* Extreme Networks [Summit X450e-24p][30] Gigabit [PoE][31][?][31] switch
54
+* Dell [PowerConnect 2716][32] - 16-port gigabit rackmount switch
55
+* Zyxel [GS108][33] - 8-port gigabit "media" switch
56
+* Netgear [FS105][34][?][34] - 5-port 100Mbit desktop switch
57
+* On-Networks [DSG005][35][?][35] - 5-port gigabit desktop switch
58
+
59
+
60
+
61
+## Access Points
62
+
63
+* Ubiquiti [Unifi AP][36] x3
64
+
65
+
66
+
67
+## Other Network Hardware
68
+
69
+* Linksys [WRT54GL][37] - 802.11g wireless router
70
+* D-Link [DGS-1008D][38] - 8-port gigabit desktop switch
71
+* Netgear [DG834GT][39] - Sky router
72
+
73
+
74
+
75
+# Services
76
+
77
+* [Routing][40][?][40]
78
+* [Name resolution][41]
79
+* [Mail][42]
80
+* [Web][43]
81
+* [Logging][44]
82
+* [VoIP][45][?][45]
83
+* [LDAP][46]
84
+* [Network Storage][12]
85
+* [Video Surveillance][47]
86
+* [Home Automation][18]
87
+* [VPN][48] and [Geolocation Tunneling][49]
88
+* [Indoor Positioning][50]
89
+
90
+
91
+
92
+# Features
93
+
94
+* [Security][51]
95
+* [Gigabit][52][?][52] ethernet
96
+* [Bandwidth Management][53]
97
+* [IPv6][1]
98
+* [Public Wireless][54][?][54]
99
+* [Wan Bonding][55]
100
+
101
+
102
+
103
+# Clients
104
+
105
+* [Omenbook][56][?][56] laptop
106
+* [Nixie][57] netbook
107
+* [Archix][58] laptop
108
+* [Shochu][59] laptop
109
+* Mobile clients
110
+
111
+
112
+
113
+# Troubleshooting
114
+
115
+* [Proto41Filtering][60]
116
+* [PPTP][61]
117
+* [Reboot][62] - power failures, etc
118
+
119
+
120
+
121
+# Upgrades
122
+
123
+* [Upgrade 2016][63]
124
+
125
+
126
+
127
+* * *
128
+
129
+
130
+
131
+# Planned Features
132
+
133
+* [Perimeter Subnet][64][?][64], [Private Subnet][65][?][65] and [Wireless Subnet][66][?][66]
134
+* [Public Wireless][54][?][54]
135
+* [IPv6][1] tunnelled to public internet via [IPv6][1]-over-[IPv4][67][?][67] tunnel
136
+* [Gigabit][52][?][52] ethernet
137
+* Public and local [DNS][41]
138
+* [Web][43], [Mail][42], [VPN][48] servers
139
+* Remote logging / [SNMP][44]
140
+* [OpenBSD][68][?][68] [Perimeter/Wireless Router][10] on embedded hardware
141
+* [Private Router][69][?][69] with Gigabit throughput
142
+* Network [Storage Server][12]
143
+* [SAN][70]
144
+* [Media transcoding][71] system
145
+* Thin-client [Home-Theatre PC][72] using [MythTV][73][?][73]
146
+
147
+
148
+
149
+# Implementation
150
+
151
+Network is implemented in three phases:
152
+
153
+
154
+
155
+## Phase I - Single subnet
156
+
157
+In this phase a single privately addressed ([NATted][74][?][74]) subnet is created.
158
+
159
+* Single general purpose [gateway][69][?][69] ([Azathoth][2])
160
+* Public systems are accessible via DNAT on the [gateway][2].
161
+* One [DNS][41] server provides local cacheing and authoritative for public systems.
162
+* Private [DNS][41] info is kept in /etc/hosts on each system.
163
+* Single [Mail][42] server for secure submission and retrieval
164
+* [Azathoth][2] is replaced with embedded/SBC system
165
+* Public domain name registered
166
+ * Update /etc files, mail config, LDAP database, certificates
167
+
168
+
169
+
170
+## Phase II - Perimeter and Private subnets
171
+
172
+In this phase the subnet is split in to perimeter (non-NAT) and private (NAT) and [IPv6][1] migration begins.
173
+
174
+* Second switch is added and Azathoth assumes the role of private router.
175
+* Attempt Gigabit routing throughput on [Azathoth][2].
176
+* Private net migrates to pure [IPv6][1], router provides [IPv6][1]-to-[IPv4][67][?][67]
177
+* Second [DNS][41] is added and provides cacheing and DNS for all systems
178
+* Perimeter router provides [Bandwith Management][75][?][75]
179
+* VPN gateway provides two-factor authenticated access to private network.
180
+
181
+
182
+
183
+## Phase III - Perimeter, Private, Wireless
184
+
185
+A wireless [IPv6][1] network is created on the internet side of the perimeter firewall
186
+
187
+* Wireless adapter is added to perimeter router
188
+* Pure [IPv6][1] wireless network is created with router running radvd on wireless interface
189
+* Aside from radvd, no systems exist on the wireless network
190
+
191
+
192
+
193
+* * *
194
+
195
+
196
+
197
+# Notes
198
+
199
+ [1]: IPv6
200
+ [2]: Azathoth
201
+ [5]: Niggurath
202
+ [6]: Hastur
203
+ [7]: Cyclops
204
+ [8]: Yuggoth
205
+ [9]: Pixie
206
+ [10]: PerimeterRouter
207
+ [11]: LogServer
208
+ [12]: StorageServer
209
+ [16]: MobileRouter
210
+ [17]: AutomationHub
211
+ [18]: HomeAutomation
212
+ [19]: Authentication
213
+ [20]: Monitoring
214
+ [21]: Power
215
+ [22]: Speedtouch516
216
+ [23]: ADSLModem
217
+ [24]: WAP4410N
218
+ [25]: WDR3600
219
+ [26]: Ricoh213W
220
+ [27]: EclipseEco1200
221
+ [28]: PLA5205
222
+ [29]: CliMateCM-2
223
+ [30]: SummitX450e
224
+ [32]: PowerConnect2716
225
+ [33]: GS108
226
+ [36]: UnifiAP
227
+ [37]: WRT54GL
228
+ [38]: DGS-1008D
229
+ [39]: DG834GT
230
+ [41]: DNS
231
+ [42]: Mail
232
+ [43]: Web
233
+ [44]: SNMP
234
+ [46]: LDAP
235
+ [47]: VideoSurveillance
236
+ [48]: VPN
237
+ [49]: GeolocationTunneling
238
+ [50]: IndoorPositioning
239
+ [51]: Security
240
+ [53]: BandwidthManagement
241
+ [55]: WanBonding
242
+ [57]: Nixie
243
+ [58]: Archix
244
+ [59]: Shochu
245
+ [60]: Proto41Filtering
246
+ [61]: PPTP
247
+ [62]: Reboot
248
+ [63]: Upgrade2016
249
+ [70]: SAN
250
+ [71]: MediaTranscoder
251
+ [72]: HTPC
Network/Niggurath.md
... ...
@@ -0,0 +1,748 @@
1
+---
2
+title: Niggurath
3
+---
4
+
5
+General Purpose App Server
6
+
7
+
8
+
9
+# Hardware
10
+
11
+| **Type** | **Make** | **Model** | **Connector** | **Specs** |
12
+||
13
+| Motherboard |   | Xeon | Dual Xeon Slot |   |
14
+| CPU | Intel | Pentium III Xeon | Slot | 550MHz |
15
+| CPU | Intel | Pentium III Xeon | Slot | 550MHz |
16
+| RAM | Kingston |   |   | 256MB ECC |
17
+| HDD | IBM |   | SCSI | 9GB |
18
+| HDD | IBM |   | SCSI | 9GB |
19
+| Graphics Adapter | Diamond | [FireGL][1][?][1] 1000 Pro 8MB AGP | AGP | 8MB 100MHz SGRAM 8ns |
20
+| SCSI Controller | Adaptec | AIC-7880 | PCI? |   |
21
+| SCSI Raid Adapter | Adaptec | ARO-1130C | PCI? | 16MB |
22
+| CD-ROM | NEC |   | SCSI |
23
+
24
+
25
+
26
+# Plan
27
+
28
+* Create jails for mail, www and (probably) dns
29
+
30
+
31
+
32
+# [ToDo][2][?][2]
33
+
34
+* Get fan for [CPUs][3][?][3]
35
+* <http://memberwebs.com/nielsen/freebsd/jails/docs/jail_security.html>
36
+* create CA and sign certs
37
+* create proper file permission hierarchy for cert access
38
+* set soft_bounce in main.cf to NO
39
+* add local net back to mynetworks in main.cf
40
+* remove ALL unused accounts
41
+* run dovecot-auth as user dovecot-auth instead of root
42
+* set dovecot first\_valid\_uid & last\_valid\_uid to dovecot user UID
43
+* set dovecot listen to localhost only. disallow remote non-SSL imap
44
+
45
+
46
+
47
+# Log
48
+
49
+## **Earlier**
50
+
51
+Check Adaptec RAID support
52
+create generic kernel
53
+serial console
54
+
55
+ /etc/ttys
56
+ options CONSPEED=115200
57
+
58
+
59
+boot console
60
+
61
+ /boot.config: -P
62
+ /boot/loader.conf: console="comconsole"
63
+
64
+
65
+create custom kernel
66
+
67
+ build custom boot blocks
68
+
69
+
70
+setup panic debugging
71
+
72
+ minor change: KDB_UNATTENDED
73
+ set dumpdev
74
+ set savecore_flags="-z"
75
+
76
+
77
+jail config
78
+
79
+ reconfigure daemons
80
+
81
+
82
+add dual PIII 550
83
+
84
+ breaking off heatsink fins
85
+
86
+
87
+build SMP kernel
88
+
89
+ options SMP
90
+ device apic
91
+
92
+
93
+
94
+
95
+## **2006-04-12**
96
+
97
+Updated to [FreeBSD][4][?][4] 6-STABLE branch. <http://www.freebsd.org/doc/en/books/handbook/makeworld.html>
98
+
99
+
100
+
101
+# Fill in: [CVSup][5][?][5] config, make.conf
102
+
103
+ # cd /usr/src
104
+ # make -j4 buildworld && make buildkernel
105
+
106
+
107
+Ran buildworld overnight.
108
+
109
+
110
+
111
+## **2006-04-13**
112
+
113
+Powered itself off overnight. Don't know why.
114
+Finished upgrade to 6-STABLE
115
+Rebooted, SMP working
116
+Started creation of jails
117
+<http://www.onlamp.com/pub/a/bsd/2003/09/04/jails.html>
118
+
119
+ # export JAILDIR=/chroot/test
120
+ # cd /chroot
121
+ # mkdir test mail
122
+ # cd /usr/src
123
+ # make -j6 buildworld
124
+ # make installworld DESTDIR=$JAILDIR
125
+
126
+
127
+[http://www.section6.net/wiki/index.php/Creating\_a\_FreeBSD_Jail][6]
128
+
129
+ # make world DESTDIR=/chroot/test
130
+ # sockstat|grep "\*:[0-9]"
131
+ # vim /etc/rc.conf
132
+ syslogd_flags="-s -s"
133
+ syslogd_flags="-a $local_ip"
134
+
135
+
136
+Beeped lots then powered off
137
+Burnt finger on CPU heatsinks. OK. I get it now.
138
+No CPU fan, dual PIII definitely needs one.
139
+
140
+
141
+
142
+## **2006-04-14**
143
+
144
+[http://www.section6.net/wiki/index.php/Creating\_a\_FreeBSD_Jail][6]
145
+
146
+Created minimal make.conf.jail
147
+
148
+ # cd /usr/local/etc
149
+ # cp /etc/make.conf make.conf.jail
150
+ # vim make.conf.jail
151
+ ...disable lots of things...
152
+
153
+
154
+I disabled *everything* except for:
155
+
156
+ CRYPT
157
+ DYNAMICROOT
158
+ INET6
159
+ LIBC_R
160
+ LIBPTHREAD
161
+ LIBTHR
162
+ OPENSSL
163
+ SHARE
164
+ SHARED
165
+
166
+
167
+This is a production jail, so no toolchain, no docs. Only the bare essentials.
168
+
169
+Backup host make.conf and copy the jail one over it.
170
+
171
+ # cp /etc/make.conf /etc/make.conf.bak
172
+ # cp /usr/local/etc/make.conf.jail /etc/make.conf
173
+
174
+
175
+Remember to copy it back afterwards.
176
+
177
+Clean, then buildworld:
178
+
179
+ # cd /usr/obj
180
+ # chflags -R noschg *
181
+ # rm -rf *
182
+ # cd /usr/src
183
+ # make -j4 buildworld
184
+
185
+
186
+Meanwhile, still following section6wiki:
187
+
188
+ # cd $JAILDIR
189
+ # mkdir etc dev usr
190
+ # cp /etc/resolv.conf etc/resolv.conf
191
+ # cp /etc/rc.conf etc/rc.conf
192
+ # vim rc.conf
193
+ ...edit stuff, hostname, ip...
194
+ # mount_devfs devfs $JAILDIR/dev # a bit preemptive perhaps?
195
+ # devfs -m $JAILDIR/dev rule -s 4 applyset
196
+ # ln -s dev/null kernel
197
+
198
+
199
+Build finished so install:
200
+
201
+ # cd /usr/src
202
+ # make installworld DESTDIR=$JAILDIR
203
+ # cd etc
204
+ # make distribution DESTDIR=$JAILDIR NO_OPENSSH=YES
205
+ # cd $JAILDIR
206
+ # touch etc/fstab
207
+
208
+
209
+Create alias manually for now. It's added to rc.conf further on.
210
+
211
+ # ifconfig xl0 $jail_ip netmask 255.255.255.0 alias
212
+
213
+
214
+Restore make.conf, append jail config to rc.conf:
215
+
216
+ # cd /etc
217
+ # cp make.conf.bak make.conf
218
+ # cat >> rc.conf
219
+ jail_enable="YES"
220
+ jail_list="test"
221
+ jail_set_hostname_allow="NO"
222
+ jail_socket_unixiproute_only="YES"
223
+ jail_test_rootdir="/chroot/test"
224
+ jail_test_hostname="test.niggurath.local"
225
+ jail_test_ip="$jail_ip"
226
+ jail_test_exec_start="/bin/sh /etc/rc"
227
+ jail_test_devfs_enable="YES"
228
+ jail_test_devfs_ruleset="devfsrules_jail"
229
+ ifconfig_xl0_alias0="inet $jail_ip netmask 255.255.255.0"
230
+ ^D
231
+ #
232
+
233
+
234
+Quick test run:
235
+
236
+ # jail $JAILDIR test.niggurath.local $jail_ip /bin/sh /etc/rc
237
+ # jexec $JID /bin/sh
238
+
239
+
240
+
241
+
242
+## **2006-04-16**
243
+
244
+Create postfix and dependent packages (See [Mail][7]):
245
+
246
+<http://www.onlamp.com/pub/a/bsd/2003/08/07/FreeBSD_Basics.html>
247
+
248
+
249
+
250
+ # cd /usr/ports/mail/postfix
251
+ # make
252
+ ... select options...
253
+ (enabled BerkeleyDB (latest), TLS, LDAP, SPF)
254
+ # mkdir /usr/ports/packages
255
+ # make package-recursive
256
+ ...answer questions...
257
+
258
+
259
+I \*might\* use LDAP to store user accounts and authentication details on the network. We'll see.
260
+
261
+For some reason I can't mount nullfs or unionfs on Niggurath. Perhaps something to do with gmirror? Haha, retard. securelevel of host was 1, so the nullfs kernel module couldn't be loaded.
262
+
263
+Change Niggurath host securelevel to -1 AND autoload nullfs.ko:
264
+
265
+ # cat >> /etc/rc.conf
266
+ kern_securelevel="-1"
267
+ kern_securelevel_enable="YES"
268
+ ^D
269
+ # echo 'nullfs_load="YES"' >> /boot/loader.conf
270
+
271
+
272
+Reboot, or shutdown/exit or whatever in order to change the securelevel
273
+
274
+Now load ports over the jail ports directory and install postfix:
275
+
276
+ # mount_nullfs /usr/ports $JAILDIR/usr/ports
277
+ # jexec 1 /usr/local/bin/bash
278
+ [#] cd /usr/ports/packages/mail
279
+ [#] pkg_add ./postfix-2.2.5,1.tbz
280
+ You need user "postfix" added to group "mail".
281
+ Would you like me to add it [y]? y
282
+ Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
283
+
284
+
285
+<http://www.csua.berkeley.edu/~ranga/notes/freebsd_postfix.html>
286
+
287
+Set in $JAILDIR/etc/rc.conf:
288
+
289
+ sendmail_enable="YES"
290
+ sendmail_flags="-bd"
291
+ sendmail_pidfile="/var/spool/postfix/pid/master.pid"
292
+ sendmail_procname="/usr/local/libexec/postfix/master"
293
+ sendmail_outbound_enable="NO"
294
+ sendmail_submit_enable="NO"
295
+ sendmail_msp_queue_enable="NO"
296
+
297
+
298
+
299
+
300
+## **2006-04-17**
301
+
302
+<http://www.postfix.org/INSTALL.html#replace>
303
+(Note that config is in $JAILDIR/usr/local/etc/postfix)
304
+
305
+Set domain names for all servers to *.phase1 to make it easy to grep.
306
+
307
+ # vim $JAILDIR/etc/rc.conf
308
+ jail_test2_hostname="mail.phase1"
309
+
310
+
311
+Other files changed: /etc/hosts /etc/resolv.conf
312
+
313
+Change the jail ip address.
314
+Fix interface alias:
315
+
316
+ # jexec $JAIL_ID kill -TERM -1
317
+ # ifconfig xl0 -alias $jail_ip
318
+ # ifconfig xl0 alias $new_jail_ip netmask 255.255.255.0
319
+ # export jail_ip=$new_jail_ip
320
+
321
+
322
+Restart the jail:
323
+
324
+ #jail $JAILDIR mail.phase1 $jail_ip /bin/sh /etc/rc
325
+
326
+
327
+Now back to postfix configuration.
328
+The original configuration didn't start postfix. New rc config options are here:
329
+<http://www.freebsddiary.org/postfix.php>
330
+
331
+Set in $JAILDIR/etc/rc.conf:
332
+
333
+ postfix_enable="YES"
334
+ sendmail_enable="NO"
335
+ sendmail_outbound_enable="NO"
336
+ sendmail_submit_enable="NO"
337
+ sendmail_msp_queue_enable="NO"
338
+
339
+
340
+Created and updated periodic.conf
341
+
342
+ # cat >> $JAILDIR/etc/periodic.conf
343
+ daily_clean_hoststat_enable="NO"
344
+ daily_status_mail_rejects_enable="NO"
345
+ daily_status_include_submit_mailq="NO"
346
+ daily_submit_queuerun="NO"
347
+ ^D
348
+
349
+
350
+No mailwrapper, so fix the sendmail link and link the startup script
351
+<http://www.csua.berkeley.edu/~ranga/notes/freebsd_postfix.html>
352
+
353
+ # cd $JAILDIR/usr/sbin
354
+ # ln -s ../local/sbin/sendmail sendmail
355
+ # cd $JAILDIR/usr/local/etc/rc.d
356
+ # ln -s ../../sbin/postfix postfix.sh
357
+
358
+
359
+Forgot to generate /etc/aliases.db:
360
+
361
+ [#] /usr/local/bin/newaliases
362
+
363
+
364
+
365
+
366
+## **2006-04-19**
367
+
368
+Gah. Ok, I should have built Postfix with SASL. (Not much point in having encryption (TLS) without no authentication (SASL) to protect.
369
+
370
+No special build steps should be necessary. Maaaybe cyrus-sasl2-ldapdb. But that can be installed later. To rebuild the Postfix port, including SASL this time:
371
+
372
+ # cd /usr/ports/mail/postfix
373
+ # make clean
374
+ # make
375
+ ...this time select
376
+ SASL2
377
+ TLS
378
+ DB43 (just in case. so I have a fallback if LDAP is too much of a pain)
379
+ OpenLDAP
380
+ VDA (it has quotas)
381
+
382
+
383
+Once compiled you may have to uninstall existing packages with pkg_delete.
384
+
385
+Build the updated packages:
386
+
387
+ # cd /usr/ports/mail/postfix
388
+ # make package-recursive
389
+ # cd /usr/ports/security/cyrus-sasl2-saslauthd/
390
+ # make package-recursive
391
+
392
+
393
+Install in the jail:
394
+
395
+ # jexec $JID /bin/sh
396
+ [#] pkg_delete postfix-2.2.5,1
397
+ [#] cd /usr/ports/packages/All
398
+ [#] pkg_add postfix-2.2.5,1.tbz
399
+ [#] pkg_add cyrus-sasl2-saslauthd
400
+
401
+
402
+Back to configuration.
403
+<http://wanderingbarque.com/howtos/mailserver/mailserver.html>
404
+
405
+Create the vmail user, with home at /vmail and no login shell
406
+
407
+ [#] pw useradd vmail -m -d /vmail -s /usr/sbin/nologin
408
+ [#] cd /vmail
409
+ [#] rm -rf .*
410
+ [#] mkdir domains
411
+ [#] chown vmail:vmail domains
412
+
413
+
414
+No particular reason for choosing /vmail. It's just simple.
415
+
416
+<http://yocum.org/faqs/postfix-tls-sasl.html>
417
+
418
+ # cd $JAILDIR/usr/local/lib/sasl2/
419
+ # echo "pwcheck_method: saslauthd" > smtpd.conf
420
+ # mkdir deactivated
421
+ # mv *ntlm* *crammd5* deactivated
422
+
423
+
424
+Create cert for mail.phase1
425
+<http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html>
426
+
427
+ # mkdir $JAILDIR/etc/certs
428
+ # cd $JAILDIR/etc/certs
429
+ # openssl req -new -x509 -nodes -out mailkey.pem -keyout mailcert.pem -days 3650
430
+ # cd ..
431
+ # chmod -R 700 certs
432
+
433
+
434
+
435
+
436
+ # cat >> $JAILDIR/usr/local/etc/postfix/main.cf
437
+
438
+ # SASL authentication - added by root - 2006/04/19
439
+ broken_sasl_auth_clients = yes
440
+ smtpd_sasl_auth_enable = yes
441
+ smtpd_sasl_local_domain =
442
+
443
+ smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
444
+
445
+ # tls config
446
+ smtp_use_tls = yes
447
+ smtpd_use_tls = yes
448
+ smtp_tls_note_starttls_offer = yes
449
+ smtpd_tls_key_file = /etc/certs/keycert.pem
450
+ smtpd_tls_cert_file = /etc/certs/keycert.pem
451
+ smtpd_tls_CAfile = /etc/certs/keycert.pem
452
+ smtpd_tls_loglevel = 1
453
+ smtpd_tls_received_header = yes
454
+ smtpd_tls_session_cache_timeout = 3600s
455
+ tls_random_source = dev:/dev/urandom
456
+
457
+
458
+
459
+saslauthd failed with *unable to dlopen /usr/local/lib/sasl2/libgssapiv2.so: Shared object "libgssapi.so.8" not found, required by "libgssapiv2.so"*
460
+
461
+Have to rebuild *without* Kerberos this time.
462
+
463
+
464
+
465
+ # jexec $JID /usr/sbin/pkg_delete cyrus-sasl2-saslauthd-2.1.21
466
+ # cd /usr/ports/security/cyrus-sasl2-saslauthd/
467
+ # make WITH_OPENLDAP_VER=22 WITHOUT_GSSAPI= package
468
+ # jexec $JID /bin/sh
469
+ [#] /usr/sbin/pkg_add cyrus-sasl2-saslauthd-2.1.21
470
+ [#] saslauthd -a getpwent
471
+ [#] postfix reload
472
+
473
+
474
+getpwent will be replaced with LDAP once implemented.
475
+
476
+
477
+
478
+ # vim $JAILDIR/usr/local/etc/postfix/master.cf
479
+ ...uncomment...
480
+ submission inet n - n - - smtpd
481
+ -o smtpd_etrn_restrictions=reject
482
+ -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes@@
483
+
484
+
485
+
486
+
487
+## **2006-04-20**
488
+
489
+I updated ports with cvsup and updated postfix:
490
+
491
+ # cd /usr/ports/mail/postfix
492
+ # make package
493
+ # make deinstall && make reinstall
494
+ # jexec $JID /bin/sh
495
+ [#] cd /usr/ports/packages/All
496
+ [#] pkg_delete postfix-2.2.5,1
497
+ [#] pkg_add postfix-2.2.10_1,1.tbz
498
+
499
+
500
+Installing Dovecot (1.0.beta3):
501
+
502
+ # cd /usr/ports/mail/dovecot
503
+ # make package-recursive
504
+ ...select
505
+ KQUEUE
506
+ SASL2
507
+ LDAP
508
+
509
+
510
+[GnuTLS][8][?][8] was removed from Dovecot as it was broken. Falls back to [OpenSSL][9][?][9] instead. Fine by me. Auto-creates user and group dovecot.
511
+
512
+Then it broke. I think because older versions of libiconv and cyrus-sasl were already installed (by postfix). So build just the dovecot package:
513
+
514
+ # make package
515
+
516
+
517
+Then it worked.
518
+
519
+
520
+
521
+ [#] pkg_add /usr/ports/packages/All/dovecot-1.0.b3_1.tbz
522
+
523
+
524
+Add dovecot-auth user and group
525
+
526
+ [#] pw useradd dovecot-auth -n "Dovecot Auth" -m -d /usr/local/libexec/dovecot -s /usr/sbin/nologin
527
+
528
+
529
+Actually this produced the error: *pw: invalid character ` ' at position 7 in userid/group name*, so I added the user with sysinstall...
530
+
531
+Configure Dovecot. Enable imap and imaps. imap accepts connections from the local network, imaps from anywhere. The firewall must protect from outside access to imap.
532
+
533
+ # cd $JAILDIR/usr/local/etc
534
+ # cp dovecot-example.conf dovecot.conf
535
+ # vim dovecot.conf
536
+
537
+
538
+dovecot.conf:
539
+
540
+ protocols = imap imaps
541
+ # must be guarded by firewall!
542
+ listen = *
543
+ ssl_listen = *
544
+ ssl_disable = no
545
+ ssl_cert_file = /etc/certs/mailcert.pem
546
+ ssl_key_file = /etc/certs/mailkey.pem
547
+ login_user = dovecot
548
+ login_process_size = 64
549
+ login_max_processes_count = 32
550
+ login_greeting = Welcome.
551
+ max_mail_processes = 128
552
+ verbose_proctitle = yes
553
+ # allow test user and dovecot
554
+ first_valid_uid = 1002
555
+ last_valid_uid = 1003
556
+ # allow test user group and dovecot group
557
+ first_valid_gid = 1002
558
+ last_valid_gid = 1003
559
+ mail_extra_groups = mail
560
+ valid_chroot_dirs = /vmail/domains
561
+ default_mail_env = maildir:/vmail/domains/%d/%n
562
+ # no mbox (thunderbird), no OSX Mail or Outlook Express
563
+ protocol imap {
564
+ imap_client_workarounds = outlook-idle netscape-eoh
565
+ }
566
+ auth default {
567
+ # plain for testing only. can't use digest-md5 with pam
568
+ mechanisms = plain
569
+ # for testing purposes, until LDAP is working
570
+ passdb pam {
571
+ }
572
+ userdb passwd {
573
+ }
574
+ user = root
575
+ }
576
+
577
+
578
+Enable dovecot at boot:
579
+
580
+ # cat > $JAILDIR/etc/rc.conf
581
+ dovecot_enable="YES"
582
+ ^D
583
+
584
+
585
+OK. Well, no quota support. Perhaps dump dovecot in favour of Courier...
586
+
587
+
588
+
589
+* * *
590
+
591
+## **2006-04-22**
592
+
593
+Now on to the DNS/LDAP server!
594
+
595
+Create new jail (I'm so lazy):
596
+
597
+ # export JD=/chroot/dns
598
+ # export JIP=$jail_ip
599
+ # cp -Rp /chroot/mail $JD
600
+ # rm -rf $JD/dev # oops!
601
+ # vim $JD/etc/rc.conf
602
+ ...leave the sendmail disable stuff there
603
+ # mount_nullfs /usr/ports $JD/usr/ports
604
+ # mount_devfs devfs $JD/dev
605
+ # devfs -m $JD/dev rule -s 4 applyset
606
+ # ifconfig xl0 alias $JIP netmask 255.255.255.0
607
+ # jail $JD dns.phase1 $JIP /bin/sh /etc/rc
608
+ # jexec $JID pkg_delete -a # delete all
609
+ # # clean up the rest manually
610
+
611
+
612
+Now install djbdns:
613
+
614
+ # cd /usr/ports/dns/djbdns
615
+ # vim Makefile
616
+ ...comment out the NO_PACKAGE line...
617
+ # vim /usr/ports/sysutils/ucspi-tcp/Makefile
618
+ ...comment out the NO_PACKAGE line...
619
+ # vim /usr/ports/sysutils/daemontools/Makefile
620
+
621
+
622
+This is just an annoyance, we're creating packes to install in our own damn jail, ffs!
623
+
624
+
625
+
626
+ # make config-recursive
627
+ # make package-recursive
628
+ ...select options
629
+ IPV6 # sugar-coating to make IPv6 records easier to specify
630
+
631
+
632
+I always prefer to run the config step separately.
633
+
634
+
635
+
636
+## **2006-04-24**
637
+
638
+Back to dovecot for a moment. Forgot to enable it on boot:
639
+
640
+ # export JD=/chroot/mail
641
+ # cat >> $JD/etc/rc.conf
642
+ dovecot_enable="YES"
643
+ saslauthd_enable="YES"
644
+ ^D
645
+
646
+
647
+Now on with djbdns. Install and configure.
648
+<http://www.lifewithdjbdns.com/#Setting%20up%20tinydns>
649
+
650
+ [#] jexec $JID /bin/sh
651
+ [#] pkg_add /usr/ports/packages/All/djbdns-ipv6-1.05.b14_10.tbz
652
+ [#] pw useradd tinydns -s /usr/sbin/nologin -c "TinyDNS Owner"
653
+ [#] pw useradd dnslog -s /usr/sbin/nologin -c "DNS Log owner"
654
+ [#] tinydns-conf tinydns dnslog /usr/local/etc/tinydns $JIP
655
+ [#] mkdir -p /var/log/tinydns
656
+ [#] chown dnslog:dnslog /var/log/tinydns
657
+
658
+
659
+Set the log directory in /usr/local/etc/tinydns/log/run
660
+
661
+ # vim $JD/usr/local/etc/tinydns/log/run
662
+ :s%./main%/var/log/tinydns%
663
+ :wq
664
+
665
+
666
+Configure DNS data and start tinydns
667
+
668
+ # cat > $JD/usr/local/etc/tinydns/root/data
669
+
670
+ #define the authoritative nameserver
671
+ .phase1::ns1.phase1
672
+ #mail exchanger
673
+ @phase1::mail.phase1
674
+ =mail.phase1:192.168.1.203
675
+ #dns1 is also known as ns1
676
+ =dns1.phase1:192.168.1.204
677
+ +ns1.phase1:192.168.1.204
678
+ =www.phase1:192.168.1.205
679
+ ^D
680
+
681
+
682
+Compile data and start tinydns
683
+
684
+ [#] cd /usr/local/etc/tinydns/root
685
+ [#] make
686
+ [#] mkdir -p /var/service
687
+ [#] ln -s ../../usr/local/etc/tinydns /var/service
688
+
689
+
690
+Use relative links so they work in and outside the jail.
691
+
692
+Start daemontools at boot:
693
+<http://matt.simerson.net/computing/dns/djbdns-freebsd.shtml>
694
+
695
+ # cat >> $JD/etc/rc.conf
696
+ svscan_enable="YES"
697
+
698
+
699
+
700
+
701
+## **2006-04-25**
702
+
703
+Configure tinydns so prevent lame DNS lookups. This is **very important!**
704
+
705
+ # cat > $JD/usr/local/etc/tinydns/root/data
706
+ # RFC1918 - prevent pollution
707
+ .local::ns1.phase1 # not RFC1918, but useful anyway
708
+ .10.in-addr.arpa::ns1.phase1
709
+ .168.192.in-addr.arpa::ns1.phase1
710
+ .16.172.in-addr.arpa::ns1.phase1
711
+ .17.172.in-addr.arpa::ns1.phase1
712
+ .18.172.in-addr.arpa::ns1.phase1
713
+ .19.172.in-addr.arpa::ns1.phase1
714
+ .20.172.in-addr.arpa::ns1.phase1
715
+ .21.172.in-addr.arpa::ns1.phase1
716
+ .22.172.in-addr.arpa::ns1.phase1
717
+ .23.172.in-addr.arpa::ns1.phase1
718
+ .24.172.in-addr.arpa::ns1.phase1
719
+ .25.172.in-addr.arpa::ns1.phase1
720
+ .26.172.in-addr.arpa::ns1.phase1
721
+ .27.172.in-addr.arpa::ns1.phase1
722
+ .28.172.in-addr.arpa::ns1.phase1
723
+ .29.172.in-addr.arpa::ns1.phase1
724
+ .30.172.in-addr.arpa::ns1.phase1
725
+ .31.172.in-addr.arpa::ns1.phase1
726
+ ^D
727
+
728
+
729
+This makes tinydns authoritative for all [RFC1918][10][?][10] addresses (private IP blocks). Setting up dnscache to consult tinydns for these IP blocks then prevents reverse-lookups being leaked to the internet.
730
+
731
+It's fine to have these globally visible because there shouldn't be any DNS records (A, AAAA, MX or whatever) for these [IPs][11][?][11] in a public auth DNS. If there are, remote clients can get information about hidden hosts.
732
+
733
+1.
734
+
735
+Setting up dnscach to consult the auth DNS for [RFC1918][10][?][10] addresses:
736
+Creating a file containing the IP of the auth DNS for each block:
737
+
738
+ # cd /var/service/dnscache/root/servers
739
+ # echo "192.168.1.204" > local
740
+ # cp local 168.192.in-addr.arpa
741
+ # cp local 10.in-addr.arpa::ns1.phase1
742
+ # for i in 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
743
+ > do cp 168.192.in-addr.arpa $i.172.in-addr.arpa
744
+ > done
745
+ #
746
+
747
+ [6]: http://www.section6.net/wiki/index.php/Creating_a_FreeBSD_Jail
748
+ [7]: Mail
Network/Nixie.md
... ...
@@ -0,0 +1,69 @@
1
+---
2
+title: Nixie
3
+---
4
+
5
+Description
6
+: [Netbook][1]
7
+
8
+Replaced By
9
+: [Archix][2]
10
+
11
+
12
+
13
+# Contents
14
+
15
+* [System Software][3]
16
+* [Application Software][4]
17
+
18
+
19
+
20
+# Specs
21
+
22
+Make
23
+: Acer
24
+
25
+Model
26
+: A150 / D150 / [ZG5][5][?][5]
27
+
28
+Weight
29
+: 0.99
30
+
31
+CPU
32
+: Atom N270
33
+
34
+RAM
35
+: 1.5GB
36
+
37
+SSD/HDD
38
+: 0/160GB
39
+
40
+Battery
41
+: 3, 6-7
42
+
43
+Screen
44
+: 8.9", 1024 x 600
45
+
46
+Other
47
+: Cam, SD Card, 3G
48
+
49
+Price
50
+: 146 refurb
51
+
52
+
53
+
54
+# RAM Upgrade
55
+
56
+Added 1GB SDRAM
57
+
58
+
59
+
60
+# Battery Upgrade
61
+
62
+**2010**: Purchased 9-cell battery
63
+
64
+**2013-12-05**: New 6-cell battery £14
65
+
66
+ [1]: /Tech/Netbook
67
+ [2]: Archix
68
+ [3]: NixieSystemSoftware
69
+ [4]: NixieApplicationSoftware
Network/NixieApplicationSoftware.md
... ...
@@ -0,0 +1,12 @@
1
+---
2
+title: NixieApplicationSoftware
3
+---
4
+
5
+# [ToDo][1][?][1]
6
+
7
+## Install
8
+
9
+* Seafarer
10
+
11
+* Firefox Bookmarks Broken
12
+
Network/NixieSystemSoftware.md
... ...
@@ -0,0 +1,158 @@
1
+---
2
+title: NixieSystemSoftware
3
+---
4
+
5
+# [ToDo][1][?][1]
6
+
7
+## Partition and encrypt disks
8
+
9
+# Install Ubuntu Netbook Remix
10
+
11
+* Write image to USB and boot
12
+* Start installer
13
+* Switch to tty2 (Alt-F2)
14
+* <http://ubuntuforums.org/showthread.php?t=1128034>
15
+
16
+
17
+
18
+## Partition
19
+
20
+* cfdisk /dev/sda
21
+
22
+| Device | Flags | [PType][2][?][2] | FS | Size (MB) |
23
+|:------ | ----- | ---------------- | -------- | --------- |
24
+| sda1 | boot | primary | 83 Linux | 254.99 |
25
+| sda2 |   | primary | 82 Swap | 1793.12 |
26
+| sda3 |   | primary | 8e LVM | 157991.18 |
27
+
28
+
29
+
30
+## Encrypt
31
+
32
+* Setup wireless in live USB
33
+* Choose cipher - see Crypto Benchmarks
34
+* <http://hightechsorcery.com/2008/08/linux-crypto-options-2624-and-later-kernels>
35
+* [Blowfish twice as fast as AES][3]
36
+* Install lvm2 and cryptsetup
37
+
38
+ # apt-get install lvm2 cryptsetup
39
+ # modprobe dm-crypt
40
+ # modprobe blowfish
41
+
42
+
43
+
44
+
45
+## LVM
46
+
47
+* Partition root PV
48
+* vg-lvroot 1GB
49
+* vg-lvusr 10GB
50
+* vg-lvtmp 1.5GB
51
+* vg-lvvar 1.5GB
52
+* vg-lvhome 132GB (the rest)
53
+
54
+
55
+
56
+## Install
57
+
58
+* Run installer
59
+* Chose manually partition (advanced)
60
+* Installed
61
+* Added necessary modules to initramfs and regenerated
62
+* Rebooted
63
+* Synaptic update
64
+
65
+
66
+
67
+# Crypto Benchmarks
68
+
69
+## Method
70
+
71
+ # cryptsetup -c $CIPHER -k $KEYSIZE luksFormat /dev/sda2
72
+ # cryptsetup luksOpen /dev/sda2 crypt-test
73
+ # mkfs.ext4 /dev/mapper/crypt-test
74
+ # mount /dev/mapper/crypt-test ./test
75
+ # bonnie++ -f -d ./test -r 512 -s 1600 -n 0 -u root
76
+ # umount ./test
77
+ # cryptsetup luksClose crypt-test
78
+
79
+
80
+
81
+
82
+## Ciphers
83
+
84
+* XTS requires keysize >= 256
85
+
86
+ export CIPHER="aes-xts-essiv:sha256" ; export KEYSIZE=256
87
+ export CIPHER="twofish-xts-essiv:sha256" ; export KEYSIZE=256
88
+ export CIPHER="aes-cbc-essiv:sha256" ; export KEYSIZE=128
89
+ export CIPHER="twofish-cbc-essiv:sha256" ; export KEYSIZE=128
90
+
91
+
92
+
93
+
94
+## Results
95
+
96
+ null,1600M,,,65661,43,31120,26,,,63847,28,387.1,2,,,,,,,,,,,,,
97
+ aes128,1600M,,,22476,12,11872,6,,,24165,8,436.5,2,,,,,,,,,,,,,
98
+ aes256,1600M,,,21963,13,11911,7,,,23625,8,445.8,2,,,,,,,,,,,,,
99
+ twofish128,1600M,,,22000,13,11591,6,,,23720,7,440.0,2,,,,,,,,,,,,,
100
+ twofish256,1600M,,,20756,12,10702,6,,,20411,7,449.0,3,,,,,,,,,,,,,
101
+
102
+
103
+* Choose aes256-xts-essiv since the major bottleneck seems to be the very use of crypto, not the cipher.
104
+
105
+
106
+
107
+# iptables
108
+
109
+* Scripts installed to /etc/iptables
110
+* Symlinks created in /etc/network/if-pre-up.d (not implemented in Ubuntu)
111
+* Script created in /[NetworkManager][4][?][4]/dispatcher.d
112
+
113
+if [ -x /usr/bin/logger ]; then
114
+        LOGGER="/usr/bin/logger -s -p daemon.info -t FirewallHandler"
115
+else
116
+        LOGGER=echo
117
+fi
118
+
119
+case "$2" in
120
+        up)
121
+                if [ ! -x /etc/iptables/iptables-start.sh ]; then
122
+                        ${LOGGER} "No script exists to set iptables rules."
123
+                        return
124
+                fi
125
+                ${LOGGER} "Restoring iptables rules"
126
+                /etc/iptables/iptables-start.sh
127
+                ;;
128
+        down)
129
+                # /etc/iptables/iptables-stop.sh
130
+                ;;
131
+        *)
132
+                ;;
133
+esac
134
+
135
+[[$[Get Code]]][5]
136
+
137
+
138
+
139
+# Log
140
+
141
+#### 2009-09-23
142
+
143
+* Install UNR
144
+
145
+#### 2009-09-24
146
+
147
+* Change hostname to Nixie
148
+
149
+#### 2010-04-20
150
+
151
+* Disabled (unencrypted) swap on /dev/sda2
152
+
153
+#### 2013-10-25
154
+
155
+* Installed iptables scripts
156
+
157
+ [3]: http://www.mail-archive.com/support@pfsense.com/msg15423.html
158
+ [5]: NixieSystemSoftware?action=sourceblock&num=1
... ...
\ No newline at end of file
Network/PLA5205.md
... ...
@@ -0,0 +1,17 @@
1
+---
2
+title: PLA5205
3
+---
4
+
5
+Make
6
+: Zyxel
7
+
8
+Model
9
+: [PLA5205][1]
10
+
11
+Description
12
+: Powerline Apapter 600Mbps
13
+
14
+Purchased
15
+: 2014-05-21
16
+
17
+ [1]: PLA5205
... ...
\ No newline at end of file
Network/PPTP.md
... ...
@@ -0,0 +1,41 @@
1
+---
2
+title: PPTP
3
+---
4
+
5
+* Client connection to PPTP VPN not working
6
+* M's connectivity to work VPN is intermittent.
7
+* Broken since October?
8
+
9
+
10
+
11
+# Things to try
12
+
13
+1. Wireshark on her laptop
14
+2. Wired network
15
+3. Configure different ISP on [WRT54GL][1]
16
+4. Direct connection to modem
17
+
18
+
19
+
20
+# Investigate
21
+
22
+* dns lookup issues
23
+* ipv6
24
+* tcp timeout
25
+
26
+
27
+
28
+# Upstream GRE blocking
29
+
30
+* pptpd on yuggoth
31
+* pptp-client locally
32
+
33
+
34
+
35
+# Links
36
+
37
+* <http://support.microsoft.com/kb/162847>
38
+* ["Server discards GRE from IP different to PPTP handshake"][2]
39
+
40
+ [1]: WRT54GL
41
+ [2]: http://www.pcreview.co.uk/forums/thread-1574712.php
... ...
\ No newline at end of file
Network/PerimeterRouter.md
... ...
@@ -0,0 +1,42 @@
1
+---
2
+title: PerimeterRouter
3
+---
4
+
5
+# Requirements
6
+
7
+* Routing
8
+* LAN static IP assignment
9
+* Support [GeolocationTunnelling][1][?][1] (custom DNS)
10
+* Remote logging
11
+* Ad Blocking
12
+
13
+
14
+
15
+## Optional
16
+
17
+* [IPv6][2] routing
18
+* Multi-AP
19
+* SNMP
20
+
21
+
22
+
23
+# Implementations
24
+
25
+* [WRT54GL][3]
26
+* [DG834GT][4] (Sky)
27
+* [WDR3600][5]
28
+
29
+
30
+
31
+# Status
32
+
33
+| Device | [IPv6][2] | Multi-AP | SNMP | Geoloc Enabled |
34
+|:------------ | --------- | -------- | ---- | -------------- |
35
+| [WRT54GL][3] | yes | yes | yes | no |
36
+| [DG834GT][4] | no | no | yes | no |
37
+| [WDR3600][5] | yes | yes | yes | no |
38
+
39
+ [2]: IPv6
40
+ [3]: WRT54GL
41
+ [4]: DG834GT
42
+ [5]: WDR3600
... ...
\ No newline at end of file
Network/Pixie.md
... ...
@@ -0,0 +1,287 @@
1
+---
2
+title: Pixie
3
+---
4
+
5
+Implements
6
+: [Automation Hub][1]
7
+
8
+Hostname
9
+: pixie0
10
+
11
+Make
12
+: Raspberry Pi 2
13
+
14
+Model
15
+: B+
16
+
17
+Software
18
+: Debian Jessie, [Home Assistant][2]
19
+
20
+Purchased
21
+: 2015-05-14 £42 (kit) from CPC
22
+
23
+Delivered
24
+: 2015-05-15
25
+
26
+
27
+
28
+[[_TOC_]]
29
+
30
+# Static ttyUSB for zwave and rfxcom
31
+
32
+Aeonlabs Z-Stick S2 is `/dev/ttyUSB21`, Rfxcom is `/dev/ttyUSB22`
33
+
34
+`/etc/udev/rules.d/99-usb-serial.rules`:
35
+
36
+ SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ATTRS{serial}=="0001", SYMLINK+="ttyUSB21"
37
+ SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", ATTRS{serial}=="A1XHAXCI", SYMLINK+="ttyUSB22"
38
+
39
+
40
+
41
+
42
+# RTC
43
+
44
+<https://raw.githubusercontent.com/piface/PiFace-Real-Time-Clock/master/install-piface-real-time-clock.sh>
45
+
46
+
47
+
48
+* Enable [I2C][23][?][23]
49
+* `apt-get install i2c-tools`
50
+
51
+
52
+
53
+# Home-Assistant mysql Database
54
+
55
+CREATE DATABASE hass;
56
+GRANT ALL PRIVILEGES ON hass.* TO 'hass'@'%' WITH GRANT OPTION;
57
+FLUSH PRIVILEGES;
58
+
59
+[[$[Get Code]]][24]
60
+
61
+
62
+
63
+## Fix Host Blocked error
64
+
65
+<https://dev.mysql.com/doc/refman/5.7/en/blocked-host.html>
66
+
67
+
68
+
69
+mysql> SET GLOBAL max\_connect\_errors=10000;
70
+mysql> flush hosts;
71
+
72
+[[$[Get Code]]][25]
73
+
74
+
75
+
76
+# [OpenZWave][26][?][26]
77
+
78
+## Upgrading
79
+
80
+sudo su hass
81
+. /srv/hass/hass_venv/bin/activate
82
+cd /srv/hass/src/python-openzwave
83
+git pull origin
84
+cd openzwave
85
+git pull origin
86
+cd ..
87
+make build
88
+make install
89
+
90
+[[$[Get Code]]][27]
91
+
92
+
93
+
94
+## Upgrading via python-openzwave
95
+
96
+Using openzwave dev branch from github:
97
+
98
+. /srv/hass/hass_venv/bin/activate
99
+pip install python_openzwave --install-option="--flavor=dev" --no-deps --ignore-installed --no-cache-dir
100
+
101
+[[$[Get Code]]][28]
102
+
103
+
104
+
105
+# [LetsEncrypt][29]
106
+
107
+Certbot is now installed as a package.
108
+
109
+
110
+
111
+## Renewing
112
+
113
+1. Leave nginx running
114
+2. Allow iptables 80 tcp input
115
+3. Enable 80 port forward on router to pixie3
116
+4. Run ` sudo certbot renew --nginx `
117
+5. Check cert ` openssl x509 -text -in /etc/letsencrypt/live/ha.home.whalebarn.com/cert.pem `
118
+6. Disallow iptables 80 and disable 80 port forward
119
+7. Restart nginx
120
+
121
+
122
+
123
+## Renewing from Git (Obsolete)
124
+
125
+As above except:
126
+
127
+
128
+
129
+1. Run ` sudo ~pi/src/letsencrypt/certbot-auto renew --nginx `
130
+2. Check cert ` openssl x509 -text -in /etc/letsencrypt/live/ha.home.whalebarn.com/cert.pem `
131
+
132
+
133
+
134
+# Fix nginx startup
135
+
136
+## Missing `/var/log/nginx`
137
+
138
+Fails to start after boot because `/var/log/nginx` hasn't been created
139
+
140
+Add to
141
+
142
+`/etc/systemd/system/multi-user.target.wants/nginx.service`
143
+ ExecStartPre=/bin/bash -c 'mkdir -p /var/log/nginx; /usr/sbin/nginx -t -q -g "daemon on; master_process on;"'
144
+ to create the log dir and run nginx config test
145
+
146
+New solution. Copy and customize `nginx.service`:
147
+
148
+ [Unit]
149
+ Description=A high performance web server and a reverse proxy server
150
+ After=network.target
151
+
152
+ [Service]
153
+ Type=forking
154
+ PIDFile=/run/nginx.pid
155
+ PermissionsStartOnly=true # do the mkdir as root
156
+ ExecStartPre=-/bin/mkdir -p /var/log/nginx # create log dir, tolerate failure
157
+ ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
158
+ ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
159
+ ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
160
+ ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
161
+ TimeoutStopSec=5
162
+ KillMode=mixed
163
+
164
+ [Install]
165
+ WantedBy=multi-user.target
166
+
167
+
168
+
169
+
170
+## Can't connect to Upstream
171
+
172
+Make nginx depend on home-assistant startup.
173
+
174
+
175
+
176
+sudo mkdir -p /etc/systemd/system/nginx.service.d
177
+sudo vim /etc/systemd/system/nginx.service.d/override.conf
178
+
179
+[[$[Get Code]]][30]
180
+
181
+Create `/etc/systemd/system/nginx.service.d/override.conf`:
182
+
183
+ [Unit]
184
+ Wants=home-assistant.service
185
+ After=home-assistant.service
186
+
187
+
188
+
189
+
190
+# Python with [PyEnv][31][?][31]
191
+
192
+Manage python version upgrades with pyenv.
193
+
194
+<http://www.knight-of-pi.org/pyenv-for-python-version-management-on-raspbian-stretch/>
195
+
196
+
197
+
198
+sudo apt-get install bzip2 libbz2-dev libreadline6 libreadline6-dev libffi-dev libssl1.0-dev sqlite3 libsqlite3-dev -y
199
+git clone git://github.com/yyuu/pyenv.git .pyenv
200
+echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
201
+echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
202
+echo 'eval "$(pyenv init -)"' >> ~/.bashrc
203
+. ~/.bashrc
204
+
205
+[[$[Get Code]]][32]
206
+
207
+System-wide install of 3.8.5:
208
+
209
+
210
+
211
+mkdir tmp
212
+sudo su  # otherwise TMPDIR doesn't affect the pyenv subshell...
213
+TMPDIR=`pwd`/tmp .pyenv/plugins/python-build/bin/python-build 3.8.5 /usr/local/python-3.8.5/
214
+
215
+[[$[Get Code]]][33]
216
+
217
+
218
+
219
+# [Zwave2Mqtt][34][?][34]
220
+
221
+Chose this over ozwdaemon (which requires a custom build of QT 5.12!)
222
+
223
+
224
+
225
+## Build openzwave
226
+
227
+Version 1.6+. User `pi`
228
+
229
+mkdir -p src/open-zwave
230
+git clone https://github.com/OpenZWave/open-zwave.git
231
+# tag v1.6 failed with gcc 6.3
232
+git checkout -b live master
233
+make
234
+sudo make install
235
+
236
+[[$[Get Code]]][35]
237
+
238
+
239
+
240
+## Install node and npm
241
+
242
+User `hass`
243
+
244
+sudo apt-get install npm
245
+# npm config set registry https://registry.npmjs.org  # unnecessary?
246
+# https://github.com/nebrius/raspi-serial/issues/8
247
+sudo npm install -g npm  # upgraded to 6.14.8, old /usr/bin/npm still 1.4.21
248
+sudo npm install -g n
249
+sudo n stable # upgraded to node v12.18.4
250
251
+
252
+[[$[Get Code]]][36]
253
+
254
+
255
+
256
+## Build zwave2mqtt
257
+
258
+User `hass`
259
+
260
+mkdir -p src/zwave2mqtt
261
+# though actually I just pushed v4.0.3 and "live" from canard
262
+git clone https://github.com/OpenZWave/Zwave2Mqtt
263
+npm install  # takes a long time because it's freaking 571MB of stuff
264
+npm run build
265
+
266
+[[$[Get Code]]][37]
267
+
268
+
269
+
270
+## Other issues
271
+
272
+* After building with node v8 then upgrading to node v12 had to reinstall fibers `npm install fibers` before doing `npm run build`
273
+* More version issues so `npm rebuild`
274
+
275
+ [1]: AutomationHub
276
+ [2]: http://home-assistant.io
277
+ [24]: Pixie?action=sourceblock&num=1
278
+ [25]: Pixie?action=sourceblock&num=2
279
+ [27]: Pixie?action=sourceblock&num=3
280
+ [28]: Pixie?action=sourceblock&num=4
281
+ [29]: LetsEncrypt
282
+ [30]: Pixie?action=sourceblock&num=5
283
+ [32]: Pixie?action=sourceblock&num=6
284
+ [33]: Pixie?action=sourceblock&num=7
285
+ [35]: Pixie?action=sourceblock&num=8
286
+ [36]: Pixie?action=sourceblock&num=9
287
+ [37]: Pixie?action=sourceblock&num=10
... ...
\ No newline at end of file
Network/Power.md
... ...
@@ -0,0 +1,109 @@
1
+---
2
+title: Power
3
+---
4
+
5
+Devices needing backup power or surge protection
6
+
7
+
8
+
9
+# Devices
10
+
11
+## Backup
12
+
13
+### [IEC320][1][?][1]
14
+
15
+* [Cyclops][2]
16
+* Shub
17
+* Dell [PowerConnect 2716][3]
18
+* [Summit X450e][4] [PoE][5][?][5] switch
19
+ * Ubiquiti [PoE][5][?][5] [APs][6][?][6]
20
+
21
+
22
+
23
+### [BS1363][7][?][7]
24
+
25
+* [router0][8]
26
+* D-Link USB powered hub (4G modems)
27
+
28
+
29
+
30
+## Surge only
31
+
32
+
33
+
34
+## No Protection
35
+
36
+* [HG612][9][?][9] VDSL modem
37
+* [Pixie][10]
38
+* Zyxel [GS108][11] 8-port switch (8W)
39
+
40
+
41
+
42
+# Configuration
43
+
44
+## Current
45
+
46
+Consumption
47
+: 145W
48
+
49
+Peak Consumption
50
+: 900W
51
+
52
+Devices
53
+: Cyclops, Shub, router0, pixie3
54
+
55
+
56
+
57
+## Calculated Runtime
58
+
59
+At 150W
60
+
61
+
62
+
63
+00h13m
64
+: 400VA
65
+
66
+00h36m
67
+: 900VA
68
+
69
+00h42m
70
+: 1200VA
71
+
72
+
73
+
74
+# Unprotected
75
+
76
+* [router1][8]
77
+ * [PowerInspired][12][?][12] DC backup
78
+* Media system [RPis][13][?][13]
79
+
80
+
81
+
82
+# UPS Providers
83
+
84
+* APC
85
+* Eaton
86
+* Tripplite
87
+
88
+
89
+
90
+## Software Support
91
+
92
+* [nut][14]
93
+
94
+
95
+
96
+# Wiring
97
+
98
+* [PDU buying guide][15]
99
+* [PDU wiring guide][16]
100
+
101
+ [2]: Cyclops
102
+ [3]: PowerConnect2716
103
+ [4]: SummitX450e
104
+ [8]: WDR3600
105
+ [10]: Pixie
106
+ [11]: GS108
107
+ [14]: http://networkupstools.org/stable-hcl.html
108
+ [15]: https://www.tripplite.com/products/pdubuyingguide
109
+ [16]: https://www.tripplite.com/products/pdu-installation
... ...
\ No newline at end of file
Network/PowerConnect2716.md
... ...
@@ -0,0 +1,97 @@
1
+---
2
+title: PowerConnect2716
3
+---
4
+
5
+Make
6
+: Dell
7
+
8
+Model
9
+: [PowerConnect][1][?][1] 2716
10
+
11
+Description
12
+: 16-port managed gigabit switch
13
+
14
+
15
+
16
+# Blown PSU?
17
+
18
+Model
19
+: Delta ADP-40VP
20
+
21
+Schematic
22
+: [Schematic][2]
23
+
24
+Fuse
25
+: OK (2A / 250V, 1Ω)
26
+
27
+C1
28
+: NF?
29
+
30
+C2
31
+: Replaced (100µF / 400V)
32
+
33
+C3
34
+: Replaced (47µF 25V)
35
+
36
+C4
37
+: OK
38
+
39
+C5
40
+: OK
41
+
42
+C6
43
+: OK
44
+
45
+C7
46
+: OK~
47
+
48
+C8
49
+: OK
50
+
51
+C9
52
+: OK
53
+
54
+C10
55
+: OK~
56
+
57
+C52
58
+: OK
59
+
60
+C53
61
+: OK
62
+
63
+C54
64
+: OK
65
+
66
+C55
67
+: OK
68
+
69
+Replaced C2, C3
70
+
71
+
72
+
73
+## Substitute PSU
74
+
75
+Artesyn [NLP40][3][?][3]-7605J
76
+
77
+
78
+
79
+[Farnell][4]
80
+: ~£38
81
+
82
+[RS][5]
83
+: £23
84
+
85
+
86
+
87
+# Log
88
+
89
+**'2014-02-21**' Replaced C2 (100µF). Still not working.
90
+
91
+**'2014-02-22**' Purchased replacement PSU (Artesyn [NLP40][3][?][3]-7605J) from RS Components (£23)
92
+
93
+**'2014-02-25**' Replaced C3. Fixed!
94
+
95
+ [2]: http://img850.imageshack.us/img850/5506/uc3843.jpg
96
+ [4]: http://uk.farnell.com/jsp/displayProduct.jsp?sku=1516423
97
+ [5]: http://uk.rs-online.com/web/p/products/6295721
... ...
\ No newline at end of file
Network/Proto41Filtering.md
... ...
@@ -0,0 +1,7 @@
1
+---
2
+title: Proto41Filtering
3
+---
4
+
5
+[proto41 details][1]
6
+
7
+ [1]: http://markferry.net/proto41/mtr.html
... ...
\ No newline at end of file
Network/RaidArray.md
... ...
@@ -0,0 +1,101 @@
1
+---
2
+title: RaidArray
3
+---
4
+
5
+Current configuration of Hastur Raid Array
6
+
7
+
8
+
9
+# Live Drives
10
+
11
+| Device | Bracket | Description | Serial | Firmware | Warranty Until |
12
+|:------ | ------- | --------------------------- | ---------------- | ----------- | ------------------- |
13
+| sdc | 1 | [DT01ACA300][1][?][1] 3TB | `84QE6EHGS TZ6 ` |   |   |
14
+| sdd | 4 | [DT01ACA300][1][?][1] 3TB | `84QDMZ9GS TZ6 ` |   |   |
15
+| sdg | 5 | [DT01ACA300][1][?][1] 3TB | `Z4V4DZVGS TZ6 ` | `AA00/BB0 ` | Scan 2017-11-04 RTB |
16
+| sde | 6 | [DT01ACA300][1][?][1] 3TB | `Z4V4TR4GS TZ6 ` | `AA00/BB0 ` | Scan 2017-11-04 RTB |
17
+| sdf | 2 | [WD30EFRX][2][?][2] 3TB | `WCC4N6PT8RHR ` | `1AN10003 ` | WD 2019-01-16 |
18
+| sdh | 7 | [HDWG460UZSVA][3][?][3] 6TB | `71A0A13QFA4H ` | `0601` | Tosh ~2025-05-01 |
19
+| sd_ | 8 | [HDWG460UZSVA][3][?][3] 6TB | `91W0A06JFA4H ` | `0601` | Tosh ~2025-05-01 |
20
+
21
+
22
+
23
24
+
25
+
26
+
27
+# Backup Drives
28
+
29
+| sd_ |   | [HD204UI][4][?][4] 2TB | ` S2HGJ1CZ904925 ` |   |   |
30
+||
31
+| sd_ | backup510 | [HD501LJ][5][?][5] 500GB | ` S0MUJ1KP715582 ` |   |   |
32
+| sd_ | backup1, off-site | [HD204UI][4][?][4] 2TB |   |   |   |
33
+| sd_ | backup500, off-site | ?? 500GB | ?? |   |   |
34
+| sd_ | backup300, off-site, usb | ` STBV3000200 ` 3TB | ` NA4KE2M3 ` |   |
35
+| sdh | in chassis | [HD203WI][6][?][6] 2TB | ` #S1UYJ1CZ317063 `[1][7] | ` 1AN10003 ` |   |
36
+
37
+
38
+
39
+# Failed Drives
40
+
41
+| sd_ | 0F | [ST3200542AS][8][?][8] 2TB | `#9XW09GDN ` |   |   |
42
+||
43
+| sd_ | F | [ST3200542AS][8][?][8] 2TB | `#9XW08GNB ` |   |   |
44
+| sd_ | F | [ST3000DM001][9][?][9] 3TB | `#Z1F1K11M ` | Dead |   |
45
+| sd_ | 6F | [ST3000DM001][9][?][9] 3TB | `#W1F1PG24 ` | Dead |   |
46
+| sd_ | F | [HD203WI][6][?][6] 2TB | `S1UYJ1CZ317052 ` | `1AN10002 ` |   |
47
+| sd_ |   | [WD30EFRX][2][?][2] 3TB | `WCC4N6SXZRHD ` | `1AN10003 ` | 2021-12-01 |
48
+
49
+
50
+
51
+# Warranty Check
52
+
53
+Toshiba
54
+: [old][10], [[<https://www.storrepair.com/toshiba_products/>
55
+
56
+Western Digital
57
+: <https://westerndigital.secure.force.com/WarrantyCheck?lang=en>|storrepair]]
58
+
59
+
60
+
61
+# Setting TLER/CCTL
62
+
63
+Set 70decisecond read and write error recovery control
64
+
65
+smartctl -l scterc,70,70 /dev/sdX
66
+
67
+[[$[Get Code]]][11]
68
+
69
+
70
+
71
+# Removing and Replacing a Failed Disk
72
+
73
+<http://www.ducea.com/2009/03/08/mdadm-cheat-sheet/>
74
+
75
+
76
+
77
+mdadm --remove /dev/md6 /dev/sdX   # remove failed disk
78
+mdadm --add /dev/md6 /dev/sdX  # add replacement disk
79
+sysctl dev.raid.speed\_limit\_max=51200  # limit speed to ~50MB/sec
80
+
81
+[[$[Get Code]]][12]
82
+
83
+
84
+
85
+* * *
86
+
87
+
88
+
89
+# Log
90
+
91
+**2013-12-10**: Removed failed 2TB sde. Replaced with 500GB backup.
92
+**2014-03-20**: Moved backup [HD204UI][4][?][4] into array in place of shrunken [HD203WI][6][?][6]
93
+**2014-07-02**: Errors on sde (9XW...). 108 sectors newly reallocated
94
+**2015-11-06**: Two more Tosh 3TB to replace dead Seagate 3TB
95
+**2021-12-01**: One WD 3TB failed
96
+**2022-05-10**: Added 2x Toshiba 6TB (half-capacity)
97
+
98
+ [7]: #fn2_1
99
+ [10]: https://myapps.taec.toshiba.com/myapps/admin/jsp/webrma/addRequest1NoLogin.jsp?Action=NEW
100
+ [11]: RaidArray?action=sourceblock&num=1
101
+ [12]: RaidArray?action=sourceblock&num=2
... ...
\ No newline at end of file
Network/Reboot.md
... ...
@@ -0,0 +1,28 @@
1
+---
2
+title: Reboot
3
+---
4
+
5
+Dealing with issues related to power failures or network node reboots.
6
+
7
+
8
+
9
+# DNS
10
+
11
+## Cannot resolve address of media node after power failure
12
+
13
+Symptom
14
+: Can't ping or lookup hostname (e.g. 'pixie')
15
+
16
+Further Symptoms
17
+: Airplay cannot connect. Usually to the battery powered devices like tablets.
18
+
19
+Cause
20
+: Node boots before [Perimeter Router][1] DNS service is ready.
21
+
22
+Further Causes
23
+: [OpenWRT][2][?][2] dnsmasq leases file is scrubbed by a reboot. Network nodes typically resume the lease they held before the power failure. Since dnsmasq has no record of the lease it cannot resolve the hostname.
24
+
25
+Fix
26
+: Create barebones `/etc/network/interfaces` and `ifup` it.
27
+
28
+ [1]: PerimeterRouter
Network/RecentChanges.md
... ...
@@ -0,0 +1,175 @@
1
+---
2
+title: RecentChanges
3
+---
4
+
5
+* [RaidArray][1] . . . 10 May 2022, at 10:41 AM UTC by [Gnome][2][?][2]: 6TB 71A is sdh
6
+* [HasturRaidUpgradePath][3] . . . 10 May 2022, at 10:28 AM UTC by [Gnome][2][?][2]:
7
+* [HasturRaidArray][4] . . . 06 May 2022, at 03:44 PM UTC by [Gnome][2][?][2]: move to Network.RaidArray and redirect
8
+* [Pixie][5] . . . 25 August 2021, at 01:18 PM UTC by [Gnome][2][?][2]: pyenv as root
9
+* [Canard][6] . . . 01 June 2021, at 03:23 PM UTC by [Gnome][2][?][2]: battery
10
+* [CanardSystemSoftware][7] . . . 13 February 2021, at 12:52 PM UTC by [Gnome][2][?][2]: current cpu freq driver and governor
11
+* [CyclopsSystemSoftware][8] . . . 08 November 2020, at 07:06 PM UTC by [Gnome][2][?][2]: quotes
12
+* [WDR3600][9] . . . 24 July 2020, at 02:27 PM UTC by [Gnome][2][?][2]: grammar
13
+* [Power][10] . . . 15 June 2020, at 04:49 PM UTC by [Gnome][2][?][2]:
14
+* [CyclopsApplicationSoftware][11] . . . 26 August 2019, at 10:59 PM UTC by [Gnome][2][?][2]: Fix postfix config
15
+* [CyclopsSoftware][12] . . . 26 August 2019, at 10:58 PM UTC by [Gnome][2][?][2]: redirect back to Cyclops
16
+* [CanardApplicationSoftware][13] . . . 25 July 2018, at 06:45 PM UTC by [Gnome][2][?][2]: openvpn-update-systemd-resolved
17
+* [Shochu][14] . . . 10 July 2018, at 06:54 PM UTC by [Gnome][2][?][2]: disk setup
18
+* [CyclopsHardware][15] . . . 03 April 2018, at 06:18 PM UTC by [Gnome][2][?][2]: actually has 32GB RAM now
19
+* [ShochuSystemSoftware][16] . . . 10 January 2018, at 04:58 PM UTC by [Gnome][2][?][2]: disable per-tty sudo authentication
20
+* [ShochuApplicationSoftware][17] . . . 16 December 2017, at 03:50 PM UTC by [Gnome][2][?][2]: wrong script
21
+* [LetsEncrypt][18] . . . 02 September 2017, at 05:30 PM UTC by [Gnome][2][?][2]:
22
+* [Network][19] . . . 23 August 2017, at 04:30 PM UTC by [Gnome][2][?][2]: link Cyclops
23
+* [HasturReplacement][20] . . . 18 August 2017, at 12:58 PM UTC by [Gnome][2][?][2]: cyclops
24
+* [DNS][21] . . . 18 August 2017, at 10:49 AM UTC by [Gnome][2][?][2]: srv records for gtalk
25
+* [Cyclops][22] . . . 17 August 2017, at 11:20 PM UTC by [Gnome][2][?][2]: cyclops pages
26
+* [Hastur][23] . . . 07 August 2017, at 12:18 PM UTC by [Gnome][2][?][2]:
27
+* [HasturHardware][24] . . . 07 July 2017, at 11:15 PM UTC by [Gnome][2][?][2]: link HasturReplacement
28
+* [VideoSurveillance][25] . . . 30 June 2017, at 11:15 AM UTC by [Gnome][2][?][2]: Dahua IPC-HFW5231E-Z12
29
+* [Yuggoth][26] . . . 07 June 2017, at 12:15 PM UTC by [Gnome][2][?][2]:
30
+* [Upgrade2017][27] . . . 27 March 2017, at 02:54 PM UTC by [Gnome][2][?][2]: redirect
31
+* [Upgrade2016][28] . . . 27 March 2017, at 02:53 PM UTC by [Gnome][2][?][2]:
32
+* [HasturSoftware][29] . . . 20 March 2017, at 08:20 PM UTC by [Gnome][2][?][2]: samba auth bug and workaround
33
+* [Monitoring][30] . . . 13 March 2017, at 11:22 AM UTC by [Gnome][2][?][2]: influx, telegraf and grafana
34
+* [CliMateCM-2][31] . . . 17 February 2017, at 02:17 PM UTC by [Gnome][2][?][2]: details
35
+* [UnifiAP][32] . . . 14 February 2017, at 01:29 AM UTC by [Gnome][2][?][2]: udp
36
+* [SummitX450e][33] . . . 13 February 2017, at 11:39 PM UTC by [Gnome][2][?][2]: upgrade procedure
37
+* [HomeAutomation][34] . . . 11 February 2017, at 06:27 PM UTC by [Gnome][2][?][2]: link to fix ssr302 for direct control
38
+* [EclipseEco1200][35] . . . 07 January 2017, at 01:23 PM UTC by [Gnome][2][?][2]: details
39
+* [VPN][36] . . . 21 November 2016, at 06:03 PM UTC by [Gnome][2][?][2]: NordVPN
40
+* [WAP4410N][37] . . . 11 September 2016, at 07:17 PM UTC by [Gnome][2][?][2]: firmware upgrade
41
+* [Ricoh213W][38] . . . 10 September 2016, at 02:10 PM UTC by [Gnome][2][?][2]: default access code
42
+* [IndoorPositioning][39] . . . 07 June 2016, at 03:46 PM UTC by [Gnome][2][?][2]: beacons
43
+* [MobileRouter][40] . . . 25 April 2016, at 11:10 AM UTC by [Gnome][2][?][2]: Update mobile data offers
44
+* [Authentication][41] . . . 19 April 2016, at 03:34 PM UTC by [Gnome][2][?][2]: Solutions
45
+* [HasturRaidUpgrade2][42] . . . 02 March 2016, at 02:12 PM UTC by [Gnome][2][?][2]: restore
46
+* [HasturRaidUpgrade3][43] . . . 02 March 2016, at 02:06 PM UTC by [Gnome][2][?][2]: Oops. Edited the wrong page.
47
+* [Reboot][44] . . . 19 November 2015, at 01:43 PM UTC by [Gnome][2][?][2]: Cannot resolve address of media node
48
+* [PerimeterRouter][45] . . . 08 November 2015, at 06:32 PM UTC by [Gnome][2][?][2]: link WDR3600, adblock
49
+* [ArchixSystemSoftware][46] . . . 15 September 2015, at 03:24 PM UTC by [Gnome][2][?][2]: set correct partition for linux kernel boot
50
+* [WanBonding][47] . . . 28 July 2015, at 03:48 PM UTC by [Gnome][2][?][2]: Xen bonding
51
+* [SNMP][48] . . . 30 June 2015, at 01:27 PM UTC by [Gnome][2][?][2]: remove obsolete Clients info
52
+* [AutomationHub][49] . . . 19 March 2015, at 07:52 PM UTC by [Gnome][2][?][2]: link to Pixie
53
+* [ArchixApplicationSoftware][50] . . . 25 September 2014, at 05:47 PM UTC by [Gnome][2][?][2]: disable tapping
54
+* [Stella][51][?][51] . . . 24 August 2014, at 04:09 PM UTC by [Gnome][2][?][2]:
55
+* [Archix][52] . . . 24 June 2014, at 01:16 PM UTC by [Gnome][2][?][2]: rename to Archix
56
+* [Nixie][53] . . . 03 June 2014, at 02:08 PM UTC by [Gnome][2][?][2]: link Netbook
57
+* [PLA5205][54] . . . 24 May 2014, at 12:09 AM UTC by [Gnome][2][?][2]: PLA5205
58
+* [GS108][55] . . . 22 May 2014, at 10:31 PM UTC by [Gnome][2][?][2]: details. Link Zyxel PLA5205
59
+* [WRT54GL][56] . . . 02 May 2014, at 11:19 AM UTC by [Gnome][2][?][2]: Replaced by WDR-3600
60
+* [Web][57] . . . 23 April 2014, at 04:54 PM SAST by [Gnome][2][?][2]: Mezzanine Grapelli
61
+* [GeolocationTunneling][58] . . . 06 March 2014, at 02:23 PM UTC by [Gnome][2][?][2]: dns tunnel
62
+* [LogServer][59] . . . 06 March 2014, at 02:12 PM UTC by [Gnome][2][?][2]: link SNMP
63
+* [PowerConnect2716][60] . . . 25 February 2014, at 12:35 AM UTC by [Gnome][2][?][2]: Fixed Dell PowerConnect 2716
64
+* [DGS-1008D][61] . . . 04 February 2014, at 05:43 PM UTC by [Gnome][2][?][2]: Another blown power supply
65
+* [HasturSystemSoftware][62] . . . 23 November 2013, at 05:38 PM UTC by [Gnome][2][?][2]: Post-upgrade fix rsyslog and cacti
66
+* [NixieSystemSoftware][63] . . . 25 October 2013, at 02:38 AM UTC by [Gnome][2][?][2]: iptables
67
+* [Speedtouch516][64] . . . 21 October 2013, at 12:02 AM UTC by [Gnome][2][?][2]: pptp-to-pppoa
68
+* [DG834GT][65] . . . 11 September 2012, at 08:14 PM GMT by [Gnome][2][?][2]: switch to channel 7 for macbooks
69
+* [SpeedtouchUpgrade][66] . . . 23 April 2012, at 01:17 PM GMT by [Gnome][2][?][2]: Format 716 reset attribution
70
+* [IPv6][67] . . . 10 April 2012, at 08:26 PM GMT by [Gnome][2][?][2]: fix Home links
71
+* [Proto41Filtering][68] . . . 16 December 2010, at 04:57 PM GMT by [Gnome][2][?][2]: fix link
72
+* [Home][69][?][69] . . . 16 December 2010, at 01:06 PM GMT by [Gnome][2][?][2]: proto 41 filtering
73
+* [HasturRaidUpgrade][70] . . . 12 November 2010, at 02:17 PM GMT by [Gnome][2][?][2]: ext4 stride and stripe calculator link
74
+* [StorageServer][71] . . . 18 May 2010, at 03:21 PM GMT by [Gnome][2][?][2]: ext4, reformat
75
+* [PPTP][72] . . . 29 January 2010, at 11:17 PM GMT by [Gnome][2][?][2]: troubleshooting links
76
+* [BandwidthManagement][73] . . . 25 January 2010, at 02:14 PM GMT by [Gnome][2][?][2]: qos
77
+* [NixieApplicationSoftware][74] . . . 25 September 2009, at 11:02 AM GMT by [Gnome][2][?][2]:
78
+* [HasturRaidConfiguration][75] . . . 13 September 2009, at 06:56 PM GMT by [Gnome][2][?][2]: update after recovery again
79
+* [HasturRaidRecovery][76] . . . 13 September 2009, at 06:53 PM GMT by [Gnome][2][?][2]: force assemble would work but require an array rebuild
80
+* [HasturAtaFailures][77] . . . 10 July 2009, at 10:16 AM GMT by [Gnome][2][?][2]: link HasturRaidRecovery
81
+* [ADSLModem][78] . . . 11 May 2009, at 01:00 PM GMT by [Gnome][2][?][2]: formatting
82
+* [Storageserver][79][?][79] . . . 06 September 2008, at 04:12 PM GMT by [uynowmm][80][?][80]: UjAWMGqPqJqoidel
83
+* [StorageServerActionEdit][81][?][81] . . . 21 March 2008, at 03:28 PM GMT by [zznaoglmsn][82][?][82]: ccLXAQGsZbeEfPmKgwT
84
+* [HTPC][83] . . . 21 May 2007, at 02:46 PM GMT by [Gnome][2][?][2]: moved to HomeTheatre.FrontEnd
85
+* [SAN][84] . . . 16 May 2007, at 04:05 PM GMT by [Gnome][2][?][2]: heh, no IPv6 if it's ATAoE, fool...
86
+* [MediaTranscoder][85] . . . 27 December 2006, at 11:49 AM GMT by [Gnome][2][?][2]: added transcoding options
87
+* [LDAP][86] . . . 30 September 2006, at 07:22 PM GMT by [Gnome][2][?][2]: address book per user
88
+* [Azathoth][87] . . . 12 September 2006, at 11:38 PM GMT by [Gnome][2][?][2]: fix motherboard specs
89
+* [Niggurath][88] . . . 28 April 2006, at 03:16 PM UTC by [Gnome][2][?][2]: enable saslauthd at boot
90
+* [Mail][89] . . . 21 April 2006, at 09:13 PM UTC by [Gnome][2][?][2]: courier-imap depends on perl
91
+* [Security][90] . . . 19 April 2006, at 12:58 AM UTC by [Gnome][2][?][2]: added Two-Factor
92
+
93
+ [1]: RaidArray
94
+ [3]: HasturRaidUpgradePath
95
+ [4]: HasturRaidArray
96
+ [5]: Pixie
97
+ [6]: Canard
98
+ [7]: CanardSystemSoftware
99
+ [8]: CyclopsSystemSoftware
100
+ [9]: WDR3600
101
+ [10]: Power
102
+ [11]: CyclopsApplicationSoftware
103
+ [12]: CyclopsSoftware
104
+ [13]: CanardApplicationSoftware
105
+ [14]: Shochu
106
+ [15]: CyclopsHardware
107
+ [16]: ShochuSystemSoftware
108
+ [17]: ShochuApplicationSoftware
109
+ [18]: LetsEncrypt
110
+ [19]: Network
111
+ [20]: HasturReplacement
112
+ [21]: DNS
113
+ [22]: Cyclops
114
+ [23]: Hastur
115
+ [24]: HasturHardware
116
+ [25]: VideoSurveillance
117
+ [26]: Yuggoth
118
+ [27]: Upgrade2017
119
+ [28]: Upgrade2016
120
+ [29]: HasturSoftware
121
+ [30]: Monitoring
122
+ [31]: CliMateCM-2
123
+ [32]: UnifiAP
124
+ [33]: SummitX450e
125
+ [34]: HomeAutomation
126
+ [35]: EclipseEco1200
127
+ [36]: VPN
128
+ [37]: WAP4410N
129
+ [38]: Ricoh213W
130
+ [39]: IndoorPositioning
131
+ [40]: MobileRouter
132
+ [41]: Authentication
133
+ [42]: HasturRaidUpgrade2
134
+ [43]: HasturRaidUpgrade3
135
+ [44]: Reboot
136
+ [45]: PerimeterRouter
137
+ [46]: ArchixSystemSoftware
138
+ [47]: WanBonding
139
+ [48]: SNMP
140
+ [49]: AutomationHub
141
+ [50]: ArchixApplicationSoftware
142
+ [52]: Archix
143
+ [53]: Nixie
144
+ [54]: PLA5205
145
+ [55]: GS108
146
+ [56]: WRT54GL
147
+ [57]: Web
148
+ [58]: GeolocationTunneling
149
+ [59]: LogServer
150
+ [60]: PowerConnect2716
151
+ [61]: DGS-1008D
152
+ [62]: HasturSystemSoftware
153
+ [63]: NixieSystemSoftware
154
+ [64]: Speedtouch516
155
+ [65]: DG834GT
156
+ [66]: SpeedtouchUpgrade
157
+ [67]: IPv6
158
+ [68]: Proto41Filtering
159
+ [70]: HasturRaidUpgrade
160
+ [71]: StorageServer
161
+ [72]: PPTP
162
+ [73]: BandwidthManagement
163
+ [74]: NixieApplicationSoftware
164
+ [75]: HasturRaidConfiguration
165
+ [76]: HasturRaidRecovery
166
+ [77]: HasturAtaFailures
167
+ [78]: ADSLModem
168
+ [83]: HTPC
169
+ [84]: SAN
170
+ [85]: MediaTranscoder
171
+ [86]: LDAP
172
+ [87]: Azathoth
173
+ [88]: Niggurath
174
+ [89]: Mail
175
+ [90]: Security
... ...
\ No newline at end of file
Network/Ricoh213W.md
... ...
@@ -0,0 +1,10 @@
1
+---
2
+title: Ricoh213W
3
+---
4
+
5
+# Configuration
6
+
7
+Default Access Code
8
+: Admin
9
+
10
+Needs native (non-VM) Windows
... ...
\ No newline at end of file
Network/SAN.md
... ...
@@ -0,0 +1,30 @@
1
+---
2
+title: SAN
3
+---
4
+
5
+Storage Area Network implemented as ATA over Ethernet VLAN alongside an [IPv6][1] VLAN
6
+
7
+
8
+
9
+## Features
10
+
11
+* [ATAoE][2][?][2]
12
+* [IPv6][1]
13
+* Jumbo frames
14
+
15
+
16
+
17
+## Requirements
18
+
19
+* Managed Switch
20
+* Jumbo frames capable [NICs][3][?][3]
21
+* 802.1Q (VLAN tagging) capable [NICs][3][?][3]
22
+
23
+
24
+
25
+## Links
26
+
27
+[Dell 2716][4] gigabit web-managed 16-port switch
28
+
29
+ [1]: IPv6
30
+ [4]: http://configure.euro.dell.com/dellstore/config.aspx?c=uk&cs=ukbsdt1&kc=305&l=en&oc=PC042716&s=bsd&sbc=pwcnt_2716
... ...
\ No newline at end of file
Network/SNMP.md
... ...
@@ -0,0 +1,47 @@
1
+---
2
+title: SNMP
3
+---
4
+
5
+# Daemons
6
+
7
+## [OpenWRT][1][?][1]
8
+
9
+* mini-snmpd ([OpenWrt][2][?][2] 8.09.2)
10
+
11
+
12
+
13
+## [AppleTV][3]
14
+
15
+* <http://net-snmp.darwinports.com/>
16
+
17
+
18
+
19
+# Front ends
20
+
21
+## Cacti
22
+
23
+### Add ping6 graph
24
+
25
+* New Graphs
26
+ 1. Graph Template Based
27
+ 2. Unix - Ping latency
28
+ 3. Create
29
+* RRD file will be created when data comes in
30
+
31
+
32
+
33
+## Observium
34
+
35
+* Trial it
36
+
37
+
38
+
39
+##
40
+
41
+# Log
42
+
43
+#### 2011-06-14
44
+
45
+* Changed entanet peer to 188.39.1.29
46
+
47
+ [3]: /AppleTV/AppleTV
... ...
\ No newline at end of file
Network/Security.md
... ...
@@ -0,0 +1,49 @@
1
+---
2
+title: Security
3
+---
4
+
5
+What measures?
6
+
7
+Two-factor for all shell access to network systems.
8
+
9
+* Easy to implement for SSH
10
+
11
+Mail submission?
12
+
13
+* SMTP-AUTH - TLS
14
+
15
+Alternatively no remote access to [POP3][1][?][1]
16
+Access from VPN. Or SSH tunnel.
17
+
18
+Initially remote access with TLS and 1-factor auth.
19
+Close off and separate IMAP/POP server once VPN in place.
20
+
21
+
22
+
23
+## Authentication
24
+
25
+* Create a local CA
26
+
27
+or try: <http://www.cacert.org/>
28
+
29
+* Create certs for use by Postfix, Dovecot, [SquirrelMail][2][?][2]
30
+
31
+**Can the same CA cert be used to sign all service certs?**
32
+
33
+Should do. domain should only need to match exactly for the service certs. The CA cert can probably be "phase1". Otherwise how would verisign etc use a single signing cert for the millions of other
34
+
35
+**Can a single server be used for mail & https authentication?**
36
+
37
+SASL can probably be configured to delegate to a single server
38
+<http://www.openinput.com/auth-howto/>
39
+
40
+
41
+
42
+### Two-Factor Auth
43
+
44
+* Smart Token
45
+
46
+<http://www.aladdin.com>
47
+Suitable for system login and SSL?
48
+Requires client software?
49
+
Network/Shochu.md
... ...
@@ -0,0 +1,239 @@
1
+---
2
+title: Shochu
3
+---
4
+
5
+Implements
6
+: [Netbook][1]
7
+
8
+Replaces
9
+: [Archix][2]
10
+
11
+Hardware Info
12
+: [us.toshiba.com][3]
13
+
14
+
15
+
16
+# Contents
17
+
18
+* [System Software][4]
19
+* [Application Software][5]
20
+
21
+
22
+
23
+# Specs
24
+
25
+Make
26
+: Toshiba
27
+
28
+Model
29
+: [CB35][6][?][6]-C3300
30
+
31
+CPU
32
+: Intel Celeron 3215U
33
+
34
+RAM
35
+: 4GB
36
+
37
+SSD
38
+: 16GB M.2 NGFF SSD 42mm
39
+
40
+Storage
41
+: microSD
42
+
43
+Screen
44
+: 13.3" 1080p
45
+
46
+PSU
47
+: 19V, 2.37A
48
+
49
+Battery
50
+: 5208U-1BRS
51
+
52
+Price
53
+: 297 (imported from US)
54
+
55
+Purchased
56
+: 2016-01-07 from [Amazon.com][7]
57
+
58
+Delivered
59
+: 2016-01-16
60
+
61
+
62
+
63
+# Linux Notes
64
+
65
+* <http://www.fascinatingcaptain.com/blog/theres-a-new-toshiba-chromebook-2-in-town/>
66
+
67
+
68
+
69
+# [GalliumOS][8][?][8] install
70
+
71
+## Prep
72
+
73
+* Developer Mode
74
+
75
+## [SeaBIOS][9][?][9]
76
+
77
+* Flashed Legacy bios from johnlewis.ie
78
+
79
+## Install
80
+
81
+* install via chrx
82
+
83
+
84
+
85
+## No wifi adapter
86
+
87
+Missing linux-firmware.
88
+
89
+sudo apt-get install linux-firmware
90
+
91
+[[$[Get Code]]][10]
92
+
93
+FIXED.
94
+
95
+
96
+
97
+## Can't execute time-admin or users-admin
98
+
99
+ (time-admin:2512): Liboobs-WARNING **: There was an unknown error communicating asynchronously with the backends: Failed to execute program org.freedesktop.SystemToolsBackends.TimeConfig: Permission denied
100
+ (time-admin:2512): Liboobs-WARNING **: There was an unknown error communicating asynchronously with the backends: Failed to execute program org.freedesktop.SystemToolsBackends.NTPConfig: Success
101
+
102
+ (time-admin:2512): Liboobs-WARNING **: There was an unknown error communicating asynchronously with the backends: Failed to execute program org.freedesktop.SystemToolsBackends.ServicesConfig: Success
103
+
104
+
105
+
106
+`messagebus` user is assigned dynamically. In the process of debugging the wifi issue, packages were downgraded but dbus permissions weren't corrected.
107
+
108
+`/usr/lib/dbus-1.0/dbus-daemon-launch-helper`
109
+
110
+chrx@chrx:/$ ls -l /usr/lib/dbus-1.0/dbus-daemon-launch-helper
111
+-rwsr-xr-- 1 root 201 302704 Mar 31  2015 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
112
+# wrong group permissions! non-existent group 201
113
+# correct group
114
+sudo chgrp messagebus /usr/lib/dbus-1.0/dbus-daemon-launch-helper
115
+# reapply SUID
116
+sudo chmod 04754 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
117
+
118
+[[$[Get Code]]][11]
119
+
120
+
121
+
122
+# Hardware
123
+
124
+## SSD Upgrade
125
+
126
+[MyDigitalSSD][12][?][12]
127
+: [TheSSDReview][13], [AnandTech][14]
128
+
129
+Kingmax
130
+: [TheSSDReview][15]
131
+
132
+Adata
133
+: [TheSSDReview][16]
134
+
135
+
136
+
137
+| Make | Model | Price | Capacity | Read/Write | R-Seq | W-Seq | R-512 | W-512 | R-4k | W-4k | R-4k-q32 | W-4k-q32 | AVG | Features | Warranty | Power Idle/Active |
138
+|:------------------------- | ---------------------------------------- | ----- | -------- | ---------- | ----- | ----- | ----- | ----- | ---- | ---- | -------- | -------- | ------- | -------------------------------------- | -------- | ----------------- |
139
+| [MyDigitalSSD][12][?][12] | [MDM242][17][?][17]-[SC2][18][?][18]-128 | 52.20 | 128 | 530/430 | 531 | 185 | 319 | 155 | 39 | 76 | 139 | 104 | 193.5 | SMART, [ECC24][19][?][19], SPO | 3y | 0.5/0.9 |
140
+| ZTE |   |   | 128 | 550/490 |   |   |   |   |   |   |   |   |   | TRIM, SMART | 3y |   |
141
+| Adata | [ASP600NS34][20][?][20]-128GM-C | 59.99 | 128 | 550/320 | 465 | 144 |   |   | 31 | 94 | 279 | 144 | 192.83 | SMART, TRIM, [ECC72][21][?][21], SLEEP | 3y |   |
142
+| Transcend |   | 55.49 | 128 | 550/460 | 491 | 296 | 222 | 66 | 12 | 48 | 222 | 66 | 177.875 | SMART, TRIM, SLEEP, NCQ, ECC, SPO | 3y |   |
143
+| Adata | [ASP900NS34][22][?][22]-128GM-C | ?? | 128 | 550/530 | 469 | 266 |   |   | 19 | 79 | 100 | 231 | 194 |   |   | 4.7/0.6 |
144
+
145
+
146
+
147
+# Replacement
148
+
149
+Doused in water on 29 June 2018. Laptop is working but charging circuit seems to be fried.
150
+
151
+
152
+
153
+Purchased
154
+: Dell XPS 13 9370, i7-8550, 16GB RAM, 512GB [NVMe][23][?][23] refurb for £1186
155
+
156
+Delivery
157
+: 2018-07-10
158
+
159
+
160
+
161
+## Options
162
+
163
+| Make | Model | Price | CPU | RAM | SSD | Notes |
164
+|:--------- | ------------- | ----------- | ------- | ---- | ----------------------- | ----- |
165
+| Google | Pixelbook | 1000? |   |   |   |   |
166
+| Dell | XPS 13 9370 | 1198 | i7-8550 | 8GB | 256GB |   |
167
+| Dell | XPS 13 9370 | 1398 | i7-8550 | 16GB | 512GB |   |
168
+| Razer | Blade Stealth | [£1500][24] | i7-8550 | 16GB | 256GB [NVMe][23][?][23] |   |
169
+| Lenovo | Thinkpad L380 | [£780][25] | i5-8250 | 8GB | 256GB [NVMe][23][?][23] |   |
170
+| Entroware | Apollo 2018 | 870 | i5-8250 | 16GB | 250GB | US kb |
171
+| Tuxedo | Infinity Book | 864 | i5-8250 | 16GB | 250GB |   |
172
+| Juno | Jupiter | 734 | i5-8250 | 16GB | sata 128GB |   |
173
+| PCS | Lafité 3 | 700 | i5-8250 | 16GB | 256GB |   |
174
+| KDE | Slimbook 2 | 884 | i5-7200 | 16GB | nvme? 256GB |   |
175
+|   |   |   |   |   |   |   |
176
+
177
+
178
+
179
+## Setup
180
+
181
+Hostname
182
+:
183
+
184
+Make
185
+: Dell
186
+
187
+Model
188
+: [XPS13][26][?][26] 9370
189
+
190
+Screen
191
+: 13.3" 1080p
192
+
193
+CPU
194
+: i7-8550 @ 1.8GHz Kabylake
195
+
196
+RAM
197
+: 16GB [LPDDR3][27][?][27] 2133MHz
198
+
199
+Storage
200
+: 512GB [NVMe][23][?][23] (28IS101YT3ZQ)
201
+
202
+Graphics
203
+:
204
+
205
+
206
+
207
+## System Software
208
+
209
+<https://gist.github.com/mattiaslundberg/8620837>
210
+
211
+
212
+
213
+### Disk
214
+
215
+* 650MB EFI
216
+* 250MB boot
217
+* + root
218
+
219
+
220
+
221
+cryptsetup -c aes-xts-plain64 -y --key-size 512 -y --use-random luksFormat /dev/nvme0n1p3
222
+
223
+[[$[Get Code]]][28]
224
+
225
+ [1]: /Tech/Netbook
226
+ [2]: Archix
227
+ [3]: http://us.toshiba.com/computers/laptops/chromebook/cb30-2/CB35-C3300
228
+ [4]: ShochuSystemSoftware
229
+ [5]: ShochuApplicationSoftware
230
+ [7]: http://www.amazon.com/dp/B015806LMM/ref=twister_B0161X7SN6?_encoding=UTF8&psc=1
231
+ [10]: Shochu?action=sourceblock&num=1
232
+ [11]: Shochu?action=sourceblock&num=2
233
+ [13]: http://www.thessdreview.com/our-reviews/mydigitalssd-super-cache-2-128gb-m-2-sata-6g-ssd-review/
234
+ [14]: http://www.anandtech.com/show/8543/upgrading-the-ssd-in-a-chromebook/7
235
+ [15]: http://www.thessdreview.com/our-reviews/kingmax-m-2-2242-sata-ssd-review-128gb/
236
+ [16]: http://www.thessdreview.com/daily-news/latest-buzz/adata-announces-sp600ns34-m-2-2242-sata-6gbs-ssd-for-ultrabooks-and-desktop-pcs/
237
+ [24]: https://www.amazon.co.uk/dp/B077TF21PX
238
+ [25]: https://www.laptopsdirect.co.uk/lenovo-thinkpad-l380-g2-core-i5-8250u-8gb-256gb-ssd-13.3-inch-windows-10-pr-20m50013uk/version.asp
239
+ [28]: Shochu?action=sourceblock&num=3
... ...
\ No newline at end of file
Network/ShochuApplicationSoftware.md
... ...
@@ -0,0 +1,32 @@
1
+---
2
+title: ShochuApplicationSoftware
3
+---
4
+
5
+# Screensaver
6
+
7
+Replace `xscreensaver` with `i3lock`
8
+
9
+[XFCE4][1][?][1] uses `/usr/bin/xflock4` to select the screensaver. Uninstall `xscreensaver` so we can override it.
10
+
11
+
12
+
13
+# Remove xscreensaver
14
+sudo dpkg -r --force-depends xscreensaver
15
+
16
+[[$[Get Code]]][2]
17
+
18
+Create `/usr/bin/xscreensaver-command`. Prevent a user running it more than once:
19
+
20
+#!/bin/sh
21
+LOCKER=i3lock
22
+ARGS="-c 103010"
23
+
24
+if ! pgrep -u $USER "$LOCKER|$0"
25
+then
26
+    $LOCKER $ARGS
27
+fi
28
+
29
+[[$[Get Code]]][3]
30
+
31
+ [2]: ShochuApplicationSoftware?action=sourceblock&num=1
32
+ [3]: ShochuApplicationSoftware?action=sourceblock&num=2
... ...
\ No newline at end of file
Network/ShochuSystemSoftware.md
... ...
@@ -0,0 +1,256 @@
1
+---
2
+title: ShochuSystemSoftware
3
+---
4
+
5
+[[_TOC_]]
6
+
7
+# Permissions
8
+
9
+## Sudoers
10
+
11
+Disable per-tty authentication:
12
+
13
+`/etc/sudoers.d/no-tty-tickets`:
14
+ Defaults !tty_tickets
15
+
16
+
17
+
18
+
19
+# Storage
20
+
21
+## Partitioning
22
+
23
+cgpt add -i 1 -b 8671232 -s 6156288 /dev/sda
24
+# force check, ignore size/corruption warnings
25
+e2fsck /dev/sda1
26
+# resize to partition limit
27
+resize2fs /dev/sda1
28
+# new partition  ("-i 13" is optional)
29
+cgpt add -i 13 -b 14827520 -s 224690176 -t rootfs  /dev/sda
30
+
31
+[[$[Get Code]]][19]
32
+
33
+New layout:
34
+
35
+ 64 16384 11 ChromeOS firmware
36
+ 16450 1 9 ChromeOS reserved
37
+ 16451 1 10 ChromeOS reserved
38
+ 20480 32768 2 ChromeOS kernel
39
+ 53248 32768 4 ChromeOS kernel
40
+ 86016 32768 8 Linux data
41
+ 249856 32768 12 EFI System Partition
42
+ 282624 4194304 5 ChromeOS rootfs
43
+ 4476928 4194304 3 ChromeOS rootfs
44
+ 8671232 6156288 1 Linux data
45
+ 14827520 224690176 13 ChromeOS rootfs (new root)
46
+ 239517696 32768 6 ChromeOS kernel
47
+ 239550464 10485760 7 ChromeOS rootfs
48
+
49
+
50
+
51
+
52
+## LUKS
53
+
54
+Algorithm benchmarks:
55
+
56
+ chrx@shochu:~$ cryptsetup benchmark
57
+ # Tests are approximate using memory only (no storage IO).
58
+ PBKDF2-sha1 608929 iterations per second
59
+ PBKDF2-sha256 399001 iterations per second
60
+ PBKDF2-sha512 269141 iterations per second
61
+ PBKDF2-ripemd160 362578 iterations per second
62
+ PBKDF2-whirlpool 134157 iterations per second
63
+ # Algorithm | Key | Encryption | Decryption
64
+ aes-cbc 128b 119.0 MiB/s 139.9 MiB/s
65
+ serpent-cbc 128b 46.9 MiB/s 178.5 MiB/s
66
+ twofish-cbc 128b 102.1 MiB/s 144.3 MiB/s
67
+ aes-cbc 256b 93.2 MiB/s 102.1 MiB/s
68
+ serpent-cbc 256b 45.7 MiB/s 178.6 MiB/s
69
+ twofish-cbc 256b 100.5 MiB/s 144.7 MiB/s
70
+ aes-xts 256b 137.7 MiB/s 136.7 MiB/s
71
+ serpent-xts 256b 172.7 MiB/s 169.0 MiB/s
72
+ twofish-xts 256b 131.1 MiB/s 131.2 MiB/s
73
+ aes-xts 512b 104.4 MiB/s 103.6 MiB/s
74
+ serpent-xts 512b 172.7 MiB/s 169.3 MiB/s
75
+ twofish-xts 512b 130.9 MiB/s 130.9 MiB/s
76
+
77
+
78
+Encrypt:
79
+
80
+cryptsetup -c serpent-xts-plain64 -s 512 luksFormat /dev/sda13
81
+cryptsetup luksOpen --allow-discards /dev/sda13 crypt-root
82
+
83
+[[$[Get Code]]][20]
84
+
85
+Benchmark:
86
+
87
+ root@shochu:/home/chrx# bonnie++ -f -d ./tmp -r 512 -s 1600 -n 0 -u root
88
+ Using uid:0, gid:0.
89
+ Writing intelligently...done
90
+ Rewriting...done
91
+ Reading intelligently...done
92
+ start 'em...done...done...done...done...done...
93
+ Version 1.97 ------Sequential Output------ --Sequential Input- --Random-
94
+ Concurrency 1 -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--
95
+ Machine Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP
96
+ shochu 1600M 163279 16 158908 10 +++++ +++ +++++ +++
97
+ Latency 1914ms 2300ms 1653us 4015us
98
+
99
+ 1.97,1.97,shochu,1,1453330209,1600M,,,,163279,16,158908,10,,,+++++,+++,+++++,+++,,,,,,,,,,,,,,,,,,,1914ms,2300ms,,1653us,4015us,,,,,,
100
+
101
+
102
+
103
+
104
+
105
+## [LVM2][21][?][21]
106
+
107
+Enable discards in `/etc/lvm/lvm.conf`:
108
+
109
+ # [...]
110
+ devices {
111
+ # [...]
112
+ issue_discards = 1
113
+ # [...]
114
+ }
115
+ # [...]
116
+
117
+
118
+
119
+
120
+pvcreate /dev/mapper/crypt-root
121
+vgcreate vg-root /dev/mapper/crypt-root
122
+vgchange -a y vg-root
123
+# don't zero
124
+lvcreate -Zn -n root -L1g vg-root
125
+lvcreate -Zn -n usr -L25G vg-root
126
+lvcreate -Zn -n var -L5g vg-root
127
+lvcreate -Zn -n tmp -L1.5g vg-root
128
+lvcreate -Zn -n home -l100%FREE vg-root
129
+
130
+[[$[Get Code]]][22]
131
+
132
+Resultant [LVs][23][?][23]:
133
+
134
+ LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
135
+ home vg-root -wi-a----- 74.64g
136
+ root vg-root -wi-a----- 1.00g
137
+ tmp vg-root -wi-a----- 1.50g
138
+ usr vg-root -wi-a----- 25.00g
139
+ var vg-root -wi-a----- 5.00g
140
+
141
+
142
+
143
+
144
+## Ext4
145
+
146
+for i in tmp usr var home ; do mkfs.ext4 -m /dev/vg-root/$i ; done
147
+cd /mnt
148
+for i in root tmp usr var ; do mkdir "$i" && mount /dev/vg-root/$i "./$i"; done
149
+for i in tmp usr var ; do cp -a /$i/* $i/ ; done
150
+tar cvf /mnt/usr/root.tar --one-file-system  /
151
+cd /mnt/root
152
+tar xvf ../usr/root.tar  --exclude=usr --exclude=var
153
+
154
+[[$[Get Code]]][24]
155
+
156
+
157
+
158
+## fstab
159
+
160
+ /dev/mapper/vg--root-root / ext4 defaults,discard,relatime 1 1
161
+ /dev/mapper/vg--root-usr /usr ext4 defaults,discard,relatime 0 2
162
+ /dev/mapper/vg--root-var /var ext4 defaults,discard,relatime 0 2
163
+ /dev/mapper/vg--root-tmp /tmp ext4 defaults,discard,relatime 0 2
164
+ /dev/mapper/vg--root-home /home ext4 defaults,discard,relatime 0 2
165
+
166
+
167
+
168
+
169
+## Trim support
170
+
171
+* <http://blog.neutrino.es/2013/howto-properly-activate-trim-for-your-ssd-on-linux-fstrim-lvm-and-dmcrypt/>
172
+
173
+
174
+
175
+# Keyboard
176
+
177
+Search key is Overlay1_Enable.
178
+
179
+<http://unix.stackexchange.com/questions/39547/dead-compose-keys-not-working-in-gtk-apps-since-upgrade>
180
+
181
+Other keys:
182
+
183
+| Keys | Symbol |
184
+|:------------------------------------- | ----------------------- |
185
+| Search + [ | Keyboard backlight down |
186
+| Search + ] | Keyboard backlight up |
187
+| Search + Alt | Caps Lock |
188
+| Search + Backspace | Delete |
189
+| Search + <[AB09][25][?][25]> (. or v) | Insert |
190
+| Search + Left | Home |
191
+| Search + Right | End |
192
+| Search + Up | [PgUp][26][?][26] |
193
+| Search + Down | [PgDn][27][?][27] |
194
+
195
+
196
+
197
+## Compose Key
198
+
199
+* Not working in Xubuntu by default since 14.04. Need ibus (and ibus-gtk?) installed.
200
+
201
+Run as part of the session:
202
+
203
+ ibus-daemon --xim -d
204
+
205
+
206
+
207
+
208
+# Shochu Reinstallation
209
+
210
+Using [GalliumOS][28][?][28] 2.1
211
+
212
+
213
+
214
+## Partitioning
215
+
216
+ Partition Table: msdos
217
+ Disk Flags:
218
+
219
+ Number Start End Size Type File system Flags
220
+ 1 1048576B 511705087B 510656512B primary ext2 boot
221
+ 2 512752640B 128035323903B 127522571264B extended
222
+ 5 512753664B 128035323903B 127522570240B logical
223
+
224
+
225
+
226
+
227
+## LUKS
228
+
229
+aes-xts-plain64 sha256
230
+
231
+
232
+
233
+## LVM
234
+
235
+ LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
236
+ home galliumos-vg -wi-a----- 50.00g
237
+ root galliumos-vg -wi-a----- 10.00g
238
+ usr galliumos-vg -wi-a----- 30.00g
239
+
240
+
241
+
242
+
243
+# Bluetooth
244
+
245
+## Microsoft Mouse 3600
246
+
247
+Doesn't pair by default needs "GATT" bluetoothd experimental feature. Enable it and restart bluetooth.
248
+
249
+`/etc/default/bluetooth`:
250
+
251
+ NOPLUGIN_OPTION="-E"
252
+
253
+ [19]: ShochuSystemSoftware?action=sourceblock&num=1
254
+ [20]: ShochuSystemSoftware?action=sourceblock&num=2
255
+ [22]: ShochuSystemSoftware?action=sourceblock&num=3
256
+ [24]: ShochuSystemSoftware?action=sourceblock&num=4
Network/Speedtouch516.md
... ...
@@ -0,0 +1,53 @@
1
+---
2
+title: Speedtouch516
3
+---
4
+
5
+# Description
6
+
7
+* [ADSL2][1][?][1]+ gateway
8
+* Single port 100Mbit ethernet
9
+* Bridged to router
10
+
11
+
12
+
13
+Software Version
14
+: 7.4.4.7
15
+
16
+
17
+
18
+# Upgrading
19
+
20
+[Network.SpeedtouchUpgrade][2]
21
+
22
+
23
+
24
+# PPTP-to-[PPPoA][3][?][3] Bridge
25
+
26
+<http://tjworld.net/wiki/Howto/SpeedtouchPptpBridge>
27
+
28
+Transparently bridge the Speedtouch between [PPtP][4][?][4] and [PPPoA][3][?][3]. Allows a router (like the [WRT54GL][5]) to login using PPTP, forwarded by the [ST516][6][?][6] to [PPPoA][3][?][3].
29
+
30
+
31
+
32
+# Log
33
+
34
+#### 2008-02-20
35
+
36
+* Upgraded firmware to 7.417
37
+
38
+#### 2009-05-10
39
+
40
+* Upgraded firmware to 7.447
41
+* Reverted firmware to 7.417
42
+
43
+#### 2009-06-04
44
+
45
+* Switched eth ip to 192.168.2.0/24 subnet
46
+
47
+#### 2009-08-18
48
+
49
+* Dumped stats following internet reconnection
50
+* Switched eth ip to 192.168.2.0/24 again?
51
+
52
+ [2]: SpeedtouchUpgrade
53
+ [5]: WRT54GL
Network/SpeedtouchUpgrade.md
... ...
@@ -0,0 +1,173 @@
1
+---
2
+title: SpeedtouchUpgrade
3
+---
4
+
5
+# HOWTO update a Thomson Speedtouch router firmware in Linux
6
+
7
+## Overview
8
+
9
+Thomson's series of DSL ethernet routers and modems (not USB modems) ship with a firmware updater for windows.
10
+
11
+These instructions are for a Thomson 516v6 ADSL single-port ethernet router purchased in the UK in February 2008. The method should be identical for other Speedtouch 5xx routers.
12
+
13
+The updater is really just a bootp, tftp and dhcp server application. This is easily duplicated in Linux.
14
+
15
+The instructions for installing packages are Debian/Ubuntu specific. I expect most general-purpose distros to have the required packages.
16
+
17
+Vim is my text editor, substitute yours in the following instructions.
18
+
19
+
20
+
21
+[[_TOC_]]
22
+
23
+## Initial Setup
24
+
25
+Connect your Speedtouch router and your host machine to your network.
26
+
27
+Configure your host machine with a static IP address.
28
+
29
+Make sure you can ping the router from your host machine.
30
+
31
+Open a terminal.
32
+
33
+
34
+
35
+## Get Thomson MAC address
36
+
37
+` arping 192.168.1.254 `
38
+
39
+Output should show MAC address.
40
+
41
+Note: 192.168.1.254 is one of the two IP addresses the router is configured with by default. The other is 10.0.0.138.
42
+
43
+
44
+
45
+## Install bootp and tftpd
46
+
47
+` sudo apt-get install bootp tftpd-hpa `
48
+
49
+
50
+
51
+## Configure tftpd
52
+
53
+` sudo vim /etc/default/tftpd-hpa `
54
+
55
+
56
+
57
+ RUN_DAEMON="yes"
58
+ OPTIONS="-l -s /var/lib/tftpboot"
59
+
60
+
61
+| -l | run in standalone (listen mode), rather than from inetd |
62
+||
63
+| -s | change root directory on startup |
64
+
65
+
66
+
67
+## Download Thomson firmware
68
+
69
+I had to hunt around a bit until I found some up to date firmware.
70
+
71
+
72
+
73
+* <http://www.speedtouchforum.de/viewtopic.php?t=1089>
74
+* <http://www.speedtouchforum.de/Daten/FW/5x6iv6/7.4/ZZQ2AA7.417.zip>
75
+* <http://mirror.opensourcehub.com/pub/speedtouch/>
76
+* [http://www.al-jammaz.com/spt.asp?newsID=1&ID=2&menu\_ID=5&order\_ID=4&pageDID=1][13]
77
+
78
+ wget http://www.speedtouchforum.de/Daten/FW/5x6iv6/7.4/ZZQ2AA7.417.zip
79
+ unzip ZZQ2AA7.417.zip
80
+ sudo cp ZZQ2AA7.417.bli /var/lib/tftpboot/
81
+
82
+
83
+This firmware is v7.4.1.7 (international). It includes a UI configuration option for putting the router in bridge mode.
84
+
85
+
86
+
87
+## Configure bootp
88
+
89
+` sudo vim /etc/bootptab `
90
+
91
+Configuration is a series of colon-separated key=value pairs
92
+
93
+
94
+
95
+### Example
96
+
97
+ thomson:ip=192.168.1.254:ha=$MACADDR:td=/var/lib/tftpboot:hd=/:bf=ZZQ2AA7.417.bli:
98
+
99
+
100
+| ip | IP address of the router |
101
+||
102
+| ha | MAC address of the router. $MACADDR should be replaced with the Speedtouch MAC address formatted as a string of hex digits. e.g. 00112233445566 |
103
+| td | TFTP directory. The value of the "td" option must match the value of the "-s" option from /etc/default/tftpd-hpa. |
104
+| hd | Path under "td" where bootfiles are found |
105
+| bf | Router firmware filename |
106
+
107
+
108
+
109
+### Ubuntu >= 11.10 Example
110
+
111
+In later versions of tftpd (as of Ubuntu 11.10 at least), the *td* option is now relative to the tftpd default directory (/var/lib/tftpboot). So leave out the td= option altogether. Thanks to Matthew Marks for the report.
112
+
113
+Example:
114
+
115
+ thomson:ip=192.168.1.254:ha=$MACADDR:hd=/:bf=ZZQ2AA7.417.bli:
116
+
117
+
118
+
119
+
120
+## Start bootp
121
+
122
+Start bootpd as root with debugging enabled:
123
+
124
+ sudo bootpd -d4
125
+
126
+
127
+Yes, I'm starting bootpd on the console, not as a daemon. It's easier to see debug output this way.
128
+
129
+
130
+
131
+## Upgrade the firmware
132
+
133
+* Turn off the Speedtouch
134
+* Hold down Reset and turn it on
135
+* Continue holding for at least 10 seconds (or until the Power LED flashes red-green repeatedly and the Ethernet LED flashes green).
136
+
137
+Output from bootpd should look something like:
138
+
139
+ bootpd: info(6): bootptab mtime: Wed Feb 20 14:46:57 2008
140
+ bootpd: info(6): reading "/etc/bootptab"
141
+ bootpd: info(6): read 1 entries (1 hosts) from "/etc/bootptab"
142
+ bootpd: info(6): recvd pkt from IP addr 0.0.0.0
143
+ bootpd: info(6): bootptab mtime: Wed Feb 20 14:46:57 2008
144
+ bootpd: info(6): request from Ethernet address 00:14:7F:11:3E:01
145
+ bootpd: info(6): found 192.168.1.254 (thomson)
146
+ bootpd: info(6): requested path="" file="BANT-V"
147
+ bootpd: info(6): bootfile="//ZZQ2AA7.417.bli"
148
+ bootpd: info(6): vendor magic field is xx.xx.xx.xx
149
+ bootpd: info(6): sending reply (with RFC1048 options)
150
+
151
+
152
+If all goes well after about a minute you should be able to log into the router again with the new firmware.
153
+
154
+
155
+
156
+## Speedtouch 716 Addendum
157
+
158
+Courtesy of Matthew Marks:
159
+
160
+When resetting the Speedtouch716:
161
+
162
+* Turn off the Speedtouch
163
+* Hold down Reset and turn it on
164
+* Continue holding until the Power LED turns orange.
165
+
166
+
167
+
168
+# Links
169
+
170
+* Be User Group [BeBox Upgrade Procedure][14]
171
+
172
+ [13]: http://www.al-jammaz.com/spt.asp?newsID=1&ID=2&menu_ID=5&order_ID=4&pageDID=1
173
+ [14]: http://beusergroup.co.uk/technotes/index.php/Modem_Firmware
... ...
\ No newline at end of file
Network/StorageServer.md
... ...
@@ -0,0 +1,276 @@
1
+---
2
+title: StorageServer
3
+---
4
+
5
+[[_TOC_]]
6
+
7
+# Requirements
8
+
9
+* [ACLs][21][?][21]
10
+* Fault-tolerant RAID
11
+* 3+ Terabyte capacity
12
+* Data encryption
13
+* Data partitioning
14
+* User quotas
15
+
16
+
17
+
18
+## Secondary Requirements
19
+
20
+### Backup
21
+
22
+* <http://backuppc.sourceforge.net/index.html>
23
+
24
+
25
+
26
+* * *
27
+
28
+# Configuration
29
+
30
+* 4-8 Disk [RAID6][22][?][22]
31
+ * dmcrypt
32
+ * LVM
33
+
34
+Linux >2.6.17 can resize [RAID5][23][?][23]
35
+
36
+
37
+
38
+# Data Partitioning
39
+
40
+* Inherits [MediaCentre.BackEnd][24] requirements
41
+* User data (/home)
42
+* Backup data (/systems)
43
+* Project data (/src)
44
+* Multimedia data (/media)
45
+* Fast access data ([RAID0][25][?][25])
46
+
47
+
48
+
49
+# Filesystem
50
+
51
+* [ext4 vs XFS][26]
52
+
53
+
54
+
55
+## XFS
56
+
57
+* Very fast
58
+* [ACLs][21][?][21]
59
+* Not-resizeable
60
+
61
+Both XFS and JFS are good candidates.
62
+
63
+Benchmarking from 2004: <http://linuxgazette.net/102/piszcz.html>
64
+
65
+"XFS is only safe when you have:
66
+
67
+
68
+
69
+ a) no write caching on the drive (barrier or nobarrier)
70
+ b) non-volatile write caching on the drive (barrier or nobarrier)
71
+ c) volatile write caching and barriers supported and enabled
72
+
73
+
74
+The same conditions hold true for any filesystem that requires I/O ordering guarantees to maintain filesystem consistency..." - [SGI Archive][27]
75
+
76
+[Opinions on XFS vs JFS][28]
77
+
78
+XFS important options:
79
+
80
+ * mkfs.xfs -l size=128m (seems to be the default)
81
+ * nobarrier?
82
+ * noatime
83
+ * block size <= page size (Linux limit) (4k on x86_64)
84
+
85
+
86
+
87
+
88
+### RAID 5 tuning
89
+
90
+* [Don't specify su or sw][29], mkfs.xfs does the right thing.
91
+ * ONLY on LVM or dmraid devices. For dmcrypt or HW raid they need to be specified manually.
92
+* <http://www.eecs.harvard.edu/~stein/PAPERS/hotosx-html/>
93
+
94
+
95
+
96
+ sunit = DM chunk size
97
+ swidth = sunit × (N-1)
98
+ N = disks in RAID 5 array
99
+
100
+
101
+
102
+
103
+## [EXT4][30][?][30]
104
+
105
+* Resizeable
106
+* [ACLs][21][?][21]
107
+* Comparable performance to XFS, better metadata performance
108
+* Clear upgrade path to btrfs. (btrfs_convert)
109
+
110
+
111
+
112
+* * *
113
+
114
+# Hardware
115
+
116
+CPU Power
117
+
118
+* Buffalo [TeraStation][31][?][31] uses Freescale [MPC8241][32][?][32] PPC @ 266MHz, 128MB RAM
119
+ * [TeraStation][31][?][31] has Realtek 8110 ethernet, not Jumbo clean
120
+
121
+
122
+
123
+## Commercial NAS
124
+
125
+| **Model** | **Bays** | **Price** | **Link** |
126
+||
127
+| Buffalo Terastation Pro | 4 | ~700 |   |
128
+| Synology 407e | 4 | £380 |   |
129
+| Infrant [ReadyNAS][33][?][33] NV+ | 4 | £500 |   |
130
+| D-Link DNS-323 | 2 | £150 | [froogle][34] |
131
+
132
+
133
+
134
+## Hardware Raid Adapters
135
+
136
+| **Model** | **Type** | **Ports** | **Price** |
137
+||
138
+| Adaptec 2410SA | SATA | 4 | £220 |
139
+| [HighPoint][35][?][35] [RocketRAID][36][?][36] 1640 | SATA | 4 |   |
140
+| ICP Vortex 8546RZ | SATA | 4 |   |
141
+| LSI [MegaRAID][37][?][37] 150-4 | SATA | 4 |   |
142
+
143
+
144
+
145
+## Software Raid Adapters
146
+
147
+| **Model** | **Type** | **Ports** | **Price** |
148
+||
149
+| Adaptec 1430SA | PCI-E | 4 | £62 |
150
+| Promise [SATA300][38][?][38] [TX4][39][?][39] | PCI-66 | 4 | £55 |
151
+| Promise [SATA300][38][?][38] [TX4302][40][?][40] | PCI-66 | 2, 2e | £55 |
152
+
153
+[http://www.span.com/catalog/product\_info.php?products\_id=5090&source=gbaseuk&currency=GBP][41]
154
+
155
+
156
+
157
+## eSATA adapters
158
+
159
+* [Tempo-X eSATA 8 ~£210][42]
160
+* [4xSATA to Multilane £13][43]
161
+* [Multilane to 4xSATA £13][44]
162
+
163
+
164
+
165
+## Disk Enclosures
166
+
167
+* [Span 8-bay iSCSI: £336][45]
168
+* [Span 8-bay eSATA: £100][46]
169
+* [1U 4-bay generic: Eclipse £77][47]
170
+* [SeriTek 1EN2 £105][48] - hotswap
171
+* [Highpoint X4][49] - 4-bay Multilane
172
+* [CF-10 series][50]
173
+
174
+
175
+
176
+## Hard Disks
177
+
178
+* [http://tomshardware.co.uk/2007/05/15/the\_spring\_hard\_drive\_guide_uk/][51]
179
+
180
+Maxtor: 250=6.5, 320=6.8
181
+WD: 320=5.9, 400=4.8, 500=6.4
182
+Seagate: 400=5.47, 500=6.7 ([ST3500641AS][52][?][52]), 500=5.95
183
+*
184
+
185
+| **Model** | **Buffer** | **Capacity** | **Price** | **Warranty** |
186
+||
187
+| [Samsung HD501LJ][53] | 16 | 500 | 69 (Scan) | 3 |
188
+| [WD5000KS][54] | 16 | 500 | 80 (Misco) | 3 |
189
+| [Seagate 7200.10 ST3500630AS][55] | 16 | 500 | OEM 87, Dabs 77 | 5 non-OEM |
190
+
191
+
192
+
193
+* * *
194
+
195
+# Notes
196
+
197
+* For connecting disk enclosures to external controller
198
+ * eSATA (one per SATA channel)
199
+ * Infiniband (one per 4 SATA channels)
200
+
201
+
202
+
203
+* * *
204
+
205
+# SAS, eSATA, ML
206
+
207
+* <http://www.anandtech.com/printarticle.aspx?i=2859> - intro to server storage
208
+
209
+
210
+
211
+## Port Multipliers
212
+
213
+Support from patched 2.6.22
214
+
215
+* <http://home-tj.org/wiki/index.php/Libata-tj-stable> - status
216
+* <http://www.avsforum.com/avs-vb/showthread.php?t=869763>
217
+* [SATA PM vs SATA ML][56]
218
+* <http://www.mail-archive.com/linux-ide@vger.kernel.org/> - Linux-ide mailing list archive
219
+* <http://marc.info/?l=linux-ide&m=118825737704343&w=2> - [SiI3132][57][?][57] is buggy (Limited to 120MB/sec)
220
+* <http://www.amug.org/amug-web/html/amug/reviews/reviews.html> - Loads of reviews of enclosures
221
+* <http://www.amug.org/amug-web/html/amug/reviews/articles/addonics/adsa3gpx8-4em/> - [SiI3124][58][?][58] beats 120MB/sec
222
+
223
+
224
+
225
+* * *
226
+
227
+# RAID
228
+
229
+* Calculator: <http://www.ibeast.com/content/tools/RaidCalc/RaidCalc.asp>
230
+* <http://articles.techrepublic.com.com/5100-6349-1054944.html> - Guide
231
+* <http://www.chemistry.wustl.edu/~gelb/castle_raid.html> - HW vs SW [RAID5][23][?][23]
232
+
233
+* * *
234
+
235
+# Links
236
+
237
+<http://tweakers.net/reviews/557/29> - comparison of 9 SATA hardware raid cards
238
+<http://www.chemistry.wustl.edu/~gelb/castle_raid.html> - software vs hardware raid (Linux)
239
+<http://www.hwb.no/artikkel/15307>
240
+<http://www.smallnetbuilder.com/content/view/27840/77/> - build a cheap and fast raid 5 NAS
241
+<http://www.terastation.org/wiki/Hacking>
242
+<http://www.terastation.org/wiki/Real_NAS>
243
+<http://www.cooldrives.com/eidrrerasaii.html>
244
+<http://www.span.com/> - Storage array cases
245
+[http://tomshardware.co.uk/2007/05/15/the\_spring\_hard\_drive\_guide_uk/][51]
246
+<http://marc.info/?l=linux-raid&m=108225929401354&w=2> - thread on 3TB array
247
+<http://smartmontools.sourceforge.net/> - watching SMART for signs of failure
248
+<http://forums.anandtech.com/messageview.cfm?catid=27&threadid=2047740> - 3-5 TB raid
249
+[http://en.wikipedia.org/wiki/Lustre\_%28file\_system%29][59]
250
+<http://www.gagme.com/greg/linux/raid-lvm.php> - Linux LVM and RAID
251
+[Tom's hardware - entry-level storage components review][60]
252
+<http://www.shimari.com/dm-crypt-on-raid/> - dmcrypt on RAID howto
253
+
254
+ [24]: /MediaCentre/BackEnd
255
+ [26]: http://www.phoronix.com/scan.php?page=article&item=ext4_benchmarks
256
+ [27]: http://oss.sgi.com/archives/xfs/2006-07/msg00174.html
257
+ [28]: http://www.dslreports.com/forum/r18913179-Opinions-on-XFS-vs-JFS
258
+ [29]: http://oss.sgi.com/archives/xfs/2001-11/msg00401.html
259
+ [34]: http://www.google.co.uk/products?q=DNS-323
260
+ [41]: http://www.span.com/catalog/product_info.php?products_id=5090&source=gbaseuk&currency=GBP
261
+ [42]: http://www.barefeats.com/hard45.html
262
+ [43]: http://www.span.com/catalog/product_info.php?products_id=6812
263
+ [44]: http://www.span.com/catalog/product_info.php?products_id=6813
264
+ [45]: http://www.span.com/catalog/product_info.php?cPath=19_1001_1053&products_id=1452
265
+ [46]: http://www.span.com/catalog/product_info.php?cPath=19_1302_1329&products_id=8234
266
+ [47]: http://www.eclipsecomputers.com/product.aspx?code=CN-A1000BK&af=50
267
+ [48]: http://www.tech.co.uk/computing/upgrades-and-peripherals/storage/accessories/review/firmtek-seritek1en2
268
+ [49]: http://www.highpoint-tech.com/USA/x4mac.htm
269
+ [50]: http://www.cfienclosure.com/10_Series.html
270
+ [51]: http://tomshardware.co.uk/2007/05/15/the_spring_hard_drive_guide_uk/
271
+ [53]: http://www.google.co.uk/products?q=HD501LJ
272
+ [54]: http://www.google.co.uk/products?q=WD5000KS
273
+ [55]: http://www.google.co.uk/products?q=ST3500630AS
274
+ [56]: http://searchstorage.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid5_gci1242421,00.html
275
+ [59]: http://en.wikipedia.org/wiki/Lustre_%28file_system%29
276
+ [60]: http://www.tomshardware.co.uk/pci-express-sata-raid-controllers-for-smb-servers-uk,review-1927.html
... ...
\ No newline at end of file
Network/SummitX450e.md
... ...
@@ -0,0 +1,91 @@
1
+---
2
+title: SummitX450e
3
+---
4
+
5
+Make
6
+: Extreme Networks
7
+
8
+Model
9
+: Summit X450e
10
+
11
+Variant
12
+: 24p
13
+
14
+Description
15
+: 24-port gigabit [PoE][1][?][1] managed switch
16
+
17
+Purchased
18
+: 2017-02-10 from eBay for £105
19
+
20
+Serial
21
+: 000496346C1C
22
+
23
+Manuals
24
+: <https://www.manualslib.com/products/Extreme-Networks-Summit-X450e-24p-2256276.html>
25
+
26
+
27
+
28
+# Initial Configuration
29
+
30
+Serial Port
31
+: 9600 8n1
32
+
33
+Login
34
+: admin
35
+
36
+Password
37
+: <none>
38
+
39
+Firmware Version
40
+: 12.3.2 (2009)
41
+
42
+Recommended Version
43
+: EXOS 15.3.5.2-patch1-10
44
+
45
+
46
+
47
+## Show Version
48
+
49
+ > show version
50
+ Switch : 800153-00-05 0742G-80116 Rev 5.0 BootROM: 1.0.2.2 IMG: 12.3.2.
51
+ XGM2-1 : N/A N/A Rev 0.0
52
+
53
+ Image : ExtremeXOS version 12.3.2.5 v1232b5 by release-manager
54
+ on Mon Aug 24 23:34:52 PDT 2009
55
+ BootROM : 1.0.2.2
56
+
57
+
58
+
59
+
60
+# Firmware Upgrade
61
+
62
+Method
63
+: TFTP
64
+
65
+Versions
66
+: 12.3.x -> 12.6.x -> 15.3.x
67
+
68
+Procedure
69
+: [https://gtacknowledge.extremenetworks.com/articles/How\_To/How-to-Use-the-Boot-Rom-Menu-to-Download-and-Install-a-New-Image-to-the-Switch/?q=upgrade&l=en\_US&fs=RelatedArticle][2]
70
+
71
+
72
+
73
+ download image <tftp ip> exosfilename vr vr-mgmt/default
74
+
75
+
76
+
77
+
78
+## IP
79
+
80
+ configure vlan default ipaddress 192.168.x.x 255.255.255.0
81
+
82
+
83
+
84
+
85
+## Downloads
86
+
87
+<https://extremeportal.force.com>
88
+
89
+<http://documentation.extremenetworks.com/release_notes/ExtremeXOS/>
90
+
91
+ [2]: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Use-the-Boot-Rom-Menu-to-Download-and-Install-a-New-Image-to-the-Switch/?q=upgrade&l=en_US&fs=RelatedArticle
... ...
\ No newline at end of file
Network/UnifiAP.md
... ...
@@ -0,0 +1,31 @@
1
+---
2
+title: UnifiAP
3
+---
4
+
5
+Make
6
+: Ubiquiti
7
+
8
+Model
9
+: Unifi AP
10
+
11
+
12
+
13
+# Configuration
14
+
15
+* Install unifi controller software (via apt repo)
16
+* Move mongodb and unifidb to filesystem with 3GB space
17
+* Allow inboundd ports tcp8443 (web interface) and udp3478 (discovery)
18
+
19
+
20
+
21
+## Firewall
22
+
23
+<https://community.ubnt.com/t5/UniFi-Wireless/firewall-ports-to-open-inbound-vs-outbound/m-p/1298790#M111627>
24
+
25
+
26
+
27
+* UDP 3478 is discovery?
28
+* TCP 8080 is HTTP access to the controller. Redirects to 8443
29
+* TCP 8443 is HTTPS access to the controller.
30
+* TCP 8880 is HTTP Guest Portal
31
+* TCP 8843 is HTTPS Guest Portal
... ...
\ No newline at end of file
Network/Upgrade2016.md
... ...
@@ -0,0 +1,62 @@
1
+---
2
+title: Upgrade2016
3
+---
4
+
5
+Network Upgrade
6
+
7
+
8
+
9
+# Planned Features
10
+
11
+* Wifi coverage: -70dBm min wifi coverage throughout
12
+* Server relocation to dedicated room
13
+* Surveillance cameras for driveway
14
+
15
+
16
+
17
+# Server Relocation
18
+
19
+## Server Room
20
+
21
+* Armoury spcae
22
+* Run cables
23
+* Ducting?
24
+* Thermal management?
25
+
26
+
27
+
28
+## Cabinets
29
+
30
+* Servers to Server Room
31
+* Rackmount cabinet
32
+
33
+
34
+
35
+## Hardware
36
+
37
+* [Summit X450 PoE Switch][1]
38
+
39
+
40
+
41
+# Network Coverage
42
+
43
+## Central
44
+
45
+* Cat 6 run from armoury to kitchen loft
46
+* [PoE][2][?][2] AP in long hall ceiling
47
+
48
+
49
+
50
+## West
51
+
52
+* Cat 6 run from armoury to annex hall
53
+* [PoE][2][?][2] AP in annex hall ceiling
54
+
55
+
56
+
57
+## East
58
+
59
+* Cat 6 run from armoury to Long Hall East
60
+* [PoE][2][?][2] AP in long hall ceiling east
61
+
62
+ [1]: SummitX450e
Network/Upgrade2017.md
... ...
@@ -0,0 +1,5 @@
1
+---
2
+title: Upgrade2017
3
+---
4
+
5
+(:redirect Upgrade2016:)
... ...
\ No newline at end of file
Network/VPN.md
... ...
@@ -0,0 +1,49 @@
1
+---
2
+title: VPN
3
+---
4
+
5
+# Inbound Requirements
6
+
7
+* Router with sufficient crypto bandwidth
8
+* Provider allowing multiple connections for [Wan Bonding][1]
9
+
10
+
11
+
12
+# Hardware
13
+
14
+## TL-[WDR7500][2][?][2] / Archer C7
15
+
16
+<http://wiki.openwrt.org/toh/tp-link/tl-wdr7500>
17
+
18
+Has [MiniPCIe][3][?][3] wifi for 802.11a/n/ac. Replace with crypto accelerator
19
+
20
+
21
+
22
+# Outbound Requirements
23
+
24
+* Minimal disruption of Geolocation
25
+* Low performance impact over mobile 3G/4G
26
+* Affordable
27
+* 3 end points
28
+* Crypto algorithms compatible with router crypto acceleration
29
+
30
+
31
+
32
+## [NordVPN][4][?][4]
33
+
34
+* Up to 6 devices
35
+* Only 1 device per-protocol per-server
36
+
37
+
38
+
39
+# Benchmarks
40
+
41
+<http://wiki.openwrt.org/inbox/benchmark.openssl>
42
+
43
+
44
+
45
+# Notes
46
+
47
+<https://wiki.openwrt.org/doc/hardware/cryptographic.hardware.accelerators>
48
+
49
+ [1]: WanBonding
Network/VideoSurveillance.md
... ...
@@ -0,0 +1,67 @@
1
+---
2
+title: VideoSurveillance
3
+---
4
+
5
+# Objectives
6
+
7
+* Video surveillance using multiple streams
8
+
9
+
10
+
11
+# Forums
12
+
13
+* <https://ipcamtalk.com/>
14
+* <https://www.reddit.com/r/homeautomation>
15
+
16
+
17
+
18
+# Hardware
19
+
20
+* [Kodicom 8800][1] clone
21
+
22
+Options:
23
+
24
+* [PoE][2][?][2]
25
+ * <http://shop.panasonic.com/shop/model/BB-HCM735A> (obsolete)
26
+ * Foscam [FI9961][3][?][3] - 1080p dome, fixed view - [£104][4]
27
+ * Hikvision DS-2CD2142 - 1080p dome, fixed - [£101][5]
28
+ * Hikvision DS-2CD2642FWD-I - 1080p bullet, fixed, 30m night vision
29
+ * Dahua [SD29204T][6][?][6]-GN [£150][7]
30
+ * Dahua [IPC-HFW5231E-Z12][8] (or Z5) - bullet varifocal, starlight, long-range IR
31
+
32
+
33
+* Wireless
34
+ * [Foscam FI8905][9]
35
+
36
+Shops:
37
+
38
+* <http://www.securitywarehouse.co.uk/catalog/>
39
+* <http://www.networkwebcams.co.uk/>
40
+
41
+
42
+
43
+# Software
44
+
45
+* [Zoneminder][10]
46
+* [Bluecherry][11]
47
+* <http://tinycammonitor.com/> - Android
48
+* [Kodi Surveillance Room][12] addon
49
+
50
+
51
+
52
+# Connectivity
53
+
54
+* X10
55
+* Zigbee
56
+* Z-Wave
57
+* Wifi
58
+
59
+ [1]: http://www.zoneminder.com/wiki/index.php/Kodicom_8800
60
+ [4]: https://www.amazon.co.uk/gp/product/B01K9XH5EQ/ref=ox_sc_sfl_title_8?ie=UTF8&psc=1&smid=A1SSWVEARNYL0
61
+ [5]: https://www.amazon.co.uk/Hikvision-DS-2CD2142FWD-I-External-Network-Camera/dp/B017C45K2O/ref=pd_sbs_421_2?_encoding=UTF8&psc=1&refRID=EENMQT5PDR0GC00JQRVD
62
+ [7]: http://www.lightinthebox.com/dahua-sd29204t-gn-2-0mp-4x-optical-zoom-ir-ptz-dome-camera-with-poe-30m-ir-distance-micro-sd-card-up-to-128gb_p5696377.html
63
+ [8]: http://www1.dahuasecurity.com/products/ipc-hfw5231e-z12-12371.html
64
+ [9]: https://www.google.co.uk/shopping/product/4633948849143035279?q=Foscam+FI8905W&client=firefox-a&hs=IQi&rls=org.mozilla:en-US:official&bav=on.2,or.r_qf.&bvm=bv.55980276,d.ZG4,pv.xjs.s.en_US.h8TFW1axvL0.O&biw=1086&bih=956&tch=1&ech=1&psi=Pit6Uuy_CIS4hAfvkIC4Bg.1383738174924.3&sa=X&ei=QSt6UsLOO5GthQeAkIDwDA&ved=0CE8Q8wIwAA
65
+ [10]: http://www.zoneminder.com/
66
+ [11]: http://www.bluecherrydvr.com/
67
+ [12]: http://forum.kodi.tv/showthread.php?tid=240768
... ...
\ No newline at end of file
Network/WAP4410N.md
... ...
@@ -0,0 +1,28 @@
1
+---
2
+title: WAP4410N
3
+---
4
+
5
+Make
6
+: Cisco
7
+
8
+Model
9
+: [WAP4410N][1]
10
+
11
+Purchased
12
+: £40 from Phil
13
+
14
+Default Login
15
+: admin/admin
16
+
17
+Firmware Version
18
+: [2.0.7.8][2]
19
+
20
+
21
+
22
+# Setup
23
+
24
+* Connect to network providing DHCP
25
+* Press and hold reset button for 10 seconds
26
+
27
+ [1]: WAP4410N
28
+ [2]: https://software.cisco.com/download/release.html?mdfid=282414137&release=2.0.7.8&softwareid=282463166
... ...
\ No newline at end of file
Network/WDR3600.md
... ...
@@ -0,0 +1,194 @@
1
+---
2
+title: WDR3600
3
+---
4
+
5
+Implements
6
+: [Perimeter Router][1], [Mobile Router][2]
7
+
8
+Hostname
9
+: router0, router1
10
+
11
+Make
12
+: TP-Link
13
+
14
+Model
15
+: [WDR3600][3]
16
+
17
+Hardware Version
18
+: 1.4
19
+
20
+Replaces
21
+: [WRT54GL][4]
22
+
23
+Software
24
+: [OpenWRT][5] [14.07][6], 15.05.1
25
+
26
+Purchased
27
+: 2014-05-02 [£49 from Amazon][7], 2014-05-21 [£47 from eBuyer][8][?][8]
28
+
29
+Arrived
30
+: 2014-05-07, 2014-05-24
31
+
32
+
33
+
34
+[[_TOC_]]
35
+
36
+# [OpenWRT][17][?][17]
37
+
38
+* Blocked by version conflicts
39
+* Needs a new image flashed
40
+
41
+
42
+
43
+ config 'interface' 'wan6'
44
+ option proto '6in4'
45
+ option ip6addr '2001:470:1f08:xxxx::2/64' # the IPv6 tunnel
46
+ option mtu '1424' # the IPv6 tunnel MTU (optional)
47
+ option peeraddr '216.66.80.26' # the IPv4 tunnel endpoint
48
+ option ip6prefix '2001:470:xxxx::/48' # routed prefix (required!)
49
+ ## configuration options below are only valid for HEnet tunnels. ignore them
50
+ ## for other tunnel providers.
51
+ option tunnelid '123456' # HE.net tunnel id
52
+ option username 'username' # HE.net username, which you use to login into tunnelbroker, not the User ID shows after you have login in.
53
+ option password 'password' # HE.net password if there is no updatekey for tunnel
54
+ option updatekey 'updatekey' # HE.net updatekey instead of password, default for new tunnels
55
+
56
+
57
+
58
+
59
+## [IPv6][18] local
60
+
61
+ # Alternative to tunnel broker
62
+ config interface wan6
63
+ option proto 'static'
64
+ option ip6prefix '2001:470:xxxx::/48'
65
+
66
+ config interface lan
67
+ option proto 'static'
68
+ option ip6assign '64'
69
+ option ip6hint 'c0a8'
70
+
71
+
72
+
73
+
74
+## Ad Block
75
+
76
+Link
77
+: <http://homepage.ruhr-uni-bochum.de/Jan.Holthuis/misc/adblock-on-your-openwrt-router/>
78
+
79
+[GitHub][19][?][19]
80
+: <https://gist.github.com/Holzhaus/ed4ac1675a57f11c3057>
81
+
82
+Allow googleadservices.
83
+
84
+
85
+
86
+## VPN Troubleshooting
87
+
88
+VPN concentrator sees multiple ([NATted][20][?][20]) [IPs][21][?][21] for a client so kicks it off.
89
+
90
+### Conntrack Monitoring
91
+
92
+while ((true)) ; do cat /proc/net/nf_conntrack | grep -o  'ESTABLISHED.\*${SRC\_IP}.\*${DEST\_IP}.*packets=' ; sleep 2 ; echo '--' ; done
93
+
94
+[[$[Get Code]]][22]
95
+
96
+
97
+
98
+### Force connections over a single interface
99
+
100
+`/etc/config/mwan3`:
101
+
102
+ config rule 'vpn'
103
+ option dest_ip 'vpn.BLAH.BLAH'
104
+ option proto 'all'
105
+ option use_policy 'adsl_only'
106
+
107
+
108
+
109
+
110
+## conntrack tuning
111
+
112
+`net.netfilter.nf_conntrack_max`
113
+: 32768
114
+
115
+`net.netfilter.nf_conntrack_tcp_timeout_established`
116
+: 7440
117
+
118
+
119
+
120
+### nf\_conntrack\_max and hashsize
121
+
122
+Mainline kernel `nf_conntrack_max` default derives from the amount of system RAM but [OpenWRT][17][?][17] (15.05) uses a fixed 16384.
123
+
124
+Doubling `nf_conntrack_max` requires also doubling the nf_conntrack hashsize parameter.
125
+
126
+The sysctl is readonly:
127
+
128
+sysctl net.netfilter.nf\_conntrack\_buckets
129
+
130
+[[$[Get Code]]][23]
131
+
132
+Hashsize can be set dynamically in `/sys/module/nf_conntrack/parameters/hashsize`
133
+
134
+Persist it in `/etc/modules.d/nf-conntrack` by appending the parameters to the module name:
135
+
136
+ nf_conntrack hashsize=4096
137
+
138
+
139
+
140
+
141
+### nf\_conntrack\_tcp\_timeout\_established
142
+
143
+[OpenWRT][17][?][17] default is [7440s ~=2 hours][24], derived from [rfc-5382 NAT Behavioral Requirements for TCP][25].
144
+
145
+Generally best to leave this as 2h4m.
146
+
147
+
148
+
149
+sysctl -w net.netfilter.nf\_conntrack\_tcp\_timeout\_established=7440
150
+
151
+[[$[Get Code]]][26]
152
+
153
+
154
+
155
+## [DoS][27][?][27] Attack Mitigation
156
+
157
+Attack filled up the conntrack table. Reduce conntrack timeout.
158
+
159
+
160
+
161
+# sysctl -w net.netfilter.nf\_conntrack\_tcp\_timeout\_established=600
162
+
163
+[[$[Get Code]]][28]
164
+
165
+And block the whole of MTN Nigeria
166
+
167
+`/etc/config/firewall`
168
+
169
+ config rule
170
+ option enabled '1'
171
+ option src 'wan'
172
+ option dest 'lan'
173
+ option name 'block nigerian dos'
174
+ option src_ip '197.210.0.0/16'
175
+ option target 'DROP'
176
+
177
+
178
+
179
+Just remember to unblock in later.
180
+
181
+ [1]: PerimeterRouter
182
+ [2]: MobileRouter
183
+ [3]: WDR3600
184
+ [4]: WRT54GL
185
+ [5]: /Tech/OpenWRT
186
+ [6]: http://wiki.openwrt.org/toh/tp-link/tl-wdr3600
187
+ [7]: http://www.amazon.co.uk/TP-Link-TL-WDR3600-Wireless-Gigabit-300Mbps/dp/B008QBAXI4/
188
+ [18]: IPv6
189
+ [22]: WDR3600?action=sourceblock&num=1
190
+ [23]: WDR3600?action=sourceblock&num=2
191
+ [24]: https://github.com/openwrt-mirror/openwrt/blob/master/package/base-files/files/etc/sysctl.conf
192
+ [25]: https://tools.ietf.org/html/rfc5382#section-5
193
+ [26]: WDR3600?action=sourceblock&num=3
194
+ [28]: WDR3600?action=sourceblock&num=4
... ...
\ No newline at end of file
Network/WRT54GL.md
... ...
@@ -0,0 +1,1515 @@
1
+---
2
+title: WRT54GL
3
+---
4
+
5
+[[_TOC_]]
6
+
7
+# Gargoyle
8
+
9
+## Fix Disk Space
10
+
11
+* <https://dev.openwrt.org/changeset/13650>
12
+
13
+ echo "option overlay_root /jffs" >> /etc/opkg.conf
14
+
15
+
16
+
17
+
18
+## [IPv6][35]
19
+
20
+* Attempted on Gargoyle ([OpenWRT][36][?][36] 8.09-beta)
21
+* <http://wiki.openwrt.org/IPv6_howto>
22
+* NOTE: opkg has replaced ipkg
23
+
24
+ opkg update
25
+ opkg install kmod-ipv6 kmod-ip6tables
26
+ opkg install radvd ip ip6tables
27
+ insmod ipv6 # doesn't fucking work!
28
+
29
+
30
+Insmod ipv6 fails with: ` > insmod: unresolved symbol tcp_destroy_sock `
31
+
32
+
33
+
34
+## TFTP Upgrade
35
+
36
+* Upgrading [OpenWRT][36][?][36] via TFTP
37
+* Run tftp
38
+
39
+` atftp --trace --option "timeout 10" --option "mode octet" --put --local-file openwrt-xxx-x.x-xxx.bin 192.168.1.1 `
40
+
41
+* Power cycle the router
42
+* With boot_wait already configured no need to press reset button
43
+
44
+
45
+
46
+# X-WRT
47
+
48
+## [IPv6][35] take 2
49
+
50
+#### 2009-08-20
51
+
52
+* Attempted on [OpenWRT][36][?][36] 8.09 X-WRT
53
+* <https://forum.openwrt.org/viewtopic.php?id=19603>
54
+
55
+ opkg update
56
+ opkg install ip kmod-ipv6 kmod-ip6tables radvd
57
+
58
+
59
+* Still doesn't fucking work. 2.6 kernel only.
60
+
61
+### Remove
62
+
63
+ opkg remove kmod-ipv6tables kmod-ipv6 radvd ip6tables
64
+
65
+
66
+* Ha! Fix opkg repos
67
+
68
+ vi /etc/opkg.conf
69
+
70
+
71
+* cat /etc/opkg.conf
72
+
73
+ #src/gz snapshots http://downloads.openwrt.org/kamikaze/8.09.1/brcm47xx/packages
74
+ src/gz snapshots http://downloads.openwrt.org/kamikaze/8.09.1/brcm-2.4/packages
75
+ dest root /
76
+ dest ram /tmp
77
+ lists_dir ext /var/opkg-lists
78
+ option overlay_root /jffs
79
+ #src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/8.09.1/brcm47xx/packages
80
+ src X-Wrt http://downloads.x-wrt.org/xwrt/kamikaze/8.09/brcm-2.4/packages
81
+
82
+
83
+
84
+
85
+### Reinstall packages
86
+
87
+ opkg update
88
+ opkg install -force-downgrade ip kmod-ipv6 kmod-ip6tables radvd ip6tables
89
+
90
+
91
+
92
+
93
+### Configure PPP
94
+
95
+* <http://nuwiki.openwrt.org/oldwiki/IPv6_howto>
96
+* Activate PPP [IPv6][35] support. Add following lines to /etc/ppp/options :
97
+
98
+ +ipv6
99
+ #logfile /var/log/ppp.log
100
+
101
+
102
+* No v6CP response so e-mailed Entanet (ipv6 at enta dot net)
103
+
104
+
105
+
106
+## Iodine
107
+
108
+* ` opkg install kmod-tun iodine `
109
+
110
+
111
+
112
+## httpd listen address
113
+
114
+* Set httpd port to LAN IP and port
115
+
116
+ # cat /etc/config/httpd
117
+ config 'httpd'
118
+ option 'port' '192.168.1.1:80'
119
+ option 'home' '/www'
120
+
121
+
122
+
123
+
124
+## Port Forwarding Lockups
125
+
126
+* Stops forwarding ports after a while
127
+
128
+
129
+
130
+### Reduce TCP established timeout
131
+
132
+* /proc
133
+
134
+ echo -n 900 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
135
+
136
+
137
+
138
+
139
+* vim /etc/sysctl.conf
140
+
141
+ net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=900
142
+
143
+
144
+
145
+
146
+## NTP Time Synchronization
147
+
148
+* <http://martybugs.net/wireless/openwrt/timesync.cgi>
149
+* Install ntpclient
150
+
151
+ opkg update
152
+ opkg install ntpclient
153
+
154
+
155
+* Run once
156
+
157
+ /usr/sbin/ntpclient -c 1 -s -h 0.openwrt.pool.ntp.org
158
+
159
+
160
+
161
+
162
+## SSH listen address
163
+
164
+* Set SSH port to LAN IP and port
165
+
166
+ # cat /etc/config/dropbear
167
+ config dropbear
168
+ option PasswordAuth 'on'
169
+ option Port '192.168.1.1:22'
170
+
171
+
172
+
173
+
174
+## Fix BT iptables forwarding
175
+
176
+* Change live iptables rules
177
+
178
+ iptables -t nat -nv --list zone_wan_prerouting --line-number
179
+ iptables -t nat -I zone_wan_prerouting 4 -p tcp -m tcp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
180
+ iptables -t nat -I zone_wan_prerouting 5 -p udp -m udp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
181
+ iptables -t nat -D zone_wan_prerouting 7 # delete old rule
182
+ iptables -t nat -D zone_wan_prerouting 6 # delete old rule
183
+
184
+
185
+
186
+
187
+* Edit saved rules
188
+ * Modified dest_port '6881-6889' to ''
189
+
190
+ # vim /etc/config/firewall
191
+ config 'redirect' 'BT'
192
+ option 'src' 'wan'
193
+ option 'proto' 'tcpudp'
194
+ option 'src_ip' ''
195
+ option 'dest_ip' '192.168.1.4'
196
+ option 'dest_port' ''
197
+ option 'src_dport' '6881-6889'
198
+
199
+
200
+
201
+
202
+## Configure [IPv6][35] tunnel
203
+
204
+* Create he.net tunnelbroker account
205
+* Let he.net ping the router
206
+
207
+ # vim /etc/firewall.user
208
+ iptables -A input_wan -p icmp -m icmp --icmp-type echo-request -m limit --limit 10/s -j zone_wan_ACCEPT
209
+
210
+
211
+
212
+
213
+* Set [IPv6][35] Address in [WebIf][37][?][37] to 2001:470:1f09:471::1/64
214
+
215
+
216
+
217
+### Tunnel Script
218
+
219
+* [http://blog.silviosilva.com/index.php/2009/03/15/ipv6\_tunnelbroker\_openwrt/][38]
220
+* <http://www.tunnelbroker.net/forums/index.php?action=printpage;topic=106.0>
221
+
222
+ # cat /etc/init.d/ipv6tunnel
223
+ #!/bin/sh /etc/rc.common
224
+
225
+ #Information from the "Tunnel Details" page
226
+ SERVER_v4=216.66.80.26
227
+ SERVER_v6=2001:470:1f08:471::1
228
+
229
+ CLIENT_v4=78.32.119.229
230
+ CLIENT_v6=2001:470:1f08:471::2
231
+
232
+ # Uncomment if you have a /48
233
+ #ROUTED_48=Your /48 netblock's gateway address, e.g., 2001:a:b::1
234
+ ROUTED_64=2001:470:1f09:471::1
235
+
236
+ START=50
237
+
238
+ start() {
239
+ echo "Starting he.net IPv6 tunnel: "
240
+ ip tunnel add henet mode sit remote $SERVER_v4 local $CLIENT_v4 ttl 255
241
+ ip link set henet up
242
+
243
+ ip -6 addr add $CLIENT_v6/64 dev henet
244
+ ip -6 ro add default via $SERVER_v6 dev henet
245
+
246
+ # Set by WebIf
247
+ #ip -6 addr add $ROUTED_64/64 dev br-lan
248
+ # Uncomment if you have a /48
249
+ #ip -6 addr add $ROUTED_48/48 dev br-lan
250
+ ip -f inet6 addr
251
+
252
+ echo "Done."
253
+ }
254
+ stop() {
255
+ echo -n "Stopping he.net IPv6 tunnel: "
256
+ ip link set henet down
257
+ ip tunnel del henet
258
+
259
+ # Set by WebIf
260
+ #ip -6 addr delete $ROUTED_64/64 dev br-lan
261
+ # Uncomment if you have a /48
262
+ #ip -6 addr delete $ROUTED_48/48 dev br-lan
263
+
264
+ echo "Done."
265
+ }
266
+ restart() {
267
+ stop
268
+ start
269
+ }
270
+
271
+
272
+
273
+
274
+
275
+### radvd
276
+
277
+ # cat /etc/config/radvd
278
+ config interface
279
+ option interface 'lan'
280
+ option AdvSendAdvert 1
281
+ option AdvManagedFlag 0
282
+ option AdvOtherConfigFlag 0
283
+ option ignore 0
284
+
285
+ config prefix
286
+ option interface 'lan'
287
+ # If not specified, a non-link-local prefix of the interface is used
288
+ option prefix '2001:db8:feed:b00::/64'
289
+ option AdvOnLink 1
290
+ option AdvAutonomous 1
291
+ option AdvRouterAddr 0
292
+ option ignore 0
293
+
294
+ config rdnss
295
+ option interface 'lan'
296
+ # If not specified, the link-local address of the interface is used
297
+ option addr ''
298
+ option ignore 1
299
+
300
+
301
+
302
+
303
+### Enable [WebIf][37][?][37] services
304
+
305
+* Enable ipv6tunnel, radvd
306
+
307
+
308
+
309
+### Official [OpenWRT][36][?][36] [IPv6][35] howto
310
+
311
+* <http://nuwiki.openwrt.org/oldwiki/IPv6_howto>
312
+
313
+
314
+
315
+### ip6tables
316
+
317
+* <http://ipv6.debian.net/>
318
+* Add to /etc/modules.d
319
+
320
+ # echo ip6_tables >> /etc/modules.d/20-ipv6
321
+ # echo ip6table_filter >> /etc/modules.d/20-ipv6
322
+
323
+
324
+
325
+
326
+* Adapt ip6-stateless script
327
+* network/Firewall/router.fw.sh
328
+* cat >> firewall.user
329
+
330
+ #--------------------------------------------------
331
+ #-- IP6TABLES
332
+ #--------------------------------------------------
333
+ PORTS_IN_TCP_ALLOW=""
334
+ PORTS_IN_UDP_ALLOW=""
335
+ PORTS_FWD_TCP_ALLOW="22"
336
+ PORTS_FWD_UDP_ALLOW=""
337
+
338
+ IPTABLES="/usr/sbin/iptables"
339
+ IP6TABLES="/usr/sbin/ip6tables"
340
+
341
+ IP6_WAN_IF=henet
342
+
343
+ # Defailt rate limiting
344
+ #RLIMIT="-m limit --limit 3/s --limit-burst 8"
345
+ RLIMIT=""
346
+
347
+ # Logging options.
348
+ LOG="LOG --log-level debug --log-tcp-sequence --log-tcp-options"
349
+ LOG="$LOG --log-ip-options"
350
+
351
+ # Unprivileged ports.
352
+ PHIGH="1024:65535"
353
+ PSSH="1000:1023"
354
+
355
+ #--------------------------------------------------
356
+ # Sysctl
357
+ #--------------------------------------------------
358
+ echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
359
+
360
+
361
+ #--------------------------------------------------
362
+ # Default policies.
363
+ #--------------------------------------------------
364
+
365
+ # Drop everything by default.
366
+ $IP6TABLES -P INPUT DROP
367
+ $IP6TABLES -P FORWARD DROP
368
+ $IP6TABLES -P OUTPUT DROP
369
+
370
+ # Set the nat/mangle/raw tables' chains to ACCEPT
371
+ $IP6TABLES -t mangle -P PREROUTING ACCEPT
372
+ $IP6TABLES -t mangle -P INPUT ACCEPT
373
+ $IP6TABLES -t mangle -P FORWARD ACCEPT
374
+ $IP6TABLES -t mangle -P OUTPUT ACCEPT
375
+ $IP6TABLES -t mangle -P POSTROUTING ACCEPT
376
+
377
+ #--------------------------------------------------
378
+ # Cleanup.
379
+ #--------------------------------------------------
380
+
381
+ # Delete all
382
+ $IP6TABLES -F
383
+ $IP6TABLES -t mangle -F
384
+
385
+ # Delete all
386
+ $IP6TABLES -X
387
+ $IP6TABLES -t mangle -X
388
+
389
+ # Zero all packets and counters.
390
+ $IP6TABLES -Z
391
+ $IP6TABLES -t mangle -Z
392
+
393
+ #--------------------------------------------------
394
+ # Basic user-defined chains
395
+ #--------------------------------------------------
396
+ # LOG packets, then ACCEPT.
397
+ $IP6TABLES -N ACCEPTLOG
398
+ #$IP6TABLES -A ACCEPTLOG -j $LOG $RLIMIT --log-prefix "ACCEPT "
399
+ $IP6TABLES -A ACCEPTLOG -j ACCEPT
400
+
401
+ # LOG packets, then DROP.
402
+ $IP6TABLES -N DROPLOG
403
+ #$IP6TABLES -A DROPLOG -j $LOG $RLIMIT --log-prefix "DROP "
404
+ $IP6TABLES -A DROPLOG -j DROP
405
+
406
+ # LOG packets, then REJECT.
407
+ # TCP packets are rejected with a TCP reset.
408
+ $IP6TABLES -N REJECTLOG
409
+ #$IP6TABLES -A REJECTLOG -j $LOG $RLIMIT --log-prefix "REJECT "
410
+ $IP6TABLES -A REJECTLOG -p tcp -j REJECT --reject-with tcp-reset
411
+ $IP6TABLES -A REJECTLOG -j REJECT
412
+
413
+ #--------------------------------------------------
414
+ # Vulnerabilities
415
+ #--------------------------------------------------
416
+
417
+ #Remove RH0 vulnerability
418
+ # https://lists.ubuntu.com/archives/kernel-bugs/2007-June/027320.html
419
+ # https://www.sixxs.net/forum/?msg=general-573582
420
+ #$IP6TABLES -A INPUT -m rt --rt-type 0 -j DROP
421
+ #$IP6TABLES -A OUTPUT -m rt --rt-type 0 -j DROP
422
+ #$IP6TABLES -A FORWARD -m rt --rt-type 0 -j DROP
423
+
424
+ #--------------------------------------------------
425
+ # ICMP
426
+ #--------------------------------------------------
427
+
428
+ # Allow IPv6 ICMP
429
+ $IP6TABLES -A INPUT -p ipv6-icmp -j ACCEPT
430
+ $IP6TABLES -A OUTPUT -p ipv6-icmp -j ACCEPT
431
+ $IP6TABLES -A FORWARD -p ipv6-icmp -j ACCEPT
432
+
433
+ #--------------------------------------------------
434
+ # Basic allowed traffic - loopback, outgoing
435
+ #--------------------------------------------------
436
+ $IP6TABLES -A INPUT -i lo -j ACCEPT
437
+ $IP6TABLES -A OUTPUT -o lo -j ACCEPT
438
+
439
+ # Allow incoming connections related to existing allowed connections.
440
+ #$IP6TABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
441
+ $IP6TABLES -A INPUT -p tcp ! --syn -j ACCEPT
442
+
443
+ # Allow outgoing connections EXCEPT invalid
444
+ #$IP6TABLES -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
445
+ $IP6TABLES -A OUTPUT -j ACCEPT
446
+
447
+ # Allow incoming connections related to existing allowed connections.
448
+ #$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
449
+ $IP6TABLES -A FORWARD -p tcp ! --syn -j ACCEPT
450
+
451
+ # Allow new outgoing forwarded connections
452
+ #$IP6TABLES -A FORWARD -o ${IP6_WAN_IF} -m state --state NEW -j ACCEPT
453
+ $IP6TABLES -A FORWARD -o ${IP6_WAN_IF} -j ACCEPT
454
+
455
+ ##--------------------------------------------------
456
+ ## Drop MS ports - SMB, CIFS, etc
457
+ ##--------------------------------------------------
458
+ #$IP6TABLES -A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP
459
+ #$IP6TABLES -A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP
460
+
461
+ #--------------------------------------------------
462
+ # Drop Invalid traffic
463
+ #--------------------------------------------------
464
+ #$IP6TABLES -A INPUT -m state --state INVALID -j DROP
465
+ #$IP6TABLES -A OUTPUT -m state --state INVALID -j DROP
466
+ #$IP6TABLES -A FORWARD -m state --state INVALID -j DROP
467
+
468
+ #--------------------------------------------------
469
+ # Port scans and SYN floods
470
+ #--------------------------------------------------
471
+ $IP6TABLES -N SYN_FLOOD
472
+
473
+ $IP6TABLES -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
474
+ $IP6TABLES -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j LOG --log-prefix SYN-DROP:
475
+ $IP6TABLES -A SYN_FLOOD -j DROP
476
+
477
+ $IP6TABLES -A INPUT -p tcp --syn -j SYN_FLOOD
478
+ $IP6TABLES -A FORWARD -i ${IP6_WAN_IF} -p tcp --syn -j SYN_FLOOD
479
+
480
+ #--------------------------------------------------
481
+ # Drop bad IPs
482
+ #--------------------------------------------------
483
+ ## Block lists
484
+ ## $IP6TABLES -A INPUT -s INSERT-BAD-IP-HERE -j DROPLOG
485
+ ## $IP6TABLES -A FORWARD -s INSERT-BAD-IP-HERE -j DROPLOG
486
+
487
+ # IANA reserved and unallocated
488
+ # http://www.iana.org/assignments/ipv6-address-space/
489
+ # http://www.iana.org/assignments/ipv6-unicast-address-assignments/
490
+
491
+
492
+ ##--------------------------------------------------
493
+ #--------------------------------------------------
494
+ # Inbound
495
+ #--------------------------------------------------
496
+ # Allowed ports
497
+ for PORT in ${PORTS_IN_TCP_ALLOW} ; do
498
+ #${IP6TABLES} -A INPUT -m state --state NEW -p tcp --dport ${PORT} -j ACCEPT
499
+ ${IP6TABLES} -A INPUT -p tcp --syn --dport ${PORT} -j ACCEPT
500
+ done
501
+
502
+ for PORT in ${PORTS_IN_UDP_ALLOW} ; do
503
+ #${IP6TABLES} -A INPUT -m state --state NEW -p udp --dport ${PORT} -j ACCEPT
504
+ ${IP6TABLES} -A INPUT -p udp --dport ${PORT} -j ACCEPT
505
+ done
506
+
507
+ #--------------------------------------------------
508
+ # Forward
509
+ #--------------------------------------------------
510
+ # Allowed ports
511
+ for PORT in ${PORTS_FWD_TCP_ALLOW} ; do
512
+ #${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -m state --state NEW -p tcp --dport ${PORT} -j ACCEPT
513
+ ${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -p tcp --syn --dport ${PORT} -j ACCEPT
514
+ done
515
+
516
+ for PORT in ${PORTS_FWD_UDP_ALLOW} ; do
517
+ #${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -m state --state NEW -p udp --dport ${PORT} -j ACCEPT
518
+ ${IP6TABLES} -A FORWARD -i ${IP6_WAN_IF} -p udp --dport ${PORT} -j ACCEPT
519
+ done
520
+
521
+ ##--------------------------------------------------
522
+ ## Reject the rest
523
+ ##--------------------------------------------------
524
+ #$IP6TABLES -A INPUT -j REJECTLOG
525
+ #$IP6TABLES -A OUTPUT -j REJECTLOG
526
+ #$IP6TABLES -A FORWARD -j REJECTLOG
527
+
528
+ <<EOF
529
+
530
+
531
+
532
+
533
+### Allow [IPv6][35]-in-[IPv4][39][?][39] through iptables
534
+
535
+ $IPTABLES -A input_wan -p ipv6 -j zone_wan_ACCEPT
536
+
537
+
538
+
539
+
540
+## Public Wifi
541
+
542
+### nodogsplash
543
+
544
+ wget http://kokoro.ucsd.edu/nodogsplash/latest.ipk
545
+
546
+
547
+
548
+
549
+### Network Configuration
550
+
551
+ config 'interface' 'public'
552
+ option 'proto' 'static'
553
+ option 'type' 'bridge'
554
+ option 'macaddr' ''
555
+ option 'ipaddr' '172.16.0.1'
556
+ option 'ip6addr' '2001:470:903c:ac10::1/64'
557
+ option 'netmask' '255.255.255.0'
558
+ option 'gateway' ''
559
+ option 'ip6gw' ''
560
+ option 'dns' ' 195.74.113.58 195.74.113.62'
561
+
562
+
563
+
564
+
565
+### Wireless Configuration
566
+
567
+ config 'wifi-iface'
568
+ option 'device' 'wl0'
569
+ option 'network' 'public'
570
+ option 'mode' 'ap'
571
+ option 'hidden' '0'
572
+ option 'encryption' 'none'
573
+ option 'network' 'public'
574
+ option 'ssid' '30 Rustat Public'
575
+ option 'bssid' ''
576
+ option 'server' ''
577
+ option 'port' ''
578
+ option 'isolate' '0'
579
+ option 'txpower' ''
580
+ option 'bgscan' '0'
581
+ option 'frag' ''
582
+ option 'rts' ''
583
+ option 'wds' '0'
584
+ option 'key1' ''
585
+ option 'key2' ''
586
+ option 'key3' ''
587
+ option 'key4' ''
588
+ option '80211h' ''
589
+ option 'compression' ''
590
+ option 'bursting' ''
591
+ option 'ff' ''
592
+ option 'wmm' ''
593
+ option 'xr' ''
594
+ option 'ar' ''
595
+ option 'turbo' ''
596
+ option 'macpolicy' 'none'
597
+ option 'maclist' ''
598
+
599
+
600
+
601
+
602
+### Firewall
603
+
604
+ config 'zone'
605
+ option 'name' 'public'
606
+ option 'input' 'REJECT'
607
+ option 'output' 'ACCEPT'
608
+ option 'forward' 'REJECT'
609
+ option 'masq' '1'
610
+
611
+ config 'forwarding'
612
+ option 'src' 'public'
613
+ option 'dest' 'wan'
614
+ option 'mtu_fix' '1'
615
+
616
+
617
+
618
+
619
+### DHCP
620
+
621
+ config 'dhcp' 'public'
622
+ option 'interface' 'public'
623
+ option 'start' '100'
624
+ option 'limit' '150'
625
+ option 'leasetime' '720m'
626
+ option 'ignore' '0'
627
+
628
+
629
+
630
+
631
+
632
+### radvd
633
+
634
+ # cat /etc/config/radvd
635
+ config interface
636
+ option interface 'public'
637
+ option AdvSendAdvert 1
638
+ option AdvManagedFlag 0
639
+ option AdvOtherConfigFlag 0
640
+ option ignore 0
641
+
642
+ config prefix
643
+ option interface 'public'
644
+ # If not specified, a non-link-local prefix of the interface is used
645
+ option prefix '2001:470:903c:ac10::/64'
646
+ option AdvOnLink 1
647
+ option AdvAutonomous 1
648
+ option AdvRouterAddr 0
649
+ option ignore 0
650
+
651
+ config rdnss
652
+ option interface 'lan'
653
+ # If not specified, the link-local address of the interface is used
654
+ option addr ''
655
+ option ignore 1
656
+
657
+
658
+
659
+
660
+## Recovery
661
+
662
+#### 2009-12-16
663
+
664
+* Borked router deleting stuff from /jffs
665
+
666
+
667
+
668
+### Reboot to Failsafe
669
+
670
+* Power cycle
671
+* When DMZ light comes on press and hold Reset button until DMZ light flashes (~3Hz)
672
+ telnet 192.168.1.1
673
+ > firstboot
674
+ > reboot
675
+
676
+
677
+
678
+
679
+
680
+### [QoS][40][?][40]
681
+
682
+ opkg update
683
+ opkg install qos-scripts
684
+
685
+
686
+
687
+
688
+### Nodogsplash
689
+
690
+ opkg update
691
+ opkg install nodogsplash
692
+
693
+
694
+* <http://nuwiki.openwrt.org/oldwiki/hotspothowto#configure.nodogsplash>
695
+* Abandon for now. Too buggy.
696
+
697
+
698
+
699
+### SSH access
700
+
701
+* dropbear
702
+* authorized keys
703
+
704
+
705
+
706
+### Reconfigure
707
+
708
+* From host
709
+ scp etc/config/* router:/etc/config/
710
+ scp etc/firewall.user router:/etc/
711
+
712
+
713
+
714
+
715
+
716
+* [OpenDNS][41][?][41] configuration
717
+ cat >> /etc/resolv.conf.opendns
718
+ nameserver 208.67.222.222
719
+ nameserver 208.67.220.220
720
+ EOF
721
+
722
+
723
+
724
+ * And replace DNS entries in /etc/config/network with these
725
+* ppp
726
+ cat >> /etc/ppp/options
727
+ +ipv6
728
+ #logfile /var/log/ppp.log
729
+ EOF
730
+
731
+
732
+
733
+
734
+
735
+### Reinstall
736
+
737
+ opkg update
738
+ opkg install kmod-ipv6 kmod-ip6tables
739
+ opkg install radvd ip6tables 6scripts
740
+ opkg install qos-scripts nptclient
741
+ opkg install nodogsplash
742
+
743
+
744
+
745
+
746
+### Services
747
+
748
+ /usr/sbin/ntpclient -c 1 -s -h 0.openwrt.pool.ntp.org
749
+ /etc/init.d/radvd start
750
+ /etc/init.d/firewall restart
751
+
752
+
753
+
754
+
755
+### Status
756
+
757
+ root@router:~# df /dev/mtdblock/4
758
+ Filesystem 1k-blocks Used Available Use% Mounted on
759
+ /dev/mtdblock/4 1792 1192 600 67% /jffs
760
+
761
+
762
+
763
+
764
+# [OpenWRT][36][?][36]
765
+
766
+## Upgrade
767
+
768
+* Upgrade to [OpenWrt][42][?][42] 8.09.2
769
+* ipv6 broken on x-wrt as it was on Gargoyle
770
+
771
+
772
+
773
+### Backup config
774
+
775
+ scp -r router:/etc ./
776
+ ssh router 'opkg list_installed' > installed_packages
777
+
778
+
779
+
780
+
781
+### Download
782
+
783
+* <http://downloads.openwrt.org/kamikaze/8.09.2/brcm-2.4/openwrt-brcm-2.4-squashfs.trx>
784
+* <http://downloads.openwrt.org/kamikaze/8.09.2/brcm-2.4/openwrt-wrt54g-squashfs.bin>
785
+
786
+
787
+
788
+### Upgrade
789
+
790
+* Via web interface with .trx
791
+
792
+
793
+
794
+### Reinstall
795
+
796
+ opkg install kmod-ipv6 ip ip6tables kmod-ip6tables qos-scripts 6scripts radvd ntpclient
797
+
798
+
799
+
800
+
801
+### Reconfigure
802
+
803
+ scp etc/config/* router:/etc/config/
804
+ scp etc/firewall.user router:/etc/
805
+ scp etc/hosts router:/etc/hosts.local
806
+ scp etc/dropbear/authorized_keys etc/dropbear/
807
+
808
+
809
+
810
+
811
+* Fix dnsmasq, was using /etc/resolv.conf.opendns
812
+ sed -i -e 's%/etc/resolv.conf.opendns%/tmp/resolv.conf.auto%' /etc/config/dhcp
813
+
814
+
815
+
816
+
817
+
818
+* Fix ppp ipv6
819
+ cat >> /etc/ppp/options
820
+ +ipv6
821
+ #logfile /var/log/ppp.log
822
+ EOF
823
+
824
+
825
+
826
+
827
+
828
+## SNMP
829
+
830
+### Install
831
+
832
+* <http://members.aon.at/linuxfreak/linux/mini_snmpd.html>
833
+ opkg install mini-snmpd
834
+
835
+
836
+
837
+
838
+
839
+### Configure
840
+
841
+#### /etc/config/mini_snmpd
842
+
843
+* [http://wlan-lj.net/browser/branches/openwrt/packages/net/mini\_snmpd/files/mini\_snmpd.config?order=date][43]
844
+
845
+ config mini_snmpd
846
+ option enabled 1
847
+ option community public
848
+ option location ''
849
+ option contact ''
850
+ option disks '/tmp,/jffs'
851
+ option interfaces 'ppp0,br-lan,br-public' # Max 4
852
+
853
+
854
+
855
+
856
+#### /etc/init.d/mini_snmpd
857
+
858
+* [http://wlan-lj.net/browser/branches/openwrt/packages/net/mini\_snmpd/files/mini\_snmpd.init?order=date][44]
859
+
860
+ #!/bin/sh /etc/rc.common
861
+ # Copyright (C) 2009 OpenWrt.org
862
+
863
+ NAME=mini_snmpd
864
+ PROG=/sbin/$NAME
865
+ START=50
866
+
867
+ append_string() {
868
+ local section="$1"
869
+ local option="$2"
870
+ local value="$3"
871
+ local _val
872
+ config_get _val "$section" "$option"
873
+ [ -n "$_val" ] && append args "$3 $_val"
874
+ }
875
+
876
+ mini_snmpd_config() {
877
+ local cfg="$1"
878
+ args=""
879
+
880
+ append_string "$cfg" community "-c"
881
+ append_string "$cfg" location "-L"
882
+ append_string "$cfg" contact "-C"
883
+ append_string "$cfg" disks "-d"
884
+ append_string "$cfg" interfaces "-i"
885
+
886
+ config_get_bool enabled "$cfg" "enabled" '1'c
887
+ [ "$enabled" -gt 0 ] && $PROG $args &
888
+ }
889
+
890
+ start() {
891
+ config_load mini_snmpd
892
+ config_foreach mini_snmpd_config mini_snmpd
893
+ }
894
+
895
+ stop() {
896
+ killall mini_snmpd
897
+ }
898
+
899
+
900
+
901
+* Make executable
902
+ chmod a+x /etc/init.d/mini_snmpd
903
+
904
+
905
+
906
+
907
+
908
+### Run
909
+
910
+ mini_snmpd -i ppp0
911
+
912
+
913
+
914
+
915
+## Upgrade to 10.03
916
+
917
+* <http://backfire.openwrt.org/10.03/brcm-2.4/openwrt-brcm-2.4-squashfs.trx>
918
+* <http://backfire.openwrt.org/10.03/brcm-2.4/openwrt-wrt54g-squashfs.bin>
919
+* Upgraded via web interface with .bin
920
+
921
+
922
+
923
+### Config Changes from Kamikaze
924
+
925
+* /etc/config/httpd replaced with /etc/config/uhttpd
926
+* Delegated block in /etc/config/6tunnel
927
+* 6tunnel.init script fix <https://dev.openwrt.org/ticket/7203>
928
+* add services to init: 6tunnel, radvd, mini_snmpd
929
+
930
+
931
+
932
+## Geolocation Tunneling
933
+
934
+### SSH
935
+
936
+ # opkg install tinyproxy autossh
937
+
938
+
939
+* Set for transparent proxying
940
+* <http://open-wrt.ru/forum/viewtopic.php?id=2069>
941
+
942
+
943
+
944
+### VPN
945
+
946
+* <http://forum.openwrt.org/viewtopic.php?pid=8495>
947
+
948
+
949
+
950
+## UPNP
951
+
952
+ # opkg install miniupnpd
953
+
954
+
955
+cat /etc/config/upnp
956
+
957
+ config upnpd config
958
+ option enabled 1
959
+ option secure_mode 1
960
+ option log_output 1
961
+ option download 1024
962
+ option upload 512
963
+ option external_iface wan
964
+ option internal_iface lan
965
+
966
+
967
+
968
+
969
+## Native [IPv6][35]
970
+
971
+* Divide Entanet allocated /56 into three subnets
972
+ * 2001:4d48:ad51:xxx0::/64 for edge
973
+ * 2001:4d48:ad51:xxx1::/64 for lan
974
+ * 2001:4d48:ad51:xxx2::/64 for public
975
+
976
+### Multihoming
977
+
978
+NOTE: native ipv6 only works alongside tunnelled ipv6 if multihoming is supported.
979
+
980
+Adding native [IPv6][35] didn't work initially because hosts were using their first assigned (tunnelled) ipv6 address and replies couldn't be routed back via native ipv6
981
+
982
+
983
+
984
+### Network
985
+
986
+* /etc/config/network
987
+ config 'interface' 'wan'
988
+ ...
989
+ option 'ipv6' '1'
990
+ option 'ip6addr' '2001:4d48:ad51:xxx0::1/64' # not necessary
991
+ ...
992
+ config 'interface' 'lan'
993
+ ...
994
+ option 'ip6addr' '2001:4d48:ad51:xxx1::1/64'
995
+ ...
996
+ config 'interface' 'public'
997
+ ...
998
+ option 'ip6addr' '2001:4d48:ad51:xxx2::1/64'
999
+
1000
+
1001
+
1002
+* ip6addr option doesn't work for pppoe - can be added manually
1003
+ ip addr add 2001:4d48:ad51:xxx0::1/64 dev ppp0
1004
+
1005
+
1006
+
1007
+
1008
+
1009
+### Router Advertisements
1010
+
1011
+* Add /64 adverts to /etc/config/radvd
1012
+ config prefix
1013
+ # Native Entanet prefix
1014
+ option interface 'lan'
1015
+ option prefix '2001:4d48:ad51:xxx1::/64'
1016
+ option AdvOnLink 1
1017
+ option AdvAutonomous 1
1018
+ option AdvRouterAddr 0
1019
+ option ignore 0
1020
+
1021
+ config prefix
1022
+ # Native Entanet prefix
1023
+ option interface 'public'
1024
+ option prefix '2001:4d48:ad51:xxx2::/64'
1025
+ option AdvOnLink 1
1026
+ option AdvAutonomous 1
1027
+ option AdvRouterAddr 0
1028
+ option ignore 0
1029
+
1030
+
1031
+
1032
+
1033
+
1034
+### Firewall
1035
+
1036
+* /etc/firewall.user
1037
+* Adapt script to support multiple ipv6 endpoints (henet and ppp0)
1038
+
1039
+
1040
+
1041
+### Disable 6tunnel service
1042
+
1043
+` rm /etc/rc.d/S46_6tunnel `
1044
+
1045
+
1046
+
1047
+### AAISP [IPv6][35]
1048
+
1049
+Divide AAISP allocated /48
1050
+
1051
+* 2001:8b0:16b9:xxxx::/60 for location 1
1052
+ * 2001:8b0:16b9:xxx1::/64 for lan
1053
+ * 2001:8b0:16b9:xxx8::/64 for public
1054
+
1055
+
1056
+
1057
+## Upgrade to 12.09
1058
+
1059
+[openwrt-wrt54g-squashfs.bin][45]
1060
+
1061
+Does not support [WRT54GL][46]. Recommended version is 10.03.
1062
+
1063
+
1064
+
1065
+## Remote Logging
1066
+
1067
+Recent watchdog resets (probably from rtorrent's ~700 connections). Uptime in the range of minutes.
1068
+
1069
+* <http://wiki.openwrt.org/doc/uci/system>
1070
+* <https://forum.openwrt.org/viewtopic.php?id=11912>
1071
+* <http://www.rsyslog.com/receiving-messages-from-a-remote-system/>
1072
+* <http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/>
1073
+
1074
+
1075
+
1076
+### Log server
1077
+
1078
+Accept logging on [Hastur][47]:
1079
+
1080
+Enable imudp plugin `/etc/rsyslog.conf`
1081
+
1082
+ # provides UDP syslog reception
1083
+ $ModLoad imudp
1084
+ $UDPServerRun 514
1085
+
1086
+
1087
+Log remote messages from router to a file `/etc/rsyslog.d/router.conf`
1088
+
1089
+ ## Match router hostname
1090
+ :source, isequal, "router" /var/log/phase1/router.log
1091
+ & ~
1092
+
1093
+
1094
+Configure rsyslogd
1095
+
1096
+
1097
+
1098
+### [OpenWRT][36][?][36]
1099
+
1100
+Set log\_ip and log\_port. Default port is 514
1101
+
1102
+/etc/config/system
1103
+
1104
+ option 'log_ip' '192.168.0.4'
1105
+ option 'log_port' '514'
1106
+
1107
+
1108
+
1109
+
1110
+# Linksys
1111
+
1112
+* [Linksys 4.30.11][48]
1113
+
1114
+ tftp 192.168.1.1
1115
+
1116
+ tftp> binary
1117
+ tftp> rexmt 1
1118
+ tftp> timeout 60
1119
+ tftp> trace
1120
+ tftp> put WRT54GL_v4.30.11_012_ETSI_EN_code.bin
1121
+
1122
+
1123
+
1124
+
1125
+# Replacement
1126
+
1127
+Replaced by [WDR-3600][49][?][49], see [Mobile Router][50]
1128
+
1129
+
1130
+
1131
+# Log
1132
+
1133
+#### 2009-01-21
1134
+
1135
+Turned on [QoS][40][?][40]. Prioritized www and ssh over bittorrent
1136
+
1137
+
1138
+
1139
+#### 2009-01-25
1140
+
1141
+Installed DD-WRT.
1142
+
1143
+
1144
+
1145
+#### 2009-01-27
1146
+
1147
+Installed [OpenWRT][51][?][51]
1148
+Configure [IPv6][35]
1149
+
1150
+
1151
+
1152
+#### 2009-04-02
1153
+
1154
+Fix [OpenDNS][41][?][41] configuration <http://forum.openwrt.org/viewtopic.php?id=12408>
1155
+
1156
+
1157
+
1158
+ cat >> /etc/resolv.conf.opendns
1159
+ nameserver 208.67.222.222
1160
+ nameserver 208.67.220.220
1161
+ EOF
1162
+
1163
+
1164
+
1165
+
1166
+ vi /etc/config/dhcp
1167
+ ...
1168
+ config dnsmasq
1169
+ ....
1170
+ option resolvfile '/etc/resolv.conf.opendns'
1171
+
1172
+
1173
+
1174
+
1175
+#### 2009-08-18
1176
+
1177
+* Replaced Gargoyle with x-wrt [OpenWRT][36][?][36] 8.09
1178
+* Web interface upgrade didn't work so flashed via TFTP
1179
+ * [X-WRT Kamikaze 8.09 brcm-2.4 default][52]
1180
+* Configured WAN in pppoe mode, no bridge
1181
+* Configured LAN, bridge mode (for wireless)
1182
+* Set LAN DNS servers to [OpenDNS][41][?][41]
1183
+
1184
+
1185
+
1186
+#### 2009-08-19
1187
+
1188
+* Configured wireless
1189
+* Configured port forwarding
1190
+* Set [PPPoE][53][?][53] MTU to 1472
1191
+
1192
+
1193
+
1194
+#### 2009-08-20
1195
+
1196
+* [IPv6][35]
1197
+* Force kernel downgrade
1198
+
1199
+
1200
+
1201
+#### 2009-08-21
1202
+
1203
+* Testing iodine
1204
+
1205
+
1206
+
1207
+#### 2009-09-??
1208
+
1209
+* Set httpd to listen on LAN only
1210
+
1211
+
1212
+
1213
+#### 2009-09-08
1214
+
1215
+* Port forwarding lockups
1216
+* Reduced TCP conntrack timeout to 900 seconds
1217
+* Adjusted bittorrent forwarding rule
1218
+
1219
+ iptables -t nat -nv --list zone_wan_prerouting --line-number
1220
+ iptables -t nat -I zone_wan_prerouting 4 -p tcp -m tcp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
1221
+ iptables -t nat -I zone_wan_prerouting 5 -p udp -m udp --dport 6881:6889 -j DNAT --to-destination 192.168.1.4
1222
+ iptables -t nat -D zone_wan_prerouting 7 # delete old rule
1223
+ iptables -t nat -D zone_wan_prerouting 6 # delete old rule
1224
+
1225
+
1226
+
1227
+
1228
+* Time synchronization
1229
+* Dropbear SSH on LAN only
1230
+
1231
+
1232
+
1233
+#### 2009-09-12
1234
+
1235
+* Switch wireless to channel 6, distance to 18m
1236
+* Configure he.net tunnel
1237
+
1238
+
1239
+
1240
+#### 2009-09-16
1241
+
1242
+* Initial ip6tables config
1243
+
1244
+
1245
+
1246
+#### 2009-09-18
1247
+
1248
+* Fix ip6tables tunnel and synflood
1249
+
1250
+ $IPTABLES -A input_wan -p ipv6 -j zone_wan_ACCEPT
1251
+ $IP6TABLES -A FORWARD -i ${IP6_WAN_IF} -p tcp --syn -j SYN_FLOOD
1252
+
1253
+
1254
+
1255
+
1256
+#### 2009-11-24
1257
+
1258
+* Upgrade packages - Fails due to lack of disk space
1259
+* Fix [IPv6][35]
1260
+ * Upgrade deleted firewall.user
1261
+
1262
+
1263
+
1264
+#### 2009-12-10
1265
+
1266
+* Removed iodined
1267
+* Started public wifi configuration
1268
+
1269
+
1270
+
1271
+#### 2009-12-12
1272
+
1273
+* Public wifi configuration
1274
+
1275
+
1276
+
1277
+#### 2009-12-13
1278
+
1279
+* install 6scripts
1280
+* fix misconfigured public wifi
1281
+ *
1282
+ * [No ifname stanza][54]
1283
+
1284
+
1285
+
1286
+#### 2009-12-14
1287
+
1288
+* Block INPUT from public network by default
1289
+
1290
+#### 2009-12-15
1291
+
1292
+* configured public wifi
1293
+* firewall rules for br-public
1294
+
1295
+
1296
+
1297
+#### 2009-12-16
1298
+
1299
+* opkg remove ip (freespace 288k)
1300
+* opkg install qos-scripts
1301
+ * Nope. Still not enough space
1302
+* remove /etc/init.d/6bridge /etc/config/6bridge
1303
+* Remove unused ip6tables modules
1304
+ root@router:/jffs# df /dev/mtdblock/4
1305
+ Filesystem 1k-blocks Used Available Use% Mounted on
1306
+ /dev/mtdblock/4 1792 1512 280 84% /jffs
1307
+
1308
+ root@router:/jffs/lib/modules/2.4.35.4# lsmod | grep ip6
1309
+ ip6t_LOG 4556 1
1310
+ ip6t_IMQ 684 0 (unused)
1311
+ ip6t_owner 1020 0 (unused)
1312
+ ip6t_limit 892 2
1313
+ ip6t_frag 924 0 (unused)
1314
+ ip6t_eui64 684 0 (unused)
1315
+ ip6table_mangle 2284 0 (unused)
1316
+ ip6table_filter 1740 1
1317
+ ip6_tables 17440 8 [ip6t_LOG ip6t_IMQ ip6t_owner ip6t_limit ip6t_frag ip6t_eui64 ip6table_mangle ip6table_filter]
1318
+
1319
+ root@router:/jffs/lib/modules/2.4.35.4# rmmod ip6t_owner ip6t_frag ip6t_eui64
1320
+ root@router:/jffs/lib/modules/2.4.35.4# rm ip6t_owner.o ip6t_frag.o ip6t_eui64.o
1321
+
1322
+ root@router:/jffs/lib/modules/2.4.35.4# df /dev/mtdblock/4
1323
+ root@router:/# vim /etc/modules.d/49-ip6tables
1324
+ Filesystem 1k-blocks Used Available Use% Mounted on
1325
+ /dev/mtdblock/4 1792 1508 284 84% /jffs
1326
+
1327
+
1328
+
1329
+
1330
+
1331
+
1332
+* Borked router - reset required
1333
+
1334
+
1335
+
1336
+#### 2010-01-03
1337
+
1338
+* Suspicious rules found in iptables
1339
+ Chain zone_wan (1 references)
1340
+ pkts bytes target prot opt in out source destination
1341
+ 60899 4775K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
1342
+ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
1343
+
1344
+
1345
+
1346
+ * Rules accepted all traffic. DNS was externally visible.
1347
+ * Rules removed
1348
+
1349
+
1350
+* Fixed [IPv6][35]
1351
+ ip -6 addr add 2001:470:903c:c0a8::1/64 dev br-lan
1352
+ ip -6 addr add 2001:470:903c:ac10::1/64 dev br-public
1353
+
1354
+
1355
+
1356
+ * Broken by missing addresses on router br-lan and br-public interfaces
1357
+ * Should br-lan and br-public also get autoconfigured by radvd?
1358
+
1359
+
1360
+
1361
+#### 2010-01-19
1362
+
1363
+* Give Michelle a static IP 172.16.0.100
1364
+* NAT GRE
1365
+ iptables -t nat -A zone_wan_prerouting -p gre -j DNAT --to-destination 172.16.0.100
1366
+
1367
+
1368
+
1369
+
1370
+
1371
+#### 2010-02-26
1372
+
1373
+* Switch br-lan back to 192.168.1.0/24
1374
+* Rename "30 Rustat Public" to "[SavePublicWifi][55][?][55].org"
1375
+
1376
+
1377
+
1378
+#### 2010-03-02
1379
+
1380
+* Set wl0 txpower to 25dBm
1381
+
1382
+` iwconfig wl0 txpower 25dBm `
1383
+
1384
+
1385
+
1386
+#### 2010-03-03
1387
+
1388
+* Upgrade to [OpenWrt][42][?][42]-8.09.2
1389
+* Fix configuration of dnsmasq (used to have /etc/resolv.conf.opendns)
1390
+
1391
+
1392
+
1393
+#### 2010-03-04
1394
+
1395
+* Install mini-snmpd
1396
+
1397
+
1398
+
1399
+#### 2010-03-16
1400
+
1401
+* Reverted to Linksys firmware
1402
+
1403
+
1404
+
1405
+#### 2010-05-04
1406
+
1407
+* [OpenWrt][42][?][42] 10.03
1408
+* Got snmp and ipv6 working again
1409
+
1410
+
1411
+
1412
+#### 2010-10-27
1413
+
1414
+* Installed miniupnpd
1415
+
1416
+
1417
+
1418
+#### 2010-12-16
1419
+
1420
+* Reenabled ppp ipv6 following [Proto 41 Filtering][56]
1421
+
1422
+
1423
+
1424
+#### 2011-06-06
1425
+
1426
+* Configure native [IPv6][35]
1427
+ * Enable ipv6 on PPP link through Luci (AdministrationInterfaces)
1428
+
1429
+
1430
+
1431
+#### 2011-06-14
1432
+
1433
+* Change remove host address from bridged interfaces. (Replaced :1 with ::)
1434
+* Restarted wan to fix ipv6 routing issue
1435
+ # ifdown wan ; sleep 3 ; ifup wan
1436
+
1437
+
1438
+
1439
+
1440
+
1441
+#### 2011-11-09
1442
+
1443
+* Move to AAISP
1444
+* [IPv6][35] routing failure fixed by restarting radvd
1445
+
1446
+
1447
+
1448
+#### 2013
1449
+
1450
+* On hiatus while at #25.
1451
+* 192.168.0.13 DHCP must be reserved for Pivos Xios
1452
+
1453
+
1454
+
1455
+#### 2013-10-20
1456
+
1457
+* Investigate and abandon upgrade to [OpenWrt][42][?][42]-12.09 "attitude adjustment"
1458
+* Create git repo for settings
1459
+
1460
+
1461
+
1462
+#### 2013-10-22
1463
+
1464
+* Configure for PPTP-to-[PPPoA][57][?][57] with Sky
1465
+
1466
+
1467
+
1468
+# To Do
1469
+
1470
+## [QoS][40][?][40]
1471
+
1472
+## [OpenWrt][42][?][42] 12.03 Attitude Adjustment
1473
+
1474
+* <http://downloads.openwrt.org/attitude_adjustment/12.09/brcm47xx/generic/>
1475
+
1476
+
1477
+
1478
+## Nodogplash
1479
+
1480
+* Add nodogsplash, need to free space first
1481
+
1482
+
1483
+
1484
+## [IPv6][35] UDP broken
1485
+
1486
+* UDP responses aren't passed in by stateless firewall
1487
+* Breaks DNS over [IPv6][35]
1488
+
1489
+
1490
+
1491
+## Public Wifi
1492
+
1493
+* Route [SavePublicWifi][55][?][55].org through tor
1494
+* <http://hardy.dropbear.id.au/blog/2008/02/hosting-multiple-wireless-networks-on-openwrt>
1495
+* <http://kokoro.ucsd.edu/nodogsplash/>
1496
+* Needs a reflash upgrade
1497
+* <http://p3f.gmxhome.de/OpenWRT/Configure-OpenVPN.html>
1498
+* <https://forum.openwrt.org/viewtopic.php?id=19137&p=1>
1499
+
1500
+
1501
+
1502
+1. vim: set syntax=pmwiki:
1503
+
1504
+ [35]: IPv6
1505
+ [38]: http://blog.silviosilva.com/index.php/2009/03/15/ipv6_tunnelbroker_openwrt/
1506
+ [43]: http://wlan-lj.net/browser/branches/openwrt/packages/net/mini_snmpd/files/mini_snmpd.config?order=date
1507
+ [44]: http://wlan-lj.net/browser/branches/openwrt/packages/net/mini_snmpd/files/mini_snmpd.init?order=date
1508
+ [45]: http://downloads.openwrt.org/attitude_adjustment/12.09/brcm47xx/generic/openwrt-wrt54g-squashfs.bin
1509
+ [46]: WRT54GL
1510
+ [47]: Hastur
1511
+ [48]: http://downloads.linksysbycisco.com/downloads/firmware/1224638744664/WRT54GL_v4.30.11_012_ETSI_EN_code.rar
1512
+ [50]: MobileRouter
1513
+ [52]: http://downloads.x-wrt.org/xwrt/kamikaze/8.09/brcm-2.4/default/openwrt-brcm-2.4-squashfs.trx
1514
+ [54]: http://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg03862.html
1515
+ [56]: Proto41Filtering
Network/WanBonding.md
... ...
@@ -0,0 +1,166 @@
1
+---
2
+title: WanBonding
3
+---
4
+
5
+See Also
6
+: [VPN][1]
7
+
8
+
9
+
10
+# Requirements
11
+
12
+* Router with multiple WAN devices
13
+* [VPN][1] or [VPS][2][?][2] supporting channel bonding driver within containers
14
+* Low-overhead encryption
15
+
16
+
17
+
18
+## Optional
19
+
20
+* Geo-targeting avoidance
21
+
22
+
23
+
24
+# Configuration
25
+
26
+* <http://simonmott.co.uk/vpn-bonding>
27
+* <https://johnlewis.ie/bonding-teaming-internet-connections/>
28
+* <https://www.privateinternetaccess.com/forum/discussion/3627/internet-bonding-with-pia-and-possibly-pfsense>
29
+
30
+
31
+
32
+## [OpenWRT][3][?][3] Barrier Breaker
33
+
34
+opkg update
35
+opkg install ifenslave # also installs kmod-bonding
36
+opeg install openvpn-nossl # test without SSL initially
37
+
38
+[[$[Get Code]]][4]
39
+
40
+
41
+
42
+### Configure [OpenVPN][5][?][5] tun interfaces
43
+
44
+tun
45
+: layer 3 tunnel (i.e. a gateway)
46
+
47
+tap
48
+: layer 2 tunnel (i.e. an ethernet switch with the associated overhead of ethernet headers)
49
+
50
+We don't need ethernet switching so use an ip tunnel.
51
+
52
+
53
+
54
+### Configure bonding
55
+
56
+* <http://wiki.mikrotik.com/wiki/Manual:Interface/Bonding>
57
+
58
+
59
+
60
+balance-rr
61
+: round-robin splits all connections across slaves
62
+
63
+balance-xor L2
64
+: splits based on (src-MAC xor dst-MAC). Wouldn't work for point-to-point bonded links
65
+
66
+balance-xor L3
67
+: splits based on src or dest host. Same as per-connection balancing
68
+
69
+balance-tlb
70
+: adaptive load-balancing (with both ends operating tlb, should achieve the same effect as balance-alb)
71
+
72
+Configure `/etc/network/interfaces`
73
+
74
+ iface bond0 inet static
75
+ address 172.26.0.2
76
+ netmask 255.255.255.252
77
+ bond-slaves tun0 tun1
78
+ bond_mode balance-rr
79
+
80
+
81
+
82
+
83
+## [OpenVZ][6][?][6] - Debian 6
84
+
85
+[OpenVZ][6][?][6] doesn't seem to create `bond0` when the bonding driver is enabled in the kernel.
86
+
87
+Configure `/etc/network/interfaces`
88
+
89
+ iface bond0 inet static
90
+ address 172.26.0.1
91
+ netmask 255.255.255.252
92
+ bond-slaves tun0 tun1
93
+ bond_mode balance-rr
94
+
95
+
96
+
97
+
98
+## Xen
99
+
100
+2.6.32.28-xenU on Rimu definitely does have bonding.
101
+
102
+$ zgrep BONDING /proc/config.gz
103
+CONFIG_BONDING=y
104
+
105
+[[$[Get Code]]][7]
106
+
107
+
108
+
109
+# VPS Suppliers
110
+
111
+VPS search engine
112
+: <http://serverbear.com/compare?Sort=Monthly+Cost&Order=asc&Server+Type=VPS&Monthly+Cost=-&HDD=-&RAM=-&Bandwidth=200000000000-&Country=UK&City=&Virtualization=>
113
+
114
+
115
+
116
+| Supplier Plan | Bandwith (GB) | Cost £/mnth |
117
+|:---------------------------------- | ------------- | ----------- |
118
+| [MiniVPS][8][?][8] 2 | 250 | [2][9] |
119
+| [UK2][10][?][10] [VPS1][11][?][11] | 3000 | [5][12] |
120
+| Digital Ocean $5/mo | 1000 | [3.25][13] |
121
+
122
+
123
+
124
+# VPN Suppliers
125
+
126
+## [IPVanish][14][?][14]
127
+
128
+Site
129
+: <https://www.vpncompare.co.uk/ipvanish-com-information/>
130
+
131
+Connections
132
+: 1 [OpenVPN][5][?][5], 1 other
133
+
134
+
135
+
136
+## Private Internet Access (PIA)
137
+
138
+Site
139
+: <https://www.privateinternetaccess.com/>
140
+
141
+Connections
142
+: 5
143
+
144
+
145
+
146
+# Non-VPN Suppliers
147
+
148
+## Speedify
149
+
150
+Site
151
+: <http://speedify.com/features/channel-bonding/>
152
+
153
+
154
+
155
+# Client Router
156
+
157
+## Multipath TCP
158
+
159
+<http://wiki.openwrt.org/doc/uci/mptcp>
160
+
161
+ [1]: VPN
162
+ [4]: WanBonding?action=sourceblock&num=1
163
+ [7]: WanBonding?action=sourceblock&num=2
164
+ [9]: https://www.minivps.co.uk/budgetvps.php
165
+ [12]: https://www.uk2.net/vps-cloud-hosting/ssd-vps/#build-your-cloud
166
+ [13]: https://www.digitalocean.com/pricing/
Network/Web.md
... ...
@@ -0,0 +1,44 @@
1
+---
2
+title: Web
3
+---
4
+
5
+# Requirements
6
+
7
+* Manage network features
8
+* Accessible remotely?
9
+
10
+
11
+
12
+# Systems
13
+
14
+* Downloads
15
+ * rutorrent
16
+* Network status
17
+ * Cacti
18
+* Media
19
+ * XBMC
20
+ * Airplay?
21
+* [HomeAutomation][1]
22
+* [House Club][2] systems
23
+ * Calendaring
24
+ * Room reservation / visitor scheduling
25
+ * Event planning
26
+ * Purchasing
27
+
28
+
29
+
30
+# Options
31
+
32
+* Django-based with plugins
33
+ * <http://grappelliproject.com/>
34
+* [Mezzanine][3]
35
+
36
+
37
+
38
+## Room Reservation
39
+
40
+* MRBS (php)
41
+
42
+ [1]: HomeAutomation
43
+ [2]: /House/Club
44
+ [3]: http://mezzanine.jupo.org/
... ...
\ No newline at end of file
Network/WirelessPeering.md
... ...
@@ -0,0 +1,67 @@
1
+---
2
+title: WirelessPeering
3
+---
4
+
5
+# Objectives
6
+
7
+* Peer two private networks using wifi
8
+* Provide redundant net connection for either network
9
+
10
+
11
+
12
+# Hardware
13
+
14
+* One wifi access point per network
15
+
16
+## [DWL2100][1][?][1]-AP
17
+
18
+* 2x D-Link [DWL2100][1][?][1]-AP (?)
19
+
20
+## Fonera [FON2201][2][?][2]
21
+
22
+* [£35][3] on eBay
23
+
24
+
25
+
26
+# Networking
27
+
28
+* Bridge (WDS?)
29
+
30
+
31
+
32
+## Security
33
+
34
+* No WPA?
35
+* WEP weakens security
36
+* VPN?
37
+* Move to separate subnet or VLAN?
38
+
39
+
40
+
41
+## Addressing Options
42
+
43
+### 1:1 NAT on both ends
44
+
45
+Local (192.168.0.x)->(192.168.66.0) [AP0][4][?][4] -> [AP1][5][?][5] (x.x.66.0)->(x.x.x.x) Remote
46
+
47
+
48
+
49
+## Name resolution
50
+
51
+* Static?
52
+
53
+
54
+
55
+* * *
56
+
57
+# Links
58
+
59
+* <http://stromberg.dnsalias.org/~strombrg/WDS-notes.html>
60
+
61
+
62
+
63
+# DWL-2100AP
64
+
65
+* <http://xoomer.virgilio.it/ramponis/>
66
+
67
+ [3]: http://cgi.ebay.co.uk/Fon-Fonera-WLAN-Router-FON2201-/170507076310?cmd=ViewItem&pt=UK_Computing_Networking_SM&hash=item27b30382d6
Network/Yuggoth.md
... ...
@@ -0,0 +1,16 @@
1
+---
2
+title: Yuggoth
3
+---
4
+
5
+Server for publically accessible services.
6
+
7
+Remote DNS resolver for [GeolocationTunneling][1].
8
+
9
+
10
+
11
+# Updating letsencrypt
12
+
13
+See [LetsEncrypt][2].
14
+
15
+ [1]: GeolocationTunneling
16
+ [2]: LetsEncrypt
... ...
\ No newline at end of file