Home Lab

Ubuntu Server sur raspberry pi 4

Préparer la carte microSD

avec rpi-imager

ouvrir le menu “CHOOSE OS”

choisir “Other general-purpose OS”

choisir "Ubuntu 22.04 LTS server for 64 bit architectures."

ouvrir “Choose Storage”

sélectionner la carte

avant de cliquer sur "Write", sélectionner la roue pour configurer les options avancés

Prémiére mise à jour

sudo apt update && sudo apt full-upgrade

Puis sudo reboot

Ajout des utilisateurs nécessaire

{{< hint warning >}} Important : remplacez "Jeremy" ci-dessous par le nom d'utilisateur que vous souhaitez en tant que nouvel utilisateur. {{< /hint >}}

  1. sudo adduser jeremy

    • You will be asked to enter a password
    • When filling out basic information about the user, you may leave it blank
    Adding user 'jeremy' ...
Adding new group 'jeremy' (1001) ...
Adding new user 'jeremy' (1001) with group 'jeremy' ...
jeremy ALL=(ALL) NOPASSWD: ALL
Creating home directory '/home/jeremy' ...
Copying files from '/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for jeremy
Enter the new value, or press ENTER for the default
  Full Name []: Jeremy Iglehart
  Room Number []:
  Work Phone []:
  Home Phone []:
  Other []:
Is the information correct? [Y/n] Y

  2. sudo adduser jeremy sudo

    Adding user `jeremy' to group `sudo' ...
Adding user jeremy to group sudo
Done.

  3. sudo usermod -aG adm,dialout,cdrom,audio,video,plugdev,games,users,input,netdev,spi,i2c,gpio jeremy

  4. sudo cp /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_jeremy-nopasswd

    • If you don't like typing in the sudo password all the time, copy this file.

  5. sudo chmod u+w /etc/sudoers.d/010_jeremy-nopasswd

    • Add write permissions (so that you can change it)

  6. sudo vi /etc/sudoers.d/010_jeremy-nopasswd

    • Change "pi" to "jeremy"

  7. sudo chmod u-w /etc/sudoers.d/010_jeremy-nopasswd

    • remove write permissions (should be 0440 or -r--r-----)

  8. sudo reboot

    • To allow all settings to go into effect. You may get away with something else here - but rebooting does the trick. Also it ensures that the pi user is fully logged out and has nothing left running.

  9. Login as your new user

monter le disque externe

avec sudo blkid obtenir l'UUID du disque, puis l'ajouter à /etc/fstab

/dev/sda1: LABEL="www" UUID="ae25721b-22e6-412c-bb7e-42a8dc04850f" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="f64f39fd-2fc6-4216-b48f-8de99a2f068c"

mkdir -p /mnt/usb1
deild@tempete:~$ sudo chown -R :users /mnt/usb1/
deild@tempete:~$ sudo chmod -R 775 /mnt/usb1

ajout dans /etc/fstab

UUID=ae25721b-22e6-412c-bb7e-42a8dc04850f	/mnt/usb1	ext4	defaults,auto,users,rw,nofail 	0	0

puis sudo mount /mnt/usb1

playbook

Installation de certificats SSL/TLS avec Certbot (Let’s Encrypt)

Installation

https://howto.wared.fr/ubuntu-certificats-ssl-tls-certbot/ https://certbot.eff.org/instructions?ws=nginx&os=pip

sudo apt update
sudo apt install python3 python3-venv libaugeas0
sudo apt-get remove certbot
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot certbot-nginx
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

sudo certbot --nginx

sudo certbot certonly --nginx

echo "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

ou

SLEEPTIME=$(awk 'BEGIN{srand(); print int(rand()*(3600+1))}'); echo "0 0,12 * * * root sleep $SLEEPTIME && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

sudo /opt/certbot/bin/pip install --upgrade certbot certbot-nginx

sudo certbot certonly --standalone --agree-tos --no-eff-email -d mondomaine.com -d www.mondomaine.com --rsa-key-size 4096

docker

https://docs.docker.com/engine/install/ubuntu/

Pi-hole

Ubuntu - Disabling the Systemd-Resolve Service

sudo systemctl stop systemd-resolved

sudo systemctl disable systemd-resolved

edit sudo nano /etc/resolv.conf remplacer nameserver 127.0.0.53 par nameserver 9.9.9.9