Service list for my own home cloud

Reading Time: 1 minute

Following is a list of services build on my home cloud infra:

  1. dynamic dns
  2. openvpn, sshd, mosh
  3. nextcloud (mysql, redis); email integration to yahoomail, 2fa, auto sync, mobile photo auto uploading; onlyoffice integration (todo)
  4. wordpress (docker), mysql
  5. plex server (tautulli)
  6. transmission (transmission-rss)
  7. shinobi for cctv (to-do)
  8. kodi

Services for operations and maintenance:

  1. Prometheus and grafana
  2. kafka, fluentd and ELK stack (to-do)
  3. node-exporter for all nodes (agent to prometheus)

Archlinux – rolling release & setting up openvpn

Reading Time: 2 minutes

Installing Archlinux for the benefits of rolling updates which does not require full upgrades, which most likely will break some stuffs.  Refer to following URL explaining top reasons for using arch linux over ubuntu:

https://www.cio.com/article/2898189/five-reasons-i-roll-with-arch-linux-and-why-you-should-too.html

For fixed IP address, change:

# vim /etc/systemd/network/eth0.network

[Network]
Address=192.168.1.x/24
Gateway=192.168.1.1
DNS=8.8.8.8
DNS=8.8.4.4

Migrating software packages from 1 machine to another, listing all software from source machine:

# pacman -Qqen > Packages

Installing all software on target machine:

# xargs -a Packages pacman -S --noconfirm --needed

Changing hostname:

#vim /etc/hostname
u3

Setting up Openvpn server:

Ensure tun kernel module is loaded:

# vim /etc/modules-load.d/tun.conf
# Load tun module at boot tun
tun

Reboot, and check if tun module automatically loaded on startup:

[root@u3 ~]# lsmod |grep tun
tun 49152 0
[root@u3 ~]#

Install openvpn and easy-rsa, initialize a new PKI and generate a CA keypair that will be used to sign certificates:

# pacman -S openvpn easy-rsa

# cd /etc/easy-rsa
# export EASYRSA=$(pwd)
# easyrsa init-pki
# easyrsa build-ca

get the openvpn install script for arch linux:

# curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh
# chmod +x openvpn-install.sh
# ./openvpn-install.sh

then you will get a file with <name>.ovpn,  use the file to configure for your client openvpn client, and you have a openvpn tunnel from client to server.

You have to troubleshoot using either iptables (iptables -L) commands to check firewall rules and journalctl -xe (server logs).

Adding firewall rules to allow openvpn incoming traffice:

# iptables -A INPUT -p udp --destination-port 1194 -j ACCEPT