Ubuntu/Bespin: Difference between revisions

Latest revision as of 05:38, 19 August 2020

Step by Step Articles

All the setup involved for bespin, a Ubuntu 18.04 desktop server.

Ubuntu/Bespin/Initial Setup - initial setup of the Ubuntu machine

Ubuntu/Bespin/Gnome Setup - setting up gnome on the Ubuntu machine

Ubuntu/Bespin/Ansible - setting up and running an Ansible role for the machine

Ubuntu/Bespin/PIA - set up a PIA VPN tunnel using OpenVPN

Ubuntu/Bespin/DNS - removing the built-in DNS server on Ubuntu and replacing it with dnsmasq

Ubuntu/Bespin/PiHole - run an instance of PiHole, the DNS sinkhole, in a Docker container; install it between dnsmasq and the VPN tunnel, so all DNS queries will pass through the PiHole

Ubuntu/Bespin/Iptables - Update the iptables rules to allow better protection of the server and be less permissive

Ubuntu/Bespin/TIL - the summary of "today I learned" things that I learned while setting up Bespin

Old Irrelevant Articles

Articles that are no longer relevant to bespin but that may have useful information for some future project.

~~Ubuntu/Bespin/Second AP Tunnel~~ - this ended in failure, twice. short version: you can't have multiple simultaneous PIA tunnels in OpenVPN without significant extra configuration, so no need to go this above and beyond.

~~Ubuntu/Bespin/Wifi Repeater~~ - using bespin to run hostapd and make a wifi repeater

~~Ubuntu/Bespin/Old/Wifi AP Setup~~ set up a wireless AP to create/host a wifi hotspot on the machine

~~Ubuntu/Bespin/Old/AP PIA Tunnel~~ - route traffic from a wireless AP to a PIA VPN tunnel

~~Ubuntu/Bespin/Old/Iptables~~ - old iptables rules for things that aren't actually running on Bespin

@@ Line 1: / Line 1: @@
-=Setup=
+==Step by Step Articles==
-==Aptitude update==
+All the setup involved for bespin, a Ubuntu 18.04 desktop server.
-During installation, we allow setup to join the wifi network. On first boot, the network manager will be running and will be connected to the same wifi network. We will disable network manager eventually, but first get some software.
+* [[Ubuntu/Bespin/Initial Setup]] - initial setup of the Ubuntu machine
-<pre>
+* [[Ubuntu/Bespin/Gnome Setup]] - setting up gnome on the Ubuntu machine
-sudo apt-get update
-sudo apt-get -y install vim gnome-tweak-tool net-tools
-</pre>
-Set caps lock as a control key.
+* [[Ubuntu/Bespin/Ansible]] - setting up and running an Ansible role for the machine
-==Allow sudo for user==
+* [[Ubuntu/Bespin/PIA]] - set up a [[PIA]] VPN tunnel using [[OpenVPN]]
-Create wheel group:
+* [[Ubuntu/Bespin/DNS]] - removing the built-in DNS server on Ubuntu and replacing it with dnsmasq
-<pre>
+* [[Ubuntu/Bespin/PiHole]] - run an instance of PiHole, the DNS sinkhole, in a Docker container; install it between dnsmasq and the VPN tunnel, so all DNS queries will pass through the PiHole
-sudo groupadd wheel
-</pre>
-Add user to group:
+* [[Ubuntu/Bespin/Iptables]] - Update the iptables rules to allow better protection of the server and be less permissive
-<pre>
+* [[Ubuntu/Bespin/TIL]] - the summary of "today I learned" things that I learned while setting up Bespin
-sudo usermod -a -G wheel <your-username-here>
-</pre>
-Allow wheel group users passwordless sudo, first use visudo to edit the sudoers file:
+==Related Articles==
-<pre>
+* [[Ubuntu/OpenVPN Server]] - set up an OpenVPN server on a Ubuntu machine (not running on bespin)
-EDITOR=vi visudo
-</pre>
-Now add this line to the end:
+==Old Irrelevant Articles==
-<pre>
+Articles that are no longer relevant to bespin but that may have useful information for some future project.
-%wheel ALL=(ALL) NOPASSWD: ALL
-</pre>
-==Install ssh==
+* <s>[[Ubuntu/Bespin/Second AP Tunnel]]</s> - this ended in failure, twice. short version: you can't have multiple simultaneous PIA tunnels in OpenVPN without significant extra configuration, so no need to go this above and beyond.
-Install ssh and server:
+* <s>[[Ubuntu/Bespin/Wifi Repeater]]</s> - using bespin to run hostapd and make a wifi repeater
-<pre>
+* <s>[[Ubuntu/Bespin/Old/Wifi AP Setup]]</s>  set up a wireless AP to create/host a wifi hotspot on the machine
-sudo apt-get install ssh
-</pre>
-Start the server:
+* <s>[[Ubuntu/Bespin/Old/AP PIA Tunnel]]</s> - route traffic from a wireless AP to a PIA VPN tunnel
-<pre>
+* <s>[[Ubuntu/Bespin/Old/Iptables]]</s> - old iptables rules for things that aren't actually running on Bespin
-sudo service ssh start
-</pre>
-==Configure WPA Supplicant==
-We want to configure wifi manually, and disable the network manager. This requires some preparation to manually join a wifi network with wpa supplicant.
-First set your wpa supplicant to join a wifi network.
-<code>/etc/wpa_supplicant/wpa_supplicant.conf</code>
-<pre>
-ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
-update_config=1
-network={
-    ssid="yournetworkhere"
-    proto=RSN
-    key_mgmt=WPA-PSK
-    pairwise=CCMP TKIP
-    group=CCMP TKIP
-    psk="yourpskhere"
-}
-</pre>
-Next add the 2 usb wifi devices to network interfaces file. The following etc network interfaces file assumes that wlan0 will be joining an existing wifi network, and wlan1 will be in manual mode so it can be used as an AP.
-<code>/etc/network/interfaces</code>
-<pre>
-allow-hotplug wlan0
-wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
-iface wlan0 inet dhcp
-allow-hotplug wlan1
-iface wlan1 inet static
-    address 192.168.10.1
-    netmask 255.255.255.0
-    gateway 192.168.10.1
-</pre>
-except actually the iface names were dependent on the mac addresses of the wifi cards.
-==WPA Supplicant Startup Service==
-Copy a wpa supplicant service template:
-<pre>
-sudo cp /lib/systemd/system/wpa_supplicant.service /etc/systemd/system/wpa_supplicant.service
-</pre>
-Edit the file
-<pre>
-sudo vim /etc/systemd/system/wpa_supplicant.service
-</pre>
-Change this line from this:
-<pre>
-ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
-</pre>
-to this:
-<pre>
-ExecStart=/sbin/wpa_supplicant -u -s -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlan0
-</pre>
-Also, remove the following line if it is present:
-<pre>
-Alias=dbus-fi.w1.wpa_supplicant1.service # DELETE ME!
-</pre>
-Now enable this service to start on boot:
-<pre>
-sudo systemctl enable wpa_supplicant.service
-</pre>
-==Dhclient Startup Service==
-Create a dhclient startup service:
-<code>/etc/systemd/system/dhclient.service</code>
-<pre>
-[Unit]
-Description= DHCP Client
-Before=network.target
-[Service]
-Type=simple
-ExecStart=/sbin/dhclient wlan0 -v
-ExecStop=/sbin/dhclient wlan0 -r
-[Install]
-WantedBy=multi-user.target
-</pre>
-Enable the dhclient startup service to start on boot:
-<pre>
-sudo systemctl enable dhclient.service
-</pre>
-===Requesting Static IP===
-If you want to request a static IP from the router, add this to the dhclient config file:
-<code>/etc/dhcp/dhclient.conf</code>
-<pre>
-interface "wlan0" {
-     send dhcp-requested-address 192.168.0.122;
-}
-</pre>
-==Disable Network Manager==
-Next step is to disable the network manager.
-<pre>
-sudo systemctl disable network-manager
-sudo systemctl stop network-manager
-</pre>
-Don't uninstall it, because that will uninstall a bunch of other important gnome packages and you'll be left with a stupid broken ubuntu.
-==Tweaking Gnome==
-Now tweak it:
-* Tweak tools
-* Set up like a mac
-* plank and startup service
-* albert and startup service
@@ Line 192: / Line 42: @@
 [[Category:Ubuntu]]
 [[Category:Linux]]
+[[Category:Unix]]
 [[Category:Machine]]
+[[Category:Bespin]]

Ubuntu/Bespin: Difference between revisions

From charlesreid1

Latest revision as of 05:38, 19 August 2020

Step by Step Articles

Related Articles

Old Irrelevant Articles