家里的搞机梳理

背景

把自己之前用的一台笔记本电脑装成了 linux,用来跑一些服务,跑一些东西

基本环境搭建

  • 内网域名系统构建 (dns) => 可使用 使用webmin管理机器

  • 给所有机器配置 dns

    • 修改 resolvectl
      1
      2
      resolvectl status
      resolvectl dns enp1s0 127.0.0.1 192.168.1.4 192.168.1.1
    • 修改 dhcp 配置,使其不主动修改 dns
      1
      2
      3
      4
      5
      6
      7
      vim /etc/dhcp/dhclient.conf
      # 放开下面这项
      # prepend domain-name-servers 192.168.1.4;

      # 重启服务(ubuntu)
      systemctl restart NetworkManager
      # centos: systemctl restart network
    • 修改主机 dns 配置
      1
      2
      3
      4
      5
      6
      7
      8
         vim /etc/systemd/resolved.conf
      #   [Resolve]
      #   DNSStubListener=no # 修改这项为 no
      systemctl restart systemd-resolved

      vim /etc/resolv.conf
      # 修改为自己的 dns
      # nameserver 192.168.1.4

  • 搭建 k8s 系统 => 记一次k3s环境搭建记录

  • 搭建 应用中心 => 我选的 casos,基于 docker 的

要跑的东西

文件空间

  • smb + syncthing

媒体存储

  • PhotoPrism

大致效果展示

解决的一些问题

休眠问题

  1. 设置 systemd 屏蔽休眠信号
    1
    sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
  2. 设置 /etc/systemd/logind.conf 屏蔽休眠触发
    1
    2
    3
    4
    5
    HandleSuspendKey=ignore
    HandleLidSwitch=ignore
    HandleLidSwitchDocked=ignore
    HandleHibernateKey=ignore
    HandleHybridSleepKey=ignore
  3. 重启systemd logind
    1
    sudo systemctl restart systemd-logind.service

https 证书

  • 使用 mkcert 安装自签根证书
    1
    2
    3
    mkcert -install  # 安装根证书
    cd "$(mkcert -CAROOT)" # 进入到根证书目录
    ls
  • 把 cert.CA copy 到 linux 机器上的 /usr/share/ca-certificates/
    1
    2
    3
    # 转成 crt 格式 (我放到了 longmac 子目录,好管理)
    openssl x509 -in /usr/share/ca-certificates/longmac/rootCA.pem -outform der -out rootCA.crt

  • 更新信任的证书链
    1
    2
    # 强制更新
    update-ca-certificates --fresh

在 docker debian 容器中有一些操作

1
2
3
-v long_dev_CA.pem:/usr/share/ca-certificates/long_dev_CA.pem
echo 'long_dev_CA.pem' >> /etc/ca-certificates.conf && update-ca-certificates

挂磁盘

  • 查看要挂的磁盘
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    fdisk -l

    Device       Start       End   Sectors   Size Type
    /dev/sda1     2048   2203647   2201600     1G EFI System
    /dev/sda2  2203648 250066943 247863296 118.2G Linux filesystem


    Disk /dev/sdb: 238.47 GiB, 256060514304 bytes, 500118192 sectors
    Disk model:  SL500 256GB
    Units: sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 4096 bytes
    I/O size (minimum/optimal): 4096 bytes / 4096 bytes
    Disklabel type: gpt
    Disk identifier: 8D6F2202-44C7-4353-9D60-0FE1FE3CAC96

    Device      Start       End   Sectors   Size Type
    /dev/sdb1      40    409639    409600   200M EFI System
    /dev/sdb2  409640 499856007 499446368 238.2G Apple HFS/HFS+
  • 格式化 sdb
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    root@longserver:~# mkfs.ext4 /dev/sdb
    mke2fs 1.46.5 (30-Dec-2021)
    Found a gpt partition table in /dev/sdb
    Proceed anyway? (y,N) y
    Creating filesystem with 62514774 4k blocks and 15630336 inodes
    Filesystem UUID: 9d7b2b42-7dc0-456f-a65c-9e7239400690
    Superblock backups stored on blocks:
    	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
    	4096000, 7962624, 11239424, 20480000, 23887872

    Allocating group tables: done
    Writing inode tables: done
    Creating journal (262144 blocks):
    done
    Writing superblocks and filesystem accounting information: done

  • 自动挂载到 mnt 下
    1
    echo '/dev/disk/by-uuid/9d7b2b42-7dc0-456f-a65c-9e7239400690 /mnt/sharedisk ext4 defaults 0 1' >> /etc/fstab
  • 挂一下
    1
    2
    3
    4
    mount -a

    df -h |grep sdb
    /dev/sdb        234G   28K  222G   1% /mnt/sharedisk

容器内问题

  • apline 3.14 更新阿里镜像源

    1
    2
    3
    4
    5
    6
    cat << EOF > /etc/apk/repositories
    http://mirrors.aliyun.com/alpine/v3.14/main
    http://mirrors.aliyun.com/alpine/v3.14/community
    EOF

    apk update

  • 修改 debian bullseye 镜像源 (可以写一个聚合脚本)

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    cat << EOF > /etc/apt/sources.list
    deb https://mirrors.aliyun.com/debian/ bullseye main non-free contrib
    deb-src https://mirrors.aliyun.com/debian/ bullseye main non-free contrib
    deb https://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
    deb-src https://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
    deb https://mirrors.aliyun.com/debian/ bullseye-backports main contrib non-free
    deb-src https://mirrors.aliyun.com/debian/ bullseye-backports main contrib non-free
    deb https://mirrors.aliyun.com/debian-security bullseye-security main
    deb-src https://mirrors.aliyun.com/debian-security bullseye-security main
    EOF

    镜像源用这个工具实现吧: https://github.com/iamlongalong/repomgr

  • 安装 dig 工具

    1
    2
    3
    4
    5
    # alpine: 
    apk add bind-tools

    # debian: 
    apt-get install dnsutils -y

  • docker 使用 root 进入容器

    1
    docker exec -u 0 -it

  • docker 中使用 dns 的坑

    1
    2
    3
    4
    5
    6
    7
    8
    docker network 模式的问题,dig 主机 ip:53 得到的是 docker bridge 的 ip 返回的,所以会报错。
    ;; reply from unexpected source: 172.17.0.1#53, expected xx.xx.xx.xx#53

    算是 docker 网桥的一个坑吧…… 因为 dns 会被设置为 127.0.0.11 ,中间走了一个代理,就很恶心

    解决方法:
    - 所有东西放到一个 network 下
    - 把 dns 设置为当前 network 的网桥 ip

无线网卡

  • 查看网卡情况 ip a s
    1
    3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
  • 连接 wifi
    1
    sudo nmcli device wifi connect "<wifi_name>" password "<password>" ifname wlp3s0
  • 下载 speedtest 测网速
    1
    2
    3
    4
    5
    6
    7
    wget https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-x86_64.tgz

    tar xvf ookla-speedtest-1.2.0-linux-x86_64.tgz

    sudo cp speedtest /usr/local/bin

    rm speedtest && rm ookla-speedtest-1.2.0-linux-x86_64.tgz
  • 测试网速 speedtest -I wlp3s0
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    long@longbig ➜ netspeed speedtest

       Speedtest by Ookla

    [error] Error: [110] Cannot open socket: Timeout occurred in connect.
         Server: China Mobile Group Beijing Co.Ltd - Beijing (id = 25858)
            ISP: China Mobile
        Latency:     4.18 ms   (0.05 ms jitter)
       Download:    93.38 Mbps (data used: 42.1 MB)
         Upload:    93.57 Mbps (data used: 42.1 MB)
    Packet Loss:     0.0%
     Result URL: https://www.speedtest.net/result/c/4ca9597b-9f80-4d0f-9ed8-baa5c984b4ea
    long@longbig ➜ netspeed speedtest -I wlp3s0

       Speedtest by Ookla

    [error] Error: [110] Cannot open socket: Timeout occurred in connect.
         Server: China Mobile Group Beijing Co.Ltd - Beijing (id = 25858)
            ISP: China Mobile
        Latency:     4.57 ms   (0.19 ms jitter)
       Download:   392.47 Mbps (data used: 497.7 MB)
         Upload:   101.96 Mbps (data used: 162.5 MB)
    Packet Loss:     0.0%
     Result URL: https://www.speedtest.net/result/c/25ac366e-c728-4d1b-baab-42d69f88929c

有线用的网线有点老了,只有 100 Mbps,用无线反倒能达到接近 400 Mbps。 其实无线现在性能挺强的,离路由器近点能达到 接近 1000 Mbps。

vncserver

x!vncserver 要使用设备真的不友好!!老老实实装个显示屏吧……

  • 以下是允许 root 用户用图形界面登录 (虽然也解决不了设备问题)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    vim /etc/pam.d/gdm-password

    # 注释下面这行,用于允许 root 以图形界面登录
    # auth required pam_succeed_if.so user != root quiet_success

    sudo vim /etc/gdm3/custom.conf
    # [security]
    # AllowRoot = true

inotify-tool

1
sudo apt-get install inotify-tools
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash

WATCH_DIR="/opt/sharedata/longvideos"

set -x

inotifywait -m -e close_write "$WATCH_DIR" --format '%w%f' |
while read FILE
do
    echo "read file" "$FILE"

    sudo chmod 664 "$FILE"
    if <a href="/notpublish/index.html" name=" "$FILE" == *.mp4 " > "$FILE" == *.mp4 </a>; then
        echo "<<<<< start to handle file" "$FILE"
        # 获取文件名和路径
        NAME=$(basename "$FILE" .mp4)
        DIR=$(dirname "$FILE")
        NEW_DIR="$DIR/$NAME"

        # 创建同名文件夹并将文件移动到该文件夹中
        mkdir -m 775 "$NEW_DIR"

        #mv "$FILE" "$NEW_DIR"

        # 使用ffmpeg转换文件
        ffmpeg -i "$NAME.mp4" -c:v copy -c:a copy -y "$NEW_DIR/$NAME.mp4"

        # 删除原来的.mp4文件
        rm "$NAME.mp4"
        rm "$NAME.mkv"

        # 提取音频并存放在同一文件夹下
        ffmpeg -i "$NEW_DIR/$NAME.mp4" -vn -y "$NEW_DIR/$NAME.mp3"

        chmod -R 775 "$NEW_DIR"

        # 调用sync命令,同步到指定目录
        cp -rf "$NEW_DIR" /mnt/shandisk/share/longvideos/

        echo "已执行命令:ffmpeg -i $FILE -c:v copy -c:a copy $FILE"
    fi
done
1
2
# 没办法的兼容做法了
sudo vim /etc/systemd/system/recordffmpeg.service
1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=record ffmpeg
After=network.target

[Service]
ExecStart=/opt/sharedata/longvideos/scripts/record.sh
User=root
Restart=on-failure
RestartSec=2

[Install]
WantedBy=multi-user.target

lsyncd

这是一个用监听文件夹的方式同步文件的工具

1
2
3
4
5
6
sudo apt-get install lsyncd

sudo touch /var/log/lsyncd-status.log
sudo chmod 777 /var/log/lsyncd-status.log

sudo vim /etc/lsyncd/lsyncd.conf.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
settings {
    logfile = "/var/log/lsyncd.log",
    statusFile = "/var/log/lsyncd-status.log",
    statusInterval = 30
}

sync {
    default.rsync,
    source="/opt/sharedata/longvideos/",
    target="/mnt/shandisk/share/longvideos/",
    delay = 10,
    rsync = {
        archive = true,
        compress = false,
        verbose = true
    }
}

The smallest flower is a thought, a life answering to some feature of the Great Whole, of whom they have a persistent intuition.
Honoré de Balzac

WIP 搞机 #服务器

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!