Spinning Up Ubuntu 16.04 on a VPS instance

  • My VPS provider (Vultr) allows inserting a public key at the time of a new instance creation, so I created a new key using an existing Linux command line:
    ssh-keygen -t rsa
  • Name server hostname (I used these instructions (archive) for hostname)
  • Set reverse DNS in VPS server console equal to FQDN
  • Change SSH port & disable password authentication with
    sudo nano "/etc/ssh/sshd_config"
    then restart ssh
    sudo systemctl restart ssh
  • create non root user, copy .ssh folder from root to their profile, making sure to chown newuser for the authorized_keys file, and add the user to group sudo – sudo addgroup groupname.
  • Add auto security updates.
    sudo apt-get install unattended-upgrades
    sudo dpkg-reconfigure unattended-upgrades
    sudo nano /etc/apt/apt.conf.d/50unattended-upgrades **requires root email for notifications*
  • Set time zone
    sudo dpkg-reconfigure tzdata

OpenVPN Server on Ubuntu 16.04

Following this guide.

NOTE 1: In the part where they edit /etc/openvpn/server.conf

I edited the server directive to read:
server 192.168.155.0 255.255.255.0

then my UFW rules are

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to ens3 (change to the interface you discovered!)
-A POSTROUTING -s 192.168.155.0/24 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
Continue reading “OpenVPN Server on Ubuntu 16.04”

Beaumast Part 2

The main challenge installing guy wires onto a tiled roof was how to make anchor points. I went to a local antenna supplier and they told me the usual method is with these long self tapping o-ring bolts. So that’s what I did, it was much easier than I expected.

I used a diamond hole saw from eBay to make 2 holes in the roof tiles, and made use of an existing satellite dish mast for the final mounting point. I used threaded rod to attach a tapped o ring (or whatever you call it) to the satellite mast. Using a wet finger I was able to mold silicon around the anchor bolts in the roof tiles.

Part 1 ->

From my understanding it’s better to be earthed than not… I tried running conduit through this cement path using only an angle grinder and a chisel. This would have taken waay too long. Ended up buying a jack-hammer from gumtree (cheaper than renting). The second earth wire is from a UBNT Ethernet protector in the roof-space. This goes to a separate earth rod a small distance from the mast earth rod.

Project Secure Backup. Part 6

I moved the project to some acrylic in what is possibly the final stage for the project.While I thought the software reset for the Ethernet chip would suffice for connection problems, it appears this isn’t the case. I’ll try reprogramming the chip with an interrupt reboot for the main program loop, currently the device isn’t sending info to ThingSpeak.

Once the code is running smoothly (for at least a week) I’ll add email notifications. In the future I won’t use this Ethernet chip, there is a similarly priced chip I have which is much more capable.

Continue reading “Project Secure Backup. Part 6”

Hardware shutdown switch for RPi

Sometimes I need to power off one of my Raspberry Pis, and since I run these computers headless, going to a remote SSH terminal to issue a shutdown command can be extra work. I saw a webpage mentioning using a simple 2 pin jumper to initiate a shutdown script for the Pi. So that’s what I did (green tab on the GPIO pins), I chose python due to the wait_for_edge function.

This script will shutdown the RPi when the tab is pulled. Strangely the RPi will boot if you plug the jumper back in after it has shutdown, or if you pull it out after it has completed shut down (putting it back before it has completed shutting down). If there is no jumper in during boot, then the script will close.

#!/usr/bin/env python
#note crontab for superuser required a new PATH variable as here http://unix.stackexchange.com/questions/43392#answer-43394
import subprocess
try:
 import RPi.GPIO as GPIO
except RuntimeError:
 print("Error importing RPi.GPIO! This is probably because you need superuser privileges. You can achieve this by using 'sudo' to run your script")

#http://raspberrypi.stackexchange.com/questions/12966/what-is-the-difference-between-board-and-bcm-for-gpio-pin-numbering
GPIO.setmode(GPIO.BOARD)
GPIO.setup(5, GPIO.IN) #Hardware Pullup on this pin..

ShutdownCommand = ['shutdown', '-h', 'now', '"System halted by GPIO action"']

if GPIO.input(5) == 0:
 #run script waiting for jumper removal
 GPIO.wait_for_edge(5, GPIO.RISING)
 GPIO.remove_event_detect(5)
 KillProcess = subprocess.Popen(ShutdownCommand, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
 MountData, MountError = KillProcess.communicate()
 GPIO.cleanup() 
else:
 GPIO.cleanup()

Then I simply added this script to the bottom of my root crontab (sudo crontab -e) to run at reboot:

@reboot python /usr/local/sbin/ShutdownJumper.py