I just logged into a root account and followed these instructions…
- Create keys for SSH (in this case on linux command-line)
ssh-keygen -t rsa
- Name server hostname (I used these instructions (archive) for hostname)
- Set reverse DNS in VPS server console equal to FQDN
- Change SSH port & disable password authentication with
sudo nano "/etc/ssh/sshd_config"then restart ssh
sudo systemctl restart ssh
- create non root user, copy .ssh folder from root to their profile, making sure to
chown newuserfor the authorized_keys file, and add the user to group sudo –
sudo addgroup groupname.
- Add auto security updates.
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades **requires root email for notifications*
- Set time zone
sudo dpkg-reconfigure tzdata
From this setup for OpenVPN Server on Ubuntu 16.04..
We need to unbolt some of the security features of the server config for Mikrotik compatibility.
I guess this isn’t explained in bright colours on their wiki examples cos they’re not proud of not being up with latest crypto. Which is more annoying cos it took a day, where as getting the server online took 20 minutes on a digital ocean instructional.
Following this guide.
NOTE 1: In the part where they edit
I edited the server directive to read:
server 192.168.155.0 255.255.255.0
then my UFW rules are
# START OPENVPN RULES Continue reading “OpenVPN Server on Ubuntu 16.04”
# NAT table rules
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to ens3 (change to the interface you discovered!)
-A POSTROUTING -s 192.168.155.0/24 -o ens3 -j MASQUERADE
# END OPENVPN RULES
In Ubuntu 16.04 DNSCrypt can be installed from apt-get:
sudo apt-get install dnscrypt-proxy
Assuming a wireless interface is setup and working on the router, we can add a virtual interface, give it it’s own subnet, and isolate that subnet from the existing LAN. Note: these routers don’t seem to like multi-tasking/wi-fi too much Continue reading “isolated wifi using a Mikrotik wireless router”
The main challenge installing guy wires onto a tiled roof was how to make anchor points. I went to a local antenna supplier and they told me the usual method is with these long self tapping o-ring bolts. So that’s what I did, it was much easier than I expected.
I used a diamond hole saw from eBay to make 2 holes in the roof tiles, and made use of an existing satellite dish mast for the final mounting point. I used threaded rod to attach a tapped o ring (or whatever you call it) to the satellite mast. Using a wet finger I was able to mold silicon around the anchor bolts in the roof tiles.
From my understanding it’s better to be earthed than not… I tried running conduit through this cement path using only an angle grinder and a chisel. This would have taken waay too long. Ended up buying a jack-hammer from gumtree (cheaper than renting). The second earth wire is from a UBNT Ethernet protector in the roof-space. This goes to a separate earth rod a small distance from the mast earth rod.
I moved the project to some acrylic in what is possibly the final stage for the project.While I thought the software reset for the Ethernet chip would suffice for connection problems, it appears this isn’t the case. I’ll try reprogramming the chip with an interrupt reboot for the main program loop, currently the device isn’t sending info to ThingSpeak.
Once the code is running smoothly (for at least a week) I’ll add email notifications. In the future I won’t use this Ethernet chip, there is a similarly priced chip I have which is much more capable.
Starting the electronics part..
This part of the build requires sending temperature data to the internet. This requires 3 things:
- Thermocouples for measuring temperature.
- A microcontroller for processing the thermocouples values.
- A hardware connection to the internet.
Sometimes I need to power off one of my Raspberry Pis, and since I run these computers headless, going to a remote SSH terminal to issue a shutdown command can be extra work. I saw a webpage mentioning using a simple 2 pin jumper to initiate a shutdown script for the Pi. So that’s what I did (green tab on the GPIO pins), I chose python due to the wait_for_edge function.
This script will shutdown the RPi when the tab is pulled. Strangely the RPi will boot if you plug the jumper back in after it has shutdown, or if you pull it out after it has completed shut down (putting it back before it has completed shutting down). If there is no jumper in during boot, then the script will close.
#!/usr/bin/env python #note crontab for superuser required a new PATH variable as here http://unix.stackexchange.com/questions/43392#answer-43394 import subprocess try: import RPi.GPIO as GPIO except RuntimeError: print("Error importing RPi.GPIO! This is probably because you need superuser privileges. You can achieve this by using 'sudo' to run your script") #http://raspberrypi.stackexchange.com/questions/12966/what-is-the-difference-between-board-and-bcm-for-gpio-pin-numbering GPIO.setmode(GPIO.BOARD) GPIO.setup(5, GPIO.IN) #Hardware Pullup on this pin.. ShutdownCommand = ['shutdown', '-h', 'now', '"System halted by GPIO action"'] if GPIO.input(5) == 0: #run script waiting for jumper removal GPIO.wait_for_edge(5, GPIO.RISING) GPIO.remove_event_detect(5) KillProcess = subprocess.Popen(ShutdownCommand, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) MountData, MountError = KillProcess.communicate() GPIO.cleanup() else: GPIO.cleanup()
Then I simply added this script to the bottom of my root crontab (sudo crontab -e) to run at reboot:
@reboot python /usr/local/sbin/ShutdownJumper.py