Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.
Beide Seiten, vorherige ÜberarbeitungVorherige Überarbeitung | |||
infrastruktur:host:billy:billy-borg-server-setup [05.09.2024 02:19] – gelöscht - Externe Bearbeitung (Unknown date) 127.0.0.1 | infrastruktur:host:billy:billy-borg-server-setup [05.09.2024 02:19] (aktuell) – ↷ Seitename wurde von infrastruktur:host:billy:billy-setup auf infrastruktur:host:billy:billy-borg-server-setup geändert Linus Lüssing | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Einrichtung Billy: Borg Backups ====== | ||
+ | Einrichtung von [[infrastruktur: | ||
+ | |||
+ | ===== Proxmox ===== | ||
+ | |||
+ | General: | ||
+ | |||
+ | * Node: case | ||
+ | * LXC Container | ||
+ | * Hostname: billy | ||
+ | * CT ID: 112 | ||
+ | * Unprivileged container: yes | ||
+ | * Nesting: yes | ||
+ | * SSH public key(s): T_X's key | ||
+ | |||
+ | Template: | ||
+ | |||
+ | * Storage: local | ||
+ | * Template: debian-12-standard_12.2-1_amd64.tar.zst | ||
+ | |||
+ | Disks: | ||
+ | |||
+ | * rootfs: | ||
+ | * Disk Size: 4 GiB | ||
+ | * Storage: disks | ||
+ | * mp0: | ||
+ | * Disk Size: 2048 GiB | ||
+ | * Storage: disks | ||
+ | * Path: /home | ||
+ | * Backup: 0 | ||
+ | |||
+ | CPU: | ||
+ | |||
+ | * Cores: 1 | ||
+ | |||
+ | Memory: | ||
+ | |||
+ | * Memory: 2048 MiB | ||
+ | * Swap: 512 MiB (ToDo: increase/ | ||
+ | |||
+ | Network: | ||
+ | |||
+ | * Name: eth0 | ||
+ | * bridge: vmbr0 | ||
+ | * IPv4: static | ||
+ | * IPv4/CIDR: 172.23.208.77/ | ||
+ | * IPv6: static | ||
+ | * IPv6/CIDR: 2a01: | ||
+ | * Gateway: 2a01: | ||
+ | |||
+ | ===== Debian ===== | ||
+ | |||
+ | Also see: https:// | ||
+ | |||
+ | < | ||
+ | $ apt-get update && apt-get dist-upgrade | ||
+ | $ apt-get install libnss-ldapd borgbackup quota vim | ||
+ | </ | ||
+ | |||
+ | nslcd config prompt (to / | ||
+ | |||
+ | * LDAP server URI: | ||
+ | * < | ||
+ | * LDAP server search base: ou=users, | ||
+ | * Check server' | ||
+ | |||
+ | libnss-ldapd config prompt (to / | ||
+ | |||
+ | * Name services to configure: passwd, group, shadow | ||
+ | |||
+ | Further configuration: | ||
+ | |||
+ | < | ||
+ | $ sed -i " | ||
+ | $ sed -i " | ||
+ | $ sed -i " | ||
+ | [ ToDo: verify properly: ] | ||
+ | $ echo " | ||
+ | $ systemctl restart nslcd.service | ||
+ | $ sed -i " | ||
+ | $ pam-auth-update --enable mkhomedir | ||
+ | $ groupadd --gid 2000 member | ||
+ | [ Note/ToDo: this should instead, ideally come from LDAP? | ||
+ | currently " | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ===== SSH command restrictions ===== | ||
+ | |||
+ | < | ||
+ | $ cat / | ||
+ | Match Group member | ||
+ | DisableForwarding yes | ||
+ | PermitTTY no | ||
+ | PermitUserRC no | ||
+ | ForceCommand only borg ssh-add-authorized-keys | ||
+ | </ | ||
+ | |||
+ | " | ||
+ | |||
+ | https:// | ||
+ | |||
+ | < | ||
+ | $ cat / | ||
+ | #!/bin/sh | ||
+ | cmds=" | ||
+ | set -- $SSH_ORIGINAL_COMMAND | ||
+ | for allowed in $cmds; do | ||
+ | if [ " | ||
+ | cmd=" | ||
+ | if [ -z " | ||
+ | break | ||
+ | fi | ||
+ | eval exec " | ||
+ | fi | ||
+ | done | ||
+ | echo you may only $cmds, denied: $@ >&2 | ||
+ | exit 1 | ||
+ | $ chmod +x / | ||
+ | </ | ||
+ | |||
+ | Also contains storage quota, 250G can be adjusted | ||
+ | here in /etc/skel or in ~/ | ||
+ | |||
+ | < | ||
+ | $ cat / | ||
+ | \: | ||
+ | /^borg serve.*\-\-storage-quota/ | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ cat / | ||
+ | #!/bin/sh | ||
+ | [ ! -d " | ||
+ | |||
+ | umask 0077 | ||
+ | cat > " | ||
+ | $ chmod +x / | ||
+ | </ | ||
+ | |||
+ | ===== Unattended updates ===== | ||
+ | |||
+ | https:// | ||
+ | |||
+ | $ apt-get install unattended-upgrades apt-listchanges | ||
+ | |||
+ | / | ||
+ | |||
+ | < | ||
+ | -> Unattended-Upgrade:: | ||
+ | -> Unattended-Upgrade:: | ||
+ | </ |