Table of Contents
Unifi
VM to install Unifi Network Application
Docker
Since everything else failed…
References:
- https://glennr.nl/s/unifi-network-controller [UniFi scripts]
Download Ubuntu 18.04 container Template from Proxmox: Proxmox > Local > Templates
Set up a CT with this Template with password/ssh keys + 32GB of disk, 1GB RAM + IP 192.268.1.70/24
Download script:
wget https://get.glennr.nl/unifi/install/unifi-7.3.83.sh bash unifi-7.3.83.sh
Ubuntu
OS: Ubuntu 22.04 Server LTS (laziness, mostly)
IP: 192.168.1.70 (unifi.fortier-family.com)
Install
Following :
apt update && apt upgrade -y apt install openjdk-8-jdk ca-certificates apt-transport-https -y echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50 apt update && apt install unifi -y #### ERRORS #####
wget https://get.glennr.nl/unifi/install/unifi-7.1.66.sh chmod +x unifi-7.1.66.sh ./unifi-7.1.sh systemctl status unifi
Previous _Failed_ Install
sudo apt-get update && sudo apt-get install ca-certificates apt-transport-https echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list wget -qO - https://www.mongodb.org/static/pgp/server-3.4.asc | sudo apt-key add - echo "deb https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list sudo apt-get update sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50 sudo apt-get update && sudo apt-get install unifi -y systemctl enable --now unifi apt install default-jre
Top shit → doesn't work…
wget https://dl.ui.com/unifi/6.5.55/unifi_sysvinit_all.deb dpkg -i unifi_sysvinit_all.deb apt-get install -f
doesn't work either…
wget https://get.glennr.nl/unifi/install/unifi-6.5.55.sh bash unifi-6.5.55.sh
Interface
→ here
Timezone
timedatectl set-timezone Europe/Zurich
timedatectl
NTP client
vi /etc/systemd/timesyncd.conf
[Time] NTP=ntp.fortier-family.com
timedatectl set-ntp true
timedatectl status
systemctl restart systemd-timesyncd
NTP server (NOT DONE, now on another server)
Why not?
apt-get install ntp sntp --version vi /etc/ntp.conf
choose a pool close : https://support.ntp.org/bin/view/Servers/NTPPoolServers
server 0.ch.pool.ntp.org server 1.ch.pool.ntp.org server 2.ch.pool.ntp.org server 3.ch.pool.ntp.org
systemctl restart ntp systemctl status ntp
...kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
ufw allow from any to any port 123 proto udp
Remove fucking cloud-init
every reboot … SSH Keys are regenerated !! How stoopid is that?!
ssh 192.168.1.70 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:y7imTO26lQ4UFuIDhuJ+aRl6v3JdsUEeUBghUx7V/+o. Please contact your system administrator. Add correct host key in /Users/fortiera/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/fortiera/.ssh/known_hosts:309 Host key for 192.168.1.70 has changed and you have requested strict checking. Host key verification failed.
dpkg-reconfigure cloud-init # None (28) dpkg-reconfigure cloud-init apt-get purge cloud-init rm -rf /etc/cloud/ && sudo rm -rf /var/lib/cloud/
Archlinux
since Unifi is not providing statistics… Java Power !! Let's install it on Arch Basic Archlinux Install
gdisk /dev/sda
# create one partition for EFI + 1 for /
UEFI de merde
root@archiso ~ # gdisk /dev/sda GPT fdisk (gdisk) version 1.0.8 Partition table scan: MBR: not present BSD: not present APM: not present GPT: not present Creating new GPT entries in memory. Command (? for help): o This option deletes all partitions and creates a new protective MBR. Proceed? (Y/N): Y Command (? for help): n Partition number (1-128, default 1): First sector (34-67108830, default = 2048) or {+-}size{KMGTP}: Last sector (2048-67108830, default = 67108830) or {+-}size{KMGTP}: +550M Current type is 8300 (Linux filesystem) Hex code or GUID (L to show codes, Enter = 8300): EF00 Changed type of partition to 'EFI system partition' Command (? for help): n Partition number (2-128, default 2): First sector (34-67108830, default = 1128448) or {+-}size{KMGTP}: Last sector (1128448-67108830, default = 67108830) or {+-}size{KMGTP}: Current type is 8300 (Linux filesystem) Hex code or GUID (L to show codes, Enter = 8300): Changed type of partition to 'Linux filesystem' Command (? for help): p Disk /dev/sda: 67108864 sectors, 32.0 GiB Model: QEMU HARDDISK Sector size (logical/physical): 512/512 bytes Disk identifier (GUID): 2B7EBB37-FD6B-495E-8DFF-A2B02184B4BA Partition table holds up to 128 entries Main partition table begins at sector 2 and ends at sector 33 First usable sector is 34, last usable sector is 67108830 Partitions will be aligned on 2048-sector boundaries Total free space is 2014 sectors (1007.0 KiB) Number Start (sector) End (sector) Size Code Name 1 2048 1128447 550.0 MiB EF00 EFI system partition 2 1128448 67108830 31.5 GiB 8300 Linux filesystem Command (? for help): w Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING PARTITIONS!! Do you want to proceed? (Y/N): Y OK; writing new GUID partition table (GPT) to /dev/sda. The operation has completed successfully.
mkfs.ext4 -L ROOT /dev/sda2 mkfs.vfat -F32 -n EFI /dev/sda1 mount /dev/sda2 /mnt mkdir /mnt/boot mount /dev/sda1 /mnt/boot pacstrap /mnt linux-hardened base base-devel intel-ucode vim linux-firmware dhcpcd networkmanager git openssh go net-snmp wget genfstab -U /mnt >> /mnt/etc/fstab arch-chroot /mnt/ ===== Config ===== echo "unifi" > /etc/hostname echo LANG=en_US.UTF-8 > /etc/locale.conf ln -s `which vim` /usr/bin/vi
vi /etc/locale.gen #uncomment #en_US.utf-8
locale-gen echo KEYMAP=us-acentos > /etc/vconsole.conf echo FONT=lat9w-16 >> /etc/vconsole.conf ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime echo "#<ip-address> <hostname.domain.org> <hostname> 127.0.0.1 monitor.localdomain monitor" >/etc/hosts ==== Init/boot ==== <code bash> vi /etc/mkinitcpio.conf # HOOKS=(base keyboard udev autodetect modconf block keymap filesystems)
mkinitcpio -p linux-hardened bootctl --path=/boot install
- /boot/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux-hardened initrd /intel-ucode.img initrd /initramfs-linux-hardened.img options root="LABEL=ROOT" rw
- /boot/loader/loader.conf
default arch.conf timeout 4 console-mode max #editor no
passwd
post install
pacman -S htop zsh ccze dfc
useradd -m warnaud
AUR Helper
su - warnaud cd /tmp mkdir yay curl https://aur.archlinux.org/cgit/aur.git/plain/PKGBUILD?h=yay > /tmp/yay/PKGBUILD cd yay makepkg su pacman -U yay*.zst
Static IP
vi /etc/systemd/network/ens192.network
[Match] Name=ens192 [Network] Address=192.168.1.60/24 Gateway=192.168.1.1 DNS=192.168.1.10 DNS=192.168.1.11
systemctl enable --now systemd-networkd