Introduction

Reholink is a Linux server configuration based on Ubuntu Server 20.04, serving as a companion to Cloudberry for the primary purpose of data storage and archiving using the ZFS storage system. Additionally, it provides local network-level ad-blocking and serves as a media server.

Applications

Installation

Installation requires an amd64 computer (connected to the internet via Ethernet cable) with a monitor (only necessary during the setup, after which it can be permanently removed) and at least 20GB of available storage. Download Ubuntu Server 20.04 LTS, flash it to an USB drive and install it on the computer. Choose a username (referred to as $user), a hostname (referred to as $host) and disable automatic system updates.

The following script will set up everything:

# Refresh package repositories
apt-get update --assume-yes

# Update existing packages
apt-get upgrade --assume-yes

# Remove unused packages
apt-get autoremove --assume-yes

# Add the Docker package repository PGP key
curl https://download.docker.com/linux/ubuntu/gpg | apt-key add

# Add the Docker package repository
add-apt-repository \
	"deb https://download.docker.com/linux/ubuntu focal stable"

# Add the gVisor package repository PGP key
curl https://gvisor.dev/archive.key | apt-key add

# Add the gVisor package repository
add-apt-repository \
  "deb https://storage.googleapis.com/gvisor/releases release main"

# Add the ZeroTier package repository PGP key
curl https://download.zerotier.com/contact@zerotier.com.gpg | apt-key add

# Add the ZeroTier package repository
add-apt-repository \
  "deb https://download.zerotier.com/debian/focal focal main"

# Install packages
apt-get install --assume-yes \
  runsc \
  docker-ce \
  docker-compose-plugin \
  zerotier-one \
  openssh-server \
  zfsutils-linux

# Configure static IPv4 address
cat > /etc/netplan/01-netcfg.yaml << \
-----------------------------
network:
  version: 2
  renderer: networkd
  ethernets:
    $(ip address | awk '/inet.*brd/{print $NF;exit}'):
      dhcp4: no
      dhcp6: no
      addresses: [$(ip route get 1 | awk '{print $(NF-2);exit}')/24]
      gateway4: $(ip route | grep default | awk '{print $3}')
-----------------------------

# Load static IPv4 address configuration
netplan apply

# Configure DNS
cat > /etc/systemd/resolved.conf << \
----------------------------
[Resolve]
DNS=8.8.8.8
DNSStubListener=no
----------------------------

# Load DNS configuration
systemctl reload-or-restart systemd-resolved

# Fix DNS resolution
ln --symbolic --force \
  /run/systemd/resolve/resolv.conf /etc/resolv.conf

# Configure SSH
cat > /etc/ssh/sshd_config << \
----------------------------
PrintMotd no
DebianBanner no
LoginGraceTime 30s
MaxAuthTries 3
Protocol 2
UsePAM yes
ChallengeResponseAuthentication no
PermitRootLogin without-password
----------------------------

# Load SSH configuration
systemctl reload-or-restart sshd

# Configure Docker
cat > /etc/docker/daemon.json << \
----------------------------
{
    "live-restore": true,
    "default-runtime": "runsc",
    "runtimes": {
        "runsc": {
            "path": "/usr/bin/runsc",
            "runtimeArgs": [
                "--overlay2=none"
            ]
        }
    }
}
----------------------------

# Load Docker configuration
systemctl reload-or-restart docker

# Configure applications
cat > /etc/docker/compose.yml << \
----------------------------
services:
  AdGuard_Home:
    image: adguard/adguardhome
    restart: always
    network_mode: bridge
    ports:
      - 53:53/tcp
      - 53:53/udp
      - 3000:3000
    volumes:
      - /etc/AdGuard_Home:/opt/adguardhome/conf
  File_Browser:
    image: filebrowser/filebrowser
    command: --database /opt/database.db
    restart: always
    network_mode: bridge
    ports:
      - 4000:80
    volumes:
      - /Files:/srv
      - /etc/File_Browser:/opt
  Emby:
    image: emby/embyserver
    restart: always
    network_mode: bridge
    ports:
      - 7000:8096
    volumes:
      - /Files/Media:/mnt
      - /etc/Emby:/config
----------------------------

# Start applications
docker compose --file /etc/docker/compose.yml up --detach

It can be downloaded and run on the server directly:

curl https://nfbyte.srht.site/static/reholink/install.sh | sudo sh

To enable ad-blocking, set the server’s IPv4 address (referred to as $ip) as the DNS server in the local network’s router / access point settings. It can be found with:

hostname --ip-address

The applications will be reachable on the local network at:

  • AdGuard Home: http://$ip:3000
  • File Browser: http://$ip:4000
  • Emby: http://$ip:7000

ZFS configuration depends on the storage hardware setup. Storage devices can be identified with:

lsblk

A minimal RAID-Z1 array can be created with:

zpool create Files raidz1 /dev/$device1 /dev/$device2 /dev/$device3

SSH (using public key authentication) can be used for access from a remote system.

To generate a private/public key pair:

ssh-keygen

To transfer the public key from the remote system to the $host:

ssh-copy-id $user@$host

ssh -t $user@$host sudo cp --recursive .ssh /root

ZeroTier can be used for remote access from outside the local network.

Maintenance

  • Check system status
systemctl status
  • Download system updates
apt update && apt upgrade && apt autoremove
  • Apply system updates
systemctl reboot
  • Download application updates
docker compose --file /etc/docker/compose.yml pull
  • Apply application updates
docker compose --file /etc/docker/compose.yml up --detach
  • Check storage status
zpool status

zpool scrub Files