I wanted to set up a home lab environment. Before I used a Raspberry Pi, but it had its limitations, so instead I was looking into using the cloud, in the long term, that is expensive since I would pay for 99.999% uptime when I only need around 10 % uptime for my home environment.
Of course, the instance can be turned off in the cloud, but easy to forget. Found a cheap computer on refurbed.se for ~150 $ with 16 GB ram and i5 CPU which is good enough.
Prepare a rocky 9.2 minimal OS USB, follow the instructions, and install it.
Download rocky linux
$ groups
$ sudo su
$ cat /etc/sudoers
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Let us fine-tune the permissions a bit, we want to have sudo access for our user, but also be able to run ls to peek in folders without needing to fill in the password each time.
Important to edit sudoers file with visudo to avoid corrupt the file
$ groupadd home_admin
$ usermod -aG home_admin [username]
$ visudo /etc/sudoers
%home_admin ALL=(ALL) ALL
%home_admin ALL=(ALL) NOPASSWD: /usr/bin/ls
Since I have multiple things to do, and don't have time to update the system manually, let us configure automatic security patching of the system.
From now on, we can run as our regular user, since it have sudo access instead of root
In the file /etc/dnf/automatic we make the change:
update_type = default ->
update_type=security
$ sudo dnf update
$ sudo dnf install dnf-automatic -y
$ sudo vi /etc/dnf/automatic
Now we need to enable the timer
$ sudo systemctl enable dnf-automatic-install.timer
$ sudo systemctl status dnf-automatic-install
○ dnf-automatic-install.service - dnf automatic install updates
Loaded: loaded (/usr/lib/systemd/system/dnf-automatic-install.service; static)
Active: inactive (dead)
TriggeredBy: ○ dnf-automatic-install.timer
The above is expected, the updates should be running on a timer, and be dead otherwise.
$ sudo systemctl cat dnf-automatic-install.timer
Let us list all systemd timers, to see if our updates have been executed and next time it will be.
$ systemctl list-timers --all
NEXT LEFT LAST PASSED UNIT ACTIVATE
- - - - dnf-automatic-install.timer dnf-automatic-install.service
hmm, our timer is just blank? It is because we have not started it yet. lets us do that and verify that it is correct afterwards
$ sudo systemctl start dnf-automatic-install.timer
NEXT LEFT LAST PASSED UNIT ACTIVATE
Sat 2023-10-07 06:19:11 CEST 11h left - - dnf-automatic-install.timer dnf-automatic-install.service
One thing I notice on my server is that the time is different from my wristwatch. For us to check the time, let us use Google and a small bash script to reduce the margin error by writing two commands in a row. The time is important on the system, as we will see below since the answer from Google comes from the future. Time diff between systems might cause lots of trouble.
$ touch time.sh | chmod 700 time.sh | vi time.sh
date
curl -v --silent https://google.se 2>&1 | grep "< date:"
$ ./time.sh
Fri Oct 6 13:36:08 CEST 2023
date: Fri, 06 Oct 2023 11:36:33 GMT
As we can see from the above output, the time differs by almost 30 seconds between Google and our system. So we should probably enable NTP time.
There are two obvious choices, either using NTP or Chrony, both of them have their advantages and disadvantages. We will use Chrony since it is a bit more suited for systems that might be turned on/off, such as our home environment.
To view the default configuration, and restart it.
$ less /etc/chorny.con
$ sudo systemctl restart chronyd.service
And now when we run our "test" script again, the time diff is small.
$ ./time.sh
Fri Oct 6 13:46:59 CEST 2023
date: Fri, 06 Oct 2023 11:46:59 GMT
Our test script is very basic, let check chrony
$ chronyc tracking
Reference ID : A29FC801 (time.cloudflare.com)
Stratum : 4
Ref time (UTC) : Fri Oct 06 11:48:00 2023
System time : 0.000055818 seconds slow of NTP time
Last offset : -0.000080253 seconds
RMS offset : 0.000088391 seconds
Frequency : 15.830 ppm slow
Residual freq : -0.007 ppm
Skew : 5.581 ppm
Root delay : 0.006752602 seconds
Root dispersion : 0.000748256 seconds
Update interval : 64.3 seconds
Leap status : Normal
One thing to notice here is that if we have multiple servers it is of the highest importance that they are synced against the same remote NTP server since different NTP servers might have a slightly different time.