Table of Contents
To install:
- /etc/netplan
- apache httpd
- java
- golang
- tomcat
- jspwiki
- dhmb
- zaptecbot
- prometheus/grafana
- letsencrypt
- pihole
- iptables
- ip6tables
- knockd
apt install apache2 net-tools openjdk-25-jdk-headless make gcc knockd plocate certbot # golang: cd /tmp/ && curl -OL https://go.dev/dl/go1.26.0.linux-arm64.tar.gz && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.26.0.linux-arm64.tar.gz # tomcat: cd /tmp && curl -OL https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.117/bin/apache-tomcat-9.0.117.tar.gz && cd /usr/local && tar -xf /tmp/apache-tomcat-9.0.117.tar.gz && ln -s apache-tomcat-9.0.117 tomcat && rm -v /usr/local/tomcat/bin/*.bat chown -R tomcat:tomcat /usr/local/apache-tomcat-9.0.117 groupadd tomcat useradd -g tomcat tomcat --create-home mkdir /var/run/tomcat && chown tomcat:tomcat /var/run/tomcat create /etc/systemd/system/tomcat.service (from backup) systemctl daemon-reload systemctl status tomcat systemctl start tomcat systemctl enable tomcat # jspwiki cd /tmp && curl -LO https://downloads.apache.org/jspwiki/2.12.4/binaries/webapp/JSPWiki.war cd /var/jspwiki && tar -xf /tmp/jspw.tar # (tar created from backup) # copy custom files to /usr/local/tomcat/lib (from backup) # zaptecbot mkdir -p go/src/github.com/metskem create /etc/systemd/system/zaptecbot.service (from backup) touch /var/log/zaptecbot.out && chown metskem /var/log/zaptecbot.out touch /var/log/zaptecbot.err && chown metskem /var/log/zaptecbot.err systemctl daemon-reload systemctl start zaptecbot systemctl enable zaptecbot # dhmb create /etc/systemd/system/dhmb.service (from backup) touch /var/log/dhmb.out && chown metskem /var/log/dhmb.out touch /var/log/dhmb.err && chown metskem /var/log/dhmb.err systemctl daemon-reload systemctl start dhmb systemctl enable dhmb systemctl disable dhmb (we no longer run it) # pihole curl -sSL https://install.pi-hole.net | bash # change port 80o to 81 in /etc/pihole/pihole.toml and systemctl restart pihole-FTL # admin interface @ : http://192.168.2.19:81/admin # knockd systemctl enable knockd.service # edit /etc/knockd.service (from backup)
saved /etc/netplan/01-network-manager-all.yaml:
network:
version: 2
#renderer: networkd
ethernets:
eth0:
dhcp4: no
addresses:
- 192.168.2.19/24
# gateway4: 192.168.2.254
routes:
- to: default
via: 192.168.2.254
nameservers:
addresses:
- 8.8.8.8
LetsEncrypt install#
See previous install
Prometheus install#
groupadd prometheus useradd -g prometheus prometheus --create-home --shell /usr/sbin/nologin cd /tmp/ curl -L https://github.com/prometheus/prometheus/releases/download/v3.11.3/prometheus-3.11.3.linux-arm64.tar.gz -O tar -xzf prometheus-3.11.3.linux-arm64.tar.gz mv prometheus-3.11.3.linux-arm64 /usr/local cd /usr/local ln -s prometheus-3.11.3.linux-arm64 prometheus cd prometheus mkdir data chown -R prometheus:prometheus /usr/local/prometheus
Copy the contents of /usr/local/prometheus/data from backup.
Create /etc/systemd/system/prometheus/service:
[Unit] Description=Prometheus Server Documentation=https://prometheus.io/docs/introduction/overview/ After=network-online.target [Service] User=prometheus Restart=on-failure ExecStart=/usr/local/prometheus/prometheus \ --config.file=/usr/local/prometheus/prometheus.yml \ --storage.tsdb.path=/usr/local/prometheus/data \ --storage.tsdb.retention.time=720d [Install] WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable prometheus
systemctl start prometheus
! Install prometheus push gateway
{{{
cd /tmp
groupadd pushgateway
useradd -g pushgateway pushgateway --create-home --shell /usr/sbin/nologin
curl -sLO https://github.com/prometheus/pushgateway/releases/download/v1.11.2/pushgateway-1.11.2.linux-arm64.tar.gz
tar -xf pushgateway-1.11.2.linux-arm64.tar.gz
cp pushgateway-1.11.2.linux-arm64/pushgateway /usr/local/bin/
# install unit file:
cat > /etc/systemd/system/pushgateway.service << EOF
[Unit]
Description=Pushgateway
Wants=network-online.target
After=network-online.target
[Service]
User=pushgateway
Group=pushgateway
Type=simple
ExecStart=/usr/local/bin/pushgateway \
--web.listen-address=":9091" \
--web.telemetry-path="/metrics" \
--persistence.file="/tmp/metric.store" \
--persistence.interval=5m \
--log.level="info" \
--log.format="logfmt"
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start pushgateway
systemctl daemon-reload systemctl enable pushgateway systemctl start pushgateway
Add this to /usr/local/prometheus/prometheus.yml:
- job_name: 'pushgateway'
honor_labels: true
static_configs:
- targets: [['localhost:9091']
Testing pushgateway:
echo -e "# TYPE temperature gauge\n# HELP temperature The temperature in Celsius\ntemperature 5.9" | curl --data-binary @- http://localhost:9091/metrics/job/openweather
And checkout http://www.computerhok.nl:9091
Install node exporter#
groupadd node-exporter useradd -g node-exporter node-exporter --create-home --shell /usr/sbin/nologin cd /tmp/ curl -L https://github.com/prometheus/node_exporter/releases/download/v1.11.1/node_exporter-1.11.1.linux-arm64.tar.gz -O tar -xzf node_exporter-1.11.1.linux-arm64.tar.gz mv node_exporter-1.11.1.linux-arm64 /usr/local cd /usr/local ln -s node_exporter-1.11.1.linux-arm64 node-exporter
Create /etc/systemd/system/node-exporter.service:
[Unit] Description=Prometheus Node Exporter Documentation=https://prometheus.io/docs/guides/node-exporter/ After=network-online.target [[Service] User=node-exporter Restart=on-failure ExecStart=/usr/local/node-exporter/node_exporter [Install] WantedBy=multi-user.target
systemctl daemon-reload systemctl enable node-exporter systemctl start node-exporter
Install grafana#
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add - echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list apt-get update && apt-get install -y grafana
wget -qO - https://packages.grafana.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/grafana-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/grafana-keyring.gpg] https://packages.grafana.com/oss/deb stable main" > /etc/apt/sources.list.d/grafana.list apt-get update && apt-get install -y grafana systemctl enable grafana-server systemctl start grafana-server
