TBHF-OPS-MRM

1. Installation

Enter the following commands at a Command Line with root privileges.

apt-get install firmware-amd-graphics
sudo apt-get -t bookworm-backports install firmware-amd-graphics
cat /usr/share/X11/xorg.conf.d/10-radeon.conf
cat /var/log/lightdm/x-0.log

2. Configuration

Select Applications > Settings > Power Manager.
Select the Display tab.
Change Blank after from 10 to 0 minutes.
Change Put to sleep after from 10 to 0 minutes.
Change Switch off after from 15 to 0 minutes.
Click Close.

Select Applications > Settings > Panel.
Select the Display tab.
Select Automatically hide the panel: | Intelligently.
Click Close.

Enter the following commands at a Command Line with root privileges.

apt-get purge network-manager network-manager-gnome
sudo rm -rf /etc/NetworkManager
apt-get autoremove

scp -p delta@10.10.1.2:/media/Windows/Software/_Delta/delta-linux-tools-#.#.#-1-all.deb /tmp
dpkg -i /tmp/delta-linux-tools-#.#.#-1-all.deb

delta config apt
delta config apt --skip-internet
delta config apt
delta config bash                       # Install and configure bash shell for each user.
delta config cron                       # Configure cron jobs.
delta setup sudo                        # Instyall and configure sudo for each user.

Enter the following commands at a Command Line.

sudo delta setup systemd-ethernet enp3s0 10.10.1.4 10.10.1.170 10.10.1.1 smru.shoklo-unit.com

sudo delta setup systemd-wireless wlx00026fc8b972 Private wap07delta    # Private
sudo delta setup systemd-wireless wlxa0f3c11850e5 Guest -               # Guest
sudo delta setup systemd-wireless wlx54b80a45afee 3bb-wlan 1111100000   # 3BB
# Prevent DNS issues.
files="wlx00026fc8b972.network wlxa0f3c11850e5.network wlx54b80a45afee.network"
for file in ${files}; do
  sed -i "/^UseDomains=/i UseDNS=false" "/etc/systemd/network/${file}"
done

sudo delta setup vim                    # Install and configure vim editor for each user.

sudo apt-get install xrdp
sudo adduser xrdp ssl-cert
sudo systemctl restart xrdp

#
#xfce4-session-logout --logout

Enter the following commands at a Command Line with root privileges.

ls -al /root/.ssh
cat /media/Windows/Software/_Delta/id_rsa-auto.pub > /root/.ssh/authorized_keys
ls -al /root/.ssh

file="/etc/ssh/sshd_config"
# Back up original file if backup file is missing.
if [ -f "${file}" ] && [ ! -f "${file}.org" ]; then cp -a "${file}" "${file}.org"; fi
sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/" "${file}"
service ssh restart
ls -al .*.crd

-rw-r--r-- 1 root root 48 Sep 10 16:44 .AD.crd
-rw-r--r-- 1 root root 92 Sep 10 17:07 .CS-SMRU.crd
-rw-r--r-- 1 root root 92 Sep 10 17:07 .CS-TBHF.crd
-rw-r--r-- 1 root root 66 Sep 17 12:00 .PowerShell-Email.crd
-rw-r--r-- 1 root root 32 Sep 10 17:10 .Share-Other.crd
-rw-r--r-- 1 root root 41 Sep 10 17:10 .Share-Windows.crd
-rw-r--r-- 1 root root 48 Sep 10 17:08 .WSUS.crd

See https://wiki.archlinux.org/title/LightDM.

Enter the following commands at a Command Line.

# See https://dev.to/nabbisen/fix-lightdm-error-the-name-org-freedesktop-accounts-was-not-provided-by-any-service-files-512b
# See https://github.com/flathub/us.zoom.Zoom/issues/222
sudo apt-get install accountsservice

sudo lightdm --show-config
file="/etc/lightdm/lightdm.conf"
# Back up original file if backup file is missing.
if [ -f "${file}" ] && [ ! -f "${file}.org" ]; then cp -a "${file}" "${file}.org"; fi
if grep -q "^#autologin-user=$" "${file}"; then
  sed -i "s/#autologin-user=/autologin-user=delta/" "${file}"
fi
sudo lightdm --show-config

sudo systemctl status lightdm

# See https://www.putorius.net/how-to-hide-mouse-pointer-cursor-to.html
sudo apt-get install unclutter
folder="/home/delta/.config/autostart"
mkdir -p "${folder}"

file="${folder}/unclutter.desktop"
# Do not use single quotes around EOF to allow interpreting variables.
cat << EOF | sed -e "s/^  //" > "${file}"
  unclutter -idle 0
EOF

See http://tillamookrage.blogspot.com/2007/12/autostart-programs-in-xfce-hardcore-way.html.
See https://unix.stackexchange.com/questions/626984/cannot-open-multiple-instances-of-firefox-with-xdg-open-or-kde-open5-in-opensuse.
See https://forums.raspberrypi.com/viewtopic.php?t=247169.
See https://askubuntu.com/questions/31786/chrome-asks-for-password-to-unlock-keyring-on-startup.

Enter the following commands at a Command Line.

sudo apt-get install chromium

folder="/home/delta/.config/autostart"
mkdir -p "${folder}"

file="${folder}/chromium1.desktop"
# Do not use single quotes around EOF to allow interpreting variables.
cat << EOF | sed -e "s/^  //" > "${file}"
  [Desktop Entry]
  Encoding=UTF-8
  Name=Chromium
  GenericName=Chromium
  Comment=Start Chromium
  Exec=/usr/bin/chromium --new-window --user-data-dir=/tmp/browser-1 --window-position="0,0" --start-fullscreen --kiosk --autoplay-policy=no-user-gesture-required --incognito --noerrdialogs --disable-translate --no-first-run --fast --fast-start --disable-infobars --disable-features=TranslateUI --disk-cache-dir=/dev/null --password-store=basic http://10.10.1.4/docs/smru-local-servers.php
  #Icon=/usr/share/pixmaps/program.jpg
  Terminal=false
  Type=Application
  Categories=
  OnlyShowIn=XFCE;
EOF

file="${folder}/chromium2.desktop"
# Do not use single quotes around EOF to allow interpreting variables.
cat << EOF | sed -e "s/^  //" > "${file}"
  [Desktop Entry]
  Encoding=UTF-8
  Name=Chromium
  GenericName=Chromium
  Comment=Start Chromium
  Exec=/usr/bin/chromium --new-window --user-data-dir=/tmp/browser-2 --window-position="1920,0" --start-fullscreen --kiosk --autoplay-policy=no-user-gesture-required --incognito --noerrdialogs --disable-translate --no-first-run --fast --fast-start --disable-infobars --disable-features=TranslateUI --disk-cache-dir=/dev/null --password-store=basic http://10.10.1.4/docs/smru-remote-servers.php
  #Icon=/usr/share/pixmaps/program.jpg
  Terminal=false
  Type=Application
  Categories=
  OnlyShowIn=XFCE;
EOF

Enter the following commands at a Command Line.

sudo apt-get install curl
sudo apt-get install parallel
sudo apt-get install python3
sudo delta setup apache                         # Install and configure apache http server.
sudo delta setup exim                           # Install and configure exim message transfer agent.
sudo delta setup php                            # Install and configure php.
sudo delta setup systemd-startup                # Install startup script.

# Add shares to /etc/fstab.
sudo delta setup share TBHF-ANC-MRM Other$      # Add Other$ (delta) share to /etc/fstab.
sudo delta setup share SMRU-HyperV01 Windows$   # Add Windows$ (winaccess) share to /etc/fstab.
sudo delta setup share SMRU-SRV ANC$            # Add ANC$ (ancupload) share to /etc/fstab.
sudo delta setup share SMRU-SRV PMS$            # Add PMS$ (pmsupload) share to /etc/fstab.
sudo delta setup share SMRU-SRV Home$           # Add Home$ (ADadmin) share to /etc/fstab.
sudo delta setup share SMRU-SRV Public$         # Add Public$ (itadmin) share to /etc/fstab.
sudo delta setup share SMRU-SRV Teams$          # Add Teams$ (itadmin) share to /etc/fstab.

# Prevent "Forbidden. You don't have permission to access this resource." when browsing to "http://10.10.1.4/status-local-servers.html".
# See https://unix.stackexchange.com/questions/20993/symbolic-link-not-allowed-or-link-target-not-accessible-apache-on-centos-6
ls -ald /home/delta     # drwx------ 21 delta delta 4096 Aug  4 16:48 /home/delta
chmod +x /home/delta
ls -ald /home/delta     # drwx--x--x 21 delta delta 4096 Aug  4 16:48 /home/delta

sudo ln -fs /home/delta/status-servers.html /var/www/html/status-servers.html
sudo ln -fs /home/delta/status-local-servers.html /var/www/html/status-local-servers.html
sudo ln -fs /home/delta/status-remote-servers.html /var/www/html/status-remote-servers.html

sudo mkdir -p /var/www/html/docs
sudo scp -p delta@10.10.1.2:/var/www/html/docs/asciidoctor.css /var/www/html/docs
sudo scp -p delta@10.10.1.2:/var/www/html/docs/networks/smru-local-servers.php  /var/www/html/docs
sudo scp -p delta@10.10.1.2:/var/www/html/docs/networks/smru-remote-servers.php /var/www/html/docs

# Certificates.
sudo mkdir -p /media/Teams
sudo mount -t cifs -o username=<User>,domain=SMRU,vers=3.0 //SMRU-SRV/Teams$ /media/Teams
folder="/media/Teams/IT/Public/X509 Certificates/SMRU-IT"
sites="bkk hpa hph mkt mku mrl mrm msl msm mst mtw mwd skk tst wpa ygn"
sudo mkdir -p /usr/local/share/ca-certificates/smru
for site in ${sites}; do
   if [ -e "${folder}/smru-sfw-${site}_CA.pem" ]; then
     # See https://thomas-leister.de/en/how-to-import-ca-root-certificate
     sudo /bin/cp "${folder}/smru-sfw-${site}_CA.pem" "/usr/local/share/ca-certificates/smru/smru-sfw-${site}_CA.crt"
     sudo chmod a-x "/usr/local/share/ca-certificates/smru/smru-sfw-${site}_CA.crt"
   fi
done
sudo update-ca-certificates
sudo umount /media/Teams

sudo crontab -e

# Email any output from cron job.
MAILTO="smru-it@shoklo-unit.com"

# Check servers every minute.
*/1 * * * * /usr/local/sbin/scan-servers

# Make list of SMRU file server disk usage.
30 20 * * * /usr/local/bin/list-file-server-disk-usage

3. UniFi Controller

3.1. Installation

Enter the following commands at a Command Line.

# Needed for Debian 12 Bookworm only.
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb
sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
dpkg -l | grep -i libssl1

sudo delta setup gnupg                  # Install and configure gnupg.
sudo delta setup jre-headless           # Install and configure java runtime environment.
sudo delta setup mongodb-4.4            # Install and configure mongodb 6.0 server.
sudo delta setup unifi-controller       # Install and configure unifi controller.

3.2. Setup

Browse to https://10.10.1.4:8443
Type SMRU UniFi Controller <Site> in the Server Name field (use MST, MKT, MLA, WPA, etc. for the site).
Check I agree to End User License Agreement and Terms of Service.
Click Next.
Type smru-it@shoklo-unit.com in UI Account Email field.
Type the Ubiquiti - UniFi Account password stored in the KeePass Password Manager.
Click Sign in.
Type get-totp <secret> in the Command Prompt.
Type the 2FA code.
Click Sign in.
Select SMRU > Sign Out.
Close Browser.

Continue with UniFi Controller to add WiFi networks and UniFi access points.

3.3. Updates

Browse to UniFi Controller to create a manual backup.
Note: The backups are stored in the /var/lib/unifi/backup/autobackup directory.
- Select the Settings page.
- Select the System sub-page.
- Select the Backups tab.
- Select Download.
- Select Download.

Enter the following commands at a Command Line.

sudo ls -al /var/lib/unifi/backup/autobackup

sudo apt-get update
sudo apt-get upgrade
# Select *Yes* to confirm you have a backup and press *Enter*.

sudo apt-get dist-upgrade
sudo apt-get autoremove
sudo apt-get autoclean

E: Repository 'https://dl.ui.com/unifi/debian stable InRelease' changed its 'Codename' value from 'unifi-9.0' to 'unifi-9.2'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

sudo apt-get update --allow-releaseinfo-change

N: Repository 'https://dl.ui.com/unifi/debian stable InRelease' changed its 'Codename' value from 'unifi-9.0' to 'unifi-9.2'

3.4. Updates

Enter the following commands at a Command Line.

sudo cat /var/log/exim4/paniclog | more
sudo rm /var/log/exim4/paniclog