README for minipc-router ======================== Introduction ------------ We have a few mini-pc boxes that we'll be using as routers. The boxes have an Intel CPU, 8 GiB RAM, 60 GB SSD, four Ethernet ports, and support for wifi, and where fairly cheap from China. (FIXME: Add hardware specifics: make, model number, etc.) This project is about installing and configuring the hardware so that they work as routers, firewalls, and provide other networking services. Image build process ------------------- Unless you've been given pre-built images, you need to build them youself. You need: * Debian (stretch works, jessie might). * vmdebootstrap You'll need edit `installer.yaml` and `router.yaml` to set the Debian mirror URL. `http://httpredir.debian.org/debian` should always work; the debmirror host is something Lars uses locally for more speed. You need to configure `authorized_keys` to contain only your own keys. The default has some other keys. The file is installed to the router for the `root` user and so those who have the corresponding private keys can log in as root to the router. Run sudo sh -x build.sh If this works, it produces `ìnstaller.img`. This will be put on a USB stick for installing the router image (`router.img.gz`) to the router SSD. The router image is included in the installer image. Installation process -------------------- The installation process is: * Write the installer image (`installer.img`) to a USB stick with `dd`. * Boot the minipc from the USB stick. * Log in as root (no password). * Copy the router system image to the SSD: `zcat /router.img.gz | dd of=/dev/sda` (it'll take a while and there's no progress bar, sorry). * Shutdown the system (run `poweroff`) and remove the USB stick. * Boot the minipc. This will boot it off the SSD. * Connect your laptop to the minipc using Ethernet, to one of the ports LAN2 through LAN4. These ports provide DHCP service. Port LAN1 is for connecting to the Internet, and does not initially have any network configured. * Log into the minipc (`ssh root@10.0.0.3` if you connected to LAN4). Since you * Use Ansible, or whatever you want, to configure the system to provide the services you want. (FIXME: Add the Ansible.)