MIGRATION-NAS.md

@@ -0,0 +1,71 @@
+# Migration Guide for NAS Server
+
+- Base installation:
+  - `bootstrap-bookworm.sh install`
+  - Remove default network configuration
+  - Copy /etc/systemd/network
+  - Copy /home/admin
+  - Adapt fstab: cat /etc/fstab | grep magnetic-backup >> /mnt/root/etc/fstab
+
+- Initial boot in the new system
+  - `bootstrap-bookworm.sh postinstall`
+  - `apt-get install git man rsync` 
+  - `prepare_luks.sh`
+  - `install_docker.sh`
+  - `install_kvm.sh`
+  - Prepare for crypted data partition
+    - `systemctl disable docker libvirtd libvirt-guests`, see startup.sh
+    - Rename directories which will be bind-mounted from crypt data 
+      ```
+      mv /var/lib/docker /var/lib/docker.orig
+      mkdir -p /opt/docker
+      mv /var/lib/libvirt /var/lib/libvirt.orig
+      mv /etc/libvirt /etc/libvirt.orig
+      ```
+    - Reboot
+    - Check if services are disabled: `systemctl status docker libvirtd libvirt-guests`
+    - Check if directories don't exist: `ls /var/lib/docker /var/lib/libvirt /etc/libvirt`
+    - Prepare mount points: `mkdir -p /var/lib/docker /var/lib/libvirt /etc/libvirt`
+    - Open luks and mount /srv/data, run manually step 1-2 in startup.sh
+    - Create folder for bindmounts in /srv/data: `mkdir -p /srv/data/guests/lib/docker /srv/data/guests/docker /srv/data/guests/lib/libvirt /srv/data/guests/etc/libvirt`
+    - Do bindmounts, run manually step 3 in startup.sh
+    - rsync -a /var/lib/docker.orig/   /var/lib/docker
+    - rsync -a /var/lib/libvirt.orig/  /var/lib/libvirt
+    - rsync -a /etc/libvirt.orig/      /etc/libvirt
+    - Start services, run manually step 4 in startup.sh
+!!!!!!!!!
+    - Test and delete .orig folders
+    - /var/lib/docker auf crypt ziehen
+
+
+- guest und magnetic einhängen, bind mounts
+- pfsense und container testweise starten und prüfen
+  - kvm und qemu stoppen
+  - daten kopieren
+  - virsh-define
+
+- restart
+- wurden die docker und kvm services wirklich nicht gestartet?
+- startup.sh
+
+- benchmark
+- mailversand einrichten / prüfen: https://www.itix.fr/blog/send-mails-openwrt-msmtp-gmail/
+- smartmon einrichten / testen
+- power mgmt
+
+- magnetic umziehen
+  - docker stoppen
+  - daten kopieren
+  - docker container umbiegen - grep -r '/srv/magnetic' /opt/docker/
+    - minio/restic
+    - minio
+    - sftp
+    - samba
+    - keepassxc
+
+- backup prüfen
+  - guests
+cryptsetup luksOpen /dev/sdd guests
+mount --verbose /dev/mapper/guests /mnt/old-guests/
+rsync -a --info=progress2 /mnt/old-guests/docker/ /opt/docker
+rsync -a --info=progress2 /mnt/old-guests/lib/libvirt/images/pfSense.qcow2 /mnt/old-guests/lib/libvirt/images/win10.qcow2 /var/lib/libvirt/images/

install_docker.sh

@@ -2,8 +2,6 @@
 ## Install Docker
 # https://docs.docker.com/engine/install/debian/
 
-sudo -i
-
 # Install dependencies
 apt-get update && apt-get install --yes \
     ca-certificates \
@@ -71,4 +69,4 @@ systemctl restart docker.service
 # Create directory for docker
 mkdir -p /opt/docker
 
-docker run hello-world
+docker run hello-world

install_kvm.sh

@@ -18,7 +18,7 @@ cat >/tmp/host-bridge.xml <<EOL
   <bridge name="br0"/>
 </network>
 EOL
-virsh net-define host-bridge.xml
+virsh net-define /tmp/host-bridge.xml
 virsh net-autostart host-bridge
 virsh net-start host-bridge
 rm /tmp/host-bridge.xml
@@ -32,11 +32,11 @@ cat >/tmp/isolated-bridge.xml <<EOL
       <bridge name="br1"/>
     </network>
 EOL
-virsh net-define isolated-bridge.xml
+virsh net-define /tmp/isolated-bridge.xml
 virsh net-autostart isolated-bridge
 virsh net-start isolated-bridge
 rm /tmp/isolated-bridge.xml
 
 
 # List networks
-virsh net-list
+virsh net-list

prepare_luks.sh

@@ -1,12 +1,12 @@
 #!/bin/bash
 
 # Overwrite default variables from config file
-[ -f ./config.sh ] && source config.sh
+[ -f /installer/config.sh ] && source /installer/config.sh
 
 
 # Check if partition exists
 disk2=$disk"p3"
-if [ -b $disk2 ]
+if ! [ -b $disk2 ]
 then
   echo $disk2 does not exist!
   exit
@@ -18,4 +18,4 @@ mkdir -p /srv/data
 cryptsetup luksFormat $disk2
 cryptsetup luksOpen $disk2 data
 mkfs.ext4 /dev/mapper/data
-mount /dev/mapper/data /srv/data
+mount /dev/mapper/data /srv/data

startup.sh

@@ -1,7 +1,7 @@
-#!/bin/bash
+#!/bin/bash -e
 
 # Load configuration
-[ -f ./config.sh ] && source config.sh
+[ -f /installer/config.sh ] && source /installer/config.sh
 disk2=$disk"p3"
 
 
@@ -21,13 +21,10 @@ mount --verbose --bind /srv/data/guests/etc/libvirt  /etc/libvirt
 # 4. Start docker and libvird 
 # Those services should have been disabled
 # systemctl disable docker libvirtd libvirt-guests
-systemctl start docker &
-sleep 2 && systemctl status --no-pager docker
-systemctl start libvirtd &
-sleep 2 && systemctl status --no-pager libvirtd
-systemctl start libvirt-guests &
-sleep 2 && systemctl status --no-pager libvirt-guests 
+systemctl start docker && sleep 2 && systemctl status --no-pager docker
+systemctl start libvirtd && sleep 2 && systemctl status --no-pager libvirtd
+systemctl start libvirt-guests && sleep 2 && systemctl status --no-pager libvirt-guests 
 
 # 4. Fix forward chain which was set to default deny by docker
 # so our KVM containers on br0 have access to the network
-iptables -v -A FORWARD -i br0 -o br0 -j ACCEPT
+iptables -v -A FORWARD -i br0 -o br0 -j ACCEPT