New life for an old laptop as a Linux home server

Last edited on 2023-08-10 Tagged under  #homeServer   #debian   #linux   #chromebook 

You might have something in mind that would benefit from having an "always-on, always-available" computer.

For myself, it started with a desire for network-attached storage for automatic daily backups of my home directory.

Out of curiosity I decided to forego using commercial cloud-computing services and put together something myself. Install a stable Linux distribution such as Debian and gain access to tens of thousands of software packages with the ability to host all kinds of services.

Why use an old laptop as a home server?

Something like a Raspberry Pi is certainly one option, but one big advantage of the laptop option is I already have one not being used! You might also have a spare laptop, or know where to get one for little to no cost.

Old laptops can still deliver plenty of power for running a few services on a personal home server, and can include all sorts of things already built-in that would be extras on the Pi: things like a case, display, keyboard, multiple ports, and storage. Laptops are designed to be frugal with power and - if the battery still holds a charge - come equipped with their own built-in UPS!

So this is the plan: Pick a laptop. For my own project, I am restoring an old chromebook to active duty with the latest release of Debian for use as a home server.

This is how I do it ...

1. Install

An installation and basic setup of a minimal, console-only base configuration of Debian 12 aka "Bookworm". Read more

2. Configure

2.1 Reserved IP address

Our new home server should use a reserved IP address so its hosted network services can easily be found.

Display all detected network interfaces on the server along with their IP and MAC addresses ...

$ ip addr

Most home routers come with an installed DHCP (Dynamic Host Control Protocol) server, and allow configuration via a web console. I login to the control panel of the modem-router provided by my ISP and navigate to the DHCP settings, where I reserve an IP address that is attached to the MAC address of the wireless interface (no ethernet on the chromebook) on the home server.

Debian's network interfaces can be auto-enabled and brought up or down with sudo ifup <interface> and sudo ifdown <interface> using the settings in /etc/network/interfaces.

Example: An entry for a wireless interface to auto-connect to home LAN at boot ...

# The primary network interface
allow-hotplug wlp1s0
iface wlp1s0 inet dhcp
  wpa-ssid <wifi_name_of_router>
  wpa-psk  <wifi_passphrase>

2.2 SSH keys

Disable password logins and switch to SSH key-based authentication for greater security and non-interactive access. Read more

2.3 Remote unlock

When I use LUKS to encrypt the root partition on my Linux server, I need to supply the LUKS passphrase at boot to unlock the system for startup to continue and reach login. All well and good if I'm sitting in front of the machine with a keyboard and display.

For my home server tucked away, however, I use Dropbear to remotely unlock the device. Read more

2.4 Terminal multiplexer: tmux

Useful on desktops and especially on servers, tmux launches a session in the console that can be divided into multiple windows and panes (multiplexing).

Where it really makes a difference from simply opening multiple terminals or logins, though, is the ability to detach/re-attach sessions. Login to the server, open several windows, run ongoing processes, detach session, logout, login, re-attach session, and restore your working environment!

Install ...

$ sudo apt install tmux

See: Getting started with tmux, and my own tmux config.

2.5 Turn off backlight

Install vbetool to control the laptop's display backlight ...

$ sudo apt install vbetool

Turn off the backlight with the command ...

$ sudo vbetool dpms off

2.6 Disable suspend-on-close

In normal operation, closing the laptop lid would suspend the system. Not what we want for our laptop home server!

To enable the server to continue operating on lid closure, set /etc/systemd/logind.conf to ignore the action.

Change ...


... to ...


Restart systemd-logind.service ...

$ sudo systemctl restart systemd-logind.service

3. Services

3.1 Automatic daily backups: rdiff-backup

A backup you don't have to think about is a backup that gets done. Read more

3.2 RSS reader: newsboat

Newsboat is an RSS feed reader that runs in a console.

Install ...

$ sudo apt install newsboat

Create a list of feeds to track in ~/.newsboat/urls.

Sample file ...

"query:Unread Articles:unread = \"yes\"" "~r/archlinux" "~yt/LearnLinuxTv"

Translates to:

  • "query:Unread Articles:unread = \"yes\"" -- Generates a combined list of unread posts from all feeds
  • -- My own feed link
  • "~r/debian" -- Reddit feeds can be created by copying the URL and adding .rss; give a custom_name to a feed by adding "~<custom_name>"
  • "~yt/LearnLinuxTv" -- To subscribe to a Youtube channel:
    1. Open a YT channel's VIDEOS page
    2. Use the browser's page source view option, and search for channelId and <string>, where <string> in this example is UCxQKHvKbmSzGMvUrVtJYnUA
    3. Add link<string> to file

Run program (and leave running inside tmux) ...

$ newsboat

3.3 Dynamic DNS: Duck DNS

My home server sits behind a router assigned a dynamic IP address by my Internet Service Provider (ISP).

If I want to remotely connect to my server, I can use a Dynamic DNS (DDNS) service to create a domain name, automatically update the IP address whenever it changes, and redirect traffic to the new location.

I use the free DDNS service provided by Duck DNS, which permits the creation of up to five domains in the format <subdomain_name>

See the install instructions for setting up a cron job on the server that polls the external IP address assigned by the ISP, and notifies Duck DNS of the current address.

Use Network Address Translation (NAT) on the home router to setup port forwarding, which forwards traffic directed at one of the router's ports to the listening port on the home server.

4. Maintain

4.1 Package updates: unattended-upgrades

On desktops, I like to keep the system updated manually. However, on servers, once you get into several devices and/or infrequent logins, upgrading can quickly get repetitive and timely security updates may be put off.

I use unattended-upgrades to automate the process. Read more

4.2 Logs: logwatch

Keep an eye on the server with logwatch, which sifts through the system logs and emails reports.

Install ...

$ sudo apt install logwatch rsyslog

Configuration file is /usr/share/logwatch/default.conf/logwatch.conf. Don't modify this file. Copy the file and make any changes there ...

$ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/logwatch.conf

A daily cron job is placed in /etc/cron.daily/00logwatch.

I stick with the default settings, which emails a daily report of yesterday's activity to root, which is forwarded to my username.

Read the reports by running ...

$ mail

4.3 Process viewer: htop

The top command displays Linux processes, and one of the first packages I install on a fresh install of Linux is the enhanced, interactive htop viewer. Looks good and easy to use: see CPU and MEMORY usage at a glance, system load and uptime, kill wonky processes, and more!

Install ...

$ sudo apt install htop

See: A Guide to the htop command in Linux

4.4 Authentication: fail2ban

Fail2ban is a daemon that can block other nodes when there are a certain number of authentication failures.

Install ...

$ sudo apt install fail2ban

Default configuration file is /etc/fail2ban/jail.conf. Don't modify this file directly. Create a /etc/fail2ban/jail.local file to write any custom settings ...

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

The existence of a jail.local file will supersede the jail.conf file.

One option that is a good idea to change right away is to add your local devices to the ignoreip line to ensure you don't lock yourself out.

Example: localhost is ignored by default, and also include IP addresses on the LAN ...

ignoreip = ::1

Other options include bantime (how long a host is banned when fail2ban blocks it) and maxretry (number of failures that need to occur before fail2ban takes action).

After any configuration change, restart the daemon and check its status ...

$ sudo systemctl restart fail2ban
$ sudo systemctl status fail2ban

5. Resources

  • The Debian Administrator's Handbook by RaphaĆ«l Hertzog and Roland Mas
    • In-depth guide to becoming a Debian power-user/sysadmin. Read online or download the ebook.
  • Debian Package Tracker
    • A searchable interface that packs a lot of information about a given package on a single page.
  • Mastering Ubuntu Server - Fourth Edition by Jay LaCroix
    • Except for the mention of a few Ubuntu-specific items, this excellent guide is equally relevant to putting together a Debian server.
  • Learn Linux TV
    • YouTube channel with Linux tutorials, reviews, etc. Produced by the author of Mastering Ubuntu Server.
  • ArchWiki
    • Written with Arch Linux in mind, but contains many excellent HOWTOs relevant to all Linux distros.
Thanks for reading! Read other posts?

» Next: #26. Spot the Asteroid

« Previous: Chromebook to Bookwormbook