New life for an old laptop as a Linux home server

Last updated on 2021-08-29 Tagged under  # debian  # linux  # network

Why setup a home server?

You might have something in mind that would benefit from having an "always-on, always-available" computer. In my case, it started with the desire to 1) continuously sync files between multiple devices, and 2) automatically run daily backups. For reasons of logistics, privacy, and curiosity I decided to forego using commercial cloud-computing services and put together my own solution.

Install a stable Linux distribution such as Debian and gain access to tens of thousands of packages ready to install, with the ability to host all kinds of services.

Why use an old laptop as a home server?

Something like a Raspberry Pi is certainly one option, but one big advantage of the laptop option is I already have one not being used! You might also have a spare laptop, or know where to get one for little to no cost. Second-hand laptops - retired in favour of more current and powerful machines - can still deliver plenty of oomph for running a personal server, and can include all sorts of things built-in (case, display, keyboard, multiple ports, storage) that need to be purchased separately for the Pi. Laptops are designed to be frugal with power and, if the battery still holds a charge, come equipped with their own built-in UPS!

Let's go!

Hardware: A recently discarded and saved from a landfill Thinkpad E520 (circa 2011) with an i5-2430M CPU, 8GB RAM, gigabit ethernet, wifi, scuffed up but usable display, no storage. I added a WD Blue 500GB SATA SSD ($70CAN).

1. Getting started

1.1 Install Debian

Debian 11 aka "Bullseye" is the latest stable release of the popular Linux operating system. I use Debian's (unofficial) network installer image (which includes non-free firmware for pesky wifi cards) to create a minimal, console-only base configuration as the foundation for my home server. Read more

1.2 Secure remote access using SSH keys

Create cryptographic keys and disable password logins to make the server more secure. Read more

1.3 Remotely unlock a LUKS-encrypted Linux server

When I use LUKS to encrypt the root partition on my Linux server, I need to supply the crypt passphrase at boot to unlock the system for startup to continue and get to login. All well and good if I'm sitting in front of the machine with a keyboard and display. But what if it's a headless server? Or located in a remote location? Read more

1.4 Terminal multiplexer: tmux

Useful on desktops and especially on servers, tmux launches a session in the console that can be divided in multiple windows and panes (multiplexing). Where it really differentiates itself from simply opening multiple terminals or logins, though, is the ability to detach/re-attach sessions. Login to the server, open several windows, run ongoing processes, detach session, logout, login, re-attach session, and restore your working environment.

Install ...

$ sudo apt install tmux

In one of my windows on the server, I like to keep an RSS feed reader open and running (see below).

See: Getting started with tmux, and my own tmux.conf configuration.

1.5 Turn off display and close lid

Install vbetool to control the laptop's display backlight ...

$ sudo apt install vbetool

Turn off the backlight with the command ...

$ sudo vbetool dpms off

To close the laptop lid and have the computer continue to run (i.e. don't suspend the system), edit /etc/systemd/logind.conf and change ...

HandleLidSwitch=suspend

... to ...

HandleLidSwitch=ignore

Restart ...

$ sudo systemctl restart systemd-logind.service

2. Services

2.1 Sync data: syncthing

A continuous file synch program that synchronizes files between multiple computers. My home setup is a star layout; that is, I have multiple devices that exchange data with the home server. Read more

2.2 Backups: rdiff-backup

A backup you don't have to think about is a backup that gets done. Read more

2.3 RSS reader: newsboat

Newsboat is an RSS feed reader that runs in a console. I like it!

Install ...

$ sudo apt install newsboat

Create a list of feeds to track in ~/.newsboat/urls. Sample file ...

"query:Unread Articles:unread = \"yes\""
https://www.dwarmstrong.org/feed.xml
https://www.reddit.com/r/archlinux.rss "~r/archlinux"
https://www.youtube.com/feeds/videos.xml?channel_id=UCxQKHvKbmSzGMvUrVtJYnUA "~yt/LearnLinuxTv"

Translates to ...

Run program ...

$ newsboat

2.4 Calendar: radicale

CalDAV and CardDAV are open protocols for sharing a calendar and address book respectively between devices. Radicale is a self-hosted CalDAV and CardDAV server. Read more

2.5 Web and reverse proxy: nginx

Nginx is an open-source, high performance, lightweight HTTP and reverse proxy server. Read more

3. Maintenance and monitoring

3.1 Package updates: unattended-upgrades

On desktops, I like to keep the system updated manually. However, on servers, once you get into several devices, upgrading can quickly get repetitive and timely security updates may be put off.

I use unattended-upgrades to automate the process. Read more

3.2 Logs: logwatch

Keep an eye on the server with logwatch, which combs through the system logs and emails reports.

Install ...

$ sudo apt install logwatch

Configuration file is /usr/share/logwatch/default.conf/logwatch.conf. A daily cron job is placed in /etc/cron.daily/00logwatch. I stick with the default settings, which emails a daily report of yesterday's activity to root, which is forwarded to my username. Run mail to read.

3.3 Process viewer: htop

The top command displays Linux processes, and one of the first packages I install on a new Linux setup is the enhanced, interactive htop viewer. Good-looking and easy to use: see CPU and MEMORY usage at a glance, system load and uptime, kill wonky processes, and more!

Install ...

$ sudo apt install htop

See: A Guide to the htop command in Linux

4. Outside world

4.1 Dynamic DNS: Duck DNS

My home server sits behind a router assigned a dynamic IP address by the ISP. If I want to remotely connect to my server, I can use a Dynamic DNS (DDNS) service to create a domain name, automatically update the IP address whenever it changes, and redirect traffic to the new location.

I use the free DDNS service provided by Duck DNS, which permits the creation of up to five domains in the format <subdomain_name>.duckdns.org.

See the install instructions for setting up a cron job on the server that polls the external IP address assigned by the ISP, and notifies Duck DNS of the current address.

Use Network Address Translation (NAT) on the home router to setup port forwarding, which forwards traffic directed at one of the router's ports to the listening port on the home server.

4.2 Authentication: fail2ban

Fail2ban is a daemon that can block other nodes when there are a certain number of authentication failures.

Install ...

$ sudo apt install fail2ban

Default configuration file is /etc/fail2ban/jail.conf. Don't modify this file directly; create a /etc/fail2ban/jail.local file for any custom details ...

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

The existence of a jail.local file will supersede the jail.conf file.

One option that is a good idea to change right away is to add your local devices to the ignoreip line to ensure you don't lock yourself out. Example: localhost is ignored by default, and I add a few LAN addresses ...

ignoreip = 127.0.0.1/8 ::1 192.168.0.10/24 192.168.0.20/24

Other options include bantime (how long a host is banned when fail2ban blocks it) and maxretry (number of failures that need to occur before fail2ban takes action).

After any configuration change, restart the daemon and check its status ...

$ sudo systemctl restart fail2ban
$ systemctl status fail2ban

5. Helpful

» Later: Install the LTS kernel in Arch Linux

« Earlier: Getting started with Git and GitLab