How to configure a Pogoplug E02 into a NAS server with Rsync, Samba, HDD Automounting, etc., while keeping the Pogoplug services

Backup your Pogoplug system

(optional)

Install ArchLinux

http://archlinuxarm.org/platforms/armv5/pogoplug-v2-pinkgray

Backup of the URL above:

With the device on and online, attempt to SSH to the IP the device received through DHCP. If you are unable to SSH, register and enable SSH through my.pogoplug.com. The default login (unless changed through my.pogoplug.com) is root/ceadmin.
Stop the Pogoplug software, so it doesn't interfere with the install process:killall hbwd
You only need to kill the Pogoplug service the first time you SSH in. Running the installer in the following steps disables it completely.

While connected via SSH to your plug, copy, paste, and run the following commands to download a bootloader that can boot from USB drives:
cd /tmp
wget http://jeff.doozan.com/debian/uboot/install_uboot_mtd0.sh
chmod +x install_uboot_mtd0.sh
./install_uboot_mtd0.sh
After the new bootloader is installed, you will need to use fdisk to partition a storage device. Plug in a 1GB or bigger USB drive. REMOVE ALL OTHER DRIVES. Move everything you need off of the Arch Linux ARM drive and back it up. Everything on the USB drive with be deleted and replaced with Arch Linux ARM.

Set the U-Boot variable to tell the kernel to use ext3:
/usr/sbin/fw_setenv usb_rootfstype ext3
Start fdisk on the USB drive:
/sbin/fdisk /dev/sda
At the fdisk prompt, delete old partitions and create a new one:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Now type n, then p for primary, 1 for the first partition on the drive, and then press ENTER, accepting default values.
Exit by typing w.
Now create the ext3 filesystem:
wget http://archlinuxarm.org/os/pogoplug/mke2fs
chmod 755 mke2fs
./mke2fs -j /dev/sda1
mkdir usb
mount /dev/sda1 usb
Download and install Arch Linux ARM:
cd usb
wget http://archlinuxarm.org/os/ArchLinuxARM-armv5te-latest.tar.gz
tar -xzvf ArchLinuxARM-armv5te-*.tar.gz  # This will take a long time
rm ArchLinuxARM-armv5te-*.tar.gz
sync  # Takes a while when using a flash drive
Clean up and reboot. Cross your fingers and hope for the best.
cd ..
umount usb
/sbin/reboot
The SSH key of your device will be different, so you need to tell Mac OS X or Linux to remove it from ~/.ssh/known_hosts before using SSH again:
ssh-keygen -R 192.168.1.123 # Use your device's IP
Log back in after your Pogoplug reboots using username root and password root.

Initial setup

http://obihoernchen.net/wordpress/770/plug_computer_arch_linux/

After Archlinix installed, login via SSH:

username: root
password: root

Cahnge root password:

passwd root

Updade the packet repository:

pacman -Syu
pacman -Syu

Choose a hostname:

hostnamectl set-hostname ocell

Select correct timezone:

timedatectl set-timezone Europe/Berlin

Keep time updated (it may be already done):

pacman -S openntpd
systemctl enable openntpd

Some extra useful tools:

pacman -S sdparm
pacman -S hd-idle
pacman -S mc
pacman -S vim

pacman -S rsync
pacman -S unison
pacman -S autossh

pacman -S screen

Add more users and setup sudo access

useradd marti

..

useradd rsync

mkdir /home/marti
mkdir /home/rsync

cd /home/rsync
mkdir .ssh
nano authorized_keys
chmod 600 authorized_keys

chown marti:marti /home/marti
chown rsync:rsync /home/rsync

groupadd sudo
usermod -a -G sudo marti
pacman -S sudo
visudo

add

%sudo ALL=(ALL) ALL

Editar i activar hd-idle

sudo vim /etc/conf.d/hd-idle

Set up Munin for system monitoring

pacman -S munin-node

nano /etc/munin/munin-node.con

add:

allow ^212\.83\.63\.165$

munin-node-configure --shell | sh

more info: munin-node-configure --suggest

systemctl start munin-node
systemctl enable munin-node

Keep a reverse tunnel up to reach the NAS system even when it's installed undere a NAT

nano /root/tunnel-start.sh

#!/bin/bash

LOGFILE="/root/tunnel-start.log"
DATE=$(date +'%Y-%m-%d %H:%M:%S')

while [ 1 ]; do
 echo "$DATE - Starting autossh" >> $LOGFILE
 autossh -M 0 -q -N -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -g -R 0.0.0.0:3322:localhost:22 -R 0.0.0.0:3349:localhost:4949 -p23 [email protected]
 sleep 5
done

nano /etc/cron.hourly/tunnel-hook

#!/bin/bash
COMMAND="/root/tunnel-start.sh"
LOGFILE="/root/tunnel-start.log"
DATE=$(date +'%Y-%m-%d %H:%M:%S')

if [ "$(ps ax | grep tunnel-start.sh | grep -vc grep)" -lt 1 ]; then
    echo "$DATE - Starting tunnel-start.sh" >> $LOGFILE
    $COMMAND &
    exit
fi

nano /usr/lib/systemd/system/marti-tunnel.service

[Unit]
Description=Tunnel

[Service]
Type=oneshot
ExecStart=/etc/cron.hourly/tunnel-hook
ExecReload=/etc/cron.hourly/tunnel-hook

RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

systemctl enable marti-tunnel

Install Webmin

pacman -Sy webmin perl-net-ssleay

nano /etc/webmin/miniserv.conf

afegir:

allow=192.168.0.0

systemctl enable webmin
systemctl start webmin

https://deviceip:10000 To lower memory usage go to: Webmin>Webmin Configuration>Advanced Configuration and disable “Pre-load Webmin functions library?”

Disks automount

pacman -Sy udevil

nano /etc/udevil/udevil.conf

Search for default_options_ntfs= and allowed_options= Now we add the option “big_writes” to both lines so it looks like:

..., noatime, big_writes, uid=...

Change mount permisions

Modify line:

default_options_ntfs      = nosuid, noexec, nodev, noatime, nodiratime, big_writes, fmask=0003, dmask=0002, uid=$UID, gid=$GID, utf8

and allow the option:

allowed_options           = nosuid, noexec, nodev, noatime, nodiratime, big_writes, fmask=*, dmask=*, uid=$UID, gid=$GID, ro, rw, sync, flush, iocharset=*, utf8, remount

nodiratime is only to speedup access

mkdir /media

systemctl enable devmon@root

or better, so that the rsync user can set times and perms (use "--modify-window=2 --no-perms" in rsync):

systemctl enable devmon@rsync

reboot

Samba

Colors

mv /etc/bash.bashrc /etc/bash.bashrc-ORIGINAL
nano /etc/bash.bashrc

# /etc/bash.bashrc
#
# https://wiki.archlinux.org/index.php/Color_Bash_Prompt
#
# This file is sourced by all *interactive* bash shells on startup,
# including some apparently interactive shells such as scp and rcp
# that can't tolerate any output. So make sure this doesn't display
# anything or bad things will happen !

# Test for an interactive shell. There is no need to set anything
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.

# If not running interactively, don't do anything!
[[ $- != *i* ]] && return

# Bash won't get SIGWINCH if another process is in the foreground.
# Enable checkwinsize so that bash will check the terminal size when
# it regains control.
# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
shopt -s checkwinsize

# Enable history appending instead of overwriting.
shopt -s histappend

case ${TERM} in
        xterm*|rxvt*|Eterm|aterm|kterm|gnome*)
                PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
                ;;
        screen)
                PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
                ;;
esac

# fortune is a simple program that displays a pseudorandom message
# from a database of quotations at logon and/or logout.
# Type: "pacman -S fortune-mod" to install it, then uncomment the
# following line:

# [[ "$PS1" ]] && /usr/bin/fortune

# Welcome Message
# Arch Linux Logo Welcome Message
c1="$(tput sgr0)$(tput setaf 4)"
c2="$(tput bold)$(tput setaf 4)"
c3="$(tput bold)$(tput setaf 7)"
echo
echo "        $c2,$c1                       _     _ _"
echo "       $c2/$c1#$c2\\$c1        __ _ _ __ ___| |__ | (_)_ __  _   ___  __"
echo "      $c2/$c1###$c2\\$c1      / _\` | '__/ __| '_ \\| | | '_ \\| | | \\ \\/ /"
echo "     $c2/$c1#####$c2\\$c1    | (_| | | | (__| | | | | | | | | |_| |>  <"
echo "    $c2/$c1##,-,##$c2\\$c1    \\__,_|_|  \\___|_| |_|_|_|_| |_|\\__,_/_/\\_\\"
echo "   $c2/$c1##(   )##$c2\\$c1"
echo "  $c2/$c1#.--   --.#$c2\\  $c3 A simple, elegant GNU/Linux distribution."
echo " $c2/$c1\`           \`$c2\\$(tput sgr0)"$'\n'

# Show date
DATE="$(tput setaf 1)[$(tput setaf 6)$(date)"
DATE="${DATE}$(tput setaf 1)]"
echo $DATE
# Show kernel info
KERNEL="$(tput setaf 1)[$(tput setaf 6)$(uname -srmn)"
KERNEL="${KERNEL}$(tput setaf 1)]"
echo "$KERNEL"$'\n'
# Reset colors
tput sgr0

# Set colorful PS1 only on colorful terminals.
# dircolors --print-database uses its own built-in database
# instead of using /etc/DIR_COLORS. Try to use the external file
# first to take advantage of user additions. Use internal bash
# globbing instead of external grep binary.

# sanitize TERM:
safe_term=${TERM//[^[:alnum:]]/?}
match_lhs=""

[[ -f ~/.dir_colors ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
[[ -z ${match_lhs} ]] \
        && type -P dircolors >/dev/null \
        && match_lhs=$(dircolors --print-database)

if [[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] ; then

        # we have colors <img src="http://obihoernchen.net/wordpress/wp-includes/images/smilies/icon_smile.gif" alt=":-)" class="wp-smiley"> 

        # Enable colors for ls, etc. Prefer ~/.dir_colors
        if type -P dircolors >/dev/null ; then
                if [[ -f ~/.dir_colors ]] ; then
                        eval $(dircolors -b ~/.dir_colors)
                elif [[ -f /etc/DIR_COLORS ]] ; then
                        eval $(dircolors -b /etc/DIR_COLORS)
                fi
        fi

        # -- CUSTOM PS1 String START --

        PS1="\[\033[0;37m\]\342\224\214\342\224\200\$([[ \$? != 0 ]] && echo \"[\[\033[0;31m\]\342\234\227\[\033[0;37m\]]\342\224\200\")[$(if [[ ${EUID} == 0 ]]; then echo '\[\033[0;31m\]\u\[\033[0;37m\]@\[\033[0;96m\]\h'; else echo '\[\033[0;33m\]\u\[\033[0;37m\]@\[\033[0;96m\]\h'; fi)\[\033[0;37m\]]\342\224\200[\[\033[0;32m\]\w\[\033[0;37m\]]\n\[\033[0;37m\]\342\224\224\342\224\200\342\224\200\076 \[\033[0m\]"
        # --- Custom PS1 String END ---

        # Use this other PS1 string if you want \W for root and \w for all other users:
        # PS1="$(if [[ ${EUID} == 0 ]]; then echo '\[\033[01;31m\]\h\[\033[01;34m\] \W'; else echo '\[\033[01;32m\]\u@\h\[\033[01;34m\] \w'; fi) \$([[ \$? != 0 ]] && echo \"\[\033[01;31m\]:(\[\033[01;34m\] \")\$\[\033[00m\] "

        alias ls="ls --color=auto"
        alias dir="dir --color=auto"
        alias grep="grep --colour=auto"

else

        # show root@ when we do not have colors

        PS1="\u@\h \w \$([[ \$? != 0 ]] && echo \":( \")\$ "

        # Use this other PS1 string if you want \W for root and \w for all other users:
        # PS1="\u@\h $(if [[ ${EUID} == 0 ]]; then echo '\W'; else echo '\w'; fi) \$([[ \$? != 0 ]] && echo \":( \")\$ "

fi

PS2="> "
PS3="> "
PS4="+ "

# Try to keep environment pollution down, EPA loves us.
unset safe_term match_lhs

# Try to enable the auto-completion (type: "pacman -S bash-completion" to install it).
[ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion

# Try to enable the "Command not found" hook ("pacman -S pkgfile" to install it).
# See also: https://wiki.archlinux.org/index.php/Bash#The_.22command_not_found.22_hook
[ -r /usr/share/doc/pkgfile/command-not-found.bash ] && . /usr/share/doc/pkgfile/command-not-found.bash


# Afegit Marti:

if [[ ${EUID} == 0 ]] ; then
  PS1='\[\033[01;31m\]\h\[\033[01;34m\] \w \$\[\033[00m\] '
else
  PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
fi

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
   PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
   ;;
*)
   ;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    alias dir='dir --color=auto'
    alias vdir='vdir --color=auto'
    alias grep='grep --color=auto'
    alias fgrep='fgrep --color=auto'
    alias egrep='egrep --color=auto'
fi

alias l='ls -alF'
alias ..='cd ..'
alias ...='cd ../..'

nano /etc/DIR_COLORS

# Configuration file for the color ls utility
# This file goes in the /etc directory, and must be world readable.
# You can copy this file to .dir_colors in your $HOME directory to override
# the system defaults.

# COLOR needs one of these arguments: 'tty' colorizes output to ttys, but not
# pipes. 'all' adds color characters to all output. 'none' shuts colorization
# off.
COLOR all

# Extra command line options for ls go here.
# Basically these ones are:
#  -F = show '/' for dirs, '*' for executables, etc.
#  -T 0 = don't trust tab spacing when formatting ls output.
OPTIONS -F -T 0

# Below, there should be one TERM entry for each termtype that is colorizable
TERM linux
TERM console
TERM con132x25
TERM con132x30
TERM con132x43
TERM con132x60
TERM con80x25
TERM con80x28
TERM con80x30
TERM con80x43
TERM con80x50
TERM con80x60
TERM xterm
TERM vt100
TERM rxvt
TERM rxvt-256color
TERM rxvt-cygwin
TERM rxvt-cygwin-native
TERM rxvt-unicode
TERM rxvt-unicode-256color
TERM rxvt-unicode256

# EIGHTBIT, followed by '1' for on, '0' for off. (8-bit output)
EIGHTBIT 1

# Below are the color init strings for the basic file types. A color init
# string consists of one or more of the following numeric codes:
# Attribute codes: 
# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed
# Text color codes:
# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white
# Background color codes:
# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white
NORMAL 00	# global default, although everything should be something.
FILE 00 	# normal file
DIR 01;34 	# directory
LINK 01;36 	# symbolic link
FIFO 40;33	# pipe
SOCK 01;35	# socket
BLK 40;33;01	# block device driver
CHR 40;33;01 	# character device driver

# This is for files with execute permission:
EXEC 01;32 

# List any file extensions like '.gz' or '.tar' that you would like ls
# to colorize below. Put the extension, a space, and the color init string.
# (and any comments you want to add after a '#')
.cmd 01;32 # executables (bright green)
.exe 01;32
.com 01;32
.btm 01;32
.bat 01;32
.tar 01;31 # archives or compressed (bright red)
.tgz 01;31
.arj 01;31
.taz 01;31
.lzh 01;31
.zip 01;31
.z   01;31
.Z   01;31
.gz  01;31
.jpg 01;35 # image formats
.gif 01;35
.bmp 01;35
.xbm 01;35
.xpm 01;35
.tif 01;35

Samba

More info: http://blog.qnology.com/2013/03/tutorial-pogoplug-e02-with-arch-linux.html

pacman -Sy samba

cd /etc/samba
wget http://dl.dropbox.com/u/42238/pogoplug/v2/smb.conf

nano /etc/samba/smb.conf

[global]
 workgroup = MIN_LAN
 server string = OCELL
 netbios name = OCELL
 load printers = no
 printing = bsd
 printcap name = /dev/null
 disable spoolss = yes
 log file = /var/log/samba/%m.log
 max log size = 50
 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
 write cache size = 2097152
 use sendfile = yes

 #unprotected/public share without login
 security = user
 map to guest = Bad User
 guest account = root

#[root$]
#  path = /
#  read only = no
#  public = yes
#  writable = yes
#  #force user = root
#  guest ok = yes

[usb]
  path = /media
  read only = no
  public = yes
  writable = yes
  #force user = root
  guest ok = yes

systemctl start smbd nmbd
systemctl enable smbd nmbd

No se si cal:

systemctl enable samba
groupadd samba

....

REinstall my.pogoplug.com service

http://archlinuxarm.org/forum/viewtopic.php?t=3343

Backup of the URL:

Updated: May 28 2013
- Changed location of hbplug.conf (now it's copied to /usr/local/cloudengines/ and not /usr/local/cloudengines/bin)
- I found no reliable way to generate the service id, so now on you have to do it manually. There's no default /etc/pogoplug.conf

Install with:
CODE: SELECT ALL
pacman -U http://dl.dropboxusercontent.com/u/15043728/ArchLinuxArm/pogoplug-3.3.0-5-arm.pkg.tar.xz


Getting service ID and a proper CRYPTO KEY:
There are several ways to do this, I'll explain one here:

If you are copying the svcid from the bottom of the device skip this step.
1. Run 
CODE: SELECT ALL
/usr/local/cloudengines/bin/hbplug | grep "Device ID"

and take note of the shown Device ID. We are interested in this line, particularly the string in red 
[060343.931][MAIN ][HBPLUG][08] Device ID: 8C3CUTEY6MNGHLCV9FYVUNEZCN
2. Edit /usr/local/cloudengines/bin/hbplug.conf and add your svcid, either the one that you noted above, or the one from the bottom of the device:
CODE: SELECT ALL
nano /usr/local/cloudengines/bin/hbplug.conf

the line "svcid=" should now be "svcid=8C3CUTEY6MNGHLCV9FYVUNEZCN"
3. Now run
CODE: SELECT ALL
/usr/local/cloudengines/bin/hbplug | grep "CRYPTO"
several times until it reads CRYPTO KEY: VALID
Wait a reasonable amount of time before CTRL+C'ing it (60 sec?)
If after 5 runs it doesn't work, reboot and do the same thing until it works. It will eventually.
4. Now you should be set, just move the hbplug.conf to /etc as pogoplug.conf
CODE: SELECT ALL
mv /usr/local/cloudengines/bin/hbplug.conf /etc/pogoplug.conf

Now you can edit /etc/pogoplug.conf to include the directories that you want to be visible by the my.pogoplug.com service

A couple of points:
- config file location /etc/pogoplug.conf --> EDIT IT to get directories visible at my.pogoplug.com
- Format: vfsdir<number>=<name>,<path>
- Example: vfsdir0=plugdata,/media/2TBDrive/Downloads
- Don't change order of variables. Add more directories under each other. E.g Line1: vfsdir0=.. Line2: vfsdir1=..
- includes pogoplug.service for systemd and pogoplug initscript for sysv

Don't forget to (re)register your device at my.pogoplug.com. 

Steps followed:

pacman -U http://dl.dropboxusercontent.com/u/15043728/ArchLinuxArm/pogoplug-3.3.0-5-arm.pkg.tar.xz

nano /usr/local/cloudengines/hbplug.conf

edit

installdir=/usr/local/cloudengines
datadir=./T3000_64k_Backup_U/
vfsdir0=PogoPlug_USB,/media
nohotplug=1
svcid=53UFGEBGD77LEYKX73YFCM6XPW

ocell2

3WQMBM9WNJ32H25LKGWHDDCDP6

/usr/local/cloudengines/bin/hbplug | grep "CRYPTO"
/usr/local/cloudengines/bin/hbplug | grep "CRYPTO"

mv /usr/local/cloudengines/hbplug.conf /etc/pogoplug.conf

systemctl enable pogoplug

Update Kernel

Optional (Not sure if it's needed).

http://obihoernchen.net/wordpress/770/plug_computer_arch_linux/

Backup of the URL above:

8. Update Kernel to >3.2
Warning: This specific instruction works for PogoplugV2 only!
You can brick your device!

The current kernel for PogoplugV2 is 3.1.x but 3.8.x or newer is available.
You have to update manually because newer kernels need a new uboot.

You need the newest uboot to boot Kernels >3.2 so you have to install it before:
If this is a fresh installation you probably have the newest uboot already and you don’t have to do that!


cd /tmp
wget http://jeff.doozan.com/debian/uboot/install_uboot_mtd0.sh
chmod +x install_uboot_mtd0.sh
./install_uboot_mtd0.sh
Then you have to correct your arcNumber and matchid if you didn’t follow “Blink LED to HDD activity”.


pacman -Sy uboot-env
fw_setenv arcNumber 3542
fw_setenv machid dd6
reboot
Now you can install the new Kernel files with:


pacman -Sy linux-kirkwood linux-headers-kirkwood
reboot

Keep dynamic DNS updated from dyndns.org

pacman -S ddclient

vim /etc/ddclient/ddclient.conf

# Basic HTTPS configuration file for ddclient
#
# /etc/ddclient.conf
daemon=600
pid=/var/run/ddclient.pid
ssl=yes
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
login=your-username
password=your-password
protocol=dyndns2
server=members.dyndns.org
wildcard=YES
example.dyndns.info
#custom=yes, example.com

More info: http://dyn.com/support/clients/linux/ddclient/

Disable some logging to extend USB stick lifetime

Info from: http://obihoernchen.net/wordpress/770/plug_computer_arch_linux/

Flash drives have limited number of write cycles and default linux logging will write pretty much so your USB will be destroyed pretty fast.

That’s why a swap file on your USB stick is a really bad idea!

But you can disable some logging to extend the liefetime of your USB stick.

Just edit syslog-ng.conf and disable some of the “log { source(src); filter…” lines at the end of the file.

You can comment out (add a “#” in front of the line) all lines if you want to disable everything.

nano /etc/syslog-ng/syslog-ng.conf I’ve disabled some of them. That’s my example:

# Disable some logging
#log { source(src); filter(f_acpid); destination(d_acpid); };
log { source(src); filter(f_authpriv); destination(d_authlog); };
#log { source(src); filter(f_syslog); destination(d_syslog); };
#log { source(src); filter(f_cron); destination(d_cron); };
#log { source(src); filter(f_daemon); destination(d_daemon); };
#log { source(src); filter(f_kernel); destination(d_kernel); };
#log { source(src); filter(f_lpr); destination(d_lpr); };
#log { source(src); filter(f_mail); destination(d_mail); };
#log { source(src); filter(f_news); destination(d_news); };
#log { source(src); filter(f_ppp); destination(d_ppp); };
log { source(src); filter(f_user); destination(d_user); };
#log { source(src); filter(f_uucp); destination(d_uucp); };
#log { source(src); filter(f_debug); destination(d_debug); };
#log { source(src); filter(f_messages); destination(d_messages); };
log { source(src); filter(f_err); destination(d_errors); };
log { source(src); filter(f_emergency); destination(d_console); };
#log { source(src); filter(f_everything); destination(d_everything); };
#log { source(src); filter(f_iptables); destination(d_iptables); };

On top of that you could disable logging of some servers like samba, minidlna and so on.

I don’t do that because I want to have these logs but to do so set the log path in the config files to /dev/null

Disable System Journal

Info: http://forums.fedoraforum.org/showthread.php?t=292543

It write a lot of data to

/var/log/journal/

Simply disabling a service isn't always enough, and now, I don't know why. To tell systemd that you really don't want it starting at boot, run this as root:

systemctl mask systemd-journald.service

You should see a response telling you that the service has been linked to /dev/null, which will make sure that it doesn't start at boot until you reverse the process by using unmask instead of mask.

BitTorrent Sync (BTsync)

Info from: http://blog.qnology.com/2013/03/tutorial-pogoplug-e02-with-arch-linux.html

BitTorrent Sync is a free utility that uses the bittorrent protocol to keep folders in sync across devices. It can be used with OS X, Windows, Android and Linux.

1. create folder

mkdir -p /usr/local/bin
cd /usr/local/bin

1. download and untar

wget http://btsync.s3-website-us-east-1.amazonaws.com/btsync_arm.tar.gz
tar -xzvf btsync_arm.tar.gz

1. delete unneeded files

rm LICENSE.TXT btsync_arm.tar.gz

1. download service file

cd /etc/systemd/system
wget http://dl.dropbox.com/u/42238/pogoplug/v2/btsync.service

/etc/systemd/system/btsync.service

[Unit]
Description=BitTorrent Sync
After=network.target

[Service]
ExecStartPre=/bin/sh -c 'echo 2 > /proc/cpu/alignment'
ExecStart=/usr/local/bin/btsync --config /etc/btsync/btsync.json
Restart=always
Type=forking

[Install]
WantedBy=multi-user.target

/etc/btsync/btsync.json

{
  "device_name": "My Sync Device",
  "listening_port" : 4523,                       // 0 - randomize port

/* storage_path dir contains auxilliary app files
   if no storage_path field: .sync dir created in the directory
   where binary is located.
   otherwise user-defined directory will be used
*/
  "storage_path" : "/root/btsync",    // "/home/user/.sync",

// uncomment next line if you want to set location of pid file
// "pid_file" : "/var/run/btsync/btsync.pid",


  "check_for_updates" : true,
  "use_upnp" : false,                              // use UPnP for port mapping


/* limits in kB/s
   0 - no limit
*/
  "download_limit" : 0,
  "upload_limit" : 0,

/* remove "listen" field to disable WebUI
   remove "login" and "password" fields to disable credentials check
*/
  "webui" :
  {
    "listen" : "0.0.0.0:8888",
    "login" : "XXXX",
    "password" : "XXXX"
  },

/* !!! if you set shared folders in config file WebUI will be DISABLED !!!
   shared directories specified in config file
   override the folders previously added from WebUI.
*/
/*
  ,
  "shared_folders" :
  [
    {
//  use --generate-secret in command line to create new secret
      "secret" : "MY_SECRET_1",                   // * required field
      "dir" : "/home/user/bittorrent/sync_test", // * required field

//  use relay server when direct connection fails
      "use_relay_server" : true,
      "use_tracker" : true,
      "use_dht" : false,
      "search_lan" : true,
//  enable SyncArchive to store files deleted on remote devices
      "use_sync_trash" : true,
//  specify hosts to attempt connection without additional search
      "known_hosts" :
      [
        "192.168.1.2:44444"
      ]
    }
  ]
*/

// Advanced preferences can be added to config file.
// Info is available in BitTorrent Sync User Guide.




"folder_rescan_interval": 86400,   // 600
"sync_trash_ttl": 0



}

1. start btsync

systemctl start btsync

1. autostart btsync on reboot

systemctl enable btsync

1. http://pogoplug:8888/gui

DNSmasq

Dnsmasq is a lightweight, easy to configure DNS forwarder. Dnsmasq accepts DNS queries and either answers them from a small, local cache or forwards them to a real, recursive DNS server. It loads the contents of /etc/hosts, so that local host names which do not appear in the global DNS can be resolved

pacman -S dnsmasq
systemctl start dnsmasq
systemctl enable dnsmasq

Add your hosts here:

vi /etc/hosts

To use the tool dig install:

pacman -S dnsutils

Optionally modify your /etc/resolv.conf

nameserver 127.0.0.1

IPtables

To filter SAMBA accessing from internet:

iptables -A INPUT -s 192.168.0.0/16 -p udp --dport 137 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -p udp --dport 138 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 445 -j ACCEPT
iptables -A INPUT -p udp --dport 137 -j DROP
iptables -A INPUT -p udp --dport 138 -j DROP
iptables -A INPUT -p tcp --dport 139 -j DROP
iptables -A INPUT -p tcp --dport 445 -j DROP

systemctl enable iptables
systemctl start iptables
iptables-save > /etc/iptables/iptables.rules

You can also add to /etc/samba/smb.conf

# bloqueja access des de internet:
hosts allow = 192.168.0.0/16 10.0.0.0/16 127.0.0.1
hosts deny = 0.0.0.0/0

Speed up SSH /SFTP

Faster than Samba, you can mount a drive via SSHFS, also on windows using https://code.google.com/p/win-sshfs/

To avoid using 3des-cbc which is very slow,add the following to /etc/ssh/sshd_config

#trec el 3des-cbc que necessita molt de processador i fa que les transferencies siguin a 2MB/s enlloc de 5MB/s
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour

Add chroot jailed users to sftp only

mkdir /home/public

Public must be owned by root and read only to avoid Expoids to exit the chroot.

Add all folders that they need to have access to the /etc/fstab:

/media/U3000_64k /home/public/media/U3000_64k none bind 0 0
/media/TREBALL1000_Backup /home/public/media/TREBALL1000_Backup none bind 0 0

Create the subfolders

Edit /etc/ssh/sshd_config

remove

# Subsystem     sftp    /usr/lib/ssh/sftp-server

Add:

# override default of no subsystems
# Subsystem     sftp    /usr/lib/ssh/sftp-server
Subsystem       sftp    internal-sftp

# Example of overriding settings on a per-user basis
#Match User nomusuari
Match Group sftpjailedusers
        X11Forwarding no
        AllowTcpForwarding no
        ChrootDirectory /home/public
        ForceCommand internal-sftp

systemctl restart sshd

adduser public
groupadd sftpjailedusers
usermod -a -G sftpjailedusers public