From f499ef8cd2f632f09063ff6edbf1f1febad9a90b Mon Sep 17 00:00:00 2001
From: Vincent Sanders <vince@kyllikki.org>
Date: Mon, 29 May 2017 11:52:56 +0100
Subject: commit instructions for a scaleway node

---
 continuous_integration/debian_stretch_setup.mdwn | 134 +++++++++++++++++++++--
 1 file changed, 127 insertions(+), 7 deletions(-)

(limited to 'continuous_integration')

diff --git a/continuous_integration/debian_stretch_setup.mdwn b/continuous_integration/debian_stretch_setup.mdwn
index 12a91cf..961e8af 100644
--- a/continuous_integration/debian_stretch_setup.mdwn
+++ b/continuous_integration/debian_stretch_setup.mdwn
@@ -47,12 +47,134 @@ Once installed:
 
 `apt-get install linux-image-4.3.0-0.bpo.1-arm64`
 
+### Scaleway node
+
+Scaleway servers are currently used for ARM64 and armhf
+workers. Although we have self-hosted hardware for both of these node
+types these nodes are conveniant alternatives. For AMD64 workers
+just create zero cost instances on phoenix!
+
+Use the scaleway dashboard to create a server of the correct
+architecture and Debian jessie image (it has to be upgraded currently)
+a minimal 50G root volume is plenty of storage.
+
+once started ssh to the image using the appropriate ssh key
+
+`ssh -i .ssh/keys/id_rsa.netsurf root@1.2.3.4`
+
+edit \etc\hostname to contain nsciworker17
+
+edit \etc\hosts to set loopback name resolution
+
+`adduser netsurf`
+
+ensure netsurf user has ssh key installed
+
+edit /etc/group to add netsurf to sudo group
+
+edit /etc/apt/sources/list to be stretch
+
+`apt-get update`
+
+`apt-get dist-upgrade`
+
+`apt-get clean`
+
+`halt`
+
+use dashboard power toggle to force a hard reboot
+
+login as netsurf and use `sudo -i` to get root terminal
+
+edit /etc/ssh/sshd_config to disable password login
+
+    # To disable tunneled clear text passwords, change to no here!
+    PasswordAuthentication no
+
+`# apt-get install fail2ban`
+
+edit /etc/fail2ban/jail.local
+
+    [DEFAULT]
+    
+    # "bantime" is the number of seconds that a host is banned.
+    bantime  = 1200
+    
+    # A host is banned if it has generated "maxretry" during the last "findtime"
+    # seconds.
+    findtime = 1200
+    maxretry = 3
+    
+    [ssh]
+    
+    enabled  = true
+    port     = ssh
+    filter   = sshd
+    logpath  = /var/log/auth.log
+    maxretry = 2
+    
+
+`# apt-get install openvpn`
+
+create /etc/openvpn/netsurf.conf
+
+    client
+    dev tap_netsurf
+    proto tcp
+    remote vpn.netsurf-browser.org 1194
+    resolv-retry infinite
+    nobind
+    user nobody
+    group nogroup
+    persist-key
+    persist-tun
+    lladdr 0E:00:00:00:03:17
+    
+    ca      /etc/openvpn/netsurf-keys/ca.crt
+    cert    /etc/openvpn/netsurf-keys/ciworker17.crt
+    key     /etc/openvpn/netsurf-keys/ciworker17.key
+    
+    ns-cert-type server
+    
+    comp-lzo
+    
+    # Set log file verbosity.
+    verb 3
+    
+    script-security 2
+    up /etc/openvpn/netsurf-up
+    down /etc/openvpn/netsurf-down
+
+create /etc/openvpn/netsurf-up
+
+    #!/bin/sh
+    
+    ifup tap_netsurf
+
+create /etc/openvpn/netsurf-down
+
+    #!/bin/sh
+    
+    ifdown tap_netsurf
+
+edit /etc/network/interfaces and add
+
+    # netsurf
+    auto tap_netsurf
+    iface tap_netsurf inet dhcp
+
+mkdir /etc/openvpn/netsurf-keys
+
+copy openvpn keys from master node into /etc/openvpn/netsurf-keys
+
+
+
 ### Banana Pi
 
 This system is a dual core ARMv7 allwinner using the armhf ABI
 
 Used the install SD media from
-[[http://www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/ Igor Pecovnik|http///www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/_igor_pecovnik]]
+[[armbian|https://dl.armbian.com/bananapi/Debian_jessie_next.7z]]
 
 -   unzip and write raw file to full size SD card.
 
@@ -106,16 +228,14 @@ Once installed:
 
 This system is a quad core ARMv7 allwinner H3 using the armhf ABI
 
-Used "mini" install media from
-[[http://www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342 loboris|http///www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342_loboris]]
+Use [[armbian||https://dl.armbian.com/orangepipc/Debian_jessie_default.7z]]
 
--   unpack image and write to micro SD card and configure as per loboris
-    instructions, careful installation steps are not immediately obvious
+-   unpack image and write to micro SD card and configure as per banana pi
+    instructions
 
 Once installed:
 
--   first login as orangepi:orangepi which will need to be immediately
-    changed
+-   first login as root:1234 which will need to be immediately changed
 
 `* superuser available via sudo -i`
 
-- 
cgit v1.2.3