Notes

Installing and managing Freedom Box

I had a spare Raspberry Pi 3 Model B, and I decided to give it a try with the software produced by the FreedomBox project. I want to check to which extent it could be used for hosting services that most people use “from the cloud”.

My complete environment is:

Installation

Once nice thing about Raspberry Pi is that it boots from a SD card. All you need to do to test a new system is to produce an new SD card that boots it, and insert it in the device. Once I found out which image I had to use for producing a boot Raspberry Pi SD card, the process was absurdly easy.

Raspberry Pi 3 is not a device supported by FreedomBox stable, apparently because it needs some proprietary software for booting (at least when using Ethernet). But you can find an entry about it in the FreedomBox wiki. In that entry, you can find out that bootable images for this device are available only for the testing distribution downloads (and not for the stable one). The image I used was freedombox-testing-nonfree_latest_raspberry3-armhf.img.xz.

For producing the SD card, I followed the instructions in Downloading images, running the checks on the integrity and signatures of the files and all that. Then, I uncompressed the downloaded image, and copied it to the SD card. My card is a 16 GB one, but I guess a 4 GB one would be enough. In my Debian box, I run:

$ xz -d freedombox-testing-nonfree_latest_raspberry3-armhf.img.xz
$ sudo dd bs=1M if=freedombox-testing-nonfree_latest_raspberry3-armhf.img of=/dev/mmcblk0 conv=fdatasync
$ sudo sync

My SD card in Debian was mounted as /dev/mmcblk0. I guess the third line is not really needed, since dd is already syncing, but just in case.

Then, I just removed the SD card from my Debian box, inserted it in the Raspberry Pi, connected it to an spare Ethernet port in my home router, powered it, and it started to run! This was all with respect to installation. See below how I learned that it had booted correctly, and how I accessed it.

Finding and configuring FreedomBox

So I had my brand new FreedomBox up and running, but I still didn’t know it. Following instructions in the How to get Started section in the manual, I used mDNS to access the device. For that, I had to install mDNS in my Debian box, following instructions in the ZeroConf for Debian wiki:

$ apt-get install avahi-daemon avahi-discover libnss-mdns

Once this was done, I just browsed to http://freedombox.local/, and I got the FreedomBox welcome message in my browser.

Just to test it, I also used nmap to find out the IP address that my router had allocated for the device:

$ nmap -p 80 --open -sV 192.168.1.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-03 22:05 CEST
...
Nmap scan report for 192.168.1.75
Host is up (0.014s latency).

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.33
Service Info: Host: 127.0.1.1

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (8 hosts up) scanned in 10.26 seconds

(some other web servers were found, of other devices in my network, but this is the relevant part).

Now, the configuration is just following instructions in the browser. I need to provide a user and password, and that’s all. Pretty simple. Now I’m ready to install apps in my FreedomBox!

FreedomBox apps

Adding firmware for brcm

When looking at dmsg, I see an error which seems to be related to the Broadcom 802.11 wireless card. Nothing that important, since I’m not using it, but just in case…

The error I saw was:

$ sudo dmesg
[   11.131774] usbcore: registered new interface driver brcmfmac
[   11.132290] brcmfmac mmc1:0001:1: firmware: failed to load brcm/brcmfmac43430-sdio.bin (-2)
[   11.132719] firmware_class: See https://wiki.debian.org/Firmware for information about missing firmware
[   11.133208] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.bin failed with error -2

I fix it by installing the corresponding (non-free) package:

sudo apt-get install firmware-brcm80211
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  firmware-brcm80211
0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.
Need to get 4,247 kB of archives.
After this operation, 15.5 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian testing/non-free armhf firmware-brcm80211 all 20180518-1 [4,247 kB]
Fetched 4,247 kB in 1s (8,326 kB/s)          
Selecting previously unselected package firmware-brcm80211.
(Reading database ... 49490 files and directories currently installed.)
Preparing to unpack .../firmware-brcm80211_20180518-1_all.deb ...
Unpacking firmware-brcm80211 (20180518-1) ...
Setting up firmware-brcm80211 (20180518-1) ...

Problems with temperature

My Raspberry Pi was shutting down for apparently no reason from time to time. At first, it seemed to be linked to Syncthing doing its stuff, but after a while, I read in /var/log/syslog, and I found the reason:

Aug  4 18:56:07 freedombox kernel: [17713.777695] thermal thermal_zone0: critical temperature reached (81 C), shutting down

So, the problem is the CPU gets too hot. Maybe linked to Syncthing activity (it seems it uses the CPU pretty hard), but the real problem is thermal. So, I removed the top of the case, and tried with putting the device in a different, hopefully cooler, location. With 40 C outside, about 32 C at home, that’s not easy, though… Let’s see if that works.

I’ve also learned to monitor temperature:

$ cat /sys/class/thermal/thermal_zone*/temp
56920

Temperature is in millicelsius.

To test it over time (every 5 sec. in this case):

$ while sleep 5; do cat /sys/class/thermal/thermal_zone*/temp; done

Installing a USB SSD

I have a SSD with a USB connector. I’m going to install it to extend the storage available in my Raspberry Pi. The process is simple.

First of all, I connect the disk, to know its id:

$ sudo blkid

The relevant field is UUID. I used it for a new entry in /etc/fstab:

UUID="xxx-63a7d4414402" /media/data-jgbarah auto rw,user,auto 0 0

This is all you need…

Using rsync for backing up my laptop

I decided to use rsync for backing up my laptip in the Raspberry Pi with Freedom Box installed. This was easy…

In the Raspberry Pi, I copy my ssh public key to the /root directory (well, in fact I copied all the .ssh directory), and installed rsync:

$ cd
$ sudo cp -r .ssh /root
$ sudo apt-get install rsync

Then, in the laptop I can run rsync as (for example):

$ rsync -va --one-file-system --info=progress2,stats2 --delete \
  /home root@freedombox.local:/media/backups

Installing a Samba server

For sharing data with Linux, Windows and other devices, I install and configure Samba. Most of the procedure I followed is described in How To Set Up a Samba Share For A Small Organization on Ubuntu 16.04.

$ sudo apt-get install samba
$ sudo systemctl stop nmbd.service
$ sudo systemctl disable nmbd.service
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
$ sudo vi /etc/samba/smb.conf

To test the smb.conf file just created:

$ testparm

In the output, you should read “Loaded services file OK”.

Now, let’s create a directory to export:

$ sudo mkdir /media/data-jgbarah/samba/
$ sudo chown :sambashare /media/data-jgbarah/samba/

To create a directory for an existing user:

$ sudo mkdir /media/data-jgbarah/samba/jgb
$ sudo usermod -a -G sambashare jgb
$ sudo chown jgb:sambashare /media/data-jgbarah/samba/jgb/
$ sudo chmod 2770 /media/data-jgbarah/samba/jgb/
$ sudo smbpasswd -a jgb
$ sudo smbpasswd -e jgb

To create two directories for a new, non existing user, which is created too (one directory, common, read-only, and another one, backups, read-write):

$ sudo mkdir /media/data-jgbarah/samba/common
$ sudo adduser --home /media/data-jgbarah/samba/common --no-create-home \
  --shell /usr/sbin/nologin --ingroup sambashare common
$ sudo chown common:sambashare /media/data-jgbarah/samba/common/
$ sudo chmod 2770 /media/data-jgbarah/samba/common/
$ sudo smbpasswd -a common
$ sudo smbpasswd -e common
$ sudo mkdir /media/data-jgbarah/samba/backups
$ sudo chown common:sambashare /media/data-jgbarah/samba/backups/
$ sudo chmod 2770 /media/data-jgbarah/samba/backups/

Now, create a group for administering Samba:

$ sudo groupadd sambadm
$ sudo usermod -G sambadm jgb

And finally, run the Samba server, and open the corresponding service in the firewall

$ sudo systemctl start smbd.service
$ sudo firewall-cmd --permanent --zone=internal --add-service=samba
$ sudo firewall-cmd --zone=internal --add-service=samba

The complete smb.conf file will look like:

[global]
        server string = samba.freebox.local
        server role = standalone server
        interfaces = lo enxb827eb1609dc
        bind interfaces only = yes
        disable netbios = yes
        smb ports = 445
        log file = /var/log/samba/smb.log
        max log size = 10000

[jgb]
        path = /media/data-jgbarah/samba/jgb
        browseable = no
        read only = no
        force create mode = 0660
        force directory mode = 2770
        valid users = jgb @sambadm

[common]
        path = /media/data-jgbarah/samba/common
        browseable = yes
        read only = yes
        force create mode = 0660
        force directory mode = 2770
        valid users = common @sambadm

[backups]
        path = /media/data-jgbarah/samba/backups
        browseable = yes
        read only = no
        force create mode = 0660
        force directory mode = 2770
        valid users = common @sambadm

Mounting Samba directories in my Debian box

For testing the Samba volumes exported by the Freedom Box, I followed the following procedure.

First, I added some lines to /etc/fstab:

# Freedombox Samba shares
//freedombox.local/jgb /media/samba/jgb cifs vers=2.0,credentials=/home/jgb/.smbcredentials/jgb,iocharset=utf8,gid=1000,uid=1000,file_mode=0777,dir_mode=0777,noauto,user 0 0
//freedombox.local/common /media/samba/common cifs vers=2.0,credentials=/home/jgb/.smbcredentials/common,iocharset=utf8,gid=1000,uid=1000,file_mode=0777,dir_mode=0777,noauto,user 0 0
//freedombox.local/backups /media/samba/backups cifs vers=2.0,credentials=/home/jgb/.smbcredentials/common,iocharset=utf8,gid=1000,uid=1000,file_mode=0777,dir_mode=0777,noauto,user 0 0

In the lines above, gid=1000 and uid=1000 should correspond to the gid and id of the user who mounts the partition (so that permissions apply). You can know which ones your user has by running id in a shell.

The files /home/jgb/.smbcredentials/jgb and /home/jgb/.smbcredentials/common are credential files for jgb and common Samba users. Both files should be readable for the user mounting the partition, and for nobody else. The format of both files is like this:

username=common
password=XXXXX

Then, I installed the cifs-utils package, and created the directories to mount:

$ sudo apt-get install cifs-utils -y
$ sudo mkdir /media/samba
$ sudo mkdir /media/samba/jgb
$ sudo mkdir /media/samba/common
$ sudo mkdir /media/samba/backups

Now, I can mount any of this directories just by, for example:

$ mount /media/samba/jgb

I can also mount files from the GNOME Files application, in the “Other locations” menu option.

Letting Samba serve my Syncthing files

I’m backing up some of my devices (phones, etc.) via Syncthing to my Freedom Box. I wanted to browse the backed up files easily from all my devices, and I decided to give Sama a try for that. It proved very easy to configure.

First, I added the user syncthing to the group sambashare, so that Syncthing can write to directories owner by group sambashare:

$ sudo usermod -a -G sambashare syncthing

After that, I rebooted my Freedom Box, just to make sure Syncthing was running under this secondary group (I’m not sure this is really needed, but just in case…).

Then, I created a directory to share in my device. When prompted in the Freedom Box web interface for Syncthing to allow that directory to be shared, I changed the directory that it was offering by default to one under my user directory exported by Samba (jgb, see configuration above): `/media/data-jgbarah/samba/jgb/camera-mobile’

And that’s all, Syncthing just did the rest. I a little while, I had a copy of my files in the Freedom Box, and could browse it from my other devices, including my Debian laptop, just by mounting the corresponding Samba share.