El Servidor de archivos permite a todos los clientes conectados a la red interna Red acceder a la documentación y archivos multimedia.

A raspberry pi 2 alimenta al servidor de archivos que se encuentra conectado con al menos un disco duro, utilizando un conector USB a SATA. El contenido del disco duro está encriptado para que no tengamos que preocuparnos de lo que sucede con el disco cuando ya no se pueda acceder.

• Preparar la sd-card con la imagen base de raspian
• Conectar a raspberry a la red
• Conectar el disco(s) con raspberry utilizando adaptadores USB-SATA
• Configure el gateway para dar a raspberry una IP configurada y el nombre local 'file' el origen se encuentra relacionado con la mac-address

Cuando el raspberry se reinicia, se debe obtener la IP configurada (192.168.1.32) en nuestro caso y ya debería estar configurada la ssh: ssh pi@file. Ahora podemos crear usuarios. Esto depende del tipo de fileserver que quieras crear. Nosotros usamos 'core' para los usuarios y para los voluntarios (workaway) que se encuentran con nosotros por largos periodos de tiempo.

Después necesitamos instalar software. Como el sistema puede abastecer de archivos a cualquier PC en la red, instalamos samba y para la encriptación del disco cryptsetup.

sudo apt-get install samba cryptsetup

Para la facil administración tmux dstat htop mc esta instalado también.

Después agregamos al usuario 'echo' al sistema y configurar una costrasena más larga junto con las llaves permitidas y agregamos al usuario a el archivo sudoers. Después desactivamos el usuario 'pi'. Ahora creamos el directorio /data las acciones deseadas y establecer la propiedad raíz a esos directorios. Agregue un archivo 'HARDISK_NOT_MOUNTED' en cada recurso compartido, para que los usuarios vean que algo está mal cuando se reinicia el pi.

Ahora necesitamos la partición del disco(o usar LVM). Cuando el LVM esta en uso, los siguientes comandos son ligeramente diferentes.

fdisk /dev/sda Create a partition for every group of files: core, workaway, public, media and choose the size wisely as changing it afterwards is not easy. Be aware, we use /dev/sda here, check dmesg for the actual device name, otherwise you partition and format the wrong device and you lose all your data!

/dev/sda1 100G core
/dev/sda2 100G workaway
/dev/sda3 200G public
/dev/sda4 1.6T media

When the partitions are ready, we need to run cryptsetup luksFormat for each device and provide a passphrase. Store the passphrase in a secure location that you can access when the fileserver needs a reboot.

$ cryptsetup luksFormat /dev/sda1

WARNING!
========
This will overwrite data on /dev/sda1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 

Repeat this for all partitions.

Then create a script in /data that contains a line for each partition:

/data/unlock_disk.sh

#!/bin/bash

echo 'to unlock you need passwords stored on rh'
echo 'run identity file to get the passphrases for cpublic, ccore, cworkaway and cmedia'
echo 'the unlock will take multiple minutes'
echo '---'
echo 'core'
cryptsetup luksOpen /dev/sda1 ccore
echo 'workaway'
cryptsetup luksOpen /dev/sda2 cworkaway
echo 'public'
cryptsetup luksOpen /dev/sda3 cpublic
echo 'media'
cryptsetup luksOpen /dev/sda4 cmedia

Make the script executable and run it as root. It will ask you for the passphrases and create devices in /dev/mapper.

Now we need to format the devices with a filesystem and set options that unlock all available space on the disk.

$ mkfs.ext4 /dev/mapper/ccore
$ tune2fs /dev/mapper -r0

When the devices are formatted they can be added to the fstab. The noauto is important, otherwise the pi will not boot and drop into a shell - bad thing if you do not have a keyboard and a screen attached:

/dev/mapper/cpublic     /data/public     ext4 defaults,noauto 0 0
/dev/mapper/ccore       /data/core       ext4 defaults,noauto 0 0
/dev/mapper/cworkaway   /data/workaway   ext4 defaults,noauto 0 0
/dev/mapper/cmedia      /data/media      ext4 defaults,noauto 0 0

Then create a script in /data that contains a line for each partition:

/data/mount_disk.sh

#!/bin/bash

mount /dev/mapper/public
mount /dev/mapper/ccore
mount /dev/mapper/cworkaway
mount /dev/mapper/cmedia

Run the script and see that the filesystems are mounted. Check that they are mounted and correct the ownership for the directories in /data with chmod and chown:

root@file:~# mount
/dev/mapper/cmedia on /data/media type ext4 (rw,relatime,data=ordered)
/dev/mapper/ccore on /data/core type ext4 (rw,relatime,data=ordered)
/dev/mapper/cworkaway on /data/workaway type ext4 (rw,relatime,data=ordered)
/dev/mapper/cpublic on /data/public type ext4 (rw,relatime,data=ordered)
root@file:~# ls -la /data
total 32
drwxrwxrwx  6 nobody   nogroup  4096 Oct  3 09:01 .
drwxr-xr-x  4 core     core     4096 Oct  3 09:19 core
drwxr-xr-x  6 nobody   nogroup  4096 Oct  2 13:34 media
-rwxr-x---  1 root     root      115 Oct  3 09:01 mount_disk.sh
drwxrwxrwx  4 nobody   nogroup  4096 Oct  3 09:25 public
-rwxr-x---  1 root     root      413 Oct  3 09:01 unlock_disk.sh
drwxr-xr-x  3 workaway workaway 4096 Oct  3 08:57 workaway

Now it is time to configure samba, open the file /etc/samba/smb.conf and add the following entries:

[public]
  comment = Files accessible to all local and remote users
  path = /data/public
  browseable = yes
  writeable = yes
  guest ok = yes

[workaway]
  comment = Files that are available for users that workaway
  path = /data/workaway
  browseable = yes
  writeable = yes
  valid users = workaway, core
  force group = workaway
  create mask = 0770
  directory mask = 0770

[core]
  comment = Files that are availabel for instructed users only
  path = /data/core
  browseable = yes
  writeable = yes
  valid users = @core
  force group = core
  create mask = 0700
  directory mask = 0700


[media]
  comment = Files that make audio or video signals, you cannot upload anything, use public share and inform core member.
  path = /data/media
  browseable = yes
  read only = yes
  guest ok = yes

you should also change the workgroup at the top of the file to 'ecohackerfarm'.

The last step is to set passwords for the users core and workaway:

smbpasswd -a core
smbpasswd -a workaway

Put a file test.txt into each directory in data and ensure its ownership matches (eg /data/workaway/test should be rw for the workaway group).

Check using a client-system (eg osx) and connect to the server. Connect with no credentials (guest) and check that you cannot use the shares workaway and core, but you can see the testfile in media (but cannot change anything) and you see the file in public (and you can change it). Repeat this for the workaway and the core user.

When everything is done you should reboot the system to see that the service is comming up nicely. After the reboot the shares are available but the clients should only see the HARDDISK_NOT_MOUNTED message. Login and execute the scripts /data/unlock_disk.sh providing the disk-passphrases and /data/mount_disk.sh. Now the clients should see the test.txt again.

Transfer of data to the PI using wifi can be quite slow. If you plan to put a Terrabyte of learning material on it, consider plugging the disk into a real pc with SATA as you will need a 10th of the time:

WIFI: 1MB/s -> 3.6GB/h, the terrabyte will take 277h to copy
SATA: 100MB/s -> 360GB/h, the terrabyte will take about 3 hours to copy

Now your visitors and workaways need to know that there is a fileserver and what to do with it. Write a enduser documentation of about half a page and put it on the wiki and print it out.

For the described installation you need a raspberry pi 2+, a USB-SATA adapter and a harddisk. The costs in 2016 were: 35EUR for the PI, 20EUR for the USB-SATA and 71EUR for the 2TB disk. The system uses about 5W of electrical energy and needs to be always on.

This hackerspace provides a fileserver when you connect to the echo-vpn network. It its name is file and it has the ip-address 192.168.1.32. It provides media files and public storage for everyone and stores documents only accessible for workaways and the core members.

• Open Explorer
• Browse network
• find 'echohackerfarm' and 'file'
• connect to the share you want

• Open Finder
• Select Connect to Server
• Enter

  smb://file

• select the share you want

• Open Files
• Select Connect to Server
• Enter

  smb://file

• select the share you want

As workaway, upload any files (photos, documents or similar) you want to share with other workaways or the core-team into the workaway share. Upload any file you want to share with the whole world to the public share.