Recently I’ve been tinkering with RockPro64 and decided to install NextCloud on it as a medium to sync data between my computers and phones, as well as using it as a backup storage. The setup is as follows:
- RockPro 64, 4GB RAM, with 32GB Micro-SD card, PCI-E to SATA-2 adapter
- Operating System: Dietpi based on Debian “buster”
- Two 1TB Hard drives that will be used for RAID 1 Array
- Encrypted Storage with LUKS and LVM2
- Nextcloud installation
- Self signed HTTPS
- Dynamic DNS and port forwarding port 443(HTTPS) to the NextCloud using a Mikrotik router
In the following series of post, I will walk through the above setup one by one, provide the necessary configuration and information to complete the above setup.
Download and install DietPi on RockPro64
- Download the image from DietPi website.
- To write the image to Micro-SD card, use Etcher.
- Insert the Micro-SD card back to the computer. DietPi will automatically update on the first time boot up.
Initial system configuration
- The first screen you will see is DietPi-Software. I suggest go to DietPi-Config > Language/Regional Options and update the Timezone and Keyboard.
- On SSH Server, we will use OpenSSH instead.
- You may browse Software Optimised and Software Additional to see what application is available for you. We will install the required software later. When you finish, Select Install.
Setup RAID 1 with LUKS and LVM2
Install required packages
apt install mdadm cryptsetup lvm2 -y
Configure RAID 1 Array
With lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT command we can see the 2 drivers that will be used for the RAID 1 is labeled sda and sdb. Using this information, we can create the RAID1 arry with the following command:
mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda /dev/sdb
Type y to continue if it warns about this array has metadata at the start and may not be suitable as a boot device.
To see the progress on the syncing of the array, cat /proc/mdstat:
root@DietPi:~# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdb[1] sda[0]
2930134464 blocks super 1.2 [2/2] [UU]
[>....................] resync = 0.0% (973056/2930134464) finish=250.8min speed=194611K/sec
bitmap: 22/22 pages [88KB], 65536KB chunk
It shows us that it will be fully synced in about 250 minutes. In the mean time, we can continue to set up the file system.
To assemble the RAID automatically after each restart, we can configure the /etc/mdadm/mdadm.conf file:
mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf
Encrypt the block device and create file system
Issusing the following command to encrypt /dev/md0:
cryptsetup -c twofish-xts-essiv:sha256 -y -s 512 -h sha1 luksFormat /dev/md0
Beware of the password entered here because losing it means losing the data inside.
Immediately we will decrypt the block device and create a physical volume and volume group:
root@DietPi:~# cryptsetup luksOpen /dev/md0
Enter passphrase for /dev/md0:
root@DietPi:~# pvcreate /dev/mapper/crypt1
Physical volume "/dev/mapper/crypt1" successfully created.
root@DietPi:~# vgcreate -v cryptvg /dev/mapper/crypt1
The command vgdisplay provides detailed information about the volume group we just created. Notice this line, the number here will be used for the next command:
Total PE 715360
To create logical volume with the number above:
lvcreate -l 715360 -n datalv cryptvg
To create ext4 filesystem on the logical group:
mkfs.ext4 -L datalv /dev/cryptvg/datalv
We will mount the filesystem on /mnt/md0, to create the directory:
mkdir /mnt/md0
If you are not really sure what the label should be used for the next step:
fdisk -l
You may see a lot of devices here, the one we will use is /dev/mapper/cryptvg-datalv. Add the following line at the end of /etc/fstab to specify the mount point:
/dev/mapper/cryptvg-datalv /mnt/md0 ext4 noauto,noatime 0 0
You may mount the filesystem now:
mount /mnt/md0
Last but not least, update the initial RAM file system:
update-initramfs -u
Now, after each restart you will have to manually decrypt the block drive /dev/md0 and mount the volume groups, otherwise the filesystem won’t be available, you may do so with the following commands:
cryptsetup luksOpen /dev/md0 crypt1
mount /mnt/md0
Now that we have setup the RAID and filesystem, on next post I will walk through the installation of NextCloud, which made very simple thanks to DietPi.