Soma thoughts

A project log for Somatic Private Server

A little box of everything you need to bum off someone's internet.

x86 FanBoyx86 FanBoy 05/25/2016 at 11:350 Comments

Just throwing a few things down that might be important.


So the H3's in the Orange Pi range are apparently notorious for getting bloody hot, something I had not found when using the device uncontained.

I did, however, notice that the base of my little box (now dubbed a SPS) was incredibly warm after being on for an hour.

Luckily enough, I ordered a couple Pi heatsink kits not long ago, actually for the voltage regs on the step down, but it looks like they might come in handy here.

Just checked the post, half hoping they'd show up, the orders being local, but it was just some clothing. No fun.

Anyway, I'm now thinking cooling will be a semi serious issue, and you definitely will see some more logs when the fans/heatsink shows up.

Also, I threw two power plugs on the front just coz, but it might actually be pretty handy if you need to move it around.

There isn't enough internal space to put in an internal battery, but that was very much something I wanted to do. Perhaps you could just use an external one instead?

3.7v li-ion, stepped up to 5V for usb, use a 5-12v step up to get it into the SPS, stepped down to 5v for the oppai, and back up to 12v for the LED's. Say it with me, efficiency!

Other than that, for those curious as to how the software on the inside works (and how one might boss-proof the system), here's the basic layout.

I have it working in tandem with a VPS from cloudatcost (not paid to say that, they've been good to me for years now, you just have to fix your own problems, which is fine for me), it sits somewhere in canada and has a 20GB SSD that's about as fast as a 5 year old SD card (guttural snort laughing).

Once powered on, my little boxy thing (SPS, this project) does very little itself. I'm not running anything at boot, because meh.

Once the SPS is all up, the internal router should connect out to the external ethernet port, set up its own little internal network, nat and all, and the oppai is connected to it. I can then connect to the box's wifi network with my laptop, ssh in to the pi, and start what I want.

First thing is to run tmux, I want this running always. Then I run a command that does a handful of things.

First, it's a while loop. It will always run and restart, no matter what inside happens. It then launches autossh, essentially SSH but that reconnects to dropped connections, and autossh connects to my VPS and sets up reverse port forwarding. There is no need to run port forwarding on the router in my box or on any network it's plugged in to, so long as it has IP level access everything's fine (Good for all those living with proxies).

Anyway, once autossh connects in to the VPS it clears a certain mountpoint (you'll understand in a bit) then it uses sshfs, a tool to mount folders from remote machines using ssh, to go back through the ssh tunnel we created earlier, and mount a folder from the orange pi locally on the VPS.

On paper, autossh should be able to reconnect if anything ever drops, but it doesn't. On a graceful exit, autossh closed. Restarting the VPS is considered a graceful exit, and we can't have that, can we?

It also hardens it against tones of thing. Basically you can unplug the thing (keeping it on batteries), plug it in to a completely different network and it seems to pick back up rather smoothly. Once reconnected to the VPS it clears the mount point in case something went bad when disconnecting, and all is dandy.

Now, on my VPS I have a nice little application called MegaFuse, it mounts your storage from as a local folder. Nice stuff. (Also, you can be signed into multiple accounts just by using different instances. Again, tmux is your friend)

I could just rsync it over, on my vps, from the folder that has mega mounted to the folder that has the disk in my oppai, but that's not fun, is it?
Instead, why not make a disk image on the oppai folder, encrypt it, mount the encrypted disk on my VPS, not ever on the pi, and then rsync to that?

Much better. Now not only is traffic going through an encrypted tunnel, inside encrypted with SSHFS, but then even the files being transferred are all encrypted. FUN!

(Starting to realize why my little orange pi was heating up so much. Heh.)

If I have any further thoughts I'll throw them in here, not make a new entry. Or I could just make a FAQ. I wonder if that's what the pages section is for?