Ben's notes

PC Engines ALIX.2d13 - Debian 12, Bookworm

My 15 year old (2008) ALIX2D13, a 500MHz single x86 CPU, 256MB memory board, is still working! And Debian 12, is still supported! So let's install Debian 12

Documentation sources

Connect and configure BIOS

First we need to get the board out of the case to unplug the CF card
Connect a serial console, power up and boot the board
Enter the BIOS settings, by pressing s
Set the console baud rate to 115200
Exit and save the settings

Prepare the CompactFlash card

Unplug the CF card from the board, and connect it to your host machine.

Partition the CF card:

# Make sure you've got the the right blockdevice here.
CFDRIVE=/dev/sd?

# Unmount partitions if they are automounted.
umount ${CFDRIVE}{1,2}

# Remove partition table
dd if=/dev/zero of=${CFDRIVE} bs=512 count=1 conv=notrunc

# Make a new partion table for /boot and the / root filesystem.
parted --script $CFDRIVE              \
    mklabel msdos                     \
    unit mib                          \
    mkpart primary ext4 1MiB 500MiB   \
    toggle 1 boot                     \
    mkpart primary ext4 500MiB 100%

# Create the filesystems
mkfs.ext4 -L boot ${CFDRIVE}1
mkfs.ext4 -L root ${CFDRIVE}2

# Mount the filesystems
mount ${CFDRIVE}2 /mnt
mkdir /mnt/boot
mount ${CFDRIVE}1 /mnt/boot

Install Debian Bookworm

Install Debian Bookworm with debootstrap:

debootstrap --verbose --arch i386 bookworm /mnt http://ftp.nl.debian.org/debian

Enter the chroot

Bind mount some special filesystems and enter the chroot:

mount --bind /dev/pts /mnt/dev/pts
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
mount --bind /dev /mnt/dev

LANG=C linux32 chroot /mnt /bin/bash

Configure Debian Bookworm

Still in the chroot:

# Configure /etc/fstab
cat > /etc/fstab <<EOF
# file system    mount point   type    options                      dump pass
/dev/sda2         /             ext4    noatime,noatime,commit=120   0    1
/dev/sda1         /boot         ext4    ro,nosuid,nodev              0    2
EOF

# Configure apt
cat > /etc/apt/sources.list <<EOF
deb http://ftp.nl.debian.org/debian bookworm main contrib non-free non-free-firmware
#deb-src http://ftp.nl.debian.org/debian bookworm main contrib non-free non-free-firmware

deb http://ftp.nl.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
#deb-src http://ftp.nl.debian.org/debian bookworm-updates main contrib non-free non-free-firmware

deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware
#deb-src http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware
EOF

# Update the packages
apt update
apt upgrade

# Install needed packages
apt install linux-image-686 grub-pc dnsutils ssh vim dialog locales htop tmux systemd-timesyncd systemd-resolved

# Install grub, change the blockdevice to your own
grub-install --boot-directory=/boot --modules=part_msdos /dev/sd?

# Modify GRUB settings (for serial console) in /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

# Generate a new GRUB config
grub-mkconfig -o /boot/grub/grub.cfg

# Add user and set passwords for user and root
useradd -d /home/user -m -s /bin/bash user
passwd user
passwd root

# Set hostname
echo alix2d13 > /etc/hostname
echo "127.0.0.1 alix2d13" >>/etc/hosts

# Configure the first network interface (as DHCP client)
cat > /etc/systemd/network/enp0s9.network <<EOF
[Match]
Name=enp0s9

[Network]
DHCP=ipv4
EOF

# Exit the chroot and unmount filesystems
exit
umount /mnt/sys
umount /mnt/dev
umount /mnt/dev/pts
umount /mnt/proc
umount /mnt/boot
umount /mnt
sync

Boot the alix2d13 board

Insert the CF card and power it up.

Log in as root and enable networking:

systemctl enable --now systemd-resolved systemd-networkd

Set the timezone:

timedatectl set-timezone Europe/Amsterdam

Configure locales
```
dpkg-reconfigure locales
```

Enable time synchronization:

systemctl enable --now systemd-timesyncd

LED's

The LED's are supported out of the box.

Install sysfsutils:
```
apt install sysfsutils
```

Add to /etc/sysfs.conf:

devices/platform/leds-gpio/leds/alix:1/brightness = 1
devices/platform/leds-gpio/leds/alix:2/trigger = disk-activity
devices/platform/leds-gpio/leds/alix:3/trigger = netdev
devices/platform/leds-gpio/leds/alix:3/rx = 1
devices/platform/leds-gpio/leds/alix:3/tx = 1
devices/platform/leds-gpio/leds/alix:3/device_name = enp0s9

Restart sysfsutils (or reboot) to test:
```
systemctl restart sysfsutils
```

nftables firewall

Configure nftables (examples in /usr/share/doc/nftables/examples):

cat >/etc/nftables.conf <<EOF
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority 0;

                # accept any localhost traffic
                iif lo accept

                # accept traffic originated from us
                ct state established,related accept

                # activate the following line to accept common local services
                tcp dport 22 ct state new accept

                # ICMPv6 packets which must not be dropped, see https://tools.ietf.org/html/rfc4890#section-4.4.1
                meta nfproto ipv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-reply, echo-request, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, 148, 149 } accept
                ip6 saddr fe80::/10 icmpv6 type { 130, 131, 132, 143, 151, 152, 153 } accept

                # count and drop any other traffic
                counter drop
        }
}
EOF

Enable nftables:
```
systemctl enable --now nftables
```
Check loaded rules:
```
nft list ruleset
```

[hardware, pcengines, alix, alix2d13, debian, bookworm]

Table of Contents