New Omnia owner: Looking for pointers on projects and goals

I’ve had my new Turris Omnia for a few weeks, and have the basics configured. I’m looking to stretch out a bit in capabilities, and am looking for some general pointers. I realise this post covers a fair bit of ground, but as a new user / orientation item it might be useful.

  • The LAN includes several systems, mostly wired desktops and a few wireless devices. This is working wonderfully.

  • There is a USB printer I’m trying to get configured. I’ve settled on CUPS rather than P910nd, as there are multiple users, and a queueless system doesn’t seem appropriate. I can print, but not in colour, and am looking for troubleshooting suggestions. The CUPS project site seems a bit worse for wear. StackExchange seems more active for support.

  • I’d previously run DD-WRT with an extensive DNSMasq configuration. This allows one to do interesting things, such as, say, put a Sci-Hub host on every IANA-listed TLD. I’d also like to beef up the LAN DNS support and include ad-blocking.

  • I’m looking at other possible projects: fileserver. LED configuration for status information (which includes thinking through what status I’d like to note), and maybe some proxy services. I’m sure others will come to mind.

  • I’ve a long background in Linux and am very comfortable on the shell (more so generally than Web interfaces). I’ve realised that it’s possible to get into conflicts with Turris over some packages, and am looking to avoid that where possible. At the same time, CLI (or scripted) configuration is something I generally prefer. I’ve been using DD-WRT off and on for a decade or so, but am new to OpenWRT. Liking it so far.

  • I’m looking at (and for) documentation and have in mind a more substantive advanced administration manual that would address, generally, the Turris project itself, the Omnia, the relationship with OpenWRT and Linux (and what each respective domain addresses), the Fortis and LuCi Web administrative interfaces, packages, projects (e.g., printing, file sharing, adblocking, etc.), hardware hacking, and perhaps development on / for the Omnia and other Turris projects. If there’s a similar effort under way, this might not be necessary, if not, I wouldn’t mind attempting a start at this.

I’ll spin off specific questions into their own discussions, but thought I’d leave this as a bit of a catch-all thread as well.

Thanks.

2 Likes

Documentation: see https://doc.turris.cz/doc/en/start and this forum. I don’t think there’s any other larger source.

DNS

The default server on Omnia is knot-resolver.

For ad-blocking there are two common approaches – adblock package and DNS via pi-hole. I have no idea what “beefing up” means; knot-resolver is rather flexible, at least in principle.

Sci-Hub: I didn’t read details, but you can easily inject custom name-IP pairs, as described in wiki.

1 Like

I suggest you this thread and project for nice led tuning:


however unfortunately the dev has stopped responding recently.

For your question: LuCi is a general Openwrt GUI for all kind of stuffs, while Foris is the Turris team’s own GUI for easy setup of a smaller selection of features, like OpenVPN.

1 Like

I’ve solved … or at least diagnosed one problem. Colour printer configurations work much better when there’s a charged colour-print cartridge in the printer.

Print configuration appears sorted.

I did have to go through the lpadmin command line on OSX / MacOS in order to get the printer configured however:

sudo lpadmin -p <printer-name> -E -v ipp://turris/printers/<printer-queue>

Note that <printer-name> is any arbitrarily-selected name on OSX. <printer-queue> is the configured printer name on the Turris. It should be the 2nd field of line(s) beginning printer from the lpstat -p -v command:

lpstat -p -v | awk '/^printer / {print $2}'

Thanks, I’d sorted out the relationship between Fortis and LuCi. I’ve looked at the LED config (and played a bit with rainbow for grins).

One thing I’d like is an indication of a pending update / reboot requirement. I’m thinking an amber or blinking (or combination thereof) power LED. Maybe a blue/amber toggle.

Thinking through what I want displayed on the LEDs is a large part of this :wink:

Thanks. I’d seen reference to knot-resolver, but hadn’t fully sorted its role.

Generally: a list of services, the software providing them, and the upstreams (which I can probably track through OpenWRT) is something I’d like to note. This isn’t readily available from the command line as there are no manpages, many utilities don’t respond to a -v or --version switch, and I’m still sorting out opkg’s options and capabilities.

I’d seen the adblock package and am planning on taking a look at that.

Is there a reference to how pi-hole is configured on the Turris / OpenWRT? Is this installed as a package, a virtual host, or …?

“Beefing up”: I’d created a configuration directory approach, using a master file that included additional configs, for DNSMasq. That gave me:

  • Basics: server-level configuration – interface, files, dhcp options and range, cache size.
  • A list of DHCP hosts
  • Some custom configurations, including local prefixes and negative TTLs, bogus-nxdomain configs.
  • Various adblocking not addressed through larger hostfiles. Generally hosts added as I encountered them.
  • The additional (adblocking) hosts files.
  • Specific adblock holes, and other workarounds. This would apply, say, for hosts on blocked domains or TLDs I wanted to allow specifically, including specific sets (e.g., Mastodon instances on otherwise-spammy TLDs).
  • A list of 1500+ sci-hub hosts defined across all IANA TLDs, for grins.
  • Several other specific sets of blocked or allowed hosts / domains / TLDs derived by (and used for) various specific purposes and processes.

The overall result was a flexible configuration, parts of which were automatically generated and/or updated, others that I manually maintained, and some of which were pretty much static. I kept the entire set under git off the DD-WRT router (which was and is tiny, size being a reason for a fair bit of the juggling). I’d scp changes to static storage on that device and restart the DNS server. This usually worked (and if not, it was pretty easy to find/revert changes).

That’s what I have in mind by “beefing up”.

My main concern is putting my configs somewhere that knot-resolver will see them, but not mess with them.

People install pi-hole in LXC, IIRC.

DHCP for LAN is still handled by dnsmasq by default. Knot-resolver isn’t config-compatible with dnsmasq, except for some basic things like “hosts files”. In theory it’s very flexible, running your lua scripts during DNS resolution, but configuring some involved aspects has a steep learning curve.

Some people still run dnsmasq for DNS, but that’s not an officially supported configuration, and it seems a bit tricky to do without breaking on upgrades; you can search the forum.

From your reply i suppose that you did not tried LXC container yet, so I would recommend you to make some research about it as it is imho best thing on turris. You can run multiple virtual linux servers on your turris each with own IP configuration and you can dedicate one to PI hole. You can start / stop them individually and on omnia you have option to run various different linux distributions. And NO PI-HOLE is not on openwrt but you have to install it into one dedicated LXC you create for PI-HOLE.

2 Likes

Right. I’ve got my LAN hosts configured via DHCP. It took me a little longer to get the static hosts (the router itself and the DSL modem) to turn up. For some reason when I resolve a local host, I’m fed both the address and two NXDOMAIN results. From a Debian box:

$ host robby
robby.lan has address 192.168.32.102
Host robby.lan not found: 3(NXDOMAIN)
Host robby.lan not found: 3(NXDOMAIN)

OSX results are similar.

Those seem to be all from the router’s nameserver. AFAIK I’ve configured these only in DNSMasq, not in knot-resolver.

I’ll see about shifting my configs to knot-resolver and ad-blocker. I’d been trying to diagnose my … what turned out to be a printer cartridge problem … first. Sigh.

host command asks for A, AAAA and MX. You apparently get NXDOMAINs for the latter two; host -v robby would show more details.

(Yes, that should really be NODATA, but you just need a real authoritative server to get truly correct answers to everything.) EDIT: I should say here that auto-import of IPv6 addresses to DNS is not handled ATM, too. Manual IPv6 hints should work fine.