Hello,
I am using headless Fedora Server Edition since version 26.
Now I am on 33 and I am very satisfied to run Fedora as home server.
The server is used for the following services:
- Nextcloud (latest version official packages from Nextcloud) and OnlyOffice with Apache, MySql, Php-fpm, Redis, fail2ban
- TV streaming via tvheadend
- Local Samba server
- As a part of a little renderfarm with virtual Windows 10 via qemu-kvm, virtio for GPU passthrough
- and last but not least as mediaserver for individual Kodiclients at home
I connect to the server via Cockpit and ssh using 2FA Google-Authenticator.
The biggest challenge is SELinux. The guides on Google are not detailed enough with a lot of bug reports on Github.
I needed to issue the following to run Cockpit, ssh and OnlyOffice smoothly:
semanage permissive -a httpd_t
semanage permissive -a cockpit_session_t
semanage permissive -a sshd_t
I know the right way is to create rules but that’s something I do not know, because I do not understand how to use audit2allow.
Isn’t it possible to create an overview which is specified to Fedora (maybe also Centos) where users collect their solutions to fix SElinux permissions for upcoming Nextcloud versions and its content?
I also could wish an overview for generell Fedora Server hardening and optimizing. The most guides on Google are based on Ubuntu and its derivats.
Last but not least: what about gpu passthrough by using Cockpit? I came over some tutorials they all are using GUI and virt-manager. How to do in Cockpit without GUI?
Best regards,
Woti