I’ve been using Mac’s for several years now and wouldn’t want anything else as a laptop.
Making a backup is essential of course and for this I use build-in TimeMachine. This requires a ‘TimeCapsule’ which you can buy at Apple or you can build your own on Linux with Netatalk, avahi and a bit of storage.
As server OS not much can beat CentOS in terms of security and stability so it was a simple choice. You can however use a Debian based OS just as easily.
I always like to have large ‘things’ separated by volume but you can use any directory as long as it’s writable by the user and large enough to take backups of the Mac. In the guide I simply use a directory within my home directory.
First install EPEL
rpm -ihv ftp://ftp.nluug.nl/ftp/pub/os/Linux/distr/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
Than use Yum to install the required packages:
yum -y install netatalk avahi dbus nss-mdns
Set services to start at boot:
chkconfig netatalk on chkconfig messagebus on chkconfig avahi-daemon on
Now configure netatalk by editing this line at the bottom of /etc/netatalk/netatalk.conf:
- -transall -uamlist uams_randnum.so,uams_dhx.so,uams_dhx2.so -nosavepassword
Edit /etc/netatalk/AppleVolumes.default and create the network share. Lots of config options you could explore by the way, you can allow groups or users for example and lots more.
If you leave the line starting with ~, you will grant the user also access to his/her home directory. I’m not using this so I deleted that line.
I changed the line with DEFAULT to look like this:
:DEFAULT: cnidscheme:dbd options:upriv,usedots,tm
And I created the share like this:
/home/emiel/TimeMachine allow:emiel "TimeCapsule"
Edit /etc/nsswitch.conf and change the line with hosts to like like this:
hosts: files mdns4_minimal dns mdns mdns4
Create /etc/avahi/services/afpd.service with the contents:
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">%h</name> <service> <type>_afpovertcp._tcp</type> <port>548</port> </service> <service> <type>_device-info._tcp</type> <port>0</port> <txt-record>model=TimeCapsule</txt-record> </service> </service-group>
IPTABLES is running by default and so it should! It’s not that hard to learn so just add the following to /etc/sysconfig/iptables to open up some ports and then reload iptables service. This is not an IPTables guide so I have simply taken the default one and added the ports for AFP and avahi.
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 548 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 548 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 5353 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Now reload iptables to activate the rules:
service iptables reload
You can check iptables with
Time to start the required services:
service messagebus start service avahi-daemon start service netatalk start
You should now be able to open TimeMachine on your Mac from System Preferences and select the new backup disk. First backup can take several hours so be prepared. After that, all will be automated and you can enjoy the comfort of having backups.