What can I do with it
Before I go into depth about creating a small headless Linux computer, I’d like to offer some thoughts about what one can do with such a device. This list is by no means complete and you, the reader, may have your own thoughts about where you are itching to get startet.
Router
My first thought was to use the device to create a router (in fact this was the first device that I built). Now there is a great number of routers out there - specifically for use at home or in small offices. Many of these already come with Linux and everything else the heart desires - including a WLAN access point. What, then, would be the point of yet another router? To top it off, I would have to buy the WLAN module separately.
One advantage is the flexibility. I can buy a device with one, two or three ethernet interfaces, depending on the application, and build a router that is tailored exactly to my needs. But wait, you might think, why would I want a router with just one interface? Now there is the option of using such a device to retrospectively set up an additional transition to the new IPv6 protocal via a suitable tunnel provider in an old IPv4 network. Or I can connect to another network via VPN and use this device as a VPN router. The point behind a router with two interfaces is obvious. With three interfaces I can build a poor mans DMZ without having to resort to two devices like I had to with SOHO routers.
Well that covers flexibility. What else? Another advantage, that applies to other projects as well, is that I don’t need to cross compile the software. Instead I can mostly use the software packages that come with my chosen Linux distribution. That saves tremendous time when I only want to try out something. I can directly use software in the repositories of my distribution or install software on the router that was compiled for a PC. At the same time I receive the security updates of my distribution.
In the end I have such a vast amount of software at my disposal that I can diagnore or monitor anything I want in my networks within the limits of the interface transfer rate of 100 mbit/s which is usually sufficient for most WAN connections.
A router with ALIX can be left running and be switched off at any time. Since there are no moving parts (fan or hard disk) necessary to run it, there is little risk that it will fail - at least in this regard.
Firewall / packet filter
A network firewall, or packet filter, is closely related to a router and is another example of an application.
Why, you may ask, would I risk securing my network with a handmade firewall when I can get certified firewalls from experts in this field which are good value for money and include support if I have problems and training if I need it. The simple answer is: nobody is making you. With issues of security as with all other matters everyone should weigh the pros and cons for themselves and make their own decisions.
So what are the arguments in favor of a home-made firewall? First and foremost, you need to have the necessary expertise or at least this should be acquired during the project. This knowledge includes understanding the tasks of a firewall and the way a firewall works, as well as the possibilities and constraints of a Linux system. Then there is the size of the risk that has to be considered. If the value of the network and the data that you want to protect is less than the price of a commercial firewall, this could be a point in favor of building it yourself. Finally if I only want to place an additional and/or temporary packet filter in the network a self built device may be better - especially if I already have the necessary knowledge required to do this.
What else do I need for a firewall? First I need a device with two or, better, three network interfaces. With three interfaces I can use two for the production networks and the third for administration. This way the firewall cannot be manipulated from the production networks.
For software I need iptables for the configuration of the filter tables and ebtables if I want to use the packet filter as a (layer 2) bridge instead of a (layer 3) router. Finally, I need suitable software to manage the firewall rules (I like ferm for this but you might have other preferences). If the firewall is to function as an VPN gateway, I need the appropriate software (openvpn, strongswan, etc).
It makes sense to have a device in the network where I can send log messages to monitor the firewall.
Streaming client for music from the net
Voyage Linux, itself derived from Debian GNU/Linux has a variant called Voyage MPD that is dedicated to this topic.
What else do I need for this? I need a Linux-supported soundcard and an infrared sensor for the remote control. I also need a mini keyboard to operate directly at the device and a small LCD display. I could connect a hard disk and play the music off it or I could get everything off from a server. I could build the box myself or have it made according to my specifications. one possibility would be to use an old sound system for the housing.
Network information server
What exactly is this, you may ask? It’s used as follows: When I want to connect a computer to a network it’s not enough to just plug a cable into an ethernet socket. The computer must know the following information in order to communicate with other computers on the local network or internet:
- Which addresses are valid in the local net and which off these can it use?
- What are the addresses of the gateways to other networks?
- What are the addresses of the nameservers that it can use?
- Where can it get the current time?
- And perhaps: where can it get its operating system?
Part of this information may be configured automatically with IPv6. IPv4 does have similar solutions now with Bonjour and Zero Configuration Networking. I use DHCP servers if I want more controle over the network. These should be some of the first devices switched on in the network and the last devices switched off. It’s an ideal job for such a small permanently running device. I could also install a time service (NTP) and, while I’m at it, the name service (DNS), too. If I want to provide system images to boot other computers from, I would probably need an additional hard disk.
File, streaming or web server
Whether I would really want to run this from a small headless computer depends on the application. I would definitely need to test whether its performance is sufficient. If it is, I could plug in one or multiple hard disks and keep the operating system on the CF card.
A weather station or something similar
This depends on the device which I’m compiling the data from. Most have a serial or USB interface. I might need a USB serial converter.
If I want to read data continuously, I’ll want to store the data somewhere. Because I really want to avoid constantly writing on the flash memory, I could use an external hard disk or some storage device in the network. Both of these may suddenly disappear, so I have make provisions for this case. It would be possible to connect an internal hard disk and use this as permanent storage.
A controlling computer for your own hardware project
The project dictates what additional hardware and software I need.
With the I²C bus I can directly control some circuits, for instance the PCF8574 with eight digital input and output lines, or the PCF8591 with four 8-bit A/D converters and one D/A converter.