Zone Two

Continuing my “I’m on vacation and I have so much mental capacity to finish my projects at home” series of wins, I finally migrated my Zoneminder server from my workstation to a VM I created expressly for this purpose. Now I have two Zoneminder servers that do the same exact thing in different ways. I’ll use the old one for a few days until I’ve verified the suitability of the new one.

Without too much detail, here’s what I had to do:

• Create the VM on my KVM hypervisor and install Debian 12
• VM: install MariaDB, Zoneminder, Postfix, backintime, curl, iptables, netfilter-persistent, fail2ban, iftop, etc, and configure all of that for the basics
• WS: Stop Zoneminder on and export the MySQL database
• Copy the database file to the VM and do a surprise sed transformation to fixup some UTF8 collation strings that MariaDB doesn’t understand
• VM: create the zmuser user in MariaDB with a new password; create the zm database; give this user full grants on this DB
• VM: import the fixed-up database backup
• VM: zmupdate.pl -f to convert this database up through all the version migration actions to the installed version of Zoneminder (super important)
• WS: scp all of the ZM event files (images, videos, XML, logs) to the VM
• VM: zmaudit.pl to purge files/logs that don’t make sense against the database
• VM: Tell Apache about Zoneminder: a2enconf zoneminder ; a2enmod rewrite
• VM: fixup Apache conf to enable ZM API (copy-paste from WS)
• VM: navigate to VM’s Zoneminder site to verify it loads; verify previous events are present, go into Config options and change everything mentioning the old server hostname to the new server hostname. Verify email settings. Verify monitor sources.
• VM: fixup hostnames and whatnot in /etc/hosts, /etc/aliases, etc.
• VM: copy and update any ancillary scripts I use to start/stop the Zoneminder monitoring services with API keys, email addresses, and so on (ugh)
• Test by walking in front of cameras and debug until both servers give the same results

As an extra bonus, I also set up my usual DB dump cronjobs and setup BackInTime to take nightly snapshots. I currently have the first snapshot running, so that’ll be a bit of time yet.

I’ve also set up Fail2Ban with sshd and Zoneminder jails, and made sure iptables functions properly.

Honestly, this is so much work, and I’ve been able to finish it in, eh, two days worth of time, considering I did the VM setup back in 2023 and never touched it until today on Jan 1, 2025. It’s no wonder I don’t do a shit during my typical work week; that’s so exhausting, I don’t give a damn about any of my own stuff.

Vacation is kinda nice. I get to work.