My personal scrap book.

Kategorie: Roon

ROON CORE: Install Debian 12.x (Bookworm) and some Essentials

Install Linux Distribution: Debian 12

Download the latest installation image of debian 12 alias Bookworm from: look for the file with the .iso extension:

Now use your favorite imagewriting tool to write this diskimage to a USB stick. (Note this USB stick will be completely wiped during this process)

Boot with this USB stick on your target machine and do a text based install. (Second menu option)

When asked choose LVM with seperate home partition. When you know what you are doing do whatever you like). Assign 256GB to the auto partitioning. (Gives us flexibility later)

In the installation process create a user called roon.

When selecting the install options only choose „ssh server“ and „standard system utilities“ so we get a bare minimum system.

now login as roon and install some fundamentals:

This will

  • update your sytem to allow installing the lastest tools
  • upgrade our base install
  • Install sudo so we can execute privileged commands as our newly created roon user
  • install the curl tool to allow command linde downloads from http sources
  • install your favorite editor (vim or nano)
  • the gnupg key lib
  • a tool to show the usage of your system ressources
# need to do this as root as we do not have sudo yet

su -
apt-get update -y
apt-get upgrade -y
apt-get install sudo curl nano vim gnupg2 htop -y

add user roon to sudo group

usermod -aG sudo roon

ROON CORE: Installing ROON Server

Finally we are almost there

Installing dependencies for roon core:

sudo apt-get install ffmpeg libasound2 cifs-utils  -y

now tun the roon install scripts

curl -O
chmod +x
sudo ./


sudo systemctl status roonserver

should look similiar to:

stop it with

sudo systemctl stop roonserver

You cann now configure your roon server via a roon client app (IOS/Win/MacOS/Android)

ROON CORE: Installing WiFi [optional]

Enable WIFI

On debian 12 network-manager is really working ….

sudo apt-get install network-manager -y
# and find out if it is running
sudo systemctl status NetworkManager

Will output something like this:

find your ssd and connect to it:

nmcli device wifi list
sudo nmcli device wifi connect 'myssd' password 'secret'

nmcli connection show

Let´s make that permanent (you could do this for multiple connections)

# and make it sticky

sudo nmcli connection modify 'apfelhome' connection.autoconnect yes
# and add a high priority

sudo nmcli con modify "apfelhome" connection.autoconnect-priority 100
sudo systemctl restart NetworkManager

and you will find the config in /etc/NetworkManager

Optional configure an hotspot for configurations

configure a hotspot for admin purposes if there is now WLAN:

# Create a new Wi-Fi connection
sudo nmcli con add type wifi ifname wlo1 con-name Hotspot autoconnect yes ssid roon-install

# Set the connection to shared
sudo nmcli con modify Hotspot 802-11-wireless.mode ap bg ipv4.method shared ipv4.addresses

# Set the Wi-Fi security
sudo nmcli con modify Hotspot wifi-sec.key-mgmt wpa-psk
#replace Blaubär01with a password of your choice
sudo nmcli con modify Hotspot wifi-sec.psk Blaubär01

# Enable the hotspot
sudo nmcli con up Hotspot
# give it a low priority 
sudo nmcli con modify "Hotspot" connection.autoconnect-priority 5

to disconnect :

nmcli device disconnect wlo1

ROON CORE: Extending home partition with a second drive

if you do not have a secont drive, skip the first part and start with creating the new LV.

Extend a logical Volume Group [only if you have a second drive]

as we decided to use LVM we need to find the unused drive and extend our LVM group with this drive:

sudo lsblk

will help you to find the unused drive

here we would like to use the SSD /dev/sda

Now we create a physical volume (PV) on this drive:

sudo pvcreate /dev/sda

We find out the name of the volume group we would like to extend:

sudo vgdisplay

and we extend that group with the newly created PV

sudo vgextend roon-core2-vg /dev/sda

sudo vgdisplay


Add a new partition for music in the LV [start here if you do not have a second drive]

using all avialable space:

sudo lvcreate -n music -l 100%FREE roon-core2-vg

create the filesystem:

sudo mkfs.ext4 /dev/roon-core2-vg/music

create the director to mount the new file system to:

sudo mkdir /mnt/music

now edit the /etc/fstab to include:

/dev/mapper/roon--core2--vg-music /mnt/music ext4 defaults 0 2
sudo vim /etc/fstab
# now remount fstab
mount -a
sudo systemctl daemon-reload

and finaly allow the user roon to access all that newly created space:

sudo chown roon:roon /mnt/music
sudo chmod 700 /mnt/music
sudo chown -R roon:roon /mnt/music

ROON CORE: NAS access [optional]

If you would like to sync data from your NAS to the local disc you might wan´t to mount you NAS or remote volume directly.

install the necessary driver for the remote filesystem and create a mount point:

sudo apt-get install cifs-utils smbclient -y
sudo mkdir -p /mnt/NAS-music
sudo chown -R roon:roon /mnt/NAS-music
# try it out
sudo mount -t cifs //paulus/music /mnt/NAS-music/ -o username=nasuser,password=nasPW

und nun bei Bedarf in die fstab: securely store the credentials:

sudo nano /etc/cifs-credentials

should look like this:


And now adjust the security

sudo chmod 600 /etc/cifs-credentials

now edit /etc/fstab and test it

sudo vim /etc/fstab


//yourNAS/yourShare /mnt/NAS-music cifs noauto,x-systemd.automount,,_netdev,credentials=/etc/cifs-credentials,iocharset=utf8,sec=ntlmssp,ro 0 0

reload and test :

sudo systemctl daemon-reload
sudo systemctl restart
df -h

ROON CORE: Sync remote NAS shares to local drive [optional]

we will use rsync to do this (works with mounted USB drives as well)

sudo apt-get install rsync

now we automize it:

create sync script:

nano ~/

rsync -av --progress /mnt/NAS-music/ /mnt/music/

dont´forget to make it executable

chmod +x

This script might run for a very long time… To make it independent from your session you may use a terminal multiplexer called tmux. You find more details at the endo of the following article:
10 Maintenance – Hauptsache es klingt ! (

ROON CORE: Roon Display [option]

You would like to use an attached display to show the ROON web display? Don´t do it on low powerd machines

# add a dedicated user for it 
sudo useradd -m roon-display 
sudo passwd roon-display
# and now install some lightwight X enviroment
sudo apt-get install xorg chromium openbox lightdm xdotool unclutter
# thisis evil
sudo mv /etc/pam.d/lightdm-autologin /etc/pam.d/lightdm

# and edit the lightdm.comf
sudo nano /etc/lightdm/lightdm.conf

modify the following section


Now we configure a very basic window manager called openbox for the autologin user.

 mkdir -p ~/.config/openbox
nano ~/.config/openbox/autostart

and add the following content

xset s off
xset -dpms
xset s noblank
unclutter -display 0:0 -noevents -grab

chromium \
    --disable-gpu \
    --no-first-run \
    --disable \
    --disable-translate \
    --disable-infobars \
    --disable-suggestions-service \
    --disable-save-password-bubble \
    --start-maximized \
    --kiosk "http://localhost:9330/display/" &

The –disable-gpu option took me quite some time to find out. The Mesa Driver for the Iris XE integrated INTEL processor graphic used in combination with the chromium browser has a rendering bug in combination deploying two SODIMMs (thus enable dual channel DRAM access)

Added unclutter to hide the Mouse Pointer.

We should reconnect – here every 5 Minutes – from time to time (is it a bug or feature ?)

as user roon-display do (important needs to be executed in the right user context)

crontab -e

and add

*/5 * * * * DISPLAY=:0 /home/roon-display/

and now we create a script for it

nano ~/
xdotool key shift+F5

and make it executable

chmod +x ~/

ROON-CORE: Security / Firewall

Now install nftables as firewall:

sudo apt-get install nftables -y

start it

sudo systemctl enable nftables.service
sudo systemctl start nftables
sudo systemctl status nftables

edit your /etc/nftables.rules

sudo nano /etc/nftables.rules
# Define your local LAN Subnet
define lan =
define loopback = "lo"

table inet filter {
        chain input {
                type filter hook input priority filter; policy drop;
                # let´s be statefull
                ct state established,related accept
                # Needed for ROON Server
                iifname $loopback counter accept

                meta pkttype multicast counter accept
                meta pkttype broadcast counter accept
                # allow ssh access
                tcp dport 22 accept
                # roon comms
                ip saddr $lan udp dport 9003 counter accept
                ip saddr $lan tcp dport 9300-9339 counter accept

                # Apple Airplay
                ip saddr $lan udp dport 32768-65535 counter accept
                # Devialet Air
                ip saddr $lan tcp dport 32768-65535 counter accept
                log prefix "nftables: " flags all

        chain output {
                type filter hook output priority filter; policy accept;

Let´s see if it worked:

sudo nano /etc/nftables.conf

should look like:

#!/usr/sbin/nft -f

flush ruleset
include "/etc/nftables.rules"

and finaly test it by restarting

sudo systemctl restart nftables
sudo nft -s list ruleset

and to see the firewal log for bug fixing:

sudo journalctl -f -k | grep 'nftables'

or see the history:

sudo journalctl -k | grep 'nftables'

ROON CORE: Maintenance and Trouble Shooting

various topic and tools to ease the trouble shooting:

Temperature Measurement

as many of us want to use passively cooled system, looking at the various temperature sensors deployed in the system is helpfull:

sudo apt install lm-sensors
sudo sensors-detect --auto
sudo sensors

my passively cooled NUC 13 stays nice and cool even while indexing:

Checking System Ressource Usage

you may stop it with CTRL-C

sudo htop


We have to get used to systemd and the logging and service management. Here some hints where to find logs

Roonserver and Raatserver logs can be found:

# Everything regarding the Management of your music, Desktop,....
# Audio Backbone : (Roon Advanced Audio Transport

You may to use journalctl to derive logging of the roonserver systemd unit.

sudo journalctl -u roonserver

sudo journalctl -u roonserver 

To get a list of all services which are running and can be used as filter or to be modified by systemctl:

systemctl | grep running

Most command commands within systemctl

# get the status of a service
sudo systemctl status roonserver
# start the service
sudo systemctl start roonserver
# stop the service
sudo systemctl stop roonserver
# stop and emideatly restart
sudo systemctl restart roonserver
# start service when booting(does not immideatly start it, you have to do it manually if you do not reboot!
sudo systemctl enable roonserver
# disable from autostart
sudo systemctl disable roonserver

Usefull Options for journalctl

# -k gets your the kernel log messages (eg nftables events)
sudo journalctl -k | grep 'nftables'
# while this gives you anything which is related to the service managment 
sudo journlctl -u nftables
# there are plenty way to to filter for the event time e.g.
# everything since the last boot
sudo journalctl -b
# specific timestamp
sudo journalctl --since "2023-01-01" --until "2023-01-31"
sudo journalctl --since today
sudo journalctl --since "2024-01-17 12:00:00"

# and to get continous logging to you console use -f
# like tail -f in good old times....
sudo journalctl -kf | grep 'nftables'

Run sessions in your user context tht survive you ssh session

For long running scripts it is helpfull to make a user sesion independent from your ssh conection. Normally your session ends with all running cripts as soon as you disconnect your ssh connection, however there are basiclly two tools to allow you to run „virtual screens“ for session. The traditional one is „screen“ however the more modern and ressource friendly way is „tmux“. You can also run multiple session in one connection.

# install tmux (terminal multiplexer)
sudo apt-get install tmux
# start a new virtual screen
tmux new -s session_name
# after you closed your connection try 
tmux ls
# and you find all open virtual windows
# than connectto it
tmux attach -t session_name
# You can also start tmux without any parameters and than do CTRL-B W

# you shall try CTRL-B ? to seel all available shortcuts within a tmux screen

to close all sessions and windows and clean upp (alls sessions will e interrupted

tmux kill-server

you can modify the sync script like this:


tmux new-session -d -s rsync-session "rsync -av --progress /mnt/NAS-music/ /mnt/music/; tmux kill-session -t rsync-session"

This open a new session -d detached so it can run in the background. After the rsync has been done it will kill this new session.

you may see the progress if you attach yourself with tmux

tmux attach -t rsync-session