For UFW and Docker I use a program called UFW-Docker
To use it do the following:
wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
chmod +x /usr/local/bin/ufw-docker
ufw-docker install
Allow tailscale VPN to all docker containers
This is based on the issue HERE
ufw route allow from 100.64.0.0/10 to any
You should now be good to accept anything from the tailscale network
This is how to get the Windows client with headscale. I’m happy to finaly get it working.
Headscales docs are HERE, but I’m adding some more info since I wasn’t able to get it to work the first time
If you’ve already installed tailscale on the machine make sure to delete the C:\Users\<USERNAME>\AppData\Local\Tailscale directory
Download the Official Windows Client HERE and install it.
You can either do option A or B Option A Manually edit the registry
If you’re wanting to stream HDHomeRun channel to your own OwnCast server
I’m using Debian like everything else I do
apt install -y ffmpeg
ffmpeg -i "http://IP_OF_HDHR:5004/auto/vCH.N" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv rtmps://OWNCAST_URL:PORT/live/STREAM_KEY
You can now go to your owncast URL and it should be streaming
SystemD Service
nano /etc/systemd/system/hdhomerun-stream.service
[Unit] Description=HDHR Daemon After=network.target [Service] User=plex EnvironmentFile=-/etc/default/hdhomerun Group=plex Type=simple wExecStart=/usr/bin/ffmpeg -i "${CHANNEL}" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv "${URL}:${PORT}/live/${KEY}" Restart=on-failure [Install] WantedBy=multi-user.
Call Forwarding using TwiML Bins
Login to your account at Twilio. Create TwiML Bin HERE Add a Friendly Name and some TwiML, and then click create. (create a friendly name) Paste the example into the box <Response> <Dial> +12345559876 </Dial> </Response> | replace 2345559876 with your phone number Configure this TwiML bin on your Twilio number HERE Go to Voice & Fax Accept Incoming Voice Calls Configure With Webhook, TwiML Bin, Function, Studio Flow, Proxy Service A Call Comes In TwiML Bin Choose the TwiML Bin you created earlier Lookup up numbers with Twilio API and get a nice pretty JSON output.
By default the prefix is Ctrl+B for tmux
How to save pane to file Use prefix + :
We need to puts those lines into a buffer by typing in capture-pane -S -150 | Replace -150 with however many lines you’d like to save, or - for all lines.
Hit return (enter)
Now we have to save the buffer to a file by doing the following prefix + :
Type in save-buffer filename.
Here is a bash script I use to update DDNS with CloudFlare, I could use ddclient, but I like this it works for me
apt -y install dnsutils jq curl
#!/usr/bin/env bash # A bash script to update a Cloudflare DNS A record with the external IP of the source machine # Used to provide DDNS service for my home # Needs the DNS record pre-creating on Cloudflare ## Based on https://gist.
RIGHT NOW GITEA KEEPS LOGGED IN AS FIRST USER SO IT’S NOT PERFECT, THERE’S A KNOWN ISSUE We need to update the logout button to the authentik logout URL: wget -O /var/lib/gitea/custom/templates/base/head_navbar.tmpl https://raw.githubusercontent.com/go-gitea/gitea/main/templates/base/head_navbar.tmpl
Replace the old logout URL with the new: sed -i 's#/user/logout#/akprox/sign_out#g' /var/lib/gitea/custom/templates/base/head_navbar.tmpl
I did notice when replacing the URL to logout it doesn’t directly log you out, but will be logged out next time you try to do anything Now it’s time to config gitea; nano /etc/gitea/app.
nano /etc/grafana/grafana.ini
[auth.proxy] # Defaults to false, but set to true to enable this feature enabled = true # HTTP Header name that will contain the username or email header_name = X-authentik-username # HTTP Header property, defaults to `username` but can also be `email` header_property = username # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. auto_sign_up = false # Define cache time to live in minutes # If combined with Grafana LDAP integration it is also the sync interval sync_ttl = 60 # Limit where auth proxy requests come from by configuring a list of IP addresses.
First you can download the intstaller for rpiboot for Windows from github at HERE
Then I always prefer Debian which can be found HERE
I’m using the DF Robot Router Board from HERE
Huge shoutout and thanks to Jeff Geerling for the board.
To get the CM4 into rpiboot mode you have to switch the little switch on the DF Robot Board labeled RPIBOOT to 1
Now you have to install the program, then open up rpiboot and let it do it’s thing then it’ll be mounted
Here’s a quick rundown of how usenet works:
The three things required are a server, indexer, and downloaders.
Server: Where you download the articles from. (Eweka, SuperNews)
Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB)
Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd)
Arr software searches via the indexer which then sends the .nzb file to the downloader.
Client DNS If you don’t want to use magic DNS like myself. I was having issues with it so I did this.
Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers
function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
Here I will walk you through setting up Headscale
Create Directories
mkdir -p /opt/headscale/config /opt/headscale/bin
Install Reqs
apt install -y wireguard-tools nginx apt-transport-https
Generate Key
wg genkey > /opt/headscale/config/private.key
Download newest release from HERE
wget https://github.com/juanfont/headscale/releases/download/v0.15.0-beta5/headscale_0.15.0-beta5_linux_amd64 -O /opt/headscale/bin/headscale
Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc
Source the new PATH source ~/.bashrc
Create config Create a config in /opt/headscale/config/config.yml
nano config.yaml
--- # The url clients will connect to. # Typically this will be a domain.
I was trying to get an alias to work with a ProxyPass. This is pretty easy in NGiNX you just add locations where they need to be, but it appears in Apache/HTTPD you have to specify to ignore the location without the ProxyPass Module
The below needs to be added into your VirtualHost. This specific use was for the AppRise_API server
Alias "/s" "/opt/apprise/server/apprise_api/static" <Directory "/opt/apprise/server/apprise_api/static"> AllowOverride None Require all granted </Directory> ReWriteEngine on ProxyPassMatch ^/s !
Below is how to recieve toast-notifications for gotify on windows
We have to allow powershell scripts run set-executionpolicy remotesigned as admin in powershell
Install BurntToast in powershell. Open powershell as admin then type Install-Module -Name BurntToast it will ask some questions just hit yes to all of them
Download websocat_win64.exe from Github HERE
Below is the script
param ($domain="p.domain.com", $token="AAAAAAAA") C:\Users\user\Downloads\websocat_win64.exe "wss://$domain/stream?token=$token" | %{ convertfrom-json $_ } | where-object {$_.
This tutorial assumings the set up below
NGINX CLEARWEB (web site hosted via SSL port 443) -> NGINX (reverse proxy for HTTPS website, converts website to HTTP and rewrites all 'DOMAIN.COM' to new .ONION address) -> TOR PROXY SERVICE
Install Tor
apt install tor
Configure Tor
nano /etc/tor/torrc
Add the lines below to the file above
HiddenServiceDir /var/lib/tor/domain.com/ HiddenServicePort 80 127.0.0.1:4879 Find Tor hostname
cat /var/lib/tor/domain.com/hostname
Now it’s time to configure NGiNX
The following is for Windows
Download Putty
Choose serial and select the COM? you can find the com number from device manager under [Ports (COM & LPT)]
Now that we have a serial connection go ahead and plug in the netinstall iso usb drive created using Rufus from Debian website
hit tab to enter cmd to boot
remove quiet after the --- and replace with console=ttyS0,115200n8 example below. This will make the installer use the serial port
Install exiftool apt install -y exiftool
Use EXIFTOOL If you want to loop thru folder (this assumes no spaces in file names) for a in *.jpg; do exiftool -all= "${a}"; done
If you want to only do a specific file do exiftool -all= file.jpg
HERE is the script that you can add to cron. Don’t forget to update the file with your influx creds and provisioned upload/download.
mkdir /root/scripts wget https://leffler.tech/uploads/2021/09/28/speedtest2influx.sh -O /root/scripts/speedtest2influx.sh echo '0 * * * * root /root/scripts/speedtest2influx.sh' >> /etc/cronab HERE is the json for the dashboard
Here is a quick rundown on how to make a simple Debian box into a router Removed un-needed items
apt purge iptables
Install required items
apt install bridge-utils firewalld dnsmasq
Enable IP Forwarding
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
Find NICs
ip a to find the NICs
Now we create the bridge. This is assuming your device has three NICs and you want two for LAN and one for WAN
nano /etc/network/interfaces