N5095 iGPU
First we need to find the iGPU type
lspci | grep VGA
This should return something like 00:02.0 VGA compatible controller: Intel Corporation Device 4e55 (rev 01)
Add the following to /etc/modprobe.d/i915.conf, replace 4e55 with your type
options i915 enable_guc=3 options i915 force_probe=4e55 Now to we need to rebuild the initramfs to add the above
update-initramfs -u
Install the required firmware files
You need to enable the non-free source
apt install -y firmware-misc-nonfree intel-media-va-driver-non-free
Proxmox Fun
A few fun tips for Proxmox
How to migrate VM to new host not in cluster Create NFS share on a system
Add NFS share as backup endpoint on new and old server
Run a backup of the system you want to migrate, I shut the VM down, but it’s no needed
On new host go to the NFS storage in the GUI and go to backups
You will see the backed up data
rsync Fun
Only copy specific file extentions in folder
rsync -a --include '*/' --include '*.mp3' --exclude '*' source/ target/
Speed up rsync over SSH without needed to change any configs. arcfour is faster, but no longer enabled by default meanwhile aes128-ctr is
rsync -avhP -e "ssh -c aes128-ctr" /src/ user@ip:/dst/
rsync ssh with non standard port
rsync -avhP -e "ssh -p number" /src/ user@ip:/dst/
rsync ssh with non standard port and show full progress
Headscale with Android
I based this post on HERE
Just for reference, the things I did to make it work:
git clone https://github.com/tailscale/tailscale-android.git
nano tailscale-android/cmd/tailscale/backend.go
change:
func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) return b.backend.Start(ipn.Options{ StateKey: "ipn-android", }) } to:
func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) prefs := ipn.NewPrefs() prefs.ControlURL = "https://myheadscale.domain.com" opts := ipn.Options{ StateKey: "ipn-android", UpdatePrefs: prefs, } return b.backend.Start(opts) } nano Dockerfile
Add the below to the file:
SystemD Fun
Show logs from when systemd service last restarted. (This needs systemd > v232)
journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value SERVICE_NAME.service) | head -n15
NFS Mount with NFS and /etc/fstab
From all of my reading over the years it’s always been said to add _netdev to the /etc/fstab mount, but that never worked for me. After more reading it appears that was for SystemV which is dead. I figured it out after much Googleing.
Headscale with Windows
This is how to get the Windows client with headscale. I’m happy to finaly get it working.
Headscales docs are HERE, but I’m adding some more info since I wasn’t able to get it to work the first time
If you’ve already installed tailscale on the machine make sure to delete the C:\Users\<USERNAME>\AppData\Local\Tailscale directory
Download the Official Windows Client HERE and install it.
You can either do option A or B Option A Manually edit the registry
WP-Cli Tips and tricks
Install wp-cli curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
php wp-cli.phar --info
chmod +x wp-cli.phar
mv wp-cli.phar /usr/local/bin/wp
Install new wordpress domain using wp-cli Make sure directory has permisisons for web user
cd "WEB_DIRECTORY"
sudo -u www-data wp core download
sudo -u www-data wp config create --dbname=DATABASE_NAME --dbuser=DATABASE_USER --dbpass=DATABASE_PASSWORD --dbhost=DATABASE_HOST
sudo -u www-data wp core install --url=URL_INCLUDING_HTTPS --title=SITE_TITLE --admin_user=ADMIN_USERNAME --admin_password=ADMIN_PASSWORD --admin_email=ADMIN_EMAIL --skip-email
sudo -u www-data wp plugin delete 'hello'
sudo -u www-data wp plugin delete 'akismet'
FFMPEG/OwnCast/HDHomeRun
If you’re wanting to stream HDHomeRun channel to your own OwnCast server
I’m using Debian like everything else I do
apt install -y ffmpeg
ffmpeg -i "http://IP_OF_HDHR:5004/auto/vCH.N" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv rtmps://OWNCAST_URL:PORT/live/STREAM_KEY
You can now go to your owncast URL and it should be streaming
SystemD Service
nano /etc/systemd/system/hdhomerun-stream.service
[Unit] Description=HDHR Daemon After=network.target [Service] User=plex EnvironmentFile=-/etc/default/hdhomerun Group=plex Type=simple wExecStart=/usr/bin/ffmpeg -i "${CHANNEL}" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv "${URL}:${PORT}/live/${KEY}" Restart=on-failure [Install] WantedBy=multi-user.
tmux Fun
By default the prefix is Ctrl+B for tmux
How to save pane to file Use prefix + :
We need to puts those lines into a buffer by typing in capture-pane -S -150 | Replace -150 with however many lines you’d like to save, or - for all lines.
Hit return (enter)
Now we have to save the buffer to a file by doing the following prefix + :
Type in save-buffer filename.
Autorestic Fun
Install autorestic with the below
curl https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
Now we install the config with the below
cat <<EOF > /root/.autorestic.yml version: 2 global: forget: keep-daily: 5 keep-weekly: 15 keep-monthly: 15 backends: storj: type: s3 path: https://gateway.us1.storjshare.io/bucket.name.here env: aws_access_key_id: aws_secret_access_key: backblaze: type: s3 path: https://s3.us-west-002.backblazeb2.com/bucket-name-here env: aws_access_key_id: aws_secret_access_key: locations: root: from: - / to: - storj - backblaze options: backup: exclude: - /dev - /media - /mnt - /proc - /run - /sys - /tmp - /var/tmp - /var/lib/mysql - /swap* EOF Now autorestic is installed
DynamicDNS with Cloudflare bash
Here is a bash script I use to update DDNS with CloudFlare, I could use ddclient, but I like this it works for me
apt -y install dnsutils jq curl
#!/usr/bin/env bash # A bash script to update a Cloudflare DNS A record with the external IP of the source machine # Used to provide DDNS service for my home # Needs the DNS record pre-creating on Cloudflare ## Based on https://gist.
Gitea Auth using Authentik Proxy Outpost
RIGHT NOW GITEA KEEPS LOGGED IN AS FIRST USER SO IT’S NOT PERFECT, THERE’S A KNOWN ISSUE We need to update the logout button to the authentik logout URL: wget -O /var/lib/gitea/custom/templates/base/head_navbar.tmpl https://raw.githubusercontent.com/go-gitea/gitea/main/templates/base/head_navbar.tmpl
Replace the old logout URL with the new: sed -i 's#/user/logout#/akprox/sign_out#g' /var/lib/gitea/custom/templates/base/head_navbar.tmpl
I did notice when replacing the URL to logout it doesn’t directly log you out, but will be logged out next time you try to do anything Now it’s time to config gitea; nano /etc/gitea/app.
Grafana Auth using Authentik Proxy Outpost
nano /etc/grafana/grafana.ini
[auth.proxy] # Defaults to false, but set to true to enable this feature enabled = true # HTTP Header name that will contain the username or email header_name = X-authentik-username # HTTP Header property, defaults to `username` but can also be `email` header_property = username # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. auto_sign_up = false # Define cache time to live in minutes # If combined with Grafana LDAP integration it is also the sync interval sync_ttl = 60 # Limit where auth proxy requests come from by configuring a list of IP addresses.
Rundeck fun
nano docker-compose.yaml
version: '3' services: rundeck: image: 'rundeck/rundeck:3.4.8' restart: unless-stopped environment: RUNDECK_GRAILS_URL: 'https://rundeck.domain.com' RUNDECK_SERVER_FORWARDED: 'true' RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver RUNDECK_DATABASE_USERNAME: rundeck RUNDECK_DATABASE_PASSWORD: rundeck RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false ports: - 127.0.0.1:4440:4440 volumes: - ./data/data:/home/rundeck/server/data - ./data/projects:/home/rundeck/projects - ./data/realm.properties:/home/rundeck/server/config/realm.properties depends_on: - "mysql" mysql: image: mysql:5.7 restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=rundeck - MYSQL_USER=rundeck - MYSQL_PASSWORD=rundeck volumes: - ./data/db:/var/lib/mysql First you’ll want to comment out - ./data/realm.properties:/home/rundeck/server/config/realm.properties then docker exec -it rundeck_rundeck_1 cat /home/rundeck/server/config/realm.properties > ./data/realm.properties to get the file.
Usenet Basics
Here’s a quick rundown of how usenet works:
The three things required are a server, indexer, and downloaders.
Server: Where you download the articles from. (Eweka, SuperNews)
Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB)
Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd)
Arr software searches via the indexer which then sends the .nzb file to the downloader.
Headscale Notes
Client DNS If you don’t want to use magic DNS like myself. I was having issues with it so I did this.
Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers
function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
How to set up Headscale
Here I will walk you through setting up Headscale
Create Directories
mkdir -p /opt/headscale/config /opt/headscale/bin
Install Reqs
apt install -y wireguard-tools nginx apt-transport-https
Generate Key
wg genkey > /opt/headscale/config/private.key
Download newest release from HERE
wget https://github.com/juanfont/headscale/releases/download/v0.15.0-beta5/headscale_0.15.0-beta5_linux_amd64 -O /opt/headscale/bin/headscale
Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc
Source the new PATH source ~/.bashrc
Create config Create a config in /opt/headscale/config/config.yml
nano config.yaml
--- # The url clients will connect to. # Typically this will be a domain.
Apaches Alias with ProxyPass
I was trying to get an alias to work with a ProxyPass. This is pretty easy in NGiNX you just add locations where they need to be, but it appears in Apache/HTTPD you have to specify to ignore the location without the ProxyPass Module
The below needs to be added into your VirtualHost. This specific use was for the AppRise_API server
Alias "/s" "/opt/apprise/server/apprise_api/static" <Directory "/opt/apprise/server/apprise_api/static"> AllowOverride None Require all granted </Directory> ReWriteEngine on ProxyPassMatch ^/s !
Get toast notifications in windows for gotify
Below is how to recieve toast-notifications for gotify on windows
We have to allow powershell scripts run set-executionpolicy remotesigned as admin in powershell
Install BurntToast in powershell. Open powershell as admin then type Install-Module -Name BurntToast it will ask some questions just hit yes to all of them
Download websocat_win64.exe from Github HERE
Below is the script
param ($domain="p.domain.com", $token="AAAAAAAA") C:\Users\user\Downloads\websocat_win64.exe "wss://$domain/stream?token=$token" | %{ convertfrom-json $_ } | where-object {$_.
Proxy website through NGiNX to get on the TOR network
This tutorial assumings the set up below
NGINX CLEARWEB (web site hosted via SSL port 443) -> NGINX (reverse proxy for HTTPS website, converts website to HTTP and rewrites all 'DOMAIN.COM' to new .ONION address) -> TOR PROXY SERVICE
Install Tor
apt install tor
Configure Tor
nano /etc/tor/torrc
Add the lines below to the file above
HiddenServiceDir /var/lib/tor/domain.com/ HiddenServicePort 80 127.0.0.1:4879 Find Tor hostname
cat /var/lib/tor/domain.com/hostname
Now it’s time to configure NGiNX
Install Debian using RS232 serial cable
The following is for Windows
Download Putty
Choose serial and select the COM? you can find the com number from device manager under [Ports (COM & LPT)]
Now that we have a serial connection go ahead and plug in the netinstall iso usb drive created using Rufus from Debian website
hit tab to enter cmd to boot
remove quiet after the --- and replace with console=ttyS0,115200n8 example below. This will make the installer use the serial port
Simple router using Debian and Firewall-cmd as a base
Here is a quick rundown on how to make a simple Debian box into a router Removed un-needed items
apt purge iptables
Install required items
apt install bridge-utils firewalld dnsmasq
Enable IP Forwarding
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
Find NICs
ip a to find the NICs
Now we create the bridge. This is assuming your device has three NICs and you want two for LAN and one for WAN
nano /etc/network/interfaces
Storj Non-Docker using SystemD
This is just basic hints, not a full guide This assumes you have some basic linux knowledge Download identity and storagenode from github (I like to download these things to /opt/storj/)
Create auth token HERE
Create identity HERE (This took about 4 hours on my node | E3-1280 V2)
storagenode setup. This will create config file and other needed files in ~/.local/share/storj/storagenode/config.yaml and ~/.local/share/storj/storagenode/storage
Now you need to edit ~/.local/share/storj/storagenode/config.yaml and make changes as needed (wallet, identity files and data storage locations, email, storage size)
How to create keystrokes on Debian
This is very useful when working with VPSes where you can’t paste into the VNC connection (maybe I’m doing something wrong and you can?).
Below is a quick piece of code I use. This should be ran as the user and not root. This sleeps for 5 seconds so you can navigate to where you need.
sleep 5s; xdotool type CODE_TO_TYPE_HERE
This is very easy and simple, but since I just switched to Debian full time from Windows it was a nice/easy way.
Fix battery drain while sleeping with laptop
I recnetly decided to switch to Debian full time for my personal laptop (Lenovo Thinkpad X1 Yoga Gen 3), after using it for a week or so I noticed that when I closed the lid it would die after less than a day. After some googleing I found the answer and they are below.
I also noticed that the machine never seemed to wake up like it did on Windows (just open it and it should come alive), after switching over to deep_sleep it fixed that issue.
dd Tricks
Here’s a couple tips and tricks while using dd on Linux
You can view the status of an on-going dd command (I always forget to run with progress or the version you’re using doesn’t have it)
You will need another terminal window. Not a problem for me as I always use tmux, some people say screen it better. Find PID of dd process -> ps aux | grep -v grep | grep dd
Sudo Fun
I always add a file into /etc/sudoers.d/, just remeber the last entry is trump, so it can overturn the first entries.
Because of this I always like to name the files like below.
/etc/sudoers.d/999_nick /etc/sudoers.d/001_rick /etc/sudoers.d/111_slick-rick /etc/sudoers.d/222_slick-nick This means if there’s an entry in 999_nick that conficts with any of the others it will trump the other configs.
This is how to run without password and only specific program, this is useful, for example my telegraf config when it has to run an exec, but the telegraf user doesn’t have perms.
Pleroma with Backblaze-B2 behind Cloudflare CDN
Make sure Backblaze is working with Cloudflare. This can be found HERE
Uncomment out the below. I made my Backblaze URL s3.DOMAIN.COM
nano /etc/pleroma/config.exs
# Configure S3 support if desired. # The public S3 endpoint (base_url) is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # config :pleroma, Pleroma.Upload, uploader: Pleroma.Uploaders.S3, base_url: "https://s3.DOMAIN.COM/file" # config :pleroma, Pleroma.Uploaders.S3, bucket: "BUCKET_NAME", # bucket_namespace: "my-namespace", # truncated_namespace: nil, streaming_enabled: true, strip_exif: true # # Configure S3 credentials: config :ex_aws, :s3, access_key_id: "0000000000000000000000000", secret_access_key: "AAAAAAAAAAAAAAAAAAAAA", # region: "us-west-002", scheme: "https://" # # For using third-party S3 clones like wasabi, also do: config :ex_aws, :s3, host: "s3.
Full system backup with restic and minio
Minio Install mkdir /opt/minio cd /opt/minio wget https://dl.min.io/server/minio/release/darwin-amd64/minio wget https://dl.min.io/client/mc/release/linux-amd64/mc chmod +x mc minio echo 'PATH="${PATH}:/opt/minio"' >> /root/.bashrc useradd minio mkdir -p /data/minio chown minio: -R /opt/minio /data/minio Configure Systemd service nano /etc/systemd/system/minio.service
Paste the following in the above file
# https://github.com/minio/minio-service/tree/master/linux-systemd [Unit] Description=MinIO Documentation=https://docs.min.io Wants=network-online.target After=network-online.target AssertFileIsExecutable=/opt/minio/minio [Service] WorkingDirectory=/opt/minio User=minio Group=minio EnvironmentFile=/etc/default/minio ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi" ExecStart=/opt/minio/minio server $MINIO_OPTS $MINIO_VOLUMES # Let systemd restart this service always Restart=always # Specifies the maximum file descriptor number that can be opened by this process LimitNOFILE=65536 # Specifies the maximum number of threads this process can create TasksMax=infinity # Disable timeout logic and wait until process is stopped TimeoutStopSec=infinity SendSIGKILL=no [Install] WantedBy=multi-user.
Channels DVR with Pluto and Philo installed on Debian 10
Below I will be writing how to install and configure Channels DVR with Pluto using Pluto4Channels and Philo using TV Everywhere on Debian 10
First install ChannelsDVR, I will be doing this on Linux. This does work on RaspberryPi which is awesome useradd channels-dvr
cd /opt
This will install the ChannelsDVR in the current folder and install the systemd service curl -f -s https://getchannels.com/dvr/setup.sh | sh
chown channels-dvr: -R /opt/channels-dvr
Compile vaultwarden from souce with mysql support
I did a massive bitwarden_rs to vaultwarden rename so you might have to do a little different then what this says!!
Here is how to install vaultwarden on Debian 10 with MYSQL support Below I will be writing how to install and configure vaultwarden to work with MYSQL without the need for Docker.
Install required softwre Not everything below is required, but I like to install it anyway apt install -y tmux tmux apt install -y build-essential git pkg-config libssl-dev libmariadb-dev-compat libmariadb-dev htop curl wget Install Rust curl --proto '=https' --tlsv1.
Basic InfluxDB CheatSheet
Here is a basic cheatsheet for InfluxDB I’ve learned from playing with the TIG stack
How to find the hosts in the series. You run the below command and just go through the list to find the host you want to delete. You can delete with what you know the host is, but his is nice because it will insure there wasn’t a typo
WHERE "host" = 'DESKTOP-NAME'
Here is how you actually drop the data from the DB that way it’s not displayed in Grafana anymore
DroneCI behind NGiNX reverse proxy
This so far has been working for me to have DroneCI behind an NGiNX reverse proxy working with Gitea
NGiNX Code nano /etc/nginx/sites-available/droneci.domain.com
ln -s /etc/nginx/sites-available/droneci.domain.com /etc/nginx/sites-enabled
upstream droneci { server 127.0.0.1:8080; } server { server_name droneci.domain.com drone.domain.com; listen 443 ssl http2; ssl_certificate /etc/certs/droneci.domain.com/fullchain.crt; ssl_certificate_key /etc/certs/droneci.domain.com/key; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host droneci.domain.com; proxy_pass http://droneci; proxy_redirect off; proxy_http_version 1.1; proxy_buffering off; chunked_transfer_encoding off; } } Here is the code for the docker container docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_GITEA_SERVER="https://git.
Autostart Tdarr via systemd
The folowing are the systemd units locations and content
nano /etc/systemd/system/tdarr-node.service
[Unit] Description=Tdarr Node Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Node ExecStart=/opt/tDarr/Tdarr_Node/Tdarr_Node TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/tdarr-server.service
[Unit] Description=Tdarr Server Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Server ExecStart=/opt/tDarr/Tdarr_Server/Tdarr_Server TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/tdarr-node.service
[Unit] Description=Tdarr Node Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Node ExecStart=/opt/tDarr/Tdarr_Node/Tdarr_Node TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target Now to enable everything you can type the following.
Default user for WSL OS on Windows 10
1. Open a command prompt or PowerShell. (You shouldn’t run as admin since this is based for the specific user).
2. Copy and paste the command below into the command prompt or PowerShell for the .exe file of the WSL distro name (ex: “Debian”) you want to set the default user for, and press Enter. (You can replace root with any user you’d like)
[Ubuntu] > ubuntu config --default-user root
Send email using postfix
There’s many times when I want to send an email for testing using postfix and I can never remember how to do it. Here is how.This is super useful to make sure your SMTP relay thru AWS/Postmark is working as it should. Then you can tail /var/log/mail.log to see if it worked or if it got rejected for whatever reason.
First type the following to start sendmail
sendmail [email protected] Now we can type in or paste the following
Multi-Domain SSL Setup with “Subject Alternative Names”
Here’s how to create a cert/csr with more than one domain name.
First you’ll want to create the directory. I use NGiNX so I like to put my certs in /etc/nginx/ssl, but you can put yours anywhere So now we will create the directory mkdir /etc/nginx/ssl/domainName Now we will cd into the directory cd /etc/nginx/ssl/domainName Now we will paste the following in the sslConfig.txt file.
[req] default_bits = 4096 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C=US ST=YOURstateHERE L=YOURcityHERE O=YOURorgNAMEhere CN = YOURmainDOMAINhere [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.
Change username for cPanel user
Unfortunately it doesn’t appear cPanel allows you to easily change the username. Most documentation I’ve read says to use the “Rearrange an Account” option, but if you only have one disk that doesn’t seem to get you an option. The downside to this is that is doesn’t fully do a normal restore it will restore the new account to the new directory, but it will symlink the old username to the new directory.
Acme.sh with NGiNX
First you have to install acme.sh. I like using acme.sh because it’s all bash based. As with all posts I take no responsibility for anything and this is more of a quick help instead of a full guide.
I have a script that I use to deploy my WordPress sites. The only thing I recommend is if you use it make sure to add the xml-rpc.php block. I haven’t added that to it yet.
Auto Expand last partition using parted
I was having issues finding the correct way to add the remaining free space to the last partition (afraid to do so since it was on a live machine). I was finally able to figure it out.
Use this to see free space
parted /dev/sdX print free Then this to expand
parted /dev/sdX (parted) resizepart Partition number? ENTER NUMBER FROM ABOVE THAT HAS THE LVM End? [1075MB]? 100% (parted) q Then now since this was on a server that uses LVM you have to resize the PV
Xiaomi Aqara ZHA Home Assistant
This is how to use the Xiaomi Aqara Wireless Double Button without the Xiaomi Home Hub (A ZIGBEE STICK IS STILL REQUIRED) using ZHA in Home Assistant. Other devices just work without any hard to find IDs.
ADD DEVICE TO ZHA
Go to “Configuration”
Then “ZHA”
Hit “Add Devices”
Hold down left switch while lights are blinking until the left light blinks and stops
You can now name your button and hit the back button in the upper left hand corner
NextCloud with Apache behind NGINX reverse proxy on CentOS
This is probably useful to figure out how to reverse proxy Apache behind NGINX, but I was finally able to get NextCloud working on NGINX with no problem I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX.
Static IP KVM Guest
Copied from Here
If you don’t want to do any configuration inside the guest, then the only option is a DHCP server that hands out static IP addresses. If you use bridge mode, that will probably be some external DHCP server. Consult its manual to find out how to serve static leases.
But at least in forward modes nat or route, you could use libvirt’s built-in dnsmasqd (More recent versions of libvirtd support the dnsmasq’s “dhcp-hostsfile” option).
MySQL/MariaDB Not Securing
mysql_secure_installation doesn’t seem to work on the newest Debain
After some googling I think I found what works for me.
Delete anon user
DELETE FROM mysql.user WHERE User=’';
delete non local root user
DELETE FROM mysql.user WHERE User=‘root’ AND Host NOT IN (’localhost’, ‘127.0.0.1’, ‘::1’);
drop test database
DROP DATABASE IF EXISTS test;
drop all other root users
drop user ‘root’@’localhost’;
drop user ‘root’@‘127.0.0.1’;
drop user ‘root’@’::1’;
create a new root user with password
Mail Server
I ended up switching to modoboa. I’ve been very happy with it on ServerCheap. I finally set up my own mail server using a couple guides. Just putting this here for my memory. Thank you to the great people who write amazing blogs.
How to set up the server
When put behind cloudflare you need to add the bellow to /etc/nginx/nginx.conf in the http { location
# CF set real ip set_real_ip_from 103.
Disable SuperMicro IPMI ADMIN user
Disable ADMIN user Before doing this bit you may wish to check that the new user you added works for everything you need it to. Those things might include:
ssh to [email protected] Log in on web interface at https://192.168.1.22/ Various ipmitool commands like querying power status:$ ipmitool -I lanplus -H 192.168.1.22 -U somename -a power status Password: Chassis power is on If all of that is okay then you can disable ADMIN:
CloudFlare with nginx and plex
Add the following to the http in /etc/nginx/nginx.conf. This tells nginx where the actually IP is coming from instead of showing as cloudflare.
# CF set real ip set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; # use any of the following two real_ip_header CF-Connecting-IP; #real_ip_header X-Forwarded-For; This is the reverse proxy file /etc/nginx/sites-available/plex.
IPTables Fun
I found these scripts years ago and decided to use them. I might as well share them
First the ipset and iptables need to be installed
apt install iptables ipset Now we need to create the ipset lists
ipset create drop hash:net ipset create allowHTTPS hash:net ipset create allowSSH hash:net ipset create directHTTPS hash:net ipset create google hash:net script to update files and countries. If you go to the ipdeny site you can find which countries you can add.
Install FusionIO ioDrive2 on Debian
If using Debian 10 you’ll have to use the github VSL. I just started using it, I will update if there’s issues. HERE’S the link.
Now we need to make the module be loaded.
mkdir /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem cd root/usr/src/iomemory-vsl-3.2.16 cp iomemory-vsl.ko /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem Now we need to add it to be loaded on bootup
nano /etc/modules Paste iomemory_vsl into the /etc/modules file. ``
First go to LINK and download the needed items I also have a copy that I downloaded HERE.
How to enable vlans on Debian 9
I just did this on Debian 9, it might work on older versions and more than likely Ubuntu
Do everything as root: sudo su -
Install vlan package: apt-get install vlan
Load 8021q module: modprobe 8021q
Add 8021q module at bootup: echo 8021q | sudo tee -a /etc/modules
Make sure it is in the file: cat /etc/modules
Now we need to edit the interfaces file: nano /etc/network/interfaces
There will probably be something like below
UEFI CloneZilla
When cloning using clonezilla I notice sometimes if the PC was using UEFI it wouldn’t clone. After some googleing I was able to find a post that mentioned you had to manually copy over the bootloader. It is very simple to do. Once booted into CloneZilla you enter shell instead of the normal start. Once in the shell you’re going to become root. sudo su. Once you’re root you going to type the following command.
How to use SSH keys
create public and private keys. You can just hit enter or change the options.
ssh-keygen -t rsa Now we need to copy our public key to the servers authorized keys
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys" Now once you’ve completed teh above you should just be able to ssh to the remote host.
If you want to be able to ssh as root.
Add Linux Mint to Active Diretory
First we are going to become root
sudo su Next we are going to join the realm. This should installed everything needed after you run the command below
realm join domain.com --user domainadmin Permit all users to log in.
realm permit --all Add user group as root
nano /etc/sudoers Paste into above file
%groupname@domain ALL=(ALL:ALL) ALL Allow sssd to create user directory
nano /etc/pam.d/common-session Paste into above file
session optional pam_mkhomedir.
Useful Scripts
for f in *; do cd $f; mv * ..; cd ..; rmdir $f; done find . -type f ! -iname "*.mp4" ! -iname "*.jpg" ! -iname "*.wmv" ! -iname "*.mkv" ! -iname "*.mpg" ! -iname "*.avi" ! -iname "*.m4v" sed 's#^#what to add to begging of line#' oldfile > newfile sed 's#$#text to add to end of line#' oldfile > newfile mkvmerge -o <output>.mkv –default-track 0 –language 0:eng <subtitles>.srt input find .
Docker and IP-Tables
Over the weekend I got attacked. I realized the cause of this was because I rebooted my server and the docker IPTables rules overwrote the IPTables-Persistent rules I had. After realizing this was the case I uninstalled docker since I wasn’t using it and while I was making firewall changes I set up ipset to block most foreign countries. I also removed IPTables-Persistent and instead just added the post up to the /etc/network/interfacespost-up ipset restore < /etc/iptables/ipset.
Install KodExplorer
How I installed KodExplorer.
This is running on Debian 8.1. Things might be different on whatever OS/Version you’re running. I am by no means a pro. This is pieced together from everything I’ve learned.
You first have to install nginx and php
apt install ngnix php5-fpm git if it’s a newer version of debian or ubuntu you might have to run apt install php7-fpm
mkdir -p /etc/nginx/ssl/site.com cd /etc/nginx/ssl/site.com Fill out the info the next step asks.
Make nginx return 403 error when accessing non defined sites or direct IP
I was running into an issue where when people would go to the IP of my server or a domain was pointed at my server and the domain wasn’t configured in NGINX it would for some reason redirect to one of my domains when I didn’t want it to. Below is the config block that I added to a file. This make NGINX return a 403 error when accessing the server via IP or an reconfigured domain.