Rundeck fun

nano docker-compose.yaml version: '3' services: rundeck: image: 'rundeck/rundeck:3.4.6' restart: unless-stopped environment: RUNDECK_GRAILS_URL: 'https://rundeck.domain.com' RUNDECK_SERVER_FORWARDED: 'true' RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver RUNDECK_DATABASE_USERNAME: rundeck RUNDECK_DATABASE_PASSWORD: rundeck RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false ports: - 127.0.0.1:4440:4440 volumes: - ./data/data:/home/rundeck/server/data - ./data/projects:/home/rundeck/projects - ./data/realm.properties:/home/rundeck/server/config/realm.properties depends_on: - "mysql" mysql: image: mysql:5.7 restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=rundeck - MYSQL_USER=rundeck - MYSQL_PASSWORD=rundeck volumes: - ./data/db:/var/lib/mysql First you’ll want to comment out - ./data/realm.properties:/home/rundeck/server/config/realm.properties then docker exec -it rundeck_rundeck_1 cat /home/rundeck/server/config/realm.properties > .
MORE →

Usenet Basics

Here’s a quick rundown of how usenet works: The three things required are a server, indexer, and downloaders. Server: Where you download the articles from. (Eweka, SuperNews) Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB) Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd) Arr software searches via the indexer which then sends the .
MORE →

How to get systemd on WSL2

MORE →

Headscale Notes

Client SSS If you don’t want to use magic DNS like myself. I was having issues with it so I did this. Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
MORE →

How to set up Headscale

Here I will walk you through setting up Headscale Create Directories mkdir -p /opt/headscale/config /opt/headscale/bin Install Reqs apt install -y wireguard-tools nginx apt-transport-https Generate Key wg genkey > /opt/headscale/config/private.key Download newest release from HERE wget https://github.com/juanfont/headscale/releases/download/v0.10.8/headscale_0.10.8_linux_amd64 -O /opt/headscale/bin/headscale Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc Source the new PATH source ~/.bashrc Download darp file wget https://raw.
MORE →

Apaches Alias with ProxyPass

I was trying to get an alias to work with a ProxyPass. This is pretty easy in NGiNX you just add locations where they need to be, but it appears in Apache/HTTPD you have to specify to ignore the location without the ProxyPass Module The below needs to be added into your VirtualHost. This specific use was for the AppRise_API server Alias "/s" "/opt/apprise/server/apprise_api/static" <Directory "/opt/apprise/server/apprise_api/static"> AllowOverride None Require all granted </Directory> ReWriteEngine on ProxyPassMatch ^/s !
MORE →

Use Gotify CLI with just curl and jq

Install Reqs apt install -y curl jq Add to bashrc file nano ~/.bashrc function gotify() { if [[ -z "$1"] || -z "$2" || -z "$3" ]]; then echo echo "Usage: gotify [title] [message] [priority]"; echo else source /etc/gotify.conf URL="${URL}/message?token=${TOKEN}" command=$(curl -s "${URL}" -F "title=${1}" -F "message=${2}" -F "priority=${3}" | jq '.id') && echo "Sent with ID: ${command}" unset URL; unset TOKEN fi } Add config nano /etc/gotify.
MORE →

Get toast notifications in windows for gotify

Below is how to recieve toast-notifications for gotify on windows We have to allow powershell scripts run set-executionpolicy remotesigned as admin in powershell Install BurntToast in powershell. Open powershell as admin then type Install-Module -Name BurntToast it will ask some questions just hit yes to all of them Download websocat_win64.exe from Github HERE Below is the script param ($domain="p.domain.com", $token="AAAAAAAA") C:\Users\user\Downloads\websocat_win64.
MORE →

Proxy website through NGiNX to get on the TOR network

This tutorial assumings the set up below NGINX CLEARWEB (web site hosted via SSL port 443) -> NGINX (reverse proxy for HTTPS website, converts website to HTTP and rewrites all 'DOMAIN.COM' to new .ONION address) -> TOR PROXY SERVICE Install Tor apt install tor Configure Tor nano /etc/tor/torrc Add the lines below to the file above HiddenServiceDir /var/lib/tor/domain.com/ HiddenServicePort 80 127.0.0.1:4879 Find Tor hostname
MORE →

Install Debian using RS232 serial cable

The following is for Windows Download Putty Choose serial and select the COM? you can find the com number from device manager under [Ports (COM & LPT)] Now that we have a serial connection go ahead and plug in the netinstall iso usb drive created using Rufus from Debian website hit tab to enter cmd to boot remove quiet after the --- and replace with console=ttyS0,115200n8 example below.
MORE →

Speedtest-cli with Grafana, InfluxDB, and Telegraf

MORE →

Simple router using Debian and Firewall-cmd as a base

Here is a quick rundown on how to make a simple Debian box into a router Removed un-needed items apt purge iptables Install required items apt install bridge-utils firewalld dnsmasq Enable IP Forwarding sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf Find NICs ip a to find the NICs Now we create the bridge. This is assuming your device has three NICs and you want two for LAN and one for WAN
MORE →

HDHomeRun metrics using Grafana, InfluxDB, and Telegraf

MORE →

Blog Backend

How this blog is deployed ClearNet: gitea (main repo) -> metroline (custom hugo build container) -> github release (via custom container to clone from gitea and push to github) -> cloudflare pages (this is auto when there’s a commit in the github repo) TOR: gitea (main repo) -> metroline (custom hugo build container) -> rsync (custom container to push to web server) -> webserver (proxied via link HERE ) I had to do it this way since CloudFlare Pages only work with Github.
MORE →

Generate Wildcard cert with acme.sh

MORE →

Fix Nextcloud Issues

Below is how to fix the Your web server is not properly set up to resolve /.well-known/webfinger /.well-known/nodeinfo error if using NGiNX since everything else I could find was for Apache/HTTPD. Add the following to your NGiNX config file for nextcloud. Usualy found in /etc/nginx/sites-enabled/ or /etc/nginx/conf.d/ location = /.well-known/webfinger { return 301 $scheme://$host/index.php/.well-known/webfinger; } location = /.well-known/nodeinfo { return 301 $scheme://$host/index.php/.well-known/nodeinfo; } ACPu errors when doing stuff on the command line.
MORE →

Git fun

Here’s some simple things to do with git When updating a repo this is the simplest way to do it git config --global user.name FIRST_NAME LAST_NAME | this sets the person who made the commit (first/last name) git config --global user.email [email protected] | this sets the person who made the commit (email) git diff | this is the see any lines you’ve changed git status | this will show which branch your on and which files have changed (not the contents of the file like git diff, but just the files themselves)
MORE →

Restic systemd

init repo apt install -y restic export AWS_ACCESS_KEY_ID='KEY_ID_HERE' export AWS_SECRET_ACCESS_KEY='ACCESS_KEY_HERE' export RESTIC_REPOSITORY="REPO_HERE_IS_USE_MINIO" export RESTIC_PASSWORD='RANDOM_PASSWD_HERE' restic init Service time nano /etc/systemd/system/restic-backup.service [Unit] Description=restic Wants=restic.timer [Service] Type=oneshot User=root Group=root Environment=AWS_ACCESS_KEY_ID='KEY_ID_HERE' Environment=AWS_SECRET_ACCESS_KEY='ACCESS_KEY_HERE' Environment=RESTIC_REPOSITORY="REPO_HERE_IS_USE_MINIO" Environment=RESTIC_PASSWORD='RANDOM_PASSWD_HERE' ExecStartPre=/bin/bash -c '/usr/bin/mysqldump --defaults-file=/root/.my.cnf --all-databases > /opt/backup/mysqldump.sql' ExecStart=/bin/bash -c '/usr/bin/restic --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/var/tmp,/var/lib/mysql,/swap*} backup / && /usr/bin/restic forget --prune --keep-daily 5 --keep-weekly 15 --keep-monthly 15' ExecStartPost=/usr/bin/rm /opt/backup/mysqldump.sql [Install] WantedBy=multi-user.target Timer time nano /etc/systemd/system/restic-backup.timer [Unit] Description=restic Requires=restic.service [Timer] Unit=restic.service OnCalendar=daily AccuracySec=1h Persistent=true [Install] WantedBy=timers.
MORE →

perl/awk/sed/cut fun

sed With the last g all text is replaced not just the first Replace text inline using sed (does not work with symlinks) sed -i 's/TO_BE_REPLACED/NEW_TEXT/g' FILE_HERE Replace text output to stdout sed 's/TO_BE_REPLACED/NEW_TEXT/g' FILE_HERE awk Show specific column of line awk '{ print $N }' where N is column number cut cut -d' ' -fN where d is the delimiter and N is the colum number perl Replace new line with space
MORE →

Vi/m Fun

I’m honesly not sure if these are vi or vim specific as I use a mac and Debian machine, but here’s some fun stuff I’ve learned over the years. I started as a nano person, but am finaly sitting down and using vi/m more and more. In command mode (make sure to hit esc) Go to start of file gg Go to end of file G Delete from line to start of file dgg
MORE →

tar.xz Max Options

MORE →

urBackup Appliance Fun

Here’s some fun stuff to learn about the urbackup appliance By default there is no firewall, but it’s locked down so one’s not needed, but I installed one anyway You should be able to sudo su - from the admin user, if not; shut the appliance down, then in grub hit e, then add init=/bin/bash at the end of the line that says quiet, then CTRL+X to boot, then echo 'admin ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.
MORE →

Storj Non-Docker using SystemD

This is just basic hints, not a full guide This assumes you have some basic linux knowledge Download identity and storagenode from github (I like to download these things to /opt/storj/) Create auth token HERE Create identity HERE (This took about 4 hours on my node | E3-1280 V2) storagenode setup. This will create config file and other needed files in ~/.local/share/storj/storagenode/config.yaml and ~/.local/share/storj/storagenode/storage Now you need to edit ~/.local/share/storj/storagenode/config.yaml and make changes as needed (wallet, identity files and data storage locations, email, storage size)
MORE →

imap-sync simple command

MORE →

htpassword generation opnsense/bsd

MORE →

Windows urBackup Silent Commands

MORE →

urBackup Appliance on ServerCheap

This is still a WIP. Prepare image Download Appliance Unzip unzip urbackup-app-10-0.img.zip Now upload unzipped image somewhere public. Backblaze/S3 would be a great use for this Write image to disk in ServerCheap.net Create new instance Shutdown new instance Enable Rescue Mode SSH into rescued device using creds given Install required software apt update; apt install curl
MORE →

Modoboa not sending email

MORE →

Modoboa using mariadb

MORE →

How to create keystrokes on Debian

This is very useful when working with VPSes where you can’t paste into the VNC connection (maybe I’m doing something wrong and you can?). Below is a quick piece of code I use. This should be ran as the user and not root. This sleeps for 5 seconds so you can navigate to where you need. sleep 5s; xdotool type CODE_TO_TYPE_HERE This is very easy and simple, but since I just switched to Debian full time from Windows it was a nice/easy way.
MORE →

Fix battery drain while sleeping with laptop

I recnetly decided to switch to Debian full time for my personal laptop (Lenovo Thinkpad X1 Yoga Gen 3), after using it for a week or so I noticed that when I closed the lid it would die after less than a day. After some googleing I found the answer and they are below. I also noticed that the machine never seemed to wake up like it did on Windows (just open it and it should come alive), after switching over to deep_sleep it fixed that issue.
MORE →

dd Tricks

Here’s a couple tips and tricks while using dd on Linux You can view the status of an on-going dd command (I always forget to run with progress or the version you’re using doesn’t have it) You will need another terminal window. Not a problem for me as I always use tmux, some people say screen it better. Find PID of dd process -> ps aux | grep -v grep | grep dd
MORE →

Sudo Fun

I always add a file into /etc/sudoers.d/, just remeber the last entry is trump, so it can overturn the first entries. Because of this I always like to name the files like below. /etc/sudoers.d/999_nick /etc/sudoers.d/001_rick /etc/sudoers.d/111_slick-rick /etc/sudoers.d/222_slick-nick This means if there’s an entry in 999_nick that conficts with any of the others it will trump the other configs. This is how to run without password and only specific program, this is useful, for example my telegraf config when it has to run an exec, but the telegraf user doesn’t have perms.
MORE →

Pleroma with Backblaze-B2 behind Cloudflare CDN

Make sure Backblaze is working with Cloudflare. This can be found HERE Uncomment out the below. I made my Backblaze URL s3.DOMAIN.COM nano /etc/pleroma/config.exs # Configure S3 support if desired. # The public S3 endpoint (base_url) is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # config :pleroma, Pleroma.Upload, uploader: Pleroma.Uploaders.S3, base_url: "https://s3.DOMAIN.COM/file" # config :pleroma, Pleroma.
MORE →

2014 MKZ Factory Door Code retrieval

You have to have at least two keys. Enter car as normal (DUH!! :-b) Find back up key slot, ours is under the cup holder insert, it has a little indent that looks like our key Put key in slot Put in accessory mode by pushing start without foot on brake Wait 3-5 seconds Shutoff car Remove key
MORE →

OPNSense as wireguard client and route LAN split tunnel

Install and configure wireguard I use the Wireguard install script to create the config we import into the wireguard. That is located HERE Generate your first wireguard config. After running the script above it will ask you for a client name, I would name it something relating to opnsense Install Wireguard on OPNSense | System -> Firmware -> Plug-ins -> select and install ‘os-wireguard’
MORE →

Systemctl edit stdin/file

MORE →

Install Duplicati as Windows Service

Here’s how to install Duplicati as a Windows Service Download Duplicati from HERE During install don’t mark Auto Start up option Open CMD as admin Navigate to the installation folder in CMD (this should be the same as long as you left it as default) cd "C:\Program Files\Duplicati 2\" Now we will install the service .\Duplicati.WindowsService.exe install Now restart your computer (this isn’t needed, but it’s a good way to test)
MORE →

Remote shell access to Windows machine on Domain

This seems to be just like connecting via SSH to a Linux machine, but with Windows. I’ve only tested with Windows 10, but it works great. Download PSEX HERE. Extract ZIP wherever (I like to use 7zip). CD to that location via CMD as domain admin (this is assuming domain environment, run CMD as administrator by right clicking, then run as administrator) Run the following .PsExec.exe \PCnameORip cmd.exe You are now in a remote shell You can also use winrs as well
MORE →

Send email using postfix

There’s many times when I want to send an email for testing using postfix and I can never remember how to do it. Here is how.This is super useful to make sure your SMTP relay thru AWS/Postmark is working as it should. Then you can tail /var/log/mail.log to see if it worked or if it got rejected for whatever reason. First type the following to start sendmail sendmail [email protected] Now we can type in or paste the following
MORE →

Equalize Pricing Tables Height with Divi

How to make the pricing table height the same. When using the pricing tables module you will see that the height of each table is going to rely on the content you put there, so if you have different content in each table, you will see something like this: This might be okay, but you may want to have those tables show with the same height. You can use the following CSS code:
MORE →

Change username for cPanel user

Unfortunately it doesn’t appear cPanel allows you to easily change the username. Most documentation I’ve read says to use the “Rearrange an Account” option, but if you only have one disk that doesn’t seem to get you an option. The downside to this is that is doesn’t fully do a normal restore it will restore the new account to the new directory, but it will symlink the old username to the new directory.
MORE →

Acme.sh with NGiNX

First you have to install acme.sh. I like using acme.sh because it’s all bash based. As with all posts I take no responsibility for anything and this is more of a quick help instead of a full guide. I have a script that I use to deploy my WordPress sites. The only thing I recommend is if you use it make sure to add the xml-rpc.php block. I haven’t added that to it yet.
MORE →

Fix Domain Trust Issues

There error comes in many forms one of the forms are “The trust relationship between this workstation and the primary domain failed.” If you’re able to log into the machine as a local admin it’s easy, you just do the following. Use a local administrator account to log on to the computer. Select Start, press and hold (or right-click) Computer > Properties. Select Change settings next to the computer name.
MORE →

Auto Expand last partition using parted

I was having issues finding the correct way to add the remaining free space to the last partition (afraid to do so since it was on a live machine). I was finally able to figure it out. Use this to see free space parted /dev/sdX print free Then this to expand parted /dev/sdX (parted) resizepart Partition number? ENTER NUMBER FROM ABOVE THAT HAS THE LVM End? [1075MB]? 100% (parted) q Then now since this was on a server that uses LVM you have to resize the PV
MORE →

Xiaomi Aqara ZHA Home Assistant

This is how to use the Xiaomi Aqara Wireless Double Button without the Xiaomi Home Hub (A ZIGBEE STICK IS STILL REQUIRED) using ZHA in Home Assistant. Other devices just work without any hard to find IDs. ADD DEVICE TO ZHA Go to “Configuration” Then “ZHA” Hit “Add Devices” Hold down both switch buttons at the same time The lights on the bottom should flash
MORE →

Setup Unifi Controller on Debian10 /Buster

The script to do this for you can be found HERE If you want to run in a single line (not always a great idea if you don’t trust the source. Hopefully you trust me :-) curl -s https://leffler.tech/scripts/unifi-buster.sh | bash Manually below Link to original persons blog post The requirements of the Unifi Controller do not allow a direct installation. But with a few manual steps a successful setup is possible!
MORE →

Bypass PiHole DNS using PiHole DHCP

MORE →

Remote Control Terminal Session Windows Server

I just learned that you can remote control terminal sessions. They call it shadowing. I’ve only done it on Windows Server 2012 r2, but was super easy. You just need to open server manager, go to remote desktop services, then collections, then QuickSessionsCollections. Then you’ll see the connections in the upper right hand corner. Once you find the one you want you right click on the session and hit Shadow. By default this will ask the user to allow, if you want to override that and allows allow you can do the following group policy change.
MORE →

NextCloud with Apache behind NGINX reverse proxy on CentOS

This is probably useful to figure out how to reverse proxy Apache behind NGINX, but I was finally able to get NextCloud working on NGINX with no problem I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX.
MORE →

USB Panic Button – Windows 10 compatible

MORE →

Cisco Cheat Sheet

Enter enable mode: en Enter Global Config (use this mode for 99% of the configuration, must be in enable mode): conf t Set port back to default default int G0/4 Encrypts all passwords on the device: service password-encryption Configure enable password (or secret in this case): enable secret ________ Create user with highest privilege: username _____ priv 15 password ______ Generate RSA key for SSH (needed if you plan to use SSH):
MORE →