Posts for: #Linux

MergerFS with ZFS filesystems

By default mergerfs appears to try and mount before ZFS is mounted which causes the mergerfs filesytem to fail. To fix this we just need to add x-systemd.requires=zfs-mount.service to the /etc/fstab entry For example my /etc/fstab entry is below: /hdd*/mergerfs /data fuse.mergerfs splice_read,threads=4,allow_other,cache.readdir=true,cache.files=off,fsname=mergerfs,use_ino,dropcacheonclose=true,link_cow=true,category.create=mfs,cache.entry=120,cache.attr=120,x-systemd.requires=zfs-mount.service 0 0
MORE →

Nextcloud Fun

How to share more than one calendar via link. First share the calendar like you usually would to get a public link. Then you can combine the keys like below: These two are the individual calendars https://next.my.domain/apps/calendar/p/hjfu37fhcneydyxh https://next.my.domain/apps/calendar/p/2u487fiuwf22fe98 You just take the part after the last / (slash) and add a - (dash) between more than one like below https://next.my.domain/apps/calendar/p/hjfu37fhcneydyxh-2u487fiuwf22fe98 This link will show all calendars. Just split any calendars you want to share with the - (dash)
MORE →

rsync Fun

Only copy specific file extentions in folder rsync -a --include '*/' --include '*.mp3' --exclude '*' source/ target/ Speed up rsync over SSH without needed to change any configs. arcfour is faster, but no longer enabled by default meanwhile aes128-ctr is rsync -avhP -e "ssh -c aes128-ctr" /src/ user@ip:/dst/ rsync ssh with non standard port rsync -avhP -e "ssh -p number" /src/ user@ip:/dst/ rsync ssh with non standard port and show full progress
MORE →

Headscale with Android

I based this post on HERE Just for reference, the things I did to make it work: git clone https://github.com/tailscale/tailscale-android.git nano tailscale-android/cmd/tailscale/backend.go change: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) return b.backend.Start(ipn.Options{ StateKey: "ipn-android", }) } to: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) prefs := ipn.NewPrefs() prefs.ControlURL = "https://myheadscale.domain.com" opts := ipn.Options{ StateKey: "ipn-android", UpdatePrefs: prefs, } return b.backend.Start(opts) } nano Dockerfile Add the below to the file:
MORE →

Resolvconf BS

Install resolvconf sudo apt install resolvconf Edit the base file with what you want to always be in the file sudo nano /etc/resolvconf/resolv.conf.d/base Have resolvconf rebuild the base sudo resolvconf -u
MORE →

SystemD Fun

Show logs from when systemd service last restarted. (This needs systemd > v232) journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value SERVICE_NAME.service) | head -n15 NFS Mount with NFS and /etc/fstab From all of my reading over the years it’s always been said to add _netdev to the /etc/fstab mount, but that never worked for me. After more reading it appears that was for SystemV which is dead. I figured it out after much Googleing.
MORE →

SSH Cheatsheet

Connect via SSH client with a different user by default nano ~/.ssh/config Add the following to the file above: Host * User DEFAULT_USER Force Password auth ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host
MORE →

Docker and UFW

For UFW and Docker I use a program called UFW-Docker To use it do the following: wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker chmod +x /usr/local/bin/ufw-docker ufw-docker install Allow tailscale VPN to all docker containers This is based on the issue HERE ufw route allow from 100.64.0.0/10 to any You should now be good to accept anything from the tailscale network
MORE →

Headscale with Windows

This is how to get the Windows client with headscale. I’m happy to finaly get it working. Headscales docs are HERE, but I’m adding some more info since I wasn’t able to get it to work the first time If you’ve already installed tailscale on the machine make sure to delete the C:\Users\<USERNAME>\AppData\Local\Tailscale directory Download the Official Windows Client HERE and install it. You can either do option A or B Option A Manually edit the registry
MORE →

WP-Cli Tips and tricks

Install wp-cli curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar php wp-cli.phar --info chmod +x wp-cli.phar mv wp-cli.phar /usr/local/bin/wp Install new wordpress domain using wp-cli Make sure directory has permisisons for web user cd "WEB_DIRECTORY" sudo -u www-data wp core download sudo -u www-data wp config create --dbname=DATABASE_NAME --dbuser=DATABASE_USER --dbpass=DATABASE_PASSWORD --dbhost=DATABASE_HOST sudo -u www-data wp core install --url=URL_INCLUDING_HTTPS --title=SITE_TITLE --admin_user=ADMIN_USERNAME --admin_password=ADMIN_PASSWORD --admin_email=ADMIN_EMAIL --skip-email sudo -u www-data wp plugin delete 'hello' sudo -u www-data wp plugin delete 'akismet'
MORE →

FFMPEG/OwnCast/HDHomeRun

If you’re wanting to stream HDHomeRun channel to your own OwnCast server I’m using Debian like everything else I do apt install -y ffmpeg ffmpeg -i "http://IP_OF_HDHR:5004/auto/vCH.N" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv rtmps://OWNCAST_URL:PORT/live/STREAM_KEY You can now go to your owncast URL and it should be streaming SystemD Service nano /etc/systemd/system/hdhomerun-stream.service [Unit] Description=HDHR Daemon After=network.target [Service] User=plex EnvironmentFile=-/etc/default/hdhomerun Group=plex Type=simple wExecStart=/usr/bin/ffmpeg -i "${CHANNEL}" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv "${URL}:${PORT}/live/${KEY}" Restart=on-failure [Install] WantedBy=multi-user.
MORE →

tmux Fun

By default the prefix is Ctrl+B for tmux How to save pane to file Use prefix + : We need to puts those lines into a buffer by typing in capture-pane -S -150 | Replace -150 with however many lines you’d like to save, or - for all lines. Hit return (enter) Now we have to save the buffer to a file by doing the following prefix + : Type in save-buffer filename.
MORE →

Autorestic Fun

Install autorestic with the below curl https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash Now we install the config with the below cat <<EOF > /root/.autorestic.yml version: 2 global: forget: keep-daily: 5 keep-weekly: 15 keep-monthly: 15 backends: storj: type: s3 path: https://gateway.us1.storjshare.io/bucket.name.here env: aws_access_key_id: aws_secret_access_key: backblaze: type: s3 path: https://s3.us-west-002.backblazeb2.com/bucket-name-here env: aws_access_key_id: aws_secret_access_key: locations: root: from: - / to: - storj - backblaze options: backup: exclude: - /dev - /media - /mnt - /proc - /run - /sys - /tmp - /var/tmp - /var/lib/mysql - /swap* EOF Now autorestic is installed
MORE →

DynamicDNS with Cloudflare bash

Here is a bash script I use to update DDNS with CloudFlare, I could use ddclient, but I like this it works for me apt -y install dnsutils jq curl #!/usr/bin/env bash # A bash script to update a Cloudflare DNS A record with the external IP of the source machine # Used to provide DDNS service for my home # Needs the DNS record pre-creating on Cloudflare ## Based on https://gist.
MORE →

Watchtower fun

Watchtower fun with gotify for notifications mkdir -p /opt/watchtower && cd /opt/watchtower version: "3" services: watchtower: image: containrrr/watchtower volumes: - /var/run/docker.sock:/var/run/docker.sock environment: - WATCHTOWER_CLEANUP=true #- WATCHTOWER_LABEL_ENABLE=true - WATCHTOWER_INCLUDE_RESTARTING=true - WATCHTOWER_NOTIFICATIONS=gotify - WATCHTOWER_NOTIFICATION_GOTIFY_URL=https://push.domain.com - WATCHTOWER_NOTIFICATION_GOTIFY_TOKEN= - TZ=America/New_York #- WATCHTOWER_POLL_INTERVAL=86400 - WATCHTOWER_HTTP_API_METRICS=true - WATCHTOWER_HTTP_API_TOKEN= - WATCHTOWER_SCHEDULE=0 0 0 * * * restart: unless-stopped
MORE →

Gitea Auth using Authentik Proxy Outpost

RIGHT NOW GITEA KEEPS LOGGED IN AS FIRST USER SO IT’S NOT PERFECT, THERE’S A KNOWN ISSUE We need to update the logout button to the authentik logout URL: wget -O /var/lib/gitea/custom/templates/base/head_navbar.tmpl https://raw.githubusercontent.com/go-gitea/gitea/main/templates/base/head_navbar.tmpl Replace the old logout URL with the new: sed -i 's#/user/logout#/akprox/sign_out#g' /var/lib/gitea/custom/templates/base/head_navbar.tmpl I did notice when replacing the URL to logout it doesn’t directly log you out, but will be logged out next time you try to do anything Now it’s time to config gitea; nano /etc/gitea/app.
MORE →

Grafana Auth using Authentik Proxy Outpost

nano /etc/grafana/grafana.ini [auth.proxy] # Defaults to false, but set to true to enable this feature enabled = true # HTTP Header name that will contain the username or email header_name = X-authentik-username # HTTP Header property, defaults to `username` but can also be `email` header_property = username # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. auto_sign_up = false # Define cache time to live in minutes # If combined with Grafana LDAP integration it is also the sync interval sync_ttl = 60 # Limit where auth proxy requests come from by configuring a list of IP addresses.
MORE →

rPiBoot Fun

First you can download the intstaller for rpiboot for Windows from github at HERE Then I always prefer Debian which can be found HERE I’m using the DF Robot Router Board from HERE Huge shoutout and thanks to Jeff Geerling for the board. To get the CM4 into rpiboot mode you have to switch the little switch on the DF Robot Board labeled RPIBOOT to 1 Now you have to install the program, then open up rpiboot and let it do it’s thing then it’ll be mounted
MORE →

Rundeck fun

nano docker-compose.yaml version: '3' services: rundeck: image: 'rundeck/rundeck:3.4.8' restart: unless-stopped environment: RUNDECK_GRAILS_URL: 'https://rundeck.domain.com' RUNDECK_SERVER_FORWARDED: 'true' RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver RUNDECK_DATABASE_USERNAME: rundeck RUNDECK_DATABASE_PASSWORD: rundeck RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false ports: - 127.0.0.1:4440:4440 volumes: - ./data/data:/home/rundeck/server/data - ./data/projects:/home/rundeck/projects - ./data/realm.properties:/home/rundeck/server/config/realm.properties depends_on: - "mysql" mysql: image: mysql:5.7 restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=rundeck - MYSQL_USER=rundeck - MYSQL_PASSWORD=rundeck volumes: - ./data/db:/var/lib/mysql First you’ll want to comment out - ./data/realm.properties:/home/rundeck/server/config/realm.properties then docker exec -it rundeck_rundeck_1 cat /home/rundeck/server/config/realm.properties > ./data/realm.properties to get the file.
MORE →

Usenet Basics

Here’s a quick rundown of how usenet works: The three things required are a server, indexer, and downloaders. Server: Where you download the articles from. (Eweka, SuperNews) Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB) Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd) Arr software searches via the indexer which then sends the .nzb file to the downloader.
MORE →

Headscale Notes

Client DNS If you don’t want to use magic DNS like myself. I was having issues with it so I did this. Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
MORE →

How to set up Headscale

Here I will walk you through setting up Headscale Create Directories mkdir -p /opt/headscale/config /opt/headscale/bin Install Reqs apt install -y wireguard-tools nginx apt-transport-https Generate Key wg genkey > /opt/headscale/config/private.key Download newest release from HERE wget https://github.com/juanfont/headscale/releases/download/v0.15.0-beta5/headscale_0.15.0-beta5_linux_amd64 -O /opt/headscale/bin/headscale Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc Source the new PATH source ~/.bashrc Create config Create a config in /opt/headscale/config/config.yml nano config.yaml --- # The url clients will connect to. # Typically this will be a domain.
MORE →

Comments: