rsync Fun

MORE →

Headscale with Android

I based this post on HERE Just for reference, the things I did to make it work: git clone https://github.com/tailscale/tailscale-android.git nano tailscale-android/cmd/tailscale/backend.go change: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) return b.backend.Start(ipn.Options{ StateKey: "ipn-android", }) } to: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) prefs := ipn.NewPrefs() prefs.ControlURL = "https://myheadscale.domain.com" opts := ipn.Options{ StateKey: "ipn-android", UpdatePrefs: prefs, } return b.backend.Start(opts) } nano Dockerfile
MORE →

Resolvconf BS

MORE →

SystemD Fun

Show logs from when systemd service last restarted. (This needs systemd > v232) journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value SERVICE_NAME.service) | head -n15 NFS Mount with NFS and /etc/fstab From all of my reading over the years it’s always been said to add _netdev to the /etc/fstab mount, but that never worked for me. After more reading it appears that was for SystemV which is dead. I figured it out after much Googleing.
MORE →

SentinelOne Fun

MORE →

SSH Cheatsheet

MORE →

Docker and UFW

For UFW and Docker I use a program called UFW-Docker To use it do the following: wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker chmod +x /usr/local/bin/ufw-docker ufw-docker install Allow tailscale VPN to all docker containers This is based on the issue HERE ufw route allow from 100.64.0.0/10 to any You should now be good to accept anything from the tailscale network
MORE →

Headscale with Windows

This is how to get the Windows client with headscale. I’m happy to finaly get it working. Headscales docs are HERE, but I’m adding some more info since I wasn’t able to get it to work the first time If you’ve already installed tailscale on the machine make sure to delete the C:\Users\<USERNAME>\AppData\Local\Tailscale directory Download the Official Windows Client HERE and install it. You can either do option A or B Option A Manually edit the registry
MORE →

tmux Fun

By default the prefix is Ctrl+B for tmux How to save pane to file Use prefix + : We need to puts those lines into a buffer by typing in capture-pane -S -150 | Replace -150 with however many lines you’d like to save, or - for all lines. Hit return (enter) Now we have to save the buffer to a file by doing the following prefix + :
MORE →

Autorestic Fun

Install autorestic with the below curl https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash Now we install the config with the below cat <<EOF > /root/.autorestic.yml version: 2 global: forget: keep-daily: 5 keep-weekly: 15 keep-monthly: 15 backends: storj: type: s3 path: https://gateway.us1.storjshare.io/bucket.name.here env: aws_access_key_id: aws_secret_access_key: backblaze: type: s3 path: https://s3.us-west-002.backblazeb2.com/bucket-name-here env: aws_access_key_id: aws_secret_access_key: locations: root: from: - / to: - storj - backblaze options: backup: exclude: - /dev - /media - /mnt - /proc - /run - /sys - /tmp - /var/tmp - /var/lib/mysql - /swap* EOF Now autorestic is installed
MORE →

DynamicDNS with Cloudflare bash

Here is a bash script I use to update DDNS with CloudFlare, I could use ddclient, but I like this it works for me apt -y install dnsutils jq curl #!/usr/bin/env bash # A bash script to update a Cloudflare DNS A record with the external IP of the source machine # Used to provide DDNS service for my home # Needs the DNS record pre-creating on Cloudflare ## Based on https://gist.
MORE →

Watchtower fun

MORE →

Gitea Auth using Authentik Proxy Outpost

RIGHT NOW GITEA KEEPS LOGGED IN AS FIRST USER SO IT’S NOT PERFECT, THERE’S A KNOWN ISSUE We need to update the logout button to the authentik logout URL: wget -O /var/lib/gitea/custom/templates/base/head_navbar.tmpl https://raw.githubusercontent.com/go-gitea/gitea/main/templates/base/head_navbar.tmpl Replace the old logout URL with the new: sed -i 's#/user/logout#/akprox/sign_out#g' /var/lib/gitea/custom/templates/base/head_navbar.tmpl I did notice when replacing the URL to logout it doesn’t directly log you out, but will be logged out next time you try to do anything Now it’s time to config gitea; nano /etc/gitea/app.
MORE →

Grafana Auth using Authentik Proxy Outpost

nano /etc/grafana/grafana.ini [auth.proxy] # Defaults to false, but set to true to enable this feature enabled = true # HTTP Header name that will contain the username or email header_name = X-authentik-username # HTTP Header property, defaults to `username` but can also be `email` header_property = username # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. auto_sign_up = false # Define cache time to live in minutes # If combined with Grafana LDAP integration it is also the sync interval sync_ttl = 60 # Limit where auth proxy requests come from by configuring a list of IP addresses.
MORE →

rPiBoot Fun

MORE →

Rundeck fun

nano docker-compose.yaml version: '3' services: rundeck: image: 'rundeck/rundeck:3.4.8' restart: unless-stopped environment: RUNDECK_GRAILS_URL: 'https://rundeck.domain.com' RUNDECK_SERVER_FORWARDED: 'true' RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver RUNDECK_DATABASE_USERNAME: rundeck RUNDECK_DATABASE_PASSWORD: rundeck RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false ports: - 127.0.0.1:4440:4440 volumes: - ./data/data:/home/rundeck/server/data - ./data/projects:/home/rundeck/projects - ./data/realm.properties:/home/rundeck/server/config/realm.properties depends_on: - "mysql" mysql: image: mysql:5.7 restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=rundeck - MYSQL_USER=rundeck - MYSQL_PASSWORD=rundeck volumes: - ./data/db:/var/lib/mysql First you’ll want to comment out - ./data/realm.properties:/home/rundeck/server/config/realm.properties then docker exec -it rundeck_rundeck_1 cat /home/rundeck/server/config/realm.properties > .
MORE →

Usenet Basics

Here’s a quick rundown of how usenet works: The three things required are a server, indexer, and downloaders. Server: Where you download the articles from. (Eweka, SuperNews) Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB) Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd) Arr software searches via the indexer which then sends the .
MORE →

How to get systemd on WSL2

MORE →

Headscale Notes

Client DNS If you don’t want to use magic DNS like myself. I was having issues with it so I did this. Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
MORE →

How to set up Headscale

Here I will walk you through setting up Headscale Create Directories mkdir -p /opt/headscale/config /opt/headscale/bin Install Reqs apt install -y wireguard-tools nginx apt-transport-https Generate Key wg genkey > /opt/headscale/config/private.key Download newest release from HERE wget https://github.com/juanfont/headscale/releases/download/v0.15.0-beta5/headscale_0.15.0-beta5_linux_amd64 -O /opt/headscale/bin/headscale Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc Source the new PATH source ~/.bashrc Create config Create a config in /opt/headscale/config/config.
MORE →

Apaches Alias with ProxyPass

I was trying to get an alias to work with a ProxyPass. This is pretty easy in NGiNX you just add locations where they need to be, but it appears in Apache/HTTPD you have to specify to ignore the location without the ProxyPass Module The below needs to be added into your VirtualHost. This specific use was for the AppRise_API server Alias "/s" "/opt/apprise/server/apprise_api/static" <Directory "/opt/apprise/server/apprise_api/static"> AllowOverride None Require all granted </Directory> ReWriteEngine on ProxyPassMatch ^/s !
MORE →

Generate Wildcard cert with acme.sh

MORE →

Access IPMI if IP is not in ACL

MORE →

acme.sh/LetsEncrypt with 301 https redirect

MORE →

Limit email/hour for just one domain on an account (addon, park, or sub domain).

MORE →

Create cPanel WHM session from CLI

MORE →

SuperMicro ipmitool shared/dedicated NIC change

Here is how to change the NIC for IPMI to be shared or dedicated. I know this works on SuperMicro I’m not sure about other vendors Make sure you have IPMI tool installed and you’re able to connect via ipmitool To Get Lan Mode ipmitool raw 0x30 0x70 0x0C 0x00 It will return a code, here are those and their meanings: 00 dedicated 01 shared 02 Failover Here is how you set the mode
MORE →

Change username for cPanel user

Unfortunately it doesn’t appear cPanel allows you to easily change the username. Most documentation I’ve read says to use the “Rearrange an Account” option, but if you only have one disk that doesn’t seem to get you an option. The downside to this is that is doesn’t fully do a normal restore it will restore the new account to the new directory, but it will symlink the old username to the new directory.
MORE →

Acme.sh with NGiNX

First you have to install acme.sh. I like using acme.sh because it’s all bash based. As with all posts I take no responsibility for anything and this is more of a quick help instead of a full guide. I have a script that I use to deploy my WordPress sites. The only thing I recommend is if you use it make sure to add the xml-rpc.php block. I haven’t added that to it yet.
MORE →

Fix Domain Trust Issues

There error comes in many forms one of the forms are “The trust relationship between this workstation and the primary domain failed.” If you’re able to log into the machine as a local admin it’s easy, you just do the following. Use a local administrator account to log on to the computer. Select Start, press and hold (or right-click) Computer > Properties. Select Change settings next to the computer name.
MORE →

Auto Expand last partition using parted

I was having issues finding the correct way to add the remaining free space to the last partition (afraid to do so since it was on a live machine). I was finally able to figure it out. Use this to see free space parted /dev/sdX print free Then this to expand parted /dev/sdX (parted) resizepart Partition number? ENTER NUMBER FROM ABOVE THAT HAS THE LVM End? [1075MB]? 100% (parted) q Then now since this was on a server that uses LVM you have to resize the PV
MORE →

Bypass PiHole DNS using PiHole DHCP

MORE →

SmartOS Tricks

MORE →

SSH tunnel WSL1

MORE →

Remote Control Terminal Session Windows Server

I just learned that you can remote control terminal sessions. They call it shadowing. I’ve only done it on Windows Server 2012 r2, but was super easy. You just need to open server manager, go to remote desktop services, then collections, then QuickSessionsCollections. Then you’ll see the connections in the upper right hand corner. Once you find the one you want you right click on the session and hit Shadow. By default this will ask the user to allow, if you want to override that and allows allow you can do the following group policy change.
MORE →

XCP-NG Quick Notes

I learned about XCP-NG not to log ago and love it. It’s great and easy to use. My only issue is I guess on newer versions of Windows 10/Server 2019 they were having freezing issues. I had the issue with Windows 10. I just went with Windows 7 VMs for what I needed until they get the problem worked out. XCP-NG works great with Linux. Here are some useful commands I’ve found.
MORE →

NextCloud with Apache behind NGINX reverse proxy on CentOS

This is probably useful to figure out how to reverse proxy Apache behind NGINX, but I was finally able to get NextCloud working on NGINX with no problem I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX.
MORE →

Find average size of directories

MORE →

Supermicro X9 Hangs on Windows 10 reboot

This data has been copied from HERE Please follow the steps below: Turn off the system completely, and turn it back on, you should be able to get back into the OS. 2)Download the following driver and extract it: https://downloadcenter.intel.com/download/22655/Intel-Chipset-Device-Software-for-HECI or my link here, this may not be the newest intel_chipset_SPS_MEI_NULL_v1.2.3.2003 Open up Device Manager View » Show hidden devices In the main window, expand System devices and look the device written exactly as “Intel(R) Management Engine Interface”
MORE →

Static IP KVM Guest

Copied from Here If you don’t want to do any configuration inside the guest, then the only option is a DHCP server that hands out static IP addresses. If you use bridge mode, that will probably be some external DHCP server. Consult its manual to find out how to serve static leases. But at least in forward modes nat or route, you could use libvirt’s built-in dnsmasqd (More recent versions of libvirtd support the dnsmasq’s “dhcp-hostsfile” option).
MORE →

Cert Roadmap

MORE →

Add clonezilla to Fog Project

MORE →

Linux not auto mounting NFS at boot up

MORE →

MySQL/MariaDB Not Securing

mysql_secure_installation doesn’t seem to work on the newest Debain After some googling I think I found what works for me. Delete anon user DELETE FROM mysql.user WHERE User=’'; delete non local root user DELETE FROM mysql.user WHERE User=‘root’ AND Host NOT IN (’localhost’, ‘127.0.0.1’, ‘::1’); drop test database DROP DATABASE IF EXISTS test; drop all other root users drop user ‘root’@’localhost’; drop user ‘root’@‘127.0.0.1’; drop user ‘root’@’::1’; create a new root user with password
MORE →

Mail Server

I ended up switching to modoboa. I’ve been very happy with it on ServerCheap. I finally set up my own mail server using a couple guides. Just putting this here for my memory. Thank you to the great people who write amazing blogs. How to set up the server When put behind cloudflare you need to add the bellow to /etc/nginx/nginx.conf in the http { location # CF set real ip set_real_ip_from 103.
MORE →

Basic Linux commands

MORE →

Disable SuperMicro IPMI ADMIN user

Disable ADMIN user Before doing this bit you may wish to check that the new user you added works for everything you need it to. Those things might include: ssh to [email protected] Log in on web interface at https://192.168.1.22/ Various ipmitool commands like querying power status:$ ipmitool -I lanplus -H 192.168.1.22 -U somename -a power status Password: Chassis power is on If all of that is okay then you can disable ADMIN:
MORE →

CloudFlare with nginx and plex

Add the following to the http in /etc/nginx/nginx.conf. This tells nginx where the actually IP is coming from instead of showing as cloudflare. # CF set real ip set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; # use any of the following two real_ip_header CF-Connecting-IP; #real_ip_header X-Forwarded-For; This is the reverse proxy file /etc/nginx/sites-available/plex.
MORE →

IPTables Fun

I found these scripts years ago and decided to use them. I might as well share them First the ipset and iptables need to be installed apt install iptables ipset Now we need to create the ipset lists ipset create drop hash:net ipset create allowHTTPS hash:net ipset create allowSSH hash:net ipset create directHTTPS hash:net ipset create google hash:net script to update files and countries. If you go to the ipdeny site you can find which countries you can add.
MORE →

VMware vSphere – How to activate Windows Server OEM licence in virtual machine

Copied from LINK PUBLIKOVÁNO 23 SRP ’17 , AUTOR: TOMAS KALABIS VMware vSphere – How to activate Windows Server OEM licence in virtual machine I have installed a Windows Server 2012 R2 with a Fujitus OEM licence on ESXi 6.5, but when i try to activate this operating system i got always an error with licence key. The solution is add following lines to the .vmx file of affected VM.
MORE →

create CD iso from folder

Download IMGBURN Now all that’s left is to glue the iso back together. In ImgBurn this accomplished by: Mode -> Build In the ‘Source’ section, click the ‘Browse for a folder’ icon. Select c:\iso\ms-iso. In the ‘Destination’ section, click the ‘Browse for a file’ icon. Give your iso a name and put it where you’d like. Under the Options tab on the right, set ‘File System’ to ‘UDF’ and ensure that ‘Recurse Subdirectories’ is checked.
MORE →

Install FusionIO ioDrive2 on Debian

If using Debian 10 you’ll have to use the github VSL. I just started using it, I will update if there’s issues. HERE’S the link. Now we need to make the module be loaded. mkdir /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem cd root/usr/src/iomemory-vsl-3.2.16 cp iomemory-vsl.ko /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem Now we need to add it to be loaded on bootup nano /etc/modules Paste iomemory_vsl into the /etc/modules file. `` First go to LINK and download the needed items I also have a copy that I downloaded HERE.
MORE →

Install ZFS on Debian 9.5 (Stretch)

MORE →

How to enable vlans on Debian 9

I just did this on Debian 9, it might work on older versions and more than likely Ubuntu Do everything as root: sudo su - Install vlan package: apt-get install vlan Load 8021q module: modprobe 8021q Add 8021q module at bootup: echo 8021q | sudo tee -a /etc/modules Make sure it is in the file: cat /etc/modules Now we need to edit the interfaces file: nano /etc/network/interfaces There will probably be something like below
MORE →

Add Windows Server 2016 Core to Existing domain

First we need to configure static IP address This can be done by typing the below Enter Powershell powershell.exe Change computer name Rename-Computer -NewName "NewName" Reboot shutdown -s -t 0 log back in and go to power shell powershell.exe Find interface index Get-NetAdapter Set IP Address New-NetIPAddress –InterfaceIndex 2 –IPAddress 192.168.1.16 -PrefixLength 24 -DefaultGateway 192.168.1.1 Set DNS address Set-DnsClientServerAddress -InterfaceIndex 2 -ServerAddresses 127.0.0.1 Now it’s time for the “FUN” part. Now I realize why I don’t like core server.
MORE →

How to use SSH keys

create public and private keys. You can just hit enter or change the options. ssh-keygen -t rsa Now we need to copy our public key to the servers authorized keys cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys" Now once you’ve completed teh above you should just be able to ssh to the remote host. If you want to be able to ssh as root.
MORE →

Install php7, nginx, mariadb centos 7

I am not a pro, this is just what I’ve learned over the years and noticed that a bunch of tutorials didn’t have all the info I needed/used so I figured I’d make my own. rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm yum update yum install -y nginx mariadb-server mariadb git yum --enablerepo=remi-php72 install php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml php-pecl-zip php-gmp Next we are going to want to enable everything to run on start up systemctl enable php-fpm systemctl enable nginx systemctl enable mariadb systemctl start mariadb
MORE →

Useful Scripts

for f in *; do cd $f; mv * ..; cd ..; rmdir $f; done find . -type f ! -iname "*.mp4" ! -iname "*.jpg" ! -iname "*.wmv" ! -iname "*.mkv" ! -iname "*.mpg" ! -iname "*.avi" ! -iname "*.m4v" sed 's#^#what to add to begging of line#' oldfile > newfile sed 's#$#text to add to end of line#' oldfile > newfile mkvmerge -o <output>.mkv –default-track 0 –language 0:eng <subtitles>.srt input find .
MORE →

Docker and IP-Tables

Over the weekend I got attacked. I realized the cause of this was because I rebooted my server and the docker IPTables rules overwrote the IPTables-Persistent rules I had. After realizing this was the case I uninstalled docker since I wasn’t using it and while I was making firewall changes I set up ipset to block most foreign countries. I also removed IPTables-Persistent and instead just added the post up to the /etc/network/interfacespost-up ipset restore < /etc/iptables/ipset.
MORE →

Install KodExplorer

How I installed KodExplorer. This is running on Debian 8.1. Things might be different on whatever OS/Version you’re running. I am by no means a pro. This is pieced together from everything I’ve learned. You first have to install nginx and php apt install ngnix php5-fpm git if it’s a newer version of debian or ubuntu you might have to run apt install php7-fpm mkdir -p /etc/nginx/ssl/site.com cd /etc/nginx/ssl/site.
MORE →

Make nginx return 403 error when accessing non defined sites or direct IP

I was running into an issue where when people would go to the IP of my server or a domain was pointed at my server and the domain wasn’t configured in NGINX it would for some reason redirect to one of my domains when I didn’t want it to. Below is the config block that I added to a file. This make NGINX return a 403 error when accessing the server via IP or an reconfigured domain.
MORE →

pfSense/VMWare/Cisco 3560/Server 2016

Over the past couple days I’ve been trying to get a Cisco 3560 with VLANs to work. Finally I was able to get it working. This is my first blog post FYI it’s not the most detailed. It’s just info on what I’ve learned. This is not the best post to read if you have no technical knowledge. If you have some you should be able to work your way thru my horrible instructions.
MORE →