RIGHT NOW GITEA KEEPS LOGGED IN AS FIRST USER SO IT’S NOT PERFECT, THERE’S A KNOWN ISSUE We need to update the logout button to the authentik logout URL: wget -O /var/lib/gitea/custom/templates/base/head_navbar.tmpl https://raw.githubusercontent.com/go-gitea/gitea/main/templates/base/head_navbar.tmpl
Replace the old logout URL with the new: sed -i 's#/user/logout#/akprox/sign_out#g' /var/lib/gitea/custom/templates/base/head_navbar.tmpl
I did notice when replacing the URL to logout it doesn’t directly log you out, but will be logged out next time you try to do anything Now it’s time to config gitea; nano /etc/gitea/app.
nano /etc/grafana/grafana.ini
[auth.proxy] # Defaults to false, but set to true to enable this feature enabled = true # HTTP Header name that will contain the username or email header_name = X-authentik-username # HTTP Header property, defaults to `username` but can also be `email` header_property = username # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. auto_sign_up = false # Define cache time to live in minutes # If combined with Grafana LDAP integration it is also the sync interval sync_ttl = 60 # Limit where auth proxy requests come from by configuring a list of IP addresses.
First you can download the intstaller for rpiboot for Windows from github at HERE
Then I always prefer Debian which can be found HERE
I’m using the DF Robot Router Board from HERE
Huge shoutout and thanks to Jeff Geerling for the board.
To get the CM4 into rpiboot mode you have to switch the little switch on the DF Robot Board labeled RPIBOOT to 1
Now you have to install the program, then open up rpiboot and let it do it’s thing then it’ll be mounted
Here’s a quick rundown of how usenet works:
The three things required are a server, indexer, and downloaders.
Server: Where you download the articles from. (Eweka, SuperNews)
Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB)
Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd)
Arr software searches via the indexer which then sends the .nzb file to the downloader.
Client DNS If you don’t want to use magic DNS like myself. I was having issues with it so I did this.
Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers
function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
Here I will walk you through setting up Headscale
Create Directories
mkdir -p /opt/headscale/config /opt/headscale/bin
Install Reqs
apt install -y wireguard-tools nginx apt-transport-https
Generate Key
wg genkey > /opt/headscale/config/private.key
Download newest release from HERE
wget https://github.com/juanfont/headscale/releases/download/v0.15.0-beta5/headscale_0.15.0-beta5_linux_amd64 -O /opt/headscale/bin/headscale
Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc
Source the new PATH source ~/.bashrc
Create config Create a config in /opt/headscale/config/config.yml
nano config.yaml
--- # The url clients will connect to. # Typically this will be a domain.
I was trying to get an alias to work with a ProxyPass. This is pretty easy in NGiNX you just add locations where they need to be, but it appears in Apache/HTTPD you have to specify to ignore the location without the ProxyPass Module
The below needs to be added into your VirtualHost. This specific use was for the AppRise_API server
Alias "/s" "/opt/apprise/server/apprise_api/static" <Directory "/opt/apprise/server/apprise_api/static"> AllowOverride None Require all granted </Directory> ReWriteEngine on ProxyPassMatch ^/s !
Below is how to fix the Your web server is not properly set up to resolve /.well-known/webfinger /.well-known/nodeinfo error if using NGiNX since everything else I could find was for Apache/HTTPD.
Add the following to your NGiNX config file for nextcloud. Usualy found in /etc/nginx/sites-enabled/ or /etc/nginx/conf.d/
location = /.well-known/webfinger { return 301 $scheme://$host/index.php/.well-known/webfinger; } location = /.well-known/nodeinfo { return 301 $scheme://$host/index.php/.well-known/nodeinfo; } ACPu errors when doing stuff on the command line.
Here’s some simple things to do with git When updating a repo this is the simplest way to do it
git config --global user.name FIRST_NAME LAST_NAME | this sets the person who made the commit (first/last name)
git config --global user.email [email protected] | this sets the person who made the commit (email)
git diff | this is the see any lines you’ve changed
git status | this will show which branch your on and which files have changed (not the contents of the file like git diff, but just the files themselves)
sed With the last g all text is replaced not just the first
Replace text inline using sed (does not work with symlinks)
sed -i 's/TO_BE_REPLACED/NEW_TEXT/g' FILE_HERE
Replace text output to stdout
sed 's/TO_BE_REPLACED/NEW_TEXT/g' FILE_HERE
awk Show specific column of line
awk '{ print $N }' where N is column number
cut cut -d' ' -fN where d is the delimiter and N is the colum number
perl Replace new line with space
I’m honesly not sure if these are vi or vim specific as I use a mac and Debian machine, but here’s some fun stuff I’ve learned over the years. I started as a nano person, but am finaly sitting down and using vi/m more and more.
In command mode (make sure to hit esc) Go to start of file gg
Go to end of file G
Delete from line to start of file dgg
This is useful if using remote shell to do things. I used this when I migrated from RemoteUtilities (great software, but I can’t seem to find a cheap host for a Windows OS, MeshCentral only requires a small Linux server) to MeshCentral. I was able to use the remote shell through SentinelOne to do this. SentinelOne is by far the best NextGenAV out there.
If remote shell uses CMD we’re going to want to open/start powershell
Here’s how to install Duplicati as a Windows Service
Download Duplicati from HERE
During install don’t mark Auto Start up option
Open CMD as admin
Navigate to the installation folder in CMD (this should be the same as long as you left it as default) cd "C:\Program Files\Duplicati 2\"
Now we will install the service .\Duplicati.WindowsService.exe install
Now restart your computer (this isn’t needed, but it’s a good way to test)
This seems to be just like connecting via SSH to a Linux machine, but with Windows. I’ve only tested with Windows 10, but it works great.
Download PSEX HERE. Extract ZIP wherever (I like to use 7zip). CD to that location via CMD as domain admin (this is assuming domain environment, run CMD as administrator by right clicking, then run as administrator) Run the following .PsExec.exe \PCnameORip cmd.exe You are now in a remote shell You can also use winrs as well
Go to https://www.microsoft.com/en-us/software-download/windows10ISO and use the dev tools F12 on browsers to change device to mobile. Then you should be able to choose the version/lang/type and then you’ll get a direct link from Microsoft.
If you ever run into a scenario where you have an ACL in place, but can’t get on the IP that’s in the ACL and you have ssh access, the following will work well. You have to do a partial factory reset which resets everything other than the networking. The default creds are ADMIN/ADMIN. Make sure to change those as soon as you’re logged in.
ipmitool raw 0x3c 0x40
This is very useful when you have everything redirected with NGiNX to HTTPS, but acme.sh/LetsEncrypt requires HTTP for verification.
server { listen 80; server_name DOMAIN.COM; root HTTP_ROOT; location ^~ /.well-known/acme-challenge/ { try_files $uri =404; } location / { return 301 https://DOMAIN.COM$request_uri; } }
Sometimes you have an email account and you want to edit the email/hour for only one of the domain on the account, here is how to do that.
SSH to the server ssh domainHere.com Edit the file /var/cpanel/users/userAccount file Add or Edit a line like this MAX_EMAIL_PER_HOUR-domainHere.com=100 Replace domainHere.com with the domain name in question, and 100 with the number of emails per hour you wish to allow. Save the file and run /usr/local/cpanel/scripts/updateuserdomains
Sometimes you don’t know or want to change the root password to be able to log into WHM as root (yes I know you shouldn’t log in as root, but sometimes you do). Here’s the command to do that via CLI
whmapi1 create_user_session user=root service=whostmgrd locale=en This will return something like to following
data: cp_security_token: /cpsess9427258339 expires: '1596644759' locale: en service: whostmgrd session: root:J7omtbeEeUhJ9yPK:create_user_session,yAs86MVYrHT46avjRLAGxhHaEFrFV3Hf url: https://server.domain.com:2087/cpsess9427258339/login/?locale=en&session;=root%2UtnqjEJVUBNo2JnKH%3acreate_user_session%55nNCwxRW4tzqEe6NUYKwWrDM7N485TiYA metadata: command: create_user_session reason: Created session result: 1 version: 1 You will use the URL and it will take you right into WHM