Mesh Central layout

MORE →

N5095 iGPU

First we need to find the iGPU type lspci | grep VGA This should return something like 00:02.0 VGA compatible controller: Intel Corporation Device 4e55 (rev 01) Add the following to /etc/modprobe.d/i915.conf, replace 4e55 with your type options i915 enable_guc=3 options i915 force_probe=4e55 Now to we need to rebuild the initramfs to add the above update-initramfs -u Install the required firmware files You need to enable the non-free source apt install -y firmware-misc-nonfree intel-media-va-driver-non-free
MORE →

Windows TCP Port Test without Telnet

MORE →

Apt Fun

MORE →

Telegraf and S.M.A.R.T. data

MORE →

NTFY via systemd on bootup/shutdown

MORE →

Proxmox Fun

A few fun tips for Proxmox How to migrate VM to new host not in cluster Create NFS share on a system Add NFS share as backup endpoint on new and old server Run a backup of the system you want to migrate, I shut the VM down, but it’s no needed On new host go to the NFS storage in the GUI and go to backups You will see the backed up data
MORE →

Win11 a lil’ more Win10

MORE →

Local User Win11 Install

MORE →

MergerFS with ZFS filesystems

MORE →

Pull Windows OEM key from BIOS using Linux

MORE →

Xiaomi Opple Battery Replacement

Below is how to replace the battery on the Opple remote. It’s not as easy as it is with the others, but it’s still pretty simple. You can use a spudger or a flat head screw driver First remove the middle key with the spudger, if you push down on one of the sides it makes it easier to lift the other Now remove the screw from the middle. Now remove the top button.
MORE →

Grafana with Screenly OSE

To use Grafana Bearer tokens you need to be able to inject headers which you can’t do in the OSS version of Screenly. To get around this you can just run a NGiNX proxy on the host and reverse proxy to the Grafana server and use NGiNX to inject the required headers. I HAVEN’T TESTED THIS YET ON SCREENLY OSE, BUT SINCE IT’S JUST RUNNING ON RAPSBERRY PI OS THERE SHOULDN’T BE AN ISSUE, I WILL BE TESTING EVENTUALLY
MORE →

AmazonSES Limit by IP and Hostname

MORE →

Nextcloud Fun

MORE →

rsync Fun

Only copy specific file extentions in folder rsync -a --include '*/' --include '*.mp3' --exclude '*' source/ target/ Speed up rsync over SSH without needed to change any configs. arcfour is faster, but no longer enabled by default meanwhile aes128-ctr is rsync -avhP -e "ssh -c aes128-ctr" /src/ [email protected]:/dst/ rsync ssh with non standard port rsync -avhP -e "ssh -p number" /src/ [email protected]:/dst/ rsync ssh with non standard port and show full progress
MORE →

Headscale with Android

I based this post on HERE Just for reference, the things I did to make it work: git clone https://github.com/tailscale/tailscale-android.git nano tailscale-android/cmd/tailscale/backend.go change: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) return b.backend.Start(ipn.Options{ StateKey: "ipn-android", }) } to: func (b *backend) Start(notify func(n ipn.Notify)) error { b.backend.SetNotifyCallback(notify) prefs := ipn.NewPrefs() prefs.ControlURL = "https://myheadscale.domain.com" opts := ipn.Options{ StateKey: "ipn-android", UpdatePrefs: prefs, } return b.backend.Start(opts) } nano Dockerfile Add the below to the file:
MORE →

Resolvconf BS

MORE →

SystemD Fun

Show logs from when systemd service last restarted. (This needs systemd > v232) journalctl _SYSTEMD_INVOCATION_ID=$(systemctl show -p InvocationID --value SERVICE_NAME.service) | head -n15 NFS Mount with NFS and /etc/fstab From all of my reading over the years it’s always been said to add _netdev to the /etc/fstab mount, but that never worked for me. After more reading it appears that was for SystemV which is dead. I figured it out after much Googleing.
MORE →

SentinelOne Fun

MORE →

SSH Cheatsheet

MORE →

Docker and UFW

MORE →

Headscale with Windows

This is how to get the Windows client with headscale. I’m happy to finaly get it working. Headscales docs are HERE, but I’m adding some more info since I wasn’t able to get it to work the first time If you’ve already installed tailscale on the machine make sure to delete the C:\Users\<USERNAME>\AppData\Local\Tailscale directory Download the Official Windows Client HERE and install it. You can either do option A or B Option A Manually edit the registry
MORE →

WP-Cli Tips and tricks

Install wp-cli curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar php wp-cli.phar --info chmod +x wp-cli.phar mv wp-cli.phar /usr/local/bin/wp Install new wordpress domain using wp-cli Make sure directory has permisisons for web user cd "WEB_DIRECTORY" sudo -u www-data wp core download sudo -u www-data wp config create --dbname=DATABASE_NAME --dbuser=DATABASE_USER --dbpass=DATABASE_PASSWORD --dbhost=DATABASE_HOST sudo -u www-data wp core install --url=URL_INCLUDING_HTTPS --title=SITE_TITLE --admin_user=ADMIN_USERNAME --admin_password=ADMIN_PASSWORD --admin_email=ADMIN_EMAIL --skip-email sudo -u www-data wp plugin delete 'hello' sudo -u www-data wp plugin delete 'akismet'
MORE →

FFMPEG/OwnCast/HDHomeRun

If you’re wanting to stream HDHomeRun channel to your own OwnCast server I’m using Debian like everything else I do apt install -y ffmpeg ffmpeg -i "http://IP_OF_HDHR:5004/auto/vCH.N" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv rtmps://OWNCAST_URL:PORT/live/STREAM_KEY You can now go to your owncast URL and it should be streaming SystemD Service nano /etc/systemd/system/hdhomerun-stream.service [Unit] Description=HDHR Daemon After=network.target [Service] User=plex EnvironmentFile=-/etc/default/hdhomerun Group=plex Type=simple wExecStart=/usr/bin/ffmpeg -i "${CHANNEL}" -c:v libx264 -c:a aac -b:v 512K -maxrate 512K -bufsize 1M -f flv "${URL}:${PORT}/live/${KEY}" Restart=on-failure [Install] WantedBy=multi-user.
MORE →

twilio Fun

Call Forwarding using TwiML Bins Login to your account at Twilio. Create TwiML Bin HERE Add a Friendly Name and some TwiML, and then click create. (create a friendly name) Paste the example into the box <Response> <Dial> +12345559876 </Dial> </Response> | replace 2345559876 with your phone number Configure this TwiML bin on your Twilio number HERE Go to Voice & Fax Accept Incoming Voice Calls Configure With Webhook, TwiML Bin, Function, Studio Flow, Proxy Service A Call Comes In TwiML Bin Choose the TwiML Bin you created earlier Lookup up numbers with Twilio API and get a nice pretty JSON output.
MORE →

tmux Fun

By default the prefix is Ctrl+B for tmux How to save pane to file Use prefix + : We need to puts those lines into a buffer by typing in capture-pane -S -150 | Replace -150 with however many lines you’d like to save, or - for all lines. Hit return (enter) Now we have to save the buffer to a file by doing the following prefix + : Type in save-buffer filename.
MORE →

Autorestic Fun

Install autorestic with the below curl https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash Now we install the config with the below cat <<EOF > /root/.autorestic.yml version: 2 global: forget: keep-daily: 5 keep-weekly: 15 keep-monthly: 15 backends: storj: type: s3 path: https://gateway.us1.storjshare.io/bucket.name.here env: aws_access_key_id: aws_secret_access_key: backblaze: type: s3 path: https://s3.us-west-002.backblazeb2.com/bucket-name-here env: aws_access_key_id: aws_secret_access_key: locations: root: from: - / to: - storj - backblaze options: backup: exclude: - /dev - /media - /mnt - /proc - /run - /sys - /tmp - /var/tmp - /var/lib/mysql - /swap* EOF Now autorestic is installed
MORE →

DynamicDNS with Cloudflare bash

Here is a bash script I use to update DDNS with CloudFlare, I could use ddclient, but I like this it works for me apt -y install dnsutils jq curl #!/usr/bin/env bash # A bash script to update a Cloudflare DNS A record with the external IP of the source machine # Used to provide DDNS service for my home # Needs the DNS record pre-creating on Cloudflare ## Based on https://gist.
MORE →

Watchtower fun

MORE →

Gitea Auth using Authentik Proxy Outpost

RIGHT NOW GITEA KEEPS LOGGED IN AS FIRST USER SO IT’S NOT PERFECT, THERE’S A KNOWN ISSUE We need to update the logout button to the authentik logout URL: wget -O /var/lib/gitea/custom/templates/base/head_navbar.tmpl https://raw.githubusercontent.com/go-gitea/gitea/main/templates/base/head_navbar.tmpl Replace the old logout URL with the new: sed -i 's#/user/logout#/akprox/sign_out#g' /var/lib/gitea/custom/templates/base/head_navbar.tmpl I did notice when replacing the URL to logout it doesn’t directly log you out, but will be logged out next time you try to do anything Now it’s time to config gitea; nano /etc/gitea/app.
MORE →

Grafana Auth using Authentik Proxy Outpost

nano /etc/grafana/grafana.ini [auth.proxy] # Defaults to false, but set to true to enable this feature enabled = true # HTTP Header name that will contain the username or email header_name = X-authentik-username # HTTP Header property, defaults to `username` but can also be `email` header_property = username # Set to `true` to enable auto sign up of users who do not exist in Grafana DB. Defaults to `true`. auto_sign_up = false # Define cache time to live in minutes # If combined with Grafana LDAP integration it is also the sync interval sync_ttl = 60 # Limit where auth proxy requests come from by configuring a list of IP addresses.
MORE →

rPiBoot Fun

MORE →

Rundeck fun

nano docker-compose.yaml version: '3' services: rundeck: image: 'rundeck/rundeck:3.4.8' restart: unless-stopped environment: RUNDECK_GRAILS_URL: 'https://rundeck.domain.com' RUNDECK_SERVER_FORWARDED: 'true' RUNDECK_DATABASE_DRIVER: org.mariadb.jdbc.Driver RUNDECK_DATABASE_USERNAME: rundeck RUNDECK_DATABASE_PASSWORD: rundeck RUNDECK_DATABASE_URL: jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false ports: - 127.0.0.1:4440:4440 volumes: - ./data/data:/home/rundeck/server/data - ./data/projects:/home/rundeck/projects - ./data/realm.properties:/home/rundeck/server/config/realm.properties depends_on: - "mysql" mysql: image: mysql:5.7 restart: unless-stopped environment: - MYSQL_ROOT_PASSWORD=root - MYSQL_DATABASE=rundeck - MYSQL_USER=rundeck - MYSQL_PASSWORD=rundeck volumes: - ./data/db:/var/lib/mysql First you’ll want to comment out - ./data/realm.properties:/home/rundeck/server/config/realm.properties then docker exec -it rundeck_rundeck_1 cat /home/rundeck/server/config/realm.properties > ./data/realm.properties to get the file.
MORE →

Usenet Basics

Here’s a quick rundown of how usenet works: The three things required are a server, indexer, and downloaders. Server: Where you download the articles from. (Eweka, SuperNews) Indexer: A search engine for the usenet servers. (NZBGeek, NZBCat, DogNZB) Downloader: This is used to download and extract the files since they are put into RAR files. (NZBGet, SABnzbd) Arr software searches via the indexer which then sends the .nzb file to the downloader.
MORE →

How to get systemd on WSL2

MORE →

Headscale Notes

Client DNS If you don’t want to use magic DNS like myself. I was having issues with it so I did this. Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers function tailssh () { if [[ -z $1 ]] && [[ -z $2 ]]; then tailscale status | grep -v 'filter/INPUT' | column -t else host=$(tailscale status | grep $2 | awk '{ print $1 }') ssh ${1}@${host} fi } Now we need to install column apt install bsdmainutils
MORE →

How to set up Headscale

Here I will walk you through setting up Headscale Create Directories mkdir -p /opt/headscale/config /opt/headscale/bin Install Reqs apt install -y wireguard-tools nginx apt-transport-https Generate Key wg genkey > /opt/headscale/config/private.key Download newest release from HERE wget https://github.com/juanfont/headscale/releases/download/v0.15.0-beta5/headscale_0.15.0-beta5_linux_amd64 -O /opt/headscale/bin/headscale Add headscale ~/.bashrc echo PATH=$PATH:/opt/headscale/bin >> ~/.bashrc Source the new PATH source ~/.bashrc Create config Create a config in /opt/headscale/config/config.yml nano config.yaml --- # The url clients will connect to. # Typically this will be a domain.
MORE →

Apaches Alias with ProxyPass

I was trying to get an alias to work with a ProxyPass. This is pretty easy in NGiNX you just add locations where they need to be, but it appears in Apache/HTTPD you have to specify to ignore the location without the ProxyPass Module The below needs to be added into your VirtualHost. This specific use was for the AppRise_API server Alias "/s" "/opt/apprise/server/apprise_api/static" <Directory "/opt/apprise/server/apprise_api/static"> AllowOverride None Require all granted </Directory> ReWriteEngine on ProxyPassMatch ^/s !
MORE →

Install Debian using RS232 serial cable

The following is for Windows Download Putty Choose serial and select the COM? you can find the com number from device manager under [Ports (COM & LPT)] Now that we have a serial connection go ahead and plug in the netinstall iso usb drive created using Rufus from Debian website hit tab to enter cmd to boot remove quiet after the --- and replace with console=ttyS0,115200n8 example below. This will make the installer use the serial port
MORE →

Speedtest-cli with Grafana, InfluxDB, and Telegraf

MORE →

Simple router using Debian and Firewall-cmd as a base

Here is a quick rundown on how to make a simple Debian box into a router Removed un-needed items apt purge iptables Install required items apt install bridge-utils firewalld dnsmasq Enable IP Forwarding sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf Find NICs ip a to find the NICs Now we create the bridge. This is assuming your device has three NICs and you want two for LAN and one for WAN nano /etc/network/interfaces
MORE →

HDHomeRun metrics using Grafana, InfluxDB, and Telegraf

MORE →

Blog Backend

How this blog is deployed ClearNet: gitea (main repo) -> metroline (custom hugo build container) -> github release (via custom container to clone from gitea and push to github) -> cloudflare pages (this is auto when there’s a commit in the github repo) TOR: gitea (main repo) -> metroline (custom hugo build container) -> rsync (custom container to push to web server) -> webserver (proxied via link HERE ) I had to do it this way since CloudFlare Pages only work with Github.
MORE →

Generate Wildcard cert with acme.sh

MORE →

Fix Nextcloud Issues

Below is how to fix the Your web server is not properly set up to resolve /.well-known/webfinger /.well-known/nodeinfo error if using NGiNX since everything else I could find was for Apache/HTTPD. Add the following to your NGiNX config file for nextcloud. Usualy found in /etc/nginx/sites-enabled/ or /etc/nginx/conf.d/ location = /.well-known/webfinger { return 301 $scheme://$host/index.php/.well-known/webfinger; } location = /.well-known/nodeinfo { return 301 $scheme://$host/index.php/.well-known/nodeinfo; } ACPu errors when doing stuff on the command line.
MORE →

Git fun

Here’s some simple things to do with git When updating a repo this is the simplest way to do it git config --global user.name FIRST_NAME LAST_NAME | this sets the person who made the commit (first/last name) git config --global user.email [email protected] | this sets the person who made the commit (email) git diff | this is the see any lines you’ve changed git status | this will show which branch your on and which files have changed (not the contents of the file like git diff, but just the files themselves)
MORE →

Restic systemd

init repo apt install -y restic export AWS_ACCESS_KEY_ID='KEY_ID_HERE' export AWS_SECRET_ACCESS_KEY='ACCESS_KEY_HERE' export RESTIC_REPOSITORY="REPO_HERE_IS_USE_MINIO" export RESTIC_PASSWORD='RANDOM_PASSWD_HERE' restic init Service time nano /etc/systemd/system/restic-backup.service [Unit] Description=restic Wants=restic.timer [Service] Type=oneshot User=root Group=root Environment=AWS_ACCESS_KEY_ID='KEY_ID_HERE' Environment=AWS_SECRET_ACCESS_KEY='ACCESS_KEY_HERE' Environment=RESTIC_REPOSITORY="REPO_HERE_IS_USE_MINIO" Environment=RESTIC_PASSWORD='RANDOM_PASSWD_HERE' ExecStartPre=/bin/bash -c '/usr/bin/mysqldump --defaults-file=/root/.my.cnf --all-databases > /opt/backup/mysqldump.sql' ExecStart=/bin/bash -c '/usr/bin/restic --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/var/tmp,/var/lib/mysql,/swap*} backup / && /usr/bin/restic forget --prune --keep-daily 5 --keep-weekly 15 --keep-monthly 15' ExecStartPost=/usr/bin/rm /opt/backup/mysqldump.sql [Install] WantedBy=multi-user.target Timer time nano /etc/systemd/system/restic-backup.timer [Unit] Description=restic Requires=restic.service [Timer] Unit=restic.service OnCalendar=daily AccuracySec=1h Persistent=true [Install] WantedBy=timers.
MORE →

perl/awk/sed/cut fun

sed With the last g all text is replaced not just the first Replace text inline using sed (does not work with symlinks) sed -i 's/TO_BE_REPLACED/NEW_TEXT/g' FILE_HERE Replace text output to stdout sed 's/TO_BE_REPLACED/NEW_TEXT/g' FILE_HERE awk Show specific column of line awk '{ print $N }' where N is column number cut cut -d' ' -fN where d is the delimiter and N is the colum number perl Replace new line with space
MORE →

Vi/m Fun

I’m honesly not sure if these are vi or vim specific as I use a mac and Debian machine, but here’s some fun stuff I’ve learned over the years. I started as a nano person, but am finaly sitting down and using vi/m more and more. In command mode (make sure to hit esc) Go to start of file gg Go to end of file G Delete from line to start of file dgg
MORE →

tar.xz Max Options

MORE →

urBackup Appliance Fun

Here’s some fun stuff to learn about the urbackup appliance By default there is no firewall, but it’s locked down so one’s not needed, but I installed one anyway You should be able to sudo su - from the admin user, if not; shut the appliance down, then in grub hit e, then add init=/bin/bash at the end of the line that says quiet, then CTRL+X to boot, then echo 'admin ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.
MORE →

Storj Non-Docker using SystemD

This is just basic hints, not a full guide This assumes you have some basic linux knowledge Download identity and storagenode from github (I like to download these things to /opt/storj/) Create auth token HERE Create identity HERE (This took about 4 hours on my node | E3-1280 V2) storagenode setup. This will create config file and other needed files in ~/.local/share/storj/storagenode/config.yaml and ~/.local/share/storj/storagenode/storage Now you need to edit ~/.local/share/storj/storagenode/config.yaml and make changes as needed (wallet, identity files and data storage locations, email, storage size)
MORE →

imap-sync simple command

MORE →

htpassword generation opnsense/bsd

MORE →

Windows urBackup Silent Commands

MORE →

urBackup Appliance on ServerCheap

This is still a WIP. Prepare image Download Appliance Unzip unzip urbackup-app-10-0.img.zip Now upload unzipped image somewhere public. Backblaze/S3 would be a great use for this Write image to disk in ServerCheap.net Create new instance Shutdown new instance Enable Rescue Mode SSH into rescued device using creds given Install required software apt update; apt install curl Download image and burn to disk curl https://URL-TO-FILE/urbackup-system-disk.img | dd of=/dev/vda You should now be able to disable rescue mode and boot it up
MORE →

Modoboa not sending email

MORE →

Modoboa using mariadb

MORE →

How to create keystrokes on Debian

This is very useful when working with VPSes where you can’t paste into the VNC connection (maybe I’m doing something wrong and you can?). Below is a quick piece of code I use. This should be ran as the user and not root. This sleeps for 5 seconds so you can navigate to where you need. sleep 5s; xdotool type CODE_TO_TYPE_HERE This is very easy and simple, but since I just switched to Debian full time from Windows it was a nice/easy way.
MORE →

Fix battery drain while sleeping with laptop

I recnetly decided to switch to Debian full time for my personal laptop (Lenovo Thinkpad X1 Yoga Gen 3), after using it for a week or so I noticed that when I closed the lid it would die after less than a day. After some googleing I found the answer and they are below. I also noticed that the machine never seemed to wake up like it did on Windows (just open it and it should come alive), after switching over to deep_sleep it fixed that issue.
MORE →

dd Tricks

Here’s a couple tips and tricks while using dd on Linux You can view the status of an on-going dd command (I always forget to run with progress or the version you’re using doesn’t have it) You will need another terminal window. Not a problem for me as I always use tmux, some people say screen it better. Find PID of dd process -> ps aux | grep -v grep | grep dd
MORE →

Sudo Fun

I always add a file into /etc/sudoers.d/, just remeber the last entry is trump, so it can overturn the first entries. Because of this I always like to name the files like below. /etc/sudoers.d/999_nick /etc/sudoers.d/001_rick /etc/sudoers.d/111_slick-rick /etc/sudoers.d/222_slick-nick This means if there’s an entry in 999_nick that conficts with any of the others it will trump the other configs. This is how to run without password and only specific program, this is useful, for example my telegraf config when it has to run an exec, but the telegraf user doesn’t have perms.
MORE →

Pleroma with Backblaze-B2 behind Cloudflare CDN

Make sure Backblaze is working with Cloudflare. This can be found HERE Uncomment out the below. I made my Backblaze URL s3.DOMAIN.COM nano /etc/pleroma/config.exs # Configure S3 support if desired. # The public S3 endpoint (base_url) is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. # config :pleroma, Pleroma.Upload, uploader: Pleroma.Uploaders.S3, base_url: "https://s3.DOMAIN.COM/file" # config :pleroma, Pleroma.Uploaders.S3, bucket: "BUCKET_NAME", # bucket_namespace: "my-namespace", # truncated_namespace: nil, streaming_enabled: true, strip_exif: true # # Configure S3 credentials: config :ex_aws, :s3, access_key_id: "0000000000000000000000000", secret_access_key: "AAAAAAAAAAAAAAAAAAAAA", # region: "us-west-002", scheme: "https://" # # For using third-party S3 clones like wasabi, also do: config :ex_aws, :s3, host: "s3.
MORE →

2014 MKZ Factory Door Code retrieval

You have to have at least two keys. Enter car as normal (DUH!! :-b) Find back up key slot, ours is under the cup holder insert, it has a little indent that looks like our key Put key in slot Put in accessory mode by pushing start without foot on brake Wait 3-5 seconds Shutoff car Remove key Put 2nd key in place Put in accessory mode by pushing start without foot on brake once again
MORE →

Monitoring Domain Expiry

After using LibreNMS for years and it was giving me issues, I decided to give check_mk RAW a try. It works great. I was able to find a way to have check_mk check for Domain Expiry. The original post is HERE, but the formatting wasn’t working so I reposted it. nano /scripts/check-domain-expiry After you have edited this file make sure to add it to a daily crontab. We don’t check the every check cycle since you’d probably get blocked due to high requests.
MORE →

Systemctl edit stdin/file

MORE →

Install Duplicati as Windows Service

Here’s how to install Duplicati as a Windows Service Download Duplicati from HERE During install don’t mark Auto Start up option Open CMD as admin Navigate to the installation folder in CMD (this should be the same as long as you left it as default) cd "C:\Program Files\Duplicati 2\" Now we will install the service .\Duplicati.WindowsService.exe install Now restart your computer (this isn’t needed, but it’s a good way to test)
MORE →

Download Win10 iSO

MORE →

Default user for WSL OS on Windows 10

1. Open a command prompt or PowerShell. (You shouldn’t run as admin since this is based for the specific user). 2. Copy and paste the command below into the command prompt or PowerShell for the .exe file of the WSL distro name (ex: “Debian”) you want to set the default user for, and press Enter. (You can replace root with any user you’d like) [Ubuntu] > ubuntu config --default-user root
MORE →

Apple cash not verifying

So I finally switched to iPhone and ordered an Apple Credit Card (I love this thing). The cash back is put on you Apple Cash account, if your account can’t be verified than you don’t get the cash back. So I started the process of verifying my account. I put in my First Name, Last Name, Middle Name, and full address. Well they need you to use the address that’s on you’re license, makes sense, but I just moved so I used the incorrect one.
MORE →

Create cPanel WHM session from CLI

MORE →

Multi-Domain SSL Setup with “Subject Alternative Names”

Here’s how to create a cert/csr with more than one domain name. First you’ll want to create the directory. I use NGiNX so I like to put my certs in /etc/nginx/ssl, but you can put yours anywhere So now we will create the directory mkdir /etc/nginx/ssl/domainName Now we will cd into the directory cd /etc/nginx/ssl/domainName Now we will paste the following in the sslConfig.txt file. [req] default_bits = 4096 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C=US ST=YOURstateHERE L=YOURcityHERE O=YOURorgNAMEhere CN = YOURmainDOMAINhere [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.
MORE →

Equalize Pricing Tables Height with Divi

How to make the pricing table height the same. When using the pricing tables module you will see that the height of each table is going to rely on the content you put there, so if you have different content in each table, you will see something like this: This might be okay, but you may want to have those tables show with the same height. You can use the following CSS code:
MORE →

Skip/hide Windows update on Windows 10

MORE →

Printers not working after KB4557957 update

I noticed an issue where after updating Windows 10 2004 with KB4557957 some printers were no longer working. BetaNews did a good writeup HERE about the issue. Microsoft released a couple off-schedule patches to fix it. HERE is the BetaNews article about it. In short here are the links for the fix’s with the correct Windows 10 version. Windows 10, version 1909 (KB4567512) Windows 10, version 1903 (KB4567512) Windows 10, version 1809 (KB4567513)
MORE →

SuperMicro ipmitool shared/dedicated NIC change

Here is how to change the NIC for IPMI to be shared or dedicated. I know this works on SuperMicro I’m not sure about other vendors Make sure you have IPMI tool installed and you’re able to connect via ipmitool To Get Lan Mode ipmitool raw 0x30 0x70 0x0C 0x00 It will return a code, here are those and their meanings: 00 dedicated 01 shared 02 Failover Here is how you set the mode
MORE →

Expand PV to expanded disk

This will work if you made the PV your whole disk. If you want to do so with partition follow the link HERE. I use XCP-NG and when adding additional space to an existing disk I scan for the extra space using the command below and the extra space doesn’t appear. lvs So to get it to rescan the disk for the extra space you have to do the following command.
MORE →

Change username for cPanel user

Unfortunately it doesn’t appear cPanel allows you to easily change the username. Most documentation I’ve read says to use the “Rearrange an Account” option, but if you only have one disk that doesn’t seem to get you an option. The downside to this is that is doesn’t fully do a normal restore it will restore the new account to the new directory, but it will symlink the old username to the new directory.
MORE →

Acme.sh with NGiNX

First you have to install acme.sh. I like using acme.sh because it’s all bash based. As with all posts I take no responsibility for anything and this is more of a quick help instead of a full guide. I have a script that I use to deploy my WordPress sites. The only thing I recommend is if you use it make sure to add the xml-rpc.php block. I haven’t added that to it yet.
MORE →

Fix Domain Trust Issues

There error comes in many forms one of the forms are “The trust relationship between this workstation and the primary domain failed.” If you’re able to log into the machine as a local admin it’s easy, you just do the following. Use a local administrator account to log on to the computer. Select Start, press and hold (or right-click) Computer > Properties. Select Change settings next to the computer name. On the Computer Name tab, select Change.
MORE →

Auto Expand last partition using parted

I was having issues finding the correct way to add the remaining free space to the last partition (afraid to do so since it was on a live machine). I was finally able to figure it out. Use this to see free space parted /dev/sdX print free Then this to expand parted /dev/sdX (parted) resizepart Partition number? ENTER NUMBER FROM ABOVE THAT HAS THE LVM End? [1075MB]? 100% (parted) q Then now since this was on a server that uses LVM you have to resize the PV
MORE →

Xiaomi Aqara ZHA Home Assistant

This is how to use the Xiaomi Aqara Wireless Double Button without the Xiaomi Home Hub (A ZIGBEE STICK IS STILL REQUIRED) using ZHA in Home Assistant. Other devices just work without any hard to find IDs. ADD DEVICE TO ZHA Go to “Configuration” Then “ZHA” Hit “Add Devices” Hold down left switch while lights are blinking until the left light blinks and stops You can now name your button and hit the back button in the upper left hand corner
MORE →

Setup Unifi Controller on Debian10 /Buster

The script to do this for you can be found HERE If you want to run in a single line (not always a great idea if you don’t trust the source. Hopefully you trust me :-) curl -s https://leffler.tech/scripts/unifi-buster.sh | bash Manually below Link to original persons blog post The requirements of the Unifi Controller do not allow a direct installation. But with a few manual steps a successful setup is possible!
MORE →

Bypass PiHole DNS using PiHole DHCP

MORE →

SmartOS Tricks

MORE →

Empora Total power usage email report

MORE →

Calculate Emporia Energy usage in Bash

MORE →

SSH tunnel WSL1

MORE →

Windows Service CMD control

MORE →

Remote Control Terminal Session Windows Server

I just learned that you can remote control terminal sessions. They call it shadowing. I’ve only done it on Windows Server 2012 r2, but was super easy. You just need to open server manager, go to remote desktop services, then collections, then QuickSessionsCollections. Then you’ll see the connections in the upper right hand corner. Once you find the one you want you right click on the session and hit Shadow. By default this will ask the user to allow, if you want to override that and allows allow you can do the following group policy change.
MORE →

XCP-NG Quick Notes

I learned about XCP-NG not to log ago and love it. It’s great and easy to use. My only issue is I guess on newer versions of Windows 10/Server 2019 they were having freezing issues. I had the issue with Windows 10. I just went with Windows 7 VMs for what I needed until they get the problem worked out. XCP-NG works great with Linux. Here are some useful commands I’ve found.
MORE →

NextCloud with Apache behind NGINX reverse proxy on CentOS

This is probably useful to figure out how to reverse proxy Apache behind NGINX, but I was finally able to get NextCloud working on NGINX with no problem I like to use NGINX as my web server because that’s what I’ve always worked with. I’ve tried a couple times to get NGINX to work with NextCloud, but it would also end up not letting me log in. I did some Googleing and I guess it has something to do with how the cache is handled in NGINX.
MORE →

Find average size of directories

MORE →

Supermicro X9 Hangs on Windows 10 reboot

This data has been copied from HERE Please follow the steps below: Turn off the system completely, and turn it back on, you should be able to get back into the OS. 2)Download the following driver and extract it: https://downloadcenter.intel.com/download/22655/Intel-Chipset-Device-Software-for-HECI or my link here, this may not be the newest intel_chipset_SPS_MEI_NULL_v1.2.3.2003 Open up Device Manager View » Show hidden devices In the main window, expand System devices and look the device written exactly as “Intel(R) Management Engine Interface”
MORE →

Static IP KVM Guest

Copied from Here If you don’t want to do any configuration inside the guest, then the only option is a DHCP server that hands out static IP addresses. If you use bridge mode, that will probably be some external DHCP server. Consult its manual to find out how to serve static leases. But at least in forward modes nat or route, you could use libvirt’s built-in dnsmasqd (More recent versions of libvirtd support the dnsmasq’s “dhcp-hostsfile” option).
MORE →

Cert Roadmap

MORE →

Linux not auto mounting NFS at boot up

MORE →

MySQL/MariaDB Not Securing

mysql_secure_installation doesn’t seem to work on the newest Debain After some googling I think I found what works for me. Delete anon user DELETE FROM mysql.user WHERE User=’'; delete non local root user DELETE FROM mysql.user WHERE User=‘root’ AND Host NOT IN (’localhost’, ‘127.0.0.1’, ‘::1’); drop test database DROP DATABASE IF EXISTS test; drop all other root users drop user ‘root’@’localhost’; drop user ‘root’@‘127.0.0.1’; drop user ‘root’@’::1’; create a new root user with password
MORE →

USB Panic Button – Windows 10 compatible

MORE →

Basic Linux commands

MORE →

Screenly

MORE →

Disable SuperMicro IPMI ADMIN user

Disable ADMIN user Before doing this bit you may wish to check that the new user you added works for everything you need it to. Those things might include: ssh to [email protected] Log in on web interface at https://192.168.1.22/ Various ipmitool commands like querying power status:$ ipmitool -I lanplus -H 192.168.1.22 -U somename -a power status Password: Chassis power is on If all of that is okay then you can disable ADMIN:
MORE →

Voice VLAN non-Cisco Phone

This is not my article I copy and pasted if from the below. The only reason it’s on here is because it took me a while to find so I figured I would put it here since it’s useful to me. Enable voice VLAN on Cisco switches for non-Cisco phones by lunarg on February 20th 2017, at 14:53 When provisioning non-Cisco phones on a Cisco-switched network, you may notice that the configured voice VLAN is not correctly provisioned to the phone.
MORE →

roku no cc info

MORE →

CloudFlare with nginx and plex

Add the following to the http in /etc/nginx/nginx.conf. This tells nginx where the actually IP is coming from instead of showing as cloudflare. # CF set real ip set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12; set_real_ip_from 108.162.192.0/18; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 2400:cb00::/32; set_real_ip_from 2606:4700::/32; set_real_ip_from 2803:f800::/32; set_real_ip_from 2405:b500::/32; set_real_ip_from 2405:8100::/32; set_real_ip_from 2c0f:f248::/32; set_real_ip_from 2a06:98c0::/29; # use any of the following two real_ip_header CF-Connecting-IP; #real_ip_header X-Forwarded-For; This is the reverse proxy file /etc/nginx/sites-available/plex.
MORE →

Disable Password Expiration CMD

MORE →

Install FusionIO ioDrive2 on Debian

If using Debian 10 you’ll have to use the github VSL. I just started using it, I will update if there’s issues. HERE’S the link. Now we need to make the module be loaded. mkdir /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem cd root/usr/src/iomemory-vsl-3.2.16 cp iomemory-vsl.ko /lib/modules/4.19.0-10-amd64/kernel/drivers/iomem Now we need to add it to be loaded on bootup nano /etc/modules Paste iomemory_vsl into the /etc/modules file. `` First go to LINK and download the needed items I also have a copy that I downloaded HERE.
MORE →

create user in windows cmd

MORE →

Allow non-cisco SFP in switch

MORE →

Replace folder paths in sqlite for Sonarr

I can’t get the mass editor to work with sonarr v3. I did some googling and found a way to edit the paths at the database level. I’m not sure how safe this is so I backed up my db before I did it. UPDATE Series SET Path = REPLACE(Path, 'old_path', 'new_path') WHERE Path like '%old_path%'; This is not perfect. I did mess up a couple paths so I had to manually edit them.
MORE →

Add user as admin cmd

MORE →

How to enable vlans on Debian 9

I just did this on Debian 9, it might work on older versions and more than likely Ubuntu Do everything as root: sudo su - Install vlan package: apt-get install vlan Load 8021q module: modprobe 8021q Add 8021q module at bootup: echo 8021q | sudo tee -a /etc/modules Make sure it is in the file: cat /etc/modules Now we need to edit the interfaces file: nano /etc/network/interfaces There will probably be something like below
MORE →

Enable RDP from CMD

MORE →

Reset Local User Password CMD

MORE →

Convert autocomplete.dat to nk2

For some reason I couldn’t get the normal move autocomplete.dat files to appdata and rename to work. I found this workaround. There might be an easier way, but this is the way that I was able to get it to work Download nk2edit Open the stream autocomplete files in nk2Edit %LocalAppData%\Microsoft\Outlook\RoamCache\stream_Autocomplete_* Select all with ctrl+A the right click on any of them and hit “Copy with tab delimit” Open a new excel or calc workbook and paste the previous data into it Then you delete the first column.
MORE →

Update Plex Media Server and keep custom data location

MORE →

Bash redirections

This data is pulled from Link. Overview: || visible in terminal || visible in file || existing Syntax || StdOut | StdErr || StdOut | StdErr || file ==========++==========+==========++==========+==========++=========== > || no | yes || yes | no || overwrite >> || no | yes || yes | no || append || | || | || 2> || yes | no || no | yes || overwrite 2>> || yes | no || no | yes || append || | || | || &> || no | no || yes | yes || overwrite &>> || no | no || yes | yes || append || | || | || | tee || yes | yes || yes | no || overwrite | tee -a || yes | yes || yes | no || append || | || | || n.
MORE →

Whitelist user/pc in barracuda

To whitelist PC in barracuda you have to create a JP Subnets/Groups. To do this you have to go to USERS/GROUPS > IP Subnets/Groups and create a Group Membership by IP. You put in the address and the netmask for a single address is 255.255.255.255. IKt wouldn’t hurt to put in the name of who this is for. Once you have that configured go to BLOCK/ACCEPT > Exceptions. Action: Allow Applies to: IP Group.
MORE →

UEFI CloneZilla

When cloning using clonezilla I notice sometimes if the PC was using UEFI it wouldn’t clone. After some googleing I was able to find a post that mentioned you had to manually copy over the bootloader. It is very simple to do. Once booted into CloneZilla you enter shell instead of the normal start. Once in the shell you’re going to become root. sudo su. Once you’re root you going to type the following command.
MORE →

Add Windows Server 2016 Core to Existing domain

First we need to configure static IP address This can be done by typing the below Enter Powershell powershell.exe Change computer name Rename-Computer -NewName "NewName" Reboot shutdown -s -t 0 log back in and go to power shell powershell.exe Find interface index Get-NetAdapter Set IP Address New-NetIPAddress –InterfaceIndex 2 –IPAddress 192.168.1.16 -PrefixLength 24 -DefaultGateway 192.168.1.1 Set DNS address Set-DnsClientServerAddress -InterfaceIndex 2 -ServerAddresses 127.0.0.1 Now it’s time for the “FUN” part. Now I realize why I don’t like core server.
MORE →

How to use SSH keys

create public and private keys. You can just hit enter or change the options. ssh-keygen -t rsa Now we need to copy our public key to the servers authorized keys cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys" Now once you’ve completed teh above you should just be able to ssh to the remote host. If you want to be able to ssh as root.
MORE →

Add Linux Mint to Active Diretory

First we are going to become root sudo su Next we are going to join the realm. This should installed everything needed after you run the command below realm join domain.com --user domainadmin Permit all users to log in. realm permit --all Add user group as root nano /etc/sudoers Paste into above file %[email protected] ALL=(ALL:ALL) ALL Allow sssd to create user directory nano /etc/pam.d/common-session Paste into above file session optional pam_mkhomedir.
MORE →

Cisco Cheat Sheet

Enter enable mode: en Enter Global Config (use this mode for 99% of the configuration, must be in enable mode): conf t Set port back to default default int G0/4 Encrypts all passwords on the device: service password-encryption Configure enable password (or secret in this case): enable secret ________ Create user with highest privilege: username _____ priv 15 password ______ Generate RSA key for SSH (needed if you plan to use SSH):
MORE →

Useful Scripts

for f in *; do cd $f; mv * ..; cd ..; rmdir $f; done find . -type f ! -iname "*.mp4" ! -iname "*.jpg" ! -iname "*.wmv" ! -iname "*.mkv" ! -iname "*.mpg" ! -iname "*.avi" ! -iname "*.m4v" sed 's#^#what to add to begging of line#' oldfile > newfile sed 's#$#text to add to end of line#' oldfile > newfile mkvmerge -o <output>.mkv –default-track 0 –language 0:eng <subtitles>.srt input find .
MORE →

Docker and IP-Tables

Over the weekend I got attacked. I realized the cause of this was because I rebooted my server and the docker IPTables rules overwrote the IPTables-Persistent rules I had. After realizing this was the case I uninstalled docker since I wasn’t using it and while I was making firewall changes I set up ipset to block most foreign countries. I also removed IPTables-Persistent and instead just added the post up to the /etc/network/interfacespost-up ipset restore < /etc/iptables/ipset.
MORE →

Install KodExplorer

How I installed KodExplorer. This is running on Debian 8.1. Things might be different on whatever OS/Version you’re running. I am by no means a pro. This is pieced together from everything I’ve learned. You first have to install nginx and php apt install ngnix php5-fpm git if it’s a newer version of debian or ubuntu you might have to run apt install php7-fpm mkdir -p /etc/nginx/ssl/site.com cd /etc/nginx/ssl/site.com Fill out the info the next step asks.
MORE →

Make nginx return 403 error when accessing non defined sites or direct IP

I was running into an issue where when people would go to the IP of my server or a domain was pointed at my server and the domain wasn’t configured in NGINX it would for some reason redirect to one of my domains when I didn’t want it to. Below is the config block that I added to a file. This make NGINX return a 403 error when accessing the server via IP or an reconfigured domain.
MORE →

pfSense/VMWare/Cisco 3560/Server 2016

Over the past couple days I’ve been trying to get a Cisco 3560 with VLANs to work. Finally I was able to get it working. This is my first blog post FYI it’s not the most detailed. It’s just info on what I’ve learned. This is not the best post to read if you have no technical knowledge. If you have some you should be able to work your way thru my horrible instructions.
MORE →

Comments: