jochum
/
homepage
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

First commit.

Browse Source
master
René Jochum 9 years ago
commit bc224833b2
41 changed files with 2502 additions and 0 deletions
Show Stats Download Patch File Download Diff File

6
.gitmodules vendored
Unescape Escape View File

@ -0,0 +1,6 @@
[submodule "vendor/lightslider"]
path = vendor/lightslider
url = https://github.com/sachinchoolur/lightslider.git
[submodule "vendor/lightGallery"]
path = vendor/lightGallery
url = https://github.com/sachinchoolur/lightGallery.git

3
build_and_run.sh
Unescape Escape View File

@ -0,0 +1,3 @@
#!/bin/sh
go get github.com/spf13/hugo
$GOPATH/bin/hugo server --bind="::1" -w -D -v -t persona

60
config.yaml
Unescape Escape View File

@ -0,0 +1,60 @@
baseurl: "http://hugo.pc-dummy.net"
copyright: "This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0)."
languageCode: en-us
MetaDataFormat: yaml
contentdir: content
datadir: data
publishdir: public
canonifyurls: true
PostFormat: true
blackfriday:
Fractions: false
Extensions:
- noEmptyLineBeforeBlock
- hardLineBreak
title: Rene´s blog
author:
name: Rene´ Jochum
permalinks:
post: /:year/:month/:day/:filename/
paginate: 10
paginatepath: page
indexes:
category: categories
tag: tags
params:
ShowTopProfile: true
ShowTopSocial: false
# Settings
DateFormat: 2. Jan 2006
edit_link_url: https://github.com/pcdummy/pc-dummy.net/blob/master/content/
description: "Blogging about Programming, Security, Linux, Networking and Web Apps."
logo: "/static/author/pcdummy_240x240.png"
Social:
bitbucket: "pcdummy"
# gitlab: pcdummy
github: pcdummy
# flickr: "pcdummy"
# twitter: "pcdummy"
# facebook: "pcdummy"
linkedin: pcdummy
email: rene@jochums.at
skype: pc-dummy
Authors:
default: pcdummy
pcdummy:
Name: "Rene´ Jochum"
Link: "/author/pcdummy/"
Avatar: "/static/author/pcdummy_240x240.png"
ShortBio: "Is an <a href=\"https://www.gnu.org/philosophy/free-sw\" target=\"_blank\">FOSS</a> enthusiast who has been programming since he was 12, currently he loves to develop in <a href=\"https://www.python.org/\" target=\"_blank\">Python</a> and <a href=\"http://golang.org/\" target=\"_blank\">Go</a>."

7
content/author/pcdummy.md
Unescape Escape View File

@ -0,0 +1,7 @@
---
date: 2014-04-12T00:00:00+01:00
title: Rene´ Jochum
---
{{% img src="/static/author/pcdummy_240x240.png" %}}

20
content/post/afrika-und-die-it.md
Unescape Escape View File

@ -0,0 +1,20 @@
---
date: 2014-04-12T00:00:00+01:00
title: Afrika und die IT (german)
author: pcdummy
---
Auf der suche nach Afrika Projekten bin ich auf folgende Webseiten gesto&szlig;en:
#### Computer Projekte:
1. [Linux4Afrika.de](http://www.linux4afrika.de/ "Linux4Afrika") - Sammeln Computer in Deutschland, installieren darauf Linux (ThinClients + Server basierend)
2. [linuxola.org](http://www.linuxola.org/) - Das selbe in der Schweiz
3. [cihub.net](http://www.cihub.net/) - bittet einheimischen / Startups die R&auml;umlichkeiten und Beratungsleistungen
#### Hilfsprojekte:
1. [Smile4](http://www.smile4.at) - Naturschutz, Medzinische Hilfe und Waisenhilfe in Madagaskar.
2. [Eineweltgruppe](http://www.eineweltgruppe.at) - Hilfe zur selbsthilfe in Tansania.
3. [ADRA](http://www.adra.org) - Weltweite Hilfsprojekte aller art (ein Projekt der Adventistischen Glaubensgemeinschaft).<!--more-->

32
content/post/emulate-a-hetzner-root-with-mininet.md
Unescape Escape View File

@ -0,0 +1,32 @@
---
date: 2014-12-14T00:00:00+01:00
description: Emulate a Hetzner root with mininet.
tags:
- hetzner
- mininet
title: Emulate a Hetzner root with mininet
topics:
- Development
- golang
---
I manage some root server from friends at Hetzner, as Hetzner has a &quot;special&quot; setup by blocking unknown Mac Addresses at theier switches, its not that easy to configure that.
The last days i played around with [OpenVSwitch](http://openvswitch.org/ "OpenVSwitch") (A Virtual Switch, featuring VLAN&#39;s, OpenFlow, Switch To Switch Tunnels).<!--more-->
OpenVSwitch would allow me to add features like **Firewall as a Service** or **IDS as a Service** and it also allows me to **link multiple Servers** together.
BUT these servers are all in production, i can&#39;t play on them, this is where [Mininet](http://mininet.org/ "Mininet") comes in use, it allows me to emulate a full network on a single VM, without touching these root Servers.
Have a look at this [Script](https://gist.github.com/pcdummy/9b9d1589289b649d8207 "hetzner.py") if you also need a lab to test your Hetzner Networking.
Setup from start:
1. At first get and install a [Mininet Download and Guide](http://mininet.org/download/ "Mininet Download and Guide") also see this [Guide](http://www.brianlinkletter.com/set-up-mininet/ "Mininet Setup guide by Brian Kletter")
2. Learn howto use Mininet [Sample Workflow.](http://mininet.org/sample-workflow/ "Mininet Sample Workflow")
3. Edit the Script parameters in &quot;[root_network](https://gist.github.com/pcdummy/9b9d1589289b649d8207#file-hetzner-py-L257 "Script root_network")&quot; (get the gw mac with `$ arp -n` on your root.
4. Next copy the [Script](https://gist.github.com/pcdummy/9b9d1589289b649d8207 "Script") to your VM: `$ scp hetzner.py mininet@<vm-ip>:/home/mininet/` (you might want to use sshfs).
5. Run hetzner.py as root `$ sudo ./hetzner.py`
6. Play arround with it: `h1 ping gw`
Have fun and please tell me when you found bugs or you have improvement ideas.

26
content/post/encrypt-your-dropbox-or-parts-of-it-with-encfs.md
Unescape Escape View File

@ -0,0 +1,26 @@
---
date: 2014-12-15T00:00:00+01:00
title: Encrypt your Dropbox (or parts of it) on Linux
author: pcdummy
---
#### UPDATE: EncFS is considered to be insecure (see this [Audit](https://defuse.ca/audits/encfs.htm)), i will use eCryptFS instead, see this [manual](https://help.ubuntu.com/community/EncryptedPrivateDirectory). If you still want to use EncFS use [gnome-encfs-manager](http://www.libertyzero.com/GEncfsM/) instead of gnome-encfs below.
I have some sensetive Data on my Laptop i want to sync with other Computers i own, found this [Howto](http://www.makeuseof.com/tag/encrypt-dropbox-data-encfs-linux/ "How To Encrypt Your Dropbox Data With ENCFS [Linux] ") on howto do that. Theres also a Windows &quot;port&quot; of encfs - [safe](http://www.getsafe.org/about "Safe"), didn&#39;t test it tough.<!--more-->
#### This is what i did (on Linux Mint 17 64bit):
<pre><code class="bash">
sudo apt-get install encfs
cd ~/Downloads
wget https://bitbucket.org/obensonne/gnome-encfs/raw/tip/gnome-encfs
mv ~/exchange ~/exchange2
sudo install gnome-encfs /usr/local/bin/
mkdir ~/Dropbox/.encrypted_exchange ~/exchange
encfs ~/Dropbox/.encrypted_exchange ~/exchange/ # answered &quot;p for paranoia mode
gnome-encfs -a ~/Dropbox/.encrypted_exchange/ ~/exchange # enter, then password, then Y
cat /etc/mtab | grep encfs # Should give one line with /home/your_username/exchange
cd ~/exchange &amp;&amp; rsync -avP ~/exchang2/* .
du -sh ~/exchange ~/Dropbox/.encrypted_exchange ~/exchange2 # All 3 folders should be a the same size
# rm -r ~/exchange2 # Do this only if you have a backup!</code></pre>

46
content/post/first-hugo.md
Unescape Escape View File

@ -0,0 +1,46 @@
---
date: 2015-02-08T13:00:00+01:00
title: First hugo post
author: pcdummy
---
Today i moved my wordpress blog to hugo, it will allow me to **post faster** use **less resources** and i can **share** my content **on [github](https://github.com/pcdummy/pc-dummy.net)**.
I've been using Markdown a lot recently to document my own stuff,
now i'm able to just copy it to my blog and publish it.
<!--more-->[Hugo](gohugo.io/) is a open source tool written by [@spf13](https://github.com/spf13) in [go](http://golang.org/) that converts [Markdown](https://en.wikipedia.org/wiki/Markdown) documents into static pages or serves them as server.
#### Tools i've been using while converting:
- [Ubuntu GNU/Linux MATE](https://ubuntu-mate.org/) - The [MATE](http://mate-desktop.org/) flavor of Ubuntu GNU/Linux.
- [Atom.io](https://atom.io/) - I use Atom since some weeks, it has been a nice replacement for the shareware and closed source [Sublime](http://www.sublimetext.com/).
- [To-Markdown](https://domchristie.github.io/to-markdown/) - A useful HTML-to-Markdown converter, which I've been using while switching to Hugo.
- [gohugo.io source](https://github.com/spf13/hugo/tree/master/docs/) - gohugo.io runs trough Hugo and its source helped me alot to build this blog.
- On-liner to test trough all themes, **run in your sites root**:
<pre><code class="bash">
for i in $(find themes/ -maxdepth 2 -iname 'theme.toml'); do \
echo -e "\nCurrent Theme: $(expr match "$i" 'themes\/\(.*\)\/theme.toml')\n"; \
hugo server --buildDrafts --watch \
--theme=$(expr match "$i" 'themes\/\(.*\)\/theme.toml'); \
done</code></pre>
#### This blog uses:
- [Ubuntu GNU/Linux Server](http://www.ubuntu.com/download/server) - Yes its a download link for a fully featured Server OS.
- [Nginx](https://en.wikipedia.org/wiki/Nginx) - A lightweight, fast and stable web server from [Igor Sysoev](https://en.wikipedia.org/wiki/Igor_Sysoev).
- Of course [Hugo](gohugo.io/) i also have a live preview of my whole site with it.
- [Purehugo theme](https://github.com/dplesca/purehugo) - A little modified.
- Client Side [Syntax highlighting](http://gohugo.io/extras/highlighting/) with [hightlight.js](https://highlightjs.org/)
- [Atom.io](https://atom.io/) - To create the pages/entries

1032
content/post/install-ubuntu-trusty.md
View File

File diff suppressed because it is too large Load Diff

490
content/post/install-ubuntu-vivid.md
Unescape Escape View File

@ -0,0 +1,490 @@
---
date: 2015-06-10T13:00:00+01:00
title: My installation of Ubuntu Mate 15.04 (Vivid)
author: pcdummy
tags:
- Ubuntu
- My Installation
- Crypto root
- BTRFS
- lxc
---
This is my own documentation of my installation, i assume you have installed
[Ubuntu Mate 14.10](/2015/04/05/install-ubuntu-trusty/) before.
**Grub** + **cryptoroot** + **BTRFS** works a lot better with **Vivid**, yeah!
#### Features
* Latest Ubuntu Mate
* Encrypted disk
* BTRFS root, home and stuff i keep between sys updates.<!--more-->
#### Install Linux from a livecd
* Start from the livecd
* Go to Control Center->Hardware->Keyboard and set the keyboard to german nodeadkeys
* connect to the internet
#### Get root and install BTRFS Tools
sudo -s -H
apt-get -y install btrfs-tools
#### Decrypt the root
cryptsetup --allow-discards luksOpen /dev/sda2 root
#### Create the root subvolume
mkdir /mnt/btrfs
mount -o subvolid=0,compress=lzo,recovery,noatime /dev/mapper/root /mnt/btrfs
btrfs subvolume create /mnt/btrfs/\@ubuntu_15.04
#### Mount the new Subvolume to /target
mkdir /target
mount -o subvol=@ubuntu_15.04,compress=lzo,recovery,noatime /dev/mapper/root /target
mkdir -p /target/var/lib/lxc
mkdir -p /target/opt/mono
mkdir -p /target/mnt/btrfs
#### Rsync /rofs to /target
rsync -avP /rofs /target
#### Copy stuff from 14.10 to 15.04
cp /etc/mtab /target/etc/
export from='/mnt/btrfs/@ubuntu_14.10'
cp -a $from/etc/hosts /target/etc/
cp -a $from/etc/hostname /target/etc/
cp -a $from/etc/sysctl.conf /target/etc/
cp -a $from/etc/sudoers /target/etc/
cp -a $from/etc/crypttab /target/etc/
cp -a $from/etc/fstab /target/etc/
sed -i -e's/@ubuntu_14.10/@ubuntu_15.04/' /target/etc/fstab
cp -a $from/etc/data_luks.key /target/etc/
cp -a $from/etc/initramfs-tools/modules /target/etc/initramfs-tools
cp -a $from/etc/NetworkManager/system-connections/* /etc/NetworkManager/system-connections/
cp -pfra $from/etc/NetworkManager/dnsmasq.d/* /target/etc/NetworkManager/dnsmasq.d/
cp -a $from/etc/samba/smb.conf /target/etc/samba/
rsync -avP $from/etc/libvirt/ /target/etc/libvirt/
#### Chroot to /target
mount -o bind,rw /dev /target/dev
mount -o bind,rw /proc /target/proc
mount -o bind,rw /sys /target/sys
mount -o bind,rw /dev/pts /target/dev/pts
mount -o bind,rw /run /target/run
chroot /target /bin/bash
export TARGET_USERNAME=$SUDO_USER
rm -f /usr/lib/locale/locale-archive
locale-gen de_AT.UTF-8 en_US.UTF-8 de_AT en_US
update-locale LANG=de_AT.UTF-8
export LANG=de_AT.UTF-8
dpkg-reconfigure keyboard-configuration
dpkg-reconfigure tzdata
#### Make sure dhclient never updates resolv.conf
See: http://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/
cat <<EOF > /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
#!/bin/sh
make_resolv_conf(){
:
}
EOF
cat /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate # check
#### Create your user
export TARGET_USERNAME="pcdummy"
adduser --no-create-home ${TARGET_USERNAME}
usermod -a --groups=sudo,cdrom,floppy,audio,dip,video,plugdev ${TARGET_USERNAME}
passwd -l root
usermod -a -G fuse ${TARGET_USERNAME}
#### Update the fresh install (still in chroot)
sed -i -e's/archive.ubuntu/ch.archive.ubuntu/g' /etc/apt/sources.list
apt-get update && apt-get -yy dist-upgrade
#### Update grub.
cat <<'EOF' > /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 kopt=root=/dev/mapper/root quiet splash"
#GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root"
GRUB_ENABLE_CRYPTODISK=y
GRUB_PRELOAD_MODULES="luks cryptodisk gcry_rijndael gcry_sha1"
EOF'
update-grub
#### My favorite console text editor and aptitude.
apt-get -yy install vim vim-scripts aptitude
update-alternatives --set editor /usr/bin/vim.basic
#### Remove live installer
apt-get -yy purge casper ubiquity && apt-get -yy autoremove
#### German Language packs and suggestions
apt-get -yy install firefox-locale-de libreoffice-l10n-de thunderbird-locale-de hyphen-de libreoffice-help-de mythes-de thunderbird-gnome-support ttf-lyx myspell-de-at
#### Nvidia driver.
apt-get update
apt-get -yy install nvidia-settings nvidia-current
nvidia-xconfig --no-logo
#### Install usefull stuff.
Speed :)
sudo apt-get -y install readahead-fedora preload nscd
#### Reboot
reboot
#### Gnome-encfs-manager
sudo add-apt-repository -y ppa:gencfsm/ppa
sudo apt-get update
sudo apt-get -y install gnome-encfs-manager
#### [Atom](https://atom.io/) text editor
[He](http://www.atomtips.com/atom-editor-vs-sublime-text/) explains my reasons to switch to Atom from Sublime quiet good
sudo add-apt-repository -y ppa:webupd8team/atom
sudo apt-get update
sudo apt-get -y install atom nodejs git
#### Geany text editor
sudo aptitude install 'geany-plugins' geany-plugin-py geany-plugin-treebrowser geany-plugin-vc
#### Evernote on Linux
funktioniert nicht
. sudo add-apt-repository -y ppa:vincent-c/nevernote
. sudo apt-get update
. sudo apt-get -y install nixnote
#### Virtual development environment
sudo add-apt-repository -y ppa:jacob/virtualisation
sudo add-apt-repository -y ppa:ubuntu-lxc/lxc-stable
sudo apt-get -y install libvirt-bin virt-manager qemu qemu-kvm qemu-system spice-client python-spice-client-gtk bridge-utils ebtables virt-top
sudo apt-get -y install lxc cgmanager uidmap lxc-templates
sudo apt-get -y install system-config-samba # To setup sharing's for windows guests.
sudo usermod -a -G libvirtd $SUDO_USER
#### Playing with OpenVSwitch
sudo apt-get -y install openvswitch-switch ethtool
#### Git repository viewer
sudo apt-get -y install git-cola fldiff
#### KeePass 2: Password manager
sudo add-apt-repository -y ppa:dlech/keepass2-plugins
sudo apt-get update
sudo apt-get -y install keepass2 mono-dmcs mono-complete libmono-system-management4.0-cil keepass2-plugin-rpc xul-ext-keefox xul-ext-keebird keepass2-plugin-keepasshttp
#### Go Development with [gvm](https://github.com/moovweb/gvm)
install deps:
sudo apt-get install curl git mercurial make binutils bison gcc build-essential
#### Python Development with [PyEnv](https://github.com/yyuu/pyenv-installer)
Nice howto on that from [davebehnke.com](http://davebehnke.com/python-pyenv-ubuntu.html)
sudo apt-get -y install python3-pip python3-dev python3-wheel python-tox python3-nose python3-coverage make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm
sudo add-apt-repository -y ppa:ytvwld/syncthing
sudo add-apt-repository -y ppa:nilarimogard/webupd8
sudo apt-get update
sudo apt-get -y install syncthing syncthing-gtk
#### Quassel IRC Client (git/development version!). I have a quassel-core (means server) somewhere in the wild.
sudo add-apt-repository -y ppa:mamarley/quassel-git
sudo apt-get update
sudo apt-get -y install quassel-client
#### Skype
sudo dpkg --add-architecture i386
sudo apt-get update
wget -O skype-install.deb http://www.skype.com/go/getskype-linux-deb
sudo dpkg -i skype-install.deb; sudo apt-get -f install
rm -f skype-install.deb
#### Remote desktop (RDP+VNC) clients/managers - i use gnome-rdp and remmina (slowly switching over to remmina).
sudo apt-get -y install gnome-rdp remmina-plugin-rdp remmina-plugin-vnc libfreerdp-plugins-standard rdesktop xtightvncviewer
#### OpenVPN client
sudo apt-get -y install network-manager-openvpn-gnome
#### IPSec client
sudo apt-get -y install network-manager-vpnc-gnome
#### Tranmission Remote (for my apu1d4 :) )
sudo apt-get -y install transmission-remote-gtk
#### PHP Dev
sudo apt-get -y install php5-cli php5-pear php-dev php-apc
#### Java Web start (for Cisco ASDM)
sudo apt-get -y install icedtea-7-plugin
#### Citrix Receiver
Goto https://receiver.citrix.com and download the .deb version
pushd .
cd Downloads
sudo dpkg -i icaclient_13.1.0.285639_amd64.deb; sudo apt-get install -f
popd
#### Audiograbber on Linux
sudo apt-get -y install install sound-juicer
#### Audio file tag editor
sudo apt-get -y install puddletag
#### Softether VPN
sudo add-apt-repository -y ppa:paskal-07/softethervpn
sudo sed -i -e's|vivid|trusty|g' /etc/apt/sources.list.d/paskal-07-ubuntu-softethervpn-vivid.list
sudo apt-get update
sudo apt-get -y install softether-vpnclient
sudo vpnclient start
Create a VPN connection:
pcdummy@ThinkPad-T410:~$ vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.17 Build 9562 (English)
Compiled 2015/05/30 17:41:38 by yagi at pc30
Copyright (c) SoftEther VPN Project. All Rights Reserved.
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 2
Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:
Connected to VPN Client "localhost".
VPN Client>AccountCreate
AccountCreate command - Create New VPN Connection Setting
Name of VPN Connection Setting: pcdummy.lan
Destination VPN Server Host Name and Port Number: apu1d4.home.pc-dummy.net:8888
Destination Virtual Hub Name: vpn.pcdummy.lan
Connecting User Name: jochumr
Used Virtual Network Adapter Name: 0
The command completed successfully.
Create a Password:
VPN Client>Accountpasswordset
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Name of VPN Connection Setting: pcdummy.lan
Please enter the password. To cancel press the Ctrl+D key.
Password: ********************
Confirm input: ********************
Specify standard or radius: standard
The command completed successfully.
Connect the newly created "Account":
AccountConnect pcdummy.lan
#### Wine with 32bit default
sudo apt-get -y install wine1.7 wine-gecko:i386 wine-mono:i386
# Set wine to 32bit by default
cat <<EOF >> ~/.profile
# Set wine to 32bit
WINEARCH=win32
WINEPREFIX=$HOME/.wine32
EOF
source $HOME/.profile
#### Filezilla
sudo apt-get -y install filezilla
#### Google Chrome OpenSource - Chromium
sudo apt-get -y install chromium-browser chromium-browser-l10n
#### Google Chrome
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
sudo apt-get update
sudo apt-get -y install google-chrome-stable
#### Salt client
sudo add-apt-repository -y ppa:saltstack/salt
sudo apt-get update
sudo apt-get -qy install salt-minion
#### Misc
sudo apt-get -y install sshfs unrar screen pwgen whois
#### LXC (Linux Container)
sudo add-apt-repository -y ppa:ubuntu-lxc/stable
sudo apt-get update
sudo apt-get -y install lxc lxctl cgmanager uidmap
Default NAT Bridge:
sudo sh -c 'cat <<EOF > /etc/default/lxc-net
USE_LXC_BRIDGE="true"
LXC_BRIDGE="mlabnatbr0"
LXC_ADDR="10.167.161.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.167.161.0/24"
LXC_DHCP_RANGE="10.167.161.100,10.167.161.254"
LXC_DHCP_MAX="153"
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
LXC_DOMAIN="mlabnat.pcdummy.lan"
EOF'
By default other lxc hosts will go over my NAT interface:
sudo sed -i -e's|lxc.network.link = lxcbr0|lxc.network.link = mlabnatbr0|' /etc/lxc/default.conf
Make `mlabnatbr0` the default for lxc:
sudo sh -c 'cat <<EOF > /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = mlabnatbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
EOF'
Install and configure radvd and dnsmasq for lxc `mlabnatbr0`:
sudo apt-get -y install radvd
sudo sh -c 'cat <<EOF > /etc/radvd.conf
interface mlabnatbr0
{
# Advertise
AdvSendAdvert on;
# Maximum time between RAs
MaxRtrAdvInterval 60;
AdvManagedFlag on;
prefix fd57:c87d:f1ee:ee01::1/64
{
# We are the only router. If we shut down, nobody else can route
# this prefix -- tell clients about this.
DeprecatePrefix on;
};
};
EOF'
sudo sh -c 'cat <<EOF > /etc/lxc/dnsmasq.conf
dhcp-range=::add:0:0:100,::add:0:0:1e3, constructor:mlabnatbr0, 12h
dhcp-option=option:all-subnets-local,1
dhcp-option=option6:dns-server,[::]
dhcp-option=option6:ntp-server,[::]
dhcp-option=option:domain-search,mlabnat.pcdummy.lan
EOF'
Create the lxd user and give him some permissions:
sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd # /bin/bash so i can "ssh lxd@localhost"
sudo usermod -a -G lxd pcdummy
# Give lxd 99 uid/gid ranges to map.
for i in {1..99}; do
sudo usermod --add-subuids ${i}00000-${i}65536 lxd
sudo usermod --add-subgids ${i}00000-${i}65536 lxd
done # This takes a while
sudo mkdir /var/lib/lxd
sudo chown lxd:lxd /var/lib/lxd
sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/
sudo sudo -H -u lxd sh -c 'cat <<EOF > /var/lib/lxd/.config/lxc/default.conf
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65537
lxc.id_map = g 0 100000 65537
EOF'
Allow userspace containers to use the network interfaces:
echo 'lxd veth mlabnatbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null
echo 'lxd veth mlabbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null
Restart lxc and lxc-net
sudo service lxc stop
sudo service lxc-net restart
sudo service lxc start
For "ssh lxd@localhost"
sudo apt-get -y install openssh-server
sudo mkdir /var/lib/lxd/.ssh/
sudo cp $HOME/.ssh/workkey.pub /var/lib/lxd/.ssh/authorized_keys
sudo chown -R lxd:lxd /var/lib/lxd/.ssh/

10
content/post/linux-Gnome-and-android-phones.md
Unescape Escape View File

@ -0,0 +1,10 @@
---
date: 2013-02-10T00:00:00+01:00
title: Linux (Gnome) and Android Phones
author: pcdummy
---
Ever wondered Howto Sync your Android 4 ICS Phone with Linux?
[Here](http://linuxundich.de/de/ubuntu/gvfs-update-ermoglicht-unter-ubuntulinux-endlich-den-bequemen-zugriff-auf-android-gerate-via-mtp/) is the solution in german.<!--more-->

85
content/post/nginx-wordpress-ithemes-rules.md
Unescape Escape View File

@ -0,0 +1,85 @@
---
date: 2014-12-15T00:00:00+01:00
title: Froxlor + Nginx + WordPress iThemes Rules
author: pcdummy
---
A short howto on setting up Wordpress iThemes Security with Froxlor and nginx.
<!--more-->Assuming you have this directory layout:
/var/customers/webs/[customer-name]/[domain-name]/htdocs
This is what i did to make it work on my froxlor installation:
1. Login to Froxlor as Administrator
2. Impersonate your wordpress customer by clicking on Customers -&gt; [his username]
3. As Customer click on Domain -&gt; Settings -&gt; [the small edit pensil to edit this domain]
4. Change &quot;Openbasedir-Path&quot; to &quot;Homefolder&quot; - this will **allow** PHP to **access** all files **from this customer**!
5. Wait for the froxlor crontask or run it manually
6. Login to your wordpress backend.
7. Goto Security-&gt;Settings and search for nginx, change the nginx config path to &quot;/var/customers/webs**/[customer-name]**/**[domain-name]**/nginx.conf&quot; and save, it should give a message about a sucessfull write of the nginx.conf!
8. Go back to the Froxlor Administrator Panel
9. Go to Domains -&gt; [small edit pensil to edit your customers domain]
10. Insert &quot;include /var/customers/webs/[customer-name]/[domain-name]/nginx.conf;&quot; to his &quot;Own vHost-Settings&quot;
11. Wait for the froxlor contask again.
12. Voila, now you have improved yours/your customers wordpress installation even more.
### Deprecated Method:
Took me a while to convert the Nginx rules from iThemes to "plain" Text so i could past them into froxlor.
This is what came out.
<pre class="brush:plain;">
# BEGIN iThemes Security
# BEGIN Tweaks
# Rules to block access to WordPress specific files and wp-includes
location ~ /\.ht { deny all; }
location ~ wp-config.php { deny all; }
location ~ readme.html { deny all; }
location ~ readme.txt { deny all; }
location ~ /install.php { deny all; }
location ^wp-includes/(.*).php { deny all; }
location ^/wp-admin/includes(.*)$ { deny all; }
# Rules to prevent php execution in uploads
location ^(.*)/uploads/(.*).php(.?){ deny all; }
# Rules to block unneeded HTTP methods
if ($request_method ~* &quot;^(TRACE|DELETE|TRACK)&quot;){ return 403; }
# Rules to block suspicious URIs
set $susquery 0;
if ($args ~* &quot;\.\./&quot;) { set $susquery 1; }
if ($args ~* &quot;\.(bash|git|hg|log|svn|swp|cvs)&quot;) { set $susquery 1; }
if ($args ~* &quot;etc/passwd&quot;) { set $susquery 1; }
if ($args ~* &quot;boot.ini&quot;) { set $susquery 1; }
if ($args ~* &quot;ftp:&quot;) { set $susquery 1; }
if ($args ~* &quot;http:&quot;) { set $susquery 1; }
if ($args ~* &quot;https:&quot;) { set $susquery 1; }
if ($args ~* &quot;(&lt;|%3C).*script.*(&gt;|%3E)&quot;) { set $susquery 1; }
if ($args ~* &quot;mosConfig_[a-zA-Z_]{1,21}(=|%3D)&quot;) { set $susquery 1; }
if ($args ~* &quot;base64_encode&quot;) { set $susquery 1; }
if ($args ~* &quot;(%24&amp;x)&quot;) { set $susquery 1; }
if ($args ~* &quot;(127.0)&quot;) { set $susquery 1; }
if ($args ~* &quot;(globals|encode|localhost|loopback)&quot;) { set $susquery 1; }
if ($args ~* &quot;(request|insert|concat|union|declare)&quot;) { set $susquery 1; }
if ($args !~ &quot;^loggedout=true&quot;){ set $susquery 0; }
if ($args !~ &quot;^action=jetpack-sso&quot;){ set $susquery 0; }
if ($args !~ &quot;^action=rp&quot;){ set $susquery 0; }
if ($http_cookie !~ &quot;^.*wordpress_logged_in_.*$&quot;){ set $susquery 0; }
if ($http_referer !~ &quot;^http://maps.googleapis.com(.*)$&quot;){ set $susquery 0; }
if ($susquery = 1) { return 403; }
# Rules to help reduce spam
location /wp-comments-post.php {
valid_referers jetpack.wordpress.com/jetpack-comment/ *.smile4.at;
set $rule_0 0;
if ($request_method ~ &quot;POST&quot;){ set $rule_0 1$rule_0; }
if ($invalid_referer) { set $rule_0 2$rule_0; }
if ($http_user_agent ~ &quot;^$&quot;){ set $rule_0 3$rule_0; }
if ($rule_0 = &quot;3210&quot;) { return 403; }
}
# END Tweaks
# END iThemes Security</pre>

8
content/post/nice-howto-on-openvpn-and-kvm-bridges.md
Unescape Escape View File

@ -0,0 +1,8 @@
---
date: 2013-02-22T00:00:00+01:00
title: Nice Howto on OpenVPN and KVM (libvirt) bridges.
author: pcdummy
---
Nice Howto on OpenVPN and KVM (libvirt) bridges. [http://deathegg.student.utwente.nl/wiki/Knowledge:OpenVPN#Bridging_OpenVPN_.28Server.29](http://deathegg.student.utwente.nl/wiki/Knowledge:OpenVPN#Bridging_OpenVPN_.28Server.29)<!--more-->

8
content/post/pc-engines_apu1d4.md
Unescape Escape View File

@ -0,0 +1,8 @@
---
date: 2015-02-23T00:00:00+01:00
title: Home firewall (a pc-engines apu1d4)
author: pcdummy
---
{{< lightslider name="pc-engines_apu1d4" url="data/post/pc-engines_apu1d4.json" >}}
<!--more-->

59
content/post/restore-lost-data-with-photorec.md
Unescape Escape View File

@ -0,0 +1,59 @@
---
date: 2014-12-15T00:00:00+01:00
title: Restore lost data with Photorec
author: pcdummy
---
A friend of mine lost his NTFS Partition (think it was a power outage). As he has some data on it he needs, i tought about restoring it.
<!--more-->
Helpful Links:
* [Authors Step-by-Step Guide](http://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step)
* [German Ubuntu wiki article on Data Recovery](http://wiki.ubuntuusers.de/Datenrettung)
This is what i came out with:
1. Downloaded[ TestDisk (with Photorec)](http://www.cgsecurity.org/wiki/TestDisk_Download "TestDisk download")
2. Extracted it.
3. Made store directory on other disk: $ mkdir /media/&lt;username&gt;/&lt;my_usb_disk&gt;/&lt;friends_name&gt;
4. run it as root: sudo photorec_static /media/&lt;username&gt;/&lt;friends_disk&gt;/the_dd_image_we_made_before.img
5. I set it &quot;whole&quot; and &quot;NTFS&quot;, after about 18 Hours it was over that 300GB.
To split the files up in **one directory per extension**:
<pre><code class="bash">
cd /media/&lt;username&gt;/&lt;my_usb_disk&gt;;
# Create a list of Extensions found: http://stackoverflow.com/questions/1842254
find &lt;friends_name&gt;/ -type f | perl -ne &#39;print $1 if m/\.([^.\/]+)$/&#39; | sort -u &gt; found_extensions.txt
#
# You might want to edit the &quot;found_extensions.txt&quot; file you just generated,
# - filter out crap
# - remove duplicated extensions, the script below is case insensetive
#
# Create the directory where we copy these files in one folder per extension.
mkdir &lt;friends_name&gt;_extensions/
cd &lt;friends_name&gt;_extensions/
# Now mkdir one directory per extension and copy of all files of this extension into it.
#!/bin/sh
for i in $(cat ../found_extensions.txt); do
count=$(find ../&lt;friends_name&gt;/ -type f -iname &quot;*.$i&quot; | wc -l)
echo &quot;Copying \&quot;$count\&quot; files for extension: $i...&quot;
mkdir -p $i
for src in $(find ../&lt;friends_name&gt;/ -type f -iname &quot;*.$i&quot;); do
dest=$i/$(basename $src)
if [ ! -f "$dest" ]; then
echo &quot;Copying \&quot;$src\&quot; to \&quot;$dest\&quot;&quot;
cp $src $dest # Use mv here instead of cp if you known what you do.
elif ! $(cmp -s $src $dest); then
echo &quot;Overwriting \&quot;$dest\&quot; with \&quot;$src\&quot;&quot;
cp $src $dest
fi
done
done
</code></pre>

10
content/post/save-bandwith-with-squid-and-apt-cacher-ng.md
Unescape Escape View File

@ -0,0 +1,10 @@
---
date: 2015-01-10T00:00:00+01:00
title: Save some bandwith with squid as transparent proxy and apt-cacher-ng as peer.
author: pcdummy
---
[This](http://portablejim.now.im/tips/95-squidandaptcacherng.html) howto helped me on saving Bandwith at home. :)
I'm using a lot Vagrant boxes, provisioning takes a lot bandwith, with the setup above i have a cache in between. :-)

208
content/post/syscp-to-froxlor-move-with-high-security.md
Unescape Escape View File

@ -0,0 +1,208 @@
---
date: 2013-01-26T00:00:00+01:00
title: Syscp to Foxlor move on Ubuntu 12.10 with high security.
author: pcdummy
---
Today i switched our (mine and my uncles) WebServer from
- [**SysCP**](http://syscp.org "SysCP") (modified by me), **apache2**, **apache2-mpm-itk**, **libapache2-mod-php5**, **proftpd**
To:
- [**Froxlor**](http://www.froxlor.org/ "Froxlor") (git master), **nginx**, **php5-fpm**, **vsftpd** (with libpam-mysql and libnss-mysql-bg)
<!--more-->I had nginx with php5-fpm running as second install, i also have it running on a high volume website. It&#39;s a dream!
This is a shared web Server so i tought a lot about its security (which we had before by mpm-itk).
The main thing to think about was PHP, there are a lot bugs in PHP written Software and &quot;crackers&quot;
love to hack PHP Sites.
The Solution for this was for us to run one php5-fpm for every customer, froxlor makes it easy to do so.
First replace ProFTPd with vsftpd with libpam-mysql ( libpam-ldap for a [bug](http://ubuntuforums.org/showthread.php?t=1937131) ), stolen [here.](http://forum.froxlor.org/index.php?/topic/569-solved-froxlor-0915-vsftpd-moglich/)
apt-get install vsftpd libpam-mysql libpam-ldap
Replace `/etc/pam.d/vsftpd` (still with the syscp backend):
auth required pam_mysql.so user=syscp passwd=<YOUR_MYSQL-SYSCP_PASSWORD> host=localhost db=syscp table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 verbose=1
account required pam_mysql.so user=syscp passwd=<YOUR_MYSQL-SYSCP_PASSWORD> host=localhost db=syscp table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 verbose=1`
Replace `/etc/vsftpd.conf`:
listen=YES
dual_log_enable=YES
log_ftp_protocol=YES
xferlog_enable=YES
anonymous_enable=NO
local_enable=YES
check_shell=NO
virtual_use_local_privs=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
guest_username=www-data
guest_enable=NO
chroot_local_user=YES
hide_ids=YES
write_enable=YES
use_localtime=YES
local_umask=022
dirmessage_enable=YES
# local_root=/var/kunden/webs/$USER
# See: http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
# allow_writeable_chroot=YES
user_sub_token=$USER
nopriv_user=www-data
Restart vsftpd:
/etc/init.d/vsftpd restart
Test it with your local ftp client.
Install Froxlor
apt-get install git
cd /var/kunden/webs/Server
git clone https://github.com/Froxlor/Froxlor webadmin.<yourdomain.com>
Create /etc/nginx/sites-available/webadmin.<yourdomain.com> ( i have the "upstream" php5-fpm defined somewhere else ).
server {
listen <your_ip>:80;
server_name webadmin.<yourdomain.com>;
root /var/kunden/webs/Server/webadmin.<yourdomain.com>;
index index.html index.php;
charset utf-8;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xls)$ {
access_log off;
expires 30d;
}
location / {
rewrite ^(.*)$ /index.php$1 last;
}
location ~ "^(.+\.php)(.*)$" {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass php5-fpm;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Enable the config, test it and restart nginx.
ln -s /etc/nginx/sites-available/webadmin.<yourdomain.com> /etc/nginx/sites-enabled/001-webadmin.<yourdomain.com>
nginx -t
/etc/init.d/nginx restart
See this [guide](http://redmine.froxlor.org/projects/froxlor/wiki/Upgrading_to_or_updating_Froxlor) on howto upgrade from syscp to froxlor:
(i did it my way tm - installed froxlor, then i replaced the db with the one from syscp)
Now go to http://webadmin.yourdomain.com and migrate the syscp data,
after the migration you should configure the webserver to nginx.
Froxlor - nginx settings:
[![froxlor-nginx-settings](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-nginx-settings-300x161.jpg)](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-nginx-settings.jpg)
Froxlor - phpfpm settings:
[![froxlor-phpfpm-settings](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-phpfpm-settings-300x137.jpg)](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-phpfpm-settings.jpg)
Run cron_tasks.php for the first time and check its output for errors:
/usr/bin/php -q /var/kunden/webs/Server/webadmin.<your-domain.com>/scripts/cron_tasks.php
Create a new MySQL user &quot;**vsftpd**&quot; and give him
SELECT rights on the tables **froxlor.ftp_users**,** froxlor.ftp_groups**
Replace `/etc/pam.d/vsftpd` again (now with the froxlor backend)
<pre>
`auth required pam_mysql.so user=vsftpd passwd=<YOUR-VSFTPD-MYSQL-PASS> host=localhost db=froxlor table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1
account required pam_mysql.so user=vsftpd passwd=<YOUR-VSFTPD-MYSQL-PASS> host=localhost db=froxlor table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1`</pre>
Restart `vsftpd`:
/etc/init.d/vsftpd restart
Test with your local ftp client.
Can't remember why but i had to replace `libnss-mysql` with `libnss-mysql-bg`
This is the config `/etc/libnss-mysql.cfg` for it if you need it.
getpwnam SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
FROM ftp_users \
WHERE username='%1$s' \
ORDER BY id ASC \
LIMIT 1
getpwuid SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
FROM ftp_users \
WHERE uid='%1$u' \
ORDER BY id ASC
LIMIT 1
getspnam SELECT username,password,'1','0','99999','0','0','-1','0' \
FROM ftp_users \
WHERE username='%1$s' \
ORDER BY id ASC
LIMIT 1
getpwent SELECT username,'x',uid,gid,'MySQL User',homedir,shell \
FROM ftp_users
getspent SELECT username,password,'1','0','99999','0','0','-1','0' \
FROM ftp_users
getgrnam SELECT groupname,'empty',gid \
FROM ftp_groups \
WHERE groupname='%1$s' \
LIMIT 1
getgrgid SELECT groupname,'empty',gid \
FROM ftp_groups \
WHERE gid='%1$u' \
LIMIT 1
getgrent SELECT groupname,'empty',gid \
FROM ftp_groups
memsbygid SELECT members \
FROM ftp_groups \
WHERE gid='%1$u'
gidsbymem SELECT gid \
FROM ftp_groups \
WHERE groupname='%1$s'
host localhost
database vsftpd
username vsftpd
password <your-vsftpd-pass-here>
`/etc/libnss-mysql-root.cfg`
username vsftpd password <your-vsftpd-pass-here>

11
content/post/tsurges-instruction-virtualbox.md
Unescape Escape View File

@ -0,0 +1,11 @@
---
date: 2013-01-28T00:00:00+01:00
title: T Surge's introduction to Virtualbox (Run Windows Virtual on top of Linux)
author: pcdummy
---
Virtual Box (VBox in short) from Oracle is a great technology that helps us to install multiple operating systems on a machine and run them side by side. Hence it is called a Virtualization Software.
read more [here](http://tsurge.wordpress.com/2013/01/26/introduction-to-virtualbox/)
<!--more--> [![windows_on_linux](http://rene.jochums.at/wp-content/uploads/2013/01/windows_on_linux-300x151.png)](http://rene.jochums.at/wp-content/uploads/2013/01/windows_on_linux.png)

12
content/post/ubuntu-13.04-und-postfix-2.10.md
Unescape Escape View File

@ -0,0 +1,12 @@
---
date: 2013-08-13T00:00:00+01:00
title: Ubuntu 13.04 und Postfix 2.10
author: pcdummy
---
Nachdem ich jetzt einen Tag nach einer L&ouml;sung gesucht warum mein Postfix immer ein 5.7.1 Relay Access Denied ausspuckt... hier die L&ouml;sung:
[https://bbs.archlinux.org/viewtopic.php?id=158020](https://bbs.archlinux.org/viewtopic.php?id=158020)
Aus `smtpd_recipient_restrictions` wird `smtpd_relay_restrictions`<!--more-->

111
content/post/ubuntu-lxc-image.md
Unescape Escape View File

@ -0,0 +1,111 @@
---
date: 2015-01-25T14:00:00+01:00
title: HOWTO - Prepare a minimal lxc image for salt
author: pcdummy
tags:
- HOWTO
- Ubuntu
- BTRFS
- lxc
---
These are basic commands i use to prepare a minimal lxc image for saltstack.<!--more-->
**Login as lxd**
if you have got a unprivileged install like me.
$ ssh lxd@localhost
**Download the Image**
I use the btrfs [backing store](https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-backinstores) driver here, see its [man page](http://man7.org/linux/man-pages/man1/lxc-create.1.html) for more.
$ lxc-create -B btrfs -t download -n trusty64 -- -d ubuntu -r trusty -a amd64
**Start and attach**
lxc-start -n trusty64
lxc-attach -n trusty64
**Upgrade the base system**
You'r now in the machine, its like *chroot* on *steroids*
apt-get update && apt-get -qy dist-upgrade
**Install openssh-server**
apt-get -qy install openssh-server
**Install salt-minion**
apt-get -qy install software-properties-common
add-apt-repository -y ppa:saltstack/salt
apt-get update
apt-get -qy install salt-minion
**Configure salt-minion for the first connect**
I enable ```IPv6``` here as i use a IPv6 only network to play around.
service salt-minion stop
echo -e "master: salt\nipv6: True" > /etc/salt/minion.d/master.conf
rm -rf /etc/salt/minion_id /etc/salt/pki/
**Remove ssh keys, let salt provision it**
rm -f /etc/ssh/ssh_host_*_key*
**Set the hostname to FQDN so you have it later with a Domain in your saltmaster**
Replace ```lxc.example.lan``` with the domain you have in ```/etc/default/lxc-net```
$ sed -i -e's|trusty64|trusty64.lxc.example.lan|' /etc/hosts
**Delete default "ubuntu" user (want salt to provision the id:1000 user)**
$ userdel -rf ubuntu
**Now** get back on your machine:
$ exit
**and** stop the base image you must made:
$ lxc-stop -n trusty64
### Do this every time you need a new testing/production machine
**Clone it and let your salt master provision it :)**
I use the [snapshot](http://man7.org/linux/man-pages/man1/lxc-clone.1.html) feature here.
replace ```jupiter``` with your own hostname.
$ lxc-clone -s trusty64 jupiter
$ lxc-start -n jupiter
**Get info from your new machine**
$ lxc-ls -f
**On the Master**
$ salt-key -a 'jupiter.*'
If you have a firewalled development saltmaster you may want to activate [auto_accept](http://docs.saltstack.com/en/latest/ref/configuration/master.html#auto-accept)
**Wanna do it again?**
Destroy the machine (**as lxd@localhost**)
$ lxc-destroy -n jupiter
Remove the key on the Master
$ salt-key -d 'jupiter.*'
Clone it again and let the master provision it (**again as lxd@localhost**)
$ lxc-clone -s trusty64 jupiter
$ lxc-start -n jupiter

169
content/post/ubuntu-lxc-install.md
Unescape Escape View File

@ -0,0 +1,169 @@
---
date: 2015-01-25T13:00:00+01:00
title: HOWTO - Install lxc and prepare it for a unprivileged user
author: pcdummy
tags:
- HOWTO
- Ubuntu
- BTRFS
- lxc
---
Very good to read [Official LXC 1.0 Howtos](https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/)!
This howto is based on: [LXC 1.0: Unprivileged containers [7/10]](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/)
I started to play around with [LXD (pronounced lex-dee)](https://github.com/lxc/lxd) but its not usable IMHO yet, thats why my lxc **unpriviliged** user is called lxd.
Replace **lxd** with any other user, maybe ```yours```? <!--more-->
**Install the latest stable lts kernel**
$ sudo apt-get -y install linux-image-utopic-lts
**Enable "memory swapaccount" [found here](http://www.flockport.com/start/)**
Edit **/etc/default/grub**
$ gksudo gedit /etc/default/grub
Replace GRUB_CMDLINE_LIINUX_DEFAULT="quiet splash" with:
GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1"
**Or** use **sed** (i have a LUKS encrypted disk, ```quiet splash``` is buggy):
$ sed -i -e's|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"|' /etc/default/grub
Then **update grub**:
$ sudo update-grub
And **reboot**:
$ sudo reboot
**Install LXC from the the *daily* ppa**
I use the *daily* ppa for the latest lxc-features here on my testing laptop.
$ sudo add-apt-repository -y ppa:ubuntu-lxc/daily
$ sudo apt-get update
$ sudo apt-get -y install lxc cgmanager uidmap lxc-templates
[LXCFS](https://linuxcontainers.org/lxcfs/introduction/) seems to be unstable here, remove it:
$ sudo apt-get -y purge lxcfs
**BRTFS and "unprivileged users"**
You will need the ```user_subvol_rm_allowed``` option, if you use BTRFS like me as mentioned in [issue #210](https://github.com/lxc/lxc/issues/210)
This is my **/etc/fstab** entry:
/dev/mapper/root /var/lib/lxd btrfs subvol=@lxd,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0
My **full** /etc/fstab:
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/root / btrfs subvol=@ubuntu_14.10,compress=lzo,recovery,noatime 0 0
/dev/sda1 /boot ext3 defaults 0 0
/dev/mapper/root /home btrfs subvol=@home,compress=lzo,recovery,noatime 0 0
/dev/mapper/root /opt/mono btrfs subvol=@mono,compress=lzo,recovery,noatime 0 0
/dev/mapper/root /var/lib/lxc btrfs subvol=@lxc,compress=lzo,recovery,noatime 0 0
/dev/mapper/root /var/lib/lxd btrfs subvol=@lxd,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0
/dev/mapper/data /data xfs noatime,nobootwait 0 0
/dev/mapper/swap none swap defaults,nobootwait 0 0
# To modify the btrfs ($ btrfs subvolume create /mnt/btrfs/ or $ copy -ax --reflink=always /mnt/btrfs/@src/. /mnt/btrfs/@dest)
/dev/mapper/root /mnt/btrfs btrfs subvolid=0,compress=lzo,recovery,noatime,noauto 0 0
**Create the user ```lxd```**
A valid shell so i can "ssh lxd@localhost", see this [Permission denied](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/#comment-183371)
$ sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd
**Give lxd 99 uid/gid ranges to map.**
$ for i in {1..99}; do \
sudo usermod --add-subuids ${i}00000-${i}65536 lxd \
sudo usermod --add-subgids ${i}00000-${i}65536 lxd \
done # This takes a while
**Create a basic config for that new user**
$ sudo mkdir /var/lib/lxd
$ sudo chown lxd:lxd /var/lib/lxd
$ sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/
$ sudo sudo -H -u lxd sh -c 'cat <<EOF > /var/lib/lxd/.config/lxc/default.conf
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65537
lxc.id_map = g 0 100000 65537
EOF'
**Install openssh-server so you can ```$ ssh lxd@localhost```**
Again see this see this [Permission denied](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/#comment-183371) bug, i got into.
$ sudo apt-get -y install openssh-server
**and** copy your public key
$ sudo mkdir /var/lib/lxd/.ssh/
$ sudo cp $HOME/.ssh/id_ecdsa.pub /var/lib/lxd/.ssh/authorized_keys
$ sudo chown -R lxd:lxd /var/lib/lxd/.ssh/
**Set the domain for your LXC Machines**
This is from [seminar.io](http://seminar.io/2014/07/27/dns-resolution-for-lxc-in-ubuntu-trusty/)
To supply all your LXC machines the same Domainname set ```LXC_DOMAIN``` in ```/etc/default/lxc-net```
$ gksudo gedit /etc/default/lxc-net
Uncomment ```LXC_DOMAIN="lxc"``` **and** change ```lxc``` to something else **if** you want another domain for your hosts than ```lxc```.
**or** use sed UNTESTED:
$ sudo sed -i -e's|# LXC_DOMAIN="lxc"|LXC_DOMAIN="lxc.example.lan"|' /etc/default/lxc-net
To have that domain on your computer you need to **change** the NetworkManager **dnsmasq**
$ echo 'server=/lxc.example.lan/10.0.3.1' | sudo tee -a /etc/NetworkManager/dnsmasq.d/lxc.conf
This will redirect DNS queries for ```*.lxc.example.lan``` hosts to the ```dnsmasq``` instance running on 10.0.3.1 that manage DHCP and DNS for containers.
**Now** restart lxc-net and NetworkManager
$ sudo service lxc-net stop
$ sudo service lxc-net start
$ sudo service network-manager restart
For the ```lxc-net``` service you can't use the ```restart``` command, you must use the ```stop/start``` commands to reload the configuration.
**Allow the unprivileged ```lxd``` user to create machines witch use the ```lxcbr0``` interface**
$ echo 'lxd veth lxcbr0 100'| sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null
$ sudo service lxc restart
**Usefull commands**
Get CPU, Disk and Memory Usage of your containers
$ lxc-top
**Now create your first base image**
[Prepare a minimal lxc image for salt](/docs/ubuntu-lxc-image.md)

15
content/post/youtube-and-youtube-mp3.org.md
Unescape Escape View File

@ -0,0 +1,15 @@
---
date: 2013-01-28T00:00:00+01:00
title: Youtube and youtube-mp3.org
author: pcdummy
---
Today i tried to Download some great songs from one of my favorite Artists, [Alex Boyle.](https://www.youtube.com/user/ALEXBOYETV)
This is what i got on some of them:
[![Youtube-mp3.org](/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error_300x154.png)](/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error.png)
<!--more-->Youtube limits the external Tools, so you can&#39;t convert/download all the videos,
you would like to. I can imagine why Youtube has to do so, but its against **Freedom** isn&#39;t it?
Please vote [here](http://www.change.org/petitions/youtube-googlede-allow-third-party-recording-tools-for-youtube-freedomonyoutube#) if you think as i do, help the great people at Youtube to give us more Freedom.

55
data/post/pc-engines_apu1d4.json
Unescape Escape View File

@ -0,0 +1,55 @@
{
"settings": {
"item": 1,
"thumbItem": 5,
"slideMargin": 0,
"currentPagerPosition": "left",
"slideMove":1,
"easing": "cubic-bezier(0.25, 0, 0.25, 1)",
"speed": 600,
"responsive": [
{
"breakpoint": 800,
"settings": {
"item": 3,
"slideMove": 1,
"slideMargin": 6
}
},
{
"breakpoint": 480,
"settings": {
"item": 2,
"slideMove": 1
}
}
]
},
"items": [
{
"full": "/static/content/post/pc-engines_apu1d4/small/box.jpg",
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/box.jpg",
"alt": "In the box"
},
{
"full": "/static/content/post/pc-engines_apu1d4/small/unboxed.jpg",
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/unboxed.jpg",
"alt": "Unboxed"
},
{
"full": "/static/content/post/pc-engines_apu1d4/small/case.jpg",
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/case.jpg",
"alt": "Case only"
},
{
"full": "/static/content/post/pc-engines_apu1d4/small/case_and_board.jpg",
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/case_and_board.jpg",
"alt": "Case and board"
},
{
"full": "/static/content/post/pc-engines_apu1d4/small/assembled.jpg",
"thumb": "/static/content/post/pc-engines_apu1d4/thumb/assembled.jpg",
"alt": "Assembled"
}
]
}

9
layouts/partials/_widgets/copyright.html
Unescape Escape View File

@ -0,0 +1,9 @@
<div class="sidebar_single_module">
<div class="sidebar_wraper">
<div class="sidebar_inner">
<div class="text_widget">
<p>&copy; 2015 by Rene´ Jochum, under a <a href="https://creativecommons.org/licenses/by/4.0/" target="_blank">CC BY 4.0</a> license.</p>
</div>
</div>
</div>
</div>

7
layouts/partials/navbar.html
Unescape Escape View File

@ -0,0 +1,7 @@
<section class="left_sidebar_content_area">
{{ partial "_widgets/menu.html" . }}
{{ partial "_widgets/social.html" . }}
{{ partial "_widgets/simpletaglist.html" . }}
{{ partial "_widgets/copyright.html" . }}
</section>

BIN
static/static/author/pcdummy_240x240.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
static/static/content/post/pc-engines_apu1d4/small/assembled.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

BIN
static/static/content/post/pc-engines_apu1d4/small/box.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
static/static/content/post/pc-engines_apu1d4/small/case.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

BIN
static/static/content/post/pc-engines_apu1d4/small/case_and_board.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
static/static/content/post/pc-engines_apu1d4/small/unboxed.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

BIN
static/static/content/post/pc-engines_apu1d4/thumb/assembled.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
static/static/content/post/pc-engines_apu1d4/thumb/box.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 605 B

BIN
static/static/content/post/pc-engines_apu1d4/thumb/case.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
static/static/content/post/pc-engines_apu1d4/thumb/case_and_board.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
static/static/content/post/pc-engines_apu1d4/thumb/unboxed.jpg
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error_300x154.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

1
themes

@ -0,0 +1 @@
Subproject commit 0236ad871f1144f6d0abd7d88fde180136953f58

1
vendor/lightGallery vendored

@ -0,0 +1 @@
Subproject commit 15e254510a09975dee1ae47759326eb66a424576

1
vendor/lightslider vendored

@ -0,0 +1 @@
Subproject commit f44b65f8ef90f1b28ce74224844d668fc346fee9
Write Preview
Loading…
Cancel
Save