commit bc224833b26cc4c00827746a983b96499c421075 Author: René Jochum Date: Fri Jun 12 02:21:14 2015 +0200 First commit. diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..99f76f7 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "vendor/lightslider"] + path = vendor/lightslider + url = https://github.com/sachinchoolur/lightslider.git +[submodule "vendor/lightGallery"] + path = vendor/lightGallery + url = https://github.com/sachinchoolur/lightGallery.git diff --git a/build_and_run.sh b/build_and_run.sh new file mode 100755 index 0000000..2b329d0 --- /dev/null +++ b/build_and_run.sh @@ -0,0 +1,3 @@ +#!/bin/sh +go get github.com/spf13/hugo +$GOPATH/bin/hugo server --bind="::1" -w -D -v -t persona diff --git a/config.yaml b/config.yaml new file mode 100644 index 0000000..e49fb47 --- /dev/null +++ b/config.yaml @@ -0,0 +1,60 @@ +baseurl: "http://hugo.pc-dummy.net" +copyright: "This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0)." +languageCode: en-us +MetaDataFormat: yaml +contentdir: content +datadir: data +publishdir: public +canonifyurls: true + +PostFormat: true + +blackfriday: + Fractions: false + Extensions: + - noEmptyLineBeforeBlock + - hardLineBreak + +title: Rene´s blog +author: + name: Rene´ Jochum + +permalinks: + post: /:year/:month/:day/:filename/ + +paginate: 10 +paginatepath: page + +indexes: + category: categories + tag: tags + +params: + ShowTopProfile: true + ShowTopSocial: false + + # Settings + DateFormat: 2. Jan 2006 + + edit_link_url: https://github.com/pcdummy/pc-dummy.net/blob/master/content/ + description: "Blogging about Programming, Security, Linux, Networking and Web Apps." + logo: "/static/author/pcdummy_240x240.png" + + Social: + bitbucket: "pcdummy" + # gitlab: pcdummy + github: pcdummy + # flickr: "pcdummy" + # twitter: "pcdummy" + # facebook: "pcdummy" + linkedin: pcdummy + email: rene@jochums.at + skype: pc-dummy + + Authors: + default: pcdummy + pcdummy: + Name: "Rene´ Jochum" + Link: "/author/pcdummy/" + Avatar: "/static/author/pcdummy_240x240.png" + ShortBio: "Is an FOSS enthusiast who has been programming since he was 12, currently he loves to develop in Python and Go." diff --git a/content/author/pcdummy.md b/content/author/pcdummy.md new file mode 100644 index 0000000..ee6eee7 --- /dev/null +++ b/content/author/pcdummy.md @@ -0,0 +1,7 @@ +--- +date: 2014-04-12T00:00:00+01:00 +title: Rene´ Jochum + +--- + +{{% img src="/static/author/pcdummy_240x240.png" %}} diff --git a/content/post/afrika-und-die-it.md b/content/post/afrika-und-die-it.md new file mode 100644 index 0000000..9dce689 --- /dev/null +++ b/content/post/afrika-und-die-it.md @@ -0,0 +1,20 @@ +--- +date: 2014-04-12T00:00:00+01:00 +title: Afrika und die IT (german) +author: pcdummy + +--- + +Auf der suche nach Afrika Projekten bin ich auf folgende Webseiten gestoßen: + +#### Computer Projekte: + +1. [Linux4Afrika.de](http://www.linux4afrika.de/ "Linux4Afrika") - Sammeln Computer in Deutschland, installieren darauf Linux (ThinClients + Server basierend) +2. [linuxola.org](http://www.linuxola.org/) - Das selbe in der Schweiz +3. [cihub.net](http://www.cihub.net/) - bittet einheimischen / Startups die Räumlichkeiten und Beratungsleistungen + +#### Hilfsprojekte: + +1. [Smile4](http://www.smile4.at) - Naturschutz, Medzinische Hilfe und Waisenhilfe in Madagaskar. +2. [Eineweltgruppe](http://www.eineweltgruppe.at) - Hilfe zur selbsthilfe in Tansania. +3. [ADRA](http://www.adra.org) - Weltweite Hilfsprojekte aller art (ein Projekt der Adventistischen Glaubensgemeinschaft). diff --git a/content/post/emulate-a-hetzner-root-with-mininet.md b/content/post/emulate-a-hetzner-root-with-mininet.md new file mode 100644 index 0000000..08feb0e --- /dev/null +++ b/content/post/emulate-a-hetzner-root-with-mininet.md @@ -0,0 +1,32 @@ +--- +date: 2014-12-14T00:00:00+01:00 +description: Emulate a Hetzner root with mininet. +tags: +- hetzner +- mininet +title: Emulate a Hetzner root with mininet +topics: +- Development +- golang +--- + +I manage some root server from friends at Hetzner, as Hetzner has a "special" setup by blocking unknown Mac Addresses at theier switches, its not that easy to configure that. + +The last days i played around with [OpenVSwitch](http://openvswitch.org/ "OpenVSwitch") (A Virtual Switch, featuring VLAN's, OpenFlow, Switch To Switch Tunnels). + +OpenVSwitch would allow me to add features like **Firewall as a Service** or **IDS as a Service** and it also allows me to **link multiple Servers** together. + +BUT these servers are all in production, i can't play on them, this is where [Mininet](http://mininet.org/ "Mininet") comes in use, it allows me to emulate a full network on a single VM, without touching these root Servers. + +Have a look at this [Script](https://gist.github.com/pcdummy/9b9d1589289b649d8207 "hetzner.py") if you also need a lab to test your Hetzner Networking. + +Setup from start: + +1. At first get and install a [Mininet Download and Guide](http://mininet.org/download/ "Mininet Download and Guide") also see this [Guide](http://www.brianlinkletter.com/set-up-mininet/ "Mininet Setup guide by Brian Kletter") +2. Learn howto use Mininet [Sample Workflow.](http://mininet.org/sample-workflow/ "Mininet Sample Workflow") +3. Edit the Script parameters in "[root_network](https://gist.github.com/pcdummy/9b9d1589289b649d8207#file-hetzner-py-L257 "Script root_network")" (get the gw mac with `$ arp -n` on your root. +4. Next copy the [Script](https://gist.github.com/pcdummy/9b9d1589289b649d8207 "Script") to your VM: `$ scp hetzner.py mininet@:/home/mininet/` (you might want to use sshfs). +5. Run hetzner.py as root `$ sudo ./hetzner.py` +6. Play arround with it: `h1 ping gw` + +Have fun and please tell me when you found bugs or you have improvement ideas. diff --git a/content/post/encrypt-your-dropbox-or-parts-of-it-with-encfs.md b/content/post/encrypt-your-dropbox-or-parts-of-it-with-encfs.md new file mode 100644 index 0000000..a0de1c6 --- /dev/null +++ b/content/post/encrypt-your-dropbox-or-parts-of-it-with-encfs.md @@ -0,0 +1,26 @@ +--- +date: 2014-12-15T00:00:00+01:00 +title: Encrypt your Dropbox (or parts of it) on Linux +author: pcdummy + +--- + +#### UPDATE: EncFS is considered to be insecure (see this [Audit](https://defuse.ca/audits/encfs.htm)), i will use eCryptFS instead, see this [manual](https://help.ubuntu.com/community/EncryptedPrivateDirectory). If you still want to use EncFS use [gnome-encfs-manager](http://www.libertyzero.com/GEncfsM/) instead of gnome-encfs below. + +I have some sensetive Data on my Laptop i want to sync with other Computers i own, found this [Howto](http://www.makeuseof.com/tag/encrypt-dropbox-data-encfs-linux/ "How To Encrypt Your Dropbox Data With ENCFS [Linux] ") on howto do that. Theres also a Windows "port" of encfs - [safe](http://www.getsafe.org/about "Safe"), didn't test it tough. + +#### This is what i did (on Linux Mint 17 64bit): + +

+sudo apt-get install encfs
+cd ~/Downloads
+wget https://bitbucket.org/obensonne/gnome-encfs/raw/tip/gnome-encfs
+mv ~/exchange ~/exchange2
+sudo install gnome-encfs /usr/local/bin/
+mkdir ~/Dropbox/.encrypted_exchange ~/exchange
+encfs ~/Dropbox/.encrypted_exchange ~/exchange/ # answered "p for paranoia mode
+gnome-encfs -a ~/Dropbox/.encrypted_exchange/ ~/exchange # enter, then password, then Y
+cat /etc/mtab | grep encfs # Should give one line with /home/your_username/exchange
+cd ~/exchange && rsync -avP ~/exchang2/* .
+du -sh ~/exchange ~/Dropbox/.encrypted_exchange ~/exchange2 # All 3 folders should be a the same size
+# rm -r ~/exchange2 # Do this only if you have a backup!
diff --git a/content/post/first-hugo.md b/content/post/first-hugo.md new file mode 100644 index 0000000..7914101 --- /dev/null +++ b/content/post/first-hugo.md @@ -0,0 +1,46 @@ +--- +date: 2015-02-08T13:00:00+01:00 +title: First hugo post +author: pcdummy + +--- + +Today i moved my wordpress blog to hugo, it will allow me to **post faster** use **less resources** and i can **share** my content **on [github](https://github.com/pcdummy/pc-dummy.net)**. + +I've been using Markdown a lot recently to document my own stuff, +now i'm able to just copy it to my blog and publish it. + +[Hugo](gohugo.io/) is a open source tool written by [@spf13](https://github.com/spf13) in [go](http://golang.org/) that converts [Markdown](https://en.wikipedia.org/wiki/Markdown) documents into static pages or serves them as server. + +#### Tools i've been using while converting: + +- [Ubuntu GNU/Linux MATE](https://ubuntu-mate.org/) - The [MATE](http://mate-desktop.org/) flavor of Ubuntu GNU/Linux. + +- [Atom.io](https://atom.io/) - I use Atom since some weeks, it has been a nice replacement for the shareware and closed source [Sublime](http://www.sublimetext.com/). + +- [To-Markdown](https://domchristie.github.io/to-markdown/) - A useful HTML-to-Markdown converter, which I've been using while switching to Hugo. + +- [gohugo.io source](https://github.com/spf13/hugo/tree/master/docs/) - gohugo.io runs trough Hugo and its source helped me alot to build this blog. + +- On-liner to test trough all themes, **run in your sites root**: + +

+for i in $(find themes/ -maxdepth 2 -iname 'theme.toml'); do \
+    echo -e "\nCurrent Theme: $(expr match "$i" 'themes\/\(.*\)\/theme.toml')\n"; \
+    hugo server --buildDrafts --watch \
+        --theme=$(expr match "$i" 'themes\/\(.*\)\/theme.toml'); \
+done
+ +#### This blog uses: + +- [Ubuntu GNU/Linux Server](http://www.ubuntu.com/download/server) - Yes its a download link for a fully featured Server OS. + +- [Nginx](https://en.wikipedia.org/wiki/Nginx) - A lightweight, fast and stable web server from [Igor Sysoev](https://en.wikipedia.org/wiki/Igor_Sysoev). + +- Of course [Hugo](gohugo.io/) i also have a live preview of my whole site with it. + +- [Purehugo theme](https://github.com/dplesca/purehugo) - A little modified. + +- Client Side [Syntax highlighting](http://gohugo.io/extras/highlighting/) with [hightlight.js](https://highlightjs.org/) + +- [Atom.io](https://atom.io/) - To create the pages/entries diff --git a/content/post/install-ubuntu-trusty.md b/content/post/install-ubuntu-trusty.md new file mode 100644 index 0000000..563959a --- /dev/null +++ b/content/post/install-ubuntu-trusty.md @@ -0,0 +1,1032 @@ +--- +date: 2015-04-05T13:00:00+01:00 +title: My installation of Ubuntu Mate 14.10 (Utopic) +author: pcdummy +tags: + - Ubuntu + - My Installation + - Crypto root + - BTRFS + - lxc +--- + +This is my own documentation of my installation. + +#### Features + +* Latest Ubuntu Mate +* Encrypted disk +* BTRFS root, home and stuff i keep between sys updates. + +#### General BTRFS stuff to read: + +* [btrfs wiki](https://btrfs.wiki.kernel.org/index.php/UseCases) + +#### This is based on: + +* [archlinux wiki](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system) +* [microhowto](http://www.microhowto.info/howto/create_an_encrypted_swap_area.html) +* [linux mint forums](http://forums.linuxmint.com/viewtopic.php?f=175&t=100659) +* [ubuntusers wiki](http://wiki.ubuntuusers.de/Installieren_auf_Btrfs-Dateisystem) +* [nyeggen blog (google cache)](http://webcache.googleusercontent.com/search?q=cache:WOnzknpei6YJ:nyeggen.com/blog/2014/04/05/full-disk-encryption-with-btrfs-and-multiple-drives-in-ubuntu+btrfs+luks&cd=2&hl=de&ct=clnk&gl=ch) +* [Philip Beck`s blog](http://blog.philippbeck.net/linux/archlinux-install-encryption-lvm-luks-grub2-69) +* [Netzgewitter blog](http://www.netzgewitter.com/2011/09/how-to-install-linux-mint-debian-edition-lmde-on-an-encrypted-hard-drive/) +* [kubuntu forums (google cache)](http://webcache.googleusercontent.com/search?q=cache:TuoJ3OW95wgJ:https://www.kubuntuforums.net/archive/index.php/t-60321.html+&cd=1&hl=de&ct=clnk&gl=at&client=ubuntu) + +#### Install Linux from a livecd +* Start from the livecd +* Go to Control Center->Hardware->Keyboard and set the keyboard to german nodeadkeys +* connect to the internet + +#### Setup the partition table with gparted like this **TODO insert screnshot here** + +#### Encrypt the partitions and format them + + sudo -s -H + apt-get -y install btrfs-tools + + cryptsetup -c aes-xts-plain64 -y -s 512 luksFormat /dev/sda2 + cryptsetup -c aes-xts-plain64 -y -s 512 luksFormat /dev/sda5 + + cryptsetup --allow-discards luksOpen /dev/sda2 root + cryptsetup --allow-discards luksOpen /dev/sda5 data + + mkfs.ext3 /dev/sda1 + mkfs.btrfs -L root /dev/mapper/root + + mkfs.xfs -L data /dev/mapper/data + mkswap /dev/sda6 + + mount -o subvolid=0,compress=lzo,recovery,noatime /dev/mapper/root /mnt + # My first crypto-btrfs system to install - Mint 17 + btrfs subvolume create /mnt/\@mint_17 + # For persitant homes across installations. + btrfs subvolume create /mnt/\@home + # For persistant lxc across installations. + btrfs subvolume create /mnt/\@lxc + For persistant lxd across installations. + btrfs subvolume create /mnt/\@lxd + # For persistant monodevelop across installations. + btrfs subvolume create /mnt/\@mono + umount /mnt + + swapon /dev/sda6 + +#### Create btrfs subvolumes and mount them + + mkdir /target + mount -o subvol=@mint_17,compress=lzo,recovery,noatime /dev/mapper/root /target + # One /home for all + mkdir /target/home + mount -o subvol=@home,compress=lzo,recovery,noatime /dev/mapper/root /target/home + # One LXC for all. + mkdir -p /target/var/lib/lxc + mount -o subvol=@lxc,compress=lzo,recovery,noatime /dev/mapper/root /target/var/lib/lxc + # One LXD for all. + mkdir -p /target/var/lib/lxd + mount -o subvol=@lxd,compress=lzo,recovery,noatime /dev/mapper/root /target/var/lib/lxd + # One docker for all. + mkdir -p /target/var/lib/docker + mount -o subvol=@docker,compress=lzo,recovery,noatime /dev/mapper/root /target/var/lib/docker + # One /opt/mono for all installations. + mkdir -p /target/opt/mono + mount -o subvol=@mono,compress=lzo,recovery,noatime /dev/mapper/root /target/opt/mono + mkdir -p /target/mnt/btrfs + # XFS /data for virtualisation images, i've read somewhere that btrfs and images aren't friends. + mkdir /target/data + mount /dev/mapper/data /target/data + +#### Copy the livecd linux to /target + + rsync -avP /rofs/ /target/ + +#### Copy stuff from the backup to the /target + + cp /media/mint/Backup_T410/backintime/ThinkPad-T410/root/1/last_snapshot/backup/etc/hosts /target/etc/ + cp /media/mint/Backup_T410/backintime/ThinkPad-T410/root/1/last_snapshot/backup/etc/hostname /target/etc/ + cp /media/mint/Backup_T410/backintime/ThinkPad-T410/root/1/last_snapshot/backup/etc/sysctl.conf /target/etc/ + cp /media/mint/Backup_T410/backintime/ThinkPad-T410/root/1/last_snapshot/backup/etc/sudoers /target/etc/ + +#### Prepare to chroot into /target + + mount -o bind,rw /dev /target/dev + mount -o bind,rw /proc /target/proc + mount -o bind,rw /sys /target/sys + mount -o bind,rw /dev/pts /target/dev/pts + mount -o bind,rw /run /target/run + +#### Chroot into /target + + chroot /target + export TARGET_USERNAME=pcdummy + locale-gen de_AT.UTF-8 + dpkg-reconfigure locales + update-locale LANG=de_AT.UTF-8 + export LANG=de_AT.UTF-8 + locale-gen --purge --no-archive + dpkg-reconfigure keyboard-configuration + dpkg-reconfigure tzdata + + # Update package list + apt-get update + + apt-get -y install vim vim-scripts + update-alternatives --set editor /usr/bin/vim.basic + + # Recent kernel + apt-get purge -y linux-image-generic + apt-get -y install -y linux-image-generic-lts-utopic linux-headers-generic-lts-utopic + + # Add another key for "data", to automount it, you can remove your "setup" + # password on /dev/sda5 later if you want. + tr -dc '0-9a-zA-Z' /etc/data_luks.key + chmod 600 /etc/data_luks.key; chown root:root /etc/data_luks.key + cryptsetup luksAddKey /dev/sda5 /etc/data_luks.key + + # Configure /etc/fstab + cat < /etc/fstab && editor /etc/fstab + # /etc/fstab: static file system information. + # + # Use 'blkid' to print the universally unique identifier for a + # device; this may be used with UUID= as a more robust way to name devices + # that works even if disks are added and removed. See fstab(5). + # + # + /dev/mapper/root / btrfs subvol=@mint_17,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0 + /dev/mapper/root /home btrfs subvol=@home,compress=lzo,recovery,noatime 0 0 + /dev/mapper/root /opt/mono btrfs subvol=@mono,compress=lzo,recovery,noatime 0 0 + /dev/mapper/root /var/lib/lxc btrfs subvol=@lxc,compress=lzo,recovery,noatime 0 0 + /dev/mapper/root /var/lib/lxd btrfs subvol=@lxd,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0 + /dev/mapper/root /var/lib/docker btrfs subvol=@docker,compress=lzo,recovery,noatime 0 0 + /dev/mapper/data /data xfs noatime,nobootwait 0 0 + /dev/mapper/swap none swap defaults 0 0 + + /dev/mapper/root /mnt/btrfs btrfs subvolid=0,compress=lzo,recovery,noatime,noauto 0 0 + EOF + + # You might want to read more about the 'discard' option i use here. + # http://asalor.blogspot.co.at/2011/08/trim-dm-crypt-problems.html + # https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29 + cat < /etc/crypttab && editor /etc/crypttab + # + root UUID=c1a685f1-d614-4694-a14c-f5dd8d646740 none luks,discard,tries=10 + data UUID=fa2b8b2a-c59b-4394-9c1d-89665450231d /etc/data_luks.key luks,discard + swap /dev/sda6 /dev/urandom swap,discard + EOF + + cat < /etc/initramfs-tools/modules && editor /etc/initramfs-tools/modules + # List of modules that you want to include in your initramfs. + # They will be loaded at boot time in the order below. + # + # Syntax: module_name [args ...] + # + # You must run update-initramfs(8) to effect this change. + # + # Examples: + # + # raid1 + # sd_mod + uvesafb mode_option=1024x768-24 mtrr=3 scroll=ywrap + dm-crypt + dm-mod + xts + aes + aes-cbc-essiv + aes-x86_64 + sha256_generic + sha512_generic + lvm + ahci + usbcore + uhci_hcd + ehci_hcd + usbhid + EOF + + # Enable your KEYMAP while entering the crypto password + echo "\nKEYMAP=y" >> /etc/initramfs-tools/initramfs.conf + + # !Dont do that on systems without nvidia/ati cards or if you want opensource drivers! + apt-get purge xserver-xorg-video-ati xserver-xorg-video-glamoregl xserver-xorg-video-intel xserver-xorg-video-neomagic xserver-xorg-video-nouveau xserver-xorg-video-radeon xserver-xorg-video-sisusb xserver-xorg-video-trident xserver-xorg-video-vmware xserver-xorg-video-all + + # Don't do this if this is a vbox guest. + apt-get remove --purge virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11 + + # Update the fresh install + apt-get dist-upgrade + + # Btrfs tools + apt-get -y install btrfs-tools + + # German Language packs + apt-get -y install firefox-l10n-de libreoffice-l10n-de thunderbird-l10n-de + + adduser ${TARGET_USERNAME} + usermod -a --groups=sudo,cdrom,floppy,audio,dip,video,plugdev ${TARGET_USERNAME} + passwd -l root + usermod -a -G fuse,sambashare ${TARGET_USERNAME} + + # Nvidia driver. + apt-get update + apt-get -y install nvidia-settings nvidia-current + nvidia-xconfig --no-logo + + # Make sure dhclient never updates resolv.conf + # See: http://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/ + cat < /etc/dhcp/dhclient-enter-hooks.d/nodnsupdatele + #!/bin/sh + make_resolv_conf(){ + : + } + EOF + cat /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate # check + + editor /etc/default/grub + GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory_swapaccount=1" + GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root" + + # Fix troubles with intel powerclamp (unresponsive ui on high load): + cat < /etc/modprobe.d/blacklist-power.conf + # See: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1389077 + blacklist intel_powerclamp + blacklist intel_rapl + EOF + + update-initramfs -k all -u + update-grub + + grub-install /dev/sda + + exit + +#### Restore latest backintime backup of /home + + export TARGET_USERNAME=pcdummy + rsync -avP /media/mint/Backup_T410/backintime/ThinkPad-T410/root/1/last_snapshot/backup/home/${TARGET_USERNAME}/ /target/home/${TARGET_USERNAME}/ + mkdir /target/home/${TARGET_USERNAME}/exchange + chown -R 1000:1000 /target/home/${TARGET_USERNAME} + +#### Reboot + + sync + reboot + +#### Install usefull stuff. +Speed :) + + sudo apt-get -y install readahead-fedora preload + +#### Mate Desktop +You can savely skip this step if you installed with your system with the ubuntu-mate dvd + + sudo apt-add-repository -y ppa:ubuntu-mate-dev/ppa + sudo apt-get update + sudo apt-get install -y ubuntu-mate-desktop + sudo apt-get install -y synaptic + +Mate tool: + + sudo apt-get -y install mate-tweak mate-utils + +Mint Menu, [found here](https://webcache.googleusercontent.com/search?q=cache:mBkdLXwuIO0J:linuxg.net/how-to-install-mintmenu-5-5-2-on-ubuntu-mate-14-10-and-ubuntu-mate-14-04/+&cd=4&hl=de&ct=clnk&gl=at&client=ubuntu) + + pushd . + sudo apt-get -y install gdebi + cd $HOME/Software + wget ppa.launchpad.net/eugenesan/ppa/ubuntu/pool/main/m/mintmenu/mintmenu_5.5.2-0~eugenesan~trusty1_all.deb + sudo gdebi mintmenu_5.5.2-0~eugenesan~trusty1_all.deb + popd + + sudo apt-get -y install mate-menu + +Applets [mate-applets](https://github.com/mate-desktop/mate-applets) and [mate-netspeed](https://github.com/mate-desktop/mate-netspeed) + + sudo apt-get -y install mate-applets mate-netspeed mate-system-monitor + +User share(s) (over samba) + + sudo apt-get -y install caja-share + +Usefull caja plugins + + sudo apt-get -y install caja-gksu caja-sendto + + +#### Replace /bin/sh (dash) with /bin/bash so advanced .bash_profile scripts work +I had the problem with "gvm" a while, it's very bash specific and without it i don't have a GOPATH, +which is very bad in conjunction with the Atom plugins i use. + + sudo sed -i -e's|#!/bin/sh|#!/bin/bash --login|' /etc/gdm/Xsession + sudo sed -i -e's|#!/bin/sh|#!/bin/bash --login|' /etc/mdm/Xsession + mv $HOME/.profile $HOME/.bash_profile + + +#### Samba for (caja|nemo)-share [ubuntuusers wiki (german)](http://wiki.ubuntuusers.de/Samba_Server/net_usershare) + + sudo cp /usr/share/samba/smb.conf /etc/samba/ + +Don't do that if you want samba accessible from other computers (M$ ones as example). +!Let samba listen only on the virt hostonly interface! + + sudo sed -i -e's/interfaces = 127.0.0.0/8 eth0/interfaces = 127.0.0.0/8 192.168.100.1/' /etc/samba/smb.conf + sudo sed -i -e's/unix password sync = yes/unix password sync = no/' /etc/samba/smb.conf + sudo sed -i -e's/; usershare max shares = 100/ usershare max shares = 100/' /etc/samba/smb.conf + sudo sed -i -e's/; bind interfaces only = yes/ bind interfaces only = yes/' /etc/samba/smb.conf + sudo service smbd restart + sudo service nmbd restart + +#### Virtual development environment + + sudo add-apt-repository -y ppa:apparmor-dev/apparmor-backports + sudo add-apt-repository -y ppa:jacob/virtualisation + sudo add-apt-repository -y ppa:ubuntu-lxc/daily + sudo apt-get update + sudo apt-get -y install libvirt-bin virt-manager qemu qemu-kvm qemu-system spice-client python-spice-client-gtk bridge-utils ebtables virt-top + sudo apt-get -y install lxc cgmanager uidmap lxc-templates + sudo apt-get -y install system-config-samba # To setup sharing's for windows guests. + sudo usermod -a -G libvirtd $SUDO_USER + +Playing with OpenVSwitch + + sudo apt-get -y install openvswitch-switch ethtool + +Copy configurations of storages,networks and hosts from the backup. + + service libvirt-bin stop + sudo rsync -avP --delete /media/pcdummy/Backup_T410/backintime/ThinkPad-T410/root/1/last_snapshot/backup/etc/libvirt /etc/libvirt/ + +Link libvirt images to data + + sudo mkdir /data/libvirt-images + sudo chown libvirt-qemu:kvm /data/libvirt-images + sudo chmod 700 /data/libvirt-images + sudo rm -rf /var/lib/libvirt/images + sudo ln -s /data/libvirt-images /var/lib/libvirt/images + service libvirt-bin start + +Libvirt optimisations take from [Peter Kieser`s blog](https://peterkieser.com/2014/06/27/new-kvm-deployment-bugs-and-recommendations-ubuntu-14-04-qemu-2-0-libvirt-1-2-4-linux-3-10/) + + sudo cat <> /etc/sysctl.conf + # KVM Tunning, see: https://peterkieser.com/2014/06/27/new-kvm-deployment-bugs-and-recommendations-ubuntu-14-04-qemu-2-0-libvirt-1-2-4-linux-3-10 + kernel.sched_min_granularity_ns=10000000 + kernel.sched_wakeup_granularity_ns=15000000 + vm.dirty_ratio=10 + vm.dirty_background_ratio=5 + vm.swappiness=10 + EOF + sudo sysctl -f /etc/sysctl.conf + + echo "options vhost_net experimental_zcopytx=0" | tee -a /etc/modprobe.d/vhost-net.conf > /dev/null + sudo modprobe vhost_net experimental_zcopytx=0 + + sudo sed -i -e's|VHOST_NET_ENABLED=0|VHOST_NET_ENABLED=1|' /etc/default/qemu-kvm + sudo service qemu-kvm restart + +Flockport + + pushd . + cd $HOME/Downloads + wget http://repo.flockport.com/debian/pool/main/f/flockport/flockport_0.1.0_all.deb + sudo dpkg -i flockport_0.1.0_all.deb; apt-get -y install -f + popd + +My bridge where i ran all these virtualisation stuff over. + + sudo sh -c 'cat < /etc/default/lxc-net + USE_LXC_BRIDGE="true" + LXC_BRIDGE="mlabnatbr0" + LXC_ADDR="10.167.161.1" + LXC_NETMASK="255.255.255.0" + LXC_NETWORK="10.167.161.0/24" + LXC_DHCP_RANGE="10.167.161.100,10.167.161.254" + LXC_DHCP_MAX="153" + LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf + LXC_DOMAIN="mlabnat.pcdummy.lan" + EOF' + +Do not start dnsmasq on the mlabnatbr0. + + sudo sed -i -e's|except-interface=lxcbr0|except-interface=mlabnatbr0|' /etc/dnsmasq.d-available/lxc + +Make mlabnatbr0 the default for lxc + + sudo sh -c 'cat < /etc/lxc/default.conf + lxc.network.type = veth + lxc.network.link = mlabnatbr0 + lxc.network.flags = up + lxc.network.hwaddr = 00:16:3e:xx:xx:xx + EOF' + + sudo apt-get -y install radvd + sudo sh -c 'cat < /etc/radvd.conf + interface mlabnatbr0 + { + # Advertise + AdvSendAdvert on; + + # Maximum time between RAs + MaxRtrAdvInterval 60; + + AdvManagedFlag on; + + prefix fd57:c87d:f1ee:ee01::1/64 + { + # We are the only router. If we shut down, nobody else can route + # this prefix -- tell clients about this. + DeprecatePrefix on; + }; + }; + EOF' + + sudo sh -c 'cat < /etc/lxc/dnsmasq.conf + dhcp-range=::add:0:0:100,::add:0:0:1e3, constructor:mlabnatbr0, 12h + + dhcp-option=option:all-subnets-local,1 + dhcp-option=option6:dns-server,[::] + dhcp-option=option6:ntp-server,[::] + dhcp-option=option:domain-search,mlabnat.pcdummy.lan + EOF' + +Bridge for my firewall inside lxc, follow this [guide](https://www.happyassassin.net/2014/07/23/bridged-networking-for-libvirt-with-networkmanager-2014-fedora-21/) + +HostOnly bridges for my firewall running inside lxc + + sudo sh -c 'cat < /etc/network/interfaces.d/mlablanbr0 + auto mlablanbr0 + iface mlablanbr0 inet static + address 10.167.162.254 + netmask 255.255.255.0 + broadcast 10.167.162.255 + bridge_ports none + bridge_fd 0 + bridge_waitport 0 + bridge_stp off + iface mlablanbr0 inet6 static + address fd57:c87d:f1ee:ee02:d:e:f:254 + netmask 64 + EOF' + sudo ifup mlablanbr0 + echo 'lxd veth mlablanbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null + +By default other lxc hosts will go over my firewall inside lxc. + + sudo sed -i -e's|lxc.network.link = lxcbr0|lxc.network.link = mlablanbr0|' /etc/lxc/default.conf + +Another HostOnly bridge for testing stuff (basicaly i'm testing OSPF and OSPFv3 over it) + + sudo sh -c 'cat < /etc/network/interfaces.d/mlabgwbr0 + auto mlabgwbr0 + iface mlabgwbr0 inet static + address 10.167.163.254 + netmask 255.255.255.0 + broadcast 10.167.163.255 + bridge_ports none + bridge_fd 0 + bridge_waitport 0 + bridge_stp off + EOF' + sudo ifup mlabgwbr0 + echo 'lxd veth mlabgwbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null + +Restart lxc-net, radvd and lxc itself + + sudo service lxc-net restart + sudo service radvd restart + sudo service lxc restart + +#### Evernote on Linux + + sudo add-apt-repository -y ppa:vincent-c/nevernote + sudo apt-get update + sudo apt-get -y install nixnote + +#### Git repository viewer + + sudo apt-get -y install git-cola fldiff + +#### KeePass 2: Password manager + + sudo add-apt-repository -y ppa:dlech/keepass2-plugins + sudo apt-get update + sudo apt-get -y install keepass2 mono-dmcs mono-complete libmono-system-management4.0-cil keepass2-plugin-rpc xul-ext-keefox xul-ext-keebird keepass2-plugin-keepasshttp + +#### Go Development with [gvm](https://github.com/moovweb/gvm) +install deps: + + sudo apt-get install curl git mercurial make binutils bison gcc build-essential + +Install gvm (if you have my bashrc.d/) thing: + + GVM_NO_UPDATE_PROFILE=1 bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer) + echo 'source /home/pcdummy/.gvm/scripts/gvm' > $HOME/.bashrc.d/gvm + chmod +x $HOME/.bashrc.d/gvm + source $HOME/.bashrc.d/gvm + +else: + + bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer) + source /home/pcdummy/.gvm/scripts/gvm + +Get go versions: + + gvm listall + +Install a go version with gvm (latest at time of writing): + + gvm install 1.4.1 + +And "use" it: + + gvm use 1.4.1 + +Now you can install for example [hugo](https://github.com/spf13/hugo): + + go get -v github.com/spf13/hugo + +#### Python Development with [PyEnv](https://github.com/yyuu/pyenv-installer) +Nice howto on that from [davebehnke.com](http://davebehnke.com/python-pyenv-ubuntu.html) + +pip3, tox, nose and coverage and two python modules i use + + sudo apt-get -y install python3-pip python3-dev python3-wheel python-tox python3-nose python3-coverage + sudo pip3 install datadiff + sudo pip3 install testfixtures + +Install pyenv and its requirements + + sudo apt-get install -y make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm + curl -L https://raw.githubusercontent.com/yyuu/pyenv-installer/master/bin/pyenv-installer | bash + +Put in ~/.bashrc or if you have my bashrc.d/ thing in ~/.bashrc.d/pyenv + + export PATH="$HOME/.pyenv/bin:$PATH" + eval "$(pyenv init -)" + eval "$(pyenv virtualenv-init -)" + +If you have my ~/.bashrc.d/ thing + + chmod +x ~/.bashrc.d/pyenv + +Activate pyenv and install the latest python available (at the time of writing) + + source $HOME/.bashrc.d/pyenv + pyenv install 3.4.2 + +Use ```pyenv install -l``` to get a list of available versions. + +To install pypy with pyenv + + pyenv install pypy3-2.4.0-src + +#### Mono development environment + +[Binary dist from simendjso.me](http://simendsjo.me/files/abothe/readme.txt) + + wget http://simendsjo.me/files/abothe/MonoDevelop.x64.Master.tar.xz + sudo tar -xPf MonoDevelop.x64.Master.tar.xz -C / + rm -f MonoDevelop.x64.Master.tar.xz + +#### C++ editors + + sudo apt-get -y install eclipse-cdt qtcreator qtcreator-doc + +#### Qt Tools + + sudo apt-get -y install qt4-dev-tools qt4-qmlviewer + +#### [Syncthing](http://syncthing.net/) + + sudo add-apt-repository -y ppa:ytvwld/syncthing + sudo add-apt-repository -y ppa:nilarimogard/webupd8 + sudo apt-get update + sudo apt-get -y install syncthing syncthing-gtk + +#### Encfs for syncthing +Additional security on my syncthing targets. +This is **considered as insecure** ... but better than plain, see [the audit from defuse.ca](https://defuse.ca/audits/encfs.htm) + + sudo add-apt-repository -y ppa:gencfsm/ppa + sudo apt-get update + sudo apt-get -y install gnome-encfs-manager nemo-seahorse + +#### ~~Dropbox~~ +No more Dropbox, using Syncthing now. + + + sudo apt-get -y purge dropbox + sudo apt-get -y install caja-dropbox + +Disable "Lan Sync" (opens port i don't want) + + caja-dropbox lansync n + +#### Quassel IRC Client (git/development version!). I have a quassel-core (means server) somewhere in the wild. + + sudo add-apt-repository -y ppa:mamarley/quassel-git + sudo apt-get update + sudo apt-get -y install quassel-client + +#### Skype + + sudo dpkg --add-architecture i386 + sudo apt-get update + wget -O skype-install.deb http://www.skype.com/go/getskype-linux-deb + sudo dpkg -i skype-install.deb; sudo apt-get -f install + rm -f skype-install.deb + +#### SixXS Automatic IPv6 Connectivity Client Utility + + sudo apt-get -y install aiccu + +##### NetworkManager + aiccu integration. + +Activate the script you will get after for ``eth0``, ``wlan0`` und ``ppp0`` + + echo "\n# NetworkManager restart when this interfaces go up/down." | sudo tee -a /etc/default/aiccu 1>/dev/null + echo 'AICCU_RESTART_INTERFACES="eth0 wlan0 ppp0"' | sudo tee -a /etc/default/aiccu 1>/dev/null + +Install the [script](https://gist.githubusercontent.com/pcdummy/71fb385761e8e5be6687/raw/99-aiccu.sh) + + pushd . + cd $HOME/Downloads + wget https://gist.githubusercontent.com/pcdummy/71fb385761e8e5be6687/raw/99-aiccu.sh + sudo mv 99-aiccu.sh /etc/NetworkManager/dispatcher.d/ + sudo chown root:root /etc/NetworkManager/dispatcher.d/99-aiccu.sh + sudo chmod 755 /etc/NetworkManager/dispatcher.d/99-aiccu + popd + +Disabled AICCU for now as i have it on my firewall. + + echo manual | sudo tee /etc/init/aiccu.override + +#### OpenVPN client + + sudo apt-get -y install network-manager-openvpn-gnome + +#### Remote desktop (RDP+VNC) clients/managers - i use gnome-rdp and remmina (slowly switching over to remmina). + + sudo apt-get -y install gnome-rdp remmina-plugin-rdp remmina-plugin-vnc libfreerdp-plugins-standard rdesktop xtightvncviewer + +#### Fancy terminal with transparency. + + sudo apt-get -y install xfce4-terminal + +Set xfce4 to the default terminal in gnome and cinnamon, +You can do this also by opening Systemsettings->preferred applicatons and editing "Terminal" + + gsettings set org.gnome.desktop.default-applications.terminal exec /usr/bin/xfce4-terminal + gsettings set org.gnome.desktop.default-applications.terminal exec-arg "-x" + gsettings set org.cinnamon.desktop.default-applications.terminal exec /usr/bin/xfce4-terminal + gsettings set org.cinnamon.desktop.default-applications.terminal exec-arg "-x" + +Change "Ctrl+Shift+A" to "Ctrl+A" for byobu/tmux + + cat < ~/.config/xfce4/terminal/accels.scm + ; gnome-terminal GtkAccelMap rc-file -*- scheme -*- + (gtk_accel_path "/terminal-window/select-all" "a") + EOF + +#### Vagrant + virtualbox (vBox is widely used with vagrant), libvirt and lxc + + sudo apt-get -y install virtualbox-qt + sudo apt-get -y install build-essential zlib1g-dev git-core + sudo apt-get -y install bundler # for plugin development. + +Download vagrant [here](https://dl.bintray.com/mitchellh/vagrant/) + + pushd . + mkdir -p ~/Software && cd ~/Software + curl -LO https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb + sudo dpkg -i vagrant_1.7.2_x86_64.deb; sudo apt-get -y install -f + popd . + +Installs the latest VBox additions to the guest + + vagrant plugin install vagrant-vbguest + +Speeds up Vagrant Provisoning + + vagrant plugin install vagrant-cachier + +KVM (with libvirt support) Plugin [vagrant-kvm](https://github.com/adrahon/vagrant-kvm/) and [vagrant-kvm issue #258](https://github.com/adrahon/vagrant-kvm/issues/258) + + sudo apt-get -y install apparmor-utils + sudo aa-complain /usr/lib/libvirt/virt-aa-helper + pushd . + mkdir -p ~/Software && cd ~/Software + git clone https://github.com/adrahon/vagrant-kvm.git + cd vagrant-kvm + ./install.rb # Took ages. + popd + +Box [converter Plugin](https://github.com/sciurus/vagrant-mutate) (using it to convert vbox downloads to libvirt) + + vagrant plugin install vagrant-mutate + +LXC Plugin [vagrant-lxc](https://github.com/fgrehm/vagrant-lxc) + + vagrant plugin install vagrant-lxc + +#### Moving stuff to the XFS on /data +Vagrant Boxes (its download) and tmp on XFS (you could extend this with ACLs for multi user support) + + sudo mkdir -p /data/vagrant/boxes + sudo chown -R ${USERNAME}:${USERNAME} /data/vagrant/boxes + ln -s /data/vagrant/boxes $HOME/.vagrant.d/boxes + sudo mkdir -p /data/vagrant/${USERNAME}/tmp + sudo chown -R ${USERNAME}:${USERNAME} /data/vagrant/${USERNAME} + ln -s /data/vagrant/${USERNAME}/tmp $HOME/.vagrant.d/tmp + +VirtualBox on XFS (i have all Hypervisor images on XFS) + + sudo mkdir -p /data/virtualbox/${USERNAME} + sudo chown -R ${USERNAME}:${USERNAME} /data/virtualbox/${USERNAME} + # Make a symbolic so you can access your virtualbox home by ~/VirtualBox\ VMs + ln -s /data/virtualbox/${USERNAME} $HOME/VirtualBox\ VMs + +REMEMBER You cannot run libvirt-bin (KVM/Qemu) and Virtualbox at the same time + +to switch to virtualbox + + $ sudo service libvirt-bin stop + +back to libvirt + + $ sudo service libvirt-bin start + +#### Wine with 32bit default + + sudo add-apt-repository -y ppa:ubuntu-wine/ppa + sudo apt-get update + sudo apt-get -y install wine1.7 + + # Set wine to 32bit by default + cat <> ~/.profile + + # Set wine to 32bit + WINEARCH=win32 + WINEPREFIX=$HOME/.wine32 + EOF + + source $HOME/.profile + +#### Ebook Manager (i use it to categorize my PDF's and sometimes to populate eBook Readers) + + sudo apt-get -y install calibre python-dnspython + +#### Yumi: see [pendrivelinux](http://www.pendrivelinux.com/yumi-multiboot-usb-creator/) + +* [Advanced YUMI Usage and Intro](https://smyl.es/tutorial-how-to-build-the-ultimate-custom-usb-drive-with-multiple-bootable-installs-for-windows-and-linux-and-portableapps-for-windows/) +* [HOWTO](https://appdb.winehq.org/objectManager.php?sClass=version&iId=31222) +* [Also nice for manual editing](http://techsoncall.wordpress.com/2013/02/21/how-to-create-a-multi-windows-usb-drive/) +I use windows on a VM to create the initial usb stick. + + mkdir $HOME/Software + cd $HOME/Software + wget http://www.pendrivelinux.com/downloads/YUMI/YUMI-2.0.1.2.exe + +Start YUMI: + + wine $HOME/Software/YUMI-2.0.1.2.exe + +#### Google Chrome OpenSource - Chromium + + sudo apt-get -y install chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra + +#### Proxydriver to set one proxy per network. + + pushd . + mkdir $HOME/Software; cd $HOME/Software; + wget https://raw.githubusercontent.com/jimlawton/proxydriver/master/proxydriver.sh + chmod 755 proxydriver.sh + sudo cp proxydriver.sh /etc/NetworkManager/dispatcher.d/99-proxydriver.sh + sudo chown root:root /etc/NetworkManager/dispatcher.d/99-proxydriver.sh + popd + +#### Misc + + sudo apt-get -y install apt-rdepends apt-file atop tree ipython ipython3 dconf-editor iperf hashalot ppa-purge pwgen sysstat sysfsutils smbclient + sudo apt-get -y install automake # for autotools based projects. + sudo apt-get -y install cu # Serial Console Client + +#### For Node.js based tools: https://www.npmjs.com/ +Prerequisit for Atom. + + sudo apt-get -y install node npm + +#### [Atom](https://atom.io/) editor +[He](http://www.atomtips.com/atom-editor-vs-sublime-text/) explains my reasons to switch to Atom from Sublime quiet good + + sudo add-apt-repository -y ppa:webupd8team/atom + sudo apt-get update + sudo apt-get -y install atom + apm install project-manager + apm install linter # https://atom.io/packages/linter + apm install monokai + apm install autocomplete-plus + apm install git-control + apm install merge-conflicts + apm install clipboard-history + apm install minimap + apm install minimap-git-diff + apm install go-to-line + +Go (golang) autocomplete [go-plus](https://atom.io/packages/go-plus) + + go get -u -v github.com/nsf/gocode + go get -u -v github.com/golang/lint/golint + go get golang.org/x/tools/cmd/goimports + apm install go-plus + go get -u -v code.google.com/p/rog-go/exp/cmd/godef + apm install godef + go get code.google.com/p/go.tools/cmd/oracle + apm install go-oracle + +Python Flake8 linter for atom, i'm using the python3 variant as i develop for python 3.x + + sudo pip3 install flake8 + apm install linter-flake8 + +Python autocomplete for atom + + sudo apt-get -y purge python3-jedi python-jedi + apm install autocomplete-jedi + +Python import sorter +[python-isort](https://github.com/timothycrosley/isort) +[atom python-isor](https://atom.io/packages/python-isort) + + sudo pip install isort + apm install python-isort + +Navigator :) + + apm install atom-ctags + +Upgrade all packages from time to time + + apm upgrade + +#### Custom DNS for various "internal" Domains +[Found here](http://www.vojcik.net/configure-different-dns-resolvers-for-domains-in-ubuntu/), replace example*.local with your own domain(s). +One domain per entry. + + # First + echo "server=/example1.local/2001:db8:dead:beef::71" | sudo tee -a /etc/NetworkManager/dnsmasq.d/example1.local 1>/dev/null + # Second + echo "server=/example2.local/2001:db8:dead:beef::71" | sudo tee -a /etc/NetworkManager/dnsmasq.d/example2.local 1>/dev/null + sudo service network-manager restart + +#### [LXD](https://github.com/lxc/lxd) Playing + sudo add-apt-repository -y ppa:ubuntu-lxc/lxd-daily + sudo apt-get update + sudo apt-get -y install lxc lxc-dev mercurial git pkg-config golang golang-go.tools + + mkdir -p ~/go + echo "# Ubuntu GO\nexport GOPATH=~/go" >> $HOME/.profile + source $HOME/.profile + go get github.com/lxc/lxd + cd $GOPATH/src/github.com/lxc/lxd + go get -v -d ./... + make + + sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd # /bin/bash so i can "ssh lxd@localhost" + sudo usermod -a -G lxd pcdummy + # Give lxd 99 uid/gid ranges to map. + for i in {1..99}; do + sudo usermod --add-subuids ${i}00000-${i}65536 lxd + sudo usermod --add-subgids ${i}00000-${i}65536 lxd + done # This takes a while + sudo mkdir /var/lib/lxd + sudo chown lxd:lxd /var/lib/lxd + sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/ + sudo sudo -H -u lxd sh -c 'cat < /var/lib/lxd/.config/lxc/default.conf + lxc.include = /etc/lxc/default.conf + lxc.id_map = u 0 100000 65537 + lxc.id_map = g 0 100000 65537 + EOF' + +For "ssh lxd@localhost" + + sudo apt-get -y install openssh-server + sudo mkdir /var/lib/lxd/.ssh/ + sudo cp $HOME/.ssh/workkey.pub /var/lib/lxd/.ssh/authorized_keys + sudo chown -R lxd:lxd /var/lib/lxd/.ssh/ + +Networking for lxd + + echo 'lxd veth mlabnatbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null + sudo service lxc restart + +#### Enable .local resolving (for my Employers Network) +[Found here](http://www.hexblot.com/blog/resolving-local-domains-linux) + + set -i -e's/hosts: files mdns4_minimal \[NOTFOUND=return\] dns/hosts: files dns mdns4_minimal [NOTFOUND=return]/' /etc/nsswitch.conf + +#### Disable gnome-keyring-daemon ssh component, see [this](http://dtek.net/blog/how-stop-gnome-keyring-clobbering-opensshs-ssh-agent-ubuntu-1204) + + sudo mv /etc/xdg/autostart/gnome-keyring-ssh.desktop /etc/xdg/autostart/gnome-keyring-ssh.desktop.disabled + +#### IOZone and https://code.google.com/p/iozone-results-comparator + + sudo apt-get -y install iozone python-scipy python-matplotlib python-jinja2 + mkdir $HOME/Software + cd $HOME/Software + git clone https://code.google.com/p/iozone-results-comparator/ + +#### Firefox [Flash+Silverlight](http://www.webupd8.org/2013/08/pipelight-use-silverlight-in-your-linux.html) - Silverlight for Maxdome and other streamers. + + sudo add-apt-repository -y ppa:pipelight/stable + sudo apt-get update + sudo apt-get -y install --install-recommends pipelight-multi + sudo pipelight-plugin --update + pipelight-plugin --enable silverlight + pipelight-plugin --enable flash + +#### Citrix Receiver + +Goto https://receiver.citrix.com and download the .deb version + + pushd . + cd Downloads + sudo dpkg -i icaclient_13.1.0.285639_amd64.deb; sudo apt-get install -f + popd + +#### [Bedup](https://github.com/g2p/bedup) testing + + sudo apt-get -y install python-pip + test -d $HOME/bin || mkdir $HOME/bin + sudo apt-get -y install libffi-dev + pip install --user cffi + cd $HOME/Software + git clone git@github.com:g2p/bedup.git + cd bedup/ + git submodule update --init + + # Fixing https://github.com/g2p/bedup/issues/55 + cat < autorun.sh + #!/bin/sh + x-terminal-emulator -e bash -c ' + sudo $PWD/btrfs-backup.py /home $PWD/home + sudo $PWD/btrfs-backup.py / $PWD/system + echo "" && + echo "" && + read -p "Press any key to close this window"' + EOF + + chmod +x autorun.sh + + popd + sudo umount /mnt/backup && sudo rm -rf /mnt/backup + +unplug, plugin in, mount with nautilus/caja/nemo, press "Execute" and see the backup running :-) + + +#### Android SDK and fastboot +Thanks to [lifehacker.com](http://lifehacker.com/the-easiest-way-to-install-androids-adb-and-fastboot-to-1586992378) + + sudo add-apt-repository -y ppa:phablet-team/tools + sudo apt-get update + sudo apt-get -y install android-tools-adb android-tools-fastboot diff --git a/content/post/install-ubuntu-vivid.md b/content/post/install-ubuntu-vivid.md new file mode 100644 index 0000000..f60c609 --- /dev/null +++ b/content/post/install-ubuntu-vivid.md @@ -0,0 +1,490 @@ +--- +date: 2015-06-10T13:00:00+01:00 +title: My installation of Ubuntu Mate 15.04 (Vivid) +author: pcdummy +tags: + - Ubuntu + - My Installation + - Crypto root + - BTRFS + - lxc +--- + +This is my own documentation of my installation, i assume you have installed +[Ubuntu Mate 14.10](/2015/04/05/install-ubuntu-trusty/) before. + +**Grub** + **cryptoroot** + **BTRFS** works a lot better with **Vivid**, yeah! + +#### Features + +* Latest Ubuntu Mate +* Encrypted disk +* BTRFS root, home and stuff i keep between sys updates. + +#### Install Linux from a livecd +* Start from the livecd +* Go to Control Center->Hardware->Keyboard and set the keyboard to german nodeadkeys +* connect to the internet + +#### Get root and install BTRFS Tools + + sudo -s -H + apt-get -y install btrfs-tools + +#### Decrypt the root + + cryptsetup --allow-discards luksOpen /dev/sda2 root + +#### Create the root subvolume + + mkdir /mnt/btrfs + mount -o subvolid=0,compress=lzo,recovery,noatime /dev/mapper/root /mnt/btrfs + btrfs subvolume create /mnt/btrfs/\@ubuntu_15.04 + +#### Mount the new Subvolume to /target + + mkdir /target + mount -o subvol=@ubuntu_15.04,compress=lzo,recovery,noatime /dev/mapper/root /target + mkdir -p /target/var/lib/lxc + mkdir -p /target/opt/mono + mkdir -p /target/mnt/btrfs + +#### Rsync /rofs to /target + + rsync -avP /rofs /target + +#### Copy stuff from 14.10 to 15.04 + + cp /etc/mtab /target/etc/ + + export from='/mnt/btrfs/@ubuntu_14.10' + cp -a $from/etc/hosts /target/etc/ + cp -a $from/etc/hostname /target/etc/ + cp -a $from/etc/sysctl.conf /target/etc/ + cp -a $from/etc/sudoers /target/etc/ + cp -a $from/etc/crypttab /target/etc/ + cp -a $from/etc/fstab /target/etc/ + sed -i -e's/@ubuntu_14.10/@ubuntu_15.04/' /target/etc/fstab + cp -a $from/etc/data_luks.key /target/etc/ + cp -a $from/etc/initramfs-tools/modules /target/etc/initramfs-tools + cp -a $from/etc/NetworkManager/system-connections/* /etc/NetworkManager/system-connections/ + cp -pfra $from/etc/NetworkManager/dnsmasq.d/* /target/etc/NetworkManager/dnsmasq.d/ + cp -a $from/etc/samba/smb.conf /target/etc/samba/ + rsync -avP $from/etc/libvirt/ /target/etc/libvirt/ + +#### Chroot to /target + + mount -o bind,rw /dev /target/dev + mount -o bind,rw /proc /target/proc + mount -o bind,rw /sys /target/sys + mount -o bind,rw /dev/pts /target/dev/pts + mount -o bind,rw /run /target/run + + chroot /target /bin/bash + + export TARGET_USERNAME=$SUDO_USER + rm -f /usr/lib/locale/locale-archive + locale-gen de_AT.UTF-8 en_US.UTF-8 de_AT en_US + update-locale LANG=de_AT.UTF-8 + export LANG=de_AT.UTF-8 + dpkg-reconfigure keyboard-configuration + dpkg-reconfigure tzdata + +#### Make sure dhclient never updates resolv.conf +See: http://www.cyberciti.biz/faq/dhclient-etcresolvconf-hooks/ + + cat < /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate + #!/bin/sh + make_resolv_conf(){ + : + } + EOF + cat /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate # check + +#### Create your user + + export TARGET_USERNAME="pcdummy" + adduser --no-create-home ${TARGET_USERNAME} + usermod -a --groups=sudo,cdrom,floppy,audio,dip,video,plugdev ${TARGET_USERNAME} + passwd -l root + usermod -a -G fuse ${TARGET_USERNAME} + +#### Update the fresh install (still in chroot) + + sed -i -e's/archive.ubuntu/ch.archive.ubuntu/g' /etc/apt/sources.list + apt-get update && apt-get -yy dist-upgrade + +#### Update grub. + + cat <<'EOF' > /etc/default/grub + GRUB_DEFAULT=0 + GRUB_TIMEOUT=10 + GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` + GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1 kopt=root=/dev/mapper/root quiet splash" + #GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:root" + GRUB_ENABLE_CRYPTODISK=y + GRUB_PRELOAD_MODULES="luks cryptodisk gcry_rijndael gcry_sha1" + EOF' + + update-grub + +#### My favorite console text editor and aptitude. + + apt-get -yy install vim vim-scripts aptitude + update-alternatives --set editor /usr/bin/vim.basic + +#### Remove live installer + + apt-get -yy purge casper ubiquity && apt-get -yy autoremove + + +#### German Language packs and suggestions + + apt-get -yy install firefox-locale-de libreoffice-l10n-de thunderbird-locale-de hyphen-de libreoffice-help-de mythes-de thunderbird-gnome-support ttf-lyx myspell-de-at + + +#### Nvidia driver. + + apt-get update + apt-get -yy install nvidia-settings nvidia-current + nvidia-xconfig --no-logo + +#### Install usefull stuff. +Speed :) + + sudo apt-get -y install readahead-fedora preload nscd + +#### Reboot + + reboot + + +#### Gnome-encfs-manager + + sudo add-apt-repository -y ppa:gencfsm/ppa + sudo apt-get update + sudo apt-get -y install gnome-encfs-manager + +#### [Atom](https://atom.io/) text editor +[He](http://www.atomtips.com/atom-editor-vs-sublime-text/) explains my reasons to switch to Atom from Sublime quiet good + + sudo add-apt-repository -y ppa:webupd8team/atom + sudo apt-get update + sudo apt-get -y install atom nodejs git + +#### Geany text editor + +sudo aptitude install 'geany-plugins' geany-plugin-py geany-plugin-treebrowser geany-plugin-vc + +#### Evernote on Linux + +funktioniert nicht +. sudo add-apt-repository -y ppa:vincent-c/nevernote +. sudo apt-get update +. sudo apt-get -y install nixnote + +#### Virtual development environment + + sudo add-apt-repository -y ppa:jacob/virtualisation + sudo add-apt-repository -y ppa:ubuntu-lxc/lxc-stable + sudo apt-get -y install libvirt-bin virt-manager qemu qemu-kvm qemu-system spice-client python-spice-client-gtk bridge-utils ebtables virt-top + sudo apt-get -y install lxc cgmanager uidmap lxc-templates + sudo apt-get -y install system-config-samba # To setup sharing's for windows guests. + sudo usermod -a -G libvirtd $SUDO_USER + +#### Playing with OpenVSwitch + + sudo apt-get -y install openvswitch-switch ethtool + +#### Git repository viewer + + sudo apt-get -y install git-cola fldiff + +#### KeePass 2: Password manager + + sudo add-apt-repository -y ppa:dlech/keepass2-plugins + sudo apt-get update + sudo apt-get -y install keepass2 mono-dmcs mono-complete libmono-system-management4.0-cil keepass2-plugin-rpc xul-ext-keefox xul-ext-keebird keepass2-plugin-keepasshttp + +#### Go Development with [gvm](https://github.com/moovweb/gvm) +install deps: + + sudo apt-get install curl git mercurial make binutils bison gcc build-essential + +#### Python Development with [PyEnv](https://github.com/yyuu/pyenv-installer) +Nice howto on that from [davebehnke.com](http://davebehnke.com/python-pyenv-ubuntu.html) + + sudo apt-get -y install python3-pip python3-dev python3-wheel python-tox python3-nose python3-coverage make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm + + sudo add-apt-repository -y ppa:ytvwld/syncthing + sudo add-apt-repository -y ppa:nilarimogard/webupd8 + sudo apt-get update + sudo apt-get -y install syncthing syncthing-gtk + +#### Quassel IRC Client (git/development version!). I have a quassel-core (means server) somewhere in the wild. + + sudo add-apt-repository -y ppa:mamarley/quassel-git + sudo apt-get update + sudo apt-get -y install quassel-client + +#### Skype + + sudo dpkg --add-architecture i386 + sudo apt-get update + wget -O skype-install.deb http://www.skype.com/go/getskype-linux-deb + sudo dpkg -i skype-install.deb; sudo apt-get -f install + rm -f skype-install.deb + +#### Remote desktop (RDP+VNC) clients/managers - i use gnome-rdp and remmina (slowly switching over to remmina). + + sudo apt-get -y install gnome-rdp remmina-plugin-rdp remmina-plugin-vnc libfreerdp-plugins-standard rdesktop xtightvncviewer + +#### OpenVPN client + + sudo apt-get -y install network-manager-openvpn-gnome + +#### IPSec client + + sudo apt-get -y install network-manager-vpnc-gnome + +#### Tranmission Remote (for my apu1d4 :) ) + + sudo apt-get -y install transmission-remote-gtk + +#### PHP Dev + + sudo apt-get -y install php5-cli php5-pear php-dev php-apc + +#### Java Web start (for Cisco ASDM) + + sudo apt-get -y install icedtea-7-plugin + + +#### Citrix Receiver + +Goto https://receiver.citrix.com and download the .deb version + + pushd . + cd Downloads + sudo dpkg -i icaclient_13.1.0.285639_amd64.deb; sudo apt-get install -f + popd + + +#### Audiograbber on Linux + + sudo apt-get -y install install sound-juicer + +#### Audio file tag editor + + sudo apt-get -y install puddletag + +#### Softether VPN + + sudo add-apt-repository -y ppa:paskal-07/softethervpn + sudo sed -i -e's|vivid|trusty|g' /etc/apt/sources.list.d/paskal-07-ubuntu-softethervpn-vivid.list + sudo apt-get update + sudo apt-get -y install softether-vpnclient + + sudo vpnclient start + + +Create a VPN connection: + + pcdummy@ThinkPad-T410:~$ vpncmd + vpncmd command - SoftEther VPN Command Line Management Utility + SoftEther VPN Command Line Management Utility (vpncmd command) + Version 4.17 Build 9562 (English) + Compiled 2015/05/30 17:41:38 by yagi at pc30 + Copyright (c) SoftEther VPN Project. All Rights Reserved. + + By using vpncmd program, the following can be achieved. + + 1. Management of VPN Server or VPN Bridge + 2. Management of VPN Client + 3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool) + + Select 1, 2 or 3: 2 + + Specify the host name or IP address of the computer that the destination VPN Client is operating on. + If nothing is input and Enter is pressed, connection will be made to localhost (this computer). + Hostname of IP Address of Destination: + + Connected to VPN Client "localhost". + + VPN Client>AccountCreate + AccountCreate command - Create New VPN Connection Setting + Name of VPN Connection Setting: pcdummy.lan + + Destination VPN Server Host Name and Port Number: apu1d4.home.pc-dummy.net:8888 + + Destination Virtual Hub Name: vpn.pcdummy.lan + + Connecting User Name: jochumr + + Used Virtual Network Adapter Name: 0 + + The command completed successfully. + + +Create a Password: + + VPN Client>Accountpasswordset + AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication + Name of VPN Connection Setting: pcdummy.lan + + Please enter the password. To cancel press the Ctrl+D key. + + Password: ******************** + Confirm input: ******************** + + + Specify standard or radius: standard + + The command completed successfully. + + +Connect the newly created "Account": + + AccountConnect pcdummy.lan + + +#### Wine with 32bit default + + sudo apt-get -y install wine1.7 wine-gecko:i386 wine-mono:i386 + + # Set wine to 32bit by default + cat <> ~/.profile + + # Set wine to 32bit + WINEARCH=win32 + WINEPREFIX=$HOME/.wine32 + EOF + + source $HOME/.profile + +#### Filezilla + + sudo apt-get -y install filezilla + +#### Google Chrome OpenSource - Chromium + + sudo apt-get -y install chromium-browser chromium-browser-l10n + +#### Google Chrome + + wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - + sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' + sudo apt-get update + sudo apt-get -y install google-chrome-stable + +#### Salt client + + sudo add-apt-repository -y ppa:saltstack/salt + sudo apt-get update + sudo apt-get -qy install salt-minion + +#### Misc + + sudo apt-get -y install sshfs unrar screen pwgen whois + +#### LXC (Linux Container) + + sudo add-apt-repository -y ppa:ubuntu-lxc/stable + sudo apt-get update + sudo apt-get -y install lxc lxctl cgmanager uidmap + +Default NAT Bridge: + + sudo sh -c 'cat < /etc/default/lxc-net + USE_LXC_BRIDGE="true" + LXC_BRIDGE="mlabnatbr0" + LXC_ADDR="10.167.161.1" + LXC_NETMASK="255.255.255.0" + LXC_NETWORK="10.167.161.0/24" + LXC_DHCP_RANGE="10.167.161.100,10.167.161.254" + LXC_DHCP_MAX="153" + LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf + LXC_DOMAIN="mlabnat.pcdummy.lan" + EOF' + + +By default other lxc hosts will go over my NAT interface: + + sudo sed -i -e's|lxc.network.link = lxcbr0|lxc.network.link = mlabnatbr0|' /etc/lxc/default.conf + +Make `mlabnatbr0` the default for lxc: + + sudo sh -c 'cat < /etc/lxc/default.conf + lxc.network.type = veth + lxc.network.link = mlabnatbr0 + lxc.network.flags = up + lxc.network.hwaddr = 00:16:3e:xx:xx:xx + EOF' + +Install and configure radvd and dnsmasq for lxc `mlabnatbr0`: + + sudo apt-get -y install radvd + sudo sh -c 'cat < /etc/radvd.conf + interface mlabnatbr0 + { + # Advertise + AdvSendAdvert on; + + # Maximum time between RAs + MaxRtrAdvInterval 60; + + AdvManagedFlag on; + + prefix fd57:c87d:f1ee:ee01::1/64 + { + # We are the only router. If we shut down, nobody else can route + # this prefix -- tell clients about this. + DeprecatePrefix on; + }; + }; + EOF' + + sudo sh -c 'cat < /etc/lxc/dnsmasq.conf + dhcp-range=::add:0:0:100,::add:0:0:1e3, constructor:mlabnatbr0, 12h + + dhcp-option=option:all-subnets-local,1 + dhcp-option=option6:dns-server,[::] + dhcp-option=option6:ntp-server,[::] + dhcp-option=option:domain-search,mlabnat.pcdummy.lan + EOF' + +Create the lxd user and give him some permissions: + + sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd # /bin/bash so i can "ssh lxd@localhost" + sudo usermod -a -G lxd pcdummy + # Give lxd 99 uid/gid ranges to map. + for i in {1..99}; do + sudo usermod --add-subuids ${i}00000-${i}65536 lxd + sudo usermod --add-subgids ${i}00000-${i}65536 lxd + done # This takes a while + sudo mkdir /var/lib/lxd + sudo chown lxd:lxd /var/lib/lxd + sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/ + sudo sudo -H -u lxd sh -c 'cat < /var/lib/lxd/.config/lxc/default.conf + lxc.include = /etc/lxc/default.conf + lxc.id_map = u 0 100000 65537 + lxc.id_map = g 0 100000 65537 + EOF' + +Allow userspace containers to use the network interfaces: + + echo 'lxd veth mlabnatbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null + echo 'lxd veth mlabbr0 100' | sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null + +Restart lxc and lxc-net + + sudo service lxc stop + sudo service lxc-net restart + sudo service lxc start + +For "ssh lxd@localhost" + + sudo apt-get -y install openssh-server + sudo mkdir /var/lib/lxd/.ssh/ + sudo cp $HOME/.ssh/workkey.pub /var/lib/lxd/.ssh/authorized_keys + sudo chown -R lxd:lxd /var/lib/lxd/.ssh/ diff --git a/content/post/linux-Gnome-and-android-phones.md b/content/post/linux-Gnome-and-android-phones.md new file mode 100644 index 0000000..6ffb4f1 --- /dev/null +++ b/content/post/linux-Gnome-and-android-phones.md @@ -0,0 +1,10 @@ +--- +date: 2013-02-10T00:00:00+01:00 +title: Linux (Gnome) and Android Phones +author: pcdummy + +--- + +Ever wondered Howto Sync your Android 4 ICS Phone with Linux? + +[Here](http://linuxundich.de/de/ubuntu/gvfs-update-ermoglicht-unter-ubuntulinux-endlich-den-bequemen-zugriff-auf-android-gerate-via-mtp/) is the solution in german. diff --git a/content/post/nginx-wordpress-ithemes-rules.md b/content/post/nginx-wordpress-ithemes-rules.md new file mode 100644 index 0000000..3e4c09d --- /dev/null +++ b/content/post/nginx-wordpress-ithemes-rules.md @@ -0,0 +1,85 @@ +--- +date: 2014-12-15T00:00:00+01:00 +title: Froxlor + Nginx + WordPress iThemes Rules +author: pcdummy + +--- +A short howto on setting up Wordpress iThemes Security with Froxlor and nginx. + +Assuming you have this directory layout: + + /var/customers/webs/[customer-name]/[domain-name]/htdocs + +This is what i did to make it work on my froxlor installation: + +1. Login to Froxlor as Administrator +2. Impersonate your wordpress customer by clicking on Customers -> [his username] +3. As Customer click on Domain -> Settings -> [the small edit pensil to edit this domain] +4. Change "Openbasedir-Path" to "Homefolder" - this will **allow** PHP to **access** all files **from this customer**! +5. Wait for the froxlor crontask or run it manually +6. Login to your wordpress backend. +7. Goto Security->Settings and search for nginx, change the nginx config path to "/var/customers/webs**/[customer-name]**/**[domain-name]**/nginx.conf" and save, it should give a message about a sucessfull write of the nginx.conf! +8. Go back to the Froxlor Administrator Panel +9. Go to Domains -> [small edit pensil to edit your customers domain] +10. Insert "include /var/customers/webs/[customer-name]/[domain-name]/nginx.conf;" to his "Own vHost-Settings" +11. Wait for the froxlor contask again. +12. Voila, now you have improved yours/your customers wordpress installation even more. + +### Deprecated Method: + +Took me a while to convert the Nginx rules from iThemes to "plain" Text so i could past them into froxlor. + +This is what came out. + +
+    # BEGIN iThemes Security
+    # BEGIN Tweaks
+    # Rules to block access to WordPress specific files and wp-includes
+    location ~ /\.ht { deny all; }
+    location ~ wp-config.php { deny all; }
+    location ~ readme.html { deny all; }
+    location ~ readme.txt { deny all; }
+    location ~ /install.php { deny all; }
+    location ^wp-includes/(.*).php { deny all; }
+    location ^/wp-admin/includes(.*)$ { deny all; }
+
+    # Rules to prevent php execution in uploads
+    location ^(.*)/uploads/(.*).php(.?){ deny all; }
+
+    # Rules to block unneeded HTTP methods
+    if ($request_method ~* "^(TRACE|DELETE|TRACK)"){ return 403; }
+
+    # Rules to block suspicious URIs
+    set $susquery 0;
+    if ($args ~* "\.\./") { set $susquery 1; }
+    if ($args ~* "\.(bash|git|hg|log|svn|swp|cvs)") { set $susquery 1; }
+    if ($args ~* "etc/passwd") { set $susquery 1; }
+    if ($args ~* "boot.ini") { set $susquery 1; }
+    if ($args ~* "ftp:") { set $susquery 1; }
+    if ($args ~* "http:") { set $susquery 1; }
+    if ($args ~* "https:") { set $susquery 1; }
+    if ($args ~* "(<|%3C).*script.*(>|%3E)") { set $susquery 1; }
+    if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $susquery 1; }
+    if ($args ~* "base64_encode") { set $susquery 1; }
+    if ($args ~* "(%24&x)") { set $susquery 1; }
+    if ($args ~* "(127.0)") { set $susquery 1; }
+    if ($args ~* "(globals|encode|localhost|loopback)") { set $susquery 1; }
+    if ($args ~* "(request|insert|concat|union|declare)") { set $susquery 1; }
+    if ($args !~ "^loggedout=true"){ set $susquery 0; }
+    if ($args !~ "^action=jetpack-sso"){ set $susquery 0; }
+    if ($args !~ "^action=rp"){ set $susquery 0; }
+    if ($http_cookie !~ "^.*wordpress_logged_in_.*$"){ set $susquery 0; }
+    if ($http_referer !~ "^http://maps.googleapis.com(.*)$"){ set $susquery 0; }
+    if ($susquery = 1) { return 403; }
+
+    # Rules to help reduce spam
+    location /wp-comments-post.php {
+        valid_referers jetpack.wordpress.com/jetpack-comment/ *.smile4.at;
+        set $rule_0 0;
+        if ($request_method ~ "POST"){ set $rule_0 1$rule_0; }
+        if ($invalid_referer) { set $rule_0 2$rule_0; }
+        if ($http_user_agent ~ "^$"){ set $rule_0 3$rule_0; }
+        if ($rule_0 = "3210") { return 403; }
+    }
+    # END Tweaks
+    # END iThemes Security
diff --git a/content/post/nice-howto-on-openvpn-and-kvm-bridges.md b/content/post/nice-howto-on-openvpn-and-kvm-bridges.md new file mode 100644 index 0000000..d4b0ed9 --- /dev/null +++ b/content/post/nice-howto-on-openvpn-and-kvm-bridges.md @@ -0,0 +1,8 @@ +--- +date: 2013-02-22T00:00:00+01:00 +title: Nice Howto on OpenVPN and KVM (libvirt) bridges. +author: pcdummy + +--- + +Nice Howto on OpenVPN and KVM (libvirt) bridges. [http://deathegg.student.utwente.nl/wiki/Knowledge:OpenVPN#Bridging_OpenVPN_.28Server.29](http://deathegg.student.utwente.nl/wiki/Knowledge:OpenVPN#Bridging_OpenVPN_.28Server.29) diff --git a/content/post/pc-engines_apu1d4.md b/content/post/pc-engines_apu1d4.md new file mode 100644 index 0000000..c20825a --- /dev/null +++ b/content/post/pc-engines_apu1d4.md @@ -0,0 +1,8 @@ +--- +date: 2015-02-23T00:00:00+01:00 +title: Home firewall (a pc-engines apu1d4) +author: pcdummy + +--- +{{< lightslider name="pc-engines_apu1d4" url="data/post/pc-engines_apu1d4.json" >}} + diff --git a/content/post/restore-lost-data-with-photorec.md b/content/post/restore-lost-data-with-photorec.md new file mode 100644 index 0000000..792df66 --- /dev/null +++ b/content/post/restore-lost-data-with-photorec.md @@ -0,0 +1,59 @@ +--- +date: 2014-12-15T00:00:00+01:00 +title: Restore lost data with Photorec +author: pcdummy + +--- + +A friend of mine lost his NTFS Partition (think it was a power outage). As he has some data on it he needs, i tought about restoring it. + +Helpful Links: + +* [Authors Step-by-Step Guide](http://www.cgsecurity.org/wiki/PhotoRec_Step_By_Step) +* [German Ubuntu wiki article on Data Recovery](http://wiki.ubuntuusers.de/Datenrettung) + +This is what i came out with: + +1. Downloaded[ TestDisk (with Photorec)](http://www.cgsecurity.org/wiki/TestDisk_Download "TestDisk download") +2. Extracted it. +3. Made store directory on other disk: $ mkdir /media/<username>/<my_usb_disk>/<friends_name> +4. run it as root: sudo photorec_static /media/<username>/<friends_disk>/the_dd_image_we_made_before.img +5. I set it "whole" and "NTFS", after about 18 Hours it was over that 300GB. + +To split the files up in **one directory per extension**: + +

+cd /media/<username>/<my_usb_disk>;
+
+# Create a list of Extensions found: http://stackoverflow.com/questions/1842254
+find <friends_name>/ -type f | perl -ne 'print $1 if m/\.([^.\/]+)$/' | sort -u > found_extensions.txt
+
+#
+# You might want to edit the "found_extensions.txt" file you just generated,
+# - filter out crap
+# - remove duplicated extensions, the script below is case insensetive
+#
+
+# Create the directory where we copy these files in one folder per extension.
+mkdir <friends_name>_extensions/
+cd <friends_name>_extensions/
+
+# Now mkdir one directory per extension and copy of all files of this extension into it.
+
+#!/bin/sh
+for i in $(cat ../found_extensions.txt); do
+    count=$(find ../<friends_name>/ -type f -iname "*.$i" | wc -l)
+    echo "Copying \"$count\" files for extension: $i..."
+    mkdir -p $i
+    for src in $(find ../<friends_name>/ -type f -iname "*.$i"); do
+        dest=$i/$(basename $src)
+        if [ ! -f "$dest" ]; then
+            echo "Copying \"$src\" to \"$dest\""
+            cp $src $dest # Use mv here instead of cp if you known what you do.
+        elif ! $(cmp -s $src $dest); then
+            echo "Overwriting \"$dest\" with \"$src\""
+            cp $src $dest
+        fi
+    done
+done
+
diff --git a/content/post/save-bandwith-with-squid-and-apt-cacher-ng.md b/content/post/save-bandwith-with-squid-and-apt-cacher-ng.md new file mode 100644 index 0000000..728a105 --- /dev/null +++ b/content/post/save-bandwith-with-squid-and-apt-cacher-ng.md @@ -0,0 +1,10 @@ +--- +date: 2015-01-10T00:00:00+01:00 +title: Save some bandwith with squid as transparent proxy and apt-cacher-ng as peer. +author: pcdummy + +--- + +[This](http://portablejim.now.im/tips/95-squidandaptcacherng.html) howto helped me on saving Bandwith at home. :) + +I'm using a lot Vagrant boxes, provisioning takes a lot bandwith, with the setup above i have a cache in between. :-) diff --git a/content/post/syscp-to-froxlor-move-with-high-security.md b/content/post/syscp-to-froxlor-move-with-high-security.md new file mode 100644 index 0000000..c8edee7 --- /dev/null +++ b/content/post/syscp-to-froxlor-move-with-high-security.md @@ -0,0 +1,208 @@ +--- +date: 2013-01-26T00:00:00+01:00 +title: Syscp to Foxlor move on Ubuntu 12.10 with high security. +author: pcdummy + +--- + +Today i switched our (mine and my uncles) WebServer from + +- [**SysCP**](http://syscp.org "SysCP") (modified by me), **apache2**, **apache2-mpm-itk**, **libapache2-mod-php5**, **proftpd** + +To: + +- [**Froxlor**](http://www.froxlor.org/ "Froxlor") (git master), **nginx**, **php5-fpm**, **vsftpd** (with libpam-mysql and libnss-mysql-bg) + +I had nginx with php5-fpm running as second install, i also have it running on a high volume website. It's a dream! + +This is a shared web Server so i tought a lot about its security (which we had before by mpm-itk). + +The main thing to think about was PHP, there are a lot bugs in PHP written Software and "crackers" + +love to hack PHP Sites. + +The Solution for this was for us to run one php5-fpm for every customer, froxlor makes it easy to do so. + +First replace ProFTPd with vsftpd with libpam-mysql ( libpam-ldap for a [bug](http://ubuntuforums.org/showthread.php?t=1937131) ), stolen [here.](http://forum.froxlor.org/index.php?/topic/569-solved-froxlor-0915-vsftpd-moglich/) + + apt-get install vsftpd libpam-mysql libpam-ldap + +Replace `/etc/pam.d/vsftpd` (still with the syscp backend): + + auth required pam_mysql.so user=syscp passwd= host=localhost db=syscp table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 verbose=1 + account required pam_mysql.so user=syscp passwd= host=localhost db=syscp table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1 verbose=1` + +Replace `/etc/vsftpd.conf`: + + listen=YES + + dual_log_enable=YES + log_ftp_protocol=YES + xferlog_enable=YES + + anonymous_enable=NO + local_enable=YES + check_shell=NO + + virtual_use_local_privs=YES + + connect_from_port_20=YES + secure_chroot_dir=/var/run/vsftpd/empty + pam_service_name=vsftpd + + guest_username=www-data + guest_enable=NO + chroot_local_user=YES + hide_ids=YES + + write_enable=YES + use_localtime=YES + local_umask=022 + dirmessage_enable=YES + + # local_root=/var/kunden/webs/$USER + # See: http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/ + # allow_writeable_chroot=YES + + user_sub_token=$USER + nopriv_user=www-data + +Restart vsftpd: + + /etc/init.d/vsftpd restart + +Test it with your local ftp client. + +Install Froxlor + + + apt-get install git + cd /var/kunden/webs/Server + git clone https://github.com/Froxlor/Froxlor webadmin. + +Create /etc/nginx/sites-available/webadmin. ( i have the "upstream" php5-fpm defined somewhere else ). + + server { + listen :80; + server_name webadmin.; + + root /var/kunden/webs/Server/webadmin.; + index index.html index.php; + + charset utf-8; + + location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xls)$ { + access_log off; + expires 30d; + } + + location / { + rewrite ^(.*)$ /index.php$1 last; + } + + location ~ "^(.+\.php)(.*)$" { + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass php5-fpm; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + } + +Enable the config, test it and restart nginx. + + ln -s /etc/nginx/sites-available/webadmin. /etc/nginx/sites-enabled/001-webadmin. + nginx -t + /etc/init.d/nginx restart + +See this [guide](http://redmine.froxlor.org/projects/froxlor/wiki/Upgrading_to_or_updating_Froxlor) on howto upgrade from syscp to froxlor: + +(i did it my way tm - installed froxlor, then i replaced the db with the one from syscp) + +Now go to http://webadmin.yourdomain.com and migrate the syscp data, + +after the migration you should configure the webserver to nginx. + +Froxlor - nginx settings: + + [![froxlor-nginx-settings](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-nginx-settings-300x161.jpg)](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-nginx-settings.jpg) + +Froxlor - phpfpm settings: + [![froxlor-phpfpm-settings](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-phpfpm-settings-300x137.jpg)](http://rene.jochums.at/wp-content/uploads/2013/01/froxlor-phpfpm-settings.jpg) + +Run cron_tasks.php for the first time and check its output for errors: + + /usr/bin/php -q /var/kunden/webs/Server/webadmin./scripts/cron_tasks.php + +Create a new MySQL user "**vsftpd**" and give him + + SELECT rights on the tables **froxlor.ftp_users**,** froxlor.ftp_groups** + +Replace `/etc/pam.d/vsftpd` again (now with the froxlor backend) + +
+`auth     required       pam_mysql.so user=vsftpd passwd= host=localhost db=froxlor table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1
+account  required       pam_mysql.so user=vsftpd passwd= host=localhost db=froxlor table=ftp_users usercolumn=username passwdcolumn=password [where=login_enabled="Y"] crypt=1`
+ +Restart `vsftpd`: + + /etc/init.d/vsftpd restart + +Test with your local ftp client. + +Can't remember why but i had to replace `libnss-mysql` with `libnss-mysql-bg` + +This is the config `/etc/libnss-mysql.cfg` for it if you need it. + + getpwnam SELECT username,'x',uid,gid,'MySQL User',homedir,shell \ + FROM ftp_users \ + WHERE username='%1$s' \ + ORDER BY id ASC \ + LIMIT 1 + + getpwuid SELECT username,'x',uid,gid,'MySQL User',homedir,shell \ + FROM ftp_users \ + WHERE uid='%1$u' \ + ORDER BY id ASC + LIMIT 1 + + getspnam SELECT username,password,'1','0','99999','0','0','-1','0' \ + FROM ftp_users \ + WHERE username='%1$s' \ + ORDER BY id ASC + LIMIT 1 + + getpwent SELECT username,'x',uid,gid,'MySQL User',homedir,shell \ + FROM ftp_users + + getspent SELECT username,password,'1','0','99999','0','0','-1','0' \ + FROM ftp_users + + getgrnam SELECT groupname,'empty',gid \ + FROM ftp_groups \ + WHERE groupname='%1$s' \ + LIMIT 1 + + getgrgid SELECT groupname,'empty',gid \ + FROM ftp_groups \ + WHERE gid='%1$u' \ + LIMIT 1 + + getgrent SELECT groupname,'empty',gid \ + FROM ftp_groups + + memsbygid SELECT members \ + FROM ftp_groups \ + WHERE gid='%1$u' + + gidsbymem SELECT gid \ + FROM ftp_groups \ + WHERE groupname='%1$s' + + host localhost + database vsftpd + username vsftpd + password + +`/etc/libnss-mysql-root.cfg` + + username vsftpd password diff --git a/content/post/tsurges-instruction-virtualbox.md b/content/post/tsurges-instruction-virtualbox.md new file mode 100644 index 0000000..041ffe5 --- /dev/null +++ b/content/post/tsurges-instruction-virtualbox.md @@ -0,0 +1,11 @@ +--- +date: 2013-01-28T00:00:00+01:00 +title: T Surge's introduction to Virtualbox (Run Windows Virtual on top of Linux) +author: pcdummy +--- + +Virtual Box (VBox in short) from Oracle is a great technology that helps us to install multiple operating systems on a machine and run them side by side. Hence it is called a Virtualization Software. + +read more [here](http://tsurge.wordpress.com/2013/01/26/introduction-to-virtualbox/) + + [![windows_on_linux](http://rene.jochums.at/wp-content/uploads/2013/01/windows_on_linux-300x151.png)](http://rene.jochums.at/wp-content/uploads/2013/01/windows_on_linux.png) diff --git a/content/post/ubuntu-13.04-und-postfix-2.10.md b/content/post/ubuntu-13.04-und-postfix-2.10.md new file mode 100644 index 0000000..b1e9616 --- /dev/null +++ b/content/post/ubuntu-13.04-und-postfix-2.10.md @@ -0,0 +1,12 @@ +--- +date: 2013-08-13T00:00:00+01:00 +title: Ubuntu 13.04 und Postfix 2.10 +author: pcdummy + +--- + +Nachdem ich jetzt einen Tag nach einer Lösung gesucht warum mein Postfix immer ein 5.7.1 Relay Access Denied ausspuckt... hier die Lösung: + +[https://bbs.archlinux.org/viewtopic.php?id=158020](https://bbs.archlinux.org/viewtopic.php?id=158020) + +Aus `smtpd_recipient_restrictions` wird `smtpd_relay_restrictions` diff --git a/content/post/ubuntu-lxc-image.md b/content/post/ubuntu-lxc-image.md new file mode 100644 index 0000000..1d2f28b --- /dev/null +++ b/content/post/ubuntu-lxc-image.md @@ -0,0 +1,111 @@ +--- +date: 2015-01-25T14:00:00+01:00 +title: HOWTO - Prepare a minimal lxc image for salt +author: pcdummy +tags: + - HOWTO + - Ubuntu + - BTRFS + - lxc +--- + +These are basic commands i use to prepare a minimal lxc image for saltstack. + +**Login as lxd** + +if you have got a unprivileged install like me. + + $ ssh lxd@localhost + +**Download the Image** + +I use the btrfs [backing store](https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-backinstores) driver here, see its [man page](http://man7.org/linux/man-pages/man1/lxc-create.1.html) for more. + + $ lxc-create -B btrfs -t download -n trusty64 -- -d ubuntu -r trusty -a amd64 + +**Start and attach** + + lxc-start -n trusty64 + lxc-attach -n trusty64 + +**Upgrade the base system** + +You'r now in the machine, its like *chroot* on *steroids* + + apt-get update && apt-get -qy dist-upgrade + +**Install openssh-server** + + apt-get -qy install openssh-server + +**Install salt-minion** + + apt-get -qy install software-properties-common + add-apt-repository -y ppa:saltstack/salt + apt-get update + apt-get -qy install salt-minion + +**Configure salt-minion for the first connect** + +I enable ```IPv6``` here as i use a IPv6 only network to play around. + + service salt-minion stop + echo -e "master: salt\nipv6: True" > /etc/salt/minion.d/master.conf + rm -rf /etc/salt/minion_id /etc/salt/pki/ + +**Remove ssh keys, let salt provision it** + + rm -f /etc/ssh/ssh_host_*_key* + +**Set the hostname to FQDN so you have it later with a Domain in your saltmaster** + +Replace ```lxc.example.lan``` with the domain you have in ```/etc/default/lxc-net``` + + $ sed -i -e's|trusty64|trusty64.lxc.example.lan|' /etc/hosts + +**Delete default "ubuntu" user (want salt to provision the id:1000 user)** + + $ userdel -rf ubuntu + +**Now** get back on your machine: + + $ exit + +**and** stop the base image you must made: + + $ lxc-stop -n trusty64 + +### Do this every time you need a new testing/production machine +**Clone it and let your salt master provision it :)** + +I use the [snapshot](http://man7.org/linux/man-pages/man1/lxc-clone.1.html) feature here. + +replace ```jupiter``` with your own hostname. + + $ lxc-clone -s trusty64 jupiter + $ lxc-start -n jupiter + +**Get info from your new machine** + + $ lxc-ls -f + +**On the Master** + + $ salt-key -a 'jupiter.*' + +If you have a firewalled development saltmaster you may want to activate [auto_accept](http://docs.saltstack.com/en/latest/ref/configuration/master.html#auto-accept) + +**Wanna do it again?** + +Destroy the machine (**as lxd@localhost**) + + $ lxc-destroy -n jupiter + +Remove the key on the Master + + $ salt-key -d 'jupiter.*' + +Clone it again and let the master provision it (**again as lxd@localhost**) + + $ lxc-clone -s trusty64 jupiter + $ lxc-start -n jupiter diff --git a/content/post/ubuntu-lxc-install.md b/content/post/ubuntu-lxc-install.md new file mode 100644 index 0000000..be37839 --- /dev/null +++ b/content/post/ubuntu-lxc-install.md @@ -0,0 +1,169 @@ +--- +date: 2015-01-25T13:00:00+01:00 +title: HOWTO - Install lxc and prepare it for a unprivileged user +author: pcdummy +tags: + - HOWTO + - Ubuntu + - BTRFS + - lxc +--- + +Very good to read [Official LXC 1.0 Howtos](https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/)! + +This howto is based on: [LXC 1.0: Unprivileged containers [7/10]](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/) + +I started to play around with [LXD (pronounced lex-dee)](https://github.com/lxc/lxd) but its not usable IMHO yet, thats why my lxc **unpriviliged** user is called lxd. + +Replace **lxd** with any other user, maybe ```yours```? + +**Install the latest stable lts kernel** + + $ sudo apt-get -y install linux-image-utopic-lts + +**Enable "memory swapaccount" [found here](http://www.flockport.com/start/)** + +Edit **/etc/default/grub** + + $ gksudo gedit /etc/default/grub + +Replace GRUB_CMDLINE_LIINUX_DEFAULT="quiet splash" with: + + GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1" + +**Or** use **sed** (i have a LUKS encrypted disk, ```quiet splash``` is buggy): + + $ sed -i -e's|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"|' /etc/default/grub + + +Then **update grub**: + + $ sudo update-grub + +And **reboot**: + + $ sudo reboot + +**Install LXC from the the *daily* ppa** + +I use the *daily* ppa for the latest lxc-features here on my testing laptop. + + $ sudo add-apt-repository -y ppa:ubuntu-lxc/daily + $ sudo apt-get update + $ sudo apt-get -y install lxc cgmanager uidmap lxc-templates + +[LXCFS](https://linuxcontainers.org/lxcfs/introduction/) seems to be unstable here, remove it: + + $ sudo apt-get -y purge lxcfs + +**BRTFS and "unprivileged users"** + +You will need the ```user_subvol_rm_allowed``` option, if you use BTRFS like me as mentioned in [issue #210](https://github.com/lxc/lxc/issues/210) + +This is my **/etc/fstab** entry: + + /dev/mapper/root /var/lib/lxd btrfs subvol=@lxd,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0 + +My **full** /etc/fstab: + + # /etc/fstab: static file system information. + # + # Use 'blkid' to print the universally unique identifier for a + # device; this may be used with UUID= as a more robust way to name devices + # that works even if disks are added and removed. See fstab(5). + # + # + /dev/mapper/root / btrfs subvol=@ubuntu_14.10,compress=lzo,recovery,noatime 0 0 + /dev/sda1 /boot ext3 defaults 0 0 + /dev/mapper/root /home btrfs subvol=@home,compress=lzo,recovery,noatime 0 0 + /dev/mapper/root /opt/mono btrfs subvol=@mono,compress=lzo,recovery,noatime 0 0 + /dev/mapper/root /var/lib/lxc btrfs subvol=@lxc,compress=lzo,recovery,noatime 0 0 + /dev/mapper/root /var/lib/lxd btrfs subvol=@lxd,compress=lzo,recovery,noatime,user_subvol_rm_allowed 0 0 + /dev/mapper/data /data xfs noatime,nobootwait 0 0 + /dev/mapper/swap none swap defaults,nobootwait 0 0 + + # To modify the btrfs ($ btrfs subvolume create /mnt/btrfs/ or $ copy -ax --reflink=always /mnt/btrfs/@src/. /mnt/btrfs/@dest) + /dev/mapper/root /mnt/btrfs btrfs subvolid=0,compress=lzo,recovery,noatime,noauto 0 0 + +**Create the user ```lxd```** + +A valid shell so i can "ssh lxd@localhost", see this [Permission denied](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/#comment-183371) + + $ sudo useradd -r -d /var/lib/lxd -s /bin/bash lxd + +**Give lxd 99 uid/gid ranges to map.** + + $ for i in {1..99}; do \ + sudo usermod --add-subuids ${i}00000-${i}65536 lxd \ + sudo usermod --add-subgids ${i}00000-${i}65536 lxd \ + done # This takes a while + +**Create a basic config for that new user** + + $ sudo mkdir /var/lib/lxd + $ sudo chown lxd:lxd /var/lib/lxd + $ sudo sudo -H -u lxd mkdir -p /var/lib/lxd/.config/lxc/ + + $ sudo sudo -H -u lxd sh -c 'cat < /var/lib/lxd/.config/lxc/default.conf + lxc.include = /etc/lxc/default.conf + lxc.id_map = u 0 100000 65537 + lxc.id_map = g 0 100000 65537 + EOF' + + +**Install openssh-server so you can ```$ ssh lxd@localhost```** + +Again see this see this [Permission denied](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/#comment-183371) bug, i got into. + + $ sudo apt-get -y install openssh-server + +**and** copy your public key + + + $ sudo mkdir /var/lib/lxd/.ssh/ + $ sudo cp $HOME/.ssh/id_ecdsa.pub /var/lib/lxd/.ssh/authorized_keys + $ sudo chown -R lxd:lxd /var/lib/lxd/.ssh/ + +**Set the domain for your LXC Machines** + +This is from [seminar.io](http://seminar.io/2014/07/27/dns-resolution-for-lxc-in-ubuntu-trusty/) + +To supply all your LXC machines the same Domainname set ```LXC_DOMAIN``` in ```/etc/default/lxc-net``` + + $ gksudo gedit /etc/default/lxc-net + +Uncomment ```LXC_DOMAIN="lxc"``` **and** change ```lxc``` to something else **if** you want another domain for your hosts than ```lxc```. + +**or** use sed UNTESTED: + + $ sudo sed -i -e's|# LXC_DOMAIN="lxc"|LXC_DOMAIN="lxc.example.lan"|' /etc/default/lxc-net + +To have that domain on your computer you need to **change** the NetworkManager **dnsmasq** + + $ echo 'server=/lxc.example.lan/10.0.3.1' | sudo tee -a /etc/NetworkManager/dnsmasq.d/lxc.conf + +This will redirect DNS queries for ```*.lxc.example.lan``` hosts to the ```dnsmasq``` instance running on 10.0.3.1 that manage DHCP and DNS for containers. + +**Now** restart lxc-net and NetworkManager + + $ sudo service lxc-net stop + $ sudo service lxc-net start + $ sudo service network-manager restart + +For the ```lxc-net``` service you can't use the ```restart``` command, you must use the ```stop/start``` commands to reload the configuration. + +**Allow the unprivileged ```lxd``` user to create machines witch use the ```lxcbr0``` interface** + + $ echo 'lxd veth lxcbr0 100'| sudo tee -a /etc/lxc/lxc-usernet 1>/dev/null + $ sudo service lxc restart + +**Usefull commands** + + + Get CPU, Disk and Memory Usage of your containers + + $ lxc-top + +**Now create your first base image** + +[Prepare a minimal lxc image for salt](/docs/ubuntu-lxc-image.md) diff --git a/content/post/youtube-and-youtube-mp3.org.md b/content/post/youtube-and-youtube-mp3.org.md new file mode 100644 index 0000000..b2c795f --- /dev/null +++ b/content/post/youtube-and-youtube-mp3.org.md @@ -0,0 +1,15 @@ +--- +date: 2013-01-28T00:00:00+01:00 +title: Youtube and youtube-mp3.org +author: pcdummy +--- + +Today i tried to Download some great songs from one of my favorite Artists, [Alex Boyle.](https://www.youtube.com/user/ALEXBOYETV) + +This is what i got on some of them: + [![Youtube-mp3.org](/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error_300x154.png)](/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error.png) + +Youtube limits the external Tools, so you can't convert/download all the videos, +you would like to. I can imagine why Youtube has to do so, but its against **Freedom** isn't it? + +Please vote [here](http://www.change.org/petitions/youtube-googlede-allow-third-party-recording-tools-for-youtube-freedomonyoutube#) if you think as i do, help the great people at Youtube to give us more Freedom. diff --git a/data/post/pc-engines_apu1d4.json b/data/post/pc-engines_apu1d4.json new file mode 100644 index 0000000..e046822 --- /dev/null +++ b/data/post/pc-engines_apu1d4.json @@ -0,0 +1,55 @@ +{ + "settings": { + "item": 1, + "thumbItem": 5, + "slideMargin": 0, + "currentPagerPosition": "left", + "slideMove":1, + "easing": "cubic-bezier(0.25, 0, 0.25, 1)", + "speed": 600, + "responsive": [ + { + "breakpoint": 800, + "settings": { + "item": 3, + "slideMove": 1, + "slideMargin": 6 + } + }, + { + "breakpoint": 480, + "settings": { + "item": 2, + "slideMove": 1 + } + } + ] + }, + "items": [ + { + "full": "/static/content/post/pc-engines_apu1d4/small/box.jpg", + "thumb": "/static/content/post/pc-engines_apu1d4/thumb/box.jpg", + "alt": "In the box" + }, + { + "full": "/static/content/post/pc-engines_apu1d4/small/unboxed.jpg", + "thumb": "/static/content/post/pc-engines_apu1d4/thumb/unboxed.jpg", + "alt": "Unboxed" + }, + { + "full": "/static/content/post/pc-engines_apu1d4/small/case.jpg", + "thumb": "/static/content/post/pc-engines_apu1d4/thumb/case.jpg", + "alt": "Case only" + }, + { + "full": "/static/content/post/pc-engines_apu1d4/small/case_and_board.jpg", + "thumb": "/static/content/post/pc-engines_apu1d4/thumb/case_and_board.jpg", + "alt": "Case and board" + }, + { + "full": "/static/content/post/pc-engines_apu1d4/small/assembled.jpg", + "thumb": "/static/content/post/pc-engines_apu1d4/thumb/assembled.jpg", + "alt": "Assembled" + } + ] +} diff --git a/layouts/partials/_widgets/copyright.html b/layouts/partials/_widgets/copyright.html new file mode 100644 index 0000000..4606f8e --- /dev/null +++ b/layouts/partials/_widgets/copyright.html @@ -0,0 +1,9 @@ +
+
+
+
+

© 2015 by Rene´ Jochum, under a CC BY 4.0 license.

+
+
+
+
diff --git a/layouts/partials/navbar.html b/layouts/partials/navbar.html new file mode 100644 index 0000000..cd4ca0c --- /dev/null +++ b/layouts/partials/navbar.html @@ -0,0 +1,7 @@ + +
+{{ partial "_widgets/menu.html" . }} +{{ partial "_widgets/social.html" . }} +{{ partial "_widgets/simpletaglist.html" . }} +{{ partial "_widgets/copyright.html" . }} +
diff --git a/static/static/author/pcdummy_240x240.png b/static/static/author/pcdummy_240x240.png new file mode 100644 index 0000000..62134b6 Binary files /dev/null and b/static/static/author/pcdummy_240x240.png differ diff --git a/static/static/content/post/pc-engines_apu1d4/small/assembled.jpg b/static/static/content/post/pc-engines_apu1d4/small/assembled.jpg new file mode 100644 index 0000000..5377ebd Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/small/assembled.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/small/box.jpg b/static/static/content/post/pc-engines_apu1d4/small/box.jpg new file mode 100644 index 0000000..8d497a7 Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/small/box.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/small/case.jpg b/static/static/content/post/pc-engines_apu1d4/small/case.jpg new file mode 100644 index 0000000..e52b04c Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/small/case.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/small/case_and_board.jpg b/static/static/content/post/pc-engines_apu1d4/small/case_and_board.jpg new file mode 100644 index 0000000..cbafb38 Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/small/case_and_board.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/small/unboxed.jpg b/static/static/content/post/pc-engines_apu1d4/small/unboxed.jpg new file mode 100644 index 0000000..56c15d6 Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/small/unboxed.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/thumb/assembled.jpg b/static/static/content/post/pc-engines_apu1d4/thumb/assembled.jpg new file mode 100644 index 0000000..b275cd8 Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/thumb/assembled.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/thumb/box.jpg b/static/static/content/post/pc-engines_apu1d4/thumb/box.jpg new file mode 100644 index 0000000..f5dd8c8 Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/thumb/box.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/thumb/case.jpg b/static/static/content/post/pc-engines_apu1d4/thumb/case.jpg new file mode 100644 index 0000000..c22c3ac Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/thumb/case.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/thumb/case_and_board.jpg b/static/static/content/post/pc-engines_apu1d4/thumb/case_and_board.jpg new file mode 100644 index 0000000..9943a24 Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/thumb/case_and_board.jpg differ diff --git a/static/static/content/post/pc-engines_apu1d4/thumb/unboxed.jpg b/static/static/content/post/pc-engines_apu1d4/thumb/unboxed.jpg new file mode 100644 index 0000000..aa5a682 Binary files /dev/null and b/static/static/content/post/pc-engines_apu1d4/thumb/unboxed.jpg differ diff --git a/static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error.png b/static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error.png new file mode 100644 index 0000000..ebc1426 Binary files /dev/null and b/static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error.png differ diff --git a/static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error_300x154.png b/static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error_300x154.png new file mode 100644 index 0000000..b4a5c03 Binary files /dev/null and b/static/static/content/post/youtube-and-youtube-mp3.org/Youtube-mp3.org-error_300x154.png differ diff --git a/themes b/themes new file mode 160000 index 0000000..0236ad8 --- /dev/null +++ b/themes @@ -0,0 +1 @@ +Subproject commit 0236ad871f1144f6d0abd7d88fde180136953f58 diff --git a/vendor/lightGallery b/vendor/lightGallery new file mode 160000 index 0000000..15e2545 --- /dev/null +++ b/vendor/lightGallery @@ -0,0 +1 @@ +Subproject commit 15e254510a09975dee1ae47759326eb66a424576 diff --git a/vendor/lightslider b/vendor/lightslider new file mode 160000 index 0000000..f44b65f --- /dev/null +++ b/vendor/lightslider @@ -0,0 +1 @@ +Subproject commit f44b65f8ef90f1b28ce74224844d668fc346fee9