User Tools

Site Tools


private:newmachine

newMachine

One place for all notes on setting up Linux (xubuntu)

Page for stuff that's fallen out of newMachine

OPENQ: using encrypted disks but allowing NFS export to all of subnetwork

get xubuntu 18.04 on flash

install, encrypt disk, use install defaults

If using a swap partition, increase it to 2xRAM with something like

boot to liveCD
double click '119GB encrypted' and supply password to mount
scp tonyr@192.168.2.8:lvresize.sh .
# lvresize -L-31788m --resizefs /dev/xubuntu-vg/root
# lvresize -L+31788m /dev/xubuntu-vg/swap_1
# mkswap /dev/xubuntu-vg/swap_1
UUID=`blkid | egrep /dev/mapper/xubuntu--vg-swap_1 | cut -f2 -d\"`
egrep -v ^RESUME= /etc/initramfs-tools/conf.d/resume > /tmp/resume
mv /tmp/resume /etc/initramfs-tools/conf.d/resume
echo RESUME=UUID=$UUID >> /etc/initramfs-tools/conf.d/resume
apt install ssh emacs-nox nfs-kernel-server autofs mdadm denyhosts postfix smartmontools python3-matplotlib python3-numpy wavesurfer g++ ffmpeg sox curl a2ps sshfs virtualenv python-requests git zlib1g-dev automake autoconf libtool subversion libatlas3-base audacity uswsusp libreoffice

remove HWE as it wants to 'upgrade' to 5.3 which isn't stable:

apt remove linux-generic-hwe-18.04 linux-headers-generic-hwe-18.04 linux-image-generic-hwe-18.04

set up a static IP address (hostname + 100), 24, 192.168.0.1, DNS 8.8.8.8

copy /etc/hosts from hack0

install Chrome:

echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
apt update
apt install google-chrome-stable
echo -e "\ntonyr   ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

add to root crontab -e:

59 23 * * *   /hack/src/backup.sh

lm-sensors? openssh-server?

xfce

Right click topbar, panel preferences, unlock, left click far end, move to bottom, lock again.

Add applications menu, remove wisker menu. Applications, right click and toggle show application title.

Right click task bar → Pannel → Panel Preferences → Items → Windows Buttons → Edit → Sorting Order → None

Right click task bar → Pannel → add new items → Launcher

Right click laucher,set to terminal emulator, replace exo-open with xfce4-terminal –title=hack0 –hide-menubar –zoom=2 -e 'ssh -p 20022 tonyrobinson.com'

Settings → Window Manager → Focus → Focus Follows Mouse and Raise on Focus with delay 40%

swap to filesystem

dd if=/dev/zero of=/swap bs=1G count=8
chmod 600 /swap && mkswap /swap && swapon /swap
echo "/swap swap swap defaults 0 0" >> /etc/fstab

OR, better, see /etc/init.d/* that sorts out swap as 2x RAM

firewall

No longer needed with 2019/2020 router? 20022 seems to get to 22.

ufw enable
ufw allow 22/tcp
ufw allow 20022/tcp

add this to the end of /etc/rc.local

iptables -t nat -A PREROUTING -p tcp --dport 20022 -j REDIRECT --to-port 22

autofs

Insert in auto.master:  /-	/etc/auto.hack
with cat /etc/auto.hack
/hack	 -fstype=nfs4	hack0:/export/hack

tonyrSMTP@gmail.com

An account just so that I can allow a “less secure app” and send email via SMTP

email/Thunderbird

Home:  imap.ntlworld.com:993 smtp.ntlworld.com:465 tony_robinson UwMLusSZh6

Work - tonyr@speechmatics.com just works
# Work: outlook.office365.com 993 tonyr@speechmatics.com
outlook.office365.com 587
# NowT: mail3.gridhost.co.uk info@nowtranscribe.com 993/587 1mob? NOWT?

for all accounts: Junk settings -> untick Enable adaptive junk mail
Edit -> Preferences -> Composition -> General -> Send options -> untick send as plain text if possible.
Edit -> Preferences -> Composition -> Display 

Postfix

MUST HAVE bsd-mailx installed! (else from=<root@hack0> - 550 5.1.8 Sender Domain Invalid (VM420))

“Internet with smarthost” - then patch up

echo tonyRobinson.com > /etc/mailname

emacs /etc/postfix/main.cf

# mydestination = tonyRobinson.com, $myhostname, hack0, localhost.localdomain, localhost
myorigin = /etc/mailname
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanonymous
relayhost = smtp.ntlworld.com

root@code0:/etc/postfix# cat /etc/postfix/sasl_passwd
[smtp.ntlworld.com]            tony_robinson@ntlworld.com:ajr4both
[smtp.ntlworld.com]:submission tony_robinson@ntlworld.com:ajr4both

postmap /etc/postfix/sasl_passwd
service postfix restart

MAKE SURE bsd-mailx is installed, or otherwise FROM is FQDN and virginmedia reject with VM420

RAID5 setup

parted -a optimal /dev/sdb

mklabel gpt
mkpart primary 0% 100%
set 1 raid on
print
quit

mdadm --create /dev/md0 --level=5 --verbose --raid-devices=3 --spare-devices=0 /dev/sd{b,c,d}1

CHECK - use /etc/mdadm.conf or /etc/mdadm/mdadm.conf

cat >> /etc/mdadm.conf
MAILADDR root
AUTO +imsm +1.x -all
EOF

mdadm --detail --scan >> /etc/mdadm.conf


# from https://davidyat.es/2015/04/03/encrypting-a-second-hard-drive-on-ubuntu-14-10-post-install/
cryptsetup luksFormat /dev/md0
dd if=/dev/urandom of=/etc/LUKSkey_md0 bs=1024 count=4
chmod 0400 /etc/LUKSkey_md0
cryptsetup luksAddKey /dev/md0 /etc/LUKSkey_md0
blkid | egrep /dev/md0
echo "md0_crypt UUID=1f255eb1-20a3-4e97-b8d3-92374ef734c0 /etc/LUKSkey_md0 luks,discard" >> /etc/crypttab
echo "/dev/mapper/md0_crypt /hack ext4 defaults 0 2" >> /etc/fstab

cryptsetup luksOpen /dev/md0 md0_crypt
mkfs.ext4 -m 1 /dev/mapper/md0_crypt
mkdir -p /hack

RAID ADD DISK

find /dev/sd? and parted as above

mdadm --add /dev/md0 /dev/sda1
mdadm --grow --raid-devices=4 --backup-file=/root/grow_md0.bak /dev/md0
cryptsetup resize /dev/mapper/md0_crypt
resize2fs  /dev/mapper/md0_crypt

Took a day to grow from devices=3 to devices=4

RAID FIX Offline_Uncorrectable

fail HDD: mdadm --fail /dev/md0 /dev/sda1
remove HDD: mdadm --remove /dev/md0 /dev/sda1
read/write to remap: badblocks -w -v -t random  /dev/sda
repartition as: parted -a optimal /dev/sda (abive)
add back HDD: mdadm --add /dev/md0 /dev/sda1
check rebuilding: cat /proc/mdstat
can also confirm by running a long SMART test: smartctl -t long /dev/sda

crypt change key

cryptsetup luksAddKey /dev/sda3
cryptsetup luksRemoveKey /dev/sda3

sensors

run sensors-detect, take defaults exept last one, which sets up cron.

Printer

Settings→Printers→Add→Network Printer→DCP-9270CDN→BROTHER and select the DCP-9045-DCP-BCS script option - works well enough.

Javac

from https://askubuntu.com/questions/769467/can-not-install-openjdk-9-jdk-because-it-tries-to-overwrite-file-aready-includ

apt install openjdk-9-jdk
dpkg --configure -a
dpkg -i --force-overwrite '/var/cache/apt/archives/openjdk-9-jdk_9~b114-0ubuntu1_amd64.deb'

Grid Engine

see http://kaldi-asr.org/doc/queue.html#parallelization_gridengine

apt install gridengine-client gridengine-common gridengine-master gridengine-qmon

Need

qconf -mconf

with

qmaster_params               MAX_DYN_EC=3292622 gdi_retries=-1

Also need to get -p working - something like `qconf -msconf` and set

weight_ticket                     0.00500000   # was 0.5
weight_waiting_time               0.00278000   # was 0.278
weight_deadline                   3600000.000000
weight_urgency                    0.00500000   # was 0.5
weight_priority                   1.000000     # was 0.0

FINISH THIS OFF

Virginmedia superhub router

From factory reset (network 192.168.0.x)

router password: nutmegAndFl0ppy

Network SSID:  33Stretten
passphrase:  nutmegAndFl0ppy

Port forwarding
code0 ssh	20022	TCP&UDP	192.168.0.10
HTTP            80      TCP     192.168.0.10

DHCP - start at 200

Dynamic DNS

apt install dynuiuc
edit /etc/dynuiuc/dynuiuc.conf
username tonyRobinson
password 90kgFUMI

AWS/dokuwiki

In AWS console (us-west-2.console.aws Oregon) click Launch Instance _> Free Tier Only → Ubuntu → t2.micro → Enable termination protection → set size 30GiB → untick “Delete on Termination” → Encrypted set as alias/aws/ebs → security group add HTTP and HTTPS → key pair New and download → Launch.

Find IP address from console

ssh in ssh -i ~/.ssh/tonyRobinsoncom.pem ubuntu@52.42.78.242

add-apt-repository ppa:certbot/certbot

make things clean apt update ; apt -y full-upgrade ; apt -y autoremove, keep local grub.

add what we need apt -y install emacs-nox php apache2 libapache2-mod-php dokuwiki openvpn certbot. Set admin password mass £ DOKUWIKI.

export EDITOR=emacs && crontab -e and append 0 0 * * * /root/backup.sh and 0 0 1 * * /usr/bin/certbot renew

emacs /etc/dokuwiki/apache.conf and change to “Allow from all”

emacs /var/lib/dokuwiki/inc/preload.php according to https://github.com/splitbrain/dokuwiki/issues/1664 so that the end has lines wrapped in array() like this:

  'userstyle' => array(
      'default' => array(DOKU_CONF.'userstyle.css'), // 'default' was renamed  to 'screen' on 2011-02-26, so will be deprecated in the next version
      'screen'  => array(DOKU_CONF.'userstyle.css'),
      'rtl'     => array(DOKU_CONF.'userrtl.css'),
      'print'   => array(DOKU_CONF.'userprint.css'),
      'feed'    => array(DOKU_CONF.'userfeed.css'),
      'all'     => array(DOKU_CONF.'userall.css'),
  ),
  'userscript' => array(
      'default' => array(DOKU_CONF.'userscript.js')
  ),

emacs /usr/share/dokuwiki/lib/exe/css.php according to https://github.com/splitbrain/dokuwiki/issues/1664 so that the two instances of $less→importDir[] around line 168 look like $less→importDir

run a2enmod rewrite and a2enmod ssl

emacs /etc/dokuwiki/apache.conf and uncomment all Rewrite* lines, changing “RewriteBase /”

chown -R www-data /var/lib/dokuwiki/lib/plugins

MOVE SITE:

OLD: cd / ; tar cf root home/ubuntu/dokuwiki.tar var/lib/dokuwiki /etc/dokuwiki/farm; xz /home/ubuntu/dokuwiki.tar # or run backup.sh!!!
HOME: scp -i ~/.ssh/tonyRobinsoncom.pem ubuntu@tonyrobinson.com:dokuwiki.tar.xz 
HOME: scp -i ~/.ssh/awstonyRobinsoncom.pem dokuwiki.tar.xz ubuntu@34.217.178.170:
NEW: mv /var/lib/dokuwiki /var/lib/dokuwiki-
NEW: cd / ; tar xvf /home/ubuntu/dokuwiki.tar.xz

In the 1and1, namecheap and names.co.uk admin panels, set the IP address (A record) for $SITE to the new IP address. set a CNAME for www.$SITE to $SITE.

run this script for all sites: hunted5.com imagi.ai neuracore.net cogbot.net and tonyrobinson.com (n.b.lower case)

addSite.sh
#!/bin/bash -ex
 
SITE=$1
 
cat<<EOF>/etc/apache2/sites-available/$SITE.conf
</VirtualHost>
  <VirtualHost *:80>
  ServerName  $SITE
  ServerAlias www.$SITE
  Redirect    / https://$SITE/
</VirtualHost>
 
<VirtualHost *:443>
  ServerName  $SITE
  ServerAlias www.$SITE
  ## Use this if you want a standard HTML index page and /wiki                                   
  # DocumentRoot /var/www/html/$SITE                                                             
  # Alias /wiki /usr/share/dokuwiki                                                              
  ## else                                                                                        
  DocumentRoot /usr/share/dokuwiki
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/$SITE/fullchain.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/$SITE/privkey.pem"
</VirtualHost>
EOF
 
certbot certonly --webroot -w /var/www/html -d $SITE
a2ensite $SITE
dokuwiki-addsite $SITE
systemctl reload apache2
 
exit 0

For each NEW site go to admin → Configuration

  • Set start to be “home” - before adding content!
  • Use nice URLs → .htaccess and Use slash as namespace separator in URLs → tick.
  • In “Disable activities” disallow registration, view source, old revisions, backlinks, recent changes, other→media
  • for google indexing:

Optional: Install “Video Sharing Site Plugin”

to set up VPN (not really needed) use EasyVPN

VPN = follow https://www.comparitech.com/blog/vpn-privacy/build-linux-vpn-server/

  • to set up VPN (not really needed)
    • after cp -p openssl-1.0.0.cnf openssl.cnf
    • in .vars set export KEY_CONFIG=`$EASY_RSA/whichopensslcnf /etc/ssl`
  • mkdir /etc/opnevpn/keys
  • scp -i ~tonyr/.ssh/tonyRobinsoncom.pem server.crt server.key ca.crt dh2048.pem pfs.key ubuntu@52.42.78.242:/etc/opnevpn/keys
  • create /etc/openvpn/server.conf as per the site above
  • emacs /etc/default/openvpn and uncomment AUTOSTART=“all”

namecheap

to give a domain an IP address, select “NameCheap Basic DNS” then set an “A Record @ 65.52.130.179”

lambda-stack

easynote

Update BIOS

http://drivers.softpedia.com/get/BIOS/Packard-Bell/Packard-Bell-EasyNote-ME69BMP-BIOS-213.shtml

Standard install.

Encrypt all (old encrypt home dir is no longer available)

apt-get install emacs-nox # suspend doesn't work - do not use # https://help.ubuntu.com/lts/ubuntu-help/power-hibernate.html # then Power Manager → Laptop Lid → Hibernate“

email as above chrome as above xfce as above

Settings -> Window Manager -> Style -> Numix
Settings -> Appearance -> Style -> Numix
Settings -> Appearance -> Fonts -> Liberation Sans 14 and Monospace 14
Settings -> Appearance -> Fonts -> Enable Anti-aliasing RGB
Settings -> Mouse and Touchpad -> Reverse scroll direction
Settings -> Mouse and Touchpad -> Device -> ETPS/2 -> Touchpad -> disable click if typing

Fire up Chrome, set as default browser and sign in to google+.
Settings -> page zoom 150%.

Raspberry Pi

Download latest release and dd to disk dd if=2018-11-13-raspbian-stretch-full.img of=/dev/sdc – CHECK LATEST, FULL AND /DEV/SD!!!!

with raspi-config do:

enable ssh
change password MASSRASPBERRY
change hostname to rpi$N

use static IP append /etc/dhcpcd.conf

interface wlan0

static ip_address=192.168.0.$N/24   $N= 40 + pi$n
static routers=192.168.0.1
static domain_name_servers=192.168.0.1 8.8.8.8 4.4.4.4

try to do the rest with ansible

emacs /etc/dphys-swapfile and #CONF_SWAPSIZE=100

apt update apt full-upgrade apt install emacs-nox ntp hdparm

mkdir /home/tonyr

In /etc/hosts: 192.168.0.10 hack0

use static IP append /etc/dhcpcd.conf interface wlan0

static ip_address=192.168.0.$N/24 $N= 40 + pi$n static routers=192.168.0.1 static domain_name_servers=192.168.0.1 8.8.8.8 4.4.4.4

End of /etc/fstab

hack0:/home/tonyr /home/tonyr nfs defaults,retrans=8 0 0

To use GPIO 14 and 15

systemctl stop serial-getty@ttyS0.service systemctl disable serial-getty@ttyS0.service

Hunted Pi

enable ssh

Preferences → Apprearance settings

Defaults -> For large screens
Desktop -> remove wastebasket
Taskbar Position bottom

apt install x11vnc xrdp

In /etc/rc.local:

x11vnc -auth guess -geometry 1448x1072 -display :0 &

LXTerminal → Display

Default Window size 64x23 ???

Boot pi and kindle, plug together with USB

usb0

connect pw3 first so that it gets usb0

rpi 169.254.185.103 pw3 169.254.185.244

connect mobile second so it gets usb1 and reads /etc/dhcpcd.conf

rpi 192.168.42.47

When on wifi

rpi 192.168.0.47

use rfkill to stop WiFi from coming up

kindle kterm, ./rpi.sh, screen -x - now in pi and keyboard should work kterm is set to ?x? and resize works/fails.

LOGI-PI-2

in /boot/config.txt have dtparam=spi=on and dtparam=i2c_arm=on

Follow instructions at: http://valentfx.com/wiki/index.php?title=Logi-Pi_User_Guide#Creating_your_own.C2.A0Raspberry_Pi_image_compatible_with_LOGI-tools

git clone https://github.com/fpga-logi/logi-tools.git
cd ~/logi-tools/unified_loader
make clean
make logipi_loader PI_VER=PI1
sudo make install

Follow instructions at: http://valentfx.com/wiki/index.php?title=Logi-Pi_Quick_Start_Guide#Running_the_LOGI-Apps_using_an_SSH_terminal_connection_to_the_Raspberry_Pi

Visit https://www.xilinx.com/support/download/index.html/content/xilinx/en/downloadNav/design-tools/v2012_4---14_7.html and downlaods all four, unpack the first and run ./xsetup

Fix up lib6xx like this: https://askubuntu.com/questions/699440/version-glibcxx-3-4-20-not-found

To run:

source /opt/Xilinx/14.7/ISE_DS/settings64.sh && ise

and to get started with the ISE http://valentfx.com/wiki/index.php?title=LOGI_Guide_-_Your_First_Project_using_Xilinx_ISE

WiFi dongle

ls -d /sys/class/net/wl*
nmcli dev wifi

The dongle with the attached antenna doesn't have great range.

The dongle with the separate antenna needs a git clone of XXX/rtl8188fu and following a lot of instuctions. it has great range but Ooopsed when in monitoring mode (needed reboot). Drivers are not stable enough.

Bidding on https://www.ebay.co.uk/itm/600Mbps-Wireless-USB-WiFi-Adapter-Dongle-LAN-802-11ac-a-b-g-n-5-2-4Ghz-Laptop-PC/153461329505 as it has a big antenna and if that fails then buy https://www.ebay.co.uk/itm/150M-USB-WiFi-Wireless-Adapter-LAN-w-Antenna-ralink-rt7601-Chip-UK/263966917478

WiFi crack

private/newmachine.txt · Last modified: 2020/03/01 11:25 by admin