User Tools

Site Tools



One place for all notes on setting up Linux (xubuntu)

Page for stuff that's fallen out of newMachine

OPENQ: using encrypted disks but allowing NFS export to all of subnetwork

get xubuntu 18.04 on flash

install, encrypt disk, use install defaults

If using a swap partition, increase it to 2xRAM with something like

boot to liveCD
double click '119GB encrypted' and supply password to mount
scp .
# lvresize -L-31788m --resizefs /dev/xubuntu-vg/root
# lvresize -L+31788m /dev/xubuntu-vg/swap_1
# mkswap /dev/xubuntu-vg/swap_1
UUID=`blkid | egrep /dev/mapper/xubuntu--vg-swap_1 | cut -f2 -d\"`
egrep -v ^RESUME= /etc/initramfs-tools/conf.d/resume > /tmp/resume
mv /tmp/resume /etc/initramfs-tools/conf.d/resume
echo RESUME=UUID=$UUID >> /etc/initramfs-tools/conf.d/resume
apt install ssh emacs-nox nfs-kernel-server autofs mdadm denyhosts postfix smartmontools python3-matplotlib python3-numpy wavesurfer g++ ffmpeg sox curl a2ps sshfs virtualenv python-requests git zlib1g-dev automake autoconf libtool subversion libatlas3-base audacity uswsusp libreoffice

remove HWE as it wants to 'upgrade' to 5.3 which isn't stable:

apt remove linux-generic-hwe-18.04 linux-headers-generic-hwe-18.04 linux-image-generic-hwe-18.04

set up a static IP address (hostname + 100), 24,, DNS

copy /etc/hosts from hack0

install Chrome:

echo "deb [arch=amd64] stable main" > /etc/apt/sources.list.d/google-chrome.list
wget -q -O - | apt-key add
wget -q -O - | apt-key add -
apt update
apt install google-chrome-stable
echo -e "\ntonyr   ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

add to root crontab -e:

59 23 * * *   /hack/src/

lm-sensors? openssh-server?


Right click topbar, panel preferences, unlock, left click far end, move to bottom, lock again.

Add applications menu, remove wisker menu. Applications, right click and toggle show application title.

Right click task bar → Pannel → Panel Preferences → Items → Windows Buttons → Edit → Sorting Order → None

Right click task bar → Pannel → add new items → Launcher

Right click laucher,set to terminal emulator, replace exo-open with xfce4-terminal –title=hack0 –hide-menubar –zoom=2 -e 'ssh -p 20022'

Settings → Window Manager → Focus → Focus Follows Mouse and Raise on Focus with delay 40%

swap to filesystem

dd if=/dev/zero of=/swap bs=1G count=8
chmod 600 /swap && mkswap /swap && swapon /swap
echo "/swap swap swap defaults 0 0" >> /etc/fstab

OR, better, see /etc/init.d/* that sorts out swap as 2x RAM


No longer needed with 2019/2020 router? 20022 seems to get to 22.

ufw enable
ufw allow 22/tcp
ufw allow 20022/tcp

add this to the end of /etc/rc.local

iptables -t nat -A PREROUTING -p tcp --dport 20022 -j REDIRECT --to-port 22


Insert in auto.master:  /-	/etc/auto.hack
with cat /etc/auto.hack
/hack	 -fstype=nfs4	hack0:/export/hack

An account just so that I can allow a “less secure app” and send email via SMTP


Home: tony_robinson UwMLusSZh6

Work - just works
# Work: 993 587
# NowT: 993/587 1mob? NOWT?

for all accounts: Junk settings -> untick Enable adaptive junk mail
Edit -> Preferences -> Composition -> General -> Send options -> untick send as plain text if possible.
Edit -> Preferences -> Composition -> Display 


MUST HAVE bsd-mailx installed! (else from=<root@hack0> - 550 5.1.8 Sender Domain Invalid (VM420))

“Internet with smarthost” - then patch up

echo > /etc/mailname

emacs /etc/postfix/

# mydestination =, $myhostname, hack0, localhost.localdomain, localhost
myorigin = /etc/mailname
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanonymous
relayhost =

root@code0:/etc/postfix# cat /etc/postfix/sasl_passwd

postmap /etc/postfix/sasl_passwd
service postfix restart

MAKE SURE bsd-mailx is installed, or otherwise FROM is FQDN and virginmedia reject with VM420

RAID5 setup

parted -a optimal /dev/sdb

mklabel gpt
mkpart primary 0% 100%
set 1 raid on

mdadm --create /dev/md0 --level=5 --verbose --raid-devices=3 --spare-devices=0 /dev/sd{b,c,d}1

CHECK - use /etc/mdadm.conf or /etc/mdadm/mdadm.conf

cat >> /etc/mdadm.conf
AUTO +imsm +1.x -all

mdadm --detail --scan >> /etc/mdadm.conf

# from
cryptsetup luksFormat /dev/md0
dd if=/dev/urandom of=/etc/LUKSkey_md0 bs=1024 count=4
chmod 0400 /etc/LUKSkey_md0
cryptsetup luksAddKey /dev/md0 /etc/LUKSkey_md0
blkid | egrep /dev/md0
echo "md0_crypt UUID=1f255eb1-20a3-4e97-b8d3-92374ef734c0 /etc/LUKSkey_md0 luks,discard" >> /etc/crypttab
echo "/dev/mapper/md0_crypt /hack ext4 defaults 0 2" >> /etc/fstab

cryptsetup luksOpen /dev/md0 md0_crypt
mkfs.ext4 -m 1 /dev/mapper/md0_crypt
mkdir -p /hack


find /dev/sd? and parted as above

mdadm --add /dev/md0 /dev/sda1
mdadm --grow --raid-devices=4 --backup-file=/root/grow_md0.bak /dev/md0
cryptsetup resize /dev/mapper/md0_crypt
resize2fs  /dev/mapper/md0_crypt

Took a day to grow from devices=3 to devices=4

RAID FIX Offline_Uncorrectable

fail HDD: mdadm --fail /dev/md0 /dev/sda1
remove HDD: mdadm --remove /dev/md0 /dev/sda1
read/write to remap: badblocks -w -v -t random  /dev/sda
repartition as: parted -a optimal /dev/sda (abive)
add back HDD: mdadm --add /dev/md0 /dev/sda1
check rebuilding: cat /proc/mdstat
can also confirm by running a long SMART test: smartctl -t long /dev/sda

crypt change key

cryptsetup luksAddKey /dev/sda3
cryptsetup luksRemoveKey /dev/sda3


run sensors-detect, take defaults exept last one, which sets up cron.


Settings→Printers→Add→Network Printer→DCP-9270CDN→BROTHER and select the DCP-9045-DCP-BCS script option - works well enough.



apt install openjdk-9-jdk
dpkg --configure -a
dpkg -i --force-overwrite '/var/cache/apt/archives/openjdk-9-jdk_9~b114-0ubuntu1_amd64.deb'

Grid Engine


apt install gridengine-client gridengine-common gridengine-master gridengine-qmon


qconf -mconf


qmaster_params               MAX_DYN_EC=3292622 gdi_retries=-1

Also need to get -p working - something like `qconf -msconf` and set

weight_ticket                     0.00500000   # was 0.5
weight_waiting_time               0.00278000   # was 0.278
weight_deadline                   3600000.000000
weight_urgency                    0.00500000   # was 0.5
weight_priority                   1.000000     # was 0.0


Virginmedia superhub router

From factory reset (network 192.168.0.x)

router password: nutmegAndFl0ppy

Network SSID:  33Stretten
passphrase:  nutmegAndFl0ppy

Port forwarding
code0 ssh	20022	TCP&UDP
HTTP            80      TCP

DHCP - start at 200

Dynamic DNS

apt install dynuiuc
edit /etc/dynuiuc/dynuiuc.conf
username tonyRobinson
password 90kgFUMI


In AWS console ( Oregon) click Launch Instance _> Free Tier Only → Ubuntu → t2.micro → Enable termination protection → set size 30GiB → untick “Delete on Termination” → Encrypted set as alias/aws/ebs → security group add HTTP and HTTPS → key pair New and download → Launch.

Find IP address from console

ssh in ssh -i ~/.ssh/tonyRobinsoncom.pem ubuntu@

add-apt-repository ppa:certbot/certbot

make things clean apt update ; apt -y full-upgrade ; apt -y autoremove, keep local grub.

add what we need apt -y install emacs-nox php apache2 libapache2-mod-php dokuwiki openvpn certbot. Set admin password mass £ DOKUWIKI.

export EDITOR=emacs && crontab -e and append 0 0 * * * /root/ and 0 0 1 * * /usr/bin/certbot renew

emacs /etc/dokuwiki/apache.conf and change to “Allow from all”

emacs /var/lib/dokuwiki/inc/preload.php according to so that the end has lines wrapped in array() like this:

  'userstyle' => array(
      'default' => array(DOKU_CONF.'userstyle.css'), // 'default' was renamed  to 'screen' on 2011-02-26, so will be deprecated in the next version
      'screen'  => array(DOKU_CONF.'userstyle.css'),
      'rtl'     => array(DOKU_CONF.'userrtl.css'),
      'print'   => array(DOKU_CONF.'userprint.css'),
      'feed'    => array(DOKU_CONF.'userfeed.css'),
      'all'     => array(DOKU_CONF.'userall.css'),
  'userscript' => array(
      'default' => array(DOKU_CONF.'userscript.js')

emacs /usr/share/dokuwiki/lib/exe/css.php according to so that the two instances of $less→importDir[] around line 168 look like $less→importDir

run a2enmod rewrite and a2enmod ssl

emacs /etc/dokuwiki/apache.conf and uncomment all Rewrite* lines, changing “RewriteBase /”

chown -R www-data /var/lib/dokuwiki/lib/plugins


OLD: cd / ; tar cf root home/ubuntu/dokuwiki.tar var/lib/dokuwiki /etc/dokuwiki/farm; xz /home/ubuntu/dokuwiki.tar # or run!!!
HOME: scp -i ~/.ssh/tonyRobinsoncom.pem 
HOME: scp -i ~/.ssh/awstonyRobinsoncom.pem dokuwiki.tar.xz ubuntu@
NEW: mv /var/lib/dokuwiki /var/lib/dokuwiki-
NEW: cd / ; tar xvf /home/ubuntu/dokuwiki.tar.xz

In the 1and1, namecheap and admin panels, set the IP address (A record) for $SITE to the new IP address. set a CNAME for www.$SITE to $SITE.

run this script for all sites: and (n.b.lower case)
#!/bin/bash -ex
  <VirtualHost *:80>
  ServerName  $SITE
  ServerAlias www.$SITE
  Redirect    / https://$SITE/
<VirtualHost *:443>
  ServerName  $SITE
  ServerAlias www.$SITE
  ## Use this if you want a standard HTML index page and /wiki                                   
  # DocumentRoot /var/www/html/$SITE                                                             
  # Alias /wiki /usr/share/dokuwiki                                                              
  ## else                                                                                        
  DocumentRoot /usr/share/dokuwiki
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/$SITE/fullchain.pem"
  SSLCertificateKeyFile "/etc/letsencrypt/live/$SITE/privkey.pem"
certbot certonly --webroot -w /var/www/html -d $SITE
a2ensite $SITE
dokuwiki-addsite $SITE
systemctl reload apache2
exit 0

For each NEW site go to admin → Configuration

  • Set start to be “home” - before adding content!
  • Use nice URLs → .htaccess and Use slash as namespace separator in URLs → tick.
  • In “Disable activities” disallow registration, view source, old revisions, backlinks, recent changes, other→media
  • for google indexing:

Optional: Install “Video Sharing Site Plugin”

to set up VPN (not really needed) use EasyVPN

VPN = follow

  • to set up VPN (not really needed)
    • after cp -p openssl-1.0.0.cnf openssl.cnf
    • in .vars set export KEY_CONFIG=`$EASY_RSA/whichopensslcnf /etc/ssl`
  • mkdir /etc/opnevpn/keys
  • scp -i ~tonyr/.ssh/tonyRobinsoncom.pem server.crt server.key ca.crt dh2048.pem pfs.key ubuntu@
  • create /etc/openvpn/server.conf as per the site above
  • emacs /etc/default/openvpn and uncomment AUTOSTART=“all”


to give a domain an IP address, select “NameCheap Basic DNS” then set an “A Record @”



Update BIOS

Standard install.

Encrypt all (old encrypt home dir is no longer available)

apt-get install emacs-nox # suspend doesn't work - do not use # # then Power Manager → Laptop Lid → Hibernate“

email as above chrome as above xfce as above

Settings -> Window Manager -> Style -> Numix
Settings -> Appearance -> Style -> Numix
Settings -> Appearance -> Fonts -> Liberation Sans 14 and Monospace 14
Settings -> Appearance -> Fonts -> Enable Anti-aliasing RGB
Settings -> Mouse and Touchpad -> Reverse scroll direction
Settings -> Mouse and Touchpad -> Device -> ETPS/2 -> Touchpad -> disable click if typing

Fire up Chrome, set as default browser and sign in to google+.
Settings -> page zoom 150%.

Raspberry Pi

Download latest release and dd to disk dd if=2018-11-13-raspbian-stretch-full.img of=/dev/sdc – CHECK LATEST, FULL AND /DEV/SD!!!!

with raspi-config do:

enable ssh
change password MASSRASPBERRY
change hostname to rpi$N

use static IP append /etc/dhcpcd.conf

interface wlan0

static ip_address=192.168.0.$N/24   $N= 40 + pi$n
static routers=
static domain_name_servers=

try to do the rest with ansible

emacs /etc/dphys-swapfile and #CONF_SWAPSIZE=100

apt update apt full-upgrade apt install emacs-nox ntp hdparm

mkdir /home/tonyr

In /etc/hosts: hack0

use static IP append /etc/dhcpcd.conf interface wlan0

static ip_address=192.168.0.$N/24 $N= 40 + pi$n static routers= static domain_name_servers=

End of /etc/fstab

hack0:/home/tonyr /home/tonyr nfs defaults,retrans=8 0 0

To use GPIO 14 and 15

systemctl stop serial-getty@ttyS0.service systemctl disable serial-getty@ttyS0.service

Hunted Pi

enable ssh

Preferences → Apprearance settings

Defaults -> For large screens
Desktop -> remove wastebasket
Taskbar Position bottom

apt install x11vnc xrdp

In /etc/rc.local:

x11vnc -auth guess -geometry 1448x1072 -display :0 &

LXTerminal → Display

Default Window size 64x23 ???

Boot pi and kindle, plug together with USB


connect pw3 first so that it gets usb0

rpi pw3

connect mobile second so it gets usb1 and reads /etc/dhcpcd.conf


When on wifi


use rfkill to stop WiFi from coming up

kindle kterm, ./, screen -x - now in pi and keyboard should work kterm is set to ?x? and resize works/fails.


in /boot/config.txt have dtparam=spi=on and dtparam=i2c_arm=on

Follow instructions at:

git clone
cd ~/logi-tools/unified_loader
make clean
make logipi_loader PI_VER=PI1
sudo make install

Follow instructions at:

Visit and downlaods all four, unpack the first and run ./xsetup

Fix up lib6xx like this:

To run:

source /opt/Xilinx/14.7/ISE_DS/ && ise

and to get started with the ISE

WiFi dongle

ls -d /sys/class/net/wl*
nmcli dev wifi

The dongle with the attached antenna doesn't have great range.

The dongle with the separate antenna needs a git clone of XXX/rtl8188fu and following a lot of instuctions. it has great range but Ooopsed when in monitoring mode (needed reboot). Drivers are not stable enough.

Bidding on as it has a big antenna and if that fails then buy

WiFi crack

private/newmachine.txt · Last modified: 2020/03/01 11:25 by admin