Difference between revisions of "Damme's linux stuff"

From World Wide Wiegert Wiki - WWWW
Jump to: navigation, search
Line 82: Line 82:
Added "TimeoutSec=900" in [Service]-Section lvm2-lvmetad.service, otherwise shutdown takes too long time and lvmetad gets killed instead of clean shutdown, Results in failed lv which needs lvchange -ay [lvm] or worse - lvconvert --repair.
Added "TimeoutSec=900" in [Service]-Section lvm2-lvmetad.service, otherwise shutdown takes too long time and lvmetad gets killed instead of clean shutdown, Results in failed lv which needs lvchange -ay [lvm] or worse - lvconvert --repair.


Docker /etc/docker/daemon.json added "iptables": false. Docker kills kvm bridges without it.
* Docker /etc/docker/daemon.json added "iptables": false. Docker kills kvm bridges without it.
udev rules:
 
* udev rules:


<syntaxhighlight lang="c">
<syntaxhighlight lang="c">

Revision as of 12:25, 28 September 2020

SSH

ssh-keygen -N '' -f ~/.ssh/id_rsa #generate all keys - don't ask for passkey, save in ~/.ssh/id_rsa

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub # if ~/.ssh/id_rsa.pub is missing!

ssh-copy-id user@host # copy id_rsa.pub to host ~/.ssh/authorized_keys

sshpiper auth process:

(client)[id_rsa.pub] -> (sshpiper)[authorized_keys] [id_rsa.pub] -> (target) [authorized_keys]

pacman

pacman -F $filename # Search package including $filename:
pacman -Ss $package # Search $package
pacman -S $package # Install $package
pacman -R $package # Remove $package

Docker

Generate rsa keys for encrypted communication between

export HOST=$HOSTNAME
export PASS=SuperSecret
export SUBJ='/C=SE/L=Skällinge/O=Unimatrix'
export DAYS=3650

openssl genrsa -aes256 -out ca-key.pem -passout pass:$PASS 4096
openssl req -new -x509 -days $DAYS -key ca-key.pem -sha256 -out ca.pem -passin pass:$PASS -subj $SUBJ

openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

echo subjectAltName = DNS:$HOST,IP:10.0.0.200,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days $DAYS -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out server-cert.pem -extfile extfile.cnf -passin pass:$PASS

#client:
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days $DAYS -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
  -CAcreateserial -out cert.pem -extfile extfile-client.cnf -passin pass:$PASS

netcat

echo "test" | nc wiegert.link 12345 # client
nc -l 12345 -k # listener server, k = continuous

systemd

systemctl edit --full lvm2-lvmetad.service # edit service
systemctl edit lvm2-lvmetad.service # edit service override
systemctl daemon-reload # Reload systemd manager configuration

Other stuff

Fixperm on files (600) and folders (700):

find . -type d -exec chmod 700 {} \;
find . -type f -exec chmod 600 {} \;

docker + kvm + networking = :( https://serverfault.com/questions/963759/docker-breaks-libvirt-bridge-network

pfsense port forwarding while not being default gw: https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat.html#figure-manual-outbound-nat-local-device

smtprelay via gmail with postfix mailutils, s-nail https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/

Nut sending mails: https://freekode.org/nut-sending-emails/


Server Queen Specific changes

Added "TimeoutSec=900" in [Service]-Section lvm2-lvmetad.service, otherwise shutdown takes too long time and lvmetad gets killed instead of clean shutdown, Results in failed lv which needs lvchange -ay [lvm] or worse - lvconvert --repair.

  • Docker /etc/docker/daemon.json added "iptables": false. Docker kills kvm bridges without it.
  • udev rules:
#ups and TI zigbee module fix:
KERNEL=="ttyACM*", SUBSYSTEM=="tty", ENV{ID_USB_INTERFACE_NUM}=="00", ENV{ID_VENDOR_ID}=="0451", SYMLINK+="TIherdsman"
KERNEL=="ttyACM*", SUBSYSTEM=="tty", ENV{ID_USB_INTERFACE_NUM}=="03", ENV{ID_VENDOR_ID}=="0451", SYMLINK+="TImcu"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="047c", ATTRS{idProduct}=="ffff", SYMLINK+="DellUPS0", MODE="0666"

# reload sysctl if br_netfilter is loaded, wierd stuff happens otherwise.
ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", RUN+="/sbin/sysctl --system"

# /usr/lib/udev/rules.d/11-dm-lvm.rules
# Create symlinks for top-level devices only.
## EDIT BY DAMME 2020-07-22 to populate partitions for libvirt
ENV{DM_VG_NAME}=="?*", ENV{DM_LV_NAME}=="?*", SYMLINK+="$env{DM_VG_NAME}/$env{DM_LV_NAME}"
ENV{DM_VG_NAME}=="?*", ENV{DM_LV_NAME}=="?*", RUN+="/sbin/kpartx -un /dev/%E{DM_VG_NAME}/%E{DM_LV_NAME}", GOTO="lvm_end"