Cleaned up and merge other Linux snippit repo

Meged https://git.bprieshof.nl/brammp/linux into ./Linux
2023-11-17 00:05:49 +01:00
parent 0638efa018
commit 9fb35960f9
53 changed files with 1851 additions and 7 deletions
--- a/Linux/Docs/HowTo-ISO-Repack.md
+++ b/Linux/Docs/HowTo-ISO-Repack.md
@@ -0,0 +1,35 @@
+# Repack linux ISO
+
+Commands expect to be in a root shell
+
+## Install needed tools
+mkisofs xorriso isohybrid
+
+## Editing ISO image
+
+Create workspace  
+`mkdir /tmp/custom_iso`  
+Mount image and extract it since it is read only  
+```
+mount -t iso9660 -o loop ~/original.iso /mnt/`  
+tar cf - /mnt/. | (cd /tmp/custom_iso; tar xfp -)
+```
+You can now modify the files for editing the bootloader config for example!  
+
+## Back into an iso
+
+### Legacy only
+Rebuild iso with mkisofs  
+`mkisofs -o output.iso -b syslinux/isolinux.bin -c syslinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -J -R -V "Custom ISO" /tmp/custom_iso`  
+Bless it with isohybrid  
+`isohybrid output.iso`  
+
+### EFI and Legacy
+Rebuild iso with mkisofs  
+`mkisofs -o output.iso -b syslinux/isolinux.bin -J -R -l -c syslinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot -graft-points -V "Custom ISO" /tmp/custom_iso`  
+Bless it with isohybrid  
+`isohybrid --uefi  output.iso` 
+
+### Sources
+https://gist.github.com/AkdM/2cd3766236582ed0263920d42c359e0f  
+https://tuxfixer.com/mount-modify-edit-repack-create-uefi-iso-including-kickstart-file/  
--- a/Linux/Docs/HowTo-InfoAtLoginPromt.md
+++ b/Linux/Docs/HowTo-InfoAtLoginPromt.md
@@ -0,0 +1,8 @@
+***IP address on host promts (add to /etc/issue)***
+```
+<ifName>: \4{<ifName>}
+```
+***IP address on motd (add to .bashrc)***
+```
+echo "IP: $(ip -o -4 addr list "<IFNAME>" | awk '{print $4}' | cut -d/ -f1)"
+```
--- a/Linux/Docs/HowTo-Migrate-SecureBootKey.md
+++ b/Linux/Docs/HowTo-Migrate-SecureBootKey.md
@@ -0,0 +1,37 @@
+# Migrate Secureboot key
+## Export Ubuntu
+Copy following files
+* Private Key: /var/lib/shim-signed/mok/MOK.priv
+* Public Key: /var/lib/shim-signed/mok/MOK.der
+
+## Export Fedora
+Copy following files  
+* Symlink to Private Key: /etc/pki/akmods/private/private_key.priv
+* Symlink to Public Key: /etc/pki/akmods/certs/private_key.priv
+
+## Import Ubuntu
+Using source.priv and source.der files in current directory to import
+```
+cp source.priv  /var/lib/shim-signed/mok/MOK.priv
+cp source.der  /var/lib/shim-signed/mok/MOK.der
+```
+
+## Import Fedora
+Using source.priv and source.der files in current directory to import
+```
+dnf install akmods kmodtool
+
+KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')"
+
+cp source.der /etc/pki/akmods/certs/${KEYNAME}.der
+cp source.priv /etc/pki/akmods/private/${KEYNAME}.priv
+
+chgrp akmods /etc/pki/akmods/certs/${KEYNAME}.*
+chgrp akmods /etc/pki/akmods/private/${KEYNAME}.*
+
+chmod g+r /etc/pki/akmods/certs/${KEYNAME}.*
+chmod g+r /etc/pki/akmods/private/${KEYNAME}.*
+
+ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der
+ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv
+```
--- a/Linux/Docs/HowTo-Multicore
+++ b/Linux/Docs/HowTo-Multicore
@@ -0,0 +1,13 @@
+## Install
+```
+apt install pigz
+```
+## Compress
+```
+tar cf - [inputdir] | pigz -[compression level (0 = none, 1 = minimal, 9 = maximum)] -p[cores] > [output.tar.gz]
+```
+## Extract
+```
+unpigz < [input.tar.gz] | (cd [extract location] && tar xvf -)
+```
+
--- a/Linux/Docs/HowTo-NginxArgToRev.md
+++ b/Linux/Docs/HowTo-NginxArgToRev.md
@@ -0,0 +1,18 @@
+#### Input: dom.ain/UrLocation/?set=123
+
+
+
+#### Nginx Conf
+
+######  Required when directing to domain 
+```
+resolver 1.1.1.1 [::1]:5353 valid=30s;
+```
+
+
+```
+location /UrLocation {
+        proxy_pass https://other.domain/json.htm?type=command&&switchcmd=Set%20Level&level=$arg_set;
+}
+```
+#### result: https://other.domain/json.htm?type=command&&switchcmd=Set%20Level&level=123
--- a/Linux/Docs/HowTo-SSH-Tunnels.md
+++ b/Linux/Docs/HowTo-SSH-Tunnels.md
@@ -0,0 +1,42 @@
+## SSH SOCSK (ProxyTunnel)
+#### Command
+`ssh -C -D <proxyport> <USERNAME>@<SYSTEM>`
+
+* -C : enables compression
+* -D : specifies Socks proxyport 
+
+### Firefox
+1. go to Edit -> Preferences -> Advanced -> Network -> Connection -> Settings...
+2. check "Manual proxy configuration"
+3. make sure "Use this proxy server for all protocols" is cleared
+4. clear "HTTP Proxy", "SSL Proxy", "FTP Proxy", and "Gopher Proxy" fields
+5. enter "127.0.0.1" for "SOCKS Host"
+6. enter "1080" (or whatever port you chose) for Port.
+
+## SSH Remote forward (makes local port apear on remote machine)
+
+#### Port to be internaly binded on remote machine
+
+`ssh -R <remoteport>:<address in local network or localhost>:<localport> <USERNAME>@<SYSTEM>`
+
+#### Port to be binded to remote machine 
+
+`ssh -g -R *:<remoteport>:<address in local network or localhost>:<localport> <USERNAME>@<SYSTEM>`
+
+* -R : Remote forward
+* -N : Do not execute a remote command
+* -g : forward to remote network
+
+### SSHD config (on remote where ports are forwarded to)
+* GatewayPorts no : only allows the remote system to connect
+* GatewayPorts yes: allows the remote network to connect to the forwarded port
+* GatewayPorts clientspecified : allows the remote network to connect to the forwarded port when -g switch is used
+
+
+## SSH Local forward (makes remote port apear on local machine)
+
+#### Remote port to be binded on local machine
+
+`ssh -L <bindPort>:<address in remote network or localhost>:<remote port> <USERNAME>@<SYSTEM>`
+
+* -L : Local forward
--- a/Linux/Docs/Setup-DkimPostfix.md
+++ b/Linux/Docs/Setup-DkimPostfix.md
@@ -0,0 +1,92 @@
+# Setup postfix to add DKIM Signature to mails send by system
+
+## Prerequisites
+* Postfix (configured using Web-V2 if possible)
+
+## Setup
+```
+apt install opendkim opendkim-tools -y
+adduser postfix opendkim
+sudo --user opendkim mkdir /etc/opendkim/keys/<DOMAINNAME>
+sudo --user opendkim opendkim-genkey -r -D /etc/opendkim/keys/<DOMAINNAME> -d <DOMAINNAME> -s vps
+chown opendkim:opendkim /etc/opendkim/keys -R
+mkdir /var/spool/postfix/opendkim
+sudo chown opendkim:postfix /var/spool/postfix/opendkim
+```
+
+## Configuration
+### File: /etc/default/opendkim REPLACE
+Replace existing `RUNDIR` with the following
+```
+RUNDIR=/var/spool/postfix/var/run/opendkim
+```
+### File:/etc/opendkim.conf 
+Add the following to the file
+```
+Canonicalization        relaxed/simple
+KeyTable                refile:/etc/opendkim/KeyTable
+SigningTable            refile:/etc/opendkim/SigningTable
+ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
+InternalHosts           refile:/etc/opendkim/TrustedHosts
+```
+
+### File: /etc/opendkim/TrustedHosts
+Add the following to the file
+```
+127.0.0.1
+::1
+localhost
+<EXT SERVER IP>
+<HOSTNAME>
+<DOMAINNAME>
+```
+
+### File: /etc/opendkim/KeyTable
+Add the following to the file
+```
+vps._domainkey.<DOMAINNAME> <DOMAINNAME>:vps:/etc/opendkim/keys/<DOMAINNAME>/vps.private
+```
+
+### File: /etc/opendkim/SigningTable
+Add the following to the file
+```
+*@<DOMAINNAME> vps._domainkey.<DOMAINNAME>
+```
+
+### File: /etc/postfix
+Add the following to the file
+```
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
+```
+
+## Reload and restart services
+```
+bash /lib/opendkim/opendkim.service.generate
+systemctl daemon-reload
+systemctl restart opendkim postfix
+```
+
+## DNS
+### SPF on host name
+###SPF on Domain
+### Key on Domain
+Get public key `cat /etc/opendkim/keys/<DOMAINNAME>/vps.txt`  
+Output example:  
+
+```
+#Record Name     Record Type  
+#   V                  V
+vps._domainkey	IN	TXT	( "v=DKIM1; h=sha256; k=rsa; s=email; "
+	  "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6P"
+	  "w6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB" )  ; ----- DKIM key vps for Test.com
+```
+Warning: the key is spit in two parts, combine these in to one (as shown below)
+
+Create a dns record as vps._domainkey with folling content  
+Example:
+```
+v=DKIM1;h=sha256;k=rsa;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyn5ZLBpT2/eRe0pCbhlpo5XtmfQ0wUFkbEY19Su4+oMdyOfYUcKgH3TA/dB537jfXf68xlpa7dyTkjtHHFun5OWUmwbuxqdlACzxajpeHDJa8VASb4Nu7fcOC2fxn2TpFN75Bai0YsGrz7UFHwGY43jkRKlQFf24fDwqPUQ+6hGd/nnbBOmiOCTOFFMcy5MS01yvWvbOczg6Pw6CliBEW8qdp/ChRhxjwGEJeSZuDoXt5PWMv5vvGONfRsSqPzEQJwH8bBrtmgDRlN4yM2DpW5FlggSLFwsRr2qdWR+lGosQC2a2rrvZ7QTmt6X5FsM/ZEdGsGxrwqzQpK552BpgwIDAQAB;
+```
--- a/Linux/Docs/Setup-apt-cacher-ng.md
+++ b/Linux/Docs/Setup-apt-cacher-ng.md
@@ -0,0 +1,32 @@
+##OUTDATED##
+# apt-cacher-ng
+Default port 3142
+## Deb(ubuntu/debian) repos work out of the box server sided
+### client 
+`echo 'Acquire::http::Proxy "http://<ip>:<port>";' > /etc/apt/apt.conf.d/01proxy`
+
+## For Centos are modifications needed
+### Server
+`curl https://www.centos.org/download/full-mirrorlist.csv | sed 's/^.*"http:/http:/' | sed 's/".*$//' | grep ^http >/etc/apt-cacher-ng/centos_mirrors`
+
+SSL Passthrough
+#### /etc/apt-cacher-ng/acng.conf
+```
+VfilePatternEx: ^/\?release=[0-9]+&arch=
+VfilePatternEx: ^(/\?release=[0-9]+&arch=.*|.*/RPM-GPG-KEY-.*|/metalink\?repo=epel\$
+VfilePatternEx = (^|.*/)repodata/.*\.(yaml|yml)(\.gz|\.bz2|\.lzma|\.xz)?$
+Remap-centos: file:centos_mirrors /centos
+
+#PassThroughPattern: .* # this would allow CONNECT to everything
+
+```
+
+### Client (installer)
+use http://mirror.centos.org/centos/8/BaseOS/x86_64/os/ as repo and set proxy to <ip>:<port>
+
+### Client (DNF)
+make sure to set repos to use base url
+add folowing to /etc/dnf/dnf.conf
+```
+proxy=http://<ip>:<port>
+```
--- a/Linux/Docs/Setup-autoupdate-gitea.md
+++ b/Linux/Docs/Setup-autoupdate-gitea.md
@@ -0,0 +1,52 @@
+# gitea update tool
+Tool from `https://github.com/CMiksche/gitea-auto-update`
+or get local from `https://git.bprieshof.nl/Tools/gitea-auto-update`
+
+requires  python 3.7+   
+
+# Install tool
+## ubuntu 18.04
+```
+add-apt-repository ppa:deadsnakes/ppa
+apt install python3.7 python3-pip
+
+python3.8 -m pip install gitea-auto-update
+```
+##debian 10,ubuntu 20.04
+```
+apt install python3-pip -y
+pip3 install gitea-auto-update
+```
+
+# Configuring
+### all os's 
+Add the following to `/etc/gitea/auto-update.ini`
+```
+[Gitea]
+site=http://localhost:3000/api/v1/version
+apiUrl=https://api.github.com/repos/go-gitea/gitea/releases/latest
+system=linux-amd64
+file=/usr/local/bin/gitea
+tmpDir=/tmp/
+buildFromSource=
+sourceDir=
+logFile=/var/log/gitupdate.log
+```
+
+
+
+## Cron job
+### ubuntu 18.04
+Add the following to `/etc/crontab`
+```
+0 5     * * 7   root   /usr/bin/python3.8 /usr/local/bin/gitea-auto-update --settings=/etc/gitea/auto-update.ini
+```
+### debian 10,ubuntu 20.04
+Add the following to `/etc/crontab`
+```
+0 5     * * 7   root    /usr/local/bin/gitea-auto-update --settings=/etc/gitea/auto-update.ini
+```
+# Run manual update`
+```
+gitea-auto-update --settings=/etc/gitea/auto-update.ini
+```
--- a/Linux/Docs/Setup-debian10-LXC.md
+++ b/Linux/Docs/Setup-debian10-LXC.md
@@ -0,0 +1,74 @@
+# Setup LXC on debian 10
+
+Install packages and add unprivileged user
+```
+apt install lxc libvirt0 libpam-cgfs bridge-utils uidmap
+useradd lxcuser
+cat /etc/s*id|grep lxcuser
+```
+
+Put the following in /etc/default/lxc-net 
+```
+USE_LXC_BRIDGE="true"
+```
+
+Put the following in /etc/lxc/default.conf 
+```
+lxc.idmap = u 0 <Replace with output of cat> <Replace with output of cat>
+lxc.idmap = g 0 <Replace with output of cat> <Replace with output of cat>
+lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
+lxc.apparmor.profile = unconfined
+lxc.apparmor.allow_nesting = 1
+lxc.net.0.type = veth
+lxc.net.0.link = lxcbr0
+lxc.net.0.flags = up
+lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
+```
+
+Give root acces to unprivileged user space
+```
+echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subuid
+echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subgid 
+```
+
+Enable and start lxc network service 
+```
+systemctl enable --now lxc-net
+```
+enable unprivileged user namespaces for kernels < 5.10
+```
+echo kernel.unprivileged_userns_clone=1 >> /etc/sysctl.conf
+sysctl -p
+```
+
+
+# Extra config KB
+* Create Container `lxc-create -t download -n <CTName> -- -d debian -r buster -a amd64`
+* Container config `/var/lib/lxc/<CTName>/config`
+* add to Container config to start on boot `lxc.start.auto = 1`
+* add to Container config for static ip
+```
+lxc.net.0.ipv4.address = 10.0.3.<IP>/24
+lxc.net.0.ipv4.gateway = 10.0.3.1
+```
+
+
+# UFW forwarding
+
+also dont forget to add the extenal port as allow rule
+add to /etc/ufw/before.rules
+
+to begin of file before *filter
+```
+*nat
+:PREROUTING ACCEPT [0:0]
+-A PREROUTING -i enp0s3 -p tcp --dport <extenal port> -j DNAT --to <ctip>:<internalport>
+COMMIT
+```
+
+to end of file before last COMMIT
+```
+#LXC forwards
+-A FORWARD -o lxcbr0 -j ACCEPT
+-A FORWARD -i lxcbr0 -j ACCEPT
+```
--- a/Linux/Docs/Setup-smokeping.md
+++ b/Linux/Docs/Setup-smokeping.md
@@ -0,0 +1,221 @@
+# Setup Smokeping
+Intructions for setting up SmokePing on Alpine Linux  
+
+## Main(Master)
+Needed packages: smokeping lighttpd  
+
+make sure to empty the remote secret file (/etc/smokeping/smokeping_secrets),  
+you also need to correct the permissions `chown smokeping:smokeping /etc/smokeping/smokeping_secrets`
+
+Lighttpd (/etc/lighttpd/lighttpd.conf)
+```
+# {{{ modules
+server.modules = (
+#    "mod_accesslog",
+     "mod_cgi"
+)
+# }}}
+
+# {{{ includes
+include "mime-types.conf"
+# }}}
+
+# {{{ CGI
+cgi.assign = (
+".cgi" => "/usr/bin/perl"
+)
+# }}}
+
+# {{{ server settings
+server.username      = "smokeping"
+server.groupname     = "smokeping"
+server.document-root = "/usr/share/webapps/smokeping"
+server.pid-file      = "/run/lighttpd.pid"
+server.errorlog-use-syslog = "enable"
+server.indexfiles    = ("smokeping.cgi")
+server.follow-symlink = "enable"
+static-file.exclude-extensions = (".cgi")
+# }}}
+
+# {{{ mod_accesslog
+#accesslog.filename   = "/var/log/lighttpd-access.log"
+# }}}
+
+# vim: set ft=conf foldmethod=marker et :
+```
+
+Smokeping config (/etc/smokeping/config)
+```
+*** General ***
+
+owner    = MaintainerName
+contact  = some@address.nowhere
+mailhost = my.mail.host
+sendmail = /usr/sbin/sendmail
+imgcache = /var/lib/smokeping/.simg
+imgurl   = img
+datadir  = /var/lib/smokeping
+piddir   = /var/run/smokeping
+cgiurl   = http://some.url/smokeping.cgi
+tmail = /etc/smokeping/tmail
+smokemail = /etc/smokeping/smokemail
+syslogfacility = local0
+
+#Use to overwrite system hostname
+#display_name = HostName
+
+*** Database ***
+
+step     = 300
+pings    = 20
+
+# consfn mrhb steps total
+
+AVERAGE  0.5   1  1008
+AVERAGE  0.5  12  4320
+    MIN  0.5  12  4320
+    MAX  0.5  12  4320
+AVERAGE  0.5 144   720
+    MAX  0.5 144   720
+    MIN  0.5 144   720
+
+*** Presentation ***
+
+template = /etc/smokeping/basepage.html
+htmltitle = yes
+graphborders = no
+
+ charts
+
+menu = Charts
+title = The most interesting destinations
+
++ stddev
+sorter = StdDev(entries=>4)
+title = Top Standard Deviation
+menu = Std Deviation
+format = Standard Deviation %f
+
++ max
+sorter = Max(entries=>5)
+title = Top Max Roundtrip Time
+menu = by Max
+format = Max Roundtrip Time %f seconds
+
++ loss
+sorter = Loss(entries=>5)
+title = Top Packet Loss
+menu = Loss
+format = Packets Lost %f
+
++ median
+sorter = Median(entries=>5)
+title = Top Median Roundtrip Time
+menu = by Median
+format = Median RTT %f seconds
+
+ overview 
+
+width = 600
+height = 50
+range = 10h
+
+ detail
+
+width = 600
+height = 200
+unison_tolerance = 2
+
+"Last hour"   1h
+"Last day"    24h
+"Last week"   7d
+"Last month"  30d
+"Last year"   365d
+
+
+*** Probes ***
+
+FPing
+binary = /usr/sbin/fping
+step = 60
+
+*** Slaves  ***
+secrets=/etc/smokeping/smokeping_secrets
+
+
+*** Targets ***
+
+probe = FPing
+
+menu = Top
+title = Network Latency Grapher
+remark = Welcome to SmokePing.
+
+ Internet
+menu = Internet
+title = Hosts on the internet
+
++ cloudflare
+#slaves = 
+host = 1.1.1.1
+
++ google
+#slaves = 
+host = 8.8.8.8
+
+```
+
+Start and Enable services on boot `service smokeping start && service lighttpd start && rc-update add smokeping default && rc-update add lighttpd default`  
+
+## Remote(Slave)
+
+### On Main
+Add the name and a secret in in the secrets file`/etc/smokeping/smokeping_secrets` using the following format (one per line) `remotehostname:Secret`  
+Add the host to the slaves section using the following example:
+```
+remotehostname                           
+display_name=Remote-Hostname              
+color=00ffff          
+```
+Add the host to the `slaves` section of the targets (should be seperated with a space)  
+Last step on main is to restart smokeping `service smokeping restart` 
+
+### On Remote
+Needed packages: smokeping  
+
+Put a secret in `/etc/smokeping/secret.txt`   
+set its permissions `chown smokeping:smokeping /etc/smokeping/secret.txt && chmod 600 /etc/smokeping/secret.txt`  
+
+Service file(/etc/init.d/smokeping-remote)
+```
+#!/sbin/openrc-run
+HostName=host1
+MainURL="http://<MainHost>/smokeping.cgi"
+
+depend() {
+        need net
+}
+
+start() {
+        checkpath --directory --owner smokeping:smokeping /var/run/smokeping
+
+        ebegin "Starting smokeping remote"
+        LC_ALL=C \
+        start-stop-daemon --start --name smokeping \
+                --pidfile /var/run/smokeping/smokeping.pid \
+                --exec /usr/bin/smokeping \
+                --user smokeping:smokeping \
+                -- --master-url=$MainURL --cache-dir=/var/lib/smokeping --pid-dir=/var/run/smokeping --shared-secret=/etc/smokeping/secret.txt --slave-name=$HostName
+        eend $?
+}
+
+stop() {
+        ebegin "Stopping smokeping Remote"
+        start-stop-daemon --stop \
+                --pidfile /var/run/smokeping/smokeping.pid
+        eend $?
+}
+```
+Set permissions service file `chmod +x /etc/init.d/smokeping-remote`  
+Start and Enable service on boot `service smokeping-remote start && rc-update add smokeping-remote default`  
+Add to Root cron tab to auto reload after crash (/etc/crontabs/root) `echo '* * * * * openrc --no-stop' >> /etc/crontabs/root`  
--- a/Linux/Docs/rffmpeg/README.md
+++ b/Linux/Docs/rffmpeg/README.md
@@ -0,0 +1,2 @@
+This Guide uses NFS for saring the Transcode tmp folder  
+This tool expects the media folder(s) to be mounted/located at same location as Primary(Jellyfin) server
--- a/Linux/Docs/rffmpeg/Setup-Primary.md
+++ b/Linux/Docs/rffmpeg/Setup-Primary.md
@@ -0,0 +1,78 @@
+## Prerequisites:
+* A running jellyfin server on the Primary
+
+## Step 1: Configuring Jellyfin and preparing the server
+
+### Transcode temp folder
+#### Sharing the the local trancode folder
+Make the new trancode folder
+```
+mkdir /var/lib/jellyfin/transcoding-temp
+```
+NFS is the recomend way of sharing this folder, but SMB/CIFS shoud also work
+```
+apt -y install nfs-kernel-server
+echo '/var/lib/jellyfin/transcoding-temp <Network IP>/24(rw,sync,no_subtree_check)' >> /etc/exports 
+systemctl restart nfs-kernel-server
+```
+Set the following setting in jellyfin "Transcode path" in the Playback settings to "/var/lib/jellyfin/transcoding-temp"
+
+#### Useing a existing remote share trancode folder
+Make sure the folder is mounted at"/var/lib/jellyfin/transcoding-temp"  
+Set the following setting in jellyfin "Transcode path" in the Playback settings to "/var/lib/jellyfin/transcoding-temp"
+
+### Jellyfin user
+Generating sshkey pair without password
+```
+sudo -u jellyfin mkdir -p /var/lib/jellyfin/.ssh
+sudo -u jellyfin ssh-keygen -t rsa -f /var/lib/jellyfin/.ssh/id_rsa
+```
+Set the jellyfin user to login as bash in /etc/passwd
+
+## Step 2: Install slave/render servers
+
+### Getting  info
+Run `cat /etc/passwd | grep jellyfin:` to get user info, i will refer to it as `<JelUser>`  
+Run `cat /etc/group | grep jellyfin:`, to get group info, i will refer to it as `<JelGroup>`  
+Run `cat /var/lib/jellyfin/.ssh/id_rsa.pub` To get ssh-key for sending commands , i will refer to it as `<PrimaryPubKey>`  
+Get the ip of the Primary, i will refer to it as `<PrimaryIP>`  
+
+### Installing on the remote slave
+Use the info you collected en follow "Slave-install.md" 
+```
+sudo -u jellyfin ssh -i /var/lib/jellyfin/.ssh/id_rsa jellyfin@<SlaveIP>
+```
+When connected to the Primary exit the session with the slave server  
+Repeat these steps for all slave server
+
+### Adding local system as slave
+```
+echo 'ssh-rsa <PrimaryPubKey>' | sudo -u jellyfin tee /var/lib/jellyfin/.ssh/authorized_keys
+sudo -u jellyfin ssh -i /var/lib/jellyfin/.ssh/id_rsa jellyfin@localhost
+```
+
+## Step 3: Installing rffmpeg
+```
+mkdir /etc/rffmpeg /opt/rffmpeg
+wget https://raw.githubusercontent.com/joshuaboniface/rffmpeg/master/rffmpeg.yml.sample -O /etc/rffmpeg/rffmpeg.yml
+wget https://raw.githubusercontent.com/joshuaboniface/rffmpeg/master/rffmpeg -O /opt/rffmpeg/rffmpeg.py
+ln -s /usr/local/bin/rffmpeg.py /opt/rffmpeg/ffmpeg
+ln -s /usr/local/bin/rffmpeg.py /opt/rffmpeg/ffprobe
+```
+## Step 3: Configuring rffmpeg
+Add to the host section of /etc/rffmpeg/rffmpeg.yml
+Example of the section in the config file
+```
+remote:
+    # A YAML list of remote hosts to connect to
+    hosts:
+        - 192.168.1.2
+        - 192.168.1.3
+```
+if you also want the local system to render add localhost or 127.0.0.1
+
+
+## Step 4: Set jellyfin to use rffmpeg
+Set the following setting in jellyfin "FFmpeg path" in the Playback settings to "/opt/rffmpeg/ffmpeg"
+
+## Done
--- a/Linux/Docs/rffmpeg/Setup-Worker.md
+++ b/Linux/Docs/rffmpeg/Setup-Worker.md
@@ -0,0 +1,43 @@
+## Prerequisites:
+* You set up the Primary following Primary-Install.md and have the information reddy
+* A Clean install of ubuntu linux with ssh-server enabled
+* The media folder accessible on the same location as the jellyfin server
+
+## Step 1: Setting up the user
+```
+mkdir -p /var/lib/jellyfin/.ssh
+echo "<JelUser>" >> /etc/passwd
+echo "<JelGroup>" >> /etc/group
+echo "jellyfin:*:17928:0:99999:7:::" >> /etc/shadow
+```
+Reboot the system just to make sure changes are piked up
+
+```
+echo '<PrimaryPubKey>' >> /var/lib/jellyfin/.ssh/authorized_keys
+chmod 755 -R /var/lib/jellyfin/
+chown -R jellyfin:jellyfin /var/lib/jellyfin/
+```
+
+## Step 2: setting up the Transcode temp folder
+if you are not using NFS make sure the folder is mounted to "/var/lib/jellyfin/transcoding-temp" and skip the rest of step 2
+
+### Setting up NFS Client
+```
+apt install nfs-common -y
+mkdir -p /var/lib/jellyfin/transcoding-temp
+chmod 777 /var/lib/jellyfin/transcoding-temp
+echo '<PrimaryIP>:/var/lib/jellyfin/transcoding-temp /var/lib/jellyfin/transcoding-temp nfs defaults,vers=3,sync 0 0' >> /etc/fstab
+sudo mount -a
+```
+
+## Step 3: Install the jellyfin version of ffmpeg
+```
+apt install apt-transport-https -y
+add-apt-repository universe -y
+wget -O - https://repo.jellyfin.org/ubuntu/jellyfin_team.gpg.key | sudo apt-key add -
+echo "deb [arch=$( dpkg --print-architecture )] https://repo.jellyfin.org/ubuntu $( lsb_release -c -s ) main" >> /etc/apt/sources.list.d/jellyfin.list
+apt update
+apt install jellyfin-ffmpeg -y
+```
+## Done
+Continue reading "Primary-Install.md"