brammp/linux
Archived
1
0
Fork 0
Code Activity

Migradted to other Repo

Browse Source 
https://git.bprieshof.nl/brammp/SnipitRepo/src/branch/main/Linux
This commit is contained in:
Bram Prieshof
2023-11-17 00:09:40 +01:00
parent 53b2b5e849
commit 9f23172377
47 changed files with 3 additions and 2120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
Centos-MicroNas.sh
View File

@@ -1,58 +0,0 @@
#ProxmoxCT Note use privileged container with nesting enabled #
#EPEL Repo
rpm --rebuilddb
dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
#Webmin repo
cat << 'EOF' >> /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin
#baseurl=https://download.webmin.com/download/yum
mirrorlist=https://download.webmin.com/download/yum/mirrorlist
enabled=1
EOF
rpm --import https://download.webmin.com/jcameron-key.asc
#Install
dnf --setopt=install_weak_deps=False --best --refresh -y install samba samba-common cronie nfs-utils webmin openssh-server nano nload htop avahi wsdd
#Webin config
service webmin stop
systemctl start webmin
sed -i -e '/port=/c\port=80' -e 's/ssl=/c\ssl=0/g' -e 's/ipv6=/c\ipv6=0/g' /etc/webmin/miniserv.conf
echo "servers=Services & Tools" >> /etc/webmin/webmin.catnames
cat << 'EOF' >> /etc/webmin/webmin.cats
filter=cluster
exports=servers
filemin=servers
useradmin=servers
mailboxes=
EOF
#Samba config
sed -i -e '/map to guest =/c\map to guest = never' /etc/samba/smb.conf
#Avahi config
cat << 'EOF' >> /etc/avahi/services/smb.service
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=RackMac</txt-record>
</service>
</service-group>
EOF
#Restart services
service webmin stop
systemctl enable --now smb nfs-server webmin avahi-daemon wsdd
systemctl restart smb nfs-server webmin avahi-daemon wsdd

15
DBUG-output.sh
View File

@@ -1,15 +0,0 @@
# Set debug flag as desired
DEBUG=1
# DEBUG=0
if [ "$DEBUG" -eq "1" ]; then
OUT='/dev/tty'
else
OUT='/dev/null'
fi
# actual script use commands like this
command > $OUT 2>&1
# or like this if you need
command 2> $OUT

55
Debian-MicroNas.sh
View File

@@ -1,55 +0,0 @@
#ProxmoxCT Note use privileged container with nesting enabled #
#Prerequisite packages
export DEBIAN_FRONTEND=noninteractive
apt install --no-install-recommends wget gnupg2 apt-transport-https -y
#Webin repo
wget -qO - https://download.webmin.com/jcameron-key.asc | sudo apt-key add -
echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list
#Wsdd(Web Service Discovery host daemon) repo
wget -O - https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key|apt-key add -
echo "deb https://pkg.ltec.ch/public/ `lsb_release -cs` main" > /etc/apt/sources.list.d/wsdd.list
#Install
apt update
debconf-set-selections <<<"samba-common samba-common/do_debconf boolean true"
apt install --no-install-recommends samba samba-vfs-modules cron nfs-kernel-server webmin openssh-server nano nload htop avahi-daemon avahi-utils wsdd -y
#Webmin config
sed -i -e '/port=/c\port=80' -e 's/ssl=/c\ssl=0/g' -e 's/ipv6=/c\ipv6=0/g' /etc/webmin/miniserv.conf
echo "servers=Services & Tools" >> /etc/webmin/webmin.catnames
cat << 'EOF' >> /etc/webmin/webmin.cats
filter=cluster
exports=servers
filemin=servers
useradmin=servers
mailboxes=
EOF
#Samba config
sed -i -e '/map to guest =/c\map to guest = never' /etc/samba/smb.conf
#Avahi config
cat << 'EOF' >> /etc/avahi/services/smb.service
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=RackMac</txt-record>
</service>
</service-group>
EOF
#Restart services
systemctl enable --now smbd nfs-kernel-server webmin avahi-daemon wsdd
systemctl restart smbd nfs-kernel-server webmin avahi-daemon wsdd

35
ISO-Repack.md
View File

@@ -1,35 +0,0 @@
# Repack linux ISO
Commands expect to be in a root shell
## Install needed tools
mkisofs xorriso isohybrid
## Editing ISO image
Create workspace
`mkdir /tmp/custom_iso`
Mount image and extract it since it is read only
```
mount -t iso9660 -o loop ~/original.iso /mnt/`
tar cf - /mnt/. | (cd /tmp/custom_iso; tar xfp -)
```
You can now modify the files for editing the bootloader config for example!
## Back into an iso
### Legacy only
Rebuild iso with mkisofs
`mkisofs -o output.iso -b syslinux/isolinux.bin -c syslinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -J -R -V "Custom ISO" /tmp/custom_iso`
Bless it with isohybrid
`isohybrid output.iso`
### EFI and Legacy
Rebuild iso with mkisofs
`mkisofs -o output.iso -b syslinux/isolinux.bin -J -R -l -c syslinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot -graft-points -V "Custom ISO" /tmp/custom_iso`
Bless it with isohybrid
`isohybrid --uefi output.iso`
### Sources
https://gist.github.com/AkdM/2cd3766236582ed0263920d42c359e0f
https://tuxfixer.com/mount-modify-edit-repack-create-uefi-iso-including-kickstart-file/

4
InfoAtLoginPromt.sh
View File

@@ -1,4 +0,0 @@
#IP address on host promts (add to /etc/issue)
<ifName>: \4{<ifName>}
#IP address on motd (add to .bashrc)
echo "IP: $(ip -o -4 addr list "<IFNAME>" | awk '{print $4}' | cut -d/ -f1)"

37
Migrate-SecureBootKey.md
View File

@@ -1,37 +0,0 @@
# Migrate Secureboot key
## Export Ubuntu
Copy following files
* Private Key: /var/lib/shim-signed/mok/MOK.priv
* Public Key: /var/lib/shim-signed/mok/MOK.der
## Export Fedora
Copy following files
* Symlink to Private Key: /etc/pki/akmods/private/private_key.priv
* Symlink to Public Key: /etc/pki/akmods/certs/private_key.priv
## Import Ubuntu
Using source.priv and source.der files in current directory to import
```
cp source.priv /var/lib/shim-signed/mok/MOK.priv
cp source.der /var/lib/shim-signed/mok/MOK.der
```
## Import Fedora
Using source.priv and source.der files in current directory to import
```
dnf install akmods kmodtool
KEYNAME="$(hostname)"-"$(od -vAn -N4 -tu4 < /dev/urandom | awk '{print $1}')"
cp source.der /etc/pki/akmods/certs/${KEYNAME}.der
cp source.priv /etc/pki/akmods/private/${KEYNAME}.priv
chgrp akmods /etc/pki/akmods/certs/${KEYNAME}.*
chgrp akmods /etc/pki/akmods/private/${KEYNAME}.*
chmod g+r /etc/pki/akmods/certs/${KEYNAME}.*
chmod g+r /etc/pki/akmods/private/${KEYNAME}.*
ln -nsf /etc/pki/akmods/certs/${KEYNAME}.der /etc/pki/akmods/certs/public_key.der
ln -nsf /etc/pki/akmods/private/${KEYNAME}.priv /etc/pki/akmods/private/private_key.priv
```

13
Multicore Gzip.md
View File

@@ -1,13 +0,0 @@
## Install
```
apt install pigz
```
## Compress
```
tar cf - [inputdir] | pigz -[compression level (0 = none, 1 = minimal, 9 = maximum)] -p[cores] > [output.tar.gz]
```
## Extract
```
unpigz < [input.tar.gz] | (cd [extract location] && tar xvf -)
```

5
Mysql-alternate-Repo-Setup-DebUbu.sh
View File

@@ -1,5 +0,0 @@
Dist=$(grep -oP '(?<=^ID=).+' /etc/os-release | tr -d '"')
DistVersion=$(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"')
wget -qO - http://repo.mysql.com/RPM-GPG-KEY-mysql | apt-key add -
echo "deb http://repo.mysql.com/apt/"$Dist"/ "$DistVersion" mysql-8.0" >/etc/apt/sources.list.d/mysql.list

60
Nginx-Core_CMS-Config
View File

@@ -1,60 +0,0 @@
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r CMS_Config.txt' -e '/#ConfHere/c\' Base_Nginx_Config.txt
######################################
Base_Nginx_Config.txt Content example
######################################
#generated by certbot from here
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.DOMAINname;
return 301 http://DOMAINname$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
#ConfHere
}
#generated by certbot to here
server {
listen 80;
listen [::]:80;
server_name www.DOMAINname;
return 301 http://DOMAINname$request_uri;
}
server {
listen 80;
listen [::]:80;
#ConfHere
}
###############################
CMS_Config.txt Content example
###############################
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
#try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}

18
NginxArgToRev.md
View File

@@ -1,18 +0,0 @@
#### Input: dom.ain/UrLocation/?set=123
#### Nginx Conf
###### Required when directing to domain
```
resolver 1.1.1.1 [::1]:5353 valid=30s;
```
```
location /UrLocation {
proxy_pass https://other.domain/json.htm?type=command&&switchcmd=Set%20Level&level=$arg_set;
}
```
#### result: https://other.domain/json.htm?type=command&&switchcmd=Set%20Level&level=123

4
Options-AsVar_whiptail.sh
View File

@@ -1,4 +0,0 @@
args=("Option 1:" "Option 1 Desription" OFF)
args+=("Option 2: " "Option 2 Desription" OFF)
args+=("Option 3: " "Option 3 Desription" OFF)
option=$(whiptail --nocancel --title "Title" --checklist "Features" 11 110 5 "${args[@]}" 3>&1 1>&2 2>&3)

16
Proxmox-ARM_CT.md
View File

@@ -1,16 +0,0 @@
Install `qemu-user-static` on the proxmox host
Add an `armhf` or `arm64(aarch64)` image to the proxmox image store
Use this image to create a container
## Image links
Always download `rootfs.tar.xz`
(Distro releases current as of 20-10-2021)
### armhf
* Alpine https://uk.images.linuxcontainers.org/images/alpine/3.14/armhf/default/
* Debian https://uk.images.linuxcontainers.org/images/debian/bullseye/armhf/default/
* Ubuntu https://uk.images.linuxcontainers.org/images/ubuntu/focal/armhf/default/
### arm64
* Alpine https://uk.images.linuxcontainers.org/images/alpine/3.14/arm64/default/
* Debian https://uk.images.linuxcontainers.org/images/debian/bullseye/arm64/default/
* Ubuntu https://uk.images.linuxcontainers.org/images/ubuntu/focal/arm64/default/

34
Proxmox-SMTPMail.sh
View File

@@ -1,34 +0,0 @@
#Proxmox Use SMTP to send mail
#Vars
MailFromName=$(hostname)
MailFormAddress=noreply@domain.com
MailFromServer=mail.provider.com
MailFromServerPort=465
MailFromPasswd=<MailBoxPassword>
MailTo=administrator@domain.com
#install dependencies
apt install libsasl2-modules -y
#Generating Configs
echo "[$MailFromServer]:$MailFromServerPort $MailFormAddress:$MailFromPasswd" > /etc/postfix/sasl_passwd
echo "/.+/ $MailFromName<$MailFormAddress>" > /etc/postfix/sender_canonical_maps
echo "/From:.*/ REPLACE From: $MailFromName<$MailFormAddress>" > /etc/postfix/header_check
sed -i '/relayhost/c\' /etc/postfix/main.cf
cat << EOF >> /etc/postfix/main.cf
#Custom PostfixSMTP config
relayhost = [$MailFromServer]:$MailFromServerPort
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps = regexp:/etc/postfix/sender_canonical_maps
smtp_header_checks = regexp:/etc/postfix/header_check
EOF
postmap /etc/postfix/sasl_passwd
systemctl restart postfix

4
README.md
View File

@@ -1,2 +1,4 @@
# linux # Linux Snipits
Migrated to [brammp/SnipitRepo](https://git.bprieshof.nl/brammp/SnipitRepo)/Linux

42
SSH.md
View File

@@ -1,42 +0,0 @@
## SSH SOCSK (ProxyTunnel)
#### Command
`ssh -C -D <proxyport> <USERNAME>@<SYSTEM>`
* -C : enables compression
* -D : specifies Socks proxyport
### Firefox
1. go to Edit -> Preferences -> Advanced -> Network -> Connection -> Settings...
2. check "Manual proxy configuration"
3. make sure "Use this proxy server for all protocols" is cleared
4. clear "HTTP Proxy", "SSL Proxy", "FTP Proxy", and "Gopher Proxy" fields
5. enter "127.0.0.1" for "SOCKS Host"
6. enter "1080" (or whatever port you chose) for Port.
## SSH Remote forward (makes local port apear on remote machine)
#### Port to be internaly binded on remote machine
`ssh -R <remoteport>:<address in local network or localhost>:<localport> <USERNAME>@<SYSTEM>`
#### Port to be binded to remote machine
`ssh -g -R *:<remoteport>:<address in local network or localhost>:<localport> <USERNAME>@<SYSTEM>`
* -R : Remote forward
* -N : Do not execute a remote command
* -g : forward to remote network
### SSHD config (on remote where ports are forwarded to)
* GatewayPorts no : only allows the remote system to connect
* GatewayPorts yes: allows the remote network to connect to the forwarded port
* GatewayPorts clientspecified : allows the remote network to connect to the forwarded port when -g switch is used
## SSH Local forward (makes remote port apear on local machine)
#### Remote port to be binded on local machine
`ssh -L <bindPort>:<address in remote network or localhost>:<remote port> <USERNAME>@<SYSTEM>`
* -L : Local forward

6
VarModifiers.sh
View File

@@ -1,6 +0,0 @@
option="${option// /}" #Removes Spaces
option="${option/:/ }" #First : to Space
option="${option//:/ }" #All : to Space
option="${option//:}" #Removes :
option="${option,,}" #Removes LowerCase
option="${option//'"'}" #Removes "

3
apt-Whiptail.sh
View File

@@ -1,3 +0,0 @@
PKGM="debconf-apt-progress -- apt" #enable progresbar
PKGI="${PKGM} install -y" #Setting single install var
PKGA="debconf-apt-progress -- add-apt-repository"

31
apt-cacher-ng.md
View File

@@ -1,31 +0,0 @@
# apt-cacher-ng
Default port 3142
## Deb(ubuntu/debian) repos work out of the box server sided
### client
`echo 'Acquire::http::Proxy "http://<ip>:<port>";' > /etc/apt/apt.conf.d/01proxy`
## For Centos are modifications needed
### Server
`curl https://www.centos.org/download/full-mirrorlist.csv | sed 's/^.*"http:/http:/' | sed 's/".*$//' | grep ^http >/etc/apt-cacher-ng/centos_mirrors`
SSL Passthrough
#### /etc/apt-cacher-ng/acng.conf
```
VfilePatternEx: ^/\?release=[0-9]+&arch=
VfilePatternEx: ^(/\?release=[0-9]+&arch=.*|.*/RPM-GPG-KEY-.*|/metalink\?repo=epel\$
VfilePatternEx = (^|.*/)repodata/.*\.(yaml|yml)(\.gz|\.bz2|\.lzma|\.xz)?$
Remap-centos: file:centos_mirrors /centos
#PassThroughPattern: .* # this would allow CONNECT to everything
```
### Client (installer)
use http://mirror.centos.org/centos/8/BaseOS/x86_64/os/ as repo and set proxy to <ip>:<port>
### Client (DNF)
make sure to set repos to use base url
add folowing to /etc/dnf/dnf.conf
```
proxy=http://<ip>:<port>
```

10
apt-webmin.sh
View File

@@ -1,10 +0,0 @@
apt update
apt-get install apt-transport-https gnupg2 -y
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
rm jcameron-key.asc
echo "deb https://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list
apt-get update
apt-get install webmin -y

52
autoupdate-gitea.md
View File

@@ -1,52 +0,0 @@
# gitea update tool
Tool from `https://github.com/CMiksche/gitea-auto-update`
or get local from `https://git.bprieshof.nl/Tools/gitea-auto-update`
requires python 3.7+
# Install tool
## ubuntu 18.04
```
add-apt-repository ppa:deadsnakes/ppa
apt install python3.7 python3-pip
python3.8 -m pip install gitea-auto-update
```
##debian 10,ubuntu 20.04
```
apt install python3-pip -y
pip3 install gitea-auto-update
```
# Configuring
### all os's
Add the following to `/etc/gitea/auto-update.ini`
```
[Gitea]
site=http://localhost:3000/api/v1/version
apiUrl=https://api.github.com/repos/go-gitea/gitea/releases/latest
system=linux-amd64
file=/usr/local/bin/gitea
tmpDir=/tmp/
buildFromSource=
sourceDir=
logFile=/var/log/gitupdate.log
```
## Cron job
### ubuntu 18.04
Add the following to `/etc/crontab`
```
0 5 * * 7 root /usr/bin/python3.8 /usr/local/bin/gitea-auto-update --settings=/etc/gitea/auto-update.ini
```
### debian 10,ubuntu 20.04
Add the following to `/etc/crontab`
```
0 5 * * 7 root /usr/local/bin/gitea-auto-update --settings=/etc/gitea/auto-update.ini
```
# Run manual update`
```
gitea-auto-update --settings=/etc/gitea/auto-update.ini
```

17
bash-script-Flag.sh
View File

@@ -1,17 +0,0 @@
if [ "$1" != "-l" ]; then
echo "Normal mode"
IMODE=n
fi
if [ "$1" = "-l" ]; then
echo "Legacy mode";
IMODE=l
fi
if [ $IMODE = n ]; then
echo "New Menu"
elif [ $IMODE = l ]; then
echo "Legacy Menu"
fi

73
curl-Functions-authchecker.md
View File

@@ -1,73 +0,0 @@
# Authchecker functions for curl
## curl keeps asking for password until correct, and downloads file
```
function getcurlsec {
local curlurl="$1"
local curluser="$2"
local curloutput="$3"
while true; do
curl --fail --user "$curluser" "$curlurl" -o "$curloutput"
local EC=$?
if [ $EC -eq 0 ]; then
break
fi
done
}
```
Syntax: `getcurlsec <url to download> <username> <output file>`
## curl downloads file using given credentials
```
function getcurlsecwpassword {
local curlurl="$1"
local curluser="$2"
local curlpassword="$3"
local curloutput="$4"
curl --fail --user "$curluser":"$curlpassword" "$curlurl" -o "$curloutput"
local EC=$?
if [ $EC -eq 0 ]; then
echo "Password correct"
else
echo "Password incorrect"
fi
}
```
Syntax: `getcurlsecwpassword <url to download> <username> <password> <output file>`
## curl keeps asking for password until correct, and stores username and password as var
```
function checkusercurl {
local curlurl="$1"
curluser="$2"
while true; do
read -s -p "Enter password for user $curluser: " curlpassword
echo "";
curl -s --fail --user "$curluser":"$curlpassword" "$curlurl" -o /dev/null
local EC=$?
if [ $EC -eq 0 ]; then
echo "Password correct"
break
fi
echo "Incorrect password"
unset curlpassword
done
}
```
Syntax: `checkusercurl <url to authenticate against> <username>`
username wil become var: curluser
password wil become var: $curlpassword

74
debian10-LXC.md
View File

@@ -1,74 +0,0 @@
# Setup LXC on debian 10
Install packages and add unprivileged user
```
apt install lxc libvirt0 libpam-cgfs bridge-utils uidmap
useradd lxcuser
cat /etc/s*id|grep lxcuser
```
Put the following in /etc/default/lxc-net
```
USE_LXC_BRIDGE="true"
```
Put the following in /etc/lxc/default.conf
```
lxc.idmap = u 0 <Replace with output of cat> <Replace with output of cat>
lxc.idmap = g 0 <Replace with output of cat> <Replace with output of cat>
lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_nesting = 1
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
```
Give root acces to unprivileged user space
```
echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subuid
echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subgid
```
Enable and start lxc network service
```
systemctl enable --now lxc-net
```
enable unprivileged user namespaces for kernels < 5.10
```
echo kernel.unprivileged_userns_clone=1 >> /etc/sysctl.conf
sysctl -p
```
# Extra config KB
* Create Container `lxc-create -t download -n <CTName> -- -d debian -r buster -a amd64`
* Container config `/var/lib/lxc/<CTName>/config`
* add to Container config to start on boot `lxc.start.auto = 1`
* add to Container config for static ip
```
lxc.net.0.ipv4.address = 10.0.3.<IP>/24
lxc.net.0.ipv4.gateway = 10.0.3.1
```
# UFW forwarding
also dont forget to add the extenal port as allow rule
add to /etc/ufw/before.rules
to begin of file before *filter
```
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -i enp0s3 -p tcp --dport <extenal port> -j DNAT --to <ctip>:<internalport>
COMMIT
```
to end of file before last COMMIT
```
#LXC forwards
-A FORWARD -o lxcbr0 -j ACCEPT
-A FORWARD -i lxcbr0 -j ACCEPT
```

78
docs/rffmpeg/Master-Install.md
View File

@@ -1,78 +0,0 @@
## Prerequisites:
* A running jellyfin server on the master
## Step 1: Configuring Jellyfin and preparing the server
### Transcode temp folder
#### Sharing the the local trancode folder
Make the new trancode folder
```
mkdir /var/lib/jellyfin/transcoding-temp
```
NFS is the recomend way of sharing this folder, but SMB/CIFS shoud also work
```
apt -y install nfs-kernel-server
echo '/var/lib/jellyfin/transcoding-temp <Network IP>/24(rw,sync,no_subtree_check)' >> /etc/exports
systemctl restart nfs-kernel-server
```
Set the following setting in jellyfin "Transcode path" in the Playback settings to "/var/lib/jellyfin/transcoding-temp"
#### Useing a existing remote share trancode folder
Make sure the folder is mounted at"/var/lib/jellyfin/transcoding-temp"
Set the following setting in jellyfin "Transcode path" in the Playback settings to "/var/lib/jellyfin/transcoding-temp"
### Jellyfin user
Generating sshkey pair without password
```
sudo -u jellyfin mkdir -p /var/lib/jellyfin/.ssh
sudo -u jellyfin ssh-keygen -t rsa -f /var/lib/jellyfin/.ssh/id_rsa
```
Set the jellyfin user to login as bash in /etc/passwd
## Step 2: Install slave/render servers
### Getting info
Run `cat /etc/passwd | grep jellyfin:` to get user info, i will refer to it as `<JelUser>`
Run `cat /etc/group | grep jellyfin:`, to get group info, i will refer to it as `<JelGroup>`
Run `cat /var/lib/jellyfin/.ssh/id_rsa.pub` To get ssh-key for sending commands , i will refer to it as `<MasterPubKey>`
Get the ip of the master, i will refer to it as `<MasterIP>`
### Installing on the remote slave
Use the info you collected en follow "Slave-install.md"
```
sudo -u jellyfin ssh -i /var/lib/jellyfin/.ssh/id_rsa jellyfin@<SlaveIP>
```
When connected to the master exit the session with the slave server
Repeat these steps for all slave server
### Adding local system as slave
```
echo 'ssh-rsa <MasterPubKey>' | sudo -u jellyfin tee /var/lib/jellyfin/.ssh/authorized_keys
sudo -u jellyfin ssh -i /var/lib/jellyfin/.ssh/id_rsa jellyfin@localhost
```
## Step 3: Installing rffmpeg
```
mkdir /etc/rffmpeg /opt/rffmpeg
wget https://raw.githubusercontent.com/joshuaboniface/rffmpeg/master/rffmpeg.yml.sample -O /etc/rffmpeg/rffmpeg.yml
wget https://raw.githubusercontent.com/joshuaboniface/rffmpeg/master/rffmpeg.py -O /opt/rffmpeg/rffmpeg.py
ln -s /usr/local/bin/rffmpeg.py /opt/rffmpeg/ffmpeg
ln -s /usr/local/bin/rffmpeg.py /opt/rffmpeg/ffprobe
```
## Step 3: Configuring rffmpeg
Add to the host section of /etc/rffmpeg/rffmpeg.yml
Example of the section in the config file
```
remote:
# A YAML list of remote hosts to connect to
hosts:
- 192.168.1.2
- 192.168.1.3
```
if you also want the local system to render add localhost or 127.0.0.1
## Step 4: Set jellyfin to use rffmpeg
Set the following setting in jellyfin "FFmpeg path" in the Playback settings to "/opt/rffmpeg/ffmpeg"
## Done

2
docs/rffmpeg/README.md
View File

@@ -1,2 +0,0 @@
This Guide uses NFS for saring the Transcode tmp folder
This tool expects the media folder(s) to be mounted/located at same location as master(Jellyfin) server

43
docs/rffmpeg/Slave-Install.md
View File

@@ -1,43 +0,0 @@
## Prerequisites:
* You set up the master following Master-Install.md and have the information reddy
* A Clean install of ubuntu linux with ssh-server enabled
* The media folder accessible on the same location as the jellyfin server
## Step 1: Setting up the user
```
mkdir -p /var/lib/jellyfin/.ssh
echo "<JelUser>" >> /etc/passwd
echo "<JelGroup>" >> /etc/group
echo "jellyfin:*:17928:0:99999:7:::" >> /etc/shadow
```
Reboot the system just to make sure changes are piked up
```
echo '<MasterPubKey>' >> /var/lib/jellyfin/.ssh/authorized_keys
chmod 755 -R /var/lib/jellyfin/
chown -R jellyfin:jellyfin /var/lib/jellyfin/
```
## Step 2: setting up the Transcode temp folder
if you are not using NFS make sure the folder is mounted to "/var/lib/jellyfin/transcoding-temp" and skip the rest of step 2
### Setting up NFS Client
```
apt install nfs-common -y
mkdir -p /var/lib/jellyfin/transcoding-temp
chmod 777 /var/lib/jellyfin/transcoding-temp
echo '<MasterIP>:/var/lib/jellyfin/transcoding-temp /var/lib/jellyfin/transcoding-temp nfs defaults,vers=3,sync 0 0' >> /etc/fstab
sudo mount -a
```
## Step 3: Install the jellyfin version of ffmpeg
```
apt install apt-transport-https -y
add-apt-repository universe -y
wget -O - https://repo.jellyfin.org/ubuntu/jellyfin_team.gpg.key | sudo apt-key add -
echo "deb [arch=$( dpkg --print-architecture )] https://repo.jellyfin.org/ubuntu $( lsb_release -c -s ) main" >> /etc/apt/sources.list.d/jellyfin.list
apt update
apt install jellyfin-ffmpeg -y
```
## Done
Continue reading "Master-Install.md"

18
git-UpdateCheck.sh
View File

@@ -1,18 +0,0 @@
#Git update checker
## Will folow localy checked-out branch
## Make sure localy altered files (config,upload folder, etc) are setup in .gitignore
git remote update
UPSTREAM=${1:-'@{u}'}
LOCAL=$(git rev-parse @)
REMOTE=$(git rev-parse "$UPSTREAM")
BASE=$(git merge-base @ "$UPSTREAM")
if [ $LOCAL = $REMOTE ]; then
echo "Up-to-date"
elif [ $LOCAL = $BASE ]; then
echo "Update available, Pulling form git"
git pull
else
echo "Diverged"
fi

61
scripts/Deb11Upgrade_Basic.sh
View File

@@ -1,61 +0,0 @@
#!/bin/bash
#####################################################################
# @description: #
# Debian 10 to Debian 11 upgrade tool for basic debian 10 system #
# #
# @author: Bram Prieshof #
#####################################################################
#ScriptVars
UpgradeDist=deb11
InstalledOptions=("${SelectedOptions[@]}" "${EnabledAons[@]}")
Sysup2Date=no
#OS Detection
dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release")
dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
if [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
CurDist=deb10
else
echo "This OS in not eligible for this upgrade"
exit
fi
#PackageManager-config
PKGM=apt
PKGUC="$PKGM update"
PKGUP="$PKGM upgrade -y"
PKGI="${PKGM} install -y --no-install-recommends"
#Update current release
if [ $Sysup2Date = no ]; then
echo "The system will now update the packages for the current release"
read -r -s -p $'Press enter to continue, or ctrl+c to quit'
$PKGUC
DEBIAN_FRONTEND=noninteractive $PKGUP -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
$PKGM dist-upgrade -y
$PKGM clean all
$PKGM autoremove -y
sed -i -e '/Sysup2Date=no/c\Sysup2Date=yes' "$0"
echo "The current release is up to date,"
echo "please reboot the system and re-run this scipt to continue"
exit
fi
echo "The system will now update the repositories to the new release and update all packages"
read -r -s -p $'Press enter to continue, or ctrl+c to quit'
#Update Debian repo's
sed -i -e 's/buster/bullseye/g' -e 's#http://security.debian.org/debian-security#https://deb.debian.org/debian-security#g' -e 's#http://security.debian.org#https://deb.debian.org/debian-security#g' -e 's#bullseye/updates#bullseye-security#g' /etc/apt/sources.list
#Update Hetzner mirrror repo's
sed -i -e 's/buster/bullseye/g' /etc/apt/sources.list.d/hetzner* -e 's#bullseye/updates#bullseye-security#g' /etc/apt/sources.list.d/hetzner*
#Running updates
$PKGM update
DEBIAN_FRONTEND=noninteractive $PKGUP --without-new-pkgs -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
DEBIAN_FRONTEND=noninteractive $PKGM full-upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
$PKGM autoremove -y
echo "Upgrade finished, please reboot the system"

39
scripts/Ufw-AddCustomRule-SSH_4242.sh
View File

@@ -1,39 +0,0 @@
###############################################################
# @description: #
# Add Custom rule to UFW for limiting ssh(4242/tcp) #
# #
# @author: Bram Prieshof #
###############################################################
#Sed in a function to detect line from $FindLine and insert the content of $AddLine on a new line above the match
UpdateFile () {
file="$1"
sed -i 's/'"$FindLine"'/'"$AddLine"'\n&/g' $file
unset FindLine AddLine
}
#Delete Existng SSH(4242/tcp) rule(s)
ufw delete limit 4242/tcp
#Add needed filters (IPv4)
FindLine="# End required lines"
AddLine=":ufw-user-limit - [0:0]\n:ufw-user-limit-accept - [0:0]"
UpdateFile /etc/ufw/after.rules
#Add needed filters (IPv6)
FindLine="# End required lines"
AddLine=":ufw6-user-limit - [0:0]\n:ufw6-user-limit-accept - [0:0]"
UpdateFile /etc/ufw/after6.rules
#Add custom SSH(4242/tcp) limit rule (IPv4)
FindLine="# don't delete the 'COMMIT' line or these rules won't be processed"
AddLine="### SSH limit tcp\n-A ufw-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --set\n-A ufw-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 15 -j ufw-user-limit\n-A ufw-after-input -p tcp --dport 4242 -j ufw-user-limit-accept\n"
UpdateFile /etc/ufw/after.rules
#Add custom SSH(4242/tcp) limit rule (IPv6)
FindLine="# don't delete the 'COMMIT' line or these rules won't be processed"
AddLine="### SSH limit tcp\n-A ufw6-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --set\n-A ufw6-after-input -p tcp --dport 4242 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 15 -j ufw6-user-limit\n-A ufw6-after-input -p tcp --dport 4242 -j ufw6-user-limit-accept\n"
UpdateFile /etc/ufw/after6.rules
#Reload ufw rules
ufw reload

33
scripts/detect-os-V1.sh
View File

@@ -1,33 +0,0 @@
#!/bin/bash
source /etc/os-release
#echo used Vars for testing only
echo $VERSION
#formaring $VERSION to a useable fromat
VERSION=$(echo $VERSION | grep -o '[0-9]\+.' | tr -d '\n')
#echo used Vars for testing only
echo $ID
echo $VERSION
#example if statement
if [ "$ID" = "debian" ]; then
echo "Execute Commands"
elif [ "$ID" = "ubuntu" ]; then
echo "Executue Ubuntu version detection"
if [[ "$VERSION" == "18.04"* ]]; then
echo "this ubuntu Ubuntu 18.04"
elif [[ "$VERSION" == "16.04"* ]]; then
echo "this ubuntu 16.04"
else
echo "this version of ubuntu is not yet supported"
fi
elif [ "$ID" = "centos" ]; then
echo "Executue Centos Commands"
elif [ "$ID" = "rhel" ]; then
echo "Executue Red hat enterpise Linux Commands"
else
echo "this OS is not yet supported"
fi

21
scripts/detect-os-V2.sh
View File

@@ -1,21 +0,0 @@
dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release")
dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")
if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then
echo "Ubuntu 18.04 Detected"
shortdist=ubu1804
elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then
echo "Ubuntu 20.04 Detected"
shortdist=ubu2004
elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then
echo "Debian 10 Detected"
shortdist=deb10
elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then
echo "Centos 8 Detected"
shortdist=cent10
else
echo "This OS in not supported"
fi
unset dist_ver
unset dist

215
scripts/installgit.sh
View File

@@ -1,215 +0,0 @@
##----------##
# Menu #
##----------##
echo "Ubuntu 18.04 gitea install script."
echo "Domein without www:"
read domain
while true; do
read -p "Does www.${domain} exist in DNS -> yes/no?" yn
case $yn in
[Yy]* ) domainwww=1
break;;
[Nn]* ) domainwww=0
break;;
* ) echo "choose yes or no.";;
esac
done
echo "System password:"
read password
echo "Administrator email:"
read email
##----------------##
# Pre-Config #
##----------------##
apt install -y software-properties-common
add-apt-repository -y ppa:certbot/certbot
apt update
apt upgrade -y
apt install -y mysql-server nginx git
timedatectl set-timezone Europe/Amsterdam
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf
sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw
sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab
systemctl restart cron
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | ufw enable
##------------------##
# MySQL Config #
##------------------##
# mysql_secure_installation automated
mysqladmin -u root password "$password"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''"
mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;"
rm /etc/mysql/my.cnf
cat > /etc/mysql/my.cnf <<- "EOF"
# - "/etc/mysql/my.cnf" to set global options,
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM)
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0
innodb_flush_method = O_DIRECT
bind-address = 127.0.0.1
key_buffer_size = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
myisam-recover-options = BACKUP
#max_connections = 100
#table_open_cache = 64
#thread_concurrency = 10
query_cache_limit = 1M
query_cache_size = 16M
log_error = /var/log/mysql/error.log
expire_logs_days = 10
max_binlog_size = 100M
EOF
db_pass=$(date +%s|sha256sum|base64|head -c 32)
mysql -u root -p"$password" -e "CREATE DATABASE "giteadb" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
mysql -u root -p"$password" -e "GRANT ALL ON "giteadb".* TO '"gitea"'@'localhost' IDENTIFIED BY '"$db_pass"';"
mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
echo $db_pass > ~/db-pass.txt
##------------------##
# Nginx Config #
##------------------##
cat <<EOF > /etc/nginx/sites-available/"$domain"
server {
server_name git.ictmaatwerk.com;
client_max_body_size 40M;
listen 80 ;
location / {
proxy_pass http://localhost:3000;
}
location /.well-known {
alias /var/www/git.ictmaatwerk.com/.well-known;
}
}
EOF
ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/
mkdir -p /var/www/"$domain"/html
chmod -R 755 /var/www
systemctl restart nginx
##-------------##
# Certbot #
##-------------##
apt install -y python-certbot-nginx
if [ $domainwww = 1 ]; then
certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
elif [ $domainwww = 0 ]; then
certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
fi
debconf-set-selections <<< "postfix postfix/mailname string $domain"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
apt install -y mailutils
sed -i 's/#inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
sed -i 's/mydestination/#mydestination/g' /etc/postfix/main.cf
sed -i 's/relayhost =/mydestination = '$domain', localhost.'$domain', '$domain'/g' /etc/postfix/main.cf
cat <<EOF > /etc/aliases
# See man 5 aliases for format
postmaster: root
root: $email
EOF
newaliases
##-----------##
# gitea #
##-----------##
wget https://dl.gitea.io/gitea/1.7.0/gitea-1.7.0-linux-amd64 -O gitea
chmod +x gitea
adduser \
--system \
--shell /bin/bash \
--gecos 'Git Version Control' \
--group \
--disabled-password \
--home /home/git \
git
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea
mv gitea /usr/local/bin/gitea
cat <<EOF > /etc/systemd/system/gitea.service
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
After=mysqld.service
#After=postgresql.service
#After=memcached.service
#After=redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=git
Group=git
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
echo certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos > activatessl.sh
echo "Please put config here: /etc/gitea/app.ini"
echo "then run: systemctl enable gitea && systemctl start gitea"
echo "if service starts then reboot the system to finsh the installation"

10
scripts/kweb.sh
View File

@@ -1,10 +0,0 @@
service php-fpm53 stop
service php-fpm54 stop
service php-fpm55 stop
service php-fpm56 stop
service php-fpm70 stop
service php-fpm71 stop
service php-fpm72 stop
service php-fpm73 stop
service httpd stop
service nginx stop

23
scripts/proxmox/update-lxc-Image.sh
View File

@@ -1,23 +0,0 @@
curl https://uk.images.linuxcontainers.org/ | awk -F "</*td>|</*tr>" '/<\/*t[rd]>.*/ {print $3, $5, $7, $9, $11}' > /tmp/updatetimestapmps
#Debian 10 (Buster)
dbts=$(cat /tmp/updatetimestapmps | grep debian |grep buster |grep cloud| grep amd64 | awk '{ print $5 }')
wget https://uk.images.linuxcontainers.org/images/debian/buster/amd64/cloud/"$dbts"/rootfs.tar.xz -O /var/lib/vz/template/cache/DailyDebianBuster.tar.xz
#Ubuntu (Bionic Beaver)
ubts=$(cat /tmp/updatetimestapmps | grep ubuntu |grep bionic |grep cloud| grep amd64 | awk '{ print $5 }')
wget https://uk.images.linuxcontainers.org/images/ubuntu/bionic/amd64/cloud/"$ubts"/rootfs.tar.xz -O /var/lib/vz/template/cache/DailyUbuntuBionicBeaver.tar.xz
#Ubuntu 20.04 (FocalFossa)
ufts=$(cat /tmp/updatetimestapmps | grep ubuntu |grep focal |grep cloud| grep amd64 | awk '{ print $5 }')
wget https://uk.images.linuxcontainers.org/images/ubuntu/focal/amd64/cloud/"$ufts"/rootfs.tar.xz -O /var/lib/vz/template/cache/DailyUbuntuFocalFossa.tar.xz
#Centos 8
c8ts=$(cat /tmp/updatetimestapmps | grep "centos 8" | grep -v '8-Stream' |grep cloud| grep amd64 | awk '{ print $5 }')
wget https://uk.images.linuxcontainers.org/images/centos/8/amd64/cloud/"$c8ts"/rootfs.tar.xz -O /var/lib/vz/template/cache/DailyCentos8.tar.xz
#Alpine 3.12
alpine312=$(cat /tmp/updatetimestapmps | grep "alpine" | grep '3.12' |grep default| grep amd64 | awk '{ print $5 }')
wget https://uk.images.linuxcontainers.org/images/alpine/3.12/amd64/default/"$alpine312"/rootfs.tar.xz -O /var/lib/vz/template/cache/DailyAlpine3.12.tar.xz
rm /tmp/updatetimestapmps

10
scripts/rweb.sh
View File

@@ -1,10 +0,0 @@
service php-fpm53 restart
service php-fpm54 restart
service php-fpm55 restart
service php-fpm56 restart
service php-fpm70 restart
service php-fpm71 restart
service php-fpm72 restart
service php-fpm73 restart
service httpd restart
service nginx restart

10
scripts/servstat.sh
View File

@@ -1,10 +0,0 @@
service php-fpm53 status
service php-fpm54 status
service php-fpm55 status
service php-fpm56 status
service php-fpm70 status
service php-fpm71 status
service php-fpm72 status
service php-fpm73 status
service httpd status
service nginx status

10
scripts/sweb.sh
View File

@@ -1,10 +0,0 @@
service php-fpm53 start
service php-fpm54 start
service php-fpm55 start
service php-fpm56 start
service php-fpm70 start
service php-fpm71 start
service php-fpm72 start
service php-fpm73 start
service httpd start
service nginx start

168
scripts/tc/Setup-TC-Generic-Kiosk.sh
View File

@@ -1,168 +0,0 @@
#!/bin/bash
#########Tested on#########
## Debian 9(i386) ##
# Hp t5740e #
## Debian 9(amd64) ##
# Dell Optiplex Fx160 #
###########################
echo "Debian 9 Thin client install script."
echo "Full url including http(s)://:"
read url
apt update
# get software
apt install xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes -y
# dir
mkdir -p /home/kiosk/.config/openbox
mkdir -p /home/kiosk/Bureaublad
# create group
groupadd kiosk
# create user if not exists
id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash
# rights
chown -R kiosk:kiosk /home/kiosk
# create config
echo oldurl=${url} > /var/log/browserurl.log
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-4x3.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-4x3.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-16x9.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-16x9.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/joy-ictm.tar.gz -O /tmp/joy-ictm.tar.gz
tar -zxf /tmp/joy-ictm.tar.gz -C /usr/share/plymouth/themes/
sed -i 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|g' /etc/default/grub
sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT="quiet"|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|g' /etc/default/grub
update-grub
plymouth-set-default-theme -R joy-ictm
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/50unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades
if [ -e "/etc/lightdm/lightdm.conf" ]; then
mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup
fi
cat > /etc/lightdm/lightdm.conf << EOF
[SeatDefaults]
autologin-user=kiosk
EOF
# create autostart
if [ -e "/home/kiosk/.config/openbox/autostart" ]; then
mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbox/autostart.backup
fi
cat > /home/kiosk/.config/openbox/autostart << EOF
#!/bin/bash
sleep 1; spacefm --desktop &
chromium \
--no-first-run \
--disable \
--disable-translate \
--disable-infobars \
--disable-suggestions-service \
--disable-save-password-bubble \
--disable-session-crashed-bubble \
--incognito \
"${url}"
EOF
#creating app files
cat > /home/kiosk/Bureaublad/chromium.desktop << EOF
[Desktop Entry]
Version=1.0
Name=Chromium
GenericName=Web Browser
GenericName[nl]=Webbrowser
Comment=Access the Internet
Comment[nl]=Verbinding maken met internet
Exec=/usr/bin/chromium --no-first-run --disable --disable-translate --disable-infobars --disable-suggestions-service --disable-save-password-bubble --disable-session-crashed-bubble --incognito ${url}
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=chromium.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=chromium
StartupNotify=true
EOF
cat > /home/kiosk/Bureaublad/nedit.desktop << EOF
[Desktop Entry]
Version=1.0
Name=NEdit
Name[en]=NEdit
Name[nl]=NEdit
Exec=nedit-nc %F
Icon=nedit
Terminal=false
Type=Application
MimeType=text/plain;
Categories=Motif;Utility;TextTools;
Keywords=Customizable;Scripts;Powerful;
GenericName=Text Editor
GenericName[en]=Text Editor
GenericName[nl]=Tekstverwerker
EOF
cat > /home/kiosk/Bureaublad/shutdown.desktop << EOF
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Exec=shutdown-menu
Name=Shutdown
Icon=/usr/share/icons/Adwaita/64x64/actions/system-shutdown-symbolic.symbolic.png
EOF
cp -r /home/kiosk/Bureaublad/ /home/kiosk/Desktop
# rights for apps folder
chown -R kiosk:kiosk /home/kiosk/Bureaublad
chown -R kiosk:kiosk /home/kiosk/Desktop
# setting user power privileges
cat > /etc/sudoers.d/powerctl << EOF
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias REBOOT = /sbin/reboot
# User privilege specification
kiosk ALL=SHUTDOWN
kiosk ALL=NOPASSWD: SHUTDOWN
kiosk ALL=REBOOT
kiosk ALL=NOPASSWD: REBOOT
EOF
cat > /usr/bin/shutdown-menu << EOF
gmessage "Weet u zeker dat u de computer wilt afsluiten?" -center -title "Shutdown" -font "Sans bold 10" -default "Cancel" -buttons "_Annuleren":1,"_Opnieuw opstarten":3,"_Afsluiten":4 >/dev/null
case \$? in
1)
echo "Exit";;
3)
pkill spacefm
sudo shutdown -r now;;
4)
pkill spacefm
sudo shutdown -h now;;
esac
EOF
chmod 775 /usr/bin/shutdown-menu
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/update-url.sh -O /root/update-url.sh
echo "Done!"

176
scripts/tc/Setup-TC-t510-Kiosk.sh
View File

@@ -1,176 +0,0 @@
#!/bin/bash
#######Made for:#######
## Debian 9 ##
# Hp t510 #
#######################
echo "Debian 9 Thin client install script."
echo "Full url including http(s)://:"
read url
apt-get update
# get software
apt-get install xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes xserver-xorg-video-openchrome -y
# dir
mkdir -p /home/kiosk/.config/openbox
mkdir -p /home/kiosk/Bureaublad
# create group
groupadd kiosk
# create user if not exists
id -u kiosk &>/dev/null || useradd -m kiosk -g kiosk -s /bin/bash
# rights
chown -R kiosk:kiosk /home/kiosk
# create config
echo oldurl=${url} > /var/log/browserurl.log
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-4x3.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-4x3.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/grub-16x9.png -O /usr/share/desktop-base/softwaves-theme/grub/grub-16x9.png
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/gui/joy-ictm.tar.gz -O /tmp/joy-ictm.tar.gz
tar -zxf /tmp/joy-ictm.tar.gz -C /usr/share/plymouth/themes/
sed -i 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|g' /etc/default/grub
sed -i 's|GRUB_CMDLINE_LINUX_DEFAULT="quiet"|GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"|g' /etc/default/grub
update-grub
plymouth-set-default-theme -R joy-ictm
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/20auto-upgrades -O /etc/apt/apt.conf.d/20auto-upgrades
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/config/50unattended-upgrades -O /etc/apt/apt.conf.d/50unattended-upgrades
if [ -e "/etc/lightdm/lightdm.conf" ]; then
mv /etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf.backup
fi
cat > /etc/lightdm/lightdm.conf << EOF
[SeatDefaults]
autologin-user=kiosk
EOF
# create autostart
if [ -e "/home/kiosk/.config/openbox/autostart" ]; then
mv /home/kiosk/.config/openbox/autostart /home/kiosk/.config/openbox/autostart.backup
fi
cat > /home/kiosk/.config/openbox/autostart << EOF
#!/bin/bash
sleep 1; spacefm --desktop &
chromium \
--no-first-run \
--disable \
--disable-translate \
--disable-infobars \
--disable-suggestions-service \
--disable-save-password-bubble \
--disable-session-crashed-bubble \
--incognito \
"${url}"
EOF
#creating app files
cat > /home/kiosk/Bureaublad/chromium.desktop << EOF
[Desktop Entry]
Version=1.0
Name=Chromium
GenericName=Web Browser
GenericName[nl]=Webbrowser
Comment=Access the Internet
Comment[nl]=Verbinding maken met internet
Exec=/usr/bin/chromium --no-first-run --disable --disable-translate --disable-infobars --disable-suggestions-service --disable-save-password-bubble --disable-session-crashed-bubble --incognito ${url}
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=chromium.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=chromium
StartupNotify=true
EOF
cat > /home/kiosk/Bureaublad/nedit.desktop << EOF
[Desktop Entry]
Version=1.0
Name=NEdit
Name[en]=NEdit
Name[nl]=NEdit
Exec=nedit-nc %F
Icon=nedit
Terminal=false
Type=Application
MimeType=text/plain;
Categories=Motif;Utility;TextTools;
Keywords=Customizable;Scripts;Powerful;
GenericName=Text Editor
GenericName[en]=Text Editor
GenericName[nl]=Tekstverwerker
EOF
cat > /home/kiosk/Bureaublad/shutdown.desktop << EOF
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Exec=shutdown-menu
Name=Shutdown
Icon=/usr/share/icons/Adwaita/64x64/actions/system-shutdown-symbolic.symbolic.png
EOF
cp -r /home/kiosk/Bureaublad/ /home/kiosk/Desktop
# rights for apps folder
chown -R kiosk:kiosk /home/kiosk/Bureaublad
chown -R kiosk:kiosk /home/kiosk/Desktop
# setting user power privileges
cat > /etc/sudoers.d/powerctl << EOF
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias REBOOT = /sbin/reboot
# User privilege specification
kiosk ALL=SHUTDOWN
kiosk ALL=NOPASSWD: SHUTDOWN
kiosk ALL=REBOOT
kiosk ALL=NOPASSWD: REBOOT
EOF
cat > /usr/bin/shutdown-menu << EOF
gmessage "Weet u zeker dat u de computer wilt afsluiten?" -center -title "Shutdown" -font "Sans bold 10" -default "Cancel" -buttons "_Annuleren":1,"_Opnieuw opstarten":3,"_Afsluiten":4 >/dev/null
case \$? in
1)
echo "Exit";;
3)
pkill spacefm
sudo shutdown -r now;;
4)
pkill spacefm
sudo shutdown -h now;;
esac
EOF
chmod 775 /usr/bin/shutdown-menu
wget https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/update-url.sh -O /root/update-url.sh
cat > /etc/modprobe.d/blacklist-framebuffer.conf << EOF
blacklist tridentfb
blacklist vesafb
blacklist vfb
blacklist viafb
blacklist vt8623fb
blacklist udlfb
EOF
echo "Done!"

4
scripts/tc/config/20auto-upgrades
View File

@@ -1,4 +0,0 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

25
scripts/tc/config/50unattended-upgrades
View File

@@ -1,25 +0,0 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Unattended-Upgrade::Mail "root";
// Automatically upgrade packages from these
Unattended-Upgrade::Origins-Pattern {
"o=Debian,a=stable";
"o=Debian,a=stable-updates";
"o=Debian,a=proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
// You can specify your own packages to NOT automatically upgrade here
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
Unattended-Upgrade::MailOnlyOnError "false";
Unattended-Upgrade::Automatic-Reboot "false";

BIN
scripts/tc/config/gui/grub-16x9.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 892 KiB

BIN
scripts/tc/config/gui/grub-4x3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 179 KiB

BIN
scripts/tc/config/gui/joy-ictm.tar.gz
View File

Binary file not shown.

277
scripts/tc/debian-generic-preseed.txt
View File

@@ -1,277 +0,0 @@
#### Contents of the preconfiguration file (for stretch)
### Localization
# Preseeding only locale sets language, country and locale.
#d-i debian-installer/locale string en_US
# The values can also be preseeded individually for greater flexibility.
d-i debian-installer/language string nl
d-i debian-installer/country string NL
d-i debian-installer/locale string nl_NL.UTF-8
# Optionally specify additional locales to be generated.
#d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
# d-i keyboard-configuration/toggle select No toggling
### Network configuration
# Disable network configuration entirely. This is useful for cdrom
# installations on non-networked devices where the network questions,
# warning and long timeouts are a nuisance.
#d-i netcfg/enable boolean false
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto
# To pick a particular interface instead:
#d-i netcfg/choose_interface select eth1
# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
#d-i netcfg/link_wait_timeout string 10
# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string Thin-Client
d-i netcfg/get_domain string
# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost
# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true
### Network console
# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
#d-i anna/choose_modules string network-console
#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.nl.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
# Suite to install.
#d-i mirror/suite string testing
# Suite to use for loading installer components (optional).
#d-i mirror/udeb/suite string testing
### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo).
#d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean false
# Root password, either in clear text
#d-i passwd/root-password password r00tme
#d-i passwd/root-password-again password r00tme
# or encrypted using a crypt(3) hash.
#d-i passwd/root-password-crypted password [crypt(3) hash]
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Amsterdam
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
#d-i clock-setup/ntp-server string ntp.example.com
### Partitioning
## Partitioning example
# If the system has free space you can choose to only partition that space.
# This is only honoured if partman-auto/method (below) is not set.
#d-i partman-auto/init_automatically_partition select biggest_free
# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm: use LVM to partition the disk
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string regular
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
#d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# This makes partman automatically partition without confirmation.
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
## Controlling how partitions are mounted
# The default is to mount by UUID, but you can also choose "traditional" to
# use traditional device names, or "label" to try filesystem labels before
# falling back to UUIDs.
#d-i partman/mount_style select uuid
### Base system installation
# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
#d-i base-installer/install-recommends boolean false
# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
#d-i base-installer/kernel/image string linux-image-686
### Apt setup
# You can choose to install non-free and contrib software.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386
### Package selection
tasksel tasksel/first multiselect standard
# Individual additional packages to install
d-i pkgsel/include string openssh-server xorg chromium openbox lightdm nedit locales spacefm sudo gmessage unattended-upgrades plymouth plymouth-themes
# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
#popularity-contest popularity-contest/participate boolean false
### Boot loader installation
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true
# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
###d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
###d-i grub-installer/with_other_os boolean true
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
#d-i grub-installer/bootdev string /dev/sda
# To install to the first device (assuming it is not a USB stick):
#d-i grub-installer/bootdev string default
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb
### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
#d-i finish-install/keep-consoles boolean true
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
#d-i cdrom-detect/eject boolean false
# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true
### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
# debconf-get-selections --installer > file
# debconf-get-selections >> file
#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
d-i preseed/late_command string \
in-target wget -O /root/Setup-TC-Generic-Kiosk.sh https://git.ictmaatwerk.com/bprieshof/Linux-scripts/raw/branch/master/tc/Setup-TC-Generic-Kiosk.sh # ; \
#in-target bash /root/Setup-TC-Generic-Kiosk.sh

13
scripts/tc/update-url.sh
View File

@@ -1,13 +0,0 @@
echo "Thin client url updater."
echo "enter the full url including http(s)://"
read url
source /var/log/browserurl.log
sed -i "s|$oldurl|$url|g" /home/kiosk/Bureaublad/chromium.desktop
sed -i "s|$oldurl|$url|g" /home/kiosk/Desktop/chromium.desktop
sed -i "s|$oldurl|$url|g" /home/kiosk/.config/openbox/autostart
echo oldurl=${url} > /var/log/browserurl.log
echo "Done!"

221
smokeping-setup.md
View File

@@ -1,221 +0,0 @@
# Setup Smokeping
Intructions for setting up SmokePing on Alpine Linux
## Main(Master)
Needed packages: smokeping lighttpd
make sure to empty the remote secret file (/etc/smokeping/smokeping_secrets),
you also need to correct the permissions `chown smokeping:smokeping /etc/smokeping/smokeping_secrets`
Lighttpd (/etc/lighttpd/lighttpd.conf)
```
# {{{ modules
server.modules = (
# "mod_accesslog",
"mod_cgi"
)
# }}}
# {{{ includes
include "mime-types.conf"
# }}}
# {{{ CGI
cgi.assign = (
".cgi" => "/usr/bin/perl"
)
# }}}
# {{{ server settings
server.username = "smokeping"
server.groupname = "smokeping"
server.document-root = "/usr/share/webapps/smokeping"
server.pid-file = "/run/lighttpd.pid"
server.errorlog-use-syslog = "enable"
server.indexfiles = ("smokeping.cgi")
server.follow-symlink = "enable"
static-file.exclude-extensions = (".cgi")
# }}}
# {{{ mod_accesslog
#accesslog.filename = "/var/log/lighttpd-access.log"
# }}}
# vim: set ft=conf foldmethod=marker et :
```
Smokeping config (/etc/smokeping/config)
```
*** General ***
owner = MaintainerName
contact = some@address.nowhere
mailhost = my.mail.host
sendmail = /usr/sbin/sendmail
imgcache = /var/lib/smokeping/.simg
imgurl = img
datadir = /var/lib/smokeping
piddir = /var/run/smokeping
cgiurl = http://some.url/smokeping.cgi
tmail = /etc/smokeping/tmail
smokemail = /etc/smokeping/smokemail
syslogfacility = local0
#Use to overwrite system hostname
#display_name = HostName
*** Database ***
step = 300
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 1008
AVERAGE 0.5 12 4320
MIN 0.5 12 4320
MAX 0.5 12 4320
AVERAGE 0.5 144 720
MAX 0.5 144 720
MIN 0.5 144 720
*** Presentation ***
template = /etc/smokeping/basepage.html
htmltitle = yes
graphborders = no
+ charts
menu = Charts
title = The most interesting destinations
++ stddev
sorter = StdDev(entries=>4)
title = Top Standard Deviation
menu = Std Deviation
format = Standard Deviation %f
++ max
sorter = Max(entries=>5)
title = Top Max Roundtrip Time
menu = by Max
format = Max Roundtrip Time %f seconds
++ loss
sorter = Loss(entries=>5)
title = Top Packet Loss
menu = Loss
format = Packets Lost %f
++ median
sorter = Median(entries=>5)
title = Top Median Roundtrip Time
menu = by Median
format = Median RTT %f seconds
+ overview
width = 600
height = 50
range = 10h
+ detail
width = 600
height = 200
unison_tolerance = 2
"Last hour" 1h
"Last day" 24h
"Last week" 7d
"Last month" 30d
"Last year" 365d
*** Probes ***
+FPing
binary = /usr/sbin/fping
step = 60
*** Slaves ***
secrets=/etc/smokeping/smokeping_secrets
*** Targets ***
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to SmokePing.
+ Internet
menu = Internet
title = Hosts on the internet
++ cloudflare
#slaves =
host = 1.1.1.1
++ google
#slaves =
host = 8.8.8.8
```
Start and Enable services on boot `service smokeping start && service lighttpd start && rc-update add smokeping default && rc-update add lighttpd default`
## Remote(Slave)
### On Main
Add the name and a secret in in the secrets file`/etc/smokeping/smokeping_secrets` using the following format (one per line) `remotehostname:Secret`
Add the host to the slaves section using the following example:
```
+remotehostname
display_name=Remote-Hostname
color=00ffff
```
Add the host to the `slaves` section of the targets (should be seperated with a space)
Last step on main is to restart smokeping `service smokeping restart`
### On Remote
Needed packages: smokeping
Put a secret in `/etc/smokeping/secret.txt`
set its permissions `chown smokeping:smokeping /etc/smokeping/secret.txt && chmod 600 /etc/smokeping/secret.txt`
Service file(/etc/init.d/smokeping-remote)
```
#!/sbin/openrc-run
HostName=host1
MainURL="http://<MainHost>/smokeping.cgi"
depend() {
need net
}
start() {
checkpath --directory --owner smokeping:smokeping /var/run/smokeping
ebegin "Starting smokeping remote"
LC_ALL=C \
start-stop-daemon --start --name smokeping \
--pidfile /var/run/smokeping/smokeping.pid \
--exec /usr/bin/smokeping \
--user smokeping:smokeping \
-- --master-url=$MainURL --cache-dir=/var/lib/smokeping --pid-dir=/var/run/smokeping --shared-secret=/etc/smokeping/secret.txt --slave-name=$HostName
eend $?
}
stop() {
ebegin "Stopping smokeping Remote"
start-stop-daemon --stop \
--pidfile /var/run/smokeping/smokeping.pid
eend $?
}
```
Set permissions service file `chmod +x /etc/init.d/smokeping-remote`
Start and Enable service on boot `service smokeping-remote start && rc-update add smokeping-remote default`
Add to Root cron tab to auto reload after crash (/etc/crontabs/root) `echo '* * * * * openrc --no-stop' >> /etc/crontabs/root`