Linux Setup: Difference between revisions
Jump to navigation
Jump to search
| Line 319: | Line 319: | ||
This was done on a 20.04 Ubuntu server<BR> | This was done on a 20.04 Ubuntu server<BR> | ||
We need java. On the page it says it supports OpenJDK JDK / JRE 8 - 64 bits and OpenJDK JDK / JRE 11 - 64 bits so we need to make sure it uses the right one by creating a .profile.(Note bashrc does not run for this user) | We need java. On the page it says it supports OpenJDK JDK / JRE 8 - 64 bits and OpenJDK JDK / JRE 11 - 64 bits so we need to make sure it uses the right one by creating a .profile.(Note bashrc does not run for this user) | ||
<syntaxhighlight lang=" | <br> | ||
Install java | |||
<syntaxhighlight lang="sh"> | |||
apt install openjdk-11-jdk-headless | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Change the default to 11 | |||
<syntaxhighlight lang="sh"> | <syntaxhighlight lang="sh"> | ||
sudo update-alternatives --config java | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Install Jenkins | |||
<syntaxhighlight lang="sh"> | <syntaxhighlight lang="sh"> | ||
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add - | wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add - | ||
| Line 335: | Line 335: | ||
sudo apt-get update | sudo apt-get update | ||
sudo apt-get install jenkins | sudo apt-get install jenkins | ||
</syntaxhighlight> | |||
Create a startup script | |||
<syntaxhighlight lang="bash"> | |||
cat /var/lib/jenkins/.profile | |||
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64 | |||
echo $JAVA_HOME | |||
export PATH=$JAVA_HOME/bin:$PATH | |||
</syntaxhighlight> | |||
Change the startup script etc init.d/jenkins | |||
<syntaxhighlight lang="bash"> | |||
PATH= | |||
.... | |||
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64 | |||
echo $JAVA_HOME | |||
export PATH=$JAVA_HOME/bin:$PATH | |||
</syntaxhighlight> | |||
Change the java back | |||
<syntaxhighlight lang="sh"> | |||
sudo update-alternatives --config java | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 22:55, 19 October 2020
Network Stuff
ip link list eno1
ip link set eno1 down
ip link set eno1 up
netplan apply
Set up Monitors
Change .config/monitor.xml, test and copy to
sudo cp ~/.config/monitors.xml /var/lib/gdm3/.config/
sudo chown gdm:gdm /var/lib/gdm3/.config/monitors.xml
My monitor 2020-09-07
<monitors version="2">
<configuration>
<logicalmonitor>
<x>0</x>
<y>0</y>
<scale>1</scale>
<transform>
<rotation>left</rotation>
<flipped>no</flipped>
</transform>
<monitor>
<monitorspec>
<connector>DVI-D-0</connector>
<vendor>DEL</vendor>
<product>DELL U2412M</product>
<serial>9W5YH33E2ECS</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1200</height>
<rate>59.950172424316406</rate>
</mode>
</monitor>
</logicalmonitor>
<logicalmonitor>
<x>1200</x>
<y>0</y>
<scale>1</scale>
<primary>yes</primary>
<monitor>
<monitorspec>
<connector>HDMI-0</connector>
<vendor>AOC</vendor>
<product>V27t</product>
<serial>0x01010101</serial>
</monitorspec>
<mode>
<width>1920</width>
<height>1080</height>
<rate>60</rate>
</mode>
</monitor>
</logicalmonitor>
</configuration>
</monitors>
Set up Apache HSTS
In Apache 2 000-default.conf
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
In Apache 2 default-ssl.conf
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
On time setups on 19.04 upwards
To add scaling
gsettings set org.gnome.mutter experimental-features "['x11-randr-fractional-scaling']"
Auto hide taskbar
Go to settings->dock->auto-hide the dock
Hide top bar
sudo apt install gnome-shell-extension-autohidetopbar
- log out
- log in
- run gnome-tweak
- extension->Hide to bar
On time setups on 20.04 upwards
Mediwiki
- Create database
CREATE DATABASE my_wiki CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
- Restore database
mysql -u root -p XXXX < db_backup_XXXX_23_10_2019_04_21_44
- Copy Wiki files
cp <backup>/mediawiki /var/lib/mediawiki
Postfix
- Create database
CREATE DATABASE mail CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON *.* TO 'newuser'@'localhost'; mysql -u root -p XXXX < db_backup_my_XXXX_23_10_2019_04_21_44
- Setup mail user and directory
cd /var ln -s /mnt/<RAID ARRAY>/vmail .
groupadd -g 5000 vmail useradd -m -d /var/vmail -s /bin/false -u 5000 -g vmail vmail
- Setup SSL
systemctl stop apache2 apt-get install python3-certbot-apache
certbot -n --agree-tos --standalone certonly -d www.bibble.co.nz certbot -n --agree-tos --standalone certonly -d mail.bibble.co.nz certbot -n --agree-tos --standalone certonly -d imap.bibble.co.nz
- Install postfix
apt-get install postfix apt-get install postfix-mysql apt-get install postfix-policyd-spf-python apt-get install postgrey apt-get install sasl2-bin libsasl2.2 libsasl2-modules
- Install opendkim
apt-get install opendkim
cp -r /tmp/fred/Backup20200606/etc/opendkim /etc
Change /etc/opendkim.conf Socket local:/var/spool/postfix/opendkim/opendkim.sock
Change /etc/default/opendkim Socket local:/var/spool/postfix/opendkim/opendkim.sock
Change /etc/postfix/main.cf smtpd_milters = local:opendkim/opendkim.sock
- Install spamassasin
apt-get install spamassassin
Dovecot
apt install dovecot-imapd dovecot-pop3d apt install dovecot-sieve dovecot-solr dovecot-antispam apt-get install dovecot-mysql apt-get install dovecot-lmtpd
Setting netplan to render through network manager
network:
version: 2
renderer: NetworkManager
ethernets:
enp4s0:
addresses: [10.1.1.70/24]
gateway4: 10.1.1.99
nameservers:
search: [bibble.local]
addresses: [10.10.1.2]
dhcp4: noSetting up repo for current packages on ubuntu
Get list of package installd
$ apt list --installed > install.list
Then translate it into apt understandable format:
$ sed -r 's/ \[.*?\]//g' install.list | sed -r 's/(^.*?)\/.*?[ ](.*?)[ ](.*?)$/\1:\3=\2/g' > install.list.to.dl
Then download the current packages versions:
$ xargs apt download < install.list.to.dl
You would need to create a Packages.gz file in order to add this folder as a source for apt. E.g.
$ cd ~/deb_server/debs/ $ dpkg-scanpackages -m . /dev/null | gzip -9c > Packages.gz
EDIT: path for dpkg-scanpackages must be relative, otherwise this will break the download process later (-m allows you to have multiple versions, if you want the most recent version, remove the -m) Now you have to bring up a file server for example apache2 and configure it to index files.
/etc/apache2/sites-enabled/000-debserver.conf
Containing:
DocumentRoot /var/www
<Directory /var/www/>
Options +Indexes +FollowSymLinks
Require all granted
</Directory>
And finally you need to symlink the deb folder to /var/www. (Or configure the server to the current deb download location) e.g.
$ ln -s ~/deb_server/debs/ /var/www/repo
The last bit is to add the server machine as the only source for apt updates on each target machine.
$ deb [trusted=yes] http://deb_server_ip/repo /
If you want to update the packages, you need to re-run apt download of the list, but without the version.
$ sed -r 's/ \[.*?\]//g' install.list | sed -r 's/(^.*?)\/.*?[ ](.*?)[ ](.*?)$/\1:\3/g' > install.list.for.update $ apt update && xargs apt download < install.list.for.update
Setting up Iot Edge on 19.04
Not yet released so here is how to do it
Install docker
wget https://packages.microsoft.com/ubuntu/18.04/multiarch/prod/pool/main/i/iotedge/iotedge_1.0.8-2_amd64.deb wget https://packages.microsoft.com/ubuntu/18.04/multiarch/prod/pool/main/libi/libiothsm-std/libiothsm-std_1.0.8-1_amd64.deb wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb
Fixing ubuntu 19.04 mouse
Install kernel 5.2.x
Cerificates
Initial
apt-get install software-properties-common python-software-properties
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-apache
certbot -n --agree-tos --standalone certonly -d <site1.domain.com>
certbot -n --agree-tos --standalone certonly -d <site2.domain.com>
Renew
certbot -n --agree-tos --standalone certonly -d <site1.domain.com>
systemctl restart dovecot
systemctl restart apache2
Building r8168
This is not necessary as you can use the command
apt-get install r8168-dkms
Updating DNS
This script runs in crontab once every 15 minutes
#!/bin/bash lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=bibble.co.nz' lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=denise.bibble.co.nz' lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=www.bibble.co.nz' lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=sync.bibble.co.nz'
Backup MySQL
I use the following script to back up the databases
#!/bin/sh
myBackupFolder="/home/iwiseman/backups"
myBackupLogFileName="$myBackupFolder/"backup_log_"$(date +'%Y_%m')".txt
DoBackup()
{
myDatabaseName=$1
myCurrentDateTime="$(date +'%d_%m_%Y_%H_%M_%S')"
myBackupFileName="db_backup_${myDatabaseName}_${myCurrentDateTime}".gz
myFullyQualifieldBackupFileName="$myBackupFolder/$myBackupFileName"
echo "mysqldump of $myDatabaseName started at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
mysqldump --user=root --password=xxxx --default-character-set=utf8 --single-transaction $myDatabaseName | gzip > "$myFullyQualifieldBackupFileName"
echo "mysqldump of $myDatabaseName finished at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
chown iwiseman "$myFullyQualifieldBackupFileName"
chown iwiseman "$myBackupLogFileName"
echo "file permission changed" >> "$myBackupLogFileName"
find "$myBackupFolder" -name db_backup_* -mtime +8 -exec rm {} \;
echo "old files deleted" >> "$myBackupLogFileName"
echo "operation finished at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
echo "*****************" >> "$myBackupLogFileName"
}
DoBackup mail
DoBackup wordpress424
exit 0
Fix Playstation
The works when enp1s0 is the interface of the second NIC and enp2s0 is the main NIC.
To fix the playstation create the following script
#!/bin/bash echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i enp1s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT
Put this into /etc/rc.local e.g
#!/bin/bash /usr/local/bin/fix_playstation.sh
Setting up L2TP VPN
You will need the following
Connection Name: xxxxxx Username: xxxxxxx Password: xxxxxxx ServerAddress: xxxxxxx VPN Type: L2TP/IPsec with pre-shared key Pre-shared key: xxxxxx Under IPSec Settings (Linux) 3des-sha1-modp1024 for phase 1 (Linux) 3des-sha1 for phase 2 (Linux) Authentication Methods: Pap, MSChapV2, Chap (Windows only) EncryptionLevel: Optional (Windows only)
sudo apt-get install network-manager-l2tp
sudo apt-get install network-manager-l2tp-gnome
sudo service xl2tpd stop
sudo update-rc.d xl2tpd disable
Install Jenkins
This was done on a 20.04 Ubuntu server
We need java. On the page it says it supports OpenJDK JDK / JRE 8 - 64 bits and OpenJDK JDK / JRE 11 - 64 bits so we need to make sure it uses the right one by creating a .profile.(Note bashrc does not run for this user)
Install java
apt install openjdk-11-jdk-headless
Change the default to 11
sudo update-alternatives --config java
Install Jenkins
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb https://pkg.jenkins.io/debian-stable binary/ > \
/etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get install jenkins
Create a startup script
cat /var/lib/jenkins/.profile
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
echo $JAVA_HOME
export PATH=$JAVA_HOME/bin:$PATH
Change the startup script etc init.d/jenkins
PATH=
....
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
echo $JAVA_HOME
export PATH=$JAVA_HOME/bin:$PATH
Change the java back
sudo update-alternatives --config java