Linux Setup

From bibbleWiki
Jump to navigation Jump to search

Pygmentize

So needed to update for keywords in C#. Here is the thrust of the changes based on. I used the code from https://github.com/FSund/pygments-custom-cpplexer

Python C# 9.0 Lexer

#!/usr/bin/python

from setuptools import setup, find_packages

setup(
    name='pygments-mdcsharp90',
    description='Pygments lexer for C# 9.0.',
    long_description=open('README.md').read(),
    keywords='pygments c# lexer',

    packages=find_packages(),
    install_requires=['pygments >= 1.4'],

    entry_points='''[pygments.lexers]
                    mdcsharp90=pygments_mdcsharp90:MDCSharpLexer''',

    classifiers=[
        'Development Status :: 4 - Beta',
        'Environment :: Plugins',
        'Operating System :: OS Independent',
        'Programming Language :: Python',
        'Programming Language :: Python :: 2',
        'Programming Language :: Python :: 3',
        'Topic :: Software Development :: Libraries :: Python Modules',
    ],
)
#from pygments.lexers.asm import CppLexer
from pygments.lexers import CSharpLexer
from pygments.token import Name, Keyword

class MDCSharpLexer(CSharpLexer):
    name = 'MDCSharp90'
    aliases = ['mdcsharp90']

    EXTRA_KEYWORDS = ['record', 'init']

    def get_tokens_unprocessed(self, text):
        for index, token, value in CSharpLexer.get_tokens_unprocessed(self, text):
            if token is Name and value in self.EXTRA_KEYWORDS:
                yield index, Keyword, value
            else:
                yield index, token, value

Fix BCM BCM43142A0 (0a5c:216)

Well this was a tougher than expected but not too tough for me. First I tried to use the drivers on https://github.com/winterheart/broadcom-bt-firmware
Instructions were

  • get the appropriate hid file and reboot
  • copy to /lib/firmware
  • reboot
  • Look for Bluetooth. This is what bad looks light
Mar 17 01:15:20 BILL kernel: [ 2205.631184] Bluetooth: hci0: BCM: chip id 70
Mar 17 01:15:20 BILL kernel: [ 2205.632142] Bluetooth: hci0: BCM: features 0x06
Mar 17 01:15:20 BILL kernel: [ 2205.648147] Bluetooth: hci0: BILL
Mar 17 01:15:20 BILL kernel: [ 2205.648155] Bluetooth: hci0: BCM43142A0 (001.001.011) build 0000
Mar 17 01:15:20 BILL kernel: [ 2205.649174] Bluetooth: hci0: BCM: firmware Patch file not found, tried:
Mar 17 01:15:20 BILL kernel: [ 2205.649180] Bluetooth: hci0: BCM: 'brcm/BCM43142A0-0a5c-216c.hcd'
Mar 17 01:15:20 BILL kernel: [ 2205.649183] Bluetooth: hci0: BCM: 'brcm/BCM-0a5c-216c.hcd'
Mar 17 01:15:22 BILL kernel: [ 2207.661039] Bluetooth: hci0: command 0x1003 tx timeout
Mar 17 01:15:22 BILL kernel: [ 2207.662104] Bluetooth: hci0: unexpected event for opcode 0x1003
Mar 17 01:16:01 BILL kernel: [ 2246.952482] Bluetooth: hci0: urb 0000000034f8d926 failed to resubmit (2)
Mar 17 01:16:01 BILL kernel: [ 2246.952491] Bluetooth: hci0: urb 00000000f20ac1f5 failed to resubmit (2)

Well let's pretend the sun went down, came up and went down again as I googled my way to getting this working. Knowing what good looks like is the key. I did not

So originally thought the site had taken hex files found in the drivers and converted them to hid. They may well have done but it did not work. So once I found this was what bad looks like this is what I did

  • Found the drivers on line bluetooth_Win7-8-8-1_V6515800_12009860.zip
  • Unzip and look for PID_216C (the id of the card)
  • This will give a list on files. Look for the most sensible, my case (Win64) was Bluetooth_Win7-8-8-1_V6515800_12009860/Win8_Win81/Win64/bcbtums-win8x64-brcm.inf
  • Look for the right hex file by again search for the PID
  • In the section ;;;;;;;;;;;;;RAMUSB216C;;;;;;;;;;;;;;;;; only one hex file is listed
  • This is BCM43142A0_001.001.011.0197.0233.hex
  • Convert to hid file with hex2hcd BCM43142A0_001.001.011.0197.0233.hex -o BCM43142A0-0a5c-216c.hcd
  • Copy file to /lib/firmware/brcm
  • Reboot and cross fingers
  • Attempt at own risk and I believe it is also illegal to dont do it

This is what good looks like

Mar 17 01:24:10 BILL kernel: [   24.611457] Bluetooth: Core ver 2.22
Mar 17 01:24:10 BILL kernel: [   24.611489] Bluetooth: HCI device and connection manager initialized
Mar 17 01:24:10 BILL kernel: [   24.611493] Bluetooth: HCI socket layer initialized
Mar 17 01:24:10 BILL kernel: [   24.611495] Bluetooth: L2CAP socket layer initialized
Mar 17 01:24:10 BILL kernel: [   24.611499] Bluetooth: SCO socket layer initialized
Mar 17 01:24:10 BILL kernel: [   25.253630] Bluetooth: hci0: BCM: chip id 70
Mar 17 01:24:10 BILL kernel: [   25.254629] Bluetooth: hci0: BCM: features 0x06
Mar 17 01:24:10 BILL kernel: [   25.270595] Bluetooth: hci0: BILL
Mar 17 01:24:10 BILL kernel: [   25.270599] Bluetooth: hci0: BCM43142A0 (001.001.011) build 0233
Mar 17 01:24:10 BILL kernel: [   25.508569] Bluetooth: hci0: BCM43142A0 'brcm/BCM43142A0-0a5c-216c.hcd' Patch
Mar 17 01:24:10 BILL kernel: [   26.108639] Bluetooth: hci0: Broadcom 43142 Bluetooth 4.0 Adapter
Mar 17 01:24:10 BILL kernel: [   26.108643] Bluetooth: hci0: BCM43142A0 (001.001.011) build 0233
Mar 17 01:24:13 BILL systemd[1]: Started Bluetooth service.
Mar 17 01:24:13 BILL systemd[1]: Reached target Bluetooth.
Mar 17 01:24:13 BILL kernel: [   39.740491] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
Mar 17 01:24:13 BILL kernel: [   39.740493] Bluetooth: BNEP filters: protocol multicast
Mar 17 01:24:13 BILL kernel: [   39.740499] Bluetooth: BNEP socket layer initialized
Mar 17 01:24:13 BILL bluetoothd[699]: Bluetooth management interface 1.17 initialized

Snap

Onliners for me

snap list
snap refresh --list
snap refresh

Zoom

You need to download the zoom.deb from the site

apt install libgl1-mesa-glx libegl1-mesa libxcb-xtest0   libxcb-xinerama0
sudo apt install gdebi
sudo dpkg i ~/Download/zoom.deb

Making fakecam work

2022 Feb 28 - Could not get this to work with out turning off the apparmor for fakecam. Then you need to

sudo aa-complain snap.fakecam.fakecam -d /var/lib/snapd/apparmor/profile
sudo snap connect fakecam:camera
sudo fakecam

Gimp

Install flatpak

To install gimp we need to install flatPak. We can to this with

sudo apt install flatpak

Add Repositories

We then add the repositories. We need the beta for Gimp and the normal one for dependencies

flatpak remote-add --user flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

# List repositories with
flatpak remote-list

Install Software

At the time I needed org.gnome.Platform//3.38. To find out which you can install in reverse. i.e.

flatpak install --user flathub-beta org.gimp.GIMP

Then install the software

# From flathub
flatpak install flathub org.gnome.Platform//3.28
# From flathub-beta
flatpak install --user flathub-beta org.gimp.GIMP

Network Stuff

ip link list eno1
ip link set eno1 down
ip link set eno1 up
netplan apply

Set up Monitors

Xorg.conf

This is in /etc/X11/xorg.conf

# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings:  version 465.31


Section "ServerLayout"
    Identifier     "Layout0"
    Screen      0  "Screen0" 0 0
    InputDevice    "Keyboard0" "CoreKeyboard"
    InputDevice    "Mouse0" "CorePointer"
    Option         "Xinerama" "0"
EndSection

Section "Files"
EndSection

Section "InputDevice"

    # generated from default
    Identifier     "Mouse0"
    Driver         "mouse"
    Option         "Protocol" "auto"
    Option         "Device" "/dev/psaux"
    Option         "Emulate3Buttons" "no"
    Option         "ZAxisMapping" "4 5"
EndSection

Section "InputDevice"

    # generated from default
    Identifier     "Keyboard0"
    Driver         "kbd"
EndSection

Section "Monitor"

    # HorizSync source: edid, VertRefresh source: edid
    Identifier     "Monitor0"
    VendorName     "Unknown"
    ModelName      "AOC V27t"
    HorizSync       30.0 - 80.0
    VertRefresh     55.0 - 75.0
    Option         "DPMS"
EndSection

Section "Device"
    Identifier     "Device0"
    Driver         "nvidia"
    VendorName     "NVIDIA Corporation"
    BoardName      "NVIDIA GeForce GT 1030"
EndSection

Section "Screen"

# Removed Option "metamodes" "HDMI-0: nvidia-auto-select +939+0, DVI-D-0: nvidia-auto-select +0+0 {rotation=left}"
# Removed Option "metamodes" "nvidia-auto-select +0+0"
# Removed Option "metamodes" "1920x1080_60 +0+0"
# Removed Option "metamodes" "HDMI-0: nvidia-auto-select +0+0 {AllowGSYNC=Off}, DVI-D-0: nvidia-auto-select +1920+0 {AllowGSYNC=Off}"
# Removed Option "metamodes" "HDMI-0: nvidia-auto-select +1200+546 {AllowGSYNC=Off}, DVI-D-0: 1920x1200_60 +0+0 {rotation=left, AllowGSYNC=Off}"
    Identifier     "Screen0"
    Device         "Device0"
    Monitor        "Monitor0"
    DefaultDepth    24
    Option         "Stereo" "0"
    Option         "nvidiaXineramaInfoOrder" "DFP-1"
    Option         "metamodes" "HDMI-0: 1920x1080 +1200+546 {AllowGSYNC=Off}, DVI-D-0: 1920x1200_60 +0+0 {rotation=left, AllowGSYNC=Off}"
    Option         "SLI" "Off"
    Option         "MultiGPU" "Off"
    Option         "BaseMosaic" "off"
    SubSection     "Display"
        Depth       24
    EndSubSection
EndSection

Xrand

Screen 0: minimum 8 x 8, current 3840 x 1200, maximum 32767 x 32767
DVI-D-0 connected 1920x1200+1920+0 (normal left inverted right x axis y axis) 518mm x 324mm
   1920x1200     59.95*+
   1920x1080     60.00  
   1680x1050     59.95  
   1600x1200     60.00  
   1280x1024     60.02  
   1280x960      60.00  
   1024x768      60.00  
   800x600       60.32  
   640x480       59.94  
HDMI-0 connected primary 1920x1080+0+0 (normal left inverted right x axis y axis) 598mm x 340mm
   1920x1080     60.00*+  59.94    50.00    60.00    50.04  
   1680x1050     59.95  
   1440x900      59.89  
   1280x1024     75.02    60.02  
   1280x960      60.00  
   1280x720      60.00    59.94    50.00  
   1024x768      75.03    60.00  
   800x600       75.00    60.32  
   720x576       50.00  
   720x480       59.94  
   640x480       75.00    59.94    59.93

Monitors.xml

Change .config/monitor.xml, test and copy to

sudo cp ~/.config/monitors.xml /var/lib/gdm3/.config/
sudo chown gdm:gdm /var/lib/gdm3/.config/monitors.xml

My monitor 2020-09-07

<monitors version="2">
  <configuration>
    <logicalmonitor>
      <x>0</x>
      <y>0</y>
      <scale>1</scale>
      <transform>
        <rotation>left</rotation>
        <flipped>no</flipped>
      </transform>
      <monitor>
        <monitorspec>
          <connector>DVI-D-0</connector>
          <vendor>DEL</vendor>
          <product>DELL U2412M</product>
          <serial>9W5YH33E2ECS</serial>
        </monitorspec>
        <mode>
          <width>1920</width>
          <height>1200</height>
          <rate>59.950172424316406</rate>
        </mode>
      </monitor>
    </logicalmonitor>
    <logicalmonitor>
      <x>2400</x>
      <y>0</y>
      <scale>1.25</scale>
      <primary>yes</primary>
      <monitor>
        <monitorspec>
          <connector>HDMI-0</connector>
          <vendor>AOC</vendor>
          <product>V27t</product>
          <serial>0x01010101</serial>
        </monitorspec>
        <mode>
          <width>1920</width>
          <height>1080</height>
          <rate>60</rate>
        </mode>
      </monitor>
    </logicalmonitor>
  </configuration>
</monitors>

Set up Apache HSTS

In Apache 2 000-default.conf

<VirtualHost *:80> 
ServerName example.com 
Redirect permanent / https://example.com/
</VirtualHost>

In Apache 2 default-ssl.conf

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

On time setups on 19.04 upwards

To add scaling

gsettings set org.gnome.mutter experimental-features "['x11-randr-fractional-scaling']"

Auto hide taskbar

Go to settings->dock->auto-hide the dock

Hide top bar

sudo apt install gnome-shell-extension-autohidetopbar
  • log out
  • log in
  • run gnome-tweak
  • extension->Hide to bar

On time setups on 20.04 upwards

Mediwiki

Create database

 CREATE DATABASE my_wiki
 CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
 GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';

Restore database

 mysql -u root -p XXXX < db_backup_XXXX_23_10_2019_04_21_44

Copy Wiki files

 cp <backup>/mediawiki /var/lib/mediawiki

Postfix

Good Site for Spam Protection

Found this site useful https://www.linuxbabe.com/mail-server/block-email-spam-postfix
>br> Current main.cf

...
smtpd_helo_required = yes
smtpd_helo_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_invalid_helo_hostname
    reject_non_fqdn_helo_hostname
    reject_unknown_helo_hostname

smtpd_sender_restrictions =
   permit_mynetworks
   permit_sasl_authenticated
   reject_unknown_sender_domain
   reject_unknown_reverse_client_hostname
   reject_unknown_client_hostname

smtpd_recipient_restrictions = 
        permit_mynetworks,
        permit_sasl_authenticated
        check_policy_service inet:127.0.0.1:10023,
        check_client_access hash:/etc/postfix/rbl_override,
        reject_rhsbl_helo dbl.spamhaus.org,
        reject_rhsbl_reverse_client dbl.spamhaus.org,
        reject_rhsbl_sender dbl.spamhaus.org,
        permit_dnswl_client list.dnswl.org=127.0.[0..255].[1..3],
        reject_rbl_client zen.spamhaus.org
...

Create database

 CREATE DATABASE mail
 CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
 GRANT ALL PRIVILEGES ON mail.* TO 'newuser'@'localhost' WITH GRANT OPTION;
 mysql -u root -p XXXX < db_backup_my_XXXX_23_10_2019_04_21_44

Setup mail user and directory

 cd /var
 ln -s /mnt/<RAID ARRAY>/vmail .

 groupadd -g 5000 vmail
 useradd -m -d /var/vmail -s /bin/false -u 5000 -g vmail vmail

Setup Cetificates for SSL

 systemctl stop apache2
 apt-get install python3-certbot-apache

 certbot -n  --agree-tos --standalone certonly -d www.bibble.co.nz
 certbot -n  --agree-tos --standalone certonly -d mail.bibble.co.nz
 certbot -n  --agree-tos --standalone certonly -d imap.bibble.co.nz

Install postfix

 apt-get install postfix
 apt-get install postfix-mysql 
 apt-get install postfix-policyd-spf-python
 apt-get install postgrey 
 apt-get install sasl2-bin libsasl2.2 libsasl2-modules

Install opendkim

apt-get install opendkim
cp -r /backup/etc/opendkim /etc
# Change /etc/opendkim.conf
Socket    local:/var/spool/postfix/opendkim/opendkim.sock
# Change /etc/default/opendkim
Socket    local:/var/spool/postfix/opendkim/opendkim.sock
# Change /etc/postfix/main.cf
 smtpd_milters = local:opendkim/opendkim.sock

Install Amavisd And Spamassasin

apt-get install amavisd-new spamassassin \
      clamav clamav-daemon unzip bzip2 libnet-ph-perl \
      libnet-snpp-perl libnet-telnet-perl nomarch lzop


In /etc/amavis/conf.d/15-content_filter_mode uncomment

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

Add to postfix

 postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
 postconf -e 'receive_override_options = no_address_mappings'


systemctl restart amavis
systemctl restart clamav-daemon
systemctl restart postfix

usermod -a -G clamav amavis
usermod -a -G amavis clamav

Change /etc/amavis/conf.d/05-node_id to have

05-node_id:$myhostname = "denise.bibble.

Dovecot

apt install dovecot-imapd dovecot-pop3d
apt install dovecot-sieve dovecot-solr dovecot-antispam
apt-get install dovecot-mysql
apt-get install dovecot-lmtpd

Setting netplan to render through network manager

network:
    version: 2
    renderer: NetworkManager
    ethernets:
        enp4s0:
            addresses: [10.1.1.70/24]
            gateway4: 10.1.1.99
            nameservers:
                    search: [bibble.local] 
                    addresses: [10.10.1.2]
            dhcp4: no

Setting up repo for current packages on ubuntu

Get list of package installd

$ apt list --installed > install.list

Then translate it into apt understandable format:

$ sed -r  's/ \[.*?\]//g' install.list | sed -r 's/(^.*?)\/.*?[ ](.*?)[ ](.*?)$/\1:\3=\2/g' > install.list.to.dl

Then download the current packages versions:

$ xargs apt download < install.list.to.dl

You would need to create a Packages.gz file in order to add this folder as a source for apt. E.g.

$ cd ~/deb_server/debs/
$ dpkg-scanpackages -m . /dev/null | gzip -9c >  Packages.gz  

EDIT: path for dpkg-scanpackages must be relative, otherwise this will break the download process later (-m allows you to have multiple versions, if you want the most recent version, remove the -m) Now you have to bring up a file server for example apache2 and configure it to index files.

/etc/apache2/sites-enabled/000-debserver.conf

Containing:

DocumentRoot /var/www
  <Directory /var/www/>
    Options +Indexes +FollowSymLinks
    Require all granted
  </Directory>

And finally you need to symlink the deb folder to /var/www. (Or configure the server to the current deb download location) e.g.

$ ln -s ~/deb_server/debs/ /var/www/repo

The last bit is to add the server machine as the only source for apt updates on each target machine.

$ deb [trusted=yes] http://deb_server_ip/repo /

If you want to update the packages, you need to re-run apt download of the list, but without the version.

$ sed -r  's/ \[.*?\]//g' install.list | sed -r 's/(^.*?)\/.*?[ ](.*?)[ ](.*?)$/\1:\3/g' > install.list.for.update
$ apt update && xargs apt download < install.list.for.update

Setting up Iot Edge on 19.04

Not yet released so here is how to do it

Install docker

wget https://packages.microsoft.com/ubuntu/18.04/multiarch/prod/pool/main/i/iotedge/iotedge_1.0.8-2_amd64.deb
wget https://packages.microsoft.com/ubuntu/18.04/multiarch/prod/pool/main/libi/libiothsm-std/libiothsm-std_1.0.8-1_amd64.deb
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb

Fixing ubuntu 19.04 mouse

Install kernel 5.2.x

Cerificates

Expiry Dates

You can see the expiry dates with certbot

certbot certificates

// Gives
  Certificate Name: xxx.bibble.co.nz
    Serial Number: xxxxxx
    Domains: xxx.bibble.co.nz
    Expiry Date: 2021-10-03 01:02:21+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/xxx.bibble.co.nz/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/xxx.bibble.co.nz/privkey.pem

Initial

 apt-get install software-properties-common python-software-properties
 add-apt-repository ppa:certbot/certbot
 apt-get update
 apt-get install python-certbot-apache 

 certbot -n  --agree-tos --standalone certonly -d <site1.domain.com>
 certbot -n  --agree-tos --standalone certonly -d <site2.domain.com>

Renew

sudo certbot -n  --agree-tos --standalone certonly -d <site1.domain.com>
sudo systemctl restart dovecot
sudo systemctl restart nginx
sudo microk8 stop
sudo microk8 start

Building r8168

This is not necessary as you can use the command

apt-get install r8168-dkms

Updating DNS

This script runs in crontab once every 15 minutes

#!/bin/bash
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=bibble.co.nz'
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=denise.bibble.co.nz'
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=www.bibble.co.nz' 
lynx -source -auth=user_xxx:pass_xxxx 'http://dynamic.zoneedit.com/auth/dynamic.html?host=sync.bibble.co.nz'

Backup MySQL

I use the following script to back up the databases

#!/bin/sh

myBackupFolder="/home/iwiseman/backups"
myBackupLogFileName="$myBackupFolder/"backup_log_"$(date +'%Y_%m')".txt

DoBackup()
{
        myDatabaseName=$1

        myCurrentDateTime="$(date +'%d_%m_%Y_%H_%M_%S')"
        myBackupFileName="db_backup_${myDatabaseName}_${myCurrentDateTime}".gz
        myFullyQualifieldBackupFileName="$myBackupFolder/$myBackupFileName"

        echo "mysqldump of $myDatabaseName started at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
        mysqldump --user=root --password=xxxx --default-character-set=utf8 --single-transaction $myDatabaseName  | gzip > "$myFullyQualifieldBackupFileName"
        echo "mysqldump of $myDatabaseName finished at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
 
        chown iwiseman "$myFullyQualifieldBackupFileName"
        chown iwiseman "$myBackupLogFileName"
        echo "file permission changed" >> "$myBackupLogFileName"
 
        find "$myBackupFolder" -name db_backup_* -mtime +8 -exec rm {} \;
        echo "old files deleted" >> "$myBackupLogFileName"
 
        echo "operation finished at $(date +'%d-%m-%Y %H:%M:%S')" >> "$myBackupLogFileName"
        echo "*****************" >> "$myBackupLogFileName"
}


DoBackup mail
DoBackup wordpress424

exit 0

Fix Playstation

Fix Playstation (Linux)

The works when enp1s0 is the interface of the second NIC and enp2s0 is the main NIC.

To fix the playstation create the following script

 #!/bin/bash
 echo 1 > /proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 iptables -A FORWARD -i enp1s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT

Put this into /etc/rc.local e.g

 #!/bin/bash
 /usr/local/bin/fix_playstation.sh

Fix Playstation (Windows)

Setting network up for two nics with windows you use ICS and then let the playstation connect automatically

Setting up L2TP VPN

You will need the following

Connection Name: xxxxxx
Username: xxxxxxx
Password: xxxxxxx
ServerAddress: xxxxxxx
VPN Type: L2TP/IPsec with pre-shared key
Pre-shared key: xxxxxx
Under IPSec Settings (Linux)
3des-sha1-modp1024 for phase 1 (Linux)
3des-sha1 for phase 2 (Linux)
Authentication Methods: Pap, MSChapV2, Chap (Windows only)
EncryptionLevel: Optional (Windows only)
 sudo apt-get install network-manager-l2tp
 sudo apt-get install network-manager-l2tp-gnome
 sudo service xl2tpd stop
 sudo update-rc.d xl2tpd disable

Install Jenkins

This was done on a 20.04 Ubuntu server
We need java. On the page it says it supports OpenJDK JDK / JRE 8 - 64 bits and OpenJDK JDK / JRE 11 - 64 bits so we need to make sure it uses the right one by creating a .profile.(Note bashrc does not run for this user)

Install java

apt install openjdk-11-jdk-headless

Change the default to 11

sudo update-alternatives --config java

Install Jenkins

wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb https://pkg.jenkins.io/debian-stable binary/ > \
    /etc/apt/sources.list.d/jenkins.list'
sudo apt-get update
sudo apt-get install jenkins

Create a startup script

cat /var/lib/jenkins/.profile 
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
echo $JAVA_HOME
export PATH=$JAVA_HOME/bin:$PATH

Change the startup script etc init.d/jenkins

PATH=
....
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
echo $JAVA_HOME
export PATH=$JAVA_HOME/bin:$PATH

Change the java back

sudo update-alternatives --config java

Open LDAP

Install software

sudo apt install slapd ldap-utils

Reconfigure to your Domain

sudo dpkg-reconfigure slapd

You can verify this has worked with (don't forget sudo)

sudo ldapsearch -x -LLL -b "" -s base namingContexts

It should return your setup in my case

dn:
namingContexts: dc=bibble,dc=co,dc=nz

And view the RootDN

sudo ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q | grep olcRootDN:

It should return

p olcRootDN:
olcRootDN: cn=admin,cn=config
olcRootDN: cn=admin,dc=bibble,dc=co,dc=nz

Configuring Logging

To view the log level

sudo ldapsearch -H ldapi:/// -Y EXTERNAL -b "cn=config" -LLL -Q | grep olcLogLevel:

Which returns

p olcLogLevel:
olcLogLevel: none

We can either use

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -Q

To modify interactively or use LDIF files to update. Either way the contents are

dn: cn=config
changeType: modify
replace: olcLogLevel
olcLogLevel: stats

To perform using LDIF use

sudo ldapmodify -Y EXTERNAL -H ldapi:///  -f /tmp/test.ldif

And verify with

sudo ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config "(objectClass=olcGlobal)" olcLogLevel -LLL -Q

Setting up log files

Lets put the logs into their own file

sudo vi /etc/rsyslog.d/51-slapd.conf

Add the following

local4.* /var/log/slapd.log

Restart

sudo systemctl restart rsyslog slapd

Lets clean up the logs

 sudo vi /etc/logrotate.d/slapd

Add the following

 /var/log/slapd.log
 { 
         rotate 7
         daily
         missingok
         notifempty
         delaycompress
         compress
         postrotate
                 /usr/lib/rsyslog/rsyslog-rotate
         endscript
 }

Restart

 sudo systemctl restart logrotate

Set up ssl

The are three certs to worry about

rootCA
server cert
server key

I create these independently of this setup and these are place in

/etc/ssl/openldap/certs/rootCA.pem
/etc/ssl/openldap/certs/server.crt
/etc/ssl/openldap/private/server.key

Set permissions on the directory

chown -R openldap: /etc/ssl/openldap/

We need to allow apparmor to read the files so edit

vi /etc/apparmor.d/usr.sbin.slapd

With

...
  # Site-specific additions and overrides. See local/README for details.
  #include 

  #TLS
  /etc/ssl/openldap/certs/ r,
  /etc/ssl/openldap/certs/* r,
  /etc/ssl/openldap/private/ r,

  /etc/ssl/openldap/pri  /etc/letsencrypt/archive/ldap.bibble.co.nz/ r,
  /etc/letsencrypt/archive/ldap.bibble.co.nz/* r,vate/* r,

Reload

apparmor_parser -r /etc/apparmor.d/usr.sbin.slapd

Create a ldif to reflect your cert names and locations

dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/openldap/certs/cacert.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/openldap/certs/ldapserver-cert.crt
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/openldap/private/ldapserver-key.key

Had a lot of trouble getting the next bit to work thanks to no help from the product. Firstly add the ssl-cert to the openldap with

usermod -aG ssl-cert openldap

Also found that the key was read only for letsencryt so

chmod g+r  /etc/letsencrypt/archive/DOMAIN/privkey1.pem

The trick is to get the permissions right. I did this by looking at what others had done. Namely /etc/ssl. I checked the permisions on directories cert and private plus the contents and owner. Here is the end result

root@oliver:/etc/ssl# ls -lR openldap/
openldap/:
total 8
drwxr-xr-x 2 openldap openldap 4096 Nov  4 13:39 certs
d-wx--x--- 2 openldap ssl-cert 4096 Nov  4 13:39 private

openldap/certs:
total 8
-rw-r--r-- 1 openldap ssl-cert 1411 Nov  4 13:39 rootCA.pem
-rw-r--r-- 1 openldap ssl-cert 1501 Nov  4 13:39 server.crt

openldap/private:
total 4
-rw-r----- 1 openldap ssl-cert 1704 Nov  4 13:39 server.key

Now you should be able to add then TLS entries with

 ldapmodify -Y EXTERNAL -H ldapi:/// -f ldap-tls.ldif

As ever you can verify this with

slapcat -b "cn=config" | grep -E "olcTLS"

Which should show

olcTLSCACertificateFile: /etc/ssl/openldap/certs/rootCA.pem
olcTLSCertificateKeyFile: /etc/ssl/openldap/private/server.key
olcTLSCertificateFile: /etc/ssl/openldap/certs/server.crt

Let run a test before switching

slaptest -u

Which should show

config file testing succeeded

Add the certificate int /etc/ldap/ldap.conf

...
# TLS certificates (needed for GnuTLS)
#TLS_CACERT	/etc/ssl/certs/ca-certificates.crt
TLS_CACERT	/etc/ssl/openldap/certs/rootCA.pem

Restart the server

systemctl restart slapd

Finally, phew test the connectivity

ldapwhoami -H ldapi:/// -x -ZZ

For lets encrypt I ended up with

ls -lR  /etc/ssl/openldap/
/etc/ssl/openldap/:
total 8
drwxr-xr-x 2 openldap openldap 4096 Nov  4 05:30 certs
drwxr-xr-x 2 openldap ssl-cert 4096 Nov  4 05:31 private

/etc/ssl/openldap/certs:
total 0
lrwxrwxrwx 1 openldap openldap 53 Nov  4 05:30 rootCA.pem -> /etc/letsencrypt/live/XXX/fullchain.pem
lrwxrwxrwx 1 openldap openldap 48 Nov  4 05:30 server.crt -> /etc/letsencrypt/live/XXX/cert.pem

/etc/ssl/openldap/private:
total 0
lrwxrwxrwx 1 openldap ssl-cert 51 Nov  4 05:31 server.key -> /etc/letsencrypt/live/XXX/privkey.pem

And the ldif

dn: cn=config
changetype: modify
add: olcTLSCipherSuite
olcTLSCipherSuite: NORMAL
-
add: olcTLSCRLCheck
olcTLSCRLCheck: none
-
add: olcTLSVerifyClient
olcTLSVerifyClient: never
-
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/openldap/certs/rootCA.pem
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/openldap/private/server.key
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/openldap/certs/server.crt
-
add: olcTLSProtocolMin
olcTLSProtocolMin: 3.3

You can test this with

sudo ldapwhoami -H ldap://ldap.bibble.co.nz -x -ZZ

Add a user

Create a base dn

dn: ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=group,dc=ldapmaster,dc=kifarunix-demo,dc=com
objectClass: organizationalUnit
ou: group

And add a user as below creating first a password with slappasswd

dn: uid=mibeyam,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: mibeyam
cn: mibeyam
givenName: Amos
sn: Mibey
userPassword: {SSHA}sO8V/PZsGCta6098vs2qgX767AJF3Sw7
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/mibeyam

dn: cn=mibeyam,ou=group,dc=ldapmaster,dc=kifarunix-demo,dc=com
objectClass: posixGroup
cn: mibeyam
gidNumber: 10000
memberUid: mibeyam

Set up client

You will need to know your base DN which is the first line of slapcat

I would recommend you test you user on the client prior to provisioning using you DN and account

 ldapwhoami -vvv -h localhost -D "uid=mibeyam,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com" -x -W

A good result will echo the user

Install software

sudo apt-get update
sudo apt-get install libpam-ldapd libnss-ldapd

Change pam to create directory /etc/pam.d/common-session

...
session required pam_mkhomedir.so umask=0022 skel=/etc/skel

Restart services sudo systemctl restart nslcd sudo systemctl restart nscd

Screen Blanking

After suspend the screen kept blanking after 33 seconds. To fix this we need to do

# Query
xset q
# Turn off dpms
xset -dpms

Set up 5.1

For current setup (ALC1220-VB) I used this. The Orange, Black and Green

Here is the Z506 relevant page

Maybe an order to this. But set the channels to 6 after selecting the card


Change /etc/pulse/daemon.conf to have the correct channels and mapping. The mapping may be different for different systems.

default-sample-channels = 6
default-channel-map = front-left,front-right,rear-left,rear-right,front-center,lfe

And here is a picture taken by my wifey

Sound starting produces two Crackles

When sound starts you hear two crackle and then sound works. This is caused by power saving and you can turn this off with the following

echo "0" | sudo tee /sys/module/snd_hda_intel/parameters/power_save

If this works we can make this permanent

echo "options snd_hda_intel power_save=0" | sudo tee -a /etc/modprobe.d/audio_disable_powersave.conf

PipeWire Alternative to Pulse

Got this from here

Setup

When I did this I had to reboot but then it worked

 sudo add-apt-repository ppa:pipewire-debian/pipewire-upstream
 sudo apt update
 sudo apt install pipewire pipewire-audio-client-libraries
 sudo apt install gstreamer1.0-pipewire libpipewire-0.3-{0,dev,modules} lib  spa-0.2-{bluetooth,dev,jack,modules} pipewire{,-{audio-client-libraries,pulse,media-session,bin,locales,tests}}  
 
  sudo systemctl --user daemon-reload 

 // Disable pulse
 systemctl --user --now disable pulseaudio.service pulseaudio.socket

 // Enable pipewire
 systemctl --user --now enable pipewire pipewire-pulse

 Pactl info

Remove

Not run this because the above did work

 sudo apt remove pipewire pipewire-audio-client-libraries
 sudo apt remove gstreamer1.0-pipewire libpipewire-0.3-{0,dev,modules} libspa-0.2-{bluetooth,dev,jack,modules} pipewire{,-{audio-client-libraries,pulse,media-session,bin,locales,tests}}
 systemctl --user daemon-reload
 systemctl --user --now enable pulseaudio.service pulseaudio.socket
 pactl info

Set up Fake Cam

Download Fake Cam Linux-Fake-Background-Webcam

git clone https://github.com/fangfufu/Linux-Fake-Background-Webcam

Set up a modprobe for it in /etc/modprobe.d/fakecam.conf

options v4l2loopback devices=1 video_nr=20 card_label=fakecam exclusive_caps=1

Force module to be loaded at boot by adding v4l2loopback to /etc/modules

Now add a script for convenience e.g. ~/bin/cam.sh

#!/usr/bin/bash
cd ~/dev/projects/Linux-Fake-Background-Webcam/
python3 fake.py -v /dev/video20 --no-background --no-foreground

Useful LDAP Commands

List users

 ldapsearch -x -LLL -b "dc=ldapmaster,dc=kifarunix-demo,dc=com"

Delete user

ldapdelete -x -W -D "cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com" "uid=mibeyam,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com"

Reset password

ldappasswd -H ldapi:/// -x -D "cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com" -W -S "uid=mibeyam,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com"

Flush DNS

# Check a Record
nslookup -type=A xxxx.ihc.org.nz
# Restart bind
sudo systemctl restart bind9
# Flush DNS
sudo rndc flush
sudo resolvectl flush-caches

Fix DNS

With the standard approach of using netplan the DNS gets overwritten.

network:
    version: 2
    renderer: networkd
    ethernets:
        enp5s0:
            addresses: [10.10.1.100/24]        # IP Address
            gateway4: 10.10.1.1                # Router name
            nameservers:
                    search: [mydomain.local]   # Local domain
                    addresses: [10.10.1.254]   # DNS Server
            dhcp4: yes

You can fix this with

sudo netplan apply

To fix this need to change /etc/systemd/resolved.conf

...
#Set your DNS and add alternatives
DNS=10.1.1.254 8.8.8.8 9.9.9.9

#Add for local domain
domains=mydomain.local
...

To test this you can use

resolvectl

Global
         Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 10.10.1.254
       DNS Servers: 10.10.1.254 8.8.8.8 9.9.9.9

Link 2 (enp5s0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.10.1.254
       DNS Servers: 10.10.1.254 8.8.8.8 8.8.4.4
        DNS Domain: mydomain.local

Redirect syslog entries for Process

To redirect the logs for a process create a config with less than 50-default.conf e.g. 30-dhcpd.conf

###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#

if $programname == 'dhcpd' then /var/log/dhcp.log
& stop

Then make sure you add rotate entry in /etc/logrotate.d/rsyslog

/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/dhcp.log
/var/log/messages
{
	rotate 4
	weekly
	missingok
	notifempty
	compress
	delaycompress
	sharedscripts
	postrotate
		/usr/lib/rsyslog/rsyslog-rotate
	endscript
}

Drag and Drop Broken

This was logged in 23.04 and raised https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2016743

Workaround is to switch to wayland. https://beebom.com/how-switch-between-wayland-xorg-ubuntu/

MediaWiki URLs

Changed this on the 24 May 2023. Kept the original nginx config but added

# Handling for the article path (pretty URLs)
location /wiki/ {
  rewrite ^/wiki/(?<pagename>.*)$ /mediawiki/index.php;
}

We needed to change the LocalSettings.php to

$wgScriptPath = "/mediawiki";
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;

To reverse we need to remove both of these.

MS Teams

Cannot get the Progressive App to work so downloaded from

sudo apt install libgdk-pixbuf2.0-0  libgdk-pixbuf-xlib-2.0-0
wget http://repo.linuxliteos.com/linuxlite/pool/main/t/teams/teams_1.5.00.23861_amd64.deb
sudo dpkg -i teams_1.5.00.23861_amd64.deb

Setup WIFI Dongle

This is for the following device

0bda:c820 Realtek Semiconductor Corp. 802.11ac NIC

We have to blacklist the default driver. Create file /etc/modprobe.d/rtw8821bu.conf

blacklist rtw88_8821cu

Add the repository and install driver 5.12.0.4~lunar

sudo add-apt-repository ppa:kelebek333/kablosuz
sudo apt update
sudo apt install rtl8821cu-next-dkms

Fix Bluetooth BORIS

Remove the device
Turn bluetooth off
bluetoothctl

And type

[bluetooth]# agent off
[bluetooth]# power off
[bluetooth]# power on
[bluetooth]# agent on
[bluetooth]# default-agent
[bluetooth]# scan on

Windows 10 USB Boot on linux

Use [Ventoy] software. When you burn the USB it takes forever to umount. To monitor write blocks on USB use

watch grep -e Dirty: -e Writeback: /proc/meminfo