LXC: create Debian Wheezy container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.wheezy.sh -O - | bash -

#!/bin/bash

[ -z $CONTAINER ] && CONTAINER=wheezy

LANG=en_US.UTF-8
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r wheezy
sudo lxc-start -d -n ${CONTAINER}

sudo lxc-attach -n ${CONTAINER} -- apt-get clean
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

LXC: create Debian Squeeze container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.squeeze.sh -O - | bash -

#!/bin/bash

[ -z $CONTAINER ] && CONTAINER=squeeze

LANG=en_US.UTF-8
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r squeeze
sudo lxc-start -d -n ${CONTAINER}

sudo lxc-attach -n ${CONTAINER} -- apt-get clean
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

Ericsson H5321 gw

# lsusb | grep Ericsson
Bus 003 Device 004: ID 0bdb:1926 Ericsson Business Mobile Networks BV

# fix kernel driver
echo "/etc/modprobe.d/avoid-mbib.conf" > options cdc_ncm prefer_mbim=N

cat < /etc/udev/rules.d/99-mbm.rules
ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926",
ENV{ID_USB_INTERFACE_NUM}=="09", ENV{MBM_CAPABILITY}="gps_nmea"
ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926",
ENV{ID_USB_INTERFACE_NUM}=="03", ENV{MBM_CAPABILITY}="gps_ctrl"
EOF

# force USB modem to only connect via EDGE and not 3G?

Git

git hooks post-merge example

#!/bin/bash

# check for modified files
for FILE in $(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD); do
  case "${FILE}" in
    *.json)
      # Repository configuration changed: update configuration
      ~/my_repository/scripts/json_update.sh
      ;;
    cronjobs/crontab)
      # Crontab changed: update user cronjobs
      ~/my_repository/scripts/crontab_update.sh
      ;;
  esac
done

# show diff for one file
git diff

# commit only one file
git commit -m 'my comment' path/to/file

# push local Git branch to remote master branch
git push origin local_branch_1:master

# switch branch
git checkout master

Debian: Compile and install multiple PHP CLI versions

# install dependencies
apt-get install -y build-essential
 
# download and compile PHP
for VERSION in 5.3.29 5.4.38 5.5.22 5.6.6; do
    wget -q "http://de1.php.net/get/php-${VERSION}.tar.bz2/from/this/mirror" -O- | tar xj -C /tmp
    cd /tmp/php-${VERSION}
    ./configure --prefix=/opt/php/${VERSION%.*} --disable-all --disable-cgi
    make install -j5
done
 
# add to PATH
for i in /opt/php/*; do
    ln -s $i/bin/php /usr/local/bin/php${i##*/}
done
 
# create backup
cd /opt/php
tar -cjf /tmp/opt.php.$(date -I).tar.bz2 *
 
# test backup
tar -tvf /tmp/opt.php.$(date -I).tar.bz2

Create a restricted user for SSH tunneling

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/create_ssh_tunnel_user.sh -O - | bash -

#!/bin/bash

# create new restricted user
useradd tunnel --gid nogroup --create-home --skel /dev/null --shell /bin/rbash

# set random encrypted password to enable login
echo "tunnel:$(openssl rand -base64 32)" | chpasswd

# create authorized_keys
mkdir /home/tunnel/.ssh
chmod 700 /home/tunnel/.ssh
touch /home/tunnel/.ssh/authorized_keys
chmod 600 /home/tunnel/.ssh/authorized_keys

# remove path to programs
echo 'PATH=' > /home/tunnel/.profile
chmod 400 /home/tunnel/.profile

# restrict permissions
chmod 500 /home/tunnel
chown tunnel:tunnel /home/tunnel -R

Add your public key(s)
cat /tmp/authorized_keys > /home/tunnel/.ssh/authorized_keys
sed -i 's|ssh-rsa|command="/bin/false",no-pty,no-X11-forwarding ssh-rsa|g' /home/tunnel/.ssh/authorized_keys

# parameter
command="/bin/false",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:80"
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding

Links
http://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html

Update LXC container templates filesystem

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/scripts/update_templates.sh -O - | bash -

#!/bin/bash

# ensure that this script is run as root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

# set language to english
LANG=en_US.UTF-8

# update debian templates
for DIST in $(ls /var/cache/lxc/debian); do
  echo "Updating ${DIST} ..."
  chroot "/var/cache/lxc/debian/${DIST}" apt-get update 
  chroot "/var/cache/lxc/debian/${DIST}" apt-get dist-upgrade -y
  chroot "/var/cache/lxc/debian/${DIST}" apt-get autoremove -y
  chroot "/var/cache/lxc/debian/${DIST}" apt-get clean
done

Install Google Music Manager

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.google-musicmanager.sh -O - | bash -

#!/bin/bash

# get URL
if [ "$(uname -m)" == "x86_64" ]; then
  # 64 bit
  URL=https://dl.google.com/linux/direct/google-musicmanager-beta_current_amd64.deb
else
  # 32 bit
  URL=https://dl.google.com/linux/direct/google-musicmanager-beta_current_i386.deb
fi

# download
wget ${URL} -P /tmp

# install
sudo dpkg -i /tmp/google-musicmanager-beta_current_*.deb

$ cat /etc/apt/sources.list.d/google-musicmanager.list
deb http://dl.google.com/linux/musicmanager/deb/ stable main

Links
https://play.google.com/music/listen?u=0#/manager

Docker container under XEN VM

# enable wheezy backports repository
cat <<EOF> /etc/apt/sources.list.d/wheezy-backports.list
deb http://ftp.de.debian.org/debian wheezy-backports main
deb-src http://ftp.de.debian.org/debian wheezy-backports main
EOF
 
# install newest kernel
apt-get update
apt-get install -y -t wheezy-backports linux-image-amd64
 
# reboot your server
reboot
 
# view kernel version
uname -a
# Linux wheezy 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.7-ckt2-1~bpo70+1 (2014-12-08) x86_64 GNU/Linux
 
# install xen
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master
Syndicate content