DMA (Dragonfly Mail Agent)

# preconfigure
echo "dma dma/relayhost string" | debconf-set-selections
echo "ddm dma/mailname string $(hostname -A)" | debconf-set-selections

# install
apt-get install -y dma

# configure relayhost
echo "foo|" >> /etc/dma/auth.conf

# send testmail
echo "This is a test message from ${USER}@${HOSTNAME} at $(date)" | /usr/sbin/sendmail

# view log
journalctl _COMM=sendmail -f

# configuration (/etc/dma/dma.conf)
AUTHPATH /etc/dma/auth.conf

Use ecrypted home directory and sshuttle

sudo apt-get install -y ecryptfs-utils

sudo adduser --encrypt-home foo

ecryptfs-mount-private foo

sudo usermod -aG sudo foo

sudo apt-get install -y sshuttle

su - foo
sshuttle --dns -r -x

LXC: Installation under Ubuntu

wget -O - | bash -


# ensure that this script is run by root
if [ $(id -u) -ne 0 ]; then
  sudo $0

# install lxc
apt-get install -y lxc

# disable auto configuration for eth0
sed -i 's|auto eth0|#auto eth0|g' /etc/network/interfaces
sed -i 's|iface eth0 inet dhcp|#iface eth0 inet dhcp|g' /etc/network/interfaces

# create network bridge
cat <<EOF>> /etc/network/interfaces
auto lxcbr0
iface lxcbr0 inet dhcp
  bridge_ports eth0

# disable auto configuration for network bridge by lxc
sed -i 's|USE_LXC_BRIDGE="true"|USE_LXC_BRIDGE="false"|g' /etc/default/lxc-net

# disable network managed by NetworkManager when installed
[ -f /etc/NetworkManager/NetworkManager.conf ] && sed -i 's|managed=true|managed=false|g' /etc/NetworkManager/NetworkManager.conf

# allow all user to list the containers
[ -d /etc/sudoers.d/ ] && echo "ALL ALL=NOPASSWD: /usr/bin/lxc-ls" >> /etc/sudoers.d/lxc


systemctl enable late_command.service
systemctl disable late_command.service
systemctl status late_command.service
journalctl -f
systemd-analyze verify

wget -q --no-check-certificate -O /etc/systemd/system/late_command.service && \
systemctl enable late_command.service

Description=preseed late_command script

ExecStartPre=/usr/bin/wget -q --no-check-certificate -O /tmp/
ExecStart=/bin/bash /tmp/
ExecStartPost=/bin/systemctl disable late_command.service


# test



GitLab: Web-based Git repository manager


# restart gitlab
gitlab-ctl restart

# git home directory

gitlab-rake gitlab:backup:create
ls -l /var/opt/gitlab/backups

Send email via SMTP

Create backup
sudo gitlab-ctl stop unicorn
sudo gitlab-ctl stop sidekiq
sudo gitlab-ctl stop nginx

Linux Kernel

# configure parameter
# determine the maximum size of a shared memory segment
cat /proc/sys/kernel/shmmax
# set default shared memory limit for shmmax (16 GB)
echo 17179869184 > /proc/sys/kernel/shmmax
# add the following line to /etc/sysctl.conf to make a change permanent
echo "kernel.shmmax=4294967296" >> /etc/sysctl.d/90-shmmax.conf
# load parameter
/sbin/sysctl -p /etc/sysctl.d/90-shmmax.conf

XEN: Create Debian Jessie DomU VM

wget -O - | bash -


# configure domU
# create domU on LVM (for image file use --dir=/root)
xen-create-image \
 --hostname=${DOMAIN_NAME} \
 --dist=jessie \
 --lvm=vg0 \
 --size=${DOMAIN_HDD} \
 --fs=ext4 \
 --role=udev \
 --memory=${DOMAIN_RAM} \
 --swap=${DOMAIN_RAM} \
 --dhcp \
 --mac=${DOMAIN_MAC} \
 --genpass=0 \
 --password=t00r \
 --vcpus $(cat /proc/cpuinfo | grep processor | wc -l) \
# --apt_proxy=http://apt-cacher:3142/
# rename vm config
mv /etc/xen/${DOMAIN_NAME}.cfg /etc/xen/${DOMAIN_NAME}
# OPTIONAL: add to autostart
ln -s /etc/xen/${DOMAIN_NAME} /etc/xen/auto
# start domU
xm create -c ${DOMAIN_NAME}

# login
user: root
password: t00r

# disable pc speaker
echo 'blacklist snd-pcsp' >> /etc/modprobe.d/blacklist.conf

# fix FQDN
echo "$(ifconfig eth0| grep "inet addr" | cut -d ":" -f2 | cut -d" " -f1)     $(hostname).$(cat /etc/resolv.conf | grep domain | cut -d" " -f2) $(hostname)" >> /etc/hosts
# OPTIONAL: enable APT auto update
wget -q --no-check-certificate -O - | bash -

LXC: create Debian Jessie container

wget -q --no-check-certificate -O - | bash -s


[ -z ${CONTAINER} ] && CONTAINER=jessie

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r jessie

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(sudo grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate -O - | bash -s -- -f

Allow root SSH login with password
sudo lxc-attach -n ${CONTAINER} -- sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sudo lxc-attach -n ${CONTAINER} -- service ssh restart

Default login credentials
user: root
pass: root

"Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"

Failed to open /dev/autofs: No such file or directory
Failed to initialize automounter: No such file or directory
[FAILED] Failed to set up automount Arbitrary Executable File Formats File System Automount Point.
See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
Unit proc-sys-fs-binfmt_misc.automount entered failed state.

Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Kernel Socket.
See 'systemctl status systemd-udevd-kernel.socket' for details.
Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Control Socket.
See 'systemctl status systemd-udevd-control.socket' for details.


# test

Syndicate content