DRBD
# cat /etc/drbd.d/global_common.conf global { usage-count yes; } common { startup { degr-wfc-timeout 0; } net { cram-hmac-alg sha1; shared-secret ****************; } disk { on-io-error detach; } } # cat /etc/drbd.d/r0.res resource r0 { on scld.sedo.de.intern { volume 0 { device /dev/drbd0; disk /dev/vg0/lvol0; flexible-meta-disk internal; } address 192.168.255.1:7788; } on ubuntu { volume 0 { device /dev/drbd0; disk /dev/sda3; flexible-meta-disk internal; } address 192.168.255.2:7788; }
dnsmasq
# cat /etc/dnsmasq.conf
dhcp-authoritative
server=192.168.1.6
log-facility=/var/log/dnsmasq.log
log-queries
local=/example.com/
domain=example.com
# cat /etc/dnsmasq.conf | grep "^dhcp-host" | awk -v OFS="\t" -F "," '{print $3, $2}' | sort -k2 > /etc/hosts.pre
addn-hosts=/etc/hosts.pre
# DHCP
dhcp-range=192.168.1.150,192.168.1.200,255.255.255.0,1d
dhcp-option=option:router,192.168.1.6
dhcp-option=option:ntp-server,217.7.239.199
# PXE
dhcp-boot=undionly.kpxe,srv,192.168.1.9
dhcp-boot=net:sip,http://srv/snom3x0/snom3x0.xml,srv,192.168.1.9
gogs
apt -y install docker-compose
cat < docker-compose.yml
version: "2"
networks:
gitea:
external: false
services:
web:
image: gitea/gitea:latest
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=mysql
- DB_HOST=db:3306
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
ports:
- "80:3000"
- "222:22"
depends_on:
- db
db:
image: mysql:latest
restart: always
environment:
Apache authentification
- Read more about Apache authentification
- Log in to post comments
# vi /etc/apache2/sites-enabled/000-default.conf
...
AllowOverride AuthConfig
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Order allow,deny
Allow from all
...
cat < /var/www/html/.htaccess
AuthBasicAuthoritative On
AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile /etc/apache2/htpasswd
Require user USER_NAME
EOF
htpasswd -b /etc/apache2/htpasswd USER_NAME 'USER_PASS'
Mate
# install
sudo apt-get install ubuntu-mate-desktop
# reset panel
mate-panel --reset
# configuration
https://github.com/vinadoros/CustomScripts/blob/master/DMATE.sh
gsettings set org.mate.caja.preferences default-folder-viewer 'list-view'
# Caja bookmarks
~/.gtk-bookmarks
Ansible templates
{% for host in groups['db_servers'] %}
{{ host }}
{{ hostvars[host]['ansible_eth0']['ipv4']['address'] }}
{% endfor %}
{% elif student.department.upper() != "MATHS DEPARTMENT" %}
Maths department
{% endif %}
# generate SSH config
{% for host in groups['vm.example.com'] %}
Host {{ host }}
Hostname {{ hostvars[host]['ansible_eth0']['ipv4']['address'] }}
{% endfor %}
# value by group (condition)
{% if 'www' in group_names and ansible_fqdn in groups['www'] %}
foo=true
{% else %}
foo=false
{% endif %}
{% if 'index.html' in request.build_absolute_uri %}
SSL
# check certificate
https://www.ssllabs.com/ssltest/analyze.html
http://www.panticz.de/Check-SSL-TLS-server-encryption-support
# determine SSL certificate expiration date
openssl x509 -enddate -noout -in www.example.com.pem
# list certificate domains
cat cert.pem | openssl x509 -text | grep DNS
openssl s_client -showcerts -connect www.example.com:443 | openssl x509 -text | grep DNS
# Letsencrypt
http://www.panticz.de/letsencrypt
# remove password from private key
openssl rsa -in www.example.key.pass -out www.example.key
# cat / deploy certificate to remote host
Fix grub on btrfs partition
# mount the btrfs root subvolume
mount /dev/sda1 /mnt -o subvol=/
# (optional) set the default subvolume
btrfs sub set @ /mnt
mount /proc /mnt/proc --bind
mount /dev /mnt/dev --bind
mount /sys /mnt/sys --bind
chroot /mnt
grub-install /dev/sda
update-grub /dev/sda
# activate first partition
fdisk -l /dev/sda
Squid: Compile with SSL support under Debian Wheezy / Jessie
<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/compile.squid.with.ssl.support.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -s";
echo "
"; $c = curl_init(); curl_setopt($c, CURLOPT_URL, $URL); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); echo htmlspecialchars(curl_exec($c)); curl_close($c); echo "
";
?>
Install packages
apt-get install logrotate
dpkg -i *.deb
apt-get install -f
Test configuration
# squid3 -v
Squid Cache: Version 3.4.8
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-ssl' '--with-open-ssl=/etc/ssl/openssl.cnf' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'