test

Michael Sage

IT, Digital & Culture

Lego Rack Server

Rack Mount Lego Server

Stolen from a LinkedIn post.

Parts List:

Element ID (BrickLink)DescriptionQuantity
11211Brick – Modified 1×2 with Studs on 1 Side2
2412aTile – Modified 1×2 Grille without bottom lip9
2431Tile – 1×44
26603Tile – 2×31
3003Brick – 2×21
3004Brick – 1×21
3010Brick – 1×48
3020Plate – 2×42
3023Plate – 1×24
3024Plate – 1×16
3068aTile – 2 x 2 without Groove3
3069aTile – 1 x 2 without Groove6
3622Brick – 1×32
63864Tile – 1 x 32
69729Tile – 2×6 (not many colour choices for this one)1
87079Tile – 2 x41
92438Plate – 8×161
Total54

Alternative for the front (avoiding 69729 – Tile – 2×6) for more colour options!

Element IDDescriptionQuantity
3005Brick – 1×12
3068aTile – 2×21
26603Tile – 2×31
87079Tile – 2×41
87087Brick – Modified 1×1 with stud on 1 side4

Using the above list you don’t require – 69729, 11211, 3004 or 26603 – from the first list!

Shelly HTTP Commands

Some standard HTTP commands for the Shelly I have found In case of password protected you will need to put http://user:password@shellyIP first

Shelly 1:
Turn on:
http://192.168.xxx.xxx/relay/0?turn=on
Turn off:
http://192.168.xxx.xxx/relay/0?turn=off
Turn on and after ttt-seconds automatically turn off: (ttt replace with the desired time in seconds!)
http://192.168.xxx.xxx/relay/0?turn=on&timer=ttt
The code can also be sent to an already activated Shelly. This will stay on for ttt seconds and then turn off automatically. Turn off and after ttt-seconds automatically turn on: (ttt replace with the desired time in seconds!)
http://192.168.xxx.xxx/relay/0?turn=off&timer=ttt
The code can also be sent to an already switched off Shelly. This will remain switched off for ttt seconds and then automatically switched on.

Switch toggle:
http://192.168.xxx.xxx/relay/0?turn=toggle

Proxmox Community Updates

First remove the enterprise enterprise.proxmox repository

# rm /etc/apt/sources.list.d/pve.enterprise

#apt update && apt -y full-upgrade

Add the no-subscription or pve-test repositori :

#nano /etc/apt/sources.list
deb http://download.proxmox.com/debian buster pve-no-subscription

Go back to the GUI and check you can get updates!

Flic HTTP request with Authentication

When you are wanting to use the HTTP request within Flic it doesn’t work using the standard user:pass@host. So you have to do a little more work…

  • Add your URL which for me was http://xxx.xxx.xxx.xxx/relay/0?turn=toggle to turn a light on or off in the garage.

  • stick with GET http method (or which ever suites)

  • under the HTTP headers, set up basic authentication i.e. type “Authorization” in the Key field of the app

  • encode your “user:password” string using base64 (I used base64encode.org for online base64 encoding)

  • Prefix the encoded string with “Basic ” including a trailing space

  • “Basic YWRtaW46YWRtaW4NCg==” is encoded “admin:admin” as an example. Key or paste all of this into the Value field in the FLIC app

  • Press the save button.

  • Press DONE to ensure all saved away

OPNsense + NextCloud Backup – Windows Client Issue

OPNsense backups contain a special character, in this case “:”. Which while most operating systems tolerate it causes an issue with the Windows NextCloud client and it is unable to sync. The developer has a very good point in that this isn’t a OPNsense issue, but a NextCloud / Windows one for not respecting, or being able to deal with special characters. However, all is not lost, there is a tiny modification you can make to one file on the OPNsense server to make everything OK!

First log into the shell on the OPNsense box (option 8 on the console GUI)

If you don’t have an editor installed you can use vi, or you can install nano

pkg install nano

Open the file

nano /usr/local/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php 
Change line 132 from
$configname = 'config-' . $hostname . '-' .  date("Y-m-d_h:m:s") . '.xml';
to
$configname = 'config-' . $hostname . '-' .  date("Y-m-d_H-i-s") . '.xml';
This changes the “:” to a “-“, but you could change this to anything you like. Save the file, job done!

Remember it is likely this will get overwritten with updates to OPNsense so I recommend you check the file after every update!

Duo ByPass

To bypass duo 2fa for a script or secure login etc on Linux you simply need to add the following to your SSHD PAM config (/etc/pam.d/sshd)

auth    [success=2 default=ignore]      pam_access.so accessfile=/etc/security/access-local.conf

You will then need to create the access file and put your rules in for example

+ : ALL : 192.168.1.0/24
- : ALL : ALL

For information on the access file, see here

Image Hosting URL Options

https://github.com/HaschekSolutions/pictshare/blob/master/rtfm/MODIFIERS.md

Images

Resize

/800x600/d8c01b45a6.png

width x height

Rotate

/upside|left|right/d8c01b45a6.png
  • upside: 180°
  • left: 90°
  • right: -90°

WebP conversion

/webp/d8c01b45a6.jpeg

Gif to mp4

/mp4/d8c01b45a6.gif

Filters

/filter/d8c01b45a6.png

See available filters

 

Nagios Core Upgrade

Ubuntu

Stop Service / Daemon

This command stops Nagios Core.

===== Ubuntu 14.x =====

sudo service nagios stop

 

===== Ubuntu 15.x / 16.x / 17.x / 18.x =====

sudo systemctl stop nagios.service

 

Downloading the Source

cd /tmp
sudo rm -rf nagioscore*
wget -O nagioscore.tar.gz https://github.com/NagiosEnterprises/nagioscore/archive/nagios-4.4.1.tar.gz
tar xzf nagioscore.tar.gz

 

Compile

cd /tmp/nagioscore-nagios-4.4.1/
sudo ./configure --with-httpd-conf=/etc/apache2/sites-enabled
sudo make all

 

Install Binaries

This step installs the binary files, CGIs, and HTML files.

sudo make install

 

Install Service / Daemon

This installs the service or daemon files. While these will already exist they do get updated occasionally and hence need replacing.

sudo make install-daemoninit

 

Update nagios.cfg

If you are upgrading from Nagios Core 4.3.2 and earlier you will need to update the nagios.cfg file to point to /var/run/nagios.lock using the following command:

sudo sh -c "sed -i 's/^lock_file=.*/lock_file=\/var\/run\/nagios.lock/g' /usr/local/nagios/etc/nagios.cfg"

More information about this is detailed in the following KB article:

Nagios Core – nagios.lock Changes In 4.3.3 Onwards

 

Start Service / Daemon

This command starts Nagios Core.

===== Ubuntu 14.x =====

sudo service nagios start

 

===== Ubuntu 15.x / 16.x / 17.x / 18.x =====

sudo systemctl start nagios.service

 

Confirm Nagios Is Running

You can confirm that the nagios service is now running with the following command:

===== Ubuntu 14.x =====

sudo service nagios status

 

===== Ubuntu 15.x / 16.x / 17.x / 18.x =====

sudo systemctl status nagios.service

 

Confirm Nagios Version

You can confirm the nagios version being used with the following command:

sudo /usr/local/nagios/bin/nagios -V

 

This will output something like:

Nagios Core 4.4.1

RDP Cert (Windows 7)

Commercial Certificate Authority TLS Remote Desktop Service (RDS) certificate RDP Windows 7

There are two good guides on how to install a commercial certificate, to replace the self-signed generated by Remote Desktop Services, and avoid warning messages, but they both leave steps out. Here are all the steps.

1. Generate a private key and certificate request

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

2. Get it signed by a commercial certificate authority

3. Convert your key, certificate, and Certificate Authority chain to a pfx file for Windows

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Don’t double-click the resultant “certificate.pfx” file. It will always put it into your personal certificate store, when you want it in the computer certificate store.

4. Install certificate – Open command-line, mmc, Add/Remove snap-in, Certificates, Computer Account, Local Computer

Expand Certificates (Local Computer), Personal, Certificates. Right click in right pane, All Tasks, Import…

Import your pfx file. Make sure the private key is included.

5. You need the thumbprint of the certificate. Double-click the certificate to view it in the mmc, and choose the Details tab. At the bottom is the Thumbprint. Copy it to Notepad, and remove the Question mark at the beginning, and all the spaces. It should be a string like “6adbb56632cc476ad790d899f2c34c42c1881590”

6. This link explains the command to use the CA cert instead of the self-signed, http://www.weaklink.org/2015/05/tls-certificate-for-windows-88-1-remote-desktop-service/

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v "SSLCertificateSHA1Hash" /t REG_BINARY /d 6adbb56632cc476ad790d899f2c34c42c1881590

7. You must also allow the RDP service the rights to view the private key. Microsoft explains the ACL necessary, https://support.microsoft.com/en-us/kb/2001849

Click Start, click Run, type mmc, and click OK.

On the File menu, click Add/Remove Snap-in.

In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and click Add.

In the Certificates snap-in dialog box, click Computer account, and click Next.

In the Select Computer dialog box, click Local computer: (the computer this console is running on), and clickFinish.

In the Add or Remove Snap-ins dialog box, click OK.

In the Certificates snap-in, in the console tree, expand Certificates (Local Computer), expand Personal, and navigate to the SSL certificate that you would like to use.

Restart Remote Desktop Services, or Restart the computer, and the next time you use the RDP, it will not complain about the certificate.

Extend a partition and LVM with Ubuntu 16.04

There is a risk of data loss doing this!!!

First add the additional disk space using your virtualisation admin software (i.e. ESXi / Proxmox / etc)

Rescan the bus

echo 1 > /sys/class/block/sda/device/rescan

Next start fdisk

sudo fdisk /dev/sda

Press p to print the current partition list. Copy the start block for both sda2 and sda5. Now we need to delete the partitions.

Press d to delete the partion accept the default of ‘2’
Press d again and accept the default of ‘5’

Now press n for a new partition

Create an extended partition, make sure the start block is that of your “old” sda2 partition.

Accept the other defaults to use all available space.

Now press n again

This time accept the defaults. The start block will be wrong, but this is ok and a slight anomaly with this method.

This bit is super, world ending, important.

Once you are back to the fdisk prompt press x (to enter expert mode)

Press b and make sure sda5 is selected.

Enter the start value that you copied earlier for sda5.

Once you are back at the expert command prompt, press r (to return to the main menu) and then w (to write the changes and exit.

We’ve now finished with fdisk.

Now sync the changes with the running OS.

partprobe

Extending LVM

Run

pvresize /dev/sda5
lvextend -l +100%FREE /dev/VGNAME/LVNAME
resize2fs /dev/VGNAME/LVNAME

If you don’t know your VGNAME or LVNAME run

lvdisplay

That’s all there is to it!