User:Acmeraptor: Difference between revisions

← Older edit

VisualWikitext

Latest revision as of 10:11, 7 January 2026

networking acronym: People, Do Not Teach Smart People Acronyms The reason is smart people can come up with their own.

hopp-rsk-ddt01 Test log and notes

hopp-rsk-pve01 ProxMox Virtual Environment

hovt-rsk-dws13 debian 13 webserver template; curl openssh-server screen; no updates

hovd-rsk-dss01 development debian single server (using lxc containers)

samba lxc

debian partitioning

download non-enterprise proxmox updates https://community-scripts.github.io/ProxmoxVE/scripts?id=post-pve-install&ategory=Proxmox+%26+Virtualization

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/post-pve-install.sh)"

Note: Anything referring to ubuntu as a server OS is being changed to strictly debian. I will have an ubuntu vm desktop at some point

Food

Menus

Albert Lea, MN
- Abelardo's
- Jersey Mike's

Casper, WY

Mason City, IA

Phoenix, AZ

Vancouver, WA
- No entry yet

Recipes

It Doesn't Taste Like Chicken

Grandma's Fudge

Ingredients
- 2 cups (12oz) semi sweet chocolate bits
- 3 packages german sweet chocolate
- 1 8oz jar? marchmallow creme
- 2 cups broken nut meat
- 4 1/2 cups sugar
- 1/8 teaspoon salt
- 2 tablespoons butter
- 1 tall can evaporated milk

Instructions
- combine chocolate bits, sweet chocolate, marshmallow creme, and walnuts in a large bowl
- combine sugar, butter, salt, and evaporated milk in large heavy saucepan, heat to boiling
- !!! Get better pictures of the card dad has in order to write this up cleanly !!!

MariaDB

Use if PHPMyAdmin is not running:

CREATE DATABASE my_wiki;
CREATE USER 'wikiuser'@'localhost' IDENTIFIED BY 'database_password';
GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' WITH GRANT OPTION;

Note: Now that I have VaultWarden running, usernames and passwords will be managed through it. Also, vault should **ONLY** work with VPN access.

Mobile

Software and information about GrapheneOS. GrapheneOS only runs on Google devices currently, phones and tablets.

Software

JuiceSSH

Tips

Pressing power+volume up buttons to switch from an audible ring tone to vibrate (or mute) is enabled by default, causing missed important phone calls and text messages.

To modify, go to Settings > Sound & vibration > Shortcut to prevent ringing

Auto dimming has been an annoyance, it is supposed to learn tendencies/preference yet keeps dimming too low in low light conditions.

To modify, go to Settings > Display > Adaptive brightness

Read

Comms

Closed Network podcaset, move this section later. I'm not sure where to put it right now. Matrix

Firearms

Locksport

Misc

Server

Debian Forums

Servers

Notes on server names and functions for planned future use.

dell

https://www.greenpcgamers.com/dell/dell-poweredge-rack/poweredge-13th-gen-rackmount-servers/poweredge-r730-r730xd-hardware-upgrade-guide/

Up to 2 x QC Xeon E5-2637 V4 3.5Ghz 15MB 9.6GTs Processor | 3.7Ghz Max Turbo Frequency (SR2P3)

Up to 2 x 6C Xeon E5-2643 V4 3.40Ghz 20MB 9.6GTs Processor | 3.7Ghz Max Turbo Frequency (SR2P4)

Up to 2 x 8C Xeon E5-2667 V4 3.2Ghz 25MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2P5)

Up to 2 x 10C Xeon E5-2640 V4 2.40Ghz 25MB 8GTs Processor | 3.4Ghz Max Turbo Frequency (SR2NZ)

Up to 2 x 12C Xeon E5-2687W V4 3.0Ghz 30MB 9.6GTs Processor | 3.5Ghz Max Turbo Frequency (SR2NA)

Up to 2 x 14C Xeon E5-2690 V4 2.6Ghz 35MB 9.6GTs Processor | 3.5Ghz Max Turbo Frequency (SR2N2)

Up to 2 x 18C Xeon E5-2697 V4 2.3Ghz 45MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2JV)

Up to 2 x 18C Xeon E5-2698 V4 2.2Ghz 50MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2JW)

Up to 2 x 22C Xeon E5-2699 V4 2.2Ghz 55MB 9.6GTs Processor | 3.6Ghz Max Turbo Frequency (SR2JS

HP

HP supplied software https://support.hpe.com/connect/s/search?language=en_US#q=dl360%20gen9&t=All&sort=relevancy&numberOfResults=25&archive=false

https://www.toolify.ai/hardware/maximize-your-hp-proliant-dl-360-gen-9-server-with-the-best-processors-3021683

Compatible Processors for HP Proliant DL 360 Gen 9 Server

Low-End Processors

E5-2620v3

E5-2630v3

Value Processors

E5-2660 V3

E5-2670 V3

E5-2680 V3

High-End Processors

E5-2690 V4

E5-2695 V4

E5-2697 V4

E5-2698 V4

E5-2699 V4

Physical

hovp-rsk-uos00 : OpenStack - Currently in use, my clunky old laptop. Consider changing from Ubuntu to Arch
hopp-rsk-pve01 : Proxmox Virtual Environment
hopp-rsk-owr01 : OpenWRT Wireless Router - Linksys router (model noted below this page). VPN client profile rebuild still pending.

Virtual

hovp-rsk-uss01 : Single Server - Single server holding these notes and plans, currently minimal setup of webapps.
hovt-rsk-uws22 : WebServer - Base Jammy Jellyfish OS. Minimal setup kept updated to use as a source for cloning other virtual servers.

Upcoming

The following will be strictly for RSK Solutions and demo models for future domains like Casper307 and NIALC

hovp-rsk-dcs01 : CommunicationServices - Dovecot/Postfix, Matrix
hovp-rsk-udb01 : DataBase - MariaDB
hovp-rsk-uds01 : DirectoryServices - LDAP
hovp-rsk-ufs01 : FileServices - Nextcloud
hovp-rsk-umc01 : MineCraft - Java game server, maybe bedrock too.
hovp-rsk-upa01 : PrivateAppliances - phpIPAM, phpLDAPadmin, phpMyAdmin, VaultWarden
hovp-rsk-uwa01 : WebAppliances - akaunting, ghost, gitlab, kimai2, mediawiki, opencart, osticket, phpbb, piwigo, property web builder, roundcube, wordpress

The following will be desktop environments available for use as remote appliances accessable from my home LAN and via VPN

hovt-rsk-urd22 : Jammy Jellyfish base template
hovt-rsk-wrd07 : Win7 base template, needs all patches up until EOL applied
hovt-rsk-wrd11 : Win11 base template

Server Notes

These will eventually have their own individual wiki pages. For the sake of not migrating or losing notes later, they will be consolidated here.

Templates

Once a template virtual server is created, issue the following commands to pull my ACME code library from the OpenStack virtual server host's repository.

mkdir /home/rkeeling/webapps
scp -r rkeeling@10.65.30.11:/home/rkeeling/RSK\\\ Solutions/VSCode/acme /home/rkeeling/webapps

Then issue "sudo visudo" to edit the sudoers secure path to include the new acme path

Defaults        secure_path="/home/rkeeling/webapps/acme/.bin: ...

In order for this to be effective within the shell, logout and log back on. *I will change this to reloading the shell later*

At this point the scripts are executable anywhere. The following will update repositories, upgrade general packages, upgrade distribution packages (IE, kernel updates), remove old and unused packages.

sudo getallupdates

Now, set the time zone for the server. In my case, CST

sudo timedatectl set-timezone America/Chicago

The following may be ran to confirm the change to the local time

sudo timedatectl status

At this point the template is fully up to date and can be shut down. The only maintenance needed is periodically running the getallupdates script.

Any new virtual server that is needed can be cloned from these versioned release templates to significantly cut down on setup time.

Template Clone

Following the clone of a template with newly generated MAC address, update the following two files and restart to permanently change the new server's name.

sudo vi /etc/hostname
sudo vi /etc/hosts
sudo shutdown -Fr now

The appropriate installation script can be issued depending on the server's purpose.

Shop

Auto

Firearms

Gear

Home Office

Newegg
URT

Locksport

Market

Fred Meyer

Paracord Lanyards

Reading

Software

Open-source and purchased *licenses

Audacity
GIMP
Handbrake
Inkscape
*Minecraft
- SpigotMC
  - BuildTools
- Bukkit
  - EssentialsX
  - LuckPerms
  - Multiverse-Core
  - PermissionsEx
  - Vault
  - ViaVersion
  - WorldEdit
  - WorldGuard
*SecureCRT
Ubuntu
- Internet Archive Downloader
- ExifTool Powerful metadata removal tool
OpenWRT
- OpenVPN
*UltraEdit
VirtualBox
VLC
VSCode
Windows
Youtube Downloader

WebApp Downloads

Windows VM

The VM needs a minimum of two cores and 4Gb memory to run. The following steps will bypass the hardware checks to allow Windows 11 to install:

Click next to show-up the "Install now" button; when you see the installation button, press "Shift+F10" on your keyboard at the same time to launch a command prompt. At this command prompt, type "regedit" and press enter to launch the Windows Registry Editor.

When the Registry Editor opens, navigate to "HKEY_LOCAL_MACHINE\SYSTEM\Setup", right-click on the "Setup" key and select "New => Key".

When prompted to name the key, enter "LabConfig" and press enter.

Now right-click on the "LabConfig" key and select "New => DWORD (32-bit)" value and create a value named "BypassTPMCheck", and set its data to "1". With the same steps create the "BypassRAMCheck" and "BypassSecureBootCheck" values and set also their data to "1", so it looks like the following image.

With those three values configured under the "LabConfig" key, close the "Registry Editor", and then type exit in the "Command Prompt" followed by enter to close the window. You can now click on the "Install now" button to proceed to get "Microsoft Windows 11" installed as a virtual-machine on top of VirtualBox.

VirtualBox CLI Tips

From Oracle

Screen is not needed to run these in the background, just replace "ServerName" with the instance name.

$ VBoxManage startvm ServerName --type headless
Waiting for VM "ServerName" to power on...
VM "ServerName" has been successfully started.

WRT3200ACM

This router has a dual boot partition that has several methods of switching from the A/B partitions. Also, information on for OpenVPN.

Logical

SSH into your router
You can see what partition is currently being booted from by running: /usr/sbin/fw_printenv -n boot_part
Mine was booting from partition 1, I needed it to boot to partition 2.
Tell the router which partition to boot from: /usr/sbin/fw_setenv boot_part 2
Reboot the router by running: reboot
Change the number "2" in step 4 to whatever partition you need. I couldn't find a command that would show what my boot options were. So I tried 0 first, which did nothing, then tried 2. Boot partition 2 was the correct one for me.

LuCI

Install the LuCI-app-advanced-reboot package. This is the easiest method.

https://github.com/stangri/luci-app-advanced-reboot Maybe add description to partition selection page

OpenVPN

OpenWRT/OpenVPN Use this as a baseline for rewriting the scripts, as they do not work as published.

This section is being heavily edited until I work out the kinks

Creation

This is going to be my third and final profile. The first lasted the ten years it was meant to, the second lasted three years and could not be recovered due to configuration hiccups. My personal one will be set to 100 years, far beyond my expected lifetime. Things may adjust if I allow another user access, but as of yet - no one has asked.

Install all needed apps beforehand:

opkg update

opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

The following four scripts can be created under the /root path and will need to be chmod to executable.

sudo chmod +x *.sh

1-preparation.sh

# Install packages
opkg update
opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

# Configuration parameters
VPN_DIR="/etc/openvpn"
VPN_PKI="/etc/easy-rsa/pki"
VPN_PORT="1194"
VPN_PROTO="udp"
VPN_POOL="10.65.9.0 255.255.255.0"
VPN_DNS="${VPN_POOL%.* *}.1"
VPN_DN="$(uci -q get dhcp.@dnsmasq[0].domain)"

# Fetch server address
NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)"
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_ipaddr NET_ADDR "${NET_IF}"
if [ -n "${NET_FQDN}" ]
then VPN_SERV="${NET_FQDN}"
else VPN_SERV="${NET_ADDR}"
fi

2-keymanagement.sh

# Work around EasyRSA issues
wget -U "" -O /tmp/easyrsa.tar.gz https://github.com/OpenVPN/easy-rsa/releases/download/v3.2.2/EasyRSA-3.2.2.tgz
tar -z -x -f /tmp/easyrsa.tar.gz

# Configuration parameters
cat << EOF > /etc/profile.d/easy-rsa.sh
export EASYRSA_PKI="${VPN_PKI}"
export EASYRSA_TEMP_DIR="/tmp"
export EASYRSA_CERT_EXPIRE="36500"
export EASYRSA_BATCH="1"
alias easyrsa="/root/EasyRSA-3.2.2/easyrsa"
EOF
. /etc/profile.d/easy-rsa.sh

# Remove and re-initialize PKI directory
easyrsa init-pki

# Generate DH parameters
easyrsa gen-dh

# Create a new CA
easyrsa build-ca nopass

# Generate server keys and certificate
easyrsa build-server-full server nopass
openvpn --genkey tls-crypt-v2-server ${EASYRSA_PKI}/private/server.pem

# Generate client keys and certificate
easyrsa build-client-full client nopass
openvpn --tls-crypt-v2 ${EASYRSA_PKI}/private/server.pem \
--genkey tls-crypt-v2-client ${EASYRSA_PKI}/private/client.pem

3-firewall.sh

# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.lan.device="tun+"
uci add_list firewall.lan.device="tun+"
uci -q delete firewall.ovpn
uci set firewall.ovpn="rule"
uci set firewall.ovpn.name="Allow-OpenVPN"
uci set firewall.ovpn.src="wan"
uci set firewall.ovpn.dest_port="${VPN_PORT}"
uci set firewall.ovpn.proto="${VPN_PROTO}"
uci set firewall.ovpn.target="ACCEPT"
uci commit firewall
service firewall restart

4-vpnservice.sh

# Configure VPN service and generate client profiles
umask go=
VPN_DH="$(cat ${VPN_PKI}/dh.pem)"
VPN_CA="$(openssl x509 -in ${VPN_PKI}/ca.crt)"
ls ${VPN_PKI}/issued \
| sed -e "s/\.\w*$//" \
| while read -r VPN_ID
do
VPN_TC="$(cat ${VPN_PKI}/private/${VPN_ID}.pem)"
VPN_KEY="$(cat ${VPN_PKI}/private/${VPN_ID}.key)"
VPN_CERT="$(openssl x509 -in ${VPN_PKI}/issued/${VPN_ID}.crt)"
VPN_EKU="$(echo "${VPN_CERT}" | openssl x509 -noout -purpose)"
case ${VPN_EKU} in
(*"SSL server : Yes"*)
VPN_CONF="${VPN_DIR}/${VPN_ID}.conf"
cat << EOF > ${VPN_CONF} ;;
user nobody
group nogroup
dev tun
port ${VPN_PORT}
proto ${VPN_PROTO}
server ${VPN_POOL}
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS ${VPN_DNS}"
push "dhcp-option DOMAIN ${VPN_DN}"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
${VPN_DH}
</dh>
EOF
(*"SSL client : Yes"*)
VPN_CONF="${VPN_DIR}/${VPN_ID}.ovpn"
cat << EOF > ${VPN_CONF} ;;
user nobody
group nogroup
dev tun
nobind
client
remote ${VPN_SERV} ${VPN_PORT} ${VPN_PROTO}
auth-nocache
remote-cert-tls server
EOF
esac
cat << EOF >> ${VPN_CONF}
<tls-crypt-v2>
${VPN_TC}
</tls-crypt-v2>
<key>
${VPN_KEY}
</key>
<cert>
${VPN_CERT}
</cert>
<ca>
${VPN_CA}
</ca>
EOF
done
service openvpn restart
ls ${VPN_DIR}/*.ovpn

Restoration

Configuration backups do NOT include the downloaded software packages, learned this the really hard way... On any new or refreshed partition image, the following lines !MUST! be run !FIRST! to ensure that the software is in place prior to restoring a configuration!

Login to the router, navigate to System > Backup / Flash Firmware > Reset to defaults > Perform reset (this is destructive, save your working configs if you have them)

After clearing the /overlay directory, issue the successive commands to reload the needeed packages:

opkg update

opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

Then find your working config and navigate to System > Backup / Flash Firmware > Restore backup: <pick the appropriate file name>

Physical

Power cycling the router 3 times in quick succession When it powers on the power LED turns on then will go out briefly, This is when you turn it back off do this again and on the 3rd cycle, leave it powered on and it should boot back to the other partition.

Youtube

Locksport

Paracord Lanyard Tying

Cobra Knot

With 550 7-strand core paracord -- 108 inches (9 feet) from the reel for the grab handle.

Neck Lanyard

With 550 7-strand core paracord -- 192 inches (16 foot) from the reel for the lanyard. The twisted portion should be about 42"-43" in length as it turns out shorter than expected after the braid and just daily use of folding and is not meant to not be completely rigid, the extra room is to allow for alot of flexibility. When braided, it can turn out shorter than estimated. No two of these will be exactly the alike!

Note 1: I will use the same color cord for the lanyard as the carabiner unless asked to make a three color variant, or if I feel squirrelly.
Note 2: I have the "leftovers" mantra running through my head the whole time. On the first half for sizing, twist left strand left side left to avoid snags, and place it over the right, and so on. On the braid part, start with the left strand through a twist and put the right strand under the left one.
Note 3: Related to note 2, pay attention and try not to miss braiding a twist. It is maddening to spot it ten minutes later, unravel to that spot to fix it.

Unsorted

Backports

In Debian, “enabling backports” means adding one extra repository that carries newer builds of selected software—taken from the next Debian release (“testing”) but rebuilt to run on your current Stable system. It’s Debian’s official way to get a newer kernel, drivers, toolchains, or apps on Stable without switching the whole OS to Testing or Unstable.

How it helps, in plain terms: you keep the rock-solid base of Debian Stable, but you can “opt in” to newer versions package by package when you actually need them—say, a newer kernel/Mesa for GPU support, or a fresher compiler for a project. Those packages are recompiled for Stable and designed to use Stable’s libraries where possible, so they fit in cleanly. (Debian 13’s backports suite is literally named trixie-backports.)

Safety model: backports are off by default and won’t replace anything unless you ask. Technically, Debian marks the backports archive as NotAutomatic and pins its priority to ~100, so normal upgrades ignore it. You only pull from backports when you explicitly target it. That’s why it’s considered the “safe” way to get newer bits on Stable.

What you actually do:

Add the backports repo (Debian 13 “Trixie” example—new deb822 format): 1 2 3 4 5 6 7 8 9 sudo tee /etc/apt/sources.list.d/debian-backports.sources >/dev/null <<'EOF' Types: deb deb-src URIs: http://deb.debian.org/debian Suites: trixie-backports Components: main Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Enabled: yes EOF sudo apt update This simply makes the backports available; nothing changes yet.

When you need something newer, install it from backports on purpose: 1 2 3 4 5

install only this package from backports

sudo apt install <package>/trixie-backports

or, also allow any newer dependencies from backports

sudo apt install -t trixie-backports <package> That explicit targeting is the guardrail that keeps Stable “stable.”

A couple of concrete outcomes:

Hardware enablement: newer kernels and driver stacks appear in backports, which can solve “my brand-new GPU/Wi-Fi doesn’t work on base Stable” without you leaving Stable. New features for select apps/tools: you can grab a newer release that adds a needed feature, while the rest of your system stays on Stable versions. (Backports are mostly drawn from Testing and are maintained with a policy to keep an upgrade path to the next Stable.) Caveats to keep in mind: backports aren’t tested as exhaustively as Stable and are supported on a best-effort basis, so Debian recommends using them sparingly—enable the repo, but cherry-pick only what you need, rather than upgrading everything from backports.

FOOTNOTES FOR FURTHER REVIEW

immach for photo/video sharing

debian 13 using kde plasma. I did a base install. seems to be working great.

installbase

apt install curl net-tools openssh-server screen sftpd unzip -y

for desktop only

apt install exiftool flatpak plasma-discover-backend-flatpak

Debian Tips

Steps to Fix the Package Dependency

First, I navigated to the Downloads directory with the following command: cd ~/Downloads
Then, I extracted the contents of the Minecraft.deb package using the full command dpkg-deb --raw-extract Minecraft.deb minecraft-extracted-package to put it into a new folder.
After that, I used the nano editor to open and edit the control file located inside the DEBIAN folder: nano minecraft-extracted-package/DEBIAN/control
Inside the control file, I found the line that started with Depends: and changed libgdk-pixbuf2.0-0 to libgdk-pixbuf-xlib-2.0-0. Then, I saved the changes and closed the file.
Finally, I re-packaged the content with the correction to create a new .deb file named minecraft-launcher-fixed.deb: dpkg-deb --build minecraft-extracted-package minecraft-launcher-fixed.deb

With the new package ready, I installed the corrected package first with dpkg. This would fail because the default-jre and libgdk-pixbuf-xlib-2.0-0 dependencies were still missing. Then, I used the apt command to fix the broken installation, which would install the remaining dependencies automatically. sudo dpkg -i minecraft-launcher-fixed.deb sudo apt --fix-broken install