Jump to content

User:Acmeraptor: Difference between revisions

From RiSKi
← Older editNewer edit →
VisualWikitext
Line 95: Line 95:
*[https://help.ubuntu.com/stable/ubuntu-help/shell-keyboard-shortcuts.html.en Ubuntu Shortcuts]
*[https://help.ubuntu.com/stable/ubuntu-help/shell-keyboard-shortcuts.html.en Ubuntu Shortcuts]
*[https://wiki.rsksolutions.org/wiki/MediaWiki:Common.css Wiki CSS]
*[https://wiki.rsksolutions.org/wiki/MediaWiki:Common.css Wiki CSS]
*[[¯\_(ツ)_/¯]]


==Servers==
==Servers==

Revision as of 12:12, 22 May 2025

Food

Menus

Recipes

Grandma's Fudge

  • Ingredients
    • 2 cups (12oz) semi sweet chocolate bits
    • 3 packages german sweet chocolate
    • 1 8oz jar? marchmallow creme
    • 2 cups broken nut meat
    • 4 1/2 cups sugar
    • 1/8 teaspoon salt
    • 2 tablespoons butter
    • 1 tall can evaporated milk
  • Instructions
    • combine chocolate bits, sweet chocolate, marshmallow creme, and walnuts in a large bowl
    • combine sugar, butter, salt, and evaporated milk in large heavy saucepan, heat to boiling
    • !!! Get better pictures of the card dad has in order to write this up cleanly !!!

MariaDB

Use if PHPMyAdmin is not running: 

CREATE DATABASE my_wiki;
CREATE USER 'wikiuser'@'localhost' IDENTIFIED BY 'database_password';
GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' WITH GRANT OPTION;
  • Note: Now that I have VaultWarden running, usernames and passwords will be managed through it. Also, vault should **ONLY** work with VPN access.

Mobile

Software and information about GrapheneOS. GrapheneOS only runs on Google devices currently, phones and tablets.

Software

Tips

  • Pressing power+volume up buttons to switch from an audible ring tone to vibrate (or mute) is enabled by default, causing missed important phone calls and text messages.

To modify, go to Settings > Sound & vibration > Shortcut to prevent ringing

  • Auto dimming has been an annoyance, it is supposed to learn tendencies/preference yet keeps dimming too low in low light conditions.

To modify, go to Settings > Display > Adaptive brightness

Read

Comms

Closed Network podcaset, move this section later. I'm not sure where to put it right now. Matrix

Firearms

Locksport

Misc

Servers

Notes on server names and functions for planned future use.

Physical

  • hovp-rsk-uos00 : OpenStack - Currently in use, my clunky old laptop. Consider changing from Ubuntu to Arch
  • iapp-rsk-owr01 : OpenWRT Wireless Router - Linksys router (model noted below this page). VPN client profile rebuild still pending.

Virtual

  • hovp-rsk-uss01 : Single Server - Single server holding these notes and plans, currently minimal setup of webapps.
  • hovt-rsk-uws22 : WebServer - Base Jammy Jellyfish OS. Minimal setup kept updated to use as a source for cloning other virtual servers.

Upcoming

The following will be strictly for RSK Solutions and demo models for future domains like Casper307 and NIALC

The following will be desktop environments available for use as remote appliances accessable from my home LAN and via VPN

Server Notes

These will eventually have their own individual wiki pages. For the sake of not migrating or losing notes later, they will be consolidated here.

Templates

Once a template virtual server is created, issue the following commands to pull my ACME code library from the OpenStack virtual server host's repository. 

mkdir /home/rkeeling/webapps
scp -r rkeeling@10.65.30.11:/home/rkeeling/RSK\\\ Solutions/VSCode/acme /home/rkeeling/webapps

Then issue "sudo visudo" to edit the sudoers secure path to include the new acme path 

Defaults        secure_path="/home/rkeeling/webapps/acme/.bin: ...

In order for this to be effective within the shell, logout and log back on. *I will change this to reloading the shell later*

At this point the scripts are executable anywhere. The following will update repositories, upgrade general packages, upgrade distribution packages (IE, kernel updates), remove old and unused packages. 

sudo getallupdates

Now, set the time zone for the server. In my case, CST 

sudo timedatectl set-timezone America/Chicago

The following may be ran to confirm the change to the local time 

sudo timedatectl status

At this point the template is fully up to date and can be shut down. The only maintenance needed is periodically running the getallupdates script.

Any new virtual server that is needed can be cloned from these versioned release templates to significantly cut down on setup time.

Template Clone

Following the clone of a template with newly generated MAC address, update the following two files and restart to permanently change the new server's name. 

sudo vi /etc/hostname
sudo vi /etc/hosts
sudo shutdown -Fr now

The appropriate installation script can be issued depending on the server's purpose.

Shop

Auto

Firearms

Gear

Home Office

Locksport

Paracord Lanyards

Software

Open-source and purchased *licenses

WebApp Downloads

Windows VM

The VM needs a minimum of two cores and 4Gb memory to run. The following steps will bypass the hardware checks to allow Windows 11 to install:

Click next to show-up the "Install now" button; when you see the installation button, press "Shift+F10" on your keyboard at the same time to launch a command prompt. At this command prompt, type "regedit" and press enter to launch the Windows Registry Editor.

When the Registry Editor opens, navigate to "HKEY_LOCAL_MACHINE\SYSTEM\Setup", right-click on the "Setup" key and select "New => Key".

When prompted to name the key, enter "LabConfig" and press enter.

Now right-click on the "LabConfig" key and select "New => DWORD (32-bit)" value and create a value named "BypassTPMCheck", and set its data to "1". With the same steps create the "BypassRAMCheck" and "BypassSecureBootCheck" values and set also their data to "1", so it looks like the following image.

With those three values configured under the "LabConfig" key, close the "Registry Editor", and then type exit in the "Command Prompt" followed by enter to close the window. You can now click on the "Install now" button to proceed to get "Microsoft Windows 11" installed as a virtual-machine on top of VirtualBox.

WRT3200ACM

This router has a dual boot partition that has several methods of switching from the A/B partitions. Also, information on for OpenVPN.

Logical

  • SSH into your router
  • You can see what partition is currently being booted from by running: /usr/sbin/fw_printenv -n boot_part
  • Mine was booting from partition 1, I needed it to boot to partition 2.
  • Tell the router which partition to boot from: /usr/sbin/fw_setenv boot_part 2
  • Reboot the router by running: reboot
  • Change the number "2" in step 4 to whatever partition you need. I couldn't find a command that would show what my boot options were. So I tried 0 first, which did nothing, then tried 2. Boot partition 2 was the correct one for me.

LuCI

Install the LuCI-app-advanced-reboot package. This is the easiest method.

OpenVPN

OpenWRT/OpenVPN Use this as a baseline for rewriting the scripts, as they do not work as published.

  • This section is being heavily edited until I work out the kinks

Creation

This is going to be my third and final profile. The first lasted the ten years it was meant to, the second lasted three years and could not be recovered due to configuration hiccups. My personal one will be set to 100 years, far beyond my expected lifetime. Things may adjust if I allow another user access, but as of yet - no one has asked.

Install all needed apps beforehand: 

opkg update

opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

The following four scripts can be created under the /root path and will need to be chmod to executable. 

sudo chmod +x *.sh
1-preparation.sh
# Install packages
opkg update
opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

# Configuration parameters
VPN_DIR="/etc/openvpn"
VPN_PKI="/etc/easy-rsa/pki"
VPN_PORT="1194"
VPN_PROTO="udp"
VPN_POOL="10.65.9.0 255.255.255.0"
VPN_DNS="${VPN_POOL%.* *}.1"
VPN_DN="$(uci -q get dhcp.@dnsmasq[0].domain)"

# Fetch server address
NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)"
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_ipaddr NET_ADDR "${NET_IF}"
if [ -n "${NET_FQDN}" ]
then VPN_SERV="${NET_FQDN}"
else VPN_SERV="${NET_ADDR}"
fi
2-keymanagement.sh
# Work around EasyRSA issues
wget -U "" -O /tmp/easyrsa.tar.gz https://github.com/OpenVPN/easy-rsa/releases/download/v3.2.2/EasyRSA-3.2.2.tgz
tar -z -x -f /tmp/easyrsa.tar.gz

# Configuration parameters
cat << EOF > /etc/profile.d/easy-rsa.sh
export EASYRSA_PKI="${VPN_PKI}"
export EASYRSA_TEMP_DIR="/tmp"
export EASYRSA_CERT_EXPIRE="36500"
export EASYRSA_BATCH="1"
alias easyrsa="/root/EasyRSA-3.2.2/easyrsa"
EOF
. /etc/profile.d/easy-rsa.sh

# Remove and re-initialize PKI directory
easyrsa init-pki

# Generate DH parameters
easyrsa gen-dh

# Create a new CA
easyrsa build-ca nopass

# Generate server keys and certificate
easyrsa build-server-full server nopass
openvpn --genkey tls-crypt-v2-server ${EASYRSA_PKI}/private/server.pem

# Generate client keys and certificate
easyrsa build-client-full client nopass
openvpn --tls-crypt-v2 ${EASYRSA_PKI}/private/server.pem \
--genkey tls-crypt-v2-client ${EASYRSA_PKI}/private/client.pem
3-firewall.sh
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.lan.device="tun+"
uci add_list firewall.lan.device="tun+"
uci -q delete firewall.ovpn
uci set firewall.ovpn="rule"
uci set firewall.ovpn.name="Allow-OpenVPN"
uci set firewall.ovpn.src="wan"
uci set firewall.ovpn.dest_port="${VPN_PORT}"
uci set firewall.ovpn.proto="${VPN_PROTO}"
uci set firewall.ovpn.target="ACCEPT"
uci commit firewall
service firewall restart
4-vpnservice.sh
# Configure VPN service and generate client profiles
umask go=
VPN_DH="$(cat ${VPN_PKI}/dh.pem)"
VPN_CA="$(openssl x509 -in ${VPN_PKI}/ca.crt)"
ls ${VPN_PKI}/issued \
| sed -e "s/\.\w*$//" \
| while read -r VPN_ID
do
VPN_TC="$(cat ${VPN_PKI}/private/${VPN_ID}.pem)"
VPN_KEY="$(cat ${VPN_PKI}/private/${VPN_ID}.key)"
VPN_CERT="$(openssl x509 -in ${VPN_PKI}/issued/${VPN_ID}.crt)"
VPN_EKU="$(echo "${VPN_CERT}" | openssl x509 -noout -purpose)"
case ${VPN_EKU} in
(*"SSL server : Yes"*)
VPN_CONF="${VPN_DIR}/${VPN_ID}.conf"
cat << EOF > ${VPN_CONF} ;;
user nobody
group nogroup
dev tun
port ${VPN_PORT}
proto ${VPN_PROTO}
server ${VPN_POOL}
topology subnet
client-to-client
keepalive 10 60
persist-tun
persist-key
push "dhcp-option DNS ${VPN_DNS}"
push "dhcp-option DOMAIN ${VPN_DN}"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
<dh>
${VPN_DH}
</dh>
EOF
(*"SSL client : Yes"*)
VPN_CONF="${VPN_DIR}/${VPN_ID}.ovpn"
cat << EOF > ${VPN_CONF} ;;
user nobody
group nogroup
dev tun
nobind
client
remote ${VPN_SERV} ${VPN_PORT} ${VPN_PROTO}
auth-nocache
remote-cert-tls server
EOF
esac
cat << EOF >> ${VPN_CONF}
<tls-crypt-v2>
${VPN_TC}
</tls-crypt-v2>
<key>
${VPN_KEY}
</key>
<cert>
${VPN_CERT}
</cert>
<ca>
${VPN_CA}
</ca>
EOF
done
service openvpn restart
ls ${VPN_DIR}/*.ovpn

Restoration

Configuration backups do NOT include the downloaded software packages, learned this the really hard way... On any new or refreshed partition image, the following lines !MUST! be run !FIRST! to ensure that the software is in place prior to restoring a configuration!

Login to the router, navigate to System > Backup / Flash Firmware > Reset to defaults > Perform reset (this is destructive, save your working configs if you have them)

After clearing the /overlay directory, issue the successive commands to reload the needeed packages: 

opkg update

opkg install luci-app-advanced-reboot luci-app-openvpn openvpn-easy-rsa openvpn-openssl

Then find your working config and navigate to System > Backup / Flash Firmware > Restore backup: <pick the appropriate file name>

Physical

Power cycling the router 3 times in quick succession When it powers on the power LED turns on then will go out briefly, This is when you turn it back off do this again and on the 3rd cycle, leave it powered on and it should boot back to the other partition.

Virtual Identity

Only cash or sudo/virtual payment methods; cash is King

SMS Verivication with Google

Youtube

Locksport

Paracord Lanyard Tying

With 550 7-strand core paracord -- 108 inches (9 feet) from the reel for the grab handle.

With 550 7-strand core paracord -- 192 inches (16 foot) from the reel for the lanyard. The twisted portion should be about 42"-43" in length as it turns out shorter than expected after the braid and just daily use of folding and is not meant to not be completely rigid, the extra room is to allow for alot of flexibility. When braided, it can turn out shorter than estimated. No two of these will be exactly the alike!

  • Note 1: I will use the same color cord for the lanyard as the carabiner unless asked to make a three color variant, or if I feel squirrelly.
  • Note 2: I have the "leftovers" mantra running through my head the whole time. On the first half for sizing, twist left strand left side left to avoid snags, and place it over the right, and so on. On the braid part, start with the left strand through a twist and put the right strand under the left one.
  • Note 3: Related to note 2, pay attention and try not to miss braiding a twist. It is maddening to spot it ten minutes later, unravel to that spot to fix it.
Retrieved from "https://wiki.rsksolutions.org/index.php?title=User:Acmeraptor&oldid=226"