Irssi channel-list

First install scriptassists (https://scripts.irssi.org/)

/run scriptassist

Now install adv_windowlist

/script install adv_windowlist

Setup adv_list, heres my config:

/toggle awl_viewer
/toggle awl_mouse
/set awl_block -19
/format awl_display_header 0

Enjoy 😉

Finish up by running

/save

And finaly move adv_windowlist from .irssi/script to .irssi/scripts/autorun to run at startup 🙂

 

Note (I was told that im doing it wrong):

15:09 <+vague> mikjaer, you mean you want to remove awl_display_header? /format -delete awl_display_header then /save

Udgivet i Irssi | Skriv en kommentar

Wireguard on debian

Start med og opdater debian

Enden laver man sudo eller køre det som root

apt update && apt upgrade -y
derefter add

# echo “deb http://deb.debian.org/debian/ unstable main” &gt; /etc/apt/sources.list.d/unstable.list
# printf ‘Package: *\nPin: release a=unstable\nPin-Priority: 90\n’ &gt; /etc/apt/preferences.d/limit-unstable
# apt update
# apt install wireguard
Når installation er færdig skal vi lave de første keys til serverne.

umask 077
wg genkey | tee privat.key | wg pubkey > public.key
ls
cat privat.key
Så har vi lavet en public og en privat key. De 2 keys skal vi bruge i vores opsætning.

Derefter skal vi i /etc/wireguard/ og lave vores interface navn. Den kan hed hvad vil gerne vil have, men kalde den wg0 for test.

eth0 skal være det interfaces på ens linux man gerne vil bruge.

Alt med ip6 kan fjernes vis man ikke vil bruge det.

touch /etc/wireguard/wg0.conf
vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey = <indsæt privat.key sting her>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
SaveConfig = true

[Peer]
PublicKey = den Publickey fra ens client
AlloedIPs = 10.0.0.2/32 # den ip client skal have, der er også en anden måde man kan add clienter på, det kommer senere
Nu skal vi tillade linux til og ip forward

vi /etc/sysctl.conf

Find dem og fjerne #

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
sysctl -p
Derefter skulle den gerne vis de er sat til ellers genstart for og være sikker.

Her vis hvordan man add en peer igennem console på serverne

wg set wg0 peer <public key af ens client> allowed-ips 10.0.0.2

Vis man vil noget i den retning så husk og lave en cron job som køre ved start op ellers skal man gør det i hånden ved hver start up

På ubuntu/debian vis man vil have firewall kan man installer ufw-

apt install ufw
ufw allow 51820/udp
ufw allow 22/tcp
ufw enable
ufw status verbose
Derefter kan vi starte interface op

wg-quick up wg0
systemctl enable wg-quick@wg0

wg show

ip addr

Så skulle serverne være sat op

På client siden gør man det samme i forhold til den linux man er på

vi /etc/wireguard/client.conf

[Interface]
PrivateKey = <Output of privatekey file that contains your private key>
Address = 10.0.0.2/24

[Peer]
PublicKey = <serverne public.key>
Endpoint = <ipaddressen til serveren>:51820
AllowedIPs = 0.0.0.0/0
0.0.0.0/0 er for og route alt trafik igennem vpnen.
Derefter køre man

wg-quick up client

wg show
så skulle det gerne virke, det er meget vigtig man åbne porten op på firewall og nat det ud.

PersistentKeepalive = 25 er vigtig i client.conf vis man roamer meget med ens computer eller tlf.

Udgivet i Knowledge Base, Networking | Tagget | Skriv en kommentar

Benchmarking disk-access

root@defiant:~# sync
root@defiant:~# echo 3 > /proc/sys/vm/drop_caches

mmc@defiant:~$ dd if=test.iso | pv > /dev/null

 

Udgivet i Uncategorized | Skriv en kommentar

Letsencrypt Wildcard certificate on Debian 9

Point a wildcard record to your server, install apache2

root@cluebat:~# apt-get install virtualenv apache2

and install certbot:

root@cluebat:~# wget https://dl.eff.org/certbot-auto
--2018-10-05 23:07:52--  https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 151.101.16.201, 2a04:4e42:4::201
Connecting to dl.eff.org (dl.eff.org)|151.101.16.201|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62299 (61K) [application/octet-stream]
Saving to: ‘certbot-auto’

certbot-auto                    100%[======================================================>]  60.84K  --.-KB/s    in 0.002s  

2018-10-05 23:07:52 (34.5 MB/s) - ‘certbot-auto’ saved [62299/62299]

root@cluebat:~# chmod 755 certbot-auto 
root@cluebat:~#

Run certbot: (follow onscreen guide to create txt record)

root@cluebat:~# ./certbot-auto certonly --manual -d *.cluebat.eu --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for cluebat.eu

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.cluebat.eu with the following value:

etwS4yidYTkFhl441f7wul5GZEv8kdmNfQCSDqiXrU0

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/cluebat.eu/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/cluebat.eu/privkey.pem
   Your cert will expire on 2019-01-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

And now enable ssl in apache:

root@cluebat:~# a2enmod ssl 
Considering dependency setenvif for ssl:
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  systemctl restart apache2
root@cluebat:~# 

and set up the virtualhost, wildcard.conf:

<VirtualHost *:443>
        SSLEngine on
  SSLProtocol All -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'

        SSLCertificateFile /etc/letsencrypt/live/cluebat.eu/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/cluebat.eu/privkey.pem

  ServerAdmin webmaster@localhost
  ServerName wildcard.cluebat.eu
  ServerAlias *.cluebat.eu

  DocumentRoot /var/www/html

  
</VirtualHost>

Enable new site, Restart apache, and navigate to: wildcard.cluebat.eu:

root@cluebat:~# a2ensite wildcard.conf 
Enabling site wildcard.
To activate the new configuration, you need to run:
  systemctl reload apache2
root@cluebat:~# systemctl restart apache2

Noticing the “cluebat.eu” does not work, you can add secondary domains like:

 

root@cluebat:~# ./certbot-auto certonly --manual -d *.cluebat.eu -d cluebat.eu  --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/cluebat.eu.conf)

It contains these names: *.cluebat.eu

You requested these names for the new certificate: *.cluebat.eu, cluebat.eu.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for cluebat.eu
dns-01 challenge for cluebat.eu

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.cluebat.eu with the following value:

etwS4yidYTkFhl441f7wul5GZEv8kdmNfQCSDqiXrU0

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.cluebat.eu with the following value:

xD428EnO8OIXpH3LdBGs6ObwoR8hOeN6obnyEvBZids

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/cluebat.eu/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/cluebat.eu/privkey.pem
   Your cert will expire on 2019-01-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Adding another wildcard to the same cert goes as easy:

root@cluebat:~# ./certbot-auto certonly --manual -d *.cluebat.eu -d cluebat.eu -d housebot.dk -d *.housebot.dk --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/cluebat.eu.conf)

It contains these names: *.cluebat.eu, cluebat.eu

You requested these names for the new certificate: *.cluebat.eu, cluebat.eu,
housebot.dk, *.housebot.dk.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for cluebat.eu
dns-01 challenge for cluebat.eu
dns-01 challenge for housebot.dk
dns-01 challenge for housebot.dk

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.cluebat.eu with the following value:

etwS4yidYTkFhl441f7wul5GZEv8kdmNfQCSDqiXrU0

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.cluebat.eu with the following value:

xD428EnO8OIXpH3LdBGs6ObwoR8hOeN6obnyEvBZids

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.housebot.dk with the following value:

5_IQHWzUVroRwk_AH8Qe2ztg3rMYuWHIiHX9TvH3t1Y

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.housebot.dk with the following value:

5CSRERvy-uXp9gO33gaCzJdM4UBb84sspJDJ1UO9AII

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/cluebat.eu/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/cluebat.eu/privkey.pem
   Your cert will expire on 2019-01-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Restart apache, and test:

root@cluebat:~# systemctl restart apache2
root@cluebat:~# 

 

Udgivet i Apache, Kryptering, Letsencrypt | Skriv en kommentar

Manually deleting movies and pictures from OnePlus 5

When you delete the content of the DCIM folder on the phone the space, for some reason, does not gets released. This is because the phone stores the files in  /Android/data/com.oneplus.gallery/files/recyclebin instead of just deleting them .. *sigh*

Udgivet i Android | Skriv en kommentar

Adding SSH Keys to CloneZilla disk-image

Create working-directory in root’s homdir:

root@Voyager:~# mkdir my-clonezilla
root@Voyager:~# cd my-clonezilla/
root@Voyager:~/my-clonezilla# 

Generate SSH Keys:

root@Voyager:~/my-clonezilla# ssh-keygen -t rsa -f ./id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in ./id_rsa.
Your public key has been saved in ./id_rsa.pub.
The key fingerprint is:
SHA256:YcOXhcGKgm8MPQWPqdY7FzgLvn1/B+CaFn9Az+WOTgU root@Voyager
The key's randomart image is:
+---[RSA 2048]----+
|    ..   ..o.    |
|     +..  oo     |
|   oo...=.E      |
|  oo+...++ ..    |
|  +++o.oS+ o.    |
| o .++..o +..    |
|  ..+ .= ..+     |
|   o o= ..+ o    |
|  . .o ..+..     |
+----[SHA256]-----+
root@Voyager:~/my-clonezilla#

Mount USB Stick, copy image and unsquash it:

root@Voyager:~/my-clonezilla# mount /dev/sdc1 /mnt/usb/
root@Voyager:~/my-clonezilla# cp /mnt/usb/live/filesystem.squashfs .
root@Voyager:~/my-clonezilla# unsquashfs filesystem.squashfs 
Parallel unsquashfs: Using 4 processors
29605 inodes (29764 blocks) to write

[=================================================================\] 29764/29764 100%

created 25458 files
created 4104 directories
created 4115 symlinks
created 9 devices
created 0 fifos

Add your keys to the images homedir skeleton:

root@Voyager:~/my-clonezilla# mkdir squashfs-root/etc/skel/.ssh
root@Voyager:~/my-clonezilla# cp id_rsa* squashfs-root/etc/skel/.ssh/

Repack then squashfs:

root@Voyager:~/my-clonezilla# mksquashfs squashfs-root filesystem-new.squashfs -b 1024k -comp xz -Xbcj x86 -e boot 
Parallel mksquashfs: Using 4 processors
Creating 4.0 filesystem on filesystem-new.squashfs, block size 1048576.
[=========================================================================================/] 25641/25641 100%

Exportable Squashfs 4.0 filesystem, xz compressed, data block size 1048576
  compressed data, compressed metadata, compressed fragments, compressed xattrs
  duplicates are removed
Filesystem size 205942.03 Kbytes (201.12 Mbytes)
  23.13% of uncompressed filesystem size (890527.03 Kbytes)
Inode table size 262474 bytes (256.32 Kbytes)
  23.50% of uncompressed inode table size (1117024 bytes)
Directory table size 293876 bytes (286.99 Kbytes)
  41.90% of uncompressed directory table size (701431 bytes)
Xattr table size 78 bytes (0.08 Kbytes)
  97.50% of uncompressed xattr table size (80 bytes)
Number of duplicate files found 1938
Number of inodes 33688
Number of files 25459
Number of fragments 609
Number of symbolic links  4115
Number of device nodes 9
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 4105
Number of ids (unique uids + gids) 16
Number of uids 4
  root (0)
  syslog (104)
  www-data (33)
  messagebus (106)
Number of gids 14
  root (0)
  dip (30)
  adm (4)
  shadow (42)
  nogroup (65534)
  utmp (43)
  tty (5)
  crontab (107)
  messagebus (110)
  syslog (108)
  staff (50)
  uuidd (111)
  www-data (33)
  mail (8)

Copy the new image in place, and unmount the image:

root@Voyager:~/my-clonezilla# cp filesystem-new.squashfs /mnt/usb/live/filesystem.squashfs 
root@Voyager:~/my-clonezilla# umount /mnt/usb 

 

Udgivet i Linux | Skriv en kommentar

Writing a simple bash filter

To write a simple bash filter application, start by declaring
your filter as a bash script with #!/usr/bin/env bash.
This informs your shell what interpreter to use when running the script.

The trick to writing a filter is to read lines from a filename if supplied
${1},
or from /dev/stdin
if no filename is supplied.

An example script lowercase

#!/usr/bin/env bash

while read line; do
    echo ${line,,}
done < "${1:-/dev/stdin}"

This script can then be utilized in a pipeline, e.g. cat file | lowercase
or by feeding it a filename,

lowercase file
.

 

Udgivet i Programmering, Shellscript | Skriv en kommentar

Screenshot script for Ubuntu 18.04

This script will take a screenshot, upload it to a server and copy the URL into your clipboard and finaly play a sound to tell you that it’s done, first install xclip:

apt-get install xclip

Create screenshot.sh

#!/bin/bash
filename='Screenshot_from_'`date +%Y-%m-%d_%H-%M-%S`'.png'
echo $filename
gnome-screenshot --area --file=`eval echo ~`/Pictures/$filename
scp ~/Pictures/$filename user@website.dk:/var/www/website.dk/htdocs-ssl/screenshots/$filename               
echo -n https://website.dk/screenshots/$filename|xclip
aplay ~/screenshot.wav

You must setup ssh-keys to allow the scp transfer to go through without password.

Now open Ubuntu Settings (The gear and wrench icon), select “Devices” and “Keyboard” scroll to the bottom and click the plus-sign (+) and fill it out as following:

And finaly you need to find a wave file you want to play afterwards, i use one of a camera shutter i found on a creative commons website – which i unfortunateley lost the link to … if you have a good link, please submit it and i will post it.

Udgivet i Linux, Workstation | Skriv en kommentar

WM independant shortcuts with xbindkeys

First install:

apt-get install xbindkeys

And create a config file, /home/user/.xbindkeysrc:

"/home/user/scripts.sh"
    Control + Alt + P 

And run xbindkeys -p

Udgivet i Linux, Workstation | Skriv en kommentar

Installing Vagrant and host-manager with LXC on Ubuntu 18.04

This took me quite a while and failed tries to figure out:

apt-get update
apt-get install lxc
wget https://releases.hashicorp.com/vagrant/2.1.2/vagrant_2.1.2_x86_64.deb
dpkg -i vagrant_2.1.2_x86_64.deb
vagrant plugin install vagrant-lxc
vagrant plugin install vagrant-hostmanager

You should probably check if a newer version has been released, if you miss any dependencies try to install the vagrant-lxc packages from Ubuntu before the .deb package.

Create a project folder containing the following Vagrantfile:

Vagrant.configure("2") do |config|
   config.vm.box = "debian/stretch64"
   config.hostmanager.enabled = true
   config.hostmanager.manage_host = true
   config.hostmanager.manage_guest = true

   config.vm.define "ns1" do |ns1|
     ns1.vm.hostname = "ns1.local"
   end

   config.vm.define "ns2" do |ns2|
     ns2.vm.hostname = "ns2.local"
   end

end

Now run

vagrant up

To bring the environment online, and verify name-resolving and connectivity:

# ping ns1.local -c 4
PING ns1.local (10.0.3.14) 56(84) bytes of data.
64 bytes from ns1.local (10.0.3.14): icmp_seq=1 ttl=64 time=0.052 ms
64 bytes from ns1.local (10.0.3.14): icmp_seq=2 ttl=64 time=0.065 ms
64 bytes from ns1.local (10.0.3.14): icmp_seq=3 ttl=64 time=0.066 ms
64 bytes from ns1.local (10.0.3.14): icmp_seq=4 ttl=64 time=0.081 ms

--- ns1.leandns.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.052/0.066/0.081/0.010 ms

Connect to one of the machines with:

# vagrant ssh ns1

Enjoy 😉

Udgivet i Development, Linux, Vagrant, Workstation | Skriv en kommentar