if ($_SERVER['PHP_AUTH_USER'] != 'jeff' && $_SERVER['PHP_AUTH_USER'] != 'marina' && $_SERVER['PHP_AUTH_USER'] != 'jflemay@hotmail.com' && $_SERVER['PHP_AUTH_USER'] != 'marina.lemay@hotmail.com' ) { die('no rights to read this page'); } ====== Raspberry pi tools ====== x * long life for SD card * Disable swap : \\ free -m \\ cat /proc/swaps \\ sudo swapoff --all \\ sudo swapoff -a \\ rm /swapfile \\ rm /var/swapfile * __dphys-swapfile swapoff__ * You can set this in /etc/systemd/journald.conf like so: \\ SystemMaxUse=100M * Assign the __noatime__ mount flag to partitions residing on the SD card by adding it to the options section of the partition in /etc/fstab. * Highly used directories such as /var/tmp/ and possibly /var/log can be relocated to RAM in /etc/fstab like this: \\ tmpfs /var/tmp tmpfs nodev,nosuid,size=50M 0 0 * Copy save SD card * sudo dd bs=4m if=/dev/rdisk2 of=raspbian.img * sudo dd if=/dev/disk3 of=~/sauvegardeCarteSD.dmg * diskutil unmountDisk /dev/disk3 * (pour restaurer : sudo dd if=~/sauvegardeCarteSD.dmg of=/dev/disk3) * Bug * I can confirm this -nasty- bug. It happens in X11 and wayland sessions. \\ The workaround of changing in /boot/firmware/config.txt: \\ dtoverlay=vc4-kms-v3d \\ To: dtoverlay=vc4-fkms-v3d \\ Solves the problem for me. * démarrage hdmi forcé * dans le fichier /boot/config.txt ou /boot/firmware/config.txt * hdmi_force_hotplug=1 : Force l’affichage HDMI même si on ne détecte pas d’écran HDMI. * hdmi_drive=2 : Tente d’utiliser le mode HDMI plutôt que le mode DVI, cela permet notamment de régler certains problèmes de son. * hdmi_safe=1 : mode comptatibilité, équivaut à hdmi_force_hotplug=1, hdmi_ignore_edid=0xa5000080, config_hdmi_boost=4, hdmi_group=2, hdmi_mode=4, disable_overscan=0, overscan_left=24, overscan_right=24, overscan_top=24, overscan_bottom=24. * hdmi_group=1 hdmi_mode=16 = 1920x1080p, frequency 60Hz and the screen aspect 16:9. hdmi_mode=1 VGA hdmi_mode=2 480p 60Hz hdmi_mode=3 480p 60Hz H hdmi_mode=4 720p 60Hz hdmi_mode=5 1080i 60Hz hdmi_mode=6 480i 60Hz hdmi_mode=7 480i 60Hz H hdmi_mode=8 240p 60Hz hdmi_mode=9 240p 60Hz H hdmi_mode=10 480i 60Hz 4x hdmi_mode=11 480i 60Hz 4x H hdmi_mode=12 240p 60Hz 4x hdmi_mode=13 240p 60Hz 4x H hdmi_mode=14 480p 60Hz 2x hdmi_mode=15 480p 60Hz 2x H hdmi_mode=16 1080p 60Hz hdmi_mode=17 576p 50Hz hdmi_mode=18 576p 50Hz H hdmi_mode=19 720p 50Hz hdmi_mode=20 1080i 50Hz hdmi_mode=21 576i 50Hz hdmi_mode=22 576i 50Hz H hdmi_mode=23 288p 50Hz hdmi_mode=24 288p 50Hz H hdmi_mode=25 576i 50Hz 4x hdmi_mode=26 576i 50Hz 4x H hdmi_mode=27 288p 50Hz 4x hdmi_mode=28 288p 50Hz 4x H hdmi_mode=29 576p 50Hz 2x hdmi_mode=30 576p 50Hz 2x H hdmi_mode=31 1080p 50Hz hdmi_mode=32 1080p 24Hz hdmi_mode=33 1080p 25Hz hdmi_mode=34 1080p 30Hz hdmi_mode=35 480p 60Hz 4x hdmi_mode=36 480p 60Hz 4xH hdmi_mode=37 576p 50Hz 4x hdmi_mode=38 576p 50Hz 4x H hdmi_mode=39 1080i 50Hz reduced blanking hdmi_mode=40 1080i 100Hz hdmi_mode=41 720p 100Hz hdmi_mode=42 576p 100Hz hdmi_mode=43 576p 100Hz H hdmi_mode=44 576i 100Hz hdmi_mode=45 576i 100Hz H hdmi_mode=46 1080i 120Hz hdmi_mode=47 720p 120Hz hdmi_mode=48 480p 120Hz hdmi_mode=49 480p 120Hz H hdmi_mode=50 480i 120Hz hdmi_mode=51 480i 120Hz H hdmi_mode=52 576p 200Hz hdmi_mode=53 576p 200Hz H hdmi_mode=54 576i 200Hz hdmi_mode=55 576i 200Hz H hdmi_mode=56 480p 240Hz hdmi_mode=57 480p 240Hz H hdmi_mode=58 480i 240Hz hdmi_mode=59 480i 240Hz H H means 16:9 variant (of a normally 4:3 mode). 2x means pixel doubled (i.e. higher clock rate, with each pixel repeated twice) 4x means pixel quadrupled (i.e. higher clock rate, with each pixel repeated four times) /home/utilisateur1/.local/share/kscreen# cat 04b52944dfdfaeaf5b2f3296033d0130 [ { "enabled": true, "id": "172b9df285a00087e754131ec13056d8", "metadata": { "fullname": "xrandr-IMAGEQUEST Co., Ltd-L70S+-48050", "name": "HDMI-1" }, "mode": { "refresh": 75.02467346191406, "size": { "height": 1024, "width": 1280 } }, "pos": { "x": 0, "y": 0 }, "primary": true, "rotation": 1, "scale": 1 } ] ===== Imprimante Canon MG5100 ===== * sudo apt install printer-driver-gutenprint * sudo apt install simple-scan ===== Veracrypt ===== * tar -xf VeraCrypt_1.24-Update7_Source.tar.bz2 * sudo apt install make gcc pkg-config libfuse-dev libwxgtk3.0-gtk3-dev * sudo apt install g++ libfuse-dev pkg-config yasm libwxbase3.0-dev * change line 204 of Makefile : add '-std=gnu++14' * cd src && make * sudo apt install libwxgtk3.0-gtk3-0v5 * ===== Install mariadb ===== apt install mariadb-server mysql_secure_installation mysql -u root -p * show listen ports \\ [ netstat -tln ] \\ [ netstat -tlpn | grep mysql ] #!/bin/bash #?? mysqladmin -u root password rootpassword mysql -uroot -prootpassword --execute="ALTER USER 'root'@'localhost' IDENTIFIED BY 'rootpassword';" SHOW DATABASES; DROP DATABASE truc; CREATE USER 'fw'@'localhost' IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES; SELECT User FROM mysql.user; USE mysql; CREATE USER 'fw'@'localhost' IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES; SHOW TABLES; #!/bin/bash cat fw.sql | mysql -uroot -prootpassword # restore from a fwdbase savedFile : sudo mysql -u root -p fwdbase < "fwdbase_sav_2021-11-11.sql" # save database "fwdbase" : sudo mysqldump -u root -p fwdbase > "fwdbase_sav_2021-11-11.sql" CREATE USER 'fw'@'localhost' IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES; CREATE DATABASE fwdbase; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER ON fwdbase.* TO fw@localhost IDENTIFIED BY 'userpassword'; GRANT FILE ON *.* TO fw@localhost IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES; ===== hardware.bash ===== #!/bin/bash today=$(date +%Y-%m-%d_%H-%M) cpu=$(cat /proc/cpuinfo | grep Model) cput=$( #!/bin/bash today=$(date +%Y-%m-%d_%H:%M:%S) cpu=$(cat /proc/cpuinfo | grep Model) cput=$( ===== Change Desktop ===== sudo tasksel # 1- install Raspbian Lite sudo apt update sudo apt upgrade sudo apt dist-upgrade sudo reboot sudo apt install xserver-xorg sudo apt install kde-plasma-desktop # sudo apt install mate-desktop-environment-core sudo apt install lightdm sudo reboot sudo apt install cups sudo usermod -a -G lpadmin pi #sddm display manager is the default one for KDE Plasma desktop. sudo dpkg-reconfigure sddm sudo update-alternatives --config x-session-manager sudo apt install network-manager-gnome sudo systemctl disable dhcpcd sudo /etc/init.d/dhcpcd stop reboot sudo iw reg set FR ## wifi to France mcedit /etc/default/crda #REGDOMAIN= #REGDOMAIN=US ##### back to lite version ##### sudo apt purge x11-common ===== Install wifi Raspberry ===== #!/bin/bash # https://www.raspberrypi.com/documentation/computers/configuration.html#configuring-networking # https://raspberrypi.stackexchange.com/questions/95070/auto-connect-to-saved-network-after-stopping-and-starting-wpa-supplicant-service sudo iwlist wlan0 scan wpa_passphrase TP-LINK-0FBE password wpa_passphrase TP-LINK_0FBE_5G password wpa_passphrase Fibre2Gh password sudo mcedit /etc/wpa_supplicant/wpa_supplicant.conf wpa_cli -i wlan0 reconfigure #If you are using a hidden network, an extra option in the wpa_supplicant file, scan_ssid, #may help connection. #network={ # ssid="yourHiddenSSID" # scan_ssid=1 # sudo mcedit /etc/dhcpcd.conf # interface wlan0 # static ip_address=192.168.1.78/24 # static routers=192.168.1.254 # static domain_name_servers=192.168.1.254 #sudo raspi-config ip route | grep wlan0 #default via 192.168.1.254 dev wlan0 proto dhcp src 192.168.1.110 metric 302 #192.168.1.0/24 dev wlan0 proto dhcp scope link src 192.168.1.110 metric 302 ===== Wifi config Ubuntu Server Raspberry ===== sudo dpkg-reconfigure keyboard-configuration sudo apt install wireless-tools net-tools sudo apt install wpasupplicant sudo mcedit /etc/wpa_supplicant.conf #network={ # ssid="ssid_name" # psk="password" #} sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf -D wext sudo dhclient wlan0 # wpa_passphrase myrouter mypassphrase > wpa.conf sudo apt install wireless-tools net-tools ifupdown #Then, edit the /etc/network/interfaces configuration file: sudo nano /etc/network/interfaces #The file is empty, paste these lines into it: auto wlan0 iface wlan0 inet dhcp wpa-ssid YOUR_SSID wpa-psk YOUR_PASSWORD #Save & exit (CTRL+X). #Enable the Wi-Fi interface: sudo ifup wlan0 #It should work immediately (use ifconfig to check). #If not, reboot your system: sudo reboot #https://github.com/Mange/rtl8192eu-linux-driver #sed $'s/\^\[/\E/g;s/\[1G\[/\[27G\[/' /var/log/boot ===== Improved (=reliable) Wait for Network ===== systemctl enable network-wait-online.service systemctl list-dependencies --before dhcpcd systemctl list-dependencies mnt-video.mount # # Uses 'hostname --all-fqdns' to confirm that both: IP address[es] assigned, and DNS operational # [Unit] Description=Wait for Network to be Online Documentation=man:systemd.service(5) man:systemd.special(7) Conflicts=shutdown.target After=network.target Before=network-online.target [Service] Type=oneshot ExecStart= \ /bin/bash -c ' \ if [ -e /etc/systemd/system/dhcpcd.service.d/wait.conf ]; \ then \ echo Wait for Network: enabled; \ while [ -z $(hostname --all-fqdns) ]; \ do \ sleep 1; \ done; \ else \ echo Wait for Network: disabled; \ exit 0; \ fi' TimeoutStartSec=1min 30s [Install] WantedBy=network-online.target ===== tmp in ram ===== tmpfs /tmp tmpfs defaults,noatime,nosuid,size=10m 0 0 tmpfs /var/tmp tmpfs defaults,noatime,nosuid,size=10m 0 0 tmpfs /var/log tmpfs defaults,noatime,nosuid,mode=0755,size=10m 0 0 # # This file is part of systemd. # # jeff # [Unit] Description=My Service [Service] # We just want to create the myservice run directory Type=oneshot RuntimeDirectory=myservice User=root Group=root #ExecStart=/bin/true ExecStart=/bin/bash -c 'echo coucou >> /tmp/myservice.txt' RemainAfterExit=yes [Install] WantedBy=multi-user.target # # This file is part of systemd. # # # jeff [Unit] Description=My Service Requires=mnt-video.mount Requires=mnt-homes.mount [Service] Type=oneshot RuntimeDirectory=myservice User=root Group=root ExecStart=/bin/sh -c '/root/.bash/apache_createlog.bash' RemainAfterExit=yes StandardOutput=append:/var/log/my.service.log StandardError=append:/var/log/my.service.log [Install] WantedBy=multi-user.target # /jeff sudo touch /etc/systemd/system/my.service sudo chmod 644 /etc/systemd/system/my.service sudo mcedit /etc/systemd/system/my.service sudo systemctl start my.service sudo systemctl status my.service sudo systemctl enable my.service sudo systemctl daemon-reload ===== run rsync ===== # option1 rsync -za # option2 rsync -qaHAXS # option3 rsync -aAXv # a archive (-rlptgoD) # -r, --recursive # -l, --links # -p, --perms # -t, --times # -g, --group # -o, --owner # -D, --devices # -H, --hard-links # -A, --acls # rsync: ACLs are not supported on this server # -q, --quiet # -X, --xattrs # -S, --sparse # -x, --one-file-system #rsync -za /home/timemachine/rsync_test timemachine@nas.local:/volume1/backup/_test_ # --progress # -aHAXS according to https://unix.stackexchange.com/questions/606101/is-it-possible-to-use-rsync-to-restore-root-from-a-directory-in-root blkid > /root/blkid.txt dd if=/dev/mmcblk0 of=/root/masterbootrecord.mbr bs=466 count=1 cp /etc/fstab /root/fstab.txt cp /boot/cmdline.txt /root/cmdline.txt rsync -aHXSv --delete --numeric-ids --stats / --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} timemachine@nas.local:/volume1/backup/raspi ===== install nfs ===== #!/bin/bash sudo apt install nfs-kernel-server sudo echo "#/home/share 192.168.1.1/255.255.255.0(rw,no_wdelay,no_root_squash,insecure,insecure_locks,sec=sys,async,no_subtree_check,anonuid=1026,anongid=100)" >> /etc/exports sudo mkdir /home/share sudo chown utilisateur1:utilisateur1 /home/share sudo exportfs -ra ===== run firefox with profile... ===== #!/bin/bash # about:profiles if (( $EUID == 0 )); then echo "Please do not run $0 as root" exit fi firefox -P default & ===== new user ===== #!/bin/bash sudo groupadd -r -g 1026 utilisateur1 sudo useradd -u 1026 -g 1026 utilisateur1 sudo usermod -m -d /home/utilisateur1 utilisateur1 # raspi sudo usermod -a -G utilisateur1,pi,adm,cdrom,sudo,dip,plugdev,lpadmin,lxd,sambashare utilisateur1 sudo usermod -a -G utilisateur1,pi,adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,spi,i2c,gpio utilisateur1 # debian amd64 sudo usermod -a -G utilisateur1,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev,bluetooth,lpadmin,scanner utilisateur1 sudo usermod --shell /bin/bash utilisateur1 id utilisateur1 groups utilisateur1 grep utilisateur1 /etc/passwd #groups pi #pi : pi adm dialout cdrom sudo audio video plugdev games users input netdev spi i2c gpio lpadmin #pi : pi adm cdrom sudo dip plugdev lpadmin lxd sambashare # .... # change user gid uid groupmod -g 1026 utilisateur1 usermod -u 1026 utilisateur1 ===== install ssh ===== #!/bin/bash sudo apt install openssh-server #sudo systemctl enable ssh #sudo systemctl start ssh #chmod 600 .ssh/authorized_keys #ssh-keygen -t rsa -b 4096 mcedit /etc/ssh/sshd_config # To disable tunneled clear text passwords, change to no here! # jeff #PasswordAuthentication yes PasswordAuthentication no # /jeff systemctl reload ssh sudo apt install sshguard sudo iptables -N sshguard sudo iptables -A INPUT -m multiport -p tcp --destination-ports 21,22 -j sshguard sudo mkdir /etc/iptables sudo iptables-save > /etc/iptables/iptables.rules sudo ip6tables -N sshguard sudo ip6tables -A INPUT -m multiport -p tcp --destination-ports 21,22 -j sshguard sudo mkdir /etc/iptables sudo ip6tables-save > /etc/iptables/ip6tables.rules sudo systemctl enable sshguard sudo service sshguard start iptables --list sshguard --line-numbers --numeric #iptables --delete sshguard line-number apt install ifstat chmod 755 /volume1/homes/backup ls -Al /volume1/homes/ | grep backup # drwxr-xr-x 6 backup users 4096 Mar 5 17:04 backup ls -Al ~ | grep ssh # drwxr-xr-x 2 backup users 4096 Mar 5 17:05 .ssh ls -Al ~/.ssh total 16 -rw------- 1 backup users 1875 Mar 5 07:10 authorized_keys -rw------- 1 backup users 3243 Mar 5 17:04 id_rsa -rw-r----- 1 backup users 736 Mar 5 17:04 id_rsa.pub mcedit /etc/ssh/sshd_config # PubkeyAuthentication yes # RSAAuthentication yes ===== install wireguard ===== * https://www.cachem.fr/pivpn-openvpn-wireguard-raspberry-pi/ #!/bin/bash # #### server side #### # curl -L https://install.pivpn.io | bash sudo -u pi pivpn -a # to add a new device sudo -u pi pivpn -l #sudo -u pi pivpn -qr #!/bin/bash # #### client side #### apt install resolvconf apt install wireguard cp raspi2.conf /etc/wireguard/wg0.conf mkdir /etc/wireguard/server echo "privatekey" > /etc/wireguard/server/server.key echo "publickey" > /etc/wireguard/server/server.key.pub chmod 600 /etc/wireguard/server/server.key chmod 600 /etc/wireguard/wg0.conf # connect with params wg0.conf wg-quick up wg0 ping 10.6.0.1 # start at boot sudo wg-quick down wg0 sudo systemctl start wg-quick@wg0 sudo systemctl enable wg-quick@wg0 #!/bin/bash sudo apt install wireguard mcedit /etc/wireguard/wg0.conf ssh -L 2222:192.168.1.100:22 -N 10.6.0.1 ssh -p 2222 localhost ssh -L 44443:192.168.1.77:44443 -N 10.6.0.1 firefox https://localhost:44443/ ===== install letsencrypt ===== #!/bin/bash apt install snapd sudo snap install core; sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot sudo certbot --apache --domains jflemay.synology.me ===== install fail2ban ===== #!/bin/bash apt install fail2ban systemctl start fail2ban systemctl enable fail2ban # démarrage automatique sudo fail2ban-client status sudo fail2ban-client set sshd unbanip 11.22.33.44 sudo fail2ban-client set apache-auth unbanip 10.6.0.2 cat /var/log/fail2ban.log | grep " Ban \| Unban " fail2ban-client reload apache-auth fail2ban-regex -v --print-all-missed /var/log/apache2/raspissl_error.log /etc/fail2ban/filter.d/apache-auth.conf fail2ban-regex -v /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf # Fail2Ban configuration file # # Author: jeff # # [Definition] actionban = /root/.bash/send_mail.bash "jeff-batch banned " "pouet" [apache-auth] enabled = true port = http,https logpath = %(apache_error_log)s action = %(action_)s jeff-batch[name=%(__name__)s, port="%(port)s", logpath=%(logpath)s] #!/bin/bash if [ -z "$1" ]; then echo "Usage :" echo "$0 \"subject\" \"message\" " exit 0 fi #### message ###### ################### mail_rcpt='jflemay@hotmail.com' mail_sbjt="$1" mail_text="$2" ##### sender ##### ################## mail_from='marinajflemay@gmail.com' mail_pass="password" mail_smtp='smtps://smtp.gmail.com:465' header="MIME-Version: 1.0\nContent-Transfer-Encoding: 8bit\nContent-Type: text/plain;charset=utf-8\n" curl --url "${mail_smtp}" --ssl-reqd \ --user "${mail_from}:${mail_pass}" \ --mail-from "${mail_from}" \ --mail-rcpt "${mail_rcpt}" \ -T - <<< $( echo -e "From: ${mail_from}\nTo: ${mail_rcpt}\nSubject: ${mail_sbjt}\n${header}\n\n${mail_text}" ) ===== install server ===== hostnamectl set-hostname pcraspberry ===== install Jitsi ===== * https://blog.anavi.technology/?p=240 * https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-manual * https://jitsi.github.io/handbook/docs/devops-guide/secure-domain * https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart * uninstall : sudo apt purge jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jicofo jitsi-videobridge2 wget https://download.jitsi.org/jitsi-key.gpg.key sudo apt-key add jitsi-key.gpg.key rm jitsi-key.gpg.key echo "deb https://download.jitsi.org stable/" | sudo tee -a /etc/apt/sources.list.d/jitsi-stable.list sudo apt update sudo apt install jitsi-meet # forwarding # 80/TCP for ssl create / renew # 443/TCP for the HTTPS server # 4443/TCP if UDP is blocked # 10000/UDP for the video bridge # conf is in /etc/jitsi # writing new private key to '/etc/jitsi/meet/raspi2.vpn.key' # # Change # /etc/jitsi/meet/raspi2.vpn.crt with the one created by mkcert # /etc/jitsi/meet/raspi2.vpn.key ............................... # # Key written to /var/lib/prosody/raspi2.vpn.key # Config written to /var/lib/prosody/raspi2.vpn.cnf # Certificate written to /var/lib/prosody/raspi2.vpn.crt # Updating /etc/jitsi/jicofo/config to use jicofo.conf Configuration de jitsi-meet-web-config │ Jitsi Meet is best to be set up with an SSL certificate. Having no certificate, a │ self-signed one will be generated. By choosing self-signed you will later have a chance to │ install Let’s Encrypt certificates. Having a certificate signed by a recognised CA, it can │ be uploaded on the server and point its location. The default filenames will be │ /etc/ssl/--domain.name--.key for the key and /etc/ssl/--domain.name--.crt for the │ certificate. │ │ SSL certificate for the Jitsi Meet instance │ │ Generate a new self-signed certificate (You will later get a chance to ... │ I want to use my own certificate ===== Sauvegarde partition ext4 ===== fdisk -l sfdisk -d /dev/sdc > /mnt/usb/part_table.sfdisk blkid mcedit /mnt/usb/blkid.txt fsck -v -C0 /dev/sdc2 mcedit /mnt/usb/fsck.txt fdisk -l /dev/sdc >> /mnt/usb/fdisk_-l.txt dd if=/dev/sdc of=/mnt/usb/masterbootrecord.mbr bs=466 count=1 partclone.ext4 -c -s /dev/sdc2 -o /mnt/usb/sd_2.partclone partclone.fat32 -c -s /dev/sdc1 -o /mnt/usb/sd_1.partclone #dd if=/dev/sdc1 of=/mnt/usb/sd_1.dd bs=1M #dump -0af /mnt/usb/sdc1.dump /dev/sdc1 #e2image -ar /dev/sdc2 /mnt/usb/sd_2.e2image #sfdisk /dev/sdX < part_table ls -Al /mnt/usb/ total 26248560 -rw-r--r-- 1 root root 237 25 nov. 12:49 blkid.txt -rw-r--r-- 1 root root 566 25 nov. 12:45 fdisk_-l.txt -rw-r--r-- 1 root root 138 25 nov. 12:47 fsck.txt -rw-r--r-- 1 root root 198 25 nov. 12:18 part_table -rw-r--r-- 1 root root 198 25 nov. 12:54 part_table.sfdisk -rw------- 1 root root 36346622 25 nov. 12:27 sd_1.partclone -rw------- 1 root root 13878717434 25 nov. 12:43 sd_2.partclone sudo partclone.fat32 -r -d -s /mnt/usb/sd_1.partclone -o /dev/sdd1 sudo partclone.ext4 -r -d -s /mnt/usb/sd_2.partclone -o /dev/sdd2 blkid ## read PARTUUID of /dev/sdd2 mount /dev/sdd2 /mnt/test mcedit /mnt/test/etc/fstab mcedit /media/utilisateur1/rootfs/etc/fstab ## change PARTUUID on partition #2 (ext4) PARTUUID=5e0d99cb-01 /boot vfat defaults 0 2 PARTUUID=5e0d99cb-02 / ext4 defaults,noatime 0 1 umount /mnt/test mount /dev/sdd1 /mnt/test mcedit /mnt/test/cmdline.txt mcedit /media/utilisateur1/boot/cmdline.txt ## change PARTUUID on partition #1 (fat32) console=serial0,115200 console=tty1 root=PARTUUID=5e0d99cb-02 rootfstype=ext4 fsck.repair=yes rootwait # save GPT sgdisk --backup=/partitions-backup-$(basename $source).sgdisk $source sgdisk --backup=/partitions-backup-$(basename $dest).sgdisk $dest # Copy $source layout to $dest and regenerate GUIDs sgdisk --replicate=$dest $source sgdisk -G $dest # GPT partition scheme from /dev/sda to /dev/sdd (RAID array rebuild)? # sgdisk -R {SECOND-DEVICE-NAME-HERE} /dev/sda # sgdisk -R /dev/sdd /dev/sda To randomize the GUID on the /dev/sdd, enter: # sgdisk -G /dev/sdd ===== Rdp server ===== [globals] port=127.0.0.1:3389 sudo /etc/init.d/xrdp start ===== apache2 ===== apt install apache2 openssl libapache2-mod-php apt install php php-cli openssl version a2enmod ssl #sudo mkdir -p /etc/ssl/localcerts #sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key #sudo chmod 600 /etc/ssl/localcerts/apache* #sudo a2enmod ssl cp default-ssl.conf 001-jflemay.synology.me.conf # change # to this a2ensite 001-jflemay.synology.me.conf systemctl restart apache2 ===== mkcert ===== on Mac : #== sudo -u utilisateur1 mkcert local.example.com # create 2 files in the current directory : local.example.com.pem & local.example.com-key.pem # on the Chrome / Firefox machine sudo -u utilisateur1 mkcert localhost cp localhost.pem /opt/homebrew/etc/httpd/certs/ cp localhost-key.pem /opt/homebrew/etc/httpd/certs/ sudo -u utilisateur1 mkcert raspi.local scp localhost.pem root@raspi.local:/etc/apache2/certs/ scp localhost-key.pem root@raspi.local:/etc/apache2/certs/ # in apache2.conf : # SSLCertificateFile /etc/apache2/certs/raspi.local.pem # SSLCertificateKeyFile /etc/apache2/certs/raspi.local-key.pem ===== install smb permanent links ===== sudo apt install samba nas.local:/volume1/homes /mnt/homes nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 nas.local:/volume1/video /mnt/video nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 nas.local:/volume1/music /mnt/music nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 nas.local:/volume1/admin /mnt/admin nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 #raspi.local:/home/share /mnt/share nfs defaults 0 0 smbpasswd -a utilisateur1 usermod -a -G sambashare utilisateur1 id utilisateur1 systemctl restart smbd systemctl status smbd ===== install wait for network ===== #!/bin/bash sudo apt install nfs-common --fix-missing systemctl disable systemd-networkd-wait-online.service ===== nfs4 mapping problem (not solved) ===== systemctl status nfs-idmapd sudo groupadd -r -g 1023 http mcedit /etc/idmapd.conf #[Général] #Domaine = domaine local #[Traduction] #Méthode = nsswitch mcedit /etc/default/nfs-common #NEED_IDMAPD = yes systemctl restart nfs-utils ===== Install Firefox on Raspbian ===== sudo mcedit /etc/apt/sources.list.d/bionic.list # for raspberry === deb http://ports.ubuntu.com/ubuntu-ports bionic-updates main # for debian amd64 === deb http://archive.ubuntu.com/ubuntu/ bionic main restricted universe multiverse # for debian amd64 === deb http://security.ubuntu.com/ubuntu/ bionic-security main restricted universe multiverse # for debian amd64 === deb http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted universe multiverse sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 # for Raspi sudo mcedit /etc/apt/preferences.d/99bionic-updates #Paste the following lines in it: Package: * Pin: release a=bionic-updates Pin-Priority: 1 # for Debian amd64 sudo mcedit /etc/apt/preferences.d/bionic.pref Explanation: Allow installing firefox from bionic Package: firefox Pin: release a=bionic-updates Pin-Priority: 1101 Explanation: Avoid other packages from the bionic repo. Package: * Pin: release a=bionic Pin-Priority: 1 sudo apt update sudo apt install firefox ===== other stuff ===== vlc https://radiobonheur.ice.infomaniak.ch/radiobonheur-128-1.mp3?DIST=TuneIn do shell script "/Applications/VLC.app/Contents/MacOS/VLC https://radiobonheur.ice.infomaniak.ch/radiobonheur-128-1.mp3?DIST=TuneIn"