Ceci est une ancienne révision du document !
Raspberry pi tools
x
- long life for SD card
- Disable swap :
cat /proc/swaps
sudo swapoff –all
sudo swapoff -a
rm /swapfile
rm /var/swapfile - dphys-swapfile swapoff
- Assign the noatime mount flag to partitions residing on the SD card by adding it to the options section of the partition in /etc/fstab.
- Highly used directories such as /var/tmp/ and possibly /var/log can be relocated to RAM in /etc/fstab like this:
tmpfs /var/tmp tmpfs nodev,nosuid,size=50M 0 0
- Copy save SD card
- sudo dd bs=4m if=/dev/rdisk2 of=raspbian.img
- sudo dd if=/dev/disk3 of=~/sauvegardeCarteSD.dmg
- diskutil unmountDisk /dev/disk3
- (pour restaurer : sudo dd if=~/sauvegardeCarteSD.dmg of=/dev/disk3)
- Bug
- I can confirm this -nasty- bug. It happens in X11 and wayland sessions.
The workaround of changing in /boot/firmware/config.txt:
dtoverlay=vc4-kms-v3d
To: dtoverlay=vc4-fkms-v3d
Solves the problem for me.
- démarrage hdmi forcé
- dans le fichier /boot/config.txt ou /boot/firmware/config.txt
- hdmi_force_hotplug=1 : Force l’affichage HDMI même si on ne détecte pas d’écran HDMI.
- hdmi_drive=2 : Tente d’utiliser le mode HDMI plutôt que le mode DVI, cela permet notamment de régler certains problèmes de son.
- hdmi_safe=1 : mode comptatibilité, équivaut à hdmi_force_hotplug=1, hdmi_ignore_edid=0xa5000080, config_hdmi_boost=4, hdmi_group=2, hdmi_mode=4, disable_overscan=0, overscan_left=24, overscan_right=24, overscan_top=24, overscan_bottom=24.
- hdmi_group=1 hdmi_mode=16 = 1920x1080p, frequency 60Hz and the screen aspect 16:9.
hdmi_mode=1 VGA hdmi_mode=2 480p 60Hz hdmi_mode=3 480p 60Hz H hdmi_mode=4 720p 60Hz hdmi_mode=5 1080i 60Hz hdmi_mode=6 480i 60Hz hdmi_mode=7 480i 60Hz H hdmi_mode=8 240p 60Hz hdmi_mode=9 240p 60Hz H hdmi_mode=10 480i 60Hz 4x hdmi_mode=11 480i 60Hz 4x H hdmi_mode=12 240p 60Hz 4x hdmi_mode=13 240p 60Hz 4x H hdmi_mode=14 480p 60Hz 2x hdmi_mode=15 480p 60Hz 2x H hdmi_mode=16 1080p 60Hz hdmi_mode=17 576p 50Hz hdmi_mode=18 576p 50Hz H hdmi_mode=19 720p 50Hz hdmi_mode=20 1080i 50Hz hdmi_mode=21 576i 50Hz hdmi_mode=22 576i 50Hz H hdmi_mode=23 288p 50Hz hdmi_mode=24 288p 50Hz H hdmi_mode=25 576i 50Hz 4x hdmi_mode=26 576i 50Hz 4x H hdmi_mode=27 288p 50Hz 4x hdmi_mode=28 288p 50Hz 4x H hdmi_mode=29 576p 50Hz 2x hdmi_mode=30 576p 50Hz 2x H hdmi_mode=31 1080p 50Hz hdmi_mode=32 1080p 24Hz hdmi_mode=33 1080p 25Hz hdmi_mode=34 1080p 30Hz hdmi_mode=35 480p 60Hz 4x hdmi_mode=36 480p 60Hz 4xH hdmi_mode=37 576p 50Hz 4x hdmi_mode=38 576p 50Hz 4x H hdmi_mode=39 1080i 50Hz reduced blanking hdmi_mode=40 1080i 100Hz hdmi_mode=41 720p 100Hz hdmi_mode=42 576p 100Hz hdmi_mode=43 576p 100Hz H hdmi_mode=44 576i 100Hz hdmi_mode=45 576i 100Hz H hdmi_mode=46 1080i 120Hz hdmi_mode=47 720p 120Hz hdmi_mode=48 480p 120Hz hdmi_mode=49 480p 120Hz H hdmi_mode=50 480i 120Hz hdmi_mode=51 480i 120Hz H hdmi_mode=52 576p 200Hz hdmi_mode=53 576p 200Hz H hdmi_mode=54 576i 200Hz hdmi_mode=55 576i 200Hz H hdmi_mode=56 480p 240Hz hdmi_mode=57 480p 240Hz H hdmi_mode=58 480i 240Hz hdmi_mode=59 480i 240Hz H H means 16:9 variant (of a normally 4:3 mode). 2x means pixel doubled (i.e. higher clock rate, with each pixel repeated twice) 4x means pixel quadrupled (i.e. higher clock rate, with each pixel repeated four times)
/home/utilisateur1/.local/share/kscreen# cat 04b52944dfdfaeaf5b2f3296033d0130
[
{
"enabled": true,
"id": "172b9df285a00087e754131ec13056d8",
"metadata": {
"fullname": "xrandr-IMAGEQUEST Co., Ltd-L70S+-48050",
"name": "HDMI-1"
},
"mode": {
"refresh": 75.02467346191406,
"size": {
"height": 1024,
"width": 1280
}
},
"pos": {
"x": 0,
"y": 0
},
"primary": true,
"rotation": 1,
"scale": 1
}
]
Imprimante Canon MG5100
- sudo apt install printer-driver-gutenprint
- sudo apt install simple-scan
Veracrypt
- tar -xf VeraCrypt_1.24-Update7_Source.tar.bz2
- sudo apt install make gcc pkg-config libfuse-dev libwxgtk3.0-gtk3-dev
- sudo apt install g++ libfuse-dev pkg-config yasm libwxbase3.0-dev
- change line 204 of Makefile : add '-std=gnu++14'
- cd src && make
- sudo apt install libwxgtk3.0-gtk3-0v5
Install mariadb
apt install mariadb-server mysql_secure_installation mysql -u root -p
- show listen ports
[ netstat -tln ]
[ netstat -tlpn | grep mysql ]
#!/bin/bash #?? mysqladmin -u root password rootpassword mysql -uroot -prootpassword --execute="ALTER USER 'root'@'localhost' IDENTIFIED BY 'rootpassword';"
SHOW DATABASES; DROP DATABASE truc; CREATE USER 'fw'@'localhost' IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES; SELECT User FROM mysql.user; USE mysql; CREATE USER 'fw'@'localhost' IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES; SHOW TABLES;
#!/bin/bash cat fw.sql | mysql -uroot -prootpassword # restore from a fwdbase savedFile : sudo mysql -u root -p fwdbase < "fwdbase_sav_2021-11-11.sql" # save database "fwdbase" : sudo mysqldump -u root -p fwdbase > "fwdbase_sav_2021-11-11.sql"
CREATE USER 'fw'@'localhost' IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES; CREATE DATABASE fwdbase; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER ON fwdbase.* TO fw@localhost IDENTIFIED BY 'userpassword'; GRANT FILE ON *.* TO fw@localhost IDENTIFIED BY 'userpassword'; FLUSH PRIVILEGES;
hardware.bash
#!/bin/bash
today=$(date +%Y-%m-%d_%H-%M)
cpu=$(cat /proc/cpuinfo | grep Model)
cput=$(</sys/class/thermal/thermal_zone0/temp)
cput=$((cput/1000))
ram=$(free | grep Mem | awk '{printf "%4.f%%", $3/$2 * 100.0}')
hdisk=$(df | grep '/$' | awk '{print $5}')
echo "$cpu"
echo "$today Cpu $cput °C, Ram $ram, Hd $hdisk"
#
# Model : Raspberry Pi Zero 2 Rev 1.0
# 2021-11-18_00-31 Cpu 41 °C, Ram 44%, Hd 18%
#
#!/bin/bash
today=$(date +%Y-%m-%d_%H:%M:%S)
cpu=$(cat /proc/cpuinfo | grep Model)
cput=$(</sys/class/thermal/thermal_zone0/temp)
#cput=$(vcgencmd measure_temp)
cput=$((cput/1000))
ipad=$( hostname -I )
ram=$(free | grep Mem | awk '{printf "%4.f%%", $3/$2 * 100.0}')
hdisk=$(df | grep '/$' | awk '{print $5}')
cpuc=$(vcgencmd measure_clock arm | grep -oP '(?<=\=)[0-9]+')
cpuc=$(echo "$cpuc" | awk '{printf "%4.2f", $1 / 1000000000.0}')
eth=$( ifstat -i eth0 0.5 1 | tail -n 1 )
w1=$(echo "$eth" | awk '{print $1}')
w2=$(echo "$eth" | awk '{print $2}')
#distri=$(lsb_release -a | grep Descript)
distri=$(cat /etc/*release | grep PRETTY)
#cpup=$(top -bn1 | grep '^%Cpu(s):' | sed 's/\(.*\)\([ ][0-9]\+,[0-9][ ]id\)\(.*\)/\2/' | awk '{print 100 - $1}')
cpup=$(top -bn1 | grep '^%Cpu(s):' | sed 's/\(.*\)\(\b[0-9]\+[\.,][0-9]\)\(\sid\)\(.*\)/\2/' | head -n 1 | awk '{print 100 - $1}' )
echo "$cpu"
echo "$distri"
echo "$today Cpu $cpup %, Cpu $cpuc GHz, $cput deg C, Ram $ram, Hd $hdisk"
echo "eth0 activity: $w1 KB/s in == $w2 KB/s out | $ipad"
Change Desktop
sudo tasksel
# 1- install Raspbian Lite
sudo apt update
sudo apt upgrade
sudo apt dist-upgrade
sudo reboot
sudo apt install xserver-xorg
sudo apt install kde-plasma-desktop
# sudo apt install mate-desktop-environment-core
sudo apt install lightdm
sudo reboot
sudo apt install cups
sudo usermod -a -G lpadmin pi
#sddm display manager is the default one for KDE Plasma desktop. sudo dpkg-reconfigure sddm sudo update-alternatives --config x-session-manager sudo apt install network-manager-gnome sudo systemctl disable dhcpcd sudo /etc/init.d/dhcpcd stop reboot sudo iw reg set FR ## wifi to France mcedit /etc/default/crda #REGDOMAIN= #REGDOMAIN=US ##### back to lite version ##### sudo apt purge x11-common
Install wifi Raspberry
#!/bin/bash
# https://www.raspberrypi.com/documentation/computers/configuration.html#configuring-networking
# https://raspberrypi.stackexchange.com/questions/95070/auto-connect-to-saved-network-after-stopping-and-starting-wpa-supplicant-service
sudo iwlist wlan0 scan
wpa_passphrase TP-LINK-0FBE password
wpa_passphrase TP-LINK_0FBE_5G password
wpa_passphrase Fibre2Gh password
sudo mcedit /etc/wpa_supplicant/wpa_supplicant.conf
wpa_cli -i wlan0 reconfigure
#If you are using a hidden network, an extra option in the wpa_supplicant file, scan_ssid,
#may help connection.
#network={
# ssid="yourHiddenSSID"
# scan_ssid=1
# sudo mcedit /etc/dhcpcd.conf
# interface wlan0
# static ip_address=192.168.1.78/24
# static routers=192.168.1.254
# static domain_name_servers=192.168.1.254
#sudo raspi-config
ip route | grep wlan0
#default via 192.168.1.254 dev wlan0 proto dhcp src 192.168.1.110 metric 302
#192.168.1.0/24 dev wlan0 proto dhcp scope link src 192.168.1.110 metric 302
Wifi config Ubuntu Server Raspberry
sudo dpkg-reconfigure keyboard-configuration
sudo apt install wireless-tools net-tools
sudo apt install wpasupplicant
sudo mcedit /etc/wpa_supplicant.conf
#network={
# ssid="ssid_name"
# psk="password"
#}
sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf -D wext
sudo dhclient wlan0
# wpa_passphrase myrouter mypassphrase > wpa.conf
sudo apt install wireless-tools net-tools ifupdown #Then, edit the /etc/network/interfaces configuration file: sudo nano /etc/network/interfaces #The file is empty, paste these lines into it: auto wlan0 iface wlan0 inet dhcp wpa-ssid YOUR_SSID wpa-psk YOUR_PASSWORD #Save & exit (CTRL+X). #Enable the Wi-Fi interface: sudo ifup wlan0 #It should work immediately (use ifconfig to check). #If not, reboot your system: sudo reboot #https://github.com/Mange/rtl8192eu-linux-driver #sed $'s/\^\[/\E/g;s/\[1G\[/\[27G\[/' /var/log/boot
Improved (=reliable) Wait for Network
systemctl enable network-wait-online.service systemctl list-dependencies --before dhcpcd systemctl list-dependencies mnt-video.mount
#
# Uses 'hostname --all-fqdns' to confirm that both: IP address[es] assigned, and DNS operational
#
[Unit]
Description=Wait for Network to be Online
Documentation=man:systemd.service(5) man:systemd.special(7)
Conflicts=shutdown.target
After=network.target
Before=network-online.target
[Service]
Type=oneshot
ExecStart= \
/bin/bash -c ' \
if [ -e /etc/systemd/system/dhcpcd.service.d/wait.conf ]; \
then \
echo Wait for Network: enabled; \
while [ -z $(hostname --all-fqdns) ]; \
do \
sleep 1; \
done; \
else \
echo Wait for Network: disabled; \
exit 0; \
fi'
TimeoutStartSec=1min 30s
[Install]
WantedBy=network-online.target
tmp in ram
tmpfs /tmp tmpfs defaults,noatime,nosuid,size=10m 0 0 tmpfs /var/tmp tmpfs defaults,noatime,nosuid,size=10m 0 0 tmpfs /var/log tmpfs defaults,noatime,nosuid,mode=0755,size=10m 0 0
# # This file is part of systemd. # # jeff # [Unit] Description=My Service [Service] # We just want to create the myservice run directory Type=oneshot RuntimeDirectory=myservice User=root Group=root #ExecStart=/bin/true ExecStart=/bin/bash -c 'echo coucou >> /tmp/myservice.txt' RemainAfterExit=yes [Install] WantedBy=multi-user.target
# # This file is part of systemd. # # # jeff [Unit] Description=My Service Requires=mnt-video.mount Requires=mnt-homes.mount [Service] Type=oneshot RuntimeDirectory=myservice User=root Group=root ExecStart=/bin/sh -c '/root/.bash/apache_createlog.bash' RemainAfterExit=yes StandardOutput=append:/var/log/my.service.log StandardError=append:/var/log/my.service.log [Install] WantedBy=multi-user.target # /jeff
sudo touch /etc/systemd/system/my.service sudo chmod 644 /etc/systemd/system/my.service sudo mcedit /etc/systemd/system/my.service sudo systemctl start my.service sudo systemctl status my.service sudo systemctl enable my.service sudo systemctl daemon-reload
run rsync
# option1 rsync -za
# option2 rsync -qaHAXS
# option3 rsync -aAXv
# a archive (-rlptgoD)
# -r, --recursive
# -l, --links
# -p, --perms
# -t, --times
# -g, --group
# -o, --owner
# -D, --devices
# -H, --hard-links
# -A, --acls # rsync: ACLs are not supported on this server
# -q, --quiet
# -X, --xattrs
# -S, --sparse
# -x, --one-file-system
#rsync -za /home/timemachine/rsync_test timemachine@nas.local:/volume1/backup/_test_
# --progress
# -aHAXS according to https://unix.stackexchange.com/questions/606101/is-it-possible-to-use-rsync-to-restore-root-from-a-directory-in-root
blkid > /root/blkid.txt
dd if=/dev/mmcblk0 of=/root/masterbootrecord.mbr bs=466 count=1
cp /etc/fstab /root/fstab.txt
cp /boot/cmdline.txt /root/cmdline.txt
rsync -aHXSv --delete --numeric-ids --stats / --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} timemachine@nas.local:/volume1/backup/raspi
install nfs
#!/bin/bash sudo apt install nfs-kernel-server sudo echo "#/home/share 192.168.1.1/255.255.255.0(rw,no_wdelay,no_root_squash,insecure,insecure_locks,sec=sys,async,no_subtree_check,anonuid=1026,anongid=100)" >> /etc/exports sudo mkdir /home/share sudo chown utilisateur1:utilisateur1 /home/share sudo exportfs -ra
run firefox with profile...
#!/bin/bash
# about:profiles
if (( $EUID == 0 )); then
echo "Please do not run $0 as root"
exit
fi
firefox -P default &
new user
#!/bin/bash sudo groupadd -r -g 1026 utilisateur1 sudo useradd -u 1026 -g 1026 utilisateur1 sudo usermod -m -d /home/utilisateur1 utilisateur1 # raspi sudo usermod -a -G utilisateur1,pi,adm,cdrom,sudo,dip,plugdev,lpadmin,lxd,sambashare utilisateur1 sudo usermod -a -G utilisateur1,pi,adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,spi,i2c,gpio utilisateur1 # debian amd64 sudo usermod -a -G utilisateur1,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev,bluetooth,lpadmin,scanner utilisateur1 sudo usermod --shell /bin/bash utilisateur1 id utilisateur1 groups utilisateur1 grep utilisateur1 /etc/passwd #groups pi #pi : pi adm dialout cdrom sudo audio video plugdev games users input netdev spi i2c gpio lpadmin #pi : pi adm cdrom sudo dip plugdev lpadmin lxd sambashare # .... # change user gid uid groupmod -g 1026 utilisateur1 usermod -u 1026 utilisateur1
install ssh
#!/bin/bash sudo apt install openssh-server #sudo systemctl enable ssh #sudo systemctl start ssh #chmod 600 .ssh/authorized_keys #ssh-keygen -t rsa -b 4096 mcedit /etc/ssh/sshd_config # To disable tunneled clear text passwords, change to no here! # jeff #PasswordAuthentication yes PasswordAuthentication no # /jeff systemctl reload ssh sudo apt install sshguard sudo iptables -N sshguard sudo iptables -A INPUT -m multiport -p tcp --destination-ports 21,22 -j sshguard sudo mkdir /etc/iptables sudo iptables-save > /etc/iptables/iptables.rules sudo ip6tables -N sshguard sudo ip6tables -A INPUT -m multiport -p tcp --destination-ports 21,22 -j sshguard sudo mkdir /etc/iptables sudo ip6tables-save > /etc/iptables/ip6tables.rules sudo systemctl enable sshguard sudo service sshguard start iptables --list sshguard --line-numbers --numeric #iptables --delete sshguard line-number
apt install ifstat
chmod 755 /volume1/homes/backup ls -Al /volume1/homes/ | grep backup # drwxr-xr-x 6 backup users 4096 Mar 5 17:04 backup ls -Al ~ | grep ssh # drwxr-xr-x 2 backup users 4096 Mar 5 17:05 .ssh ls -Al ~/.ssh total 16 -rw------- 1 backup users 1875 Mar 5 07:10 authorized_keys -rw------- 1 backup users 3243 Mar 5 17:04 id_rsa -rw-r----- 1 backup users 736 Mar 5 17:04 id_rsa.pub mcedit /etc/ssh/sshd_config # PubkeyAuthentication yes # RSAAuthentication yes
install wireguard
#!/bin/bash # #### server side #### # curl -L https://install.pivpn.io | bash sudo -u pi pivpn -a sudo -u pi pivpn -l #sudo -u pi pivpn -qr
#!/bin/bash # #### client side #### apt install resolvconf apt install wireguard cp raspi2.conf /etc/wireguard/wg0.conf mkdir /etc/wireguard/server echo "privatekey" > /etc/wireguard/server/server.key echo "publickey" > /etc/wireguard/server/server.key.pub chmod 600 /etc/wireguard/server/server.key chmod 600 /etc/wireguard/wg0.conf # connect with params wg0.conf wg-quick up wg0 ping 10.6.0.1 # start at boot sudo systemctl enable wg-quick@wg0
install letsencrypt
#!/bin/bash apt install snapd sudo snap install core; sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot sudo certbot --apache --domains jflemay.synology.me
install fail2ban
#!/bin/bash apt install fail2ban systemctl start fail2ban systemctl enable fail2ban # démarrage automatique sudo fail2ban-client status sudo fail2ban-client set sshd unbanip 11.22.33.44 sudo fail2ban-client set apache-auth unbanip 10.6.0.2 cat /var/log/fail2ban.log | grep " Ban \| Unban " fail2ban-client reload apache-auth fail2ban-regex -v --print-all-missed /var/log/apache2/raspissl_error.log /etc/fail2ban/filter.d/apache-auth.conf fail2ban-regex -v /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
# Fail2Ban configuration file # # Author: jeff # # [Definition] actionban = /root/.bash/send_mail.bash "jeff-batch banned <name>" "pouet"
[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s
action = %(action_)s
jeff-batch[name=%(__name__)s, port="%(port)s", logpath=%(logpath)s]
#!/bin/bash
if [ -z "$1" ]; then
echo "Usage :"
echo "$0 \"subject\" \"message\" "
exit 0
fi
#### message ######
###################
mail_rcpt='jflemay@hotmail.com'
mail_sbjt="$1"
mail_text="$2"
##### sender #####
##################
mail_from='marinajflemay@gmail.com'
mail_pass="password"
mail_smtp='smtps://smtp.gmail.com:465'
header="MIME-Version: 1.0\nContent-Transfer-Encoding: 8bit\nContent-Type: text/plain;charset=utf-8\n"
curl --url "${mail_smtp}" --ssl-reqd \
--user "${mail_from}:${mail_pass}" \
--mail-from "${mail_from}" \
--mail-rcpt "${mail_rcpt}" \
-T - <<< $( echo -e "From: ${mail_from}\nTo: ${mail_rcpt}\nSubject: ${mail_sbjt}\n${header}\n\n${mail_text}" )
install server
hostnamectl set-hostname pcraspberry
install Jitsi
- uninstall : sudo apt purge jitsi-meet jitsi-meet-web-config jitsi-meet-prosody jitsi-meet-turnserver jitsi-meet-web jicofo jitsi-videobridge2
wget https://download.jitsi.org/jitsi-key.gpg.key sudo apt-key add jitsi-key.gpg.key rm jitsi-key.gpg.key echo "deb https://download.jitsi.org stable/" | sudo tee -a /etc/apt/sources.list.d/jitsi-stable.list sudo apt update sudo apt install jitsi-meet # forwarding # 80/TCP for ssl create / renew # 443/TCP for the HTTPS server # 4443/TCP if UDP is blocked # 10000/UDP for the video bridge # conf is in /etc/jitsi # writing new private key to '/etc/jitsi/meet/raspi2.vpn.key' # # Change # /etc/jitsi/meet/raspi2.vpn.crt with the one created by mkcert # /etc/jitsi/meet/raspi2.vpn.key ............................... # # Key written to /var/lib/prosody/raspi2.vpn.key # Config written to /var/lib/prosody/raspi2.vpn.cnf # Certificate written to /var/lib/prosody/raspi2.vpn.crt # Updating /etc/jitsi/jicofo/config to use jicofo.conf
Configuration de jitsi-meet-web-config │ Jitsi Meet is best to be set up with an SSL certificate. Having no certificate, a │ self-signed one will be generated. By choosing self-signed you will later have a chance to │ install Let’s Encrypt certificates. Having a certificate signed by a recognised CA, it can │ be uploaded on the server and point its location. The default filenames will be │ /etc/ssl/--domain.name--.key for the key and /etc/ssl/--domain.name--.crt for the │ certificate. │ │ SSL certificate for the Jitsi Meet instance │ │ Generate a new self-signed certificate (You will later get a chance to ... │ I want to use my own certificate
Sauvegarde partition ext4
fdisk -l sfdisk -d /dev/sdc > /mnt/usb/part_table.sfdisk blkid mcedit /mnt/usb/blkid.txt fsck -v -C0 /dev/sdc2 mcedit /mnt/usb/fsck.txt fdisk -l /dev/sdc >> /mnt/usb/fdisk_-l.txt dd if=/dev/sdc of=/mnt/usb/masterbootrecord.mbr bs=466 count=1 partclone.ext4 -c -s /dev/sdc2 -o /mnt/usb/sd_2.partclone partclone.fat32 -c -s /dev/sdc1 -o /mnt/usb/sd_1.partclone #dd if=/dev/sdc1 of=/mnt/usb/sd_1.dd bs=1M #dump -0af /mnt/usb/sdc1.dump /dev/sdc1 #e2image -ar /dev/sdc2 /mnt/usb/sd_2.e2image #sfdisk /dev/sdX < part_table ls -Al /mnt/usb/ total 26248560 -rw-r--r-- 1 root root 237 25 nov. 12:49 blkid.txt -rw-r--r-- 1 root root 566 25 nov. 12:45 fdisk_-l.txt -rw-r--r-- 1 root root 138 25 nov. 12:47 fsck.txt -rw-r--r-- 1 root root 198 25 nov. 12:18 part_table -rw-r--r-- 1 root root 198 25 nov. 12:54 part_table.sfdisk -rw------- 1 root root 36346622 25 nov. 12:27 sd_1.partclone -rw------- 1 root root 13878717434 25 nov. 12:43 sd_2.partclone sudo partclone.fat32 -r -d -s /mnt/usb/sd_1.partclone -o /dev/sdd1 sudo partclone.ext4 -r -d -s /mnt/usb/sd_2.partclone -o /dev/sdd2 blkid ## read PARTUUID of /dev/sdd2 mount /dev/sdd2 /mnt/test mcedit /mnt/test/etc/fstab mcedit /media/utilisateur1/rootfs/etc/fstab ## change PARTUUID on partition #2 (ext4) PARTUUID=5e0d99cb-01 /boot vfat defaults 0 2 PARTUUID=5e0d99cb-02 / ext4 defaults,noatime 0 1 umount /mnt/test mount /dev/sdd1 /mnt/test mcedit /mnt/test/cmdline.txt mcedit /media/utilisateur1/boot/cmdline.txt ## change PARTUUID on partition #1 (fat32) console=serial0,115200 console=tty1 root=PARTUUID=5e0d99cb-02 rootfstype=ext4 fsck.repair=yes rootwait
# save GPT
sgdisk --backup=/partitions-backup-$(basename $source).sgdisk $source
sgdisk --backup=/partitions-backup-$(basename $dest).sgdisk $dest
# Copy $source layout to $dest and regenerate GUIDs
sgdisk --replicate=$dest $source
sgdisk -G $dest
# GPT partition scheme from /dev/sda to /dev/sdd (RAID array rebuild)?
# sgdisk -R {SECOND-DEVICE-NAME-HERE} /dev/sda
# sgdisk -R /dev/sdd /dev/sda
To randomize the GUID on the /dev/sdd, enter:
# sgdisk -G /dev/sdd
Rdp server
[globals] port=127.0.0.1:3389 sudo /etc/init.d/xrdp start
apache2
apt install apache2 openssl libapache2-mod-php apt install php php-cli openssl version a2enmod ssl #sudo mkdir -p /etc/ssl/localcerts #sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key #sudo chmod 600 /etc/ssl/localcerts/apache* #sudo a2enmod ssl cp default-ssl.conf 001-jflemay.synology.me.conf # change <VirtualHost _default_:443> # to this <VirtualHost jflemay.synology.me:443> a2ensite 001-jflemay.synology.me.conf systemctl restart apache2
mkcert
on Mac : #== sudo -u utilisateur1 mkcert local.example.com # create 2 files in the current directory : local.example.com.pem & local.example.com-key.pem
# on the Chrome / Firefox machine sudo -u utilisateur1 mkcert localhost cp localhost.pem /opt/homebrew/etc/httpd/certs/ cp localhost-key.pem /opt/homebrew/etc/httpd/certs/ sudo -u utilisateur1 mkcert raspi.local scp localhost.pem root@raspi.local:/etc/apache2/certs/ scp localhost-key.pem root@raspi.local:/etc/apache2/certs/ # in apache2.conf : # SSLCertificateFile /etc/apache2/certs/raspi.local.pem # SSLCertificateKeyFile /etc/apache2/certs/raspi.local-key.pem
install smb permanent links
sudo apt install samba nas.local:/volume1/homes /mnt/homes nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 nas.local:/volume1/video /mnt/video nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 nas.local:/volume1/music /mnt/music nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 nas.local:/volume1/admin /mnt/admin nfs _netdev,auto,nouser,nosuid,rw,exec,rsize=32768,wsize=32768,sharecache,proto=tcp,hard,timeo=60 0 0 #raspi.local:/home/share /mnt/share nfs defaults 0 0
smbpasswd -a utilisateur1
install wait for network
#!/bin/bash sudo apt install nfs-common --fix-missing systemctl disable systemd-networkd-wait-online.service
nfs4 mapping problem (not solved)
systemctl status nfs-idmapd sudo groupadd -r -g 1023 http mcedit /etc/idmapd.conf #[Général] #Domaine = domaine local #[Traduction] #Méthode = nsswitch mcedit /etc/default/nfs-common #NEED_IDMAPD = yes systemctl restart nfs-utils
Install Firefox on Raspbian
sudo mcedit /etc/apt/sources.list.d/bionic.list
# for raspberry === deb http://ports.ubuntu.com/ubuntu-ports bionic-updates main
# for debian amd64 === deb http://archive.ubuntu.com/ubuntu/ bionic main restricted universe multiverse
# for debian amd64 === deb http://security.ubuntu.com/ubuntu/ bionic-security main restricted universe multiverse
# for debian amd64 === deb http://archive.ubuntu.com/ubuntu/ bionic-updates main restricted universe multiverse
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
# for Raspi
sudo mcedit /etc/apt/preferences.d/99bionic-updates
#Paste the following lines in it:
Package: *
Pin: release a=bionic-updates
Pin-Priority: 1
# for Debian amd64
sudo mcedit /etc/apt/preferences.d/bionic.pref
Explanation: Allow installing firefox from bionic
Package: firefox
Pin: release a=bionic-updates
Pin-Priority: 1101
Explanation: Avoid other packages from the bionic repo.
Package: *
Pin: release a=bionic
Pin-Priority: 1
sudo apt update
sudo apt install firefox
other stuff
vlc https://radiobonheur.ice.infomaniak.ch/radiobonheur-128-1.mp3?DIST=TuneIn do shell script "/Applications/VLC.app/Contents/MacOS/VLC https://radiobonheur.ice.infomaniak.ch/radiobonheur-128-1.mp3?DIST=TuneIn"