822 lines
29 KiB
Markdown
822 lines
29 KiB
Markdown
---
|
||
type: "topic"
|
||
Brand: "Beelink"
|
||
GPU: "Intel Celeron 11th Gen N5095 2.9GHz"
|
||
SSD: "M.2 SATA3 2280"
|
||
RAM: "8GB DDR4"
|
||
created: "2024-04-02T01:49:25.791Z"
|
||
updated: "2024-04-08T16:54:34.096Z"
|
||
---
|
||
|
||
# Beelink
|
||
|
||
```bash
|
||
apt-get update
|
||
apt-get upgrade
|
||
reboot
|
||
ip a
|
||
lsb_release -a
|
||
apt-get install links unzip net-tools ufw nginx git nano ncdu -y
|
||
ncdu
|
||
ufw enable
|
||
ufw allow from 192.168.0.0/24 to any port 22 comment "01) SSH"
|
||
ufw allow to 0.0.0.0/0 port 80 comment "02) HTTP"
|
||
ufw allow to 0.0.0.0/0 port 443 comment "03) HTTPS"
|
||
ufw status numbered
|
||
cd /home/mike/
|
||
wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh
|
||
chmod +x ./dotnet-install.sh
|
||
./dotnet-install.sh --channel 7.0
|
||
ln -s /home/mike/.dotnet/dotnet /usr/local/bin/dotnet
|
||
dotnet --info
|
||
export DOTNET_ROOT=$HOME/.dotnet
|
||
export PATH=$PATH:$HOME/.dotnet:$HOME/.dotnet/tools
|
||
dotnet --info
|
||
timedatectl set-timezone America/Phoenix
|
||
timedatectl
|
||
snap install dashkiosk
|
||
snap restart dashkiosk
|
||
snap install ubuntu-frame wpe-webkit-mir-kiosk
|
||
ufw status numbered
|
||
snap set wpe-webkit-mir-kiosk url=http://localhost:9400/receiver
|
||
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
|
||
/snap/wpe-webkit-mir-kiosk/current/bin/setup.sh
|
||
wpe-webkit-mir-kiosk.cog http://localhost:9400/receiver
|
||
snap set ubuntu-frame daemon=true
|
||
apt-get install -y ca-certificates
|
||
openssl s_client -showcerts -connect DESKTOP-H6JG91B:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >DESKTOP-H6JG91B.crt
|
||
nano /etc/hosts
|
||
nano /etc/nginx/sites-available/default
|
||
echo >/etc/nginx/sites-available/default && nano /etc/nginx/sites-available/default
|
||
```
|
||
|
||
```conf
|
||
server {
|
||
listen 80 default_server;
|
||
listen [::]:80 default_server;
|
||
root /var/www/html;
|
||
index index.html index.htm index.nginx-debian.html;
|
||
server_name _;
|
||
location / {
|
||
try_files $uri $uri/ =404;
|
||
}
|
||
}
|
||
server {
|
||
ssl_certificate 'laundry.phares.myftp.org.crt';
|
||
ssl_certificate_key 'laundry.phares.myftp.org.key';
|
||
listen 443 ssl http2;
|
||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||
listen [::]:443 ssl http2;
|
||
server_name laundry.phares.myftp.org;
|
||
location / {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://localhost:80/;
|
||
proxy_read_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
}
|
||
}
|
||
server {
|
||
ssl_certificate 'laundry.phares.myftp.org.crt';
|
||
ssl_certificate_key 'laundry.phares.myftp.org.key';
|
||
listen 443 ssl http2;
|
||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||
listen [::]:443 ssl http2;
|
||
server_name dashkiosk.laundry.phares.myftp.org;
|
||
location / {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://localhost:9400/;
|
||
proxy_read_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
}
|
||
}
|
||
server {
|
||
ssl_certificate 'laundry.phares.myftp.org.crt';
|
||
ssl_certificate_key 'laundry.phares.myftp.org.key';
|
||
listen 443 ssl http2;
|
||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||
listen [::]:443 ssl http2;
|
||
server_name gogs.laundry.phares.myftp.org;
|
||
client_max_body_size 5000m;
|
||
location / {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://localhost:3000/;
|
||
proxy_read_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
}
|
||
}
|
||
server {
|
||
ssl_certificate 'laundry.phares.myftp.org.crt';
|
||
ssl_certificate_key 'laundry.phares.myftp.org.key';
|
||
listen 443 ssl http2;
|
||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||
listen [::]:443 ssl http2;
|
||
server_name nextcloud.laundry.phares.myftp.org;
|
||
location / {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://localhost:8081/;
|
||
proxy_read_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
}
|
||
}
|
||
server {
|
||
ssl_certificate 'laundry.phares.myftp.org.crt';
|
||
ssl_certificate_key 'laundry.phares.myftp.org.key';
|
||
listen 443 ssl http2;
|
||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||
listen [::]:443 ssl http2;
|
||
server_name photoprism.laundry.phares.myftp.org;
|
||
location / {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://localhost:2342/;
|
||
proxy_read_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
}
|
||
}
|
||
server {
|
||
ssl_certificate 'laundry.phares.myftp.org.crt';
|
||
ssl_certificate_key 'laundry.phares.myftp.org.key';
|
||
listen 443 ssl http2;
|
||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||
listen [::]:443 ssl http2;
|
||
server_name ~(pi-hole).laundry.phares.myftp.org;
|
||
location / {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://localhost:8005/;
|
||
proxy_read_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
}
|
||
}
|
||
server {
|
||
ssl_certificate 'laundry.phares.myftp.org.crt';
|
||
ssl_certificate_key 'laundry.phares.myftp.org.key';
|
||
listen 443 ssl http2;
|
||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||
listen [::]:443 ssl http2;
|
||
server_name syncthing.laundry.phares.myftp.org;
|
||
location / {
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_pass http://localhost:8384/;
|
||
proxy_read_timeout 600s;
|
||
proxy_send_timeout 600s;
|
||
}
|
||
}
|
||
```
|
||
|
||
```bash
|
||
systemctl restart nginx
|
||
nginx -t
|
||
nginx -s reload
|
||
nano /home/mike/laundry.phares.myftp.org.conf
|
||
echo >/home/mike/laundry.phares.myftp.org.conf && nano /home/mike/laundry.phares.myftp.org.conf
|
||
```
|
||
|
||
```conf
|
||
[req]
|
||
default_bits = 2048
|
||
default_keyfile = laundry.phares.myftp.org.key
|
||
distinguished_name = req_distinguished_name
|
||
req_extensions = req_ext
|
||
x509_extensions = v3_ca
|
||
|
||
[req_distinguished_name]
|
||
countryName = Country Name (2 letter code)
|
||
countryName_default = US
|
||
stateOrProvinceName = State or Province Name (full name)
|
||
stateOrProvinceName_default = Arizona
|
||
localityName = Locality Name (eg, city)
|
||
localityName_default = Anthem
|
||
organizationName = Organization Name (eg, company)
|
||
organizationName_default = Phares
|
||
organizationalUnitName = organizationalunit
|
||
organizationalUnitName_default = Development
|
||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||
commonName_default = laundry.phares.myftp.org
|
||
commonName_max = 64
|
||
|
||
[req_ext]
|
||
subjectAltName = @alt_names
|
||
|
||
[v3_ca]
|
||
subjectAltName = @alt_names
|
||
|
||
[alt_names]
|
||
DNS.1 = laundry.phares.myftp.org
|
||
DNS.2 = dashkiosk.laundry.phares.myftp.org
|
||
DNS.3 = gogs.laundry.phares.myftp.org
|
||
DNS.4 = nextcloud.laundry.phares.myftp.org
|
||
DNS.5 = photoprism.laundry.phares.myftp.org
|
||
DNS.6 = pi-hole.laundry.phares.myftp.org
|
||
DNS.7 = syncthing.laundry.phares.myftp.org
|
||
DNS.8 = beelink.server
|
||
DNS.9 = beelink
|
||
DNS.10 = localhost
|
||
DNS.11 = 127.0.0.1
|
||
```
|
||
|
||
```bash
|
||
rm /etc/nginx/laundry.phares.myftp.org.key
|
||
rm /etc/nginx/laundry.phares.myftp.org.crt
|
||
ls /etc/nginx
|
||
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/laundry.phares.myftp.org.key -out /etc/nginx/laundry.phares.myftp.org.crt -config /home/mike/laundry.phares.myftp.org.conf
|
||
ls /etc/nginx
|
||
apt install update-manager-core
|
||
exit
|
||
do-release-upgrade
|
||
exit
|
||
adduser gogs
|
||
cd /home/gogs
|
||
wget https://dl.gogs.io/0.13.0/gogs_0.13.0_linux_amd64.tar.gz
|
||
tar -xvzf gogs_0.13.0_linux_amd64.tar.gz
|
||
rm gogs_0.13.0_linux_amd64.tar.gz
|
||
cd gogs
|
||
ufw status numbered
|
||
./gogs web
|
||
mkdir /home/gogs/gogs-repositories
|
||
chown gogs /home/gogs -R
|
||
chgrp gogs /home/gogs -R
|
||
nano /home/gogs/gogs/custom/conf/app.ini
|
||
nano /etc/systemd/system/gogs-daemon.service
|
||
systemctl enable gogs-daemon
|
||
systemctl start gogs-daemon
|
||
systemctl status gogs-daemon.service
|
||
systemctl daemon-reload
|
||
journalctl -fu gogs-daemon.service
|
||
journalctl --rotate
|
||
journalctl --vacuum-time=1s
|
||
cd /home/gogs
|
||
git clone https://github.com/Kos-M/GogsThemes
|
||
exit
|
||
cp ~/.bash_history /home/mike/bash-history-2023-10-17.txt
|
||
chown mike /home/mike -R
|
||
chgrp mike /home/mike -R
|
||
exit
|
||
adduser pi-hole
|
||
cd pi-hole
|
||
curl -sSL https://install.pi-hole.net | bash
|
||
```
|
||
|
||
```conf
|
||
# http://pi.hole/admin
|
||
# http://192.168.1.62/admin
|
||
fUiY4SYS
|
||
```
|
||
|
||
```conf
|
||
nano /etc/lighttpd/lighttpd.conf
|
||
```
|
||
|
||
```conf
|
||
server.port = 8005
|
||
```
|
||
|
||
```conf
|
||
service lighttpd restart
|
||
pihole -a -p 4hink
|
||
apt install unbound
|
||
; https://docs.pi-hole.net/guides/dns/unbound/
|
||
nano /etc/unbound/unbound.conf.d/pi-hole.conf
|
||
```
|
||
|
||
```conf
|
||
server:
|
||
# If no logfile is specified, syslog is used
|
||
# logfile: "/var/log/unbound/unbound.log"
|
||
verbosity: 0
|
||
|
||
interface: 127.0.0.1
|
||
port: 5335
|
||
do-ip4: yes
|
||
do-udp: yes
|
||
do-tcp: yes
|
||
|
||
# May be set to yes if you have IPv6 connectivity
|
||
do-ip6: no
|
||
|
||
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
|
||
# Terredo tunnels your web browser should favor IPv4 for the same reasons
|
||
prefer-ip6: no
|
||
|
||
# Use this only when you downloaded the list of primary root servers!
|
||
# If you use the default dns-root-data package, unbound will find it automatically
|
||
#root-hints: "/var/lib/unbound/root.hints"
|
||
|
||
# Trust glue only if it is within the server's authority
|
||
harden-glue: yes
|
||
|
||
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
|
||
harden-dnssec-stripped: yes
|
||
|
||
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
|
||
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
|
||
use-caps-for-id: no
|
||
|
||
# Reduce EDNS reassembly buffer size.
|
||
# IP fragmentation is unreliable on the Internet today, and can cause
|
||
# transmission failures when large DNS messages are sent via UDP. Even
|
||
# when fragmentation does work, it may not be secure; it is theoretically
|
||
# possible to spoof parts of a fragmented DNS message, without easy
|
||
# detection at the receiving end. Recently, there was an excellent study
|
||
# >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
|
||
# by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36/contributions/776/)
|
||
# in collaboration with NLnet Labs explored DNS using real world data from the
|
||
# the RIPE Atlas probes and the researchers suggested different values for
|
||
# IPv4 and IPv6 and in different scenarios. They advise that servers should
|
||
# be configured to limit DNS messages sent over UDP to a size that will not
|
||
# trigger fragmentation on typical network links. DNS servers can switch
|
||
# from UDP to TCP when a DNS response is too big to fit in this limited
|
||
# buffer size. This value has also been suggested in DNS Flag Day 2020.
|
||
edns-buffer-size: 1232
|
||
|
||
# Perform prefetching of close to expired message cache entries
|
||
# This only applies to domains that have been frequently queried
|
||
prefetch: yes
|
||
|
||
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
||
num-threads: 1
|
||
|
||
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
||
so-rcvbuf: 1m
|
||
|
||
# Ensure privacy of local IP ranges
|
||
private-address: 192.168.0.0/16
|
||
private-address: 169.254.0.0/16
|
||
private-address: 172.16.0.0/12
|
||
private-address: 10.0.0.0/8
|
||
private-address: fd00::/8
|
||
private-address: fe80::/10
|
||
```
|
||
|
||
```conf
|
||
service unbound restart
|
||
# http://beelink:8005/admin/settings.php?tab=dns
|
||
# https://docs.pi-hole.net/guides/dns/unbound/
|
||
127.0.0.1#5335
|
||
```
|
||
|
||
```bash
|
||
apt-get install syncthing
|
||
apt-get install apt-transport-https
|
||
adduser syncthing
|
||
cat /etc/passwd | cut -d: -f1
|
||
systemctl enable syncthing@syncthing.service
|
||
systemctl start syncthing@syncthing.service
|
||
systemctl status syncthing@syncthing.service
|
||
journalctl -e -u syncthing@syncthing.service
|
||
nano /home/syncthing/.config/syncthing/config.xml
|
||
```
|
||
|
||
```xml
|
||
<address>0.0.0.0:8384</address>
|
||
```
|
||
|
||
```bash
|
||
systemctl restart syncthing@syncthing.service
|
||
chown syncthing /home/syncthing -R
|
||
chgrp syncthing /home/syncthing -R
|
||
```
|
||
|
||
```bash
|
||
ufw status numbered
|
||
ufw allow from 192.168.1.0/26 to any port 22 comment "01) SSH"
|
||
ufw allow to 0.0.0.0/0 port 80 comment "02) HTTP"
|
||
ufw allow to 0.0.0.0/0 port 443 comment "03) HTTPS"
|
||
ufw allow from 192.168.1.0/26 to any port 53 comment "04) DNS"
|
||
ufw allow from 192.168.1.0/26 to any port 67 comment "05) Unknown"
|
||
ufw allow from 192.168.11.0/24 to any port 8005 comment "06) SSH"
|
||
ufw allow from 192.168.0.0/26 to any port 22 comment "07) SSH"
|
||
ufw allow from 192.168.11.0/28 to any port 22 comment "08) SSH"
|
||
ufw allow from 192.168.21.0/28 to any port 22 comment "09) SSH"
|
||
ufw allow from 192.168.31.0/26 to any port 22 comment "10) SSH"
|
||
ufw allow from 192.168.41.0/26 to any port 22 comment "11) SSH"
|
||
ufw allow from 192.168.42.0/28 to any port 22 comment "12) SSH"
|
||
ufw allow from 192.168.43.0/26 to any port 22 comment "13) SSH"
|
||
ufw allow from 192.168.44.0/26 to any port 22 comment "14) SSH"
|
||
ufw allow to 0.0.0.0/0 port 22 comment "15) SSH"
|
||
ufw status numbered
|
||
```
|
||
|
||
```conf
|
||
To Action From
|
||
-- ------ ----
|
||
[ 1] 22 ALLOW IN 192.168.1.0/26 # 01) SSH
|
||
[ 2] 80 ALLOW IN Anywhere # 02) HTTP
|
||
[ 3] 443 ALLOW IN Anywhere # 03) HTTPS
|
||
[ 4] 53 ALLOW IN 192.168.1.0/26 # 04) DNS
|
||
[ 5] 67 ALLOW IN 192.168.1.0/26 # 05) Unknown
|
||
[ 6] 9400 ALLOW IN 192.168.1.0/26 # 06) dashkiosk
|
||
```
|
||
|
||
```bash
|
||
echo >/etc/hosts && nano /etc/hosts
|
||
nano /etc/hosts
|
||
```
|
||
|
||
```conf
|
||
127.0.0.1 localhost
|
||
127.0.0.1 beelink
|
||
127.0.1.1 laundry.phares.myftp.org
|
||
# The following lines are desirable for IPv6 capable hosts
|
||
::1 ip6-localhost ip6-loopback
|
||
fe00::0 ip6-localnet
|
||
ff00::0 ip6-mcastprefix
|
||
ff02::1 ip6-allnodes
|
||
ff02::2 ip6-allrouters
|
||
```
|
||
|
||
```bash
|
||
# adduser twingate
|
||
# curl -s https://binaries.twingate.com/client/linux/install.sh | bash
|
||
# twingate setup
|
||
# twingate start
|
||
|
||
|
||
# curl "https://binaries.twingate.com/connector/setup.sh" | sudo TWINGATE_ACCESS_TOKEN="eyJhbGciOiJFUzI1NiIsImtpZCI6IjlZSlNUMGR6YU5pRDhZR0h5SUdyTG1SVDZKTmMwbHJGMVFsNklseVJ6X1UiLCJ0eXAiOiJEQVQifQ.eyJudCI6IkFOIiwiYWlkIjoiMTczMDc3IiwiZGlkIjoiMTAwMzc4OSIsImp0aSI6IjIyNTJmMjIwLWNkNjQtNDlhYy04YjRhLTE0NDFjOWUyM2U5ZSIsImlzcyI6InR3aW5nYXRlIiwiYXVkIjoicGhhcmVzIiwiZXhwIjoxNjk4MDE0Mzc4LCJpYXQiOjE2OTgwMTA3NzgsInZlciI6IjQiLCJ0aWQiOiI1NzgzOSIsInJudyI6MTY5ODAxMTA3OCwicm5ldGlkIjoiNzIyNzcifQ.aQnQMUGqM5fBEbR781u-lCPjltfmb1TdZUJTNJ_GYiiSJiemJiIrVK80xHQlIpPB2kot34nxmpvVK4kZK64X3w" TWINGATE_REFRESH_TOKEN="AWOLHa11QFXENAyov_w-KQ5ZC-keHm2w_ActZP8M7hBpy2NOC7EDT2bkEpBCO-YLTd40Pp-pdplIJu0lvdvNBAGINHopYnX2XOgaMxS5tbPPTsHRlnQpckaXYuOwu28W0ORs8g" TWINGATE_NETWORK="phares" bash
|
||
|
||
# curl "https://binaries.twingate.com/connector/setup.sh" | TWINGATE_ACCESS_TOKEN="eyJhbGciOiJFUzI1NiIsImtpZCI6IjlZSlNUMGR6YU5pRDhZR0h5SUdyTG1SVDZKTmMwbHJGMVFsNklseVJ6X1UiLCJ0eXAiOiJEQVQifQ.eyJudCI6IkFOIiwiYWlkIjoiMTczMjIxIiwiZGlkIjoiMTAwNDI3NCIsImp0aSI6ImQxMWIwYWIzLWJjZTgtNDIxZS05MzAwLTA1ZmFkZDk5YjllMiIsImlzcyI6InR3aW5nYXRlIiwiYXVkIjoicGhhcmVzIiwiZXhwIjoxNjk4MDM3MTgzLCJpYXQiOjE2OTgwMzM1ODMsInZlciI6IjQiLCJ0aWQiOiI1NzgzOSIsInJudyI6MTY5ODAzMzg4Mywicm5ldGlkIjoiNzIyNzcifQ.7YqB5iz1lzsfb6adLPx53NNA3dJ1NnuzmNhyyi4FzPdMTGxn3qbHD1olvWpEEi69D8gAvF5K77DPwE1BHxo4Qw" TWINGATE_REFRESH_TOKEN="HypbNsUdue5Dh3s5W4ePR9RIkFDsjEGiNJFJDf_cLdixkn94ieMypUZMH_XIc4-13L_PuQ61M7RWG5rF21ZRAgFf1MuIMf5kJGhuQq_VG7_E_6Q8NMLAajP5W05jTofB-sY3Ig" TWINGATE_NETWORK="phares" bash
|
||
```
|
||
|
||
```bash
|
||
# https://ubuntu.com/server/docs/network-configuration
|
||
ip a
|
||
ip address show eno1
|
||
ls -l /etc/netplan/
|
||
echo >/etc/netplan/00-installer-config.yaml && nano /etc/netplan/00-installer-config.yaml
|
||
```
|
||
|
||
```yaml old
|
||
# This is the network config written by 'subiquity'
|
||
network:
|
||
ethernets:
|
||
enp2s0:
|
||
dhcp4: true
|
||
version: 2
|
||
```
|
||
|
||
```yaml new
|
||
network:
|
||
ethernets:
|
||
enp2s0:
|
||
addresses:
|
||
- 192.168.1.62/26
|
||
routes:
|
||
- to: default
|
||
via: 192.168.1.1
|
||
nameservers:
|
||
addresses: [205.171.3.25, 205.171.2.25]
|
||
version: 2
|
||
```
|
||
|
||
```bash
|
||
netplan apply
|
||
ip addr flush enp2s0
|
||
```
|
||
|
||
```bash Thu Dec 28 2023 13:45:50 GMT-0700 (Mountain Standard Time)
|
||
# ufw allow from 192.168.1.0/26 to any port 8005 comment "04) Pi-hole"
|
||
# ufw allow from 192.168.1.0/26 to any port 9400 comment "06) dashkiosk"
|
||
# ufw allow from 192.168.1.0/26 to any port 8384 comment "07) syncthing"
|
||
```
|
||
|
||
```bash Thu Dec 28 2023 14:08:10 GMT-0700 (Mountain Standard Time)
|
||
# https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-nextcloud-on-ubuntu-20-04
|
||
sudo -i
|
||
snap install nextcloud
|
||
snap changes nextcloud
|
||
snap info nextcloud
|
||
snap connections nextcloud
|
||
cat /snap/nextcloud/current/meta/snap.yaml
|
||
nextcloud.manual-install admin {KeePass-Password}
|
||
nextcloud.occ config:system:get trusted_domains
|
||
nextcloud.occ config:system:set trusted_domains 1 --value=nextcloud.laundry.phares.myftp.org
|
||
nextcloud.occ config:system:get trusted_domains
|
||
nano /etc/hosts
|
||
ls /var/snap/nextcloud/current/certs/live
|
||
nextcloud.disable-https
|
||
snap set nextcloud ports.http=8081
|
||
nextcloud.occ user:resetpassword admin
|
||
nano /home/gogs/gogs/custom/conf/app.ini
|
||
# mkdir -p /mnt1
|
||
# mount -t ntfs -o ro /dev/sdc1 /mnt1
|
||
# mount /dev/sda4 /mnt
|
||
# snap stop nextcloud
|
||
# cp -r /mnt1/b/ /mnt/1-Images-A/
|
||
# ls /var/snap/nextcloud/common/nextcloud/data
|
||
# mv /var/snap/nextcloud/common/nextcloud/data /mnt/1-Images-B
|
||
# mkdir -p /mnt/1-Images-C/nextcloud/data
|
||
# mv /mnt/1-Images-B /mnt/1-Images-C/nextcloud/data
|
||
# mkdir -p /mnt/2-Images-B/nextcloud/data
|
||
# mv /mnt/1-Images-C/nextcloud/data/1-Images-B/ /mnt/2-Images-B/nextcloud/data/
|
||
nano /var/snap/nextcloud/current/nextcloud/config/config.php
|
||
mkdir -p /var/snap/nextcloud/common/nextcloud/data
|
||
chmod -R 0770 /var/snap/nextcloud/common/nextcloud/data
|
||
# chmod -R 0770 /mnt/2-Images-B/nextcloud/data
|
||
# mkdir /mnt/1-Images-A
|
||
# mkdir /mnt/2-Images-B
|
||
# mkdir /mnt/3-Videos-A
|
||
# mkdir /mnt/4-Videos-B
|
||
# mkdir /mnt/5-Other-Small
|
||
# mkdir /mnt/6-Other-Large
|
||
# mkdir /mnt/6-Other-Large-B
|
||
# mkdir /mnt/7-Question
|
||
# mkdir /mnt/8-Move
|
||
# mkdir /mnt/9-Delete
|
||
snap start nextcloud
|
||
nextcloud.occ files:scan --all
|
||
# mv /mnt/1-Images-A/c /mnt/2-Images-B/nextcloud/data/admin/files/Photos/_
|
||
# nextcloud.occ files:scan --all
|
||
# mv /mnt/2-Images-B/nextcloud/data/admin/files/Photos/_ /mnt/2-Images-B/nextcloud/data/admin/files/Photos/Original
|
||
# chown -R root:root /mnt/2-Images-B/nextcloud/data
|
||
# chmod -R 0770 /mnt/2-Images-B/nextcloud/data
|
||
nextcloud.occ files:scan --all
|
||
snap set nextcloud php.memory-limit=-1
|
||
snap get nextcloud php.memory-limit
|
||
snap restart nextcloud
|
||
nextcloud.occ preview:generate-all -vvv
|
||
nextcloud.mysql-client
|
||
nextcloud.export -b
|
||
```
|
||
|
||
```conf
|
||
WARNING: This functionality is still experimental and under
|
||
development, use at your own risk. Note that the CLI interface is
|
||
unstable, so beware if using from within scripts.
|
||
|
||
Enabling maintenance mode... done
|
||
Exporting database...
|
||
|
||
Successfully exported /var/snap/nextcloud/common/backups/20231228-210650
|
||
Disabling maintenance mode... done
|
||
```
|
||
|
||
```bash Sun Dec 31 2023 23:09:31 GMT-0700 (Mountain Standard Time)
|
||
sudo -i
|
||
snap remove --purge nextcloud
|
||
snap install nextcloud
|
||
snap changes nextcloud
|
||
snap info nextcloud
|
||
snap connections nextcloud
|
||
cat /snap/nextcloud/current/meta/snap.yaml
|
||
nextcloud.manual-install mikepharesjr@msn.com {KeePass-Password}
|
||
nextcloud.occ config:system:get trusted_domains
|
||
nextcloud.occ config:system:set trusted_domains 1 --value=nextcloud.laundry.phares.myftp.org
|
||
nextcloud.occ config:system:get trusted_domains
|
||
nano /etc/hosts
|
||
ls /var/snap/nextcloud/current/certs/live
|
||
nextcloud.disable-https
|
||
snap set nextcloud ports.http=8081
|
||
nextcloud.occ user:resetpassword mikepharesjr@msn.com
|
||
nextcloud.occ config:system:set overwrite.cli.url --value=https://nextcloud.laundry.phares.myftp.org
|
||
nextcloud.occ config:system:set overwriteprotocol --value=https
|
||
cat /var/snap/nextcloud/current/nextcloud/config/config.php
|
||
snap start nextcloud
|
||
nextcloud.occ files:scan --all
|
||
snap set nextcloud php.memory-limit=-1
|
||
snap get nextcloud php.memory-limit
|
||
snap restart nextcloud
|
||
nextcloud.mysql-client
|
||
nextcloud.export -b
|
||
```
|
||
|
||
```bash
|
||
# mount -t drvfs D: /mnt/d
|
||
# ln -s '/mnt/d/1-Images-A/Images-7007a9df-Results/C)Resize/7007a9df/Original/()' '/var/snap/nextcloud/common/nextcloud/data/admin/files/Photos/()'
|
||
# chown -R root:root '/var/snap/nextcloud/common/nextcloud/data/admin/files/Photos/()'
|
||
# chmod 0770 '/var/snap/nextcloud/common/nextcloud/data/admin/files/Photos/()'
|
||
# ls '/var/snap/nextcloud/common/nextcloud/data/admin/files/Photos/()'
|
||
# nano /var/snap/nextcloud/current/nextcloud/config/autoconfig.php
|
||
# chown -R root:root '/mnt/d/data'
|
||
# chmod 0770 '/mnt/d/data'
|
||
mount /dev/sdb1 /mnt
|
||
cp -r '/mnt/K-A/1-Images-A/Images-7007a9df-Results/C)Resize/7007a9df/Original/()/' '/var/snap/nextcloud/common/nextcloud/data/mikepharesjr@msn.com/files/'
|
||
ls -la /home/mike/preview/
|
||
# cp -r /home/mike/preview/* /var/snap/nextcloud/common/nextcloud/data/appdata_oce2cq0odh1l/preview/
|
||
rsync -a -v -h --ignore-existing /home/mike/preview/ /var/snap/nextcloud/common/nextcloud/data/appdata_oce2cq0odh1l/preview/
|
||
chown -R root:root /var/snap/nextcloud/common/nextcloud/data/appdata_oce2cq0odh1l/preview/
|
||
ncdu /home/mike/preview/
|
||
ncdu /var/snap/nextcloud/common/nextcloud/data/appdata_oce2cq0odh1l/preview/
|
||
snap restart nextcloud
|
||
nextcloud.occ files:scan --all
|
||
nextcloud.occ preview:generate-all -vvv
|
||
```
|
||
|
||
```bash Sat Jan 27 2024 16:58:09 GMT-0700 (Mountain Standard Time)
|
||
sudo -i
|
||
wget http://www.observium.org/observium_installscript.sh
|
||
chmod +x observium_installscript.sh
|
||
./observium_installscript.sh
|
||
# 5
|
||
ufw allow from 192.168.1.0/26 to any port 161 comment "06) SNMP"
|
||
nano /etc/snmp/snmpd.conf
|
||
```
|
||
|
||
```conf
|
||
###########################################################################
|
||
#
|
||
# snmpd.conf
|
||
# An example configuration file for configuring the Net-SNMP agent ('snmpd')
|
||
# See snmpd.conf(5) man page for details
|
||
#
|
||
###########################################################################
|
||
# SECTION: System Information Setup
|
||
#
|
||
|
||
# syslocation: The [typically physical] location of the system.
|
||
# Note that setting this value here means that when trying to
|
||
# perform an snmp SET operation to the sysLocation.0 variable will make
|
||
# the agent return the "notWritable" error code. IE, including
|
||
# this token in the snmpd.conf file will disable write access to
|
||
# the variable.
|
||
# arguments: location_string
|
||
sysLocation server-beelink
|
||
sysContact Mike Phares <mikepharesjr@msn.com>
|
||
|
||
# sysservices: The proper value for the sysServices object.
|
||
# arguments: sysservices_number
|
||
sysServices 72
|
||
|
||
|
||
|
||
###########################################################################
|
||
# SECTION: Agent Operating Mode
|
||
#
|
||
# This section defines how the agent will operate when it
|
||
# is running.
|
||
|
||
# master: Should the agent operate as a master agent or not.
|
||
# Currently, the only supported master agent type for this token
|
||
# is "agentx".
|
||
#
|
||
# arguments: (on|yes|agentx|all|off|no)
|
||
|
||
master agentx
|
||
|
||
# agentaddress: The IP address and port number that the agent will listen on.
|
||
# By default the agent listens to any and all traffic from any
|
||
# interface on the default SNMP port (161). This allows you to
|
||
# specify which address, interface, transport type and port(s) that you
|
||
# want the agent to listen on. Multiple definitions of this token
|
||
# are concatenated together (using ':'s).
|
||
# arguments: [transport:]port[@interface/address],...
|
||
|
||
# agentaddress 127.0.0.1,[::1]
|
||
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
|
||
agentAddress udp:161,udp6:[::1]:161
|
||
|
||
###########################################################################
|
||
# SECTION: Access Control Setup
|
||
#
|
||
# This section defines who is allowed to talk to your running
|
||
# snmp agent.
|
||
|
||
# Views
|
||
# arguments viewname included [oid]
|
||
|
||
# system + hrSystem groups only
|
||
view systemonly included .1.3.6.1.2.1.1
|
||
view systemonly included .1.3.6.1.2.1.25.1
|
||
|
||
|
||
# rocommunity: a SNMPv1/SNMPv2c read-only access community name
|
||
# arguments: community [default|hostname|network/bits] [oid | -V view]
|
||
|
||
# Read-only access to everyone to the systemonly view
|
||
#rocommunity public default -V systemonly
|
||
#rocommunity6 public default -V systemonly
|
||
|
||
rocommunity fUy#YjMb6t6t573PRNe3 192.168.1.0/26
|
||
|
||
# SNMPv3 doesn't use communities, but users with (optionally) an
|
||
# authentication and encryption string. This user needs to be created
|
||
# with what they can view with rouser/rwuser lines in this file.
|
||
#
|
||
# createUser username (MD5|SHA|SHA-512|SHA-384|SHA-256|SHA-224) authpassphrase [DES|AES] [privpassphrase]
|
||
# e.g.
|
||
# createuser authPrivUser SHA-512 myauthphrase AES myprivphrase
|
||
#
|
||
# This should be put into /var/lib/snmp/snmpd.conf
|
||
#
|
||
# rouser: a SNMPv3 read-only access username
|
||
# arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
|
||
rouser authPrivUser authpriv -V systemonly
|
||
|
||
# include a all *.conf files in a directory
|
||
```
|
||
|
||
```bash
|
||
systemctl restart snmpd
|
||
systemctl status snmpd
|
||
netstat -antup | grep -i 161
|
||
```
|
||
|
||
```yml
|
||
Beelink MINI S Mini PC Basic Specifications
|
||
Intel N5095(4C/4T, 4M Cache, 2GHz up to 2.9GHz)
|
||
CPU: Intel Celeron Processor N5095(4C/4T, 4M Cache, Up to 2.9GHz)
|
||
GPU: Intel UHD Graphics
|
||
RAM: 8GB Hard Disk: 128GB/256GB
|
||
Network: WiFi IEEE 802.11/b/g/n/ac, 2.4+5.8G WiFi, Ethernet 1000Mbps LAN, Bluetooth 4.0
|
||
Adapter: Input: 100-240V AC, 50/60Hz , Output: 12V 3A
|
||
Max Screen Resolution: 3840 x 2160@60Hz
|
||
Processor: 2.9 GHz celeron
|
||
RAM: 8 GB DDR4
|
||
Hard Drive: 256 GB SSD
|
||
Graphics Coprocessor: Intel UHD Graphics
|
||
Chipset Brand: Intel
|
||
Card Description: Integrated
|
||
Wireless Type: 2.4 GHz Radio Frequency
|
||
Number of USB 3.0 Ports: 4
|
||
Brand: Beelink
|
||
Series: MINIS(MINI S,MINIS Pro,MINI G,MINI X)
|
||
Item model number: Beelink
|
||
Hardware Platform: PC
|
||
Operating System: OS
|
||
Item Weight: 1.46 pounds
|
||
Package Dimensions: 8.46 x 5 x 2.24 inches
|
||
Color: Black
|
||
Processor Brand: Intel
|
||
Number of Processors: 4
|
||
Computer Memory Type: DDR4 SDRAM
|
||
Hard Drive Interface: Serial ATA
|
||
Hard Drive Rotational Speed: 1800.00
|
||
Optical Drive Type: 256
|
||
Power Source: Input: 100-120V AC, 50/60Hz
|
||
```
|
||
|
||
```yml Trigkey
|
||
Screen Resolution: 3840 x 2160
|
||
Max Screen Resolution: 3840 x 2160 pixels
|
||
Processor: 3.4 GHz celeron
|
||
RAM: 16 DDR4
|
||
Hard Drive: 500 GB SSD
|
||
Chipset Brand: Intel
|
||
Graphics Card Ram Size: 512.00
|
||
Number of USB 2.0 Ports: 2
|
||
Brand: TRIGKEY
|
||
Series: GREEN G4
|
||
Item model number: TRIGKEY Mini PC
|
||
Hardware Platform: PC
|
||
Operating System: OS
|
||
Item Weight: 1.25 pounds
|
||
Product Dimensions: 4.96 x 4.45 x 1.57 inches
|
||
Item Dimensions LxWxH: 4.96 x 4.45 x 1.57 inches
|
||
Processor Brand: Intel
|
||
Number of Processors: 4
|
||
Computer Memory Type: DDR4 SDRAM
|
||
Flash Memory Size: 512 MB
|
||
Hard Drive Interface: Solid State
|
||
```
|
||
|
||
```bash
|
||
root@beelink:~# adduser loganphares
|
||
info: Adding user `loganphares' ...
|
||
info: Selecting UID/GID from range 1000 to 59999 ...
|
||
info: Adding new group `loganphares' (1007) ...
|
||
info: Adding new user `loganphares' (1007) with group `loganphares (1007)' ...
|
||
info: Creating home directory `/home/loganphares' ...
|
||
info: Copying files from `/etc/skel' ...
|
||
New password:
|
||
Retype new password:
|
||
passwd: password updated successfully
|
||
Changing the user information for loganphares
|
||
Enter the new value, or press ENTER for the default
|
||
Full Name []: Logan Phares
|
||
Room Number []:
|
||
Work Phone []:
|
||
Home Phone []:
|
||
Other []:
|
||
Is the information correct? [Y/n] y
|
||
info: Adding new user `loganphares' to supplemental / extra groups `users' ...
|
||
info: Adding user `loganphares' to group `users' ...
|
||
root@beelink:~# cp /home/mike/.ssh/authorized_keys /home/loganphares/.ssh/authorized_keys
|
||
cp: cannot create regular file '/home/loganphares/.ssh/authorized_keys': No such file or directory
|
||
root@beelink:~# mkdir /home/loganphares/.ssh
|
||
root@beelink:~# cp /home/mike/.ssh/authorized_keys /home/loganphares/.ssh/authorized_keys
|
||
root@beelink:~# chown -R loganphares /home/loganphares
|
||
root@beelink:~# mkdir /home/loganphares/.ssh^C
|
||
root@beelink:~# usermod -a -G billmiller loganphares
|
||
usermod: group 'billmiller' does not exist
|
||
root@beelink:~# usermod -a -G billmillermusic loganphares
|
||
root@beelink:~# exit
|
||
```
|