add files from misc repo
This commit is contained in:
parent
a49bf9138c
commit
618f91c335
|
@ -0,0 +1,102 @@
|
|||
# Global options
|
||||
{
|
||||
# Debug mode - uncomment to activate.
|
||||
#debug
|
||||
|
||||
# Use local-only certs? Comment out the on_demand_tls block
|
||||
# if you use this.
|
||||
#local_certs
|
||||
|
||||
# To use automatic on/demand SSL/TLS certs we need to ask an
|
||||
# end-point if we host the domain.
|
||||
on_demand_tls {
|
||||
# This can be any http url you like, a domain query will be
|
||||
# attached. A request will be made such as
|
||||
# http://my.end.point:80/hosted/?domain=myawesomesite.foo
|
||||
# The end-point MUST return a 200 response if the domain is
|
||||
# valid.
|
||||
#ask http://my.end.point:80/hosted/
|
||||
|
||||
# So we don't have to use external scripting let's get caddy
|
||||
# to check a directory for us instead. There needs to be a
|
||||
# block below to handle this otherwise all domains using SSL
|
||||
# will fail.
|
||||
ask http://127.0.0.1:62453/
|
||||
}
|
||||
}
|
||||
|
||||
# On-demand SSL/TLS end-point to check if we host the domain before
|
||||
# getting a cert.
|
||||
http://127.0.0.1:62453 {
|
||||
# The folder where ALL sites are so we can check if hosted or not.
|
||||
# No files from here are served.
|
||||
root * /var/www/
|
||||
|
||||
# Log to stdout.
|
||||
log
|
||||
|
||||
# Rewrite the domain query into a path request and only if /.
|
||||
@domain_query {
|
||||
path /
|
||||
query domain=*
|
||||
}
|
||||
rewrite @domain_query /{query.domain}/
|
||||
|
||||
# Match domain.
|
||||
# The path regex matcher must come first, Thanks caddy devs!
|
||||
# Info https://github.com/caddyserver/caddy/issues/4204
|
||||
@domain_in_path path_regexp domain \/(www\.)?([^\.\\\/].{1,})\/
|
||||
handle @domain_in_path {
|
||||
@domain_exists file {re.domain.2}/
|
||||
respond @domain_exists 200 {
|
||||
close
|
||||
}
|
||||
}
|
||||
|
||||
# Default response if domain doesn't exist.
|
||||
respond 404 {
|
||||
close
|
||||
}
|
||||
}
|
||||
|
||||
# Catch-all SSL/TLS site(s) - this must be last!
|
||||
:443 {
|
||||
# Strip www from host header.
|
||||
@host_header header_regexp host Host (www\.)?([^\.\\\/].{1,})
|
||||
|
||||
# Enable on-demand SSL/TLS certs.
|
||||
tls {
|
||||
on_demand
|
||||
}
|
||||
|
||||
handle_errors {
|
||||
respond "{http.error.status_text}." {
|
||||
close
|
||||
}
|
||||
}
|
||||
|
||||
handle @host_header {
|
||||
root * /var/www/{re.host.2}/htdocs/
|
||||
file_server {
|
||||
hide .* ~*
|
||||
}
|
||||
|
||||
@has_reverse_proxy {
|
||||
file /run/{re.host.2}.sock
|
||||
path !*.php
|
||||
}
|
||||
|
||||
handle @has_reverse_proxy {
|
||||
reverse_proxy unix//run/{re.host.2}.sock {
|
||||
header_up Host {upstream_hostport}
|
||||
header_up X-Forwarded-Host {host}
|
||||
}
|
||||
}
|
||||
|
||||
php_fastcgi unix//run/php/{re.host.2}.sock {
|
||||
# This only works with Caddy versions >= 2.4.6
|
||||
try_files {path} {path}/ {path}/index.php =404
|
||||
}
|
||||
}
|
||||
error 404
|
||||
}
|
|
@ -0,0 +1,78 @@
|
|||
# Global options
|
||||
{
|
||||
# Debug mode - uncomment to activate.
|
||||
#debug
|
||||
|
||||
# Use local-only certs.
|
||||
local_certs
|
||||
}
|
||||
|
||||
# For freepbx.
|
||||
:443 {
|
||||
handle_errors {
|
||||
respond "{http.error.status_text}." {
|
||||
close
|
||||
}
|
||||
}
|
||||
root * /var/www/localhost/htdocs/
|
||||
# https://community.freepbx.org/t/using-caddy-instead-of-apache-in-freepbx/80200
|
||||
handle /admin/* {
|
||||
@blocked_admin {
|
||||
path */.*
|
||||
path */i18n/*
|
||||
path */helpers/*
|
||||
path */libraries/*
|
||||
path */node/*
|
||||
path */views/*php
|
||||
}
|
||||
respond @blocked_admin 403
|
||||
php_fastcgi unix//run/php/localhost.sock
|
||||
file_server
|
||||
}
|
||||
handle {
|
||||
@blocked_main {
|
||||
path */.*
|
||||
}
|
||||
respond @blocked_main 403
|
||||
php_fastcgi unix//run/php/localhost.sock
|
||||
file_server
|
||||
}
|
||||
error 404
|
||||
}
|
||||
|
||||
# Local only service (original).
|
||||
localhost.orig:443 {
|
||||
# Strip www from host header.
|
||||
@host_header header_regexp host Host (www\.)?([^\.\\\/].{1,})
|
||||
|
||||
handle_errors {
|
||||
respond "{http.error.status_text}." {
|
||||
close
|
||||
}
|
||||
}
|
||||
|
||||
handle @host_header {
|
||||
root * /var/www/{re.host.2}/htdocs/
|
||||
file_server {
|
||||
hide .* ~*
|
||||
}
|
||||
|
||||
@has_reverse_proxy {
|
||||
file /run/{re.host.2}.sock
|
||||
path !*.php
|
||||
}
|
||||
|
||||
handle @has_reverse_proxy {
|
||||
reverse_proxy unix//run/{re.host.2}.sock {
|
||||
header_up Host {upstream_hostport}
|
||||
header_up X-Forwarded-Host {host}
|
||||
}
|
||||
}
|
||||
|
||||
php_fastcgi unix//run/php/{re.host.2}.sock {
|
||||
# This only works with Caddy versions >= 2.4.6
|
||||
try_files {path} {path}/ {path}/index.php =404
|
||||
}
|
||||
}
|
||||
error 404
|
||||
}
|
|
@ -0,0 +1,122 @@
|
|||
# Caddy
|
||||
To setup Caddy you must be root ( `sudo -s` ).
|
||||
|
||||
Add the repo...
|
||||
|
||||
```
|
||||
apt install -y curl debian-keyring debian-archive-keyring apt-transport-https
|
||||
curl 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o /etc/apt/trusted.gpg.d/caddy_repo_signing.asc
|
||||
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Now update apt & install it...
|
||||
|
||||
```
|
||||
apt update
|
||||
apt install caddy
|
||||
```
|
||||
---
|
||||
|
||||
Once installed we need to make a backup of the default Caddyfile and
|
||||
replace it with our own...
|
||||
|
||||
```
|
||||
mv -iv /etc/caddy/Caddyfile /etc/caddy/Caddyfile.old
|
||||
cp -v ./Caddyfile /etc/caddy/Caddyfile
|
||||
```
|
||||
|
||||
---
|
||||
We need somewhere to serve sites...
|
||||
|
||||
```
|
||||
mkdir -v /var/www
|
||||
```
|
||||
|
||||
## Site setup
|
||||
|
||||
Create the site's base directory but don't include `www.` and
|
||||
change to it...
|
||||
|
||||
```
|
||||
mkdir -v /var/www/example.com
|
||||
cd /var/www/example.com
|
||||
```
|
||||
|
||||
**Make sure you're in the right directory before continuing.** You can
|
||||
use a tilde `~` in your terminal to see your current directory.
|
||||
|
||||
---
|
||||
|
||||
The site needs some folders...
|
||||
|
||||
```
|
||||
mkdir -v htdocs
|
||||
mkdir data tmp sessions
|
||||
```
|
||||
|
||||
`htdocs` is where the site's public-accessible files are kept,
|
||||
`data` is for private site files, `tmp` is for temporary site files -
|
||||
such as uploads, and `sessions` is for site vistor session data.
|
||||
|
||||
---
|
||||
|
||||
Everyone on the system can access the site's files and we don't want
|
||||
that, change the folder(s) permissions...
|
||||
|
||||
**Take note of the `.` in the command below do not just enter `/` !**
|
||||
|
||||
```
|
||||
chmod -Rv 750 ./
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Drat, only root can access the folders now, but Caddy and others need
|
||||
to be able to read the htdocs folder too...
|
||||
|
||||
```
|
||||
chmod -Rv 755 htdocs
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
If you want another user on the system to own the files, say we have
|
||||
user `fred` and they're in group `fred`...
|
||||
|
||||
**Take note of the `.` in the command below do not just enter `/` !**
|
||||
|
||||
```
|
||||
chown -Rv fred:fred ./*
|
||||
```
|
||||
|
||||
If `fred` is in a different user group and you don't know which, you can
|
||||
run `groups fred` to find out!
|
||||
|
||||
---
|
||||
|
||||
## Things to know
|
||||
|
||||
The `Caddyfile` included here will (in this order)...
|
||||
|
||||
* Check if the requested host (without `www.`) is served here, if not
|
||||
return 404.
|
||||
|
||||
* If the requested file exists serve it. The files index.html index.php
|
||||
take precedence and will always be served if no path is given. Requests
|
||||
where the requested path/file doesn't exist will be passed on to the
|
||||
other handlers (described below).
|
||||
|
||||
* Reverse proxy the request if a socket matching the hostname
|
||||
(without `www.`) exists in `/run/`. This can be any service that
|
||||
understands how to handle HTTP requests. It just needs to be setup to
|
||||
listen via a socket matching the hostname in `/run/`, e.g.
|
||||
`/run/myawesomesite.com.sock`.
|
||||
|
||||
* If the above socket does not exist and/or a php file is requested,
|
||||
attempt to pass along the request to php-fpm (setup to listen via a
|
||||
socket matching the hostname in `/run/php`, e.g.
|
||||
`/run/php/myawesomesite.com.sock`).
|
||||
|
||||
* Return 404 if the request cannot be handled by any of the above.
|
|
@ -0,0 +1,45 @@
|
|||
# Dnsmasq
|
||||
|
||||
|
||||
To setup Dnsmasq you must be root ( `sudo -s` ) then install it with...
|
||||
|
||||
```
|
||||
apt install dnsmasq
|
||||
```
|
||||
|
||||
**When using systemd-resolved, you'll get a service start failure during install, so must disable DNS forwarding.**...
|
||||
|
||||
```
|
||||
cp -iv disable-forwarding.conf /etc/dnsmasq.d/
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Once installed, we want dnsmasq to serve addresses...
|
||||
|
||||
**You'll need to change the IP address range (in the file) to match your LAN configuration.**
|
||||
|
||||
```
|
||||
cp -iv dhcp-server.conf /etc/dnsmasq.d/
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Static IP addresses can be set, copy the file `dhcp-server-static.conf` in this directory to `/etc/dnsmasq.d/`...
|
||||
|
||||
**You'll need to add the MAC and IP addresses for your devices.**
|
||||
|
||||
```
|
||||
cp -iv dhcp-server-static.conf /etc/dnsmasq.d/
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Finally restart dnsmasq and check for errors.
|
||||
|
||||
```
|
||||
systemctl restart dnsmasq
|
||||
systemctl status dnsmasq
|
||||
```
|
||||
|
||||
You should now have a running dnsmasq service!
|
|
@ -0,0 +1 @@
|
|||
dhcp-host=ff:ff:ff:ff:ff:ff,192.168.156.2,24h
|
|
@ -0,0 +1,13 @@
|
|||
log-dhcp
|
||||
domain-needed
|
||||
bogus-priv
|
||||
no-resolv
|
||||
server=1.1.1.1
|
||||
server=1.0.0.1
|
||||
listen-address=::1,127.0.0.1,192.168.156.1
|
||||
expand-hosts
|
||||
domain=lan
|
||||
dhcp-range=192.168.156.2,192.168.156.250,24h
|
||||
dhcp-option=option:router,192.168.156.1
|
||||
dhcp-authoritative
|
||||
#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
|
|
@ -0,0 +1,2 @@
|
|||
# You only need this if using systemd-resolved.
|
||||
port=0
|
|
@ -0,0 +1,166 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
"""Variables with values exclosed in 3 double quotes (") allow
|
||||
multi-line strings. It can also be used for comments.
|
||||
|
||||
Any words in curly braces like {this} are placeholders & can be replaced
|
||||
later if desired with the method 'format' on string variables.
|
||||
Single line strings can have replaceable placeholders too.
|
||||
|
||||
Below is a variable named "foo" containing a single line string with
|
||||
a placeholder...
|
||||
|
||||
foo = "Here is a single line placeholder of {replaceme}."
|
||||
|
||||
We can just print foo as-is using...
|
||||
|
||||
print(foo)
|
||||
|
||||
or replace _all_ "{replaceme}" within it using format...
|
||||
|
||||
print(foo.format(replaceme='new value here'))
|
||||
|
||||
or replace it with another variable...
|
||||
|
||||
new_replaceme='this is a new replacement'
|
||||
|
||||
print(foo.format(replaceme=new_replaceme)
|
||||
|
||||
Make sure that any variables, (new_replaceme in the above in this case)
|
||||
is defined or you'll get a KeyError if you try to print a format()'d
|
||||
string!
|
||||
|
||||
"""
|
||||
|
||||
msg = """Voltage Divider Calculator (v1.1)
|
||||
Formula: "Voltage out is Voltage in * Resistor 2 / Resistor 1 + Resistor 2"
|
||||
|
||||
You entered:
|
||||
Voltage in {voltage}
|
||||
Resistor 1 {resistor1}
|
||||
Resistor 2 {resistor2}
|
||||
|
||||
Which equals:
|
||||
{output}
|
||||
|
||||
Output voltage is: "{output}", rounded (nearest 10) is "{rounded}"!
|
||||
"""
|
||||
|
||||
error = """Usage: python3 {script} <voltage in> <resistor 1> <resister 2>.
|
||||
Example: python3 {script} 5000 2000 4000
|
||||
|
||||
Seeing an Error?
|
||||
ValueError: You enter an invalid value (or left it empty).
|
||||
"""
|
||||
|
||||
|
||||
def main(args):
|
||||
"""
|
||||
The parameter args is a list populated by your shell/terminal.
|
||||
|
||||
All values are added in the order they were passed to the script.
|
||||
|
||||
The first item in the list args[0] will always be the script
|
||||
that was passed to python. If you named this file foo.py and
|
||||
called python3 foo.py args[0] would be the string "foo.py".
|
||||
"""
|
||||
|
||||
# Remove this script's file-name and store it in the variable
|
||||
# "script" for later use.
|
||||
script = args.pop(0)
|
||||
|
||||
"""
|
||||
"try and except" allows us to capture an exception (in this case
|
||||
we only want to capture a ValueError so we can first print
|
||||
a nice error message and then have python raise it, printing it
|
||||
underneath, and finally exiting.
|
||||
"""
|
||||
|
||||
try:
|
||||
"""
|
||||
What "list(map(int, args))" is doing...
|
||||
|
||||
As we've already removed the script file-name from the args
|
||||
list we should just be left with numberic values.
|
||||
|
||||
However, they're strings and we need integers!
|
||||
We use the built-in method "map" which calls the method
|
||||
given ("int" here), that'll convert each value (from strings)
|
||||
within the list to the integers we need.
|
||||
|
||||
Now we have a new problem we've given ourselves :(.
|
||||
|
||||
"map" will return a map object which we don't want so we
|
||||
need to convert (the map object) back into a list,
|
||||
using, you guessed it, the method named "list"!
|
||||
|
||||
Each value from the converted list is then unpacked into the
|
||||
variables "voltage", "resistor1" and "resistor2" (from right
|
||||
to left). So say we have a list of [1, 2, 3], We can
|
||||
unpack those values as...
|
||||
|
||||
one, two, three = [1, 2, 3]
|
||||
"""
|
||||
voltage, resistor1, resistor2 = list(map(int, args))
|
||||
|
||||
# Here we're just calulating the voltage value using the values
|
||||
# from each variable.
|
||||
output = voltage * (resistor2 / (resistor1 + resistor2))
|
||||
except ValueError:
|
||||
"""
|
||||
Oh no, we're missing a value or a non-numeric value was
|
||||
entered! Let the user know by printing our nice
|
||||
error message, contained with in the "error" multi-line
|
||||
variable above.
|
||||
|
||||
Remember the "replaceme" variable we talked about earlier?
|
||||
Well, we're doing the same thing here but we're replacing
|
||||
the text "{script}" (in the "error" variable above) with
|
||||
the variable "script" (also above!).
|
||||
|
||||
It sounds confusing? Yes, I agree. It can be made easier
|
||||
by using another word different to your variable as a
|
||||
placeholder and replace it with any variable you like!
|
||||
|
||||
script = "carrots are lovely"
|
||||
msg = "my {placeholder}."
|
||||
print(msg.format(placeholder=script))
|
||||
"""
|
||||
print(error.format(script=script))
|
||||
|
||||
"""
|
||||
STOP! Ham, Ahem... Exception time!
|
||||
"raise" here (unless captured by another try/except block)
|
||||
just tells python to print the exception then
|
||||
stop executing the script.
|
||||
"""
|
||||
raise
|
||||
|
||||
"""
|
||||
If we get here it means our voltage has been calculated,
|
||||
and so (just like the above error message) we format then
|
||||
print the _good_ message "msg" variable and we're done.
|
||||
"""
|
||||
print(msg.format(voltage=voltage, resistor1=resistor1,
|
||||
resistor2=resistor2, output=output,
|
||||
rounded=round(output)))
|
||||
|
||||
|
||||
"""
|
||||
This "if block" tells python not to run the method "main" (above)
|
||||
If our script was imported by another python script.
|
||||
|
||||
The method "main" will only get called if our script was called directly
|
||||
by python and is the "main" (hence __main__ below) script.
|
||||
|
||||
This also means we import our script from within another script and
|
||||
call our module's (what python calls scripts) method "main".
|
||||
"""
|
||||
|
||||
if __name__ == '__main__':
|
||||
import sys
|
||||
|
||||
# main(sys.argv) calls our main function & passes the arguments
|
||||
# given to it by the terminal.
|
||||
# sys.exit returns the value from the method main.
|
||||
sys.exit(main(sys.argv))
|
|
@ -0,0 +1,43 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
DATE_STAMP=$(date '+%s')
|
||||
|
||||
apt -y install build-essential checkinstall libncurses5 git curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev libjansson-dev libxml2-dev uuid-dev default-libmysqlclient-dev
|
||||
|
||||
mkdir asterisk-${DATE_STAMP:-fail}
|
||||
|
||||
cd asterisk-${DATE_STAMP:-fail}
|
||||
|
||||
mkdir build
|
||||
|
||||
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz \
|
||||
-O asterisk-18-current.tar.gz --show-progress
|
||||
|
||||
cd build
|
||||
|
||||
tar xf ../asterisk-18-current.tar.gz
|
||||
|
||||
cd asterisk*
|
||||
|
||||
# Main build bit.
|
||||
./contrib/scripts/get_mp3_source.sh
|
||||
|
||||
contrib/scripts/install_prereq install
|
||||
|
||||
./configure
|
||||
|
||||
make
|
||||
|
||||
#sudo checkinstall --default --pkgname asterisk --addso=yes make install config samples
|
||||
|
||||
echo "Install Asterisk and kitchen sink (everything)?"
|
||||
read
|
||||
|
||||
make install
|
||||
make samples
|
||||
make config
|
||||
ldconfig
|
||||
|
||||
exit 0;
|
|
@ -0,0 +1,27 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
DATE_STAMP=$(date '+%s')
|
||||
|
||||
apt install asterisk asterisk-dev libasound2-dev build-essential git
|
||||
|
||||
mkdir asterisk-chan-quectel-${DATE_STAMP}
|
||||
|
||||
cd asterisk-chan-quectel-${DATE_STAMP}
|
||||
|
||||
mkdir build
|
||||
|
||||
cd build
|
||||
|
||||
git clone https://github.com/IchthysMaranatha/asterisk-chan-quectel.git .
|
||||
|
||||
./bootstrap
|
||||
|
||||
INSTALLED_AST_VERSION=$(asterisk -V | cut -d " " -f 2)
|
||||
|
||||
./configure --with-astversion=${INSTALLED_AST_VERSION}
|
||||
|
||||
make
|
||||
|
||||
make install
|
|
@ -0,0 +1,86 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Crontab line.
|
||||
#0 2 * * * bash /root/backup.sh | tee -a /var/log/backup_$(date +"\%Y-\%m-\%d").log
|
||||
|
||||
# Exit on error.
|
||||
# Because I've been grilled about not using this - phillw, I'm looking
|
||||
# at you ;)
|
||||
set -e
|
||||
|
||||
# Where do we locally store the backups?
|
||||
BACKUP_STORE='/backup'
|
||||
|
||||
# What directories do we backup?
|
||||
# Each _full_ path must be seperated by a space. If a path uses a
|
||||
# special char e.g, space or non-alphanumeric chars escape it with a
|
||||
# backslash.
|
||||
BACKUP_DIRS='/etc /home /var/www /root'
|
||||
|
||||
# A date string for file/folder-names.
|
||||
SCRIPT_RUN_DATE=`date '+%Y-%m-%d-%H-%M'`
|
||||
|
||||
# Backup the above $BACKUP_DIRS. Set to 0 to disable.
|
||||
BACKUP_DIRECTORIES_AND_FILES="1"
|
||||
|
||||
# CRON backup? Set to 0 to disable.
|
||||
BACKUP_CRON="1"
|
||||
|
||||
# MARIADB/MYSQL dump backup? Set to 0 to disable.
|
||||
BACKUP_SQL="1"
|
||||
|
||||
|
||||
## Edit below at own risk..
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo 'run as root'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Before we do anything, switch to our backup store directory.
|
||||
cd "${BACKUP_STORE:-/tmp/$SCRIPT_RUN_DATE}"
|
||||
|
||||
# Now make our backup directory using the script_run_date.
|
||||
BACKUP_CWD="./${SCRIPT_RUN_DATE:-fail}"
|
||||
mkdir "${BACKUP_CWD}"
|
||||
cd "${BACKUP_CWD}"
|
||||
|
||||
if [[ "$BACKUP_DIRECTORIES_AND_FILES" == "1" ]]; then
|
||||
|
||||
for OBJ in ${BACKUP_DIRS:-}; do
|
||||
OBJ_S=${OBJ//\//-}
|
||||
OBJ_S=${OBJ_S/-/}
|
||||
|
||||
if [[ ! -f "${OBJ}" ]]; then
|
||||
if [[ ! -d "${OBJ}" ]]; then
|
||||
printf "\n!! file or directory \"%s\" not found, skipping..\n" "${OBJ}"
|
||||
continue;
|
||||
fi
|
||||
fi
|
||||
|
||||
tar -cJf "./$OBJ_S.tar.xz" "${OBJ}"
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
if [[ "$BACKUP_SQL" == "1" ]]; then
|
||||
|
||||
DATABASES="$(echo "show databases" | mysql | grep -Ev "^(Database|mysql|performance_schema|information_schema)$" | paste -sd " " -)"
|
||||
|
||||
[[ -z "${DATABASES:-}" ]] && exit 1
|
||||
|
||||
for DB in $DATABASES; do
|
||||
mysqldump --single-transaction --routines --events --triggers --lock-tables $DB > "./$DB.sql" || exit 1;
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
if [[ "$BACKUP_CRON" == "1" ]]; then
|
||||
|
||||
for USER in $(cut -f1 -d: /etc/passwd); do
|
||||
crontab -u $USER -l > "${USER}-cron.txt" || continue;
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
echo "$SCRIPT_RUN_DATE OK" >> /var/log/$0-run.log
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
# The following was modifed but the original was graciously provided by the
|
||||
# caddy docs -> https://caddyserver.com/docs/install#debian-ubuntu-raspbian
|
||||
apt install -y curl debian-keyring debian-archive-keyring apt-transport-https
|
||||
curl 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o /etc/apt/trusted.gpg.d/caddy_repo_signing.asc
|
||||
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
|
||||
apt update
|
||||
apt install caddy
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Exit on error.
|
||||
# Because I've been grilled about not using this - phillw, I'm looking
|
||||
# at you ;) - No, you'll never escape this lmao.
|
||||
set -e
|
||||
|
||||
LIST='rsync nano htop net-tools vnstat screen git curl coreutils chrony
|
||||
command-not-found'
|
||||
|
||||
[[ ! "${1:-}" == "1" ]] && \
|
||||
printf 'Install "%s?" - press ctrl+c to cancel\n' "$LIST" && read
|
||||
|
||||
apt update
|
||||
|
||||
for pkg in $LIST
|
||||
do
|
||||
apt install -y "$pkg"
|
||||
done
|
|
@ -0,0 +1,83 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
# Command we pipe to execute the sql.
|
||||
sql_cmd='mariadb -u root'
|
||||
|
||||
# SQL to create the database.
|
||||
sql_create_db="CREATE DATABASE \`%s\`;"
|
||||
|
||||
# SQL to create user.
|
||||
sql_create_user="CREATE USER IF NOT EXISTS '%s'@'%s' IDENTIFIED BY '%s';"
|
||||
|
||||
# SQL grant usage.
|
||||
sql_grant_usage="GRANT USAGE ON *.* TO '%s'@'%s' IDENTIFIED BY '%s';"
|
||||
|
||||
# SQL grant on users database.
|
||||
sql_grant_on_db="GRANT ALL privileges ON \`%s\`.* TO '%s'@'%s';"
|
||||
|
||||
# SQL flush
|
||||
sql_flush='FLUSH PRIVILEGES;'
|
||||
|
||||
DB_HOST='localhost'
|
||||
DB_USER=""
|
||||
DB_NAME=""
|
||||
DB_PASS=""
|
||||
DB_PASS_REP=""
|
||||
|
||||
new_user() {
|
||||
|
||||
printf '(new) database user?\n' && read -t 120 DB_USER;
|
||||
|
||||
[[ ! "${DB_USER}" =~ ^[A-Za-z]{1}[A-Za-z0-9\_\-]+$ ]] && \
|
||||
printf 'min 2 chars, A-z0-9_- allowed.. ' && new_user
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
new_db_name() {
|
||||
|
||||
printf '(new) database name?\n' && read -t 120 DB_NAME;
|
||||
|
||||
[[ ! "${DB_NAME}" =~ ^[A-Za-z]{1}[A-Za-z0-9\_\-]+$ ]] && \
|
||||
printf 'min 2 chars, A-z0-9_- allowed.. ' && new_db_name
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
new_pass() {
|
||||
|
||||
printf 'password? (input hidden)\n' && read -st 120 DB_PASS;
|
||||
printf 'password again?\n' && read -st 120 DB_PASS_REP;
|
||||
|
||||
[[ -z "$DB_PASS" ]] || [[ -z "$DB_PASS_REP" ]] && new_pass
|
||||
[[ ! "$DB_PASS" == "$DB_PASS_REP" ]] && \
|
||||
printf 'passwords do not match.. ' && new_pass
|
||||
|
||||
return 0
|
||||
|
||||
}
|
||||
|
||||
# Note: set -e requires the functions to return 0.
|
||||
new_db_name
|
||||
new_user
|
||||
new_pass
|
||||
|
||||
# Create database.
|
||||
printf "$sql_create_db" "$DB_NAME" | $sql_cmd;
|
||||
|
||||
# The user.
|
||||
printf "$sql_create_user" "$DB_USER" "${DB_HOST:-NONE}" \
|
||||
"$DB_PASS" | $sql_cmd;
|
||||
|
||||
# The grants.
|
||||
printf "$sql_grant_usage" "$DB_USER" "${DB_HOST:-NONE}" \
|
||||
"$DB_PASS" | $sql_cmd;
|
||||
|
||||
printf "$sql_grant_on_db" "$DB_NAME" "${DB_USER:-NONE}" \
|
||||
"${DB_HOST:-NONE}" | $sql_cmd;
|
||||
|
||||
printf "$sql_flush" | $sql_cmd;
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
# Simple "script" to install mariadb-server
|
||||
apt update && sudo apt install -y mariadb-server
|
||||
|
||||
# After the install is done, run the security script.
|
||||
mysql_secure_installation
|
|
@ -0,0 +1,86 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
#
|
||||
# 0 2 * * * bash /root/nextcloud-sync.sh | tee /var/log/nextcloud.log > /dev/null 2>&1
|
||||
|
||||
|
||||
# Exit on error.
|
||||
#set -eux # debug on
|
||||
set -e
|
||||
|
||||
# Timestamp
|
||||
DATE_STAMP=$(date '+%s')
|
||||
|
||||
############ REMOTE
|
||||
# Host must have SSH keys setup.
|
||||
# Must have access to the below paths & access to the database.
|
||||
SSH_REMOTE_HOST='host'
|
||||
SSH_REMOTE_USER='root'
|
||||
|
||||
# The user to run the _REMOTE_ nextcloud install uses.
|
||||
# For running commands etc.
|
||||
NEXTCLOUD_REMOTE_USER='nextcloud'
|
||||
NEXTCLOUD_REMOTE_DATABASE_NAME='nextcloud'
|
||||
|
||||
# Paths.
|
||||
PHP_REMOTE_BIN='php'
|
||||
NEXTCLOUD_REMOTE_FILE_DATA='/nextcloud/data'
|
||||
NEXTCLOUD_REMOTE_FILE_ROOT='/var/www/nextcloud/htdocs'
|
||||
|
||||
REMOTE_NC_MAINTENANCE_ON="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST sudo -u $NEXTCLOUD_REMOTE_USER $PHP_REMOTE_BIN $NEXTCLOUD_REMOTE_FILE_ROOT/occ maintenance:mode --on"
|
||||
|
||||
REMOTE_NC_MAINTENANCE_OFF="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST sudo -u $NEXTCLOUD_REMOTE_USER $PHP_REMOTE_BIN $NEXTCLOUD_REMOTE_FILE_ROOT/occ maintenance:mode --off"
|
||||
|
||||
REMOTE_DB_CREATE_DUMP="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST mysqldump --single-transaction $NEXTCLOUD_REMOTE_DATABASE_NAME > /tmp/nextcloud-$DATE_STAMP.sql"
|
||||
|
||||
############ LOCAL
|
||||
NEXTCLOUD_USER='nextcloud'
|
||||
NEXTCLOUD_DATABASE_NAME='nextcloud'
|
||||
|
||||
# Paths.
|
||||
PHP_BIN='php'
|
||||
NEXTCLOUD_FILE_DATA='/nextcloud/data'
|
||||
NEXTCLOUD_FILE_ROOT='/var/www/nextcloud/htdocs'
|
||||
|
||||
NC_MAINTENANCE_ON="sudo -u $NEXTCLOUD_USER $PHP_BIN $NEXTCLOUD_FILE_ROOT/occ maintenance:mode --on"
|
||||
|
||||
NC_MAINTENANCE_OFF="sudo -u $NEXTCLOUD_USER $PHP_BIN $NEXTCLOUD_FILE_ROOT/occ maintenance:mode --off"
|
||||
|
||||
GET_DB_DUMP_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:/tmp/nextcloud-$DATE_STAMP.sql /tmp/nextcloud-$DATE_STAMP.sql"
|
||||
|
||||
GET_DATA_FILES_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:$NEXTCLOUD_REMOTE_FILE_DATA/. $NEXTCLOUD_FILE_DATA"
|
||||
|
||||
GET_NC_FILES_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:$NEXTCLOUD_REMOTE_FILE_ROOT/. $NEXTCLOUD_FILE_ROOT"
|
||||
|
||||
#########
|
||||
|
||||
# Enable remote MAINTENANCE mode.
|
||||
${REMOTE_NC_MAINTENANCE_ON}
|
||||
|
||||
# Make remote dump.
|
||||
${REMOTE_DB_CREATE_DUMP}
|
||||
|
||||
# Enable local MAINTENANCE mode.
|
||||
${NC_MAINTENANCE_ON}
|
||||
|
||||
# Sync nc files.
|
||||
${GET_NC_FILES_FROM_REMOTE}
|
||||
|
||||
# Sync files.
|
||||
${GET_DATA_FILES_FROM_REMOTE}
|
||||
|
||||
# Get database dump.
|
||||
${GET_DB_DUMP_FROM_REMOTE}
|
||||
|
||||
# Disable remote MAINTENANCE mode.
|
||||
${REMOTE_NC_MAINTENANCE_OFF}
|
||||
|
||||
# Restore database dump.
|
||||
# You can't script this due to the redirection.
|
||||
mysql $NEXTCLOUD_DATABASE_NAME < /tmp/nextcloud-$DATE_STAMP.sql && rm /tmp/nextcloud-$DATE_STAMP.sql
|
||||
|
||||
# Disable local MAINTENANCE mode.
|
||||
${NC_MAINTENANCE_OFF}
|
||||
|
||||
echo "$DATE_STAMP OK" >> /var/log/nc-sync.log
|
|
@ -0,0 +1,37 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
# We'll use the debian binaries provided by sury.org, we need some
|
||||
# packages to add the repo.
|
||||
#
|
||||
# Most of this is taken from https://packages.sury.org/php/README.txt
|
||||
# but I've modified one or two lines.
|
||||
apt install -y apt-transport-https lsb-release ca-certificates curl
|
||||
|
||||
# PHP packages to install.
|
||||
PHP_PKGS='php8.1-fpm php8.1-readline php8.1-mbstring php8.1-gd php8.1-curl php8.1-zip php8.1-mysql php8.1-dom'
|
||||
|
||||
# Apt format.
|
||||
DEB_FMT='deb %s %s %s'
|
||||
|
||||
# Repo URL.
|
||||
DEB_URL='https://packages.sury.org/php/'
|
||||
DEB_KEY_URL='https://packages.sury.org/php/apt.gpg'
|
||||
|
||||
# Distro codename.
|
||||
DISTRO_CODE="$(lsb_release -sc)"
|
||||
|
||||
REPO_SUITE='main'
|
||||
|
||||
curl -o /etc/apt/trusted.gpg.d/packages.sury.org.gpg "${DEB_KEY_URL:-}"
|
||||
|
||||
printf "${DEB_FMT:-}\n" "$DEB_URL" "$DISTRO_CODE" "$REPO_SUITE" |
|
||||
tee /etc/apt/sources.list.d/php-packages.sury.list
|
||||
|
||||
apt update
|
||||
|
||||
apt install -y $PHP_PKGS
|
|
@ -0,0 +1,79 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
UNDER_PATH=${1:-`pwd`}
|
||||
OWNER=${2:-www-data}
|
||||
OWNER_GROUP=${3:-`id -gn $OWNER`}
|
||||
|
||||
PRIVATE_DIRS="data tmp sessions"
|
||||
PUBLIC_DIRS="public"
|
||||
|
||||
printf 'Create site directories in "%s" owned by "%s" with group "%s"...
|
||||
|
||||
Is this correct?
|
||||
|
||||
OK = cd /var/www && sudo bash %s ./mysite.com <user> <group>
|
||||
OK = sudo bash %s /var/www/mysite.com
|
||||
AVOID = sudo bash %s /var/www/mysite.com/site2.com
|
||||
|
||||
<user> & <group> are optional, both default to www-data user/group.
|
||||
|
||||
The parent directory must already exist, this script will NOT
|
||||
recursively create directories.
|
||||
|
||||
Press ctrl+c to cancel or enter to continue...' \
|
||||
"$UNDER_PATH" "$OWNER" "$OWNER_GROUP" "$0" "$0" "$0"
|
||||
read
|
||||
|
||||
[[ "$UNDER_PATH" == "/" ]] && (
|
||||
printf "Do you really want to create this folder in your root path?
|
||||
|
||||
Press ctrl+c to cancel or hit enter to confirm...
|
||||
" \
|
||||
"$UNDER_PATH"
|
||||
read
|
||||
)
|
||||
|
||||
[[ -z "$OWNER_GROUP" ]] && (
|
||||
printf '\nNo group for user "%s"!
|
||||
' "$OWNER"
|
||||
exit 1
|
||||
)
|
||||
|
||||
printf 'Creating folders with user "%s" and group "%s"...
|
||||
' "$OWNER" "$OWNER_GROUP"
|
||||
|
||||
mkdir "$UNDER_PATH"
|
||||
cd "$UNDER_PATH"
|
||||
|
||||
mkdir ".test"
|
||||
chown "$OWNER":"$OWNER_GROUP" .test || (
|
||||
printf 'Failed change permissions of test folder :(.
|
||||
|
||||
-> Check the user and/or group exist!
|
||||
-> You may need to be root or use sudo to run this script.
|
||||
'
|
||||
exit 1
|
||||
)
|
||||
|
||||
[[ -d ".test" ]] && rm -R ".test"
|
||||
|
||||
# Create the private & public folders then set permissions...
|
||||
for private_folder in $PRIVATE_DIRS; do
|
||||
mkdir -v "$private_folder"
|
||||
chown -v "$OWNER":"$OWNER_GROUP" "$private_folder"
|
||||
chmod -cR 750 "$private_folder"
|
||||
chmod -cR u+s,g+s,o+s "$private_folder"
|
||||
done
|
||||
|
||||
for public_folder in $PUBLIC_DIRS; do
|
||||
mkdir -v "$public_folder"
|
||||
chown -v "$OWNER":"$OWNER_GROUP" "$public_folder"
|
||||
chmod -cR 755 "$public_folder"
|
||||
chmod -cR u+s,g+s,o+s "$public_folder"
|
||||
done
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
# sftp group to create/use
|
||||
SFTP_GROUP='sftp'
|
||||
|
||||
if [[ ! -z "$1" ]]; then
|
||||
usermod -aG "$SFTP_GROUP" "$1"
|
||||
else
|
||||
# Add sftp group.
|
||||
addgroup ${SFTP_GROUP:-sftp} || true
|
||||
|
||||
cat << EOF > /etc/ssh/sshd_config.d/sftp.conf
|
||||
Match Group ${SFTP_GROUP:-sftp}
|
||||
PasswordAuthentication yes
|
||||
ChrootDirectory %h
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
ForceCommand internal-sftp
|
||||
|
||||
Match all
|
||||
EOF
|
||||
|
||||
systemctl restart sshd
|
||||
|
||||
printf 'Call this script with a user to add them to the sftp group.\n'
|
||||
|
||||
fi
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
# This is just a simple echo & a restart.
|
||||
# NOTE: This will not stop passwords (for some users) if another config
|
||||
# drop-in overrides it e.g, match group/users etc.
|
||||
echo "PasswordAuthentication no" > \
|
||||
/etc/ssh/sshd_config.d/10-PasswordAuthentication.conf
|
||||
|
||||
systemctl restart sshd
|
|
@ -0,0 +1,51 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
[[ ! "$1" == "yes" ]] && (
|
||||
printf "
|
||||
This script modifies networking and will reboot your system!
|
||||
Please ensure you have backup access.
|
||||
|
||||
DO NOT USE THIS IF YOU HAVE NO DHCP OR NEED STATIC IP ADDRESSING!!
|
||||
|
||||
To confirm, please re-run this script with \"yes\"
|
||||
|
||||
\"%s yes\".\n" "$0"
|
||||
exit 1;
|
||||
)
|
||||
|
||||
# Enable systemd-resolved & link stub-resolv.conf.
|
||||
systemctl enable --now systemd-resolved
|
||||
|
||||
ln -sf /var/run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
||||
|
||||
cat << EOF > /etc/systemd/network/10-default-dhcp.network
|
||||
[Match]
|
||||
Name=*
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
|
||||
DNSOverTLS=opportunistic
|
||||
|
||||
DNS=1.1.1.1
|
||||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
EOF
|
||||
|
||||
# Before rebooting ensure old networking isn't started on boot.
|
||||
systemctl disable networking
|
||||
systemctl enable systemd-networkd
|
||||
|
||||
# Final warning.
|
||||
printf 'Rebooting in 30 seconds, hit ctrl+c to cancel.\n'
|
||||
sleep 30;
|
||||
|
||||
halt --reboot
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "bash <filename>".
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
FILE='/etc/motd'
|
||||
DISABLED_EXT='disabled'
|
||||
|
||||
if [ -f "${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}" ]; then
|
||||
mv -v "${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}" \
|
||||
"${FILE:-/tmp/none}"
|
||||
else
|
||||
mv -v "${FILE:-/tmp/none}" \
|
||||
"${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}"
|
||||
fi
|
|
@ -0,0 +1,65 @@
|
|||
; Change this to match your domain/sub-domain (don't include www.).
|
||||
[localhost]
|
||||
|
||||
; Change the following lines to match your site user & group.
|
||||
; you can run id -gn the_user_name_here to find out the group.
|
||||
|
||||
; You only need to change this if you have your site folders/files
|
||||
; owned by a different user.
|
||||
user = www-data
|
||||
group = www-data
|
||||
|
||||
; This group must match your server group.
|
||||
; The default www-data usually works fine provided your server software
|
||||
; is in that group (it usually is).
|
||||
listen.group = www-data
|
||||
|
||||
; Best to keep this as root.
|
||||
listen.owner = root
|
||||
|
||||
; The $pool value is replaced with whatever you've entered in the
|
||||
; section header [site.com] above.
|
||||
; Your webserver needs to be setup to talk to the socket at this
|
||||
; location.
|
||||
listen = /run/php/$pool.sock
|
||||
|
||||
; Be sure to change these path values to match where your sites are.
|
||||
; Leave the /$pool bit where it is.
|
||||
; You only need to change /var/www/ to where you've placed your sites.
|
||||
; e.g you have your sites in /var/srv, you'd enter /var/srv/$pool.
|
||||
;
|
||||
; Remember to change all the paths (if you need to)!!
|
||||
prefix = /var/www/$pool
|
||||
|
||||
; session save_path needs a full path value.
|
||||
php_admin_value[session.save_path] = $prefix/sessions
|
||||
|
||||
; These also need full path values.
|
||||
env[TMP] = $prefix/tmp
|
||||
env[TMPDIR] = $prefix/tmp
|
||||
env[TEMP] = $prefix/tmp
|
||||
|
||||
; You generally don't need to edit anything else below this line.
|
||||
|
||||
listen.mode = 0660
|
||||
|
||||
php_admin_value[open_basedir] = $prefix:/usr/share/php:/etc/ssl/certs
|
||||
|
||||
php_admin_value[disable_functions] = dl,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
|
||||
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f noreply@$pool
|
||||
php_admin_value[memory_limit] = 256M
|
||||
php_admin_value[upload_max_filesize] = 100M
|
||||
php_admin_value[upload_tmp_dir] = $prefix/tmp
|
||||
php_admin_value[error_log] = $prefix/tmp/php-error.log
|
||||
php_admin_flag[log_errors] = on
|
||||
php_flag[display_errors] = off
|
||||
|
||||
access.log = $prefix/tmp/php-access.log
|
||||
access.format = "[%t] %m %{REQUEST_SCHEME}e://%{HTTP_HOST}e%{REQUEST_URI}e %f pid:%p took:%ds mem:%{mega}Mmb cpu:%C%% status:%s {%{REMOTE_ADDR}e|%{HTTP_X_FORWARDED_FOR}e|%{HTTP_USER_AGENT}e}"
|
||||
|
||||
pm = ondemand
|
||||
pm.max_children = 100
|
||||
pm.process_idle_timeout = 600s
|
||||
pm.max_requests = 1000
|
||||
catch_workers_output = yes
|
||||
|
|
@ -0,0 +1,96 @@
|
|||
# PHP
|
||||
|
||||
Installing PHP on Debian is easy as...
|
||||
|
||||
```
|
||||
apt install php-fpm php-readline php-mbstring php-gd \
|
||||
php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
|
||||
php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
|
||||
```
|
||||
|
||||
If you need a newer version, use the sury.org repos, take
|
||||
a look at [this readme](https://packages.sury.org/php/README.txt) or
|
||||
use the `php8.1-sury-install.sh` script in this directory...
|
||||
|
||||
```
|
||||
sudo bash php8.1-sury-install.sh
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Now you have php installed you need to copy the `localhost.conf.example`
|
||||
file (See [notes 1](#Notes)) in this directory to where your php-fpm
|
||||
pool files are.
|
||||
|
||||
**If you have multiple PHP versions installed you'll need to pick the
|
||||
version you want your site to run on.**
|
||||
|
||||
So, for PHP-FPM 7.4 using the example file...
|
||||
|
||||
```
|
||||
cp -v localhost.conf.example /etc/php/7.4/fpm/pool.d/yoursite.com.conf
|
||||
```
|
||||
|
||||
For PHP 8.1...
|
||||
|
||||
```
|
||||
cp -v localhost.conf.example /etc/php/8.1/fpm/pool.d/yoursite.com.conf
|
||||
```
|
||||
|
||||
**You'll need to rename and modify the values (within the copied file)
|
||||
to match your site. I've left the main things to change at the top
|
||||
of the config file.**
|
||||
|
||||
|
||||
---
|
||||
|
||||
Got your config modified and sorted? Great! Now we need to restart
|
||||
php-fpm. This varies depending on your version, but just you change
|
||||
the PHP version number in the command below...
|
||||
|
||||
For 7.4...
|
||||
|
||||
```
|
||||
systemctl restart php7.4-fpm
|
||||
```
|
||||
|
||||
And 8.1...
|
||||
|
||||
```
|
||||
systemctl restart php8.1-fpm
|
||||
```
|
||||
|
||||
fpm is now ready to serve your php files via the socket
|
||||
`/run/php/yoursite.com.sock`. You'll need to configure your webserver to
|
||||
send any PHP requests along to it. If you're using Caddy with my
|
||||
Caddyfile you're already set.
|
||||
|
||||
TIP: You can use `systemctl status php7.4` to check for errors!
|
||||
|
||||
## Disabling configurations & what about `www.conf`?
|
||||
|
||||
The included `www.conf` won't hurt and can be left alone, although if
|
||||
you want to disable it, just rename it to `www.conf.disabled`. You can
|
||||
do the same for any other configs you don't want used...
|
||||
|
||||
```
|
||||
cd /etc/php/7.4/fpm/pool.d/
|
||||
mv -v www.conf www.conf.disabled
|
||||
```
|
||||
|
||||
And to enable it again...
|
||||
|
||||
```
|
||||
cd /etc/php/7.4/fpm/pool.d/
|
||||
mv -v www.conf.disabled www.conf
|
||||
```
|
||||
|
||||
PHP-FPM needs to be reloaded, you can do that with...
|
||||
|
||||
```
|
||||
systemctl reload php7.4-fpm
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
[1] It's a symlink to the one I use with 7.4. It works fine on PHP 8.1.
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
|
||||
# Exit on error.
|
||||
set -e
|
||||
|
||||
apt install apt install php-fpm php-readline php-mbstring php-gd \
|
||||
php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
|
||||
php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
|
||||
|
||||
mv -v /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.disabled
|
||||
|
||||
systemctl restart php7.4-fpm
|
|
@ -0,0 +1,53 @@
|
|||
[Match]
|
||||
Name=eth0
|
||||
|
||||
## Only use one of these blocks!!
|
||||
|
||||
### DHCP (default most want)
|
||||
[Network]
|
||||
DHCP=yes
|
||||
|
||||
DNSOverTLS=opportunistic
|
||||
|
||||
DNS=1.1.1.1
|
||||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
|
||||
## dhcp config end
|
||||
|
||||
## LAN
|
||||
# Uncomment all below if you want to use eth0 as a lan network.
|
||||
#[Network]
|
||||
# IP address range.
|
||||
#Address=192.168.156.1/24
|
||||
|
||||
# Packet forwarding.
|
||||
#IPForward=yes
|
||||
|
||||
# Masquerade.
|
||||
#IPMasquerade=both
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
#LLDP=no
|
||||
|
||||
#[DHCPServer]
|
||||
|
||||
# Lease time
|
||||
#DefaultLeaseTimeSec=300
|
||||
|
||||
# DNS to serve
|
||||
#DNS=1.1.1.1
|
||||
#DNS=1.0.0.1
|
||||
|
||||
# Enable serving of DHCP addresses from the network range.
|
||||
#DHCPServer=yes
|
||||
|
||||
# Below not supported systemd < 250
|
||||
#[DHCPServerStaticLease]
|
||||
#MACAddress=xx:xx:xx:xx:xx:xx
|
||||
#Address=192.168.156.2
|
||||
|
||||
## lan end
|
|
@ -0,0 +1,19 @@
|
|||
[Match]
|
||||
Name=wwan0
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
|
||||
DNSOverTLS=opportunistic
|
||||
|
||||
DNS=1.1.1.1
|
||||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
|
||||
[DHCP]
|
||||
# Make sure connection/route is chosen last!
|
||||
RouteMetric=2048
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
[Match]
|
||||
Name=usb0
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
|
||||
DNSOverTLS=opportunistic
|
||||
|
||||
DNS=1.1.1.1
|
||||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
|
@ -0,0 +1,15 @@
|
|||
# Requires /etc/wpa_supplicant/wpa_supplicant-wlan0.conf to exist.
|
||||
[Match]
|
||||
Name=wlan0
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
|
||||
DNSOverTLS=opportunistic
|
||||
|
||||
DNS=1.1.1.1
|
||||
|
||||
DNS=1.0.0.1
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
|
@ -0,0 +1,41 @@
|
|||
[NetDev]
|
||||
Name=wgs0
|
||||
|
||||
Description=Wireguard Server Peer
|
||||
|
||||
Kind=wireguard
|
||||
|
||||
[WireGuard]
|
||||
|
||||
# Port to listen on.
|
||||
ListenPort=500
|
||||
|
||||
# I usually set this to the port number above it's not really needed
|
||||
# but useful for firewalls.
|
||||
FirewallMark=500
|
||||
|
||||
# The Base64 encoded private key for the interface. It can be generated
|
||||
# using the wg genkey command (see wg(8)). This option or
|
||||
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
|
||||
# information is secret, you may want to set the permissions of the
|
||||
# .netdev file to be owned by "root:systemd-network" with a "0640" file
|
||||
# mode.
|
||||
PrivateKey=<KEY>
|
||||
|
||||
# Public key for the above private key. Only here as a reminder.
|
||||
# systemd will ignore if uncommented.
|
||||
#PublicKey=<PUBKEY>
|
||||
|
||||
# Your Peers.
|
||||
[WireGuardPeer]
|
||||
|
||||
# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
|
||||
# private key, and usually transmitted out of band to the author of the
|
||||
# configuration file. This option is mandatory for this section.
|
||||
PublicKey=<KEY>
|
||||
|
||||
# Comma-separated list of IP addresses with CIDR masks from which this
|
||||
# peer is allowed to send incoming traffic and to which outgoing traffic
|
||||
# for this peer is directed.
|
||||
AllowedIPs=10.0.0.1.2/32
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# Needs netdev for wgs0, wireguard & wireguard-tools installed to work.
|
||||
[Match]
|
||||
Name=wgs0
|
||||
|
||||
[Network]
|
||||
# Packet forwarding.
|
||||
IPForward=yes
|
||||
|
||||
# Link discovery causes some issues so disable it.
|
||||
LLDP=no
|
||||
|
||||
# IPv4
|
||||
[Network]
|
||||
|
||||
Address=10.0.0.1/24
|
||||
|
||||
IPMasquerade=yes
|
|
@ -0,0 +1,42 @@
|
|||
[NetDev]
|
||||
Name=wg0
|
||||
|
||||
Description=Wireguard Client Peer
|
||||
|
||||
Kind=wireguard
|
||||
|
||||
[WireGuard]
|
||||
|
||||
# I usually set this to the port number of the main peer it's not really
|
||||
# needed but useful for firewalls.
|
||||
FirewallMark=500
|
||||
|
||||
# The Base64 encoded private key for the interface. It can be generated
|
||||
# using the wg genkey command (see wg(8)). This option or
|
||||
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
|
||||
# information is secret, you may want to set the permissions of the
|
||||
# .netdev file to be owned by "root:systemd-network" with a "0640" file
|
||||
# mode.
|
||||
PrivateKey=<KEY>
|
||||
|
||||
# Public key for the above private key. Only here as a reminder.
|
||||
#PublicKey=<PUBKEY>
|
||||
|
||||
|
||||
# Your Peers.
|
||||
[WireGuardPeer]
|
||||
|
||||
# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
|
||||
# private key, and usually transmitted out of band to the author of the
|
||||
# configuration file. This option is mandatory for this section.
|
||||
PublicKey=<PUBKEY>
|
||||
|
||||
# Comma-separated list of IP addresses with CIDR masks from which this
|
||||
# peer is allowed to send incoming traffic and to which outgoing traffic
|
||||
# for this peer is directed.
|
||||
AllowedIPs=0.0.0.0/0, ::/0
|
||||
|
||||
PersistentKeepalive=20
|
||||
|
||||
# Endpoint of a peer (for clients).
|
||||
#Endpoint=<IP>:<PORT>
|
|
@ -0,0 +1,12 @@
|
|||
# Needs wg0.netdev & wireguard & wireguard-tools installed to work.
|
||||
|
||||
[Match]
|
||||
Name=wg0
|
||||
|
||||
[Address]
|
||||
Address=10.0.0.2/24
|
||||
|
||||
[Route]
|
||||
Gateway=10.0.0.1
|
||||
|
||||
GatewayOnlink=true
|
|
@ -0,0 +1,46 @@
|
|||
# Usage
|
||||
|
||||
Copy the device files that you need to `/etc/systemd/network/`.
|
||||
|
||||
Be sure the file-names, folders and configuration values (within the files) are changed to match your devices ([note 1](#Notes)). Wifi (wlan) devices also need wpa_supplicant configured to work.
|
||||
|
||||
## Example
|
||||
|
||||
Say I have eth0 and want network access (and an IP via DHCP) from my router; I would do the following...
|
||||
|
||||
```
|
||||
sudo -s # Drop to root.
|
||||
cp -rv 10-eth0* /etc/systemd/network/ # Copy the files.
|
||||
|
||||
systemctl enable --now systemd-networkd # Enable networkd now.
|
||||
|
||||
networkctl reload # Reload the configuration.
|
||||
|
||||
networkctl status # Check the log for any errors.
|
||||
```
|
||||
|
||||
If there are NO **and I mean NO errors** from the commands above...
|
||||
|
||||
```
|
||||
networkctl reconfigure eth0 # Tell networkd to reconfigure the device.
|
||||
|
||||
mv /etc/network/ /etc/network.disabled/ Move the old network configuration.
|
||||
|
||||
reboot # Restart to be sure.
|
||||
```
|
||||
|
||||
## Enabling systemd-resolved
|
||||
|
||||
I like to use systemd-resolved for DNS..
|
||||
|
||||
```
|
||||
sudo -s # Drop to root.
|
||||
|
||||
ln -sfv /var/run/systemd/resolve/stub-resolv.conf /etc/resolv.conf # Create a symlink.
|
||||
|
||||
systemctl enable --now systemd-resolved # Enable resolved now.
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
**1**: This is very important otherwise things won't work. For example, if you have eth1 and not eth0 you'll have to copy and/or rename `eth0.network` to `eth1.network`. Check, and then check again.
|
|
@ -0,0 +1,51 @@
|
|||
# SIMCOM 7600G modem On A Raspberry Pi 4
|
||||
|
||||
This is using [The Waveshare 4G dongle from ThePiHut][4G Dongle].
|
||||
|
||||
**A warning about power**
|
||||
|
||||
No matter which mode used USB disconnects were frequent, mostly when
|
||||
moving the device. I incorrectly assumed the default mode QMI was
|
||||
causing the issue, but it was the modem drawing more current
|
||||
(than the Pi 4 could supply) to latch/keep connected onto a 4G mast.
|
||||
This was with the official Raspberry Pi UK 5.1v 3a power supply too.
|
||||
|
||||
The current method I use to power both the Pi 4 & modem is via this
|
||||
[USB Hub]. There is a warning at first boot about the device not
|
||||
responding but after a automatic bus reset it is fine and works as
|
||||
expected.
|
||||
|
||||
## Switching Modes
|
||||
|
||||
The modem has many modes (see the [PDF Manual] pages 50-51), You can use
|
||||
the mode you prefer. I recommend the USB standard MBIM mode or QMI if
|
||||
you have issues.
|
||||
|
||||
### USB Mode
|
||||
|
||||
Connect to SIMCOM7600 AT com port using minicom...
|
||||
```
|
||||
apt install minicom
|
||||
|
||||
minicom -D /dev/ttyUSB2
|
||||
```
|
||||
|
||||
In minicom get default mode (to revert later if needed)...
|
||||
```
|
||||
AT+CUSBPIDSWITCH
|
||||
```
|
||||
|
||||
Set USB mode...
|
||||
|
||||
```
|
||||
AT+CUSBPIDSWITCH=9011,1,1
|
||||
```
|
||||
|
||||
After the device has rebooted connect to minicom again & issue...
|
||||
```
|
||||
AT+CLANMODE=1
|
||||
```
|
||||
|
||||
[PDF Manual]: https://usermanual.wiki/m/e87a5540256c1ed0390232e8663c1f46570ff85b21c470d98dce792ecedd3525.pdf
|
||||
[USB Hub]: https://smile.amazon.co.uk/gp/product/B08K3GFD3Q
|
||||
[4G Dongle]: https://thepihut.com/products/sim7600g-h-4g-usb-dongle
|
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=Proxy internal lan HTTP
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=socat -v tcp-listen:8080,reuseaddr,fork tcp:192.168.156.2:80
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=mnt-sda1
|
||||
|
||||
[Mount]
|
||||
What=/dev/sda1
|
||||
Where=/mnt/sda1
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,61 @@
|
|||
# apt install --no-install-recommends libqmi-utils
|
||||
# cp -v ./qmi-network@.service /etc/systemd/system/
|
||||
# systemctl daemon-reload
|
||||
# systemctl enable --now qmi-network@0
|
||||
|
||||
# This will NOT work without a .network for your wwan device.
|
||||
[Unit]
|
||||
Description=qmi-network for cdc-wdm%i device
|
||||
|
||||
Before=freepbx.service
|
||||
Before=asterisk.service
|
||||
|
||||
After=sys-subsystem-net-devices-wwan%i.device
|
||||
Wants=sys-subsystem-net-devices-wwan%i.device
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Restart=always
|
||||
TimeoutSec=300s
|
||||
|
||||
# Leave the following blank/as-is for auto-detection.
|
||||
# Internet APN.
|
||||
Environment=APN=""
|
||||
# APN Username.
|
||||
Environment=APN_USER=""
|
||||
# APN Password.
|
||||
Environment=APN_PASS=""
|
||||
# IP type is usually 4, 6 or 4|6.
|
||||
Environment=IP_TYPE="4|6"
|
||||
# Change to yes to use qmi proxy.
|
||||
Environment=PROXY="no"
|
||||
|
||||
# Make sure the state is cleared before starting.
|
||||
ExecStartPre=-rm /tmp/qmi-network-state-cdc-wdm%i
|
||||
|
||||
# Stop wwan so it can be reconfigured.
|
||||
ExecStartPre=networkctl down wwan%i
|
||||
|
||||
# Raw IP must be enabled.
|
||||
ExecStartPre=sh -c "echo 'Y' | tee /sys/class/net/wwan%i/qmi/raw_ip"
|
||||
|
||||
# Start the network via qmi-network scripts.
|
||||
# As some networks and/or devices take a long time to connect we should
|
||||
# give it some time to be ready before starting the connection process.
|
||||
ExecStartPre=-sh -e -c "sleep 60; qmi-network /dev/cdc-wdm%i start"
|
||||
|
||||
# Bring up the network.
|
||||
ExecStartPre=networkctl up wwan%i
|
||||
|
||||
# Small loop as the main process to watchdog the connection.
|
||||
# (NOTE: DHCP must be given a little time to settle before pinging).
|
||||
ExecStart=sh -e -c "sleep 10; while true; do ping -w 120 -I wwan%i -c 5 one.one.one.one; sleep 300; done;"
|
||||
|
||||
# Stop.. DOWN TIME!
|
||||
ExecStop=networkctl down wwan%i
|
||||
ExecStop=qmi-network /dev/cdc-wdm%i stop
|
||||
# Be sure the network state is cleared on stop too.
|
||||
ExecStop=-rm /tmp/qmi-network-state-cdc-wdm%i
|
||||
|
||||
[Install]
|
||||
WantedBy=sys-subsystem-net-devices-wwan%i.device
|
|
@ -0,0 +1,17 @@
|
|||
# !! Requires a netdev configured to work
|
||||
#
|
||||
# $ cp -v ./wifi-power\@.service /etc/systemd/system/
|
||||
# $ systemctl daemon-reload
|
||||
#
|
||||
#
|
||||
# $ systemctl enable --now wifi-power@wlan0
|
||||
[Unit]
|
||||
Description=Toggle %i power saving
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=iw %i set power_save on
|
||||
ExecStop=iw %i set power_save off
|
||||
|
||||
[Install]
|
||||
WantedBy=sys-subsystem-net-devices-%i.device
|
|
@ -0,0 +1,76 @@
|
|||
# WPA Supplicant
|
||||
|
||||
You must be root `sudo -s`!
|
||||
|
||||
All wireless devices need wpa_supplicant to work correctly, so let's
|
||||
install it...
|
||||
|
||||
```
|
||||
apt install wpa_supplicant
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
To avoid issues with rogue wpa_supplicant processes disable the default
|
||||
service...
|
||||
|
||||
```
|
||||
systemctl disable wpa_supplicant.service
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Now using the example `wpa_supplicant-wlan0.conf` file; Copy it into
|
||||
`/etc/wpa_supplicant`...
|
||||
|
||||
```
|
||||
cp -iv wpa_supplicant-wlan0.conf /etc/wpa_supplicant-wlan0.conf
|
||||
```
|
||||
|
||||
**You must rename it to match your wireless device if different, or if
|
||||
you already have a `/etc/wpa_supplicant/wpa_supplicant-wlan0.conf` file
|
||||
and you don't want to overwrite it. You can use `ip addr` to find it.**
|
||||
|
||||
```
|
||||
cp -iv wpa_supplicant-wlan0.conf /etc/wpa_supplicant-wlan1.conf
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
We only want root to be able to read the configuration as it contains
|
||||
passwords...
|
||||
|
||||
```
|
||||
chmod -Rv 600 /etc/wpa_supplicant/*.conf
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Start the service for our device...
|
||||
|
||||
```
|
||||
systemctl enable --now wpa_supplicant@wlan0.service
|
||||
```
|
||||
|
||||
**Make sure you change the name of the device if yours is different!**
|
||||
|
||||
```
|
||||
systemctl enable --now wpa_supplicant@wlan1.service
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
Finally we need to restart the device...
|
||||
|
||||
**Once again make sure you get the right device!**
|
||||
|
||||
```
|
||||
networkctl down wlan0
|
||||
networkctl up wlan0
|
||||
```
|
||||
|
||||
And check everything is working..
|
||||
|
||||
```
|
||||
networkctl status wlan0
|
||||
```
|
|
@ -0,0 +1,26 @@
|
|||
# $ systemctl disable wpa_supplicant.service
|
||||
# $ cp -v ./wpa_supplicant-wlan0.conf /etc/wpa_supplicant/
|
||||
# $ chmod -Rv 600 /etc/wpa_supplicant/*.conf
|
||||
# $ systemctl enable --now wpa_supplicant@wlan0.service
|
||||
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
|
||||
update_config=1
|
||||
|
||||
# Change to match your country.
|
||||
country=GB
|
||||
|
||||
network={
|
||||
# Modify these two lines to match your wifi settings!
|
||||
ssid="Internet"
|
||||
psk="password"
|
||||
|
||||
# "WPA2/WPA3 PSK, SAE" mixed uncomment the lines below.
|
||||
key_mgmt=WPA-PSK-SHA256
|
||||
ieee80211w=2
|
||||
|
||||
# If you use WPA-PSK / PSK2 uncomment the lines below.
|
||||
# proto=RSN
|
||||
# key_mgmt=WPA-PSK
|
||||
# pairwise=CCMP
|
||||
# group=CCMP
|
||||
# auth_alg=OPEN
|
||||
}
|
Loading…
Reference in New Issue