mpmc
/
kit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add files from misc repo

This commit is contained in:
mpmc 2022-09-14 23:09:19 +01:00
parent a49bf9138c
commit 618f91c335
41 changed files with 1808 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
caddy/Caddyfile Executable file
View File

@ -0,0 +1,102 @@
# Global options
{
# Debug mode - uncomment to activate.
#debug
# Use local-only certs? Comment out the on_demand_tls block
# if you use this.
#local_certs
# To use automatic on/demand SSL/TLS certs we need to ask an
# end-point if we host the domain.
on_demand_tls {
# This can be any http url you like, a domain query will be
# attached. A request will be made such as
# http://my.end.point:80/hosted/?domain=myawesomesite.foo
# The end-point MUST return a 200 response if the domain is
# valid.
#ask http://my.end.point:80/hosted/
# So we don't have to use external scripting let's get caddy
# to check a directory for us instead. There needs to be a
# block below to handle this otherwise all domains using SSL
# will fail.
ask http://127.0.0.1:62453/
}
}
# On-demand SSL/TLS end-point to check if we host the domain before
# getting a cert.
http://127.0.0.1:62453 {
# The folder where ALL sites are so we can check if hosted or not.
# No files from here are served.
root * /var/www/
# Log to stdout.
log
# Rewrite the domain query into a path request and only if /.
@domain_query {
path /
query domain=*
}
rewrite @domain_query /{query.domain}/
# Match domain.
# The path regex matcher must come first, Thanks caddy devs!
# Info https://github.com/caddyserver/caddy/issues/4204
@domain_in_path path_regexp domain \/(www\.)?([^\.\\\/].{1,})\/
handle @domain_in_path {
@domain_exists file {re.domain.2}/
respond @domain_exists 200 {
close
}
}
# Default response if domain doesn't exist.
respond 404 {
close
}
}
# Catch-all SSL/TLS site(s) - this must be last!
:443 {
# Strip www from host header.
@host_header header_regexp host Host (www\.)?([^\.\\\/].{1,})
# Enable on-demand SSL/TLS certs.
tls {
on_demand
}
handle_errors {
respond "{http.error.status_text}." {
close
}
}
handle @host_header {
root * /var/www/{re.host.2}/htdocs/
file_server {
hide .* ~*
}
@has_reverse_proxy {
file /run/{re.host.2}.sock
path !*.php
}
handle @has_reverse_proxy {
reverse_proxy unix//run/{re.host.2}.sock {
header_up Host {upstream_hostport}
header_up X-Forwarded-Host {host}
}
}
php_fastcgi unix//run/php/{re.host.2}.sock {
# This only works with Caddy versions >= 2.4.6
try_files {path} {path}/ {path}/index.php =404
}
}
error 404
}

78
caddy/Caddyfile-localonly Executable file
View File

@ -0,0 +1,78 @@
# Global options
{
# Debug mode - uncomment to activate.
#debug
# Use local-only certs.
local_certs
}
# For freepbx.
:443 {
handle_errors {
respond "{http.error.status_text}." {
close
}
}
root * /var/www/localhost/htdocs/
# https://community.freepbx.org/t/using-caddy-instead-of-apache-in-freepbx/80200
handle /admin/* {
@blocked_admin {
path */.*
path */i18n/*
path */helpers/*
path */libraries/*
path */node/*
path */views/*php
}
respond @blocked_admin 403
php_fastcgi unix//run/php/localhost.sock
file_server
}
handle {
@blocked_main {
path */.*
}
respond @blocked_main 403
php_fastcgi unix//run/php/localhost.sock
file_server
}
error 404
}
# Local only service (original).
localhost.orig:443 {
# Strip www from host header.
@host_header header_regexp host Host (www\.)?([^\.\\\/].{1,})
handle_errors {
respond "{http.error.status_text}." {
close
}
}
handle @host_header {
root * /var/www/{re.host.2}/htdocs/
file_server {
hide .* ~*
}
@has_reverse_proxy {
file /run/{re.host.2}.sock
path !*.php
}
handle @has_reverse_proxy {
reverse_proxy unix//run/{re.host.2}.sock {
header_up Host {upstream_hostport}
header_up X-Forwarded-Host {host}
}
}
php_fastcgi unix//run/php/{re.host.2}.sock {
# This only works with Caddy versions >= 2.4.6
try_files {path} {path}/ {path}/index.php =404
}
}
error 404
}

122
caddy/README.debian.md Executable file
View File

@ -0,0 +1,122 @@
# Caddy
To setup Caddy you must be root ( `sudo -s` ).
Add the repo...
```
apt install -y curl debian-keyring debian-archive-keyring apt-transport-https
curl 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o /etc/apt/trusted.gpg.d/caddy_repo_signing.asc
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
```
---
Now update apt & install it...
```
apt update
apt install caddy
```
---
Once installed we need to make a backup of the default Caddyfile and
replace it with our own...
```
mv -iv /etc/caddy/Caddyfile /etc/caddy/Caddyfile.old
cp -v ./Caddyfile /etc/caddy/Caddyfile
```
---
We need somewhere to serve sites...
```
mkdir -v /var/www
```
## Site setup
Create the site's base directory but don't include `www.` and
change to it...
```
mkdir -v /var/www/example.com
cd /var/www/example.com
```
**Make sure you're in the right directory before continuing.** You can
use a tilde `~` in your terminal to see your current directory.
---
The site needs some folders...
```
mkdir -v htdocs
mkdir data tmp sessions
```
`htdocs` is where the site's public-accessible files are kept,
`data` is for private site files, `tmp` is for temporary site files -
such as uploads, and `sessions` is for site vistor session data.
---
Everyone on the system can access the site's files and we don't want
that, change the folder(s) permissions...
**Take note of the `.` in the command below do not just enter `/` !**
```
chmod -Rv 750 ./
```
---
Drat, only root can access the folders now, but Caddy and others need
to be able to read the htdocs folder too...
```
chmod -Rv 755 htdocs
```
---
If you want another user on the system to own the files, say we have
user `fred` and they're in group `fred`...
**Take note of the `.` in the command below do not just enter `/` !**
```
chown -Rv fred:fred ./*
```
If `fred` is in a different user group and you don't know which, you can
run `groups fred` to find out!
---
## Things to know
The `Caddyfile` included here will (in this order)...
* Check if the requested host (without `www.`) is served here, if not
return 404.
* If the requested file exists serve it. The files index.html index.php
take precedence and will always be served if no path is given. Requests
where the requested path/file doesn't exist will be passed on to the
other handlers (described below).
* Reverse proxy the request if a socket matching the hostname
(without `www.`) exists in `/run/`. This can be any service that
understands how to handle HTTP requests. It just needs to be setup to
listen via a socket matching the hostname in `/run/`, e.g.
`/run/myawesomesite.com.sock`.
* If the above socket does not exist and/or a php file is requested,
attempt to pass along the request to php-fpm (setup to listen via a
socket matching the hostname in `/run/php`, e.g.
`/run/php/myawesomesite.com.sock`).
* Return 404 if the request cannot be handled by any of the above.

45
dnsmasq.d/README.debian.md Executable file
View File

@ -0,0 +1,45 @@
# Dnsmasq
To setup Dnsmasq you must be root ( `sudo -s` ) then install it with...
```
apt install dnsmasq
```
**When using systemd-resolved, you'll get a service start failure during install, so must disable DNS forwarding.**...
```
cp -iv disable-forwarding.conf /etc/dnsmasq.d/
```
---
Once installed, we want dnsmasq to serve addresses...
**You'll need to change the IP address range (in the file) to match your LAN configuration.**
```
cp -iv dhcp-server.conf /etc/dnsmasq.d/
```
---
Static IP addresses can be set, copy the file `dhcp-server-static.conf` in this directory to `/etc/dnsmasq.d/`...
**You'll need to add the MAC and IP addresses for your devices.**
```
cp -iv dhcp-server-static.conf /etc/dnsmasq.d/
```
---
Finally restart dnsmasq and check for errors.
```
systemctl restart dnsmasq
systemctl status dnsmasq
```
You should now have a running dnsmasq service!

1
dnsmasq.d/dhcp-server-static.conf Executable file
View File

@ -0,0 +1 @@
dhcp-host=ff:ff:ff:ff:ff:ff,192.168.156.2,24h

13
dnsmasq.d/dhcp-server.conf Executable file
View File

@ -0,0 +1,13 @@
log-dhcp
domain-needed
bogus-priv
no-resolv
server=1.1.1.1
server=1.0.0.1
listen-address=::1,127.0.0.1,192.168.156.1
expand-hosts
domain=lan
dhcp-range=192.168.156.2,192.168.156.250,24h
dhcp-option=option:router,192.168.156.1
dhcp-authoritative
#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases

2
dnsmasq.d/disable-forwarding.conf Executable file
View File

@ -0,0 +1,2 @@
# You only need this if using systemd-resolved.
port=0

166
other_py_scripts/two_resistor_output.py Executable file
View File

@ -0,0 +1,166 @@
#!/usr/bin/env python3
"""Variables with values exclosed in 3 double quotes (") allow
multi-line strings. It can also be used for comments.
Any words in curly braces like {this} are placeholders & can be replaced
later if desired with the method 'format' on string variables.
Single line strings can have replaceable placeholders too.
Below is a variable named "foo" containing a single line string with
a placeholder...
foo = "Here is a single line placeholder of {replaceme}."
We can just print foo as-is using...
print(foo)
or replace _all_ "{replaceme}" within it using format...
print(foo.format(replaceme='new value here'))
or replace it with another variable...
new_replaceme='this is a new replacement'
print(foo.format(replaceme=new_replaceme)
Make sure that any variables, (new_replaceme in the above in this case)
is defined or you'll get a KeyError if you try to print a format()'d
string!
"""
msg = """Voltage Divider Calculator (v1.1)
Formula: "Voltage out is Voltage in * Resistor 2 / Resistor 1 + Resistor 2"
You entered:
Voltage in {voltage}
Resistor 1 {resistor1}
Resistor 2 {resistor2}
Which equals:
{output}
Output voltage is: "{output}", rounded (nearest 10) is "{rounded}"!
"""
error = """Usage: python3 {script} <voltage in> <resistor 1> <resister 2>.
Example: python3 {script} 5000 2000 4000
Seeing an Error?
ValueError: You enter an invalid value (or left it empty).
"""
def main(args):
"""
The parameter args is a list populated by your shell/terminal.
All values are added in the order they were passed to the script.
The first item in the list args[0] will always be the script
that was passed to python. If you named this file foo.py and
called python3 foo.py args[0] would be the string "foo.py".
"""
# Remove this script's file-name and store it in the variable
# "script" for later use.
script = args.pop(0)
"""
"try and except" allows us to capture an exception (in this case
we only want to capture a ValueError so we can first print
a nice error message and then have python raise it, printing it
underneath, and finally exiting.
"""
try:
"""
What "list(map(int, args))" is doing...
As we've already removed the script file-name from the args
list we should just be left with numberic values.
However, they're strings and we need integers!
We use the built-in method "map" which calls the method
given ("int" here), that'll convert each value (from strings)
within the list to the integers we need.
Now we have a new problem we've given ourselves :(.
"map" will return a map object which we don't want so we
need to convert (the map object) back into a list,
using, you guessed it, the method named "list"!
Each value from the converted list is then unpacked into the
variables "voltage", "resistor1" and "resistor2" (from right
to left). So say we have a list of [1, 2, 3], We can
unpack those values as...
one, two, three = [1, 2, 3]
"""
voltage, resistor1, resistor2 = list(map(int, args))
# Here we're just calulating the voltage value using the values
# from each variable.
output = voltage * (resistor2 / (resistor1 + resistor2))
except ValueError:
"""
Oh no, we're missing a value or a non-numeric value was
entered! Let the user know by printing our nice
error message, contained with in the "error" multi-line
variable above.
Remember the "replaceme" variable we talked about earlier?
Well, we're doing the same thing here but we're replacing
the text "{script}" (in the "error" variable above) with
the variable "script" (also above!).
It sounds confusing? Yes, I agree. It can be made easier
by using another word different to your variable as a
placeholder and replace it with any variable you like!
script = "carrots are lovely"
msg = "my {placeholder}."
print(msg.format(placeholder=script))
"""
print(error.format(script=script))
"""
STOP! Ham, Ahem... Exception time!
"raise" here (unless captured by another try/except block)
just tells python to print the exception then
stop executing the script.
"""
raise
"""
If we get here it means our voltage has been calculated,
and so (just like the above error message) we format then
print the _good_ message "msg" variable and we're done.
"""
print(msg.format(voltage=voltage, resistor1=resistor1,
resistor2=resistor2, output=output,
rounded=round(output)))
"""
This "if block" tells python not to run the method "main" (above)
If our script was imported by another python script.
The method "main" will only get called if our script was called directly
by python and is the "main" (hence __main__ below) script.
This also means we import our script from within another script and
call our module's (what python calls scripts) method "main".
"""
if __name__ == '__main__':
import sys
# main(sys.argv) calls our main function & passes the arguments
# given to it by the terminal.
# sys.exit returns the value from the method main.
sys.exit(main(sys.argv))

43
other_sh_scripts/asterisk-18.sh Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash
set -eux
DATE_STAMP=$(date '+%s')
apt -y install build-essential checkinstall libncurses5 git curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev libjansson-dev libxml2-dev uuid-dev default-libmysqlclient-dev
mkdir asterisk-${DATE_STAMP:-fail}
cd asterisk-${DATE_STAMP:-fail}
mkdir build
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz \
-O asterisk-18-current.tar.gz --show-progress
cd build
tar xf ../asterisk-18-current.tar.gz
cd asterisk*
# Main build bit.
./contrib/scripts/get_mp3_source.sh
contrib/scripts/install_prereq install
./configure
make
#sudo checkinstall --default --pkgname asterisk --addso=yes make install config samples
echo "Install Asterisk and kitchen sink (everything)?"
read
make install
make samples
make config
ldconfig
exit 0;

27
other_sh_scripts/asterisk-chan-quectel.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
set -eux
DATE_STAMP=$(date '+%s')
apt install asterisk asterisk-dev libasound2-dev build-essential git
mkdir asterisk-chan-quectel-${DATE_STAMP}
cd asterisk-chan-quectel-${DATE_STAMP}
mkdir build
cd build
git clone https://github.com/IchthysMaranatha/asterisk-chan-quectel.git .
./bootstrap
INSTALLED_AST_VERSION=$(asterisk -V | cut -d " " -f 2)
./configure --with-astversion=${INSTALLED_AST_VERSION}
make
make install

86
other_sh_scripts/backup.sh Executable file
View File

@ -0,0 +1,86 @@
#!/bin/bash
# Crontab line.
#0 2 * * * bash /root/backup.sh | tee -a /var/log/backup_$(date +"\%Y-\%m-\%d").log
# Exit on error.
# Because I've been grilled about not using this - phillw, I'm looking
# at you ;)
set -e
# Where do we locally store the backups?
BACKUP_STORE='/backup'
# What directories do we backup?
# Each _full_ path must be seperated by a space. If a path uses a
# special char e.g, space or non-alphanumeric chars escape it with a
# backslash.
BACKUP_DIRS='/etc /home /var/www /root'
# A date string for file/folder-names.
SCRIPT_RUN_DATE=`date '+%Y-%m-%d-%H-%M'`
# Backup the above $BACKUP_DIRS. Set to 0 to disable.
BACKUP_DIRECTORIES_AND_FILES="1"
# CRON backup? Set to 0 to disable.
BACKUP_CRON="1"
# MARIADB/MYSQL dump backup? Set to 0 to disable.
BACKUP_SQL="1"
## Edit below at own risk..
if [[ $EUID -ne 0 ]]; then
echo 'run as root'
exit 1
fi
# Before we do anything, switch to our backup store directory.
cd "${BACKUP_STORE:-/tmp/$SCRIPT_RUN_DATE}"
# Now make our backup directory using the script_run_date.
BACKUP_CWD="./${SCRIPT_RUN_DATE:-fail}"
mkdir "${BACKUP_CWD}"
cd "${BACKUP_CWD}"
if [[ "$BACKUP_DIRECTORIES_AND_FILES" == "1" ]]; then
for OBJ in ${BACKUP_DIRS:-}; do
OBJ_S=${OBJ//\//-}
OBJ_S=${OBJ_S/-/}
if [[ ! -f "${OBJ}" ]]; then
if [[ ! -d "${OBJ}" ]]; then
printf "\n!! file or directory \"%s\" not found, skipping..\n" "${OBJ}"
continue;
fi
fi
tar -cJf "./$OBJ_S.tar.xz" "${OBJ}"
done
fi
if [[ "$BACKUP_SQL" == "1" ]]; then
DATABASES="$(echo "show databases" | mysql | grep -Ev "^(Database|mysql|performance_schema|information_schema)$" | paste -sd " " -)"
[[ -z "${DATABASES:-}" ]] && exit 1
for DB in $DATABASES; do
mysqldump --single-transaction --routines --events --triggers --lock-tables $DB > "./$DB.sql" || exit 1;
done
fi
if [[ "$BACKUP_CRON" == "1" ]]; then
for USER in $(cut -f1 -d: /etc/passwd); do
crontab -u $USER -l > "${USER}-cron.txt" || continue;
done
fi
echo "$SCRIPT_RUN_DATE OK" >> /var/log/$0-run.log

12
other_sh_scripts/caddy-install.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
# Exit on error.
set -e
# The following was modifed but the original was graciously provided by the
# caddy docs -> https://caddyserver.com/docs/install#debian-ubuntu-raspbian
apt install -y curl debian-keyring debian-archive-keyring apt-transport-https
curl 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o /etc/apt/trusted.gpg.d/caddy_repo_signing.asc
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install caddy

19
other_sh_scripts/favourites.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Exit on error.
# Because I've been grilled about not using this - phillw, I'm looking
# at you ;) - No, you'll never escape this lmao.
set -e
LIST='rsync nano htop net-tools vnstat screen git curl coreutils chrony
command-not-found'
[[ ! "${1:-}" == "1" ]] && \
printf 'Install "%s?" - press ctrl+c to cancel\n' "$LIST" && read
apt update
for pkg in $LIST
do
apt install -y "$pkg"
done

83
other_sh_scripts/mariadb-add-user-db.sh Executable file
View File

@ -0,0 +1,83 @@
#!/bin/bash
# Exit on error.
set -e
# Command we pipe to execute the sql.
sql_cmd='mariadb -u root'
# SQL to create the database.
sql_create_db="CREATE DATABASE \`%s\`;"
# SQL to create user.
sql_create_user="CREATE USER IF NOT EXISTS '%s'@'%s' IDENTIFIED BY '%s';"
# SQL grant usage.
sql_grant_usage="GRANT USAGE ON *.* TO '%s'@'%s' IDENTIFIED BY '%s';"
# SQL grant on users database.
sql_grant_on_db="GRANT ALL privileges ON \`%s\`.* TO '%s'@'%s';"
# SQL flush
sql_flush='FLUSH PRIVILEGES;'
DB_HOST='localhost'
DB_USER=""
DB_NAME=""
DB_PASS=""
DB_PASS_REP=""
new_user() {
printf '(new) database user?\n' && read -t 120 DB_USER;
[[ ! "${DB_USER}" =~ ^[A-Za-z]{1}[A-Za-z0-9\_\-]+$ ]] && \
printf 'min 2 chars, A-z0-9_- allowed.. ' && new_user
return 0
}
new_db_name() {
printf '(new) database name?\n' && read -t 120 DB_NAME;
[[ ! "${DB_NAME}" =~ ^[A-Za-z]{1}[A-Za-z0-9\_\-]+$ ]] && \
printf 'min 2 chars, A-z0-9_- allowed.. ' && new_db_name
return 0
}
new_pass() {
printf 'password? (input hidden)\n' && read -st 120 DB_PASS;
printf 'password again?\n' && read -st 120 DB_PASS_REP;
[[ -z "$DB_PASS" ]] || [[ -z "$DB_PASS_REP" ]] && new_pass
[[ ! "$DB_PASS" == "$DB_PASS_REP" ]] && \
printf 'passwords do not match.. ' && new_pass
return 0
}
# Note: set -e requires the functions to return 0.
new_db_name
new_user
new_pass
# Create database.
printf "$sql_create_db" "$DB_NAME" | $sql_cmd;
# The user.
printf "$sql_create_user" "$DB_USER" "${DB_HOST:-NONE}" \
"$DB_PASS" | $sql_cmd;
# The grants.
printf "$sql_grant_usage" "$DB_USER" "${DB_HOST:-NONE}" \
"$DB_PASS" | $sql_cmd;
printf "$sql_grant_on_db" "$DB_NAME" "${DB_USER:-NONE}" \
"${DB_HOST:-NONE}" | $sql_cmd;
printf "$sql_flush" | $sql_cmd;

10
other_sh_scripts/mariadb-install.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
# Exit on error.
set -e
# Simple "script" to install mariadb-server
apt update && sudo apt install -y mariadb-server
# After the install is done, run the security script.
mysql_secure_installation

86
other_sh_scripts/nextcloud-sync.sh Executable file
View File

@ -0,0 +1,86 @@
#!/bin/bash
# Run this script with "(sudo) bash <filename> <args>".
#
# 0 2 * * * bash /root/nextcloud-sync.sh | tee /var/log/nextcloud.log > /dev/null 2>&1
# Exit on error.
#set -eux # debug on
set -e
# Timestamp
DATE_STAMP=$(date '+%s')
############ REMOTE
# Host must have SSH keys setup.
# Must have access to the below paths & access to the database.
SSH_REMOTE_HOST='host'
SSH_REMOTE_USER='root'
# The user to run the _REMOTE_ nextcloud install uses.
# For running commands etc.
NEXTCLOUD_REMOTE_USER='nextcloud'
NEXTCLOUD_REMOTE_DATABASE_NAME='nextcloud'
# Paths.
PHP_REMOTE_BIN='php'
NEXTCLOUD_REMOTE_FILE_DATA='/nextcloud/data'
NEXTCLOUD_REMOTE_FILE_ROOT='/var/www/nextcloud/htdocs'
REMOTE_NC_MAINTENANCE_ON="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST sudo -u $NEXTCLOUD_REMOTE_USER $PHP_REMOTE_BIN $NEXTCLOUD_REMOTE_FILE_ROOT/occ maintenance:mode --on"
REMOTE_NC_MAINTENANCE_OFF="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST sudo -u $NEXTCLOUD_REMOTE_USER $PHP_REMOTE_BIN $NEXTCLOUD_REMOTE_FILE_ROOT/occ maintenance:mode --off"
REMOTE_DB_CREATE_DUMP="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST mysqldump --single-transaction $NEXTCLOUD_REMOTE_DATABASE_NAME > /tmp/nextcloud-$DATE_STAMP.sql"
############ LOCAL
NEXTCLOUD_USER='nextcloud'
NEXTCLOUD_DATABASE_NAME='nextcloud'
# Paths.
PHP_BIN='php'
NEXTCLOUD_FILE_DATA='/nextcloud/data'
NEXTCLOUD_FILE_ROOT='/var/www/nextcloud/htdocs'
NC_MAINTENANCE_ON="sudo -u $NEXTCLOUD_USER $PHP_BIN $NEXTCLOUD_FILE_ROOT/occ maintenance:mode --on"
NC_MAINTENANCE_OFF="sudo -u $NEXTCLOUD_USER $PHP_BIN $NEXTCLOUD_FILE_ROOT/occ maintenance:mode --off"
GET_DB_DUMP_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:/tmp/nextcloud-$DATE_STAMP.sql /tmp/nextcloud-$DATE_STAMP.sql"
GET_DATA_FILES_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:$NEXTCLOUD_REMOTE_FILE_DATA/. $NEXTCLOUD_FILE_DATA"
GET_NC_FILES_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:$NEXTCLOUD_REMOTE_FILE_ROOT/. $NEXTCLOUD_FILE_ROOT"
#########
# Enable remote MAINTENANCE mode.
${REMOTE_NC_MAINTENANCE_ON}
# Make remote dump.
${REMOTE_DB_CREATE_DUMP}
# Enable local MAINTENANCE mode.
${NC_MAINTENANCE_ON}
# Sync nc files.
${GET_NC_FILES_FROM_REMOTE}
# Sync files.
${GET_DATA_FILES_FROM_REMOTE}
# Get database dump.
${GET_DB_DUMP_FROM_REMOTE}
# Disable remote MAINTENANCE mode.
${REMOTE_NC_MAINTENANCE_OFF}
# Restore database dump.
# You can't script this due to the redirection.
mysql $NEXTCLOUD_DATABASE_NAME < /tmp/nextcloud-$DATE_STAMP.sql && rm /tmp/nextcloud-$DATE_STAMP.sql
# Disable local MAINTENANCE mode.
${NC_MAINTENANCE_OFF}
echo "$DATE_STAMP OK" >> /var/log/nc-sync.log

37
other_sh_scripts/php8.1-sury-install.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash
# Run this script with "(sudo) bash <filename> <args>".
# Exit on error.
set -e
# We'll use the debian binaries provided by sury.org, we need some
# packages to add the repo.
#
# Most of this is taken from https://packages.sury.org/php/README.txt
# but I've modified one or two lines.
apt install -y apt-transport-https lsb-release ca-certificates curl
# PHP packages to install.
PHP_PKGS='php8.1-fpm php8.1-readline php8.1-mbstring php8.1-gd php8.1-curl php8.1-zip php8.1-mysql php8.1-dom'
# Apt format.
DEB_FMT='deb %s %s %s'
# Repo URL.
DEB_URL='https://packages.sury.org/php/'
DEB_KEY_URL='https://packages.sury.org/php/apt.gpg'
# Distro codename.
DISTRO_CODE="$(lsb_release -sc)"
REPO_SUITE='main'
curl -o /etc/apt/trusted.gpg.d/packages.sury.org.gpg "${DEB_KEY_URL:-}"
printf "${DEB_FMT:-}\n" "$DEB_URL" "$DISTRO_CODE" "$REPO_SUITE" |
tee /etc/apt/sources.list.d/php-packages.sury.list
apt update
apt install -y $PHP_PKGS

79
other_sh_scripts/site-dirs.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
# Run this script with "(sudo) bash <filename> <args>".
# Exit on error.
set -e
UNDER_PATH=${1:-`pwd`}
OWNER=${2:-www-data}
OWNER_GROUP=${3:-`id -gn $OWNER`}
PRIVATE_DIRS="data tmp sessions"
PUBLIC_DIRS="public"
printf 'Create site directories in "%s" owned by "%s" with group "%s"...
Is this correct?
OK = cd /var/www && sudo bash %s ./mysite.com <user> <group>
OK = sudo bash %s /var/www/mysite.com
AVOID = sudo bash %s /var/www/mysite.com/site2.com
<user> & <group> are optional, both default to www-data user/group.
The parent directory must already exist, this script will NOT
recursively create directories.
Press ctrl+c to cancel or enter to continue...' \
"$UNDER_PATH" "$OWNER" "$OWNER_GROUP" "$0" "$0" "$0"
read
[[ "$UNDER_PATH" == "/" ]] && (
printf "Do you really want to create this folder in your root path?
Press ctrl+c to cancel or hit enter to confirm...
" \
"$UNDER_PATH"
read
)
[[ -z "$OWNER_GROUP" ]] && (
printf '\nNo group for user "%s"!
' "$OWNER"
exit 1
)
printf 'Creating folders with user "%s" and group "%s"...
' "$OWNER" "$OWNER_GROUP"
mkdir "$UNDER_PATH"
cd "$UNDER_PATH"
mkdir ".test"
chown "$OWNER":"$OWNER_GROUP" .test || (
printf 'Failed change permissions of test folder :(.
-> Check the user and/or group exist!
-> You may need to be root or use sudo to run this script.
'
exit 1
)
[[ -d ".test" ]] && rm -R ".test"
# Create the private & public folders then set permissions...
for private_folder in $PRIVATE_DIRS; do
mkdir -v "$private_folder"
chown -v "$OWNER":"$OWNER_GROUP" "$private_folder"
chmod -cR 750 "$private_folder"
chmod -cR u+s,g+s,o+s "$private_folder"
done
for public_folder in $PUBLIC_DIRS; do
mkdir -v "$public_folder"
chown -v "$OWNER":"$OWNER_GROUP" "$public_folder"
chmod -cR 755 "$public_folder"
chmod -cR u+s,g+s,o+s "$public_folder"
done

32
other_sh_scripts/sshd-enable-sftp.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
# Run this script with "(sudo) bash <filename> <args>".
# Exit on error.
set -e
# sftp group to create/use
SFTP_GROUP='sftp'
if [[ ! -z "$1" ]]; then
usermod -aG "$SFTP_GROUP" "$1"
else
# Add sftp group.
addgroup ${SFTP_GROUP:-sftp} || true
cat << EOF > /etc/ssh/sshd_config.d/sftp.conf
Match Group ${SFTP_GROUP:-sftp}
PasswordAuthentication yes
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Match all
EOF
systemctl restart sshd
printf 'Call this script with a user to add them to the sftp group.\n'
fi

14
other_sh_scripts/sshd-limit-passwords.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
# Run this script with "(sudo) bash <filename> <args>".
# Exit on error.
set -e
# This is just a simple echo & a restart.
# NOTE: This will not stop passwords (for some users) if another config
# drop-in overrides it e.g, match group/users etc.
echo "PasswordAuthentication no" > \
/etc/ssh/sshd_config.d/10-PasswordAuthentication.conf
systemctl restart sshd

51
other_sh_scripts/systemd-network-enable-default-dhcp.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# Run this script with "(sudo) bash <filename> <args>".
# Exit on error.
set -e
[[ ! "$1" == "yes" ]] && (
printf "
This script modifies networking and will reboot your system!
Please ensure you have backup access.
DO NOT USE THIS IF YOU HAVE NO DHCP OR NEED STATIC IP ADDRESSING!!
To confirm, please re-run this script with \"yes\"
\"%s yes\".\n" "$0"
exit 1;
)
# Enable systemd-resolved & link stub-resolv.conf.
systemctl enable --now systemd-resolved
ln -sf /var/run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
cat << EOF > /etc/systemd/network/10-default-dhcp.network
[Match]
Name=*
[Network]
DHCP=yes
DNSOverTLS=opportunistic
DNS=1.1.1.1
DNS=1.0.0.1
# Link discovery causes some issues so disable it.
LLDP=no
EOF
# Before rebooting ensure old networking isn't started on boot.
systemctl disable networking
systemctl enable systemd-networkd
# Final warning.
printf 'Rebooting in 30 seconds, hit ctrl+c to cancel.\n'
sleep 30;
halt --reboot

17
other_sh_scripts/toggle-motd.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
# Run this script with "bash <filename>".
# Exit on error.
set -e
FILE='/etc/motd'
DISABLED_EXT='disabled'
if [ -f "${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}" ]; then
mv -v "${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}" \
"${FILE:-/tmp/none}"
else
mv -v "${FILE:-/tmp/none}" \
"${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}"
fi

65
php/7.4/fpm/pool.d/localhost.conf.example Executable file
View File

@ -0,0 +1,65 @@
; Change this to match your domain/sub-domain (don't include www.).
[localhost]
; Change the following lines to match your site user & group.
; you can run id -gn the_user_name_here to find out the group.
; You only need to change this if you have your site folders/files
; owned by a different user.
user = www-data
group = www-data
; This group must match your server group.
; The default www-data usually works fine provided your server software
; is in that group (it usually is).
listen.group = www-data
; Best to keep this as root.
listen.owner = root
; The $pool value is replaced with whatever you've entered in the
; section header [site.com] above.
; Your webserver needs to be setup to talk to the socket at this
; location.
listen = /run/php/$pool.sock
; Be sure to change these path values to match where your sites are.
; Leave the /$pool bit where it is.
; You only need to change /var/www/ to where you've placed your sites.
; e.g you have your sites in /var/srv, you'd enter /var/srv/$pool.
;
; Remember to change all the paths (if you need to)!!
prefix = /var/www/$pool
; session save_path needs a full path value.
php_admin_value[session.save_path] = $prefix/sessions
; These also need full path values.
env[TMP] = $prefix/tmp
env[TMPDIR] = $prefix/tmp
env[TEMP] = $prefix/tmp
; You generally don't need to edit anything else below this line.
listen.mode = 0660
php_admin_value[open_basedir] = $prefix:/usr/share/php:/etc/ssl/certs
php_admin_value[disable_functions] = dl,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f noreply@$pool
php_admin_value[memory_limit] = 256M
php_admin_value[upload_max_filesize] = 100M
php_admin_value[upload_tmp_dir] = $prefix/tmp
php_admin_value[error_log] = $prefix/tmp/php-error.log
php_admin_flag[log_errors] = on
php_flag[display_errors] = off
access.log = $prefix/tmp/php-access.log
access.format = "[%t] %m %{REQUEST_SCHEME}e://%{HTTP_HOST}e%{REQUEST_URI}e %f pid:%p took:%ds mem:%{mega}Mmb cpu:%C%% status:%s {%{REMOTE_ADDR}e|%{HTTP_X_FORWARDED_FOR}e|%{HTTP_USER_AGENT}e}"
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 600s
pm.max_requests = 1000
catch_workers_output = yes

96
php/README.debian.md Executable file
View File

@ -0,0 +1,96 @@
# PHP
Installing PHP on Debian is easy as...
```
apt install php-fpm php-readline php-mbstring php-gd \
php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
```
If you need a newer version, use the sury.org repos, take
a look at [this readme](https://packages.sury.org/php/README.txt) or
use the `php8.1-sury-install.sh` script in this directory...
```
sudo bash php8.1-sury-install.sh
```
---
Now you have php installed you need to copy the `localhost.conf.example`
file (See [notes 1](#Notes)) in this directory to where your php-fpm
pool files are.
**If you have multiple PHP versions installed you'll need to pick the
version you want your site to run on.**
So, for PHP-FPM 7.4 using the example file...
```
cp -v localhost.conf.example /etc/php/7.4/fpm/pool.d/yoursite.com.conf
```
For PHP 8.1...
```
cp -v localhost.conf.example /etc/php/8.1/fpm/pool.d/yoursite.com.conf
```
**You'll need to rename and modify the values (within the copied file)
to match your site. I've left the main things to change at the top
of the config file.**
---
Got your config modified and sorted? Great! Now we need to restart
php-fpm. This varies depending on your version, but just you change
the PHP version number in the command below...
For 7.4...
```
systemctl restart php7.4-fpm
```
And 8.1...
```
systemctl restart php8.1-fpm
```
fpm is now ready to serve your php files via the socket
`/run/php/yoursite.com.sock`. You'll need to configure your webserver to
send any PHP requests along to it. If you're using Caddy with my
Caddyfile you're already set.
TIP: You can use `systemctl status php7.4` to check for errors!
## Disabling configurations & what about `www.conf`?
The included `www.conf` won't hurt and can be left alone, although if
you want to disable it, just rename it to `www.conf.disabled`. You can
do the same for any other configs you don't want used...
```
cd /etc/php/7.4/fpm/pool.d/
mv -v www.conf www.conf.disabled
```
And to enable it again...
```
cd /etc/php/7.4/fpm/pool.d/
mv -v www.conf.disabled www.conf
```
PHP-FPM needs to be reloaded, you can do that with...
```
systemctl reload php7.4-fpm
```
## Notes
[1] It's a symlink to the one I use with 7.4. It works fine on PHP 8.1.

14
php/php-7.4-install.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
# Run this script with "(sudo) bash <filename> <args>".
# Exit on error.
set -e
apt install apt install php-fpm php-readline php-mbstring php-gd \
php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
mv -v /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.disabled
systemctl restart php7.4-fpm

53
systemd/network/10-eth0.network Executable file
View File

@ -0,0 +1,53 @@
[Match]
Name=eth0
## Only use one of these blocks!!
### DHCP (default most want)
[Network]
DHCP=yes
DNSOverTLS=opportunistic
DNS=1.1.1.1
DNS=1.0.0.1
# Link discovery causes some issues so disable it.
LLDP=no
## dhcp config end
## LAN
# Uncomment all below if you want to use eth0 as a lan network.
#[Network]
# IP address range.
#Address=192.168.156.1/24
# Packet forwarding.
#IPForward=yes
# Masquerade.
#IPMasquerade=both
# Link discovery causes some issues so disable it.
#LLDP=no
#[DHCPServer]
# Lease time
#DefaultLeaseTimeSec=300
# DNS to serve
#DNS=1.1.1.1
#DNS=1.0.0.1
# Enable serving of DHCP addresses from the network range.
#DHCPServer=yes
# Below not supported systemd < 250
#[DHCPServerStaticLease]
#MACAddress=xx:xx:xx:xx:xx:xx
#Address=192.168.156.2
## lan end

19
systemd/network/30-wwan0.network Executable file
View File

@ -0,0 +1,19 @@
[Match]
Name=wwan0
[Network]
DHCP=yes
DNSOverTLS=opportunistic
DNS=1.1.1.1
DNS=1.0.0.1
# Link discovery causes some issues so disable it.
LLDP=no
[DHCP]
# Make sure connection/route is chosen last!
RouteMetric=2048

14
systemd/network/50-usb0.network Executable file
View File

@ -0,0 +1,14 @@
[Match]
Name=usb0
[Network]
DHCP=yes
DNSOverTLS=opportunistic
DNS=1.1.1.1
DNS=1.0.0.1
# Link discovery causes some issues so disable it.
LLDP=no

15
systemd/network/60-wlan0.network Executable file
View File

@ -0,0 +1,15 @@
# Requires /etc/wpa_supplicant/wpa_supplicant-wlan0.conf to exist.
[Match]
Name=wlan0
[Network]
DHCP=yes
DNSOverTLS=opportunistic
DNS=1.1.1.1
DNS=1.0.0.1
# Link discovery causes some issues so disable it.
LLDP=no

41
systemd/network/70-wgs0.netdev Executable file
View File

@ -0,0 +1,41 @@
[NetDev]
Name=wgs0
Description=Wireguard Server Peer
Kind=wireguard
[WireGuard]
# Port to listen on.
ListenPort=500
# I usually set this to the port number above it's not really needed
# but useful for firewalls.
FirewallMark=500
# The Base64 encoded private key for the interface. It can be generated
# using the wg genkey command (see wg(8)). This option or
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
# information is secret, you may want to set the permissions of the
# .netdev file to be owned by "root:systemd-network" with a "0640" file
# mode.
PrivateKey=<KEY>
# Public key for the above private key. Only here as a reminder.
# systemd will ignore if uncommented.
#PublicKey=<PUBKEY>
# Your Peers.
[WireGuardPeer]
# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
# private key, and usually transmitted out of band to the author of the
# configuration file. This option is mandatory for this section.
PublicKey=<KEY>
# Comma-separated list of IP addresses with CIDR masks from which this
# peer is allowed to send incoming traffic and to which outgoing traffic
# for this peer is directed.
AllowedIPs=10.0.0.1.2/32

17
systemd/network/71-wgs0.network Executable file
View File

@ -0,0 +1,17 @@
# Needs netdev for wgs0, wireguard & wireguard-tools installed to work.
[Match]
Name=wgs0
[Network]
# Packet forwarding.
IPForward=yes
# Link discovery causes some issues so disable it.
LLDP=no
# IPv4
[Network]
Address=10.0.0.1/24
IPMasquerade=yes

42
systemd/network/80-wg0.netdev Executable file
View File

@ -0,0 +1,42 @@
[NetDev]
Name=wg0
Description=Wireguard Client Peer
Kind=wireguard
[WireGuard]
# I usually set this to the port number of the main peer it's not really
# needed but useful for firewalls.
FirewallMark=500
# The Base64 encoded private key for the interface. It can be generated
# using the wg genkey command (see wg(8)). This option or
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
# information is secret, you may want to set the permissions of the
# .netdev file to be owned by "root:systemd-network" with a "0640" file
# mode.
PrivateKey=<KEY>
# Public key for the above private key. Only here as a reminder.
#PublicKey=<PUBKEY>
# Your Peers.
[WireGuardPeer]
# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
# private key, and usually transmitted out of band to the author of the
# configuration file. This option is mandatory for this section.
PublicKey=<PUBKEY>
# Comma-separated list of IP addresses with CIDR masks from which this
# peer is allowed to send incoming traffic and to which outgoing traffic
# for this peer is directed.
AllowedIPs=0.0.0.0/0, ::/0
PersistentKeepalive=20
# Endpoint of a peer (for clients).
#Endpoint=<IP>:<PORT>

12
systemd/network/81-wg0.network Executable file
View File

@ -0,0 +1,12 @@
# Needs wg0.netdev & wireguard & wireguard-tools installed to work.
[Match]
Name=wg0
[Address]
Address=10.0.0.2/24
[Route]
Gateway=10.0.0.1
GatewayOnlink=true

46
systemd/network/README.md Executable file
View File

@ -0,0 +1,46 @@
# Usage
Copy the device files that you need to `/etc/systemd/network/`.
Be sure the file-names, folders and configuration values (within the files) are changed to match your devices ([note 1](#Notes)). Wifi (wlan) devices also need wpa_supplicant configured to work.
## Example
Say I have eth0 and want network access (and an IP via DHCP) from my router; I would do the following...
```
sudo -s # Drop to root.
cp -rv 10-eth0* /etc/systemd/network/ # Copy the files.
systemctl enable --now systemd-networkd # Enable networkd now.
networkctl reload # Reload the configuration.
networkctl status # Check the log for any errors.
```
If there are NO **and I mean NO errors** from the commands above...
```
networkctl reconfigure eth0 # Tell networkd to reconfigure the device.
mv /etc/network/ /etc/network.disabled/ Move the old network configuration.
reboot # Restart to be sure.
```
## Enabling systemd-resolved
I like to use systemd-resolved for DNS..
```
sudo -s # Drop to root.
ln -sfv /var/run/systemd/resolve/stub-resolv.conf /etc/resolv.conf # Create a symlink.
systemctl enable --now systemd-resolved # Enable resolved now.
```
## Notes
**1**: This is very important otherwise things won't work. For example, if you have eth1 and not eth0 you'll have to copy and/or rename `eth0.network` to `eth1.network`. Check, and then check again.

51
systemd/network/wwan-simcom7600.md Executable file
View File

@ -0,0 +1,51 @@
# SIMCOM 7600G modem On A Raspberry Pi 4
This is using [The Waveshare 4G dongle from ThePiHut][4G Dongle].
**A warning about power**
No matter which mode used USB disconnects were frequent, mostly when
moving the device. I incorrectly assumed the default mode QMI was
causing the issue, but it was the modem drawing more current
(than the Pi 4 could supply) to latch/keep connected onto a 4G mast.
This was with the official Raspberry Pi UK 5.1v 3a power supply too.
The current method I use to power both the Pi 4 & modem is via this
[USB Hub]. There is a warning at first boot about the device not
responding but after a automatic bus reset it is fine and works as
expected.
## Switching Modes
The modem has many modes (see the [PDF Manual] pages 50-51), You can use
the mode you prefer. I recommend the USB standard MBIM mode or QMI if
you have issues.
### USB Mode
Connect to SIMCOM7600 AT com port using minicom...
```
apt install minicom
minicom -D /dev/ttyUSB2
```
In minicom get default mode (to revert later if needed)...
```
AT+CUSBPIDSWITCH
```
Set USB mode...
```
AT+CUSBPIDSWITCH=9011,1,1
```
After the device has rebooted connect to minicom again & issue...
```
AT+CLANMODE=1
```
[PDF Manual]: https://usermanual.wiki/m/e87a5540256c1ed0390232e8663c1f46570ff85b21c470d98dce792ecedd3525.pdf
[USB Hub]: https://smile.amazon.co.uk/gp/product/B08K3GFD3Q
[4G Dongle]: https://thepihut.com/products/sim7600g-h-4g-usb-dongle

9
systemd/system/lan-http-proxy.service Executable file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Proxy internal lan HTTP
[Service]
Type=simple
ExecStart=socat -v tcp-listen:8080,reuseaddr,fork tcp:192.168.156.2:80
[Install]
WantedBy=multi-user.target

9
systemd/system/mnt-sda1.mount Executable file
View File

@ -0,0 +1,9 @@
[Unit]
Description=mnt-sda1
[Mount]
What=/dev/sda1
Where=/mnt/sda1
[Install]
WantedBy=multi-user.target

61
systemd/system/qmi-network@.service Executable file
View File

@ -0,0 +1,61 @@
# apt install --no-install-recommends libqmi-utils
# cp -v ./qmi-network@.service /etc/systemd/system/
# systemctl daemon-reload
# systemctl enable --now qmi-network@0
# This will NOT work without a .network for your wwan device.
[Unit]
Description=qmi-network for cdc-wdm%i device
Before=freepbx.service
Before=asterisk.service
After=sys-subsystem-net-devices-wwan%i.device
Wants=sys-subsystem-net-devices-wwan%i.device
[Service]
Type=simple
Restart=always
TimeoutSec=300s
# Leave the following blank/as-is for auto-detection.
# Internet APN.
Environment=APN=""
# APN Username.
Environment=APN_USER=""
# APN Password.
Environment=APN_PASS=""
# IP type is usually 4, 6 or 4|6.
Environment=IP_TYPE="4|6"
# Change to yes to use qmi proxy.
Environment=PROXY="no"
# Make sure the state is cleared before starting.
ExecStartPre=-rm /tmp/qmi-network-state-cdc-wdm%i
# Stop wwan so it can be reconfigured.
ExecStartPre=networkctl down wwan%i
# Raw IP must be enabled.
ExecStartPre=sh -c "echo 'Y' | tee /sys/class/net/wwan%i/qmi/raw_ip"
# Start the network via qmi-network scripts.
# As some networks and/or devices take a long time to connect we should
# give it some time to be ready before starting the connection process.
ExecStartPre=-sh -e -c "sleep 60; qmi-network /dev/cdc-wdm%i start"
# Bring up the network.
ExecStartPre=networkctl up wwan%i
# Small loop as the main process to watchdog the connection.
# (NOTE: DHCP must be given a little time to settle before pinging).
ExecStart=sh -e -c "sleep 10; while true; do ping -w 120 -I wwan%i -c 5 one.one.one.one; sleep 300; done;"
# Stop.. DOWN TIME!
ExecStop=networkctl down wwan%i
ExecStop=qmi-network /dev/cdc-wdm%i stop
# Be sure the network state is cleared on stop too.
ExecStop=-rm /tmp/qmi-network-state-cdc-wdm%i
[Install]
WantedBy=sys-subsystem-net-devices-wwan%i.device

17
systemd/system/wifi-power@.service Executable file
View File

@ -0,0 +1,17 @@
# !! Requires a netdev configured to work
#
# $ cp -v ./wifi-power\@.service /etc/systemd/system/
# $ systemctl daemon-reload
#
#
# $ systemctl enable --now wifi-power@wlan0
[Unit]
Description=Toggle %i power saving
[Service]
Type=oneshot
ExecStart=iw %i set power_save on
ExecStop=iw %i set power_save off
[Install]
WantedBy=sys-subsystem-net-devices-%i.device

76
wpa_supplicant/README.debian.md Executable file
View File

@ -0,0 +1,76 @@
# WPA Supplicant
You must be root `sudo -s`!
All wireless devices need wpa_supplicant to work correctly, so let's
install it...
```
apt install wpa_supplicant
```
---
To avoid issues with rogue wpa_supplicant processes disable the default
service...
```
systemctl disable wpa_supplicant.service
```
---
Now using the example `wpa_supplicant-wlan0.conf` file; Copy it into
`/etc/wpa_supplicant`...
```
cp -iv wpa_supplicant-wlan0.conf /etc/wpa_supplicant-wlan0.conf
```
**You must rename it to match your wireless device if different, or if
you already have a `/etc/wpa_supplicant/wpa_supplicant-wlan0.conf` file
and you don't want to overwrite it. You can use `ip addr` to find it.**
```
cp -iv wpa_supplicant-wlan0.conf /etc/wpa_supplicant-wlan1.conf
```
---
We only want root to be able to read the configuration as it contains
passwords...
```
chmod -Rv 600 /etc/wpa_supplicant/*.conf
```
---
Start the service for our device...
```
systemctl enable --now wpa_supplicant@wlan0.service
```
**Make sure you change the name of the device if yours is different!**
```
systemctl enable --now wpa_supplicant@wlan1.service
```
---
Finally we need to restart the device...
**Once again make sure you get the right device!**
```
networkctl down wlan0
networkctl up wlan0
```
And check everything is working..
```
networkctl status wlan0
```

26
wpa_supplicant/wpa_supplicant-wlan0.conf Executable file
View File

@ -0,0 +1,26 @@
# $ systemctl disable wpa_supplicant.service
# $ cp -v ./wpa_supplicant-wlan0.conf /etc/wpa_supplicant/
# $ chmod -Rv 600 /etc/wpa_supplicant/*.conf
# $ systemctl enable --now wpa_supplicant@wlan0.service
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
# Change to match your country.
country=GB
network={
# Modify these two lines to match your wifi settings!
ssid="Internet"
psk="password"
# "WPA2/WPA3 PSK, SAE" mixed uncomment the lines below.
key_mgmt=WPA-PSK-SHA256
ieee80211w=2
# If you use WPA-PSK / PSK2 uncomment the lines below.
# proto=RSN
# key_mgmt=WPA-PSK
# pairwise=CCMP
# group=CCMP
# auth_alg=OPEN
}