add files from misc repo
This commit is contained in:
parent
a49bf9138c
commit
618f91c335
|
@ -0,0 +1,102 @@
|
||||||
|
# Global options
|
||||||
|
{
|
||||||
|
# Debug mode - uncomment to activate.
|
||||||
|
#debug
|
||||||
|
|
||||||
|
# Use local-only certs? Comment out the on_demand_tls block
|
||||||
|
# if you use this.
|
||||||
|
#local_certs
|
||||||
|
|
||||||
|
# To use automatic on/demand SSL/TLS certs we need to ask an
|
||||||
|
# end-point if we host the domain.
|
||||||
|
on_demand_tls {
|
||||||
|
# This can be any http url you like, a domain query will be
|
||||||
|
# attached. A request will be made such as
|
||||||
|
# http://my.end.point:80/hosted/?domain=myawesomesite.foo
|
||||||
|
# The end-point MUST return a 200 response if the domain is
|
||||||
|
# valid.
|
||||||
|
#ask http://my.end.point:80/hosted/
|
||||||
|
|
||||||
|
# So we don't have to use external scripting let's get caddy
|
||||||
|
# to check a directory for us instead. There needs to be a
|
||||||
|
# block below to handle this otherwise all domains using SSL
|
||||||
|
# will fail.
|
||||||
|
ask http://127.0.0.1:62453/
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# On-demand SSL/TLS end-point to check if we host the domain before
|
||||||
|
# getting a cert.
|
||||||
|
http://127.0.0.1:62453 {
|
||||||
|
# The folder where ALL sites are so we can check if hosted or not.
|
||||||
|
# No files from here are served.
|
||||||
|
root * /var/www/
|
||||||
|
|
||||||
|
# Log to stdout.
|
||||||
|
log
|
||||||
|
|
||||||
|
# Rewrite the domain query into a path request and only if /.
|
||||||
|
@domain_query {
|
||||||
|
path /
|
||||||
|
query domain=*
|
||||||
|
}
|
||||||
|
rewrite @domain_query /{query.domain}/
|
||||||
|
|
||||||
|
# Match domain.
|
||||||
|
# The path regex matcher must come first, Thanks caddy devs!
|
||||||
|
# Info https://github.com/caddyserver/caddy/issues/4204
|
||||||
|
@domain_in_path path_regexp domain \/(www\.)?([^\.\\\/].{1,})\/
|
||||||
|
handle @domain_in_path {
|
||||||
|
@domain_exists file {re.domain.2}/
|
||||||
|
respond @domain_exists 200 {
|
||||||
|
close
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Default response if domain doesn't exist.
|
||||||
|
respond 404 {
|
||||||
|
close
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Catch-all SSL/TLS site(s) - this must be last!
|
||||||
|
:443 {
|
||||||
|
# Strip www from host header.
|
||||||
|
@host_header header_regexp host Host (www\.)?([^\.\\\/].{1,})
|
||||||
|
|
||||||
|
# Enable on-demand SSL/TLS certs.
|
||||||
|
tls {
|
||||||
|
on_demand
|
||||||
|
}
|
||||||
|
|
||||||
|
handle_errors {
|
||||||
|
respond "{http.error.status_text}." {
|
||||||
|
close
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle @host_header {
|
||||||
|
root * /var/www/{re.host.2}/htdocs/
|
||||||
|
file_server {
|
||||||
|
hide .* ~*
|
||||||
|
}
|
||||||
|
|
||||||
|
@has_reverse_proxy {
|
||||||
|
file /run/{re.host.2}.sock
|
||||||
|
path !*.php
|
||||||
|
}
|
||||||
|
|
||||||
|
handle @has_reverse_proxy {
|
||||||
|
reverse_proxy unix//run/{re.host.2}.sock {
|
||||||
|
header_up Host {upstream_hostport}
|
||||||
|
header_up X-Forwarded-Host {host}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
php_fastcgi unix//run/php/{re.host.2}.sock {
|
||||||
|
# This only works with Caddy versions >= 2.4.6
|
||||||
|
try_files {path} {path}/ {path}/index.php =404
|
||||||
|
}
|
||||||
|
}
|
||||||
|
error 404
|
||||||
|
}
|
|
@ -0,0 +1,78 @@
|
||||||
|
# Global options
|
||||||
|
{
|
||||||
|
# Debug mode - uncomment to activate.
|
||||||
|
#debug
|
||||||
|
|
||||||
|
# Use local-only certs.
|
||||||
|
local_certs
|
||||||
|
}
|
||||||
|
|
||||||
|
# For freepbx.
|
||||||
|
:443 {
|
||||||
|
handle_errors {
|
||||||
|
respond "{http.error.status_text}." {
|
||||||
|
close
|
||||||
|
}
|
||||||
|
}
|
||||||
|
root * /var/www/localhost/htdocs/
|
||||||
|
# https://community.freepbx.org/t/using-caddy-instead-of-apache-in-freepbx/80200
|
||||||
|
handle /admin/* {
|
||||||
|
@blocked_admin {
|
||||||
|
path */.*
|
||||||
|
path */i18n/*
|
||||||
|
path */helpers/*
|
||||||
|
path */libraries/*
|
||||||
|
path */node/*
|
||||||
|
path */views/*php
|
||||||
|
}
|
||||||
|
respond @blocked_admin 403
|
||||||
|
php_fastcgi unix//run/php/localhost.sock
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
handle {
|
||||||
|
@blocked_main {
|
||||||
|
path */.*
|
||||||
|
}
|
||||||
|
respond @blocked_main 403
|
||||||
|
php_fastcgi unix//run/php/localhost.sock
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
error 404
|
||||||
|
}
|
||||||
|
|
||||||
|
# Local only service (original).
|
||||||
|
localhost.orig:443 {
|
||||||
|
# Strip www from host header.
|
||||||
|
@host_header header_regexp host Host (www\.)?([^\.\\\/].{1,})
|
||||||
|
|
||||||
|
handle_errors {
|
||||||
|
respond "{http.error.status_text}." {
|
||||||
|
close
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle @host_header {
|
||||||
|
root * /var/www/{re.host.2}/htdocs/
|
||||||
|
file_server {
|
||||||
|
hide .* ~*
|
||||||
|
}
|
||||||
|
|
||||||
|
@has_reverse_proxy {
|
||||||
|
file /run/{re.host.2}.sock
|
||||||
|
path !*.php
|
||||||
|
}
|
||||||
|
|
||||||
|
handle @has_reverse_proxy {
|
||||||
|
reverse_proxy unix//run/{re.host.2}.sock {
|
||||||
|
header_up Host {upstream_hostport}
|
||||||
|
header_up X-Forwarded-Host {host}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
php_fastcgi unix//run/php/{re.host.2}.sock {
|
||||||
|
# This only works with Caddy versions >= 2.4.6
|
||||||
|
try_files {path} {path}/ {path}/index.php =404
|
||||||
|
}
|
||||||
|
}
|
||||||
|
error 404
|
||||||
|
}
|
|
@ -0,0 +1,122 @@
|
||||||
|
# Caddy
|
||||||
|
To setup Caddy you must be root ( `sudo -s` ).
|
||||||
|
|
||||||
|
Add the repo...
|
||||||
|
|
||||||
|
```
|
||||||
|
apt install -y curl debian-keyring debian-archive-keyring apt-transport-https
|
||||||
|
curl 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o /etc/apt/trusted.gpg.d/caddy_repo_signing.asc
|
||||||
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Now update apt & install it...
|
||||||
|
|
||||||
|
```
|
||||||
|
apt update
|
||||||
|
apt install caddy
|
||||||
|
```
|
||||||
|
---
|
||||||
|
|
||||||
|
Once installed we need to make a backup of the default Caddyfile and
|
||||||
|
replace it with our own...
|
||||||
|
|
||||||
|
```
|
||||||
|
mv -iv /etc/caddy/Caddyfile /etc/caddy/Caddyfile.old
|
||||||
|
cp -v ./Caddyfile /etc/caddy/Caddyfile
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
We need somewhere to serve sites...
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir -v /var/www
|
||||||
|
```
|
||||||
|
|
||||||
|
## Site setup
|
||||||
|
|
||||||
|
Create the site's base directory but don't include `www.` and
|
||||||
|
change to it...
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir -v /var/www/example.com
|
||||||
|
cd /var/www/example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
**Make sure you're in the right directory before continuing.** You can
|
||||||
|
use a tilde `~` in your terminal to see your current directory.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
The site needs some folders...
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir -v htdocs
|
||||||
|
mkdir data tmp sessions
|
||||||
|
```
|
||||||
|
|
||||||
|
`htdocs` is where the site's public-accessible files are kept,
|
||||||
|
`data` is for private site files, `tmp` is for temporary site files -
|
||||||
|
such as uploads, and `sessions` is for site vistor session data.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Everyone on the system can access the site's files and we don't want
|
||||||
|
that, change the folder(s) permissions...
|
||||||
|
|
||||||
|
**Take note of the `.` in the command below do not just enter `/` !**
|
||||||
|
|
||||||
|
```
|
||||||
|
chmod -Rv 750 ./
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Drat, only root can access the folders now, but Caddy and others need
|
||||||
|
to be able to read the htdocs folder too...
|
||||||
|
|
||||||
|
```
|
||||||
|
chmod -Rv 755 htdocs
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
If you want another user on the system to own the files, say we have
|
||||||
|
user `fred` and they're in group `fred`...
|
||||||
|
|
||||||
|
**Take note of the `.` in the command below do not just enter `/` !**
|
||||||
|
|
||||||
|
```
|
||||||
|
chown -Rv fred:fred ./*
|
||||||
|
```
|
||||||
|
|
||||||
|
If `fred` is in a different user group and you don't know which, you can
|
||||||
|
run `groups fred` to find out!
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Things to know
|
||||||
|
|
||||||
|
The `Caddyfile` included here will (in this order)...
|
||||||
|
|
||||||
|
* Check if the requested host (without `www.`) is served here, if not
|
||||||
|
return 404.
|
||||||
|
|
||||||
|
* If the requested file exists serve it. The files index.html index.php
|
||||||
|
take precedence and will always be served if no path is given. Requests
|
||||||
|
where the requested path/file doesn't exist will be passed on to the
|
||||||
|
other handlers (described below).
|
||||||
|
|
||||||
|
* Reverse proxy the request if a socket matching the hostname
|
||||||
|
(without `www.`) exists in `/run/`. This can be any service that
|
||||||
|
understands how to handle HTTP requests. It just needs to be setup to
|
||||||
|
listen via a socket matching the hostname in `/run/`, e.g.
|
||||||
|
`/run/myawesomesite.com.sock`.
|
||||||
|
|
||||||
|
* If the above socket does not exist and/or a php file is requested,
|
||||||
|
attempt to pass along the request to php-fpm (setup to listen via a
|
||||||
|
socket matching the hostname in `/run/php`, e.g.
|
||||||
|
`/run/php/myawesomesite.com.sock`).
|
||||||
|
|
||||||
|
* Return 404 if the request cannot be handled by any of the above.
|
|
@ -0,0 +1,45 @@
|
||||||
|
# Dnsmasq
|
||||||
|
|
||||||
|
|
||||||
|
To setup Dnsmasq you must be root ( `sudo -s` ) then install it with...
|
||||||
|
|
||||||
|
```
|
||||||
|
apt install dnsmasq
|
||||||
|
```
|
||||||
|
|
||||||
|
**When using systemd-resolved, you'll get a service start failure during install, so must disable DNS forwarding.**...
|
||||||
|
|
||||||
|
```
|
||||||
|
cp -iv disable-forwarding.conf /etc/dnsmasq.d/
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Once installed, we want dnsmasq to serve addresses...
|
||||||
|
|
||||||
|
**You'll need to change the IP address range (in the file) to match your LAN configuration.**
|
||||||
|
|
||||||
|
```
|
||||||
|
cp -iv dhcp-server.conf /etc/dnsmasq.d/
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Static IP addresses can be set, copy the file `dhcp-server-static.conf` in this directory to `/etc/dnsmasq.d/`...
|
||||||
|
|
||||||
|
**You'll need to add the MAC and IP addresses for your devices.**
|
||||||
|
|
||||||
|
```
|
||||||
|
cp -iv dhcp-server-static.conf /etc/dnsmasq.d/
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Finally restart dnsmasq and check for errors.
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl restart dnsmasq
|
||||||
|
systemctl status dnsmasq
|
||||||
|
```
|
||||||
|
|
||||||
|
You should now have a running dnsmasq service!
|
|
@ -0,0 +1 @@
|
||||||
|
dhcp-host=ff:ff:ff:ff:ff:ff,192.168.156.2,24h
|
|
@ -0,0 +1,13 @@
|
||||||
|
log-dhcp
|
||||||
|
domain-needed
|
||||||
|
bogus-priv
|
||||||
|
no-resolv
|
||||||
|
server=1.1.1.1
|
||||||
|
server=1.0.0.1
|
||||||
|
listen-address=::1,127.0.0.1,192.168.156.1
|
||||||
|
expand-hosts
|
||||||
|
domain=lan
|
||||||
|
dhcp-range=192.168.156.2,192.168.156.250,24h
|
||||||
|
dhcp-option=option:router,192.168.156.1
|
||||||
|
dhcp-authoritative
|
||||||
|
#dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
|
|
@ -0,0 +1,2 @@
|
||||||
|
# You only need this if using systemd-resolved.
|
||||||
|
port=0
|
|
@ -0,0 +1,166 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
"""Variables with values exclosed in 3 double quotes (") allow
|
||||||
|
multi-line strings. It can also be used for comments.
|
||||||
|
|
||||||
|
Any words in curly braces like {this} are placeholders & can be replaced
|
||||||
|
later if desired with the method 'format' on string variables.
|
||||||
|
Single line strings can have replaceable placeholders too.
|
||||||
|
|
||||||
|
Below is a variable named "foo" containing a single line string with
|
||||||
|
a placeholder...
|
||||||
|
|
||||||
|
foo = "Here is a single line placeholder of {replaceme}."
|
||||||
|
|
||||||
|
We can just print foo as-is using...
|
||||||
|
|
||||||
|
print(foo)
|
||||||
|
|
||||||
|
or replace _all_ "{replaceme}" within it using format...
|
||||||
|
|
||||||
|
print(foo.format(replaceme='new value here'))
|
||||||
|
|
||||||
|
or replace it with another variable...
|
||||||
|
|
||||||
|
new_replaceme='this is a new replacement'
|
||||||
|
|
||||||
|
print(foo.format(replaceme=new_replaceme)
|
||||||
|
|
||||||
|
Make sure that any variables, (new_replaceme in the above in this case)
|
||||||
|
is defined or you'll get a KeyError if you try to print a format()'d
|
||||||
|
string!
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
msg = """Voltage Divider Calculator (v1.1)
|
||||||
|
Formula: "Voltage out is Voltage in * Resistor 2 / Resistor 1 + Resistor 2"
|
||||||
|
|
||||||
|
You entered:
|
||||||
|
Voltage in {voltage}
|
||||||
|
Resistor 1 {resistor1}
|
||||||
|
Resistor 2 {resistor2}
|
||||||
|
|
||||||
|
Which equals:
|
||||||
|
{output}
|
||||||
|
|
||||||
|
Output voltage is: "{output}", rounded (nearest 10) is "{rounded}"!
|
||||||
|
"""
|
||||||
|
|
||||||
|
error = """Usage: python3 {script} <voltage in> <resistor 1> <resister 2>.
|
||||||
|
Example: python3 {script} 5000 2000 4000
|
||||||
|
|
||||||
|
Seeing an Error?
|
||||||
|
ValueError: You enter an invalid value (or left it empty).
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
def main(args):
|
||||||
|
"""
|
||||||
|
The parameter args is a list populated by your shell/terminal.
|
||||||
|
|
||||||
|
All values are added in the order they were passed to the script.
|
||||||
|
|
||||||
|
The first item in the list args[0] will always be the script
|
||||||
|
that was passed to python. If you named this file foo.py and
|
||||||
|
called python3 foo.py args[0] would be the string "foo.py".
|
||||||
|
"""
|
||||||
|
|
||||||
|
# Remove this script's file-name and store it in the variable
|
||||||
|
# "script" for later use.
|
||||||
|
script = args.pop(0)
|
||||||
|
|
||||||
|
"""
|
||||||
|
"try and except" allows us to capture an exception (in this case
|
||||||
|
we only want to capture a ValueError so we can first print
|
||||||
|
a nice error message and then have python raise it, printing it
|
||||||
|
underneath, and finally exiting.
|
||||||
|
"""
|
||||||
|
|
||||||
|
try:
|
||||||
|
"""
|
||||||
|
What "list(map(int, args))" is doing...
|
||||||
|
|
||||||
|
As we've already removed the script file-name from the args
|
||||||
|
list we should just be left with numberic values.
|
||||||
|
|
||||||
|
However, they're strings and we need integers!
|
||||||
|
We use the built-in method "map" which calls the method
|
||||||
|
given ("int" here), that'll convert each value (from strings)
|
||||||
|
within the list to the integers we need.
|
||||||
|
|
||||||
|
Now we have a new problem we've given ourselves :(.
|
||||||
|
|
||||||
|
"map" will return a map object which we don't want so we
|
||||||
|
need to convert (the map object) back into a list,
|
||||||
|
using, you guessed it, the method named "list"!
|
||||||
|
|
||||||
|
Each value from the converted list is then unpacked into the
|
||||||
|
variables "voltage", "resistor1" and "resistor2" (from right
|
||||||
|
to left). So say we have a list of [1, 2, 3], We can
|
||||||
|
unpack those values as...
|
||||||
|
|
||||||
|
one, two, three = [1, 2, 3]
|
||||||
|
"""
|
||||||
|
voltage, resistor1, resistor2 = list(map(int, args))
|
||||||
|
|
||||||
|
# Here we're just calulating the voltage value using the values
|
||||||
|
# from each variable.
|
||||||
|
output = voltage * (resistor2 / (resistor1 + resistor2))
|
||||||
|
except ValueError:
|
||||||
|
"""
|
||||||
|
Oh no, we're missing a value or a non-numeric value was
|
||||||
|
entered! Let the user know by printing our nice
|
||||||
|
error message, contained with in the "error" multi-line
|
||||||
|
variable above.
|
||||||
|
|
||||||
|
Remember the "replaceme" variable we talked about earlier?
|
||||||
|
Well, we're doing the same thing here but we're replacing
|
||||||
|
the text "{script}" (in the "error" variable above) with
|
||||||
|
the variable "script" (also above!).
|
||||||
|
|
||||||
|
It sounds confusing? Yes, I agree. It can be made easier
|
||||||
|
by using another word different to your variable as a
|
||||||
|
placeholder and replace it with any variable you like!
|
||||||
|
|
||||||
|
script = "carrots are lovely"
|
||||||
|
msg = "my {placeholder}."
|
||||||
|
print(msg.format(placeholder=script))
|
||||||
|
"""
|
||||||
|
print(error.format(script=script))
|
||||||
|
|
||||||
|
"""
|
||||||
|
STOP! Ham, Ahem... Exception time!
|
||||||
|
"raise" here (unless captured by another try/except block)
|
||||||
|
just tells python to print the exception then
|
||||||
|
stop executing the script.
|
||||||
|
"""
|
||||||
|
raise
|
||||||
|
|
||||||
|
"""
|
||||||
|
If we get here it means our voltage has been calculated,
|
||||||
|
and so (just like the above error message) we format then
|
||||||
|
print the _good_ message "msg" variable and we're done.
|
||||||
|
"""
|
||||||
|
print(msg.format(voltage=voltage, resistor1=resistor1,
|
||||||
|
resistor2=resistor2, output=output,
|
||||||
|
rounded=round(output)))
|
||||||
|
|
||||||
|
|
||||||
|
"""
|
||||||
|
This "if block" tells python not to run the method "main" (above)
|
||||||
|
If our script was imported by another python script.
|
||||||
|
|
||||||
|
The method "main" will only get called if our script was called directly
|
||||||
|
by python and is the "main" (hence __main__ below) script.
|
||||||
|
|
||||||
|
This also means we import our script from within another script and
|
||||||
|
call our module's (what python calls scripts) method "main".
|
||||||
|
"""
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
import sys
|
||||||
|
|
||||||
|
# main(sys.argv) calls our main function & passes the arguments
|
||||||
|
# given to it by the terminal.
|
||||||
|
# sys.exit returns the value from the method main.
|
||||||
|
sys.exit(main(sys.argv))
|
|
@ -0,0 +1,43 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eux
|
||||||
|
|
||||||
|
DATE_STAMP=$(date '+%s')
|
||||||
|
|
||||||
|
apt -y install build-essential checkinstall libncurses5 git curl wget libnewt-dev libssl-dev libncurses5-dev subversion libsqlite3-dev libjansson-dev libxml2-dev uuid-dev default-libmysqlclient-dev
|
||||||
|
|
||||||
|
mkdir asterisk-${DATE_STAMP:-fail}
|
||||||
|
|
||||||
|
cd asterisk-${DATE_STAMP:-fail}
|
||||||
|
|
||||||
|
mkdir build
|
||||||
|
|
||||||
|
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz \
|
||||||
|
-O asterisk-18-current.tar.gz --show-progress
|
||||||
|
|
||||||
|
cd build
|
||||||
|
|
||||||
|
tar xf ../asterisk-18-current.tar.gz
|
||||||
|
|
||||||
|
cd asterisk*
|
||||||
|
|
||||||
|
# Main build bit.
|
||||||
|
./contrib/scripts/get_mp3_source.sh
|
||||||
|
|
||||||
|
contrib/scripts/install_prereq install
|
||||||
|
|
||||||
|
./configure
|
||||||
|
|
||||||
|
make
|
||||||
|
|
||||||
|
#sudo checkinstall --default --pkgname asterisk --addso=yes make install config samples
|
||||||
|
|
||||||
|
echo "Install Asterisk and kitchen sink (everything)?"
|
||||||
|
read
|
||||||
|
|
||||||
|
make install
|
||||||
|
make samples
|
||||||
|
make config
|
||||||
|
ldconfig
|
||||||
|
|
||||||
|
exit 0;
|
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eux
|
||||||
|
|
||||||
|
DATE_STAMP=$(date '+%s')
|
||||||
|
|
||||||
|
apt install asterisk asterisk-dev libasound2-dev build-essential git
|
||||||
|
|
||||||
|
mkdir asterisk-chan-quectel-${DATE_STAMP}
|
||||||
|
|
||||||
|
cd asterisk-chan-quectel-${DATE_STAMP}
|
||||||
|
|
||||||
|
mkdir build
|
||||||
|
|
||||||
|
cd build
|
||||||
|
|
||||||
|
git clone https://github.com/IchthysMaranatha/asterisk-chan-quectel.git .
|
||||||
|
|
||||||
|
./bootstrap
|
||||||
|
|
||||||
|
INSTALLED_AST_VERSION=$(asterisk -V | cut -d " " -f 2)
|
||||||
|
|
||||||
|
./configure --with-astversion=${INSTALLED_AST_VERSION}
|
||||||
|
|
||||||
|
make
|
||||||
|
|
||||||
|
make install
|
|
@ -0,0 +1,86 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Crontab line.
|
||||||
|
#0 2 * * * bash /root/backup.sh | tee -a /var/log/backup_$(date +"\%Y-\%m-\%d").log
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
# Because I've been grilled about not using this - phillw, I'm looking
|
||||||
|
# at you ;)
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Where do we locally store the backups?
|
||||||
|
BACKUP_STORE='/backup'
|
||||||
|
|
||||||
|
# What directories do we backup?
|
||||||
|
# Each _full_ path must be seperated by a space. If a path uses a
|
||||||
|
# special char e.g, space or non-alphanumeric chars escape it with a
|
||||||
|
# backslash.
|
||||||
|
BACKUP_DIRS='/etc /home /var/www /root'
|
||||||
|
|
||||||
|
# A date string for file/folder-names.
|
||||||
|
SCRIPT_RUN_DATE=`date '+%Y-%m-%d-%H-%M'`
|
||||||
|
|
||||||
|
# Backup the above $BACKUP_DIRS. Set to 0 to disable.
|
||||||
|
BACKUP_DIRECTORIES_AND_FILES="1"
|
||||||
|
|
||||||
|
# CRON backup? Set to 0 to disable.
|
||||||
|
BACKUP_CRON="1"
|
||||||
|
|
||||||
|
# MARIADB/MYSQL dump backup? Set to 0 to disable.
|
||||||
|
BACKUP_SQL="1"
|
||||||
|
|
||||||
|
|
||||||
|
## Edit below at own risk..
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
echo 'run as root'
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Before we do anything, switch to our backup store directory.
|
||||||
|
cd "${BACKUP_STORE:-/tmp/$SCRIPT_RUN_DATE}"
|
||||||
|
|
||||||
|
# Now make our backup directory using the script_run_date.
|
||||||
|
BACKUP_CWD="./${SCRIPT_RUN_DATE:-fail}"
|
||||||
|
mkdir "${BACKUP_CWD}"
|
||||||
|
cd "${BACKUP_CWD}"
|
||||||
|
|
||||||
|
if [[ "$BACKUP_DIRECTORIES_AND_FILES" == "1" ]]; then
|
||||||
|
|
||||||
|
for OBJ in ${BACKUP_DIRS:-}; do
|
||||||
|
OBJ_S=${OBJ//\//-}
|
||||||
|
OBJ_S=${OBJ_S/-/}
|
||||||
|
|
||||||
|
if [[ ! -f "${OBJ}" ]]; then
|
||||||
|
if [[ ! -d "${OBJ}" ]]; then
|
||||||
|
printf "\n!! file or directory \"%s\" not found, skipping..\n" "${OBJ}"
|
||||||
|
continue;
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
tar -cJf "./$OBJ_S.tar.xz" "${OBJ}"
|
||||||
|
done
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$BACKUP_SQL" == "1" ]]; then
|
||||||
|
|
||||||
|
DATABASES="$(echo "show databases" | mysql | grep -Ev "^(Database|mysql|performance_schema|information_schema)$" | paste -sd " " -)"
|
||||||
|
|
||||||
|
[[ -z "${DATABASES:-}" ]] && exit 1
|
||||||
|
|
||||||
|
for DB in $DATABASES; do
|
||||||
|
mysqldump --single-transaction --routines --events --triggers --lock-tables $DB > "./$DB.sql" || exit 1;
|
||||||
|
done
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$BACKUP_CRON" == "1" ]]; then
|
||||||
|
|
||||||
|
for USER in $(cut -f1 -d: /etc/passwd); do
|
||||||
|
crontab -u $USER -l > "${USER}-cron.txt" || continue;
|
||||||
|
done
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$SCRIPT_RUN_DATE OK" >> /var/log/$0-run.log
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# The following was modifed but the original was graciously provided by the
|
||||||
|
# caddy docs -> https://caddyserver.com/docs/install#debian-ubuntu-raspbian
|
||||||
|
apt install -y curl debian-keyring debian-archive-keyring apt-transport-https
|
||||||
|
curl 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o /etc/apt/trusted.gpg.d/caddy_repo_signing.asc
|
||||||
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
|
||||||
|
apt update
|
||||||
|
apt install caddy
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
# Because I've been grilled about not using this - phillw, I'm looking
|
||||||
|
# at you ;) - No, you'll never escape this lmao.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
LIST='rsync nano htop net-tools vnstat screen git curl coreutils chrony
|
||||||
|
command-not-found'
|
||||||
|
|
||||||
|
[[ ! "${1:-}" == "1" ]] && \
|
||||||
|
printf 'Install "%s?" - press ctrl+c to cancel\n' "$LIST" && read
|
||||||
|
|
||||||
|
apt update
|
||||||
|
|
||||||
|
for pkg in $LIST
|
||||||
|
do
|
||||||
|
apt install -y "$pkg"
|
||||||
|
done
|
|
@ -0,0 +1,83 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Command we pipe to execute the sql.
|
||||||
|
sql_cmd='mariadb -u root'
|
||||||
|
|
||||||
|
# SQL to create the database.
|
||||||
|
sql_create_db="CREATE DATABASE \`%s\`;"
|
||||||
|
|
||||||
|
# SQL to create user.
|
||||||
|
sql_create_user="CREATE USER IF NOT EXISTS '%s'@'%s' IDENTIFIED BY '%s';"
|
||||||
|
|
||||||
|
# SQL grant usage.
|
||||||
|
sql_grant_usage="GRANT USAGE ON *.* TO '%s'@'%s' IDENTIFIED BY '%s';"
|
||||||
|
|
||||||
|
# SQL grant on users database.
|
||||||
|
sql_grant_on_db="GRANT ALL privileges ON \`%s\`.* TO '%s'@'%s';"
|
||||||
|
|
||||||
|
# SQL flush
|
||||||
|
sql_flush='FLUSH PRIVILEGES;'
|
||||||
|
|
||||||
|
DB_HOST='localhost'
|
||||||
|
DB_USER=""
|
||||||
|
DB_NAME=""
|
||||||
|
DB_PASS=""
|
||||||
|
DB_PASS_REP=""
|
||||||
|
|
||||||
|
new_user() {
|
||||||
|
|
||||||
|
printf '(new) database user?\n' && read -t 120 DB_USER;
|
||||||
|
|
||||||
|
[[ ! "${DB_USER}" =~ ^[A-Za-z]{1}[A-Za-z0-9\_\-]+$ ]] && \
|
||||||
|
printf 'min 2 chars, A-z0-9_- allowed.. ' && new_user
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
new_db_name() {
|
||||||
|
|
||||||
|
printf '(new) database name?\n' && read -t 120 DB_NAME;
|
||||||
|
|
||||||
|
[[ ! "${DB_NAME}" =~ ^[A-Za-z]{1}[A-Za-z0-9\_\-]+$ ]] && \
|
||||||
|
printf 'min 2 chars, A-z0-9_- allowed.. ' && new_db_name
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
new_pass() {
|
||||||
|
|
||||||
|
printf 'password? (input hidden)\n' && read -st 120 DB_PASS;
|
||||||
|
printf 'password again?\n' && read -st 120 DB_PASS_REP;
|
||||||
|
|
||||||
|
[[ -z "$DB_PASS" ]] || [[ -z "$DB_PASS_REP" ]] && new_pass
|
||||||
|
[[ ! "$DB_PASS" == "$DB_PASS_REP" ]] && \
|
||||||
|
printf 'passwords do not match.. ' && new_pass
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# Note: set -e requires the functions to return 0.
|
||||||
|
new_db_name
|
||||||
|
new_user
|
||||||
|
new_pass
|
||||||
|
|
||||||
|
# Create database.
|
||||||
|
printf "$sql_create_db" "$DB_NAME" | $sql_cmd;
|
||||||
|
|
||||||
|
# The user.
|
||||||
|
printf "$sql_create_user" "$DB_USER" "${DB_HOST:-NONE}" \
|
||||||
|
"$DB_PASS" | $sql_cmd;
|
||||||
|
|
||||||
|
# The grants.
|
||||||
|
printf "$sql_grant_usage" "$DB_USER" "${DB_HOST:-NONE}" \
|
||||||
|
"$DB_PASS" | $sql_cmd;
|
||||||
|
|
||||||
|
printf "$sql_grant_on_db" "$DB_NAME" "${DB_USER:-NONE}" \
|
||||||
|
"${DB_HOST:-NONE}" | $sql_cmd;
|
||||||
|
|
||||||
|
printf "$sql_flush" | $sql_cmd;
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Simple "script" to install mariadb-server
|
||||||
|
apt update && sudo apt install -y mariadb-server
|
||||||
|
|
||||||
|
# After the install is done, run the security script.
|
||||||
|
mysql_secure_installation
|
|
@ -0,0 +1,86 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "(sudo) bash <filename> <args>".
|
||||||
|
#
|
||||||
|
# 0 2 * * * bash /root/nextcloud-sync.sh | tee /var/log/nextcloud.log > /dev/null 2>&1
|
||||||
|
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
#set -eux # debug on
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Timestamp
|
||||||
|
DATE_STAMP=$(date '+%s')
|
||||||
|
|
||||||
|
############ REMOTE
|
||||||
|
# Host must have SSH keys setup.
|
||||||
|
# Must have access to the below paths & access to the database.
|
||||||
|
SSH_REMOTE_HOST='host'
|
||||||
|
SSH_REMOTE_USER='root'
|
||||||
|
|
||||||
|
# The user to run the _REMOTE_ nextcloud install uses.
|
||||||
|
# For running commands etc.
|
||||||
|
NEXTCLOUD_REMOTE_USER='nextcloud'
|
||||||
|
NEXTCLOUD_REMOTE_DATABASE_NAME='nextcloud'
|
||||||
|
|
||||||
|
# Paths.
|
||||||
|
PHP_REMOTE_BIN='php'
|
||||||
|
NEXTCLOUD_REMOTE_FILE_DATA='/nextcloud/data'
|
||||||
|
NEXTCLOUD_REMOTE_FILE_ROOT='/var/www/nextcloud/htdocs'
|
||||||
|
|
||||||
|
REMOTE_NC_MAINTENANCE_ON="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST sudo -u $NEXTCLOUD_REMOTE_USER $PHP_REMOTE_BIN $NEXTCLOUD_REMOTE_FILE_ROOT/occ maintenance:mode --on"
|
||||||
|
|
||||||
|
REMOTE_NC_MAINTENANCE_OFF="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST sudo -u $NEXTCLOUD_REMOTE_USER $PHP_REMOTE_BIN $NEXTCLOUD_REMOTE_FILE_ROOT/occ maintenance:mode --off"
|
||||||
|
|
||||||
|
REMOTE_DB_CREATE_DUMP="ssh $SSH_REMOTE_USER@$SSH_REMOTE_HOST mysqldump --single-transaction $NEXTCLOUD_REMOTE_DATABASE_NAME > /tmp/nextcloud-$DATE_STAMP.sql"
|
||||||
|
|
||||||
|
############ LOCAL
|
||||||
|
NEXTCLOUD_USER='nextcloud'
|
||||||
|
NEXTCLOUD_DATABASE_NAME='nextcloud'
|
||||||
|
|
||||||
|
# Paths.
|
||||||
|
PHP_BIN='php'
|
||||||
|
NEXTCLOUD_FILE_DATA='/nextcloud/data'
|
||||||
|
NEXTCLOUD_FILE_ROOT='/var/www/nextcloud/htdocs'
|
||||||
|
|
||||||
|
NC_MAINTENANCE_ON="sudo -u $NEXTCLOUD_USER $PHP_BIN $NEXTCLOUD_FILE_ROOT/occ maintenance:mode --on"
|
||||||
|
|
||||||
|
NC_MAINTENANCE_OFF="sudo -u $NEXTCLOUD_USER $PHP_BIN $NEXTCLOUD_FILE_ROOT/occ maintenance:mode --off"
|
||||||
|
|
||||||
|
GET_DB_DUMP_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:/tmp/nextcloud-$DATE_STAMP.sql /tmp/nextcloud-$DATE_STAMP.sql"
|
||||||
|
|
||||||
|
GET_DATA_FILES_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:$NEXTCLOUD_REMOTE_FILE_DATA/. $NEXTCLOUD_FILE_DATA"
|
||||||
|
|
||||||
|
GET_NC_FILES_FROM_REMOTE="rsync --progress -Aavx $SSH_REMOTE_USER@$SSH_REMOTE_HOST:$NEXTCLOUD_REMOTE_FILE_ROOT/. $NEXTCLOUD_FILE_ROOT"
|
||||||
|
|
||||||
|
#########
|
||||||
|
|
||||||
|
# Enable remote MAINTENANCE mode.
|
||||||
|
${REMOTE_NC_MAINTENANCE_ON}
|
||||||
|
|
||||||
|
# Make remote dump.
|
||||||
|
${REMOTE_DB_CREATE_DUMP}
|
||||||
|
|
||||||
|
# Enable local MAINTENANCE mode.
|
||||||
|
${NC_MAINTENANCE_ON}
|
||||||
|
|
||||||
|
# Sync nc files.
|
||||||
|
${GET_NC_FILES_FROM_REMOTE}
|
||||||
|
|
||||||
|
# Sync files.
|
||||||
|
${GET_DATA_FILES_FROM_REMOTE}
|
||||||
|
|
||||||
|
# Get database dump.
|
||||||
|
${GET_DB_DUMP_FROM_REMOTE}
|
||||||
|
|
||||||
|
# Disable remote MAINTENANCE mode.
|
||||||
|
${REMOTE_NC_MAINTENANCE_OFF}
|
||||||
|
|
||||||
|
# Restore database dump.
|
||||||
|
# You can't script this due to the redirection.
|
||||||
|
mysql $NEXTCLOUD_DATABASE_NAME < /tmp/nextcloud-$DATE_STAMP.sql && rm /tmp/nextcloud-$DATE_STAMP.sql
|
||||||
|
|
||||||
|
# Disable local MAINTENANCE mode.
|
||||||
|
${NC_MAINTENANCE_OFF}
|
||||||
|
|
||||||
|
echo "$DATE_STAMP OK" >> /var/log/nc-sync.log
|
|
@ -0,0 +1,37 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "(sudo) bash <filename> <args>".
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# We'll use the debian binaries provided by sury.org, we need some
|
||||||
|
# packages to add the repo.
|
||||||
|
#
|
||||||
|
# Most of this is taken from https://packages.sury.org/php/README.txt
|
||||||
|
# but I've modified one or two lines.
|
||||||
|
apt install -y apt-transport-https lsb-release ca-certificates curl
|
||||||
|
|
||||||
|
# PHP packages to install.
|
||||||
|
PHP_PKGS='php8.1-fpm php8.1-readline php8.1-mbstring php8.1-gd php8.1-curl php8.1-zip php8.1-mysql php8.1-dom'
|
||||||
|
|
||||||
|
# Apt format.
|
||||||
|
DEB_FMT='deb %s %s %s'
|
||||||
|
|
||||||
|
# Repo URL.
|
||||||
|
DEB_URL='https://packages.sury.org/php/'
|
||||||
|
DEB_KEY_URL='https://packages.sury.org/php/apt.gpg'
|
||||||
|
|
||||||
|
# Distro codename.
|
||||||
|
DISTRO_CODE="$(lsb_release -sc)"
|
||||||
|
|
||||||
|
REPO_SUITE='main'
|
||||||
|
|
||||||
|
curl -o /etc/apt/trusted.gpg.d/packages.sury.org.gpg "${DEB_KEY_URL:-}"
|
||||||
|
|
||||||
|
printf "${DEB_FMT:-}\n" "$DEB_URL" "$DISTRO_CODE" "$REPO_SUITE" |
|
||||||
|
tee /etc/apt/sources.list.d/php-packages.sury.list
|
||||||
|
|
||||||
|
apt update
|
||||||
|
|
||||||
|
apt install -y $PHP_PKGS
|
|
@ -0,0 +1,79 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "(sudo) bash <filename> <args>".
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
UNDER_PATH=${1:-`pwd`}
|
||||||
|
OWNER=${2:-www-data}
|
||||||
|
OWNER_GROUP=${3:-`id -gn $OWNER`}
|
||||||
|
|
||||||
|
PRIVATE_DIRS="data tmp sessions"
|
||||||
|
PUBLIC_DIRS="public"
|
||||||
|
|
||||||
|
printf 'Create site directories in "%s" owned by "%s" with group "%s"...
|
||||||
|
|
||||||
|
Is this correct?
|
||||||
|
|
||||||
|
OK = cd /var/www && sudo bash %s ./mysite.com <user> <group>
|
||||||
|
OK = sudo bash %s /var/www/mysite.com
|
||||||
|
AVOID = sudo bash %s /var/www/mysite.com/site2.com
|
||||||
|
|
||||||
|
<user> & <group> are optional, both default to www-data user/group.
|
||||||
|
|
||||||
|
The parent directory must already exist, this script will NOT
|
||||||
|
recursively create directories.
|
||||||
|
|
||||||
|
Press ctrl+c to cancel or enter to continue...' \
|
||||||
|
"$UNDER_PATH" "$OWNER" "$OWNER_GROUP" "$0" "$0" "$0"
|
||||||
|
read
|
||||||
|
|
||||||
|
[[ "$UNDER_PATH" == "/" ]] && (
|
||||||
|
printf "Do you really want to create this folder in your root path?
|
||||||
|
|
||||||
|
Press ctrl+c to cancel or hit enter to confirm...
|
||||||
|
" \
|
||||||
|
"$UNDER_PATH"
|
||||||
|
read
|
||||||
|
)
|
||||||
|
|
||||||
|
[[ -z "$OWNER_GROUP" ]] && (
|
||||||
|
printf '\nNo group for user "%s"!
|
||||||
|
' "$OWNER"
|
||||||
|
exit 1
|
||||||
|
)
|
||||||
|
|
||||||
|
printf 'Creating folders with user "%s" and group "%s"...
|
||||||
|
' "$OWNER" "$OWNER_GROUP"
|
||||||
|
|
||||||
|
mkdir "$UNDER_PATH"
|
||||||
|
cd "$UNDER_PATH"
|
||||||
|
|
||||||
|
mkdir ".test"
|
||||||
|
chown "$OWNER":"$OWNER_GROUP" .test || (
|
||||||
|
printf 'Failed change permissions of test folder :(.
|
||||||
|
|
||||||
|
-> Check the user and/or group exist!
|
||||||
|
-> You may need to be root or use sudo to run this script.
|
||||||
|
'
|
||||||
|
exit 1
|
||||||
|
)
|
||||||
|
|
||||||
|
[[ -d ".test" ]] && rm -R ".test"
|
||||||
|
|
||||||
|
# Create the private & public folders then set permissions...
|
||||||
|
for private_folder in $PRIVATE_DIRS; do
|
||||||
|
mkdir -v "$private_folder"
|
||||||
|
chown -v "$OWNER":"$OWNER_GROUP" "$private_folder"
|
||||||
|
chmod -cR 750 "$private_folder"
|
||||||
|
chmod -cR u+s,g+s,o+s "$private_folder"
|
||||||
|
done
|
||||||
|
|
||||||
|
for public_folder in $PUBLIC_DIRS; do
|
||||||
|
mkdir -v "$public_folder"
|
||||||
|
chown -v "$OWNER":"$OWNER_GROUP" "$public_folder"
|
||||||
|
chmod -cR 755 "$public_folder"
|
||||||
|
chmod -cR u+s,g+s,o+s "$public_folder"
|
||||||
|
done
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "(sudo) bash <filename> <args>".
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# sftp group to create/use
|
||||||
|
SFTP_GROUP='sftp'
|
||||||
|
|
||||||
|
if [[ ! -z "$1" ]]; then
|
||||||
|
usermod -aG "$SFTP_GROUP" "$1"
|
||||||
|
else
|
||||||
|
# Add sftp group.
|
||||||
|
addgroup ${SFTP_GROUP:-sftp} || true
|
||||||
|
|
||||||
|
cat << EOF > /etc/ssh/sshd_config.d/sftp.conf
|
||||||
|
Match Group ${SFTP_GROUP:-sftp}
|
||||||
|
PasswordAuthentication yes
|
||||||
|
ChrootDirectory %h
|
||||||
|
X11Forwarding no
|
||||||
|
AllowTcpForwarding no
|
||||||
|
ForceCommand internal-sftp
|
||||||
|
|
||||||
|
Match all
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl restart sshd
|
||||||
|
|
||||||
|
printf 'Call this script with a user to add them to the sftp group.\n'
|
||||||
|
|
||||||
|
fi
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "(sudo) bash <filename> <args>".
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# This is just a simple echo & a restart.
|
||||||
|
# NOTE: This will not stop passwords (for some users) if another config
|
||||||
|
# drop-in overrides it e.g, match group/users etc.
|
||||||
|
echo "PasswordAuthentication no" > \
|
||||||
|
/etc/ssh/sshd_config.d/10-PasswordAuthentication.conf
|
||||||
|
|
||||||
|
systemctl restart sshd
|
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "(sudo) bash <filename> <args>".
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
[[ ! "$1" == "yes" ]] && (
|
||||||
|
printf "
|
||||||
|
This script modifies networking and will reboot your system!
|
||||||
|
Please ensure you have backup access.
|
||||||
|
|
||||||
|
DO NOT USE THIS IF YOU HAVE NO DHCP OR NEED STATIC IP ADDRESSING!!
|
||||||
|
|
||||||
|
To confirm, please re-run this script with \"yes\"
|
||||||
|
|
||||||
|
\"%s yes\".\n" "$0"
|
||||||
|
exit 1;
|
||||||
|
)
|
||||||
|
|
||||||
|
# Enable systemd-resolved & link stub-resolv.conf.
|
||||||
|
systemctl enable --now systemd-resolved
|
||||||
|
|
||||||
|
ln -sf /var/run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
||||||
|
|
||||||
|
cat << EOF > /etc/systemd/network/10-default-dhcp.network
|
||||||
|
[Match]
|
||||||
|
Name=*
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=yes
|
||||||
|
|
||||||
|
DNSOverTLS=opportunistic
|
||||||
|
|
||||||
|
DNS=1.1.1.1
|
||||||
|
|
||||||
|
DNS=1.0.0.1
|
||||||
|
|
||||||
|
# Link discovery causes some issues so disable it.
|
||||||
|
LLDP=no
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Before rebooting ensure old networking isn't started on boot.
|
||||||
|
systemctl disable networking
|
||||||
|
systemctl enable systemd-networkd
|
||||||
|
|
||||||
|
# Final warning.
|
||||||
|
printf 'Rebooting in 30 seconds, hit ctrl+c to cancel.\n'
|
||||||
|
sleep 30;
|
||||||
|
|
||||||
|
halt --reboot
|
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "bash <filename>".
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
FILE='/etc/motd'
|
||||||
|
DISABLED_EXT='disabled'
|
||||||
|
|
||||||
|
if [ -f "${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}" ]; then
|
||||||
|
mv -v "${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}" \
|
||||||
|
"${FILE:-/tmp/none}"
|
||||||
|
else
|
||||||
|
mv -v "${FILE:-/tmp/none}" \
|
||||||
|
"${FILE:-/tmp/none}.${DISABLED_EXT:-/oops}"
|
||||||
|
fi
|
|
@ -0,0 +1,65 @@
|
||||||
|
; Change this to match your domain/sub-domain (don't include www.).
|
||||||
|
[localhost]
|
||||||
|
|
||||||
|
; Change the following lines to match your site user & group.
|
||||||
|
; you can run id -gn the_user_name_here to find out the group.
|
||||||
|
|
||||||
|
; You only need to change this if you have your site folders/files
|
||||||
|
; owned by a different user.
|
||||||
|
user = www-data
|
||||||
|
group = www-data
|
||||||
|
|
||||||
|
; This group must match your server group.
|
||||||
|
; The default www-data usually works fine provided your server software
|
||||||
|
; is in that group (it usually is).
|
||||||
|
listen.group = www-data
|
||||||
|
|
||||||
|
; Best to keep this as root.
|
||||||
|
listen.owner = root
|
||||||
|
|
||||||
|
; The $pool value is replaced with whatever you've entered in the
|
||||||
|
; section header [site.com] above.
|
||||||
|
; Your webserver needs to be setup to talk to the socket at this
|
||||||
|
; location.
|
||||||
|
listen = /run/php/$pool.sock
|
||||||
|
|
||||||
|
; Be sure to change these path values to match where your sites are.
|
||||||
|
; Leave the /$pool bit where it is.
|
||||||
|
; You only need to change /var/www/ to where you've placed your sites.
|
||||||
|
; e.g you have your sites in /var/srv, you'd enter /var/srv/$pool.
|
||||||
|
;
|
||||||
|
; Remember to change all the paths (if you need to)!!
|
||||||
|
prefix = /var/www/$pool
|
||||||
|
|
||||||
|
; session save_path needs a full path value.
|
||||||
|
php_admin_value[session.save_path] = $prefix/sessions
|
||||||
|
|
||||||
|
; These also need full path values.
|
||||||
|
env[TMP] = $prefix/tmp
|
||||||
|
env[TMPDIR] = $prefix/tmp
|
||||||
|
env[TEMP] = $prefix/tmp
|
||||||
|
|
||||||
|
; You generally don't need to edit anything else below this line.
|
||||||
|
|
||||||
|
listen.mode = 0660
|
||||||
|
|
||||||
|
php_admin_value[open_basedir] = $prefix:/usr/share/php:/etc/ssl/certs
|
||||||
|
|
||||||
|
php_admin_value[disable_functions] = dl,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
|
||||||
|
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f noreply@$pool
|
||||||
|
php_admin_value[memory_limit] = 256M
|
||||||
|
php_admin_value[upload_max_filesize] = 100M
|
||||||
|
php_admin_value[upload_tmp_dir] = $prefix/tmp
|
||||||
|
php_admin_value[error_log] = $prefix/tmp/php-error.log
|
||||||
|
php_admin_flag[log_errors] = on
|
||||||
|
php_flag[display_errors] = off
|
||||||
|
|
||||||
|
access.log = $prefix/tmp/php-access.log
|
||||||
|
access.format = "[%t] %m %{REQUEST_SCHEME}e://%{HTTP_HOST}e%{REQUEST_URI}e %f pid:%p took:%ds mem:%{mega}Mmb cpu:%C%% status:%s {%{REMOTE_ADDR}e|%{HTTP_X_FORWARDED_FOR}e|%{HTTP_USER_AGENT}e}"
|
||||||
|
|
||||||
|
pm = ondemand
|
||||||
|
pm.max_children = 100
|
||||||
|
pm.process_idle_timeout = 600s
|
||||||
|
pm.max_requests = 1000
|
||||||
|
catch_workers_output = yes
|
||||||
|
|
|
@ -0,0 +1,96 @@
|
||||||
|
# PHP
|
||||||
|
|
||||||
|
Installing PHP on Debian is easy as...
|
||||||
|
|
||||||
|
```
|
||||||
|
apt install php-fpm php-readline php-mbstring php-gd \
|
||||||
|
php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
|
||||||
|
php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
|
||||||
|
```
|
||||||
|
|
||||||
|
If you need a newer version, use the sury.org repos, take
|
||||||
|
a look at [this readme](https://packages.sury.org/php/README.txt) or
|
||||||
|
use the `php8.1-sury-install.sh` script in this directory...
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo bash php8.1-sury-install.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Now you have php installed you need to copy the `localhost.conf.example`
|
||||||
|
file (See [notes 1](#Notes)) in this directory to where your php-fpm
|
||||||
|
pool files are.
|
||||||
|
|
||||||
|
**If you have multiple PHP versions installed you'll need to pick the
|
||||||
|
version you want your site to run on.**
|
||||||
|
|
||||||
|
So, for PHP-FPM 7.4 using the example file...
|
||||||
|
|
||||||
|
```
|
||||||
|
cp -v localhost.conf.example /etc/php/7.4/fpm/pool.d/yoursite.com.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
For PHP 8.1...
|
||||||
|
|
||||||
|
```
|
||||||
|
cp -v localhost.conf.example /etc/php/8.1/fpm/pool.d/yoursite.com.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
**You'll need to rename and modify the values (within the copied file)
|
||||||
|
to match your site. I've left the main things to change at the top
|
||||||
|
of the config file.**
|
||||||
|
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Got your config modified and sorted? Great! Now we need to restart
|
||||||
|
php-fpm. This varies depending on your version, but just you change
|
||||||
|
the PHP version number in the command below...
|
||||||
|
|
||||||
|
For 7.4...
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl restart php7.4-fpm
|
||||||
|
```
|
||||||
|
|
||||||
|
And 8.1...
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl restart php8.1-fpm
|
||||||
|
```
|
||||||
|
|
||||||
|
fpm is now ready to serve your php files via the socket
|
||||||
|
`/run/php/yoursite.com.sock`. You'll need to configure your webserver to
|
||||||
|
send any PHP requests along to it. If you're using Caddy with my
|
||||||
|
Caddyfile you're already set.
|
||||||
|
|
||||||
|
TIP: You can use `systemctl status php7.4` to check for errors!
|
||||||
|
|
||||||
|
## Disabling configurations & what about `www.conf`?
|
||||||
|
|
||||||
|
The included `www.conf` won't hurt and can be left alone, although if
|
||||||
|
you want to disable it, just rename it to `www.conf.disabled`. You can
|
||||||
|
do the same for any other configs you don't want used...
|
||||||
|
|
||||||
|
```
|
||||||
|
cd /etc/php/7.4/fpm/pool.d/
|
||||||
|
mv -v www.conf www.conf.disabled
|
||||||
|
```
|
||||||
|
|
||||||
|
And to enable it again...
|
||||||
|
|
||||||
|
```
|
||||||
|
cd /etc/php/7.4/fpm/pool.d/
|
||||||
|
mv -v www.conf.disabled www.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
PHP-FPM needs to be reloaded, you can do that with...
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl reload php7.4-fpm
|
||||||
|
```
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
|
||||||
|
[1] It's a symlink to the one I use with 7.4. It works fine on PHP 8.1.
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run this script with "(sudo) bash <filename> <args>".
|
||||||
|
|
||||||
|
# Exit on error.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
apt install apt install php-fpm php-readline php-mbstring php-gd \
|
||||||
|
php-curl php-zip php-mysql php-dom php-json php-pdo php-fileinfo \
|
||||||
|
php-bz2 php-intl php-gmp php-apcu php-pear php-cli php-imagick
|
||||||
|
|
||||||
|
mv -v /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/www.conf.disabled
|
||||||
|
|
||||||
|
systemctl restart php7.4-fpm
|
|
@ -0,0 +1,53 @@
|
||||||
|
[Match]
|
||||||
|
Name=eth0
|
||||||
|
|
||||||
|
## Only use one of these blocks!!
|
||||||
|
|
||||||
|
### DHCP (default most want)
|
||||||
|
[Network]
|
||||||
|
DHCP=yes
|
||||||
|
|
||||||
|
DNSOverTLS=opportunistic
|
||||||
|
|
||||||
|
DNS=1.1.1.1
|
||||||
|
|
||||||
|
DNS=1.0.0.1
|
||||||
|
|
||||||
|
# Link discovery causes some issues so disable it.
|
||||||
|
LLDP=no
|
||||||
|
|
||||||
|
## dhcp config end
|
||||||
|
|
||||||
|
## LAN
|
||||||
|
# Uncomment all below if you want to use eth0 as a lan network.
|
||||||
|
#[Network]
|
||||||
|
# IP address range.
|
||||||
|
#Address=192.168.156.1/24
|
||||||
|
|
||||||
|
# Packet forwarding.
|
||||||
|
#IPForward=yes
|
||||||
|
|
||||||
|
# Masquerade.
|
||||||
|
#IPMasquerade=both
|
||||||
|
|
||||||
|
# Link discovery causes some issues so disable it.
|
||||||
|
#LLDP=no
|
||||||
|
|
||||||
|
#[DHCPServer]
|
||||||
|
|
||||||
|
# Lease time
|
||||||
|
#DefaultLeaseTimeSec=300
|
||||||
|
|
||||||
|
# DNS to serve
|
||||||
|
#DNS=1.1.1.1
|
||||||
|
#DNS=1.0.0.1
|
||||||
|
|
||||||
|
# Enable serving of DHCP addresses from the network range.
|
||||||
|
#DHCPServer=yes
|
||||||
|
|
||||||
|
# Below not supported systemd < 250
|
||||||
|
#[DHCPServerStaticLease]
|
||||||
|
#MACAddress=xx:xx:xx:xx:xx:xx
|
||||||
|
#Address=192.168.156.2
|
||||||
|
|
||||||
|
## lan end
|
|
@ -0,0 +1,19 @@
|
||||||
|
[Match]
|
||||||
|
Name=wwan0
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=yes
|
||||||
|
|
||||||
|
DNSOverTLS=opportunistic
|
||||||
|
|
||||||
|
DNS=1.1.1.1
|
||||||
|
|
||||||
|
DNS=1.0.0.1
|
||||||
|
|
||||||
|
# Link discovery causes some issues so disable it.
|
||||||
|
LLDP=no
|
||||||
|
|
||||||
|
[DHCP]
|
||||||
|
# Make sure connection/route is chosen last!
|
||||||
|
RouteMetric=2048
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
[Match]
|
||||||
|
Name=usb0
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=yes
|
||||||
|
|
||||||
|
DNSOverTLS=opportunistic
|
||||||
|
|
||||||
|
DNS=1.1.1.1
|
||||||
|
|
||||||
|
DNS=1.0.0.1
|
||||||
|
|
||||||
|
# Link discovery causes some issues so disable it.
|
||||||
|
LLDP=no
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Requires /etc/wpa_supplicant/wpa_supplicant-wlan0.conf to exist.
|
||||||
|
[Match]
|
||||||
|
Name=wlan0
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=yes
|
||||||
|
|
||||||
|
DNSOverTLS=opportunistic
|
||||||
|
|
||||||
|
DNS=1.1.1.1
|
||||||
|
|
||||||
|
DNS=1.0.0.1
|
||||||
|
|
||||||
|
# Link discovery causes some issues so disable it.
|
||||||
|
LLDP=no
|
|
@ -0,0 +1,41 @@
|
||||||
|
[NetDev]
|
||||||
|
Name=wgs0
|
||||||
|
|
||||||
|
Description=Wireguard Server Peer
|
||||||
|
|
||||||
|
Kind=wireguard
|
||||||
|
|
||||||
|
[WireGuard]
|
||||||
|
|
||||||
|
# Port to listen on.
|
||||||
|
ListenPort=500
|
||||||
|
|
||||||
|
# I usually set this to the port number above it's not really needed
|
||||||
|
# but useful for firewalls.
|
||||||
|
FirewallMark=500
|
||||||
|
|
||||||
|
# The Base64 encoded private key for the interface. It can be generated
|
||||||
|
# using the wg genkey command (see wg(8)). This option or
|
||||||
|
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
|
||||||
|
# information is secret, you may want to set the permissions of the
|
||||||
|
# .netdev file to be owned by "root:systemd-network" with a "0640" file
|
||||||
|
# mode.
|
||||||
|
PrivateKey=<KEY>
|
||||||
|
|
||||||
|
# Public key for the above private key. Only here as a reminder.
|
||||||
|
# systemd will ignore if uncommented.
|
||||||
|
#PublicKey=<PUBKEY>
|
||||||
|
|
||||||
|
# Your Peers.
|
||||||
|
[WireGuardPeer]
|
||||||
|
|
||||||
|
# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
|
||||||
|
# private key, and usually transmitted out of band to the author of the
|
||||||
|
# configuration file. This option is mandatory for this section.
|
||||||
|
PublicKey=<KEY>
|
||||||
|
|
||||||
|
# Comma-separated list of IP addresses with CIDR masks from which this
|
||||||
|
# peer is allowed to send incoming traffic and to which outgoing traffic
|
||||||
|
# for this peer is directed.
|
||||||
|
AllowedIPs=10.0.0.1.2/32
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# Needs netdev for wgs0, wireguard & wireguard-tools installed to work.
|
||||||
|
[Match]
|
||||||
|
Name=wgs0
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
# Packet forwarding.
|
||||||
|
IPForward=yes
|
||||||
|
|
||||||
|
# Link discovery causes some issues so disable it.
|
||||||
|
LLDP=no
|
||||||
|
|
||||||
|
# IPv4
|
||||||
|
[Network]
|
||||||
|
|
||||||
|
Address=10.0.0.1/24
|
||||||
|
|
||||||
|
IPMasquerade=yes
|
|
@ -0,0 +1,42 @@
|
||||||
|
[NetDev]
|
||||||
|
Name=wg0
|
||||||
|
|
||||||
|
Description=Wireguard Client Peer
|
||||||
|
|
||||||
|
Kind=wireguard
|
||||||
|
|
||||||
|
[WireGuard]
|
||||||
|
|
||||||
|
# I usually set this to the port number of the main peer it's not really
|
||||||
|
# needed but useful for firewalls.
|
||||||
|
FirewallMark=500
|
||||||
|
|
||||||
|
# The Base64 encoded private key for the interface. It can be generated
|
||||||
|
# using the wg genkey command (see wg(8)). This option or
|
||||||
|
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
|
||||||
|
# information is secret, you may want to set the permissions of the
|
||||||
|
# .netdev file to be owned by "root:systemd-network" with a "0640" file
|
||||||
|
# mode.
|
||||||
|
PrivateKey=<KEY>
|
||||||
|
|
||||||
|
# Public key for the above private key. Only here as a reminder.
|
||||||
|
#PublicKey=<PUBKEY>
|
||||||
|
|
||||||
|
|
||||||
|
# Your Peers.
|
||||||
|
[WireGuardPeer]
|
||||||
|
|
||||||
|
# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
|
||||||
|
# private key, and usually transmitted out of band to the author of the
|
||||||
|
# configuration file. This option is mandatory for this section.
|
||||||
|
PublicKey=<PUBKEY>
|
||||||
|
|
||||||
|
# Comma-separated list of IP addresses with CIDR masks from which this
|
||||||
|
# peer is allowed to send incoming traffic and to which outgoing traffic
|
||||||
|
# for this peer is directed.
|
||||||
|
AllowedIPs=0.0.0.0/0, ::/0
|
||||||
|
|
||||||
|
PersistentKeepalive=20
|
||||||
|
|
||||||
|
# Endpoint of a peer (for clients).
|
||||||
|
#Endpoint=<IP>:<PORT>
|
|
@ -0,0 +1,12 @@
|
||||||
|
# Needs wg0.netdev & wireguard & wireguard-tools installed to work.
|
||||||
|
|
||||||
|
[Match]
|
||||||
|
Name=wg0
|
||||||
|
|
||||||
|
[Address]
|
||||||
|
Address=10.0.0.2/24
|
||||||
|
|
||||||
|
[Route]
|
||||||
|
Gateway=10.0.0.1
|
||||||
|
|
||||||
|
GatewayOnlink=true
|
|
@ -0,0 +1,46 @@
|
||||||
|
# Usage
|
||||||
|
|
||||||
|
Copy the device files that you need to `/etc/systemd/network/`.
|
||||||
|
|
||||||
|
Be sure the file-names, folders and configuration values (within the files) are changed to match your devices ([note 1](#Notes)). Wifi (wlan) devices also need wpa_supplicant configured to work.
|
||||||
|
|
||||||
|
## Example
|
||||||
|
|
||||||
|
Say I have eth0 and want network access (and an IP via DHCP) from my router; I would do the following...
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo -s # Drop to root.
|
||||||
|
cp -rv 10-eth0* /etc/systemd/network/ # Copy the files.
|
||||||
|
|
||||||
|
systemctl enable --now systemd-networkd # Enable networkd now.
|
||||||
|
|
||||||
|
networkctl reload # Reload the configuration.
|
||||||
|
|
||||||
|
networkctl status # Check the log for any errors.
|
||||||
|
```
|
||||||
|
|
||||||
|
If there are NO **and I mean NO errors** from the commands above...
|
||||||
|
|
||||||
|
```
|
||||||
|
networkctl reconfigure eth0 # Tell networkd to reconfigure the device.
|
||||||
|
|
||||||
|
mv /etc/network/ /etc/network.disabled/ Move the old network configuration.
|
||||||
|
|
||||||
|
reboot # Restart to be sure.
|
||||||
|
```
|
||||||
|
|
||||||
|
## Enabling systemd-resolved
|
||||||
|
|
||||||
|
I like to use systemd-resolved for DNS..
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo -s # Drop to root.
|
||||||
|
|
||||||
|
ln -sfv /var/run/systemd/resolve/stub-resolv.conf /etc/resolv.conf # Create a symlink.
|
||||||
|
|
||||||
|
systemctl enable --now systemd-resolved # Enable resolved now.
|
||||||
|
```
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
|
||||||
|
**1**: This is very important otherwise things won't work. For example, if you have eth1 and not eth0 you'll have to copy and/or rename `eth0.network` to `eth1.network`. Check, and then check again.
|
|
@ -0,0 +1,51 @@
|
||||||
|
# SIMCOM 7600G modem On A Raspberry Pi 4
|
||||||
|
|
||||||
|
This is using [The Waveshare 4G dongle from ThePiHut][4G Dongle].
|
||||||
|
|
||||||
|
**A warning about power**
|
||||||
|
|
||||||
|
No matter which mode used USB disconnects were frequent, mostly when
|
||||||
|
moving the device. I incorrectly assumed the default mode QMI was
|
||||||
|
causing the issue, but it was the modem drawing more current
|
||||||
|
(than the Pi 4 could supply) to latch/keep connected onto a 4G mast.
|
||||||
|
This was with the official Raspberry Pi UK 5.1v 3a power supply too.
|
||||||
|
|
||||||
|
The current method I use to power both the Pi 4 & modem is via this
|
||||||
|
[USB Hub]. There is a warning at first boot about the device not
|
||||||
|
responding but after a automatic bus reset it is fine and works as
|
||||||
|
expected.
|
||||||
|
|
||||||
|
## Switching Modes
|
||||||
|
|
||||||
|
The modem has many modes (see the [PDF Manual] pages 50-51), You can use
|
||||||
|
the mode you prefer. I recommend the USB standard MBIM mode or QMI if
|
||||||
|
you have issues.
|
||||||
|
|
||||||
|
### USB Mode
|
||||||
|
|
||||||
|
Connect to SIMCOM7600 AT com port using minicom...
|
||||||
|
```
|
||||||
|
apt install minicom
|
||||||
|
|
||||||
|
minicom -D /dev/ttyUSB2
|
||||||
|
```
|
||||||
|
|
||||||
|
In minicom get default mode (to revert later if needed)...
|
||||||
|
```
|
||||||
|
AT+CUSBPIDSWITCH
|
||||||
|
```
|
||||||
|
|
||||||
|
Set USB mode...
|
||||||
|
|
||||||
|
```
|
||||||
|
AT+CUSBPIDSWITCH=9011,1,1
|
||||||
|
```
|
||||||
|
|
||||||
|
After the device has rebooted connect to minicom again & issue...
|
||||||
|
```
|
||||||
|
AT+CLANMODE=1
|
||||||
|
```
|
||||||
|
|
||||||
|
[PDF Manual]: https://usermanual.wiki/m/e87a5540256c1ed0390232e8663c1f46570ff85b21c470d98dce792ecedd3525.pdf
|
||||||
|
[USB Hub]: https://smile.amazon.co.uk/gp/product/B08K3GFD3Q
|
||||||
|
[4G Dongle]: https://thepihut.com/products/sim7600g-h-4g-usb-dongle
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Proxy internal lan HTTP
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStart=socat -v tcp-listen:8080,reuseaddr,fork tcp:192.168.156.2:80
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Unit]
|
||||||
|
Description=mnt-sda1
|
||||||
|
|
||||||
|
[Mount]
|
||||||
|
What=/dev/sda1
|
||||||
|
Where=/mnt/sda1
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,61 @@
|
||||||
|
# apt install --no-install-recommends libqmi-utils
|
||||||
|
# cp -v ./qmi-network@.service /etc/systemd/system/
|
||||||
|
# systemctl daemon-reload
|
||||||
|
# systemctl enable --now qmi-network@0
|
||||||
|
|
||||||
|
# This will NOT work without a .network for your wwan device.
|
||||||
|
[Unit]
|
||||||
|
Description=qmi-network for cdc-wdm%i device
|
||||||
|
|
||||||
|
Before=freepbx.service
|
||||||
|
Before=asterisk.service
|
||||||
|
|
||||||
|
After=sys-subsystem-net-devices-wwan%i.device
|
||||||
|
Wants=sys-subsystem-net-devices-wwan%i.device
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Restart=always
|
||||||
|
TimeoutSec=300s
|
||||||
|
|
||||||
|
# Leave the following blank/as-is for auto-detection.
|
||||||
|
# Internet APN.
|
||||||
|
Environment=APN=""
|
||||||
|
# APN Username.
|
||||||
|
Environment=APN_USER=""
|
||||||
|
# APN Password.
|
||||||
|
Environment=APN_PASS=""
|
||||||
|
# IP type is usually 4, 6 or 4|6.
|
||||||
|
Environment=IP_TYPE="4|6"
|
||||||
|
# Change to yes to use qmi proxy.
|
||||||
|
Environment=PROXY="no"
|
||||||
|
|
||||||
|
# Make sure the state is cleared before starting.
|
||||||
|
ExecStartPre=-rm /tmp/qmi-network-state-cdc-wdm%i
|
||||||
|
|
||||||
|
# Stop wwan so it can be reconfigured.
|
||||||
|
ExecStartPre=networkctl down wwan%i
|
||||||
|
|
||||||
|
# Raw IP must be enabled.
|
||||||
|
ExecStartPre=sh -c "echo 'Y' | tee /sys/class/net/wwan%i/qmi/raw_ip"
|
||||||
|
|
||||||
|
# Start the network via qmi-network scripts.
|
||||||
|
# As some networks and/or devices take a long time to connect we should
|
||||||
|
# give it some time to be ready before starting the connection process.
|
||||||
|
ExecStartPre=-sh -e -c "sleep 60; qmi-network /dev/cdc-wdm%i start"
|
||||||
|
|
||||||
|
# Bring up the network.
|
||||||
|
ExecStartPre=networkctl up wwan%i
|
||||||
|
|
||||||
|
# Small loop as the main process to watchdog the connection.
|
||||||
|
# (NOTE: DHCP must be given a little time to settle before pinging).
|
||||||
|
ExecStart=sh -e -c "sleep 10; while true; do ping -w 120 -I wwan%i -c 5 one.one.one.one; sleep 300; done;"
|
||||||
|
|
||||||
|
# Stop.. DOWN TIME!
|
||||||
|
ExecStop=networkctl down wwan%i
|
||||||
|
ExecStop=qmi-network /dev/cdc-wdm%i stop
|
||||||
|
# Be sure the network state is cleared on stop too.
|
||||||
|
ExecStop=-rm /tmp/qmi-network-state-cdc-wdm%i
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sys-subsystem-net-devices-wwan%i.device
|
|
@ -0,0 +1,17 @@
|
||||||
|
# !! Requires a netdev configured to work
|
||||||
|
#
|
||||||
|
# $ cp -v ./wifi-power\@.service /etc/systemd/system/
|
||||||
|
# $ systemctl daemon-reload
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# $ systemctl enable --now wifi-power@wlan0
|
||||||
|
[Unit]
|
||||||
|
Description=Toggle %i power saving
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=iw %i set power_save on
|
||||||
|
ExecStop=iw %i set power_save off
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sys-subsystem-net-devices-%i.device
|
|
@ -0,0 +1,76 @@
|
||||||
|
# WPA Supplicant
|
||||||
|
|
||||||
|
You must be root `sudo -s`!
|
||||||
|
|
||||||
|
All wireless devices need wpa_supplicant to work correctly, so let's
|
||||||
|
install it...
|
||||||
|
|
||||||
|
```
|
||||||
|
apt install wpa_supplicant
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
To avoid issues with rogue wpa_supplicant processes disable the default
|
||||||
|
service...
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl disable wpa_supplicant.service
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Now using the example `wpa_supplicant-wlan0.conf` file; Copy it into
|
||||||
|
`/etc/wpa_supplicant`...
|
||||||
|
|
||||||
|
```
|
||||||
|
cp -iv wpa_supplicant-wlan0.conf /etc/wpa_supplicant-wlan0.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
**You must rename it to match your wireless device if different, or if
|
||||||
|
you already have a `/etc/wpa_supplicant/wpa_supplicant-wlan0.conf` file
|
||||||
|
and you don't want to overwrite it. You can use `ip addr` to find it.**
|
||||||
|
|
||||||
|
```
|
||||||
|
cp -iv wpa_supplicant-wlan0.conf /etc/wpa_supplicant-wlan1.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
We only want root to be able to read the configuration as it contains
|
||||||
|
passwords...
|
||||||
|
|
||||||
|
```
|
||||||
|
chmod -Rv 600 /etc/wpa_supplicant/*.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Start the service for our device...
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl enable --now wpa_supplicant@wlan0.service
|
||||||
|
```
|
||||||
|
|
||||||
|
**Make sure you change the name of the device if yours is different!**
|
||||||
|
|
||||||
|
```
|
||||||
|
systemctl enable --now wpa_supplicant@wlan1.service
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
Finally we need to restart the device...
|
||||||
|
|
||||||
|
**Once again make sure you get the right device!**
|
||||||
|
|
||||||
|
```
|
||||||
|
networkctl down wlan0
|
||||||
|
networkctl up wlan0
|
||||||
|
```
|
||||||
|
|
||||||
|
And check everything is working..
|
||||||
|
|
||||||
|
```
|
||||||
|
networkctl status wlan0
|
||||||
|
```
|
|
@ -0,0 +1,26 @@
|
||||||
|
# $ systemctl disable wpa_supplicant.service
|
||||||
|
# $ cp -v ./wpa_supplicant-wlan0.conf /etc/wpa_supplicant/
|
||||||
|
# $ chmod -Rv 600 /etc/wpa_supplicant/*.conf
|
||||||
|
# $ systemctl enable --now wpa_supplicant@wlan0.service
|
||||||
|
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
|
||||||
|
update_config=1
|
||||||
|
|
||||||
|
# Change to match your country.
|
||||||
|
country=GB
|
||||||
|
|
||||||
|
network={
|
||||||
|
# Modify these two lines to match your wifi settings!
|
||||||
|
ssid="Internet"
|
||||||
|
psk="password"
|
||||||
|
|
||||||
|
# "WPA2/WPA3 PSK, SAE" mixed uncomment the lines below.
|
||||||
|
key_mgmt=WPA-PSK-SHA256
|
||||||
|
ieee80211w=2
|
||||||
|
|
||||||
|
# If you use WPA-PSK / PSK2 uncomment the lines below.
|
||||||
|
# proto=RSN
|
||||||
|
# key_mgmt=WPA-PSK
|
||||||
|
# pairwise=CCMP
|
||||||
|
# group=CCMP
|
||||||
|
# auth_alg=OPEN
|
||||||
|
}
|
Loading…
Reference in New Issue