kemonine
/
lollipopcloud
Archived
1
0
Fork 0
Code Releases Activity

Compare commits

base: kemonine:4d9d72d4387aa228dc30de2c92ab7f2faf0f19a9
Branches Tags
kemonine:master
...
compare: kemonine:3c51a2a58f8a2028b724b328ba0c78983f53c6b7
Branches Tags
kemonine:master

5 Commits
4d9d72d438 ... 3c51a2a58f

Author SHA1 Message Date
KemoNine 3c51a2a58f
Remove references to PIA VPN provider due to them being purchased recently by a 'shady' company 2019-11-25 21:45:02 +00:00
KemoNine fcb7049270 Merge branch 'hardware_updates' of kemonine/docs into master 2019-05-11 20:27:08 +00:00
KemoNine 5797077dbe
Add some notes on raspberry pi usb + btrfs ; add some notes about arduino-cli 2019-05-11 20:25:26 +00:00
KemoNine 72ce0921b0 Merge branch 'pine64_notes' of kemonine/docs into master 2019-05-08 00:20:39 +00:00
KemoNine cd55cd7511
Add monit monitoring of sd card hiccups and time leaps 2019-05-08 01:18:35 +01:00
8 changed files with 159 additions and 241 deletions
Show Stats Expand all files Collapse all files

1
README.md
View File

@ -33,7 +33,6 @@ If you're not using the [link for beginners](for-beginners/README.md), the follo
- [FirewallD (firewall/routing)](armbian/firewalld.md)
- [Unbound (Non ISP DNS)](armbian/unbound.md)
- VPN Options
- [Private Internet Access (VPN)](armbian/vpn/pia.md)
- [vpn.ac (VPN)](armbian/vpn/vpn_ac.md)
- [VPN Autoconnect](armbian/vpn/vpn_autoconnect.md)

26
advanced/arduino.txt Normal file
View File

@ -0,0 +1,26 @@
Some misc notes on arduino-cli.
This is mostly UNTESTED. YMMV.
https://github.com/arduino/arduino-cli
use arm32 + multiarch for version 0.3.6-alpha on arm64 hardware
apt install gcc-avr
arduino-cli core update-index
arduino-cli config init
nano -w ~/.arduino15/arduino-cli.yaml
board_manager:
additional_urls:
- https://raw.githubusercontent.com/adafruit/arduino-board-index/gh-pages/package_adafruit_index.json
- https://raw.githubusercontent.com/sparkfun/Arduino_Boards/master/IDE_Board_Manager/package_sparkfun_index.json
- https://dl.espressif.com/dl/package_esp32_index.json
arduino-cli core update-index
arduino-cli core install arduino:avr
arduino-cli core install arduino:sam
arduino-cli core install arduino:samd
arduino-cli core install adafruit:avr
arduino-cli core install adafruit:samd
arduino-cli core install SparkFun:avr
arduino-cli core install SparkFun:samd
arduino-cli core install esp32:esp32
arduino-cli core install esp8266:esp8266

2
advanced/namespaced-openvpn.md
View File

@ -11,7 +11,7 @@ git clone https://github.com/slingamn/namespaced-openvpn.git
cd namespaced-openvpn
make install
/usr/local/sbin/namespaced-openvpn --config /etc/openvpn/chicago.conf --auth-user-pass /etc/openvpn/auth_pia.txt
/usr/local/sbin/namespaced-openvpn --config /etc/openvpn/chicago.conf --auth-user-pass /etc/openvpn/auth.txt
ip netns list

39
advanced/raspberrry_pi_usb_btrfs_root.md Normal file
View File

@ -0,0 +1,39 @@
# Running a Raspberry Pi with USB based btrfs root filesystem
This is a very advanced configuration and here as a set of notes for the more daring users building remixes.
Please note: *you will need to change ```/dev/sda``` and ```/dev/sdb``` as well as any sizes and offsets to match your needs and approach*.
``` bash
dd if=/dev/sda of=/dev/sdb bs=1M
parted /dev/sdb
mkpart
33G
-1
q
mkfs.btrfs \
-L writable \
/dev/sdb3
mkdir /mnt/new
mkdir /mnt/orig
mount /dev/sdb2 /mnt/orig
mount -o autodefrag,compress,ssd,ssd_spread /dev/sdb3 /mnt/new
rsync -aPr --delete-after /mnt/orig/ /mnt/new/
nano -w /mnt/new/etc/fstab
btrfs filesystem type && mount options
mount /dev/sdb1 /mnt/new/boot/firmware
nano -w /mnt/new/boot/firmware/config.txt /mnt/new/boot/firmware/cmdline.txt
umount /mnt/orig
pvcreate /dev/sdb2
vgcreate misc /dev/sdb2
lvcreate -C y -n swap.1 -L 1G misc
lvcreate -n scratch -L 6G misc
mkswap /dev/mapper/misc-swap.1
mkfs.btrfs -L scratch /dev/mapper/misc-scratch
mkdir /scratch
nano -w /mnt/new/etc/fstab
add lvm swap
add lvm scratch
```

236
armbian/vpn/pia.md
View File

@ -1,236 +0,0 @@
# Private Internet Access (PIA)
This is a **VERY** advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
The author *strongly* recommends reading through this and adapting/tuning well ahead of any real need(s).
## Inspiration / Sources
- [http://blog.deadlypenguin.com/blog/2017/04/24/vpn-auto-connect-command-line/](http://blog.deadlypenguin.com/blog/2017/04/24/vpn-auto-connect-command-line/)
- [https://forums.linuxmint.com/viewtopic.php?t=97187](https://forums.linuxmint.com/viewtopic.php?t=97187)
- [https://unix.stackexchange.com/questions/301845/scripting-a-way-to-quickly-import-ovpn-files-to-networkmanager-on-ubuntu](https://unix.stackexchange.com/questions/301845/scripting-a-way-to-quickly-import-ovpn-files-to-networkmanager-on-ubuntu)
- [https://www.privateinternetaccess.com/pages/client-support/](https://www.privateinternetaccess.com/pages/client-support/)
## Prep Work
Download PIA OpenVPN advanced configs, drop them in a good place on the filesystem and script import.
All files can be found Under ```Advanced OpenVPN SSL Restrictive Configurations``` on the main PIA website.
### Download PIA OpenVPN Template Files
``` bash
mkdir -p /etc/pia
cd /etc/pia
mkdir openvpn-strong
cd openvpn-strong
wget https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip
unzip openvpn-strong.zip
cd ..
mkdir openvpn-strong-tcp
cd openvpn-strong-tcp
wget https://www.privateinternetaccess.com/openvpn/openvpn-strong-tcp.zip
unzip openvpn-strong-tcp.zip
cd ..
```
### Add OpenVPN To Network Manager
``` bash
# NetworkManager Gnome is *required* to get a missing library on xenial
# OMIT Gnome item if you can get away with it...
apt update
apt install network-manager-openvpn
```
### Cleanup Files for Import
The cipher lines in the templates provided by PIA won't work 100% correctly on import. These commands will clean them up for import.
``` bash
cd /etc/pia
cd openvpn-strong
sed -i 's/aes-256-cbc/AES-256-CBC/g' *.ovpn
sed -i 's/sha256/SHA256/g' *.ovpn
sed -i 's_crl.rsa.4096.pem_/etc/pia/openvpn-strong/crl.rsa.4096.pem_g' *.ovpn
sed -i 's_ca.rsa.4096.crt_/etc/pia/openvpn-strong/ca.rsa.4096.crt_g' *.ovpn
cd ..
cd openvpn-strong-tcp
sed -i 's/aes-256-cbc/AES-256-CBC/g' *.ovpn
sed -i 's/sha256/SHA256/g' *.ovpn
sed -i 's_crl.rsa.4096.pem_/etc/pia/openvpn-strong-tcp/crl.rsa.4096.pem_g' *.ovpn
sed -i 's_ca.rsa.4096.crt_/etc/pia/openvpn-strong-tcp/ca.rsa.4096.crt_g' *.ovpn
cd ..
```
## Import / Setup
### Manual Import
Import the cleaned up, provided OpenVPN profiles. This will require intervention on your part after the profile is created in NetworkManager to ensure it can connect properly.
*Note: this assumes UDP profiles, tweak for the ```openvpn-strong-tcp``` directory if desired or necessary*
#### Initial Import / Edit
``` bash
nmcli connection import type openvpn file /etc/pia/openvpn-strong/[con_name].ovpn
nmcli con show
vim /etc/NetworkManager/system-connections/[con_name]
```
#### Adjustments/Necessary Verification
``` bash
id=PIA - [con_name]
[vpn]
auth=SHA256
cipher=AES-256-CBC
password-flags=0
user-name=[your_username]
[vpn-secrets]
password=[your_password]
```
#### Update Profiles in NetworkManager
``` bash
# Reload For Changes
nmcli connection reload [uuid_from_above]
# Connect
nmcli con up [uuid_from_above]
```
### Scripted Import
Some automated imports based on how the ```ovpn``` files are normally imported via ```nmcli```
*Note: this assumes UDP profiles, you'll need to tweak this as you see fit for TCP*
#### Install ```uuidgen```
``` bash
apt update
apt install uuid-runtime
```
#### Create List of VPN Endpoints
``` bash
cat > /etc/pia/server_list.txt << EOF
us-west.privateinternetaccess.com=PIA - USA (West)
us-east.privateinternetaccess.com=PIA - USA (East)
us-midwest.privateinternetaccess.com=PIA - USA (Midwest)
aus.privateinternetaccess.com=PIA - Australia (Sydney)
austria.privateinternetaccess.com=PIA - Austria
belgium.privateinternetaccess.com=PIA - Belgium
ca-toronto.privateinternetaccess.com=PIA - Canada (Toronto) (East)
ca-vancouver.privateinternetaccess.com=PIA - Canada (Vancouver) (West)
fi.privateinternetaccess.com=PIA - Finland
france.privateinternetaccess.com=PIA - France
germany.privateinternetaccess.com=PIA - Germany
hk.privateinternetaccess.com=PIA - Hong Kong
in.privateinternetaccess.com=PIA - India
japan.privateinternetaccess.com=PIA - Japan
mexico.privateinternetaccess.com=PIA - Mexico
nl.privateinternetaccess.com=PIA - Netherlands
no.privateinternetaccess.com=PIA - Norway
sg.privateinternetaccess.com=PIA - Singapore
spain.privateinternetaccess.com=PIA - Spain
sweden.privateinternetaccess.com=PIA - Sweden
swiss.privateinternetaccess.com=PIA - Switzerland
turkey.privateinternetaccess.com=PIA - Turkey
uk-london.privateinternetaccess.com=PIA - UK (London)
brazil.privateinternetaccess.com=PIA - Brazil
EOF
```
#### Setup NeworkManager Profiles
Some fancy bash tricks to get the full list of NetworkManager PIA connections imported in one copy/paste.
*Note: You'll need to fill in ```[your_username]``` and ```[your_password]``` before running this block of commands.
``` bash
export PIA_USER="[your_username]"
export PIA_PASSWORD="[your_password]"
while read line;
do
desc=$(echo $line | cut -f2 -d'=')
dns=$(echo $line | cut -f1 -d'=')
file="/etc/NetworkManager/system-connections/$desc"
cat > "$file" <<EOF
[connection]
id=$desc
uuid=`uuidgen`
type=vpn
permissions=
secondaries=
[vpn]
connection-type=password
auth=SHA256
password-flags=0
remote=${dns}:1197
cipher=AES-256-CBC
comp-lzo=yes
reneg-seconds=0
remote-cert-tls=server
ca=/etc/pia/openvpn-strong/ca.rsa.4096.crt
dev=tun
service-type=org.freedesktop.NetworkManager.openvpn
username=${PIA_USER}
[vpn-secrets]
password=${PIA_PASSWORD}
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
EOF
chmod 600 "$file"
done < /etc/pia/server_list.txt
systemctl restart NetworkManager
nmcli con show
```
## Testing VPN (Post Setup)
Go to each link below and verify you're safe.
- [https://www.privateinternetaccess.com/pages/whats-my-ip/](https://www.privateinternetaccess.com/pages/whats-my-ip/)
- [http://dnsleak.com/](http://dnsleak.com/)
- [http://ipv6leak.com/](http://ipv6leak.com/)
- [http://emailipleak.com/](http://emailipleak.com/)

2
armbian/vpn/vpn_ac.md
View File

@ -8,8 +8,6 @@ The author *strongly* recommends reading through this and adapting to other serv
## Inspiration / Sources
This is an adaptation of the [PIA](pia.md) setup but for vpn.ac instead.
- [https://vpn.ac/ovpn](https://vpn.ac/ovpn)
## Prep Work

2
armbian/vpn/vpn_autoconnect.md
View File

@ -15,7 +15,7 @@ Some basic setup for auto-connecting a *specific* VPN connection. You'll need/wa
``` bash
# Get UUID for PIA endpoint you want as a default
# Get UUID for endpoint you want as a default
nmcli con show
mkdir /etc/autovpn
# Setup the default so it can be used via autovpn script (see below)

92
hardware/pine64.md
View File

@ -43,3 +43,95 @@ dkms install zfs/0.7.13
systemctl enable zfs-import-cache zfs-import.target zfs-mount zfs-share zfs.target
```
## Monitor For Common Problems
For some reason the Pine64 and SOPine can have problems with "clock jumps" (ie. jumping forward 95 years) due to kernel bugs. They can also have major IO stalls when writing heavily to micro-sd cards, so much so the board becomes basically non-responsive for many minutes (upwards of 10).
The below Monit configuration and setup will monitor for both events and reboot the board in the event either happens. Currently this seems to be the least-worst option for recovery.
### Monit Install / Initial Config
``` bash
apt install monit
nano -w /etc/monit/monitrc
set mail-format { from: user@domain.tld }
set alert admin@domain.tld
set mailserver mail.domain.tld port 587
username "user@domain.tld" password "apassword"
using tls
set httpd port 2812 and
allow admin:apassword
allow guest:guest readonly
#with ssl { # enable SSL/TLS and set path to server certificate
# pemfile: /etc/ssl/certs/monit.pem
#}
```
### Monit Monitor for large clock jumps forward
```/usr/local/bin/check_clock_jump.py```
``` python
#!/usr/bin/env python3
import datetime
import sys
FORMAT_STRING = '%Y-%m-%d %H:%M:%S'
MAX_TIME_JUMP = datetime.timedelta(days=90)
CACHE_FILE = '/var/cache/last_time.check'
current_time = datetime.datetime.now()
last_time = current_time
try:
with open(CACHE_FILE, 'r') as f:
last_time = datetime.datetime.strptime(f.read().strip(), FORMAT_STRING)
except FileNotFoundError:
pass
timedelta = current_time - last_time
if timedelta > MAX_TIME_JUMP:
sys.exit(1)
with open(CACHE_FILE, 'w') as f:
f.write(current_time.strftime(FORMAT_STRING))
sys.exit(0)
```
``` bash
chmod a+x /usr/local/bin/check_clock_jump.py
cat > /etc/monit/conf.d/check_clock_jump.conf <<EOF
check program check_clock_jump with path /usr/local/bin/check_clock_jump.py
if status != 0
then exec "/bin/systemctl reboot"
as uid "root" and gid "root"
EOF
systemctl restart monit
```
### Monit monitor for ```card_busy_detect status: 0xe00``` kernel errors
``` bash
cat > /etc/monit/conf.d/card_busy_detect.conf <<EOF
# From docs: On startup the read position is set to the end of the file and Monit continues to scan to the end of the file on each cycle.
check file kernel path /var/log/kern.log
if content = ".*card_busy_detect status: 0xe00.*"
then exec "/bin/systemctl reboot"
as uid "root" and gid "root"
EOF
systemctl restart monit
```