From c0ed267e084d260b3c20493b6d5c141374e752cd Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Sat, 12 Aug 2023 21:29:33 +0200 Subject: [PATCH 1/4] chore: update article with wol alternative --- knowledge base/wake a host from lan.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/knowledge base/wake a host from lan.md b/knowledge base/wake a host from lan.md index 3f47361..1f99b49 100644 --- a/knowledge base/wake a host from lan.md +++ b/knowledge base/wake a host from lan.md @@ -5,11 +5,17 @@ The host needs to support wake-on-LAN and have it enabled. ## Table of contents 1. [TL;DR](#tldr) +1. [Further readings](#further-readings) 1. [Sources](#sources) ## TL;DR -See [`wakeonlan`][wakeonlan]. +See [`wakeonlan`][wakeonlan] or [`wol`][wol]. + +## Further readings + +- [`wakeonlan`][wakeonlan] +- [`wol`][wol] ## Sources @@ -29,3 +35,4 @@ All the references in the [further readings] section, plus the following: [how to wake up computers using linux by sending magic packets]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[wol]: https://sourceforge.net/projects/wake-on-lan/ From d7c3732e17b31f00aaf086f02770f5bd642fee59 Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Sun, 13 Aug 2023 04:33:53 +0200 Subject: [PATCH 2/4] refactor: moved scripts around --- ...s.sh => boinc.static-frequency-for-niced-loads.sh} | 0 ...-files-in-repo.sh => gpg.decrypt-files-in-repo.sh} | 0 ...omebrew.install.bash => osx.homebrew.install.bash} | 0 .../{osx.xcode-install.zsh => osx.xcode.install.zsh} | 0 scripts/turris-os.create-container.sh | 11 +++++++++++ scripts/turris-os.start-container-at-boot.sh | 7 +++++++ 6 files changed, 18 insertions(+) rename scripts/{boinc-static-frequency-for-niced-loads.sh => boinc.static-frequency-for-niced-loads.sh} (100%) rename scripts/{decrypt-files-in-repo.sh => gpg.decrypt-files-in-repo.sh} (100%) rename scripts/{homebrew.install.bash => osx.homebrew.install.bash} (100%) rename scripts/{osx.xcode-install.zsh => osx.xcode.install.zsh} (100%) create mode 100644 scripts/turris-os.create-container.sh create mode 100644 scripts/turris-os.start-container-at-boot.sh diff --git a/scripts/boinc-static-frequency-for-niced-loads.sh b/scripts/boinc.static-frequency-for-niced-loads.sh similarity index 100% rename from scripts/boinc-static-frequency-for-niced-loads.sh rename to scripts/boinc.static-frequency-for-niced-loads.sh diff --git a/scripts/decrypt-files-in-repo.sh b/scripts/gpg.decrypt-files-in-repo.sh similarity index 100% rename from scripts/decrypt-files-in-repo.sh rename to scripts/gpg.decrypt-files-in-repo.sh diff --git a/scripts/homebrew.install.bash b/scripts/osx.homebrew.install.bash similarity index 100% rename from scripts/homebrew.install.bash rename to scripts/osx.homebrew.install.bash diff --git a/scripts/osx.xcode-install.zsh b/scripts/osx.xcode.install.zsh similarity index 100% rename from scripts/osx.xcode-install.zsh rename to scripts/osx.xcode.install.zsh diff --git a/scripts/turris-os.create-container.sh b/scripts/turris-os.create-container.sh new file mode 100644 index 0000000..13582d2 --- /dev/null +++ b/scripts/turris-os.create-container.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +lxc-create -n 'alpine' -t 'download' -- -d 'Alpine' -r '3.18' -a 'armv7l' + +uci add dhcp host +uci set dhcp.@host[-1].name='alpine' +uci set dhcp.@host[-1].mac="$(grep 'hwaddr' '/srv/lxc/alpine/config' | sed 's/.*= //')" +uci set dhcp.@host[-1].ip='192.168.111.2' +uci commit 'dhcp' +reload_config +luci-reload diff --git a/scripts/turris-os.start-container-at-boot.sh b/scripts/turris-os.start-container-at-boot.sh new file mode 100644 index 0000000..045b0fc --- /dev/null +++ b/scripts/turris-os.start-container-at-boot.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +cat < Date: Sun, 13 Aug 2023 04:34:36 +0200 Subject: [PATCH 3/4] feat: monitoring server in lxc container example using turris os --- knowledge base/apt.md | 12 +++++ knowledge base/grafana.md | 1 + knowledge base/lxc.md | 17 ++++--- knowledge base/turris os.md | 91 ++++++++++++++++++++++++++++--------- 4 files changed, 93 insertions(+), 28 deletions(-) diff --git a/knowledge base/apt.md b/knowledge base/apt.md index 440c3cd..06249cd 100644 --- a/knowledge base/apt.md +++ b/knowledge base/apt.md @@ -71,6 +71,12 @@ apt-check policy 'boinc-client' # Reconfigure packages. sudo dpkg-reconfigure 'mariadb-server' sudo dpkg-reconfigure -p 'low' 'unattended-upgrades' + +# Stop installing recommended and suggested packages. +cat > /etc/apt/apt.conf.d/99norecommend << EOF +APT::Install-Recommends "0"; +APT::Install-Suggests "0"; +EOF ``` ## Automate security upgrades @@ -97,6 +103,12 @@ See [Apt configuration] for more information. APT::Default-Release "stable"; ``` +```txt +# /etc/apt/apt.conf.d/99norecommend +APT::Install-Recommends "0"; +APT::Install-Suggests "0"; +``` + ```txt # /etc/apt/apt.conf.d/99parallel-fetch APT::Acquire::Queue-Mode "access"; diff --git a/knowledge base/grafana.md b/knowledge base/grafana.md index 63e28e0..1ce1984 100644 --- a/knowledge base/grafana.md +++ b/knowledge base/grafana.md @@ -140,6 +140,7 @@ $ curl -sS \ | Name | Grafana ID | URLs | | ------------------ | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Node exporter full | 1860 | [grafana](https://grafana.com/grafana/dashboards/1860-node-exporter-full/), [github raw](https://raw.githubusercontent.com/rfmoz/grafana-dashboards/master/prometheus/node-exporter-full.json) | +| OpenWRT | 11147 | [grafana](https://grafana.com/grafana/dashboards/11147-openwrt/) | ## Further readings diff --git a/knowledge base/lxc.md b/knowledge base/lxc.md index 5944219..e06743b 100644 --- a/knowledge base/lxc.md +++ b/knowledge base/lxc.md @@ -19,17 +19,20 @@ ls '/usr/share/lxc/templates' # List the options supported by templates. lxc-create -t 'download' -h -# Create new containers. +# Create containers. # Use the 'download' template to choose from a list of distribution. -lxc-create -n 'nas' --template 'download' +lxc-create -n 'nas' -t 'download' +lxc-create --name 'nas' --template 'download' -- \ + --server 'images.linuxcontainers.org' +# Create containers non-interactively. # Values are case sensitive and depend from what is on the server. -lxc-create -n 'pi-hole' -t 'download' -- \ - --server 'images.linuxcontainers.org' \ - --dist 'debian' --release 'bullseye' --arch 'armhf' --variant 'cloud' -lxc-create -n 'git' -t 'download' -- \ +lxc-create -n 'alpine' -t 'download' -- -d 'Alpine' -r '3.18' -a 'armv7l' +lxc-create --name 'pi-hole' --template 'download' -- \ --server 'repo.turris.cz/lxc' \ - -d 'Debian' -r 'Bullseye' -a 'armv7l' + --dist 'Ubuntu' --release 'Focal' --arch 'armv7l' +lxc-create … -t 'download' -- -d 'debian' -r 'bookworm' -a 'amd64' \ + --server 'images.linuxcontainers.org' # Start containers. lxc-start -n 'pi-hole' diff --git a/knowledge base/turris os.md b/knowledge base/turris os.md index 4b6fcd7..f490d66 100644 --- a/knowledge base/turris os.md +++ b/knowledge base/turris os.md @@ -15,10 +15,10 @@ Linux distribution based on top of OpenWrt. Check the [website] for more informa 1. [Start containers](#start-containers) 1. [Execute a shell into containers](#execute-a-shell-into-containers) 1. [Start containers at boot](#start-containers-at-boot) - 1. [Examples](#examples) - 1. [CFEngine hub](#cfengine-hub) - 1. [Git server](#git-server) - 1. [Pi-hole](#pi-hole) + 1. [Example: cfengine hub](#example-cfengine-hub) + 1. [Example: git server](#example-git-server) + 1. [Example: monitoring](#example-monitoring) + 1. [Example: pi-hole](#example-pi-hole) 1. [Hardening](#hardening) 1. [The SFP+ caged module](#the-sfp-caged-module) 1. [Use the SFP module as a LAN port](#use-the-sfp-module-as-a-lan-port) @@ -71,9 +71,18 @@ reboot # Gracefully shutdown the device. poweroff +# List available LXC container images. +# Default source is 'repo.turris.cz/lxc'. +lxc-create -n 'test' -t 'download'; lxc-destroy -n 'test' +lxc-create … -t 'download' -- --server 'images.linuxcontainers.org' + # Create LXC containers. -lxc-create --name 'ubuntu-focal' --template 'download' -- --dist 'Ubuntu' --release 'Focal' --arch 'armv7l' --server 'repo.turris.cz/lxc' -lxc-create … -t 'download' -- --dist 'debian' --release 'bullseye' --arch 'armhf' --server 'images.linuxcontainers.org' +# Default source is 'repo.turris.cz/lxc'. +# Values are case sensitive and depend from what is on the server. +lxc-create -n 'alpine' -t 'download' -- -d 'Alpine' -r '3.18' -a 'armv7l' +lxc-create --name 'ubuntu-focal' --template 'download' -- \ + --server 'repo.turris.cz/lxc' \ + --dist 'Ubuntu' --release 'Focal' --arch 'armv7l' # List snapshots. schnapps list @@ -181,13 +190,18 @@ Unless otherwise specified: In shell: ```sh +# List available LXC container images. # Default source is 'repo.turris.cz/lxc'. -# Values for the template options are case sensitive. -lxc-create --name 'test' --template 'download' -lxc-create -n 'git' -t 'download' -- -d 'Debian' -r 'Bullseye' -a 'armv7l' -lxc-create -n 'pi-hole' -t 'download' -- - --server 'images.linuxcontainers.org' \ - --dist 'debian' --release 'bullseye' --arch 'armhf' +lxc-create -n 'test' -t 'download'; lxc-destroy -n 'test' +lxc-create … -t 'download' -- --server 'images.linuxcontainers.org' + +# Create LXC containers. +# Default source is 'repo.turris.cz/lxc'. +# Values are case sensitive and depend from what is on the server. +lxc-create -n 'pi-hole' -t 'download' -- -d 'Debian' -r 'Bullseye' -a 'armv7l' +lxc-create --name 'pi-hole' --template 'download' -- \ + --server 'repo.turris.cz/lxc' \ + --dist 'Ubuntu' --release 'Focal' --arch 'armv7l' ``` Using the WebUI: @@ -257,16 +271,15 @@ config container option timeout 60 ``` -### Examples +### Example: cfengine hub -#### CFEngine hub - -> CFEngine does not seem to support 32bits ARM processors (but it does support arm64) anymore. +> CFEngine does not seem to support 32bits ARM processors anymore (but it does support arm64).
+> Still, since I am using a 32bit processor this is not doable for me.
Old installation test - > This procedure assumes an LXC container based upon Debian Bullseye. + > This procedure assumes you are using an LXC container based on the Debian Bullseye image. ```sh # Set the correct hostname. @@ -283,9 +296,9 @@ config container
-#### Git server +### Example: git server -> This procedure assumes an LXC container based upon Debian Bullseye. +> This procedure assumes you are using an LXC container based on the Debian Bullseye image. ```sh # Set the correct hostname. @@ -321,9 +334,45 @@ chsh 'git' -s "$(which 'git-shell')" exit ``` -#### Pi-hole +### Example: monitoring -> This procedure assumes an LXC container based upon Debian Bullseye. +> This procedure assumes you are using an LXC container based on the Debian Bullseye image. + +```sh +# Set the correct hostname. +hostnamectl set-hostname 'monitoring' + +# Install the requirements +DEBIAN_FRONTEND='noninteractive' apt-get install --assume-yes 'unattended-upgrades' 'wget' + +# Stop installing recommended and suggested packages. +cat > /etc/apt/apt.conf.d/99norecommend << EOF +APT::Install-Recommends "0"; +APT::Install-Suggests "0"; +EOF + +# Add Grafana's repository with its key. +wget -q -O /usr/share/keyrings/grafana.key https://apt.grafana.com/gpg.key +echo "deb [signed-by=/usr/share/keyrings/grafana.key] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list + +# Install Prometheus and Grafana. +apt update +DEBIAN_FRONTEND='noninteractive' apt-get install --assume-yes 'grafana-enterprise' 'prometheus' + +# Configure Prometheus and Grafana. +# See the '/docker/monitoring' example. + +# Enable the services. +systemctl enable 'grafana-server.service' +systemctl enable 'prometheus.service' + +# All done! +exit +``` + +### Example: pi-hole + +> This procedure assumes you are using an LXC container based on the Debian Bullseye image. See [Installing pi-hole on Turris Omnia], [Install Pi-hole] and [Pi-Hole on Turris Omnia] for details. From c5d67a67b66c39024d0bbc2bdd9fe8d26e386324 Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Wed, 16 Aug 2023 00:20:33 +0200 Subject: [PATCH 4/4] fix: azure cli installation commands --- knowledge base/azure/cli.md | 3 ++- knowledge base/pipx.md | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/knowledge base/azure/cli.md b/knowledge base/azure/cli.md index dae1348..aaa6285 100644 --- a/knowledge base/azure/cli.md +++ b/knowledge base/azure/cli.md @@ -17,9 +17,10 @@ Queries (`az … --query …`) use the [JMESPath] query language for JSON. ```sh # Install the CLI. pip install 'azure-cli' +pipx install 'azure-cli' brew install 'azure-cli' asdf plugin add 'azure-cli' && asdf install 'azure-cli' '2.43.0' -docker run -it -v "${HOME}/.ssh:/root/.ssh" 'mcr.microsoft.com/azure-cli' +docker run -v "${HOME}/.azure:/root/.azure" 'mcr.microsoft.com/azure-cli:2.40.0' # Disable certificates check upon connection. # Use it for proxies with doubtful certificates. diff --git a/knowledge base/pipx.md b/knowledge base/pipx.md index cd56107..37b60cb 100644 --- a/knowledge base/pipx.md +++ b/knowledge base/pipx.md @@ -39,6 +39,9 @@ pipx upgrade 'pip-autoremove' # Upgrade all installed applications. pipx upgrade-all + +# Remove installed applications. +pipx uninstall 'azure-cli' ``` ## Further readings