So I just happened to delete two files by accident. So here's a quick and dirty
way to recover them.
Please note: Deleted files may be over-written at any point in time by your OS.
So typically you have to immediately unmount the disk. (or pull the plug if its
on '/' and start forensics distro) for minimizing risk of data-loss.
However I felt lucky and just did this:
sudo apt-get install extundelete
sudo extundelete --restore-file /home/user/theFile.txt /dev/sda1
One file could be restored, the other one not. I guess I was lucky.
Turns out running KVM inside KVM performs acceptable. Here's what I had to to
do give it a try.
check if nesting is enabled
cat /sys/module/kvm_intel/parameters/nested
should print: Y
if not you'll need to enable it (requires reboot to become effective)
sudo bash -c "echo 'options kvm_intel nested=1' >> /etc/modprobe.d/qemu-system-x86.conf"
next check if boot parameters correct
egrep 'KVM_INTEL|KVM_AMD' /boot/config-3.16.0-4-amd64
should return:
CONFIG_KVM_INTEL=m
CONFIG_KVM_AMD=m
check if /dev/kvm exists, if not run:
sudo modprobe kvm-intel
That's it, your host system is now configured to do KVM nesting. Make sure to
configure your libvirt/KVM guest VMs to allow using svm/mvx instruction sets.
resources:
I have this huge VM and it tends to grow, luckily I could figure out how to
increase the VM image. (Following this guide the old KVM image will stay in
tact without any modifications.)
On the host system:
# install required tools
sudo apt-get install libguestfs-tools
# shutdown running libvirt container
virsh shutdown my_vm
# move old image
sudo mv /var/lib/libvirt/images/my_vm.img /var/lib/libvirt/images/my_vm.old.img
# create new empty file for our new kvm image
truncate -s 128G /var/lib/libvirt/images/my_vm.img
# or if you want qcow2:
# qemu-img create -f qcow2 /var/lib/libvirt/images/my_vm.qcow2 128G
# (optional) you can list the partitions of an existing KVM image like this
sudo virt-filesystems --long --parts --blkdevs -h -a /var/lib/libvirt/images/my_vm.old.img
# in case of lvm you can list lvm partitions like this:
# virt-filesystems --logical-volumes --long -a /var/lib/libvirt/images/my_vm.old.img
# make copy of old image and expand the new image to all available space in the designeted new image file.
sudo virt-resize --expand /dev/sda1 /var/lib/libvirt/images/mv_vm.old.img /var/lib/libvirt/images/my_vm.img
# if you are using LLVM you might need to run the command like this:
# virt-resize --expand /dev/sda2 --LV-expand /dev/vg_guest/lv_root olddisk newdisk
Once this is complete you might want to edit the qemu VM definition in
/etc/libvirt/qemu/my_vm.xml. Alternatively you may also simply rename the
old image and use the new resized image to the path of the old one.
Now you can start the VM again:
virsh start my_vm
Next you'll need to connect your VM and resize the partition to fill the newly
create empty (virtual) disk space:
sudo resize2fs /dev/sda1
resources:
I thought IRC is stable technology and easy to use in a privacy friendly way.
Turns out this assumption is wrong. Here's what I needed to do to get me set
up for chatting on freenode over a TOR secured connection:
install hexchat
sudo apt-get install hexchat
start hexchat
- enter nick-names
- select freenode from the list
- click edit
- select: servers: irc.freenode.net
- select: connect to select server only
- select: use ssl for the servers on this network
- select: login method: sasl external (cert)
- click close
click connect
register a freenode account:
/msg nickserv register your_password your_email_address
Wait for an email containing an irc-command to verify your account. Copy and
paste that command to hexchat
restart hexchat, login with auth method: username+password
create sasl cert and display fingerprint
mkdir -p ~/.config/hexchat/certs
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ~/.config/hexchat/certs/client.pem -out ~/.config/hexchat/certs/client.pem
chmod 600 .config/hexchat/certs/client.pem
add fingerprint to freenode account
/msg nickserv CERT ADD
open: settings > preferences > network setup and enter tor proxy
(defaults to host: 127.0.0.1 port: 9050 type: socks5)
restart hexchat and edit freenode network settings
- change login method to sasl external
use the add button to add following domain name as server: freenodeok2gncmy.onion
click: close
- click: connect
Took my quite a while to figure out what I actually needed to do to get this
working. Frankly it feels like a waste when configuration a chat client
takes a couple of hours. At least it works now, so see you on freenet eventually.
resources:
I'm assuming following disks are going be part of the new raid1:
Create software raid 1:
sudo mdadm --zero-superblock /dev/sdb /dev/sdc
sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc
sudo bash -c "mdadm --detail --scan /dev/md0 >> /etc/mdadm/mdadm.conf"
setup lvm:
# create lvm physical volume
sudo pvcreate /dev/md0
# create lvm volume group
sudo vgcreate vgSix /dev/md0
# create lvm logical volume
sudo lvcreate -n six --size 5T vgSix
# make fs
sudo mkfd -t ext4 /dev/vgSix/six
# label
sudo e2label /dev/vgSix/six six
resources:
netstat shows you which ports are open on your linux machine. Most of the
time I simply want to see which ports are open and what process opened them
and this is how I do it:
# install netstat if not installed already
sudo apt install net-tools
# run netstat as root so it can display more info about processes
sudo netstat -tulpn
I heard there's a more modern replacement for this, but I my days only got so many hours.
resources:
I want to run a custom docker image as a systemd service.
This assumes I'm starting out on plain debian 8:
# add backports repository
sudo bash -c 'echo -e "\\n\\n#backports\\ndeb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list'
# install docker
sudo apt-get update
sudo apt-get install docker.io
# optional: add your user to docker group so you dont
# have to use sudo all the time for calling docker
# (you will need to log in again to make this come into effect.
# or simply start a new shell)
#sudo adduser $USER docker
# tell systemd to start docker on boot
sudo systemctl enable docker
# create docker container
# (just a simple test container, you might create your own...)
sudo docker run -d -p 80:80 --name example_webserver nginx
## create a systemd unit for a docker container
## (repeat this step for every container you need)
cat << EOF | sudo bash -c 'cat >> /etc/systemd/system/docker-example_webserver.service'
[Unit]
Description=Test Web Server
Requires=docker.service
After=docker.service
[Service]
Restart=always
ExecStart=/usr/bin/docker start -a example_webserver
ExecStop=/usr/bin/docker stop -t 2 example_webserver
[Install]
WantedBy=default.target
EOF
# reload systemd because we added a new unit
sudo systemctl daemon-reload
# start docker container
sudo systemctl start docker-example_webserver.service
# tell systemd to start docker container on boot
sudo systemctl enable docker-example_webserver.service
resources:
This is a very simple, yet effective setup for multi user git servers. I'm
using file-system permissions for managing users and use ssh for remote access.
- get an ssh server up and running.
- create a new user for each git repository. (eg. sudo adduser git-my-project)
init git repo
sudo su git-my-project
cd --
git init --bare --shared=group my-project.git
add user to according group
sudo adduser devuser1 git-my-project
sudo adduser devuser2 git-my-project
clone repo
git clone 'ext::ssh -i .../.ssh/id_rsa devuser1@repo.buzzmark.com %S /home/git-my-project/my-project.git'
It often makes sense to run a web-server behind a reverse proxy for various
reasons. It often also makes sense to terminate TLS on the reverse proxy. So
here's a minimal approach for doing this with nginx:
sudo apt-get install nginx-full
# generate strong diffie haleman paramters
# might take some time ...
sudo openssl dhparam -out /etc/ssl/dhparams.pem 4096
sudo chmod 600 /etc/ssl/dhparams.pem
cat << EOF | sudo bash -c 'cat >> /etc/nginx/sites-available/example.com.conf'
server {
listen 80;
listen [::]:80;
server_name example.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
# reverse proxy configuration
location / {
proxy_pass http://1.2.3.4;
}
# allow big uploads
client_max_body_size 1024M;
# ssl settings
ssl_protocols TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/example.com_bundle.crt;
ssl_certificate_key /etc/ssl/example.com.key;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
}
EOF
sources:
Here's a little followup to my last post. On Debian postgresql defaults
to using linux user accounts for access management. Here's how to add a
new postregsql user:
sudo apt-get install postgresql postgresql-client
# if no postgress process is running now, this command can fix it
#pg_createcluster 9.4 main --start
# if this command fails with locale errors install all locales it demands
#dpkg-reconfigure locales
sudo adduser dbuser
sudo su -c 'createuser dbuser' postgres
sudo su -c 'createdb -O dbuser owncloud' postgres
sources: