-
Install certbot
apt update && apt install certbot
-
Make sure http (80) is open on the machine
-
Run
sudo certbot certonly --standalone
and follow the assistant -
Create script
/usr/local/bin/certbot-renew.sh
with the following content:#!/bin/bash FQDN="filewave.example.com" /bin/certbot renew cp -uf /etc/letsencrypt/live/${FQDN}/fullchain.pem /usr/local/filewave/certs/server.crt cp -uf /etc/letsencrypt/live/${FQDN}/privkey.pem /usr/local/filewave/certs/server.key yes | /usr/local/filewave/python/bin/python /usr/local/filewave/django/manage.pyc update_dep_profile_certs /usr/local/bin/fwcontrol server restart exit 0
-
Make script excutable with
sudo chmod +x /usr/local/bin/certbot-renew.sh
-
Run script for testing
/usr/local/bin/certbot-renew.sh
-
Add new job to
/etc/crontab
:0 5 * * 6 root /usr/local/bin/certbot-renew.sh
[via]https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-11[/via]
[via]https://www.reviewmynotes.com/2022/10/filewave-and-lets-encrypt.html[/via]
Category: OS
Counter Strike: Source won’t start on NixOS
After the latest update of my NixOS machine, Counter Strike: Source wont start. Starting Steam from console shows the following error message
[...]
src/tcmalloc.cc:278] Attempt to free invalid pointer 0x94d1af0
/home/user/.local/share/Steam/steamapps/common/Counter-Strike Source/hl2.sh: line 73: 14550 Aborted (core dumped) ${GAME_DEBUGGER} "${GAMEROOT}"/${GAMEEXE} "$@
I could fixed the problem by
- copy the
libmimalloc.so
from Half-Life 2 bin-folder (/home/user/.local/share/Steam/steamapps/common/Half-Life 2/bin/libmimalloc.so
) to Conter-Strike: Source bin-folder - Rename existing
libtcmalloc_minimal.so.4
tolibtcmalloc_minimal.so.4~
or similar - rename
libmimalloc.so
toibtcmalloc_minimal.so.4
The game now starts 🙂
Fixing Windows Hello PIN on Windows 11 (0x80090016)
This is the second time, my Lenovo X13s (Windows-on-ARM) machine wont boot and ask for the BitLocker key. After using the recovery key, and login with password, i can't set a new Windows PIN which is needed for biometric (fingerprint or face recognition) login. I get the error message Something went wrong. Try again later (0x80090016)
.
tl;dr
To fix this, you need to delete the folder C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC
and reboot the system. After that, i was able to set a new PIN.
Steps
-
takeown /f C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /r /d y
-
icacls C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /grant administrators:F /t
- Delete
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC
- Reboot
Quick and dirty DHCP and TFTP Server
- Install
dnsmasq
- Identify network device
ìp link
- set temporary static ip address
ip a add 192.168.0.66/24 dev <devicename>
- Run
sudo dnsmasq -d -i <devicename> -p 5333 --listen-address=192.168.0.66 -K --dhcp-range 192.168.0.100,192.168.0.200,12h --enable-tftp --tftp-root=</path/to/tftp/dir/>
Enable sshd for root on Ubuntu Live
- Set keyboard layout with
setxkbmap <lang>
- Update package repo with
sudo apt update
- Install sshd and vim with
sudo apt install openssh-server vim
- Update sshd config with
sudo vim /etc/ssh/sshd_config
- Set
PermitRootLogin yes
- Set
PasswordAuthentication yes
- Set
- Set password for root with
sudo passwd root
- Restart SSHD service
sudo systemctl restart ssh.service
- Login via ssh to machine
Resize a LUKS encrypted root partition
- Resizing the partition used by the encrypted volume
parted /dev/sda
(parted) print
[...]
Number Start End Size File system Name Flags
1 1049kB 525MB 524MB fat16 EFI system partition boot, esp
2 525MB 256GB 256GB Linux filesystem
(parted) resizepart
Partition number? 2
End? [512GB]? '100%'
(parted) print
[...]
Number Start End Size File system Name Flags
1 1049kB 525MB 524MB fat16 EFI system partition boot, esp
2 525MB 512GB 512GB Linux filesystem
(parted) q
- Boot machine from a bootable USB linux system (Arch Linux-, Ubuntu or similar USB installer)
- Open and resizing the encrypted LUKS volume
cryptsetup open /dev/sdb1 sdb1_crypt
cryptsetup resize sdb1_crypt
- Resize the physical device
pvresize /dev/mapper/sdb1_crypt
- Resize the logical device
lvextend -l +100%FREE /dev/mapper/vg-root
- Resizing the file-system of the volume
resize2fs /dev/mapper/vg-root
- Reboot. You are done.
Compile and use Proxmark3 on NixOS (nix-shell)
To compile and use proxmark3 on NixOS you need some packages. I created a nix-shell file with all needed dependencies.
Copy this file as shell.nix
to the cloned proxmark3 folder and run sudo nix-shell
. Continue then the normal compile guide.
with (import <nixpkgs> {});
mkShell {
buildInputs = [
lz4
readline
bzip2
ocamlPackages.ssl
gcc-arm-embedded
];
}
Examples
Proxmark Version/HW Info/Test connection
hw ver
Clone EM4100 to T5577 (Iceman Repo)
lf search
lf em 410x clone --id 0011223344
lf em 410x reader
Clone EM4100 to T5577 (Offical Repo)
lf search
lf em 410xwrite 0011223344 1
lf em 410xread
Useful information about NixOS
Since a few years i use NixOS as my favorite Linux distribution. NixOS is a Linux distribution based on the Nix package manager and build system. It supports reproducible and declarative system-wide configuration management as well as atomic upgrades and rollbacks, although it can additionally support imperative package and user management. See NixOS Wiki.
Upgrade to new version
- Review the NixOS release notes to ensure you account for any changes that need to be done manually. In particular, sometimes options change in backward-incompatible ways.
-
sudo nix-channel --add https://nixos.org/channels/nixos-22.05 nixos
(Change version tag if necessary) -
sudo nix-channel --update
-
nixos-rebuild --upgrade boot
-
Reboot to enter your newly-built NixOS.
It‘s perfectly fine and recommended to leave system.stateVersion
value in the configuration at the release version of the first install of this system. You should only bump this option, if you are sure that you can or have migrated all state on your system which is affected by this option. Before changing this value read the documentation for this option (e.g. man configuration.nix or on NixOS Options).
[via]https://unix.stackexchange.com/a/491772[/via]
Clean up system
sudo nix-collect-garbage --delete-older-than 30d
[via]https://matthewrhone.dev/nixos-package-guide#cleanup-old-packages-user-wide[/via]
Upgrade Kernel to latest version
- Add
boot.kernelPackages = pkgs.linuxPackages_latest;
to your configuration.nix
Use pipewire for Audio (with Bluetooth)
sound.enable = false;
hardware.pulseaudio = {
enable = false;
package = pkgs.pulseaudioFull;
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
config.pipewire = {
"context.properties" = {
#"link.max-buffers" = 64;
"link.max-buffers" = 16; # version < 3 clients can't handle more than this
"log.level" = 2; # https://docs.pipewire.org/#Logging
#"default.clock.rate" = 48000;
#"default.clock.quantum" = 1024;
#"default.clock.min-quantum" = 32;
#"default.clock.max-quantum" = 8192;
};
media-session.config.bluez-monitor.rules = [
{
# Matches all cards
matches = [ { "device.name" = "~bluez_card.*"; } ];
actions = {
"update-props" = {
"bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
# mSBC is not expected to work on all headset + adapter combinations.
"bluez5.msbc-support" = true;
# SBC-XQ is not expected to work on all headset + adapter combinations.
"bluez5.sbc-xq-support" = true;
};
};
}
{
matches = [
# Matches all sources
{ "node.name" = "~bluez_input.*"; }
# Matches all outputs
{ "node.name" = "~bluez_output.*"; }
];
actions = {
"node.pause-on-idle" = false;
};
}
];
};
};
Sporadic freezing/loss of WiFi connection on a Raspberry Pi 3B+
I have two identical Raspberry Pi 3B+ (RPi3B+) running OctoPrint to control my two 3D printers and provide a livestream of the connected webcams when needed. A few months ago I noticed that the "newer" of the two RPIs sporadically lost the WiFi connection after a few minutes or hours. To check if its a a hardware problem I swapped the SD cards between both PIs, but the problem moves with the SD Card, which means its a software problem. First attempts:
- Update system (dist-upgrade)
- Changes the location of the Pi to ensure that the WiFi signal is better.
- A WiFi reconnect script i used before with a Raspberry Zero W.
- Disabled Power Management with ´sudo iwconfig wlan0 power off´
I have connected a LAN cable, waited until the connection was interrupted and tried various commands to restore the connection. Unfortunately nothing helped. I found some errors in the syslog like mailbox indicates firmware halted
and some GitHub issues from RaspberryPi, but no final solution:
wlan freezes in raspberry pi 3B+
PI 3B+ wifi crash, firmware halt and hangs in dongle
brcmfmac: brcmf_sdio_hostmail: mailbox indicates firmware halted
Then I continued to search for differences between the two PIs and found out that the "working Pi" had older drivers 7.45.154
that the "problem Pi", who had 7.45.229
. I downgraded the firmware to 7.45.154
(/lib/firmware/brcm
- my older Pi had these files) and disabled power management. Now, after some weeks of 8h printing each and enabled webcam no problems. With 7.45.229
and also disabled power management it freezes. The firmware files were the only thing I changed.
Working WiFi Firmware/Driver:
dmesg | grep brcmfmac
Firmware: BCM4345/6 wl0: Feb 27 2018 03:15:32 version 7.45.154 (r684107 CY) FWID 01-4fbe0b04
Final solution (tl;dr):
- Disabled Power Management with ´sudo iwconfig wlan0 power off´
- Downgrade drivers/firmware (brcm_7.45.154.tar to
/lib/firmware/brcm
)
Configure local Systemd-resolved DNS Resolver for Company Domains behind VPN
To send queries for the company internal (sub)-domains to the company DNS resolvers behind the VPN, the resolver can be configured with the following commands:
# Configure internal corporate domain name resolvers:
resolvectl dns tun0 192.0.2.53 192.0.2.54
# Only use the internal corporate resolvers for domain names under these:
resolvectl domain tun0 "~example.com"
# Not super nice, but might be needed:
resolvectl dnssec tun0 off
[via]https://www.gabriel.urdhr.fr/2020/03/17/systemd-revolved-dns-configuration-for-vpn/[/via]