diff options
Diffstat (limited to 'tools')
28 files changed, 1986 insertions, 634 deletions
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf index 35d75c8..f09b6a6 100644 --- a/tools/conf/etc/dnsmasq.conf +++ b/tools/conf/etc/dnsmasq.conf @@ -8,6 +8,7 @@ # (53). Setting this to zero completely disables DNS function, # leaving only DHCP and/or TFTP. #port=5353 +port=53 # The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot @@ -74,7 +75,7 @@ server=127.0.0.1#40 # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -#local=/localnet/ +local=/core/ # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local @@ -106,16 +107,20 @@ server=127.0.0.1#40 # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. -#interface= +interface=lo +interface=br0 + # Or you can specify which interface _not_ to listen on -#except-interface= +except-interface=wlp7s0 # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) -#listen-address= +listen-address=127.0.0.1 +#listen-address=10.0.0.1 # If you want dnsmasq to provide only DNS service on an interface, # configure it as shown above, and then use the following line to # disable DHCP and TFTP on it. -#no-dhcp-interface= +no-dhcp-interface=lo +no-dhcp-interface=wlp7s0 # On systems which support it, dnsmasq binds the wildcard address, # even when it is listening on only some interfaces. It then discards @@ -124,7 +129,7 @@ server=127.0.0.1#40 # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. -#bind-interfaces +bind-interfaces # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. @@ -136,7 +141,7 @@ addn-hosts=/etc/hosts.dnsmasq # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. -#expand-hosts +expand-hosts # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. @@ -145,7 +150,7 @@ addn-hosts=/etc/hosts.dnsmasq # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" -#domain=thekelleys.org.uk +domain=core.privat-network.net # Set a different domain for a particular subnet #domain=wireless.thekelleys.org.uk,192.168.2.0/24 @@ -159,6 +164,7 @@ addn-hosts=/etc/hosts.dnsmasq # repeat this for each network on which you want to supply DHCP # service. #dhcp-range=192.168.0.50,192.168.0.150,12h +dhcp-range=br0,10.0.0.5,10.0.0.50,12h # This is an example of a DHCP range where the netmask is given. This # is needed for networks we reach the dnsmasq DHCP server via a relay diff --git a/tools/conf/etc/nginx/conf.d/10-default.conf b/tools/conf/etc/nginx/conf.d/10-default.conf new file mode 100644 index 0000000..97ee31b --- /dev/null +++ b/tools/conf/etc/nginx/conf.d/10-default.conf @@ -0,0 +1,8 @@ +## +# Virtual Host Redirection 80 to 443 +## +server { + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; +} diff --git a/tools/conf/etc/nginx/nginx.conf b/tools/conf/etc/nginx/nginx.conf new file mode 100644 index 0000000..ddbdee6 --- /dev/null +++ b/tools/conf/etc/nginx/nginx.conf @@ -0,0 +1,141 @@ +# +# /etc/nginx/nginx.conf - nginx server configuration +# + + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log; + +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + # ssl on; + ssl_certificate /etc/ssl/certs/nginx.crt; + ssl_certificate_key /etc/ssl/keys/nginx.key; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + client_body_timeout 12; + client_header_timeout 12; + send_timeout 65; + + + gzip on; + gzip_vary on; + #gzip_proxied any; + gzip_comp_level 9; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; + + #server { + # listen 80; + # server_name localhost; + # + # #charset koi8-r; + # + # location / { + # root html; + # index index.html index.htm; + # } + # + # error_page 404 /404.html; + # + # # redirect server error pages to the static page /50x.html + # # + # error_page 500 502 503 504 /50x.html; + # location = /50x.html { + # root html; + # } + # + # # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # # + # #location ~ \.php$ { + # # proxy_pass http://127.0.0.1; + # #} + # + # # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # # + # #location ~ \.php$ { + # # root html; + # # fastcgi_pass 127.0.0.1:9000; + # # fastcgi_index index.php; + # # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # # include fastcgi_params; + # #} + # + # # deny access to .htaccess files, if Apache's document root + # # concurs with nginx's one + # # + # #location ~ /\.ht { + # # deny all; + # #} + #} + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/tools/conf/etc/nginx/sites-enabled/default.conf b/tools/conf/etc/nginx/sites-enabled/default.conf new file mode 100644 index 0000000..4e01b88 --- /dev/null +++ b/tools/conf/etc/nginx/sites-enabled/default.conf @@ -0,0 +1,49 @@ + +server { + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default; + + location /distfiles { + alias /usr/ports/distfiles; + } + + + location /bug { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/bug(.+\.php)$ { ### This location block was the solution + alias /srv/www/default/flyspray; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites/default.conf b/tools/conf/etc/nginx/sites/default.conf new file mode 100644 index 0000000..1c71c44 --- /dev/null +++ b/tools/conf/etc/nginx/sites/default.conf @@ -0,0 +1,60 @@ + +server { + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default; + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location /bug { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ ^/bug(.+\.php)$ { ### This location block was the solution + alias /srv/www/default/flyspray; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites/drupal.conf b/tools/conf/etc/nginx/sites/drupal.conf new file mode 100644 index 0000000..0407a6a --- /dev/null +++ b/tools/conf/etc/nginx/sites/drupal.conf @@ -0,0 +1,129 @@ +server { + + listen 192.168.1.254:443 ssl; + listen 10.0.0.254:443 ssl; + + server_name c9.core + + root /srv/www/default/drupal; ## <-- Your only path reference. + + # Enable compression, this will help if you have for instance advagg¿? module + # by serving Gzip versions of the files. + gzip_static on; + + location ~ ^/stats/(.*)$ { + alias /srv/www/stats/$1; + autoindex on; + } + + location /doc { + alias /srv/www/c9-doc; + autoindex on; + } + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + } + + # This matters if you use drush prior to 5.x + # After 5.x backups are stored outside the Drupal install. + #location = /backup { + # deny all; + #} + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + # This is cool because no php is touched for static content + try_files $uri @rewrite; + } + + location ~* /update.php*/.*$ { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /update.php; + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + #rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + #fastcgi_pass unix:/tmp/phpfpm.sock; + fastcgi_pass 127.0.0.1:9000; + } + + # Fighting with Styles? This little gem is amazing. + # This is for D6 + #location ~ ^/sites/.*/files/imagecache/ { + # This is for D7 and D8 + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + #log_not_found off; + } + +} diff --git a/tools/conf/etc/nginx/sites/flyspray.conf b/tools/conf/etc/nginx/sites/flyspray.conf new file mode 100644 index 0000000..80b5530 --- /dev/null +++ b/tools/conf/etc/nginx/sites/flyspray.conf @@ -0,0 +1,40 @@ + +server { + listen 443 ssl; + # listen [::]:443 ssl; + + server_name c9.core; + + root /srv/www/default/flyspray; + index index.php; + + location /ports { + alias /var/ports/ports; + autoindex on; + } + + location /distfiles { + alias /var/ports/distfiles; + autoindex on; + } + + location /packages { + root /var/ports/packages; + autoindex off; + } + + + location / { + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/nginx/sites/laravel.conf b/tools/conf/etc/nginx/sites/laravel.conf new file mode 100644 index 0000000..e563a3e --- /dev/null +++ b/tools/conf/etc/nginx/sites/laravel.conf @@ -0,0 +1,28 @@ +server { + listen 443 ssl; + # listen [::]:443 ssl; + + root /srv/www/default/laravel/public; + server_name c9.core + + location /c9-doc { + alias /srv/www/c9-doc; + index index.html; + autoindex on; + } + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + # try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/tools/conf/etc/rc.d/blan b/tools/conf/etc/rc.d/blan new file mode 100755 index 0000000..f75d272 --- /dev/null +++ b/tools/conf/etc/rc.d/blan @@ -0,0 +1,63 @@ +#!/bin/sh +# +# /etc/rc.d/net: start/stop network interface +# + +DEV="br0" +PHY="enp8s0" + +ADDR=10.0.0.1 +NET=10.0.0.0 +MASK=24 +GTW=10.0.0.1 +NTAPS=$((`/usr/bin/nproc`-1)) + +case $1 in + start) + /sbin/ip link add name ${DEV} type bridge + /sbin/ip link set dev ${DEV} up + + /bin/sleep 0.2s + /sbin/ip route flush dev ${PHY} + /sbin/ip addr flush dev ${PHY} + /sbin/ip link set dev ${PHY} master ${DEV} + + /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + echo $TAP + /sbin/ip tuntap add ${TAP} mode tap group kvm + /sbin/ip link set ${TAP} up + /bin/sleep 0.2s + #brctl addif $switch $1 + /sbin/ip link set ${TAP} master ${DEV} + done + + exit 0 + ;; + stop) + + for i in `/usr/bin/seq $NTAPS` + do + TAP="tap$i" + /sbin/ip link del ${TAP} + echo $TAP + done + + /sbin/ip link set dev ${DEV} down + /sbin/ip route flush dev ${DEV} + /sbin/ip link del ${DEV} + exit 0 + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 [start|stop|restart]" + ;; +esac + +# End of file diff --git a/tools/conf/etc/rc.d/postgresql b/tools/conf/etc/rc.d/postgresql new file mode 100755 index 0000000..5f0762a --- /dev/null +++ b/tools/conf/etc/rc.d/postgresql @@ -0,0 +1,16 @@ +# +# /etc/rc.d/postgresql: start, stop or restart PostgreSQL server postmaster +# + +PG_DATA=/srv/pgsql/data + +case "$1" in + start|stop|status|restart|reload) + sudo -u postgres pg_ctl -D "$PG_DATA" -l /var/log/postgresql "$1" + ;; + *) + echo "usage: $0 start|stop|restart|reload|status" + ;; +esac + +# End of file diff --git a/tools/conf/srv/pgsql/data/pg_hba.conf b/tools/conf/srv/pgsql/data/pg_hba.conf new file mode 100644 index 0000000..55ce3f3 --- /dev/null +++ b/tools/conf/srv/pgsql/data/pg_hba.conf @@ -0,0 +1,96 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# plain TCP/IP socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", +# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that +# "password" sends passwords in clear text; "md5" is preferred since +# it sends encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the postmaster receives +# a SIGHUP signal. If you edit the file on a running system, you have +# to SIGHUP the postmaster for the changes to take effect. You can +# use "pg_ctl reload" to do that. + +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + +# CAUTION: Configuring the system for local "trust" authentication +# allows any local user to connect as any PostgreSQL user, including +# the database superuser. If you do not trust all your local users, +# use another authentication method. + + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +#local all all trust +local all postgres ident +# IPv4 local connections: +host all all 127.0.0.1/32 trust +#hostssl all all 192.168.0.0/32 md5 + +# IPv6 local connections: +#host all all ::1/128 trust +# Allow replication connections from localhost, by a user with the +# replication privilege. +#local replication postgres trust +#host replication postgres 127.0.0.1/32 trust +#host replication postgres ::1/128 trust diff --git a/tools/conf/srv/pgsql/data/postgresql.conf b/tools/conf/srv/pgsql/data/postgresql.conf new file mode 100644 index 0000000..df3525c --- /dev/null +++ b/tools/conf/srv/pgsql/data/postgresql.conf @@ -0,0 +1,623 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +#unix_socket_directories = '/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +ssl = on # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +ssl_cert_file = '/etc/ssl/certs/pg.crt' # (change requires restart) +ssl_key_file = '/etc/ssl/keys/pg.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +password_encryption = on +#db_user_namespace = off +#row_security = on + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 128MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = sysv # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + +# - Disk - + +#temp_file_limit = -1 # limits per-session temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = minimal # minimal, archive, hot_standby, or logical + # (change requires restart) +#fsync = on # turns forced synchronization on or off +#synchronous_commit = on # synchronization level; + # off, local, remote_write, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_compression = off # enable compression of full-page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1h +#max_wal_size = 1GB +#min_wal_size = 80MB +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 0 # max number of replication slots + # (change requires restart) +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = off # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# This is only relevant when logging to eventlog (win32): +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +#log_line_prefix = '' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'Portugal' + + +# - Process Title - + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#stats_temp_directory = 'pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user", public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'Portugal' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#operator_precedence_warning = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/tools/index.html b/tools/index.html index b721f73..d20ccfa 100644 --- a/tools/index.html +++ b/tools/index.html @@ -68,19 +68,25 @@ <h2>System Administration</h2> <ul> - <li><a href="network.html">Network</a> + <li><a href="network.html">Network Tools</a> <ul> - <li><a href="dnsmasq.html">1. Dnscrypt and Dnsmasq</a></li> - <li><a href="tcpdump.html">2. Tcpdump</a></li> - <li><a href="wireless.html">Wireless</a></li> + <li><a href="dnsmasq.html">Dnscrypt and Dnsmasq</a></li> + <li><a href="tcpdump.html">Tcpdump</a></li> <li><a href="nmap.html">Nmap</a></li> + <li><a href="wireless.html">Wireless</a></li> </ul> </li> <li><a href="storage.html">Storage</a> <ul> - <li><a href="storage.html#mv">Moving partitions</a></li> - <li><a href="storage.html#lvm">LVM</a></li> - <li><a href="storage.html#btrfs">BTRFS</a></li> + <li><a href="lvm.html">LVM</a> + <ul> + <li><a href="lvm.html#lvmpart">1. LVM partition</a></li> + <li><a href="lvm.html#pv">2. Create physical volume</a></li> + <li><a href="lvm.html#vg">3. Create volume group</a></li> + <li><a href="lvm.html#lv">4. Create logical volume</a></li> + <li><a href="lvm.html#maint">5. Maintenance</a></li> + </ul> + </li> </ul> </li> <li><a href="syslog-ng.html">Syslog-ng</a> @@ -120,39 +126,39 @@ <li> <a href="openssh.html">OpenSSH</a> <ul> - <li><a href="openssh.html#sshd">Server</a></li> - <li><a href="openssh.html#sshdconf">Configure Server</a></li> - <li><a href="openssh.html#ssh">Client</a></li> - <li><a href="openssh.html#reverse">Reverse connection</a></li> + <li><a href="openssh.html#sshd">1. Server</a></li> + <li><a href="openssh.html#sshdconf">2. Configure Server</a></li> + <li><a href="openssh.html#ssh">3. Client</a></li> + <li><a href="openssh.html#reverse">4. Reverse connection</a></li> </ul> </li> <li><a href="gitolite.html">Gitolite</a> <ul> - <li><a href="gitolite.html#install">Install Gitolite</a></li> - <li><a href="gitolite.html#config">Configure Gitolite</a></li> - <li><a href="gitolite.html#admin">Gitolite Administration</a></li> - <li><a href="gitolite.html#hooks">Gitolite Hooks</a></li> + <li><a href="gitolite.html#install">1. Install Gitolite</a></li> + <li><a href="gitolite.html#config">2. Configure Gitolite</a></li> + <li><a href="gitolite.html#admin">3. Gitolite Administration</a></li> + <li><a href="gitolite.html#hooks">4. Gitolite Hooks</a></li> </ul> </li> <li><a href="postgresql.html">Postgresql</a> <ul> - <li><a href="postgresql.html#install">Install Postgresql</a></li> - <li><a href="postgresql.html#config">Configure Server</a></li> - <li><a href="postgresql.html#createuser">Create User</a></li> - <li><a href="postgresql.html#createdb">Create Database</a></li> - <li><a href="postgresql.html#dropdb">Drop Database</a></li> - <li><a href="postgresql.html#dropuser">Drop User</a></li> - <li><a href="postgresql.html#psql">Psql</a></li> + <li><a href="postgresql.html#install">1. Install Postgresql</a></li> + <li><a href="postgresql.html#config">2. Configure Server</a></li> + <li><a href="postgresql.html#createuser">3. Create User</a></li> + <li><a href="postgresql.html#createdb">4. Create Database</a></li> + <li><a href="postgresql.html#dropdb">5. Drop Database</a></li> + <li><a href="postgresql.html#dropuser">6. Drop User</a></li> + <li><a href="postgresql.html#psql">7. Psql</a></li> </ul> </li> <li><a href="nginx.html">Nginx</a> <ul> - <li><a href="nginx.html#install">Install Nginx</a></li> - <li><a href="nginx.html#logs">Logs</a></li> - <li><a href="nginx.html#userdir">User Directory</a></li> - <li><a href="nginx.html#certs">Certificates</a></li> - <li><a href="nginx.html#nginxconf">Nginx Configuration</a></li> - <li><a href="nginx.html#server">Laravel Server</a></li> + <li><a href="nginx.html#install">1. Install Nginx</a></li> + <li><a href="nginx.html#certs">2. Certificates</a></li> + <li><a href="nginx.html#nginxconf">3. Nginx Configuration</a></li> + <li><a href="nginx.html#server">4. Server with PHP</a></li> + <li><a href="nginx.html#userdir">5. User Directory</a></li> + <li><a href="nginx.html#logs">6. Logs</a></li> </ul> </li> </ul> diff --git a/tools/lvm.html b/tools/lvm.html new file mode 100644 index 0000000..8b1624a --- /dev/null +++ b/tools/lvm.html @@ -0,0 +1,151 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>LVM</title> + </head> + <body> + + <a href="index.html">Tools Index</a> + + <h1>LVM</h1> + + <p>Read <a href="https://raid.wiki.kernel.org/index.php/RAID_setup">Raid Setup</a>, + the only thing you will need outside system is: + "Patience, Pizza, and your favorite caffeinated beverage.". + <a href="https://wiki.archlinux.org/index.php/Software_RAID_and_LVM">Arch Wiki</a> + article about Sofware RAID and LVM.</p> + + <p>Basic idea behind RAID is to deal with independent disks + as an array of drives. Raid 0 uses two or more disks as one, + with performance gains without fault-tolerance. From raid 1 + to 6 they offer diferent fault tolerance mechanisms.</p> + + <p>LVM or Logic Volume Manager bring one more layer, read + <a href="http://www.tuxradar.com/content/lvm-made-easy">Lvm made easy</a>. + Partitions under lvm are easy to be resized, moved and there is + a tool to help encrypt. There is more freedom to name physical + disk names exp; production, development, backups...</p> + + + <p>Until now "from install" there is only one partition, + it is good idea to have a system with diferent partitions for each + propos. If is a "fresh install";</p> + + <pre> + # cd /iso/crux/opt/ + # pkgadd lvm2#2.02.107-1.pkg.tar.xz + # + </pre> + + <h2 id="lvmpart">1. LVM Partition</h2> + + <p>Create a LVM partition, fdisk should + show something like this;</p> + + <pre> + # parted /dev/sda + </pre> + + <p>I use defaults unless to define system partition last sector, + where in this example is size, +80G</p> + + + <h2 id="pv">2. Create physical volume</h2> + + <pre> + # pvcreate /dev/sdb3 + Physical volume "/dev/sdb3" successfully created + </pre> + + <h2 id="vg">3. Create volume group</h2> + + <pre> + # vgcreate vg_system /dev/sdb3 + Volume group "vg_system" successfully created + # vgcreate homevg /dev/sdb4 + Volume group "homevg" successfully created + # + </pre> + + <h3>3.1. Search Volume Groups</h3> + + <pre> + # vgscan + Reading all physical volumes. This may take a while... + Found volume group "homevg" using metadata type lvm2 + Found volume group "vg_system" using metadata type lvm2 + # + </pre> + + <h2 id="lv">4. Create logical volume</h2> + + <pre> + # lvcreate -L 15G -n distfileslv vg_system + Logical volume "distfileslv" created. + # lvcreate -L 8G -n packageslv vg_system + Logical volume "packageslv" created. + # lvcreate -L 4G -n swaplv vg_system + Logical volume "swaplv" created. + # lvcreate -L 80G -n homelv homevg + Logical volume "homelv" created. + # + </pre> + + <pre> + # mkfs.ext4 /dev/vg_system/distfileslv + # mkfs.ext4 /dev/vg_system/packageslv + # mkswap /dev/vg_system/swaplv + # mkfs.ext4 /dev/homevg/homelv + </pre> + + <h3>4.1. Activate Deactivate</h3> + + <p>Deactivate logical volumes;</p> + + <pre> + # lvchange -a -n /dev/vg_system/packageslv + # lvchange -a -n /dev/vg_system/distfileslv + # swapoff /dev/vg_system/sawplv + # lvchange -a -n /dev/vg_system/swaplv + </pre> + + <p>Deactivate volume group;</p> + + <pre> + # vgchange -a n vg_system + 0 logical volume(s) in volume group "vg_system" now active + # + </pre> + + <p>Activate volume group;</p> + <pre> + # vgchange -a y vg_system + 3 logical volume(s) in volume group "vg_system" now active + # + </pre> + + <h2 id="maint">5. Maintenance</h2> + + <pre> + # smartctl -t long /dev/sdb1 + # smartctl -a /dev/sdb1 | less + </pre> + + <p><a href="https://wiki.archlinux.org/index.php/Badblocks">Non Destructive Test;</a></p> + + <pre> + # badblocks -nsv /dev/sdb1 + </pre> + + <h2 id="encrypt">7. Encryption</h2> + + <a href="index.html">Tools Index</a> + <p> + This is part of the c9-doc Manual. + Copyright (C) 2016 + c9 team. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + </body> +</html> diff --git a/tools/network.html b/tools/network.html new file mode 100644 index 0000000..5e4a481 --- /dev/null +++ b/tools/network.html @@ -0,0 +1,46 @@ +<!DOCTYPE html> +<html dir="ltr" lang="en"> + <head> + <meta charset='utf-8'> + <title>Network Tools</title> + </head> + <body> + + <a href="index.html">Tools Index</a> + + <h1>Network Tools</h1> + + <h2 id="bridge">Bridges</h2> + + <p>See <a href="conf/etc/rc.d/blan">/etc/rc.d/blan</a> on + how to create interfaces at startup or as source to do it + in automatic way;</p> + + <pre> + DEV="br0" + PHY="enp8s0" + </pre> + + <pre> + # ip link add name ${DEV} type bridge + # ip link set dev ${DEV} up + </pre> + <pre> + # ip route flush dev ${PHY} + # ip addr flush dev ${PHY} + # ip link set dev ${PHY} master ${DEV} + </pre> + + <pre> + # ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + + </pre> + + <a href="index.html">Tools Index</a> + <p>This is part of the c9 Manual. + Copyright (C) 2016 + c9 team. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> + + </body> +</html> diff --git a/tools/nginx.html b/tools/nginx.html index 8fe632e..0ded2b6 100644 --- a/tools/nginx.html +++ b/tools/nginx.html @@ -7,9 +7,9 @@ <body> <a href="index.html">Tools Index</a> - <h1>1. Nginx</h1> + <h1>Nginx</h1> - <h2 id="install">1.1. Install Nginx</h2> + <h2 id="install">1. Install Nginx</h2> <pre> $ prt-get depinst nginx @@ -21,17 +21,16 @@ UID=xxxxx-xxx-xxx-xxx-xxxxxxxx /srv/www ext4 defaults,nosuid,noexec,nodev,noatime 1 2 </pre> - <p>Remove nginx user or group, system defines www user and group;</p> + <p>Add user nginx to www group;</p> <pre> - # userdel nginx - # groupdel nginx + # usermod -a -G www nginx </pre> - <p>Change default home directory of www user;</p> + <p>Change default home directory of nginx user;</p> <pre> - # usermod -m -d /srv/www www + # usermod -m -d /srv/www nginx </pre> <p>Create configuration directory's for better organization;</p> @@ -42,44 +41,11 @@ $ sudo mkdir /etc/nginx/sites </pre> - <h2 id="logs">1.2. Logs</h2> - - <pre> - $ sudo grep "login" /var/log/nginx/access.log - $ sudo grep "etc/passwd" /var/log/nginx/access.log - $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log - </pre> - - <h2 id="userdir">1.3. User Directory</h2> - - <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> - - <pre> - location ~ ^/~(.+?)(/.*)?$ { - alias /home/$1/public_html$2; - index index.html index.htm; - autoindex on; - } - </pre> - - <p>Directories should have 644 or 664 and - files chmod 755 or 775;</p> - - <pre> - $ sudo find . -type f -print0 | xargs -0 chmod 644 - $ sudo find . -type d -print0 | xargs -0 chmod 755 - </pre> - - <h2 id="certs">1.4. Certificates</h2> + <h2 id="certs">2. Certificates</h2> <p>Certificates allow a more secure connection. Lets create self-signed certificate;</p> - <pre> - $ sudo mkdir /etc/nginx/ssl - $ sudo cd /etc/nginx/ssl - </pre> - <p>Create private key;</p> <pre> @@ -108,11 +74,11 @@ If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:PT - State or Province Name (full name) [Some-State]:Porto + State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: - Common Name (e.g. server FQDN or YOUR name) []:c13.nark.biz.tm + Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net Email Address []: Please enter the following 'extra' attributes @@ -122,38 +88,54 @@ $ </pre> + <p>Having password is a good idea, but requires it every + time nginx is restarted. To remove;</p> + + <pre> + $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass + $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key + </pre> + + <pre> + Enter pass phrase for /etc/ssl/keys/nginx.key.pass: + writing RSA key + </pre> + + <pre> + $ sudo chown nginx /etc/ssl/keys/nginx.key* + $ sudo chmod 0600 /etc/ssl/keys/nginx.key* + # chmod 644 /etc/ssl/certs/exim.cert + </pre> + <p>Sign SSL cetificate;</p> <pre> - $ sudo openssl x509 -req -days 365 -in /etc/ssl/certs/nginx.csr -signkey /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.crt + $ sudo openssl x509 -req -days 365 \ + -in /etc/ssl/certs/nginx.csr \ + -signkey /etc/ssl/keys/nginx.key \ + -out /etc/ssl/certs/nginx.crt + </pre> + Signature ok - subject=/C=PT/ST=Porto/O=Internet Widgits Pty Ltd/CN=c13.nark.biz.tm + subject=/C=PT/ST=Some-State/O=Internet Widgits Pty Ltd/CN=core.privat-network.net Getting Private key Enter pass phrase for /etc/ssl/keys/nginx.key: - $ </pre> - <h3>Remove Password</h3> - - <p>Having password is a good idea, but requires it every - time nginx is restarted. To remove;</p> - <pre> - $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.org - $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.org -out /etc/ssl/keys/nginx.key - Enter pass phrase for /etc/ssl/keys/nginx.key.org: - writing RSA key - $ + $ sudo chown nginx:nginx /etc/ssl/keys/nginx.key* + $ sudo chmod 0600 /etc/ssl/keys/nginx.key* + $ sudo chmod 644 /etc/ssl/certs/nginx.cert </pre> - <h2 id="nginxconf">1.5. Nginx Configuration</h2> + <h2 id="nginxconf">3. Nginx Configuration</h2> - <p><a href="http://wiki.nginx.org/Pitfalls">READ NGINX PITFALLS</a>, + <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a>, for more information about optimization <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">digitalocean</a>, <p>Number of worker_processes must be equal or less than - the number of available cpu cores</p> + the number of available cpu cores. This is set to auto.</p> <pre> $ nproc @@ -168,36 +150,30 @@ 1024 </pre> - <p>Example of http block with ssl configured;</p> + <p>Example of http block with ssl configured;</p> <pre> # - # /etc/nginx/nginx.conf + # /etc/nginx/nginx.conf - nginx server configuration # - user www; - worker_processes 2; - error_log /var/log/nginx/error.log info; + user nginx; + worker_processes auto; + + error_log /var/log/nginx/error.log; + + pid /var/run/nginx.pid; + events { worker_connections 1024; } - http { - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - sendfile on; - #tcp_nopush on; - #keepalive_timeout 620; - keepalive_timeout 65; - client_body_timeout 12; - client_header_timeout 12; - # send_timeout 620; - send_timeout 65; + http { + include mime.types; + default_type application/octet-stream; ## # SSL Settings @@ -209,25 +185,25 @@ ssl_certificate /etc/ssl/certs/nginx.crt; ssl_certificate_key /etc/ssl/keys/nginx.key; - ## - # Logging Settings - ## #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log combined; - error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; - ## - # Gzip Settings - ## + sendfile on; + #tcp_nopush on; - gzip on; - gzip_disable "msie6"; + keepalive_timeout 65; + client_body_timeout 12; + client_header_timeout 12; + send_timeout 65; + + gzip on; gzip_vary on; - gzip_proxied any; + #gzip_proxied any; gzip_comp_level 9; # gzip_buffers 16 8k; # gzip_http_version 1.1; @@ -245,83 +221,150 @@ include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; + } - # End of file </pre> + # End of file + </pre> + + <h2 id="server">4. Server with PHP</h2> + <p>To debug configurations check logs and;</p> - <h2 id="server">1.6. Server with PHP</h2> + <pre> + nginx -V + </pre> - check <a href "../conf/etc/nginx/">configuration directory</a> - for more examples. Install php and composer that is required - by Laravel;</p> + <h3>4.1. Setup PHP</h3> - <h3>1.6.1. Setup PHP</h3> + <p> Install php and setup php.ini as development mode;</p> <pre> - $ prt-get depinst php php-fpm php-gd php-pdo-pgsql composer + $ sudo prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql </pre> <p>Setup php ini in development mode;<p/> <pre> - $ sudo cp /etc/php/php.ini-development php.ini + $ sudo cp /etc/php/php.ini-development /etc/php/php.ini + </pre> + + <pre> $ php --ini Configuration File (php.ini) Path: /etc/php Loaded Configuration File: /etc/php/php.ini Scan for additional .ini files in: /etc/php/conf.d Additional .ini files parsed: /etc/php/conf.d/extensions.ini, /etc/php/conf.d/pdo_pgsql.ini - - $ </pre> - <h3>1.6.2. Setup Virtual Host</h3> + <h3>4.2. Setup Virtual Host</h3> + + <p>Server (virtual host) with pmwiki and flyspray, check + <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a> + for more examples. Install pmwiki and flyspray;</p> + + <pre> + $ sudo prt-get depinst pmwiki flyspray + </pre> - <p>Server (virtual host) with Laravel, - /etc/nginx/sites/<a href="../conf/etc/nginx/sites/laravel.conf">laravel.conf</a>;</p> + <p> This server is configured in a way that + root serves pmwiki and /tasks serves flyspray. In order to + flyspray to link correctly change index is needed;</p> <pre> server { listen 443 ssl; - listen [::]:443 ssl; + # listen [::]:443 ssl; - root /srv/www/atom/public; - server_name c13.nark.biz.tm; - index index.html index.htm index.php; + server_name c9.core; - charset utf-8; + root /srv/www/default; - location / { - try_files $uri $uri/ /index.php$is_args$args; + location /distfiles { + alias /usr/ports/distfiles; } - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - access_log off; - error_log /var/log/nginx/c13-nark-biz-tm-error.log error; - sendfile off; + location /tasks { + index index.php; + alias /srv/www/default/flyspray; + try_files $uri $uri/ index.php$is_args$args; + } - client_max_body_size 100m; + location ~ ^/tasks(.+\.php)$ { + alias /srv/www/default/flyspray; - location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors off; - fastcgi_buffer_size 16k; - fastcgi_buffers 4 16k; + try_files $uri /index.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; } - location ~ /\.ht { - deny all; + location / { + alias /srv/www/default/pmwiki/; + index pmwiki.php + try_files $uri $uri/ /pmwiki.php$is_args$args; + } + + location ~ \.php$ { + alias /srv/www/default/pmwiki; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index pmwiki.php; + try_files $uri /pmwiki.php =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass 127.0.0.1:9000; } } </pre> + <p>Change /srv/www/default/flyspray/index.php to;</p> + + <pre> + <?php + /* + This is the main script that everything else is included + in. Mostly what it does is check the user permissions + to see what they have access to. + */ + define('IN_FS', true); + $_SERVER['SCRIPT_NAME'] = "/bug/index.php"; + require_once(dirname(__FILE__).'/header.php'); + </pre> + + <h2 id="userdir">5. User Directory</h2> + + <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> + + <pre> + location ~ ^/~(.+?)(/.*)?$ { + alias /home/$1/public_html$2; + index index.html index.htm; + autoindex on; + } + </pre> + + <p>Directories should have 644 or 664 and + files chmod 755 or 775;</p> + + <pre> + $ sudo find . -type f -print0 | xargs -0 chmod 644 + $ sudo find . -type d -print0 | xargs -0 chmod 755 + </pre> + + <h2 id="logs">6. Logs</h2> + + <pre> + $ sudo grep "login" /var/log/nginx/access.log + $ sudo grep "etc/passwd" /var/log/nginx/access.log + $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log + </pre> + + <a href="index.html">Tools Index</a> <p>This is part of the c9-doc Manual. diff --git a/tools/openssh.html b/tools/openssh.html index ca504b2..3fe72e3 100644 --- a/tools/openssh.html +++ b/tools/openssh.html @@ -199,8 +199,8 @@ <p>If the server is on remote a remote machine;</p> <pre> - $ scp /home/bob/.ssh/gitolite.pub admin@nark.biz.tm:/home/admin/.ssh/ - bob@nark.biz.tm's password: + $ scp /home/bob/.ssh/gitolite.pub admin@core.privat-network.net:/home/admin/.ssh/ + bob@core.privat-network.net's password: gitolite.pub 100% 390 0.4KB/s 00:00 </pre> @@ -223,25 +223,25 @@ <pre> Host admin - Hostname nark.biz.tm + Hostname core.privat-network.net IdentityFile ~/.ssh/id_rsa Port 2222 User admin Host gitolite - Hostname nark.biz.tm + Hostname core.privat-network.net IdentityFile ~/.ssh/gitolite Port 2222 User gitolite Host box - Hostname nark.biz.tm + Hostname core.privat-network.net IdentityFile ~/.ssh/id_rsa Port 2222 User bob Host devbox - Hostname nark.biz.tm + Hostname core.privat-network.net IdentityFile ~/.ssh/id_rsa Port 2222 User gitolite diff --git a/tools/postgresql.html b/tools/postgresql.html index e160ae2..0399ec6 100644 --- a/tools/postgresql.html +++ b/tools/postgresql.html @@ -11,53 +11,26 @@ <h1>Postgresql</h1> - <h2 id="install">1.1. Install Postgresql</h2> + <h2 id="install">1. Install Postgresql</h2> - <pre> - $ prt-get depinst postgresql - </pre> - - <p>Mount Point;</p> + <p>Install postgresql;</p> <pre> - # mkdir -p /srv/pgsql - # mount /srv/pgsql + $ prt-get depinst postgresql </pre> - <p>Create user;</p> - <pre> - # useradd -U -m -d /srv/pgsql -s /bin/false postgres - useradd: warning: the home directory already exists. - Not copying any file from skel directory into it. + # mkdir /srv/pgsql/ + # touch /var/log/postgresql + # chown postgres:postgres /srv/pgsql /var/log/postgresql + # sudo -u postgres initdb -D /srv/pgsql/data </pre> - <pre> - # passwd -l postgres - passwd: password expiry information changed. - # touch /var/log/pgsql - # chown -R postgres:postgres /srv/pgsql /var/log/pgsql - # ldconfig /user/lib/postgresql - </pre> + <h2 id="config">2. Configure Server</h2> - $ sudo -u postgres mkdir -p /srv/pgsql/data - # sudo -u postgres touch /srv/pgsql/.psql_history - </pre> + <h3>2.1. Init script</h3> - <p>Create /etc/logrotate.d/postgres;</p> - - <pre> - /var/log/pgsql { - weekly - compress - delaycompress - rotate 10 - notifempty - create 660 postgres postgres - } - </pre> - - <p>Edit /etc/rc.d/postgresql;</p> + <p>Change <a href="conf/etc/rc.d/postgresql">/etc/rc.d/postgresql</a>;</p> <pre> # @@ -65,26 +38,85 @@ # PG_DATA=/srv/pgsql/data - PG_HOME=/srv/pgsql case "$1" in - start|stop|status|restart|reload) - (cd $PG_HOME && sudo -u postgres pg_ctl -D "$PG_DATA" -l /var/log/pgsql "$1") - ;; - *) - echo "usage: $0 start|stop|restart|reload|status" - ;; + start|stop|status|restart|reload) + sudo -u postgres pg_ctl -D "$PG_DATA" -l /var/log/postgresql "$1" + ;; + *) + echo "usage: $0 start|stop|restart|reload|status" + ;; esac # End of file </pre> - <h2 id="config">1.2. Configure Server</h2> + <h3>2.2. Certificates</h3> <pre> - # sudo -u postgres initdb -D /srv/pgsql/data + $ sudo openssl genrsa -des3 -out /etc/ssl/keys/pg.key 2048 + Password: + Generating RSA private key, 2048 bit long modulus + ..............................+++ + ............+++ + e is 65537 (0x10001) + Enter pass phrase for /etc/ssl/keys/pg.key: + Verifying - Enter pass phrase for /etc/ssl/keys/pg.key: </pre> + <p>Create ceritificate signing request. For "Common Name" + provide domain name or ip address, leave challange password + and optional company name blank;</p> + + <pre> + $ sudo openssl req -x509 -in server.req -text -key /etc/ssl/keys/pg.key -out /etc/ssl/certs/pg.crt + + Enter pass phrase for /etc/ssl/keys/pg.key: + You are about to be asked to enter information that will be incorporated + into your certificate request. + What you are about to enter is what is called a Distinguished Name or a DN. + There are quite a few fields but you can leave some blank + For some fields there will be a default value, + If you enter '.', the field will be left blank. + ----- + Country Name (2 letter code) [AU]:PT + State or Province Name (full name) [Some-State]: + Locality Name (eg, city) []: + Organization Name (eg, company) [Internet Widgits Pty Ltd]: + Organizational Unit Name (eg, section) []: + Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net + Email Address []: + + Please enter the following 'extra' attributes + to be sent with your certificate request + A challenge password []: + An optional company name []: + $ + </pre> + + <p>Having password is a good idea, but requires it every + time pg is restarted. To remove;</p> + + <pre> + $ sudo cp /etc/ssl/keys/pg.key /etc/ssl/keys/pg.key.pass + $ sudo openssl rsa \ + -in /etc/ssl/keys/pg.key.pass \ + -out /etc/ssl/keys/pg.key + </pre> + + <pre> + Enter pass phrase for /etc/ssl/keys/pg.key.pass: + writing RSA key + </pre> + + <pre> + $ sudo chown postgres:postgres /etc/ssl/keys/pg.key* + $ sudo chmod 0600 /etc/ssl/keys/pg.key* + $ sudo chmod 644 /etc/ssl/certs/pg.cert + </pre> + + <h3>2.3. Super user password</h3> + <p>Create password for super user;</p> <pre> @@ -92,17 +124,31 @@ $ psql -U postgres </pre> - <p>Edit /pgsql/data/<a href="../conf/srv/pgsql/data/postgresql.conf">postgresql.conf</a>;</p> + <h3>2.4. Configure postgresql.conf</h3> + + <p>Edit <a href="conf/srv/pgsql/data/postgresql.conf">/srv/pgsql/data/postgresql.conf</a>;</p> <pre> - log_destination = 'syslog' # Can specify multiple destinations - syslog_facility='LOCAL0' - syslog_ident='postgres' - log_connections = on - password_encryption=on + # - Security and Authentication - + + #authentication_timeout = 1min # 1s-600s + ssl = on # (change requires restart) + #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) + #ssl_prefer_server_ciphers = on # (change requires restart) + #ssl_ecdh_curve = 'prime256v1' # (change requires restart) + ssl_cert_file = '/etc/ssl/certs/pg.crt' # (change requires restart) + ssl_key_file = '/etc/ssl/keys/pg.key' # (change requires restart) + #ssl_ca_file = '' # (change requires restart) + #ssl_crl_file = '' # (change requires restart) + password_encryption = on </pre> - <p>Edit /srv/pgsql/data/<a href="../conf/srv/pgsql/data/pg_hba.conf">pg_hba.conf</a>;</p> + <h3>2.5. Configure pg_hba.conf</h3> + + <p>Edit + <a href="conf/srv/pgsql/data/pg_hba.conf">/srv/pgsql/data/pg_hba.conf</a>; + </p> <pre> # TYPE DATABASE USER ADDRESS METHOD @@ -111,7 +157,8 @@ #local all all trust local all postgres ident # IPv4 local connections: - hostssl all all 127.0.0.1/32 md5 + host all all 127.0.0.1/32 trust + #hostssl all all 192.168.0.0/32 md5 # IPv6 local connections: #host all all ::1/128 trust # Allow replication connections from localhost, by a user with the @@ -121,62 +168,88 @@ #host replication postgres ::1/128 trust </pre> + <p>Start server and alter postgres password</p> + + <pre> + # /etc/rc.d/postgresql start + </pre> + + <pre> + postgres=# alter user postgres with password 'new_password'; + </pre> + + <h3 id="syslog">2.6. Configure syslog-ng</h3> + <p><a href="syslog-ng.html">Configure Syslog-ng</a>, check <a href="http://michael.otacoo.com/postgresql-2/postgres-settings-simple-syslog-configuration-with-syslog-ng/">Michael at otacoo</a> article. Example;</p> + <p>Edit /pgsql/data/<a href="../conf/srv/pgsql/data/postgresql.conf">postgresql.conf</a>;</p> + <pre> - destination postgres { file("/var/log/pgsql"); }; - filter f_postgres { facility(local0); }; - log { source(s_log); filter(f_postgres); destination(postgres); }; + log_destination = 'syslog' # Can specify multiple destinations + syslog_facility='LOCAL0' + syslog_ident='postgres' + log_connections = on </pre> - <p>Start server and alter postgres password</p> + + <p>Create /etc/logrotate.d/postgres;</p> <pre> - # /etc/rc.d/postgresql start + /var/log/pgsql { + weekly + compress + delaycompress + rotate 10 + notifempty + create 660 postgres postgres + } </pre> + <pre> - postgres=# alter user postgres with password 'new_password'; + destination postgres { file("/var/log/pgsql"); }; + filter f_postgres { facility(local0); }; + log { source(s_log); filter(f_postgres); destination(postgres); }; </pre> - <h2 id="createuser">1.3. Create User</h2> + + <h2 id="createuser">3. Create User</h2> <p>Create a new user with createuser command;</p> <pre> $ sudo -u postgres createuser --pwprompt --encrypted \ - --no-createrole --no-createdb laravel_user + --no-createrole --no-createdb flyspray Enter password for new user: Enter it again: </pre> - <h2 id="createdb">1.4. Create Database</h2> + <h2 id="createdb">4. Create Database</h2> <p>Create a new database for new user with createdb command;</p> <pre> $ sudo -u postgres createdb --template=template0 --encoding=UTF8 \ - --owner=laravel_user laravel_db + --owner=flyspray db_flyspray </pre> - <h2 id="dropdb">1.5. Drop Database</h2> + <h2 id="dropdb">5. Drop Database</h2> <p>Deleting database with dropdb command;</p> <pre> - sudo -u postgres dropdb laravel_db + sudo -u postgres dropdb db_flyspray </pre> - <h2 id="dropuser">1.6. Drop User</h2> + <h2 id="dropuser">6. Drop User</h2> <p>Deleting user with dropuser command;</p> <pre> - sudo -u postgres dropuser laravel_user + sudo -u postgres dropuser flyspray </pre> - - <h2 id="psql">1.7. Psql</h2> + <h2 id="psql">7. Psql</h2> <p>Lets check with psql, login with user postgres;</p> @@ -190,7 +263,7 @@ postgres=# \? </pre> - <h3 id="listdb">Psql - List Databases and Roles</h3> + <h3 id="listdb">7.1. List Databases and Roles</h3> <p>List roles then list databases;</p> @@ -199,39 +272,43 @@ postgres=# \l </pre> - <h3 id="psqldb">Psql - Create Database</h3> + <h3 id="psqldb">7.2. Create Database</h3> <pre> - postgres=# create database laravel_db_ext owner laravel_user encoding 'UTF-8' template template0; + postgres=# create database db_flyspray_ext owner flyspray encoding 'UTF-8' template template0; </pre> - <h3 id="droptables">Psql - Drop Tables</h3> + <h3 id="droptables">7.3. Drop Tables</h3> <p>This example assumes that all tables, are in public schema. First connect to database and list tables;</p> <pre> - postgres=# \c laravel_db + postgres=# revoke SELECT on db_flyspray from flyspray; + </pre> + + <pre> + postgres=# \c db_flyspray postgres=# \dt </pre> <p>Drop all tables on public schema and recreate public schema;</p> <pre> - laravel_db=# drop schema public cascade; - laravel_db=# create schema public; + db_flyspray=# drop schema public cascade; + db_flyspray=# create schema public; </pre> - <h3 id="backup">Backup</h3> + <h3 id="backup">7.4. Backup</h3> <p>Backup Database</p> - <h3 id="backup">Restore</h3> + <h3 id="backup">7.5. Restore</h3> <pre> - $ psql laravel_db < database_dump + $ psql db_flyspray < database_dump </pre> <a href="index.html">Tools Index</a> @@ -242,7 +319,5 @@ See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> - - </body> </html> diff --git a/tools/qemu.html b/tools/qemu.html index ce1b66d..8c53ce7 100644 --- a/tools/qemu.html +++ b/tools/qemu.html @@ -97,45 +97,53 @@ <dd>The VDE networking backend.</dd> </dl> - - <h3>2.1. Tap interfaces</h3> - <pre> KERNEL=="tun", GROUP="kvm", MODE="0660", OPTIONS+="static_node=net/tun" </pre> - <p>Automatic creation of tap interface with - correct permissions set for user and group, - you can set only user or group;</p> - <pre> - # tunctl -u username -g kvm -t tap0 - </pre> + <h3>2.1. Public Bridge</h3> - <p>Set permissions to existing tap interface;</p> + <p>Create <a href="network.html#bridge">bridge</a>, create new + tap and add it to bridge;</p> <pre> - # tunctl -u username -t tap0 + # DEV="br0" + # TAP="tap5" </pre> - - <p>Manual creation of tap interface;</p> + <pre> + # ip tuntap add ${TAP} mode tap group kvm + # ip link set ${TAP} up + </pre> <pre> - # ip tuntap add name tap0 mode tap - # chmod 0666 /dev/tap0 - # chown root:username /dev/tap0 + # ip link set ${TAP} master ${DEV} </pre> + <p>See <a href="scripts/system-qemu.sh">scripts/system-qemu.sh</a>, + as template. Run virtual machine that uses above tap device;</p> + <pre> - # ip addr add 10.0.2.1/24 dev tap0 - # ip link set dev tap0 up - # ip link show + $ ISO=~/crux-3.2.iso + $ IMG=~/crux-img.qcow2 + + $ qemu-system-x86_64 \ + -enable-kvm \ + -m 1024 \ + -boot d \ + -cdrom ${ISO} \ + -hda ${IMG} \ + -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no </pre> + <h3>2.2. Routing</h3> + + <p>Create interface with correct permissions set for kvm group.</p> + <pre> # sysctl -w net.ipv4.ip_forward=1 - # iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -o eth0 -j MASQUERADE + # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE </pre> <h2 id="guest">Guest System</h2> @@ -143,22 +151,16 @@ <p>Start qemu with 512 of ram, mydisk.img as disk and boot from iso</p> <pre> - $ qemu-system-x86_64 \ - -enable-kvm \ - -m 512 \ - -boot d -cdrom image.iso \ - -hda mydisk.img - </pre> + $ ISO=~/crux-3.2.iso + $ IMG=~/crux-img.qcow2 - <p>Start qemu with 1024 of ram, network configured using tap0 - interface device no host and boot from crux.qcow2;</p> - - <pre> $ qemu-system-x86_64 \ - -enable-kvm \ - -m 1024 \ - -hda c9/local/crux.qcow2 \ - -net nic,model=virtio -net tap,ifname=tap0,script=no,downscript=no + -enable-kvm \ + -m 1024 \ + -boot d \ + -cdrom ${ISO} \ + -hda ${IMG} \ + -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no </pre> <a href="index.html">Tools Index</a> diff --git a/tools/scripts/config-install.sh b/tools/scripts/config-install.sh new file mode 100644 index 0000000..061081f --- /dev/null +++ b/tools/scripts/config-install.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +CONF_DIR="$(dirname `dirname $0`)/conf" +echo "CONF_DIR=$CONF_DIR\n" diff --git a/tools/scripts/install-nginx.sh b/tools/scripts/install-nginx.sh new file mode 100644 index 0000000..decacc1 --- /dev/null +++ b/tools/scripts/install-nginx.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +. `dirname $0`/config-install.sh + +prt-get depinst nginx + +cp -R $CONF_DIR/etc/nginx/* /etc/nginx/ + +mkdir /srv/www +chown nginx:www /srv/www + +usermod -a -G www nginx +usermod -m -d /srv/www nginx + +openssl genrsa -des3 -out /etc/ssl/keys/nginx.key 2048 +openssl req -new -key /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.csr +openssl x509 -req -days 365 \ + -in /etc/ssl/certs/nginx.csr \ + -signkey /etc/ssl/keys/nginx.key \ + -out /etc/ssl/certs/nginx.crt + +cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass +openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key + diff --git a/tools/scripts/install-php.sh b/tools/scripts/install-php.sh new file mode 100644 index 0000000..4c28173 --- /dev/null +++ b/tools/scripts/install-php.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +. `dirname $0`/config-install.sh + +prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql + +cp /etc/php/php.ini-development /etc/php/php.ini diff --git a/tools/scripts/install-postgres.sh b/tools/scripts/install-postgres.sh new file mode 100644 index 0000000..06666e0 --- /dev/null +++ b/tools/scripts/install-postgres.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +. `dirname $0`/config-install.sh + +prt-get depinst postgresql + +cp -R $CONF_DIR/etc/rc.d/postgresql /etc/rc.d/ + +mkdir /srv/pgsql/ +touch /var/log/postgresql +chown postgres:postgres /srv/pgsql /var/log/postgresql + +sudo -u postgres initdb -D /srv/pgsql/data + +cp $CONF_DIR/srv/pgsql/data/pg_hba.conf /srv/pgsql/data/ +chown postgres:postgres /srv/pgsql/data/pg_hba.conf diff --git a/tools/scripts/replace.sh b/tools/scripts/replace.sh new file mode 100644 index 0000000..8e393f0 --- /dev/null +++ b/tools/scripts/replace.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +folder=$1 +oldstring=$2 +newstring=$3 + +grep -rl $oldstring $folder | xargs sed -i s@$oldstring@$newstring@g diff --git a/tools/scipts/iptables.sh b/tools/scripts/system-iptables.sh index 3215633..4ec3b79 100644 --- a/tools/scipts/iptables.sh +++ b/tools/scripts/system-iptables.sh @@ -146,11 +146,17 @@ IPT="/usr/sbin/iptables" SPAMLIST="blockedip" SPAMDROPMSG="BLOCKED IP DROP" + PUB_IF="wlp7s0" -DHCP_SERV="192.168.1.254" -#PUB_IP="192.168.1.65" #PRIV_IF="wlp3s0" +BRIDGE="br0" +BNET=10.0.0.0 +BMSK=24 + +DHCP_IP="192.168.1.254" +PUB_IP=$(ip addr show dev ${PUB_IF} | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + modprobe ip_conntrack modprobe ip_conntrack_ftp @@ -175,10 +181,14 @@ iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP + # Unlimited on local $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT +$IPT -A INPUT -i $BRIDGE -j ACCEPT +$IPT -A OUTPUT -o $BRIDGE -j ACCEPT + # Block sync $IPT -A INPUT -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 7 --log-prefix "iptables: drop sync: " $IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP @@ -205,6 +215,17 @@ $IPT -A INPUT -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans $IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP +##### Add your virtual rules below ###### + +#echo 1 > /proc/sys/net/ipv4/ip_forward +#$IPT -t nat -A POSTROUTING -o ${PUB_IF} -j SNAT --to ${PUB_IP} +##$IPT -t nat -A POSTROUTING -s 10.0.2.0/24 -o ${PUB_IF} -j MASQUERADE +#$IPT -A FORWARD -i ${TAP_IF} -o ${PUB_IF} -j ACCEPT +#$IPT -A FORWARD -i ${PUB_IF} -o ${TAP_IF} -j ACCEPT +# +#$IPT -A INPUT -i ${TAP_IF} -j ACCEPT +#$IPT -A OUTPUT -o ${TAP_IF} -j ACCEPT + ##### Add your AP rules below ###### #echo 1 > /proc/sys/net/ipv4/ip_forward @@ -242,10 +263,14 @@ $IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP echo "Allow DNS Client" -#$IPT -A INPUT -i ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -#$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -#$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT -#$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT + +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW -j LOG --log-level 7 --log-prefix "iptables: DNS TCP: " +$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT + +$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT -j LOG --log-level 7 --log-prefix "iptables: DNS UDP: " +$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT echo "Allow Whois Client" @@ -300,21 +325,20 @@ $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 22 -m state --state ESTABLISHED -j AC $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT - # echo "Allow FairCoin" # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 46392 -m state --state NEW,ESTABLISHED -j ACCEPT # $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 46392 -m state --state ESTABLISHED -j ACCEPT -# +# # echo "Allow Dashcoin" # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 29080 -m state --state NEW,ESTABLISHED -j ACCEPT # $IPT -A INPUT -i ${PUB_IF} -p tcp --sport 29080 -m state --state ESTABLISHED -j ACCEPT -# +# # echo "Allow warzone2100" # $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2100 -s 192.168.0.0/16 -j ACCEPT # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2100 -j ACCEPT # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT -# +# # echo "Allow wesnoth" # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT @@ -326,8 +350,8 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state -- $IPT -A INPUT -i ${PUB_IF} -p udp --sport 520 --dport 520 -s 192.168.0.0/16 -j DROP # DHCP -$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 68 --dport 67 -d $DHCP_SERV -j ACCEPT -$IPT -A INPUT -i ${PUB_IF} -p udp --sport 68 --dport 67 -s $DHCP_SERV -j ACCEPT +$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 68 --dport 67 -d $DHCP_IP -j ACCEPT +$IPT -A INPUT -i ${PUB_IF} -p udp --sport 68 --dport 67 -s $DHCP_IP -j ACCEPT # log everything else and drop $IPT -A INPUT -j LOG --log-level 7 --log-prefix "iptables: INPUT: " diff --git a/tools/scripts/system-qemu.sh b/tools/scripts/system-qemu.sh new file mode 100644 index 0000000..8c68e70 --- /dev/null +++ b/tools/scripts/system-qemu.sh @@ -0,0 +1,15 @@ +#!/bin/sh +ISO=~/crux-3.2.iso +IMG=~/crux-img.qcow2 + +TAP=$1 + +echo "TAP: $TAP" + +qemu-system-x86_64 \ + -enable-kvm \ + -m 1024 \ + -boot d \ + -cdrom ${ISO} \ + -hda ${IMG} \ + -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no diff --git a/tools/squid.html b/tools/squid.html index 363edba..f34c2dd 100644 --- a/tools/squid.html +++ b/tools/squid.html @@ -22,17 +22,17 @@ http://roberts.bplaced.net/index.php/linux-guides/centos-6-guides/proxy-server/s <pre> # Generate Private Key -openssl genrsa -out c13.libernodus.com.key 2048 +openssl genrsa -out core.privat-network.net.key 2048 </pre> <pre> # Create Certificate Signing Request -openssl req -new -key c13.libernodus.com.key -out c13.libernodus.com.csr +openssl req -new -key core.privat-network.net.key -out core.privat-network.net.csr </pre> <pre> # Sign Certificate -openssl x509 -req -days 3652 -in c13.libernodus.com.csr -signkey c13.libernodus.com.key -out c13.libernodus.com.cert +openssl x509 -req -days 3652 -in core.privat-network.net.csr -signkey core.privat-network.net.key -out core.privat-network.net.cert cat squid.key squid.crt > squid.pem @@ -56,7 +56,7 @@ chown -R squid.squid /var/lib/ssl_db # Proxy Aware (non-intercepted traffic) http_port 192.168.0.1:3128 ssl-bump cert=/etc/squid/example.com.cert key=/etc/squid/example.com.private generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE # Intercepted Traffic -https_port 192.168.0.1:3130 cert=/etc/squid/ssl/c13.libernodus.com.cert key=/etc/squid/c13.libernodus.com.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE +https_port 192.168.0.1:3130 cert=/etc/squid/ssl/core.privat-network.net.cert key=/etc/squid/core.privat-network.net.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE # SSL Bump Config diff --git a/tools/storage.html b/tools/storage.html index 121c802..97b73b0 100644 --- a/tools/storage.html +++ b/tools/storage.html @@ -6,28 +6,11 @@ </head> <body> - <a href="index.html">Systools Index</a> + <a href="index.html">Tools Index</a> <h1>Storage</h1> - <h2 id="mv">Moving partitions</h2> - - <pre> - var - (parted) mkpart primary ext4 57GiB 200GiB - </pre> - <pre> - swap - (parted) mkpart primary linux-swap 29GiB 57GiB - </pre> - <pre> - home - (parted) mkpart primary ext4 57GiB 200GiB - </pre> - <pre> - srv - (parted) mkpart primary ext4 200GiB 100% - </pre> + <h2 id="mv">1. Moving partitions</h2> <p>Reboot into single-user mode where services aren't started and networking is offline.<p> <pre> @@ -35,13 +18,16 @@ </pre> <p>Copy the data:</p> - cp -apx /srv/* /mnt/srv + + <pre> + # cp -apx /srv/* /mnt/srv + </pre> <p>Rename directory, for later backup;</p> <pre> - mv /srv /srv.old - mkdir /srv + # mv /srv /srv.old + # mkdir /srv </pre> <p>Edit the <a href="../conf/etc/fstab">/etc/fstab</a>file:</p> @@ -53,320 +39,7 @@ <p>Reboot in normal mode.</p> - <h2 id="lvm">1.2. LVM</h2> - - <p>Read <a href="https://raid.wiki.kernel.org/index.php/RAID_setup">Raid Setup</a>, - the only thing you will need outside system is: - "Patience, Pizza, and your favorite caffeinated beverage.". - <a href="https://wiki.archlinux.org/index.php/Software_RAID_and_LVM">Arch Wiki</a> - article about Sofware RAID and LVM.</p> - - <p>Basic idea behind RAID is to deal with independent disks - as an array of drives. Raid 0 uses two or more disks as one, - with performance gains without fault-tolerance. From raid 1 - to 6 they offer diferent fault tolerance mechanisms.</p> - - <p>LVM or Logic Volume Manager bring one more layer, read - <a href="http://www.tuxradar.com/content/lvm-made-easy">Lvm made easy</a>. - Partitions under lvm are easy to be resized, moved and there is - a tool to help encrypt. There is more freedom to name physical - disk names exp; production, development, backups...</p> - - - <p>Until now "from install" there is only one partition, - it is good idea to have a system with diferent partitions for each - propos. If is a "fresh install";</p> - - <pre> - # cd /iso/crux/opt/ - # pkgadd lvm2#2.02.107-1.pkg.tar.xz - # - </pre> - - <h3>Multiple Partition</h3> - - <p>Create a LVM partition, fdisk should - show something like this;</p> - - <pre> - # fdisk /dev/sdb - - Welcome to fdisk (util-linux 2.26.1). - Changes will remain in memory only, until you decide to write them. - Be careful before using the write command. - - - Command (m for help): p - Disk /dev/sdb: 232.9 GiB, 250059350016 bytes, 488397168 sectors - Units: sectors of 1 * 512 = 512 bytes - Sector size (logical/physical): 512 bytes / 512 bytes - I/O size (minimum/optimal): 512 bytes / 512 bytes - Disklabel type: gpt - Disk identifier: E37FE96F-9845-45A4-B6DA-BF3F8E47511A - - Device Start End Sectors Size Type - /dev/sdb1 2048 8056 6009 3M BIOS boot - /dev/sdb2 8192 18440191 18432000 8.8G Linux filesystem - - Command (m for help): - </pre> - - <p>I use defaults unless to define system partition last sector, - where in this example is size, +80G</p> - - <pre> - Command (m for help): n - Partition number (3-128, default 3): - First sector (8057-488397134, default 18440192): - Last sector, +sectors or +size{K,M,G,T,P} (18440192-488397134, default 488397134): +80G - - Created a new partition 3 of type 'Linux filesystem' and of size 80 GiB. - - Command (m for help): - - Command (m for help): t - Partition number (1-3, default 3): - Hex code (type L to list all codes): 23 - - Changed type of partition 'Linux filesystem' to 'Linux LVM'. - - Command (m for help): n - Partition number (4-128, default 4): - First sector (8057-488397134, default 186212352): - Last sector, +sectors or +size{K,M,G,T,P} (186212352-488397134, default 488397134): - - Created a new partition 4 of type 'Linux filesystem' and of size 144.1 GiB. - - Command (m for help): t - Partition number (1-4, default 4): - Hex code (type L to list all codes): 23 - - Changed type of partition 'Linux filesystem' to 'Linux LVM'. - - Command (m for help): w - The partition table has been altered. - Calling ioctl() to re-read partition table. - Syncing disks. - - # - </pre> - - <h3>Create Phisical Volume</h3> - - - <pre> - # pvcreate /dev/sdb3 - Physical volume "/dev/sdb3" successfully created - # - # pvcreate /dev/sdb4 - Physical volume "/dev/sdb4" successfully created - # - </pre> - - <h3>Create Volume Group</h3> - - <pre> - # vgcreate systemvg /dev/sdb3 - Volume group "systemvg" successfully created - # vgcreate homevg /dev/sdb4 - Volume group "homevg" successfully created - # - </pre> - - <h3>Create Logical Volume</h3> - - <pre> - # lvcreate -L 15G -n distfileslv systemvg - Logical volume "distfileslv" created. - # lvcreate -L 8G -n packageslv systemvg - Logical volume "packageslv" created. - # lvcreate -L 4G -n swaplv systemvg - Logical volume "swaplv" created. - # lvcreate -L 80G -n homelv homevg - Logical volume "homelv" created. - # - </pre> - - <pre> - # mkfs.ext4 /dev/systemvg/distfileslv - # mkfs.ext4 /dev/systemvg/packageslv - # mkswap /dev/systemvg/swaplv - # mkfs.ext4 /dev/homevg/homelv - </pre> - - <h3>Activate Deactivate</h3> - - <p>Deactivate logical volumes;</p> - - <pre> - # lvchange -a -n /dev/systemvg/packageslv - # lvchange -a -n /dev/systemvg/distfileslv - # swapoff /dev/systemvg/sawplv - # lvchange -a -n /dev/systemvg/swaplv - </pre> - - <p>Deactivate volume group;</p> - - <pre> - # vgchange -a n systemvg - 0 logical volume(s) in volume group "systemvg" now active - # - </pre> - - <p>Activate volume group;</p> - <pre> - # vgchange -a y systemvg - 3 logical volume(s) in volume group "systemvg" now active - # - </pre> - - <h3>Search Volume Groups</h3> - - <pre> - # vgscan - Reading all physical volumes. This may take a while... - Found volume group "homevg" using metadata type lvm2 - Found volume group "systemvg" using metadata type lvm2 - # - </pre> - - <h3>Reconfigure System</h3> - - <p>Start by mounting distfileslv and packageslv;</p> - - <pre> - # mkdir -p /var/ports/distfiles - # mkdir -p /var/ports/packages - # mkdir -p /var/ports/work - # mkdir -p /var/ports/pkgbuild - # chown -R pkgmk:pkgmk /var/ports - # - </pre> - - <pre> - # vim /etc/pkgmk.conf - - # PKGMK_SOURCE_MIRRORS=() - PKGMK_SOURCE_DIR="/var/ports/distfiles" - PKGMK_PACKAGE_DIR="/var/ports/packages" - PKGMK_WORK_DIR="/var/ports/work/$name - </pre> - - <p>Edit /etc/prt-get.conf;</p> - - <pre> - ### log options: - writelog enabled # (enabled|disabled) - logmode overwrite # (append|overwrite) - rmlog_on_success yes # (no|yes) - logfile /var/ports/pkgbuild/%n.log - </pre> - - <pre> - # - # /etc/fstab: static file system information - # - # <file system> <dir> <type> <options> <dump> <pass> - - UUID=49031e4e-f899-499d-ac83-401ad12635f5 / ext4 defaults,errors=remount-ro,noatime 0 1 - - #/dev/mapper/homevg-homelv: - UUID=c3158626-de78-4bfa-ab8a-9e7e157eca88 /home ext4 defaults,noatime 0 2 - - #/dev/mapper/systemvg-distfileslv: - UUID=0aba2d28-8e3a-4a89-bff5-1698708e13d0 /var/ports/distfiles ext4 defaults,noatime 0 2 - #/dev/mapper/systemvg-packageslv: - UUID=b5a38930-2827-4f00-809a-a0c4d5488aa8 /var/ports/packages ext4 defaults,noatime 0 2 - - #/dev/mapper/systemvg-swaplv: - UUID=08295a67-a056-4dea-9462-209f151e4cdf swap swap defaults 0 0 - devpts /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0 - tmp /tmp tmpfs defaults 0 0 - shm /dev/shm tmpfs defaults 0 0 - - pkgmk /var/ports/work tmpfs size=1G,uid=100,defaults 0 0 - # End of file - </pre> - - <p>You can move home directory to new one with - just one command; "usermod -m -d /home/new user".</p> - - <pre> - # mount /var/ports/distfiles - # mount /var/ports/packages - # umount /home/pkgmk/work - # mount /var/ports/work - # mv /home/pkgmk/distfiles/* /var/ports/distfiles/ - # mv /home/pkgmk/packages/* /var/ports/packages/ - # rm -R /home/pkgmk - # usermod -d /var/ports pkgmk - </pre> - - <p>Check ownership, you may need recursive if partition - has bin used on another system.</p> - - <pre> - # chown pkgmk:pkgmk /var/ports/distfiles - # chown pkgmk:pkgmk /var/ports/packages - # - </pre> - - <pre> - # mkdir /home/tmp - # mount /dev/homevg/homelv /home/tmp - # mv /home/user /home/tmp - # umount /home/tmp - # rmdir /home/tmp - # rm -R /home/user - </pre> - - <h2>Maintenance</h2> - - <pre> - # smartctl -t long /dev/sdb1 - # smartctl -a /dev/sdb1 | less - </pre> - - - <p><a href="https://wiki.archlinux.org/index.php/Badblocks">Non Destructive Test;</a></p> - - <pre> - # badblocks -nsv /dev/sdb1 - </pre> - - - <h2>Example gitolite volume</h2> - - <p>Lets create new lvm volume for repositories data;</p> - - <pre> - # lvcreate -L 15G -n gitlv homevg - Logical volume "gitlv" created. - - # mkfs.ext4 /dev/homevg/gitlv - mke2fs 1.42.12 (29-Aug-2014) - Creating filesystem with 3932160 4k blocks and 983040 inodes - Filesystem UUID: 54c7dca5-1558-4f90-8d81-c01e4e50c6ae - Superblock backups stored on blocks: - 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208 - - Allocating group tables: done - Writing inode tables: done - Creating journal (32768 blocks): done - Writing superblocks and filesystem accounting information: done - - # - </pre> - - <p>Edit fstab</p> - - <pre> - UUID=54c7dca5-1558-4f90-8d81-c01e4e50c6ae /srv/git ext4 defaults,noatime 0 2 - </pre> - - <h2 id="btrfs">1.3. BTRFS</h2> - - <a href="index.html">Systools Index</a> + <a href="index.html">Tools Index</a> <p> This is part of the c9-doc Manual. Copyright (C) 2016 |