Home | panticz.de

Welcome on panticz.de!

Read more about Welcome on panticz.de!

Terraform: Create LoadBalancer in OpenStack

provider "openstack" {
  cloud = "lab-admin"
  use_octavia = true
}
 
# data "template_file" "user_data" {
#   template = file("user-data.txt")
# }
 
data "template_file" "user_data" {
  template = <<EOF
#cloud-config
package_update: true
packages:
 - nginx
runcmd:
 - hostname -f | sudo tee /var/www/html/index.nginx-debian.html
 - id > /tmp/debug
EOF
}
 
variable "http_instance_names" {
  type = set(string)
  default = ["www1", "www2"]
}
 
resource "openstack_compute_instance_v2" "http" {
  for_each    = var.http_instance_names
  name        = each.key
 #name = "www${count.index + 1}"
 #count = 2
 image_name = "Ubuntu 20.04 minimal"
 flavor_name = "m1.small"
 key_pair = "lab-key"
 security_groups = ["default"]
 user_data = data.template_file.user_data.rendered
 
 network {
   name = "demo-net"
 }
}
 
data "openstack_networking_network_v2" "network_1" {
  name = "demo-net"
}
 
data "openstack_networking_subnet_v2" "subnet_1" {
  name = "demo-subnet"
  network_id = data.openstack_networking_network_v2.network_1.id
}
 
# Create loadbalancer
resource "openstack_lb_loadbalancer_v2" "http" {
  name          = "demo-lb1"
  vip_subnet_id = data.openstack_networking_subnet_v2.subnet_1.id
}

Read more about Terraform: Create LoadBalancer in OpenStack

OpenWRT: USB storage

https://openwrt.org/docs/guide-user/storage/usb-drives-quickstart

opkg update
opkg install kmod-usb-storage kmod-fs-ext4 fdisk e2fsprogs
opkg install rsync
 
# deinstall
opkg remove ppp-mod-pppoe ppp kmod-pppoe kmod-pppox kmod-ppp
 
# OPTIONAL: remove webinterface
opkg remove "luci-*"   #run multiple times
opkg remove uhttpd

Read more about OpenWRT: USB storage

OpenWRT Wireguard server

OpenWrt server
https://openwrt.org/docs/guide-user/services/vpn/wireguard/client

Read more about OpenWRT Wireguard server

Terraform: OpenStack

OpenStack Providery
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs

# Configure the OpenStack Provider
provider "openstack" {
  user_name   = "admin"
  tenant_name = "admin"
  password    = "pwd"
  auth_url    = "http://myauthurl:5000/v2.0"
  region      = "RegionOne"
}
 
# cloud.yaml
provider "openstack" {
  cloud      = "dev-foo"
}

Router
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_router_v2

resource "openstack_networking_router_v2" "router_1" {
  name       = "foo-router"
  external_network_id = "88934cac-8d55-40d5-8ff9-bde65011741d"
}
 
resource "openstack_networking_router_interface_v2" "terraform" {
  router_id = openstack_networking_router_v2.router_1.id
  subnet_id = openstack_networking_subnet_v2.subnet_1.id
}

Compute
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/compute_instance_v2

Read more about Terraform: OpenStack

nextcloud

# install nextcloud with snap
snap install nextcloud
 
sudo snap enable nextcloud
sudo snap disable nextcloud
 
# set domain
nextcloud.occ config:system:set trusted_domains 0 --value="nextcloud.example.com"

User
https://docs.nextcloud.com/server/15/admin_manual/configuration_server/occ_command.html#file-operations-label

# create user
export OC_PASS=pass1234
nextcloud.occ user:add --display-name "Foo Bar" --group=bar --password-from-env foo

Email

# create email
nextcloud.occ mail:account:create fobr "Foo Bar" foo.bar@example.com imap.example.com 143 off foo.bar pass1234 smtp.example.com 25 off foo.bar pass1234

Files
https://docs.nextcloud.com/server/15/admin_manual/configuration_server/occ_command.html#file-operations-label

# path
/var/snap/nextcloud/common/nextcloud/data/admin/file
 
# rescan files
nextcloud.occ files:scan --path=admin
nextcloud.occ files:scan --all
 
# external files
nextcloud.occ files_external:list
sudo snap connect nextcloud:removable-media

Calendar

Read more about nextcloud

cloud-config

Network
https://cloudinit.readthedocs.io/en/latest/topics/network-config-format-v1.html

user.network-config: |
version: 1
config:
    - type: physical
    name: dev-mgmt
    subnets:
        - type: static
        address: 10.33.20.40/20
        gateway: 10.33.16.1
        dns_nameservers:
            - 10.8.3.74
            - 10.8.3.174
        dns_search:
            - dev.i.example.com
        routes:
            - gateway: 10.33.16.1
            network: 10.33.0.0/16
    - type: physical
    name: dev-ipmi
    subnets:
        - type: static
        address: 10.32.20.40/20
        gateway: 10.32.16.1

network:
  version: 1
  config:
  - type: physical
    name: eth0
    subnets:
      - type: dhcp

Links
https://cloudinit.readthedocs.io/en/latest/topics/examples.html
https://www.digitalocean.com/community/tutorials/how-to-use-cloud-config-for-your-initial-server-setup

Read more about cloud-config

Launch QEMU Virtual Machines with LXD

Since version 4.0 LXD also natively supports virtual machines and thanks to a built-in agent, they can be used almost like containers.

lxc image list images: | grep VIRTUAL-MACHINE
 
lxc launch images:ubuntu/21.04 vm2104 --vm
lxc launch images:ubuntu/21.04/cloud vm2104c --vm

Links
https://linuxcontainers.org/lxd/getting-started-cli/#launch-a-virtual-machine

Read more about Launch QEMU Virtual Machines with LXD

Microsoft teams under Linux / Ubuntu

Install Microsoft Teams

wget https://packages.microsoft.com/keys/microsoft.asc -qO-| sudo apt-key add -
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" > /etc/apt/sources.list.d/teams.list'
sudo apt update
sudo apt install -y teams

Ansible

cat <<EOF> /tmp/teams.yml
---
- hosts: localhost
  tasks:
    - name: Add teams APT key
      apt_key:
        url: https://packages.microsoft.com/keys/microsoft.asc
      become: yes
 
    - name: Add teams repository
      apt_repository:
        repo: "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main"
      become: yes
 
    - name: Install teams
      apt:
        update_cache: yes
        name: teams
      become: yes
EOF
 
ansible-playbook /tmp/teams.yml --ask-become-pass

Install by snap

sudo snap install teams

2Factor authentification
# Google Authentificaor
https://mysignins.microsoft.com/security-info
https://blog.paranoidpenguin.net/2018/06/office-365-multi-factor-authentication-with-google-authenticator/

# Microsoft Authenticator for Android
https://play.google.com/store/apps/details?id=com.azure.authenticator

Webclient
https://teams.microsoft.com

Links
https://docs.microsoft.com/de-de/microsoftteams/get-clients

Read more about Microsoft teams under Linux / Ubuntu

ufw

ufw status
ufw enable
 
sudo ufw allow 22/tcp
sudo ufw allow 4500/udp
ufw start
 
sudo ufw deny 41194/udp
 
ufw app list
ufw status
ufw status numbered
ufw delete 1

Links
https://linuxconfig.org/how-to-delete-ufw-firewall-rules-on-ubuntu-18-04-bionic-beaver-linux

Read more about ufw

Subscribe to