warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/ on line 33.


# Network configuration

# show release
cat /etc/redhat-release

# update packages
yum update
yum upgrade -y

# install ssh
yum install -y openssh-server

# allow sudo for a user
usermod -a -G wheel

# PHP 5.6 on CentOS 7

# Nework configuration
vi /etc/sysconfig/network-scripts/ifcfg-eth0

Install SonarQube

wget -O - | bash -


# install Java
wget -q --no-check-certificate -O - | bash -

# install SonarQube
echo "deb binary/" > /etc/apt/sources.list.d/sonar.list
sudo apt-get update
sudo apt-get install -y --force-yes sonar

# autostart SonarQube
sudo update-rc.d sonar defaults


tail -f /opt/sonar/logs/sonar.log


Install SSH VPN server

export CONTAINER=vpn

# create container
# TODO: configure MAC on create container
wget -q --no-check-certificate -O - | bash -s -- -f

# configure container MAC address
sed -i 's| = .*| = 00:11:22:33:44:5e|' /var/lib/lxc/${CONTAINER}/config

# enable autostart
echo " = 1" | tee -a /var/lib/lxc/${CONTAINER}/config

# configure container
##echo "lxc.hook.autodev=/var/lib/lxc/vpn/autodev" >> /var/lib/lxc/${CONTAINER}/config

LXC: create Ubuntu Trusty container

wget -q --no-check-certificate -O - | bash -s


[ -z ${CONTAINER} ] && CONTAINER=trusty

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}

# create container
sudo lxc-create -t ubuntu -n ${CONTAINER} -- template-options -r trusty $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

Allow root SSH login with password
sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sed -i 's|PasswordAuthentication no|PasswordAuthentication yes|' /etc/ssh/sshd_config
service ssh restart

Debian: Install MariaDB

wget -O - | bash -


apt-get install python-software-properties

apt-key adv --recv-keys --keyserver 0xcbcb082a1bb943db
add-apt-repository 'deb wheezy main'
apt-get update

apt-get install -y mariadb-server

DMA (Dragonfly Mail Agent)

# ansible role

# preconfigure
echo "dma dma/relayhost string" | debconf-set-selections
echo "dma dma/mailname string $(hostname -f)" | debconf-set-selections

# install
apt-get install -y dma

# configure relayhost
echo "user|smarthost:password" >> /etc/dma/auth.conf

# send testmail
echo "This is a test message from ${USER}@$(hostname -f) at $(date)" | /usr/sbin/sendmail

Configuration files
# /etc/dma/dma.conf
AUTHPATH /etc/dma/auth.conf

Use ecrypted home directory and sshuttle

sudo apt-get install -y ecryptfs-utils sshuttle

sudo adduser --encrypt-home foo

ecryptfs-mount-private foo

sudo usermod -aG sudo foo

su - foo
sshuttle --dns --remote -x

LXC: Installation under Ubuntu / Debian

wget --no-check-certificate -O - | bash -


# ensure that this script is run by root
if [ $(id -u) -ne 0 ]; then
  sudo $0

# install lxc
apt-get install -y software-properties-common
add-apt-repository -y ppa:ubuntu-lxc/lxd-stable

# fix dist name
for FILE in $(find /etc/apt/sources.list.d/ -name "*lxc*.list"); do
  sed -i 's|jessie|trusty|g;s|utopic|trusty|g' ${FILE}

apt-get update
apt-get install -y lxc lxcfs python-lxc

if [ "$1" == "-b" ]; then
  # install required packages
  apt-get install -y bridge-utils

  # disable auto configuration for eth0
  sed -i 's|auto eth0|#auto eth0|g' /etc/network/interfaces
  sed -i 's|iface eth0 inet dhcp|#iface eth0 inet dhcp|g' /etc/network/interfaces

# create network bridge
cat <<EOF>> /etc/network/interfaces
auto lxcbr0
iface lxcbr0 inet dhcp
  bridge_ports eth0

  # disable auto configuration for network bridge by lxc
  [ -f /etc/default/lxc-net ] && sed -i 's|USE_LXC_BRIDGE="true"|USE_LXC_BRIDGE="false"|g' /etc/default/lxc-net
  # disable network managed by NetworkManager when installed
  [ -f /etc/NetworkManager/NetworkManager.conf ] && sed -i 's|managed=true|managed=false|g' /etc/NetworkManager/NetworkManager.conf

# allow all user to list the containers
[ -d /etc/sudoers.d/ ] && echo "ALL ALL=NOPASSWD: /usr/bin/lxc-ls" >> /etc/sudoers.d/lxc

# install under Debian Jessie
apt-get install bridge-utils
wget -q --no-check-certificate -O - | bash -s -- -b
#wget -P /tmp/
#dpkg -x /tmp/lxc_1.0.7-0ubuntu0.2_amd64.deb /tmp/
#cp -a /tmp/etc/* /etc/

# Check kernel configuration

GitLab: Web-based Git repository manager


# restart gitlab
gitlab-ctl restart

# git home directory

Reset admin password
# change root password
sudo gitlab-rails console
user = User.where(id: 1).first
user.password = user.password_confirmation ='xxx'!

Gitlab settings API
curl --header "PRIVATE-TOKEN: 11112222333344445555"

Disalbe register / Singup

Syndicate content