This is an old revision of the document!
# fde1: http://www.brunoparmentier.be/blog/how-to-install-arch-linux-on-an-encrypted-btrfs-partition.html # fde2: http://danynativel.com/blog/2013/02/10/archlinux-installation-guide-on-encrypted-ssd/ # https://bbs.archlinux.org/viewtopic.php?pid=1187153#p1187153 gdisk /dev/sda cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random --verify-passphrase luksFormat /dev/sda2 cryptsetup luksOpen /dev/sda2 root mkfs.btrfs /dev/mapper/root wifi-menu mount /dev/mapper/root /mnt pacstrap /mnt base base-devel tmux mosh wipe rsync procps neovim lsof strace htop net-tools pkgfile dnsutils iotop aria2 tcpdump nload btrfs-progs ntp wget acpid alsa-utils cups curl eog evince ffmpeg firefox gedit gimp git vinagre gvfs-mtp gvfs-smb nautilus openvpn gparted pidgin plowshare youtube-dl pulseaudio qt5-wayland samba sigil virt-manager wireshark-gtk unbound unrar unzip valgrind vlc wine-mono winetricks xorg-server-xwayland sshfs efibootmgr ttf-dejavu mpv acpi pm-utils ntfs-3g pavucontrol gnome-disk-utility bluez-utils conky pwgen libreoffice-fresh linux-headers minicom android-udev ansible mlocate terminus-font fail2ban pulseaudio-bluetooth udisks sway pv otf-ipafont xdg-utils devtools atom qpdfview termite brightnessctl nextcloud-client py3status arch-audit grim fragments fish swaylock slurp pdfarranger nftables grc time foliate vlc-bittorrent brightnessctl depot-tools-git downgrade signal-desktop ocenaudio-bin smloadr soulseekqt ttf-font-awesome wcalc anbox-git krop zeronet id3ted redshift-wlr-gamma-control-git split2flac r128gain foo2zjs-nightly tor-browser-en venom pkgbuild-introspection iwd rofi-wifi-menu-git wl-clipboard librewolf pacaur ripgrep bat fd gnome-passwordsafe wf-recorder ln -s /usr/lib/udev/rules.d/51-android.rules /etc/udev/rules.d genfstab -p /mnt >> /mnt/etc/fstab mount /dev/sda1 /mnt/boot arch-chroot /mnt chsh -s $(which fish) sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config sed -i 's/^#?SystemMaxUse=.*$/SystemMaxUse=200M/g' /etc/systemd/journald.conf sed -i 's/^#Color/Color/g' /etc/pacman.conf mkdir /etc/pacman.d/hooks ln -s /usr/share/libalpm/hooks/30-systemd-daemon-reload.hook /etc/pacman.d/hooks/ echo "http-pub2" >> /etc/hostname timedatectl set-timezone Europe/Berlin sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen locale-gen localectl set-locale LANG=en_US.UTF-8 echo "KEYMAP=de" > /etc/vconsole.conf mkinitcpio -p linux bootctl install passwd useradd -m onny -s /usr/bin/fish passwd onny usermod -a -G sudo onny updatedb timedatectl set-ntp true mkdir -p /etc/systemd/system/getty@tty1.service.d ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf systemctl enable --now NetworkManager nftables fail2ban iwd exit reboot # gpasswd -a onny lock # gpasswd -a onny uucp gpasswd -a onny adbusers # mtp support gpasswd -a onny storage # polkit-rule mount hdds
# Static information about the filesystems. # See fstab(5) for details. /dev/mapper/root / btrfs rw,relatime,ssd,space_cache,subvolid=5,subvol=/ 0 0 UUID=4a8c7d1d-5839-429b-9c85-3cb6046c8b21 /boot ext2 rw,relatime,stripe=4 0 2 # <file system> <dir> <type> <options> <dump> <pass>
[...] GRUB_CMDLINE_LINUX="cryptdevice=UUID=17987958-47c1-4566-b56b-83e527d4929b:root:allow-discards" [...]
[NetDev] Name = wg0 Kind = wireguard Description = Wireguard [WireGuard] PrivateKey = **** [WireGuardPeer] PublicKey = **** AllowedIPs = 10.25.0.0/16 Endpoint = 2a01:4f8:191:327::2:51820 Endpoint = 144.76.16.40:51820 PersistentKeepalive = 25
[Match] Name = wg0 [Network] Address = 10.25.40.2/16 DNS=10.25.0.1 DNSSEC=false
[Match] Name = eno1 [Network] DHCP=yes DNS=10.25.0.1 DNSSEC=false
[Match] Name = wlan0 [Network] DHCP=yes DNS=10.25.0.1 DNSSEC=false
[Match] Name = wlp3s0 [Network] DHCP=yes DNS=10.25.0.1 DNSSEC=false
[NetDev] Name=tornet Kind=bridge
[Match] Name=tornet [Network] Address=10.100.100.1/24 ConfigureWithoutCarrier=true
systemctl enable --now systemd-networkd systemd-resolved
table inet filter { set tcp_accepted { type inet_service flags interval } set udp_accepted { type inet_service flags interval } chain base_checks { ct state { established, related } accept ct state invalid drop } chain input { type filter hook input priority filter; policy drop; jump base_checks iifname "lo" accept ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept tcp dport @tcp_accepted accept udp dport @udp_accepted accept iifname "tornet" tcp dport 9040 accept # tornet routing iifname "tornet" udp dport 5353 accept # tornet routing reject } chain forward { type filter hook forward priority filter; policy drop; jump base_checks iifname "tornet" oifname "wlan0" ip protocol tcp accept # tornet routing iifname "tornet" oifname "wlan0" udp dport 53 accept # tornet routing } chain output { type filter hook output priority filter; policy accept; } } # nat tables for tornet network interface table ip nat { chain prerouting { type nat hook prerouting priority dstnat; policy accept; iifname "tornet" udp dport 53 dnat to 127.0.0.1:5353 iifname "tornet" ip protocol tcp dnat to 127.0.0.1:9040 } chain postrouting { type nat hook postrouting priority srcnat; policy accept; oifname "wlan0" ip saddr 10.100.100.0/24 masquerade } }
project-insanity build server repo
[...] [projectinsanity] SigLevel = PackageOptional Server = https://onny.project-insanity.org/archlinux
autoupdate
[Unit] Description=Automatic Update After=network-online.target [Service] Type=simple ExecStart=/usr/bin/pacman -Syuq --noconfirm --needed --noprogressbar TimeoutStopSec=180 KillMode=process KillSignal=SIGINT [Install] WantedBy=multi-user.target
[Unit] Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes [Timer] OnBootSec=5min OnUnitActiveSec=60min Unit=autoupdate.service [Install] WantedBy=multi-user.target
systemctl enable --now autoupdate.timer
[Unit] Description=Automatic Nextcloud file sync After=network-online.target [Service] Type=simple ExecStart=/usr/bin/nextcloudcmd -h -n --exclude /home/onny/.nextcloud/sync-exclude.lst /home/onny/. https://nextcloud.project-insanity.org/remote.php/webdav/ TimeoutStopSec=180 KillMode=process KillSignal=SIGINT [Install] WantedBy=multi-user.target
[Unit] Description=Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 60 minutes [Timer] OnBootSec=5min OnUnitActiveSec=60min Unit=nextcloud_autosync.service [Install] WantedBy=multi-user.target
default login onny password ****
projects .cache .config .local .cargo .nvm .mozilla .purple .jd .conan .tor-browser-en
sudo systemctl enable --user --now nextcloud_autosync.timer
hack to power on bluetooth after waking up from suspend:
[Unit] Description=Local system resume actions After=suspend.target [Service] Type=simple ExecStart=/usr/bin/btmgt power on [Install] WantedBy=suspend.target
Unit] Description=Power on bluetooth on startup [Service] ExecStart=/usr/bin/btmgmt power on [Install] WantedBy=multi-user.target
sudo systemctl enable root-resume activate_bt
firefox addons
ublock origin, https everywhere, cookie auto delete
repos
flatpak remote-add --if-not-exists gnome https://sdk.gnome.org/gnome.flatpakrepo flatpak remote-add --if-not-exists tingping https://dl.tingping.se/flatpak/tingping.flatpakrepo flatpak remote-add --from gnome-apps https://sdk.gnome.org/gnome-apps.flatpakrepo
apps
flatpak install --from http://download.documentfoundation.org/libreoffice/flatpak/latest/LibreOffice.flatpak flatpak install tingping io.github.TransmissionRemoteGtk flatpak install --from https://s3.amazonaws.com/alexlarsson/spotify-repo/spotify.flatpakref flatpak install gnome-apps org.gnome.gedit flatpak install gnome-apps org.gnome.evince flatpak install --from https://firefox-flatpak.mojefedora.cz/firefox-devedition.flatpakref
sway
udisks --mount /dev/sda3 udisks --mount /dev/sda2 alias snipping_tool='grim -g ('slurp') ('date').png' alias nmap="grc nmap" redshift -m wayland & firejail brave --ignore-gpu-blacklist & dunst & firejail --net=tornet whatsapp-web-desktop & firejail --net=tornet signal-desktop &
[...] set $term termite [...] set $menu dmenu_run [...] #output * bg /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png fill [...] input "1:1:AT_Translated_Set_2_keyboard" { xkb_layout de xkb_variant ,nodeadkeys xkb_options grp:alt_shift_toggle } [...] # # Workspaces: # workspace_auto_back_and_forth yes # Fancy names for workspaces set $w1 1: brave set $w2 2: signal set $w3 3: whatsapp set $w4 4 set $w5 5 set $w6 6 set $w7 7 set $w8 8 set $w9 9 set $w10 10 # switch to workspace bindsym $mod+1 workspace $w1 bindsym $mod+2 workspace $w2 bindsym $mod+3 workspace $w3 [...] bar { status_command py3status font pango:Source Sans Pro, FontAwesome 8 #tray_output primary strip_workspace_numbers yes } input "2:7:SynPS/2_Synaptics_TouchPad" { tap enabled } bindsym XF86AudioRaiseVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5% bindsym XF86AudioLowerVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5% bindsym XF86AudioMute exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle bindsym XF86MonBrightnessDown exec brightnessctl set 5%- bar { status_command py3status font pango:Source Sans Pro, FontAwesome 8 #tray_output primary strip_workspace_numbers yes } input "2:7:SynPS/2_Synaptics_TouchPad" { tap enabled } bindsym XF86AudioRaiseVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5% bindsym XF86AudioLowerVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5% bindsym XF86AudioMute exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle bindsym XF86MonBrightnessDown exec brightnessctl set 5%- bar { status_command py3status font pango:Source Sans Pro, FontAwesome 8 #tray_output primary strip_workspace_numbers yes } input "2:7:SynPS/2_Synaptics_TouchPad" { tap enabled } bindsym XF86AudioRaiseVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5% bindsym XF86AudioLowerVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5% bindsym XF86AudioMute exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle bindsym XF86MonBrightnessDown exec brightnessctl set 5%- bindsym XF86MonBrightnessUp exec brightnessctl set 5%+ bindsym XF86Sleep exec systemctl suspend bindcode 244 exec swaylock -i /home/onny/pictures/lockbg.jpg --scaling fill bindcode 156 exec ~/.config/sway/toggle-btaudio.sh # # Assign windows to workspaces # assign [class="brave-browser"] → $w1 assign [class="Signal"] → $w2 assign [class="whats-app"] → $w3 exec ~/.config/sway/startup.sh [...]
dunst
[global] font = lemon 10 allow_markup = yes format = "%s\n%b" sort = yes indicate_hidden = yes alignment = left bounce_freq = 0 show_age_threshold = 60 word_wrap = yes ignore_newline = no geometry = "300x10-10+48" transparency = 20 show_indicators = yes idle_threshold = 120 monitor = 0 follow = mouse sticky_history = yes line_height = 5 separator_height = 0 padding = 10 horizontal_padding = 10 separator_color = #bfbfbf startup_notification = false browser = /usr/bin/firefox -new-tab icon_position = left icon_folders = /usr/share/icons/Notifications [frame] color = "#000000" width = 0 [shortcuts] close = ctrl+space close_all = ctrl+shift+space context = ctrl+shift+period history = ctrl+shift [urgency_low] background = "#ffffff" foreground = "#282828" timeout = 5 [urgency_normal] background = "#ffffff" foreground = "#282828" timeout = 5 [urgency_critical] background = "#ffffff" foreground = "#000000" timeout = 5 [ignore1] appname = pa-applet format = "" [ignore2] summary = Volume down notification format = "" [ignore3] summary = Volume up notification format = "" [ignore4] summary = Volume muted notification format = ""
firejail
# Firejail profile for brave # This file is overwritten after every install/update # Persistent local customizations include /etc/firejail/brave.local # Persistent global definitions include /etc/firejail/globals.local noblacklist ${HOME}/.config/BraveSoftware # brave uses gpg for built-in password manager noblacklist ${HOME}/.gnupg mkdir ${HOME}/.config/BraveSoftware whitelist ${HOME}/.config/BraveSoftware whitelist ${HOME}/.gnupg # noexec /tmp is included in chromium-common.profile and breaks Brave ignore noexec /tmp # Redirect include /etc/firejail/chromium-common.profile
# Firejail profile for signal-desktop # This file is overwritten after every install/update # Persistent local customizations include /etc/firejail/signal-desktop.local # Persistent global definitions include /etc/firejail/globals.local noblacklist ${HOME}/.config/Signal noblacklist ${HOME} # hack include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc mkdir ${HOME}/.config/Signal whitelist ${DOWNLOADS} whitelist ${HOME}/.config/Signal whitelist ${HOME} # hack include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc caps.drop all netfilter nodvd nogroups nonewprivs noroot notv protocol unix,inet,inet6,netlink #seccomp #shell none disable-mnt private-dev #private-tmp #noexec ${HOME}
noblacklist ~/.config mkdir ~/.config whitelist ~/.config noblacklist /opt/Whatsapp whitelist /opt/Whatsapp include /etc/firejail/whitelist-common.inc include /etc/firejail/default.profile include /etc/firejail/electron.local
brave
echo kernel.unprivileged_userns_clone = 1 | sudo tee /etc/sysctl.d/00-local-userns.conf
fish config
export QT_QPA_PLATFORM=wayland-egl export GDK_BACKEND='wayland,x11' export CLUTTER_BACKEND=wayland export XKB_DEFAULT_LAYOUT=de export TERMINAL=termite export EDITOR=vim export BROWSER=firefox export XDG_SESSION_TYPE=wayland export XDG_DESKTOP_DIR="/home/onny" export XDG_DOWNLOAD_DIR="$HOME/downloads" export ELECTRON_TRASH=gio [[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && exec dbus-launch sway
snipping tool
if [ "$1" = "-v" ]; then wf-recorder -g "$(slurp)" -f "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_wf-recorder.mp4')" else slurp | grim -g - - | wl-copy && wl-paste > "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_grim.png')" fi
set extra capabilities for process
sudo setcap 'CAP_NET_BIND_SERVICE=+ep' /usr/bin/maddy
directory permissions
namei -l /mnt/external/audio
use acl to grant permission to files for specific user
setfacl -R -m u:maddy:rX /etc/ssl/example.org.crt /etc/ssl/example.org.key
pgrep get process pid by process name
$ pgrep sw3
30636
set system time
timedatectl set-time "2014-05-26 11:13:54"
git checkout aur package
git clone ssh://aur@aur.archlinux.org/pkgbase.git
update checksums inplace
updpkgsums
building a package in a clean dev chroot, path for pacman conf /usr/share/devtools/pacman-extra.conf
cd <package-patch> ls PKGBUILD extra-x86_64-build # -c for cleaning up chroot. ~/chroot/root is a btrfs subvolume and has to be removed with btrfs! extra-x86_64-build -- -I ~/packages/foobar/foobar-2-1-any.pkg.tar.xz
advanced chroot with own packages preinstalled
mkdir ~/chroot export CHROOT=$HOME/chroot mkarchroot $CHROOT/root base-devel arch-nspawn $CHROOT/root pacman -Syu # updating it makechrootpkg -r $CHROOT -I package-1.0-1-i686.pkg.tar.xz # -c for clean chroot # repackage: makechrootpkg -r /home/onny/chroot -- -R
cheap python virtualenv
mkdir path ln -s /usr/bin/python2 path/python export PATH="$srcdir/path:$PATH"
abs deprecated, using asp
asp export linux
Installation von Lizenzdateien:
install -D "LICENSE.txt" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
Installation von Systemd-Units:
install -Dm644 "${srcdir}/btlive.service" "${pkgdir}/usr/lib/systemd/system/btlive.service"
Installation von Docs:
install -Dm644 README.md "$pkgdir/usr/share/doc/$pkgname/README.md"
Installation von Tmpfiles:
install -Dm644 "wallace/wallace.tmpfiles.d.conf" "${pkgdir}/usr/lib/tmpfiles.d/wallace.conf"
Installation von Libs:
install -m644 libdouble-conversion.so.0.0.0* "${pkgdir}/usr/lib/"
do not strip binary files
options=('!strip')
Installation von ausführbare Dateien:
install -Dm755 shareLinkCreator "${pkgdir}/usr/bin/sharelinkcreator"
Nginx/Apache Template-Dateien:
if [[ -n $(which httpd 2> /dev/null) ]]; then backup=('etc/httpd/conf/extra/owncloud.conf') fi package(){ # install apache .conf file if apache is installed if [[ -n $(which httpd 2> /dev/null) ]]; then install -d $pkgdir/etc/httpd/conf/extra install -m 644 $srcdir/owncloud.conf $pkgdir/etc/httpd/conf/extra/ fi }
Zielname der Quelldatei ändern:
source=("$pkgname-$pkgver.tar.gz::https://gitlab.com/gitlab-org/gitlab-ce/repository/archive?ref=v${pkgver}")
Architekturabhängige Build-Anweisung
build() { cd "${srcdir}/oclHashcat" if [[ "$CARCH" = "x86_64" ]]; then make cudaHashcat64.bin else make cudaHashcat32.bin fi make nv_all }
pkgver git
pkgver() { cd "mail" #git describe --long | sed 's/\([^-]*-g\)/r\1/;s/-/./g' git log -1 --format=%cd.%h --date=short|tr -d - }
Common install file example
post_install() { mkdir /var/lib/zabbix getent group lool > /dev/null || groupadd -r lool > /dev/null getent passwd lool > /dev/null || useradd lool > /dev/null chown -R lool:lool /var/cache/loolwsd \ /opt/lool/child-roots } post_remove() { userdel -rf lool groupdel lool }
in pkgbuild reference
install="libreoffice-online-bin.install"
install packages into build container
arch-chroot /var/lib/aurbuild/x86_64/root pacman -S git pacman --root=/var/lib/aurbuild/x86_64/root -S git
add gpg key into build container
sudo -u aur gpg --recv-keys EB774491D9FF06E2
rebuild prebuild package and add to custom AUR repo
fakepkg webkitgtk2 sudo -u aur repo-add /var/cache/pacman/aur/aur.db.tar /tmp/webkitgtk2-3:2.4.11-16-x86_64.pkg.tar.xz cp /tmp/webkitgtk2-3:2.4.11-16-x86_64.pkg.tar.xz /var/cache/pacman/aur
Example session bluetoothctl
# bluetoothctl [bluetooth]# default-agent [bluetooth]# scan on [bluetooth]# pair 00:12:34:56:78:90 [bluetooth]# connect 00:12:34:56:78:90
pipe stderr to stdout
command 2>&1 >/dev/null | grep 'something'
pipe stderr and stdout both to a file
command &> error_log
locate pacnew files
find /etc -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null
or search entire disk
find / -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null
swapfile=$(losetup -f) #free loop device truncate -s 8G /swap #create 8G sparse swap file losetup $swapfile /swap #mount file to loop mkswap $swapfile swapon $swapfile
search library availability in system, print file paths
ldconfig -p | grep blas
pacman -S arch-install-scripts btrfs subvol create /var/lib/container/archlinux-base mkdir /etc/systemd/nspawn pacstrap /var/lib/container/archlinux-base base base-devel systemctl enable --now systemd-networkd systemd-resolved systemd-nspawn --boot -nD /var/lib/machines/archlinux-nextcloudcli --template=/var/lib/container/archlinux-base systemctl start systemd-nspawnd@archlinux-nextcloudcli machinectl shell root@archlinux-nextcloudcli /bin/bash -c "systemctl enable --now systemd-networkd systemd-resolved"
quit / exit / kill container: Hold Ctrl
press ]
three times
set environment
[Unit] Description=PiRadio After=network-online.target After=bluetooth.service [Service] Environment="XDG_RUNTIME_DIR=/run/user/1001" Type=simple User=piradio WorkingDirectory=/usr/lib/piradio ExecStartPre=/bin/sleep 5 ExecStart=/usr/lib/piradio/piradio Restart=on-abort [Install] WantedBy=multi-user.target WantedBy=network-online.target
grep kernel config running system
zcat /proc/config.gz | grep VDSO
unset history
fish --private
lzma hado compression and extraction
tar -c --lzma -f my_archive.tar.lzma /some_directory tar -x --lzma -f my_archive.tar.lzma
run script verbose
sh -x scripname.sh
cheap python virtualenv
mkdir path ln -s /usr/bin/python2 path/python export PATH="$srcdir/path:$PATH"
get process runtime by pid, where pid is 1234 in this example
ps -o etime= -p "1234"
write command output to file and to stdout (python -u for unbuffered output)
python3 -u sperrmuell.py 2>&1 | tee sperrmuell_ka.csv
recurseviley rename string
find . -type f -print0 | xargs -0 sed -i 's/twentytwelve/projectinsanity/g'
overwrite LD_LIBRARY_PATH
LD_LIBRARY_PATH="/home/onny/projects/onlyoffice-documentserver/src/DocumentServer-ONLYOFFICE-DocumentServer-5.2.7/core/build/lib/linux_64/:$LD_LIBRARY_PATH" ./AllFontsGen
compare command line argument to string
#!/bin/bash if [ "$1" = "-v" ]; then wf-recorder -g "$(slurp)" -f "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_wf-recorder.mp4')" else slurp | grim -g - - | wl-copy && wl-paste > "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_grim.png')" fi
file exists
if [ ! -f /tmp/foo.txt ]; then echo "File not found!" fi
program exit
exit 0 # okay exit 1 # fail
receive signal bash
trap_with_arg() { func="$1" ; shift for sig ; do trap "$func $sig" "$sig" done } func_trap() { echo "Trapped: $1" } trap_with_arg func_trap INT TERM EXIT echo "Send signals to PID $$ and type [enter] when done." read # Wait so the script doesn't exit.
check file checksum
echo "$SHA256SUM $FILE" \ | sha256sum -c if [ $? != 0 ]; then echo 'checkra1n checksum is not valid' exit 1 fi
launcher or wrapper: pass arguments into script
FILE=/tmp/checkra1n-0.12.4-beta chmod +x $FILE $FILE "$@"
Mit sed inplace eine Zeile zu einer Datei hinzufügen:
sed -i '9i#include <algorithm>' liboffsetfinder64/vmem.cpp
add to end of file
sed -i -e '$aretry $@' retry.sh </bash> Comment out specific line matching a string <code bash> sudo sed -e '/pam_securetty.so/ s/^#*/#/' -i delugecontainer/etc/pam.d/login
comment out multiple lines / range
sed -i "28,33 s/# *//" autogen.sh
regex parse value of xml tags
sed -n 's/.*<id>\(.*\)<\/id>.*/\1/p' myfile.txt
delete multiple lines
sed -i '2,3d;5d;8d' file
regex match group
grep -Po "(?<=Version: )([0-9]|\.)*(?=\s|\$)" style.css
search for all files with specific extension in directory /
fd --type f -e fm . /
zip all files with specific file extension
fd -t f -e fm . / | zip source -@
file creation timespan
fd --type f -e pdf --change-newer-than "2020-09-09" --changed-before "2020-10-01" .
filter file type
rg GPIO_CFG_2MA -g '*.h'
post data
curl --data "UserId=eb8c2ec5352843d3a16ca11c26d3551c&Name=lolorollo&api_key=a5dc4e***9c9e0a***3" "https://turbotux.de/Playlists?UserId=eb8c2ec5352843d3a16ca11c26d3551c&Name=lolorollo&api_key=a5***d***9e0***3"
download and extract archive
curl http://wordpress.org/latest.tar.gz | tar xvz
set host header
torify curl --header "Host: http.pi" blog.project-insanity.org
specific ports
tcpdump -i eth0 -q '(tcp port 80) or (tcp port 443)' -A
exclude specific host
tcpdump -i eth0 -q '(ip or ip6) and (tcp port 80) or (tcp port 443) and not host ifconfig.co' -A
diff -u original.c new.c > original.patch patch < original.patch # patch -p0 < original.patch # patch -p1 -i packaging-fix.patch
git commit -am "meine änderungen" git format-patch "HEAD^"
custom ssh port
rsync -rvz -e 'ssh -p 2222' --progress --remove-sent-files ./dir user@host:/path
parallel, threaded
ls -1 | parallel rsync -a {} /destination/directory/
SSH public key deployen
ssh-copy-id alarm@10.0.0.2
local port forwarding to remote
ssh -R 0.0.0.0:8096:localhost:8096 onny@example.com
[...] GatewayPorts yes [...]
netcat
netcat -l 4444
netcat playground.pi 4444
nft list ruleset
nft flush ruleset
nft -f ruleset.nft
display handles, insert rule at position
nft -a list ruleset nft add rule inet filter input position 17 tcp dport "{http, https}" accept nft delete rule inet filter input handle 23
disable ipv6
sysctl net.ipv6.conf.all.disable_ipv6=1 sysctl net.ipv6.conf.default.disable_ipv6=1 sysctl net.ipv6.conf.lo.disable_ipv6=1
connection sharing. Iptables-Fu (internet0 ist das Interface, dass mit dem Internet verbunden ist):
sysctl net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -o internet0 -j MASQUERADE iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i net0 -o internet0 -j ACCEPT
picloud network sharing & port forwarding openwrt
sysctl net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i net0 -o wlan0 -j ACCEPT iptables -I FORWARD -o br-lan -d 192.168.1.2 -j ACCEPT iptables -t nat -I PREROUTING -p tcp --dport 8096 -j DNAT --to 192.168.1.2:8096 iptables -t nat -A OUTPUT -p tcp --dport 8096 -j DNAT --to 192.168.1.2:8096 iptables -t nat -I PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.1.2:22 iptables -t nat -A OUTPUT -p tcp --dport 2222 -j DNAT --to 192.168.1.2:22
</code>
route command example
ip route add 192.168.1.0/24 dev eth0 ip route add default via 192.168.1.1
flush addresses
ip addr flush dev enp8s0
remove interface
ip link delete br0
delete address
ip addr del 192.168.178.20/24 dev eth0
set address
ip address add dev usb0 172.16.42.1/24 ip link set usb0 up
show only specific interface
ip a show wg0
minimal hostapd and dnsmasq config
interface=wlan0 listen-address=172.24.1.1 bind-interfaces server=8.8.8.8 #port=0 # disable dns domain-needed bogus-priv dhcp-range=172.24.1.50,172.24.1.150,12h
interface=wlan0 driver=nl80211 ssid=MyAP hw_mode=g channel=11 wpa=1 wpa_passphrase=MyPasswordHere wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP wpa_ptk_rekey=600
#!/bin/sh ifname="$1" action="$2" case "$action.$ifname" in up.enp0s10) systemctl restart systemd-networkd ;; down.enp0s10) ;; esac
INTERFACES="enp0s10" ARGS="-fwI -u0 -d10"
systemctl restart ifupd@enp0s25 systemctl enable ifupd@enp0s25
compression
convert -density 200x200 -units PixelsPerInch -compress jpeg -quality 70 in.pdf out.pdf
lossless merge
pdfunite in-1.pdf in-2.pdf in-n.pdf out.pdf
extract page range
pdftk campus_italia.pdf cat 1-280 output campus_italia_a1a2.pdf
insert into pdf
pdftk A=bigpdf.pdf B=insert.pdf cat A1-180 B A181-end output output.pdf
imagemagick picture to equal size pdf
i=300; convert a.png b.png -compress jpeg -quality 100 \ -density ${i}x${i} -units PixelsPerInch \ -resize $((i*827/100))x$((i*1169/100)) \ -gravity center \ -extent $((i*827/100))x$((i*1169/100)) multipage.pdf
convert a.jpeg b.pdf -compress jpeg -quality 70 -density 300x300 -units PixelsPerInch -resize 2481x3507 -gravity center -extent 2481x3507 multipage.pdf
scale pdf pages to specific size (a4)
cpdf -scale-to-fit "210mm 297mm" Scheine\ Germanistik\ 3.pdf -o Scheine\ Germanistik\ 4.pdf
Constant quality AV1. The CRF value can be from 0–63. Lower values mean better quality.
ffmpeg -i input.mp4 -c:v libaom-av1 -crf 30 -strict experimental av1_test.mp4
Burn subtitles, fast video conversion
ffmpeg -i Kawamata\ -\ La\ passage\ des\ chaises.mkv -vf subtitles=Kawamata\ -\ La\ passage\ des\ chaises.mkv -acodec copy -preset:v ultrafast Kawamata\ -\ La\ passage\ des\ chaises.mp4
for i in *.png ; do gm convert "$i" "${i%.*}.jpg" ; done
ffmpeg -f concat -i <(printf "file '%s'\n" ./*.mp3) -c copy output.mp3
ffmpeg -i videofile.mp4 -vn -acodec copy audiofile.mp3
extract from mkv
n=`mkvinfo ${base}.mkv |grep "Track type" |grep -n "audio" |cut -d":" -f1` audTrack=`echo "${n} - 1" |bc` mkvextract tracks ${base}.mkv ${audTrack}:${base}.ac3
lynis audit system --quick
check for subdomains
torify subbrute leel.de
torify wfuzz -c --hc 404 -w /opt/wfuzz/wordlist/general/megabeast.txt http://www.leeel.de/FUZZ torify wfuzz -c --hc 404,403 -w /opt/wfuzz/wordlist/general/admin-panels.txt -w /opt/wfuzz/wordlist/general/extensions_common.txt http://www.leeel.de/FUZZFUZ2Z
Preparing data for LFI scan
cat /var/cache/pkgfile/* | grep -a ".*/.*\.conf$" | sort | uniq > lfi
disable gpu blacklist, enable nouveau hardware acceleration
chromium --ignore-gpu-blacklist
Short example
sudo systemctl start docker gpasswd -a onny docker docker run -d -p 80:80 rootlogin/nextcloud docker run -v /home/onny/projects/nextcloud-app-radio:/opt/nextcloud/apps/radio -d --name nextcloud -p 80:80 rootlogin/nextcloud
Debugging it
docker run -i -t e326cbb922aa /bin/bash # exec shell of image docker exec -i -t e326cbb922aa /bin/bash # exec new shell running container
Pull from repository
docker pull eugeneware/docker-wordpress-nginx docker run -p 80:80 -d docker-wordpress-nginx docker ps docker commit e5a70884ac44 eugeneware/docker-wordpress-nginx:aenderungen1 # docker stop / run docker run -t -i -v /home/onny/projects/web-whackspace:/usr/share/nginx/www/wp-content/themes/whackspace -p 80:80 -d e326cbb922aa docker run -i -t e326cbb922aa /bin/bash
Pull specific tagged image
docker pull rootlogin/nextcloud:develop
Build from Dockerfile
cd ~/projects/docker-invoiceplane-nginx sudo docker build -t="docker-invoiceplane-nginx" . sudo docker run -p 80:80 -d docker-invoiceplane-nginx
Build from URL
docker build -t nextcloud-testing github.com/onny/docker-nextcloud
Delete image
docker rmi <image name / id>
Export and load image
docker save myimage > myimage.tar docker load < myimage.tar
Remove all images and containers
docker system prune -a
docker stop all container
docker stop (docker ps -a -q)
prevent from auto start
docker update --restart=no
docker commit container and rerun
$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5a8f89adeead ubuntu:14.04 "/bin/bash" About a minute ago Exited (0) About a minute ago agitated_newton $ docker commit 5a8f89adeead newimagename $ docker run -ti -v "$PWD/dir1":/dir1 -v "$PWD/dir2":/dir2 newimagename /bin/bash
version: '3' services: db: image: mysql:5.7 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db image: wordpress:latest volumes: - .:/var/www/html/wp-content/themes/ausstellung-virtuell ports: - "8000:80" restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress volumes: db_data:
Note the mount instruction in the volumes section, providing the local theme to the wordpress container.
docker-compose up -d
Visit 127.0.0.1:8000
gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 # tor-browser-en aur packet
Run single command
ansible playground.pi -i hosts -m shell -a "whoami"
Limit playbook to specific host from group
ansible-playbook -i hosts archlinux-syssetup.yml -l playground.pi --ask-become-pass
Running single ansible role
roles: - { role: nsupdate, tags: nsupdate }
ansible-playbook -i hosts --ask-become-pass picloud.yml --tags 'nsupdate'
Directly define server without inventory file
ansible-playbook -i "192.168.1.23," wgnas.yml --ask-become-pass
Skip specific role by tag
ansible-playbook --inventory-file=.vagrant/provisioners/ansible/inventory -v picloud.yml --skip-tags mount
Include distribution specific vars, e.g. vars/Archlinux.yml
or vars/Debian.yml
- name: Include OS-specific variables. include_vars: "{{ ansible_os_family }}.yml"
use encrypted vars with vault
ansible-vault encrypt_string --vault-password-file ~/.ansible_vault_pw my_secret
notsecret: myvalue mysecret: !vault | $ANSIBLE_VAULT;1.1;AES256 66386439653236336462626566653063336164663966303231363934653561363964363833313662 6431626536303530376336343832656537303632313433360a626438346336353331386135323734 62656361653630373231613662633962316233633936396165386439616533353965373339616234 3430613539666330390a313736323265656432366236633330313963326365653937323833366536 34623731376664623134383463316265643436343438623266623965636363326136 other_plain_text: othervalue
ansible-playbook -i hosts -v piradio.yml --ask-become-pass --vault-password-file ~/.ansible_vault_pw
conditions
- name: Enable ufw service service: name: ufw enabled: yes when: ufw_state == "enabled"
kolhacampus archiv
sendung | genre | url |
---|---|---|
PLUG-IN | drum&base | http://www.icast.co.il/Rss.aspx?ID=515483 |
https://onny.project-insanity.org/laboumdeluxe/feed.xml # FM4 La Boum de Luxe, Music EDM Techno Radio https://onny.project-insanity.org/bounce/feed.xml # SRF Virus Bounce, Music Hip Hop Radio
Ctrl+Shift+P
Beautify
and run Beautify Editor
Running app without networking
firejail --net=none vlc
Running app in private mode (fresh home folder)
firefox --private firefox
Persistent user specific configuration
cat ~/.config/firejail/vlc.profile include /etc/firejail/vlc.profile net none
Sync only a specific folder with nextcloud
nextcloudcmd pictures https://nextcloud.project-insanity.org/remote.php/webdav/pictures
-Werror=implicit-fallthrough=
-Wno-implicit-fallthrough
show remote origin
git remote show origin
change remote origin
git remote set-url origin gitlab@http-new.pi:onny/web-wikidict.git
tagging
git tag -a v0.1 -m 'whackspace wordpress theme init'
merge commits from a remote repository
git fetch https://github.com/rfc2822/davdroid.git master git branch -r git merge FETCH_HEAD "force pull", overwrite local changes git fetch --all git reset --hard origin/master git branch git branch firefox45 git checkout firefox45
new branch
git branch iss53 git checkout iss53
delete remote branch (onny is the remote shortname)
git push onny --delete samsung-treltexx
git show all tags
git log --no-walk --tags --pretty="%h %d %s"
delete last commit
git reset --hard HEAD~1
remove sensitive files from repo
git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA' \ --prune-empty --tag-name-filter cat -- --all git push origin --force --all git push origin --force --tags
rebase upstream
git clone git@github.com:croaky/dotfiles.git cd dotfiles git remote add upstream git@github.com:thoughtbot/dotfiles.git git fetch upstream git rebase upstream/master
git cherry pick commit for specific files
git checkout 13243f2eafc4292917178051fe1bb5aab2774dca -p include/mmc.h drivers/mmc/mmc.c arch/arm/include/asm/arch-exynos/mmc.h drivers/mmc/s5p_sdhci.c common/cmd_mmc.c common/cmd_mmc_spi.c common/env_mmc.c include/sdhci.h
delete branch
git branch # list git branch -d swaybar
rebase
git remote add upstream https://github.com/whoever/whatever.git git fetch upstream git checkout master git rebase upstream/master git push -f origin master
rebase branch
git checkout fragments git rebase upstream/master
squash commits
git rebase -i upstream/master # < choose squash for all of your commits, except the first one > # < Edit the commit message to make sense, and describe all your changes > git push origin omgpull -f
alternatively
git rebase -i HEAD~3
alternatively
git merge --squash apple-a9
rerun tests with empty commit
git commit --allow-empty -m 'run tests again' git push --set-upstream USERNAME mynewbranch
change message of last git commit
git commit --amend
force push, remove latest commit of remote repository (origin)
git reset HEAD^ git push origin +HEAD
yum install rpm-build rpmbuild --rebuild aiccu-2007.01.15-7.el6.src.rpm cd /root/rpmbuild/RPMS/x86_64 rpm -i aiccu-2007.01.15-7.el7.centos.x86_64.rpm
copy all scrollback buffer into a file. Press keys: “Prefix + :”
capture-pane -S -3000 save-buffer filename.txt
installing msi
wine msiexec /i xyz.msi
wireshark: filter only http traffic
http
arp-scan
arp-scan --interface=wlp3s0 --localnet
nmap use nse script
nmap -p 80 192.168.188.0/24 -n --open --script /usr/share/nmap/scripts/http-title.nse
which package provides file XY
apt-file update apt-file search netstat
extract deb package
ar x *.deb
define variables with preset which can be overwritten
DOCUMENT_ROOT ?= /var/www/onlyoffice/documentserver LOG_DIR ?= /var/log/onlyoffice/documentserver DATA_DIR ?= /var/lib/onlyoffice/documentserver/App_Data CONFIG_DIR ?= /etc/onlyoffice/documentserver CREATE_USER ?= TRUE
conditions
ifeq ($(CREATE_USER),TRUE) adduser --quiet --home ${DESTDIR}${DOCUMENT_ROOT} --system --group onlyoffice chown onlyoffice:onlyoffice -R ${DESTDIR}$(dirname {DOCUMENT_ROOT}) chown onlyoffice:onlyoffice -R ${DESTDIR}$(dirname {LOG_DIR}) chown onlyoffice:onlyoffice -R ${DESTDIR}$(dirname $(dirname {DATA_DIR})) endif
condition if directory exists
.PHONY: all all: ifneq ($(wildcard tileserver/*),) cd tileserver git pull cd .. else git clone https://github.com/maptiler/tileserver-php.git tileserver endif
echo mail server
echo@univie.ac.at
openssl imaps login
openssl s_client -connect mail.sexypump.de:993 -crlf A login cypherpunk cypherpunk
get quota
a GETQUOTAROOT INBOX
get msg count of folder
a LIST INBOX * * LIST (\HasChildren) "." INBOX * LIST (\HasNoChildren \UnMarked) "." "INBOX.Deleted Messages" * LIST (\HasNoChildren \UnMarked) "." "INBOX.Sent Messages" * LIST (\HasNoChildren \UnMarked \Trash) "." INBOX.Trash * LIST (\HasNoChildren \UnMarked \Sent) "." INBOX.Sent * LIST (\HasNoChildren \UnMarked) "." INBOX.Notes * LIST (\HasNoChildren \UnMarked \Junk) "." INBOX.Junk * LIST (\HasNoChildren \UnMarked \Drafts) "." INBOX.Drafts * LIST (\HasNoChildren \UnMarked) "." INBOX.AntiSpam a OK List completed (0.001 + 0.000 secs). a SELECT INBOX
send smtp mail
echo -n "username" | base64 # dXNlcm5hbWU= echo -n "password" | base64 # cGFzc3dvcmQ= openssl s_client -connect mail.agenturserver.de:465 AUTH LOGIN ZGRkZGRkZGRk enp6enp6enp6eno= RCPT TO: <admin@example.local> Subject: I have some questions! Question 1: ... DONE
installed apps
antennapod davx5 dbnavigator fdroid fennec icsx5 jellyfin keepassdx libreoffice vlc nextcloud quicklyric radiodroid signal soundhound spotify tasks documentviewer fdroid-privilegedextension
configurations
flash recovery
heimdall flash --RECOVERY twrp-3.2.1-1-serranoltexx.img
anbox
pacman -S anbox-git anbox-image anbox-modules-dkms-git modprobe binder_linux ashmem_linux systemctl restart anbox-container-manager systemctl --user restart anbox-session-manager anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity wget "https://f-droid.org/FDroid.apk" adb install FDroid.apk
https://nextcloud.project-insanity.org/remote.php/dav
In case of 2FA requires device specific password
comment multiple lines
CTRL + V # visual block mode after selecting Shift + I # insert mode type # ESC
zitieren
Anführungszeichen öffnend: [Alt Gr] + [V] Anführungszeichen schließend: [Alt Gr] + [B]
run x apps with root
xhost +SI:localuser:root sudo gparted
==> Verifying source file signatures with gpg... aurutils-1.5.3.tar.gz ... FAILED (unknown public key 6BC26A17B9B7018A) ==> ERROR: One or more PGP signatures could not be verified! ==> ERROR: Could not download sources. onny@http ~ % sudo -u aur gpg --recv-keys 6BC26A17B9B7018A
decrypt symmetric
gpg doc.gpg
ngrep -q -W byline "^(GET|POST) .*" ngrep -q -W byline "search" host www.google.com and port 80
https://outline.com/zeit.de/2011/26/Nationalsozialismus-Tagebuecher/komplettansicht
udate all packages
opkg update opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade
dbus system monitor with filter
busctl --match "path=/net/connman/iwd" monitor
list tree
busctl tree net.connman.iwd
introspect available properties
busctl introspect net.connman.iwd /net/connman/iwd/636166652d6d6174732d67617374_psk
service hardening
PrivateTmp=true ProtectHome=true # Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. ProtectSystem=full # Ensures that the service process and all its children can never gain new privileges NoNewPrivileges=true # Sets up a new /dev namespace for the executed processes and only adds API pseudo devices # such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it, # but no physical devices such as /dev/sda. PrivateDevices=true # Explicit module loading will be denied. This allows to turn off module load and unload # operations on modular kernels. It is recommended to turn this on for most services that # do not need special file systems or extra kernel modules to work. ProtectKernelModules=true # Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats, # /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be made read-only to all processes # of the unit. Usually, tunable kernel variables should only be written at boot-time, with the # sysctl.d(5) mechanism. Almost no services need to write to these at runtime; it is hence # recommended to turn this on for most services. ProtectKernelTunables=true # The Linux Control Groups (cgroups(7)) hierarchies accessible through /sys/fs/cgroup will be # made read-only to all processes of the unit. Except for container managers no services should # require write access to the control groups hierarchies; it is hence recommended to turn this on # for most services ProtectControlGroups=true # Restricts the set of socket address families accessible to the processes of this unit. # Protects against vulnerabilities such as CVE-2016-8655 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX # Takes away the ability to create or manage any kind of namespace RestrictNamespaces=true
apply changes to system
nixos-rebuild switch
update channel, rebuild and switch
nixos-rebuild switch --upgrade
search package
nix search gedit
nixos testing environement
nix-shell -p toilet
install unstable package
nix-channel --add https://nixos.org/channels/nixos-unstable unstable nix-channel --update unstable nix-env -iA unstable.pdfarranger
custom local repository, list packages
nix-env -f /etc/nixos/apps -qaP '*'
install package from local repo
nix-env -f /etc/nixos/apps -iA xerox6000-6010
package shell script
# Here we but a shell script into path, which lets us start sway.service (after importing the environment of the login shell). environment.systemPackages = with pkgs; [ ( pkgs.writeTextFile { name = "startsway"; destination = "/bin/startsway"; executable = true; text = '' #! ${pkgs.bash}/bin/bash # first import environment variables from the login manager systemctl --user import-environment # then start the service exec systemctl --user start sway.service ''; } ) ];
garbade collector
nix-collect-garbage -d
list package files
find $(nix eval -f /etc/nixos/apps --raw xerox6000-6010.outPath)
install package
nix-env -i icecat
remove package
nix-env -e icecat
or
sudo nix-store --delete --ignore-liveness /nix/store/1hnbdgz5yy9agnbnix2d8cvxj2d6hlc5-system-path
list installed packages
# installed via configuration.nix nixos-option environment.systemPackages | head -2 | tail -1 | sed -e 's/ /\n/g' | cut -d- -f2- | sort | uniq # + dependencies nix-store --query --requisites /run/current-system nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq # list user packages nix-env --query
python virtualenv
nix-shell -p python3Packages.virtualenv python -m venv venv source venv/bin/activate pip install -r requirements.txt
local repository (nixpkgs clone) as systemwide channel
$ nix-build nixos/release.nix -A channel --arg nixpkgs '{ outPath = ./. ; revCount = "'$(git rev-list HEAD | wc -l)'"; shortRev = "'$(git rev-parse --short HEAD)'"; }' ... /nix/store/hash-name/ $ sudo nix-channel --remove nixos $ sudo nix-channel --add file:///nix/store/hash-name/tarballs/thetarball.tar.xz nixos $ sudo nix-channel --update
test packages git pull request
let [...] nixpkgs-tars = "https://github.com/NixOS/nixpkgs/archive/"; # FIXME iwd networks option pr75800 = import (fetchTarball "${nixpkgs-tars}ba0baf53e24a123a45861cf5fa08e4b3e1377db0.tar.gz") { config = config.nixpkgs.config; }; # FIXME nftables + docker pr81172 = import (fetchTarball "${nixpkgs-tars}0b4e135d8e9c76a43346ae24e33572e627951203.tar.gz") { config = config.nixpkgs.config; }; [...] in [...] nixpkgs.overlays = [ (self: super: { # FIXME: add iwd networks option inherit (pr75800) iwd; } )];
retrieve hash
curl -sL https://github.com/NixOS/nixpkgs/pull/64977.patch \ | head -n 1 | grep -o -E -e "[0-9a-f]{40}"
allow unfree package installation nix-env
env NIXPKGS_ALLOW_UNFREE=1 nix-env -f /home/onny/projects/nur-packages -iA ocenaudio
build local package
nix-build -E 'with import <nixpkgs> { }; callPackage ./default.nix { nodejs = pkgs."nodejs-10_x"; }'
rebuilding with progress indication
nix build '(with import <nixpkgs/nixos> { }; system)' nixos-rebuild -I nixpkgs=/home/onny/projects/nixpkgs switch --max-jobs 1
quick launch program
nix run nixpkgs.electrum --command electrum
review repository
git clone https://github.com/NixOS/nixpkgs.git cd nixpkgs nixpkgs-review pr 98044
setup python virtualenv, working pip
15.17.3.6. How to consume python modules using pip in a virtual environment like I am used to on other Operating Systems? https://nixos.org/manual/nixpkgs/stable/#python
fetchurl
{ fetchurl, }: let pname = "librewolf-bin"; version = "85.0.2-1"; name = "${pname}-${version}"; src = fetchurl { url = "https://gitlab.com/librewolf-community/browser/linux/uploads/b87285386bed26dc6d6d4cf252ca7adf/LibreWolf-${version}.x86_64.AppImage"; sha256 = "0sapm4g4qs63sm640kxcjrngxnix524ms6mxnn0xz6p0xr8dz27r"; };
build package
cd /path/to/nixpkgs nix-build -A nodePackages.<new-or-updated-package>
get checksum
nix-prefetch-url 'http://i3wm.org/downloads/i3-4.5.1.tar.bz2'
running tests
echo "$PR_DIFF" | xargs editorconfig-checker -disable-indent-size
reviewing uncommited changes
nixpkgs-review wip
tempalte fetchFromGitLab + cmake qt application
{ lib , mkDerivation , fetchFromGitLab , cmake , pkg-config , qtbase , qttools , qpdf , podofo }: mkDerivation rec { pname = "pdfmixtool"; version = "1.0.2"; src = fetchFromGitLab { owner = "scarpetta"; repo = pname; rev = "v${version}"; sha256 = "066ap1w05gj8n0kvilyhlr1fzwrmlczx3lax7mbw0rfid9qh3467"; }; nativeBuildInputs = [ cmake pkg-config ]; buildInputs = [ qtbase qttools qpdf podofo ]; meta = with lib; { description = "An application to split, merge, rotate and mix PDF files"; homepage = "https://gitlab.com/scarpetta/pdfmixtool"; license = licenses.gpl3Only; maintainers = with maintainers; [ onny ]; }; }
run test locally
nix-build nixos/tests/dokuwiki.nix
test changes to a modul
nixos-rebuild --upgrade switch -I nixpkgs=/home/onny/projects/nixpkgs
wrapProgram add binary to path
nativeBuildInputs = [ makeWrapper ]; [...] postInstall = '' wrapProgram $out/bin/wihotspot-gui \ --prefix PATH : ${lib.makeBinPath [ iw ]} '';
install and modify systemd service
postInstall = '' mkdir -p $out/lib/systemd/system substitute dist/systemd/maddy.service $out/lib/systemd/system/maddy.service \ --replace "/usr/bin/maddy" "$out/bin/maddy" \ --replace "/bin/kill" "${coreutils}/bin/kill" substitute dist/systemd/maddy@.service $out/lib/systemd/system/maddy@.service \ --replace "/usr/bin/maddy" "$out/bin/maddy" \ --replace "/bin/kill" "${coreutils}/bin/kill" '';
setup
virtualisation.libvirtd.enable = true; users.extraUsers.myuser.extraGroups = [ "libvirtd" ];
nix-env -iA nixos-unstable.nixopsUnstable sudo mkdir /var/lib/libvirt/images sudo chgrp libvirtd /var/lib/libvirt/images sudo chmod g+w /var/lib/libvirt/images sudo virsh pool-define-as default dir --target /var/lib/libvirt/images sudo virsh pool-autostart default sudo virsh pool-start default nixops create -d example-libvirtd examples/trivial-virtd.nix nixops deploy -d example-libvirtd nixops list
connect to instance (deployment name: example-libvirtd, machine name: machine)
nixops ssh -d example-libvirtd machine
delete deployment, delete machine
nixops delete -d example-libvirtd nixops destroy --include nix-http
start, stop destroy machine foo
nixops start --include foo nixops stop --include foo nixops destroy --include foo
list machines
nixops info
reset flash drive
dd if=/dev/zero of=/dev/sdX bs=2M count=32
change label (vfat etc)
fatlabel /dev/sdb1 "mystick"
resize extX partition
sfdisk -l /dev/sdb # Disk /dev/sdb: 55.9 GiB, 60022480896 bytes, 117231408 sectors # Disk model: CR60GB External # Units: sectors of 1 * 512 = 512 bytes # Sector size (logical/physical): 512 bytes / 512 bytes # I/O size (minimum/optimal): 512 bytes / 512 bytes # Disklabel type: dos # Disk identifier: 0x2486e7f7 # # Device Boot Start End Sectors Size Id Type # /dev/sdb1 2048 117231407 117229360 55.9G 83 Linux e2fsck -f /dev/sdb1 resize2fs /dev/sdb1 50G # resize2fs 1.45.5 (07-Jan-2020) # Resizing the filesystem on /dev/sdb1 to 13107200 (4k) blocks. # The filesystem on /dev/sdb1 is now 13107200 (4k) blocks long. fdisk /dev/sdb # 1. (d) delete partition # 2. (n) create new partition # 3. (p) primary # 4. (1) partition number # 5. (2048) start block, same as above # 6. (+52428800K) last sector partition (13107200k*4k) # 7. (a) partition is bootable flag # 8. (w) write changes
restore snapshot
lvconvert --merge /dev/vg0/playground_snap
isoinfo -d -i /dev/cdrom | grep -i -E 'block size|volume size' dd if=/dev/cdrom of=test.iso bs=<block size from above> count=<volume size from above> status=progress
mount with offset
# find offset in testdisk, multiplay start sector with sector-bytes mount -o loop,offset=1048576 /dev/sdb /mnt
mount webdav
mount.davfs https://bwsyncandshare.kit.edu/remote.php/dav/files/7bac0379-52e8-42e4-xxxx@bwidm.scc.kit.edu/ remote
./sync.sh ./generate_playlist.sh
env QT_QPA_PLATFORM=xcb mixxx
[global] workgroup = WORKGROUP server role = standalone server security = user map to guest = Bad Password [public] path = /mnt writeable = no browsable = yes guest ok = yes
systemctl restart smb nmb
discover local services
avahi-browse --all --ignore-local --resolve --terminate
curlftpfs ftp.example.com /mnt/ftp/ -o user=username:password,allow_other
npm init npm install jquery@3.5.1 --save # see npmjs.com
Test gitlab-ci.yml, change into root dir, then:
gitlab-runner exec docker packaging
Where packaging
is the name of the job.
Compress/decompress files and directories multithreaded
lrztar directory lrzuntar directory.tar.lrz lrzip filename lrunzip filename.lrz
general chroot management
pmbootstrap pull pmbootstrap shutdown
install package into chroot
pmbootstrap chroot --suffix native -- apk add paxmark
emulated chroot
pmbootstrap chroot -b=armv7
update package index
pmbootstrap update
edit kernel config
pmbootstrap kconfig edit htc-pyramid
apk commands
pmbootstrap chroot $ apk update $ apk add paxmark $ apk add paxmark-0.12-r0.apk
working with git
cd .local/var/pmbootstrap/cache_git/pmaports git checkout htcpyramix git pull master git rebase master
cleanup chroot(s)
pmbootstrap zap
flash or boot kernel directly
pmbootstrap flasher flash_kernel pmbootstrap flasher boot
prepare kernel image for odin
pmbootstrap export cd /tmp/postmarketOS-export cp boot.img-samsung-i8150 recovery.img tar -cf recovery.tar recovery.img md5sum -t recovery.tar >> recovery.tar mv recovery.tar recovery.tar.md5
list
parted /dev/sda $ print
resize partition (default unit size MB)
parted /dev/sda $ resizepartition Partition number? 1 End? [10.0GB]? 15000MB
change unit
unit GB
capture usb traffic
modprobe usbmon tshark -D tshark -i usbmon0
read symbols of library
readelf -Ws /usr/lib/libusb-1.0.so.0