Listing posts

Displaying posts 6 - 10 of 318 in total

email validation in rails

67 · cloud ·

Dev

HowTo

Rails

Last update
2023-11-24

2023
11-24

« — »

validates :email,
  presence: true,
  uniqueness: { case_sensitive: false },
  format: { with: URI::MailTo::EMAIL_REGEXP }

Simply use /\A.+@.+\..+\z/i and put and end to the overkill.

Source: passwordless gem, railsguides, Stop Validating Email Addresses with Regex

~~~ * ~~~

use github rubygems registry

965 · cloud ·

Last update
2023-11-22

2023
11-22

«free rubygems repository with github
using personal access token»

Working with the RubyGems registry

generate a personal access token and grant it repo permissions (replace MY_GITHUB_TOKEN with its content)
cat ~/.gem/credentials
1 2
--- :github: Bearer MY_GITHUB_TOKEN

cat .bundle/config

Note: replace any - with ___.

1 2	--- BUNDLE_HTTPS://RUBYGEMS__PKG__GITHUB__COM/ACAVALIN/: "acavalin:MY_GITHUB_TOKEN"

cat .gemrc

gem: --no-document
backtrace: false
bulk_threshold: 1000
sources:
- https://rubygems.org/
- https://acavalin:MY_GITHUB_TOKEN@rubygems.pkg.github.com/acavalin/
update_sources: true
verbose: true

build the gem, examples:
- gem build name.gemspec
- rake --tasks ; rake build

push gem to registry

1	gem push --key github --host https://rubygems.pkg.github.com/acavalin name-0.0.1.gem

use gem in project
- Gemfile: gem "name "0.0.1", source: "https://rubygems.pkg.github.com/acavalin"
- cmdline: gem install --clear-sources --source https://acavalin:MY_GITHUB_TOKEN@rubygems.pkg.github.com/acavalin deluge-rpc

~~~ * ~~~

RaspberryPi server

9599 · cloud ·

Last update
2023-11-22

2023
11-22

«raspi, raspbian, nas, webdav, dlna, media center, torrent, rdp/vnc, print/scan, firewall, dns, monitoring, vpn, zram, android»

Update raspbian linux to latest version:

apt-get update
apt-get upgrade
apt-get dist-upgrade
apt-get clean
apt-get autoremove
rpi-update # update firmware & kernel

apt-get purge bash-completion     # speed up shell TAB-auto completion

# --- os version update, eg: from jessie (deb8) to stretch (deb9)
sed -i 's/jessie/stretch/g' /etc/apt/sources.list
sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/raspi.list
# repeat the commands above, then check the current version:
cat /etc/os-release

Debian 10 upgrade: see rpi blog post notes and comments.

Change password, hostname, full xdm greeter:

sudo raspi-config # Change User Password; Hostname

# choose lightdm-gtk-greeter
sudo update-alternatives --config lightdm-greeter

Configure a static IP address (see also this and fallback method):

append the desired following blocks to /etc/dhcpcd.conf:

interface eth0
fallback mylan

SSID my_wifi_ssid
fallback mylan

interface wlan0
fallback mylan

profile mylan
static ip_address=192.168.1.110/24
static routers=192.168.1.1
static domain_name_servers=84.200.69.80 37.235.1.174 84.200.70.40 37.235.1.177

Note: Do not use the directive inform 192.168.1.110 because it breaks the UPS monitor.

Optional do not wait for network at boot: run raspi-config and select Boot > Wait for Network at Boot > No.

Tune kernel settings

disable 64 bit kernel image, put in /boot/config.txt:

1	arm_64bit=0

Disable IPv6: append ipv6.disable=1 to kernel parameters in /boot/cmdline.txt or:

# via sysctl:
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/local.conf
# via modprobe:
echo "blacklist ipv6" >> /etc/modprobe.d/local.conf

Set autoreboot on kernel panic: append panic=5 to kernel parameters in /boot/cmdline.txt or via sysctl:

1	echo "kernel.panic = 5" >> /etc/sysctl.d/local.conf

use eth0 as first ethernet device name (wiki)
- raspi-config > Advanced Options > Network Interface Names > disable predictable network i/f names
- append net.ifnames=0 to /boot/cmdline.txt
better/visible boot messages: append consoleblank=0 plymouth.enable=0 to kernel parameters in /boot/cmdline.txt
Remove tv black borders: set disable_overscan=1 in the /boot/config.txt.
Fix slow usb mouse: append usbhid.mousepoll=0 to kernel parameters in /boot/cmdline.txt.

Tune video settings

Run raspi-config and in the Advanced Options section, if using a raspberry pi 4 then enable both the GL driver and the Compositor otherwise turn them off.

Note: to ensure the loading of Pi4's VC4/GL driver make sure to uninstall Xorg frame buffer drivers:

1 2	apt install xserver-xorg-video-vesa apt purge xserver-xorg-video-fbdev xserver-xorg-video-fbturbo

Fix HDMI no signal

1
2
3

# /boot/config.txt
hdmi_force_hotplug=1
config_hdmi_boost=6

Fix Pi4's DRM mem error:

1	DRM_IOCTL_MODE_CREATE_DUMB failed: Cannot allocate memory

If you see the above error then use these /boot/config.txt settings:

# force HD, and prevent 4K memory drain (optional)
hdmi_group=1
hdmi_mode=16
[hdmi:0]
hdmi_max_pixel_freq=200000000
[hdmi:1]
hdmi_max_pixel_freq=200000000

[pi4]
# Enable DRM VC4 V3D driver on top of the dispmanx display stack (default driver)
dtoverlay=vc4-fkms-v3d
# number of active displays 1-2
max_framebuffers=1
# disable any memory split
#gpu_mem=256

and append cma=384M to /boot/cmdline.txt.

Tune audio settings

fix robotic/metallic audio

1 2	# add tsched=0 in /etc/pulse/default.pa on this line: load-module module-udev-detect tsched=0

disable microphone auto adjust (src1, src2, src3):

cd /usr/share/pulseaudio/alsa-mixer/paths
tar -czvf ../paths.tgz .  # backup
perl -pi -0 -e 's/(\[[A-Za-z ]*(Mic Boost|Capture)\][A-Za-z._=\s-]+volume *= *)merge/\1zero/g;' *mic*.conf
shutdown -r 0

to have a much better audio quality you can buy an usb soundcard (eg. PCM2704 DAC)

# /etc/modprobe.d/local-audio.conf

# https://alsa.opensrc.org/MultipleCards#Reordering_the_driver_for_a_particular_card
options snd_bcm2835    index=0
# get vendor and product IDs via "lsusb" (my PCM2704 has 08bb:27c4)
options snd-usb-audio  index=2,3,4 vid=0x08bb,0x1395,0x046d pid=0x27c4,0x0025,0x0836

# set default card in pulseaudio (taken from raspi-config script)
pulseaudio --check || pulseaudio -D
export XDG_RUNTIME_DIR=/run/user/`id -g`
pacmd list-sinks | grep -e index -e alsa.name  # identify your card number
pactl set-default-sink 3

Tune wifi settings

# disable roaming
echo "options brcmfmac roamoff=1" >> /etc/modprobe.d/local.conf

# set correct regional domain
sed -i 's/REGDOMAIN=.*/REGDOMAIN=IT/' /etc/default/crda

# auto turn off power management
cd /etc/network/if-up.d/
echo -e '#!/bin/bash\n/sbin/iw dev wlan0 set power_save off' > local-wlan
chmod 755 local-wlan
# find an optimal MTU size via:
#   ping -c 2 -M do -s 1600 www.google.com
# then save it with:
echo "/sbin/ip link set dev wlan0 mtu 1400" >> local-wlan

Turn off bluetooth if unused, see this section.

Tune eth settings

Disable eee Energy Efficient Ethernet support

1	echo "dtparam=eee=off" >> /boot/config.txt

Force eth0 speed to 100Mbs full duplex:

create a device tree file cm4-disable-gigabit-ethernet.dts:

 /dts-v1/;
 /plugin/;

 / {
     /* Change the phy max-speed to 100 Mbps */
     fragment@0 {
         target = <&phy1>;
         __overlay__ {
             max-speed = <100>;
         };
     };
 };

compile and install:

1 2	sudo dtc -@ -Hepapr -I dts -O dtb -o /boot/overlays/cm4-disable-gigabit-ethernet.dtbo cm4-disable-gigabit-ethernet.dts echo "dtoverlay=cm4-disable-gigabit-ethernet" >> /boot/config.txt

Reduce power consumption:

turn off leds (RPIex, forum, lindevs) by putting in /boot/config.txt under the [pi4] tag:

[pi4]
# Disable the PWR LED
dtparam=pwr_led_trigger=default-on
dtparam=pwr_led_activelow=off

# Disable the Activity LED
dtparam=act_led_trigger=none
dtparam=act_led_activelow=off

# Disable ethernet port LEDs (0=ACT, 1=LNK)
dtparam=eth_led0=4
dtparam=eth_led1=4

1 2	# disable HDMI output (and set boot to console via raspi-config) /usr/bin/tvservice -o # -p to re-enable

set boot to console and reduce memory split:

1 2	raspi-config # Boot Options > Desktop / CLI > Console raspi-config # Advanced Options > Memory Split > 16

turn off unsued wlan/bluetooth (see /boot/overlays/README), put in /boot/config.txt:

1 2	dtoverlay=disable-wifi dtoverlay=disable-bt

and turn off the bluetooth services:

1 2	systemctl disable hciuart systemctl disable bluetooth

Overclock RPI4:

Add these lines in /boot/config.txt:

arm_freq=2048
v3d_freq=750
over_voltage=6
hdmi_enable_4kp60=1

optionally set performance cpu governor:

1 2	# /etc/rc.local echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor

Extend lifespan of mechanical HDD:

put in /etc/hdparm.conf:

/dev/sda {
  write_cache = on
  # -B -- disable Advanced Power Management
  apm = 254
  # -S -- 1h timeout
  spindown_time = 242
}

Extend lifespan of sdcard:

install my tmpfs-folders script and add a custom periodic cleaning of /var/log files in root crontab:

1 2	# m h dom mon dow command 0 0 * * 3 /opt/systemd-units/clear_var_log.sh > /dev/null 2> /dev/null

Extend your RAM by enabling ZRAM (compressed RAM):

put in /etc/rc.local:

if modprobe zram num_devices=1 ; then
  echo lz4  > /sys/block/zram0/comp_algorithm
  echo 384M > /sys/block/zram0/mem_limit
  echo 768M > /sys/block/zram0/disksize

  mkswap /dev/zram0
  swapon -p 10 /dev/zram0

  sysctl vm.swappiness=90
fi

and optionally disable dphys-swapfile swapfile service:

1	systemctl disable dphys-swapfile

Setup a NAS (via NFS):

Server side commands:

apt-get install nfs-kernel-server

systemctl enable rpcbind # it's disabled by default...
systemctl restart nfs-kernel-server

# add a share to /etc/exports
echo "/path 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=1001,anongid=1001)" >> /etc/exports

exportfs -ra # reload server

and append these lines to /ect/rc.local:

1
2
3

# fix: nfs server doesn't start without rpcbind
systemctl start   rpcbind
systemctl restart nfs-kernel-server

Client side commands:

1 2	echo "192.168.1.110:/path /mnt/path nfs defaults,user,exec 0 0" >> /etc/fstab mount /mnt/path

Setup a remote desktop (via VNC):

You have three options:

Install the modern TigerVNC server, see the dedicated post
Use the lightdm TigerVNC service by enabling it in /etc/lightdm/lightdm.conf

Install the old TightVNC:

apt-get install tightvncserver
# set a password and run a LQ server on display 1:
vncpasswd
vncserver -geometry 1024x768 -depth 8 :1
vncviewer server_ip:1 # connect from another host

Setup a shared printer:

apt-get install cups
apt-get install hplip # HP printers drivers
hp-setup -i # install printer + dl drivers

elinks http://localhost:631
# Administration > Printers > Add printer
# Server settings > Share printers connected to this system

then turn the printer off and on again.

On Android you can install these apps: Let's print Droid, and Let's Print PDF.

Setup the firewall:

apt-get install ufw

ufw reset # reset to defaults

ufw default deny  incoming
ufw default allow outgoing

ufw allow from 192.168.1.0/24 # your intranet
ufw allow from x.x.x.x        # a trusted IP
ufw limit 22/tcp              # max 6 new connections every 30 seconds
ufw limit 2200:2230/udp       # mosh port range
ufw allow 1810:1820/tcp       # bittorent - data
ufw allow 1810:1820/udp
ufw allow 6881:6891/tcp       # bittorent - tracker
ufw allow 6881:6891/udp
ufw allow 6771/udp            # bittorent - local peer discovery

ufw enable

SSH access and tunnels:

Here is an example for creating some simple forward tunnels while connecting to a remote server:

# deluge thin client & web ui, vnc, nginx
ssh \
  -L 58846:localhost:58846 \
  -L 8112:localhost:8112   \
  -L 5901:localhost:5901   \
  -L 1234:localhost:1234   \
  user@server_addr

There are some great SSH clients as PuTTY for windows/linux and juiceSSH on Android.

Use mosh (even with juiceSSH!) to reliably connect from unstable or high latency networks:

1 2	apt-get install mosh # run this both on client and server mosh -p 2200:2230 user@server_addr # connect to opened UDP ports on server

Read the dedicated post for an advanced tunnel usage.

Read the dedicated post to setup a SOCKS proxy with SSH.

Note: if sshd is slow to start at boot (systemd-analyze blame) then install haveged to have more entropy. Also apply this patch if it's killed by systemd on debian bullseye:

mkdir -p /etc/systemd/system/haveged.service.d
echo -e '[Service]\nSystemCallFilter=uname' > /etc/systemd/system/haveged.service.d/dietpi.conf
systemctl daemon-reload
systemctl restart haveged

Save external syslog via rsyslog:

enable tcp/udp ports, uncomment these lines in /etc/rsyslog.conf

module(load="imudp")
input(type="imudp" port="514")

module(load="imtcp")
input(type="imtcp" port="514")

filter and save remote logs by IP, create /etc/rsyslog.d/router.conf

$template routerlog, "/var/log/router.log"

if $fromhost-ip startswith "192.168.1.1" then -?routerlog
& stop

restart service

1	systemctl restart rsyslog

configure the device (eg. a router) to use your raspi IP as the remote syslog server

Enable bluetooth without WiFi

disable WiFi by blacklisting its modules, add in /etc/modprobe.d/local-wifi.conf:

1 2	blacklist brcmfmac blacklist brcmutil

set enable_uart=1 in /boot/config.txt
ensure /boot/cmdline.txt contains this text in this exact order:

1	console=serial0,115200 console=tty1

enable services:

1 2	systemctl enable hciuart systemctl enable bluetooth

Dedicated posts:

Tools:

1
2
3

apt-get install rpi-chromium-mods # video acceleration on google chrome
apt-get install remmina           # very handy VNC/SSH GUI
apt-get install omxplayer         # accelerated cli media player

Fast/light web browsers:
- kweb - raspberry pi's custom webkit build with omxplayer support
- vivaldi - opera like browser
- midori

OMXplayer GUIs:

gomx -- light Python+Tk via python-omxplayer-wrapper

sudo apt install libdbus-1-dev libglib2.0-dev
pip install omxplayer-wrapper
wget -O ~/bin/gomx https://github.com/vladcc/gomx/raw/master/gomx/gomx.py
chmod 755 ~/bin/gomx
sed -i 's/^PL_WIN_PAD = .*/PL_WIN_PAD = 0/' ~/bin/gomx # adjust padding

tboplayer -- via pyomxplayer + youtube-dl + lyrics

raspi-keygen -- Patch for MPEG-2, VC-1 license (untested, use it at your own risk)

1 2	cd /boot && cp start.elf start.elf_backup && \ perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf

latest mkvtoolnix for raspbian

Backup:

You can do a full/raw sdcard backup, a live/tar one, or an incremental one.

As an alternative to 7za you can use xz just like the gz command (or use the -J option of tar).

Incremental backup commands

# --- backup ----------------------------------------
cd /tmp && mkdir -p p1 p2
sudo mount -o ro /dev/sdc1 p1
sudo mount -o ro /dev/sdc2 p2

cd bkup-folder
sudo sfdisk -d /dev/sdc > ptable
mkdir -p p1 p2
sudo ribs -b --no-p p1 /tmp/p1
sudo ribs -b        p2 /tmp/p2

sudo umount /tmp/p?


# --- restore ---------------------------------------
cd bkup-folder

cd /tmp && mkdir -p p1 p2
sfdisk /dev/sdc < ptable
mkfs.vfat /dev/sdc1
mkfs.ext4 /dev/sdc2
sudo mount /dev/sdc1 p1
sudo mount /dev/sdc2 p2

sudo ribs -r p1 /tmp/p1
sudo ribs -r p2 /tmp/p2

cat ptable | grep label-id   # view old partition ID

# change to the new partition ID
sfdisk -d /dev/sdc | grep label-id
# update PARTUUID in p1/cmdline.txt 
# update PARTUUID in p2/etc/fstab

sudo umount /tmp/p?

Miscellanea:

Fix TV/monitor not detected unless powered on first:

1	sudo tvservice -d /boot/edid.dat

1
2
3

# /boot/config.txt
hdmi_edid_file=1
hdmi_force_hotplug=1

Test if we are on a raspberry (/sys, /proc/cpuinfo):

1 2	cat /sys/firmware/devicetree/base/model # Raspberry Pi 3 Model B Rev 1.2 grep Hardware /proc/cpuinfo # Hardware : BCM2708

To save space on new installs of ruby gems, put in ~/.gemrc:

1 2	install: --no-rdoc --no-ri --no-document update: --no-rdoc --no-ri --no-document

and to install a gem in the user $HOME use this command:

gem install --user-install bundler

# remember to update your PATH adding this line to ~/.bashrc
export PATH=$HOME/.gem/ruby/2.1.0/bin:$PATH

If you have a logitech wireless keyboard (eg: K400+) then you can use solaar to query and configure it:

git clone https://github.com/pwr/Solaar.git
cd Solaar/bin

solaar show all
solaar show 1 | grep Battery
solaar config 1 fn-swap off # toggle function keys

If you have a keyboard without the F# keys (like the kano keybord) you can emulate them with xdotool and then run it via xbindkeys:

sudo apt-get install xdotool xbindkeys xbindkeys-config
xdotool key ctrl+alt+F1  # emulate these key press
xbindkeys-config         # create and save your bindings
xbindkeys                # run daemon

or you can use xmodmap to remap existing keys:

1
2
3

xmodmap -pke | tee ~/.Xmodmap > ~/.Xmodmap-orig
nano    ~/.Xmodmap # edit keys
xmodmap ~/.Xmodmap # load changes (run this on X startup)

see Xorg keyboard references on the bottom.

Autostart programs when loggin in LXDE: put your commands prefixed by @ in ~/.config/lxsession/LXDE-pi/autostart
Change video mode/resolution without rebooting -- see rpi forum post

# query available video modes
tvservice -m CEA
#Group CEA has 16 modes:
#           mode  4: 1280x720  @ 60Hz 16:9, clock:74MHz progressive 
#           mode 19: 1280x720  @ 50Hz 16:9, clock:74MHz progressive 
#  (prefer) mode 16: 1920x1080 @ 60Hz 16:9, clock:148MHz progressive 

# set custom video mode
tvservice -e "CEA 4 HDMI"
#fbset -depth 8 ; fbset -depth 16
fbset -g 1280 720 1280 720 16
xrefresh

# set default video mode
tvservice -p

Android/LineageOS: images by Konsta, forum
Zoom: arm port request, forum
qpdfview a PDF viewer better than xpdf (modern GUI, fast render, page preload and cache)

Notes:

Raspberry Pi 3 provides 1.2A USB current by default (no need to set max_usb_current=1 in /boot/config.txt). Of course a 2.5A PSU is mandatory.

Tips:

SenseHAT: blog post
hplayer (mplayer)
SSHfs
read-only sdcard: adafruits post from raspi post

Sources:

power consumption: pidramble, jeffgeerling
ZRAM: kernel, raspberry pi 3 gist, with-raspberrypi blog, stoned.io
NFS server in Raspbian: can't connect
Reduce SDcard wearing: stackexchange post e ramlog pkg
Xorg keyboard: keysym list, xmodmap tutorials by xahlee and archlinux wiki
upgrade raspbian8 to 9
Fix wifi poor performance + turn power management off + optimize

~~~ * ~~~

Linux show bind mounts

15 · cloud ·

HowTo

Linux

Terminal

Last update
2023-11-21

2023
11-21

« — »

1	findmnt \| fgrep \\[

Source: stackexchange 1 and 2

~~~ * ~~~

UFW firewall setup

2295 · cloud ·

Last update
2023-11-20

2023
11-20

« — »

If you are using it on a VPS then you have to enable iptables NAT beforehand.

apt-get install ufw

# disable IPv6 rules
sed -r -i 's/IPV6=yes/IPV6=no/' /etc/default/ufw

# write rules in /lib/ufw/user.rules
ufw reset # reset to defaults
# set our defaults
ufw default allow outgoing
ufw default deny  incoming
ufw allow 22/tcp        comment ssh
ufw allow 80/tcp        comment http
ufw allow 443/tcp       comment https
ufw allow 1194/udp      comment openvpn
ufw allow 1100:1200/tcp # port range (proto required23)
ufw allow 53            # allow both tcp and udp (eg: DNS)
ufw allow from 1.2.3.4  # single host
ufw allow from 192.168.1.0/24 # subnet
ufw allow from 1.2.3.4 to any port 22 proto tcp

# block an IP if it has attempted to initiate 6 or more
# connections in the last 30 seconds
ufw limit 22/tcp

# show rules added before enabling firewall
ufw show added

# remove/insert rule
ufw status numbered
ufw delete <row_number>
ufw insert <row_number> <new rule>

# show rules
ufw show added
ufw show raw

# other reports
ufw show builtins
ufw show before-rules
ufw show user-rules
ufw show after-rules
ufw show logging-rules

# start/stop/status service
ufw enable
ufw disable
ufw status
ufw status verbose
ufw reload # reload cfg

# see logs
ufw logging low # off/low/medium/high/full
tail -f /var/log/ufw.log

# show blocked incoming ports messages from log/dmesg/journalctl
dmesg | grep UFW | sed -r 's/.*(IN=[^ ]+).*(PROTO=[^ ]+).*(DPT=[^ ]+) .*/\1 \2 \3/' | sort -u

Notes:

The order of rules is critical in ufw/iptables as a packet will match the first rule, subsequent rules are ignored.
If something is wrong with filtering/logs you can try to purge and reinstall uwf (especially after a distribution upgrade).

Source: CyberCiti, ArchLinux