Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Màj 06-04-2024

Browse Source
This commit is contained in:
Bruno21
2024-04-06 09:54:09 +02:00
parent cd8cebe7cb
commit 259b9c6a24
76 changed files with 5126 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/Raspberry/backup_sd.md
View File

@@ -84,3 +84,10 @@ $ sudo dd if=~/raspian_backup.img of=/dev/sdg
Utiliser WinDisk32 sourceforge.net/projects/win32diskimager
# Sous macOS
ApplePi-Baker permet de sauvegarder un carte SD en fichier image, et surtout de shrinker l'image (contracter une SD de 32Go en l'espace réellement utilisésolus)
[ApplePi-Baker v2](https://www.tweaking4all.com/software/macosx-software/applepi-baker-v2/)

97
docs/Raspberry/diet-pi.md Normal file
View File

@@ -0,0 +1,97 @@
# Diet-pi
### Dropbear
```bash
systemctl status dropbear.service
```
Fichier de configuration: `/etc/default/dropbear`
```bash
# The TCP port that Dropbear listens on
DROPBEAR_PORT=51322
```
```bash
systemctl status dropbear.service
● dropbear.service - Lightweight SSH server
Loaded: loaded (/lib/systemd/system/dropbear.service; enabled; preset: enabled)
Active: active (running) since Sat 2024-02-10 09:07:47 GMT; 7s ago
Docs: man:dropbear(8)
Main PID: 3107 (dropbear)
Tasks: 5 (limit: 1069)
CPU: 68ms
CGroup: /system.slice/dropbear.service
├─3060 /usr/sbin/dropbear -EF -p 22 -W 65536 -2 8
├─3061 -bash
├─3107 /usr/sbin/dropbear -EF -p 51322 -W 65536
├─3109 systemctl status dropbear.service
└─3110 "(pager)"
```
```bash
# disallow root login
DROPBEAR_EXTRA_ARGS=“-w -g”
```
#### --help
```bash
Dropbear server v2022.83 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: dropbear [options]
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-r keyfile Specify hostkeys (repeatable)
defaults:
- dss /etc/dropbear/dropbear_dss_host_key
- rsa /etc/dropbear/dropbear_rsa_host_key
- ecdsa /etc/dropbear/dropbear_ecdsa_host_key
- ed25519 /etc/dropbear/dropbear_ed25519_host_key
-R Create hostkeys as required
-F Don't fork into background
-e Pass on server process environment to child process
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-G Restrict logins to members of specified group
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins
-t Enable two-factor authentication (both password and public key required)
-T Maximum authentication tries (default 10)
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-c command Force executed command
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /var/run/dropbear.pid)
-i Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 10MB)
-K <keepalive> (0 is never, default 0, in seconds)
-I <idle_timeout> (0 is never, default 0, in seconds)
-z disable QoS
-V Version
```
#### Passwordless:
```bash
cat ~/.ssh/id_rsa.pub | ssh -p65535 root@192.168.12.116 'cat>> ~/.ssh/authorized_keys'
```

31
docs/Raspberry/index.md
View File

@@ -6,23 +6,48 @@
[aptitude](aptitude.md)
[Argon One](Argon-one.md)
[Backup](backup.md)
[Boot et clone](boot.md)
[Cloud](cloud.md)
[Diet-pi](diet-pi.md)
[Envoyer un mail depuis le Raspberry](send_mail.md)
[Hardware](hardware.md)
[Heure](heure.md)
[Installation sans écran](headless.md)
[Mail](mail.md)
[Matériels](materiels/materiels.md)
[Nextcloud](nextcloud.md)
[Pi Desktop](pi-desktop.md)
[Pi-hole](pi-hole.md)
[Python](python.md)
[Réseau](reseau.md)
[Boot et clone](boot.md)
[Pi Desktop](pi-desktop.md)
[Divers](divers.md)
[Rclone](rclone.md)
[Réseau](reseau.md)
[Services](services.md)
[SiriControl](siri_control.md)
[Tools](tools.md)
[Divers](divers.md)

217
docs/Raspberry/mail.md Normal file
View File

@@ -0,0 +1,217 @@
### Envoyer un mail depuis le Raspberry
Il faut installer **msmtp**:
```bash
# apt install bsd-mailx msmtp msmtp-mta
```
#### Configuration:
https://doc.ubuntu-fr.org/tutoriel/comment_envoyer_un_mail_par_smtp_en_ligne_de_commande
https://wiki.archlinux.org/title/Msmtp
http://www.futurile.net/resources/msmtp-a-simple-mail-transfer-agent/
```bash
nano /etc/msmtprc
```
```bash
#Set default values for all accounts.
defaults
auth login
tls on
tls_starttls off
tls_certcheck on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
#OVH settings
account ovh
host ssl0.ovh.net
#auth login
#tls on
#tls_starttls off
#tls_certcheck on
#tls_trust_file /etc/ssl/certs/ca-certificates.crt
from xxxxxxxxxxx@clicclac.info
port 465
user xxxxxxxxxxx@clicclac.info
password xxxxxxxxxxx
#Orange settings
account orange
host smtp.orange.fr
protocol smtp
#auth login
#tls on
#tls_starttls off
#tls_certcheck on
#tls_trust_file /etc/ssl/certs/ca-certificates.crt
from byyyyyyyyyyyyy@orange.fr
maildomain orange.fr
port 465
user byyyyyyyyyyyyy
password yyyyyyyyyyyyy
#Set a default account
account default : orange
```
on sécurise le fichier de config:
```bash
root@PiHole2:~# chown root:msmtp /etc/msmtprc
root@PiHole2:~# chmod 640 /etc/msmtprc
```
Encrypter `/etc/msmtprc`
https://www.howtoraspberry.com/2021/06/how-to-send-mail-from-a-raspberry-pi/
#### Test:
```bash
root@PiHole2:~# echo "BEEP BEEP" | mailx -s "Subject: This is a test!" bxxxxxxxxxxx@orange.fr
```
nano test.mail
```bash
To: bxxxxxxxxxxx@orange.fr
From: bxxxxxxxxxxx@orange.fr
Subject: Pi-Hole update
Hello there.
version 3
```
```bash
cat test.mail | msmtp --read-envelope-from --read-recipients
cat test.mail | msmtp --account=default --read-envelope-from --read-recipients
```
```
cat /tmp/fichier | mail
```
```
apt install libsecret-tools
```
```bash
gpg --full-generate-key
gpg: /root/.gnupg/trustdb.gpg : base de confiance créée
gpg: répertoire « /root/.gnupg/openpgp-revocs.d » créé
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/75199AB29FD34F8BDEA93ABF97857FE7ED14794A.rev'
les clefs publique et secrète ont été créées et signées.
pub rsa3072 2024-03-02 [SC]
75199AB29FD34F8BDEA93ABF97857FE7ED14794A
uid pihole <liste@clicclac.info>
sub rsa3072 2024-03-02 [E]
```
```bash
# gpg --list-secret-keys --keyid-format LONG
gpg: vérification de la base de confiance
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: profondeur : 0 valables : 1 signées : 0
confiance : 0 i., 0 n.d., 0 j., 0 m., 0 t., 1 u.
/root/.gnupg/pubring.kbx
------------------------
sec rsa3072/97857FE7ED14794A 2024-03-02 [SC]
75199AB29FD34F8BDEA93ABF97857FE7ED14794A
uid [ ultime ] pihole <liste@clicclac.info>
ssb rsa3072/9B43CA525CFA97A6 2024-03-02 [E]
```
https://unix.stackexchange.com/questions/614737/how-to-cache-gpg-key-passphrase-with-gpg-agent-and-keychain-on-debian-10
```bash
# util ou pas ?
~/.gnupg# mv gnu.conf gpg.conf
```
```
keychain --eval --agents gpg pihole
* keychain 2.8.5 ~ http://www.funtoo.org
* Found existing gpg-agent: 238
GPG_AGENT_INFO=/root/.gnupg/S.gpg-agent:238:1; export GPG_AGENT_INFO;
* Adding 1 gpg key(s): pihole
```
```bash
~# apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Avertissement : impossible de trouver un syst?me de fichiers appropri? dans /proc/mounts, est-il mont? ?
Utilisez --subdomainfs pour remplacer.
# apt install apparmor-utils
~# systemctl enable apparmor
Synchronizing state of apparmor.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apparmor
~# systemctl status apparmor
○ apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; preset: enabled)
Active: inactive (dead)
Docs: man:apparmor(7)
https://gitlab.com/apparmor/apparmor/wikis/home/
~# apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Avertissement : impossible de trouver un syst?me de fichiers appropri? dans /proc/mounts, est-il mont? ?
Utilisez --subdomainfs pour remplacer.
```
https://discourse.pi-hole.net/t/apparmor-reference-in-unbound-guide-clarification-requested/62351/3
```bash
~# gpg --encrypt --output orange.mail.gpg --recipient liste@clicclac.info orange.mail
~# gpg --decrypt --output file.txt orange.mail.gpg
```

187
docs/Raspberry/pi-hole.md Normal file
View File

@@ -0,0 +1,187 @@
# pi-hole & unbound
#### RasbianOS
| **Version** | **Code name** | **Current status** | **Release date** | **End-of-life ([LTS](https://wiki.debian.org/LTS))** |
| ----------- | ------------- | ------------------ | ---------------- | ---------------------------------------------------- |
| 11 | Bullseye | oldstable | 2021-08-14 | 2024-08-14 (2026-08-31) |
| 12 | Bookworm | stable | 2023-06-10 | 2026-06-10 (2028-06-30) |
| 13 | Trixie | testing | 2025-06-?? | 2028-06-?? (2030-06-??) |
##### Installer Pi-Hole et Unbound:
https://www.crosstalksolutions.com/the-worlds-greatest-pi-hole-and-unbound-tutorial-2023/
https://mediacenterz.com/tutoriel-complete-pi-hole-bloqueur-dannonces-pour-toute-la-maison/
##### Installer Gravity Sync:
https://github.com/vmstan/gravity-sync
##### Installer keepalived:
https://davidshomelab.com/pi-hole-failover-with-keepalived/
##### Version de Pi-Hole
```bash
$ pihole -v
Pi-hole version is v5.17.3 (Latest: v5.17.3)
web version is v5.21 (Latest: v5.21)
FTL version is v5.25 (Latest: v5.25.1)
```
##### Mise-à-jour de Pi-Hole:
```bash
$ pihole -up
```
##### Changer le mot de passe de linterface Web PiHole
```bash
$ pihole -a -p
```
##### Liste noire:
- **`pihole -b -l`** Liste des domaines sur la liste noire
- **`pihole -b exemple.com`** Ajouter example.com à la liste noire
- **`pihole -b -d example.com`** Supprimer exemple.com de la liste noire
##### Liste blanche:
- **`pihole -w -l`** Liste des domaines dans la liste blanche
- **`pihole -w exemple.com`** Ajouter example.com à la liste blanche
- **`pihole -w -d example.com`** Supprimer exemple.com de la liste blanche
##### Activer / désactiver Pi-Hole:
- **`pihole enable`** Activer PiHole
- **`pihole disable`** Désactiver PiHole en permanence
- **`pihole disable 10m`** Désactiver PiHole pendant 10 minutes
- **`pihole disable 60s`** Désactiver PiHole pendant 1 min
### Activer la résolution local sur le PiHole (Loopback)
Se connecter sur le Pi-Hole en ssh, puis:
```bash
echo "addn-hosts=/etc/pihole/lan.list" | sudo tee /etc/dnsmasq.d/02-lan.conf
```
On crée le fichier `/etc/pihole/lan.list`
```bash
nano /etc/pihole/lan.list
```
que l'on remplit avec les IP/serveurs
```bash
Adresse IP nom de domaine nom du serveur
192.168.1.xx service.nomdedomaine nomduserveur
```
```bash
192.168.2.57 navidrome.photos-nas.ovh navidrome
192.168.2.57 ds923.photos-nas.ovh dsm
192.168.2.57 maloja.photos-nas.ovh maloja
192.168.2.57 photos.photos-nas.ovh photos
192.168.2.57 change.photos-nas.ovh changedetection
192.168.2.57 search.photos-nas.ovh searxng
192.168.2.57 vault.photos-nas.ovh vaultwarten
192.168.2.1 asus.photos-nas.ovh asus
192.168.2.1 www.asusrouter.com et12
192.168.2.116 pihole1.photos-nas.ovh dietpi1
192.168.2.216 pihole2.photos-nas.ovh dietpi2
```
On redémarre le service DNS:
```bash
pihole restartdns
```
https://induste.com/threads/utiliser-un-pihole-pour-creer-une-loopback-orange-bouygues-etc.634410/
### Liens:
https://www.reddit.com/r/pihole/comments/tsperl/comment/i2sr22h/
https://discourse.pi-hole.net/t/pihole-unbound-not-working-as-it-should/51381/12
https://docs.pi-hole.net/guides/dns/unbound/#disable-resolvconf-for-unbound-optional
https://alain-michel.canoprof.fr/eleve/tutoriels/raspberry/utiliser-pi-hole-pour-bloquer-les-pubs/
https://nicolasforcet.com/nettoyer-base-de-donnees-pihole-ftldb-log/
https://nicolasforcet.com/raspberry-pi-limiter-drastiquement-les-logs-et-les-mettre-en-ram-pour-preserver-sa-carte-sd/
Using “sudo nmtui” I was able to change my network settings. I
The Fireborg : The Big Blocklist Collection
https://firebog.net
Gravity Sync:
https://github.com/vmstan/gravity-sync
https://github.com/azlux/log2ram
https://dnscheck.tools
```
vcgencmd get_throttled <-- will give you info on conditions that may have caused throttling.
```
```
Great write up, thanks.
Instead of a firewall rule, blocking all DNS queries except to Pihole, better create a NAT Port Forward rule, so that all DNS queries except router or a Pihole are redirected to the pihole address. Thus DNS resolution will continue working (for allowed domains) even if somebody (or some malicious IoT device) use custom DNS.
I have an OPNsense (pfSense fork) with Unbound installed onboard (192.168.0.1), and a PiHole on another box (192.168.0.100).
All devices by default query DNS from the router (192.168.0.1).
Above mentioned NAT Port Forward rule redirects all DNS queries to the Pihole (192.168.0.100).
Pihole has Unbound on a router as an upstream (192.168.0.1).
SO, unfortunately, there are some networks hops to and fro, but I cant install Pihole on an OPNsense router (its FreeBSD and not Linux).
```
```
Hopefully CrossTalk sees this, but this guide needs to be updated. As of the 10/10/2023 of Debian Bookworm. Debian (and by extension Raspberry Pi OS) does not use dhcpcd as the networking interface. Instead, it uses the more complex/robust NetworkManager. This change can be found in the release notes for RaspberyPi OS here: https://downloads.raspberrypi.com/raspios_lite_arm64/release_notes.txt.
This means that the dhcpcd.conf file will not exist under /etc as the guide suggest. There are ways to use nmcli (the command the interact with NetworkManager) to set a static IP. However, I recommend simply setting up a DHCP reservation using your router. Either way, you cannot set up a static IP using dhcpcd.conf. Hope this helps anyone on their PiHole journey!
```
```
static IP on Bookworm:
credits to https://raspberrypi-guide.github.io/networking/set-up-static-ip-address
So I used nmtui command to set up a static ip on bookworm. Looks like they got rid of dhcpcd by default and are going with NetworkManager.
1. type sudo nmtui so you have the right permissions
2. edit the connection you want
4. change ipv4 config to manual
5. Enter your desired ip address into addresses (with a trailing /24, e.g. 192.168.1.77/24)
6. I put my routers ip in the gateway and DNS fields, and also added a second 8.8.8.8 for DNS
7. Exit out of nmtui
8. reboot and it should work
```