Linux

Debian - Freeswitch

How to Install FreeSwitch on Debian

Get your FreeSwitch Token (for Free) at: https://id.signalwire.com/signup/account/new

TOKEN=YOURSIGNALWIRETOKEN

apt-get update && apt-get install -y gnupg2 wget lsb-release

wget --http-user=signalwire --http-password=$TOKEN -O /usr/share/keyrings/signalwire-freeswitch-repo.gpg https://freeswitch.signalwire.com/repo/deb/debian-release/signalwire-freeswitch-repo.gpg

echo "machine freeswitch.signalwire.com login signalwire password $TOKEN" > /etc/apt/auth.conf
chmod 600 /etc/apt/auth.conf
echo "deb [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src [signed-by=/usr/share/keyrings/signalwire-freeswitch-repo.gpg] https://freeswitch.signalwire.com/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list

apt-get update && apt-get install -y freeswitch-meta-all

Any Comments ?

sha256: 94cd3ab92575ae8b4b4932e25ee45cf924331ebedd748ae034c483e7791aa30a

Debian - nala

Nala is a modern and user-friendly front-end for the APT package manager, designed to enhance the package management experience on Debian systems

Installation

apt install nala

Check Version

nala --version
root@debianxx ~# nala --version
nala 0.15.4

Install Package

nala install btop

Commands

nala --help
│ autopurge      Autopurge packages that are no longer needed.                                                                                                        │
│ autoremove     Autoremove packages that are no longer needed.                                                                                                       │
│ clean          Clear out the local archive of downloaded package files.                                                                                             │
│ fetch          Fetch fast mirrors to speed up downloads.                                                                                                            │
│ full-upgrade   Upgrade the system by removing/installing/upgrading packages.                                                                                        │
│ history        Show transaction history.                                                                                                                            │
│ install        Install packages.                                                                                                                                    │
│ list           List packages based on package names.                                                                                                                │
│ purge          Purge packages.                                                                                                                                      │
│ remove         Remove packages.                                                                                                                                     │
│ search         Search package names and descriptions.                                                                                                               │
│ show           Show package details.                                                                                                                                │
│ update         Update package list.                                                                                                                                 │
│ upgrade        Upgrade the system by upgrading packages only.       

Commands

nala list       list all packages
nala list -i    list installed packages
nala list -N    list packages installed with nala
nala list -u    list upgradable packages
nala list -h    show help for all list commands ...

Any Comments ?

sha256: 831a68cb00e13085f9eab36dcab94139961c2b083479df6874fd640d0e7ee883

Debian - Cloudimage

Debian Template on Proxmox

Cloud Image with SSH Key

on the Proxmox Host

Create Installer Key

# cd /your/working/dir
ssh-keygen -o -a 100 -t ed25519 -C "User: installer, $(date '+%Y-%m-%d %H:%m')" -f installer

Build Template

apt install libguestfs-tools -y;
wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2

virt-customize --install qemu-guest-agent -a debian-12-generic-amd64.qcow2
qm create 9001 --name debian-12-generic --memory 2048 --cores 2 --net0 virtio,bridge=vmbr0 --agent 1 
qm importdisk 9001 debian-12-generic-amd64.qcow2 local-lvm

qm set 9001 --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-9001-disk-0
qm set 9001 --ide2 local-lvm:cloudinit
qm set 9001 --boot c --bootdisk scsi0
qm set 9001 --serial0 socket
qm set 9001 --ipconfig0 ip=dhcp
qm set 9001 --cpu cputype=x86-64-v2-AES

qm set 9001 --sshkeys installer.pub
qm set 9001 --ciuser installer

qm resize 9001 scsi0 32G
qm template 9001

Create VM

in the GUI, you can create an new VM based on the Template 9001. You have to login with user “installer” and it’s private key!

Debian

Patch OpenSSH Only

apt install --only-upgrade  openssh-client openssh-server openssh-sftp-server

Time Zone

timedatectl set-timezone Europe/Zurich

-> set symlink: /etc/localtime -> ../usr/share/zoneinfo/Europe/Zurich

Fix Sudo Stuff

use ‘sudo -i’ and keep SSH_AUTH_SOCK if set

apt update
apt install sudo
usermod -aG sudo stoege
echo "Defaults env_keep+=SSH_AUTH_SOCK" > /etc/sudoers.d/ssh_auth_sock
echo "%sudo ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/group_sudo_nopass

Any Comments ?

sha256: 7e5018c28bea4357e2f6703ec2876e92798e020801a61e46d6e3698151bc5a38

Mikrotik

Some Commands for Mikrotik NewBees

Quick Guide - CCR2004-1G-12S+2XS

CCR2004-1G-12S+2XS - User Manual

MikroTik wired interface compatibility

Copper SFP (not able todo Auto Negotiation)

/interface/ethernet/set sfp-sfpplus1 auto-negotiation=no

Update Packages

/system package update check-for-updates
/system package update install
reboot

Upgrade Firmware

/system routerboard print
/system routerboard upgrade
/system reboot; 

Reset Config

/system/reset-configuration
  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 7.10.1 (c) 1999-2023       https://www.mikrotik.com/

Press F1 for help

-------------------------------------------------------------------------------
The following default configuration has been installed on your router:

Welcome to RouterOS!
   1) Set a strong router password in the System > Users menu
   2) Upgrade the software in the System > Packages menu
   3) Enable firewall on untrusted networks
-----------------------------------------------------------------------------
LAN:
    IP on ether1:    192.168.88.1/24;

-------------------------------------------------------------------------------
You can type "v" to see the exact commands that are used to add and remove
this default configuration, or you can view them later with
'/system default-configuration print' command.
To remove this default configuration type "r" or hit any other key to continue.
If you are connected using the above IP and you remove it, you will be disconnected.

Initial Config

/interface bridge add name=local
/interface bridge port add interface=ether2 bridge=local
/ip address add address=192.168.88.1/24 interface=local

Backup Config

# show full Config
export

# show non defaults
export compact

# show non defaults, hide sensitive stuff
export compact hide-sensitive

# write config to myconfig
export compact hide-sensitive file=myconfig

Any Comments ?

sha256: 4cffb5ddbd4d0059c71e311bc75a67839be888f15291cec9ac6d0c24478fffdd

Git - Mass Updater

Intro

Let’s assume you have a bunch of GIT Repos in a Folder like this:

/project1/
    /repo1/
    /repo2/
    /repoN/

and you would like to update all of them ? here a little helper.

  • Loop over all Folders
  • check if ‘.git’ exists
  • if so, do a git pull –all

Script

Copy/Paste it to your Terminal and you get a executable Script called ‘git_update_all.sh’.

cat << 'EOF' > git_update_all.sh
#!/usr/bin/env bash

# Get the current script directory
script_dir=$(dirname "$(readlink -f "$0")")

# Change into each directory in the script folder
for dir in "$script_dir"/*; do

    if [ -d "$dir" ]; then

        cd "$dir" || exit 1

        if [ -d ".git" ]; then

            echo "Updating Git repository in $dir"
            git pull --all

        else

            echo "Skipping $dir - not a Git repository"

        fi

        cd "$script_dir" || exit 1

    fi

done

echo "Git update for all repositories completed."
EOF

# make it executable
chmod u+x git_update_all.sh

Usage

and then run it, like it, use it :)

Debian - MinIO

Minio on Debian

Need some S3 Storage for Reasons ? Here a few Lines, how to Setup and enable TLS.

Install Minio

login as root for the whole installation. Or use sudo/doas if preferred.

Upgrade you Box

apt update && apt upgrade -y

reboot if needed

add User

Let’s add User as we don’t wanna run it as root

useradd -r minio-user -s /sbin/nologin

Get Minio

Download, set execute permission and move it

Jetporch - Jet

Intro

did you ever heared of Jetporch, short Jet ? Don’t worry, you’re not the only one ;) Jet Project of Jet is being led by Michael DeHaan, the original creator of Ansible. So, expect something like Ansible, faster, written in rust … same same, but different.

Installation on Debian 12

grab a fresh machine and patch it

export DEBIAN_FRONTEND=noninteractive
apt-get clean
apt-get autoclean
apt-get update -y
apt-get upgrade -yq
apt-get dist-upgrade -yq
apt-get autoremove -y

Install Rust from Source

jet needs rustc 1.64. Debian install 1.63 from packages :(

Debian behind TLS Proxy

Behind Corp Proxy

let’s assume you’re behing a Corp Proxy which enforce TLS Inspection, you don’t have the Proxy Cert and you want to Upgrade your Boxes …

… and of course, you do this in the LAB and for Research only and not your Productiv Environment!

TLS Inspection enabled

apt-get upate
W: Failed to fetch https://packages.sury.org/php/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted.
The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: xx.xx.xx.xx yyyy]

Disable TLS Check

touch /etc/apt/apt.conf.d/99verify-peer.conf
echo >>/etc/apt/apt.conf.d/99verify-peer.conf "Acquire { https::Verify-Peer false }"

Update

apt-get update
apt-get upgrade

Any Comments ?

sha256: 40c39ed441b4690a8644cd63bfd2e6987f06a70c4f922eca14de5dcc27d4fb35

Restricted Shell

Restricting User to Script

Let’s assume you have some Users around and they should be able to run certain Scripts. These Scripts do various things, login to some systems, perform task, get data from an API, whatever you want. All these Actions needs Credentials which must be available to the script, although they are not part of the Script. They could be Provides via OS Env, .env File, Encrypted Password Store or whatever. But if the Script is able to access these Credentials, a logged in User would could access it also.