Just Blog

Modern state-of-the-art VPN designed to be simplier and faster that IPsec and openVPN.

Download latest Windows Installer.

Slient Install

Wireguard may be installed silently via msiexec.

Install wireguard and remove default auto-start GUI (powershell as admin).

Start-Process msiexec.exe -ArgumentList '/q', '/I', 'wireguard-amd64-0.1.0.msi' -Wait -NoNewWindow -PassThru | Out-Null
Start-Process 'C:\Program Files\WireGuard\wireguard.exe' -ArgumentList '/uninstallmanagerservice' -Wait -NoNewWindow -PassThru | Out-Null

Add Pre-configured Tunnel

Pre-configured tunnels may be added as a separate service.

Install my-tunnel.conf as a startup tunnel (powershell as admin).

Start-Process 'C:\Program Files\WireGuard\wireguard.exe' -ArgumentList '/installtunnelservice', 'my-tunnel.conf' -Wait -NoNewWindow -PassThru | Out-Null
Start-Process sc.exe -ArgumentList 'config', 'WireGuardTunnel$my-tunnel', 'start= delayed-auto' -Wait -NoNewWindow -PassThru | Out-Null
Start-Service -Name WireGuardTunnel$my-tunnel -ErrorAction SilentlyContinue

https://r-pufky.github.io/docs/services/wireguard/windows-setup.html

alsactl init
apt install alsa vlc
adduser vlcuser audio

vlc -I telnet --telnet-password=<password> --telnet-port=9999 --alsa-audio-device default

VLC on Raspbian Lite Headless

sudo nano /lib/modprobe.d/aliases.conf

find the line and comment (for usb soundcard):

options snd-usb-audio index=-2
flock -n /tmp/vlc.lock vlc -I telnet --telnet-password=home --telnet-port=9999 --aout=alsa --no-dbus --file-logging --logfile=/tmp/vlc.log

https://learn.adafruit.com/usb-audio-cards-with-a-raspberry-pi/updating-alsa-config

automatic start script

$ cat startvlc.sh
XDG_RUNTIME_DIR=/run/user/$(id -u)
DISPLAY=:0
flock -n /tmp/vlc.lock vlc -I telnet --telnet-password=<password> --telnet-port=9999 --file-logging --logfile=/tmp/vlc.log

$ cat checkerror.sh
if [ ! -f /tmp/vlc.log ] ; then
  echo 'log not found'
  exit 0
fi
outp=$(grep -c "vlcpulse error" /tmp/vlc.log)
if [ $outp -gt 0 ] ; then
  echo $(date)' error found, killall vlc' >> /tmp/vlccheck.log
  pulseaudio --check
  killall vlc
  sleep 1
  cp /tmp/vlc.log /tmp/vlc.log.bk
  rm /tmp/vlc.log
  sleep 5
else
  echo $(date)' no error found' >> /tmp/vlccheck.log
fi

$ cat /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=ID

network={
ssid="ssidname"
psk="wifipassword"
}

Method 1 (download image, modify in another pc, install remotely)

Download decompress image

curl -L https://downloads.raspberrypi.org/raspios_oldstable_lite_armhf/images/raspios_oldstable_lite_armhf-2023-05-03/2023-05-03-raspios-buster-armhf-lite.img.xz | xz --decompress -c > 2023-05-03-raspios-buster-armhf-lite.img

Mount image

fdisk -l 2023-05-03-raspios-buster-armhf-lite.img
532480*512bytes
sudo mount -o loop,offset=272629760 ~/2023-05-03-raspios-buster-armhf-lite.img /mnt
8192*512bytes
524288*512bytes
sudo mount -o loop,offset=4194304,sizelimit=268435456 ~/2023-05-03-raspios-buster-armhf-lite.img /mnt/boot

Modify wireless configuration (copy from existing), enable ssh

sudo cp /mnt/etc/wpa_supplicant/wpa_supplicant.conf .
sudo touch /boot/ssh

Remote install (image from another pc)

ssh user@linuxpc "dd if=2023-05-03-raspios-buster-armhf-lite.img bs=4M" | pv | dd bs=4M of=/dev/mmcblk0

Restart

echo 1 > /proc/sys/kernel/sysrq

Method 2 (Direct install from image)

curl -L https://downloads.raspberrypi.org/raspios_oldstable_lite_armhf/images/raspios_oldstable_lite_armhf-2023-05-03/2023-05-03-raspios-buster-armhf-lite.img.xz | xz --decompress -c | dd bs=4M of=/dev/mmcblk0

Restart

echo b > /proc/sysrq-trigger

apt install samba webmin-samba

#this is important!path

#disable this! –> restrict anonymous = 2

map to guest = value

[share]
   comment = User share
   path = /mnt/share
   guest ok = yes
   browseable = yes
   force create mode = 0666
   force directory mode = 0777
   read only = no
#   guest account = super
#   public = yes
   force user = super

datacenter – storage
local-lvm –> remove

commands:
pvs — see Physical Volumes
vgs — see Volume Group
lvs — see Logicals Volumes

lvremove /dev/pve/data
lvresize -l +100%FREE /dev/pve/root
resize2fs /dev/mapper/pve-root

tested on: intel 8600 coffee lake

host ubuntu privileged
install vaapi

#/etc/pve/lxc/<ctnum>.conf
#proxmox 7 use cgroup2 - https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0#CGroupV2
lxc.cgroup2.devices.allow: c 226:0 rwm
lxc.cgroup2.devices.allow: c 226:128 rwm
lxc.cgroup2.devices.allow: c 29:0 rwm
lxc.mount.entry: /dev/dri dev/dri none bind,optional,create=dir

guest jellyfin
ls -lah /dev/dri
apt install vaapi intel-gpu-tools
vaapi
usermod -aG render jellyfin
usermod -aG render www-data
usermod -aG video jellyfin
usermod -aG video www-data
apt update
apt upgrade upgrade

web
admin – server – playback
transcoding hw acc intel qsv
enable decoding h264 hevc hevc10bit vp9 10bit
prefer os native
enable hw encoding
allow encoding hevc

# run ‘getent group render’ both in container and host
container 108
host 103

# host: add line at /etc/subgid
root:103:1

# calculate mapping:
map 0..107 ct to 100000..100107 host
map 108 ct to 103 host
map 109.. ct to 100109..

# host: add to lxc config /etc/pve/lxc/101.conf
# proxmox 7 use cgroup2 – https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0#CGroupV2
lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 108
lxc.idmap: g 108 103 1
lxc.idmap: g 109 100109 65427
lxc.cgroup.devices.allow: c 226:128 rwm
lxc.mount.entry: /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file

# should be working, else force it on host :-p
chmod 0666 /dev/dri/renderD128

# check at the container:
$ ls -ln /dev/dri/renderD128
crw-rw—- 1 65534 108 226, 128 Dec 23 01:25 /dev/dri/renderD128

$ sudo usermod -aG render zmuser
$ sudo usermod -aG render www-data

# DO NOT FORGET to restart after add user to group, its IMPORTANT!

$ cat /dev/dri/renderD128

$ sudo apt install vainfo i965-va-driver

# container: Try using ffmpeg to decode h264
$ ffmpeg -v verbose -y -hwaccel vaapi -hwaccel_device /dev/dri/renderD128 -i rtsp://<user>:<pass>@<ip>:554/stream2 result.mp4

# container: Try using ffmpeg to decode and encode h264
$ ffmpeg -v verbose -y -hwaccel vaapi -hwaccel_device /dev/dri/renderD128 -i rtsp://<user>:<pass>@<ip>:554/stream2 -c:v h264_vaapi -qp 25 result.mp4

# container: Check GPU Utilization at Host:
$ sudo apt install intel-gpu-tools
$ sudo intel_gpu_top

For Zoneminder FFMPEG, crf option not available for h264_vaapi
So, set this option: recording -> encoder: h264_vaapi, optional encoder parameters: qp=25

https://yoursunny.com/t/2022/lxc-vaapi/
https://pve.proxmox.com/wiki/Unprivileged_LXC_containers
https://itsembedded.com/sysadmin/proxmox_bind_unprivileged_lxc/
https://trac.ffmpeg.org/wiki/Hardware/QuickSync
https://trac.ffmpeg.org/wiki/Hardware/VAAPI
https://forums.zoneminder.com/viewtopic.php?t=30820
https://github.com/intel/intel-vaapi-driver/blob/master/README

#/etc/apache2/apache2.conf
<Directory /var/www>
  Options Indexes FollowSymLinks
  AllowOverride All
  Require all granted
</Directory>

sudo a2enmod rewrite
sudo service apache2 restart

#.htaccess in directories that needs forward https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Note: this may be a problem if you’re behind https reverse proxy that forward to http

#/etc/lightdm/lightdm.conf
[Seat*:]
autologin-guest=false
autologin-user=user
autologin-user-timeout=0

https://appuals.com/how-to-enable-auto-login-in-xubuntu/

only support ubuntu 18.04 20.04 22.04

sudo apt update
sudo apt install gnupg

sudo curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
sudo curl https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list > /etc/apt/sources.list.d/mssql-release.list
sudo apt update
sudo ACCEPT_EULA=Y apt-get install -y msodbcsql18
sudo ACCEPT_EULA=Y apt-get install -y mssql-tools18
echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' >> ~/.bashrc
source ~/.bashrc
sudo apt-get install -y unixodbc-dev
sudo apt install php-odbc
sudo service apache2 restart
cat /etc/odbcinst.ini
configure driver name specified in odbcinst above

#example
$odbc = odbc_connect('DRIVER={ODBC Driver 18 for SQL Server};SERVER=<server>;DATABASE=<db>;TrustServerCertificate=yes', 'sa', '<password>');

sqlcmd -S host -U user -P pass -C

Note: TrustServerCertificate is required, else it will get ssl error

https://learn.microsoft.com/en-us/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-ver16&tabs=ubuntu18-install%2Calpine17-install%2Cdebian8-install%2Credhat7-13-install%2Crhel7-offline