diff --git a/01-debian-networking.txt b/01-debian-networking.txt index f07ed9c..6da27da 100644 --- a/01-debian-networking.txt +++ b/01-debian-networking.txt @@ -17,7 +17,6 @@ domain intensewebs.com search intensewebs.com nameserver 192.168.1.140 nameserver 192.168.1.141 -nameserver 192.168.1.124 sudo vi /etc/hosts # ADD/CHANGE @@ -27,7 +26,8 @@ sudo vi /etc/hostname # ADD/CHANGE ctp1.intensewebs.com -sudo systemctl restart networking +reboot +# sudo systemctl restart networking # Frozen SSH afterwards do this: ~ diff --git a/disks.txt b/disks.txt index e533eca..124a699 100644 --- a/disks.txt +++ b/disks.txt @@ -14,10 +14,22 @@ pvs vgs lvs -RESIZE -# unmount /home because an ext4 filesystem cannot be reduced while mounted +# RESIZE LVM AS ROOT: https://www.golinuxcloud.com/lvm-shrink-logical-volume/ +df -hT /home +lsblk -f +umount /home +fsck -f /dev/mapper/pg--vg-home +resize2fs /dev/mapper/pg--vg-home 5G +lvreduce -r -L 5G /dev/mapper/pg--vg-home +mount /dev/mapper/pg--vg-home /home + +# Extend the logical volume zeus-vg/var by 4G +lvextend -L+4G /dev/mapper/zeus--vg-var +# resize the ext4 filesystem in logical volume zeus-vg/var to the new volume size +resize2fs /dev/mapper/zeus--vg-var + +#RESIZE ext4 - # unmount /home because an ext4 filesystem cannot be reduced while mounted umount /home -# resize the ext4 filesystem in logical volume zeus-vg/home to 50G fsck -f /dev/mapper/zeus--vg-home resize2fs /dev/mapper/zeus--vg-home 50G # reduce the logical volume zeus-vg/home to 50G @@ -25,19 +37,6 @@ lvreduce -L50G /dev/mapper/zeus--vg-home # remount /home mount /home -# Extend the logical volume zeus-vg/var by 20G -lvextend -L+20G /dev/mapper/zeus--vg-var -# resize the ext4 filesystem in logical volume zeus-vg/var to the new volume size -resize2fs /dev/mapper/zeus--vg-var - -# RESIZE AS ROOT: https://www.golinuxcloud.com/lvm-shrink-logical-volume/ -df -hT /home -umount /home -fsck -f /dev/mapper/sd--vg-home -resize2fs /dev/mapper/sd--vg-home 100G -lvreduce -r -L 100G /dev/mapper/sd--vg-home -mount /dev/mapper/sd--vg-home /home - # MOUNT OTHER DRIVES cd/media mkdir 2TBSEAGATE diff --git a/freeipa.txt b/freeipa.txt index 678472e..dc18c3e 100644 --- a/freeipa.txt +++ b/freeipa.txt @@ -1,81 +1,39 @@ # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/index / https://youtu.be/xzfHRJNjqDI / https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/linux-manual#host-setup-proc # FreeIPA requires over 2Gb+ in /usr - Change to root, Check DNS # REPLICA - Server A can be installed with a CA and DNS services, while Replica A can be based on Server A's configuration but not host either DNS or CA services. Replica B can be added to the domain, also without CA or DNS services. At any time in the future, a CA or DNS service can be created and configured on Replica A or Replica B. - -# FEDORA FREEIPA SERVER FIREWALL -systemd-resolve --status enp1s0 -firewall-cmd --get-active-zones -firewall-cmd --list-all -firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --add-service=dns --permanent -firewall-cmd --add-port 80/tcp --permanent -firewall-cmd --add-port 443/tcp --permanent -firewall-cmd --add-port 389/tcp --permanent -firewall-cmd --add-port 636/tcp --permanent -firewall-cmd --add-port 88/tcp --permanent -firewall-cmd --add-port 464/tcp --permanent -firewall-cmd --add-port 7389/tcp --permanent -firewall-cmd --add-port 88/udp --permanent -firewall-cmd --add-port 464/udp --permanent -firewall-cmd --add-port 53/udp --permanent -firewall-cmd --add-port 123/udp --permanent -firewall-cmd --reload -firewall-cmd --list-all - -# DEBIAN FREEIPA SERVER FIREWALL as root -apt install ufw -systemctl enable ufw -ufw enable -sudo ufw status verbose -sudo ufw status numbered -sudo ufw --force disable \ -&& sudo ufw --force reset \ -&& sudo ufw default deny incoming \ -&& sudo ufw default allow outgoing \ -&& sudo ufw allow from 192.168.1.0/24 to any port 22 \ -&& sudo ufw allow 53/tcp \ -&& sudo ufw allow 80/tcp \ -&& sudo ufw allow 389/tcp \ -&& sudo ufw allow 443/tcp \ -&& sudo ufw allow 636/tcp \ -&& sudo ufw allow 88/tcp \ -&& sudo ufw allow 464/tcp \ -&& sudo ufw allow 7389/tcp \ -&& sudo ufw allow 53/udp \ -&& sudo ufw allow 88/udp \ -&& sudo ufw allow 464/udp \ -&& sudo ufw allow 123/udp \ -&& sudo ufw --force enable \ -&& sudo ufw reload -reboot __________________________________________________________ -# SERVER INSTALL: TEST SERVER AT: https://SERVER.SUBDOMAIN.DOMAIN.COM/ipa/ui + +# SERVER INSTALL: # ipactl status stop start restart TEST SERVER AT: https://SERVER.SUBDOMAIN.DOMAIN.COM/ipa/ui dnf install freeipa-server freeipa-server-dns nfs-utils fips-mode-setup --enable reboot fips-mode-setup --check update-crypto-policies --show - ipa-server-install --mkhomedir reboot -# ipactl status stop start restart kinit admin klist __________________________________________________________ # CLIENT MACHINE # FEDORA # sudo dnf install freeipa-client ipa-admintools +# ipa host-add-managedby --hosts=server.example.com ipaclient.example.com +# ipa-getkeytab -s server.example.com -p host/ipaclient.example.com -k /tmp/ipaclient.keytab apt install freeipa-client -ipa-client-install --mkhomedir --all-ip-addresses --enable-dns-updates --request-cert --domain iweb.corp --server ipa1.iweb.corp --realm IWEB.CORP --fixed-primary ipa1.iweb.corp +ipa-client-install --enable-dns-updates --mkhomedir --ip-address +ipa-client-install --uninstall __________________________________________________________ # USER CREATE: Add User in FreeIPA Web GUI or below. Go to new machine to test. Require ipa-admintools +# ipa host-add --force --ip-address=192.168.166.31 ipaclient.example.com kinit admin klist ipa user-add bsmith ipa user-mod bsmith --title="Accounting II" ipa user-add bsmith --first=Bob --last=Smith --email=bsmit@intensewebs.com ipa user-find bsmith + ipa config-mod --defaultshell=/bin/bash kinit bsmith klist diff --git a/misc.txt b/misc.txt index 2ab112b..02cfeab 100644 --- a/misc.txt +++ b/misc.txt @@ -22,6 +22,7 @@ sudo apt autoclean && sudo apt autoremove sudo apt install gvfs-backends sudo apt reinstall gvfs-backends +systemctl list-unit-files | grep masked sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target tar zcvf email-backup.tar.gz /home/privacy/.thunderbird/ @@ -54,6 +55,12 @@ pacmd list-cards sudo pacmd list-cards sudo apt-get install alsa-tools-gui --------------------------------------------- +# sudo systemctl restart networking +# Frozen SSH afterwards do this: + +~ +. +--------------------------------------------- sudo dnf install akmod-nvidia sudo dnf install xorg-x11-drv-nvidia-cuda --------------------------------------------- diff --git a/nginx.txt b/nginx.txt new file mode 100644 index 0000000..397741a --- /dev/null +++ b/nginx.txt @@ -0,0 +1,50 @@ +firewall-cmd --permanent --add-port=80/tcp +firewall-cmd --permanent --add-port=443/tcp +firewall-cmd --reload +sudo firewall-cmd --state +firewall-cmd --list-services +firewall-cmd --list-all +curl localhost:3000 + +cd /etc/nginx +vi /etc/nginx/nginx.conf + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} + +cd /etc/nginx/conf.d +vi /etc/nginx/conf.d/pg.iweb.city.conf + +server { + listen 3001; + server_name pg.iweb.city; + root /var/www/pg.iweb.city/html; +} diff --git a/python3-venv-django-uwsgi b/python3-venv-django-uwsgi new file mode 100644 index 0000000..a2e48fa --- /dev/null +++ b/python3-venv-django-uwsgi @@ -0,0 +1,22 @@ +# https://tonyteaches.tech/django-nginx-uwsgi-tutorial/ +which python3 +# sudo apt install python3 python3-pip + +# INSTALL PYTHON VIRTUAL ENVVIRONMENT +sudo apt-get install python3-venv +mkdir ~/env +python3 -m venv ~/env/mypyenv +ls env/mypyenv/bin +source ~/env/mypyenv/bin/activate +which python +pip install Django +django-admin startproject py1 +cd py1 +# TEST DJANGO PYTHON INCLUDED WEBSERVER ONLY +# python manage.py runserver 0.0.0.0:8000 + +sudo apt-get install python3-dev +# sudo apt-get install gcc +pip install uwsgi +# uwsgi --http :8000 --wsgi-file test.py +uwsgi --http :8000 --module py1.wsgi