Tool | Linux Config

Notes Linux config

Change username

要改使用者名稱通常很麻煩，這個是一個我覺得比較好的做法，多了 Link 至少讓沒改到的地方能連結到新的 home
How To Change Username On Ubuntu, Debian, Linux Mint Or Fedora

Create a temporary user
- sudo adduser tempuser
- sudo usermod -aG sudo tempuser
Login with tempuser
- sudo usermod -l ${newusername} -d /home/${newusername} -m ${oldusername}
- sudo groupmod -n ${newusername} ${oldusername}
Create a symbolic link
- sudo ln -s /home/${newusername} /home/${oldusername}
Login new username and delete temporary user
- sudo userdel -r tempuser

Disk mount

Ext4 with LVM Resize

Reduce LVM size

Check disk mount df -h

df -h /home
# Filesystem                        Size  Used Avail Use% Mounted on
# /dev/mapper/debian--vg-home   23G  1.9G   20G   9% /home

Unmount disk umount, then check and fix disk e2kfsck

umount /dev/mapper/debian--vg-home
e2kfsck -f /dev/mapper/debian--vg-home

Resize file system resize2fs

resize2fs /dev/mapper/debian--vg-home 80G
# resize2fs 1.42.9 (28-Dec-2023)
# Resizing the filesystem on /dev/mapper/debian--vg-home to 28321400 (4k) blocks.
# The filesystem on /dev/mapper/debian--vg-home is now 28321400 blocks long.

Reduce LVM size lvreduce, then check and fix LVM e2kfsck

lvreduce -L 80G /dev/mapper/debian--vg-home
e2kfsck -f /dev/mapper/debian--vg-home

Mount disk mount
```
mount /dev/mapper/debian--vg-home
```

Extend LVM size

Check physical volume pvdisplay and volume group vgdisplay

pvdisplay
# --- Physical volume ---
# PV Name               /dev/sda5
# VG Name               debian-vg
# PV Size               100.00 GiB / not usable 2.00 MiB
# Allocatable           yes (but full)
# PE Size               4.00 MiB
vgdisplay
# --- Volume group ---
# VG Name               debian-vg
# Free  PE / Size       2560 / 9.99 GiB

Extend LVM size lvextend Using percentage

lvextend -l +100%FREE /dev/mapper/debian--vg-home

Resize file system

ext4 or ext3 use resize2fs
```
resize2fs /dev/mapper/debian--vg-home
```
xfs use xfs_growfs
```
xfs_growfs /dev/mapper/debian--vg-home
```

Check disk mount df -h
```
df -h /home
```

Firewall

ufw (Uncomplicated Firewall)

# 如果要允許連線指定 Port 可以輸入指令:
sudo ufw allow <port-number>
sudo ufw deny <port-number>

# 只允許特定 IP 才能連線的話，可以輸入以下指令:
sudo ufw allow from <IP> to any port <port-number>
sudo ufw deny from <IP> to any port <port-number>

# 只允許 Subnet 可以連線到，可以輸入以下指令:
sudo ufw allow from <IP-with-mask> to any port <port-number>
sudo ufw deny from <IP-with-mask> to any port <port-number>
sudo ufw allow from 159.66.109.0/24 to any port 22

# 刪除已經建立的規則:
sudo ufw status numbered
# 知道指定編號可以輸入以下指令來刪除規則:
sudo ufw delete <rule-number>

iptables

iptables 是最基本的防火牆工具，並且還可以設定 NAT、Port Forwarding 等功能，這裡有一個基本的腳本可以使用 iptables-script.sh。

要保存 iptables 設定的話在 debian 可以使用 iptables-persistent 來保存設定
- 設定好當前 rules 後 sudo bash -c iptables-save > /etc/iptables/rules.v4, sudo bash -c ip6tables-save > /etc/iptables/rules.v6

延伸閱讀: DebianFirewall, iptables-essentials

Network config

ubuntu wifi config

$ sudo vim /etc/netplan/50-cloud-init.yaml

# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        eth0:
            dhcp4: true
            optional: true
    version: 2
    wifis:
        wl0:
            optional: true
            access-points:
                "SSID-NAME-HERE":
                    password: "PASSWORD-HERE"
            dhcp4: true

debian static ip config

sudo vim /etc/network/interface

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens160
iface ens160 inet static
    address ${address}
    netmask ${netmask}
    gateway ${gateway}

# This an autoconfigured IPv6 interface
iface ens160 inet6 auto

sudo systemctl restart networking.service

fix Wifi Mt7601u driver

How to fix wireless adapter Mt7601u not working, Can run correctly on kernel 5.15. Reference

git clone https://github.com/jeremyb31/mt7601u.git
sudo dkms add ./mt7601u
sudo dkms install mt7601u/1.0

ZeroTier Route Config

Install ZeroTier and add route to between vLan and Physical Lan

curl -s https://install.zerotier.com | sudo bash

sudo zerotier-cli join $NETWORK_ID

Add to zerotier network, and Authorize it at https://my.zerotier.com/network/$NETWORK_ID.

Configure the ZeroTier managed route:

At my.zerotier.com/network/$NETWORK_ID -> Settings -> Managed Routes,
adds another route to every device joined to the ZeroTier network.

Destination	(Via)
$PHY_SUB	$ZT_ADDR
192.168.100.0/23	172.27.0.1

Edit /etc/sysctl.conf to uncomment net.ipv4.ip_forward. This enables forwarding at boot.

sudo sysctl -w net.ipv4.ip_forward=1
# Add you network interface to shell variables.
PHY_IFACE=eth0; ZT_IFACE=zt7nnig26

Add ip forwarding rules in iptables.

sudo iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
sudo iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
# Save iptables rules for next boot.
sudo apt install iptables-persistent
sudo bash -c iptables-save > /etc/iptables/rules.v4

Last using sudo iptables -L -v to check iptables rules.

Add Static Route

Best to add a static route to the device to be connected to the ZeroTier network.

要連上 ZeroTier 的裝置加上 Static route 可以讓連線更穩定，不然有時候會發生 ping 不到的情況，後來用 traceroute 才發現 ping 的路徑跑到別的網路去了。

Windows route add $PHY_SUB mask $PHY_SUB_MASK $PHY_GATEWAY
Linux sudo ip route add $PHY_SUB via $PHY_GATEWAY

Other

ulimit

ulimit 可以用來限制 shell 執行程式所需的資源
- ulimit [options] [limit]
- ulimit Man Page

Last Edit

06-11-2024 03:38 Add static route config.

results matching ""

No results matching ""

, linux, tool