My Little Pocket Universe
Finding good documents on how to set up a site-to-site VPN with a Ubiquiti UDM to a non-Ubiquiti node (i.e. linux) has been a challenge. The documents on Ubiquiti’s site are laughably incomplete (and generally way out of date). So I am working through each of the steps and trying to shoe horn in a … Read more
I used to use a real VT220 terminal way back in the college days, and I remembered that I rather liked the font. So I decided to make a linux console font to use it on the text console of linux hosts. Place the font file in /usr/share/consolefonts Edit /etc/default/console-setup to have the lines: CHARMAP=”UTF-8″ … Read more
Add the following to the global section: min protocol = SMB2 ea support = yes vfs objects = fruit streams_xattr acl_xattr fruit:appl = yes fruit:metadata = stream fruit:model = MacSamba fruit:veto_appledouble = no fruit:posix_rename = yes fruit:zero_file_id = yes fruit:wipe_intentionally_left_blank_rfork = yes fruit:delete_empty_adfiles = yes fruit:locking = netatalk In the individual shares if you want … Read more
I used these two sites to figure out how to get DKIM working: https://wiki.debian.org/opendkim https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf Install opendkim and opendkim-tools cd /etc/dkimkeys opendkim-genkey -t -s mail -d technomancer.com Edit /etc/opendkim.conf: Domain technomancer.com KeyFile /etc/dkimkeys/mail.private Selector mail Socket local:/var/spool/postfix/opendkim/opendkim.sock # Specify the list of keys KeyTable file:/etc/dkimkeys/keytable # Match keys and domains. To use regular expressions in … Read more
Install the bind9 packages. Make sure it’s enabled in named.conf.options: dnssec-validation auto; dnssec-lookaside auto; # Need to look up what this one is Generate the keys (pick an appropriate algorithm; today (22 Mar 2021),ECDSAP384SHA384 seems to be the “ideal”): dnssec-keygen -a ECDSAP384SHA384 -b 4096 -n ZONE technomancer.comdnssec-keygen -f KSK -a ECDSAP384SHA384 -b 4096 -n ZONE … Read more
Add client to /etc/freeradius/3.0/clients.conf client someclient.tek { ipaddr=172.22.42.4 secret=xxxxxxxxxxxxxxxxx shortname=internal-network login = !root } Set daemon to run with group shadow in /etc/freeradius/3.0/radiusd.conf Uncomment unix type in /etc/freeradius/3.0/sites-available/default to enable reading of passwd/shadow information.
To set the timezone in Ubuntu 20: timedatectl set-timezone America/New_York