-
-
Save HackingGate/9dc4434c3de17188a17844438fc38aff to your computer and use it in GitHub Desktop.
| #!/usr/bin/python | |
| from sense_hat import SenseHat | |
| import os | |
| def get_cpu_temp(): | |
| res = os.popen('vcgencmd measure_temp').readline() | |
| return float(res.replace("temp=", "").replace("'C\n", "")) | |
| def get_temp(sense): | |
| t1 = sense.get_temperature_from_humidity() | |
| t2 = sense.get_temperature_from_pressure() | |
| t = (t1 + t2) / 2 | |
| t_cpu = get_cpu_temp() | |
| t_corr = t - ((t_cpu - t) / 15) - 3 | |
| return t_corr | |
| sense = SenseHat() | |
| humidity = sense.get_humidity() | |
| pressure = sense.get_pressure() | |
| print("%s %s %s" % (get_temp(sense), humidity, pressure)) |
Torjan-go
https://blog.chaos.run/dreams/debian-deploy-trojan-go-server/index.html
/etc/systemd/system/trojan-go.service
[Unit]
Description=Trojan-Go
Documentation=https://github.com/p4gefau1t/trojan-go
After=network.target nss-lookup.target
[Service]
User=nobody
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
ExecStart=/usr/local/bin/trojan-go/trojan-go -config /usr/local/etc/trojan-go/config.json
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
How to issue Let's Encrypt certificate
https://www.cyberciti.biz/faq/issue-lets-encrypt-wildcard-certificate-with-acme-sh-and-cloudflare-dns/
command
acme.sh --issue --dns dns_cf -d x4s.hackinggate.com
log
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
[Sun Jan 30 23:55:49 JST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Jan 30 23:55:49 JST 2022] Creating domain key
[Sun Jan 30 23:55:50 JST 2022] The domain key is here: /home/pi/.acme.sh/x4s.hackinggate.com/x4s.hackinggate.com.key
[Sun Jan 30 23:55:50 JST 2022] Single domain='x4s.hackinggate.com'
[Sun Jan 30 23:55:50 JST 2022] Getting domain auth token for each domain
[Sun Jan 30 23:55:59 JST 2022] Getting webroot for domain='x4s.hackinggate.com'
[Sun Jan 30 23:55:59 JST 2022] Adding txt value: XsJ1KXrbdJspcrOl6Q3eRjfM3h913u_QfKrT6snqHA4 for domain: _acme-challenge.x4s.hackinggate.com
[Sun Jan 30 23:56:01 JST 2022] Adding record
[Sun Jan 30 23:56:01 JST 2022] Added, OK
[Sun Jan 30 23:56:01 JST 2022] The txt record is added: Success.
[Sun Jan 30 23:56:01 JST 2022] Let's check each DNS record now. Sleep 20 seconds first.
[Sun Jan 30 23:56:22 JST 2022] You can use '--dnssleep' to disable public dns checks.
[Sun Jan 30 23:56:22 JST 2022] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck
[Sun Jan 30 23:56:22 JST 2022] Checking x4s.hackinggate.com for _acme-challenge.x4s.hackinggate.com
[Sun Jan 30 23:56:23 JST 2022] Domain x4s.hackinggate.com '_acme-challenge.x4s.hackinggate.com' success.
[Sun Jan 30 23:56:23 JST 2022] All success, let's return
[Sun Jan 30 23:56:23 JST 2022] Verifying: x4s.hackinggate.com
[Sun Jan 30 23:56:26 JST 2022] Processing, The CA is processing your order, please just wait. (1/30)
[Sun Jan 30 23:56:31 JST 2022] Success
[Sun Jan 30 23:56:31 JST 2022] Removing DNS records.
[Sun Jan 30 23:56:31 JST 2022] Removing txt: XsJ1KXrbdJspcrOl6Q3eRjfM3h913u_QfKrT6snqHA4 for domain: _acme-challenge.x4s.hackinggate.com
[Sun Jan 30 23:56:33 JST 2022] Removed: Success
[Sun Jan 30 23:56:33 JST 2022] Verify finished, start to sign.
[Sun Jan 30 23:56:33 JST 2022] Lets finalize the order.
[Sun Jan 30 23:56:33 JST 2022] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/SDI4a-5pScPZITvOcZ7GWA/finalize'
[Sun Jan 30 23:56:37 JST 2022] Order status is processing, lets sleep and retry.
[Sun Jan 30 23:56:37 JST 2022] Retry after: 15
[Sun Jan 30 23:56:53 JST 2022] Polling order status: https://acme.zerossl.com/v2/DV90/order/SDI4a-5pScPZITvOcZ7GWA
[Sun Jan 30 23:56:56 JST 2022] Downloading cert.
[Sun Jan 30 23:56:56 JST 2022] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/qe2eWCrc70AtJ_3U7O6iqQ'
[Sun Jan 30 23:57:02 JST 2022] Cert success.
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
[Sun Jan 30 23:57:02 JST 2022] Your cert is in: /home/pi/.acme.sh/x4s.hackinggate.com/x4s.hackinggate.com.cer
[Sun Jan 30 23:57:02 JST 2022] Your cert key is in: /home/pi/.acme.sh/x4s.hackinggate.com/x4s.hackinggate.com.key
[Sun Jan 30 23:57:02 JST 2022] The intermediate CA cert is in: /home/pi/.acme.sh/x4s.hackinggate.com/ca.cer
[Sun Jan 30 23:57:02 JST 2022] And the full chain certs is there: /home/pi/.acme.sh/x4s.hackinggate.com/fullchain.cer
install
acme.sh --install-cert -d x4s.hackinggate.com \
--key-file ~/certs/x4s.hackinggate.com.key \
--fullchain-file ~/certs/x4s.hackinggate.com.crt \
--reloadcmd "bash ~/scripts/cert.sh && sudo service nginx force-reload"
Calibre Server
Install Calibre:
sudo apt install calibre
Upgrade Raspberry Pi OS from buster to bullseye by ChatGPT
As of my last training data cut-off in September 2021, the process to upgrade your Raspberry Pi OS from "Buster" (Debian 10) to "Bullseye" (Debian 11) would follow similar steps to other Debian-based system upgrades.
Here is a general outline of the steps you'd take:
Step 1: Make a backup
Before you begin, it's essential to back up any important data. System upgrades have the potential to go wrong, and it's always better to be safe than sorry.
Step 2: Update your current system
First, update your existing system packages to their latest versions. To do this, open a terminal and type:
sudo apt update
sudo apt full-upgradeThis will update the package list and upgrade all packages to their latest version. The full-upgrade command will also handle any dependencies, removing obsolete packages if necessary.
Step 3: Modify your apt sources
You will need to modify the /etc/apt/sources.list file and change all instances of 'buster' to 'bullseye'. You can do this manually with a text editor or use the sed command in terminal:
sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak # Backup your sources list
sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.listIf you have additional software sources set up in separate files under /etc/apt/sources.list.d/, you should also update those files:
sudo sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/*.listStep 4: Perform the upgrade
You can now proceed with the upgrade by running:
sudo apt update
sudo apt full-upgradeThis will update your package list with the Bullseye repositories and perform the upgrade.
Step 5: Clean up
After the upgrade, you may want to remove unnecessary packages:
sudo apt autoremove
sudo apt autocleanStep 6: Reboot your Raspberry Pi
Finally, reboot your Raspberry Pi to make sure everything is working as expected:
sudo rebootNOTE: This is a general guide. The specific steps may vary based on your particular configuration and the specific versions of the OS. It's crucial to back up your data before performing an OS upgrade, as things can occasionally go wrong. Proceed with caution and consult the official documentation and community if you encounter problems or have concerns. It's often also a good idea to test this process on a secondary device first, if one is available.
1. Install QEMU:
sudo apt update
sudo apt-get install qemu-system-arm qemu-efi
2. Download the Raspberry Pi OS image and Kernel image:
wget https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-05-03/2023-05-03-raspios-bullseye-arm64-lite.img.xz
xz -d 2023-05-03-raspios-bullseye-arm64-lite.img.xz
wget https://raw.githubusercontent.com/dhruvvyas90/qemu-rpi-kernel/master/kernel-qemu-5.10.63-bullseye
wget https://github.com/dhruvvyas90/qemu-rpi-kernel/raw/master/versatile-pb-bullseye-5.10.63.dtb
Migrating to 64-bit OS (aarch64)
Why?
https://www.linuxserver.io/blog/a-farewell-to-arm-hf
How?
Reflash the image
Official Raspberry Pi OS
Download Raspberry Pi OS
https://www.raspberrypi.com/software/operating-systems/
Install Raspberry Pi OS using Raspberry Pi Imager
brew install raspberry-pi-imagerFlash with SSH enabled
sudo dpkg-reconfigure locales
Install Docker
https://docs.docker.com/engine/install/debian/
Configure Docker
https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
sudo usermod -aG docker $USER
Relogin the user
Calibre web with docker compose
docker-compose.yml
---
version: "2.1"
services:
calibre-web:
image: lscr.io/linuxserver/calibre-web:latest
container_name: calibre-web
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- DOCKER_MODS=linuxserver/mods:universal-calibre
- OAUTHLIB_RELAX_TOKEN_SCOPE=1 #optional
volumes:
- /home/pi/calibre/config:/config
- /home/pi/calibre/library:/books
ports:
- 8083:8083
restart: unless-stoppedCrontab
crontab -e
@reboot (sleep 30s ; cd calibre ; /usr/bin/docker compose up -d --build)&Basic Configuration
Calibre web
Install https://github.com/janeczku/calibre-web
Create /etc/systemd/system/calibre-web.service
[Unit]
Description=Calibre-Web
After=network.target
[Service]
Type=simple
User=pi
Group=pi
WorkingDirectory=/home/pi/calibre
ExecStart=/home/pi/.local/bin/cps
Restart=on-failure
[Install]
WantedBy=multi-user.target
Enable and start
sudo systemctl enable calibre-web
sudo systemctl start calibre-web
Cloudflare tunnel
For SSH, RDP, SMB
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/
tailscale
fileserver
Install
curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bashInit
filebrowser config initChange listen port from default 8080 to 8780 (Optional)
filebrowser config set --port 8780Test
filebrowser -r .Add user
filebrowser users add admin adminUpdate user
filebrowser users update admin --username pi
filebrowser users update pi --password pass1234Add /etc/systemd/system/filebrowser.service with the following content.
[Unit]
Description=filebrowser
After=network.target
[Service]
Type=simple
WorkingDirectory=/home/pi
ExecStart=/usr/local/bin/filebrowser -r /home/pi
Restart=on-failure
User=pi
Group=pi
[Install]
WantedBy=multi-user.targetLoad, enable and run
sudo systemctl daemon-reload
sudo systemctl enable --now filebrowser.service
Pi-hole
https://pi-hole.net/
Installation
Install pi-hole
https://github.com/homebridge/homebridge-raspbian-image/wiki/How-To-Install-Pi-Hole
Configuration
Homebridge local
http://homebridge.local:8581
Config:
/etc/nginx/sites-enabled/homebridge.localRestart:
sudo systemctl restart lighttpd.serviceUpdate:
sudo hb-configPi-hole
http://homebridge.local
Config:
/etc/lighttpd/lighttpd.confRestart:
sudo systemctl restart lighttpd.serviceUpdate:
pihole -upCustom port:
Edit/etc/lighttpd/external.confEdit
/etc/lighttpd/conf-enabled/external.confCompatible with WireGuard VPN
https://gist.github.com/HackingGate/b75ac856397075756ea878380c5b848c?permalink_comment_id=3698253#gistcomment-3698253
Change to
Respond only on interface eth0Compatible with vlmcsd
https://gist.github.com/HackingGate/b75ac856397075756ea878380c5b848c?permalink_comment_id=3614094#gistcomment-3614094
Turn off
DNSSECUpdate
https://tailscale.com/kb/1114/pi-hole#troubleshooting