systemd

/etc/systemd/system - default location for system units ~/.config/systemd/user - default location for user units

Commands

Flags for operating on user units are given in []

# reload units and timers
systemctl [--user] daemon-reload
# show all units (including disabled)
systemctl [--user] list-units -a
# view logs for unit
# also accepts:
#   -f               | tail the log
#   --user-unit foo  | target user unit instead of system
#   --boot=0         | show logs from current boot (-1 for previous, etc)
journalctl --unit foo

Examples

A simple service unit

foobar.service

[Unit]
Description=example service

[Service]
WorkingDirectory=/path/to/dir
Environment="FOOBAR=foo"
ExecStart=foobar.sh

[Install]
WantedBy=multi-user.target

foobar.timer A simple timer unit

[Unit]
Description=example timer

[Timer]
# run every 15 minutes (aligns to the hour)
OnCalendar=*:0/15
# run timer immediately if script is enabled and is past due
Persistent=true

[Install]
WantedBy=timers.target

Basic Arch Install

dhcpcd

timedatectl set-ntp true


fdisk /dev/sda 

# Create 300MB boot, 2GB swap, and leave the rest for root

mkswp /dev/sda2

mkfs.ext4 /dev/sda3

mount /dev/sda3 /mnt

swapon /dev/sda2

# edit /etc/pacman.d/mirrorlist to change mirror order **

pacstrap /mnt base

genfstab -p /mnt >> /mnt/etc/fstab

arch-chroot /mnt

ln -s /usr/share/zoneinfo/America/Indianapolis /etc/localtime

hwclock --systohc --utc

# uncomment en_US locales in /etc/locale.gen **

locale-gen

# enter hostname in /etc/hostname **

mkinitcpio -p linux

passwd

grub-install --target=i386-pc --recheck --debug /dev/sda

grub-mkconfig -o /boot/grub/grub.cfg

exit

reboot

pacman -S vim htop git

pacman -S xorg-server xf86-video-ati xorg-xinit

Generic Linux Install

# Copy bootable image to flash drive (status=progress requires dd >= 8.24)
dd if=foobar.iso if=/dev/sdX status=progress && sync

iptables

Commands

# list all tables
iptables -L -n -v
# (fedora) save iptables rules and remember to disable firewalld
iptables-save > /etc/sysconfig/iptables

Examples

# allow ssh
# must allow incoming connection and response

# append rule to input (-A INPUT) on input interface enp6s0f0 (-i enp6s0f0) 
# with destination port 22 (--dport 22).  use 'state' module (-m state)
# and allow new and established connections (--state NEW,ESTABLISHED)
# jump to target ACCEPT (-j ACCEPT)
iptables -A INPUT -i enp6s0f0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

# append rule to output (-A OUTPUT) on output interface enp6s0f0 (-o enp6s0f0) 
# with source port 22 (--sport 22).  use 'state' module (-m state)
# and allow established connections (--state ESTABLISHED)
# jump to target ACCEPT (-j ACCEPT)
iptables -A OUTPUT -o enp6s0f0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
# filter table: flush all chains, and delete all user added chains
iptables -F
iptables -X
# nat table: flush all chains, and delete all user added chains
iptables -t nat -F
iptables -t nat -X

LXC

https://www.flockport.com/enable-lxc-networking-in-debian-jessie-fedora-and-others/

Config examples

/etc/lxc/lxc.conf - set path for containers to be stored (default /var/lib/lxc)

lxc.lxcpath = "/lxc"

/lxc/container_name/config

lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.hwaddr = fe:0e:86:4b:b4:c0
lxc.network.flags = up
lxc.rootfs = /dev/fedora/container_name
lxc.rootfs.backend = lvm

# Include common configuration
lxc.include = /usr/share/lxc/config/fedora.common.conf

lxc.arch = x86_64
lxc.utsname = container_name

iptables config

sudo iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -o enp6s0f0 -j MASQUERADE

### PLUG ###
iptables -I FORWARD -m state -d 192.168.1.100/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
#webserver
iptables -t nat -I PREROUTING -p tcp --dport 10080 -j DNAT --to-destination 192.168.1.100:80
#ssh
iptables -t nat -I PREROUTING -p tcp --dport 10022 -j DNAT --to-destination 192.168.1.100:22
#irc
iptables -t nat -I PREROUTING -p tcp --dport 8001 -j DNAT --to-destination 192.168.1.100:8001
#minetest
iptables -t nat -I PREROUTING -p udp --dport 30000 -j DNAT --to-destination 192.168.1.100:30000
#poop
iptables -t nat -I PREROUTING -p udp --dport 2301 -j DNAT --to-destination 192.168.1.100:2301
iptables -t nat -I PREROUTING -p udp --dport 2303 -j DNAT --to-destination 192.168.1.100:2303
iptables -t nat -I PREROUTING -p udp --dport 23682 -j DNAT --to-destination 192.168.1.100:23682

### John ###

iptables -I FORWARD -m state -d 192.168.1.101/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
#webserver
iptables -t nat -I PREROUTING -p tcp --dport 10180 -j DNAT --to-destination 192.168.1.101:80
#ssh
iptables -t nat -I PREROUTING -p tcp --dport 10122 -j DNAT --to-destination 192.168.1.101:22
#mosh
iptables -t nat -I PREROUTING -p udp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
iptables -t nat -I PREROUTING -p tcp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001

### cannon ###
iptables -I FORWARD -m state -d 192.168.1.103/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
#ssh
iptables -t nat -I PREROUTING -p tcp --dport 10322 -j DNAT --to-destination 192.168.1.103:22

### evan ###
iptables -I FORWARD -m state -d 192.168.1.104/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
#ssh
iptables -t nat -I PREROUTING -p tcp --dport 10422 -j DNAT --to-destination 192.168.1.104:22
iptables -t nat -I PREROUTING -p tcp --dport 64738 -j DNAT --to-destination 192.168.1.104:64738

### epics ###
iptables -I FORWARD -m state -d 192.168.1.105/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
#ssh
iptables -t nat -I PREROUTING -p tcp --dport 10522 -j DNAT --to-destination 192.168.1.105:22

/etc/sysconfig/iptables (generated by iptables-save)

# Generated by iptables-save v1.4.21 on Thu Sep  1 13:36:16 2016
*nat
:PREROUTING ACCEPT [8:799]
:INPUT ACCEPT [6:679]
:OUTPUT ACCEPT [1:56]
:POSTROUTING ACCEPT [1:60]
-A PREROUTING -p tcp -m tcp --dport 10522 -j DNAT --to-destination 192.168.1.105:22
-A PREROUTING -p tcp -m tcp --dport 64738 -j DNAT --to-destination 192.168.1.104:64738
-A PREROUTING -p tcp -m tcp --dport 10422 -j DNAT --to-destination 192.168.1.104:22
-A PREROUTING -p tcp -m tcp --dport 10322 -j DNAT --to-destination 192.168.1.103:22
-A PREROUTING -p tcp -m tcp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p udp -m udp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p tcp -m tcp --dport 10122 -j DNAT --to-destination 192.168.1.101:22
-A PREROUTING -p tcp -m tcp --dport 10180 -j DNAT --to-destination 192.168.1.101:80
-A PREROUTING -p udp -m udp --dport 23682 -j DNAT --to-destination 192.168.1.100:23682
-A PREROUTING -p udp -m udp --dport 2303 -j DNAT --to-destination 192.168.1.100:2303
-A PREROUTING -p udp -m udp --dport 2301 -j DNAT --to-destination 192.168.1.100:2301
-A PREROUTING -p udp -m udp --dport 30000 -j DNAT --to-destination 192.168.1.100:30000
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 192.168.1.100:8001
-A PREROUTING -p tcp -m tcp --dport 10022 -j DNAT --to-destination 192.168.1.100:22
-A PREROUTING -p tcp -m tcp --dport 10080 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -p tcp -m tcp --dport 10522 -j DNAT --to-destination 192.168.1.105:22
-A PREROUTING -p tcp -m tcp --dport 64738 -j DNAT --to-destination 192.168.1.104:64738
-A PREROUTING -p tcp -m tcp --dport 10422 -j DNAT --to-destination 192.168.1.104:22
-A PREROUTING -p tcp -m tcp --dport 10322 -j DNAT --to-destination 192.168.1.103:22
-A PREROUTING -p tcp -m tcp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p udp -m udp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p tcp -m tcp --dport 10122 -j DNAT --to-destination 192.168.1.101:22
-A PREROUTING -p tcp -m tcp --dport 10180 -j DNAT --to-destination 192.168.1.101:80
-A PREROUTING -p udp -m udp --dport 23682 -j DNAT --to-destination 192.168.1.100:23682
-A PREROUTING -p udp -m udp --dport 2303 -j DNAT --to-destination 192.168.1.100:2303
-A PREROUTING -p udp -m udp --dport 2301 -j DNAT --to-destination 192.168.1.100:2301
-A PREROUTING -p udp -m udp --dport 30000 -j DNAT --to-destination 192.168.1.100:30000
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 192.168.1.100:8001
-A PREROUTING -p tcp -m tcp --dport 10022 -j DNAT --to-destination 192.168.1.100:22
-A PREROUTING -p tcp -m tcp --dport 10080 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -p tcp -m tcp --dport 10522 -j DNAT --to-destination 192.168.1.105:22
-A PREROUTING -p tcp -m tcp --dport 64738 -j DNAT --to-destination 192.168.1.104:64738
-A PREROUTING -p tcp -m tcp --dport 10422 -j DNAT --to-destination 192.168.1.104:22
-A PREROUTING -p tcp -m tcp --dport 10322 -j DNAT --to-destination 192.168.1.103:22
-A PREROUTING -p tcp -m tcp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p udp -m udp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p tcp -m tcp --dport 10122 -j DNAT --to-destination 192.168.1.101:22
-A PREROUTING -p tcp -m tcp --dport 10180 -j DNAT --to-destination 192.168.1.101:80
-A PREROUTING -p udp -m udp --dport 23682 -j DNAT --to-destination 192.168.1.100:23682
-A PREROUTING -p udp -m udp --dport 2303 -j DNAT --to-destination 192.168.1.100:2303
-A PREROUTING -p udp -m udp --dport 2301 -j DNAT --to-destination 192.168.1.100:2301
-A PREROUTING -p udp -m udp --dport 30000 -j DNAT --to-destination 192.168.1.100:30000
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 192.168.1.100:8001
-A PREROUTING -p tcp -m tcp --dport 10022 -j DNAT --to-destination 192.168.1.100:22
-A PREROUTING -p tcp -m tcp --dport 10080 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -p tcp -m tcp --dport 10522 -j DNAT --to-destination 192.168.1.105:22
-A PREROUTING -p tcp -m tcp --dport 64738 -j DNAT --to-destination 192.168.1.104:64738
-A PREROUTING -p tcp -m tcp --dport 10422 -j DNAT --to-destination 192.168.1.104:22
-A PREROUTING -p tcp -m tcp --dport 10322 -j DNAT --to-destination 192.168.1.103:22
-A PREROUTING -p tcp -m tcp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p udp -m udp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p tcp -m tcp --dport 10122 -j DNAT --to-destination 192.168.1.101:22
-A PREROUTING -p tcp -m tcp --dport 10180 -j DNAT --to-destination 192.168.1.101:80
-A PREROUTING -p udp -m udp --dport 23682 -j DNAT --to-destination 192.168.1.100:23682
-A PREROUTING -p udp -m udp --dport 2303 -j DNAT --to-destination 192.168.1.100:2303
-A PREROUTING -p udp -m udp --dport 2301 -j DNAT --to-destination 192.168.1.100:2301
-A PREROUTING -p udp -m udp --dport 30000 -j DNAT --to-destination 192.168.1.100:30000
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 192.168.1.100:8001
-A PREROUTING -p tcp -m tcp --dport 10022 -j DNAT --to-destination 192.168.1.100:22
-A PREROUTING -p tcp -m tcp --dport 10080 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -p tcp -m tcp --dport 10522 -j DNAT --to-destination 192.168.1.105:22
-A PREROUTING -p tcp -m tcp --dport 64738 -j DNAT --to-destination 192.168.1.104:64738
-A PREROUTING -p tcp -m tcp --dport 10422 -j DNAT --to-destination 192.168.1.104:22
-A PREROUTING -p tcp -m tcp --dport 10322 -j DNAT --to-destination 192.168.1.103:22
-A PREROUTING -p tcp -m tcp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p udp -m udp --dport 60001 -j DNAT --to-destination 192.168.1.101:60001
-A PREROUTING -p tcp -m tcp --dport 10122 -j DNAT --to-destination 192.168.1.101:22
-A PREROUTING -p tcp -m tcp --dport 10180 -j DNAT --to-destination 192.168.1.101:80
-A PREROUTING -p udp -m udp --dport 23682 -j DNAT --to-destination 192.168.1.100:23682
-A PREROUTING -p udp -m udp --dport 2303 -j DNAT --to-destination 192.168.1.100:2303
-A PREROUTING -p udp -m udp --dport 2301 -j DNAT --to-destination 192.168.1.100:2301
-A PREROUTING -p udp -m udp --dport 30000 -j DNAT --to-destination 192.168.1.100:30000
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 192.168.1.100:8001
-A PREROUTING -p tcp -m tcp --dport 10022 -j DNAT --to-destination 192.168.1.100:22
-A PREROUTING -p tcp -m tcp --dport 10080 -j DNAT --to-destination 192.168.1.100:80
-A POSTROUTING -o enp6s0f0 -j MASQUERADE
-A POSTROUTING -o enp6s0f0 -j MASQUERADE
-A POSTROUTING -o enp6s0f0 -j MASQUERADE
COMMIT
# Completed on Thu Sep  1 13:36:16 2016
# Generated by iptables-save v1.4.21 on Thu Sep  1 13:36:16 2016
*filter
:INPUT ACCEPT [93:6878]
:FORWARD ACCEPT [42:5487]
:OUTPUT ACCEPT [57:7040]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.1.0/24 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Sep  1 13:36:16 2016

Commands

# list container statuses and ip addresses (fancy mode)
lxc-ls -f
brctl show
brctl delbr virbr0
brctl addbr virbr0
ip link set virbr0 down
# set libvirtd ip range
virsh net-edit default
virsh -c lxc:/// net-define /etc/libvirt/qemu/networks/default.xml
virsh -c lsc:/// net-start default
virsh -c lsc:/// net-autostart default

#+begin_bash

systemctl restart libvirtd.service

#+end_src

New Container Setup

New LXC containers are very barebones and need a bit of setup to be useful. Here is an overview of steps for various distros.

Debian

Setup PATH

# add /bin, /sbin to path
echo 'PATH=$PATH:/bin:/sbin'>>.bashrc

Install packages

# core commands
apt-get install apt-utils vim man tar less iputils-ping

# extra commands
apt-get install git zip autojump wget htop ncdu nload

Fedora

Install packages

# core commands
dnf install vim man

# core commands
dnf install git zip autojump wget htop ncdu nload

Weechat

# enable notifications for any messages in buffer (works for Android client, too)
/buffer set highlight_regex .\ast{}.*

MDADM

Checking state and simulating failure

# check RAID state
cat /proc/mdstat  # look for failure, (F), after the drive name: sda1[0](F)

# simulate a failed drive
mdadm --manage --set-faulty /dev/md/pv00 /dev/sda1

# remove faulty state by removing and readding
mdadm --remove /dev/md/pv00 /dev/sda1
mdadm --add /dev/md/pv00 /dev/sda1

Replacing a failed drive (sdc)

# set hard drive as failed
# mark as failed and remove
mdadm --manage /dev/md127 --fail /dev/sdc1
mdadm --manage /dev/md127 --remove /dev/sdc1

# write down serial number of failed drive
hdparm -i /dev/sdc1 | grep -i serial
shutdown -h now
# remove broken harddrive, insert the new hardddrive

# copy partition scheme from working harddrive to new harddrive
sfdisk -d /dev/sda | sfdisk /dev/sdc

# add new harddrive
mdadm --manage /dev/md127 --add /dev/sdc1

# verify that array is recovering
cat /proc/mdstat

Notifying on harddrive failure (gmail)

/etc/exim/exim.conf

# add this after `begin routers` in router config section
 send_via_gmail:
     driver = manualroute
     domains = ! +local_domains
     transport = gmail_smtp
     route_list = * gmail-smtp.l.google.com
# add this after `begin transports` in transports config section
 gmail_smtp:
     driver = smtp
     port = 587
     hosts_require_auth = gmail-smtp.l.google.com
     hosts_require_tls = gmail-smtp.l.google.com
# add this after `begin authenaticators` in authentication config section
 gmail_login:
     driver = plaintext
     public_name = LOGIN
     client_send = : sender_email@gmail.com : password_in_plaintext_here

/etc/mdadm.conf

MAILADDR destination_email@example.com
AUTO +imsm +1.x -all
ARRAY /dev/md/pv00 level=raid5 num-devices=4 UUID=1327a02b:b19f6696:0e3f8ac7:9615591c

Growing RAID size

This is useful if the RAID array needs to be grown by using up more free space (no added harddrive)

umount /dev/sda
umount /dev/sdb
umount /dev/sdc
umount /dev/sdd

# grow RAID array to 500GB (this will take a while)
mdadm -G /dev/md127 -z 500G

# resize physical volume to fit new RAID partition size
pvresize /dev/md127

Auto FS

Auto FS + SSHFS allows the system to mount ssh filesystems on access and then automatically unmount after a certain timeout. The necessary tools are autofs and sshfs.

/etc/auto.master or /etc/auto.master.d/foobar.autofs or /etc/autofs/auto.master

# mounts all the entries listed in /etc/auto.sshfs in /mnt/ with the given options
# add the --verbose option here to debug mounting issues
# set --timeout to control when sshfs mount is automatically unmounted
/mnt /etc/auto.sshfs --timeout=180 --ghost

/etc/auto.sshfs

# make a mount to be used by auto.master
foobar -fstype=fuse,rw,IdentityFile=/home/evan/.ssh/foobar,port=22,allow_other :sshfs\#foo@example.org\:

AutoFS runs as root, so ensure that the host fingerprint has been added to /root/.ssh/known_hosts. You can add this easily by attempting to ssh login to foo@example.org from root.

su -
ssh foo@example.org
# enter yes

Resizing LUKS encrypted LVM

# expand the block device with fdisk, if necessary

# resize physical volume
pvresize --setphysicalvolumesize 111.8G /dev/sdb2
# be careful about using `-l +100%FREE`.  this broke /home until I manually shrank fedora--vg-home by a few GB
lvextend -l 80G /dev/mapper/fedora--vg-home
resize2fs /dev/mapper/fedora--vg-home

Fixing Nodejs

https://bugzilla.redhat.com/show_bug.cgi?id=1125868

Rsync

# Sync permissions only. (useful if you forgot `-p` option in cp)
# Looks at filesize differences to determine if a copy is needed rather
# than timestamp (which gets reset when `-p` is left out of cp.
rsync --archive --size-only /src/foo /dest/bar