海运的博客

ubuntu编译安装bitwarden_rs和web-vault

发布时间:February 17, 2020 // 分类: // No Comments

编译安装bitwarden_rs:

apt install git make gcc libssl-dev pkg-config curl
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
git clone https://github.com/dani-garcia/bitwarden_rs/
cd bitwarden_rs/
cargo build --features sqlite --release
mkdir /usr/local/bitwarden
cp target/release/bitwarden_rs /usr/local/bitwarden/  

编译安装web-vault,已编译版本:https://github.com/dani-garcia/bw_web_builds/releases

curl -sL https://deb.nodesource.com/setup_10.x | bash -
apt install nodejs
git clone https://github.com/bitwarden/web.git web-vault
cd web-vault
git checkout v2.11.0
wget https://raw.githubusercontent.com/dani-garcia/bw_web_builds/master/patches/v2.11.0.patch
git apply v2.11.0.patch
npm run sub:init
npm install
npm run dist
cp -r build /usr/local/bitwarden/web-vault
export PATH=/usr/local/bitwarden/:$PATH

如果遇到以下错误:
ERROR in node_modules/sweetalert/typings/sweetalert.d.ts(4,9): error TS2403: Subsequent variable declarations must have the same type. Variable 'swal' must be of type 'typeof import("/usr/local/src/web-vault/node_modules/sweetalert/typings/sweetalert")', but here has type 'SweetAlert'.
则:

sed -i 's/const swal/\/\/const swal/' node_modules/sweetalert/typings/sweetalert.d.ts

启动:

export WEB_VAULT_FOLDER=/usr/local/bitwarden/web-vault
export DATA_FOLDER=/usr/local/bitwarden/data
bitwarden_rs

https://github.com/dani-garcia/bitwarden_rs/wiki/Building-binary
https://github.com/t4t5/sweetalert/issues/890
https://www.reddit.com/r/Bitwarden/comments/dg78bi/building_selfhosted_bitwarden_via_bitwarden_rs/
https://www.ixsystems.com/community/threads/how-to-build-your-own-bitwarden_rs-jail.81389/

ubuntu linux vps通过ipxe网络引导alpine dd备份/恢复vps系统

发布时间:February 8, 2020 // 分类: // No Comments

alpine从硬盘grub引导到内存中运行,重启后会破坏原硬盘分区,使用alpine官方推荐的使用ipxe netboot。
生成ipxe grub引导脚本,ssh_key为后续ssh登录目标系统操作的机器ssh public key,grub引导的ipxe lkrn可自行编译

#!/bin/bash
#set -x
network=static
dns=8.8.8.8
ssh_key="ssh_key=http://www.haiyun.me/id_rsa.pub"
mirror="http://mirrors.aliyun.com/alpine/v3.11"
ipxe_file="http://www.haiyun.me/ipxe.lkrn"

valid_ip() {
  [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]
  state=$?
  return $state 
}
cidr2mask() {
    value=$(( 0xffffffff ^ ((1 << (32 - $1)) - 1) ))
    echo "$(( ($value >> 24) & 0xff )).$(( ($value >> 16) & 0xff )).$(( ($value >> 8) & 0xff )).$(( $value & 0xff ))"
}
which wget &> /dev/null && which ip &> /dev/null || {
  echo '请先安装wget和ip'
  exit
}
alpine_addr="ip=dhcp"
if [ "$network" == 'static' ]; then
  address=$(ip -o -f inet addr show | awk '/scope global/ {print $4}' | head -n 1)
  addr=$(echo $address | awk -F'/' '{print $1}')
  cidr=$(echo $address | awk -F'/' '{print $2}')
  gw=$(ip rou | awk '/default via/ {print $3}')
  mask=$(cidr2mask $cidr)
  alpine_addr="ip=${addr}::${gw}:${mask}::::${dns}:"
  echo 'ip:' $addr
  echo 'route:' $gw
  echo 'netmask:' $mask
  valid_ip "$addr" && valid_ip "$mask" && valid_ip "$gw" || {
    echo '获取网络信息失败'
    exit
  }
  read -r -p "以上IP信息是否正确? [Y/n] " input
  if [[ $input != "y" && $input != "Y" ]]; then
    echo "abort"
    exit
  fi
fi

if [ -f "/etc/redhat-release" ]; then
  grubfile=/boot/grub2/grub.cfg
  grubcmd=grub2-mkconfig
else
  grubfile=/boot/grub/grub.cfg
  grubcmd=grub-mkconfig
fi
#root=`grep "set root" $grubfile|sed -e 's/^[ \t]*//'|head -n 1`
root=$(grep 'set root' $grubfile | sed -e 's/^[ \t]*//' | sort | uniq -c | head -n 1 | awk '{print $2,$3}')
if mount | grep -q /boot; then
  dir=/
else
  dir=/boot/
fi
vmlinuzfile=${dir}ipxe.lkrn
initrdfile=${dir}ipxe.initrd
wget -q $ipxe_file -O /boot/ipxe.lkrn
cat > /boot/ipxe.initrd << EOF
#!ipxe
imgfree
set net0/ip ${addr}
set net0/netmask ${mask}
set net0/gateway ${gw}
set dns ${dns}
ifopen net0

:boot
kernel ${mirror}/releases/x86_64/netboot/vmlinuz-virt ${alpine_addr} modules=loop,squashfs quiet nomodeset alpine_repo=${mirror}/main/ modloop=${mirror}/releases/x86_64/netboot/modloop-virt console=tty0 ${ssh_key} || goto boot
initrd ${mirror}/releases/x86_64/netboot/initramfs-virt || goto boot

boot || shell
EOF

[[ -f /boot/ipxe.lkrn ]] && [[ -f /boot/ipxe.initrd ]] || {
  echo '引导文件不存在'
  exit
}

cat > /etc/grub.d/40_custom << EOF
#!/bin/sh
exec tail -n +3 \$0
menuentry 'netinstall' {
$root
linux16 $vmlinuzfile
initrd16 $initrdfile
}
EOF
sed -i 's/GRUB_DEFAULT=.*/GRUB_DEFAULT="netinstall"/' /etc/default/grub
$grubcmd -o $grubfile
cat /etc/grub.d/40_custom

ssh登录到alpine系统,dd备份的系统镜像保存到sshfs挂载远程服务器上,也可使用nfs。

apk add sshfs
modprobe fuse
sshfs -p 22 www.haiyun.me:/mnt/ /mnt/
dd if=/dev/vda | gzip > /mnt/pr.img
sync
umount /mnt/

恢复备份系统的grub引导:

mount -t ext4 /dev/vda1 /mnt/
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/

将要dd的目标系统通过以上方法引导至alpine系统并挂载sshfs,然后将之前备份的img dd到目标系统:

gzip -dc /mnt/pr.img |dd of=/dev/vda

如果要dd的目标系统硬盘比备份的系统硬盘大,要进行linux系统分区扩容,如果要扩容的分区下面有swap分区,记住swap的扇区大小和要扩容的分区起始位置,根据总扇区大小计算要扩充的分区扇区大小,将swap分区和扩充的分区删除再新建。

apk add util-linux e2fsprogs-extra
#修改分区扇区大小及位置,方法见上面链接
fdisk /dev/vda
partprobe 
e2fsck -yf /dev/vda1
resize2fs /dev/vda1
#如果有删除并新建swap分区,后面还要修改fstab swap uuid
mkswap /dev/vda2

挂载恢复后硬盘镜像,修改目标系统的IP地址和启动项:

mount -t ext4 /dev/vda1 /mnt/
#如果有更改swap分区,修改fstab uuid
blkid
vim /mnt/etc/fstab 
vim /mnt/etc/network/interfaces
chmod 644 /mnt/boot/grub/grub.cfg
sed -i 's/default="netinstall"/default="0"/' /mnt/boot/grub/grub.cfg
chmod 444 /mnt/boot/grub/grub.cfg
sed -i 's/GRUB_DEFAULT="netinstall"/GRUB_DEFAULT="0"/' /mnt/etc/default/grub
umount /mnt/

此内容被密码保护

发布时间:January 23, 2020 // 分类: // No Comments

请输入密码访问

此内容被密码保护

发布时间:January 22, 2020 // 分类: // No Comments

请输入密码访问

dnsmasq修改/设置最小TTL时间min-ttl patch

发布时间:January 13, 2020 // 分类: // No Comments

虽然dnsmasq自带参数min-cache-ttl可修改服务器缓存最小值,但是首次请求返回给客户端的时正常ttl,使用以下patch可修改返回给客户端ttl时间,配合min-cache-ttl保持和dnsmasq缓存ttl时间一致,dnsmasq不开启缓存可单独修改min ttl。
适用于dnsmasq2.80版本,

diff -urN dnsmasq-2.80/src/dnsmasq.h dnsmasq-2.80-bak/src/dnsmasq.h
--- dnsmasq-2.80/src/dnsmasq.h  2018-10-19 02:21:55.000000000 +0800
+++ dnsmasq-2.80-bak/src/dnsmasq.h      2020-01-13 10:38:16.940067371 +0800
@@ -1023,7 +1023,7 @@
   int max_logs;  /* queue limit */
   int cachesize, ftabsize;
   int port, query_port, min_port, max_port;
-  unsigned long local_ttl, neg_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
+  unsigned long local_ttl, neg_ttl, min_ttl, max_ttl, min_cache_ttl, max_cache_ttl, auth_ttl, dhcp_ttl, use_dhcp_ttl;
   char *dns_client_id;
   struct hostsfile *addn_hosts;
   struct dhcp_context *dhcp, *dhcp6;
diff -urN dnsmasq-2.80/src/option.c dnsmasq-2.80-bak/src/option.c
--- dnsmasq-2.80/src/option.c   2018-10-19 02:21:55.000000000 +0800
+++ dnsmasq-2.80-bak/src/option.c       2020-01-13 17:21:13.925164926 +0800
@@ -106,6 +106,7 @@
 #define LOPT_PROXY         295
 #define LOPT_GEN_NAMES     296
 #define LOPT_MAXTTL        297
+#define LOPT_MINTTL        397
 #define LOPT_NO_REBIND     298
 #define LOPT_LOC_REBND     299
 #define LOPT_ADD_MAC       300
@@ -281,6 +282,7 @@
     { "dhcp-broadcast", 2, 0, LOPT_BROADCAST },
     { "neg-ttl", 1, 0, LOPT_NEGTTL },
     { "max-ttl", 1, 0, LOPT_MAXTTL },
+    { "min-ttl", 1, 0, LOPT_MINTTL },
     { "min-cache-ttl", 1, 0, LOPT_MINCTTL },
     { "max-cache-ttl", 1, 0, LOPT_MAXCTTL },
     { "dhcp-alternate-port", 2, 0, LOPT_ALTPORT },
@@ -409,6 +411,7 @@
   { 'T', ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for replies from /etc/hosts."), NULL },
   { LOPT_NEGTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for negative caching."), NULL },
   { LOPT_MAXTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for maximum TTL to send to clients."), NULL },
+  { LOPT_MINTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live in seconds for minimum TTL to send to clients."), NULL },
   { LOPT_MAXCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live ceiling for cache."), NULL },
   { LOPT_MINCTTL, ARG_ONE, "<integer>", gettext_noop("Specify time-to-live floor for cache."), NULL },
   { 'u', ARG_ONE, "<username>", gettext_noop("Change to this user after startup. (defaults to %s)."), CHUSER }, 
@@ -2664,6 +2667,7 @@
     case 'T':         /* --local-ttl */
     case LOPT_NEGTTL: /* --neg-ttl */
     case LOPT_MAXTTL: /* --max-ttl */
+    case LOPT_MINTTL: /* --min-ttl */
     case LOPT_MINCTTL: /* --min-cache-ttl */
     case LOPT_MAXCTTL: /* --max-cache-ttl */
     case LOPT_AUTHTTL: /* --auth-ttl */
@@ -2676,6 +2680,8 @@
          daemon->neg_ttl = (unsigned long)ttl;
        else if (option == LOPT_MAXTTL)
          daemon->max_ttl = (unsigned long)ttl;
+       else if (option == LOPT_MINTTL)
+         daemon->min_ttl = (unsigned long)ttl;
        else if (option == LOPT_MINCTTL)
          {
            if (ttl > TTL_FLOOR_LIMIT)
diff -urN dnsmasq-2.80/src/rfc1035.c dnsmasq-2.80-bak/src/rfc1035.c
--- dnsmasq-2.80/src/rfc1035.c  2018-10-19 02:21:55.000000000 +0800
+++ dnsmasq-2.80-bak/src/rfc1035.c      2020-01-13 17:12:25.455445871 +0800
@@ -669,11 +669,20 @@
                  GETSHORT(aqtype, p1); 
                  GETSHORT(aqclass, p1);
                  GETLONG(attl, p1);
+                  unsigned long mttl = 0;
                  if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
                    {
-                     (p1) -= 4;
-                     PUTLONG(daemon->max_ttl, p1);
+                      mttl = daemon->max_ttl;
+                   }
+                 if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
+                   {
+                      mttl = daemon->min_ttl;
                    }
+                  if (mttl != 0)
+                  {
+                     (p1) -= 4;
+                     PUTLONG(mttl, p1);
+                  }
                  GETSHORT(ardlen, p1);
                  endrr = p1+ardlen;
                  
@@ -762,11 +771,20 @@
              GETSHORT(aqtype, p1); 
              GETSHORT(aqclass, p1);
              GETLONG(attl, p1);
+              unsigned long mttl = 0;
              if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
-               {
-                 (p1) -= 4;
-                 PUTLONG(daemon->max_ttl, p1);
-               }
+               {
+                  mttl = daemon->max_ttl;
+               }
+             if ((daemon->min_ttl != 0) && (attl < daemon->min_ttl) && !is_sign)
+               {
+                  mttl = daemon->min_ttl;
+               }
+              if (mttl != 0)
+              {
+                 (p1) -= 4;
+                 PUTLONG(mttl, p1);
+              }
              GETSHORT(ardlen, p1);
              endrr = p1+ardlen;
              
分类
最新文章
最近回复
  • 田博: 如果dts中没有USB信息,这样也能装上?
  • 海运: 正常情况下编译整个内核执行make menuconfig后就不会出现此提示,当单独编译单个模块...
  • oijq: 就是用的armbian的配置文件哈,按你的教程做的,在执行make LOCALVERSION=...
  • 海运: 使用armbian的配置文件,其它添加或修改自己懂的部分,不懂的就不要碰了。
  • oijq: 编译时这些选项全部选Y吗? Actions Semi Platforms (ARCH_ACTI...
  • 海运: n1编译bbr内核模块参考这个:https://www.haiyun.me/archives/...
  • jiqz: make M=net/ipv4/ CONFIG_TCP_CONG_BBR=m modules ...
  • ruralhunter: 哦,文档里应该是对的,是.config
  • ruralhunter: cp /mnt/boot/config-4.18.7-aml-s9xxx .config 这里...
  • 海运: 你是编译不成功呢?还是编译后不能运行呢?还是运行后不能访问web界面呢?
归档