Welcome to my blog.  Hopefully here you will find some interesting and detailed articles relating to Windows Home Server, Home Computing and General IT.

Automated updates for Ubuntu 22.04 LTS (in packer etc)

For a long time I have seen that Ubuntu APT has declared it has not got a stable CLI interface and with 22.04LTS that has become a thing. If you try to a automate apt -y upgrade after an update your command will never complete as it will pop up a dialog window asking you which services you want to restart. Not very friendly for automation.
Now I don’t know if this the right way to do it, but it works for me in my homelab. What we do is leverage unattended-upgrade and change the settings before and after we run this command. By default unattended-upgrade is set only to apply security updates, something you want right. However, when you are creating a template usually you want all the other updates and patches that go with the default setup of your distro. So this is how I do it under packer with a shell script:

[Read More]

No reserved memory for ESX VMs

$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.memoryReservationLockedToMax = $false
$spec.memoryAllocation = New-Object VMware.Vim.ResourceAllocationInfo
$spec.memoryAllocation.Reservation = 0
Get-VM | Get-View -Property Config.MemoryAllocation | %{$_.ReconfigVM_Task($spec)}

Decrypt an OPNsense config file

If you have an encrypted OPNsense configuration file then you can use the following to decrypt it. Note no password has been defined, add yours as required:

cat config.xml.aes | grep -Ev 'config.xml|:' | base64 -d | openssl enc -d -aes-256-cbc -out config.xml -pass pass: -salt -md sha512 -pbkdf2 -iter 100000

Quick LVM extend

pvcreate /dev/sdb  
lvmdiskscan -l  
vgextend ubuntu-vg /dev/sdb  
lvm lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv  
resize2fs -p /dev/mapper/ubuntu--vg-ubuntu--lv  
df -h

Dell ESXi 7.0 U3 Install

The Dell version of VMware has been released and can be installed simply on a standalone ESXi server once it is maintenance mode.

First get the ZIP file from VMware:

https://customerconnect.vmware.com/downloads/details?downloadGroup=OEM-ESXI70U3-DELLEMC&productId=974

You should verify the checksum:

MD5SUM:

b9db1e378bc0cfccd979fe0660867641

SHA1SUM:

9f5121f0d9d39aa32c0d3f71c13e117bf4923737

SHA256SUM:

c9a0025d0946ab154520d6606a50b5dca0218294e90250bd5a9a8a6dd4dee50c

Checksums for ESXi ZIP file

Upload the ZIP file to a datastore that can be accessed by ESXi (local or remote) however don’t copy it to the boot media unless you know what you are doing.

[Read More]

Install WSL on Windows 11

Option a command prompt as Administrator.

wsl --install

Then reboot and open WSL to complete the installation. That is it, install Ubuntu 20.04 LTS by default.

Getting XRDP working with Fedora Gnome

cp -f /etc/xrdp/xrdp.ini /etc/xrdp/xrdp.ini.org
cp -f /etc/xrdp/sesman.ini /etc/xrdp/sesman.ini.org
sed -i "s/autorun=/autorun=Xorg/g" /etc/xrdp/xrdp.ini
sed -i "0,/allow\_channels=true/{s/allow\_channels=true/allow\_channels=false/}" /etc/xrdp/xrdp.ini
echo "PREFERRED=gnome-session" > /etc/sysconfig/desktop
echo "unset DBUS\_SESSION\_BUS\_ADDRESS; gnome-session" >> /etc/sysconfig/desktop
echo "allowed\_users=anybody" > /etc/X11/Xwrapper.config
sed -i "/param=96/ a param=-AcceptCutText=0\\nparam=-SendCutText=0\\nparam=-SendPrimary=0\\nparam=-SetPrimary=0" /etc/xrdp/sesman.ini
systemctl restart xrdp

Setting the old way of crypto

So updating an OS sometimes changes the defaults used for various pieces of crypto. In fedora to set it back to how it used to be:

update-crypto-policies --set LEGACY

You should only do this as last resort or just for testing.

WD My Cloud Home Open Ports

Simply scanned the new units to see what ports are open:

al@alex490:~$ nmap -p- 192.168.nnn.nnn

Starting Nmap 7.60 ( https://nmap.org ) at 2020-11-25 18:41 GMT  
Nmap scan report for MyCloud-R6GNH47Y.lab.tsew.net (192.168.0.132)  
Host is up (0.0011s latency).  
Not shown: 65527 closed ports  
PORT STATE SERVICE  
80/tcp open http  
139/tcp open netbios-ssn  
443/tcp open https  
445/tcp open microsoft-ds  
548/tcp open afp  
8080/tcp open http-proxy  
9999/tcp open abyss  
33284/tcp open unknown

Regenerating LetsEncrypt Certs

Easy way to update LetsEncrypt certs: stop letsencrypt

%s/HTTPS_METHOD=redirect/HTTPS_METHOD=noredirect

start letsencrypt

%s/HTTPS_METHOD=noredirect/HTTPS_METHOD=redirect

quit and verify

echo | openssl s_client -servername HostName -connect HostName:443 2>/dev/null | openssl x509 -noout -dates