Some handy bacula commands

Show what files will be backed up:

echo "estimate listing fileset=Server" | bconsole

List all files backuped in a particular job:

echo "list files jobid=12"  | bconsole

How to repair an SQLite database

echo ".dump" | sqlite3 old.db | sqlite3 new.db

Explanation: pipe “.dump” to sqlite and use that output (the dump itself) to fill the new.db database.

Cleaning up Git

I had this huge git repository (1.9 gigabyte) and I couldn’t discover WHY is was SO big. After reading up on some git cleaning et cetera I did a `git gc`. I went from 1.9g to 12mb (megabytes yes). Unbelievable…

git-gc – Cleanup unnecessary files and optimize the local repository

Ubuntu & special characters

I set my Compose Key to Right Alt.

OpenWrt OpenVPN & Gnome Network Manger + tls-remote

I’ve bought myself a Netgear WNDR3800 and put OpenWrt on it. I’m loving it! It’s not as easy to use as Tomato but it is much, much more modular and configurable.
One of the first things I did was installing OpenVPN on it. Currently I have OpenVPN running on my Pandaboard but if it was possible I would like to have OpenVPN running on my router.

After that was done and it ran ok I decided to have another look at the settings of my OpenVPN client: Gnome Network Manager

My previous setup used three separate certificates/keys: a user certificate, a CA certificate and a private key (and actually a ta.key). I used the `build-key` command to generate a new user certificate on the router which generated a *.p12 file. I first wanted to extract the three different certificates from the PKCS12 file but it appears that Network Manager can use those files.

After I figured that out I wanted to make OpenVPN a little securer. I had three things in mind:

  1. CRL (certificate revocation list)
  2. Additional TLS authentication
  3. Certificate Subject Match


Add this to `/etc/config/openvpn`:

option 'crl_verify' '/etc/easy-rsa/keys/crl.pem'

Then I wanted to create the (empty) crl.pem with this command:

ca -config /etc/easy-rsa/openssl.cnf -gencrl -out /etc/easy-rsa/keys/crl.pem

But it kept throwing errors: `27215:error:0E065068:lib(14):func(101):reason(104)`

It turned out to be that I had to add these lines to `/etc/easy-rsa/vars`:

export KEY_OU=""
export KEY_CN=""
export KEY_NAME=""

After that the creation of the crl.pem succeeded.

Additional TLS authentication

This was a lot simpler. Generate the ta.key on the router:

openvpn --genkey --secret /etc/openvpn/ta.key

Add this to `/etc/config/openvpn`:

option 'tls_auth' '/etc/openvpn/ta.key 0'

And as last,  make sure the advanced section of the openvpn connection of Gnome Network Manager looks like this (copy the ta.key to your local machine):

Certificate Subject Match

I tried some time ago to make the Subject Matching work in Network Manager but I kept getting errors. This time I persisted and I got it working. It all had to do with the format of tls-remote (same thing, but this is the way openvpn calls it).

First, on the router, do this:

openssl x509 -in -text -noout | grep "Subject:"

You get something like:

C=MyCountry, ST=MyState, L=MyCity, O=example.tld, CN=host.example.tld/name=MyFirstName MyLastName/

First, append the string with a ‘/’. Next, replace all occurences of ‘ ,’ with ‘/’. Now you have something like:

/C=MyCountry/ST=MyState/L=MyCity/O=example.tld/CN=host.example.tld/name=MyFirstName MyLastName/

So far, so good. Now the tricky part. It seems that openssl/openvpn substitutes dots and spaces in X509 names as underscores. I could not find any documentation on it…

So change `name=MyFirstName MyLastName` to `name=MyFirstName MyLastName`. You then end up with:


 Now, everything should work as planned!

Gitlab reque & supervisord

Gitlab needs at least one resque daemon. I always forget to start it when I boot the (virtual) pc where gitlab resides. So I installed supervisord an set up this conf file:

command=bundle exec rake environment resque:work
# Do not use BACKGROUND=No, it only checks if BACKGROUND is set

Upgrading OpenElec on the Raspberry Pi

I’ve installed openelec on my Rasberry Pi. It worked great! I upgraded regularly with the prebuild openelec binaries. The upgrade from r11493 to r11691 however went wrong. The system still booted but the screen kept black. After some awesome help on the #openelec irc channel I solved it. I always updated openelec by moving the files from the “target/” folder in the openelec packages to /storage/.update on the Raspberry Pi. However on the irc channel I learned I also should update the bootloader and driver files.

This are the steps to update the bootloader and driver files. On the Pi:

ssh openelec
mount -o remount,rw /flash

Then copy the files from 3rdparty/bootloader in the openelec package to /flash on the Raspberry Pi. I did it using gvfs in nautilus (ssh://openelec/flash).

I rebooted and my Raspberry Pi worked again!

In the proces of finding how to solve my problem I also found another source for prebuild Raspberry Pi openelec packages. They aren’t “official” packages from openelec but they worked very well for me.

Upgrading gitlab to the new stable

cd ~/public_html/
git checkout stable
RAILS_ENV=production rake db:migrate
bundle install --without development test --deployment
sudo service nginx restart

Git: an easy way to change authors name

git filter-branch --commit-filter 'if [ "$GIT_AUTHOR_NAME" = "LeonB" ];
  then export GIT_AUTHOR_NAME="Leon Bogaert"; export;

After this is done you can do:

git push -f

It says some scary things like:

# Your branch and 'origin/v3' have diverged,
# and have 75 and 75 different commits each, respectively.

But you can Ignore those.

Installing & using flexget

Install dependencies from Ubuntu repositories

sudo apt-get install python-setuptools python-transmissionrpc

Edit ~/.pydistutils.cfg

user = true

Install flexget

easy_install flexget
mkdir ~/.flexget

Edit ~/.flexget/config.yml

  Coder Radio Video:
    exists: /media/freenas/podcasts/Coder Radio Video/
    download: /media/freenas/podcasts/Coder Radio Video/
    exists: /media/freenas/podcasts/
    download: /media/freenas/podcasts/

  FauxShow HD:
    exists: /media/freenas/podcasts/FauxShow HD/
    download: /media/freenas/podcasts/FauxShow HD/

  In Depth Look HD:
    exists: /media/freenas/podcasts/In Depth Look HD/
    download: /media/freenas/podcasts/In Depth Look HD/

#  TechSNAP Large Video:
#    rss:
#    exists: /media/freenas/podcasts/TechSNAP Large Video/
#    download: /media/freenas/podcasts/TechSNAP Large Video/

  The Changelog:
    exists: /media/freenas/podcasts/The Changelog/
    download: /media/freenas/podcasts/The Changelog/

#  The Linux Action Show! Video:
#    rss:
#    exists: /media/freenas/podcasts/The Linux Action Show! Video/
#    download: /media/freenas/podcasts/The Linux Action Show! Video/

  unfilter HD:
    exists: /media/freenas/podcasts/unfilter HD/
    download: /media/freenas/podcasts/unfilter HD/

  Linux Action Show Torrent:
    exists: /media/freenas/podcasts/The Linux Action Show! Video/
        enabled: yes
      path: /media/freenas/podcasts/The Linux Action Show! Video/

  TechSNAP Torrent:
    exists: /media/freenas/podcasts/TechSNAP Large Video/
        enabled: yes
      path: /media/freenas/podcasts/TechSNAP Large Video/

    accept_all: yes
    limit_new: 2
      host: localhost
      port: 9091
      username: transmission
      password: transmission
      honourlimits: yes
      maxdownspeed: 200
      maxupspeed: 20
      enabled: no

Now test it:

flexget --check
flexget --test

Mark all current feed items as seen

flexget --learn

Download one feed

flexget --feed "unfilter HD"

Unmark feed as seen

flexget --forget "unfilter HD"

Add it to cron

/usr/bin/nice -n19 /home/leon/.local/bin/flexget --cron