Some handy bacula commands

Show what files will be backed up:

echo "estimate job=client.vanutsteen.nl listing client=client.vanutsteen.nl fileset=Server" | bconsole

List all files backuped in a particular job:

echo "list files jobid=12"  | bconsole

How to repair an SQLite database

echo ".dump" | sqlite3 old.db | sqlite3 new.db

Explanation: pipe “.dump” to sqlite and use that output (the dump itself) to fill the new.db database.

Cleaning up Git

I had this huge git repository (1.9 gigabyte) and I couldn’t discover WHY is was SO big. After reading up on some git cleaning et cetera I did a `git gc`. I went from 1.9g to 12mb (megabytes yes). Unbelievable…

git-gc – Cleanup unnecessary files and optimize the local repository

Ubuntu & special characters

https://help.ubuntu.com/12.04/ubuntu-help/tips-specialchars.html

I set my Compose Key to Right Alt.

OpenWrt OpenVPN & Gnome Network Manger + tls-remote

I’ve bought myself a Netgear WNDR3800 and put OpenWrt on it. I’m loving it! It’s not as easy to use as Tomato but it is much, much more modular and configurable.
One of the first things I did was installing OpenVPN on it. Currently I have OpenVPN running on my Pandaboard but if it was possible I would like to have OpenVPN running on my router.

After that was done and it ran ok I decided to have another look at the settings of my OpenVPN client: Gnome Network Manager

My previous setup used three separate certificates/keys: a user certificate, a CA certificate and a private key (and actually a ta.key). I used the `build-key` command to generate a new user certificate on the router which generated a *.p12 file. I first wanted to extract the three different certificates from the PKCS12 file but it appears that Network Manager can use those files.

After I figured that out I wanted to make OpenVPN a little securer. I had three things in mind:

  1. CRL (certificate revocation list)
  2. Additional TLS authentication
  3. Certificate Subject Match

CRL

Add this to `/etc/config/openvpn`:

option 'crl_verify' '/etc/easy-rsa/keys/crl.pem'

Then I wanted to create the (empty) crl.pem with this command:

ca -config /etc/easy-rsa/openssl.cnf -gencrl -out /etc/easy-rsa/keys/crl.pem

But it kept throwing errors: `27215:error:0E065068:lib(14):func(101):reason(104)`

It turned out to be that I had to add these lines to `/etc/easy-rsa/vars`:

export KEY_OU=""
export KEY_CN=""
export KEY_NAME=""

After that the creation of the crl.pem succeeded.

Additional TLS authentication

This was a lot simpler. Generate the ta.key on the router:

openvpn --genkey --secret /etc/openvpn/ta.key

Add this to `/etc/config/openvpn`:

option 'tls_auth' '/etc/openvpn/ta.key 0'

And as last,  make sure the advanced section of the openvpn connection of Gnome Network Manager looks like this (copy the ta.key to your local machine):

Certificate Subject Match

I tried some time ago to make the Subject Matching work in Network Manager but I kept getting errors. This time I persisted and I got it working. It all had to do with the format of tls-remote (same thing, but this is the way openvpn calls it).

First, on the router, do this:

openssl x509 -in router.vanutsteen.nl.crt -text -noout | grep "Subject:"

You get something like:

C=MyCountry, ST=MyState, L=MyCity, O=example.tld, CN=host.example.tld/name=MyFirstName MyLastName/emailAddress=myname@example.com

First, append the string with a ‘/’. Next, replace all occurences of ‘ ,’ with ‘/’. Now you have something like:

/C=MyCountry/ST=MyState/L=MyCity/O=example.tld/CN=host.example.tld/name=MyFirstName MyLastName/emailAddress=myname@example.com

So far, so good. Now the tricky part. It seems that openssl/openvpn substitutes dots and spaces in X509 names as underscores. I could not find any documentation on it…

So change `name=MyFirstName MyLastName` to `name=MyFirstName MyLastName`. You then end up with:

/C=MyCountry/ST=MyState/L=MyCity/O=example.tld/CN=host.example.tld/name=MyFirstName_MyLastName/emailAddress=myname@example.com

 Now, everything should work as planned!

Gitlab reque & supervisord

Gitlab needs at least one resque daemon. I always forget to start it when I boot the (virtual) pc where gitlab resides. So I installed supervisord an set up this conf file:
/etc/supervisor/conf.d/resque.conf:

[program:resque]
command=bundle exec rake environment resque:work
# Do not use BACKGROUND=No, it only checks if BACKGROUND is set
environment=QUEUE="post_receive,mailer,system_hook",RAILS_ENV="production"
process_name=resque
numprocs=1
directory=/home/gitlab.tim-online.nl/public_html
autostart=true
autorestart=true
user=gitlab.tim-online.nl

Upgrading OpenElec on the Raspberry Pi

I’ve installed openelec on my Rasberry Pi. It worked great! I upgraded regularly with the prebuild openelec binaries. The upgrade from r11493 to r11691 however went wrong. The system still booted but the screen kept black. After some awesome help on the #openelec irc channel I solved it. I always updated openelec by moving the files from the “target/” folder in the openelec packages to /storage/.update on the Raspberry Pi. However on the irc channel I learned I also should update the bootloader and driver files.

This are the steps to update the bootloader and driver files. On the Pi:

ssh openelec
mount -o remount,rw /flash

Then copy the files from 3rdparty/bootloader in the openelec package to /flash on the Raspberry Pi. I did it using gvfs in nautilus (ssh://openelec/flash).

I rebooted and my Raspberry Pi worked again!

In the proces of finding how to solve my problem I also found another source for prebuild Raspberry Pi openelec packages. They aren’t “official” packages from openelec but they worked very well for me.

Upgrading gitlab to the new stable


cd ~/public_html/
git checkout stable
RAILS_ENV=production rake db:migrate
bundle install --without development test --deployment
sudo service nginx restart

Git: an easy way to change authors name

git filter-branch --commit-filter 'if [ "$GIT_AUTHOR_NAME" = "LeonB" ];
  then export GIT_AUTHOR_NAME="Leon Bogaert"; export GIT_AUTHOR_EMAIL=leon@tim-online.nl;

After this is done you can do:

git push -f

It says some scary things like:

# Your branch and 'origin/v3' have diverged,
# and have 75 and 75 different commits each, respectively.

But you can Ignore those.

Installing & using flexget

Install dependencies from Ubuntu repositories

sudo apt-get install python-setuptools python-transmissionrpc

Edit ~/.pydistutils.cfg

[easy_install]
user = true

Install flexget

easy_install flexget
mkdir ~/.flexget

Edit ~/.flexget/config.yml


feeds:
  Coder Radio Video:
    rss: http://feeds.feedburner.com/coderradiovideo
    exists: /media/freenas/podcasts/Coder Radio Video/
    download: /media/freenas/podcasts/Coder Radio Video/

  Dev1.tv:
    rss: http://feeds.feedburner.com/dev1tv
    exists: /media/freenas/podcasts/Dev1.tv/
    download: /media/freenas/podcasts/Dev1.tv/

  FauxShow HD:
    rss: http://www.jupiterbroadcasting.com/feeds/FauxShowHD.xml
    exists: /media/freenas/podcasts/FauxShow HD/
    download: /media/freenas/podcasts/FauxShow HD/

  In Depth Look HD:
    rss: http://www.jupiterbroadcasting.com/feeds/indepthlookihd.xml
    exists: /media/freenas/podcasts/In Depth Look HD/
    download: /media/freenas/podcasts/In Depth Look HD/

#  TechSNAP Large Video:
#    rss: http://feeds.feedburner.com/techsnaplarge
#    exists: /media/freenas/podcasts/TechSNAP Large Video/
#    download: /media/freenas/podcasts/TechSNAP Large Video/

  The Changelog:
    rss: http://feeds.feedburner.com/thechangelog
    exists: /media/freenas/podcasts/The Changelog/
    download: /media/freenas/podcasts/The Changelog/

#  The Linux Action Show! Video:
#    rss: http://feeds.feedburner.com/computeractionshowvideo
#    exists: /media/freenas/podcasts/The Linux Action Show! Video/
#    download: /media/freenas/podcasts/The Linux Action Show! Video/

  unfilter HD:
    rss: http://www.jupiterbroadcasting.com/feeds/unfilterHD.xml
    exists: /media/freenas/podcasts/unfilter HD/
    download: /media/freenas/podcasts/unfilter HD/

  Linux Action Show Torrent:
    rss: http://www.jupiterbroadcasting.com/feeds/lasstorrent.xml
    exists: /media/freenas/podcasts/The Linux Action Show! Video/
    set:
      transmission:
        enabled: yes
      path: /media/freenas/podcasts/The Linux Action Show! Video/

  TechSNAP Torrent:
    rss: http://www.jupiterbroadcasting.com/feeds/TechSNAPTorrent.xml
    exists: /media/freenas/podcasts/TechSNAP Large Video/
    set:
      transmission:
        enabled: yes
      path: /media/freenas/podcasts/TechSNAP Large Video/

presets:
  global:
    accept_all: yes
    limit_new: 2
    transmission:
      host: localhost
      port: 9091
      username: transmission
      password: transmission
      honourlimits: yes
      maxdownspeed: 200
      maxupspeed: 20
      enabled: no

Now test it:


flexget --check
flexget --test

Mark all current feed items as seen


flexget --learn

Download one feed


flexget --feed "unfilter HD"

Unmark feed as seen

flexget --forget "unfilter HD"

Add it to cron


/usr/bin/nice -n19 /home/leon/.local/bin/flexget --cron