Friday, September 15, 2023
Ubuntu Jammy Install MySQL via the Oracle PPA with Modern GPG / Public Key Keyring Method
Friday, April 21, 2023
Javascript OOP Classes are not real-- it is just syntactic sugar!
Monday, October 24, 2022
*buntu ( Kubuntu ) Install Sublime Text
Sunday, October 23, 2022
*buntu ( Kubuntu ) Install Google Chrome Browser
Friday, September 16, 2022
How to Turn JSON String Data into a Proper JavaScript Object
Monday, September 12, 2022
Adding PHP Environment Variables with Lines in /etc/php/8.1/php-fpm/pool.d/www.conf
I finally found a clean enough way to inject PHP environment variables into my applications that doesn't completely pucker my parts where the sun does not shine-- in this case the app environment(dev, test, prod) coincidentally and hostname. The example is dripping in Debian/*buntu flavor, you have been warned.
As a "twofer", this is how you might set up the capsule for the Cartalyst Sentinel library in an implementation loaded from Composer, as an example of how to create and use the values.
Example variables to put into my www.conf file of my php-fpm config. For me this file lives under /etc/php/8.1/fpm/conf.d/www.conf . Just right at the bottom of the file, append your environment variable definitions right there at the end. I restart my php-fpm process with brad@hostname$sudo systemctl restart php8.1-fpm for lack of any reason to do otherwise.env[environment] = 'prod'
env[sentinelDriver] = 'mysql'
env[sentinelHost] = 'hostname-that-might-be-localhost'
env[sentinelDatabase] = 'sentinel-database-name'
env[sentinelUsername] = 'sentinel-database-username'
env[sentinelPassword] = 'sentinel-database-password'
env[sentinelCharset] = 'utf8'
env[sentinelCollation] = 'utf8_unicode_ci'
And then where the rubber meets the road in your PHP files:
$capsule = new Capsule;
$capsule->addConnection([
'driver' => $_SERVER['sentinelDriver'];
'host' => $_SERVER['sentinelHost'];
'database' => $_SERVER['sentinelDatabase'];
'username' => $_SERVER['sentinelUsername'];
'password' => $_SERVER['sentinelPassword'];
'charset' => $_SERVER['sentinelCharset'];
'collation' => $_SERVER['sentinelCollation'];
];
A word of caution. The php-fpm www.conf default for showing the system environment variables is:
clear_env = yes
However, you won't see that configuration setting. So, for me, the following default that I do see in every configuration of every system I have ever provisioned is correct:
;clear_env = no
I don't want my real system environment variables available via my application so far. Possible, yes. Desired functionality, no.
clear_env = no
Friday, September 9, 2022
My Port 80 Nginx Config Going Forward
Saturday, January 11, 2020
Playing with the FreeIPA Identity, Permissions, and Audit Server software with an Automated Install on Debian Sid -- Unattended Install Success!
There is a caveat-- the SSL certificates. I did not find a way I liked to import the certificates into the script in the same manner as the hostname, domain, and various passwords-- so they are hardcoded in. Sub-optimal. An inline expect script was the best I could do to respond to the kinit requested input of AdminUserPassword.
I am quasi-satisfied as it is. Time to show it off and receive the proper criticisms. Thank you in advance to everyone who was grumpy and doesn't hold back. I won't be better if I don't get the proper WTF admonishings...
================== Linode Stack Script ======================= #!/usr/bin/env bash date +%s > /tmp/start.txt #<UDF name="hostname" label="The new Linode's Host Name" default="ipa"> # HOSTNAME= #<UDF name="domain" label="The new Linode's Domain" default="example.com"> # DOMAIN= #<UDF name="kerberospass" label="The password for the Kerberos database" default="KerberosPassword"> # KERBEROSPASS= #<UDF name="ADMINUSERPASS" label="The password for the IPA Admin User" default="AdminUserPassword"> # ADMINUSERPASS= #<UDF name="DIRMGRPASS" label="The password for the Directory Manager" default="DirectoryManagerPassword"> # DIRMGRPASS= #<UDF name="P12CERTPASS" label="The password for the pkcs12 certificate" default="p12-cert-password"> # P12CERTPASS= cat << EOF > /etc/ssl/certs/${HOSTNAME}.${DOMAIN}.csr -----BEGIN CERTIFICATE REQUEST----- MIICqTCCAZECAQAwZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBE9ISU8xETAPBgNV BAcMCEVBU1RMQUtFMRAwDgYDVQQKDAdFWEFNUExFMQswCQYDVQQLDAJJVDEUMBIG A1UEAwwLRVhBTVBMRS5DT00wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQC54Z91je+HQ1U8jcQDJOCIMeDxub6EtraWMdolj+3d5CxIqaXDTcTbiBO3wwKw 1rATnhN6gr/sj2/eyZjcp1J51Ss0Ibvpkw5png/3A+mLfP2BU+8l2qUtC9zqJjuU s4sC0LfQcoTMbYNGwvpijh0xOM74irJAt3nr9+82emVThERaAMeQXWMpl9ZerA4E i94xM/NNVS4gnTBln2HiZBAPkED+fSW8knhWSm3tUKDNS2uhi+hExy4q1SflMTWX FdylXfUzFt4a/L+ivbS7QZUThlbO5B0gPVF0s1wwgr+MXGaCSSm70jMoF+w9B3Iv JPPwlx3myWQWKYlX6FpBV/GFAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAtL9z NT0zLCB9JA7IQvuUHle4bYcG/aMSiXZVYsU7qvmhDP48czjx4EQGWT2KuzDKrc0l J2IdhLqWR7WNC4ToCEpOjVVBrmUOoB01GbjmuCqJZhCTvFPPHW0LSxRh2elzGLFz 2BaEzq8lwGo8rZ+/pS8zVdlIg5GwWxQxu0sErrrT71bnRCsbMYLtRQa/R7inAwT1 AOy511wLqJPcQVs+cI5UTZu8J5QVd8Z/xjHI0Nf0EiCdsyzGJUrN8Rw8TDafp0XL LgSMqydkfCrfNmiTtd1AZJlK59pZ6XHdIyM6j3bA+zoniSIxA3Vbi2C0Qry9ltcI sd4WPW1LF4aN1ZOD6Q== -----END CERTIFICATE REQUEST-----" EOF cat << EOF > /etc/ssl/certs/addtrust.root.chain.crt -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- EOF cat << EOF > /etc/ssl/certs/usertrust.chain.crt -----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM 8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ +gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p 0fKtirOMxyHNwu8= -----END CERTIFICATE----- EOF cat << EOF > /etc/ssl/certs/sectigo.chain.crt -----BEGIN CERTIFICATE----- MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb +ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0 LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH 7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38 sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq 6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5 yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K 00u/I5sUKUErmgQfky3xxzlIPK1aEn8= -----END CERTIFICATE----- EOF # the one place where I could NOT abuse the 'cat' command... but DID ANYWAYS! cat << EOF > /etc/ssl/certs/full.chain.crt -----BEGIN CERTIFICATE----- MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb +ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0 LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH 7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38 sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq 6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5 yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K 00u/I5sUKUErmgQfky3xxzlIPK1aEn8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM 8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ +gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p 0fKtirOMxyHNwu8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- EOF cat << EOF > /etc/ssl/certs/${HOSTNAME}.${DOMAIN}.crt -----BEGIN CERTIFICATE----- MIIDnjCCAoagAwIBAgIJAKB7jY2KwQ3eMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV BAYTAlVTMQ0wCwYDVQQIDARPSElPMREwDwYDVQQHDAhFQVNUTEFLRTEQMA4GA1UE CgwHRVhBTVBMRTELMAkGA1UECwwCSVQxFDASBgNVBAMMC0VYQU1QTEUuQ09NMB4X DTIwMDExMTA4MzMyNVoXDTIwMDIxMDA4MzMyNVowZDELMAkGA1UEBhMCVVMxDTAL BgNVBAgMBE9ISU8xETAPBgNVBAcMCEVBU1RMQUtFMRAwDgYDVQQKDAdFWEFNUExF MQswCQYDVQQLDAJJVDEUMBIGA1UEAwwLRVhBTVBMRS5DT00wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC68zZBgZ/NLH74iuQI1zKgahaFFpSWkQlVUbU1 LEqq+3TuV+IGr98ztk2YY8eoBirXneD/umClfn2EMZttQqXJMv2MEGVhUUKwY6mK wp92B/COIeY+LxUioA12IPDHahAf1EbgCL3FDQ7As6e/kUI/NKSeQbmWY/mnwFbB mWoztbe2aegwRXHSWHiEk0SbizTYvyrNe6czhMznxKTpr66u+5CX2neR0Wu+vWLA tgikn2Wl5qfu3TIZEvUw49Lwe1VFcrfnJIp6fBBtfRHLW+A9KSm5G5yW2f/2asKn Tl880r5WHZ5u6sAFaUQK/kO5IQht5TqtZJRdk72LOFgeL6djAgMBAAGjUzBRMB0G A1UdDgQWBBQ5uhlDtZ3WlJX8I2fq0Ss/3SxsoTAfBgNVHSMEGDAWgBQ5uhlDtZ3W lJX8I2fq0Ss/3SxsoTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB AQCkzQ5IIIE4jYx1bKRGCsPESNSxEpuv9wIeG8BU2F/XMqp5Pm1odkKr6AKRb0RU 44qhM6tlsorCBCGnEN3ij07Ctuu+hbvVzfyKrhtFK/NC6wQx24aWiBuhhkZZgBTV yPtslEZwNfMKuXlNhajea7f4HrB6pfxEVUAlhF2XCLlaQ7DNx6pL39zItWVBAvHA 50Xns1sIR9V7RRm49ilsU3+P7hcXP2WmmpXYZn0ObtTC6IIOEeDLMNf4G8tGganx qSaOfpZjuM+E3LMlMf5vKJQI0LtrJqY12uD6JaoP8JW1MVske2YpPe7h2hL5Sz8B B2wrROUQ8M1HMMFt5RdcHD1U -----END CERTIFICATE----- EOF cat << EOF > /etc/ssl/certs/${HOSTNAME}.${DOMAIN}.pkey -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC54Z91je+HQ1U8 jcQDJOCIMeDxub6EtraWMdolj+3d5CxIqaXDTcTbiBO3wwKw1rATnhN6gr/sj2/e yZjcp1J51Ss0Ibvpkw5png/3A+mLfP2BU+8l2qUtC9zqJjuUs4sC0LfQcoTMbYNG wvpijh0xOM74irJAt3nr9+82emVThERaAMeQXWMpl9ZerA4Ei94xM/NNVS4gnTBl n2HiZBAPkED+fSW8knhWSm3tUKDNS2uhi+hExy4q1SflMTWXFdylXfUzFt4a/L+i vbS7QZUThlbO5B0gPVF0s1wwgr+MXGaCSSm70jMoF+w9B3IvJPPwlx3myWQWKYlX 6FpBV/GFAgMBAAECggEBAJPaPH1D/e/ohgcZeH1LuvF6Q0PjDAECWK+VTcCtAHaM BRFzJ6/2zwwT7CMyEZTZ38pq5XGASOsAmOpsDpQM35SbE7du0cqTt1YZbPd9fCoA rKBPRB0nElWHZxw0dxXrzjnaDSvXu3vj7BTACGuWQPAjELYvlGPXzTn9x5/csXZA lEaBLtX5hNJD7J3YU/kVxcJUFEcZvegakcBjba5JR5khUFHeaKjgMqswnWAVGKos Zwtbr8E2ULirfkHAO6I0HvVZ1WvdY44iUSK1nozm/32orHmjbeEJvPJl4EWKxHDo Yi+yAvkBtwzpgX9v9mDIX9R0ASvHGIRMKCjSNMmMY4ECgYEA99Cit10jvQUKuO3N iUA+wGre/xB4ZWcoCXnT9kKneBtJDURyVWdHYsbGTLaEz+p+IMh+kuhjSCCB+eZ6 dgDGdYgumRa2O/JbQuJdqylA+ZdFMnIvaJ7IfJOJSoqTLnWpaqLAd0uH2Pf+fjlE DwPQSNePnfNq1xCE9x5v2KpvveECgYEAwAVQ705gM1UA3EZDN6dm4S8CI3/Sh7R4 gcNT9SjteOaOuh4LSt+R7lceN1HIu7Bven6Zgms5xzb4A6HlQzJsfT18Jw9YSuyG 6cNrzXfeanEj6qmZ45qRUdnvtaF2N/jmlQnmN4EOyawDYLif0ZUHdM3EB+epE8Ag NybuKI5hgCUCgYEAqX4xTGiPwQBpzQIYyf7+7GwsCRgiwHhFkfWZW51LHYLL/B8M dA0nbg+2IVHUlMA1dAatS51WCkbxnxJcP8lX85spA9vc2DNy59QbbK3SmuMzmMUw V8YCKfJevHT7JZOkRCL8sJsgVu2HSp2wRvS8yJVmzQln0aCi0MIojXBE7QECgYBx gbL6AsZzEYhUrWQGffoemn8VJPX6KgAiFKiIfw0BLqin9CKQu9+zl+PQp5OU/xKm wjdUFLYuwJuS6hxvwFrJHZNKM5Ppli+Z916+MmFTYlXs3RyOokvMqps8LpmHNKZ4 60UfAjcPl5LXlctDRGkH7qo2UgZsGmHwuB6H8sJH0QKBgQCrdGnuCxiOi1zPu6Ii ESEbarDy+R/q/aUZgVXIDyZRZ4ce5BIhUslftkhr/T9FDR7KxHcV1wYO6BngLOA3 51HgSNtuILtd7VWBphBVdsJEiH3Q66K2MeIOkWVitQrDuf/g29nIqd/c5Z911f2H PRST/vdUhCgnw4dbO4uy9+sLEw== -----END PRIVATE KEY----- EOF hostnamectl set-hostname $HOSTNAME.$DOMAIN IPADDR=$(hostname --ip-address) echo "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME" > /etc/hosts DEBIAN_FRONTEND=noninteractive echo "deb http://deb.debian.org/debian/ unstable main contrib non-free" > /etc/apt/sources.list echo "" >> /etc/apt/sources.list echo "#deb http://ftp.us.debian.org/debian bullseye main contrib non-free" >> /etc/apt/sources.list echo "##deb http://security.debian.org/ bullseye/updates main contrib non-free" >> /etc/apt/sources.list echo "#deb http://ftp.us.debian.org/debian bullseye-updates main contrib non-free" >> /etc/apt/sources.list apt update echo 'libc6 libraries/restart-without-asking boolean true' | debconf-set-selections echo 'samba-common samba-common/dhcp boolean false' | debconf-set-selections DEBIAN_FRONTEND=noninteractive apt -y dist-upgrade DEBIAN_FRONTEND=noninteractive apt install -y rng-tools ssh ufw vim echo 'HRNGDEVICE=/dev/urandom' >> /etc/default/rng-tools #Roughly three minutes to this point... systemctl enable ssh systemctl start ssh systemctl enable ufw systemctl start ufw for i in 80 88 389 443 464 636; do ufw allow proto tcp from any to any port $i; done for i in 88 123 464 123; do ufw allow proto udp from any to any port $i; done ufw reload apt install -y debconf-utils tree echo '[libdefaults]' > /etc/krb5.conf echo "default_realm = ${DOMAIN^^}" >> /etc/krb5.conf echo 'kdc_timesync = 1' >> /etc/krb5.conf echo 'ccache_type = 4' >> /etc/krb5.conf echo 'forwardable = true' >> /etc/krb5.conf echo 'proxiable = true' >> /etc/krb5.conf echo 'fcc-mit-ticketflags = true' >> /etc/krb5.conf echo '[realms]' >> /etc/krb5.conf echo "${DOMAIN^^} = {" >> /etc/krb5.conf echo "kdc = ${HOSTNAME}.${DOMAIN}" >> /etc/krb5.conf echo "admin_server = ${HOSTNAME}.${DOMAIN}" >> /etc/krb5.conf echo "default_domain = ${DOMAIN}" >> /etc/krb5.conf echo '}' >> /etc/krb5.conf echo '[domain_realm]' >> /etc/krb5.conf echo ".${DOMAIN} = ${DOMAIN^^}" >> /etc/krb5.conf echo "${DOMAIN} = ${DOMAIN^^}" >> /etc/krb5.conf cd /etc tree > /tmp/etc-tree-before.txt debconf-get-selections > /tmp/debconf-selections-before.txt echo "krb5-admin-server krb5-admin-server/newrealm note" | debconf-set-selections echo "krb5-config krb5-config/add_servers boolean false" | debconf-set-selections echo "krb5-config krb5-config/add_servers_realm string ${DOMAIN^^}" | debconf-set-selections echo "krb5-config krb5-config/admin_server string ${HOSTNAME}" | debconf-set-selections echo "krb5-config krb5-config/default_realm string ${DOMAIN^^}" | debconf-set-selections echo "krb5-config krb5-config/kerberos_servers string ${HOSTNAME}" | debconf-set-selections echo "krb5-config krb5-config/read_conf boolean true" | debconf-set-selections echo "krb5-kdc krb5-kdc/debconf boolean true" | debconf-set-selections echo "krb5-kdc krb5-kdc/purge_data_too boolean true" | debconf-set-selections cd /etc tree > /tmp/etc-tree-middle.txt debconf-get-selections > /tmp/debconf-selections-middle.txt DEBIAN_FRONTEND=noninteractive apt install -y krb5-kdc krb5-admin-server krb5-config softhsm expect cd /etc tree > /tmp/etc-tree-between.txt debconf-get-selections > /tmp/debconf-selections-between.txt kdb5_util create -s -r ${DOMAIN^^} -P ${KERBEROSPASS} echo "krb5-admin-server krb5-admin-server/newrealm note" | debconf-set-selections echo "krb5-config krb5-config/add_servers boolean false" | debconf-set-selections echo "krb5-config krb5-config/add_servers_realm string ${DOMAIN^^}" | debconf-set-selections echo "krb5-config krb5-config/admin_server string ${HOSTNAME}" | debconf-set-selections echo "krb5-config krb5-config/default_realm string ${DOMAIN^^}" | debconf-set-selections echo "krb5-config krb5-config/kerberos_servers string ${HOSTNAME}" | debconf-set-selections echo "krb5-config krb5-config/read_conf boolean true" | debconf-set-selections echo "krb5-kdc krb5-kdc/debconf boolean true" | debconf-set-selections echo "krb5-kdc krb5-kdc/purge_data_too boolean true" | debconf-set-selections DEBIAN_FRONTEND=noninteractive apt install -y freeipa-server ipa-server-install --realm=${DOMAIN^^} --domain=${DOMAIN} --ds-password=${DIRMGRPASS} --admin-password=${ADMINUSERPASS} --hostname=${HOSTNAME}.${DOMAIN} --unattended > /tmp/ipa-install-output.txt cd /etc tree > /tmp/etc-tree-after.txt debconf-get-selections > /tmp/debconf-selections-after.txt date +%s > /tmp/ipa-installed.txt expect <(cat <<'EOD' spawn kinit admin expect "*:" send -- "${ADMINUSERPASS}\r" sleep 1 send -- "\r\n" EOD ) ipa-cacert-manage install /etc/ssl/certs/addtrust.root.chain.crt ipa-certupdate ipa-cacert-manage install /etc/ssl/certs/usertrust.chain.crt ipa-certupdate ipa-cacert-manage install /etc/ssl/certs/sectigo.chain.crt ipa-certupdate openssl pkcs12 -export -chain -CAfile /etc/ssl/certs/full.chain.crt -in /etc/ssl/certs/${HOSTNAME}.${DOMAIN}.crt -inkey /etc/ssl/certs/${HOSTNAME}.${DOMAIN}.pkey -name ${HOSTNAME}.${DOMAIN} -out /etc/ssl/certs/${HOSTNAME}.${DOMAIN}.p12 -password pass:${P12CERTPASS} # Be sure to back up the CA certificates stored in /root/cacert.p12 ipactl restart ipa-server-certinstall -w -d /etc/ssl/certs/${HOSTNAME}.${DOMAIN}.p12 --pin=${P12CERTPASS} --dirman-password ${DIRMGRPASS} ipactl restart date +%s > /tmp/certs-installed.txt apt remove -y expect debconf-utils tree apt autoremove -y # https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/T5AHK6FTTUWVBIDU5HSOYKRIKMWUZ3OH/
Friday, January 3, 2020
JPG Images to MP4 Videos How To
I used some random bash one-liner from stack overflow to rename them in series by date. ...Which I seem to have misplaced.
I eventually cobbled together a sort of working ffmpeg command which you won't need-- but ffmpeg doesn't respect whatever EXIF data there is regarding rotation. To make the actual image match the EXIF data orientation, I used the exiftran command.
exiftran -ai *.jpeg
After getting everything right side up, the video size became the geometry of the first image. My first image was in portrait and the landscape images were stretched to match, unfortunately. I was fortunate that my maximum width and height were 4,032 pixels. To solve this problem I made my images square. I did this with gimp to create a 4,032 x 4,032 black image-- because black bars around the pictures is all fine enough for me. I then used the composite command from the imagemagick library to overlay and center all my images on that black square background saving the new image to a subdirectory. You'll need a square background, you can do it! And then the composite command from imagemagick.
I was lazy and used the Calc spreadsheet.
I gave myself a vertical column with a filename on each line.
ls -1
I put the filenames in column A1.
=CONCAT("composite -gravity center ", A1, " black.jpg square/", A1)
That will yeild a vertical column of commands to cut and paste into the CLI.
composite -gravity center 001.jpg black.jpg square/001.jpg
Now I have a directory full of square images in numeric sequence. FFMPEG time. Change the present working directory to the directory with all your square images. In this case, the square directory.
cd square
ffmpeg -framerate 1/3 -i '%03d.jpg' -vf fps=5 -pix_fmt yuv420p out.mp4
And then I tried the OpenShot video editor which felt slower, but had results I liked better. So there was that. Also, I think it respects EXIF data-- but I had already flipped everything.
Wednesday, September 4, 2019
Just a Nothing Special Gitea with SSH CLI Install
The link to the description of my default install: Debian Buster Ultra Basic Install
If it is orange, this is likely something that will be special and unique to your install, so change the values where necessary.
$ sudo ufw allow OpenSSH
$ sudo ufw allow 443/tcp
$ sudo systemctl enable ufw
$ sudo systemctl restart ufw
$ sudo systemctl restart mariadb.service
$ sudo cp wildcard-domain.com.* /etc/ssl/certs/
$ sudo chmod 440 /etc/ssl/certs/wildcard-domain.com.*
Bear with me, we are going to imitate the mysql_secure_install database modifications.
$ mysql -uroot -p -e "DROP DATABASE IF EXISTS test;"
$ mysql -e "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'db-root-password' WITH GRANT OPTION;"
$ mysql -uroot -pdb-root-password -e "FLUSH PRIVILEGES";
$ mysql -uroot -pdb-root-password -e "GRANT ALL PRIVILEGES ON *.* TO 'root-user'@'127.0.0.1' IDENTIFIED BY 'db-root-password' WITH GRANT OPTION;"
$ mysql -uroot -pdb-root-password -e "GRANT ALL PRIVILEGES ON *.* TO 'root-user'@'::1' IDENTIFIED BY 'db-root-password' WITH GRANT OPTION;"
$ mysql -uroot -pdb-root-password -e "DELETE FROM mysql.user WHERE User='';"
$ mysql -uroot -pdb-root-password -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
$ mysql -uroot -pdb-root-password -e "FLUSH PRIVILEGES;"
$ mysql -uroot-user -pdb-root-password -e "DELETE FROM mysql.user WHERE User='root';"
$ mysql -uroot-user -pdb-root-password -e "CREATE USER 'backup'@'localhost' IDENTIFIED BY 'db-backup-user-password';"
$ mysql -uroot-user -pdb-root-password -e "GRANT SELECT, SHOW VIEW, RELOAD, REPLICATION CLIENT, EVENT, TRIGGER ON *.* TO 'backup-user'@'localhost';"
$ mysql -uroot-user -pdb-root-password -e "FLUSH PRIVILEGES";
$ sudo systemctl restart mariadb.service
Now for the Gitea specific database work we need to complete.
$ mysql -uroot-user -pdb-root-password -e "CREATE DATABASE IF NOT EXISTS gitea CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
$ mysql -u"$root-user" -pdb-root-password -e "GRANT ALL ON gitea.* TO 'gitea-user'@'localhost' IDENTIFIED BY 'gitea-db-password';"
$ mysql -uroot-user -pdb-root-password -e "FLUSH PRIVILEGES;"
$ sudo chown -R git:git /var/lib/gitea
$ sudo chmod 750 /var/lib/gitea
$ sudo mkdir /etc/gitea
$ sudo chown root:git /etc/gitea
$ sudo chmod 770 /etc/gitea
$ sudo mkdir /root/gitea
$ cd /tmp
$ sudo chmod 550 gitea
RUN_USER = root
RUN_MODE = prod
[ui]
DEFAULT_THEME = arc-green
[database]
DB_TYPE = mysql
HOST = 127.0.0.1:3306
NAME = gitea
USER = GITEA_DB_USER
PASSWD = GITEA_DB_PASSWORD
SSL_MODE = disable
CHARSET = utf8mb4
PATH = /usr/local/bin/data/gitea.db
[repository]
ROOT = /root/gitea-repositories
[server]
SSH_DOMAIN = DOMAIN.COM
DOMAIN = DOMAIN.COM
HTTP_PORT = 3000
ROOT_URL = https://DOMAIN.COM:3000/
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = false
LFS_CONTENT_PATH = /usr/local/bin/data/lfs
LFS_JWT_SECRET = GITEA_JWT_SECRET
OFFLINE_MODE = false
PROTOCOL = https
CERT_FILE = /etc/ssl/certs/DOMAIN.COM.crt
KEY_FILE = /etc/ssl/certs/DOMAIN.COM.key
[mailer]
ENABLED = true
HOST = MAILGUN_SMTP_HOST:465
FROM = GITEA_SYSTEM_EMAIL
USER = MAILGUN_SMTP_USER
PASSWD = MAILGUN_SMTP_PASSWORD
IS_TLS_ENABLED = true
[service]
ACTIVE_CODE_LIVE_MINUTES = 1440
RESET_PASSWD_CODE_LIVE_MINUTES = 1440
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = true
REQUIRE_SIGNIN_VIEW = true
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply
[security]
INTERNAL_TOKEN = GITEA_INTERNAL_TOKEN
INSTALL_LOCK = true
SECRET_KEY = GITEA_SECRET_KEY
LOGIN_REMEMBER_DAYS = 7
COOKIE_USERNAME = gitea_awesome
COOKIE_REMEMBER_NAME = gitea_incredible
MIN_PASSWORD_LENGTH = 8
IMPORT_LOCAL_PATHS = false
DISABLE_GIT_HOOKS = false
PASSWORD_HASH_ALGO = pbkdf2
CSRF_COOKIE_HTTP_ONLY = true
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[oauth2]
JWT_SECRET=GITEA_JWT_SECRET
[session]
PROVIDER = file
[log]
MODE = file
LEVEL = info
ROOT_PATH = /usr/local/bin/log
We are ready to mimic the last of the install processes kicked off by the GUI install. The benevolent Gitea developers have blessed us with a little script we can run from the command line. Bless you Gitea devs!
Now to create a service to manage Gitea and start it at boot.
$ sudo touch /etc/systemd/system/gitea.service
Use your favorite editor (nano, vi, emacs...) to put the following configuration into /etc/systemd/system/gitea.service .
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target
#Requires=mysql.service
Requires=mariadb.service
#Requires=postgresql.service
#Requires=memcached.service
#Requires=redis.service
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=root
Group=root
ExecStart=/usr/local/bin/gitea web
Restart=always
Environment=USER=root HOME=/root/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
Lastly, what we do is enable and start the service with the following commands.
$ sudo systemctl enable gitea
$ sudo systemctl start gitea
That should more or less do it. Navigate to https://domain.com:3000/ to see your handiwork...
(The reason I left my installation listening on port 3000 is because I usually have a whole network reverse proxy running and using the SNI hostname on port 443 to direct the proper web traffic to each host.)