sysadmin notes

Personal notes on frequently-used sysadmin gists. They are generally gathered from the world-wide-web. I’ll attribute the sources as best as I can.

This doc is generated using pandoc -t html4 -o index.html sysadmin.md from source sysadmin.md.

The permanent link for this document is https://ftp.yuuta.moe/sysadmin-notes/

EdgeOS: DNS forwarding options causes DHCP server not listening (2023-11-01)

The service dns forwarding listen-on option on EdgeOS writes interface= options to /etc/dnsmasq.conf. It also affects dnsmasq DHCP server.

Not sure how it looks like on other Vyatta operating systems.

systemd-udev: Rename NIC based on MAC

SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="", NAME=""

udevadm control --reload
udevadm trigger
# Required for new name to work
# https://alwaystinkering.wordpress.com/2016/05/15/udev-network-interface-renaming-with-no-reboot/
systemctl restart systemd-udev-trigger.service

Caddy: Site (Host) not recognized and return default action

Check if your Caddyfile looks like: site.domain.tld{$. Caddy mandates a space or newline before {. Thus, change it to site.domain.tld {.

OpenSSL: Generate CSR

[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext

# https://github.com/openssl/openssl/issues/3536#issuecomment-306520579
prompt = no

[req_distinguished_name]
countryName                     = CA
stateOrProvinceName             = British Columbia
localityName                    = Vancouver
organizationalUnitName          = IT
commonName                      = access.home.yuuta.moe
emailAddress                    = yuuta@yuuta.moe

[req_ext]
subjectAltName = @alt_names

[alt_names]
DNS.1 = access.home.yuuta.moe

openssl req -new -key openvpn.key -out openvpn.csr -config ./openvpn.csr.cnf

OpenSSL: Generate keypairs for various algorithms

RSA Private Key: openssl genrsa -out key 2048

RSA Public Key: openssl rsa -in key -pubout -out pub

ECC Private Key: openssl ecparam -name P-256 -genkey -out key

ECC Public Key: openssl ec -in key -pubout -out pub

cURL: Send electronic mail

cat <<EOF | curl smtps://smtp.yuuta.moe \
        --mail-from yuuta@yuuta.moe \
        --user yuuta \
        --mail-rcpt local@domain.tld \
        --upload-file /dev/stdin
From: Yuuta Liang <yuuta@yuuta.moe>
To: Who Am I <local@domain.tld>
Subject: PGP Encrypted Message
Date: Tue, 1 Aug 2023 22:15:00


EOF

acme.sh: CloudFlare DNS API wrapper script

#!/bin/sh
set -e
export CF_Token=""
export CF_Account_ID=""
export CF_Zone_ID=""
exec acme.sh --server letsencrypt --home /var/lib/acme/.acme.sh/ --dns dns_cf "$@"

systemd: Useful systemctl(1) commands

systemctl reboot --firmware-setup
systemctl edit unit
systemctl cat unit # View unit file and override files, separately
systemctl show unit # View the final unit configuration

sssd: AD + sudoers

cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
domains = ad.yuuta.moe
services = nss, pam, sudo

[domain/ad.yuuta.moe]
cache_credentials = true

id_provider = ad
auth_provider = ad
access_provider = ad
sudo_provider = ad

default_shell = /bin/bash
fallback_homedir = /home/%u

# use_fully_qualified_names = True

ad_gpo_map_permit = +dovecot, +radicale, +smtpd

ldap_sudo_search_base = ou=sudoers,dc=ad,dc=yuuta,dc=moe