Installing tox on Manjaro i3

Tox is an open source secure alternative to the likes of Skype. To install it, you need to install the core package and one of the available GUIs.  You can compare some of the available clients here but personally I like qtox. The below will pull in the required dependencies.

sudo pacman -Sy qtox

If you want the latest Git version, you can install qtox-git from the AUR.

yaourt -S qtox-git

Make sure you run that as a regular user – not root.  This pulls in the core package from the ABS repository also.

To add a contact, you will need their Tox ID – which looks like this:

56A1ADE4B65B86BCD51CC73E2CD4E542179F47959FE3E0E21B4B0ACDADE51855D34D34D37CB5

If that is a bit too annoying for you, you can use a free ToxDNS provider, such as utox.org. This will give you a “username@utox.org” address to give your people.

How to Safely Reduce the Size of a Logical Volume

Do not attempt to shrink a volume if the partition is mounted!  Always unmount first! If it is the root volume you need to reduce in size, use a Live DVD/USB instead. You should also take a backup first too 😉

So here we can see I have one Physical Volume, /dev/md0, attached to my one volume group, RAIDVG.

[andy@home-pc ~]$ sudo pvs
  PV         VG     Fmt  Attr PSize PFree
  /dev/md0   RAIDVG lvm2 a--  1.91t    0

We can also see there is zero space left on the volume group.  You can use sudo pvdisplay to see a more detailed output.

As we can see, all this space is being used up by two Logical Volumes.

[andy@home-pc ~]$ sudo lvs
  LV        VG     Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  MediaLV   RAIDVG -wi-ao----   1.32t                                                    
  StorageLV RAIDVG -wi-ao---- 600.00g

I can see the filesystem reports I have 664G available.  I am going to play it nice and safe and only attempt to reduce the size of my LV by 400G.

[andy@home-pc ~]$ sudo df -h /dev/RAIDVG/MediaLV 
Filesystem                  Size  Used Avail Use% Mounted on
/dev/mapper/RAIDVG-MediaLV  1.4T  603G  664G  48% /plex

Don’t forget to unmount!

[andy@home-pc ~]$ sudo umount -v /dev/RAIDVG/MediaLV
umount: /plex (/dev/mapper/RAIDVG-MediaLV) unmounted

Check for potential issues.

[andy@home-pc ~]$ sudo e2fsck -f /dev/RAIDVG/MediaLV
e2fsck 1.43.4 (31-Jan-2017)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
/dev/RAIDVG/MediaLV: 35668/88866816 files (11.1% non-contiguous), 163854225/355446784 blocks

It is very important that you run the --reseizefs operand at the same time.

[andy@home-pc ~]$ sudo lvreduce -L -400G /dev/RAIDVG/MediaLV --resizefs
fsck from util-linux 2.29.2
/dev/mapper/RAIDVG-MediaLV: clean, 35668/88866816 files, 163854225/355446784 blocks
resize2fs 1.43.4 (31-Jan-2017)
Resizing the filesystem on /dev/mapper/RAIDVG-MediaLV to 250589184 (4k) blocks.
The filesystem on /dev/mapper/RAIDVG-MediaLV is now 250589184 (4k) blocks long.

  Size of logical volume RAIDVG/MediaLV changed from 1.32 TiB (347116 extents) to 955.92 GiB (244716 extents).
  Logical volume RAIDVG/MediaLV successfully resized.

Note the (minus) -400G. This means reduce by 400G. If I had used 400G instead, LVM would have made the LV 400G, reducing it from 1.3T.  I would have lost over 200G of actual data. Ouch!

And finally I now have 400G available in my VG.

[andy@home-pc ~]$ sudo pvs
  PV         VG     Fmt  Attr PSize PFree  
  /dev/md0   RAIDVG lvm2 a--  1.91t 400.00g

Be careful and remember to take a backup!

mkpasswd

The other day I couldn’t remember what package provided the mkpasswd binary…..

yum whatprovides */mkpasswd
yum install expect
mkpasswd -l 12

The above creates a password of length 12 with two uppercase letters, two numbers and one special character.

Windows 7 QEMU Guest

Check your kernel was compiled with support.

zgrep CONFIG_KVM /proc/config.gz
zgrep VIRTIO /proc/config.gz

Check the kvm and virtio kernel modules are loaded.

lsmod | grep kvm
lsmod | grep virtio

I needed to manually load the virtio module:

sudo modprobe virtio

To automatically load the virtio module at boot:

echo "virtio" >> /etc/modules-load.d/virtio.conf

Reboot and check again:

lsmod | egrep 'virtio|kvm'

Install qemu. I also installed qemu-launcher – a GUI front-end.

sudo pacman -S qemu qemu-launcher

Create a working directory:

mkdir vms
cd vms

Create a virtual hard drive the the Windows installation.

qemu-img create -f qcow2 windows.qcow2 40G

Prepare the installation medium. I inserted a Windows 7 installation DVD and created an ISO locally.

sudo dd if=/dev/sr0 of=en-windows-7-professional-x64-dvd.iso

To launch into the Windows installation:

qemu-system-x86_64 -enable-kvm -m 4096 -cdrom en-windows-7-professional-x64-dvd.iso -boot d windows.qcow2

Once installed you don’t need to attach the ISO:

qemu-system-x86_64 -enable-kvm -m 4096 -boot d windows.qcow2 

Update and upgrade to Windows 10 😉

Resources

https://wiki.archlinux.org/index.php/QEMU

https://www.reddit.com/r/archlinux/comments/1fg3y9/guide_to_running_windows_7_in_qemu/

Spotify on Manjaro i3

Spotify is available from the AUR.

Install

yaourt -S spotify

To play local file you will need to also install ffmpeg.

yaourt -S ffmpeg0.10

Issues

For some (currently) unknown reason, launching Spotify crashes when I login. The only fix I have found so far is to change the scale factor from the default 1 to something else. You can do that by launching it at the command line:

spotify --force-device-scale-factor=2

To make this permanent, edit /usr/share/applications/spotify.desktop.

[Desktop Entry]
Name=Spotify
GenericName=Music Player
Comment=Spotify streaming music client
Icon=spotify-client
Exec=spotify --force-device-scale-factor=2
TryExec=spotify
Terminal=false
Type=Application
Categories=Audio;Music;Player;AudioVideo;
MimeType=x-scheme-handler/spotify;

Resources

https://wiki.archlinux.org/index.php/spotify

Installing Ansible on Ubuntu 14.04 LTS

Take a look at the official installation guide. The simplest way to install Ansible on Ubuntu is add the PPA repository and install via apt-get.

If not already installed, you will need the software-properties-common package.

sudo apt-get install software-properties-common

Then add the repository and install ansible.

sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

Presumably you’ve already got an external server that you want to configure with Ansible. You will need SSH access, and if you’ve not already done so, you’re gonna want to setup key-based authentication. Assuming you’ve done that, you can test things are working with:

su -
mv -v /etc/ansible/hosts{,.original}
echo 134.213.48.162 > /etc/ansible/hosts
exit

I also need to tell ansible to connect as the root user.

sudo mkdir /etc/ansible/group_vars
sudo vim /etc/ansible/group_vars/all

Enter the following. The three dashes at the top indicate this is a yaml file.

---
ansible_ssh_user: root

You should now be able to test with the following.

ansible -m ping all

You should see output similar to the below if all went well.

andy@bastion:~$ ansible -m ping all
134.213.48.162 | success >> {
"changed": false,
"ping": "pong"
}

X2Go on Ubuntu Server 14.04

In a previous post, I talked about my experience using X2Go with XFCE4 and Lubuntu.

XFCE4 via X2Go

Here is how it was achieved…..

On the Server

Here I’m using Ubuntu 14.04 LTS but you can install X2Go on just about any Linux distro.

Create a User Account

Create a regular user to run the desktop session under.

sudo useradd -m -s /bin/bash andrew
sudo passwd andrew

For your own sanity, I recommend you setup password-less key-based authentication as soon as possible……go, do it now!

Configure SSH

Open the main configuration file for the OpenSSH daemon process.

sudo vim /etc/ssh/sshd_config

Ensure X11 forwarding is enabled.


X11Forwarding yes

Don’t forget to test for configuration errors and restart the SSH service.

sudo sshd -t
sudo service ssh restart

Install Lightweight Desktop Environment

Both Lubuntu and XFCE4 work well, out-the-box with X2go. I installed both side-by-side for testing and both worked well together. You can even pause/suspend your Lubuntu or XFCE4 session and come back to it another time.

For XFCE4

sudo apt-get install xfce4

Note, for some reason you will also need to install the following packages or you will have missing icons.

sudo apt-get install gnome-icon-theme-full tango-icon-theme

For Lubuntu

sudo apt-get install lubuntu-desktop

Along with (a load of) other packages, you will now have XOrg installed. This means, as long as X11 forwarding has been enabled on the client side of the SSH connection, you can now test X11 with a program like firefox if you have it installed already.

Install X2Go Server Software

Install the repository package if it’s not already installed.

sudo apt-get install software-properties-common

Add the X2Go repository and install packages. If using Ubuntu 10.04 or 12.04, install python-software-properties instead of the software-properties-common package.

sudo add-apt-repository ppa:x2go/stable
sudo apt-get update
sudo apt-get install x2goserver x2goserver-xsession

For information about other distributions, see the X2Go server installation page.

DE Bindings

If you installed Lubuntu, you may want to install the following package for Desktop Environment bindings. I don’t believe there is currently a desktop bindings package for XFCE4.

sudo apt-get install x2golxdebindings

This is probably a good place to reboot if like me you’ve installed a lot of new packages.

On the Client

Again, you can install the client on just about anything – including Windows! Here I am using Manjaro i3 Community Linux.

sudo pacman -S x2goclient

X2Go also has some other clients that look useful – like a Python one for example.

SSH Client Configuration

Make sure you have at least ForwardX11 yes in /etc/ssh/ssh_config or ~/.ssh/config.


Host *
  ForwardX11 yes
  ForwardX11Trusted yes

Test X11 Forwarding

You can test that X11 is being forwarded correctly by using SSH to log onto the remove server, from your local Linux desktop, and and issue the following.

andrew@loader:~$ firefox &
[1] 2257

You might also want to setup password-less SSH key-based authentication if you’ve not done so already.

Create Sessions

For Lubuntu, select Custom Desktop and enter the below for the command.

lxsession -e LXDE -s Lubuntu

For XFCE4, you can just select XFCE.

Lubuntu XFCE4

I’m using the i3wm – I found the best result in appearance using the Use whole display option under the Input/Output tab, and then select the display (monitor) you want to use.

i3wm compatible

Resources

https://wiki.archlinux.org/index.php/X2Go
https://www.howtoforge.com/tutorial/x2go-server-ubuntu-14-04/
http://wiki.x2go.org/doku.php/doc:installation:x2goserver
https://bugs.launchpad.net/ubuntu/+source/lubuntu-default-settings/+bug/1241958
http://ubuntuforums.org/showthread.php?t=2228137

Minimal Desktop Environment over SSH

So I wanted to install a Java desktop application and have it publicly available on a server somewhere. Using a light weight desktop environment on one of my cloud servers made sense – provided that is, I could find something reasonably secure.

I came across X2Go and decided to give it a try on one of my Rackspace cloud servers. I used a 2 GB General Purpose v1 server and was surprised at how low the resource usage was – and consequentially how quick and responsive it all felt.

X2Go is a remote desktop tool that uses the NX technology protocol and operates entirely over a secure SSH connection. Using SSH keys makes the process of logging in pretty painless too!

I’m using Ubuntu 14.04 LTS for the OS, on the server and Manjaro i3 community edition on my local desktop, as the client. On the server I tried both XFCE4 and Lubuntu as the Desktop Environments.

Lubuntu via X2Go

Personally I think I prefer XFCE4 as it was slightly easier to install and lightning quick to use. When I used Lubuntu, the start menu could take a while (like a minute!) to load. Once it had loaded though, it too was lightning quick. And to be fair to Lubuntu, I didn’t really look into it much further.

XFCE4 using X2Go

As a note to my future self, here’s what you need to do.

Rackspace DNS

Log into the Rackspace cloud control panel and click on on the DNS tab at the top of the screen.

Create Domain

Then click on Create Domain, fill out the details, and click Create Domain again to complete.

Create Zone

And that’s it! You have created a zone file for your domain.

Now we need to add a DNS record. You can do this by clicking Actions --> Add DNS Record... or simply click Add Record.

Create an A Record
Create an A Record

Here we create an A Record. Now all requests for pikedom.com will resolve to the IP address of my web server. I also create an CNAME Record so that www.pikedom.com points to pikedom.com.

Create CNAME Record
Create CNAME Record

Now our simple zone file is complete and people should be able to easily find your site.

All Records

Now all we need to do is change the name servers that are responsible for managing your DNS. That means logging into the control panel of your domain name registrar (the people you leave your domain name from) and change the name servers for your domain to the below. For example, if you lease your domain name through GoDaddy.com, then you need to log into their control panel and repoint your name servers.

– dns1.stabletransit.com
– dns2.stabletransit.com

Once you have repointed your name servers, the changes can take some time to propagate around the world. You can get an idea of the current state by navigating to www.whatsmydns.net and searching for an A Record for your domain.

Whats My DNS

Here you can see the changes have currently only been picked up in some parts of South East Asia.

OSMC PPTP Client Configuration

My parents are retired and have a house in France where they live for about three months of the year. Like most people in the UK, they watch a lot of TV and are big users of the BBC iPlayer. This is a problem when they’re in France as the BBC uses GeoLocation authentication. Simply put, this means they block all connections coming from a non-UK IP address.

One solution to this problem is to route there internet traffic through a Virtual Private Network (VPN). You could host your own VPN, or you could simply subscribe to one of many VPN providers out there. Here I am trying iPortal.

iPortal VPN Connection Details

iPortal supports two protocols for tunnelling – PPTP and L2TP. Unfortunately this means that they do not support OpenVPN.

Here you will need to get your VPN connection details to hand. iPortal only requires a username and password. Other providers may also require you to provide a domain.

Username Password
me@andrewpike.co.uk kw3VX5uigjgf

Here I will be following this as a guide and configuring the client to use PPTP. I am using a Raspberry Pi with the OSMC as the OS.

Install and Configure PPTP Client

First we will need to install the pptp-linux package.

sudo apt-get update
sudo apt-get install pptp-linux

The PPTP configuration file is /etc/ppp/options.pptp. Use a text editor (nano) to edit the file if necessary.

nano /etc/ppp/options.pptp

…and add the following lines if not already present.

lock
noauth
nobsdcomp
nodeflate

You can use egrep to check, as I do below.

egrep "lock|noauth|nobsdcomp|nodeflate" /etc/ppp/options.pptp
lock
noauth
nobsdcomp
nodeflate

You now need to add your username, password and domain (if your providers gave you one) to the chap-secrets file, located in /etc/ppp/. Some provides also require you to specify a domain here – but not iPortal.

sudo nano /etc/ppp/chap-secrets

The format for entering these details are as shown below.

<DOMAIN>\\<USERNAME> PPTP <PASSWORD> *

My configuration file simply has the following entry. If you’re using iPortal, your username is normally your email address.


me@andrewpike.co.uk PPTP kw3VX5uigjgf *

Now create a file in /etc/ppp/peers. The name is not important.

sudo nano /etc/ppp/peers/iPortal

Now enter your connection details again like so. You may need to find out the host server name (connect2iportal.co.uk) from your provider. Name, is your your username. Remember to prepend the domain (\\somedomain.com) if required.

pty "pptp connect2iportal.co.uk --nolaunchpppd"
name me@andrewpike.co.uk
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam iPortal

The ipparam is the name of your VPN connection. This should be the same name of the file you recreated earlier in /etc/ppp/peers. Some providers may require “require-mppe” in place of “require-mppe-128“.

Test Connection

To test, use the pon command followed by the name of your VPN connection. The other information is useful for debugging connection issues.

sudo pon iPortal debug dump logfd 2 nodetach

A successful connection should look something like:

osmc@osmc:~$ sudo pon iPortal debug dump logfd 2 nodetach
pppd options in effect:
debug           # (from command line)
nodetach                # (from command line)
logfd 2         # (from command line)
dump            # (from command line)
noauth          # (from /etc/ppp/options.pptp)
refuse-pap              # (from /etc/ppp/options.pptp)
refuse-chap             # (from /etc/ppp/options.pptp)
refuse-mschap           # (from /etc/ppp/options.pptp)
refuse-eap              # (from /etc/ppp/options.pptp)
name cypike@btconnect.com               # (from /etc/ppp/peers/iPortal)
remotename PPTP         # (from /etc/ppp/peers/iPortal)
                # (from /etc/ppp/options.pptp)
pty pptp connect2iportal.co.uk --nolaunchpppd           # (from /etc/ppp/peers/iPortal)
crtscts         # (from /etc/ppp/options)
                # (from /etc/ppp/options)
asyncmap 0              # (from /etc/ppp/options)
lcp-echo-failure 4              # (from /etc/ppp/options)
lcp-echo-interval 30            # (from /etc/ppp/options)
hide-password           # (from /etc/ppp/options)
ipparam iPortal         # (from /etc/ppp/peers/iPortal)
nobsdcomp               # (from /etc/ppp/options.pptp)
nodeflate               # (from /etc/ppp/options.pptp)
require-mppe-128                # (from /etc/ppp/peers/iPortal)
noipx           # (from /etc/ppp/options)
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0xfc34bc4b]
rcvd [CHAP Challenge id=0x0 <8adc771b8bafde36f1ef9dd9bc3253c1>, name = "SERVER5955"]
added response cache entry 0
sent [CHAP Response id=0x0 <aa362ea5ed92909ba0a813f6ba6b358f0000000000000000b0c4dc10e810cc54a48717df07a15846da629c63d8b9ce3d00>, name = "me@andrewpike.co.uk"]
rcvd [LCP EchoRep id=0x0 magic=0x72c91c98]
rcvd [CHAP Success id=0x0 "S=B4453B93CA28DC23F07704FE63A06DB0AE569B1E"]
response found in cache (entry 0)
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr 10.0.102.1>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 10.0.102.5>]
sent [IPCP ConfReq id=0x3 <addr 10.0.102.5>]
rcvd [IPCP ConfAck id=0x3 <addr 10.0.102.5>]
rcvd [IPCP ConfReq id=0x7 <addr 10.0.102.1>]
sent [IPCP ConfAck id=0x7 <addr 10.0.102.1>]
local  IP address 10.0.102.5
remote IP address 10.0.102.1
Script /etc/ppp/ip-up started (pid 653)
Script /etc/ppp/ip-up finished (pid 653), status = 0x0

To stop it, use Ctrl + C or the below command from anther terminal.

sudo poff iPortal

Route Traffic Through VPN

Once you have successfully connected to your VPN provider, you now need to route your traffic through it. Before doing that, you might want to make a note of your public IP address first. You can do this from the command line with the curl command. This should return the IP address of your ISP.

osmc@osmc:~$ curl -4 icanhazip.com
86.151.208.153

Now reconnect to your VPN with the following command.

sudo pon iPortal

Wait a few seconds and then route your traffic through the VPN.

sudo route add default dev ppp0

Now check your public IP address again. If all when well – it should now be the IP address of your VPN provider!

osmc@osmc:~$ curl -4 icanhazip.com
72.98.247.13

Your VPN is now working!

Automation

Now we have to automate the process. I created two scripts with 755 permissions

osmc@osmc:/myscripts$ ls -l
total 8
-rwxrwxr-x 1 osmc osmc 134 Aug 12 21:01 iPortal_connect.sh
-rwxrwxr-x 1 osmc osmc 114 Aug 12 21:01 iPortal_disconnect.sh

The iPortal_connect.sh file looks like the following.

#!/bin/bash

sudo pon iPortal
sleep 10
sudo route add default dev ppp0
echo "VPN Connected: $(curl --silent -4 http://icanhazip.com)"

And the iPortal_disconnect.sh looks like.

#!/bin/bash

sudo poff iPortal
sleep 2
IP="$(curl --silent -4 http://icanhazip.com)"
echo "VPN Disconnected: $IP"

Here’s the output from executing these scripts.

osmc@osmc:/myscripts$ ./iPortal_connect.sh
VPN Connected: 72.98.247.13
osmc@osmc:/myscripts$ ./iPortal_disconnect.sh
VPN Disconnected: 86.151.208.153

Launch Scripts from within OSMC

The guide I’m following uses the Advanced Launcher plugin for OSMC. Sadly it was at this point that I realised that Advanced Launcher seems to have died a horrible death and is not available any more! I will need to do a bit more research on this one it looks like – I don’t think my folks will be SSH’ing into the Pi to execute a script each time they want to watch the news lol!!!

Related Documents

http://www.iportal.me/

iPortal VPN Review

http://forum.osmc.tv/showthread.php?tid=1754

https://wiki.archlinux.org/index.php/PPTP_VPN_client_setup_with_pptpclient

https://github.com/Angelscry/plugin.program.advanced.launcher