Ubuntu 18.04 Netplan!

This was unexpected, but I think I’m coping well. These are my notes on configuring netplan networking on my Ubuntu 18.04 server.

  1. systemctl disable NetworkManager.service NetworkManager-wait-online.service
  2. systemctl mask NetworkManager-wait-online.service
  3. systemctl daemon-reload
  4. apt install bridge-utils -y
  5. edit /etc/udev/rules.d/70-net.rules
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="c8:70:00:9f:d7:72", NAME="eth0"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:60", NAME="eth1"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:61", NAME="eth2"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:62", NAME="eth3"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", ATTR{address}=="00:e2:ed:17:09:63", NAME="eth4"
  6. edit /etc/netplan/01-netcfg.yaml
      version: 2
      renderer: networkd
          dhcp4: no
          dhcp6: no
          dhcp4: no
          dhcp6: no
          dhcp4: no
          dhcp6: no
          dhcp4: no
          dhcp6: no
          dhcp4: no
          dhcp6: no
          dhcp4: yes
          dhcp6: no
             - eth0
             -  to:
                on-link: true
          dhcp4: no
          dhcp6: no
          addresses: []
             - eth1
          dhcp4: no
          dhcp6: no
          addresses: []
             - eth2
          dhcp4: no
          dhcp6: no
          addresses: []
             - eth3
          dhcp4: no
          dhcp6: no
          addresses: []
             - eth4
  7. sudo netplan generate
  8. sudo netplan apply
  9. reboot

Without my eth1-eth4 devices plugged into a switch, rebooting takes forever.


Pulling 200 Feet of Cable

We wrapped five 200 foot segments of the direct burial line back onto the original spool so we could tape them all together. The paint cans are ballast to keep the spool from sliding around.

Our first pull attempt was thwarted by friction. We yanked it back and greased the nose of the cable and it went through well.

The cables then had to be completely un-spooled again, the opposite end taped, and then pushed through three more short conduit runs. It comes out of the wall in the sound room of the sanctuary.

Dinner Table Network Lab

Because I needed to document my Vlan setup, of course. Serial cable swapped between an OPNsense firewall and a Fedora box. Verified that I don’t have to set Vlans on the host ports to hand out multiple DHCP domains. It does hog switch ports, tho.

Made it Fit

This is a Digium card, clearly intended for a 1U or ATX case. One of my goals is to reduce the number of high speed fans in the lab, so I repurposed my Lanner chassis. Using a typical twist drill bit is a poor choice for the job of an end mill, but it came out ok when I put a rotary steel brush to the aluminum plate.


Soldered new cabling


Heat shrinked cable ends fit nicely

Thoughts on Media Hosting

If the recordings are licensed in the public domain, out of copyright, or creative commons, archive.org provides free audio hosting. http://archive.org/about/faqs.php#224

All of the services listed are not a substitute for an offline cold backup, just a reminder. Site content on Amazon or YouTube can disappear because of copyright dispute claims or policy conflicts like Terms of Service violation or other arbitrary policy changes.

Commercial podcast hosting appears to be tiered by upload amount per month; this is a comparison: https://www.thepodcasthost.com/websites-hosting/best-podcast-hosting/

The advantages of some podcast hosting services is that they might have automatically generated RSS feed services, and might provide integration with other podcast syndicators such as rdio.com or stitcher.com. No particular service is better than others at iTunes integration because iirc, iTunes plays by its own rules.

Moving podcast hosting often involves altering podcast feeds which can alter the subscribers content (like flood it with hundreds of ‘unread/new’ items), or make it appear to have stopped updating altogether. It definitely takes some homework to prepare for a move.

Hosting videos can also be done on vimeo.com or anything that hosts files. Video hosting services typically differentiate themselves by their online players (mobile friendly vs High Definition).

Live streaming services are available from both YouTube, vimeo.com, or other services like ScaleEngine.com or Twich. Converting a live stream to a hosted video takes forethought to record the video, sometimes on a separate device.

Robocopy Notes

Install cmder: It’s the nicest shell I’ve seen for windows. Run your console as Administrator. Otherwise you can’t use the /B backup switch. Also rember you need to do a net use command as administrator.

Before you robocopy stuff, setup a dedicated drive letter. The drive letter is only available to the logged in session. So if you have drive p: for Bob, and then you boost your console to Administrator–no more drive p: ! So dont use the users drive mappings: create admin drive mappings.

net use p: \\nas02\backup\ "secret" /user:bob /persistent:yes

Remember to type the password with “double quotes” and not ‘single quotes’. If you type single quotes you may as well be typing capital Xes: they become part of your password.

The net use command to see if you already have a drive share. Close any File Explorer windows open to that server becuase that’s equivalent of have a net use $d /user:anonymous open at the same time, and windows wont cooperate. Mount the directory

There are a lot of switches. We’ll assume a C:\Users directory.

C:\Users\bob> mkdir c:\temp
C:\Users\bob> cd C:\Users
C:\Users> robocopy bob P:\bu-bob\ /mir /ZB /FFT /XA:SH /W:5 /R:2 /dcopy:T ^
 /XJ /XD "Temp*" "cache2" "temporary internet files" "*cache*" /NFL

First try the command without the /LOG switch. The command goes faster with the LOG turned on, do that later. /XF is a pattern to exclude files. Example log option: /LOG:C:\temp\bu.txt. The /NFL will show directories. not files.

The /MT flag is useful, but it prohibits logging, not available on Vista. The /XJ flag should be default, but sadly–no. Juntion points create these really frustrating backup path loops. Use /XJ!

Recent Samba Tips

I’ve been having some difficulty with old systems brought up to recent patch levels sharing directories. Some of these settings in smb.cnf have helped me out:

security = user
ntlm auth = yes
debug level = 8
min protocol = SMB2

FreeNAS: Installing Dovecot

Various notes on installing dovecot on FreeNAS 11. I understand this has no dovecot security applied. This is a tutorial for a LAN lab environment.

    1. If the FreeNAS is a VM, make sure the virtual network adapter permits permiscuous mode. This allows jails to network.
    2. Create dataset.
    3. Adjust Jails Setting, disable DHCP fn-jails
    4. Create a jail with an IP address and allow.raw_sockets=true. This allows ping. Make sure that VIMAGE is unselected.fn-jail1fn-jail2
    5. Add storage to jail. Both /usr/ports and /mnt/pool/jails/foo.
    6. Install vim:
      1. jls
      2. sudo jexec foo sh
      3. # cd /usr/ports/editors/vim
      4. make install
    7. Update pkg metadata for jail
      1. # pkg update
    8. Install screen, dovecot from package
      1. # pkg install dovecot
      2. # pkg install screen
    9. Edit dovecot stuff
    10. Message from dovecot-
      You must create the configuration files yourself. Copy them over
      to /usr/local/etc/dovecot and edit them as desired:
      cp -R /usr/local/etc/dovecot/example-config/* \
      The default configuration includes IMAP and POP3 services, will
      authenticate users agains the system's passwd file, and will use
      the default /var/mail/$USER mbox files.
      Next, enable dovecot in /etc/rc.conf:
      To avoid a risk of mailbox corruption, do not enable the
      security.bsd.see_other_uids or .see_other_guids sysctls if Dovecot
      is storing mail for multiple concurrent users (PR 218392).
      If you want to be able to search within attachments using the
      decode2text plugin, you'll need to install textproc/catdoc, and
      one of graphics/xpdf or graphics/poppler-utils.
    11. We’ll skip the imap search features for now
    12. Let’s create a user inside this jail
      1. adduser, nologin, use a password
    13. Verify /var/mail/kathy exists
    14. Check in on QuickConfiguration
    15. in /usr/local/etc/dovecot…
      1. should be using conf.d/auth-system
      2. conf.d/10-auth: disable_plaintext = no
    16. /etc/pam.d
      1. create dovecot:
      2. auth    required        pam_unix.so
        account required        pam_unix.so
    17. conf.d/10-mail.conf : mail_location = maildir:~/Maildir
    18. 10-master.conf: comment out pop3
    19. 10-ssl.conf : ssl=no
    20. in ../dovecot.conf: remove ‘::’ as interface to listen on
    21. # service dovecot restart
    22. Now attempt to hit it with thunderbird, use configs like this:fn-tbird-imap

Next is Outlook

Follow these directions on adding a IMAP account to Outlook.

If it’s really old, microsoft suggests this article.