Mar 112017

Still playing with Solus OS, and liking it more and more. The eopkg repository of software is a little thin in comparison to the likes of Debian-based apt-get and Arch’s AUR, but most of the things I want are there. And if they are not there I am thinking maybe I should review my needs… I am in the process of planning for a life without OS X/MacOS after all, so a prefect time for reflection. This is also part of the reason I am attracted to Solus… because not everything is there, and because not everything is answered by a quick google search, I have to take some effort to actually find things out again. Some nostalgia there.



Librevault is… “transfers data directly from one device to another. You can use it in your local network, and it will work even without Internet access.” So not exactly cloud storage. In fact not even close to that. So why do I think I need it? I don’t. But I wont know until I try. Chances are I can get away with continuing with Dropbox, but since I am working on a major change of OS I might as well kinda think about previous tools and workflows and so on. Anyway there is no librevault in the Solus repository. Compiling time!

Not to flog a dead horse, but what follows is what worked for me, soup to nuts. Playing with librevault will have to wait a few days, cause the weather is awesome and I’ve a potato patch to dig out of raw sod up the orchard, Besides rclone and Google drive are working for what I need *at the moment*… and all that is, is, primarily, syncing files from the MacOS partition to the Solus partition. Google drive will have to go though when the time is right.

$ sudo eopkg it -c system.devel
$ sudo eopkg it cryptopp-devel libboost-devel libicu-devel openssl-devel protobuf-devel
$ sudo eopkg it qca-qt5 qt5-base-devel qt5-svg-devel qt5-tools-devel qt5-websockets-devel

$ mkdir ~/usr/src
$ cd ~/usr/src
$ git clone
$ cd librevault && git submodule update --init
$ mkdir build && cd build
# $ cmake .. && cmake --build .
$ cmake --pthread .. && cmake --pthread --build .
$ sudo make install

Install the project…
— Install configuration: “RelWithDebInfo”
— Installing: /usr/local/bin/librevault-daemon
— Installing: /usr/local/bin/librevault-gui
— Installing: /usr/local/share/applications/Librevault.desktop
— Installing: /usr/local/share/icons/hicolor/scalable/apps/librevault.svg
— Installing: /usr/local/bin/librevault-cli

Now, do I go to the trouble of packaging this? Other’s who better know what they are doing in this area will prolly get it done soon enough, but why not give it a shot, eh? If I am going to be living with Solus I might as well get to know her a little better.

Mar 072017


I feel that after ten years I can no longer countenance the purchase of a new Apple laptop should my existing machine shit the bed. All that nonsense associated with the race to thinness and the resultant lack of expandability of the newer machines, where everything is soldered or glued into place, has me pretty upset. Oh, and the OS itself has been getting more annoying with each release since Snow Leopard. So I am planning for a day without OS X/ MacOS. After a few distro trials (ongoing) I’ve come down to:

Linux Mint 18.1

Solus OS

True OS

 With the thinking that Solus will be “The One”.

Problem: iPhone 5, iOS: 10.2.1 (14D27) will not mount under Solus OS.

iPhones, generally, used to mount fine prior to the iOS 10 release. The developers of


have rectified this, but many down stream distos have not quite caught up. Solution is to build oneself. Or wait. I didn’t want to wait…. in large part because Solus’s packaging system eopkg is completely rewritten and not based on AUR or apt-get I wanted to get to poke around it some more.

My hand-compiling of this is probably moot since Solus, being a rolling release, will eventually catch up. It probably will have by the time any reads this.

$ sudo eopkg it -c system.devel git
$ sudo eopkg it -c libtool pkg-config python-devel ibplist-devel libusb-devel fuse-devel

$ mkdir -p ~/usr/src
$ cd ~/usr/src

$ for x in libusbmuxd usbmuxd  ifuse; do git clone${x}.git;done

$ cd ~/usr/src/libusbmuxd
$ ./ --prefix="$HOME/usr"
$ make && make install

$ cd ~/usr/src/libimobiledevice
$ ./ --prefix="$HOME/usr"
$ make && make install

$ cd ~/usr/src/usbmuxd
$ ./ --prefix="$HOME/usr"
$ make && sudo make install

$ cd ~/usr/src/ifuse
$ ./ --prefix="$HOME/usr"
$ make && make install

$ mkdir -p ~/usr/mnt
$ ~idevice_id -l
$ ~/usr/bin/idevicepair pair

$ nautilus &
$ ls $ ls ~/usr/mnt/

All the real work was done by someone else (isn’t it always?), here: … 33c259a0fc

Mar 032012

Add MX records (A and AAAA) to zone file for at HE
Primary files involved:

  • /etc/postfix/
  • /etc/postfix/sasl/smtpd.conf
  • /etc/postfix/sasl/smtpd.conf


  • /etc/init.d/postfix restart
  • /etc/init.d/saslauthd start
  • /etc/init.d/dovecot restart

POSTFIX (send)

$ sudo apt-get update
$ sudoapt-get install postfix
$dpkg-reconfigure postfix
$ sudo sudo apt-get install mailutils
$ sudo mkdir /etc/skel/mail/
$ mkdir ~/mail/
$ su
# mkdir ~/mail/

test send:

$ mail -s Subject_Line
testing new mail. This is the body .
$$mail -s "log file" < /etc/nginx/nginx.conf
[CTRL+D to send]


DOVECOT (receive)
config at: /etc/dovecot/dovecot.conf (do the usual back-up, re-create); mail folders in /var/mail/$USER

$ sudo apt-get install dovecot-imapd dovecot-pop3d
$cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf-backup
$rm /etc/dovecot/dovecot.conf
$nano /etc/dovecot/dovecot.conf

Backup /etc/dovecot/dovecot.conf, recreate it as below:

#sjy2 2012-03-01
protocols = imap imaps pop3 pop3s
listen = *, [::]
disable_plaintext_auth = no
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = mail
ssl_cert_file = /etc/ssl/certs/postfix.pem
ssl_key_file = /etc/ssl/private/postfix.key
mail_location = maildir:~/mail:LAYOUT=fs:INBOX=~/mail/
protocol imap {}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
protocol managesieve {}
auth default {
mechanisms = plain login
passdb pam {}
userdb passwd {}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
dict {}
plugin {}

Continue reading »

Feb 282012

1. Ensure everything up to date (as / ):

#apt-get update
#apt-get upgrade --show-upgraded

2. Install OpenVPN and the udev dependency

#apt-get install openvpn udev

3. Configure Public Key Infrastructure Variables

$nano /etc/openvpn/easy-rsa/2.0/vars
edited the default to (roughly as CA_Cert: NB to update CACerts):
export KEY_CITY="Newton"
export KEY_ORG="US.Yearl" #perhaps should have used [email protected]?
export KEY_EMAIL="[email protected]"

4. initialize PKI Issued

All 3 commands in sequence. Unlike CA_Cert left certain fields not present in /etc/openvpn/easy-rsa/2.0/vars blank. Not necessary anyway. The point is to create a DN (Distinguished Name).

cd /etc/openvpn/easy-rsa/2.0/
 . /etc/openvpn/easy-rsa/2.0/clean-all
 . /etc/openvpn/easy-rsa/2.0/build-ca
 Organizational Unit Name (eg, section) []:.
 Common Name (eg, your name or your server's hostname) [US.Yearl CA]:.
 Name []:.

5. Generate Certificates and Private Keys

. /etc/openvpn/easy-rsa/2.0/build-key-server yearlus

writing new private key to ‘yearlus.key’ … some questions matching info in /etc/openvpn/easy-rsa/2.0/vars then A challenge password []: **MYAWESOMEPASSWORD** An optional company name []: US.Yearl

6. Create client certs. In this case the name of two machines on my LAN

. /etc/openvpn/easy-rsa/2.0/build-key huitzil
. /etc/openvpn/easy-rsa/2.0/build-key centzon

The same questions as before re building a DN. Hmm. I’m going to run with the server settings for huitzil (except for email: that will be that machine’s owner) and something different for centzon and see which one (or both) are valid. The doco is unclear on how the client DN should be constructed may have answered own question as
Common Name (eg, your name or your server's hostname) {huitzil}:

7. Generate Diffie Hellman Parameters

DH parms govern the method of key exchange and authentication used by the OpenVPN server. Generate these:

. /etc/openvpn/easy-rsa/2.0/build-dh

8. Relocate Secure Keys

/etc/openvpn/easy-rsa/2.0/keys/ directory contains all of the keys generated by easy-rsa tools. In order to authenticate to the VPN, you’ll need to copy a number of certificate and key files to the remote client machines. They are: ca.crt client1.crt client1.key

# cp -r /etc/openvpn/easy-rsa/2.0/keys /home/sjy2/openvpn_keys
# chown -R sjy2 /home/sjy2/openvpn_keys

Then SFTP, and delete the non-root keys in the user dir. SCP would have been easier direct from the src dir, but neither endpoint was readily accessible. Root login is additionally prevented on the server (see XXX), hence he need to temporarily transfer ownership. Keys and certificates for the server then to /etc/openvpn so OpenVPN server process can access them.

$cd /etc/openvpn/easy-rsa/2.0/keys
$cp ca.crt ca.key dh1024.pem yearlus.crt yearlus.key /etc/openvpn

9. Configuring the VPN

Example config in There is an example file in /usr/share/doc/openvpn/examples/sample-config-files

$cd /usr/share/doc/openvpn/examples/sample-config-files
$gunzip -d server.conf.gz
$cp server.conf /etc/openvpn/
$mv /etc/openvpn/server.conf /etc/vpn/yearlus.conf
$cp client.conf ~/
$cd ~/
$nano client.conf

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 1194

$nano yearlus.conf

# Any X509 key management system can be used.
# OpenVPN can also use a PKCS
#12 formatted key file
# (see “pkcs12” directive in man page). ca ca.crt cert yearlus.crt key yearlus.key
# This file should be kept secret

10. start the VPN server

generally use “/etc/init.d/openvpn start“, but this is my first outing so let me be verbose:

$./usr/sbin/openvpn --config /etc/openvpn/yearlus.conf
 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 21 2010
 Wed Feb 29 23:01:08 2012 Initialization Sequence Completed

Copy over a client.conf to /etc/openvpn, start server as daemon

# cp ~/centzon.conf /etc/openvpn
# /etc/init.d/openvpn start
Starting virtual private network daemon: centzon yearlus failed!

Hmmm. Problem with the client, centzon.conf? No. I’m a doofus… hunt and kill the previous PID. then:

#cp ~/centzon.conf /etc/openvpn
#/etc/init.d/openvpn start
 Starting virtual private network daemon: centzon huitzil yearlus.

Now over to a Mac client. So install and fire her up. Asking whether to “open a private configurations folder” or “create tunnelblick VPN Configuration”. Not sure. somewhat randomly chose the former. copy client .crt and .key to tunnelbrick’s config. dir: /Users/sjy2/Library/Application\ Support/Tunnelblick/Configurations and last pic.
Not thoroughly happy as the connection is reset every 231s or so… that may be a DNS issue? That’s not the point right now. Also pretty sure the server keys should not have left the server. Also, it would be nice to generate a .tblk file for ease of distribution.

11. So, almost there.

Now to route/tunnel incoming connections through the VPN…

nano /etc/openvpn/yearlus.conf

uncomment: push “redirect-gateway def1 bypass-dhcp”

Now edit /etc/sysctl.conf (Configuration file for setting system variables) adding the following line to ensure that your system is able to forward IPv4/6 traffic:

nano /etc/sysctl.conf


Followed largely from

Feb 122012

New VPS ordered today: £7 per quarter, 256MB OpenVZ, Deb. 5 (Lenny), 1 ipv4, 10 ipv6 from

general setup:

  • update, upgrade-stable, update
  • change root
  • disable root ssh
  • change ssh port
  • add vps label to zonefile; AAAA only– 1st ipv6 addr
  • add usr
  • add sudo
  • mail — ipv6 only?
  • rdns
  • iptables
  • certs
  • WWW — nginix?
  • mySQL | postgres
  • PHP
  • VPN– 4 or 6?
  • backups/ vm export

1. Upgrade & update

#apt-get update
#apt-get upgrade
#apt-get dist-upgrade #apt-get update

Boomshaka! == Debian 6 (squeeze), but after upgrade terminal is in Spanish.

— OS X side:

$sudo languagesetup

— Deb side:

$ nano ~/.profile

add: export LANG=en to ~/.profile

$ sudo dpkg-reconfigure locales
... /usr/sbin/dpkg-reconfigure: locales no está instalado
$ sudo apt-get install locales



$nano /etc/ssh/sshd_config

change to:

Protocol 2
PermitRootLogin no
StrictModes yes
Port [myObscurePort#]
ListenAddress [oneIPv6Addr]
ChallengeResponseAuthentication no
LoginGraceTime 600
# /etc/init.d/ssh restart
# netstat -tulpn | grep :[myObscurePort#]


3. sudo

Sudo sandwich

Sudo sandwich

#apt-get install sudo

4. Email (Postfix and Dovecot, SASL, Alpine)

Relocated to

5. WWW with nginix

Nginix is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Let’s give it a whirl instead of Apache!

$ sudo apt-get install nginx
$ sudo /etc/init.d/nginx start
$ sudo mkdir /var/www
$ sudo chown www-data:www-data /var/www
$ sudo nano /var/www/index.html
$ /etc/nginx/nginx.conf


Social Widgets powered by