brimble.com

User Tools

Site Tools

Trace: edgerouterx
unraid:virtual:hoobsf33

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
unraid:virtual:hoobsf33 [2021/04/10 15:59] dirkunraid:virtual:hoobsf33 [2021/07/13 11:18] (current) dirk
Line 6: Line 6:
   * Description: Hoobs   * Description: Hoobs
   * CPU Mode: Host Passthrough   * CPU Mode: Host Passthrough
-  * Logical CPUs: 2+  * Logical CPUs: 1
   * Internal Memory: 1024   * Internal Memory: 1024
   * Max Memory: 1024   * Max Memory: 1024
Line 42: Line 42:
 ===== Setup ===== ===== Setup =====
 ==== Update Packages ==== ==== Update Packages ====
-<code>sudo apt-get update +<code>sudo yum update</code>
-sudo apt-get dist-upgrade</code> +
- +
-==== Install SSH Server ==== +
-<code>sudo apt-get install openssh-server</code>+
  
 ==== Create ssh-rsa key auth ==== ==== Create ssh-rsa key auth ====
   * In home directory <code>mkdir .ssh</code>   * In home directory <code>mkdir .ssh</code>
   * authorized_keys file needs to have keys in them. Copy over from harddrive, external drive, or create them.   * authorized_keys file needs to have keys in them. Copy over from harddrive, external drive, or create them.
-  * When making keys on clients <code>ssh-keygen -t rsa</code>  
-  * New things for keys: 
-    * So, ssh-keygen no longer creates the keys with the headers on them.  Seems to be no big deal for ssh but Cyberduck borked. 
-    * To make private keys with headers for Cyberduck:<code>openssl genrsa -aes128 -out id_rsa 2048 
-openssl rsa -in id_rsa -pubout -out id_rsa.test 
-ssh-keygen -f id_rsa.test -i -mPKCS8</code> 
-    * Links: 
-      * https://rietta.com/blog/2012/01/27/openssl-generating-rsa-key-from-command/ 
-      * https://stackoverflow.com/questions/1011572/convert-pem-key-to-ssh-rsa-format 
  
   * Turn off Password Auth<code>sudo vim /etc/ssh/sshd_config</code><code>UsePAM yes   * Turn off Password Auth<code>sudo vim /etc/ssh/sshd_config</code><code>UsePAM yes
-PasswordAuthentication no</code> +PasswordAuthentication no</code><code>ChallengeResponseAuthentication no</code> 
-==== Reboot ==== +  * Also had to make similar changes in the file that is included in /etc/ssh/sshd_config.d/*.conf 
-<code>sudo reboot -h now</code> +    * but had to change folder permissions first to get inthen edit, then change back 
- +  * Then had to make sure the user home folder was 700 (which it was), the .ssh folder was 700 (which it wasn't)and the authorized_keys file was 600 (which it wasn't).
-==== Install Pi-hole ==== +
-<code>curl -sSL https://install.pi-hole.net | bash</code> +
-  * Select Google (we will remove it later) +
-  * Ok to default "StevenBlock" +
-  * Ok to IPv4 and IPv6 +
-  * Yes to Static +
-  * Yes to Web Admin Interface +
-  * Yes to Web Server +
-  * Yes to queries +
-  * Show everything +
-  * Change password <code> pihole -a -p password</code> +
- +
-==== Install Unbound ==== +
-<code>sudo apt-get install unbound</code> +
-  * write config file +
-<code>sudo vim /etc/unbound/unbound.conf.d/pi-hole.conf</code> +
-<code>server: +
-    # If no logfile is specifiedsyslog is used +
-    # logfile: "/var/log/unbound/unbound.log" +
-    verbosity: 0 +
- +
-    interface: 127.0.0.1 +
-    port: 5335 +
-    do-ip4: yes +
-    do-udp: yes +
-    do-tcp: yes +
- +
-    # May be set to yes if you have IPv6 connectivity +
-    do-ip6: no +
- +
-    # You want to leave this to no unless you have *native* IPv6. With 6to4 and +
-    # Terredo tunnels your web browser should favor IPv4 for the same reasons +
-    prefer-ip6: no +
- +
-    # Use this only when you downloaded the list of primary root servers! +
-    # If you use the default dns-root-data package, unbound will find it automatically +
-    #root-hints: "/var/lib/unbound/root.hints" +
- +
-    # Trust glue only if it is within the server's authority +
-    harden-glue: yes +
- +
-    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS +
-    harden-dnssec-stripped: yes +
- +
-    # Don'use Capitalization randomization as it known to cause DNSSEC issues sometimes +
-    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details +
-    use-caps-for-id: no +
- +
-    # Reduce EDNS reassembly buffer size. +
-    # Suggested by the unbound man page to reduce fragmentation reassembly problems +
-    edns-buffer-size: 1472 +
- +
-    # Perform prefetching of close to expired message cache entries +
-    # This only applies to domains that have been frequently queried +
-    prefetch: yes +
- +
-    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1. +
-    num-threads:+
- +
-    # Ensure kernel buffer is large enough to not lose messages in traffic spikes +
-    so-rcvbuf: 1m+
  
-    # Ensure privacy of local IP ranges +===== HOOBS Prereq ===== 
-    private-address: 192.168.0.0/16 +<code>sudo hostnamectl set-hostname hoobs</code><code>sudo yum install -y nss-mdns avahi</code><code>sudo systemctl enable avahi-daemon.service</code><code>sudo reboot</code>
-    private-address: 169.254.0.0/16 +
-    private-address: 172.16.0.0/12 +
-    private-address: 10.0.0.0/+
-    private-address: fd00::/8 +
-    private-address: fe80::/10</code> +
-     +
-==== Point Pi-hole to Unbound ==== +
-  * log into pi-hole +
-  * go to Settings -> DNS +
-  * uncheck Google servers and add Custom 127.0.0.1#5335 +
-  * Save+
  
-==== Fix domain pointing to /admin page ==== +===== Install HOOBS =====
-  * To redirect the root address to /admin, add the following line to /etc/lighttpd/lighttpd.conf:+
  
-<code>url.redirect = ( "^/$" => "/admin" )</code>+<code>wget -q -O - http://bit.ly/get-hoobs | sudo bash -</code>
  
-Links: +==== Connect ==== 
-      https://www.youtube.com/watch?v=FnFtWsZ8IP0 +  Connect to either the internal IP or hostname if setup 
-      * https://www.reddit.com/r/pihole/comments/4eirjz/is_it_possible_to_forward_a_domain_to_the_pihole/+  Create UserDirk Rockface dirk 
 +  * Install Plugins 
 +    * Nest (Hoobs Certified) 4.5.3 at time of this wiki 
 +    * myQ (Hoobs Certified) 2.6.2 at time of this wiki 
 +==== Plugins Setup==== 
 +=== myQ === 
 +  * use credentials from myQ account. 
 +=== Nest === 
 +  * Open a Chrome browser tab in Incognito Mode (or clear your cache). 
 +  * Open Developer Tools (View/Developer/Developer Tools). 
 +  * Click on 'Network' tab. Make sure 'Preserve Log' is checked. 
 +  * In the 'Filter' box, enter issueToken 
 +  * Go to home.nest.com, and click 'Sign in with Google'. Log into your account. 
 +  One network call (beginning with iframerpc) will appear in the Dev Tools window. Click on it. 
 +  * In the Headers tab, under General, copy the entire Request URL (beginning with https://accounts.google.com, ending with nest.com). This is your "issueToken" in config.json. 
 +  * In the 'Filter' box, enter oauth2/iframe 
 +  * Several network calls will appear in the Dev Tools window. Click on the last iframe call. 
 +  * In the Headers tab, under Request Headers, copy the entire cookie (include the whole string which is several lines long and has many field/value pairs - do not include the cookie: name). This is your "cookies" in config.json. 
 +  * In the 'Filter' box, enter issue_jwt 
 +  * Click on the last issue_jwt call. 
 +  * In the Headers tab, under Request Headers, copy the entire x-goog-api-key (do not include the x-goog-api-key: name). This is your "apiKey" in config.json. 
 +  * Do not log out of home.nest.com, as this will invalidate your credentials. Just close the browser tab.
unraid/virtual/hoobsf33.1618088344.txt.gz · Last modified: by dirk

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki