brimble.com

User Tools

Site Tools

Trace:
unraid:virtual:hoobsf33

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
unraid:virtual:hoobsf33 [2021/04/10 16:54] dirkunraid:virtual:hoobsf33 [2021/07/13 11:18] (current) dirk
Line 6: Line 6:
   * Description: Hoobs   * Description: Hoobs
   * CPU Mode: Host Passthrough   * CPU Mode: Host Passthrough
-  * Logical CPUs: 2+  * Logical CPUs: 1
   * Internal Memory: 1024   * Internal Memory: 1024
   * Max Memory: 1024   * Max Memory: 1024
Line 49: Line 49:
  
   * Turn off Password Auth<code>sudo vim /etc/ssh/sshd_config</code><code>UsePAM yes   * Turn off Password Auth<code>sudo vim /etc/ssh/sshd_config</code><code>UsePAM yes
-PasswordAuthentication no</code> +PasswordAuthentication no</code><code>ChallengeResponseAuthentication no</code>
-<code>ChallengeResponseAuthentication no</code>+
   * Also had to make similar changes in the file that is included in /etc/ssh/sshd_config.d/*.conf   * Also had to make similar changes in the file that is included in /etc/ssh/sshd_config.d/*.conf
     * but had to change folder permissions first to get in, then edit, then change back     * but had to change folder permissions first to get in, then edit, then change back
   * Then had to make sure the user home folder was 700 (which it was), the .ssh folder was 700 (which it wasn't), and the authorized_keys file was 600 (which it wasn't).   * Then had to make sure the user home folder was 700 (which it was), the .ssh folder was 700 (which it wasn't), and the authorized_keys file was 600 (which it wasn't).
  
-==== Reboot ==== +===== HOOBS Prereq ===== 
-<code>sudo reboot -h now</code>+<code>sudo hostnamectl set-hostname hoobs</code><code>sudo yum install -y nss-mdns avahi</code><code>sudo systemctl enable avahi-daemon.service</code><code>sudo reboot</code>
  
-==== Install Hoobs ==== +===== Install HOOBS =====
-<code>curl -sSL https://install.pi-hole.net | bash</code> +
-  * Select Google (we will remove it later) +
-  * Ok to default "StevenBlock" +
-  * Ok to IPv4 and IPv6 +
-  * Yes to Static +
-  * Yes to Web Admin Interface +
-  * Yes to Web Server +
-  * Yes to queries +
-  * Show everything +
-  * Change password <code> pihole -a -p password</code>+
  
-==== Install Unbound ==== +<code>wget -q -O - http://bit.ly/get-hoobs | sudo bash -</code>
-<code>sudo apt-get install unbound</code> +
-  * write config file +
-<code>sudo vim /etc/unbound/unbound.conf.d/pi-hole.conf</code> +
-<code>server: +
-    # If no logfile is specified, syslog is used +
-    # logfile: "/var/log/unbound/unbound.log" +
-    verbosity: 0+
  
-    interface: 127.0.0.1 +==== Connect ==== 
-    port: 5335 +  * Connect to either the internal IP or hostname if setup 
-    do-ip4: yes +  * Create UserDirk Rockface / dirk 
-    do-udp: yes +  * Install Plugins 
-    do-tcp: yes +    * Nest (Hoobs Certified) 4.5.3 at time of this wiki 
- +    * myQ (Hoobs Certified) 2.6.2 at time of this wiki 
-    # May be set to yes if you have IPv6 connectivity +==== Plugins Setup==== 
-    do-ip6no +=== myQ === 
- +  use credentials from myQ account. 
-    # You want to leave this to no unless you have *native* IPv6With 6to4 and +=== Nest === 
-    # Terredo tunnels your web browser should favor IPv4 for the same reasons +  * Open a Chrome browser tab in Incognito Mode (or clear your cache). 
-    prefer-ip6: no +  * Open Developer Tools (View/Developer/Developer Tools)
- +  * Click on 'Network' tab. Make sure 'Preserve Log' is checked. 
-    # Use this only when you downloaded the list of primary root servers! +  * In the 'Filter' boxenter issueToken 
-    # If you use the default dns-root-data package, unbound will find it automatically +  * Go to home.nest.com, and click 'Sign in with Google'. Log into your account
-    #root-hints: "/var/lib/unbound/root.hints" +  * One network call (beginning with iframerpc) will appear in the Dev Tools windowClick on it. 
- +  * In the Headers tab, under General, copy the entire Request URL (beginning with https://accounts.google.com, ending with nest.com)This is your "issueToken" in config.json
-    # Trust glue only if it is within the server's authority +  * In the 'Filter' box, enter oauth2/iframe 
-    harden-glue: yes +  * Several network calls will appear in the Dev Tools window. Click on the last iframe call. 
- +  * In the Headers tab, under Request Headers, copy the entire cookie (include the whole string which is several lines long and has many field/value pairs - do not include the cookie: name)This is your "cookies" in config.json
-    # Require DNSSEC data for trust-anchored zonesif such data is absent, the zone becomes BOGUS +  * In the 'Filter' box, enter issue_jwt 
-    harden-dnssec-stripped: yes +  * Click on the last issue_jwt call. 
- +  * In the Headers tabunder Request Headers, copy the entire x-goog-api-key (do not include the x-goog-api-keyname)This is your "apiKeyin config.json. 
-    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes +  Do not log out of home.nest.com, as this will invalidate your credentialsJust close the browser tab.
-    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details +
-    use-caps-for-id: no +
- +
-    # Reduce EDNS reassembly buffer size+
-    # Suggested by the unbound man page to reduce fragmentation reassembly problems +
-    edns-buffer-size: 1472 +
- +
-    # Perform prefetching of close to expired message cache entries +
-    # This only applies to domains that have been frequently queried +
-    prefetch: yes +
- +
-    # One thread should be sufficient, can be increased on beefy machinesIn reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1+
-    num-threads+
- +
-    # Ensure kernel buffer is large enough to not lose messages in traffic spikes +
-    so-rcvbuf: 1m +
- +
-    # Ensure privacy of local IP ranges +
-    private-address: 192.168.0.0/16 +
-    private-address: 169.254.0.0/16 +
-    private-address: 172.16.0.0/12 +
-    private-address: 10.0.0.0/8 +
-    private-address: fd00::/8 +
-    private-address: fe80::/10</code> +
-     +
-==== Point Pi-hole to Unbound ==== +
-  * log into pi-hole +
-  * go to Settings -> DNS +
-  * uncheck Google servers and add Custom 127.0.0.1#5335 +
-  * Save +
- +
-==== Fix domain pointing to /admin page ==== +
-  * To redirect the root address to /adminadd the following line to /etc/lighttpd/lighttpd.conf: +
- +
-<code>url.redirect = ( "^/$=> "/admin" )</code> +
- +
-Links: +
-      * https://www.youtube.com/watch?v=FnFtWsZ8IP0 +
-      * https://www.reddit.com/r/pihole/comments/4eirjz/is_it_possible_to_forward_a_domain_to_the_pihole/+
unraid/virtual/hoobsf33.1618091649.txt.gz · Last modified: by dirk

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki