You have to have at least two keys. Enter car as normal (DUH!! :-b) Find back up key slot, ours is under the cup holder insert, it has a little indent that looks like our key Put key in slot Put in accessory mode by pushing start without foot on brake Wait 3-5 seconds Shutoff car Remove key Put 2nd key in place Put in accessory mode by pushing start without foot on brake once again

Install and configure wireguard I use the Wireguard install script to create the config we import into the wireguard. That is located HERE Generate your first wireguard config. After running the script above it will ask you for a client name, I would name it something relating to opnsense Install Wireguard on OPNSense | System -> Firmware -> Plug-ins -> select and install ‘os-wireguard’ Get to wireguard config | Refresh the page, then go to VPN -> Wireguard

Configure NGiNX nano /etc/nginx/conf.d/sso.domain.com.conf server { listen 443 ssl http2; server_name sso.domain.com; ssl_certificate /etc/nginx/ssl/sso.domain.com/fullchain.crt; ssl_certificate_key /etc/nginx/ssl/sso.domain.com/key; ssl_session_timeout 5m; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $scheme; } } Configure Keycloak The following is needs to be ran for Keycloak to work behind nginx cd bin ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)' ./jboss-cli.sh 'embed-server,/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)' 4 ./jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)'

Here is how to have two different Sonarr instances (for example 4k and standard deff). Change the location after --data= to wherever you want the data to be. Since lidarr/radarr are both based on sonarr I would assume you could do it the same way with those as well. nano /etc/systemd/system/sonarr.service [Unit] Description=Sonarr Daemon After=network.target [Service] User=plex Group=plex StandardOutput=null Type=simple ExecStart=/usr/bin/mono /opt/Sonarr/Sonarr.exe -nobrowser --data=/opt/DB/Sonarr TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/sonarr4k.

Do you have a great Google Chromecast with Google TV that you don’t want the horrible default launcher (my opinion, all I want is my apps nothing else, I love my Roku, but Channels-DVR doesn’t work with Roku :-() Here is how to install a new one. Today we will be setting up the ATV Launcher (Google Play Store Links below). It’s very easy. ATV Launcher: LINK ATV Launcher Pro: LINK

Minio Install mkdir /opt/minio cd /opt/minio wget https://dl.min.io/server/minio/release/darwin-amd64/minio wget https://dl.min.io/client/mc/release/linux-amd64/mc chmod +x mc minio echo 'PATH="${PATH}:/opt/minio"' >> /root/.bashrc useradd minio mkdir -p /data/minio chown minio: -R /opt/minio /data/minio Configure Systemd service nano /etc/systemd/system/minio.service Paste the following in the above file # https://github.com/minio/minio-service/tree/master/linux-systemd [Unit] Description=MinIO Documentation=https://docs.min.io Wants=network-online.target After=network-online.target AssertFileIsExecutable=/opt/minio/minio [Service] WorkingDirectory=/opt/minio User=minio Group=minio EnvironmentFile=/etc/default/minio ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi" ExecStart=/opt/minio/minio server $MINIO_OPTS $MINIO_VOLUMES # Let systemd restart this service always Restart=always # Specifies the maximum file descriptor number that can be opened by this process LimitNOFILE=65536 # Specifies the maximum number of threads this process can create TasksMax=infinity # Disable timeout logic and wait until process is stopped TimeoutStopSec=infinity SendSIGKILL=no [Install] WantedBy=multi-user.

Below I will be writing how to install and configure Channels DVR with Pluto using Pluto4Channels and Philo using TV Everywhere on Debian 10 First install ChannelsDVR, I will be doing this on Linux. This does work on RaspberryPi which is awesome useradd channels-dvr cd /opt This will install the ChannelsDVR in the current folder and install the systemd service curl -f -s https://getchannels.com/dvr/setup.sh | sh chown channels-dvr: -R /opt/channels-dvr

I did a massive bitwarden_rs to vaultwarden rename so you might have to do a little different then what this says!! Here is how to install vaultwarden on Debian 10 with MYSQL support Below I will be writing how to install and configure vaultwarden to work with MYSQL without the need for Docker. Install required softwre Not everything below is required, but I like to install it anyway apt install -y tmux tmux apt install -y build-essential git pkg-config libssl-dev libmariadb-dev-compat libmariadb-dev htop curl wget Install Rust curl --proto '=https' --tlsv1.

Here is a basic cheatsheet for InfluxDB I’ve learned from playing with the TIG stack How to find the hosts in the series. You run the below command and just go through the list to find the host you want to delete. You can delete with what you know the host is, but his is nice because it will insure there wasn’t a typo WHERE "host" = 'DESKTOP-NAME' Here is how you actually drop the data from the DB that way it’s not displayed in Grafana anymore

This so far has been working for me to have DroneCI behind an NGiNX reverse proxy working with Gitea NGiNX Code nano /etc/nginx/sites-available/droneci.domain.com ln -s /etc/nginx/sites-available/droneci.domain.com /etc/nginx/sites-enabled upstream droneci { server 127.0.0.1:8080; } server { server_name droneci.domain.com drone.domain.com; listen 443 ssl http2; ssl_certificate /etc/certs/droneci.domain.com/fullchain.crt; ssl_certificate_key /etc/certs/droneci.domain.com/key; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host droneci.domain.com; proxy_pass http://droneci; proxy_redirect off; proxy_http_version 1.1; proxy_buffering off; chunked_transfer_encoding off; } } Here is the code for the docker container docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_GITEA_SERVER="https://git.

This is the easiest way I’ve learned to create a self signed cert openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key -out crt

The folowing are the systemd units locations and content nano /etc/systemd/system/tdarr-node.service [Unit] Description=Tdarr Node Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Node ExecStart=/opt/tDarr/Tdarr_Node/Tdarr_Node TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/tdarr-server.service [Unit] Description=Tdarr Server Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Server ExecStart=/opt/tDarr/Tdarr_Server/Tdarr_Server TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target nano /etc/systemd/system/tdarr-node.service [Unit] Description=Tdarr Node Daemon After=network.target [Service] User=plex Group=plex #StandardOutput=null Type=simple WorkingDirectory=/opt/tDarr/Tdarr_Node ExecStart=/opt/tDarr/Tdarr_Node/Tdarr_Node TimeoutStopSec=20 KillMode=process Restart=on-failure [Install] WantedBy=multi-user.target Now to enable everything you can type the following.

This is useful if using remote shell to do things. I used this when I migrated from RemoteUtilities (great software, but I can’t seem to find a cheap host for a Windows OS, MeshCentral only requires a small Linux server) to MeshCentral. I was able to use the remote shell through SentinelOne to do this. SentinelOne is by far the best NextGenAV out there. If remote shell uses CMD we’re going to want to open/start powershell

This is extremely useful if you need to download something in Windows via CLI. This is just like wget on LInux. Previously I would use the precompiled wget program on machines, but now that I learned how to use powershell it’s great. mkdir c:\temp cd c:\temp powershell.exe Invoke-WebRequest -Uri LINKTOEXEHERE.EXE -OutFile EXENAMEHERE.EXE rm EXENAMEHERE.EXE

After using LibreNMS for years and it was giving me issues, I decided to give check_mk RAW a try. It works great. I was able to find a way to have check_mk check for Domain Expiry. The original post is HERE, but the formatting wasn’t working so I reposted it. nano /scripts/check-domain-expiry After you have edited this file make sure to add it to a daily crontab. We don’t check the every check cycle since you’d probably get blocked due to high requests.

Today I was finally able to figure out how to stdin from a file for systemctl edit :-) env SYSTEMD_EDITOR=tee sudo -E systemctl edit --system [your_unit_name] < [your_content_file] I found it HERE.

Here is how to install SSL certs using acme.sh that will work with haProxy acme.sh \ --install-cert \ -d domain.com \ --reloadcmd \ "cat \$CERT_KEY_PATH \$CERT_FULLCHAIN_PATH >/etc/haproxy/ssl/domain.com && \ service haproxy reload"

Here’s how to install Duplicati as a Windows Service Download Duplicati from HERE During install don’t mark Auto Start up option Open CMD as admin Navigate to the installation folder in CMD (this should be the same as long as you left it as default) cd "C:\Program Files\Duplicati 2\" Now we will install the service .\Duplicati.WindowsService.exe install Now restart your computer (this isn’t needed, but it’s a good way to test)

This seems to be just like connecting via SSH to a Linux machine, but with Windows. I’ve only tested with Windows 10, but it works great. Download PSEX HERE. Extract ZIP wherever (I like to use 7zip). CD to that location via CMD as domain admin (this is assuming domain environment, run CMD as administrator by right clicking, then run as administrator) Run the following .PsExec.exe \PCnameORip cmd.exe You are now in a remote shell You can also use winrs as well

Go to https://www.microsoft.com/en-us/software-download/windows10ISO and use the dev tools F12 on browsers to change device to mobile. Then you should be able to choose the version/lang/type and then you’ll get a direct link from Microsoft.

1. Open a command prompt or PowerShell. (You shouldn’t run as admin since this is based for the specific user). 2. Copy and paste the command below into the command prompt or PowerShell for the .exe file of the WSL distro name (ex: “Debian”) you want to set the default user for, and press Enter. (You can replace root with any user you’d like) [Ubuntu] > ubuntu config --default-user root

There’s many times when I want to send an email for testing using postfix and I can never remember how to do it. Here is how.This is super useful to make sure your SMTP relay thru AWS/Postmark is working as it should. Then you can tail /var/log/mail.log to see if it worked or if it got rejected for whatever reason. First type the following to start sendmail sendmail [email protected] Now we can type in or paste the following

If you ever run into a scenario where you have an ACL in place, but can’t get on the IP that’s in the ACL and you have ssh access, the following will work well. You have to do a partial factory reset which resets everything other than the networking. The default creds are ADMIN/ADMIN. Make sure to change those as soon as you’re logged in. ipmitool raw 0x3c 0x40

So I finally switched to iPhone and ordered an Apple Credit Card (I love this thing). The cash back is put on you Apple Cash account, if your account can’t be verified than you don’t get the cash back. So I started the process of verifying my account. I put in my First Name, Last Name, Middle Name, and full address. Well they need you to use the address that’s on you’re license, makes sense, but I just moved so I used the incorrect one.

This is very useful when you have everything redirected with NGiNX to HTTPS, but acme.sh/LetsEncrypt requires HTTP for verification. server { listen 80; server_name DOMAIN.COM; root HTTP_ROOT; location ^~ /.well-known/acme-challenge/ { try_files $uri =404; } location / { return 301 https://DOMAIN.COM$request_uri; } }