DietPi – Move Boot partition to smaller SD Card

Original Topic

DietPi is just a great distribution. If you haven’t tried it, do.

There is a function within the system called dietpi-drivemanager and it does what it says on the tin, manages drives. For me I wanted to move the rootfs to an SSD. Easily done with DietPi.

Once I had done that, I wanted to reclaim the 16GB SD Card for other things and reuse an old 2GB card. This turned out to be quite easy as well.

From the top – I inserted the smaller SDCard into a USB adapter and plugged it into the Pi.

The smaller card shows up as sdb  with lsblk command. First, format the smaller card and create a new partition (taken from this item).

Remember the last command to actually make the changes.

Format the partition as fat

Once the filesystem is made you’re ready to copy – I used dd

Next, you need to edit the /etc/fstab file.

You need to edit this line and insert the right PARTUUID for the new boot partition. Use the blkid command to get the value. Remember, it will still be shown as the PARTUUID for /dev/sdb1

I then un-mounted the /boot partition, removed the card and inserted the smaller card before rebooting.

As the boot partition is not mentioned in the cmdline.txt file, I did not find a need to edit it.

Bingo! I now have the boot on an otherwise redundant 2GB card and free up a 16GB card for other things. Reduce, reuse recycle.

Facebooktwitterby feather
Posted in DietPi, Linux, RaspberryPi, Technical - General | Leave a comment

Get data from WH1080 Maplin Weatherstation sensors directly

I have been using pywws to extract the weather station data from my Maplin WH1080 for 6 years now but have now suffered from the dreaded (in pywws circles) USB Lockup – basically the weather station stops talking to the Raspberry Pi.

Via a strange set of circumstances on the OpenEnergyMonitor community, I discovered the package rtl_433 and wondered if I could read the data directly from the sensors which were clearly still working as the base station continued to show updates.

The short answer was “Yes I can”.

First step was to identify a suitable USB DVB stick that uses the Realtek RTL2832U chip. I chose this one from Amazon.

While I waited the day for delivery (oh woe is me), I got to installing the rtl_433 package.

The rtl_433 GitHub page links you to a list of repositories. As I wanted to run it on a Raspberry Pi, I noted it was available in the ‘testing’ repository. Never having installed anything from a different repo this took me on a different track as explained here.

Once installed, and once the stick arrived (today), I simply plugged the stick in at typed

That was it. My data appeared.

I did want it passed into MQTT so I ended up (having asked a stupid question and been pointed to the wiki) with;

I now get a single JSON payload message on my MQTT broker!

HTH

Facebooktwitterby feather
Posted in Linux, Technical - General | Tagged , , , | Leave a comment

Install a Package from the Testing Repository

I wanted to install the rtl_443 package onto my Raspberry Pi, running Buster edition of Raspbian, so I could read the data from my WH1080.  The GitHub page pointed me to the Raspbian testing repository.

To install this package from testing, the first task was to edit /etc/apt/sources.list and add the repository;

Then sudo apt update .  At this point I then just did sudo apt-get install rtl-433 but I suggest you don’t if you don’t want everything updated from the testing repository (I didn’t).

Instead create file /etc/apt/preferences  and include;

and sudo apt update

This will put the raspbian testing repository as a lower priority than the main and standard repositories. You can check this by using apt-cache policy to list the repositories.

Note, by default, Raspbian is picking up a Debian repository – no idea why, but it is a bit confusing if you do a apt list --upgradable

All that is needed to install the package is a sudo apt install rtl_433

HTH

Facebooktwitterby feather
Posted in Linux, Technical - General | Tagged , | Leave a comment

ReadyNasDuo V1 Rsync

This is a quick – “so that’s how I did it”

Connecting to an rsync share on the NasDuo;

Where the user is listed under the ‘Advanced Options’  of the share.  I used a user without a password, nogroup and all the rights disabled.

For me it was the double colon. Before that I got an error

 

 

Facebooktwitterby feather
Posted in Linux, Technical - General | Tagged | Leave a comment

Miscrosoft Teams – stop it auto starting

The fact Microsoft is forcing Teams onto every computer is extremely annoying and it seems they have made it deliberately difficult to prevent it from auto starting.

I’ve found 3 different fixes;

From the main Windows interface,

  • Select the Start Windows logo Start button button, then select Settings Gear-shaped Settings icon > Apps > Startup.  Select Off for Teams.
  • If you don’t see the Startup option in Settings, right-click the Start Windows logo Start button button, select Task Manager, then select the Startup tab. (If you don’t see the Startup tab, select More details.) Select the app you want to change, then select Enable to run it at startup or Disable so it doesn’t run.

Finally, edit the setup.json file found here

Set

HTH

Facebooktwitterby feather
Posted in Technical - General | Tagged , , | Leave a comment

Letsencrypt SSL Certificates by DNS Challenge with Lighttpd

LAN HTTPS Everywhere

The aim of this investigation was to find a way to deploy HTTPS certificates on my LAN.  This might seem over the top, but a) Troy Hunt thinks it is a good idea and b) I was getting fed up of the ‘insecure’ messages.

After much fiddling and experimenting I have settled on this process.

Things to note:

  • You do not need any web server on the internet. You just need to be able to edit your domain DNS record.
  • Use a subdomain for each certificate/server – these do not need to actually exist on the DNS.
  • I’m not going to go into detail about things that are easily found with Google search.

Prerequisites

  • Domian – you need to have one available – I bought mine for $10 from Google Domains.
  • Host the DNS for the domain where you can edit the records – I was going to use Google Domains (hence the purchase) but ended up with the domain on CloudFlare DNS servers.

For me I am using Lighttpd so some of this is that server specific and my OS is DietPi.

Set Up DNS Access

Assuming you have got your CloudFlare account all setup, go to your profile page, scroll down and click on ‘View’ next to Global API Key.  You will need it in the next step.

Install & Configure certbot

You may need  sudo for these commands if not on DietPi as root. Also remember that any scripts need to be made executable  chmod +x .

First thing is to install certbot with the right plugin.

If like me you use DietPi, then dietpi-software install 92 else apt-get install certbot .  Then:

apt-get install python3-certbot-dns-cloudflare

Create a folder called  .secrets and create /edit a file called  cloudflare.ini . Include the following lines from setting up access to CloudFlare DNS above. Treat this like a password so  chmod 600

Now create a small script to generate the certificate (you will need to change the domain and the path to match your ini file) – you will only need this once (hopefully):

You can run this script, answer the questions and the certificate should be generated.

Note the  cat  command in the script.  certbot does not generate the right combined certificate for lighttpd so this needs to be done manually.  That is a bit of a pain and requires a little more setting up to get renewal to work automatically.

Setting Up Renewal

To get a new combined certificate on renewal a small script is needed that will execute once the certificate has been renewed and deployed.

and in the file place the following code (no modification necessary):

The only way to test this is to force the renewal

A modern install of certbot will install systemd timer for you so it should just renew.  To check the timer

Lighttpd Configuration

This is included for me more than anything, as it can easily be found, but this is the addition to the standard  /etc/lighttpd/lighttpd.conf  file that I find works.

Restart lighttpd (and clear cache).

Setting up an internal FQDN

Outside the scope of this but, if you have PiHole installed simply add the domain and IP to the  /etc/hosts file on the PiHole, restart PiHole and you should be able to just type in the domain name and be directed to a secure https address.

HTH

Facebooktwitterby feather
Posted in DietPi, Technical - General | Tagged , , , , , | Leave a comment

BT Broadband – Faster Speeds – Yes Really

Well BT have done what they said.  I’ve even noticed a slight up tick today so it is obviously still training to the fastest possible stable rate.

Facebooktwitterby feather
Posted in Technical - General | Leave a comment

Ubiquiti USG Home Setup

I treated myself to an Ubiquiti UniFi Security Gateway (USG) this week, bought off Netxl but Via Amazon (as it was cheaper).  The setup was not quite as straightforward as the AP I installed a couple of months ago.  In doing that I had played with installing the Controller software on a DietPi VM (what a surprise) and hit a couple of issues around Java.

Although that setup worked, I was never comfortable with it and I have subsequently discovered this amazing script to install the UniFi Controller – thanks Glenn.  Being on a VM, I just rolled it back to the base snapshot and started afresh having first exported the configuration and then just loaded the backup in to the new instance – easy.  He also has an update script which will also update the client firmware if you like – awesome. They both just work!  The Controller software was asking to be updated so I did that first.

I didn’t write up anything about setting up the AP; it just worked. I created WLANs with an SSID/Password combo to match the existing networks so there was no need to go round reconnecting everything.  The AP is so much better – I used to have major issues with my work VPN as it kept dropping out when on WiFi (fine on a wired connection). It is now rock solid.

I’d hoped that the USG, like the AP, would just plug into the network and off it would go – but it didn’t.  This was partly a lack of understanding on my part and a little more info required in the Quick Start. To cut a long story short, this is what you need to understand:

  1. The factory firmware is probably way behind and the UI is much improved and expanded so you need to log in by SSH locally to do that.
  2. The USG wants the WAN network and LAN network to be on different subnets (assuming you are behind a home router). You therefore end up with 2 DHCP servers one on the Home Router for the WAN port on the USG, and the other on the USG for the rest of your network.
  3. The USG takes a while to boot – be patient.
  4. This also assumes you have disabled all the WiFi connections to the Home Router.

I have got quite a lot of hard-coded IPs on my network and they often expect a specific default gateway so I needed it to slot in where the Home Router left off.

To get it up and running:

  1. Make sure only one thing is plugged in directly to the Home Router so you can insert the USG between your network and the Home Router (your WAN).
  2. Connect the LAN1 port on the USG to a standalone computer (need a cable and turn off the wireless so forcing it onto the wired connection), and the WAN port of the USG to your normal network (or the Home Router).
  3. The USG will boot with the WAN connected to a DHCP IP from your network, and the LAN1 IP (and the computer) on a different subnet.
  4. Get the IP of the USG from the computer (it will be the gateway) and SSH into it using the default credentials ubnt:ubnt.
  5. Upgrade the firmware as per these instructions (just type ‘upgrade and the URL of the firmware).
  6. Once it has rebooted, go to https://setup.ubunt.com and use the UI to do some initial configuration.
  7. For me this consisted of
    1. Setting the USG LAN IP to the current IP address of the Home Router and configure the DHCP range again to match the Home Router setup (don’t save yet).
    2. Changing the IP address of my Home Router to a different subnet (e.g. from 192.168.1.1 to 192.168.10.1) and the DHCP range appropriately (don’t save yet).
    3. Changing the USG WAN settings to work with the new subnet of the Home Router (you could just leave it to get a DHCP address).
  8. First then, save the configuration on the USG – it will reboot. You will need to unplug the network cable from the computer to force the computer to pick up a new IP – be patient at this point. You will not have any internet on the computer (as the WAN cannot connect – yet).
  9. Save the Home Router configuration – you might need to force a reboot.  Unplug your network from the Home Router and plug it into LAN1 port of the USG. Now the Home Router is connected to the USG WAN port, and the rest of your network to the LAN1 port.
  10. You should now be able to adopt the USG in your UniFi Controller and everything still works. The one fly for me was that the Network had not been configured correctly and it moved from my specified IP to a X.X.X.1 IP. Manually changing that in the controller was easy enough.

I just now need to work out how to harness the power! My next task is use it for DDNS and a VPN connection.

References:

  1. Follow the steps on this KB to update the USG offline or SSH if have the internet access on USG https://help.ubnt.com/hc/en-us/articles/204910064-UniFi-Changing-the-Firmware-of-a-UniFi-Device#USG2
  2.  Then follow this steps to change the LAN IP of the USG https://help.ubnt.com/hc/en-us/articles/236281367-UniFi-How-to-Adopt-a-USG-into-an-Existing-Network
Facebooktwitterby feather
Posted in Hardware, Network, Technical - General | Tagged , | Leave a comment

BT Broadband – Faster Speeds

BT have said they are going to increase my speed

This I find really interesting as I hardly use what I have.  I monitor my speed on an hourly basis, As you can see, it is pretty reliable.  The dips are relatively small, usually plenty in reserve.  I have had one outage although that may have been when I was fiddling with my LAN setup.  This limiting factor – external bandwidth / site speed.

As ever, the press release is bull, aimed at the uninitiated. It will not improve the number of devices that can connect reliably.

Facebooktwitterby feather
Posted in Technical - General | Leave a comment

Cloudflared DNS over HTTPS (DoH) and Pi-Hole

(Using the new WordPress Editor and I am not sure I like it – in fact I hate it.  Gone back via the ‘Classic Editor’ plugin)

Background

I have been following Troy Hunt and Scott Hulme, 2 well known security experts and decided to try and employ DNS over HTTP (DoH).

I already had Pi-Hole installed on a DietPi VM (my favoured building block) so the logical thing was to put the cloudflared daemon on the same machine.

I used a combination of the following 3 references

Installation & Configuration

First step is to install the cloudflared package

To check it is installed correctly;

Next step is to configure the package correctly.  There are 2 means of providing a configuration to cloudflared; a config file or a yaml file.  I did not find the yaml method before I did the config.  I may change it at some point.

To setup the config file, create the following file

With this content

Setup a Service

Once configured, the next step is to run cloudflared as a service.  Create the required file;

and insert the following text;

Note I have commented out the reference to the user as this is DietPi and I simply run everything as root.

Once the file has been created, enable the service and start it;

To check that the service is running;

should return something like this

To test if this is working use this command;

The final piece of the puzzle is to now get Pi-Hole to use this for the DNS queries.  This is quite easy to do, simply add in  127.0.0.1#5053 to the custom DNS entry in the settings.

Change the Listener IP Address

There is one final thing.  Because of the way I wanted to set my network up, some devices bypass Pi-Hole but I still wanted the DNS queries to go via DoH.  In order to do that I wanted to point those machines DNS directly to the IP address hosting the Cloudflared daemon.  However it didn’t work.  After some discussion on the forum and looking at the output of  netstat -lnp I established that cloudflared was only listening on the loopback interface (127.0.0.1).

The solution was to add an  --address 0.0.0.0 parameter to the config line.

While the output of the netstat command still does not reflect the setup of a service like lighttpd, it does work.

Facebooktwitterby feather
Posted in DietPi, Linux, Pi-Hole, Technical - General | Tagged , | Leave a comment