Fixing trailing spaces in directory names

We had a situation where trailing spaces in directory names on a Ubuntu server caused issues with a Nextcloud instance. As a temporary fix I found a script here to deploy.

https://github.com/nextcloud/server/issues/5843#issuecomment-493822639

Here is a slightly modified version we run daily using cron.

#!/bin/bash

NEXTCLOUD_DATA_DIR=/nc/data/directory
NEXTCLOUD_INSTALL=/nc/web/root

find_cmd=(
  find                 
  $NEXTCLOUD_DATA_DIR  
  -depth               
  -type d              
  -name '*[[:space:]]' 
  -print0              
)

shopt -s extglob                            
while IFS= read -r -d '' source_name; do    
  dest_name=${source_name%%+([[:space:]])}  
  mv -v "$source_name" "$dest_name"         
done < <("${find_cmd[@]}")                  

cd $NEXTCLOUD_INSTALL
php occ files:scan --all --quiet

exit 0

Turn server configuration for Spreed WebRTC

To run WebRTC reliably a Turn server is required. Configuration can be very complicated, this post describes a basic working configuration using Coturn on Ubuntu Xenial (16.04).

Install Coturn on your server, it is best to install a separate server for this.

apt install coturn

Next add the following configuration to /etc/turnserver.conf

listening-port=443
alt-listening-port=3478
listening-ip=YOURIPHERE
relay-ip=YOURIPHERE
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=YOURSECRETHERE
realm=spreedbox.local
total-quota=100
stale-nonce
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
no-loopback-peers
no-multicast-peers

On the Spreed server define the server in /etc/spreed/webrtc.conf

...
turnURIs = turn:turn.yourdomain.com:443?transport=udp turn:turn.yourdomain.com:443?transport=tcp
turnSecret = YOURSECRETHERE
..

That is it, restart Coturn and then Spreed and all should be working.

Ubuntu desktop automated maintenance with Ansible

When running enough desktop office machines doing maintenance and making changes like installing new software quickly becomes a problem. You can configure unattended upgrades but this becomes a problem when it does not work. Often a update won’t install and you’ll need to intervene.

To resolve this we decided to try Ansilbe, which has worked out great for us. We start up the machines using wake on lan at night, apply any changes run the updates and clean up the system.

If you do not know how Ansible works, read up on it here. We needed to work around some bugs in Ansible but the playbook below is what works right now.

---
- hosts: desktops
 strategy: free
 serial: 10
 connection: local
 tasks:
 - name: wake up desktop
 local_action: command /usr/bin/wakeonlan {{ macaddress }}

- name: wait for desktop to start
 wait_for: >
 host={{ inventory_hostname }}
 port=22
 delay=1
 timeout=360
 delegate_to: localhost
 ignore_errors: True

- hosts: desktops
 strategy: free
 remote_user: ansibleuser
 become: yes
 become_user: root
 serial: 5
 tasks:

- name: update
 apt: update_cache=yes

- name: check for updates
 command: /usr/lib/update-notifier/apt-check --package-names
 register: packages

- name: upgrade
 apt: upgrade=dist
 when: packages.stderr != ""

- name: autoremove
 command: apt-get -y autoremove

- name: cleanup
 command: apt-get clean

- name: shutdown
 command: /sbin/shutdown -h +1

You’ll need to add all the desktop host names and mac addresses to /etc/ansible/hosts defining the mac address like this:

[desktops]

desktop1.example.com macaddress=00:EE:EE:EE:00:EE
desktop2.example.com macaddress=00:EE:EE:EE:00:EE
desktop3.example.com macaddress=00:EE:EE:EE:00:EE

You can add any task to run on the desktops in the playbook.

 

 

OPNsense router on a XS4ALL VDSL connection

With a Dutch XS4ALL VDSL connection you only get a basic VDSL modem with router which cannot be bridged. So using your own router and firewall is not possible. To make this possible we got a Draytek Vigor 130 and a OPNsense router which gives us a lot more capabilities and control for the small office environment it is installed at.

Thanks to two separate posts I found on this topic it was possible to do this. First the post by Harold Schoemaker who explains the configuration of the modem.

The modem just needs to talk to the DSLAM and allow the router to setup a PPPoE session. Login to the modem and configure the following under “Internet Access” and “General Setup”.

Next go to the MPoA settings and configure the following:

  • MPoA (RFC1483/2684): Enable
  • Bridge Mode: Enable Bridge Mode

Once saved the status of the modem should say ‘SHOWTIME” and show the correct speeds.

Now we can configure the OPNsense appliance.  With the help of a post by FirewallOnline.nl I got this to work.

First a vlan needs to be configured, for XS4ALL internet this is VLAN 6. In the menu go to “Interfaces”, “Other Types” and “VLAN”.

Create a new VLAN and make the parent interface your wan interface, re1 in my case. Add the VLAN tag 6, add a Description and save.

Next under “Interfaces” go to WAN and configure the following.

  • Description: WAN_INTERNET
  • IPv4 configuration type: PPPoE
  • IPv6 configuration type: none
  • Username (under PPPoE configuration): whatever@xs4all.nl (it does not matter what you fill out here, it cannot be emtpy though.)
  • Password: 1234
  • Block private networks en Block bogon networks need to be on.

Save the configuration and under “Lobby” go to the “Dashboard”, you should see your external ip address here at the WAN interface.