Skip to content

Instantly share code, notes, and snippets.

View OnkelDom's full-sized avatar

Dominik Lenhardt OnkelDom

7 followers · 30 following
View GitHub Profile
@OnkelDom
OnkelDom / USG Redirect DNS.json
Created January 31, 2021 23:42
{
"service":{
"nat":{
"rule":{
"1":{
"description":"DNS Redirect",
"destination":{
"port":"53"
},
"inbound-interface":"eth1",
@OnkelDom
OnkelDom / USG Enable IPv6.json
Created January 31, 2021 23:43
{
"firewall": {
"ipv6-name": {
"wan_in-6": {
"default-action": "drop",
"description": "wan_in",
"enable-default-log": "''",
"rule": {
"1": {
"action": "accept",
@OnkelDom
OnkelDom / squid.conf.md
Last active February 11, 2021 23:05
Squid Config Snippets

Squid configuration snippets - Ansible Role: ansible-role-squid

Basics

Path Description
"/etc/squid/squid.conf" Default config file with includes
"/etc/squid/conf.d" Custom config folder
"/etc/squid/acl.d" Custom acls folder
"/etc/squid/errors.d" Custom error pages folder
@OnkelDom
OnkelDom / dante.yaml
Created February 19, 2021 08:32 — forked from lattenwald/dante.yaml
Ansible playbook for installing and configuring dante socks proxy on CentOS 7
- hosts: all
vars:
version: "1.4.2"
interface: "enp2s0"
dante_port: "1089"
tasks:
- name: install dependencies
become: yes
become_user: root
yum: name={{ item }} state=present
@OnkelDom
OnkelDom / docker-systemd.md
Last active March 14, 2023 21:23
My Setup to manage docker containers with systemd services

Setup Docker Systemd on Ubuntu 20.04

This is my docker systemd setup. I stored no configs or environment vars in this gist.

Install Docker

# Install Dependencies
$ sudo apt-get update
$ sudo apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release
@OnkelDom
OnkelDom / USG_OpenVPN_Radius_Auth.md
Created June 11, 2021 06:17 — forked from jcconnell/USG_OpenVPN_Radius_Auth.md
Unifi Security Gateway (USG) OpenVPN server with RADIUS authentication

Last Updated: 8/30/18

Details

I wanted to run an OpenVPN server on the USG. Since it has a Radius server built in, I figured this would be a much better way to handle OpenVPN authentication. Make sure you have the Radius server enabled on your USG under Settings > Services > Radius > Server in the controller. Add OpenVpn users under Settings > Services > Radius > Server.

Thanks to the following resources in helping to configure this:

@OnkelDom
OnkelDom / jekyll_ruby_setup.md
Last active August 6, 2021 21:41
Setup WSL Ubuntu to install ruby and use jekyll websites.

Installing Jekyll

Jekyll requires Ruby, so you’ll first need to install it. On Ubuntu, just run:

Install Ruby

sudo apt-get install ruby-full build-essential zlib1g-dev

Ensure RubyGems packages are installed under the user account instead of root.




  


  




    


          
    

      

        
        

          

              @OnkelDom
          

          

            
                OnkelDom
                / raspi_setup.md
            
            

              Last active
              September 19, 2021 18:56
            

          

        

      

        

  



    


          
    

      

        
        

          

              @OnkelDom
          

          

            
                OnkelDom
                / unifi-le-root-cert-fix.txt
            
            

              Created
              October 4, 2021 20:01
                — forked from sprocktech/unifi-le-root-cert-fix.txt
            

              
                Ubiquiti UniFi - Fix for the Let's Encrypt DST Root CA X3 Expiration
              
          

        

      

        

  

    
    


        



  


  

        

          
          # Some UniFi devices may not have the current ISRG root cert that LE uses
        

        

          
          # Some devices also have an older version of OpenSSL
        

        

          
          # These older versions will not validate a cert if the expired DST root cert is part of the chain
        

        

          
          

        

        

          
          # USG
        

        

          
          # This has an older OpenSSL version
        

        

          
          # The current ISRG root cert is not included in the latest firmware
        

        

          
          sudo -i
        

        

          
          sed -i 's|^mozilla\/DST_Root_CA_X3\.crt|!mozilla/DST_Root_CA_X3.crt|' /etc/ca-certificates.conf
        

        

          
          curl -sk https://letsencrypt.org/certs/isrgrootx1.pem -o /usr/local/share/ca-certificates/ISRG_Root_X1.crt
        

  





    


  




    


          
    

      

        
        

          

              @OnkelDom
          

          

            
                OnkelDom
                / USG_OpenVPN_Radius_Auth.md
            
            

              Created
              October 4, 2021 20:10
                — forked from dyerseve/USG_OpenVPN_Radius_Auth.md
            

              
                Unifi Security Gateway (USG) OpenVPN server with RADIUS authentication
              
          

        

      

        

  

      

    
OpenVPN on UniFi USG Instructions for FIT


Last Updated: 2021/01/19


Fork Notes


Forked this to provide better details for our environment, you should be able to copy paste most of the commands from the command blocks


Details


I wanted to run an OpenVPN server on the USG. Since it has a Radius server built in, I figured this would be a much better way to handle OpenVPN authentication. Make sure you have the Radius server enabled on your USG under Settings > Services > Radius > Server in the controller. Add OpenVpn users under Settings > Services > Radius > Server.