csamsel’s gists

csamsel / gist:fbd3f4de7774dbaa1ae4af4cc29c3729

Created February 1, 2025 22:14

powershell to disable wpad - windows proxy autodiscovery

	Windows PowerShell
	Copyright (C) Microsoft Corporation. All rights reserved.

	Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows

	PS C:\Users\Christian> New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp' -Name DisableWpad -Value 1 -Force


	DisableWpad : 1
	PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Intern

csamsel / upgrade-to-mongo-7.0.sh

Last active January 6, 2025 19:42

update unifi mongodb from 3.6 to 7.0 on Ubuntu 22.04, incl. migration from mmapv1 to wiredtiger

	# i suggest to take a VM snapshot / backup just in case.

	# first we install mongodb-database-tools from mongodb 4.4 which is still compatible with mmapv1
	curl -fsSL https://pgp.mongodb.com/server-4.4.asc \| sudo gpg -o /usr/share/keyrings/mongodb-server-4.4.gpg --dearmor
	echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-4.4.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/4.4 multiverse" \| sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
	apt update
	apt install mongodb-database-tools

	# make backup of unifi mongodb
	mkdir /root/backup

csamsel / rules

Created January 4, 2024 19:54

configure shorewall DNAT to work with Suricata in IPS / NFQUEUE mode

	# I had a lot of trouble to debugging a non working portforwarding while using Suricata in IPS mode together with Shorewall.
	# The following configuration finally worked.
	#
	# Make sure that the tcp connection establishment is also NFQUEUE'd.
	# The minus at the end of DNAT prevents an ACCEPT rule to be created along the DNAT rule, because we want an NFQUEUE rule instead.
	# 0:3,bypass refers to 4 queues with a bypass rule in case Suricata is not available.

	# Example for Plex with an internal port of 32400 and external port of 32411 (target 192.168.2.20)
	DNAT-:info net 192.168.2.20:32400 tcp 32411
	NFQUEUE(0:3,bypass) net loc tcp 32400

csamsel / sas.sh

Created December 9, 2019 21:29

activate power management on sas drives

	# disable background scan (might prevent standby)
	sdparm --quiet --clear=EN_BMS --save /dev/disk/by-id/scsi-?????????????????
	# enable standby (powers down drive motor)
	sdparm --flexible --quiet --save -p po --set=STANDBY=1 /dev/disk/by-id/scsi-?????????????????
	# set standby to 30min
	sdparm --flexible --quiet --save -p po --set=SCT=18000 /dev/disk/by-id/scsi-?????????????????
	# enable idle (drives spins but servos are off)
	sdparm --flexible --quiet --save -p po --set=IDLE_B=1 /dev/disk/by-id/scsi-?????????????????
	# set idle to 5min
	sdparm --flexible --quiet --save -p po --set=ICT=3000 /dev/disk/by-id/scsi-?????????????????

csamsel / create-datastore.sh

Last active January 12, 2023 11:02

Add VMware ESXi datastore to install disk using partedUtil

	# For me atleast VMware ESXi fails to create a datastore on the drive i installed it on - although enough space is left over.
	# You can still do it using partedUtil on the console.
	# I'm using a 250 GB Sammsung 860 Evo in this example (/dev/disks/t10.ATA_____Samsung_SSD_860_EVO_250GB_______________S3YJNF0JC02559E____)
	#
	# First lets check the current partition layout using partedUtil getptbl

	[root@oxygen-vmhost2:~] partedUtil getptbl /dev/disks/t10.ATA_____Samsung_SSD_860_EVO_250GB_______________S3YJNF0JC02559E____
	_
	gpt
	30401 255 63 488397168

csamsel / h240.txt

Last active September 23, 2024 08:54

Switch HPE HBA H240 from raid mode to hba mode.

	# So you want switch your HPE H240 controller to HBA mode for use with ESXi or UnRaid?

	# online you'll find the follow command for HP controllers, like the P420i.
	ssacli controller slot=0 modify hbamode=on

	# For me, it was:
	ssacli controller slot=255 modify raidmode=off

	# while you are at it, you can also switch the power mode:
	ssacli controller slot=255 modify powermode=minpower

csamsel / net

Last active September 10, 2019 20:54

/etc/conf.d/net NetCologne/NetAachen PPPoE configuration for Draytek VigorNIC

	# Gentoo network configuration for Draytek VigorNIC 132 in Bridge Mode for NetCologne / NetAachen
	# eth0 = VigorNIC, eth1 = physical NIC to internal network
	#
	# 192.168.2.0/24 default VLAN internal network
	# 192.168.12.0/24 VLAN12 guest network
	# 192.168.20.0/24 VLAN20 IOT network
	# 192.168.1.1 VigorNIC webinterface
	#
	# use dhcpcd for ppp0 to get a prefix delegation (see other gists)
	# use radvd to announce IPv6 configuration to internal network (see other gists)

csamsel / gist:334726613f69ae6d2f2b9c9084fd0cf3

Created April 19, 2019 16:10

use easyrsa for openvpn notes

	### set base directory for further work

	oxygen-router-vm /etc/openvpn # export EASYRSA_PKI=/etc/openvpn/pki

	### create base directories
	oxygen-router-vm /etc/openvpn # easyrsa init-pki

	init-pki complete; you may now create a CA or requests.
	Your newly created PKI dir is: /etc/openvpn/pki

csamsel / dhcpcd-pd.conf

Last active April 4, 2024 14:04

dhcpcd configuration just for IPv6 PD (Prefix delegation). radvd is required as well.

	duid
	noipv6rs
	waitip 6
	# Uncomment this line if you are running dhcpcd for IPv6 only.
	ipv6only

	nohook resolv.conf, yp, hostname, ntp

	option rapid_commit

csamsel / gist:37e14e2280b6c48bc8e4486b50b3a61c

Last active October 21, 2023 12:25

Revert Ubiquiti NanoStation Loco M2 XW/XM to not signed

	Need the following tools: binwalk, squashfs-tools

	The tutorial will probably work with similar devices, but i havent tested it.
	Adjust the firmware files.

	1. Have AirOS 5.6.15 signed installed (mind the XM vs. XW, the device type is shown in the webinterface)
	Get it from:
	XM: https://dl.ubnt.com/firmwares/XN-fw/v5.6.15/XM.v5.6.15-sign.31612.170908.1458.bin
	XW: https://dl.ubnt.com/firmwares/XW-fw/v5.6.15/XW.v5.6.15-sign.31612.170908.1440.bin

Christian Samsel csamsel