My Rant

[ Edit: fixed by adding UID, GID, and PEER env vars to the wireguard service: https://github.com/ngoduykhanh/wireguard-ui/issues/473#issuecomment-1793604986 ]

Following a guide to set-up wireguard and wireguard-ui: https://linuxiac.com/how-to-set-up-wireguard-vpn-with-docker/

Server created on DigitalOcean with IPv4 and IPv6 addresses by default.

Configured iptables as per the set-up guide (server also runs another docker based service that opens ports 80, 433, and 9993):

sysops@master-control:~/wireguard$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (3 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             172.21.0.2           udp dpt:9993
ACCEPT     tcp  --  anywhere             172.21.0.4           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.21.0.4           tcp dpt:http
ACCEPT     udp  --  anywhere             172.22.0.2           udp dpt:51820
ACCEPT     tcp  --  anywhere             172.22.0.2           tcp dpt:5000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

Login for the Web UI works via:

• On the host: http://127.0.0.1:5000
• From remote servers with IPv6 connections:
  • http://[IP:v6:ad:dr:es:s]:5000/
  • http://fqdn.dns.entry:5000/

Requests to port 5000 via IPv4, from outside of the server itself, do not show the Web UI login. Instead they sit waiting forever.

I have tested that the firewall is working correctly by using php -S 5000 somefile.php. Going to the fqdn or IPv4 address successfully shows the output of somefile.php.

What I do not understand is why only IPv6 works remotely. And further, why the IPv4 localhost address works locally.

sysops@master-control:~/wireguard$ docker-compose logs wireguard-ui
wireguard-ui  | jq: error: Could not open file db/server/global_settings.json: No such file or directory
wireguard-ui  | wg-quick: `/etc/wireguard/wg0.conf' does not exist
wireguard-ui  | Wireguard UI
wireguard-ui  | App Version     : dev
wireguard-ui  | Git Commit      : b55543f
wireguard-ui  | Git Ref         : N/A
wireguard-ui  | Build Time      : 11-09-2023 14:10:48
wireguard-ui  | Git Repo        : https://github.com/ngoduykhanh/wireguard-ui
wireguard-ui  | Authentication  : true
wireguard-ui  | Bind address    : 0.0.0.0:5000
wireguard-ui  | Email from      : <some email address>
wireguard-ui  | Email from name : WireGuard
wireguard-ui  | Custom wg.conf  : 
wireguard-ui  | Base path       : /
wireguard-ui  | wg-quick: `/etc/wireguard/wg0.conf' does not exist
wireguard-ui  | wg-quick: `/etc/wireguard/wg0.conf' does not exist
wireguard-ui  | ⇨ http server started on [::]:5000

This shows that the http server is starting, but only listening to IPv6 connections?!

I’m not sure what the next steps should be in making this set-up work. Suggestions are very welcome 🙂

Quick and dirty post that pulls together a couple of sources. I might improve the post at some point. I might not…

Initial set-up:

Source https://www.youtube.com/watch?v=TsuY4o2zLVQ

Additional code to specify which video device to create.

sudo apt update && sudo apt install gphoto2 v4l2loopback-utils ffmpeg

echo 'dslr-webcam' | sudo tee -a /etc/modules

echo <<EOT | sudo tee -a /etc/modprobe.d/dslr-webcam.conf
alias dslr-webcam v4l2loopback 
options v4l2loopback exclusive_caps=1 max_buffers=2 video_nr=69
EOT

Hardware acceleration set-up:

Source https://www.cyberciti.biz/faq/how-to-install-ffmpeg-with-nvidia-gpu-acceleration-on-linux/

I’ll assume you have nvidia drives installed

sudo apt install nvidia-cuda-toolkit

mkdir ~/nvidia/ && cd ~/nvidia/
git clone https://git.videolan.org/git/ffmpeg/nv-codec-headers.git

cd nv-codec-headers && sudo make install

cd ~/nvidia/
git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg/

sudo apt install build-essential yasm cmake libtool libc6 libc6-dev unzip wget libnuma1 libnuma-dev

cd ~/nvidia/ffmpeg/
./configure --enable-nonfree --enable-cuda-nvcc --enable-libnpp --extra-cflags=-I/usr/local/cuda/include --extra-ldflags=-L/usr/local/cuda/lib64

make -j $(nproc)

Combined to pull video from the camera to a video device:

echo 'alias start-gphoto2-webcam="gphoto2 --capture-image &&  gphoto2 --stdout --capture-movie | ~/nvidia/ffmpeg/ffmpeg -hwaccel cuda -i - -vcodec rawvideo 
-pix_fmt yuv420p -threads 0 -f v4l2 /dev/video69"' >> ~/.bashrc

Finally:

• Logout/in
• Plug the camera into the computer
• Turn the camera on
• Run: start-gphoto2-webcam
• Use in an application that uses a webcam

New laptop provided by work. Time to install everything that makes me productive as a PHP developer.

Using Kubuntu 21.10 as my base OS.

General utilities:

sudo apt install \
    openssh-server \
    net-tools \
    htop \
    curl \
    whois \
    ack \
    mysql-client \
    httpie \
    php-cli \
    freerdp2-x11 \
    meld \
    kcachegrind \
    vokoscreen-ng \
    autokey-qt \
    parlatype \
    thunderbird-locale-en-gb \
    libreoffice-calc \
    libreoffice-writer \
    libreoffice-draw \
    cherrytree

Snaps:

sudo snap install \
    spotify \
    skype \
    postman \
    authy \
    drawio

Snaps that need to be installed in “classic” mode:

sudo snap install --classic \
    slack \
    phpstorm

Microsoft Edge:

echo 'deb [arch=amd64] https://packages.microsoft.com/repos/edge/ stable main' | sudo tee /etc/apt/sources.list.d/microsoft-edge.list

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EB3E94ADBE1229CF

sudo apt update && sudo apt install microsoft-edge-beta

VirtualBox: (recommend sticking with ubuntu version unless latest required)

echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian $(lsb_release -cs) contrib" | sudo tee /etc/apt/sources.list.d/oracle-virtualbox.list

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -

sudo apt update && sudo apt install virtualbox-6.1

Vagrant:

echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/vagrant.list

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

sudo apt-get update && sudo apt-get install vagrant

Docker:

echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo apt update && sudo apt-get install docker-ce docker-ce-cli containerd.io

sudo usermod -a -G docker $USER

Docker Compose (v1):

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /tmp/docker-compose

chmod +x /tmp/docker-compose

sudo mv /tmp/docker-compose /usr/local/bin/docker-compose

Insync:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ACCAF35C

echo "deb http://apt.insync.io/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) non-free contrib" | sudo tee /etc/apt/sources.list.d/insync.list

sudo apt update && sudo apt install insync

bash-git-prompt

git clone https://github.com/magicmonty/bash-git-prompt.git ~/.bash-git-prompt --depth=1

tee -a ~/.bashrc <<EOF

if [ -f "$HOME/.bash-git-prompt/gitprompt.sh" ]; then
    GIT_PROMPT_ONLY_IN_REPO=1
    GIT_PROMPT_THEME=Default_Ubuntu
    source $HOME/.bash-git-prompt/gitprompt.sh
fi
EOF

vagrant plugin “hostmanager” sudo without password

sudo tee /etc/sudoers.d/vagrant_hostmanager <<EOF
Cmnd_Alias VAGRANT_HOSTMANAGER_UPDATE = /bin/cp $HOME/.vagrant.d/tmp/hosts.local /etc/hosts
%sudo ALL=(root) NOPASSWD: VAGRANT_HOSTMANAGER_UPDATE
EOF

Ansible

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible

Additional monitor resolution

Help from: https://www.tecmint.com/set-display-screen-resolution-in-ubuntu/

sudo tee /etc/profile.d/aoc_monitor_2k.sh <<EOF
xrandr --newmode "2560x1440_60.00"  312.25  2560 2752 3024 3488  1440 1443 1448 1493 -hsync +vsync
xrandr --addmode DP-3-2 "2560x1440_60.00"
EOF

I’m late to the mydumper party – https://github.com/maxbube/mydumper

Multi-threaded, lightning quick, exports to files per table structure and data.

In the Ubuntu world (and likely Debian too) it’s available as a precompiled package: sudo apt update && sudo apt install mydumper

Backup everything in a database:

mydumper \
  --triggers \
  --routines \
  --events \
  --database name_of_source_database

It’ll create a date stamped directory with two files for each table. One for the schema, the other with the data.

If you want to import everything in one go, here’s a little bit of bash to help:

# 1st - import all of the schema files to create the
#   tables, triggers, routines, and events
for i in `ls *-schema.sql`; do
    echo -e "\nImporting schema file: ${i}"
    pv ${i} | mysql name_of_target_database
done

# 2nd - import all of the table data
for i in `ls *.sql | grep -v '\-schema.sql'`; do
    echo -e "\nImporting data file: ${i}"
    pv ${i} | mysql name_of_target_database
done

The above uses pv (pipe viewer – http://ivarch.com/programs/pv.shtml) to send the content of the files into mysql. This means that we get to see the progress of importing files into MySQL.

If you haven’t got pv I suggest you get it: sudo apt update && sudo apt install pv.

Wrap the variable (that holds the class name) in brackets:

<?php

class A
{
    public static function foo($arg)
    {
        return 'Argument was "' . $arg . '"' . PHP_EOL;
    }
}

$result = A::foo('triggered via named class');
echo $result;

$className = A::class;
$result = ($className)::foo('trigged via variable');
echo $result;

The output of the above code:

php a.php
Argument was "triggered via named class"
Argument was "trigged via variable"

Silly thing to happen really.

Some system on the instance detected too many connections in a short amount of time – likely due to some automated tasks driven by ansible.

That resulted in iptables dropping all connections to port 22 🙁

Thankfully, with google compute, one can access the serial console via the web UI.

Unfortunately, all of my users have no passwords – this is to ensure that ssh logins are via keypairs only.

The work around was eventually found on https://medium.com/google-cloud/resolving-getting-locked-out-of-a-compute-engine-85800251890b

TLDR;

• Edit the instance
• Tick “Enable connecting to serial ports”
• Scroll down to “Custom metadata”
• Add a new item with the key “startup-script”:

#!/bin/bash
useradd --groups google-sudoers tempuser
echo "tempuser:password" | chpasswd

• Save the instance and hit “Reset”
• When the instance is back up, connect to it via the serial console and login as the “tempuser”
• Fix things!
• Remove the tempuser
• Remove the startup-script from custom metadata

With each new release of Ubuntu, I’ve stuck with the default desktop environment. These have worked well for me over the years, but thought I should see what else there is.

The only way for me to do it justice is to run KDE Plasma as my only desktop environment for a minimum of 2 weeks. So both my work station and my personal laptop are use KDE Plasma installed alongside Gnome 3 Shell on Ubuntu 19.10.

If I’m unhappy after the 2 weeks, I can always go back to Gnome. Or maybe try something else, like lxde or xfce.

I started on Sunday evening, and it’s now Wednesday afternoon. The following are my findings.

This is likely to be updated as I find new things or ways to fix niggles.

Likes

• When an application shows in the “Task Manager” bar, one can click it to minimise the active window.
• All icons showing in the “Task Manager” bar (Autokey is a GTK application, but can’t show its icon in Gnome 3, but manages to in KDE Plasma?).
• Simple music controls on lock screen.

Dislikes

• Even at max mouse sensitivity, it feels slower than on Gnome 3 – not good for a 3 monitor set-up – this may be subjective and not be an issue in time.
• No option to locate the mouse cursor by pressing [ctrl].
• Some windows don’t respond to a mouse wheel scoll until the window is clicked – this may be an issue only with GTK applications running on KDE Plasma.
• Being asked for my SSH key in the terminal for every action – is there a key manager like in Gnome that I need to enable? Manually resolved by running `ssh-add` against each key required. Gnome does handle this a lot better 😐
• Scrolling in an application window does not respond while a OSN is displayed – example: Spotify changing tracks

Things I’d like to see ported from Gnome 3 Shell

• The option to only switch the central monitor when changing between virtual desktops.
• Change between virtual desktops using [ctrl]+[alt]+arrow keys.

Things I’d like to see in all desktop environments

• Option to have the cursor colour to invert as it passes over other colours – Windows does this.
  
• Automatic window scaling based upon the native resolution of the monitor in use. If a window is moved from one monitor to another, and the resolution changes, the scale should adapt to keep it readable – Windows does this.