yannstatic/static/2021/05/04/Serveur_A20-OLinuXino-debian-buster-minimal.html

3227 lines
249 KiB
HTML
Raw Permalink Normal View History

2024-10-31 20:18:37 +01:00
<!DOCTYPE html><html lang="fr">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"><title>Serveur Debian A20-OLinuXino-buster-minimal - YannStatic</title>
<meta name="description" content="Olimex A20-olinuxino-Micro">
<link rel="canonical" href="https://static.rnmkcy.eu/2021/05/04/Serveur_A20-OLinuXino-debian-buster-minimal.html"><link rel="alternate" type="application/rss+xml" title="YannStatic" href="/feed.xml">
<!-- - include head/favicon.html - -->
<link rel="shortcut icon" type="image/png" href="/assets/favicon/favicon.png"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" ><!-- start custom head snippets --><link rel="stylesheet" href="/assets/css/expand.css">
<!-- end custom head snippets --><script>(function() {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length; i++) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb && (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining <= 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length; i++) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length; i++) {
for (flag = false, j = 0; j < mData.length; j++) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length; i++) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi && (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length; j++) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag && cbs && cbs.length > 0) {
for (j = 0; j < cbs.length; j++) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length; i++) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback && (qi.load || qi.callbacks.push(callback));
callback && (qi.load && callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length; i++) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) && (node = createNode('script', { src: url }));
(type === 'css') && (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
</script><script>
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
</script>
</head>
<body>
<div class="root" data-is-touch="false">
<div class="layout--page js-page-root"><!----><div class="page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto">
<div class="page__main-inner"><div class="page__header d-print-none"><header class="header"><div class="main">
<div class="header__title">
<div class="header__brand"><svg id="svg" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="400" height="478.9473684210526" viewBox="0, 0, 400,478.9473684210526"><g id="svgg"><path id="path0" d="M308.400 56.805 C 306.970 56.966,303.280 57.385,300.200 57.738 C 290.906 58.803,278.299 59.676,269.200 59.887 L 260.600 60.085 259.400 61.171 C 258.010 62.428,256.198 63.600,255.645 63.600 C 255.070 63.600,252.887 65.897,252.598 66.806 C 252.460 67.243,252.206 67.600,252.034 67.600 C 251.397 67.600,247.206 71.509,247.202 72.107 C 247.201 72.275,246.390 73.190,245.400 74.138 C 243.961 75.517,243.598 76.137,243.592 77.231 C 243.579 79.293,241.785 83.966,240.470 85.364 C 239.176 86.740,238.522 88.365,237.991 91.521 C 237.631 93.665,236.114 97.200,235.554 97.200 C 234.938 97.200,232.737 102.354,232.450 104.472 C 232.158 106.625,230.879 109.226,229.535 110.400 C 228.933 110.926,228.171 113.162,226.434 119.500 C 226.178 120.435,225.795 121.200,225.584 121.200 C 225.373 121.200,225.200 121.476,225.200 121.813 C 225.200 122.149,224.885 122.541,224.500 122.683 C 223.606 123.013,223.214 123.593,223.204 124.600 C 223.183 126.555,220.763 132.911,219.410 134.562 C 218.443 135.742,217.876 136.956,217.599 138.440 C 217.041 141.424,215.177 146.434,214.532 146.681 C 214.240 146.794,214.000 147.055,214.000 147.261 C 214.000 147.467,213.550 148.086,213.000 148.636 C 212.450 149.186,212.000 149.893,212.000 150.208 C 212.000 151.386,208.441 154.450,207.597 153.998 C 206.319 153.315,204.913 150.379,204.633 147.811 C 204.365 145.357,202.848 142.147,201.759 141.729 C 200.967 141.425,199.200 137.451,199.200 135.974 C 199.200 134.629,198.435 133.224,196.660 131.311 C 195.363 129.913,194.572 128.123,193.870 125.000 C 193.623 123.900,193.236 122.793,193.010 122.540 C 190.863 120.133,190.147 118.880,188.978 115.481 C 188.100 112.928,187.151 111.003,186.254 109.955 C 185.358 108.908,184.518 107.204,183.847 105.073 C 183.280 103.273,182.497 101.329,182.108 100.753 C 181.719 100.177,180.904 98.997,180.298 98.131 C 179.693 97.265,178.939 95.576,178.624 94.378 C 178.041 92.159,177.125 90.326,175.023 87.168 C 174.375 86.196,173.619 84.539,173.342 83.486 C 172.800 81.429,171.529 79.567,170.131 78.785 C 169.654 78.517,168.697 77.511,168.006 76.549 C 167.316 75.587,166.594 74.800,166.402 74.800 C 166.210 74.800,164.869 73.633,163.421 72.206 C 160.103 68.936,161.107 69.109,146.550 69.301 C 133.437 69.474,128.581 70.162,126.618 72.124 C 126.248 72.495,125.462 72.904,124.872 73.033 C 124.282 73.163,123.088 73.536,122.219 73.863 C 121.349 74.191,119.028 74.638,117.061 74.858 C 113.514 75.254,109.970 76.350,108.782 77.419 C 107.652 78.436,100.146 80.400,97.388 80.400 C 95.775 80.400,93.167 81.360,91.200 82.679 C 90.430 83.195,89.113 83.804,88.274 84.031 C 85.875 84.681,78.799 90.910,74.400 96.243 L 73.400 97.456 73.455 106.028 C 73.526 117.055,74.527 121.238,77.820 124.263 C 78.919 125.273,80.400 127.902,80.400 128.842 C 80.400 129.202,81.075 130.256,81.900 131.186 C 83.563 133.059,85.497 136.346,86.039 138.216 C 86.233 138.886,87.203 140.207,88.196 141.153 C 89.188 142.098,90.000 143.104,90.000 143.388 C 90.000 144.337,92.129 148.594,92.869 149.123 C 93.271 149.410,93.600 149.831,93.600 150.059 C 93.600 150.286,93.932 150.771,94.337 151.136 C 94.743 151.501,95.598 153.004,96.237 154.475 C 96.877 155.947,97.760 157.351,98.200 157.596 C 98.640 157.841,99.900 159.943,101.000 162.267 C 102.207 164.817,103.327 166.644,103.825 166.876 C 104.278 167.087,105.065 168.101,105.573 169.130 C 107.658 173.348,108.097 174.093,110.006 176.647 C 111.103 178.114,112.000 179.725,112.000 180.227 C 112.000 181.048,113.425 183.163,114.678 184.200 C 115.295 184.711,117.396 188.733,117.720 190.022 C 117.855 190.562,118.603 191.633,119.381 192.402 C 120.160 193.171,121.496 195.258,122.351 197.039 C 123.206 198.820,124.167 200.378,124.487 200.501 C 124.807 200.624,125.953 202.496,127.034 204.662 C 128.114 206.828,129.676 209.299,130.505 210.153 C 131.333 211.007,132.124 212.177,132.262 212.753 C 132.618 214.239,134.291 217.048,136.288 219.5
" href="/">YannStatic</a></div><!--<button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button>--><!-- <li><button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button></li> -->
<!-- Champ de recherche -->
<div id="searchbox" class="search search--dark" style="visibility: visible">
<div class="main">
<div class="search__header"></div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<!-- <div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div> -->
</div>
</div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '<li><a href="https://static.rnmkcy.eu{url}">{date}&nbsp;{title}</a></li>'
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a></li>'
})
</script>
<!-- Fin déclaration champ de recherche --></div><nav class="navigation">
<ul><li class="navigation__item"><a href="/archive.html">Etiquettes</a></li><li class="navigation__item"><a href="/htmldoc.html">Documents</a></li><li class="navigation__item"><a href="/liens_ttrss.html">Liens</a></li><li class="navigation__item"><a href="/aide-jekyll-text-theme.html">Aide</a></li></ul>
</nav></div>
</header>
</div><div class="page__content"><div class ="main"><div class="grid grid--reverse">
<div class="col-main cell cell--auto"><!-- start custom main top snippet --><div id="results-container" class="search-result js-search-result"></div><!-- end custom main top snippet -->
<article itemscope itemtype="http://schema.org/Article"><div class="article__header"><header><h1 style="color:Tomato;">Serveur Debian A20-OLinuXino-buster-minimal</h1></header></div><meta itemprop="headline" content="Serveur Debian A20-OLinuXino-buster-minimal"><div class="article__info clearfix"><ul class="left-col menu"><li>
2024-11-08 14:10:33 +01:00
<a class="button button--secondary button--pill button--sm" style="color:#00FFFF" href="/archive.html?tag=olimex">olimex</a>
2024-10-31 20:18:37 +01:00
</li></ul><ul class="right-col menu"><li>
<i class="far fa-calendar-alt"></i>&nbsp;<span title="Création" style="color:#FF00FF">&nbsp;4&nbsp;mai&nbsp;&nbsp;&nbsp;2021</span>
<span title="Modification" style="color:#00FF7F">&nbsp;2&nbsp;juil.&nbsp;2021</span></li></ul></div><meta itemprop="datePublished" content="2021-07-02T00:00:00+02:00">
<meta itemprop="keywords" content="olimex"><div class="js-article-content">
<div class="layout--article"><!-- start custom article top snippet -->
<style>
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
</style>
<button onclick="topFunction()" id="myBtn" title="Haut de page">&#8679;</button>
<script>
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
</script>
<!-- end custom article top snippet -->
<div class="article__content" itemprop="articleBody"><details>
<summary><b>Afficher/cacher Sommaire</b></summary>
<!-- affichage sommaire -->
<div class="toc-aside js-toc-root"></div>
</details><h1 id="olimex-a20-olinuxino-micro">Olimex A20-olinuxino-Micro</h1>
<p><a href="https://www.olimex.com/Products/olino/A20/A20-olinuxino-Micro-4GB/resources/A20-olinuxino-Micro.pdf">Documentation olimex</a> <br />
<img src="/images/A20-olinuxino-micro-top.png" alt="A20-olinuxino-Micro" title="Vue de dessus" width="400" /></p>
<p><img src="/images/A20-olinuxino-micro-bottom.png" alt="A20-olinuxino-Micro" title="Vue de dessous" width="300" /></p>
<h2 id="installation-a20-olinuxino-buster-minimal">Installation A20-OLinuXino-buster-minimal</h2>
<p><img src="/images/debian-buster-logo.png" alt="Texte alternatif" width="100" /></p>
<p><strong>Matériel</strong></p>
<ul>
<li>Carte olimex <a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXino-MICRO/open-source-hardware">A20-olinuxino-Micro </a></li>
<li>Bloc Alimentation 10V 1A</li>
<li>Dongle Wifi/USB RT5370</li>
<li>Carte micro SD 4GO</li>
<li>SSD 128GO</li>
<li>Batterie Li-ion 3.7v 5000mAh</li>
</ul>
<p><strong>SDcard</strong></p>
<p>SDcard créer avec les paquets debian armhf<br />
<a href="http://images.olimex.com/release/a20/">Index of /release/a20</a></p>
<ol>
<li>Télécharger <strong>A20-OLinuXino-buster-minimal-20210513-112230.img.7z</strong> (image du 06/11/2020) puis se rendre dans le répertoire contenant les fichiers</li>
<li>Décompresser le fichier</li>
<li>Insérer le lecteur USB/SDcard, relever le périphérique par <code class="language-plaintext highlighter-rouge">dmesg</code> , ex /dev/sdd</li>
<li>Ecriture image sur la SDcard :<br />
<code class="language-plaintext highlighter-rouge">sudo dd if=A20-OLinuXino-buster-minimal-20210513-112230.img of=/dev/sdd bs=4M</code></li>
</ol>
<p><strong>Connexion liaison série</strong></p>
<p>Utilisation module USB/Série <strong>/dev/ttyUSB0</strong> et lancer <strong>minicom</strong> en root<br />
Insertion carte SD et mise sous tension A20-olinuxino-Micro <br />
Limage “debian” est prête à lemploi sur la carte SD</p>
<p>La connexion “root/olimex”</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Linux a20-olinuxino 5.10.36-olimex #105318 SMP Thu May 13 10:54:34 UTC 2021 armv7l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@a20-olinuxino:~#
</code></pre></div></div>
<p class="info">Relever l adresse mac eth0 : <code class="language-plaintext highlighter-rouge">ip link</code> <br />
Activer la <strong>DMZ de la Box internet</strong> sur IP 192.168.0.46<br />
Ajout dans les baux statique de la box : <strong>A20-olinuxino-micro</strong> avec ladresse IP 192.168.0.46 avec ladresse mac <code class="language-plaintext highlighter-rouge">02:c2:09:40:f2:2b</code></p>
<h2 id="basculer-sdcard-vers-hddssd">Basculer SDcard vers HDD/SSD</h2>
<h3 id="préparer-hddssd-devsda">Préparer HDD/SSD /dev/sda</h3>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>fdisk /dev/sda
</code></pre></div></div>
<p>Effacer les partitions existantes ,option “d”<br />
Créer une nouvelle partition primaire en tapant « n » puis « p ». Laisser par défaut la taille maximale. Sauvegarder les modifications en tapant « w ».</p>
<p>formater la partition du SSD sous le format .ext4</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkfs.ext4 /dev/sda1
</code></pre></div></div>
<h3 id="transfert-sdcard--ssd">Transfert SDcard → SSD</h3>
<p>Le disque est formaté, on va copier les données de la carte SD sur le SSD</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkdir /tmp/ssd
mount /dev/sda1 /tmp/ssd
rsync -av --exclude 'tmp/*' --exclude 'boot' --exclude 'proc/*' --exclude 'sys/*' --exclude 'mnt/*'--exclude 'run/*' / /tmp/ssd/
</code></pre></div></div>
<p class="info">Patienter plusieurs minutes…</p>
<p>Après transfert</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ls /tmp/ssd/
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>bin etc lib media opt root sbin sys uboot.env var
dev home lost+found mnt proc run srv tmp usr
</code></pre></div></div>
<p>Démpontage /tmp/ssd/</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>umount /tmp/ssd/
</code></pre></div></div>
<h3 id="modifier-le-boot">Modifier le boot</h3>
<p>boot à rediriger sur le disque <code class="language-plaintext highlighter-rouge">/dev/sda1</code></p>
<ol>
<li>Ajouter <code class="language-plaintext highlighter-rouge">root=/dev/sda1</code> en fin du fichier <code class="language-plaintext highlighter-rouge">/boot/uEnv.txt</code><code class="language-plaintext highlighter-rouge">echo "root=/dev/sda1" &gt;&gt; /boot/uEnv.txt</code></li>
<li>Remplacer <code class="language-plaintext highlighter-rouge">root=PARTUUID=${partuuid}</code> par <code class="language-plaintext highlighter-rouge">root=${root}</code> dans le fichier <code class="language-plaintext highlighter-rouge">/boot/boot.cmd</code><code class="language-plaintext highlighter-rouge">sed -i s/root=PARTUUID=\$\{partuuid\}/root=\$\{root\}/g /boot/boot.cmd</code></li>
</ol>
<p>Compilation <strong>boot.cmd</strong> en <strong>boot.scr</strong><br />
<em>u-boot-tools installé par défaut sinon : <code class="language-plaintext highlighter-rouge">apt install u-boot-tools</code></em></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkimage -C none -A arm -T script -d /boot/boot.cmd /boot/boot.scr
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Image Name:
Created: Fri Jul 2 06:42:59 2021
Image Type: ARM Linux Script (uncompressed)
Data Size: 2197 Bytes = 2.15 KiB = 0.00 MiB
Load Address: 00000000
Entry Point: 00000000
Contents:
Image 0: 2189 Bytes = 2.14 KiB = 0.00 MiB
</code></pre></div></div>
<p class="info">Redémarrer : <code class="language-plaintext highlighter-rouge">reboot</code></p>
<h2 id="premier-boot-sur-hddssd">Premier boot sur HDD/SSD</h2>
<p>On se connecte en root</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh root@192.168.0.46
</code></pre></div></div>
<p>Se connecter et vérifier avec <code class="language-plaintext highlighter-rouge">df-h</code> que sda1 est bien la partition principale</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Filesystem Size Used Avail Use% Mounted on
udev 447M 0 447M 0% /dev
tmpfs 100M 11M 90M 11% /run
/dev/sda1 110G 690M 104G 1% /
tmpfs 500M 0 500M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 500M 0 500M 0% /sys/fs/cgroup
tmpfs 100M 0 100M 0% /run/user/0
</code></pre></div></div>
<p><strong>Freebox</strong><br />
NextHop Freebox permet dattribuer une adresse IPV6</p>
<p>Prefixe : 2a01:e0a:2de:2c71::/64<br />
Next Hop: fe80::c2:9ff:fe40:f22b (fe80::7285:c2ff:fe53:cb80 carte ASRock QC5000M)<br />
Passerelle IPV6 Box : fe80::224:d4ff:fea6:aa20</p>
<p>Pour une adresse IPV4 fixe relever Hwaddr adresse mac : <code class="language-plaintext highlighter-rouge">ip link</code><br />
Ajout adresse ip 192.168.0.46 et Hwaddr : 02:c2:09:40:f2:2b dans les baux statiques</p>
<p><strong>Adressage ipv4/ipv6</strong></p>
<p><img src="/images/ipv6.png" alt="ipv6" width="70" /></p>
<p>Modifier interface réseau debian pour ladressage ip static sur IP V4 et V6</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/network/interfaces.d/eth0
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>allow-hotplug eth0
iface eth0 inet dhcp
iface eth0 inet6 static
address 2a01:e0a:2de:2c71::1
netmask 64
</code></pre></div></div>
<p><strong>Date et heure serveur</strong><br />
Modifier le fichier <code class="language-plaintext highlighter-rouge">/etc/systemd/timesyncd.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Time]
NTP=145.238.203.14 145.238.203.10
</code></pre></div></div>
<p>Configurer la zone Europe/Paris et le ntp</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>timedatectl set-timezone Europe/Paris
timedatectl set-ntp true
</code></pre></div></div>
<p>Relancer le service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl daemon-reload
systemctl restart systemd-timesyncd.service
</code></pre></div></div>
<p>Vérifier la zone et lheure</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>timedatectl status
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> Local time: Fri 2021-07-02 08:52:32 CEST
Universal time: Fri 2021-07-02 06:52:32 UTC
RTC time: Fri 2021-07-02 06:52:32
Time zone: Europe/Paris (CEST, +0200)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
</code></pre></div></div>
<p><strong>Utilisateur olimex</strong><br />
Par défaut , dans limage debian buster minimal, il y a un utilisateur nommé “olimex”<br />
Changer le mot de passe : <code class="language-plaintext highlighter-rouge">passwd olimex</code><br />
Accès sudo <code class="language-plaintext highlighter-rouge">echo "olimex ALL=(ALL) NOPASSWD: ALL" &gt;&gt; /etc/sudoers</code></p>
<p class="info">Redémarrer : <code class="language-plaintext highlighter-rouge">reboot</code></p>
<p>Vérifier les adresses IP : <code class="language-plaintext highlighter-rouge">ip a</code></p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
<span class="nb">link</span>/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc mq state UP group default qlen 1000
<span class="nb">link</span>/ether 02:c2:09:40:f2:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.0.46/24 brd 192.168.0.255 scope global dynamic eth0
valid_lft 43132sec preferred_lft 43132sec
inet6 2a01:e0a:2de:2c71::1/64 scope global
valid_lft forever preferred_lft forever
inet6 2a01:e0a:2de:2c70:c2:9ff:fe40:f22b/64 scope global dynamic mngtmpaddr
valid_lft 86329sec preferred_lft 86329sec
inet6 fe80::c2:9ff:fe40:f22b/64 scope <span class="nb">link
</span>valid_lft forever preferred_lft forever
</code></pre></div></div>
<p>Version linux et debian: <code class="language-plaintext highlighter-rouge">uname -a</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Linux a20-olinuxino 5.10.36-olimex #105318 SMP Thu May 13 10:54:34 UTC 2021 armv7l GNU/Linux
</code></pre></div></div>
<p>Version debian : <code class="language-plaintext highlighter-rouge">cat /etc/debian_version</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>10.9
</code></pre></div></div>
<p><strong>Historique de la ligne de commande</strong><br />
Ajoutez la recherche dhistorique de la ligne de commande au terminal.
Tapez un début de commande précédent, puis utilisez shift + up (flèche haut) pour rechercher lhistorique filtré avec le début de la commande.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># Global, tout utilisateur
echo '"\e[1;2A": history-search-backward' | sudo tee -a /etc/inputrc
echo '"\e[1;2B": history-search-forward' | sudo tee -a /etc/inputrc
</code></pre></div></div>
<p><strong>Hostname</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>hostnamectl
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> Static hostname: a20-olinuxino
Icon name: computer
Machine ID: 4c47fd25b2354d7cb4076163658939ce
Boot ID: 3a272b6297ab4f2fa17a54d8c4f84ccb
Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 5.10.36-olimex
Architecture: arm
</code></pre></div></div>
<p>Afficher les erreurs, le journal des logs</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo journalctl -p err
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>-- Logs begin at Fri 2021-07-02 08:54:41 CEST, end at Fri 2021-07-02 08:59:48 CEST. --
Jul 02 08:54:41 a20-olinuxino kernel: /cpus/cpu@0 missing clock-frequency property
Jul 02 08:54:41 a20-olinuxino kernel: /cpus/cpu@1 missing clock-frequency property
Jul 02 08:54:41 a20-olinuxino kernel: sun4i-usb-phy 1c13400.phy: Couldn't request ID GPIO
Jul 02 08:54:41 a20-olinuxino kernel: axp20x-i2c 0-0034: unsupported ramp value 1900
Jul 02 08:54:41 a20-olinuxino kernel: vddio-csi1: failed to set ramp_delay: -EINVAL
Jul 02 08:54:41 a20-olinuxino kernel: axp20x-regulator axp20x-regulator: Failed to register ldo3
Jul 02 08:54:44 a20-olinuxino kernel: sun4i-drm display-engine: attempt to add DMA range to existing map
</code></pre></div></div>
<p class="warning">Les erreurs ne sont pas critiques (pas de solution)</p>
<h3 id="-openssh-clé-et-script"><img src="/images/openssh-logo.png" alt="OpenSSH" /> OpenSSH, clé et script</h3>
<p><strong>connexion avec clé</strong><br />
<u>sur un poste linux du réseau</u>
Générer une paire de clé curve25519-sha256 (ECDH avec Curve25519 et SHA2) nommé <strong>xoyize-ed25519</strong> pour une liaison SSH avec le serveur KVM.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-keygen -t ed25519 -o -a 100 -f ~/.ssh/xoyize-ed25519
</code></pre></div></div>
<p>Le déploiement de la clé publique .pub sur lhôte</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-copy-id -i .ssh/xoyize-ed25519.pub olimex@192.168.0.46
</code></pre></div></div>
<p>Vérifier la connexion ssh <code class="language-plaintext highlighter-rouge">ssh olimex@192.168.0.46</code> et modifier le paramètre <code class="language-plaintext highlighter-rouge">PasswordAuthentication no</code> ainsi que le n° de port dans le fichier <code class="language-plaintext highlighter-rouge">/etc/ssh/sshd_config</code> de lhôte et relancer le service sshd <code class="language-plaintext highlighter-rouge">sudo systemctl restart sshd</code><br />
Tester la connexion ssh depuis le poste linux sur le réseau</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh olimex@192.168.0.46 -p 55035 -i /home/yann/.ssh/xoyize-ed25519
</code></pre></div></div>
<p>Mise à jour debian</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt update &amp;&amp; sudo apt ugrade
</code></pre></div></div>
<p>Installer utilitaires et compléments</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install tmux figlet dnsutils net-tools tree git curl jq imagemagick -y
</code></pre></div></div>
<p>Motd</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo rm /etc/motd &amp;&amp; sudo nano /etc/motd
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> ___ __ _ _ _
__ _ |_ )/ \ ___ ___ | |(_) _ _ _ _ __ __(_) _ _ ___
/ _` | / /| () ||___|/ _ \| || || ' \| || |\ \ /| || ' \ / _ \
\__,_|/___|\__/ \___/|_||_||_||_|\_,_|/_\_\|_||_||_|\___/
__ __ ___ _ _ (_) ___ ___ __ __ _ _ ___
\ \ // _ \| || || ||_ // -_) _ \ \ /| || ||_ /
/_\_\\___/ \_, ||_|/__|\___|(_)/_\_\ \_, |/__|
|__/ |__/
</code></pre></div></div>
<p>Script ssh_rc_bash</p>
<blockquote>
<p>ATTENTION!!! Les scripts sur connexion peuvent poser des problèmes pour des appels externes autres que ssh</p>
</blockquote>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://static.xoyaz.xyz/files/ssh_rc_bash
chmod +x ssh_rc_bash # rendre le bash exécutable
./ssh_rc_bash # exécution
</code></pre></div></div>
<p><img src="/images/xoyize-olimex.png" alt="" /></p>
<h3 id="-domaine-xoyizexyz"><img src="/images/dns-logo.png" alt="dns" width="30" /> Domaine xoyize.xyz</h3>
<p>Zone dns OVH</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$TTL 3600
@ IN SOA dns106.ovh.net. tech.ovh.net. (2021050900 86400 3600 3600000 300)
IN NS ns106.ovh.net.
IN NS dns106.ovh.net.
IN MX 10 xoyize.xyz.
IN AAAA 2a01:e0a:2de:2c71::1
IN CAA 128 issue "letsencrypt.org"
IN TXT "v=spf1 a mx -all"
* IN AAAA 2a01:e0a:2de:2c71::1
_dmarc IN TXT "v=DMARC1; p=none"
</code></pre></div></div>
<h3 id="curl">curl</h3>
<p class="error"><strong>Problème lors de lutilisation de curl</strong><br />
curl https://curl.haxx.se/ca/cacert.pem curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html</p>
<p>Correction issue du forum IBM <a href="https://www.ibm.com/mysupport/s/question/0D50z00005q4FheCAE/curl-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate?language=fr">curl: (60) SSL certificate problem</a></p>
<p>This is the type of error you will get if your trusted CA list is out of date. Consult your operating system vendor and see if they have a solution like a CA updating utility. If you cannot find this information or if you really just want to do things the long manual way, do the following:<br />
Find your new SSL<br />
The commands below will output the SSL version that is found in your $PATH and report the version and the configuration directory.<br />
openssl version → <code class="language-plaintext highlighter-rouge">OpenSSL 1.1.1d 10 Sep 2019</code> <br />
openssl version -d → <code class="language-plaintext highlighter-rouge">OPENSSLDIR: "/usr/lib/ssl"</code></p>
<p>Update the trusted certificate directoryDownload the certificate pem file <a href="https://curl.haxx.se/ca/cacert.pem">https://curl.haxx.se/ca/cacert.pem</a><br />
Copy the file or the contents of the file to the certificate directory directory.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo</span> <span class="nt">-s</span>
<span class="nb">cd</span> /usr/lib/ssl/certs
<span class="c">#cp /tmp/cacert.pem .</span>
wget https://curl.haxx.se/ca/cacert.pem
</code></pre></div></div>
<p>Update the certificates directory so OpenSSL can use them</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>c_rehash /usr/lib/ssl/certs
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Doing /usr/lib/ssl/certs
WARNING: Skipping duplicate certificate ca-certificates.crt
WARNING: Skipping duplicate certificate ca-certificates.crt
WARNING: Skipping duplicate certificate cacert.pem
WARNING: Skipping duplicate certificate cacert.pem
</code></pre></div></div>
<p>Thats it now it should be working as expected. If you have two ssl installations and youre not sure which certificate directory is in use you might want to do this to both of them.</p>
<h3 id="certificats-xoyizexyz"><img src="/images/LetsEncrypt.png" alt="LetsEncrypt.png" width="100" />Certificats xoyize.xyz</h3>
<p>Installer acme</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cd ~
sudo apt install socat git -y # prérequis
git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install
</code></pre></div></div>
<p>Déconnexion reconnexion</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>export OVH_AK="xxxxxxxxxxxxxxxxx"
export OVH_AS="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
</code></pre></div></div>
<p>Générer les certificats pour le domaine xoyize.xyz</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>acme.sh --dns dns_ovh --server letsencrypt --ocsp --issue --keylength ec-384 -d 'xoyize.xyz' -d '*.xoyize.xyz'
</code></pre></div></div>
<p>Aller sur le lien qui est donné pour valider la demande et relancer la commande ci dessus.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Tue 29 Dec 09:11:49 CET 2020] Your cert is in /home/olimex/.acme.sh/xoyize.xyz_ecc/xoyize.xyz.cer
[Tue 29 Dec 09:11:49 CET 2020] Your cert key is in /home/olimex/.acme.sh/xoyize.xyz_ecc/xoyize.xyz.key
[Tue 29 Dec 09:11:49 CET 2020] The intermediate CA cert is in /home/olimex/.acme.sh/xoyize.xyz_ecc/ca.cer
[Tue 29 Dec 09:11:49 CET 2020] And the full chain certs is there: /home/olimex/.acme.sh/xoyize.xyz_ecc/fullchain.cer
</code></pre></div></div>
<p>Installation des certificats</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mkdir -p /etc/ssl/private/
sudo chown $USER -R /etc/ssl/private/
acme.sh --ecc --install-cert -d xoyize.xyz -d map.xoyize.xyz --key-file /etc/ssl/private/xoyize.xyz-key.pem --fullchain-file /etc/ssl/private/xoyize.xyz-fullchain.pem --reloadcmd 'sudo systemctl reload nginx.service'
</code></pre></div></div>
<p>Vérification et mise à jour automatique<br />
$ <code class="language-plaintext highlighter-rouge">crontab -e</code> # edite tous les jobs de lutilisateur en cours</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>11 0 * * * "/home/olimex/.acme.sh"/acme.sh --cron --home "/home/olimex/.acme.sh" --renew-hook "/home/olimex/.acme.sh/acme.sh --ecc --install-cert -d xoyize.xyz --key-file /etc/ssl/private/xoyize.xyz-key.pem --fullchain-file /etc/ssl/private/xoyize.xyz-fullchain.pem --reloadcmd 'sudo systemctl reload nginx.service'" &gt; /dev/null
</code></pre></div></div>
<h3 id="-parefeu-ufw-actif"><img src="/images/ufw-logo1.png" alt="ufw" width="50" /> Parefeu UFW (ACTIF)</h3>
<p><em>UFW, ou pare - feu simple , est une interface pour gérer les règles de pare-feu dans Arch Linux, Debian ou Ubuntu. UFW est utilisé via la ligne de commande (bien quil dispose dinterfaces graphiques disponibles), et vise à rendre la configuration du pare-feu facile (ou simple).</em></p>
<p>Installation <strong>Debian / Ubuntu</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install ufw
</code></pre></div></div>
<p><em>Par défaut, les jeux de règles dUFW sont vides, de sorte quil napplique aucune règle de pare-feu, même lorsque le démon est en cours dexécution.</em></p>
<p>Les règles</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>ufw allow 55035/tcp <span class="c"># port SSH , 55035</span>
<span class="c">#sudo ufw allow http # port 80</span>
<span class="nb">sudo </span>ufw allow https <span class="c"># port 443</span>
<span class="nb">sudo </span>ufw allow DNS <span class="c"># port 53</span>
</code></pre></div></div>
<p>Activer le parefeu</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo ufw enable
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
</code></pre></div></div>
<p>Status</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> sudo ufw status verbose
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
55035/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
53 (DNS) ALLOW IN Anywhere
55035/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
53 (DNS (v6)) ALLOW IN Anywhere (v6)
</code></pre></div></div>
<h2 id="-nginx"><img src="/images/nginx-logo.png" alt="nginx" width="50" /> Nginx</h2>
<p class="info">Passer en mode su : <code class="language-plaintext highlighter-rouge">sudo -s</code></p>
<p><strong>Nginx présent dans le dépôt debian buster</strong><br />
Installer nginx</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install nginx
</code></pre></div></div>
<p>Oter le commentaire de la ligne <code class="language-plaintext highlighter-rouge">server_tokens off;</code> dans la configuration de base <code class="language-plaintext highlighter-rouge">/etc/nginx/nginx.conf</code></p>
<ul>
<li><strong>worker_processes</strong> : laisser <strong>auto</strong> ou pour profiter pleinement de la puissance de votre serveur, il est recommandé de mettre autant de worker_processes que de cœurs disponibles sur votre serveur. Pour connaître le nombre de cœurs sur votre serveur, il suffit de lancer la commande : <code class="language-plaintext highlighter-rouge">grep processor /proc/cpuinfo | wc -l</code></li>
<li><strong>server_tokens</strong> : pour des raisons de sécurité, il est recommandé de désactiver lenvoi dinformations telles que le numéro de version de votre Nginx. Pour cela, décommentez cette directive dans le bloc http.</li>
</ul>
<p>Relancer nginx : <code class="language-plaintext highlighter-rouge">systemctl restart nginx</code></p>
<h3 id="xoyizexyz">xoyize.xyz</h3>
<p>Configuration par défaut</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rm /etc/nginx/sites-enabled/default # effacer la config par défaut
</code></pre></div></div>
<p>Créer un dossier et un fichier de configuration avec le nom du domaine et le dossier racine web</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkdir -p /etc/nginx/conf.d/xoyize.xyz.d
touch /etc/nginx/conf.d/xoyize.xyz.conf
mkdir -p /var/www/default
</code></pre></div></div>
<p>Le fichier de configuration web <code class="language-plaintext highlighter-rouge">xoyize.xyz.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/nginx/conf.d/xoyize.xyz.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server {
listen 80;
listen [::]:80;
server_name xoyize.xyz;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xoyize.xyz;
ssl_certificate /etc/ssl/private/xoyize.xyz-fullchain.pem;
ssl_certificate_key /etc/ssl/private/xoyize.xyz-key.pem;
root /var/www/default;
index index.html;
# TLS 1.3 only
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# Virtual Host Configs
include /etc/nginx/conf.d/xoyize.xyz.d/*.conf;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ssl/private/xoyize.xyz-fullchain.pem;
# replace with the IP address of your resolver
resolver 1.1.1.1;
}
</code></pre></div></div>
<p>Vérification et relance</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nginx -t
systemctl start nginx
</code></pre></div></div>
<p>Image sur la page daccueil (facultatif)<br />
Déposer une image (https://unsplash.com) dans le dossier <code class="language-plaintext highlighter-rouge">/var/www/default</code><br />
Créer un fichier <code class="language-plaintext highlighter-rouge">/var/www/default/index.html</code></p>
<pre><code class="language-hmtl">&lt;!DOCTYPE html&gt;
&lt;html&gt;
&lt;head&gt;
&lt;meta charset="UTF-8"&gt;
&lt;title&gt;a20-olinuxino&lt;/title&gt;
&lt;style type="text/css" media="screen" &gt;
html {
margin:0;
padding:0;
background: url(wallpaper.jpg) no-repeat center fixed;
-webkit-background-size: cover; /* pour anciens Chrome et Safari */
background-size: cover; /* version standardisée */
}
body { color: white; }
a:link {
color: grey;
background-color: transparent;
text-decoration: none;
}
a:hover {
color: red;
background-color: transparent;
text-decoration: underline;
}
&lt;/style&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;h1&gt;a20-olinuxino&lt;/h1&gt;
&lt;p&gt;If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.&lt;/p&gt;
&lt;p&gt;For online documentation and support please refer to
&lt;a href="http://nginx.org/"&gt;nginx.org&lt;/a&gt;.&lt;br/&gt;
Commercial support is available at
&lt;a href="http://nginx.com/"&gt;nginx.com&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;&lt;em&gt;Thank you for using nginx.&lt;/em&gt;&lt;/p&gt;
&lt;/body&gt;
&lt;/html&gt;
</code></pre>
<p>Lien https://xoyize.xyz</p>
<hr />
<h3 id="cartographie">Cartographie</h3>
<p>Une copie du dossier osm-new de PC1 et un domaine map.xoyize.xyz<br />
En mode sudo<br />
Le fichier de configuration web <code class="language-plaintext highlighter-rouge">map.xoyize.xyz.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/nginx/conf.d/map.xoyize.xyz.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server {
listen 80;
listen [::]:80;
server_name map.xoyize.xyz;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name map.xoyize.xyz;
ssl_certificate /etc/ssl/private/xoyize.xyz-fullchain.pem;
ssl_certificate_key /etc/ssl/private/xoyize.xyz-key.pem;
root /home/olimex/osm-new;
index index.html;
# TLS 1.3 only
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# Virtual Host Configs
include /etc/nginx/conf.d/xoyize.xyz.d/*.conf;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ssl/private/xoyize.xyz-fullchain.pem;
# replace with the IP address of your resolver
resolver 1.1.1.1;
}
</code></pre></div></div>
<p>Vérification et relance</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nginx -t
systemctl start nginx
</code></pre></div></div>
<h2 id="monitorer-débit-internet-inactif">Monitorer débit internet (INACTIF)</h2>
<p>Installation voir le lien <a href="/2021/01/18/InfluxDB-Telegraf-Grafana-NEW.html">InfluxDB Telegraf Grafana NEW</a></p>
<p>Connexion sur la page “grafana” via ssh</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh -L 9000:localhost:3000 olimex@192.168.0.46 -p 55035 -i /home/yann/.ssh/xoyize-ed25519
</code></pre></div></div>
<p>Connexion locale <a href="http://localhost:9000">http://localhost:9000</a>, utilisateur “admin” avec mot de passe .</p>
<h2 id="hotspot-wifi--dhcp-inactif">Hotspot Wifi + DHCP (INACTIF)</h2>
<ul>
<li><a href="https://debian-facile.org/doc:reseau:wifi:raspberry:hotspot:tor">Point daccès wifi sur Tor avec Raspberry</a></li>
</ul>
<h4 id="configuration-serveur-dhcp">Configuration serveur DHCP</h4>
<p>Désactiver lactuel service DHCP</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl list-unit-files |grep "dhcp"
# dhcpcd.service enabled
sudo systemctl stop dhcpcd.service
sudo systemctl disable dhcpcd.service
</code></pre></div></div>
<p><a href="https://neptunet.fr/dhcp-linux/">Installer et configurer un serveur DHCP sous Debian</a><br />
Pour mettre en place le service DHCP dans notre réseau local, nous allons utiliser le paquet isc-dhcp-server.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install isc-dhcp-server
</code></pre></div></div>
<p>sur quel interface du serveur, le “démon” (le “service”) va écouter et donc attendre les requêtes des clients</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/default/isc-dhcp-server
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="wlx7cdd905f687b"
#INTERFACESv6=""
</code></pre></div></div>
<p>éditer le fichier dhcpd.conf pour configurer le service DHCP :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/dhcp/dhcpd.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>authoritative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.42.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
option domain-name-servers 192.168.42.1;
range 192.168.42.1 192.168.42.100;
}
</code></pre></div></div>
<p>Relancer le service :<code class="language-plaintext highlighter-rouge">sudo systemctl restart isc-dhcp-server</code></p>
<h4 id="dns-unbound">DNS Unbound</h4>
<p>Ajouter la ligne suivante</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>access-control: 192.168.42.0/24 allow
</code></pre></div></div>
<p>au fichier de configuration unbound</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/etc/unbound/unbound.conf.d/olimex.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server:
# Si aucun fichier journal n'est spécifié, syslog est utilisé
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 0.0.0.0
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
# Peut être réglé sur oui si vous disposez d'une connectivité IPv6
do-ip6: no
# Vous voulez laisser cela à non, à moins d'avoir *l'IPv6 natif*. Avec 6to4 et
# Les tunnels Terredo votre navigateur web devrait favoriser IPv4 pour les mêmes raisons
prefer-ip6: no
# N'utilisez ceci que lorsque vous avez téléchargé la liste des serveurs racine primaires !
# Si vous utilisez le paquet dns-root-data par défaut, unbound le trouvera automatiquement
root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
# Ne faire confiance à la colle que si elle est sous l'autorité du serveur
harden-glue: yes
# IPs authorisés à accéder au serveur DNS
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1 allow
access-control: 192.168.0.0/24 allow
access-control: 192.168.42.0/24 allow
</code></pre></div></div>
<p>Relancer le service :<code class="language-plaintext highlighter-rouge">sudo systemctl restart unbound unbound-resolvconf</code></p>
<h4 id="configuration-interface-wifi-point-daccès">Configuration interface wifi point daccès</h4>
<p>Installation dun point daccès Wifi avec dhcp pour fournir des adresses ip aux clients wifi<br />
Dongle USB/WIFI : <code class="language-plaintext highlighter-rouge">lsusb</code><br />
Bus 001 Device 002: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter</p>
<p>On vérifie ensuite les modes supportés par ladaptateur :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
iw list
</code></pre></div></div>
<p>Dans la catégorie <code class="language-plaintext highlighter-rouge">Supported interface modes</code> il faut que le mode mode <code class="language-plaintext highlighter-rouge">AP (Access Point)</code> soit présent.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
Supported interface modes:
* IBSS
* managed
* AP
* monitor
* P2P-client
* P2P-GO
[...]
</code></pre></div></div>
<p>les interfaces réseau</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ip link
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: dummy0: &lt;BROADCAST,NOARP,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 7e:f4:1e:57:1b:3e brd ff:ff:ff:ff:ff:ff
3: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 02:c2:09:40:f2:2b brd ff:ff:ff:ff:ff:ff
4: wlx7cdd905f687b: &lt;NO-CARRIER,BROADCAST,MULTICAST,UP&gt; mtu 1500 qdisc mq state DOWN mode DORMANT group default qlen 1000
link/ether 52:dc:f6:7d:31:94 brd ff:ff:ff:ff:ff:ff
</code></pre></div></div>
<p><strong>Interface WIFI</strong><br />
Définir linterface WIFI avec une IP statique</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/network/interfaces.d/wlx7cdd905f687b
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>#allow-hotplug wlx7cdd905f687b
iface wlx7cdd905f687b inet static
address 192.168.42.1
netmask 255.255.255.0
</code></pre></div></div>
<p>Ajout manuel de ladresse IP</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo ip address add 192.168.42.1/24 dev wlx7cdd905f687b
</code></pre></div></div>
<h4 id="configuration-point-daccès">Configuration point daccès</h4>
<p><strong>HostApd</strong><br />
<a href="https://ubuntuplace.info/questions/262318/configurer-un-hotspot-ouvert-hostapd-qui-est-filtre-par-adre">Configurer un hotspot ouvert (via hostapd) qui est filtré par adresse mac en utilisant UFW et DNS personnalisé via dnsmasq</a><br />
Installer <strong>hostapd</strong> et les outils wifi</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install hostapd wireless-tools wpasupplicant
</code></pre></div></div>
<p><strong>Configurer HostApd</strong> , éditer ou créer le fichier <strong>hostapd.conf</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/hostapd/hostapd.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>interface=wlx7cdd905f687b
driver=nl80211
ssid=YanHotSpot
hw_mode=g
channel=5
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=passphrase_YanHotSpot
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
</code></pre></div></div>
<p>Modifier le fichier <strong>/etc/default/hostapd</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
</code></pre></div></div>
<p>Relancer le service :<code class="language-plaintext highlighter-rouge">sudo systemctl restart hostapd</code></p>
<p>Si le servie est masqué, “unmask” service hostapd et lancement</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl unmask hostapd
sudo systemctl start hostapd
</code></pre></div></div>
<h4 id="configuration-du-nat-iptables">Configuration du NAT iptables</h4>
<p>relayer les paquets vers linternet et traiter les paquets retours (modifier /etc/sysctl.conf)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
sed -i 's/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sed -i 's/^#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf
sysctl -p # prise en compte immédiate
</code></pre></div></div>
<p><strong>NAT - Iptables - IP Forwarding (ACTIF)</strong><br />
Ajouter au fichier <code class="language-plaintext highlighter-rouge">/sbin/iptables-firewall.sh</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlx7cdd905f687b -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlx7cdd905f687b -o eth0 -j ACCEPT
</code></pre></div></div>
<p>Relancer le service <code class="language-plaintext highlighter-rouge">sudo systemctl restart iptables-firewall</code> <br />
Vérification</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>iptables -t nat -S
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
</code></pre></div></div>
<p><strong>NAT - UFW - IP Forwarding (INACTIF)</strong><br />
<a href="https://bobcares.com/blog/ufw-port-forwarding/">How to set up UFW port forwarding</a><br />
<a href="https://sulek.fr/index.php?article38/port-forwarding-et-ufw">Port forwarding et ufw</a><br />
Pour mettre en place le port forwarding avec ufw<br />
Ajouter en fin du fichier <code class="language-plaintext highlighter-rouge">/etc/ufw/before.rules</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># règles pour la table NAT
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic through eth0
-A POSTROUTING -s 192.168.55.0/24 -o eth0 -j MASQUERADE
COMMIT
</code></pre></div></div>
<h4 id="désactiver-le-hotspot-wifi">Désactiver le hotspot wifi</h4>
<p>Arrêt et désactivation service hostapd</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl stop hostapd
sudo systemctl disable hostapd
</code></pre></div></div>
<p>Supprimer linterface wifi</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo rm /etc/network/interfaces.d/wlx7cdd905f687b
</code></pre></div></div>
<p>Retirer le dongle USB/WIFI<br />
Redémarrer la machine</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl reboot
</code></pre></div></div>
<h2 id="domotique">Domotique</h2>
<p><a href="/2021/03/24/A20-Olinuxino-Domoticz-logiciel-de-gestion-et-de-controle-domotique.html">A20-Olinuxino - Domoticz logiciel de gestion et de contrôle domotique</a></p>
<h2 id="-nfs"><img src="/images/nfs-new-logo.png" alt="" width="50" /> NFS</h2>
<p><em>NFS (Network File System) est un protocole qui permet daccéder à des fichiers via le réseau. Il est basé sur le protocole RPC (Remote Procedure Call). Les clients montent la partition de la machine distante comme si cétait un disque local.</em></p>
<p>En mode su</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
</code></pre></div></div>
<h3 id="nfs---serveur">NFS - Serveur</h3>
<p><strong>Installation serveur NFS</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install nfs-kernel-server
</code></pre></div></div>
<p>Vérification de linstallation</p>
<p>Exécuter rpcinfo pour confirmer que le serveur est lancé, et accepte les requêtes sur le port 2049 (UDP et TCP).</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rpcinfo -p | grep nfs
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> 100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100003 3 udp 2049 nfs
</code></pre></div></div>
<p>Vérifier que le système supporte effectivement NFS:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /proc/filesystems | grep nfs
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nodev nfs
nodev nfs4
nodev nfsd
</code></pre></div></div>
<p>Si la commande précédente ne renvoie rien, il se peut que le module NFS ne soit pas chargé, auquel cas, il faut le charger <code class="language-plaintext highlighter-rouge">modprobe nfs</code> <br />
Enfin, vérifions que portmap attend les instructions sur le port 111</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rpcinfo -p | grep portmap
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> 100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
</code></pre></div></div>
<p><strong>Sécurisation NFS</strong></p>
<p><img src="/images/nfs-new-logo.png" alt="" width="40" /></p>
<p>Le protocole RPC na pas la réputation dêtre bien sécurisé, mais la version 4 de NFS entend corriger ce problème, elle est donc à privilégier. Il est déconseillé deffectuer un partage NFS via internet, ou bien dans ce cas, opter pour un tunnel crypté.</p>
<ul>
<li>Sassurer que les partages sont réservés à certaines IP dans /etc/exports</li>
<li>Sappuyer sur rpcbind (/etc/hosts.deny et /etc/hosts.allow) pour sécuriser laccès au serveur NFS</li>
<li>Configurer convenablement iptables</li>
</ul>
<p><strong>hosts.deny , hosts.allow</strong><br />
Tout le monde est interdit, puis le LAN est autorisé:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">echo</span> <span class="s2">"rpcbind mountd nfsd statd lockd rquotad : ALL"</span> <span class="o">&gt;&gt;</span> /etc/hosts.deny
<span class="nb">echo</span> <span class="s2">"rpcbind mountd nfsd statd lockd rquotad: 192.168.0."</span> <span class="o">&gt;&gt;</span> /etc/hosts.allow
</code></pre></div></div>
<p><strong>iptables (NFS)</strong><br />
Par défaut, les différents services NFS (lockd, statd, mountd, etc.) demandent des assignations de ports aléatoires à partir du portmapper (portmap/rpcbind), ce qui signifie que la plupart des administrateurs doivent ouvrir une gamme de ports dans leur base de règles de pare-feu pour que NFS fonctionne.</p>
<p>Il va donc falloir fixer les ports de ces services afin de créer les règles iptables.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">echo</span> <span class="s1">'STATDOPTS="--port 32765 --outgoing-port 32766"'</span> <span class="o">&gt;&gt;</span> /etc/default/nfs-common
<span class="nb">echo</span> <span class="s1">'RPCMOUNTDOPTS="-p 32767"'</span> <span class="o">&gt;&gt;</span> /etc/default/nfs-kernel-server
<span class="nb">echo</span> <span class="s1">'RPCRQUOTADOPTS="-p 32769"'</span> <span class="o">&gt;&gt;</span> /etc/default/quota
</code></pre></div></div>
<p>Relance sysctl</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sysctl --system
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">*</span> Applying /etc/sysctl.d/99-sysctl.conf ...
<span class="k">*</span> Applying /etc/sysctl.d/protect-links.conf ...
fs.protected_hardlinks <span class="o">=</span> 1
fs.protected_symlinks <span class="o">=</span> 1
<span class="k">*</span> Applying /etc/sysctl.conf ...
</code></pre></div></div>
<p>Relancer le service</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl restart nfs-kernel-server
</code></pre></div></div>
<p><strong>NFS - Ajout des règles parefeu UFW</strong></p>
<p>Voici les règles à fixer dans le parefeu</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ufw allow from 192.168.0.0/24 to any port 111,2049,32764:32769 proto tcp
ufw allow from 192.168.0.0/24 to any port 111,2049,32764:32769 proto udp
</code></pre></div></div>
<p>Vérification</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ufw status
</code></pre></div></div>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Status: active
To Action From
<span class="nt">--</span> <span class="nt">------</span> <span class="nt">----</span>
55035/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
DNS ALLOW Anywhere
111,2049,32764:32769/tcp ALLOW 192.168.0.0/24
111,2049,32764:32769/udp ALLOW 192.168.0.0/24
55035/tcp <span class="o">(</span>v6<span class="o">)</span> ALLOW Anywhere <span class="o">(</span>v6<span class="o">)</span>
80/tcp <span class="o">(</span>v6<span class="o">)</span> ALLOW Anywhere <span class="o">(</span>v6<span class="o">)</span>
443/tcp <span class="o">(</span>v6<span class="o">)</span> ALLOW Anywhere <span class="o">(</span>v6<span class="o">)</span>
DNS <span class="o">(</span>v6<span class="o">)</span> ALLOW Anywhere <span class="o">(</span>v6<span class="o">)</span>
</code></pre></div></div>
<p><strong>NFS - Ajout des règles parefeu Iptables</strong></p>
<p>Ajouter au fichier <code class="language-plaintext highlighter-rouge">/sbin/iptables-firewall.sh</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># NFS
iptables -t filter -A INPUT -s 192.168.0.0/24 -p tcp -m multiport --ports 111,2049,32764:32769 -j ACCEPT
iptables -t filter -A INPUT -s 192.168.0.0/24 -p udp -m multiport --ports 111,2049,32764:32769 -j ACCEPT
</code></pre></div></div>
<p>Relancer le service <code class="language-plaintext highlighter-rouge">sudo systemctl restart iptables-firewall</code></p>
<h3 id="nfs---partage">NFS - partage</h3>
<ul>
<li><a href="https://doc.ubuntu-fr.org/acl">Les Access Control List : Gestion avancée des droits sous linux</a></li>
</ul>
<p>Installer acl</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install acl
</code></pre></div></div>
<blockquote>
<p>si la partition concernée par le partage est de type ext4 le support des acl est actif par défaut: loption de montage “acl” a été remplacée par “noacl”, qui devient donc celle à utiliser si on veut… désactiver le support des acl.</p>
</blockquote>
<p><strong>Configurer le partage NFS avec SetGID</strong></p>
<p><em>Quand un répertoire est «setgidé », le comportement observé change. On ne parle alors plus de droits dexécution mais dappartenance. En effet, tous les fichiers ou sous-répertoires qui seraient créés dans un tel répertoire, appartiendraient automatiquement au groupe auquel appartient le dossier. Si plusieurs utilisateurs peuvent et/ou doivent travailler dans un même répertoire par exemple, on peut positionner le droit SETGID sur ce répertoire afin que tous les utilisateurs puissent accéder à son contenu sans restrictions liées au propriétaire qui a créé le fichier ou le sous-répertoire.</em></p>
<p>Créer un dossier qui sera partagé sur le réseau local</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mkdir -p /xoyipart
</code></pre></div></div>
<p>Montage de la partition 2 du disque SSD /dev/sda</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>blkid | grep "/dev/sda2" # relever uuid
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>/dev/sda2: UUID="0a446c5a-ed92-45be-b56d-8306bc27b603" TYPE="ext4" PARTUUID="7a706cab-02"
</code></pre></div></div>
<p>Ajout au fichier fstab</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/fstab
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># /dev/sda2
UUID=0a446c5a-ed92-45be-b56d-8306bc27b603 /xoyipart ext4 defaults 0 2
</code></pre></div></div>
<p>Montage manuel</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mount -a
</code></pre></div></div>
<p><strong>Partager /xoyipart/</strong></p>
<p>indiquer au serveur les répertoires qui seront partagés, les machines qui y auront accès et les conditions de ce partage.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>nano /etc/exports
</code></pre></div></div>
<p>Ajouter en fin de fichier <strong>/etc/exports</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>#/xoyipart 192.168.0.0/24(rw,sync,no_subtree_check,no_root_squash)
/xoyipart 192.168.0.0/24(rw,no_subtree_check,no_root_squash)
</code></pre></div></div>
<p>Exporter</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>exportfs -ar
</code></pre></div></div>
<p>Pour vérifier que lexport a bien eu lieu, taper sur le serveur NFS la commande :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>showmount -e 192.168.0.46
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Export list for xoyize.xyz:
/xoyipart 192.168.0.0/24
</code></pre></div></div>
<p>Nous devons configurer SetGID dans ce répertoire, comme indiqué ci-dessous.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>chmod 2775 /xoyipart
</code></pre></div></div>
<p>Cela a également défini les autorisations 775 sur le répertoire, de sorte que lutilisateur racine et le groupe défini disposent dautorisations complètes. Le 2 permet setgid.</p>
<p>Ensuite, nous créons un groupe appelé local et modifions le répertoire /xoyipart afin que le propriétaire du groupe soit ce groupe local.<br />
Nous spécifions également manuellement le GID qui sera utilisé pour le groupe en tant que 9999; il doit sagir dun <u>numéro libre sur votre client et votre serveur</u>.</p>
<p>Exécuter <code class="language-plaintext highlighter-rouge">groupadd</code> sur le client et sur le serveur, et ajouter un (ou plusieurs) utilisateur à ce groupe.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>groupadd <span class="nt">-g</span> 9999 <span class="nb">local</span> <span class="c"># sur client et serveur</span>
<span class="c"># ajout utilisateur au groupe</span>
<span class="nb">sudo </span>usermod <span class="nt">-a</span> <span class="nt">-G</span> <span class="nb">local</span> <span class="nv">$USER</span> <span class="c"># sur client et serveur</span>
<span class="nb">sudo chgrp local</span> /xoyipart <span class="c"># serveur uniquement</span>
</code></pre></div></div>
<p><strong>Droits ACL</strong><br />
Donner les droits ACL en lecture,écriture et exécution à lutilisateur $USER et au groupe local</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo setfacl -Rm u:$USER:rwx,g:local:rwx /xoyipart/
</code></pre></div></div>
<p class="info">Désormais, tous les fichiers ou répertoires créés dans <code class="language-plaintext highlighter-rouge">/xoyipart</code> se verront automatiquement attribuer le propriétaire du groupe <em>local</em>, ce qui permettra essentiellement la collaboration de groupe, car tout utilisateur appartenant au groupe <em>local</em> pourra désormais accéder aux fichiers créés par dautres utilisateurs du même groupe dans le répertoire <code class="language-plaintext highlighter-rouge">/xoyipart</code></p>
<blockquote>
<p><strong>NE PAS OUBLIER DE SE DECONNECTER/CONNECTER</strong></p>
</blockquote>
<p>Nous pouvons confirmer que setgid est en place, comme indiqué ci-dessous, où le bit dexécution pour les autorisations de groupe est une minuscule. Cela passera à une majuscule S si le groupe ne dispose pas de lautorisation dexécution et que seul setgid est en place.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ls -la /xoyipart/ # signe + pour les acl
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
drwxrwsr-x+ 2 root local 4096 Mar 11 08:30 .
[...]
</code></pre></div></div>
<h3 id="nfs---client">NFS - Client</h3>
<p><a href="https://doc.fedora-fr.org/wiki/Partage_de_disques_en_r%C3%A9seau_avec_NFS">Partage de disques en réseau avec NFS</a></p>
<p>Installer nfs-utils avec la commande</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo pacman -S nfs-utils # archlinux
sudo apt install nfs-common # debian
</code></pre></div></div>
<p>Créer un point de montage NFS</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mkdir -p /mnt/xoyipart
</code></pre></div></div>
<p>Le partage NFS (<code class="language-plaintext highlighter-rouge">/etc/hosts</code> contient la définition du serveur : <code class="language-plaintext highlighter-rouge">192.168.0.46 xoyize.xyz</code>)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo showmount -e xoyize.xyz
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Export list for xoyize.xyz:
/xoyipart 192.168.0.0/24
</code></pre></div></div>
<p>Montage manuel</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mount -t nfs 192.168.0.46:/xoyipart /mnt/xoyipart
</code></pre></div></div>
<p>Montage automatique à la demande avec timeout via fstab et x-systemd</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/fstab
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>192.168.0.46:/xoyipart/ /mnt/xoyipart/ nfs x-systemd.automount,x-systemd.idle-timeout=300,async 0 0
</code></pre></div></div>
<p>Vérifier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mount -a
</code></pre></div></div>
<h3 id="partage-manuel-de-fichier-via-sshfs">Partage manuel de fichier via SSHFS</h3>
<p>On va utiliser SSHFS pour partager un dossier hôte avec linvité debian<br />
Installer sshfs sur linvité</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install sshfs
</code></pre></div></div>
<p>Créer un jeu de clé pour se connecter à lhote en SSH</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-keygen -t ed25519 -o -a 100 -f ~/.ssh/accesspc1
</code></pre></div></div>
<p>Le déploiement de la clé publique .pub sur lhôte</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh-copy-id -i .ssh/accesspc1.pub yann@192.168.0.42 # ou par copier/coller la clé publique dans le fichier .ssh/authorized_keys du distant
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'yann@192.168.0.42'"
and check to make sure that only the key(s) you wanted were added.
</code></pre></div></div>
<p>Vérifier la connexion ssh <code class="language-plaintext highlighter-rouge">ssh yann@192.168.0.42</code></p>
<p>Pour une connexion avec clé sans mot de passe, modifier le paramètre <code class="language-plaintext highlighter-rouge">PasswordAuthentication no</code> dans le fichier <code class="language-plaintext highlighter-rouge">/etc/ssh/sshd_config</code> de lhôte et relancer le service sshd <code class="language-plaintext highlighter-rouge">sudo systemctl restart sshd</code><br />
Tester la connexion avec clé depuis linvité</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ssh -i ~/.ssh/accesspc1 yann@192.168.0.42
</code></pre></div></div>
<p>Création dossier sur linvité et droits</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mkdir /var/www/devel
sudo chown $USER.www-data -R /var/www/devel
</code></pre></div></div>
<p>Montage manuel</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># montage syntaxe: sshfs -oIdentityFile=&lt;clé privée&gt; utilisateur@domaine.tld:&lt;dossier distant&gt; &lt;dossier local&gt; -C -p &lt;port si différent de 22&gt;
sshfs -oIdentityFile=~/.ssh/accesspc1 yann@192.168.0.42:/home/yann/media/devel /var/www/devel -C
# démontage syntaxe: fusermount -u &lt;dossier local&gt;
fusermount -u /var/www/devel
</code></pre></div></div>
<h2 id="dns-unbound-1">DNS Unbound</h2>
<p>Unbound est un résolveur de DNS validant, récursif, et mettant en cache. Il est conçu pour être rapide et simple et intègre des fonctionnalités modernes basées sur des normes ouvertes. <br />
La configuration de Unbound DNS avec votre installation Pi-hole nous permet dexploiter notre propre petit serveur DNS récursif au lieu de dépendre (et denvoyer des données à) de grands acteurs comme Google ou Cloudflare.<br />
<a href="https://www.pofilo.fr/post/20180630-dns-unbound/">[Tuto] Quest-ce quun serveur DNS et comment en installer un ?</a></p>
<p>Pour installer Unbound</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install unbound
</code></pre></div></div>
<p>Ensuite, nous devrons télécharger un fichier <code class="language-plaintext highlighter-rouge">root.hints</code> pour remplacer les hints intégrés :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints
</code></pre></div></div>
<p><strong>Configurer le DNS Unbound</strong><br />
Unbound comprend de nombreuses options de configuration différentes que vous pouvez ajuster et essayer. Nhésitez pas à consulter la <a href="https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/">documentation du fichier de configuration de Unbound (en)</a> pour obtenir des détails sur chaque option.</p>
<p>Pour commencer, créer le fichier de configuration Unbound</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/unbound/unbound.conf.d/olimex.conf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server:
# Si aucun fichier journal n'est spécifié, syslog est utilisé
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 0.0.0.0
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
# Peut être réglé sur oui si vous disposez d'une connectivité IPv6
do-ip6: no
# Vous voulez laisser cela à non, à moins d'avoir *l'IPv6 natif*. Avec 6to4 et
# Les tunnels Terredo votre navigateur web devrait favoriser IPv4 pour les mêmes raisons
prefer-ip6: no
# N'utilisez ceci que lorsque vous avez téléchargé la liste des serveurs racine primaires !
# Si vous utilisez le paquet dns-root-data par défaut, unbound le trouvera automatiquement
root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
# Ne faire confiance à la colle que si elle est sous l'autorité du serveur
harden-glue: yes
# IPs authorisés à accéder au serveur DNS
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1 allow
access-control: 192.168.0.0/24 allow
</code></pre></div></div>
<p><strong>Détails de la configuration</strong><br />
Le port par défaut pour Unbound est 53 mais nous le changeons ici en 5335. Nhésitez pas à le changer pour ce que vous voulez, mais vous devrez vous en souvenir plus tard lorsque nous indiquerons à Pi-hole où envoyer les requêtes DNS en amont :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>port : 5335
</code></pre></div></div>
<p>Cela pointe vers le fichier <code class="language-plaintext highlighter-rouge">root.hints</code> que vous venez de télécharger :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># N'utilisez ce fichier que lorsque vous avez téléchargé la liste des serveurs racine primaires !
root-hints : "/var/lib/unbound/root.hints"
</code></pre></div></div>
<p>Ici, nous refusons les connexions à toutes les interfaces, puis nous autorisons tout ce qui provient de cet appareil et tout ce qui provient de notre sous-réseau local 192.168.0.0</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># IPs autorisées à accéder au serveur DNS
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1 allow
access-control: 192.168.0.0/24 allow
</code></pre></div></div>
<h3 id="modifier-interface-réseau">Modifier Interface réseau</h3>
<p>Pour tenir compte de la résolution DNS Unbound qui est accessible via 127.0.0.1</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/network/interfaces.d/eth0
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>allow-hotplug eth0
iface eth0 inet static
address 192.168.0.46
netmask 255.255.255.0
gateway 192.168.0.254
dns-nameservers 127.0.0.1 9.9.9.9
iface eth0 inet6 static
address 2a01:e0a:2de:2c71::1
netmask 64
</code></pre></div></div>
<p>Pour la prise en compte ,redémarrer…</p>
<h3 id="unbound-vérification">Unbound vérification</h3>
<p>Une fois le fichier de configuration enregistré, démarrez le serveur DNS Unbound :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl status unbound unbound-resolvconf
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[...]
Dec 31 17:31:34 a20-olinuxino systemd[1]: Starting Unbound DNS server...
Dec 31 17:31:40 a20-olinuxino package-helper[1138]: /var/lib/unbound/root.key has content
Dec 31 17:31:40 a20-olinuxino package-helper[1138]: success: the anchor is ok
Dec 31 17:31:40 a20-olinuxino unbound[1142]: [1609432300] unbound[1142:0] error: Could not open logfile /var/log/unbound/unbound.log: No such fi
Dec 31 17:31:40 a20-olinuxino unbound[1142]: [1609432300] unbound[1142:0] info: start of service (unbound 1.9.0).
Dec 31 17:31:40 a20-olinuxino systemd[1]: Started Unbound DNS server.
[...]
Dec 31 17:31:40 a20-olinuxino systemd[1]: Started Unbound DNS server via resolvconf.
</code></pre></div></div>
<p>Et testez pour vous assurer que le DNS Unbound fonctionne (assurez-vous dutiliser le port que vous avez défini ci-dessus) :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig pi-hole.net @127.0.0.1 -p 5335
</code></pre></div></div>
<p>Qui devrait renvoyer certaines informations, notamment une SECTION QUESTION et une SECTION RÉPONSE qui comprend pi-hole.net et une adresse IP.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>; &lt;&lt;&gt;&gt; DiG 9.11.5-P4-5.1+deb10u2-Debian &lt;&lt;&gt;&gt; pi-hole.net @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 19820
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi-hole.net. IN A
;; ANSWER SECTION:
pi-hole.net. 3600 IN A 192.124.249.118
;; Query time: 365 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Thu Dec 31 17:34:17 CET 2020
;; MSG SIZE rcvd: 56
</code></pre></div></div>
<p><strong>Tester la validation DNSSEC</strong></p>
<p>Exécutez la commande suivante :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig sigfail.verteiltesysteme.net @127.0.0.1
</code></pre></div></div>
<p>Ce qui devrait retourner un statut de SERVFAIL et aucune SECTION RÉPONSE :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: SERVFAIL, id: 36591
</code></pre></div></div>
<p>Et ensuite, exécutez cette commande :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>dig sigok.verteiltesysteme.net @127.0.0.1
</code></pre></div></div>
<p>Qui devrait retourner un statut de NOERROR et une SECTION RÉPONSE :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 64444
</code></pre></div></div>
<h3 id="vérifier-les-signatures-dnssec">Vérifier les signatures DNSSEC</h3>
<p>Pour vous assurer que Unbound est correctement configuré, visitez <a href="https://dnssec.vs.uni-due.de/">DNSSEC Resolver Test</a> dans un navigateur web en utilisant un appareil qui se trouve actuellement dans votre réseau et en utilisant votre <em>a20-olinuxino (192.168.0.46)</em> comme serveur DNS. Utilisez le bouton “Start test” et ce site web vous indiquera si Unbound valide ou non les signatures DNSSEC.</p>
</div>
<div class="d-print-none"><footer class="article__footer"><meta itemprop="dateModified" content="2021-05-04T00:00:00+02:00"><!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
<div align="right"><a type="application/rss+xml" href="/feed.xml" title="S'abonner"><i class="fa fa-rss fa-2x"></i></a>
&emsp;</div>
-->
</footer>
<div class="article__section-navigator clearfix"><div class="previous"><span>PRÉCÉDENT</span><a href="/2021/05/04/Nextcloud_Nginx_PHP7-FPM_MariaDB_SSL-TLS.html">Nextcloud Nginx, PHP7.4, MariaDB et SSL/TLS</a></div><div class="next"><span>SUIVANT</span><a href="/2021/05/06/Hostnamaste_DNS_dot_doh_KVM-256_debian_10.html">Hostnamaste VPS KVM-256 debian 10 - résolveur DNS public sur TLS (DoT) et DNS sur HTTPS (DoH)</a></div></div></div>
</div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('<a class="anchor d-print-none" aria-hidden="true"></a>').html('<i class="fas fa-anchor"></i>'));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
</script>
</div><section class="page__comments d-print-none"></section></article><!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
</div>
</div></div></div></div>
</div><script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 && ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 && activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 && ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange && onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
</script><div class="modal modal--overflow page__search-modal d-print-none js-page-search-modal"><script>
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow && search.onShow();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].focus();
} else {
search.onShow && search.onHide();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox && ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear && search.clear();
window.pageAsideAffix && window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible && !window.isFormElement(e.target || e.srcElement) && (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear && search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty && search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear && search.clear();
});
}
});
})();
</script><div class="search search--dark">
<div class="main">
<div class="search__header">Recherche</div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div>
</div>
<button class="button button--theme-dark button--pill search__cancel js-search-toggle">
Annuler</button>
</div>
<div id="results-container" class="search-result js-search-result"></div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '<p>Aucun résultat!</p>',
json: '/search.json',
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a>&nbsp;(Création {create})</li>'
})
</script>
</div></div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback && callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom && (offsetBottom = _options.offsetBottom);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroll && (scroll = _options.scroll);
_options.disabled !== undefined && (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc && preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop && scrollTop <= scrollBottom) {
fixed();
} else if (scrollTop < rootTop) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('<ul class="toc toc--ellipsis"></ul>'), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors && (selectors = _options.selectors);
_options.container && (container = _options.container);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroller && (scroller = _options.scroller);
_options.disabled !== undefined && (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1) { return; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length; i++) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast && $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('<li></li>').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('<a></a>').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
</script><script>
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc && toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix && affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
</script><!---->
</div>
<script>(function () {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
</script>
</body>
</html>