代码之美

分类: 未分类

  • Jenkins流水线发送通知邮件

    pipeline {
    agent any
    stages {
        stage("test") {
            steps {
                script {
                    println("hello world4")
                    sh 'env'
                }
            }
        }
    }
    post {
        always {
            emailext subject: "{currentBuild.currentResult}: Job -{env.JOB_NAME}#{env.BUILD_NUMBER}",
            body: """<p>{currentBuild.currentResult}: {env.JOB_NAME}#{env.BUILD_NUMBER}</p><p>Check console output at
            <a href='{env.BUILD_URL}'>{env.JOB_NAME}#${env.BUILD_NUMBER}</a>
            </p>""",
            recipientProviders: [developers(), requestor()]
        }
    }
}

    Views: 33

  • gitlab配置smtp

    我的邮件是ali的企业邮箱

    gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "git@hetao.me"
gitlab_rails['smtp_password'] = "password"
gitlab_rails['smtp_domain'] = "smtp.qiye.aliyun.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['gitlab_email_reply_to'] = 'tao@hetao.me'

    Views: 46

  • ubuntu安装后初始配置

    timedatectl set-timezone Asia/Shanghai
sed 'aPermitRootLogin yes' /etc/ssh/sshd_config
sed 's/\/\/.*\//\/\/mirrors.hetao.me\//g' /etc/apt/sources.list
apt-get install vim curl language-pack-zh-han*
apt install(check-language-support)
cat >> /etc/environment << EOF
LANG="zh_CN.UTF-8"
LANGUAGE="zh_CN:zh"
LC_NUMERIC="zh_CN"
LC_TIME="zh_CN"
LC_MONETARY="zh_CN"
LC_PAPER="zh_CN"
LC_NAME="zh_CN"
LC_ADDRESS="zh_CN"
LC_TELEPHONE="zh_CN"
LC_MEASUREMENT="zh_CN"
LC_IDENTIFICATION="zh_CN"
LC_ALL="zh_CN.UTF-8"
JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8"
PYTHONIOENCODING="UTF8"
EOF
cat > /etc/default/locale << EOF
LANG="zh_CN.UTF-8"
LANGUAGE="zh_CN:zh"
LC_NUMERIC="zh_CN"
LC_TIME="zh_CN"
LC_MONETARY="zh_CN"
LC_PAPER="zh_CN"
LC_NAME="zh_CN"
LC_ADDRESS="zh_CN"
LC_TELEPHONE="zh_CN"
LC_MEASUREMENT="zh_CN"
LC_IDENTIFICATION="zh_CN"
LC_ALL="zh_CN.UTF-8"
EOF
systemctl restart sshd

    Views: 58

  • WireGuard ping: sendmsg: Required key not available

    其实这个错误就是路由指向了wireguard接口但是AllowedIPs中并没有配置对应的网段,AllowedIPs配置正确就好了

    Views: 89

  • python仓库设置

    用我自己的仓库

    pip config set global.index-url https://mirrors.hetao.me/pypi/simple
pip config set global.trusted-host mirrors.hetao.me

    环境变量

    export PIP_INDEX_URL=https://mirrors.hetao.me/pypi/simple
export PIP_TRUSTED_HOST=mirrors.hetao.me

    pip环境变量参考:
    https://pip.pypa.io/en/stable/topics/configuration/#environment-variables

    Views: 14

  • 使用dnsmasq做GFW流量分流(merlin)

    • 生成dnsmasq用的配置文件
      写一个脚本,内容如下
    #/bin/sh
export HTTPS_PROXY=172.29.0.24:3128
data_dir=/jffs/configs
python3 -m genpac --format=dnsmasq --user-rule-from={data_dir}/user-rule.txt -o{data_dir}/gfwlist.conf --dnsmasq-dns="172.29.0.1#5354"
export HTTPS_PROXY=

    需要在172.29.0.1(镜外主机)上部署一个dns服务器,并且禁用ipv6解析(因为vpn设备ipv6比较麻烦)
    – 部署dns服务器
    编写/etc/coredns/Corefile文件

    .:5354 {
  errors
  log
  template IN AAAA .
  forward . 127.0.0.1
}

    启动dns
    /usr/local/bin/coredns -conf=/etc/coredns/Corefile
    – 配置dnsmasq
    /jfss/configs/dnsmasq.conf.add中添加一行

    “`conf-file=/jffs/configs/gfwlist.conf“`
    service restart_dnsmasq
    – 配置iptables
    ipset create GFWLIST hash:ip
    iptables -t mangle -A PREROUTING -m set –match-set GFWLIST dst -j MARK –set-mark 100
    iptables -t mangle -A OUTPUT -m set –match-set GFWLIST dst -j MARK –set-mark 100
    – 配置wireguard路由
    在/jffs/scripts/wgclient-start中添加以下内容

    #!/bin/sh
dev_name=wgc{1}
ip route add default devdev_name table 1
ip route add 10.12.0.1/32 dev dev_name
ip route add 172.29.0.0/24 devdev_name
ip rule add fwmark 100 table 1
    • 关闭rp_filter
      不做这一步策略路由不生效
      在/jffs/scripts/firewall-start 中添加
    if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] ; then
   for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
      echo 0 > $i
   done
fi

    以上完。
    关于wireguard部分后面有空再说

    Views: 148

  • asus路由器实现vlan划分(RT-AX68U)

    使用vlanctl命令可以添加tag和untag形式的VLAN,一般untag只添加一个就够了,其它都是tag vlan。要注意的是划分vlan以后原来的iface就转换为二层接口不能配置网络协议了,所有配置都放在vlan上面。
    我这里有一个脚本可以参考

    #!/bin/sh

function create_vlan_untagged {
    local if={1}
    local vlanid={2}

    vlanctl --mcast --if-create-name {if}{if}.{vlanid}
    vlanctl --if{if} --rx --tags 0 --set-rxif {if}.{vlanid} --rule-append
    ifconfig {if}.{vlanid} up
}

function create_vlan_tagged {
    local if={1}
    local vlanid={2}

    vlanctl --mcast --if-create-name {if}{if}.{vlanid}
    vlanctl --if{if} --rx --tags 1 --filter-vid {vlanid} 0 --pop-tag --set-rxif{if}.{vlanid} --rule-append
    vlanctl --if{if} --tx --tags 0 --filter-txif {if}.{vlanid} --push-tag --set-vid {vlanid} 0 --rule-append
    ifconfig{if}.${vlanid} up
}
create_vlan_untagged eth1 1
create_vlan_untagged eth3 1
ip link set eth1.1 up
ip link set eth3.1 up
brctl delif br0 eth1 eth3
brctl addif br0 eth1.1 eth3.1

create_vlan_tagged eth1 5
create_vlan_tagged eth3 5
ip link set eth1.5 up
ip link set eth3.5 up
brctl addbr br1
brctl stp br1 on
brctl addif br1 eth1.5
brctl addif br1 eth3.5
ip link set br1 up
ip addr add 192.168.5.1/24 dev br1

nvram set lan_ifnames="eth1.1 eth2 eth3.1 eth4 eth5 eth6"
nvram set br0_ifnames="eth1.1 eth2 eth3.1 eth4 eth5 eth6"
nvram set br1_ifname=br1
nvram set br1_ifnames="eth1.5 eth3.5"
nvram set lan1_ifname=br1
nvram set lan1_ifnames="eth1.5 eth3.5" 
nvram commit

    此脚本可以放在/jffs/scripts/services-start中
    然后在/jffs/scripts/firewall-start中添加

    “`iptables -I FORWARD -i br1 -j ACCEPT“`
    这样就实现了在一根网线上划分多个vlan并配置多个网段
    可以用vlanctl –rule-dump-all列了所有规则,然后用dmesg查看

    Views: 48

  • TCP MSS钳制解决Wireguard访问github超时问题

    用OpenVPN的时候自带的有mssfix功能,但是Wireguard是没有的,这就导致访问某些网站(github.com)的时候超时无响应
    – iptables用法
    iptables -A FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu
    – nftables用法
    nft add rule ip filter FORWARD tcp flags syn tcp option maxseg size set rt mtu
    – Openwrt的话可以直接在防火墙中配置MSS钳制

    其它的系统可以放到wireguard的PostUp脚本里面,asus merlin可以放到/jffs/scripts/wgclient-start里面。后来发现如果是从界面配置的wireguard则会自动添加TCPMSS规则,如果是自己用wg-quick手动配置的则需要用上述方法自己添加TCPMSS规则。

    这个问题是由于某些网站ICMP或者PMTU不能正常工作导致的,我用ping测试github.com的MTU就测试不出来
    参考:
    https://www.procustodibus.com/blog/2022/02/wireguard-over-tcp/
    https://www.vinoca.org/wireguardzhi-mtu-mss/

    Views: 64

  • 查看nfs连接状态

    • netstat | grep :nfs
    • ss -a|grep nfs

    Views: 151

  • pve8.1实现Intel显卡虚拟化

    参考:
    https://gist.github.com/scyto/e4e3de35ee23fdb4ae5d5a3b85c16ed3
    https://www.derekseaman.com/2023/11/proxmox-ve-8-1-windows-11-vgpu-vt-d-passthrough-with-intel-alder-lake.html

    配置要点:
    – vGPU要设为主GPU
    – Windows系统直接下载Intel官方显卡驱动
    驱动名称为Intel Arc & Iris Xe Graphic,下载地址:https://www.intel.com/content/www/us/en/download/785597/intel-arc-iris-xe-graphics-windows.html
    – 更新固件到最新

    # 这个是12代CPU用的固件
wget -r -nd -e robots=no -A '*.bin' --accept-regex '/plain/' https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/i915/adlp_dmc.bin

cp adlp_dmc.bin /lib/firmware/i915/
    • 设置内核参数
      >GRUB_CMDLINE_LINUX_DEFAULT=”quiet iommu=pt intel_iommu=on i915.enable_guc=2 i915.max_vfs=3″
    • 映射vGPU

      我这里开启2个vGPU
    • 添加pci硬件

    Views: 39