sstent/LogSeqDB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
sstent
2025-12-11 06:26:12 -08:00
commit 4662fe2d3b
2327 changed files with 114173 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pages/Tech/Networking/DynDns info.md Normal file
View File

@@ -0,0 +1,15 @@
#selfhosted
DYN DNS SERVERs
- Servers
https://www.duckdns.org/
https://desec.io/
- sync service
https://www.dnsomatic.com/
UNIFI sends the updates via service to dnsomatic, it fwds to others

15
pages/Tech/Networking/DynDns info.sync-conflict-20250817-085612-UULL5XD.md Normal file
View File

@@ -0,0 +1,15 @@
#selfhosted
DYN DNS SERVERs
- Servers
https://www.duckdns.org/
https://desec.io/
- sync service
https://www.dnsomatic.com/
UNIFI sends the updates via service to dnsomatic, it fwds to others

108
pages/Tech/Networking/SSH authorized_keys USG Ubiquiti Community.md Normal file
View File

@@ -0,0 +1,108 @@
created:: 2024-01-19T13:12:25 (UTC -05:00)
tags:: Ubiquiti
source:: https://community.ui.com/questions/SSH-authorizedkeys-USG/f73c36ff-e01c-4ca1-9868-584f31cdb310
author:: None
- SSH authorized_keys USG | Ubiquiti Community
> ## Excerpt
> can just, for the life of me not get this to work. I don't have a system json entry in my config.gateway.json... and when i try to add the section [and I add it correctly as JSON object] it just gets the USG stuck in provisioning mode when it tries to pull down...I have tried inserting the code with necessary trailing comma - at the start of the file [after opening bracket... but fails.
---
can just, for the life of me not get this to work. I don't have a system json entry in my config.gateway.json... and when i try to add the section \[and I add it correctly as JSON object\] it just gets the USG stuck in provisioning mode when it tries to pull down...I have tried inserting the code with necessary trailing comma - at the start of the file \[after opening bracket... but fails. 
```
{
"firewall": {
"name": {
"WAN_LOCAL": {
"rule": {
"4": {
"action": "accept",
"description": "SSH to WAN",
"destination": {
"address": "*redacted*",
"port": "22"
},
"protocol": "tcp"
},
"50": {
"action": "accept",
"description": "Allow L2TP",
"destination": {
"port": "500,1701,4500"
},
"protocol": "udp"
},
"51": {
"action": "accept",
"description": "Allow ESP",
"protocol": "esp"
}
}
}
}
},
"vpn": {
"pptp": {
"remote-access": {
"authentication": {
"local-users": {
"username": {
"user1": {
"password": "*redacted*"
}
}
},
"mode": "local"
}
}
},
"ipsec": {
"auto-firewall-nat-exclude": "disable",
"ipsec-interfaces": {
"interface": [
"eth0"
]
},
"nat-networks": {
"allowed-network": {
"0.0.0.0/0": "''"
}
},
"nat-traversal": "enable"
},
"l2tp": {
"remote-access": {
"authentication": {
"local-users": {
"username": {
"user1": {
"password": "*redacted*"
}
}
},
"mode": "local"
},
"client-ip-pool": {
"start": "192.168.1.200",
"stop": "192.168.1.254"
},
"dhcp-interface": "eth0",
"dns-servers": {
"server-1": "8.8.8.8",
"server-2": "8.8.4.4"
},
"ipsec-settings": {
"authentication": {
"mode": "pre-shared-secret",
"pre-shared-secret": "*redacted*"
},
"ike-lifetime": "3600"
},
"mtu": "1492"
}
}
}
}
```

110
pages/Tech/Networking/SSH authorized_keys USG Ubiquiti Community.md.bak Normal file
View File

@@ -0,0 +1,110 @@
---
created: 2024-01-19T13:12:25 (UTC -05:00)
tags: [Ubiquiti]
source: https://community.ui.com/questions/SSH-authorizedkeys-USG/f73c36ff-e01c-4ca1-9868-584f31cdb310
author:
---
- # SSH authorized_keys USG | Ubiquiti Community
> ## Excerpt
> can just, for the life of me not get this to work. I don't have a system json entry in my config.gateway.json... and when i try to add the section [and I add it correctly as JSON object] it just gets the USG stuck in provisioning mode when it tries to pull down...I have tried inserting the code with necessary trailing comma - at the start of the file [after opening bracket... but fails.
---
can just, for the life of me not get this to work. I don't have a system json entry in my config.gateway.json... and when i try to add the section \[and I add it correctly as JSON object\] it just gets the USG stuck in provisioning mode when it tries to pull down...I have tried inserting the code with necessary trailing comma - at the start of the file \[after opening bracket... but fails. 
```
{
"firewall": {
"name": {
"WAN_LOCAL": {
"rule": {
"4": {
"action": "accept",
"description": "SSH to WAN",
"destination": {
"address": "*redacted*",
"port": "22"
},
"protocol": "tcp"
},
"50": {
"action": "accept",
"description": "Allow L2TP",
"destination": {
"port": "500,1701,4500"
},
"protocol": "udp"
},
"51": {
"action": "accept",
"description": "Allow ESP",
"protocol": "esp"
}
}
}
}
},
"vpn": {
"pptp": {
"remote-access": {
"authentication": {
"local-users": {
"username": {
"user1": {
"password": "*redacted*"
}
}
},
"mode": "local"
}
}
},
"ipsec": {
"auto-firewall-nat-exclude": "disable",
"ipsec-interfaces": {
"interface": [
"eth0"
]
},
"nat-networks": {
"allowed-network": {
"0.0.0.0/0": "''"
}
},
"nat-traversal": "enable"
},
"l2tp": {
"remote-access": {
"authentication": {
"local-users": {
"username": {
"user1": {
"password": "*redacted*"
}
}
},
"mode": "local"
},
"client-ip-pool": {
"start": "192.168.1.200",
"stop": "192.168.1.254"
},
"dhcp-interface": "eth0",
"dns-servers": {
"server-1": "8.8.8.8",
"server-2": "8.8.4.4"
},
"ipsec-settings": {
"authentication": {
"mode": "pre-shared-secret",
"pre-shared-secret": "*redacted*"
},
"ike-lifetime": "3600"
},
"mtu": "1492"
}
}
}
}
```

110
pages/Tech/Networking/SSH authorized_keys USG Ubiquiti Community.sync-conflict-20250817-085613-UULL5XD.md Normal file
View File

@@ -0,0 +1,110 @@
---
created: 2024-01-19T13:12:25 (UTC -05:00)
tags: [Ubiquiti]
source: https://community.ui.com/questions/SSH-authorizedkeys-USG/f73c36ff-e01c-4ca1-9868-584f31cdb310
author:
---
- SSH authorized_keys USG | Ubiquiti Community
> ## Excerpt
> can just, for the life of me not get this to work. I don't have a system json entry in my config.gateway.json... and when i try to add the section [and I add it correctly as JSON object] it just gets the USG stuck in provisioning mode when it tries to pull down...I have tried inserting the code with necessary trailing comma - at the start of the file [after opening bracket... but fails.
---
can just, for the life of me not get this to work. I don't have a system json entry in my config.gateway.json... and when i try to add the section \[and I add it correctly as JSON object\] it just gets the USG stuck in provisioning mode when it tries to pull down...I have tried inserting the code with necessary trailing comma - at the start of the file \[after opening bracket... but fails. 
```
{
"firewall": {
"name": {
"WAN_LOCAL": {
"rule": {
"4": {
"action": "accept",
"description": "SSH to WAN",
"destination": {
"address": "*redacted*",
"port": "22"
},
"protocol": "tcp"
},
"50": {
"action": "accept",
"description": "Allow L2TP",
"destination": {
"port": "500,1701,4500"
},
"protocol": "udp"
},
"51": {
"action": "accept",
"description": "Allow ESP",
"protocol": "esp"
}
}
}
}
},
"vpn": {
"pptp": {
"remote-access": {
"authentication": {
"local-users": {
"username": {
"user1": {
"password": "*redacted*"
}
}
},
"mode": "local"
}
}
},
"ipsec": {
"auto-firewall-nat-exclude": "disable",
"ipsec-interfaces": {
"interface": [
"eth0"
]
},
"nat-networks": {
"allowed-network": {
"0.0.0.0/0": "''"
}
},
"nat-traversal": "enable"
},
"l2tp": {
"remote-access": {
"authentication": {
"local-users": {
"username": {
"user1": {
"password": "*redacted*"
}
}
},
"mode": "local"
},
"client-ip-pool": {
"start": "192.168.1.200",
"stop": "192.168.1.254"
},
"dhcp-interface": "eth0",
"dns-servers": {
"server-1": "8.8.8.8",
"server-2": "8.8.4.4"
},
"ipsec-settings": {
"authentication": {
"mode": "pre-shared-secret",
"pre-shared-secret": "*redacted*"
},
"ike-lifetime": "3600"
},
"mtu": "1492"
}
}
}
}
```

20
pages/Tech/Networking/Set UniFI BGP.md Normal file
View File

@@ -0,0 +1,20 @@
title:: Set UniFI BGP
updated:: 2022-09-09 14:26:31+00:00
created:: 2022-09-09 14:25:27+00:00
show ip bgp
configure
set protocols bgp 64512 parameters router-id 192.168.1.1
set protocols bgp 64512 neighbor 192.168.1.221 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.222 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.223 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.224 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.225 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.226 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.227 remote-as 64512
show protocols bgp
commit
save
exit
show ip bgp

24
pages/Tech/Networking/Set UniFI BGP.md.bak Normal file
View File

@@ -0,0 +1,24 @@
---
title: Set UniFI BGP
updated: 2022-09-09 14:26:31Z
created: 2022-09-09 14:25:27Z
latitude: 40.73565700
longitude: -74.17236670
altitude: 0.0000
---
show ip bgp
configure
set protocols bgp 64512 parameters router-id 192.168.1.1
set protocols bgp 64512 neighbor 192.168.1.221 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.222 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.223 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.224 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.225 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.226 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.227 remote-as 64512
show protocols bgp
commit
save
exit
show ip bgp

24
pages/Tech/Networking/Set UniFI BGP.sync-conflict-20250817-085619-UULL5XD.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: Set UniFI BGP
updated: 2022-09-09 14:26:31Z
created: 2022-09-09 14:25:27Z
latitude: 40.73565700
longitude: -74.17236670
altitude: 0.0000
---
show ip bgp
configure
set protocols bgp 64512 parameters router-id 192.168.1.1
set protocols bgp 64512 neighbor 192.168.1.221 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.222 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.223 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.224 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.225 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.226 remote-as 64512
set protocols bgp 64512 neighbor 192.168.1.227 remote-as 64512
show protocols bgp
commit
save
exit
show ip bgp

125
pages/Tech/Networking/UNIFI - REcover PWD.md Normal file
View File

@@ -0,0 +1,125 @@
- Restore access to a unifi controller
When you are *unable to login* to the unifi controller or forgot admin password, you can **restore access** using SSH and manipulating **mongodb** directly.
- Warning
Do not uninstall unifi controller - most of the data is not stored in mongodb. In case you thought a mongodb backup would be sufficient, you may have fucked up already, just like me. However I managed to write this "tutorial" for anyone to not run into the same trap.
**Apparently this guide no longer works with recent unifi controller versions (starting nov/dec 2022)**. Since I no longer use unifi hardware in my home system, I can not update the guide myself. In case you've gotten here to recover your data, you're likely doomed. But giving it a try won't hurt anyway, therefore: good luck.
- Steps
- 1. Generate password
Use [quickhhash.com](https://quickhash.com/) to generate a new password. Use `sha512 / crypt(3) / $6$` with the any salt you like (I used `9Ter1EZ9$lSt6` in the example below, but it really doesn't matter).
I have generated a dummy password for you if you want to leave this step out. It is `Ch4ngeM3VeryQu!ck`:
```
$6$9Ter1EZ9$4RCTnLfeDJsdAQ16M5d1d5Ztg2CE1J2IDlbAPSUcqYOoxjEEcpMQag41dtCQv2cJ.n9kvlx46hNT78dngJBVt0
```
- 2. SSH to controller
SSH to the server running the unifi controller. In my case it's running on a raspberry pi.
```
wget https://fastdl.mongodb.org/linux/mongodb-linux-arm64-ubuntu1604-3.4.24.tgz
tar -zxvf mongodb-linux-arm64-ubuntu1604-3.4.24.tgz
mongodb-linux-aarch64-ubuntu1604-3.4.24/bin/mongo -port 27117
```
```
### 3. Connect to mongodb
By default unifi comes with mongodb running on port `27117`. To connect to it, use the `mongo` cli tool. Make sure it is installed.
Connect using the following command:
```bash
mongo --port 27117
```
When connected to mongo, execute the following commands to switch the database and verify the installation
```
use ace;
show collections;
```
It should show a list of collections, e.g. `account, admin, alarm, broadcastgroup, ...`.
### 4. Fix
It is very likely that you got here because of power/data loss. You want to check if admins are still in the database.
To do so, execute the following command in the mongo cli:
```
db.admin.find()
```
If the result is blank or you don't remember your password, there's two ways. Make sure to replace variables before executing commands.
#### 4.1. Change password of *existing user*
```
db.admin.update({ name: "<YOUR-NAME-GOES-HERE>" }, { $set: { "x_shadow": "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>" } });
```
#### 4.2. Create a *new user*
```
db.admin.insert({ "email" : "<YOUR-EMAIL-GOES-HERE>", "last_site_name" : "default", "name" : "<YOUR-NAME-GOES-HERE>", "time_created" : NumberLong(100019800), "x_shadow" : "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>" })
```
### 5. Get admin id
```
db.admin.find()
```
Will output something like this:
```
> db.admin.find()
{ "_id" : ObjectId("5d0a2e7e8f01c49af4cbe3cd"), "email" : "...", ... }
```
Take the contents of `_id`, in this case it is `5d0a2e7e8f01c49af4cbe3cd`. You should remember it for the next steps.
### 6. Fix permissions
You will need to attach the admin role using db.privilege to the newly created user. The privilege belongs to an admin and a site_id.
Make sure to get your site_ids using the following command:
```
db.site.find()
```
It will show something like this:
```
> db.site.find()
{ "_id" : ObjectId("5d07b088280f9002d7676c87"), "name" : "super", "key" : "super", "attr_hidden_id" : "super", "attr_hidden" : true, "attr_no_delete" : true, "attr_no_edit" : true }
{ "_id" : ObjectId("5d07b088280f9002d7676c88"), "name" : "default", "desc" : "Default", "attr_hidden_id" : "default", "attr_no_delete" : true }
```
Once you know the ids of your sites, you can continue with creating privilege entries. You will need the **admin id** from [step 5](#5-Get-admin-id).
Use the following command for **each site** you got from `db.site.find()`
```
db.privilege.insert({ "admin_id" : "<ADMIN-ID-GOES-HERE>", "permissions" : [ ], "role" : "admin", "site_id" : "<SITE-ID-GOES-HERE>" });
```
Optionally verify that all privileges have been created using the following command:
```
> db.privilege.find()
{ "_id" : ObjectId("5d0bb7573d70717df47d5af6"), "admin_id" : "5d0a2e7e8f01c49af4cbe3cd", "permissions" : [ ], "role" : "admin", "site_id" : "5d07b088280f9002d7676c87" }
{ "_id" : ObjectId("5d0bb7573d70717df47d5af7"), "admin_id" : "5d0a2e7e8f01c49af4cbe3cd", "permissions" : [ ], "role" : "admin", "site_id" : "5d07b088280f9002d7676c88" }
```
- 7. Test
Now you're all set. You eventually want to restart the unifi controller using `service unifi restart`.
You can login now. Good Luck.

125
pages/Tech/Networking/UNIFI - REcover PWD.sync-conflict-20250817-085628-UULL5XD.md Normal file
View File

@@ -0,0 +1,125 @@
- Restore access to a unifi controller
When you are *unable to login* to the unifi controller or forgot admin password, you can **restore access** using SSH and manipulating **mongodb** directly.
- Warning
Do not uninstall unifi controller - most of the data is not stored in mongodb. In case you thought a mongodb backup would be sufficient, you may have fucked up already, just like me. However I managed to write this "tutorial" for anyone to not run into the same trap.
**Apparently this guide no longer works with recent unifi controller versions (starting nov/dec 2022)**. Since I no longer use unifi hardware in my home system, I can not update the guide myself. In case you've gotten here to recover your data, you're likely doomed. But giving it a try won't hurt anyway, therefore: good luck.
- Steps
- 1. Generate password
Use [quickhhash.com](https://quickhash.com/) to generate a new password. Use `sha512 / crypt(3) / $6$` with the any salt you like (I used `9Ter1EZ9$lSt6` in the example below, but it really doesn't matter).
I have generated a dummy password for you if you want to leave this step out. It is `Ch4ngeM3VeryQu!ck`:
```
$6$9Ter1EZ9$4RCTnLfeDJsdAQ16M5d1d5Ztg2CE1J2IDlbAPSUcqYOoxjEEcpMQag41dtCQv2cJ.n9kvlx46hNT78dngJBVt0
```
- 2. SSH to controller
SSH to the server running the unifi controller. In my case it's running on a raspberry pi.
```
wget https://fastdl.mongodb.org/linux/mongodb-linux-arm64-ubuntu1604-3.4.24.tgz
tar -zxvf mongodb-linux-arm64-ubuntu1604-3.4.24.tgz
mongodb-linux-aarch64-ubuntu1604-3.4.24/bin/mongo -port 27117
```
```
### 3. Connect to mongodb
By default unifi comes with mongodb running on port `27117`. To connect to it, use the `mongo` cli tool. Make sure it is installed.
Connect using the following command:
```bash
mongo --port 27117
```
When connected to mongo, execute the following commands to switch the database and verify the installation
```
use ace;
show collections;
```
It should show a list of collections, e.g. `account, admin, alarm, broadcastgroup, ...`.
### 4. Fix
It is very likely that you got here because of power/data loss. You want to check if admins are still in the database.
To do so, execute the following command in the mongo cli:
```
db.admin.find()
```
If the result is blank or you don't remember your password, there's two ways. Make sure to replace variables before executing commands.
#### 4.1. Change password of *existing user*
```
db.admin.update({ name: "<YOUR-NAME-GOES-HERE>" }, { $set: { "x_shadow": "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>" } });
```
#### 4.2. Create a *new user*
```
db.admin.insert({ "email" : "<YOUR-EMAIL-GOES-HERE>", "last_site_name" : "default", "name" : "<YOUR-NAME-GOES-HERE>", "time_created" : NumberLong(100019800), "x_shadow" : "<PASSWORD-HASH-FROM-STEP-1-GOES-HERE>" })
```
### 5. Get admin id
```
db.admin.find()
```
Will output something like this:
```
> db.admin.find()
{ "_id" : ObjectId("5d0a2e7e8f01c49af4cbe3cd"), "email" : "...", ... }
```
Take the contents of `_id`, in this case it is `5d0a2e7e8f01c49af4cbe3cd`. You should remember it for the next steps.
### 6. Fix permissions
You will need to attach the admin role using db.privilege to the newly created user. The privilege belongs to an admin and a site_id.
Make sure to get your site_ids using the following command:
```
db.site.find()
```
It will show something like this:
```
> db.site.find()
{ "_id" : ObjectId("5d07b088280f9002d7676c87"), "name" : "super", "key" : "super", "attr_hidden_id" : "super", "attr_hidden" : true, "attr_no_delete" : true, "attr_no_edit" : true }
{ "_id" : ObjectId("5d07b088280f9002d7676c88"), "name" : "default", "desc" : "Default", "attr_hidden_id" : "default", "attr_no_delete" : true }
```
Once you know the ids of your sites, you can continue with creating privilege entries. You will need the **admin id** from [step 5](#5-Get-admin-id).
Use the following command for **each site** you got from `db.site.find()`
```
db.privilege.insert({ "admin_id" : "<ADMIN-ID-GOES-HERE>", "permissions" : [ ], "role" : "admin", "site_id" : "<SITE-ID-GOES-HERE>" });
```
Optionally verify that all privileges have been created using the following command:
```
> db.privilege.find()
{ "_id" : ObjectId("5d0bb7573d70717df47d5af6"), "admin_id" : "5d0a2e7e8f01c49af4cbe3cd", "permissions" : [ ], "role" : "admin", "site_id" : "5d07b088280f9002d7676c87" }
{ "_id" : ObjectId("5d0bb7573d70717df47d5af7"), "admin_id" : "5d0a2e7e8f01c49af4cbe3cd", "permissions" : [ ], "role" : "admin", "site_id" : "5d07b088280f9002d7676c88" }
```
- 7. Test
Now you're all set. You eventually want to restart the unifi controller using `service unifi restart`.
You can login now. Good Luck.

19
pages/Tech/Networking/USG Commands.md Normal file
View File

@@ -0,0 +1,19 @@
- Update DynDNS
`update dns dynamic interface eth0`
`show dns dynamic status`
> interface : eth0
> ip address : 74.64.197.78
> host-name : all.dnsomatic.com
> last update : Wed Mar 8 14:01:43 2023
> update-status: good
>
> interface : eth0
> ip address : 74.64.197.78
> host-name : fbleagh.ignorelist.com
> last update : Wed Mar 8 14:01:43 2023
> update-status: good
![](Pasted%20image%2020230313114700.png)

19
pages/Tech/Networking/USG Commands.sync-conflict-20250817-085619-UULL5XD.md Normal file
View File

@@ -0,0 +1,19 @@
- Update DynDNS
`update dns dynamic interface eth0`
`show dns dynamic status`
> interface : eth0
> ip address : 74.64.197.78
> host-name : all.dnsomatic.com
> last update : Wed Mar 8 14:01:43 2023
> update-status: good
>
> interface : eth0
> ip address : 74.64.197.78
> host-name : fbleagh.ignorelist.com
> last update : Wed Mar 8 14:01:43 2023
> update-status: good
![](Pasted%20image%2020230313114700.png)

BIN
pages/Tech/Networking/attachments/Pasted image 20230313114700.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 41 KiB