Tag Archives: debian

UNIX & Linux

Headless OBS on Debian

What I tinkered with in recent days was a headless Linux desktop for OBS, running on a server, in my case to gateway an Icecast stream to Twitch.

A number of things need to be considered here:

  • Identify what dependencies need to be installed.
  • Run a pseudo X11 display server and session.
  • Auto-start OBS, auto-start the stream.
  • Run a VNC frontend to the X11 session.
  • Backups.

OBS from Flatpak

Pretty unusual on a server, but should work without issues:

sudo apt-get install flatpak
sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
sudo flatpak install flathub com.obsproject.Studio

Caveat: There is no OBS Browser source on ARM aarch64, so OBS will not be reasonably usable on Oracle’s “Always Free Tier” VPSes. Believe me. I tried.

X11 dependencies

I run the fvwm3 window manager in the virtual display server, because it’s not completely on the hostile end of the window manager spectrum.

sudo apt-get install x11vnc xvfb fvwm3 menu menu-xdg python3-xdg xbase-clients xterm xauth xinit

X11 startup

For X11 startup, I use a systemd user-unit along with a traditional ~/.xinitrc, a file I hadn’t worked with in ages.

# ~/.config/systemd/user/xinit.service
[Unit]
Description=X virtual framebuffer

[Service]
ExecStart=xinit -- /usr/bin/Xvfb :20 -nolisten tcp -screen 0 1280x720x24

[Install]
WantedBy=default.target

Caveat: The preview pane inside OBS requires 24 bit color depth.

The ~/.xinitrc sets a language environment, which I use for influencing the date format inside the OBS browser source. The OBS invocation also starts the stream automatically, and ignores uncontrolled shutdowns of OBS, so the stream will autostart after a reboot.

# ~/.xinitrc
LANG=en_GB.utf-8 flatpak run com.obsproject.Studio --startstreaming --disable-shutdown-check &
exec fvwm3

VNC

The VNC service will be bound to localhost only, but adding a password won’t hurt and will hardly be noticeable once it’s setup and saved in the VNC client.

x11vnc -storepasswd

Another systemd user-unit takes care of starting x11vnc:

# ~/.config/systemd/user/x11vnc.service
[Unit]
Description=x11vnc
Requires=xinit.service

[Service]
ExecStart=x11vnc -forever -usepw -listen localhost -display :20

[Install]
WantedBy=default.target

Backups

OBS’s data is saved in: ~/.var/app/com.obsproject.Studio

Access

  • ssh <theserver> -L 5900:localhost:5900
  • Connect VNC viewer to localhost
Screenshot of the running VNC session with fvwm3 and OBS.

Too Good To, UNIX & Linux

Too good to #0013

In this installment:

  • Pipewire Easyeffects with RNNoise on Debian 12 / Bookworm
  • Gnome Night Light from Sunrise to Sunset, without Location Services
  • Revisiting ratarmount

Pipewire Easyeffects with RNNoise on Debian 12 / Bookworm

RNNoise for removing background sound on your microphone is not included in Debian 12, due to licensing issues around its training data. The least painful way to work around this is to install the Easyeffects Flatpak instead of the packaged easyeffects:

sudo apt-get install flatpak gnome-software-plugin-flatpak
sudo apt-get remove easyeffects
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak install flathub com.github.wwmm.easyeffects

Gnome Night Light from Sunrise to Sunset, without Location Services

Set latitude and longitude manually (coordinates shown are for Frankfurt, Germany: 50° 6′ 38″ N, 8° 40′ 56″ E):

gsettings set \
  org.gnome.settings-daemon.plugins.color \
  night-light-last-coordinates '(50.0, 9.0)'

Revisiting ratarmount

Since my previous look at ratarmount, it went from 0.6.3 to 1.0.0, had the most interesting developments and now mounts archives via HTTP:

virtualenv ~/.local/ratarmount
~/.local/ratarmount/bin/pip3 install -U ratarmount[fsspec]
~/.local/ratarmount/bin/ratarmount
install -D ~/.local/ratarmount/bin/ratarmount ~/bin/

ratarmount -f https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.13.4.tar.xz ~/mnt
Too Good To, UNIX & Linux

Too good to #0011

Mozilla Firefox APT special

The Mozilla Firefox APT repository is incompatible with legacy apt-mirror. Here’s how I install apt-mirror2 as a dedicated python-virtualenv

# apt-get install virtualenv
# virtualenv --no-setuptools /usr/local/apt-mirror2/
# /usr/local/apt-mirror2/bin/pip3 install -U apt-mirror
# /usr/local/apt-mirror2/bin/apt-mirror --help
  • Repeat as-is to update.
  • Here’s the bug that neccessitates the --no-setuptools option: “ModuleNotFoundError: No module named ‘debian'”

mirror.list entry for the Mozilla Firefox APT repository:

deb-all [signed-by=/path/to/packages-mozilla-org.gpg] https://packages.mozilla.org/apt mozilla main
deb-amd64 [signed-by=/path/to/packages-mozilla-org.gpg] https://packages.mozilla.org/apt mozilla main

How to convert Mozilla’s sloppy ASCII-armored PGP key:

$ curl -s -O https://packages.mozilla.org/apt/repo-signing-key.gpg
$ file repo-signing-key.gpg
repo-signing-key.gpg: PGP public key block Secret-Key
$ mv repo-signing-key.gpg repo-signing-key
$ gpg --dearmor repo-signing-key
$ file repo-signing-key.gpg
repo-signing-key.gpg: OpenPGP Public Key Version 4, Created Tue May 4 21:08:03 2021, RSA (Encrypt or Sign, 2048 bits); User ID; Signature; OpenPGP Certificate
Too Good To, UNIX & Linux

Too good to #0009

1 Comment

In this episode:

  • urlwatch for new daily Ubuntu Server ISO
  • systemd-run ephemeral timers as replacement for at
  • Mozillateam Firefox on Debian
  • systemd service: ExecStartPre as root
  • gdm3 autosuspend/shutdown behaviour

urlwatch for new daily Ubuntu Server ISO

Somewhat desparate because at the time of starting this post, the (pre-beta, non-LTS, not blaming anyone) server image in question was badly broken.

---
name: Ubuntu Server Daily ISO
url: https://cdimage.ubuntu.com/ubuntu-server/daily-live/current/SHA256SUMS
filter:
  - grep: .*-live-server-amd64.iso
---

systemd-run ephemeral timers as replacement for at

Goes great with “hardened” systems that deny use of at(1).

Run a command 60 seconds from now, via the user’s private systemd (after logout only if session lingering is enabled).

systemd-run --user --on-active=60s -- logger --tag foo "Hello world"

Run a command 2 minutes from now, privileged or as a specific user via the global systemd:

sudo systemd-run --uid="${LOGNAME}" --on-active=2m -- touch /tmp/hello

Insights

systemctl --user list-timers
journalctl --user -u 'run-*.timer'
sudo systemctl list-timers
sudo journalctl -u 'run-*.timer'

Mozillateam Firefox on Debian

$ sudo tee /etc/apt/sources.list.d/mozillateam-ppa.list &lt;&lt;Here
deb https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy main
deb-src https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu jammy main
Here

$ sudo tee /etc/apt/trusted.gpg.d/mozillateam.asc &lt; &lt;(curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&amp;search=0x0ab215679c571d1c8325275b9bdb3d89ce49ec21')

systemd service: ExecStartPre as root

[Service]
...
User=nonroot
Group=nonroot
ExecStartPre=+install -d /var/lib/theservice -o nonroot -g nonroot
ExecStart=/usr/sbin/theservice

See systemd.service, “special executable prefixes”.

gdm3 autosuspend/shutdown behaviour

Debian:

$ sudo apt-get install dbus-x11
$ sudo chsh -s /bin/bash Debian-gdm
$ sudo -i -u Debian-gdm
$ gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type
'suspend'
$ dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type nothing
$ gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type
$ exit
$ sudo chsh -s /bin/false Debian-gdm

Arch/Garuda:

$ sudo chsh -s /bin/bash gdm
$ gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type
'suspend'
$ dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type nothing
$ gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type
$ exit
$ sudo chsh -s /usr/bin/nologin gdm
python, Too Good To, UNIX & Linux

Too good to #0007

Disable the dynamic motd on Ubuntu and everywhere else

This is without messing around in /etc/pam.d or doing things that may be reverted by future updates. Remember to systemctl enable disable-dynamic-motd.timer.

# /etc/systemd/system/disable-dynamic-motd.timer
[Unit]
Description=Disable all the dynamic-motd scriptlets (timer)

[Timer]
OnBootSec=10
OnActiveSec=3600

[Install]
WantedBy=timers.target

# /etc/systemd/system/disable-dynamic-motd.service
[Unit]
Description=Disable all the dynamic-motd scriptlets (service)

[Service]
Type=oneshot
ExecStart=sh -c 'chmod -v -x /etc/update-motd.d/*'

Disable verbose logging on realmd.service

Problem on AD-member Linux client, realmd logs thousands of redundant messages:

Feb 01 11:11:34 kvm-28ca realmd[22302]: client using service: :1.1042
Feb 01 11:11:34 kvm-28ca realmd[22302]: holding daemon: :1.1042
Feb 01 11:11:34 kvm-28ca realmd[22302]: client gone away: :1.1042
Feb 01 11:11:34 kvm-28ca realmd[22302]: released daemon: :1.1042

Solution, disable debug logging in the systemd unit by introducing this drop-in:

# /etc/systemd/system/realmd.service.d/override.conf
[Service]
LogLevelMax=info

Sorting Debian package versions

dpkg –compare-versions is not exactly a secret, but I’ve wrapped a script around it to visualize and better wrap my head around non-straightforward naming schemes:

$ cat test.txt
2.1
2.2~pre01
1.0
2022-01.1~pre03
2.1-bugfix-foo
2.1~bugfix-foo
2.2
2022-01~foo~bar
2022-01
1.0
0
3
2022-01~foo

$ ./dpkg-sort-versions &lt; test.txt
Sorted from lowest (oldest) to highest (latest):
0
1.0
1.0
2.1~bugfix-foo
2.1
2.1-bugfix-foo
2.2~pre01
2.2
3
2022-01~foo~bar
2022-01~foo
2022-01
2022-01.1~pre03

Script is here.

Too Good To, UNIX & Linux

Too good to #0006

1 Comment

“Sudo on demand” from TGT0003 considered more useful for downgrading privileges on the fly

#!/usr/bin/env bash

want_user=letsencrypt
am_user="$(id -un)"
printf "Running as: %s\n" "${am_user}"
if [[ "${want_user}" != "${am_user}" ]]
then
        printf "Re-executing with sudo.\n"
        exec sudo -u "${want_user}" "${0}"
fi
...

JSON export of all installed packages on Debian/Ubuntu

#!/bin/bash

function dpkg_json(){
    printf "{\n"
    format='"${Package}": { "Version": "${Version}", "Architecture": "${Architecture}", "Status": "${db:Status-Abbrev}" },\n'
    dpkg-query --show --showformat="${format}" | sed '$s/,$//'
    printf "}\n"
}

dpkg_json | jq .

Urlwatch for a new version of a package in the Ubuntu package pool

---
name: "Ubuntu Curtin package (waiting for apt-key fix)"
url: http://archive.ubuntu.com/ubuntu/pool/main/c/curtin/
filter:
  - xpath: //table//td[2]
  - html2text
  - grep: ^curtin.*\.deb$
---
Too Good To, UNIX & Linux

Too good to #0005

Prioritizing own NTP servers for systemd-timesyncd

# cat /etc/systemd/timesyncd.conf.d/timesyncd-corporate.conf 
[Time]
NTP=ntp1.example.com ntp2.example.com ntp.ubuntu.com

Test if text is empty (even if it does contain a linebreak)

Good job by: https://unix.stackexchange.com/q/386499/2028

if ! grep -q '[^[:space:]]' "${file}"; then echo "Text is empty"; fi

Watch for changes in the Gnome registry

(To reproduce manual changes, for configuration management.)

dconf watch / # (Sorry, thats all)

Trigger Debian/Ubuntu unattended-upgrade

(For testing configuration changes)

rm /var/lib/apt/periodic/*
systemctl start apt-daily.service 
systemctl start apt-daily-upgrade.service

And remember:

tail -f /var/log/unattended-upgrades/*log
Too Good To, UNIX & Linux

Too good to #0003

Linux uptime in seconds, once and for all

awk '{printf "%i\n", $1}' /proc/uptime

“Sudo on demand”, re-exec shell script with sudo if not running as root

#!/usr/bin/env bash
printf "Running as: %s\n" "$(id -un)"
[[ ${EUID} -ne 0 ]] && printf "Re-executing with sudo.\n" && exec sudo "${0}"

See also TGT0006, this is just as useful for downgrading privileges on the fly.

“When was the last time apt-get on that Debian/Ubuntu machine installed package upgrades?”

  • Reliably answering this is a lot harder than it looks, subject of countless discussions and really does need to parse /var/log/apt/history.log, which is painful.
  • The script below maintains a file /var/log/apt/lastupgrade with the last upgrade’s time stamp, for further processing.
  • Does NOT track invocations of apt-get upgrade that did not lead to package upgrades.
  • Does NOT look behind logfile rotations, which should not be a problem because it’s closely hooked to dpkg.

/usr/sbin/apt-lastupgrade:

#!/bin/bash

while IFS=: read -r key value
do
	if [[ "${key}" == 'Start-Date' ]]
	then
		upgraded=0
	elif [[ "${key}" == 'Upgrade' ]]
	then
		upgraded=1
	elif [[ "${key}" == 'End-Date' ]]
	then
		if [[ ${upgraded} -eq 1 ]]
		then
			printf -v lastupgrade "%s" "${value}"
		fi
		upgraded=0
	fi
done < /var/log/apt/history.log

if [[ -v lastupgrade ]]
then
	tee /var/log/apt/lastupgrade <<-Here
	# Timestamp of last upgrade: ${lastupgrade}
	Here
	touch -d "${lastupgrade}" /var/log/apt/lastupgrade
fi

/etc/apt/apt.conf.d/90lastupgrade:

DPkg::Post-Invoke {"/usr/bin/systemd-run --on-active=60 /usr/sbin/apt-lastupgrade || /bin/true"};

Path of running shell script, dirname for locating config files, includes etc.

me_path="$(readlink -f "${0}")"
me_dir="$(dirname "${me_path}")"
me_base="$(basename "${me_path}")"
UNIX & Linux

Debian /boot old kernel images

So I was looking at yet another failed apt-get upgrade because /boot was full.
After my initial whining on Twitter, I immediately received a hint towards /etc/apt/apt.conf.d/01autoremove-kernels, which gets generated from /etc/kernel/postinst.d/apt-auto-removal after the installation of new kernel images. The file contains a list of kernels that the package manager considers vital at this time. In theory, all kernels not covered by this list should be able to be autoremoved by running apt-get autoremove.
However it turns out that apt-get autoremove would not remove any kernels at all, at least not on this system. After a bit of peeking around on Stackexchange, it turns out that this still somewhat newish concept seems to be ridden by a few bugs, especially concerning kernels that are (Wrongfully? Rightfully? I just don’t know.) marked as manually-installed in the APT database: “Why doesn’t apt-get autoremove remove my old kernels?”
The solution, as suggested by an answer to the linked question, is to mark all kernel packages as autoinstalled before running apt-get autoremove:

apt-mark showmanual |
 grep -E "^linux-([[:alpha:]]+-)+[[:digit:].]+-[^-]+(|-.+)$" |
 xargs -n 1 apt-mark auto

I’m not an APT expert, but I’m posting this because the post-install hook that prevents the current kernel from being autoremoved makes the procedure appear “safe enough”. As always, reader discretion is advised. And there’s also the hope that it will get sorted out fully in the future.