一直听说 tinc 比较科学,所以尝试自己用 tinc 搭建一个网络。这里,macOS 这段没有固定 IP 地址,Linux 机器有固定 IP 地址 linux_ip。假设网络名称为 example , macOS 端名为 macos 地址为 192.168.0.2, linux 端名为 linux 地址为 192.168.0.1。
- (str) masquerade_address:
the "masqueraded" IP address to provide along PASV reply when
pyftpdlib is running behind a NAT or other types of gateways.
When configured pyftpdlib will hide its local address and
instead use the public address of your NAT (default None).
- (dict) masquerade_address_map:
in case the server has multiple IP addresses which are all
behind a NAT router, you may wish to specify individual
masquerade_addresses for each of them. The map expects a
dictionary containing private IP addresses as keys, and their
corresponding public (masquerade) addresses as values.
- (list) passive_ports:
what ports the ftpd will use for its passive data transfers.
Value expected is a list of integers (e.g. range(60000, 65535)).
When configured pyftpdlib will no longer use kernel-assigned
random ports (default None).
server{listen8443ssl;server_nameesxi.example.org;ssl_certificate/path/to/ssl/cert.pem;ssl_certificate_key/path/to/ssl/key.pem;location/{if($request_method='OPTIONS'){add_header'Access-Control-Allow-Origin''https://esxi.example.org';add_header'Access-Control-Allow-Credentials''true';add_header'Access-Control-Allow-Methods''GET, POST, OPTIONS';add_header'Access-Control-Max-Age'1728000;add_header'Access-Control-Allow-Headers''VMware-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie,SOAPAction';add_header'Content-Type''text/plain; charset=utf-8';add_header'Content-Length'0;return204;}add_header'Access-Control-Allow-Origin''https://esxi.example.org';add_header'Access-Control-Allow-Credentials''true';proxy_passhttps://esxi_addr:443;proxy_ssl_verifyoff;proxy_ssl_session_reuseon;proxy_set_headerHost$http_host;proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;proxy_set_headerX-Forwarded-Proto$scheme;}}
主要麻烦的是配置 CORS 的相关策略。我也是看了 DevTools 的错误提示半天才慢慢写出来的。这样配置以后,就可以成功登录 VMware ESXi 了。
map$http_upgrade$connection_upgrade{defaultupgrade;''close;}server{listen8443ssl;server_nameesxi.example.org;ssl_certificate/path/to/ssl/cert.pem;ssl_certificate_key/path/to/ssl/key.pem;location/{if($request_method='OPTIONS'){add_header'Access-Control-Allow-Origin''https://esxi.example.org';add_header'Access-Control-Allow-Credentials''true';add_header'Access-Control-Allow-Methods''GET, POST, OPTIONS';add_header'Access-Control-Max-Age'1728000;add_header'Access-Control-Allow-Headers''VMware-CSRF-Token,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie,SOAPAction';add_header'Content-Type''text/plain; charset=utf-8';add_header'Content-Length'0;return204;}add_header'Access-Control-Allow-Origin''https://esxi.example.org'always;add_header'Access-Control-Allow-Credentials''true'always;proxy_passhttps://esxi_addr:443;proxy_ssl_verifyoff;proxy_ssl_session_reuseon;proxy_set_headerHost$http_host;proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;proxy_set_headerX-Forwarded-Proto$scheme;proxy_set_headerUpgrade$http_upgrade;proxy_set_headerConnection$connection_upgrade;}}
Server <---> NAT Router <---> My Laptop
On NAT Router, port 8022 is forwarded to Server:22
1. mosh router # works
2. mosh --ssh="ssh -p 8022" router # works
首先在 NAT Router 上配置 miniupnpd(以 Debian 为例)
sudoaptinstallminiupnpd
# you will get a dialog upon installation# input your wan interface and listening ip accordinglysudovim/etc/default/miniupnpd
# edit START_DAEMON=0 to START_DAEMON=1sudovim/etc/miniupnpd/miniupnpd.conf
# edit ext_ifname, listening_ip accordingly# set secure_mode=yes# add 'allow 60000-60023 internal_ip/prefix 60000-60023'# before the last line 'deny 0-65535 0.0.0.0/0 0-65535'sudosystemctlenable--nowminiupnpd
首先遇到的问题是,一启动之后就会花屏。我们一开始怀疑是 NVIDIA 驱动的问题,于是想改 kernel param 但是发现,这个 ISO 是 hybrid 的,我们在 macOS 和 Windows 上都不能 mount 上这种类型的盘。于是我们选择自己搞分区表。我们把 U 盘插到电脑上,然后在 Linux 虚拟机内重新分区为 GPT,然后 mount 到 /mnt/usb,再重新下载 archlinux iso,不过此时刚好上游更新了 archlinux-2018.05.01 的影响。我们把 ISO 中根分区 mount 到 /mnt/iso 上来,然后 cp -a /mnt/iso/* /mnt/usb 。调整了 grub 中的内核参数,仍然无果。我们认为问题可能在显卡上,就把那张显卡拔下来了,果然显示就正常了,但是新的问题就来了。
一启动,fstab 尝试把 LABEL=ARCHISO_201805 挂在上来,但是失败。于是我们把 U 盘插到 mac 上,用 Disk Utility 给分区命了名,再插回去,然后这个 Live CD 的 Systemd 就成功起来了。接下来就是根据官方的 Installation Guide 进行安装各种东西。安装完后,在 /boot/EFI 的操作上也出现了一些问题,一开始忘记调用 grub-mkconfig ,导致重启以后进入 grub-rescue,所以又回到 Live CD 重新 grub-mkconfig 。同时对 systemd-networkd 也进行了相应的调整,这样开机以后可以配好网络。主要就是在网卡上配上两个 VLAN 和相应的 DHCP 和静态地址。
接下来对以前的东西进行迁移。主要就是按照十分详细的 Arch Wiki 进行相应的配置。由于空间所限,我们把原来的 home 目录直接 mount --bind 到 /home,但是不可避免地,会出现用户 id 不对应的问题。于是我们把需要用到的用户的 /etc/{passwd,group,shadow} 统统拷贝到新的系统的相应地方。然后是配置 winbind,就是按部就班地按照 Arch Wiki 和以前的配置进行更新,然后成功地把 AD 上的用户获取到。此时再次出现了 uid 不对应的问题,此时我们使用 chown -R user:user /home/user 的方法。
剩下的工作就是琐碎的安装各种常用软件。不必多说。
P.S. 我研究出了一个很好用的 mosh + tmux 的 fish function: (但是有时工作有时不工作,不明白什么回事)
function tmosh
mosh $argv -- tmux new-session bash -c 'tmux set -g mouse on; tmux setw -g mode-keys vi; fish'
end
#![feature(compiler_builtins_lib, lang_items, asm, pointer_methods)]#![no_builtins]#![no_std]externcratecompiler_builtins;pubmodlang_items;constGPIO_BASE:usize=0x3F000000+0x200000;constGPIO_FSEL1:*mutu32=(GPIO_BASE+0x04)as*mutu32;constGPIO_SET0:*mutu32=(GPIO_BASE+0x1C)as*mutu32;constGPIO_CLR0:*mutu32=(GPIO_BASE+0x28)as*mutu32;#[inline(never)]fnspin_sleep_ms(ms:usize){for_in0..(ms*600){unsafe{asm!("nop"::::"volatile");}}}#[no_mangle]pubunsafeextern"C"fnkmain(){// STEP 1: Set GPIO Pin 16 as output.GPIO_FSEL1.write_volatile(1<<18);// STEP 2: Continuously set and clear GPIO 16.loop{GPIO_SET0.write_volatile(1<<16);spin_sleep_ms(1000);GPIO_CLR0.write_volatile(1<<16);spin_sleep_ms(1000);}}
fnblinky(){letmutpin16=Gpio::new(16);letmutpin_out16=pin16.into_output();loop{pin_out16.set();spin_sleep_ms(1000);pin_out16.clear();spin_sleep_ms(1000);}}#[no_mangle]pubextern"C"fnkmain(){// FIXME: Start the shell.blinky();}
# Documentation: https://docs.brew.sh/Formula-Cookbook.html# http://www.rubydoc.info/github/Homebrew/brew/master/Formula# PLEASE REMOVE ALL GENERATED COMMENTS BEFORE SUBMITTING YOUR PULL REQUEST!classRecoll<Formuladesc"Recoll is a desktop full-text search tool."homepage"https://www.lesbonscomptes.com/recoll/"url"https://www.lesbonscomptes.com/recoll/recoll-1.23.5.tar.gz"sha256"9b6b6941efc3e87c8325e95a69a5d0a37c022c3c45773c71dccd0fb3f364475f"depends_on"xapian"depends_on"qt"depends_on"aspell"definstallinreplace"Makefile.in","-Wl,--no-undefined -Wl,--warn-unresolved-symbols","--no-undefined --warn-unresolved-symbols"system"./configure","--disable-dependency-tracking","--disable-silent-rules","--without-x","--disable-x11mon","--with-aspell","--enable-recollq","--disable-webkit",# requires qtwebkit, which is not bundled with qt5"--prefix=#{prefix}"system"make","install"mkdirlibexecmvbin/"recoll.app",libexec/"recoll.app"endtestdo# `test do` will create, run in and delete a temporary directory.## This test will fail and we won't accept that! For Homebrew/homebrew-core# this will need to be a test that verifies the functionality of the# software. Run the test with `brew test recoll`. Options passed# to `brew install` such as `--HEAD` also need to be provided to `brew test`.## The installed folder is not in the path, so use the entire path to any# executables being tested: `system "#{bin}/program", "do", "something"`.system"false"endend