Category: Blog

Hi,

During the weekly patch of servers I ran into this error with vpn router running Rockylinux 9:-

$ sudo dnf -y upgrade
Last metadata expiration check: 2:08:32 ago on Thu 06 Feb 2025 19:34:19 GMT.
Error:
Problem 1: package iptables-services-1.8.10-4.1.el9.noarch from @System requires (iptables-libs = 1.8.10-4.el9 or iptables-libs = 1.8.10-4.el9_4), but none of the providers can be installed
- cannot install both iptables-libs-1.8.10-11.el9_5.x86_64 from baseos and iptables-libs-1.8.10-4.el9_4.x86_64 from @System
- cannot install the best update candidate for package iptables-services-1.8.10-4.1.el9.noarch
- cannot install the best update candidate for package iptables-libs-1.8.10-4.el9_4.x86_64
Problem 2: problem with installed package iptables-services-1.8.10-4.1.el9.noarch
- package iptables-services-1.8.10-4.1.el9.noarch from @System requires (iptables-libs = 1.8.10-4.el9 or iptables-libs = 1.8.10-4.el9_4), but none of the providers can be installed
- package iptables-services-1.8.10-4.1.el9.noarch from epel requires (iptables-libs = 1.8.10-4.el9 or iptables-libs = 1.8.10-4.el9_4), but none of the providers can be installed
- cannot install both iptables-libs-1.8.10-11.el9_5.x86_64 from baseos and iptables-libs-1.8.10-4.el9_4.x86_64 from @System
- package iptables-nft-1.8.10-11.el9_5.x86_64 from baseos requires iptables-libs(x86-64) = 1.8.10-11.el9_5, but none of the providers can be installed
- cannot install the best update candidate for package iptables-nft-1.8.10-4.el9_4.x86_64

I could exclude iptables-services and allow the server to update or wait for this package conflict to be resolved, I suspect an update from epel would resolve. I opted instead to take tiny steps in to using a more modern firewall. I considered firewalld, but decided the zones required would have made this more complicated than needed. See this old post, will give you an idea of what I mean. So I opted for nftables.

Some googling lead me to iptables-restore-translate and more specifically this.  These are the instructions specific to Rocky Linux 9.

$ sudo dnf remove iptables-services # allows dnf upgrade to proceed
$ sudo iptables-save > iptables-rules.txt # export the iptables rules
$ sudo iptables-restore-translate -f iptables-rules.txt > ruleset.nft # convert to nftables
$ sudo nft --file ruleset.nft # import the rules into nftables

# Now let's make these rules survive a reboot.
$ sudo nft list ruleset >/etc/sysconfig/nftables.conf
$ sudo systemctl enable --now nftables

# To see the rules, equivalent of iptables -S
$ sudo nft list ruleset

Thanks Tom.

P.S Please feel free to comment.

Sources:-
https://blog.programster.org/nftables-cheatsheet
https://forums.rockylinux.org/t/replacing-iptables-centos-7-with-firewalld-rocky-9/14790

The cpanel gui for generating CSRs, creates a common name and a san (subject alternative name); containing the same value. I have seen this cause issues with ordering SSLs. So I’ve created an interactive script, that creates a CSR with just the common name. Download the script run it and follow the instructions. Script can be found here.

All comments are welcome.
Thanks Tom.

Today I received a DHT22 probe for my pi4:
Pxyelec DHT22 1-Wire Bus DC 5V

To replace:
https://thepihut.com/products/temper2-usb-dual-temperature-sensor

Which I’ve mentioned in a couple of previous blogs, for example:
https://blog-tomsdomain.co.uk/2018/11/25/raspbian-debian-thermometer/

I also wanted to to add an LCD screen (see above), which I already had:
SunFounder-Display

More info can be found on my github repo

All comments are welcome.
Thanks Tom.

Couple of scripts to make it easier to mass generate CSRs & install the SSLs on mass as well:

CSR Script
SSL Install Script

Both require a csv spreadheet called domains.csv, 1st column domain, 2nd username. For the csr generation if company details are not constant, add columns to csv file and use awk to generate variables. For example if country is the third, add as a variable like this:

country=$(awk -F, -v r=$linenumber -v c=3 ‘{if(NR==r)print $c}’ domains.csv)

CPANEL’s gui for generating CSRs, auto includes Subject Alternative Name (SAN). Which some SSLs providers don’t support or I’ve seen issues preventing a cert covering both the domain and www and then requires a reissue. This script generates a single CSR without a SAN.

All comments are welcome.

Thanks Tom.

Hi,

Recently found some inspiration to look at this again. Now installable as addon, no need to edit keymaps. Just run the addon and follow the instructions, available for both kodi 18 & 19:

kodi 18
kodi 19

Kodi 18 takes longer to start as it has additional dependences.

Git Repository can found here, again please comment below.

Thanks Tom.

Hi this an update to a post from a couple of years ago:

https://blog-tomsdomain.co.uk/2018/11/25/raspbian-debian-thermometer/

Specifically the scheduling of a job to run the temperature check & send email email alert if required, with a SystemD timer rather than a Cron job. Also removing the requirement for a separate python script. The temperature check and alert is now all done with one bash script.  The script does now require installing msmtp, this does require some configuration to work with an external mail server (as did the python script in the original post); a quick google search should give you all you need; if not please comment and I’ll assist further.

Updated bash script (/home/pi/temp-check.sh):

#!/bin/bash
TEMP=$(/usr/local/bin/tempered | grep -oP '(?<=/dev/hidraw1 0: temperature) [\d.]+')
MAXTEMP=40
if [ $TEMP \> $MAXTEMP ];
then
    echo -e "Subject: $TEMP°c Temperature is to high! \r\n\r\n$TEMP°c Temperature is to high!" |msmtp [email protected] -t [email protected]
else
    echo "Temperature" $TEMP"°c, normal";
fi;
unset TEMP MAXTEMP

Just set the MAXTEMP variable, to the maximum desired temperature.

Now the SystemD timer, first thing is to create the service unit (/lib/systemd/system/check-temp.service):

[Unit]
Description=Temperature Check

[Service]
Type=simple
ExecStart=/home/pi/temp-check.sh

[Install]
WantedBy=multi-user.target

Next the timer unit is created (/lib/systemd/system/check-temp.timer):

[Unit]
Description=Check Temperature Timer

[Timer]
OnCalendar=*:0/15
Unit=check-temp.service

[Install]
WantedBy=timers.target

Here the timer is scheduled to run every 15 minutes, this can be increased and decreased, more details can be found here.

To schedule the job, please run:
$ sudo systemctl start check-temp.timer

So it persists after a reboot please issue:
$ sudo systemctl enable check-temp.timer

And that’s it, temparature check and aleart should now be scheduled via a SystemD timer.

Being a long time user of Fedora and a frequent browser on their discourse. I quite often see posts, where users do not want to move on from a version of Fedora which they consider stable, but the version is EOL. These sort of posts are quite often followed with suggestions to use Centos rather than Fedora. Problem with this is that Centos is more of a server distro, and although its possible to install a desktop environment, it isn’t as straight forward as it is with other distros. This is why I have created a kickstart file:

https://github.com/tomdoyle87/ks-centos-desktop

Which I hope takes the hardwork out setting Gnome-workstation with Centos 8. It also includes TLP to improve battery life, is only enabled on Laptops. I looked at the way Fedora does this, but this would require changes to kernel; which is beyond the scope of this project.

Thanks Again, all comments are welcome,

Tom.

Hi,

Here is a script for setting up an NFS server that works within kodi for OSMC, for both kodi 18 & 19; I’ve also created created an uninstall script. This wouldn’t have been possible without the help of bmillham who is a member of the OSMC team.

Install: https://github.com/tomdoyle87/osmc-nfs-server-python3/blob/master/Kodi-nfs-server-setup.py 2

Uninstall: https://github.com/tomdoyle87/osmc-nfs-server-python3/blob/master/Kodi-uninstall-nfs-server.py

The easiest way is to map some shortcuts to some keys for example f11 & f12, for example (will need to use the command line):

cd /home/osmc/.kodi/userdata
wget https://raw.githubusercontent.com/tomdoyle87/osmc-nfs-server-python3/master/Kodi-nfs-server-setup.py
wget https://raw.githubusercontent.com/tomdoyle87/osmc-nfs-server-python3/master/Kodi-uninstall-nfs-server.py

Then add the following to keyboard.xml or remote.xml (in the global section):

XBMC.RunScript(special://home/Kodi-nfs-server-setup.py)
XBMC.RunScript(special://home/Kodi-uninstall-nfs-server.py)

If you need any further assistance with setting up, please comment below. Also I will gladly receive any thoughts or feedback.

Currently only works with OSMC, but shouldn’t require many changes to work on other linux based kodi platforms; glad to help anybody looking to do this, again please comment below.

Thanks Tom.

Good Evening,

Readers of my previous posts, will be aware I noticed issues with apf under systemd; further details can found here.

Further updates and improvements were reported here. On a side note I’ve never received a response to the issue I raised on rfxn’s github.

I acknowledge that life can take people away from open-source projects , so I’ve created my own fork with some extras. Not only have I made improvements over the systemd solution provided on this blog previously. The fork also includes auto update with email alert and an un-install bash script.

The fork can be found on github.

Thanks Tom.

P.S Please feel free to comment.

This is a follow up to this post. The below script is written with automated CPANEL updates in mind, but could be quite easily modified to be used with any automated updates with logs.

!/bin/bash
cd /var/cpanel/updatelogs # Change to cpanel updates logs directory. 
VAR1=$(ls -tr up*|tail -1) # Find the latest log and set it as a variable. 
egrep 'Error:|error:|Another app is currently holding the yum lock|Segmentation fault' $VAR1 > /tmp/update-check # Check for errors and output to temp file
if egrep 'Error:|error:|Another app is currently holding the yum lock|Segmentation fault' /tmp/update-check; then # If then to check for errors and send email alert if  required. 
             /bin/mail -s "$(echo -e "Check to see if updates work, failed\nX-Priority: 1")" < /tmp/update-check root
fi
unset VAR1 # Unset variable. 

Cronjob should be scheduled about an hour after updates:

0 0 * * * /bin/bash  /usr/local/sbin/upcp-check.sh &>/dev/null 

Thanks Tom.

P.S Please feel free to comment.