Linux

Linux

lol

Creating a fifo-based ffmpeg service

- Posted in Linux by

I needed an encoder-service waiting to handle ffmpeg-workloads, and decided to use systemctl and a fifo pipe, so jobs could be queued without the need of RabbitMQ/other.

I'm aware of DLQ and fancy scaling, however this does the trick and hasn't failed for years.

1) Create script for initiating the fifo pipe, save it at /opt/createWorkerPipe.sh:

#!/bin/bash
# pipe location
pipe=/tmp/ffmpeg-pipe

trap "rm -f $pipe" EXIT

# Initiate pipe
[[ -p $pipe ]] || mkfifo $pipe

while true; do
    exec 3<> $pipe
    read line < $pipe
    bash <<< "/opt/ffmpeg-worker.sh $line"
done

2) Create your ffmpeg-worker, with your ffmpeg args, at /opt/ffmpeg-worker.sh:

#!/bin/bash 
# Do ffmpeg stuff
/usr/bin/ffmpeg -y input.avi [yourargs] output.mp4

3) Create service file at /etc/systemd/system/ffmpeg-encoder.service:

[Unit]
Description=ffmpeg encoder service
DefaultDependencies=no
After=network.target

[Service]
Type=simple
User=www-data
Group=www-data
ExecStart=/opt/createWorkerPipe.sh:
TimeoutStartSec=0
RemainAfterExit=yes

[Install]
WantedBy=default.target

3) Reload systemctl daemon: systemctl daemon-reload

4) Enable service: systemctl enable ffmpeg-encoder.service

Verify the service state with: systemctl status ffmpeg-encoder.service

Verifying service status programatially can be done by running:

systemctl is-active --quiet ffmpeg-encoder.service

where exitcode 0 is the active state of the service.

I also wrote a simple ffmpeg-log-parser for polling state via PHP, but that's for another post.

lol

Encrypted storage container with LUKS

- Posted in Linux by

Create an encrypted container for storage with LUKS

Change the names and paths to reflect your environment and needs

1) Make sure cryptsetup is installed: sudo apt update && apt install cryptsetup -y

2) Create an empty file for the container: sudo dd if=/dev/zero bs=1M of=/path/to/lukscontainer count=10240 (I prefer using a flat file, instead of a device, for portability)

3) Create the LUKS volume within the flat file: sudo cryptsetup luksOpen /path/to/lukscontainer container_crypt

4) Create a filesystem within the LUKS volume: sudo mkfs.ext4 /dev/mapper/container_crypt

5) Create a mountpoint for the container: sudo mkdir -p /storage/container/

6) Mount the container in your newly created mountpoint: sudo mount /dev/mapper/container_crypt /storage/container/

To easily unmount and mount the container in the future, create 2 simple scripts:

luksUnmountContainer.sh:

#!/bin/sh /usr/bin/umount /dev/mapper/container_crypt /sbin/cryptsetup luksClose /dev/mapper/container_crypt

luksMountContainer.sh:

#!/bin/sh /sbin/cryptsetup luksOpen /path/to/lukscontainer container_crypt /usr/bin/mount /dev/mapper/container_crypt /storage/container/

(the editor in htmly isn't playing nice, insert linebreaks manually)

Make the scrips executable with chmod +x luks*Container.sh and run them with ./

Make sure to upgrade your KDF to argon2id (default for latest version at the time of writing): https://mjg59.dreamwidth.org/66429.html

lol

Create a RAM-drive in Linux

- Posted in Linux by

Add the following line to /etc/fstab to create an 8 GB RAM-drive in Linux with tmpfs

tmpfs           /mnt/ramdisk tmpfs      defaults,size=8192M 0 0

Mount with sudo mount -a and use /mnt/ramdisk/

lol

Simple pyproxy TCP example

- Posted in Linux by

./pyproxy.py --tcp -s 172.16.16.81:12345 -d domain.tld:12345 -v

Script source-code: download here

lol
openssl pkcs12 -inkey certificate.key -in certificate.pem -export -out certificate.pfx