lv resize and file system increase

how to resize an lvs file system:

Example:  We want to increase LVNAME

1.  What vg is it in?
[root@HOSTNAME ~]# lvs
LV        VG           Attr   LSize   Origin Snap%  Move Log Copy%  Convert
LVNAME   VGGROUP -wi-ao  10.00G

2.  There is space on the vg to do this?
[root@HOSTNAME ~]# vgs
VG           #PV #LV #SN Attr   VSize   VFree
VGGROUP   1   8   0 wz–n- 100.00G 10.00G
3.  Increase the lv by 10G
lvresize -L +10GB /dev/VGGROUP/LVNAME
or
lvresize -l +100%FREE /dev/VGGROUP/LVNAME
4.  resize the file system
resize2fs -p /dev/VGGROUP/LVNAME

This can all be done while the filesystem is mounted safely.

Ubuntu 12.10 Build

Xrdp issues – first couldn’t get a desktop, then I couldn’t press ‘d’ while in xrdp

  1. apt-get install compizconfig-settings-manager (fix found here)
  2. ccsm (no sudo)
  3. In the compiz config manager: General (left side) -> General Options (right side) -> Key bindings (tab) -> Show Desktop (with the keyboard icon) -> Click the “X” icon (on the far right) This sets the default of <Control><Primary><Super>d.
  4. Click on the key binding <Control><Primary><Super>d.
  5. Click “Grab key combination”
  6. Press ALT+D (or whatever other key combo you want to bind to the “show desktop” option).
  7. Do the same for the Maximize and Minimize window as they are linked to the super key as well.
  8. Click OK, Back, Close
  9. Restart your xrdp session
  10. Prerequisite packages:
  11. Setup perl:
    1. locale-gen en_US en_US.UTF-8 hu_HU hu_HU.UTF-8
    2. dpkg-reconfigure locales
  12. apt-get install php5 php5-mysql php5-sqlite php5-recode php5-snmp php5-cgi  php5-cli php5-curl php5-dbg php5-dev
  13. Setup Apache
    • a2ensite default-ssl
    • a2enmod ssl
    • a2enmod rewrite
  14. Setup Mysql
    • CREATE USER ‘USERNAME’@’*’ IDENTIFIED BY ‘PASSWORD-HERE’;
    • GRANT ALL PRIVILEGES ON *.* TO ‘USERNAME’@’10.10.1.0/255.255.255.0’ WITH GRANT OPTION
  15. Install Cakephp: http://nerdviral.wordpress.com/2012/10/02/install-the-latest-cakephp-on-ubuntu-server-12-04-lts/
  16. postfix using maildir:  postconf -e “home_mailbox= Maildir/” ; service postfix restart
  17. Sync with dropbox: https://www.dropbox.com/install?os=lnx

SED – quick inline editor

EDIT .. re your comment.. Here is a new script which doesn’t concern itself about (eg.) William Smith. It temporarily obfuscates patterns which it keeps as Smith (unchanged).

sed -r ‘s/\<(John) (Smith)\>/\1\x01x\2/g;
s/\/John/g; s/\x01x/ /g’

If you are concerned about Mr. Mr Mrs… then this works.

sed -r ‘s/\<(John|((M(r|rs|s))\.?)) (Smith)\>/\1\x01x\5/g
s/\/John/g; s/\x01x/ /g’

You can cater for William by adding his name to the or list, eg.
sed -r ‘s/\<(William|John|... This is the orginal script sed -r 's/(^|[[:punct:]] |\<[a-z]+ )(Smith\>)/\1John/’

Amanda Home Backup Server *WIP*

Based off this link.

I want to backup all my linux and windows system to a central place, using a mix of BluRay / Tape for long term storage, and external USB disks for near term bulk storage.  The tapes and bluray would basically for if the usb drive decided to die.

Backing up a windows client to amanda:

http://wiki.zmanda.com/index.php/Zmanda_Windows_Client

 

References:

http://www.harkness.co.uk/services/backup.html

Home Server Amanda Backup Server

http://wiki.zmanda.com/index.php/Tapetype_definitions

http://www.amanda.org/

https://wiki.zmanda.com/index.php/Getting_Started_with_Amanda

https://www.howtoforge.com/centralized-backup-server-with-amanda-on-centos

https://www.howtoforge.com/disk-backup-with-amanda-on-debian-lenny

http://www.amanda.org/download.php

 

Using Gmail as your smarthost

Sendmail Debugging

sendmail -qf -v (process what is in the queue)

Setting up Gmail as your smart host

mkdir -p /etc/mail/authchmod 700 /etc/mail/auth

Change the user_id and password in the following example:

cat >> /etc/mail/auth/client-info <<EOF
AuthInfo:smtp.gmail.com “U:smmsp” “I:user_id” “P:password” “M:PLAIN”
AuthInfo:smtp.gmail.com:587 “U:smmsp” “I:user_id” “P:password” “M:PLAIN”
EOF

Add the following to the end of the /etc/mail/sendmail.mc file:

cat >> /etc/mail/sendmail.mc <<EOF
GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain')dnl
EOF

Correct the sender’s email address to match the correct domain

cat >> /etc/mail/genericsdomain <<EOF
cookie!cookie!asterisk ncherry@linuxha.com
EOF
cd /etc/mail
makemap -r hash genericstable.db < genericstable
cd /etc/mail
make
service sendmail restart

test

Centos 6 Build

Build goes here

Install python2.7 without breaking Centos internals. (link)

sudo yum update # update yum 
sudo yum install centos-release-scl # install SCL
sudo yum install python27 # install Python 2.7
scl enable python27 bash
cd /opt/rh/python27/root/usr/bin/ # cd to the directory where SCL installs python 
sudo LD_LIBRARY_PATH=$LD_LIBRARY_PATH ./easy_install-2.7 pip
sudo LD_LIBRARY_PATH=$LD_LIBRARY_PATH ./pip2.7 install requests

Note that using the SCL python2.7 is not as straight forward as it should be. (link)

 

If using “Let’s Encrypt” then you’ll need to update to python 2.7

Ubuntu 13.10 Build

x264 installation

  • git clone git://git.videolan.org/x264.git
  • cd 264
  • ./configure –prefix=/usr/local
  • make
  • mv x264 /usr/lib/
  • mv libx264.a /usr/lib/
  • mv x264.h /usr/include

handbrake installation

  • svn checkout svn://svn.handbrake.fr/HandBrake/trunk hb-trunk
  • cd hb-trunk
  • ./configure –launch –disable-gtk
  • apt-get -y install gnome-session-fallback
  • apt-get -y install xfce4-terminal
  • apt-get install xfce
  • echo xfce4-session >~/.xsession
  • service xrdp restart

 

Document it here

Vmware Workstation Installation

Handbrake installation

xrdp

Apache/Mysql

Fedora Build

Patch System:

yum update

Include RPMForge Repository

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Disable the repo (such that base packages not overwritten) edit /etc/yum.d/rpmforge.repo and set the following option

enabled = 0
Install Apache
yum install httpd php php-mysql php-xml php-imap php-mbstring php-mcrypt \
 php-pecl-Fileinfo php-pear-DB php-pear-File php-pear-Log php-pear-Mail-Mime \
 php-pear-Auth-SASL php-pear-Date php-pear-HTTP-Request php-pear-Mail php-pear-Net-Sieve \
 php-pear-Net-Socket php-pear-Net-SMTP openssl mod_ssl -y

Database Setup:

yum install mysql mysql-server -y

Mail Setup:

yum install exim system-switch-mail -y

pam_mysql

rpm -Uvh http://www.topdog-software.com/oss/pam_mysql/pam_mysql-0.7RC1-1.i386.rpm

Install Horde

yum install horde imp-h3 ingo-h3 turba-h3 kronolith-h3 -y
wget ftp://ftp.horde.org/pub/passwd/passwd-h3-3.0.1.tar.gz
tar xzvf passwd-h3-3.0.1.tar.gz -C /usr/share/horde
mv /usr/share/horde/passwd-h3-3.0.1 /usr/share/horde/passwd

Install cyrus-imapd

yum install db4-utils -y
rpm -Uvh http://www.topdog-software.com/oss/cyrus-imapd/cyrus-imapd-perl-2.3.11-3.i386.rpm
rpm -Uvh http://www.topdog-software.com/oss/cyrus-imapd/cyrus-imapd-utils-2.3.11-3.i386.rpm
rpm -Uvh http://www.topdog-software.com/oss/cyrus-imapd/cyrus-imapd-2.3.11-3.i386.rpm

Install pam_mysql

rpm -Uvh http://www.topdog-software.com/oss/pam_mysql/pam_mysql-0.7RC1-1.i386.rpm

Install clamav:

yum –enablerepo=rpmforge install clamav clamav-db clamd -y

Install spamassassin

yum install spamassassin -y

Enable virtual hosting and create default virtualhost, edit /etc/httpd/conf/httpd.conf and add at the end

NameVirtualHost *:80
<VirtualHost *:80>
    ServerAdmin webmaster@home.topdog-software.com
</VirtualHost>

Create the virtual host for horde webmail add this under the above

 

<VirtualHost *:80>
        Servername mail.home.topdog-software.com
        DocumentRoot /usr/share/horde
        ErrorLog logs/mail-error_log
        CustomLog logs/mail-access_log common
</VirtualHost>

 

Enable horde security settings edit the file /etc/httpd/conf.d/horde.conf and set as below

#Alias /horde /usr/share/horde
<Directory /usr/share/horde>
    Options +FollowSymLinks
    php_admin_flag safe_mode off
    php_admin_flag magic_quotes_runtime off
    php_flag session.use_trans_sid off
    php_flag session.auto_start off
    php_admin_flag file_uploads on
    #php_admin_flag allow_url_fopen on
    php_value post_max_size 20M
    php_value upload_max_filesize 10M
    php_admin_value open_basedir "/usr/share/horde:/usr/share/horde/config:/usr/share/pear:/tmp"
    php_admin_flag register_globals off
</Directory>
<Directory /usr/share/horde/config>
    Order Deny,Allow
    Deny from all
</Directory>
<DirectoryMatch "^/usr/share/horde/(.*/)?(config|lib|locale|po|scripts|templates)/(.*)?">
    Order Deny,Allow
    Deny from all
</DirectoryMatch>

Increase PHP memory limit edit /etc/php.ini and change to below

memory_limit = 64M

Enable horde under SSL edit /etc/httpd/conf.d/ssl.conf and add the following to the default virtualhost between the <VirtualHost _default_:443><VirtualHost> tags

Servername mail.home.topdog-software.com:443
DocumentRoot /usr/share/horde

Switch the MTA to exim

system-switch-mail (select exim)

Anti-virus / Sanesecurity Checks

Configure Exim (/etc/exim/exim.conf) to use clamav to scan incoming mail and reject virus infected email and image and pdf spam at smtp time

av_scanner = clamd:/var/run/clamav/clamd.sock

RBL’s

Configure the RBL’s under acl_check_rcpt:

drop    message       = REJECTED because $sender_host_address is in a black list spamhaus.org
           dnslists      = zen.spamhaus.org
drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
           dnslists      = bl.spamcop.net
drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
           dnslists      = dnsbl.sorbs.net

Anti Spam

If you want to reject messages from servers with no reverse dns add this under acl_check_rcpt:, it does have a exception list to which you can add domains where the acl should not be applied and trys to deliver a test message to sending address to verify if the sender is valid.

drop  message   = REJECTED - We don't accept messages from hosts without reverse DNS
        log_message = No reverse DNS
        domains = ! lsearch;/etc/exim/checks_exempt_hosts
        !verify = reverse_host_lookup
        !verify = sender/callout=2m,defer_ok
        !condition =  ${if eq{$sender_verify_failure}{}}

To reject messages from clients that dont provide a HELO/EHLO add this to acl_check_rcpt:

drop  message  = REFUSED - no HELO/EHLO greeting
        log_message = remote host did not present greeting
        condition = ${if def:sender_helo_name {false}{true}}

You can rate limit the connections to your server as well add this to acl_check_connect: to do so (read the exim docs on the parameters if you want to fine tune it for your site)

deny ratelimit = 250 / 15m / strict
       message = You can only send $sender_rate per $sender_rate_period
       log_message = RATE: $sender_rate/$sender_rate_period (max $sender_rate_limit)
accept

Stop rogue spam bots from trashing your machine

smtp_accept_max_nonmail = 30
smtp_max_unknown_commands = 1

Don’t advertise pipelining

pipelining_advertise_hosts =

Enable Spamassassin checks

spamd_address = /var/run/spamassassin/spamd.sock

Reject all messages with score above 6 at smtp time. (acl_check_data)

accept condition = ${if >={$message_size}{100000} {1}}
add_header = X-Spam-Note: SpamAssassin run bypassed due to message size
warn spam = nobody/defer_ok
add_header = X-Spam-Flag: YES
accept condition = ${if !def:spam_score_int {1}}
add_header = X-Spam-Note: SpamAssassin invocation failed
warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
# X-Spam-Report: $spam_report
drop condition = ${if >{$spam_score_int}{60} {1}}
message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
$spam_report

Mail routing

Enable access to Mysql database

hide mysql_servers = localhost/horde/horde/hordepassword

Modify the local delivery router to deliver to cyrus but verify the email address of user before delivery (in routers section of exim.conf)

localuser:
  driver = accept
  local_parts = ${lookup mysql {SELECT REPLACE(user_uid,'${quote_mysql:@$domain}','') \
         as user FROM horde_users WHERE user_uid='${quote_mysql:$local_part@$domain}'}{$value}}
  transport = local_delivery
  cannot_route_message = Unknown user

Create a transport to deliver to cyrus via lmtp socket

local_delivery:
  driver = lmtp
  socket = /var/lib/imap/socket/lmtp
  batch_max = 50
  user = cyrus

SMTP Authentication

Add the following to the authentication section of /etc/exim/exim.conf

plain:
  driver = plaintext
  public_name = PLAIN
  server_prompts = :
  server_set_id = $2
  server_condition = ${if saslauthd{{$2}{$3}{pop}}{1}{0}}
  server_advertise_condition = true
login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = ${if saslauthd{{$1}{$2}{pop}}{1}{0}}
  server_set_id = $1
  server_advertise_condition = true

Full sample configuration

Download the full configuration file here.

 

Configure Mysql

Disable TCP networking edit /etc/my.cnf and the following in the mysqld section

skip-networking

Set root password

/usr/bin/mysqladmin -u root password ‘new-password’
/usr/bin/mysqladmin -u root -h your_host_name password ‘new-password’ -p

Configure Horde

Edit the sql file and change the mysql password for the horde user

cp /usr/share/horde/scripts/sql/create.mysql.sql .
vi create.mysql.sql

REPLACE INTO user (host, user, password)
    VALUES (
        'localhost',
        'horde',
-- IMPORTANT: Change this password!
        PASSWORD('hordepassword')
);

Create the user and populate the horde database

mysql -p < create.mysql.sql

Create the tables for turba (Address book)

mysql -p horde < /usr/share/horde/turba/scripts/sql/turba_objects.mysql.sql

Create the tables for kronolith (calendering)

mysql -p horde < /usr/share/horde/kronolith/scripts/sql/kronolith.mysql.sql

Horde Configuration

Create horde base configuration /usr/share/horde/config/conf.php

<?php
$conf['debug_level'] = E_ALL;
$conf['max_exec_time'] = 0;
$conf['compress_pages'] = true;
$conf['umask'] = 077;
$conf['use_ssl'] = 2;
$conf['server']['name'] = $_SERVER['SERVER_NAME'];
$conf['server']['port'] = $_SERVER['SERVER_PORT'];
$conf['session']['name'] = 'Horde';
$conf['session']['use_only_cookies'] = true;
$conf['session']['cache_limiter'] = 'nocache';
$conf['session']['timeout'] = 0;
$conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
$conf['cookie']['path'] = '/';
$conf['sql']['username'] = 'horde';
$conf['sql']['password'] = 'hordepassword';
$conf['sql']['socket'] = '/var/lib/mysql/mysql.sock';
$conf['sql']['protocol'] = 'unix';
$conf['sql']['database'] = 'horde';
$conf['sql']['charset'] = 'iso-8859-1';
$conf['sql']['phptype'] = 'mysqli';
$conf['auth']['admins'] = array('Administrator', 'andrew@home.topdog-software.com');
$conf['auth']['checkip'] = true;
$conf['auth']['checkbrowser'] = true;
$conf['auth']['alternate_login'] = false;
$conf['auth']['redirect_on_logout'] = false;
$conf['auth']['params']['driverconfig'] = 'horde';
$conf['auth']['params']['table'] = 'horde_users';
$conf['auth']['params']['username_field'] = 'user_uid';
$conf['auth']['params']['password_field'] = 'user_pass';
$conf['auth']['params']['encryption'] = 'md5-hex';
$conf['auth']['params']['show_encryption'] = false;
$conf['auth']['driver'] = 'sql';
$conf['signup']['allow'] = false;
$conf['log']['priority'] = PEAR_LOG_NOTICE;
$conf['log']['ident'] = 'HORDE';
$conf['log']['params'] = array();
$conf['log']['name'] = '/tmp/horde.log';
$conf['log']['params']['append'] = true;
$conf['log']['type'] = 'file';
$conf['log']['enabled'] = true;
$conf['log_accesskeys'] = false;
$conf['prefs']['params']['driverconfig'] = 'horde';
$conf['prefs']['driver'] = 'sql';
$conf['datatree']['params']['driverconfig'] = 'horde';
$conf['datatree']['driver'] = 'sql';
$conf['group']['driver'] = 'datatree';
$conf['cache']['default_lifetime'] = 1800;
$conf['cache']['params']['dir'] = Horde::getTempDir();
$conf['cache']['params']['gc'] = 86400;
$conf['cache']['driver'] = 'file';
$conf['token']['driver'] = 'none';
$conf['mailer']['params']['auth'] = '0';
$conf['mailer']['type'] = 'smtp';
$conf['vfs']['params']['driverconfig'] = 'horde';
$conf['vfs']['type'] = 'sql';
$conf['sessionhandler']['params']['persistent'] = false;
$conf['sessionhandler']['params']['rowlocking'] = true;
$conf['sessionhandler']['params']['socket'] = '/var/lib/mysql/mysql.sock';
$conf['sessionhandler']['params']['protocol'] = 'unix';
$conf['sessionhandler']['params']['hostspec'] = 'localhost';
$conf['sessionhandler']['params']['username'] = 'horde';
$conf['sessionhandler']['params']['password'] = 'hordepassword';
$conf['sessionhandler']['params']['database'] = 'horde';
$conf['sessionhandler']['type'] = 'mysql';
$conf['problems']['email'] = 'webmaster@home.topdog-software.com';
$conf['problems']['maildomain'] = 'home.topdog-software.com';
$conf['problems']['tickets'] = false;
$conf['menu']['apps'] = array();
$conf['menu']['always'] = true;
$conf['menu']['links']['help'] = 'authenticated';
$conf['menu']['links']['help_about'] = true;
$conf['menu']['links']['options'] = 'authenticated';
$conf['menu']['links']['problem'] = 'never';
$conf['menu']['links']['login'] = 'all';
$conf['menu']['links']['logout'] = 'authenticated';
$conf['hooks']['permsdenied'] = false;
$conf['hooks']['username'] = false;
$conf['hooks']['preauthenticate'] = false;
$conf['hooks']['postauthenticate'] = false;
$conf['hooks']['authldap'] = false;
$conf['portal']['fixed_blocks'] = array();
$conf['accounts']['driver'] = 'null';
$conf['imsp']['enabled'] = false;
$conf['kolab']['enabled'] = false;

Set horde preferences to make web mail the default application on logging in. Edit the file /usr/share/horde/config/prefs.php and modify $_prefs[‘initial_application’] to look as below

$_prefs['initial_application'] = array(
    'value' => 'imp',
    'locked' => true,
    'shared' => true,
    'type' => 'select',
    'desc' => sprintf(_("What application should %s display after login?"), $GLOBALS['registry']->get('name'))
);

Make horde work from within the default root of the web servers, edit /usr/share/horde/config/registry.php and modify $this→applications[‘horde’] as below

$this->applications['horde'] = array(
    'fileroot' => dirname(__FILE__) . '/..',
    'webroot' => '',
    'initial_page' => 'login.php',
    'name' => _("Horde"),
    'status' => 'active',
    'templates' => dirname(__FILE__) . '/../templates',
    'provides' => 'horde'
);

IMP Configuration

Create imp base configuration /usr/share/horde/imp/config/conf.php

<?php
$conf['utils']['spellchecker'] = '/usr/bin/aspell';
$conf['utils']['gnupg'] = '/usr/bin/gpg';
$conf['utils']['gnupg_keyserver'] = array('pgp.mit.edu');
$conf['utils']['gnupg_timeout'] = '10';
$conf['utils']['openssl_cafile'] = '/etc/pki/tls/certs';
$conf['utils']['openssl_binary'] = '/usr/bin/openssl';
$conf['menu']['apps'] = array('ingo', 'kronolith', 'passwd', 'turba');
$conf['user']['select_sentmail_folder'] = false;
$conf['user']['allow_resume_all_in_drafts'] = true;
$conf['user']['allow_folders'] = true;
$conf['user']['allow_resume_all'] = false;
$conf['user']['allow_view_source'] = true;
$conf['user']['alternate_login'] = false;
$conf['user']['redirect_on_logout'] = false;
$conf['server']['change_server'] = false;
$conf['server']['change_port'] = false;
$conf['server']['change_protocol'] = false;
$conf['server']['change_smtphost'] = false;
$conf['server']['change_smtpport'] = false;
$conf['server']['server_list'] = 'none';
$conf['server']['sort_limit'] = '0';
$conf['server']['cache_folders'] = false;
$conf['server']['cache_msgbody'] = true;
$conf['mailbox']['show_attachments'] = false;
$conf['mailbox']['show_preview'] = false;
$conf['mailbox']['show_xpriority'] = false;
$conf['fetchmail']['show_account_colors'] = false;
$conf['fetchmail']['size_limit'] = '4000000';
$conf['msgsettings']['filtering']['words'] = './config/filter.txt';
$conf['msgsettings']['filtering']['replacement'] = '****';
$conf['spam']['reporting'] = false;
$conf['notspam']['reporting'] = false;
$conf['msg']['prepend_header'] = true;
$conf['msg']['append_trailer'] = true;
$conf['compose']['allow_cc'] = true;
$conf['compose']['allow_bcc'] = true;
$conf['compose']['allow_receipts'] = true;
$conf['compose']['special_characters'] = true;
$conf['compose']['use_vfs'] = false;
$conf['compose']['link_attachments'] = false;
$conf['compose']['add_maildomain_to_unexpandable'] = false;
$conf['compose']['attach_size_limit'] = '0';
$conf['compose']['attach_count_limit'] = '0';
$conf['hooks']['vinfo'] = false;
$conf['hooks']['signature'] = false;
$conf['hooks']['trailer'] = false;
$conf['hooks']['fetchmail_filter'] = false;
$conf['hooks']['mbox_redirect'] = false;
$conf['hooks']['mbox_icon'] = false;
$conf['hooks']['spam_bounce'] = false;
$conf['maillog']['use_maillog'] = true;
$conf['tasklist']['use_tasklist'] = true;
$conf['notepad']['use_notepad'] = true;

Create IMP servers configuration /usr/share/horde/imp/config/servers.php (remove all others) with content below

<?php
$servers['cyrus'] = array(
    'name' => 'localserver',
    'server' => 'localhost',
    'hordeauth' => 'full',
    'protocol' => 'imap/notls',
    'port' => 143,
    'maildomain' => '',
    'smtphost' => 'localhost',
    'smtpport' => 25,
    'realm' => '',
    'preferred' => '',
    'admin' => array(
        'params' => array(
            'login' => 'cyrus',
            'password' => '',
            'userhierarchy' => 'user.',
            'protocol' => 'imap/notls',
            'hostspec' => 'localhost',
            'port' => 143
        )
    ),
    'quota' => array(
        'driver' => 'cyrus',
        'params' => array(),
    ),
    'acl' => array(
        'driver' => 'rfc2086',
    ),
);

Prevent compose window from being a popup, edit /usr/share/horde/imp/config/prefs.php and change the variable $_prefs[‘compose_window’] to look like below

$_prefs['compose_popup'] = array(
    'value' => 0,
    'locked' => true,
    'shared' => true,
    'type' => 'checkbox',
    'desc' => _("Compose messages in a separate window?"));

Kronolith Configuration

Create kronolith base configuration /usr/share/horde/kronolith/config/conf.php

<?php
$conf['calendar']['params']['table'] = 'kronolith_events';
$conf['calendar']['params']['driverconfig'] = 'horde';
$conf['calendar']['driver'] = 'sql';
$conf['storage']['params']['table'] = 'kronolith_storage';
$conf['storage']['params']['driverconfig'] = 'horde';
$conf['storage']['driver'] = 'sql';
$conf['metadata']['keywords'] = false;
$conf['reminder']['server_name'] = 'home.topdog-software.com';
$conf['reminder']['from_addr'] = 'postmaster@home.topdog-software.com';
$conf['autoshare']['shareperms'] = 'none';
$conf['menu']['print'] = true;
$conf['menu']['import_export'] = true;
$conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba');

Turba Configuration

Configure the turba base configuration /usr/share/horde/turba/config/conf.php

<?php
$conf['menu']['apps'] = array('imp', 'kronolith', 'turba');
$conf['storage']['driver'] = 'prefs';
$conf['storage']['maxblacklist'] = 0;
$conf['storage']['maxwhitelist'] = 0;
$conf['rules']['userheader'] = true;
$conf['rules']['usefolderapi'] = true;

Ingo Configuration

Configure the ingo base configuration /usr/share/horde/ingo/config/conf.php

<?php
$conf['menu']['apps'] = array('imp', 'kronolith', 'turba');
$conf['storage']['driver'] = 'prefs';
$conf['storage']['maxblacklist'] = 0;
$conf['storage']['maxwhitelist'] = 0;
$conf['rules']['userheader'] = true;
$conf['rules']['usefolderapi'] = true

Configure the ingo backend to use timsieved in /usr/share/horde/ingo/config/backends.php (remove all other backends)

<?php
$backends['sieve'] = array(
    'driver' => 'timsieved',
    'preferred' => 'localhost',
    'hordeauth' => 'full',
    'params' => array(
        'hostspec' => 'localhost',
        'logintype' => 'PLAIN',
        'usetls' => true,
        'port' => 2000,
        'scriptname' => 'ingo',
    ),
    'script' => 'sieve',
    'scriptparams' => array()
);

Passwd Configuration

Configure the passwd base configuration /usr/share/horde/passwd/config/conf.php

<?php
$conf['menu']['apps'] = array('imp', 'ingo', 'kronolith', 'turba');
$conf['backend']['backend_list'] = 'hidden';
$conf['user']['change'] = true;
$conf['user']['refused'] = array('root', 'bin', 'daemon', 'adm', 'lp', 'shutdown',
'halt', 'uucp', 'ftp', 'anonymous', 'nobody', 'httpd', 'operator', 'guest', 'diginext', 'bind', 'cyrus', 'courier', 'games', 'kmem', 'mailnull', 'man', 'mysql', 'news', 'postfix', 'sshd', 'tty', 'www');
$conf['password']['strengthtests'] = false;
$conf['hooks']['full_name'] = true;
$conf['hooks']['default_username'] = false;
$conf['hooks']['username'] = false;
$conf['hooks']['userdn'] = false;

Configure the passwd back end to use the horde mysql database in /usr/share/horde/passwd/config/backends.php (remove all others)

<?php
$backends['hordesql'] = array (
    'name' => 'Horde Authentication',
    'preferred' => '',
    'password policy' => array(
        'minLength' => 5,
        'maxLength' => 8,
        'maxSpace' => 0,
        'minUpper' => 1,
        'minLower' => 1,
        'minNumeric' => 1,
        'minSymbols' => 1
    ),
    'driver' => 'sql',
    'params' => array_merge($conf['sql'],
                            array('table' => 'horde_users',
                                  'user_col' => 'user_uid',
                                  'pass_col' => 'user_pass',
                                  'show_encryption' => false)),
);

Secure Horde Installation

Secure the horde installation

chown apache:root -R /usr/share/horde/config
chown apache:root -R /usr/share/horde/*/config
chmod -R go-rwx /usr/share/horde/config
chmod -R go-rwx /usr/share/horde/*/config
chown -R root:root /usr/share/horde/scripts
chown -R root:root /usr/share/horde/*/scripts
chmod -R go-rwx /usr/share/horde/scripts
chmod -R go-rwx /usr/share/horde/*/scripts
chmod a-rwx /usr/share/horde/test.php
chmod a-rwx /usr/share/horde/*/test.php
find /usr/share/horde/ -iname readme -exec rm -f {} ;
find /usr/share/horde/ -iname todo -exec rm -vf {} ;
find /usr/share/horde/ -iname license -exec rm -vf {} ;
find /usr/share/horde/ -iname copying -exec rm -vf {} ;
find /usr/share/horde/ -iname docs -exec rm -vrf {} ;

Configure Cyrus-imapd

The cyrus-imapd system will have virtual hosting enabled, sieve scripts, quota’s set to 10MB, auto creation (& auto subscription) of the mailbox with these folders (INBOX,sent-mail,drafts,spam,trash). Authentication of users will take place aganist the Mysql database via SASL using the saslauthd daemon.

Create the configuration /etc/imapd.conf with the following content

configdirectory: /var/lib/imap
servername: TDS-IMAP/POP3
partition-default: /var/spool/imap
virtdomains: on
defaultdomain: localhost.localdomain
admins: andrew@home.topdog-software.com
postmaster: support@home.topdog-software.com
quotawarn: 85
lmtp_over_quota_perm_failure: 1
lmtp_strict_quota: 1
autocreatequota: 10240
createonpost: 1
autocreateinboxfolders: sent-mail|drafts|spam|trash
autosubscribeinboxfolders: sent-mail|drafts|spam|trash
autocreate_sieve_script: /etc/default_sieve
autocreate_sieve_compiledscript: /etc/default_sieve_script.bc
sievedir: /var/lib/imap/sieve
md5_dir: /var/lib/imap/md5
#sievenotifier: sms
#sendsms: /usr/bin/mysmsprog
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
allowplainwithouttls: 0
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
loglevel: info

Create the configuration /etc/cyrus.conf with the following content

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"
  # this is only necessary if using idled for IMAP IDLE
  idled         cmd="idled"
  # replication
  # syncclient       cmd="/usr/lib/cyrus-imapd/sync_client -r"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1
#  imaps                cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=1 proto=tcp maxchild=100 maxfds=1000 provide_uuid=1
#  pop3s                cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="localhost:sieve" prefork=0 proto=tcp maxfds=1000 provide_uuid=1
  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1
  #fud
  # fud           cmd="fud" listen="fud" prefork=1 proto="udp"
  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 maxfds=1000 provide_uuid=1
  # this is only necessary if using notifications
  notify        cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
  # replication
}
EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30 maxfds=1000
  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400
  # this is only necessary if caching TLS sessions
  #tlsprune     cmd="tls_prune" at=0400
  squat         cmd="squatter"  period=30
}

Configure Pam_mysql

Pam_mysql will be used to authenticate the following cyrus-imapd services aganist the mysql database, IMAP,POP,SIEVE,LMTP,CSYNC.

Pam_mysql Configuration

Enable pam_mysql for the services make the changes below.

/etc/pam.d/imap

auth       optional     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3
account    required     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3

/etc/pam.d/pop

auth       optional     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3
account    required     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3

/etc/pam.d/sieve

auth       optional     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3
account    required     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3

/etc/pam.d/lmtp

auth       optional     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3
account    required     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3

/etc/pam.d/csync

auth       optional     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3
account    required     pam_mysql.so user=horde passwd=hordepassword host=/var/lib/mysql/mysql.sock db=horde table=horde_users usercolumn=user_uid passwdcolumn=user_pass crypt=3

Saslauthd Configuration

Edit /etc/sysconfig/saslauthd and modify to below

SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
MECH=pam
# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS="-r -n 0 -c"

Configure ClamAV

Add the clamav user to the exim group.

usermod -G exim clamav

Change the location of the socket and disable TCP. Make changes to /etc/clamd.conf

LocalSocket /var/run/clamav/clamd.socket
#TCPSocket 3310
#TCPAddr 127.0.0.1

Install sane security signatures

wget http://www.sanesecurity.co.uk/clamav/update_sanesecurity.txt -O /usr/local/bin/update_sanesecurity.sh
chmod +x /usr/local/bin/update_sanesecurity.sh
ln -s /usr/local/bin/update_sanesecurity.sh /etc/cron.hourly/
/usr/local/bin/update_sanesecurity.sh

Enable local selinux module for clamav, create file clamdlocal.te and add the following

module clamdlocal 1.0;
require {
        type proc_t;
        type var_t;
        type sysctl_kernel_t;
        type var_spool_t;
        type clamd_t;
        class dir { write search read remove_name add_name };
        class file { write getattr read lock create unlink };
}
#============= clamd_t ==============
allow clamd_t proc_t:file { read getattr };
allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow clamd_t var_spool_t:dir read;
allow clamd_t var_spool_t:file { read getattr };
allow clamd_t var_t:dir { write read add_name remove_name };
allow clamd_t var_t:file { write getattr read lock create unlink };

Compile and load the module

checkmodule -M -m -o clamdlocal.mod clamdlocal.te
semodule_package -o clamdlocal.pp -m clamdlocal.mod
semodule -i clamdlocal.pp

Configure Spamassassin

Modify the startup options edit /etc/sysconfig/spamassassin and modify as below

SPAMDOPTIONS=" -l -d -c -m5 -H -m 10 --socketpath=/var/run/spamassassin/spamd.sock --socketowner=exim"

Enable local spamd module for spamassassin, create file spamdlocal.te and add the following

module spamdlocal 1.0;
require {
        type spamd_t;
        type spamd_var_run_t;
        class capability { fowner chown kill };
        class sock_file { write create unlink getattr setattr };
}
#============= spamd_t ==============
allow spamd_t self:capability { fowner chown kill };
allow spamd_t spamd_var_run_t:sock_file { write create unlink getattr setattr };

Compile and install the module

checkmodule -M -m -o spamdlocal.mod spamdlocal.te
semodule_package -o spamdlocal.pp -m spamdlocal.mod
semodule -i spamdlocal.pp

Final Touches

Disable services

Disable unwanted services, use this script.

Enable services

chkconfig –level 234 exim on
chkconfig –level 234 mysqld on
chkconfig –level 234 spamassassin on
chkconfig –level 234 clamd on
chkconfig –level 234 httpd on
chkconfig –level 234 saslauthd on
chkconfig –level 234 cyrus-imapd on

service mysqld restart
service saslauthd restart
service spamassassin restart
service clamd restart
service exim restart
service cyrus-imapd restart
service httpd restart

Create Admin User

Create a file admin.sql and add the following (modify the password to suite you)

USE horde;
REPLACE INTO horde_users (user_uid,user_pass)
    VALUES (
        'andrew@home.topdog-software.com',
-- Change this
        md5('verystrongpassword')
);

Add user to database

mysql -p horde < admin.sql

Firewall

Add these rules in your configuration file /etc/sysconfig/iptables

*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport -j ACCEPT --dports 80,443,25,110,143
-A INPUT -p icmp -m icmp -m limit --icmp-type 8 --limit 5/min -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.1.4 -j ACCEPT
COMMIT

Login

Phew! you are done. Open your browser and go to https://192.168.1.4/ and log in with the details above, you can the create other users under administration → users. You can test all the other features as well.

 

References

MPD – A Brief Guide

The Music Player Daemon, aka MPD, is a great little application to handle music on your linux computer. Until recently (when Linux really started to take off and gain popularity), MPD has been notoriously difficult to get to work properly. I decided to write this small intro to MPD after having used it for about 6 months. This is a little guide to it to get you started on using MPD as your music manager.

The World of MPD

First, what MPD is:

  • MPD keeps track of your music library. It does this by defining a music directory, to which you can easily add symlinks to all the various places where you store your music on your computer.
  • MPD tracks changes to your music library (any time an mp3 is removed, or a new album added, you simply update the MPD database file — which takes three or four seconds at most).
  • MPD can store playlists.
  • MPD can play songs, and output this information to various devices, such as your physical speakers (usually via your alsa sound drivers, but it can be any audio driver on your system), or even a http port for remote web listening (via icecast).

What MPD is NOT (what most people get confused about):

  • MPD cannot by itself determine: which songs are played and in what order. Nor does it come with any controls such as PAUSE, STOP, NEXT TRACK, etc. MPD, quite simply, can either: play a song, or do nothing while it is running. MPD’s behavior is controlled by clients, such as GMPC, Sonata, etc (my personal favorite is ncmpcpp).

The downside of this dichotomy between what MPD is and what it is not, is that you must install two applications to get the same functionality as any standard multimedia player like iTunes. However, there are many, many advantages of splitting up music-playing from music-controls. First, mpd will hardly crash and will be error-free due to its simple nature. Second, you gain the ability to access your large music collection from other computers in your home network without much fuss. This means that you can do things like: make your laptop act as a remote control for your desktop’s music output (the desktop’s speakers), or even create multiple MPD instances for specific purposes simultaneously (e.g., alsa and also icecast output).

Typical Setup

For most people, they only need one instance of MPD running and have it configured so that it plays songs directly to their computer speakers. So their MPD configuration file will look something like this (comment lines removed to save space):

music_directory “/home/shinobu/.mpd-untracked/music”
playlist_directory “/home/shinobu/.mpd-untracked/playlist”
db_file “/home/shinobu/.mpd-untracked/mpd.db”
log_file “/home/shinobu/.mpd-untracked/mpd.log”
pid_file “/home/shinobu/.mpd-untracked/mpd.pid”
state_file “/home/shinobu/.mpd-untracked/mpdstate”
sticker_file “/home/shinobu/.mpd-untracked/sticker.sql”
user “shinobu”
bind_to_address     “192.168.0.110” # bind it to this computer’s IP address if someone on the LAN wants to use this mpd
port                “6600”
save_absolute_paths_in_playlists “yes”
follow_outside_symlinks “yes”
follow_inside_symlinks “yes”
audio_output {
type            “alsa”
name            “Exelion ALSA output”
format          “44100:16:2”    # optional
mixer_device    “default”
mixer_control   “PCM”
}
replaygain          “track”
volume_normalization “yes”
filesystem_charset      “UTF-8”
id3v1_encoding          “ISO-8859-1”

It’s very straightforward. All of the essential files and folders are customized and defined in the config file. (My mpd directory is .mpd-untracked, since these files/folders are not tracked by my git folder containing all of my dotfiles. See my previous two posts for more info on that setup.) The config file itself resides at /home/shinobu/syscfg/mpd/cfg-alsa — a customized path and filename, which is referenced each time MPD starts on bootup (in my .xinitrc file), with the command “mpd /home/shinobu/syscfg/mpd/cfg-alsa”. MPD will daemonize itself when it is called, so calling it from your .xinitrc file without the “&” argument at the end of the line is OK. Notice how the above configuration avoids running into permission problems, since everything resides under a normal user’s directory.

I then start up ncmpcpp, which by default looks to the mpd host as localhost and port as 6600 — matching the (default) values in my MPD config file above. And it all works rather beautifully.

Multi-MPD Setup for Music Sharing

Back when I still used iTunes (about 3 years ago), I remember it had this neat feature to share your music with anyone on your local network. You can do the same thing with MPD. The trick is to add a separate MPD instance for this feature. I myself have this multi-MPD setup on my desktop, with one MPD for alsa-only output (as seen above), and a second MPD for icecast-only output. Icecast, by the way, is a more general solution not wholly related to MPD for sharing music over the internet — we can use icecast since it plays rather well with MPD (UNIX philosophy FTW!). Since my desktop has a second MPD instance so that it works with icecast, my laptop can now take advantage of the huge music collection that I have on it, remotely (well, as long as I’m on the home network in my case).

Here’s my MPD config file for icecast output:

music_directory “/home/shinobu/.mpd-untracked/music”
playlist_directory “/home/shinobu/.mpd-untracked/playlist”
db_file “/home/shinobu/.mpd-untracked/mpd.db”
log_file “/home/shinobu/.mpd-untracked/mpd-icecast.log”
pid_file “/home/shinobu/.mpd-untracked/mpd-icecast.pid”
state_file “/home/shinobu/.mpd-untracked/mpdstate-icecast”
sticker_file “/home/shinobu/.mpd-untracked/sticker.sql”
user “shinobu”
bind_to_address     “192.168.0.110” # bind it to this computer’s IP address if someone on the LAN wants to use this mpd
port                “6601”
save_absolute_paths_in_playlists “yes”
follow_outside_symlinks “yes”
follow_inside_symlinks “yes”
audio_output {
type            “shout”
name            “exelion HD mpd stream”
encoding        “ogg”           # optional
host            “localhost”
port            “8000”
mount           “/mpd.ogg” # i.e., “http://192.168.0.110/mpd.ogg” is the live stream
# (provided that MPD is actually playing a song)
#————————————————————————————————–#
# See ‘source password’ in /etc/icecast.xml for password                                           #
#————————————————————————————————–#
password        “hackme”
#————————————————————————————————–#
# Use ‘bitrate’ or ‘quality’. Use ‘bitrate’ for static bitrate, or ‘quality’ for variable.         #
# Use one or the other — not both!                                                                #
# bitrate                     “128”                                                                #
#————————————————————————————————–#
quality         “10”
#————————————————————————————————–#
# ‘format’ is the audio format of the stream. The first number is the sample rate in Hertz (Hz);   #
# 44100 Hz is equal to cd quality. The second number is the number of bits per sample; again 16    #
# bits is the quality used on cd’s. The third number is the number of channels; 1 channel is       #
# mono, 2 channels is stereo.                                                                      #
#————————————————————————————————–#
format          “44100:16:2”
protocol        “icecast2”      # optional
user            “source”        # optional
#description        “My Stream Description” # optional
#genre          “jazz”          # optional
#public         “no”            # optional
#timeout            “2”         # optional
}
replaygain          “track”
volume_normalization “yes”
filesystem_charset      “UTF-8”
id3v1_encoding          “ISO-8859-1”

As you can see, much of the configuration is exactly the same as my first MPD config file. You’d want it like this, since you’d want it to use the same music collection and list of playlists. (Well, if you had a private stash of music you didn’t want anyone in your LAN to know about, you’d point to a different music folder.) So the music directory, playlist directory, and database file are all the same. However, you’d want a different set of logfiles for this second MPD instance, so those values are changed. The same goes to the pid and state files. The port number is 6601, so that it doesn’t conflict with my first MPD. The final difference is the audio output, which is set to “shout” and not “alsa”. The “shout” output works with icecast, and the values in here, like port 8000 and “hackme” as the password, are taken straight from the default icecast intallation’s xml file (/etc/icecast.xml — of course, you can call icecast with a different config file location than the default one).

It’s important that you make this second MPD output solely to icecast. If you put in alsa output here, you’ll end up with two different songs playing simultaneously on your desktop’s speakers! (Aside: MPD is perfectly capable of outputting to multiple audio outputs, so you could, if you wanted, make one MPD instance output to both alsa and icecast — suitable if you’re the only one at home and you want your music to “follow” you to all the computers connected to the LAN.) As for icecast itself, you can also call it from your .xinitrc file, after your mpd-calling lines, like so: icecast -b -c /home/shinobu/syscfg/icecast/cfg.xml. The -b flag daemonizes icecast (required since you’re calling it from your .xinitrc file), and the -c flag merely points to the correct config file location. My icecast config file looks like this:

<icecast>
<limits>
<clients>100</clients>
<sources>2</sources>
<threadpool>5</threadpool>
<queue-size>524288</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<burst-on-connect>1</burst-on-connect>
<burst-size>65535</burst-size>
</limits>

<authentication>
<source-password>hackme(~</source-password>
<relay-password>hackme(~</relay-password>
<admin-user>admin</admin-user>
<admin-password>hackme(~</admin-password>
</authentication>
<hostname>localhost</hostname>
<listen-socket>
<port>8000</port>
</listen-socket>
<fileserve>1</fileserve>

<paths>
<basedir>/usr/share/icecast</basedir>
<logdir>/home/shinobu/.icecast-untracked/log</logdir>
<webroot>/home/shinobu/.icecast-untracked/icecast/web</webroot>
<adminroot>/home/shinobu/.icecast-untracked/icecast/admin</adminroot>
<alias source=”/” dest=”/status.xsl”/>
</paths>

<logging>
<accesslog>access.log</accesslog>
<errorlog>error.log</errorlog>
<loglevel>1</loglevel>
<logsize>10000</logsize>
</logging>
<security>
<chroot>0</chroot>
</security>
</icecast>

Here, the value for the <source-password> tag must match the password specified in your icecast-MPD’s config file. I’ve left it to the default “hackme” here for demonstration purposes — you should change it to something more secure (better safe than sorry!). My password is like @#$k23lsdf9. Make sure the directory in <logdir> exists. As for the <webroot> and <adminroot> directories, copy them straight out of /usr/share/icecast/web and /usr/share/icecast/admin, and place them into your custom location. This will take care of those annoying permission errors that users often face.

Now, on your remote computer, such as your laptop, you need (1) an MPD client, and (2) a music player, like mplayer, to intercept the raw .ogg music stream from your desktop with the icecast-MPD setup. In my ncmpcpp config file on my laptop, I have custom values for the mpd_host and mpd_port fields to be my desktop’s IP address 192.168.0.110 and 6601, respectively (matching the values in the second MPD config file above). So when I fire up ncmpcpp on my laptop, it connects over the LAN network into the music collection residing in my desktop, all with the magic of MPD. Once I activate the ogg stream by playing a file, I can then access this stream with mplayer — specifically, with mplayer -ao alsa -softvol -volume 10 -volstep 1 -prefer-ipv4 http://192.168.0.110:8000/mpd.ogg. I have this long command aliased, of course, to a hotkey in my XMonad configuration file. And within a couple seconds, I get a top-quality, ~500 kbps ogg stream right on my laptop (the quality setting in my MPD config file, set to “10″, is the maximum quality supported by the ogg format; 500 kbps, or a little over 60 KBps, should be nothing on your home ethernet LAN).

So here’s what’s happening with this second MPD instance on my desktop, configured with icecast output: MPD keeps tabs on what my music collection consists of from port 6601, and “plays” to port 8000 — converting my current mp3/flac file into an ogg stream, which is then served by icecast. From my laptop, I then connect to this MPD by the desktop’s IP address and MPD port of 6601 with ncmpcpp. Then, once I tell MPD to start playing, I can then access the ogg stream with mplayer on my laptop. Mplayer simply looks to http://192.168.0.110:8000/mpd.ogg. When icecast on my desktop receives this request from my laptop’s mplayer, it gives the go-ahead and essentially acts as a bridge between my desktop’s icecast-output MPD and my laptop’s mplayer. Mplayer then takes this ogg stream, and outputs it onto my laptop’s speakers using the alsa drivers.

Here’s a picture to describe what’s going on. (The latest LibreOffice Drawing app is really a pleasure to use!)

So I hope this post proves useful to people who are new to Linux and are struggling to get MPD (and especially with Icecast) to work.

EDIT July 17, 2010: Prettier/simpler graphic uploaded.

UPDATE April 7, 2011: Cleaner source code format; fixed some typos; updated graphic.

UPDATE November 1, 2011: Grammar fixes and some rewordings. I’m delighted to say that even after 2 years of using MPD, I still use the setup described in this post. Talk about configuration stability!

Archived from the following link on 7/19/2012.