Add some language highlighting
This commit is contained in:
parent
f0ed09f00b
commit
78eec895b0
@ -4,32 +4,39 @@ visible: true
|
||||
---
|
||||
|
||||
[toc]
|
||||
|
||||
## Getting ACME.SH
|
||||
```
|
||||
|
||||
```sh
|
||||
$ git clone https://github.com/acmesh-official/acme.sh.git
|
||||
$ cd ./acme.sh
|
||||
$ ./acme.sh --install -m my@example.com
|
||||
```
|
||||
|
||||
## First time ZeroSSL registration
|
||||
`$ (path to)/acme.sh --register-account -m (email)`
|
||||
|
||||
`$ (path to)/acme.sh --register-account -m (email)`
|
||||
|
||||
## Issue new certificate
|
||||
|
||||
Needs root to start a server on port 80
|
||||
`# (path to)/acme.sh --issue --standalone -d (url)`
|
||||
`# (path to)/acme.sh --issue --standalone -d (url)`
|
||||
|
||||
## Issue new certificate with DNS API
|
||||
|
||||
> [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
|
||||
|
||||
### Gandi
|
||||
`export GANDI_LIVEDNS_KEY="(api key)"`
|
||||
|
||||
`(path to)/acme.sh --issue --dns dns_gandi_livedns -d (domain)`
|
||||
`export GANDI_LIVEDNS_KEY="(api key)"`
|
||||
|
||||
`(path to)/acme.sh --issue --dns dns_gandi_livedns -d (domain)`
|
||||
|
||||
## Install certificate
|
||||
Make sure to create the `/etc/acme-sh/(url)` directory
|
||||
|
||||
```
|
||||
Make sure to create the `/etc/acme-sh/(url)` directory
|
||||
|
||||
```sh
|
||||
$ export url=woodpecker.exu.li \
|
||||
&& mkdir -p /etc/acme-sh/{$url} \
|
||||
&& .acme.sh/acme.sh --install-cert -d $url \
|
||||
@ -39,8 +46,10 @@ $ export url=woodpecker.exu.li \
|
||||
```
|
||||
|
||||
## Systems Service & Timer
|
||||
`/etc/systemd/system/acme-sh.service`
|
||||
```
|
||||
|
||||
`/etc/systemd/system/acme-sh.service`
|
||||
|
||||
```systemd
|
||||
[Unit]
|
||||
Description=Renew certificates using acme.sh
|
||||
After=network-online.target
|
||||
@ -53,8 +62,9 @@ User=wiki
|
||||
SuccessExitStatus=0 2
|
||||
```
|
||||
|
||||
`/etc/systemd/system/acme.timer`
|
||||
```
|
||||
`/etc/systemd/system/acme.timer`
|
||||
|
||||
```systemd
|
||||
[Unit]
|
||||
Description=Daily renewal of certificates
|
||||
|
||||
@ -68,4 +78,4 @@ WantedBy=timers.target
|
||||
```
|
||||
|
||||
Enable timer
|
||||
`systemctl enable --now acme-sh.timer`
|
||||
`systemctl enable --now acme-sh.timer`
|
||||
|
@ -4,18 +4,23 @@ visible: false
|
||||
---
|
||||
|
||||
[toc]
|
||||
|
||||
## Podman
|
||||
|
||||
### Network and Pod
|
||||
|
||||
`# podman network create net_authentik`
|
||||
`# podman pod create --name pod_authentik --network net_authentik -p `
|
||||
`# podman pod create --name pod_authentik --network net_authentik -p `
|
||||
|
||||
#### Port Mappings
|
||||
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
### Database
|
||||
```
|
||||
|
||||
```sh
|
||||
# podman run --name authentik_db \
|
||||
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||
-e POSTGRES_USER=authentik \
|
||||
@ -27,7 +32,8 @@ visible: false
|
||||
```
|
||||
|
||||
### Redis
|
||||
```
|
||||
|
||||
```sh
|
||||
# podman run --name authentik_redis \
|
||||
-v /mnt/authentik_redis:/data \
|
||||
--pod pod_authentik \
|
||||
@ -36,7 +42,9 @@ visible: false
|
||||
```
|
||||
|
||||
### Application Server
|
||||
|
||||
https://goauthentik.io/docs/installation/docker-compose
|
||||
|
||||
```
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
@ -59,11 +67,13 @@ https://goauthentik.io/docs/installation/docker-compose
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
|
||||
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
### Application Worker
|
||||
|
||||
```
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
|
||||
@ -89,6 +99,7 @@ worker:
|
||||
env_file:
|
||||
- .env
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
```
|
||||
|
@ -1,17 +1,21 @@
|
||||
---
|
||||
title: 'DHCP Server and Routing'
|
||||
title: "DHCP Server and Routing"
|
||||
visible: true
|
||||
---
|
||||
|
||||
[toc]
|
||||
|
||||
## Installation
|
||||
`# apt install isc-dhcp-server`
|
||||
|
||||
`# apt install isc-dhcp-server`
|
||||
|
||||
## Configuration
|
||||
Edit `/etc/default/isc-dhcp-server`
|
||||
`INTERFACESv4="(interface 1) (interface 2)"`
|
||||
|
||||
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
|
||||
Edit `/etc/default/isc-dhcp-server`
|
||||
`INTERFACESv4="(interface 1) (interface 2)"`
|
||||
|
||||
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
|
||||
|
||||
```
|
||||
subnet (netaddress) netmask (subnetmask) {
|
||||
range (first dhcp) (last dhcp);
|
||||
@ -22,7 +26,8 @@ subnet (netaddress) netmask (subnetmask) {
|
||||
}
|
||||
```
|
||||
|
||||
Edit `/etc/network/interfaces`
|
||||
Edit `/etc/network/interfaces`
|
||||
|
||||
```
|
||||
auto (interface)
|
||||
iface (interface) inet static
|
||||
@ -33,23 +38,25 @@ iface (interface) inet static
|
||||
```
|
||||
|
||||
Enable the interface
|
||||
`# ifup (interface)`
|
||||
`# ifup (interface)`
|
||||
|
||||
Restart DHCP Server
|
||||
`# systemctl restart isc-dhcp-server.service`
|
||||
`# systemctl restart isc-dhcp-server.service`
|
||||
|
||||
### Enable routing
|
||||
|
||||
`# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf`
|
||||
`# sysctl -p /etc/sysctl.d/80-forwarding.conf`
|
||||
`# sysctl -p /etc/sysctl.d/80-forwarding.conf`
|
||||
|
||||
`# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE`
|
||||
`# iptables -A FORWARD -i (LAN interface) -j ACCEPT`
|
||||
`# iptables -A FORWARD -i (LAN interface) -j ACCEPT`
|
||||
|
||||
Make iptables permanent
|
||||
Select `Yes` during the installation to save current rules
|
||||
`# apt install iptables-persistent`
|
||||
`# apt install iptables-persistent`
|
||||
|
||||
### Enable DHCP-managed fixed IP address
|
||||
|
||||
```
|
||||
host (hostname) {
|
||||
hardware ethernet (mac);
|
||||
@ -58,12 +65,13 @@ host (hostname) {
|
||||
```
|
||||
|
||||
### Dynamic DNS
|
||||
*Needs a supported DNS like BIND or PowerDNS*
|
||||
|
||||
_Needs a supported DNS like BIND or PowerDNS_
|
||||
[Configure your DNS server to accept updates](https://wiki.realstickman.net/e/en/linux/services/powerdns)
|
||||
Add the following snippet to your `/etc/dhcp/dhcpd.conf` file
|
||||
How to generate the key is also described in the DNS article
|
||||
```
|
||||
How to generate the key is also described in the DNS article
|
||||
|
||||
```
|
||||
ddns-updates on;
|
||||
ddns-update-style interim;
|
||||
update-static-leases on;
|
||||
@ -85,12 +93,12 @@ zone 7.168.192.in-addr.arpa. {
|
||||
primary 127.0.0.1;
|
||||
key (keyname);
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Client
|
||||
|
||||
DHCP Request
|
||||
`# dhclient -v`
|
||||
`# dhclient -v`
|
||||
|
||||
Release IP
|
||||
`# dhclient -v -r`
|
||||
`# dhclient -v -r`
|
||||
|
@ -4,25 +4,29 @@ visible: true
|
||||
---
|
||||
|
||||
[toc]
|
||||
|
||||
## Pre-Setup
|
||||
|
||||
Create a gitea user
|
||||
`# useradd -m git`
|
||||
`# useradd -m git`
|
||||
|
||||
`# mkdir /etc/gitea`
|
||||
`# chown git:git -R /etc/gitea`
|
||||
`# chown git:git -R /etc/gitea`
|
||||
|
||||
Create the .ssh directory for the git user
|
||||
`$ sudo -u git mkdir -p /home/git/.ssh`
|
||||
`$ sudo -u git mkdir -p /home/git/.ssh`
|
||||
|
||||
Get the user id of git with `id git`
|
||||
Get the user id of git with `id git`
|
||||
|
||||
## Podman
|
||||
|
||||
### Network and Pod
|
||||
|
||||
`# podman network create net_gitea`
|
||||
`# podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p 3000:3000 -p 127.0.0.1:2222:22`
|
||||
`# podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p 3000:3000 -p 127.0.0.1:2222:22`
|
||||
|
||||
#### Port Mappings
|
||||
|
||||
```
|
||||
5432 (localhost): Postgres Database
|
||||
3000: Gitea WebUI
|
||||
@ -30,7 +34,8 @@ Get the user id of git with `id git`
|
||||
```
|
||||
|
||||
### Database
|
||||
```
|
||||
|
||||
```sh
|
||||
# podman run --name giteadb \
|
||||
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||
-e POSTGRES_USER=gitea \
|
||||
@ -42,7 +47,8 @@ Get the user id of git with `id git`
|
||||
```
|
||||
|
||||
### Application
|
||||
```
|
||||
|
||||
```sh
|
||||
# podman run --name gitea \
|
||||
-e USER_UID=(uid) \
|
||||
-e USER_GID=(gid) \
|
||||
@ -60,37 +66,40 @@ Get the user id of git with `id git`
|
||||
```
|
||||
|
||||
**NOTE:** gitea's /data directory must not contain permissions too open. Otherwise the SSH redirection set up below will fail.
|
||||
`0750` for directories and `0640` has been shown to work
|
||||
`0750` for directories and `0640` has been shown to work
|
||||
|
||||
The next few lines are used to set up ssh-redirection to gitea if it is used to clone a repo.
|
||||
|
||||
The next few lines are used to set up ssh-redirection to gitea if it is used to clone a repo.
|
||||
> See also the [official documentation](https://docs.gitea.io/en-us/install-with-docker/#sshing-shim-with-authorized_keys)
|
||||
|
||||
Create SSH Keys for gitea
|
||||
`$ sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"`
|
||||
`$ sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys`
|
||||
`$ sudo -u git chmod 600 /home/git/.ssh/authorized_keys`
|
||||
`$ sudo -u git chmod 600 /home/git/.ssh/authorized_keys`
|
||||
|
||||
```
|
||||
```sh
|
||||
$ cat <<"EOF" | sudo tee /usr/local/bin/gitea
|
||||
#!/bin/sh
|
||||
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
|
||||
EOF
|
||||
```
|
||||
|
||||
`# chmod +x /usr/local/bin/gitea`
|
||||
`# chmod +x /usr/local/bin/gitea`
|
||||
|
||||
We've now finished setting up the ssh-redirection.
|
||||
After that, connect to the Server on port 3000 to finish the installation
|
||||
The first registered user will be made admin
|
||||
The first registered user will be made admin
|
||||
|
||||
## Management CLI
|
||||
|
||||
Gitea comes with a management cli. To access it, change into the Container first and su into the user "git".
|
||||
`# podman exec -it gitea bash`
|
||||
`# su git`
|
||||
`# su git`
|
||||
|
||||
### User Management
|
||||
|
||||
List users:
|
||||
`$ gitea admin user list`
|
||||
`$ gitea admin user list`
|
||||
|
||||
Change user password:
|
||||
`$ gitea admin user change-password -u (user) -p (password)`
|
||||
`$ gitea admin user change-password -u (user) -p (password)`
|
||||
|
@ -4,30 +4,39 @@ visible: true
|
||||
---
|
||||
|
||||
[toc]
|
||||
|
||||
> [Official Documentation](https://learn.getgrav.org/17)
|
||||
|
||||
## Requirements
|
||||
`# apt install nginx php php-fpm php-gd php-apcu php-yaml php-zip php-xml php-mbstring php-curl unzip`
|
||||
|
||||
### Download grav
|
||||
`# apt install nginx php php-fpm php-gd php-apcu php-yaml php-zip php-xml php-mbstring php-curl unzip`
|
||||
|
||||
### Download grav
|
||||
|
||||
Make sure the directory you want to use is owned by your webserver user. (www-data on debian)
|
||||
`# chown www-data:www-data -R /var/www`
|
||||
`# chown www-data:www-data -R /var/www`
|
||||
|
||||
**With included admin client**
|
||||
`sudo -u www-data wget https://getgrav.org/download/core/grav-admin/1.7.32`
|
||||
`sudo -u www-data wget https://getgrav.org/download/core/grav-admin/1.7.32`
|
||||
|
||||
## Theme Learn2 Customisations
|
||||
|
||||
### Fix for wonky sidebar
|
||||
|
||||
With the default configuration, using jquery-scrollbar, there are issues with extremely long subtopics making the bar not scroll all the way to the bottom.
|
||||
My workaround is adding the following CSS to custom.css in the theme's `css` directory.
|
||||
My workaround is adding the following CSS to custom.css in the theme's `css` directory.
|
||||
|
||||
```css
|
||||
.highlightable {
|
||||
overflow: auto;
|
||||
overflow: auto;
|
||||
}
|
||||
```
|
||||
|
||||
### Code copy don't copy # or $
|
||||
|
||||
This needs to be modified in `js/learn.js`
|
||||
Here's the change as well as the surrounding code.
|
||||
Here's the change as well as the surrounding code.
|
||||
|
||||
```js
|
||||
// clipboard
|
||||
var clipInit = false;
|
||||
@ -49,14 +58,16 @@ Here's the change as well as the surrounding code.
|
||||
```
|
||||
|
||||
## Custom theme based on Learn2
|
||||
`$ sudo -u www-data /var/www/wiki-grav/bin/plugin devtools new-theme`
|
||||
|
||||
`$ sudo -u www-data /var/www/wiki-grav/bin/plugin devtools new-theme`
|
||||
|
||||
You'll be asked a few questions next
|
||||
**Important:** when asked to choose an option, choose `inheritance`
|
||||
With this, an installed theme can be selected as a base
|
||||
With this, an installed theme can be selected as a base
|
||||
|
||||
## Nginx config
|
||||
```
|
||||
|
||||
```nginx
|
||||
server {
|
||||
server_name DOMAIN_NAME;
|
||||
|
||||
@ -119,4 +130,4 @@ server {
|
||||
server_name DOMAIN_NAME;
|
||||
return 404;
|
||||
}
|
||||
```
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user