Add some language highlighting

This commit is contained in:
RealStickman 2022-12-16 11:46:32 +01:00
parent f0ed09f00b
commit 78eec895b0
5 changed files with 108 additions and 59 deletions

View File

@ -4,32 +4,39 @@ visible: true
--- ---
[toc] [toc]
## Getting ACME.SH ## Getting ACME.SH
```
```sh
$ git clone https://github.com/acmesh-official/acme.sh.git $ git clone https://github.com/acmesh-official/acme.sh.git
$ cd ./acme.sh $ cd ./acme.sh
$ ./acme.sh --install -m my@example.com $ ./acme.sh --install -m my@example.com
``` ```
## First time ZeroSSL registration ## First time ZeroSSL registration
`$ (path to)/acme.sh --register-account -m (email)`
`$ (path to)/acme.sh --register-account -m (email)`
## Issue new certificate ## Issue new certificate
Needs root to start a server on port 80 Needs root to start a server on port 80
`# (path to)/acme.sh --issue --standalone -d (url)` `# (path to)/acme.sh --issue --standalone -d (url)`
## Issue new certificate with DNS API ## Issue new certificate with DNS API
> [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi) > [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
### Gandi ### Gandi
`export GANDI_LIVEDNS_KEY="(api key)"`
`(path to)/acme.sh --issue --dns dns_gandi_livedns -d (domain)` `export GANDI_LIVEDNS_KEY="(api key)"`
`(path to)/acme.sh --issue --dns dns_gandi_livedns -d (domain)`
## Install certificate ## Install certificate
Make sure to create the `/etc/acme-sh/(url)` directory
``` Make sure to create the `/etc/acme-sh/(url)` directory
```sh
$ export url=woodpecker.exu.li \ $ export url=woodpecker.exu.li \
&& mkdir -p /etc/acme-sh/{$url} \ && mkdir -p /etc/acme-sh/{$url} \
&& .acme.sh/acme.sh --install-cert -d $url \ && .acme.sh/acme.sh --install-cert -d $url \
@ -39,8 +46,10 @@ $ export url=woodpecker.exu.li \
``` ```
## Systems Service & Timer ## Systems Service & Timer
`/etc/systemd/system/acme-sh.service`
``` `/etc/systemd/system/acme-sh.service`
```systemd
[Unit] [Unit]
Description=Renew certificates using acme.sh Description=Renew certificates using acme.sh
After=network-online.target After=network-online.target
@ -53,8 +62,9 @@ User=wiki
SuccessExitStatus=0 2 SuccessExitStatus=0 2
``` ```
`/etc/systemd/system/acme.timer` `/etc/systemd/system/acme.timer`
```
```systemd
[Unit] [Unit]
Description=Daily renewal of certificates Description=Daily renewal of certificates
@ -68,4 +78,4 @@ WantedBy=timers.target
``` ```
Enable timer Enable timer
`systemctl enable --now acme-sh.timer` `systemctl enable --now acme-sh.timer`

View File

@ -4,18 +4,23 @@ visible: false
--- ---
[toc] [toc]
## Podman ## Podman
### Network and Pod ### Network and Pod
`# podman network create net_authentik` `# podman network create net_authentik`
`# podman pod create --name pod_authentik --network net_authentik -p ` `# podman pod create --name pod_authentik --network net_authentik -p `
#### Port Mappings #### Port Mappings
``` ```
``` ```
### Database ### Database
```
```sh
# podman run --name authentik_db \ # podman run --name authentik_db \
-e PGDATA=/var/lib/postgresql/data/pgdata \ -e PGDATA=/var/lib/postgresql/data/pgdata \
-e POSTGRES_USER=authentik \ -e POSTGRES_USER=authentik \
@ -27,7 +32,8 @@ visible: false
``` ```
### Redis ### Redis
```
```sh
# podman run --name authentik_redis \ # podman run --name authentik_redis \
-v /mnt/authentik_redis:/data \ -v /mnt/authentik_redis:/data \
--pod pod_authentik \ --pod pod_authentik \
@ -36,7 +42,9 @@ visible: false
``` ```
### Application Server ### Application Server
https://goauthentik.io/docs/installation/docker-compose https://goauthentik.io/docs/installation/docker-compose
``` ```
server: server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
@ -59,11 +67,13 @@ https://goauthentik.io/docs/installation/docker-compose
- "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000" - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000"
- "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443" - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443"
``` ```
``` ```
``` ```
### Application Worker ### Application Worker
``` ```
worker: worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0}
@ -89,6 +99,7 @@ worker:
env_file: env_file:
- .env - .env
``` ```
``` ```
``` ```

View File

@ -1,17 +1,21 @@
--- ---
title: 'DHCP Server and Routing' title: "DHCP Server and Routing"
visible: true visible: true
--- ---
[toc] [toc]
## Installation ## Installation
`# apt install isc-dhcp-server`
`# apt install isc-dhcp-server`
## Configuration ## Configuration
Edit `/etc/default/isc-dhcp-server`
`INTERFACESv4="(interface 1) (interface 2)"`
Edit `/etc/dhcp/dhcpd.conf` to set a subnet Edit `/etc/default/isc-dhcp-server`
`INTERFACESv4="(interface 1) (interface 2)"`
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
``` ```
subnet (netaddress) netmask (subnetmask) { subnet (netaddress) netmask (subnetmask) {
range (first dhcp) (last dhcp); range (first dhcp) (last dhcp);
@ -22,7 +26,8 @@ subnet (netaddress) netmask (subnetmask) {
} }
``` ```
Edit `/etc/network/interfaces` Edit `/etc/network/interfaces`
``` ```
auto (interface) auto (interface)
iface (interface) inet static iface (interface) inet static
@ -33,23 +38,25 @@ iface (interface) inet static
``` ```
Enable the interface Enable the interface
`# ifup (interface)` `# ifup (interface)`
Restart DHCP Server Restart DHCP Server
`# systemctl restart isc-dhcp-server.service` `# systemctl restart isc-dhcp-server.service`
### Enable routing ### Enable routing
`# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf` `# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf`
`# sysctl -p /etc/sysctl.d/80-forwarding.conf` `# sysctl -p /etc/sysctl.d/80-forwarding.conf`
`# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE` `# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE`
`# iptables -A FORWARD -i (LAN interface) -j ACCEPT` `# iptables -A FORWARD -i (LAN interface) -j ACCEPT`
Make iptables permanent Make iptables permanent
Select `Yes` during the installation to save current rules Select `Yes` during the installation to save current rules
`# apt install iptables-persistent` `# apt install iptables-persistent`
### Enable DHCP-managed fixed IP address ### Enable DHCP-managed fixed IP address
``` ```
host (hostname) { host (hostname) {
hardware ethernet (mac); hardware ethernet (mac);
@ -58,12 +65,13 @@ host (hostname) {
``` ```
### Dynamic DNS ### Dynamic DNS
*Needs a supported DNS like BIND or PowerDNS*
_Needs a supported DNS like BIND or PowerDNS_
[Configure your DNS server to accept updates](https://wiki.realstickman.net/e/en/linux/services/powerdns) [Configure your DNS server to accept updates](https://wiki.realstickman.net/e/en/linux/services/powerdns)
Add the following snippet to your `/etc/dhcp/dhcpd.conf` file Add the following snippet to your `/etc/dhcp/dhcpd.conf` file
How to generate the key is also described in the DNS article How to generate the key is also described in the DNS article
```
```
ddns-updates on; ddns-updates on;
ddns-update-style interim; ddns-update-style interim;
update-static-leases on; update-static-leases on;
@ -85,12 +93,12 @@ zone 7.168.192.in-addr.arpa. {
primary 127.0.0.1; primary 127.0.0.1;
key (keyname); key (keyname);
} }
``` ```
## Client ## Client
DHCP Request DHCP Request
`# dhclient -v` `# dhclient -v`
Release IP Release IP
`# dhclient -v -r` `# dhclient -v -r`

View File

@ -4,25 +4,29 @@ visible: true
--- ---
[toc] [toc]
## Pre-Setup ## Pre-Setup
Create a gitea user Create a gitea user
`# useradd -m git` `# useradd -m git`
`# mkdir /etc/gitea` `# mkdir /etc/gitea`
`# chown git:git -R /etc/gitea` `# chown git:git -R /etc/gitea`
Create the .ssh directory for the git user Create the .ssh directory for the git user
`$ sudo -u git mkdir -p /home/git/.ssh` `$ sudo -u git mkdir -p /home/git/.ssh`
Get the user id of git with `id git` Get the user id of git with `id git`
## Podman ## Podman
### Network and Pod ### Network and Pod
`# podman network create net_gitea` `# podman network create net_gitea`
`# podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p 3000:3000 -p 127.0.0.1:2222:22` `# podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p 3000:3000 -p 127.0.0.1:2222:22`
#### Port Mappings #### Port Mappings
``` ```
5432 (localhost): Postgres Database 5432 (localhost): Postgres Database
3000: Gitea WebUI 3000: Gitea WebUI
@ -30,7 +34,8 @@ Get the user id of git with `id git`
``` ```
### Database ### Database
```
```sh
# podman run --name giteadb \ # podman run --name giteadb \
-e PGDATA=/var/lib/postgresql/data/pgdata \ -e PGDATA=/var/lib/postgresql/data/pgdata \
-e POSTGRES_USER=gitea \ -e POSTGRES_USER=gitea \
@ -42,7 +47,8 @@ Get the user id of git with `id git`
``` ```
### Application ### Application
```
```sh
# podman run --name gitea \ # podman run --name gitea \
-e USER_UID=(uid) \ -e USER_UID=(uid) \
-e USER_GID=(gid) \ -e USER_GID=(gid) \
@ -60,37 +66,40 @@ Get the user id of git with `id git`
``` ```
**NOTE:** gitea's /data directory must not contain permissions too open. Otherwise the SSH redirection set up below will fail. **NOTE:** gitea's /data directory must not contain permissions too open. Otherwise the SSH redirection set up below will fail.
`0750` for directories and `0640` has been shown to work `0750` for directories and `0640` has been shown to work
The next few lines are used to set up ssh-redirection to gitea if it is used to clone a repo.
The next few lines are used to set up ssh-redirection to gitea if it is used to clone a repo.
> See also the [official documentation](https://docs.gitea.io/en-us/install-with-docker/#sshing-shim-with-authorized_keys) > See also the [official documentation](https://docs.gitea.io/en-us/install-with-docker/#sshing-shim-with-authorized_keys)
Create SSH Keys for gitea Create SSH Keys for gitea
`$ sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"` `$ sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"`
`$ sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys` `$ sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys`
`$ sudo -u git chmod 600 /home/git/.ssh/authorized_keys` `$ sudo -u git chmod 600 /home/git/.ssh/authorized_keys`
``` ```sh
$ cat <<"EOF" | sudo tee /usr/local/bin/gitea $ cat <<"EOF" | sudo tee /usr/local/bin/gitea
#!/bin/sh #!/bin/sh
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@" ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
EOF EOF
``` ```
`# chmod +x /usr/local/bin/gitea` `# chmod +x /usr/local/bin/gitea`
We've now finished setting up the ssh-redirection. We've now finished setting up the ssh-redirection.
After that, connect to the Server on port 3000 to finish the installation After that, connect to the Server on port 3000 to finish the installation
The first registered user will be made admin The first registered user will be made admin
## Management CLI ## Management CLI
Gitea comes with a management cli. To access it, change into the Container first and su into the user "git". Gitea comes with a management cli. To access it, change into the Container first and su into the user "git".
`# podman exec -it gitea bash` `# podman exec -it gitea bash`
`# su git` `# su git`
### User Management ### User Management
List users: List users:
`$ gitea admin user list` `$ gitea admin user list`
Change user password: Change user password:
`$ gitea admin user change-password -u (user) -p (password)` `$ gitea admin user change-password -u (user) -p (password)`

View File

@ -4,30 +4,39 @@ visible: true
--- ---
[toc] [toc]
> [Official Documentation](https://learn.getgrav.org/17) > [Official Documentation](https://learn.getgrav.org/17)
## Requirements ## Requirements
`# apt install nginx php php-fpm php-gd php-apcu php-yaml php-zip php-xml php-mbstring php-curl unzip`
### Download grav `# apt install nginx php php-fpm php-gd php-apcu php-yaml php-zip php-xml php-mbstring php-curl unzip`
### Download grav
Make sure the directory you want to use is owned by your webserver user. (www-data on debian) Make sure the directory you want to use is owned by your webserver user. (www-data on debian)
`# chown www-data:www-data -R /var/www` `# chown www-data:www-data -R /var/www`
**With included admin client** **With included admin client**
`sudo -u www-data wget https://getgrav.org/download/core/grav-admin/1.7.32` `sudo -u www-data wget https://getgrav.org/download/core/grav-admin/1.7.32`
## Theme Learn2 Customisations ## Theme Learn2 Customisations
### Fix for wonky sidebar ### Fix for wonky sidebar
With the default configuration, using jquery-scrollbar, there are issues with extremely long subtopics making the bar not scroll all the way to the bottom. With the default configuration, using jquery-scrollbar, there are issues with extremely long subtopics making the bar not scroll all the way to the bottom.
My workaround is adding the following CSS to custom.css in the theme's `css` directory. My workaround is adding the following CSS to custom.css in the theme's `css` directory.
```css ```css
.highlightable { .highlightable {
overflow: auto; overflow: auto;
} }
``` ```
### Code copy don't copy # or $ ### Code copy don't copy # or $
This needs to be modified in `js/learn.js` This needs to be modified in `js/learn.js`
Here's the change as well as the surrounding code. Here's the change as well as the surrounding code.
```js ```js
// clipboard // clipboard
var clipInit = false; var clipInit = false;
@ -49,14 +58,16 @@ Here's the change as well as the surrounding code.
``` ```
## Custom theme based on Learn2 ## Custom theme based on Learn2
`$ sudo -u www-data /var/www/wiki-grav/bin/plugin devtools new-theme`
`$ sudo -u www-data /var/www/wiki-grav/bin/plugin devtools new-theme`
You'll be asked a few questions next You'll be asked a few questions next
**Important:** when asked to choose an option, choose `inheritance` **Important:** when asked to choose an option, choose `inheritance`
With this, an installed theme can be selected as a base With this, an installed theme can be selected as a base
## Nginx config ## Nginx config
```
```nginx
server { server {
server_name DOMAIN_NAME; server_name DOMAIN_NAME;
@ -119,4 +130,4 @@ server {
server_name DOMAIN_NAME; server_name DOMAIN_NAME;
return 404; return 404;
} }
``` ```