Implement lots of shortcodes for shell commands
This commit is contained in:
parent
f6c35976c7
commit
932e7dd8de
@ -7,46 +7,68 @@ visible: true
|
||||
|
||||
## Getting ACME.SH
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
git clone https://github.com/acmesh-official/acme.sh.git
|
||||
cd ./acme.sh
|
||||
./acme.sh --install -m my@example.com
|
||||
./acme.sh --install -m [EMAIL]
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
## First time ZeroSSL registration
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
.acme.sh/acme.sh --register-account -m (email)
|
||||
.acme.sh/acme.sh --register-account -m [EMAIL]
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
## Issue new certificate
|
||||
|
||||
Needs root to start a server on port 80
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
.acme.sh/acme.sh --issue --standalone -d (url)
|
||||
.acme.sh/acme.sh --issue --standalone -d [DOMAIN]
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
## Issue new certificate with DNS API
|
||||
|
||||
> [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
|
||||
|
||||
### Gandi
|
||||
|
||||
```sh
|
||||
export GANDI_LIVEDNS_KEY="(api key)"
|
||||
```
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
.acme.sh/acme.sh --issue --dns dns_gandi_livedns -d (domain)
|
||||
export GANDI_LIVEDNS_KEY="[API KEY]"
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
.acme.sh/acme.sh --issue --dns dns_gandi_livedns -d [DOMAIN]
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
## Install certificate
|
||||
|
||||
Make sure to create the `/etc/acme-sh/(url)` directory
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
export url={URL} \
|
||||
export url=[URL] \
|
||||
&& mkdir -p /etc/acme-sh/{$url} \
|
||||
&& .acme.sh/acme.sh --install-cert -d $url \
|
||||
--key-file /etc/acme-sh/{$url}/key.pem \
|
||||
@ -54,6 +76,8 @@ export url={URL} \
|
||||
--reloadcmd "sudo systemctl restart nginx"
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
## Systems Service & Timer
|
||||
|
||||
`/etc/systemd/system/acme-sh.service`
|
||||
@ -87,7 +111,10 @@ WantedBy=timers.target
|
||||
```
|
||||
|
||||
Enable timer
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
systemctl enable --now acme-sh.timer
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
@ -11,8 +11,12 @@ https://github.com/actualbudget/actual-server#persisting-server-data
|
||||
|
||||
https://actualbudget.github.io/docs/Installing/Docker#launch-container-using-docker-command
|
||||
|
||||
```
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
podman run -d --name actualbudget -p 5006:5006 \
|
||||
-v /mnt/actualbudget:/data \
|
||||
ghcr.io/actualbudget/actual-server:latest-alpine
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
@ -16,8 +16,12 @@ Podman in version `3.0` comes with the socket already enabled for the root user.
|
||||
### Network and Pod
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
podman network create net_authentik
|
||||
podman pod create --name pod_authentik --network net_authentik -p 9000:9000 -p 9443:9443
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
#### Port Mappings
|
||||
|
@ -9,6 +9,10 @@ visible: false
|
||||
|
||||
### Debian
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
apt install bind9
|
||||
```
|
||||
sudo apt install bind9
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
@ -11,10 +11,14 @@ The VM template needs a few cloud-init tools installed before we can use it with
|
||||
|
||||
### Debian
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
apt install cloud-init cloud-initramfs-growroot
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
### AlmaLinux
|
||||
|
||||
## Config file
|
||||
|
@ -7,78 +7,102 @@ visible: true
|
||||
|
||||
## Installation
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
apt install isc-dhcp-server
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
## Configuration
|
||||
|
||||
Edit `/etc/default/isc-dhcp-server`
|
||||
|
||||
```
|
||||
INTERFACESv4="{INTERFACE 1} {INTERFACE 2}"
|
||||
INTERFACESv4="[INTERFACE 1] [INTERFACE 2]"
|
||||
```
|
||||
|
||||
Edit `/etc/dhcp/dhcpd.conf` to set a subnet
|
||||
|
||||
```
|
||||
subnet {NETADDRESS} netmask {SUBNETMASK} {
|
||||
range {FIRST DHCP} {LAST DHCP};
|
||||
option subnet-mask {SUBNETMASK};
|
||||
option routers {GATEWAY};
|
||||
option domain-name "{NAME}";
|
||||
option domain-name-servers {DNS SERVER};
|
||||
subnet [NETADDRESS] netmask [SUBNETMASK] {
|
||||
range [FIRST DHCP] [LAST DHCP];
|
||||
option subnet-mask [SUBNETMASK];
|
||||
option routers [GATEWAY];
|
||||
option domain-name "[NAME]";
|
||||
option domain-name-servers [DNS SERVER];
|
||||
}
|
||||
```
|
||||
|
||||
Edit `/etc/network/interfaces`
|
||||
|
||||
```
|
||||
auto {INTERFACE}
|
||||
iface {INTERFACE} inet static
|
||||
address {ADDRESS}
|
||||
network {NETADDRESS}
|
||||
netmask {NETMASK}
|
||||
broadcast {BROADCAST}
|
||||
auto [INTERFACE]
|
||||
iface [INTERFACE] inet static
|
||||
address [ADDRESS]
|
||||
network [NETADDRESS]
|
||||
netmask [NETMASK]
|
||||
broadcast [BROADCAST]
|
||||
```
|
||||
|
||||
Enable the interface
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
ifup {INTERFACE}
|
||||
ifup [INTERFACE]
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
Restart DHCP Server
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
systemctl restart isc-dhcp-server.service
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
### Enable routing
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf
|
||||
sysctl -p /etc/sysctl.d/80-forwarding.conf
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE
|
||||
iptables -A FORWARD -i (LAN interface) -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -o [WAN INTERFACE] -j MASQUERADE
|
||||
iptables -A FORWARD -i [LAN INTERFACE] -j ACCEPT
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
Make iptables permanent
|
||||
Select `Yes` during the installation to save current rules
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
apt install iptables-persistent
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
### Enable DHCP-managed fixed IP address
|
||||
|
||||
```
|
||||
host (hostname) {
|
||||
hardware ethernet (mac);
|
||||
fixed-address (ip address);
|
||||
host [HOSTNAME] {
|
||||
hardware ethernet [MAC ADDRESS];
|
||||
fixed-address [IP ADDRESS];
|
||||
}
|
||||
```
|
||||
|
||||
@ -97,19 +121,19 @@ update-static-leases on;
|
||||
ddns-domainname "testpdns";
|
||||
ddns-rev-domainname "in-addr.arpa.";
|
||||
|
||||
key "(keyname)" {
|
||||
key "[KEYNAME]" {
|
||||
algorithm hmac-md5;
|
||||
secret "(key)";
|
||||
secret "[KEY]";
|
||||
};
|
||||
|
||||
zone testpdns {
|
||||
primary 127.0.0.1;
|
||||
key (keyname);
|
||||
key [KEYNAME];
|
||||
}
|
||||
|
||||
zone 7.168.192.in-addr.arpa. {
|
||||
primary 127.0.0.1;
|
||||
key (keyname);
|
||||
key [KEYNAME];
|
||||
}
|
||||
```
|
||||
|
||||
@ -117,12 +141,20 @@ zone 7.168.192.in-addr.arpa. {
|
||||
|
||||
DHCP Request
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
dhclient -v
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
Release IP
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
# dhclient -v -r
|
||||
dhclient -v -r
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
@ -1,18 +1,20 @@
|
||||
---
|
||||
title: 'File Operations'
|
||||
title: "File Operations"
|
||||
visible: true
|
||||
---
|
||||
|
||||
[toc]
|
||||
|
||||
## Workings of file permissions
|
||||
|
||||
### Change permissions
|
||||
To change file permissions use `chmod (-R) XXX (path)`
|
||||
|
||||
XXX signify the permissions for the file's owner/group/others respectively
|
||||
To change file permissions use `chmod (-R) XXX [PATH]`
|
||||
|
||||
XXX signify the permissions for the file's owner/group/others respectively
|
||||
|
||||
Each X goes from 0 to 7.
|
||||
What each number means can be easily calculated by looking at what the individual bit values mean.
|
||||
What each number means can be easily calculated by looking at what the individual bit values mean.
|
||||
|
||||
```
|
||||
0 -> No Permission
|
||||
@ -21,18 +23,20 @@ What each number means can be easily calculated by looking at what the individua
|
||||
1 -> Execute Permission
|
||||
```
|
||||
|
||||
A value of 5 therefor gives the permissions "Read" and "Execute".
|
||||
|
||||
*To enter a folder, you need the read as well as the execute permission!*
|
||||
A value of 5 therefor gives the permissions "Read" and "Execute".
|
||||
|
||||
_To enter a folder, you need the read as well as the execute permission!_
|
||||
|
||||
### Change user and group
|
||||
|
||||
Use `chown` to change the owner and group of a file or directory.
|
||||
If you only want to change the user or the group, only specify the part left or right of `:` respectively.
|
||||
If you only want to change the user or the group, only specify the part left or right of `:` respectively.
|
||||
|
||||
Example:
|
||||
`chown (-R) (owner):(group) (path)`
|
||||
`chown (-R) [OWNER]:[GROUP] [PATH]`
|
||||
|
||||
## Find biggest files
|
||||
`find . -type f -print0 | xargs -0 du -s | sort -n | tail -(amount) | cut -f2 | xargs -I{} du -sh {}`
|
||||
|
||||
`find . -type f -printf "%s %p\n" | sort -nr | head -5`
|
||||
`find . -type f -print0 | xargs -0 du -s | sort -n | tail -[AMOUNT] | cut -f2 | xargs -I{} du -sh {}`
|
||||
|
||||
`find . -type f -printf "%s %p\n" | sort -nr | head -5`
|
||||
|
@ -8,19 +8,19 @@ visible: true
|
||||
## Other drives
|
||||
|
||||
Find uuid with `sudo blkid`
|
||||
`UUID=(uuid) (mountpath) (filesystem) defaults,noatime 0 2`
|
||||
`UUID=[UUID] [MOUNTPATH] [FILESYSTEM] defaults,noatime 0 2`
|
||||
|
||||
## Samba shares
|
||||
|
||||
```sh
|
||||
//(ip)/(path)/ (mountpath) cifs uid=0,credentials=(path to credentials file),iocharset=utf8,noperm,nofail 0 0
|
||||
```
|
||||
//[IP]/[PATH]/ [MOUNTPATH] cifs uid=0,credentials=[CREDENTIALS FILE],iocharset=utf8,noperm,nofail 0 0
|
||||
```
|
||||
|
||||
Example credentials file:
|
||||
|
||||
```
|
||||
user=(user)
|
||||
password=(password)
|
||||
user=[USER]
|
||||
password=[PASSWORD]
|
||||
domain=WORKGROUP
|
||||
```
|
||||
|
||||
|
@ -9,29 +9,41 @@ visible: true
|
||||
|
||||
Create a gitea user
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
useradd -m git
|
||||
mkdir /etc/gitea
|
||||
chown git:git -R /etc/gitea
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
Create the .ssh directory for the git user
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
sudo -u git mkdir -p /home/git/.ssh
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
Get the user id of git with `id git`
|
||||
|
||||
## Podman
|
||||
|
||||
### Network and Pod
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
podman network create net_gitea
|
||||
podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p 3000:3000 -p 127.0.0.1:2222:22
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
#### Port Mappings
|
||||
|
||||
```
|
||||
@ -42,8 +54,10 @@ podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p
|
||||
|
||||
### Database
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
# podman run --name giteadb \
|
||||
podman run --name giteadb \
|
||||
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||
-e POSTGRES_USER=gitea \
|
||||
-e POSTGRES_PASSWORD=gitea \
|
||||
@ -53,12 +67,16 @@ podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p
|
||||
-d docker.io/postgres:14
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
### Application
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
# podman run --name gitea \
|
||||
-e USER_UID=(uid) \
|
||||
-e USER_GID=(gid) \
|
||||
podman run --name gitea \
|
||||
-e USER_UID=[UID] \
|
||||
-e USER_GID=[GID] \
|
||||
-e GITEA__database__DB_TYPE=postgres \
|
||||
-e GITEA__database__HOST=giteadb:5432 \
|
||||
-e GITEA__database__NAME=gitea \
|
||||
@ -72,6 +90,8 @@ podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p
|
||||
-d docker.io/gitea/gitea:latest
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
**NOTE:** gitea's /data directory must not contain permissions too open. Otherwise the SSH redirection set up below will fail.
|
||||
`0750` for directories and `0640` is known to work.
|
||||
|
||||
@ -81,6 +101,8 @@ The next few lines are used to set up ssh-redirection to gitea if it is used to
|
||||
|
||||
Create SSH Keys for gitea
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
|
||||
sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys
|
||||
@ -94,6 +116,8 @@ EOF
|
||||
chmod +x /usr/local/bin/gitea
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
We've now finished setting up the ssh-redirection.
|
||||
After that, connect to the Server on port 3000 to finish the installation
|
||||
The first registered user will be made admin
|
||||
@ -102,25 +126,37 @@ The first registered user will be made admin
|
||||
|
||||
Gitea comes with a management cli. To access it, change into the Container first and su into the user "git".
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
podman exec -it gitea bash
|
||||
su git
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
### User Management
|
||||
|
||||
List users:
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
gitea admin user list
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
Change user password:
|
||||
|
||||
[shroot]
|
||||
|
||||
```sh
|
||||
gitea admin user change-password -u (user) -p (password)
|
||||
gitea admin user change-password -u [USER] -p [PASSWORD]
|
||||
```
|
||||
|
||||
[/shroot]
|
||||
|
||||
## Package Management
|
||||
|
||||
### Container Registry
|
||||
@ -129,12 +165,20 @@ Gitea comes with a built-in container registry.
|
||||
|
||||
#### Login
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
podman login gitea.exu.li
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
||||
#### Push image
|
||||
|
||||
[shuser]
|
||||
|
||||
```sh
|
||||
podman push <IMAGE ID> docker://gitea.exu.li/<OWNER>/<IMAGE>:<TAG>
|
||||
podman push [IMAGE ID] docker://gitea.exu.li/[OWNER]/[IMAGE]:[TAG]
|
||||
```
|
||||
|
||||
[/shuser]
|
||||
|
Loading…
Reference in New Issue
Block a user