diff --git a/pages/02.linux/acme-sh/default.en.md b/pages/02.linux/acme-sh/default.en.md index cc1ee3b..f879e8a 100644 --- a/pages/02.linux/acme-sh/default.en.md +++ b/pages/02.linux/acme-sh/default.en.md @@ -7,46 +7,68 @@ visible: true ## Getting ACME.SH +[shuser] + ```sh git clone https://github.com/acmesh-official/acme.sh.git cd ./acme.sh -./acme.sh --install -m my@example.com +./acme.sh --install -m [EMAIL] ``` +[/shuser] + ## First time ZeroSSL registration +[shuser] + ```sh -.acme.sh/acme.sh --register-account -m (email) +.acme.sh/acme.sh --register-account -m [EMAIL] ``` +[/shuser] + ## Issue new certificate Needs root to start a server on port 80 +[shroot] + ```sh -.acme.sh/acme.sh --issue --standalone -d (url) +.acme.sh/acme.sh --issue --standalone -d [DOMAIN] ``` +[/shroot] + ## Issue new certificate with DNS API > [Official Documentation](https://github.com/acmesh-official/acme.sh/wiki/dnsapi) ### Gandi -```sh -export GANDI_LIVEDNS_KEY="(api key)" -``` +[shuser] ```sh -.acme.sh/acme.sh --issue --dns dns_gandi_livedns -d (domain) +export GANDI_LIVEDNS_KEY="[API KEY]" ``` +[/shuser] + +[shuser] + +```sh +.acme.sh/acme.sh --issue --dns dns_gandi_livedns -d [DOMAIN] +``` + +[/shuser] + ## Install certificate Make sure to create the `/etc/acme-sh/(url)` directory +[shuser] + ```sh -export url={URL} \ +export url=[URL] \ && mkdir -p /etc/acme-sh/{$url} \ && .acme.sh/acme.sh --install-cert -d $url \ --key-file /etc/acme-sh/{$url}/key.pem \ @@ -54,6 +76,8 @@ export url={URL} \ --reloadcmd "sudo systemctl restart nginx" ``` +[/shuser] + ## Systems Service & Timer `/etc/systemd/system/acme-sh.service` @@ -87,7 +111,10 @@ WantedBy=timers.target ``` Enable timer +[shroot] ```sh systemctl enable --now acme-sh.timer ``` + +[/shroot] diff --git a/pages/02.linux/actualbudget/default.en.md b/pages/02.linux/actualbudget/default.en.md index b151a4c..c98c319 100644 --- a/pages/02.linux/actualbudget/default.en.md +++ b/pages/02.linux/actualbudget/default.en.md @@ -11,8 +11,12 @@ https://github.com/actualbudget/actual-server#persisting-server-data https://actualbudget.github.io/docs/Installing/Docker#launch-container-using-docker-command -``` +[shroot] + +```sh podman run -d --name actualbudget -p 5006:5006 \ -v /mnt/actualbudget:/data \ ghcr.io/actualbudget/actual-server:latest-alpine ``` + +[/shroot] diff --git a/pages/02.linux/authentik/default.en.md b/pages/02.linux/authentik/default.en.md index ae2ab68..a8f4636 100644 --- a/pages/02.linux/authentik/default.en.md +++ b/pages/02.linux/authentik/default.en.md @@ -16,8 +16,12 @@ Podman in version `3.0` comes with the socket already enabled for the root user. ### Network and Pod [shroot] + +```sh podman network create net_authentik podman pod create --name pod_authentik --network net_authentik -p 9000:9000 -p 9443:9443 +``` + [/shroot] #### Port Mappings diff --git a/pages/02.linux/bind-dns/default.en.md b/pages/02.linux/bind-dns/default.en.md index 3c42449..58112b3 100644 --- a/pages/02.linux/bind-dns/default.en.md +++ b/pages/02.linux/bind-dns/default.en.md @@ -9,6 +9,10 @@ visible: false ### Debian +[shroot] + +```sh +apt install bind9 ``` -sudo apt install bind9 -``` + +[/shroot] diff --git a/pages/02.linux/cloud-init/default.en.md b/pages/02.linux/cloud-init/default.en.md index ce6214b..a0f6989 100644 --- a/pages/02.linux/cloud-init/default.en.md +++ b/pages/02.linux/cloud-init/default.en.md @@ -11,10 +11,14 @@ The VM template needs a few cloud-init tools installed before we can use it with ### Debian +[shroot] + ```sh apt install cloud-init cloud-initramfs-growroot ``` +[/shroot] + ### AlmaLinux ## Config file diff --git a/pages/02.linux/dhcp-server-and-routing/default.en.md b/pages/02.linux/dhcp-server-and-routing/default.en.md index dc360e4..5142f6a 100644 --- a/pages/02.linux/dhcp-server-and-routing/default.en.md +++ b/pages/02.linux/dhcp-server-and-routing/default.en.md @@ -7,78 +7,102 @@ visible: true ## Installation +[shroot] + ```sh apt install isc-dhcp-server ``` +[/shroot] + ## Configuration Edit `/etc/default/isc-dhcp-server` ``` -INTERFACESv4="{INTERFACE 1} {INTERFACE 2}" +INTERFACESv4="[INTERFACE 1] [INTERFACE 2]" ``` Edit `/etc/dhcp/dhcpd.conf` to set a subnet ``` -subnet {NETADDRESS} netmask {SUBNETMASK} { - range {FIRST DHCP} {LAST DHCP}; - option subnet-mask {SUBNETMASK}; - option routers {GATEWAY}; - option domain-name "{NAME}"; - option domain-name-servers {DNS SERVER}; +subnet [NETADDRESS] netmask [SUBNETMASK] { + range [FIRST DHCP] [LAST DHCP]; + option subnet-mask [SUBNETMASK]; + option routers [GATEWAY]; + option domain-name "[NAME]"; + option domain-name-servers [DNS SERVER]; } ``` Edit `/etc/network/interfaces` ``` -auto {INTERFACE} -iface {INTERFACE} inet static - address {ADDRESS} - network {NETADDRESS} - netmask {NETMASK} - broadcast {BROADCAST} +auto [INTERFACE] +iface [INTERFACE] inet static + address [ADDRESS] + network [NETADDRESS] + netmask [NETMASK] + broadcast [BROADCAST] ``` Enable the interface +[shroot] + ```sh -ifup {INTERFACE} +ifup [INTERFACE] ``` +[/shroot] + Restart DHCP Server +[shroot] + ```sh systemctl restart isc-dhcp-server.service ``` +[/shroot] + ### Enable routing +[shroot] + ```sh echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf sysctl -p /etc/sysctl.d/80-forwarding.conf ``` +[/shroot] + +[shroot] + ```sh -iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE -iptables -A FORWARD -i (LAN interface) -j ACCEPT +iptables -t nat -A POSTROUTING -o [WAN INTERFACE] -j MASQUERADE +iptables -A FORWARD -i [LAN INTERFACE] -j ACCEPT ``` +[/shroot] + Make iptables permanent Select `Yes` during the installation to save current rules +[shroot] + ```sh apt install iptables-persistent ``` +[/shroot] + ### Enable DHCP-managed fixed IP address ``` -host (hostname) { - hardware ethernet (mac); - fixed-address (ip address); +host [HOSTNAME] { + hardware ethernet [MAC ADDRESS]; + fixed-address [IP ADDRESS]; } ``` @@ -97,19 +121,19 @@ update-static-leases on; ddns-domainname "testpdns"; ddns-rev-domainname "in-addr.arpa."; -key "(keyname)" { +key "[KEYNAME]" { algorithm hmac-md5; - secret "(key)"; + secret "[KEY]"; }; zone testpdns { primary 127.0.0.1; - key (keyname); + key [KEYNAME]; } zone 7.168.192.in-addr.arpa. { primary 127.0.0.1; - key (keyname); + key [KEYNAME]; } ``` @@ -117,12 +141,20 @@ zone 7.168.192.in-addr.arpa. { DHCP Request +[shroot] + ```sh dhclient -v ``` +[/shroot] + Release IP +[shroot] + ```sh -# dhclient -v -r +dhclient -v -r ``` + +[/shroot] diff --git a/pages/02.linux/file-operations/default.en.md b/pages/02.linux/file-operations/default.en.md index 82b37d2..16bfb7e 100644 --- a/pages/02.linux/file-operations/default.en.md +++ b/pages/02.linux/file-operations/default.en.md @@ -1,18 +1,20 @@ --- -title: 'File Operations' +title: "File Operations" visible: true --- [toc] + ## Workings of file permissions ### Change permissions -To change file permissions use `chmod (-R) XXX (path)` -XXX signify the permissions for the file's owner/group/others respectively +To change file permissions use `chmod (-R) XXX [PATH]` + +XXX signify the permissions for the file's owner/group/others respectively Each X goes from 0 to 7. -What each number means can be easily calculated by looking at what the individual bit values mean. +What each number means can be easily calculated by looking at what the individual bit values mean. ``` 0 -> No Permission @@ -21,18 +23,20 @@ What each number means can be easily calculated by looking at what the individua 1 -> Execute Permission ``` -A value of 5 therefor gives the permissions "Read" and "Execute". - -*To enter a folder, you need the read as well as the execute permission!* +A value of 5 therefor gives the permissions "Read" and "Execute". + +_To enter a folder, you need the read as well as the execute permission!_ ### Change user and group + Use `chown` to change the owner and group of a file or directory. -If you only want to change the user or the group, only specify the part left or right of `:` respectively. +If you only want to change the user or the group, only specify the part left or right of `:` respectively. Example: -`chown (-R) (owner):(group) (path)` +`chown (-R) [OWNER]:[GROUP] [PATH]` ## Find biggest files -`find . -type f -print0 | xargs -0 du -s | sort -n | tail -(amount) | cut -f2 | xargs -I{} du -sh {}` -`find . -type f -printf "%s %p\n" | sort -nr | head -5` +`find . -type f -print0 | xargs -0 du -s | sort -n | tail -[AMOUNT] | cut -f2 | xargs -I{} du -sh {}` + +`find . -type f -printf "%s %p\n" | sort -nr | head -5` diff --git a/pages/02.linux/fstab/default.en.md b/pages/02.linux/fstab/default.en.md index a6d2a9a..02e70fc 100644 --- a/pages/02.linux/fstab/default.en.md +++ b/pages/02.linux/fstab/default.en.md @@ -8,19 +8,19 @@ visible: true ## Other drives Find uuid with `sudo blkid` -`UUID=(uuid) (mountpath) (filesystem) defaults,noatime 0 2` +`UUID=[UUID] [MOUNTPATH] [FILESYSTEM] defaults,noatime 0 2` ## Samba shares -```sh -//(ip)/(path)/ (mountpath) cifs uid=0,credentials=(path to credentials file),iocharset=utf8,noperm,nofail 0 0 +``` +//[IP]/[PATH]/ [MOUNTPATH] cifs uid=0,credentials=[CREDENTIALS FILE],iocharset=utf8,noperm,nofail 0 0 ``` Example credentials file: ``` -user=(user) -password=(password) +user=[USER] +password=[PASSWORD] domain=WORKGROUP ``` diff --git a/pages/02.linux/gitea/default.en.md b/pages/02.linux/gitea/default.en.md index e1d24e2..988809f 100644 --- a/pages/02.linux/gitea/default.en.md +++ b/pages/02.linux/gitea/default.en.md @@ -9,29 +9,41 @@ visible: true Create a gitea user +[shroot] + ```sh useradd -m git mkdir /etc/gitea chown git:git -R /etc/gitea ``` +[/shroot] + Create the .ssh directory for the git user +[shuser] + ```sh sudo -u git mkdir -p /home/git/.ssh ``` +[/shuser] + Get the user id of git with `id git` ## Podman ### Network and Pod +[shroot] + ```sh podman network create net_gitea podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p 3000:3000 -p 127.0.0.1:2222:22 ``` +[/shroot] + #### Port Mappings ``` @@ -42,8 +54,10 @@ podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p ### Database +[shroot] + ```sh -# podman run --name giteadb \ +podman run --name giteadb \ -e PGDATA=/var/lib/postgresql/data/pgdata \ -e POSTGRES_USER=gitea \ -e POSTGRES_PASSWORD=gitea \ @@ -53,12 +67,16 @@ podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p -d docker.io/postgres:14 ``` +[/shroot] + ### Application +[shroot] + ```sh -# podman run --name gitea \ - -e USER_UID=(uid) \ - -e USER_GID=(gid) \ +podman run --name gitea \ + -e USER_UID=[UID] \ + -e USER_GID=[GID] \ -e GITEA__database__DB_TYPE=postgres \ -e GITEA__database__HOST=giteadb:5432 \ -e GITEA__database__NAME=gitea \ @@ -72,6 +90,8 @@ podman pod create --name pod_gitea --network net_gitea -p 127.0.0.1:5432:5432 -p -d docker.io/gitea/gitea:latest ``` +[/shroot] + **NOTE:** gitea's /data directory must not contain permissions too open. Otherwise the SSH redirection set up below will fail. `0750` for directories and `0640` is known to work. @@ -81,6 +101,8 @@ The next few lines are used to set up ssh-redirection to gitea if it is used to Create SSH Keys for gitea +[shuser] + ```sh sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys @@ -94,6 +116,8 @@ EOF chmod +x /usr/local/bin/gitea ``` +[/shuser] + We've now finished setting up the ssh-redirection. After that, connect to the Server on port 3000 to finish the installation The first registered user will be made admin @@ -102,25 +126,37 @@ The first registered user will be made admin Gitea comes with a management cli. To access it, change into the Container first and su into the user "git". +[shroot] + ```sh podman exec -it gitea bash su git ``` +[/shroot] + ### User Management List users: +[shroot] + ```sh gitea admin user list ``` +[/shroot] + Change user password: +[shroot] + ```sh -gitea admin user change-password -u (user) -p (password) +gitea admin user change-password -u [USER] -p [PASSWORD] ``` +[/shroot] + ## Package Management ### Container Registry @@ -129,12 +165,20 @@ Gitea comes with a built-in container registry. #### Login +[shuser] + ```sh podman login gitea.exu.li ``` +[/shuser] + #### Push image +[shuser] + ```sh -podman push docker://gitea.exu.li//: +podman push [IMAGE ID] docker://gitea.exu.li/[OWNER]/[IMAGE]:[TAG] ``` + +[/shuser]