diff --git a/pages/02.linux/authentik/default.en.md b/pages/02.linux/authentik/default.en.md index 93bcd02..4fcdabe 100644 --- a/pages/02.linux/authentik/default.en.md +++ b/pages/02.linux/authentik/default.en.md @@ -9,8 +9,10 @@ visible: false ### Network and Pod -`# podman network create net_authentik` -`# podman pod create --name pod_authentik --network net_authentik -p ` +```sh +podman network create net_authentik +podman pod create --name pod_authentik --network net_authentik -p +``` #### Port Mappings @@ -21,7 +23,7 @@ visible: false ### Database ```sh -# podman run --name authentik_db \ +podman run --name authentik_db \ -e PGDATA=/var/lib/postgresql/data/pgdata \ -e POSTGRES_USER=authentik \ -e POSTGRES_PASSWORD=authentik \ @@ -34,7 +36,7 @@ visible: false ### Redis ```sh -# podman run --name authentik_redis \ +podman run --name authentik_redis \ -v /mnt/authentik_redis:/data \ --pod pod_authentik \ -d docker.io/redis:7 \ @@ -45,27 +47,27 @@ visible: false https://goauthentik.io/docs/installation/docker-compose -``` - server: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} - restart: unless-stopped - command: server - environment: - AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" - volumes: - - ./media:/media - - ./custom-templates:/templates - - geoip:/geoip - env_file: - - .env - ports: - - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000" - - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443" +```yaml +server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + volumes: + - ./media:/media + - ./custom-templates:/templates + - geoip:/geoip + env_file: + - .env + ports: + - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000" + - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443" ``` ``` @@ -74,30 +76,30 @@ https://goauthentik.io/docs/installation/docker-compose ### Application Worker -``` +```yaml worker: - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} - restart: unless-stopped - command: worker - environment: - AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" - # This is optional, and can be removed. If you remove this, the following will happen - # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000 - # - The docker socket can't be accessed anymore - user: root - volumes: - - ./media:/media - - ./certs:/certs - - /var/run/docker.sock:/var/run/docker.sock - - ./custom-templates:/templates - - geoip:/geoip - env_file: - - .env + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + # This is optional, and can be removed. If you remove this, the following will happen + # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000 + # - The docker socket can't be accessed anymore + user: root + volumes: + - ./media:/media + - ./certs:/certs + - /var/run/docker.sock:/var/run/docker.sock + - ./custom-templates:/templates + - geoip:/geoip + env_file: + - .env ``` ``` diff --git a/pages/02.linux/cloud-init/default.en.md b/pages/02.linux/cloud-init/default.en.md index bd92478..ce6214b 100644 --- a/pages/02.linux/cloud-init/default.en.md +++ b/pages/02.linux/cloud-init/default.en.md @@ -11,7 +11,9 @@ The VM template needs a few cloud-init tools installed before we can use it with ### Debian -`# apt install cloud-init cloud-initramfs-growroot` +```sh +apt install cloud-init cloud-initramfs-growroot +``` ### AlmaLinux diff --git a/pages/02.linux/dhcp-server-and-routing/default.en.md b/pages/02.linux/dhcp-server-and-routing/default.en.md index d68536d..dc360e4 100644 --- a/pages/02.linux/dhcp-server-and-routing/default.en.md +++ b/pages/02.linux/dhcp-server-and-routing/default.en.md @@ -7,53 +7,71 @@ visible: true ## Installation -`# apt install isc-dhcp-server` +```sh +apt install isc-dhcp-server +``` ## Configuration -Edit `/etc/default/isc-dhcp-server` -`INTERFACESv4="(interface 1) (interface 2)"` +Edit `/etc/default/isc-dhcp-server` + +``` +INTERFACESv4="{INTERFACE 1} {INTERFACE 2}" +``` Edit `/etc/dhcp/dhcpd.conf` to set a subnet ``` -subnet (netaddress) netmask (subnetmask) { - range (first dhcp) (last dhcp); - option subnet-mask (subnetmask); - option routers (gateway); - option domain-name "(name)"; - option domain-name-servers (dns server); +subnet {NETADDRESS} netmask {SUBNETMASK} { + range {FIRST DHCP} {LAST DHCP}; + option subnet-mask {SUBNETMASK}; + option routers {GATEWAY}; + option domain-name "{NAME}"; + option domain-name-servers {DNS SERVER}; } ``` Edit `/etc/network/interfaces` ``` -auto (interface) -iface (interface) inet static - address (address) - network (netaddress) - netmask (netmask) - broadcast (broadcast) +auto {INTERFACE} +iface {INTERFACE} inet static + address {ADDRESS} + network {NETADDRESS} + netmask {NETMASK} + broadcast {BROADCAST} ``` -Enable the interface -`# ifup (interface)` +Enable the interface -Restart DHCP Server -`# systemctl restart isc-dhcp-server.service` +```sh +ifup {INTERFACE} +``` + +Restart DHCP Server + +```sh +systemctl restart isc-dhcp-server.service +``` ### Enable routing -`# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf` -`# sysctl -p /etc/sysctl.d/80-forwarding.conf` +```sh +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/80-forwarding.conf +sysctl -p /etc/sysctl.d/80-forwarding.conf +``` -`# iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE` -`# iptables -A FORWARD -i (LAN interface) -j ACCEPT` +```sh +iptables -t nat -A POSTROUTING -o (WAN interface) -j MASQUERADE +iptables -A FORWARD -i (LAN interface) -j ACCEPT +``` Make iptables permanent -Select `Yes` during the installation to save current rules -`# apt install iptables-persistent` +Select `Yes` during the installation to save current rules + +```sh +apt install iptables-persistent +``` ### Enable DHCP-managed fixed IP address @@ -97,8 +115,14 @@ zone 7.168.192.in-addr.arpa. { ## Client -DHCP Request -`# dhclient -v` +DHCP Request -Release IP -`# dhclient -v -r` +```sh +dhclient -v +``` + +Release IP + +```sh +# dhclient -v -r +```