note that dmz.rs exists

Signed-off-by: coja <coja@dmz.rs>

Makefile

@@ -1,5 +1,8 @@
-.PHONY: help
 
+ignore_file = .git/info/exclude
+
+
+.PHONY: help
 help: ## Print the help message
 	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
 		sort | \
@@ -14,69 +17,61 @@ check: ## Check you have all dependencies
 
 ########## Network Map ##########
 
+graph_program != type graph-easy > /dev/null && printf graph-easy || printf dot 
+
 graph_cmd = graph-easy --boxart
 
 queries = queries authqueries
 
 query_formats = $(patsubst %, .dbs/%.txt, $(queries))
 
-.dbs/:
+dotquery_formats = $(patsubst %, .dbs/%.dot, $(queries))
+
+.dbs/: | $(ignore_file)
 	mkdir $@
 
+ignored += .dbs/
+
 $(query_formats): .dbs/%.txt: | .dbs/
 	echo "[ {{name}} ] -- $(basename $(@F)) --> [ {{$(basename $(@F))}} ]" > $@
 
+$(dotquery_formats): .dbs/%.dot: | .dbs/
+	echo '{{name}} -> {{$(basename $(@F))}} [ label="$(basename $(@F))" ];' > $@
+
+ifeq ($(graph_program),dot)
+  map_file = network.png
+else
+  map_file = network.txt
+endif
+
+ignored += $(map_file)
+
 .PHONY: map
-map: .dbs/network.txt ## Show a network map
+map: $(map_file) ## Generate a network map
+
+network.txt: .dbs/network.txt
 	$(graph_cmd) < $<
 
 .dbs/network.txt: network.rec $(query_formats)
-	$(RM) .dbs/network.txt
+	$(RM) $@
 	$(foreach relation, $(queries), \
 	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).txt >> $@ ;\
 	)
 
-########## Man Pages ##########
+.dbs/network.dot: network.rec $(dotquery_formats)
+	echo 'digraph network {' > $@
+	$(foreach relation, $(queries), \
+	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).dot >> $@ ;\
+	)
+	echo '}' >> $@
 
-mandir = $(HOME)/.local/man/man6
+network.png: .dbs/network.dot $(ignore_file)
-
+	dot -T png < $< > $@
-kralizec_docs != grep -rl "^section:" kralizec 
-kralmans = $(kralizec_docs:kralizec/%/README.md=$(mandir)/%.6)
-
-$(mandir)/%.6: kralizec/%/README.md
-	lowdown -stman $< > $@
-
-krov_docs != grep -rl "^section:" krov 
-krovmans = $(krov_docs:krov/%/README.md=$(mandir)/%.6)
-
-$(mandir)/%.6: krov/%/README.md
-	lowdown -stman $< > $@
-
-splint_docs != grep -rl "^section:" splintrs
-splintmans = $(splint_docs:splintrs/%/README.md=$(mandir)/%.6)
-
-$(mandir)/%.6: splintrs/%/README.md
-	lowdown -stman $< > $@
-
-setup_docs != grep -rl "^section:" setup 
-setupmans = $(setup_docs:setup/%.md=$(mandir)/%.6)
-
-$(mandir)/%.6: setup/%.md
-	lowdown -stman $< > $@
-
-$(mandir):
-	mkdir -p $@
-
-$(kralmans) $(krovmans) $(splintmans) $(setupmans) :| $(mandir)
-
-.PHONY: pages
-pages: $(kralmans) $(krovmans) $(setupmans) $(splintmans)
-	$(info $(kralmans))
-	@test ! $(command -v mandb) || mandb --user-db
-	$(info Open DMZ's man pages with 'man 6 <tab>')
 
 ##########
 
+$(ignore_file): $(MAKEFILE_LIST)
+	echo $(ignored) | tr ' ' '\n' > $@
+
 clean:
-	$(RM) $(kralmans) $(krovmans)
+	$(RM) -r $(ignored)
-	$(RM) -r .dbs

README.md

@@ -37,15 +37,14 @@ recinf network.rec
 
 Select with `recsel`, then specify the database (.rec) and type of record (like table in db).
 
-`--include-descriptors` or `-d`
+- `--include-descriptors` or `-d`
-`--type` or `-t`
+- `--type` or `-t`
-`--expression` or `-e`
+- `--expression` or `-e`
-`--quick` or `-q`
+- `--quick` or `-q`
 
 ```sh
 recsel network.rec --type router
 recsel network.rec -d -t lxc
-recsel network.rec -d -t lxc -e ?example?
 ```
 
 User `-q` for a `--quick` selection, or `-e` for more precise selections.

kralizec/wireguard11/README.md

@@ -4,27 +4,14 @@ VMID: 103
 
 [Wireguard VPN quickstart](https://www.wireguard.com/quickstart)
 
-Check dmzadmin for `wireguard.gpg` to know who to contact for access 
+Check `dmzadmin` for `wireguard.gpg` to know who to contact for access 
-
----
-
-### Server config
-
-New user/client needs to provide their wireguard `publickey` and new ip on the network needs to be assigned (`x`)
-add next lines to the bottom of the conf file - `/etc/wireguard/wg0.conf`
-
-```conf
-[Peer]
-PublicKey = <client_public_key>
-AllowedIPs = 192.168.164.x/32
-```
 
 ---
 
 ### Client config
 
-client conf example
+Client config example
-`x` is the assinged on the server as peer
+`x` is the assigned on the server as peer:
 
 ```conf
 
@@ -47,12 +34,23 @@ PersistentKeepalive = 21
 
 ---
 
-Command to resolve ip clashing with current and wireguard network 
+### Server config
+
+New user/client needs to provide their wireguard `publickey` and new ip on the network needs to be assigned (`x`)
+check the server config file `/etc/wireguard/wg0.conf` to find free address
+
+```sh
+sudo wg set wg0 peer <client_public_key> allowed-ips 192.168.164.x/32
+```
+
+---
+
+Command to resolve IP clashing with current and wireguard network, if needed
 
 ```shell
 ip route add <ip> dev <wg0>
 ```
 
-- `ip` you want to resove -> for wireguard vm 192.168.1.10
+- `ip` you want to resolve -> for wireguard VM 192.168.1.10
-- `wg0` name of the wireguard conf
+- `wg0` name of the wireguard config
 

krov/serverko/README.md

@@ -17,3 +17,6 @@ VMID Name
 111  taskmanager12  
 112  stopreklamama12  
 
+##### Legend
+
+12 -> debian 12

krov/serverko/ejabberd12/README.md

@@ -1,3 +1,5 @@
 ---
 VMID: 109
 ---
+
+XMPP server, used for future decentralization

krov/serverko/nginx12/README.md

@@ -1,3 +1,26 @@
 ---
 VMID: 100
 ---
+
+This VM is a reverse proxy, all serveces go through it and get their SSL certificates
+
+## Creating new record
+
+```sh
+cd /etc/nginx/sites-available/ # configs are located here
+vim.tiny pastebin.dmz.rs # using pastebin as example, copy existing one and edit it
+ln -s /etc/nginx/sites-available/pastebin.dmz.rs  /etc/nging/sites-enabled/pastebin.dmz.rs # creating link since file is the same
+mkdir /var/www/pastebindmzrs # new dir where certificate will be validated
+nginx -t # checking for errors
+systemctl reload nginx.service # reloading the service for changes to apply, reset will work too
+service nginx reload # alternative server reload
+certbot certonly --webroot -w /var/www/pastebindmzrs -d pastebin.dmz.rs -d pastebin.decentrala.org # requesting the certificates
+```
+
+## renewal
+
+```sh
+ls /var/www/
+cd /etc/letsencrypt/renewal
+certbot renew
+```

krov/serverko/stopreklamama12/README.md

@@ -1,3 +1,6 @@
 ---
 VMID: 112
 ---
+
+This container is for hosting the [website](https://gitea.dmz.rs/svitvojimilioni/stopreklamama)
+hosted on domen `stopreklamama.dmz.rs`

krov/serverko/taskmanager12/README.md

@@ -1,3 +1,8 @@
 ---
 VMID: 111
 ---
+
+Old app for group task managment, [gitea project](https://gitea.dmz.rs/Decentrala/taskmanager)
+Hosted on [todo.dmz.rs](https://todo.dmz.rs/)
+
+Now using soft.dmz.rs/fixme instead

krov/serverko/tor12/README.md

@@ -1,3 +1,5 @@
 ---
 VMID: 103
 ---
+
+In this container hosts the tor onion service, used for remote access to the proxmox, through tor.

krov/serverko/wireguard12/README.md

@@ -1,3 +1,5 @@
 ---
 VMID: 105
 ---
+
+Wireguard server for VPN access to krov network

krov/srv1/README.md

@@ -1,15 +1,39 @@
 # List of containers
 
-## srv1
+# srv1
 
 VMID Name  
-102  tor12  
+100  ssh12
-103  dendrite  
+101  vukbox
-106  icecast12  
+102  mad3v-container-postgresql  
-107  mariadb12  
+103  nextcloud1 
-108  mpd12  
+104  pentest
-109  ympd  
+105  dns12
-111  sshfs11
+106  cryptpad  
-113  ollama12  
+107  cryptpad12
-114  chatbot12  
+108  ejabberd12 
-115  goodvibes12  
+109  dante12  
+111  postgresql12
+112  gitea12
+113  game12 
+114  coja-nginx 
+115  mad3v-container-1  
+116  hugo12  
+118  mumble
+119  netstat-game12
+120  privatebin12
+121  searxng12 
+122  alpine-it-tools  
+123  test  
+124  jitsi12
+
+---
+
+### Hardware
+
+Dell enterprise server
+
+##### Legend
+
+12 -> debian 12 lxc
+

krov/srv1/alpine-it-tools/README.md

@@ -0,0 +1,7 @@
+---
+VMID: 122
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=alpine-it-tools)
+
+Plan to host it on tools.dmz.rs

krov/srv1/chatbot12/README.md

@@ -1,3 +0,0 @@
----
-VMID: 114
----

krov/srv1/cryptpad12/README.md

@@ -0,0 +1,13 @@
+---
+VMID: 106
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=cryptpad)
+
+[Project page](https://cryptpad.org/)
+
+
+Plan to host it on cryptpad.dmz.rs
+
+cryptpad (106) is already on that subdomain, but it doesnt work
+

krov/srv1/ejabberd12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 108
+---
+
+XMPP server, practice for future decentralization of the service

krov/srv1/homeAssistentInstanca/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 117
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=haos-vm)
+
+[Forum descussion](https://forum.dmz.rs/t/automatizacija-krova/469)
+
+

krov/srv1/icecast12/README.md

@@ -1,3 +0,0 @@
----
-VMID: 106
----

krov/srv1/jitsi12/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 124
+---
+
+Video converencing server. Zoom alternative.
+
+[website](https://jitsi.org/)
+
+Plan to host it on jitsi.dmz.rs, video.dmz.rs or else

krov/srv1/mumble/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 118
+---
+
+VOIP server, hosted on krov.dmz.rs
+
+[website](https://www.mumble.info/)
+
+

krov/srv1/netstat-game12/README.md

@@ -0,0 +1,6 @@
+---
+VMID: 119 
+---
+
+Open arena server, free clone of FPS Quake III Arena
+Hosted on krov.dmz.rs:27960 for LAN Parties

krov/srv1/nextcloud1/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 103
+---
+
+Plan for this services was to use the shared callendar with members of DC Krov
+
+Register as a user is disabled, only admins can create the accounts
+LDAP is not connected
+

krov/srv1/old-abandoned/README.md

@@ -0,0 +1 @@
+Those serveces are not on the server

krov/srv1/old-abandoned/chatbot12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 114
+---
+
+[Forum discussion](https://forum.dmz.rs/t/jel-neko-u-krovu-bot/779)

krov/srv1/other/README.md

@@ -0,0 +1,32 @@
+Here should be the list of other containers on the server
+
+## "Personal containers" 
+created on some of the sysadmin workshops, used for learning and practice, usually named by the nickname
+
+- vukbox
+- hugo12
+- malin
+- mad3v-container-postresql
+- mad3v-container-1
+- coja-nginx hosting [coja.krov.dmz.rs](https://coja.krov.dmz.rs/)
+- 
+
+---
+
+## Other 
+
+- pentest - created by fleka for CTF challange
+
+---
+
+## Containers with no info
+Feel free to add info 
+
+- dante12
+- dns12
+- gitea12
+- test
+- game12
+
+
+

krov/srv1/postgresql12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 111
+---
+
+Probably used as a testing ground for syncing the database, for future decentralization.

krov/srv1/privatebin12/README.md

@@ -0,0 +1,10 @@
+---
+VMID: 120
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=privatebin)
+
+[Project page](https://privatebin.info/)
+
+Hosted on [subdomain on dmz](https://pastebin.dmz.rs/)
+

krov/srv1/searxng12/README.md

@@ -0,0 +1,10 @@
+---
+VMID: 121
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=searxng)
+
+[Project git repo](https://github.com/searxng/searxng)
+
+Hosted on [subdomain on dmz](https://search.dmz.rs/)
+

krov/srv1/ssh12/README.md

@@ -2,4 +2,7 @@
 VMID: 100
 ---
 
+SSH port from this container is forwarded on krov.dmz.rs
+SSH access to other containers is done through this one with ssh jump, passwords are disabled, so only keys verification is used. 
+
 [wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)

krov/srv1/sshfs11/README.md

@@ -1,3 +0,0 @@
----
-VMID: 111
----

network.rec

@@ -15,6 +15,7 @@ ISP: Yettel
 
 name: moxx
 location: kralizec
+local_access: 192.168.1.200:8006
 
 name: Serverko
 location: krov
@@ -35,6 +36,10 @@ proxies: dmzrs
 name: LDAP
 host: moxx
 
+name: dmzrs
+host: moxx
+note: hosts the dmz.rs website
+
 name: website
 host: moxx
 authqueries: LDAP

setup/ssh_to_lxc.md

@@ -0,0 +1,36 @@
+---
+volume: Decentrala
+section: 6
+title: Access Linux Containers in Moxx over `ssh`
+author: Malin
+source: dmz.rs
+---
+
+Access `moxx`, the Proxmox machine:
+
+1. Check you can access the creds in `dmzadmin`: `gpg -d credentials/kralizec/ssh11.gpg`.
+2. Check the creds work: `ssh dmz.rs ls`.
+3. Copy your ssh keys across: `ssh-copy-id -i ~/id_selected dmz.rs`.
+4. Check that works: `test $(ssh dmz.rs hostname) = ssh11`
+5. Find `moxx`' IP address in its credentials: `moxxIP=[ user ]@[ local ip ]`
+6. Jump through `ssh11` to access `moxx`: `ssh -J user@dmz.rs $moxx_ip`
+
+
+# Enter Containers
+
+Use `pct` to find and access containers:
+
+```sh
+pct list | grep -v stopped
+pct enter 112
+```
+
+- Don't tell people to type 'pct enter', or they will type `pct`, and hit the enter key I TOLD YOU ALL THE KEY SHOULD BE CALLED RETURN.
+- Now you're in the container.
+
+## Just for Fun
+
+```sh
+pct list | grep -v VMID |\
+    column -J -N vmid,state,current,name  | less -R
+```