add graph-easy dependency

Makefile

@@ -5,13 +5,36 @@ help: ## Print the help message
 		sort | \
 		column -s ':' -t
 
-map.txt: map.ge ## Making map.txt
-	grep -v '# unimportant' $< | graph-easy --boxart > $@
-	cat $@
+.PHONY: check
+check: ## Check you have all dependencies
+	@command -v graph-easy >/dev/null || { echo "Install perl-graph-easy" && exit 1 ;}
+	@command -v recsel >/dev/null || { echo "Install recutils" && exit 1 ;}
+	@command -v lowdown >/dev/null || { echo "Install lowdown" && exit 1 ;}
+	@echo "All dependencies installed"
 
-full_map.txt: map.ge ## Generating full_map.txt with graph-easy
-	graph-easy --boxart < $< > $@
-	cat $@
+########## Network Map ##########
+
+graph_cmd = graph-easy --boxart
+
+queries = queries authqueries
+
+query_formats = $(patsubst %, .dbs/%.txt, $(queries))
+
+.dbs/:
+	mkdir $@
+
+$(query_formats): .dbs/%.txt: | .dbs/
+	echo "[ {{name}} ] -- $(basename $(@F)) --> [ {{$(basename $(@F))}} ]" > $@
+
+.PHONY: map
+map: .dbs/network.txt ## Show a network map
+	$(graph_cmd) < $<
+
+.dbs/network.txt: network.rec $(query_formats)
+	$(RM) .dbs/network.txt
+	$(foreach relation, $(queries), \
+	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).txt >> $@ ;\
+	)
 
 ########## Man Pages ##########
 
@@ -56,3 +79,4 @@ pages: $(kralmans) $(krovmans) $(setupmans) $(splintmans)
 
 clean:
 	$(RM) $(kralmans) $(krovmans)
+	$(RM) -r .dbs

README.md

@@ -2,6 +2,11 @@ These setup files provide the text-only configurations for DMZ.
 
 *It should not contain private data.*
 
+# Dependencies
+
+- `recutils`
+- (optional) `graph-easy` (the package may be called `perl-graph-easy`)
+
 # Aspirations
 
 - Each service should reside in its own directory.
@@ -15,3 +20,48 @@ These setup files provide the text-only configurations for DMZ.
 - Any maintenance scripts.
 - Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.
 
+# Network Database
+
+I have a half-baked plan to finally make use of plain-text databases, and it's already half-working.
+Try these commands:
+
+Ask what types of _rec_ords it contains:
+
+```sh
+recinf network.rec
+```
+
+Select with `recsel`, then specify the type of record.
+
+```sh
+recsel network.rec --type router
+recsel network.rec --include-descriptors --type lxc
+recsel network.rec -d -t lxc
+recsel network.rec -d -t lxc --expression
+```
+
+User `-q` for a 'quick' selection, or `-e` for more precise selections.
+
+```sh
+recsel network.rec --type lxc --quick wiki
+recsel network.rec --type lxc -q nginx
+recsel network.rec -t lxc --expression "name ~ 'nginx'"
+recsel network.rec -t lxc --expression "name = 'nginx12'"
+```
+
+If you can select something, you can also set its fields with `recset`.
+
+Use `-f` to set the field, and `-a` to add, or `-s` to set.
+
+
+```sh
+recset network.rec -t lxc --expression "name = 'nginx12'" -f proxies --add soft-serve
+recsel network.rec -t lxc --expression "name = 'nginx11'" -p proxies[0]
+recset network.rec -t lxc --expression "name = 'nginx11'" -f proxies[0] -s wiki9
+```
+
+Insert a new record with `recins`.
+
+```sh
+recins network.rec -t lxc -r "name: bob" -r "service: bob" -r "host: moxx"
+```

kralizec/ssh11/README.md

@@ -1,3 +1,5 @@
 ---
 VMID: 114
 ---
+
+[wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)

kralizec/wireguard11/README.md

@@ -0,0 +1,58 @@
+---
+VMID: 103
+---
+
+[Wireguard VPN quickstart](https://www.wireguard.com/quickstart)
+
+Check dmzadmin for `wireguard.gpg` to know who to contact for access 
+
+---
+
+### Server config
+
+New user/client needs to provide their wireguard `publickey` and new ip on the network needs to be assigned (`x`)
+add next lines to the bottom of the conf file - `/etc/wireguard/wg0.conf`
+
+```conf
+[Peer]
+PublicKey = <client_public_key>
+AllowedIPs = 192.168.164.x/32
+```
+
+---
+
+### Client config
+
+client conf example
+`x` is the assinged on the server as peer
+
+```conf
+
+[Interface]
+Address = 192.168.164.x/32
+DNS = 1.1.1.1
+MTU = 1420
+SaveConfig = true
+ListenPort = 51820
+FwMark = 0xca6c
+PrivateKey = <your_private_wg_key>
+
+[Peer]
+PublicKey = JP2FTHLUujkevz1kUymciLImsx1OX9ViUko7oPAIoiA=
+AllowedIPs = 192.168.164.0/24, 192.168.1.0/24
+Endpoint = 77.105.27.232:51820
+PersistentKeepalive = 21
+
+```
+
+---
+
+Command to resolve ip clashing with current and wireguard network 
+
+```shell
+ip route add <ip> dev <wg0>
+```
+
+- `ip` you want to resove -> for wireguard vm 192.168.1.10
+- `wg0` name of the wireguard conf
+

krov/srv1/ssh12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 100
+---
+
+[wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)

map.ge

@@ -1,39 +0,0 @@
-# Network map of Decentrala.  Use with:
-# graph-easy --boxart < netmap.txt
-
-(Mox
-	[ m_router ]{label: router ;}
-	[ wireguard ] --> [ m_nginx ]{label: nginx-11 ;}
-	[ wiki ] --> [ m_nginx ]
-	[ gitea ] --> [ m_nginx ]
-	[ tor11 ] --> [ m_nginx ] --> [ m_router ]
-	[ smtp ]
-)
-
-(Serverko
-	[ s_nginx ]{label: nginx-12 ;}
-	[ s_router ]{label: router ;}
-	[ s_nginx ] --> [ nextcloud ]
-	[ s_nginx ] --> [ tor12 ]
-	[ s_nginx ] --> [ s_router ]
-)
-
-(splint.rs # unimportant
-	[ soft-serve ] # unimportant
-	[ mail-cache ]# unimportant
-) # unimportant
-
-[ tor12 ] <..> [ onions ] <..> [ tor11 ]
-[ m_router ] <..> [ BGP ] <..> [ madness ] <..> [ s_router ]
-[ smtp ] <..> [ madness ]
-[ madness ] <..> [  mail-cache ]# unimportant
-[ A ]{label: "" ;}
-[ B ]{label: "" ;}
-[ C ]{label: "" ;}
-[ D ]{label: "" ;}
-[ onions ] <..> [ A ]
-[ onions ] <..> [ B ]
-[ A ] <..> [ C ]
-[ B ] <..> [ D ]
-
-(Sharks! [ D ])

network.rec

@@ -0,0 +1,88 @@
+%rec: router
+%doc: Routers, or possibly modems?
+
+name: ISP Router
+location: kralizec
+ISP: Orion
+
+name: ISP Router
+location: krov
+ISP: Yettel
+
+%rec: host
+%doc: These are the real machines, most of which run VMs or containters.
+%key: name
+
+name: moxx
+location: kralizec
+
+name: Serverko
+location: krov
+
+%rec: lxc
+%doc: A container, usually on a Proxmox host.
+%type: host rec host
+
+name: nginx11
+gateway: ISP-router
+host: moxx
+proxies: wiki11
+proxies: gitea11
+proxies: forum11
+proxies: ejabberd11
+proxies: dmzrs
+
+name: LDAP
+host: moxx
+
+name: website
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+service: dmzrs
+service: flask accounts
+
+name: gitea11
+service: gitea
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+
+name: ejabberd11
+service: ejabberd
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+
+name: forum11
+service: forum
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+
+name: postfix11
+service: postfix
+authqueries: LDAP
+
+name: tor11
+service: tor
+host: moxx
+
+name: postgresql11
+service: postgresql
+host: moxx
+
+name: wiki11
+service: wiki
+host: moxx
+authqueries: LDAP
+
+name: nginx12
+host: Serverko
+
+name: nextcloud
+host: Serverko
+
+name: tor12
+host: nginx
+

scripts/generatepass.sh

@@ -0,0 +1,5 @@
+
+#!/bin/bash
+
+echo $(shuf shared/english.txt | head) | sed "s/ //g"
+

setup/ssh_FAQ.md

@@ -56,7 +56,6 @@ Now all the files have 'read, write, and execute', but only for `$USER`.
 Host soft
     HostName soft.dmz.rs
     Port 2222
-	User ghost
 	IdentityFile ~/.ssh/id rsa
 Host dmz
     HostName dmz.rs