Decentrala/dmzconf
20
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Decentrala:man
Branches Tags
Decentrala:master Decentrala:man Decentrala:bydir
..
compare: Decentrala:76e9650abe8a01871f3b42fb9fc622c8da0c1e28
Branches Tags
Decentrala:master Decentrala:man Decentrala:bydir

8 Commits
man ... 76e9650abe

Author SHA1 Message Date
coja
76e9650abe [Doc] added wiki link to ssh 2025-03-25 20:51:32 +01:00
Malin Freeborn
624e8d2bfd remove suggested username from ssh FAQ 2025-03-25 20:32:16 +01:00
Malin Freeborn
c8282c82c5 Merge branch 'master' of ssh://gitea.dmz.rs:2222/Decentrala/dmzconf 2025-03-22 12:21:02 +01:00
coja
c81ef26f4e [scripts] added generate random pass script 2025-03-22 05:02:51 +01:00
coja
dbd7f3dfd4 [kralizec] updated readme for wireguard 2025-03-22 04:21:53 +01:00
coja
547ef14a31 [kralizec] added readme for wireguard 2025-03-22 04:11:41 +01:00
Malin Freeborn
e44620521f remove old showpass script 
The dmzadmin repo now populates password lists, no need for this.
 2025-03-20 18:58:48 +01:00
Malin Freeborn
49c1417b8a make soft man pages 2024-12-06 22:39:45 +01:00
10 changed files with 90 additions and 83 deletions
Expand all files Collapse all files

10
Makefile
View File

@@ -29,6 +29,12 @@ krovmans = $(krov_docs:krov/%/README.md=$(mandir)/%.6)
$(mandir)/%.6: krov/%/README.md
lowdown -stman $< > $@
splint_docs != grep -rl "^section:" splintrs
splintmans = $(splint_docs:splintrs/%/README.md=$(mandir)/%.6)
$(mandir)/%.6: splintrs/%/README.md
lowdown -stman $< > $@
setup_docs != grep -rl "^section:" setup
setupmans = $(setup_docs:setup/%.md=$(mandir)/%.6)
@@ -38,10 +44,10 @@ $(mandir)/%.6: setup/%.md
$(mandir):
mkdir -p $@
$(kralmans) $(krovmans) $(setupmans) :| $(mandir)
$(kralmans) $(krovmans) $(splintmans) $(setupmans) :| $(mandir)
.PHONY: pages
pages: $(kralmans) $(krovmans) $(setupmans)
pages: $(kralmans) $(krovmans) $(setupmans) $(splintmans)
$(info $(kralmans))
@test ! $(command -v mandb) || mandb --user-db
$(info Open DMZ's man pages with 'man 6 <tab>')

18
kn.mk
View File

@@ -1,18 +0,0 @@
all_docs != find krov/serverko -name README.md
path_to_docs = $(patsubst krov/%/README.md, docs/%.md, $(all_docs))
stripped_docs = $(notdir $(path_to_docs))
x:
$(info $(all_docs))
$(info $(stripped_docs))
docs/kralizec/%.md: kralizec/%/README.md
mkdir -p $(@D)
cp $< $@
docs/serverko/%.md: krov/serverko/%/README.md
mkdir -p $(@D)
cp $< $@

2
kralizec/ssh11/README.md
View File

@@ -1,3 +1,5 @@
---
VMID: 114
---
[wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)

58
kralizec/wireguard11/README.md Normal file
View File

@@ -0,0 +1,58 @@
---
VMID: 103
---
[Wireguard VPN quickstart](https://www.wireguard.com/quickstart)
Check dmzadmin for `wireguard.gpg` to know who to contact for access
---
### Server config
New user/client needs to provide their wireguard `publickey` and new ip on the network needs to be assigned (`x`)
add next lines to the bottom of the conf file - `/etc/wireguard/wg0.conf`
```conf
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 192.168.164.x/32
```
---
### Client config
client conf example
`x` is the assinged on the server as peer
```conf
[Interface]
Address = 192.168.164.x/32
DNS = 1.1.1.1
MTU = 1420
SaveConfig = true
ListenPort = 51820
FwMark = 0xca6c
PrivateKey = <your_private_wg_key>
[Peer]
PublicKey = JP2FTHLUujkevz1kUymciLImsx1OX9ViUko7oPAIoiA=
AllowedIPs = 192.168.164.0/24, 192.168.1.0/24
Endpoint = 77.105.27.232:51820
PersistentKeepalive = 21
```
---
Command to resolve ip clashing with current and wireguard network
```shell
ip route add <ip> dev <wg0>
```
- `ip` you want to resove -> for wireguard vm 192.168.1.10
- `wg0` name of the wireguard conf

5
krov/srv1/ssh12/README.md Normal file
View File

@@ -0,0 +1,5 @@
---
VMID: 100
---
[wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)

5
scripts/generatepass.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/bash
echo $(shuf shared/english.txt | head) | sed "s/ //g"

62
scripts/showpass.sh
View File

@@ -1,62 +0,0 @@
#!/bin/sh
# If you want to add these passwords to the `pass` program, you can
# symlink all the passwords which you can open, then open the
# passwords with a script like this.
pass_store=~/.password-store
# THIS_PLACE="$PWD"
# mkdir $pass_store/dmz
# cd !$
# find "$THIS_PLACE" -type f -name "*.gpg" | \
# sed "s#/home/ghost#../..#" | \
# while read -r line; do
# gpg -d "$line" && ln -sf "$line" .
# done
sanity_check(){
command -v $1 >/dev/null || (
echo "You must install $1"
exit 1
)
}
set_selector_if_program_exists(){
command -v "$1" > /dev/null && selector="$1 $2"
}
if [ -z "$DISPLAY" ]; then
set_selector_if_program_exists sk || \
set_selector_if_program_exists fzy || \
set_selector_if_program_exists fzf
fail_sender='echo'
else
set_selector_if_program_exists "rofi" 'rofi -dmenu "$@"' || \
set_selector_if_program_exists dmenu || \
(
echo "Cannot find anything to select a key. Install dmenu."
exit 1
)
fail_sender='notify-send'
fi
list_keys(){
find -L . -mindepth 1 -type f -name "*.gpg" | \
sed 's/\.\///' | \
sed 's/.gpg//'
}
####################
set -e
sanity_check pass
cd "$pass_store"
password="$(list_keys | $selector)"
pass -c "$password" || $fail_sender 'Cannot decrypt'

1
setup/ssh_FAQ.md
View File

@@ -56,7 +56,6 @@ Now all the files have 'read, write, and execute', but only for `$USER`.
Host soft
HostName soft.dmz.rs
Port 2222
User ghost
IdentityFile ~/.ssh/id rsa
Host dmz
HostName dmz.rs

6
splintrs/soft-serve/README.md
View File

@@ -1,3 +1,9 @@
---
source: Decentrala
section: 6
title: Soft-Serve Basics
---
Soft Serve has its configurations stored inside itself in a repo. Admins can pull:
`git clone ssh://soft.dmz.rs:2222/.soft-serve`

6
splintrs/soft-serve/webhooks.md
View File

@@ -1,3 +1,9 @@
---
source: Decentrala
section: 6
title: Soft-Serve Webhooks
---
### Soft serve webhooks
Soft serve supports [webhooks](https://en.wikipedia.org/wiki/Webhook)