Compare commits
No commits in common. "master" and "Help" have entirely different histories.
44
Makefile
44
Makefile
@ -12,47 +12,3 @@ map.txt: map.ge ## Making map.txt
|
||||
full_map.txt: map.ge ## Generating full_map.txt with graph-easy
|
||||
graph-easy --boxart < $< > $@
|
||||
cat $@
|
||||
|
||||
########## Man Pages ##########
|
||||
|
||||
mandir = $(HOME)/.local/man/man6
|
||||
|
||||
kralizec_docs != grep -rl "^section:" kralizec
|
||||
kralmans = $(kralizec_docs:kralizec/%/README.md=$(mandir)/%.6)
|
||||
|
||||
$(mandir)/%.6: kralizec/%/README.md
|
||||
lowdown -stman $< > $@
|
||||
|
||||
krov_docs != grep -rl "^section:" krov
|
||||
krovmans = $(krov_docs:krov/%/README.md=$(mandir)/%.6)
|
||||
|
||||
$(mandir)/%.6: krov/%/README.md
|
||||
lowdown -stman $< > $@
|
||||
|
||||
splint_docs != grep -rl "^section:" splintrs
|
||||
splintmans = $(splint_docs:splintrs/%/README.md=$(mandir)/%.6)
|
||||
|
||||
$(mandir)/%.6: splintrs/%/README.md
|
||||
lowdown -stman $< > $@
|
||||
|
||||
setup_docs != grep -rl "^section:" setup
|
||||
setupmans = $(setup_docs:setup/%.md=$(mandir)/%.6)
|
||||
|
||||
$(mandir)/%.6: setup/%.md
|
||||
lowdown -stman $< > $@
|
||||
|
||||
$(mandir):
|
||||
mkdir -p $@
|
||||
|
||||
$(kralmans) $(krovmans) $(splintmans) $(setupmans) :| $(mandir)
|
||||
|
||||
.PHONY: pages
|
||||
pages: $(kralmans) $(krovmans) $(setupmans) $(splintmans)
|
||||
$(info $(kralmans))
|
||||
@test ! $(command -v mandb) || mandb --user-db
|
||||
$(info Open DMZ's man pages with 'man 6 <tab>')
|
||||
|
||||
##########
|
||||
|
||||
clean:
|
||||
$(RM) $(kralmans) $(krovmans)
|
||||
|
@ -13,5 +13,5 @@ These setup files provide the text-only configurations for DMZ.
|
||||
- Idempotency.
|
||||
- All secrets stored elsewhere (probably in the `dmzadmin` repo)
|
||||
- Any maintenance scripts.
|
||||
- Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.
|
||||
- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`.
|
||||
|
||||
|
26
docs/dmzrs/README.md
Normal file
26
docs/dmzrs/README.md
Normal file
@ -0,0 +1,26 @@
|
||||
Add this configuration to ~/.ssh/config file
|
||||
|
||||
Host dmzkrovdmzrs12
|
||||
Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
|
||||
User root
|
||||
IdentityFile ~/.ssh/id_rsa
|
||||
PasswordAuthentication no
|
||||
|
||||
Now you can log in by typing:
|
||||
torsocks ssh dmzkrovdmzrs12
|
||||
|
||||
Install all needed packages
|
||||
apt install rsync git nginx
|
||||
git clone https://gitea.dmz.rs/Decentrala/website
|
||||
|
||||
Run updatewebsite.sh script every minute using crontab (run "crontab -e")
|
||||
This fill automaticlly pull from git repo and regenerate events page
|
||||
|
||||
Add nginx-dmz.rs.conf to /etc/nginx/sites-available/dmz.rs and create a symlink
|
||||
from /etc/nginx/sites-enabled/dmz.rs to that file
|
||||
You can do this by running:
|
||||
ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
|
||||
|
||||
Increase server_names_hash_bucket_size to 256 in /etc/nginx/nginx.conf in order to support onion addresses.
|
||||
|
||||
In the nginx configuration /account/ is redirected to luser (https://gitea.dmz.rs/fram3d/luser) instance running at 192.168.1.211
|
@ -1,9 +1,3 @@
|
||||
---
|
||||
title: ejabberd configurations
|
||||
section: 6
|
||||
source: Decentrala
|
||||
---
|
||||
|
||||
#On your PC
|
||||
Add this configuration to ~/.ssh/config
|
||||
|
@ -17,3 +17,16 @@ VMID Name
|
||||
111 taskmanager12
|
||||
112 stopreklamama12
|
||||
|
||||
## srv1
|
||||
|
||||
VMID Name
|
||||
102 tor12
|
||||
103 dendrite
|
||||
106 icecast12
|
||||
107 mariadb12
|
||||
108 mpd12
|
||||
109 ympd
|
||||
111 sshfs11
|
||||
113 ollama12
|
||||
114 chatbot12
|
||||
115 goodvibes12
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 115
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 126
|
||||
---
|
@ -1,40 +0,0 @@
|
||||
Add this configuration to `~/.ssh/config` file
|
||||
|
||||
```
|
||||
Host dmzkrovdmzrs12
|
||||
Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
|
||||
User root
|
||||
IdentityFile ~/.ssh/id_rsa
|
||||
PasswordAuthentication no
|
||||
|
||||
```
|
||||
|
||||
Now you can log in by typing:
|
||||
|
||||
|
||||
```bash
|
||||
torsocks ssh dmzkrovdmzrs12
|
||||
```
|
||||
|
||||
Install all needed packages:
|
||||
|
||||
|
||||
```bash
|
||||
apt install rsync git nginx
|
||||
git clone https://gitea.dmz.rs/Decentrala/website
|
||||
```
|
||||
|
||||
Run `updatewebsite.sh` script every minute using `crontab` (run "`crontab -e`")
|
||||
This fill automatically pull from git repo and regenerate events page
|
||||
|
||||
Add `nginx-dmz.rs.conf` to `/etc/nginx/sites-available/dmz.rs` and create a symlink
|
||||
from `/etc/nginx/sites-enabled/dmz.rs` to that file.
|
||||
You can do this by running:
|
||||
|
||||
```bash
|
||||
ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
|
||||
```
|
||||
|
||||
Increase `server_names_hash_bucket_size` to 256 in `/etc/nginx/nginx.conf` in order to support onion addresses.
|
||||
|
||||
In the `nginx` configuration /account/ is redirected to the `luser` [instance](https://gitea.dmz.rs/fram3d/luser) running at `192.168.1.211`.
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 122
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 118
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 124
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 111
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 106
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 119
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 109
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 117
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 104
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 121
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 108
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 127
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 113
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 105
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 116
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 123
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 114
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 112
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 101
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 125
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 120
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 102
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 101
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 102
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 110
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 109
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 107
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 100
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 106
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 108
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 104
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 112
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 111
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 103
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 105
|
||||
---
|
@ -1,15 +0,0 @@
|
||||
# List of containers
|
||||
|
||||
## srv1
|
||||
|
||||
VMID Name
|
||||
102 tor12
|
||||
103 dendrite
|
||||
106 icecast12
|
||||
107 mariadb12
|
||||
108 mpd12
|
||||
109 ympd
|
||||
111 sshfs11
|
||||
113 ollama12
|
||||
114 chatbot12
|
||||
115 goodvibes12
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 114
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 103
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 115
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 106
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 107
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 108
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 113
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 111
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 102
|
||||
---
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
VMID: 109
|
||||
---
|
@ -1,41 +0,0 @@
|
||||
---
|
||||
volume: Decentrala
|
||||
section: 6
|
||||
title: git aliases
|
||||
author: Malin
|
||||
source: dmz.rs
|
||||
---
|
||||
|
||||
## Aliases
|
||||
|
||||
Put these in `~/.bash_aliases`
|
||||
|
||||
```
|
||||
alias gb='git branch'
|
||||
alias gc='git add -p . && git commit'
|
||||
alias gd="git diff --word-diff"
|
||||
alias gl='git log --graph --show-signature'
|
||||
alias gla="git log --all --decorate --oneline --graph"
|
||||
alias gm='git merge'
|
||||
alias gis='git status'
|
||||
```
|
||||
|
||||
## Dangerous Aliases
|
||||
|
||||
Get a fuzzy-finder, like `fzy,` or `sk` (called `sk-im` in the repos), and checkout faster:
|
||||
|
||||
```
|
||||
alias gco='git checkout --recurse-submodules $(sk -c "git branch | cut -c 3-")'
|
||||
```
|
||||
|
||||
Delete all changes and start again instantly:
|
||||
|
||||
```
|
||||
alias grs='git reset --hard HEAD'
|
||||
```
|
||||
|
||||
Push to remotes that don't use http:
|
||||
|
||||
```
|
||||
alias gpa='git remote show | while read remote; do git remote get-url $remote | grep -qv http && git push $remote; done'
|
||||
```
|
104
setup/ssh_FAQ.md
104
setup/ssh_FAQ.md
@ -1,104 +0,0 @@
|
||||
---
|
||||
volume: Decentrala
|
||||
section: 6
|
||||
title: ssh setup
|
||||
author: Malin
|
||||
source: dmz.rs
|
||||
---
|
||||
|
||||
## Step 1: Basic `ssh`
|
||||
|
||||
> I did stuff with my `ssh` and now things don't work. What do?
|
||||
|
||||
Check the permissions on your `ssh` directory:
|
||||
|
||||
```bash
|
||||
$ ls -d ~/.ssh
|
||||
drwxr-x--- - ghost 3 Dec 12:55 /home/ghost/.ssh
|
||||
```
|
||||
|
||||
This is wrong, because anyone in your `~` can see you `ssh` configuration files.
|
||||
|
||||
```bash
|
||||
$ chmod -R 600 ~/.ssh
|
||||
$ ls -d ~/.ssh
|
||||
drw------- - ghost 3 Dec 12:55 /home/ghost/.ssh
|
||||
```
|
||||
|
||||
This is also wrong - entering a directory is the same as executing it.
|
||||
If you can't 'execute' the directory, you cannot enter it, and `ssh` cannot read the files.
|
||||
|
||||
```bash
|
||||
$ chmod -R 700 ~/.ssh
|
||||
$ ls -l ~/.config
|
||||
|
||||
-rwx------ 1 ghost dmz 578 Dec 27 2022 authorized hosts
|
||||
-rwx------ 1 ghost dmz 1145 Dec 27 2022 authorized keys
|
||||
-rwx------ 2 ghost dmz 366 Dec 14 18:36 config
|
||||
-rwx------ 1 ghost dmz 419 Dec 11 2023 id ed25519
|
||||
-rwx------ 1 ghost dmz 106 Dec 11 2023 id ed25519.pub
|
||||
-rwx------ 1 ghost dmz 2610 Dec 27 2022 id rsa
|
||||
-rwx------ 1 ghost dmz 578 Dec 27 2022 id rsa.pub
|
||||
-rwx------ 1 ghost dmz 28269 Dec 28 17:32 known hosts
|
||||
```
|
||||
|
||||
Now all the files have 'read, write, and execute', but only for `$USER`.
|
||||
|
||||
## Step 2: The Config File
|
||||
|
||||
> I have 43 different `ssh` keys. Something doesn't work with a program. What do?
|
||||
|
||||
- Option 1: Delete all of them and stop asking Santa for `ssh` keys.
|
||||
- Option 2: Define which one you want to use in the `~/.ssh/config` file.
|
||||
|
||||
|
||||
```
|
||||
Host soft
|
||||
HostName soft.dmz.rs
|
||||
Port 2222
|
||||
User ghost
|
||||
IdentityFile ~/.ssh/id rsa
|
||||
Host dmz
|
||||
HostName dmz.rs
|
||||
Port 123
|
||||
User root
|
||||
Host krov
|
||||
HostName dmz.rs
|
||||
Port 5555
|
||||
User ghost
|
||||
Host june
|
||||
HostName 192.168.1.100
|
||||
User ghost
|
||||
ProxyJump krov
|
||||
```
|
||||
|
||||
|
||||
The first example lets you go to the `soft-serve` git-server just by typing
|
||||
|
||||
```bash
|
||||
$ ssh soft
|
||||
```
|
||||
|
||||
If you're not sure if ssh is using the right key, try with `-v` for 'verbose mode'.
|
||||
|
||||
```bash
|
||||
$ ssh -vv soft
|
||||
```
|
||||
|
||||
If you're not sure if ssh is using the right key, try with `-v` for 'verbose mode'.
|
||||
|
||||
> `git` is not working with `ssh`
|
||||
|
||||
`git` will not presume to use your `ssh` config file unless you tell it:
|
||||
|
||||
```bash
|
||||
$ GIT_SSH_COMMAND="ssh -F ~/.ssh/config" git pull
|
||||
```
|
||||
|
||||
If that works, you can make the change permanent for that one repository:
|
||||
|
||||
|
||||
```bash
|
||||
$ git config core.sshCommand "ssh -F ~/.ssh/config"
|
||||
```
|
||||
|
@ -1,8 +1,6 @@
|
||||
# This make file produces the smtp daemon for the current backup domain: splint.rs
|
||||
|
||||
# It is missing the cert, so you'll have to make another.
|
||||
# It hasn't been tested in a few years, and I have no idea how to make a
|
||||
# containerized test which will check DNS, and SSL certificates.
|
||||
|
||||
DOMAIN=splint.rs
|
||||
|
@ -1 +0,0 @@
|
||||
`smtp` provides email backups, in case kralizec goes offline.
|
@ -1,36 +0,0 @@
|
||||
---
|
||||
source: Decentrala
|
||||
section: 6
|
||||
title: Soft-Serve Basics
|
||||
---
|
||||
|
||||
Soft Serve has its configurations stored inside itself in a repo. Admins can pull:
|
||||
|
||||
`git clone ssh://soft.dmz.rs:2222/.soft-serve`
|
||||
|
||||
# Adding Users
|
||||
|
||||
Summary:
|
||||
|
||||
`ssh -p 2222 soft.dmz.rs user --help`
|
||||
|
||||
Add user `ana` to the `fixme` repository:
|
||||
|
||||
```bash
|
||||
user=ana
|
||||
repo=fixme
|
||||
ssh -p 2222 soft.dmz.rs user create $user
|
||||
key="$(cat ~/dmzadmin/ssh_keys/alice.pub)"
|
||||
ssh -p 2222 soft.dmz.rs user add-pubkey "$key" $user
|
||||
ssh -p 2222 soft.dmz.rs repo collab add $repo $user
|
||||
ssh -p 2222 soft.dmz.rs user info $user
|
||||
```
|
||||
|
||||
Add `bojan` as an admin (who can see an change all repositories):
|
||||
|
||||
|
||||
```bash
|
||||
user=bojan
|
||||
sshkey="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5g6oP6+DyFhkIrN4pRcvsQ7RgNavEyzN2kH8yOB6mA bojan@posteo.net"
|
||||
ssh -p 2222 soft.dmz.rs user create --admin --key "$sshkey" "$user"
|
||||
```
|
@ -1,27 +0,0 @@
|
||||
---
|
||||
source: Decentrala
|
||||
section: 6
|
||||
title: Soft-Serve Webhooks
|
||||
---
|
||||
|
||||
### Soft serve webhooks
|
||||
|
||||
Soft serve supports [webhooks](https://en.wikipedia.org/wiki/Webhook)
|
||||
|
||||
Webhooks allow us to get notified on some web server when some events occur on the soft serve git server. Currently supported events that can be subscribed to (for a specific repo) are:
|
||||
|
||||
- branch_tag_create
|
||||
- branch_tag_delete
|
||||
- collaborator
|
||||
- push
|
||||
- repository
|
||||
- repository_visibility_change
|
||||
|
||||
See help page for repo webhooks
|
||||
`ssh -p 2222 soft.dmz.rs repo webhook --help`
|
||||
|
||||
##### Example
|
||||
|
||||
An example for using a webhook could be that you want to be notified when anyone pushes commits to `boban` repo
|
||||
You could create a webhook that will trigger on the push event of the boban repo and send a request to boban.dmz.rs/push url (where you could host a webapp that listens for that request). The webapp will react to it by sending a xmpp message with details on which commits where pushed etc.
|
||||
`webhook create boban boban.dmz.rs/push --events push`
|
Loading…
Reference in New Issue
Block a user