42 changed files with 156 additions and 479 deletions
--- a/87
+++ b/87
@ -1,77 +1,58 @@
 ignore_file = .git/info/exclude
 .PHONY: help
 help: ## Print the help message
 	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
 		sort | \
 		column -s ':' -t
-.PHONY: check
+map.txt: map.ge ## Making map.txt
-check: ## Check you have all dependencies
+	grep -v '# unimportant' $< | graph-easy --boxart > $@
-	@command -v graph-easy >/dev/null || { echo "Install perl-graph-easy" && exit 1 ;}
+	cat $@
 	@command -v recsel >/dev/null || { echo "Install recutils" && exit 1 ;}
 	@command -v lowdown >/dev/null || { echo "Install lowdown" && exit 1 ;}
 	@echo "All dependencies installed"
-########## Network Map ##########
+full_map.txt: map.ge ## Generating full_map.txt with graph-easy
 	graph-easy --boxart < $< > $@
 	cat $@
-graph_program != type graph-easy > /dev/null && printf graph-easy || printf dot 
+########## Man Pages ##########
-graph_cmd = graph-easy --boxart
+mandir = $(HOME)/.local/man/man6
-queries = queries authqueries
+kralizec_docs != grep -rl "^section:" kralizec 
 kralmans = $(kralizec_docs:kralizec/%/README.md=$(mandir)/%.6)
-query_formats = $(patsubst %, .dbs/%.txt, $(queries))
+$(mandir)/%.6: kralizec/%/README.md
 	lowdown -stman $< > $@
-dotquery_formats = $(patsubst %, .dbs/%.dot, $(queries))
+krov_docs != grep -rl "^section:" krov 
 krovmans = $(krov_docs:krov/%/README.md=$(mandir)/%.6)
-.dbs/: | $(ignore_file)
+$(mandir)/%.6: krov/%/README.md
-	mkdir $@
+	lowdown -stman $< > $@
-ignored += .dbs/
+splint_docs != grep -rl "^section:" splintrs
 splintmans = $(splint_docs:splintrs/%/README.md=$(mandir)/%.6)
-$(query_formats): .dbs/%.txt: | .dbs/
+$(mandir)/%.6: splintrs/%/README.md
-	echo "[ {{name}} ] -- $(basename $(@F)) --> [ {{$(basename $(@F))}} ]" > $@
+	lowdown -stman $< > $@
-$(dotquery_formats): .dbs/%.dot: | .dbs/
+setup_docs != grep -rl "^section:" setup 
-	echo '{{name}} -> {{$(basename $(@F))}} [ label="$(basename $(@F))" ];' > $@
+setupmans = $(setup_docs:setup/%.md=$(mandir)/%.6)
-ifeq ($(graph_program),dot)
+$(mandir)/%.6: setup/%.md
-  map_file = network.png
+	lowdown -stman $< > $@
 else
  map_file = network.txt
 endif
-ignored += $(map_file)
+$(mandir):
 	mkdir -p $@
-.PHONY: map
+$(kralmans) $(krovmans) $(splintmans) $(setupmans) :| $(mandir)
 map: $(map_file) ## Generate a network map
-network.txt: .dbs/network.txt
+.PHONY: pages
-	$(graph_cmd) < $<
+pages: $(kralmans) $(krovmans) $(setupmans) $(splintmans)
-
+	$(info $(kralmans))
-.dbs/network.txt: network.rec $(query_formats)
+	@test ! $(command -v mandb) || mandb --user-db
-	$(RM) $@
+	$(info Open DMZ's man pages with 'man 6 <tab>')
 	$(foreach relation, $(queries), \
 	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).txt >> $@ ;\
 	)
 .dbs/network.dot: network.rec $(dotquery_formats)
 	echo 'digraph network {' > $@
 	$(foreach relation, $(queries), \
 	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).dot >> $@ ;\
 	)
 	echo '}' >> $@
 network.png: .dbs/network.dot $(ignore_file)
 	dot -T png < $< > $@
 ##########
 $(ignore_file): $(MAKEFILE_LIST)
 	echo $(ignored) | tr ' ' '\n' > $@
 clean:
-	$(RM) -r $(ignored)
+	$(RM) $(kralmans) $(krovmans)
--- a/README.md
+++ b/README.md
@ -2,11 +2,6 @@ These setup files provide the text-only configurations for DMZ.
 *It should not contain private data.*
 # Dependencies
 - `recutils`
 - (optional) `graph-easy` (the package may be called `perl-graph-easy`)
 # Aspirations
 - Each service should reside in its own directory.
@ -20,60 +15,3 @@ These setup files provide the text-only configurations for DMZ.
 - Any maintenance scripts.
 - Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.
 # Network Database
 I have a half-baked plan to finally make use of plain-text databases, and it's already half-working.
 Try these commands:
 Ask what types of _rec_ords it contains:
 ## Database
 ```sh
 recinf network.rec
 ```
 ### Select queries
 Select with `recsel`, then specify the database (.rec) and type of record (like table in db).
 - `--include-descriptors` or `-d`
 - `--type` or `-t`
 - `--expression` or `-e`
 - `--quick` or `-q`
 ```sh
 recsel network.rec --type router
 recsel network.rec -d -t lxc
 ```
 User `-q` for a `--quick` selection, or `-e` for more precise selections.
 ```sh
 recsel network.rec --type lxc --quick wiki
 recsel network.rec -t lxc -q nginx
 recsel network.rec -t lxc -e "name ~ 'nginx'"
 recsel network.rec -t lxc -e "name = 'nginx12'"
 ```
 ### Insert queries
 Insert a new record with `recins`.
 ```sh
 recins network.rec -t lxc -r "name: bob" -r "service: bob" -r "host: moxx"
 ```
 ### Update queries
 If you can select something, you can also set its fields with `recset`.
 Use `-f` to set the `--field`, and `-a` to `--add`, or `-s` to `--set`.
 ```sh
 recset network.rec -t lxc -e "name = 'nginx12'" -f proxies -a soft-serve
 recsel network.rec -t lxc -e "name = 'nginx11'" -p proxies[0]
 recset network.rec -t lxc -e" name = 'nginx11'" -f proxies[0] -s wiki9
 ```
--- a/kralizec/ssh11/README.md
+++ b/kralizec/ssh11/README.md
@ -1,5 +1,3 @@
 ---
 VMID: 114
 ---
 [wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)
--- a/kralizec/wireguard11/README.md
+++ b/kralizec/wireguard11/README.md
@ -1,56 +0,0 @@
 ---
 VMID: 103
 ---
 [Wireguard VPN quickstart](https://www.wireguard.com/quickstart)
 Check `dmzadmin` for `wireguard.gpg` to know who to contact for access 
 ---
 ### Client config
 Client config example
 `x` is the assigned on the server as peer:
 ```conf
 [Interface]
 Address = 192.168.164.x/32
 DNS = 1.1.1.1
 MTU = 1420
 SaveConfig = true
 ListenPort = 51820
 FwMark = 0xca6c
 PrivateKey = <your_private_wg_key>
 [Peer]
 PublicKey = JP2FTHLUujkevz1kUymciLImsx1OX9ViUko7oPAIoiA=
 AllowedIPs = 192.168.164.0/24, 192.168.1.0/24
 Endpoint = 77.105.27.232:51820
 PersistentKeepalive = 21
 ```
 ---
 ### Server config
 New user/client needs to provide their wireguard `publickey` and new ip on the network needs to be assigned (`x`)
 check the server config file `/etc/wireguard/wg0.conf` to find free address
 ```sh
 sudo wg set wg0 peer <client_public_key> allowed-ips 192.168.164.x/32
 ```
 ---
 Command to resolve IP clashing with current and wireguard network, if needed
 ```shell
 ip route add <ip> dev <wg0>
 ```
 - `ip` you want to resolve -> for wireguard VM 192.168.1.10
 - `wg0` name of the wireguard config
--- a/krov/serverko/README.md
+++ b/krov/serverko/README.md
@ -17,6 +17,3 @@ VMID Name
 111  taskmanager12  
 112  stopreklamama12  
 ##### Legend
 12 -> debian 12
--- a/krov/serverko/ejabberd12/README.md
+++ b/krov/serverko/ejabberd12/README.md
@ -1,5 +1,3 @@
 ---
 VMID: 109
 ---
 XMPP server, used for future decentralization
--- a/krov/serverko/nginx12/README.md
+++ b/krov/serverko/nginx12/README.md
@ -1,26 +1,3 @@
 ---
 VMID: 100
 ---
 This VM is a reverse proxy, all serveces go through it and get their SSL certificates
 ## Creating new record
 ```sh
 cd /etc/nginx/sites-available/ # configs are located here
 vim.tiny pastebin.dmz.rs # using pastebin as example, copy existing one and edit it
 ln -s /etc/nginx/sites-available/pastebin.dmz.rs  /etc/nging/sites-enabled/pastebin.dmz.rs # creating link since file is the same
 mkdir /var/www/pastebindmzrs # new dir where certificate will be validated
 nginx -t # checking for errors
 systemctl reload nginx.service # reloading the service for changes to apply, reset will work too
 service nginx reload # alternative server reload
 certbot certonly --webroot -w /var/www/pastebindmzrs -d pastebin.dmz.rs -d pastebin.decentrala.org # requesting the certificates
 ```
 ## renewal
 ```sh
 ls /var/www/
 cd /etc/letsencrypt/renewal
 certbot renew
 ```
--- a/krov/serverko/stopreklamama12/README.md
+++ b/krov/serverko/stopreklamama12/README.md
@ -1,6 +1,3 @@
 ---
 VMID: 112
 ---
 This container is for hosting the [website](https://gitea.dmz.rs/svitvojimilioni/stopreklamama)
 hosted on domen `stopreklamama.dmz.rs`
--- a/krov/serverko/taskmanager12/README.md
+++ b/krov/serverko/taskmanager12/README.md
@ -1,8 +1,3 @@
 ---
 VMID: 111
 ---
 Old app for group task managment, [gitea project](https://gitea.dmz.rs/Decentrala/taskmanager)
 Hosted on [todo.dmz.rs](https://todo.dmz.rs/)
 Now using soft.dmz.rs/fixme instead
--- a/krov/serverko/tor12/README.md
+++ b/krov/serverko/tor12/README.md
@ -1,5 +1,3 @@
 ---
 VMID: 103
 ---
 In this container hosts the tor onion service, used for remote access to the proxmox, through tor.
--- a/krov/serverko/wireguard12/README.md
+++ b/krov/serverko/wireguard12/README.md
@ -1,5 +1,3 @@
 ---
 VMID: 105
 ---
 Wireguard server for VPN access to krov network
--- a/krov/srv1/README.md
+++ b/krov/srv1/README.md
@ -1,39 +1,15 @@
 # List of containers
-# srv1
+## srv1
 VMID Name  
-100  ssh12
+102  tor12  
-101  vukbox
+103  dendrite  
-102  mad3v-container-postgresql  
+106  icecast12  
-103  nextcloud1 
+107  mariadb12  
-104  pentest
+108  mpd12  
-105  dns12
+109  ympd  
-106  cryptpad  
+111  sshfs11
-107  cryptpad12
+113  ollama12  
-108  ejabberd12 
+114  chatbot12  
-109  dante12  
+115  goodvibes12  
 111  postgresql12
 112  gitea12
 113  game12 
 114  coja-nginx 
 115  mad3v-container-1  
 116  hugo12  
 118  mumble
 119  netstat-game12
 120  privatebin12
 121  searxng12 
 122  alpine-it-tools  
 123  test  
 124  jitsi12
 ---
 ### Hardware
 Dell enterprise server
 ##### Legend
 12 -> debian 12 lxc
--- a/krov/srv1/alpine-it-tools/README.md
+++ b/krov/srv1/alpine-it-tools/README.md
@ -1,7 +0,0 @@
 ---
 VMID: 122
 ---
 Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=alpine-it-tools)
 Plan to host it on tools.dmz.rs
--- a/krov/srv1/chatbot12/README.md
+++ b/krov/srv1/chatbot12/README.md
@ -0,0 +1,3 @@
 ---
 VMID: 114
 ---
--- a/krov/srv1/cryptpad12/README.md
+++ b/krov/srv1/cryptpad12/README.md
@ -1,13 +0,0 @@
 ---
 VMID: 106
 ---
 Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=cryptpad)
 [Project page](https://cryptpad.org/)
 Plan to host it on cryptpad.dmz.rs
 cryptpad (106) is already on that subdomain, but it doesnt work
--- a/krov/srv1/old-abandoned/dendrite/README.md
+++ b/krov/srv1/old-abandoned/dendrite/README.md
--- a/krov/srv1/ejabberd12/README.md
+++ b/krov/srv1/ejabberd12/README.md
@ -1,5 +0,0 @@
 ---
 VMID: 108
 ---
 XMPP server, practice for future decentralization of the service
--- a/krov/srv1/old-abandoned/goodvibes12/README.md
+++ b/krov/srv1/old-abandoned/goodvibes12/README.md
--- a/krov/srv1/homeAssistentInstanca/README.md
+++ b/krov/srv1/homeAssistentInstanca/README.md
@ -1,9 +0,0 @@
 ---
 VMID: 117
 ---
 Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=haos-vm)
 [Forum descussion](https://forum.dmz.rs/t/automatizacija-krova/469)
--- a/krov/srv1/icecast12/README.md
+++ b/krov/srv1/icecast12/README.md
@ -0,0 +1,3 @@
 ---
 VMID: 106
 ---
--- a/krov/srv1/jitsi12/README.md
+++ b/krov/srv1/jitsi12/README.md
@ -1,9 +0,0 @@
 ---
 VMID: 124
 ---
 Video converencing server. Zoom alternative.
 [website](https://jitsi.org/)
 Plan to host it on jitsi.dmz.rs, video.dmz.rs or else
--- a/krov/srv1/old-abandoned/mariadb12/README.md
+++ b/krov/srv1/old-abandoned/mariadb12/README.md
--- a/krov/srv1/old-abandoned/mpd12/README.md
+++ b/krov/srv1/old-abandoned/mpd12/README.md
--- a/krov/srv1/mumble/README.md
+++ b/krov/srv1/mumble/README.md
@ -1,9 +0,0 @@
 ---
 VMID: 118
 ---
 VOIP server, hosted on krov.dmz.rs
 [website](https://www.mumble.info/)
--- a/krov/srv1/netstat-game12/README.md
+++ b/krov/srv1/netstat-game12/README.md
@ -1,6 +0,0 @@
 ---
 VMID: 119 
 ---
 Open arena server, free clone of FPS Quake III Arena
 Hosted on krov.dmz.rs:27960 for LAN Parties
--- a/krov/srv1/nextcloud1/README.md
+++ b/krov/srv1/nextcloud1/README.md
@ -1,9 +0,0 @@
 ---
 VMID: 103
 ---
 Plan for this services was to use the shared callendar with members of DC Krov
 Register as a user is disabled, only admins can create the accounts
 LDAP is not connected
--- a/krov/srv1/old-abandoned/README.md
+++ b/krov/srv1/old-abandoned/README.md
@ -1 +0,0 @@
 Those serveces are not on the server
--- a/krov/srv1/old-abandoned/chatbot12/README.md
+++ b/krov/srv1/old-abandoned/chatbot12/README.md
@ -1,5 +0,0 @@
 ---
 VMID: 114
 ---
 [Forum discussion](https://forum.dmz.rs/t/jel-neko-u-krovu-bot/779)
--- a/krov/srv1/old-abandoned/ollama12/README.md
+++ b/krov/srv1/old-abandoned/ollama12/README.md
--- a/krov/srv1/other/README.md
+++ b/krov/srv1/other/README.md
@ -1,32 +0,0 @@
 Here should be the list of other containers on the server
 ## "Personal containers" 
 created on some of the sysadmin workshops, used for learning and practice, usually named by the nickname
 - vukbox
 - hugo12
 - malin
 - mad3v-container-postresql
 - mad3v-container-1
 - coja-nginx hosting [coja.krov.dmz.rs](https://coja.krov.dmz.rs/)
 - 
 ---
 ## Other 
 - pentest - created by fleka for CTF challange
 ---
 ## Containers with no info
 Feel free to add info 
 - dante12
 - dns12
 - gitea12
 - test
 - game12
--- a/krov/srv1/postgresql12/README.md
+++ b/krov/srv1/postgresql12/README.md
@ -1,5 +0,0 @@
 ---
 VMID: 111
 ---
 Probably used as a testing ground for syncing the database, for future decentralization.
--- a/krov/srv1/privatebin12/README.md
+++ b/krov/srv1/privatebin12/README.md
@ -1,10 +0,0 @@
 ---
 VMID: 120
 ---
 Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=privatebin)
 [Project page](https://privatebin.info/)
 Hosted on [subdomain on dmz](https://pastebin.dmz.rs/)
--- a/krov/srv1/searxng12/README.md
+++ b/krov/srv1/searxng12/README.md
@ -1,10 +0,0 @@
 ---
 VMID: 121
 ---
 Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=searxng)
 [Project git repo](https://github.com/searxng/searxng)
 Hosted on [subdomain on dmz](https://search.dmz.rs/)
--- a/krov/srv1/ssh12/README.md
+++ b/krov/srv1/ssh12/README.md
@ -1,8 +0,0 @@
 ---
 VMID: 100
 ---
 SSH port from this container is forwarded on krov.dmz.rs
 SSH access to other containers is done through this one with ssh jump, passwords are disabled, so only keys verification is used. 
 [wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)
--- a/krov/srv1/sshfs11/README.md
+++ b/krov/srv1/sshfs11/README.md
@ -0,0 +1,3 @@
 ---
 VMID: 111
 ---
--- a/krov/srv1/old-abandoned/tor12/README.md
+++ b/krov/srv1/old-abandoned/tor12/README.md
--- a/krov/srv1/old-abandoned/ympd/README.md
+++ b/krov/srv1/old-abandoned/ympd/README.md
--- a/map.ge
+++ b/map.ge
@ -0,0 +1,39 @@
 # Network map of Decentrala.  Use with:
 # graph-easy --boxart < netmap.txt
 (Mox
 	[ m_router ]{label: router ;}
 	[ wireguard ] --> [ m_nginx ]{label: nginx-11 ;}
 	[ wiki ] --> [ m_nginx ]
 	[ gitea ] --> [ m_nginx ]
 	[ tor11 ] --> [ m_nginx ] --> [ m_router ]
 	[ smtp ]
 )
 (Serverko
 	[ s_nginx ]{label: nginx-12 ;}
 	[ s_router ]{label: router ;}
 	[ s_nginx ] --> [ nextcloud ]
 	[ s_nginx ] --> [ tor12 ]
 	[ s_nginx ] --> [ s_router ]
 )
 (splint.rs # unimportant
 	[ soft-serve ] # unimportant
 	[ mail-cache ]# unimportant
 ) # unimportant
 [ tor12 ] <..> [ onions ] <..> [ tor11 ]
 [ m_router ] <..> [ BGP ] <..> [ madness ] <..> [ s_router ]
 [ smtp ] <..> [ madness ]
 [ madness ] <..> [  mail-cache ]# unimportant
 [ A ]{label: "" ;}
 [ B ]{label: "" ;}
 [ C ]{label: "" ;}
 [ D ]{label: "" ;}
 [ onions ] <..> [ A ]
 [ onions ] <..> [ B ]
 [ A ] <..> [ C ]
 [ B ] <..> [ D ]
 (Sharks! [ D ])
--- a/network.rec
+++ b/network.rec
@ -1,88 +0,0 @@
 %rec: router
 %doc: Routers, or possibly modems?
 name: ISP Router
 location: kralizec
 ISP: Orion
 name: ISP Router
 location: krov
 ISP: Yettel
 %rec: host
 %doc: These are the real machines, most of which run VMs or containters.
 %key: name
 name: moxx
 location: kralizec
 name: Serverko
 location: krov
 %rec: lxc
 %doc: A container, usually on a Proxmox host.
 %type: host rec host
 name: nginx11
 gateway: ISP-router
 host: moxx
 proxies: wiki11
 proxies: gitea11
 proxies: forum11
 proxies: ejabberd11
 proxies: dmzrs
 name: LDAP
 host: moxx
 name: website
 host: moxx
 authqueries: LDAP
 queries: postgresql11
 service: dmzrs
 service: flask accounts
 name: gitea11
 service: gitea
 host: moxx
 authqueries: LDAP
 queries: postgresql11
 name: ejabberd11
 service: ejabberd
 host: moxx
 authqueries: LDAP
 queries: postgresql11
 name: forum11
 service: forum
 host: moxx
 authqueries: LDAP
 queries: postgresql11
 name: postfix11
 service: postfix
 authqueries: LDAP
 name: tor11
 service: tor
 host: moxx
 name: postgresql11
 service: postgresql
 host: moxx
 name: wiki11
 service: wiki
 host: moxx
 authqueries: LDAP
 name: nginx12
 host: Serverko
 name: nextcloud
 host: Serverko
 name: tor12
 host: nginx
--- a/scripts/generatepass.sh
+++ b/scripts/generatepass.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 echo $(shuf shared/english.txt | head) | sed "s/ //g"
--- a/scripts/showpass.sh
+++ b/scripts/showpass.sh
@ -0,0 +1,62 @@
 #!/bin/sh
 # If you want to add these passwords to the `pass` program, you can
 # symlink all the passwords which you can open, then open the
 # passwords with a script like this.
 pass_store=~/.password-store
 # THIS_PLACE="$PWD"
 # mkdir $pass_store/dmz
 # cd !$
 # find  "$THIS_PLACE" -type f -name "*.gpg" | \ 
 #     sed "s#/home/ghost#../..#" | \ 
 #     while read -r line; do
 #         gpg -d "$line" && ln -sf "$line" .
 #     done
 sanity_check(){
    command -v $1 >/dev/null || (
        echo "You must install $1"
        exit 1
    )
 }
 set_selector_if_program_exists(){
    command -v "$1" > /dev/null  && selector="$1 $2"
 }
 if [ -z "$DISPLAY" ]; then
    set_selector_if_program_exists sk || \
        set_selector_if_program_exists fzy || \
        set_selector_if_program_exists fzf
    fail_sender='echo'
 else
    set_selector_if_program_exists "rofi" 'rofi -dmenu "$@"' || \
        set_selector_if_program_exists dmenu || \
        (
            echo "Cannot find anything to select a key. Install dmenu." 
            exit 1
        )
    fail_sender='notify-send'
 fi
 list_keys(){
    find -L . -mindepth 1 -type f -name "*.gpg" | \
        sed 's/\.\///' | \
        sed 's/.gpg//'
 }
 ####################
 set -e
 sanity_check pass
 cd "$pass_store"
 password="$(list_keys | $selector)"
 pass -c "$password" || $fail_sender 'Cannot decrypt'
--- a/setup/ssh_FAQ.md
+++ b/setup/ssh_FAQ.md
@ -56,6 +56,7 @@ Now all the files have 'read, write, and execute', but only for `$USER`.
 Host soft
    HostName soft.dmz.rs
    Port 2222
 	User ghost
 	IdentityFile ~/.ssh/id rsa
 Host dmz
    HostName dmz.rs
		`@ -1,5 +0,0 @@`

			`#!/bin/bash`

			`echo $(shuf shared/english.txt \| head) \| sed "s/ //g"`