From 587074cce18b7aaef08ae1c4dbc9c65bf0c9aff5 Mon Sep 17 00:00:00 2001 From: Malin Freeborn Date: Fri, 14 Apr 2023 11:43:23 +0200 Subject: [PATCH 1/4] remove old arch notes --- distros/arch/scripts/flatpak-steam.sh | 8 - distros/arch/scripts/ssh.local | 632 -------------------------- distros/arch/steam.sh | 10 - 3 files changed, 650 deletions(-) delete mode 100644 distros/arch/scripts/flatpak-steam.sh delete mode 100644 distros/arch/scripts/ssh.local delete mode 100644 distros/arch/steam.sh diff --git a/distros/arch/scripts/flatpak-steam.sh b/distros/arch/scripts/flatpak-steam.sh deleted file mode 100644 index 99f2789..0000000 --- a/distros/arch/scripts/flatpak-steam.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo - -flatpak --user install flathub com.valvesoftware.Steam - -flatpak run com.valvesoftware.Steam - diff --git a/distros/arch/scripts/ssh.local b/distros/arch/scripts/ssh.local deleted file mode 100644 index 420e2ea..0000000 --- a/distros/arch/scripts/ssh.local +++ /dev/null @@ -1,632 +0,0 @@ -bantime = 1d - -[sshd] -enabled = true - -[INCLUDES] - -before = paths-arch.conf - - -[DEFAULT] - - - -ignoreip = 127.0.0.1/8 ::1 - -ignorecommand = - -bantime = 10m - -findtime = 10m - -maxretry = 5 - -maxmatches = %(maxretry)s - -backend = auto - -usedns = warn - -logencoding = auto - -enabled = false - - -mode = normal - -filter = sshd - - - - -destemail = root@localhost - -sender = root@ - -mta = sendmail - -protocol = tcp - -chain = - -port = 0:65535 - -fail2ban_agent = Fail2Ban/%(fail2ban_version)s - - -banaction = iptables-multiport -banaction_allports = iptables-allports - -action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - -action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - %(mta)s-whois[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] - -action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] - -action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] - xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] - -action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] - %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"] - -action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] - -action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"] -action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"] - -action_abuseipdb = abuseipdb - -action = %(action_)s - - - - -[sshd] - -port = ssh -logpath = %(sshd_log)s -backend = %(sshd_backend)s - - -[dropbear] - -port = ssh -logpath = %(dropbear_log)s -backend = %(dropbear_backend)s - - -[selinux-ssh] - -port = ssh -logpath = %(auditd_log)s - - - -[apache-auth] - -port = http,https -logpath = %(apache_error_log)s - - -[apache-badbots] -port = http,https -logpath = %(apache_access_log)s -bantime = 48h -maxretry = 1 - - -[apache-noscript] - -port = http,https -logpath = %(apache_error_log)s - - -[apache-overflows] - -port = http,https -logpath = %(apache_error_log)s -maxretry = 2 - - -[apache-nohome] - -port = http,https -logpath = %(apache_error_log)s -maxretry = 2 - - -[apache-botsearch] - -port = http,https -logpath = %(apache_error_log)s -maxretry = 2 - - -[apache-fakegooglebot] - -port = http,https -logpath = %(apache_access_log)s -maxretry = 1 -ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot - - -[apache-modsecurity] - -port = http,https -logpath = %(apache_error_log)s -maxretry = 2 - - -[apache-shellshock] - -port = http,https -logpath = %(apache_error_log)s -maxretry = 1 - - -[openhab-auth] - -filter = openhab -action = iptables-allports[name=NoAuthFailures] -logpath = /opt/openhab/logs/request.log - - -[nginx-http-auth] - -port = http,https -logpath = %(nginx_error_log)s - -[nginx-limit-req] -port = http,https -logpath = %(nginx_error_log)s - -[nginx-botsearch] - -port = http,https -logpath = %(nginx_error_log)s -maxretry = 2 - - - -[php-url-fopen] - -port = http,https -logpath = %(nginx_access_log)s - %(apache_access_log)s - - -[suhosin] - -port = http,https -logpath = %(suhosin_log)s - - -[lighttpd-auth] -port = http,https -logpath = %(lighttpd_error_log)s - - - -[roundcube-auth] - -port = http,https -logpath = %(roundcube_errors_log)s - - -[openwebmail] - -port = http,https -logpath = /var/log/openwebmail.log - - -[horde] - -port = http,https -logpath = /var/log/horde/horde.log - - -[groupoffice] - -port = http,https -logpath = /home/groupoffice/log/info.log - - -[sogo-auth] -port = http,https -logpath = /var/log/sogo/sogo.log - - -[tine20] - -logpath = /var/log/tine20/tine20.log -port = http,https - - - -[drupal-auth] - -port = http,https -logpath = %(syslog_daemon)s -backend = %(syslog_backend)s - -[guacamole] - -port = http,https -logpath = /var/log/tomcat*/catalina.out - -[monit] -port = 2812 -logpath = /var/log/monit - /var/log/monit.log - - -[webmin-auth] - -port = 10000 -logpath = %(syslog_authpriv)s -backend = %(syslog_backend)s - - -[froxlor-auth] - -port = http,https -logpath = %(syslog_authpriv)s -backend = %(syslog_backend)s - - - -[squid] - -port = 80,443,3128,8080 -logpath = /var/log/squid/access.log - - -[3proxy] - -port = 3128 -logpath = /var/log/3proxy.log - - - - -[proftpd] - -port = ftp,ftp-data,ftps,ftps-data -logpath = %(proftpd_log)s -backend = %(proftpd_backend)s - - -[pure-ftpd] - -port = ftp,ftp-data,ftps,ftps-data -logpath = %(pureftpd_log)s -backend = %(pureftpd_backend)s - - -[gssftpd] - -port = ftp,ftp-data,ftps,ftps-data -logpath = %(syslog_daemon)s -backend = %(syslog_backend)s - - -[wuftpd] - -port = ftp,ftp-data,ftps,ftps-data -logpath = %(wuftpd_log)s -backend = %(wuftpd_backend)s - - -[vsftpd] -port = ftp,ftp-data,ftps,ftps-data -logpath = %(vsftpd_log)s - - - -[assp] - -port = smtp,465,submission -logpath = /root/path/to/assp/logs/maillog.txt - - -[courier-smtp] - -port = smtp,465,submission -logpath = %(syslog_mail)s -backend = %(syslog_backend)s - - -[postfix] -mode = more -port = smtp,465,submission -logpath = %(postfix_log)s -backend = %(postfix_backend)s - - -[postfix-rbl] - -filter = postfix[mode=rbl] -port = smtp,465,submission -logpath = %(postfix_log)s -backend = %(postfix_backend)s -maxretry = 1 - - -[sendmail-auth] - -port = submission,465,smtp -logpath = %(syslog_mail)s -backend = %(syslog_backend)s - - -[sendmail-reject] -port = smtp,465,submission -logpath = %(syslog_mail)s -backend = %(syslog_backend)s - - -[qmail-rbl] - -filter = qmail -port = smtp,465,submission -logpath = /service/qmail/log/main/current - - -[dovecot] - -port = pop3,pop3s,imap,imaps,submission,465,sieve -logpath = %(dovecot_log)s -backend = %(dovecot_backend)s - - -[sieve] - -port = smtp,465,submission -logpath = %(dovecot_log)s -backend = %(dovecot_backend)s - - -[solid-pop3d] - -port = pop3,pop3s -logpath = %(solidpop3d_log)s - - -[exim] -port = smtp,465,submission -logpath = %(exim_main_log)s - - -[exim-spam] - -port = smtp,465,submission -logpath = %(exim_main_log)s - - -[kerio] - -port = imap,smtp,imaps,465 -logpath = /opt/kerio/mailserver/store/logs/security.log - - - -[courier-auth] - -port = smtp,465,submission,imap,imaps,pop3,pop3s -logpath = %(syslog_mail)s -backend = %(syslog_backend)s - - -[postfix-sasl] - -filter = postfix[mode=auth] -port = smtp,465,submission,imap,imaps,pop3,pop3s -logpath = %(postfix_log)s -backend = %(postfix_backend)s - - -[perdition] - -port = imap,imaps,pop3,pop3s -logpath = %(syslog_mail)s -backend = %(syslog_backend)s - - -[squirrelmail] - -port = smtp,465,submission,imap,imap2,imaps,pop3,pop3s,http,https,socks -logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log - - -[cyrus-imap] - -port = imap,imaps -logpath = %(syslog_mail)s -backend = %(syslog_backend)s - - -[uwimap-auth] - -port = imap,imaps -logpath = %(syslog_mail)s -backend = %(syslog_backend)s - - - - - - -[named-refused] - -port = domain,953 -logpath = /var/log/named/security.log - - -[nsd] - -port = 53 -action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] - %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] -logpath = /var/log/nsd.log - - - -[asterisk] - -port = 5060,5061 -action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] - %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] - %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"] -logpath = /var/log/asterisk/messages -maxretry = 10 - - -[freeswitch] - -port = 5060,5061 -action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] - %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] - %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"] -logpath = /var/log/freeswitch.log -maxretry = 10 - - -[znc-adminlog] - -port = 6667 -logpath = /var/lib/znc/moddata/adminlog/znc.log - - -[mysqld-auth] - -port = 3306 -logpath = %(mysql_log)s -backend = %(mysql_backend)s - - -[mongodb-auth] -port = 27017 -logpath = /var/log/mongodb/mongodb.log - - -[recidive] - -logpath = /var/log/fail2ban.log -banaction = %(banaction_allports)s -bantime = 1w -findtime = 1d - - - -[pam-generic] -banaction = %(banaction_allports)s -logpath = %(syslog_authpriv)s -backend = %(syslog_backend)s - - -[xinetd-fail] - -banaction = iptables-multiport-log -logpath = %(syslog_daemon)s -backend = %(syslog_backend)s -maxretry = 2 - - -[stunnel] - -logpath = /var/log/stunnel4/stunnel.log - - -[ejabberd-auth] - -port = 5222 -logpath = /var/log/ejabberd/ejabberd.log - - -[counter-strike] - -logpath = /opt/cstrike/logs/L[0-9]*.log -tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039 -udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015 -action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] - %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] - -[bitwarden] -port = http,https -logpath = /home/*/bwdata/logs/identity/Identity/log.txt - -[centreon] -port = http,https -logpath = /var/log/centreon/login.log - -[nagios] - -logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility -backend = %(syslog_backend)s -maxretry = 1 - - -[oracleims] -logpath = /opt/sun/comms/messaging64/log/mail.log_current -banaction = %(banaction_allports)s - -[directadmin] -logpath = /var/log/directadmin/login.log -port = 2222 - -[portsentry] -logpath = /var/lib/portsentry/portsentry.history -maxretry = 1 - -[pass2allow-ftp] -port = ftp,ftp-data,ftps,ftps-data -knocking_url = /knocking/ -filter = apache-pass[knocking_url="%(knocking_url)s"] -logpath = %(apache_access_log)s -blocktype = RETURN -returntype = DROP -action = %(action_)s[blocktype=%(blocktype)s, returntype=%(returntype)s, - actionstart_on_demand=false, actionrepair_on_unban=true] -bantime = 1h -maxretry = 1 -findtime = 1 - - -[murmur] -port = 64738 -action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol=tcp, chain="%(chain)s", actname=%(banaction)s-tcp] - %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol=udp, chain="%(chain)s", actname=%(banaction)s-udp] -logpath = /var/log/mumble-server/mumble-server.log - - -[screensharingd] -logpath = /var/log/system.log -logencoding = utf-8 - -[haproxy-http-auth] -logpath = /var/log/haproxy.log - -[slapd] -port = ldap,ldaps -logpath = /var/log/slapd.log - -[domino-smtp] -port = smtp,ssmtp -logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log - -[phpmyadmin-syslog] -port = http,https -logpath = %(syslog_authpriv)s -backend = %(syslog_backend)s - - -[zoneminder] -port = http,https -logpath = %(apache_error_log)s - -[traefik-auth] -port = http,https -logpath = /var/log/traefik/access.log diff --git a/distros/arch/steam.sh b/distros/arch/steam.sh deleted file mode 100644 index 2d82481..0000000 --- a/distros/arch/steam.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -sudo pacman -S flatpak - -flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo - -flatpak --user install flathub com.valvesoftware.Steam - -flatpak run com.valvesoftware.Steam - From 7e4ac7c7b13a43b114675d5e93882ac290e05cbe Mon Sep 17 00:00:00 2001 From: Malin Freeborn Date: Fri, 14 Apr 2023 11:48:57 +0200 Subject: [PATCH 2/4] update arch for pi 4 --- distros/arch/arch_pi_install.md | 63 ++------------------------------- 1 file changed, 3 insertions(+), 60 deletions(-) diff --git a/distros/arch/arch_pi_install.md b/distros/arch/arch_pi_install.md index 5adcd66..9eb6535 100644 --- a/distros/arch/arch_pi_install.md +++ b/distros/arch/arch_pi_install.md @@ -1,64 +1,7 @@ --- -title: "arch_pi_install" -tags: [ "Documentation", "distros" ] +title: "Arch on a Raspberry Pi 4" +tags: [ "Documentation", "distros", "raspberry pi", "rpi" ] --- -# Initial Setup - -Some of this needs executed as root, so it's probably easier to do the whole things as root. +The [Official Instructions](https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-4) for a Raspberry pi 4 do not allow for working sound from the headphone jack, unless you use the aarch64 Installation. -> fdisk /dev/sdX - -o,n,t,c - -> mkfs.vfat /dev/sdX1 -> mkdir boot -> mount /dev/sdX1 boot - -Create and mount the ext4 filesystem: - -> mkfs.ext4 /dev/sdX2 -> mkdir root -> mount /dev/sdX2 root - -Download and extract the root filesystem (as root, not via sudo): - -> wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-3-latest.tar.gz - -> tar zxvf ArchLinuxARM-rpi-3-latest.tar.gz -C root - -> sync - -Move boot files to the first partition: - -> mv root/boot/\* boot -> Unmount the two partitions: -> umount boot root - -> echo [ hostname ] > /etc/hostname - -Then edit the `/etc/hosts` file. - -``` - - -127.0.0.1 localhost.localdomain localhost -::1 localhost.localdomain localhost ip6-localhost - -``` - -# Get audio on - -> echo dtparam=audio=on >> /boot/config.txt - -Start pacman keyring. - -> pacman-key --init -> pacman-key --populate archlinuxarm - -> pacman -Syyu base-devel git alsa-utils xf86-video-fbdev - -> timedatectl set-timezone Europe/Belgrade - -> systemctl enable --now wpa_supplicant From 317dbb6a5aede919bfdbc5e486a670df384fbf74 Mon Sep 17 00:00:00 2001 From: Malin Freeborn Date: Sun, 16 Apr 2023 14:49:47 +0200 Subject: [PATCH 3/4] edit vim --- vim/basic_vim.md | 13 +++++-------- vim/navigate.md | 5 +++++ vim/vim-search.md | 10 ++++++++++ 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/vim/basic_vim.md b/vim/basic_vim.md index ebb4fae..87c80fa 100644 --- a/vim/basic_vim.md +++ b/vim/basic_vim.md @@ -1,15 +1,12 @@ --- title: "vim basics" -tags: [ "Documentation", "vim" ] +tags: [ "Documentation", "vim", "basic" ] --- -Insert text by pressing `i`. - -Stop inserting text by pressing `Ctrl+[`. - -Exit with `ZZ`. - -Congratulations, you now know `vim`. +1. Insert text by pressing `i`. +1. Stop inserting text by pressing `Ctrl+[`. +1. Exit with `ZZ`. +1. Congratulations, you now know `vim`. ## Extras diff --git a/vim/navigate.md b/vim/navigate.md index 937f1a4..cdd6e2e 100644 --- a/vim/navigate.md +++ b/vim/navigate.md @@ -30,6 +30,11 @@ Go to the last and previous places you've changed: > g, +Go to a filename, and type `gf` (Go-to-File). +For example, if you put your cursor over the `~/.vimrc` in this line, you can edit your vim configuration file. + +`source ~/.vimrc` + # Project Structure Make a 20 character 'visual split' in the current working directory ('`.`'). diff --git a/vim/vim-search.md b/vim/vim-search.md index 237a512..bc6fe7f 100644 --- a/vim/vim-search.md +++ b/vim/vim-search.md @@ -2,6 +2,8 @@ title: "vim search" tags: [ "Documentation", "vim" ] --- +Search for the next and or previous occurrence of the word under your cursor with `*` and `#`. + Search and replace the first 'one' found with 'two': > :%s/one/two/ @@ -10,3 +12,11 @@ Same, but replace 'one' globally: > :%s/one/two/g +Put quotes around every occurrence of `$HOME`: + +> :%s/$HOME/"&" + +Same, but add curly brackets around `$HOSTNAME`: + +> :%s/$HOSTNAME/{&} + From 4a80bb3bf7da1837d2dedc50a381191ac455a6e0 Mon Sep 17 00:00:00 2001 From: Malin Freeborn Date: Mon, 17 Apr 2023 09:16:03 +0200 Subject: [PATCH 4/4] general edits --- data/gpg.md | 2 +- networking/servers/agate.md | 6 ++++++ networking/website/nginx.md | 2 +- vision/qrencode.md | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/data/gpg.md b/data/gpg.md index 9d2af5d..f08635e 100644 --- a/data/gpg.md +++ b/data/gpg.md @@ -89,5 +89,5 @@ Your public key: or -> gpg --export -a *email* > person.pub +> gpg --export -a *person@email.tld* > *my_key*.pub diff --git a/networking/servers/agate.md b/networking/servers/agate.md index 215b910..35d78ea 100644 --- a/networking/servers/agate.md +++ b/networking/servers/agate.md @@ -50,3 +50,9 @@ WantedBy=default.target > sudo systemctl enable --now agate + +# Redirection + +Indicate a permanent move by placing this file in the root of the capsule: + +> index.gmi: 31 gemini://splint.rs diff --git a/networking/website/nginx.md b/networking/website/nginx.md index cd55e4a..a529713 100644 --- a/networking/website/nginx.md +++ b/networking/website/nginx.md @@ -71,7 +71,7 @@ You may need to install an nginx python module: > apt install python3-certbot-nginx -> certbot --nginx -d mysite.tk +> certbot --nginx -d *mysite.tk* --non-interactive --agree-tos -m *webmaster@email.tld* When you are asked about redirecting from HTTP to HTTPS, say yes (option "2"). diff --git a/vision/qrencode.md b/vision/qrencode.md index 2ddda4e..0cdb4ce 100644 --- a/vision/qrencode.md +++ b/vision/qrencode.md @@ -1,5 +1,5 @@ --- -title: [ "qrencode" ] +title: "qrencode" tags: [ "Documentation", "vision" ] ---