Merge branch 'master' into vhs

This commit is contained in:
Malin Freeborn 2024-06-02 05:27:58 +02:00
commit a6907d7a91
Signed by: andonome
GPG Key ID: 52295D2377F4D70F
29 changed files with 460 additions and 404 deletions

View File

@ -26,6 +26,8 @@ The chronology should never branch.
If `gitea` can use three different types of database, the documentation should simply pick one and continue instructions from there.
Repetition works better than a reference - if a database requires three commands to set up, it's better to repeat those three commands for every program that requires a database than to just link to another file which discusses databases.
---
### Closing
Introductory documents should show anything required to cleanly uninstall a program, without leaving bulky configuration files behind.
@ -52,6 +54,8 @@ Non-commands (e.g. output) should be shown as quoted text:
> Mail kn
> Projects music
---
# Example
```
@ -61,9 +65,9 @@ How to see which websites you're actively accessing:
ss -tr dst :$PORT
` ` `
> State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
> ESTAB 0 0 192.168.0.14:42476 149.154.167.91:https
> ESTAB 0 0 192.168.0.14:43644 104.17.90.199:https
> State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
> ESTAB 0 0 192.168.0.14:42476 149.154.167.91:https
> ESTAB 0 0 192.168.0.14:43644 104.17.90.199:https
```

View File

@ -14,20 +14,31 @@ Once installed, search for the service name, and start it.
```bash
sudo systemctl list-unit-files | grep cron
sudo systemctl enable --now $NAME
```
Make a file for your crontab, like this:
```bash
sudo systemctl enable --now cron
echo '39 */3 * * * /usr/bin/updatedb' > "$USER".cron
```
You can *e*dit your crontab with:
Then apply that crontab:
```bash
crontab -e
crontab "$USER".cron
rm "$USER".cron
```
The `cron` program will check your syntax before adding the tab.
Your crontab file sits somewhere in `/var/spool/`.
Probably in `/var/spool/cron`.
> 39 */3 * * * /usr/bin/updatedb
Check how your tab currently looks:
```bash
crontab -l
```
## Syntax
@ -91,7 +102,7 @@ run-parts /etc/cron.hourly
### Variables
Add your `$HOME` to crontab to use scripts.
First add `HOME=/home/user`, then you can use syntax like this:
First add `HOME=/home/$USER`, then you can use syntax like this:
0 * * * * $HOME/.scripts/myScript.sh
@ -100,7 +111,6 @@ First add `HOME=/home/user`, then you can use syntax like this:
```bash
$HOME/.scripts/myScript.sh
```
You can also add your regular path to your crontab as a variable (see example below).
If you're using vim as the editor, just run this at the top of your crontab:
@ -131,5 +141,3 @@ PATH=/usr/condabin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/u
50 18 * * * /usr/bin/timeout 30m /usr/bin/syncthing
```

22
basics/eval.md Normal file
View File

@ -0,0 +1,22 @@
---
title: "eval"
tags: [ "basics" ]
---
Compose a statement for execution.
```bash
x='echo $y'
echo $x
y=dragon
eval "$x"
```
The results remain in the current shell, unlike sub-shells.
```bash
b=basilisk
sh -c 'echo $b'
eval "g=goblin"
echo $g
```

11
basics/games.md Normal file
View File

@ -0,0 +1,11 @@
---
title: "bash games"
tags: [ "Documentation", "Games" ]
---
Games are a great way to learn bash.
- `mapscii.me` is an interactive terminal map.
1. Install telnet.
1. `telnet mapscii.me`
- [Over the Wire](https://overthewire.org/wargames) teaches bash with small challenging you can do over `ssh`.

View File

@ -1,6 +1,6 @@
---
title: "tree"
tags: [ "basics" ]
tags: [ "basics", "tree", "markdown" ]
---
The `tree` utility outputs a full listing of everything in your current directory, and those below.
@ -23,3 +23,14 @@ README.md
```
Each description-line starts with a tab.
## Markdown Conversion
To represent a file structure as a nested series of markdown lists, you can try this horrifying `sed` one-liner:
```bash
tree -tf --dirsfirst --gitignore --noreport --charset ascii | \
sed -e 's/| \+/ /g' \
-e 's/[|`]-\+/ */g' \
-e 's:\(* \)\(\(.*/\)\([^/]\+\)\):\1[\4](\2):g'
```

57
chat/profanity-otr.md Normal file
View File

@ -0,0 +1,57 @@
---
title: "profanity"
tags: [ "Documentation", "Chat", "OTR" ]
---
# otr
'Off The Record' encryption seems mostly dead to me.
But this is what I did, back in the day...
Install libotr-dev or libotr5-dev or whatever..
```
sudo apt -y install lib5otr-dev
```
Make your otr keys.
```
/otr gen
```
Then you can start an otr converstation.
```
/otr start bob@jobbies.org
```
Or if you already have a conversation windows open, switch to our using:
```
/otr
```
Finally, verify!
```
/otr question "Who are you?" bob
```
Bob is verified upon the answer, 'bob'.
### OTR Finger Prints
Get yours with
```
/otr myfp
```
```
/otr theirfp
```
```
/otr myfp
```

View File

@ -1,6 +1,6 @@
---
title: "profanity"
tags: [ "Documentation", "Chat" ]
tags: [ "Documentation", "Chat", "omemo" ]
---
# Setup (Commands)
@ -140,54 +140,6 @@ You can ensure omemo automatcally turns on:
```
/omemo policy automatic
```
---
## otr
Install libotr-dev or libotr5-dev or whatever..
```
sudo apt -y install lib5otr-dev
```
Make your otr keys.
```
/otr gen
```
Then you can start an otr converstation.
```
/otr start bob@jobbies.org
```
Or if you already have a conversation windows open, switch to our using:
```
/otr
```
Finally, verify!
```
/otr question "Who are you?" bob
```
Bob is verified upon the answer, 'bob'.
### OTR Finger Prints
Get yours with
```
/otr myfp
```
```
/otr theirfp
```
```
/otr myfp
```
'OTR' encryption is mostly dead, but you can find the old instructions [here](profanity-otr).

29
data/git/hooks.md Normal file
View File

@ -0,0 +1,29 @@
---
title: "git hooks"
tags: [ "Documentation", "data", "git" ]
---
Check out the sample hooks:
```bash
cd $GIT_REPO
ls .git/hooks
head .git/hooks/pre-commit.sample
```
Add a hook to check the shell scripts in `$GIT_REPO` before making a commit:
```bash
echo '#!/bin/sh
shellcheck *.sh' > .git/hooks/commit-msg
chmod u+x .git/hooks/commit-msg
```
## Committing
Your `git hooks` will not enter the repository, but you can commit them to a repository, then request others add these git hooks to their own branch, by putting a note in the project's `README.md`.
```markdown
The project comes with recommended git hooks.
You can activate the hooks with `git config core.hooksPath hooks`.
```

View File

@ -1,142 +1,7 @@
---
title: "gpg"
tags: [ "Documentation", "data" ]
tags: [ "Documentation", "data", "GPG" ]
---
# Making keys
Generate keys:
```bash
gpg --gen-key
```
Follow the guide.
# Encrypting a file
```bash
gpg -r malinfreeborn@posteo.net -e file
```
`-r` specifies the recipient.
Check you have an encrypted version of your file.
# Changing Expiration Dates
gpg --list-keys
... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2?
# Making encrypted files with a local password
Make a password with a password (cypher encryption).
```bash
gpg -c --output passwords.txt
```
or
```bash
gpg -c > passwords.txt
```
Put in a password.
Write message then stop with Ctrl+d.
Get the message back out the file with:
```bash
gpg -d passwords.txt
```
# Circles of Trust
Search for a key at any key store:
```bash
gpg --search-keys nestorv
```
Once you've made a decision about someone:
```bash
gpg --list-keys
```
You get something like this:
```
pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15]
CD30421FD825696BD95F1FF644C62C57B790D3CF
uid [ultimate] Malin Freeborn <malinfreeborn@posteo.net>
sub rsa3072 2021-08-15 [E] [expires: 2023-08-15]
```
Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is.
This is a fingerprint.
You can now decide the trust level (this stays on your computer).
```bash
gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF
```
Once you're in the interface, type `trust`.
```bash
gpg --sign-key alice@posteo.net
```
# Swapping Keys
This system relies on a ring of people swapping key information.
## Sending
Send those trusted keys up to a server, so people can see you have verified them:
```bash
gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F
```
## Upload Your Keys
## Add More Key Servers
Key servers often swap keys, but it's best to just send to multiple places immediately.
You can add key servers by adding this to `~/.gnupg/gpg.conf`.
```
keyserver hkps://keys.openpgp.org
keyserver hkps://mail-api.proton.me
keyserver hkps://keys.mailvelope.com
```
# Refresh Keys
Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more).
```bash
gpg --refresh-keys
```
You can use the [crontab](../basics/cron.md) to refresh keys.
# Export
Your public key:
```bash
gpg --output me.gpg --armor --export
```
or
```bash
gpg --export -a person@email.tld > my_key.pub
```
- [Setup](gpg/basics.md)
- [Extras](gpg/extras.md)

141
data/gpg/basics.md Normal file
View File

@ -0,0 +1,141 @@
---
title: "GPG Basics"
tags: [ "Documentation", "data", "GPG" ]
---
# Making keys
Generate keys:
```bash
gpg --gen-key
```
Follow the guide.
# Encrypting a file
```bash
gpg -r malinfreeborn@posteo.net -e file
```
`-r` specifies the recipient.
Check you have an encrypted version of your file.
# Changing Expiration Dates
gpg --list-keys
... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2?
# Making encrypted files with a local password
Make a password with a password (cypher encryption).
```bash
gpg -c --output passwords.txt
```
or
```bash
gpg -c > passwords.txt
```
Put in a password.
Write message then stop with Ctrl+d.
Get the message back out the file with:
```bash
gpg -d passwords.txt
```
# Circles of Trust
Search for a key at any key store:
```bash
gpg --search-keys nestorv
```
Once you've made a decision about someone:
```bash
gpg --list-keys
```
You get something like this:
```
pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15]
CD30421FD825696BD95F1FF644C62C57B790D3CF
uid [ultimate] Malin Freeborn <malinfreeborn@posteo.net>
sub rsa3072 2021-08-15 [E] [expires: 2023-08-15]
```
Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is.
This is a fingerprint.
You can now decide the trust level (this stays on your computer).
```bash
gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF
```
Once you're in the interface, type `trust`.
```bash
gpg --sign-key alice@posteo.net
```
# Swapping Keys
This system relies on a ring of people swapping key information.
## Sending
Send those trusted keys up to a server, so people can see you have verified them:
```bash
gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F
```
## Upload Your Keys
## Add More Key Servers
Key servers often swap keys, but it's best to just send to multiple places immediately.
You can add key servers by adding this to `~/.gnupg/gpg.conf`.
```
keyserver hkps://keys.openpgp.org
keyserver hkps://mail-api.proton.me
keyserver hkps://keys.mailvelope.com
```
# Refresh Keys
Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more).
```bash
gpg --refresh-keys
```
You can use the [crontab](../basics/cron.md) to refresh keys.
# Export
Your public key:
```bash
gpg --output me.gpg --armor --export
```
Alternatively:
```bash
gpg --export -a person@email.tld > my_key.pub
```

10
data/gpg/extras.md Normal file
View File

@ -0,0 +1,10 @@
---
title: "gpg"
tags: [ "Documentation", "vim", "data", "GPG" ]
---
The `vim-gnupg` plugin lets vim edit gpg-encrypted files as if they were unencrypted.
It's probably in your package manager.
If not, you'll need to endure the faff of following the [instructions](http://www.vim.org/scripts/script.php?script_id=3645).

View File

@ -29,11 +29,10 @@ Edit `/etc/radicale/config`, changing the `[auth]` section from this:
...to this:
```
#type = htpasswd
type = htpasswd
```
If the service is started, restart it to make sure nobody can sign in without a password.
Make sure the service is off, as people may be able to sign in without a password at this point.
Next, find the `htpasswd` program.
You might get it in the `apache` package or similar.
@ -41,7 +40,7 @@ You might get it in the `apache` package or similar.
`htpasswd` allows you to generate passwords for users, and place them in `/etc/radicale/users`.
```bash
PASS="$(xkcdpass)
PASS="$(xkcdpass)"
htpasswd -nb $USER "$PASS" | sudo tee -a /etc/radicale/users
echo "Your username is $USER"
echo "Your password is $PASS"
@ -96,14 +95,12 @@ Finally, replace the example `DOMAIN` with your actual domain name.
```bash
DOMAIN=whatever.com
sudo sed -i "s/DOMAIN/$DOMAIN/g" /etc/nginx/sites-available/radicale
```
(optional: replace that `cal.` prefix with anything else)
Check nginx is happy:
```bash
sudo nginx -t
```
@ -115,7 +112,6 @@ sudo certbod -d cal.$DOMAIN
Start or restart both services:
```bash
sudo systemctl start radicale
sudo systemctl restart nginx
@ -123,4 +119,4 @@ sudo systemctl restart nginx
You should now be able to log into your calendar, and add it to a phone.
NB: you don't need the port number.
**NB:** you don't need the port number.

23
data/sharing_secrets.md Normal file
View File

@ -0,0 +1,23 @@
---
title: "Sharing Secrets"
tags: [ "data", "death", "secrets", "ssss" ]
---
You can share parts of a secret with multiple people, so only some of them need to agree to see the secret.
Install `ssss`, then decide on the total number of secrets (`N`), and the threshold of people who must share their shard of the secret in order to reveal the secret.
```bash
N=5
T=3
FILE=secret.txt
fortune | ssss-split -t $T -n $N > $FILE
```
Each shard is a line inside secret.txt.
Check it's working:
```bash
head -n $T $FILE | ssss-combine -t $T
tail -n $T $FILE | ssss-combine -t $T
```

21
data/sqlite.md Normal file
View File

@ -0,0 +1,21 @@
---
title: "sqlite"
tags: [ "Documentation", "data" ]
---
Work with a database:
```bash
sqlite3 "$FILE".sqlite3
```
Compress the database:
```sqlite
pragma vacuum;
```
Optimize the database:
```sqlite
pragma optimize;
```

View File

@ -1,57 +0,0 @@
#!/bin/bash
# https://www.unixmen.com/install-arch-linux-raspberry-pi/
pacman-key --init || echo init fail >> log
pacman-key --populate archlinuxarm || echo update fail >> log
pacman -Syyuu || echo update fail >> log
sed -i s/#en_GB.UTF-8 UTF-8/en_GB.UTF-8 UTF-8/ /etc/locale.gen
echo 'LANG=en_GB.UTF-8' >> /etc/locale.conf
locale-gen
pacman -S base-devel htop ranger tmux lolcat fortune-mod git figlet rxvt-unicode task timew calcurse fail2ban
# texlive-most
if [[ $2 == all || $1 == all ]]; then
pacman -S nnn feh dmenu rofi xf86-video-fbdev xorg xorg-xinit xorg-server xorg-server-utils xterm
fi
# Audio
echo 'dtparam=audio=on' >> /boot/config.txt
if [[ $1 == audio ]]; then
pacman -S alsa-utils alsa-firmware alsa-lib alsa-plugins
fi
echo 'device_tree_param=spi=on' >> /boot/config.txt
# for a vnc viewer
if [[ $1 == vnc ]]; then
tigervnc gcc geany i3 i3status compton feh sxiv rxvt-unicode
fi
# Swap
cd /var/cache/swap
dd if=/dev/zero of=swapfile bs=1K count=2M
chmod 600 swapfile
mkswap swapfile
swapon swapfile
echo "/var/cache/swap/swapfile none swap sw 0 0" > /etc/fstab
# fail2ban
[ -e sshd.local ] && \
pacman -S fail2ban && \
mv sshd.local /etc/fail2ban/jail.d && \
systemctl start fail2ban
# If it won't reboot, install `arch-install-scripts` then try again and firstly:
# genfstab / > /etc/fstab

View File

@ -1,9 +0,0 @@
#!/bin/sh
pacman -S gitea postgresql
sudo su postgres -c 'initdb -D /var/lib/postgres/data'
sudo systemctl start postgresql
sudo su postgres -c 'createuser -P gitea'
sudo su postgres -c 'createdb -O gitea gitea'
sudo sed -i 's/mysql/postgres/' /etc/gitea/app.ini
sudo sed -i 's/root/gitea/' /etc/gitea/app.ini
sudo systemctl start gitea

View File

@ -1,79 +0,0 @@
#!/bin/bash
set -e
yay -S pi-hole-ftl pi-hole-server
# Configuration in /etc/pihole/pihole-FTL.db
# You can change DBINTERVAL to 60 or more to limit writes to disk
sudo systemctl disable --now systemd-resolved
sudo systemctl enable --now pihole-FTL
pihole -g
pihole -c
if [ "$1" == "unbound" ]; then
sudo pacman -S unbound
sudo cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
echo "server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
#root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
" | sudo tee /etc/unbound.conf
echo "Make this the only pihole DNS: PIHOLE_DNS_1=127.0.0.1 in /etc/pihole/setupVars.conf"
fi

View File

@ -1,8 +0,0 @@
#!/bin/bash
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub com.valvesoftware.Steam
flatpak run com.valvesoftware.Steam

View File

@ -1,10 +0,0 @@
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
yay -S perl-graph-easy signal-desktop sc-im ncpamixer xdg-utils-mimeo torrench
yay -S ttf-tengwar-annatar

View File

@ -1,6 +1,6 @@
---
title: "locales"
tags: [ "void" ]
title: "Void locale"
tags: [ "void", "locale" ]
---
Check the current locales:

View File

@ -1,6 +1,6 @@
---
title: "graph-easy"
tags: [ "Documentation" ]
title: "Easy Network Graph"
tags: [ "Documentation", "Networking" ]
---
Set up a file like this, called `troubleshooting.txt`.

View File

@ -1,27 +0,0 @@
---
title: "pip"
tags: [ "Documentation", "Networking" ]
---
```
Searching does not work.
Install with:
```bash
pip install [ package ]
```
Upgrade all packages
```bash
pip freeze --local | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
```
# Troubleshooting
You may need a python3 package.
In this case, try:
```bash
pip3 install [ package ]

View File

@ -136,3 +136,32 @@ Without the `--anonymize` flag, the torrent file output will have a 'created by'
- udp://explodie.org:6969/announce
- https://tracker.gbitt.info:443/announce
- http://tracker.gbitt.info:80/announce
## Verify
Add your torrent and notes its number:
```bash
transmission-remote -a "$file".torrent
transmission-remote -l
transmission-remote -t "$number" -i
```
The information in the last command shows that it's not verified, so you can verify with `-v`.
```bash
transmission-remote -t "$number" -v
```
If transmission cannot find it, then tell it where to find the torrent:
```bash
transmission-remote -t "$number" --find "$(pwd)"
```
...and of course, make sure the permissions allow transmission to see the target.
```bash
ls -ld "$file"
```

2
new.sh
View File

@ -14,7 +14,7 @@ filePath="$category/$(echo $name | sed 's/ /_/g').md"
tagsList="$(echo \"$category | sed 's#\/#", "#g')\""
[ -e "$filePath" ] && $EDITOR $filePath && exit 0
[ -e "$filePath" ] && $EDITOR "$filePath" && exit 0
echo "---
title: \"$name\"

24
system/monitoring.md Normal file
View File

@ -0,0 +1,24 @@
---
title: "Monitoring"
tags: [ "Documentation", "System", "CPU", "Memory" ]
---
Print the average CPU load over 1 minute, 5 minutes, and 15 minutes:
```bash
watch -d cat /proc/loadavg
stress="$(cat /proc/loadavg | awk '{print "Usage:" $2"%"}')"
```
Show memory usage in Gibitytes.
```bash
free -g
```
Show low and high gigibtye usage on a *l*ine, and repeat the measurement every 5 seconds:
```bash
REP=5
free --lohi -g -s $REP | lolcat
```

View File

@ -2,6 +2,18 @@
title: "journal"
tags: [ "Documentation", "systemd" ]
---
See a running log of all system messages:
```bash
journalctl -f
```
Or just one unit (`sshd`):
```bash
journalctl -f -u sshd
```
Find errors since November
@ -14,3 +26,13 @@ Limit size to 2G.
```bash
journalctl --vacuum-size=2G
```
Log the fact that you've installed your own `dnsmasq` on your system to `journalctl`, so that you can notice why your system's broken:
```bash
logger "Installed new dnsmasq"
sudo journalctl -f
```

21
vision/lowdown.md Normal file
View File

@ -0,0 +1,21 @@
---
title: "Markdown to PDF"
tags: [ "Documentation", "Markdown", "PDF", "Vision" ]
---
Turn a markdown file into a pdf:
```bash
lowdown -stms "$FILE".md | pdfroff -itk -mspdf > "$FILE".pdf
```
To give the document a title, put that title in the metadata:
```bash
sed -i "1 i---" "$FILE".md
sed -i "1 ititle: $TITLE" "$FILE".md
sed -i "1 i---" "$FILE".md
lowdown -L "$FILE".md
lowdown -X title "$FILE".md
lowdown -stms "$FILE".md | pdfroff -itk -mspdf > "$FILE".pdf
```