[Serverko] added some docs

Signed-off-by: coja <coja@dmz.rs>

Makefile

@@ -1,14 +1,77 @@
-.PHONY: help
 
+ignore_file = .git/info/exclude
+
+
+.PHONY: help
 help: ## Print the help message
 	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
 		sort | \
 		column -s ':' -t
 
-map.txt: map.ge ## Making map.txt
+.PHONY: check
-	grep -v '# unimportant' $< | graph-easy --boxart > $@
+check: ## Check you have all dependencies
-	cat $@
+	@command -v graph-easy >/dev/null || { echo "Install perl-graph-easy" && exit 1 ;}
+	@command -v recsel >/dev/null || { echo "Install recutils" && exit 1 ;}
+	@command -v lowdown >/dev/null || { echo "Install lowdown" && exit 1 ;}
+	@echo "All dependencies installed"
 
-full_map.txt: map.ge ## Generating full_map.txt with graph-easy
+########## Network Map ##########
-	graph-easy --boxart < $< > $@
+
-	cat $@
+graph_program != type graph-easy > /dev/null && printf graph-easy || printf dot 
+
+graph_cmd = graph-easy --boxart
+
+queries = queries authqueries
+
+query_formats = $(patsubst %, .dbs/%.txt, $(queries))
+
+dotquery_formats = $(patsubst %, .dbs/%.dot, $(queries))
+
+.dbs/: | $(ignore_file)
+	mkdir $@
+
+ignored += .dbs/
+
+$(query_formats): .dbs/%.txt: | .dbs/
+	echo "[ {{name}} ] -- $(basename $(@F)) --> [ {{$(basename $(@F))}} ]" > $@
+
+$(dotquery_formats): .dbs/%.dot: | .dbs/
+	echo '{{name}} -> {{$(basename $(@F))}} [ label="$(basename $(@F))" ];' > $@
+
+ifeq ($(graph_program),dot)
+  map_file = network.png
+else
+  map_file = network.txt
+endif
+
+ignored += $(map_file)
+
+.PHONY: map
+map: $(map_file) ## Generate a network map
+
+network.txt: .dbs/network.txt
+	$(graph_cmd) < $<
+
+.dbs/network.txt: network.rec $(query_formats)
+	$(RM) $@
+	$(foreach relation, $(queries), \
+	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).txt >> $@ ;\
+	)
+
+.dbs/network.dot: network.rec $(dotquery_formats)
+	echo 'digraph network {' > $@
+	$(foreach relation, $(queries), \
+	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).dot >> $@ ;\
+	)
+	echo '}' >> $@
+
+network.png: .dbs/network.dot $(ignore_file)
+	dot -T png < $< > $@
+
+##########
+
+$(ignore_file): $(MAKEFILE_LIST)
+	echo $(ignored) | tr ' ' '\n' > $@
+
+clean:
+	$(RM) -r $(ignored)

README.md

@@ -2,6 +2,11 @@ These setup files provide the text-only configurations for DMZ.
 
 *It should not contain private data.*
 
+# Dependencies
+
+- `recutils`
+- (optional) `graph-easy` (the package may be called `perl-graph-easy`)
+
 # Aspirations
 
 - Each service should reside in its own directory.
@@ -13,5 +18,62 @@ These setup files provide the text-only configurations for DMZ.
     - Idempotency.
 - All secrets stored elsewhere (probably in the `dmzadmin` repo)
 - Any maintenance scripts.
-- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`.
+- Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.
+
+# Network Database
+
+I have a half-baked plan to finally make use of plain-text databases, and it's already half-working.
+Try these commands:
+
+Ask what types of _rec_ords it contains:
+
+## Database
+
+```sh
+recinf network.rec
+```
+
+### Select queries
+
+Select with `recsel`, then specify the database (.rec) and type of record (like table in db).
+
+- `--include-descriptors` or `-d`
+- `--type` or `-t`
+- `--expression` or `-e`
+- `--quick` or `-q`
+
+```sh
+recsel network.rec --type router
+recsel network.rec -d -t lxc
+```
+
+User `-q` for a `--quick` selection, or `-e` for more precise selections.
+
+```sh
+recsel network.rec --type lxc --quick wiki
+recsel network.rec -t lxc -q nginx
+recsel network.rec -t lxc -e "name ~ 'nginx'"
+recsel network.rec -t lxc -e "name = 'nginx12'"
+```
+
+### Insert queries
+
+Insert a new record with `recins`.
+
+```sh
+recins network.rec -t lxc -r "name: bob" -r "service: bob" -r "host: moxx"
+```
+
+### Update queries
+
+If you can select something, you can also set its fields with `recset`.
+
+Use `-f` to set the `--field`, and `-a` to `--add`, or `-s` to `--set`.
+
+
+```sh
+recset network.rec -t lxc -e "name = 'nginx12'" -f proxies -a soft-serve
+recsel network.rec -t lxc -e "name = 'nginx11'" -p proxies[0]
+recset network.rec -t lxc -e" name = 'nginx11'" -f proxies[0] -s wiki9
+```
 

docs/dmzrs/README.md

@@ -1,26 +0,0 @@
-Add this configuration to ~/.ssh/config file
-
-Host dmzkrovdmzrs12
-  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
-  User root 
-  IdentityFile ~/.ssh/id_rsa
-  PasswordAuthentication no
-
-Now you can log in by typing:
-torsocks ssh dmzkrovdmzrs12
-
-Install all needed packages
-apt install rsync git nginx
-git clone https://gitea.dmz.rs/Decentrala/website
-
-Run updatewebsite.sh script every minute using crontab (run "crontab -e")
-This fill automaticlly pull from git repo and regenerate events page
-
-Add nginx-dmz.rs.conf to /etc/nginx/sites-available/dmz.rs and create a symlink
-from /etc/nginx/sites-enabled/dmz.rs to that file
-You can do this by running:
-ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
-
-Increase server_names_hash_bucket_size to 256 in /etc/nginx/nginx.conf in order to support onion addresses.
-
-In the nginx configuration /account/ is redirected to luser (https://gitea.dmz.rs/fram3d/luser) instance running at 192.168.1.211

kralizec/cgit11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 115
+---

kralizec/cryptpad-deb-12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 126
+---

kralizec/dmzrs/README.md

@@ -0,0 +1,40 @@
+Add this configuration to `~/.ssh/config` file
+
+```
+Host dmzkrovdmzrs12
+  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
+  User root 
+  IdentityFile ~/.ssh/id_rsa
+  PasswordAuthentication no
+
+```
+
+Now you can log in by typing:
+
+
+```bash
+torsocks ssh dmzkrovdmzrs12
+```
+
+Install all needed packages:
+
+
+```bash
+apt install rsync git nginx
+git clone https://gitea.dmz.rs/Decentrala/website
+```
+
+Run `updatewebsite.sh` script every minute using `crontab` (run "`crontab -e`")
+This fill automatically pull from git repo and regenerate events page
+
+Add `nginx-dmz.rs.conf` to `/etc/nginx/sites-available/dmz.rs` and create a symlink
+from `/etc/nginx/sites-enabled/dmz.rs` to that file.
+You can do this by running:
+
+```bash
+ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
+```
+
+Increase `server_names_hash_bucket_size` to 256 in `/etc/nginx/nginx.conf` in order to support onion addresses.
+
+In the `nginx` configuration /account/ is redirected to the `luser` [instance](https://gitea.dmz.rs/fram3d/luser)  running at `192.168.1.211`.

kralizec/dmzrs12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 122
+---

kralizec/dmzrsflask11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 118
+---

kralizec/donationcalc12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 124
+---

kralizec/dynamicdns11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 111
+---

kralizec/ejabberd/README.md

@@ -1,3 +1,9 @@
+---
+title: ejabberd configurations
+section: 6
+source: Decentrala
+---
+
 #On your PC
 Add this configuration to ~/.ssh/config
 

kralizec/ejabberd11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

kralizec/elinearch/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 119
+---

kralizec/flaskldap11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

kralizec/gitea11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 117
+---

kralizec/http11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 104
+---

kralizec/krovhttp11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 121
+---

kralizec/nginx/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

kralizec/openldap12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 127
+---

kralizec/postfix11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 113
+---

kralizec/postgresql11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 105
+---

kralizec/radionice11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 116
+---

kralizec/roundcube12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 123
+---

kralizec/ssh11/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 114
+---
+
+[wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)

kralizec/sshfs11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 112
+---

kralizec/tor11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 101
+---

kralizec/webring12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 125
+---

kralizec/wiki11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 120
+---

kralizec/wireguard11/README.md

@@ -0,0 +1,56 @@
+---
+VMID: 103
+---
+
+[Wireguard VPN quickstart](https://www.wireguard.com/quickstart)
+
+Check `dmzadmin` for `wireguard.gpg` to know who to contact for access 
+
+---
+
+### Client config
+
+Client config example
+`x` is the assigned on the server as peer:
+
+```conf
+
+[Interface]
+Address = 192.168.164.x/32
+DNS = 1.1.1.1
+MTU = 1420
+SaveConfig = true
+ListenPort = 51820
+FwMark = 0xca6c
+PrivateKey = <your_private_wg_key>
+
+[Peer]
+PublicKey = JP2FTHLUujkevz1kUymciLImsx1OX9ViUko7oPAIoiA=
+AllowedIPs = 192.168.164.0/24, 192.168.1.0/24
+Endpoint = 77.105.27.232:51820
+PersistentKeepalive = 21
+
+```
+
+---
+
+### Server config
+
+New user/client needs to provide their wireguard `publickey` and new ip on the network needs to be assigned (`x`)
+check the server config file `/etc/wireguard/wg0.conf` to find free address
+
+```sh
+sudo wg set wg0 peer <client_public_key> allowed-ips 192.168.164.x/32
+```
+
+---
+
+Command to resolve IP clashing with current and wireguard network, if needed
+
+```shell
+ip route add <ip> dev <wg0>
+```
+
+- `ip` you want to resolve -> for wireguard VM 192.168.1.10
+- `wg0` name of the wireguard config
+

kralizec/xmppmirror11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/serverko/README.md

@@ -17,16 +17,6 @@ VMID Name
 111  taskmanager12  
 112  stopreklamama12  
 
-## srv1
+##### Legend
 
-VMID Name  
+12 -> debian 12
-102  tor12  
-103  dendrite  
-106  icecast12  
-107  mariadb12  
-108  mpd12  
-109  ympd  
-111  sshfs11
-113  ollama12  
-114  chatbot12  
-115  goodvibes12  

krov/serverko/ddns12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 101
+---

krov/serverko/dmzrs12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/serverko/dmzrsaccount/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 110
+---

krov/serverko/ejabberd12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 109
+---
+
+XMPP server, used for future decentralization

krov/serverko/ipv6tunnel12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 107
+---

krov/serverko/nginx12/README.md

@@ -0,0 +1,26 @@
+---
+VMID: 100
+---
+
+This VM is a reverse proxy, all serveces go through it and get their SSL certificates
+
+## Creating new record
+
+```sh
+cd /etc/nginx/sites-available/ # configs are located here
+vim.tiny pastebin.dmz.rs # using pastebin as example, copy existing one and edit it
+ln -s /etc/nginx/sites-available/pastebin.dmz.rs  /etc/nging/sites-enabled/pastebin.dmz.rs # creating link since file is the same
+mkdir /var/www/pastebindmzrs # new dir where certificate will be validated
+nginx -t # checking for errors
+systemctl reload nginx.service # reloading the service for changes to apply, reset will work too
+service nginx reload # alternative server reload
+certbot certonly --webroot -w /var/www/pastebindmzrs -d pastebin.dmz.rs -d pastebin.decentrala.org # requesting the certificates
+```
+
+## renewal
+
+```sh
+ls /var/www/
+cd /etc/letsencrypt/renewal
+certbot renew
+```

krov/serverko/opensmptd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

krov/serverko/postgres12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

krov/serverko/slapd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 104
+---

krov/serverko/stopreklamama12/README.md

@@ -0,0 +1,6 @@
+---
+VMID: 112
+---
+
+This container is for hosting the [website](https://gitea.dmz.rs/svitvojimilioni/stopreklamama)
+hosted on domen `stopreklamama.dmz.rs`

krov/serverko/taskmanager12/README.md

@@ -0,0 +1,8 @@
+---
+VMID: 111
+---
+
+Old app for group task managment, [gitea project](https://gitea.dmz.rs/Decentrala/taskmanager)
+Hosted on [todo.dmz.rs](https://todo.dmz.rs/)
+
+Now using soft.dmz.rs/fixme instead

krov/serverko/tor12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 103
+---
+
+In this container hosts the tor onion service, used for remote access to the proxmox, through tor.

krov/serverko/wireguard12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 105
+---
+
+Wireguard server for VPN access to krov network

krov/srv1/README.md

@@ -0,0 +1,39 @@
+# List of containers
+
+# srv1
+
+VMID Name  
+100  ssh12
+101  vukbox
+102  mad3v-container-postgresql  
+103  nextcloud1 
+104  pentest
+105  dns12
+106  cryptpad  
+107  cryptpad12
+108  ejabberd12 
+109  dante12  
+111  postgresql12
+112  gitea12
+113  game12 
+114  coja-nginx 
+115  mad3v-container-1  
+116  hugo12  
+118  mumble
+119  netstat-game12
+120  privatebin12
+121  searxng12 
+122  alpine-it-tools  
+123  test  
+124  jitsi12
+
+---
+
+### Hardware
+
+Dell enterprise server
+
+##### Legend
+
+12 -> debian 12 lxc
+

krov/srv1/alpine-it-tools/README.md

@@ -0,0 +1,7 @@
+---
+VMID: 122
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=alpine-it-tools)
+
+Plan to host it on tools.dmz.rs

krov/srv1/cryptpad12/README.md

@@ -0,0 +1,13 @@
+---
+VMID: 106
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=cryptpad)
+
+[Project page](https://cryptpad.org/)
+
+
+Plan to host it on cryptpad.dmz.rs
+
+cryptpad (106) is already on that subdomain, but it doesnt work
+

krov/srv1/ejabberd12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 108
+---
+
+XMPP server, practice for future decentralization of the service

krov/srv1/homeAssistentInstanca/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 117
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=haos-vm)
+
+[Forum descussion](https://forum.dmz.rs/t/automatizacija-krova/469)
+
+

krov/srv1/jitsi12/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 124
+---
+
+Video converencing server. Zoom alternative.
+
+[website](https://jitsi.org/)
+
+Plan to host it on jitsi.dmz.rs, video.dmz.rs or else

krov/srv1/mumble/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 118
+---
+
+VOIP server, hosted on krov.dmz.rs
+
+[website](https://www.mumble.info/)
+
+

krov/srv1/netstat-game12/README.md

@@ -0,0 +1,6 @@
+---
+VMID: 119 
+---
+
+Open arena server, free clone of FPS Quake III Arena
+Hosted on krov.dmz.rs:27960 for LAN Parties

krov/srv1/nextcloud1/README.md

@@ -0,0 +1,9 @@
+---
+VMID: 103
+---
+
+Plan for this services was to use the shared callendar with members of DC Krov
+
+Register as a user is disabled, only admins can create the accounts
+LDAP is not connected
+

krov/srv1/old-abandoned/README.md

@@ -0,0 +1 @@
+Those serveces are not on the server

krov/srv1/old-abandoned/chatbot12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 114
+---
+
+[Forum discussion](https://forum.dmz.rs/t/jel-neko-u-krovu-bot/779)

krov/srv1/old-abandoned/dendrite/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 103
+---

krov/srv1/old-abandoned/goodvibes12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 115
+---

krov/srv1/old-abandoned/mariadb12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 107
+---

krov/srv1/old-abandoned/mpd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

krov/srv1/old-abandoned/ollama12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 113
+---

krov/srv1/old-abandoned/tor12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/srv1/old-abandoned/ympd/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

krov/srv1/other/README.md

@@ -0,0 +1,32 @@
+Here should be the list of other containers on the server
+
+## "Personal containers" 
+created on some of the sysadmin workshops, used for learning and practice, usually named by the nickname
+
+- vukbox
+- hugo12
+- malin
+- mad3v-container-postresql
+- mad3v-container-1
+- coja-nginx hosting [coja.krov.dmz.rs](https://coja.krov.dmz.rs/)
+- 
+
+---
+
+## Other 
+
+- pentest - created by fleka for CTF challange
+
+---
+
+## Containers with no info
+Feel free to add info 
+
+- dante12
+- dns12
+- gitea12
+- test
+- game12
+
+
+

krov/srv1/postgresql12/README.md

@@ -0,0 +1,5 @@
+---
+VMID: 111
+---
+
+Probably used as a testing ground for syncing the database, for future decentralization.

krov/srv1/privatebin12/README.md

@@ -0,0 +1,10 @@
+---
+VMID: 120
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=privatebin)
+
+[Project page](https://privatebin.info/)
+
+Hosted on [subdomain on dmz](https://pastebin.dmz.rs/)
+

krov/srv1/searxng12/README.md

@@ -0,0 +1,10 @@
+---
+VMID: 121
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=searxng)
+
+[Project git repo](https://github.com/searxng/searxng)
+
+Hosted on [subdomain on dmz](https://search.dmz.rs/)
+

krov/srv1/ssh12/README.md

@@ -0,0 +1,8 @@
+---
+VMID: 100
+---
+
+SSH port from this container is forwarded on krov.dmz.rs
+SSH access to other containers is done through this one with ssh jump, passwords are disabled, so only keys verification is used. 
+
+[wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)

map.ge

@@ -1,39 +0,0 @@
-# Network map of Decentrala.  Use with:
-# graph-easy --boxart < netmap.txt
-
-(Mox
-	[ m_router ]{label: router ;}
-	[ wireguard ] --> [ m_nginx ]{label: nginx-11 ;}
-	[ wiki ] --> [ m_nginx ]
-	[ gitea ] --> [ m_nginx ]
-	[ tor11 ] --> [ m_nginx ] --> [ m_router ]
-	[ smtp ]
-)
-
-(Serverko
-	[ s_nginx ]{label: nginx-12 ;}
-	[ s_router ]{label: router ;}
-	[ s_nginx ] --> [ nextcloud ]
-	[ s_nginx ] --> [ tor12 ]
-	[ s_nginx ] --> [ s_router ]
-)
-
-(splint.rs # unimportant
-	[ soft-serve ] # unimportant
-	[ mail-cache ]# unimportant
-) # unimportant
-
-[ tor12 ] <..> [ onions ] <..> [ tor11 ]
-[ m_router ] <..> [ BGP ] <..> [ madness ] <..> [ s_router ]
-[ smtp ] <..> [ madness ]
-[ madness ] <..> [  mail-cache ]# unimportant
-[ A ]{label: "" ;}
-[ B ]{label: "" ;}
-[ C ]{label: "" ;}
-[ D ]{label: "" ;}
-[ onions ] <..> [ A ]
-[ onions ] <..> [ B ]
-[ A ] <..> [ C ]
-[ B ] <..> [ D ]
-
-(Sharks! [ D ])

network.rec

@@ -0,0 +1,88 @@
+%rec: router
+%doc: Routers, or possibly modems?
+
+name: ISP Router
+location: kralizec
+ISP: Orion
+
+name: ISP Router
+location: krov
+ISP: Yettel
+
+%rec: host
+%doc: These are the real machines, most of which run VMs or containters.
+%key: name
+
+name: moxx
+location: kralizec
+
+name: Serverko
+location: krov
+
+%rec: lxc
+%doc: A container, usually on a Proxmox host.
+%type: host rec host
+
+name: nginx11
+gateway: ISP-router
+host: moxx
+proxies: wiki11
+proxies: gitea11
+proxies: forum11
+proxies: ejabberd11
+proxies: dmzrs
+
+name: LDAP
+host: moxx
+
+name: website
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+service: dmzrs
+service: flask accounts
+
+name: gitea11
+service: gitea
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+
+name: ejabberd11
+service: ejabberd
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+
+name: forum11
+service: forum
+host: moxx
+authqueries: LDAP
+queries: postgresql11
+
+name: postfix11
+service: postfix
+authqueries: LDAP
+
+name: tor11
+service: tor
+host: moxx
+
+name: postgresql11
+service: postgresql
+host: moxx
+
+name: wiki11
+service: wiki
+host: moxx
+authqueries: LDAP
+
+name: nginx12
+host: Serverko
+
+name: nextcloud
+host: Serverko
+
+name: tor12
+host: nginx
+

scripts/generatepass.sh

@@ -0,0 +1,5 @@
+
+#!/bin/bash
+
+echo $(shuf shared/english.txt | head) | sed "s/ //g"
+

scripts/showpass.sh

@@ -1,62 +0,0 @@
-#!/bin/sh
-
-# If you want to add these passwords to the `pass` program, you can
-# symlink all the passwords which you can open, then open the
-# passwords with a script like this.
-
-pass_store=~/.password-store
-
-# THIS_PLACE="$PWD"
-# mkdir $pass_store/dmz
-# cd !$
-# find  "$THIS_PLACE" -type f -name "*.gpg" | \ 
-#     sed "s#/home/ghost#../..#" | \ 
-#     while read -r line; do
-#         gpg -d "$line" && ln -sf "$line" .
-#     done
- 
-
-sanity_check(){
-    command -v $1 >/dev/null || (
-        echo "You must install $1"
-        exit 1
-    )
-}
-
-set_selector_if_program_exists(){
-    command -v "$1" > /dev/null  && selector="$1 $2"
-}
-
-if [ -z "$DISPLAY" ]; then
-    set_selector_if_program_exists sk || \
-        set_selector_if_program_exists fzy || \
-        set_selector_if_program_exists fzf
-    fail_sender='echo'
-else
-    set_selector_if_program_exists "rofi" 'rofi -dmenu "$@"' || \
-        set_selector_if_program_exists dmenu || \
-        (
-            echo "Cannot find anything to select a key. Install dmenu." 
-            exit 1
-        )
-    fail_sender='notify-send'
-fi
-
-list_keys(){
-    find -L . -mindepth 1 -type f -name "*.gpg" | \
-        sed 's/\.\///' | \
-        sed 's/.gpg//'
-}
-
-####################
-
-set -e
-
-sanity_check pass
-
-cd "$pass_store"
-
-password="$(list_keys | $selector)"
-
-pass -c "$password" || $fail_sender 'Cannot decrypt'
-