disu1950/lk
1
0
Fork 0
forked from andonome/lk
Code Pull Requests Activity

change formatting

Browse Source 
input examples are now given as

```bash
input $ARG1
```

While outputs use md's '> ' sign as a quote.
This commit is contained in:
Malin Freeborn
2023-06-17 21:28:20 +02:00
parent 1ba3010b81
commit ba8026e0c3
102 changed files with 2388 additions and 3211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
networking/fail2ban.md
View File

@@ -4,7 +4,9 @@ tags: [ "Documentation", "Networking" ]
---
# SSH Daemon Jail
> sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.d/ssh.local
```bash
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.d/ssh.local
```
```
[sshd]
@@ -14,11 +16,17 @@ ignoreip = 127.0.0.1/8 ::1,192.168.0.0/16 ::1
```
> sudo systemctl restart fail2ban
```bash
sudo systemctl restart fail2ban
```
> sudo fail2ban-client status
```bash
sudo fail2ban-client status
```
> sudo fail2ban-client status sshd
```bash
sudo fail2ban-client status sshd
```

56
networking/graph-easy.md
View File

@@ -4,23 +4,23 @@ tags: [ "Documentation" ]
---
Set up a file like this, called `troubleshooting.txt`.
```
[ Is there an IP address? ] -- no --> [ Check NIC driver, dmesg ]
> [ Is there an IP address? ] -- no --> [ Check NIC driver, dmesg ]
>
> [ Is there an IP address? ] -- yes --> [ Can you ping the router? ]
>
> [ Can you ping the router? ] -- no --> [ Check cables, router, and switches ]
>
> [ Can you ping the router? ] -- yes --> [ Can you ping a DNS address? ]
>
> [ Can you ping a DNS address? ] -- no --> [ Trying pinging 8.8.8.8 ]
>
> [ Can you ping a DNS address? ] -- yes --> [ Traceroute ]
[ Is there an IP address? ] -- yes --> [ Can you ping the router? ]
[ Can you ping the router? ] -- no --> [ Check cables, router, and switches ]
[ Can you ping the router? ] -- yes --> [ Can you ping a DNS address? ]
[ Can you ping a DNS address? ] -- no --> [ Trying pinging 8.8.8.8 ]
[ Can you ping a DNS address? ] -- yes --> [ Traceroute ]
```
Then translate it with:
> graph-easy troubleshooting.txt --as boxart
```bash
graph-easy troubleshooting.txt --as boxart
```
```
@@ -37,14 +37,20 @@ Then translate it with:
Many options allow different displays.
Try placing this in a file:
```
[ One ] { fill: seagreen; color: white; } -- label --> [ Two ] { shape: triangle; }
[ One ] => { arrow-style: closed; } [ Three ]
[ Five ] { fill: maroon; color: yellow; } <=> [ Three ]
[ One ] .. Test\n label ..> [ Four ]
[ Three ] { border-style: dashed; }
.. Test\n label ..> { arrow-style: closed; } [ Six ] { label: Sixty\n Six\nand\nsix; }
[ Three ] <-- Test label --> { arrow-style: closed; } [ Six ]
[ Eight ] .. [ None ] { shape: none; fill: red; color: brown; }
[ no Network ] --> [ Is there an IP address? ]
```
> [ One ] { fill: seagreen; color: white; } -- label --> [ Two ] { shape: triangle; }
>
> [ One ] => { arrow-style: closed; } [ Three ]
>
> [ Five ] { fill: maroon; color: yellow; } <=> [ Three ]
>
> [ One ] .. Test\n label ..> [ Four ]
>
> [ Three ] { border-style: dashed; }
>
> .. Test\n label ..> { arrow-style: closed; } [ Six ] { label: Sixty\n Six\nand\nsix; }
>
> [ Three ] <-- Test label --> { arrow-style: closed; } [ Six ]
>
> [ Eight ] .. [ None ] { shape: none; fill: red; color: brown; }
>
> [ no Network ] --> [ Is there an IP address? ]

32
networking/iptables.md
View File

@@ -8,7 +8,9 @@ This is a basic Linux firewall program.
Look at your firewalls:
> iptables -L
```bash
iptables -L
```
We see the output of input, output and forwarding rules.
@@ -16,19 +18,27 @@ We see the output of input, output and forwarding rules.
I don't need any forwarding, so I'm going to drop all forwarding:
> iptables -P FORWARD DROP
```bash
iptables -P FORWARD DROP
```
# Input
Let's 'A'dd, or 'A'ppend a rule with -A. Let's drop all input from a nearby IP
> iptables -A INPUT -s 192.168.0.23 -j DROP
```bash
iptables -A INPUT -s 192.168.0.23 -j DROP
```
Or we can block all input from a particular port on the full Network.
> iptables -A INPUT -s 192.168.0.0/24 -p tcp --destination-port 25 -j DROP
```bash
iptables -A INPUT -s 192.168.0.0/24 -p tcp --destination-port 25 -j DROP
```
> iptables -A INPUT --dport 80 -j ACCEPT
```bash
iptables -A INPUT --dport 80 -j ACCEPT
```
This allows http traffic to an Apache web server over port 80.
@@ -37,11 +47,15 @@ However, rules are accepted in order - so a packet cannot be rejected and then a
To delete rule 2 from the INPUT chain:
> iptables -D INPUT 3
```bash
iptables -D INPUT 3
```
Alternatively, you can 'I'nsert a rule at the start, rather than 'A'ppending it.
> iptables -I INPUT -s 192.168.0.13 DROP
```bash
iptables -I INPUT -s 192.168.0.13 DROP
```
# Catchalls
@@ -53,7 +67,9 @@ The -j flag accepts ACCEPT/REJECT/DROP. The last two are identical except that
Flush all existing rules with:
> iptables -F
```bash
iptables -F
```
# Examples

94
networking/network_protocols.md
View File

@@ -1,94 +0,0 @@
---
title: "protocols"
tags: [ "Documentation", "Networking" ]
---
# Protocols
| TCP | UDP | ICMP |
|:-----------------|:-----------------|:------------------|
|Transmission Control Protocol | User Datagram Protocol | Internet Control Message Protocol |
| Reliable and slow. | Fast but unreliable, such as VOIP. Provides checksums. | Dirty checks such as pings. |
# Networking Addressing
## IPv4
Three address ranges pertain only to private Networks, so no computer looks beyond the local router to resolve them:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
In theory, Networks should fall within one of 3 ranges, depending upon their first octet:
Class A 1-127
Class B 128 to 191
Class C 192 to 223
# Service Ports
There are three types of port ranges:
1 to 1023: Well-known and established ports.
1024 to 49151 ICANN registered ports, used by various products, with limited oversight.
49152 to 65535 Dynamic ports for ad hoc use.
View a more complete list of ports with:
> less /etc/services
# ip
Show all addresses with:
> ip a{dd{ress}} s{how}
If a link's not present, load it with:
sudo ip link set dev wlp3s0 up
Add an interface to a device as so:
> sudo ip a add 192.168.0.15/255.255.255.0 dev eth1
See Network interfaces available on Fedora with:
> less /etc/sysconfig/Network-scripts/ifcfg-enp2s0f0
or on Debian with:
> less /etc/Network/interfaces
Mostly, interfaces will receive automatic addresses from a DHCP server. If this hasn't happened for you, you can request a dhcp address with:
> sudo dhclient eth1
View your current route to the internet with:
> route
... although on void this is:
> routel
If you don't have a route to the internet, you can manually specify the default gateway with:
> sudo route add default gw 192.168.0.1
... or ...
> sudo ip route add default via 192.168.0.1

141
networking/networking_basics.md
View File

@@ -1,141 +0,0 @@
---
title: "Networking"
tags: [ "Documentation", "Networking", "ip" ]
---
# You
Check how your computer connects to the net:
> ip address show
```
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UP group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 84:3a:4b:ca:5c:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.13/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp3s0
valid_lft 199143sec preferred_lft 172143sec
inet6 fe80::22:5eb9:8a3a:95b2/64 scope link
valid_lft forever preferred_lft forever
4: wwp0s20u4i6: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:cd:4d:28:ec:dc brd ff:ff:ff:ff:ff:ff
inet 169.254.104.159/16 brd 169.254.255.255 scope global noprefixroute wwp0s20u4i6
valid_lft forever preferred_lft forever
inet6 fe80::e9d3:506c:c0a9:6679/64 scope link
valid_lft forever preferred_lft forever
```
That's too much output to read, so try:
> ip address show | grep inet
```
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 192.168.0.13/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp3s0
inet6 fe80::22:5eb9:8a3a:95b2/64 scope link
inet 169.254.104.159/16 brd 169.254.255.255 scope global noprefixroute wwp0s20u4i6
inet6 fe80::e9d3:506c:c0a9:6679/64 scope link
```
The starting numbers tell you about the address. You just have to memorize the meanings:
| Address Prefix | Meaning |
|:---:|:---:|
| 127.X | The computer's name for itself, for when you want to ssh into your own machine |
| ::1/128 | Same thing, with ipv6 |
| 192.168.X | A small Network address, given by a DHCP server (possibly your router) |
| 169.X | The interface to the internet wasn't given an ip address, so it's made up its own |
# `arp-scan`
Look around your local Network with `arp-scan`.
> sudo arp-scan -l
```
Interface: wlp3s0, type: EN10MB, MAC: 84:3a:4b:ca:5c:24, IPv4: 192.168.0.13
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.0.1 0c:02:27:bc:aa:a1 Technicolor CH USA Inc.
192.168.0.15 b8:27:eb:4a:cd:d9 Raspberry Pi Foundation
192.168.0.10 dc:0b:34:94:5c:c4 LG Electronics (Mobile Communications)
3 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.7: 256 hosts scanned in 1.937 seconds (132.16 hosts/sec). 3 responded
```
The interface here was `wlp3s0`. It starts with 'w', so it's a wifi card. Each internet adapter has a name, called a 'MAC address' in order to identify itself to outsiders. The first three parts of a MAC address are given by the manufacturer (like a family name), and the rest are just for that one device.
The '192.168.0.1' address ends in '.1', so it's probably a router. The manufacturer is 'Technicolor' (`arp-scan` has identified this from the first digits of the MAC: '0c:02:27').
Next is 192.168.0.15, which is labelled as a 'raspberry pi'. Finally, the '.10' address is a mobille phone.
Mac addresses are easy to fake, so don't trust this output to keep you safe.
# `nmap`
Look around your entire Network from 192.168.0.1 to 192.168.0.255:
> sudo nmap -F 192.168.0.1/24
The `-F` means 'do this fast, by only scanning normal traffic' (ports below 1000).
```
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-09 13:52 CET
Nmap scan report for 192.168.0.1
Host is up (0.011s latency).
Not shown: 99 closed ports
PORT STATE SERVICE
80/tcp open http
MAC Address: 0C:02:27:BC:AA:A1 (Technicolor CH USA)
Nmap scan report for 192.168.0.10
Host is up (0.0040s latency).
All 100 scanned ports on 192.168.0.10 are closed
MAC Address: DC:0B:34:94:7C:C4 (LG Electronics (Mobile Communications))
Nmap scan report for belgradecats (192.168.0.15)
Host is up (0.0096s latency).
Not shown: 98 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: B8:27:EB:4A:CD:D9 (Raspberry Pi Foundation)
Nmap scan report for 192.168.0.13
Host is up (0.0000080s latency).
Not shown: 99 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (4 hosts up) scanned in 5.34 seconds
```
Network traffic is split into different types of information. Each one gets a number called a 'port'. Most of this information is dead, so only a few ports are used nowadays.
The first one shows port 80, so you can visit it on a web browser. The next shows 53 (so it's handing out names of local computers) and 22 (so you can access it via ssh).
You can scan outside addresses with:
> sudo nmap facebook.com
However, when you scan something, that machine will see you, and you may set off alerts, which then have to bother whoever's looking after that address.
So if you want to try out nmap from outside, find a place you have permission to scan (like your own external IP address), or try:
> sudo nmap hack.me
The hack.me website doesn't mind people scanning.

11
networking/nmap.md
View File

@@ -5,7 +5,9 @@ tags: [ "Documentation", "Networking" ]
Example:
> nmap 192.168.1.1/24
```bash
nmap 192.168.1.1/24
```
Flags:
@@ -15,7 +17,6 @@ Flags:
Look for a web server, which has ports 80 and 443 open:
> nmap 192.168.1.1/24 -p 80,443 --open
```bash
nmap 192.168.1.1/24 -p 80,443 --open
```

47
networking/pi-hole-server.md
View File

@@ -6,37 +6,54 @@ tags: [ "Documentation", "Distros" ]
## Arch
> yay -S pi-hole-server
```bash
yay -S pi-hole-server
```
> sudo systemctl enable --now pihole-FTL
```bash
sudo systemctl enable --now pihole-FTL
```
> sudo systemctl disable --now systemd-resolved
```bash
sudo systemctl disable --now systemd-resolved
```
> sudo rm -f /dev/shm/FTL-\*
```bash
sudo rm -f /dev/shm/FTL-\*
```
## Debian
Debian has a long, boring setup.
> sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate
> curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash
```bash
sudo apt-get install wget curl net-tools gamin lighttpd lighttpd-mod-deflate
curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true sudo -E bash
```
# Setup
> sudo usermod -aG pihole $USER
```bash
sudo usermod -aG pihole $USER
```
Remove that google dns server.
> pihole -a setdns 9.9.9.9 1.0.0.1
```bash
pihole -a setdns 9.9.9.9 1.0.0.1
```
Disable pihole password by setting a blank password.
> pihole -a -p
```bash
pihole -a -p
```
Get a new list of blocked domains, then reload:
> pihole -g -r
```bash
pihole -g -r
```
Every so often, run `pihole -g` again (perhaps put it in crontab).
@@ -44,11 +61,15 @@ Every so often, run `pihole -g` again (perhaps put it in crontab).
Observe the pihole's output while you ask it a question:
> pihole -t
```bash
pihole -t
```
Then ask the question from another computer:
> dig @[ pihole ip ] archlinux.org
```bash
dig @[ pihole ip ] archlinux.org
```
## System-Wide Setup

12
networking/pip.md
View File

@@ -2,20 +2,26 @@
title: "pip"
tags: [ "Documentation", "Networking" ]
---
```
Searching does not work.
Install with:
> pip install [ package ]
```bash
pip install [ package ]
```
Upgrade all packages
> pip freeze --local | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
```bash
pip freeze --local | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
```
# Troubleshooting
You may need a python3 package.
In this case, try:
> pip3 install [ package ]
```bash
pip3 install [ package ]

48
networking/rclone.md
View File

@@ -3,53 +3,77 @@ title: "rclone"
tags: [ "Documentation", "Networking" ]
---
The manpage's 'Synopsis' provides a fast reference.
```
We'll assume a folder in Google Drive called 'test', and local folder called 'foo'.
Generate a config file with:
> rclone config
```bash
rclone config
```
Look at the contents of Google Drive:
> rclone ls gd:/
```bash
rclone ls gd:/
```
If rclone loses authorization:
> rclone authorization
```bash
rclone authorization
```
List only directories:
> rclone lsf -dirs-only google:/
```bash
rclone lsf -dirs-only google:/
```
Mount the remote location on /tmp/google with:
> rclone mount google /tmp/google
```bash
rclone mount google /tmp/google
```
Copy the contents of 'foo' to 'test'.
> rclone copy foo/ google:test
```bash
rclone copy foo/ google:test
```
Sync contents of foo and test with a progress bar (will delete Google items):
> rclone sync foo google:test -P
```bash
rclone sync foo google:test -P
```
Remove all duplicates
> rclone dedupe google:test
```bash
rclone dedupe google:test
```
Delete contets of a remote file:
> rclone delete n:test
```bash
rclone delete n:test
```
Or delete the folder and contents as well:
> rclone purge n:test
```bash
rclone purge n:test
```
Copy to and from with:
> rclone copyto google:test foo
```bash
rclone copyto google:test foo
```
or
> rclone copyto foo google:test
```bash
rclone copyto foo google:test

16
networking/scraping/youtube-dl.md
View File

@@ -4,19 +4,27 @@ tags: [ "Documentation", "Scraping" ]
---
Install `yt-dlp`.
> yt-dlp --write-auto-sub *<URL>*
```bash
yt-dlp --write-auto-sub *<URL>*
```
It will default to English, but you can specify another language with the flag --sub-lang:
> youtube-dl --sub-lang sv --write-auto-sub *<URL>*
```bash
youtube-dl --sub-lang sv --write-auto-sub *<URL>*
```
You can list all available subtitles with:
> yt-dlp --list-subs *<URL>*
```bash
yt-dlp --list-subs *<URL>*
```
It's also possible to skip the video and only download the subtitle if you add the flag --skip-download:
> yt-dlp --sub-lang sv --write-auto-sub --skip-download *<URL>*
```bash
yt-dlp --sub-lang sv --write-auto-sub --skip-download *<URL>*
```
## Alternative

8
networking/ssh/sshfs.md
View File

@@ -4,7 +4,9 @@ tags: [ "Documentation", "Networking" ]
---
# Mount
> sshfs alfred@192.168.0.14:Sync/Alfred
```bash
sshfs $USER@$IP_ADDRESS:$DIR
```
Various flags:
@@ -13,5 +15,7 @@ Various flags:
# Unmount
> fusermount3 -u Sync/Alfred
```bash
fusermount3 -u $DIR
```

16
networking/ssh/tricks.md
View File

@@ -5,17 +5,25 @@ tags: [ "Documentation", "Networking", "ssh", "tricks" ]
Mount a remote filesystem locally with fuse-sshfs:
> sshfs *user*@192.168.0.10:/home/*user* /tmp/mnt
```bash
sshfs *user*@192.168.0.10:/home/*user* /tmp/mnt
```
Unmount with:
> fusermount -u /tmp/mnt
```bash
fusermount -u /tmp/mnt
```
Set it up on /etc/fstab with:
> sshfs#bkp@bkp.a-server.ninja:/media/store1/bkp /backup fuse defaults,allow_other,reconnect,delay_connect 0 0
```bash
sshfs#bkp@bkp.a-server.ninja:/media/store1/bkp /backup fuse defaults,allow_other,reconnect,delay_connect 0 0
```
Make image backup of sda1 and sda2 from one machine and pass it through ssh to another.
> for i in {1,2};do sudo dd if=/dev/sda$i | ssh -C *user*@192.168.0.10 "dd of=/mnt/Backup/winback-oct-\"$i\".img" status=progress; done
```bash
for i in {1,2};do sudo dd if=/dev/sda$i | ssh -C *user*@192.168.0.10 "dd of=/mnt/Backup/winback-oct-\"$i\".img" status=progress; done
```

4
networking/tor.md
View File

@@ -5,7 +5,9 @@ tags: [ "Documentation", "Networking" ]
# Get a hostname
> sudo vim /etc/tor/torrc
```bash
sudo vim /etc/tor/torrc
```
Uncomment the lines about `/var/lib/tor/hidden_services`, including port 22 (or whatever); restart tor, then go to that directory, and cat the hostname.

42
networking/transmission.md
View File

@@ -9,12 +9,14 @@ It breaks a lot, so if it's not working, the problem is probably in the program.
Search for 'sita sings the blues' with:
> torrench 'sita sings the blues'
```bash
torrench 'sita sings the blues'
```
Copy the magnet link.
It looks like this:
`magnet:?xt=urn:btih:05547db7c0c5fbbe50f00212ee43e9cec5b006fa&dn=Sita+Sings+the+Blues+%281080P+official+release%29&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969`
> magnet:?xt=urn:btih:05547db7c0c5fbbe50f00212ee43e9cec5b006fa&dn=Sita+Sings+the+Blues+%281080P+official+release%29&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969
But you only need this bit (up until the `&` character):
@@ -27,28 +29,40 @@ Install it then start the service.
Arch Linux:
> sudo systemctl start transmission
```bash
sudo systemctl start transmission
```
Debian:
> sudo systemctl start transmission-daemon
```bash
sudo systemctl start transmission-daemon
```
Add a torrent by the .torrent file, or a magnet link, like this:
> transmission-remote -a 'magnet:?xt=urn:btih:05547db7c0c5fbbe50f00212ee43e9cec5b006fa&dn=Sita+Sings+the+Blues+%281080P+official+release%29&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969'
```bash
transmission-remote -a 'magnet:?xt=urn:btih:05547db7c0c5fbbe50f00212ee43e9cec5b006fa&dn=Sita+Sings+the+Blues+%281080P+official+release%29&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969'
```
> transmission-remote -a sita.torrent
```bash
transmission-remote -a sita.torrent
```
Now let's check that the torrent's been added successfully.
> transmission-remote -l
```bash
transmission-remote -l
```
To see the torrents, go to /var/lib/transmission/Downloads
If you don't have permission, either add the directory to the group made for your username, or add yourself to the `:transmission` group, or otherwise make sure that you can read that directory, and the user `transmission` can read, write and execute.
E.g.:
> sudo usermod -aG transmission $USER
```bash
sudo usermod -aG transmission $USER
```
Log in again for the changes to take effect (or open a new TTY with `Ctrl+Alt+F2`).
@@ -56,13 +70,17 @@ Log in again for the changes to take effect (or open a new TTY with `Ctrl+Alt+F2
If you don't want to have a file active as a torrent, get it's number with `transmission-remote -l`, then, if it were number '4', do:
> transmission-remote -t 4 -r
```bash
transmission-remote -t 4 -r
```
You can now move the file, and the torrent will not be confused.
To both **r**emove **a**nd **d**elete a file, use `-rad`:
> transmission-remote -t 4 -rad
```bash
transmission-remote -t 4 -rad
```
# Moving Torrents
@@ -71,5 +89,7 @@ If the file is in your home - `~` - but `transmission` is not allowed in your ho
Next, find the torrent's number. You can use multiple numbers, separated with a comma:
> transmission-remote -t 3,5,8 --move /home/alice/music
```bash
transmission-remote -t 3,5,8 --move /home/alice/music
```

12
networking/troubleshooting.md
View File

@@ -7,13 +7,19 @@ tags: [ "Documentation", "Networking" ]
If not, try checking out what your local Networking interfaces are, then check if they have been picked up:
> dmesg | grep eth0
```bash
dmesg | grep eth0
```
# Display Active Ports
> netstat -l
```bash
netstat -l
```
...or maybe narrow it down to http:
> netstat -l | grep http
```bash
netstat -l | grep http
```

47
networking/website/nginx.md
View File

@@ -4,25 +4,37 @@ tags: [ "Documentation", "Networking" ]
---
Install nginx:
> sudo apt-get install nginx
```bash
sudo apt-get install nginx
```
> sudo apt-get enable --now nginx
```bash
sudo apt-get enable --now nginx
```
Put a website somewhere:
> mkdir /var/www/html/mysite/
```bash
mkdir /var/www/html/mysite/
```
Put an index file there:
> vim /var/www/html/mysite/index.html
```bash
vim /var/www/html/mysite/index.html
```
Make the owner `www-data`
> chown -R www-data:www-data /var/www/html/mysite/
```bash
chown -R www-data:www-data /var/www/html/mysite/
```
Make a configuration file for nginx:
> vim /etc/nginx/sites-available/mysite.conf
```bash
vim /etc/nginx/sites-available/mysite.conf
```
```
@@ -37,15 +49,20 @@ server {
try_files $uri $uri/ =404;
}
}```
}
```
Make the site available:
> ln -s /etc/nginx/sites-available/mysite.conf /etc/nginx/sites-enabled/
```bash
ln -s /etc/nginx/sites-available/mysite.conf /etc/nginx/sites-enabled/
```
Test it's working:
> nginx -t
```bash
nginx -t
```
## Troubleshooting
@@ -65,13 +82,19 @@ Buy some DNS online, then check it's working.
*Once it's working*, use certbot:
> apt install certbot
```bash
apt install certbot
```
You may need to install an nginx python module:
> apt install python3-certbot-nginx
```bash
apt install python3-certbot-nginx
```
> certbot --nginx -d *mysite.tk* --non-interactive --agree-tos -m *webmaster@email.tld*
```bash
certbot --nginx -d *mysite.tk* --non-interactive --agree-tos -m *webmaster@email.tld*
```
When you are asked about redirecting from HTTP to HTTPS, say yes (option "2").

62
networking/wifi.md
View File

@@ -6,65 +6,87 @@ tags: [ "Documentation", "Networking" ]
Stats on local net usage within domain.
> iftop -p -n
```bash
iftop -p -n
```
> whois domain.com
```bash
whois domain.com
```
Info on domain, whether it's taken, et c.:
> dig domain.com
```bash
dig domain.com
```
> ifconfig
```bash
ifconfig
```
Versatile wifi tool:
> nmcli
```bash
nmcli
```
# Examples
You want to connect to the internet.
> sudo iwconfig
```bash
sudo iwconfig
```
Get knowledge of wireless state. The output might be:
`wlp3s0 IEEE 802.11 ESSID:"Gandalf WajFaj"`
> wlp3s0 IEEE 802.11 ESSID:"Gandalf WajFaj"
`Mode:Managed Frequency:2.412 GHz Access Point: 10:05:01:90:AC:1A`
> Mode:Managed Frequency:2.412 GHz Access Point: 10:05:01:90:AC:1A
`Bit Rate=144.4 Mb/s Tx-Power=15 dBm`
> Bit Rate=144.4 Mb/s Tx-Power=15 dBm
`Retry short limit:7 RTS thr:off Fragment thr:off`
> Retry short limit:7 RTS thr:off Fragment thr:off
`Encryption key:off`
> Encryption key:off
`Power Management:on`
> Power Management:on
`Link Quality=64/70 Signal level=-46 dBm`
> Link Quality=64/70 Signal level=-46 dBm
`Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag`
> Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag
`Tx excessive retries:0 Invalid misc:363 Missed beacon`
> Tx excessive retries:0 Invalid misc:363 Missed beacon
This tells you that your ESSID is 'Gandalf WajFaj', and the access point name is 10:05:......
> nmcli radio
```bash
nmcli radio
```
You get an overview of your radio devices.
You're told that eth0 deals with your ethernet and `wlan0` deals with wifi.
`wlan0` is a file which represents your wifi device.
> nmcli wlan0 wifi rescan
```bash
nmcli wlan0 wifi rescan
```
> nmcli device wifi list
```bash
nmcli device wifi list
```
Now to connect.
> nmcli device wifi connect [SSID] [your password] [wifi password]
```bash
nmcli device wifi connect [SSID] [your password] [wifi password]
```
Alternatively, you can use
> nmcli -ask device wifi connect [SSID]
```bash
nmcli -ask device wifi connect [SSID]
```
And it'll ask for your password, so you're not typing it in in full view.

38
networking/wireguard.md
View File

@@ -11,16 +11,25 @@ https://engineerworkshop.com/blog/how-to-set-up-wireguard-on-a-raspberry-pi/
Install `wireguard-tools` on the server.
> sudo -i
```bash
sudo -i
```
> cd /etc/wireguard
```bash
cd /etc/wireguard
```
umask 077
> wg genkey | tee server_private_key | wg pubkey > server_public_key
```bash
wg genkey | tee server_private_key | wg pubkey > server_public_key
```
> wg genkey | tee client_private_key | wg pubkey > client_public_key
```bash
wg genkey | tee client_private_key | wg pubkey > client_public_key
```
```bash
echo "
[Interface]
Address = 10.0.0.1/24
@@ -35,14 +44,23 @@ umask 077
PublicKey = $(cat client_public_key)
AllowedIPs = 10.0.0.2/32
" > /etc/wireguard/wg0.conf
```
> echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/wg.conf
```bash
echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/wg.conf
```
> systemctl enable --now wg-quiqck@wg0
```bash
systemctl enable --now wg-quiqck@wg0
```
> chown -R root:root /etc/wireguard/
```bash
chown -R root:root /etc/wireguard/
```
> chmod -R og-rwx /etc/wireguard/\*
```bash
chmod -R og-rwx /etc/wireguard/\*
```
Forward traffic from port 51900 to the server.
@@ -80,4 +98,6 @@ Add multiple peers by copying the `[peer]` section (they each get called `peer`)
Make a standard client configuration, then:
> qrencode -t ansiutf8 < /etc/wireguard/mobile_user.conf
```bash
qrencode -t ansiutf8 < /etc/wireguard/mobile_user.conf
```

32
networking/wireless.md
View File

@@ -4,29 +4,41 @@ tags: [ "Documentation", "Networking" ]
---
# Check wifi's working
> lspci -k
```bash
lspci -k
```
Or for usb wifi:
> dmesg | grep usbcore
```bash
dmesg | grep usbcore
```
... and hopefully it'll say the new interface is registered.
# Check if a wifi interface has been created
> ip link
```bash
ip link
```
or
> iw dev
```bash
iw dev
```
Assuming it's wlan0, bring it up with
> ip link set wlan0 up
```bash
ip link set wlan0 up
```
Error messages probably means your wireless chipset requires a firmware to function. In this case, check the kernel messages for firmware being loaded
> dmesg | grep firmware
```bash
dmesg | grep firmware
```
# Utilities
@@ -36,11 +48,15 @@ iw doesn't do wpa/wpa2. wpa_supplicant does everything. iwd does everything ex
Get the link status:
> iw dev wlan0 link
```bash
iw dev wlan0 link
```
Scan for available points:
> iw dev wlan0 scan
```bash
iw dev wlan0 scan
```
The connecting commands do not cover wpa2.

64
networking/wpa_supplicant.md
View File

@@ -7,57 +7,87 @@ wpa_supplicant configurations are stored in /etc/wpa_supplicant/wpa_supplicant-w
## WiFi Connection
> wpa_cli
```bash
wpa_cli
```
Once in, scan the network, add an empty place to store credentials, then input them.
> scan
```bash
scan
```
> scan_results
```bash
scan_results
```
> add_network
```bash
add_network
```
This outputs a network number, e.g. '3'. This is the new network you'll work with.
> set_network *3* ssid *"Kosachok Cafe"*
```bash
set_network *3* ssid *"Kosachok Cafe"*
```
> set_network 3 psk *"Kosachok2019"*
```bash
set_network 3 psk *"Kosachok2019"*
```
OR (for no password)
> set_network *3* key_mgmt NONE
```bash
set_network *3* key_mgmt NONE
```
> enable_network 3
```bash
enable_network 3
```
> save_config
```bash
save_config
```
This takes a while to connect, so to speed things up, restart the service:
> sudo sv restart wpa_supplicant
```bash
sudo sv restart wpa_supplicant
```
# Scripts
You can script like this:
> wpa_cli add_network
```bash
wpa_cli add_network
```
That returns an ID, so you can say:
> newNetwork="$(wpa_cli add_network)"
```bash
newNetwork="$(wpa_cli add_network)"
```
Then `$newNetwork` would equal that number, and you can add/ remove networks with scripts.
But remember to escape the quotes, so adding a network would be:
> wpa_cli set_network *3* psk *\""passphrase"\"*
```bash
wpa_cli set_network *3* psk *\""passphrase"\"*
```
## Generating Keys Manually
> wpa_passphrase [ssid] [password]
```bash
wpa_passphrase [ssid] [password]
```
For example:
> wpa_passphrase 'Cafe Kosachok' 'Kosachok2019'
```bash
wpa_passphrase 'Cafe Kosachok' 'Kosachok2019'
```
This then spills the relevant psk and such to be entered into the wpa_supplicant configuration file.
@@ -65,6 +95,8 @@ If you encounter problems, you will probably need to delete the old device pid i
Next up, start wpa_supplicant:
> wpa_supplicant -B -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant-wlan0
```bash
wpa_supplicant -B -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant-wlan0
```
The -B flag runs this as a background process. Remove this to see real-time output in order to solve problems. The -i flag denotes the physical device used for the wifi. The -c flag points to the configuration file for use.