From 6e8a4fa4c525e45341e53bf14af085c5f4c27810 Mon Sep 17 00:00:00 2001 From: Houtworm Date: Thu, 10 Apr 2025 04:10:54 +0200 Subject: [PATCH] Initial Commit --- Cheatsheets/color.md | 116 +++ Guides/Arch/00Intro.md | 126 +++ Guides/Arch/01Base.md | 595 ++++++++++++ Guides/Arch/02AIptables.html | 11 + Guides/Arch/02AIptables.md | 68 ++ Guides/Arch/02GNOME.md | 325 +++++++ Guides/Arch/02KDE.md | 94 ++ Guides/Arch/02Server.md | 1069 +++++++++++++++++++++ Guides/Arch/03Terminal.md | 663 +++++++++++++ Guides/Arch/04Programming.md | 569 +++++++++++ Guides/Arch/05Basics.md | 232 +++++ Guides/Arch/06Office.md | 54 ++ Guides/Arch/07Gaming.md | 277 ++++++ Guides/Arch/08Emulation.md | 122 +++ Guides/Arch/09Hardware.md | 126 +++ Guides/Arch/10Maintenance.md | 34 + Guides/Docker/00Intro.md | 25 + Guides/Docker/01Nginx.md | 145 +++ Guides/Docker/02Mariadb.md | 280 ++++++ Guides/Docker/03Postgres.md | 43 + Guides/Docker/04Nextcloud.md | 336 +++++++ Guides/Docker/05Smarthome.md | 18 + Guides/Docker/06Media.md | 159 ++++ Guides/Docker/07Pirate.md | 33 + Guides/Docker/08Matrix.md | 318 +++++++ Guides/Docker/09Mumble.md | 75 ++ Guides/Docker/10Proxies.md | 15 + Guides/Docker/11Gitea.md | 12 + Guides/Docker/12Wiki.md | 12 + Guides/Docker/13Monitoring.md | 24 + Guides/Docker/14Mail.md | 1664 +++++++++++++++++++++++++++++++++ Guides/Docker/15DNS.md | 21 + home.md | 13 + 33 files changed, 7674 insertions(+) create mode 100644 Cheatsheets/color.md create mode 100644 Guides/Arch/00Intro.md create mode 100644 Guides/Arch/01Base.md create mode 100644 Guides/Arch/02AIptables.html create mode 100644 Guides/Arch/02AIptables.md create mode 100644 Guides/Arch/02GNOME.md create mode 100644 Guides/Arch/02KDE.md create mode 100644 Guides/Arch/02Server.md create mode 100644 Guides/Arch/03Terminal.md create mode 100644 Guides/Arch/04Programming.md create mode 100644 Guides/Arch/05Basics.md create mode 100644 Guides/Arch/06Office.md create mode 100644 Guides/Arch/07Gaming.md create mode 100644 Guides/Arch/08Emulation.md create mode 100644 Guides/Arch/09Hardware.md create mode 100644 Guides/Arch/10Maintenance.md create mode 100644 Guides/Docker/00Intro.md create mode 100644 Guides/Docker/01Nginx.md create mode 100644 Guides/Docker/02Mariadb.md create mode 100644 Guides/Docker/03Postgres.md create mode 100644 Guides/Docker/04Nextcloud.md create mode 100644 Guides/Docker/05Smarthome.md create mode 100644 Guides/Docker/06Media.md create mode 100644 Guides/Docker/07Pirate.md create mode 100644 Guides/Docker/08Matrix.md create mode 100644 Guides/Docker/09Mumble.md create mode 100644 Guides/Docker/10Proxies.md create mode 100644 Guides/Docker/11Gitea.md create mode 100644 Guides/Docker/12Wiki.md create mode 100644 Guides/Docker/13Monitoring.md create mode 100644 Guides/Docker/14Mail.md create mode 100644 Guides/Docker/15DNS.md create mode 100644 home.md diff --git a/Cheatsheets/color.md b/Cheatsheets/color.md new file mode 100644 index 0000000..c191816 --- /dev/null +++ b/Cheatsheets/color.md @@ -0,0 +1,116 @@ +--- +title: color +description: +published: true +date: 2023-04-28T02:38:18.678Z +tags: +editor: markdown +dateCreated: 2023-04-28T02:22:37.379Z +--- + +# Style and Colors in the terminal +who doesn't love Style and Colors? + +--- +## Style is a mixed bag in terms of support +Some things are rarely supported, but it won't hurt. +| Number | Style | Code | Disable | Support | +| ------ | ----- | ---- | ------- | ------- | +| 0 | Reset | "\e[0m" | | All | +| 1 | Bold | "\e[1m" | "\e[22m" | All | +| 2 | thin | "\e[2m" | "\e[22m" | Most | +| 3 | Cursive | "\e[3m" | "\e[23m" | Most | +| 4 | Underline | "\e[4m" | "\e[24m" | Most | +| 5 | Blinking Slow | "\e[5m" | "\e[25m" | Most | +| 6 | Blinking Fast | "\e[6m" | "\e[25m" | Some | +| 7 | Inverted Color | "\e[7m" | "\e[27m" | All | +| 8 | Conceal | "\e[8m" | "\e[28m" | Some | +| 9 | Striketrough | "\e[9m" | "\e[29m" | Most | +| 11-20 | Other Fonts | "\e[11-20m" | "\e[10m" | Most | +| 21 | Double Underline | "\e[21m" | "\e[24m" | Some | +| 26 | No Monospace | "\e[26m" | "\e[50m" | Some | +| 51 | Framed | "\e[51m" | "\e[54m" | Some | +| 52 | Circled | "\e[52m" | "\e[54m" | Some | +| 53 | Overline | "\e[53m" | "\e[55m" | Some | + +--- +## The 8 colors supported by all modern terminal emulators +3 bit color, a bit strange but every bit was valueable back then +| Number | Color | Foreground | Background | +| ------ | ----- | ---------- | ---------- | +| 0 | Black | "\e[30m" | "\e[40m" | +| 1 | Red | "\e[31m" | "\e[41m" | +| 2 | Green | "\e[32m" | "\e[42m" | +| 3 | Yellow | "\e[33m" | "\e[43m" | +| 4 | Blue | "\e[34m" | "\e[44m" | +| 5 | Magenta | "\e[35m" | "\e[45m" | +| 6 | Cyan | "\e[36m" | "\e[46m" | +| 7 | White | "\e[37m" | "\e[47m" | +| 9 | Reset | "\e[39m" | "\e[49m" | + +--- +## Combinations are supported by all modern terminal emulators +In general try to do style first, then color +| Code | Description | +| ---- | ----------- | +| "\e[0;0m" | Reset All | +| "\e[1;3m" | Bold and Cursive | +| "\e[30;44m" | Black letters on Blue background | +| "\e[1;30;47m" | Bold Black letters on White background | +| "\e[45;32m" | Green letters on Magenta Background | +| "\e[1;3;4;5m" | Bold Cursive Underlined and Blinking slow | +| "\e[2;9;31;46m" | Thin Striketrough Style with Red letters on Cyan background | + +--- +## Bright Colors are supported by most modern terminal emulators +4 bit color, With a added brighter variant of the 8 default colors +| Number | Color | Foreground | Background | +| ------ | ----- | ---------- | ---------- | +| 0 | Black | "\e[90m" | "\e[100m" | +| 1 | Red | "\e[91m" | "\e[101m" | +| 2 | Green | "\e[92m" | "\e[102m" | +| 3 | Yellow | "\e[93m" | "\e[103m" | +| 4 | Blue | "\e[94m" | "\e[104m" | +| 5 | Magenta | "\e[95m" | "\e[105m" | +| 6 | Cyan | "\e[96m" | "\e[106m" | +| 7 | White | "\e[97m" | "\e[107m" | +| 9 | Reset | "\e[39m" | "\e[49m" | + +--- +## 256 Colors are supported by most modern terminal emulators +8 bit color this is the most common among terminal emulators +0 to 15 are the 8 standard and 8 bright colors +16 to 231 are the extra colors +232 to 255 are some extra grayscale options +| Number | Foreground | Background | Underline | +| ------ | ---------- | ---------- | --------- | +| 0 | "\e[38;5;0m" | "\e[48;5;0m" | "\e[58;5;0m" | +| 1 | "\e[38;5;1m" | "\e[48;5;1m" | "\e[58;5;1m" | +| 2 | "\e[38;5;2m" | "\e[48;5;2m" | "\e[58;5;2m" | +| 3 | "\e[38;5;3m" | "\e[48;5;3m" | "\e[58;5;3m" | +| ... | "\e[38;5;...m" | "\e[48;5;...m" | "\e[58;5;...m" | +| 255 | "\e[38;5;255m" | "\e[48;5;255m" | "\e[58;5;255m" | +| Reset | "\e[39m" | "\e[49m" | "\e[59m" | + + +#### You can print all of the 256 colors using the following command + print "Basic 16 colors are part of the 256 colors"; for i in {0..15}; do print -Pn "%K{$i} %k%F{$i}${(l:3::0:)i}%f " ${${(M)$(($((i+1))%8))#0}:+"\n"}; done; print "The Extra Colors in 256 colors"; for i in {16..231}; do print -Pn "%K{$i} %k%F{$i}${(l:3::0:)i}%f " ${${(M)$(($((i-3))%12))#0}:+"\n"}; done; print "The Grayscale options in 256 colors"; for i in {232..255}; do print -Pn "%K{$i} %k%F{$i}${(l:3::0:)i}%f " ${${(M)$(($((i-3))%6))#0}:+"\n"}; done + +--- +## True Color is supported by some modern terminal emulators +24 bit color which is all the color we need for our puny little human eyes +You can replace any of the RGB values you want with your own custom colors +| Color | Foreground | Background | Underline | +| ----- | ---------- | ---------- | --------- | +| Black | "\e[38;2;0;0;0m" | "\e[48;2;0;0;0m" | "\e[58;2;0;0;0m" | +| Red | "\e[38;2;255;0;0m" | "\e[48;2;255;0;0m" | "\e[58;2;255;0;0m" | +| Green | "\e[38;2;0;255;0m" | "\e[48;2;0;255;0m" | "\e[58;2;0;255;0m" | +| Yellow | "\e[38;2;255;255;0m" | "\e[48;2;255;255;0m" | "\e[58;2;255;255;0m" | +| Blue | "\e[38;2;0;0;255m" | "\e[48;2;0;0;255m" | "\e[58;2;0;0;255m" | +| Magenta | "\e[38;2;255;0;255m" | "\e[48;2;255;0;255m" | "\e[58;2;255;0;255m" | +| Cyan | "\e[38;2;0;255;255m" | "\e[48;2;0;255;255m" | "\e[58;2;0;255;255m" | +| White | "\e[38;2;255;255;255m" | "\e[48;2;255;255;255m" | "\e[58;2;255;255;255m" | +| RGB | "\e[38;2;R;G;Bm" | "\e[48;2;R;G;Bm" | "\e[58;2;R;G;Bm" | +| Reset | "\e[39m" | "\e[49m" | "\e[59m" | + +--- diff --git a/Guides/Arch/00Intro.md b/Guides/Arch/00Intro.md new file mode 100644 index 0000000..bf1b031 --- /dev/null +++ b/Guides/Arch/00Intro.md @@ -0,0 +1,126 @@ +--- +title: 00 Introduction +description: Start Here +published: true +date: 2023-04-28T19:51:11.756Z +tags: +editor: markdown +dateCreated: 2023-04-28T05:31:54.093Z +--- + +# Introduction +This guide will set you up with a fresh Arch Linux installation, And if you want a Server, Clean installation or Complete general purpose installation with most of the applications you will ever need, And a graphical package manager in the case you need even more. + +But before we can go there you need to understand a few things. + +# Basic Instructions +Understand a command before you execute it, Executing code you don't understand is the best way to break your machine, let your machine get raped, get scammed, or end up in prison. So understand every letter of a command before you execute it. + +Be sure to read everything, On this page but also the output of the terminal. Not only because you need to know what you are doing, but also because there are a lot of parameters that need to be changed. + +No response means everything went well, If you get an error back make sure you typed the command correctly + +# Basic Commands +Troughout the guide we will use several basic commands, The guide assumes you know what they do, And I do not allow you to run a command you do not understand. + +`pwd` print working directory +If you type `pwd` in a terminal and press enter it will show in which directory you are at the moment. + +`ls` list +it will display all contents of the current directory. I would recommend using this with the options -a and -l `ls -la` would list all files including hidden files in a list with some handy details. + +`mkdir` make directory +creates a directory. `mkdir bla` would create a folder called bla in the current directory + +`cd` change directory +change to a different directory. `cd bla` would move you to the folder bla in the current directory. + +`touch` touch +it will create a file and update the time if it already exists. `touch bla` would create an empty file called bla + +`cp` copy +it will copy a file `cp file1 file2` would copy file1 to file2, `cp -r folder1 ../folder2` would copy folder 1 to folder2 next to this directory. + +`mv` move +move does the same as copy, only it will move the file or folder and not leave a duplicate, This command is also used to rename files and folders using `mv file1 file2` will rename file1 into file2. + +`ln` link +link is used to create links between files, kind of like "Shortcuts" on Windows. we create links like this `ln -sf realfile linkfile` now linkfile will point to realfile and if you make changes to one both will be affected. + +`exit` exit +Kinda obvious, but here we exit the shell, if you open bash by typing `bash` pressing enter and then type `exit` and press enter you would be back in the terminal where you started. + +`reboot` reboot +Also very obvious, this one reboots your machine, just type `reboot` and press enter + +`chmod` change mode +With this you can change the permissions on a file or folder like so `chmod +x file` it would make file executable for everyone, you can do + and - to add and remove permissions, r is read, w is write and x is execute. You can also use numbers like so `chmod 755 file` it would give all permissions to the owner, but only read and execute for the group and others. 4 is read, 2 is write, 1 is execute, you can add them to give multiple rights, so 4 would be read, 6 would be read and write, 7 would be all rights. `chmod 421 file` would make the file readable for only the owner, writeable for only the group, and executable only for others. + +`chown` change owner +This changes the owner of a file, a file has a owner, and a file belongs to a group, you can set both like so `chown owner:group file` file will now be owned by owner and belong to the group group. + +`echo` echo +echo simply repeats whatever argument you give it `echo Hello` would print back "Hello" + +`sudo` super user do +sudo allows you to execute commands as a different user it is mostly used for executing something as the root user `sudo bash` would open a new terminal as the root user. It is not recommended to use your system as the root user, therefore sudo was invented, just use sudo if you need to do something as root. But again, know what you execute. + +There are lots and lots more, but these are all you need to know for this guide. + +# Basic Syntax +` ` space +The space is a seperator, it seperates commands from the options and the options from the arguments, different forms of whitespace can be used + +`/` forward slash +this means next folder if you lead with it you will get an absolute path `/home/user/file` is an absolute path. `./file` or `file` is a relative path, it will expect file in the current directory + +`.` period +Current directory, you can use it as an argument for many commands it is most often used to execute something in or on the current directory like `./executable` or `chown user .` + +`..` double period +Upper Directory, probably most often used for `cd` like so `cd ../..` to go up 2 directories you can also use it to execute a file in a relative directory like so `../folder/executable` + +`\` backslash +Escape character, is used for lots of things, but we only use it for when we want to use a character that has a special meaning, for example space, if we want open a file with vim called "A B C" we would run this command `vim A\ B\ C` + +`>` Is Greater Than +overwrite file, when you see this character in a command it is redirecting the output, for the scope of this guide we will use it to redirect output to a file but appending a file behind it, like so `echo Hello > file` will overwrite the content of file with Hello. + +`>>` Double Is Greater Than +add to end of file, it does the same as the Greater Than above, but this one doesn't overwrite but adds the output on a new line in the file. + +`*` Asterisk +wildcard, expands to everything you can use it to open all files in the current directory using `vim *` only open .c files with `vim *.c` or open all files in every folder `vim */*` ofcourse this also works with absolute paths. + +There are lots and lots more, but this is all the syntax you need to know for this guide + +# Vim Basics +Vim is this amazing text editor, it is without a doubt the best text editor in existance, you can do more with it than you will ever be able to remember. all in such a nice small extendable package. Yes emacs can do more, But we just want a text editor, not play tetris and browse the web :P + +One important thing to know about vim is that it uses different modes, and in the "normal" mode you can't insert characters normally. There are 3 modes in vim; Normal, Insert and Visual. + +Normal mode is the default mode in Vim, you can always go back to it from other modes by pressing `esc` on your keyboard. In Normal mode you can look at the file, execute commands that start with `:` search for something by pressing `/` and much much more. + +Insert mode is where we edit the file as if it was a normal text editor, you can press `i` to go into it after the cursor, there are different ways to get into it, but they are out of scope for this guide. + +Visual mode is not relevant for this guide, but you can use it, if you press `v` from normal mode you go into visual mode to select text, `d` to cut and `y` to copy. You can also select whole lines with `shift + v` and select a block with `ctrl + v` + +The last thing you need to know are commands, with these commands you can save a file, quit vim, or manipulate the text in ways you can't imagine, listing all commands and explaining it alone would make this guide much larger than it is now, so just a few relevant ones. + +go to the end of the line by pressing `$` +go to the beginning with `0` +go to the end of file with `G` +go back to the beginning with `g` +go to line 34 with `34gg` +paste content with `p` +cut a line with `dd` +to save a file type `:w` and press enter +to quit vim type `:q` and press enter +to force an action like `q` and `w` add `!` to your command like this `:q!` or `:w!` +You can also combine actions like so `:wq!` +to execute a terminal command type `:! command` and press enter + +# Next +Congratulations, You already know more about Linux and Vim than the average person + +Next up is the actual installation you can simply click on "01 Base" on the left side \ No newline at end of file diff --git a/Guides/Arch/01Base.md b/Guides/Arch/01Base.md new file mode 100644 index 0000000..136760c --- /dev/null +++ b/Guides/Arch/01Base.md @@ -0,0 +1,595 @@ +--- +title: 01 Base +description: +published: true +date: 2024-02-23T15:26:55.562Z +tags: +editor: markdown +dateCreated: 2023-04-28T05:21:30.128Z +--- + +# Creating the Bootable USB + +First we need to download the latest version of the Arch installation media + +Open a webbrowser and go to https://www.archlinux.org/download/ + +Here you can download the latest image, I recommend using the Torrent or Magnet link, But if you don't have a torrent client you can scroll down for HTTP downloads. + +Wait for the download to finish. + +Next we need to burn the ISO file to an empty USB + +If you are already on Linux you probably know how to flash an image to USB, if not try to right click the .ISO file and open with image writer, Just select the right drive and click write/flash/revert + +If you are on Windows I recommend downloading Etcher + +https://www.balena.io/etcher/ + +Just download the portable version or install the normal version and open the program + +Select the .ISO file as the image, The USB as the drive and click flash + +After it is finished you should have a bootable Arch USB. + +# Booting the USB + +Next we need to boot the USB drive, We need to get in the BIOS for that. + +Turn off the device and put the USB in the device and keep pressing f2/Del/etc while turning it on to get into your BIOS, Most of the times you will get a screen where it tells you which button you need to press to enter the BIOS + +When you are in the BIOS Navigate to the boot screen and make sure the USB is on top. In most cases you can change their priority with F5/F6 or +/-. + +Press F10, select yes and press enter to save the settings and reboot, + +Now you just have to wait untill you are logged in as the root user on the arch iso + +# Check your boot mode + +Run the following command to see if you are running in UEFI mode + + ls /sys/firmware/efi/efivars + +If it shows you a bunch of filenames you are in UEFI mode. + +If you get an error you are in BIOS mode. If you are sure your system has UEFI disable legacy boot mode or force UEFI in the BIOS. If you can not get the USB to boot into UEFI you can use the legacy mode. + +Remember which boot mode you use, It will be important later on. + +# Set your Keyboard Layout for the installation +If you use US International as your keyboard layout you can skip this step. + +To list all available keyboard layouts run + + localectl list-keymaps + +navigate with the arrow keys to choose the right keyboard layout for your keyboard when you made your choice press q to quit and run the following command with your keyboard layout + + loadkeys layout + +for Turkey layout would be replaced with trq for German it would be replaced with de-latin1 + +If you have set a custom layout remember which layout you set, It will be important later on. + +# Make sure you have a network connection +If you are wired you can skip the WiFi step But test the connection either way. + +If you use Wifi or have no option to connect a cable run the following command + + iwctl + +You should spawn in an alternative prompt, run the following command to check for devices + + device list + +Remember the name of the device and use it in the following command to let it scan for networks + + station wlan0 scan + +Then run the following command to display the scan results + + station wlan0 get-networks + +And finally you should be able to connect using the Device name and the Network Name (SSID) + + station wlan0 connect SSID + +Simply enter the password of your wifi if it asks for it. + +then exit the alternative prompt with the following command + + exit + + +run the following command to test your network connection. + + ping archlinux.org + +If you get a ping back hit CTRL + C and go to the next step + +It your network device is powered down it is probably soft blocked, in that case run the following command + + rfkill unblock all + +# Make sure the time is set correctly +Not having the right time will prevent your system from installing anything so run the following command + + timedatectl set-ntp true + +Check which disk you want to install Arch on +Run the following command to list all connected drives + + fdisk -l + +Check which disk you want to install on, **/dev/sda** or **/dev/nvme0n1** for example, I am going to use **/dev/nvme0n1** from this point on, Remember or write down the drive you want to install on and always replace **/dev/nvme0n1** with the right drive. + +# Partitioning the disk (UEFI) +**Only do this part if you are in UEFI boot mode.** + +Start fdisk with the drive of your choice. + + fdisk /dev/nvme0n1 + +Now we are in fdisk, you can press m for help in the program, But if you do exactly as below everything should be alright + +#### Disk Options +1. Hit d and then enter untill there are no more partitions left. +2. Hit g Then press enter, This will make it a gpt disk + +#### Boot Partition +1. Press n and then enter to make our first partition +2. press 2 and press enter to give it partition number 2 +3. just press enter to put it in the beginning of the disk +4. type +2G to give it 2GB for the boot partition and press enter +5. press t and press enter to set the type +6. skip this step if 2 is preselected otherwise, press 2 and press enter to select the second partition +7. type 1 and hit enter this will make the second partition an EFI partition. + +#### Swap Partition +1. press n and press enter to create our swap partition +2. press 3 and press enter to give it partition number 3 +3. press enter again to put it next to the previous partition +4. type +8G to give it 8GB swap, +If you have less ram I would recommend making it equal to your ram, So +4G if you have 4GB Ram. +5. press t and press enter to set the type +6. press 3 and press enter to select the third partition +7. type 19 and hit enter this will make the third partition a Swap partition. + +#### Root Partition +1. press n to create our final root partition +2. press 1 and press enter to give it partition number 1 +3. press enter again to put it next to the previous partition +4. press enter again to give it the remaining space on the disk. +5. press t and press enter to set the type +6. press 1 and press enter to select the first partition +7. type 20 and press enter this will make the first partition a Linux filesystem. + +#### Apply changes +1. Finally hit w and press enter to write all changes to disk + +# Partitioning the disk (BIOS) +**Only do this part if you are in BIOS boot mode.** + +Start fdisk with the drive of your choice. + + fdisk /dev/nvme0n1 + +Now we are in fdisk, you can press m for help in the program, But if you do exactly as below everything should be alright + +#### Disk Options +1. Hit d and then enter untill there are no more partitions left. +2. Hit o Then press enter, This will make it a mbr disk + +#### Boot Partition +1. Press n and then enter to make our first partition +2. press p and press enter to make it a primary partition +3. press 2 and press enter to give it partition number 2 +4. just press enter to put it in the beginning of the disk +5. type +2G to give it 2GB for the boot partition +6. press t and press enter to set the type +7. press 2 and press enter to select the second partition +8. type 83 and hit enter this will make the second partition an EFI partition. + +#### Swap Partition +1. press n and press enter to create our swap partition +2. press p and press enter to make it a primary partition +3. press 3 and press enter to give it partition number 3 +4. press enter again to put it next to the previous partition +5. type +8G to give it 8GB swap, +If you have less ram I would recommend making it equal to your ram, So +4G if you have 4GB Ram. +6. press t and press enter to set the type +7. press 3 and press enter to select the third partition +8. type a and hit enter this will make the third partition a Swap partition. + +#### Root Partition +1. press n to create our final root partition +2. press p and press enter to make it a primary partition +3. press 1 and press enter to give it partition number 1 +4. press enter again to put it next to the previous partition +5. press enter again to give it the remaining space on the disk. +6. press t and press enter to set the type +7. press 1 and press enter to select the first partition +8. type 82 and press enter this will make the first partition a Linux filesystem. + +#### Apply changes +1. Finally hit w and press enter to write all changes to disk + +# Format Partitions +Now we have set the partitions and the labels now we are going to format them all + +Be sure that you replace /dev/nvme0n1p# with the correct drive and partition If if is /dev/sda be sure to include the partition number /dev/sda1, /dev/sda2 and /dev/sda3. For the /dev/nvme0n1 you need to add a p and then the partition number so /dev/nvme0n1p1, /dev/nvme0n1p2 and /dev/nvme0n1p3 + +First we need to give the root partition a filesystem You can opt for btrfs, f2fs or ext4. + +btrfs is a newer filesystem with a lot of very cool features, It is not great for databases tho, so if you plan to go for a server it is not the best choice if your database is going to be on your root partition. I have not tested this one with encryption. But let me know how it goes :) + +f2fs is made with SSDs in mind, it might be the best choice for SSDs. Also not tested this one with encryption, But let me know how it goes :) + +ext4 is very stable and thourogly tested, you can't really go wrong with this one. + +So pick a single one of the following options + + mkfs.btrfs /dev/nvme0n1p1 + mkfs.f2fs /dev/nvme0n1p1 + mkfs.ext4 /dev/nvme0n1p1 + +Then we make the boot partition fat 32 + + mkfs.fat -F32 /dev/nvme0n1p2 + +Make partition 3 swap + + mkswap /dev/nvme0n1p3 + +Then enable swap on partition 3 + + swapon /dev/nvme0n1p3 + +# Full Disk Encryption (Optional) +Encryption is completely optional, If you don't want it, just skip this step completely. + +Many things can go wrong, and if you forget your password the data is lost, Nothing you can do to recover it. Use it at your own risk. + +I would recommend Encryption for Mobile devices that hold sensitive data, Laptops you take with you for example. + +I would not recommend Encryption for desktops, unless you are worried someone can get physical access. + +make the root partition an LUKS partition + + cryptsetup -y -v luksFormat /dev/nvme0n1p1 + +Mount the encrypted partition to cryptroot + + cryptsetup open /dev/nvme0n1p1 cryptroot + +Create a ext4 filesystem on the encrypted partition + + mkfs.ext4 /dev/mapper/cryptroot + +You can also encrypt swap if you want to + + swapoff /dev/nvme0n1p3 + + cryptsetup -y -v luksFormat /dev/nvme0n1p3 + + cryptsetup open /dev/nvme0n1p3 cryptswap + + mkswap /dev/mapper/cryptswap + + swapon /dev/mapper/cryptswap + +You can encrypt any partition you want, just don't encrypt the boot partition because this guide doesn't cover that, and it is pretty useless imho. + +# Mounting the partitions +now we are going to mount the 2 partitions and create the /boot directory + +Be sure that you replace /dev/nvme0n1p# with the correct drive and partition If it is /dev/sda be sure to include the partition number /dev/sda1 and /dev/sda2. If it is /dev/nvme0n1 you need to add a p and then the partition number so /dev/nvme0n1p1 and /dev/nvme0n1p2. + +mount the first partition to /mnt, if you use encryption you mount /dev/mapper/cryptroot here + + mount /dev/nvme0n1p1 /mnt + +create the /boot directory + + mkdir /mnt/boot + +mount the second partition to /mnt/boot + + mount /dev/nvme0n1p2 /mnt/boot + +# Install the base system +The following command will install the base system and a text editor we need later on. + + pacstrap /mnt base base-devel vim + +# Install a Kernel +You can stick to the normal kernel, but you have options + +For Desktop use I would recommend the zen kernel + +For A Server I would recommend the hardened kernel + +so install the kernel you want with one of the following commands + + pacstrap /mnt linux linux-headers + + pacstrap /mnt linux-zen linux-zen-headers + + pacstrap /mnt linux-hardened linux-hardened-headers + +# Generate the fstab file +Generating the fstab file will take all mounted partitions and add them to a file so they mount at boot so if you have any more drives you want to mount at boot mount it before you run the command. + +Run the following command + + genfstab -U /mnt > /mnt/etc/fstab + +# chroot into the new system +chroot is a tool to treat any directory as its root directory, In a way we "break" into the system from the live image, So we will switch from USB to your drive with the following command. + + arch-chroot /mnt + +# Set your timezone and time +If you are unsure about your timezone you can list all timezones with the following command. + + timedatectl list-timezones + +go up and down with the arrows look for your timezone and hit q to exit. + +Next we are going to change the timezone to the one you selected + + ln -sf /usr/share/zoneinfo/your/timezone /etc/localtime + +Replace your/timezone with your correct timezone Europe/Amsterdam for example + +Finally run hwclock to generate the time file + + hwclock --systohc + +# Generate the locale and set the language +run the following command and remove the # in front of en_US.UTF-8 UTF-8 and any other locales you need. + + vim /etc/locale.gen + +Hit esc then :wq and enter to save and exit + +Run the following command to generate the locales + + locale-gen + +Next we are going to set the language run the following command + + vim /etc/locale.conf + +The language you want your system to be should be in this file in this form, if you want it Dutch for example you change en_US.UTF-8 to nl_NL.UTF-8 + +``` +LANG=en_US.UTF-8 +``` + +Hit esc then :wq and enter to save and quit + +If you have not set a different keyboard layout in the earlier part "Set your keyboard layout for installation" you can skip the rest of the commands in this step. + +If you have set a different layout back in the earlier part "Set your keyboard layout for installation" run the following command + + vim /etc/vconsole.conf + +add the keyboard layout you set in the beginning. + +``` +KEYMAP=layout +``` + +layout should be trq for Turkish and de-latin1 for German + +Hit esc then :wq and enter to save and quit + +# Set the hostname and hosts file +Next we are going to set the hostname, This is the name of your device in the local network. + + vim /etc/hostname + +enter a good name for your device without any capital letters or spaces. You can just call it laptop or personal-computer + +``` +coolcomputername +``` + +Hit esc then :wq and enter to save and quit + +Now we have to create a file, run + + vim /etc/hosts + +Type exactly whats below replacing yourdevicename with the name you just gave your device in /etc/hostname + +You can use the tab key for the spaces to make it lign up properly + +``` +127.0.0.1 localhost +::1 localhost +127.0.1.1 yourdevicename.localdomain yourdevicename +``` + +Hit esc then :wq and enter to save and quit + +# Set the root password +now we have to set a root password + +The root user is like the superuser or administrator account, You will need this password to update your system or change anything outside your personal home folder. + +run the following command then type your new password, hit enter, then again to confirm. + + passwd + +# Configure Pacman +Pacman is the PACkage MANager of Arch Linux, It is great, but we can make it even better :) + +First we are going to open the pacman.conf file to make some adjustments + + vim /etc/pacman.conf + +Under Misc Options uncomment UseSysLog, Color and Parallel Downloads You can also up the number. And add ILoveCandy to get the other Pacman to appear too :) + +``` +# Misc options +UseSyslog +Color +#NoProgressBar +CheckSpace +#VerbosePkgLists +ParallelDownloads = 16 +ILoveCandy +``` + +Also add base and grub after HoldPkg + +``` +HoldPkg = pacman glibc base grub +``` + +Hit esc then :wq and enter to save and quit + +Next up are the mirrors, The defaults are okay and this takes a while, but for faster speeds I would seriously recommend this step. So go ahead and install reflector + + pacman -S reflector + +then just run reflector with the following command + + reflector --latest 200 --protocol https --sort rate --save /etc/pacman.d/mirrorlist + +You will see a bunch of errors but that is normal, just let it run and wait untill the prompt shows up again. + +# Install Microcode (Optional) PROPRIETARY +Now we are going to install the microcode, this is PROPRIETARY but it will improve stability, choose the right one for your CPU, you can install none if you are in doubt or don't want any non free software on your machine. + +AMD + + pacman -S amd-ucode + +Intel + + pacman -S intel-ucode + +# install and configure grub +grub stands for GRand Unified Bootloader just so you know. +Now we are going to install grub, only do UEFI or BIOS depending on your system + +UEFI + + pacman -S grub efibootmgr + + grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=Arch + + grub-mkconfig -o /boot/grub/grub.cfg + +BIOS + + pacman -S grub + + grub-install --target=i386-pc /dev/nvme0n1 + + grub-mkconfig -o /boot/grub/grub.cfg + +# Full Disk Encryption (Optional) +if you did the first Encryption part you can NOT skip this step + +If you did not go for disk encryption after formatting the disks you MUST skip this step + +First we need to get the UUID of the root partition of /dev/nvme0n1p1 in this case and remember it + + blkid + +We need to include it in the grub config so open the grub file + + vim /etc/default/grub + +Look for the following GRUB_CMDLINE_LINUX_DEFAULT somewhere at the top + +``` +GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet" +``` + +Adjust it so the line looks like this remember that you have to replace UUID with the correct UUID. + +``` +GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet rd.luks.name=UUID=root root=/dev/mapper/root" +``` + +Now let grub generate a new config file + + grub-mkconfig -o /boot/grub/grub.cfg + +Open the mkinitcpio.conf file + + vim /etc/mkinitcpio.conf + +Look for the following HOOKS line, it should be somewhere at the bottom + +``` +HOOKS=(base udev autodetect modconf block filesystems fsck) +``` + +Make it look like this (order is important) + +``` +HOOKS=(base systemd autodetect keyboard modconf block sd-encrypt filesystems fsck) +``` + +finally run the following command to generate the new image + + mkinitcpio -p linux + +# Creating the user +Now it is time to create a user account, This is where you log into, It can do almost everything except install software or change things outside of your personal folder. + +you need to remember your username and you can not have capital letters in your username + + useradd -m yourusername + +Set a password for the user, You will log into the device with this password, You can make it the same as the root account. + + passwd yourusername + +enter a new password and press enter twice + +# install and configure sudo +Sudo allows you to do root stuff while logged in as a user, It will probably become your most used command so install it. + + pacman -S sudo + +Now we need to add your username to the sudoers file, run the following command + + vim /etc/sudoers + +Look for the lines under User Privilege Specification There should be a line root ALL=(ALL) ALL Add your username in the exact same manner one line below it so that part looks like this. + +``` +root ALL=(ALL:ALL) ALL +yourusername ALL=(ALL:ALL) ALL +``` + +You can also make your computer try to insult you if you enter a wrong password, Just add a line with the following content under the Defaults Specification + +``` +Defaults insults +``` + +Hit esc then :wq and Enter to save and quit + +# Reboot into your Installation +Now you can exit the chroot + + exit + +Reboot the system and remove the USB drive when the screen turns black + + reboot + +# Next +Next up depends on you, Do you want a desktop environment? or do you want a server? + +This guide expects you only to do one of the next steps, so choose between GNOME, KDE or Server. + +Installing GNOME and KDE and the Server all on one machine is possible, I wouldn't recommend it, but this guide doesn't expect that and several components will collide which might result in some unexpected behavior. diff --git a/Guides/Arch/02AIptables.html b/Guides/Arch/02AIptables.html new file mode 100644 index 0000000..afe0708 --- /dev/null +++ b/Guides/Arch/02AIptables.html @@ -0,0 +1,11 @@ + + +

iptables

diff --git a/Guides/Arch/02AIptables.md b/Guides/Arch/02AIptables.md new file mode 100644 index 0000000..65fc761 --- /dev/null +++ b/Guides/Arch/02AIptables.md @@ -0,0 +1,68 @@ +--- +title: 02 Server Iptables +description: a little bigger note on iptables +published: true +date: 2024-03-27T18:07:56.613Z +tags: +editor: markdown +dateCreated: 2024-03-21T11:45:00.336Z +--- + +# iptables + +As you know most likeley files, commands, information etc. are being transmitted not in one go but in packets. The arrival of packets at your server and the transmission of packets from your server is regulated via the program iptables. + +I use the box in a box metaphore for a mental picture. A packet is a box in a box in a box.... max 7 times. Like a babooshka doll from Russia, another metaphore describing packets. Every box has an address label with extra information. + +The iptables software reads the labels of the two outer boxes. Based on this info the software desides where the packet needs to go and if it is allowed to. In order for the iptable software to work it needs instructions on how to make descisions. These instructions are written in lists (tables). + +Packets are checked following a set of standard routes (a sequence of tables). Three tables are the most important for us now. Input, Forward and Output. + +We are not discussing the layering of packets in all possibilities nor are we discussing the innerworks of the software called iptables. What we discuss is a basic understanding on what happens and what we can do with the iptables. + +## Input, Forward tables +When a packet arrives at your server iptables checks if the destination is the local machine or somewhere else. In our case the somewhere else is docker as docker creates and runs virtual machines etc. +When the packet destination is the local machine the rules of the Input list are checked from top to bottem. +When the destination is docker, the packet is checked against the rules in the Forward table. +It is either Input or Forward not both. You can however tell iptables to do so if you want. + +## Output table +The output table tells iptables what to do with packets which are being sent from your computer. I you have bo rules in that table and the standard policy is drop, nothing will be send out. +For the input and forward tables it works the same. nor rules and a standard policy of drop and nothing cmoes in. + +## Warning +Do not make the mistake that I made! blocking all incomming packets before adding rules accepting my ssh connection on my local machine. ssh will drop and you can only get into your machine with an attached screen, keyboard and mouse. + +check if you have iptables installed + `sudo iptables` +if not install iptables + `sudo pacman -S iptables` +check the iptables + `sudo iptables -L -v -n --line-numbers ` +check the service status / start / stop and enable + `sudo systemctl status iptables ` + `sudo systemctl start iptables ` + `sudo systemctl stop iptables ` + `sudo systemctl enable iptables ` +where is the file located with all the rules? + `/etc/iptables/iptables.rules` +How to save your new rules! + `sudo iptables-save -f /etc/iptables/iptables.rules` + +how to change iptables +You can use a UI interface program (not described here), the terminal (the way to go) or editing the file itself (not a fan). + +add a rule +`sudo iptables -A INPUT -i lo -j ACCEPT` +`sudo iptables -A INPUT -p tcp -i eno1 -s 192.168.1.10 -d 192.168.2.10 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT ` +`sudo iptables -P INPUT DROP` +delete a rule +update a rule + +https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands + +https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules + +https://wiki.archlinux.org/title/Iptables#Editing_rules + + diff --git a/Guides/Arch/02GNOME.md b/Guides/Arch/02GNOME.md new file mode 100644 index 0000000..5bb72d8 --- /dev/null +++ b/Guides/Arch/02GNOME.md @@ -0,0 +1,325 @@ +--- +title: 02 GNOME +description: The GNOME Desktop Environment +published: true +date: 2023-04-30T01:23:34.912Z +tags: +editor: markdown +dateCreated: 2023-04-28T07:54:54.911Z +--- + +# Getting back in with the installation USB +First we have to get back into the installation medium to install the network components and the Desktop Environment. + +You just start from USB again, Check your network, Mount the needed drives and chroot into the system + +You might think, Why did I make you go trough this trouble? + +Well, This routine should be common knowledge for Arch users, If you ever break your system, you now know how to get back into it and hopefully fix your system. + +So once again so you don't have to go back to the previous guide. + + ping archlinux.org + +OK? Ctrl + C and mount the root partition (if encrypted run cryptroot open PARTITION cryptroot first and replace the directory with /dev/mapper/cryptroot + + mount /dev/nvme0n1p1 /mnt + +Don't forget the boot partition + + mount /dev/nvme0n1p1 /mnt + +And finally chroot into the system so you can change whatever you need to change + + arch-chroot /mnt + +You should be root inside your installed system + +# Installing GNOME +First we are going to install bare GNOME with networkmanager and a terminal, because we won't get anywhere without it :P + + pacman -S gnome-desktop gdm gnome-control-center gnome-keyring gnome-themes-extra networkmanager alacritty + +just wait for everything to install, This can take a while depending on your network connection. + +Now we need to enable the needed services for loading the Desktop Manager and Network connections + + systemctl enable gdm + + systemctl enable NetworkManager + +# Reboot into Desktop Environment +Run the following command to escape from the chroot + + exit + +Run the following command to restart + + reboot + +Remove the USB when your screen turns black and it should boot into gdm, here you can enter your password and this should bring you into GNOME, Be sure to test your network connection. + +If you use wifi, but you can't see the card, go back in with the USB again and install linux-firmware. + +# Installing basic GNOME programs (Optional) +All of these are optional, and if you plan to use another program for it then don't install it, If you are unsure I would recommend installing them all. + +Who doesn't need a calculator? + + pacman -S gnome-calculator + +Do you want to browse files in a graphical environment? + + pacman -S nautilus + +Want to see system usage, show or quit running applications? + + pacman -S gnome-system-monitor + +Do you ever download .zip .rar or other archives? + + pacman -S file-roller + +A nice and simple text editor? + + pacman -S gedit + +Something to view images? + + pacman -S eog + +something to view PDF files? + + pacman -S evince + +Ever need to see your installed fonts or install new ones? + + pacman -S gnome-font-viewer + +The default backgrounds? + + pacman -S gnome-backgrounds + +How about a Calendar? + + pacman -S gnome-calendar + +You have a top clock without this program, but it can be handy for world clocks, alarms, timers, etc. + + pacman -S gnome-clocks + +Do you need something for opening and editing contacts? + + pacman -S gnome-contacts + +A very detailed map of the world, powered by OpenStreetMaps + + pacman -S gnome-maps + +Something to view the weather? + + pacman -S gnome-weather + +# Installing a nice icon theme (Optional) +Clone the repository + + git clone https://aur.archlinux.org/numix-icon-theme-git.git + +Now change the directory to the just downloaded folder + + cd numix-icon-theme-git + +Now build and install the package + + makepkg -si + +Give it your password when it asks you for it and answer yes to every question. + +Clone the repository + + git clone https://aur.archlinux.org/numix-square-icon-theme.git + +Now change the directory to the just downloaded folder + + cd numix-square-icon-theme + +Now build and install the package + + makepkg -si + +Give it your password when it asks you for it and answer yes to every question. + +It will not change directly, We will do that in the next section. + +Ofcourse you can install any icon theme you want, I just like this GPL icon theme. + +# Gnome Extensions (Optional) +The Gnome desktop is missing some obvious functions by default. that's where extensions come in. + +To enable gnome extensions being installed from their website you need to install a package. + +Clone the repository + + git clone https://aur.archlinux.org/chrome-gnome-shell.git + +Now change the directory to the just downloaded folder + + cd chrome-gnome-shell + +Now build and install the package + + makepkg -si + +Give it your password when it asks you for it and answer yes to every question. + +Now open Firefox and go to https://addons.mozilla.org/en-US/firefox/addon/gnome-shell-integration/ + +Click on Add to Firefox, Then click Add on the popup that shows after the download. + +Now you can go to https://extensions.gnome.org/ and easily install any extension + +Just toggle the Off button to On and press Install when you get the prompt. + +Here are a few I really recommend + +#### Pacman Updates Indicator +This one is just a must have for Arch with Gnome, Just install it +https://extensions.gnome.org/extension/1010/archlinux-updates-indicator/ + +You will need run the following command for it to work properly + + sudo pacman -S pacman-contrib + +If you installed the GUI for pacman be sure to click it after installation then go to settings and change the commands for updating packages to pamac-manager --updates and the one for opening the package manager to pamac-manager + +#### AppIndicator Support +This extension adds tray icons to your top bar, It is a must if you use any application that uses tray icons. +https://extensions.gnome.org/extension/615/appindicator-support/ + +#### System Monitor +This extension will give you real time detailed information about your system in the top bar. my preferred settings are, Disable the Icon and Enable Display in the Middle. Then go trough each of the tabs, Disable Show Text for all, Hide Memory, Enable CPU, Net, Disk, GPU, Thermal and Fan, Display them all as graph except for the latter 2 make them text and be sure you select the right sensor. +https://extensions.gnome.org/extension/120/system-monitor/ + +You will need to run the following command for it to work properly + + sudo sensors-detect + +#### OpenWeather +This extension adds the current weather to your top bar with a forecast if you click on it. I think it is a nice extra. +https://extensions.gnome.org/extension/750/openweather/ + +#### Mpris Indicator Button +This extension will put your media player in the top bar, You can go to the next song by scrolling on the icon +https://extensions.gnome.org/extension/1379/mpris-indicator-button/ + +#### Clipboard Indicator +This extension will remember your copy history, I can not live without it +https://extensions.gnome.org/extension/779/clipboard-indicator/ + +#### Desktop From Overview +This Extension will enable you to click anywhere but on a window in the overview to minimize all windows at once. +https://extensions.gnome.org/extension/1499/show-desktop-from-overview/ + +#### Sound Input/Output Device Chooser +This extension enables you to switch audio in and outputs quickly within 2 clicks. +https://extensions.gnome.org/extension/906/sound-output-device-chooser/ + +#### Launch New Instance +This extension will always launch a new instance if you open a program through clicking on it in the menu or your favorites, It is very handy if you use multiple windows of the same application +https://extensions.gnome.org/extension/600/launch-new-instance/ + +You can install any more you like, Some might not work due to a version mismatch, but there are plenty available, Try not to overdo it, It can slow down your system. + +# Tweaking the DE (Optional) +## Gnome Settings +First we are going to look at the default gnome settings, Click the power button in the top right corner and then press the gear in the menu that appears. + +#### Network + +Under Network you can add your VPN if you use one of those. + +#### WiFi +If you use Wifi connect to the network of your choice, + +#### Bluetooth +If you have bluetooth you first need to run the following command + + sudo systemctl enable bluetooth + +You can now go ahead and add any bluetooth devices you use, + +#### Appearrance +Here you can set the theme to dark. + +#### Notifications +Under Notifications, Turn of Popups, and turn of Lock Screen Notifications + +#### Search +Under search only select the programs you want to search in when you search in the overview (The thing you get into when hitting the Windows key) You can also change the order by dragging and dropping. + +#### Online Accounts +Under Online accounts you can add your Nextcloud Account, I would not recommend using any of the other services + +#### Privacy +Under Privacy you can adjust some settings, But the default is fine. + +#### Sound +Under sound you can select the correct sound in and outputs + +#### Power +Under Power you can set some settings, I personally set Blank screen to 10 minutes disable the rest and set the power button to do nothing, If you use a laptop you might want to use different settings. + +#### Display +Under Display Set your preferred desktop resolution and the maximum available Refresh Rate, If you use Large resolutions you can scale all elements of the desktop. If you use any other resolution than the largest I recommend to copy your Gnome configuration to the GDM configuration to do that run the following command + + sudo cp .config/monitors.xml /var/lib/gdm/.config/ + +#### Mouse & Touchpad +you can set your mouse settings, If you use a mouse they are good already, If you use a touchpad disable natural scrolling and edge scrolling, Set the speed as high as you find comfortable and enable tap to click and two-finger scrolling. Now you can tap with 1 finger for a left click, 2 fingers for a right click and 3 fingers for a middle click, "swiping" with 2 fingers will let you scroll in all directions. + +#### Keyboard +Under Keyboard shortcuts set Toggle Full Screen Mode to Super + F (Windows Key) and any other keyboard shortcuts you want. You can also add custom ones. + +#### Printers +Under Printers you can add printers if you have set those up. + +#### Language +Under Language you can set the language you prefer, note that you first need to add them using the instructions in step 17 + +#### Date & Time +Click the unlock button to enter your password, turn on Automatic Date & Time and set your correct timezone, You can also set a 24/12H clock here. + +## Gnome Tweak Tool +Tweak tool allows you to set a bunch settings so install it. + + sudo pacman -S gnome-tweaks + +Now we are going to customize the Tweaks application, Open it, you can find it in your menu. + +#### General +Heere you can disable Suspend when laptop lid is closed, This only applies if you have a laptop, I prefer to keep the system on if I close the lid, If I want it to shut down I will do that manually. + +#### appearance +Select Adwaita-dark for Applications and set Icons to Numix-Square, Ofcourse you can download and set any theme you want. + +#### Extensions +Here you can adjust the settings for the extensions you have installed, but we already did that, You can always adjust more if you like. + +#### Fonts +Here you can change the fonts, I would not mess too much with this. + +#### Startup Applications +Here you can add guake and nextcloud if you have them installed. + +#### Top Bar +Just enable everything except for battery percentage if you don't have a battery. + +#### Window Titlebars +Same thing applies here, Enable the 2 extra buttons, Minimize and Maximize. + +The rest of the settings are fine by default. + +# Next +You can stop here, But you can also continue with any of the other options, if you want to maximize your gaming performance or want to get into programming you can click on the next guides of your choice. + +In any way you don't need to do the KDE guide now, You have GNOME as your Desktop Environment already, installing both is possible and you can easily switch but the guide expects you to only install one, so some things might collide if you follow both guides, like GDM and LDDM. diff --git a/Guides/Arch/02KDE.md b/Guides/Arch/02KDE.md new file mode 100644 index 0000000..046cb33 --- /dev/null +++ b/Guides/Arch/02KDE.md @@ -0,0 +1,94 @@ +--- +title: 02 KDE +description: The KDE Desktop Environment +published: true +date: 2023-04-30T02:13:34.300Z +tags: +editor: markdown +dateCreated: 2023-04-28T07:55:35.043Z +--- + +# Getting back in with the installation USB +First we have to get back into the installation medium to install the network components and the Desktop Environment. + +You just start from USB again, Check your network, Mount the needed drives and chroot into the system + +You might think, Why did I make you go trough this toruble? + +Well, This routine should be common knowledge for Arch users, If you ever break your system, you now know how to get back into it and hopefully fix your system. + +So once again so you don't have to go back to the previous guide. + + ping archlinux.org + +OK? Ctrl + C and mount the needed drives (Also mount boot if you need it) + + mount /dev/nvme0n1p1 /mnt + +And finally chroot into the system so you can change whatever you need to change + + arch-chroot /mnt + +You should be root inside your installed system + +# Installing KDE +simply run the command and let it run, + + pacman -S sddm plasma-desktop xorg networkmanager kde-applications plasma-wayland-session plasma-nm + +this one could take a while, but after it is done enable Networkmanager and sddm + + systemctl enable NetworkManager + + systemctl enable sddm + +# Set the SDDM keyboard layout +If you use the US keyboard layout you can skip this step. + +We need to do this before we restart because if you have any strange characters in your password it might be hard getting in. So we are going to edit the following file + + nano /usr/share/sddm/scripts/Xsetup + +Edit the file and add in the following line + + setxkbmap "dk, us" + +You can change the country codes here, the first one will be the default one selected. + +If you don't know which one you need you can list them all with the following command + + localectl list-keymaps + +We will change the keyboard layout in KDE later on after we are in the Desktop Environment + +# Reboot into Desktop Environment +Run the following command to escape from the chroot + + exit + +Run the following command to restart + + reboot + +Remove the USB when your screen turns black and it should boot into the sddm, here you can enter your password and this should bring you into KDE Plasma + +# KDE Tweaks +If you use a laptop, having some power management features can be very handy. + +Things like changing the screen brightness, advanced power management and settings for different states. + +Install powerdevil with the following command + + sudo pacman -S powerdevil + +Go to the settings, there should be an icon in the taskbar + +On the first page you can change the theme to Dark, Speed up the animation speed and select files by clicking them instead of opening them immediately. + +Also be sure to set the correct timezone, you can also right click on your taskbar and then adjust every little thing on there to your liking. I would recommend adjusting the digital clock to ddd d MMM and include the second for example. + +If you have a different keyboard layout than US you need to adjust it here too. + +under input devices and click on the layouts tab here, Check the configure layouts checkbox and add all the keyboard layouts you need, After a reboot you will be able to switch easily by just clicking on the layout in the taskbar. + +After a reboot it should all work just fine diff --git a/Guides/Arch/02Server.md b/Guides/Arch/02Server.md new file mode 100644 index 0000000..9aa618c --- /dev/null +++ b/Guides/Arch/02Server.md @@ -0,0 +1,1069 @@ +--- +title: 02 Server +description: +published: true +date: 2024-11-24T11:38:12.406Z +tags: +editor: markdown +dateCreated: 2023-04-28T08:02:53.316Z +--- + +# Getting back in with the installation USB +First we have to get back into the installation medium to install the network components + +You just start from USB again, Check your network, Mount the needed drives and chroot into the system + +You might think, Why did I make you go trough this trouble? + +Well, This routine should be common knowledge for Arch users, If you ever break your system, you now know how to get back into it and hopefully fix your system. + +So once again so you don't have to go back to the previous guide. + + ping archlinux.org + +OK? Ctrl + C + +mount the needed drives + + mount /dev/nvme0n1p1 /mnt + +Also mount boot if you need it, mount the second partition to /mnt/boot + + mount /dev/nvme0n1p2 /mnt/boot + + +And finally chroot into the system so you can change whatever you need to change + + arch-chroot /mnt + +You should be root inside your installed system + +# Installing DHCP +For network capabilities we need a DHCP client so install it + + pacman -S dhcpcd + +That's it + +# Reboot into your Installation +Run the following command to escape from the chroot + + exit + +Run the following command to restart + + reboot + +Remove the USB when your screen turns black and it should boot into a login prompt + +# Configure network +Configuring the network is easy with dhcpcd but first we need to know what device we want to enable + + ip address + +It should show you a bunch of devices, Ignore lo, there can be multiple, for me it is enp4s0. + +so I run the following command to activate the network + + sudo systemctl enable --now dhcpcd@enp4s0 + +You can then test with ping if it works, if it works you can go on, if not you can disable it again with sudo systemctl disable --now dhcpcd@enp4s0 and try other network devices listed by the previous command. + +# Point Domains to your server +If you have any domains, you first need to edit their DNS records to point to your Server. + +First we need our public IP so run the following command + + host myip.opendns.com resolver1.opendns.com + +Next up you go to your domain registrar, I can recommend Dynadot.com if you don't have one + +You simply login go to domain settings, look for the DNS records and let it point to your IP It should look something like this + +``` +A domain.tld PublicIP +A *.domain.tld PublicIP +``` + +The `A` refers to IPv4, If you need IPv6 you just add both records again this time with `AAAA` + +`domain.tld` should be replaced with your custom domain, the `*.domain.tld` is for all subdomains. + +If you have a TTL setting, just put it on the lowest possible value and don't forget to save. + +# Set Static IP for Server +You need a Static IP on your internal network so you can open ports on that internal IP without the device switching internal IP randomly + +For this you need to login into your router, This can be a pain, If you have no idea I recommend resetting it and use the default password to login. + +In the router interface you have to look for Static IP or DHCP reservation or something like that. + +run the following command and look at the hardware address or MAC/link/ether address for your network device it should look something like this `ab:cd:f0:12:34:56` + + ip address + +Now you need to combine the mac address of the server with a static IP given by you, It might be good to plan out your network create different vlans like 192.168.1.X for your servers 192.168.2.X for your trusted devices 192.168.3.X for your smarthome devices and 192.168.4.X for a free wifi guest network, This way you have a seperated network for your home and servers, you can block all smarthome devices from phoning home by just blocking the subnet with 1 rule and you can seperate guests from your own devices. we are going to assume you made a subnet 192.168.1.X for your servers, and this server is 192.168.1.10. + +So Mac Adress `ab:cd:f0:12:34:56` needs to be assigned the local IP of `192.168.1.10`. + +Make sure you save, Then reboot your server and it should move over to the assigned local IP. + +# Open two ports to your server +For now we are only going to open the ports 80 and 443 for http and https respectively + +Still in your router interface you have to look for "port forward", Don't worry about clicking trough the menus, as long as you don't press save anywhere you should be fine :) + +If you found the port forwarding screen you need to open ports 80 and 443 over TCP to the local static IP of your server. So in this example case + +`192.168.1.10 TCP 80` +`192.168.1.10 TCP 443` + +Make sure you save and you don't need to reboot anything for this. + +Be careful with opening ports here, I would recommend against opening the SSH or the FTP ports, Keep it local which keeps it somewhat safe :) + +Also remember that you don't need to open ports for local services, like mysql or any of the proxy ports, You also don't have to open ports for outgoing connections, It is just for incoming connections. + +# Firewall +IPtables is present in the kernel and installed by default We use IPtables because docker networks don't play nice with nftables. + +The default settings are fine we are leaving 80 and 443 closed, because the services we are going to host will be running from their own network. It is recomended to read up on iptables. Have a look at them and see what docker and fail2ban is changing over time. Do not change things other than steps in this guide unless you know what you are doing. See page *02 Server Iptables* + +# Enable auto login +To make sure everything is getting started automatically after a reboot you can use autologin + +edit the getty service file with the following command + + sudo vim /etc/systemd/system/getty.target.wants/getty@tty1.service + +Look for the following line + +``` +ExecStart=./sbin/agetty -o '-p -- \\u' --noclear - $TERM +``` + +And change it into this + +``` +ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --autologin USERNAME - $TERM +``` + +Save and exit + +You can restart to ensure you are automatically logged in, It will still ask you for a password, but it should say Automatic Login after boot. If you want to log in with another user simply press enter (wrong password) and you can type another user when needed. press enter for your other user password and you are in! + +# Install and Configure SSH +SSH or Secure SHell is a tool to access your server remotely, In our example we will only use it locally by simply not opening any ports in the router. + +Simply install OpenSSH + + sudo pacman -S openssh + +We need to configure it properly so open the following file + + sudo vim /etc/ssh/sshd_config + +Uncomment LogLevel and change it to VERBOSE so we can use it with fail2ban + + LogLevel VERBOSE + +Now start and enable the service + + sudo systemctl enable --now sshd + +# Install Docker +Docker is the containerization software we are going to use, Every service will get its own container and network. + +Install it with the following command + + sudo pacman -S docker + +now we just need to enable it with systemctl + + sudo systemctl enable --now docker + +Docker should be up and running. + +# Install Docker Compose +Docker Compose is a front end for Docker, It allows us to set up containers and networks in an easy way. + +Install it with the following command + + sudo pacman -S docker-compose + +Docker Compose parses yaml files, which are designed to be simple configuration files, spaces are everything here, so make sure you get the spacing right. It does allow us to set up containers quick and easy. + +We configure 3 main things container details, volumes and networks + +container or service details contain the name of the container, which image it should pull, when it should restart, etc. + +volumes are like mounting points for persistant storage, For stuff like Configuration files, Databases, File storage, Stuff that must remain intact if you ever remove the container and rebuild it. + +Networks are like virtual networks on the local network, they seperate the different services that don't need to talk to eachother. Services can be in multiple networks tho. + +I hope the configuration files will make everything more clear, but this is everything you need to know for now. + +# Shutdown your server +Aside from fail2ban, certbot, banner/motd and updating and the docker services themself your server is done. It is the perfect time to make some changes. mainly becuase the next sections require a lot of typing and the ability to copy/paste will be very welcome. + +So shutdown your machine + + sudo shutdown now + +Remove the power cable and press the power button this will drain any power left in the machine. Now you can remove any GPU you needed for a video output, remove any peripherals like keyboard, monitors, and give your server a nice place in your house, Just connect the ethernet and power cable and simply press the power button once to start your server again. + +Wait a minute and you should be able to login to your server from a different machine over your local network in our example the Local IP was 192.168.1.10 so our command will be the following + + ssh username@192.168.1.10 + +Fill in your password associated with your username and press enter. If you run into problems here, double check the Firewall, SSH and static IP steps. Also make sure your home vlan has access to your server vlan if you chose to use different vlans. + +# Banner and motd +Next up we are going to adjust the banner it will display on SSH password request + + sudo vim /etc/issue + +Add in the following content (you might need to \\ the \ ones) + +``` + _________ + / \ +| Whatsup? | + \_______ / + \/ + .--. + |o_o | + |:_/ | + // \ \ + (| | ) + /'\_ _/`\ + \___)=(___/ +``` + +Then we have the motd which will display after login + +for this we will write a little script so it has up to date information + + mkdir ~/Scripts + vim ~/Scripts/updatemotd.sh + +Add in the following content + +``` +#!/bin/bash + +printf " \e[34m/#\\ \e[0;0m_ \e[34m_ _ + \e[34m/###\\ \e[0;0m __ _ _ __ ___| |__ \e[34m| (_)_ __ _ ___ __ + \e[34m/#####\\ \e[0;0m/ _' | '__/ __| '_ \\ \e[34m| | | '_ \\| | | \\ \\/ / + \e[34m/##.-.##\\ \e[0;0m| (_| | | | (__| | | | \e[34m| | | | | | |_| |> < + \e[34m/##( )##\\ \e[0;0m\\__,_|_| \\___|_| |_| \e[34m|_|_|_| |_|\\__,_/_/\\_\\ + \e[34m/#.-- --.#\\ + \e[34m/' '\\ +" > /etc/motd +printf "\e[34mMemory Usage: \e[0;0m" >> /etc/motd && free -m | grep Mem | awk '{ printf("%dMB/%dMB ", $3, $2) }' >> /etc/motd && free | grep Mem | awk '{ printf("%.2f%% used\n", $3*100/$2) }' >> /etc/motd +printf "\e[34mDisk Free: \e[0;0m" >> /etc/motd && df -h | awk '$NF=="/"{printf "root %s ", $4}' >> /etc/motd +printf "" && df -h | awk '$NF=="/data"{printf "data %s ", $4}' >> /etc/motd +printf "" && df -h | awk '$NF=="/music"{printf "data %s ", $4}' >> /etc/motd +printf "" && df -h | awk '$NF=="/video"{printf "data %s ", $4}' >> /etc/motd +printf "\n\e[34mLast Boot: \e[0;0m$(uptime)\n" >> /etc/motd +exit +``` + +Now we are going to create a Systemtimer which will run the script + + sudo vim /etc/systemd/system/updatemotd.service + +Add in the following (replace USSERNAME with your username!) + +``` +[Unit] +Description=Update the motd +Wants=updatemotd.timer + +[Service] +Type=oneshot +ExecStart=/bin/bash /home/USERNAME/Scripts/updatemotd.sh + +[Install] +WantedBy=multi-user.target +``` + +Now we need a timer file + + sudo vim /etc/systemd/system/updatemotd.timer + +Add in the following content + +``` +[Unit] +Description=Runs the update motd service every minute +Requires=updatemotd.service + +[Timer] +Unit=updatemotd.service +OnBootSec=1min +OnUnitActiveSec=1min + +[Install] +WantedBy=timers.target +``` + +And now we finally start the timer + + sudo systemctl enable --now updatemotd.timer + +You can exit the ssh and log back in to see the results + +# Install and Configure Certbot +Certbot will create signed SSL certificates for you (For HTTPS websites) + +We simply install it with the following command + + sudo pacman -S certbot + +First we need to open port 80 temporarily so that certbot can verify you own the domain. + + sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT + +Next we are going to request a certificate for every domain you pointed to this server. + + sudo certbot certonly -d example.com + +Just answer the questions and repeat the process for every other domain. Pick 1 if it asks for the authentication method. + +Now we can restore the firewall settings again by running the following command + + sudo iptables -D INPUT -p tcp -m tcp --dport 80 -j ACCEPT + +Your certificates are only valid for 90 days, so we need to update them every once in a while, personally I just run a script every week that makes sure all certificates are valid + +Create the script + + vim ~/Scripts/renewcerts.sh + +Add in the following content (replace USSERNAME with your username!) + +``` +#!/bin/bash + +docker-compose -f /home/USERNAME/Docker/nginx/docker-compose.yml down +iptables -I INPUT -p tcp --dport 80 -j ACCEPT +certbot renew +iptables -D INPUT -p tcp -m tcp --dport 80 -j ACCEPT +docker-compose -f /home/USERNAME/Docker/nginx/docker-compose.yml up -d +``` + +Next we need a service which actually executes the script so create the service file + + sudo vim /etc/systemd/system/renewcerts.service + +Add in the following content (replace USSERNAME with your username!) + +``` +[Unit] +Description=Updates all expiring certificates +Wants=renewcerts.timer + +[Service] +Type=oneshot +ExecStart=/bin/bash /home/USERNAME/Scripts/renewcerts.sh + +[Install] +WantedBy=multi-user.target +``` + +Next we need a timer which actually calls the service so create the timer file + + sudo vim /etc/systemd/system/renewcerts.timer + +Add in the following content + +``` +[Unit] +Description=Runs the update certificates service every week +Requires=renewcerts.service + +[Timer] +OnCalendar=Tue 04:00 +Persistent=true + +[Install] +WantedBy=timers.target +``` + +Finally start and enable the timer so it will actually run + + sudo systemctl enable --now renewcerts.timer + +# Install and Configure Fail2Ban +Fail2Ban will read your logs for failed login attempts or other fishy things, when it crosses a certain amount of attempts it will block the IP using the firewall. + +So first we are going to install fail2ban + + sudo pacman -S fail2ban + +Next enable and start the service + + sudo systemctl enable --now fail2ban + +Create a file where we will store all of our configuration + + sudo vim /etc/fail2ban/jail.local + +Replace the whole contents with the following + +``` +[INCLUDES] + +before = paths-arch.conf + +[DEFAULT] + +## Settings +ignoreip = 127.0.0.1/8 ::1 192.168.1.1/16 172.20.0.0/16 +findtime = 1h +maxretry = 3 +bantime = 1h +bantime.increment = true +bantime.rndtime = 3600 +bantime.multipliers = 1 3 5 12 24 168 4200 999999999 +bantime.overalljails = true +banaction = action + +## SSH Jail +[sshd] +enabled = true +``` + +For now we only set some default settings you can always overwrite them later on + +ignoreip is pretty self explanitory, You can add your own IPs +findtime is the period in which these attempts are are allowed +maxretry is the number of attempts to trigger a ban +bantime is pretty self explanitory +bantime.increment this increments the bantime +bantime.rndtime adds a random time to the bantime to fool scripts +bantime.multipliers sets a custom ban time for repeated offenders +bantime.overalljails makes fail2ban check accross all jails so 1 attempt at 3 services is a ban +banaction is which action to perform, we will write a custom action in the next section +Finally under `[sshd]` we enabled sshd, we have to enable every service we add. +We will add more later depending on the services you want to activate + +Save and exit the file + +Now we need to create a banaction so fail2ban knows what to do when it needs to ban someone. + + sudo vim /etc/fail2ban/action.d/action.conf + +Add in the following lines + +``` +[Definition] +actionban = iptables -I INPUT -s -j REJECT + iptables -I FORWARD -s -j REJECT + iptables -I DOCKER-USER -s -j REJECT + echo "" >> /var/log/fail2ban.log + +actionunban = iptables -D INPUT -s -j REJECT + iptables -D FORWARD -s -j REJECT + iptables -D DOCKER-USER -s -j REJECT +``` + +Here you can see that everytime it needs to ban someone it will simply execute some iptables commands that reject requests for docker and the host system. + +I also put in the echo so it prints the why in the fail2ban log it can be handy for debugging but you can remove it. + +Don't forget to restart the service to make the changes take effect + + sudo systemctl restart fail2ban + +You can use fail2ban-client to unban people or view some statistics + + sudo fail2ban-client + +Lets add some Aliases so viewing the banned list and unbanning people gets easier + +WIP! + +# Install and Configure Nginx +eNGINe X is a very powerful webserver, It can do many things and is highly configurable. + +We will use it as a reverse proxy to forward requests to the correct container. + +Create some folders in your home directory + + mkdir -p ~/Docker/nginx + +Now create a docker compose file in that directory + + vim ~/Docker/nginx/docker-compose.yml + +Add in the following text + +``` +version: '3' + +services: + nginx: + image: nginx:latest + container_name: nginx + restart: always + volumes: + - /data/nginx/config:/etc/nginx + - /data/nginx/log/error.log:/var/log/error.log + - /data/nginx/log/access.log:/var/log/access.log + - /etc/letsencrypt/:/etc/letsencrypt/ + - /etc/localtime:/etc/localtime:ro + ports: + - 80:80 + - 443:443 +``` + +First we need to create a folder for the configuration + + sudo mkdir -p /data/nginx/config + +We need to add the nginx configuration file + + sudo vim /data/nginx/config/nginx.conf + +Add in the following text + +``` +# Global Settings +user nginx; +pid /var/run/nginx.pid; +worker_processes auto; +worker_rlimit_nofile 65535; + +events { + multi_accept on; + worker_connections 1024; +} + + +# Web Traffic +http { + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + error_log /var/log/error.log warn; + access_log /var/log/access.log; + proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m; + types_hash_max_size 2048; + types_hash_bucket_size 64; + client_max_body_size 16M; + client_body_buffer_size 16M; + client_header_buffer_size 16M; + large_client_header_buffers 2 16M; + + # MIME + default_type application/octet-stream; + + # Limits + limit_req_log_level warn; + limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m; + + # SSL + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_stapling on; + ssl_stapling_verify on; + + # Services + include /etc/nginx/services/*.active; +} +``` + +We need to create the 2 log files so docker compose won't create directories + + sudo touch /data/nginx/log/access.log /data/nginx/log/error.log + +We also nened to create 2 directories which will house our auth + + sudo mkdir -p /data/nginx/config/auth /data/nginx/config/services + +Nginx should be good now, lets start the container + + sudo docker-compose -f ~/Docker/nginx/docker-compose.yml up -d + +Now we only need to setup fail2ban for Nginx, so create the following file + + sudo vim /etc/fail2ban/filter.d/nginxx.local + +add in the following content + +``` +[INCLUDES] +before = common.conf + +[Definition] +failregex = ^.*"(GET|POST).*" (400|401|403|404|405|406|407|423|429) .*$ +``` + +This will ban everyone getting any of the error codes in the failregex line. + +Now we need to activate the filter in our main fail2ban configuration file + + sudo vim /etc/fail2ban/jail.local + +Add the following to the bottom + +``` +## Nginx +[nginxx] +enabled = true +logpath = /data/nginx/log/access.log +``` + +Restart fail2ban to make the changes take effect + + sudo systemctl restart fail2ban + +# Install and Configure MariaDB +MariaDB is a drop in replacement for MySQL, which is a database used by many services. + +First we create some folders + + mkdir -p ~/Docker/mariadb + +First we will create a docker compose file + + vim ~/Docker/mariadb/docker-compose.yml + +Add in the following text + +``` +version: '3' + +services: + mariadb: + image: mariadb:latest + container_name: mariadb + restart: always + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed + volumes: + - /data/mariadb/data:/var/lib/mysql + - /data/mariadb/config:/etc/mysql/conf.d + - /data/mariadb/logs:/var/log/mysql + - /etc/localtime:/etc/localtime:ro + + environment: + - MYSQL_ROOT_PASSWORD=SETAMYSQLROOTPASSWORDHERE +``` + +Be sure to set your mysql root password + +Lets start the container + + sudo docker-compose -f ~/Docker/mariadb/docker-compose.yml up -d + +Now we only need to initialize the database + + sudo docker exec -it mariadb mariadb-secure-installation + +Answer the first 3 questions with No and the rest with Yes + +# Install and Configure Nextcloud +Nextcloud is a great application, It is great for storing and syncing data, storing your contacts, bookmarks, passwords, calendar, tasks. It also has a great RSS reader, full office suite and many many more. I truly can't live without it. And neither should you which is why I picked it as the example for this guide + +First we need to create a network for the service. + + sudo docker network create --subnet=172.20.30.0/24 nextcloud + +Next we are going to create some folders + + mkdir -p ~/Docker/nextcloud + +Now we will create a docker compose file + + vim ~/Docker/nextcloud/docker-compose.yml + +Add in the following text + +``` +version: '3' + +services: + nextcloud: + image: nextcloud + container_name: nextcloud + restart: always + volumes: + - /etc/localtime:/etc/localtime:ro + - /data/nextcloud:/var/www/html + networks: + nextcloud: + ipv4_address: 172.20.30.10 + +networks: + nextcloud: + external: true + name: nextcloud + ipam: + config: + - subnet: 172.20.30.0/24 +``` + +Now we need to add a server block for nextcloud to the Nginx config file so create a file that will be included by the main nginx config file + +And create the file + + sudo vim /data/nginx/config/services/nextcloud.active + +add in the following text + +``` +server { + server_name example.com; + listen 443 ssl; + +# Settings + autoindex off; + client_max_body_size 5000M; + +# Locations + location / { + proxy_pass http://nextcloud:80; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_ssl_server_name on; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_connect_timeout 600m; + proxy_send_timeout 600m; + proxy_read_timeout 600m; + } + + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location ~ /\.(?!well-known) { + deny all; + } + + location = /favicon.ico { + log_not_found off; + } + + location = /robots.txt { + log_not_found off; + } + +# GZip + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; + +# Headers + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN"; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + +# SSL + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; +} + +# Redirect +server { + listen 80; + server_name example.com; + return 301 https://example.com$request_uri; +} +``` + +Be sure to replace `example.com` 6 times + +Now we need to add nextcloud to the mariadb and nginx networks, because it needs a database and a proxy. + +open the nginx compose file + + vim ~/Docker/nginx/docker-compose.yml + +add the nextcloud network so it looks like this + +``` +version: '3' + +services: + nginx: + image: nginx:latest + container_name: nginx + restart: always + volumes: + - /data/nginx/config:/etc/nginx + - /data/nginx/log/error.log:/var/log/error.log + - /data/nginx/log/access.log:/var/log/access.log + - /etc/letsencrypt/:/etc/letsencrypt/ + - /etc/localtime:/etc/localtime:ro + ports: + - 80:80 + - 443:443 + - 8448:8448 + networks: + nextcloud: + ipv4_address: 172.20.30.20 + +networks: + nextcloud: + external: true + name: nextcloud +``` + +open the mariadb compose file + + vim ~/Docker/mariadb/docker-compose.yml + +add the nextcloud network so it looks like this + +``` +version: '3' + +services: + mariadb: + image: mariadb:latest + container_name: mariadb + restart: always + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed + volumes: + - /data/mariadb/data:/var/lib/mysql + - /data/mariadb/config:/etc/mysql/conf.d + - /data/mariadb/logs:/var/log/mysql + - /etc/localtime:/etc/localtime:ro + + environment: + - MYSQL_ROOT_PASSWORD=SETAMYSQLROOTPASSWORDHERE + networks: + nextcloud: + ipv4_address: 172.20.30.30 + +networks: + nextcloud: + external: true + name: nextcloud +``` + +Now we are going to start the nextcloud container and restart the nginx and mariadb containers. + + sudo docker-compose -f ~/Docker/nextcloud/docker-compose.yml up -d + sudo docker-compose -f ~/Docker/nginx/docker-compose.yml down && sudo docker-compose -f ~/Docker/nginx/docker-compose.yml up -d + sudo docker-compose -f ~/Docker/mariadb/docker-compose.yml down && sudo docker-compose -f ~/Docker/mariadb/docker-compose.yml up -d + +Nextcloud should be accessable from your browser using the domain you chose. +If you have not setup your dns records but only adjusted your .active file for nginx you need to do 2 things first before you go on. +- make sure you have chosen a domain (nextcloud.example.com) and used it in your .active file for nginx. +- make sure you have valid certificates for this domain. if not go back to the certbot part so you can repeat those instructions for your nextcloud domain. + +But first we need to create a database, a user and set the permissions. + +You can get into the database with the following command (only if mariadb is running) + + sudo docker exec -it mariadb mariadb -p + +Enter the Mysql root password you provided during the creation of the mariadb container and you should be in. + +Now run the following commands to create a database, create a user with privileges, and make them take effect. + + create database nextcloud; + create user nextcloud@'172.20.30.10' identified by 'NEXTCLOUDDATABASEPASSWORD'; + grant all privileges on nextcloud.* to nextcloud@'172.20.30.10'; + flush privileges; + +You can exit the mysql prompt with `exit;` and then pressing enter. + +Now we just need to go to example.com and follow the steps + +The Database is nextcloud, the user is nextcloud, The IP is 172.20.30.30:3306 and the password is what you gave it. + +We also need to force HTTPS, else it will give problems since we are running from behind a proxy + + sudo vim /data/nextcloud/config/config.php + +Add in the following line preferrrably under the overwrite.cli.url line. + +``` +'overwriteprotocol' => 'https', +``` + +Nextcloud requires some tasks to be executed every 5 minutes, for that we are going to use systemd timers, like we did for certbot + +Create a little script + + vim ~/Scripts/nextcloudcron.sh + +add in the following content + +``` +#!/bin/bash + +docker exec -u 33 -t nextcloud php -f /var/www/html/cron.php +exit +``` + +Create a systemd service + + sudo vim /etc/systemd/system/nextcloudcron.service + +Add in the following content + +``` +[Unit] +Description=Runs Nextcloud Cron +Wants=nextcloudcron.timer + +[Service] +Type=oneshot +ExecStart=/bin/bash /home/USERNAME/Scripts/nextcloudcron.sh + +[Install] +WantedBy=multi-user.target +``` + +Create a timer file + + sudo vim /etc/systemd/system/nextcloudcron.timer + +and add in the following content + +``` +[Unit] +Description=Runs Nextcloud Cron +Requires=nextcloudcron.service + +[Timer] +Unit=nextcloudcron.service +OnBootSec=5min +OnUnitActiveSec=5min + +[Install] +WantedBy=timers.target +``` + +Finally start the timer + + sudo systemctl enable --now nextcloudcron.timer + +Nextcloud should be all good and ready to go, You can check the persistance by completely deleting all containers and all volumes, When you start it again all your stuff should still be there :) + +Nextcloud has its own Brute force protection, but we still are going to add a fail2ban filter because we want attackers to be banned from all services and not just nextcloud. + +So lets create a new nextcloud filter + + sudo vim /etc/fail2ban/filter.d/nextcloud.local + +add in the following content + +``` +[Definition] +failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ +``` + +Now add the filter to your main fail2ban config file + + sudo vim /etc/fail2ban/jail.local + +Add the following to the end of the file + +``` +## Nextcloud +[nextcloud] +filter = nextcloud +enabled = true +logpath = /data/nextcloud/data/nextcloud.log +``` + +restart fail2ban to make it take effect + + sudo systemctl restart fail2ban + +# Updating the Server +To maintain the system we simply need to update it by running the following command + + sudo pacman -Syu + +To update the docker containers we need to pull every container and then restart it, it would be a lot of work every time you want to upgrade. It is easier to create a script instead of manually typing all the commands every time. + +So create a file + + vim ~/Scripts/update-docker.sh + +put in the following text + +``` +#!/bin/bash + +# Update Nginx +docker-compose -f /home/USERNAME/Docker/nginx/docker-compose.yml pull +docker-compose -f /home/USERNAME/Docker/nginx/docker-compose.yml down +docker-compose -f /home/USERNAME/Docker/nginx/docker-compose.yml up -d --remove-orphans + +# Update MariaDB +docker-compose -f /home/USERNAME/Docker/mariadb/docker-compose.yml pull +docker-compose -f /home/USERNAME/Docker/mariadb/docker-compose.yml down +docker-compose -f /home/USERNAME/Docker/mariadb/docker-compose.yml up -d --remove-orphans + +# Update Nextcloud +docker-compose -f /home/USERNAME/Docker/nextcloud/docker-compose.yml pull +docker-compose -f /home/USERNAME/Docker/nextcloud/docker-compose.yml down +docker-compose -f /home/USERNAME/Docker/nextcloud/docker-compose.yml up -d --remove-orphans +``` + +You should add any services you add to this simple script so all containers get updated + +Save, exit and then make it executable with the following command + + sudo chmod u+x update-docker.sh + +You can now run the script to update all docker containers + +# Let the script run with pacman +Why mess around with 2 commands, when you can simply force the docker-update.sh script to run when you update your system using pacman. We can do this very easy with pacman hooks + +create a file in the hooks directory for docker + + sudo vim /usr/share/libalpm/hooks/docker.hook + +Add in the following text + +``` +[Trigger] +Operation = Upgrade +Type = Package +Target = * +[Action] +Description = Update Docker Containers +When = PostTransaction +Exec = /bin/bash /home/USERNAME/Scripts/update-docker.sh +``` + +Save and exit and try to update your system, if you are lucky you have an update and you can see the script in action after the update. + +# Next +For now I would continue the guide Terminal and Programming are quite useful for a server, I would also recommend reading the maintenance part of the guide. But you can skip basic programs, office, gaming, etc + +When you are done you can go to my Docker guide, and install any service your heart desires :) \ No newline at end of file diff --git a/Guides/Arch/03Terminal.md b/Guides/Arch/03Terminal.md new file mode 100644 index 0000000..9e4fb61 --- /dev/null +++ b/Guides/Arch/03Terminal.md @@ -0,0 +1,663 @@ +--- +title: 03 Terminal +description: +published: true +date: 2024-11-24T11:45:11.626Z +tags: +editor: markdown +dateCreated: 2023-04-30T06:05:33.890Z +--- + +# Installing ZSH +ZSH is a pretty cool lightweight shell that is very configurable, Install it with the following command + + sudo pacman -S zsh + +Now we are going to make ZSH the default shell with the following command + + chsh -s $(chsh -l | grep -m1 zsh) + +We are going to create zshrc config files in a central config folder for easy backups. + + mkdir ~/Config + +then create 2 files in there + + touch ~/Config/zshrc-global ~/Config/zshrc-user + +Now we need to create a new user zsh config folder + + mkdir ~/.config/zsh + +now we are going to symlink the config files to where zsh expects them to be + + sudo ln -sf ~/Config/zshrc-global /etc/zsh/zshrc + ln -sf ~/Config/zshrc-user ~/.config/zsh/.zshrc + +Now we need to set the dotfile location in zshenv + + sudo vim /etc/zsh/zshenv + +Add in the following line + + export ZDOTDIR=~/.config/zsh + +Save and exit + +ZSH should be functional with a terrible prompt, so lets fix that first. + +# Installing a Powerline Font +We are gonna need the right fonts for all the icons + + sudo pacman -S ttf-meslo-nerd + +Change the terminal/monospace font to MesloLGS NF Regular in your terminal or DE settings + +# Configuring Guake +Guake is my terminal of choice, I like that it can split the window and it opens and closes fullscreen with a single button nice quick and easy. For KDE users there is Yauake, It is very much like Guake, but there are a ton more Guake clones out there, You should be able to follow this guide for most of them. + +Install Guake with the following command + + sudo pacman -S guake + +Now open guake preferences from your menu. + +Under General disable the tray icon and the startup popup + +Under Main Window Disable the Tab Bar and put the height and width full + +Under Appearance Set Meslo LGS Nerd Font Regular as your font, set Tango as your color scheme and set the transparency to your liking. + +Under Keyboard Shortcuts I set "Toggle Guake Visibility" to \`, this can give problems, in this case also set the hotkey in your DE to "guake", set "Split tab vertical" to CTRL + N, "Split tab horizontal" to CTRL + B, "Focus terminal above" to Ctrl + Up, "Focus terminal below" to Ctrl + Down, "Focus terminal on the left" to Ctrl + Left, "Focus terminal to the right" to Ctrl + Right, "Increase heigth" to Ctrl + Shift + Down, "Decrease Height" to Ctrl + Shift + Up, "Increase transparency" to Ctrl + Shift + Left and finally "Decrease transparancy" to Ctrl + Shift + Right + +Ofcourse you can config anything else you like, but for me this is enough + +# Configuring Alacritty +I use Alacritty for a quick and fast terminal it works especially great with tiling window managers you can install it with the following command + + sudo pacman -S alacritty + +First we are going to create a config file for Alacritty + + touch ~/Config/alacritty.yml + +Now we are going to create the config folder alacritty expects + + mkdir ~/.config/alacritty + +And finally symlink the file to the location alacritty expects it to be. + + ln -sf ~/Config/alacritty.yml ~/.config/alacritty/alacritty.yml + +Now it is time to configure alacritty using the file + + nvim ~/Config/alacritty.yml + +We are gonna need some fonts to properly display the icons with our theme so add in the following lines, you can change the font, But I recommend putting this one first to follow along with the guide. + +``` +#MesloLGS font +font: + normal: + family: MesloLGS Nerd Font + style: Regular + + bold: + family: MesloLGS Nerd Font + style: Bold + + italic: + family: MesloLGS Nerd Font + style: Italic + + bold_italic: + family: MesloLGS Nerd Font + style: Bold Italic + + size: 11 +``` + +Setting a nice color theme is vital, The same applies here, you can change it later, but I recommend just following along for now. There are tons of color schemes available. + +``` +#Tango color theme +colors: + primary: + background: '#000000' + foreground: '#ffffff' + normal: + black: '#000000' + red: '#cc0000' + green: '#4e9a06' + yellow: '#c4a000' + blue: '#3465a4' + magenta: '#75507b' + cyan: '#06989a' + white: '#d3d7cf' + bright: + black: '#555753' + red: '#ef2929' + green: '#8ae234' + yellow: '#fce94f' + blue: '#729fcf' + magenta: '#ad7fa8' + cyan: '#34e2e2' + white: '#eeeeec' +``` + +Spawn a new terminal in the current location with CTRL + SHIFT + N + +``` +key_bindings: + - { key: N, mods: Control|Shift, action: SpawnNewInstance } +``` + +# Powerlevel10K +Powerlevel10K is a great theme for ZSH, it is very configurable and has a lot of cool features + +Sadly it is unmaintained, but it works fine, we can clone the repo into our /usr/share folder. + + sudo git clone https://github.com/romkatv/powerlevel10k.git /usr/share/zsh-theme-powerlevel10k/ + +Now we need to include the following lines in our zshrc-global file + +``` +#P10k +source /usr/share/zsh-theme-powerlevel10k/powerlevel10k.zsh-theme +``` + +And the following lines to our zshrc-user file + +``` +#P10k +[[ ! -f ~/.config/zsh/.p10k.zsh ]] || source ~/.config/zsh/.p10k.zsh +``` + +To configure Powerlevel10K you must run the following command + + p10k configure + +Have some patience and run trough the interactive configuration + +Now we just need to symlink the config file to the expected location + + ln -sf ~/Config/p10k.zsh ~/.config/zsh/.p10k.zsh + +When you exit the terminal and start it again it should look all nice :) + +# Installing LSD +lsd is like ls with colors, nice icons and other visual cues that help you. + +It is in the repos, simply install it with the following command + + sudo pacman -S lsd + +You can now run it with lsd, we will later alias ls to lsd in our zsh configuration. + +try the following command for example + + lsd -la ~ + +# Adding ZSH Options and Keybinds +ZSH options change the default behavior so do keybinds + +You can add them all or just the ones you like to your zshrc-global file + +Give flag suggestions for programs + +``` +autoload -Uz compinit && compinit +``` + +Gives you a menu when navigating suggestions + +``` +zstyle ':completion:*' menu select +zstyle ':completion::complete:*' gain-privileges 1 +``` + +History settings for ZSH + +``` +export HISTFILE=~/.config/zsh/.zsh_history +export HISTSIZE=1000000 +export SAVEHIST=1000000 +setopt EXTENDED_HISTORY +setopt HIST_IGNORE_ALL_DUPS +setopt HIST_FIND_NO_DUPS +setopt inc_append_history +``` + +Press up and down to search to matching history + +``` +bindkey "^[[A" history-beginning-search-backward +bindkey "^[[B" history-beginning-search-forward +``` + +Case insensitive tab completion, Also enables cd doc/fo/su to go to /documents/folder/subfolder + +``` +zstyle ':completion:*' matcher-list 'm:{a-z}={A-Z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*' +``` + +I really don't see the use for Flow Control + +``` +unsetopt flow_control +``` + +Fix navigation keys + +``` +bindkey "^[[H" beginning-of-line +bindkey "^[[F" end-of-line +bindkey "^[[3~" delete-char +bindkey "^[[5~" beginning-of-line +bindkey "^[[6~" end-of-line +``` + +# Adding Aliases +Aliases are simply alternatives for a string of text, as an easy example, v will type nvim, and sv will type sudo nvim. You can also chose to remove some or add more. + +Simply add the following text to one of your ~/config/zshrc files, user will set it for you, and global will set it for everyone, + +``` +alias a="awk" +alias b="btrfs" +alias c="cryptsetup" +alias d="docker" +alias e="echo" +alias f="fdisk" +alias g="git" +alias h="history" +alias j="jobs -l" +alias k="kubectl" +alias l="ls -la" +alias m="man" +alias n="neofetch" +alias o="openssl" +alias p="pacman" +alias r="reboot" +alias s="sudo" +alias t="tail -f" +alias u="uname" +alias v="nvim" +alias w="whence" +alias sudo="sudo " +alias ffs="sudo !!" +alias distro="cat /etc/*-release" +alias hk="cat ~/config/hotkeys" +alias sv="sudo v" +alias md="mkdir -p" +alias tk="take" +alias rmd="rm -rf" +alias sgrep="grep -R -n -H -C 5 --exclude-dir={.git,.svn,CVS} " +alias hgrep="fc -El 0 | grep" +alias please='sudo' +alias phone='ssh houtworm@pinephone' +alias server='ssh houtworm@server' +alias game='gamemoderun mangohud' +alias ytflac="youtube-dl -x --audio-format flac --prefer-ffmpeg" +alias ytmkv="youtube-dl -F" +alias lol='lolcat' +alias cd1="cd .." +alias cd2="cd ../.." +alias cd3="cd ../../.." +alias cd4="cd ../../../.." +alias cd5="cd ../../../../.." +alias cd6="cd ../../../../../.." +alias cd7="cd ../../../../../../.." +alias cd8="cd ../../../../../../../.." +alias cd9="cd ../../../../../../../../.." +alias scls="systemctl list-unit-files" +alias scs="sudo systemctl status " +alias scre="sudo systemctl restart " +alias scst="sudo systemctl start " +alias scsp="sudo systemctl stop " +alias scen="sudo systemctl enable " +alias scenn="sudo systemctl enable now " +alias scdi="sudo systemctl disable " +alias fwd="firewall-cmd" +alias fwdlist="firewall-cmd --list-all-zones" +alias fwdre="firewall-cmd --reload" +alias gi="git init" +alias ga="git add *" +alias gc="git commit -m" +alias gp="git push" +alias me="ifconfig | grep "inet " | cut -b 9- | cut -d" " -f2" +alias allcolor="for i in {0..255}; do print -Pn "%K{$i} %k%F{$i}${(l:3::0:)i}%f " ${${(M)$((i%6)):#3}:+$"\n"}; done" +alias rainbow="printf "$BBLA\n$BRED\n$BGRE\n$BYEL\n$BBLU\n$BMAG\n$BCYA\n$BWHI\n\n"" +alias dud="du -d 1 -h" +alias duf="du -sh *" +alias :q="exit" +alias ls="lsd" +alias ports="netstat -tulanp" +alias compr="gcc -Wall -Wextra -Werror *.c && ./a.out && rm a.out" +alias compra="gcc -Wall -Wextra -Werror *.c && ./a.out" +alias norme="norminette -R CheckForbiddenSourceHeader" +alias valg="gcc *.c -ggdb3 && valgrind --show-leak-kinds=all --leak-check=full --track-origins=yes ./a.out && rm a.out" +alias valga="gcc *.c -ggdb3 && valgrind --show-leak-kinds=all --leak-check=full --track-origins=yes ./a.out" +alias normsh="checkbashisms" +alias banned='sudo fail2ban-client banned | tr -t "[{" " \n" | tr -d ":]},"' +``` + +# Adding ZSH Functions +ZSH functions are like tiny scripts that perform a task, you can add the ones you think are useful to you to one of the zshrc files, I suggest global so anyone can use them :) + +Press Ctrl + Z to bring stuff to the background but also bring stuff back to the foreground instead of typing fg + +``` +backforeswitch () { + if [[ $#BUFFER -eq 0 ]]; then + BUFFER="fg" + zle accept-line -w + else + zle push-input -w + zle clear-screen -w + fi +} +zle -N backforeswitch +bindkey '^Z' backforeswitch +``` + +Press Esc twice to put sudo in front of your previous command. + +``` +sudoswitch() { + [[ -z $BUFFER ]] && zle up-history + if [[ $BUFFER == sudo\ * ]]; then + LBUFFER="${LBUFFER#sudo }" + elif [[ $BUFFER == $EDITOR\ * ]]; then + LBUFFER="${LBUFFER#$EDITOR }" + LBUFFER="sudoedit $LBUFFER" + elif [[ $BUFFER == sudoedit\ * ]]; then + LBUFFER="${LBUFFER#sudoedit }" + LBUFFER="$EDITOR $LBUFFER" + else + LBUFFER="sudo $LBUFFER" + fi +} +zle -N sudoswitch +bindkey "\e\e" sudoswitch +bindkey -M vicmd '\e\e' sudoswitch +``` + +Make the man pages all colorful + +``` +function man() { + env \ + LESS_TERMCAP_mb=$(printf "\e[1;31m") \ + LESS_TERMCAP_md=$(printf "\e[1;31m") \ + LESS_TERMCAP_me=$(printf "\e[0m") \ + LESS_TERMCAP_se=$(printf "\e[0m") \ + LESS_TERMCAP_so=$(printf "\e[0;37;102m") \ + LESS_TERMCAP_ue=$(printf "\e[0m") \ + LESS_TERMCAP_us=$(printf "\e[4;32m") \ + PAGER="${commands[less]:-$PAGER}" \ + _NROFF_U=1 \ + GROFF_NO_SGR=1 \ + PATH=${HOME}/bin:${PATH} \ + man "$@" +} +``` + +Creates a TAR archive of a file or folder. + +``` +function maketar() { tar cvzf "${1%%/}.tar.gz" "${1%%/}/"; } +``` + +Create a ZIP archive of a file or folder. + +``` +function makezip() { zip -r "${1%%/}.zip" "$1" ; } +``` + +Extracts any type of archive automagically + +``` +function extract { + if []; then + echo "Usage: extract ." + else + if [] ; then + case $1 in + *.tar.bz2) tar xvjf $1 ;; + *.tar.gz) tar xvzf $1 ;; + *.tar.xz) tar xvJf $1 ;; + *.lzma) unlzma $1 ;; + *.bz2) bunzip2 $1 ;; + *.rar) unrar x -ad $1 ;; + *.gz) gunzip $1 ;; + *.tar) tar xvf $1 ;; + *.tbz2) tar xvjf $1 ;; + *.tgz) tar xvzf $1 ;; + *.zip) unzip $1 ;; + *.Z) uncompress $1 ;; + *.7z) 7z x $1 ;; + *.xz) unxz $1 ;; + *.exe) cabextract $1 ;; + *) echo "extract: '$1' - unknown archive method" ;; + esac + else + echo "$1 - file does not exist" + fi +fi +} +``` + +The git riddle + +``` +function iacp() { +if [] +then + echo "Usage: iacp " +else + git init + git add * + git commit -m "$3" + git remote add $1 $2 + git push --set-upstream $1 master +fi +} +``` + +The git push + +``` +function acp() { +if [] +then + echo "Usage: acp " +else + git add * + git commit -m "$1" + git push +fi +} +``` + +take or tk = mkdir -p and cd in one + +``` +function take() { + md "$1" + cd "$1" +} +``` + +Really clear the screen with Ctrl + L + +``` +clearbetter () { + BUFFER="clear" + zle accept-line -w +} +zle -N clearbetter +bindkey '^L' clearbetter +``` + +Reload ZSH with Ctrl + S + +``` +resourcezsh () { + BUFFER="exec -l zsh" + zle accept-line -w + BUFFER="clear" + zle accept-line -w +} +zle -N resourcezsh +bindkey '^S' resourcezsh +``` + +Exit with Ctrl + Q + +``` +ctrlqexit () { + BUFFER=":q" + zle accept-line -w +} +zle -N ctrlqexit +bindkey '^Q' ctrlqexit +``` + +Unban IPs with fail2ban + +``` +unban () { + sudo fail2ban-client unban $@ +} +``` + +# ZSH Plugins +To add plugins to ZSH we simply need to download them and source the main .zsh file of that plugin in one of your zshrc files. Below are the ones I use + +Fast Syntax Highlighting is great, it gives your input color based on brackets, if it is correct or not, etc + + git clone https://github.com/z-shell/F-Sy-H /usr/share/zsh/plugins/F-Sy-H + +Now simply source the .zsh file in your global zshrc by adding the following line to it + +``` +source /usr/share/zsh/plugins/F-Sy-H/F-Sy-H.plugin.zsh +``` + +Alias Tips helps you remember the aliases you set, if you don't use a set alias it will notify you of the alias in a way that doesn't annoy you. + + git clone https://github.com/djui/alias-tips /usr/share/zsh/plugins/alias-tips + +Now simply source the .zsh file in your global zshrc by adding the following line to it + +``` +source /usr/share/zsh/plugins/alias-tips/alias-tips.plugin.zsh +``` + +ZSH Autosuggestions is nice, it tries to complete a command based on your history + + git clone https://github.com/zsh-users/zsh-autosuggestions /usr/share/zsh/plugins/zsh-autosuggestions + +Now simply source the .zsh file in your global zshrc by adding the following line to it + +``` +source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh +``` + +Also add the following line to the /etc/zsh/zshenv file to drastically speed up this plugin + +``` +export ZSH_AUTOSUGGEST_MANUAL_REBIND +``` + +Z is a pretty cool plugin for fast navigation just type z nameoffolder and it will jump to it based on history. + + git clone https://github.com/agkozak/zsh-z /usr/share/zsh/plugins/z + +Now simply source the .zsh file in your global zshrc by adding the following line to it + +``` +source /usr/share/zsh/plugins/z/zsh-z.plugin.zsh +``` + +Also be sure to set the ZSHZ_DATA variable in /etc/zsh/zshenv by adding the following line to it + +``` +export ZSHZ_DATA=~/.config/zsh/.z +``` + +You can install any more you like, just be sure it doesn't slow down your shell. + + +# Updating ZSH Plugins with Pacman +Updating these plugins is important for compatibility and new features. + +Create a file for the script + + vim ~/Scripts/update-zshplugins.sh + +Add in the following content + +``` + git -C /usr/share/zsh/plugins/F-Sy-H pull + git -C /usr/share/zsh/plugins/alias-tips pull + git -C /usr/share/zsh/plugins/zsh-autosuggestions pull + git -C /usr/share/zsh/plugins/z pull +``` + +create a file in the pacman hooks directory for zsh plugins + + sudo vim /usr/share/libalpm/hooks/zsh.hook + +Add in the following text + +``` +[Trigger] +Operation = Upgrade +Type = Package +Target = * +[Action] +Description = Update ZSH Plugins +When = PostTransaction +Exec = /bin/bash /home/USERNAME/Scripts/update-zshplugins.sh +``` + +Save and exit and try to update your system, if you are lucky you have an update and you can see the script in action after the update. + +# ZSH Hotkeys +Just a simple overview of all the hotkeys you can use +Up and Down Arrow = Browse history matching current line +Ctrl + A = Go to start of line +Ctrl + B = Move 1 character back +Ctrl + C = Cancel, Stop the current operation. +Ctrl + D = Quit the session +Ctrl + E = Go to end of line +Ctrl + F = Move 1 character forward +Ctrl + G = Nothing +Ctrl + H = DOUBLE Delete Character before the cursor +Ctrl + I = Nothing +Ctrl + J = Nothing +Ctrl + K = Remove everything behind the cursor +Ctrl + L = clear screen +Ctrl + M = Nothing +Ctrl + N = Browse History matching current line +Ctrl + O = Nothing +Ctrl + P = Browse History matching current line +Ctrl + Q = Quit, Types exit and presses enter. +Ctrl + R = Search in History +Ctrl + S = Nothing +Ctrl + T = Nothing +Ctrl + U = Delete everything before the cursor +Ctrl + V = Nothing +Ctrl + W = Delete the word before the cursor +Ctrl + X = Nothing +Ctrl + Y = Undo +Ctrl + Z = toggle program to background and foreground +# Installing Neofetch +Neofetch is a cool tool that shows some system information and a asci art logo of your distro. Install it with the following command + + sudo pacman -S neofetch + +Now you can run it by just typing neofetch in a terminal :) + diff --git a/Guides/Arch/04Programming.md b/Guides/Arch/04Programming.md new file mode 100644 index 0000000..0df1668 --- /dev/null +++ b/Guides/Arch/04Programming.md @@ -0,0 +1,569 @@ +--- +title: 04 Programming +description: +published: true +date: 2024-11-24T11:52:36.975Z +tags: +editor: markdown +dateCreated: 2023-04-28T08:02:02.339Z +--- + +# Programming +Even if you are not into programming and have no interest in learning it, some of these programs might be useful, in the case of Neovim it is a lot easier to read configuration files for example, If you want to get into programming these programs are an absolute must. + +# Installing Neovim +We are using Neovim over Vim because Neovim has LSP support + +install it using pacman + + sudo pacman -S neovim + +We will configure it later, we will start with ZSH + +# Neovim Options and Keybinds +We already installed Neovim in the first step, but we still need to configure it the way we want to. First we need create config files + + touch ~/Config/init.vim ~/Config/sysinit.vim + +Now we are going to create a symlink for the user config file + + ln -sf ~/Config/init.vim ~/.config/nvim/init.vim + +Do the same for the global config file + + sudo ln -sf ~/Config/sysinit.vim /etc/xdg/nvim/sysinit.vim + +We can now set some options, I recommend putting them in the system file this way you have the same configuration with the root user + + sv ~/Config/init.vim + +Add in the following options, Going over them all is beyond the scope of this guide, But you can look them all up to see what they do exactly. + +``` +"Options for Neovim" +:setlocal list +set listchars=eol:↓,tab:··▸,trail:●,extends:…,precedes:…,space:· +set updatetime=300 +set shortmess+=c +syntax on +set number +set nu rnu +set tabstop=4 +set cursorline +set showcmd +filetype indent on +set wildmenu +set showmatch +set incsearch +set hlsearch +set nospell +set spelllang=en_us +set autoindent +set ruler +set confirm +set cmdheight=2 +set shiftwidth=4 +set noexpandtab +set hidden +set nowrap +set encoding=utf-8 +set pumheight=10 +set mouse=a +set splitbelow +set splitright +set t_Co=256 +set conceallevel=0 +set smarttab +set smartindent +set background=dark +set showtabline=0 +set noshowmode +set nobackup +set nowritebackup +set clipboard=unnamedplus +set dir=~/tmp,/tmp +set scrolloff=3 +set sidescrolloff=7 +set sidescroll=1 +set ignorecase smartcase +set undofile +set undodir=~/.nvim/undo +set inccommand=nosplit +set signcolumn=number +set backspace=indent,eol,start +set complete-=i +``` + +Now add some keyboard remaps + +``` +"Keyboard Remaps" +nmap :windo bd +nmap :tabnew +nmap :tabp +nmap :tabn +nmap :ene +nmap :bp +nmap :bn +nmap :vs +nmap :split +nmap :q +nmap :w +nmap :set nu! rnu! +nmap :set list! +nmap :resize +3 +nmap :resize -3 +nmap :vertical resize +3 +nmap :vertical resize -3 +nmap :resize +3 +nmap :resize -3 +nmap :vertical resize +3 +nmap :vertical resize -3 +nmap :wincmd k +nmap :wincmd j +nmap :wincmd h +nmap :wincmd l +nmap :wincmd k +nmap :wincmd j +nmap :wincmd h +nmap :wincmd l +nmap :m .+1== +nmap :m .-2== +imap :m .+1==gi +imap :m .-2==gi +vmap :m '>+1gv=gv +vmap :m '<-2gv=gv +nmap :m .+1== +nmap :m .-2== +imap :m .+1==gi +imap :m .-2==gi +vmap :m '>+1gv=gv +vmap :m '<-2gv=gv +nmap << +nmap >> +imap << +imap >> +vmap < +vmap > +nmap << +nmap >> +imap << +imap >> +vmap < +vmap > +``` + +# Neovim Plugins +Vim Plug will be our plugin manager, It will handle most of the work + +We will install it system wide + + sudo mkdir /etc/xdg/nvim/autoload + sudo curl -o /etc/xdg/nvim/autoload/plug.vim https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim + +Plugins get installed locally so we have to install plugins for every user seperately, We can make it universal, but this will prevent users from adding their own plugins. With our configuration we can set global plugins for everyone and any extra plugins the user may want using their own init.vim file. + +We can add plugins to either init.vim or sysinit.vim If you want to Install for yourself or everyone respectively, they do have to be inside a special block like this. + +``` +call plug#begin() +Plug '' +Plug ''' +call plug#end() +``` + +You can use PlugUpdate to update and install all selected plugins, PlugClean te remove unselected plugins and, PlugUpgrade to update vim plug itself. + +Just add whichever plugin you think will improve your workflow, these are the ones I use. + +This plugin will add a ton of icons to Neovim, many of the following plugins will use them, but they are optional. + +``` +Plug 'kyazdani42/nvim-web-devicons' +``` + +vim-airline is a very cool plugin that gives some color to Neovim, it gives you a powerline with a ton of information, clear visual cues in which mode you are, where you are in the document, how big it is, what type it is, etc. + +``` +Plug 'vim-airline/vim-airline' +``` + +Barbar is a very nice Tab bar for Neovim, It will help you navigate your open tabs visually instead of just guessing the next or previous tab. + +``` +Plug 'romgrk/barbar.nvim' +``` + +Nvim-Tree is a directory browser, It is very handy if you want to have an overview of the files in the directory, browse and open them for editing. + +``` +Plug 'kyazdani42/nvim-tree.lua' +``` + +Be sure to add the Ctrl + T keybind + +``` +nmap :NvimTreeToggle +``` + +Also add the following to your vim.init somewhere after loading the plugins + +``` +lua require("nvim-tree").setup() +``` + +Floaterm is a simple terminal which is handy for obvious reasons. + +``` +Plug 'voldikss/vim-floaterm' +``` + +Be sure to add the Ctrl + Y keybind + +``` +nmap :FloatermNew --autoclose=2 --wintype=split --height=0.3 +``` + +Ctrl P is a great plugin that allows you to open files directly with a hotkey typing (part of) the filename you want to open and press enter to edit it directly. + +``` +Plug 'ctrlpvim/ctrlp.vim' +``` + +Be sure to add the Ctrl + F Keybind + +``` +nmap :CtrlP +``` + +Also add the following between the plugin options somewhere after the plug block + +``` +let g:ctrlp_map = '' +``` + +Undotree is a great plugin that allows you to look into your undo history see the acctual changes you made and revert to any of the previous stages of your document, You can also go forward after you went back ofcourse. + +``` +Plug 'mbbill/undotree' +``` + +Be sure to add the Ctrl + U keymap + +``` +nmap :UndotreeToggle +``` + +GitGutter is a great plugin that can show you git diffs and much much more git functionality + +``` +Plug 'airblade/vim-gitgutter' +``` + +Be sure to add the CTRL + G toggle as a keymap to your init.vim + +``` +nmap :GitGutterToggle +``` + +Nerdcommenter is a handy plugin to comment out lines or a bunch of lines with a single key. + +``` +Plug 'preservim/nerdcommenter' +``` + +Be sure to add the keymaps for Ctrl + C in normal and visual mode + +``` +nmap NERDCommenterInvert +vmap NERDCommenterInvert +``` + +Autopairs is a simple plugin to handle quotes, brackets and other pairs of characters for you. + +``` +Plug 'jiangmiao/auto-pairs' +``` + +42Header is something we need to use for school, But I made some little changes to it so it supports changing the ascii art to something like a little Tux :) + +``` +Plug 'pbondoer/vim-42header' +``` + +# Neovim LSP Config +Language Server Protocol is used for live code checking using external Language Servers + +For the scope of this guide we will set up a few languages but first we need to install the nvim-lspconfig plugin to make it all a bit easier + +Add the following line in your init.vim on a empty line inside the plug block + +``` +Plug 'neovim/nvim-lspconfig' +``` + +Run the following command to install it + + nvim +PlugUpdate +qall + +Now we can simply install language servers using pacman and add them to the init.vim file accordingly + +Lets start with Bash, simply install the language server using pacman + + sudo pacman -S bash-language-server + +Now add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.bashls.setup{} +``` + +Next up is C, Install the language server with pacman + + sudo pacman -S ccls + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.ccls.setup{} +``` + +Next up is CSS, Install the language server with pacman + + sudo pacman -S vscode-css-languageserver + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.cssls.setup{} +``` + +Next up is HTML, Install the language server with pacman + + sudo pacman -S vscode-html-languageserver + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.html.setup{} +``` + +Next up is JS, Install the language server with pacman + + sudo pacman -S deno + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.denols.setup{} +``` + +Next up is json, Install the language server with pacman + + sudo pacman -S vscode-json-languageserver + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.jsonls.setup{} +``` + +Next up is Lua, Install the language server with pacman + + sudo pacman -S lua-language-server + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.sumneko_lua.setup{} +``` + +Next up is Python, Install the language server with pacman + + sudo pacman -S pyright + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.pyright.setup{} +``` + +Next up is Rust, Install the language server with pacman + + sudo pacman -S rust-analyzer + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.rust_analyzer.setup{} +``` + +Next up is YAML, Install the language server with pacman + + sudo pacman -S yaml-language-server + +And add the language server to your init.vim file of choice + +``` +lua require'lspconfig'.yamlls.setup{} +``` + +You can add many many more, just look for nvim plugins online + +# Hotkeys +Just a simple overview of all the hotkeys you can use + +``` +a = Append, Enter Insert mode 1 character after the cursor +b = Move 1 word backwards, Works with numbers +c = Nothing +d = Delete, Deletes a character, double press it to delete the line, also works with numbers and move commands +e = Nothing +f = Find, Finds a character and jumps to that position +g = Goto, enter a line press g twice and you will jump to the line, double press it to go to the first line +h = Left, Same function as the left arrow, but closer to your hand. +i = Insert, Enter Insert mode on the cursor +j = Down, Same function as the down arrow, but closer to your hand. +k = Up, Same function as the up arrow, but closer to your hand. +l = Right, Same function as the right arrow, but closer to your hand. +m = Bookmark position, press m, then press another character to bind it to, use ' to go to the section +n = Nothing +o = Enter insert mode on a new line below the current line. +p = Paste, Pastes the buffer after the current cursor position +q = Record, Press a key after hitting q to start recording, do some stuff and press q again in normal mode to save the recording, then type @key to repeat the action, type 20@key to do it 20 times. +r = Nothing +s = Nothing +t = Nothing +u = Undo your previous action. +v = Visual mode, Switch to Visual mode to select stuff character for character. +w = Move 1 word forward, works with numbers +x = Delete character under the cursor +y = Yank, Or Copy in recent terms, press it once to copy the selection, press it twice to copy the entire line and include a number to copy that amount of line. +z = Nothing + +Shift + Arrows = Resize Splits +A = Append, Enter insert mode at the end of the line. +B = Move 1 whitespace backwards +C = Nothing +D = Delete everything on line after the cursor +E = Nothing +F = Find, Finds a character going backwards and jumps to that position +G = Move to the end of the file +H = Make split smaller horizontally +I = Nothing +J = Make split smaller vertically +K = Make split bigger vertically +L = Make split bigger horizontally +M = Nothing +N = Nothing +O = Nothing +P = Paste before cursor +Q = Enter insert mode on a new line above the current line +R = Replace Characters instead of Inserting them +S = Nothing +T = Nothing +U = Nothing +V = Visual Line mode, Select lines to edit, yank, or manipulate +W = Move 1 whitespace forward +X = Nothing +Y = Nothing +Z = Double press it to save and exit + +0 = Go to beginning of line +~ = Change case of current character +! +@ = enter @ and then type the letter of the recording made with q to play in +# = Highlight the word you are standing on in the rest of the document +$ = Go to end of line +% +^ = Go to the first character on the line +& +* +( = Jump to previous sentence +) = Jump to next sentence += +- +[ +] +{ = Navigate up a codeblock +} = Navigate down a codeblock +' = Go to bookmark saved earlier with m +" +; +: +< +> +, +. +/ search, type, press enter and press n/N to go to the next/previous result +? + +Ctrl + Arrows = Change active split +Ctrl + A = increments ints +Ctrl + B = Split window below +Ctrl + C = Comment out line or selection +Ctrl + D = Delete current buffer +Ctrl + E = Next Buffer +Ctrl + F = Find file and open it quickly +Ctrl + G = Toggle Git +Ctrl + H = Navigate around splits to the left +Ctrl + I = Nothing +Ctrl + J = Navigate around splits to below +Ctrl + K = Navigate around splits to up +Ctrl + L = Navigate around splits to the right +Ctrl + M = Toggle invisible characters +Ctrl + N = Split window next +Ctrl + O = Open new Buffer +Ctrl + P = Toggle Numberline +Ctrl + Q = Quit +Ctrl + R = Redo your previous action +Ctrl + S = Save current buffer +Ctrl + T = Toggle directory tree +Ctrl + U = Open undo history +Ctrl + V = Visual Block Mode, Select a custom block of text to manipulate +Ctrl + W = Previous Buffer +Ctrl + X = Decrements ints +Ctrl + Y = Show Terminal +Ctrl + Z = Places the application in the background + +Alt + Arrows = move line or selection +Alt + A = Nothing +Alt + B = Nothing +Alt + C = Toggle Invisible Characters +Alt + D = Nothing +Alt + E = Next Tab +Alt + F = Nothing +Alt + G = Nothing +Alt + H = Remove indent for line or selection +Alt + H = Nothing +Alt + I = Move Tab to the Right +Alt + J = Nothing +Alt + J = Move line or selection to the line below +Alt + K = Move line or selection to the line above +Alt + L = Add indent for line or selection +Alt + M = Nothing +Alt + N = Nothing +Alt + O = Open New Tab +Alt + P = Toggle Autopairs +Alt + Q = Nothing +Alt + R = Nothing +Alt + S = Nothing +Alt + T = Nothing +Alt + U = Move Tab to the Left +Alt + V = Nothing +Alt + W = Previous Tab +Alt + X = Nothing +Alt + Y = Nothing +Alt + Z = Nothing +``` + +# Pacman Hooks for Updating Plugins +It is important that we update our plugins regularly, I will add more later WIP! + +# GDB +GDB is the GNU Debugger, It is extremely powerfull, I will add this one later WIP! + +# Valgrind +Valgrind is the best memory checker I have used, I will add this one later WIP! + +# Next diff --git a/Guides/Arch/05Basics.md b/Guides/Arch/05Basics.md new file mode 100644 index 0000000..cc01b5b --- /dev/null +++ b/Guides/Arch/05Basics.md @@ -0,0 +1,232 @@ +--- +title: 05 Basic Programs +description: +published: true +date: 2023-05-03T01:59:56.725Z +tags: +editor: markdown +dateCreated: 2023-04-30T01:47:35.968Z +--- + +# Programs + +Ofcourse any of these are optional, just go trough the list and install whatever you want. + +# Installing Nextcloud +If you don't use Nextcloud, Go buy a raspberry pi now, Or build a small server if you really want to get serious in self hosting. You can also sign up at one of the many Nextcloud providers. It is a free and open source Cloud storage and syncing tool, for all your files, contacts, passwords, bookmarks, you name it, It even syncs everything with your phone, Desktop, anything really, It has some amazing features. + +To clarify, This installs the Nextcloud sync client, You will need a provider or your own Nextcloud installation on a server. + +Install the Sync Client + + sudo pacman -S nextcloud-client + +You set it up by signing in to your nextcloud account, I do not recommend using the default settings or fast setup, I would skip the automatic folder configuration and set sync manually and just link your pictures folder to your pictures folder, your documents folder to your documents folder, and whatever folder you may need, This prevents the uploading of all your files or pretty dumb file management. + +If you use Nautilus the Gnome File Manager, be sure to install this too, it will enhance your nextcloud experience with Nautilus integration. + +Install git + + sudo pacman -S git + +Clone the repository + + git clone https://aur.archlinux.org/nautilus-nextcloud.git + +Now change the directory to the just downloaded folder + + cd nautilus-nextcloud + +Now build and install the package + + makepkg -si + +Give it your password when it asks you for it and answer yes to every question. + +# Install a Graphical User Interface for Pacman +Now we are going to install pamac, Which is a front end for pacman the default package manager in Arch. + +be sure to install git if you have not done this already + + sudo pacman -S git + +Clone the repository + + git clone https://aur.archlinux.org/libpamac-aur.git + +Now change the directory to the just downloaded folder + + cd libpamac-aur + +Now build and install the package + + makepkg -si + +Give it your password when it asks you for it and answer yes to every question. + + git clone https://aur.archlinux.org/pamac-aur.git + +Now change the directory to the just downloaded folder + + cd pamac-aur + +Now build and install the package + + makepkg -si + +Give it your password when it asks you for it and answer yes to every question. + +Now we need to enable AUR support, The AUR is the Arch User Repository, Here Arch Users can upload pre compiled packages that are available for Linux but are not in the Arch repositories, Then others can just easily download it from there. + +1. Launch pamac +2. go to the settings +3. click on the AUR tab +4. Enable AUR support +5. enable checking for updates from AUR. + +You can now install any program you want from this "app store" + +# Install and Configure the Browser +First we need to install Firefox with the following command, Open it after it is done. + + sudo pacman -S firefox + +Welcome to Firefox, We can't set all settings in the application settings, we need to adjust the profile for that, You can create your own configuration over at https://ffprofile.com/. + +Now we need to extract it, and put the contents of the folder in our firefox profile folder. + +First create a new profile open firefox and go to about:profiles + +Here click on create new profile, Click next, give it a name, Be sure to make it the default profile and click on Finish. + +Now go to /home/USERNAME/.mozilla/firefox/RANDOMCHARACTERS.PROFILENAME + +Close firefox, remove all contents in the folder and then copy the contents of the downloaded archive into the current folder So in the RANDOMCHARACTERS.PROFILENAME folder should be prefs.json and the other files and folders, Don't put the FirefoxProfile folder in it but the contents of that folder. + +Start Firefox, wait a bit, close it and start it again, All extensions settings and configuration should be done :) + +# Install instant Messaging clients +Surely there are a lot of chat services, And you probably need more than 1, In that case I would recommend using Rambox or Ferdium, They have the advantage of having all web based chat services in 1 program, From Whatsapp to Discord and from IRC to Riot. + +The following steps will install Ferdium on your system + +Clone the repository + + git clone https://aur.archlinux.org/ferdium-bin.git + +Now change the directory to the just downloaded folder + + cd ferdium-bin + +Now build and install the package + + makepkg -si + +Give it your password when it asks you for it and answer yes to every question. + +Now you can open Ferdium, go to the settings, Disable every setting under general, and enable every setting under Appearance. Now you can go to services and enable any chat service you need. + +# Install Mumble +Mumble is an encrypted UDP voice chat service, you can host your own servers or use one of the many public ones to chat to your friends using the highest quality possible. + +Install it with the following command + + sudo pacman -S mumble + +If you need a good public server you can use mine on houtworm.im :) + +# Install some handy fonts +If you want to see the unicode emoticons you need to install the emoticon pack. + + sudo pacman -S noto-fonts-emoji + +# Install Transmission +If you ever download stuff, try to use Torrents where possible, you do need a Torrent Client for that and Transmission is a great one, you can install it with the following command + + sudo pacman -S transmission-gtk + +now you can use Torrents instead of overloading your favorite distros by downloading distro images over HTTP :) + +# Installing Virtualbox +Virtualbox is a Virtual Machine manager, You can run operating systems within your current operating system. This can be handy if you like to mess around with systems, want to learn more about Linux or you need proprietary software that doesn't run trough Wine. + +Install it with the following command + + sudo pacman -S virtualbox + +When you get asked a question go with the dkms option. + +# Installing Geekbench +Geekbench is a very nice benchmarking toolkit for benchmarking your CPU and GPU, It runs on almost everything, So you can compare your PC against your Phone and your Server for example :) + + git clone https://aur.archlinux.org/geekbench.git + +Now change the directory to the just downloaded folder + + cd geekbench + +Now build and install the package + + makepkg -si + +Now you should be able to benchmark your system by running the following commands, There are more beenchmarks available but these 2 are the important ones :) + +CPU + + geekbench --cpu + +GPU Vulkan + + geekbench --compute vulkan + +# Install MPD +MPD is the Media Player Daemon, It is a media player as a service that needs an mpd client to steer it. It is great for a raspberry connected to your receiver for example. I use it on my PC with Ampache installed on my server controlling it. + + sudo pacman -S mpd && systemctl --user enable mpd + +If you want media keys to work with MPD + + sudo pacman -S mpd-mpris + +# Install Audacious +Audacious is a nice smalll music player that will play about every format + +Install it with the following command + + sudo pacman -S audacious + +# Install VLC +Same thing applies for VLC is is a great Video player that will play anything from anywhere + +Install it with the following command + + sudo pacman -S vlc + +# Install Sublime +Sublime is a Subsonic music player. If you have a server somewhere I would recommend installing it. + +Simply search for sublime-music in pamac and you can install it easily :) + +# Installing OBS +OBS Studio is the go to streaming software on all platforms, Surely not everyone streams, but it is also very handy to record your screen or from other devices. + +Install it with the following command + + sudo pacman -S obs-studio + +# Installing NoiseTorch +NoiseTorch is simply amazing noise cancellation software, There could be a circus a mariachi band and a sporting event in your living room, and even when you are talking on a low volume, people on the other side will hear nothing but your voice. Truly amazing. + +We need to install it from the AUR, so go ahead and clone the repo + + git clone https://aur.archlinux.org/noisetorch.git + +change the directory + + cd noisetorch + +install the package + + makepkg -si + +Now you can find NoiseTorch in your menu, just open it configure it and load it to use it, Unload it again to stop it. diff --git a/Guides/Arch/06Office.md b/Guides/Arch/06Office.md new file mode 100644 index 0000000..4fb7fa9 --- /dev/null +++ b/Guides/Arch/06Office.md @@ -0,0 +1,54 @@ +--- +title: 06 Office +description: +published: true +date: 2023-05-03T03:40:07.296Z +tags: +editor: markdown +dateCreated: 2023-04-30T05:53:56.921Z +--- + +# Installing Libreoffice +Libreoffice is the total office package that can do everything and open anything + +Install it if you ever come across office documents. + + sudo pacman -S libreoffice-fresh + +if you need a different language than English also install the language packs you need + +Exectute the following command, be sure to replace nl with your own country letters. + + sudo pacman -S libreoffice-fresh-nl + +# Installing Spell correction +If you need spelling correction you can install Aspell or Hunspell or both + +I would suggest using Pamac for this because you can easily see what languages are available. Just open it and search for aspell or hunspell, or both. + +# Enable Printing +Surely not everyone needs this one, But if you need a printer install cups with the following command + + sudo pacman -S cups cups-pdf + +Enable the service + + sudo systemctl enable --now org.cups.cupsd.socket + +The print server should be running, you can configure it by going to http://localhost:631 and just following the wizard. + +There is a possibility you need custom drivers, In that case look for your printer in the AUR, it is very likely they are in there :) + +# Install GIMP +GIMP (GNU Image Manipulation Program) is an amazing photoshop like tool that can do about everything with images, It might be a bit overwhelming at first, but just look for tutorials if you want to accomplish a specific task. + +Install it with the following command + + sudo pacman -S gimp + +# Install Inkscape +Inkscape is also a very powerful tool, Instead of raster images it tackles vector images, Which is great for designing logos and other stuff that needs to be infinitely scaleable. + +Install it with the following command + + sudo pacman -S inkscape diff --git a/Guides/Arch/07Gaming.md b/Guides/Arch/07Gaming.md new file mode 100644 index 0000000..98e0ca5 --- /dev/null +++ b/Guides/Arch/07Gaming.md @@ -0,0 +1,277 @@ +--- +title: 07 Gaming +description: +published: true +date: 2023-05-03T05:36:10.081Z +tags: +editor: markdown +dateCreated: 2023-04-28T08:00:15.742Z +--- + +# Introduction +So if you want to play games on your machine you might want to follow this guide + +# Enable Multilib +Steam is a 32 bit application, like many of the games in its library, So to be able to install it we need to add multilib to our 64 bit system. + +Edit /etc/pacman.conf and uncomment the multilib section. + + sudo vim /etc/pacman.conf + +Remove the # in front of all the multilib section lines so that section looks like this + +``` +[multilib] +Include = /etc/pacman.d/mirrorlist +``` + +Now simply update the system to enable 32 bit applications + + sudo pacman -Syyuu + +If you are running KDE be sure to install lib32-fontconfig with the following command + + sudo pacman -S lib32-fontconfig + +# GPU Drivers +Having the right GPU drivers is imporant, else games won't run properly. + +If you have a GTX9xx or newer you need the newest drivers, If you even have an older card, manually check which driver you need: https://www.nvidia.com/Download/index.aspx?lang=en-us But install them trough the AUR. + +Nvidia +For the newest Nvidia you need these packages so install them. + + sudo pacman -S nvidia-dkms nvidia-settings nvidia-utils lib32-nvidia-utils lib32-opencl-nvidia opencl-nvidia libvdpau libxnvctrl vulkan-icd-loader lib32-vulkan-icd-loader + +AMD +you need these packages so install them if you have a AMD GPU + + sudo pacman -S mesa lib32-mesa mesa-vdpau lib32-mesa-vdpau lib32-vulkan-radeon vulkan-radeon glu lib32-glu vulkan-icd-loader lib32-vulkan-icd-loader + +Now update and reboot + + sudo pacman -Syu && sudo reboot + +If you use Gnome or GDM with Nvidia you might need to disable Wayland, This is not always the case, But I include it here just in case, If your System won't reboot you can try this + + sudo vim /etc/gdm/custom.conf + +Remove the # in front of the #WaylandEnable=false line and it should force Xorg. + +# Feral Gamemode +Gamemode puts all your hardware in performance mode, it fixes some common problems and it just sounds cool :P + +Gamemode is in the repos these days, so simply run the following command to install gamemode. + + sudo pacman -S gamemode lib32-gamemode + +Now that it is installed we need to enable the service with this command + + systemctl --user enable gamemoded && systemctl --user start gamemoded + +To use gamemode for supertuxkart for example, run this terminal + + gamemoderun supertuxkart + +To use it in Steam edit the launch option for the desired game to + + gamemoderun %command% + +# Nvidia Improvements +Nvidia users might want to enable all options listed here to improve performance in games + +Force Full Composition Pipeline avoids screen tearing by letting the GPU do all the scaling. +Triple Buffer avoids stuttering gameplay It allows for a stream of data instead of chunks of data. +IndirectGLXProtocol forces the game to directly communicate with the Nvidia drivers. +Coolbits enables your card to be overclocked which gamemode will make use of. + +Create a Xorg Config file: + + sudo nvidia-xconfig + +Move it to the right directory: + + sudo mv /etc/X11/xorg.conf /etc/X11/xorg.conf.d/20-nvidia.conf + +Edit the file with the following command + + sudo nano /etc/X11/xorg.conf.d/20-nvidia.conf + +Add in these lines under the "Device" section between the other options + +``` +Option "TripleBuffer" "on" +Option "Coolbits" "28" +``` + +Add in these lines under the "Screen" section between the other options. +Don't add the ForceFullCompositionPipeline line if you want Gsync + +``` +Option "metamodes" "nvidia-auto-select +0+0 {ForceCompositionPipeline=On, ForceFullCompositionPipeline=On}" +Option "AllowIndirectGLXProtocol" "off" +``` + +Try this one with risk, It will be sure to crash GNOME, I am not sure about other DEs + +just add it to the end of the file + +``` +Section "Extensions" + Option "Composite" "Disable" +EndSection +``` + +If you run into any problems, just hit CTRL ALT F3 to switch to a different tty login, run the command to edit the file again and put a # in front of the options that are giving you trouble and reboot + +Alternatively you can just completely remove the file with the following command and reboot + + sudo rm /etc/X11/xorg.conf.d/20-nvidia.conf + +# Libstrangle +Libstrangle is a tool that helps you control framerates but also vsync settings. This is especially handy for games that do not support these features, You would like to half your framerate to make it run better save some power or just give your hardware a break. + +Install it with the following command + + git clone https://aur.archlinux.org/libstrangle.git && cd libstrangle && makepkg -si && cd + +Libstrangle can be used in multiple ways depending on what you want to achieve. + +To use libstrangle you can simply type strangle and then the amount of frames you want to run. There are some examples below, But the features you will probably use are Vsync which you use by using the -v option, the rules for OpenGL and Vulkan are different, Here is what each number does for the different apis. + +OpenGL 0 Force off, 1 Force on, n - Sync to refresh rate +Vulkan 0 Force off, 1 Mailbox mode, 2 Traditional vsync, 3 Adaptive vsync + +You can also limit the game depending on the power state of your device, Set it to 60 while charging and on 30 while discharging for example. You do this by adding a second number right after a colon. in example, strangle 60:30. There are more features but they are not that commonly used, you can check the gitlab link above or simply type strangle -h for more information. + +To limit the framerate of supertuxkart to 30 simply run + + strangle 30 supertuxkart + +To Force enable vsync on 60 fps for an OpenGL Steam game set the launch option to + + strangle -v 1 60 %command% + +To set the framerate of a vulkan game on Steam to 120 fps but 60 on battery power with adaptive vsync set this as your launch command + + strangle -v 3 120:60 %command% + +# Mangohud +Mangohud is a monitoring tool for Vulkan and OpenGL applications. It can show CPU and GPU usage, temps, But also framerates, frametimes and a lot more. + +Install it with the following command + + git clone https://aur.archlinux.org/mangohud.git && cd mangohud && makepkg -si && cd + +Don't forget about the 32bit version + + git clone https://aur.archlinux.org/lib32-mangohud.git && cd lib32-mangohud && makepkg -si && cd + +To configure it with a GUI you can check out GOverlay below. For a manual configuration you can edit + + ~/.config/MangoHud/MangoHud.conf + +If you want exactly my configuration you can just copy this into it without the need for GOverlay. + +``` +background_alpha=0.3 +font_size=20 +background_color=020202 +text_color=ffffff +position=top-right +no_display +toggle_hud=F11 +cpu_stats +cpu_temp +cpu_color=007AFA +gpu_stats +gpu_temp +gpu_color=00BD00 +ram +ram_color=B3000A +vram +vram_color=00801B +io_read +io_write +io_color=B84700 +arch +engine_color=B200B0 +frame_timing=1 +frametime_color=00ff00 +#output_file=/home/houtworm/mangohud_log_ +#fps_limit 120 +#media_player +#toggle_logging=F10 +``` + +You can tweak all the little things you want here. You can also create different configurations per game by adding a MangoHud.conf file to the game directory. + +To use it for any game change its launch option to + + mangohud %command% + +To use it with non Steam games use the following command + + mangohud supertuxkart + +Some games might need the 32 bit version, try this if the normal command fails. + + mangohud.x86 %command% + +# VKBasalt +VKBasalt is a post processing layer for Vulkan which enables you to enhance graphics further. It only works with Vulkan, This includes all Proton games. + +Install it with the following command + + git clone https://aur.archlinux.org/vkbasalt.git && cd mangohud && makepkg -si && cd + +To configure it first you need to create a config file, Run the following command to copy the example to a folder you can edit as the user. + + mkdir ~/.config/vkBasalt && cp /usr/share/vkBasalt/vkBasalt.conf.example ~/.config/vkBasalt/vkBasalt.conf + +You can tweak all the little things you want here. You can also create different configurations per game by adding a vkBasalt.conf file to the game directory. + +To use VKBasalt for any particular game enter this as a launch option. + + ENABLE_VKBASALT=1 %command% + +You can also start non Steam games this way by typing the following command + + ENABLE_VKBASALT=1 supertuxkart + +# GOverlay +GOverlay is a Graphical User Interface for managing MangoHud and VKBasalt + + git clone https://aur.archlinux.org/vkbasalt.git && cd vkbasalt && makepkg -si && cd + +mesa-demos and vulkan-tools are optional, You need them if you want to show the previews. +Install them with the following command + + sudo pacman -S mesa-demos vulkan-tools + +# AOC Compiler +WIP! + +# fsync +WIP! + +# Freesync +WIP! + +# Gsync +WIP! + +# Monitor switching hotkey +WIP! + +# disabling composition +WIP! + +# Open Joystick Display +WIP! + +# Gamescope +WIP! + +# Using a separate special gaming DE at login +WIP! \ No newline at end of file diff --git a/Guides/Arch/08Emulation.md b/Guides/Arch/08Emulation.md new file mode 100644 index 0000000..7e71223 --- /dev/null +++ b/Guides/Arch/08Emulation.md @@ -0,0 +1,122 @@ +--- +title: 08 Emulation +description: +published: true +date: 2023-05-03T05:51:51.261Z +tags: +editor: markdown +dateCreated: 2023-05-03T03:45:54.593Z +--- + +# Emulation +If you want to play console games on your system you need some emulators, If you only want to play Windows PC games you can just scroll down to the Steam Play section. + +# RetroArch +WIP! + +# Dolphin +WIP! + +# Yuzu +WIP! + +# Duckstation +WIP! + +# PCSX2 +WIP! + +# RPCS3 +WIP! + +# Flycast +WIP! + +# Xemu +WIP! + +# Steam Rom Manager +WIP! + +# Steam Play +Steam Play Compatibility Tools are great for running Steam games that do not work natively on your system. Of course there is no guarantee games will work, But it certainly boosts the list of playable games on Steam for Linux. You can run Windows games or DOS games on Linux, You can even run Linux games that fail to run when you start them normally. + +First up we need to enable Steam Play in the Steam settings, + +1. Click on Steam in the top bar +2. Click on Settings +3. Select the Steam Play tab on the right +4. Enable "Enable Steam Play for supported Titles" + +You can optionally enable the second box to enable Steam Play automatically for all games in your library, I would not recommend this because It breaks the Native Linux filtering tool. + +Now Save and Steam will restart, To actually use it now we need to force it for each game we want to play, + +1. Right click the game you want to run using Steam Play +2. Click Properties +3. Click on the Compatibility tab on the right +4. Enable "Force the use of a specific Steam Play compatibility tool" +5. Select the Steam Play Compatibility tool that you want to use + +Below I will list all Steam Play Compatibility tools out there, describe what they do and how to install them. + +## Proton +This is Valves own fork of Wine, It will be installed automatically if you select it as the tool of choice in any games properties. Proton should be the go to tool if you want to play Windows games. + +## ProtonDB +protondb.com is a Proton DataBase, Here anyone can report how well games run for them with Proton, It creates some nice stats and it is a useful place to check which games you will be able to play. + +I would also urge everyone to report the games you have played, It helps a lot. Good or bad, even if there are already hundreds of reports. Also check out this Curator who lists Platinum rated games. + +## Proton Github +The Proton Github is where you can report problems with games, It probably won't get fixed because of it, but it is good to let everyone know there is interest, and who knows maybe the community finds a fix together. + +## Protontricks +Winetricks is a tool that helps you set certain tweaks to Wine to help make programs run or run better. Protontricks is just a simple wrapper which deals with proton directories in a manageable way. + +Install it with the following command + +WIP! + +Now you should be able to execute protontricks commands in your terminal, If a listing on ProtonDB works by using a certain protontricks command you can make the adjustment pretty easily + +## Proton GE +Proton GE is a fork of proton by Glorious Eggroll, That's where the GE comes from. It fixes a lot of game specific bugs, so if your game does not work with Proton, You can always try this one. + +Install it with the following command + +WIP! + +Now you should be able to restart steam and the compatibility tool should show up in the game properties when you enable Force the use of a specific Steam Play compatibility tool. + +## Boxtron +Boxtron is a tool to run DOS games with DOSBox right from the Steam Client, This fixes some broken DOS games on the Steam Store, and it enhances the performance for most. You can check this Curator for supported games + +Install it with the following command + +WIP! + +Now you should be able to restart steam and the compatibility tool should show up in the game properties when you enable Force the use of a specific Steam Play compatibility tool. + +## Roberta +Roberta is a tool to run SCUMM games with ScummVM right from the Steam Client, This Enables you to play some Windows ports on the Steam Store with a Native Linux Engine. which greatly improves everything ofcourse. Also check out this Curator that lists compatible games. + +Install it with the following command + +WIP! + +Now you should be able to restart steam and the compatibility tool should show up in the game properties when you enable Force the use of a specific Steam Play compatibility tool. + +## Luxtorpeda +Luxtorpeda is a tool that makes Windows only games run natively running the game with the official game assets using open source engines like OpenMW, OpenXcom, GZDoom and much more. + +Install it with the following command + +WIP! + +Now you should be able to restart steam and the compatibility tool should show up in the game properties when you enable Force the use of a specific Steam Play compatibility tool. + +## Steam Linux Runtime +Steam Linux Runtime is a container for your native Linux games, it will use more of Steams own libraries instead of the ones from your system. If a game does not run normally you could try this one. + +Steam Linux Runtime has a few advantages for users; Games can not access your home directory, they are isolated in their own little container. It can help support older games that don't work on newer systems. For developers it creates a single runtime they can test against. \ No newline at end of file diff --git a/Guides/Arch/09Hardware.md b/Guides/Arch/09Hardware.md new file mode 100644 index 0000000..88ce52b --- /dev/null +++ b/Guides/Arch/09Hardware.md @@ -0,0 +1,126 @@ +--- +title: 09 Special Hardware +description: +published: true +date: 2023-05-03T05:35:30.253Z +tags: +editor: markdown +dateCreated: 2023-05-03T03:44:22.001Z +--- + +# Programmable Mouse +If you have a mouse with profiles or adjustable DPI, there is a chance it is supported by Piper, If you are in doubt you can simply try it and remove Piper if it doesn't work + +install it with the following command + + sudo pacman -S piper + +Now open the program and check if it detects your mouse + +# BlackMagic Capture Cards +WIP! + +# Xbox One Controller +## Xpad +xpad works great, is the default on modern Linux distros and supports a wide range of controllers + +For Bluetooth to work with xpad and the Xbox One controllers you need to disable ertm (This is not needed for xpadneo) + +create the config file + + sudo vim /etc/modprobe.d/xbox_bt.conf + +Add the following line to the document and save and exit with CTRL + X. + +``` +options bluetooth disable_ertm=1 +``` + +## Xpadneo +xpadneo is a better driver for xbox one controllers if you use bluetooth, It enables vibration and even the vibration inside the triggers, It supports battery level indication, It also fixes the mapping in many many games that where previously unplayable with a Xbox One controller on Linux. + +Install the dependencies + + sudo pacman -S dkms bluez bluez-utils + +Install xpadneo from the AUR + + git clone https://aur.archlinux.org/xpadneo-dkms-git.git && cd xpadneo-dkms-git && makepkg -si + +Now you should be able to reboot and it should be all good, Having the controllers vibrate for a second when connected is a good indicator that it works. + +## Xow +Xow is a better driver for xbox one controllers if you use the official wireless controller dongle from Microsoft, I don't own one so I can't test anything I would write here, So I just don't, I do mention it in case you have one. + +# Racing Wheels +Racing wheels should work out of the box on Linux, Including Force Feedback, Shifters, pedals and most things you can throw at it. But if you like to fine tune some things you may need some software. This is mostly not even the case, I played a long time just using the default kernel drivers, But some of these tools might come in very handy if you play different games, with different settings or with unsupported wheels. + +## Oversteer +Oversteer will enable a few cool things like Turning Degree and Lock if the game you want to play doesn't support it. It also enables you to set profiles for games and gives you compatibility modes so that you can play older games that expect a G27 for example. + +Install it with the following command + + git clone https://aur.archlinux.org/oversteer.git && cd oversteer && makepkg -si + +You can open the program now and check some things out. + +## lg4ff +lg4ff is a kernel module for steering wheels which enables you to adjust the lights on a G29 for example, It also allows you to fine tune and even amplify the Force Feedback, Aplify it on your own risk tho, I already wrecked a G29, The inner housing broke, don't worry about it overheating or anything. + +Install it with the following command + + git clone https://aur.archlinux.org/new-lg4ff-dkms-git.git && cd new-lg4ff-dkms-git && makepkg -si + +# Handbrake +Handbrakes are not that common sadly, You can purchase an expensive one from Fanatec, buy one from Aliexpress or create your own. + +If you use a Fanatec Handbrake You just need to add a few lines with the correct ProductID and VendorID to the inputdevices.json file of the game. For Feral games it will be located in the installation folder under the /Share directory. Just add the folllowing lines with the correct ProductID and VendorID before the last ] of the file. These Product and Vendor IDs are for a Arduino Leonardo. You can find the right Product and Vendor IDs by typing lsusb -v in a terminal when the device is connected. + +``` +{ +"Name": "Handbrake", +"VendorID": "0x2341", +"ProductIDs": [ +"0x8036" +], +"Category": "Wheel", +"Type": "UnknownWheel" +} +``` + +If you made your own or bought a complete handbrake sim set from Aliexpress or Ebay and it is not working properly follow the following instructions. + +Download this little zip file, It includes inputdevice.json files for Dirt Rally and Dirt 4, It also includes the Arduino Sketch, The Joystick Library and a little readme file. + +https://houtworm.cloud/s/ksrijLyYseQPFKx + +We will need arduino installed on our system + + sudo pacman -S arduino + +Copy the Joystick folder in the Joystick master zip file to the Arduino libraries folder which is located in ~/Arduino/libraries + +Open Arduino and replace all text with this content + +``` +#include + +const int potPin = A0; +Joystick_ Joystick; + +void setup() { + Joystick.begin(); +} + +void loop() { + int rawValue = analogRead(potPin); + int value = 255 - map(rawValue, 750, 1023, 0, 255); + Joystick.setXAxis(value); +} +``` + +Make sure you put the right Arduino model and the right USB port in tools, Then click on Verify and if it succeeds press Upload to flash it to the Arduino. + +If needed you can adjust the values (rawValue, 750, 1023, 0, 255). These may be different depending on how you built it + +Now the Arduino is a functional Handbrake in Racing games :) \ No newline at end of file diff --git a/Guides/Arch/10Maintenance.md b/Guides/Arch/10Maintenance.md new file mode 100644 index 0000000..f5e9f51 --- /dev/null +++ b/Guides/Arch/10Maintenance.md @@ -0,0 +1,34 @@ +--- +title: 10 Maintenance +description: +published: true +date: 2023-05-01T23:56:42.614Z +tags: +editor: markdown +dateCreated: 2023-04-30T01:47:46.929Z +--- + +# Cleaning up and maintaining the system +Lastly we are going to clean up a bit, We left a lot of mess in your home directory during in the few hours, You can remove all the folders we used for installing the AUR packages, like pamac-aur, nautilus-nextcloud, numix-square-icons, etc + +To maintain your system all you have to do is update it, you can run the following command to update your entire system. + + sudo pacman -Syu + +If you followed the complete guide and installed Pamac, you can just use pamac to update all packages on your system including the ones from the AUR. + +You don't have to update every day, You can ofcourse, But if you want to update every week or every 2 weeks that is fine too, I do think the sweet spot is between 3 days and a week. Unless you don't use the device I would not wait longer than a month with updates, some of the updates are pretty important for the security of the device, Which is the main reason why you MUST update. + +You can also remove orphaned packages every once in a while with the following command + + sudo pacman -Rnsc $(pacman -Qqdt) + +You do this in pamac by going to the installed tab, then click on orphans and then select all to remove them. + +I would be careful with executing commands from the internet, especially the sudo command, It is extremely powerful, You could mess up everything with many simple commands. + +If you need extra software, always try the repos first! Nothing wrong with needing something from the AUR, but try to keep it to a minimum, and regularly check the "Foreign Packages" under installed in Pamac to check what AUR packages are still installed, If you see anything you don't recognize, try to remove it, If it is a dependency Pamac will warn you and you can always cancel. + +I would recommend against Installing software from git, web, trough scripts, make, curl, wget, etc. Don't unless you absolutely need it and know what you are doing, But by that time I would recommend to just add it to the AUR yourself. + +I would also recommend keeping your home directory nice and orderly. \ No newline at end of file diff --git a/Guides/Docker/00Intro.md b/Guides/Docker/00Intro.md new file mode 100644 index 0000000..12e2deb --- /dev/null +++ b/Guides/Docker/00Intro.md @@ -0,0 +1,25 @@ +--- +title: 00 Introduction +description: +published: true +date: 2023-05-03T03:38:56.954Z +tags: +editor: markdown +dateCreated: 2023-05-03T03:35:52.042Z +--- + +# Introduction + +This guide assumes you followed my Arch Server guide therefore it will expect you already have basic knowledge about the programs we are using, have fail2ban configured and you have a storage cluster mounted to /data. + +If you did not follow my complete Arch Server guide you should do a few things +1. set up fail2ban +make sure fail2ban talks to your firewall properly and test that people actually get banned +2. adjust the storage locations +Either mount your storage cluster/disk to /data or adjust the storage location in every docker compose file in the guide. +3. basic knowledge about linux, docker, fail2ban and networking +You should not execute commands or insert configuration you don't understand, so be sure to read up. + +The guide should be pretty straightforward, And all the guides are optional, so only install what you will actually use. Most services will require a reverse proxy and a database so that's why we start with them, But you should again only install them if you need them. + +Take your time and if you run into any problems be sure to leave a comment :) \ No newline at end of file diff --git a/Guides/Docker/01Nginx.md b/Guides/Docker/01Nginx.md new file mode 100644 index 0000000..8d68a45 --- /dev/null +++ b/Guides/Docker/01Nginx.md @@ -0,0 +1,145 @@ +--- +title: 01 Nginx +description: +published: true +date: 2023-05-03T03:18:59.950Z +tags: +editor: markdown +dateCreated: 2023-05-03T01:58:59.345Z +--- + + +# Install and Configure Nginx +eNGINe X is a very powerful webserver, It can do many things and is highly configurable. + +We will use it as a reverse proxy to forward requests to the correct container. + +Create some folders in your home directory + + mkdir -p ~/docker/nginx + +Now create a docker compose file in that directory + + vim ~/docker/nginx/docker-compose.yml + +Add in the following text + +``` +version: '3' + +services: + nginx: + image: nginx:latest + container_name: nginx + restart: always + volumes: + - /data/nginx/config:/etc/nginx + - /data/nginx/log/error.log:/var/log/error.log + - /data/nginx/log/access.log:/var/log/access.log + - /etc/letsencrypt/:/etc/letsencrypt/ + - /etc/localtime:/etc/localtime:ro + ports: + - 80:80 + - 443:443 +``` + +First we need to create a folder for the configuration + + sudo mkdir -p /data/nginx/config + +We need to add the nginx configuration file + + sudo vim /data/nginx/config/nginx.conf + +Add in the following text + +``` +# Global Settings +user nginx; +pid /var/run/nginx.pid; +worker_processes auto; +worker_rlimit_nofile 65535; + +events { + multi_accept on; + worker_connections 1024; +} + + +# Web Traffic +http { + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + error_log /var/log/error.log warn; + access_log /var/log/access.log; + proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m; + types_hash_max_size 2048; + types_hash_bucket_size 64; + client_max_body_size 16M; + client_body_buffer_size 16M; + client_header_buffer_size 16M; + large_client_header_buffers 2 16M; + + # MIME + default_type application/octet-stream; + + # Limits + limit_req_log_level warn; + limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m; + + # SSL + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_stapling on; + ssl_stapling_verify on; + + # Services + include /etc/nginx/services/*.active; +} +``` + +Nginx should be good now, lets start the container + + sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d + +We will create 2 folders for future use auth is for password protected services and services is where nginx will look for server configuration + + sudo mkdir -p /data/nginx/config/services && sudo mkdir -p /data/nginx/config/auth + +Now we only need to setup fail2ban for Nginx, so create the following file + + sudo vim /etc/fail2ban/filter.d/nginxx.local + +add in the following content + +``` +[INCLUDES] +before = common.conf + +[Definition] +failregex = ^.*"(GET|POST).*" (400|401|403|404|405|406|407|423|429) .*$ +``` + +This will ban everyone getting any of the error codes in the failregex line. + +Now we need to activate the filter in our main fail2ban configuration file + + sudo vim /etc/fail2ban/jail.local + +Add the following to the bottom + +``` +## Nginx +[nginxx] +enabled = true +logpath = /data/nginx/log/access.log +``` + +Restart fail2ban to make the changes take effect + + sudo systemctl restart fail2ban \ No newline at end of file diff --git a/Guides/Docker/02Mariadb.md b/Guides/Docker/02Mariadb.md new file mode 100644 index 0000000..fe67a6d --- /dev/null +++ b/Guides/Docker/02Mariadb.md @@ -0,0 +1,280 @@ +--- +title: 02 Mariadb +description: +published: true +date: 2023-07-14T17:31:21.541Z +tags: +editor: markdown +dateCreated: 2023-05-03T01:58:45.617Z +--- + +# MariaDB +MariaDB is a drop in replacement for MySQL, which is a database used by many services. + +First we create some folders + + mkdir -p ~/docker/mariadb + +First we will create a docker compose file + + vim ~/docker/mariadb/docker-compose.yml + +Add in the following text + +``` +version: '3' + +services: + mariadb: + image: mariadb:latest + container_name: mariadb + restart: always + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed + volumes: + - /data/mariadb/data:/var/lib/mysql + - /data/mariadb/config:/etc/mysql/conf.d + - /data/mariadb/logs:/var/log/mysql + - /etc/localtime:/etc/localtime:ro + + environment: + - MYSQL_ROOT_PASSWORD=SETAMYSQLROOTPASSWORDHERE +``` + +Be sure to set your mysql root password + +Mariadb should be good now, lets start the container + + sudo docker-compose -f ~/docker/mariadb/docker-compose.yml up -d + +Now we only need to initialize the database + + sudo docker exec -it mariadb mariadb-secure-installation + +Answer the first 3 questions with No and the rest with Yes + + +You can get into the database with the following command (only if mariadb is running) + + sudo docker exec -it maridb mysql -p + +Enter the Mysql root password you provided during the creation of the mariadb container and you should be in. + +Here you can create databases with the following command + + create database DATABASENAME; + +Create a user with + + create user USERNAME@'LOCALIP' identified by 'USERPASSWORD'; + +Give privileges to a user on a database with + + grant all privileges on DATABASENAME.* to USERNAME@'LOCALIP'; + +And Flush the privileges with + + flush privileges; + +You can exit the mysql prompt with `exit;` and then pressing enter. + +# PHPMyAdmin +Is a database manager for Mysql/MariaDB, it can be handy to manage the database with a GUI, Only install it if you need it, It is not needed for MariaDB to function at all. + +First we start with a project folder + + mkdir -p ~/docker/phpmyadmin + +Now we create a docker-compose file + + vim ~/docker/phpmyadmin/docker-compose.yml + +Paste in the following text + +``` +version: '3' + +networks: + phpmyadmin: + external: true + name: phpmyadmin + +services: + phpmyadmin: + image: phpmyadmin + container_name: phpmyadmin + restart: always + volumes: + - /data/phpmyadmin/config.inc.php:/var/www/html/config.inc.php:ro + networks: + phpmyadmin: + ipv4_address: 172.20.72.10 + environment: + - PMA_ARBITRARY=1 +``` + +Now we are going to create the phpmyadmin config folder. + + sudo mkdir /data/phpmyadmin + +Next we are going to create a config file + + sudo vim /data/phpmyadmin/config.inc.php + +Paste in the following text + +``` + 'https', +``` + +Nextcloud requires some tasks to be executed every 5 minutes, for that we are going to use systemd timers, like we did for certbot + +Create a little script + + vim ~/scripts/nextcloudcron.sh + +add in the following content + +``` +#!/bin/bash + +docker exec -u 33 -t nextcloud php -f /var/www/html/cron.php +exit +``` + +Create a systemd service + + sudo vim /etc/systemd/system/nextcloudcron.service + +Add in the following content + +``` +[Unit] +Description=Runs Nextcloud Cron +Wants=nextcloudcron.timer + +[Service] +Type=oneshot +ExecStart=/bin/bash /home/USERNAME/scripts/nextcloudcron.sh + +[Install] +WantedBy=multi-user.target +``` + +Create a timer file + + sudo vim /etc/systemd/system/nextcloudcron.timer + +and add in the following content + +``` +[Unit] +Description=Runs Nextcloud Cron +Requires=nextcloudcron.service + +[Timer] +Unit=cron5.service +OnBootSec=5min +OnUnitActiveSec=5min + +[Install] +WantedBy=timers.target +``` + +Finally start the timer + + sudo systemctl enable --now nextcloudcron.timer + +Nextcloud should be all good and ready to go, You can check the persistance by completely deleting all containers and all volumes, When you start it again all your stuff should still be there :) + +Nextcloud has its own Brute force protection, but we still are going to add a fail2ban filter because we want attackers to be banned from all services and not just nextcloud. + +So lets create a new nextcloud filter + + sudo vim /etc/fail2ban/filters.local + +add in the following content + +``` +[Definition] +failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ +``` + +Now add the filter to your main fail2ban config file + + sudo vim /etc/fail2ban/jail.local + +Add the following to the end of the file + +``` +## Nextcloud +[nextcloud] +filter = nextcloud +enabled = true +logpath = /data/nextcloud/data/nextcloud.log +``` + +restart fail2ban to make it take effect + + sudo systemctl restart fail2ban \ No newline at end of file diff --git a/Guides/Docker/05Smarthome.md b/Guides/Docker/05Smarthome.md new file mode 100644 index 0000000..d3b8173 --- /dev/null +++ b/Guides/Docker/05Smarthome.md @@ -0,0 +1,18 @@ +--- +title: 05 Smarthome +description: +published: true +date: 2023-05-03T03:00:28.766Z +tags: +editor: markdown +dateCreated: 2023-05-03T02:09:20.637Z +--- + +# Home Assistant +WIP! + +# Mosquitto +WIP! + +# Frigate +WIP! \ No newline at end of file diff --git a/Guides/Docker/06Media.md b/Guides/Docker/06Media.md new file mode 100644 index 0000000..1190f86 --- /dev/null +++ b/Guides/Docker/06Media.md @@ -0,0 +1,159 @@ +--- +title: 06 Media +description: +published: true +date: 2023-05-03T03:01:17.550Z +tags: +editor: markdown +dateCreated: 2023-05-03T01:58:51.186Z +--- + +# Ampache +Ampache is a music server, Kind of like your own self hosted Spotify. It supports practically everything, from podcasts, to several music streaming protocols, transcoding, It even has a web player, music management, ratings and smart playlists. It truly is amazing. + +First we need to create a network for the service. + +sudo docker network create --subnet=172.31.0.0/16 ampache + +Add the ampache network to the mariadb and nginx compose files + +~/docker/mariadb/docker-compose.yml + ampache: + ipv4_address: 172.31.0.30 + + ampache: + external: true + name: ampache + +~/docker/nginx/docker-compose.yml + ampache: + ipv4_address: 172.31.0.20 + + ampache: + external: true + name: ampache + +Be sure to add them to the correct places, under the 2 networks: tags 1 under service and the other stands alone. Take a look at the nextcloud example. + +Now simply restart the containers to make it take effect + +sudo docker-compose -f ~/docker/nginx/docker-compose.yml restart +sudo docker-compose -f ~/docker/mariadb/docker-compose.yml restart + +Next we are going to create some folders + +mkdir -p ~/docker/ampache + +Now create a compose file for Ampache + +nano ~/docker/ampache/docker-compose.yml + +Add in the following text + +version: '3' + +services: + ampache: + image: ampache/ampache:latest + container_name: ampache + restart: always + volumes: + - /data/ampache/config:/var/www/config + - /data/ampache/log:/var/log/ampache + - /data/music:/media + networks: + ampache: + ipv4_address: 172.31.0.10 + +networks: + ampache: + external: true + name: ampache + ipam: + config: + - subnet: 172.31.0.0/16 + +Now we need to add in the server blocks to the Nginx config file so open te file + +sudo nano /data/nginx/nginx.conf + +And add in the following blocks within the html block + + server { + server_name example.com; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + client_max_body_size 100M; + autoindex off; + + location / { + proxy_pass http://ampache:80; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header Host $http_host; + proxy_max_temp_file_size 0; + proxy_redirect off; + + if ( !-d $request_filename ) { + rewrite ^/rest/(.*).view$ /rest/index.php?action=$1 last; + rewrite ^/rest/fake/(.+)$ /play/$1 last; + } + + rewrite ^(.*) $1 break; + rewrite ^/play/ssid/(.*)/type/(.*)/oid/([0-9]+)/uid/([0-9]+)/client/(.*)/player/(.*)/name/(.*)$ /play/index.php?ssid=$1&type=$2&oid=$3&uid=$4&client=$5&player=$6&name=$7 last; + } + } + + server { + listen 80; + server_name houtworm.vip; + return 301 https://houtworm.vip$request_uri; + } + +Be sure to place it correctly, don't put it inside other server blocks. but it under the other server blocks. + +Now we are going to start the container. + +sudo docker-compose -f ~/docker/ampache/docker-compose.yml up -d + +Now we need to give the right permissions to the ampache config folder so run the following command + +sudo chown -R 33:33 /data/ampache/config + +Ampache should be accessable from your browser using the domain you chose, But first we need to create a database, user and set the permissions. + +You can get into the database with the following command (only if mariadb is running) + +sudo docker exec -it mariadb mysql -p + +Enter the Mysql root password you provided during the creation of the mariadb container and you should be in. + +Now run the following commands to create a database, create a user with privileges, and make them take effect. + +create database ampache; +create user ampache@'%' identified by 'set your ampache database password here'; +grant all privileges on ampache.* to ampache@'%'; +flush privileges; + +You can exit the mysql prompt with exit; and then pressing enter. + +Now we just need to go to example.com and follow the steps + +The Database is ampache, the user is ampache, The hostname is 172.31.0.30 and the password is what you gave it. uncheck create database and click on inject database. + +Next you leave web path empty and simply click on generate config file + +One last step is forcing HTTPS, else it will give problems since we are running from behind a proxy + +sudo nano /data/ampache/config/config.php + +Uncomment the following line + +force_ssl = "true" + +Now Ampache should be all ready to go + +# Jellyfin +WIP! \ No newline at end of file diff --git a/Guides/Docker/07Pirate.md b/Guides/Docker/07Pirate.md new file mode 100644 index 0000000..5cf492b --- /dev/null +++ b/Guides/Docker/07Pirate.md @@ -0,0 +1,33 @@ +--- +title: 07 Pirate +description: +published: true +date: 2023-05-03T06:02:24.470Z +tags: +editor: markdown +dateCreated: 2023-05-03T02:09:07.436Z +--- + +# Pirating +WIP! + +# Transmission +WIP! + +# Nzbget +WIP! + +# Lidarr +WIP! + +# Sonarr +WIP! + +# Radarr +WIP! + +# Prowlarr +WIP! + +# Bazarr +WIP! \ No newline at end of file diff --git a/Guides/Docker/08Matrix.md b/Guides/Docker/08Matrix.md new file mode 100644 index 0000000..6377ea3 --- /dev/null +++ b/Guides/Docker/08Matrix.md @@ -0,0 +1,318 @@ +--- +title: 08 Matrix +description: +published: true +date: 2023-05-03T06:04:33.804Z +tags: +editor: markdown +dateCreated: 2023-05-03T01:58:48.449Z +--- + +# Matrix +WIP! + +# Conduit +WIP! + +# Synapse +Synapse is a Matrix server, It can be used for all sorts of things, but it is mainly used for private communication. I can certainly recommend it. + +First we need to create a network + +sudo docker network create --subnet=172.32.0.0/16 synapse + +Now create the folder for the project + +mkdir -p ~/docker/synapse + +Now create the compose file + +nano ~/docker/synapse/docker-compose.yml + +Add in the following text + +version: '3' + +services: + synapse: + image: matrixdotorg/synapse:latest + container_name: synapse + restart: always + volumes: + - /data/synapse:/data + networks: + synapse: + ipv4_address: 172.32.0.10 + +networks: + synapse: + external: true + name: synapse + ipam: + config: + - subnet: 172.32.0.0/16 + +Now we need to create the database user, database and set the privileges First the user + +sudo docker exec -it -u postgres postgres psql +create user synapse with encrypted password 'set your synapse user password here'; +exit; + +Now the database + +sudo docker exec -it -u postgres postgres bash +createdb --encoding=UTF8 --locale=C --template=template0 --owner=synapse synapse +exit + +And finally the permissions + +sudo docker exec -it -u postgres postgres psql +grant all privileges on database synapse to synapse; +exit; + +Now we need to run the synapse config generation + +sudo docker run -it --rm -v "/data/synapse:/data" -e SYNAPSE_SERVER_NAME=example.com -e SYNAPSE_REPORT_STATS=yes matrixdotorg/synapse:latest generate + +Now we are going to adjust the config file a bit + +sudo nano /data/synapse/homeserver.yaml + +Here we comment in the sqlite database and uncomment the postgres settings so it looks like this + +database: + name: psycopg2 + txn_limit: 10000 + args: + user: synapse + password: the password you set for the synapse user + database: synapse + host: 172.32.0.30 + port: 5432 + cp_min: 5 + cp_max: 10 +#database: +# name: sqlite3 +# args: +# database: /data/homeserver.db + +We can now start the synapse container + +sudo docker-compose -f ~/docker/synapse/docker-compose.yml up -d + +Now we need to add nginx to the synapse network (notice we already added synapse to postgres) + +nano ~/docker/nginx/docker-compose.yml + +Add the following bits in the correct place + + - 8448:8448 + + synapse: + ipv4_address: 172.32.0.20 + + synapse: + external: true + name: synapse + +Now we finally add the server block to the nginx config file + +sudo nano /data/nginx/nginx.conf + +Add in the following block + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + + # For the federation port + listen 8448 ssl http2 default_server; + listen [::]:8448 ssl http2 default_server; + + server_name example.com; + + location ~ ^(/_matrix|/_synapse/client) { + # note: do not add a path (even a single /) after the port in `proxy_pass`, + # otherwise nginx will canonicalise the URI and cause signature verification + # errors. + proxy_pass http://synapse:8008; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + + # Nginx by default only allows file uploads up to 1M in size + # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml + client_max_body_size 50M; + } + } + +The last thing we need to do is open up port 8448 in our router. + +Now Synapse should be up and running, as a last step we need to add a user. + +sudo docker exec -it synapse bash +register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008 + +Simply follow the steps, give a name, give a password, and say wether it is an admin yes or no. + +# Element +Element is a Web client for Matrix, You can use it to chat with other Matrix users + +First we are going to create the network + +sudo docker network create --subnet=172.33.0.0/16 element + +Now we are going to create a folder for the compose file + +mkdir ~/docker/element + +Create the compose file + +nano ~/docker/element/docker-compose.yml + +Add in the following text + +version: '3' + +services: + element: + image: vectorim/element-web:latest + container_name: element + restart: always + volumes: + - /data/element/element-config.json:/app/config.json + networks: + element: + ipv4_address: 172.33.0.10 + +networks: + element: + external: true + name: element + ipam: + config: + - subnet: 172.33.0.0/16 + +Now we need to create the element folder for the data + +sudo mkdir /data/element/ + +Now we are going to create element the config file + +sudo nano /data/element/element-config.json + +Add in the following text + +{ + "default_server_config": { + "m.homeserver": { + "base_url": "https://example.com", + "server_name": "example.com" + }, + "m.identity_server": { + "base_url": "https://vector.im" + } + }, + "brand": "Element", + "integrations_ui_url": "https://scalar.vector.im/", + "integrations_rest_url": "https://scalar.vector.im/api", + "integrations_widgets_urls": [ + "https://scalar.vector.im/_matrix/integrations/v1", + "https://scalar.vector.im/api", + "https://scalar-staging.vector.im/_matrix/integrations/v1", + "https://scalar-staging.vector.im/api", + "https://scalar-staging.riot.im/scalar/api" + ], + "hosting_signup_link": "https://element.io/matrix-services?utm_source=element-web&utm_medium=web", + "bug_report_endpoint_url": "https://element.io/bugreports/submit", + "uisi_autorageshake_app": "element-auto-uisi", + "showLabsSettings": true, + "piwik": { + "url": "https://piwik.riot.im/", + "siteId": 1, + "policyUrl": "https://element.io/cookie-policy" + }, + "roomDirectory": { + "servers": [ + "matrix.org", + "gitter.im", + "libera.chat" + ] + }, + "enable_presence_by_hs_url": { + "https://matrix.org": false, + "https://matrix-client.matrix.org": false + }, + "terms_and_conditions_links": [ + { + "url": "https://element.io/privacy", + "text": "Privacy Policy" + }, + { + "url": "https://element.io/cookie-policy", + "text": "Cookie Policy" + } + ], + "hostSignup": { + "brand": "Element Home", + "cookiePolicyUrl": "https://element.io/cookie-policy", + "domains": [ + "matrix.org" + ], + "privacyPolicyUrl": "https://element.io/privacy", + "termsOfServiceUrl": "https://element.io/terms-of-service", + "url": "https://ems.element.io/element-home/in-app-loader" + }, + "sentry": { + "dsn": "https://029a0eb289f942508ae0fb17935bd8c5@sentry.matrix.org/6", + "environment": "develop" + }, + "posthog": { + "projectApiKey": "phc_Jzsm6DTm6V2705zeU5dcNvQDlonOR68XvX2sh1sEOHO", + "apiHost": "https://posthog.hss.element.io" + }, + "features": { + "feature_spotlight": true + }, + "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx" +} + +Now we are going to add the network to the nginx compose file + +nano ~/docker/nginx/docker-compose.yml + +Add the following to the correct place + + element: + ipv4_address: 172.33.0.20 + + element: + external: true + name: element + +Now we only need to edit the nginx config file + +sudo nano /data/nginx/nginx.conf + +Add in the following location block between the synapse server + + location / { + proxy_pass http://element:80; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Host $remote_addr; + } + +Now finally restart the nginx container and start the element container. + +sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d +sudo docker-compose -f ~/docker/element/docker-compose.yml up -d + +Element should be ready to use :) + +# Synapse Admin +WIP! \ No newline at end of file diff --git a/Guides/Docker/09Mumble.md b/Guides/Docker/09Mumble.md new file mode 100644 index 0000000..59619db --- /dev/null +++ b/Guides/Docker/09Mumble.md @@ -0,0 +1,75 @@ +--- +title: 09 Mumble +description: +published: true +date: 2023-05-03T02:58:14.663Z +tags: +editor: markdown +dateCreated: 2023-05-03T01:58:53.909Z +--- + + +Install and Configure Mumble +Mumble is an encrypted voice chat service, It is pretty much amazing, and nothing comes close to it. + +First we are going to create a network + +sudo docker network create --subnet=172.34.0.0/16 mumble + +now we are going to create a folder + +mkdir -p ~/docker/mumble + +now we need to create the docker compose file + +nano ~/mumble/docker-compose.yml + +Add in the following text + +version: '3' + +services: + mumble: + image: mumblevoip/mumble-server + container_name: mumble + restart: always + volumes: + - /data/mumble/:/data + environment: + - SUPERUSER_PASSWORD=CHANGE ME INTO SOMETHING + ports: + - 64738:64738 + - 64738:64738/udp + networks: + mumble: + ipv4_address: 172.34.0.10 + +networks: + mumble: + external: true + name: mumble + ipam: + config: + - subnet: 172.34.0.0/24 + +Lets create a config file now + +sudo nano /data/mumble/murmur.ini + +Add in the following text and adjust it where needed + +logfile=/data/murmur.log +welcometext="Welcome to my Mumble server" +bandwidth=144000 +users=1000 +timeout=30 +registerName=Mumble Server Root +registerLocation=NL + +Now we finally change the owner of the folder to let Murmur access it + +sudo chown -R 1000:1000 /data/mumble + +Let it run with the following command + +sudo docker-compose -f ~/docker/mumble/docker-compose.yml up -d diff --git a/Guides/Docker/10Proxies.md b/Guides/Docker/10Proxies.md new file mode 100644 index 0000000..f2745a3 --- /dev/null +++ b/Guides/Docker/10Proxies.md @@ -0,0 +1,15 @@ +--- +title: 10 Proxies +description: +published: true +date: 2023-05-03T02:59:29.821Z +tags: +editor: markdown +dateCreated: 2023-05-03T02:09:17.751Z +--- + +# SearxNG +WIP! + +# Invidious +WIP! \ No newline at end of file diff --git a/Guides/Docker/11Gitea.md b/Guides/Docker/11Gitea.md new file mode 100644 index 0000000..d8be7d1 --- /dev/null +++ b/Guides/Docker/11Gitea.md @@ -0,0 +1,12 @@ +--- +title: 11 Gitea +description: +published: true +date: 2023-05-03T03:09:28.099Z +tags: +editor: markdown +dateCreated: 2023-05-03T02:09:10.059Z +--- + +# Gitea +WIP! \ No newline at end of file diff --git a/Guides/Docker/12Wiki.md b/Guides/Docker/12Wiki.md new file mode 100644 index 0000000..49b7415 --- /dev/null +++ b/Guides/Docker/12Wiki.md @@ -0,0 +1,12 @@ +--- +title: 12 Wiki +description: +published: true +date: 2023-05-03T03:10:07.363Z +tags: +editor: markdown +dateCreated: 2023-05-03T02:09:23.239Z +--- + +# WikiJS +WIP! \ No newline at end of file diff --git a/Guides/Docker/13Monitoring.md b/Guides/Docker/13Monitoring.md new file mode 100644 index 0000000..527ea6d --- /dev/null +++ b/Guides/Docker/13Monitoring.md @@ -0,0 +1,24 @@ +--- +title: 13 Monitoring +description: +published: true +date: 2023-05-03T06:05:30.852Z +tags: +editor: markdown +dateCreated: 2023-05-03T02:09:15.119Z +--- + +# Grafana +WIP! + +# Prometheus +WIP! + +# Dex +WIP! + +# Dozzle +WIP! + +# UptimeKuma +WIP! diff --git a/Guides/Docker/14Mail.md b/Guides/Docker/14Mail.md new file mode 100644 index 0000000..9421402 --- /dev/null +++ b/Guides/Docker/14Mail.md @@ -0,0 +1,1664 @@ +--- +title: 14 Mail +description: +published: true +date: 2023-07-04T15:38:32.450Z +tags: +editor: markdown +dateCreated: 2023-05-03T02:09:12.610Z +--- + +# Email +Most people would recommend against hosting your own mailserver, But if you have a stable connection I don't see the issue. Yes you need to secure it, But imagine how much it would do for decentralisation if everyone hosted their own mailserver. That is why I present this easy guide to a full fledged mail server :) + +# Dockerfile +There is no official docker container for postfix or dovecot, so we will write our own, first we need to create a directory + + mkdir -p ~/docker/mailserver + +Now create a Dockerfile + + vim ~/docker/mailserver/Dockerfile + +Paste in the following content + +``` +FROM alpine +RUN apk update && apk add mysql postfix postfix-mysql dovecot dovecot-lmtpd dovecot-mysql dovecot-pigeonhole-plugin rspamd-client +RUN mkdir -p /var/spool/postfix/etc +RUN echo "nameserver 9.9.9.9" > /var/spool/postfix/etc/resolv.conf +ENTRYPOINT apk update && apk upgrade && cp /usr/bin/rspamc /usr/lib/dovecot/sieve/rspamc && dovecot && postfix start-fg +``` + +This simply installs postfix, dovecot and the extras we need. It also includes the rspamd client to control the spamserver we will set up later. + +Now we need to create a docker-compose file + + vim ~/docker/mailserver/docker-compose.yml + +Paste in the following content + +``` +version: '3' + +networks: + mail: + external: true + name: mail + ipam: + config: + - subnet: 172.20.11.0/24 + +services: + postfix: + build: . + container_name: postfix + restart: always + ports: + - 25:25 + - 465:465 + - 587:587 + - 993:993 + - 995:995 + volumes: + - /data/mailserver/log:/var/log + - /data/mailserver/mail:/var/mail + #- /data/mailserver/postfix:/etc/postfix + - /data/mailserver/dovecot:/etc/dovecot + #- /data/mailserver/sieve:/usr/lib/dovecot/sieve + - /etc/letsencrypt/:/etc/letsencrypt/ + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + networks: + mail: + ipv4_address: 172.20.11.10 +``` + +We also need a network so create it with the following command + + sudo docker network create --subnet=172.20.11.0/24 mail + +We left 2 directories commented out in the compose file, this is because we want to copy the default configuration, so lets start the container + + sudo docker-compose -f ~/docker/mailserver/docker-compose.yml up -d + +The container should be running, so now we are going to copy over the config directories. + + sudo docker cp postfix:/etc/postfix /data/mailserver + sudo docker cp postfix:/usr/lib/dovecot/sieve /data/mailserver + +Now you can remove the # before the 3 volume lines in the docker compose file + + vim ~/docker/mailserver/docker-compose.yml + +So it looks like this + +``` +services: + postfix: + volumes: + - /data/mailserver/postfix:/etc/postfix + - /data/mailserver/sieve:/usr/lib/dovecot/sieve +``` + +And restart the container + + sudo docker-compose -f ~/docker/nginx/docker-compose.yml down && sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d + +# Configuring Postfix +We need to configure postfix to send and receive emails, first we are going to start with our main config file + + sudo vim /data/mailserver/postfix/main.cf + +Replace the entire content with the following + +``` +## Acceptation +mydestination = localhost +mynetworks = localhost 172.20.0.0/16 + +## Network +mydomain = example.com +myhostname = example.com +myorigin = example.com +inet_protocols = ipv4 +smtpd_banner = PTR_RECORD ESMTP $mail_name + +## Recipient Restrictions +smtpd_recipient_restrictions = + permit_mynetworks + permit_sasl_authenticated + reject_unauth_destination + #reject_non_fqdn_sender + #reject_non_fqdn_recipient + #reject_invalid_hostname + #reject_unknown_client_hostname + #reject_unknown_sender_domain + reject_unknown_recipient_domain + reject_unlisted_recipient + #reject_unknown_reverse_client_hostname + check_recipient_access texthash:/etc/postfix/blocked_recipients + check_sender_access texthash:/etc/postfix/blocked_senders + +## Relay Restrictions +smtpd_relay_restrictions = $smtpd_recipient_restrictions + +## HELO/EHLO Restrictions +smtpd_helo_restrictions = + permit_mynetworks + permit_sasl_authenticated + #reject_invalid_helo_hostname + #reject_non_fqdn_helo_hostname + #reject_unknown_helo_hostname + +## Sender Restrictions +smtpd_sender_restrictions = + permit_mynetworks + permit_sasl_authenticated + #reject_unknown_reverse_client_hostname + #reject_unknown_client_hostname + +## Milter Settings +milter_protocol = 6 +milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} +milter_default_action = accept +smtpd_milters = inet:172.20.11.40:11332 +non_smtpd_milters = inet:172.20.11.40:11332 + +## Config +compatibility_level=3.6 + +## Logging +smtpd_tls_loglevel = 2 +smtp_tls_loglevel = 2 +smtpd_delay_reject = yes +maillog_file = /var/log/postfix.log + +## Mapping to database +virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf,proxy:mysql:/etc/postfix/virtual_alias_domains_maps.cf +virtual_alias_domains = proxy:mysql:/etc/postfix/virtual_alias_domains.cf +virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf +virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf + +## Mailbox Settings +virtual_mailbox_base = /var/mail +virtual_mailbox_limit = 512000000 +virtual_minimum_uid = 5000 +virtual_transport = lmtp:unix:private/dovecot-lmtp +virtual_uid_maps = static:5000 +virtual_gid_maps = static:5000 +local_transport = virtual +virtual_uid_maps = static:5000 +local_recipient_maps = $virtual_mailbox_maps + +## HELO/EHLO Settings +smtpd_helo_required = yes + +## SASL Settings +smtpd_sasl_auth_enable = yes +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_local_domain = $mydomain +smtpd_sasl_authenticated_header = yes +broken_sasl_auth_clients = no +#smtpd_sasl_security_options = noanonymous +#smtpd_sasl_tls_security_options = noanonymous + +## TSL Settings +tls_preempt_cipherlist = yes +tls_ssl_options = NO_COMPRESSION +tls_random_source = dev:/dev/urandom +#tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:AES256-SHA:CAMELLIA128-SHA:AES128-SHA +smtpd_use_tls = yes +smtpd_tls_auth_only = yes +smtpd_tls_protocols = !SSLv2, !SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 +smtpd_tls_received_header = yes +smtpd_tls_session_cache_timeout = 3600s +smtpd_tls_security_level = encrypt +smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem +smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem +#smtpd_tls_eecdh_grade = strong +#smtpd_tls_mandatory_ciphers = high +#smtpd_tls_exclude_ciphers = aNULL:eNULL:LOW:3DES:MD5:MEDIUM:EXP:PSK:DSS:RC4:SEED:ECDSA:CAMELLIA256-SHA +smtp_use_tls = yes +smtp_tls_protocols = !SSLv2, !SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 +smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 +smtp_tls_session_cache_timeout = 3600s +smtp_tls_security_level = encrypt +smtp_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem +smtp_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem +#smtp_tls_mandatory_ciphers = high +#smtp_tls_exclude_ciphers = aNULL:eNULL:LOW:3DES:MD5:MEDIUM:EXP:PSK:DSS:RC4:SEED:ECDSA:CAMELLIA256-SHA + +## Limit Settings +smtpd_client_connection_rate_limit = 100 +smtpd_client_message_rate_limit = 10000 +anvil_rate_time_unit = 60 +message_size_limit = 51200000 +header_size_limit = 102400 +default_process_limit = 1000 +queue_minfree = 100000000 +smtpd_error_sleep_time = 1s +smtpd_soft_error_limit = 10 +smtpd_hard_error_limit = 20 + +## Privacy +disable_vrfy_command = yes +header_checks = regexp:/etc/postfix/header_checks +``` + +The configuration is much to big to cover in this guide, But I recommend you look up each and every line to figure out what it does exactly. + +Just replace example.com with your own domain and put in the PTR record, You can also comment out the smtp banner line. + +Now we are going to create the master.cf file + + sudo vim /data/mailserver/postfix/master.cf + +Replace the entire content with the following + +``` +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== + +## Incoming +smtp inet n - y - - smtpd + +submission inet n - y - - smtpd + -o syslog_name=postfix/submission + -o smtpd_reject_unlisted_recipient=no + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +# -o smtpd_etrn_restrictions=reject +# -o smtpd_helo_restrictions=permit_mynetworks,permit +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o milter_macro_daemon_name=ORIGINATING + +smtps inet n - y - - smtpd + -o syslog_name=postfix/smtps + -o smtpd_tls_wrappermode=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o milter_macro_daemon_name=ORIGINATING +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o milter_macro_daemon_name=ORIGINATING + +pickup unix n - y 60 1 pickup + +## Processing +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +rewrite unix - - y - - trivial-rewrite + +## Outbound +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +smtp unix - - y - - smtp +relay unix - - y - - smtp + +## Helper +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce + +## Logging +postlog unix-dgram n - n - 1 postlogd +anvil unix - - y - 1 anvil + +## Cache +scache unix - - y - 1 scache +tlsmgr unix - - y 1000? 1 tlsmgr +flush unix n - y 1000? 0 flush + +## Verification +verify unix - - y - 1 verify + +## Proxy +#tlsproxy unix - - y - 0 tlsproxy +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 + +## mailq +showq unix n - y - - showq + +## External Delivery Methods +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} +vacation unix - n n - - pipe + flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient} +#dovecot unix - n n - - pipe +# flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} +``` + +We need to create a simple file that will strip private information from the header like the client IP and username. + + sudo vim /data/mailserver/postfix/header_checks + +paste in the following content + +``` +/^Received:.*\(Authenticated sender:/ IGNORE +``` + +next up is a simple file that lists blocked recipients, very handy if you use a catchall and one of your emails has been compromised + + sudo vim /data/mailserver/postfix/blocked_recipients + +Paste in the following content + +``` +compromised@example.tld 550 Email address has been compromised and is no longer in use. +spam@example.tld 550 You can keep your spam. +retired@example.tld 550 The email address you are trying to reach has been retired. +``` + +The ones here are just examples, but you can add your own in the same format + +Now we are going to create the same file, just for blocked senders + + sudo vim /data/mailserver/postfix/blocked_senders + +Paste in the following content + +``` +spamsender@example.tld 550 You can keep your spam. +spamsender@example2.tld 550 Server not accepting email from this sender. +``` + +Again you can add what you want, very handy for repeated offenders who don't offer an unsubscribe link. + +In the main.cf configuration file we call for 5 files that do not exist yet, these files contain credentials and instructions to look into a database, we are going to create all 5 files, paste in the content and adjust the credentials so that they match your configuration + +Create the file + + sudo vim /data/mailserver/postfix/virtual_alias_domains.cf + +paste in the following content and adjust the credentials + +``` +user = postfix +password = POSTFIXDATABASEUSERPASSWORD +hosts = 172.20.11.30 +dbname = postfix +query = SELECT alias_domain FROM alias_domain WHERE alias_domain='%s' AND active = '1' +``` + +Create the file + + sudo vim /data/mailserver/postfix/virtual_alias_domains_maps.cf + +paste in the following content and adjust the credentials + +``` +user = postfix +password = POSTFIXDATABASEUSERPASSWORD +hosts = 172.20.11.30 +dbname = postfix +query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = '1' AND alias_domain.active='1' +``` + +Create the file + + sudo vim /data/mailserver/postfix/virtual_alias_maps.cf + +paste in the following content and adjust the credentials + +``` +user = postfix +password = POSTFIXDATABASEUSERPASSWORD +hosts = 172.20.11.30 +dbname = postfix +table = alias +select_field = goto +where_field = address +``` + +Create the file + + sudo vim /data/mailserver/postfix/virtual_mailbox_domains.cf + +paste in the following content and adjust the credentials + +``` +user = postfix +password = POSTFIXDATABASEUSERPASSWORD +hosts = 172.20.11.30 +dbname = postfix +table = domain +select_field = domain +where_field = domain +``` + +Create the file + + sudo vim /data/mailserver/postfix/virtual_mailbox_maps.cf + +paste in the following content and adjust the credentials + +``` +user = postfix +password = POSTFIXDATABASEUSERPASSWORD +hosts = 172.20.11.30 +dbname = postfix +table = mailbox +select_field = maildir +where_field = username +``` + +Postfix configuration should be done now + +# Configuring Dovecot +Dovecot will be our imap server, so that we can use a client to actually read our email + +Lets start with the main configuration file + + sudo vim /data/mailserver/dovecot/dovecot.conf + +Paste in the following bytes + +``` +# Logging +log_path = /var/log/dovecot.log +mail_debug = yes + +# Protocols +protocols = imap pop3 lmtp sieve +auth_mechanisms = login plain +#disable_plaintext_auth = yes + +# Security +ssl = required +ssl_min_protocol = TLSv1.2 +ssl_prefer_server_ciphers = yes +ssl_cert = +``` + +The Setup Password is for setting up the admin account but first we need to create a network + + sudo docker network create --subnet=172.20.71.0/24 postfixadmin + +Now we need to add nginx to the network so open the compose file of nginx + + vim ~/docker/nginx/docker-compose.yml + +Here add the following in the right place + +``` +services: + nginx: + networks: + postfixadmin: + ipv4_address: 172.20.71.20 + +networks: + postfixadmin: + external: true + name: postfixadmin +``` + +You probably already have the network keys, so in that case only copy the postfixadmin: keys with their properties and put them under the other networks in your compose file. + +Now we need to do the same for mariadb + + vim ~/docker/mariadb/docker-compose.yml + +Here add the following in the right place + +``` +services: + mariadb: + networks: + postfixadmin: + ipv4_address: 172.20.71.30 + +networks: + postfixadmin: + external: true + name: postfixadmin +``` + +Now we are going to create a second postfix user that can access from the postfixadmin container so get access to the mariaDB prompt + + sudo docker exec -it maridb mysql -p + +Enter the Mysql root password you provided during the creation of the mariadb container and you should be in. + +Create the user with + + create user postfix@'172.20.71.10' identified by 'POSTFIXDATABASEPASSWORD'; + +Give privileges to the user on the database with + + grant all privileges on postfix.* to postfix@'172.20.71.10'; + +And Flush the privileges with + + flush privileges; + +Exit mysql with + + quit; + +Now we need to add the server block to the nginx config so create a new file + + sudo vim /data/nginx/config/services/postfixadmin.active + +Paste in the following and be sure to replace the domain name 6 times + +``` +server { + server_name admin.example.com; + listen 443 ssl; + +# Settings + autoindex off; + +# Locations + location / { + auth_basic "Restricted Content"; + auth_basic_user_file /etc/nginx/auth/.postfixadmin; + proxy_pass http://postfixadmin:80; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_ssl_server_name on; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + } + + location ~ /\.(?!well-known) { + deny all; + } + + location = /favicon.ico { + log_not_found off; + } + + location = /robots.txt { + log_not_found off; + } + +# GZip + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; + +# Headers + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN"; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + +# SSL + ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/admin.example.com/chain.pem; +} + +# Redirect +server { + listen 80; + server_name admin.example.com; + return 301 https://admin.example.com$request_uri; +} +``` + +Make sure you have a valid certificate for the domain + +One last thing we need to do is create a authpasswd file so the interface is behind a extra layer of security + +to do this we need some apache tools so install them + + sudo pacman -S apache + +now execute the following command be sure to replace USERNAME with a username + + sudo htpasswd -c /data/nginx/config/auth/.postfixadmin USERNAME + +now it will ask for a password, give it one and store it well. + +Finally we can restart the relevant containers + +first the database so that postfixadmin can access it + + sudo docker-compose -f ~/docker/mariadb/docker-compose.yml down && sudo docker-compose -f ~/docker/mariadb/docker-compose.yml up -d + +Now we start the postfixadmin container so nginx can find it + + sudo docker-compose -f ~/docker/postfixadmin/docker-compose.yml up -d + +Finally restart the nginx container + + sudo docker-compose -f ~/docker/nginx/docker-compose.yml down && sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d + +You should be able to go example.com/setup.php, first login with the http auth user and password you given with the htpasswd command then scroll down to generate setup password + +Copy the setup password hash into your configuration file + + sudo vim /data/postfixadmin/config.local.php + +Now you should be able to create an admin user with the password you have given it You might have to restart the container for the setup password to work + +# Rspamd +Rspamd will be our spam solution, it will scan incoming and outgoing emails, it requires quite a lot of configuration files, but it simply runs circles around spamassassin. + +Like always we start with a project directory + + mkdir -p ~/docker/rspamd + +for Rspamd there is again no official dockerfile, so we will create our own minimal image + + vim ~/docker/rspamd/Dockerfile + +Paste in the following content + +``` +FROM alpine +RUN mkdir /run/rspamd/ && touch /run/rspamd/rspamd.sock && chmod 600 /run/rspamd/rspamd.sock +RUN apk add --no-cache rspamd rspamd-client rspamd-controller rspamd-utils redis +ENTRYPOINT apk update && apk upgrade && redis-server /etc/redis.conf --daemonize yes && rspamd -i && while true; do sleep 10000; done +``` + +Now we create a docker compose file + + vim ~/docker/rspamd/docker-compose.yml + +Now paste in the following content + +``` +version: '3' + +services: + rspamd: + build: . + container_name: rspamd + restart: always + volumes: + - /data/rspamd/log:/var/log/rspamd + #- /data/rspamd/config:/etc/rspamd + #- /data/rspamd/database:/var/lib/redis + #- /data/rspamd/stats:/var/lib/rspamd + #- /data/rspamd/www:/usr/share/rspamd/www + - /etc/letsencrypt/:/etc/letsencrypt/ + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + networks: + mail: + ipv4_address: 172.20.11.40 + +networks: + mail: + external: true + name: mail + ipam: + config: + - subnet: 172.20.11.0/24 +``` + +You might have noticed the # characters again, and the same strategy applies + + sudo docker-compose -f ~/docker/rspamd/docker-compose.yml up -d + +Now we need to copy the directories to the right place + + sudo docker cp rspamd:/etc/rspamd /data/rspamd/config + sudo docker cp rspamd:/var/lib/redis /data/rspamd/database + sudo docker cp rspamd:/var/lib/rspamd /data/rspamd/stats + sudo docker cp rspamd:/usr/share/rspamd/www /data/rspamd/www + +Now remove the # from the docker-compose file + + vim ~/docker/rspamd/docker-compose.yml + +So it looks like this + +``` +services: + rspamd: + volumes: + - /data/rspamd/config:/etc/rspamd + - /data/rspamd/database:/var/lib/redis + - /data/rspamd/stats:/var/lib/rspamd + - /data/rspamd/www:/usr/share/rspamd/www +``` + +Now simply restart the container + + sudo docker-compose -f ~/docker/rspamd/docker-compose.yml down && sudo docker-compose -f ~/docker/rspamd/docker-compose.yml up -d + +We need to adjust the redis config + + sudo vim /data/rspamd/config/local.d/redis.conf + +Paste in the following content + +``` +servers = "127.0.0.1"; +``` + +This will add spamscore details to the headers. + + sudo vim /data/rspamd/config/override.d/milter_headers.conf + +add in the following content + +``` +extended_spam_headers = true; +``` + +Now we need to adjust some small files for the listeners + +first the worker-proxy + + sudo vim /data/rspamd/config/local.d/worker-proxy.inc + +Paste in the following lines + +``` +bind_socket = "0.0.0.0:11332"; +milter = yes; +timeout = 120s; +upstream "local" { + default = yes; + self_scan = yes; + hosts = "rspamd:11332"; +} +count = 4; +max_retries = 5; +discard_on_reject = false; +quarantine_on_reject = false; +spam_header = "X-Spam"; +reject_message = "Spam message rejected"; +``` + +Now the worker-normal + + sudo vim /data/rspamd/config/local.d/worker-normal.inc + +paste in the following content + +``` +bind_socket = "0.0.0.0:11333"; +``` + +And finally the worker-controller + +We first need a hashed password to put in the file so go into the container + + sudo docker exec -it rspamd sh + +Now generate a hashed password + + rspamadm pw + +Give it your desired password and copy the result into the following file + + sudo vim /data/rspamd/config/local.d/worker-controller.inc + +Paste in the following content replacing the password obviously + +``` +password = "A Very Strong Password"; +bind_socket = "0.0.0.0:11334"; +mode=0622 +secure_ip = "172.20.11.10"; +``` + +Finally we create a file that will prevent outgoing mail being marked as spam + + sudo vim /data/rspamd/config/local.d/settings.conf + +Paste in the following content + +``` +authenticated { + priority = high; + authenticated = yes; + apply { + actions { + "rewrite subject" = 100.0; + "add header" = 100.0; + "reject" = 100.0; + } + } +} +``` + +Now we can restart rspamd to make the changes take effect + + sudo docker-compose -f ~/docker/rspamd/docker-compose.yml down && sudo docker-compose -f ~/docker/rspamd/docker-compose.yml up -d + +Rspamd configuration is complete, now we just need to configure the reverse proxy so we can access it. + +We simply create a file in the services directory of nginx + + sudo vim /data/nginx/config/services/rspamd.active + +Paste in the following content + +``` +server { + server_name spam.example.com; + listen 443 ssl; + +# Settings + client_max_body_size 100M; + autoindex off; + root /data/rspamd/www; + +# Locations + location / { + auth_basic "Restricted Content"; + auth_basic_user_file /etc/nginx/auth/.rspamdhtpasswd; + proxy_pass http://172.20.11.40:11334; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + } + +# Headers + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header X-XSS-Protection "1; mode=block"; + +# SSL + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:TLS:10m; + ssl_session_timeout 1d; + ssl_stapling on; + ssl_stapling_verify on; + server_tokens off; + ssl_certificate /etc/letsencrypt/live/spam.example.com/fullchain.pem; + ssl_trusted_certificate /etc/letsencrypt/live/spam.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/spam.example.com/privkey.pem; +} + +# Redirect +server { + listen 80; + server_name spam.example.com; + return 301 https://spam.example.com$request_uri; +} +``` + +And we add Nginx to the mail network + + vim ~/docker/nginx/docker-compose.yml + +Here add the following in the right place + +``` +services: + nginx: + networks: + mail: + ipv4_address: 172.20.11.20 + +networks: + mail: + external: true + name: mail +``` + +now execute the following command be sure to replace USERNAME with a username + + sudo htpasswd -c /data/nginx/config/auth/.rspamdpasswd USERNAME + +now it will ask for a password, give it one and store it well. + +Now we simply restart nginx + + sudo docker-compose -f ~/docker/nginx/docker-compose.yml down && sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d + +RspamD should be up and running you can access it by going to spam.example.com first entering the auth user/pass and then the rspamd controller password you set. + +# Roundcube +Roundcube is a nice web email client, it is optional for this mailstack, but it can be very handy. + +We start with a project directory + + mkdir -p ~/docker/roundcube + +Now create the docker-compose file + + vim ~/docker/roundcube/docker-compose.yml + +Paste in the following content + +``` +version: '3' + +networks: + roundcube: + external: true + name: roundcube + +services: + roundcube: + image: roundcube/roundcubemail + container_name: roundcube + restart: always + volumes: + - /data/roundcube/:/var/www/html/ + networks: + roundcube: + ipv4_address: 172.20.32.10 +``` + +Roundcube will run in its own network so lets create that too + + sudo docker network create --subnet=172.20.32.0/24 roundcube + +Now we will add Nginx to the roundcube network + + vim ~/docker/nginx/docker-compose.yml + +Here add the following in the right place + +``` +services: + nginx: + networks: + roundcube: + ipv4_address: 172.20.32.20 + +networks: + roundcube: + external: true + name: roundcube +``` + +And create the config file for Nginx + + sudo vim /data/nginx/config/services/roundcube.active + +Paste in the following content + +``` +server { + server_name example.com; + listen 443 ssl; + +# Settings + autoindex off; + client_max_body_size 5000M; + +# Locations + location / { + proxy_pass http://roundcube:80; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_ssl_server_name on; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_connect_timeout 6000s; + proxy_send_timeout 6000s; + proxy_read_timeout 6000s; + } + + location ~ /\.(?!well-known) { + deny all; + } + + location = /favicon.ico { + log_not_found off; + } + + location = /robots.txt { + log_not_found off; + } + +# GZip + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; + +# Headers + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN"; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + #add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always; + add_header Permissions-Policy "interest-cohort=()" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + +# SSL + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem; +} + +# Redirect +server { + listen 80; + server_name example.com; + return 301 https://example.com$request_uri; + } +``` + +Now we will add MariaDB to the Roundcube network + + vim ~/docker/mariadb/docker-compose.yml + +Here add the following in the right place + +``` +services: + mariadb: + networks: + roundcube: + ipv4_address: 172.20.32.30 + +networks: + roundcube: + external: true + name: roundcube +``` + +Now we are going to restart the mariadb container so it is actually part of the network + + sudo docker-compose -f ~/docker/mariadb/docker-compose.yml down && sudo docker-compose -f ~/docker/mariadb/docker-compose.yml up -d + +Now we will create a database and user + + sudo docker exec -it mariadb mysql -p + +Enter the Mysql root password you provided during the creation of the mariadb container and you should be in. + +Create a database with + + create database roundcube; + +Create the user with + + create user roundcube@'172.20.32.10' identified by 'ROUNDCUBEDATABASEPASSWORD'; + +Give privileges to the user on the database with + + grant all privileges on roundcube.* to roundcube@'172.20.32.10'; + +And Flush the privileges with + + flush privileges; + +Exit mysql with + + quit; + +Create the config directory + + sudo mkdir -p /data/roundcube/config + +Finally we create the configuration file + + sudo vim /data/roundcube/config/config.inc.php + +Paste in the following content + +``` + /var/lib/rspamd/dkim/1.txt + +Now cat the key + + cat /var/lib/rspamd/dkim/1.txt + +Now put the v the k and the p in your DNS records like so + + 1._domainkey TXT v=DKIM1; k=rsa; p=MIIBI.....IDAQAB + +Be sure to put in the whole p= value it should start with MIIBI and and with IDAQAB with no spaces or " in between + +You can exit the container + + exit + +Now we need to adjust the dkim configuration file for Rspamd + + sudo vim /data/rspamd/config/local.d/dkim_signing.conf + +Paste in the following content + +``` +path = "/var/lib/rspamd/dkim/$selector.key"; +selector = "1"; +allow_username_mismatch = true; +``` + +Restart RspamD to make it take effect + + sudo docker-compose -f ~/docker/rspamd/docker-compose.yml down && sudo docker-compose -f ~/docker/rspamd/docker-compose.yml up -d + +# DMARC +DMARC is again very simple, It just tells the receiving server what to do if SPF or DKIM fail + +Add the following TXT record to your DNS record + + _dmarc TXT v=DMARC1; p=reject; + +# ARC +We can simply use the DKIM keys, so no need to generate anything, we just need to add some configuration + + sudo vim /data/rspamd/config/local.d/arc.conf + +Paste in the following content + +``` +path = "/var/lib/rspamd/dkim/$selector.key"; +selector = "1"; +allow_username_mismatch = true; +sign_authenticated = true; +sign_incoming = true; +use_domain = "header"; +use_domain_sign_inbound = "recipient"; +symbol_signed = "ARC_SIGNED"; +sign_local = true; +auth_only = true; +``` + +Restart RspamD to make it take effect + + sudo docker-compose -f ~/docker/rspamd/docker-compose.yml down && sudo docker-compose -f ~/docker/rspamd/docker-compose.yml up -d + +# Fail2ban + +Rspamd and Postfixadmin are protected by nginx auth, We just need to protect Postfix, Dovecot and Roundcube so lets do them one by one + +create the postfix file + + sudo vim /etc/fail2ban/filter.d/postfixx.local + +Paste in the following content + +``` +[INCLUDES] +before = common.conf + +[Definition] +failregex = ^.*: lost connection after.*\[\]$ + ^.*:.*\[\]: SASL LOGIN authentication failed:.*$ + ^.*: warning: hostname .* does not resovlve to address $ + ^.*: warning: non-SMTP command from .*\[\].*$ +``` + +create the dovecot file + + sudo vim /etc/fail2ban/filter.d/dovecott.local + +Paste in the following content + +``` +[INCLUDES] +before = common.conf + +[Definition] +failregex = ^.*auth failed.*rip=,.*$ +``` + +create the roundcube file + + sudo vim /etc/fail2ban/filter.d/roundcube.local + +Paste in the following content + +``` +[INCLUDES] +before = common.conf + +[Definition] +failregex = ^.*Login failed for .*Real-IP: ,.*$ +``` + +Now we need to add the filters to our jails file + + sudo vim /etc/fail2ban/jail.local + +Add in the following lines + +``` +## Postfix +[postfixx] +enabled = true +logpath = /data/mailserver/log/postfix.log + +## Dovecot +[dovecott] +enabled = true +logpath = /data/mailserver/log/dovecot.log + +## Roundcube +[roundcube] +enabled = true +logpath = /data/roundcube/logs/errors.log +``` + +Now simply restart the service to make the changes take effect + + sudo systemctl restart fail2ban + +Be absolutely sure that it is running + + sudo systemctl status fail2ban diff --git a/Guides/Docker/15DNS.md b/Guides/Docker/15DNS.md new file mode 100644 index 0000000..95c3336 --- /dev/null +++ b/Guides/Docker/15DNS.md @@ -0,0 +1,21 @@ +--- +title: 15 DNS +description: +published: true +date: 2023-05-03T06:08:29.594Z +tags: +editor: markdown +dateCreated: 2023-05-03T06:08:29.594Z +--- + +# Authoritative +WIP! + +# Recursive +WIP! + +# DNSdist +WIP! + +# PowerDNS Admin +WIP! \ No newline at end of file diff --git a/home.md b/home.md new file mode 100644 index 0000000..9031fb5 --- /dev/null +++ b/home.md @@ -0,0 +1,13 @@ +--- +title: Welcome +description: Landing Page +published: true +date: 2023-05-03T04:28:57.037Z +tags: +editor: markdown +dateCreated: 2023-04-28T01:04:28.010Z +--- + +# Welcome to my Wiki + +There is not much here yet, Everything is a WIP for now and I plan to add more stuff in the future, feel free to take a look around.