initial content

2021-11-13 22:02:05 +01:00
commit 479cb90eac
12 changed files with 663 additions and 0 deletions
--- a/content/knowledge/apache-httpd.md
+++ b/content/knowledge/apache-httpd.md
@ -0,0 +1,18 @@
+---
+title: "Apache httpd configs"
+date: 2021-11-13
+---
+
+# HTTP proxy with Digest Auth
+
+```
+<Proxy *>
+  AuthType Digest
+  AuthName "mrtg"
+  AuthUserFile "/etc/httpd/conf/mrtg.htdigest"
+  Require valid-user
+</Proxy>
+
+ProxyPass / http://mrtg.lxc.br0tkasten.de/
+ProxyPassReverse / http://mrtg.lxc.br0tkasten.de/
+```
--- a/content/knowledge/lets-encrypt.md
+++ b/content/knowledge/lets-encrypt.md
@ -0,0 +1,89 @@
+---
+title: 'Let''s Encrypt'
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+## create certificate
+```
+certbot certonly --email contact@br0tkasten.de --webroot -w /var/www/certbot/htdocs -d log.br0tkasten.de
+```
+
+## Apache config
+Default VirtualHost for HTTP (Port 80) mapping /.well-known/acme-challenge of any domain hosted on my webserver
+to the same location in filesystem (/var/www/certbot/htdocs/.well-known/acme-challenge/)
+This makes renew and create certificates very easy.
+
+```
+<VirtualHost 185.170.112.162:80 [2a03:4000:15:68::1]:80>
+        CustomLog /var/log/httpd/access.log combined
+        ErrorLog /var/log/httpd/error.log
+
+        Alias /.well-known/acme-challenge/ /var/www/certbot/htdocs/.well-known/acme-challenge/
+        <Location "/.well-known/acme-challenge">
+                Require all granted
+                Options None
+                AllowOverride None
+                ForceType text/plain
+                RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
+        </Location>
+
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
+        RewriteCond %{HTTPS} off
+        RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [last,redirect=301]
+</VirtualHost>
+```
+
+## renew certificates
+### systemd service
+```
+cat > /etc/systemd/system/certbot.service << EOF
+[Unit]
+Description=Let's Encrypt renewal
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew --quiet --agree-tos
+EOF
+```
+
+### systemd timer
+```
+[Unit]
+Description=Twice daily renewal of Let's Encrypt's certificates
+
+[Timer]
+OnCalendar=0/12:00:00
+RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+```
+
+### enable certbot timer
+```
+systemctl start certbot.timer
+systemctl enable certbot.timer
+```
+
+## renewal hooks
+
+### restart httpd after renewal
+```
+cat > /etc/letsencrypt/renewal-hooks/httpd.sh << EOF
+#!/bin/sh
+
+systemctl restart httpd
+EOF
+```
+
+### restart mail container
+```
+cat > /etc/letsencrypt/renewal-hooks/mail.sh << EOF
+#!/bin/sh
+
+lxc-stop -r -n 'mail'
+EOF
+```
--- a/content/knowledge/lxc/lxc-networking.md
+++ b/content/knowledge/lxc/lxc-networking.md
@ -0,0 +1,83 @@
+---
+title: 'LXC Networking'
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+# LXC network configurations
+
+## create network bridge
+```
+brctl add br0
+```
+
+## add virtual ethernet interface to container 
+
+Add the following lines to _/var/lib/lxc/container/config_
+```
+lxc.net.0.type  = veth
+lxc.net.0.link  = br0
+lxc.net.0.flags = up
+lxc.net.0.name  = eth0
+```
+
+## iptables
+### port forwarding
+iptables (IPv4) and ip6tables (IPv6) DNAT target to forward services to container.
+
+```
+iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT \
+        --to-destination 10.3.0.31:8448
+```
+
+### masquerading
+Translate outgoing traffic from container to public IP address
+
+```
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+```
+
+## IPv6
+### network configuration
+#### host 
+```
+ip addr add fd00::1/8 dev br0
+```
+```
+cat > /etc/sysctl.d/ipv6-forwarding.conf <<EOF
+net.ipv6.conf.eth0.accept_ra = 2
+net.ipv6.conf.br0.accept_ra = 2
+net.ipv6.conf.default.accept_ra = 2
+net.ipv6.conf.all.accept_ra = 2
+
+net.ipv6.conf.all.forwarding = 1
+net.ipv6.conf.default.forwarding = 1
+net.ipv6.conf.eth0.forwarding = 1
+net.ipv6.conf.br0.forwarding = 1
+EOF
+```
+
+#### container
+```
+ip addr add fd00::20:1/64 dev eth0
+ip route add default via fd00::1 dev eth0
+```
+
+### port forwarding
+```
+ip6tables \
+  -t nat \
+  -A PREROUTING \
+  -d 2a03:4000:15:68::20/128 \
+  -i eth0 \
+  -p tcp \
+  -m tcp \
+  --dport 587 \
+  -j DNAT \
+  --to-destination [fd00::20:1]:587
+```
+
+### masquerade
+```
+ip6tables -t nat -A POSTROUTING -s fd00::20:1/128 -o eth0 -j SNAT --to-source 2a03:4000:15:68::20
+```
--- a/content/knowledge/mail.md
+++ b/content/knowledge/mail.md
@ -0,0 +1,31 @@
+---
+title: Mail
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+Stuff to know about mail
+## Fetchmail
+
+fetchmail pop.gmx.net --ssl --verbose --username _username_ --protocol pop3
+
+## SMTP via Telnet
+### query MX record (mailserver)
+
+dig mx br0tkasten.de
+
+### connect to mailservice @ mailserver
+
+telnet mail.br0tkasten.de 25
+
+### send testmail
+
+ehlo barbecue.com
+MAIL FROM: root@barbecue.com
+RCPT TO: info@br0tkasten.de
+DATA
+Subject: Bla fasel
+
+Das ist eine Testmail
+.
+QUIT
--- a/content/knowledge/matrix-chat-server.md
+++ b/content/knowledge/matrix-chat-server.md
@ -0,0 +1,147 @@
+---
+title: 'Matrix Chat Server'
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+# Matrix Chat Server
+## Synpase
+
+To install matrix.org reference server synapse on Alpine-Linux the following steps are neccessary. In my case alpine-linux is running within an LXC container on my server.
+
+### Install prerequisite packages
+```
+apk add \
+  python2 \
+  py2-pip \
+  py-setuptools \
+  py-virtualenv \
+  sqlite \
+  py2-pysqlite \
+  py2-psycopg \
+  postgresql-dev \
+  py2-cffi \
+  libffi-dev \
+  alpine-sdk \
+  sqlite-dev \
+  python2-dev \
+  linux-headers \
+  zlib-dev \
+  jpeg-dev
+```
+### install synapse
+
+According to https://github.com/matrix-org/synapse#synapse-installation the recomendet installation procedure is within an python virtualenv environment.
+```
+virtualenv -p python2.7 /opt/synapse
+. /opt/synapse/bin/activate
+cd /opt/synapse
+pip install --upgrade pip
+pip install --upgrade setuptools
+pip install https://github.com/matrix-org/synapse/tarball/master
+```
+### create default configuration homeserver.yaml
+```
+python \
+    -m synapse.app.homeserver \
+    --server-name matrix.br0tkasten.de \
+    --config-path homeserver.yaml \
+    --generate-config \
+    --report-stats=yes
+```
+### start synapse
+```
+synctl start
+open-rc start script
+```
+
+### create system user
+```
+adduser -S matrix
+chown -Rf matrix /opt/synapse
+```
+### virtualenv wraper script
+```
+mkdir -p /opt/sbin
+cat > /opt/sbin/synapse.sh << EOF
+#!/bin/sh
+
+. /opt/synapse/bin/activate
+
+cd /opt/synapse
+synctl start
+EOF
+chmod 0755 /opt/sbin/synapse.sh
+```
+### open-rc init script
+```
+cat > /etc/init.d/synapse << EOF
+#!/sbin/openrc-run
+
+name=$RC_SVCNAME
+command="/opt/sbin/synapse.sh"
+command_user="matrix"
+pidfile="/opt/synapse/homeserver.pid"
+
+depend() {
+       need net
+}
+
+start() {
+    ebegin "Starting $name"
+    start-stop-daemon --start \
+        --user $command_user \
+        --exec $command \
+        --pidfile $pidfile 
+    eend $?
+}
+
+stop() {
+        ebegin "Stopping $name"
+        start-stop-daemon --stop --user $command_user
+        eend $?
+}
+EOF
+chmod 0755 /etc/init.d/synapse
+```
+### enable init script
+```
+rc-update add synapse
+```
+## Administration
+### create user accounts
+```
+register_new_matrix_user -c homeserver.yaml http://matrix.br0tkasten.de:8008
+```
+## Additional
+### Expose local LXC containers ports
+#### Server-to-Server
+
+For Server-to-Server connections on Port 8448 it is recommended to expose the port directly using portforwarding. On my server I used iptables for this portforwarding
+```
+iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT --to-destination matrix.lxc.local:8448
+```
+#### Client connections
+
+In my setup an apache vhost is acting as https reverse proxy.
+```
+<VirtualHost 185.170.112.162:443>
+    ServerName matrix.br0tkasten.de:443
+    RewriteEngine on
+    SSLEngine On
+    SSLProtocol all
+    SSLProxyEngine On
+
+    SSLCertificateFile /etc/letsencrypt/live/matrix.br0tkasten.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/matrix.br0tkasten.de/privkey.pem
+
+    CustomLog /var/log/httpd/matrix/access.log combined
+    ErrorLog /var/log/httpd/matrix/error.log
+
+    ProxyPreserveHost On
+    ProxyRequests Off
+
+    ProxyPass / http://matrix.lxc.br0tkasten.de:8008/
+    ProxyPassReverse / http://matrix.lxc.br0tkasten.de:8008/
+</VirtualHost>
+```
--- a/content/knowledge/tiptoi.md
+++ b/content/knowledge/tiptoi.md
@ -0,0 +1,20 @@
+---
+title: tiptoi
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+# tiptoi
+## Download media files
+
+Goto http://www.tiptoi.com -> Choose book -> "Audiodatei manuell herunterladen"
+
+## Manually mount
+
+When connecting the pen to a computer using a mini USB cable dmesg will show a new storage device (e.g. /dev/sdc). According to '''parted''' partition table is of type '''loop'''. Linux will not show hardware devices to mount the partition (e.g. /dev/sdc1).
+
+To mount the filesystem use:
+
+```
+mount -t vfat -o loop,rw /dev/sdc /mnt
+```