br0tkasten/www.br0tkasten.de
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

initial content

Browse Source
This commit is contained in:
Arne Baeumler 2021-11-13 22:02:05 +01:00
commit 479cb90eac
12 changed files with 663 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
resources/*

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "themes/LoveIt"]
path = themes/LoveIt
url = https://github.com/dillonzq/LoveIt.git

0
.hugo_build.lock Normal file
View File

6
archetypes/default.md Normal file
View File

@ -0,0 +1,6 @@
---
title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }}
draft: true
---

264
config.toml Normal file
View File

@ -0,0 +1,264 @@
baseURL = "https://hugo.br0tkasten.de/"
languageCode = "en-us"
title = "br0tkasten.de"
theme = "LoveIt"
publishdir = "/var/www/localhost/htdocs"
[menu]
[[menu.main]]
identifier = "knowledge"
name = "Knowledge"
url = "/knowledge/"
title = ""
weight = 1
[params]
version = "0.2.X"
description = "br0tkasten.de - just my two cents"
defaultTheme = "auto"
dateFormat = "2006-01-02"
[params.app]
title = "br0tkasten.de"
noFavicon = false
svgFavicon = ""
themeColor = "#ffffff"
iconColor = "#5bbad5"
tileColor = "#da532c"
[params.search]
enable = true
type = "lunr"
contentLength = 4000
placeholder = ""
maxResultLength = 10
snippetLength = 30
highlightTag = "em"
absoluteURL = false
[params.search.algolia]
index = ""
appID = ""
searchKey = ""
[params.header]
desktopMode = "fixed"
mobileMode = "auto"
[params.footer]
enable = true
custom = ''
hugo = true
copyright = true
author = true
since = 2021
license = '<a rel="license external nofollow noopener noreffer" href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank">CC BY-NC 4.0</a>'
[params.section]
paginate = 20
dateFormat = "01-02"
rss = 10
[params.list]
paginate = 20
dateFormat = "01-02"
rss = 10
[params.home]
rss = 10
[params.home.profile]
enable = true
gravatarEmail = "arne@br0tkasten.de"
title = "just my two cents"
subtitle = ""
typeit = true
social = true
disclaimer = ""
[params.home.posts]
enable = true
paginate = 6
defaultHiddenFromHomePage = false
[params.social]
GitHub = "br0tkasten"
Twitter = "bk98827187"
Gitea = "https://git.br0tkasten.de/br0tkasten"
Matrix = "@arne:matrix.br0tkasten.de"
Email = "arne@br0tkasten.de"
RSS = true # LoveIt NEW | 0.2.0
# LoveIt CHANGED | 0.2.0 Page config
[params.page]
hiddenFromHomePage = false
hiddenFromSearch = false
twemoji = false
lightgallery = false
ruby = true
fraction = true
fontawesome = true
linkToMarkdown = true
rssFullText = false
[params.page.toc]
enable = true
keepStatic = true
auto = true
[params.page.math]
enable = true
blockLeftDelimiter = ""
blockRightDelimiter = ""
inlineLeftDelimiter = ""
inlineRightDelimiter = ""
copyTex = true
mhchem = true
[params.page.code]
copy = true
maxShownLines = 10
[params.page.mapbox]
accessToken = ""
lightStyle = "mapbox://styles/mapbox/light-v9"
darkStyle = "mapbox://styles/mapbox/dark-v9"
navigation = true
geolocate = true
scale = true
fullscreen = true
[params.page.share]
enable = true
Twitter = true
Facebook = false
Linkedin = false
Whatsapp = true
Pinterest = false
Tumblr = false
HackerNews = false
Reddit = false
VK = false
Buffer = false
Xing = false
Line = true
Instapaper = false
Pocket = false
Digg = false
Stumbleupon = false
Flipboard = false
Weibo = false
Renren = false
Myspace = false
Blogger = false
Baidu = false
Odnoklassniki = false
Evernote = false
Skype = false
Trello = false
Mix = false
[params.page.comment]
enable = true
[params.page.library]
[params.page.library.css]
# someCSS = "some.css"
# located in "assets/"
# Or
# someCSS = "https://cdn.example.com/some.css"
[params.page.library.js]
# someJavascript = "some.js"
# located in "assets/"
# Or
# someJavascript = "https://cdn.example.com/some.js"
# LoveIt CHANGED | 0.2.10 Page SEO config
[params.page.seo]
images = []
[params.page.seo.publisher]
name = ""
logoUrl = ""
[params.typeit]
speed = 100
cursorSpeed = 1000
cursorChar = "|"
duration = -1
[params.verification]
google = ""
bing = ""
yandex = ""
pinterest = ""
baidu = ""
[params.seo]
image = ""
thumbnailUrl = ""
[params.analytics]
enable = false
[params.cookieconsent]
enable = true
[params.cookieconsent.content]
message = ""
dismiss = ""
link = ""
[params.cdn]
data = ""
[params.compatibility]
polyfill = false
objectFit = false
[markup]
[markup.highlight]
codeFences = true
guessSyntax = true
lineNos = true
lineNumbersInTable = true
# false is a necessary configuration
# (https://github.com/dillonzq/LoveIt/issues/158)
noClasses = false
[markup.goldmark]
[markup.goldmark.extensions]
definitionList = true
footnote = true
linkify = true
strikethrough = true
table = true
taskList = true
typographer = true
[markup.goldmark.renderer]
unsafe = true
[markup.tableOfContents]
startLevel = 2
endLevel = 6
[author]
name = "br0tkasten"
email = "arne@br0tkasten.de"
link = ""
[sitemap]
changefreq = "weekly"
filename = "sitemap.xml"
priority = 0.5
[Permalinks]
# posts = ":year/:month/:filename"
posts = ":filename"
[privacy]
[privacy.twitter]
enableDNT = true
[privacy.youtube]
privacyEnhanced = true
[mediaTypes]
[mediaTypes."text/plain"]
suffixes = ["md"]
[outputFormats.MarkDown]
mediaType = "text/plain"
isPlainText = true
isHTML = false
[outputs]
home = ["HTML", "RSS", "JSON"]
page = ["HTML", "MarkDown"]
section = ["HTML", "RSS"]
taxonomy = ["HTML", "RSS"]
taxonomyTerm = ["HTML"]

18
content/knowledge/apache-httpd.md Normal file
View File

@ -0,0 +1,18 @@
---
title: "Apache httpd configs"
date: 2021-11-13
---
# HTTP proxy with Digest Auth
```
<Proxy *>
AuthType Digest
AuthName "mrtg"
AuthUserFile "/etc/httpd/conf/mrtg.htdigest"
Require valid-user
</Proxy>
ProxyPass / http://mrtg.lxc.br0tkasten.de/
ProxyPassReverse / http://mrtg.lxc.br0tkasten.de/
```

89
content/knowledge/lets-encrypt.md Normal file
View File

@ -0,0 +1,89 @@
---
title: 'Let''s Encrypt'
date: 2021-11-13T15:06:57Z
draft: false
---
## create certificate
```
certbot certonly --email contact@br0tkasten.de --webroot -w /var/www/certbot/htdocs -d log.br0tkasten.de
```
## Apache config
Default VirtualHost for HTTP (Port 80) mapping /.well-known/acme-challenge of any domain hosted on my webserver
to the same location in filesystem (/var/www/certbot/htdocs/.well-known/acme-challenge/)
This makes renew and create certificates very easy.
```
<VirtualHost 185.170.112.162:80 [2a03:4000:15:68::1]:80>
CustomLog /var/log/httpd/access.log combined
ErrorLog /var/log/httpd/error.log
Alias /.well-known/acme-challenge/ /var/www/certbot/htdocs/.well-known/acme-challenge/
<Location "/.well-known/acme-challenge">
Require all granted
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Location>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
RewriteCond %{HTTPS} off
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [last,redirect=301]
</VirtualHost>
```
## renew certificates
### systemd service
```
cat > /etc/systemd/system/certbot.service << EOF
[Unit]
Description=Let's Encrypt renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
EOF
```
### systemd timer
```
[Unit]
Description=Twice daily renewal of Let's Encrypt's certificates
[Timer]
OnCalendar=0/12:00:00
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target
```
### enable certbot timer
```
systemctl start certbot.timer
systemctl enable certbot.timer
```
## renewal hooks
### restart httpd after renewal
```
cat > /etc/letsencrypt/renewal-hooks/httpd.sh << EOF
#!/bin/sh
systemctl restart httpd
EOF
```
### restart mail container
```
cat > /etc/letsencrypt/renewal-hooks/mail.sh << EOF
#!/bin/sh
lxc-stop -r -n 'mail'
EOF
```

83
content/knowledge/lxc/lxc-networking.md Normal file
View File

@ -0,0 +1,83 @@
---
title: 'LXC Networking'
date: 2021-11-13T15:06:57Z
draft: false
---
# LXC network configurations
## create network bridge
```
brctl add br0
```
## add virtual ethernet interface to container
Add the following lines to _/var/lib/lxc/container/config_
```
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.name = eth0
```
## iptables
### port forwarding
iptables (IPv4) and ip6tables (IPv6) DNAT target to forward services to container.
```
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT \
--to-destination 10.3.0.31:8448
```
### masquerading
Translate outgoing traffic from container to public IP address
```
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
```
## IPv6
### network configuration
#### host
```
ip addr add fd00::1/8 dev br0
```
```
cat > /etc/sysctl.d/ipv6-forwarding.conf <<EOF
net.ipv6.conf.eth0.accept_ra = 2
net.ipv6.conf.br0.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.br0.forwarding = 1
EOF
```
#### container
```
ip addr add fd00::20:1/64 dev eth0
ip route add default via fd00::1 dev eth0
```
### port forwarding
```
ip6tables \
-t nat \
-A PREROUTING \
-d 2a03:4000:15:68::20/128 \
-i eth0 \
-p tcp \
-m tcp \
--dport 587 \
-j DNAT \
--to-destination [fd00::20:1]:587
```
### masquerade
```
ip6tables -t nat -A POSTROUTING -s fd00::20:1/128 -o eth0 -j SNAT --to-source 2a03:4000:15:68::20
```

31
content/knowledge/mail.md Normal file
View File

@ -0,0 +1,31 @@
---
title: Mail
date: 2021-11-13T15:06:57Z
draft: false
---
Stuff to know about mail
## Fetchmail
fetchmail pop.gmx.net --ssl --verbose --username _username_ --protocol pop3
## SMTP via Telnet
### query MX record (mailserver)
dig mx br0tkasten.de
### connect to mailservice @ mailserver
telnet mail.br0tkasten.de 25
### send testmail
ehlo barbecue.com
MAIL FROM: root@barbecue.com
RCPT TO: info@br0tkasten.de
DATA
Subject: Bla fasel
Das ist eine Testmail
.
QUIT

147
content/knowledge/matrix-chat-server.md Normal file
View File

@ -0,0 +1,147 @@
---
title: 'Matrix Chat Server'
date: 2021-11-13T15:06:57Z
draft: false
---
# Matrix Chat Server
## Synpase
To install matrix.org reference server synapse on Alpine-Linux the following steps are neccessary. In my case alpine-linux is running within an LXC container on my server.
### Install prerequisite packages
```
apk add \
python2 \
py2-pip \
py-setuptools \
py-virtualenv \
sqlite \
py2-pysqlite \
py2-psycopg \
postgresql-dev \
py2-cffi \
libffi-dev \
alpine-sdk \
sqlite-dev \
python2-dev \
linux-headers \
zlib-dev \
jpeg-dev
```
### install synapse
According to https://github.com/matrix-org/synapse#synapse-installation the recomendet installation procedure is within an python virtualenv environment.
```
virtualenv -p python2.7 /opt/synapse
. /opt/synapse/bin/activate
cd /opt/synapse
pip install --upgrade pip
pip install --upgrade setuptools
pip install https://github.com/matrix-org/synapse/tarball/master
```
### create default configuration homeserver.yaml
```
python \
-m synapse.app.homeserver \
--server-name matrix.br0tkasten.de \
--config-path homeserver.yaml \
--generate-config \
--report-stats=yes
```
### start synapse
```
synctl start
open-rc start script
```
### create system user
```
adduser -S matrix
chown -Rf matrix /opt/synapse
```
### virtualenv wraper script
```
mkdir -p /opt/sbin
cat > /opt/sbin/synapse.sh << EOF
#!/bin/sh
. /opt/synapse/bin/activate
cd /opt/synapse
synctl start
EOF
chmod 0755 /opt/sbin/synapse.sh
```
### open-rc init script
```
cat > /etc/init.d/synapse << EOF
#!/sbin/openrc-run
name=$RC_SVCNAME
command="/opt/sbin/synapse.sh"
command_user="matrix"
pidfile="/opt/synapse/homeserver.pid"
depend() {
need net
}
start() {
ebegin "Starting $name"
start-stop-daemon --start \
--user $command_user \
--exec $command \
--pidfile $pidfile
eend $?
}
stop() {
ebegin "Stopping $name"
start-stop-daemon --stop --user $command_user
eend $?
}
EOF
chmod 0755 /etc/init.d/synapse
```
### enable init script
```
rc-update add synapse
```
## Administration
### create user accounts
```
register_new_matrix_user -c homeserver.yaml http://matrix.br0tkasten.de:8008
```
## Additional
### Expose local LXC containers ports
#### Server-to-Server
For Server-to-Server connections on Port 8448 it is recommended to expose the port directly using portforwarding. On my server I used iptables for this portforwarding
```
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT --to-destination matrix.lxc.local:8448
```
#### Client connections
In my setup an apache vhost is acting as https reverse proxy.
```
<VirtualHost 185.170.112.162:443>
ServerName matrix.br0tkasten.de:443
RewriteEngine on
SSLEngine On
SSLProtocol all
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/matrix.br0tkasten.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/matrix.br0tkasten.de/privkey.pem
CustomLog /var/log/httpd/matrix/access.log combined
ErrorLog /var/log/httpd/matrix/error.log
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://matrix.lxc.br0tkasten.de:8008/
ProxyPassReverse / http://matrix.lxc.br0tkasten.de:8008/
</VirtualHost>
```

20
content/knowledge/tiptoi.md Normal file
View File

@ -0,0 +1,20 @@
---
title: tiptoi
date: 2021-11-13T15:06:57Z
draft: false
---
# tiptoi
## Download media files
Goto http://www.tiptoi.com -> Choose book -> "Audiodatei manuell herunterladen"
## Manually mount
When connecting the pen to a computer using a mini USB cable dmesg will show a new storage device (e.g. /dev/sdc). According to '''parted''' partition table is of type '''loop'''. Linux will not show hardware devices to mount the partition (e.g. /dev/sdc1).
To mount the filesystem use:
```
mount -t vfat -o loop,rw /dev/sdc /mnt
```

1
themes/LoveIt Submodule

@ -0,0 +1 @@
Subproject commit f787a4e5ad4edf60467658d10c286248dc5027a6