From 3a294b3292e156903dd5d986120d7ad24737919d Mon Sep 17 00:00:00 2001 From: Joshua Yun Date: Tue, 9 Jan 2024 17:46:32 -0500 Subject: Added acpi disabling to the wiki --- site/desktop/desktop/index.html | 119 ++++++++++++++++++++++++++++++++++++++++ site/search/search_index.json | 2 +- site/sitemap.xml.gz | Bin 307 -> 307 bytes 3 files changed, 120 insertions(+), 1 deletion(-) (limited to 'site') diff --git a/site/desktop/desktop/index.html b/site/desktop/desktop/index.html index cbbdf4f..3706b8e 100644 --- a/site/desktop/desktop/index.html +++ b/site/desktop/desktop/index.html @@ -389,6 +389,17 @@ + + @@ -399,6 +410,49 @@ + + + + @@ -665,6 +719,38 @@ + + + @@ -682,6 +768,39 @@

This page describes several useful tips and configurations that I've used.

Thunderbird

Syncthing on Artix

+

Disabling ACPI for sleep

+

Somtimes we cannot sleep the computer due to ACPI devices being annoying. +To fix this, we need to disable their wakeup ability.

+

The following command will look at the status of the ACPI devices:

+
cat /proc/acpi/wakeup
+
+

The following command will toggle the status of the ACPI device:

+
echo GP12 > /proc/acpi/wakeup
+
+

Making changes persistant

+

To make the changes persistant, we shall use a oneshot systemd service.

+
/etc/systemd/system/disable-acpi.service
+----------------------------------------
+[Unit]
+Description="Disable ACPI for sleeping"
+
+[Service]
+ExecStart=/bin/sh -c "/etc/suspend"
+Type=oneshot
+
+[Install]
+WantedBy=multi-user.target
+
+

The script /etc/suspend` works by disabling all devices if they are enabled:

+
#!/bin/sh
+
+declare -a devices=(INSERT DEVICE LIST HERE)
+for device in "${devices[@]}"; do
+    if grep -qw ^$device.*enabled /proc/acpi/wakeup; then
+        sudo sh -c "echo $device > /proc/acpi/wakeup"
+    fi
+done
+
diff --git a/site/search/search_index.json b/site/search/search_index.json index 05d20d4..d777773 100644 --- a/site/search/search_index.json +++ b/site/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to Joshua's Wiki","text":"

This is where I will be putting my stuff on how to configure things

"},{"location":"about/","title":"About this wiki","text":"

This is where I will be putting my stuff on how to configure things as well as some other personal references.

"},{"location":"desktop/desktop/","title":"Desktop Wiki","text":"

This page describes several useful tips and configurations that I've used.

Thunderbird

Syncthing on Artix

"},{"location":"desktop/syncthing/","title":"Syncthing using Runit and Artix Linux","text":"

The default Artix Linux syncthing script is broken, here is a corrected version that works:

#!/bin/sh\nexport USER=\"joshua\"\nexport HOME=\"/home/joshua\"\n\ngroups=\"$(id -Gn \"$USER\" | tr ' ' ':')\"\n\nexec 2>&1\nexec chpst -u \"$USER:groups\" syncthing -logflags 0\n

References:

Void Linux Per User Services

"},{"location":"desktop/thunderbird/","title":"Thunderbird","text":""},{"location":"desktop/thunderbird/#setting-dateformat","title":"Setting dateformat","text":"

Usually the date format is not in AM/PM. Unfortunately, I'm American, so here's how I change it.

  1. Go to settings in Thunderbird.
  2. Change Date and Time Formatting to Regional settings locale.
  3. Go to config editor at the bottom of general settings.
  4. Create new config string intl.date_time.pattern_override.time_short.
  5. Format follows datetime format, I use hh:mmaaaa.
  6. Restart Thunderbird.

References:

Linux Mint formum detailing these instructions

Datetime Reference

Mozilla Article on customizing formats

"},{"location":"food/curry/","title":"Curry Recipe","text":"

Serves four people with leftovers for the week.

"},{"location":"food/curry/#ingredients","title":"Ingredients","text":""},{"location":"food/curry/#preparation","title":"Preparation","text":""},{"location":"food/curry/#cooking","title":"Cooking","text":""},{"location":"food/spicy-shrimp/","title":"Spicy Shrimp","text":""},{"location":"food/spicy-shrimp/#ingredients","title":"Ingredients","text":""},{"location":"food/spicy-shrimp/#preparation","title":"Preparation","text":""},{"location":"food/spicy-shrimp/#cooking","title":"Cooking","text":""},{"location":"food/tempora/","title":"Tempora Recipe","text":""},{"location":"food/tempora/#ingredients","title":"Ingredients","text":""},{"location":"food/tempora/#cooking","title":"Cooking","text":""},{"location":"phone/lineageos/","title":"Android Auto with microG and Lineage OS","text":"

These instructions are almost identical to Braga2's instructions with a single important change that is emphasized.

References:

Braga2's Instructions

Google App Stub

Oneplus build example

Building LineageOS for Panther

LineageOS with MicroG

Docker to build LineageOS

Android Auto Build

"},{"location":"server/cgit/","title":"Cgit with gitolite and caddy","text":""},{"location":"server/cgit/#setup","title":"Setup","text":"

Install dependencies.

# apt install cgit python-is-python3 python3-pygments python3-markdown docutils-common groff perl\n

Make a git user.

sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git git\n

Allow ssh passwordless login.

usermod -p '*' username\n
"},{"location":"server/cgit/#gitolite","title":"Gitolite","text":"

Install the gitolite package from the repository directly.

"},{"location":"server/cgit/#configuration-with-cgit","title":"Configuration with cgit","text":"

Configuration of gitolite is done by modifying $HOME/.gitolite.rc.

To work correctly with cgit, gitweb and cgit configuration options need to work with gitolite.

Change:

GIT_CONFIG_KEYS  =>  '',\n

To:

GIT_CONFIG_KEYS  =>  '.*',\n

To have permissions work correctly,

Change:

UMASK  =>  0077,\n

To:

UMASK  =>  0027,\n

In the ENABLE field, add gitweb and cgit to the list.

"},{"location":"server/cgit/#usage","title":"Usage","text":"

Detailed usage of gitolite can be found here

"},{"location":"server/cgit/#repository-ignore","title":"Repository ignore","text":"

After cgit is configured, cgit can be told to ignore a repo with this syntax.

repo gitolite-admin\n    config cgit.ignore=1\n
"},{"location":"server/cgit/#adding-hooks-to-gitolite","title":"Adding Hooks to gitolite","text":"

This page details how to add hooks to your repositories.

Example hook that updates a website every git push. Make sure this directory is owned by git.

#!/bin/sh\nGIT_WORK_TREE=/desired/website/directory git checkout -f\n
"},{"location":"server/cgit/#cgit","title":"Cgit","text":""},{"location":"server/cgit/#running-cgit-with-caddy","title":"Running cgit with caddy","text":"

Install the fcgiwrap package.

Create a systemd service that wraps cgit with FastCGI.

# systemctl edit --full --force cgit.service\n
[Unit]\nDescription=CGI web interface to the Git SCM\nAfter=network.target\n\n[Service]\nType=exec\nExecStart=fcgiwrap -f -p \"/usr/lib/cgit/cgit.cgi\" -s tcp:127.0.0.1:8999\n\n[Install]\nWantedBy=multi-user.target\n
# systemctl start cgit\n

Add cgit configuration to caddy.

git.joshuayun.com {\n        handle_path /cgit-css/* {\n                root * /usr/share/cgit/\n                file_server\n        }\n\n        handle {\n                reverse_proxy localhost:8999 {\n                        transport fastcgi {\n                                env DOCUMENT_ROOT /usr/lib/cgit/\n                                env SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi\n                        }\n                }\n        }\n}\n
"},{"location":"server/cgit/#cgit-configuration","title":"Cgit configuration","text":"

More detailed documentation can be found on the cgitrc(5) manual.

enable-git-config is used to allow for gitweb.* configurations in gitolite, e.g. description, owner.

enable-git-config=1\n

project-list sets where cgit looks for projects, this list is the one updated by gitolite

project-list=/home/git/projects.list\n

scan-path sets where the actual git repositories live

scan-path=/home/git/repositories\n
"},{"location":"server/cgit/#references","title":"References","text":"

SixFoisNeuf Used this blog to run cgit using fcgiwrap rather than a caddy plugin. The entire cgit with caddy section was using his work.

Mateja Maric Used this blog to help configure cgitrc, gitolite.rc

Luke Hsiao Used the git user creation command from this blog.

Omar Polo (yumh) Used this blog to help configure cgitrc for hidden repos.

Bryan Brattlof Not much used here, kept as reference.

"},{"location":"server/ddns/","title":"DDNS Setup","text":""},{"location":"server/ddns/#porkbun-api","title":"Porkbun API","text":"

Follow this porkbun guide on enabling the api for your domain.

"},{"location":"server/ddns/#ddns-updater","title":"ddns-updater","text":"

ddns-updater is the program used to update Porkbun's A record of your domain.

"},{"location":"server/ddns/#docker-install","title":"Docker install","text":"

Install the docker package from official docker repositories.

"},{"location":"server/ddns/#setup","title":"Setup","text":"

Create a directory with config.json inside, and make sure that its owner has a uid of 1000.

mkdir data\ntouch data/config.json\n# Owned by user ID of Docker container (1000)\nchown -R 1000 data\n# all access (for creating json database file data/updates.json)\nchmod 700 data\n# read access only\nchmod 400 data/config.json\n

Configuration for porkbun in config.json

{\n  \"settings\": [\n    {\n      \"provider\": \"porkbun\",\n      \"domain\": \"domain.com\",\n      \"host\": \"@\",\n      \"api_key\": \"PORKBUN SECRET KEY\",\n      \"secret_api_key\": \"PORKBUN API KEY\",\n      \"ip_version\": \"ipv4\"\n    }\n  ]\n}\n

Optional \"ttl\" paramter specifing A record TTL not included.

"},{"location":"server/ddns/#usage","title":"Usage","text":"
docker run -d -p 8000:8000/tcp -v \"$(pwd)\"/data:/updater/data qmcgaw/ddns-updater\n

This will start a docker container that will start updating the DNS records. Status updates can be seen in a web server by going to localhost:8000.

"},{"location":"server/server/","title":"Homelab Server Setup","text":"

This page describes how I setup my personal webserver

I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support

"},{"location":"server/server/#linux-distribution-used","title":"Linux Distribution Used","text":"

Debian 12 Bookworm.

Update the system.

# apt update\n# apt upgrade\n
"},{"location":"server/server/#ssh","title":"SSH","text":"

Generate ssh keys

ssh-keygen -t [keytype]\n

Add ssh keys to ~/.ssh/authorized_keys

ssh-copy-id -i /path/to/pubkey [user@]machine\n
"},{"location":"server/server/#optional-security-enhancements","title":"Optional security enhancements","text":"

Change the port in /etc/sshd_config to a nonstandard port to harden security.

Port 1234\n

Disable password login in /etc/sshd_config/

PubkeyAuthentication yes\nChallengeResponseAuthentication no\nPasswordAuthentication no\nKbdInteractiveAuthentication no\nUsePAM no\n

Disable XForwarding

X11Forwarding no\n

Disable remote root login

PermitRootLogin no\n

Disable root account

$ sudo chsh -s /sbin/nologin root\n
"},{"location":"server/server/#ddns","title":"DDNS","text":"

Setup Dyanmic DNS (ddns) with Porkbun and ddns-updater.

"},{"location":"server/server/#caddy","title":"Caddy","text":"

Install the Caddy package from Caddy directly.

"},{"location":"server/server/#cgit-gitolite","title":"Cgit & gitolite","text":"

Setup cgit with gitolite and caddy.

"},{"location":"server/server/#radicale","title":"Radicale","text":"

Install the Radicale package.

Start the Radicale service.

systemctl enable radicale.service\nsystemctl start radicale.service\n

Generate secure passwords using htpasswd.

# Create a new htpasswd file with the user \"user1\"\n$ htpasswd -c /path/to/users user1\nNew password:\nRe-type new password:\n# Add another user\n$ htpasswd /path/to/users user2\nNew password:\nRe-type new password:\n

Edit configuration to add users

[auth]\ntype = htpasswd\nhtpasswd_filename = /path/to/users\n# encryption method used in the htpasswd file\nhtpasswd_encryption = md5\n

Add configuration to caddy.

caldav.joshuayun.com {\n    handle_path /* {\n        reverse_proxy localhost:5232 {\n        header_up X-Script-Name /radicale\n        }\n    }\n    handle_path /radicale/* {\n        reverse_proxy localhost:5232 {\n            header_up X-Script-Name /radicale\n        }\n    }\n}\n
"},{"location":"server/server/#webdav","title":"Webdav","text":"

Add the Webdav module to Caddy.

sudo caddy add-package github.com/mholt/caddy-webdav\nsudo systemctl restart caddy\n

Add Webdav to the Caddy configuration

Example configuration with protected file browsing, see the github for more configurations.

webdav.joshuayun.com {\n    @get method GET\n    root * WEBDAV_PATH\n    route {\n        basicauth {\n            joshua CADDY_HASH\n        }\n        file_server @get browse\n        webdav\n    }\n}\n

To generate the hash:

caddy hash-password\n
"},{"location":"server/syncthing/","title":"Syncthing Setup","text":"

I am currently using syncthing for my music to be synced across devices.

"},{"location":"server/syncthing/#installation","title":"Installation","text":"

Install the Syncthing package from upstream repositories.

"},{"location":"server/syncthing/#reverse-proxy-setup-ref","title":"Reverse proxy setup [Ref]","text":"

Example syncthing reverse proxy setup.

sync.joshuayun.com {\n        handle_path /* {\n                reverse_proxy http://localhost:8384 {\n                        header_up Host {upstream_hostport}\n                }\n        }\n}\n

Optional: Add a htpasswd to block unauthorized access to the syncthing.

"},{"location":"server/syncthing/#syncthing-system-service-ref","title":"Syncthing system service [Ref]","text":"

Enable the syncthing user service.

systemctl enable syncthing@myuser.service\nsystemctl start syncthing@myuser.service\n
"},{"location":"server/syncthing/#syncthing-configuration","title":"Syncthing configuration","text":"

Done all through the gui. It is recommended to setup a user login, especially if you are making a syncthing that is exposed to the open internet.

"}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Welcome to Joshua's Wiki","text":"

This is where I will be putting my stuff on how to configure things

"},{"location":"about/","title":"About this wiki","text":"

This is where I will be putting my stuff on how to configure things as well as some other personal references.

"},{"location":"desktop/desktop/","title":"Desktop Wiki","text":"

This page describes several useful tips and configurations that I've used.

Thunderbird

Syncthing on Artix

"},{"location":"desktop/desktop/#disabling-acpi-for-sleep","title":"Disabling ACPI for sleep","text":"

Somtimes we cannot sleep the computer due to ACPI devices being annoying. To fix this, we need to disable their wakeup ability.

The following command will look at the status of the ACPI devices:

cat /proc/acpi/wakeup\n

The following command will toggle the status of the ACPI device:

echo GP12 > /proc/acpi/wakeup\n
"},{"location":"desktop/desktop/#making-changes-persistant","title":"Making changes persistant","text":"

To make the changes persistant, we shall use a oneshot systemd service.

/etc/systemd/system/disable-acpi.service\n----------------------------------------\n[Unit]\nDescription=\"Disable ACPI for sleeping\"\n\n[Service]\nExecStart=/bin/sh -c \"/etc/suspend\"\nType=oneshot\n\n[Install]\nWantedBy=multi-user.target\n

The script /etc/suspend` works by disabling all devices if they are enabled:

#!/bin/sh\n\ndeclare -a devices=(INSERT DEVICE LIST HERE)\nfor device in \"${devices[@]}\"; do\n    if grep -qw ^$device.*enabled /proc/acpi/wakeup; then\n        sudo sh -c \"echo $device > /proc/acpi/wakeup\"\n    fi\ndone\n
"},{"location":"desktop/syncthing/","title":"Syncthing using Runit and Artix Linux","text":"

The default Artix Linux syncthing script is broken, here is a corrected version that works:

#!/bin/sh\nexport USER=\"joshua\"\nexport HOME=\"/home/joshua\"\n\ngroups=\"$(id -Gn \"$USER\" | tr ' ' ':')\"\n\nexec 2>&1\nexec chpst -u \"$USER:groups\" syncthing -logflags 0\n

References:

Void Linux Per User Services

"},{"location":"desktop/thunderbird/","title":"Thunderbird","text":""},{"location":"desktop/thunderbird/#setting-dateformat","title":"Setting dateformat","text":"

Usually the date format is not in AM/PM. Unfortunately, I'm American, so here's how I change it.

  1. Go to settings in Thunderbird.
  2. Change Date and Time Formatting to Regional settings locale.
  3. Go to config editor at the bottom of general settings.
  4. Create new config string intl.date_time.pattern_override.time_short.
  5. Format follows datetime format, I use hh:mmaaaa.
  6. Restart Thunderbird.

References:

Linux Mint formum detailing these instructions

Datetime Reference

Mozilla Article on customizing formats

"},{"location":"food/curry/","title":"Curry Recipe","text":"

Serves four people with leftovers for the week.

"},{"location":"food/curry/#ingredients","title":"Ingredients","text":""},{"location":"food/curry/#preparation","title":"Preparation","text":""},{"location":"food/curry/#cooking","title":"Cooking","text":""},{"location":"food/spicy-shrimp/","title":"Spicy Shrimp","text":""},{"location":"food/spicy-shrimp/#ingredients","title":"Ingredients","text":""},{"location":"food/spicy-shrimp/#preparation","title":"Preparation","text":""},{"location":"food/spicy-shrimp/#cooking","title":"Cooking","text":""},{"location":"food/tempora/","title":"Tempora Recipe","text":""},{"location":"food/tempora/#ingredients","title":"Ingredients","text":""},{"location":"food/tempora/#cooking","title":"Cooking","text":""},{"location":"phone/lineageos/","title":"Android Auto with microG and Lineage OS","text":"

These instructions are almost identical to Braga2's instructions with a single important change that is emphasized.

References:

Braga2's Instructions

Google App Stub

Oneplus build example

Building LineageOS for Panther

LineageOS with MicroG

Docker to build LineageOS

Android Auto Build

"},{"location":"server/cgit/","title":"Cgit with gitolite and caddy","text":""},{"location":"server/cgit/#setup","title":"Setup","text":"

Install dependencies.

# apt install cgit python-is-python3 python3-pygments python3-markdown docutils-common groff perl\n

Make a git user.

sudo adduser --system --shell /bin/bash --group --disabled-password --home /home/git git\n

Allow ssh passwordless login.

usermod -p '*' username\n
"},{"location":"server/cgit/#gitolite","title":"Gitolite","text":"

Install the gitolite package from the repository directly.

"},{"location":"server/cgit/#configuration-with-cgit","title":"Configuration with cgit","text":"

Configuration of gitolite is done by modifying $HOME/.gitolite.rc.

To work correctly with cgit, gitweb and cgit configuration options need to work with gitolite.

Change:

GIT_CONFIG_KEYS  =>  '',\n

To:

GIT_CONFIG_KEYS  =>  '.*',\n

To have permissions work correctly,

Change:

UMASK  =>  0077,\n

To:

UMASK  =>  0027,\n

In the ENABLE field, add gitweb and cgit to the list.

"},{"location":"server/cgit/#usage","title":"Usage","text":"

Detailed usage of gitolite can be found here

"},{"location":"server/cgit/#repository-ignore","title":"Repository ignore","text":"

After cgit is configured, cgit can be told to ignore a repo with this syntax.

repo gitolite-admin\n    config cgit.ignore=1\n
"},{"location":"server/cgit/#adding-hooks-to-gitolite","title":"Adding Hooks to gitolite","text":"

This page details how to add hooks to your repositories.

Example hook that updates a website every git push. Make sure this directory is owned by git.

#!/bin/sh\nGIT_WORK_TREE=/desired/website/directory git checkout -f\n
"},{"location":"server/cgit/#cgit","title":"Cgit","text":""},{"location":"server/cgit/#running-cgit-with-caddy","title":"Running cgit with caddy","text":"

Install the fcgiwrap package.

Create a systemd service that wraps cgit with FastCGI.

# systemctl edit --full --force cgit.service\n
[Unit]\nDescription=CGI web interface to the Git SCM\nAfter=network.target\n\n[Service]\nType=exec\nExecStart=fcgiwrap -f -p \"/usr/lib/cgit/cgit.cgi\" -s tcp:127.0.0.1:8999\n\n[Install]\nWantedBy=multi-user.target\n
# systemctl start cgit\n

Add cgit configuration to caddy.

git.joshuayun.com {\n        handle_path /cgit-css/* {\n                root * /usr/share/cgit/\n                file_server\n        }\n\n        handle {\n                reverse_proxy localhost:8999 {\n                        transport fastcgi {\n                                env DOCUMENT_ROOT /usr/lib/cgit/\n                                env SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi\n                        }\n                }\n        }\n}\n
"},{"location":"server/cgit/#cgit-configuration","title":"Cgit configuration","text":"

More detailed documentation can be found on the cgitrc(5) manual.

enable-git-config is used to allow for gitweb.* configurations in gitolite, e.g. description, owner.

enable-git-config=1\n

project-list sets where cgit looks for projects, this list is the one updated by gitolite

project-list=/home/git/projects.list\n

scan-path sets where the actual git repositories live

scan-path=/home/git/repositories\n
"},{"location":"server/cgit/#references","title":"References","text":"

SixFoisNeuf Used this blog to run cgit using fcgiwrap rather than a caddy plugin. The entire cgit with caddy section was using his work.

Mateja Maric Used this blog to help configure cgitrc, gitolite.rc

Luke Hsiao Used the git user creation command from this blog.

Omar Polo (yumh) Used this blog to help configure cgitrc for hidden repos.

Bryan Brattlof Not much used here, kept as reference.

"},{"location":"server/ddns/","title":"DDNS Setup","text":""},{"location":"server/ddns/#porkbun-api","title":"Porkbun API","text":"

Follow this porkbun guide on enabling the api for your domain.

"},{"location":"server/ddns/#ddns-updater","title":"ddns-updater","text":"

ddns-updater is the program used to update Porkbun's A record of your domain.

"},{"location":"server/ddns/#docker-install","title":"Docker install","text":"

Install the docker package from official docker repositories.

"},{"location":"server/ddns/#setup","title":"Setup","text":"

Create a directory with config.json inside, and make sure that its owner has a uid of 1000.

mkdir data\ntouch data/config.json\n# Owned by user ID of Docker container (1000)\nchown -R 1000 data\n# all access (for creating json database file data/updates.json)\nchmod 700 data\n# read access only\nchmod 400 data/config.json\n

Configuration for porkbun in config.json

{\n  \"settings\": [\n    {\n      \"provider\": \"porkbun\",\n      \"domain\": \"domain.com\",\n      \"host\": \"@\",\n      \"api_key\": \"PORKBUN SECRET KEY\",\n      \"secret_api_key\": \"PORKBUN API KEY\",\n      \"ip_version\": \"ipv4\"\n    }\n  ]\n}\n

Optional \"ttl\" paramter specifing A record TTL not included.

"},{"location":"server/ddns/#usage","title":"Usage","text":"
docker run -d -p 8000:8000/tcp -v \"$(pwd)\"/data:/updater/data qmcgaw/ddns-updater\n

This will start a docker container that will start updating the DNS records. Status updates can be seen in a web server by going to localhost:8000.

"},{"location":"server/server/","title":"Homelab Server Setup","text":"

This page describes how I setup my personal webserver

I'm hosting a website, wiki, caldav using Radicale, git using cgit and Gitolite, and webdav support

"},{"location":"server/server/#linux-distribution-used","title":"Linux Distribution Used","text":"

Debian 12 Bookworm.

Update the system.

# apt update\n# apt upgrade\n
"},{"location":"server/server/#ssh","title":"SSH","text":"

Generate ssh keys

ssh-keygen -t [keytype]\n

Add ssh keys to ~/.ssh/authorized_keys

ssh-copy-id -i /path/to/pubkey [user@]machine\n
"},{"location":"server/server/#optional-security-enhancements","title":"Optional security enhancements","text":"

Change the port in /etc/sshd_config to a nonstandard port to harden security.

Port 1234\n

Disable password login in /etc/sshd_config/

PubkeyAuthentication yes\nChallengeResponseAuthentication no\nPasswordAuthentication no\nKbdInteractiveAuthentication no\nUsePAM no\n

Disable XForwarding

X11Forwarding no\n

Disable remote root login

PermitRootLogin no\n

Disable root account

$ sudo chsh -s /sbin/nologin root\n
"},{"location":"server/server/#ddns","title":"DDNS","text":"

Setup Dyanmic DNS (ddns) with Porkbun and ddns-updater.

"},{"location":"server/server/#caddy","title":"Caddy","text":"

Install the Caddy package from Caddy directly.

"},{"location":"server/server/#cgit-gitolite","title":"Cgit & gitolite","text":"

Setup cgit with gitolite and caddy.

"},{"location":"server/server/#radicale","title":"Radicale","text":"

Install the Radicale package.

Start the Radicale service.

systemctl enable radicale.service\nsystemctl start radicale.service\n

Generate secure passwords using htpasswd.

# Create a new htpasswd file with the user \"user1\"\n$ htpasswd -c /path/to/users user1\nNew password:\nRe-type new password:\n# Add another user\n$ htpasswd /path/to/users user2\nNew password:\nRe-type new password:\n

Edit configuration to add users

[auth]\ntype = htpasswd\nhtpasswd_filename = /path/to/users\n# encryption method used in the htpasswd file\nhtpasswd_encryption = md5\n

Add configuration to caddy.

caldav.joshuayun.com {\n    handle_path /* {\n        reverse_proxy localhost:5232 {\n        header_up X-Script-Name /radicale\n        }\n    }\n    handle_path /radicale/* {\n        reverse_proxy localhost:5232 {\n            header_up X-Script-Name /radicale\n        }\n    }\n}\n
"},{"location":"server/server/#webdav","title":"Webdav","text":"

Add the Webdav module to Caddy.

sudo caddy add-package github.com/mholt/caddy-webdav\nsudo systemctl restart caddy\n

Add Webdav to the Caddy configuration

Example configuration with protected file browsing, see the github for more configurations.

webdav.joshuayun.com {\n    @get method GET\n    root * WEBDAV_PATH\n    route {\n        basicauth {\n            joshua CADDY_HASH\n        }\n        file_server @get browse\n        webdav\n    }\n}\n

To generate the hash:

caddy hash-password\n
"},{"location":"server/syncthing/","title":"Syncthing Setup","text":"

I am currently using syncthing for my music to be synced across devices.

"},{"location":"server/syncthing/#installation","title":"Installation","text":"

Install the Syncthing package from upstream repositories.

"},{"location":"server/syncthing/#reverse-proxy-setup-ref","title":"Reverse proxy setup [Ref]","text":"

Example syncthing reverse proxy setup.

sync.joshuayun.com {\n        handle_path /* {\n                reverse_proxy http://localhost:8384 {\n                        header_up Host {upstream_hostport}\n                }\n        }\n}\n

Optional: Add a htpasswd to block unauthorized access to the syncthing.

"},{"location":"server/syncthing/#syncthing-system-service-ref","title":"Syncthing system service [Ref]","text":"

Enable the syncthing user service.

systemctl enable syncthing@myuser.service\nsystemctl start syncthing@myuser.service\n
"},{"location":"server/syncthing/#syncthing-configuration","title":"Syncthing configuration","text":"

Done all through the gui. It is recommended to setup a user login, especially if you are making a syncthing that is exposed to the open internet.

"}]} \ No newline at end of file diff --git a/site/sitemap.xml.gz b/site/sitemap.xml.gz index 6d34d99..a5528fb 100644 Binary files a/site/sitemap.xml.gz and b/site/sitemap.xml.gz differ -- cgit v1.2.3