pyratelog

personal blog
git clone git://git.pyratebeard.net/pyratelog.git
Log | Files | Refs | README

commit f5465e21a678cf9e27cb7b5d1505618b4020be46
parent 3fd586a337336fbb2dd70622b4a21c69910d3e8a
Author: pyratebeard <root@pyratebeard.net>
Date:   Sat, 23 Jan 2021 20:45:23 +0000

renamed 'content' dir to 'entry'

Diffstat:
Aentry/20160111-hello_world.md | 11+++++++++++
Aentry/20161105-arch_linux_install.md | 255+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20170412-degoogle_part_1.md | 188+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20170503-raspberry_pi_setup.md | 149+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20170527-html_emails_in_mutt.md | 17+++++++++++++++++
Aentry/20170614-termux_on_android.md | 62++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20170711-setting_up_arch.md | 120+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20170718-raspberry_pi_vpn.md | 240+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20170822-firefox_desktop_dir.md | 24++++++++++++++++++++++++
Aentry/20171010-simple_python_webserver.md | 27+++++++++++++++++++++++++++
Aentry/20171112-ssh_into_android.md | 63+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20200302-hugo_and_gitlab_ci_cd.draft | 247+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20200323-comic_book_computer_desk.draft | 30++++++++++++++++++++++++++++++
Aentry/20200625-magic_wormhole.md | 58++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Aentry/20210111-leaving_whatsapp.draft | 2++
15 files changed, 1493 insertions(+), 0 deletions(-)

diff --git a/entry/20160111-hello_world.md b/entry/20160111-hello_world.md @@ -0,0 +1,11 @@ +Blogging has never really been my thing. Over the last couple of years my girlfriend has pointed out to me that I should write down some of the code or tech projects I'm working on. So here we have it, my attempt at a web log. + +There are already a few entries in the works. After that they may come thick and fast or they may be few and far between. + +Since leaving the RAF in 2013 I have been working as a UNIX and Linux engineer (yes there is a difference). In that time I have learnt a lot about UNIX systems, open source, coding, and I have dealt with plenty of issues in my day to day role. I aim to write a few guides to help beginners as well as detailing problems I have worked with for other engineers. + +If you're lucky enough I may write some posts about comics and other non tech related subjects, but let's not get ahead of ourselves. + +I hope you enjoy some, if not all of the writings I will post. Feel free to send me critique on [twitter](https://twitter.com/pyratebeard). + +Until next time... diff --git a/entry/20161105-arch_linux_install.md b/entry/20161105-arch_linux_install.md @@ -0,0 +1,255 @@ +The first distro I ever installed was OpenSUSE, many years ago. At the time I didn't really understand what the different distros meant and so I just installed from a free disk I received with a magazine. + +I quickly started playing around with a number of other distros including Fedora, Ubuntu, and Debian. Quickly I realised there was no "right" distro and it was all about choice. Fedora was the distro I ended up using for a number of years... until the introduction of Gnome3 and the GnomeShell. Straight away this wasn't for me, so I sought out alternative Desktop Environments. It was also at this opportunity that I decided to give Arch a try. + +Even in the few short years I had used Linux I knew for certain this was for me and therefore I wanted to know more about it. Arch was a good choice because it enables you to get much more hands on. + +Arch is not recommended for absolute beginners, but if you want to improve your understanding of how the OS works it is a good distro to play around with. Things may (will) break, but that is all part of the fun! + +This guide details the steps I take to quickly run up an Arch install. Security is always something I consider and therefore I encrypt my root filesystem. A lot of the steps detailed below are taken straight out of the [official install guide](https://wiki.archlinux.org/index.php/Installation_guide). These steps are not intended to replace the information on the Arch wiki, this is merely my adoption of the process. + +Pre-reqs: + +- You should be comfortable with using the Linux command line as there is no GUI for this installation +- I use vi for editing the files in this guide. Feel free to use nano if you prefer +- Grab the latest [Arch ISO](https://www.archlinux.org/download/) +- Internet connection< + +Boot from the ISO and select "Boot Arch Linux (x86_64)" + +After the ISO has loaded you will be presented with a prompt +``` +root@archiso ~ # +``` +The first thing I tend to do is load the keymap for my UK keyboard. This is an optional step, but will help if you use certain characters when setting passwords (#, @, /, \, etc). + +First show a list of all available QWERTY keymaps, then load the desired map +``` +ls -l /usr/share/kbd/keymaps/i386/qwerty/ +loadkeys uk +``` +The next step is to ensure you have a working internet connection. While this step is also optional I will be using an internet connection later on +``` +systemctl start dhcpcd +ip a +ping -c 3 archlinux.org +``` +_If you are unsure how to get wifi working check out my guide [here]()_ + +It is advised to enable ntp (Network Time Protocol) to ensure the system clock is accurate +``` +timedatectl set-ntp true +timedatectl status +``` +I am only using one disk in this guide. Be careful when there are multiple disks attached to you system, make sure you specify the correct device, e.g. sda +``` +lsblk +``` +As mentioned security is pretty important. Before we continue we will write lots of random data to the disk so that it is completely wiped clean. This may take a while, so grab a brew! +``` +dd if=/dev/urandom of=/dev/sda bs=1M +``` +Once that is completed we need to create the partition table. We are only going to create two partitions, one for the boot partition and one for the rest of the disk. Later on we will use LVM ([Logical Volume Manager](https://en.wikipedia.org/wiki/Logical_Volume_Manager_%28Linux%29)) to break the disk down further +``` +fdisk /dev/sda +``` +You will now be in the fdisk utility, and you will see the prompt has changed +``` +Command (? for help): +p (should be empty) +n +p +1 +[return] ++512M +t +L +83 +n +p +2 +[return] +[return] +t +2 +8e +p +w +``` +Make sure the device now shows the two partitions, sda1 and sda2 +``` +lsblk +``` +Format /boot partition +``` +mkfs.ext3 /dev/sda1 +``` +Before we set up LVM on the second partition we need to encrypt it. We will be using LUKS (Linux Unified Key Setup) + +First make sure the module is loaded +``` +modprobe dm-crypt +``` +The encryption setup is fairly standed. We are using "aes-xts-plain64" cipher for LUKS. We'll include the `-y` option to verify the passphrase (by asking twice) and we set the key size to 512 bits (this argument must be a multiple of 8) +``` +cryptsetup -c aes-xts-plain64 -y -s 512 luksFormat /dev/sda2 +YES +(enter passphrase twice) +``` +Now we open the encrypted partition under `/dev/mapper/lvm`. Then add it as a physical volume group on the whole partition +``` +cryptsetup luksOpen /dev/sda2 lvm +(enter passphrase) +pvcreate /dev/mapper/lvm +pvs +vgcreate vg_arch /dev/mapper/lvm +vgs +``` +For my logical volumes I have sized the partitions based on various best practice rules that I have picked up over the years. This is by no means a strict rule, but it is advised to split up `/boot`, `/var`, and `/home`. The `/boot` directory has been placed on a separate partition due to the encryption we're going to use. We will also create some [swap space](http://linuxjournal.com/article/10678). In this example I am using a 64GB disk + +- /boot = 512MB +- /var = 10GB +- swap = 8GB +- / = 20GB +- /home = 25.49GB + +Create the logical volumes, create filesystems on each volume and ensure the swap space is active +``` +lvcreate -L 20GB -n lv_root vg_arch +lvcreate -L 10GB -n lv_var vg_arch +lvcreate -L 8GB -n lv_swap vg_arch +lcreate -l +100%FREE -n lv_home vg_arch +lvs +mkfs.ext4 /dev/mapper/vg_arch-lv_root +mkfs.ext4 /dev/mapper/vg_arch-lv_var +mkfs.ext4 /dev/mapper/vg_arch-lv_home +mkswap /dev/mapper/vg_arch-lv_swap +swapon /dev/mapper/vg_arch-lv_swap +``` +We are going to mount the root filesystem under `/mnt` then create a few directories for the other volumes +``` +mount /dev/mapper/vg_arch-lv_root /mnt +mkdir /mnt/{boot,var,home} +mount /dev/sda1 /mnt/boot +mount /dev/mapper/vg_arch-lv_var /mnt/var +mount /dev/mapper/vg_arch-lv_home /mnt/home +df -ah +``` +Before we install Arch we need to configure the mirrorlist. As I am currently in the UK I will generate a relevant mirrorlist. This is where an internet connection comes in useful. We will use the Arch [mirrorlist generator](https://www.archlinux.org/mirrorlist/) and `wget` to pull it onto our system. By default the lines are all commented out so we'll use `sed` to uncomment the correct lines. Then we will switch the current mirrorlist with our new one, it is good practice to always make backup copies of configuration files before replacing or modifying them +``` +wget -O mirrorlist "https://www.archlinux.org/mirrorlist/?country=GB&protocol=http&protocol=https&ip_version=4&use_mirror_status=on" +cat mirrorlist +sed -i 's/^#S/S/g' mirrorlist +mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak +mv mirrorlist /etc/pacman.d/mirrorlist +``` +Now we can install the base Arch packages +``` +pacstrap /mnt base base-devel +``` +Generate fstab, setting the `-U` option to use UUIDs. The `-p` excludes pseudofs mounts +``` +genfstab -p -U /mnt > /mnt/etc/fstab +cat /mnt/etc/fstab +``` +To configure the rest of the system we're going to use [chroot](https://en.wikipedia.org/wiki/Chroot) to change the root directory. This makes it easier to configure +``` +arch-chroot /mnt +``` +You will notice that the prompt has now changed +``` +[root@archiso /]# +``` +Set a symbolic link to the timezone file for your city, in this case London +``` +ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime +``` +Set up the locale settings, in this case we are using en_GB +``` +vi /etc/locale.gen +``` +Remove the # at the start of the "en_GB.UTF-8 UTF-8" line +Save and quit +``` +locale-gen +echo LANG=en_GB.UTF-8 > /etc/locale.conf +export LANG=en_GB.UTF-8 +``` +We need to set the keymap so that it sets on boot +``` +echo 'KEYMAP="gb"' > /etc/vconsole.conf +``` +Pick a hostname that is relevant, or clever, or funny +``` +echo gibson > /etc/hostname +vi /etc/hosts +``` +Navigate to line beginning with "127.0.0.1" and append your hostname to the end +Save and quit +Ensure dhcpcd is enabled on boot +``` +systemctl enable dhcpcd +``` +Next we need to install and configure the [GRUB](https://en.wikipedia.org/wiki/GNU_GRUB) bootloader +``` +pacman -S grub +y +grub-install --target=i386-pc /dev/sda +vi /etc/default/grub +``` +Navigate to line GRUB_CMDLINE_LINUX="" +Change to the following (replacing `vg_arch` with your volume group name) +``` +GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:vg_arch" +``` +Save and quit +``` +grub-mkconfig -o /boot/grub/grub.cfg +vi /etc/mkinitcpio.conf +``` +Navigate to the following line +``` +HOOKS="base udev autodetect modconf block filesystems keyboard fsck" +``` +Add in the hooks "encrypt" and "lvm2" after "block" +``` +HOOKS="base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck" +``` +Now we generate the initial ramdisk +``` +mkinitcpio -p linux +``` +We must set the root password - make sure it's secure! +``` +passwd +(no visual output - don't worry!) +vi /etc/sudoers +``` +Navigate to the following line and remove the # at the start +``` +# %wheel ALL=(ALL) PASSWD: ALL +``` +Save and quit - you may need to force write with `:wq!` (in vi) as the file is read-only. + +Finally we need to add a standard user. This command will create a "users" group for the user and also add them into the "wheel" group so that they can run the `sudo` command. Don't forget to set a strong password! +``` +useradd -m -g users -G wheel -s /bin/bash pyratebeard +passwd pyratebeard +exit +``` +That's it, all done. We have exited back to the ISO and you should see the prompt change. All that is left is to unmount the system and reboot +``` +umount /mnt/{boot,var,home} +umount /mnt +reboot +``` +Remove the ISO media and the system should boot off your new Arch Linux install. + +Enter the encryption passphrase we set when prompted. + +Login as your user account. + +Congratulations, you've successfully installed Arch Linux with an encrypted root filesystem. + +I will be doing another log soon which details how I set up my system, including the Window Manager, various applications, and the all important dotfiles! + diff --git a/entry/20170412-degoogle_part_1.md b/entry/20170412-degoogle_part_1.md @@ -0,0 +1,188 @@ +Having always been concious of privacy I was surprised to realise how deep down the Google hole I had fallen. Ease of use is probably why it happened. It dawned on me that almost every app I was using on a daily basis had Google before it, all logged in from one account, and all syncing my data so that everything was seamless. I didn't like it. Having everything synced did make my life easier switching from laptop, to PC, to my phone, and back again; however, there was this little voice in the back of my head complaining about how much information one company knew about me. + +At the time I had 35GB of Google Drive storage, due to an offer when purchasing a SIM card. This offer was due to run out and drop me back down to the default amount of 15GB. As a fairly heavy user I needed the extra space, so I figured it was a good time to start looking around at new cloud backup providers. While I was looking for alternative storage I decided to see how easy it would be to replace all the Google applications currently used. + +So, in July 2016, the experiment began. + +## Part One + +Over a couple of days (which turned into weeks) I started investigating some alternatives to my most used Google applications. I'm not going to list all the alternatives I found and tested, I may do some posts regarding my testing if anybody is interested. + +In no particular order here is the list of Google applications I used on a regular basis: + +* Search +* Authenticator App +* Mail +* Contacts +* Drive +* Chrome +* Calendar +* Maps +* Keep +* Chromecast +* Photos +* Translate +* Hangouts +* Android +* Youtube + +The following are the replacements I have settled on (in the same order as the list above): + +* [DuckDuckGo](#duckduckgo) +* [Authy](#authy) +* [Protonmail](#protonmail) +* [? - contacts](#contacts) +* [Mega](#mega) +* [Firefox](#firefox) +* [? - calendar](#calendar) +* [Waze](#waze) +* [Evernote](#evernote) +* [? - chromecast](#cast) +* [Nothing](#photos) +* [WorldLingo](#translator) +* [Whatsapp/Telegram](#whatsapp) +* [CyanogenMod](#cyanogenmod) +* [Youtube](#youtube) + + +<br /> + +### DuckDuckGo + +[Website](https://ddg.gg) + +This search engine had replaced Google for me a long time before attempting the switch. I can't remember when I first heard of DuckDuckGo, but after I had got use to their [!bangs](https://duckduckgo.com/bang) I have not looked back. If I do ever want to use Google Search I will go through [StartPage](https://www.startpage.com/). + +<br /> + +### Authy + +[Website](https://www.authy.com/) + +Two-factor authentication is very important (security is NOT a dirty word!) and so I replaced the Google Authenticator app with Authy. I didn't have an issue moving all the accounts across, and you can enable multi-devices if you require the same authentication across more than one device. I haven't used this feature yet but it is handy to have. + +<br /> + +### Protonmail + +[Website](https://protonmail.com) + +My replacement to Gmail split in two. I have my own email server (upcoming log!) and use my own domain, pyratebeard.net. I had a second Gmail account for more professional places such as LinkedIn so I opted for Protonmail as the replacement. This was primarily because it is free, and encrypted. The free tier offers 500MB of storage and 150 messages a day. This suited my needs as I wouldn't be using it often. + +<br /> + +### Contacts + +One of the most useful features with Gmail is having all your contacts stored. When I moved to a new phone I only had to sign in to Google and instantly all my contacts are available. I never saved to the phone or the SIM, and that meant I could access them online if my phone was ever out of reach. + +I am yet to find an alternative to this. Currently I am performing my own sync between my phone and Mega, but it is not the same. + +<br /> + +### Mega + +[Website](https://mega.nz) + +You may have heard of Mega already, developed by the (in)famous [Kim Dotcom](http://www.kim.com/) after his original venture, MegaUpload, was shutdown. Mega however strives to do things by the book while focusing on security. Their web based app is clean and easy to use. There is a desktop sync client, as well as mobile device apps. There is also a Firefox Extension to "reduce loading times, improve download performance and strengthen security". + +Apart from their security one of the other big selling points was the storage capacity. A standard free tier account receives 50GB of storage! That is well over what I needed to replace Drive. + +<br /> + +### Firefox + +[Website](https://www.mozilla.org/en-US/firefox/new/) + +Switching to Firefox wasn't such a big deal for me. I had been an avid Firefox user prior to Chrome. At the time I wasn't keen on the fact that when you opened Firefox it loaded all tabs straight away, in Chrome it only loaded the focused tab. For me this was almost a deal breaker as I tend to leave a lot of tabs open. This feature seems to have been added at time of writing... so happy me! There is also the ability to create an account so you can sync your tabs and settings across multiple devices. This is useful as I use Firefox on a number of devices. + +<br /> + +### Calendar + +This is one application I haven't decided on a replacement for yet. Google Calendar was very useful for my girlfriend and I as we would share our calendars and be able to see what both of us were up to. If anybody has recommendations then let me know! + +<br /> + +### Waze + +[Website](https://www.waze.com) + +Google Maps wasn't used too much as my truck had built in SatNav. It was handy on the odd occasion when the built in maps weren't up to date. As a replacement I switched to Waze. The interface is a bit more 'childish' but it links to other Wazers nearby for up to date information. Their website also has a Live Map. + +One thing Waze doesn't do is pedestrian directions. Prior to moving to Ireland I was living in London so [Citymapper](https://citymapper.com) was a life saver. An incredible app with up to date transport information and even a list of routes to take. Very handy when one of the tube lines was busy. Unfortunately Dublin isn't on Citymapper yet, but I'm making do. + +<br /> + +### Evernote + +[Website](https://evernote.com) + +Keep and Evernote aren't directly comparable. I was already using Evernote so it made sense to keep my notes on there as well. A pretty decent app which can be used in your browser or through a mobile app. + +<br /> + +### Cast + +This is another one I haven't found a replacement for. My Chromecast was used quite a lot for streaming Youtube and from my media server. I haven't tried any alternatives but couldn't decide on anything based on reviews. In the end I gave my Chromecast to my girlfriend... so I still get to use it. Win. + +<br /> + +### Photos + +A replacement wasn't needed for this as it was only used as the backdrop on the Chromecast. + +<br /> + +### Translator + +[Website](http://www.worldlingo.com/) + +The translator wasn't used too often, occasionally in Belgium when ordering beer. World Lingo is suitable enough for my uses, but it's only available through a browser. I can't say I spent too much time looking for a replacement app, I will probably start looking next time I'm in Belgium and need it urgently. + +One of the features I liked with Translator was the ability to point the camera at written text and see it translated. If there is another app which can do this then I would love to check it out. + +<br /> + +### Whatsapp + +[Website](https://www.whatsapp.com/) + +Whatsapp isn't a replacement as such, it was already being used to keeping in touch with all my friends. Hangouts was only used between myself and a colleague, but they have moved to Whatsapp now so I don't need to worry about it. + +Another messaging application I use quite a bit is [Telegram](https://telegram.org/). Unfortunately a messaging app is only as useful as the number of people on it. As most people use Whatsapp I have to list that as my primary. + +<br /> + +### CyanogenMod + +[Website](https://web.archive.org/web/20161224194030/https://www.cyanogenmod.org/) - archive link as website is now defunct. + +When I started this experiment I was using and Android mobile. During the first phase I continued to use Android and the Google Play Store, which meant I was logged in with my Gmail account. The plan was to move away from stock Android on to CyanogenMod and use alternatives to Play Store. + +There will be more on this in Part Two so stay tuned! + +<br /> + +### Youtube + +[Website](https://youtube.com) + +Everybody knows Youtube, it's the site with the [piano playing cat](https://youtu.be/kNH_EjHvm3I)! This hasn't been left to last on purpose, but it was the most annoying. There isn't really any alternative to Youtube, and the only reason I included it was because since Google took it over you can not create a non-Google account! I was going to create an account with my new email address, but logging into Youtube is logging into Google. I really didn't like that. + +As it stands I still use Youtube although I don't log in, which means I find it harder to track my favourite channels. Not the end of the world but it is a bit of a pain in the ass. [Vimeo](https://vimeo.com/) has been getting better in terms of content but it's not on par yet. + + +<br /> + + +As you can see an alternative was found for most of the Google equivalents. Switching away from Google didn't cause any majors in my day to day life, the hardest part was changing my email address over on all my logins, and getting people to update their contact details. + +Certain things that I miss from Google are being able to save email attachments straight into Drive. There is also the Contacts which [was mentioned](#contacts), and not being able to log in to Youtube. Aside from them I enjoyed phase one of my No Google life. As I write this I am now a month into phase two, which I will write up and post soon. + +The most interesting part for me was finding all the alternatives. There are so many great developers and companies doing incredible work which is being overshadowed by the Google giant. Every day more and more people are being interested in their online security, and so these alternative applications are slowly being more widely used. + +If anybody would like to discuss my No Google life experiment, or anything about online privacy and security then get in touch on [twitter](https://twitter.com/pyratebeard) or email me: root [at] pyratebeard [dot] net. Be sure to encrypt and sign your email for bonus geek points :) + +Until next time... + + diff --git a/entry/20170503-raspberry_pi_setup.md b/entry/20170503-raspberry_pi_setup.md @@ -0,0 +1,149 @@ +## Mmmm Pi + +By now everybody has at least heard of the [Raspberry Pi](https://www.raspberrypi.org). It's an affordable (~£30) little computer designed to enable anybody to learn to code and build projects. It has become a great hit in education and there have been some incredible uses from drones to (mini)supercomputers. Most people however seem to use it as a media server (based on people I know). + +I actually won my first Pi. My team was voted the regional winner in our category for the 2016 NASA Space Apps Challenge. The prize was a Raspberry Pi 3, which has some advantages over previous versions - namely a more powerful CPU, wireless LAN (Wifi) and bluetooth. + +There were some good intentions to build a drone, and I spent a long time looking at other people's projects. In the end my Pi sat on my desk collecting dust. Finally I decided I was going to do two things with it, first I was going to use it to run my own VPN, and second I wanted to set up my mail server on it. I have decided to use [Raspbian](https://www.raspberrypi.org). + +*Raspbian?!* Yes, as some of you may know I am not a fan of the Debian based distros. I tend to choose Arch Linux or Fedora. As a Linux engineer my work is saturated with Red Hat so it's good for me to know Fedora. +So Rasbian was not my first choice, but it is the choice that worked out of the box. I had some issues installing Arch Linux ARM, and post installation issues with Fedora ARM. +As you'll see later Raspbian installs quickly and with no issues. This meant I could move on to the fun bit instead of fault finding. + +## VPwhat? + +A VPN is a Virtual Private Network. It allows you to connect to your own 'private' network through any other 'public' network securely. If you imagine you home network is your private network, if you go to a friends house you can connect to their wifi (public network). If you then connect to you VPN everything you do is being tunneled through your own private network. + +The reasons for this are primarily security. By tunnelling your network activity through your VPN then you can be safe from any monitoring on the public network and even the ISP. Another advantage is that the VPN is basically an extension of your home network, which means you can access all the devices and files you have at home. + +VPNs are used extensively by corporations so their employees can access the company network from anywhere in the world. They are also used by people who travel a lot and are therefore connecting to many different public networks. + +## Mail electronically + +Some of you may have read my first post about [DeGooglefying](/content/20170412-degoogle_part_1.html) (yes it's a word) my life. As part of this transition I moved to using my own domain for emails, and I though the Pi would be a great little mail server. + +## Raspbian install + +Before we can set up our VPN we need to put an OS on the Pi. As mentioned above I have opted for Raspbian. At the time of writing the stable release is 'Jessie', I chose the Lite version as I don't need a desktop for my uses. + +After downloading the zip archive extract the [image file](https://www.raspberrypi.org/downloads/raspbian/). If you're using Windows you will need to use an application such as [Etcher](https://etcher.io/) to write the image file to an SD card, which will be used in the Pi. For this guide I'm using Linux, so I can use the `dd` utility. + +A quick side note on SD cards. One thing that catches a lot of people out is the read and write speeds. Most cards will show you the read speed, which can be quite high. If you pay close attention to the small print the write speeds aren't always very high. I went for a card which had pretty high read AND write speeds so that I get the best I/O for my OS. The card I am using is a [PNY 32GB Elite-X microSDHC U3](https://www.pny.com/32GB_Elite-X_microSDHC_Card_CL_10_90MBs_with_Adapter?sku=P-SDU32U390EX-GE) (from around £20), which has read speed of ~90Mbps and benchmarked write speeds between 70 -> 85Mbps. These speeds vary depending on the devices but for it will be suitable for the Pi. + +Run the `lsblk` command to see the current devices, plug your SD card into your Linux machine the run again to get the device name of the SD card +``` +lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT +sdd 8:48 1 29.9G 0 disk +``` + +If your machine automatically mounts the device you will need to unmount it +``` +umount /dev/sdd +``` + +Copy the image file to our SD card. We are using a bytesize of 4M as recommended on the Raspbian site, if this doesn't work you can try 1M +``` +dd bs=4M if=2017-04-10-raspbian-jessie-lite.img of=/dev/sdd +``` + +You can now see that the partitions have been created on the card (a 32GB card may seem like a waste of space but we will come back to that later) +``` +lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT +sdd 8:48 1 29.9G 0 disk +├─sdd2 8:50 1 1.2G 0 part +└─sdd1 8:49 1 41M 0 part +``` + +As of November 2016 Raspbian does not enable ssh by default. This can be an issue if you don't have a monitor or TV with a HDMI port, or a HDMI cable! We can get around that by mounting the newly created boot partition and adding a file called "ssh". +``` +mount /dev/sdd1 /mnt +touch /mnt/ssh +umount /mnt +``` +If you are able to plug your Pi into a monitor or TV it is worth watching it boot, always nice to have "eyes on" in case of any errors. + +Once this has finished remove the SD card from your machine and plug into the slot on Pi. I will always use ethernet with my Pi, so plug it in and power it up. The first time you boot it is best to leave it for a few minutes. The system does some checks and then boots up. You should have a solid red light and a flashing green light. + +There are a couple of ways to find what the IP address is of your Pi. If you have it plugged in to a monitor the IP address will be showing in the boot messages. If, however, you're attempting a headless setup then you can use `nmap` or `arp`. Both are straight forward. + +``` +nmap -sn 192.168.0.0/24 +``` + +``` +arp -n +``` + +Connect using `ssh`. The default user is `pi` and the default password is `raspberry` +``` +ssh pi@192.168.0.123 +``` + +These next few steps depend on your own personal preferences, so feel free to skip/adjust them as necessary. + +Create a new privileged user +``` +sudo useradd -g users -G sudo -m -d /home/pyratebeard pyratebeard +sudo passwd pyratebeard +exit +``` + +Log back in as your new user and remove the default user `pi` +``` +sudo userdel -r pi +```` + +Change the hostname +``` +sudo hostnamectl set-hostname phishpi +``` + +Open up the hosts file and change the last line from +``` +127.0.1.1 raspberrypi +``` +to whatever you changed your hostname to +``` +127.0.1.1 phishpi +``` + +Open up the ssh config file +``` +sudo vi /etc/ssh/sshd_config +``` + +We're going to change the following lines (they aren't listed together) +``` +Port 22 +PermitRootLogin without-password +X11Forwarding yes +``` +to +``` +Port 2222 +PermitRootLogin no +X11Forwarding no +``` +*you can change the port to whichever one you prefer. + +Now restart the ssh daemon +``` +sudo systemctl restart ssh +``` + +Keep in mind that when you want to ssh in to the Pi from now on you will need to specify the port, for example +``` +ssh -p 2222 pyratebeard@phishpi +``` + +Finally we want to perform an upgrade +``` +sudo apt-get update && sudo apt-get upgrade +sudo reboot +``` + +After this you can start installing your favourite terminal apps, and any applications you want to run off your Pi. There are plenty of other system settings you can configure based on your personal preference, I would certainly set up SELinux and do some system hardening relevant to my needs, but that could take up a whole post by itself! + +As mentioned at the start, the purpose of my Pi is to run a VPN and a mail server. The upcoming log posts will cover these steps. diff --git a/entry/20170527-html_emails_in_mutt.md b/entry/20170527-html_emails_in_mutt.md @@ -0,0 +1,17 @@ +I love minimal terminal based applications where ever I can use them. This means that I use [mutt](http://www.mutt.org) for viewing emails on my Linux system. One thing that is becoming more common is the use of HTML emails, which don't display very well in the terminal. Instead of seeing the content as the sender would like you to, all you see is the HTML code. + +By adding the following lines to your ".muttrc" config file +``` +alternative_order text/plain text/html +auto_view text/html +``` + +and creating a new ".mailcap" file in your home directory with the following (change browsers Firefox and Lynx to your preferred applications) +``` +text/html; /usr/bin/firefox %s >/dev/null 2>&1; needsterminal +text/html; lynx -dump %s; nametemplate=%s.html; copiousoutput +``` + +next time you open HTML emails in mutt the content is displayed in your browser. + +Thanks to [TerminalMage.net](http://terminalmage.net/2014/03/16/how-i-read-html-email-with-mutt.html) for the tip. diff --git a/entry/20170614-termux_on_android.md b/entry/20170614-termux_on_android.md @@ -0,0 +1,62 @@ +Do you prefer working in the terminal than with horribly flash GUIs? I prefer it so much I even do away with typical icon based launchers on my Android phone and use a [terminal](https://github.com/Andre1299/TUI-ConsoleLauncher). + +Sometime I need more than just a launcher, and this is where [termux](https://termux.com/) comes in. Termux is an "Android terminal emulator and Linux environment app". You can download it from [Play](https://play.google.com/store/apps/details?id=com.termux) or [F-Droid](https://f-droid.org/repository/browse/?fdid=com.termux) and install without rooting your device. It comes with a number of shells to choose from and install packages using `apt`. + +Once installed there is no setup required, however there are a few things that you can do to improve the environment. These steps are personal preference, and as always use the commands at your own risk! + +First make sure everything is up to date +``` +apt update && apt upgrade +``` + +If you look in the current directory you will see there is nothing there +``` +pwd + /data/data/com.termux/files/home +ls -l +``` + +You can set up links to the shared internal storage by running +``` +termux-setup-storage +``` + +This creates symlinks to a number of directories in your phone's storage +``` +pwd + /data/data/com.termux/files/home +ls -1 + storage +ls -1 storage/ + dcim + downloads + movies + music + pictures + shared +``` + +Use the command `ls -l` to see the links. + +A number of packages are provided +``` +busybox --help +``` + +I tend to install a number of others (in no particular order) +``` +apt install openssh vim zsh less irssi tmux git stow htop +``` + +Then we can pull down our dotfiles! +``` +git clone https://github.com/pyratebeard/dotfiles.git +cd dotfiles +stow {vim,zsh,irssi,tmux} +chsh -s zsh +``` + +Now exit termux using `exit` or Ctrl-D and when you restart you should be in a more comfortable environment. + +There we go. A rather quick and simple run through of termux. All this information can be found on their [help page](https://termux.com/help.html). For more help or information contact me in the usual ways, or join the #termux IRC channel on freenode. + diff --git a/entry/20170711-setting_up_arch.md b/entry/20170711-setting_up_arch.md @@ -0,0 +1,120 @@ +_Note_ This guide assumes you have a working Arch Linux installation. See my [previous post](/content/20161105-arch_linux_install.html) for how to get started. + +If you followed my Arch Linux install guide you should have rebooted your system and have a login prompt. If you enter the username and password you set you will log in to the system, but it's looking a bit plain. Now some people do work in the TTY ([nixers](https://nixers.net/showthread.php?tid=1669) has an annual "Week in the TTY") but most of us prefer a graphical environment... even a minimal one. + +To get started we need to install some packages. We will be installing the [X Window System](https://www.x.org/wiki/), a window manager, and a terminal emulator. +``` +sudo pacman -S xorg xorg-xinit awesome rxvt-unicode +``` + +I have chosen to install the [awesome](https://awesomewm.org/) window manager and the [urxvt](http://software.schmorp.de/pkg/rxvt-unicode.html) terminal emulator. There are so many combinations of software, which is one of the reasons I enjoy the Linux community, so don't worry if you prefer other tools. Install and use whatever works for you and don't be ashamed of your choices. Although I would say to try out other tools, you never know when you'll come across something better. + +Now we need to get the window manager running. Copy some template configuration files and make some changes. The filenames begin with a dot '.' which in Linux indicates a hidden file. Most configuration files in your home directory will be hidden, and are known as 'dotfiles'. More on this later. +``` +cp /etc/X11/xinit/xserverrc ~/.xserverrc +cp /etc/X11/xinit/xinitrc ~/.xinitrc +vi ~/.xinitrc +``` + +Comment out the following lines by entering a # at the start of the line +``` +twm & +xclock -geometry 50x50-1+1 & +xterm -geometry 80x50+494+51 & +xterm -geometry 80x20+494-0 & +exec xterm -geometry 80x66_0_0 -name login +``` + +Write the following at the end of the file +``` +exec awesome +``` + +Save and quit. + +Now run the command +``` +startx +``` + +And you should see the window manager start up. If you press the keys Win-r and type in _urxvt_ then a terminal will appear. If you ever need to drop out of the graphical environment for press the keys Win-Shift-Q to exit to the TTY. + +The default awesome environment is nice enough, but I am what is known as a ricer. This means that I spend far too much time altering my dotfiles to customise my environment so that it works for me, and looks however I want it to. I store all my dotfiles in a git repository and use a tool called 'stow' to easily enable and disable them as required. A lot of this is personal preference, so as mentioned before don't feel compelled to copy exactly. + +To set up my dotfiles I need a few more packages. I need git, so I can pull my repository down, and stow. +``` +sudo pacman -S git stow +git clone "https://github.com/pyratebeard/dotfiles" +cd dotfiles +``` + +If you take a look at the README file it will quickly explain the tools I have files for and how to use stow to enable them. Let's install some more packages so we can get comfortable +``` +sudo pacman -S vicious zsh vim tmux qutebrowser ranger irssi mutt mpd ncmpcpp +``` + +Here is a quick run down of the applications that have just been installed +``` + vicious > plugins used by my awesome config + zsh > z shell + vim > text editor + tmux > terminal multiplexer + qutebrowser > web browser + ranger > file manager + irssi > irc client + mutt > email client + mpd > audio player daemon + ncmpcpp > audio player interface +``` + +Most of the applications I use are based in the terminal. If you're not use to working in the terminal it may be a big learning curve, but once you get the hang of it you may find it improves your workflow. + +We're ready to enable our dotfiles. +``` +stow {awesome,urxvt,zsh,vim,tmux,qutebrowser,ranger,irssi,mutt,mpd,ncmpcpp} +cd ~ +ls -la +``` + +You should now see lots of hidden files which are pointing to the dotfiles. These are known as symbolic links or symlinks and are basically pointers to the file you want to use. + +Before I restart awesome I need to install the font that I prefer, and is in the configs. +``` +git clone "https://aur.archlinux.org/tamzen-font-git.git" +cd tamzen-font-git/ +makepkg +``` + +Set the default shell to zsh +``` +chsh -s /usr/bin/zsh +``` + +Now restart awesome by pressing Win-Ctrl-r, and open a new terminal with Win-Return. I'm not going to go through using all the applications in this post, maybe I'll write some guides if people are interested. Read the all important man pages for information on how to use the tools. + +So that's it pretty much. You should now be able to get online, write some code, and listen to some music. What more do you need? Oh yeah, coffee... +``` +curl -Ls git.io/hotcoffee | sh +``` + +Happy now? + +Here is a list of other software I use on a regular basis + +``` + openssh > ssh connection tool + keychain > ssh-agent manager + hub > git enhancement + mpv > video player + calcurse > calendar & todo list + freerdp > remote desktop protocol client + docker > container platform + bind-tools > dns tools + htop > interactive process viewer + sxiv > image viewer + snownews > rss newsreader + scrot > screen capturing application + keybase > keybase.io client +``` + +If you have any other recommendations for software let me know! diff --git a/entry/20170718-raspberry_pi_vpn.md b/entry/20170718-raspberry_pi_vpn.md @@ -0,0 +1,240 @@ +As mentioned in my previous [post](/content/20170503-raspberry_pi_setup.html), I want to use my Raspberry Pi as a VPN server. If you followed along with the install guide you should have a basic Raspbian OS running on your Pi. You may have installed other software, or configured the Pi however you prefer. If you have made any changes it _may_ alter the following VPN setup. + +For this guide I will be continuing on with the basic install as it was after the previous post. + +_Note_ - Using a VPN from outside your home network will require port forwarding on your router. Through the router admin console you should be able to forward all traffic to your Pi's 'tun0' device, which is created later. You will also need your external IP address. Use a site such as [whatismyip.com](https://whatismyip.com). + +## Open(VPN) your world + +There are a number of VPN server options out there, but the most popular is [OpenVPN](https://openvpn.net/). It is incredibly easy to install, and works with the default configuration. There is a web based management console which enables you to adjust the settings quickly. + +First things first, let's make sure our Pi is up to date then we can install OpenVPN. We will also install `easy-rsa`, OpenVPN's CA utility +``` +sudo apt update +sudo apt upgrade +sudo apt install openvpn easy-rsa +``` + +As root copy config file from OpenVPN's example files. If the command doesn't work with sudo, run as root as shown below (needs root password) +``` +cd /usr/share/doc/openvpn/examples/sample-config-files/ +su -c "gunzip -c server.conf.gz > /etc/openvpn/server.conf" +``` + +Open the config file for editing +``` +sudo vi /etc/openvpn/server.conf +``` + +Change the Diffie hellman parameter from 1024 to 2048 +Before +``` +dh dh1024.pem +``` +After +``` +dh dh2048.pem +``` + +Remove comment (';') from the DHCP redirect line +``` +push "redirect-gateway def1 bypass-dhcp" +``` + +Remove comment (';') from the two DNS lines. If you want to change the DNS servers edit the IP addresses on these lines. I have opted to stick with the defaults which are OpenDNS +``` +push "dhcp-option DNS 208.67.222.222" +push "dhcp-option DNS 208.67.220.220" +``` + +Finally reduce privileges by running as nobody, remove the comment (';') from the following lines +``` +user nobody +group nogroup +``` +Save and exit your text editor. + +Now we need to set up the firewall. Firewall configuration on Linux is a sore subject for a lot of people, especially when trying to use the `iptables` commands. To make life easier you can opt to use a tool such as `ufw` which makes configuring the rules really easy. My guide will use the `iptables` commands because the only way to learn is by doing! + +Forward IPv4 traffic +``` +echo 1 > /proc/sys/net/ipv4/ip_forward +``` + +Make persistant. In /etc/sysctl.conf, uncomment line +``` +net.ipv4.ip_forward=1 +``` + +Show iptables rules (should be blank) +``` +sudo iptables -L +``` + +We are going to set up a number of rules. First we need to allow established outgoing connections. This makes life easier as we don't always know which port will be used for an outgoing connection, such as HTTP. If you prefer you can set this rule separately for each port you open, but for ease we will set it globally. +The second rule is to allow incoming SSH connections. If you changed the port number used for SSH (see my Raspbian Install Guide) then you need to specify the port number. +The third rule we need to set if to allow OpenVPN traffic. This port number can also be changed in the OpenVPN config file, the default is 1194. +Then we need to allow TUN interface connections. We will also allow TUN connections to be forwarded through our other interface. +Finally we need to NAT the OpenVPN traffic using our TUN interface. +``` +sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT +sudo iptables -A INPUT -p tcp --dport 2222 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT +sudo iptables -A INPUT -i eth0 -p udp --dport 1194 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT +sudo iptables -A INPUT -i tun+ -j ACCEPT +sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE +sudo iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT +sudo iptables -A FORWARD -i tun+ -j ACCEPT +sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT +sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT +``` + +Save the firewall changes in a backup file, then make the rules persistent after a reboot. +``` +sudo iptables-save > 20170527_iptables_rules.bak +sudo invoke-rc.d iptables-persistent save +``` + +If you ever need to apply the saved rules, if iptables is flushed for example, run the following +``` +sudo iptables-apply 20170527_iptables_rules.bak +``` + +You can now run `sudo iptables -L` again to see all the rules you have entered +``` +Chain INPUT (policy ACCEPT) +target prot opt source destination +ACCEPT tcp -- anywhere anywhere tcp dpt:2222 ctstate NEW,ESTABLISHED +ACCEPT udp -- anywhere anywhere udp dpt:openvpn ctstate NEW,ESTABLISHED +ACCEPT all -- anywhere anywhere + +Chain FORWARD (policy ACCEPT) +target prot opt source destination +ACCEPT all -- 10.8.0.0/24 192.168.0.0/24 ctstate NEW +ACCEPT all -- anywhere anywhere +ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED +ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED + +Chain OUTPUT (policy ACCEPT) +target prot opt source destination +ACCEPT all -- anywhere anywhere ctstate ESTABLISHED +``` + +The next step is to generate the keys using `easy-rsa`. Copy the "easy-rsa" directory into our OpenVPN config directory, then create a new "keys" directory +``` +sudo cp -r /usr/share/easy-rsa/ /etc/openvpn/ +sudo mkdir /etc/openvpn/easy-rsa/keys +``` + +Before we generate the keys we need to change the following fields in "/etc/openvpn/easy-rsa/vars" +``` +export KEY_COUNTRY="US" +export KEY_PROVINCE="CA" +export KEY_CITY="SanFrancisco" +export KEY_ORG="Fort-Funston" +export KEY_EMAIL="me@myhost.mydomain" +export KEY_OU="MyOrganizationalUnit" +export KEY_NAME="EasyRSA" +``` +Change the values to reflect your location and details. Also choose a name for your key (i.e. "server"), we will need this later. Save and quit your text editor + +Generate the Diffie-Hellman pem file, this will take a while +``` +sudo openssl dhparam -out /etc/openvpn/dh2048.pem 2048 +``` + +When that has finished we can generate the certificates. It is easier to do this as root as we need to source the variables. When running `build-key-server` change the server name to the one you specified in the "vars" config file +``` +sudo -i +cd /etc/openvpn/easy-rsa +source ./vars +./clean-all +./build-ca +./build-key-server server +exit +``` + +Copy the newly generated keys to your OpenVPN directory +``` +sudo cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpn +``` + +Now we can start our OpenVPN server +``` +sudo systemctl start openvpn +sudo systemctl status openvpn +``` + +We then have to generate keys for the clients we want on our VPN. It is good practice to have individual key pairs for each client, and not to share one key pair. This makes life easier if a device is lost or stolen, we only have to revoke one device's key pair. + +Generate the keys for the first client, changing the name to the device you will be using (run as root again) +``` +sudo -i +cd /etc/openvpn/easy-rsa +source ./vars +./build-key client +exit +``` + +Create a new directory to keep things tidy then copy an example client configuration file, and the keys we have just created +``` +mkdir ~/client +sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client/client.ovpn +sudo cp /etc/openvpn/easy-rsa/keys/{client.crt,client.key,ca.crt} ~/client +``` + +Next open up the config file "client.ovpn". Uncomment the "nobody" and "nogroup" lines as before, also comment out the certificate and key lines +``` +user nobody +group nogroup +;ca ca.crt +;cert client.crt +;key client.key +``` + +Also change the line specifying the IP address of your OpenVPN server. +From +``` +remote my-server-1 1194 +``` +To +``` +remote 192.30.252.153 1194 +``` + +Replace the IP address with your network's _external_ IP address. + +Save and quit your text editor. + +Instead of copying the .ovpn file the two certs and the key across to our client, we can echo the contents of our certs into our .ovpn file and only copy the one file across to our client. + +The syntax for this is in XML, for example +``` +<tag_name> +contents +</tag_name> +``` + +So we can run the following commands (as root) +``` +sudo -i +cd /home/pyratebeard/client +echo "<ca>" >> client.ovpn +cat ca.crt >> client.ovpn +echo "</ca>" >> client.ovpn +echo "<cert>" >> client.ovpn +cat client.crt >> client.ovpn +echo "</cert>" >> client.ovpn +echo "<key>" >> client.ovpn +cat client.key >> client.ovpn +echo "</key>" >> client.ovpn +exit +``` + +Securely copy the "client.ovpn" file across to your device. + +For the purposes of this demonstration we are going to use a mobile phone as our device. + +Install and open the OpenVPN Connect app on your mobile. Import the profile file we copied across and hit connect. After a couple of seconds you should be connected to your VPN. Congrats! + +As mentioned at the start you will have to enable port forwarding on your router to allow traffic from outside your network into the Pi. + diff --git a/entry/20170822-firefox_desktop_dir.md b/entry/20170822-firefox_desktop_dir.md @@ -0,0 +1,24 @@ +This is probably really picky, but I'm not a fan of the Desktop directory that Firefox defaults to for downloads. As soon as I install Firefox I change the default download dir, but I had noticed that Firefox still created the dir when it started, and it would be the default location when an upload window was opened. + +This had been one of those things that I had lived with, never really looking in to a fix. For some reason today I decided to have a look to see if this behaviour could be fixed, and thankfully I found an answer straight away. + +The file `$HOME/.config/user-dirs.dirs` sets a number of default directories, one of which is the Desktop directory. At first I attempted to change the value in the file, and this worked until I rebooted my system. After a reboot the file was regenerated and the Desktop value was back. + +If you have the `xdg-users-dirs` package installed you can run the following +``` +xdg-user-dirs-update --set DESKTOP $HOME/ +``` + +If you don't have the package installed you can stop XDG from regenerating the directory by doing the following +``` +cat >> $HOME/.config/user-dirs.conf << EOF +enabled=False +EOF +``` + +Solutions found at the following links + +- [Arch Linux forums](https://bbs.archlinux.org/viewtopic.php?pid=996905#p996905) +- [AskUbuntu](https://askubuntu.com/questions/48446/how-to-make-permanent-change-to-config-user-dirs-dirs) +- [UNIX StackExchange](https://unix.stackexchange.com/questions/207216/user-dirs-dirs-reset-at-start-up) + diff --git a/entry/20171010-simple_python_webserver.md b/entry/20171010-simple_python_webserver.md @@ -0,0 +1,27 @@ +Sometimes it can be handy to run a webserver on your local machine for testing purposes. It is not, however, always possible to install a webserver such as Apache. Never fear! Python has you covered. + +With one python command you can run a local webserver in which ever directory you're in. First we need to install python +``` +pacman -S python +``` + +Next check the version +``` +python -V +``` + +If you have `Python 2.x` then run the command +``` +python -m SimpleHTTPServer <port> +``` + +If you have `Python 3.x` then run the command +``` +python -m http.server <port> +``` + +If you don't specify the port then the default is `8000` for both commands. + +Use `Ctrl-c` to stop the webserver. + +That's it, simple! diff --git a/entry/20171112-ssh_into_android.md b/entry/20171112-ssh_into_android.md @@ -0,0 +1,63 @@ +In a [previous post](/content/20170614-termux_on_android.html) I talked about installing [termux](https://termux.com) on an Android device. This tool makes it easy to ssh into our other Linux systems, but what if we want to ssh into our Android device? + +Unfortunately password login doesn't work on Android and if you haven't rooted your device you have limited permissions. Instead we can use ssh keys. + +If you don't already have an ssh key pair then on you Linux system run +``` +ssh-keygen -t rsa +``` + +If you accepted the defaults this will create two files under your user's .ssh directory, `id_rsa` and `id_rsa.pub`. + +Make sure `sshd` is running on your Linux machine (requires the OpenSSH package) +``` +systemctl status sshd +``` + +If it's not installed run the following (if it's just not running omit the first command) +``` +sudo pacman -S openssh +sudo systemctl start sshd +``` + +Also make a note of the IP address +``` +ip a +``` + +Next, from termux on your Android device copy down the public key you just created +``` +scp pyratebeard@192.168.1.3:.ssh/id_rsa.pub ./id_rsa.pub +``` + +Now add the public key to the `authorized_keys` list +``` +cat id_rsa.pub >> .ssh/authorized_keys +``` + +Almost there. Finally we need to install OpenSSH on termux and start the daemon +``` +apt install openssh +sshd +``` + +Make a note of the IP address of your Android device +``` +ip a +``` + +That's it! You can now ssh from your Linux machine onto your Android device using port 8022 +``` +ssh 192.168.1.4 -p 8022 +``` + +If you need to specify a user for the above command then from termux run +``` +whoami +``` +and add the user to the ssh command +``` +ssh 192.168.1.4 -p 8022 -l u0_a161 +``` + + diff --git a/entry/20200302-hugo_and_gitlab_ci_cd.draft b/entry/20200302-hugo_and_gitlab_ci_cd.draft @@ -0,0 +1,247 @@ +--- +title: "hugo and gitlab ci cd" +date: 2020-03-02T18:50:01Z +summary: How I set up a Hugo website and deployed with Gitlab's CI/CD pipeline +categories: [workshop] +tags: [website, hugo, devops, gitlab, automation] +draft: false +--- + +It is about time I get this weblog started again, it has been too long... + +As I had decided to migrate my code repositories off Github it felt right I should move my weblog from being hosted on Github Pages. At first I was going to move to Gitlab Pages and keep everything the same, but **_where_** is the fun in that! + +Instead of Jekyll, the static site generator [Hugo](https://gohugo.io) was recommended to me. I also wanted to play around with Gitlab's CI/CD pipeline tool, so thought the weblog migration would be a great project. I have migrated all my old posts to the new platform as well, so you won't miss out on anything! + +### new projects + +Generate a new Hugo site, for this example I will be calling mine 'pyratelog' +``` +hugo new site pyratelog +``` + +Navigate into the new directory and initialise it as a git repository +``` +cd pyratelog +git init +``` + +Create a new project in Gitlab + +![new_gitlab_project](/img/20200302-hugo_blog-01-new_project.png#fitwidth) + +Add your new Gitlab project as a remote repo to your Hugo site and make an initial commit if you want +``` +git remote add origin git@gitlab.com:pyratebeard/pyratelog.git +git add . +git commit -m "initial commit" +git push -u origin master +``` + +Your Gitlab project should now be populated with a `config.toml` file and the 'archetypes' directory. + +![initial_commit](/img/20200302-hugo_blog-02-initial_commit.png#fitwidth) + +I won't keep mentioning when to commit changes to git as we all work differently. We will come to it a bit later when we configure our CI/CD pipeline. + +### configure hugo + +Let us add a theme to our Hugo project, in this case I will use my own 'futuremyth' theme +``` +git submodule add https://gitlab.com/pyratebeard/hugo-futuremyth.git themes/futuremyth +echo 'theme = "futuremyth"' >> config.toml +``` + +I have added in the 'paginate' variable to change the default of 10 items to 5, and also set a static directory for use with images in my log entries +``` +cat >> config.toml << EOF +paginate = "5" +staticDir = ["static"] +EOF +``` + +I found it is a good idea to change some of the cache directories. There was an issue I had in my Gitlab CI/CD pipeline with root permissions being set on a directory, causing the pipeline to fail +``` +cat >> config.toml << EOF +[caches.images] +dir = ":cacheDir/_gen" +[caches.assets] +dir = ":cacheDir/_gen" +EOF +``` + +You should also edit the 'baseURL' and 'title' variables in your `config.toml`. + +You can start Hugo on your local machine in development mode using +``` +hugo server -D +``` + +If you navigate to http://localhost:1313 you should see a fairly empty page. To add new content you run +``` +hugo new posts/hello_world.md +``` +You change the path to whatever you want, and it will be created under the 'content' directory. + +If you left your deployment server running you should see that in your browser the site should automatically updates. You first entry should show the title of your post and the date. You can open the markdown file in your favourite editor and start writing below the second set of hyphens (`---`). Everything between the hyphens is metadata for the page. You can add more if you like, I add a 'summary', 'categories', and 'tags' in the following way +``` +summary: How I set up a Hugo website and deployed with Gitlab's CI/CD pipeline +categories: [tech] +tags: [website, hugo, devops, gitlab, automation] +``` + +We can now build our site by running +``` +hugo +``` + +This won't include our first post because we have left the `draft` variable as `true`. When you are ready to publish change it to `false` and build the site again. You can build with drafts included by running +``` +hugo -D +``` + +### autodevops + +There a many ways you can host a website, and many ways you can use Gitlab's CI/CD pipeline to automate the process. The method I have opted for is to run my Hugo site in a docker container on a DigitalOcean droplet. I have chosen **_not_** to use `docker-compose` to include the Nginx reverse proxy as I host other things behind Nginx and don't want it to be restarted each time I post a log entry. + +On a server with Docker already installed you can set up your Nginx reverse proxy with a Let's Encrypt companion to deal with SSL. + +First, we need to create an new network +``` +docker network create nginx-proxy +``` + +Then we can start the Nginx container +``` +docker run -d --name nginx-proxy \ + -p 80:80 -p 443:443 \ + --net nginx-proxy \ + -v /etc/nginx/certs \ + -v /etc/nginx/vhost.d \ + -v /usr/share/nginx/html \ + -v /var/run/docker.sock:/tmp/docker.sock:ro \ + jwilder/nginx-proxy +``` + +Confirm the container is running by running `docker ps`, the output should look like this but with a different container id +``` +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +ab7626dd1bec jwilder/nginx-proxy "/app/docker-entrypo…" 2 seconds ago Up 1 second 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx-proxy +``` + +Next we can start the Let's Encrypt companion container (change the email address) +``` +docker run -d --name nginx-proxy-letsencrypt \ + --volumes-from nginx-proxy \ + -v /var/run/docker.sock:/var/run/docker.sock:ro \ + -e "DEFAULT_EMAIL=youremail@yourdomain.tld" \ + jrcs/letsencrypt-nginx-proxy-companion +``` + +In the Hugo repository we need to create a `.gitlab-ci.yml` file so that we can harness the power of the CI/CD pipeline. + +Enter the following in to the file +``` +build: + stage: build + image: mapitman/docker-hugo:latest + services: + - docker:dind + before_script: + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + script: + - git submodule update --init --recursive + - docker build --pull -t $CI_REGISTRY_IMAGE:latest . + - docker push $CI_REGISTRY_IMAGE:latest + +deploy: + stage: deploy + image: docker:latest + services: + - docker:dind + tags: + - deploy + before_script: + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + script: + - docker pull $CI_REGISTRY_IMAGE + - docker run -d --name "$CONTAINER_NAME" --expose 1313 --net nginx-proxy -e VIRTUAL_HOST=log.pyratebeard.net -e LETSENCRYPT_HOST=log.pyratebeard.net -v $(pwd):/src $CI_REGISTRY_IMAGE +``` + +You will notice some variables in the file beginning with `$CI_REGISTRY_*` and one called `$CONTAINER_NAME`. These are variables we declare in Gitlab. + +If you use Multi-factor Authentication (MFA) on your Gitlab account you will need to generate a Personal Access Token to use in place of your password. To do this navigate to your account settings and under 'Access Tokens' fill in the Name and tick the 'api' scope. If you don't enter an expiry date the token will not expire. + +![personal access token](/img/20200302-hugo_blog-03-access_token.png#fitwidth) + +Make sure you copy the access token, we will need it for the next step. + +Navigate to your repository in Gitlab then to 'Settings', 'CI/CD', and expand the 'Variables' section. Enter the following Key/Value pairs + +| Key | Value | +| --- | --- | +| CI_REGISTRY | registry.gitlab.com | +| CI_REGISTRY_IMAGE | registry.gitlab.com/_username_/_project_name_ | +| CI_REGISTRY_USER | _username_ | +| CI_REGISTRY_PASSWORD | _personal_access_token_ | +| CONTAINER_NAME | _anything_ | + +Mark the `CI_REGISTRY_PASSWORD` variable as 'Protected' and make sure you click 'Save variables'. + +Before we push our new Hugo project to Gitlab we need to configure a Runner. Gitlab Runners are used to execute the jobs in our pipeline. + +At first I was trying to use a docker runner to build and deploy my project. Building a new docker image was easy, using kaniko, but I struggled to get the deploy section working. In the end I brought it right back to the Keep It Simple Stupid (KISS) philosophy. + +On the server install a Runner following the instructions [here](https://docs.gitlab.com/runner/install/linux-repository.html). + +![gitlab runners](/img/20200302-hugo_blog-04-runner.png#fitwidth) + +Use the token that is shown in your repo CI/CD settings under 'Runners', add the tag 'deploy', and select the 'shell' executor. + +Make sure you add the gitlab-runner user to the docker group +``` +sudo usermod -aG docker gitlab-runner +``` + +Right, we are almost ready to go! The final file we need is a Dockerfile. This tells docker what we want our image to look like. Enter the following into your Dockerfile, changing the base URL as required +``` +FROM jojomi/hugo + +COPY . /src +WORKDIR /src + +ENV HUGO_WATCH=true +ENV HUGO_THEME=futuremyth +ENV HUGO_BASEURL=https://log.pyratebeard.net + +RUN hugo +``` + +Now publish your Hugo site by just running `hugo` again. Make sure all your changes are committed and push +``` +git push +``` + +If you navigate to the CI/CD Pipelines page in your Gitlab project your should see the jobs being run. + +![first pipeline](/img/20200302-hugo_blog-05-pipeline.png#fitwidth) + +Both jobs in the pipeline should complete successfully. Here is a breakdown of what the runner is doing: +- build phase + - building a new docker image containing our hugo project + - pushing the new image to our gitlab project's container registry +- deploy phase + - pulling our new docker image from the registry onto our server + - starting a new container using the image + +There is one final thing we have to add to our `.gitlab-ci.yml` file to ensure the next time you push nothing breaks. In the deploy script, between the `docker pull` and `docker run` commands enter the following +``` +docker stop $CONTAINER_NAME +docker rm $CONTAINER_NAME +docker rmi -f $(docker images --filter "dangling=true" -q) +``` + +These lines make sure to stop and remove the container with the name you have specified, docker doesn't like duplicates. The third line removes and old images to keep things tidy. + +I hope this, fairly long, post helped you in someway. If you want to get any further information you can get in touch on [mastodon](https://mastodon.social/@pyratebeard), or any other way mentioned on my [home page](https://pyratebeard.net). + diff --git a/entry/20200323-comic_book_computer_desk.draft b/entry/20200323-comic_book_computer_desk.draft @@ -0,0 +1,30 @@ +--- +title: "comic book computer desk" +date: 2020-03-23T10:15:55Z +summary: Brightened up my computer desk with comic books +categories: [project] +tags: [comic-books, computer-desk, wfh, non-tech] +draft: false +--- + +As a lot of people are doing during the COVID-19 pandemic I am working from home a lot more. After the first week I decided my desk needed brightening up a bit. I picked up some cheap comic books from my LCS and set about covering my desk. + +![before](/img/20200323-comic_desk-01-before.jpg#fitwidth) +_obligatory before photo_ + +My desk is a worktop/legs combo from Ikea so the legs screw off really easily. I cut out pages and panels from the comics, I tried not to weep while I destroyed them... + +![before](/img/20200323-comic_desk-02-begin.jpg#fitwidth) + +I spent a while laying the pages out to make sure the desk was covered and I had a good mix of styles. Once they were glued down I brushed on 5 coats of a clear sealer, leaving 20 minutes inbetween coats. + +![before](/img/20200323-comic_desk-03-ready_to_seal.jpg#fitwidth) + +The completed desk, dry and back in place. + +![before](/img/20200323-comic_desk-04-sealed_complete.jpg#fitwidth) + +And the after photo. I'm really happy with how it turned out, and should make working from home a bit more interesting. + +![before](/img/20200323-comic_desk-05-after.jpg#fitwidth) + diff --git a/entry/20200625-magic_wormhole.md b/entry/20200625-magic_wormhole.md @@ -0,0 +1,58 @@ +Have you ever needed to quickly send a file, directory, or even some text from one computer to another? Maybe you don't have SSH set up, or any way of using `rsync`/`scp`. If you are talking to a friend and want to quickly send them a file there are many ways of doing it but I think Magic Wormhole is one of the quickest (after setup). Once installed you can issue a send command and be presented with an "short and human-pronounceable" code which you use with the receive command on the other computer. + +The code can be found on [Github](https://github.com/warner/magic-wormhole) and the documentation on [Read the Docs](https://magic-wormhole.readthedocs.io/en/latest/). + +Magic Wormhole may be available in your package manager or you can install from `pip`. These are the steps I took to setup. + +First I created a python virtual environment then installed the `magic-wormhole` package +``` +python3 -m virtualenv /path/to/wormhole_venv +source /path/to/wormhole_venv/bin/activate +(wormhole_venv) pip install magic-wormhole +(wormhole_venv) deactivate +``` + +To make my life a little easier I created a link to the `wormhole` command in a directory in my $PATH +``` +ln -s /path/to/wormhole_venv/bin/wormhole ~/bin/wormhole +``` + +Now I can send a file to a friend +``` +wormhole send funny.jpg + +Sending 254.7 kB file named 'funny.jpg' +Wormhole code is: 2-hemisphere-ruffled +On the other computer, please run: + +wormhole receive 2-hemisphere-ruffled +``` + +Wormhole waits for the transfer to take place. On my friend's computer they can receive the file +``` +wormhole receive 2-hemisphere-ruffled +Receiving file (254.7 kB) into: funny.jpg +ok? (Y/n): Y +Receiving (->tcp:127.0.0.1:33985).. +100%|████████████████████████████████████████| 255k/255k [00:00<00:00, 1.77MB/s] +Received file written to funny.jpg +``` + +My send is now complete +``` +Sending (<-127.0.0.1:41324).. +100%|████████████████████████████████████████| 255k/255k [00:00<00:00, 54.1MB/s] +File sent.. waiting for confirmation +Confirmation received. Transfer complete. +``` + +This is a one time only code and the wormhole is only open for the duration of the transfer. + +You can also send arbitrary text +``` +wormhole send --text "hello friend" +``` + +The great thing about this tool is that you don't need any prior credentials or connection to the system like you would with SSH. It is also possible to run your own [Mailbox server](https://github.com/warner/magic-wormhole-mailbox-server/blob/master/docs/welcome.md) if you so desire. + +Thanks to Brian Warner ([twitter](https://twitter.com/lotharrr)/[github](https://github.com/warner)) for Magic Wormhole. diff --git a/entry/20210111-leaving_whatsapp.draft b/entry/20210111-leaving_whatsapp.draft @@ -0,0 +1,2 @@ +## leaving whatsapp +