[Doc] ldap, forum, postresql

note that dmz.rs exists
fun with json
2025-08-31 21:55:51 +02:00 · 2025-08-09 06:25:14 +02:00 · 2025-08-09 06:20:14 +02:00 · 2025-08-09 06:13:41 +02:00 · 2025-08-06 19:51:57 +02:00 · 2025-08-06 19:51:12 +02:00
123 changed files with 1244 additions and 68 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-map.txt
+*.txt
--- a/80
+++ b/80
@@ -1,3 +1,77 @@
-output: map.txt
-map.txt: map.md
-	cat map.md | graph-easy --boxart > map.txt
+
+ignore_file = .git/info/exclude
+
+
+.PHONY: help
+help: ## Print the help message
+	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
+		sort | \
+		column -s ':' -t
+
+.PHONY: check
+check: ## Check you have all dependencies
+	@command -v graph-easy >/dev/null || { echo "Install perl-graph-easy" && exit 1 ;}
+	@command -v recsel >/dev/null || { echo "Install recutils" && exit 1 ;}
+	@command -v lowdown >/dev/null || { echo "Install lowdown" && exit 1 ;}
+	@echo "All dependencies installed"
+
+########## Network Map ##########
+
+graph_program != type graph-easy > /dev/null && printf graph-easy || printf dot 
+
+graph_cmd = graph-easy --boxart
+
+queries = queries authqueries
+
+query_formats = $(patsubst %, .dbs/%.txt, $(queries))
+
+dotquery_formats = $(patsubst %, .dbs/%.dot, $(queries))
+
+.dbs/: | $(ignore_file)
+	mkdir $@
+
+ignored += .dbs/
+
+$(query_formats): .dbs/%.txt: | .dbs/
+	echo "[ {{name}} ] -- $(basename $(@F)) --> [ {{$(basename $(@F))}} ]" > $@
+
+$(dotquery_formats): .dbs/%.dot: | .dbs/
+	echo '{{name}} -> {{$(basename $(@F))}} [ label="$(basename $(@F))" ];' > $@
+
+ifeq ($(graph_program),dot)
+  map_file = network.png
+else
+  map_file = network.txt
+endif
+
+ignored += $(map_file)
+
+.PHONY: map
+map: $(map_file) ## Generate a network map
+
+network.txt: .dbs/network.txt
+	$(graph_cmd) < $<
+
+.dbs/network.txt: network.rec $(query_formats)
+	$(RM) $@
+	$(foreach relation, $(queries), \
+	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).txt >> $@ ;\
+	)
+
+.dbs/network.dot: network.rec $(dotquery_formats)
+	echo 'digraph network {' > $@
+	$(foreach relation, $(queries), \
+	recsel $< -t lxc -e "$(relation) != ''" -p name,$(relation) | recfmt -f .dbs/$(relation).dot >> $@ ;\
+	)
+	echo '}' >> $@
+
+network.png: .dbs/network.dot $(ignore_file)
+	dot -T png < $< > $@
+
+##########
+
+$(ignore_file): $(MAKEFILE_LIST)
+	echo $(ignored) | tr ' ' '\n' > $@
+
+clean:
+	$(RM) -r $(ignored)
--- a/README.md
+++ b/README.md
@@ -2,6 +2,11 @@ These setup files provide the text-only configurations for DMZ.

 *It should not contain private data.*

+# Dependencies
+
+- `recutils`
+- (optional) `graph-easy` (the package may be called `perl-graph-easy`)
+
 # Aspirations

 - Each service should reside in its own directory.
@@ -13,5 +18,62 @@ These setup files provide the text-only configurations for DMZ.
    - Idempotency.
 - All secrets stored elsewhere (probably in the `dmzadmin` repo)
 - Any maintenance scripts.
- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`.
+- Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.
+
+# Network Database
+
+I have a half-baked plan to finally make use of plain-text databases, and it's already half-working.
+Try these commands:
+
+Ask what types of _rec_ords it contains:
+
+## Database
+
+```sh
+recinf network.rec
+```
+
+### Select queries
+
+Select with `recsel`, then specify the database (.rec) and type of record (like table in db).
+
+- `--include-descriptors` or `-d`
+- `--type` or `-t`
+- `--expression` or `-e`
+- `--quick` or `-q`
+
+```sh
+recsel network.rec --type router
+recsel network.rec -d -t lxc
+```
+
+User `-q` for a `--quick` selection, or `-e` for more precise selections.
+
+```sh
+recsel network.rec --type lxc --quick wiki
+recsel network.rec -t lxc -q nginx
+recsel network.rec -t lxc -e "name ~ 'nginx'"
+recsel network.rec -t lxc -e "name = 'nginx12'"
+```
+
+### Insert queries
+
+Insert a new record with `recins`.
+
+```sh
+recins network.rec -t lxc -r "name: bob" -r "service: bob" -r "host: moxx"
+```
+
+### Update queries
+
+If you can select something, you can also set its fields with `recset`.
+
+Use `-f` to set the `--field`, and `-a` to `--add`, or `-s` to `--set`.
+
+
+```sh
+recset network.rec -t lxc -e "name = 'nginx12'" -f proxies -a soft-serve
+recsel network.rec -t lxc -e "name = 'nginx11'" -p proxies[0]
+recset network.rec -t lxc -e" name = 'nginx11'" -f proxies[0] -s wiki9
+```

--- a/docs/dmzrs/README.md
+++ b/docs/dmzrs/README.md
@@ -1,26 +0,0 @@
-Add this configuration to ~/.ssh/config file
-
-Host dmzkrovdmzrs12
-  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
-  User root 
-  IdentityFile ~/.ssh/id_rsa
-  PasswordAuthentication no
-
-Now you can log in by typing:
-torsocks ssh dmzkrovdmzrs12
-
-Install all needed packages
-apt install rsync git nginx
-git clone https://gitea.dmz.rs/Decentrala/website
-
-Run updatewebsite.sh script every minute using crontab (run "crontab -e")
-This fill automaticlly pull from git repo and regenerate events page
-
-Add nginx-dmz.rs.conf to /etc/nginx/sites-available/dmz.rs and create a symlink
-from /etc/nginx/sites-enabled/dmz.rs to that file
-You can do this by running:
-ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
-
-Increase server_names_hash_bucket_size to 256 in /etc/nginx/nginx.conf in order to support onion addresses.
-
-In the nginx configuration /account/ is redirected to luser (https://gitea.dmz.rs/fram3d/luser) instance running at 192.168.1.211
--- a/docs/slapd/generateacl.sh
+++ b/docs/slapd/generateacl.sh
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-READUSERS=""
-for i in $(cat servicesaccounts.txt); do READUSERS="$READUSERS by dn=\"$i\" read" ; done
-
-sed 's/READUSERS/$READUSERS/g' acladd-template.ldif > acladd.ldif
-
-for i in $(cat list) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; genpass) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
-
--- a/docs/slapd/generatecreds.sh
+++ b/docs/slapd/generatecreds.sh
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-GENPASS=$( echo $(shuf ../../scripts/shared/english.txt | head) | sed "s/ //g")
-
-for i in $(cat servicesaccounts.txt) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; $(GENPASS)) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
-
--- a/hosts/krov/slapd12/root/setup.sh
+++ b/hosts/krov/slapd12/root/setup.sh
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-ldapmodify -H ldapi:/// -Y EXTERNAL -f ldifs/tls.ldif
-./aclupdate.sh
--- a/kralizec/README.md
+++ b/kralizec/README.md
@@ -0,0 +1,27 @@
+# List of containers
+
+VMID Name  
+101  tor11  
+102  xmppmirror11  
+104  http11  
+105  postgresql11  
+106  ejabberd11  
+108  nginx  
+109  flaskldap11  
+111  dynamicdns11  
+112  sshfs11  
+113  postfix11  
+114  ssh11  
+115  cgit11  
+116  radionice11  
+117  gitea11  
+118  dmzrsflask11  
+119  elinearch  
+120  wiki11  
+121  krovhttp11  
+122  dmzrs12  
+123  roundcube12  
+124  donationcalc12  
+125  webring12  
+126  cryptpad-deb-12  
+127  openldap12  
--- a/kralizec/cgit11/README.md
+++ b/kralizec/cgit11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 115
+---
--- a/kralizec/cryptpad-deb-12/README.md
+++ b/kralizec/cryptpad-deb-12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 126
+---
--- a/kralizec/dmzrs/README.md
+++ b/kralizec/dmzrs/README.md
@@ -0,0 +1,40 @@
+Add this configuration to `~/.ssh/config` file
+
+```
+Host dmzkrovdmzrs12
+  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
+  User root 
+  IdentityFile ~/.ssh/id_rsa
+  PasswordAuthentication no
+
+```
+
+Now you can log in by typing:
+
+
+```bash
+torsocks ssh dmzkrovdmzrs12
+```
+
+Install all needed packages:
+
+
+```bash
+apt install rsync git nginx
+git clone https://gitea.dmz.rs/Decentrala/website
+```
+
+Run `updatewebsite.sh` script every minute using `crontab` (run "`crontab -e`")
+This fill automatically pull from git repo and regenerate events page
+
+Add `nginx-dmz.rs.conf` to `/etc/nginx/sites-available/dmz.rs` and create a symlink
+from `/etc/nginx/sites-enabled/dmz.rs` to that file.
+You can do this by running:
+
+```bash
+ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
+```
+
+Increase `server_names_hash_bucket_size` to 256 in `/etc/nginx/nginx.conf` in order to support onion addresses.
+
+In the `nginx` configuration /account/ is redirected to the `luser` [instance](https://gitea.dmz.rs/fram3d/luser)  running at `192.168.1.211`.
--- a/kralizec/dmzrs/nginx-dmz.rs.conf
+++ b/kralizec/dmzrs/nginx-dmz.rs.conf
--- a/kralizec/dmzrs/updatewebsite.sh
+++ b/kralizec/dmzrs/updatewebsite.sh
--- a/kralizec/dmzrs12/README.md
+++ b/kralizec/dmzrs12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 122
+---
--- a/kralizec/dmzrsaccount/README.md
+++ b/kralizec/dmzrsaccount/README.md
--- a/kralizec/dmzrsaccount/listuserskralizec.py
+++ b/kralizec/dmzrsaccount/listuserskralizec.py
--- a/kralizec/dmzrsaccount/listuserskrov.py
+++ b/kralizec/dmzrsaccount/listuserskrov.py
--- a/kralizec/dmzrsaccount/prepare.py
+++ b/kralizec/dmzrsaccount/prepare.py
--- a/kralizec/dmzrsaccount/testanon.py
+++ b/kralizec/dmzrsaccount/testanon.py
--- a/kralizec/dmzrsaccount/testuser.py
+++ b/kralizec/dmzrsaccount/testuser.py
--- a/kralizec/dmzrsflask11/README.md
+++ b/kralizec/dmzrsflask11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 118
+---
--- a/kralizec/donationcalc12/README.md
+++ b/kralizec/donationcalc12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 124
+---
--- a/kralizec/dynamicdns11/README.md
+++ b/kralizec/dynamicdns11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 111
+---
--- a/kralizec/ejabberd/README.md
+++ b/kralizec/ejabberd/README.md
@@ -1,3 +1,9 @@
+---
+title: ejabberd configurations
+section: 6
+source: Decentrala
+---
+
 #On your PC
 Add this configuration to ~/.ssh/config

--- a/kralizec/ejabberd/ejabberd.yml
+++ b/kralizec/ejabberd/ejabberd.yml
--- a/kralizec/ejabberd11/README.md
+++ b/kralizec/ejabberd11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 106
+---
--- a/kralizec/elinearch/README.md
+++ b/kralizec/elinearch/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 119
+---
--- a/kralizec/flaskldap11/README.md
+++ b/kralizec/flaskldap11/README.md
@@ -0,0 +1,6 @@
+---
+VMID: 109
+---
+
+
+
--- a/kralizec/forum11/README.md
+++ b/kralizec/forum11/README.md
@@ -0,0 +1,46 @@
+---
+VMID: 119
+---
+
+
+## Data
+
+`/var/discourse/shared/web_only/`
+
+
+## Web 
+
+`/var/discourse_docker/`
+
+
+## Help
+
+`/var/discourse_docker/discourse_doctor`
+
+
+## Docker rebuild errors
+
+`/var/discourse_docker/launcher rebuild web_only`
+
+
+```
+Plugin name is 'ldap', but plugin directory is named 'discourse-ldap-auth'
+rake aborted!
+ActiveRecord::NoDatabaseError: We could not find your database: discoursedb. Available database configurations can be found in config/database.yml. (ActiveRecord::NoDatabaseError)
+
+```
+
+
+```
+FAILED
+--------------------
+Pups::ExecError: cd /var/www/discourse && su discourse -c 'bundle exec rake db:migrate' failed with return #<Process::Status: pid 593 exit 1>
+Location of failure: /usr/local/lib/ruby/gems/3.3.0/gems/pups-1.3.0/lib/pups/exec_command.rb:131:in `spawn'
+exec failed with the params {"cd"=>"$home", "tag"=>"migrate", "hook"=>"db_migrate", "cmd"=>["su discourse -c 'bundle exec rake db:migrate'"]}
+bootstrap failed with exit code 1
+** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
+./discourse-doctor may help diagnose the problem.
+a9a704b1ee166487d8cd2acd5bd9bcc050ed0ec93fc065f58440e4ae208e1937
+```
+
+
--- a/kralizec/gitea11/README.md
+++ b/kralizec/gitea11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 117
+---
--- a/kralizec/http11/README.md
+++ b/kralizec/http11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 104
+---
--- a/kralizec/krovhttp11/README.md
+++ b/kralizec/krovhttp11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 121
+---
--- a/kralizec/nginx/README.md
+++ b/kralizec/nginx/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 108
+---
--- a/kralizec/openldap12/README.md
+++ b/kralizec/openldap12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 127
+---
--- a/kralizec/postfix11/README.md
+++ b/kralizec/postfix11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 113
+---
--- a/kralizec/postgresql11/README.md
+++ b/kralizec/postgresql11/README.md
@@ -0,0 +1,14 @@
+---
+VMID: 105
+---
+
+Posgresql v13
+
+- ejabberd (xmpp)
+- discourse (forum)
+
+root@192.168.1.28
+
+other databases are migrated to posgresql12
+
+ 
--- a/kralizec/postgresql12/README.md
+++ b/kralizec/postgresql12/README.md
@@ -0,0 +1,54 @@
+---
+VMID: 121
+---
+
+PostgreSql v15
+
+port 5432
+
+[installation wiki](https://wiki.debian.org/PostgreSql)
+
+## Users
+
+- ejabberd
+- discorse
+- gitea
+- wiki
+- replication
+- xmppsqlkrov (not created)
+- dmzrsflask (not created)
+
+
+## Config for databases
+
+- ejabberddb - `/etc/ejabberd/ejabberd.yml`
+- discorsedb (forum11) `/etc/discorse_docker/containers/web_only.yml` and `-||-/data.yml`
+- giteadb `/etc/gitea/app.ini`
+- wikidb `/root/wiki/config.yml`
+- replication
+
+
+```sh
+pg_dump -d <database> -f <file>
+psql -U <user> -d <dababase> -f <dump.psql>
+
+```
+
+## Config file
+
+`/etc/postresql/15main/postresql.conf`
+changed listening_address from localhost to *
+
+`/etc/postresql/15main/pg_hba.conf`
+host all all all md5
+
+add `/etc/ssl/certs/ssl-cert-snakeoil.pem` to `/etc/ssl/` on every service
+
+
+## SSL
+
+For wiki machine certificate pinging is setup
+In config.yml on wiki machine, the certificate path for new sql server should be added
+
+
+    
--- a/kralizec/radionice11/README.md
+++ b/kralizec/radionice11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 116
+---
--- a/kralizec/roundcube12/README.md
+++ b/kralizec/roundcube12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 123
+---
--- a/kralizec/slapd/.gitignore
+++ b/kralizec/slapd/.gitignore
@@ -0,0 +1,2 @@
+acladd.ldif
+*gpg
--- a/kralizec/slapd/README.md
+++ b/kralizec/slapd/README.md
--- a/kralizec/slapd/acladd-template.ldif
+++ b/kralizec/slapd/acladd-template.ldif
--- a/kralizec/slapd/generateacl.sh
+++ b/kralizec/slapd/generateacl.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+READUSERS=""
+for i in $(cat servicesaccounts.txt); do READUSERS="$READUSERS by dn=\"$i\" read" ; done
+
+sed 's/READUSERS/'"$READUSERS"'/g' acladd-template.ldif > acladd.ldif
+
--- a/kralizec/slapd/generatecreds.sh
+++ b/kralizec/slapd/generatecreds.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function genpass(){
+echo $(shuf ../../scripts/shared/english.txt | head) | sed "s/ //g"
+}
+
+for i in $(cat servicesaccounts.txt) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; genpass) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output creds/$(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
+
--- a/kralizec/slapd/servicesaccounts.txt
+++ b/kralizec/slapd/servicesaccounts.txt
--- a/kralizec/ssh11/README.md
+++ b/kralizec/ssh11/README.md
@@ -0,0 +1,5 @@
+---
+VMID: 114
+---
+
+[wiki page](https://wiki.dmz.rs/en/sysadmin/ssh)
--- a/kralizec/sshfs11/README.md
+++ b/kralizec/sshfs11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 112
+---
--- a/kralizec/tor11/README.md
+++ b/kralizec/tor11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 101
+---
--- a/kralizec/webring12/README.md
+++ b/kralizec/webring12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 125
+---
--- a/kralizec/wiki11/README.md
+++ b/kralizec/wiki11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 120
+---
--- a/kralizec/wireguard11/README.md
+++ b/kralizec/wireguard11/README.md
@@ -0,0 +1,56 @@
+---
+VMID: 103
+---
+
+[Wireguard VPN quickstart](https://www.wireguard.com/quickstart)
+
+Check `dmzadmin` for `wireguard.gpg` to know who to contact for access 
+
+---
+
+### Client config
+
+Client config example
+`x` is the assigned on the server as peer:
+
+```conf
+
+[Interface]
+Address = 192.168.164.x/32
+DNS = 1.1.1.1
+MTU = 1420
+SaveConfig = true
+ListenPort = 51820
+FwMark = 0xca6c
+PrivateKey = <your_private_wg_key>
+
+[Peer]
+PublicKey = JP2FTHLUujkevz1kUymciLImsx1OX9ViUko7oPAIoiA=
+AllowedIPs = 192.168.164.0/24, 192.168.1.0/24
+Endpoint = 77.105.27.232:51820
+PersistentKeepalive = 21
+
+```
+
+---
+
+### Server config
+
+New user/client needs to provide their wireguard `publickey` and new ip on the network needs to be assigned (`x`)
+check the server config file `/etc/wireguard/wg0.conf` to find free address
+
+```sh
+sudo wg set wg0 peer <client_public_key> allowed-ips 192.168.164.x/32
+```
+
+---
+
+Command to resolve IP clashing with current and wireguard network, if needed
+
+```shell
+ip route add <ip> dev <wg0>
+```
+
+- `ip` you want to resolve -> for wireguard VM 192.168.1.10
+- `wg0` name of the wireguard config
+
--- a/kralizec/xmppmirror11/README.md
+++ b/kralizec/xmppmirror11/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 102
+---
--- a/krov/serverko/README.md
+++ b/krov/serverko/README.md
@@ -0,0 +1,22 @@
+# List of containers
+
+## serverko
+
+VMID Name  
+100  nginx12  
+101  ddns12  
+102  dmzrs12  
+103  tor12  
+104  slapd12  
+105  wireguard12  
+106  opensmptd12  
+107  ipv6tunnel12  
+108  postgres12  
+109  ejabberd12  
+110  dmzrsaccount  
+111  taskmanager12  
+112  stopreklamama12  
+
+##### Legend
+
+12 -> debian 12
--- a/krov/serverko/ddns12/README.md
+++ b/krov/serverko/ddns12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 101
+---
--- a/krov/serverko/dmzrs12/README.md
+++ b/krov/serverko/dmzrs12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 102
+---
--- a/krov/serverko/dmzrsaccount/README.md
+++ b/krov/serverko/dmzrsaccount/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 110
+---
--- a/krov/serverko/ejabberd12/README.md
+++ b/krov/serverko/ejabberd12/README.md
@@ -0,0 +1,5 @@
+---
+VMID: 109
+---
+
+XMPP server, used for future decentralization
--- a/krov/serverko/ipv6tunnel12/README.md
+++ b/krov/serverko/ipv6tunnel12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 107
+---
--- a/krov/serverko/ipv6tunnel12/etc/network/interfaces
+++ b/krov/serverko/ipv6tunnel12/etc/network/interfaces
--- a/krov/serverko/ipv6tunnel12/lib/systemd/system/ifuptunnel.service
+++ b/krov/serverko/ipv6tunnel12/lib/systemd/system/ifuptunnel.service
--- a/krov/serverko/ipv6tunnel12/root/scripts/netstart.sh
+++ b/krov/serverko/ipv6tunnel12/root/scripts/netstart.sh
--- a/krov/serverko/nginx12/README.md
+++ b/krov/serverko/nginx12/README.md
@@ -0,0 +1,26 @@
+---
+VMID: 100
+---
+
+This VM is a reverse proxy, all serveces go through it and get their SSL certificates
+
+## Creating new record
+
+```sh
+cd /etc/nginx/sites-available/ # configs are located here
+vim.tiny pastebin.dmz.rs # using pastebin as example, copy existing one and edit it
+ln -s /etc/nginx/sites-available/pastebin.dmz.rs  /etc/nging/sites-enabled/pastebin.dmz.rs # creating link since file is the same
+mkdir /var/www/pastebindmzrs # new dir where certificate will be validated
+nginx -t # checking for errors
+systemctl reload nginx.service # reloading the service for changes to apply, reset will work too
+service nginx reload # alternative server reload
+certbot certonly --webroot -w /var/www/pastebindmzrs -d pastebin.dmz.rs -d pastebin.decentrala.org # requesting the certificates
+```
+
+## renewal
+
+```sh
+ls /var/www/
+cd /etc/letsencrypt/renewal
+certbot renew
+```
--- a/krov/serverko/opensmptd12/README.md
+++ b/krov/serverko/opensmptd12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 106
+---
--- a/krov/serverko/opensmtpd12/crontab
+++ b/krov/serverko/opensmtpd12/crontab
--- a/krov/serverko/opensmtpd12/etc/mailname
+++ b/krov/serverko/opensmtpd12/etc/mailname
--- a/krov/serverko/opensmtpd12/etc/smtpd.conf
+++ b/krov/serverko/opensmtpd12/etc/smtpd.conf
--- a/krov/serverko/postgres12/README.md
+++ b/krov/serverko/postgres12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 108
+---
--- a/krov/serverko/slapd12/README.md
+++ b/krov/serverko/slapd12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 104
+---
--- a/krov/serverko/slapd12/etc/default/slapd
+++ b/krov/serverko/slapd12/etc/default/slapd
--- a/krov/serverko/slapd12/root/aclupdate.sh
+++ b/krov/serverko/slapd12/root/aclupdate.sh
--- a/krov/serverko/slapd12/root/ldifs/acladd.ldif
+++ b/krov/serverko/slapd12/root/ldifs/acladd.ldif
--- a/krov/serverko/slapd12/root/ldifs/acldel.ldif
+++ b/krov/serverko/slapd12/root/ldifs/acldel.ldif
--- a/krov/serverko/slapd12/root/ldifs/tls.ldif
+++ b/krov/serverko/slapd12/root/ldifs/tls.ldif
--- a/krov/serverko/slapd12/root/modify.sh
+++ b/krov/serverko/slapd12/root/modify.sh
--- a/krov/serverko/slapd12/root/setup.sh
+++ b/krov/serverko/slapd12/root/setup.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+./modify.sh ldifs/tls.ldif
+./aclupdate.sh
--- a/krov/serverko/stopreklamama12/README.md
+++ b/krov/serverko/stopreklamama12/README.md
@@ -0,0 +1,6 @@
+---
+VMID: 112
+---
+
+This container is for hosting the [website](https://gitea.dmz.rs/svitvojimilioni/stopreklamama)
+hosted on domen `stopreklamama.dmz.rs`
--- a/krov/serverko/taskmanager12/README.md
+++ b/krov/serverko/taskmanager12/README.md
@@ -0,0 +1,8 @@
+---
+VMID: 111
+---
+
+Old app for group task managment, [gitea project](https://gitea.dmz.rs/Decentrala/taskmanager)
+Hosted on [todo.dmz.rs](https://todo.dmz.rs/)
+
+Now using soft.dmz.rs/fixme instead
--- a/krov/serverko/tor12/README.md
+++ b/krov/serverko/tor12/README.md
@@ -0,0 +1,5 @@
+---
+VMID: 103
+---
+
+In this container hosts the tor onion service, used for remote access to the proxmox, through tor.
--- a/krov/serverko/wireguard12/README.md
+++ b/krov/serverko/wireguard12/README.md
@@ -0,0 +1,5 @@
+---
+VMID: 105
+---
+
+Wireguard server for VPN access to krov network
--- a/krov/srv1/README.md
+++ b/krov/srv1/README.md
@@ -0,0 +1,39 @@
+# List of containers
+
+# srv1
+
+VMID Name  
+100  ssh12
+101  vukbox
+102  mad3v-container-postgresql  
+103  nextcloud1 
+104  pentest
+105  dns12
+106  cryptpad  
+107  cryptpad12
+108  ejabberd12 
+109  dante12  
+111  postgresql12
+112  gitea12
+113  game12 
+114  coja-nginx 
+115  mad3v-container-1  
+116  hugo12  
+118  mumble
+119  netstat-game12
+120  privatebin12
+121  searxng12 
+122  alpine-it-tools  
+123  test  
+124  jitsi12
+
+---
+
+### Hardware
+
+Dell enterprise server
+
+##### Legend
+
+12 -> debian 12 lxc
+
--- a/krov/srv1/alpine-it-tools/README.md
+++ b/krov/srv1/alpine-it-tools/README.md
@@ -0,0 +1,7 @@
+---
+VMID: 122
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=alpine-it-tools)
+
+Plan to host it on tools.dmz.rs
--- a/krov/srv1/cryptpad12/README.md
+++ b/krov/srv1/cryptpad12/README.md
@@ -0,0 +1,13 @@
+---
+VMID: 106
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=cryptpad)
+
+[Project page](https://cryptpad.org/)
+
+
+Plan to host it on cryptpad.dmz.rs
+
+cryptpad (106) is already on that subdomain, but it doesnt work
+
--- a/krov/srv1/ejabberd12/README.md
+++ b/krov/srv1/ejabberd12/README.md
@@ -0,0 +1,5 @@
+---
+VMID: 108
+---
+
+XMPP server, practice for future decentralization of the service
--- a/krov/srv1/homeAssistentInstanca/README.md
+++ b/krov/srv1/homeAssistentInstanca/README.md
@@ -0,0 +1,9 @@
+---
+VMID: 117
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=haos-vm)
+
+[Forum descussion](https://forum.dmz.rs/t/automatizacija-krova/469)
+
+
--- a/krov/srv1/jitsi12/README.md
+++ b/krov/srv1/jitsi12/README.md
@@ -0,0 +1,9 @@
+---
+VMID: 124
+---
+
+Video converencing server. Zoom alternative.
+
+[website](https://jitsi.org/)
+
+Plan to host it on jitsi.dmz.rs, video.dmz.rs or else
--- a/krov/srv1/mumble/README.md
+++ b/krov/srv1/mumble/README.md
@@ -0,0 +1,9 @@
+---
+VMID: 118
+---
+
+VOIP server, hosted on krov.dmz.rs
+
+[website](https://www.mumble.info/)
+
+
--- a/krov/srv1/netstat-game12/README.md
+++ b/krov/srv1/netstat-game12/README.md
@@ -0,0 +1,6 @@
+---
+VMID: 119 
+---
+
+Open arena server, free clone of FPS Quake III Arena
+Hosted on krov.dmz.rs:27960 for LAN Parties
--- a/krov/srv1/nextcloud1/README.md
+++ b/krov/srv1/nextcloud1/README.md
@@ -0,0 +1,9 @@
+---
+VMID: 103
+---
+
+Plan for this services was to use the shared callendar with members of DC Krov
+
+Register as a user is disabled, only admins can create the accounts
+LDAP is not connected
+
--- a/krov/srv1/old-abandoned/README.md
+++ b/krov/srv1/old-abandoned/README.md
@@ -0,0 +1 @@
+Those serveces are not on the server
--- a/krov/srv1/old-abandoned/chatbot12/README.md
+++ b/krov/srv1/old-abandoned/chatbot12/README.md
@@ -0,0 +1,5 @@
+---
+VMID: 114
+---
+
+[Forum discussion](https://forum.dmz.rs/t/jel-neko-u-krovu-bot/779)
--- a/krov/srv1/old-abandoned/dendrite/README.md
+++ b/krov/srv1/old-abandoned/dendrite/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 103
+---
--- a/krov/srv1/old-abandoned/goodvibes12/README.md
+++ b/krov/srv1/old-abandoned/goodvibes12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 115
+---
--- a/krov/srv1/old-abandoned/mariadb12/README.md
+++ b/krov/srv1/old-abandoned/mariadb12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 107
+---
--- a/krov/srv1/old-abandoned/mpd12/README.md
+++ b/krov/srv1/old-abandoned/mpd12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 108
+---
--- a/krov/srv1/old-abandoned/ollama12/README.md
+++ b/krov/srv1/old-abandoned/ollama12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 113
+---
--- a/krov/srv1/old-abandoned/tor12/README.md
+++ b/krov/srv1/old-abandoned/tor12/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 102
+---
--- a/krov/srv1/old-abandoned/ympd/README.md
+++ b/krov/srv1/old-abandoned/ympd/README.md
@@ -0,0 +1,3 @@
+---
+VMID: 109
+---
--- a/krov/srv1/other/README.md
+++ b/krov/srv1/other/README.md
@@ -0,0 +1,32 @@
+Here should be the list of other containers on the server
+
+## "Personal containers" 
+created on some of the sysadmin workshops, used for learning and practice, usually named by the nickname
+
+- vukbox
+- hugo12
+- malin
+- mad3v-container-postresql
+- mad3v-container-1
+- coja-nginx hosting [coja.krov.dmz.rs](https://coja.krov.dmz.rs/)
+- 
+
+---
+
+## Other 
+
+- pentest - created by fleka for CTF challange
+
+---
+
+## Containers with no info
+Feel free to add info 
+
+- dante12
+- dns12
+- gitea12
+- test
+- game12
+
+
+
--- a/krov/srv1/postgresql12/README.md
+++ b/krov/srv1/postgresql12/README.md
@@ -0,0 +1,5 @@
+---
+VMID: 111
+---
+
+Probably used as a testing ground for syncing the database, for future decentralization.
--- a/krov/srv1/privatebin12/README.md
+++ b/krov/srv1/privatebin12/README.md
@@ -0,0 +1,10 @@
+---
+VMID: 120
+---
+
+Installed with [proxmox helper scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=privatebin)
+
+[Project page](https://privatebin.info/)
+
+Hosted on [subdomain on dmz](https://pastebin.dmz.rs/)
+
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
coja	b35e807e3c	[Doc] ldap, forum, postresql	2025-08-31 21:55:51 +02:00
Malin Freeborn	cdeecc2335	note that dmz.rs exists	2025-08-09 06:25:14 +02:00
Malin Freeborn	ee67175267	fun with json	2025-08-09 06:20:14 +02:00
Malin Freeborn	713ae20355	note how to access moxx	2025-08-09 06:13:41 +02:00
Malin Freeborn	52b49188f2	note moxx' address	2025-08-06 19:51:57 +02:00
Malin Freeborn	7e8898b341	setup: how to access lxc over ssh	2025-08-06 19:51:12 +02:00
coja	24a8122222	[Serverko] added some docs	2025-04-14 23:26:58 +02:00
coja	9ad7211e37	[Srv1] Updated vm list and added some docs	2025-04-14 23:12:19 +02:00
Malin Freeborn	2624425727	make network map depending on what is installed	2025-03-31 22:25:51 +02:00
coja	b872a25cc0	[Doc] added, cryptpad, searxng and privatebin	2025-03-31 03:05:40 +02:00
Malin Freeborn	0b514b29e1	edit wireguard syntax	2025-03-26 16:32:10 +01:00
Malin Freeborn	f398f52e55	generate graphviz png	2025-03-26 16:29:53 +01:00
Malin Freeborn	cd9bdb80c1	remove half-baked man page generator	2025-03-26 16:29:53 +01:00
coja	aa65808edd	[Readme] update	2025-03-26 05:33:01 +01:00
coja	1b09537f14	[Readme] update Signed-off-by: coja <coja@dmz.rs>	2025-03-26 05:15:42 +01:00
coja	a829cce278	[Readme] update Signed-off-by: coja <coja@dmz.rs>	2025-03-26 05:04:30 +01:00
netstat	edb9f7b785	sshfs doesn't exist on srv1, but postgres does with that id	2025-03-25 23:00:56 +01:00
coja	64f9f6ffa3	[Doc] changed readme	2025-03-25 22:49:19 +01:00
Malin Freeborn	40a4064ddb	add graph-easy dependency	2025-03-25 22:44:59 +01:00
Malin Freeborn	763748322a	note recutils package required	2025-03-25 22:44:59 +01:00
Malin Freeborn	fdb9cf9514	add record info to network.rec	2025-03-25 22:44:59 +01:00
Malin Freeborn	1d35d54af1	embiggen recutils examples	2025-03-25 22:44:58 +01:00
Malin Freeborn	452970261e	create check target	2025-03-25 22:44:58 +01:00
Malin Freeborn	12644b80da	autogenerate map from network info	2025-03-25 22:44:58 +01:00
Malin Freeborn	4b9dae9b3a	give example of inserting record	2025-03-25 22:44:58 +01:00
Malin Freeborn	85479ec6ed	note recutils example command	2025-03-25 22:44:58 +01:00
Malin Freeborn	9ff9633bc4	fix container and host names	2025-03-25 22:44:58 +01:00
Malin Freeborn	37b3d56676	rework routers	2025-03-25 22:44:58 +01:00
Malin Freeborn	0ecdda7302	names and places	2025-03-25 22:44:57 +01:00
Malin Freeborn	f08d2838e3	expand network db	2025-03-25 22:44:57 +01:00
Malin Freeborn	0f58a26e60	basic network db	2025-03-25 22:44:57 +01:00
coja	76e9650abe	[Doc] added wiki link to ssh	2025-03-25 20:51:32 +01:00
Malin Freeborn	624e8d2bfd	remove suggested username from ssh FAQ	2025-03-25 20:32:16 +01:00
Malin Freeborn	c8282c82c5	Merge branch 'master' of ssh://gitea.dmz.rs:2222/Decentrala/dmzconf	2025-03-22 12:21:02 +01:00
coja	c81ef26f4e	[scripts] added generate random pass script	2025-03-22 05:02:51 +01:00
coja	dbd7f3dfd4	[kralizec] updated readme for wireguard	2025-03-22 04:21:53 +01:00
coja	547ef14a31	[kralizec] added readme for wireguard	2025-03-22 04:11:41 +01:00
Malin Freeborn	e44620521f	remove old showpass script The dmzadmin repo now populates password lists, no need for this.	2025-03-20 18:58:48 +01:00
Malin Freeborn	49c1417b8a	make soft man pages	2024-12-06 22:39:45 +01:00
Malin Freeborn	bbea859ffe	split services by directory	2024-12-06 22:30:54 +01:00
Malin Freeborn	6882610a0e	show git aliases	2024-12-06 22:29:42 +01:00
Txrpe	a62ddf2408	add note about webhooks for soft serve	2024-12-06 22:23:16 +01:00
Malin Freeborn	83c40a44a1	remove UTF8 crap	2024-12-05 17:12:10 +01:00
Malin Freeborn	c7eb11f603	add setup ssh-FAQ	2024-12-05 17:06:07 +01:00
Malin Freeborn	7bcf9b3ac5	fix man section feedback	2024-12-05 16:33:38 +01:00
Malin Freeborn	2d9fa2ab9b	make man pages from readme files	2024-12-05 15:29:34 +01:00
Malin Freeborn	d1931d2e8b	note soft collaborators	2024-12-04 20:03:14 +01:00
Malin Freeborn	7c28e70eb4	new structure checks and fixes - markdown formatting - turn soft-serve.md into soft-serve/README.md	2024-12-04 15:42:21 +01:00
Malin Freeborn	eb5d3b018b	new structure This kicks off the basic tree structure, where the docs all mirror the reality, like an ascii penumbra.	2024-12-04 15:32:53 +01:00
Malin Freeborn	c3f34f9eea	reformat soft-serve docs	2024-12-04 13:01:12 +01:00
Malin Freeborn	0a899d933b	reorganize docs Each host gets a directory. Containers will soon also have their own directory.	2024-12-03 22:54:47 +01:00
wingaxe	52b7c1f3e0	Adding .gitignore	2024-12-02 21:58:12 -05:00
wingaxe	ff241e6757	Adding help option in makefile	2024-12-02 21:42:15 -05:00
Malin Freeborn	c8283e1d08	add ability to remove unimportant items	2024-12-03 20:05:31 +01:00
Malin Freeborn	54c560bb4f	add network map	2024-12-02 16:00:00 +01:00
Malin Freeborn	febce132d8	recognize password limits	2024-05-21 22:14:08 +02:00
Malin Freeborn	b86c84df60	add showpass.sh	2024-04-07 19:42:48 +02:00
fram3d	30efaeb4fa	fix readme formating in hosts folder	2024-02-17 03:39:38 +01:00
fram3d	8a7d630102	move list of ct to readmes	2024-02-17 03:33:52 +01:00
fram3d	889cf9db0f	add list of vms and update slapd script	2024-02-17 03:23:21 +01:00
fram3d	da563fd8be	add onionadd script	2024-02-13 03:08:27 +01:00
fram3d	4b272c2929	fix scripts	2024-02-13 01:36:11 +01:00
fram3d	2e62c1b33b	fix proxy host header in addsubdomain nginx config	2024-01-27 22:51:46 +01:00
fram3d	9cc158336b	support ip address as new argument in addsub.sh	2024-01-27 22:37:26 +01:00
fram3d	935cfc0979	fix slapd acl generation scripts	2024-01-22 18:56:17 +01:00
fram3d	080a546bfb	add support for mkdir when parent folders arent created	2024-01-22 18:40:10 +01:00