draft: knowledge base makefile

- markdown formatting
- turn soft-serve.md into soft-serve/README.md

.gitignore

@@ -1 +1 @@
-map.txt
+*.txt

Makefile

@@ -1,3 +1,52 @@
-output: map.txt
-map.txt: map.md
-	cat map.md | graph-easy --boxart > map.txt
+.PHONY: help
+
+help: ## Print the help message
+	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z._-]+:.*?## / {printf "\033[36m%s\033[0m : %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
+		sort | \
+		column -s ':' -t
+
+map.txt: map.ge ## Making map.txt
+	grep -v '# unimportant' $< | graph-easy --boxart > $@
+	cat $@
+
+full_map.txt: map.ge ## Generating full_map.txt with graph-easy
+	graph-easy --boxart < $< > $@
+	cat $@
+
+########## Man Pages ##########
+
+mandir = $(HOME)/.local/man/man6
+
+kralizec_docs != grep -rl "^section:" kralizec 
+kralmans = $(kralizec_docs:kralizec/%/README.md=$(mandir)/%.6)
+
+$(mandir)/%.6: kralizec/%/README.md
+	lowdown -stman $< > $@
+
+krov_docs != grep -rl "^section:" krov 
+krovmans = $(krov_docs:krov/%/README.md=$(mandir)/%.6)
+
+$(mandir)/%.6: krov/%/README.md
+	lowdown -stman $< > $@
+
+setup_docs != grep -rl "^section:" setup 
+setupmans = $(setup_docs:setup/%.md=$(mandir)/%.6)
+
+$(mandir)/%.6: setup/%.md
+	lowdown -stman $< > $@
+
+$(mandir):
+	mkdir -p $@
+
+$(kralmans) $(krovmans) $(setupmans) :| $(mandir)
+
+.PHONY: pages
+pages: $(kralmans) $(krovmans) $(setupmans)
+	$(info $(kralmans))
+	@test ! $(command -v mandb) || mandb --user-db
+	$(info Open DMZ's man pages with 'man 6 <tab>')
+
+##########
+
+clean:
+	$(RM) $(kralmans) $(krovmans)

README.md

@@ -13,5 +13,5 @@ These setup files provide the text-only configurations for DMZ.
     - Idempotency.
 - All secrets stored elsewhere (probably in the `dmzadmin` repo)
 - Any maintenance scripts.
-- Configurations should reside in shadow-directories, e.g. a backup of `/etc/soft/config` should reside in this repo under `etc/soft/config`.
+- Configurations should reside in shadow-directories, e.g. a backup `soft-serve`'s `config.yaml` should reside in this repo under `splint.rs/soft-serve/etc/soft/config.yaml`.
 

docs/dmzrs/README.md

@@ -1,26 +0,0 @@
-Add this configuration to ~/.ssh/config file
-
-Host dmzkrovdmzrs12
-  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
-  User root 
-  IdentityFile ~/.ssh/id_rsa
-  PasswordAuthentication no
-
-Now you can log in by typing:
-torsocks ssh dmzkrovdmzrs12
-
-Install all needed packages
-apt install rsync git nginx
-git clone https://gitea.dmz.rs/Decentrala/website
-
-Run updatewebsite.sh script every minute using crontab (run "crontab -e")
-This fill automaticlly pull from git repo and regenerate events page
-
-Add nginx-dmz.rs.conf to /etc/nginx/sites-available/dmz.rs and create a symlink
-from /etc/nginx/sites-enabled/dmz.rs to that file
-You can do this by running:
-ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
-
-Increase server_names_hash_bucket_size to 256 in /etc/nginx/nginx.conf in order to support onion addresses.
-
-In the nginx configuration /account/ is redirected to luser (https://gitea.dmz.rs/fram3d/luser) instance running at 192.168.1.211

hosts/krov/slapd12/root/setup.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-ldapmodify -H ldapi:/// -Y EXTERNAL -f ldifs/tls.ldif
-./aclupdate.sh

kn.mk

@@ -0,0 +1,18 @@
+all_docs != find krov/serverko -name README.md
+
+path_to_docs = $(patsubst krov/%/README.md, docs/%.md, $(all_docs))
+
+stripped_docs = $(notdir $(path_to_docs))
+
+x:
+	$(info $(all_docs))
+	$(info $(stripped_docs))
+
+docs/kralizec/%.md: kralizec/%/README.md
+	mkdir -p $(@D)
+	cp $< $@
+
+docs/serverko/%.md: krov/serverko/%/README.md
+	mkdir -p $(@D)
+	cp $< $@
+

kralizec/README.md

@@ -0,0 +1,27 @@
+# List of containers
+
+VMID Name  
+101  tor11  
+102  xmppmirror11  
+104  http11  
+105  postgresql11  
+106  ejabberd11  
+108  nginx  
+109  flaskldap11  
+111  dynamicdns11  
+112  sshfs11  
+113  postfix11  
+114  ssh11  
+115  cgit11  
+116  radionice11  
+117  gitea11  
+118  dmzrsflask11  
+119  elinearch  
+120  wiki11  
+121  krovhttp11  
+122  dmzrs12  
+123  roundcube12  
+124  donationcalc12  
+125  webring12  
+126  cryptpad-deb-12  
+127  openldap12  

kralizec/cgit11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 115
+---

kralizec/cryptpad-deb-12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 126
+---

kralizec/dmzrs/README.md

@@ -0,0 +1,40 @@
+Add this configuration to `~/.ssh/config` file
+
+```
+Host dmzkrovdmzrs12
+  Hostname veyxphzuqnooc7wb7utfza3joaoopgqgwp6l6d4en5yfmyr7kxvminqd.onion
+  User root 
+  IdentityFile ~/.ssh/id_rsa
+  PasswordAuthentication no
+
+```
+
+Now you can log in by typing:
+
+
+```bash
+torsocks ssh dmzkrovdmzrs12
+```
+
+Install all needed packages:
+
+
+```bash
+apt install rsync git nginx
+git clone https://gitea.dmz.rs/Decentrala/website
+```
+
+Run `updatewebsite.sh` script every minute using `crontab` (run "`crontab -e`")
+This fill automatically pull from git repo and regenerate events page
+
+Add `nginx-dmz.rs.conf` to `/etc/nginx/sites-available/dmz.rs` and create a symlink
+from `/etc/nginx/sites-enabled/dmz.rs` to that file.
+You can do this by running:
+
+```bash
+ln -s /etc/nginx/sites-available/dmz.rs /etc/nginx/sites-enabled/dmz.rs
+```
+
+Increase `server_names_hash_bucket_size` to 256 in `/etc/nginx/nginx.conf` in order to support onion addresses.
+
+In the `nginx` configuration /account/ is redirected to the `luser` [instance](https://gitea.dmz.rs/fram3d/luser)  running at `192.168.1.211`.

kralizec/dmzrs12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 122
+---

kralizec/dmzrsflask11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 118
+---

kralizec/donationcalc12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 124
+---

kralizec/dynamicdns11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 111
+---

kralizec/ejabberd/README.md

@@ -1,3 +1,9 @@
+---
+title: ejabberd configurations
+section: 6
+source: Decentrala
+---
+
 #On your PC
 Add this configuration to ~/.ssh/config
 

kralizec/ejabberd11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

kralizec/elinearch/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 119
+---

kralizec/flaskldap11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

kralizec/gitea11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 117
+---

kralizec/http11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 104
+---

kralizec/krovhttp11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 121
+---

kralizec/nginx/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

kralizec/openldap12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 127
+---

kralizec/postfix11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 113
+---

kralizec/postgresql11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 105
+---

kralizec/radionice11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 116
+---

kralizec/roundcube12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 123
+---

kralizec/ssh11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 114
+---

kralizec/sshfs11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 112
+---

kralizec/tor11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 101
+---

kralizec/webring12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 125
+---

kralizec/wiki11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 120
+---

kralizec/xmppmirror11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/serverko/README.md

@@ -0,0 +1,19 @@
+# List of containers
+
+## serverko
+
+VMID Name  
+100  nginx12  
+101  ddns12  
+102  dmzrs12  
+103  tor12  
+104  slapd12  
+105  wireguard12  
+106  opensmptd12  
+107  ipv6tunnel12  
+108  postgres12  
+109  ejabberd12  
+110  dmzrsaccount  
+111  taskmanager12  
+112  stopreklamama12  
+

krov/serverko/ddns12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 101
+---

krov/serverko/dmzrs12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/serverko/dmzrsaccount/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 110
+---

krov/serverko/ejabberd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

krov/serverko/ipv6tunnel12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 107
+---

krov/serverko/nginx12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 100
+---

krov/serverko/opensmptd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

krov/serverko/postgres12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

krov/serverko/slapd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 104
+---

krov/serverko/slapd12/root/setup.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+./modify.sh ldifs/tls.ldif
+./aclupdate.sh

krov/serverko/stopreklamama12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 112
+---

krov/serverko/taskmanager12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 111
+---

krov/serverko/tor12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 103
+---

krov/serverko/wireguard12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 105
+---

krov/srv1/README.md

@@ -0,0 +1,15 @@
+# List of containers
+
+## srv1
+
+VMID Name  
+102  tor12  
+103  dendrite  
+106  icecast12  
+107  mariadb12  
+108  mpd12  
+109  ympd  
+111  sshfs11
+113  ollama12  
+114  chatbot12  
+115  goodvibes12  

krov/srv1/chatbot12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 114
+---

krov/srv1/dendrite/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 103
+---

krov/srv1/goodvibes12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 115
+---

krov/srv1/icecast12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 106
+---

krov/srv1/mariadb12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 107
+---

krov/srv1/mpd12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 108
+---

krov/srv1/ollama12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 113
+---

krov/srv1/sshfs11/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 111
+---

krov/srv1/tor12/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 102
+---

krov/srv1/ympd/README.md

@@ -0,0 +1,3 @@
+---
+VMID: 109
+---

map.ge

@@ -0,0 +1,39 @@
+# Network map of Decentrala.  Use with:
+# graph-easy --boxart < netmap.txt
+
+(Mox
+	[ m_router ]{label: router ;}
+	[ wireguard ] --> [ m_nginx ]{label: nginx-11 ;}
+	[ wiki ] --> [ m_nginx ]
+	[ gitea ] --> [ m_nginx ]
+	[ tor11 ] --> [ m_nginx ] --> [ m_router ]
+	[ smtp ]
+)
+
+(Serverko
+	[ s_nginx ]{label: nginx-12 ;}
+	[ s_router ]{label: router ;}
+	[ s_nginx ] --> [ nextcloud ]
+	[ s_nginx ] --> [ tor12 ]
+	[ s_nginx ] --> [ s_router ]
+)
+
+(splint.rs # unimportant
+	[ soft-serve ] # unimportant
+	[ mail-cache ]# unimportant
+) # unimportant
+
+[ tor12 ] <..> [ onions ] <..> [ tor11 ]
+[ m_router ] <..> [ BGP ] <..> [ madness ] <..> [ s_router ]
+[ smtp ] <..> [ madness ]
+[ madness ] <..> [  mail-cache ]# unimportant
+[ A ]{label: "" ;}
+[ B ]{label: "" ;}
+[ C ]{label: "" ;}
+[ D ]{label: "" ;}
+[ onions ] <..> [ A ]
+[ onions ] <..> [ B ]
+[ A ] <..> [ C ]
+[ B ] <..> [ D ]
+
+(Sharks! [ D ])

map.md

@@ -1,7 +0,0 @@
-### Network Map Generator ###
-# Used with graph-easy.
-# Install graph easy with `apt install perl-graph-easy`.
-
-[ gateway ] -- ssh-2222 --> [ gitea11 (192.168.1.36) ]
-[ gateway ] --> [ ssh11 (192.168.1.20) ]
-

scripts/addsubdomain/addsub.sh

@@ -5,6 +5,7 @@ DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
 
 NGINXHOST=$1
 SUBDOMAIN=$2
+CTIPADDRESS=$3
 
 if [[ -z "$NGINXHOST" ]]; then 
 	echo "Set Nginx Host"
@@ -16,10 +17,15 @@ if [[ -z "$SUBDOMAIN" ]]; then
         exit 1
 fi
 
+
 ssh-add -t 200 $DMZKEYFILE
 torsocks scp ./remotecmd $NGINXHOST:/root/remotecmd.sh
 torsocks scp ./subdomain.dmz.rs.http $NGINXHOST:/etc/nginx/sites-available/
 torsocks scp ./subdomain.dmz.rs.https $NGINXHOST:/etc/nginx/sites-available/
 
+if [[ -z "$CTIPADDRESS" ]]; then 
+	torsocks scp ./subdomain.dmz.rs.proxy $NGINXHOST:/etc/nginx/sites-available/
+fi
+
 torsocks ssh $NGINXHOST "chmod +x /root/remotecmd.sh; /root/remotecmd.sh $SUBDOMAIN"
 

scripts/addsubdomain/remotecmd

@@ -8,10 +8,17 @@ if [[ -z "$SUBDOMAIN" ]]; then
         exit 1
 fi
 
+if [[ -z "$CTIPADDRESS" ]]; then 
+	sed -i 's/CTIPADDRESS/'$CTIPADDRESS'/g' /etc/nginx/sites-available/subdomain.dmz.rs.proxy
+        mv /etc/nginx/sites-available/subdomain.dmz.rs.proxy /etc/nginx/sites-available/subdomain.dmz.rs.https
+fi
+
 sed -i 's/subdomain/'$SUBDOMAIN'/g' /etc/nginx/sites-available/subdomain.dmz.rs.http
 sed -i 's/subdomain/'$SUBDOMAIN'/g' /etc/nginx/sites-available/subdomain.dmz.rs.https
 sed -i 's/subnodot/'$SUBNODOT'/g' /etc/nginx/sites-available/subdomain.dmz.rs.http
 sed -i 's/subnodot/'$SUBNODOT'/g' /etc/nginx/sites-available/subdomain.dmz.rs.https
+
+
 mkdir /var/www/"$SUBNODOT"dmzrs/
 mv /etc/nginx/sites-available/subdomain.dmz.rs.http /etc/nginx/sites-available/"$SUBDOMAIN".dmz.rs.http
 mv /etc/nginx/sites-available/subdomain.dmz.rs.https /etc/nginx/sites-available/"$SUBDOMAIN".dmz.rs.https

scripts/addsubdomain/subdomain.dmz.rs.proxy

@@ -0,0 +1,29 @@
+server {
+	listen 443 ssl ;
+	listen [::]:443 ssl ;
+
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name subdomain.dmz.rs subdomain.decentrala.org;
+
+	ssl_certificate /etc/letsencrypt/live/subdomain.dmz.rs/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/subdomain.dmz.rs/privkey.pem;
+	ssl_dhparam /etc/ssl/dhparam.pem;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers HIGH:!aNULL:!MD5;
+
+
+	location / {
+       		proxy_set_header Host subdomain.dmz.rs;
+       		proxy_set_header X-Real-IP $remote_addr;
+       		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+       		proxy_pass http://CTIPADDRESS$request_uri;
+       }
+
+	location /.well-known/acme-challenge/ {
+		root /var/www/subnodotdmzrs;
+	}
+
+	resolver 9.9.9.9;
+}

scripts/ctcreate/ctcreate.sh

@@ -2,6 +2,8 @@
 ## Create new Linux contanier at a proxmox host
 
 DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+USER=$(cut -d" " -f3 $DMZKEYFILE.pub | cut -d "@" -f1)
+USEREMAIL=$(cut -d" " -f3 $DMZKEYFILE.pub)
 
 PROXMOXHOST=$1
 CTHOST=$2
@@ -23,25 +25,26 @@ if [[ -z "$GENPASS" ]]; then
         exit 1
 fi
 
-ssh-add -t 200 $DMZKEYFILE
+ssh-add -t 600 $DMZKEYFILE
 torsocks scp ./remotecmd $PROXMOXHOST:/root/ctcreate.sh
+torsocks scp $DMZKEYFILE.pub $PROXMOXHOST:/root/.ssh/$USER.pub
 
-torsocks ssh $PROXMOXHOST "chmod +x /root/ctcreate.sh; /root/ctcreate.sh $CTHOST $GENPASS" >> cmdoutput.txt
+torsocks ssh $PROXMOXHOST "chmod +x /root/ctcreate.sh; /root/ctcreate.sh $CTHOST $GENPASS $USER" >> cmdoutput.txt
 
 CREDS=$( tail -3 cmdoutput.txt)
 
 rm cmdoutput.txt
 
-printf "$CREDS\n" | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output ~/src/dmzadmin/credentials/krov/$CTHOST.gpg
+printf "$CREDS\n" | gpg -e -r $USEREMAIL --output $CTHOST.gpg
 
 CTIP=$(printf "$CREDS" | head -1 | cut -d'@' -f 2)
 
-echo Host dmzkrov$CTHOST >> ~/.ssh/autoconfig
-echo "  Hostname" $CTIP >> ~/.ssh/autoconfig
-echo "  ProxyJump" dmzkrovtor12 >> ~/.ssh/autoconfig
-echo "  User" root >> ~/.ssh/autoconfig
-echo "  IdentityFile" /home/anon/.ssh/krov/tor11 >> ~/.ssh/autoconfig
-echo "  PasswordAuthentication" no >> ~/.ssh/autoconfig
+echo "Host dmzkrov"$CTHOST >> ~/.ssh/autoconfig
+echo "  Hostname "$CTIP >> ~/.ssh/autoconfig
+echo "  ProxyJump dmzkrovtor12" >> ~/.ssh/autoconfig
+echo "  User root" >> ~/.ssh/autoconfig
+echo "  IdentityFile "$DMZKEYFILE >> ~/.ssh/autoconfig
+echo "  PasswordAuthentication no" >> ~/.ssh/autoconfig
 
 ssh -R $CTIP
 torsocks scp ./newct dmzkrov$CTHOST:/root/newct.sh

scripts/ctcreate/newct

@@ -1,5 +1,5 @@
 #!/bin/bash
 apt update
 apt -y dist-upgrade 
-apt install unattended-upgrades 
+apt -y install unattended-upgrades 
 dpkg-reconfigure unattended-upgrades 

scripts/ctcreate/remotecmd

@@ -1,6 +1,7 @@
 #!/bin/bash
 CTHOSTNAME=$1
 CTPASS=$2
+USER=$3
 
 echo Creating $CTHOSTNAME ...
 
@@ -17,6 +18,11 @@ if [[ -z "$CTPASS" ]]; then
         exit 1
 fi
 
+if [[ -z "$USER" ]]; then 
+	echo "USER not set"
+        exit 1
+fi
+
 if [[ -z "$LASTID" ]]; then 
 	LASTID=99
 fi

scripts/onionadd/cmdoutput.txt

@@ -0,0 +1 @@
+j3kztfnedlfhikhr7uro7uxzf35xbrtcu4omzbl2bqb6ygakipcw62yd.onion

scripts/onionadd/onionadd.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+## Create new Linux contanier at a proxmox host
+
+DMZKEYFILE=$(echo -n ~)"/.ssh/dmz"
+
+TORHOST=$1
+CTHOST=$2
+CTIP=$3
+
+if [[ -z "$TORHOST" ]]; then 
+	echo "Set Tor Host"
+        exit 1
+fi
+
+if [[ -z "$CTHOST" ]]; then 
+	echo "Set CT hostname"
+        exit 1
+fi
+
+if [[ -z "$CTIP" ]]; then 
+	CTIP=$(grep -C 1 $CTHOST ~/.ssh/autoconfig | tail -1 | cut -d" " -f4)
+fi
+
+ssh-add -t 600 $DMZKEYFILE
+torsocks scp ./remotecmd $TORHOST:/root/onionadd.sh
+
+torsocks ssh $TORHOST "chmod +x /root/onionadd.sh; /root/onionadd.sh $CTHOST $CTIP" >> cmdoutput.txt
+torsocks ssh $TORHOST "rm /root/onionadd.sh"
+
+HOSTNAME=$(tail -1 cmdoutput.txt)
+
+echo "Host "$CTHOST"onion" >> ~/.ssh/autoconfig
+echo "  Hostname "$HOSTNAME >> ~/.ssh/autoconfig
+echo "  User root" >> ~/.ssh/autoconfig
+echo "  IdentityFile "$DMZKEYFILE >> ~/.ssh/autoconfig
+echo "  PasswordAuthentication no" >> ~/.ssh/autoconfig

scripts/onionadd/remotecmd

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+CTHOST=$1
+CTIP=$2
+
+if [[ -z "$CTHOST" ]]; then 
+	echo "Set CT hostname"
+        exit 1
+fi
+
+if [[ -z "$CTIP" ]]; then 
+	echo "Set CT IP"
+        exit 1
+fi
+
+echo "" >> /etc/tor/onions/dmz
+echo "HiddenServiceDir /var/lib/tor/"$CTHOST"/" >> /etc/tor/onions/dmz
+echo "HiddenServicePort 22 "$CTIP":22" >> /etc/tor/onions/dmz
+
+service tor reload
+sleep 30
+
+cat "/var/lib/tor/"$CTHOST"/hostname"

scripts/showpass.sh

@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# If you want to add these passwords to the `pass` program, you can
+# symlink all the passwords which you can open, then open the
+# passwords with a script like this.
+
+pass_store=~/.password-store
+
+# THIS_PLACE="$PWD"
+# mkdir $pass_store/dmz
+# cd !$
+# find  "$THIS_PLACE" -type f -name "*.gpg" | \ 
+#     sed "s#/home/ghost#../..#" | \ 
+#     while read -r line; do
+#         gpg -d "$line" && ln -sf "$line" .
+#     done
+ 
+
+sanity_check(){
+    command -v $1 >/dev/null || (
+        echo "You must install $1"
+        exit 1
+    )
+}
+
+set_selector_if_program_exists(){
+    command -v "$1" > /dev/null  && selector="$1 $2"
+}
+
+if [ -z "$DISPLAY" ]; then
+    set_selector_if_program_exists sk || \
+        set_selector_if_program_exists fzy || \
+        set_selector_if_program_exists fzf
+    fail_sender='echo'
+else
+    set_selector_if_program_exists "rofi" 'rofi -dmenu "$@"' || \
+        set_selector_if_program_exists dmenu || \
+        (
+            echo "Cannot find anything to select a key. Install dmenu." 
+            exit 1
+        )
+    fail_sender='notify-send'
+fi
+
+list_keys(){
+    find -L . -mindepth 1 -type f -name "*.gpg" | \
+        sed 's/\.\///' | \
+        sed 's/.gpg//'
+}
+
+####################
+
+set -e
+
+sanity_check pass
+
+cd "$pass_store"
+
+password="$(list_keys | $selector)"
+
+pass -c "$password" || $fail_sender 'Cannot decrypt'
+

setup/git-aliases.md

@@ -0,0 +1,41 @@
+---
+volume: Decentrala
+section: 6
+title: git aliases
+author: Malin
+source: dmz.rs
+---
+
+## Aliases
+
+Put these in `~/.bash_aliases`
+
+```
+alias gb='git branch'
+alias gc='git add -p . && git commit'
+alias gd="git diff --word-diff"
+alias gl='git log --graph --show-signature'
+alias gla="git log --all --decorate --oneline --graph"
+alias gm='git merge'
+alias gis='git status'
+```
+
+## Dangerous Aliases
+
+Get a fuzzy-finder, like `fzy,` or `sk` (called `sk-im` in the repos), and checkout faster:
+
+```
+alias gco='git checkout --recurse-submodules $(sk -c "git branch | cut -c 3-")'
+```
+
+Delete all changes and start again instantly:
+
+```
+alias grs='git reset --hard HEAD'
+```
+
+Push to remotes that don't use http:
+
+```
+alias gpa='git remote show  | while read remote; do git remote get-url $remote | grep -qv http && git push $remote; done'
+```

setup/ssh_FAQ.md

@@ -0,0 +1,104 @@
+---
+volume: Decentrala
+section: 6
+title: ssh setup
+author: Malin
+source: dmz.rs
+---
+
+## Step 1: Basic `ssh`
+
+> I did stuff with my `ssh` and now things don't work. What do?
+
+Check the permissions on your `ssh` directory:
+
+```bash
+$ ls -d ~/.ssh
+drwxr-x--- - ghost  3 Dec 12:55 /home/ghost/.ssh
+```
+
+This is wrong, because anyone in your `~` can see you `ssh` configuration files.
+
+```bash
+$ chmod -R 600 ~/.ssh
+$ ls -d ~/.ssh
+drw------- - ghost  3 Dec 12:55 /home/ghost/.ssh
+```
+
+This is also wrong - entering a directory is the same as executing it.
+If you can't 'execute' the directory, you cannot enter it, and `ssh` cannot read the files.
+
+```bash
+$ chmod -R 700 ~/.ssh
+$ ls -l ~/.config
+
+-rwx------ 1 ghost dmz   578 Dec 27  2022 authorized hosts
+-rwx------ 1 ghost dmz  1145 Dec 27  2022 authorized keys
+-rwx------ 2 ghost dmz   366 Dec 14 18:36 config
+-rwx------ 1 ghost dmz   419 Dec 11  2023 id ed25519
+-rwx------ 1 ghost dmz   106 Dec 11  2023 id ed25519.pub
+-rwx------ 1 ghost dmz  2610 Dec 27  2022 id rsa
+-rwx------ 1 ghost dmz   578 Dec 27  2022 id rsa.pub
+-rwx------ 1 ghost dmz 28269 Dec 28 17:32 known hosts
+```
+
+Now all the files have 'read, write, and execute', but only for `$USER`.
+
+## Step 2: The Config File
+
+> I have 43 different `ssh` keys.  Something doesn't work with a program.  What do?
+
+- Option 1: Delete all of them and stop asking Santa for `ssh` keys.
+- Option 2: Define which one you want to use in the `~/.ssh/config` file.
+
+
+```
+Host soft
+    HostName soft.dmz.rs
+    Port 2222
+	User ghost
+	IdentityFile ~/.ssh/id rsa
+Host dmz
+    HostName dmz.rs
+    Port 123
+    User root
+Host krov
+	HostName dmz.rs
+	Port 5555
+	User ghost
+Host june
+	HostName 192.168.1.100
+	User ghost
+	ProxyJump krov
+```
+
+
+The first example lets you go to the `soft-serve` git-server just by typing
+
+```bash
+$ ssh soft
+```
+
+If you're not sure if ssh is using the right key, try with `-v` for 'verbose mode'.
+
+```bash
+$ ssh -vv soft
+```
+
+If you're not sure if ssh is using the right key, try with `-v` for 'verbose mode'.
+
+> `git` is not working with `ssh`
+
+`git` will not presume to use your `ssh` config file unless you tell it:
+
+```bash
+$ GIT_SSH_COMMAND="ssh -F ~/.ssh/config" git pull
+```
+
+If that works, you can make the change permanent for that one repository:
+
+
+```bash
+$ git config core.sshCommand "ssh -F ~/.ssh/config"
+```
+