adyxax/www
1
0
Fork 0
Code Issues Activity

Added articles

Browse source
This commit is contained in:
Julien Dessaux 2021-04-16 17:42:55 +02:00
parent 30bea7bd12
commit 51de93e5b6
3 changed files with 84 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
content/docs/gentoo/upgrades.md Normal file
View file

@ -0,0 +1,39 @@
---
title: "Gentoo Packages Upgrades"
description: Gentoo packages upgrades on adyxax.org
---
## Introduction
Here is my go to set of commands when I upgrade a gentoo box :
{{< highlight sh >}}
emerge-webrsync
eselect news read
{{< /highlight >}}
The news have to be reviewed carefully and if I cannot act on it immediately I copy paste the relevant bits to my todolist.
## The upgrade process
I run the upgrade process in two steps. The first one is a straightforward upgrade that will stop upon any error to let you asses the situation :
{{< highlight sh >}}
emerge --update --newuse --deep --with-bdeps=y @world -q
{{< /highlight >}}
If all went well we can get to the cleaning pass :
{{< highlight sh >}}
unset ld_library_path && unset e_src && emerge -qaavutdn world --verbose-conflicts --keep-going && emerge --depclean -a && revdep-rebuild -i -- -q --keep-going; eclean distfiles
{{< /highlight >}}
After all this completes it is time to evaluate configuration changes :
{{< highlight sh >}}
etc-update
{{< /highlight >}}
If a new kernel has been emerged, have a look at [the specific process for that]({{< ref "kernel_upgrades" >}}).
## Post-upgrade
Depending of the changes it is now time to :
- restart services that have been upgraded
- reboot if the kernel or a crucial system component (like openssl) has been upgraded

6
content/docs/openbsd/_index.md Normal file
View file

@ -0,0 +1,6 @@
---
title: "OpenBSD"
description: OpenBSD related articles
---
I am a long time openbsd user, my first installation dating back to 2008.

39
content/docs/openbsd/pf.md Normal file
View file

@ -0,0 +1,39 @@
---
title: pf.conf
description: The template I use on new installations
---
## pf.conf
The open ports list is refined depending on the usage obviously, and not all servers listen for wireguard... It is just a template :
{{< highlight conf >}}
vpns="{ wg0 }"
table <myself> const { self }
table <private> const { 10/8, 172.16/12, 192.168/16, fd00::/8 fe80::/10 }
table <internet> const { 0.0.0.0/0, !10/8, !172.16/12, !192.168/16, ::/0, fe80::/10, !fd00::/8 }
##### Basic rules #####
set skip on lo
set syncookies adaptive (start 25%, end 12%)
set block-policy return
block drop in log quick from urpf-failed label uRPF
block return log
##### This firewall #####
block drop in on egress
pass in on egress proto { icmp, icmp6 } from <internet> to <myself>
pass in on egress proto tcp from <internet> to <myself> port { http, https, imaps, smtp, smtps, ssh, submission }
pass out from <myself> to any
##### VPNs #####
pass in on egress proto udp from <internet> to <myself> port 342
pass in on $vpns from <private> to <myself>
##### Openbsd stock rules #####
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
{{< /highlight >}}