adyxax/www
1
0
Fork 0
Code Issues Pull requests Activity Actions

Refactored syntax highlighting shortcodes into markdown

Browse source
This commit is contained in:
Julien Dessaux 2023-04-23 22:33:49 +02:00
parent 9e6bb1a3e5
commit ea435049b3
Signed by: adyxax
GPG key ID: F92E51B86E07177E
71 changed files with 297 additions and 297 deletions
Download patch file Download diff file Expand all files Collapse all files

24
content/docs/adyxax.org/nethack.md
View file

@ -11,46 +11,46 @@ I am hosting a private nethack game server accessible via ssh for anyone who wil
TODO
{{< highlight sh >}}
```sh
groupadd -r games
useradd -r -g games nethack
git clone
{{< /highlight >}}
```
## nethack
TODO
{{< highlight sh >}}
{{< /highlight >}}
```sh
```
## scores script
TODO
{{< highlight sh >}}
{{< /highlight >}}
```sh
```
## copying shared libraries
{{< highlight sh >}}
```sh
cd /opt/nethack
for i in `ls bin`; do for l in `ldd bin/$i | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done; done
for l in `ldd dgamelaunch | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
for l in `ldd nethack-3.7.0-r1/games/nethack | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
{{< /highlight >}}
```
## making device nodes
TODO! For now I mount all of /dev in the chroot :
{{< highlight sh >}}
```sh
#mknod -m 666 dev/ptmx c 5 2
mount -R /dev /opt/nethack/dev
{{< /highlight >}}
```
## debugging
{{< highlight sh >}}
```sh
gdb chroot
run --userspec=nethack:games /opt/nethack/ /dgamelaunch
{{< /highlight >}}
```

72
content/docs/gentoo/installation.md
View file

@ -16,10 +16,10 @@ You can get a bootable iso or liveusb from https://www.gentoo.org/downloads/. I
Once you boot on the installation media, you can start sshd and set a temporary password and proceed with the installation more confortably from another machine :
{{< highlight sh >}}
```sh
/etc/init.d/sshd start
passwd
{{< /highlight >}}
```
Don't forget to either run `dhcpcd` or manually set an ip and gateway to the machine.
@ -27,7 +27,7 @@ Don't forget to either run `dhcpcd` or manually set an ip and gateway to the mac
There are several options depending on wether you need soft raid, full disk encryption or a simple root device with no additional complications. It will also differ if you are using a virtual machine or a physical one.
{{< highlight sh >}}
```sh
tmux
blkdiscard /dev/nvme0n1
sgdisk -n1:0:+2M -t1:EF02 /dev/nvme0n1
@ -37,7 +37,7 @@ mkfs.fat -F 32 -n efi-boot /dev/nvme0n1p2
mkfs.xfs /dev/nvme0n1p3
mount /dev/sda3 /mnt/gentoo
cd /mnt/gentoo
{{< /highlight >}}
```
Make sure you do not repeat the mistake I too often make by mounting something to /mnt while using the liveusb/livecd. You will lose your shell if you do this and will need to reboot!
@ -46,109 +46,109 @@ Make sure you do not repeat the mistake I too often make by mounting something t
Get the stage 3 installation file from https://www.gentoo.org/downloads/. I personnaly use the non-multilib one from the advanced choices, since I am no longer using and 32bits software except steam, and I use steam from a multilib chroot.
Put the archive on the server in /mnt/gentoo (you can simply wget it from there), then extract it :
{{< highlight sh >}}
```sh
tar xpf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
mount /dev/nvme0n1p2 boot
mount -R /proc proc
mount -R /sys sys
mount -R /dev dev
chroot .
{{< /highlight >}}
```
## Initial configuration
We prepare the local language of the system :
{{< highlight sh >}}
```sh
echo 'LANG="en_US.utf8"' > /etc/env.d/02locale
echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen
locale-gen
env-update && source /etc/profile
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
{{< /highlight >}}
```
We set a loop device to hold the portage tree. It will be formatted with optimisation for the many small files that compose it :
{{< highlight sh >}}
```sh
mkdir -p /srv/gentoo-distfiles
truncate -s 10G /portage.img
mke2fs -b 1024 -i 2048 -m 0 -O "dir_index" -F /portage.img
tune2fs -c 0 -i 0 /portage.img
mkdir /usr/portage
mount -o loop,noatime,nodev /portage.img /usr/portage/
{{< /highlight >}}
```
We set default compilation options and flags. If you are not me and cannot rsync this location, you can browse it from https://packages.adyxax.org/x86-64/etc/portage/ :
{{< highlight sh >}}
```sh
rsync -a --delete packages.adyxax.org:/srv/gentoo-builder/x86-64/etc/portage/ /etc/portage/
sed -i /etc/portage/make.conf -e s/buildpkg/getbinpkg/
echo 'PORTAGE_BINHOST="https://packages.adyxax.org/x86-64/packages/"' >> /etc/portage/make.conf
{{< /highlight >}}
```
We get the portage tree and sync the timezone
{{< highlight sh >}}
```sh
emerge --sync
{{< /highlight >}}
```
## Set hostname and timezone
{{< highlight sh >}}
```sh
export HOSTNAME=XXXXX
sed -i /etc/conf.d/hostname -e /hostname=/s/=.*/=\"${HOSTNAME}\"/
echo "Europe/Paris" > /etc/timezone
emerge --config sys-libs/timezone-data
{{< /highlight >}}
```
## Check cpu flags and compatibility
TODO
{{< highlight sh >}}
```sh
emerge cpuid2cpuflags -1q
cpuid2cpuflags
gcc -### -march=native /usr/include/stdlib.h
{{< /highlight >}}
```
## Rebuild the system
{{< highlight sh >}}
```sh
emerge --quiet -e @world
emerge --quiet dosfstools app-admin/logrotate app-admin/syslog-ng app-portage/gentoolkit \
dev-vcs/git bird openvpn htop net-analyzer/tcpdump net-misc/bridge-utils \
sys-apps/i2c-tools sys-apps/pciutils sys-apps/usbutils sys-boot/grub sys-fs/ncdu \
sys-process/lsof net-vpn/wireguard-tools
emerge --unmerge nano -q
{{< /highlight >}}
```
## Grab a working kernel
Next we need to Grab a working kernel from our build server along with its modules. If you don't have one already, you have some work to do!
Check the necessary hardware support with :
{{< highlight sh >}}
```sh
i2cdetect -l
lspci -nnk
lsusb
{{< /highlight >}}
```
TODO specific page with details on how to build required modules like the nas for example.
{{< highlight sh >}}
```sh
emerge gentoo-sources genkernel -q
...
{{< /highlight >}}
```
## Final configuration steps
### fstab
{{< highlight sh >}}
```sh
# /etc/fstab: static file system information.
#
#<fs> <mountpoint> <type> <opts> <dump/pass>
/dev/vda3 / ext4 noatime,discard 0 1
/dev/vda2 /boot vfat noatime 1 2
/portage.img /usr/portage ext2 noatime,nodev,loop 0 0
{{< /highlight >}}
```
### networking
{{< highlight sh >}}
```sh
echo 'hostname="phoenix"' > /etc/conf.d/hostname
echo 'dns_domain_lo="adyxax.org"
config_eth0="192.168.1.3 netmask 255.255.255.0"
@ -156,7 +156,7 @@ routes_eth0="default via 192.168.1.1"' > /etc/conf.d/net
cd /etc/init.d
ln -s net.lo net.eth0
rc-update add net.eth0 boot
{{< /highlight >}}
```
### Grub
@ -170,28 +170,28 @@ grub-mkconfig -o /boot/grub/grub.cfg
### /etc/hosts
{{< highlight sh >}}
```sh
scp root@collab-jde.nexen.net:/etc/hosts /etc/
{{< /highlight >}}
```
### root account access
{{< highlight sh >}}
```sh
mkdir -p /root/.ssh
echo ' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILOJV391WFRYgCVA2plFB8W8sF9LfbzXZOrxqaOrrwco hurricane' > /root/.ssh/authorized_keys
passwd
{{< /highlight >}}
```
### Add necessary daemons on boot
{{< highlight sh >}}
```sh
rc-update add syslog-ng default
rc-update add cronie default
rc-update add sshd default
{{< /highlight >}}
```
## TODO
{{< highlight sh >}}
```sh
net-firewall/shorewall
...
rc-update add shorewall default
@ -216,7 +216,7 @@ rc-update add docker default
app-emulation/lxd
rc-update add lxd default
{{< /highlight >}}
```
## References

12
content/docs/gentoo/kernel_upgrades.md
View file

@ -9,18 +9,18 @@ tags:
## Introduction
Now that I am mostly running OpenBSD servers I just use genkernel to build my custom configuration on each node with :
{{< highlight sh >}}
```sh
eselect kernel list
eselect kernel set 1
genkernel all --kernel-config=/proc/config.gz --menuconfig
nvim --diff /proc/config.gz /usr/src/linux/.config
{{< / highlight >}}
```
Bellow you will find how I did things previously when centralising the build of all kernels on a collab-jde machine, and distributing them all afterwards. Local nodes would only rebuild local modules and get on with their lives.
## Building on collab-jde
{{< highlight sh >}}
```sh
PREV_VERSION=4.14.78-gentoo
eselect kernel list
eselect kernel set 1
@ -34,11 +34,11 @@ for ARCHI in `ls /srv/gentoo-builder/kernels/`; do
INSTALL_MOD_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make modules_install
INSTALL_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make install
done
{{< / highlight >}}
```
## Deploying on each node :
{{< highlight sh >}}
```sh
export VERSION=5.4.28-gentoo-x86_64
wget http://packages.adyxax.org/kernels/x86_64/System.map-${VERSION} -O /boot/System.map-${VERSION}
wget http://packages.adyxax.org/kernels/x86_64/config-${VERSION} -O /boot/config-${VERSION}
@ -53,4 +53,4 @@ make modules_prepare
emerge @module-rebuild
genkernel --install initramfs --ssh-host-keys=create-from-host
grub-mkconfig -o /boot/grub/grub.cfg
{{< / highlight >}}
```

8
content/docs/gentoo/lxd.md
View file

@ -12,18 +12,18 @@ I have used LXD for many years successfully, I was never satisfied with the dock
## Installation
{{< highlight sh >}}
```sh
touch /etc{/subuid,/subgid}
usermod --add-subuids 1000000-1065535 root
usermod --add-subgids 1000000-1065535 root
emerge -q app-emulation/lxd
/etc/init.d/lxd start
rc-update add lxd default
{{< /highlight >}}
```
## Initial configuration
{{< highlight sh >}}
```sh
myth /etc/init.d # lxd init
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
@ -43,4 +43,4 @@ Trust password for new clients:
Again:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
{{< /highlight >}}
```

8
content/docs/gentoo/steam.md
View file

@ -17,7 +17,7 @@ achieve that with containers but didn't quite made it work as well as this chroo
Note that there is no way to provide a "most recent stage 3" installation link. You will have to browse http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/
and adjust the download url manually bellow :
{{< highlight sh >}}
```sh
mkdir /usr/local/steam
cd /usr/local/steam
wget http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-20190122T214501Z.tar.xz
@ -74,13 +74,13 @@ wget -P /etc/portage/repos.conf/ https://raw.githubusercontent.com/anyc/steam-ov
emaint sync --repo steam-overlay
emerge games-util/steam-launcher -q
useradd -m -G audio,video steam
{{< /highlight >}}
```
## Launch script
Note that we use `su` and not `su -` since we need to preserve the environment. If you don't you won't get any sound in game. The pulseaudio socket is shared through the mount of
/run inside the chroot :
{{< highlight sh >}}
```sh
su
cd /usr/local/steam
mount -R /dev dev
@ -93,4 +93,4 @@ chroot .
env-update && source /etc/profile
su steam
steam
{{< /highlight >}}
```

12
content/docs/gentoo/upgrades.md
View file

@ -9,24 +9,24 @@ tags:
## Introduction
Here is my go to set of commands when I upgrade a gentoo box :
{{< highlight sh >}}
```sh
emerge-webrsync
eselect news read
{{< /highlight >}}
```
The news have to be reviewed carefully and if I cannot act on it immediately I copy paste the relevant bits to my todolist.
## The upgrade process
I run the upgrade process in steps, the first one asking you to validate the upgrade path. You will also be prompted to validate before cleaning :
{{< highlight sh >}}
```sh
emerge -qAavutDN world --verbose-conflicts --keep-going --with-bdeps=y && emerge --depclean -a && revdep-rebuild -i -- -q --keep-going; eclean --deep distfiles && eclean --deep packages && date
{{< /highlight >}}
```
After all this completes it is time to evaluate configuration changes :
{{< highlight sh >}}
```sh
etc-update
{{< /highlight >}}
```
If a new kernel has been emerged, have a look at [the specific process for that]({{< ref "kernel_upgrades" >}}).

8
content/docs/openbsd/install_from_linux.md
View file

@ -12,12 +12,12 @@ This article explains a simple method to install OpenBSD when all you have is a
## How to
First login as root on the linux you want to reinstall as Openbsd then fetch the installer :
{{< highlight sh >}}
```sh
curl https://cdn.openbsd.org/pub/OpenBSD/6.8/amd64/bsd.rd -o /bsd.rd
{{< /highlight >}}
```
Then edit the loader configuration, in this example grub2 :
{{< highlight sh >}}
```sh
echo '
menuentry "OpenBSD" {
set root=(hd0,msdos1)
@ -25,6 +25,6 @@ menuentry "OpenBSD" {
}' >> /etc/grub.d/40_custom
echo 'GRUB_TIMEOUT=60' >> /etc/default/grub
grub2-mkconfig > /boot/grub2/grub.cfg
{{< /highlight >}}
```
If you reboot now and connect your remote console you should be able to boot the OpenBSD installer.

4
content/docs/openbsd/pf.md
View file

@ -10,7 +10,7 @@ tags:
The open ports list is refined depending on the usage obviously, and not all servers listen for wireguard... It is just a template :
{{< highlight conf >}}
```cfg
vpns="{ wg0 }"
table <myself> const { self }
@ -39,4 +39,4 @@ pass in on $vpns from <private> to <myself>
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
{{< /highlight >}}
```

8
content/docs/openbsd/smtpd.md
View file

@ -9,7 +9,7 @@ tags:
Here is my template for a simple smtp relay. The host names in the outbound action are to be customized obviously, and in my setups `yen` the relay destination is only reachable via wireguard. If not in such setup, smtps with authentication is to be configured :
{{< highlight conf >}}
```cfg
table aliases file:/etc/mail/aliases
listen on socket
@ -20,13 +20,13 @@ action "outbound" relay host "smtp://yen" mail-from "root+phoenix@adyxax.org"
match from local for local action "local_mail"
match from local for any action "outbound"
{{< /highlight >}}
```
## Primary mx
Here is my primary mx configuration as a sample :
{{< highlight conf >}}
```cfg
pki adyxax.org cert "/etc/ssl/yen.adyxax.org.crt"
pki adyxax.org key "/etc/ssl/private/yen.adyxax.org.key"
@ -59,7 +59,7 @@ match from local for local action "local_mail"
match from any auth for any action "outbound"
match from mail-from "root+phoenix@adyxax.org" for any action "outbound" # if you need to relay emails from another machine to the internet like I do
{{< /highlight >}}
```
## Secondary mx