Hotfix release available: 2025-05-14b "Librarian".
upgrade now! [56.2] (what's this?)
Hotfix release available: 2025-05-14a "Librarian".
upgrade now! [56.1] (what's this?)
New release available: 2025-05-14 "Librarian".
upgrade now! [56] (what's this?)
projectinsanity:server_setup
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
projectinsanity:server_setup [2022/03/11 00:21] – old revision restored (2022/03/05 22:36) 2a01:4f8:192:214e::2 | projectinsanity:server_setup [2022/08/12 20:20] (current) – [host.pi] 10.25.0.100 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== host.pi ====== | + | ====== host.pi ====== |
===== Specs ===== | ===== Specs ===== | ||
1 x Dedicated Root Server SB32 (hetzner) | 1 x Dedicated Root Server SB32 (hetzner) | ||
Line 32: | Line 32: | ||
* IPv6: 2a01: | * IPv6: 2a01: | ||
Im Rescue system: | Im Rescue system: | ||
- | & | + | <code bash> |
installimage -a -n project-insanity -b grub -r yes -l 0 -i root/ | installimage -a -n project-insanity -b grub -r yes -l 0 -i root/ | ||
- | & | + | </code> |
==== systemd-networkd ==== | ==== systemd-networkd ==== | ||
on the installed host machine, had to change '' | on the installed host machine, had to change '' | ||
- | & | + | <file - / |
### Hetzner Online GmbH installimage | ### Hetzner Online GmbH installimage | ||
[Match] | [Match] | ||
Line 51: | Line 51: | ||
Peer=144.76.16.33/ | Peer=144.76.16.33/ | ||
IPForward=ipv4 | IPForward=ipv4 | ||
- | & | + | </file> |
- | & | + | <file - / |
[NetDev] | [NetDev] | ||
Name=br-internal | Name=br-internal | ||
Kind=bridge | Kind=bridge | ||
- | & | + | </file> |
- | & | + | <file - / |
[Match] | [Match] | ||
Name=br-internal | Name=br-internal | ||
Line 65: | Line 65: | ||
Address=10.25.0.1/ | Address=10.25.0.1/ | ||
ConfigureWithoutCarrier=true | ConfigureWithoutCarrier=true | ||
- | & | + | </file> |
==== core system ==== | ==== core system ==== | ||
- | & | + | <code bash> |
pacman -S mosh tmux htop dmidecode fail2ban openvpn qemu openbsd-netcat openssh easy-rsa fish pacman-contrib | pacman -S mosh tmux htop dmidecode fail2ban openvpn qemu openbsd-netcat openssh easy-rsa fish pacman-contrib | ||
chsh -s $(which fish) | chsh -s $(which fish) | ||
Line 81: | Line 81: | ||
sed -i ' | sed -i ' | ||
systemctl enable --now sshd fail2ban systemd-networkd systemd-resolved | systemctl enable --now sshd fail2ban systemd-networkd systemd-resolved | ||
- | & | + | </code> |
dnsmasq settings, ready to listen on wireguard subnet | dnsmasq settings, ready to listen on wireguard subnet | ||
- | & | + | <file - / |
[...] | [...] | ||
listen-address=127.0.0.1, | listen-address=127.0.0.1, | ||
Line 92: | Line 92: | ||
server=8.8.8.8 | server=8.8.8.8 | ||
server=8.8.4.4 | server=8.8.4.4 | ||
- | & | + | </file> |
systemd resolved dns resolver settings | systemd resolved dns resolver settings | ||
- | & | + | <file - / |
[...] | [...] | ||
[resolve] | [resolve] | ||
DNSStubListener=no | DNSStubListener=no | ||
- | & | + | </file> |
- | & | + | <file - / |
[Resolve] | [Resolve] | ||
DNSOverTLS=opportunistic | DNSOverTLS=opportunistic | ||
- | & | + | </file> |
- | & | + | <file - / |
[Resolve] | [Resolve] | ||
DNSSEC=true | DNSSEC=true | ||
- | & | + | </file> |
- | & | + | <file - / |
[Resolve] | [Resolve] | ||
DNS=2620: | DNS=2620: | ||
- | & | + | </file> |
- | & | + | <file - /etc/hosts> |
[...] | [...] | ||
10.25.0.1 host.pi | 10.25.0.1 host.pi | ||
Line 139: | Line 139: | ||
2a01: | 2a01: | ||
2a01: | 2a01: | ||
- | & | + | </file> |
custom pi archlinux repo | custom pi archlinux repo | ||
- | & | + | <file - / |
... | ... | ||
[projectinsanity] | [projectinsanity] | ||
SigLevel = PackageOptional | SigLevel = PackageOptional | ||
Server = https:// | Server = https:// | ||
- | & | + | </file> |
archlinux auto update | archlinux auto update | ||
- | & | + | <file - / |
... | ... | ||
[projectinsanity] | [projectinsanity] | ||
SigLevel = PackageOptional | SigLevel = PackageOptional | ||
Server = https:// | Server = https:// | ||
- | & | + | </file> |
- | & | + | <file - / |
Description=Automatic Update | Description=Automatic Update | ||
After=network-online.target | After=network-online.target | ||
Line 160: | Line 160: | ||
[Service] | [Service] | ||
Type=simple | Type=simple | ||
- | ExecStart=/ | + | ExecStart=/ |
TimeoutStopSec=180 | TimeoutStopSec=180 | ||
KillMode=process | KillMode=process | ||
Line 167: | Line 167: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
| | ||
Line 179: | Line 179: | ||
[Install] | [Install] | ||
| | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now autoupdate.timer | systemctl enable --now autoupdate.timer | ||
- | & | + | </code> |
automatic timed reboot after kernel upgrade | automatic timed reboot after kernel upgrade | ||
- | & | + | <file - / |
[Trigger] | [Trigger] | ||
Operation = Install | Operation = Install | ||
Line 195: | Line 195: | ||
When = PostTransaction | When = PostTransaction | ||
Exec = / | Exec = / | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Reboot in the morning after kernel upgrade | Description=Reboot in the morning after kernel upgrade | ||
Line 206: | Line 206: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Reboot after kernel upgrade | Description=Reboot after kernel upgrade | ||
Line 217: | Line 217: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
==== nftables ==== | ==== nftables ==== | ||
- | nftables firewall & | + | nftables firewall & routing |
- | & | + | <file - / |
define TCP_PORT_QUAKEJS_DS = 27960 | define TCP_PORT_QUAKEJS_DS = 27960 | ||
define TCP_PORT_IMAPS = 993 | define TCP_PORT_IMAPS = 993 | ||
Line 255: | Line 255: | ||
type filter hook input priority filter; policy drop; | type filter hook input priority filter; policy drop; | ||
jump base_checks | jump base_checks | ||
- | iifname | + | iifname |
ip protocol icmp icmp type { echo-reply, destination-unreachable, | ip protocol icmp icmp type { echo-reply, destination-unreachable, | ||
ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, | ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, | ||
Line 283: | Line 283: | ||
type nat hook prerouting priority filter; policy accept; | type nat hook prerouting priority filter; policy accept; | ||
- | iif & | + | iif "enp3s0" |
# Forward web traffic to http.pi | # Forward web traffic to http.pi | ||
Line 289: | Line 289: | ||
# Forward mail traffic to mail.pi | # Forward mail traffic to mail.pi | ||
- | iif & | + | iif "enp3s0" |
- | iif & | + | iif "enp3s0" |
} | } | ||
chain postrouting { | chain postrouting { | ||
type nat hook postrouting priority srcnat; policy accept; | type nat hook postrouting priority srcnat; policy accept; | ||
- | ip saddr 10.25.0.0/ | + | ip saddr 10.25.0.0/ |
} | } | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - nftables.service.d/ |
[Unit] | [Unit] | ||
Wants= | Wants= | ||
Line 311: | Line 311: | ||
Restart=always | Restart=always | ||
RestartSec=5 | RestartSec=5 | ||
- | & | + | </file> |
- | & | + | <code bash> |
pacman -S nftables | pacman -S nftables | ||
systemctl enable --now nftables | systemctl enable --now nftables | ||
- | & | + | </code> |
==== libvirtd ==== | ==== libvirtd ==== | ||
libvirt network configuration file | libvirt network configuration file | ||
- | & | + | <file - / |
- | network connections=' | + | network connections=' |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | & | + | </network> |
- | & | + | </file> |
libvirt qemu hook | libvirt qemu hook | ||
- | & | + | <code bash> |
pacman -S libvirt virt-install dnsmasq glusterfs | pacman -S libvirt virt-install dnsmasq glusterfs | ||
virsh pool-define-as --name ' | virsh pool-define-as --name ' | ||
Line 336: | Line 336: | ||
virsh net-autostart internal | virsh net-autostart internal | ||
systemctl enable --now libvirtd | systemctl enable --now libvirtd | ||
- | & | + | </code> |
==== wireguard ==== | ==== wireguard ==== | ||
- | & | + | <code bash> |
pacman -S wireguard-tools | pacman -S wireguard-tools | ||
cd / | cd / | ||
- | wg genkey | tee privatekey | wg pubkey | + | wg genkey | tee privatekey | wg pubkey |
chmod 600 privatekey | chmod 600 privatekey | ||
chown root:root privatekey | chown root:root privatekey | ||
- | & | + | </code> |
- | & | + | <file - / |
[NetDev] | [NetDev] | ||
Name = wg0 | Name = wg0 | ||
Line 380: | Line 380: | ||
PublicKey = [PICLOUD_PUBKEY] | PublicKey = [PICLOUD_PUBKEY] | ||
AllowedIPs = 10.25.40.6/ | AllowedIPs = 10.25.40.6/ | ||
- | & | + | </file> |
- | & | + | <file - / |
[Match] | [Match] | ||
Name = wg0 | Name = wg0 | ||
Line 390: | Line 390: | ||
DNSSEC=false | DNSSEC=false | ||
IPForward=ipv4 | IPForward=ipv4 | ||
- | & | + | </file> |
=== client === | === client === | ||
- | & | + | <code bash> |
pacman -S wireguard-tools | pacman -S wireguard-tools | ||
cd / | cd / | ||
- | wg genkey | tee privatekey | wg pubkey | + | wg genkey | tee privatekey | wg pubkey |
chmod 600 privatekey | chmod 600 privatekey | ||
chown root:root privatekey | chown root:root privatekey | ||
- | & | + | </code> |
- | & | + | <file - / |
[NetDev] | [NetDev] | ||
Name = wg0 | Name = wg0 | ||
Line 414: | Line 414: | ||
Endpoint = 144.76.16.40: | Endpoint = 144.76.16.40: | ||
PersistentKeepalive = 25 | PersistentKeepalive = 25 | ||
- | & | + | </file> |
- | & | + | <file - / |
[Match] | [Match] | ||
Name = wg0 | Name = wg0 | ||
Line 421: | Line 421: | ||
[Network] | [Network] | ||
Address = 10.25.40.2/ | Address = 10.25.40.2/ | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl restart systemd-networkd | systemctl restart systemd-networkd | ||
- | & | + | </code> |
==== systemd-journal logging server ==== | ==== systemd-journal logging server ==== | ||
- | & | + | <file - / |
[Remote] | [Remote] | ||
SplitMode=host | SplitMode=host | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Journal Remote Sink Service | Description=Journal Remote Sink Service | ||
Line 447: | Line 447: | ||
[Install] | [Install] | ||
Also=systemd-journal-remote.socket | Also=systemd-journal-remote.socket | ||
- | & | + | </file> |
- | & | + | <code bash> |
mkdir -p / | mkdir -p / | ||
chown -R systemd-journal-remote: | chown -R systemd-journal-remote: | ||
Line 454: | Line 454: | ||
ufw allow from 10.25.0.0/ | ufw allow from 10.25.0.0/ | ||
systemctl enable --now systemd-journal-remote | systemctl enable --now systemd-journal-remote | ||
- | & | + | </code> |
===== ArchLinux Gastsystem ===== | ===== ArchLinux Gastsystem ===== | ||
==== Erstellen ==== | ==== Erstellen ==== | ||
- | & | + | <code bash> |
virt-install --video qxl --channel spicevmc --graphics spice, | virt-install --video qxl --channel spicevmc --graphics spice, | ||
- | & | + | </code> |
==== Löschen ==== | ==== Löschen ==== | ||
- | & | + | <code bash> |
virsh destroy http | virsh destroy http | ||
virsh undefine http | virsh undefine http | ||
lvremove / | lvremove / | ||
- | & | + | </code> |
==== Speicher vergrößern ==== | ==== Speicher vergrößern ==== | ||
- | & | + | <code bash>virsh shutdown http |
lvresize -L +20G vg0/http | lvresize -L +20G vg0/http | ||
- | virsh start http& | + | virsh start http</code> |
Auf dem Gastsystem ausführen: | Auf dem Gastsystem ausführen: | ||
- | & | + | <code bash>sgdisk -og -a 1024 -n 1:1024:2047 -c 1:"BIOS Boot Partition" |
- | sgdisk -n2:2048:0 -c2:& | + | sgdisk -n2:2048:0 -c2:"ArchRoot" |
shutdown -h now # then start again after that | shutdown -h now # then start again after that | ||
- | btrfs filesystem resize max /& | + | btrfs filesystem resize max /</code> |
- | Bei neueren Version von libguestfs-tools (& | + | Bei neueren Version von libguestfs-tools (>1.16.34) könnte man auch die Partitionstabelle und Dateisystem [[http:// |
==== Backup ==== | ==== Backup ==== | ||
Raw backup logical volume to picloud (homeserver onnuex) | Raw backup logical volume to picloud (homeserver onnuex) | ||
- | & | + | <code bash> |
lvcreate -s -n playground_snap -L 20G / | lvcreate -s -n playground_snap -L 20G / | ||
- | dd if=/ | + | dd if=/ |
lvremove / | lvremove / | ||
- | & | + | </code> |
Recover backup | Recover backup | ||
- | & | + | <code bash> |
gpg -o / | gpg -o / | ||
- | & | + | </code> |
Unfinished backup script: | Unfinished backup script: | ||
- | & | + | <code bash> |
- | sas=& | + | sas="$1" |
- | password=& | + | password="$2" |
- | for vol in `lvs | cut -f3 -d & | + | for vol in `lvs | cut -f3 -d " " |
- | do echo & | + | do echo "Backing up $vol" |
- | lvcreate -s -n & | + | lvcreate -s -n "${vol}_snap" |
- | pv -cN source | + | pv -cN source |
- | lvremove | + | lvremove |
done | done | ||
- | & | + | </code> |
==== Einrichten ==== | ==== Einrichten ==== | ||
- | & | + | <code bash> |
mkfs.btrfs /dev/sda | mkfs.btrfs /dev/sda | ||
ifconfig eth0 10.25.0.120 up | ifconfig eth0 10.25.0.120 up | ||
Line 508: | Line 508: | ||
ln -sf / | ln -sf / | ||
pacstrap /mnt base base-devel tmux mosh yajl wipe rsync procps neovim lsof strace htop net-tools pkgfile dnsutils iotop aria2 tcpdump nload grub btrfs-progs gptfdisk ntp wget rxvt-unicode-terminfo pwgen mlocate fail2ban pv expac openssh git devtools fish nftables ripgrep bat fd pacman-contrib | pacstrap /mnt base base-devel tmux mosh yajl wipe rsync procps neovim lsof strace htop net-tools pkgfile dnsutils iotop aria2 tcpdump nload grub btrfs-progs gptfdisk ntp wget rxvt-unicode-terminfo pwgen mlocate fail2ban pv expac openssh git devtools fish nftables ripgrep bat fd pacman-contrib | ||
- | genfstab -p /mnt & | + | genfstab -p /mnt >> |
arch-chroot /mnt | arch-chroot /mnt | ||
chsh -s $(which fish) | chsh -s $(which fish) | ||
Line 517: | Line 517: | ||
mkdir / | mkdir / | ||
ln -s / | ln -s / | ||
- | echo & | + | echo "http-pub2" >> |
ln -sf / | ln -sf / | ||
sed -i ' | sed -i ' | ||
locale-gen | locale-gen | ||
- | echo 'LANG=& | + | echo 'LANG="en_US.UTF-8"' |
- | echo & | + | echo "KEYMAP=de" > / |
mkinitcpio -p linux | mkinitcpio -p linux | ||
sed -i '/ | sed -i '/ | ||
Line 536: | Line 536: | ||
updatedb | updatedb | ||
pkgfile --update | pkgfile --update | ||
- | echo & | + | echo "UserParameter=archlinuxupdates, |
sed -i ' | sed -i ' | ||
systemctl enable --now sshd systemd-networkd nftables fail2ban systemd-resolved | systemctl enable --now sshd systemd-networkd nftables fail2ban systemd-resolved | ||
Line 542: | Line 542: | ||
exit | exit | ||
reboot | reboot | ||
- | & | + | </code> |
=== nftables === | === nftables === | ||
- | & | + | <file - / |
table inet filter { | table inet filter { | ||
set tcp_accepted { | set tcp_accepted { | ||
Line 566: | Line 566: | ||
type filter hook input priority filter; policy drop; | type filter hook input priority filter; policy drop; | ||
jump base_checks | jump base_checks | ||
- | iifname | + | iifname |
ip protocol icmp icmp type { echo-reply, destination-unreachable, | ip protocol icmp icmp type { echo-reply, destination-unreachable, | ||
ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, | ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, | ||
Line 583: | Line 583: | ||
} | } | ||
} | } | ||
- | & | + | </file> |
=== systemd-networkd === | === systemd-networkd === | ||
- | & | + | <file - / |
[Match] | [Match] | ||
Name=ens3 | Name=ens3 | ||
Line 599: | Line 599: | ||
LinkLocalAddressing = no | LinkLocalAddressing = no | ||
IPv6AcceptRA = no | IPv6AcceptRA = no | ||
- | & | + | </file> |
=== pacman === | === pacman === | ||
project-insanity build server repo | project-insanity build server repo | ||
- | & | + | <file - / |
[...] | [...] | ||
Line 608: | Line 608: | ||
SigLevel = PackageOptional | SigLevel = PackageOptional | ||
Server = https:// | Server = https:// | ||
- | & | + | </file> |
archlinux auto update | archlinux auto update | ||
- | & | + | <file - / |
[Unit] | [Unit] | ||
| | ||
Line 624: | Line 624: | ||
[Install] | [Install] | ||
| | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
| | ||
Line 636: | Line 636: | ||
[Install] | [Install] | ||
| | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now autoupdate.timer | systemctl enable --now autoupdate.timer | ||
- | & | + | </code> |
=== systemd-journald === | === systemd-journald === | ||
systemd logging upload | systemd logging upload | ||
- | & | + | <file - / |
[Upload] | [Upload] | ||
URL=http:// | URL=http:// | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Journal Remote Upload Service | Description=Journal Remote Upload Service | ||
Line 676: | Line 676: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <code bash> |
useradd systemd-journal-upload | useradd systemd-journal-upload | ||
mkdir / | mkdir / | ||
chown -R systemd-journal-upload: | chown -R systemd-journal-upload: | ||
systemctl enable --now systemd-journal-upload | systemctl enable --now systemd-journal-upload | ||
- | & | + | </code> |
==== Maintainance ==== | ==== Maintainance ==== | ||
Update configs | Update configs | ||
- | & | + | <code bash> |
sudo pacdiff | sudo pacdiff | ||
- | & | + | </code> |
====== mail.pi ====== | ====== mail.pi ====== | ||
on mail.pi | on mail.pi | ||
- | & | + | <code bash> |
pacman -S maddy | pacman -S maddy | ||
systemctl enable --now maddy | systemctl enable --now maddy | ||
Line 697: | Line 697: | ||
nft add rule inet filter input position 17 tcp dport smtp accept | nft add rule inet filter input position 17 tcp dport smtp accept | ||
nft add rule inet filter input position 17 tcp dport imaps accept | nft add rule inet filter input position 17 tcp dport imaps accept | ||
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code>on |
- | & | + | <file - / |
... | ... | ||
$(hostname) = turbotux.de | $(hostname) = turbotux.de | ||
Line 707: | Line 707: | ||
tls / | tls / | ||
... | ... | ||
- | & | + | </file> |
- | & | + | <code bash> |
maddyctl users create postmaster | maddyctl users create postmaster | ||
maddyctl users create onny@turbotux.de | maddyctl users create onny@turbotux.de | ||
- | & | + | </code> |
turbotux.de dns record. get dkim key in ''/ | turbotux.de dns record. get dkim key in ''/ | ||
- | & | + | <code> |
turbotux.de. | turbotux.de. | ||
turbotux.de. | turbotux.de. | ||
turbotux.de. | turbotux.de. | ||
- | turbotux.de. | + | turbotux.de. |
- | _dmarc.turbotux.de. | + | _dmarc.turbotux.de. |
- | default._domainkey.turbotux.de | + | default._domainkey.turbotux.de |
- | & | + | </code> |
forwarding/ | forwarding/ | ||
- | & | + | <code bash> |
nft add rule inet filter input position 19 tcp dport smtps accept | nft add rule inet filter input position 19 tcp dport smtps accept | ||
nft add rule inet filter input position 19 tcp dport smtp accept | nft add rule inet filter input position 19 tcp dport smtp accept | ||
nft add rule inet filter input position 19 tcp dport imaps accept | nft add rule inet filter input position 19 tcp dport imaps accept | ||
- | nft add rule ip nat prerouting position 4 iifname | + | nft add rule ip nat prerouting position 4 iifname |
- | nft add rule ip nat prerouting position 4 iifname | + | nft add rule ip nat prerouting position 4 iifname |
- | nft add rule ip nat prerouting position 4 iifname | + | nft add rule ip nat prerouting position 4 iifname |
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
tls. on mail.pi | tls. on mail.pi | ||
- | & | + | <code bash> |
chmod +x / | chmod +x / | ||
sudo -u maddy ssh-keygen # all default values | sudo -u maddy ssh-keygen # all default values | ||
cat / | cat / | ||
- | & | + | </code> |
on http.pi | on http.pi | ||
- | & | + | <code bash> |
useradd -m maddy | useradd -m maddy | ||
mkdir / | mkdir / | ||
Line 745: | Line 745: | ||
urbotux.de/ | urbotux.de/ | ||
.de.key # this does not work so well yet :( | .de.key # this does not work so well yet :( | ||
- | & | + | </code> |
====== mysql.pi ====== | ====== mysql.pi ====== | ||
===== mariadb ===== | ===== mariadb ===== | ||
- | & | + | <code bash> |
pacman -S mariadb | pacman -S mariadb | ||
mysql_install_db --user=mysql --basedir=/ | mysql_install_db --user=mysql --basedir=/ | ||
Line 756: | Line 756: | ||
nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | ||
nft add rule inet filter input position 17 ip6 saddr 2a01: | nft add rule inet filter input position 17 ip6 saddr 2a01: | ||
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
- | & | + | <file - / |
# Restart mariadb service | # Restart mariadb service | ||
Line 770: | Line 770: | ||
Description = Restarting mariadb service | Description = Restarting mariadb service | ||
When = PostTransaction | When = PostTransaction | ||
- | Exec = /usr/bin/sh -c & | + | Exec = /usr/bin/sh -c "/ |
- | & | + | </file> |
- | & | + | <code bash> |
chmod 600 / | chmod 600 / | ||
- | & | + | </code> |
temporary workaround to get nextcloud to work, see: https:// | temporary workaround to get nextcloud to work, see: https:// | ||
- | & | + | <file - / |
[...] | [...] | ||
[server] | [server] | ||
Line 782: | Line 782: | ||
innodb_read_only_compressed=0 | innodb_read_only_compressed=0 | ||
[...] | [...] | ||
- | & | + | </file> |
===== postgresql ===== | ===== postgresql ===== | ||
- | & | + | <code bash> |
pacman -S postgresql postgresql-old-upgrade | pacman -S postgresql postgresql-old-upgrade | ||
- | sudo su - postgres -c & | + | sudo su - postgres -c "initdb -D / |
systemctl enable --now postgresql | systemctl enable --now postgresql | ||
nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | ||
nft add rule inet filter input position 17 ip6 saddr 2a01: | nft add rule inet filter input position 17 ip6 saddr 2a01: | ||
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
- | & | + | <file - / |
[...] | [...] | ||
listen_addresses = ' | listen_addresses = ' | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <file - / |
[...] | [...] | ||
host all | host all | ||
host all | host all | ||
- | & | + | </file> |
- | & | + | <file - / |
# Restart postgresql service | # Restart postgresql service | ||
Line 815: | Line 815: | ||
When = PostTransaction | When = PostTransaction | ||
Exec = / | Exec = / | ||
- | & | + | </file> |
====== http.pi ====== | ====== http.pi ====== | ||
- | & | + | <code bash> |
pacman -S caddy dokuwiki gitlab php-fpm php-apcu phpmyadmin wordpress nginx | pacman -S caddy dokuwiki gitlab php-fpm php-apcu phpmyadmin wordpress nginx | ||
systemctl enable --now caddy php-fpm | systemctl enable --now caddy php-fpm | ||
- | nft add rule inet filter input position 17 tcp dport & | + | nft add rule inet filter input position 17 tcp dport "{http, https}" |
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
- | & | + | <file - / |
# Restart php service | # Restart php service | ||
Line 837: | Line 837: | ||
When = PostTransaction | When = PostTransaction | ||
Exec = / | Exec = / | ||
- | & | + | </file> |
custom caddy installation | custom caddy installation | ||
- | & | + | <code bash> |
pacaur -d caddy | pacaur -d caddy | ||
- | & | + | </code> |
- | & | + | <file - ~/ |
[...] | [...] | ||
# ' | # ' | ||
Line 848: | Line 848: | ||
# ' | # ' | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
cd ~/ | cd ~/ | ||
makepkg -i --skipinteg | makepkg -i --skipinteg | ||
- | & | + | </code> |
- | & | + | <file - / |
[Service] | [Service] | ||
ProtectHome=false | ProtectHome=false | ||
- | & | + | </file> |
===== caddy ===== | ===== caddy ===== | ||
- | & | + | <code bash> |
pacman -S caddy | pacman -S caddy | ||
gpasswd -a caddy http | gpasswd -a caddy http | ||
- | & | + | </code> |
- | & | + | <file - / |
import / | import / | ||
- | & | + | </file> |
- | & | + | <file - / |
www.ausstellung-virtuell.de ausstellung-virtuell.de { | www.ausstellung-virtuell.de ausstellung-virtuell.de { | ||
Line 876: | Line 876: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
blog.project-insanity.org { | blog.project-insanity.org { | ||
Line 901: | Line 901: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
git.project-insanity.org { | git.project-insanity.org { | ||
Line 913: | Line 913: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
jhartung.sinewell.de { | jhartung.sinewell.de { | ||
Line 925: | Line 925: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
nextcloud.project-insanity.org { | nextcloud.project-insanity.org { | ||
Line 966: | Line 966: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
onny.project-insanity.org { | onny.project-insanity.org { | ||
Line 978: | Line 978: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
wiki.project-insanity.org { | wiki.project-insanity.org { | ||
Line 1011: | Line 1011: | ||
path_regexp export / | path_regexp export / | ||
} | } | ||
- | rewrite @allow_export / | + | rewrite @allow_export / |
- | try_files {path} {path}/ / | + | try_files {path} {path}/ / |
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
http:// | http:// | ||
Line 1028: | Line 1028: | ||
php_fastcgi unix// | php_fastcgi unix// | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
beta.saai.digital { | beta.saai.digital { | ||
Line 1040: | Line 1040: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
office.project-insanity.org { | office.project-insanity.org { | ||
Line 1069: | Line 1069: | ||
} | } | ||
- | & | + | </file> |
need to convert | need to convert | ||
- | & | + | <file - / |
www.turbotux.de turbotux.de { | www.turbotux.de turbotux.de { | ||
log / | log / | ||
Line 1081: | Line 1081: | ||
} | } | ||
} | } | ||
- | & | + | </file> |
===== php-fpm ===== | ===== php-fpm ===== | ||
- | & | + | <code bash> |
cp / | cp / | ||
- | & | + | </code> |
- | & | + | <file - / |
[...] | [...] | ||
pm.max_children = 16 | pm.max_children = 16 | ||
Line 1100: | Line 1100: | ||
env[TEMP] = /tmp | env[TEMP] = /tmp | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <file - / |
[...] | [...] | ||
[http.pi] | [http.pi] | ||
Line 1107: | Line 1107: | ||
listen = / | listen = / | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <file - / |
ReadWritePaths = / | ReadWritePaths = / | ||
ReadWritePaths = / | ReadWritePaths = / | ||
Line 1116: | Line 1116: | ||
ReadWritePaths = / | ReadWritePaths = / | ||
ReadWritePaths = / | ReadWritePaths = / | ||
- | & | + | </file> |
===== wordpress ===== | ===== wordpress ===== | ||
- | & | + | <code bash> |
pacman -S wordpress wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics wordpress-plugin-co-authors-plus wordpress-theme-geist wordpress-plugin-wp-user-avatar wordpress-plugin-opengraph wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media | pacman -S wordpress wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics wordpress-plugin-co-authors-plus wordpress-theme-geist wordpress-plugin-wp-user-avatar wordpress-plugin-opengraph wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media | ||
chown -R http:http / | chown -R http:http / | ||
- | & | + | </code> |
- | & | + | <file - / |
extension=mysqli | extension=mysqli | ||
- | & | + | </file> |
- | & | + | <file php / |
define(' | define(' | ||
define(' | define(' | ||
Line 1147: | Line 1147: | ||
$_SERVER[' | $_SERVER[' | ||
define( ' | define( ' | ||
- | & | + | </file> |
- | & | + | <file - / |
# Update Wordpress when core or plugins get updated | # Update Wordpress when core or plugins get updated | ||
Line 1161: | Line 1161: | ||
Description = Updating Wordpress installation | Description = Updating Wordpress installation | ||
When = PostTransaction | When = PostTransaction | ||
- | Exec = /usr/bin/sh -c & | + | Exec = /usr/bin/sh -c "/ |
- | & | + | </file> |
- | & | + | <code bash> |
sudo -u http wp plugin activate --path=/ | sudo -u http wp plugin activate --path=/ | ||
sudo -u http wp theme activate --path=/ | sudo -u http wp theme activate --path=/ | ||
- | & | + | </code> |
Additional CSS for Geist theme | Additional CSS for Geist theme | ||
- | & | + | <code css> |
@media (max-width: 1400px) { | @media (max-width: 1400px) { | ||
- | .single-post .post-content | + | .single-post .post-content |
font-size: | font-size: | ||
} | } | ||
- | .single-post .post-content | + | .single-post .post-content |
font-size: | font-size: | ||
} | } | ||
- | .single-post .post-content | + | .single-post .post-content |
padding-bottom: | padding-bottom: | ||
} | } | ||
- | & | + | </code> |
Misc settings | Misc settings | ||
* WP Statistics | * WP Statistics | ||
- | * Settings -& | + | * Settings -> privacy: |
* Lightbox with PhotoSwipe | * Lightbox with PhotoSwipe | ||
- | * Enable | + | * Enable |
- | * Enable | + | * Enable |
* Spacing between pictures: 12% | * Spacing between pictures: 12% | ||
- | * Settings -& | + | * Settings -> Permalinks -> Custom structure: ''/ |
- | * Settings -& | + | * Settings -> General -> 8 posts per page |
- | * Settings -& | + | * Settings -> Discussion -> Show avatar |
- | * Default Avatar -& | + | * Default Avatar -> Mytery Man |
- | * Users -& | + | * Users -> Your Profile -> Avatar: Choose picture |
- | * Dark mode is not enabled by default. To enable this feature go to Appearance | + | * Dark mode is not enabled by default. To enable this feature go to Appearance |
Additional CSS for Ghost theme: | Additional CSS for Ghost theme: | ||
- | & | + | <code css> |
@media (max-width: 1400px) { | @media (max-width: 1400px) { | ||
- | .single-post .post-content | + | .single-post .post-content |
font-size: | font-size: | ||
} | } | ||
- | .single-post .post-content | + | .single-post .post-content |
font-size: | font-size: | ||
} | } | ||
- | .single-post .post-content | + | .single-post .post-content |
padding-bottom: | padding-bottom: | ||
} | } | ||
Line 1214: | Line 1214: | ||
margin-bottom: | margin-bottom: | ||
} | } | ||
- | & | + | </code> |
==== co-authors-plus plugin ==== | ==== co-authors-plus plugin ==== | ||
template-Anpassung \\ | template-Anpassung \\ | ||
[[https:// | [[https:// | ||
- | & | + | <file php / |
if ( function_exists( ' | if ( function_exists( ' | ||
coauthors_posts_links(); | coauthors_posts_links(); | ||
Line 1224: | Line 1224: | ||
the_author_posts_link(); | the_author_posts_link(); | ||
} | } | ||
- | & | + | </file> |
===== invoiceninja ===== | ===== invoiceninja ===== | ||
on mysql.pi | on mysql.pi | ||
- | & | + | <code sql> |
CREATE SCHEMA `ninja` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; | CREATE SCHEMA `ninja` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; | ||
CREATE USER ' | CREATE USER ' | ||
GRANT ALL PRIVILEGES ON `ninja`.* TO ' | GRANT ALL PRIVILEGES ON `ninja`.* TO ' | ||
FLUSH PRIVILEGES; | FLUSH PRIVILEGES; | ||
- | & | + | </code> |
on http.pi | on http.pi | ||
- | & | + | <code bash> |
pacman -S invoiceninja | pacman -S invoiceninja | ||
- | & | + | </code> |
- | & | + | <file - / |
extension=gmp | extension=gmp | ||
- | & | + | </file> |
- | & | + | <code bash> |
cd / | cd / | ||
sudo chown -R http:http storage public/logo bootstrap | sudo chown -R http:http storage public/logo bootstrap | ||
sudo chown http:http . | sudo chown http:http . | ||
sudo -u http composer install | sudo -u http composer install | ||
- | & | + | </code> |
- | & | + | <file - / |
http:// | http:// | ||
log / | log / | ||
Line 1267: | Line 1267: | ||
} | } | ||
[...] | [...] | ||
- | & | + | </file> |
Settings | Settings | ||
* Localization | * Localization | ||
Line 1278: | Line 1278: | ||
* First Month of the Year: January | * First Month of the Year: January | ||
===== invoiceplane ===== | ===== invoiceplane ===== | ||
- | & | + | <code bash> |
pacman -S invoiceplane composer grunt-cli | pacman -S invoiceplane composer grunt-cli | ||
cd / | cd / | ||
Line 1286: | Line 1286: | ||
sudo -u http grunt build | sudo -u http grunt build | ||
cp ipconfig.php.example ipconfig.php | cp ipconfig.php.example ipconfig.php | ||
- | wget & | + | wget "https:// |
- | & | + | </code> |
Visit installation wizard at http:// | Visit installation wizard at http:// | ||
- | & | + | <file - / |
[...] | [...] | ||
SETUP_COMPLETED=true | SETUP_COMPLETED=true | ||
Line 1297: | Line 1297: | ||
DB_DATABASE=invoiceplane | DB_DATABASE=invoiceplane | ||
DISABLE_SETUP=true | DISABLE_SETUP=true | ||
- | & | + | </file> |
- | & | + | <file - / |
[Service] | [Service] | ||
[...] | [...] | ||
Line 1304: | Line 1304: | ||
ReadWritePaths = / | ReadWritePaths = / | ||
ReadWritePaths = / | ReadWritePaths = / | ||
- | & | + | </file> |
Custom settings | Custom settings | ||
- | * Products -& | + | * Products -> Product units |
* Add: '' | * Add: '' | ||
- | * System-Einstellungen -& | + | * System-Einstellungen -> Rechnungen |
* Standard PDF Vorlage: vtdirektmarketing | * Standard PDF Vorlage: vtdirektmarketing | ||
===== firefox account server ===== | ===== firefox account server ===== | ||
- | & | + | <code bash> |
pacaur -S mozilla-firefox-account-server | pacaur -S mozilla-firefox-account-server | ||
- | & | + | </code> |
===== podcasttune ===== | ===== podcasttune ===== | ||
not yet stable | not yet stable | ||
===== dokuwiki ===== | ===== dokuwiki ===== | ||
- | & | + | <code bash> |
pacman -S dokuwiki dokuwiki-plugin-dw2pdf dokuwiki-template-argon | pacman -S dokuwiki dokuwiki-plugin-dw2pdf dokuwiki-template-argon | ||
- | & | + | </code> |
- | & | + | <file php / |
- | & | + | <?php |
$conf[' | $conf[' | ||
$conf[' | $conf[' | ||
$conf[' | $conf[' | ||
- | & | + | </file> |
- | & | + | <file - / |
[...] | [...] | ||
$conf[' | $conf[' | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <file - / |
@page { | @page { | ||
margin-left: | margin-left: | ||
Line 1337: | Line 1337: | ||
[...] | [...] | ||
- | & | + | </file> |
usage: '' | usage: '' | ||
* Todo | * Todo | ||
* DSGVO complience | * DSGVO complience | ||
===== gitlab ===== | ===== gitlab ===== | ||
- | & | + | <code bash> |
pacman -S yarn sendmail gitlab | pacman -S yarn sendmail gitlab | ||
ln -s / | ln -s / | ||
- | & | + | </code> |
disable backups | disable backups | ||
- | & | + | <file - / |
[...] | [...] | ||
gitlab: | gitlab: | ||
Line 1356: | Line 1356: | ||
[...] | [...] | ||
#backup: | #backup: | ||
- | # path: & | + | # path: "/ |
- | & | + | </file> |
configure database connection | configure database connection | ||
- | & | + | <file - / |
production: | production: | ||
adapter: postgresql | adapter: postgresql | ||
Line 1366: | Line 1366: | ||
pool: 10 | pool: 10 | ||
username: gitlab | username: gitlab | ||
- | password: | + | password: |
host: mysql.pi | host: mysql.pi | ||
- | & | + | </file> |
on mysql.pi | on mysql.pi | ||
- | & | + | <code bash> |
- | sudo -u postgres psql -d template1 -c & | + | sudo -u postgres psql -d template1 -c "CREATE USER gitlab CREATEDB;" |
- | sudo -u postgres psql -d template1 -c & | + | sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" |
- | sudo -u postgres psql -d template1 -c & | + | sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER gitlab;" |
- | sudo -u postgres psql -d template1 -c & | + | sudo -u postgres psql -d template1 -c "ALTER USER gitlab WITH SUPERUSER;" |
- | & | + | </code> |
on http.pi | on http.pi | ||
- | & | + | <code bash> |
cd / | cd / | ||
sudo -u gitlab -H bundle exec rake assets: | sudo -u gitlab -H bundle exec rake assets: | ||
sudo -u gitlab -H bundle exec rake gitlab: | sudo -u gitlab -H bundle exec rake gitlab: | ||
| | ||
- | & | + | </code> |
Enable smtp, mail delivery | Enable smtp, mail delivery | ||
- | & | + | <file ruby / |
# To enable smtp email delivery for your GitLab instance do the following: | # To enable smtp email delivery for your GitLab instance do the following: | ||
# 1. Rename this file to smtp_settings.rb | # 1. Rename this file to smtp_settings.rb | ||
Line 1399: | Line 1399: | ||
ActionMailer:: | ActionMailer:: | ||
ActionMailer:: | ActionMailer:: | ||
- | address: | + | address: |
port: 25, | port: 25, | ||
- | user_name: | + | user_name: |
- | password: | + | password: |
- | domain: | + | domain: |
authentication: | authentication: | ||
enable_starttls_auto: | enable_starttls_auto: | ||
Line 1409: | Line 1409: | ||
} | } | ||
end | end | ||
- | & | + | </file> |
further general mail settings | further general mail settings | ||
- | & | + | <file - / |
## Email settings | ## Email settings | ||
# Uncomment and set to false if you need to disable email sending from GitLab (default: true) | # Uncomment and set to false if you need to disable email sending from GitLab (default: true) | ||
email_enabled: | email_enabled: | ||
- | # Email address used in the & | + | # Email address used in the "From" |
email_from: noreply@project-insanity.org | email_from: noreply@project-insanity.org | ||
email_display_name: | email_display_name: | ||
email_reply_to: | email_reply_to: | ||
email_subject_suffix: | email_subject_suffix: | ||
- | & | + | </file> |
Auto migrate on pacman update | Auto migrate on pacman update | ||
- | & | + | <file - / |
# Update Gitlab when core or other Gitlab daemons are touched | # Update Gitlab when core or other Gitlab daemons are touched | ||
Line 1435: | Line 1435: | ||
Description = Updating Gitlab installation | Description = Updating Gitlab installation | ||
When = PostTransaction | When = PostTransaction | ||
- | Exec = /usr/bin/sh -c & | + | Exec = /usr/bin/sh -c "/ |
- | & | + | </file> |
- | & | + | <file - / |
**** | **** | ||
- | & | + | </file> |
- | & | + | <code bash> |
- | hexdump -v -n 64 -e ' | + | hexdump -v -n 64 -e ' |
- | hexdump -v -n 64 -e ' | + | hexdump -v -n 64 -e ' |
chown root:gitlab / | chown root:gitlab / | ||
chmod 640 / | chmod 640 / | ||
- | & | + | </code> |
misc settings: | misc settings: | ||
* enable recaptcha for registration https:// | * enable recaptcha for registration https:// | ||
- | * disable ssh git protocol: Admin -& | + | * disable ssh git protocol: Admin -> Settings -> Expand |
===== onlyoffice documentserver ===== | ===== onlyoffice documentserver ===== | ||
- | & | + | <code bash> |
pacman -S npm nodejs rabbitmq redis onlyoffice-documentserver | pacman -S npm nodejs rabbitmq redis onlyoffice-documentserver | ||
ln -s / | ln -s / | ||
- | & | + | </code> |
on mysql.pi | on mysql.pi | ||
- | & | + | <code bash> |
- | sudo -i -u postgres psql -c & | + | sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;" |
- | sudo -i -u postgres psql -c & | + | sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password ' |
- | sudo -i -u postgres psql -c & | + | sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" |
psql -hmysql.pi -Uonlyoffice -d onlyoffice -f / | psql -hmysql.pi -Uonlyoffice -d onlyoffice -f / | ||
- | & | + | </code> |
- | & | + | <file - / |
office.project-insanity.org { | office.project-insanity.org { | ||
log / | log / | ||
Line 1487: | Line 1487: | ||
} | } | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
[...] | [...] | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
}, | }, | ||
[...] | [...] | ||
- | & | + | "SpellChecker": { |
- | | + | |
- | | + | |
- | | + | |
} | } | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - /etc/hosts> |
10.25.0.100 nextcloud.project-insanity.org | 10.25.0.100 nextcloud.project-insanity.org | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now rabbitmq redis onlyoffice-docservice onlyoffice-fileconverter onlyoffice-spellchecker | systemctl enable --now rabbitmq redis onlyoffice-docservice onlyoffice-fileconverter onlyoffice-spellchecker | ||
- | & | + | </code> |
==== officepad ==== | ==== officepad ==== | ||
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Documentserver integration example | Description=Documentserver integration example | ||
Line 1529: | Line 1529: | ||
[Install] | [Install] | ||
WantedBy=basic.target | WantedBy=basic.target | ||
- | & | + | </file> |
- | & | + | <code bash> |
sudo git clone git clone https:// | sudo git clone git clone https:// | ||
sudo chown -R http:http / | sudo chown -R http:http / | ||
systemd daemon-reload | systemd daemon-reload | ||
systemctl enable --now officepad | systemctl enable --now officepad | ||
- | & | + | </code> |
- | & | + | <file - / |
[...] | [...] | ||
- | siteUrl& | + | siteUrl": "https:// |
[...] | [...] | ||
- | & | + | </file> |
===== nextcloud ===== | ===== nextcloud ===== | ||
- | & | + | <code bash> |
pacman -S php-imagick php-intl nextcloud nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud nextcloud-app-mail nextcloud-app-news nextcloud-app-calendar nextcloud-app-contacts nextcloud-app-keeweb nextcloud-app-deck nextcloud-app-onlyoffice nextcloud-app-bookmarks nextcloud-app-notes nextcloud-app-talk nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse nextcloud-app-radio nextcloud-app-podcast | pacman -S php-imagick php-intl nextcloud nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud nextcloud-app-mail nextcloud-app-news nextcloud-app-calendar nextcloud-app-contacts nextcloud-app-keeweb nextcloud-app-deck nextcloud-app-onlyoffice nextcloud-app-bookmarks nextcloud-app-notes nextcloud-app-talk nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse nextcloud-app-radio nextcloud-app-podcast | ||
- | & | + | </code> |
- | & | + | <file - / |
env[PATH] = / | env[PATH] = / | ||
env[TMP] = /tmp | env[TMP] = /tmp | ||
env[TMPDIR] = /tmp | env[TMPDIR] = /tmp | ||
env[TEMP] = /tmp | env[TEMP] = /tmp | ||
- | & | + | </file> |
php performance optimizations | php performance optimizations | ||
- | & | + | <file - / |
memory_limit = 512M | memory_limit = 512M | ||
Line 1574: | Line 1574: | ||
apc.enable_cli=1 | apc.enable_cli=1 | ||
- | & | + | </file> |
- | & | + | <file - / |
- | & | + | <?php |
$CONFIG = array ( | $CONFIG = array ( | ||
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
array ( | array ( | ||
- | 0 =& | + | 0 => ' |
- | 1 =& | + | 1 => ' |
- | 2 =& | + | 2 => ' |
), | ), | ||
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
- | ' | + | ' |
array ( | array ( | ||
- | 0 =& | + | 0 => ' |
- | 1 =& | + | 1 => ' |
- | 2 =& | + | 2 => ' |
- | 3 =& | + | 3 => ' |
- | 4 =& | + | 4 => ' |
- | 5 =& | + | 5 => ' |
- | 6 =& | + | 6 => ' |
- | 7 =& | + | 7 => ' |
- | 8 =& | + | 8 => ' |
- | 9 =& | + | 9 => ' |
), | ), | ||
); | ); | ||
- | & | + | </file> |
- | Due to [[https:// | + | Due to [[https:// |
- | & | + | <file - / |
[Service] | [Service] | ||
[...] | [...] | ||
Line 1635: | Line 1635: | ||
ReadWritePaths = / | ReadWritePaths = / | ||
ReadWritePaths = / | ReadWritePaths = / | ||
- | & | + | </file> |
Auto upgrade on pacman update | Auto upgrade on pacman update | ||
- | & | + | <code bash> |
ln -sv / | ln -sv / | ||
- | & | + | </code> |
- | & | + | <file - / |
# Update Nextcloud when core or -apps are touched | # Update Nextcloud when core or -apps are touched | ||
Line 1653: | Line 1653: | ||
Description = Updating Nextcloud installation | Description = Updating Nextcloud installation | ||
When = PostTransaction | When = PostTransaction | ||
- | Exec = /usr/bin/sh -c & | + | Exec = /usr/bin/sh -c "/ |
- | & | + | </file> |
Nextcloud background job (cron) | Nextcloud background job (cron) | ||
- | & | + | <file -/ |
[Unit] | [Unit] | ||
Description=Nextcloud cron.php job | Description=Nextcloud cron.php job | ||
Line 1666: | Line 1666: | ||
[Install] | [Install] | ||
WantedBy=basic.target | WantedBy=basic.target | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Run Nextcloud cron.php every 15 minutes | Description=Run Nextcloud cron.php every 15 minutes | ||
Line 1678: | Line 1678: | ||
[Install] | [Install] | ||
WantedBy=timers.target | WantedBy=timers.target | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now nextcloudcron.timer | systemctl enable --now nextcloudcron.timer | ||
- | & | + | </code> |
Add additional mimetype for keeweb app | Add additional mimetype for keeweb app | ||
- | & | + | <code bash> |
cd / | cd / | ||
cp resources/ | cp resources/ | ||
- | & | + | </code> |
add kdbx line to json config | add kdbx line to json config | ||
- | & | + | <file - / |
[...] | [...] | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast | occ app:enable twofactor_gateway audioplayer polls extract suspicious_login mail news calendar contacts keeweb deck onlyoffice bookmarks notes talk integration_github integration_twitter integration_reddit integration_discourse radio podcast | ||
- | & | + | </code> |
==== mail ==== | ==== mail ==== | ||
disable ssl verification of imap/smpt host | disable ssl verification of imap/smpt host | ||
- | & | + | <file - / |
[...] | [...] | ||
- | ' | + | ' |
[...] | [...] | ||
- | & | + | </file> |
==== twofactor_gateway ==== | ==== twofactor_gateway ==== | ||
disposible phone number registration http:// | disposible phone number registration http:// | ||
- | & | + | <file - / |
[...] | [...] | ||
- | tel: & | + | tel: "+1774****" |
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
cd / | cd / | ||
sudo -u http ./occ twofactorauth: | sudo -u http ./occ twofactorauth: | ||
Line 1721: | Line 1721: | ||
sudo -u signal signal-web-gateway # enter verification | sudo -u signal signal-web-gateway # enter verification | ||
systemctl enable --now signal-web-gateway | systemctl enable --now signal-web-gateway | ||
- | & | + | </code> |
- | * Activate 2FA in '' | + | * Activate 2FA in '' |
* Enter your phone number and press verify | * Enter your phone number and press verify | ||
==== onlyoffice ==== | ==== onlyoffice ==== | ||
- | * Paste in '' | + | * Paste in '' |
==== mantainance ==== | ==== mantainance ==== | ||
Run file integrity checks | Run file integrity checks | ||
- | & | + | <code bash> |
sudo -u http / | sudo -u http / | ||
sudo -u http / | sudo -u http / | ||
sudo -u http / | sudo -u http / | ||
- | & | + | </code> |
===== phpmyadmin ===== | ===== phpmyadmin ===== | ||
- | & | + | <file - / |
[...] | [...] | ||
/* Server parameters */ | /* Server parameters */ | ||
Line 1741: | Line 1741: | ||
$cfg[' | $cfg[' | ||
[...] | [...] | ||
- | & | + | </file> |
===== cockpit ===== | ===== cockpit ===== | ||
- | & | + | <code bash> |
pacman -S cockpit | pacman -S cockpit | ||
systemctl enable --now cockpit pmcd | systemctl enable --now cockpit pmcd | ||
Line 1752: | Line 1752: | ||
nft add rule inet filter input position 17 ip saddr 10.25.40.0/ | nft add rule inet filter input position 17 ip saddr 10.25.40.0/ | ||
nft add rule inet filter input position 17 ip6 saddr 2a01: | nft add rule inet filter input position 17 ip6 saddr 2a01: | ||
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
- | & | + | <file - / |
[...] | [...] | ||
cockpit ALL=(ALL) ALL | cockpit ALL=(ALL) ALL | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <file - / |
#%PAM-1.0 | #%PAM-1.0 | ||
Line 1776: | Line 1776: | ||
session | session | ||
session | session | ||
- | & | + | </file> |
===== outline ===== | ===== outline ===== | ||
on http.pi | on http.pi | ||
- | & | + | <code bash> |
pacman -S outline | pacman -S outline | ||
- | & | + | </code> |
- | & | + | <file - / |
[...] | [...] | ||
SECRET_KEY=**** | SECRET_KEY=**** | ||
Line 1790: | Line 1790: | ||
URL=http:// | URL=http:// | ||
FORCE_HTTPS=false | FORCE_HTTPS=false | ||
- | & | + | </file> |
on mysql.pi | on mysql.pi | ||
- | & | + | <code bash> |
- | sudo -i -u postgres psql -c & | + | sudo -i -u postgres psql -c "CREATE DATABASE outline;" |
- | sudo -i -u postgres psql -c & | + | sudo -i -u postgres psql -c "CREATE USER outline WITH password ' |
- | sudo -i -u postgres psql -c & | + | sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE outline TO outline;" |
- | & | + | </code> |
on http.pi | on http.pi | ||
- | & | + | <code bash> |
cd / | cd / | ||
npm run sequelize: | npm run sequelize: | ||
systemctl enable --now outline | systemctl enable --now outline | ||
- | & | + | </code> |
====== storage.pi ====== | ====== storage.pi ====== | ||
===== kol ha campus archive radio stream ===== | ===== kol ha campus archive radio stream ===== | ||
- | & | + | <code bash> |
pacman -S vlc pulseaudio | pacman -S vlc pulseaudio | ||
- | & | + | </code> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=160fm.co.il archive radio stream server | Description=160fm.co.il archive radio stream server | ||
Line 1817: | Line 1817: | ||
User=onny | User=onny | ||
Type=simple | Type=simple | ||
- | ExecStart=/ | + | ExecStart=/ |
Restart=on-abort | Restart=on-abort | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=PulseAudio system server | Description=PulseAudio system server | ||
Line 1833: | Line 1833: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <file - / |
- | & | + | <?xml version="1.0"?> <!--*-nxml-*--> |
- | & | + | <!DOCTYPE busconfig PUBLIC |
- | & | + | "http:// |
- | & | + | <busconfig> |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | & | + | </busconfig> |
- | & | + | </file> |
- | & | + | <code bash> |
- | echo & | + | echo "default-server = / |
- | echo & | + | echo "autospawn = no" >> |
systemctl daemon-reload | systemctl daemon-reload | ||
groupadd --system pulse | groupadd --system pulse | ||
Line 1860: | Line 1860: | ||
nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | ||
nft add rule inet filter input position 17 ip6 saddr 2a01: | nft add rule inet filter input position 17 ip6 saddr 2a01: | ||
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
also added a caddy rule on http.pi for the url: https:// | also added a caddy rule on http.pi for the url: https:// | ||
===== bitcoind ===== | ===== bitcoind ===== | ||
- | & | + | <code bash> |
pacman -S bitcoin-daemon | pacman -S bitcoin-daemon | ||
systemctl start bitcoind | systemctl start bitcoind | ||
systemctl enable bitcoind | systemctl enable bitcoind | ||
ufw allow from 10.25.0.0/ | ufw allow from 10.25.0.0/ | ||
- | & | + | </code> |
https:// | https:// | ||
====== playground.pi ====== | ====== playground.pi ====== | ||
- | & | + | <code bash> |
pacman -S devtools | pacman -S devtools | ||
- | & | + | </code> |
===== beta.saai.digital ===== | ===== beta.saai.digital ===== | ||
- | & | + | <code bash> |
pacman -S iptables-nft | pacman -S iptables-nft | ||
- | & | + | </code> |
- | & | + | <file - / |
[...] | [...] | ||
chain forward { | chain forward { | ||
Line 1890: | Line 1890: | ||
} | } | ||
} | } | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now docker | systemctl enable --now docker | ||
- | & | + | </code> |
===== QuakeJS ===== | ===== QuakeJS ===== | ||
- | & | + | <code bash> |
pacman -S quakejs-git | pacman -S quakejs-git | ||
cd / | cd / | ||
chown -R quakejs: | chown -R quakejs: | ||
sudo -u quakejs node build/ | sudo -u quakejs node build/ | ||
- | & | + | </code> |
- | & | + | <file - / |
- | QUAKEJS_DS_PARAMS=& | + | QUAKEJS_DS_PARAMS="+set fs_cdn cdn.quake.turbotux.de +set fs_game baseq3 +set dedicated 1 +exec server.cfg" |
- | & | + | </file> |
- | & | + | <file - / |
- | seta sv_hostname | + | seta sv_hostname |
seta sv_maxclients 12 | seta sv_maxclients 12 | ||
- | seta g_motd | + | seta g_motd |
seta g_quadfactor 3 | seta g_quadfactor 3 | ||
seta g_gametype 0 | seta g_gametype 0 | ||
Line 1915: | Line 1915: | ||
seta g_inactivity 3000 | seta g_inactivity 3000 | ||
seta g_forcerespawn 0 | seta g_forcerespawn 0 | ||
- | seta rconpassword | + | seta rconpassword |
- | set d1 & | + | set d1 "map q3dm17 ; set nextmap vstr d2" |
- | set d2 & | + | set d2 "map q3tourney3 ; set nextmap vstr d3" |
- | set d3 & | + | set d3 "map q3tourney1 ; set nextmap vstr d1" |
vstr d1 | vstr d1 | ||
- | & | + | </file> |
- | & | + | <file - / |
{ | { | ||
- | | + | |
- | | + | |
} | } | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now quakejs-ds quakejs quakejs-cdn | systemctl enable --now quakejs-ds quakejs quakejs-cdn | ||
- | & | + | </code> |
===== PI ArchLinux Repository ===== | ===== PI ArchLinux Repository ===== | ||
build and install auruitls from source | build and install auruitls from source | ||
- | & | + | <code bash> |
cd /tmp | cd /tmp | ||
- | curl & | + | curl "https:// |
cd aurutils | cd aurutils | ||
gpg --recv-keys DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A | gpg --recv-keys DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A | ||
makepkg -i | makepkg -i | ||
pacman --root=/ | pacman --root=/ | ||
- | pacman --root=/ | + | pacman --root=/ |
pacman --root=/ | pacman --root=/ | ||
sudo / | sudo / | ||
- | & | + | </code> |
configure custom repository | configure custom repository | ||
- | & | + | <file - / |
[...] | [...] | ||
Include = / | Include = / | ||
- | & | + | </file> |
- | & | + | <file - / |
[options] | [options] | ||
CacheDir = / | CacheDir = / | ||
Line 1957: | Line 1957: | ||
SigLevel = Optional TrustAll | SigLevel = Optional TrustAll | ||
Server = file:/// | Server = file:/// | ||
- | & | + | </file> |
- | & | + | <file - /etc/suders> |
[...] | [...] | ||
aur ALL = NOPASSWD: SETENV: / | aur ALL = NOPASSWD: SETENV: / | ||
aur ALL = NOPASSWD: / | aur ALL = NOPASSWD: / | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
sudo useradd -m aur | sudo useradd -m aur | ||
sudo install -d / | sudo install -d / | ||
Line 1971: | Line 1971: | ||
sudo -u aur gpg --recv-keys 6BC26A17B9B7018A | sudo -u aur gpg --recv-keys 6BC26A17B9B7018A | ||
sudo -u aur gpg --recv-keys 1D1F0DC78F173680 | sudo -u aur gpg --recv-keys 1D1F0DC78F173680 | ||
- | & | + | </code> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
| | ||
Line 1987: | Line 1987: | ||
[Install] | [Install] | ||
| | ||
- | & | + | </file> |
- | & | + | <file - / |
#!/bin/bash | #!/bin/bash | ||
for package in $(pacman -Sql projectinsanity) | for package in $(pacman -Sql projectinsanity) | ||
Line 1994: | Line 1994: | ||
aur sync --no-view -c $package | aur sync --no-view -c $package | ||
done | done | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
| | ||
Line 2006: | Line 2006: | ||
[Install] | [Install] | ||
| | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now aurupdate.timer | systemctl enable --now aurupdate.timer | ||
- | & | + | </code> |
- | & | + | <code bash> |
sudo -u aur gpg --recv-keys 2A349DD577D586A5 | sudo -u aur gpg --recv-keys 2A349DD577D586A5 | ||
sudo -u aur aur sync -d projectinsanity -c librewolf pkgbuild-introspection tor-browser-en r128gain split2flac id3ted redshift-wlr-gamma-control-git krop wcalc anbox-git ocenaudio-bin smloadr soulseekqt aurutils downgrade maddy wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics jellyfin onlyoffice-documentserver nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud-app-keeweb nextcloud-app-radio nextcloud-app-onlyoffice fdroidserver android-sdk android-sdk-build-tools gplaycli vlc-bittorrent qlcplus signal-web-gateway-git invoiceninja invoiceplane python-gspread-git etcher zeronet teamviewer scrcpy ttyd wdisplays-git dmenu-wayland-git python-soundcard python-soundfile pacaur archivemount micro python-rpi.gpio python-pad4pi python-pulse-control python-rplcd python-vlc python-mpv pmbootstrap wordpress-theme-geist linux-libre opensnitch-git powerpill osmctools tilemaker nextcloud-app-talk xerox-phaser-6000-6010 dokuwiki-plugin-captcha dokuwiki-plugin-dw2pdf dokuwiki-template-argon nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse wordpress-plugin-opengraph nextcloud-app-podcast wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media | sudo -u aur aur sync -d projectinsanity -c librewolf pkgbuild-introspection tor-browser-en r128gain split2flac id3ted redshift-wlr-gamma-control-git krop wcalc anbox-git ocenaudio-bin smloadr soulseekqt aurutils downgrade maddy wp-cli wordpress-plugin-antispam-bee wordpress-plugin-code-syntax-block wordpress-plugin-jetpack-lite wordpress-plugin-lightbox-photoswipe wordpress-plugin-wp-gdpr-compliance wordpress-plugin-wp-statistics jellyfin onlyoffice-documentserver nextcloud-app-twofactor-gateway nextcloud-app-audioplayer nextcloud-app-polls nextcloud-app-extract nextcloud-app-suspicious-login nextcloud-app-keeweb nextcloud-app-radio nextcloud-app-onlyoffice fdroidserver android-sdk android-sdk-build-tools gplaycli vlc-bittorrent qlcplus signal-web-gateway-git invoiceninja invoiceplane python-gspread-git etcher zeronet teamviewer scrcpy ttyd wdisplays-git dmenu-wayland-git python-soundcard python-soundfile pacaur archivemount micro python-rpi.gpio python-pad4pi python-pulse-control python-rplcd python-vlc python-mpv pmbootstrap wordpress-theme-geist linux-libre opensnitch-git powerpill osmctools tilemaker nextcloud-app-talk xerox-phaser-6000-6010 dokuwiki-plugin-captcha dokuwiki-plugin-dw2pdf dokuwiki-template-argon nextcloud-integration-github nextcloud-integration-twitter nextcloud-integration-reddit nextcloud-integration-discourse wordpress-plugin-opengraph nextcloud-app-podcast wordpress-plugin-simple-login-captcha wordpress-plugin-disable-xml-rpc wordpress-plugin-async-javascript wordpress-plugin-breeze wordpress-plugin-webp-converter-for-media | ||
Line 2018: | Line 2018: | ||
nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | ||
nft add rule inet filter input position 17 ip6 saddr 2a01: | nft add rule inet filter input position 17 ip6 saddr 2a01: | ||
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
caddy configuration | caddy configuration | ||
- | & | + | <file - / |
import conf.d/ | import conf.d/ | ||
- | & | + | </file> |
- | & | + | <file - / |
http:// | http:// | ||
Line 2043: | Line 2043: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl restart caddy | systemctl restart caddy | ||
- | & | + | </code> |
caddy configuration on http-pub.pi: | caddy configuration on http-pub.pi: | ||
- | & | + | <file - / |
[...] | [...] | ||
proxy /archlinux playground.pi { | proxy /archlinux playground.pi { | ||
Line 2054: | Line 2054: | ||
} | } | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl restart caddy | systemctl restart caddy | ||
- | & | + | </code> |
====== http-pub.pi ====== | ====== http-pub.pi ====== | ||
- | & | + | <code bash> |
pacman -S caddy php-fpm | pacman -S caddy php-fpm | ||
systemctl enable --now caddy php-fpm | systemctl enable --now caddy php-fpm | ||
nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | nft add rule inet filter input position 17 ip saddr 10.25.0.0/ | ||
nft add rule inet filter input position 17 ip6 saddr 2a01: | nft add rule inet filter input position 17 ip6 saddr 2a01: | ||
- | nft list ruleset | + | nft list ruleset |
- | & | + | </code> |
- | & | + | <file - / |
# Restart php service | # Restart php service | ||
Line 2080: | Line 2080: | ||
When = PostTransaction | When = PostTransaction | ||
Exec = / | Exec = / | ||
- | & | + | </file> |
custom caddy installation | custom caddy installation | ||
- | & | + | <code bash> |
pacaur -d caddy | pacaur -d caddy | ||
- | & | + | </code> |
- | & | + | <file - ~/ |
[...] | [...] | ||
# ' | # ' | ||
Line 2091: | Line 2091: | ||
# ' | # ' | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
cd ~/ | cd ~/ | ||
makepkg -i --skipinteg | makepkg -i --skipinteg | ||
- | & | + | </code> |
===== caddy ===== | ===== caddy ===== | ||
- | & | + | <code bash> |
pacman -S caddy | pacman -S caddy | ||
gpasswd -a caddy http | gpasswd -a caddy http | ||
- | & | + | </code> |
- | & | + | <file - / |
import / | import / | ||
- | & | + | </file> |
- | & | + | <file - / |
http:// | http:// | ||
redir https:// | redir https:// | ||
Line 2125: | Line 2125: | ||
rewrite @mainpage / | rewrite @mainpage / | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
http:// | http:// | ||
Line 2141: | Line 2141: | ||
} | } | ||
- | & | + | </file> |
- | & | + | <file - / |
[Service] | [Service] | ||
ProtectHome=false | ProtectHome=false | ||
LimitNOFILE=infinity | LimitNOFILE=infinity | ||
LimitNPROC=infinity | LimitNPROC=infinity | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl daemon-reload | systemctl daemon-reload | ||
systemctl restart caddy | systemctl restart caddy | ||
- | & | + | </code> |
Overwrite php-fpm.service configuration, | Overwrite php-fpm.service configuration, | ||
- | & | + | <file - php-fpm.service.d/ |
[Service] | [Service] | ||
ProtectHome=false | ProtectHome=false | ||
- | & | + | </file> |
===== wordpress ===== | ===== wordpress ===== | ||
- | & | + | <file - / |
extension=mysqli | extension=mysqli | ||
upload_max_filesize = 64M | upload_max_filesize = 64M | ||
post_max_size = 64M | post_max_size = 64M | ||
- | & | + | </file> |
===== uwsgi ===== | ===== uwsgi ===== | ||
- | & | + | <code bash> |
pacman -S uwsgi-plugin-python python-bottle | pacman -S uwsgi-plugin-python python-bottle | ||
mkdir / | mkdir / | ||
- | & | + | </code> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=uWSGI service unit | Description=uWSGI service unit | ||
Line 2193: | Line 2193: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Socket for uWSGI %I | Description=Socket for uWSGI %I | ||
Line 2204: | Line 2204: | ||
[Install] | [Install] | ||
WantedBy=sockets.target | WantedBy=sockets.target | ||
- | & | + | </file> |
==== getmetadata ==== | ==== getmetadata ==== | ||
- | & | + | <code bash> |
pacman -S python-requests | pacman -S python-requests | ||
- | & | + | </code> |
- | & | + | <file - / |
[uwsgi] | [uwsgi] | ||
http-socket = / | http-socket = / | ||
Line 2218: | Line 2218: | ||
plugins = python | plugins = python | ||
file = streammetadata-api.py | file = streammetadata-api.py | ||
- | & | + | </file> |
- | & | + | <file - / |
- | rw_directory=& | + | rw_directory="/ |
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable uwsgi-private@getmetadata | systemctl enable uwsgi-private@getmetadata | ||
systemctl start uwsgi-private@getmetadata | systemctl start uwsgi-private@getmetadata | ||
- | & | + | </code> |
==== biolaedle-etiketten-generator ==== | ==== biolaedle-etiketten-generator ==== | ||
- | & | + | <code bash> |
pacman -S python-pandas python-reportlab python-xlrd python-bottle | pacman -S python-pandas python-reportlab python-xlrd python-bottle | ||
- | & | + | </code> |
- | & | + | <file - / |
[uwsgi] | [uwsgi] | ||
http-socket = / | http-socket = / | ||
Line 2239: | Line 2239: | ||
plugins = python | plugins = python | ||
file = label.py | file = label.py | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable --now uwsgi@biolaedle\\x2detiketten\\x2dgenerator | systemctl enable --now uwsgi@biolaedle\\x2detiketten\\x2dgenerator | ||
- | & | + | </code> |
==== feeds ==== | ==== feeds ==== | ||
- | & | + | <code bash> |
pacman -S python-feedparser python-beautifulsoup4 python-pyrss2gen python-dateutil python-lxml | pacman -S python-feedparser python-beautifulsoup4 python-pyrss2gen python-dateutil python-lxml | ||
- | & | + | </code> |
- | & | + | <file - / |
[uwsgi] | [uwsgi] | ||
http-socket = / | http-socket = / | ||
Line 2257: | Line 2257: | ||
plugins = python | plugins = python | ||
file = app.py | file = app.py | ||
- | & | + | </file> |
- | & | + | <file - / |
- | rw_directory=& | + | rw_directory="/ |
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable uwsgi-private@feeds | systemctl enable uwsgi-private@feeds | ||
systemctl start uwsgi-private@feeds | systemctl start uwsgi-private@feeds | ||
- | & | + | </code> |
==== pishare ==== | ==== pishare ==== | ||
- | & | + | <code bash> |
pacman -S nodejs | pacman -S nodejs | ||
- | & | + | </code> |
- | & | + | <file - / |
[uwsgi] | [uwsgi] | ||
httpsocket = / | httpsocket = / | ||
Line 2280: | Line 2280: | ||
file = pishare.py | file = pishare.py | ||
lazy-apps = true | lazy-apps = true | ||
- | & | + | </file> |
- | & | + | <code bash> |
systenmctl enable --now uwsgi@pishare | systenmctl enable --now uwsgi@pishare | ||
- | & | + | </code> |
===== arch-upstream ===== | ===== arch-upstream ===== | ||
- | & | + | <code bash> |
pacman -S python-progressbar python-jinja | pacman -S python-progressbar python-jinja | ||
ln -s / | ln -s / | ||
- | & | + | </code> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Arch-Upstream | Description=Arch-Upstream | ||
Line 2307: | Line 2307: | ||
WorkingDirectory=/ | WorkingDirectory=/ | ||
ExecStart=/ | ExecStart=/ | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Run arch-upstream every 12 hours | Description=Run arch-upstream every 12 hours | ||
Line 2321: | Line 2321: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl enable arch-upstream.timer | systemctl enable arch-upstream.timer | ||
systemctl start arch-upstream.timer | systemctl start arch-upstream.timer | ||
- | & | + | </code> |
===== fdroid repo gplay mirror ===== | ===== fdroid repo gplay mirror ===== | ||
http-pub.pi | http-pub.pi | ||
enable multilib | enable multilib | ||
- | & | + | <file - / |
[...] | [...] | ||
# | # | ||
Line 2341: | Line 2341: | ||
# tips on creating your own repositories. | # tips on creating your own repositories. | ||
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
pacman -S fdroidserver android-sdk android-sdk-build-tools gplaycli | pacman -S fdroidserver android-sdk android-sdk-build-tools gplaycli | ||
cd www | cd www | ||
Line 2348: | Line 2348: | ||
cd fdroid | cd fdroid | ||
env ANDROID_HOME=/ | env ANDROID_HOME=/ | ||
- | & | + | </code> |
- | & | + | <file - www/ |
[...] | [...] | ||
- | repo_url = & | + | repo_url = "https:// |
- | repo_name = & | + | repo_name = "Project-Insanity F-Droid repo" |
- | repo_icon = & | + | repo_icon = "fdroid-icon.png" |
- | repo_description = & | + | repo_description = "This is a private F-Droid repository for the PI-crew :)" |
[...] | [...] | ||
- | & | + | </file> |
- | & | + | <code bash> |
env ANDROID_HOME=/ | env ANDROID_HOME=/ | ||
- | & | + | </code> |
- | & | + | <code bash> |
mkdir ~/ | mkdir ~/ | ||
- | & | + | </code> |
- | & | + | <file - ~/ |
[Credentials] | [Credentials] | ||
gmail_address=****@gmail.com | gmail_address=****@gmail.com | ||
gmail_password=**** | gmail_password=**** | ||
token=False | token=False | ||
- | & | + | </file> |
- | & | + | <file - ~/ |
org.thoughtcrime.securesms | org.thoughtcrime.securesms | ||
de.nextbike | de.nextbike | ||
Line 2401: | Line 2401: | ||
com.zhiliaoapp.musically | com.zhiliaoapp.musically | ||
com.lynxspa.prontotreno | com.lynxspa.prontotreno | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Gplaycli automatic APK mirror | Description=Gplaycli automatic APK mirror | ||
Line 2410: | Line 2410: | ||
Type=simple | Type=simple | ||
User=onny | User=onny | ||
- | ExecStart=/ | + | ExecStart=/ |
TimeoutStopSec=180 | TimeoutStopSec=180 | ||
KillMode=process | KillMode=process | ||
Line 2417: | Line 2417: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <file - / |
[Unit] | [Unit] | ||
Description=Gplaycli automatic APK mirror | Description=Gplaycli automatic APK mirror | ||
Line 2429: | Line 2429: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
- | & | + | </file> |
- | & | + | <code bash> |
systemctl daemon-reload | systemctl daemon-reload | ||
systemctl --now enable gplaycli.timer | systemctl --now enable gplaycli.timer | ||
- | & | + | </code> |
Notes: | Notes: | ||
* Manually put Threema apk into repo folder | * Manually put Threema apk into repo folder | ||
===== public hosting ===== | ===== public hosting ===== | ||
Create user for hosting site | Create user for hosting site | ||
- | & | + | <code bash> |
useradd -m example | useradd -m example | ||
mkdir / | mkdir / | ||
ln -s / | ln -s / | ||
chmod +x / | chmod +x / | ||
- | & | + | </code> |
Copy php-fpm profile | Copy php-fpm profile | ||
- | & | + | <code bash> |
cp / | cp / | ||
- | & | + | </code> |
Replace all occurences from the domain ('' | Replace all occurences from the domain ('' | ||
- | & | + | <code bash> |
systemctl restart php-fpm | systemctl restart php-fpm | ||
- | & | + | </code> |
Create nginx webserver configuration: | Create nginx webserver configuration: | ||
- | & | + | <file - / |
server { | server { | ||
server_name example.de www.example.de; | server_name example.de www.example.de; | ||
Line 2473: | Line 2473: | ||
} | } | ||
} | } | ||
- | & | + | </file> |
Enable webserver configuration: | Enable webserver configuration: | ||
- | & | + | <code bash> |
ln -s / | ln -s / | ||
systemctl restart nginx | systemctl restart nginx | ||
- | & | + | </code> |
Enable SSL caddy proxy on '' | Enable SSL caddy proxy on '' | ||
- | & | + | <file - / |
www.example.de example.de { | www.example.de example.de { | ||
log / | log / | ||
Line 2489: | Line 2489: | ||
header_upstream X-Real-IP {remote} | header_upstream X-Real-IP {remote} | ||
header_upstream X-Forwarded-Proto {scheme} | header_upstream X-Forwarded-Proto {scheme} | ||
- | header_downstream -Server | + | header_downstream -Server |
} | } | ||
} | } | ||
- | & | + | </file> |
Restart caddy process after that. Depending on the permissions of your webroot, you can run: | Restart caddy process after that. Depending on the permissions of your webroot, you can run: | ||
- | & | + | <code bash> |
sudo gpasswd -a example http | sudo gpasswd -a example http | ||
- | & | + | </code> |
Mysql database creation on '' | Mysql database creation on '' | ||
- | & | + | <code sql> |
CREATE DATABASE IF NOT EXISTS sexypump; | CREATE DATABASE IF NOT EXISTS sexypump; | ||
GRANT ALL PRIVILEGES ON sexypump.* TO ' | GRANT ALL PRIVILEGES ON sexypump.* TO ' | ||
FLUSH PRIVILEGES; | FLUSH PRIVILEGES; | ||
- | & | + | </code> |
- | & | + | <file - / |
upload_max_filesize = 1000M | upload_max_filesize = 1000M | ||
post_max_size = 1000M | post_max_size = 1000M | ||
- | & | + | </file> |
===== podcast feeds ===== | ===== podcast feeds ===== | ||
- | & | + | <code bash> |
sudo cp / | sudo cp / | ||
sudo cp / | sudo cp / | ||
systemctl enable --now bounce_feed.timer laboumdeluxe_feed.timer kampus_hakatze_feed.timer | systemctl enable --now bounce_feed.timer laboumdeluxe_feed.timer kampus_hakatze_feed.timer | ||
- | & | + | </code> |
projectinsanity/server_setup.1646958069.txt.gz · Last modified: 2022/03/11 00:21 by 2a01:4f8:192:214e::2