From 8af7a50f38797fb23aa6f4ea324147feca3456d2 Mon Sep 17 00:00:00 2001
From: Alexandr Bogomyakov <ab@hexor.cy>
Date: Fri, 25 Aug 2023 15:37:05 +0300
Subject: [PATCH] Fix webview

---
 .gitignore                |   2 +-
 content/blog/_index.md    |   6 ++
 content/blog/arch-repo.md |  97 ++++++++++++++++++++++++++++++++
 content/blog/htpasswd.md  |  19 +++++++
 content/blog/qemu.md      |  76 +++++++++++++++++++++++++
 content/blog/torrent.md   | 113 ++++++++++++++++++++++++++++++++++++++
 templates/blog.html       |   6 ++
 7 files changed, 318 insertions(+), 1 deletion(-)
 create mode 100644 content/blog/_index.md
 create mode 100644 content/blog/arch-repo.md
 create mode 100644 content/blog/htpasswd.md
 create mode 100644 content/blog/qemu.md
 create mode 100644 content/blog/torrent.md
 create mode 100644 templates/blog.html

diff --git a/.gitignore b/.gitignore
index 364fdec..87174b6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-public/
+/public/
diff --git a/content/blog/_index.md b/content/blog/_index.md
new file mode 100644
index 0000000..144dad6
--- /dev/null
+++ b/content/blog/_index.md
@@ -0,0 +1,6 @@
++++
+path = "blog"
+template = "blog.html"
+transparent = true
+sort_by = "date"
++++
diff --git a/content/blog/arch-repo.md b/content/blog/arch-repo.md
new file mode 100644
index 0000000..90c73bd
--- /dev/null
+++ b/content/blog/arch-repo.md
@@ -0,0 +1,97 @@
++++
+title = "Own Arch Linux Repository"
+date = "2020-07-14"
+description = "self-hosted repository for your own Arch Linux packages"
+
+[taxonomies]
+tags = ["linux", "nginx", "selfhosting"]
+
+[extra]
+author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
++++
+
+## Prerequisites
+* Ubuntu Server with Nginx and Docker
+---
+
+## Creating repository
+
+Repository database is managed via `repo-add` script bundled with Arch Linux `pacman` package manager. Since pacman is not available in Ubuntu repository I use docker `archlinux` image for managing repository. This guide assumes that repository located in `/srv/arch-repo`. First of all move all your packages into /srv/arch-repo. Following command will create or update repository database.
+
+```sh
+REPO_URL=repo.sun.hexor.ru
+REPO_PATH=/srv/arch-repo
+docker run -v ${REPO_PATH}:/repo --rm archlinux \
+bash -c "repo-add /repo/${REPO_URL}.db.tar.gz /repo/*pkg.tar.zst"
+```
+
+### **Important aspect**
+* Name of the database should be REPO_URL.db.tar.gz, in this case REPO_URL is repo.sun.hexor.ru.
+---
+
+## Periodically database repo update
+
+I use systemd:
+```ini
+# Service unit
+# /etc/systemd/system/update-arch-repo.service
+[Unit]
+Description=Updating arch linux repository database for %I
+Requires=docker.service
+
+[Service]
+ExecStart=/usr/bin/docker run -v /srv/arch-repo:/repo --rm archlinux bash -c "repo-add /repo/%i.db.tar.gz /repo/*pkg.tar.zst"
+
+[Install]
+WantedBy=multi-user.target
+```
+
+```ini
+# Timer unit
+# /etc/systemd/system/update-arch-repo.timer
+[Unit]
+Description=Schedule arch repo database update for %I
+
+[Timer]
+# every 15 minutes
+OnCalendar=*:0/15
+
+[Install]
+WantedBy=timers.target
+```
+
+Activate timer:
+```sh
+REPO_URL=repo.sun.hexor.ru
+systemctl enable update-arch-repo@${REPO_URL}.timer
+```
+
+## Reverse proxy for HTTPS access
+
+I use NGINX
+```js
+server {
+    server_name repo.sun.hexor.ru;
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    include security.conf; # my security options
+    include letsencrypt.conf; # my ssl config. 
+    root /srv/arch-repo;
+    location / {
+        autoindex on;
+        try_files $uri $uri/ =404;
+    }
+    access_log /var/log/nginx/logs/repo.sun.hexor.ru.access.log custom;
+    error_log /var/log/nginx/logs/repo.sun.hexor.ru.error.log;
+}
+```
+
+## Configure repo on your machines
+
+Add your repo to `/etc/pacman.conf`:
+
+```ini
+[repo.sun.hexor.ru]
+Server = https://repo.sun.hexor.ru
+```
+
diff --git a/content/blog/htpasswd.md b/content/blog/htpasswd.md
new file mode 100644
index 0000000..f2c73ce
--- /dev/null
+++ b/content/blog/htpasswd.md
@@ -0,0 +1,19 @@
++++
+title = ".htpasswd one-liner"
+date = "2020-07-13"
+description = "creating password hash for Basic auth"
+
+[taxonomies]
+tags = ["linux", "tools", "selfhosting"]
+
+[extra]
+author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
++++
+
+It's annoying when you need apache2-utils just for creating password hash for Basic auth. So here is Shell one-liner doing it using openssl.
+```sh
+user=ab
+pass=pwd
+printf "${user}:$(openssl passwd -apr1 ${pass})\n"
+```
+---
diff --git a/content/blog/qemu.md b/content/blog/qemu.md
new file mode 100644
index 0000000..f2b908b
--- /dev/null
+++ b/content/blog/qemu.md
@@ -0,0 +1,76 @@
++++
+title = "KVM/QEMU self hosted hypervisor"
+date = "2020-07-14"
+description = "Installing home hypervisor with remote control"
+
+[taxonomies]
+tags = ["linux", "kvm", "selfhosting"]
+
+[extra]
+author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
++++
+
+## Requirements
+* Ubuntu Linux server (tested on 18.04 and 20.04)
+* CPU with virtualisation enabled
+---
+
+## Installing
+
+Installing VT staff
+
+```sh
+sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils
+```
+I'd like to assign IPs for my VMs in the same network as server.
+
+Here is `netplan` config:
+```yaml
+# /etc/netplan/00-installer-config.yaml
+network:
+  ethernets:
+    enp2s0f0:
+      dhcp4: false
+      dhcp6: false
+  bridges:
+    br0:
+      interfaces: [enp2s0f0]
+      dhcp4: true
+      dhcp6: true
+  version: 2
+```
+
+Generate and apply network config:
+```sh
+sudo netplan generate
+sudo netplan --debug apply
+
+# Check bridge
+sudo networkctl
+IDX LINK       TYPE     OPERATIONAL SETUP
+  1 lo         loopback carrier     unmanaged
+  2 enp2s0f0   ether    enslaved    configured
+  3 br0        bridge   routable    configured
+  4 virbr0     bridge   no-carrier  unmanaged
+  5 virbr0-nic ether    off         unmanaged
+
+# Check DHCP lease on new bridge
+sudo ip a 
+2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
+    link/ether xxx brd ff:ff:ff:ff:ff:ff
+4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
+    link/ether xxx brd ff:ff:ff:ff:ff:ff
+    inet 192.168.88.28/24 brd 192.168.88.255 scope global dynamic br0
+       valid_lft 535sec preferred_lft 535sec
+```
+---
+
+## Managing VMs
+
+Grant permissions to use virtmanager to your user on server:
+```sh
+sudo adduser $USER libvirt-qemu
+sudo adduser $USER libvirt
+```
+
+Use virt-manager GUI utility on client or virsh CLI tool for managing VMs and data pools.
diff --git a/content/blog/torrent.md b/content/blog/torrent.md
new file mode 100644
index 0000000..b75ce14
--- /dev/null
+++ b/content/blog/torrent.md
@@ -0,0 +1,113 @@
++++
+title = "qBittornt web via VPN"
+date = "2023-08-25"
+description = "Installing qBittornt web and VPN only download"
+
+[taxonomies]
+tags = ["linux", "torrent", "network", "selfhosting"]
+
+[extra]
+author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
++++
+
+## Requirements
+* Ubuntu Linux server (tested on 18.04 and 20.04)
+* NGINX
+* Wireguard VPN config (easy to change to any other vpn)
+---
+
+## Installing
+
+Install `qbittorrent-nox` for headless qBittorent package:
+```sh
+sudo apt install -y qbittorrent-nox
+```
+
+## Configuring VPN Network Namespace
+Create `/usr/bin/torrent_ns` script and make it exucutable. It configures Network Namespace for qBittorent.
+```sh
+VPN_CFG_NAME=torrent
+VPN_COMMAND="wg-quick up ${VPN_CFG_NAME}"
+export SCRIPT=$(cat <<-END
+#!/bin/bash
+ip netns del torrent
+sleep 2
+ip netns add torrent
+ip link add veth0 type veth peer name veth1
+ip link set veth1 netns torrent
+ip address add 10.99.99.1/24 dev veth0
+ip netns exec torrent ip address add 10.99.99.2/24 dev veth1
+ip link set dev veth0 up
+ip netns exec torrent ip link set dev veth1 up
+ip netns exec torrent ip route add default via 10.99.99.1
+mkdir -p /etc/netns/torrent
+echo nameserver 8.8.8.8 > /etc/netns/torrent/resolv.conf
+sleep 3
+ip netns exec torrent ${VPN_COMMAND}
+sleep 3
+ip netns exec torrent sudo -u ${USER} qbittorrent-nox
+END
+)
+
+sudo -E -E bash -c 'cat > /usr/bin/torrent_ns << EOF
+${SCRIPT}
+EOF
+'
+
+sudo chmod +x /usr/bin/torrent_ns
+```
+
+## Systemd Autostart
+Systemd unit to enable autostart:
+```sh
+export SERVICE=$(cat <<-END
+[Unit]
+Description=qBittorrent via vpn
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=1
+User=root
+ExecStart=/usr/bin/torrent_ns
+ExecStop=/usr/bin/ip netns del torrent
+END
+)
+
+sudo -E bash -c 'cat > /etc/systemd/system/qbittorrent.service << EOF
+${SERVICE}
+EOF
+'
+
+sudo systemctl enable --now qbittorrent.service
+```
+
+## Nginx Reverse Proxy
+
+```js
+# /etc/nginx/sites-enabled/tr.hexor.cy.conf 
+server {
+        listen 443 ssl http2;
+        server_name tr.hexor.ru;
+        include ssl.conf; # my own ssl config
+        location / {
+                proxy_pass http://10.99.99.2:8080;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_hide_header   Referer;
+                proxy_hide_header   Origin;
+                proxy_set_header    Referer                 '';
+                proxy_set_header    Origin                  '';
+        }
+}
+server {
+        listen 80;
+        server_name tr.hexor.cy;
+        listen [::]:80;
+        return 302 https://$host$request_uri;
+}
+```
diff --git a/templates/blog.html b/templates/blog.html
new file mode 100644
index 0000000..1f16894
--- /dev/null
+++ b/templates/blog.html
@@ -0,0 +1,6 @@
+{% extends "index.html" %}
+
+{% block main_content %}
+    {% set section = get_section(path="blog/_index.md") %}
+    {{ post_macros::list_title(blog=section.blog) }}
+{% endblock main_content %}