mirror of
https://github.com/house-of-vanity/house-of-vanity.github.io.git
synced 2025-10-24 01:49:08 +00:00
Fix webview
This commit is contained in:
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1 +1 @@
|
|||||||
public/
|
/public/
|
||||||
|
6
content/blog/_index.md
Normal file
6
content/blog/_index.md
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
+++
|
||||||
|
path = "blog"
|
||||||
|
template = "blog.html"
|
||||||
|
transparent = true
|
||||||
|
sort_by = "date"
|
||||||
|
+++
|
97
content/blog/arch-repo.md
Normal file
97
content/blog/arch-repo.md
Normal file
@@ -0,0 +1,97 @@
|
|||||||
|
+++
|
||||||
|
title = "Own Arch Linux Repository"
|
||||||
|
date = "2020-07-14"
|
||||||
|
description = "self-hosted repository for your own Arch Linux packages"
|
||||||
|
|
||||||
|
[taxonomies]
|
||||||
|
tags = ["linux", "nginx", "selfhosting"]
|
||||||
|
|
||||||
|
[extra]
|
||||||
|
author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
* Ubuntu Server with Nginx and Docker
|
||||||
|
---
|
||||||
|
|
||||||
|
## Creating repository
|
||||||
|
|
||||||
|
Repository database is managed via `repo-add` script bundled with Arch Linux `pacman` package manager. Since pacman is not available in Ubuntu repository I use docker `archlinux` image for managing repository. This guide assumes that repository located in `/srv/arch-repo`. First of all move all your packages into /srv/arch-repo. Following command will create or update repository database.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
REPO_URL=repo.sun.hexor.ru
|
||||||
|
REPO_PATH=/srv/arch-repo
|
||||||
|
docker run -v ${REPO_PATH}:/repo --rm archlinux \
|
||||||
|
bash -c "repo-add /repo/${REPO_URL}.db.tar.gz /repo/*pkg.tar.zst"
|
||||||
|
```
|
||||||
|
|
||||||
|
### **Important aspect**
|
||||||
|
* Name of the database should be REPO_URL.db.tar.gz, in this case REPO_URL is repo.sun.hexor.ru.
|
||||||
|
---
|
||||||
|
|
||||||
|
## Periodically database repo update
|
||||||
|
|
||||||
|
I use systemd:
|
||||||
|
```ini
|
||||||
|
# Service unit
|
||||||
|
# /etc/systemd/system/update-arch-repo.service
|
||||||
|
[Unit]
|
||||||
|
Description=Updating arch linux repository database for %I
|
||||||
|
Requires=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/docker run -v /srv/arch-repo:/repo --rm archlinux bash -c "repo-add /repo/%i.db.tar.gz /repo/*pkg.tar.zst"
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
|
||||||
|
```ini
|
||||||
|
# Timer unit
|
||||||
|
# /etc/systemd/system/update-arch-repo.timer
|
||||||
|
[Unit]
|
||||||
|
Description=Schedule arch repo database update for %I
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
# every 15 minutes
|
||||||
|
OnCalendar=*:0/15
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
```
|
||||||
|
|
||||||
|
Activate timer:
|
||||||
|
```sh
|
||||||
|
REPO_URL=repo.sun.hexor.ru
|
||||||
|
systemctl enable update-arch-repo@${REPO_URL}.timer
|
||||||
|
```
|
||||||
|
|
||||||
|
## Reverse proxy for HTTPS access
|
||||||
|
|
||||||
|
I use NGINX
|
||||||
|
```js
|
||||||
|
server {
|
||||||
|
server_name repo.sun.hexor.ru;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
listen 443 ssl;
|
||||||
|
include security.conf; # my security options
|
||||||
|
include letsencrypt.conf; # my ssl config.
|
||||||
|
root /srv/arch-repo;
|
||||||
|
location / {
|
||||||
|
autoindex on;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
access_log /var/log/nginx/logs/repo.sun.hexor.ru.access.log custom;
|
||||||
|
error_log /var/log/nginx/logs/repo.sun.hexor.ru.error.log;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configure repo on your machines
|
||||||
|
|
||||||
|
Add your repo to `/etc/pacman.conf`:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
[repo.sun.hexor.ru]
|
||||||
|
Server = https://repo.sun.hexor.ru
|
||||||
|
```
|
||||||
|
|
19
content/blog/htpasswd.md
Normal file
19
content/blog/htpasswd.md
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
+++
|
||||||
|
title = ".htpasswd one-liner"
|
||||||
|
date = "2020-07-13"
|
||||||
|
description = "creating password hash for Basic auth"
|
||||||
|
|
||||||
|
[taxonomies]
|
||||||
|
tags = ["linux", "tools", "selfhosting"]
|
||||||
|
|
||||||
|
[extra]
|
||||||
|
author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
|
||||||
|
+++
|
||||||
|
|
||||||
|
It's annoying when you need apache2-utils just for creating password hash for Basic auth. So here is Shell one-liner doing it using openssl.
|
||||||
|
```sh
|
||||||
|
user=ab
|
||||||
|
pass=pwd
|
||||||
|
printf "${user}:$(openssl passwd -apr1 ${pass})\n"
|
||||||
|
```
|
||||||
|
---
|
76
content/blog/qemu.md
Normal file
76
content/blog/qemu.md
Normal file
@@ -0,0 +1,76 @@
|
|||||||
|
+++
|
||||||
|
title = "KVM/QEMU self hosted hypervisor"
|
||||||
|
date = "2020-07-14"
|
||||||
|
description = "Installing home hypervisor with remote control"
|
||||||
|
|
||||||
|
[taxonomies]
|
||||||
|
tags = ["linux", "kvm", "selfhosting"]
|
||||||
|
|
||||||
|
[extra]
|
||||||
|
author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
* Ubuntu Linux server (tested on 18.04 and 20.04)
|
||||||
|
* CPU with virtualisation enabled
|
||||||
|
---
|
||||||
|
|
||||||
|
## Installing
|
||||||
|
|
||||||
|
Installing VT staff
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils
|
||||||
|
```
|
||||||
|
I'd like to assign IPs for my VMs in the same network as server.
|
||||||
|
|
||||||
|
Here is `netplan` config:
|
||||||
|
```yaml
|
||||||
|
# /etc/netplan/00-installer-config.yaml
|
||||||
|
network:
|
||||||
|
ethernets:
|
||||||
|
enp2s0f0:
|
||||||
|
dhcp4: false
|
||||||
|
dhcp6: false
|
||||||
|
bridges:
|
||||||
|
br0:
|
||||||
|
interfaces: [enp2s0f0]
|
||||||
|
dhcp4: true
|
||||||
|
dhcp6: true
|
||||||
|
version: 2
|
||||||
|
```
|
||||||
|
|
||||||
|
Generate and apply network config:
|
||||||
|
```sh
|
||||||
|
sudo netplan generate
|
||||||
|
sudo netplan --debug apply
|
||||||
|
|
||||||
|
# Check bridge
|
||||||
|
sudo networkctl
|
||||||
|
IDX LINK TYPE OPERATIONAL SETUP
|
||||||
|
1 lo loopback carrier unmanaged
|
||||||
|
2 enp2s0f0 ether enslaved configured
|
||||||
|
3 br0 bridge routable configured
|
||||||
|
4 virbr0 bridge no-carrier unmanaged
|
||||||
|
5 virbr0-nic ether off unmanaged
|
||||||
|
|
||||||
|
# Check DHCP lease on new bridge
|
||||||
|
sudo ip a
|
||||||
|
2: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
|
||||||
|
link/ether xxx brd ff:ff:ff:ff:ff:ff
|
||||||
|
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
|
||||||
|
link/ether xxx brd ff:ff:ff:ff:ff:ff
|
||||||
|
inet 192.168.88.28/24 brd 192.168.88.255 scope global dynamic br0
|
||||||
|
valid_lft 535sec preferred_lft 535sec
|
||||||
|
```
|
||||||
|
---
|
||||||
|
|
||||||
|
## Managing VMs
|
||||||
|
|
||||||
|
Grant permissions to use virtmanager to your user on server:
|
||||||
|
```sh
|
||||||
|
sudo adduser $USER libvirt-qemu
|
||||||
|
sudo adduser $USER libvirt
|
||||||
|
```
|
||||||
|
|
||||||
|
Use virt-manager GUI utility on client or virsh CLI tool for managing VMs and data pools.
|
113
content/blog/torrent.md
Normal file
113
content/blog/torrent.md
Normal file
@@ -0,0 +1,113 @@
|
|||||||
|
+++
|
||||||
|
title = "qBittornt web via VPN"
|
||||||
|
date = "2023-08-25"
|
||||||
|
description = "Installing qBittornt web and VPN only download"
|
||||||
|
|
||||||
|
[taxonomies]
|
||||||
|
tags = ["linux", "torrent", "network", "selfhosting"]
|
||||||
|
|
||||||
|
[extra]
|
||||||
|
author = { name = "@ultradesu", social= "https://github.com/house-of-vanity" }
|
||||||
|
+++
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
* Ubuntu Linux server (tested on 18.04 and 20.04)
|
||||||
|
* NGINX
|
||||||
|
* Wireguard VPN config (easy to change to any other vpn)
|
||||||
|
---
|
||||||
|
|
||||||
|
## Installing
|
||||||
|
|
||||||
|
Install `qbittorrent-nox` for headless qBittorent package:
|
||||||
|
```sh
|
||||||
|
sudo apt install -y qbittorrent-nox
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuring VPN Network Namespace
|
||||||
|
Create `/usr/bin/torrent_ns` script and make it exucutable. It configures Network Namespace for qBittorent.
|
||||||
|
```sh
|
||||||
|
VPN_CFG_NAME=torrent
|
||||||
|
VPN_COMMAND="wg-quick up ${VPN_CFG_NAME}"
|
||||||
|
export SCRIPT=$(cat <<-END
|
||||||
|
#!/bin/bash
|
||||||
|
ip netns del torrent
|
||||||
|
sleep 2
|
||||||
|
ip netns add torrent
|
||||||
|
ip link add veth0 type veth peer name veth1
|
||||||
|
ip link set veth1 netns torrent
|
||||||
|
ip address add 10.99.99.1/24 dev veth0
|
||||||
|
ip netns exec torrent ip address add 10.99.99.2/24 dev veth1
|
||||||
|
ip link set dev veth0 up
|
||||||
|
ip netns exec torrent ip link set dev veth1 up
|
||||||
|
ip netns exec torrent ip route add default via 10.99.99.1
|
||||||
|
mkdir -p /etc/netns/torrent
|
||||||
|
echo nameserver 8.8.8.8 > /etc/netns/torrent/resolv.conf
|
||||||
|
sleep 3
|
||||||
|
ip netns exec torrent ${VPN_COMMAND}
|
||||||
|
sleep 3
|
||||||
|
ip netns exec torrent sudo -u ${USER} qbittorrent-nox
|
||||||
|
END
|
||||||
|
)
|
||||||
|
|
||||||
|
sudo -E -E bash -c 'cat > /usr/bin/torrent_ns << EOF
|
||||||
|
${SCRIPT}
|
||||||
|
EOF
|
||||||
|
'
|
||||||
|
|
||||||
|
sudo chmod +x /usr/bin/torrent_ns
|
||||||
|
```
|
||||||
|
|
||||||
|
## Systemd Autostart
|
||||||
|
Systemd unit to enable autostart:
|
||||||
|
```sh
|
||||||
|
export SERVICE=$(cat <<-END
|
||||||
|
[Unit]
|
||||||
|
Description=qBittorrent via vpn
|
||||||
|
After=network.target
|
||||||
|
StartLimitIntervalSec=0
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Restart=always
|
||||||
|
RestartSec=1
|
||||||
|
User=root
|
||||||
|
ExecStart=/usr/bin/torrent_ns
|
||||||
|
ExecStop=/usr/bin/ip netns del torrent
|
||||||
|
END
|
||||||
|
)
|
||||||
|
|
||||||
|
sudo -E bash -c 'cat > /etc/systemd/system/qbittorrent.service << EOF
|
||||||
|
${SERVICE}
|
||||||
|
EOF
|
||||||
|
'
|
||||||
|
|
||||||
|
sudo systemctl enable --now qbittorrent.service
|
||||||
|
```
|
||||||
|
|
||||||
|
## Nginx Reverse Proxy
|
||||||
|
|
||||||
|
```js
|
||||||
|
# /etc/nginx/sites-enabled/tr.hexor.cy.conf
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
server_name tr.hexor.ru;
|
||||||
|
include ssl.conf; # my own ssl config
|
||||||
|
location / {
|
||||||
|
proxy_pass http://10.99.99.2:8080;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_hide_header Referer;
|
||||||
|
proxy_hide_header Origin;
|
||||||
|
proxy_set_header Referer '';
|
||||||
|
proxy_set_header Origin '';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name tr.hexor.cy;
|
||||||
|
listen [::]:80;
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
```
|
6
templates/blog.html
Normal file
6
templates/blog.html
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
{% extends "index.html" %}
|
||||||
|
|
||||||
|
{% block main_content %}
|
||||||
|
{% set section = get_section(path="blog/_index.md") %}
|
||||||
|
{{ post_macros::list_title(blog=section.blog) }}
|
||||||
|
{% endblock main_content %}
|
Reference in New Issue
Block a user