Archive of 2023 | An average guy's IT (mis)adventures

December 2023

Dendrite (Matrix)…

Several months ago I was running a "matrix-docker-ansible" playbook on OVH, but limited resources led me to take it down. More than one time I thought about reliving that server (which I have backups of), but reading on the changes that the playbook got so far and the difficulties in running a Matrix environment without exposing web ports (80 and 443), I thought to better give up. Yesterday I looked into Dendrite (a Matrix server written in GO), which looks a lot simpler than the whole lot the docker-ansible playbook offers, so I went ahead and installed it the manual way with nginx as reverse proxy. Easy peasy - documentation is quite good. Today I also installed "Cinny" as a web client and I'm done for the moment... Federation works, registrations are closed (can invite friends though) and apart from RAM peaks and quite long waiting times when joining rooms (up to 2K members), the server is doing quite well: started with 700MB of RAM (at joining time) and went…

Permanent link to “Dendrite (Matrix) is live”
Modding converse.js

Here are a few tweaks that make my "converse.js" experience better: Remove link from banner: I accidentally used to click that and be teleported to converse.js official webclient, so I thought it could be misleading for unaware users using my locally hosted version of the software. Search and replace/remove the href bit in converse.min.js, under the dist directory: <a class="brand-heading" href="https://conversejs.org" target="_blank" rel="noopener"> In the "converse.min.css" file, search for this string and fill it with the following code to have unread MUCs underlined and colored in red: .list-item.unread-msgs .list-item.unread-msgs{font-weight:700; text-decoration: underline red;} Fix color for toolbar-utilities when in 1:1 chats: find this line in "converse.min.css" .fas:hover svg{fill:var(--chat-head-color)} and replace with: .fas:hover svg{fill:var(--chat-toolbar-btn-color)} Raise minimum chat text area:…

Permanent link to “Modding converse.js”
mumble-web…

Today I wanted to install yet another web frontend for the services I host, i.e. mumble-web mumble-web is an HTML5 Mumble client for use in modern browsers. I won't bore you with the install details, just know that it's basically JS and you need to install npm modules.. After some processing and a whole lot of deprecation warnings on screen, it finally failed. Then I looked at the logs it left and it was searching for python2!! Went back to the github page and found out the code is from about 3 years ago, with the latest issue being about one guy managing to build the software on Debian 11 with some old NodeJs version.. So, after a bit of disappointment, I delete the whole directory and be done with it. You know, there's no alternatives out there 😟 Now I would like to ask a question to disroot admins: how the hell are you running this junk on your server!? I believe they're using docker, still it's not safe in my opinion to run such old-unmaintained stuff. I won't be doing…

Permanent link to “mumble-web (mis)adventure”

November 2023

Migrate whole…

I recently moved from OVH to Contabo for my VPS: since setting up everything from scratch looked like a hard challenge, I moved everything using rsync. Firstly, some preparations: installed the same kernel I had on OVH rebooted Contabo installed rsync on Contabo Then I switched to the OVH shell: created a exclude.txt file with all the directory and file I didn't want to move: /boot/ /etc/modules /etc/fstab /etc/mtab /etc/netconfig /etc/networks /etc/network/ /etc/ssh/ /etc/cloud/ /etc/cloud-release /etc/grub.d/ /etc/host.conf /etc/hostname /etc/hosts /etc/hosts.allow /etc/hosts.deny /etc/init.d/cloud-config /etc/init.d/cloud-final /etc/init.d/cloud-init /etc/init.d/cloud-init-local /etc/initramfs-tools/ /etc/default/grub /etc/default/grub.d/ /etc/kernel/ /etc/kernel-img.conf /lib/modules/ /lost+found/ /sys/ /proc/ /dev/ /tmp/ /var/cache/ /var/log/journal/ /mnt/ /root/.ssh/ moved it to /root/exclude.txt stopped all the running services systemctl stop <service> now we can begin…

Permanent link to “Migrate whole system from one host to another”
Radicale Cal/Card…

Radicale Descrizione Radicale è un piccolo ma potente server CalDAV (calendari, elenchi di cose da fare) e CardDAV (contatti), che: Condivide calendari ed elenchi di contatti tramite CalDAV, CardDAV e HTTP. Supporta eventi, todos, voci del diario e biglietti da visita. Funziona subito, senza bisogno di complicate impostazioni o configurazioni. Può limitare l'accesso tramite autenticazione. Può proteggere le connessioni con TLS. Funziona con molti client CalDAV e CardDAV. Memorizza tutti i dati sul file system in una semplice struttura di cartelle. Può essere esteso con plugin. È un software libero con licenza GPLv3. Requisiti/Installazione Innanzitutto, assicurarsi che python 3.5 o successivo (si consiglia python ≥ 3.6) sia installato. Sarà poi necessario un web server come Apache o nginx; in questa guida verrà usato nginx e verranno installati pacchetti presenti in Debian, anziché usare "pip". Documentazione Ufficiale Installazione # apt install radicale apache2-utils…

Permanent link to “Radicale Cal/Card DAV”
Mailing List for…

These days I am tinkering with a Mailing List for Delta Chat powered by mlmmj I was able to create the list and set up Postfix correctly - instructions are quite clear even if on a couple settings I had to do some troubleshooting looking at logs.. Now I have this Mailing List called deltachat@woodpeckersnest.eu which you can subscribe to by sending an email to deltachat+subscribe@woodpeckersnest.eu and following further instructions. Initially Delta Chat would create groups of people with the ML's address inside of it, thus splitting every conversation by users participating in it. This was later fixed by adding the following lines in list-dir/control/customheaders file: X-Mailinglist: deltachat Reply-To: deltachat@woodpeckersnest.space List-ID: DC Mailing List <deltachat.woodpeckersnest.eu> List-Post: <mailto:deltachat@woodpeckersnest.eu> Now a proper Super Group is created and everyone¹ is able to message in it. ¹ Well, not actually everyone since a member still has…

Permanent link to “Mailing List for Delta Chat with mlmmj”
XMPP-IT Italian…

E' attiva da poche ore la nuova community Italiana XMPP-IT.net. Alcuni riferimenti: sito web: https://www.xmpp-it.net/ MUC: xmpp-it server Gitea: https://git.xmpp-it.net/ Venite a trovarci se conoscete di già XMPP ma soprattutto se non lo conoscete ancora: creare un account è facile e sicuro e se avete qualsiasi dubbio scrivete pure un'email ad "admin@xmpp-it.net" o lasciate un commento nel sito!

Permanent link to “XMPP-IT Italian Community”
Permanent link to “conversejs stickers!”
Hats!

In XMPP you can have "hats"! A hat is basically a label next to your nickname which can show maybe a role you have in a particolar MUC (e.g. "teacher" for a class, "manager" for an office, or "developer" for a software project and so on..). The relative XEP is https://xmpp.org/extensions/xep-0317.html The only client where this XEP seems to be manageable, is conversejs: https://m.conversejs.org/docs/html/configuration.html#muc-hats but Cheogram can show hats as well in the participant list. There are a couple modules needed in prosody and you can install them like so: prosodyctl install --server=https://modules.prosody.im/rocks/ mod_muc_hats_api prosodyctl install --server=https://modules.prosody.im/rocks/ mod_muc_hats_adhoc This is the adhoc command in conversejs to set a hat: You need to specify a user JID, a room JID (on your server), a Hat title (the actual label you want to be shown) and a Hat URI (a machine-readable unique identifier, like…

Permanent link to “Hats!”

October 2023

conversejs…

Thanks to Zash and Jcbrand in the "Converse" MUC and a bit of hacking I was able to set up a few community plugins for my conversejs install as a prosody module. Here's the configuration in /etc/prosody/prosody.cfg.lua: conversejs_resources = "/usr/local/lib/prosody/modules/mod_conversejs/dist" conversejs_tags = { -- Load favicon [[<link rel="shortcut icon" href="https://woodpeckersnest.space/images/converse-js.ico">]]; -- Load libsignal-protocol.js for OMEMO support (GPLv3; be aware of licence implications) [[<script src="https://cdn.conversejs.org/3rdparty/libsignal-protocol.min.js"></script>]]; -- Load community plugins [[<link type="text/css" rel="stylesheet" media="screen" href="conversejs/dist/plugins/search/search.css" />]]; [[<script src="conversejs/dist/plugins/actions/actions.js"></script>]]; [[<script…

Permanent link to “conversejs community plugins”
MTPuTTY…

Nice little piece of software; free but not open source. Use your saved PuTTY configs in a multi tabbed window! It's just easy like that, no fuss, no complicated setup but with added options, like saving your sessions when quitting the program, so that they'll run again at next startup; auto reconnection on connection loss, with a timer, a few themes for both light and dark setups and possibility to run scripts in any or all of your SSH sessions. If I'd have to be picky, there's one thing which doesn't work: flashing window on bell, but maybe that's expected since it's just the main window with different tabs.. Well, I think it could be improved anyway.

Permanent link to “MTPuTTY (Multi-Tabbed PuTTY)”
Permanent link to “Freedom/Security?”
Thunderbird sieve…

Little OT, but not so much 😀 To manage your sieve scripts from Thunderbird 115 there's this nightly build, until developer will code a proper release with fixes. You can read the issue at https://github.com/thsmi/sieve/issues/893 and I've uploaded the file for convenience here. My server comes with a default sieve to filter spam messages and another one to move Delta Chat emails: require ["fileinto"]; # rule:[DeltaChat] if header :contains "Chat-Version" "1.0" { fileinto "DeltaChat"; stop; } # rule:[SPAM Check] if header :contains "X-Spam-Flag" "YES" { fileinto "Junk"; stop; }

Permanent link to “Thunderbird sieve extension”
Special characters…

Remember: don't ever use special characters in your DB's users password!! I have been troubleshooting a migration from mariadbd to pgsql for several hours, until I tried changing my password, which, weirdly enough, was working to connect roundcube but gave errors with pgloader. Once I successfully migrated using the same password with those special characters, roundcube wouldn't connect with pgsql, so I made another fighting round! Finally changed my pgsql password to some letters and numbers only and BAM!, it worked. Then I stopped mariadbd and disabled the service; now I have more than 200MB RAM freed¹. ¹ See previous post.

Permanent link to “Special characters in DBs are a no-go”
Permanent link to “mariadbd is a memory hog”
Unauthenticated…

I was enabling Exim on my IONOS VPS to deliver email through a smarthost and encountered the error message in this post's title (unable to send to Gmail users.. It's always them!) After fiddling a while with DMARK and SPF I reconfigured Exim itself to rewrite sender address, so that emails coming from "spacenest.it" (IONOS domain) were sent as coming from "woodpeckersnest.eu", the smarthost and real email server. Everything is done via this command: # dpkg-reconfigure exim4-config And the resulting configuration in /etc/exim4/update-exim4.conf is: dc_eximconfig_configtype='smarthost' dc_other_hostnames='cassandra.spacenest.it;spacenest.it' dc_local_interfaces='127.0.0.1' dc_readhost='woodpeckersnest.eu' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='pandora.woodpeckersnest.space::587' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='true' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' On OVH's postfix I just had to…

Permanent link to “Unauthenticated email from [DOMAIN] is not accepted due to 550-5.7.26 domain's DMARC policy.”
Permanent link to “Awesome Selfhosted”
Process Keepalive

Scope: restart a process if it exited for any reason To do: edit "process-restart.sh" substituting "process" with the actual process name and startup command/path. Moreover you'd want to rename both file with the process name. To find what the actual process name is, do a ps aux | grep <name> and then test with pgrep -f <process_you_found> - see if it returns the correct PID. Usage: run ./process-loop.sh TIP: always use TMUX or screen. I'm using this method to keep my bots¹ and the ETS2 server always running: ¹ BOTS == ZED, a couple XMPP bots, Simplebot Mastodon etc..

Permanent link to “Process Keepalive”
Going without…

I had previously discussed this issue on XMPP and on my Schleuder Mailing List, but there's news. My ".space" domain is blacklisted by Google and others top email services because it is considered spammy - I still don't understand how you can blacklist a whole tld for spam but that's how it goes.. So I purchased a new ".eu" domain and set it up as virtual host in postfix.. But I was still using a third party relay to deliver emails to Gmail, Hotmail and iCloud. This relay works with "credits", each email you send using their free service is equal to 1 credit and you get 1000 credits per month (BIG Thanks to Kévin from Delta Chat for helping me out with this). Now, I haven't ever reached the maximum allowed quota but I felt like removing the casters at least for Gmail, since this .eu domain should do the job just fine and because I cannot actually remove Hotmail, since they have my server IP banned for whatever reason. So, I removed the gmail line in my…

Permanent link to “Going without casters”
Permanent link to “.. And now with Clean URLs!”
Main Website's…

I'm not very familiar with javascript when it come to websites - a bit better is node.js, but that's another story.. I just wanted to give credit to my Steam friend andrei-kom (Thanks Andrei) for this piece of javascript he wrote to enhance the side menu of my main website. Now the buttons are highlighted not just on press but also when scrolling the page up and down! Woo-hoo 😀 Here's the code: $(document).ready(function () { $('a').on('click', function (e) { $('a').removeClass('w3-hover-black-activated'); $(this).addClass('w3-hover-black-activated'); }); $('#home').addClass('contentBlock'); $('.w3-content').addClass('contentBlock'); $(window).scroll(function () { var pageOffset = window.pageYOffset + 64; $('.contentBlock').each(function () { var contentBlockOffset = $(this).offset().top; var id = $(this).attr('id'); if (id == 'home') { id = ''; } if (pageOffset >= contentBlockOffset) { $('a.w3-button').removeClass('w3-hover-black-activated'); $('a.w3-button[href="#' +…

Permanent link to “Main Website's Javascript”
Wireguard…

wg0.conf [Interface] # specify generated private key for server PrivateKey = <privkey> # IP address for VPN interface Address = 172.16.100.1/32 MTU = 1420 # UDP port WireGuard server listens ListenPort = 51820 # set routing rules like follows to access to local network via VPN session PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE # change "ens3" with your interface [Peer] # specify public key for client PublicKey = <pubkey> # clients' VPN IP addresses you allow to connect # possible to specify subnet ⇒ [172.16.100.0/24] AllowedIPs = 172.16.100.6 client.conf [Interface] # Private IP Address Address = 172.16.100.6/32 # Client's Private Key PrivateKey = <privkey> # Server's listening port ListenPort = 51820 [Peer] # Server's Public Key PublicKey = <pubkey> AllowedIPs = 0.0.0.0/0 # Server's IP:port…

Permanent link to “Wireguard Configuration”
Maildir with…

Using the Maildir mailbox format, emails are stored in under the recipient user’s home folder /home/<username>/Maildir. # postconf -e 'home_mailbox = Maildir/' You might also want to add the Maildir setup to the user home directory template so that it is automatically configured when a new user account is created: # maildirmake.dovecot /etc/skel/Maildir # maildirmake.dovecot /etc/skel/Maildir/.Drafts # maildirmake.dovecot /etc/skel/Maildir/.Sent # maildirmake.dovecot /etc/skel/Maildir/.Trash # maildirmake.dovecot /etc/skel/Maildir/.Templates The same Maildir can be added to the current user with the commands below. Replace the $USER with any existing username: # cp -r /etc/skel/Maildir /home/$USER/ # chown -R $USER:$USER /home/$USER/Maildir # chmod -R 700 /home/$USER/Maildir # adduser $USER mail Also create a “.muttrc” file under /etc/skel and copy paste this content in it: set mbox_type=Maildir set folder="~/Maildir" set mask="!^\\.[^.]" set…

Permanent link to “Maildir with Postfix/Dovecot/mutt”
Monit - System…

I'm going to paste my working Monit configuration file for anyone attempting to make it work under Debian set daemon 120 set log /var/log/monit.log set idfile /var/lib/monit/id set statefile /var/lib/monit/state set ssl { verify : enable } SET MAILSERVER pandora.woodpeckersnest.space PORT 465 USERNAME <username> PASSWORD <password> using SSL set eventqueue basedir /var/lib/monit/events slots 100 set alert <username>@woodpeckersnest.space not on { instance } set httpd port 2812 and use address 0.0.0.0 allow 0.0.0.0/0.0.0.0 allow admin:<password> with ssl { pemchain: /etc/monit/fullchain.pem pemkey: /etc/monit/privkey.pem } check system PANDORA if cpu usage > 95% for 10 cycles then alert if memory usage > 85% then alert if swap usage > 50% then alert check network ens3 with interface ens3 if link down then alert if changed link then alert if saturation > 90% then alert check filesystem rootfs with path / if space usage > 80% then alert if space…

Permanent link to “Monit - System Monitoring”
Managing swap

Swap File To create a 2GB swap file we can use "dd" command like this: # dd if=/dev/zero of=/mnt/swapfile bs=1024 count=2097152 bs=1024 means read and write up to 1024 bytes at a time and count it's the size of the file (1024 x 2048)MB Then set the appropriate permissions on the file; make it readable only by root user: # chmod 600 /mnt/swapfile Now prepare the file for swap with the mkswap command: # mkswap /mnt/swapfile Next, enable the swap file # swapon /mnt/swapfile Afterwards, enable the swap file to be mounted at boot. Edit the /etc/fstab file and add the following new line in it: /mnt/swapfile swap swap defaults 0 0 You can also disable the swapfile at runtime, any time you want; just make sure it doesn't exceed your available RAM: # swapoff /mnt/swapfile Last but not least, this is how to check your swap usage by process: $ for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less

Permanent link to “Managing swap”
Permanent link to “Prosody invite page's example with custom apps”
mod_register_apps.l…

Here's how you add an F-Droid XMPP App to "mod_register_apps.lua" so that it shows up in the Invite registration page of prosody: { name = "monocles chat"; text = [[monocles chat is a fork of blabber.im and Conversations with some changes, to improve usability.]]; image = "assets/logos/monocles.png"; link = "https://f-droid.org/packages/de.monocles.chat/"; platforms = { "Android" }; supports_preauth_uri = true; download = { buttons = { { image = "https://woodpeckersnest.space/images/fdroid.png"; url = "https://f-droid.org/packages/de.monocles.chat/"; }; }; }; }; Add the "monocles.png" logo to your "assets/logos/" directory and change the "fdroid.png" image link accordingly.

Permanent link to “mod_register_apps.lua - f-droid app example”
Permanent link to “Choose the right host!”
Permanent link to “"Bugs, Mr. Rico. Zillions of em!" Hughes, p. 248; reporting on…”
Permanent link to “A new home”