Archive of

.. And now with Clean URLs!

Written by Simone

Looney Tunes Yosemite Sam cleaning with a broom

Main Website's Javascript

Written by Simone

I'm not very familiar with javascript when it come to websites - a bit better is node.js, but that's another story..

I just wanted to give credit to my Steam friend andrei-kom (Thanks Andrei) for this piece of javascript he wrote to enhance the side menu of my main website. Now the buttons are highlighted not just on press but also when scrolling the page up and down! Woo-hoo 😀

Here's the code:

$(document).ready(function () {

$('a').on('click', function (e) {
        $('a').removeClass('w3-hover-black-activated');
        $(this).addClass('w3-hover-black-activated');
});

$('#home').addClass('contentBlock');
$('.w3-content').addClass('contentBlock');
$(window).scroll(function () {
   var pageOffset = window.pageYOffset + 64;
   $('.contentBlock').each(function () {
     var contentBlockOffset = $(this).offset().top;
     var id = $(this).attr('id');
     if (id == 'home') {
       id = '';
     }
     if (pageOffset >= contentBlockOffset) {
       $('a.w3-button').removeClass('w3-hover-black-activated');
       $('a.w3-button[href="#' + id + '"]').addClass('w3-hover-black-activated');
     }
   });
});

});

Wireguard Configuration

Written by Simone

wg0.conf

[Interface]
# specify generated private key for server
PrivateKey = <privkey>
# IP address for VPN interface
Address = 172.16.100.1/32
MTU = 1420
# UDP port WireGuard server listens
ListenPort = 51820

# set routing rules like follows to access to local network via VPN session
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
# change "ens3" with your interface

[Peer]
# specify public key for client
PublicKey = <pubkey>
# clients' VPN IP addresses you allow to connect
# possible to specify subnet ⇒ [172.16.100.0/24]
AllowedIPs = 172.16.100.6

client.conf

[Interface]
# Private IP Address
Address = 172.16.100.6/32
# Client's Private Key
PrivateKey = <privkey>
# Server's listening port
ListenPort = 51820

[Peer]
# Server's Public Key
PublicKey = <pubkey>
AllowedIPs = 0.0.0.0/0
# Server's IP:port
Endpoint = 51.195.43.203:51820

If you want to scan a QR code on your phone to load the client.conf, do as follows: # apt install qrencode $ qrencode -t utf8 < client.conf

A QR code will appear, scan it.

Thanks to "to_red" for helping me out with the configuration 😉

Maildir with Postfix/Dovecot/mutt

Written by Simone

Using the Maildir mailbox format, emails are stored in under the recipient user’s home folder /home/<username>/Maildir.

# postconf -e 'home_mailbox = Maildir/'

You might also want to add the Maildir setup to the user home directory template so that it is automatically configured when a new user account is created:

# maildirmake.dovecot /etc/skel/Maildir
# maildirmake.dovecot /etc/skel/Maildir/.Drafts
# maildirmake.dovecot /etc/skel/Maildir/.Sent
# maildirmake.dovecot /etc/skel/Maildir/.Trash
# maildirmake.dovecot /etc/skel/Maildir/.Templates

The same Maildir can be added to the current user with the commands below. Replace the $USER with any existing username:

# cp -r /etc/skel/Maildir /home/$USER/
# chown -R $USER:$USER /home/$USER/Maildir
# chmod -R 700 /home/$USER/Maildir
# adduser $USER mail

Also create a “.muttrc” file under /etc/skel and copy paste this content in it:

set mbox_type=Maildir
set folder="~/Maildir"
set mask="!^\\.[^.]"
set mbox="~/Maildir"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Maildir"

Monit - System Monitoring

Written by Simone

I'm going to paste my working Monit configuration file for anyone attempting to make it work under Debian

  set daemon  120
  set log /var/log/monit.log
  set idfile /var/lib/monit/id
  set statefile /var/lib/monit/state

set ssl {
     verify     : enable
 }

  SET MAILSERVER
        pandora.woodpeckersnest.space
        PORT 465
        USERNAME <username> PASSWORD <password>
        using SSL

  set eventqueue
     basedir /var/lib/monit/events
     slots 100

  set alert <username>@woodpeckersnest.space not on { instance }

  set httpd port 2812 and
   use address 0.0.0.0
   allow 0.0.0.0/0.0.0.0
   allow admin:<password>
   with ssl {
         pemchain: /etc/monit/fullchain.pem
         pemkey: /etc/monit/privkey.pem
        }

  check system PANDORA
    if cpu usage > 95% for 10 cycles then alert
    if memory usage > 85% then alert
    if swap usage > 50% then alert

  check network ens3 with interface ens3
    if link down then alert
    if changed link then alert
    if saturation > 90% then alert

  check filesystem rootfs with path /
    if space usage > 80% then alert
    if space usage > 85% then alert
    if space usage > 90% then alert
    if space usage > 95% then alert

  check host pandora.spacenest.it with address 94.143.138.27
    if failed ping then alert
    if failed port 22 protocol ssh
    then alert

Then there are files under /etc/monit/conf.d/* and/or /etc/monit/conf-enabled/*. I only have 3:

nginx:

 check process nginx with pidfile /var/run/nginx.pid
   group www-data
   start program = "/etc/init.d/nginx start"
   stop program = "/etc/init.d/nginx stop"

postfix:

 check process postfix with pidfile /var/spool/postfix/pid/master.pid
     start program = "/etc/init.d/postfix start"
     stop  program = "/etc/init.d/postfix stop"
     if failed
        port 25
        protocol smtps
        username "<your_username>"
        password "<your_password>"
     then alert

sshd:

 check process sshd with pidfile /var/run/sshd.pid
   start program  "/etc/init.d/sshd start"
   stop program  "/etc/init.d/sshd stop"
   if failed port 22 protocol ssh then restart

Monit manual is very helpful, you should check it out.

Managing swap

Written by Simone

Swap File

  1. To create a 2GB swap file we can use "dd" command like this:

# dd if=/dev/zero of=/mnt/swapfile bs=1024 count=2097152

bs=1024 means read and write up to 1024 bytes at a time and count it's the size of the file (1024 x 2048)MB

  1. Then set the appropriate permissions on the file; make it readable only by root user:

# chmod 600 /mnt/swapfile

  1. Now prepare the file for swap with the mkswap command:

# mkswap /mnt/swapfile

  1. Next, enable the swap file

# swapon /mnt/swapfile

  1. Afterwards, enable the swap file to be mounted at boot. Edit the /etc/fstab file and add the following new line in it:

/mnt/swapfile swap swap defaults 0 0

You can also disable the swapfile at runtime, any time you want; just make sure it doesn't exceed your available RAM:

# swapoff /mnt/swapfile

Last but not least, this is how to check your swap usage by process:

$ for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less

Prosody invite page's example with custom apps

Written by Simone

Picture shows 4 XMPP apps with their logos and brief description.

Different apps manually registered in "mod_register_apps.lua" ranging from web apps like Movim, to F-Droid apps like monocles chat and Cheogram.

See also F-Droid app code example

mod_register_apps.lua - f-droid app example

Written by Simone

Here's how you add an F-Droid XMPP App to "mod_register_apps.lua" so that it shows up in the Invite registration page of prosody:

        {
                name = "monocles chat";
                text = [[monocles chat is a fork of blabber.im and Conversations with some changes, to improve usability.]];
                image = "assets/logos/monocles.png";
                link = "https://f-droid.org/packages/de.monocles.chat/";
                platforms = { "Android" };
                supports_preauth_uri = true;
                download = {
                        buttons = {
                                {
                                        image = "https://woodpeckersnest.space/images/fdroid.png";
                                        url = "https://f-droid.org/packages/de.monocles.chat/";
                                };
                        };
                };
        };

Add the "monocles.png" logo to your "assets/logos/" directory and change the "fdroid.png" image link accordingly.

Choose the right host!

Written by Simone

A fire on OVH Data Center, where the smoke is depicted as "Data Cloud"

Yes, this server is running on OVH 😈

Reference: Millions of websites offline after fire at French cloud services firm

"Bugs, Mr. Rico. Zillions of em!" Hughes, p. 248; reporting on…

Written by Simone

"Bugs, Mr. Rico. Zillions of em!"

  • Hughes, p. 248; reporting on a bug assault to LT Juan Rico on Planet P.

Wikiquote