Yesterday after installing some new packages I was greeted by this kind reminder 😀
I began stopping services which use a Postgresql database and even forgot about Dendrite.. Nothing so bad as I imagined, tho, just run the suggested commands and everything got up and running in a few minutes.
Debian rocks! 😍
root@pandora:~# cat /etc/wireguard/wg0.conf
[Interface]
# specify generated private key for server
PrivateKey = <sekret>
# IP address for VPN interface
Address = 172.16.100.1/32, fd42:42:42::1/64
MTU = 1420
# UDP port WireGuard server listens
ListenPort = 51820
# possible to set any commands after WireGuard starts/stops
# set routing rules like follows to access to local network via VPN session
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;
[Peer]
# REDMI
# specify public key for client
PublicKey = <sekret>
# clients' VPN IP addresses you allow to connect
# possible to specify subnet ⇒ [172.16.100.0/24]
AllowedIPs = 172.16.100.6/32, fd42:42:42::6/128
PersistentKeepalive = 25
root@pandora:~# cat /etc/wireguard/redmi.conf
[Interface]
#Private IP Address
Address = fd42:42:42::6/128, 172.16.100.6/32
#Client's Private Key
PrivateKey = <sekret>
#Server's listening port
ListenPort = 51820
[Peer]
#Server's Public Key
PublicKey = <sekret>
AllowedIPs = ::0/0, 0.0.0.0/0
#Server's IP:port
Endpoint = woodpeckersnest.space:51820
root@pandora:~# sysctl -p
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth0.accept_ra = 2
I'm super impressed by Trilium Notes, a wonderful note-taking app and self-hostable service.
Used docker to host it and web to manage my notes. It saves instantly, no button to press, has a lot of useful functions, it's scriptable, does backups automatically and it offers extensions for chrome and firefox.
Two issue though:
Although this is kinda sad, I have used the app for the past 2 days and it works very well, so much that I finally ditched MS One Note (yes I use Windows on my Desktop - shame! shame! shame!)
Found this post quite useful to set up Hurricane Electric's IPv6 on a Windows machine and serve the connection over LAN (Windows machine must stay on, obviously)
Legend of variables:
$ipv4a = tunnel server's IPv4 IP
$ipv4b = user's IPv4 IP
$ipv6a = tunnel server's side of point-to-point /64 allocation
$ipv6b = user's side of point-to-point /64 allocation
$ipv6c = first address of user's routed /64 allocation
$ipv6d = user's routed /64 allocation
$adapter = name of local area network connection (where your IPv4 address is configured now)
netsh int teredo set state disabled
netsh int ipv6 add v6v4tunnel IP6Tunnel $ipv4b $ipv4a
netsh int ipv6 add address IP6Tunnel $ipv6b
netsh int ipv6 set interface IP6Tunnel forwarding=enabled
netsh int ipv6 set interface "$adapter" forwarding=enabled advertise=enabled
netsh int ipv6 add address "$adapter" $ipv6c
netsh int ipv6 set route $ipv6d "$adapter" publish=yes
netsh int ipv6 add route ::/0 IP6Tunnel $ipv6c publish=yes
server {
listen [::]:443 ssl http2;
server_name woodpeckersnest.eu;
ssl_certificate /etc/letsencrypt/live/woodpeckersnest.eu/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/woodpeckersnest.eu/privkey.pem;
root /var/www/mail/;
location / {
try_files /.well-known/autoconfig/mail/config-v1.1.xml =404;
}
access_log /var/log/nginx/autoconfig.log;
error_log /var/log/nginx/autoconfig_error.log;
}
<?xml version="1.0"?>
<clientConfig version="1.1">
<emailProvider id="woodpeckersnest.eu">
<domain>woodpeckersnest.eu</domain>
<displayName>Woodpeckers Mail</displayName>
<displayShortName>woodpeckers</displayShortName>
<!-- type=
"imap": IMAP
"pop3": POP3
-->
<incomingServer type="imap">
<hostname>woodpeckersnest.eu</hostname>
<port>993</port>
<!-- "plain": no encryption
"SSL": SSL 3 or TLS 1 on SSL-specific port
"STARTTLS": on normal plain port and mandatory upgrade to TLS via STARTTLS
-->
<socketType>SSL</socketType>
<username>%EMAILLOCALPART%</username>
<!-- Authentication methods:
"password-cleartext",
Send password in the clear
(dangerous, if SSL isn't used either).
AUTH PLAIN, LOGIN or protocol-native login.
"password-encrypted",
A secure encrypted password mechanism.
Can be CRAM-MD5 or DIGEST-MD5. Not NTLM.
"NTLM":
Use NTLM (or NTLMv2 or successors),
the Windows login mechanism.
"GSSAPI":
Use Kerberos / GSSAPI,
a single-signon mechanism used for big sites.
"client-IP-address":
The server recognizes this user based on the IP address.
No authentication needed, the server will require no username nor password.
"TLS-client-cert":
On the SSL/TLS layer, the server requests a client certificate and the client sends one (possibly after letting the user select/confirm one), if available. (Not yet supported by Thunderbird)
"OAuth2":
OAuth2. Works only on specific hardcoded servers, please see below. Should be added only as second alternative.
"none":
No authentication
-->
<authentication>password-cleartext</authentication>
</incomingServer>
<outgoingServer type="smtp">
<hostname>woodpeckersnest.eu</hostname>
<port>587</port>
<socketType>STARTTLS</socketType> <!-- see <incomingServer> -->
<username>%EMAILLOCALPART%</username> <!-- if smtp-auth -->
<!-- smtp-auth (RFC 2554, 4954) or other auth mechanism.
For values, see incoming.
Additional options here:
"SMTP-after-POP":
authenticate to incoming mail server first
before contacting the smtp server.
Compatibility note: Thunderbird 3.0 accepts only "plain",
"secure", "none", and "smtp-after-pop".
It will ignore the whole XML file, if other values are given.
-->
<authentication>password-cleartext</authentication>
<!-- If the server makes some additional requirements beyond
<authentication>.
"client-IP-address": The server is only reachable or works,
if the user is in a certain IP network, e.g.
the dialed into the ISP's network (DSL, cable, modem) or
connected to a company network.
Note: <authentication>client-IP-address</>
means that you may use the server without any auth.
<authentication>password-cleartext</> *and*
<restriction>client-IP-address</> means that you need to
be in the correct IP network *and* (should) authenticate.
Servers which do that are highly discouraged and
should be avoided, see {{bug|556267}}.
Not yet implemented. Spec (element name?) up to change.
-->
<!-- remove the following and leave to client/user? -->
<addThisServer>true</addThisServer>
<useGlobalPreferredServer>true</useGlobalPreferredServer>
</outgoingServer>
</emailProvider>
<!-- This allows to access the webmail service of the provider.
The URLs are loaded into a standard webbrowser for the user.
Specifying this is optional. -->
<webMail>
<!-- Webpage where the user has to log in manually by entering username
and password himself.
HTTPS required. -->
<loginPage url="https://webmail.woodpeckersnest.space/" />
<!-- Same as loginAutomaticDOM, but the website makes checks that
the user comes from the login page. So, open the login page
in the browser, get the page's DOM, fill out name and password
fields for the user, and trigger the login button.
The login button might not be an HTML button, just a div, so
to trigger it, send a click event to it.
HTTPS is required for the URL. -->
<loginPageInfo url="https://webmail.woodpeckersnest.space">
<!-- What to fill into the usernameField.
Format is the same as for <username> within <incomingServer>,
including placeholders. See below for valid placeholders. -->
<username>%EMAILLOCALPART%</username>
</loginPageInfo>
</webMail>
<clientConfigUpdate url="https://woodpeckersnest.eu/.well-known/autoconfig/mail/config-v1.1.xml" />
</clientConfig>
Interesting project, features' rich and almost complete. Thanks goes to its main developer Schimon AKA "sch".
Here is the support room
Not really that hard of a certification, but still.. Here we are 😀
Several months ago I was running a "matrix-docker-ansible" playbook on OVH, but limited resources led me to take it down.
More than one time I thought about reliving that server (which I have backups of), but reading on the changes that the playbook got so far and the difficulties in running a Matrix environment without exposing web ports (80 and 443), I thought to better give up.
Yesterday I looked into Dendrite (a Matrix server written in GO), which looks a lot simpler than the whole lot the docker-ansible playbook offers, so I went ahead and installed it the manual way with nginx as reverse proxy. Easy peasy - documentation is quite good.
Today I also installed "Cinny" as a web client and I'm done for the moment... Federation works, registrations are closed (can invite friends though) and apart from RAM peaks and quite long waiting times when joining rooms (up to 2K members), the server is doing quite well: started with 700MB of RAM (at joining time) and went down to less than 300 in normal usage. CPU gets high spikes when sending messages but other than that is just a few points %. Just don't even think to join the official #matrix room or shit will happen 😀
My new Matrix username is: @roughnecks:woodpeckersnest.space, feel free to add me.
Here are a few tweaks that make my "converse.js" experience better:
Remove link from banner: I accidentally used to click that and be teleported to converse.js official webclient, so I thought it could be misleading for unaware users using my locally hosted version of the software.
Search and replace/remove the href bit in converse.min.js, under the dist directory:
<a class="brand-heading" href="https://conversejs.org" target="_blank" rel="noopener">
In the "converse.min.css" file, search for this string and fill it with the following code to have unread MUCs underlined and colored in red:
.list-item.unread-msgs
.list-item.unread-msgs{font-weight:700; text-decoration: underline red;}
Fix color for toolbar-utilities when in 1:1 chats: find this line in "converse.min.css"
.fas:hover svg{fill:var(--chat-head-color)}
and replace with:
.fas:hover svg{fill:var(--chat-toolbar-btn-color)}
Raise minimum chat text area: find this bit in "converse.min.css"
min-height:var(--chat-textarea-height);
and replace with custom value in pixels, e.g.
min-height:120px;
Set a smaller line height for chats list: find the first occurrence of this code in "converse.min.css"
.conversejs .items-list .list-item
and continue until you find:
height:2.5em
substitute it with something like height:2.0em
Removing a space in quoted reply for "actions" plugin: find the following string in your conversejs/dist/plugins/actions/action.js
return ">" + nick + ' : '
remove the offending space
return ">" + nick + ': '
Changing from :smiley: to :thumbsup: emoji for the "Like" actions plugin function: find the following string in your conversejs/dist/plugins/actions/action.js
actions_reactions: [
{name: 'like', label: 'Like', emoji: ':smiley:', icon_class: 'fa fa-check'},
and replace with:
actions_reactions: [
{name: 'like', label: 'Like', emoji: ':thumbsup:', icon_class: 'fa fa-check'},
Fix background-color for screencast plugin icon: replace the class in row #25 in screencast.js
<button class="plugin-screencast"
<button class="btn"