"Bugs, Mr. Rico. Zillions of em!" Hughes, p. 248; reporting on…
"Bugs, Mr. Rico. Zillions of em!"
- Hughes, p. 248; reporting on a bug assault to LT Juan Rico on Planet P.
Pimped up!
It's officially pimped!!
Can't believe the time I spent fixing "homarr" progressive layout, almost breaking at each smallest change.
New @wpn's home is running "glance" and the whole site is just 1 .yml file, plus some custom CSS rules and assets (images). Took me ~2 evenings to set it up and it's looking quite good, in my opinion. It's light (actually it's dark-only 😀 ), fast, fully featured.
Unfortunately, you always have to touch it first hand to understand the wrong choices and remedy them; better late than never though!
aerc console email client how-to
Hello,
this is going to be a little how-to configure aerc (a console mail client) in your @wpn shell - applies to other shells / mail servers as well, but it will be tailored for @wpn users.
aerc configuration is interactive as soon as you start it for the first time, but it will store your mail password in clear text inside ~/.config/aerc/accounts.conf file. We want instead to use the standard Unix password manager, pass, to encrypt it.
First you need a GPG key, which will be used to encrypt imap/smtp passwords. There are 2 ways:
- Import an existing private key
- Create a new keypair on @wpn and use that
Let's start:
$ gpg-connect-agent /bye # initializes the gpg-agent
If you see the following lines (you should), everything is good.
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
GOTO 1) to import an existing key
GOTO 2) to create a new key
GOTO 3) when 1) or 2) are done
- To import your secret key you have to first copy it from your PC to the server. Use FTP/WEBDAV or SCP: all of them are supported, suit yourself.
$ gpg --import roughnecks_SECRET.asc # import the key named, in this case, "roughnecks_SECRET.asc"
$ gpg --list-secret-keys # verify that your key is there and copy its ID (needed later)
$ gpg --edit-key [key-ID] # see previous step. You have to manage key's trust
type: "trust" # without the quotes
type: "5" # for ultimate trust
type: "save" # to save and exit
Now you can delete your file key, since it's not needed anymore
$ shred -u roughnecks_SECRET.asc # securely delete key file
- To create a new GPG key follow these steps:
$ gpg --full-generate-key
Specify parameters for your key (default are ok); for key expiration date I would recommend from 1 to 2 years, so you'll have to type respectively "1y" or "2y", but feel free to choose by yourself. Next, enter your information: name, email and comment (optional). Last step is to create a passphrase and then the system will generate the keys. List them when done and copy the ID (for later use):
$ gpg --list-keys # list your newly created keys
- Now that GPG keys are set up, we will store our mail password and proceed to configure and start aerc
$ pass init [your-gpg-ID] # the one you copied earlier in any of the steps, 1) or 2)
$ pass insert email/woodpeckersnest.eu/imap # don't modify anything, enter your email password
$ pass insert email/woodpeckersnest.eu/smtp # same as above, don't modify anything, enter your email password
We're going to create aerc's account configuration file now, bear with me.
This is a sample config, for you to edit:
[@wpn]
source = imaps://username@woodpeckersnest.eu
source-cred-cmd = pass show email/woodpeckersnest.eu/imap
outgoing = smtps://username@woodpeckersnest.eu
outgoing-cred-cmd = pass show email/woodpeckersnest.eu/smtp
default = INBOX
from = username <username@woodpeckersnest.eu>
copy-to = Sent
You can personalize [@wpn] with anything you like inside the square brackets (it's your aerc profile's name)
You MUST change every "username" occurrence with your actual email localpart (the part the comes before the @ symbol in your email address, actually the username you registered at @wpn); the first "username" occurrence in the "from" line can be your real name or whatever you want to show to your correspondents, for your contact name, e.g. from = Simone <roughnecks@woodpeckersnest.eu>.
Copy the config you just edited and..
$ mkdir ~/.config/aerc # create a directory for aerc
$ nano ~/.config/aerc/accounts.conf # paste the snippet you copied above to this file, save and exit
$ chmod 600 ~/.config/aerc/accounts.conf # set correct permissions for your accounts file
Now you can finally launch "aerc" and type your GPG passphrase:
$ aerc
YAY, email! 😍
Late March News
Hello!
Last "real" post was about 2 months ago.. I got busy with stuff at home but also made a lot of adjustments here and there at @wpn. Let me list the most important ones:
- Set up shell and email users' homes backup: archives are still stored on the VPS for the time being, till when I'll find another proper backup location.
- Cleaned up
/var/www/and nginx virtualhosts; also removed "Shaarli", since I wasn't really using it anymore. - Added a new board on the main site for BitTorrent, reachable here: https://woodpeckersnest.space/board/torrents
- Upgraded XMPP Prosody server to 13.0.0 and isolated anon webchat even more, so that those users won't be able to connect to Biboumi IRC gateway.
- Upgraded all #slixmpp powered bots to 1.10, released only yesterday
- Formatted (again) the 2 pdf files regarding @wpn's Term of Use and Privacy Notice (no rules updates though)
I think that's about it.. probably 😀 I'm definitely forgetting something.
Some other news: a few new users joined XMPP and more than a few logged in our Movim COMMutiny pod. Welcome Aboard everyone! Be Nice!!
I'm keeping the pod up-to-date as much as I can (it's running on master branch), but that also mean I have to restart it sometimes; I will try to do that only during weekends from now on.. promise.
And now I'd better get going again.. See you soon!
Scheduled Maintenance
😎
Notes
I'll update this post whenever I see fits, A.K.A. when I have other bits of information which don't require a whole post.
Operations on files and directories
Move files to the current/parent directory in Linux
Current dir
find . -type f -exec mv {} . \;
Parent dir
find . -type f -exec mv {} .. \;
Recursive chmod on files and dirs
To change all the directories to 755 (-rwxr-xr-x):
find /var/www/blog -type d -exec chmod 755 {} \;
To change all the files to 644 (-rw-r--r--):
find /var/www/blog -type f -exec chmod 644 {} \;
Certbot
Certbot cli
/etc/letsencrypt/cli.ini
When renewing, use the same private key as the existing certificate. (default: False):
reuse-key = True
Common commands
Register single domain:
certbot certonly --standalone -d domain.tld --dry-run
- Remove “–dry-run” when ok.
Renew single domain:
certbot renew --cert-name domain.tld --dry-run
- Remove “–dry-run” when ok.
Delete single domain:
certbot delete --cert-name domain.tld
- Cannot use "--dry-run" in this case.
Revoke certificate:
certbot revoke --cert-path /etc/letsencrypt/archive/${YOUR_DOMAIN}/cert1.pem
Check certificate's expiry date:
cat /etc/letsencrypt/live/domain.tld/cert.pem | openssl x509 -noout -enddate
GIT
To reset your git repository to given commit id, do:
git reset --hard <commit-id>
git push origin master --force
Ignoring files that are already tracked
git update-index --assume-unchanged <your file here>
Delta Chat Mail sieve
require ["fileinto"];
# rule:[DeltaChat]
if header :contains "Chat-Version" "1.0"
{
fileinto "DeltaChat";
stop;
}
Postfix mail queue
To view postfix mail queue in case of problems and remove a particular message from it, do as follows:
# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
6DCF32201B* 4824 Thu Oct 19 22:54:44 roughnecks@woodpeckersnest.eu
debian@spacenet.it
-- 4 Kbytes in 1 Request.
# postsuper -d 6DCF32201B
postsuper: 6DCF32201B: removed
postsuper: Deleted: 1 message
To delete all emails in the queue, use this command:
# postsuper -d ALL
Check Preferred Outgoing IP (when multiple are set on <interface>)
curl ifconfig.me
The correct command to add a new Linux user (in this case without a shell)
adduser --shell /usr/sbin/nologin <username>
I always forget which command is the complete one, useradd or adduser
Packages management with apt and aptitude
Finding currently installed "external" packages (not from stable repo)
# aptitude search "?narrow(?installed,?not(?archive(stable)))"
i containerd.io - An open and reliable container runtime
i docker-buildx-plugin - Docker Buildx cli plugin.
i docker-ce - Docker: the open-source application container engine
i docker-ce-cli - Docker CLI: the open-source application container engine
i A docker-ce-rootless-extras - Rootless support for Docker.
i docker-compose-plugin - Docker Compose (V2) plugin for the Docker CLI.
In the above example, "i" means installed and "A" means it was automatically installed, such as a dependency. I'm running upstream docker.
This is another package that I have installed from sid and set on "hold":
# apt-cache policy toot
toot:
Installed: 0.45.0-1
Candidate: 0.45.0-1
Version table:
*** 0.45.0-1 100
100 /var/lib/dpkg/status
0.34.1-1 500
500 http://deb.debian.org/debian bookworm/main amd64 Packages
500 http://deb.debian.org/debian bookworm/main i386 Packages
bookworm version of toot is rather old, as you can see.
More stickers.. and pins!!
An XMPP pin and sticker on my desktop PC, kindly sent by "emus", from XFS Communications Team.
Thanks ❤
Busy Days, Exciting Progress
Busy Days, Exciting Progress 🚀
It’s been a couple working months, busy and sometimes hard but in the best way possible!
For starters, today the "GD" website went officially online, after we completed its migration from ZOPE to Wordpress and I couldn't be happier 😉
Another thrilling update is with COMMutiny, our social network project. The converse.js anonymous chat, originally set up for @wpn’s support room, has now found its own space within COMMutiny. This is a big step forward, and we’re inviting everyone interested in #XMPP, gaming, and social networks to join the conversation, anonymously or not.
On top of that, we’ve launched a brand-new freelance website, powered by Hugo. It’s sleek, fast, and everything we hoped it would be — hooray for #Hugo!
If you’re passionate about decentralized communication, gaming communities, or just want to connect with like-minded folks, we’d love to see you in COMMutiny! See you soon 👋
Anonymous (Support) WebChat
Happy 2025!
This new year brought a change in our webchat, which is now fully anonymous and auto-connecting to @wpn support room.
https://xmpp.woodpeckersnest.space/conversejs
I thought the anon support room could be better used by people "interested in/wanting to ask questions about" XMPP and @wpn services, without the need to register an account.
You can still join other local MUCs when in the anon chat, but external, server to server (S2S) connections are denied for anon users, as I mentioned in a previous post. Feel free to test it out and send feedback about your experience.
For the future months, maybe another rather-big change will happen, as I foresee troubles in upgrading Homarr to its new milestone release. Homarr is what @wpn currently uses as its homepage; despite the fact that I quite like it, I'm not sure I want to embark in a complete overhaul, since I already tried importing configuration to the alpha release and it was a major disaster 😟
Wishing You all the best for this New Year! Stay safe!
prosodyctl commands and examples
prosodyctl shell
Launch the shell:
# prosodyctl shell
Delete pubsub node (the ">" sign at the beginning is important and also dangerous, as it lets you do anything!):
>prosody.hosts["pubsub.example.tld"].modules.pubsub.service:delete("blog", true)
Delete ALL pubsub nodes
>local service = prosody.hosts["pubsub.example.tld"].modules.pubsub.service; for node in pairs(select(2, assert(service:get_nodes(true)))) do service:delete(node, true); end
Check subscription by user:
>prosody.hosts["pubsub.example.tld"].modules.pubsub.service.subscriptions["user@example.tld"]
Change affiliation on pubsub nodes (make user owner):
>prosody.hosts["pubsub.example.tld"].modules.pubsub.service:set_affiliation("blog",true,"user@example.tld","owner")
Unsubscribe from node
>prosody.hosts["pubsub.example.tld"].modules.pubsub.service:remove_subscription("blog",true,"user@example.tld")
Subscribe to node
>prosody.hosts["pubsub.example.tld"].modules.pubsub.service:add_subscription("blog",true,"user@example.tld")
prosodyctl commands
Asking for help:
# prosodyctl shell help
# prosodyctl shell 'help SECTION'
Show all listening ports:
# prosodyctl shell port list
Show all http endpoints:
# prosodyctl shell http list
List registered users:
# prosodyctl shell user list example.tld
List existing MUCs:
# prosodyctl shell muc list [component name]
List connected clients:
# prosodyctl shell c2s show
Activate a component:
# prosodyctl shell host activate some.component.example.tld
Generate Invites: create a new invite using an ad-hoc command in an XMPP client connected to your admin account, or use the command line:
# prosodyctl mod_invites generate example.tld
Reset forgot passsword: "doesn't seem to work - see below"
# prosodyctl mod_invites generate example.tld --reset <USERNAME>
Automatic Certificates Import: prosodyctl has the ability to import and activate certificates in one command:
# prosodyctl --root cert import HOSTNAME /path/to/certificates
Certificates and their keys are copied to /etc/prosody/certs (can be changed with the certificates option) and then it signals Prosody to reload itself. –root lets prosodyctl write to paths that may not be writable by the prosody user, as is common with /etc/prosody. Multiple hostnames and paths can be given, as long as the hostnames are given before the paths.
This command can be put in cron or passed as a callback to automated certificate renewal programs such as certbot or other Let's Encrypt clients.
Import All:
# prosodyctl --root cert import /etc/letsencrypt/live
Reset forgot password
# prosodyctl install --server=https://modules.prosody.im/rocks/ mod_password_reset
Reload prosody configuration then use ad-hoc commands to generate a reset link for given JID