wg0.conf
[Interface]
# specify generated private key for server
PrivateKey = <privkey>
# IP address for VPN interface
Address = 172.16.100.1/32
MTU = 1420
# UDP port WireGuard server listens
ListenPort = 51820
# set routing rules like follows to access to local network via VPN session
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
# change "ens3" with your interface
[Peer]
# specify public key for client
PublicKey = <pubkey>
# clients' VPN IP addresses you allow to connect
# possible to specify subnet ⇒ [172.16.100.0/24]
AllowedIPs = 172.16.100.6
client.conf
[Interface]
# Private IP Address
Address = 172.16.100.6/32
# Client's Private Key
PrivateKey = <privkey>
# Server's listening port
ListenPort = 51820
[Peer]
# Server's Public Key
PublicKey = <pubkey>
AllowedIPs = 0.0.0.0/0
# Server's IP:port
Endpoint = 51.195.43.203:51820
If you want to scan a QR code on your phone to load the client.conf, do as follows:
# apt install qrencode
$ qrencode -t utf8 < client.conf
A QR code will appear, scan it.
Thanks to "to_red" for helping me out with the configuration 😉
Using the Maildir mailbox format, emails are stored in under the recipient user’s home folder /home/<username>/Maildir.
# postconf -e 'home_mailbox = Maildir/'
You might also want to add the Maildir setup to the user home directory template so that it is automatically configured when a new user account is created:
# maildirmake.dovecot /etc/skel/Maildir
# maildirmake.dovecot /etc/skel/Maildir/.Drafts
# maildirmake.dovecot /etc/skel/Maildir/.Sent
# maildirmake.dovecot /etc/skel/Maildir/.Trash
# maildirmake.dovecot /etc/skel/Maildir/.Templates
The same Maildir can be added to the current user with the commands below. Replace the $USER with any existing username:
# cp -r /etc/skel/Maildir /home/$USER/
# chown -R $USER:$USER /home/$USER/Maildir
# chmod -R 700 /home/$USER/Maildir
# adduser $USER mail
Also create a “.muttrc” file under /etc/skel and copy paste this content in it:
set mbox_type=Maildir
set folder="~/Maildir"
set mask="!^\\.[^.]"
set mbox="~/Maildir"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Maildir"
I'm going to paste my working Monit configuration file for anyone attempting to make it work under Debian
set daemon 120
set log /var/log/monit.log
set idfile /var/lib/monit/id
set statefile /var/lib/monit/state
set ssl {
verify : enable
}
SET MAILSERVER
pandora.woodpeckersnest.space
PORT 465
USERNAME <username> PASSWORD <password>
using SSL
set eventqueue
basedir /var/lib/monit/events
slots 100
set alert <username>@woodpeckersnest.space not on { instance }
set httpd port 2812 and
use address 0.0.0.0
allow 0.0.0.0/0.0.0.0
allow admin:<password>
with ssl {
pemchain: /etc/monit/fullchain.pem
pemkey: /etc/monit/privkey.pem
}
check system PANDORA
if cpu usage > 95% for 10 cycles then alert
if memory usage > 85% then alert
if swap usage > 50% then alert
check network ens3 with interface ens3
if link down then alert
if changed link then alert
if saturation > 90% then alert
check filesystem rootfs with path /
if space usage > 80% then alert
if space usage > 85% then alert
if space usage > 90% then alert
if space usage > 95% then alert
check host pandora.spacenest.it with address 94.143.138.27
if failed ping then alert
if failed port 22 protocol ssh
then alert
Then there are files under /etc/monit/conf.d/* and/or /etc/monit/conf-enabled/*. I only have 3:
nginx:
check process nginx with pidfile /var/run/nginx.pid
group www-data
start program = "/etc/init.d/nginx start"
stop program = "/etc/init.d/nginx stop"
postfix:
check process postfix with pidfile /var/spool/postfix/pid/master.pid
start program = "/etc/init.d/postfix start"
stop program = "/etc/init.d/postfix stop"
if failed
port 25
protocol smtps
username "<your_username>"
password "<your_password>"
then alert
sshd:
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/sshd start"
stop program "/etc/init.d/sshd stop"
if failed port 22 protocol ssh then restart
Monit manual is very helpful, you should check it out.
Do we need it? Nope.
Do I like it? YEP!
Will be posting about my (mis)adventures while administering a VPS.. Or more than one?
For the time being I've just installed this beauty, called "chyrp-lite"