services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

fix reeselink addresses

Browse Source
This commit is contained in:
Reese Wells
2024-08-05 23:05:46 -04:00
parent d8e6ec18ff
commit 602ae8c841
6 changed files with 91 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cloud/graduated/aws_route53/reeselink.json
View File

@@ -113,7 +113,7 @@
"TTL": 300, "TTL": 300,
"ResourceRecords": [ "ResourceRecords": [
{ {
"Value": "2603:6013:3140:103:7656:3cff:febd:1df8" "Value": "2603:6013:3140:100:7656:3cff:febd:1df8"
} }
] ]
} }

42
infrastructure/graduated/arch/README.md
View File

@@ -257,11 +257,17 @@ after we finish the install.
Don't set a password for single-user systems. We're using full-disk encryption. Don't set a password for single-user systems. We're using full-disk encryption.
This will let you login with just a fingerprint. This will let you login with just a fingerprint.
1. Install `seahorse` if you haven't already
2. Open the `Passwords and Keys` apps
3. Create a new Password keyring called "Login"
4. Do not enter a password
5. Set it as default
### Base Tools ### Base Tools
```bash ```bash
# gvfs and gvfs-dnssd are for webdav support # gvfs and gvfs-dnssd are for webdav support
pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd wget man-db pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd wget man-db net-tools
``` ```
### ZSH ### ZSH
@@ -661,11 +667,39 @@ You can create chroot environments to run firejails or just use for testing purp
4. Install <https://aur.archlinux.org/pam-fprint-grosshack.git> to use fingerprint with gnome 4. Install <https://aur.archlinux.org/pam-fprint-grosshack.git> to use fingerprint with gnome
In order to use fingerprint auth with gnome for privileged system stuff with gdm, In order to use fingerprint auth with gnome for privileged system stuff with gdm,
edit `/etc/pam.d/system-auth` and add the following to the top of the file: edit `/etc/pam.d/system-auth` to include `auth sufficient pam_fprintd_grosshack.so`.
```conf ```conf
auth sufficient pam_fprintd_grosshack.so #%PAM-1.0
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_shells.so # User must have shell in /etc/shells
auth requisite pam_nologin.so # Prevents users from loging in if /etc/nologin exists
auth required pam_faillock.so preauth # Timeout after certain number of fails
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth sufficient pam_fprintd_grosshack.so
-auth [success=2 default=ignore] pam_systemd_home.so
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
auth required pam_env.so
auth required pam_faillock.so authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.
-account [success=1 default=ignore] pam_systemd_home.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
-password [success=1 default=ignore] pam_systemd_home.so
password required pam_unix.so try_first_pass nullok shadow
password optional pam_permit.so
-session optional pam_systemd_home.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
``` ```
##### Turn Off Fingerprint When Laptop Lid Closed ##### Turn Off Fingerprint When Laptop Lid Closed

19
infrastructure/graduated/arch/workstation.md
View File

@@ -2,6 +2,7 @@
- [Workstation](#workstation) - [Workstation](#workstation)
- [SSH](#ssh) - [SSH](#ssh)
- [Templates](#templates)
- [Toolbox](#toolbox) - [Toolbox](#toolbox)
- [Podman](#podman) - [Podman](#podman)
- [Docker](#docker) - [Docker](#docker)
@@ -70,6 +71,16 @@ Host my-host
You can ssh to that host with `ssh my-host` after adding a config entry. You can ssh to that host with `ssh my-host` after adding a config entry.
## Templates
You can add files in `~/Templates` to give yourself quick-create options in the gnome
file browser context menu.
```bash
mkdir ~/Templates
touch ~/Templates/text.txt
```
## Toolbox ## Toolbox
<https://wiki.archlinux.org/title/Toolbox> <https://wiki.archlinux.org/title/Toolbox>
@@ -135,6 +146,14 @@ systemctl enable --now libvirtd
virsh net-autostart default virsh net-autostart default
``` ```
Then edit `/etc/libvirt/network.conf` and add:
```conf
firewall_backend="iptables"
```
Make sure to restart libvirtd with `systemctl restart libvirtd`.
If you get a blank screen when launching a VM check that you've used the correct bios - If you get a blank screen when launching a VM check that you've used the correct bios -
either secboot or not secboot. This is the most common problem. either secboot or not secboot. This is the most common problem.

8
infrastructure/graduated/qemu/README.md
View File

@@ -5,6 +5,7 @@
- [Restore qcow snapshots](#restore-qcow-snapshots) - [Restore qcow snapshots](#restore-qcow-snapshots)
- [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive) - [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive)
- [Convert bootable drive to qcow](#convert-bootable-drive-to-qcow) - [Convert bootable drive to qcow](#convert-bootable-drive-to-qcow)
- [ISO](#iso)
## QCOW2 ## QCOW2
@@ -44,3 +45,10 @@ qemu-img convert -f raw -O qcow2 -p /dev/sdd /var/lib/libvirt/images/toshiba.qco
If you need to resize a windows partition to non-continuous space simply grow the If you need to resize a windows partition to non-continuous space simply grow the
last partition, shrink it to the end of the drive, then grow the windows partition last partition, shrink it to the end of the drive, then grow the windows partition
with gparted. with gparted.
## ISO
```bash
pacman -S cdrtools
mkisofs -r -iso-level 4 -l -o /tmp/arch-files.iso ./arch
```

20
infrastructure/graduated/unifi/README.md
View File

@@ -5,6 +5,8 @@
- [Route53](#route53) - [Route53](#route53)
- [IPV6 EUI64 Address Generation](#ipv6-eui64-address-generation) - [IPV6 EUI64 Address Generation](#ipv6-eui64-address-generation)
- [NetworkManager](#networkmanager) - [NetworkManager](#networkmanager)
- [VPN](#vpn)
- [IPv6 leak prevention](#ipv6-leak-prevention)
## IP Addresses ## IP Addresses
@@ -45,3 +47,21 @@ nmcli con mod <connection> ipv6.addr-gen-mode eui64
systemctl restart NetworkManager systemctl restart NetworkManager
nmcli -f ipv6.addr-gen-mode connection show <connection> nmcli -f ipv6.addr-gen-mode connection show <connection>
``` ```
## VPN
### IPv6 leak prevention
Add the following to the exported wireguard config to block ipv6
```conf
[Interface]
PrivateKey =
Address = 192.168.4.2/32, fd00::1/128
DNS = 192.168.4.1
[Peer]
PublicKey =
AllowedIPs = 192.168.4.1/32,192.168.4.2/32,0.0.0.0/0,::0/0
Endpoint = ipv4.reeseapps.com:51831
```

10
systemd/graduated/ipv4-proxy/vars.yaml
View File

@@ -8,7 +8,7 @@ stream_ssl:
- external: - external:
domain: gitea.reeseapps.com domain: gitea.reeseapps.com
internal: internal:
domain: ingress-nginx.reeselink.com domain: ingress-nginx.reeseapps.com
port: 443 port: 443
protocol: https protocol: https
- external: - external:
@@ -20,24 +20,24 @@ stream_ssl:
- external: - external:
domain: jellyfin.reeseapps.com domain: jellyfin.reeseapps.com
internal: internal:
domain: ingress-nginx.reeselink.com domain: ingress-nginx.reeseapps.com
port: 443 port: 443
protocol: https protocol: https
- external: - external:
domain: snapdrop.reeseapps.com domain: snapdrop.reeseapps.com
internal: internal:
domain: ingress-nginx.reeselink.com domain: ingress-nginx.reeseapps.com
port: 443 port: 443
protocol: https protocol: https
- external: - external:
domain: bitwarden.reeseapps.com domain: bitwarden.reeseapps.com
internal: internal:
domain: ingress-nginx.reeselink.com domain: ingress-nginx.reeseapps.com
port: 443 port: 443
protocol: https protocol: https
stream_ports: stream_ports:
- external: 2222 - external: 2222
internal: git.reeselink.com:22 internal: git.reeseapps.com:22
- external: 3478 - external: 3478
internal: nextcloud.reeselink.com:3478 internal: nextcloud.reeselink.com:3478