bparodi/lezzo.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

secret wiki

Browse Source
This commit is contained in:
Francesco Mecca 2023-05-25 18:39:20 +02:00
parent 21c5a0a1a5
commit 52639410e5
10 changed files with 687 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
secretwiki/commands.html
View File

@ -3,24 +3,24 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2022-06-09 Thu 13:49 -->
<!-- 2023-05-25 Thu 18:38 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Lezzo secret wiki</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="bparodi" />
<meta name="generator" content="Org Mode" />
<link rel="stylesheet" type="text/css" href="./stylesheet.css"/>
</head>
<body>
<div id="content">
<div id="content" class="content">
<h2>[ Lezzo secret wiki ]</a></h2>
<div id="outline-container-org97a447f" class="outline-2">
<h2 id="org97a447f"><b>~</b> Frequently used commands and configuration snippets</h2>
<div class="outline-text-2" id="text-org97a447f">
<div id="outline-container-org25dca38" class="outline-2">
<h2 id="org25dca38"><b>~</b> Frequently used commands and configuration snippets</h2>
<div class="outline-text-2" id="text-org25dca38">
</div>
<div id="outline-container-org27f15e0" class="outline-3">
<h3 id="org27f15e0">Reduce packages disk usage on gentoo</h3>
<div class="outline-text-3" id="text-org27f15e0">
<div id="outline-container-orgee7bf2c" class="outline-3">
<h3 id="orgee7bf2c">Reduce packages disk usage on gentoo</h3>
<div class="outline-text-3" id="text-orgee7bf2c">
<pre class="example">
eclean packages
eclean distfiles
@ -28,9 +28,9 @@ eclean-kernel -A -a
</pre>
</div>
</div>
<div id="outline-container-org79cb598" class="outline-3">
<h3 id="org79cb598">Update pi-hole devuan host</h3>
<div class="outline-text-3" id="text-org79cb598">
<div id="outline-container-orgfc2f077" class="outline-3">
<h3 id="orgfc2f077">Update pi-hole devuan host</h3>
<div class="outline-text-3" id="text-orgfc2f077">
<pre class="example">
apt update
apt upgrade
@ -38,9 +38,9 @@ PIHOLE_SKIP_OS_CHECK=true pihole -up
</pre>
</div>
</div>
<div id="outline-container-org6d26529" class="outline-3">
<h3 id="org6d26529">Wireguard configuration</h3>
<div class="outline-text-3" id="text-org6d26529">
<div id="outline-container-org87f6887" class="outline-3">
<h3 id="org87f6887">Wireguard configuration</h3>
<div class="outline-text-3" id="text-org87f6887">
<pre class="example">
cd /etc/wireguard.conf
wg genkey &gt; privatekey
@ -54,16 +54,16 @@ DNS = 10.0.1.8
# lezzo
[Peer]
PublicKey =
PublicKey = sU1Cya3Ej6kQMidcwk3PMxzqNY12JfDAROeayPG5PXM= # server pubkey
Endpoint = tubo.lezzo.org:51888
PersistentKeepalive = 25
AllowedIPs = 0.0.0.0/0
</pre>
</div>
</div>
<div id="outline-container-org7b058c3" class="outline-3">
<h3 id="org7b058c3">Add static route for wireguard</h3>
<div class="outline-text-3" id="text-org7b058c3">
<div id="outline-container-org6eb5aa2" class="outline-3">
<h3 id="org6eb5aa2">Add static route for wireguard</h3>
<div class="outline-text-3" id="text-org6eb5aa2">
<p>
Useful when subnet clash, example:
</p>
@ -80,9 +80,9 @@ route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.13.1 lezzo # dns resolutio
</pre>
</div>
</div>
<div id="outline-container-org55ef39e" class="outline-3">
<h3 id="org55ef39e">Remove gentoo strong password requirement</h3>
<div class="outline-text-3" id="text-org55ef39e">
<div id="outline-container-org8c2113b" class="outline-3">
<h3 id="org8c2113b">Remove gentoo strong password requirement</h3>
<div class="outline-text-3" id="text-org8c2113b">
<p>
From <a href="https://forums.gentoo.org/viewtopic-t-1117656-start-0.html">https://forums.gentoo.org/viewtopic-t-1117656-start-0.html</a>:
in /etc/pam.d/system-auth
@ -99,6 +99,8 @@ password required pam_unix.so try_first_pass nullok sha512 shadow
</div>
<div id="postamble" class="status">
<p class="author">Author: bparodi</p>
<p class="date">Created: 2023-05-25 Thu 18:38</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
</html>

BIN
secretwiki/files/initial_000.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 189 KiB

17
secretwiki/index.html
View File

@ -3,25 +3,26 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2022-06-09 Thu 13:41 -->
<!-- 2023-05-25 Thu 18:38 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Lezzo secret wiki</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="bparodi" />
<meta name="generator" content="Org Mode" />
<link rel="stylesheet" type="text/css" href="./stylesheet.css"/>
</head>
<body>
<div id="content">
<div id="content" class="content">
<h2>[ Lezzo secret wiki ]</a></h2>
<p>
Ogni pagina è disponibile anche in org-mode sostituendo .org a.html.
</p>
<div id="outline-container-org14d1a9e" class="outline-2">
<h2 id="org14d1a9e">Pagine</h2>
<div class="outline-text-2" id="text-org14d1a9e">
<div id="outline-container-org237bb47" class="outline-2">
<h2 id="org237bb47">Pagine</h2>
<div class="outline-text-2" id="text-org237bb47">
<ul class="org-ul">
<li><a href="./hosts.html">Hosts</a></li>
<li><a href="./hosts.html">Lezzonet: gli host</a></li>
<li><a href="./rete.html">Lezzonet: la configurazione di rete</a></li>
<li><a href="./bots.html">Bots</a></li>
<li><a href="./commands.html">Frequently used commands and configuration snippets</a></li>
<li><a href="./sonarr.html">Sonarr</a></li>
@ -33,6 +34,8 @@ Ogni pagina è disponibile anche in org-mode sostituendo .org a.html.
</div>
<div id="postamble" class="status">
<p class="author">Author: bparodi</p>
<p class="date">Created: 2023-05-25 Thu 18:38</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
</html>

3
secretwiki/index.org
View File

@ -1,7 +1,8 @@
#+INCLUDE: header.org
Ogni pagina è disponibile anche in org-mode sostituendo .org a.html.
* Pagine
- [[./hosts.html][Hosts]]
- [[./hosts.html][Lezzonet: gli host]]
- [[./rete.html][Lezzonet: la configurazione di rete]]
- [[./bots.html][Bots]]
- [[./commands.html][Frequently used commands and configuration snippets]]
- [[./sonarr.html][Sonarr]]

12
secretwiki/makefile Normal file
View File

@ -0,0 +1,12 @@
ORG_FILES := $(filter-out header.org,$(wildcard *.org))
HTML_FILES := $(patsubst %.org,%.html,$(ORG_FILES))
.PHONY: all clean
all: $(HTML_FILES)
%.html: %.org
emacs --batch $< --eval "(org-html-export-to-html)"
clean:
rm -f $(HTML_FILES)

188
secretwiki/rete.html Normal file
View File

@ -0,0 +1,188 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2023-05-25 Thu 18:26 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Lezzo secret wiki</title>
<meta name="author" content="bparodi" />
<meta name="generator" content="Org Mode" />
<link rel="stylesheet" type="text/css" href="./stylesheet.css"/>
</head>
<body>
<div id="content" class="content">
<h2>[ Lezzo secret wiki ]</a></h2>
<div id="outline-container-org79da81b" class="outline-2">
<h2 id="org79da81b">Lezzonet: la configurazione di rete</h2>
<div class="outline-text-2" id="text-org79da81b">
</div>
<div id="outline-container-orgdbe5702" class="outline-3">
<h3 id="orgdbe5702">QoS</h3>
<div class="outline-text-3" id="text-orgdbe5702">
<p>
There is already a qos script in the forge. It should be self documenting so
check that.
</p>
</div>
</div>
<div id="outline-container-orgbdf54a6" class="outline-3">
<h3 id="orgbdf54a6">Firewall</h3>
<div class="outline-text-3" id="text-orgbdf54a6">
</div>
<div id="outline-container-orge957e5f" class="outline-4">
<h4 id="orge957e5f">Router</h4>
<div class="outline-text-4" id="text-orge957e5f">
<p>
Let's break down the router configuration into two parts: port forwarding (NAT) and blocked ports, protocols, and routes.
</p>
<p>
Port forwarding allows incoming connections from the internet to be redirected
to specific devices or services on your local network. This is typically done
using Network Address Translation (NAT) in the router configuration. NAT is
responsible for translating the IP addresses and ports of incoming packets to
the appropriate internal IP addresses and ports.
</p>
<p>
We use iptables is used to configure the port forwarding rules. The iptables
command, specifically in the nat table (-t nat), is used to set up the rules
that define which incoming ports should be forwarded to which internal IP
addresses and ports.
</p>
<pre class="example">
# iptables -t nat -L -n
# 10.0.1.3 is the client that hosts the main webserver with the reverse proxy
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.1.3:80
DNAT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.1.3:443
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE 0 -- 0.0.0.0/0 0.0.0.0/0
</pre>
<p>
Using iptables commands:
</p>
<pre class="example">
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 80 -d 10.0.1.3 -j SNAT --to-source 10.0.1.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.1.3
iptables -A FORWARD -i eth1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
</pre>
<p>
Let's explain this as a list:
</p>
<ol class="org-ol">
<li>add a rule to the NAT table (-t nat). It specifies that
outgoing TCP traffic (-p tcp) with a destination port of 80 (&#x2013;dport 80) and
a destination IP address of 10.0.1.3 (-d 10.0.1.3) should be SNAT (Source
Network Address Translation) translated. The source IP address is changed to
10.0.1.1 (&#x2013;to-source 10.0.1.1). This rule is typically used to rewrite the
source IP address of outgoing traffic to appear as if it's coming from the
router itself</li>
<li>add a rule to the PREROUTING chain of the NAT table. It
specifies that incoming TCP traffic (-p tcp) with a destination port of 80
(&#x2013;dport 80) coming from the eth0 interface (-i eth0) should be DNAT
(Destination Network Address Translation) translated. The destination IP
address is changed to 10.0.1.3 (&#x2013;to-destination 10.0.1.3). This rule is used
to forward incoming traffic from port 80 to the specified internal IP
address</li>
<li>add a rule to the FORWARD chain. It allows traffic from
eth1 interface (-i eth1) to eth0 interface (-o eth0) that is already
established or related (-m conntrack &#x2013;ctstate ESTABLISHED,RELATED). This
rule is used to permit incoming responses or related traffic for connections
initiated from the internal network</li>
<li>add a rule to the FORWARD chain. It allows traffic from eth0 interface (-i
eth0) to eth1 interface (-o eth1) that is already established or related (-m
conntrack &#x2013;ctstate ESTABLISHED,RELATED). This rule is used to permit
incoming responses or related traffic for connections initiated from the
external network.</li>
<li>add a rule to the FORWARD chain. It allows incoming TCP traffic (-p tcp &#x2013;syn
&#x2013;dport 80) from eth0 interface to eth1 interface that is in a NEW state (-m
conntrack &#x2013;ctstate NEW). This rule is used to permit incoming new TCP
connections to port 80 on the internal network.</li>
</ol>
<p>
Alongside port forwarding, we need to block certain ports, protocols, or routes
to enhance security or control network traffic. This is where ufw (Uncomplicated
Firewall) comes into play.
</p>
<pre class="example">
To Action From
-- ------ ----
23185 ALLOW IN Anywhere
22 ALLOW IN Anywhere
1:65535/tcp on eth1 ALLOW IN Anywhere
1:65535/udp on eth1 ALLOW IN Anywhere
1:65535/tcp on eth2 ALLOW IN Anywhere
1:65535/udp on eth2 ALLOW IN Anywhere
1:65535/tcp on lezzonet ALLOW IN Anywhere
1:65535/udp on lezzonet ALLOW IN Anywhere
</pre>
<p>
We use the default rules of ufw for the firewall and in addition we allow all
traffic on the two lan interfaces eth1 and eth2 and the wireguard interface
lezzonet. We also allow the ssh protocol and traffic into the wireguard port 23185.
</p>
</div>
</div>
<div id="outline-container-orgdf614ed" class="outline-4">
<h4 id="orgdf614ed">Clients</h4>
<div class="outline-text-4" id="text-orgdf614ed">
<p>
The piracy machine is the only one directly exposed to the network because of
the vpn. This is the ufw configuration:
</p>
<pre class="example">
# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Anywhere on eth0 ALLOW IN Anywhere
[ 2] Anywhere ALLOW OUT Anywhere on eth0 (out)
[ 3] 11000:12000/tcp ALLOW IN Anywhere
[ 4] 11000:12000/udp ALLOW IN Anywhere
</pre>
<p>
Basically open every port from 11000 to 12000 and have programs listen on those
ports. In addition to that, the main client that is Transmission is very hungry
so I rate limited it using its own configuration options.
</p>
<p>
Some example commands:
</p>
<pre class="example">
ufw allow from any to any port 23185
ufw allow ssh
ufw allow in on eth1,eth2,lezzonet to any port 22,53,123,514 proto udb
ufw allow in on eth1,eth2,lezzonet to any port 22,53,123,514 proto tcp
</pre>
</div>
</div>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="author">Author: bparodi</p>
<p class="date">Created: 2023-05-25 Thu 18:26</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
</html>

121
secretwiki/rete.org Normal file
View File

@ -0,0 +1,121 @@
#+INCLUDE: header.org
* Lezzonet: la configurazione di rete
** QoS
There is already a qos script in the forge. It should be self documenting so
check that.
** Firewall
*** Router
Let's break down the router configuration into two parts: port forwarding (NAT) and blocked ports, protocols, and routes.
Port forwarding allows incoming connections from the internet to be redirected
to specific devices or services on your local network. This is typically done
using Network Address Translation (NAT) in the router configuration. NAT is
responsible for translating the IP addresses and ports of incoming packets to
the appropriate internal IP addresses and ports.
We use iptables is used to configure the port forwarding rules. The iptables
command, specifically in the nat table (-t nat), is used to set up the rules
that define which incoming ports should be forwarded to which internal IP
addresses and ports.
#+begin_src
# iptables -t nat -L -n
# 10.0.1.3 is the client that hosts the main webserver with the reverse proxy
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.1.3:80
DNAT 6 -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:10.0.1.3:443
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE 0 -- 0.0.0.0/0 0.0.0.0/0
#+end_src
Using iptables commands:
#+begin_src
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 80 -d 10.0.1.3 -j SNAT --to-source 10.0.1.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.1.3
iptables -A FORWARD -i eth1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
#+end_src
Let's explain this as a list:
1. add a rule to the NAT table (-t nat). It specifies that
outgoing TCP traffic (-p tcp) with a destination port of 80 (--dport 80) and
a destination IP address of 10.0.1.3 (-d 10.0.1.3) should be SNAT (Source
Network Address Translation) translated. The source IP address is changed to
10.0.1.1 (--to-source 10.0.1.1). This rule is typically used to rewrite the
source IP address of outgoing traffic to appear as if it's coming from the
router itself
2. add a rule to the PREROUTING chain of the NAT table. It
specifies that incoming TCP traffic (-p tcp) with a destination port of 80
(--dport 80) coming from the eth0 interface (-i eth0) should be DNAT
(Destination Network Address Translation) translated. The destination IP
address is changed to 10.0.1.3 (--to-destination 10.0.1.3). This rule is used
to forward incoming traffic from port 80 to the specified internal IP
address
3. add a rule to the FORWARD chain. It allows traffic from
eth1 interface (-i eth1) to eth0 interface (-o eth0) that is already
established or related (-m conntrack --ctstate ESTABLISHED,RELATED). This
rule is used to permit incoming responses or related traffic for connections
initiated from the internal network
4. add a rule to the FORWARD chain. It allows traffic from eth0 interface (-i
eth0) to eth1 interface (-o eth1) that is already established or related (-m
conntrack --ctstate ESTABLISHED,RELATED). This rule is used to permit
incoming responses or related traffic for connections initiated from the
external network.
5. add a rule to the FORWARD chain. It allows incoming TCP traffic (-p tcp --syn
--dport 80) from eth0 interface to eth1 interface that is in a NEW state (-m
conntrack --ctstate NEW). This rule is used to permit incoming new TCP
connections to port 80 on the internal network.
Alongside port forwarding, we need to block certain ports, protocols, or routes
to enhance security or control network traffic. This is where ufw (Uncomplicated
Firewall) comes into play.
#+begin_src
To Action From
-- ------ ----
23185 ALLOW IN Anywhere
22 ALLOW IN Anywhere
1:65535/tcp on eth1 ALLOW IN Anywhere
1:65535/udp on eth1 ALLOW IN Anywhere
1:65535/tcp on eth2 ALLOW IN Anywhere
1:65535/udp on eth2 ALLOW IN Anywhere
1:65535/tcp on lezzonet ALLOW IN Anywhere
1:65535/udp on lezzonet ALLOW IN Anywhere
#+end_src
We use the default rules of ufw for the firewall and in addition we allow all
traffic on the two lan interfaces eth1 and eth2 and the wireguard interface
lezzonet. We also allow the ssh protocol and traffic into the wireguard port 23185.
*** Clients
The piracy machine is the only one directly exposed to the network because of
the vpn. This is the ufw configuration:
#+begin_src
# ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Anywhere on eth0 ALLOW IN Anywhere
[ 2] Anywhere ALLOW OUT Anywhere on eth0 (out)
[ 3] 11000:12000/tcp ALLOW IN Anywhere
[ 4] 11000:12000/udp ALLOW IN Anywhere
#+end_src
Basically open every port from 11000 to 12000 and have programs listen on those
ports. In addition to that, the main client that is Transmission is very hungry
so I rate limited it using its own configuration options.
Some example commands:
#+begin_src
ufw allow from any to any port 23185
ufw allow ssh
ufw allow in on eth1,eth2,lezzonet to any port 22,53,123,514 proto udb
ufw allow in on eth1,eth2,lezzonet to any port 22,53,123,514 proto tcp
#+end_src

1
secretwiki/stylesheet.css
View File

@ -35,7 +35,6 @@ h3 {
h4 {
color: #45818e;
font-size: 35px;
}
a {

299
secretwiki/wannabe.html Normal file
View File

@ -0,0 +1,299 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2023-05-25 Thu 18:38 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Lezzo secret wiki</title>
<meta name="author" content="bparodi" />
<meta name="generator" content="Org Mode" />
<link rel="stylesheet" type="text/css" href="./stylesheet.css"/>
</head>
<body>
<div id="content" class="content">
<h2>[ Lezzo secret wiki ]</a></h2>
<div id="outline-container-orgfd35103" class="outline-2">
<h2 id="orgfd35103"><b>~</b> Hosts</h2>
<div class="outline-text-2" id="text-orgfd35103">
</div>
<div id="outline-container-org2b2b8f0" class="outline-3">
<h3 id="org2b2b8f0">I fondamentali</h3>
<div class="outline-text-3" id="text-org2b2b8f0">
<p>
Tutto ciò senza cui lezzo non funzionerebbe, insomma l'infrastruttura
di base.
</p>
</div>
<div id="outline-container-org31a6a09" class="outline-4">
<h4 id="org31a6a09">Basettoni</h4>
<div class="outline-text-4" id="text-org31a6a09">
<p>
Fa da hypervisor. Contiene il numero minimo di pacchetti per far funzionare il
filesystem e libvirt. Accede alla rete tramite una sua interfaccia di rete.
</p>
</div>
</div>
<div id="outline-container-org317ca3d" class="outline-4">
<h4 id="org317ca3d">Minni</h4>
<div class="outline-text-4" id="text-org317ca3d">
<p>
SOC di Ruspante che da accesso alla rete in caso di emergenza. Comunica con
l'hypervisor tramite la rete locale.
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>wireguard</li>
<li>client ddns</li>
</ul>
</div>
</div>
<div id="outline-container-org7bfa5d4" class="outline-4">
<h4 id="org7bfa5d4">Edi</h4>
<div class="outline-text-4" id="text-org7bfa5d4">
<p>
Server che contiene i backup di lezzonet e comunica con l'hypervisor tramite Gancio.
</p>
</div>
</div>
<div id="outline-container-orge603716" class="outline-4">
<h4 id="orge603716">Gancio</h4>
<div class="outline-text-4" id="text-orge603716">
<p>
SOC ospitato a casa di Bparodi con una rete wireguard secondaria che permette la
comunicazione con l'hypervisor. È nella stessa rete del server di backup.
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>client ddns</li>
<li>wireguard</li>
</ul>
</div>
</div>
<div id="outline-container-org2534672" class="outline-4">
<h4 id="org2534672">Atomino</h4>
<div class="outline-text-4" id="text-org2534672">
<p>
Fa da router per la rete. È l'unico host virtualizzato che ha accesso
all'interfaccia di rete fisica.
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>wireguard</li>
<li>dns server principale per tutto lezzo.org e compari</li>
<li>firewall e qos tramite iptables e tc</li>
<li>ntpd</li>
<li>syslog-ng</li>
</ul>
</div>
</div>
<div id="outline-container-orgdd161c8" class="outline-4">
<h4 id="orgdd161c8">Pico</h4>
<div class="outline-text-4" id="text-orgdd161c8">
<ul class="org-ul">
<li>rabbitmq</li>
<li>postgres</li>
</ul>
</div>
</div>
<div id="outline-container-orgc5009da" class="outline-4">
<h4 id="orgc5009da">Orazio</h4>
<div class="outline-text-4" id="text-orgc5009da">
<p>
Buildserver. Ci si aspetta che tutte gli host riescano a
comunicare con questa vm.
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>rsync</li>
<li>nginx</li>
</ul>
</div>
</div>
</div>
<div id="outline-container-org159e9b7" class="outline-3">
<h3 id="org159e9b7">7 Mari</h3>
<div class="outline-text-3" id="text-org159e9b7">
<p>
Il magico mondo della pirateria e più in generale tutto ciò che viene
hostato dietro una vpn di terze parti.
</p>
</div>
<div id="outline-container-orgea6f74e" class="outline-4">
<h4 id="orgea6f74e">Amelia</h4>
<div class="outline-text-4" id="text-orgea6f74e">
<p>
VM usata per piratare. È l'unica macchina con X11 nella rete.
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>transmission</li>
<li>qbittorrent</li>
<li>fopnu</li>
<li>nicotine+: client soulseek</li>
<li>vncviewer</li>
<li>mldonkey</li>
<li>makemkv</li>
<li>nintendo nus downloader</li>
</ul>
</div>
</div>
<div id="outline-container-orgbcdde3e" class="outline-4">
<h4 id="orgbcdde3e">Toppersby</h4>
<div class="outline-text-4" id="text-orgbcdde3e">
<p>
bparodi vm personale dietro vpn.
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>weechat</li>
</ul>
</div>
</div>
</div>
<div id="outline-container-org8287ed1" class="outline-3">
<h3 id="org8287ed1">Lezzo si presenta al mondo</h3>
<div class="outline-text-3" id="text-org8287ed1">
<p>
Tutti i servizi che utilizziamo sono hostati su queste macchine.
</p>
</div>
<div id="outline-container-org8778102" class="outline-4">
<h4 id="org8778102">Paperetta</h4>
<div class="outline-text-4" id="text-org8778102">
<p>
Praticamente una macchina con debian per tutto ciò che non riesco ad
hostare su gentoo. Ho dovuto sporcarla con docker.
Serve:
</p>
<ul class="org-ul">
<li>varie istanze di sonarr. Vedi la entry nella wiki.</li>
<li>archivebox</li>
<li>forkserver: script in python che permetto al bot di irc di
richiedere l'archiviazione di url ad archivebox</li>
<li>Paperless</li>
</ul>
</div>
</div>
<div id="outline-container-orgc07e166" class="outline-4">
<h4 id="orgc07e166">Paperino</h4>
<div class="outline-text-4" id="text-orgc07e166">
<p>
Punto di accesso ai vari servizi web di lezzo.org
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>nginx, sia come server per il dominio che come reverse proxy</li>
<li>jellyfin sia per la musica che per il materiale video</li>
<li>git server (bare) con relativa interfaccia web</li>
<li>happy/imageboard</li>
<li>luca/url shortener</li>
<li>goaccess: stats.html</li>
<li>cinny</li>
<li>fileserver</li>
<li>blog e altre pagine web di lezzo.org</li>
<li>radicale</li>
</ul>
</div>
</div>
<div id="outline-container-orgb095ec9" class="outline-4">
<h4 id="orgb095ec9">Plottigat</h4>
<div class="outline-text-4" id="text-orgb095ec9">
<p>
Serve:
</p>
<ul class="org-ul">
<li>murmur (mumble server)</li>
<li>ngircd</li>
<li>heisenbridge</li>
<li>matrix and irc bots</li>
<li>synapse</li>
</ul>
</div>
</div>
<div id="outline-container-org2219891" class="outline-4">
<h4 id="org2219891">Topolino</h4>
<div class="outline-text-4" id="text-org2219891">
<p>
bparodi vm personale.
</p>
<p>
Serve:
</p>
<ul class="org-ul">
<li>neomutt</li>
<li>offlineimap</li>
<li>mympd</li>
<li>syncthing</li>
</ul>
<p>
Monta:
</p>
<ul class="org-ul">
<li>vibbra</li>
<li>pr0n</li>
</ul>
</div>
</div>
</div>
<div id="outline-container-org7236144" class="outline-3">
<h3 id="org7236144">Fuori da qui</h3>
<div class="outline-text-3" id="text-org7236144">
<p>
ma Lezzo sempre nel cuore. Tutte le macchine non virtualizzate nel
rack principale. Gli usi sono i più disparati.
</p>
</div>
<div id="outline-container-org8a14db8" class="outline-4">
<h4 id="org8a14db8">Pipwolf</h4>
<div class="outline-text-4" id="text-org8a14db8">
<p>
SOC utilizzato da bparodi come access point di emergenza alla rete di casa.
</p>
</div>
</div>
<div id="outline-container-org91be29d" class="outline-4">
<h4 id="org91be29d">Ghigno</h4>
<div class="outline-text-4" id="text-org91be29d">
<p>
SOC utilizzato dai genitori di bparodi. È una macchina con gentoo che
all'accensione avvia X e firefox &#x2013;kiosk su tty7 e viene utilizzata
come terminale per Jellyfin.
</p>
</div>
</div>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="author">Author: bparodi</p>
<p class="date">Created: 2023-05-25 Thu 18:38</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
</html>

74
secretwiki/wannabe.org
View File

@ -1,36 +1,40 @@
#+INCLUDE: header.org
- rinforza le password
- etckeeper
- password files
+ vikunja pesceWanda:pesceWanda@lezzo.org:pesceWanda
+ vikunja ruspante:ruspante@lezzo.org:ruspantello
* *~* Hosts
** I Fondamentali
Tutto ciò senza cui Lezzo non funzionerebbe, insomma l'infrastruttura
** I fondamentali
Tutto ciò senza cui lezzo non funzionerebbe, insomma l'infrastruttura
di base.
*** Basettoni
Fa da hypervisor. Contiene il numero minimo di pacchetti per far funzionare il
filesystem e libvirt. Accede alla rete tramite una sua interfaccia di rete.
*** Minni
SOC di Ruspante che da accesso alla rete in caso di emergenza. Comunica con
l'hypervisor tramite la rete locale.
Serve:
- wireguard
- client ddns
*** Edi
Server che contiene i backup di lezzonet e comunica con l'hypervisor tramite Gancio.
*** Gancio
SOC ospitato a casa di Bparodi con una rete wireguard secondaria che permette la
comunicazione con l'hypervisor. È nella stessa rete del server di backup.
Serve:
- client ddns
- wireguard
*** Atomino
Server vpn privato. Usato per avere una rete interna per i membri di
lezzo.org ma esce in chiaro dall'ip di lezzo.org.
Fa da router per la rete. È l'unico host virtualizzato che ha accesso
all'interfaccia di rete fisica.
Serve:
- wireguard
- dns server principale per tutto lezzo.org e compari
- firewall e qos tramite iptables e tc
- ntpd
- syslog-ng
*** Pico
- rabbitmq
- postgres
*** Uno
Router. Permette alle vm di uscire in chiaro.
Serve:
- firewall
- dhcp daemon
- dns forwarder
- nat: tramite firewall
- webserver: interfaccia web per la configurazione
- ssh server: dropbear per la manutenzione
*** Orazio
Buildserver. Ci si aspetta che tutte gli host riescano a
comunicare con questa vm.
@ -42,35 +46,17 @@ Serve:
Il magico mondo della pirateria e più in generale tutto ciò che viene
hostato dietro una vpn di terze parti.
*** Amelia
VM usata per piratare.
VM usata per piratare. È l'unica macchina con X11 nella rete.
Serve:
- rtorrent
- rutorrent e tutte le dipendenze
- transmission
- qbittorrent
*** Macchianera
Router dietro la vpn di njalla.
Serve:
- firewall
- dhcp daemon: non utilizzato, gli ip delle vm sono tutti statici
- dns forwarder
- nat: tramite firewall
- webserver: interfaccia web per la configurazione
- ssh server: dropbear per la manutenzione
*** Nocciola
VM usata per piratare.
Serve:
- fopnu
- nicotine+: client soulseek
- vncviewer
- mldonkey
- biglybt
- amuled
- amuleweb
- makemkv
- nocciola-dl-manager: programma in kotlin che monitora i vari servizi
- nintendo nus downloader
*** Toppersby
bparodi vm personale dietro vpn.
@ -94,16 +80,14 @@ Punto di accesso ai vari servizi web di lezzo.org
Serve:
- nginx, sia come server per il dominio che come reverse proxy
- jellyfin sia per la musica che per il materiale video
- gitbucket or onedev
- git server (bare) con relativa interfaccia web
- happy/imageboard
- luca/url shortener
- goaccess: stats.html
- fucktelegram
- cinny
- atftpd (pxe server)
- fileserver
- gameserver
- caldav e rubrica?
- blog e altre pagine web di lezzo.org
- radicale
*** Plottigat
Serve:
- murmur (mumble server)