From 7e49db5ddefe8c515b5f3931a5c701efaac33d91 Mon Sep 17 00:00:00 2001 From: David Luevano Alvarado Date: Fri, 16 Dec 2022 17:45:03 -0600 Subject: change structure for new pyssg version --- blog/config.ini | 17 - blog/dst/404.html | 1 - blog/dst/a/acomodada_la_pagina_de_arte.html | 150 - blog/dst/a/asi_nomas_esta_quedando.html | 151 - blog/dst/a/devs_android_me_trozaron.html | 155 - blog/dst/a/el_blog_ya_tiene_timestamps.html | 151 - blog/dst/a/first_blog_post.html | 144 - blog/dst/a/git_server_with_cgit.html | 265 -- blog/dst/a/hoy_toco_desarrollo_personaje.html | 158 -- blog/dst/a/mail_server_with_postfix.html | 502 ---- blog/dst/a/new_blogging_system.html | 153 - .../a/password_manager_authenticator_setup.html | 159 -- blog/dst/a/tenia_esto_descuidado.html | 152 - blog/dst/a/volviendo_a_usar_la_pagina.html | 145 - blog/dst/a/vpn_server_with_openvpn.html | 417 --- blog/dst/a/website_with_nginx.html | 266 -- blog/dst/a/xmpp_server_with_prosody.html | 643 ----- blog/dst/g/flappybird_godot_devlog_1.html | 719 ----- blog/dst/g/godot_project_structure.html | 263 -- blog/dst/g/gogodot_jam3_devlog_1.html | 736 ----- blog/dst/g/starting_gamedev_blogging.html | 144 - blog/dst/index.html | 158 -- blog/dst/rss.xml | 2953 -------------------- blog/dst/sitemap.xml | 186 -- blog/dst/tag/@english.html | 135 - blog/dst/tag/@gamedev.html | 122 - blog/dst/tag/@gamejam.html | 118 - blog/dst/tag/@godot.html | 120 - blog/dst/tag/@rant.html | 118 - blog/dst/tag/@server.html | 124 - blog/dst/tag/@short.html | 133 - blog/dst/tag/@spanish.html | 128 - blog/dst/tag/@tools.html | 131 - blog/dst/tag/@tutorial.html | 124 - blog/dst/tag/@update.html | 132 - blog/old/dst/a/el_blog_ya_tiene_timestamps.html | 100 - blog/old/dst/a/first_blog_post.html | 98 - blog/old/dst/a/git_server_with_cgit.html | 240 -- blog/old/dst/a/linux_video_notes.html | 196 -- blog/old/dst/a/mail_server_with_postfix.html | 578 ---- blog/old/dst/a/shell_scripting.html | 362 --- blog/old/dst/a/sql_video_notes.html | 295 -- blog/old/dst/a/website_with_nginx.html | 250 -- blog/old/dst/index.html | 108 - blog/old/dst/sitemap.xml | 16 - blog/old/src/.files | 9 - blog/old/src/_footer.html | 23 - blog/old/src/_header.html | 63 - blog/old/src/a/el_blog_ya_tiene_timestamps.md | 9 - blog/old/src/a/first_blog_post.md | 7 - blog/old/src/a/git_server_with_cgit.md | 153 - blog/old/src/a/linux_video_notes.md | 88 - blog/old/src/a/mail_server_with_postfix.md | 518 ---- blog/old/src/a/shell_scripting.md | 263 -- blog/old/src/a/sql_video_notes.md | 172 -- blog/old/src/a/website_with_nginx.md | 157 -- blog/old/src/index.md | 5 - blog/old_newer/dst/a/asi_nomas_esta_quedando.html | 114 - .../dst/a/el_blog_ya_tiene_timestamps.html | 113 - blog/old_newer/dst/a/first_blog_post.html | 112 - blog/old_newer/dst/a/git_server_with_cgit.html | 216 -- blog/old_newer/dst/a/linux_video_notes.html | 185 -- blog/old_newer/dst/a/mail_server_with_postfix.html | 471 ---- blog/old_newer/dst/a/new_blogging_system.html | 115 - .../dst/a/shell_scripting_video_notes.html | 310 -- blog/old_newer/dst/a/sql_video_notes.html | 245 -- blog/old_newer/dst/a/website_with_nginx.html | 221 -- blog/old_newer/dst/index.html | 127 - blog/old_newer/dst/robots.txt | 3 - blog/old_newer/dst/rss.xml | 1142 -------- blog/old_newer/dst/sitemap.xml | 114 - blog/old_newer/dst/tag/@english.html | 112 - blog/old_newer/dst/tag/@git.html | 103 - blog/old_newer/dst/tag/@linux.html | 104 - blog/old_newer/dst/tag/@mail.html | 103 - blog/old_newer/dst/tag/@nginx.html | 104 - blog/old_newer/dst/tag/@notes.html | 105 - blog/old_newer/dst/tag/@scripting.html | 103 - blog/old_newer/dst/tag/@server.html | 105 - blog/old_newer/dst/tag/@shell.html | 103 - blog/old_newer/dst/tag/@short.html | 109 - blog/old_newer/dst/tag/@spanish.html | 105 - blog/old_newer/dst/tag/@sql.html | 103 - blog/old_newer/dst/tag/@tools.html | 110 - blog/old_newer/dst/tag/@tutorial.html | 105 - blog/old_newer/dst/tag/@update.html | 109 - blog/old_newer/src/.files | 10 - blog/old_newer/src/a/asi_nomas_esta_quedando.md | 17 - .../old_newer/src/a/el_blog_ya_tiene_timestamps.md | 16 - blog/old_newer/src/a/first_blog_post.md | 14 - blog/old_newer/src/a/git_server_with_cgit.md | 160 -- blog/old_newer/src/a/linux_video_notes.md | 93 - blog/old_newer/src/a/mail_server_with_postfix.md | 525 ---- blog/old_newer/src/a/new_blogging_system.md | 20 - .../old_newer/src/a/shell_scripting_video_notes.md | 268 -- blog/old_newer/src/a/sql_video_notes.md | 177 -- blog/old_newer/src/a/website_with_nginx.md | 164 -- blog/old_newer/src/templates/article/footer.html | 8 - blog/old_newer/src/templates/article/header.html | 1 - blog/old_newer/src/templates/articles/footer.html | 0 blog/old_newer/src/templates/articles/header.html | 9 - .../src/templates/articles/list_entry.html | 1 - .../src/templates/articles/list_footer.html | 1 - .../src/templates/articles/list_header.html | 2 - .../src/templates/articles/list_separator.html | 1 - blog/old_newer/src/templates/common/footer.html | 31 - blog/old_newer/src/templates/common/header.html | 66 - blog/old_newer/src/templates/rss/rss.xml | 27 - blog/old_newer/src/templates/sitemap/sitemap.xml | 6 - blog/old_newer/src/templates/tag/footer.html | 0 blog/old_newer/src/templates/tag/header.html | 1 - blog/old_newer/src/templates/tag/list_entry.html | 1 - blog/old_newer/src/templates/tag/list_footer.html | 2 - blog/old_newer/src/templates/tag/list_header.html | 2 - .../src/templates/tag/list_separator.html | 1 - blog/plt/base.html | 105 - blog/plt/index.html | 31 - blog/plt/page.html | 36 - blog/plt/page_list.html | 15 - blog/plt/page_nav.html | 28 - blog/plt/rss.xml | 40 - blog/plt/sitemap.xml | 22 - blog/plt/tag.html | 20 - blog/plt/tag_list.html | 9 - blog/src/.files | 19 - blog/src/a/acomodada_la_pagina_de_arte.md | 13 - blog/src/a/asi_nomas_esta_quedando.md | 17 - blog/src/a/devs_android_me_trozaron.md | 30 - blog/src/a/el_blog_ya_tiene_timestamps.md | 16 - blog/src/a/first_blog_post.md | 14 - blog/src/a/git_server_with_cgit.md | 189 -- blog/src/a/hoy_toco_desarrollo_personaje.md | 29 - blog/src/a/mail_server_with_postfix.md | 517 ---- blog/src/a/new_blogging_system.md | 20 - blog/src/a/password_manager_authenticator_setup.md | 24 - blog/src/a/tenia_esto_descuidado.md | 19 - blog/src/a/volviendo_a_usar_la_pagina.md | 15 - blog/src/a/vpn_server_with_openvpn.md | 362 --- blog/src/a/website_with_nginx.md | 166 -- blog/src/a/xmpp_server_with_prosody.md | 579 ---- blog/src/g/flappybird_godot_devlog_1.md | 684 ----- blog/src/g/godot_project_structure.md | 87 - blog/src/g/gogodot_jam3_devlog_1.md | 724 ----- blog/src/g/starting_gamedev_blogging.md | 14 - blog/trash/linux_video_notes.md | 93 - blog/trash/shell_scripting_video_notes.md | 268 -- blog/trash/sql_video_notes.md | 179 -- 147 files changed, 24962 deletions(-) delete mode 100644 blog/config.ini delete mode 120000 blog/dst/404.html delete mode 100644 blog/dst/a/acomodada_la_pagina_de_arte.html delete mode 100644 blog/dst/a/asi_nomas_esta_quedando.html delete mode 100644 blog/dst/a/devs_android_me_trozaron.html delete mode 100644 blog/dst/a/el_blog_ya_tiene_timestamps.html delete mode 100644 blog/dst/a/first_blog_post.html delete mode 100644 blog/dst/a/git_server_with_cgit.html delete mode 100644 blog/dst/a/hoy_toco_desarrollo_personaje.html delete mode 100644 blog/dst/a/mail_server_with_postfix.html delete mode 100644 blog/dst/a/new_blogging_system.html delete mode 100644 blog/dst/a/password_manager_authenticator_setup.html delete mode 100644 blog/dst/a/tenia_esto_descuidado.html delete mode 100644 blog/dst/a/volviendo_a_usar_la_pagina.html delete mode 100644 blog/dst/a/vpn_server_with_openvpn.html delete mode 100644 blog/dst/a/website_with_nginx.html delete mode 100644 blog/dst/a/xmpp_server_with_prosody.html delete mode 100644 blog/dst/g/flappybird_godot_devlog_1.html delete mode 100644 blog/dst/g/godot_project_structure.html delete mode 100644 blog/dst/g/gogodot_jam3_devlog_1.html delete mode 100644 blog/dst/g/starting_gamedev_blogging.html delete mode 100644 blog/dst/index.html delete mode 100644 blog/dst/rss.xml delete mode 100644 blog/dst/sitemap.xml delete mode 100644 blog/dst/tag/@english.html delete mode 100644 blog/dst/tag/@gamedev.html delete mode 100644 blog/dst/tag/@gamejam.html delete mode 100644 blog/dst/tag/@godot.html delete mode 100644 blog/dst/tag/@rant.html delete mode 100644 blog/dst/tag/@server.html delete mode 100644 blog/dst/tag/@short.html delete mode 100644 blog/dst/tag/@spanish.html delete mode 100644 blog/dst/tag/@tools.html delete mode 100644 blog/dst/tag/@tutorial.html delete mode 100644 blog/dst/tag/@update.html delete mode 100644 blog/old/dst/a/el_blog_ya_tiene_timestamps.html delete mode 100644 blog/old/dst/a/first_blog_post.html delete mode 100644 blog/old/dst/a/git_server_with_cgit.html delete mode 100644 blog/old/dst/a/linux_video_notes.html delete mode 100644 blog/old/dst/a/mail_server_with_postfix.html delete mode 100644 blog/old/dst/a/shell_scripting.html delete mode 100644 blog/old/dst/a/sql_video_notes.html delete mode 100644 blog/old/dst/a/website_with_nginx.html delete mode 100644 blog/old/dst/index.html delete mode 100644 blog/old/dst/sitemap.xml delete mode 100644 blog/old/src/.files delete mode 100644 blog/old/src/_footer.html delete mode 100644 blog/old/src/_header.html delete mode 100644 blog/old/src/a/el_blog_ya_tiene_timestamps.md delete mode 100644 blog/old/src/a/first_blog_post.md delete mode 100644 blog/old/src/a/git_server_with_cgit.md delete mode 100644 blog/old/src/a/linux_video_notes.md delete mode 100644 blog/old/src/a/mail_server_with_postfix.md delete mode 100644 blog/old/src/a/shell_scripting.md delete mode 100644 blog/old/src/a/sql_video_notes.md delete mode 100644 blog/old/src/a/website_with_nginx.md delete mode 100644 blog/old/src/index.md delete mode 100644 blog/old_newer/dst/a/asi_nomas_esta_quedando.html delete mode 100644 blog/old_newer/dst/a/el_blog_ya_tiene_timestamps.html delete mode 100644 blog/old_newer/dst/a/first_blog_post.html delete mode 100644 blog/old_newer/dst/a/git_server_with_cgit.html delete mode 100644 blog/old_newer/dst/a/linux_video_notes.html delete mode 100644 blog/old_newer/dst/a/mail_server_with_postfix.html delete mode 100644 blog/old_newer/dst/a/new_blogging_system.html delete mode 100644 blog/old_newer/dst/a/shell_scripting_video_notes.html delete mode 100644 blog/old_newer/dst/a/sql_video_notes.html delete mode 100644 blog/old_newer/dst/a/website_with_nginx.html delete mode 100644 blog/old_newer/dst/index.html delete mode 100644 blog/old_newer/dst/robots.txt delete mode 100644 blog/old_newer/dst/rss.xml delete mode 100644 blog/old_newer/dst/sitemap.xml delete mode 100644 blog/old_newer/dst/tag/@english.html delete mode 100644 blog/old_newer/dst/tag/@git.html delete mode 100644 blog/old_newer/dst/tag/@linux.html delete mode 100644 blog/old_newer/dst/tag/@mail.html delete mode 100644 blog/old_newer/dst/tag/@nginx.html delete mode 100644 blog/old_newer/dst/tag/@notes.html delete mode 100644 blog/old_newer/dst/tag/@scripting.html delete mode 100644 blog/old_newer/dst/tag/@server.html delete mode 100644 blog/old_newer/dst/tag/@shell.html delete mode 100644 blog/old_newer/dst/tag/@short.html delete mode 100644 blog/old_newer/dst/tag/@spanish.html delete mode 100644 blog/old_newer/dst/tag/@sql.html delete mode 100644 blog/old_newer/dst/tag/@tools.html delete mode 100644 blog/old_newer/dst/tag/@tutorial.html delete mode 100644 blog/old_newer/dst/tag/@update.html delete mode 100644 blog/old_newer/src/.files delete mode 100644 blog/old_newer/src/a/asi_nomas_esta_quedando.md delete mode 100644 blog/old_newer/src/a/el_blog_ya_tiene_timestamps.md delete mode 100644 blog/old_newer/src/a/first_blog_post.md delete mode 100644 blog/old_newer/src/a/git_server_with_cgit.md delete mode 100644 blog/old_newer/src/a/linux_video_notes.md delete mode 100644 blog/old_newer/src/a/mail_server_with_postfix.md delete mode 100644 blog/old_newer/src/a/new_blogging_system.md delete mode 100644 blog/old_newer/src/a/shell_scripting_video_notes.md delete mode 100644 blog/old_newer/src/a/sql_video_notes.md delete mode 100644 blog/old_newer/src/a/website_with_nginx.md delete mode 100644 blog/old_newer/src/templates/article/footer.html delete mode 100644 blog/old_newer/src/templates/article/header.html delete mode 100644 blog/old_newer/src/templates/articles/footer.html delete mode 100644 blog/old_newer/src/templates/articles/header.html delete mode 100644 blog/old_newer/src/templates/articles/list_entry.html delete mode 100644 blog/old_newer/src/templates/articles/list_footer.html delete mode 100644 blog/old_newer/src/templates/articles/list_header.html delete mode 100644 blog/old_newer/src/templates/articles/list_separator.html delete mode 100644 blog/old_newer/src/templates/common/footer.html delete mode 100644 blog/old_newer/src/templates/common/header.html delete mode 100644 blog/old_newer/src/templates/rss/rss.xml delete mode 100644 blog/old_newer/src/templates/sitemap/sitemap.xml delete mode 100644 blog/old_newer/src/templates/tag/footer.html delete mode 100644 blog/old_newer/src/templates/tag/header.html delete mode 100644 blog/old_newer/src/templates/tag/list_entry.html delete mode 100644 blog/old_newer/src/templates/tag/list_footer.html delete mode 100644 blog/old_newer/src/templates/tag/list_header.html delete mode 100644 blog/old_newer/src/templates/tag/list_separator.html delete mode 100644 blog/plt/base.html delete mode 100644 blog/plt/index.html delete mode 100644 blog/plt/page.html delete mode 100644 blog/plt/page_list.html delete mode 100644 blog/plt/page_nav.html delete mode 100644 blog/plt/rss.xml delete mode 100644 blog/plt/sitemap.xml delete mode 100644 blog/plt/tag.html delete mode 100644 blog/plt/tag_list.html delete mode 100644 blog/src/.files delete mode 100644 blog/src/a/acomodada_la_pagina_de_arte.md delete mode 100644 blog/src/a/asi_nomas_esta_quedando.md delete mode 100644 blog/src/a/devs_android_me_trozaron.md delete mode 100644 blog/src/a/el_blog_ya_tiene_timestamps.md delete mode 100644 blog/src/a/first_blog_post.md delete mode 100644 blog/src/a/git_server_with_cgit.md delete mode 100644 blog/src/a/hoy_toco_desarrollo_personaje.md delete mode 100644 blog/src/a/mail_server_with_postfix.md delete mode 100644 blog/src/a/new_blogging_system.md delete mode 100644 blog/src/a/password_manager_authenticator_setup.md delete mode 100644 blog/src/a/tenia_esto_descuidado.md delete mode 100644 blog/src/a/volviendo_a_usar_la_pagina.md delete mode 100644 blog/src/a/vpn_server_with_openvpn.md delete mode 100644 blog/src/a/website_with_nginx.md delete mode 100644 blog/src/a/xmpp_server_with_prosody.md delete mode 100644 blog/src/g/flappybird_godot_devlog_1.md delete mode 100644 blog/src/g/godot_project_structure.md delete mode 100644 blog/src/g/gogodot_jam3_devlog_1.md delete mode 100644 blog/src/g/starting_gamedev_blogging.md delete mode 100644 blog/trash/linux_video_notes.md delete mode 100644 blog/trash/shell_scripting_video_notes.md delete mode 100644 blog/trash/sql_video_notes.md (limited to 'blog') diff --git a/blog/config.ini b/blog/config.ini deleted file mode 100644 index ddf2304..0000000 --- a/blog/config.ini +++ /dev/null @@ -1,17 +0,0 @@ -[path] -site=$HOME/luevano.xyz/blog -src=%(site)s/src -dst=%(site)s/dst -plt=%(site)s/plt -[url] -main=https://blog.luevano.xyz -static=https://static.luevano.xyz -default_image=/images/b/default.png -[fmt] -date=%%a, %%b %%d, %%Y @ %%H:%%M %%Z -list_date=%%b %%d -list_sep_date=%%B %%Y -[info] -title=Luévano's Blog -[other] -force=False diff --git a/blog/dst/404.html b/blog/dst/404.html deleted file mode 120000 index 265b7a8..0000000 --- a/blog/dst/404.html +++ /dev/null @@ -1 +0,0 @@ -../../luevano/404.html \ No newline at end of file diff --git a/blog/dst/a/acomodada_la_pagina_de_arte.html b/blog/dst/a/acomodada_la_pagina_de_arte.html deleted file mode 100644 index 63edc40..0000000 --- a/blog/dst/a/acomodada_la_pagina_de_arte.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - Al fin ya me acomodé la página pa' los dibujos -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Al fin ya me acomodé la página pa' los dibujos

- -

Así es, ya quedó acomodado el sub-dominio art.luevano.xyz pos pal arte veda. Entonces pues ando feliz por eso.

-

Este pedo fue gracias a que me reescribí la forma en la que pyssg maneja los templates, ahora uso el sistema de jinja en vez del cochinero que hacía antes.

-

Y pues nada más eso, aquí está el primer post y por supuesto acá está el link del RSS https://art.luevano.xyz/rss.xml.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/asi_nomas_esta_quedando.html b/blog/dst/a/asi_nomas_esta_quedando.html deleted file mode 100644 index 6098c6f..0000000 --- a/blog/dst/a/asi_nomas_esta_quedando.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - Así nomás está quedando el página -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Así nomás está quedando el página

- -

Estuve acomodando un poco más el sItIo, al fin agregué la “sección” de contact y de donate por si hay algún loco que quiere tirar varo.

-

También me puse a acomodar un servidor de XMPP el cual, en pocas palabras, es un protocolo de mensajería instantánea (y más) descentralizado, por lo cual cada quien puede hacer una cuenta en el servidor que quiera y conectarse con cuentas creadas en otro servidor… exacto, como con los correos electrónicos. Y esto está perro porque si tú tienes tu propio server, así como con uno de correo electrónico, puedes controlar qué características tiene, quiénes pueden hacer cuenta, si hay end-to-end encryption (o mínimo end-to-server), entre un montón de otras cosas.

-

Ahorita este server es SUMISO (compliant en español, jeje) para jalar con la app conversations y con la red social movim, pero realmente funcionaría con casi cualquier cliente de XMPP, amenos que ese cliente implemente algo que no tiene mi server. Y también acomodé un server de Matrix que es muy similar pero es bajo otro protocolo y se siente más como un discord/slack (al menos en el element), muy chingón también.

-

Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el pyssg para que jale chido para este pex.

-

Ya por último también quiero moverle un poco al CSS, porque lo dejé en un estado muy culerón y quiero meterle/ajustar unas cosas para que quede más limpio y medianamente bonito… dentro de lo que cabe porque evidentemente me vale verga si se ve como una página del 2000.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/devs_android_me_trozaron.html b/blog/dst/a/devs_android_me_trozaron.html deleted file mode 100644 index b7fb31c..0000000 --- a/blog/dst/a/devs_android_me_trozaron.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - Los devs de Android/MIUI me trozaron -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Los devs de Android/MIUI me trozaron

- -

Llevo dos semanas posponiendo esta entrada porque andaba bien enojado (todavía, pero ya se anda pasando) y me daba zzz. Pero bueno, antes que nada este pex ocupa un poco de contexto sobre dos cositas:

- -

Ahora sí vamonos por partes, primero que nada lo que sucedió fue que ordené una mSD con más capacidad que la que ya tenía (64 GB -> 512 GB, poggies), porque últimamente he estado bajando y leyendo mucho manga entonces me estaba quedando sin espacio. Ésta llegó el día de mi cumpleaños lo cuál estuvo chingón, me puse a hacer backup de la mSD que ya tenía y preparando todo, muy bonito, muy bonito.

-

Empecé a tener problemas, porque al estar moviendo tanto archivo pequeño (porque recordemos que el tachiyomi trata a cada página como una sola imagen), la conexión entre el celular y mi computadora se estaba corte y corte por alguna razón; en general muchos pedos. Por lo que mejor le saqué la nueva mSD y la metí directo a mi computadora por medio de un adaptador para batallar menos y que fuera más rápido.

-

Hacer este pedo de mover archivos directamente en la mSD puede llevar a corromper la memoria, no se los detalles pero pasa (o quizá estoy meco e hice algo mal). Por lo que al terminar de mover todo a la nueva mSD y ponerla en el celular, éste se emputó que porque no la detectaba y que quería tirar un formateo a la mSD. A este punto no me importaba mucho, sólo era questión de volvera mover archivos y ser más cuidadoso; “no issues from my end” diría en mis standups.

-

Todo valió vergota porque en cierto punto al elegir sí formatear la mSD mi celular me daba la opción de “usar la micro SD para el celular” o “usar la micro SD como memoria portátil” (o algo entre esas líneas), y yo, estúpidamente, elegí la primera, porque me daba sentido: “no, pues simón, voy a usar esta memoria para este celular”.

-

Pues mamé, resulta que esa primera opción lo que realmente quería decir es que se iba a usar la micro SD como interna usando el pex este de adoptable storage. Entonces básicamente perdí mi capacidad de memoria interna (128 GB aprox.), y toda la mSD nueva se usó como memoria interna. Todo se juntó, si intentaba sacar la mSD todo se iba a la mierda y no podía usar muchas aplicaciones. “No hay pedo”, pensé, “nada más es cuestión de desactivar esta mamada de adoptable storage”.

-

Ni madres dijeron los devs de Android, este pedo nada más es un one-way: puedes activar adoptable storage pero para desactivarlo ocupas, a huevo, formatear tu celular a estado de fábrica. Chingué a mi madre, comí mierda, perdí.

-

Pues eso fue lo que hice, ni modo. Hice backup de todo lo que se me ocurrió (también me di cuenta que G**gl* authenticator es cagada ya que no te deja hacer backup, entre otras cosas, mejor usen Aegis authenticator), desactivé todo lo que se tenía que desactivar y tocó hacer factory reset, ni modo. Pero como siempre las cosas salen mal y tocó comer mierda del banco porque me bloquearon la tarjeta, perdí credenciales necesarias para el trabajo (se resolvió rápido), etc., etc.. Ya no importa, ya casi todo está resuelto, sólo queda ir al banco a resolver lo de la tarjeta bloqueada (esto es para otro rant, pinches apps de bancos piteras, ocupan hacer una sola cosa y la hacen mal).

-

Al final del día, la causa del problema fueron los malditos mangas (por andar queriendo backupearlos), que terminé bajando de nuevo manualmente y resultó mejor porque aparentemente tachiyomi agregó la opción de “zippear” los mangas en formato CBZ, por lo que ya son más fácil de mover de un lado para otro, el fono no se queda pendejo, etc., etc..

-

Por último, quiero decir que los devs de Android son unos pendejos por no hacer reversible la opción de adoptable storage, y los de MIUI son todavía más por no dar detalles de lo que significan sus opciones de formateo, especialmente si una opción es tan chingadora que para revertirla necesitas formatear a estado de fábrica tu celular; más que nada es culpa de los de MIUI, todavía que ponen un chingo de A(i)DS en todas sus apps, no pueden poner una buena descripción en sus opciones. REEEE.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/el_blog_ya_tiene_timestamps.html b/blog/dst/a/el_blog_ya_tiene_timestamps.html deleted file mode 100644 index 9511899..0000000 --- a/blog/dst/a/el_blog_ya_tiene_timestamps.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - Así es raza, el blog ya tiene timestamps -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Así es raza, el blog ya tiene timestamps

- -

Pues eso, esta entrada es sólo para tirar update sobre mi primer post. Ya modifiqué el ssg lo suficiente como para que maneje los timestamps, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender.

-

Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.

-

El ssg modificado está en mis dotfiles (o directamente aquí).

-

Por último, también quité las extensiones .html de las URLs, porque se veía bien pitero, pero igual los links con .html al final redirigen a su link sin .html, así que no hay rollo alguno.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/first_blog_post.html b/blog/dst/a/first_blog_post.html deleted file mode 100644 index ed5dbcd..0000000 --- a/blog/dst/a/first_blog_post.html +++ /dev/null @@ -1,144 +0,0 @@ - - - - - - - This is the first blog post, just for testing purposes -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

This is the first blog post, just for testing purposes

- -

I’m making this post just to figure out how ssg5 and lowdown are supposed to work (and eventually also rssg).

-

At the moment, I’m not satisfied because there’s no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the blog homepage (and there’s also the problem with the ordering of the entries…). And all of this just because I didn’t want to use Luke’s solution (don’t really like that much how he handles the scripts… but they just work).

-

Hopefully, for tomorrow all of this will be sorted out and I’ll have a working blog system.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/git_server_with_cgit.html b/blog/dst/a/git_server_with_cgit.html deleted file mode 100644 index b43d38f..0000000 --- a/blog/dst/a/git_server_with_cgit.html +++ /dev/null @@ -1,265 +0,0 @@ - - - - - - - Create a git server and setup cgit web app (on Nginx) -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Create a git server and setup cgit web app (on Nginx)

- -

My git server is all I need to setup to actually kill my other server (I’ve been moving from servers on these last 2-3 blog entries), that’s why I’m already doing this entry. I’m basically following git’s guide on setting up a server plus some specific stuff for (btw i use) Arch Linux (Arch Linux Wiki: Git server and Step by step guide on setting up git server in arch linux (pushable)).

-

Note that this is mostly for personal use, so there’s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.

-

Prerequisites

-

I might get tired of saying this (it’s just copy paste, basically)… but you will need the same prerequisites as before (check my website and mail entries), with the extras:

- -

Git

-

Git is a version control system.

-

If not installed already, install the git package:

-
pacman -S git
-
-

On Arch Linux, when you install the git package, a git user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on /home/git like if git was a “normal” user. So, create the git folder (with corresponding permissions) under /home and set the git user’s home to /home/git:

-
mkdir /home/git
-chown git:git /home/git
-usermod -d /home/git git
-
-

Also, the git user is “expired” by default and will be locked (needs a password), change that with:

-
chage -E -1 git
-passwd git
-
-

Give it a strong one and remember to use PasswordAuthentication no for ssh (as you should). Create the .ssh/authorized_keys for the git user and set the permissions accordingly:

-
mkdir /home/git/.ssh
-chmod 700 /home/git/.ssh
-touch /home/git/.ssh/authorized_keys
-chmod 600 /home/git/.ssh/authorized_keys
-chown -R git:git /home/git
-
-

Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using ssh‘s built in ssh-copy-id (for that you may want to check your ssh configuration in case you don’t let people access your server with user/password).

-

Next, and almost finally, we need to edit the git-daemon service, located at /usr/lib/systemd/system/ (called git-daemon@.service):

-
...
-ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack
-...
-
-

I just appended --enable=receive-pack and note that I also changed the --base-path to reflect where I want to serve my repositories from (has to match what you set when changing git user’s home).

-

Now, go ahead and start and enable the git-daemon socket:

-
systemctl start git-daemon.socket
-systemctl enable git-daemon.socket
-
-

You’re basically done. Now you should be able to push/pull repositories to your server… except, you haven’t created any repository in your server, that’s right, they’re not created automatically when trying to push. To do so, you have to run (while inside /home/git):

-
git init --bare {repo_name}.git
-chown -R git:git repo_name.git
-
-

Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame… although there are options to “automate” this, I like it this way).

-

After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check this gist.

-

Cgit

-

Cgit is a fast web interface for git.

-

This is optionally since it’s only for the web application.

-

Install the cgit and fcgiwrap packages:

-
pacman -S cgit fcgiwrap
-
-

Now, just start and enable the fcgiwrap socket:

-
systemctl start fcgiwrap.socket
-systemctl enable fcgiwrap.socket
-
-

Next, create the git.conf as stated in my nginx setup entry. Add the following lines to your git.conf file:

-
server {
-    listen 80;
-    listen [::]:80;
-    root /usr/share/webapps/cgit;
-    server_name {yoursubdomain}.{yourdomain};
-    try_files $uri @cgit;
-
-    location @cgit {
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
-        fastcgi_param PATH_INFO $uri;
-        fastcgi_param QUERY_STRING $args;
-        fastcgi_param HTTP_HOST $server_name;
-        fastcgi_pass unix:/run/fcgiwrap.sock;
-    }
-}
-
-

Where the server_name line depends on you, I have mine setup to git.luevano.xyz and www.git.luevano.xyz. Optionally run certbot --nginx to get a certificate for those domains if you don’t have already.

-

Now, all that’s left is to configure cgit. Create the configuration file /etc/cgitrc with the following content (my personal options, pretty much the default):

-
css=/cgit.css
-logo=/cgit.png
-
-enable-http-clone=1
-# robots=noindex, nofollow
-virtual-root=/
-
-repo.url={url}
-repo.path={dir_path}
-repo.owner={owner}
-repo.desc={short_description}
-
-...
-
-

Where you can uncomment the robots line to let web crawlers (like Google’s) to index your git web app. And at the end keep all your repositories (the ones you want to make public), for example for my dotfiles I have:

-
...
-repo.url=.dots
-repo.path=/home/git/.dots.git
-repo.owner=luevano
-repo.desc=These are my personal dotfiles.
-...
-
-

Otherwise you could let cgit to automatically detect your repositories (you have to be careful if you want to keep “private” repos) using the option scan-path and setup .git/description for each repository. For more, you can check cgitrc(5).

-

By default you can’t see the files on the site, you need a highlighter to render the files, I use highlight. Install the highlight package:

-
pacman -S highlight
-
-

Copy the syntax-highlighting.sh script to the corresponding location (basically adding -edited to the file):

-
cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh
-
-

And edit it to use the version 3 and add --inline-css for more options without editing cgit‘s CSS file:

-
...
-# This is for version 2
-# exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
-
-# This is for version 3
-exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null
-...
-
-

Finally, enable the filter in /etc/cgitrc configuration:

-
source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
-
-

That would be everything. If you need support for more stuff like compressed snapshots or support for markdown, check the optional dependencies for cgit.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/hoy_toco_desarrollo_personaje.html b/blog/dst/a/hoy_toco_desarrollo_personaje.html deleted file mode 100644 index 35dcbf1..0000000 --- a/blog/dst/a/hoy_toco_desarrollo_personaje.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - Hoy me tocó desarrollo de personaje -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Hoy me tocó desarrollo de personaje

- -

Sabía que hoy no iba a ser un día tan bueno, pero no sabía que iba a estar tan horrible; me tocó desarrollo de personaje y saqué el bad ending.

-

Básicamente tenía que cumplir dos misiones hoy: ir al banco a un trámite y vacunarme contra el Covid-19. Muy sencillas tareas.

-

Primero que nada me levanté de una pesadilla horrible en la que se puede decir que se me subió el muerto al querer despertar, esperé a que fuera casi la hora de salida de mi horario de trabajo, me bañé y fui directo al banco primero. Todo bien hasta aquí.

-

En el camino al banco, durante la plática con el conductor del Uber salió el tema del horario del banco. Yo muy tranquilo dije “pues voy algo tarde, pero sí alcanzo, cierran a las 5, ¿no?” a lo que me respondió el conductor “nel jefe, a las 4, y se van media hora antes”; quedé. Chequé y efectivamente cerraban a las 4. Entonces le dije que le iba a cambiar la ruta directo a donde me iba a vacunar, pero ya era muy tarde y quedaba para la dirección opuesta.”Ni pedo, ahí déjame y pido otro viaje, no te apures”, le dije y como siempre pues me deseó que se compusiera mi día; afortunadamente el banco sí estaba abierto para lo que tenía que hacer, así que fue un buen giro. Me puse muy feliz y asumí que sería un buen día, como me lo dijo mi conductor; literalmente NO SABÍA.

-

Salí feliz de poder haber completado esa misión y poder irme a vacunar. Pedí otro Uber a donde tenía que ir y todo bien. Me tocó caminar mucho porque la entrada estaba en punta de la chingada de donde me dejó el conductor, pero no había rollo, era lo de menos. Me desanimé cuando vi que había una cantidad estúpida de gente, era una fila que abarcaba todo el estacionamiento y daba demasiadas vueltas; “ni pedo”, dije, “si mucho me estaré aquí una hora, hora y media”… otra vez, literalmente NO SABÍA.

-

Pasó media hora y había avanzado lo que parecía ser un cuarto de la fila, entonces todo iba bien. Pues nel, había avanzado el equivalente a un octavo de la fila, este pedo no iba a salir en una hora-hora y media. Para acabarla de chingar era todo bajo el tan amado sol de Chiwawa. “No hay pedo, me entretengo tirando chal con alguien en el wasap”, pues no, aparentemente no cargué el celular y ya tenía 15-20% de batería… volví a quedar.

-

Se me acabó la pila, ya había pasado una hora y parecía que la fila era infinita, simplemente avanzábamos demasiado lento, a pesar de que los que venían atrás de mí repetían una y otra vez “mira, avanza bien rápido, ya mero llegamos”, ilusos. Duré aproximadamente 3 horas formado, aguantando conversaciones estúpidas a mi alrededor, gente quejándose por estar parada (yo también me estaba quejando pero dentro de mi cabeza), y por alguna razón iban familias completas de las cuales al final del día sólo uno o dos integrantes de la familia entraban a vacunarse.

-

En fin que se acabó la tortura y ya tocaba irse al cantón, todo bien. “No hay pedo, no me tocó irme en Uber, aquí agarro un camíon” pensé. Pero no, ningún camión pasó durante la hora que estuve esperando y de los 5 taxis que intenté parar NINGUNO se detuvo. Decidí irme caminado, ya qué más daba, en ese punto ya nada más era hacer corajes dioquis.

-

En el camino vi un Oxxo y decidí desviarme para comprar algo de tomar porque andaba bien deshidratado. En el mismo segundo que volteé para ir hacia el Oxxo pasó un camión volando y lo único que pensaba era que el conductor me decía “Jeje ni pedo:)”. Exploté, me acabé, simplemente perdí, saqué el bad ending.

-

Ya estaba harto y hasta iba a comprar un cargador para ya irme rápido, estaba cansado del día, simplemente ahí terminó la quest, había sacado el peor final. Lo bueno es que se me ocurrió pedirle al cajero un cargador y que me tirara paro. Todo bien, pedí mi Uber y llegué a mi casa sano y a salvo, pero con la peor rabia que me había dado en mucho tiempo. Simplemente ¿mi culo? explotado. Este día me tocó un desarrollo de personaje muy cabrón, se mamó el D*****o.

-

Lo único rescatable fue que había una (más bien como 5) chica muy guapa en la fila, lástima que los stats de mi personaje me tienen bloqueadas las conversaciones con desconocidos.

-

Y pues ya, este pex ya me sirvió para desahogarme, una disculpa por la redacción tan pitera. Sobres.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/mail_server_with_postfix.html b/blog/dst/a/mail_server_with_postfix.html deleted file mode 100644 index 1cdb78d..0000000 --- a/blog/dst/a/mail_server_with_postfix.html +++ /dev/null @@ -1,502 +0,0 @@ - - - - - - - Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM

- -

The entry is going to be long because it’s a tedious process. This is also based on Luke Smith’s script, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I’m in the process of installing/configuring the mail server on a new VPS of mine; also I’m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted here.

-

This configuration works for local users (users that appear in /etc/passwd), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges.

-

Prerequisites

-

Basically the same as with the website with Nginx and Certbot, with the extras:

- -

Postfix

-

Postfix is a “mail transfer agent” which is the component of the mail server that receives and sends emails via SMTP.

-

Install the postfix package:

-
pacman -S postfix
-
-

We have two main files to configure (inside /etc/postfix): master.cf (master(5)) and main.cf (postconf(5)). We’re going to edit main.cf first either by using the command postconf -e 'setting' or by editing the file itself (I prefer to edit the file).

-

Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke’s script did plus some other settings that worked for me.

-

Now, first locate where your website cert is, mine is at the default location /etc/letsencrypt/live/, so my certdir is /etc/letsencrypt/live/luevano.xyz. Given this information, change {yourcertdir} on the corresponding lines. The configuration described below has to be appended in the main.cf configuration file.

-

Certificates and ciphers to use for authentication and security:

-
smtpd_tls_key_file = {yourcertdir}/privkey.pem
-smtpd_tls_cert_file = {yourcertdir}/fullchain.pem
-smtpd_use_tls = yes
-smtpd_tls_auth_only = yes
-smtp_tls_security_level = may
-smtp_tls_loglevel = 1
-smtp_tls_CAfile = {yourcertdir}/cert.pem
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-tls_preempt_cipherlist = yes
-smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
-                DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
-                RSA+AES, eNULL
-
-smtp_tls_CApath = /etc/ssl/certs
-smtpd_tls_CApath = /etc/ssl/certs
-
-smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
-
-

Also, for the connection with dovecot, append the next few lines (telling postfix that dovecot will use user/password for authentication):

-
smtpd_sasl_auth_enable = yes
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_security_options = noanonymous, noplaintext
-smtpd_sasl_tls_security_options = noanonymous
-
-

Specify the mailbox home (this is going to be a directory inside your user’s home containing the actual mail files):

-
home_mailbox = Mail/Inbox/
-
-

Pre-configuration to work seamlessly with dovecot and opendkim:

-
myhostname = {yourdomainname}
-mydomain = localdomain
-mydestination = $myhostname, localhost.$mydomain, localhost
-
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:127.0.0.1:8891
-non_smtpd_milters = inet:127.0.0.1:8891
-mailbox_command = /usr/lib/dovecot/deliver
-
-

Where {yourdomainname} is luevano.xyz in my case, or if you have localhost configured to your domain, then use localhost for myhostname (myhostname = localhost).

-

Lastly, if you don’t want the sender’s IP and user agent (application used to send the mail), add the following line:

-
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
-
-

And create the /etc/postfix/smtp_header_checks file with the following content:

-
/^Received: .*/     IGNORE
-/^User-Agent: .*/   IGNORE
-
-

That’s it for main.cf, now we have to configure master.cf. This one is a bit more tricky.

-

First look up lines (they’re uncommented) smtp inet n - n - - smtpd, smtp unix - - n - - smtp and -o syslog_name=postfix/$service_name and either delete or uncomment them… or just run sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf as stated in Luke’s script.

-

Lastly, append the following lines to complete postfix setup and pre-configure for spamassassin.

-
smtp unix - - n - - smtp
-smtp inet n - y - - smtpd
-    -o content_filter=spamassassin
-submission inet n - y - - smtpd
-    -o syslog_name=postfix/submission
-    -o smtpd_tls_security_level=encrypt
-    -o smtpd_sasl_auth_enable=yes
-    -o smtpd_tls_auth_only=yes
-smtps inet n - y - - smtpd
-    -o syslog_name=postfix/smtps
-    -o smtpd_tls_wrappermode=yes
-    -o smtpd_sasl_auth_enable=yes
-spamassassin unix - n n - - pipe
-    user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}
-
-

Now, I ran into some problems with postfix, one being smtps: Servname not supported for ai_socktype, to fix it, as Till posted in that site, edit /etc/services and add:

-
smtps 465/tcp
-smtps 465/udp
-
-

Before starting the postfix service, you need to run newaliases first, but you can do a bit of configuration beforehand editing the file /etc/postfix/aliases. I only change the root: you line (where you is the account that will be receiving “root” mail). After you’re done, run:

-
postalias /etc/postfix/aliases
-newaliases
-
-

At this point you’re done configuring postfix and you can already start/enable the postfix service:

-
systemctl start postfix.service
-systemctl enable postfix.service
-
-

Dovecot

-

Dovecot is an IMAP and POP3 server, which is what lets an email application retrieve the mail.

-

Install the dovecot and pigeonhole (sieve for dovecot) packages:

-
pacman -S dovecot pigeonhole
-
-

On arch, by default, there is no /etc/dovecot directory with default configurations set in place, but the package does provide the example configuration files. Create the dovecot directory under /etc and, optionally, copy the dovecot.conf file and conf.d directory under the just created dovecot directory:

-
mkdir /etc/dovecot
-cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
-cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
-
-

As Luke stated, dovecot comes with a lot of “modules” (under /etc/dovecot/conf.d/ if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edit/create the whole dovecot.conf file; although, I would like to check each of the separate configuration files dovecot provides I think the options Luke provides are more than good enough.

-

I’m working with an empty dovecot.conf file. Add the following lines for SSL and login configuration (also replace {yourcertdir} with the same certificate directory described in the Postfix section above, note that the < is required):

-
ssl = required
-ssl_cert = <{yourcertdir}/fullchain.pem
-ssl_key = <{yourcertdir}/privkey.pem
-ssl_min_protocol = TLSv1.2
-ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
-ssl_prefer_server_ciphers = yes
-ssl_dh = </etc/dovecot/dh.pem
-
-auth_mechanisms = plain login
-auth_username_format = %n
-protocols = $protocols imap
-
-

You may notice we specify a file we don’t have under /etc/dovecot: dh.pem. We need to create it with openssl (you should already have it installed if you’ve been following this entry and the one for nginx). Just run (might take a few minutes):

-
openssl dhparam -out /etc/dovecot/dh.pem 4096
-
-

After that, the next lines define what a “valid user is” (really just sets the database for users and passwords to be the local users with their password):

-
userdb {
-    driver = passwd
-}
-
-passdb {
-    driver = pam
-}
-
-

Next, comes the mail directory structure (has to match the one described in the Postfix section). Here, the LAYOUT option is important so the boxes are .Sent instead of Sent. Add the next lines (plus any you like):

-
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
-namespace inbox {
-    inbox = yes
-
-    mailbox Drafts {
-        special_use = \Drafts
-        auto = subscribe
-        }
-
-    mailbox Junk {
-        special_use = \Junk
-        auto = subscribe
-        autoexpunge = 30d
-        }
-
-    mailbox Sent {
-        special_use = \Sent
-        auto = subscribe
-        }
-
-    mailbox Trash {
-        special_use = \Trash
-        }
-
-    mailbox Archive {
-        special_use = \Archive
-        }
-}
-
-

Also include this so Postfix can use Dovecot’s authentication system:

-
service auth {
-    unix_listener /var/spool/postfix/private/auth {
-        mode = 0660
-        user = postfix
-        group = postfix
-        }
-}
-
-

Lastly (for Dovecot at least), the plugin configuration for sieve (pigeonhole):

-
protocol lda {
-    mail_plugins = $mail_plugins sieve
-}
-
-protocol lmtp {
-    mail_plugins = $mail_plugins sieve
-}
-
-plugin {
-    sieve = ~/.dovecot.sieve
-    sieve_default = /var/lib/dovecot/sieve/default.sieve
-    sieve_dir = ~/.sieve
-    sieve_global_dir = /var/lib/dovecot/sieve/
-
-

Where /var/lib/dovecot/sieve/default.sieve doesn’t exist yet. Create the folders:

-
mkdir -p /var/lib/dovecot/sieve
-
-

And create the file default.sieve inside that just created folder with the content:

-
require ["fileinto", "mailbox"];
-if header :contains "X-Spam-Flag" "YES" {
-    fileinto "Junk";
-}
-
-

Now, if you don’t have a vmail (virtual mail) user, create one and change the ownership of the /var/lib/dovecot directory to this user:

-
grep -q "^vmail:" /etc/passwd || useradd -m vmail -s /usr/bin/nologin
-chown -R vmail:vmail /var/lib/dovecot
-
-

Note that I also changed the shell for vmail to be /usr/bin/nologin. After that, to compile the configuration file run:

-
sievec /var/lib/dovecot/sieve/default.sieve
-
-

A default.svbin file will be created next to default.sieve.

-

Next, add the following lines to /etc/pam.d/dovecot if not already present (shouldn’t be there if you’ve been following these notes):

-
auth required pam_unix.so nullok
-account required pam_unix.so
-
-

That’s it for Dovecot, at this point you can start/enable the dovecot service:

-
systemctl start dovecot.service
-systemctl enable dovecot.service
-
-

OpenDKIM

-

OpenDKIM is needed so services like G**gle (we don’t mention that name here [[[this is a meme]]]) don’t throw the mail to the trash. DKIM stands for “DomainKeys Identified Mail”.

-

Install the opendkim package:

-
pacman -S opendkim
-
-

Generate the keys for your domain:

-
opendkim-genkey -D /etc/opendkim -d {yourdomain} -s {yoursubdomain} -r -b 2048
-
-

Where you need to change {yourdomain} and {yoursubdomain} (doesn’t really need to be the sub-domain, could be anything that describes your key) accordingly, for me it’s luevano.xyz and mail, respectively. After that, we need to create some files inside the /etc/opendkim directory. First, create the file KeyTable with the content:

-
{yoursubdomain}._domainkey.{yourdomain} {yourdomain}:{yoursubdomain}:/etc/opendkim/{yoursubdomain}.private
-
-

So, for me it would be:

-
mail._domainkey.luevano.xyz luevano.xyz:mail:/etc/opendkim/mail.private
-
-

Next, create the file SigningTable with the content:

-
*@{yourdomain} {yoursubdomain}._domainkey.{yourdomain}
-
-

Again, for me it would be:

-
*@luevano.xyz mail._domainkey.luevano.xyz
-
-

And, lastly create the file TrustedHosts with the content:

-
127.0.0.1
-::1
-10.1.0.0/16
-1.2.3.4/24
-localhost
-{yourserverip}
-...
-
-

And more, make sure to include your server IP and something like subdomain.domainname.

-

Next, edit /etc/opendkim/opendkim.conf to reflect the changes (or rather, addition) of these files, as well as some other configuration. You can look up the example configuration file located at /usr/share/doc/opendkim/opendkim.conf.sample, but I’m creating a blank one with the contents:

-
Domain {yourdomain}
-Selector {yoursubdomain}
-
-Syslog Yes
-UserID opendkim
-
-KeyFile /etc/opendkim/{yoursubdomain}.private
-Socket inet:8891@localhost
-
-

Now, change the permissions for all the files inside /etc/opendkim:

-
chown -R root:opendkim /etc/opendkim
-chmod g+r /etc/postfix/dkim/*
-
-

I’m using root:opendkim so opendkim doesn’t complain about the {yoursubdomani}.private being insecure (you can change that by using the option RequireSafeKeys False in the opendkim.conf file, as stated here).

-

That’s it for the general configuration, but you could go more in depth and be more secure with some extra configuration.

-

Now, just start/enable the opendkim service:

-
systemctl start opendkim.service
-systemctl enable opendkim.service
-
-

And don’t forget to add the following TXT records on your domain registrar (these examples are for Epik):

-
    -
  1. DKIM entry: look up your {yoursubdomain}.txt file, it should look something like:
  2. -
-
{yoursubdomain}._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "
-    "p=..."
-    "..." )  ; ----- DKIM key mail for {yourdomain}
-
-

In the TXT record you will place {yoursubdomain}._domainkey as the “Host” and "v=DKIM1; k=rsa; s=email; " "p=..." "..." in the “TXT Value” (replace the dots with the actual value you see in your file).

-
    -
  1. -

    DMARC entry: just _dmarc.{yourdomain} as the “Host” and "v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1" as the “TXT Value”.

    -
  2. -
  3. -

    SPF entry: just @ as the “Host” and "v=spf1 mx a:{yoursubdomain}.{yourdomain} - all" as the “TXT Value”.

    -
  4. -
-

And at this point you could test your mail for spoofing and more.

-

SpamAssassin

-

SpamAssassin is just a mail filter to identify spam.

-

Install the spamassassin package (which will install a bunch of ugly perl packages…):

-
pacman -S spamassassin
-
-

For some reason, the permissions on all spamassassin stuff are all over the place. First, change owner of the executables, and directories:

-
chown spamd:spamd /usr/bin/vendor_perl/sa-*
-chown spamd:spamd /usr/bin/vendor_perl/spam*
-chwown -R spamd:spamd /etc/mail/spamassassin
-
-

Then, you can edit local.cf (located in /etc/mail/spamassassin) to fit your needs (I only uncommented the rewrite_header Subject ... line). And then you can run the following command to update the patterns and compile them:

-
sudo -u spamd sa-update
-sudo -u spamd sa-compile
-
-

And since this should be run periodically, create the service spamassassin-update.service under /etc/systemd/system with the following content:

-
[Unit]
-Description=SpamAssassin housekeeping
-After=network.target
-
-[Service]
-User=spamd
-Group=spamd
-Type=oneshot
-
-ExecStart=/usr/bin/vendor_perl/sa-update --allowplugins
-SuccessExitStatus=1
-ExecStart=/usr/bin/vendor_perl/sa-compile
-ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service
-
-

And you could also execute sa-learn to train spamassassin‘s bayes filter, but this works for me. Then create the timer spamassassin-update.timer under the same directory, with the content:

-
[Unit]
-Description=SpamAssassin housekeeping
-
-[Timer]
-OnCalendar=daily
-Persistent=true
-
-[Install]
-WantedBy=timers.target
-
-

You can now start/enable the spamassassin-update timer:

-
systemctl start spamassassin-update.timer
-systemctl enable spamassassin-update.timer
-
-

Next, you may want to edit the spamassassin service before starting and enabling it, because by default, it could spawn a lot of “childs” eating a lot of resources and you really only need one child. Append --max-children=1 to the line ExecStart=... in /usr/bin/systemd/system/spamassassin.service:

-
...
-ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/spamd.sock --listen=localhost --max-children=1
-...
-
-

Finally, start and enable the spamassassin service:

-
systemctl start spamassassin.service
-systemctl enable spamassassin.service
-
-

Wrapping up

-

We should have a working mail server by now. Before continuing check your journal logs (journalctl -xe --unit={unit}, where {unit} could be spamassassin.service for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked (((it just werks on my machine))).

-

Now, to actually use the mail service: first of all, you need a normal account (don’t use root) that belongs to the mail group (gpasswd -a user group to add a user user to group group) and that has a password.

-

Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for thunderdbird(I tested in windows default mail app and you don’t need a lot of settings):

- -

All that’s left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to DKIM Test and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:

-
-DKIM Test successful -
DKIM Test successful
-
-

Finally, that’s actually it for this entry, if you have any problem whatsoever you can contact me.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/new_blogging_system.html b/blog/dst/a/new_blogging_system.html deleted file mode 100644 index 210f15e..0000000 --- a/blog/dst/a/new_blogging_system.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - I'm using a new blogging system -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

I'm using a new blogging system

- -

So, I was tired of working with ssg (and then sbg which was a modified version of ssg that I “wrote”), for one general reason: not being able to extend it as I would like; and not just dumb little stuff, I wanted to be able to have more control, to add tags (which another tool that I found does: blogit), and even more in a future.

-

The solution? Write a new program “from scratch” in pYtHoN. Yes it is bloated, yes it is in its early stages, but it works just as I want it to work, and I’m pretty happy so far with the results and have with even more ideas in mind to “optimize” and generally clean my wOrKfLoW to post new blog entries. I even thought of using it for posting into a “feed” like gallery for drawings or pictures in general.

-

I called it pyssg, because it sounds nice and it wasn’t taken in the PyPi. It is just a terminal program that reads either a configuration file or the options passed as flags when calling the program.

-

It still uses Markdown files because I find them very easy to work with. And instead of just having a “header” and a “footer” applied to each parsed entry, you will have templates (generated with the program) for each piece that I thought made sense (idea taken from blogit): the common header and footer, the common header and footer for each entry and, header, footer and list elements for articles and tags. When parsing the Markdown file these templates are applied and stitched together to make a single HTML file. Also generates an RSS feed and the sitemap.xml file, which is nice.

-

It might sound convoluted, but it works pretty well, with of course room to improve; I’m open to suggestions, issue reporting or direct contributions here. BTW, it only works on Linux for now (and don’t think on making it work on windows, but feel free to do PR for the compatibility).

-

That’s it for now, the new RSS feed is available here: https://blog.luevano.xyz/rss.xml.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/password_manager_authenticator_setup.html b/blog/dst/a/password_manager_authenticator_setup.html deleted file mode 100644 index 3125663..0000000 --- a/blog/dst/a/password_manager_authenticator_setup.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - My setup for a password manager and MFA authenticator -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

My setup for a password manager and MFA authenticator

- -

Disclaimer: I won’t go into many technical details here of how to install/configure/use the software, this is just supposed to be a short description on my setup.

-

It’s been a while since I started using a password manager at all, and I’m happy that I started with KeePassXC (open source, multiplatform password manager that it’s completely offline) as a direct recommendation from lm; before this I was using the same password for everything (like a lot of people), which is a well know privacy issue as noted in detail by Leo (I don’t personally recommed LastPass as Leo does). Note that you will still need a master password to lock/unlock your password database (you can additionally use a hardware key and a key file).

-

Anyways, setting up keepass is pretty simple, as there is a client for almost any device; note that keepass is basically just the format and the base for all of the clients, as its common with pretty much any open source software. In my case I’m using KeePassXC in my computer and KeePassDX in my phone (Android). The only concern is keeping everything in sync because keepass doesn’t have any automatic method of synchronizing between devices because of security reasons (as far as I know), meaning that you have to manage that yourself.

-

Usually you can use something like G**gl* drive, dropbox, mega, nextcloud, or any other cloud solution that you like to sync your keepass database between devices; I personally prefer to use Syncthing as it’s open source, it’s really easy to setup and has worked wonders for me since I started using it, also it keeps versions of your files that can serve as backups in any scenario where the database gets corrupted or something.

-

Finally, when I went through the issue with the micro SD and the adoptable storage bullshit (you can find the rant here, in spanish) I had to also migrate from G**gl* authenticator (gauth) to something else for the simple reason that gauth doesn’t even let you do backups, nor it’s synched with your account… nothing, it is just standalone and if you ever lose your phone you’re fucked; so I decided to go with Aegis authenticator, as it is open source, you have control over all your secret keys, you can do backups directly to the filesystem, you can secure your database with an extra password, etc., etc.. In general aegis is the superior MFA authenticator (at least compared with gauth) and everything that’s compatible with gauth is compatible with aegis as the format is a standard (as a matter of fact, keepass also has this MFA feature which is called TOPT and is also compatible, but I prefer to have things separate). I also use syncthing to keep a backup of my aegis database.

-

TL;DR:

- - - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/tenia_esto_descuidado.html b/blog/dst/a/tenia_esto_descuidado.html deleted file mode 100644 index d2f99e0..0000000 --- a/blog/dst/a/tenia_esto_descuidado.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - Tenia este pex algo descuidado -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Tenia este pex algo descuidado

- -

Así es, tenía un poco descuidado este pex, siendo la razón principal que andaba ocupado con cosas de la vida profesional, ayay. Pero ya que ando un poco más despejado y menos estresado voy a seguir usando el blog y a ver qué más hago.

-

Tengo unas entradas pendientes que quiero hacer del estilo de “tutorial” o “how-to”, pero me lo he estado debatiendo, porque Luke ya empezó a hacerlo más de verdad en landchad.net, lo cual recomiendo bastante pues igual yo empecé a hacer esto por él (y por lm); aunque la verdad pues es muy específico a como él hace las cosas y quizá sí puede haber diferencias, pero ya veré en estos días. La próxima que quiero hacer es sobre el VPN, porque no lo he setupeado desde que reinicié El Página Web y La Servidor, entonces acomodaré el VPN de nuevo y de pasada tiro entrada de eso.

-

También dejé un dibujo pendiente, que la neta lo dejé por 2 cosas: está bien cabrón (porque también lo quiero colorear) y porque estaba ocupado; de lo cuál ya sólo queda el está bien cabrón pero no he tenido el valor de retomarlo. Lo triste es que ya pasó el tiempo del hype y ya no tengo mucha motivación para terminarlo más que el hecho de que cuando lo termine empezaré a usar Clip Studio Paint en vez de Krita, porque compré una licencia ahora que estuvo en 50% de descuento (sí, me mamé).

-

Algo bueno es que me he estado sintiendo muy bien conmigo mismo últimamente, aunque casi no hable de eso. Sí hay una razón en específico, pero es una razón algo tonta. Espero así siga.

-

Ah, y también quería acomodarme una sección de comentarios, pero como siempre, todas las opciones están bien bloated, entonces pues me voy a hacer una en corto seguramente en Python para el back, MySQL para la base de datos y Javascript para la conexión acá en el front, algo tranqui.

-

Sobres pues.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/volviendo_a_usar_la_pagina.html b/blog/dst/a/volviendo_a_usar_la_pagina.html deleted file mode 100644 index 0333c8a..0000000 --- a/blog/dst/a/volviendo_a_usar_la_pagina.html +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - - Volviendo a usar la página -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Volviendo a usar la página

- -

Después de mucho tiempo de estar luchando con querer volver a usar este pex (maldita d word y demás), ya me volví a acomodar el setup para agregar nuevas entradas.

-

Entre las cosas que tuve que hacer fue actualizar el pyssg porque no lo podía usar de una como estaba; y de pasado le agregue una que otra feature nueva. Luego quiero agregarle más funcionalidad para poder buildear la página completa; por ahora se hace en segmentos: todo lo de luevano.xyz está hecho manual, mientras que blog y art usan pyssg.

-

Otra cosa es que quizá me devuelva a editar alguans entradas nada más para homogeneizar las entradas específicas a Create a… (tiene más sentido que sean Setup x… o algo similar).

-

En otras noticias, estoy muy agusto en el jale que tengo actualmente aunque lleve alrededor de 3 semanas de un infierno por problemas debidos a varias razones (del jale). Debo pensar en si debo omitir cosas personales o del trabajo aquí, ya que quién sabe quién se pueda llegar a topar con esto *thinking emoji*.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/vpn_server_with_openvpn.html b/blog/dst/a/vpn_server_with_openvpn.html deleted file mode 100644 index e65fc14..0000000 --- a/blog/dst/a/vpn_server_with_openvpn.html +++ /dev/null @@ -1,417 +0,0 @@ - - - - - - - Create a VPN server with OpenVPN (IPv4) -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Create a VPN server with OpenVPN (IPv4)

- -

I’ve been wanting to do this entry, but had no time to do it since I also have to set up the VPN service as well to make sure what I’m writing makes sense, today is the day.

-

Like with any other of my entries I based my setup on the Arch Wiki, this install script and this profile generator script.

-

This will be installed and working alongside the other stuff I’ve wrote about on other posts (see the server tag). All commands here are executes as root unless specified otherwise. Also, this is intended only for IPv4 (it’s not that hard to include IPv6, but meh).

-

Prerequisites

-

Pretty simple:

- -

Create PKI from scratch

-

PKI stands for Public Key Infrastructure and basically it’s required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request.

-

This is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about. In a nutshell, I’m no expert.

-

… but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I’m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).

-

This is done with Easy-RSA.

-

Install the easy-rsa package:

-
pacman -S easy-rsa
-
-

Initialize the PKI and generate the CA keypair:

-
cd /etc/easy-rsa
-easyrsa init-pki
-easyrsa build-ca nopass
-
-

Create the server certificate and private key (while in the same directory):

-
EASYRSA_CERT_EXPIRE=3650 easyrsa build-server-full server nopass
-
-

Where server is just a name to identify your server certificate keypair, I just use server but could be anything (like luevano.xyz in my case).

-

Create the client revocation list AKA CRL (will be used later, but might as well have it now):

-
EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
-
-

After this we should have 6 new files:

-
/etc/easy-rsa/pki/ca.crt
-/etc/easy-rsa/pki/private/ca.key
-/etc/easy-rsa/pki/issued/server.crt
-/etc/easy-rsa/pki/reqs/server.req
-/etc/easy-rsa/pki/private/server.key
-/etc/easy-rsa/pki/crl.pem
-
-

It is recommended to copy some of these files over to the openvpn directory, but I prefer to keep them here and just change some of the permissions:

-
chmod o+rx pki
-chmod o+rx pki/ca.crt
-chmod o+rx pki/issued
-chmod o+rx pki/issued/server.crt
-chmod o+rx pki/private
-chmod o+rx pki/private/server.key
-chown nobody:nobody pki/crl.pem
-chmod o+r pki/crl.pem
-
-

Now, go to the openvpn directory and create the required files there:

-
cd /etc/openvpn/server
-openssl dhparam -out dh.pem 2048
-openvpn --genkey secret ta.key
-
-

That’s it for the PKI stuff and general certificate configuration.

-

OpenVPN

-

OpenVPN is a robust and highly flexible VPN daemon, that’s pretty complete feature wise.

-

Install the openvpn package:

-
pacman -S openvpn
-
-

Now, most of the stuff is going to be handled by (each, if you have more than one) server configuration. This might be the hardest thing to configure, but I’ve used a basic configuration file that worked a lot to me, which is a compilation of stuff that I found on the internet while configuring the file a while back.

-
# Server ip addres (ipv4).
-local 1.2.3.4 # your server public ip
-
-# Port.
-port 1194 # Might want to change it to 443
-
-# TCP or UDP.
-;proto tcp
-proto udp # If ip changes to 443, you should change this to tcp, too
-
-# "dev tun" will create a routed IP tunnel,
-# "dev tap" will create an ethernet tunnel.
-;dev tap
-dev tun
-
-# Server specific certificates and more.
-ca /etc/easy-rsa/pki/ca.crt
-cert /etc/easy-rsa/pki/issued/server.crt
-key /etc/easy-rsa/pki/private/server.key  # This file should be kept secret.
-dh /etc/openvpn/server/dh.pem
-auth SHA512
-tls-crypt /etc/openvpn/server/ta.key 0 # This file is secret.
-crl-verify /etc/easy-rsa/pki/crl.pem
-
-# Network topology.
-topology subnet
-
-# Configure server mode and supply a VPN subnet
-# for OpenVPN to draw client addresses from.
-server 10.8.0.0 255.255.255.0
-
-# Maintain a record of client <-> virtual IP address
-# associations in this file.
-ifconfig-pool-persist ipp.txt
-
-# Push routes to the client to allow it
-# to reach other private subnets behind
-# the server.
-;push "route 192.168.10.0 255.255.255.0"
-;push "route 192.168.20.0 255.255.255.0"
-
-# If enabled, this directive will configure
-# all clients to redirect their default
-# network gateway through the VPN, causing
-# all IP traffic such as web browsing and
-# and DNS lookups to go through the VPN
-push "redirect-gateway def1 bypass-dhcp"
-
-# Certain Windows-specific network settings
-# can be pushed to clients, such as DNS
-# or WINS server addresses.
-# Google DNS.
-;push "dhcp-option DNS 8.8.8.8"
-;push "dhcp-option DNS 8.8.4.4"
-
-# The keepalive directive causes ping-like
-# messages to be sent back and forth over
-# the link so that each side knows when
-# the other side has gone down.
-keepalive 10 120
-
-# The maximum number of concurrently connected
-# clients we want to allow.
-max-clients 5
-
-# It's a good idea to reduce the OpenVPN
-# daemon's privileges after initialization.
-user nobody
-group nobody
-
-# The persist options will try to avoid
-# accessing certain resources on restart
-# that may no longer be accessible because
-# of the privilege downgrade.
-persist-key
-persist-tun
-
-# Output a short status file showing
-# current connections, truncated
-# and rewritten every minute.
-status openvpn-status.log
-
-# Set the appropriate level of log
-# file verbosity.
-#
-# 0 is silent, except for fatal errors
-# 4 is reasonable for general usage
-# 5 and 6 can help to debug connection problems
-# 9 is extremely verbose
-verb 3
-
-# Notify the client that when the server restarts so it
-# can automatically reconnect.
-# Only usable with udp.
-explicit-exit-notify 1
-
-

# and ; are comments. Read each and every line, you might want to change some stuff (like the logging), specially the first line which is your server public IP.

-

Now, we need to enable packet forwarding (so we can access the web while connected to the VPN), which can be enabled on the interface level or globally (you can check the different options with sysctl -a | grep forward). I’ll do it globally, run:

-
sysctl net.ipv4.ip_forward=1
-
-

And create/edit the file /etc/sysctl.d/30-ipforward.conf:

-
net.ipv4.ip_forward=1
-
-

Now we need to configure ufw to forward traffic through the VPN. Append the following to /etc/default/ufw (or edit the existing line):

-
...
-DEFAULT_FORWARD_POLICY="ACCEPT"
-...
-
-

And change the /etc/ufw/before.rules, appending the following lines after the header but before the *filter line:

-
...
-# NAT (Network Address Translation) table rules
-*nat
-:POSTROUTING ACCEPT [0:0]
-
-# Allow traffic from clients to the interface
--A POSTROUTING -s 10.8.0.0/24 -o interface -j MASQUERADE
-
-# do not delete the "COMMIT" line or the NAT table rules above will not be processed
-COMMIT
-
-# Don't delete these required lines, otherwise there will be errors
-*filter
-...
-
-

Where interface must be changed depending on your system (in my case it’s ens3, another common one is eth0); I always check this by running ip addr which gives you a list of interfaces (the one containing your server public IP is the one you want, or whatever interface your server uses to connect to the internet):

-
...
-2: ens3: <SOMETHING,SOMETHING> bla bla
-    link/ether bla:bla
-    altname enp0s3
-    inet my.public.ip.addr bla bla
-...
-
-

And also make sure the 10.8.0.0/24 matches the subnet mask specified in the server.conf file (in this example it matches). You should check this very carefully, because I just spent a good 2 hours debugging why my configuration wasn’t working, and this was te reason (I could connect to the VPN, but had no external connection to the web).

-

Finally, allow the OpenVPN port you specified (in this example its 1194/udp) and reload ufw:

-
ufw allow 1194/udp comment "OpenVPN"
-ufw reload
-
-

At this point, the server-side configuration is done and you can start and enable the service:

-
systemctl start openvpn-server@server.service
-systemctl enable openvpn-server@server.service
-
-

Where the server after @ is the name of your configuration, server.conf without the .conf in my case.

-

Create client configurations

-

You might notice that I didn’t specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the server.conf file that we created.

-

The real way of doing this would be to run similar steps as the ones with easy-rsa locally, send them to the server, sign them, and retrieve them. Nah, we’ll just create all configuration files on the server as I was mentioning earlier.

-

Also, the client configuration file has to match the server one (to some degree), to make this easier you can create a client-common file in /etc/openvpn/server with the following content:

-
client
-dev tun
-remote 1.2.3.4 1194 udp # change this to match your ip and port
-resolv-retry infinite
-nobind
-persist-key
-persist-tun
-remote-cert-tls server
-auth SHA512
-verb 3
-
-

Where you should make any changes necessary, depending on your configuration.

-

Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning, by the way. You can place these scripts anywhere you like, and you should take a look before running them because you’ll be running them as root.

-

In a nutshell, what it does is: generate a new client certificate keypair, update the CRL and create a new .ovpn configuration file that consists on the client-common data and all of the required certificates; or, revoke an existing client and refresh the CRL. The file is placed under ~/ovpn.

-

Create a new file with the following content (name it whatever you like) and don’t forget to make it executable (chmod +x vpn_script):

-
#!/bin/sh
-# Client ovpn configuration creation and revoking.
-MODE=$1
-if [ ! "$MODE" = "new" -a ! "$MODE" = "rev" ]; then
-    echo "$1 is not a valid mode, using default 'new'"
-    MODE=new
-fi
-
-CLIENT=${2:-guest}
-if [ -z $2 ];then
-    echo "there was no client name passed as second argument, using 'guest' as default"
-fi
-
-# Expiration config.
-EASYRSA_CERT_EXPIRE=3650
-EASYRSA_CRL_DAYS=3650
-
-# Current PWD.
-CPWD=$PWD
-cd /etc/easy-rsa/
-
-if [ "$MODE" = "rev" ]; then
-    easyrsa --batch revoke $CLIENT
-
-    echo "$CLIENT revoked."
-elif [ "$MODE" = "new" ]; then
-    easyrsa build-client-full $CLIENT nopass
-
-    # This is what actually generates the config file.
-    {
-    cat /etc/openvpn/server/client-common
-    echo "<ca>"
-    cat /etc/easy-rsa/pki/ca.crt
-    echo "</ca>"
-    echo "<cert>"
-    sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/easy-rsa/pki/issued/$CLIENT.crt
-    echo "</cert>"
-    echo "<key>"
-    cat /etc/easy-rsa/pki/private/$CLIENT.key
-    echo "</key>"
-    echo "<tls-crypt>"
-    sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/ta.key
-    echo "</tls-crypt>"
-    } > "$(eval echo ~${SUDO_USER:-$USER}/ovpn/$CLIENT.ovpn)"
-
-    eval echo "~${SUDO_USER:-$USER}/ovpn/$CLIENT.ovpn file generated."
-fi
-
-# Finish up, re-generates the crl
-easyrsa gen-crl
-chown nobody:nobody pki/crl.pem
-chmod o+r pki/crl.pem
-cd $CPWD
-
-

And the way to use is to run vpn_script new/rev client_name as sudo (when revoking, it doesn’t actually deletes the .ovpn file in ~/ovpn). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for easy-rsa) and it could have errors.

-

Now, just get the .ovpn file generated, import it to OpenVPN in your client of preference and you should have a working VPN service.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/website_with_nginx.html b/blog/dst/a/website_with_nginx.html deleted file mode 100644 index dea1fba..0000000 --- a/blog/dst/a/website_with_nginx.html +++ /dev/null @@ -1,266 +0,0 @@ - - - - - - - Create a website with Nginx and Certbot -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Create a website with Nginx and Certbot

- -

These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke’s video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I’m configuring the web server again on a new VPS instance, so this is going to be fresh.

-

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I’m doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

-

Prerequisites

-

You will need two things:

- -

Nginx

-

Nginx is a web (HTTP) server and reverse proxy server.

-

You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it’s the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

-
pacman -S nginx-mainline
-systemctl enable nginx.service
-systemctl start nginx.service
-
-

And that’s it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this:

-
-Nginx welcome page -
Nginx welcome page
-
-

As stated in the welcome page, configuration is needed, head to the directory of Nginx:

-
cd /etc/nginx
-
-

Here you have several files, the important one is nginx.conf, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it’s common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).

-

Inside the nginx.conf file, delete the server blocks and add the lines include sites-enabled/*; (to look into individual server configuration files) and types_hash_max_size 4096; (to get rid of an ugly warning that will keep appearing) somewhere inside the http block. The final nginx.conf file would look something like (ignoring the comments just for clarity, but you can keep them as side notes):

-
worker_processes 1;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include sites-enabled/*;
-    include mime.types;
-    default_type application/octet-stream;
-
-    sendfile on;
-
-    keepalive_timeout 65;
-
-    types_hash_max_size 4096;
-}
-
-

Next, inside the directory /etc/nginx/ create the sites-available and sites-enabled directories, and go into the sites-available one:

-
mkdir sites-available
-mkdir sites-enabled
-cd sites-available
-
-

Here, create a new .conf file for your website and add the following lines (this is just the sample content more or less):

-
server {
-    listen 80;
-    listen [::]:80;
-
-    root /path/to/root/directory;
-    server_name domain.name another.domain.name;
-    index index.html anotherindex.otherextension;
-
-    location /{
-        try_files $uri $uri/ =404;
-    }
-}
-
-

That could serve as a template if you intend to add more domains.

-

Note some things:

- -

Then, make a symbolic link from this configuration file to the sites-enabled directory:

-
ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
-
-

This is so the nginx.conf file can look up the newly created server configuration. With this method of having each server configuration file separate you can easily “deactivate” any website by just deleting the symbolic link in sites-enabled and you’re good, or just add new configuration files and keep everything nice and tidy.

-

All you have to do now is restart (or enable and start if you haven’t already) the Nginx service (and optionally test the configuration):

-
nginx -t
-systemctl restart nginx
-
-

If everything goes correctly, you can now go to your website by typing domain.name on a web browser. But you will see a “404 Not Found” page like the following (maybe with different Nginx version):

-
-Nginx 404 Not Found page -
Nginx 404 Not Found page
-
-

That’s no problem, because it means that the web server it’s actually working. Just add an index.html file with something simple to see it in action (in the /var/www/some_folder that you decided upon). If you keep seeing the 404 page make sure your root line is correct and that the directory/index file exists.

-

I like to remove the .html and trailing / on the URLs of my website, for that you need to add the following rewrite lines and modify the try_files line (for more: Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config):

-
server {
-    ...
-    rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
-    rewrite ^/(.*)/$ /$1 permanent;
-    ...
-    try_files $uri/index.html $uri.html $uri/ $uri =404;
-    ...
-
-

Certbot

-

Certbot is what provides the SSL certificates via Let’s Encrypt.

-

The only “bad” (bloated) thing about Certbot, is that it uses python, but for me it doesn’t matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

-
pacman -S certbot certbot-nginx
-
-

After that, all you have to do now is run certbot and follow the instructions given by the tool:

-
certbot --nginx
-
-

It will ask you for some information, for you to accept some agreements and the names to activate HTTPS for. Also, you will want to “say yes” to the redirection from HTTP to HTTPS. And that’s it, you can now go to your website and see that you have HTTPS active.

-

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

-
crontab -e
-
-

And a file will be opened where you need to add a new rule for Certbot, just append the line: 1 1 1 * * certbot renew (renew on the first day of every month) and you’re good. Alternatively use systemd timers as stated in the Arch Linux Wiki.

-

That’s it, you now have a website with SSL certificate.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/a/xmpp_server_with_prosody.html b/blog/dst/a/xmpp_server_with_prosody.html deleted file mode 100644 index ae833e8..0000000 --- a/blog/dst/a/xmpp_server_with_prosody.html +++ /dev/null @@ -1,643 +0,0 @@ - - - - - - - Create an XMPP server with Prosody compatible with Conversations and Movim -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Create an XMPP server with Prosody compatible with Conversations and Movim

- -

Recently I set up an XMPP server (and a Matrix one, too) for my personal use and for friends if they want one; made one for EL ELE EME, for example. So, here are the notes on how I set up the server that is compatible with the Conversations app and the Movim social network. You can see my addresses in contact and the XMPP compliance/score of the server.

-

One of the best resources I found that helped me a lot was Installing and Configuring Prosody XMPP Server on Debian 9, and of course the Arch Wiki and the oficial documentation.

-

As with my other entries, this is under a server running Arch Linux, with the Nginx web server and Certbot certificates. And all commands here are executed as root (unless specified otherwise)

-

Prerequisites

-

Same as with my other entries (website, mail and git) plus:

- -

Prosody

-

Prosody is an implementation of the XMPP protocol that is flexible and extensible.

-

Install the prosody package (with optional dependencies) and the mercurial package:

-
pacman -S prosody, mercurial, lua52-sec, lua52-dbi, lua52-zlib
-
-

We need mercurial to be able to download and update the extra modules needed to make the server compliant with conversations.im and mov.im. Go to /var/lib/prosody, clone the latest Prosody modules repository and prepare the directories:

-
cd /var/lib/prosody
-hg clone https://hg.prosody.im/prosody-modules modules-available
-mkdir modules-enabled
-
-

You can see that I follow a similar approach that I used with Nginx and the server configuration, where I have all the modules available in a directory, and make a symlink to another to keep track of what is being used. You can update the repository by running hg pull --update while inside the modules-available directory (similar to Git).

-

Make symbolic links to the following modules:

-
ln -s /var/lib/prosody/modules-available/MODULE_NAME /var/lib/prosody/modules-enabled/
-...
-
- -

And add other modules if needed, but these work for the apps that I mentioned. You should also change the permissions for these files:

-
chown -R prosody:prosody /var/lib/prosody
-
-

Now, configure the server by editing the /etc/prosody/prosody.cfg.lua file. It’s a bit tricky to configure, so here is my configuration file (lines starting with -- are comments). Make sure to change according to your domain, and maybe preferences. Read each line and each comment to know what’s going on, It’s easier to explain it with comments in the file itself than strip it in a lot of pieces.

-

And also, note that the configuration file has a “global” section and a per “virtual server”/”component” section, basically everything above all the VirtualServer/Component sections are global, and bellow each VirtualServer/Component, corresponds to that section.

-
-- important for systemd
-daemonize = true
-pidfile = "/run/prosody/prosody.pid"
-
--- or your account, not that this is an xmpp jid, not email
-admins = { "admin@your.domain" }
-
-contact_info = {
-    abuse = { "mailto:abuse@your.domain", "xmpp:abuse@your.domain" };
-    admin = { "mailto:admin@your.domain", "xmpp:admin@your.domain" };
-    admin = { "mailto:feedback@your.domain", "xmpp:feedback@your.domain" };
-    security = { "mailto:security@your.domain" };
-    support = { "mailto:support@your.domain", "xmpp:support@muc.your.domain" };
-}
-
--- so prosody look up the plugins we added
-plugin_paths = { "/var/lib/prosody/modules-enabled" }
-
-modules_enabled = {
-    -- Generally required
-        "roster"; -- Allow users to have a roster. Recommended ;)
-        "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
-        "tls"; -- Add support for secure TLS on c2s/s2s connections
-        "dialback"; -- s2s dialback support
-        "disco"; -- Service discovery
-    -- Not essential, but recommended
-        "carbons"; -- Keep multiple clients in sync
-        "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
-        "private"; -- Private XML storage (for room bookmarks, etc.)
-        "blocklist"; -- Allow users to block communications with other users
-        "vcard4"; -- User profiles (stored in PEP)
-        "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-        "limits"; -- Enable bandwidth limiting for XMPP connections
-    -- Nice to have
-        "version"; -- Replies to server version requests
-        "uptime"; -- Report how long server has been running
-        "time"; -- Let others know the time here on this server
-        "ping"; -- Replies to XMPP pings with pongs
-        "register"; -- Allow users to register on this server using a client and change passwords
-        "mam"; -- Store messages in an archive and allow users to access it
-        "csi_simple"; -- Simple Mobile optimizations
-    -- Admin interfaces
-        "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-        --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-    -- HTTP modules
-        "http"; -- Explicitly enable http server.
-        "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-        "websocket"; -- XMPP over WebSockets
-        "http_files"; -- Serve static files from a directory over HTTP
-    -- Other specific functionality
-        "groups"; -- Shared roster support
-        "server_contact_info"; -- Publish contact information for this service
-        "announce"; -- Send announcement to all online users
-        "welcome"; -- Welcome users who register accounts
-        "watchregistrations"; -- Alert admins of registrations
-        "motd"; -- Send a message to users when they log in
-        --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-        --"s2s_bidi"; -- not yet implemented, have to wait for v0.12
-        "bookmarks";
-        "checkcerts";
-        "cloud_notify";
-        "csi_battery_saver";
-        "default_bookmarks";
-        "http_avatar";
-        "idlecompat";
-        "presence_cache";
-        "smacks";
-        "strict_https";
-        --"pep_vcard_avatar"; -- not compatible with this version of pep, wait for v0.12
-        "watchuntrusted";
-        "webpresence";
-        "external_services";
-    }
-
--- only if you want to disable some modules
-modules_disabled = {
-    -- "offline"; -- Store offline messages
-    -- "c2s"; -- Handle client connections
-    -- "s2s"; -- Handle server-to-server connections
-    -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-}
-
-external_services = {
-    {
-        type = "stun",
-        transport = "udp",
-        host = "proxy.your.domain",
-        port = 3478
-    }, {
-        type = "turn",
-        transport = "udp",
-        host = "proxy.your.domain",
-        port = 3478,
-        -- you could decide this now or come back later when you install coturn
-        secret = "YOUR SUPER SECRET TURN PASSWORD"
-    }
-}
-
---- general global configuration
-http_ports = { 5280 }
-http_interfaces = { "*", "::" }
-
-https_ports = { 5281 }
-https_interfaces = { "*", "::" }
-
-proxy65_ports = { 5000 }
-proxy65_interfaces = { "*", "::" }
-
-http_default_host = "xmpp.your.domain"
-http_external_url = "https://xmpp.your.domain/"
--- or if you want to have it somewhere else, change this
-https_certificate = "/etc/prosody/certs/xmpp.your.domain.crt"
-
-hsts_header = "max-age=31556952"
-
-cross_domain_bosh = true
---consider_bosh_secure = true
-cross_domain_websocket = true
---consider_websocket_secure = true
-
-trusted_proxies = { "127.0.0.1", "::1", "192.169.1.1" }
-
-pep_max_items = 10000
-
--- this is disabled by default, and I keep it like this, depends on you
---allow_registration = true
-
--- you might want this options as they are
-c2s_require_encryption = true
-s2s_require_encryption = true
-s2s_secure_auth = false
---s2s_insecure_domains = { "insecure.example" }
---s2s_secure_domains = { "jabber.org" }
-
--- where the certificates are stored (/etc/prosody/certs by default)
-certificates = "certs"
-checkcerts_notify = 7 -- ( in days )
-
--- rate limits on connections to the server, these are my personal settings, because by default they were limited to something like 30kb/s
-limits = {
-    c2s = {
-        rate = "2000kb/s";
-    };
-    s2sin = {
-        rate = "5000kb/s";
-    };
-    s2sout = {
-        rate = "5000kb/s";
-    };
-}
-
--- again, this could be yourself, it is a jid
-unlimited_jids = { "admin@your.domain" }
-
-authentication = "internal_hashed"
-
--- if you don't want to use sql, change it to internal and comment the second line
--- since this is optional, i won't describe how to setup mysql or setup the user/database, that would be out of the scope for this entry
-storage = "sql"
-sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "PROSODY USER SECRET PASSWORD", host = "localhost" }
-
-archive_expires_after = "4w" -- configure message archive
-max_archive_query_results = 20;
-mam_smart_enable = true
-default_archive_policy = "roster" -- archive only messages from users who are in your roster
-
--- normally you would like at least one log file of certain level, but I keep all of them, the default is only the info = "*syslog" one
-log = {
-    info = "*syslog";
-    warn = "prosody.warn";
-    error = "prosody.err";
-    debug = "prosody.debug";
-    -- "*console"; -- Needs daemonize=false
-}
-
--- cloud_notify
-push_notification_with_body = false -- Whether or not to send the message body to remote pubsub node
-push_notification_with_sender = false -- Whether or not to send the message sender to remote pubsub node
-push_max_errors = 5 -- persistent push errors are tolerated before notifications for the identifier in question are disabled
-push_max_devices = 5 -- number of allowed devices per user
-
--- by default every user on this server will join these muc rooms
-default_bookmarks = {
-    { jid = "room@muc.your.domain", name = "The Room" };
-    { jid = "support@muc.your.domain", name = "Support Room" };
-}
-
--- could be your jid
-untrusted_fail_watchers = { "admin@your.domain" }
-untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"
-
------------ Virtual hosts -----------
-VirtualHost "your.domain"
-    name = "Prosody"
-    http_host = "xmpp.your.domain"
-
-disco_items = {
-    { "your.domain", "Prosody" };
-    { "muc.your.domain", "MUC Service" };
-    { "pubsub.your.domain", "Pubsub Service" };
-    { "proxy.your.domain", "SOCKS5 Bytestreams Service" };
-    { "vjud.your.domain", "User Directory" };
-}
-
-
--- Multi-user chat
-Component "muc.your.domain" "muc"
-    name = "MUC Service"
-    modules_enabled = {
-        --"bob"; -- not compatible with this version of Prosody
-        "muc_limits";
-        "muc_mam"; -- message archive in muc, again, a placeholder
-        "muc_mam_hints";
-        "muc_mention_notifications";
-        "vcard_muc";
-    }
-
-    restrict_room_creation = false
-
-    muc_log_by_default = true
-    muc_log_presences = false
-    log_all_rooms = false
-    muc_log_expires_after = "1w"
-    muc_log_cleanup_interval = 4 * 60 * 60
-
-
--- Upload
-Component "xmpp.your.domain" "http_upload"
-    name = "Upload Service"
-    http_host= "xmpp.your.domain"
-    -- you might want to change this, these are numbers in bytes, so 10MB and 100MB respectively
-    http_upload_file_size_limit = 1024*1024*10
-    http_upload_quota = 1024*1024*100
-
-
--- Pubsub
-Component "pubsub.your.domain" "pubsub"
-    name = "Pubsub Service"
-    pubsub_max_items = 10000
-    modules_enabled = {
-        "pubsub_feeds";
-        "pubsub_text_interface";
-    }
-
-    -- personally i don't have any feeds configured
-    feeds = {
-        -- The part before = is used as PubSub node
-        --planet_jabber = "http://planet.jabber.org/atom.xml";
-        --prosody_blog = "http://blog.prosody.im/feed/atom.xml";
-    }
-
-
--- Proxy
-Component "proxy.your.domain" "proxy65"
-    name = "SOCKS5 Bytestreams Service"
-    proxy65_address = "proxy.your.domain"
-
-
--- Vjud, user directory
-Component "vjud.your.domain" "vjud"
-    name = "User Directory"
-    vjud_mode = "opt-in"
-
-

You HAVE to read all of the configuration file, because there are a lot of things that you need to change to make it work with your server/domain. Test the configuration file with:

-
luac5.2 -p /etc/prosody/prosody.cfg.lua
-
-

Notice that by default prosody will look up certificates that look like sub.your.domain, but if you get the certificates like I do, you’ll have a single certificate for all subdomains, and by default it is in /etc/letsencrypt/live, which has some strict permissions. So, to import it you can run:

-
prosodyctl --root cert import /etc/letsencrypt/live
-
-

Ignore the complaining about not finding the subdomain certificates and note that you will have to run that command on each certificate renewal, to automate this, add the --deploy-hook flag to your automated Certbot renewal system; for me it’s a systemd timer with the following certbot.service:

-
[Unit]
-Description=Let's Encrypt renewal
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "systemctl reload nginx.service && prosodyctl --root cert import /etc/letsencrypt/live"
-
-

And if you don’t have it already, the certbot.timer:

-
[Unit]
-Description=Twice daily renewal of Let's Encrypt's certificates
-
-[Timer]
-OnCalendar=0/12:00:00
-RandomizedDelaySec=1h
-Persistent=true
-
-[Install]
-WantedBy=timers.target
-
-

Also, go to the certs directory and make the appropriate symbolic links:

-
cd /etc/prosody/certs
-ln -s your.domain.crt SUBDOMAIN.your.domain.crt
-ln -s your.domain.key SUBDOMAIN.your.domain.key
-...
-
-

That’s basically all the configuration that needs Prosody itself, but we still have to configure Nginx and Coturn before starting/enabling the prosody service.

-

Nginx configuration file

-

Since this is not an ordinary configuration file I’m going to describe this too. Your prosody.conf file should have the following location blocks under the main server block (the one that listens to HTTPS):

-
# HTTPS server block
-server {
-    root /var/www/prosody/;
-    server_name xmpp.luevano.xyz muc.luevano.xyz pubsub.luevano.xyz vjud.luevano.xyz proxy.luevano.xyz;
-    index index.html;
-
-    # for extra https discovery (XEP-0256)
-    location /.well-known/acme-challenge {
-        allow all;
-    }
-
-    # bosh specific
-    location /http-bind {
-        proxy_pass  https://localhost:5281/http-bind;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_buffering off;
-        tcp_nodelay on;
-    }
-
-    # websocket specific
-    location /xmpp-websocket {
-        proxy_pass https://localhost:5281/xmpp-websocket;
-
-        proxy_http_version 1.1;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header Upgrade $http_upgrade;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 900s;
-    }
-
-    # general proxy
-    location / {
-        proxy_pass https://localhost:5281;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-    ...
-    # Certbot stuff
-}
-# HTTP server block (the one that certbot creates)
-server {
-    ...
-}
-
-

Also, you need to add the following to your actual your.domain (this cannot be a subdomain) configuration file:

-
server {
-    ...
-    location /.well-known/host-meta {
-        default_type 'application/xrd+xml';
-        add_header Access-Control-Allow-Origin '*' always;
-    }
-
-    location /.well-known/host-meta.json {
-        default_type 'application/jrd+json';
-        add_header Access-Control-Allow-Origin '*' always;
-    }
-    ...
-}
-
-

And you will need the following host-meta and host-meta.json files inside the .well-known/acme-challenge directory for your.domain (following my nomenclature: /var/www/yourdomaindir/.well-known/acme-challenge/).

-

For host-meta file:

-
<?xml version='1.0' encoding='utf-8'?>
-<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
-    <Link rel="urn:xmpp:alt-connections:xbosh"
-        href="https://xmpp.your.domain:5281/http-bind" />
-    <Link rel="urn:xmpp:alt-connections:websocket"
-        href="wss://xmpp.your.domain:5281/xmpp-websocket" />
-</XRD>
-
-

And host-meta.json file:

-
{
-    "links": [
-        {
-            "rel": "urn:xmpp:alt-connections:xbosh",
-                "href": "https://xmpp.your.domain:5281/http-bind"
-        },
-        {
-            "rel": "urn:xmpp:alt-connections:websocket",
-                "href": "wss://xmpp.your.domain:5281/xmpp-websocket"
-        }
-    ]
-}
-
-

Remember to have your prosody.conf file symlinked (or discoverable by Nginx) to the sites-enabled directory. You can now restart your nginx service (and test the configuration, optionally):

-
nginx -t
-systemctl restart nginx.service
-
-

Coturn

-

Coturn is the implementation of TURN and STUN server, which in general is for (at least in the XMPP world) voice support and external service discovery.

-

Install the coturn package:

-
pacman -S coturn
-
-

You can modify the configuration file (located at /etc/turnserver/turnserver.conf) as desired, but at least you need to make the following changes (uncomment or edit):

-
use-auth-secret
-realm=proxy.your.domain
-static-auth-secret=YOUR SUPER SECRET TURN PASSWORD
-
-

I’m sure there is more configuration to be made, like using SQL to store data and whatnot, but for now this is enough for me. Note that you may not have some functionality that’s needed to create dynamic users to use the TURN server, and to be honest I haven’t tested this since I don’t use this feature in my XMPP clients, but if it doesn’t work, or you know of an error or missing configuration don’t hesitate to contact me.

-

Start/enable the turnserver service:

-
systemctl start turnserver.service
-systemctl enable turnserver.service
-
-

You can test if your TURN server works at Trickle ICE. You may need to add a user in the turnserver.conf to test this.

-

Wrapping up

-

At this point you should have a working XMPP server, start/enable the prosody service now:

-
systemctl start prosody.service
-systemctl enable prosody.service
-
-

And you can add your first user with the prosodyctl command (it will prompt you to add a password):

-
prosodyctl adduser user@your.domain
-
-

You may want to add a compliance user, so you can check if your server is set up correctly. To do so, go to XMPP Compliance Tester and enter the compliance user credentials. It should have similar compliance score to mine:

-

-

Additionally, you can test the security of your server in IM Observatory, here you only need to specify your domain.name (not xmpp.domain.name, if you set up the SRV DNS records correctly). Again, it should have a similar score to mine:

-

xmpp.net score

-

You can now log in into your XMPP client of choice, if it asks for the server it should be xmpp.your.domain (or your.domain for some clients) and your login credentials you@your.domain and the password you chose (which you can change in most clients).

-

That’s it, send me a message david@luevano.xyz if you were able to set up the server successfully.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/g/flappybird_godot_devlog_1.html b/blog/dst/g/flappybird_godot_devlog_1.html deleted file mode 100644 index 99df6ee..0000000 --- a/blog/dst/g/flappybird_godot_devlog_1.html +++ /dev/null @@ -1,719 +0,0 @@ - - - - - - - Creating a FlappyBird clone in Godot 3.5 devlog 1 -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Creating a FlappyBird clone in Godot 3.5 devlog 1

- -

I just have a bit of experience with Godot and with gamedev in general, so I started with this game as it is pretty straight forward. On a high level the main characteristics of the game are:

- -

The game was originally developed with Godot 4.0 alpha 8, but it didn’t support HTML5 (webassembly) export… so I backported to Godot 3.5 rc1.

-

Not going to specify all the details, only the needed parts and what could be confusing, as the source code is available and can be inspected; also this assumes minimal knowledge of Godot in general. Usually when I mention that a set/change of something it usually it’s a property and it can be found under the Inspector on the relevant node, unless stated otherwise; also, all scripts attached have the same name as the scenes, but in snake_case (scenes/nodes in PascalCase).

-

One thing to note, is that I started writing this when I finished the game, so it’s hard to go part by part, and it will be hard to test individual parts when going through this as everything is depending on each other. For the next devlog, I’ll do it as I go and it will include all the changes to the nodes/scripts as I was finding them, probably better idea and easier to follow.

-

The source code can be found in my GitHub here, it also contains the exported versions for HTML5, Windows and Linux (be aware that the sound might be too high and I’m too lazy to make it configurable, it was the last thing I added), or you could also go to the itch.io page I setup where it’s playable in the browser:

-

- -

Initial project setup

-

Directory structure

-

I’m basically going with what I wrote on Godot project structure recently, and probably with minor changes depending on the situation.

-

Config

-

Default import settings

-

Since this is just pixel art, the importing settings for textures needs to be adjusted so the sprites don’t look blurry. Go to Project -> Project settings… -> Import defaults and on the drop down select Texture, untick everything and make sure Compress/Mode is set to Lossless.

-
-Project settings - Import defaults - Texture settings -
Project settings - Import defaults - Texture settings
-
-

General settings

-

It’s also a good idea to setup some config variables project-wide. To do so, go to Project -> Project settings… -> General, select Application/config and add a new property (there is a text box at the top of the project settings window) for game scale: application/config/game_scale for the type use float and then click on add; configure the new property to 3.0; On the same window, also add application/config/version as a string, and make it 1.0.0 (or whatever number you want).

-
-Project settings - General - Game scale and version properties -
Project settings - General - Game scale and version properties
-
-

For my personal preferences, also disable some of the GDScript debug warnings that are annoying, this is done at Project -> Project settings… -> General, select Debug/GDScript and toggle off “Unused arguments”, “Unused signal” and “Return value discarded”, and any other that might come up too often and don’t want to see.

-
-Project settings - General - GDScript debug warnings -
Project settings - General - GDScript debug warnings
-
-

Finally, set the initial window size in Project -> Project settings… -> General, select Display/Window and set Size/Width and Size/Height to 600 and 800, respectively. As well as the Stretch/Mode to “viewport”, and Stretch/Aspect to “keep”:

-
-Project settings - General - Initial window size -
Project settings - General - Initial window size
-
-

Keybindings

-

I only used 3 actions (keybindings): jump, restart and toggle_debug (optional). To add custom keybindings (so that the Input.something() API can be used), go to Project -> Project settings… -> Input Map and on the text box write “jump” and click add, then it will be added to the list and it’s just a matter of clicking the + sign to add a “Physical key”, press any key you want to be used to jump and click ok. Do the same for the rest of the actions.

-
-Project settings - Input Map - Adding necessary keybindings -
Project settings - Input Map - Adding necessary keybindings
-
-

Layers

-

Finally, rename the physics layers so we don’t lose track of which layer is which. Go to Project -> Layer Names -> 2d Physics and change the first 5 layer names to (in order): “player”, “ground”, “pipe”, “ceiling” and “score”.

-
-Project settings - Layer Names - 2D Physics -
Project settings - Layer Names - 2D Physics
-
-

Assets

-

For the assets I found out about a pack that contains just what I need: flappy-bird-assets by MegaCrash; I just did some minor modifications on the naming of the files. For the font I used Silver, and for the sound the resources from FlappyBird-N64 (which seems to be taken from 101soundboards.com which the orignal copyright holder is .Gears anyways).

-

Importing

-

Create the necessary directories to hold the respective assets and it’s just a matter of dragging and dropping, I used directories: res://entities/actors/player/sprites/, res://fonts/, res://levels/world/background/sprites/, res://levels/world/ground/sprites/, res://levels/world/pipe/sprites/, res://sfx/. For the player sprites, the “FileSystem” window looks like this (entities/actor directories are really not necessary):

-
-FileSystem - Player sprite imports -
FileSystem - Player sprite imports
-
-

It should look similar for other directories, except maybe for the file extensions. For example, for the sfx:

-
-FileSystem - SFX imports -
FileSystem - SFX imports
-
-

Scenes

-

Now it’s time to actually create the game, by creating the basic scenes that will make up the game. The hardest part and the most confusing is going to be the TileMaps, so that goes first.

-

TileMaps

-

I’m using a scene called “WorldTiles” with a Node2D node as root called the same. With 2 different TileMap nodes as children named “GroundTileMap” and “PipeTileMap” (these are their own scene); yes 2 different TileMaps because we need 2 different physics colliders (In Godot 4.0 you can have a single TileMap with different physics colliders in it). Each node has its own script. It should look something like this:

-
-Scene - WorldTiles (TileMaps) -
Scene - WorldTiles (TileMaps)
-
-

I used the following directory structure:

-
-Scene - WorldTiles - Directory structure -
Scene - WorldTiles - Directory structure
-
-

To configure the GroundTileMap, select the node and click on “(empty)” on the TileMap/Tile set property and then click on “New TileSet”, then click where the “(empty)” used to be, a new window should open on the bottom:

-
-TileSet - Configuration window -
TileSet - Configuration window
-
-

Click on the plus on the bottom left and you can now select the specific tile set to use. Now click on the yellow “+ New Single Tile”, activate the grid and select any of the tiles. Should look like this:

-
-TileSet - New single tile -
TileSet - New single tile
-
-

We need to do this because for some reason we can’t change the snap options before selecting a tile. After selecting a random tile, set up the Snap Options/Step (in the Inspector) and set it to 16x16 (or if using a different tile set, to it’s tile size):

-
-TileSet - Tile - Step snap options -
TileSet - Tile - Step snap options
-
-

Now you can select the actual single tile. Once selected click on “Collision”, use the rectangle tool and draw the rectangle corresponding to that tile’s collision:

-
-TileSet - Tile - Selection and collision -
TileSet - Tile - Selection and collision
-
-

Do the same for the other 3 tiles. If you select the TileMap itself again, it should look like this on the right (on default layout it’s on the left of the Inspector):

-
-TileSet - Available tiles -
TileSet - Available tiles
-
-

The ordering is important only for the “underground tile”, which is the filler ground, it should be at the end (index 3); if this is not the case, repeat the process (it’s possible to rearrange them but it’s hard to explain as it’s pretty weird).

-

At this point the tilemap doesn’t have any physics and the cell size is wrong. Select the “GroundTileMap”, set the TileMap/Cell/Size to 16x16, the TileMap/Collision/Layer set to bit 2 only (ground layer) and disable any TileMap/Collision/Mask bits. Should look something like this:

-
-TileMap - Cell size and collision configuration -
TileMap - Cell size and collision configuration
-
-

Now it’s just a matter of repeating the same for the pipes (“PipeTileMap”), only difference is that when selecting the tiles you need to select 2 tiles, as the pipe is 2 tiles wide, or just set the Snap Options/Step to 32x16, for example, just keep the cell size to 16x16.

-

Default ground tiles

-

I added few default ground tiles to the scene, just for testing purposes but I left them there. These could be place programatically, but I was too lazy to change things. On the “WorldTiles” scene, while selecting the “GroundTileMap”, you can select the tiles you want to paint with, and left click in the grid to paint with the selected tile. Need to place tiles from (-8, 7) to (10, 7) as well as the tile below with the filler ground (the tile position/coordinates show at the bottom left, refer to the image below):

-
-Scene - WorldTiles - Default ground tiles -
Scene - WorldTiles - Default ground tiles
-
-

Player

-

On a new scene called “Player” with a KinematicBody2D node named “Player” as the root of the scene, then for the children: AnimatedSprite as “Sprite”, CollisionShape2D as “Collision” (with a circle shape) and 3 AudioStreamPlayers for “JumpSound”, “DeadSound” and “HitSound”. Not sure if it’s a good practice to have the audio here, since I did that at the end, pretty lazy. Then, attach a script to the “Player” node and then it should look like this:

-
-Scene - Player - Node setup -
Scene - Player - Node setup
-
-

Select the “Player” node and set the CollisionShape2D/Collision/Layer to 1 and the CollisionObject2D/Collision/Mask to 2 and 3 (ground and pipe).

-

For the “Sprite” node, when selecting it click on the “(empty)” for the AnimatedSprite/Frames property and click “New SpriteFrames”, click again where the “(empty)” used to be and ane window should open on the bottom:

-
-Scene - Player - SpriteFrames window -
Scene - Player - SpriteFrames window
-
-

Right off the bat, set the “Speed” to 10 FPS (bottom left) and rename “default” to “bird_1”. With the “bird_1” selected, click on the “Add frames from a Sprite Sheet”, which is the second button under “Animation Frames:” which looks has an icon of a small grid (next to the folder icon), a new window will popup where you need to select the respective sprite sheet to use and configure it for importing. On the “Select Frames” window, change the “Vertical” to 1, and then select all 4 frames (Ctrl + Scroll wheel to zoom in):

-
-Scene - Player - Sprite sheet importer -
Scene - Player - Sprite sheet importer
-
-

After that, the SpriteFrames window should look like this:

-
-Scene - Player - SpriteFrames window with sprite sheet configured -
Scene - Player - SpriteFrames window with sprite sheet configured
-
-

Finally, make sure the “Sprite” node has the AnimatedSprite/Animation is set to “bird_1” and that the “Collision” node is configured correctly for its size and position (I just have it as a radius of 7). As well as dropping the SFX files into the corresponding AudioStreamPlayer (into the AudioStreamPlayer/Stream property).

-

Other

-

These are really simple scenes that don’t require much setup:

- -

Game

-

This is the actual “Game” scene that holds all the playable stuff, here we will drop in all the previous scenes; the root node is a Node2D and also has an attached script. Also need to add 2 additional AudioStreamPlayers for the “start” and “score” sounds, as well as a Sprite for the background (Sprite/Offset/Offset set to (0, 10)) and a Camera2D (Camera2D/Current set to true (checked)). It should look something like this:

-
-Scene - Game - Node setup -
Scene - Game - Node setup
-
-

The scene viewport should look something like the following:

-
-Scene - Game - Viewport -
Scene - Game - Viewport
-
-

UI

-

Fonts

-

We need some font “Resources” to style the Label fonts. Under the FileSystem window, right click on the fonts directory (create one if needed) and click on “New Resource…” and select DynamicFontData, save it in the “fonts” directory as “SilverDynamicFontData.tres” (“Silver” as it is the font I’m using) then double click the just created resource and set the DynamicFontData/Font Path to the actual “Silver.ttf” font (or whatever you want).

-

Then create a new resource and this time select DynamicFont, name it “SilverDynamicFont.tres”, then double click to edit and add the “SilverDynamicFontData.tres” to the DynamicFont/Font/Font Data property (and I personally toggled off the DynamicFont/Font/Antialiased property), now just set the DynamicFont/Settings/(Size, Outline Size, Outline Color) to 32, 1 and black, respectively (or any other values you want). It should look something like this:

-
-Resource - DynamicFont - Default font -
Resource - DynamicFont - Default font
-
-

Do the same for another DynamicFont which will be used for the score label, named “SilverScoreDynamicFont.tres”. Only changes are Dynamic/Settings/(Size, Outline Size) which are set to 128 and 2, respectively. The final files for the fonts should look something like this:

-
-Resource - Dynamicfont - Directory structure -
Resource - Dynamicfont - Directory structure
-
-

Scene setup

-

This has a bunch of nested nodes, so I’ll try to be concise here. The root node is a CanvasLayer named “UI” with its own script attached, and for the children:

- -

The scene ends up looking like this:

-
-Scene - UI - Node setup -
Scene - UI - Node setup
-
-

Main

-

This is the final scene where we connect the Game and the UI. It’s made of a Node2D with it’s own script attached and an instance of “Game” and “UI” as it’s children.

-

This is a good time to set the default scene when we run the game by going to Project -> Project settings… -> General and in Application/Run set the Main Scene to the “Main.tscn” scene.

-

Scripting

-

I’m going to keep this scripting part to the most basic code blocks, as it’s too much code, for a complete view you can head to the source code.

-

As of now, the game itself doesn’t do anything if we hit play. The first thing to do so we have something going on is to do the minimal player scripting.

-

Player

-

The most basic code needed so the bird goes up and down is to just detect “jump” key presses and add a negative jump velocity so it goes up (y coordinate is reversed in godot…), we also check the velocity sign of the y coordinate to decide if the animation is playing or not.

-
class_name Player
-extends KinematicBody2D
-
-export(float, 1.0, 1000.0, 1.0) var JUMP_VELOCITY: float = 380.0
-
-onready var sprite: AnimatedSprite = $Sprite
-
-var gravity: float = 10 * ProjectSettings.get_setting("physics/2d/default_gravity")
-var velocity: Vector2 = Vector2.ZERO
-
-
-func _physics_process(delta: float) -> void:
-    velocity.y += gravity * delta
-
-    if Input.is_action_just_pressed("jump"):
-        velocity.y = -JUMP_VELOCITY
-
-    if velocity.y < 0.0:
-        sprite.play()
-    else:
-        sprite.stop()
-
-    velocity = move_and_slide(velocity)
-
-

You can play it now and you should be able to jump up and down, and the bird should stop on the ground (although you can keep jumping). One thing to notice is that when doing sprite.stop() it stays on the last frame, we can fix that using the code below (and then change sprite.stop() for _stop_sprite()):

-
func _stop_sprite() -> void:
-    if sprite.playing:
-        sprite.stop()
-    if sprite.frame != 0:
-        sprite.frame = 0
-
-

Where we just check that the last frame has to be the frame 0.

-

Now just a matter of adding other needed code for moving horizontally, add sound by getting a reference to the AudioStreamPlayers and doing sound.play() when needed, as well as handling death scenarios by adding a signal died at the beginning of the script and handle any type of death scenario using the below function:

-
func _emit_player_died() -> void:
-    # bit 2 corresponds to pipe (starts from 0)
-    set_collision_mask_bit(2, false)
-    dead = true
-    SPEED = 0.0
-    emit_signal("died")
-    # play the sounds after, because yield will take a bit of time,
-    # this way the camera stops when the player "dies"
-    velocity.y = -DEATH_JUMP_VELOCITY
-    velocity = move_and_slide(velocity)
-    hit_sound.play()
-    yield(hit_sound, "finished")
-    dead_sound.play()
-
-

Finally need to add the actual checks for when the player dies (like collision with ground or pipe) as well as a function that listens to a signal for when the player goes to the ceiling.

-

WorldDetector

-

The code is pretty simple, we just need a way of detecting if we ran out of ground and send a signal, as well as sending as signal when we start detecting ground/pipes behind us (to remove it) because the world is being generated as we move. The most basic functions needed are:

-
func _was_colliding(detector: RayCast2D, flag: bool, signal_name: String) -> bool:
-    if detector.is_colliding():
-        return true
-    if flag:
-        emit_signal(signal_name)
-        return false
-    return true
-
-
-func _now_colliding(detector: RayCast2D, flag: bool, signal_name: String) -> bool:
-    if detector.is_colliding():
-        if not flag:
-            emit_signal(signal_name)
-            return true
-    return false
-
-

We need to keep track of 3 “flags”: ground_was_colliding, ground_now_colliding and pipe_now_colliding (and their respective signals), which are going to be used to do the checks inside _physics_process. For example for checking for new ground: ground_now_colliding = _now_colliding(old_ground, ground_now_colliding, "ground_started_colliding").

-

WorldTiles

-

This script is what handles the “GroundTileMap” as well as the “PipeTileMap” and just basically functions as a “Signal bus” connecting a bunch of signals from the “WorldDetector” with the TileMaps and just tracking how many pipes have been placed:

-
export(int, 2, 20, 2) var PIPE_SEP: int = 6
-var tiles_since_last_pipe: int = PIPE_SEP - 1
-
-
-func _on_WorldDetector_ground_stopped_colliding() -> void:
-    emit_signal("place_ground")
-
-    tiles_since_last_pipe += 1
-    if tiles_since_last_pipe == PIPE_SEP:
-        emit_signal("place_pipe")
-        tiles_since_last_pipe = 0
-
-
-func _on_WorldDetector_ground_started_colliding() -> void:
-    emit_signal("remove_ground")
-
-
-func _on_WorldDetector_pipe_started_colliding() -> void:
-    emit_signal("remove_pipe")
-
-

GroundTileMap

-

This is the node that actually places the ground tiles upong receiving a signal. In general, what you want is to keep track of the newest tile that you need to place (empty spot) as well as the last tile that is in the tilemap (technically the first one if you count from left to right). I was experimenting with enums so I used them to define the possible Ground tiles:

-
enum Ground {
-    TILE_1,
-    TILE_2,
-    TILE_3,
-    TILE_DOWN_1,
-}
-
-

This way you can just select the tile by doing Ground.TILE_1, which will correspond to the int value of 0. So most of the code is just:

-
# old_tile is the actual first tile, whereas the new_tile_position
-#   is the the next empty tile; these also correspond to the top tile
-const _ground_level: int = 7
-const _initial_old_tile_x: int = -8
-const _initial_new_tile_x: int = 11
-var old_tile_position: Vector2 = Vector2(_initial_old_tile_x, _ground_level)
-var new_tile_position: Vector2 = Vector2(_initial_new_tile_x, _ground_level)
-
-
-func _place_new_ground() -> void:
-    set_cellv(new_tile_position, _get_random_ground())
-    set_cellv(new_tile_position + Vector2.DOWN, Ground.TILE_DOWN_1)
-    new_tile_position += Vector2.RIGHT
-
-
-func _remove_first_ground() -> void:
-    set_cellv(old_tile_position, -1)
-    set_cellv(old_tile_position + Vector2.DOWN, -1)
-    old_tile_position += Vector2.RIGHT
-
-

Where you might notice that the _initial_new_tile_x is 11, instead of 10, refer to Default ground tiles where we placed tiles from -8 to 10, so the next empty one is 11. These _place_new_ground and _remove_first_ground functions are called upon receiving the signal.

-

PipeTileMap

-

This is really similar to the “GroundTileMap” code, instead of defining an enum for the ground tiles, we define it for the pipe patterns (because each pipe is composed of multiple pipe tiles). If your pipe tile set looks like this (notice the index):

-
-PipeTileMap - Tile set indexes -
PipeTileMap - Tile set indexes
-
-

Then you can use the following “pipe patterns”:

-
var pipe: Dictionary = {
-    PipePattern.PIPE_1: [0, 1, 2, 2, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2],
-    PipePattern.PIPE_2: [0, 1, 2, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2],
-    PipePattern.PIPE_3: [0, 1, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2],
-    PipePattern.PIPE_4: [0, 1, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2],
-    PipePattern.PIPE_5: [0, 1, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2, 2],
-    PipePattern.PIPE_6: [0, 1, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2, 2, 2]
-}
-
-

Now, the pipe system requires a bit more of tracking as we need to instantiate a “ScoreDetector” here, too. I ended up keeping track of the placed pipes/detectors by using a “pipe stack” (and “detector stack”) which is just an array of placed objects from which I pop the first when deleting them:

-
onready var _pipe_sep: int = get_parent().PIPE_SEP
-const _pipe_size: int = 16
-const _ground_level: int = 7
-const _pipe_level_y: int = _ground_level - 1
-const _initial_new_pipe_x: int = 11
-var new_pipe_starting_position: Vector2 = Vector2(_initial_new_pipe_x, _pipe_level_y)
-var pipe_stack: Array
-
-# don't specify type for game, as it results in cyclic dependency,
-# as stated here: https://godotengine.org/qa/39973/cyclic-dependency-error-between-actor-and-actor-controller
-onready var game = get_parent().get_parent()
-var detector_scene: PackedScene = preload("res://levels/detectors/score_detector/ScoreDetector.tscn")
-var detector_offset: Vector2 = Vector2(16.0, -(_pipe_size / 2.0) * 16.0)
-var detector_stack: Array
-
-

The detector_offset is just me being picky. For placing a new pipe, we get the starting position (bottom pipe tile) and build upwards, then instantiate a new “ScoreDetector” (detector_scene) and set it’s position to the pipe starting position plus the offset, so it’s centered in the pipe, then just need to connect the “body_entered” signal from the detector with the game, so we keep track of the scoring. Finally just add the placed pipe and detector to their corresponding stacks:

-
func _place_new_pipe() -> void:
-    var current_pipe: Vector2 = new_pipe_starting_position
-    for tile in pipe[_get_random_pipe()]:
-        set_cellv(current_pipe, tile)
-        current_pipe += Vector2.UP
-
-    var detector: Area2D = detector_scene.instance()
-    detector.position = map_to_world(new_pipe_starting_position) + detector_offset
-    detector.connect("body_entered", game, "_on_ScoreDetector_body_entered")
-    detector_stack.append(detector)
-    add_child(detector)
-
-    pipe_stack.append(new_pipe_starting_position)
-    new_pipe_starting_position += _pipe_sep * Vector2.RIGHT
-
-

For removing pipes, it’s really similar but instead of getting the position from the next tile, we pop the first element from the (pipe/detector) stack and work with that. To remove the cells we just set the index to -1:

-
func _remove_old_pipe() -> void:
-    var current_pipe: Vector2 = pipe_stack.pop_front()
-    var c: int = 0
-    while c < _pipe_size:
-        set_cellv(current_pipe, -1)
-        current_pipe += Vector2.UP
-        c += 1
-
-    var detector: Area2D = detector_stack.pop_front()
-    remove_child(detector)
-    detector.queue_free()
-
-

These functions are called when receiving the signal to place/remove pipes.

-

Saved data

-

Before proceeding, we require a way to save/load data (for the high scores). We’re going to use the ConfigFile node that uses a custom version of the “ini” file format. Need to define where to save the data:

-
const DATA_PATH: String = "user://data.cfg"
-const SCORE_SECTION: String = "score"
-var _data: ConfigFile
-
-

Note that user:// is a OS specific path in which the data can be stored on a per user basis, for more: File paths. Then, a way to load the save file:

-
func _load_data() -> void:
-    # create an empty file if not present to avoid error while loading settings
-    var file: File = File.new()
-    if not file.file_exists(DATA_PATH):
-        file.open(DATA_PATH, file.WRITE)
-        file.close()
-
-    _data = ConfigFile.new()
-    var err: int = _data.load(DATA_PATH)
-    if err != OK:
-        print("[ERROR] Cannot load data.")
-
-

A way to save the data:

-
func save_data() -> void:
-    var err: int = _data.save(DATA_PATH)
-    if err != OK:
-        print("[ERROR] Cannot save data.")
-
-

And of course, a way to get and set the high score:

-
func set_new_high_score(high_score: int) -> void:
-    _data.set_value(SCORE_SECTION, "high_score", high_score)
-
-
-func get_high_score() -> int:
-    return _data.get_value(SCORE_SECTION, "high_score")
-
-

Then, whenever this script is loaded we load the data and if it’s a new file, then add the default high score of 0:

-
func _ready() -> void:
-    _load_data()
-
-    if not _data.has_section(SCORE_SECTION):
-        set_new_high_score(0)
-        save_data()
-
-

Now, this script in particular will need to be a Singleton (AutoLoad), which means that there will be only one instance and will be available across all scripts. To do so, go to Project -> Project settings… -> AutoLoad and select this script in the “Path:” and add a “Node Name:” (I used “SavedData”, if you use something else, be careful while following this devlog) which will be the name we’ll use to access the singleton. Toggle on “Enable” if needed, it should look like this:

-
-Project settings - AutoLoad - SavedData singleton -
Project settings - AutoLoad - SavedData singleton
-
-

Game

-

The game script it’s also like a “Signal bus” in the sense that it connects all its childs’ signals together, and also has the job of starting/stopping the _process and _physics_process methods from the childs as needed. First, we need to define the signals and and references to all child nodes:

-
signal game_started
-signal game_over
-signal new_score(score, high_score)
-
-onready var player: Player = $Player
-onready var background: Sprite= $Background
-onready var world_tiles: WorldTiles = $WorldTiles
-onready var ceiling_detector: Area2D = $CeilingDetector
-onready var world_detector: Node2D = $WorldDetector
-onready var camera: Camera2D = $Camera
-onready var start_sound: AudioStreamPlayer = $StartSound
-onready var score_sound: AudioStreamPlayer = $ScoreSound
-
-

It’s important to get the actual “player speed”, as we’re using a scale to make the game look bigger (remember, pixel art), to do so we need a reference to the “game_scale” we setup at the beginning and compute the player_speed:

-
var _game_scale: float = ProjectSettings.get_setting("application/config/game_scale")
-var player_speed: float
-
-
-func _ready() -> void:
-    scale = Vector2(_game_scale, _game_scale)
-    # so we move at the actual speed of the player
-    player_speed = player.SPEED / _game_scale
-
-

This player_speed will be needed as we need to move all the nodes (“Background”, “Camera”, etc.) in the x axis as the player is moving. This is done in the _physics_process:

-
func _physics_process(delta: float) -> void:
-    ceiling_detector.move_local_x(player_speed * delta)
-    world_detector.move_local_x(player_speed * delta)
-    background.move_local_x(player_speed * delta)
-    camera.move_local_x(player_speed * delta)
-
-

We also need a way to start and stop the processing of all the nodes:

-
func _set_processing_to(on_off: bool, include_player: bool = true) -> void:
-    set_process(on_off)
-    set_physics_process(on_off)
-    if include_player:
-        player.set_process(on_off)
-        player.set_physics_process(on_off)
-    world_tiles.set_process(on_off)
-    world_tiles.set_physics_process(on_off)
-    ceiling_detector.set_process(on_off)
-    ceiling_detector.set_physics_process(on_off)
-
-

Where the player is a special case, as when the player dies, it should still move (only down), else it would just freeze in place. In _ready we connect all the necessary signals as well as initially set the processing to false using the last function. To start/restart the game we need to keep a flag called is_game_running initially set to false and then handle the (re)startability in _input:

-
func _input(event: InputEvent) -> void:
-    if not is_game_running and event.is_action_pressed("jump"):
-        _set_processing_to(true)
-        is_game_running = true
-        emit_signal("game_started")
-        start_sound.play()
-
-    if event.is_action_pressed("restart"):
-        get_tree().reload_current_scene()
-
-

Then we handle two specific signals:

-
func _on_Player_died() -> void:
-    _set_processing_to(false, false)
-    emit_signal("game_over")
-
-
-func _on_ScoreDetector_body_entered(body: Node2D) -> void:
-    score += 1
-    if score > high_score:
-        high_score = score
-        SavedData.set_new_high_score(high_score)
-        SavedData.save_data()
-    emit_signal("new_score", score, high_score)
-    score_sound.play()
-
-

When the player dies, we set all processing to false, except for the player itself (so it can drop all the way to the ground). Also, when receiving a “scoring” signal, we manage the current score, as well as saving the new high score when applicable, note that we need to read the high_score at the beginning by calling SavedData.get_high_score(). This signal we emit will be received by the UI so it updates accordingly.

-

UI

-

First thing is to get a reference to all the child Labels, an initial reference to the high score as well as the version defined in the project settings:

-
onready var fps_label: Label = $MarginContainer/DebugContainer/FPS
-onready var version_label: Label = $MarginContainer/VersionContainer/Version
-onready var score_label: Label = $MarginContainer/InfoContainer/ScoreContainer/Score
-onready var high_score_label: Label = $MarginContainer/InfoContainer/ScoreContainer/HighScore
-onready var start_game_label: Label = $MarginContainer/InfoContainer/StartGame
-
-onready var _initial_high_score: int = SavedData.get_high_score()
-
-var _version: String = ProjectSettings.get_setting("application/config/version")
-
-

Then set the initial Label values as well as making the fps_label invisible:

-
func _ready() -> void:
-    fps_label.visible = false
-    version_label.set_text("v%s" % _version)
-    high_score_label.set_text("High score: %s" % _initial_high_score)
-
-

Now we need to handle the fps_label update and toggle:

-
func _input(event: InputEvent) -> void:
-    if event.is_action_pressed("toggle_debug"):
-        fps_label.visible = !fps_label.visible
-
-
-func _process(delta: float) -> void:
-    if fps_label.visible:
-        fps_label.set_text("FPS: %d" % Performance.get_monitor(Performance.TIME_FPS))
-
-

Finally the signal receiver handlers which are straight forward:

-
func _on_Game_game_started() -> void:
-    start_game_label.visible = false
-    high_score_label.visible = false
-
-
-func _on_Game_game_over() -> void:
-    start_game_label.set_text("Press R to restart")
-    start_game_label.visible = true
-    high_score_label.visible = true
-
-
-func _on_Game_new_score(score: int, high_score: int) -> void:
-    score_label.set_text(String(score))
-    high_score_label.set_text("High score: %s" % high_score)
-
-

Main

-

This is the shortest script, it just connects the signals between the “Game” and the “UI”:

-
onready var game: Game = $Game
-onready var ui: UI = $UI
-
-var _game_over: bool = false
-
-
-func _ready() -> void:
-    game.connect("game_started", ui, "_on_Game_game_started")
-    game.connect("game_over", ui, "_on_Game_game_over")
-    game.connect("new_score", ui, "_on_Game_new_score")
-
-

Final notes and exporting

-

At this point the game should be fully playable (if any detail missing feel free to look into the source code linked at the beginning). Only thing missing is an icon for the game; I did one pretty quicly with the assets I had.

-

Preparing the files

-

If you followed the directory structure I used, then only thing needed is to transform the icon to a native Windows ico format (if exporting to Windows, else ignore this part). For this you need ImageMagick or some other program that can transform png (or whatever file format you used for the icon) to ico. I used [Chocolatey][https://chocolatey.org/] to install imagemagick, then to convert the icon itself used: magick convert icon.png -define icon:auto-resize=256,128,64,48,32,16 icon.ico as detailed in Godot‘s Changing application icon for Windows.

-

Exporting

-

You need to download the templates for exporting as detailed in Godot‘s Exporting projects. Basically you go to Editor -> Manage Export Templates… and download the latest one specific to your Godot version by clicking on “Download and Install”.

-

If exporting for Windows then you also need to download rcedit from here. Just place it wherever you want (I put it next to the Godot executable).

-

Then go to Project -> Export… and the Window should be empty, add a new template by clicking on “Add…” at the top and then select the template you want. I used HTML5, Windows Desktop and Linux/X11. Really the only thing you need to set is the “Export Path” for each template, which is te location of where the executable will be written to, and in the case of the Windows Desktop template you could also setup stuff like “Company Name”, “Product Name”, “File/Product Version”, etc..

-

Once the templates are setup, select any and click on “Export Project” at the bottom, and make sure to untoggle “Export With Debug” in the window that pops up, this checkbox should be at the bottom of the new window.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/g/godot_project_structure.html b/blog/dst/g/godot_project_structure.html deleted file mode 100644 index 5e6f93f..0000000 --- a/blog/dst/g/godot_project_structure.html +++ /dev/null @@ -1,263 +0,0 @@ - - - - - - - General Godot project structure -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

General Godot project structure

- -

One of my first issues when starting a project is how to structure everything. So I had to spend some time researching best practices and go with what I like the most and after trying some of them I wanted to write down somewhere what I’m sticking with.

-

The first place to look for is, of course, the official Godot documentation on Project organization; along with project structure discussion, also comes with best practices for code style and what-not. I don’t like this project/directory structure that much, just because it tells you to bundle everything under the same directory but it’s a really good starting point, for example it tells you to use:

- -

Where I would prefer to have more modularity, for example:

- -

It might look like it’s more work, but I prefer it like this. I wish this site was still available, as I got most of my ideas from there and was a pretty good resource, but apparently the owner is not maintaining his site anymore; but there is this excelent comment on reddit which shows a project/directory structure more in line with what I’m currently using (and similr to the site that is down that I liked). I ended up with:

- -

And so on, I hope the idea is clear. I’ll probably change my mind on the long run, but for now this has been working fine.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/g/gogodot_jam3_devlog_1.html b/blog/dst/g/gogodot_jam3_devlog_1.html deleted file mode 100644 index dc0a9e9..0000000 --- a/blog/dst/g/gogodot_jam3_devlog_1.html +++ /dev/null @@ -1,736 +0,0 @@ - - - - - - - Creating my Go Godot Jam 3 entry using Godot 3.5 devlog 1 -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Creating my Go Godot Jam 3 entry using Godot 3.5 devlog 1

- -

The jam’s theme is Evolution and all the details are listed here. This time I’m logging as I go, so there might be some changes to the script or scenes along the way I couldn’t actually do this, as I was running out of time.. Note that I’m not going to go into much details, the obvious will be ommitted.

-

I wanted to do a Snake clone, and I’m using this jam as an excuse to do it and add something to it. The features include:

- -

I created this game using Godot 3.5-rc3. You can find the source code in my GitHub here which at the time of writing this it doesn’t contain any exported files, for that you can go ahead and play it in your browser at itch.io, which you can find below:

-

- -

You can also find the jam entry here.

-

Similarly with the my FlappyBird clone, I plan to update this to a better state.

-

Initial setup

-

Again, similar to the FlappyBird clone I developed, I’m using the directory structure I wrote about on Godot project structure with slight modifications to test things out. Also using similar Project settings as those from the FlappyBird clone like the pixel art texture imports, keybindings, layers, etc..

-

I’ve also setup GifMaker, with slight modifications as the AssetLib doesn’t install it correctly and contains unnecessry stuff: moved necessary files to the res://addons directory, deleted test scenes and files in general, and copied the license to the res://docs directory. Setting this up was a bit annoying because the tutorial it’s bad (with all due respect). I might do a separate entry just to explain how to set it up, because I couldn’t find it anywhere other than by inspecting some of the code/scenes.I ended up not leaving this enabled in the game as it lagged the game out, but it’s an option I’ll end up researching more.

-

This time I’m also going to be using an Event bus singleton (which I’m going to just call Event) as managing signals was pretty annoying on my last project; as well as a Global singleton for essential stuff so I don’t have to do as many cross references between nodes/scenes.

-

Assets

-

This time I’ll be creating my own assets in Aseprite, wont be that good, but enough to prototype and get things going.

-

Other than that I used few key sprites from vryell: Controller & Keyboard Icons and a font from datagoblin: Monogram.

-

The snake

-

This is the most challenging part in my opinion as making all the body parts follow the head in a user defined path it’s kinda hard. I tried with like 4-5 options and the one I’m detailing here is the only one that worked as I wanted for me. This time the directory structure I’m using is the following:

-
-FileSystem - Snake dir structure -
FileSystem - Snake dir structure
-
-

Basic movement

-

The most basic thing is to move the head, this is what we have control of. Create a scene called Head.tscn and setup the basic KinematicBody2D with it’s own Sprite and CollisionShape2D (I used a small circle for the tip of the head), and set the Collision Layer/Mask accordingly, for now just layer = bit 1. And all we need to do, is keep moving the snake forwards and be able to rotate left or right. Created a new script called head.gd attached to the root (KinematicBody2D) and added:

-
extends KinematicBody2D
-
-enum {
-    LEFT=-1,
-    RIGHT=1
-}
-
-var velocity: Vector2 = Vector2.ZERO
-var _direction: Vector2 = Vector2.UP
-
-
-func _physics_process(delta: float) -> void:
-    if Input.is_action_pressed("move_left"):
-        _rotate_to(LEFT)
-    if Input.is_action_pressed("move_right"):
-        _rotate_to(RIGHT)
-
-    velocity = _direction * Global.SNAKE_SPEED
-
-    velocity = move_and_slide(velocity)
-    _handle_time_elapsed(delta)
-
-
-func _rotate_to(direction: int) -> void:
-    rotate(deg2rad(direction * Global.SNAKE_ROT_SPEED * get_physics_process_delta_time()))
-    _direction = _direction.rotated(deg2rad(direction * Global.SNAKE_ROT_SPEED * get_physics_process_delta_time()))
-
-

After tunning all the necessary parameters you should get something like this:

-
-Snake - Basic movement (left and right controls) -
Snake - Basic movement (left and right controls)
-
-

Setting up path following

-

To move other snake parts by following the snake head the only solution I found was to use the Path2D and PathFollow2D nodes. Path2D basically just handles the curve/path that PathFollow2D will use to move its child node; and I say “child node” in singular… as PathFollow2D can only handle one damn child, all the other ones will have weird transformations and/or rotations. So, the next thing to do is to setup a way to compute (and draw so we can validate) the snake’s path/curve.

-

Added the signal snake_path_new_point(coordinates) to the Event singleton and then add the following to head.gd:

-
var _time_elapsed: float = 0.0
-
-# using a timer is not recommended for < 0.01
-func _handle_time_elapsed(delta: float) -> void:
-    if _time_elapsed >= Global.SNAKE_POSITION_UPDATE_INTERVAL:
-        Event.emit_signal("snake_path_new_point", global_position)
-        _time_elapsed = 0.0
-    _time_elapsed += delta
-
-

This will be pinging the current snake head position every 0.01 seconds (defined in Global). Now create a new scene called Snake.tscn which will contain a Node2D, a Path2D and an instance of Head as its childs. Create a new script called snake.gd attached to the root (Node2D) with the following content:

-
class_name Snake
-extends Node2D
-
-onready var path: Path2D = $Path
-
-func _ready():
-    Event.connect("snake_path_new_point", self, "_on_Head_snake_path_new_point")
-
-
-func _draw() -> void:
-    if path.curve.get_baked_points().size() >= 2:
-        draw_polyline(path.curve.get_baked_points(), Color.aquamarine, 1, true)
-
-
-func _on_Head_snake_path_new_point(coordinates: Vector2) -> void:
-    path.curve.add_point(coordinates)
-    # update call is to draw curve as there are new points to the path's curve
-    update()
-
-

With this, we’re now populating the Path2D curve points with the position of the snake head. You should be able to see it because of the _draw call. If you run it you should see something like this:

-
-Snake - Basic movement with path -
Snake - Basic movement with path
-
-

Define body parts for the snake

-

At this point the only thing to do is to add the corresponding next body parts and tail of the snake. To do so, we need a PathFollow2D to use the live-generating Path2D, the only caveat is that we need one of these per body part/tail (this took me hours to figure out, thanks documentation).

-

Create a new scene called Body.tscn with a PathFollow2D as its root and an Area2D as its child, then just add the necessary Sprite and CollisionShap2D for the Area2D, I’m using layer = bit 2 for its collision. Create a new script called generic_segment.gd with the following code:

-
extends PathFollow2D
-
-export(String, "body", "tail") var TYPE: String = "body"
-
-
-func _physics_process(delta: float) -> void:
-    offset += Global.SNAKE_SPEED * delta
-
-

And this can be attached to the Body‘s root node (PathFollow2D), no extra setup needed. Repeat the same steps for creating the Tail.tscn scene and when attaching the generic_segment.gd script just configure the Type parameter to tail in the GUI (by selecting the node with the script attached and editing in the Inspector).

-

Adding body parts

-

Now it’s just a matter of handling when to add new body parts in the snake.gd script. For now I’ve only setup for adding body parts to fulfill the initial length of the snake (this doesn’t include the head or tail). The extra code needed is the following:

-
export(PackedScene) var BODY_SEGMENT_NP: PackedScene
-export(PackedScene) var TAIL_SEGMENT_NP: PackedScene
-
-var current_body_segments: int = 0
-var max_body_segments: int = 1
-
-
-func _add_initial_segment(type: PackedScene) -> void:
-    if path.curve.get_baked_length() >= (current_body_segments + 1.0) * Global.SNAKE_SEGMENT_SIZE:
-        var _temp_body_segment: PathFollow2D = type.instance()
-        path.add_child(_temp_body_segment)
-        current_body_segments += 1
-
-
-func _on_Head_snake_path_new_point(coordinates: Vector2) -> void:
-    path.curve.add_point(coordinates)
-    # update call is to draw curve as there are new points to the path's curve
-    update()
-
-    # add the following lines
-    if current_body_segments < max_body_segments:
-        _add_initial_segment(BODY_SEGMENT_NP)
-    elif current_body_segments == max_body_segments:
-        _add_initial_segment(TAIL_SEGMENT_NP)
-
-

Select the Snake node and add the Body and Tail scene to the parameters, respectively. Then when running you should see something like this:

-
-Snake - Basic movement with all body parts -
Snake - Basic movement with all body parts
-
-

Now, we need to handle adding body parts after the snake is complete and already moved for a bit, this will require a queue so we can add part by part in the case that we eat multiple pieces of food in a short period of time. For this we need to add some signals: snake_adding_new_segment(type), snake_added_new_segment(type), snake_added_initial_segments and use them when makes sense. Now we need to add the following:

-
var body_segment_stack: Array
-var tail_segment: PathFollow2D
-# didn't konw how to name this, basically holds the current path lenght
-#   whenever the add body segment, and we use this stack to add body parts
-var body_segment_queue: Array
-
-

As well as updating _add_initial_segment with the following so it adds the new segment on the specific variable:

-
if _temp_body_segment.TYPE == "body":
-    body_segment_stack.append(_temp_body_segment)
-else:
-    tail_segment = _temp_body_segment
-
-

Now that it’s just a matter of creating the segment queue whenever a new segment is needed, as well as adding each segment in a loop whenever we have items in the queue and it’s a good distance to place the segment on. These two things can be achieved with the following code:

-
# this will be called in _physics_process
-func _add_new_segment() -> void:
-    var _path_length_threshold: float = body_segment_queue[0] + Global.SNAKE_SEGMENT_SIZE
-    if path.curve.get_baked_length() >= _path_length_threshold:
-        var _removed_from_queue: float = body_segment_queue.pop_front()
-        var _temp_body_segment: PathFollow2D = BODY_SEGMENT_NP.instance()
-        var _new_body_offset: float = body_segment_stack.back().offset - Global.SNAKE_SEGMENT_SIZE
-
-        _temp_body_segment.offset = _new_body_offset
-        body_segment_stack.append(_temp_body_segment)
-        path.add_child(_temp_body_segment)
-        tail_segment.offset = body_segment_stack.back().offset - Global.SNAKE_SEGMENT_SIZE
-
-        current_body_segments += 1
-
-
-func _add_segment_to_queue() -> void:
-    # need to have the queues in a fixed separation, else if the eating functionality
-    #   gets spammed, all next bodyparts will be spawned almost at the same spot
-    if body_segment_queue.size() == 0:
-        body_segment_queue.append(path.curve.get_baked_length())
-    else:
-        body_segment_queue.append(body_segment_queue.back() + Global.SNAKE_SEGMENT_SIZE)
-
-

With everything implemented and connected accordingly then we can add segments on demand (for testing I’m adding with a keystroke), it should look like this:

-
-Snake - Basic movement with dynamic addition of new segments -
Snake - Basic movement with dynamic addition of new segments
-
-

For now, this should be enough, I’ll add more stuff as needed as I go. Last thing is that after finished testing that the movement felt ok, I just added a way to stop the snake whenever it collides with itself by using the following code (and the signal snake_segment_body_entered(body)) in a main.gd script that is the entry point for the game:

-
func _snake_disabled(on_off: bool) -> void:
-    _snake.propagate_call("set_process", [on_off])
-    _snake.propagate_call("set_process_internal", [on_off])
-    _snake.propagate_call("set_physics_process", [on_off])
-    _snake.propagate_call("set_physics_process_internal", [on_off])
-    _snake.propagate_call("set_process_input", [on_off])
-
-

Which will stop the snake node and all children.

-

Fix on body segments following head

-

After a while of testing and developing, I noticed that sometimes the head “detaches” from the body when a lot of rotations happen (moving the snake left or right), because of how imprecise the Curve2D is. To do this I just send a signal (snake_rotated) whenever the snake rotates and make a small correction (in generic_segment.gd):

-
func _on_snake_rotated() -> void:
-    offset -= 0.75 * Global.SNAKE_SPEED * pow(get_physics_process_delta_time(), 2)
-
-

This is completely random, I tweaked it manually after a lot of iterations.

-

The food

-

For now I just decided to setup a simple system to see everything works fine. The idea is to make some kind of generic food node/scene and a “food manager” to spawn them, for now in totally random locations. For this I added the following signals: food_placing_new_food(type), food_placed_new_food(type) and food_eaten(type).

-

First thing is creating the Food.tscn which is just an Area2D with its necessary children with an attached script called food.gd. The script is really simple:

-
class_name Food # needed to access Type enum outside of the script, this registers this script as a node
-extends Area2D
-
-enum Type {
-    APPLE
-}
-
-var _type_texture: Dictionary = {
-    Type.APPLE: preload("res://entities/food/sprites/apple.png")
-}
-
-export(Type) var TYPE
-onready var _sprite: Sprite = $Sprite
-
-
-func _ready():
-    connect("body_entered", self, "_on_body_entered")
-    _sprite.texture = _type_texture[TYPE]
-
-
-func _on_body_entered(body: Node) -> void:
-    Event.emit_signal("food_eaten", TYPE)
-    queue_free()
-
-

Then this food_eaten signal is received in snake.gd to add a new segment to the queue.

-

Finally, for the food manager I just created a FoodManager.tscn with a Node2D with an attached script called food_manager.gd. To get a random position:

-
func _get_random_pos() -> Vector2:
-    var screen_size: Vector2 = get_viewport().get_visible_rect().size
-    var temp_x: float = randf() * screen_size.x - screen_size.x / 2.0
-    var temp_y: float = randf() * screen_size.y - screen_size.y / 2.0
-
-    return Vector2(temp_x, temp_y)
-
-

Which gets the job done, but later I’ll have to add a way to check that the position is valid. And to actually place the food:

-
func _place_new_food() -> void:
-    var food: Area2D = FOOD.instance()
-    var position: Vector2 = _get_random_pos()
-    food.global_position = position
-    add_child(food)
-
-

And this is used in _process to place new food whenever needed. For now I added a condition to add food until 10 pieces are in place, and keep adding whenever the food is is lower than 10. After setting everything up, this is the result:

-
-Snake - Food basic interaction -
Snake - Food basic interaction
-
-

Za warudo! (The world)

-

It just happend that I saw a video to create random maps by using a method called random walks, this video was made by NAD LABS: Nuclear Throne Like Map Generation In Godot. It’s a pretty simple but powerful script, he provided the source code from which I based my random walker, just tweaked a few things and added others. Some of the maps than can be generated with this method (already aded some random sprites):

-
-World map generator - Random map 1 -
World map generator - Random map 1
-
-
-World map generator - Random map 2 -
World map generator - Random map 2
-
-
-World map generator - Random map 3 -
World map generator - Random map 3
-
-

It started with just black and white tiles, but I ended up adding some sprites as it was really harsh to the eyes. My implementation is basically the same as NAD LABS‘ with few changes, most importantly: I separated the generation in 2 diferent tilemaps (floor and wall) to have better control as well as wrapped everything in a single scene with a “main” script with the following important functions:

-
func get_valid_map_coords() -> Array:
-    var safe_area: Array = walker_head.get_cells_around()
-    var cells_used: Array = ground_tilemap.get_used_cells()
-    for location in safe_area:
-        cells_used.erase(location)
-    return cells_used
-
-
-func get_centered_world_position(location: Vector2) -> Vector2:
-    return ground_tilemap.map_to_world(location) + Vector2.ONE * Global.TILE_SIZE / 2.0
-
-

Where get_cells_around is just a function that gets the safe cells around the origin. And this get_valid_map_coords just returns used cells minus the safe cells, to place food. get_centered_world_position is so we can center the food in the tiles.

-

Some signals I used for the world gen: world_gen_walker_started(id), world_gen_walker_finished(id), world_gen_walker_died(id) and world_gen_spawn_walker_unit(location).

-

Food placement

-

The last food algorithm doesn’t check anything related to the world, and thus the food could spawn in the walls and outside the map.

-

First thing is I generalized the food into a single script and added basic food and special food which inherit from base food. The most important stuff for the base food is to be able to set all necessary properties at first:

-
func update_texture() -> void:
-    _sprite.texture = texture[properties["type"]]
-
-
-func set_properties(pos: Vector2, loc: Vector2, special: bool, type: int, points: int=1, special_points: int=1, ttl: float = -1.0) -> void:
-    properties["global_position"] = pos
-    global_position = pos
-    properties["location"] = loc
-    properties["special"] = special
-    properties["type"] = type
-
-    properties["points"] = points
-    properties["special_points"] = special_points
-    properties["ttl"] = ttl
-    if properties["ttl"] != -1.0:
-        timer.wait_time = properties["ttl"]
-        timer.start()
-
-

Where the update_texture needs to be a separate function, because we need to create the food first, set properties, add as a child and then update the sprite; we also need to keep track of the global position, location (in tilemap coordinates) and identifiers for the type of food.

-

Then basic/special food just extend base food, define a Type enum and preloads the necessary textures, for example:

-
enum Type {
-    APPLE,
-    BANANA,
-    RAT
-}
-
-
-func _ready():
-    texture[Type.APPLE] = preload("res://entities/food/sprites/apple.png")
-    texture[Type.BANANA] = preload("res://entities/food/sprites/banana.png")
-    texture[Type.RAT] = preload("res://entities/food/sprites/rat.png")
-
-

Now, some of the most important change to food_manager.gd is to get an actual random valid position:

-
func _get_random_pos() -> Array:
-    var found_valid_loc: bool = false
-    var index: int
-    var location: Vector2
-
-    while not found_valid_loc:
-        index = randi() % possible_food_locations.size()
-        location = possible_food_locations[index]
-        if current_basic_food.find(location) == -1 and current_special_food.find(location) == -1:
-            found_valid_loc = true
-
-    return [world_generator.get_centered_world_position(location), location]
-
-

Other than that, there are some differences between placing normal and special food (specially the signal they send, and if an extra “special points” property is set). Some of the signals that I used that might be important: food_placing_new_food(type), food_placed_new_food(type, location) and food_eaten(type, location).

-

Stats clas and loading/saving data

-

I got the idea of saving the current stats (points, max body segments, etc.) in a separate Stats class for easier load/save data. This option I went with didn’t work as I would liked it to work, as it was a pain in the ass to setup and each time a new property is added you have to manually setup the load/save helper functions… so not the best option. This option I used was json but saving a Node directly could work better or using resources (saving tres files).

-

Stats class

-

The Stats “class” is just a script that extends from Node called stats.gd. It needs to define the class_name as Stats. The main content:

-
# main
-var points: int = 0
-var segments: int = 0
-
-# track of trait points
-var dash_points: int = 0
-var slow_points: int = 0
-var jump_points: int = 0
-
-# times trait achieved
-var dash_segments: int = 0
-var slow_segments: int = 0
-var jump_segments: int = 0
-
-# trait properties
-var dash_percentage: float = 0.0
-var slow_percentage: float = 0.0
-var jump_lenght: float = 0.0
-
-# trait active
-var trait_dash: bool = false
-var trait_slow: bool = false
-var trait_jump: bool = false
-
-

And with the ugliest functions:

-
func get_stats() -> Dictionary:
-    return {
-        "points": points,
-        "segments": segments,
-        "dash_points": dash_points,
-        "dash_segments": dash_segments,
-        "dash_percentage": dash_percentage,
-        "slow_points": slow_points,
-        "slow_segments": slow_segments,
-        "slow_percentage": slow_percentage,
-        "jump_points": jump_points,
-        "jump_segments": jump_segments,
-        "jump_lenght": jump_lenght,
-        "trait_dash": trait_dash,
-        "trait_slow": trait_slow,
-        "trait_jump": trait_jump
-    }
-
-
-func set_stats(stats: Dictionary) -> void:
-        points = stats["points"]
-        segments = stats["segments"]
-        dash_points = stats["dash_points"]
-        slow_points = stats["slow_points"]
-        jump_points = stats["jump_points"]
-        dash_segments = stats["dash_segments"]
-        slow_segments = stats["slow_segments"]
-        jump_segments = stats["jump_segments"]
-        dash_percentage = stats["dash_percentage"]
-        slow_percentage = stats["slow_percentage"]
-        jump_lenght = stats["jump_lenght"]
-        trait_dash = stats["trait_dash"]
-        trait_slow = stats["trait_slow"]
-        trait_jump = stats["trait_jump"]
-
-

And this is not scalable at all, but I had to do this at the end of the jam so no way of optimizing and/or doing it correctly, sadly.

-

Load/save data

-

The load/save function is pretty standard. It’s a singleton/autoload called SavedData with a script that extends from Node called save_data.gd:

-
const DATA_PATH: String = "user://data.save"
-
-var _stats: Stats
-
-
-func _ready() -> void:
-    _load_data()
-
-
-# called when setting "stats" and thus saving
-func save_data(stats: Stats) -> void:
-    _stats = stats
-    var file: File = File.new()
-    file.open(DATA_PATH, File.WRITE)
-    file.store_line(to_json(_stats.get_stats()))
-    file.close()
-
-
-func get_stats() -> Stats:
-    return _stats
-
-
-func _load_data() -> void:
-    # create an empty file if not present to avoid error while loading settings
-    _handle_new_file()
-
-    var file = File.new()
-    file.open(DATA_PATH, File.READ)
-    _stats = Stats.new()
-    _stats.set_stats(parse_json(file.get_line()))
-    file.close()
-
-
-func _handle_new_file() -> void:
-    var file: File = File.new()
-    if not file.file_exists(DATA_PATH):
-        file.open(DATA_PATH, File.WRITE)
-        _stats = Stats.new()
-        file.store_line(to_json(_stats.get_stats()))
-        file.close()
-
-

It uses json as the file format, but I might end up changing this in the future to something else more reliable and easier to use (Stats class related issues).

-

Scoring

-

For this I created a scoring mechanisms and just called it ScoreManager (score_manager.gd) which just basically listens to food_eaten signal and adds points accordingly to the current Stats object loaded. The main function is:

-
func _on_food_eaten(properties: Dictionary) -> void:
-    var is_special: bool = properties["special"]
-    var type: int = properties["type"]
-    var points: int = properties["points"]
-    var special_points: int = properties["special_points"]
-    var location: Vector2 = properties["global_position"]
-    var amount_to_grow: int
-    var special_amount_to_grow: int
-
-    amount_to_grow = _process_points(points)
-    _spawn_added_score_text(points, location)
-    _spawn_added_segment_text(amount_to_grow)
-
-    if is_special:
-        special_amount_to_grow = _process_special_points(special_points, type)
-        # _spawn_added_score_text(points, location)
-        _spawn_added_special_segment_text(special_amount_to_grow, type)
-        _check_if_unlocked(type)
-
-

Where the most important function is:

-
func _process_points(points: int) -> int:
-    var score_to_grow: int = (stats.segments + 1) * Global.POINTS_TO_GROW - stats.points
-    var amount_to_grow: int = 0
-    var growth_progress: int
-    stats.points += points
-    if points >= score_to_grow:
-        amount_to_grow += 1
-        points -= score_to_grow
-        # maybe be careful with this
-        amount_to_grow += points / Global.POINTS_TO_GROW
-        stats.segments += amount_to_grow
-        Event.emit_signal("snake_add_new_segment", amount_to_grow)
-
-    growth_progress = Global.POINTS_TO_GROW - ((stats.segments + 1) * Global.POINTS_TO_GROW - stats.points)
-    Event.emit_signal("snake_growth_progress", growth_progress)
-    return amount_to_grow
-
-

Which will add the necessary points to Stats.points and return the amount of new snake segments to grow. After this _spawn_added_score_segment and _spawn_added_segment_text just spawn a Label with the info on the points/segments gained; this is custom UI I created, nothing fancy.

-

Last thing is taht in _process_points there is a check at the end, where if the food eaten is “special” then a custom variation of the last 3 functions are executed. These are really similar, just specific to each kind of food.

-

This ScoreManager also handles the calculation for the game_over signal, to calculte progress, set necessary Stats values and save the data:

-
func _on_game_over() -> void:
-    var max_stats: Stats = _get_max_stats()
-    SaveData.save_data(max_stats)
-    Event.emit_signal("display_stats", initial_stats, stats, mutation_stats)
-
-
-func _get_max_stats() -> Stats:
-    var old_stats_dict: Dictionary = initial_stats.get_stats()
-    var new_stats_dict: Dictionary = stats.get_stats()
-    var max_stats: Stats = Stats.new()
-    var max_stats_dict: Dictionary = max_stats.get_stats()
-    var bool_stats: Array = [
-        "trait_dash",
-        "trait_slow",
-        "trait_jump"
-    ]
-
-    for i in old_stats_dict:
-        if bool_stats.has(i):
-            max_stats_dict[i] = old_stats_dict[i] or new_stats_dict[i]
-        else:
-            max_stats_dict[i] = max(old_stats_dict[i], new_stats_dict[i])
-    max_stats.set_stats(max_stats_dict)
-    return max_stats
-
-

Then this sends a signal display_stats to activate UI elements that shows the progression.

-

Naturally, the saved Stats are loaded whenever needed. For example, for the Snake, we load the stats and setup any value needed from there (like a flag to know if any ability is enabled), and since we’re saving the new Stats at the end, then on restart we load the updated one.

-

Snake redesigned with the state machine pattern

-

I redesigned the snake code (the head, actually) to use the state machine pattern by following this guide which is definitely a great guide, straight to the point and easy to implement.

-

Other than what is shown in the guide, I implemented some important functions in the state_machine.gd script itself, to be used by each of the states as needed:

-
func rotate_on_input() -> void:
-    if Input.is_action_pressed("move_left"):
-        player.rotate_to(player.LEFT)
-    if Input.is_action_pressed("move_right"):
-        player.rotate_to(player.RIGHT)
-
-
-func slow_down_on_collisions(speed_backup: float):
-    if player.get_last_slide_collision():
-        Global.SNAKE_SPEED = player.velocity.length()
-    else:
-        Global.SNAKE_SPEED = speed_backup
-
-
-func handle_slow_speeds() -> void:
-    if Global.SNAKE_SPEED <= Global.SNAKE_SPEED_BACKUP / 4.0:
-        Global.SNAKE_SPEED = Global.SNAKE_SPEED_BACKUP
-        Event.emit_signal("game_over")
-
-

And then in the StateMachine‘s _process:

-
func _physics_process(delta: float) -> void:
-    # state specific code, move_and_slide is called here
-    if state.has_method("physics_process"):
-        state.physics_process(delta)
-
-    handle_slow_speeds()
-    player.handle_time_elapsed(delta)
-
-

And now it’s just a matter of implementing the necessary states. I used 4: normal_stage.gd, slow_state.gd, dash_state.gd and jump_state.gd.

-

The normal_state.gd contains what the original head.gd code contained:

-
func physics_process(delta: float) -> void:
-    fsm.rotate_on_input()
-    fsm.player.velocity = fsm.player.direction * Global.SNAKE_SPEED
-    fsm.player.velocity = fsm.player.move_and_slide(fsm.player.velocity)
-
-    fsm.slow_down_on_collisions(Global.SNAKE_SPEED_BACKUP)
-
-
-func input(event: InputEvent) -> void:
-    if fsm.player.can_dash and event.is_action_pressed("dash"):
-        exit("DashState")
-    if fsm.player.can_slow and event.is_action_pressed("slow"):
-        exit("SlowState")
-    if fsm.player.can_jump and event.is_action_pressed("jump"):
-        exit("JumpState")
-
-

Here, the exit method is basically to change to the next state. And lastly, I’m only gonna show the dash_state.gd as the other ones are pretty similar:

-
func enter():
-    if fsm.DEBUG:
-        print("Got inside %s." % name)
-    Event.emit_signal("snake_started_dash")
-    Global.SNAKE_SPEED = Global.SNAKE_DASH_SPEED
-    yield(get_tree().create_timer(Global.SNAKE_DASH_TIME), "timeout")
-    exit()
-
-
-func exit():
-    Event.emit_signal("snake_finished_dash")
-    Global.SNAKE_SPEED = Global.SNAKE_SPEED_BACKUP
-    fsm.back()
-
-
-func physics_process(delta: float) -> void:
-    fsm.rotate_on_input()
-    fsm.player.velocity = fsm.player.direction * Global.SNAKE_SPEED
-    fsm.player.velocity = fsm.player.move_and_slide(fsm.player.velocity)
-
-    fsm.slow_down_on_collisions(Global.SNAKE_DASH_SPEED)
-
-

Where the important parts happen in the enter and exit functions. We need to change the Global.SNAKE_SPEED with the Global.SNAKE_DASH_SPEED on startand start the timer for how long should the dash last. And on the exit we reset the Global.SNAKE_SPEED back to normal. There is probably a better way of updating the Global.SNAKE_SPEED but this works just fine.

-

For the other ones is the same. Only difference with the jump_state.gd is that the collision from head to body is disabled, and no rotation is allowed (by not calling the rotate_on_input function).

-

Other minor stuff

-

Not as important but worth mentioning:

- -

Final notes

-

I actually didn’t finish this game (as how I visualized it), but I got it in a playable state which is good. My big learning during this jam is the time management that it requires to plan and design a game. I lost a lot of time trying to implement some mechanics because I was facing many issues, because of my lack of practice (which was expected) as well as trying to blog and create the necessary sprites myself. Next time I should just get an asset pack and do something with it, as well as keeping the scope of my game shorter.

-

For exporting and everything else, I went with what I did for my FlappyBird Godot clone

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/g/starting_gamedev_blogging.html b/blog/dst/g/starting_gamedev_blogging.html deleted file mode 100644 index d5c83a8..0000000 --- a/blog/dst/g/starting_gamedev_blogging.html +++ /dev/null @@ -1,144 +0,0 @@ - - - - - - - Will start blogging about gamedev -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Will start blogging about gamedev

- -

I’ve been wanting to get into gamedev for a while now, but it’s always a pain to stay consistent. I just recently started to get into gamedev again, and this time I’m trying to actually do stuff.

-

So, the plan is to blog about my progress and clone some simple games just to get started. I’m thinking on sticking with Godot just because I like that it’s open source, it’s getting better and better overtime (big rewrite happening right now) and I already like how the engine works. Specifically I’ll start using Godot 4 even though it’s not done yet, to get used to the new features, specifically pumped for GDScript 2.0. Actually… (for the small clones/ripoffs) I’ll need to use Godot 3.X (probably 3.5), as Godot 4 doesn’t have support to export to webassembly (HTML5) yet, and I want that to publish to itch.io and my website. I’ll continue to use Godot 4 for bigger projects, as they will take longer and I hope that by the time I need to publish, there’s no issues to export.

-

For a moment I almost started a new subdomain just for gamedev stuff, but decided to just use a different directory for subtleness; this directory and use of tags should be enough. I’ll be posting the entry about the first rip-off I’m developing (FlappyBird L O L) shortly.

- - - - -
- -
- - - - \ No newline at end of file diff --git a/blog/dst/index.html b/blog/dst/index.html deleted file mode 100644 index 163f679..0000000 --- a/blog/dst/index.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - Index -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Index -- Luévano's Blog

- -

- Welcome to my blog where I'll post whatever I please, ranging from rants to how-to's. Además, este pex va a estar en español e inglés porque quiero (no una mezcla en cada entrada, pero sí entradas completas en diferentes lenguajes). -

- -

- Get the RSS feed: https://blog.luevano.xyz/rss.xml -

- - - - -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/rss.xml b/blog/dst/rss.xml deleted file mode 100644 index 463bd03..0000000 --- a/blog/dst/rss.xml +++ /dev/null @@ -1,2953 +0,0 @@ - - - - Luévano's Blog - https://blog.luevano.xyz - - A personal weblog ranging from rants to how to's and other thoughts. - en-us - Blog - Copyright 2021 David Luévano Alvarado - david@luevano.xyz (David Luévano Alvarado) - david@luevano.xyz (David Luévano Alvarado) - Fri, 10 Jun 2022 09:17:48 GMT - Fri, 10 Jun 2022 09:17:48 GMT - pyssg v0.7.2 - https://validator.w3.org/feed/docs/rss2.html - 30 - - https://static.luevano.xyz/images/blog.png - Luévano's Blog - https://blog.luevano.xyz - - - Creating my Go Godot Jam 3 entry using Godot 3.5 devlog 1 - https://blog.luevano.xyz/g/gogodot_jam3_devlog_1.html - https://blog.luevano.xyz/g/gogodot_jam3_devlog_1.html - Fri, 10 Jun 2022 09:17:05 GMT - English - Gamedev - Gamejam - Godot - Details on the implementation for the game I created for the Go Godot Jam 3, which theme is Evolution. - The jam’s theme is Evolution and all the details are listed here. This time I’m logging as I go, so there might be some changes to the script or scenes along the way I couldn’t actually do this, as I was running out of time.. Note that I’m not going to go into much details, the obvious will be ommitted.

-

I wanted to do a Snake clone, and I’m using this jam as an excuse to do it and add something to it. The features include:

-
    -
  • Snakes will pass their stats in some form to the next snakes.
  • -
  • Non-grid snake movement. I just hate the grid constraint, so I wanted to make it move in any direction.
  • -
  • Depending on the food you eat, you’ll gain new mutations/abilities and the more you eat the more that mutation develops. didn’t have time to add this feature, sad.
  • -
  • Procedural map creation.
  • -
-

I created this game using Godot 3.5-rc3. You can find the source code in my GitHub here which at the time of writing this it doesn’t contain any exported files, for that you can go ahead and play it in your browser at itch.io, which you can find below:

-

- -

You can also find the jam entry here.

-

Similarly with the my FlappyBird clone, I plan to update this to a better state.

-

Initial setup

-

Again, similar to the FlappyBird clone I developed, I’m using the directory structure I wrote about on Godot project structure with slight modifications to test things out. Also using similar Project settings as those from the FlappyBird clone like the pixel art texture imports, keybindings, layers, etc..

-

I’ve also setup GifMaker, with slight modifications as the AssetLib doesn’t install it correctly and contains unnecessry stuff: moved necessary files to the res://addons directory, deleted test scenes and files in general, and copied the license to the res://docs directory. Setting this up was a bit annoying because the tutorial it’s bad (with all due respect). I might do a separate entry just to explain how to set it up, because I couldn’t find it anywhere other than by inspecting some of the code/scenes.I ended up not leaving this enabled in the game as it lagged the game out, but it’s an option I’ll end up researching more.

-

This time I’m also going to be using an Event bus singleton (which I’m going to just call Event) as managing signals was pretty annoying on my last project; as well as a Global singleton for essential stuff so I don’t have to do as many cross references between nodes/scenes.

-

Assets

-

This time I’ll be creating my own assets in Aseprite, wont be that good, but enough to prototype and get things going.

-

Other than that I used few key sprites from vryell: Controller & Keyboard Icons and a font from datagoblin: Monogram.

-

The snake

-

This is the most challenging part in my opinion as making all the body parts follow the head in a user defined path it’s kinda hard. I tried with like 4-5 options and the one I’m detailing here is the only one that worked as I wanted for me. This time the directory structure I’m using is the following:

-
-FileSystem - Snake dir structure -
FileSystem - Snake dir structure
-
-

Basic movement

-

The most basic thing is to move the head, this is what we have control of. Create a scene called Head.tscn and setup the basic KinematicBody2D with it’s own Sprite and CollisionShape2D (I used a small circle for the tip of the head), and set the Collision Layer/Mask accordingly, for now just layer = bit 1. And all we need to do, is keep moving the snake forwards and be able to rotate left or right. Created a new script called head.gd attached to the root (KinematicBody2D) and added:

-
extends KinematicBody2D
-
-enum {
-    LEFT=-1,
-    RIGHT=1
-}
-
-var velocity: Vector2 = Vector2.ZERO
-var _direction: Vector2 = Vector2.UP
-
-
-func _physics_process(delta: float) -> void:
-    if Input.is_action_pressed("move_left"):
-        _rotate_to(LEFT)
-    if Input.is_action_pressed("move_right"):
-        _rotate_to(RIGHT)
-
-    velocity = _direction * Global.SNAKE_SPEED
-
-    velocity = move_and_slide(velocity)
-    _handle_time_elapsed(delta)
-
-
-func _rotate_to(direction: int) -> void:
-    rotate(deg2rad(direction * Global.SNAKE_ROT_SPEED * get_physics_process_delta_time()))
-    _direction = _direction.rotated(deg2rad(direction * Global.SNAKE_ROT_SPEED * get_physics_process_delta_time()))
-
-

After tunning all the necessary parameters you should get something like this:

-
-Snake - Basic movement (left and right controls) -
Snake - Basic movement (left and right controls)
-
-

Setting up path following

-

To move other snake parts by following the snake head the only solution I found was to use the Path2D and PathFollow2D nodes. Path2D basically just handles the curve/path that PathFollow2D will use to move its child node; and I say “child node” in singular… as PathFollow2D can only handle one damn child, all the other ones will have weird transformations and/or rotations. So, the next thing to do is to setup a way to compute (and draw so we can validate) the snake’s path/curve.

-

Added the signal snake_path_new_point(coordinates) to the Event singleton and then add the following to head.gd:

-
var _time_elapsed: float = 0.0
-
-# using a timer is not recommended for < 0.01
-func _handle_time_elapsed(delta: float) -> void:
-    if _time_elapsed >= Global.SNAKE_POSITION_UPDATE_INTERVAL:
-        Event.emit_signal("snake_path_new_point", global_position)
-        _time_elapsed = 0.0
-    _time_elapsed += delta
-
-

This will be pinging the current snake head position every 0.01 seconds (defined in Global). Now create a new scene called Snake.tscn which will contain a Node2D, a Path2D and an instance of Head as its childs. Create a new script called snake.gd attached to the root (Node2D) with the following content:

-
class_name Snake
-extends Node2D
-
-onready var path: Path2D = $Path
-
-func _ready():
-    Event.connect("snake_path_new_point", self, "_on_Head_snake_path_new_point")
-
-
-func _draw() -> void:
-    if path.curve.get_baked_points().size() >= 2:
-        draw_polyline(path.curve.get_baked_points(), Color.aquamarine, 1, true)
-
-
-func _on_Head_snake_path_new_point(coordinates: Vector2) -> void:
-    path.curve.add_point(coordinates)
-    # update call is to draw curve as there are new points to the path's curve
-    update()
-
-

With this, we’re now populating the Path2D curve points with the position of the snake head. You should be able to see it because of the _draw call. If you run it you should see something like this:

-
-Snake - Basic movement with path -
Snake - Basic movement with path
-
-

Define body parts for the snake

-

At this point the only thing to do is to add the corresponding next body parts and tail of the snake. To do so, we need a PathFollow2D to use the live-generating Path2D, the only caveat is that we need one of these per body part/tail (this took me hours to figure out, thanks documentation).

-

Create a new scene called Body.tscn with a PathFollow2D as its root and an Area2D as its child, then just add the necessary Sprite and CollisionShap2D for the Area2D, I’m using layer = bit 2 for its collision. Create a new script called generic_segment.gd with the following code:

-
extends PathFollow2D
-
-export(String, "body", "tail") var TYPE: String = "body"
-
-
-func _physics_process(delta: float) -> void:
-    offset += Global.SNAKE_SPEED * delta
-
-

And this can be attached to the Body‘s root node (PathFollow2D), no extra setup needed. Repeat the same steps for creating the Tail.tscn scene and when attaching the generic_segment.gd script just configure the Type parameter to tail in the GUI (by selecting the node with the script attached and editing in the Inspector).

-

Adding body parts

-

Now it’s just a matter of handling when to add new body parts in the snake.gd script. For now I’ve only setup for adding body parts to fulfill the initial length of the snake (this doesn’t include the head or tail). The extra code needed is the following:

-
export(PackedScene) var BODY_SEGMENT_NP: PackedScene
-export(PackedScene) var TAIL_SEGMENT_NP: PackedScene
-
-var current_body_segments: int = 0
-var max_body_segments: int = 1
-
-
-func _add_initial_segment(type: PackedScene) -> void:
-    if path.curve.get_baked_length() >= (current_body_segments + 1.0) * Global.SNAKE_SEGMENT_SIZE:
-        var _temp_body_segment: PathFollow2D = type.instance()
-        path.add_child(_temp_body_segment)
-        current_body_segments += 1
-
-
-func _on_Head_snake_path_new_point(coordinates: Vector2) -> void:
-    path.curve.add_point(coordinates)
-    # update call is to draw curve as there are new points to the path's curve
-    update()
-
-    # add the following lines
-    if current_body_segments < max_body_segments:
-        _add_initial_segment(BODY_SEGMENT_NP)
-    elif current_body_segments == max_body_segments:
-        _add_initial_segment(TAIL_SEGMENT_NP)
-
-

Select the Snake node and add the Body and Tail scene to the parameters, respectively. Then when running you should see something like this:

-
-Snake - Basic movement with all body parts -
Snake - Basic movement with all body parts
-
-

Now, we need to handle adding body parts after the snake is complete and already moved for a bit, this will require a queue so we can add part by part in the case that we eat multiple pieces of food in a short period of time. For this we need to add some signals: snake_adding_new_segment(type), snake_added_new_segment(type), snake_added_initial_segments and use them when makes sense. Now we need to add the following:

-
var body_segment_stack: Array
-var tail_segment: PathFollow2D
-# didn't konw how to name this, basically holds the current path lenght
-#   whenever the add body segment, and we use this stack to add body parts
-var body_segment_queue: Array
-
-

As well as updating _add_initial_segment with the following so it adds the new segment on the specific variable:

-
if _temp_body_segment.TYPE == "body":
-    body_segment_stack.append(_temp_body_segment)
-else:
-    tail_segment = _temp_body_segment
-
-

Now that it’s just a matter of creating the segment queue whenever a new segment is needed, as well as adding each segment in a loop whenever we have items in the queue and it’s a good distance to place the segment on. These two things can be achieved with the following code:

-
# this will be called in _physics_process
-func _add_new_segment() -> void:
-    var _path_length_threshold: float = body_segment_queue[0] + Global.SNAKE_SEGMENT_SIZE
-    if path.curve.get_baked_length() >= _path_length_threshold:
-        var _removed_from_queue: float = body_segment_queue.pop_front()
-        var _temp_body_segment: PathFollow2D = BODY_SEGMENT_NP.instance()
-        var _new_body_offset: float = body_segment_stack.back().offset - Global.SNAKE_SEGMENT_SIZE
-
-        _temp_body_segment.offset = _new_body_offset
-        body_segment_stack.append(_temp_body_segment)
-        path.add_child(_temp_body_segment)
-        tail_segment.offset = body_segment_stack.back().offset - Global.SNAKE_SEGMENT_SIZE
-
-        current_body_segments += 1
-
-
-func _add_segment_to_queue() -> void:
-    # need to have the queues in a fixed separation, else if the eating functionality
-    #   gets spammed, all next bodyparts will be spawned almost at the same spot
-    if body_segment_queue.size() == 0:
-        body_segment_queue.append(path.curve.get_baked_length())
-    else:
-        body_segment_queue.append(body_segment_queue.back() + Global.SNAKE_SEGMENT_SIZE)
-
-

With everything implemented and connected accordingly then we can add segments on demand (for testing I’m adding with a keystroke), it should look like this:

-
-Snake - Basic movement with dynamic addition of new segments -
Snake - Basic movement with dynamic addition of new segments
-
-

For now, this should be enough, I’ll add more stuff as needed as I go. Last thing is that after finished testing that the movement felt ok, I just added a way to stop the snake whenever it collides with itself by using the following code (and the signal snake_segment_body_entered(body)) in a main.gd script that is the entry point for the game:

-
func _snake_disabled(on_off: bool) -> void:
-    _snake.propagate_call("set_process", [on_off])
-    _snake.propagate_call("set_process_internal", [on_off])
-    _snake.propagate_call("set_physics_process", [on_off])
-    _snake.propagate_call("set_physics_process_internal", [on_off])
-    _snake.propagate_call("set_process_input", [on_off])
-
-

Which will stop the snake node and all children.

-

Fix on body segments following head

-

After a while of testing and developing, I noticed that sometimes the head “detaches” from the body when a lot of rotations happen (moving the snake left or right), because of how imprecise the Curve2D is. To do this I just send a signal (snake_rotated) whenever the snake rotates and make a small correction (in generic_segment.gd):

-
func _on_snake_rotated() -> void:
-    offset -= 0.75 * Global.SNAKE_SPEED * pow(get_physics_process_delta_time(), 2)
-
-

This is completely random, I tweaked it manually after a lot of iterations.

-

The food

-

For now I just decided to setup a simple system to see everything works fine. The idea is to make some kind of generic food node/scene and a “food manager” to spawn them, for now in totally random locations. For this I added the following signals: food_placing_new_food(type), food_placed_new_food(type) and food_eaten(type).

-

First thing is creating the Food.tscn which is just an Area2D with its necessary children with an attached script called food.gd. The script is really simple:

-
class_name Food # needed to access Type enum outside of the script, this registers this script as a node
-extends Area2D
-
-enum Type {
-    APPLE
-}
-
-var _type_texture: Dictionary = {
-    Type.APPLE: preload("res://entities/food/sprites/apple.png")
-}
-
-export(Type) var TYPE
-onready var _sprite: Sprite = $Sprite
-
-
-func _ready():
-    connect("body_entered", self, "_on_body_entered")
-    _sprite.texture = _type_texture[TYPE]
-
-
-func _on_body_entered(body: Node) -> void:
-    Event.emit_signal("food_eaten", TYPE)
-    queue_free()
-
-

Then this food_eaten signal is received in snake.gd to add a new segment to the queue.

-

Finally, for the food manager I just created a FoodManager.tscn with a Node2D with an attached script called food_manager.gd. To get a random position:

-
func _get_random_pos() -> Vector2:
-    var screen_size: Vector2 = get_viewport().get_visible_rect().size
-    var temp_x: float = randf() * screen_size.x - screen_size.x / 2.0
-    var temp_y: float = randf() * screen_size.y - screen_size.y / 2.0
-
-    return Vector2(temp_x, temp_y)
-
-

Which gets the job done, but later I’ll have to add a way to check that the position is valid. And to actually place the food:

-
func _place_new_food() -> void:
-    var food: Area2D = FOOD.instance()
-    var position: Vector2 = _get_random_pos()
-    food.global_position = position
-    add_child(food)
-
-

And this is used in _process to place new food whenever needed. For now I added a condition to add food until 10 pieces are in place, and keep adding whenever the food is is lower than 10. After setting everything up, this is the result:

-
-Snake - Food basic interaction -
Snake - Food basic interaction
-
-

Za warudo! (The world)

-

It just happend that I saw a video to create random maps by using a method called random walks, this video was made by NAD LABS: Nuclear Throne Like Map Generation In Godot. It’s a pretty simple but powerful script, he provided the source code from which I based my random walker, just tweaked a few things and added others. Some of the maps than can be generated with this method (already aded some random sprites):

-
-World map generator - Random map 1 -
World map generator - Random map 1
-
-
-World map generator - Random map 2 -
World map generator - Random map 2
-
-
-World map generator - Random map 3 -
World map generator - Random map 3
-
-

It started with just black and white tiles, but I ended up adding some sprites as it was really harsh to the eyes. My implementation is basically the same as NAD LABS‘ with few changes, most importantly: I separated the generation in 2 diferent tilemaps (floor and wall) to have better control as well as wrapped everything in a single scene with a “main” script with the following important functions:

-
func get_valid_map_coords() -> Array:
-    var safe_area: Array = walker_head.get_cells_around()
-    var cells_used: Array = ground_tilemap.get_used_cells()
-    for location in safe_area:
-        cells_used.erase(location)
-    return cells_used
-
-
-func get_centered_world_position(location: Vector2) -> Vector2:
-    return ground_tilemap.map_to_world(location) + Vector2.ONE * Global.TILE_SIZE / 2.0
-
-

Where get_cells_around is just a function that gets the safe cells around the origin. And this get_valid_map_coords just returns used cells minus the safe cells, to place food. get_centered_world_position is so we can center the food in the tiles.

-

Some signals I used for the world gen: world_gen_walker_started(id), world_gen_walker_finished(id), world_gen_walker_died(id) and world_gen_spawn_walker_unit(location).

-

Food placement

-

The last food algorithm doesn’t check anything related to the world, and thus the food could spawn in the walls and outside the map.

-

First thing is I generalized the food into a single script and added basic food and special food which inherit from base food. The most important stuff for the base food is to be able to set all necessary properties at first:

-
func update_texture() -> void:
-    _sprite.texture = texture[properties["type"]]
-
-
-func set_properties(pos: Vector2, loc: Vector2, special: bool, type: int, points: int=1, special_points: int=1, ttl: float = -1.0) -> void:
-    properties["global_position"] = pos
-    global_position = pos
-    properties["location"] = loc
-    properties["special"] = special
-    properties["type"] = type
-
-    properties["points"] = points
-    properties["special_points"] = special_points
-    properties["ttl"] = ttl
-    if properties["ttl"] != -1.0:
-        timer.wait_time = properties["ttl"]
-        timer.start()
-
-

Where the update_texture needs to be a separate function, because we need to create the food first, set properties, add as a child and then update the sprite; we also need to keep track of the global position, location (in tilemap coordinates) and identifiers for the type of food.

-

Then basic/special food just extend base food, define a Type enum and preloads the necessary textures, for example:

-
enum Type {
-    APPLE,
-    BANANA,
-    RAT
-}
-
-
-func _ready():
-    texture[Type.APPLE] = preload("res://entities/food/sprites/apple.png")
-    texture[Type.BANANA] = preload("res://entities/food/sprites/banana.png")
-    texture[Type.RAT] = preload("res://entities/food/sprites/rat.png")
-
-

Now, some of the most important change to food_manager.gd is to get an actual random valid position:

-
func _get_random_pos() -> Array:
-    var found_valid_loc: bool = false
-    var index: int
-    var location: Vector2
-
-    while not found_valid_loc:
-        index = randi() % possible_food_locations.size()
-        location = possible_food_locations[index]
-        if current_basic_food.find(location) == -1 and current_special_food.find(location) == -1:
-            found_valid_loc = true
-
-    return [world_generator.get_centered_world_position(location), location]
-
-

Other than that, there are some differences between placing normal and special food (specially the signal they send, and if an extra “special points” property is set). Some of the signals that I used that might be important: food_placing_new_food(type), food_placed_new_food(type, location) and food_eaten(type, location).

-

Stats clas and loading/saving data

-

I got the idea of saving the current stats (points, max body segments, etc.) in a separate Stats class for easier load/save data. This option I went with didn’t work as I would liked it to work, as it was a pain in the ass to setup and each time a new property is added you have to manually setup the load/save helper functions… so not the best option. This option I used was json but saving a Node directly could work better or using resources (saving tres files).

-

Stats class

-

The Stats “class” is just a script that extends from Node called stats.gd. It needs to define the class_name as Stats. The main content:

-
# main
-var points: int = 0
-var segments: int = 0
-
-# track of trait points
-var dash_points: int = 0
-var slow_points: int = 0
-var jump_points: int = 0
-
-# times trait achieved
-var dash_segments: int = 0
-var slow_segments: int = 0
-var jump_segments: int = 0
-
-# trait properties
-var dash_percentage: float = 0.0
-var slow_percentage: float = 0.0
-var jump_lenght: float = 0.0
-
-# trait active
-var trait_dash: bool = false
-var trait_slow: bool = false
-var trait_jump: bool = false
-
-

And with the ugliest functions:

-
func get_stats() -> Dictionary:
-    return {
-        "points": points,
-        "segments": segments,
-        "dash_points": dash_points,
-        "dash_segments": dash_segments,
-        "dash_percentage": dash_percentage,
-        "slow_points": slow_points,
-        "slow_segments": slow_segments,
-        "slow_percentage": slow_percentage,
-        "jump_points": jump_points,
-        "jump_segments": jump_segments,
-        "jump_lenght": jump_lenght,
-        "trait_dash": trait_dash,
-        "trait_slow": trait_slow,
-        "trait_jump": trait_jump
-    }
-
-
-func set_stats(stats: Dictionary) -> void:
-        points = stats["points"]
-        segments = stats["segments"]
-        dash_points = stats["dash_points"]
-        slow_points = stats["slow_points"]
-        jump_points = stats["jump_points"]
-        dash_segments = stats["dash_segments"]
-        slow_segments = stats["slow_segments"]
-        jump_segments = stats["jump_segments"]
-        dash_percentage = stats["dash_percentage"]
-        slow_percentage = stats["slow_percentage"]
-        jump_lenght = stats["jump_lenght"]
-        trait_dash = stats["trait_dash"]
-        trait_slow = stats["trait_slow"]
-        trait_jump = stats["trait_jump"]
-
-

And this is not scalable at all, but I had to do this at the end of the jam so no way of optimizing and/or doing it correctly, sadly.

-

Load/save data

-

The load/save function is pretty standard. It’s a singleton/autoload called SavedData with a script that extends from Node called save_data.gd:

-
const DATA_PATH: String = "user://data.save"
-
-var _stats: Stats
-
-
-func _ready() -> void:
-    _load_data()
-
-
-# called when setting "stats" and thus saving
-func save_data(stats: Stats) -> void:
-    _stats = stats
-    var file: File = File.new()
-    file.open(DATA_PATH, File.WRITE)
-    file.store_line(to_json(_stats.get_stats()))
-    file.close()
-
-
-func get_stats() -> Stats:
-    return _stats
-
-
-func _load_data() -> void:
-    # create an empty file if not present to avoid error while loading settings
-    _handle_new_file()
-
-    var file = File.new()
-    file.open(DATA_PATH, File.READ)
-    _stats = Stats.new()
-    _stats.set_stats(parse_json(file.get_line()))
-    file.close()
-
-
-func _handle_new_file() -> void:
-    var file: File = File.new()
-    if not file.file_exists(DATA_PATH):
-        file.open(DATA_PATH, File.WRITE)
-        _stats = Stats.new()
-        file.store_line(to_json(_stats.get_stats()))
-        file.close()
-
-

It uses json as the file format, but I might end up changing this in the future to something else more reliable and easier to use (Stats class related issues).

-

Scoring

-

For this I created a scoring mechanisms and just called it ScoreManager (score_manager.gd) which just basically listens to food_eaten signal and adds points accordingly to the current Stats object loaded. The main function is:

-
func _on_food_eaten(properties: Dictionary) -> void:
-    var is_special: bool = properties["special"]
-    var type: int = properties["type"]
-    var points: int = properties["points"]
-    var special_points: int = properties["special_points"]
-    var location: Vector2 = properties["global_position"]
-    var amount_to_grow: int
-    var special_amount_to_grow: int
-
-    amount_to_grow = _process_points(points)
-    _spawn_added_score_text(points, location)
-    _spawn_added_segment_text(amount_to_grow)
-
-    if is_special:
-        special_amount_to_grow = _process_special_points(special_points, type)
-        # _spawn_added_score_text(points, location)
-        _spawn_added_special_segment_text(special_amount_to_grow, type)
-        _check_if_unlocked(type)
-
-

Where the most important function is:

-
func _process_points(points: int) -> int:
-    var score_to_grow: int = (stats.segments + 1) * Global.POINTS_TO_GROW - stats.points
-    var amount_to_grow: int = 0
-    var growth_progress: int
-    stats.points += points
-    if points >= score_to_grow:
-        amount_to_grow += 1
-        points -= score_to_grow
-        # maybe be careful with this
-        amount_to_grow += points / Global.POINTS_TO_GROW
-        stats.segments += amount_to_grow
-        Event.emit_signal("snake_add_new_segment", amount_to_grow)
-
-    growth_progress = Global.POINTS_TO_GROW - ((stats.segments + 1) * Global.POINTS_TO_GROW - stats.points)
-    Event.emit_signal("snake_growth_progress", growth_progress)
-    return amount_to_grow
-
-

Which will add the necessary points to Stats.points and return the amount of new snake segments to grow. After this _spawn_added_score_segment and _spawn_added_segment_text just spawn a Label with the info on the points/segments gained; this is custom UI I created, nothing fancy.

-

Last thing is taht in _process_points there is a check at the end, where if the food eaten is “special” then a custom variation of the last 3 functions are executed. These are really similar, just specific to each kind of food.

-

This ScoreManager also handles the calculation for the game_over signal, to calculte progress, set necessary Stats values and save the data:

-
func _on_game_over() -> void:
-    var max_stats: Stats = _get_max_stats()
-    SaveData.save_data(max_stats)
-    Event.emit_signal("display_stats", initial_stats, stats, mutation_stats)
-
-
-func _get_max_stats() -> Stats:
-    var old_stats_dict: Dictionary = initial_stats.get_stats()
-    var new_stats_dict: Dictionary = stats.get_stats()
-    var max_stats: Stats = Stats.new()
-    var max_stats_dict: Dictionary = max_stats.get_stats()
-    var bool_stats: Array = [
-        "trait_dash",
-        "trait_slow",
-        "trait_jump"
-    ]
-
-    for i in old_stats_dict:
-        if bool_stats.has(i):
-            max_stats_dict[i] = old_stats_dict[i] or new_stats_dict[i]
-        else:
-            max_stats_dict[i] = max(old_stats_dict[i], new_stats_dict[i])
-    max_stats.set_stats(max_stats_dict)
-    return max_stats
-
-

Then this sends a signal display_stats to activate UI elements that shows the progression.

-

Naturally, the saved Stats are loaded whenever needed. For example, for the Snake, we load the stats and setup any value needed from there (like a flag to know if any ability is enabled), and since we’re saving the new Stats at the end, then on restart we load the updated one.

-

Snake redesigned with the state machine pattern

-

I redesigned the snake code (the head, actually) to use the state machine pattern by following this guide which is definitely a great guide, straight to the point and easy to implement.

-

Other than what is shown in the guide, I implemented some important functions in the state_machine.gd script itself, to be used by each of the states as needed:

-
func rotate_on_input() -> void:
-    if Input.is_action_pressed("move_left"):
-        player.rotate_to(player.LEFT)
-    if Input.is_action_pressed("move_right"):
-        player.rotate_to(player.RIGHT)
-
-
-func slow_down_on_collisions(speed_backup: float):
-    if player.get_last_slide_collision():
-        Global.SNAKE_SPEED = player.velocity.length()
-    else:
-        Global.SNAKE_SPEED = speed_backup
-
-
-func handle_slow_speeds() -> void:
-    if Global.SNAKE_SPEED <= Global.SNAKE_SPEED_BACKUP / 4.0:
-        Global.SNAKE_SPEED = Global.SNAKE_SPEED_BACKUP
-        Event.emit_signal("game_over")
-
-

And then in the StateMachine‘s _process:

-
func _physics_process(delta: float) -> void:
-    # state specific code, move_and_slide is called here
-    if state.has_method("physics_process"):
-        state.physics_process(delta)
-
-    handle_slow_speeds()
-    player.handle_time_elapsed(delta)
-
-

And now it’s just a matter of implementing the necessary states. I used 4: normal_stage.gd, slow_state.gd, dash_state.gd and jump_state.gd.

-

The normal_state.gd contains what the original head.gd code contained:

-
func physics_process(delta: float) -> void:
-    fsm.rotate_on_input()
-    fsm.player.velocity = fsm.player.direction * Global.SNAKE_SPEED
-    fsm.player.velocity = fsm.player.move_and_slide(fsm.player.velocity)
-
-    fsm.slow_down_on_collisions(Global.SNAKE_SPEED_BACKUP)
-
-
-func input(event: InputEvent) -> void:
-    if fsm.player.can_dash and event.is_action_pressed("dash"):
-        exit("DashState")
-    if fsm.player.can_slow and event.is_action_pressed("slow"):
-        exit("SlowState")
-    if fsm.player.can_jump and event.is_action_pressed("jump"):
-        exit("JumpState")
-
-

Here, the exit method is basically to change to the next state. And lastly, I’m only gonna show the dash_state.gd as the other ones are pretty similar:

-
func enter():
-    if fsm.DEBUG:
-        print("Got inside %s." % name)
-    Event.emit_signal("snake_started_dash")
-    Global.SNAKE_SPEED = Global.SNAKE_DASH_SPEED
-    yield(get_tree().create_timer(Global.SNAKE_DASH_TIME), "timeout")
-    exit()
-
-
-func exit():
-    Event.emit_signal("snake_finished_dash")
-    Global.SNAKE_SPEED = Global.SNAKE_SPEED_BACKUP
-    fsm.back()
-
-
-func physics_process(delta: float) -> void:
-    fsm.rotate_on_input()
-    fsm.player.velocity = fsm.player.direction * Global.SNAKE_SPEED
-    fsm.player.velocity = fsm.player.move_and_slide(fsm.player.velocity)
-
-    fsm.slow_down_on_collisions(Global.SNAKE_DASH_SPEED)
-
-

Where the important parts happen in the enter and exit functions. We need to change the Global.SNAKE_SPEED with the Global.SNAKE_DASH_SPEED on startand start the timer for how long should the dash last. And on the exit we reset the Global.SNAKE_SPEED back to normal. There is probably a better way of updating the Global.SNAKE_SPEED but this works just fine.

-

For the other ones is the same. Only difference with the jump_state.gd is that the collision from head to body is disabled, and no rotation is allowed (by not calling the rotate_on_input function).

-

Other minor stuff

-

Not as important but worth mentioning:

-
    -
  • Added restartability function.
  • -
  • Added signals for game control: game_over and game_start, but ended not using them.
  • -
  • Fixed issue where the Curve2D stayed the same even when restarting by just setting an empty curve on starting the node.
  • -
  • Added a debug mode for drawing of the Curve2D instead of always drawing.
  • -
  • Tweaked the tracking of the snake size.
  • -
  • Tweaked the food system to contain more attributes and use a base food node.
  • -
  • Added a HUD with mini snake sprites.
  • -
  • Added a HUD for growth progress on snake body segments and abilities.
  • -
  • Refactored the nodes to make it work with change_scene_to, and added a main menu.
  • -
  • Added GUI for dead screen, showing the progress.
  • -
-

Final notes

-

I actually didn’t finish this game (as how I visualized it), but I got it in a playable state which is good. My big learning during this jam is the time management that it requires to plan and design a game. I lost a lot of time trying to implement some mechanics because I was facing many issues, because of my lack of practice (which was expected) as well as trying to blog and create the necessary sprites myself. Next time I should just get an asset pack and do something with it, as well as keeping the scope of my game shorter.

-

For exporting and everything else, I went with what I did for my FlappyBird Godot clone

]]>
-
- - Creating a FlappyBird clone in Godot 3.5 devlog 1 - https://blog.luevano.xyz/g/flappybird_godot_devlog_1.html - https://blog.luevano.xyz/g/flappybird_godot_devlog_1.html - Sun, 29 May 2022 03:38:43 GMT - English - Gamedev - Godot - Since I'm starting to get more into gamedev stuff, I'll start blogging about it just to keep consistent. This shows as "devlog 1" just in case I want to include more parts for extra stuff. - I just have a bit of experience with Godot and with gamedev in general, so I started with this game as it is pretty straight forward. On a high level the main characteristics of the game are:

-
    -
  • Literally just one sprite going up and down.
  • -
  • Constant horizontal move of the world/player.
  • -
  • If you go through the gap in the pipes you score a point.
  • -
  • If you touch the pipes, the ground or go past the “ceiling” you lose.
  • -
-

The game was originally developed with Godot 4.0 alpha 8, but it didn’t support HTML5 (webassembly) export… so I backported to Godot 3.5 rc1.

-

Not going to specify all the details, only the needed parts and what could be confusing, as the source code is available and can be inspected; also this assumes minimal knowledge of Godot in general. Usually when I mention that a set/change of something it usually it’s a property and it can be found under the Inspector on the relevant node, unless stated otherwise; also, all scripts attached have the same name as the scenes, but in snake_case (scenes/nodes in PascalCase).

-

One thing to note, is that I started writing this when I finished the game, so it’s hard to go part by part, and it will be hard to test individual parts when going through this as everything is depending on each other. For the next devlog, I’ll do it as I go and it will include all the changes to the nodes/scripts as I was finding them, probably better idea and easier to follow.

-

The source code can be found in my GitHub here, it also contains the exported versions for HTML5, Windows and Linux (be aware that the sound might be too high and I’m too lazy to make it configurable, it was the last thing I added), or you could also go to the itch.io page I setup where it’s playable in the browser:

-

- -

Initial project setup

-

Directory structure

-

I’m basically going with what I wrote on Godot project structure recently, and probably with minor changes depending on the situation.

-

Config

-

Default import settings

-

Since this is just pixel art, the importing settings for textures needs to be adjusted so the sprites don’t look blurry. Go to Project -> Project settings… -> Import defaults and on the drop down select Texture, untick everything and make sure Compress/Mode is set to Lossless.

-
-Project settings - Import defaults - Texture settings -
Project settings - Import defaults - Texture settings
-
-

General settings

-

It’s also a good idea to setup some config variables project-wide. To do so, go to Project -> Project settings… -> General, select Application/config and add a new property (there is a text box at the top of the project settings window) for game scale: application/config/game_scale for the type use float and then click on add; configure the new property to 3.0; On the same window, also add application/config/version as a string, and make it 1.0.0 (or whatever number you want).

-
-Project settings - General - Game scale and version properties -
Project settings - General - Game scale and version properties
-
-

For my personal preferences, also disable some of the GDScript debug warnings that are annoying, this is done at Project -> Project settings… -> General, select Debug/GDScript and toggle off “Unused arguments”, “Unused signal” and “Return value discarded”, and any other that might come up too often and don’t want to see.

-
-Project settings - General - GDScript debug warnings -
Project settings - General - GDScript debug warnings
-
-

Finally, set the initial window size in Project -> Project settings… -> General, select Display/Window and set Size/Width and Size/Height to 600 and 800, respectively. As well as the Stretch/Mode to “viewport”, and Stretch/Aspect to “keep”:

-
-Project settings - General - Initial window size -
Project settings - General - Initial window size
-
-

Keybindings

-

I only used 3 actions (keybindings): jump, restart and toggle_debug (optional). To add custom keybindings (so that the Input.something() API can be used), go to Project -> Project settings… -> Input Map and on the text box write “jump” and click add, then it will be added to the list and it’s just a matter of clicking the + sign to add a “Physical key”, press any key you want to be used to jump and click ok. Do the same for the rest of the actions.

-
-Project settings - Input Map - Adding necessary keybindings -
Project settings - Input Map - Adding necessary keybindings
-
-

Layers

-

Finally, rename the physics layers so we don’t lose track of which layer is which. Go to Project -> Layer Names -> 2d Physics and change the first 5 layer names to (in order): “player”, “ground”, “pipe”, “ceiling” and “score”.

-
-Project settings - Layer Names - 2D Physics -
Project settings - Layer Names - 2D Physics
-
-

Assets

-

For the assets I found out about a pack that contains just what I need: flappy-bird-assets by MegaCrash; I just did some minor modifications on the naming of the files. For the font I used Silver, and for the sound the resources from FlappyBird-N64 (which seems to be taken from 101soundboards.com which the orignal copyright holder is .Gears anyways).

-

Importing

-

Create the necessary directories to hold the respective assets and it’s just a matter of dragging and dropping, I used directories: res://entities/actors/player/sprites/, res://fonts/, res://levels/world/background/sprites/, res://levels/world/ground/sprites/, res://levels/world/pipe/sprites/, res://sfx/. For the player sprites, the “FileSystem” window looks like this (entities/actor directories are really not necessary):

-
-FileSystem - Player sprite imports -
FileSystem - Player sprite imports
-
-

It should look similar for other directories, except maybe for the file extensions. For example, for the sfx:

-
-FileSystem - SFX imports -
FileSystem - SFX imports
-
-

Scenes

-

Now it’s time to actually create the game, by creating the basic scenes that will make up the game. The hardest part and the most confusing is going to be the TileMaps, so that goes first.

-

TileMaps

-

I’m using a scene called “WorldTiles” with a Node2D node as root called the same. With 2 different TileMap nodes as children named “GroundTileMap” and “PipeTileMap” (these are their own scene); yes 2 different TileMaps because we need 2 different physics colliders (In Godot 4.0 you can have a single TileMap with different physics colliders in it). Each node has its own script. It should look something like this:

-
-Scene - WorldTiles (TileMaps) -
Scene - WorldTiles (TileMaps)
-
-

I used the following directory structure:

-
-Scene - WorldTiles - Directory structure -
Scene - WorldTiles - Directory structure
-
-

To configure the GroundTileMap, select the node and click on “(empty)” on the TileMap/Tile set property and then click on “New TileSet”, then click where the “(empty)” used to be, a new window should open on the bottom:

-
-TileSet - Configuration window -
TileSet - Configuration window
-
-

Click on the plus on the bottom left and you can now select the specific tile set to use. Now click on the yellow “+ New Single Tile”, activate the grid and select any of the tiles. Should look like this:

-
-TileSet - New single tile -
TileSet - New single tile
-
-

We need to do this because for some reason we can’t change the snap options before selecting a tile. After selecting a random tile, set up the Snap Options/Step (in the Inspector) and set it to 16x16 (or if using a different tile set, to it’s tile size):

-
-TileSet - Tile - Step snap options -
TileSet - Tile - Step snap options
-
-

Now you can select the actual single tile. Once selected click on “Collision”, use the rectangle tool and draw the rectangle corresponding to that tile’s collision:

-
-TileSet - Tile - Selection and collision -
TileSet - Tile - Selection and collision
-
-

Do the same for the other 3 tiles. If you select the TileMap itself again, it should look like this on the right (on default layout it’s on the left of the Inspector):

-
-TileSet - Available tiles -
TileSet - Available tiles
-
-

The ordering is important only for the “underground tile”, which is the filler ground, it should be at the end (index 3); if this is not the case, repeat the process (it’s possible to rearrange them but it’s hard to explain as it’s pretty weird).

-

At this point the tilemap doesn’t have any physics and the cell size is wrong. Select the “GroundTileMap”, set the TileMap/Cell/Size to 16x16, the TileMap/Collision/Layer set to bit 2 only (ground layer) and disable any TileMap/Collision/Mask bits. Should look something like this:

-
-TileMap - Cell size and collision configuration -
TileMap - Cell size and collision configuration
-
-

Now it’s just a matter of repeating the same for the pipes (“PipeTileMap”), only difference is that when selecting the tiles you need to select 2 tiles, as the pipe is 2 tiles wide, or just set the Snap Options/Step to 32x16, for example, just keep the cell size to 16x16.

-

Default ground tiles

-

I added few default ground tiles to the scene, just for testing purposes but I left them there. These could be place programatically, but I was too lazy to change things. On the “WorldTiles” scene, while selecting the “GroundTileMap”, you can select the tiles you want to paint with, and left click in the grid to paint with the selected tile. Need to place tiles from (-8, 7) to (10, 7) as well as the tile below with the filler ground (the tile position/coordinates show at the bottom left, refer to the image below):

-
-Scene - WorldTiles - Default ground tiles -
Scene - WorldTiles - Default ground tiles
-
-

Player

-

On a new scene called “Player” with a KinematicBody2D node named “Player” as the root of the scene, then for the children: AnimatedSprite as “Sprite”, CollisionShape2D as “Collision” (with a circle shape) and 3 AudioStreamPlayers for “JumpSound”, “DeadSound” and “HitSound”. Not sure if it’s a good practice to have the audio here, since I did that at the end, pretty lazy. Then, attach a script to the “Player” node and then it should look like this:

-
-Scene - Player - Node setup -
Scene - Player - Node setup
-
-

Select the “Player” node and set the CollisionShape2D/Collision/Layer to 1 and the CollisionObject2D/Collision/Mask to 2 and 3 (ground and pipe).

-

For the “Sprite” node, when selecting it click on the “(empty)” for the AnimatedSprite/Frames property and click “New SpriteFrames”, click again where the “(empty)” used to be and ane window should open on the bottom:

-
-Scene - Player - SpriteFrames window -
Scene - Player - SpriteFrames window
-
-

Right off the bat, set the “Speed” to 10 FPS (bottom left) and rename “default” to “bird_1”. With the “bird_1” selected, click on the “Add frames from a Sprite Sheet”, which is the second button under “Animation Frames:” which looks has an icon of a small grid (next to the folder icon), a new window will popup where you need to select the respective sprite sheet to use and configure it for importing. On the “Select Frames” window, change the “Vertical” to 1, and then select all 4 frames (Ctrl + Scroll wheel to zoom in):

-
-Scene - Player - Sprite sheet importer -
Scene - Player - Sprite sheet importer
-
-

After that, the SpriteFrames window should look like this:

-
-Scene - Player - SpriteFrames window with sprite sheet configured -
Scene - Player - SpriteFrames window with sprite sheet configured
-
-

Finally, make sure the “Sprite” node has the AnimatedSprite/Animation is set to “bird_1” and that the “Collision” node is configured correctly for its size and position (I just have it as a radius of 7). As well as dropping the SFX files into the corresponding AudioStreamPlayer (into the AudioStreamPlayer/Stream property).

-

Other

-

These are really simple scenes that don’t require much setup:

-
    -
  • “CeilingDetector”: just an Area2D node with a CollisionShape2D in the form of a rectangle (CollisionShape2D/Shape/extents to (120, 10)), stretched horizontally so it fits the whole screen. CollisionObject2D/Collision/Layer set to bit 4 (ceiling) and CollisionObject2D/Collision/Mask set to bit 1 (player).
  • -
  • “ScoreDetector”: similar to the “CeilingDetector”, but vertical (CollisionShape2D/Shape/extents to (2.5, 128)) and CollisionObject2D/Collision/Layer set to bit 1 (player).
  • -
  • “WorldDetector”: Node2D with a script attached, and 3 RayCast2D as children:
      -
    • “NewTile”: Raycast2D/Enabled to true (checked), Raycast2D/Cast To (0, 400), Raycast2D/Collision Mask to bit 2 (ground) and Node2D/Transform/Position to (152, -200)
    • -
    • “OldTile”: same as “NewTile”, except for the Node2D/Transform/Position, set it to (-152, -200).
    • -
    • “OldPipe”: same as “OldTile”, except for the Raycast2D/Collision Mask, set it to bit 3 (pipe).
    • -
    -
  • -
-

Game

-

This is the actual “Game” scene that holds all the playable stuff, here we will drop in all the previous scenes; the root node is a Node2D and also has an attached script. Also need to add 2 additional AudioStreamPlayers for the “start” and “score” sounds, as well as a Sprite for the background (Sprite/Offset/Offset set to (0, 10)) and a Camera2D (Camera2D/Current set to true (checked)). It should look something like this:

-
-Scene - Game - Node setup -
Scene - Game - Node setup
-
-

The scene viewport should look something like the following:

-
-Scene - Game - Viewport -
Scene - Game - Viewport
-
-

UI

-

Fonts

-

We need some font “Resources” to style the Label fonts. Under the FileSystem window, right click on the fonts directory (create one if needed) and click on “New Resource…” and select DynamicFontData, save it in the “fonts” directory as “SilverDynamicFontData.tres” (“Silver” as it is the font I’m using) then double click the just created resource and set the DynamicFontData/Font Path to the actual “Silver.ttf” font (or whatever you want).

-

Then create a new resource and this time select DynamicFont, name it “SilverDynamicFont.tres”, then double click to edit and add the “SilverDynamicFontData.tres” to the DynamicFont/Font/Font Data property (and I personally toggled off the DynamicFont/Font/Antialiased property), now just set the DynamicFont/Settings/(Size, Outline Size, Outline Color) to 32, 1 and black, respectively (or any other values you want). It should look something like this:

-
-Resource - DynamicFont - Default font -
Resource - DynamicFont - Default font
-
-

Do the same for another DynamicFont which will be used for the score label, named “SilverScoreDynamicFont.tres”. Only changes are Dynamic/Settings/(Size, Outline Size) which are set to 128 and 2, respectively. The final files for the fonts should look something like this:

-
-Resource - Dynamicfont - Directory structure -
Resource - Dynamicfont - Directory structure
-
-

Scene setup

-

This has a bunch of nested nodes, so I’ll try to be concise here. The root node is a CanvasLayer named “UI” with its own script attached, and for the children:

-
    -
  • “MarginContainer”: MarginContainer with Control/Margin/(Left, Top) set to 10 and Control/Margin/(Right, Bottom) set to -10.
      -
    • “InfoContainer”: VBoxContainer with Control/Theme Overrides/Constants/Separation set to 250.
        -
      • “ScoreContainer”: VBoxContainer.
          -
        • “Score”: Label with Label/Align set to “Center”, Control/Theme Overrides/Fonts/Font to the “SilverScoreDynamicFont.tres”, if needed adjust the DynamicFont settings.
        • -
        • “HighScore: same as “Score”, escept for the Control/Theme Overrides/Fonts/Font which is set to “SilverDynamicFont.tres”.
        • -
        -
      • -
      • “StartGame”: Same as “HighScore”.
      • -
      -
    • -
    • “DebugContainer”: VBoxContainer.
        -
      • “FPS”: Label.
      • -
      -
    • -
    • “VersionContainer”: VBoxContainer with BoxContainer/Alignment set to “Begin”.
        -
      • “Version”: Label with Label/Align set to “Right”.
      • -
      -
    • -
    -
  • -
-

The scene ends up looking like this:

-
-Scene - UI - Node setup -
Scene - UI - Node setup
-
-

Main

-

This is the final scene where we connect the Game and the UI. It’s made of a Node2D with it’s own script attached and an instance of “Game” and “UI” as it’s children.

-

This is a good time to set the default scene when we run the game by going to Project -> Project settings… -> General and in Application/Run set the Main Scene to the “Main.tscn” scene.

-

Scripting

-

I’m going to keep this scripting part to the most basic code blocks, as it’s too much code, for a complete view you can head to the source code.

-

As of now, the game itself doesn’t do anything if we hit play. The first thing to do so we have something going on is to do the minimal player scripting.

-

Player

-

The most basic code needed so the bird goes up and down is to just detect “jump” key presses and add a negative jump velocity so it goes up (y coordinate is reversed in godot…), we also check the velocity sign of the y coordinate to decide if the animation is playing or not.

-
class_name Player
-extends KinematicBody2D
-
-export(float, 1.0, 1000.0, 1.0) var JUMP_VELOCITY: float = 380.0
-
-onready var sprite: AnimatedSprite = $Sprite
-
-var gravity: float = 10 * ProjectSettings.get_setting("physics/2d/default_gravity")
-var velocity: Vector2 = Vector2.ZERO
-
-
-func _physics_process(delta: float) -> void:
-    velocity.y += gravity * delta
-
-    if Input.is_action_just_pressed("jump"):
-        velocity.y = -JUMP_VELOCITY
-
-    if velocity.y < 0.0:
-        sprite.play()
-    else:
-        sprite.stop()
-
-    velocity = move_and_slide(velocity)
-
-

You can play it now and you should be able to jump up and down, and the bird should stop on the ground (although you can keep jumping). One thing to notice is that when doing sprite.stop() it stays on the last frame, we can fix that using the code below (and then change sprite.stop() for _stop_sprite()):

-
func _stop_sprite() -> void:
-    if sprite.playing:
-        sprite.stop()
-    if sprite.frame != 0:
-        sprite.frame = 0
-
-

Where we just check that the last frame has to be the frame 0.

-

Now just a matter of adding other needed code for moving horizontally, add sound by getting a reference to the AudioStreamPlayers and doing sound.play() when needed, as well as handling death scenarios by adding a signal died at the beginning of the script and handle any type of death scenario using the below function:

-
func _emit_player_died() -> void:
-    # bit 2 corresponds to pipe (starts from 0)
-    set_collision_mask_bit(2, false)
-    dead = true
-    SPEED = 0.0
-    emit_signal("died")
-    # play the sounds after, because yield will take a bit of time,
-    # this way the camera stops when the player "dies"
-    velocity.y = -DEATH_JUMP_VELOCITY
-    velocity = move_and_slide(velocity)
-    hit_sound.play()
-    yield(hit_sound, "finished")
-    dead_sound.play()
-
-

Finally need to add the actual checks for when the player dies (like collision with ground or pipe) as well as a function that listens to a signal for when the player goes to the ceiling.

-

WorldDetector

-

The code is pretty simple, we just need a way of detecting if we ran out of ground and send a signal, as well as sending as signal when we start detecting ground/pipes behind us (to remove it) because the world is being generated as we move. The most basic functions needed are:

-
func _was_colliding(detector: RayCast2D, flag: bool, signal_name: String) -> bool:
-    if detector.is_colliding():
-        return true
-    if flag:
-        emit_signal(signal_name)
-        return false
-    return true
-
-
-func _now_colliding(detector: RayCast2D, flag: bool, signal_name: String) -> bool:
-    if detector.is_colliding():
-        if not flag:
-            emit_signal(signal_name)
-            return true
-    return false
-
-

We need to keep track of 3 “flags”: ground_was_colliding, ground_now_colliding and pipe_now_colliding (and their respective signals), which are going to be used to do the checks inside _physics_process. For example for checking for new ground: ground_now_colliding = _now_colliding(old_ground, ground_now_colliding, "ground_started_colliding").

-

WorldTiles

-

This script is what handles the “GroundTileMap” as well as the “PipeTileMap” and just basically functions as a “Signal bus” connecting a bunch of signals from the “WorldDetector” with the TileMaps and just tracking how many pipes have been placed:

-
export(int, 2, 20, 2) var PIPE_SEP: int = 6
-var tiles_since_last_pipe: int = PIPE_SEP - 1
-
-
-func _on_WorldDetector_ground_stopped_colliding() -> void:
-    emit_signal("place_ground")
-
-    tiles_since_last_pipe += 1
-    if tiles_since_last_pipe == PIPE_SEP:
-        emit_signal("place_pipe")
-        tiles_since_last_pipe = 0
-
-
-func _on_WorldDetector_ground_started_colliding() -> void:
-    emit_signal("remove_ground")
-
-
-func _on_WorldDetector_pipe_started_colliding() -> void:
-    emit_signal("remove_pipe")
-
-

GroundTileMap

-

This is the node that actually places the ground tiles upong receiving a signal. In general, what you want is to keep track of the newest tile that you need to place (empty spot) as well as the last tile that is in the tilemap (technically the first one if you count from left to right). I was experimenting with enums so I used them to define the possible Ground tiles:

-
enum Ground {
-    TILE_1,
-    TILE_2,
-    TILE_3,
-    TILE_DOWN_1,
-}
-
-

This way you can just select the tile by doing Ground.TILE_1, which will correspond to the int value of 0. So most of the code is just:

-
# old_tile is the actual first tile, whereas the new_tile_position
-#   is the the next empty tile; these also correspond to the top tile
-const _ground_level: int = 7
-const _initial_old_tile_x: int = -8
-const _initial_new_tile_x: int = 11
-var old_tile_position: Vector2 = Vector2(_initial_old_tile_x, _ground_level)
-var new_tile_position: Vector2 = Vector2(_initial_new_tile_x, _ground_level)
-
-
-func _place_new_ground() -> void:
-    set_cellv(new_tile_position, _get_random_ground())
-    set_cellv(new_tile_position + Vector2.DOWN, Ground.TILE_DOWN_1)
-    new_tile_position += Vector2.RIGHT
-
-
-func _remove_first_ground() -> void:
-    set_cellv(old_tile_position, -1)
-    set_cellv(old_tile_position + Vector2.DOWN, -1)
-    old_tile_position += Vector2.RIGHT
-
-

Where you might notice that the _initial_new_tile_x is 11, instead of 10, refer to Default ground tiles where we placed tiles from -8 to 10, so the next empty one is 11. These _place_new_ground and _remove_first_ground functions are called upon receiving the signal.

-

PipeTileMap

-

This is really similar to the “GroundTileMap” code, instead of defining an enum for the ground tiles, we define it for the pipe patterns (because each pipe is composed of multiple pipe tiles). If your pipe tile set looks like this (notice the index):

-
-PipeTileMap - Tile set indexes -
PipeTileMap - Tile set indexes
-
-

Then you can use the following “pipe patterns”:

-
var pipe: Dictionary = {
-    PipePattern.PIPE_1: [0, 1, 2, 2, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2],
-    PipePattern.PIPE_2: [0, 1, 2, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2],
-    PipePattern.PIPE_3: [0, 1, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2],
-    PipePattern.PIPE_4: [0, 1, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2],
-    PipePattern.PIPE_5: [0, 1, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2, 2],
-    PipePattern.PIPE_6: [0, 1, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2, 2, 2]
-}
-
-

Now, the pipe system requires a bit more of tracking as we need to instantiate a “ScoreDetector” here, too. I ended up keeping track of the placed pipes/detectors by using a “pipe stack” (and “detector stack”) which is just an array of placed objects from which I pop the first when deleting them:

-
onready var _pipe_sep: int = get_parent().PIPE_SEP
-const _pipe_size: int = 16
-const _ground_level: int = 7
-const _pipe_level_y: int = _ground_level - 1
-const _initial_new_pipe_x: int = 11
-var new_pipe_starting_position: Vector2 = Vector2(_initial_new_pipe_x, _pipe_level_y)
-var pipe_stack: Array
-
-# don't specify type for game, as it results in cyclic dependency,
-# as stated here: https://godotengine.org/qa/39973/cyclic-dependency-error-between-actor-and-actor-controller
-onready var game = get_parent().get_parent()
-var detector_scene: PackedScene = preload("res://levels/detectors/score_detector/ScoreDetector.tscn")
-var detector_offset: Vector2 = Vector2(16.0, -(_pipe_size / 2.0) * 16.0)
-var detector_stack: Array
-
-

The detector_offset is just me being picky. For placing a new pipe, we get the starting position (bottom pipe tile) and build upwards, then instantiate a new “ScoreDetector” (detector_scene) and set it’s position to the pipe starting position plus the offset, so it’s centered in the pipe, then just need to connect the “body_entered” signal from the detector with the game, so we keep track of the scoring. Finally just add the placed pipe and detector to their corresponding stacks:

-
func _place_new_pipe() -> void:
-    var current_pipe: Vector2 = new_pipe_starting_position
-    for tile in pipe[_get_random_pipe()]:
-        set_cellv(current_pipe, tile)
-        current_pipe += Vector2.UP
-
-    var detector: Area2D = detector_scene.instance()
-    detector.position = map_to_world(new_pipe_starting_position) + detector_offset
-    detector.connect("body_entered", game, "_on_ScoreDetector_body_entered")
-    detector_stack.append(detector)
-    add_child(detector)
-
-    pipe_stack.append(new_pipe_starting_position)
-    new_pipe_starting_position += _pipe_sep * Vector2.RIGHT
-
-

For removing pipes, it’s really similar but instead of getting the position from the next tile, we pop the first element from the (pipe/detector) stack and work with that. To remove the cells we just set the index to -1:

-
func _remove_old_pipe() -> void:
-    var current_pipe: Vector2 = pipe_stack.pop_front()
-    var c: int = 0
-    while c < _pipe_size:
-        set_cellv(current_pipe, -1)
-        current_pipe += Vector2.UP
-        c += 1
-
-    var detector: Area2D = detector_stack.pop_front()
-    remove_child(detector)
-    detector.queue_free()
-
-

These functions are called when receiving the signal to place/remove pipes.

-

Saved data

-

Before proceeding, we require a way to save/load data (for the high scores). We’re going to use the ConfigFile node that uses a custom version of the “ini” file format. Need to define where to save the data:

-
const DATA_PATH: String = "user://data.cfg"
-const SCORE_SECTION: String = "score"
-var _data: ConfigFile
-
-

Note that user:// is a OS specific path in which the data can be stored on a per user basis, for more: File paths. Then, a way to load the save file:

-
func _load_data() -> void:
-    # create an empty file if not present to avoid error while loading settings
-    var file: File = File.new()
-    if not file.file_exists(DATA_PATH):
-        file.open(DATA_PATH, file.WRITE)
-        file.close()
-
-    _data = ConfigFile.new()
-    var err: int = _data.load(DATA_PATH)
-    if err != OK:
-        print("[ERROR] Cannot load data.")
-
-

A way to save the data:

-
func save_data() -> void:
-    var err: int = _data.save(DATA_PATH)
-    if err != OK:
-        print("[ERROR] Cannot save data.")
-
-

And of course, a way to get and set the high score:

-
func set_new_high_score(high_score: int) -> void:
-    _data.set_value(SCORE_SECTION, "high_score", high_score)
-
-
-func get_high_score() -> int:
-    return _data.get_value(SCORE_SECTION, "high_score")
-
-

Then, whenever this script is loaded we load the data and if it’s a new file, then add the default high score of 0:

-
func _ready() -> void:
-    _load_data()
-
-    if not _data.has_section(SCORE_SECTION):
-        set_new_high_score(0)
-        save_data()
-
-

Now, this script in particular will need to be a Singleton (AutoLoad), which means that there will be only one instance and will be available across all scripts. To do so, go to Project -> Project settings… -> AutoLoad and select this script in the “Path:” and add a “Node Name:” (I used “SavedData”, if you use something else, be careful while following this devlog) which will be the name we’ll use to access the singleton. Toggle on “Enable” if needed, it should look like this:

-
-Project settings - AutoLoad - SavedData singleton -
Project settings - AutoLoad - SavedData singleton
-
-

Game

-

The game script it’s also like a “Signal bus” in the sense that it connects all its childs’ signals together, and also has the job of starting/stopping the _process and _physics_process methods from the childs as needed. First, we need to define the signals and and references to all child nodes:

-
signal game_started
-signal game_over
-signal new_score(score, high_score)
-
-onready var player: Player = $Player
-onready var background: Sprite= $Background
-onready var world_tiles: WorldTiles = $WorldTiles
-onready var ceiling_detector: Area2D = $CeilingDetector
-onready var world_detector: Node2D = $WorldDetector
-onready var camera: Camera2D = $Camera
-onready var start_sound: AudioStreamPlayer = $StartSound
-onready var score_sound: AudioStreamPlayer = $ScoreSound
-
-

It’s important to get the actual “player speed”, as we’re using a scale to make the game look bigger (remember, pixel art), to do so we need a reference to the “game_scale” we setup at the beginning and compute the player_speed:

-
var _game_scale: float = ProjectSettings.get_setting("application/config/game_scale")
-var player_speed: float
-
-
-func _ready() -> void:
-    scale = Vector2(_game_scale, _game_scale)
-    # so we move at the actual speed of the player
-    player_speed = player.SPEED / _game_scale
-
-

This player_speed will be needed as we need to move all the nodes (“Background”, “Camera”, etc.) in the x axis as the player is moving. This is done in the _physics_process:

-
func _physics_process(delta: float) -> void:
-    ceiling_detector.move_local_x(player_speed * delta)
-    world_detector.move_local_x(player_speed * delta)
-    background.move_local_x(player_speed * delta)
-    camera.move_local_x(player_speed * delta)
-
-

We also need a way to start and stop the processing of all the nodes:

-
func _set_processing_to(on_off: bool, include_player: bool = true) -> void:
-    set_process(on_off)
-    set_physics_process(on_off)
-    if include_player:
-        player.set_process(on_off)
-        player.set_physics_process(on_off)
-    world_tiles.set_process(on_off)
-    world_tiles.set_physics_process(on_off)
-    ceiling_detector.set_process(on_off)
-    ceiling_detector.set_physics_process(on_off)
-
-

Where the player is a special case, as when the player dies, it should still move (only down), else it would just freeze in place. In _ready we connect all the necessary signals as well as initially set the processing to false using the last function. To start/restart the game we need to keep a flag called is_game_running initially set to false and then handle the (re)startability in _input:

-
func _input(event: InputEvent) -> void:
-    if not is_game_running and event.is_action_pressed("jump"):
-        _set_processing_to(true)
-        is_game_running = true
-        emit_signal("game_started")
-        start_sound.play()
-
-    if event.is_action_pressed("restart"):
-        get_tree().reload_current_scene()
-
-

Then we handle two specific signals:

-
func _on_Player_died() -> void:
-    _set_processing_to(false, false)
-    emit_signal("game_over")
-
-
-func _on_ScoreDetector_body_entered(body: Node2D) -> void:
-    score += 1
-    if score > high_score:
-        high_score = score
-        SavedData.set_new_high_score(high_score)
-        SavedData.save_data()
-    emit_signal("new_score", score, high_score)
-    score_sound.play()
-
-

When the player dies, we set all processing to false, except for the player itself (so it can drop all the way to the ground). Also, when receiving a “scoring” signal, we manage the current score, as well as saving the new high score when applicable, note that we need to read the high_score at the beginning by calling SavedData.get_high_score(). This signal we emit will be received by the UI so it updates accordingly.

-

UI

-

First thing is to get a reference to all the child Labels, an initial reference to the high score as well as the version defined in the project settings:

-
onready var fps_label: Label = $MarginContainer/DebugContainer/FPS
-onready var version_label: Label = $MarginContainer/VersionContainer/Version
-onready var score_label: Label = $MarginContainer/InfoContainer/ScoreContainer/Score
-onready var high_score_label: Label = $MarginContainer/InfoContainer/ScoreContainer/HighScore
-onready var start_game_label: Label = $MarginContainer/InfoContainer/StartGame
-
-onready var _initial_high_score: int = SavedData.get_high_score()
-
-var _version: String = ProjectSettings.get_setting("application/config/version")
-
-

Then set the initial Label values as well as making the fps_label invisible:

-
func _ready() -> void:
-    fps_label.visible = false
-    version_label.set_text("v%s" % _version)
-    high_score_label.set_text("High score: %s" % _initial_high_score)
-
-

Now we need to handle the fps_label update and toggle:

-
func _input(event: InputEvent) -> void:
-    if event.is_action_pressed("toggle_debug"):
-        fps_label.visible = !fps_label.visible
-
-
-func _process(delta: float) -> void:
-    if fps_label.visible:
-        fps_label.set_text("FPS: %d" % Performance.get_monitor(Performance.TIME_FPS))
-
-

Finally the signal receiver handlers which are straight forward:

-
func _on_Game_game_started() -> void:
-    start_game_label.visible = false
-    high_score_label.visible = false
-
-
-func _on_Game_game_over() -> void:
-    start_game_label.set_text("Press R to restart")
-    start_game_label.visible = true
-    high_score_label.visible = true
-
-
-func _on_Game_new_score(score: int, high_score: int) -> void:
-    score_label.set_text(String(score))
-    high_score_label.set_text("High score: %s" % high_score)
-
-

Main

-

This is the shortest script, it just connects the signals between the “Game” and the “UI”:

-
onready var game: Game = $Game
-onready var ui: UI = $UI
-
-var _game_over: bool = false
-
-
-func _ready() -> void:
-    game.connect("game_started", ui, "_on_Game_game_started")
-    game.connect("game_over", ui, "_on_Game_game_over")
-    game.connect("new_score", ui, "_on_Game_new_score")
-
-

Final notes and exporting

-

At this point the game should be fully playable (if any detail missing feel free to look into the source code linked at the beginning). Only thing missing is an icon for the game; I did one pretty quicly with the assets I had.

-

Preparing the files

-

If you followed the directory structure I used, then only thing needed is to transform the icon to a native Windows ico format (if exporting to Windows, else ignore this part). For this you need ImageMagick or some other program that can transform png (or whatever file format you used for the icon) to ico. I used [Chocolatey][https://chocolatey.org/] to install imagemagick, then to convert the icon itself used: magick convert icon.png -define icon:auto-resize=256,128,64,48,32,16 icon.ico as detailed in Godot‘s Changing application icon for Windows.

-

Exporting

-

You need to download the templates for exporting as detailed in Godot‘s Exporting projects. Basically you go to Editor -> Manage Export Templates… and download the latest one specific to your Godot version by clicking on “Download and Install”.

-

If exporting for Windows then you also need to download rcedit from here. Just place it wherever you want (I put it next to the Godot executable).

-

Then go to Project -> Export… and the Window should be empty, add a new template by clicking on “Add…” at the top and then select the template you want. I used HTML5, Windows Desktop and Linux/X11. Really the only thing you need to set is the “Export Path” for each template, which is te location of where the executable will be written to, and in the case of the Windows Desktop template you could also setup stuff like “Company Name”, “Product Name”, “File/Product Version”, etc..

-

Once the templates are setup, select any and click on “Export Project” at the bottom, and make sure to untoggle “Export With Debug” in the window that pops up, this checkbox should be at the bottom of the new window.

]]>
-
- - General Godot project structure - https://blog.luevano.xyz/g/godot_project_structure.html - https://blog.luevano.xyz/g/godot_project_structure.html - Sun, 22 May 2022 01:16:10 GMT - English - Gamedev - Short - Details on the project structure I'm using for Godot, based on preference and some research I did. - One of my first issues when starting a project is how to structure everything. So I had to spend some time researching best practices and go with what I like the most and after trying some of them I wanted to write down somewhere what I’m sticking with.

-

The first place to look for is, of course, the official Godot documentation on Project organization; along with project structure discussion, also comes with best practices for code style and what-not. I don’t like this project/directory structure that much, just because it tells you to bundle everything under the same directory but it’s a really good starting point, for example it tells you to use:

-
    -
  • /models/town/house/
      -
    • house.dae
    • -
    • window.png
    • -
    • door.png
    • -
    -
  • -
-

Where I would prefer to have more modularity, for example:

-
    -
  • /levels/structures/town/house (or /levels/town/structures/house)
      -
    • window/
        -
      • window.x
      • -
      • window.y
      • -
      • window.z
      • -
      -
    • -
    • door/
        -
      • -
      -
    • -
    • house.x
    • -
    • house.y
    • -
    • house.z
    • -
    -
  • -
-

It might look like it’s more work, but I prefer it like this. I wish this site was still available, as I got most of my ideas from there and was a pretty good resource, but apparently the owner is not maintaining his site anymore; but there is this excelent comment on reddit which shows a project/directory structure more in line with what I’m currently using (and similr to the site that is down that I liked). I ended up with:

-
    -
  • /.git
  • -
  • /assets (raw assets/editable assets/asset packs)
  • -
  • /releases (executables ready to publish)
  • -
  • /src (the actual godot project)
      -
    • .godot/
    • -
    • actors/ (or entities)
        -
      • player/
          -
        • sprites/
        • -
        • player.x
        • -
        • -
        -
      • -
      • enemy/ (this could be a dir with subdirectories for each type of enemy for example…)
          -
        • sprites/
        • -
        • enemy.x
        • -
        • -
        -
      • -
      • actor.x
      • -
      • -
      -
    • -
    • levels/ (or scenes)
        -
      • common/
          -
        • sprites/
        • -
        • -
        -
      • -
      • main/
          -
        • -
        -
      • -
      • overworld/
          -
        • -
        -
      • -
      • dugeon/
          -
        • -
        -
      • -
      • Game.tscn (I’m considering the “Game” as a level/scene)
      • -
      • game.gd
      • -
      -
    • -
    • objects/
        -
      • box/
          -
        • -
        -
      • -
      • -
      -
    • -
    • screens/
        -
      • main_menu/
          -
        • -
        -
      • -
      • -
      -
    • -
    • globals/ (singletons/autoloads)
    • -
    • ui/
        -
      • menus/
          -
        • -
        -
      • -
      • -
      -
    • -
    • sfx/
        -
      • -
      -
    • -
    • vfx/
        -
      • -
      -
    • -
    • etc/
        -
      • -
      -
    • -
    • Main.tscn (the entry point of the game)
    • -
    • main.gd
    • -
    • icon.png (could also be on a separate “icons” directory)
    • -
    • project.godot
    • -
    • -
    -
  • -
  • \<any other repository related files>
  • -
-

And so on, I hope the idea is clear. I’ll probably change my mind on the long run, but for now this has been working fine.

]]>
-
- - Will start blogging about gamedev - https://blog.luevano.xyz/g/starting_gamedev_blogging.html - https://blog.luevano.xyz/g/starting_gamedev_blogging.html - Tue, 17 May 2022 05:19:54 GMT - English - Gamedev - Short - Update - Since I'm starting to get more into gamedev stuff, I'll start blogging about it just to keep consistent. - I’ve been wanting to get into gamedev for a while now, but it’s always a pain to stay consistent. I just recently started to get into gamedev again, and this time I’m trying to actually do stuff.

-

So, the plan is to blog about my progress and clone some simple games just to get started. I’m thinking on sticking with Godot just because I like that it’s open source, it’s getting better and better overtime (big rewrite happening right now) and I already like how the engine works. Specifically I’ll start using Godot 4 even though it’s not done yet, to get used to the new features, specifically pumped for GDScript 2.0. Actually… (for the small clones/ripoffs) I’ll need to use Godot 3.X (probably 3.5), as Godot 4 doesn’t have support to export to webassembly (HTML5) yet, and I want that to publish to itch.io and my website. I’ll continue to use Godot 4 for bigger projects, as they will take longer and I hope that by the time I need to publish, there’s no issues to export.

-

For a moment I almost started a new subdomain just for gamedev stuff, but decided to just use a different directory for subtleness; this directory and use of tags should be enough. I’ll be posting the entry about the first rip-off I’m developing (FlappyBird L O L) shortly.

]]>
-
- - My setup for a password manager and MFA authenticator - https://blog.luevano.xyz/a/password_manager_authenticator_setup.html - https://blog.luevano.xyz/a/password_manager_authenticator_setup.html - Sun, 15 May 2022 22:40:34 GMT - English - Short - Tools - A short description on my personal setup regarding a password manager and alternatives to G\*\*gl\* authenticator. - Disclaimer: I won’t go into many technical details here of how to install/configure/use the software, this is just supposed to be a short description on my setup.

-

It’s been a while since I started using a password manager at all, and I’m happy that I started with KeePassXC (open source, multiplatform password manager that it’s completely offline) as a direct recommendation from lm; before this I was using the same password for everything (like a lot of people), which is a well know privacy issue as noted in detail by Leo (I don’t personally recommed LastPass as Leo does). Note that you will still need a master password to lock/unlock your password database (you can additionally use a hardware key and a key file).

-

Anyways, setting up keepass is pretty simple, as there is a client for almost any device; note that keepass is basically just the format and the base for all of the clients, as its common with pretty much any open source software. In my case I’m using KeePassXC in my computer and KeePassDX in my phone (Android). The only concern is keeping everything in sync because keepass doesn’t have any automatic method of synchronizing between devices because of security reasons (as far as I know), meaning that you have to manage that yourself.

-

Usually you can use something like G**gl* drive, dropbox, mega, nextcloud, or any other cloud solution that you like to sync your keepass database between devices; I personally prefer to use Syncthing as it’s open source, it’s really easy to setup and has worked wonders for me since I started using it, also it keeps versions of your files that can serve as backups in any scenario where the database gets corrupted or something.

-

Finally, when I went through the issue with the micro SD and the adoptable storage bullshit (you can find the rant here, in spanish) I had to also migrate from G**gl* authenticator (gauth) to something else for the simple reason that gauth doesn’t even let you do backups, nor it’s synched with your account… nothing, it is just standalone and if you ever lose your phone you’re fucked; so I decided to go with Aegis authenticator, as it is open source, you have control over all your secret keys, you can do backups directly to the filesystem, you can secure your database with an extra password, etc., etc.. In general aegis is the superior MFA authenticator (at least compared with gauth) and everything that’s compatible with gauth is compatible with aegis as the format is a standard (as a matter of fact, keepass also has this MFA feature which is called TOPT and is also compatible, but I prefer to have things separate). I also use syncthing to keep a backup of my aegis database.

-

TL;DR:

-
    -
  • Syncthing to sync files between devices (for the password databases).
  • -
  • KeePassXC for the password manager in my computer.
  • -
  • KeePassDX for the password manager in my phone.
  • -
  • Aegis authenticator for the universal MFA authenticator.
  • -
]]>
-
- - Los devs de Android/MIUI me trozaron - https://blog.luevano.xyz/a/devs_android_me_trozaron.html - https://blog.luevano.xyz/a/devs_android_me_trozaron.html - Sun, 15 May 2022 09:51:04 GMT - Rant - Spanish - Update - Perdí un día completo resolviendo un problema muy estúpido, por culpa de los devs de Android/MIUI. - Llevo dos semanas posponiendo esta entrada porque andaba bien enojado (todavía, pero ya se anda pasando) y me daba zzz. Pero bueno, antes que nada este pex ocupa un poco de contexto sobre dos cositas:

-
    -
  • Tachiyomi: Una aplicación de android que uso para descargar y leer manga. Lo importante aquí es que por default se guardan los mangas con cada página siendo una sola imagen, por lo que al mover el manga de un lado a otro tarda mucho tiempo.
  • -
  • Adoptable storage: Un feature de android que básicamente te deja usar una micro SD (mSD) externa como si fuera interna, encriptando y dejando la mSD inutilizable en cualquier otro dispositivo. La memoria interna se pierde o algo por el estilo (bajo mi experiencia), por lo que parece es bastante útil cuando la capacidad de la memoria interna es baja.
  • -
-

Ahora sí vamonos por partes, primero que nada lo que sucedió fue que ordené una mSD con más capacidad que la que ya tenía (64 GB -> 512 GB, poggies), porque últimamente he estado bajando y leyendo mucho manga entonces me estaba quedando sin espacio. Ésta llegó el día de mi cumpleaños lo cuál estuvo chingón, me puse a hacer backup de la mSD que ya tenía y preparando todo, muy bonito, muy bonito.

-

Empecé a tener problemas, porque al estar moviendo tanto archivo pequeño (porque recordemos que el tachiyomi trata a cada página como una sola imagen), la conexión entre el celular y mi computadora se estaba corte y corte por alguna razón; en general muchos pedos. Por lo que mejor le saqué la nueva mSD y la metí directo a mi computadora por medio de un adaptador para batallar menos y que fuera más rápido.

-

Hacer este pedo de mover archivos directamente en la mSD puede llevar a corromper la memoria, no se los detalles pero pasa (o quizá estoy meco e hice algo mal). Por lo que al terminar de mover todo a la nueva mSD y ponerla en el celular, éste se emputó que porque no la detectaba y que quería tirar un formateo a la mSD. A este punto no me importaba mucho, sólo era questión de volvera mover archivos y ser más cuidadoso; “no issues from my end” diría en mis standups.

-

Todo valió vergota porque en cierto punto al elegir sí formatear la mSD mi celular me daba la opción de “usar la micro SD para el celular” o “usar la micro SD como memoria portátil” (o algo entre esas líneas), y yo, estúpidamente, elegí la primera, porque me daba sentido: “no, pues simón, voy a usar esta memoria para este celular”.

-

Pues mamé, resulta que esa primera opción lo que realmente quería decir es que se iba a usar la micro SD como interna usando el pex este de adoptable storage. Entonces básicamente perdí mi capacidad de memoria interna (128 GB aprox.), y toda la mSD nueva se usó como memoria interna. Todo se juntó, si intentaba sacar la mSD todo se iba a la mierda y no podía usar muchas aplicaciones. “No hay pedo”, pensé, “nada más es cuestión de desactivar esta mamada de adoptable storage”.

-

Ni madres dijeron los devs de Android, este pedo nada más es un one-way: puedes activar adoptable storage pero para desactivarlo ocupas, a huevo, formatear tu celular a estado de fábrica. Chingué a mi madre, comí mierda, perdí.

-

Pues eso fue lo que hice, ni modo. Hice backup de todo lo que se me ocurrió (también me di cuenta que G**gl* authenticator es cagada ya que no te deja hacer backup, entre otras cosas, mejor usen Aegis authenticator), desactivé todo lo que se tenía que desactivar y tocó hacer factory reset, ni modo. Pero como siempre las cosas salen mal y tocó comer mierda del banco porque me bloquearon la tarjeta, perdí credenciales necesarias para el trabajo (se resolvió rápido), etc., etc.. Ya no importa, ya casi todo está resuelto, sólo queda ir al banco a resolver lo de la tarjeta bloqueada (esto es para otro rant, pinches apps de bancos piteras, ocupan hacer una sola cosa y la hacen mal).

-

Al final del día, la causa del problema fueron los malditos mangas (por andar queriendo backupearlos), que terminé bajando de nuevo manualmente y resultó mejor porque aparentemente tachiyomi agregó la opción de “zippear” los mangas en formato CBZ, por lo que ya son más fácil de mover de un lado para otro, el fono no se queda pendejo, etc., etc..

-

Por último, quiero decir que los devs de Android son unos pendejos por no hacer reversible la opción de adoptable storage, y los de MIUI son todavía más por no dar detalles de lo que significan sus opciones de formateo, especialmente si una opción es tan chingadora que para revertirla necesitas formatear a estado de fábrica tu celular; más que nada es culpa de los de MIUI, todavía que ponen un chingo de A(i)DS en todas sus apps, no pueden poner una buena descripción en sus opciones. REEEE.

]]>
-
- - Volviendo a usar la página - https://blog.luevano.xyz/a/volviendo_a_usar_la_pagina.html - https://blog.luevano.xyz/a/volviendo_a_usar_la_pagina.html - Thu, 28 Apr 2022 03:21:02 GMT - Short - Spanish - Update - Actualización en el estado de la página, después de mucho tiempo de ausencia. - Después de mucho tiempo de estar luchando con querer volver a usar este pex (maldita d word y demás), ya me volví a acomodar el setup para agregar nuevas entradas.

-

Entre las cosas que tuve que hacer fue actualizar el pyssg porque no lo podía usar de una como estaba; y de pasado le agregue una que otra feature nueva. Luego quiero agregarle más funcionalidad para poder buildear la página completa; por ahora se hace en segmentos: todo lo de luevano.xyz está hecho manual, mientras que blog y art usan pyssg.

-

Otra cosa es que quizá me devuelva a editar alguans entradas nada más para homogeneizar las entradas específicas a Create a… (tiene más sentido que sean Setup x… o algo similar).

-

En otras noticias, estoy muy agusto en el jale que tengo actualmente aunque lleve alrededor de 3 semanas de un infierno por problemas debidos a varias razones (del jale). Debo pensar en si debo omitir cosas personales o del trabajo aquí, ya que quién sabe quién se pueda llegar a topar con esto *thinking emoji*.

]]>
-
- - Create a VPN server with OpenVPN (IPv4) - https://blog.luevano.xyz/a/vpn_server_with_openvpn.html - https://blog.luevano.xyz/a/vpn_server_with_openvpn.html - Sun, 01 Aug 2021 09:27:02 GMT - English - Server - Tools - Tutorial - How to create a VPN server using OpenVPN on a server running Nginx. Only for IPv4. - I’ve been wanting to do this entry, but had no time to do it since I also have to set up the VPN service as well to make sure what I’m writing makes sense, today is the day.

-

Like with any other of my entries I based my setup on the Arch Wiki, this install script and this profile generator script.

-

This will be installed and working alongside the other stuff I’ve wrote about on other posts (see the server tag). All commands here are executes as root unless specified otherwise. Also, this is intended only for IPv4 (it’s not that hard to include IPv6, but meh).

-

Prerequisites

-

Pretty simple:

-
    -
  • Working server with root access, and with Ufw as the firewall.
  • -
  • Depending on what port you want to run the VPN on, the default 1194, or as a fallback on 443 (click here for more). I will do mine on port 1194 but it’s just a matter of changing 2 lines of configuration and one Ufw rule.
  • -
-

Create PKI from scratch

-

PKI stands for Public Key Infrastructure and basically it’s required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request.

-

This is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about. In a nutshell, I’m no expert.

-

… but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I’m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).

-

This is done with Easy-RSA.

-

Install the easy-rsa package:

-
pacman -S easy-rsa
-
-

Initialize the PKI and generate the CA keypair:

-
cd /etc/easy-rsa
-easyrsa init-pki
-easyrsa build-ca nopass
-
-

Create the server certificate and private key (while in the same directory):

-
EASYRSA_CERT_EXPIRE=3650 easyrsa build-server-full server nopass
-
-

Where server is just a name to identify your server certificate keypair, I just use server but could be anything (like luevano.xyz in my case).

-

Create the client revocation list AKA CRL (will be used later, but might as well have it now):

-
EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
-
-

After this we should have 6 new files:

-
/etc/easy-rsa/pki/ca.crt
-/etc/easy-rsa/pki/private/ca.key
-/etc/easy-rsa/pki/issued/server.crt
-/etc/easy-rsa/pki/reqs/server.req
-/etc/easy-rsa/pki/private/server.key
-/etc/easy-rsa/pki/crl.pem
-
-

It is recommended to copy some of these files over to the openvpn directory, but I prefer to keep them here and just change some of the permissions:

-
chmod o+rx pki
-chmod o+rx pki/ca.crt
-chmod o+rx pki/issued
-chmod o+rx pki/issued/server.crt
-chmod o+rx pki/private
-chmod o+rx pki/private/server.key
-chown nobody:nobody pki/crl.pem
-chmod o+r pki/crl.pem
-
-

Now, go to the openvpn directory and create the required files there:

-
cd /etc/openvpn/server
-openssl dhparam -out dh.pem 2048
-openvpn --genkey secret ta.key
-
-

That’s it for the PKI stuff and general certificate configuration.

-

OpenVPN

-

OpenVPN is a robust and highly flexible VPN daemon, that’s pretty complete feature wise.

-

Install the openvpn package:

-
pacman -S openvpn
-
-

Now, most of the stuff is going to be handled by (each, if you have more than one) server configuration. This might be the hardest thing to configure, but I’ve used a basic configuration file that worked a lot to me, which is a compilation of stuff that I found on the internet while configuring the file a while back.

-
# Server ip addres (ipv4).
-local 1.2.3.4 # your server public ip
-
-# Port.
-port 1194 # Might want to change it to 443
-
-# TCP or UDP.
-;proto tcp
-proto udp # If ip changes to 443, you should change this to tcp, too
-
-# "dev tun" will create a routed IP tunnel,
-# "dev tap" will create an ethernet tunnel.
-;dev tap
-dev tun
-
-# Server specific certificates and more.
-ca /etc/easy-rsa/pki/ca.crt
-cert /etc/easy-rsa/pki/issued/server.crt
-key /etc/easy-rsa/pki/private/server.key  # This file should be kept secret.
-dh /etc/openvpn/server/dh.pem
-auth SHA512
-tls-crypt /etc/openvpn/server/ta.key 0 # This file is secret.
-crl-verify /etc/easy-rsa/pki/crl.pem
-
-# Network topology.
-topology subnet
-
-# Configure server mode and supply a VPN subnet
-# for OpenVPN to draw client addresses from.
-server 10.8.0.0 255.255.255.0
-
-# Maintain a record of client <-> virtual IP address
-# associations in this file.
-ifconfig-pool-persist ipp.txt
-
-# Push routes to the client to allow it
-# to reach other private subnets behind
-# the server.
-;push "route 192.168.10.0 255.255.255.0"
-;push "route 192.168.20.0 255.255.255.0"
-
-# If enabled, this directive will configure
-# all clients to redirect their default
-# network gateway through the VPN, causing
-# all IP traffic such as web browsing and
-# and DNS lookups to go through the VPN
-push "redirect-gateway def1 bypass-dhcp"
-
-# Certain Windows-specific network settings
-# can be pushed to clients, such as DNS
-# or WINS server addresses.
-# Google DNS.
-;push "dhcp-option DNS 8.8.8.8"
-;push "dhcp-option DNS 8.8.4.4"
-
-# The keepalive directive causes ping-like
-# messages to be sent back and forth over
-# the link so that each side knows when
-# the other side has gone down.
-keepalive 10 120
-
-# The maximum number of concurrently connected
-# clients we want to allow.
-max-clients 5
-
-# It's a good idea to reduce the OpenVPN
-# daemon's privileges after initialization.
-user nobody
-group nobody
-
-# The persist options will try to avoid
-# accessing certain resources on restart
-# that may no longer be accessible because
-# of the privilege downgrade.
-persist-key
-persist-tun
-
-# Output a short status file showing
-# current connections, truncated
-# and rewritten every minute.
-status openvpn-status.log
-
-# Set the appropriate level of log
-# file verbosity.
-#
-# 0 is silent, except for fatal errors
-# 4 is reasonable for general usage
-# 5 and 6 can help to debug connection problems
-# 9 is extremely verbose
-verb 3
-
-# Notify the client that when the server restarts so it
-# can automatically reconnect.
-# Only usable with udp.
-explicit-exit-notify 1
-
-

# and ; are comments. Read each and every line, you might want to change some stuff (like the logging), specially the first line which is your server public IP.

-

Now, we need to enable packet forwarding (so we can access the web while connected to the VPN), which can be enabled on the interface level or globally (you can check the different options with sysctl -a | grep forward). I’ll do it globally, run:

-
sysctl net.ipv4.ip_forward=1
-
-

And create/edit the file /etc/sysctl.d/30-ipforward.conf:

-
net.ipv4.ip_forward=1
-
-

Now we need to configure ufw to forward traffic through the VPN. Append the following to /etc/default/ufw (or edit the existing line):

-
...
-DEFAULT_FORWARD_POLICY="ACCEPT"
-...
-
-

And change the /etc/ufw/before.rules, appending the following lines after the header but before the *filter line:

-
...
-# NAT (Network Address Translation) table rules
-*nat
-:POSTROUTING ACCEPT [0:0]
-
-# Allow traffic from clients to the interface
--A POSTROUTING -s 10.8.0.0/24 -o interface -j MASQUERADE
-
-# do not delete the "COMMIT" line or the NAT table rules above will not be processed
-COMMIT
-
-# Don't delete these required lines, otherwise there will be errors
-*filter
-...
-
-

Where interface must be changed depending on your system (in my case it’s ens3, another common one is eth0); I always check this by running ip addr which gives you a list of interfaces (the one containing your server public IP is the one you want, or whatever interface your server uses to connect to the internet):

-
...
-2: ens3: <SOMETHING,SOMETHING> bla bla
-    link/ether bla:bla
-    altname enp0s3
-    inet my.public.ip.addr bla bla
-...
-
-

And also make sure the 10.8.0.0/24 matches the subnet mask specified in the server.conf file (in this example it matches). You should check this very carefully, because I just spent a good 2 hours debugging why my configuration wasn’t working, and this was te reason (I could connect to the VPN, but had no external connection to the web).

-

Finally, allow the OpenVPN port you specified (in this example its 1194/udp) and reload ufw:

-
ufw allow 1194/udp comment "OpenVPN"
-ufw reload
-
-

At this point, the server-side configuration is done and you can start and enable the service:

-
systemctl start openvpn-server@server.service
-systemctl enable openvpn-server@server.service
-
-

Where the server after @ is the name of your configuration, server.conf without the .conf in my case.

-

Create client configurations

-

You might notice that I didn’t specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the server.conf file that we created.

-

The real way of doing this would be to run similar steps as the ones with easy-rsa locally, send them to the server, sign them, and retrieve them. Nah, we’ll just create all configuration files on the server as I was mentioning earlier.

-

Also, the client configuration file has to match the server one (to some degree), to make this easier you can create a client-common file in /etc/openvpn/server with the following content:

-
client
-dev tun
-remote 1.2.3.4 1194 udp # change this to match your ip and port
-resolv-retry infinite
-nobind
-persist-key
-persist-tun
-remote-cert-tls server
-auth SHA512
-verb 3
-
-

Where you should make any changes necessary, depending on your configuration.

-

Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning, by the way. You can place these scripts anywhere you like, and you should take a look before running them because you’ll be running them as root.

-

In a nutshell, what it does is: generate a new client certificate keypair, update the CRL and create a new .ovpn configuration file that consists on the client-common data and all of the required certificates; or, revoke an existing client and refresh the CRL. The file is placed under ~/ovpn.

-

Create a new file with the following content (name it whatever you like) and don’t forget to make it executable (chmod +x vpn_script):

-
#!/bin/sh
-# Client ovpn configuration creation and revoking.
-MODE=$1
-if [ ! "$MODE" = "new" -a ! "$MODE" = "rev" ]; then
-    echo "$1 is not a valid mode, using default 'new'"
-    MODE=new
-fi
-
-CLIENT=${2:-guest}
-if [ -z $2 ];then
-    echo "there was no client name passed as second argument, using 'guest' as default"
-fi
-
-# Expiration config.
-EASYRSA_CERT_EXPIRE=3650
-EASYRSA_CRL_DAYS=3650
-
-# Current PWD.
-CPWD=$PWD
-cd /etc/easy-rsa/
-
-if [ "$MODE" = "rev" ]; then
-    easyrsa --batch revoke $CLIENT
-
-    echo "$CLIENT revoked."
-elif [ "$MODE" = "new" ]; then
-    easyrsa build-client-full $CLIENT nopass
-
-    # This is what actually generates the config file.
-    {
-    cat /etc/openvpn/server/client-common
-    echo "<ca>"
-    cat /etc/easy-rsa/pki/ca.crt
-    echo "</ca>"
-    echo "<cert>"
-    sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/easy-rsa/pki/issued/$CLIENT.crt
-    echo "</cert>"
-    echo "<key>"
-    cat /etc/easy-rsa/pki/private/$CLIENT.key
-    echo "</key>"
-    echo "<tls-crypt>"
-    sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/ta.key
-    echo "</tls-crypt>"
-    } > "$(eval echo ~${SUDO_USER:-$USER}/ovpn/$CLIENT.ovpn)"
-
-    eval echo "~${SUDO_USER:-$USER}/ovpn/$CLIENT.ovpn file generated."
-fi
-
-# Finish up, re-generates the crl
-easyrsa gen-crl
-chown nobody:nobody pki/crl.pem
-chmod o+r pki/crl.pem
-cd $CPWD
-
-

And the way to use is to run vpn_script new/rev client_name as sudo (when revoking, it doesn’t actually deletes the .ovpn file in ~/ovpn). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for easy-rsa) and it could have errors.

-

Now, just get the .ovpn file generated, import it to OpenVPN in your client of preference and you should have a working VPN service.

]]>
-
- - Hoy me tocó desarrollo de personaje - https://blog.luevano.xyz/a/hoy_toco_desarrollo_personaje.html - https://blog.luevano.xyz/a/hoy_toco_desarrollo_personaje.html - Wed, 28 Jul 2021 06:10:55 GMT - Spanish - Una breve historia sobre cómo estuvo mi día, porque me tocó desarrollo de personaje y lo quiero sacar del coraje que traigo. - Sabía que hoy no iba a ser un día tan bueno, pero no sabía que iba a estar tan horrible; me tocó desarrollo de personaje y saqué el bad ending.

-

Básicamente tenía que cumplir dos misiones hoy: ir al banco a un trámite y vacunarme contra el Covid-19. Muy sencillas tareas.

-

Primero que nada me levanté de una pesadilla horrible en la que se puede decir que se me subió el muerto al querer despertar, esperé a que fuera casi la hora de salida de mi horario de trabajo, me bañé y fui directo al banco primero. Todo bien hasta aquí.

-

En el camino al banco, durante la plática con el conductor del Uber salió el tema del horario del banco. Yo muy tranquilo dije “pues voy algo tarde, pero sí alcanzo, cierran a las 5, ¿no?” a lo que me respondió el conductor “nel jefe, a las 4, y se van media hora antes”; quedé. Chequé y efectivamente cerraban a las 4. Entonces le dije que le iba a cambiar la ruta directo a donde me iba a vacunar, pero ya era muy tarde y quedaba para la dirección opuesta.”Ni pedo, ahí déjame y pido otro viaje, no te apures”, le dije y como siempre pues me deseó que se compusiera mi día; afortunadamente el banco sí estaba abierto para lo que tenía que hacer, así que fue un buen giro. Me puse muy feliz y asumí que sería un buen día, como me lo dijo mi conductor; literalmente NO SABÍA.

-

Salí feliz de poder haber completado esa misión y poder irme a vacunar. Pedí otro Uber a donde tenía que ir y todo bien. Me tocó caminar mucho porque la entrada estaba en punta de la chingada de donde me dejó el conductor, pero no había rollo, era lo de menos. Me desanimé cuando vi que había una cantidad estúpida de gente, era una fila que abarcaba todo el estacionamiento y daba demasiadas vueltas; “ni pedo”, dije, “si mucho me estaré aquí una hora, hora y media”… otra vez, literalmente NO SABÍA.

-

Pasó media hora y había avanzado lo que parecía ser un cuarto de la fila, entonces todo iba bien. Pues nel, había avanzado el equivalente a un octavo de la fila, este pedo no iba a salir en una hora-hora y media. Para acabarla de chingar era todo bajo el tan amado sol de Chiwawa. “No hay pedo, me entretengo tirando chal con alguien en el wasap”, pues no, aparentemente no cargué el celular y ya tenía 15-20% de batería… volví a quedar.

-

Se me acabó la pila, ya había pasado una hora y parecía que la fila era infinita, simplemente avanzábamos demasiado lento, a pesar de que los que venían atrás de mí repetían una y otra vez “mira, avanza bien rápido, ya mero llegamos”, ilusos. Duré aproximadamente 3 horas formado, aguantando conversaciones estúpidas a mi alrededor, gente quejándose por estar parada (yo también me estaba quejando pero dentro de mi cabeza), y por alguna razón iban familias completas de las cuales al final del día sólo uno o dos integrantes de la familia entraban a vacunarse.

-

En fin que se acabó la tortura y ya tocaba irse al cantón, todo bien. “No hay pedo, no me tocó irme en Uber, aquí agarro un camíon” pensé. Pero no, ningún camión pasó durante la hora que estuve esperando y de los 5 taxis que intenté parar NINGUNO se detuvo. Decidí irme caminado, ya qué más daba, en ese punto ya nada más era hacer corajes dioquis.

-

En el camino vi un Oxxo y decidí desviarme para comprar algo de tomar porque andaba bien deshidratado. En el mismo segundo que volteé para ir hacia el Oxxo pasó un camión volando y lo único que pensaba era que el conductor me decía “Jeje ni pedo:)”. Exploté, me acabé, simplemente perdí, saqué el bad ending.

-

Ya estaba harto y hasta iba a comprar un cargador para ya irme rápido, estaba cansado del día, simplemente ahí terminó la quest, había sacado el peor final. Lo bueno es que se me ocurrió pedirle al cajero un cargador y que me tirara paro. Todo bien, pedí mi Uber y llegué a mi casa sano y a salvo, pero con la peor rabia que me había dado en mucho tiempo. Simplemente ¿mi culo? explotado. Este día me tocó un desarrollo de personaje muy cabrón, se mamó el D*****o.

-

Lo único rescatable fue que había una (más bien como 5) chica muy guapa en la fila, lástima que los stats de mi personaje me tienen bloqueadas las conversaciones con desconocidos.

-

Y pues ya, este pex ya me sirvió para desahogarme, una disculpa por la redacción tan pitera. Sobres.

]]>
-
- - Tenia este pex algo descuidado - https://blog.luevano.xyz/a/tenia_esto_descuidado.html - https://blog.luevano.xyz/a/tenia_esto_descuidado.html - Sun, 18 Jul 2021 07:51:50 GMT - Short - Spanish - Update - Nada más un update en el estado del blog y lo que he andado haciendo. - Así es, tenía un poco descuidado este pex, siendo la razón principal que andaba ocupado con cosas de la vida profesional, ayay. Pero ya que ando un poco más despejado y menos estresado voy a seguir usando el blog y a ver qué más hago.

-

Tengo unas entradas pendientes que quiero hacer del estilo de “tutorial” o “how-to”, pero me lo he estado debatiendo, porque Luke ya empezó a hacerlo más de verdad en landchad.net, lo cual recomiendo bastante pues igual yo empecé a hacer esto por él (y por lm); aunque la verdad pues es muy específico a como él hace las cosas y quizá sí puede haber diferencias, pero ya veré en estos días. La próxima que quiero hacer es sobre el VPN, porque no lo he setupeado desde que reinicié El Página Web y La Servidor, entonces acomodaré el VPN de nuevo y de pasada tiro entrada de eso.

-

También dejé un dibujo pendiente, que la neta lo dejé por 2 cosas: está bien cabrón (porque también lo quiero colorear) y porque estaba ocupado; de lo cuál ya sólo queda el está bien cabrón pero no he tenido el valor de retomarlo. Lo triste es que ya pasó el tiempo del hype y ya no tengo mucha motivación para terminarlo más que el hecho de que cuando lo termine empezaré a usar Clip Studio Paint en vez de Krita, porque compré una licencia ahora que estuvo en 50% de descuento (sí, me mamé).

-

Algo bueno es que me he estado sintiendo muy bien conmigo mismo últimamente, aunque casi no hable de eso. Sí hay una razón en específico, pero es una razón algo tonta. Espero así siga.

-

Ah, y también quería acomodarme una sección de comentarios, pero como siempre, todas las opciones están bien bloated, entonces pues me voy a hacer una en corto seguramente en Python para el back, MySQL para la base de datos y Javascript para la conexión acá en el front, algo tranqui.

-

Sobres pues.

]]>
-
- - Create an XMPP server with Prosody compatible with Conversations and Movim - https://blog.luevano.xyz/a/xmpp_server_with_prosody.html - https://blog.luevano.xyz/a/xmpp_server_with_prosody.html - Wed, 09 Jun 2021 05:24:30 GMT - English - Server - Tools - Tutorial - How to create an XMPP server using Prosody on a server running Nginx. This server will be compatible with at least Conversations and Movim. - Recently I set up an XMPP server (and a Matrix one, too) for my personal use and for friends if they want one; made one for EL ELE EME, for example. So, here are the notes on how I set up the server that is compatible with the Conversations app and the Movim social network. You can see my addresses in contact and the XMPP compliance/score of the server.

-

One of the best resources I found that helped me a lot was Installing and Configuring Prosody XMPP Server on Debian 9, and of course the Arch Wiki and the oficial documentation.

-

As with my other entries, this is under a server running Arch Linux, with the Nginx web server and Certbot certificates. And all commands here are executed as root (unless specified otherwise)

-

Prerequisites

-

Same as with my other entries (website, mail and git) plus:

-
    -
  • A and (optionally) AAA DNS records for:
      -
    • xmpp: the actual XMPP server and the file upload service.
    • -
    • muc (or conference): for multi-user chats.
    • -
    • pubsub: the publish-subscribe service.
    • -
    • proxy: a proxy in case one of the users needs it.
    • -
    • vjud: user directory.
    • -
    -
  • -
  • (Optionally, but recommended) the following SRV DNS records; make sure it is pointing to an A or AAA record (matching the records from the last point, for example):
      -
    • _xmpp-client._tcp.**your.domain**. for port 5222 pointing to xmpp.**your.domain**.
    • -
    • _xmpp-server._tcp.**your.domain**. for port 5269 pointing to xmpp.**your.domain**.
    • -
    • _xmpp-server._tcp.muc.**your.domain**. for port 5269 pointing to xmpp.**your.domain**.
    • -
    -
  • -
  • SSL certificates for the previous subdomains; similar that with my other entries just create the appropriate prosody.conf (where server_name will be all the subdomains defined above) file and run certbot --nginx. You can find the example configuration file almost at the end of this entry.
  • -
  • Email addresses for admin, abuse, contact, security, etc. Or use your own email for all of them, doesn’t really matter much as long as you define them in the configuration and are valid, I have aliases so those emails are forwarded to me.
  • -
  • Allow ports 5000, 5222, 5269, 5280 and 5281 for Prosody and, 3478 and 5349 for Turnserver which are the defaults for coturn.
  • -
-

Prosody

-

Prosody is an implementation of the XMPP protocol that is flexible and extensible.

-

Install the prosody package (with optional dependencies) and the mercurial package:

-
pacman -S prosody, mercurial, lua52-sec, lua52-dbi, lua52-zlib
-
-

We need mercurial to be able to download and update the extra modules needed to make the server compliant with conversations.im and mov.im. Go to /var/lib/prosody, clone the latest Prosody modules repository and prepare the directories:

-
cd /var/lib/prosody
-hg clone https://hg.prosody.im/prosody-modules modules-available
-mkdir modules-enabled
-
-

You can see that I follow a similar approach that I used with Nginx and the server configuration, where I have all the modules available in a directory, and make a symlink to another to keep track of what is being used. You can update the repository by running hg pull --update while inside the modules-available directory (similar to Git).

-

Make symbolic links to the following modules:

-
ln -s /var/lib/prosody/modules-available/MODULE_NAME /var/lib/prosody/modules-enabled/
-...
-
-
    -
  • Modules:
      -
    • mod_bookmarks
    • -
    • mod_cache_c2s_caps
    • -
    • mod_checkcerts
    • -
    • mod_cloud_notify
    • -
    • mod_csi_battery_saver
    • -
    • mod_default_bookmarks
    • -
    • mod_external_services
    • -
    • mod_http_avatar
    • -
    • mod_http_pep_avatar
    • -
    • mod_http_upload
    • -
    • mod_http_upload_external
    • -
    • mod_idlecompat
    • -
    • mod_muc_limits
    • -
    • mod_muc_mam_hints
    • -
    • mod_muc_mention_notifications
    • -
    • mod_presence_cache
    • -
    • mod_pubsub_feeds
    • -
    • mod_pubsub_text_interface
    • -
    • mod_smacks
    • -
    • mod_strict_https
    • -
    • mod_vcard_muc
    • -
    • mod_vjud
    • -
    • mod_watchuntrusted
    • -
    -
  • -
-

And add other modules if needed, but these work for the apps that I mentioned. You should also change the permissions for these files:

-
chown -R prosody:prosody /var/lib/prosody
-
-

Now, configure the server by editing the /etc/prosody/prosody.cfg.lua file. It’s a bit tricky to configure, so here is my configuration file (lines starting with -- are comments). Make sure to change according to your domain, and maybe preferences. Read each line and each comment to know what’s going on, It’s easier to explain it with comments in the file itself than strip it in a lot of pieces.

-

And also, note that the configuration file has a “global” section and a per “virtual server”/”component” section, basically everything above all the VirtualServer/Component sections are global, and bellow each VirtualServer/Component, corresponds to that section.

-
-- important for systemd
-daemonize = true
-pidfile = "/run/prosody/prosody.pid"
-
--- or your account, not that this is an xmpp jid, not email
-admins = { "admin@your.domain" }
-
-contact_info = {
-    abuse = { "mailto:abuse@your.domain", "xmpp:abuse@your.domain" };
-    admin = { "mailto:admin@your.domain", "xmpp:admin@your.domain" };
-    admin = { "mailto:feedback@your.domain", "xmpp:feedback@your.domain" };
-    security = { "mailto:security@your.domain" };
-    support = { "mailto:support@your.domain", "xmpp:support@muc.your.domain" };
-}
-
--- so prosody look up the plugins we added
-plugin_paths = { "/var/lib/prosody/modules-enabled" }
-
-modules_enabled = {
-    -- Generally required
-        "roster"; -- Allow users to have a roster. Recommended ;)
-        "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
-        "tls"; -- Add support for secure TLS on c2s/s2s connections
-        "dialback"; -- s2s dialback support
-        "disco"; -- Service discovery
-    -- Not essential, but recommended
-        "carbons"; -- Keep multiple clients in sync
-        "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
-        "private"; -- Private XML storage (for room bookmarks, etc.)
-        "blocklist"; -- Allow users to block communications with other users
-        "vcard4"; -- User profiles (stored in PEP)
-        "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard
-        "limits"; -- Enable bandwidth limiting for XMPP connections
-    -- Nice to have
-        "version"; -- Replies to server version requests
-        "uptime"; -- Report how long server has been running
-        "time"; -- Let others know the time here on this server
-        "ping"; -- Replies to XMPP pings with pongs
-        "register"; -- Allow users to register on this server using a client and change passwords
-        "mam"; -- Store messages in an archive and allow users to access it
-        "csi_simple"; -- Simple Mobile optimizations
-    -- Admin interfaces
-        "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
-        --"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-    -- HTTP modules
-        "http"; -- Explicitly enable http server.
-        "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
-        "websocket"; -- XMPP over WebSockets
-        "http_files"; -- Serve static files from a directory over HTTP
-    -- Other specific functionality
-        "groups"; -- Shared roster support
-        "server_contact_info"; -- Publish contact information for this service
-        "announce"; -- Send announcement to all online users
-        "welcome"; -- Welcome users who register accounts
-        "watchregistrations"; -- Alert admins of registrations
-        "motd"; -- Send a message to users when they log in
-        --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-        --"s2s_bidi"; -- not yet implemented, have to wait for v0.12
-        "bookmarks";
-        "checkcerts";
-        "cloud_notify";
-        "csi_battery_saver";
-        "default_bookmarks";
-        "http_avatar";
-        "idlecompat";
-        "presence_cache";
-        "smacks";
-        "strict_https";
-        --"pep_vcard_avatar"; -- not compatible with this version of pep, wait for v0.12
-        "watchuntrusted";
-        "webpresence";
-        "external_services";
-    }
-
--- only if you want to disable some modules
-modules_disabled = {
-    -- "offline"; -- Store offline messages
-    -- "c2s"; -- Handle client connections
-    -- "s2s"; -- Handle server-to-server connections
-    -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
-}
-
-external_services = {
-    {
-        type = "stun",
-        transport = "udp",
-        host = "proxy.your.domain",
-        port = 3478
-    }, {
-        type = "turn",
-        transport = "udp",
-        host = "proxy.your.domain",
-        port = 3478,
-        -- you could decide this now or come back later when you install coturn
-        secret = "YOUR SUPER SECRET TURN PASSWORD"
-    }
-}
-
---- general global configuration
-http_ports = { 5280 }
-http_interfaces = { "*", "::" }
-
-https_ports = { 5281 }
-https_interfaces = { "*", "::" }
-
-proxy65_ports = { 5000 }
-proxy65_interfaces = { "*", "::" }
-
-http_default_host = "xmpp.your.domain"
-http_external_url = "https://xmpp.your.domain/"
--- or if you want to have it somewhere else, change this
-https_certificate = "/etc/prosody/certs/xmpp.your.domain.crt"
-
-hsts_header = "max-age=31556952"
-
-cross_domain_bosh = true
---consider_bosh_secure = true
-cross_domain_websocket = true
---consider_websocket_secure = true
-
-trusted_proxies = { "127.0.0.1", "::1", "192.169.1.1" }
-
-pep_max_items = 10000
-
--- this is disabled by default, and I keep it like this, depends on you
---allow_registration = true
-
--- you might want this options as they are
-c2s_require_encryption = true
-s2s_require_encryption = true
-s2s_secure_auth = false
---s2s_insecure_domains = { "insecure.example" }
---s2s_secure_domains = { "jabber.org" }
-
--- where the certificates are stored (/etc/prosody/certs by default)
-certificates = "certs"
-checkcerts_notify = 7 -- ( in days )
-
--- rate limits on connections to the server, these are my personal settings, because by default they were limited to something like 30kb/s
-limits = {
-    c2s = {
-        rate = "2000kb/s";
-    };
-    s2sin = {
-        rate = "5000kb/s";
-    };
-    s2sout = {
-        rate = "5000kb/s";
-    };
-}
-
--- again, this could be yourself, it is a jid
-unlimited_jids = { "admin@your.domain" }
-
-authentication = "internal_hashed"
-
--- if you don't want to use sql, change it to internal and comment the second line
--- since this is optional, i won't describe how to setup mysql or setup the user/database, that would be out of the scope for this entry
-storage = "sql"
-sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "PROSODY USER SECRET PASSWORD", host = "localhost" }
-
-archive_expires_after = "4w" -- configure message archive
-max_archive_query_results = 20;
-mam_smart_enable = true
-default_archive_policy = "roster" -- archive only messages from users who are in your roster
-
--- normally you would like at least one log file of certain level, but I keep all of them, the default is only the info = "*syslog" one
-log = {
-    info = "*syslog";
-    warn = "prosody.warn";
-    error = "prosody.err";
-    debug = "prosody.debug";
-    -- "*console"; -- Needs daemonize=false
-}
-
--- cloud_notify
-push_notification_with_body = false -- Whether or not to send the message body to remote pubsub node
-push_notification_with_sender = false -- Whether or not to send the message sender to remote pubsub node
-push_max_errors = 5 -- persistent push errors are tolerated before notifications for the identifier in question are disabled
-push_max_devices = 5 -- number of allowed devices per user
-
--- by default every user on this server will join these muc rooms
-default_bookmarks = {
-    { jid = "room@muc.your.domain", name = "The Room" };
-    { jid = "support@muc.your.domain", name = "Support Room" };
-}
-
--- could be your jid
-untrusted_fail_watchers = { "admin@your.domain" }
-untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"
-
------------ Virtual hosts -----------
-VirtualHost "your.domain"
-    name = "Prosody"
-    http_host = "xmpp.your.domain"
-
-disco_items = {
-    { "your.domain", "Prosody" };
-    { "muc.your.domain", "MUC Service" };
-    { "pubsub.your.domain", "Pubsub Service" };
-    { "proxy.your.domain", "SOCKS5 Bytestreams Service" };
-    { "vjud.your.domain", "User Directory" };
-}
-
-
--- Multi-user chat
-Component "muc.your.domain" "muc"
-    name = "MUC Service"
-    modules_enabled = {
-        --"bob"; -- not compatible with this version of Prosody
-        "muc_limits";
-        "muc_mam"; -- message archive in muc, again, a placeholder
-        "muc_mam_hints";
-        "muc_mention_notifications";
-        "vcard_muc";
-    }
-
-    restrict_room_creation = false
-
-    muc_log_by_default = true
-    muc_log_presences = false
-    log_all_rooms = false
-    muc_log_expires_after = "1w"
-    muc_log_cleanup_interval = 4 * 60 * 60
-
-
--- Upload
-Component "xmpp.your.domain" "http_upload"
-    name = "Upload Service"
-    http_host= "xmpp.your.domain"
-    -- you might want to change this, these are numbers in bytes, so 10MB and 100MB respectively
-    http_upload_file_size_limit = 1024*1024*10
-    http_upload_quota = 1024*1024*100
-
-
--- Pubsub
-Component "pubsub.your.domain" "pubsub"
-    name = "Pubsub Service"
-    pubsub_max_items = 10000
-    modules_enabled = {
-        "pubsub_feeds";
-        "pubsub_text_interface";
-    }
-
-    -- personally i don't have any feeds configured
-    feeds = {
-        -- The part before = is used as PubSub node
-        --planet_jabber = "http://planet.jabber.org/atom.xml";
-        --prosody_blog = "http://blog.prosody.im/feed/atom.xml";
-    }
-
-
--- Proxy
-Component "proxy.your.domain" "proxy65"
-    name = "SOCKS5 Bytestreams Service"
-    proxy65_address = "proxy.your.domain"
-
-
--- Vjud, user directory
-Component "vjud.your.domain" "vjud"
-    name = "User Directory"
-    vjud_mode = "opt-in"
-
-

You HAVE to read all of the configuration file, because there are a lot of things that you need to change to make it work with your server/domain. Test the configuration file with:

-
luac5.2 -p /etc/prosody/prosody.cfg.lua
-
-

Notice that by default prosody will look up certificates that look like sub.your.domain, but if you get the certificates like I do, you’ll have a single certificate for all subdomains, and by default it is in /etc/letsencrypt/live, which has some strict permissions. So, to import it you can run:

-
prosodyctl --root cert import /etc/letsencrypt/live
-
-

Ignore the complaining about not finding the subdomain certificates and note that you will have to run that command on each certificate renewal, to automate this, add the --deploy-hook flag to your automated Certbot renewal system; for me it’s a systemd timer with the following certbot.service:

-
[Unit]
-Description=Let's Encrypt renewal
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "systemctl reload nginx.service && prosodyctl --root cert import /etc/letsencrypt/live"
-
-

And if you don’t have it already, the certbot.timer:

-
[Unit]
-Description=Twice daily renewal of Let's Encrypt's certificates
-
-[Timer]
-OnCalendar=0/12:00:00
-RandomizedDelaySec=1h
-Persistent=true
-
-[Install]
-WantedBy=timers.target
-
-

Also, go to the certs directory and make the appropriate symbolic links:

-
cd /etc/prosody/certs
-ln -s your.domain.crt SUBDOMAIN.your.domain.crt
-ln -s your.domain.key SUBDOMAIN.your.domain.key
-...
-
-

That’s basically all the configuration that needs Prosody itself, but we still have to configure Nginx and Coturn before starting/enabling the prosody service.

-

Nginx configuration file

-

Since this is not an ordinary configuration file I’m going to describe this too. Your prosody.conf file should have the following location blocks under the main server block (the one that listens to HTTPS):

-
# HTTPS server block
-server {
-    root /var/www/prosody/;
-    server_name xmpp.luevano.xyz muc.luevano.xyz pubsub.luevano.xyz vjud.luevano.xyz proxy.luevano.xyz;
-    index index.html;
-
-    # for extra https discovery (XEP-0256)
-    location /.well-known/acme-challenge {
-        allow all;
-    }
-
-    # bosh specific
-    location /http-bind {
-        proxy_pass  https://localhost:5281/http-bind;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_buffering off;
-        tcp_nodelay on;
-    }
-
-    # websocket specific
-    location /xmpp-websocket {
-        proxy_pass https://localhost:5281/xmpp-websocket;
-
-        proxy_http_version 1.1;
-        proxy_set_header Connection "Upgrade";
-        proxy_set_header Upgrade $http_upgrade;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_read_timeout 900s;
-    }
-
-    # general proxy
-    location / {
-        proxy_pass https://localhost:5281;
-
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-    ...
-    # Certbot stuff
-}
-# HTTP server block (the one that certbot creates)
-server {
-    ...
-}
-
-

Also, you need to add the following to your actual your.domain (this cannot be a subdomain) configuration file:

-
server {
-    ...
-    location /.well-known/host-meta {
-        default_type 'application/xrd+xml';
-        add_header Access-Control-Allow-Origin '*' always;
-    }
-
-    location /.well-known/host-meta.json {
-        default_type 'application/jrd+json';
-        add_header Access-Control-Allow-Origin '*' always;
-    }
-    ...
-}
-
-

And you will need the following host-meta and host-meta.json files inside the .well-known/acme-challenge directory for your.domain (following my nomenclature: /var/www/yourdomaindir/.well-known/acme-challenge/).

-

For host-meta file:

-
<?xml version='1.0' encoding='utf-8'?>
-<XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'>
-    <Link rel="urn:xmpp:alt-connections:xbosh"
-        href="https://xmpp.your.domain:5281/http-bind" />
-    <Link rel="urn:xmpp:alt-connections:websocket"
-        href="wss://xmpp.your.domain:5281/xmpp-websocket" />
-</XRD>
-
-

And host-meta.json file:

-
{
-    "links": [
-        {
-            "rel": "urn:xmpp:alt-connections:xbosh",
-                "href": "https://xmpp.your.domain:5281/http-bind"
-        },
-        {
-            "rel": "urn:xmpp:alt-connections:websocket",
-                "href": "wss://xmpp.your.domain:5281/xmpp-websocket"
-        }
-    ]
-}
-
-

Remember to have your prosody.conf file symlinked (or discoverable by Nginx) to the sites-enabled directory. You can now restart your nginx service (and test the configuration, optionally):

-
nginx -t
-systemctl restart nginx.service
-
-

Coturn

-

Coturn is the implementation of TURN and STUN server, which in general is for (at least in the XMPP world) voice support and external service discovery.

-

Install the coturn package:

-
pacman -S coturn
-
-

You can modify the configuration file (located at /etc/turnserver/turnserver.conf) as desired, but at least you need to make the following changes (uncomment or edit):

-
use-auth-secret
-realm=proxy.your.domain
-static-auth-secret=YOUR SUPER SECRET TURN PASSWORD
-
-

I’m sure there is more configuration to be made, like using SQL to store data and whatnot, but for now this is enough for me. Note that you may not have some functionality that’s needed to create dynamic users to use the TURN server, and to be honest I haven’t tested this since I don’t use this feature in my XMPP clients, but if it doesn’t work, or you know of an error or missing configuration don’t hesitate to contact me.

-

Start/enable the turnserver service:

-
systemctl start turnserver.service
-systemctl enable turnserver.service
-
-

You can test if your TURN server works at Trickle ICE. You may need to add a user in the turnserver.conf to test this.

-

Wrapping up

-

At this point you should have a working XMPP server, start/enable the prosody service now:

-
systemctl start prosody.service
-systemctl enable prosody.service
-
-

And you can add your first user with the prosodyctl command (it will prompt you to add a password):

-
prosodyctl adduser user@your.domain
-
-

You may want to add a compliance user, so you can check if your server is set up correctly. To do so, go to XMPP Compliance Tester and enter the compliance user credentials. It should have similar compliance score to mine:

-

-

Additionally, you can test the security of your server in IM Observatory, here you only need to specify your domain.name (not xmpp.domain.name, if you set up the SRV DNS records correctly). Again, it should have a similar score to mine:

-

xmpp.net score

-

You can now log in into your XMPP client of choice, if it asks for the server it should be xmpp.your.domain (or your.domain for some clients) and your login credentials you@your.domain and the password you chose (which you can change in most clients).

-

That’s it, send me a message david@luevano.xyz if you were able to set up the server successfully.

]]>
-
- - Al fin ya me acomodé la página pa' los dibujos - https://blog.luevano.xyz/a/acomodada_la_pagina_de_arte.html - https://blog.luevano.xyz/a/acomodada_la_pagina_de_arte.html - Sun, 06 Jun 2021 19:06:09 GMT - Short - Spanish - Update - Actualización en el estado de la página, en este caso sobre la existencia de una nueva página para los dibujos y arte en general. - Así es, ya quedó acomodado el sub-dominio art.luevano.xyz pos pal arte veda. Entonces pues ando feliz por eso.

-

Este pedo fue gracias a que me reescribí la forma en la que pyssg maneja los templates, ahora uso el sistema de jinja en vez del cochinero que hacía antes.

-

Y pues nada más eso, aquí está el primer post y por supuesto acá está el link del RSS https://art.luevano.xyz/rss.xml.

]]>
-
- - Así nomás está quedando el página - https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html - https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html - Fri, 04 Jun 2021 08:24:03 GMT - Short - Spanish - Update - Actualización en el estado de la página, el servidor de XMPP y Matrix que me acomodé y próximas cosas que quiero hacer. - Estuve acomodando un poco más el sItIo, al fin agregué la “sección” de contact y de donate por si hay algún loco que quiere tirar varo.

-

También me puse a acomodar un servidor de XMPP el cual, en pocas palabras, es un protocolo de mensajería instantánea (y más) descentralizado, por lo cual cada quien puede hacer una cuenta en el servidor que quiera y conectarse con cuentas creadas en otro servidor… exacto, como con los correos electrónicos. Y esto está perro porque si tú tienes tu propio server, así como con uno de correo electrónico, puedes controlar qué características tiene, quiénes pueden hacer cuenta, si hay end-to-end encryption (o mínimo end-to-server), entre un montón de otras cosas.

-

Ahorita este server es SUMISO (compliant en español, jeje) para jalar con la app conversations y con la red social movim, pero realmente funcionaría con casi cualquier cliente de XMPP, amenos que ese cliente implemente algo que no tiene mi server. Y también acomodé un server de Matrix que es muy similar pero es bajo otro protocolo y se siente más como un discord/slack (al menos en el element), muy chingón también.

-

Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el pyssg para que jale chido para este pex.

-

Ya por último también quiero moverle un poco al CSS, porque lo dejé en un estado muy culerón y quiero meterle/ajustar unas cosas para que quede más limpio y medianamente bonito… dentro de lo que cabe porque evidentemente me vale verga si se ve como una página del 2000.

]]>
-
- - I'm using a new blogging system - https://blog.luevano.xyz/a/new_blogging_system.html - https://blog.luevano.xyz/a/new_blogging_system.html - Fri, 28 May 2021 03:21:39 GMT - English - Short - Tools - Update - I created a new blogging system called pyssg, which is based on what I was using but, to be honest, better. - So, I was tired of working with ssg (and then sbg which was a modified version of ssg that I “wrote”), for one general reason: not being able to extend it as I would like; and not just dumb little stuff, I wanted to be able to have more control, to add tags (which another tool that I found does: blogit), and even more in a future.

-

The solution? Write a new program “from scratch” in pYtHoN. Yes it is bloated, yes it is in its early stages, but it works just as I want it to work, and I’m pretty happy so far with the results and have with even more ideas in mind to “optimize” and generally clean my wOrKfLoW to post new blog entries. I even thought of using it for posting into a “feed” like gallery for drawings or pictures in general.

-

I called it pyssg, because it sounds nice and it wasn’t taken in the PyPi. It is just a terminal program that reads either a configuration file or the options passed as flags when calling the program.

-

It still uses Markdown files because I find them very easy to work with. And instead of just having a “header” and a “footer” applied to each parsed entry, you will have templates (generated with the program) for each piece that I thought made sense (idea taken from blogit): the common header and footer, the common header and footer for each entry and, header, footer and list elements for articles and tags. When parsing the Markdown file these templates are applied and stitched together to make a single HTML file. Also generates an RSS feed and the sitemap.xml file, which is nice.

-

It might sound convoluted, but it works pretty well, with of course room to improve; I’m open to suggestions, issue reporting or direct contributions here. BTW, it only works on Linux for now (and don’t think on making it work on windows, but feel free to do PR for the compatibility).

-

That’s it for now, the new RSS feed is available here: https://blog.luevano.xyz/rss.xml.

]]>
-
- - Create a git server and setup cgit web app (on Nginx) - https://blog.luevano.xyz/a/git_server_with_cgit.html - https://blog.luevano.xyz/a/git_server_with_cgit.html - Sun, 21 Mar 2021 19:00:29 GMT - English - Server - Tools - Tutorial - How to create a git server using cgit on a server running Nginx. This is a follow up on post about creating a website with Nginx and Certbot. - My git server is all I need to setup to actually kill my other server (I’ve been moving from servers on these last 2-3 blog entries), that’s why I’m already doing this entry. I’m basically following git’s guide on setting up a server plus some specific stuff for (btw i use) Arch Linux (Arch Linux Wiki: Git server and Step by step guide on setting up git server in arch linux (pushable)).

-

Note that this is mostly for personal use, so there’s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.

-

Prerequisites

-

I might get tired of saying this (it’s just copy paste, basically)… but you will need the same prerequisites as before (check my website and mail entries), with the extras:

-
    -
  • (Optional, if you want a “front-end”) A CNAME for “git” and (optionally) “www.git”, or some other name for your sub-domains.
  • -
  • An SSL certificate, if you’re following the other entries, add a git.conf and run certbot --nginx to extend the certificate.
  • -
-

Git

-

Git is a version control system.

-

If not installed already, install the git package:

-
pacman -S git
-
-

On Arch Linux, when you install the git package, a git user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on /home/git like if git was a “normal” user. So, create the git folder (with corresponding permissions) under /home and set the git user’s home to /home/git:

-
mkdir /home/git
-chown git:git /home/git
-usermod -d /home/git git
-
-

Also, the git user is “expired” by default and will be locked (needs a password), change that with:

-
chage -E -1 git
-passwd git
-
-

Give it a strong one and remember to use PasswordAuthentication no for ssh (as you should). Create the .ssh/authorized_keys for the git user and set the permissions accordingly:

-
mkdir /home/git/.ssh
-chmod 700 /home/git/.ssh
-touch /home/git/.ssh/authorized_keys
-chmod 600 /home/git/.ssh/authorized_keys
-chown -R git:git /home/git
-
-

Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using ssh‘s built in ssh-copy-id (for that you may want to check your ssh configuration in case you don’t let people access your server with user/password).

-

Next, and almost finally, we need to edit the git-daemon service, located at /usr/lib/systemd/system/ (called git-daemon@.service):

-
...
-ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack
-...
-
-

I just appended --enable=receive-pack and note that I also changed the --base-path to reflect where I want to serve my repositories from (has to match what you set when changing git user’s home).

-

Now, go ahead and start and enable the git-daemon socket:

-
systemctl start git-daemon.socket
-systemctl enable git-daemon.socket
-
-

You’re basically done. Now you should be able to push/pull repositories to your server… except, you haven’t created any repository in your server, that’s right, they’re not created automatically when trying to push. To do so, you have to run (while inside /home/git):

-
git init --bare {repo_name}.git
-chown -R git:git repo_name.git
-
-

Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame… although there are options to “automate” this, I like it this way).

-

After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check this gist.

-

Cgit

-

Cgit is a fast web interface for git.

-

This is optionally since it’s only for the web application.

-

Install the cgit and fcgiwrap packages:

-
pacman -S cgit fcgiwrap
-
-

Now, just start and enable the fcgiwrap socket:

-
systemctl start fcgiwrap.socket
-systemctl enable fcgiwrap.socket
-
-

Next, create the git.conf as stated in my nginx setup entry. Add the following lines to your git.conf file:

-
server {
-    listen 80;
-    listen [::]:80;
-    root /usr/share/webapps/cgit;
-    server_name {yoursubdomain}.{yourdomain};
-    try_files $uri @cgit;
-
-    location @cgit {
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
-        fastcgi_param PATH_INFO $uri;
-        fastcgi_param QUERY_STRING $args;
-        fastcgi_param HTTP_HOST $server_name;
-        fastcgi_pass unix:/run/fcgiwrap.sock;
-    }
-}
-
-

Where the server_name line depends on you, I have mine setup to git.luevano.xyz and www.git.luevano.xyz. Optionally run certbot --nginx to get a certificate for those domains if you don’t have already.

-

Now, all that’s left is to configure cgit. Create the configuration file /etc/cgitrc with the following content (my personal options, pretty much the default):

-
css=/cgit.css
-logo=/cgit.png
-
-enable-http-clone=1
-# robots=noindex, nofollow
-virtual-root=/
-
-repo.url={url}
-repo.path={dir_path}
-repo.owner={owner}
-repo.desc={short_description}
-
-...
-
-

Where you can uncomment the robots line to let web crawlers (like Google’s) to index your git web app. And at the end keep all your repositories (the ones you want to make public), for example for my dotfiles I have:

-
...
-repo.url=.dots
-repo.path=/home/git/.dots.git
-repo.owner=luevano
-repo.desc=These are my personal dotfiles.
-...
-
-

Otherwise you could let cgit to automatically detect your repositories (you have to be careful if you want to keep “private” repos) using the option scan-path and setup .git/description for each repository. For more, you can check cgitrc(5).

-

By default you can’t see the files on the site, you need a highlighter to render the files, I use highlight. Install the highlight package:

-
pacman -S highlight
-
-

Copy the syntax-highlighting.sh script to the corresponding location (basically adding -edited to the file):

-
cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh
-
-

And edit it to use the version 3 and add --inline-css for more options without editing cgit‘s CSS file:

-
...
-# This is for version 2
-# exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
-
-# This is for version 3
-exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null
-...
-
-

Finally, enable the filter in /etc/cgitrc configuration:

-
source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
-
-

That would be everything. If you need support for more stuff like compressed snapshots or support for markdown, check the optional dependencies for cgit.

]]>
-
- - Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM - https://blog.luevano.xyz/a/mail_server_with_postfix.html - https://blog.luevano.xyz/a/mail_server_with_postfix.html - Sun, 21 Mar 2021 04:05:59 GMT - English - Server - Tools - Tutorial - How to create mail server using Postfix, Dovecot, SpamAssassin and OpenDKIM. This is a follow up on post about creating a website with Nginx and Certbot. - The entry is going to be long because it’s a tedious process. This is also based on Luke Smith’s script, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I’m in the process of installing/configuring the mail server on a new VPS of mine; also I’m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted here.

-

This configuration works for local users (users that appear in /etc/passwd), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges.

-

Prerequisites

-

Basically the same as with the website with Nginx and Certbot, with the extras:

-
    -
  • You will need a CNAME for “mail” and (optionally) “www.mail”, or whatever you want to call the sub-domains (although the RFC 2181 states that it NEEDS to be an A record, fuck the police).
  • -
  • An SSL certificate. You can use the SSL certificate obtained following my last post using certbot (just create a mail.conf and run certbot --nginx again).
  • -
  • Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall.
  • -
-

Postfix

-

Postfix is a “mail transfer agent” which is the component of the mail server that receives and sends emails via SMTP.

-

Install the postfix package:

-
pacman -S postfix
-
-

We have two main files to configure (inside /etc/postfix): master.cf (master(5)) and main.cf (postconf(5)). We’re going to edit main.cf first either by using the command postconf -e 'setting' or by editing the file itself (I prefer to edit the file).

-

Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke’s script did plus some other settings that worked for me.

-

Now, first locate where your website cert is, mine is at the default location /etc/letsencrypt/live/, so my certdir is /etc/letsencrypt/live/luevano.xyz. Given this information, change {yourcertdir} on the corresponding lines. The configuration described below has to be appended in the main.cf configuration file.

-

Certificates and ciphers to use for authentication and security:

-
smtpd_tls_key_file = {yourcertdir}/privkey.pem
-smtpd_tls_cert_file = {yourcertdir}/fullchain.pem
-smtpd_use_tls = yes
-smtpd_tls_auth_only = yes
-smtp_tls_security_level = may
-smtp_tls_loglevel = 1
-smtp_tls_CAfile = {yourcertdir}/cert.pem
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-tls_preempt_cipherlist = yes
-smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
-                DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
-                RSA+AES, eNULL
-
-smtp_tls_CApath = /etc/ssl/certs
-smtpd_tls_CApath = /etc/ssl/certs
-
-smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
-
-

Also, for the connection with dovecot, append the next few lines (telling postfix that dovecot will use user/password for authentication):

-
smtpd_sasl_auth_enable = yes
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_security_options = noanonymous, noplaintext
-smtpd_sasl_tls_security_options = noanonymous
-
-

Specify the mailbox home (this is going to be a directory inside your user’s home containing the actual mail files):

-
home_mailbox = Mail/Inbox/
-
-

Pre-configuration to work seamlessly with dovecot and opendkim:

-
myhostname = {yourdomainname}
-mydomain = localdomain
-mydestination = $myhostname, localhost.$mydomain, localhost
-
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:127.0.0.1:8891
-non_smtpd_milters = inet:127.0.0.1:8891
-mailbox_command = /usr/lib/dovecot/deliver
-
-

Where {yourdomainname} is luevano.xyz in my case, or if you have localhost configured to your domain, then use localhost for myhostname (myhostname = localhost).

-

Lastly, if you don’t want the sender’s IP and user agent (application used to send the mail), add the following line:

-
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
-
-

And create the /etc/postfix/smtp_header_checks file with the following content:

-
/^Received: .*/     IGNORE
-/^User-Agent: .*/   IGNORE
-
-

That’s it for main.cf, now we have to configure master.cf. This one is a bit more tricky.

-

First look up lines (they’re uncommented) smtp inet n - n - - smtpd, smtp unix - - n - - smtp and -o syslog_name=postfix/$service_name and either delete or uncomment them… or just run sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf as stated in Luke’s script.

-

Lastly, append the following lines to complete postfix setup and pre-configure for spamassassin.

-
smtp unix - - n - - smtp
-smtp inet n - y - - smtpd
-    -o content_filter=spamassassin
-submission inet n - y - - smtpd
-    -o syslog_name=postfix/submission
-    -o smtpd_tls_security_level=encrypt
-    -o smtpd_sasl_auth_enable=yes
-    -o smtpd_tls_auth_only=yes
-smtps inet n - y - - smtpd
-    -o syslog_name=postfix/smtps
-    -o smtpd_tls_wrappermode=yes
-    -o smtpd_sasl_auth_enable=yes
-spamassassin unix - n n - - pipe
-    user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}
-
-

Now, I ran into some problems with postfix, one being smtps: Servname not supported for ai_socktype, to fix it, as Till posted in that site, edit /etc/services and add:

-
smtps 465/tcp
-smtps 465/udp
-
-

Before starting the postfix service, you need to run newaliases first, but you can do a bit of configuration beforehand editing the file /etc/postfix/aliases. I only change the root: you line (where you is the account that will be receiving “root” mail). After you’re done, run:

-
postalias /etc/postfix/aliases
-newaliases
-
-

At this point you’re done configuring postfix and you can already start/enable the postfix service:

-
systemctl start postfix.service
-systemctl enable postfix.service
-
-

Dovecot

-

Dovecot is an IMAP and POP3 server, which is what lets an email application retrieve the mail.

-

Install the dovecot and pigeonhole (sieve for dovecot) packages:

-
pacman -S dovecot pigeonhole
-
-

On arch, by default, there is no /etc/dovecot directory with default configurations set in place, but the package does provide the example configuration files. Create the dovecot directory under /etc and, optionally, copy the dovecot.conf file and conf.d directory under the just created dovecot directory:

-
mkdir /etc/dovecot
-cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
-cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
-
-

As Luke stated, dovecot comes with a lot of “modules” (under /etc/dovecot/conf.d/ if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edit/create the whole dovecot.conf file; although, I would like to check each of the separate configuration files dovecot provides I think the options Luke provides are more than good enough.

-

I’m working with an empty dovecot.conf file. Add the following lines for SSL and login configuration (also replace {yourcertdir} with the same certificate directory described in the Postfix section above, note that the < is required):

-
ssl = required
-ssl_cert = <{yourcertdir}/fullchain.pem
-ssl_key = <{yourcertdir}/privkey.pem
-ssl_min_protocol = TLSv1.2
-ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
-ssl_prefer_server_ciphers = yes
-ssl_dh = </etc/dovecot/dh.pem
-
-auth_mechanisms = plain login
-auth_username_format = %n
-protocols = $protocols imap
-
-

You may notice we specify a file we don’t have under /etc/dovecot: dh.pem. We need to create it with openssl (you should already have it installed if you’ve been following this entry and the one for nginx). Just run (might take a few minutes):

-
openssl dhparam -out /etc/dovecot/dh.pem 4096
-
-

After that, the next lines define what a “valid user is” (really just sets the database for users and passwords to be the local users with their password):

-
userdb {
-    driver = passwd
-}
-
-passdb {
-    driver = pam
-}
-
-

Next, comes the mail directory structure (has to match the one described in the Postfix section). Here, the LAYOUT option is important so the boxes are .Sent instead of Sent. Add the next lines (plus any you like):

-
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
-namespace inbox {
-    inbox = yes
-
-    mailbox Drafts {
-        special_use = \Drafts
-        auto = subscribe
-        }
-
-    mailbox Junk {
-        special_use = \Junk
-        auto = subscribe
-        autoexpunge = 30d
-        }
-
-    mailbox Sent {
-        special_use = \Sent
-        auto = subscribe
-        }
-
-    mailbox Trash {
-        special_use = \Trash
-        }
-
-    mailbox Archive {
-        special_use = \Archive
-        }
-}
-
-

Also include this so Postfix can use Dovecot’s authentication system:

-
service auth {
-    unix_listener /var/spool/postfix/private/auth {
-        mode = 0660
-        user = postfix
-        group = postfix
-        }
-}
-
-

Lastly (for Dovecot at least), the plugin configuration for sieve (pigeonhole):

-
protocol lda {
-    mail_plugins = $mail_plugins sieve
-}
-
-protocol lmtp {
-    mail_plugins = $mail_plugins sieve
-}
-
-plugin {
-    sieve = ~/.dovecot.sieve
-    sieve_default = /var/lib/dovecot/sieve/default.sieve
-    sieve_dir = ~/.sieve
-    sieve_global_dir = /var/lib/dovecot/sieve/
-
-

Where /var/lib/dovecot/sieve/default.sieve doesn’t exist yet. Create the folders:

-
mkdir -p /var/lib/dovecot/sieve
-
-

And create the file default.sieve inside that just created folder with the content:

-
require ["fileinto", "mailbox"];
-if header :contains "X-Spam-Flag" "YES" {
-    fileinto "Junk";
-}
-
-

Now, if you don’t have a vmail (virtual mail) user, create one and change the ownership of the /var/lib/dovecot directory to this user:

-
grep -q "^vmail:" /etc/passwd || useradd -m vmail -s /usr/bin/nologin
-chown -R vmail:vmail /var/lib/dovecot
-
-

Note that I also changed the shell for vmail to be /usr/bin/nologin. After that, to compile the configuration file run:

-
sievec /var/lib/dovecot/sieve/default.sieve
-
-

A default.svbin file will be created next to default.sieve.

-

Next, add the following lines to /etc/pam.d/dovecot if not already present (shouldn’t be there if you’ve been following these notes):

-
auth required pam_unix.so nullok
-account required pam_unix.so
-
-

That’s it for Dovecot, at this point you can start/enable the dovecot service:

-
systemctl start dovecot.service
-systemctl enable dovecot.service
-
-

OpenDKIM

-

OpenDKIM is needed so services like G**gle (we don’t mention that name here [[[this is a meme]]]) don’t throw the mail to the trash. DKIM stands for “DomainKeys Identified Mail”.

-

Install the opendkim package:

-
pacman -S opendkim
-
-

Generate the keys for your domain:

-
opendkim-genkey -D /etc/opendkim -d {yourdomain} -s {yoursubdomain} -r -b 2048
-
-

Where you need to change {yourdomain} and {yoursubdomain} (doesn’t really need to be the sub-domain, could be anything that describes your key) accordingly, for me it’s luevano.xyz and mail, respectively. After that, we need to create some files inside the /etc/opendkim directory. First, create the file KeyTable with the content:

-
{yoursubdomain}._domainkey.{yourdomain} {yourdomain}:{yoursubdomain}:/etc/opendkim/{yoursubdomain}.private
-
-

So, for me it would be:

-
mail._domainkey.luevano.xyz luevano.xyz:mail:/etc/opendkim/mail.private
-
-

Next, create the file SigningTable with the content:

-
*@{yourdomain} {yoursubdomain}._domainkey.{yourdomain}
-
-

Again, for me it would be:

-
*@luevano.xyz mail._domainkey.luevano.xyz
-
-

And, lastly create the file TrustedHosts with the content:

-
127.0.0.1
-::1
-10.1.0.0/16
-1.2.3.4/24
-localhost
-{yourserverip}
-...
-
-

And more, make sure to include your server IP and something like subdomain.domainname.

-

Next, edit /etc/opendkim/opendkim.conf to reflect the changes (or rather, addition) of these files, as well as some other configuration. You can look up the example configuration file located at /usr/share/doc/opendkim/opendkim.conf.sample, but I’m creating a blank one with the contents:

-
Domain {yourdomain}
-Selector {yoursubdomain}
-
-Syslog Yes
-UserID opendkim
-
-KeyFile /etc/opendkim/{yoursubdomain}.private
-Socket inet:8891@localhost
-
-

Now, change the permissions for all the files inside /etc/opendkim:

-
chown -R root:opendkim /etc/opendkim
-chmod g+r /etc/postfix/dkim/*
-
-

I’m using root:opendkim so opendkim doesn’t complain about the {yoursubdomani}.private being insecure (you can change that by using the option RequireSafeKeys False in the opendkim.conf file, as stated here).

-

That’s it for the general configuration, but you could go more in depth and be more secure with some extra configuration.

-

Now, just start/enable the opendkim service:

-
systemctl start opendkim.service
-systemctl enable opendkim.service
-
-

And don’t forget to add the following TXT records on your domain registrar (these examples are for Epik):

-
    -
  1. DKIM entry: look up your {yoursubdomain}.txt file, it should look something like:
  2. -
-
{yoursubdomain}._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "
-    "p=..."
-    "..." )  ; ----- DKIM key mail for {yourdomain}
-
-

In the TXT record you will place {yoursubdomain}._domainkey as the “Host” and "v=DKIM1; k=rsa; s=email; " "p=..." "..." in the “TXT Value” (replace the dots with the actual value you see in your file).

-
    -
  1. -

    DMARC entry: just _dmarc.{yourdomain} as the “Host” and "v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1" as the “TXT Value”.

    -
  2. -
  3. -

    SPF entry: just @ as the “Host” and "v=spf1 mx a:{yoursubdomain}.{yourdomain} - all" as the “TXT Value”.

    -
  4. -
-

And at this point you could test your mail for spoofing and more.

-

SpamAssassin

-

SpamAssassin is just a mail filter to identify spam.

-

Install the spamassassin package (which will install a bunch of ugly perl packages…):

-
pacman -S spamassassin
-
-

For some reason, the permissions on all spamassassin stuff are all over the place. First, change owner of the executables, and directories:

-
chown spamd:spamd /usr/bin/vendor_perl/sa-*
-chown spamd:spamd /usr/bin/vendor_perl/spam*
-chwown -R spamd:spamd /etc/mail/spamassassin
-
-

Then, you can edit local.cf (located in /etc/mail/spamassassin) to fit your needs (I only uncommented the rewrite_header Subject ... line). And then you can run the following command to update the patterns and compile them:

-
sudo -u spamd sa-update
-sudo -u spamd sa-compile
-
-

And since this should be run periodically, create the service spamassassin-update.service under /etc/systemd/system with the following content:

-
[Unit]
-Description=SpamAssassin housekeeping
-After=network.target
-
-[Service]
-User=spamd
-Group=spamd
-Type=oneshot
-
-ExecStart=/usr/bin/vendor_perl/sa-update --allowplugins
-SuccessExitStatus=1
-ExecStart=/usr/bin/vendor_perl/sa-compile
-ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service
-
-

And you could also execute sa-learn to train spamassassin‘s bayes filter, but this works for me. Then create the timer spamassassin-update.timer under the same directory, with the content:

-
[Unit]
-Description=SpamAssassin housekeeping
-
-[Timer]
-OnCalendar=daily
-Persistent=true
-
-[Install]
-WantedBy=timers.target
-
-

You can now start/enable the spamassassin-update timer:

-
systemctl start spamassassin-update.timer
-systemctl enable spamassassin-update.timer
-
-

Next, you may want to edit the spamassassin service before starting and enabling it, because by default, it could spawn a lot of “childs” eating a lot of resources and you really only need one child. Append --max-children=1 to the line ExecStart=... in /usr/bin/systemd/system/spamassassin.service:

-
...
-ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/spamd.sock --listen=localhost --max-children=1
-...
-
-

Finally, start and enable the spamassassin service:

-
systemctl start spamassassin.service
-systemctl enable spamassassin.service
-
-

Wrapping up

-

We should have a working mail server by now. Before continuing check your journal logs (journalctl -xe --unit={unit}, where {unit} could be spamassassin.service for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked (((it just werks on my machine))).

-

Now, to actually use the mail service: first of all, you need a normal account (don’t use root) that belongs to the mail group (gpasswd -a user group to add a user user to group group) and that has a password.

-

Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for thunderdbird(I tested in windows default mail app and you don’t need a lot of settings):

-
    -
  • * server: subdomain.domain (mail.luevano.xyz in my case)
  • -
  • SMTP port: 587
  • -
  • SMTPS port: 465 (I use this one)
  • -
  • IMAP port: 143
  • -
  • IMAPS port: 993 (again, I use this one)
  • -
  • Connection/security: SSL/TLS
  • -
  • Authentication method: Normal password
  • -
  • Username: just your user, not the whole email (david in my case)
  • -
  • Password: your user password (as in the password you use to login to the server with that user)
  • -
-

All that’s left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to DKIM Test and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:

-
-DKIM Test successful -
DKIM Test successful
-
-

Finally, that’s actually it for this entry, if you have any problem whatsoever you can contact me.

]]>
-
- - Create a website with Nginx and Certbot - https://blog.luevano.xyz/a/website_with_nginx.html - https://blog.luevano.xyz/a/website_with_nginx.html - Fri, 19 Mar 2021 02:58:15 GMT - English - Server - Tools - Tutorial - How to create website that runs on Nginx and uses Certbot for SSL certificates. This is a base for future blog posts about similar topics. - These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke’s video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I’m configuring the web server again on a new VPS instance, so this is going to be fresh.

-

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I’m doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

-

Prerequisites

-

You will need two things:

-
    -
  • A domain name (duh!). I got mine on Epik (affiliate link, btw).
      -
    • With the corresponding A and AAA records pointing to the VPS’ IPs (“A” record points to the ipv4 address and “AAA” to the ipv6, basically). I have three records for each type: empty one, “www” and “*” for a wildcard, that way “domain.name”, “www.domain.name”, “anythingelse.domain.name” point to the same VPS (meaning that you can have several VPS for different sub-domains).
    • -
    -
  • -
  • A VPS or somewhere else to host it. I’m using Vultr (also an affiliate link).
      -
    • With ssh already configured both on the local machine and on the remote machine.
    • -
    • Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use ufw so it’s just a matter of doing ufw allow 80,443/tcp as root and you’re golden.
    • -
    • cron installed if you follow along (you could use systemd timers, or some other method you prefer to automate running commands every X time).
    • -
    -
  • -
-

Nginx

-

Nginx is a web (HTTP) server and reverse proxy server.

-

You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it’s the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

-
pacman -S nginx-mainline
-systemctl enable nginx.service
-systemctl start nginx.service
-
-

And that’s it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this:

-
-Nginx welcome page -
Nginx welcome page
-
-

As stated in the welcome page, configuration is needed, head to the directory of Nginx:

-
cd /etc/nginx
-
-

Here you have several files, the important one is nginx.conf, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it’s common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).

-

Inside the nginx.conf file, delete the server blocks and add the lines include sites-enabled/*; (to look into individual server configuration files) and types_hash_max_size 4096; (to get rid of an ugly warning that will keep appearing) somewhere inside the http block. The final nginx.conf file would look something like (ignoring the comments just for clarity, but you can keep them as side notes):

-
worker_processes 1;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include sites-enabled/*;
-    include mime.types;
-    default_type application/octet-stream;
-
-    sendfile on;
-
-    keepalive_timeout 65;
-
-    types_hash_max_size 4096;
-}
-
-

Next, inside the directory /etc/nginx/ create the sites-available and sites-enabled directories, and go into the sites-available one:

-
mkdir sites-available
-mkdir sites-enabled
-cd sites-available
-
-

Here, create a new .conf file for your website and add the following lines (this is just the sample content more or less):

-
server {
-    listen 80;
-    listen [::]:80;
-
-    root /path/to/root/directory;
-    server_name domain.name another.domain.name;
-    index index.html anotherindex.otherextension;
-
-    location /{
-        try_files $uri $uri/ =404;
-    }
-}
-
-

That could serve as a template if you intend to add more domains.

-

Note some things:

-
    -
  • listen: we’re telling Nginx which port to listen to (IPv4 and IPv6, respectively).
  • -
  • root: the root directory of where the website files (.html, .css, .js, etc. files) are located. I followed Luke’s directory path /var/www/some_folder.
  • -
  • server_name: the actual domain to “listen” to (for my website it is: server_name luevano.xyz www.luevano.xyz; and for this blog is: server_name blog.luevano.xyz www.blog.luevano.xyz;).
  • -
  • index: what file to serve as the index (could be any .html, .htm, .php, etc. file) when just entering the website.
  • -
  • location: what goes after domain.name, used in case of different configurations depending on the URL paths (deny access on /private, make a proxy on /proxy, etc).
      -
    • try_files: tells what files to look for.
    • -
    -
  • -
-

Then, make a symbolic link from this configuration file to the sites-enabled directory:

-
ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
-
-

This is so the nginx.conf file can look up the newly created server configuration. With this method of having each server configuration file separate you can easily “deactivate” any website by just deleting the symbolic link in sites-enabled and you’re good, or just add new configuration files and keep everything nice and tidy.

-

All you have to do now is restart (or enable and start if you haven’t already) the Nginx service (and optionally test the configuration):

-
nginx -t
-systemctl restart nginx
-
-

If everything goes correctly, you can now go to your website by typing domain.name on a web browser. But you will see a “404 Not Found” page like the following (maybe with different Nginx version):

-
-Nginx 404 Not Found page -
Nginx 404 Not Found page
-
-

That’s no problem, because it means that the web server it’s actually working. Just add an index.html file with something simple to see it in action (in the /var/www/some_folder that you decided upon). If you keep seeing the 404 page make sure your root line is correct and that the directory/index file exists.

-

I like to remove the .html and trailing / on the URLs of my website, for that you need to add the following rewrite lines and modify the try_files line (for more: Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config):

-
server {
-    ...
-    rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
-    rewrite ^/(.*)/$ /$1 permanent;
-    ...
-    try_files $uri/index.html $uri.html $uri/ $uri =404;
-    ...
-
-

Certbot

-

Certbot is what provides the SSL certificates via Let’s Encrypt.

-

The only “bad” (bloated) thing about Certbot, is that it uses python, but for me it doesn’t matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

-
pacman -S certbot certbot-nginx
-
-

After that, all you have to do now is run certbot and follow the instructions given by the tool:

-
certbot --nginx
-
-

It will ask you for some information, for you to accept some agreements and the names to activate HTTPS for. Also, you will want to “say yes” to the redirection from HTTP to HTTPS. And that’s it, you can now go to your website and see that you have HTTPS active.

-

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

-
crontab -e
-
-

And a file will be opened where you need to add a new rule for Certbot, just append the line: 1 1 1 * * certbot renew (renew on the first day of every month) and you’re good. Alternatively use systemd timers as stated in the Arch Linux Wiki.

-

That’s it, you now have a website with SSL certificate.

]]>
-
- - Así es raza, el blog ya tiene timestamps - https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html - https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html - Tue, 16 Mar 2021 02:46:24 GMT - Short - Spanish - Tools - Update - Actualización en el estado del blog y el sistema usado para crearlo. - Pues eso, esta entrada es sólo para tirar update sobre mi primer post. Ya modifiqué el ssg lo suficiente como para que maneje los timestamps, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender.

-

Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.

-

El ssg modificado está en mis dotfiles (o directamente aquí).

-

Por último, también quité las extensiones .html de las URLs, porque se veía bien pitero, pero igual los links con .html al final redirigen a su link sin .html, así que no hay rollo alguno.

]]>
-
- - This is the first blog post, just for testing purposes - https://blog.luevano.xyz/a/first_blog_post.html - https://blog.luevano.xyz/a/first_blog_post.html - Sat, 27 Feb 2021 13:08:33 GMT - English - Short - Tools - Update - Just my first blog post where I state what tools I'm using to build this blog. - I’m making this post just to figure out how ssg5 and lowdown are supposed to work (and eventually also rssg).

-

At the moment, I’m not satisfied because there’s no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the blog homepage (and there’s also the problem with the ordering of the entries…). And all of this just because I didn’t want to use Luke’s solution (don’t really like that much how he handles the scripts… but they just work).

-

Hopefully, for tomorrow all of this will be sorted out and I’ll have a working blog system.

]]>
-
-
-
\ No newline at end of file diff --git a/blog/dst/sitemap.xml b/blog/dst/sitemap.xml deleted file mode 100644 index 8426222..0000000 --- a/blog/dst/sitemap.xml +++ /dev/null @@ -1,186 +0,0 @@ - - - - https://blog.luevano.xyz/g/gogodot_jam3_devlog_1.html - 2022-06-10 - weekly - 1.0 - - - https://blog.luevano.xyz/g/flappybird_godot_devlog_1.html - 2022-05-29 - weekly - 1.0 - - - https://blog.luevano.xyz/g/godot_project_structure.html - 2022-05-24 - weekly - 1.0 - - - https://blog.luevano.xyz/g/starting_gamedev_blogging.html - 2022-05-22 - weekly - 1.0 - - - https://blog.luevano.xyz/a/password_manager_authenticator_setup.html - 2022-05-22 - weekly - 1.0 - - - https://blog.luevano.xyz/a/devs_android_me_trozaron.html - 2022-05-15 - weekly - 1.0 - - - https://blog.luevano.xyz/a/volviendo_a_usar_la_pagina.html - 2022-04-28 - weekly - 1.0 - - - https://blog.luevano.xyz/a/vpn_server_with_openvpn.html - 2021-08-01 - weekly - 1.0 - - - https://blog.luevano.xyz/a/hoy_toco_desarrollo_personaje.html - 2021-07-28 - weekly - 1.0 - - - https://blog.luevano.xyz/a/tenia_esto_descuidado.html - 2021-07-18 - weekly - 1.0 - - - https://blog.luevano.xyz/a/xmpp_server_with_prosody.html - 2021-08-01 - weekly - 1.0 - - - https://blog.luevano.xyz/a/acomodada_la_pagina_de_arte.html - 2021-06-06 - weekly - 1.0 - - - https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/new_blogging_system.html - 2021-05-28 - weekly - 1.0 - - - https://blog.luevano.xyz/a/git_server_with_cgit.html - 2021-06-08 - weekly - 1.0 - - - https://blog.luevano.xyz/a/mail_server_with_postfix.html - 2021-06-08 - weekly - 1.0 - - - https://blog.luevano.xyz/a/website_with_nginx.html - 2021-06-08 - weekly - 1.0 - - - https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html - 2021-05-17 - weekly - 1.0 - - - https://blog.luevano.xyz/a/first_blog_post.html - 2021-05-17 - weekly - 1.0 - - - - https://blog.luevano.xyz/tag/@english.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@gamedev.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@gamejam.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@godot.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@rant.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@server.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@short.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@spanish.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@tools.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@tutorial.html - 2022-06-10 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@update.html - 2022-06-10 - daily - 0.5 - - \ No newline at end of file diff --git a/blog/dst/tag/@english.html b/blog/dst/tag/@english.html deleted file mode 100644 index e7fa19d..0000000 --- a/blog/dst/tag/@english.html +++ /dev/null @@ -1,135 +0,0 @@ - - - - - - - Posts filtered by english -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by english

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@gamedev.html b/blog/dst/tag/@gamedev.html deleted file mode 100644 index 009ad3b..0000000 --- a/blog/dst/tag/@gamedev.html +++ /dev/null @@ -1,122 +0,0 @@ - - - - - - - Posts filtered by gamedev -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by gamedev

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@gamejam.html b/blog/dst/tag/@gamejam.html deleted file mode 100644 index 4e7d4b1..0000000 --- a/blog/dst/tag/@gamejam.html +++ /dev/null @@ -1,118 +0,0 @@ - - - - - - - Posts filtered by gamejam -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by gamejam

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@godot.html b/blog/dst/tag/@godot.html deleted file mode 100644 index 31d93bf..0000000 --- a/blog/dst/tag/@godot.html +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - Posts filtered by godot -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by godot

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@rant.html b/blog/dst/tag/@rant.html deleted file mode 100644 index c9663c0..0000000 --- a/blog/dst/tag/@rant.html +++ /dev/null @@ -1,118 +0,0 @@ - - - - - - - Posts filtered by rant -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by rant

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@server.html b/blog/dst/tag/@server.html deleted file mode 100644 index f60f663..0000000 --- a/blog/dst/tag/@server.html +++ /dev/null @@ -1,124 +0,0 @@ - - - - - - - Posts filtered by server -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by server

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@short.html b/blog/dst/tag/@short.html deleted file mode 100644 index 3a506a9..0000000 --- a/blog/dst/tag/@short.html +++ /dev/null @@ -1,133 +0,0 @@ - - - - - - - Posts filtered by short -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by short

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@spanish.html b/blog/dst/tag/@spanish.html deleted file mode 100644 index 9a731c5..0000000 --- a/blog/dst/tag/@spanish.html +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - - Posts filtered by spanish -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by spanish

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@tools.html b/blog/dst/tag/@tools.html deleted file mode 100644 index 1cb1895..0000000 --- a/blog/dst/tag/@tools.html +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - - Posts filtered by tools -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by tools

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@tutorial.html b/blog/dst/tag/@tutorial.html deleted file mode 100644 index 4a78b74..0000000 --- a/blog/dst/tag/@tutorial.html +++ /dev/null @@ -1,124 +0,0 @@ - - - - - - - Posts filtered by tutorial -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by tutorial

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/dst/tag/@update.html b/blog/dst/tag/@update.html deleted file mode 100644 index 408ce6f..0000000 --- a/blog/dst/tag/@update.html +++ /dev/null @@ -1,132 +0,0 @@ - - - - - - - Posts filtered by update -- Luévano's Blog - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
-

Posts filtered by update

- -

Articles

- - - -
- - - - \ No newline at end of file diff --git a/blog/old/dst/a/el_blog_ya_tiene_timestamps.html b/blog/old/dst/a/el_blog_ya_tiene_timestamps.html deleted file mode 100644 index 1bae979..0000000 --- a/blog/old/dst/a/el_blog_ya_tiene_timestamps.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Así es raza, el blog ya tiene timestamps

- -

Pues eso, esta entrada es sólo para tirar update sobre mi primer post. Ya modifiqué el ssg lo suficiente como para que maneje los timestamps, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender.

- -

Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.

- -

El ssg modificado está en mis dotfiles (o directamente aquí).

- -

Por último, también quité las extensiones .html de las URLs, porque se veía bien pitero, pero igual los links con .html al final redirigen a su link sin .html, así que no hay rollo alguno.

- -
-
-

Created: Mon, Mar 15, 2021 @ 19:46 MST

-
-
- - - - diff --git a/blog/old/dst/a/first_blog_post.html b/blog/old/dst/a/first_blog_post.html deleted file mode 100644 index 2eeca94..0000000 --- a/blog/old/dst/a/first_blog_post.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

This is the first blog post, just for testing purposes

- -

I'm making this post just to figure out how ssg5 and lowdown are supposed to work (and eventually also rssg).

- -

At the moment, I'm not satisfied because there's no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the blog homepage (and there's also the problem with the ordering of the entries…). And all of this just because I didn't want to use Luke's solution (don't really like that much how he handles the scripts… but they just work).

- -

Hopefully, for tomorrow all of this will be sorted out and I'll have a working blog system.

- -
-
-

Created: Sat, Feb 27, 2021 @ 06:08 MST

-
-
- - - - diff --git a/blog/old/dst/a/git_server_with_cgit.html b/blog/old/dst/a/git_server_with_cgit.html deleted file mode 100644 index c625eb6..0000000 --- a/blog/old/dst/a/git_server_with_cgit.html +++ /dev/null @@ -1,240 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Create a git server and setup cgit web app (on Nginx)

- -

My git server is all I need to setup to actually kill my other server (I've been moving from servers on these last 2-3 blog entries), that's why I'm already doing this entry. I'm basically following git's guide on setting up a server plus some specific stuff for (btw i use) Arch Linux (Arch Linux Wiki: Git server and Step by step guide on setting up git server in arch linux (pushable)).

- -

Note that this is mostly for personal use, so there's no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.

- -

Prerequisites

- -

I might get tired of saying this (it's just copy paste, basically)… but similar as before (check my website and mail entries):

- - - -

git server

- -

If not installed already, install the git package:

- -
pacman -S git
-
- -

On Arch Linux, when you install the git package, a git user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on /home/git like if git was a “normal” user. So, create the git folder (with corresponding permissions) under /home and set the git user's home to /home/git:

- -
mkdir /home/git
-chown git:git /home/git
-usermod -d /home/git git
-
- -

Also, the git user is “expired” by default and will be locked (needs a password), change that with:

- -
chage -E -1 git
-passwd git
-
- -

Give it a strong one and remember to use PasswordAuthentication no for ssh (as you should). Create the .ssh/authorized_keys for the git user and set the permissions accordingly:

- -
mkdir /home/git/.ssh
-chmod 700 /home/git/.ssh
-touch /home/git/.ssh/authorized_keys
-chmod 600 /home/git/.ssh/authorized_keys
-chown -R git:git /home/git
-
- -

Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using ssh's built in ssh-copy-id (for that you may want to check your ssh configuration in case you don't let people access your server with user/password).

- -

Next, and almost finally, we need to edit the git-daemon service, located at /usr/lib/systemd/system/ (called git-daemon@.service):

- -
...
-ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack
-...
-
- -

I just appended --enable=receive-pack and note that I also changed the --base-path to reflect where I want to serve my repositories from (has to match what you set when changing git user's home).

- -

Now, go ahead and start and enable the git-daemon socket:

- -
systemctl start git-daemon.socket
-systemctl enable git-daemon.socket
-
- -

You're basically done. Now you should be able to push/pull repositories to your server… except, you haven't created any repository in your server, that's right, they're not created automatically when trying to push. To do so, you have to do the following sequence (assuming you're “cd'ed” into the /home/git directory):

- -
mkdir {repo_name}.git
-cd {repo_name}.git
-
- -

Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame… although there are options to “automate” this, I like it this way).

- -

After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed here.

- -

cgit

- -

This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of Arch Linux Wiki: Cgit so you can go there and get more in-depth configurations.

- -

Install the cgit and fcgiwrap packages:

- -
pacman -S cgit fcgiwrap
-
- -

Now, just start and enable the fcgiwrap socket:

- -
systemctl start fcgiwrap.socket
-systemctl enable fcgiwrap.socket
-
- -

Next, the way I configure nginx is creating a separate file {module}.conf (git.conf in this case) under /etc/nginx/sites-available and create a symlink to /etc/nginx/sites-enabled as stated in my nginx setup entry. Add the following lines to your git.conf file:

- -
server {
-    listen 80;
-    listen [::]:80;
-    root /usr/share/webapps/cgit;
-    server_name {yoursubdomain}.{yourdomain};
-    try_files $uri @cgit;
-
-    location @cgit {
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
-        fastcgi_param PATH_INFO $uri;
-        fastcgi_param QUERY_STRING $args;
-        fastcgi_param HTTP_HOST $server_name;
-        fastcgi_pass unix:/run/fcgiwrap.sock;
-    }
-}
-
- -

Where the server_name line depends on you, I have mine setup to git.luevano.xyz and www.git.luevano.xyz. Optionally run certbot --nginx to get a certificate for those domains if you don't have already.

- -

Now, all that's left is to configure cgit. Create the configuration file /etc/cgitrc with the following content (my personal options, pretty much the default):

- -
css=/cgit.css
-source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
-logo=/cgit.png
-
-enable-http-clone=1
-# robots=noindex, nofollow
-virtual-root=/
-
-repo.url={url}
-repo.path={dir_path}
-repo.owner={owner}
-repo.desc={short_description}
-
-...
-
- -

Where you can uncomment the robots line to let web crawlers (like Google's) to index your git web app. And at the end keep all your repositories (the ones you want to make public), for example for my dotfiles I have:

- -
...
-repo.url=.dots
-repo.path=/home/git/.dots.git
-repo.owner=luevano
-repo.desc=These are my personal dotfiles.
-...
-
- -

Otherwise you could let cgit to automatically detect your repositories (you have to be careful if you want to keep “private” repos) using the option scan-path and setup .git/description for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check cgitrc(5).

- -

Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for cgit and also the Arch Wiki goes in detail on how to setup highlighting with two different packages.

- -
-
-

Created: Sat, Mar 20, 2021 @ 22:58 MST; modified: Sun, Mar 21, 2021 @ 12:00 MST

-
-
- - - - diff --git a/blog/old/dst/a/linux_video_notes.html b/blog/old/dst/a/linux_video_notes.html deleted file mode 100644 index df9dbe9..0000000 --- a/blog/old/dst/a/linux_video_notes.html +++ /dev/null @@ -1,196 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Linux tutorial video notes

- -

I was requested to make a summary of a video about basic Linux stuff (like the SQL tutorial video notes); this time, I did most of the notes depending on the topic since I'm familiar with most of the stuff presented in the video. The video in question is: The Complete Linux Course: Beginner to Power User!. Also, some notes were taken from Arch Linux Wiki since it's got pretty decent documentation, and, of course, general googling.

- -

(Basic) commands

- -

A list of basic commands and small explanation (note that options are started with either - or --, depending on the program, but most of the time - is used for letter options and -- for word options, -l vs --list for example):

- - - -

And in general, to see the options supported by almost any command, use command -h or command --help, for a quick explanation. IMPORTANT: Most programs have man (manual) pages; to access them do man command, this is a very powerful tool to use.

- -

Commands can be redirected to other commands (the output), which is powerful to create mini scripts or to achieve a goal in a single command. Most of the time the redirection can be done with the special characters >, < and most powerful, the | (pipe). Also, some commands accept an option to execute another command, but this depends on a command to command basis (exec option for find, for example).

- -

Most terminal programs accept Ctrl-c or just q to exit the program.

- -

File permissions and ownership

- -

When listing files with ls -l, an output with file attributes (permissions) and ownership is shown, such as drwxr-xr-x 2 user group 4096 Jul 5 21:03 Desktop, where the first part are the attributes, and user and group the ownership info (all other info is irrelevant for now).

- -

File attributes (drwxr-xr-x in the example above) are specified by 10 (sometimes 11) characters, and can be break into 4 parts (or 5):

- - - -

Each of the three permission triads (rwx) can be:

- - - -

To change attributes or ownership use chmod and chown, respectively.

- -

Services

- -

Special type of linux process (think of a program or set of programs that run in the background waiting to be used, or doing essential tasks). There are many ways to manage (start, stop, restart, enable, disable, etc.) services, the most common way (if using systemd) is to just use systemctl. Basic usage of systemctl is systemctl verb service, where verb could be start, enable, stop, disable, restart, etc. Also, to get a general system status run systemctl status or just systemctl for a list of running units (a unit is an instance of a service, or a mount point or even a device or a socket). For more: Arch Linux Wiki: systemd.

- -

systemd also provides a way to do tasks based on a timer, where you can schedule from the second to the year. One could also use cron (using crontab with option e) to do this. These timers provide support for calendar time events, monotonic time events, and can be run asynchronously.

- -

User and group management

- -

Most mainstream linux distributions come with a Graphic User Interface (GUI) to manage users and groups on the system. For a Command-Line Interface (CLI) just use useradd (with passwd to create a password for a given user) and groupadd. Also, other useful commands are usermod, userdel, groups, gpasswd, groupdel and more, each used for a basic management of users/groups like modification, deletion, listing (of all existing users/groups), etc.. For more: Arch Linux Wiki: Users and groups.

- -

Networking

- -

Hosts file

- -

Located at /etc/hosts, serves as a translator from hostname (web addresses or URLs) into IP addresses (think of DNS records), meaning that any URL can be overridden to make it point to whatever IP address it's specified (only locally on the machine affected). The syntax of the file is pretty simple: first column for IP, second for hostname (URL) and third+ for aliases.

- -

(Some) commands

- -

These commands serve the sole purpose of showing information about the network and stuff related to it:

- - - -
-
-

Created: Sat, Mar 13, 2021 @ 22:57 MST

-
-
- - - - diff --git a/blog/old/dst/a/mail_server_with_postfix.html b/blog/old/dst/a/mail_server_with_postfix.html deleted file mode 100644 index a39d0b9..0000000 --- a/blog/old/dst/a/mail_server_with_postfix.html +++ /dev/null @@ -1,578 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM

- -

The entry is going to be long because it's a tedious process. This is also based on Luke Smith's script, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted here.

- -

This configuration works for local users (users that appear in /etc/passwd), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges.

- -

More in depth configuration is detailed in the Arch Wiki for each package used here.

- -

Prerequisites

- -

Basically the same as with the website with Nginx and Certbot:

- - - -

Postfix

- -

Postfix is a “mail transfer agent” which is the component of the mail server that receives and sends emails via SMTP.

- -

Install the postfix package:

- -
pacman -S postfix
-
- -

We have two main files to configure (inside /etc/postfix): master.cf (master(5)) and main.cf (postconf(5)). We're going to edit main.cf first either by using the command postconf -e 'setting' or by editing the file itself (I prefer to edit the file).

- -

Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke's script did plus some other settings that worked for me.

- -

Now, first locate where your website cert is, mine is at the default location /etc/letsencrypt/live/, so my certdir is /etc/letsencrypt/live/luevano.xyz. Given this information, change {yourcertdir} on the corresponding lines. The configuration described below has to be appended in the main.cf configuration file.

- -

Certificates and ciphers to use for authentication and security:

- -
smtpd_tls_key_file = {yourcertdir}/privkey.pem
-smtpd_tls_cert_file = {yourcertdir}/fullchain.pem
-smtpd_use_tls = yes
-smtpd_tls_auth_only = yes
-smtp_tls_security_level = may
-smtp_tls_loglevel = 1
-smtp_tls_CAfile = {yourcertdir}/cert.pem
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-tls_preempt_cipherlist = yes
-smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
-                DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
-                RSA+AES, eNULL
-
-smtp_tls_CApath = /etc/ssl/certs
-smtpd_tls_CApath = /etc/ssl/certs
-
-smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
-
- -

Also, for the connection with dovecot, append the next few lines (telling postfix that dovecot will use user/password for authentication):

- -
smtpd_sasl_auth_enable = yes
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_security_options = noanonymous, noplaintext
-smtpd_sasl_tls_security_options = noanonymous
-
- -

Specify the mailbox home (this is going to be a directory inside your user's home):

- -
home_mailbox = Mail/Inbox/
-
- -

Pre-configuration to work seamlessly with dovecot and opendkim:

- -
myhostname = {yourdomainname}
-mydomain = localdomain
-mydestination = $myhostname, localhost.$mydomain, localhost
-
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:127.0.0.1:8891
-non_smtpd_milters = inet:127.0.0.1:8891
-mailbox_command = /usr/lib/dovecot/deliver
-
- -

Where {yourdomainname} is luevano.xyz in my case, or if you have localhost configured to your domain, then use localhost for myhostname (myhostname = localhost).

- -

Lastly, if you don't want the sender's IP and user agent (application used to send the mail), add the following line:

- -
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
-
- -

And create the /etc/postfix/smtp_header_checks file with the following content:

- -
/^Received: .*/     IGNORE
-/^User-Agent: .*/   IGNORE
-
- -

That's it for main.cf, now we have to configure master.cf. This one is a bit more tricky.

- -

First look up lines (they're uncommented) smtp inet n - n - - smtpd, smtp unix - - n - - smtp and -o syslog_name=postfix/$service_name and either delete or uncomment them… or just run sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf as stated in Luke's script.

- -

Lastly, append the following lines to complete postfix setup and pre-configure for spamassassin.

- -
smtp unix - - n - - smtp
-smtp inet n - y - - smtpd
-    -o content_filter=spamassassin
-submission inet n - y - - smtpd
-    -o syslog_name=postfix/submission
-    -o smtpd_tls_security_level=encrypt
-    -o smtpd_sasl_auth_enable=yes
-    -o smtpd_tls_auth_only=yes
-smtps inet n - y - - smtpd
-    -o syslog_name=postfix/smtps
-    -o smtpd_tls_wrappermode=yes
-    -o smtpd_sasl_auth_enable=yes
-spamassassin unix - n n - - pipe
-    user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}
-
- -

Now, I ran into some problems with postfix, one being smtps: Servname not supported for ai_socktype, to fix it, as Till posted in that site, edit /etc/services and add:

- -
smtps 465/tcp
-smtps 465/udp
-
- -

Before starting the postfix service, you need to run newaliases first (but you can do a bit of configuration beforehand). Edit the file /etc/postfix/aliases and edit accordingly. I only change the root: you line (where you is the account that will be receiving “root” mail). Check the Arch Wiki for more info and other alternatives/options. After you're done, run:

- -
postalias /etc/postfix/aliases
-newaliases
-
- -

At this point you're done configuring postfix and you can already start/enable the postfix service:

- -
systemctl start postfix.service
-systemctl enable postfix.service
-
- -

Dovecot

- -

Dovecot is an IMAP and POP3 server, which is what lets an email application retrieve the mail.

- -

Install the dovecot and pigeonhole (sieve for dovecot) packages:

- -
pacman -S dovecot pigeonhole
-
- -

On arch, by default, there is no /etc/dovecot directory with default configurations set in place, but the package does provide the example configuration files. Create the dovecot directory under /etc and, optionally, copy the dovecot.conf file and conf.d directory under the just created dovecot directory:

- -
mkdir /etc/dovecot
-cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
-cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
-
- -

As Luke stated, dovecot comes with a lot of “modules” (under /etc/dovecot/conf.d/ if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole dovecot.conf file; although, I would like to check each of the separate configuration files dovecot provides I think the options Luke provides are more than good enough.

- -

I'm working with an empty dovecot.conf file. Add the following lines for SSL and login configuration (also replace {yourcertdir} with the same certificate directory described in the Postfix section above, note that the < is required):

- -
ssl = required
-ssl_cert = <{yourcertdir}/fullchain.pem
-ssl_key = <{yourcertdir}/privkey.pem
-ssl_min_protocol = TLSv1.2
-ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
-ssl_prefer_server_ciphers = yes
-ssl_dh = </etc/dovecot/dh.pem
-
-auth_mechanisms = plain login
-auth_username_format = %n
-protocols = $protocols imap
-
- -

You may notice we specify a file we don't have under /etc/dovecot: dh.pem. We need to create it with openssl (you should already have it installed if you've been following this entry and the one for nginx). Just run (might take a few minutes):

- -
openssl dhparam -out /etc/dovecot/dh.pem 4096
-
- -

After that, the next lines define what a “valid user is” (really just sets the database for users and passwords to be the local users with their password):

- -
userdb {
-    driver = passwd
-}
-
-passdb {
-    driver = pam
-}
-
- -

Next, comes the mail directory structure (has to match the one described in the Postfix section). Here, the LAYOUT option is important so the boxes are .Sent instead of Sent. Add the next lines (plus any you like):

- -
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
-namespace inbox {
-    inbox = yes
-
-    mailbox Drafts {
-        special_use = \Drafts
-        auto = subscribe
-        }
-
-    mailbox Junk {
-        special_use = \Junk
-        auto = subscribe
-        autoexpunge = 30d
-        }
-
-    mailbox Sent {
-        special_use = \Sent
-        auto = subscribe
-        }
-
-    mailbox Trash {
-        special_use = \Trash
-        }
-
-    mailbox Archive {
-        special_use = \Archive
-        }
-}
-
- -

Also include this so Postfix can use Dovecot's authentication system:

- -
service auth {
-    unix_listener /var/spool/postfix/private/auth {
-        mode = 0660
-        user = postfix
-        group = postfix
-        }
-}
-
- -

Lastly (for dovecot at least), the plugin configuration for sieve (pigeonhole):

- -
protocol lda {
-    mail_plugins = $mail_plugins sieve
-}
-
-protocol lmtp {
-    mail_plugins = $mail_plugins sieve
-}
-
-plugin {
-    sieve = ~/.dovecot.sieve
-    sieve_default = /var/lib/dovecot/sieve/default.sieve
-    sieve_dir = ~/.sieve
-    sieve_global_dir = /var/lib/dovecot/sieve/
-
- -

Where /var/lib/dovecot/sieve/default.sieve doesn't exist yet. Create the folders:

- -
mkdir -p /var/lib/dovecot/sieve
-
- -

And create the file default.sieve inside that just created folder with the content:

- -
require ["fileinto", "mailbox"];
-if header :contains "X-Spam-Flag" "YES" {
-    fileinto "Junk";
-}
-
- -

Now, if you don't have a vmail (virtual mail) user, create one and change the ownership of the /var/lib/dovecot directory to this user:

- -
grep -q "^vmail:" /etc/passwd || useradd -m vmail -s /usr/bin/nologin
-chown -R vmail:vmail /var/lib/dovecot
-
- -

Note that I also changed the shell for vmail to be /usr/bin/nologin. After that, run:

- -
sievec /var/lib/dovecot/sieve/default.sieve
-
- -

To compile the configuration file (a default.svbin file will be created next to default.sieve).

- -

Next, add the following lines to /etc/pam.d/dovecot if not already present (shouldn't be there if you've been following these notes):

- -
auth required pam_unix.so nullok
-account required pam_unix.so
-
- -

That's it for dovecot, at this point you can start/enable the dovecot service:

- -
systemctl start dovecot.service
-systemctl enable dovecot.service
-
- -

OpenDKIM

- -

OpenDKIM is needed so services like G**gle (we don't mention that name here [[[this is a meme]]]) don't throw the mail to the trash. DKIM stands for “DomainKeys Identified Mail”.

- -

Install the opendkim package:

- -
pacman -S opendkim
-
- -

Generate the keys for your domain:

- -
opendkim-genkey -D /etc/opendkim -d {yourdomain} -s {yoursubdomain} -r -b 2048
-
- -

Where you need to change {yourdomain} and {yoursubdomain} (doesn't really need to be the sub-domain, could be anything that describes your key) accordingly, for me it's luevano.xyz and mail, respectively. After that, we need to create some files inside the /etc/opendkim directory. First, create the file KeyTable with the content:

- -
{yoursubdomain}._domainkey.{yourdomain} {yourdomain}:{yoursubdomain}:/etc/opendkim/{yoursubdomain}.private
-
- -

So, for me it would be:

- -
mail._domainkey.luevano.xyz luevano.xyz:mail:/etc/opendkim/mail.private
-
- -

Next, create the file SigningTable with the content:

- -
*@{yourdomain} {yoursubdomain}._domainkey.{yourdomain}
-
- -

Again, for me it would be:

- -
*@luevano.xyz mail._domainkey.luevano.xyz
-
- -

And, lastly create the file TrustedHosts with the content:

- -
127.0.0.1
-::1
-10.1.0.0/16
-1.2.3.4/24
-localhost
-{yourserverip}
-...
-
- -

And more, make sure to include your server IP and something like subdomain.domainname.

- -

Next, edit /etc/opendkim/opendkim.conf to reflect the changes (or rather, additions) of these files, as well as some other configuration. You can look up the example configuration file located at /usr/share/doc/opendkim/opendkim.conf.sample, but I'm creating a blank one with the contents:

- -
Domain {yourdomain}
-Selector {yoursubdomain}
-
-Syslog Yes
-UserID opendkim
-
-KeyFile /etc/opendkim/{yoursubdomain}.private
-Socket inet:8891@localhost
-
- -

Now, change the permissions for all the files inside /etc/opendkim:

- -
chown -R root:opendkim /etc/opendkim
-chmod g+r /etc/postfix/dkim/*
-
- -

I'm using root:opendkim so opendkim doesn't complain about the {yoursubdomani}.private being insecure (you can change that by using the option RequireSafeKeys False in the opendkim.conf file, as stated here).

- -

That's it for the general configuration, but you could go more in depth and be more secure with some extra configuration as described in the Arch Wiki entry for OpenDKIM.

- -

Now, just start/enable the opendkim service:

- -
systemctl start opendkim.service
-systemctl enable opendkim.service
-
- -

And don't forget to add the following TXT records on your domain registrar (these examples are for Epik):

- -
    -
  1. DKIM entry: look up your {yoursubdomain}.txt file, it should look something like:
  2. -
- -
{yoursubdomain}._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "
-    "p=..."
-    "..." )  ; ----- DKIM key mail for {yourdomain}
-
- -

In the TXT record you will place {yoursubdomain}._domainkey as the “Host” and "v=DKIM1; k=rsa; s=email; " "p=..." "..." in the “TXT Value” (replace the dots with the actual value you see in your file).

- -
    -
  1. DMARC entry: just _dmarc.{yourdomain} as the “Host” and "v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1" as the “TXT Value”.

  2. -
  3. SPF entry: just @ as the “Host” and "v=spf1 mx a:{yoursubdomain}.{yourdomain} - all" as the “TXT Value”.

  4. -
- -

And at this point you could test your mail for spoofing and more, but you don't know -yet- how to login (it's really easy, but I'm gonna state that at the end of this entry).

- -

SpamAssassin

- -

SpamAssassin is just a mail filter to identify spam.

- -

Install the spamassassin package (which will install a bunch of ugly perl packages…):

- -
pacman -S spamassassin
-
- -

For some reason, the permissions on all spamassassin stuff are all over the place. First, change owner of the executables, and directories:

- -
chown spamd:spamd /usr/bin/vendor_perl/sa-*
-chown spamd:spamd /usr/bin/vendor_perl/spam*
-chwown -R spamd:spamd /etc/mail/spamassassin
-
- -

Then, you can edit local.cf (located in /etc/mail/spamassassin) to fit your needs (I only uncommented the rewrite_header Subject ... line). And then you can run the following command to update the patterns and compile them:

- -
sudo -u spamd sa-update
-sudo -u spamd sa-compile
-
- -

And since this should be run periodically, create the service spamassassin-update.service under /etc/systemd/system with the following content:

- -
[Unit]
-Description=SpamAssassin housekeeping
-After=network.target
-
-[Service]
-User=spamd
-Group=spamd
-Type=oneshot
-
-ExecStart=/usr/bin/vendor_perl/sa-update --allowplugins
-SuccessExitStatus=1
-ExecStart=/usr/bin/vendor_perl/sa-compile
-ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service
-
- -

And you could also execute sa-learn to train spamassassin's bayes filter, but this works for me. Then create the timer spamassassin-update.timer under the same directory, with the content:

- -
[Unit]
-Description=SpamAssassin housekeeping
-
-[Timer]
-OnCalendar=daily
-Persistent=true
-
-[Install]
-WantedBy=timers.target
-
- -

You can now start/enable the spamassassin-update timer:

- -
systemctl start spamassassin-update.timer
-systemctl enable spamassassin-update.timer
-
- -

Next, you may want to edit the spamassassin service before starting and enabling it, because by default, it could spawn a lot of “childs” eating a lot of resources and you really only need one child. Append --max-children=1 to the line ExecStart=... in /usr/bin/systemd/system/spamassassin.service:

- -
...
-ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/spamd.sock --listen=localhost --max-children=1
-...
-
- -

Finally, start and enable the spamassassin service:

- -
systemctl start spamassassin.service
-systemctl enable spamassassin.service
-
- -

Wrapping up

- -

We should have a working mail server by now. Before continuing check your journal logs (journalctl -xe --unit={unit}, where {unit} could be spamassassin.servicefor example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked (((it just werks on my machine))).

- -

Now, to actually use the mail service: first of all, you need a normal account (don't use root) that belongs to the mail group (gpasswd -a user group to add a user user to group group) and that has a password.

- -

Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for thunderdbird(I tested in windows default mail app and you don't need a lot of settings):

- - - -

All that's left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to DKIM Test and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:

- -

DKIM Test successful

- -

(Yes, I blurred a lot in the picture just to be sure, either way what's important is the list on the bottom part of the image)

- -

Finally, that's actually it for this entry, if you have any problem whatsoever you have my info down below.

- -
-
-

Created: Sat, Mar 20, 2021 @ 02:54 MST; modified: Sat, Mar 20, 2021 @ 21:05 MST

-
-
- - - - diff --git a/blog/old/dst/a/shell_scripting.html b/blog/old/dst/a/shell_scripting.html deleted file mode 100644 index 61089d9..0000000 --- a/blog/old/dst/a/shell_scripting.html +++ /dev/null @@ -1,362 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Shell scripting tutorial video notes

- -

Another summary, this time about shell scripting in general. And just like with the Linux notes, I also did most of the notes myself or with resources outside the video. The videos in question are: The Bad Tutorials (YT): Shell Scripting Tutorials and Automation with SCripting (YT): Complete Shell Scripting Tutorials. Also, some notes were taken from tutorialspoint: UNIX / LINUX Tutorial and general googling.

- -

Basic concepts

- -

A shell it's an interface between the user and the kernel. While the kernel it's the layer that interacts between the shell and the hardware. And you access the shell either via a terminal, or executing a shell script. Note that if you're using a GUI environment, you need a terminal emulator to actually use a terminal (most Linux distros come with everything needed, so no need to worry).

- -

When using a terminal a blank screen with some text and a cursor that shows you where to type will appear and depending on the shell being used (sh, dash, ksh, bash, zsh, fish, etc.) the prompt will be different. The most common one being of the form user@host:~$, which tells that the user is using host machine and the current working directory is ~ (can be /any/path/ too), and lastly, the $ shows the current privileges of the shell/user using the shell (a $ for normal user and # for root access).

- -

To clear the screen use command clear or simply do Ctrl + l (most terminals let you do this) and to cancel or create a new prompt do Ctrl + c, this also cancels any running program that's using the terminal (typing q when a program is running also stops the process, sometimes).

- -

Also there are POSIX (portable operating system interface) compliant shells like sh, dash, ksh, etc., that have a standard syntax and are portable to any Unix system. Non POSIX compliant shells (or not necessary fully POSIX compliant) are bash, zsh, fish, etc., that provide a more modern syntax but lack speed on executing scripts.

- -

Common commands/programs

- -

A list of common commands or programs with a short description (for more, do man command or command -h or command --help):

- - - -

And some special “commands” or “operators” (for more: gnu: 3.6 Redirections):

- - - -

Shell scripting

- -

A shell script is nothing more but a file that contains commands in it; they're executed in the same order they are present in the file. A shell script file is usually terminated with a .sh extension, independently of the shell being used, but it's not 100% necessary as in Unix systems, an extension mean nothing, other than distinction (visually) between files. Then one can just have an extension-less file as a script. The script must have execution permissions (chmod +x file), unless shell script is executed in the terminal, where shell could be sh, bash, etc. Comments are created by prepending # to whatever the text should be a comment.

- -

It's common practice to have the first line as a she-bang (#!), which is just a comment telling the interpreter which shell to execute the script with (usable when having the script in your PATH so you only call the name of the script like any other command/program). A she-bang has the syntax #!/path/to/shell some_other_options, the most common she-bangs being: #!/bin/sh, #!/bin/bash, #!/usr/bin/python, etc.

- -

Also, some people argue that you shouldn't use absolute paths, since not all Unix operating systems have the same directory structure, or not all programs are going to be installed in the same folder. So a portable she-bang can be made by prepending /usr/bin/env and the specify the program to run, for example: #!/usr/bin/env bash.

- -

Like always… the basic “Hello, world!” script:

- -
#!/bin/sh
-echo "Hello, world!"
-
- -

Three ways of executing this script (assuming the file name is hw):

- -
    -
  1. Type in terminal sh hw.
  2. -
  3. Type in terminal ./hw. Requires the file to have execute permissions.
  4. -
  5. Type in terminal hw. Requires the file to have execute permissions. Requires the file to be in your PATH.
  6. -
- -

Variables

- -

Variables are case sensitive, meaning that my_var and MY_VAR are different and a variable name can only contain letters and numbers (a-z, A-Z and 0-9) or the underscore character _. Can't contain a space. Variables are called by prepending $ to the variable name.

- -

Like in most programming languages, there are some reserved words like if, select, then, until, while, etc., that can't be used as variables or as values of variables. For more: D.2 Index of Shell Reserved Words.

- -

There is no need to specify a variable type. Anything surrounded by " will be treated as text. You can use booleans, numbers, text and arrays (the implementation of arrays depends on the shell being used). Make a variable readonly by calling readonly variable_name. Basic syntax:

- - - -

There are special variables (for more. tutorialspoint: Unix / Linux - Special Variables):

- - - -

When calling a script, you can pass optional (or required) positional arguments like: command arg1 arg2 arg3 argn.

- -

Note that a variable can also take the output of another command, one common way to do this is using $(command) or `command`, for example: var="$(echo 'this is a command being executed inside the definition of a variable')" which, since the echo command is being run, var="this is a command being executed inside the definition of a variable", which doesn't seem like much, but there could be any command inside $() or `command`. Note that this is not special to defining variables, could also be used as arguments of another command.

- -

Internal Field Separator (IFS)

- -

This is used by the shell to determine how to do word splitting (how to recognize word boundaries). The default value for IFS consists of whitespace characters (space, tab and newline). This value can ve overridden by setting the variable IFS to something like, for example, :.

- -

Conditionals

- -

Exit status

- -

Any command being run has an exit status, either 0 or 1, if the command has been executed successfully or otherwise (an error), respectively.

- -

if statement

- -

Pretty similar to other programming languages, evaluates an expression to a true or false and executes code as specified. if statements can be nested, and follow normal rules of logical operations. Basic syntax is:

- -
#!/bin/sh
-if expression
-then
-do_something
-elif another_expression
-then
-do_another_thing
-else
-do_something_else
-fi
-
- -

The expression is usually wrapped around [] or [[]], the first being POSIX compliant and the second bash-specific (and other shells).

- -

Also, some operators to compare things use == for “equals” and > for “greater than”, for example; while in a POSIX compliant shell, = for “equals” and -gt for “greater than” has to be used. For more operators: tutorialspoint: Unix / Linux - Shell Basic Operators (this also covers logical operators and file test operators).

- -

Case statement

- -

A common good alternative to multilevel if statements, enables you to match several values against one variable. Basic syntax is:

- -
case $var in
-    pattern1)
-        do_something1
-        ;;
-    pattern2)
-        subpattern1)
-            do_subsomething1
-            ;;
-        subpattern2)
-            do_subsomething2
-            ;;
-        *)
-    pattern3|pattern4|...|patternN)
-        do_something3
-        ;;
-    patternM)
-        do_somethingM
-        ;;
-    *)
-        do_something_default
-        ;;
-esac
-
- -

Where the * pattern is not necessary but serves the same purpose as a “default” case.

- -

Loops

- -

Loops enable execution of a set of commands repeatedly. Loops, naturally, can be nested. expression here (in the basic syntax examples) work the same as mentioned in the “if statement” section. For more: tutorialspoint: Unix / Linux - Shell Loop Types.

- -

Loop control

- -

Similar than other programming languages, there are loop controls to interrupt or continue a loop:

- -
* `break` statement.
-* `continue` statement.
-
- -

These statements accept an argument that specify from which loop to exit/continue.

- -

while loop

- -

Enables to execute a set of commands repeatedly until some condition occurs. Basic syntax:

- -
#!/bin/sh
-while expression
-do
-    do_something
-done
-
- -

until loop

- -

Similar to the while loop, the difference is that the while loop is executed as long as a condition is true, but the until loop… until a condition is true. Basic syntax (similar to while loop):

- -
#!/bin/sh
-until expression
-do
-    do_something
-done
-
- -

for loop

- -

Operates on lists of items. It repeats a set of commands for every item in a list. Basic syntax:

- -
#!/bin/sh
-for var in word1 word2 ... wordN
-do
-    do_something_with_var
-done
-
- -

Where var is the current value (word1, word2, etc.) in the loop and the expression after for can refer to an array, or the output of a command that outputs a list of things, etc.

- -

select loop

- -

Provides an easy way to create a numbered menu from which users can select options. Basic syntax (similar to for loop):

- -
select var in word1 word2 ... wordN
-do
-    do_something_with_var
-done
-
- -

Meta characters

- -

Meta characters are used to execute several commands on a single line (depending on what it's needed). The most used meta characters to accomplish this are semi-colon ;, double ampersand && and double “pipe” ||.

- - - -

Functions

- -

Enable to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed (like in any other programming language…). For more: tutorialspoint: Unix / Linux - Shell Functions. Basic syntax:

- -
#!/bin/sh
-function_name () {
-    do_something
-}
-
- -

Functions can also take arguments and can access their individual arguments (each function will have a different “storage” for their arguments). Functions can also be nested. Here exit will not only will finish the function code, but also the shell script that called it, instead use return plus an exit code to just exit the function.

- -
-
-

Created: Sat, Mar 13, 2021 @ 22:57 MST

-
-
- - - - diff --git a/blog/old/dst/a/sql_video_notes.html b/blog/old/dst/a/sql_video_notes.html deleted file mode 100644 index 9d3d07f..0000000 --- a/blog/old/dst/a/sql_video_notes.html +++ /dev/null @@ -1,295 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

SQL tutorial video notes

- -

I was requested to make summaries of videos about SQL, these are the notes (mostly this is a transcription of what I found useful). The videos in question are: SQL Tutorial - Full Database Course for Beginners, MySQL Tutorial for Beginners [Full Course] and Advanced SQL course | SQL tutorial advanced. Also, some notes were taken from w3schools.com's SQL Tutorial and MySQL 8.0 Reference Manual.

- -

What is a database (DB)?

- -

Any collection of related information, such as a phone book, a shopping list, Facebook's user base, etc.. It can be stored in different ways: on paper, on a computer, in your mind, etc..

- -

Database Management Systems (DBMS)

- -

A special software program that helps users create and maintain a database that makes it easy to manage large amounts of information, handles security, backups and can connect to programming languages for automation.

- -

CRUD

- -

The four main operations that a DBMS will do: create, read, update and delete.

- -

Two types of databases

- - - -

Relational databases (RDB) (SQL)

- -

When we want to create a RDB we need a Relational Database Management System (RDBMS) that uses Structured Query Language (SQL) which is a standardized language for interacting with RDBMS and it's used to perform CRUD operations (and other administrative tasks).

- -

Non-relational databases (NRDB) (noSQL/not just SQL)

- -

Anything that's not relational, stores data in anything but static tables. Could be a document (JSON, XML, etc.), graph (relational nodes), key-value hash (strings, json, etc.), etc.

- -

NRDB also require a Non-Relational Database Management System (NRDBMS) to maintain a database. But it doesn't have a standardized language for performing CRUD and administrative operations like how RDB have.

- -

Database queries

- -

A DB query is a request that is made to the (R/NR)DBMS for a specific information. A google search is a query, for example.

- -

Tables and keys

- -

A table is composed of columns, rows and a primary key. The primary key is unique and identifies one specific row. Columns and rows are trivial, a column identifies a field and has a specific data type (name, email, birth) and a row identifies a table entry (person that contains a name, email and birth).

- -

Also, there are foreign keys, it's purpose is to relate to another database table; this foreign key is unique in it's own table, but can be repeated where you use it as a foreign key.

- -

It's possible to use the same table keys as foreign keys to make relations inside the same table.

- -

SQL basics

- -

It's actually a hybrid language, basically 4 types of languages in one:

- - - -

Queries

- -

A set of instructions given to the RDBMS (written in SQL) that tell the RDBMS what information you want it to retrieve. Instead of getting the whole database, retrieve only a bit of information that you need.

- -

Also, SQL keywords can be either lower or upper case, but it's convention to use upper case. And queries are ended by a semi-colon.

- -

Data types

- -

Just some SQL data types (for more: MySQL 8.0 Reference Manual: Chapter 11 Data Types, the notation is DATATYPE(SIZE(,SIZE)):

- - - -

Basic management of tables

- -

To create a table, the basic syntax is CREATE TABLE tablename (column1 datatype constraint, column2 datatype constraint, ...), where a constraint could be (for more: MySQL 8.0 Reference Manual: 13.1.20 CREATE TABLE Statement):

- - - -

Get the table structure with DESCRIBE tablename and delete it with DROP TABLE tablename. Add columns to the table with ALTER TABLE tablename ADD column DATATYPE(N,M), similar syntax to delete a specific column ALTER TABLE tablename DRORP COLUMN column.

- -

Add entries to the table with INSERT INTO tablename VALUES(value1, value2, ...) where all the fields must be specified, or INSERT INTO tablename(column1, column2) VALUES(value1, value2) to just add some fields to the new entry. While at it, (all) the table content can be fetched with SELECT * FROM tablename.

- -

Basic Updating of entries with UPDATE tablename SET expression1 WHERE expression2, where expression1 could be column = value2 and expression2 could be column = value1, meaning that the value of column will be changed from value1 to value2. Note that the expressions are not limited by column = value, and that the column has to be the same, it would be any expression. Also, this is really extensive as SET can set multiple variables and WHERE take more than one condition by chaining conditions with AND, OR and NOT keywords, for example.

- -
ON DELETE statement
- -

When an entry needs to be updated somehow based on a modification on a foreign key. If two tables are related to each other, if something is deleted on one end, update the other end in some way.

- -

For example on creation of a table, on the specification of a foreign key: CREATE TABLE tablename (..., FOREIGN KEY(column) REFERENCES othertable(othertablecolumn) ON DELETE something). That something could be SET NULL, CASCADE, etc..

- -

SELECT queries

- -

Instead of doing SELECT * FROM tablename, which gets all the data from a table, more complex SELECT queries can be implemented, such as SELECT column FROM tablename to only get all data from one column of the table. Append LIMIT N to limit the query to N entries. Append WHERE condition to meet a custom condition.

- -

Other statements that can be used in conjunction with SELECT are ORDER BY column ASC|DESC, SELECT DISTINCT, MIN(column), MAX(column), COUNT(column), AVG(column), SUM(column), LIKE and more. For more, visit MySQL 8.0 Reference Manual: 13.2.10 SELECT Statement.

- -

MySQL uses regular expressions (regex) like pattern matching, some wildcards that can be used with the LIKE statement are:

- - - -

An extended regex can be used with the statement REGEX_LIKE(expression); REGEXP and RLIKE are synonyms for REGEX_LIKE. For more: MySQL 8.0 Reference Manual: 3.3.4.7 Pattern Matching.

- -

Unions

- -

A specialized SQL operator that is used to combine multiple SELECT statements into one. The basic syntax is SELECT ... UNION SELECT ..., where ... is a whole SELECT statement; there can be any amount of unions. There are some rules that apply when doing unions, such as having the same amount of columns on both statements and being of the same data type.

- -

Joins

- -

Used to combine rows from two or more tables based on a related column between them. Basic syntax is SELECT table1.column1, ..., table2.column1, ... FROM table(1|2) JOIN table(1|2) ON table1.common_column = table2.common_column, where the table specified in the FROM statement is called the “left” table, where the one in the JOIN statement is the “right” table. For more: MySQL 8.0 Reference Manual: 13.2.10.2 JOIN Clause.

- -

There are different types of SQL JOINs:

- - - -

INNER JOIN -LEFT JOIN -RIGHT JOIN -FULL OUTER JOIN

- -

Nested queries

- -

A query composed of multiple select statements to get a specific piece of information. This is self explanatory, you do a SELECT query somewhere inside another one, for example SELECT ... IN (SELECT ...), where the nesting is occurring inside the parenthesis after the IN statement.

- -

A nesting isn't constrained to the IN statement, it can appear anywhere, for example in a WHERE statement: SELECT ... WHERE something = (SELECT ...).

- -

Triggers

- -

A block of SQL code that will define a certain action that will happen when a specific operation is performed on the database. It is recommended to change the DELIMITER temporarily from semi-colon to something else (since we need to use semi-colon to end the trigger) while the trigger is created. The basic syntax is CREATE TRIGGER trigername triggertime triggerevent ON tablename FOR EACH ROW triggerorder triggerbody. For more: MySQL 8.0 Reference Manual: 13.1.22 CREATE TRIGGER Statement and MySQL 8.0 Reference Manual: 25.3.1 Trigger Syntax and Examples.

- -

Entity Relationship Diagrams (ERD)

- -

When designing a database it's important to define a database schema which is just a definition of all the different tables and their attributes that are going to live inside the database. So, basically, an ERD diagram is a diagram that consists of text, symbols and shapes that are combined to create a relationship model.

- -

The diagram consists of:

- - - -

ERD example taken from wikipedia

- -
-
-

Created: Tue, Mar 02, 2021 @ 07:35 MST

-
-
- - - - diff --git a/blog/old/dst/a/website_with_nginx.html b/blog/old/dst/a/website_with_nginx.html deleted file mode 100644 index df1da00..0000000 --- a/blog/old/dst/a/website_with_nginx.html +++ /dev/null @@ -1,250 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Create a website with Nginx and Certbot

- -

These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke's video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I'm configuring the web server again on a new VPS instance, so this is going to be fresh.

- -

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

- -

Prerequisites

- -

You will need two things:

- - - -

Nginx

- -

You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it's the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

- -
pacman -S nginx-mainline
-systemctl enable nginx.service
-systemctl start nginx.service
-
- -

And that's it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this:

- -

Nginx welcome page

- -

As stated in the welcome page, configuration is needed, head to the directory of nginx:

- -
cd /etc/nginx
-
- -

Here you have several files, the important one is nginx.conf, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it's common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).

- -

Inside the nginx.conf file, delete the server blocks and add the lines include sites-enabled/*; (to look into individual server configuration files) and types_hash_max_size 4096; (to get rid of an ugly warning that will keep appearing) somewhere inside the http block. The final nginx.conf file would look something like (ignoring the comments just for clarity, but you can keep them as side notes):

- -
worker_processes 1;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include sites-enabled/*;
-    include mime.types;
-    default_type application/octet-stream;
-
-    sendfile on;
-
-    keepalive_timeout 65;
-
-    types_hash_max_size 4096;
-}
-
- -

Next, inside the directory /etc/nginx/ create the sites-available and sites-enabled, and go into the sites-available one:

- -
mkdir sites-available
-mkdir sites-enabled
-cd sites-available
-
- -

Here, create a new .conf file for your website and add the following lines (this is just the sample content more or less):

- -
server {
-    listen 80;
-    listen [::]:80;
-
-    root /path/to/root/directory;
-    server_name domain.name another.domain.name;
-    index index.html anotherindex.otherextension;
-
-    location /{
-        try_files $uri $uri/ =404;
-    }
-}
-
- -

Note several things:

- - - -

Then, make a symbolic from this config file to the sites-enabled directory:

- -
ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
-
- -

This is so the nginx.conf file can look up the newly created server config. With this method of having each server configuration file separate you can easily “deactivate” any website by just deleting the symbolic link in sites-enabled and you're good, or just add new configuration files and keep everything nice and tidy.

- -

All you have to do now is restart (or enable and start if you haven't already) the nginx service (and optionally test the configuration):

- -
nginx -t
-systemctl restart nginx
-
- -

If everything goes correctly, you can now go to your website by typing “domain.name” on a web browser. But you will see a “404 Not Found” page like the following (maybe with different nginx version):

- -

Nginx 404 page

- -

That's no problem, because it means that the web server it's actually working. Just add an index.html file with something simple to see it in action. If you keep seeing the 404 page make sure your root line is correct and that the directory/index file exists.

- -

I like to remove the .html and trailing / on the URLs of my website, for that you need to add the following rewrite lines and modify the try_files line (for more: Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config):

- -
server {
-    ...
-    rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
-    rewrite ^/(.*)/$ /$1 permanent;
-    ...
-    try_files $uri/index.html $uri.html $uri/ $uri =404;
-    ...
-
- -

For more: Arch Linux Wiki: nginx.

- -

Certbot

- -

The only “bad” (bloated) thing about certbot, is that it uses python, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

- -
pacman -S certbot certbot-nginx
-
- -

After that, all you have to do now is run certbot and follow the instructions given by the tool:

- -
certbot --nginx
-
- -

It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to “say yes” to the redirection from http to https. And that's it, you can now go to your website and see that you have https active.

- -

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

- -
crontab -e
-
- -

And a file will be opened where you need to add a new rule for certbot, just append the line: 1 1 1 * * certbot renew (renew on the first day of every month) and you're good. Alternatively use systemd timers as stated in the Arch Linux Wiki.

- -

For more: Arch Linux Wiki: Certbot.

- -

That's it, you now have a website with SSL certificate.

- -
-
-

Created: Thu, Mar 18, 2021 @ 19:58 MST

-
-
- - - - diff --git a/blog/old/dst/index.html b/blog/old/dst/index.html deleted file mode 100644 index 682df2e..0000000 --- a/blog/old/dst/index.html +++ /dev/null @@ -1,108 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Luévano's Blog

- -

Welcome to my blog where I'll post whatever I please, ranging from rants to how-to's. Además, este pex va a estar en español e inglés porque quiero (no una mezcla en cada entrada, pero sí entradas completas en diferentes lenguajes).

- -

Articles

- - -
- - - - diff --git a/blog/old/dst/sitemap.xml b/blog/old/dst/sitemap.xml deleted file mode 100644 index 55edb9b..0000000 --- a/blog/old/dst/sitemap.xml +++ /dev/null @@ -1,16 +0,0 @@ - - -https://blog.luevano.xyz/index.html2021-04-211.0 -https://blog.luevano.xyz/a/website_with_nginx.html2021-03-181.0 -https://blog.luevano.xyz/a/git_server_with_cgit.html2021-03-211.0 -https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html2021-03-151.0 -https://blog.luevano.xyz/a/shell_scripting.html2021-03-131.0 -https://blog.luevano.xyz/a/sql_video_notes.html2021-03-021.0 -https://blog.luevano.xyz/a/first_blog_post.html2021-02-271.0 -https://blog.luevano.xyz/a/linux_video_notes.html2021-03-131.0 -https://blog.luevano.xyz/a/mail_server_with_postfix.html2021-03-201.0 - diff --git a/blog/old/src/.files b/blog/old/src/.files deleted file mode 100644 index e524da2..0000000 --- a/blog/old/src/.files +++ /dev/null @@ -1,9 +0,0 @@ -1615856381 1616720565 ./index.md -1616122695 0 ./a/website_with_nginx.md -1616306327 1616353229 ./a/git_server_with_cgit.md -1615862784 0 ./a/el_blog_ya_tiene_timestamps.md -1615701454 0 ./a/shell_scripting.md -1614695711 0 ./a/sql_video_notes.md -1614431313 0 ./a/first_blog_post.md -1615701443 0 ./a/linux_video_notes.md -1616234086 1616299559 ./a/mail_server_with_postfix.md diff --git a/blog/old/src/_footer.html b/blog/old/src/_footer.html deleted file mode 100644 index 3325f24..0000000 --- a/blog/old/src/_footer.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - diff --git a/blog/old/src/_header.html b/blog/old/src/_header.html deleted file mode 100644 index e69790e..0000000 --- a/blog/old/src/_header.html +++ /dev/null @@ -1,63 +0,0 @@ - - - - - - Luévano's Blog - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
diff --git a/blog/old/src/a/el_blog_ya_tiene_timestamps.md b/blog/old/src/a/el_blog_ya_tiene_timestamps.md deleted file mode 100644 index 1405b7a..0000000 --- a/blog/old/src/a/el_blog_ya_tiene_timestamps.md +++ /dev/null @@ -1,9 +0,0 @@ -# Así es raza, el blog ya tiene timestamps - -Pues eso, esta entrada es sólo para tirar update sobre mi [primer post](https://blog.luevano.xyz/a/first_blog_post.html). Ya modifiqué el `ssg` lo suficiente como para que maneje los *timestamps*, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender. - -Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. *Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.* - -El `ssg` modificado está en mis [dotfiles](https://git.luevano.xyz/.dots) (o directamente [aquí](https://git.luevano.xyz/.dots/tree/.local/bin/ssg)). - -Por último, también quité las extensiones `.html` de las URLs, porque se veía bien pitero, pero igual los links con `.html` al final redirigen a su link sin `.html`, así que no hay rollo alguno. diff --git a/blog/old/src/a/first_blog_post.md b/blog/old/src/a/first_blog_post.md deleted file mode 100644 index 2911820..0000000 --- a/blog/old/src/a/first_blog_post.md +++ /dev/null @@ -1,7 +0,0 @@ -# This is the first blog post, just for testing purposes - -I'm making this post just to figure out how [`ssg5`](https://www.romanzolotarev.com/ssg.html) and [`lowdown`](https://kristaps.bsd.lv/lowdown/) are supposed to work (and eventually also [`rssg`](https://www.romanzolotarev.com/rssg.html)). - -At the moment, I'm not satisfied because there's no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the [blog homepage](https://blog.luevano.xyz/) (and there's also the problem with the ordering of the entries...). And all of this just because I didn't want to use [Luke's](https://github.com/LukeSmithxyz/lb) solution (don't really like that much how he handles the scripts... *but they just work*). - -Hopefully, for tomorrow all of this will be sorted out and I'll have a working blog system. diff --git a/blog/old/src/a/git_server_with_cgit.md b/blog/old/src/a/git_server_with_cgit.md deleted file mode 100644 index d8a6037..0000000 --- a/blog/old/src/a/git_server_with_cgit.md +++ /dev/null @@ -1,153 +0,0 @@ -# Create a git server and setup cgit web app (on Nginx) - -My git server is all I need to setup to actually *kill* my other server (I've been moving from servers on these last 2-3 blog entries), that's why I'm already doing this entry. I'm basically following [git's guide on setting up a server](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server) plus some specific stuff for (btw i use) Arch Linux ([Arch Linux Wiki: Git server](https://wiki.archlinux.org/index.php/Git_server#Web_interfaces) and [Step by step guide on setting up git server in arch linux (pushable)](https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/)). - -Note that this is mostly for personal use, so there's no user/authentication control other than that of SSH. Also, most if not all commands here are run as root. - -## Prerequisites - -I might get tired of saying this (it's just copy paste, basically)... but similar as before (check my [website](https://blog.luevano.xyz/a/website_with_nginx.html) and [mail](https://blog.luevano.xyz/a/mail_server_with_postfix.html) entries): - -* (This time, optional) A domain name if you want to have a "front end" to show your repositories. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * With a **CNAME** for "git" and (optionally) "www.git", or some other name for your sub-domains. -* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * `ssh` configured. - * (Optionally, if doing the domain name thingy) With `nginx` and `certbot` setup and running. - * Of course, `git` already installed (it should be a must have always). - -## git server - -If not installed already, install the `git` package: - -```sh -pacman -S git -``` - -On Arch Linux, when you install the `git` package, a `git` user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on `/home/git` like if `git` was a "normal" user. So, create the `git` folder (with corresponding permissions) under `/home` and set the `git` user's home to `/home/git`: - -```sh -mkdir /home/git -chown git:git /home/git -usermod -d /home/git git -``` - -Also, the `git` user is "expired" by default and will be locked (needs a password), change that with: - -```sh -chage -E -1 git -passwd git -``` - -Give it a strong one and remember to use `PasswordAuthentication no` for `ssh` (as you should). Create the `.ssh/authorized_keys` for the `git` user and set the permissions accordingly: - -```sh -mkdir /home/git/.ssh -chmod 700 /home/git/.ssh -touch /home/git/.ssh/authorized_keys -chmod 600 /home/git/.ssh/authorized_keys -chown -R git:git /home/git -``` - -Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using `ssh`'s built in `ssh-copy-id` (for that you may want to check your `ssh` configuration in case you don't let people access your server with user/password). - -Next, and almost finally, we need to edit the `git-daemon` service, located at `/usr/lib/systemd/system/` (called `git-daemon@.service`): - -```ini -... -ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack -... -``` - -I just appended `--enable=receive-pack` and note that I also changed the `--base-path` to reflect where I want to serve my repositories from (has to match what you set when changing `git` user's home). - -Now, go ahead and start and enable the `git-daemon` socket: - -```sh -systemctl start git-daemon.socket -systemctl enable git-daemon.socket -``` - -You're basically done. Now you should be able to push/pull repositories to your server... except, you haven't created any repository in your server, that's right, they're not created automatically when trying to push. To do so, you have to do the following sequence (assuming you're "`cd`'ed" into the `/home/git` directory): - -```sh -mkdir {repo_name}.git -cd {repo_name}.git -``` - -Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame... although there are options to "automate" this, I like it this way). - -After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed [here](https://gist.github.com/rvl/c3f156e117e22a25f242). - -## cgit - -This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of [Arch Linux Wiki: Cgit](https://wiki.archlinux.org/index.php/Cgit#Nginx) so you can go there and get more in-depth configurations. - -Install the `cgit` and `fcgiwrap` packages: - -```sh -pacman -S cgit fcgiwrap -``` - -Now, just start and enable the `fcgiwrap` socket: - -```sh -systemctl start fcgiwrap.socket -systemctl enable fcgiwrap.socket -``` - -Next, the way I configure `nginx` is creating a separate file `{module}.conf` (`git.conf` in this case) under `/etc/nginx/sites-available` and create a symlink to `/etc/nginx/sites-enabled` as stated in my [`nginx` setup entry](https://blog.luevano.xyz/a/website_with_nginx.html). Add the following lines to your `git.conf` file: - -```nginx -server { - listen 80; - listen [::]:80; - root /usr/share/webapps/cgit; - server_name {yoursubdomain}.{yourdomain}; - try_files $uri @cgit; - - location @cgit { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:/run/fcgiwrap.sock; - } -} -``` - -Where the `server_name` line depends on you, I have mine setup to `git.luevano.xyz` and `www.git.luevano.xyz`. Optionally run `certbot --nginx` to get a certificate for those domains if you don't have already. - -Now, all that's left is to configure `cgit`. Create the configuration file `/etc/cgitrc` with the following content (my personal options, pretty much the default): - -```apache -css=/cgit.css -source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh -logo=/cgit.png - -enable-http-clone=1 -# robots=noindex, nofollow -virtual-root=/ - -repo.url={url} -repo.path={dir_path} -repo.owner={owner} -repo.desc={short_description} - -... -``` - -Where you can uncomment the `robots` line to let web crawlers (like Google's) to index your `git` web app. And at the end keep all your repositories (the ones you want to make public), for example for my [*dotfiles*](https://git.luevano.xyz/.dots) I have: - -```apache -... -repo.url=.dots -repo.path=/home/git/.dots.git -repo.owner=luevano -repo.desc=These are my personal dotfiles. -... -``` - -Otherwise you could let `cgit` to automatically detect your repositories (you have to be careful if you want to keep "private" repos) using the option `scan-path` and setup `.git/description` for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check [cgitrc(5)](https://man.archlinux.org/man/cgitrc.5). - -Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for `cgit` and also the Arch Wiki goes in detail on how to setup highlighting with two different packages. diff --git a/blog/old/src/a/linux_video_notes.md b/blog/old/src/a/linux_video_notes.md deleted file mode 100644 index 2c6697a..0000000 --- a/blog/old/src/a/linux_video_notes.md +++ /dev/null @@ -1,88 +0,0 @@ -# Linux tutorial video notes - -I was requested to make a summary of a video about basic Linux stuff (like the [SQL tutorial video notes](https://blog.luevano.xyz/a/sql_video_notes)); this time, I did most of the notes depending on the topic since I'm familiar with most of the stuff presented in the video. The video in question is: [The Complete Linux Course: Beginner to Power User!](https://www.youtube.com/watch?v=wBp0Rb-ZJak). Also, some notes were taken from [Arch Linux Wiki](https://wiki.archlinux.org/) since it's got pretty decent documentation, and, of course, general googling. - -## (Basic) commands - -A list of basic commands and small explanation (note that options are started with either `-` or `--`, depending on the program, but most of the time `-` is used for letter options and `--` for word options, `-l` vs `--list` for example): - -* `pwd`: "print working directory", full **absolute** path to the current directory. -* `cd`: "change directory", followed by the absolute or relative path of the directory to change to. - * Absolute path is started with `/`, while a relative path is started with `./` or just the name of the folder. - * Use `..` (two dots) to go up one directory. - * An abbreviation of `/home/username` is `~` (tilde). -* `ls`: "list" files and directories in current directory, or specify a directory from which to show the list after typing `ls`. Has many options, the most common ones being: - * `l`: use long listing format. - * `r` or `reverse`: reverse order while sorting. - * `s`: sort by file size, largest first. - * `a` or `all`: do not ignore entries starting with `.`. -* `mkdir`: "make directory", create a new directory with specified name. -* `touch`: create new (empty) files. -* `cp`: "copy" files or directories (using option `r` for recursive). Requires file/directory to copy and destination, separated by space. -* `mv`: "move" files or directories, also requires file/directory to copy and destination, separated by space. This is also used to **rename** files/directories. -* `rm`: "remove", followed by a file to remove it. -* `rmdir`: "remove empty directory", followed by a directory to remove it. If the directory is not empty, use `rm -r` on the directory ("remove recursive"). -* `su`: "switch user", by default to **root** user, but another one can be specified. -* `sudo`: "switch user, do", similar to `su`, but only to execute a command as **root** or the specified user. -* `clear`: clear the terminal window, a (common) keyboard shortcut is `Ctrl + l`. -* `find`: search for files/directories matching a pattern or all contents of a directory (using `.`). -* `grep`: comes from the `ed` command "g/re/p", for searching plain-text for lines that match a regular expression (regex). -* `top`: a task manager program, shows currently running commands and gives important info such as PID (process ID), user who is running that command, command name, cpu and ram usage, etc.. Some useful commands to manage programs running are: - * `pgrep`: get the PID of a running process, or a list in chronological order. - * `kill` or `pkill`: kill a running process either by PID or by name. - * `killall`: similar to `pkill`. -* `ssh`: "secure shell" is a remote login client used to connect into a remote machine and executing commands remotely, basically taking control of the remote machine. Widely used when managing servers. -* `ftp` or `sftp`: "(secure) file transfer protocol" used to transfer files from one machine to another one (usually a server). It's recommended to use `sftp` instead of `ftp` because anyone can look through the packages if it's not secured (encrypted). - -And in general, to see the options supported by almost any command, use `command -h` or `command --help`, for a quick explanation. **IMPORTANT**: Most programs have **man (manual) pages**; to access them do `man command`, this is a very powerful tool to use. - -Commands can be redirected to other commands (the output), which is powerful to create mini scripts or to achieve a goal in a single command. Most of the time the redirection can be done with the special characters `>`, `<` and most powerful, the `|` (pipe). Also, some commands accept an option to execute another command, but this depends on a command to command basis (`exec` option for `find`, for example). - -**Most terminal programs accept `Ctrl-c` or just `q` to exit the program.** - -## File permissions and ownership - -When listing files with `ls -l`, an output with file attributes (permissions) and ownership is shown, such as `drwxr-xr-x 2 user group 4096 Jul 5 21:03 Desktop`, where the first part are the attributes, and `user` and `group` the ownership info (all other info is irrelevant for now). - -File attributes (`drwxr-xr-x` in the example above) are specified by 10 (sometimes 11) characters, and can be break into 4 parts (or 5): - -* The first character is just the file type, typically `d` for directories or just `-` for files. There is `l` too, which is for **symlinks**. -* The next 3 characters represent the permissions that the **owner** has over the file. -* Next 3 the permissions that the **group** has over the file. -* Next 3 the permissions everyone else (**others**) have over the file. -* An optional `+` character that specifies whether an alternate access method applies to the file. When the character is a space, there is no alterante access method. - -Each of the three permission triads (`rwx`) can be: - -* `-` or `r`, for the first character, if the file can be **read** or directory's content can be shown. -* `-` or `w`, for the second character, if the file can be **modified** or the directory's content can be modified (create new files or folders or rename existing files or folders). -* `-` or `x`, for the third character, if the file can be **executed** or the directory can be **accessed** with `cd`. Other characters can be present, like `s`, `S`, `t` and `T` (for more: [Arch Linux Wiki: File permissions and attributes](https://wiki.archlinux.org/index.php/File_permissions_and_attributes)). - -To change attributes or ownership use `chmod` and `chown`, respectively. - -## Services - -Special type of linux process (think of a program or set of programs that run in the background waiting to be used, or doing essential tasks). There are many ways to manage (start, stop, restart, enable, disable, etc.) services, the most common way (if using `systemd`) is to just use `systemctl`. Basic usage of `systemctl` is `systemctl verb service`, where `verb` could be `start`, `enable`, `stop`, `disable`, `restart`, etc. Also, to get a general system status run `systemctl status` or just `systemctl` for a list of running **units** (a unit is an instance of a service, or a mount point or even a device or a socket). For more: [Arch Linux Wiki: systemd](https://wiki.archlinux.org/index.php/systemd). - -`systemd` also provides a way to do tasks based on a **timer**, where you can schedule from the second to the year. One could also use `cron` (using `crontab` with option `e`) to do this. These timers provide support for calendar time events, monotonic time events, and can be run asynchronously. - -## User and group management - -Most mainstream linux distributions come with a Graphic User Interface (GUI) to manage users and groups on the system. For a Command-Line Interface (CLI) just use `useradd` (with `passwd` to create a password for a given user) and `groupadd`. Also, other useful commands are `usermod`, `userdel`, `groups`, `gpasswd`, `groupdel` and more, each used for a basic management of users/groups like modification, deletion, listing (of all existing users/groups), etc.. For more: [Arch Linux Wiki: Users and groups](https://wiki.archlinux.org/index.php/users_and_groups). - -## Networking - -### Hosts file - -Located at `/etc/hosts`, serves as a translator from **hostname** (web addresses or URLs) into IP addresses (think of DNS records), meaning that any URL can be overridden to make it point to whatever IP address it's specified (only locally on the machine affected). The syntax of the file is pretty simple: first column for IP, second for hostname (URL) and third+ for aliases. - -### (Some) commands - -These commands serve the sole purpose of showing information about the network and stuff related to it: - -* `ping`: gives information about latency to a given ip/domain. -* `ifconfig`: gives similar information to `ipconfig` on windows, general info of physical network devices with their addresses and properties. An alternative could be `ip addr`, depending on the linux distribution being used and programs installed. -* `tcpdump`: "transmission control protocol dump" gives information on all "packets" being sent and received through the network. -* `netstat`: "network statistics" general statistics about network devices usage, display connections to the machine and more. -* `traceroute`: shows the route that the packets go through (how the packets jump from one server to another one) when trying to access an IP (or, for example, a website). -* `nmap`: "network mapper" explore network available hosts, opened ports, reverse DNS names, can guess the operating system of the device, it's type, MAC address and more. diff --git a/blog/old/src/a/mail_server_with_postfix.md b/blog/old/src/a/mail_server_with_postfix.md deleted file mode 100644 index 11e704a..0000000 --- a/blog/old/src/a/mail_server_with_postfix.md +++ /dev/null @@ -1,518 +0,0 @@ -# Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM - -The entry is going to be long because it's a *tedious* process. This is also based on [Luke Smith's script](https://github.com/LukeSmithxyz/emailwiz), but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted [here](https://git.luevano.xyz/server_scripts.git). - -This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges. - -More in depth configuration is detailed in the Arch Wiki for each package used here. - -## Prerequisites - -Basically the same as with the [website with Nginx and Certbot](https://blog.luevano.xyz/a/website_with_nginx.html): - -* A domain name. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * Later we'll be adding some **MX** and **TXT** records. - * You also need a **CNAME** for "mail" and (optionally) "www.mail", or whatever you want to call the sub-domains (although the [RFC 2181](https://tools.ietf.org/html/rfc2181#section-10.3) states that it NEEDS to be an **A** record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on `nginx` and `certbot`) with `certbot` (just create a `mail.conf` for `nginx`, similar to how we created it in the website entry). -* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * `ssh` configured. - * Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use `ufw`). - * With `nginx` and `certbot` setup and running. - -## Postfix - -[Postfix](https://wiki.archlinux.org/index.php/Postfix) is a "mail transfer agent" which is the component of the mail server that receives and sends emails via SMTP. - -Install the `postfix` package: - -```sh -pacman -S postfix -``` - -We have two main files to configure (inside `/etc/postfix`): `master.cf` ([master(5)](https://man.archlinux.org/man/master.5)) and `main.cf` ([postconf(5)](https://man.archlinux.org/man/postconf.5)). We're going to edit `main.cf` first either by using the command `postconf -e 'setting'` or by editing the file itself (I prefer to edit the file). - -Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke's script did plus some other settings that worked for me. - -Now, first locate where your website cert is, mine is at the default location `/etc/letsencrypt/live/`, so my `certdir` is `/etc/letsencrypt/live/luevano.xyz`. Given this information, change `{yourcertdir}` on the corresponding lines. The configuration described below has to be appended in the `main.cf` configuration file. - -Certificates and ciphers to use for authentication and security: - -```apache -smtpd_tls_key_file = {yourcertdir}/privkey.pem -smtpd_tls_cert_file = {yourcertdir}/fullchain.pem -smtpd_use_tls = yes -smtpd_tls_auth_only = yes -smtp_tls_security_level = may -smtp_tls_loglevel = 1 -smtp_tls_CAfile = {yourcertdir}/cert.pem -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -tls_preempt_cipherlist = yes -smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, - DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, - RSA+AES, eNULL - -smtp_tls_CApath = /etc/ssl/certs -smtpd_tls_CApath = /etc/ssl/certs - -smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination -``` - -Also, for the *connection* with `dovecot`, append the next few lines (telling postfix that `dovecot` will use user/password for authentication): - -```apache -smtpd_sasl_auth_enable = yes -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/auth -smtpd_sasl_security_options = noanonymous, noplaintext -smtpd_sasl_tls_security_options = noanonymous -``` - -Specify the mailbox home (this is going to be a directory inside your user's home): - -```apache -home_mailbox = Mail/Inbox/ -``` - -Pre-configuration to work seamlessly with `dovecot` and `opendkim`: - -```apache -myhostname = {yourdomainname} -mydomain = localdomain -mydestination = $myhostname, localhost.$mydomain, localhost - -milter_default_action = accept -milter_protocol = 6 -smtpd_milters = inet:127.0.0.1:8891 -non_smtpd_milters = inet:127.0.0.1:8891 -mailbox_command = /usr/lib/dovecot/deliver -``` - -Where `{yourdomainname}` is `luevano.xyz` in my case, or if you have `localhost` configured to your domain, then use `localhost` for `myhostname` (`myhostname = localhost`). - -Lastly, if you don't want the sender's IP and user agent (application used to send the mail), add the following line: - -```apache -smtp_header_checks = regexp:/etc/postfix/smtp_header_checks -``` - -And create the `/etc/postfix/smtp_header_checks` file with the following content: - -```coffee -/^Received: .*/ IGNORE -/^User-Agent: .*/ IGNORE -``` - -That's it for `main.cf`, now we have to configure `master.cf`. This one is a bit more tricky. - -First look up lines (they're uncommented) `smtp inet n - n - - smtpd`, `smtp unix - - n - - smtp` and `-o syslog_name=postfix/$service_name` and either delete or uncomment them... or just run `sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf` as stated in Luke's script. - -Lastly, append the following lines to complete postfix setup and pre-configure for `spamassassin`. - -```txt -smtp unix - - n - - smtp -smtp inet n - y - - smtpd - -o content_filter=spamassassin -submission inet n - y - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_tls_auth_only=yes -smtps inet n - y - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes -spamassassin unix - n n - - pipe - user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient} -``` - -Now, I ran into some problems with postfix, one being [smtps: Servname not supported for ai_socktype](https://www.faqforge.com/linux/fix-for-opensuse-error-postfixmaster-fatal-0-0-0-0smtps-servname-not-supported-for-ai_socktype/), to fix it, as *Till* posted in that site, edit `/etc/services` and add: - -```apache -smtps 465/tcp -smtps 465/udp -``` - -Before starting the `postfix` service, you need to run `newaliases` first (but you can do a bit of configuration beforehand). Edit the file `/etc/postfix/aliases` and edit accordingly. I only change the `root: you` line (where `you` is the account that will be receiving "root" mail). Check the Arch Wiki for more info and other alternatives/options. After you're done, run: - -```sh -postalias /etc/postfix/aliases -newaliases -``` - -At this point you're done configuring `postfix` and you can already start/enable the `postfix` service: - -```sh -systemctl start postfix.service -systemctl enable postfix.service -``` - -## Dovecot - -[Dovecot](https://wiki.archlinux.org/index.php/Dovecot) is an IMAP and POP3 server, which is what lets an email application retrieve the mail. - -Install the `dovecot` and `pigeonhole` (sieve for `dovecot`) packages: - -```sh -pacman -S dovecot pigeonhole -``` - -On arch, by default, there is no `/etc/dovecot` directory with default configurations set in place, but the package does provide the example configuration files. Create the `dovecot` directory under `/etc` and, optionally, copy the `dovecot.conf` file and `conf.d` directory under the just created `dovecot` directory: - -```sh -mkdir /etc/dovecot -cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf -cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot -``` - -As Luke stated, `dovecot` comes with a lot of "modules" (under `/etc/dovecot/conf.d/` if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole `dovecot.conf` file; although, I would like to check each of the separate configuration files `dovecot` provides I think the options Luke provides are more than good enough. - -I'm working with an empty `dovecot.conf` file. Add the following lines for SSL and login configuration (also replace `{yourcertdir}` with the same certificate directory described in the Postfix section above, note that the `<` is required): - -```apache -ssl = required -ssl_cert = <{yourcertdir}/fullchain.pem -ssl_key = <{yourcertdir}/privkey.pem -ssl_min_protocol = TLSv1.2 -ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH -ssl_prefer_server_ciphers = yes -ssl_dh = `: redirects output to a file, overwriting the file (or creating a new file). -* `>>`: redirects output to a file, appending to the file (or creating a new file). - -## Shell scripting - -A shell script is nothing more but a file that contains commands in it; they're executed in the same order they are present in the file. A shell script file is usually terminated with a `.sh` extension, independently of the shell being used, but it's not 100% necessary as in Unix systems, an extension mean nothing, other than distinction (visually) between files. Then one can just have an extension-less file as a script. **The script must have execution permissions (`chmod +x file`)**, unless `shell script` is executed in the terminal, where `shell` could be `sh`, `bash`, etc. **Comments** are created by prepending `#` to whatever the text should be a comment. - -It's common practice to have the first line as a **she-bang** (`#!`), which is just a comment telling the interpreter which shell to execute the script with (usable when having the script in your **PATH** so you only call the name of the script like any other command/program). A she-bang has the syntax `#!/path/to/shell some_other_options`, the most common she-bangs being: `#!/bin/sh`, `#!/bin/bash`, `#!/usr/bin/python`, etc. - -Also, some people argue that you shouldn't use absolute paths, since not all Unix operating systems have the same directory structure, or not all programs are going to be installed in the same folder. So a portable she-bang can be made by prepending `/usr/bin/env` and the specify the program to run, for example: `#!/usr/bin/env bash`. - -Like always... the basic "Hello, world!" script: - -```sh -#!/bin/sh -echo "Hello, world!" -``` - -Three ways of executing this script (assuming the file name is `hw`): - -1. Type in terminal `sh hw`. -2. Type in terminal `./hw`. Requires the file to have execute permissions. -3. Type in terminal `hw`. Requires the file to have execute permissions. Requires the file to be in your PATH. - -### Variables - -Variables are case sensitive, meaning that `my_var` and `MY_VAR` are different and a variable name can only contain letters and numbers (`a-z`, `A-Z` and `0-9`) or the underscore character `_`. Can't contain a space. Variables are called by prepending `$` to the variable name. - -Like in most programming languages, there are some reserved words like `if`, `select`, `then`, `until`, `while`, etc., that can't be used as variables or as values of variables. For more: [D.2 Index of Shell Reserved Words](https://www.gnu.org/software/bash/manual/html_node/Reserved-Word-Index.html). - -There is no need to specify a variable type. Anything surrounded by `"` will be treated as text. You can use booleans, numbers, text and arrays (the implementation of arrays depends on the shell being used). Make a variable readonly by calling `readonly variable_name`. Basic syntax: - -* Text variables: `var="my var"`. -* Numeric variables: `var=123`. -* Boolean variables: `var=true` and `var=false`. -* Arrays (assuming `bash` is the shell): - * `var[0]=value1`, `var[...]=...`, `var[n]=valuen`, etc. - * `var=(value1 ... valuen)` - * Access single values with `${var[index]}` and all values with `${var[*]}` or `${var[@]}`. - -There are special variables (for more. [tutorialspoint: Unix / Linux - Special Variables](https://www.tutorialspoint.com/unix/unix-special-variables.htm)): - -* `$`: represents the process ID number, or PID, of the current shell. -* `0`: the filename of the current script. -* `n`: where `n` can be any whole number, correspond to arguments passed to the script (`command arg1 arg2 arg3 argn`). -* `#:` number of arguments supplied to the script. -* `*:` all the arguments are double quoted. -* `@:` all the arguments are individually double quoted. -* `?:` exit status of the last command executed. -* `!:` process number of the last background command. - -When calling a script, you can pass optional (or required) positional arguments like: `command arg1 arg2 arg3 argn`. - -Note that a variable can also take the output of another command, one common way to do this is using `$(command)` or `` `command` ``, for example: `var="$(echo 'this is a command being executed inside the definition of a variable')"` which, since the `echo` command is being run, `var="this is a command being executed inside the definition of a variable"`, which doesn't seem like much, but there could be any command inside `$()` or `` `command` ``. Note that this is not special to defining variables, could also be used as arguments of another command. - -#### Internal Field Separator (IFS) - -This is used by the shell to determine how to do word splitting (how to recognize word boundaries). The default value for `IFS` consists of whitespace characters (space, tab and newline). This value can ve overridden by setting the variable `IFS` to something like, for example, `:`. - -### Conditionals - -#### Exit status - -Any command being run has an exit status, either `0` or `1`, if the command has been executed successfully or otherwise (an error), respectively. - -#### `if` statement - -Pretty similar to other programming languages, evaluates an expression to a `true` or `false` and executes code as specified. `if` statements can be nested, and follow normal rules of logical operations. Basic syntax is: - -```sh -#!/bin/sh -if expression -then -do_something -elif another_expression -then -do_another_thing -else -do_something_else -fi -``` - -The expression is usually wrapped around `[]` or `[[]]`, the first being POSIX compliant and the second `bash`-specific (and other shells). - -Also, some **operators** to compare things use `==` for "equals" and `>` for "greater than", for example; while in a POSIX compliant shell, `=` for "equals" and `-gt` for "greater than" has to be used. For more operators: [tutorialspoint: Unix / Linux - Shell Basic Operators](https://www.tutorialspoint.com/unix/unix-basic-operators.htm) (this also covers **logical operators** and **file test operators**). - -### Case statement - -A common good alternative to multilevel `if` statements, enables you to match several values against one variable. Basic syntax is: - -```sh -case $var in - pattern1) - do_something1 - ;; - pattern2) - subpattern1) - do_subsomething1 - ;; - subpattern2) - do_subsomething2 - ;; - *) - pattern3|pattern4|...|patternN) - do_something3 - ;; - patternM) - do_somethingM - ;; - *) - do_something_default - ;; -esac -``` - -Where the `*` pattern is not necessary but serves the same purpose as a "default" case. - -### Loops - -Loops enable execution of a set of commands repeatedly. Loops, naturally, can be nested. `expression` here (in the basic syntax examples) work the same as mentioned in the "`if` statement" section. For more: [tutorialspoint: Unix / Linux - Shell Loop Types](https://www.tutorialspoint.com/unix/unix-shell-loops.htm). - -#### Loop control - -Similar than other programming languages, there are loop controls to interrupt or continue a loop: - - * `break` statement. - * `continue` statement. - -These statements accept an argument that specify from which loop to exit/continue. - -#### `while` loop - -Enables to execute a set of commands repeatedly until some condition occurs. Basic syntax: - -```sh -#!/bin/sh -while expression -do - do_something -done -``` - -#### `until` loop - -Similar to the `while` loop, the difference is that the `while` loop is executed as long as a condition is true, but the `until` loop... until a condition is true. Basic syntax (similar to `while` loop): - -```sh -#!/bin/sh -until expression -do - do_something -done -``` - -#### `for` loop - -Operates on lists of items. It repeats a set of commands for every item in a list. Basic syntax: - -```sh -#!/bin/sh -for var in word1 word2 ... wordN -do - do_something_with_var -done -``` - -Where `var` is the current value (`word1`, `word2`, etc.) in the loop and the expression after `for` can refer to an array, or the output of a command that outputs a list of things, etc. - -#### `select` loop - -Provides an easy way to create a numbered menu from which users can select options. Basic syntax (similar to `for` loop): - -```sh -select var in word1 word2 ... wordN -do - do_something_with_var -done -``` - -### Meta characters - -Meta characters are used to execute several commands on a single line (depending on what it's needed). The most used meta characters to accomplish this are semi-colon `;`, double ampersand `&&` and double "pipe" `||`. - -* `;`: is used to finish one command (similar to some programming languages), after the command on the left of `;` is finished (whatever the exit code is), the command on the right will be executed. -* `&&`: similar to `;`, but only if the command on the left exits with code `0` (success). -* `||`: similar to `&&`, but for exit code `1`(error). - -### Functions - -Enable to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed (like in any other programming language...). For more: [tutorialspoint: Unix / Linux - Shell Functions](https://www.tutorialspoint.com/unix/unix-shell-functions.htm). Basic syntax: - -```sh -#!/bin/sh -function_name () { - do_something -} -``` - -Functions can also take arguments and can access their individual arguments (each function will have a different "storage" for their arguments). Functions can also be nested. Here `exit` will not only will finish the function code, but also the shell script that called it, instead use `return` plus an exit code to just exit the function. diff --git a/blog/old/src/a/sql_video_notes.md b/blog/old/src/a/sql_video_notes.md deleted file mode 100644 index 4b37119..0000000 --- a/blog/old/src/a/sql_video_notes.md +++ /dev/null @@ -1,172 +0,0 @@ -# SQL tutorial video notes - -I was requested to make summaries of videos about SQL, these are the notes (mostly this is a transcription of what I found useful). The videos in question are: [SQL Tutorial - Full Database Course for Beginners](https://www.youtube.com/watch?v=HXV3zeQKqGY), [MySQL Tutorial for Beginners [Full Course]](https://www.youtube.com/watch?v=7S_tz1z_5bA) and [Advanced SQL course | SQL tutorial advanced](https://www.youtube.com/watch?v=2Fn0WAyZV0E). Also, some notes were taken from [w3schools.com's SQL Tutorial](https://www.w3schools.com/sql/) and [MySQL 8.0 Reference Manual](https://dev.mysql.com/doc/refman/8.0/en/). - -## What is a database (DB)? - -Any collection of related information, such as a phone book, a shopping list, Facebook's user base, etc.. It can be stored in different ways: on paper, on a computer, in your mind, etc.. - -### Database Management Systems (DBMS) - -A special software program that helps users create and maintain a database that makes it easy to manage large amounts of information, handles security, backups and can connect to programming languages for automation. - -### CRUD - -The four main operations that a DBMS will do: create, read, update and delete. - -### Two types of databases - -* Relational (SQL) - * Organize data into one or more tables. - * Each table has columns and rows. - * A unique key identifies each row. -* Non-relational (noSQL/not just SQL) - * Key-value stores. - * Documents (JSON, XML, etc). - * Graphs. - * Flexible tables. - -#### Relational databases (RDB) (SQL) - -When we want to create a RDB we need a Relational Database Management System (RDBMS) that uses Structured Query Language (SQL) which is a standardized language for interacting with RDBMS and it's used to perform CRUD operations (and other administrative tasks). - -#### Non-relational databases (NRDB) (noSQL/not just SQL) - -Anything that's not relational, stores data in anything but static tables. Could be a document (JSON, XML, etc.), graph (relational nodes), key-value hash (strings, json, etc.), etc. - -NRDB also require a Non-Relational Database Management System (NRDBMS) to maintain a database. But it doesn't have a standardized language for performing CRUD and administrative operations like how RDB have. - -### Database queries - -A DB query is a request that is made to the (R/NR)DBMS for a specific information. A google search is a query, for example. - -## Tables and keys - -A table is composed of columns, rows and a primary key. The primary key is unique and identifies one specific row. Columns and rows are trivial, a column identifies a field and has a specific data type (name, email, birth) and a row identifies a table entry (person that contains a name, email and birth). - -Also, there are foreign keys, it's purpose is to relate to another database table; this foreign key is unique in it's own table, but can be repeated where you use it as a foreign key. - -It's possible to use the same table keys as foreign keys to make relations inside the same table. - -## SQL basics - -It's actually a hybrid language, basically 4 types of languages in one: - -* Data Query Language (DQL) - * Used to query the database for information. - * Get information that is already stored there. -* Data Definition Language (DDL) - * Used for defining database schemas. -* Data Control Language (DCL) - * Used for controlling access to the data in the database. - * User and permissions management. -* Data Manipulation Language (DML) - * Used for inserting, updating and deleting data from a database. - -### Queries - -A set of instructions given to the RDBMS (written in SQL) that tell the RDBMS what information you want it to retrieve. Instead of getting the whole database, retrieve only a bit of information that you need. - -Also, SQL keywords can be either lower or upper case, but it's **convention to use upper case**. And **queries are ended by a semi-colon**. - -#### Data types - -Just some SQL data types (for more: [MySQL 8.0 Reference Manual: Chapter 11 Data Types](https://dev.mysql.com/doc/refman/8.0/en/data-types.html), the notation is `DATATYPE(SIZE(,SIZE))`: - -* `INT`: integer numbers. -* `DECIMAL(M,N)`: decimal numbers. -* `VARCHAR(N)`: string of text of length N. -* `BLOB`: Binary Large Object, stores large data. -* `DATE`: YYYY-MM-DD. -* `TIMESTAMP`: YYYY-MM-DD HH:MM:SS. - -#### Basic management of tables - -To **create a table**, the basic syntax is `CREATE TABLE tablename (column1 datatype constraint, column2 datatype constraint, ...)`, where a constraint could be (for more: [MySQL 8.0 Reference Manual: 13.1.20 CREATE TABLE Statement](https://dev.mysql.com/doc/refman/8.0/en/create-table.html)): - -* `NOT NULL`: can't have a `NULL` value. -* `UNIQUE`: all values are unique. -* `PRIMARY KEY`: uniquely identifies each row. -* `FOREIGN KEY`: uniquely identifies a row in another table. -* `CHECK expresion`: satisfy a special condition (`expresion`). -* `DEFAULT value`: if no value is specified use value `value`. -* `INDEX`: to create and retrieve data from the database very quickly. - -Get the **table structure** with `DESCRIBE tablename` and delete it with `DROP TABLE tablename`. **Add columns** to the table with `ALTER TABLE tablename ADD column DATATYPE(N,M)`, similar syntax to **delete a specific column** `ALTER TABLE tablename DRORP COLUMN column`. - -**Add entries** to the table with `INSERT INTO tablename VALUES(value1, value2, ...)` where all the fields must be specified, or `INSERT INTO tablename(column1, column2) VALUES(value1, value2)` to just add some fields to the new entry. While at it, (all) the table content can be fetched with `SELECT * FROM tablename`. - -Basic **Updating of entries** with `UPDATE tablename SET expression1 WHERE expression2`, where `expression1` could be `column = value2` and `expression2` could be `column = value1`, meaning that the value of `column` will be changed from `value1` to `value2`. Note that the expressions are not limited by `column = value`, and that the `column` has to be the same, it would be any expression. Also, this is really extensive as `SET` can set multiple variables and `WHERE` take more than one condition by chaining conditions with `AND`, `OR` and `NOT` keywords, for example. - -##### ON DELETE statement - -When an entry needs to be updated somehow based on a modification on a foreign key. If two tables are related to each other, if something is deleted on one end, update the other end in some way. - -For example on creation of a table, on the specification of a foreign key: `CREATE TABLE tablename (..., FOREIGN KEY(column) REFERENCES othertable(othertablecolumn) ON DELETE something)`. That something could be `SET NULL`, `CASCADE`, etc.. - -#### SELECT queries - -Instead of doing `SELECT * FROM tablename`, which gets all the data from a table, more complex `SELECT` queries can be implemented, such as `SELECT column FROM tablename` to only get all data from one column of the table. Append `LIMIT N` to limit the query to `N` entries. Append `WHERE condition` to meet a custom condition. - -Other statements that can be used in conjunction with `SELECT` are `ORDER BY column ASC|DESC`, `SELECT DISTINCT`, `MIN(column)`, `MAX(column)`, `COUNT(column)`, `AVG(column)`, `SUM(column)`, `LIKE` and more. For more, visit [MySQL 8.0 Reference Manual: 13.2.10 SELECT Statement](https://dev.mysql.com/doc/refman/8.0/en/select.html). - -MySQL uses regular expressions (regex) like pattern matching, some wildcards that can be used with the `LIKE` statement are: - -* `%`: zero or more characters. -* `_`: a single character. -* `[]`: any single character within the brackets. -* `^`: any character not in the brackets. -* `-`: a range of characters. - -An extended regex can be used with the statement `REGEX_LIKE(expression)`; `REGEXP` and `RLIKE` are synonyms for `REGEX_LIKE`. For more: [MySQL 8.0 Reference Manual: 3.3.4.7 Pattern Matching](https://dev.mysql.com/doc/refman/8.0/en/pattern-matching.html). - -#### Unions - -A specialized SQL operator that is used to combine multiple `SELECT` statements into one. The basic syntax is `SELECT ... UNION SELECT ...`, where `...` is a whole `SELECT` statement; there can be any amount of unions. There are some rules that apply when doing unions, such as having the same amount of columns on both statements and being of the same data type. - -#### Joins - -Used to combine rows from two or more tables based on a related column between them. Basic syntax is `SELECT table1.column1, ..., table2.column1, ... FROM table(1|2) JOIN table(1|2) ON table1.common_column = table2.common_column`, where the table specified in the `FROM` statement is called the "left" table, where the one in the `JOIN` statement is the "right" table. For more: [MySQL 8.0 Reference Manual: 13.2.10.2 JOIN Clause](https://dev.mysql.com/doc/refman/8.0/en/join.html). - -There are different types of SQL JOINs: - -* `(INNER) JOIN`: returns records that have matching values in both tables. -* `LEFT (OUTER) JOIN`: returns all records from the left table, and the matched records from the right table. -* `RIGHT (OUTER) JOIN`: returns all records from the right table, and the matched records from the left table. -* `FULL (OUTER) JOIN`: returns all records when there is a match in either left or right table. - -![INNER JOIN](https://static.luevano.xyz/images/b/notes/sql/img_innerjoin.gif) -![LEFT JOIN](https://static.luevano.xyz/images/b/notes/sql/img_leftjoin.gif) -![RIGHT JOIN](https://static.luevano.xyz/images/b/notes/sql/img_rightjoin.gif) -![FULL OUTER JOIN](https://static.luevano.xyz/images/b/notes/sql/img_fulljoin.gif) - -#### Nested queries - -A query composed of multiple select statements to get a specific piece of information. This is self explanatory, you do a `SELECT` query somewhere inside another one, for example `SELECT ... IN (SELECT ...)`, where the nesting is occurring inside the parenthesis after the `IN` statement. - -A nesting isn't constrained to the `IN` statement, it can appear anywhere, for example in a `WHERE` statement: `SELECT ... WHERE something = (SELECT ...)`. - -#### Triggers - -A block of SQL code that will define a certain action that will happen when a specific operation is performed on the database. It is **recommended to change the `DELIMITER` temporarily from semi-colon to something else** (since we need to use semi-colon to end the trigger) while the trigger is created. The basic syntax is `CREATE TRIGGER trigername triggertime triggerevent ON tablename FOR EACH ROW triggerorder triggerbody`. For more: [MySQL 8.0 Reference Manual: 13.1.22 CREATE TRIGGER Statement](https://dev.mysql.com/doc/refman/8.0/en/create-trigger.html) and [MySQL 8.0 Reference Manual: 25.3.1 Trigger Syntax and Examples](https://dev.mysql.com/doc/refman/8.0/en/trigger-syntax.html). - -#### Entity Relationship Diagrams (ERD) - -When designing a database it's important to define a **database schema** which is just a definition of all the different tables and their attributes that are going to live inside the database. So, basically, an ERD diagram is a diagram that consists of text, symbols and shapes that are combined to create a relationship model. - -The diagram consists of: - -* **Entity**: a square with the name of the entity inside it. -* **Attributes**: ovals with the name of the attributes inside it; an attribute defines specific pieces of information about an entity (columns). -* **Primary key**: same as with attributes but with name underlined; the primary key uniquely identifies the entity. -* **Composite attribute**: an attribute that consists on one or more (sub-)attributes. -* **Multi-valued attribute**: oval with another oval inside it and the name of the attribute. -* **Derived attribute**: dotted oval; this attribute can be derived from other attributes from the entity. -* **Relationship**: a diamond with the relationship name in it, for the connections a single line (partial participation) or a doubled line (total participation); it denotes how two or more attributes are related to each other; all members must participate in the relationship. -* **Relationship attribute**: denoted like a normal attribute, but it's child of a relationship; it defines what attributes exists because of the relationship, it's not stored in any of the entities related, but on the relationship object itself. -* **Relationship cardinality**: denoted with a number on the line connecting the relationship to the entity; detones the number of instances of an entity from a relation that can be associated with the relation. -* **Weak entity**: rectangle inside a rectangle with its name inside; it cannot be uniquely identified by its attributes alone. -* **Weak entity's primary key**: oval with its text underlined, but the line is dotted. -* **Identifying relationship**: a diamond inside a diamond with its name inside; a relationship that serves to uniquely identify the weak entity. - -![ERD example taken from wikipedia](https://static.luevano.xyz/images/b/notes/sql/erd_example.png) diff --git a/blog/old/src/a/website_with_nginx.md b/blog/old/src/a/website_with_nginx.md deleted file mode 100644 index 43264de..0000000 --- a/blog/old/src/a/website_with_nginx.md +++ /dev/null @@ -1,157 +0,0 @@ -# Create a website with Nginx and Certbot - -These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from [Luke's video](https://www.youtube.com/watch?v=OWAqilIVNgE) and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I'm configuring the web server again on a new VPS instance, so this is going to be fresh. - -As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges. - -## Prerequisites - -You will need two things: - -* A domain name (duh!). I got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * With the corresponding **A** and **AAA** records pointing to the VPS' IPs ("A" record points to the ipv4 address and "AAA" to the ipv6, basically). I have three records for each type: empty one, "www" and "\*" for a wildcard, that way "domain.name", "www.domain.name", "anythingelse.domain.name" point to the same VPS (meaning that you can have several VPS for different sub-domains). -* A VPS or somewhere else to host it. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * With `ssh` already configured both on the local machine and on the remote machine. - * Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use `ufw` so it's just a matter of doing `ufw allow 80,443/tcp` as root and you're golden. - * `cron` installed if you follow along (you could use `systemd` timers, or some other method you prefer to automate running commands every X time). - -## Nginx - -You have two options: `nginx` and `nginx-mainline`. I prefer `nginx-mainline` because it's the "up to date" package even though `nginx` is labeled to be the "stable" version. Install the package and enable/start the service: - -```sh -pacman -S nginx-mainline -systemctl enable nginx.service -systemctl start nginx.service -``` - -And that's it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this: - -![Nginx welcome page](https://static.luevano.xyz/images/b/notes/nginx/nginx_welcome_page.png) - -As stated in the welcome page, configuration is needed, head to the directory of nginx: - -```sh -cd /etc/nginx -``` - -Here you have several files, the important one is `nginx.conf`, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it's common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains). - -Inside the `nginx.conf` file, delete the `server` blocks and add the lines `include sites-enabled/*;` (to look into individual server configuration files) and `types_hash_max_size 4096;` (to get rid of an ugly warning that will keep appearing) somewhere inside the `http` block. The final `nginx.conf` file would look something like (ignoring the comments just for clarity, but you can keep them as side notes): - -```nginx -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include sites-enabled/*; - include mime.types; - default_type application/octet-stream; - - sendfile on; - - keepalive_timeout 65; - - types_hash_max_size 4096; -} -``` - -Next, inside the directory `/etc/nginx/` create the `sites-available` and `sites-enabled`, and go into the `sites-available` one: - -```sh -mkdir sites-available -mkdir sites-enabled -cd sites-available -``` - -Here, create a new `.conf` file for your website and add the following lines (this is just the sample content more or less): - -```nginx -server { - listen 80; - listen [::]:80; - - root /path/to/root/directory; - server_name domain.name another.domain.name; - index index.html anotherindex.otherextension; - - location /{ - try_files $uri $uri/ =404; - } -} -``` - -Note several things: - -* `listen`: we're telling nginx which port to listen to (ipv4 and ipv6, respectively). -* `root`: the root directory of where the website files (`.html`, `.css`, `.js`, etc. files) are located. I followed Luke's directory path `/var/www/some_folder`. -* `server_name`: the actual domain to "listen" to (for my website it is: `server_name luevano.xyz www.luevano.xyz`; and for this blog is: `server_name blog.luevano.xyz www.blog.luevano.xyz`). -* `index`: what file to serve as the index (could be any `.html`, `.htm`, `.php`, etc. file) when just entering the website. -* `location`: used in case of different configurations across different URL paths. - * `try_files`: tells what files to look for, don't look into this too much for now. - -Then, make a symbolic from this config file to the `sites-enabled` directory: - -```sh -ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled -``` - -This is so the `nginx.conf` file can look up the newly created server config. With this method of having each server configuration file separate you can easily "deactivate" any website by just deleting the symbolic link in `sites-enabled` and you're good, or just add new configuration files and keep everything nice and tidy. - -All you have to do now is restart (or enable and start if you haven't already) the nginx service (and optionally test the configuration): - -```sh -nginx -t -systemctl restart nginx -``` - -If everything goes correctly, you can now go to your website by typing "domain.name" on a web browser. But you will see a "404 Not Found" page like the following (maybe with different nginx version): - -![Nginx 404 page](https://static.luevano.xyz/images/b/notes/nginx/nginx_404_page.png) - -That's no problem, because it means that the web server it's actually working. Just add an `index.html` file with something simple to see it in action. If you keep seeing the 404 page make sure your `root` line is correct and that the directory/index file exists. - -I like to remove the `.html` and trailing `/` on the URLs of my website, for that you need to add the following `rewrite` lines and modify the `try_files` line (for more: [Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config](https://www.seancdavis.com/blog/remove-html-extension-and-trailing-slash-in-nginx-config/)): - -```nginx -server { - ... - rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; - rewrite ^/(.*)/$ /$1 permanent; - ... - try_files $uri/index.html $uri.html $uri/ $uri =404; - ... -``` - -For more: [Arch Linux Wiki: nginx](https://wiki.archlinux.org/index.php/nginx). - -## Certbot - -The only "bad" (bloated) thing about certbot, is that it uses `python`, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages `certbot` and `certbot-nginx`: - -```sh -pacman -S certbot certbot-nginx -``` - -After that, all you have to do now is run `certbot` and follow the instructions given by the tool: - -```sh -certbot --nginx -``` - -It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to "say yes" to the redirection from http to https. And that's it, you can now go to your website and see that you have https active. - -Now, the certificate given by `certbot` expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using `cron`, you can do this by running: - -```sh -crontab -e -``` - -And a file will be opened where you need to add a new rule for certbot, just append the line: `1 1 1 * * certbot renew` (renew on the first day of every month) and you're good. Alternatively use `systemd` timers as stated in the [Arch Linux Wiki](https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal). - -For more: [Arch Linux Wiki: Certbot](https://wiki.archlinux.org/index.php/Certbot). - -That's it, you now have a website with SSL certificate. diff --git a/blog/old/src/index.md b/blog/old/src/index.md deleted file mode 100644 index 475d807..0000000 --- a/blog/old/src/index.md +++ /dev/null @@ -1,5 +0,0 @@ -# Luévano's Blog - -Welcome to my blog where I'll post whatever I please, ranging from rants to how-to's. Además, este pex va a estar en español e inglés porque quiero (no una mezcla en cada entrada, pero sí entradas completas en diferentes lenguajes). - -## Articles diff --git a/blog/old_newer/dst/a/asi_nomas_esta_quedando.html b/blog/old_newer/dst/a/asi_nomas_esta_quedando.html deleted file mode 100644 index ad04655..0000000 --- a/blog/old_newer/dst/a/asi_nomas_esta_quedando.html +++ /dev/null @@ -1,114 +0,0 @@ - - - - - - - Así nomás está quedando el página -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Así nomás está quedando el página

-

Estuve acomodando un poco más el sItIo, al fin agregué la “sección” de contact y de donate por si hay algún loco que quiere tirar varo.

-

También me puse a acomodar un servidor de XMPP el cual, en pocas palabras, es un protocolo de mensajería instantánea (y más) descentralizado, por lo cual cada quien puede hacer una cuenta en el servidor que quiera y conectarse con cuentas creadas en otro servidor… exacto, como con los correos electrónicos. Y esto está perro porque si tú tienes tu propio server, así como con uno de correo electrónico, puedes controlar qué características tiene, quiénes pueden hacer cuenta, si hay end-to-end encryption (o mínimo end-to-server), entre un montón de otras cosas.

-

Ahorita este server es SUMISO (compliant en español, jeje) para jalar con la app conversations y con la red social movim, pero realmente funcionaría con casi cualquier cliente de XMPP, amenos que ese cliente implemente algo que no tiene mi server. Y también acomodé un server de Matrix que es muy similar pero es bajo otro protocolo y se siente más como un discord/slack (al menos en el element), muy chingón también.

-

Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el pyssg para que jale chido para este pex.

-

Ya por último también quiero moverle un poco al CSS, porque lo dejé en un estado muy culerón y quiero meterle/ajustar unas cosas para que quede más limpio y medianamente bonito… dentro de lo que cabe porque evidentemente me vale verga si se ve como una página del 2000.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/el_blog_ya_tiene_timestamps.html b/blog/old_newer/dst/a/el_blog_ya_tiene_timestamps.html deleted file mode 100644 index 0859ee9..0000000 --- a/blog/old_newer/dst/a/el_blog_ya_tiene_timestamps.html +++ /dev/null @@ -1,113 +0,0 @@ - - - - - - - Así es raza, el blog ya tiene timestamps -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Así es raza, el blog ya tiene timestamps

-

Pues eso, esta entrada es sólo para tirar update sobre mi primer post. Ya modifiqué el ssg lo suficiente como para que maneje los timestamps, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender.

-

Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.

-

El ssg modificado está en mis dotfiles (o directamente aquí).

-

Por último, también quité las extensiones .html de las URLs, porque se veía bien pitero, pero igual los links con .html al final redirigen a su link sin .html, así que no hay rollo alguno.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/first_blog_post.html b/blog/old_newer/dst/a/first_blog_post.html deleted file mode 100644 index 3e03528..0000000 --- a/blog/old_newer/dst/a/first_blog_post.html +++ /dev/null @@ -1,112 +0,0 @@ - - - - - - - This is the first blog post, just for testing purposes -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

This is the first blog post, just for testing purposes

-

I’m making this post just to figure out how ssg5 and lowdown are supposed to work (and eventually also rssg).

-

At the moment, I’m not satisfied because there’s no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the blog homepage (and there’s also the problem with the ordering of the entries…). And all of this just because I didn’t want to use Luke’s solution (don’t really like that much how he handles the scripts… but they just work).

-

Hopefully, for tomorrow all of this will be sorted out and I’ll have a working blog system.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/git_server_with_cgit.html b/blog/old_newer/dst/a/git_server_with_cgit.html deleted file mode 100644 index eae8f64..0000000 --- a/blog/old_newer/dst/a/git_server_with_cgit.html +++ /dev/null @@ -1,216 +0,0 @@ - - - - - - - Create a git server and setup cgit web app (on Nginx) -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Create a git server and setup cgit web app (on Nginx)

-

My git server is all I need to setup to actually kill my other server (I’ve been moving from servers on these last 2-3 blog entries), that’s why I’m already doing this entry. I’m basically following git’s guide on setting up a server plus some specific stuff for (btw i use) Arch Linux (Arch Linux Wiki: Git server and Step by step guide on setting up git server in arch linux (pushable)).

-

Note that this is mostly for personal use, so there’s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.

-

Prerequisites

-

I might get tired of saying this (it’s just copy paste, basically)… but similar as before (check my website and mail entries):

-
    -
  • (This time, optional) A domain name if you want to have a “front end” to show your repositories. Got mine on Epik (affiliate link, btw).
      -
    • With a CNAME for “git” and (optionally) “www.git”, or some other name for your sub-domains.
    • -
    -
  • -
  • A VPS or somewhere else to host. I’m using Vultr (also an affiliate link).
      -
    • ssh configured.
    • -
    • (Optionally, if doing the domain name thingy) With nginx and certbot setup and running.
    • -
    • Of course, git already installed (it should be a must have always).
    • -
    -
  • -
-

git server

-

If not installed already, install the git package:

-
pacman -S git
-
-

On Arch Linux, when you install the git package, a git user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on /home/git like if git was a “normal” user. So, create the git folder (with corresponding permissions) under /home and set the git user’s home to /home/git:

-
mkdir /home/git
-chown git:git /home/git
-usermod -d /home/git git
-
-

Also, the git user is “expired” by default and will be locked (needs a password), change that with:

-
chage -E -1 git
-passwd git
-
-

Give it a strong one and remember to use PasswordAuthentication no for ssh (as you should). Create the .ssh/authorized_keys for the git user and set the permissions accordingly:

-
mkdir /home/git/.ssh
-chmod 700 /home/git/.ssh
-touch /home/git/.ssh/authorized_keys
-chmod 600 /home/git/.ssh/authorized_keys
-chown -R git:git /home/git
-
-

Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using ssh‘s built in ssh-copy-id (for that you may want to check your ssh configuration in case you don’t let people access your server with user/password).

-

Next, and almost finally, we need to edit the git-daemon service, located at /usr/lib/systemd/system/ (called git-daemon@.service):

-
...
-ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack
-...
-
-

I just appended --enable=receive-pack and note that I also changed the --base-path to reflect where I want to serve my repositories from (has to match what you set when changing git user’s home).

-

Now, go ahead and start and enable the git-daemon socket:

-
systemctl start git-daemon.socket
-systemctl enable git-daemon.socket
-
-

You’re basically done. Now you should be able to push/pull repositories to your server… except, you haven’t created any repository in your server, that’s right, they’re not created automatically when trying to push. To do so, you have to do the following sequence (assuming you’re “cd‘ed” into the /home/git directory):

-
mkdir {repo_name}.git
-cd {repo_name}.git
-
-

Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame… although there are options to “automate” this, I like it this way).

-

After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed here.

-

cgit

-

This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of Arch Linux Wiki: Cgit so you can go there and get more in-depth configurations.

-

Install the cgit and fcgiwrap packages:

-
pacman -S cgit fcgiwrap
-
-

Now, just start and enable the fcgiwrap socket:

-
systemctl start fcgiwrap.socket
-systemctl enable fcgiwrap.socket
-
-

Next, the way I configure nginx is creating a separate file {module}.conf (git.conf in this case) under /etc/nginx/sites-available and create a symlink to /etc/nginx/sites-enabled as stated in my nginx setup entry. Add the following lines to your git.conf file:

-
server {
-    listen 80;
-    listen [::]:80;
-    root /usr/share/webapps/cgit;
-    server_name {yoursubdomain}.{yourdomain};
-    try_files $uri @cgit;
-
-    location @cgit {
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
-        fastcgi_param PATH_INFO $uri;
-        fastcgi_param QUERY_STRING $args;
-        fastcgi_param HTTP_HOST $server_name;
-        fastcgi_pass unix:/run/fcgiwrap.sock;
-    }
-}
-
-

Where the server_name line depends on you, I have mine setup to git.luevano.xyz and www.git.luevano.xyz. Optionally run certbot --nginx to get a certificate for those domains if you don’t have already.

-

Now, all that’s left is to configure cgit. Create the configuration file /etc/cgitrc with the following content (my personal options, pretty much the default):

-
css=/cgit.css
-source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
-logo=/cgit.png
-
-enable-http-clone=1
-# robots=noindex, nofollow
-virtual-root=/
-
-repo.url={url}
-repo.path={dir_path}
-repo.owner={owner}
-repo.desc={short_description}
-
-...
-
-

Where you can uncomment the robots line to let web crawlers (like Google’s) to index your git web app. And at the end keep all your repositories (the ones you want to make public), for example for my dotfiles I have:

-
...
-repo.url=.dots
-repo.path=/home/git/.dots.git
-repo.owner=luevano
-repo.desc=These are my personal dotfiles.
-...
-
-

Otherwise you could let cgit to automatically detect your repositories (you have to be careful if you want to keep “private” repos) using the option scan-path and setup .git/description for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check cgitrc(5).

-

Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for cgit and also the Arch Wiki goes in detail on how to setup highlighting with two different packages.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/linux_video_notes.html b/blog/old_newer/dst/a/linux_video_notes.html deleted file mode 100644 index 0be836a..0000000 --- a/blog/old_newer/dst/a/linux_video_notes.html +++ /dev/null @@ -1,185 +0,0 @@ - - - - - - - Linux tutorial video notes -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Linux tutorial video notes

-

I was requested to make a summary of a video about basic Linux stuff (like the SQL tutorial video notes); this time, I did most of the notes depending on the topic since I’m familiar with most of the stuff presented in the video. The video in question is: The Complete Linux Course: Beginner to Power User!. Also, some notes were taken from Arch Linux Wiki since it’s got pretty decent documentation, and, of course, general googling.

-

(Basic) commands

-

A list of basic commands and small explanation (note that options are started with either - or --, depending on the program, but most of the time - is used for letter options and -- for word options, -l vs --list for example):

-
    -
  • pwd: “print working directory”, full absolute path to the current directory.
  • -
  • cd: “change directory”, followed by the absolute or relative path of the directory to change to.
      -
    • Absolute path is started with /, while a relative path is started with ./ or just the name of the folder.
    • -
    • Use .. (two dots) to go up one directory.
    • -
    • An abbreviation of /home/username is ~ (tilde).
    • -
    -
  • -
  • ls: “list” files and directories in current directory, or specify a directory from which to show the list after typing ls. Has many options, the most common ones being:
      -
    • l: use long listing format.
    • -
    • r or reverse: reverse order while sorting.
    • -
    • s: sort by file size, largest first.
    • -
    • a or all: do not ignore entries starting with ..
    • -
    -
  • -
  • mkdir: “make directory”, create a new directory with specified name.
  • -
  • touch: create new (empty) files.
  • -
  • cp: “copy” files or directories (using option r for recursive). Requires file/directory to copy and destination, separated by space.
  • -
  • mv: “move” files or directories, also requires file/directory to copy and destination, separated by space. This is also used to rename files/directories.
  • -
  • rm: “remove”, followed by a file to remove it.
  • -
  • rmdir: “remove empty directory”, followed by a directory to remove it. If the directory is not empty, use rm -r on the directory (“remove recursive”).
  • -
  • su: “switch user”, by default to root user, but another one can be specified.
  • -
  • sudo: “switch user, do”, similar to su, but only to execute a command as root or the specified user.
  • -
  • clear: clear the terminal window, a (common) keyboard shortcut is Ctrl + l.
  • -
  • find: search for files/directories matching a pattern or all contents of a directory (using .).
  • -
  • grep: comes from the ed command “g/re/p”, for searching plain-text for lines that match a regular expression (regex).
  • -
  • top: a task manager program, shows currently running commands and gives important info such as PID (process ID), user who is running that command, command name, cpu and ram usage, etc.. Some useful commands to manage programs running are:
      -
    • pgrep: get the PID of a running process, or a list in chronological order.
    • -
    • kill or pkill: kill a running process either by PID or by name.
    • -
    • killall: similar to pkill.
    • -
    -
  • -
  • ssh: “secure shell” is a remote login client used to connect into a remote machine and executing commands remotely, basically taking control of the remote machine. Widely used when managing servers.
  • -
  • ftp or sftp: “(secure) file transfer protocol” used to transfer files from one machine to another one (usually a server). It’s recommended to use sftp instead of ftp because anyone can look through the packages if it’s not secured (encrypted).
  • -
-

And in general, to see the options supported by almost any command, use command -h or command --help, for a quick explanation. IMPORTANT: Most programs have man (manual) pages; to access them do man command, this is a very powerful tool to use.

-

Commands can be redirected to other commands (the output), which is powerful to create mini scripts or to achieve a goal in a single command. Most of the time the redirection can be done with the special characters >, < and most powerful, the | (pipe). Also, some commands accept an option to execute another command, but this depends on a command to command basis (exec option for find, for example).

-

Most terminal programs accept Ctrl-c or just q to exit the program.

-

File permissions and ownership

-

When listing files with ls -l, an output with file attributes (permissions) and ownership is shown, such as drwxr-xr-x 2 user group 4096 Jul 5 21:03 Desktop, where the first part are the attributes, and user and group the ownership info (all other info is irrelevant for now).

-

File attributes (drwxr-xr-x in the example above) are specified by 10 (sometimes 11) characters, and can be break into 4 parts (or 5):

-
    -
  • The first character is just the file type, typically d for directories or just - for files. There is l too, which is for symlinks.
  • -
  • The next 3 characters represent the permissions that the owner has over the file.
  • -
  • Next 3 the permissions that the group has over the file.
  • -
  • Next 3 the permissions everyone else (others) have over the file.
  • -
  • An optional + character that specifies whether an alternate access method applies to the file. When the character is a space, there is no alterante access method.
  • -
-

Each of the three permission triads (rwx) can be:

-
    -
  • - or r, for the first character, if the file can be read or directory’s content can be shown.
  • -
  • - or w, for the second character, if the file can be modified or the directory’s content can be modified (create new files or folders or rename existing files or folders).
  • -
  • - or x, for the third character, if the file can be executed or the directory can be accessed with cd. Other characters can be present, like s, S, t and T (for more: Arch Linux Wiki: File permissions and attributes).
  • -
-

To change attributes or ownership use chmod and chown, respectively.

-

Services

-

Special type of linux process (think of a program or set of programs that run in the background waiting to be used, or doing essential tasks). There are many ways to manage (start, stop, restart, enable, disable, etc.) services, the most common way (if using systemd) is to just use systemctl. Basic usage of systemctl is systemctl verb service, where verb could be start, enable, stop, disable, restart, etc. Also, to get a general system status run systemctl status or just systemctl for a list of running units (a unit is an instance of a service, or a mount point or even a device or a socket). For more: Arch Linux Wiki: systemd.

-

systemd also provides a way to do tasks based on a timer, where you can schedule from the second to the year. One could also use cron (using crontab with option e) to do this. These timers provide support for calendar time events, monotonic time events, and can be run asynchronously.

-

User and group management

-

Most mainstream linux distributions come with a Graphic User Interface (GUI) to manage users and groups on the system. For a Command-Line Interface (CLI) just use useradd (with passwd to create a password for a given user) and groupadd. Also, other useful commands are usermod, userdel, groups, gpasswd, groupdel and more, each used for a basic management of users/groups like modification, deletion, listing (of all existing users/groups), etc.. For more: Arch Linux Wiki: Users and groups.

-

Networking

-

Hosts file

-

Located at /etc/hosts, serves as a translator from hostname (web addresses or URLs) into IP addresses (think of DNS records), meaning that any URL can be overridden to make it point to whatever IP address it’s specified (only locally on the machine affected). The syntax of the file is pretty simple: first column for IP, second for hostname (URL) and third+ for aliases.

-

(Some) commands

-

These commands serve the sole purpose of showing information about the network and stuff related to it:

-
    -
  • ping: gives information about latency to a given ip/domain.
  • -
  • ifconfig: gives similar information to ipconfig on windows, general info of physical network devices with their addresses and properties. An alternative could be ip addr, depending on the linux distribution being used and programs installed.
  • -
  • tcpdump: “transmission control protocol dump” gives information on all “packets” being sent and received through the network.
  • -
  • netstat: “network statistics” general statistics about network devices usage, display connections to the machine and more.
  • -
  • traceroute: shows the route that the packets go through (how the packets jump from one server to another one) when trying to access an IP (or, for example, a website).
  • -
  • nmap: “network mapper” explore network available hosts, opened ports, reverse DNS names, can guess the operating system of the device, it’s type, MAC address and more.
  • -
-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/mail_server_with_postfix.html b/blog/old_newer/dst/a/mail_server_with_postfix.html deleted file mode 100644 index 5c0af83..0000000 --- a/blog/old_newer/dst/a/mail_server_with_postfix.html +++ /dev/null @@ -1,471 +0,0 @@ - - - - - - - Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM

-

The entry is going to be long because it’s a tedious process. This is also based on Luke Smith’s script, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I’m in the process of installing/configuring the mail server on a new VPS of mine; also I’m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted here.

-

This configuration works for local users (users that appear in /etc/passwd), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges.

-

More in depth configuration is detailed in the Arch Wiki for each package used here.

-

Prerequisites

-

Basically the same as with the website with Nginx and Certbot:

-
    -
  • A domain name. Got mine on Epik (affiliate link, btw).
      -
    • Later we’ll be adding some MX and TXT records.
    • -
    • You also need a CNAME for “mail” and (optionally) “www.mail”, or whatever you want to call the sub-domains (although the RFC 2181 states that it NEEDS to be an A record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on nginx and certbot) with certbot (just create a mail.conf for nginx, similar to how we created it in the website entry).
    • -
    -
  • -
  • A VPS or somewhere else to host. I’m using Vultr (also an affiliate link).
      -
    • ssh configured.
    • -
    • Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use ufw).
    • -
    • With nginx and certbot setup and running.
    • -
    -
  • -
-

Postfix

-

Postfix is a “mail transfer agent” which is the component of the mail server that receives and sends emails via SMTP.

-

Install the postfix package:

-
pacman -S postfix
-
-

We have two main files to configure (inside /etc/postfix): master.cf (master(5)) and main.cf (postconf(5)). We’re going to edit main.cf first either by using the command postconf -e 'setting' or by editing the file itself (I prefer to edit the file).

-

Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke’s script did plus some other settings that worked for me.

-

Now, first locate where your website cert is, mine is at the default location /etc/letsencrypt/live/, so my certdir is /etc/letsencrypt/live/luevano.xyz. Given this information, change {yourcertdir} on the corresponding lines. The configuration described below has to be appended in the main.cf configuration file.

-

Certificates and ciphers to use for authentication and security:

-
smtpd_tls_key_file = {yourcertdir}/privkey.pem
-smtpd_tls_cert_file = {yourcertdir}/fullchain.pem
-smtpd_use_tls = yes
-smtpd_tls_auth_only = yes
-smtp_tls_security_level = may
-smtp_tls_loglevel = 1
-smtp_tls_CAfile = {yourcertdir}/cert.pem
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-tls_preempt_cipherlist = yes
-smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
-                DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
-                RSA+AES, eNULL
-
-smtp_tls_CApath = /etc/ssl/certs
-smtpd_tls_CApath = /etc/ssl/certs
-
-smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
-
-

Also, for the connection with dovecot, append the next few lines (telling postfix that dovecot will use user/password for authentication):

-
smtpd_sasl_auth_enable = yes
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_security_options = noanonymous, noplaintext
-smtpd_sasl_tls_security_options = noanonymous
-
-

Specify the mailbox home (this is going to be a directory inside your user’s home):

-
home_mailbox = Mail/Inbox/
-
-

Pre-configuration to work seamlessly with dovecot and opendkim:

-
myhostname = {yourdomainname}
-mydomain = localdomain
-mydestination = $myhostname, localhost.$mydomain, localhost
-
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:127.0.0.1:8891
-non_smtpd_milters = inet:127.0.0.1:8891
-mailbox_command = /usr/lib/dovecot/deliver
-
-

Where {yourdomainname} is luevano.xyz in my case, or if you have localhost configured to your domain, then use localhost for myhostname (myhostname = localhost).

-

Lastly, if you don’t want the sender’s IP and user agent (application used to send the mail), add the following line:

-
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
-
-

And create the /etc/postfix/smtp_header_checks file with the following content:

-
/^Received: .*/     IGNORE
-/^User-Agent: .*/   IGNORE
-
-

That’s it for main.cf, now we have to configure master.cf. This one is a bit more tricky.

-

First look up lines (they’re uncommented) smtp inet n - n - - smtpd, smtp unix - - n - - smtp and -o syslog_name=postfix/$service_name and either delete or uncomment them… or just run sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf as stated in Luke’s script.

-

Lastly, append the following lines to complete postfix setup and pre-configure for spamassassin.

-
smtp unix - - n - - smtp
-smtp inet n - y - - smtpd
-    -o content_filter=spamassassin
-submission inet n - y - - smtpd
-    -o syslog_name=postfix/submission
-    -o smtpd_tls_security_level=encrypt
-    -o smtpd_sasl_auth_enable=yes
-    -o smtpd_tls_auth_only=yes
-smtps inet n - y - - smtpd
-    -o syslog_name=postfix/smtps
-    -o smtpd_tls_wrappermode=yes
-    -o smtpd_sasl_auth_enable=yes
-spamassassin unix - n n - - pipe
-    user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}
-
-

Now, I ran into some problems with postfix, one being smtps: Servname not supported for ai_socktype, to fix it, as Till posted in that site, edit /etc/services and add:

-
smtps 465/tcp
-smtps 465/udp
-
-

Before starting the postfix service, you need to run newaliases first (but you can do a bit of configuration beforehand). Edit the file /etc/postfix/aliases and edit accordingly. I only change the root: you line (where you is the account that will be receiving “root” mail). Check the Arch Wiki for more info and other alternatives/options. After you’re done, run:

-
postalias /etc/postfix/aliases
-newaliases
-
-

At this point you’re done configuring postfix and you can already start/enable the postfix service:

-
systemctl start postfix.service
-systemctl enable postfix.service
-
-

Dovecot

-

Dovecot is an IMAP and POP3 server, which is what lets an email application retrieve the mail.

-

Install the dovecot and pigeonhole (sieve for dovecot) packages:

-
pacman -S dovecot pigeonhole
-
-

On arch, by default, there is no /etc/dovecot directory with default configurations set in place, but the package does provide the example configuration files. Create the dovecot directory under /etc and, optionally, copy the dovecot.conf file and conf.d directory under the just created dovecot directory:

-
mkdir /etc/dovecot
-cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
-cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
-
-

As Luke stated, dovecot comes with a lot of “modules” (under /etc/dovecot/conf.d/ if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole dovecot.conf file; although, I would like to check each of the separate configuration files dovecot provides I think the options Luke provides are more than good enough.

-

I’m working with an empty dovecot.conf file. Add the following lines for SSL and login configuration (also replace {yourcertdir} with the same certificate directory described in the Postfix section above, note that the < is required):

-
ssl = required
-ssl_cert = <{yourcertdir}/fullchain.pem
-ssl_key = <{yourcertdir}/privkey.pem
-ssl_min_protocol = TLSv1.2
-ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
-ssl_prefer_server_ciphers = yes
-ssl_dh = </etc/dovecot/dh.pem
-
-auth_mechanisms = plain login
-auth_username_format = %n
-protocols = $protocols imap
-
-

You may notice we specify a file we don’t have under /etc/dovecot: dh.pem. We need to create it with openssl (you should already have it installed if you’ve been following this entry and the one for nginx). Just run (might take a few minutes):

-
openssl dhparam -out /etc/dovecot/dh.pem 4096
-
-

After that, the next lines define what a “valid user is” (really just sets the database for users and passwords to be the local users with their password):

-
userdb {
-    driver = passwd
-}
-
-passdb {
-    driver = pam
-}
-
-

Next, comes the mail directory structure (has to match the one described in the Postfix section). Here, the LAYOUT option is important so the boxes are .Sent instead of Sent. Add the next lines (plus any you like):

-
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
-namespace inbox {
-    inbox = yes
-
-    mailbox Drafts {
-        special_use = \Drafts
-        auto = subscribe
-        }
-
-    mailbox Junk {
-        special_use = \Junk
-        auto = subscribe
-        autoexpunge = 30d
-        }
-
-    mailbox Sent {
-        special_use = \Sent
-        auto = subscribe
-        }
-
-    mailbox Trash {
-        special_use = \Trash
-        }
-
-    mailbox Archive {
-        special_use = \Archive
-        }
-}
-
-

Also include this so Postfix can use Dovecot’s authentication system:

-
service auth {
-    unix_listener /var/spool/postfix/private/auth {
-        mode = 0660
-        user = postfix
-        group = postfix
-        }
-}
-
-

Lastly (for dovecot at least), the plugin configuration for sieve (pigeonhole):

-
protocol lda {
-    mail_plugins = $mail_plugins sieve
-}
-
-protocol lmtp {
-    mail_plugins = $mail_plugins sieve
-}
-
-plugin {
-    sieve = ~/.dovecot.sieve
-    sieve_default = /var/lib/dovecot/sieve/default.sieve
-    sieve_dir = ~/.sieve
-    sieve_global_dir = /var/lib/dovecot/sieve/
-
-

Where /var/lib/dovecot/sieve/default.sieve doesn’t exist yet. Create the folders:

-
mkdir -p /var/lib/dovecot/sieve
-
-

And create the file default.sieve inside that just created folder with the content:

-
require ["fileinto", "mailbox"];
-if header :contains "X-Spam-Flag" "YES" {
-    fileinto "Junk";
-}
-
-

Now, if you don’t have a vmail (virtual mail) user, create one and change the ownership of the /var/lib/dovecot directory to this user:

-
grep -q "^vmail:" /etc/passwd || useradd -m vmail -s /usr/bin/nologin
-chown -R vmail:vmail /var/lib/dovecot
-
-

Note that I also changed the shell for vmail to be /usr/bin/nologin. After that, run:

-
sievec /var/lib/dovecot/sieve/default.sieve
-
-

To compile the configuration file (a default.svbin file will be created next to default.sieve).

-

Next, add the following lines to /etc/pam.d/dovecot if not already present (shouldn’t be there if you’ve been following these notes):

-
auth required pam_unix.so nullok
-account required pam_unix.so
-
-

That’s it for dovecot, at this point you can start/enable the dovecot service:

-
systemctl start dovecot.service
-systemctl enable dovecot.service
-
-

OpenDKIM

-

OpenDKIM is needed so services like G**gle (we don’t mention that name here [[[this is a meme]]]) don’t throw the mail to the trash. DKIM stands for “DomainKeys Identified Mail”.

-

Install the opendkim package:

-
pacman -S opendkim
-
-

Generate the keys for your domain:

-
opendkim-genkey -D /etc/opendkim -d {yourdomain} -s {yoursubdomain} -r -b 2048
-
-

Where you need to change {yourdomain} and {yoursubdomain} (doesn’t really need to be the sub-domain, could be anything that describes your key) accordingly, for me it’s luevano.xyz and mail, respectively. After that, we need to create some files inside the /etc/opendkim directory. First, create the file KeyTable with the content:

-
{yoursubdomain}._domainkey.{yourdomain} {yourdomain}:{yoursubdomain}:/etc/opendkim/{yoursubdomain}.private
-
-

So, for me it would be:

-
mail._domainkey.luevano.xyz luevano.xyz:mail:/etc/opendkim/mail.private
-
-

Next, create the file SigningTable with the content:

-
*@{yourdomain} {yoursubdomain}._domainkey.{yourdomain}
-
-

Again, for me it would be:

-
*@luevano.xyz mail._domainkey.luevano.xyz
-
-

And, lastly create the file TrustedHosts with the content:

-
127.0.0.1
-::1
-10.1.0.0/16
-1.2.3.4/24
-localhost
-{yourserverip}
-...
-
-

And more, make sure to include your server IP and something like subdomain.domainname.

-

Next, edit /etc/opendkim/opendkim.conf to reflect the changes (or rather, additions) of these files, as well as some other configuration. You can look up the example configuration file located at /usr/share/doc/opendkim/opendkim.conf.sample, but I’m creating a blank one with the contents:

-
Domain {yourdomain}
-Selector {yoursubdomain}
-
-Syslog Yes
-UserID opendkim
-
-KeyFile /etc/opendkim/{yoursubdomain}.private
-Socket inet:8891@localhost
-
-

Now, change the permissions for all the files inside /etc/opendkim:

-
chown -R root:opendkim /etc/opendkim
-chmod g+r /etc/postfix/dkim/*
-
-

I’m using root:opendkim so opendkim doesn’t complain about the {yoursubdomani}.private being insecure (you can change that by using the option RequireSafeKeys False in the opendkim.conf file, as stated here).

-

That’s it for the general configuration, but you could go more in depth and be more secure with some extra configuration as described in the Arch Wiki entry for OpenDKIM.

-

Now, just start/enable the opendkim service:

-
systemctl start opendkim.service
-systemctl enable opendkim.service
-
-

And don’t forget to add the following TXT records on your domain registrar (these examples are for Epik):

-
    -
  1. DKIM entry: look up your {yoursubdomain}.txt file, it should look something like:
  2. -
-
{yoursubdomain}._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "
-    "p=..."
-    "..." )  ; ----- DKIM key mail for {yourdomain}
-
-

In the TXT record you will place {yoursubdomain}._domainkey as the “Host” and "v=DKIM1; k=rsa; s=email; " "p=..." "..." in the “TXT Value” (replace the dots with the actual value you see in your file).

-
    -
  1. -

    DMARC entry: just _dmarc.{yourdomain} as the “Host” and "v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1" as the “TXT Value”.

    -
  2. -
  3. -

    SPF entry: just @ as the “Host” and "v=spf1 mx a:{yoursubdomain}.{yourdomain} - all" as the “TXT Value”.

    -
  4. -
-

And at this point you could test your mail for spoofing and more, but you don’t know -yet- how to login (it’s really easy, but I’m gonna state that at the end of this entry).

-

SpamAssassin

-

SpamAssassin is just a mail filter to identify spam.

-

Install the spamassassin package (which will install a bunch of ugly perl packages…):

-
pacman -S spamassassin
-
-

For some reason, the permissions on all spamassassin stuff are all over the place. First, change owner of the executables, and directories:

-
chown spamd:spamd /usr/bin/vendor_perl/sa-*
-chown spamd:spamd /usr/bin/vendor_perl/spam*
-chwown -R spamd:spamd /etc/mail/spamassassin
-
-

Then, you can edit local.cf (located in /etc/mail/spamassassin) to fit your needs (I only uncommented the rewrite_header Subject ... line). And then you can run the following command to update the patterns and compile them:

-
sudo -u spamd sa-update
-sudo -u spamd sa-compile
-
-

And since this should be run periodically, create the service spamassassin-update.service under /etc/systemd/system with the following content:

-
[Unit]
-Description=SpamAssassin housekeeping
-After=network.target
-
-[Service]
-User=spamd
-Group=spamd
-Type=oneshot
-
-ExecStart=/usr/bin/vendor_perl/sa-update --allowplugins
-SuccessExitStatus=1
-ExecStart=/usr/bin/vendor_perl/sa-compile
-ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service
-
-

And you could also execute sa-learn to train spamassassin‘s bayes filter, but this works for me. Then create the timer spamassassin-update.timer under the same directory, with the content:

-
[Unit]
-Description=SpamAssassin housekeeping
-
-[Timer]
-OnCalendar=daily
-Persistent=true
-
-[Install]
-WantedBy=timers.target
-
-

You can now start/enable the spamassassin-update timer:

-
systemctl start spamassassin-update.timer
-systemctl enable spamassassin-update.timer
-
-

Next, you may want to edit the spamassassin service before starting and enabling it, because by default, it could spawn a lot of “childs” eating a lot of resources and you really only need one child. Append --max-children=1 to the line ExecStart=... in /usr/bin/systemd/system/spamassassin.service:

-
...
-ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/spamd.sock --listen=localhost --max-children=1
-...
-
-

Finally, start and enable the spamassassin service:

-
systemctl start spamassassin.service
-systemctl enable spamassassin.service
-
-

Wrapping up

-

We should have a working mail server by now. Before continuing check your journal logs (journalctl -xe --unit={unit}, where {unit} could be spamassassin.servicefor example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked (((it just werks on my machine))).

-

Now, to actually use the mail service: first of all, you need a normal account (don’t use root) that belongs to the mail group (gpasswd -a user group to add a user user to group group) and that has a password.

-

Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for thunderdbird(I tested in windows default mail app and you don’t need a lot of settings):

-
    -
  • * server: subdomain.domain (mail.luevano.xyz in my case)
  • -
  • SMTP port: 587
  • -
  • SMTPS port: 465 (I use this one)
  • -
  • IMAP port: 143
  • -
  • IMAPS port: 993 (again, I use this one)
  • -
  • Connection/security: SSL/TLS
  • -
  • Authentication method: Normal password
  • -
  • Username: just your user, not the whole email (david in my case)
  • -
  • Password: your user password (as in the password you use to login to the server with that user)
  • -
-

All that’s left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to DKIM Test and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:

-

DKIM Test successful

-

(Yes, I blurred a lot in the picture just to be sure, either way what’s important is the list on the bottom part of the image)

-

Finally, that’s actually it for this entry, if you have any problem whatsoever you have my info down below.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/new_blogging_system.html b/blog/old_newer/dst/a/new_blogging_system.html deleted file mode 100644 index e3fae20..0000000 --- a/blog/old_newer/dst/a/new_blogging_system.html +++ /dev/null @@ -1,115 +0,0 @@ - - - - - - - I'm using a new blogging system -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

I'm using a new blogging system

-

So, I was tired of working with ssg (and then sbg which was a modified version of ssg that I “wrote”), for one general reason: not being able to extend it as I would like; and not just dumb little stuff, I wanted to be able to have more control, to add tags (which another tool that I found does: blogit), and even more in a future.

-

The solution? Write a new program “from scratch” in pYtHoN. Yes it is bloated, yes it is in its early stages, but it works just as I want it to work, and I’m pretty happy so far with the results and have with even more ideas in mind to “optimize” and generally clean my wOrKfLoW to post new blog entries. I even thought of using it for posting into a “feed” like gallery for drawings or pictures in general.

-

I called it pyssg, because it sounds nice and it wasn’t taken in the PyPi. It is just a terminal program that reads either a configuration file or the options passed as flags when calling the program.

-

It still uses Markdown files because I find them very easy to work with. And instead of just having a “header” and a “footer” applied to each parsed entry, you will have templates (generated with the program) for each piece that I thought made sense (idea taken from blogit): the common header and footer, the common header and footer for each entry and, header, footer and list elements for articles and tags. When parsing the Markdown file these templates are applied and stitched together to make a single HTML file. Also generates an RSS feed and the sitemap.xml file, which is nice.

-

It might sound convoluted, but it works pretty well, with of course room to improve; I’m open to suggestions, issue reporting or direct contributions here. BTW, it only works on Linux for now (and don’t think on making it work on windows, but feel free to do PR for the compatibility).

-

That’s it for now, the new RSS feed is available here: https://blog.luevano.xyz/rss.xml.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/shell_scripting_video_notes.html b/blog/old_newer/dst/a/shell_scripting_video_notes.html deleted file mode 100644 index 3cad225..0000000 --- a/blog/old_newer/dst/a/shell_scripting_video_notes.html +++ /dev/null @@ -1,310 +0,0 @@ - - - - - - - Shell scripting tutorial video notes -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Shell scripting tutorial video notes

-

Another summary, this time about shell scripting in general. And just like with the Linux notes, I also did most of the notes myself or with resources outside the video. The videos in question are: The Bad Tutorials (YT): Shell Scripting Tutorials and Automation with SCripting (YT): Complete Shell Scripting Tutorials. Also, some notes were taken from tutorialspoint: UNIX / LINUX Tutorial and general googling.

-

Basic concepts

-

A shell it’s an interface between the user and the kernel. While the kernel it’s the layer that interacts between the shell and the hardware. And you access the shell either via a terminal, or executing a shell script. Note that if you’re using a GUI environment, you need a terminal emulator to actually use a terminal (most Linux distros come with everything needed, so no need to worry).

-

When using a terminal a blank screen with some text and a cursor that shows you where to type will appear and depending on the shell being used (sh, dash, ksh, bash, zsh, fish, etc.) the prompt will be different. The most common one being of the form user@host:~$, which tells that the user is using host machine and the current working directory is ~ (can be /any/path/ too), and lastly, the $ shows the current privileges of the shell/user using the shell (a $ for normal user and # for root access).

-

To clear the screen use command clear or simply do Ctrl + l (most terminals let you do this) and to cancel or create a new prompt do Ctrl + c, this also cancels any running program that’s using the terminal (typing q when a program is running also stops the process, sometimes).

-

Also there are POSIX (portable operating system interface) compliant shells like sh, dash, ksh, etc., that have a standard syntax and are portable to any Unix system. Non POSIX compliant shells (or not necessary fully POSIX compliant) are bash, zsh, fish, etc., that provide a more modern syntax but lack speed on executing scripts.

-

Common commands/programs

-

A list of common commands or programs with a short description (for more, do man command or command -h or command --help):

-
    -
  • man: an interface to the system reference manuals.
  • -
  • pwd: print name of current/working directory.
  • -
  • cd: change the working directory.
  • -
  • ls: list directory contents.
  • -
  • echo: display a line of text. Also, see escape sequences (Bash Prompt HOWTO: Chapter 2. Bash and Bash Prompts: 2.5. Bash Prompt Escape Sequences).
  • -
  • mkdir: make directories.
  • -
  • touch: change file timestamps (if no file exists, creates a new blank one).
  • -
  • cat: concatenate files and print on the standard output.
  • -
  • mv: move (rename) files.
  • -
  • rm: remove files or directories.
  • -
  • rmdir: remove empty directories.
  • -
  • cp: copy files and directories.
  • -
  • ln: make links between files (hard or soft, also known as symbolic).
  • -
  • umask: get or set the file mode creation mask.
  • -
  • chmod: change file mode bits (change file permissions).
  • -
  • chown: change file owner and group.
  • -
  • wc: print newline, word, and byte counts for each file.
  • -
  • file: determine file type.
  • -
  • sort: sort lines of text files.
  • -
  • cut: remove sections from each line of files.
  • -
  • dd: convert and copy a file (mostly used to make bootable USBs).
  • -
  • compress: compress data.
  • -
  • gzip, gunzip, zcat: compress or expand files.
  • -
  • uname: print system information.
  • -
  • cal: display a calendar.
  • -
  • date: print or set the system date and time.
  • -
  • read: read from standard input into shell variables (also used to read from a file).
  • -
  • tr: translate or delete characters.
  • -
  • readonly: set the readonly attribute for variables.
  • -
  • set: set or unset options and positional parameters.
  • -
  • unset: unset values and attributes of variables and functions.
  • -
  • expr: evaluate expressions.
  • -
  • tput, reset: initialize a terminal or query terminfo database (used for more complex terminal output).
  • -
  • grep, egrep, fgrep: print lines that match patterns (usually used to find text in a file or some text).
  • -
  • sleep: delay for a specified amount of time.
  • -
  • break: exit from for, while, or until loop.
  • -
  • continue: continue for, while, or until loop.
  • -
  • logname: print user’s login name.
  • -
  • write: send a message to another user.
  • -
  • mesg: display (or do not display) messages from other users.
  • -
  • return: return from a function or dot script.
  • -
  • exit: cause the sell to exit.
  • -
-

And some special “commands” or “operators” (for more: gnu: 3.6 Redirections):

-
    -
  • | (pipe): used between two commands and the output from the command from the left serves as input to the command from the right.
  • -
  • >: redirects output to a file, overwriting the file (or creating a new file).
  • -
  • >>: redirects output to a file, appending to the file (or creating a new file).
  • -
-

Shell scripting

-

A shell script is nothing more but a file that contains commands in it; they’re executed in the same order they are present in the file. A shell script file is usually terminated with a .sh extension, independently of the shell being used, but it’s not 100% necessary as in Unix systems, an extension mean nothing, other than distinction (visually) between files. Then one can just have an extension-less file as a script. The script must have execution permissions (chmod +x file), unless shell script is executed in the terminal, where shell could be sh, bash, etc. Comments are created by prepending # to whatever the text should be a comment.

-

It’s common practice to have the first line as a she-bang (#!), which is just a comment telling the interpreter which shell to execute the script with (usable when having the script in your PATH so you only call the name of the script like any other command/program). A she-bang has the syntax #!/path/to/shell some_other_options, the most common she-bangs being: #!/bin/sh, #!/bin/bash, #!/usr/bin/python, etc.

-

Also, some people argue that you shouldn’t use absolute paths, since not all Unix operating systems have the same directory structure, or not all programs are going to be installed in the same folder. So a portable she-bang can be made by prepending /usr/bin/env and the specify the program to run, for example: #!/usr/bin/env bash.

-

Like always… the basic “Hello, world!” script:

-
#!/bin/sh
-echo "Hello, world!"
-
-

Three ways of executing this script (assuming the file name is hw):

-
    -
  1. Type in terminal sh hw.
  2. -
  3. Type in terminal ./hw. Requires the file to have execute permissions.
  4. -
  5. Type in terminal hw. Requires the file to have execute permissions. Requires the file to be in your PATH.
  6. -
-

Variables

-

Variables are case sensitive, meaning that my_var and MY_VAR are different and a variable name can only contain letters and numbers (a-z, A-Z and 0-9) or the underscore character _. Can’t contain a space. Variables are called by prepending $ to the variable name.

-

Like in most programming languages, there are some reserved words like if, select, then, until, while, etc., that can’t be used as variables or as values of variables. For more: D.2 Index of Shell Reserved Words.

-

There is no need to specify a variable type. Anything surrounded by " will be treated as text. You can use booleans, numbers, text and arrays (the implementation of arrays depends on the shell being used). Make a variable readonly by calling readonly variable_name. Basic syntax:

-
    -
  • Text variables: var="my var".
  • -
  • Numeric variables: var=123.
  • -
  • Boolean variables: var=true and var=false.
  • -
  • Arrays (assuming bash is the shell):
      -
    • var[0]=value1, var[...]=..., var[n]=valuen, etc.
    • -
    • var=(value1 ... valuen)
    • -
    • Access single values with ${var[index]} and all values with ${var[*]} or ${var[@]}.
    • -
    -
  • -
-

There are special variables (for more. tutorialspoint: Unix / Linux - Special Variables):

-
    -
  • $: represents the process ID number, or PID, of the current shell.
  • -
  • 0: the filename of the current script.
  • -
  • n: where n can be any whole number, correspond to arguments passed to the script (command arg1 arg2 arg3 argn).
  • -
  • #: number of arguments supplied to the script.
  • -
  • *: all the arguments are double quoted.
  • -
  • @: all the arguments are individually double quoted.
  • -
  • ?: exit status of the last command executed.
  • -
  • !: process number of the last background command.
  • -
-

When calling a script, you can pass optional (or required) positional arguments like: command arg1 arg2 arg3 argn.

-

Note that a variable can also take the output of another command, one common way to do this is using $(command) or `command`, for example: var="$(echo 'this is a command being executed inside the definition of a variable')" which, since the echo command is being run, var="this is a command being executed inside the definition of a variable", which doesn’t seem like much, but there could be any command inside $() or `command`. Note that this is not special to defining variables, could also be used as arguments of another command.

-

Internal Field Separator (IFS)

-

This is used by the shell to determine how to do word splitting (how to recognize word boundaries). The default value for IFS consists of whitespace characters (space, tab and newline). This value can ve overridden by setting the variable IFS to something like, for example, :.

-

Conditionals

-

Exit status

-

Any command being run has an exit status, either 0 or 1, if the command has been executed successfully or otherwise (an error), respectively.

-

if statement

-

Pretty similar to other programming languages, evaluates an expression to a true or false and executes code as specified. if statements can be nested, and follow normal rules of logical operations. Basic syntax is:

-
#!/bin/sh
-if expression
-then
-do_something
-elif another_expression
-then
-do_another_thing
-else
-do_something_else
-fi
-
-

The expression is usually wrapped around [] or [[]], the first being POSIX compliant and the second bash-specific (and other shells).

-

Also, some operators to compare things use == for “equals” and > for “greater than”, for example; while in a POSIX compliant shell, = for “equals” and -gt for “greater than” has to be used. For more operators: tutorialspoint: Unix / Linux - Shell Basic Operators (this also covers logical operators and file test operators).

-

Case statement

-

A common good alternative to multilevel if statements, enables you to match several values against one variable. Basic syntax is:

-
case $var in
-    pattern1)
-        do_something1
-        ;;
-    pattern2)
-        subpattern1)
-            do_subsomething1
-            ;;
-        subpattern2)
-            do_subsomething2
-            ;;
-        *)
-    pattern3|pattern4|...|patternN)
-        do_something3
-        ;;
-    patternM)
-        do_somethingM
-        ;;
-    *)
-        do_something_default
-        ;;
-esac
-
-

Where the * pattern is not necessary but serves the same purpose as a “default” case.

-

Loops

-

Loops enable execution of a set of commands repeatedly. Loops, naturally, can be nested. expression here (in the basic syntax examples) work the same as mentioned in the “if statement” section. For more: tutorialspoint: Unix / Linux - Shell Loop Types.

-

Loop control

-

Similar than other programming languages, there are loop controls to interrupt or continue a loop:

-
* `break` statement.
-* `continue` statement.
-
-

These statements accept an argument that specify from which loop to exit/continue.

-

while loop

-

Enables to execute a set of commands repeatedly until some condition occurs. Basic syntax:

-
#!/bin/sh
-while expression
-do
-    do_something
-done
-
-

until loop

-

Similar to the while loop, the difference is that the while loop is executed as long as a condition is true, but the until loop… until a condition is true. Basic syntax (similar to while loop):

-
#!/bin/sh
-until expression
-do
-    do_something
-done
-
-

for loop

-

Operates on lists of items. It repeats a set of commands for every item in a list. Basic syntax:

-
#!/bin/sh
-for var in word1 word2 ... wordN
-do
-    do_something_with_var
-done
-
-

Where var is the current value (word1, word2, etc.) in the loop and the expression after for can refer to an array, or the output of a command that outputs a list of things, etc.

-

select loop

-

Provides an easy way to create a numbered menu from which users can select options. Basic syntax (similar to for loop):

-
select var in word1 word2 ... wordN
-do
-    do_something_with_var
-done
-
-

Meta characters

-

Meta characters are used to execute several commands on a single line (depending on what it’s needed). The most used meta characters to accomplish this are semi-colon ;, double ampersand && and double “pipe” ||.

-
    -
  • ;: is used to finish one command (similar to some programming languages), after the command on the left of ; is finished (whatever the exit code is), the command on the right will be executed.
  • -
  • &&: similar to ;, but only if the command on the left exits with code 0 (success).
  • -
  • ||: similar to &&, but for exit code 1(error).
  • -
-

Functions

-

Enable to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed (like in any other programming language…). For more: tutorialspoint: Unix / Linux - Shell Functions. Basic syntax:

-
#!/bin/sh
-function_name () {
-    do_something
-}
-
-

Functions can also take arguments and can access their individual arguments (each function will have a different “storage” for their arguments). Functions can also be nested. Here exit will not only will finish the function code, but also the shell script that called it, instead use return plus an exit code to just exit the function.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/sql_video_notes.html b/blog/old_newer/dst/a/sql_video_notes.html deleted file mode 100644 index 471dbf7..0000000 --- a/blog/old_newer/dst/a/sql_video_notes.html +++ /dev/null @@ -1,245 +0,0 @@ - - - - - - - SQL tutorial video notes -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

SQL tutorial video notes

-

I was requested to make summaries of videos about SQL, these are the notes (mostly this is a transcription of what I found useful). The videos in question are: SQL Tutorial - Full Database Course for Beginners, MySQL Tutorial for Beginners [Full Course] and Advanced SQL course | SQL tutorial advanced. Also, some notes were taken from w3schools.com’s SQL Tutorial and MySQL 8.0 Reference Manual.

-

What is a database (DB)?

-

Any collection of related information, such as a phone book, a shopping list, Facebook’s user base, etc.. It can be stored in different ways: on paper, on a computer, in your mind, etc..

-

Database Management Systems (DBMS)

-

A special software program that helps users create and maintain a database that makes it easy to manage large amounts of information, handles security, backups and can connect to programming languages for automation.

-

CRUD

-

The four main operations that a DBMS will do: create, read, update and delete.

-

Two types of databases

-
    -
  • Relational (SQL)
      -
    • Organize data into one or more tables.
    • -
    • Each table has columns and rows.
    • -
    • A unique key identifies each row.
    • -
    -
  • -
  • Non-relational (noSQL/not just SQL)
      -
    • Key-value stores.
    • -
    • Documents (JSON, XML, etc).
    • -
    • Graphs.
    • -
    • Flexible tables.
    • -
    -
  • -
-

Relational databases (RDB) (SQL)

-

When we want to create a RDB we need a Relational Database Management System (RDBMS) that uses Structured Query Language (SQL) which is a standardized language for interacting with RDBMS and it’s used to perform CRUD operations (and other administrative tasks).

-

Non-relational databases (NRDB) (noSQL/not just SQL)

-

Anything that’s not relational, stores data in anything but static tables. Could be a document (JSON, XML, etc.), graph (relational nodes), key-value hash (strings, json, etc.), etc.

-

NRDB also require a Non-Relational Database Management System (NRDBMS) to maintain a database. But it doesn’t have a standardized language for performing CRUD and administrative operations like how RDB have.

-

Database queries

-

A DB query is a request that is made to the (R/NR)DBMS for a specific information. A google search is a query, for example.

-

Tables and keys

-

A table is composed of columns, rows and a primary key. The primary key is unique and identifies one specific row. Columns and rows are trivial, a column identifies a field and has a specific data type (name, email, birth) and a row identifies a table entry (person that contains a name, email and birth).

-

Also, there are foreign keys, it’s purpose is to relate to another database table; this foreign key is unique in it’s own table, but can be repeated where you use it as a foreign key.

-

It’s possible to use the same table keys as foreign keys to make relations inside the same table.

-

SQL basics

-

It’s actually a hybrid language, basically 4 types of languages in one:

-
    -
  • Data Query Language (DQL)
      -
    • Used to query the database for information.
    • -
    • Get information that is already stored there.
    • -
    -
  • -
  • Data Definition Language (DDL)
      -
    • Used for defining database schemas.
    • -
    -
  • -
  • Data Control Language (DCL)
      -
    • Used for controlling access to the data in the database.
    • -
    • User and permissions management.
    • -
    -
  • -
  • Data Manipulation Language (DML)
      -
    • Used for inserting, updating and deleting data from a database.
    • -
    -
  • -
-

Queries

-

A set of instructions given to the RDBMS (written in SQL) that tell the RDBMS what information you want it to retrieve. Instead of getting the whole database, retrieve only a bit of information that you need.

-

Also, SQL keywords can be either lower or upper case, but it’s convention to use upper case. And queries are ended by a semi-colon.

-

Data types

-

Just some SQL data types (for more: MySQL 8.0 Reference Manual: Chapter 11 Data Types, the notation is DATATYPE(SIZE(,SIZE)):

-
    -
  • INT: integer numbers.
  • -
  • DECIMAL(M,N): decimal numbers.
  • -
  • VARCHAR(N): string of text of length N.
  • -
  • BLOB: Binary Large Object, stores large data.
  • -
  • DATE: YYYY-MM-DD.
  • -
  • TIMESTAMP: YYYY-MM-DD HH:MM:SS.
  • -
-

Basic management of tables

-

To create a table, the basic syntax is CREATE TABLE tablename (column1 datatype constraint, column2 datatype constraint, ...), where a constraint could be (for more: MySQL 8.0 Reference Manual: 13.1.20 CREATE TABLE Statement):

-
    -
  • NOT NULL: can’t have a NULL value.
  • -
  • UNIQUE: all values are unique.
  • -
  • PRIMARY KEY: uniquely identifies each row.
  • -
  • FOREIGN KEY: uniquely identifies a row in another table.
  • -
  • CHECK expresion: satisfy a special condition (expresion).
  • -
  • DEFAULT value: if no value is specified use value value.
  • -
  • INDEX: to create and retrieve data from the database very quickly.
  • -
-

Get the table structure with DESCRIBE tablename and delete it with DROP TABLE tablename. Add columns to the table with ALTER TABLE tablename ADD column DATATYPE(N,M), similar syntax to delete a specific column ALTER TABLE tablename DRORP COLUMN column.

-

Add entries to the table with INSERT INTO tablename VALUES(value1, value2, ...) where all the fields must be specified, or INSERT INTO tablename(column1, column2) VALUES(value1, value2) to just add some fields to the new entry. While at it, (all) the table content can be fetched with SELECT * FROM tablename.

-

Basic Updating of entries with UPDATE tablename SET expression1 WHERE expression2, where expression1 could be column = value2 and expression2 could be column = value1, meaning that the value of column will be changed from value1 to value2. Note that the expressions are not limited by column = value, and that the column has to be the same, it would be any expression. Also, this is really extensive as SET can set multiple variables and WHERE take more than one condition by chaining conditions with AND, OR and NOT keywords, for example.

-
ON DELETE statement
-

When an entry needs to be updated somehow based on a modification on a foreign key. If two tables are related to each other, if something is deleted on one end, update the other end in some way.

-

For example on creation of a table, on the specification of a foreign key: CREATE TABLE tablename (..., FOREIGN KEY(column) REFERENCES othertable(othertablecolumn) ON DELETE something). That something could be SET NULL, CASCADE, etc..

-

SELECT queries

-

Instead of doing SELECT * FROM tablename, which gets all the data from a table, more complex SELECT queries can be implemented, such as SELECT column FROM tablename to only get all data from one column of the table. Append LIMIT N to limit the query to N entries. Append WHERE condition to meet a custom condition.

-

Other statements that can be used in conjunction with SELECT are ORDER BY column ASC|DESC, SELECT DISTINCT, MIN(column), MAX(column), COUNT(column), AVG(column), SUM(column), LIKE and more. For more, visit MySQL 8.0 Reference Manual: 13.2.10 SELECT Statement.

-

MySQL uses regular expressions (regex) like pattern matching, some wildcards that can be used with the LIKE statement are:

-
    -
  • %: zero or more characters.
  • -
  • _: a single character.
  • -
  • []: any single character within the brackets.
  • -
  • ^: any character not in the brackets.
  • -
  • -: a range of characters.
  • -
-

An extended regex can be used with the statement REGEX_LIKE(expression); REGEXP and RLIKE are synonyms for REGEX_LIKE. For more: MySQL 8.0 Reference Manual: 3.3.4.7 Pattern Matching.

-

Unions

-

A specialized SQL operator that is used to combine multiple SELECT statements into one. The basic syntax is SELECT ... UNION SELECT ..., where ... is a whole SELECT statement; there can be any amount of unions. There are some rules that apply when doing unions, such as having the same amount of columns on both statements and being of the same data type.

-

Joins

-

Used to combine rows from two or more tables based on a related column between them. Basic syntax is SELECT table1.column1, ..., table2.column1, ... FROM table(1|2) JOIN table(1|2) ON table1.common_column = table2.common_column, where the table specified in the FROM statement is called the “left” table, where the one in the JOIN statement is the “right” table. For more: MySQL 8.0 Reference Manual: 13.2.10.2 JOIN Clause.

-

There are different types of SQL JOINs:

-
    -
  • (INNER) JOIN: returns records that have matching values in both tables.
  • -
  • LEFT (OUTER) JOIN: returns all records from the left table, and the matched records from the right table.
  • -
  • RIGHT (OUTER) JOIN: returns all records from the right table, and the matched records from the left table.
  • -
  • FULL (OUTER) JOIN: returns all records when there is a match in either left or right table.
  • -
-

INNER JOIN -LEFT JOIN -RIGHT JOIN -FULL OUTER JOIN

-

Nested queries

-

A query composed of multiple select statements to get a specific piece of information. This is self explanatory, you do a SELECT query somewhere inside another one, for example SELECT ... IN (SELECT ...), where the nesting is occurring inside the parenthesis after the IN statement.

-

A nesting isn’t constrained to the IN statement, it can appear anywhere, for example in a WHERE statement: SELECT ... WHERE something = (SELECT ...).

-

Triggers

-

A block of SQL code that will define a certain action that will happen when a specific operation is performed on the database. It is recommended to change the DELIMITER temporarily from semi-colon to something else (since we need to use semi-colon to end the trigger) while the trigger is created. The basic syntax is CREATE TRIGGER trigername triggertime triggerevent ON tablename FOR EACH ROW triggerorder triggerbody. For more: MySQL 8.0 Reference Manual: 13.1.22 CREATE TRIGGER Statement and MySQL 8.0 Reference Manual: 25.3.1 Trigger Syntax and Examples.

-

Entity Relationship Diagrams (ERD)

-

When designing a database it’s important to define a database schema which is just a definition of all the different tables and their attributes that are going to live inside the database. So, basically, an ERD diagram is a diagram that consists of text, symbols and shapes that are combined to create a relationship model.

-

The diagram consists of:

-
    -
  • Entity: a square with the name of the entity inside it.
  • -
  • Attributes: ovals with the name of the attributes inside it; an attribute defines specific pieces of information about an entity (columns).
  • -
  • Primary key: same as with attributes but with name underlined; the primary key uniquely identifies the entity.
  • -
  • Composite attribute: an attribute that consists on one or more (sub-)attributes.
  • -
  • Multi-valued attribute: oval with another oval inside it and the name of the attribute.
  • -
  • Derived attribute: dotted oval; this attribute can be derived from other attributes from the entity.
  • -
  • Relationship: a diamond with the relationship name in it, for the connections a single line (partial participation) or a doubled line (total participation); it denotes how two or more attributes are related to each other; all members must participate in the relationship.
  • -
  • Relationship attribute: denoted like a normal attribute, but it’s child of a relationship; it defines what attributes exists because of the relationship, it’s not stored in any of the entities related, but on the relationship object itself.
  • -
  • Relationship cardinality: denoted with a number on the line connecting the relationship to the entity; detones the number of instances of an entity from a relation that can be associated with the relation.
  • -
  • Weak entity: rectangle inside a rectangle with its name inside; it cannot be uniquely identified by its attributes alone.
  • -
  • Weak entity’s primary key: oval with its text underlined, but the line is dotted.
  • -
  • Identifying relationship: a diamond inside a diamond with its name inside; a relationship that serves to uniquely identify the weak entity.
  • -
-

ERD example taken from wikipedia

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/a/website_with_nginx.html b/blog/old_newer/dst/a/website_with_nginx.html deleted file mode 100644 index 0912da6..0000000 --- a/blog/old_newer/dst/a/website_with_nginx.html +++ /dev/null @@ -1,221 +0,0 @@ - - - - - - - Create a website with Nginx and Certbot -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Create a website with Nginx and Certbot

-

These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke’s video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I’m configuring the web server again on a new VPS instance, so this is going to be fresh.

-

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I’m doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

-

Prerequisites

-

You will need two things:

-
    -
  • A domain name (duh!). I got mine on Epik (affiliate link, btw).
      -
    • With the corresponding A and AAA records pointing to the VPS’ IPs (“A” record points to the ipv4 address and “AAA” to the ipv6, basically). I have three records for each type: empty one, “www” and “*” for a wildcard, that way “domain.name”, “www.domain.name”, “anythingelse.domain.name” point to the same VPS (meaning that you can have several VPS for different sub-domains).
    • -
    -
  • -
  • A VPS or somewhere else to host it. I’m using Vultr (also an affiliate link).
      -
    • With ssh already configured both on the local machine and on the remote machine.
    • -
    • Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use ufw so it’s just a matter of doing ufw allow 80,443/tcp as root and you’re golden.
    • -
    • cron installed if you follow along (you could use systemd timers, or some other method you prefer to automate running commands every X time).
    • -
    -
  • -
-

Nginx

-

You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it’s the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

-
pacman -S nginx-mainline
-systemctl enable nginx.service
-systemctl start nginx.service
-
-

And that’s it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this:

-

Nginx welcome page

-

As stated in the welcome page, configuration is needed, head to the directory of nginx:

-
cd /etc/nginx
-
-

Here you have several files, the important one is nginx.conf, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it’s common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).

-

Inside the nginx.conf file, delete the server blocks and add the lines include sites-enabled/*; (to look into individual server configuration files) and types_hash_max_size 4096; (to get rid of an ugly warning that will keep appearing) somewhere inside the http block. The final nginx.conf file would look something like (ignoring the comments just for clarity, but you can keep them as side notes):

-
worker_processes 1;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include sites-enabled/*;
-    include mime.types;
-    default_type application/octet-stream;
-
-    sendfile on;
-
-    keepalive_timeout 65;
-
-    types_hash_max_size 4096;
-}
-
-

Next, inside the directory /etc/nginx/ create the sites-available and sites-enabled, and go into the sites-available one:

-
mkdir sites-available
-mkdir sites-enabled
-cd sites-available
-
-

Here, create a new .conf file for your website and add the following lines (this is just the sample content more or less):

-
server {
-    listen 80;
-    listen [::]:80;
-
-    root /path/to/root/directory;
-    server_name domain.name another.domain.name;
-    index index.html anotherindex.otherextension;
-
-    location /{
-        try_files $uri $uri/ =404;
-    }
-}
-
-

Note several things:

-
    -
  • listen: we’re telling nginx which port to listen to (ipv4 and ipv6, respectively).
  • -
  • root: the root directory of where the website files (.html, .css, .js, etc. files) are located. I followed Luke’s directory path /var/www/some_folder.
  • -
  • server_name: the actual domain to “listen” to (for my website it is: server_name luevano.xyz www.luevano.xyz; and for this blog is: server_name blog.luevano.xyz www.blog.luevano.xyz).
  • -
  • index: what file to serve as the index (could be any .html, .htm, .php, etc. file) when just entering the website.
  • -
  • location: used in case of different configurations across different URL paths.
      -
    • try_files: tells what files to look for, don’t look into this too much for now.
    • -
    -
  • -
-

Then, make a symbolic from this config file to the sites-enabled directory:

-
ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
-
-

This is so the nginx.conf file can look up the newly created server config. With this method of having each server configuration file separate you can easily “deactivate” any website by just deleting the symbolic link in sites-enabled and you’re good, or just add new configuration files and keep everything nice and tidy.

-

All you have to do now is restart (or enable and start if you haven’t already) the nginx service (and optionally test the configuration):

-
nginx -t
-systemctl restart nginx
-
-

If everything goes correctly, you can now go to your website by typing “domain.name” on a web browser. But you will see a “404 Not Found” page like the following (maybe with different nginx version):

-

Nginx 404 page

-

That’s no problem, because it means that the web server it’s actually working. Just add an index.html file with something simple to see it in action. If you keep seeing the 404 page make sure your root line is correct and that the directory/index file exists.

-

I like to remove the .html and trailing / on the URLs of my website, for that you need to add the following rewrite lines and modify the try_files line (for more: Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config):

-
server {
-    ...
-    rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
-    rewrite ^/(.*)/$ /$1 permanent;
-    ...
-    try_files $uri/index.html $uri.html $uri/ $uri =404;
-    ...
-
-

For more: Arch Linux Wiki: nginx.

-

Certbot

-

The only “bad” (bloated) thing about certbot, is that it uses python, but for me it doesn’t matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

-
pacman -S certbot certbot-nginx
-
-

After that, all you have to do now is run certbot and follow the instructions given by the tool:

-
certbot --nginx
-
-

It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to “say yes” to the redirection from http to https. And that’s it, you can now go to your website and see that you have https active.

-

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

-
crontab -e
-
-

And a file will be opened where you need to add a new rule for certbot, just append the line: 1 1 1 * * certbot renew (renew on the first day of every month) and you’re good. Alternatively use systemd timers as stated in the Arch Linux Wiki.

-

For more: Arch Linux Wiki: Certbot.

-

That’s it, you now have a website with SSL certificate.

-
- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/index.html b/blog/old_newer/dst/index.html deleted file mode 100644 index 092c4d4..0000000 --- a/blog/old_newer/dst/index.html +++ /dev/null @@ -1,127 +0,0 @@ - - - - - - - Index -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Index -- Luévano's Blog

- -

-Welcome to my blog where I'll post whatever I please, ranging from rants to how-to's. Además, este pex va a estar en español e inglés porque quiero (no una mezcla en cada entrada, pero sí entradas completas en diferentes lenguajes). -

- -

-Get the RSS feed: https://blog.luevano.xyz/rss.xml -

- -

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/robots.txt b/blog/old_newer/dst/robots.txt deleted file mode 100644 index f6dd30e..0000000 --- a/blog/old_newer/dst/robots.txt +++ /dev/null @@ -1,3 +0,0 @@ -User-agent: * -Allow: / -Sitemap: https://blog.luevano.xyz/sitemap.xml diff --git a/blog/old_newer/dst/rss.xml b/blog/old_newer/dst/rss.xml deleted file mode 100644 index c700047..0000000 --- a/blog/old_newer/dst/rss.xml +++ /dev/null @@ -1,1142 +0,0 @@ - - - - Luévano's Blog - https://blog.luevano.xyz - - A personal weblog ranging from rants to how to's and other thoughts. - en-us - Blog - Copyright 2021 David Luévano Alvarado - david@luevano.xyz (David Luévano Alvarado) - david@luevano.xyz (David Luévano Alvarado) - Fri, 04 Jun 2021 08:27:09 GMT - Fri, 04 Jun 2021 08:27:09 GMT - pyssg v0.4.1 - https://validator.w3.org/feed/docs/rss2.html - 30 - - https://static.luevano.xyz/images/blog.png - Luévano's Blog - https://blog.luevano.xyz - - - Así nomás está quedando el página - https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html - https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html - Fri, 04 Jun 2021 08:24:03 GMT - Short - Spanish - Update - Actualización en el estado de la página, el servidor de XMPP y Matrix que me acomodé y próximas cosas que quiero hacer. - Estuve acomodando un poco más el sItIo, al fin agregué la “sección” de contact y de donate por si hay algún loco que quiere tirar varo.

-

También me puse a acomodar un servidor de XMPP el cual, en pocas palabras, es un protocolo de mensajería instantánea (y más) descentralizado, por lo cual cada quien puede hacer una cuenta en el servidor que quiera y conectarse con cuentas creadas en otro servidor… exacto, como con los correos electrónicos. Y esto está perro porque si tú tienes tu propio server, así como con uno de correo electrónico, puedes controlar qué características tiene, quiénes pueden hacer cuenta, si hay end-to-end encryption (o mínimo end-to-server), entre un montón de otras cosas.

-

Ahorita este server es SUMISO (compliant en español, jeje) para jalar con la app conversations y con la red social movim, pero realmente funcionaría con casi cualquier cliente de XMPP, amenos que ese cliente implemente algo que no tiene mi server. Y también acomodé un server de Matrix que es muy similar pero es bajo otro protocolo y se siente más como un discord/slack (al menos en el element), muy chingón también.

-

Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el pyssg para que jale chido para este pex.

-

Ya por último también quiero moverle un poco al CSS, porque lo dejé en un estado muy culerón y quiero meterle/ajustar unas cosas para que quede más limpio y medianamente bonito… dentro de lo que cabe porque evidentemente me vale verga si se ve como una página del 2000.

]]>
-
- - I'm using a new blogging system - https://blog.luevano.xyz/a/new_blogging_system.html - https://blog.luevano.xyz/a/new_blogging_system.html - Fri, 28 May 2021 03:21:39 GMT - English - Short - Tools - Update - I created a new blogging system called pyssg, which is based on what I was using but, to be honest, better. - So, I was tired of working with ssg (and then sbg which was a modified version of ssg that I “wrote”), for one general reason: not being able to extend it as I would like; and not just dumb little stuff, I wanted to be able to have more control, to add tags (which another tool that I found does: blogit), and even more in a future.

-

The solution? Write a new program “from scratch” in pYtHoN. Yes it is bloated, yes it is in its early stages, but it works just as I want it to work, and I’m pretty happy so far with the results and have with even more ideas in mind to “optimize” and generally clean my wOrKfLoW to post new blog entries. I even thought of using it for posting into a “feed” like gallery for drawings or pictures in general.

-

I called it pyssg, because it sounds nice and it wasn’t taken in the PyPi. It is just a terminal program that reads either a configuration file or the options passed as flags when calling the program.

-

It still uses Markdown files because I find them very easy to work with. And instead of just having a “header” and a “footer” applied to each parsed entry, you will have templates (generated with the program) for each piece that I thought made sense (idea taken from blogit): the common header and footer, the common header and footer for each entry and, header, footer and list elements for articles and tags. When parsing the Markdown file these templates are applied and stitched together to make a single HTML file. Also generates an RSS feed and the sitemap.xml file, which is nice.

-

It might sound convoluted, but it works pretty well, with of course room to improve; I’m open to suggestions, issue reporting or direct contributions here. BTW, it only works on Linux for now (and don’t think on making it work on windows, but feel free to do PR for the compatibility).

-

That’s it for now, the new RSS feed is available here: https://blog.luevano.xyz/rss.xml.

]]>
-
- - Create a git server and setup cgit web app (on Nginx) - https://blog.luevano.xyz/a/git_server_with_cgit.html - https://blog.luevano.xyz/a/git_server_with_cgit.html - Sun, 21 Mar 2021 19:00:29 GMT - English - Server - Tools - Tutorial - How to create a git server using cgit on a server running Nginx. This is a follow up on post about creating a website with Nginx and Certbot. - My git server is all I need to setup to actually kill my other server (I’ve been moving from servers on these last 2-3 blog entries), that’s why I’m already doing this entry. I’m basically following git’s guide on setting up a server plus some specific stuff for (btw i use) Arch Linux (Arch Linux Wiki: Git server and Step by step guide on setting up git server in arch linux (pushable)).

-

Note that this is mostly for personal use, so there’s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.

-

Prerequisites

-

I might get tired of saying this (it’s just copy paste, basically)… but similar as before (check my website and mail entries):

-
    -
  • (This time, optional) A domain name if you want to have a “front end” to show your repositories. Got mine on Epik (affiliate link, btw).
      -
    • With a CNAME for “git” and (optionally) “www.git”, or some other name for your sub-domains.
    • -
    -
  • -
  • A VPS or somewhere else to host. I’m using Vultr (also an affiliate link).
      -
    • ssh configured.
    • -
    • (Optionally, if doing the domain name thingy) With nginx and certbot setup and running.
    • -
    • Of course, git already installed (it should be a must have always).
    • -
    -
  • -
-

git server

-

If not installed already, install the git package:

-
pacman -S git
-
-

On Arch Linux, when you install the git package, a git user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on /home/git like if git was a “normal” user. So, create the git folder (with corresponding permissions) under /home and set the git user’s home to /home/git:

-
mkdir /home/git
-chown git:git /home/git
-usermod -d /home/git git
-
-

Also, the git user is “expired” by default and will be locked (needs a password), change that with:

-
chage -E -1 git
-passwd git
-
-

Give it a strong one and remember to use PasswordAuthentication no for ssh (as you should). Create the .ssh/authorized_keys for the git user and set the permissions accordingly:

-
mkdir /home/git/.ssh
-chmod 700 /home/git/.ssh
-touch /home/git/.ssh/authorized_keys
-chmod 600 /home/git/.ssh/authorized_keys
-chown -R git:git /home/git
-
-

Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using ssh‘s built in ssh-copy-id (for that you may want to check your ssh configuration in case you don’t let people access your server with user/password).

-

Next, and almost finally, we need to edit the git-daemon service, located at /usr/lib/systemd/system/ (called git-daemon@.service):

-
...
-ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack
-...
-
-

I just appended --enable=receive-pack and note that I also changed the --base-path to reflect where I want to serve my repositories from (has to match what you set when changing git user’s home).

-

Now, go ahead and start and enable the git-daemon socket:

-
systemctl start git-daemon.socket
-systemctl enable git-daemon.socket
-
-

You’re basically done. Now you should be able to push/pull repositories to your server… except, you haven’t created any repository in your server, that’s right, they’re not created automatically when trying to push. To do so, you have to do the following sequence (assuming you’re “cd‘ed” into the /home/git directory):

-
mkdir {repo_name}.git
-cd {repo_name}.git
-
-

Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame… although there are options to “automate” this, I like it this way).

-

After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed here.

-

cgit

-

This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of Arch Linux Wiki: Cgit so you can go there and get more in-depth configurations.

-

Install the cgit and fcgiwrap packages:

-
pacman -S cgit fcgiwrap
-
-

Now, just start and enable the fcgiwrap socket:

-
systemctl start fcgiwrap.socket
-systemctl enable fcgiwrap.socket
-
-

Next, the way I configure nginx is creating a separate file {module}.conf (git.conf in this case) under /etc/nginx/sites-available and create a symlink to /etc/nginx/sites-enabled as stated in my nginx setup entry. Add the following lines to your git.conf file:

-
server {
-    listen 80;
-    listen [::]:80;
-    root /usr/share/webapps/cgit;
-    server_name {yoursubdomain}.{yourdomain};
-    try_files $uri @cgit;
-
-    location @cgit {
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
-        fastcgi_param PATH_INFO $uri;
-        fastcgi_param QUERY_STRING $args;
-        fastcgi_param HTTP_HOST $server_name;
-        fastcgi_pass unix:/run/fcgiwrap.sock;
-    }
-}
-
-

Where the server_name line depends on you, I have mine setup to git.luevano.xyz and www.git.luevano.xyz. Optionally run certbot --nginx to get a certificate for those domains if you don’t have already.

-

Now, all that’s left is to configure cgit. Create the configuration file /etc/cgitrc with the following content (my personal options, pretty much the default):

-
css=/cgit.css
-source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
-logo=/cgit.png
-
-enable-http-clone=1
-# robots=noindex, nofollow
-virtual-root=/
-
-repo.url={url}
-repo.path={dir_path}
-repo.owner={owner}
-repo.desc={short_description}
-
-...
-
-

Where you can uncomment the robots line to let web crawlers (like Google’s) to index your git web app. And at the end keep all your repositories (the ones you want to make public), for example for my dotfiles I have:

-
...
-repo.url=.dots
-repo.path=/home/git/.dots.git
-repo.owner=luevano
-repo.desc=These are my personal dotfiles.
-...
-
-

Otherwise you could let cgit to automatically detect your repositories (you have to be careful if you want to keep “private” repos) using the option scan-path and setup .git/description for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check cgitrc(5).

-

Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for cgit and also the Arch Wiki goes in detail on how to setup highlighting with two different packages.

]]>
-
- - Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM - https://blog.luevano.xyz/a/mail_server_with_postfix.html - https://blog.luevano.xyz/a/mail_server_with_postfix.html - Sun, 21 Mar 2021 04:05:59 GMT - English - Server - Tools - Tutorial - How to create mail server using Postfix, Dovecot, SpamAssassin and OpenDKIM. This is a follow up on post about creating a website with Nginx and Certbot. - The entry is going to be long because it’s a tedious process. This is also based on Luke Smith’s script, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I’m in the process of installing/configuring the mail server on a new VPS of mine; also I’m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted here.

-

This configuration works for local users (users that appear in /etc/passwd), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges.

-

More in depth configuration is detailed in the Arch Wiki for each package used here.

-

Prerequisites

-

Basically the same as with the website with Nginx and Certbot:

-
    -
  • A domain name. Got mine on Epik (affiliate link, btw).
      -
    • Later we’ll be adding some MX and TXT records.
    • -
    • You also need a CNAME for “mail” and (optionally) “www.mail”, or whatever you want to call the sub-domains (although the RFC 2181 states that it NEEDS to be an A record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on nginx and certbot) with certbot (just create a mail.conf for nginx, similar to how we created it in the website entry).
    • -
    -
  • -
  • A VPS or somewhere else to host. I’m using Vultr (also an affiliate link).
      -
    • ssh configured.
    • -
    • Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use ufw).
    • -
    • With nginx and certbot setup and running.
    • -
    -
  • -
-

Postfix

-

Postfix is a “mail transfer agent” which is the component of the mail server that receives and sends emails via SMTP.

-

Install the postfix package:

-
pacman -S postfix
-
-

We have two main files to configure (inside /etc/postfix): master.cf (master(5)) and main.cf (postconf(5)). We’re going to edit main.cf first either by using the command postconf -e 'setting' or by editing the file itself (I prefer to edit the file).

-

Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke’s script did plus some other settings that worked for me.

-

Now, first locate where your website cert is, mine is at the default location /etc/letsencrypt/live/, so my certdir is /etc/letsencrypt/live/luevano.xyz. Given this information, change {yourcertdir} on the corresponding lines. The configuration described below has to be appended in the main.cf configuration file.

-

Certificates and ciphers to use for authentication and security:

-
smtpd_tls_key_file = {yourcertdir}/privkey.pem
-smtpd_tls_cert_file = {yourcertdir}/fullchain.pem
-smtpd_use_tls = yes
-smtpd_tls_auth_only = yes
-smtp_tls_security_level = may
-smtp_tls_loglevel = 1
-smtp_tls_CAfile = {yourcertdir}/cert.pem
-smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
-tls_preempt_cipherlist = yes
-smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
-                DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
-                RSA+AES, eNULL
-
-smtp_tls_CApath = /etc/ssl/certs
-smtpd_tls_CApath = /etc/ssl/certs
-
-smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
-
-

Also, for the connection with dovecot, append the next few lines (telling postfix that dovecot will use user/password for authentication):

-
smtpd_sasl_auth_enable = yes
-smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth
-smtpd_sasl_security_options = noanonymous, noplaintext
-smtpd_sasl_tls_security_options = noanonymous
-
-

Specify the mailbox home (this is going to be a directory inside your user’s home):

-
home_mailbox = Mail/Inbox/
-
-

Pre-configuration to work seamlessly with dovecot and opendkim:

-
myhostname = {yourdomainname}
-mydomain = localdomain
-mydestination = $myhostname, localhost.$mydomain, localhost
-
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:127.0.0.1:8891
-non_smtpd_milters = inet:127.0.0.1:8891
-mailbox_command = /usr/lib/dovecot/deliver
-
-

Where {yourdomainname} is luevano.xyz in my case, or if you have localhost configured to your domain, then use localhost for myhostname (myhostname = localhost).

-

Lastly, if you don’t want the sender’s IP and user agent (application used to send the mail), add the following line:

-
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
-
-

And create the /etc/postfix/smtp_header_checks file with the following content:

-
/^Received: .*/     IGNORE
-/^User-Agent: .*/   IGNORE
-
-

That’s it for main.cf, now we have to configure master.cf. This one is a bit more tricky.

-

First look up lines (they’re uncommented) smtp inet n - n - - smtpd, smtp unix - - n - - smtp and -o syslog_name=postfix/$service_name and either delete or uncomment them… or just run sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf as stated in Luke’s script.

-

Lastly, append the following lines to complete postfix setup and pre-configure for spamassassin.

-
smtp unix - - n - - smtp
-smtp inet n - y - - smtpd
-    -o content_filter=spamassassin
-submission inet n - y - - smtpd
-    -o syslog_name=postfix/submission
-    -o smtpd_tls_security_level=encrypt
-    -o smtpd_sasl_auth_enable=yes
-    -o smtpd_tls_auth_only=yes
-smtps inet n - y - - smtpd
-    -o syslog_name=postfix/smtps
-    -o smtpd_tls_wrappermode=yes
-    -o smtpd_sasl_auth_enable=yes
-spamassassin unix - n n - - pipe
-    user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}
-
-

Now, I ran into some problems with postfix, one being smtps: Servname not supported for ai_socktype, to fix it, as Till posted in that site, edit /etc/services and add:

-
smtps 465/tcp
-smtps 465/udp
-
-

Before starting the postfix service, you need to run newaliases first (but you can do a bit of configuration beforehand). Edit the file /etc/postfix/aliases and edit accordingly. I only change the root: you line (where you is the account that will be receiving “root” mail). Check the Arch Wiki for more info and other alternatives/options. After you’re done, run:

-
postalias /etc/postfix/aliases
-newaliases
-
-

At this point you’re done configuring postfix and you can already start/enable the postfix service:

-
systemctl start postfix.service
-systemctl enable postfix.service
-
-

Dovecot

-

Dovecot is an IMAP and POP3 server, which is what lets an email application retrieve the mail.

-

Install the dovecot and pigeonhole (sieve for dovecot) packages:

-
pacman -S dovecot pigeonhole
-
-

On arch, by default, there is no /etc/dovecot directory with default configurations set in place, but the package does provide the example configuration files. Create the dovecot directory under /etc and, optionally, copy the dovecot.conf file and conf.d directory under the just created dovecot directory:

-
mkdir /etc/dovecot
-cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
-cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
-
-

As Luke stated, dovecot comes with a lot of “modules” (under /etc/dovecot/conf.d/ if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole dovecot.conf file; although, I would like to check each of the separate configuration files dovecot provides I think the options Luke provides are more than good enough.

-

I’m working with an empty dovecot.conf file. Add the following lines for SSL and login configuration (also replace {yourcertdir} with the same certificate directory described in the Postfix section above, note that the < is required):

-
ssl = required
-ssl_cert = <{yourcertdir}/fullchain.pem
-ssl_key = <{yourcertdir}/privkey.pem
-ssl_min_protocol = TLSv1.2
-ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
-ssl_prefer_server_ciphers = yes
-ssl_dh = </etc/dovecot/dh.pem
-
-auth_mechanisms = plain login
-auth_username_format = %n
-protocols = $protocols imap
-
-

You may notice we specify a file we don’t have under /etc/dovecot: dh.pem. We need to create it with openssl (you should already have it installed if you’ve been following this entry and the one for nginx). Just run (might take a few minutes):

-
openssl dhparam -out /etc/dovecot/dh.pem 4096
-
-

After that, the next lines define what a “valid user is” (really just sets the database for users and passwords to be the local users with their password):

-
userdb {
-    driver = passwd
-}
-
-passdb {
-    driver = pam
-}
-
-

Next, comes the mail directory structure (has to match the one described in the Postfix section). Here, the LAYOUT option is important so the boxes are .Sent instead of Sent. Add the next lines (plus any you like):

-
mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
-namespace inbox {
-    inbox = yes
-
-    mailbox Drafts {
-        special_use = \Drafts
-        auto = subscribe
-        }
-
-    mailbox Junk {
-        special_use = \Junk
-        auto = subscribe
-        autoexpunge = 30d
-        }
-
-    mailbox Sent {
-        special_use = \Sent
-        auto = subscribe
-        }
-
-    mailbox Trash {
-        special_use = \Trash
-        }
-
-    mailbox Archive {
-        special_use = \Archive
-        }
-}
-
-

Also include this so Postfix can use Dovecot’s authentication system:

-
service auth {
-    unix_listener /var/spool/postfix/private/auth {
-        mode = 0660
-        user = postfix
-        group = postfix
-        }
-}
-
-

Lastly (for dovecot at least), the plugin configuration for sieve (pigeonhole):

-
protocol lda {
-    mail_plugins = $mail_plugins sieve
-}
-
-protocol lmtp {
-    mail_plugins = $mail_plugins sieve
-}
-
-plugin {
-    sieve = ~/.dovecot.sieve
-    sieve_default = /var/lib/dovecot/sieve/default.sieve
-    sieve_dir = ~/.sieve
-    sieve_global_dir = /var/lib/dovecot/sieve/
-
-

Where /var/lib/dovecot/sieve/default.sieve doesn’t exist yet. Create the folders:

-
mkdir -p /var/lib/dovecot/sieve
-
-

And create the file default.sieve inside that just created folder with the content:

-
require ["fileinto", "mailbox"];
-if header :contains "X-Spam-Flag" "YES" {
-    fileinto "Junk";
-}
-
-

Now, if you don’t have a vmail (virtual mail) user, create one and change the ownership of the /var/lib/dovecot directory to this user:

-
grep -q "^vmail:" /etc/passwd || useradd -m vmail -s /usr/bin/nologin
-chown -R vmail:vmail /var/lib/dovecot
-
-

Note that I also changed the shell for vmail to be /usr/bin/nologin. After that, run:

-
sievec /var/lib/dovecot/sieve/default.sieve
-
-

To compile the configuration file (a default.svbin file will be created next to default.sieve).

-

Next, add the following lines to /etc/pam.d/dovecot if not already present (shouldn’t be there if you’ve been following these notes):

-
auth required pam_unix.so nullok
-account required pam_unix.so
-
-

That’s it for dovecot, at this point you can start/enable the dovecot service:

-
systemctl start dovecot.service
-systemctl enable dovecot.service
-
-

OpenDKIM

-

OpenDKIM is needed so services like G**gle (we don’t mention that name here [[[this is a meme]]]) don’t throw the mail to the trash. DKIM stands for “DomainKeys Identified Mail”.

-

Install the opendkim package:

-
pacman -S opendkim
-
-

Generate the keys for your domain:

-
opendkim-genkey -D /etc/opendkim -d {yourdomain} -s {yoursubdomain} -r -b 2048
-
-

Where you need to change {yourdomain} and {yoursubdomain} (doesn’t really need to be the sub-domain, could be anything that describes your key) accordingly, for me it’s luevano.xyz and mail, respectively. After that, we need to create some files inside the /etc/opendkim directory. First, create the file KeyTable with the content:

-
{yoursubdomain}._domainkey.{yourdomain} {yourdomain}:{yoursubdomain}:/etc/opendkim/{yoursubdomain}.private
-
-

So, for me it would be:

-
mail._domainkey.luevano.xyz luevano.xyz:mail:/etc/opendkim/mail.private
-
-

Next, create the file SigningTable with the content:

-
*@{yourdomain} {yoursubdomain}._domainkey.{yourdomain}
-
-

Again, for me it would be:

-
*@luevano.xyz mail._domainkey.luevano.xyz
-
-

And, lastly create the file TrustedHosts with the content:

-
127.0.0.1
-::1
-10.1.0.0/16
-1.2.3.4/24
-localhost
-{yourserverip}
-...
-
-

And more, make sure to include your server IP and something like subdomain.domainname.

-

Next, edit /etc/opendkim/opendkim.conf to reflect the changes (or rather, additions) of these files, as well as some other configuration. You can look up the example configuration file located at /usr/share/doc/opendkim/opendkim.conf.sample, but I’m creating a blank one with the contents:

-
Domain {yourdomain}
-Selector {yoursubdomain}
-
-Syslog Yes
-UserID opendkim
-
-KeyFile /etc/opendkim/{yoursubdomain}.private
-Socket inet:8891@localhost
-
-

Now, change the permissions for all the files inside /etc/opendkim:

-
chown -R root:opendkim /etc/opendkim
-chmod g+r /etc/postfix/dkim/*
-
-

I’m using root:opendkim so opendkim doesn’t complain about the {yoursubdomani}.private being insecure (you can change that by using the option RequireSafeKeys False in the opendkim.conf file, as stated here).

-

That’s it for the general configuration, but you could go more in depth and be more secure with some extra configuration as described in the Arch Wiki entry for OpenDKIM.

-

Now, just start/enable the opendkim service:

-
systemctl start opendkim.service
-systemctl enable opendkim.service
-
-

And don’t forget to add the following TXT records on your domain registrar (these examples are for Epik):

-
    -
  1. DKIM entry: look up your {yoursubdomain}.txt file, it should look something like:
  2. -
-
{yoursubdomain}._domainkey IN TXT ( "v=DKIM1; k=rsa; s=email; "
-    "p=..."
-    "..." )  ; ----- DKIM key mail for {yourdomain}
-
-

In the TXT record you will place {yoursubdomain}._domainkey as the “Host” and "v=DKIM1; k=rsa; s=email; " "p=..." "..." in the “TXT Value” (replace the dots with the actual value you see in your file).

-
    -
  1. -

    DMARC entry: just _dmarc.{yourdomain} as the “Host” and "v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1" as the “TXT Value”.

    -
  2. -
  3. -

    SPF entry: just @ as the “Host” and "v=spf1 mx a:{yoursubdomain}.{yourdomain} - all" as the “TXT Value”.

    -
  4. -
-

And at this point you could test your mail for spoofing and more, but you don’t know -yet- how to login (it’s really easy, but I’m gonna state that at the end of this entry).

-

SpamAssassin

-

SpamAssassin is just a mail filter to identify spam.

-

Install the spamassassin package (which will install a bunch of ugly perl packages…):

-
pacman -S spamassassin
-
-

For some reason, the permissions on all spamassassin stuff are all over the place. First, change owner of the executables, and directories:

-
chown spamd:spamd /usr/bin/vendor_perl/sa-*
-chown spamd:spamd /usr/bin/vendor_perl/spam*
-chwown -R spamd:spamd /etc/mail/spamassassin
-
-

Then, you can edit local.cf (located in /etc/mail/spamassassin) to fit your needs (I only uncommented the rewrite_header Subject ... line). And then you can run the following command to update the patterns and compile them:

-
sudo -u spamd sa-update
-sudo -u spamd sa-compile
-
-

And since this should be run periodically, create the service spamassassin-update.service under /etc/systemd/system with the following content:

-
[Unit]
-Description=SpamAssassin housekeeping
-After=network.target
-
-[Service]
-User=spamd
-Group=spamd
-Type=oneshot
-
-ExecStart=/usr/bin/vendor_perl/sa-update --allowplugins
-SuccessExitStatus=1
-ExecStart=/usr/bin/vendor_perl/sa-compile
-ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service
-
-

And you could also execute sa-learn to train spamassassin‘s bayes filter, but this works for me. Then create the timer spamassassin-update.timer under the same directory, with the content:

-
[Unit]
-Description=SpamAssassin housekeeping
-
-[Timer]
-OnCalendar=daily
-Persistent=true
-
-[Install]
-WantedBy=timers.target
-
-

You can now start/enable the spamassassin-update timer:

-
systemctl start spamassassin-update.timer
-systemctl enable spamassassin-update.timer
-
-

Next, you may want to edit the spamassassin service before starting and enabling it, because by default, it could spawn a lot of “childs” eating a lot of resources and you really only need one child. Append --max-children=1 to the line ExecStart=... in /usr/bin/systemd/system/spamassassin.service:

-
...
-ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/spamd.sock --listen=localhost --max-children=1
-...
-
-

Finally, start and enable the spamassassin service:

-
systemctl start spamassassin.service
-systemctl enable spamassassin.service
-
-

Wrapping up

-

We should have a working mail server by now. Before continuing check your journal logs (journalctl -xe --unit={unit}, where {unit} could be spamassassin.servicefor example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked (((it just werks on my machine))).

-

Now, to actually use the mail service: first of all, you need a normal account (don’t use root) that belongs to the mail group (gpasswd -a user group to add a user user to group group) and that has a password.

-

Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for thunderdbird(I tested in windows default mail app and you don’t need a lot of settings):

-
    -
  • * server: subdomain.domain (mail.luevano.xyz in my case)
  • -
  • SMTP port: 587
  • -
  • SMTPS port: 465 (I use this one)
  • -
  • IMAP port: 143
  • -
  • IMAPS port: 993 (again, I use this one)
  • -
  • Connection/security: SSL/TLS
  • -
  • Authentication method: Normal password
  • -
  • Username: just your user, not the whole email (david in my case)
  • -
  • Password: your user password (as in the password you use to login to the server with that user)
  • -
-

All that’s left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to DKIM Test and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:

-

DKIM Test successful

-

(Yes, I blurred a lot in the picture just to be sure, either way what’s important is the list on the bottom part of the image)

-

Finally, that’s actually it for this entry, if you have any problem whatsoever you have my info down below.

]]>
-
- - Create a website with Nginx and Certbot - https://blog.luevano.xyz/a/website_with_nginx.html - https://blog.luevano.xyz/a/website_with_nginx.html - Fri, 19 Mar 2021 02:58:15 GMT - English - Server - Tools - Tutorial - How to create website that runs on Nginx and uses Certbot for SSL certificates. This is a base for future blog posts about similar topics. - These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke’s video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I’m configuring the web server again on a new VPS instance, so this is going to be fresh.

-

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I’m doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

-

Prerequisites

-

You will need two things:

-
    -
  • A domain name (duh!). I got mine on Epik (affiliate link, btw).
      -
    • With the corresponding A and AAA records pointing to the VPS’ IPs (“A” record points to the ipv4 address and “AAA” to the ipv6, basically). I have three records for each type: empty one, “www” and “*” for a wildcard, that way “domain.name”, “www.domain.name”, “anythingelse.domain.name” point to the same VPS (meaning that you can have several VPS for different sub-domains).
    • -
    -
  • -
  • A VPS or somewhere else to host it. I’m using Vultr (also an affiliate link).
      -
    • With ssh already configured both on the local machine and on the remote machine.
    • -
    • Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use ufw so it’s just a matter of doing ufw allow 80,443/tcp as root and you’re golden.
    • -
    • cron installed if you follow along (you could use systemd timers, or some other method you prefer to automate running commands every X time).
    • -
    -
  • -
-

Nginx

-

You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it’s the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

-
pacman -S nginx-mainline
-systemctl enable nginx.service
-systemctl start nginx.service
-
-

And that’s it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this:

-

Nginx welcome page

-

As stated in the welcome page, configuration is needed, head to the directory of nginx:

-
cd /etc/nginx
-
-

Here you have several files, the important one is nginx.conf, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it’s common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).

-

Inside the nginx.conf file, delete the server blocks and add the lines include sites-enabled/*; (to look into individual server configuration files) and types_hash_max_size 4096; (to get rid of an ugly warning that will keep appearing) somewhere inside the http block. The final nginx.conf file would look something like (ignoring the comments just for clarity, but you can keep them as side notes):

-
worker_processes 1;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include sites-enabled/*;
-    include mime.types;
-    default_type application/octet-stream;
-
-    sendfile on;
-
-    keepalive_timeout 65;
-
-    types_hash_max_size 4096;
-}
-
-

Next, inside the directory /etc/nginx/ create the sites-available and sites-enabled, and go into the sites-available one:

-
mkdir sites-available
-mkdir sites-enabled
-cd sites-available
-
-

Here, create a new .conf file for your website and add the following lines (this is just the sample content more or less):

-
server {
-    listen 80;
-    listen [::]:80;
-
-    root /path/to/root/directory;
-    server_name domain.name another.domain.name;
-    index index.html anotherindex.otherextension;
-
-    location /{
-        try_files $uri $uri/ =404;
-    }
-}
-
-

Note several things:

-
    -
  • listen: we’re telling nginx which port to listen to (ipv4 and ipv6, respectively).
  • -
  • root: the root directory of where the website files (.html, .css, .js, etc. files) are located. I followed Luke’s directory path /var/www/some_folder.
  • -
  • server_name: the actual domain to “listen” to (for my website it is: server_name luevano.xyz www.luevano.xyz; and for this blog is: server_name blog.luevano.xyz www.blog.luevano.xyz).
  • -
  • index: what file to serve as the index (could be any .html, .htm, .php, etc. file) when just entering the website.
  • -
  • location: used in case of different configurations across different URL paths.
      -
    • try_files: tells what files to look for, don’t look into this too much for now.
    • -
    -
  • -
-

Then, make a symbolic from this config file to the sites-enabled directory:

-
ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
-
-

This is so the nginx.conf file can look up the newly created server config. With this method of having each server configuration file separate you can easily “deactivate” any website by just deleting the symbolic link in sites-enabled and you’re good, or just add new configuration files and keep everything nice and tidy.

-

All you have to do now is restart (or enable and start if you haven’t already) the nginx service (and optionally test the configuration):

-
nginx -t
-systemctl restart nginx
-
-

If everything goes correctly, you can now go to your website by typing “domain.name” on a web browser. But you will see a “404 Not Found” page like the following (maybe with different nginx version):

-

Nginx 404 page

-

That’s no problem, because it means that the web server it’s actually working. Just add an index.html file with something simple to see it in action. If you keep seeing the 404 page make sure your root line is correct and that the directory/index file exists.

-

I like to remove the .html and trailing / on the URLs of my website, for that you need to add the following rewrite lines and modify the try_files line (for more: Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config):

-
server {
-    ...
-    rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
-    rewrite ^/(.*)/$ /$1 permanent;
-    ...
-    try_files $uri/index.html $uri.html $uri/ $uri =404;
-    ...
-
-

For more: Arch Linux Wiki: nginx.

-

Certbot

-

The only “bad” (bloated) thing about certbot, is that it uses python, but for me it doesn’t matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

-
pacman -S certbot certbot-nginx
-
-

After that, all you have to do now is run certbot and follow the instructions given by the tool:

-
certbot --nginx
-
-

It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to “say yes” to the redirection from http to https. And that’s it, you can now go to your website and see that you have https active.

-

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

-
crontab -e
-
-

And a file will be opened where you need to add a new rule for certbot, just append the line: 1 1 1 * * certbot renew (renew on the first day of every month) and you’re good. Alternatively use systemd timers as stated in the Arch Linux Wiki.

-

For more: Arch Linux Wiki: Certbot.

-

That’s it, you now have a website with SSL certificate.

]]>
-
- - Así es raza, el blog ya tiene timestamps - https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html - https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html - Tue, 16 Mar 2021 02:46:24 GMT - Short - Spanish - Tools - Update - Actualización en el estado del blog y el sistema usado para crearlo. - Pues eso, esta entrada es sólo para tirar update sobre mi primer post. Ya modifiqué el ssg lo suficiente como para que maneje los timestamps, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender.

-

Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.

-

El ssg modificado está en mis dotfiles (o directamente aquí).

-

Por último, también quité las extensiones .html de las URLs, porque se veía bien pitero, pero igual los links con .html al final redirigen a su link sin .html, así que no hay rollo alguno.

]]>
-
- - Shell scripting tutorial video notes - https://blog.luevano.xyz/a/shell_scripting_video_notes.html - https://blog.luevano.xyz/a/shell_scripting_video_notes.html - Sun, 14 Mar 2021 05:57:34 GMT - English - Notes - Notes of videos about shell scripting, as requested by a mentor of mine. - Another summary, this time about shell scripting in general. And just like with the Linux notes, I also did most of the notes myself or with resources outside the video. The videos in question are: The Bad Tutorials (YT): Shell Scripting Tutorials and Automation with SCripting (YT): Complete Shell Scripting Tutorials. Also, some notes were taken from tutorialspoint: UNIX / LINUX Tutorial and general googling.

-

Basic concepts

-

A shell it’s an interface between the user and the kernel. While the kernel it’s the layer that interacts between the shell and the hardware. And you access the shell either via a terminal, or executing a shell script. Note that if you’re using a GUI environment, you need a terminal emulator to actually use a terminal (most Linux distros come with everything needed, so no need to worry).

-

When using a terminal a blank screen with some text and a cursor that shows you where to type will appear and depending on the shell being used (sh, dash, ksh, bash, zsh, fish, etc.) the prompt will be different. The most common one being of the form user@host:~$, which tells that the user is using host machine and the current working directory is ~ (can be /any/path/ too), and lastly, the $ shows the current privileges of the shell/user using the shell (a $ for normal user and # for root access).

-

To clear the screen use command clear or simply do Ctrl + l (most terminals let you do this) and to cancel or create a new prompt do Ctrl + c, this also cancels any running program that’s using the terminal (typing q when a program is running also stops the process, sometimes).

-

Also there are POSIX (portable operating system interface) compliant shells like sh, dash, ksh, etc., that have a standard syntax and are portable to any Unix system. Non POSIX compliant shells (or not necessary fully POSIX compliant) are bash, zsh, fish, etc., that provide a more modern syntax but lack speed on executing scripts.

-

Common commands/programs

-

A list of common commands or programs with a short description (for more, do man command or command -h or command --help):

-
    -
  • man: an interface to the system reference manuals.
  • -
  • pwd: print name of current/working directory.
  • -
  • cd: change the working directory.
  • -
  • ls: list directory contents.
  • -
  • echo: display a line of text. Also, see escape sequences (Bash Prompt HOWTO: Chapter 2. Bash and Bash Prompts: 2.5. Bash Prompt Escape Sequences).
  • -
  • mkdir: make directories.
  • -
  • touch: change file timestamps (if no file exists, creates a new blank one).
  • -
  • cat: concatenate files and print on the standard output.
  • -
  • mv: move (rename) files.
  • -
  • rm: remove files or directories.
  • -
  • rmdir: remove empty directories.
  • -
  • cp: copy files and directories.
  • -
  • ln: make links between files (hard or soft, also known as symbolic).
  • -
  • umask: get or set the file mode creation mask.
  • -
  • chmod: change file mode bits (change file permissions).
  • -
  • chown: change file owner and group.
  • -
  • wc: print newline, word, and byte counts for each file.
  • -
  • file: determine file type.
  • -
  • sort: sort lines of text files.
  • -
  • cut: remove sections from each line of files.
  • -
  • dd: convert and copy a file (mostly used to make bootable USBs).
  • -
  • compress: compress data.
  • -
  • gzip, gunzip, zcat: compress or expand files.
  • -
  • uname: print system information.
  • -
  • cal: display a calendar.
  • -
  • date: print or set the system date and time.
  • -
  • read: read from standard input into shell variables (also used to read from a file).
  • -
  • tr: translate or delete characters.
  • -
  • readonly: set the readonly attribute for variables.
  • -
  • set: set or unset options and positional parameters.
  • -
  • unset: unset values and attributes of variables and functions.
  • -
  • expr: evaluate expressions.
  • -
  • tput, reset: initialize a terminal or query terminfo database (used for more complex terminal output).
  • -
  • grep, egrep, fgrep: print lines that match patterns (usually used to find text in a file or some text).
  • -
  • sleep: delay for a specified amount of time.
  • -
  • break: exit from for, while, or until loop.
  • -
  • continue: continue for, while, or until loop.
  • -
  • logname: print user’s login name.
  • -
  • write: send a message to another user.
  • -
  • mesg: display (or do not display) messages from other users.
  • -
  • return: return from a function or dot script.
  • -
  • exit: cause the sell to exit.
  • -
-

And some special “commands” or “operators” (for more: gnu: 3.6 Redirections):

-
    -
  • | (pipe): used between two commands and the output from the command from the left serves as input to the command from the right.
  • -
  • >: redirects output to a file, overwriting the file (or creating a new file).
  • -
  • >>: redirects output to a file, appending to the file (or creating a new file).
  • -
-

Shell scripting

-

A shell script is nothing more but a file that contains commands in it; they’re executed in the same order they are present in the file. A shell script file is usually terminated with a .sh extension, independently of the shell being used, but it’s not 100% necessary as in Unix systems, an extension mean nothing, other than distinction (visually) between files. Then one can just have an extension-less file as a script. The script must have execution permissions (chmod +x file), unless shell script is executed in the terminal, where shell could be sh, bash, etc. Comments are created by prepending # to whatever the text should be a comment.

-

It’s common practice to have the first line as a she-bang (#!), which is just a comment telling the interpreter which shell to execute the script with (usable when having the script in your PATH so you only call the name of the script like any other command/program). A she-bang has the syntax #!/path/to/shell some_other_options, the most common she-bangs being: #!/bin/sh, #!/bin/bash, #!/usr/bin/python, etc.

-

Also, some people argue that you shouldn’t use absolute paths, since not all Unix operating systems have the same directory structure, or not all programs are going to be installed in the same folder. So a portable she-bang can be made by prepending /usr/bin/env and the specify the program to run, for example: #!/usr/bin/env bash.

-

Like always… the basic “Hello, world!” script:

-
#!/bin/sh
-echo "Hello, world!"
-
-

Three ways of executing this script (assuming the file name is hw):

-
    -
  1. Type in terminal sh hw.
  2. -
  3. Type in terminal ./hw. Requires the file to have execute permissions.
  4. -
  5. Type in terminal hw. Requires the file to have execute permissions. Requires the file to be in your PATH.
  6. -
-

Variables

-

Variables are case sensitive, meaning that my_var and MY_VAR are different and a variable name can only contain letters and numbers (a-z, A-Z and 0-9) or the underscore character _. Can’t contain a space. Variables are called by prepending $ to the variable name.

-

Like in most programming languages, there are some reserved words like if, select, then, until, while, etc., that can’t be used as variables or as values of variables. For more: D.2 Index of Shell Reserved Words.

-

There is no need to specify a variable type. Anything surrounded by " will be treated as text. You can use booleans, numbers, text and arrays (the implementation of arrays depends on the shell being used). Make a variable readonly by calling readonly variable_name. Basic syntax:

-
    -
  • Text variables: var="my var".
  • -
  • Numeric variables: var=123.
  • -
  • Boolean variables: var=true and var=false.
  • -
  • Arrays (assuming bash is the shell):
      -
    • var[0]=value1, var[...]=..., var[n]=valuen, etc.
    • -
    • var=(value1 ... valuen)
    • -
    • Access single values with ${var[index]} and all values with ${var[*]} or ${var[@]}.
    • -
    -
  • -
-

There are special variables (for more. tutorialspoint: Unix / Linux - Special Variables):

-
    -
  • $: represents the process ID number, or PID, of the current shell.
  • -
  • 0: the filename of the current script.
  • -
  • n: where n can be any whole number, correspond to arguments passed to the script (command arg1 arg2 arg3 argn).
  • -
  • #: number of arguments supplied to the script.
  • -
  • *: all the arguments are double quoted.
  • -
  • @: all the arguments are individually double quoted.
  • -
  • ?: exit status of the last command executed.
  • -
  • !: process number of the last background command.
  • -
-

When calling a script, you can pass optional (or required) positional arguments like: command arg1 arg2 arg3 argn.

-

Note that a variable can also take the output of another command, one common way to do this is using $(command) or `command`, for example: var="$(echo 'this is a command being executed inside the definition of a variable')" which, since the echo command is being run, var="this is a command being executed inside the definition of a variable", which doesn’t seem like much, but there could be any command inside $() or `command`. Note that this is not special to defining variables, could also be used as arguments of another command.

-

Internal Field Separator (IFS)

-

This is used by the shell to determine how to do word splitting (how to recognize word boundaries). The default value for IFS consists of whitespace characters (space, tab and newline). This value can ve overridden by setting the variable IFS to something like, for example, :.

-

Conditionals

-

Exit status

-

Any command being run has an exit status, either 0 or 1, if the command has been executed successfully or otherwise (an error), respectively.

-

if statement

-

Pretty similar to other programming languages, evaluates an expression to a true or false and executes code as specified. if statements can be nested, and follow normal rules of logical operations. Basic syntax is:

-
#!/bin/sh
-if expression
-then
-do_something
-elif another_expression
-then
-do_another_thing
-else
-do_something_else
-fi
-
-

The expression is usually wrapped around [] or [[]], the first being POSIX compliant and the second bash-specific (and other shells).

-

Also, some operators to compare things use == for “equals” and > for “greater than”, for example; while in a POSIX compliant shell, = for “equals” and -gt for “greater than” has to be used. For more operators: tutorialspoint: Unix / Linux - Shell Basic Operators (this also covers logical operators and file test operators).

-

Case statement

-

A common good alternative to multilevel if statements, enables you to match several values against one variable. Basic syntax is:

-
case $var in
-    pattern1)
-        do_something1
-        ;;
-    pattern2)
-        subpattern1)
-            do_subsomething1
-            ;;
-        subpattern2)
-            do_subsomething2
-            ;;
-        *)
-    pattern3|pattern4|...|patternN)
-        do_something3
-        ;;
-    patternM)
-        do_somethingM
-        ;;
-    *)
-        do_something_default
-        ;;
-esac
-
-

Where the * pattern is not necessary but serves the same purpose as a “default” case.

-

Loops

-

Loops enable execution of a set of commands repeatedly. Loops, naturally, can be nested. expression here (in the basic syntax examples) work the same as mentioned in the “if statement” section. For more: tutorialspoint: Unix / Linux - Shell Loop Types.

-

Loop control

-

Similar than other programming languages, there are loop controls to interrupt or continue a loop:

-
* `break` statement.
-* `continue` statement.
-
-

These statements accept an argument that specify from which loop to exit/continue.

-

while loop

-

Enables to execute a set of commands repeatedly until some condition occurs. Basic syntax:

-
#!/bin/sh
-while expression
-do
-    do_something
-done
-
-

until loop

-

Similar to the while loop, the difference is that the while loop is executed as long as a condition is true, but the until loop… until a condition is true. Basic syntax (similar to while loop):

-
#!/bin/sh
-until expression
-do
-    do_something
-done
-
-

for loop

-

Operates on lists of items. It repeats a set of commands for every item in a list. Basic syntax:

-
#!/bin/sh
-for var in word1 word2 ... wordN
-do
-    do_something_with_var
-done
-
-

Where var is the current value (word1, word2, etc.) in the loop and the expression after for can refer to an array, or the output of a command that outputs a list of things, etc.

-

select loop

-

Provides an easy way to create a numbered menu from which users can select options. Basic syntax (similar to for loop):

-
select var in word1 word2 ... wordN
-do
-    do_something_with_var
-done
-
-

Meta characters

-

Meta characters are used to execute several commands on a single line (depending on what it’s needed). The most used meta characters to accomplish this are semi-colon ;, double ampersand && and double “pipe” ||.

-
    -
  • ;: is used to finish one command (similar to some programming languages), after the command on the left of ; is finished (whatever the exit code is), the command on the right will be executed.
  • -
  • &&: similar to ;, but only if the command on the left exits with code 0 (success).
  • -
  • ||: similar to &&, but for exit code 1(error).
  • -
-

Functions

-

Enable to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed (like in any other programming language…). For more: tutorialspoint: Unix / Linux - Shell Functions. Basic syntax:

-
#!/bin/sh
-function_name () {
-    do_something
-}
-
-

Functions can also take arguments and can access their individual arguments (each function will have a different “storage” for their arguments). Functions can also be nested. Here exit will not only will finish the function code, but also the shell script that called it, instead use return plus an exit code to just exit the function.

]]>
-
- - Linux tutorial video notes - https://blog.luevano.xyz/a/linux_video_notes.html - https://blog.luevano.xyz/a/linux_video_notes.html - Sun, 14 Mar 2021 05:57:23 GMT - English - Notes - Notes of videos about basic Linux terms, usage and commands, as requested by a mentor of mine. - I was requested to make a summary of a video about basic Linux stuff (like the SQL tutorial video notes); this time, I did most of the notes depending on the topic since I’m familiar with most of the stuff presented in the video. The video in question is: The Complete Linux Course: Beginner to Power User!. Also, some notes were taken from Arch Linux Wiki since it’s got pretty decent documentation, and, of course, general googling.

-

(Basic) commands

-

A list of basic commands and small explanation (note that options are started with either - or --, depending on the program, but most of the time - is used for letter options and -- for word options, -l vs --list for example):

-
    -
  • pwd: “print working directory”, full absolute path to the current directory.
  • -
  • cd: “change directory”, followed by the absolute or relative path of the directory to change to.
      -
    • Absolute path is started with /, while a relative path is started with ./ or just the name of the folder.
    • -
    • Use .. (two dots) to go up one directory.
    • -
    • An abbreviation of /home/username is ~ (tilde).
    • -
    -
  • -
  • ls: “list” files and directories in current directory, or specify a directory from which to show the list after typing ls. Has many options, the most common ones being:
      -
    • l: use long listing format.
    • -
    • r or reverse: reverse order while sorting.
    • -
    • s: sort by file size, largest first.
    • -
    • a or all: do not ignore entries starting with ..
    • -
    -
  • -
  • mkdir: “make directory”, create a new directory with specified name.
  • -
  • touch: create new (empty) files.
  • -
  • cp: “copy” files or directories (using option r for recursive). Requires file/directory to copy and destination, separated by space.
  • -
  • mv: “move” files or directories, also requires file/directory to copy and destination, separated by space. This is also used to rename files/directories.
  • -
  • rm: “remove”, followed by a file to remove it.
  • -
  • rmdir: “remove empty directory”, followed by a directory to remove it. If the directory is not empty, use rm -r on the directory (“remove recursive”).
  • -
  • su: “switch user”, by default to root user, but another one can be specified.
  • -
  • sudo: “switch user, do”, similar to su, but only to execute a command as root or the specified user.
  • -
  • clear: clear the terminal window, a (common) keyboard shortcut is Ctrl + l.
  • -
  • find: search for files/directories matching a pattern or all contents of a directory (using .).
  • -
  • grep: comes from the ed command “g/re/p”, for searching plain-text for lines that match a regular expression (regex).
  • -
  • top: a task manager program, shows currently running commands and gives important info such as PID (process ID), user who is running that command, command name, cpu and ram usage, etc.. Some useful commands to manage programs running are:
      -
    • pgrep: get the PID of a running process, or a list in chronological order.
    • -
    • kill or pkill: kill a running process either by PID or by name.
    • -
    • killall: similar to pkill.
    • -
    -
  • -
  • ssh: “secure shell” is a remote login client used to connect into a remote machine and executing commands remotely, basically taking control of the remote machine. Widely used when managing servers.
  • -
  • ftp or sftp: “(secure) file transfer protocol” used to transfer files from one machine to another one (usually a server). It’s recommended to use sftp instead of ftp because anyone can look through the packages if it’s not secured (encrypted).
  • -
-

And in general, to see the options supported by almost any command, use command -h or command --help, for a quick explanation. IMPORTANT: Most programs have man (manual) pages; to access them do man command, this is a very powerful tool to use.

-

Commands can be redirected to other commands (the output), which is powerful to create mini scripts or to achieve a goal in a single command. Most of the time the redirection can be done with the special characters >, < and most powerful, the | (pipe). Also, some commands accept an option to execute another command, but this depends on a command to command basis (exec option for find, for example).

-

Most terminal programs accept Ctrl-c or just q to exit the program.

-

File permissions and ownership

-

When listing files with ls -l, an output with file attributes (permissions) and ownership is shown, such as drwxr-xr-x 2 user group 4096 Jul 5 21:03 Desktop, where the first part are the attributes, and user and group the ownership info (all other info is irrelevant for now).

-

File attributes (drwxr-xr-x in the example above) are specified by 10 (sometimes 11) characters, and can be break into 4 parts (or 5):

-
    -
  • The first character is just the file type, typically d for directories or just - for files. There is l too, which is for symlinks.
  • -
  • The next 3 characters represent the permissions that the owner has over the file.
  • -
  • Next 3 the permissions that the group has over the file.
  • -
  • Next 3 the permissions everyone else (others) have over the file.
  • -
  • An optional + character that specifies whether an alternate access method applies to the file. When the character is a space, there is no alterante access method.
  • -
-

Each of the three permission triads (rwx) can be:

-
    -
  • - or r, for the first character, if the file can be read or directory’s content can be shown.
  • -
  • - or w, for the second character, if the file can be modified or the directory’s content can be modified (create new files or folders or rename existing files or folders).
  • -
  • - or x, for the third character, if the file can be executed or the directory can be accessed with cd. Other characters can be present, like s, S, t and T (for more: Arch Linux Wiki: File permissions and attributes).
  • -
-

To change attributes or ownership use chmod and chown, respectively.

-

Services

-

Special type of linux process (think of a program or set of programs that run in the background waiting to be used, or doing essential tasks). There are many ways to manage (start, stop, restart, enable, disable, etc.) services, the most common way (if using systemd) is to just use systemctl. Basic usage of systemctl is systemctl verb service, where verb could be start, enable, stop, disable, restart, etc. Also, to get a general system status run systemctl status or just systemctl for a list of running units (a unit is an instance of a service, or a mount point or even a device or a socket). For more: Arch Linux Wiki: systemd.

-

systemd also provides a way to do tasks based on a timer, where you can schedule from the second to the year. One could also use cron (using crontab with option e) to do this. These timers provide support for calendar time events, monotonic time events, and can be run asynchronously.

-

User and group management

-

Most mainstream linux distributions come with a Graphic User Interface (GUI) to manage users and groups on the system. For a Command-Line Interface (CLI) just use useradd (with passwd to create a password for a given user) and groupadd. Also, other useful commands are usermod, userdel, groups, gpasswd, groupdel and more, each used for a basic management of users/groups like modification, deletion, listing (of all existing users/groups), etc.. For more: Arch Linux Wiki: Users and groups.

-

Networking

-

Hosts file

-

Located at /etc/hosts, serves as a translator from hostname (web addresses or URLs) into IP addresses (think of DNS records), meaning that any URL can be overridden to make it point to whatever IP address it’s specified (only locally on the machine affected). The syntax of the file is pretty simple: first column for IP, second for hostname (URL) and third+ for aliases.

-

(Some) commands

-

These commands serve the sole purpose of showing information about the network and stuff related to it:

-
    -
  • ping: gives information about latency to a given ip/domain.
  • -
  • ifconfig: gives similar information to ipconfig on windows, general info of physical network devices with their addresses and properties. An alternative could be ip addr, depending on the linux distribution being used and programs installed.
  • -
  • tcpdump: “transmission control protocol dump” gives information on all “packets” being sent and received through the network.
  • -
  • netstat: “network statistics” general statistics about network devices usage, display connections to the machine and more.
  • -
  • traceroute: shows the route that the packets go through (how the packets jump from one server to another one) when trying to access an IP (or, for example, a website).
  • -
  • nmap: “network mapper” explore network available hosts, opened ports, reverse DNS names, can guess the operating system of the device, it’s type, MAC address and more.
  • -
]]>
-
- - SQL tutorial video notes - https://blog.luevano.xyz/a/sql_video_notes.html - https://blog.luevano.xyz/a/sql_video_notes.html - Tue, 02 Mar 2021 14:35:11 GMT - English - Notes - Notes of videos about basic SQL syntax and usage, as requested by a mentor of mine. - I was requested to make summaries of videos about SQL, these are the notes (mostly this is a transcription of what I found useful). The videos in question are: SQL Tutorial - Full Database Course for Beginners, MySQL Tutorial for Beginners [Full Course] and Advanced SQL course | SQL tutorial advanced. Also, some notes were taken from w3schools.com’s SQL Tutorial and MySQL 8.0 Reference Manual.

-

What is a database (DB)?

-

Any collection of related information, such as a phone book, a shopping list, Facebook’s user base, etc.. It can be stored in different ways: on paper, on a computer, in your mind, etc..

-

Database Management Systems (DBMS)

-

A special software program that helps users create and maintain a database that makes it easy to manage large amounts of information, handles security, backups and can connect to programming languages for automation.

-

CRUD

-

The four main operations that a DBMS will do: create, read, update and delete.

-

Two types of databases

-
    -
  • Relational (SQL)
      -
    • Organize data into one or more tables.
    • -
    • Each table has columns and rows.
    • -
    • A unique key identifies each row.
    • -
    -
  • -
  • Non-relational (noSQL/not just SQL)
      -
    • Key-value stores.
    • -
    • Documents (JSON, XML, etc).
    • -
    • Graphs.
    • -
    • Flexible tables.
    • -
    -
  • -
-

Relational databases (RDB) (SQL)

-

When we want to create a RDB we need a Relational Database Management System (RDBMS) that uses Structured Query Language (SQL) which is a standardized language for interacting with RDBMS and it’s used to perform CRUD operations (and other administrative tasks).

-

Non-relational databases (NRDB) (noSQL/not just SQL)

-

Anything that’s not relational, stores data in anything but static tables. Could be a document (JSON, XML, etc.), graph (relational nodes), key-value hash (strings, json, etc.), etc.

-

NRDB also require a Non-Relational Database Management System (NRDBMS) to maintain a database. But it doesn’t have a standardized language for performing CRUD and administrative operations like how RDB have.

-

Database queries

-

A DB query is a request that is made to the (R/NR)DBMS for a specific information. A google search is a query, for example.

-

Tables and keys

-

A table is composed of columns, rows and a primary key. The primary key is unique and identifies one specific row. Columns and rows are trivial, a column identifies a field and has a specific data type (name, email, birth) and a row identifies a table entry (person that contains a name, email and birth).

-

Also, there are foreign keys, it’s purpose is to relate to another database table; this foreign key is unique in it’s own table, but can be repeated where you use it as a foreign key.

-

It’s possible to use the same table keys as foreign keys to make relations inside the same table.

-

SQL basics

-

It’s actually a hybrid language, basically 4 types of languages in one:

-
    -
  • Data Query Language (DQL)
      -
    • Used to query the database for information.
    • -
    • Get information that is already stored there.
    • -
    -
  • -
  • Data Definition Language (DDL)
      -
    • Used for defining database schemas.
    • -
    -
  • -
  • Data Control Language (DCL)
      -
    • Used for controlling access to the data in the database.
    • -
    • User and permissions management.
    • -
    -
  • -
  • Data Manipulation Language (DML)
      -
    • Used for inserting, updating and deleting data from a database.
    • -
    -
  • -
-

Queries

-

A set of instructions given to the RDBMS (written in SQL) that tell the RDBMS what information you want it to retrieve. Instead of getting the whole database, retrieve only a bit of information that you need.

-

Also, SQL keywords can be either lower or upper case, but it’s convention to use upper case. And queries are ended by a semi-colon.

-

Data types

-

Just some SQL data types (for more: MySQL 8.0 Reference Manual: Chapter 11 Data Types, the notation is DATATYPE(SIZE(,SIZE)):

-
    -
  • INT: integer numbers.
  • -
  • DECIMAL(M,N): decimal numbers.
  • -
  • VARCHAR(N): string of text of length N.
  • -
  • BLOB: Binary Large Object, stores large data.
  • -
  • DATE: YYYY-MM-DD.
  • -
  • TIMESTAMP: YYYY-MM-DD HH:MM:SS.
  • -
-

Basic management of tables

-

To create a table, the basic syntax is CREATE TABLE tablename (column1 datatype constraint, column2 datatype constraint, ...), where a constraint could be (for more: MySQL 8.0 Reference Manual: 13.1.20 CREATE TABLE Statement):

-
    -
  • NOT NULL: can’t have a NULL value.
  • -
  • UNIQUE: all values are unique.
  • -
  • PRIMARY KEY: uniquely identifies each row.
  • -
  • FOREIGN KEY: uniquely identifies a row in another table.
  • -
  • CHECK expresion: satisfy a special condition (expresion).
  • -
  • DEFAULT value: if no value is specified use value value.
  • -
  • INDEX: to create and retrieve data from the database very quickly.
  • -
-

Get the table structure with DESCRIBE tablename and delete it with DROP TABLE tablename. Add columns to the table with ALTER TABLE tablename ADD column DATATYPE(N,M), similar syntax to delete a specific column ALTER TABLE tablename DRORP COLUMN column.

-

Add entries to the table with INSERT INTO tablename VALUES(value1, value2, ...) where all the fields must be specified, or INSERT INTO tablename(column1, column2) VALUES(value1, value2) to just add some fields to the new entry. While at it, (all) the table content can be fetched with SELECT * FROM tablename.

-

Basic Updating of entries with UPDATE tablename SET expression1 WHERE expression2, where expression1 could be column = value2 and expression2 could be column = value1, meaning that the value of column will be changed from value1 to value2. Note that the expressions are not limited by column = value, and that the column has to be the same, it would be any expression. Also, this is really extensive as SET can set multiple variables and WHERE take more than one condition by chaining conditions with AND, OR and NOT keywords, for example.

-
ON DELETE statement
-

When an entry needs to be updated somehow based on a modification on a foreign key. If two tables are related to each other, if something is deleted on one end, update the other end in some way.

-

For example on creation of a table, on the specification of a foreign key: CREATE TABLE tablename (..., FOREIGN KEY(column) REFERENCES othertable(othertablecolumn) ON DELETE something). That something could be SET NULL, CASCADE, etc..

-

SELECT queries

-

Instead of doing SELECT * FROM tablename, which gets all the data from a table, more complex SELECT queries can be implemented, such as SELECT column FROM tablename to only get all data from one column of the table. Append LIMIT N to limit the query to N entries. Append WHERE condition to meet a custom condition.

-

Other statements that can be used in conjunction with SELECT are ORDER BY column ASC|DESC, SELECT DISTINCT, MIN(column), MAX(column), COUNT(column), AVG(column), SUM(column), LIKE and more. For more, visit MySQL 8.0 Reference Manual: 13.2.10 SELECT Statement.

-

MySQL uses regular expressions (regex) like pattern matching, some wildcards that can be used with the LIKE statement are:

-
    -
  • %: zero or more characters.
  • -
  • _: a single character.
  • -
  • []: any single character within the brackets.
  • -
  • ^: any character not in the brackets.
  • -
  • -: a range of characters.
  • -
-

An extended regex can be used with the statement REGEX_LIKE(expression); REGEXP and RLIKE are synonyms for REGEX_LIKE. For more: MySQL 8.0 Reference Manual: 3.3.4.7 Pattern Matching.

-

Unions

-

A specialized SQL operator that is used to combine multiple SELECT statements into one. The basic syntax is SELECT ... UNION SELECT ..., where ... is a whole SELECT statement; there can be any amount of unions. There are some rules that apply when doing unions, such as having the same amount of columns on both statements and being of the same data type.

-

Joins

-

Used to combine rows from two or more tables based on a related column between them. Basic syntax is SELECT table1.column1, ..., table2.column1, ... FROM table(1|2) JOIN table(1|2) ON table1.common_column = table2.common_column, where the table specified in the FROM statement is called the “left” table, where the one in the JOIN statement is the “right” table. For more: MySQL 8.0 Reference Manual: 13.2.10.2 JOIN Clause.

-

There are different types of SQL JOINs:

-
    -
  • (INNER) JOIN: returns records that have matching values in both tables.
  • -
  • LEFT (OUTER) JOIN: returns all records from the left table, and the matched records from the right table.
  • -
  • RIGHT (OUTER) JOIN: returns all records from the right table, and the matched records from the left table.
  • -
  • FULL (OUTER) JOIN: returns all records when there is a match in either left or right table.
  • -
-

INNER JOIN -LEFT JOIN -RIGHT JOIN -FULL OUTER JOIN

-

Nested queries

-

A query composed of multiple select statements to get a specific piece of information. This is self explanatory, you do a SELECT query somewhere inside another one, for example SELECT ... IN (SELECT ...), where the nesting is occurring inside the parenthesis after the IN statement.

-

A nesting isn’t constrained to the IN statement, it can appear anywhere, for example in a WHERE statement: SELECT ... WHERE something = (SELECT ...).

-

Triggers

-

A block of SQL code that will define a certain action that will happen when a specific operation is performed on the database. It is recommended to change the DELIMITER temporarily from semi-colon to something else (since we need to use semi-colon to end the trigger) while the trigger is created. The basic syntax is CREATE TRIGGER trigername triggertime triggerevent ON tablename FOR EACH ROW triggerorder triggerbody. For more: MySQL 8.0 Reference Manual: 13.1.22 CREATE TRIGGER Statement and MySQL 8.0 Reference Manual: 25.3.1 Trigger Syntax and Examples.

-

Entity Relationship Diagrams (ERD)

-

When designing a database it’s important to define a database schema which is just a definition of all the different tables and their attributes that are going to live inside the database. So, basically, an ERD diagram is a diagram that consists of text, symbols and shapes that are combined to create a relationship model.

-

The diagram consists of:

-
    -
  • Entity: a square with the name of the entity inside it.
  • -
  • Attributes: ovals with the name of the attributes inside it; an attribute defines specific pieces of information about an entity (columns).
  • -
  • Primary key: same as with attributes but with name underlined; the primary key uniquely identifies the entity.
  • -
  • Composite attribute: an attribute that consists on one or more (sub-)attributes.
  • -
  • Multi-valued attribute: oval with another oval inside it and the name of the attribute.
  • -
  • Derived attribute: dotted oval; this attribute can be derived from other attributes from the entity.
  • -
  • Relationship: a diamond with the relationship name in it, for the connections a single line (partial participation) or a doubled line (total participation); it denotes how two or more attributes are related to each other; all members must participate in the relationship.
  • -
  • Relationship attribute: denoted like a normal attribute, but it’s child of a relationship; it defines what attributes exists because of the relationship, it’s not stored in any of the entities related, but on the relationship object itself.
  • -
  • Relationship cardinality: denoted with a number on the line connecting the relationship to the entity; detones the number of instances of an entity from a relation that can be associated with the relation.
  • -
  • Weak entity: rectangle inside a rectangle with its name inside; it cannot be uniquely identified by its attributes alone.
  • -
  • Weak entity’s primary key: oval with its text underlined, but the line is dotted.
  • -
  • Identifying relationship: a diamond inside a diamond with its name inside; a relationship that serves to uniquely identify the weak entity.
  • -
-

ERD example taken from wikipedia

]]>
-
- - This is the first blog post, just for testing purposes - https://blog.luevano.xyz/a/first_blog_post.html - https://blog.luevano.xyz/a/first_blog_post.html - Sat, 27 Feb 2021 13:08:33 GMT - English - Short - Tools - Update - Just my first blog post where I state what tools I'm using to build this blog. - I’m making this post just to figure out how ssg5 and lowdown are supposed to work (and eventually also rssg).

-

At the moment, I’m not satisfied because there’s no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the blog homepage (and there’s also the problem with the ordering of the entries…). And all of this just because I didn’t want to use Luke’s solution (don’t really like that much how he handles the scripts… but they just work).

-

Hopefully, for tomorrow all of this will be sorted out and I’ll have a working blog system.

]]>
-
- -
-
diff --git a/blog/old_newer/dst/sitemap.xml b/blog/old_newer/dst/sitemap.xml deleted file mode 100644 index f4dda25..0000000 --- a/blog/old_newer/dst/sitemap.xml +++ /dev/null @@ -1,114 +0,0 @@ - - - - https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/new_blogging_system.html - 2021-05-28 - weekly - 1.0 - - - https://blog.luevano.xyz/a/git_server_with_cgit.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/mail_server_with_postfix.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/website_with_nginx.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html - 2021-05-17 - weekly - 1.0 - - - https://blog.luevano.xyz/a/shell_scripting_video_notes.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/linux_video_notes.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/sql_video_notes.html - 2021-06-04 - weekly - 1.0 - - - https://blog.luevano.xyz/a/first_blog_post.html - 2021-05-17 - weekly - 1.0 - - - https://blog.luevano.xyz/tag/@english.html - 2021-06-04 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@notes.html - 2021-06-04 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@server.html - 2021-06-04 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@short.html - 2021-06-04 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@spanish.html - 2021-06-04 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@tools.html - 2021-06-04 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@tutorial.html - 2021-06-04 - daily - 0.5 - - - https://blog.luevano.xyz/tag/@update.html - 2021-06-04 - daily - 0.5 - - - diff --git a/blog/old_newer/dst/tag/@english.html b/blog/old_newer/dst/tag/@english.html deleted file mode 100644 index dc32e36..0000000 --- a/blog/old_newer/dst/tag/@english.html +++ /dev/null @@ -1,112 +0,0 @@ - - - - - - - Posts filtered by: english -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: english

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@git.html b/blog/old_newer/dst/tag/@git.html deleted file mode 100644 index fbe3b38..0000000 --- a/blog/old_newer/dst/tag/@git.html +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - - Posts filtered by: git -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: git

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@linux.html b/blog/old_newer/dst/tag/@linux.html deleted file mode 100644 index 40fd770..0000000 --- a/blog/old_newer/dst/tag/@linux.html +++ /dev/null @@ -1,104 +0,0 @@ - - - - - - - Posts filtered by: linux -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: linux

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@mail.html b/blog/old_newer/dst/tag/@mail.html deleted file mode 100644 index 46ca368..0000000 --- a/blog/old_newer/dst/tag/@mail.html +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - - Posts filtered by: mail -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: mail

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@nginx.html b/blog/old_newer/dst/tag/@nginx.html deleted file mode 100644 index 198e97b..0000000 --- a/blog/old_newer/dst/tag/@nginx.html +++ /dev/null @@ -1,104 +0,0 @@ - - - - - - - Posts filtered by: nginx -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: nginx

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@notes.html b/blog/old_newer/dst/tag/@notes.html deleted file mode 100644 index 6ca55e2..0000000 --- a/blog/old_newer/dst/tag/@notes.html +++ /dev/null @@ -1,105 +0,0 @@ - - - - - - - Posts filtered by: notes -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: notes

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@scripting.html b/blog/old_newer/dst/tag/@scripting.html deleted file mode 100644 index 9c13f54..0000000 --- a/blog/old_newer/dst/tag/@scripting.html +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - - Posts filtered by: scripting -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: scripting

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@server.html b/blog/old_newer/dst/tag/@server.html deleted file mode 100644 index a802757..0000000 --- a/blog/old_newer/dst/tag/@server.html +++ /dev/null @@ -1,105 +0,0 @@ - - - - - - - Posts filtered by: server -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: server

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@shell.html b/blog/old_newer/dst/tag/@shell.html deleted file mode 100644 index 5d9151d..0000000 --- a/blog/old_newer/dst/tag/@shell.html +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - - Posts filtered by: shell -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: shell

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@short.html b/blog/old_newer/dst/tag/@short.html deleted file mode 100644 index 3f6f7fe..0000000 --- a/blog/old_newer/dst/tag/@short.html +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - Posts filtered by: short -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: short

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@spanish.html b/blog/old_newer/dst/tag/@spanish.html deleted file mode 100644 index 00dfde4..0000000 --- a/blog/old_newer/dst/tag/@spanish.html +++ /dev/null @@ -1,105 +0,0 @@ - - - - - - - Posts filtered by: spanish -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: spanish

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@sql.html b/blog/old_newer/dst/tag/@sql.html deleted file mode 100644 index c1f87ac..0000000 --- a/blog/old_newer/dst/tag/@sql.html +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - - Posts filtered by: sql -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: sql

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@tools.html b/blog/old_newer/dst/tag/@tools.html deleted file mode 100644 index c834cab..0000000 --- a/blog/old_newer/dst/tag/@tools.html +++ /dev/null @@ -1,110 +0,0 @@ - - - - - - - Posts filtered by: tools -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: tools

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@tutorial.html b/blog/old_newer/dst/tag/@tutorial.html deleted file mode 100644 index 0a86d26..0000000 --- a/blog/old_newer/dst/tag/@tutorial.html +++ /dev/null @@ -1,105 +0,0 @@ - - - - - - - Posts filtered by: tutorial -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: tutorial

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/dst/tag/@update.html b/blog/old_newer/dst/tag/@update.html deleted file mode 100644 index 4d48ee3..0000000 --- a/blog/old_newer/dst/tag/@update.html +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - Posts filtered by: update -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
- - -
- - - -
-
- -
-

Posts filtered by: update

-

Articles

- -
- -
- - - Contact - - - - - Donate - - - - - RSS - - -
- - - Created with pyssg - - -
- - Copyright 2021 David Luévano Alvarado - -
- - diff --git a/blog/old_newer/src/.files b/blog/old_newer/src/.files deleted file mode 100644 index cf14e06..0000000 --- a/blog/old_newer/src/.files +++ /dev/null @@ -1,10 +0,0 @@ -a/website_with_nginx.md 1616122695.085315 1622793656.0817287 english,server,tools,tutorial -a/git_server_with_cgit.md 1616353229.8983006 1622793595.4845119 english,server,tools,tutorial -a/el_blog_ya_tiene_timestamps.md 1615862784.9032707 1621284818.4731243 short,spanish,tools,update -a/shell_scripting_video_notes.md 1615701454.6499224 1622793622.0414143 english,notes -a/sql_video_notes.md 1614695711.6048582 1622793648.6416588 english,notes -a/first_blog_post.md 1614431313.2090824 1621284833.6700118 english,short,tools,update -a/linux_video_notes.md 1615701443.6397786 1622793573.704325 english,notes -a/mail_server_with_postfix.md 1616299559.6570284 1622793584.6210845 english,server,tools,tutorial -a/new_blogging_system.md 1622172099.117893 1622173322.4337702 english,short,tools,update -a/asi_nomas_esta_quedando.md 1622795043.0874712 0.0 short,spanish,update diff --git a/blog/old_newer/src/a/asi_nomas_esta_quedando.md b/blog/old_newer/src/a/asi_nomas_esta_quedando.md deleted file mode 100644 index c1ed74c..0000000 --- a/blog/old_newer/src/a/asi_nomas_esta_quedando.md +++ /dev/null @@ -1,17 +0,0 @@ -title: Así nomás está quedando el página -author: David Luévano -lang: es -summary: Actualización en el estado de la página, el servidor de XMPP y Matrix que me acomodé y próximas cosas que quiero hacer. -tags: short - update - spanish - -Estuve acomodando un poco más el *sItIo*, al fin agregué la "sección" de [contact](https://luevano.xyz/contact.html) y de [donate](https://luevano.xyz/donate.html) por si hay algún loco que quiere tirar varo. - -También me puse a acomodar un servidor de [XMPP](https://xmpp.org/) el cual, en pocas palabras, es un protocolo de mensajería instantánea (y más) descentralizado, por lo cual cada quien puede hacer una cuenta en el servidor que quiera y conectarse con cuentas creadas en otro servidor... exacto, como con los correos electrónicos. Y esto está perro porque si tú tienes tu propio server, así como con uno de correo electrónico, puedes controlar qué características tiene, quiénes pueden hacer cuenta, si hay *end-to-end encryption* (o mínimo *end-to-server*), entre un montón de otras cosas. - -Ahorita este server es SUMISO (*compliant* en español, jeje) para jalar con la app [conversations](https://conversations.im/) y con la red social [movim](https://movim.eu/), pero realmente funcionaría con casi cualquier cliente de XMPP, amenos que ese cliente implemente algo que no tiene mi server. Y también acomodé un server de [Matrix](https://matrix.org/) que es muy similar pero es bajo otro protocolo y se siente más como un discord/slack (al menos en el [element](https://element.io/)), muy chingón también. - -Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el [pyssg](https://github.com/luevano/pyssg) para que jale chido para este pex. - -Ya por último también quiero moverle un poco al CSS, porque lo dejé en un estado muy culerón y quiero meterle/ajustar unas cosas para que quede más limpio y medianamente bonito... *dentro de lo que cabe porque evidentemente me vale verga si se ve como una página del 2000*. diff --git a/blog/old_newer/src/a/el_blog_ya_tiene_timestamps.md b/blog/old_newer/src/a/el_blog_ya_tiene_timestamps.md deleted file mode 100644 index 4fbe9bd..0000000 --- a/blog/old_newer/src/a/el_blog_ya_tiene_timestamps.md +++ /dev/null @@ -1,16 +0,0 @@ -title: Así es raza, el blog ya tiene timestamps -author: David Luévano -lang: es -summary: Actualización en el estado del blog y el sistema usado para crearlo. -tags: short - update - tools - spanish - -Pues eso, esta entrada es sólo para tirar update sobre mi [primer post](https://blog.luevano.xyz/a/first_blog_post.html). Ya modifiqué el `ssg` lo suficiente como para que maneje los *timestamps*, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender. - -Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. *Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.* - -El `ssg` modificado está en mis [dotfiles](https://git.luevano.xyz/.dots) (o directamente [aquí](https://git.luevano.xyz/.dots/tree/.local/bin/ssg)). - -Por último, también quité las extensiones `.html` de las URLs, porque se veía bien pitero, pero igual los links con `.html` al final redirigen a su link sin `.html`, así que no hay rollo alguno. diff --git a/blog/old_newer/src/a/first_blog_post.md b/blog/old_newer/src/a/first_blog_post.md deleted file mode 100644 index b4851f2..0000000 --- a/blog/old_newer/src/a/first_blog_post.md +++ /dev/null @@ -1,14 +0,0 @@ -title: This is the first blog post, just for testing purposes -author: David Luévano -lang: en -summary: Just my first blog post where I state what tools I'm using to build this blog. -tags: short - update - tools - english - -I'm making this post just to figure out how [`ssg5`](https://www.romanzolotarev.com/ssg.html) and [`lowdown`](https://kristaps.bsd.lv/lowdown/) are supposed to work (and eventually also [`rssg`](https://www.romanzolotarev.com/rssg.html)). - -At the moment, I'm not satisfied because there's no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the [blog homepage](https://blog.luevano.xyz/) (and there's also the problem with the ordering of the entries...). And all of this just because I didn't want to use [Luke's](https://github.com/LukeSmithxyz/lb) solution (don't really like that much how he handles the scripts... *but they just work*). - -Hopefully, for tomorrow all of this will be sorted out and I'll have a working blog system. diff --git a/blog/old_newer/src/a/git_server_with_cgit.md b/blog/old_newer/src/a/git_server_with_cgit.md deleted file mode 100644 index da6464a..0000000 --- a/blog/old_newer/src/a/git_server_with_cgit.md +++ /dev/null @@ -1,160 +0,0 @@ -title: Create a git server and setup cgit web app (on Nginx) -author: David Luévano -lang: en -summary: How to create a git server using cgit on a server running Nginx. This is a follow up on post about creating a website with Nginx and Certbot. -tags: server - tools - tutorial - english - -My git server is all I need to setup to actually *kill* my other server (I've been moving from servers on these last 2-3 blog entries), that's why I'm already doing this entry. I'm basically following [git's guide on setting up a server](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server) plus some specific stuff for (btw i use) Arch Linux ([Arch Linux Wiki: Git server](https://wiki.archlinux.org/index.php/Git_server#Web_interfaces) and [Step by step guide on setting up git server in arch linux (pushable)](https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/)). - -Note that this is mostly for personal use, so there's no user/authentication control other than that of SSH. Also, most if not all commands here are run as root. - -## Prerequisites - -I might get tired of saying this (it's just copy paste, basically)... but similar as before (check my [website](https://blog.luevano.xyz/a/website_with_nginx.html) and [mail](https://blog.luevano.xyz/a/mail_server_with_postfix.html) entries): - -* (This time, optional) A domain name if you want to have a "front end" to show your repositories. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * With a **CNAME** for "git" and (optionally) "www.git", or some other name for your sub-domains. -* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * `ssh` configured. - * (Optionally, if doing the domain name thingy) With `nginx` and `certbot` setup and running. - * Of course, `git` already installed (it should be a must have always). - -## git server - -If not installed already, install the `git` package: - -```sh -pacman -S git -``` - -On Arch Linux, when you install the `git` package, a `git` user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on `/home/git` like if `git` was a "normal" user. So, create the `git` folder (with corresponding permissions) under `/home` and set the `git` user's home to `/home/git`: - -```sh -mkdir /home/git -chown git:git /home/git -usermod -d /home/git git -``` - -Also, the `git` user is "expired" by default and will be locked (needs a password), change that with: - -```sh -chage -E -1 git -passwd git -``` - -Give it a strong one and remember to use `PasswordAuthentication no` for `ssh` (as you should). Create the `.ssh/authorized_keys` for the `git` user and set the permissions accordingly: - -```sh -mkdir /home/git/.ssh -chmod 700 /home/git/.ssh -touch /home/git/.ssh/authorized_keys -chmod 600 /home/git/.ssh/authorized_keys -chown -R git:git /home/git -``` - -Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using `ssh`'s built in `ssh-copy-id` (for that you may want to check your `ssh` configuration in case you don't let people access your server with user/password). - -Next, and almost finally, we need to edit the `git-daemon` service, located at `/usr/lib/systemd/system/` (called `git-daemon@.service`): - -```ini -... -ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack -... -``` - -I just appended `--enable=receive-pack` and note that I also changed the `--base-path` to reflect where I want to serve my repositories from (has to match what you set when changing `git` user's home). - -Now, go ahead and start and enable the `git-daemon` socket: - -```sh -systemctl start git-daemon.socket -systemctl enable git-daemon.socket -``` - -You're basically done. Now you should be able to push/pull repositories to your server... except, you haven't created any repository in your server, that's right, they're not created automatically when trying to push. To do so, you have to do the following sequence (assuming you're "`cd`'ed" into the `/home/git` directory): - -```sh -mkdir {repo_name}.git -cd {repo_name}.git -``` - -Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame... although there are options to "automate" this, I like it this way). - -After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.), which is detailed [here](https://gist.github.com/rvl/c3f156e117e22a25f242). - -## cgit - -This bit is optional if you only wanted a git server (really easy to set up), this is so you can have a web application. This is basically a copy paste of [Arch Linux Wiki: Cgit](https://wiki.archlinux.org/index.php/Cgit#Nginx) so you can go there and get more in-depth configurations. - -Install the `cgit` and `fcgiwrap` packages: - -```sh -pacman -S cgit fcgiwrap -``` - -Now, just start and enable the `fcgiwrap` socket: - -```sh -systemctl start fcgiwrap.socket -systemctl enable fcgiwrap.socket -``` - -Next, the way I configure `nginx` is creating a separate file `{module}.conf` (`git.conf` in this case) under `/etc/nginx/sites-available` and create a symlink to `/etc/nginx/sites-enabled` as stated in my [`nginx` setup entry](https://blog.luevano.xyz/a/website_with_nginx.html). Add the following lines to your `git.conf` file: - -```nginx -server { - listen 80; - listen [::]:80; - root /usr/share/webapps/cgit; - server_name {yoursubdomain}.{yourdomain}; - try_files $uri @cgit; - - location @cgit { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:/run/fcgiwrap.sock; - } -} -``` - -Where the `server_name` line depends on you, I have mine setup to `git.luevano.xyz` and `www.git.luevano.xyz`. Optionally run `certbot --nginx` to get a certificate for those domains if you don't have already. - -Now, all that's left is to configure `cgit`. Create the configuration file `/etc/cgitrc` with the following content (my personal options, pretty much the default): - -```apache -css=/cgit.css -source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh -logo=/cgit.png - -enable-http-clone=1 -# robots=noindex, nofollow -virtual-root=/ - -repo.url={url} -repo.path={dir_path} -repo.owner={owner} -repo.desc={short_description} - -... -``` - -Where you can uncomment the `robots` line to let web crawlers (like Google's) to index your `git` web app. And at the end keep all your repositories (the ones you want to make public), for example for my [*dotfiles*](https://git.luevano.xyz/.dots) I have: - -```apache -... -repo.url=.dots -repo.path=/home/git/.dots.git -repo.owner=luevano -repo.desc=These are my personal dotfiles. -... -``` - -Otherwise you could let `cgit` to automatically detect your repositories (you have to be careful if you want to keep "private" repos) using the option `scan-path` and setup `.git/description` for each repository. I will add more to my actual configuration, but for now it is useful as it is. For more, you can check [cgitrc(5)](https://man.archlinux.org/man/cgitrc.5). - -Finally, if you want further support for highlighting, other compressed snapshots or support for markdown, checkout the optional dependencies for `cgit` and also the Arch Wiki goes in detail on how to setup highlighting with two different packages. diff --git a/blog/old_newer/src/a/linux_video_notes.md b/blog/old_newer/src/a/linux_video_notes.md deleted file mode 100644 index 8906304..0000000 --- a/blog/old_newer/src/a/linux_video_notes.md +++ /dev/null @@ -1,93 +0,0 @@ -title: Linux tutorial video notes -author: David Luévano -lang: en -summary: Notes of videos about basic Linux terms, usage and commands, as requested by a mentor of mine. -tags: notes - english - -I was requested to make a summary of a video about basic Linux stuff (like the [SQL tutorial video notes](https://blog.luevano.xyz/a/sql_video_notes)); this time, I did most of the notes depending on the topic since I'm familiar with most of the stuff presented in the video. The video in question is: [The Complete Linux Course: Beginner to Power User!](https://www.youtube.com/watch?v=wBp0Rb-ZJak). Also, some notes were taken from [Arch Linux Wiki](https://wiki.archlinux.org/) since it's got pretty decent documentation, and, of course, general googling. - -## (Basic) commands - -A list of basic commands and small explanation (note that options are started with either `-` or `--`, depending on the program, but most of the time `-` is used for letter options and `--` for word options, `-l` vs `--list` for example): - -* `pwd`: "print working directory", full **absolute** path to the current directory. -* `cd`: "change directory", followed by the absolute or relative path of the directory to change to. - * Absolute path is started with `/`, while a relative path is started with `./` or just the name of the folder. - * Use `..` (two dots) to go up one directory. - * An abbreviation of `/home/username` is `~` (tilde). -* `ls`: "list" files and directories in current directory, or specify a directory from which to show the list after typing `ls`. Has many options, the most common ones being: - * `l`: use long listing format. - * `r` or `reverse`: reverse order while sorting. - * `s`: sort by file size, largest first. - * `a` or `all`: do not ignore entries starting with `.`. -* `mkdir`: "make directory", create a new directory with specified name. -* `touch`: create new (empty) files. -* `cp`: "copy" files or directories (using option `r` for recursive). Requires file/directory to copy and destination, separated by space. -* `mv`: "move" files or directories, also requires file/directory to copy and destination, separated by space. This is also used to **rename** files/directories. -* `rm`: "remove", followed by a file to remove it. -* `rmdir`: "remove empty directory", followed by a directory to remove it. If the directory is not empty, use `rm -r` on the directory ("remove recursive"). -* `su`: "switch user", by default to **root** user, but another one can be specified. -* `sudo`: "switch user, do", similar to `su`, but only to execute a command as **root** or the specified user. -* `clear`: clear the terminal window, a (common) keyboard shortcut is `Ctrl + l`. -* `find`: search for files/directories matching a pattern or all contents of a directory (using `.`). -* `grep`: comes from the `ed` command "g/re/p", for searching plain-text for lines that match a regular expression (regex). -* `top`: a task manager program, shows currently running commands and gives important info such as PID (process ID), user who is running that command, command name, cpu and ram usage, etc.. Some useful commands to manage programs running are: - * `pgrep`: get the PID of a running process, or a list in chronological order. - * `kill` or `pkill`: kill a running process either by PID or by name. - * `killall`: similar to `pkill`. -* `ssh`: "secure shell" is a remote login client used to connect into a remote machine and executing commands remotely, basically taking control of the remote machine. Widely used when managing servers. -* `ftp` or `sftp`: "(secure) file transfer protocol" used to transfer files from one machine to another one (usually a server). It's recommended to use `sftp` instead of `ftp` because anyone can look through the packages if it's not secured (encrypted). - -And in general, to see the options supported by almost any command, use `command -h` or `command --help`, for a quick explanation. **IMPORTANT**: Most programs have **man (manual) pages**; to access them do `man command`, this is a very powerful tool to use. - -Commands can be redirected to other commands (the output), which is powerful to create mini scripts or to achieve a goal in a single command. Most of the time the redirection can be done with the special characters `>`, `<` and most powerful, the `|` (pipe). Also, some commands accept an option to execute another command, but this depends on a command to command basis (`exec` option for `find`, for example). - -**Most terminal programs accept `Ctrl-c` or just `q` to exit the program.** - -## File permissions and ownership - -When listing files with `ls -l`, an output with file attributes (permissions) and ownership is shown, such as `drwxr-xr-x 2 user group 4096 Jul 5 21:03 Desktop`, where the first part are the attributes, and `user` and `group` the ownership info (all other info is irrelevant for now). - -File attributes (`drwxr-xr-x` in the example above) are specified by 10 (sometimes 11) characters, and can be break into 4 parts (or 5): - -* The first character is just the file type, typically `d` for directories or just `-` for files. There is `l` too, which is for **symlinks**. -* The next 3 characters represent the permissions that the **owner** has over the file. -* Next 3 the permissions that the **group** has over the file. -* Next 3 the permissions everyone else (**others**) have over the file. -* An optional `+` character that specifies whether an alternate access method applies to the file. When the character is a space, there is no alterante access method. - -Each of the three permission triads (`rwx`) can be: - -* `-` or `r`, for the first character, if the file can be **read** or directory's content can be shown. -* `-` or `w`, for the second character, if the file can be **modified** or the directory's content can be modified (create new files or folders or rename existing files or folders). -* `-` or `x`, for the third character, if the file can be **executed** or the directory can be **accessed** with `cd`. Other characters can be present, like `s`, `S`, `t` and `T` (for more: [Arch Linux Wiki: File permissions and attributes](https://wiki.archlinux.org/index.php/File_permissions_and_attributes)). - -To change attributes or ownership use `chmod` and `chown`, respectively. - -## Services - -Special type of linux process (think of a program or set of programs that run in the background waiting to be used, or doing essential tasks). There are many ways to manage (start, stop, restart, enable, disable, etc.) services, the most common way (if using `systemd`) is to just use `systemctl`. Basic usage of `systemctl` is `systemctl verb service`, where `verb` could be `start`, `enable`, `stop`, `disable`, `restart`, etc. Also, to get a general system status run `systemctl status` or just `systemctl` for a list of running **units** (a unit is an instance of a service, or a mount point or even a device or a socket). For more: [Arch Linux Wiki: systemd](https://wiki.archlinux.org/index.php/systemd). - -`systemd` also provides a way to do tasks based on a **timer**, where you can schedule from the second to the year. One could also use `cron` (using `crontab` with option `e`) to do this. These timers provide support for calendar time events, monotonic time events, and can be run asynchronously. - -## User and group management - -Most mainstream linux distributions come with a Graphic User Interface (GUI) to manage users and groups on the system. For a Command-Line Interface (CLI) just use `useradd` (with `passwd` to create a password for a given user) and `groupadd`. Also, other useful commands are `usermod`, `userdel`, `groups`, `gpasswd`, `groupdel` and more, each used for a basic management of users/groups like modification, deletion, listing (of all existing users/groups), etc.. For more: [Arch Linux Wiki: Users and groups](https://wiki.archlinux.org/index.php/users_and_groups). - -## Networking - -### Hosts file - -Located at `/etc/hosts`, serves as a translator from **hostname** (web addresses or URLs) into IP addresses (think of DNS records), meaning that any URL can be overridden to make it point to whatever IP address it's specified (only locally on the machine affected). The syntax of the file is pretty simple: first column for IP, second for hostname (URL) and third+ for aliases. - -### (Some) commands - -These commands serve the sole purpose of showing information about the network and stuff related to it: - -* `ping`: gives information about latency to a given ip/domain. -* `ifconfig`: gives similar information to `ipconfig` on windows, general info of physical network devices with their addresses and properties. An alternative could be `ip addr`, depending on the linux distribution being used and programs installed. -* `tcpdump`: "transmission control protocol dump" gives information on all "packets" being sent and received through the network. -* `netstat`: "network statistics" general statistics about network devices usage, display connections to the machine and more. -* `traceroute`: shows the route that the packets go through (how the packets jump from one server to another one) when trying to access an IP (or, for example, a website). -* `nmap`: "network mapper" explore network available hosts, opened ports, reverse DNS names, can guess the operating system of the device, it's type, MAC address and more. diff --git a/blog/old_newer/src/a/mail_server_with_postfix.md b/blog/old_newer/src/a/mail_server_with_postfix.md deleted file mode 100644 index d72ecac..0000000 --- a/blog/old_newer/src/a/mail_server_with_postfix.md +++ /dev/null @@ -1,525 +0,0 @@ -title: Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM -author: David Luévano -lang: en -summary: How to create mail server using Postfix, Dovecot, SpamAssassin and OpenDKIM. This is a follow up on post about creating a website with Nginx and Certbot. -tags: server - tools - tutorial - english - -The entry is going to be long because it's a *tedious* process. This is also based on [Luke Smith's script](https://github.com/LukeSmithxyz/emailwiz), but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I'm in the process of installing/configuring the mail server on a new VPS of mine; also I'm going to be writing a script that does everything in one go (for Arch Linux), that will be hosted [here](https://git.luevano.xyz/server_scripts.git). - -This configuration works for local users (users that appear in `/etc/passwd`), and does not use any type of SQL. And note that most if not all commands executed here are run with root privileges. - -More in depth configuration is detailed in the Arch Wiki for each package used here. - -## Prerequisites - -Basically the same as with the [website with Nginx and Certbot](https://blog.luevano.xyz/a/website_with_nginx.html): - -* A domain name. Got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * Later we'll be adding some **MX** and **TXT** records. - * You also need a **CNAME** for "mail" and (optionally) "www.mail", or whatever you want to call the sub-domains (although the [RFC 2181](https://tools.ietf.org/html/rfc2181#section-10.3) states that it NEEDS to be an **A** record, fuck the police), to actually work and to get SSL certificate (you can also use the SSL certificate obtained if you created a website following my other notes on `nginx` and `certbot`) with `certbot` (just create a `mail.conf` for `nginx`, similar to how we created it in the website entry). -* A VPS or somewhere else to host. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * `ssh` configured. - * Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall (I use `ufw`). - * With `nginx` and `certbot` setup and running. - -## Postfix - -[Postfix](https://wiki.archlinux.org/index.php/Postfix) is a "mail transfer agent" which is the component of the mail server that receives and sends emails via SMTP. - -Install the `postfix` package: - -```sh -pacman -S postfix -``` - -We have two main files to configure (inside `/etc/postfix`): `master.cf` ([master(5)](https://man.archlinux.org/man/master.5)) and `main.cf` ([postconf(5)](https://man.archlinux.org/man/postconf.5)). We're going to edit `main.cf` first either by using the command `postconf -e 'setting'` or by editing the file itself (I prefer to edit the file). - -Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke's script did plus some other settings that worked for me. - -Now, first locate where your website cert is, mine is at the default location `/etc/letsencrypt/live/`, so my `certdir` is `/etc/letsencrypt/live/luevano.xyz`. Given this information, change `{yourcertdir}` on the corresponding lines. The configuration described below has to be appended in the `main.cf` configuration file. - -Certificates and ciphers to use for authentication and security: - -```apache -smtpd_tls_key_file = {yourcertdir}/privkey.pem -smtpd_tls_cert_file = {yourcertdir}/fullchain.pem -smtpd_use_tls = yes -smtpd_tls_auth_only = yes -smtp_tls_security_level = may -smtp_tls_loglevel = 1 -smtp_tls_CAfile = {yourcertdir}/cert.pem -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -tls_preempt_cipherlist = yes -smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, - DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, - RSA+AES, eNULL - -smtp_tls_CApath = /etc/ssl/certs -smtpd_tls_CApath = /etc/ssl/certs - -smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination -``` - -Also, for the *connection* with `dovecot`, append the next few lines (telling postfix that `dovecot` will use user/password for authentication): - -```apache -smtpd_sasl_auth_enable = yes -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/auth -smtpd_sasl_security_options = noanonymous, noplaintext -smtpd_sasl_tls_security_options = noanonymous -``` - -Specify the mailbox home (this is going to be a directory inside your user's home): - -```apache -home_mailbox = Mail/Inbox/ -``` - -Pre-configuration to work seamlessly with `dovecot` and `opendkim`: - -```apache -myhostname = {yourdomainname} -mydomain = localdomain -mydestination = $myhostname, localhost.$mydomain, localhost - -milter_default_action = accept -milter_protocol = 6 -smtpd_milters = inet:127.0.0.1:8891 -non_smtpd_milters = inet:127.0.0.1:8891 -mailbox_command = /usr/lib/dovecot/deliver -``` - -Where `{yourdomainname}` is `luevano.xyz` in my case, or if you have `localhost` configured to your domain, then use `localhost` for `myhostname` (`myhostname = localhost`). - -Lastly, if you don't want the sender's IP and user agent (application used to send the mail), add the following line: - -```apache -smtp_header_checks = regexp:/etc/postfix/smtp_header_checks -``` - -And create the `/etc/postfix/smtp_header_checks` file with the following content: - -```coffee -/^Received: .*/ IGNORE -/^User-Agent: .*/ IGNORE -``` - -That's it for `main.cf`, now we have to configure `master.cf`. This one is a bit more tricky. - -First look up lines (they're uncommented) `smtp inet n - n - - smtpd`, `smtp unix - - n - - smtp` and `-o syslog_name=postfix/$service_name` and either delete or uncomment them... or just run `sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf` as stated in Luke's script. - -Lastly, append the following lines to complete postfix setup and pre-configure for `spamassassin`. - -```txt -smtp unix - - n - - smtp -smtp inet n - y - - smtpd - -o content_filter=spamassassin -submission inet n - y - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - -o smtpd_tls_auth_only=yes -smtps inet n - y - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes -spamassassin unix - n n - - pipe - user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient} -``` - -Now, I ran into some problems with postfix, one being [smtps: Servname not supported for ai_socktype](https://www.faqforge.com/linux/fix-for-opensuse-error-postfixmaster-fatal-0-0-0-0smtps-servname-not-supported-for-ai_socktype/), to fix it, as *Till* posted in that site, edit `/etc/services` and add: - -```apache -smtps 465/tcp -smtps 465/udp -``` - -Before starting the `postfix` service, you need to run `newaliases` first (but you can do a bit of configuration beforehand). Edit the file `/etc/postfix/aliases` and edit accordingly. I only change the `root: you` line (where `you` is the account that will be receiving "root" mail). Check the Arch Wiki for more info and other alternatives/options. After you're done, run: - -```sh -postalias /etc/postfix/aliases -newaliases -``` - -At this point you're done configuring `postfix` and you can already start/enable the `postfix` service: - -```sh -systemctl start postfix.service -systemctl enable postfix.service -``` - -## Dovecot - -[Dovecot](https://wiki.archlinux.org/index.php/Dovecot) is an IMAP and POP3 server, which is what lets an email application retrieve the mail. - -Install the `dovecot` and `pigeonhole` (sieve for `dovecot`) packages: - -```sh -pacman -S dovecot pigeonhole -``` - -On arch, by default, there is no `/etc/dovecot` directory with default configurations set in place, but the package does provide the example configuration files. Create the `dovecot` directory under `/etc` and, optionally, copy the `dovecot.conf` file and `conf.d` directory under the just created `dovecot` directory: - -```sh -mkdir /etc/dovecot -cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf -cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot -``` - -As Luke stated, `dovecot` comes with a lot of "modules" (under `/etc/dovecot/conf.d/` if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edits/creates the whole `dovecot.conf` file; although, I would like to check each of the separate configuration files `dovecot` provides I think the options Luke provides are more than good enough. - -I'm working with an empty `dovecot.conf` file. Add the following lines for SSL and login configuration (also replace `{yourcertdir}` with the same certificate directory described in the Postfix section above, note that the `<` is required): - -```apache -ssl = required -ssl_cert = <{yourcertdir}/fullchain.pem -ssl_key = <{yourcertdir}/privkey.pem -ssl_min_protocol = TLSv1.2 -ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH -ssl_prefer_server_ciphers = yes -ssl_dh = `: redirects output to a file, overwriting the file (or creating a new file). -* `>>`: redirects output to a file, appending to the file (or creating a new file). - -## Shell scripting - -A shell script is nothing more but a file that contains commands in it; they're executed in the same order they are present in the file. A shell script file is usually terminated with a `.sh` extension, independently of the shell being used, but it's not 100% necessary as in Unix systems, an extension mean nothing, other than distinction (visually) between files. Then one can just have an extension-less file as a script. **The script must have execution permissions (`chmod +x file`)**, unless `shell script` is executed in the terminal, where `shell` could be `sh`, `bash`, etc. **Comments** are created by prepending `#` to whatever the text should be a comment. - -It's common practice to have the first line as a **she-bang** (`#!`), which is just a comment telling the interpreter which shell to execute the script with (usable when having the script in your **PATH** so you only call the name of the script like any other command/program). A she-bang has the syntax `#!/path/to/shell some_other_options`, the most common she-bangs being: `#!/bin/sh`, `#!/bin/bash`, `#!/usr/bin/python`, etc. - -Also, some people argue that you shouldn't use absolute paths, since not all Unix operating systems have the same directory structure, or not all programs are going to be installed in the same folder. So a portable she-bang can be made by prepending `/usr/bin/env` and the specify the program to run, for example: `#!/usr/bin/env bash`. - -Like always... the basic "Hello, world!" script: - -```sh -#!/bin/sh -echo "Hello, world!" -``` - -Three ways of executing this script (assuming the file name is `hw`): - -1. Type in terminal `sh hw`. -2. Type in terminal `./hw`. Requires the file to have execute permissions. -3. Type in terminal `hw`. Requires the file to have execute permissions. Requires the file to be in your PATH. - -### Variables - -Variables are case sensitive, meaning that `my_var` and `MY_VAR` are different and a variable name can only contain letters and numbers (`a-z`, `A-Z` and `0-9`) or the underscore character `_`. Can't contain a space. Variables are called by prepending `$` to the variable name. - -Like in most programming languages, there are some reserved words like `if`, `select`, `then`, `until`, `while`, etc., that can't be used as variables or as values of variables. For more: [D.2 Index of Shell Reserved Words](https://www.gnu.org/software/bash/manual/html_node/Reserved-Word-Index.html). - -There is no need to specify a variable type. Anything surrounded by `"` will be treated as text. You can use booleans, numbers, text and arrays (the implementation of arrays depends on the shell being used). Make a variable readonly by calling `readonly variable_name`. Basic syntax: - -* Text variables: `var="my var"`. -* Numeric variables: `var=123`. -* Boolean variables: `var=true` and `var=false`. -* Arrays (assuming `bash` is the shell): - * `var[0]=value1`, `var[...]=...`, `var[n]=valuen`, etc. - * `var=(value1 ... valuen)` - * Access single values with `${var[index]}` and all values with `${var[*]}` or `${var[@]}`. - -There are special variables (for more. [tutorialspoint: Unix / Linux - Special Variables](https://www.tutorialspoint.com/unix/unix-special-variables.htm)): - -* `$`: represents the process ID number, or PID, of the current shell. -* `0`: the filename of the current script. -* `n`: where `n` can be any whole number, correspond to arguments passed to the script (`command arg1 arg2 arg3 argn`). -* `#:` number of arguments supplied to the script. -* `*:` all the arguments are double quoted. -* `@:` all the arguments are individually double quoted. -* `?:` exit status of the last command executed. -* `!:` process number of the last background command. - -When calling a script, you can pass optional (or required) positional arguments like: `command arg1 arg2 arg3 argn`. - -Note that a variable can also take the output of another command, one common way to do this is using `$(command)` or `` `command` ``, for example: `var="$(echo 'this is a command being executed inside the definition of a variable')"` which, since the `echo` command is being run, `var="this is a command being executed inside the definition of a variable"`, which doesn't seem like much, but there could be any command inside `$()` or `` `command` ``. Note that this is not special to defining variables, could also be used as arguments of another command. - -#### Internal Field Separator (IFS) - -This is used by the shell to determine how to do word splitting (how to recognize word boundaries). The default value for `IFS` consists of whitespace characters (space, tab and newline). This value can ve overridden by setting the variable `IFS` to something like, for example, `:`. - -### Conditionals - -#### Exit status - -Any command being run has an exit status, either `0` or `1`, if the command has been executed successfully or otherwise (an error), respectively. - -#### `if` statement - -Pretty similar to other programming languages, evaluates an expression to a `true` or `false` and executes code as specified. `if` statements can be nested, and follow normal rules of logical operations. Basic syntax is: - -```sh -#!/bin/sh -if expression -then -do_something -elif another_expression -then -do_another_thing -else -do_something_else -fi -``` - -The expression is usually wrapped around `[]` or `[[]]`, the first being POSIX compliant and the second `bash`-specific (and other shells). - -Also, some **operators** to compare things use `==` for "equals" and `>` for "greater than", for example; while in a POSIX compliant shell, `=` for "equals" and `-gt` for "greater than" has to be used. For more operators: [tutorialspoint: Unix / Linux - Shell Basic Operators](https://www.tutorialspoint.com/unix/unix-basic-operators.htm) (this also covers **logical operators** and **file test operators**). - -### Case statement - -A common good alternative to multilevel `if` statements, enables you to match several values against one variable. Basic syntax is: - -```sh -case $var in - pattern1) - do_something1 - ;; - pattern2) - subpattern1) - do_subsomething1 - ;; - subpattern2) - do_subsomething2 - ;; - *) - pattern3|pattern4|...|patternN) - do_something3 - ;; - patternM) - do_somethingM - ;; - *) - do_something_default - ;; -esac -``` - -Where the `*` pattern is not necessary but serves the same purpose as a "default" case. - -### Loops - -Loops enable execution of a set of commands repeatedly. Loops, naturally, can be nested. `expression` here (in the basic syntax examples) work the same as mentioned in the "`if` statement" section. For more: [tutorialspoint: Unix / Linux - Shell Loop Types](https://www.tutorialspoint.com/unix/unix-shell-loops.htm). - -#### Loop control - -Similar than other programming languages, there are loop controls to interrupt or continue a loop: - - * `break` statement. - * `continue` statement. - -These statements accept an argument that specify from which loop to exit/continue. - -#### `while` loop - -Enables to execute a set of commands repeatedly until some condition occurs. Basic syntax: - -```sh -#!/bin/sh -while expression -do - do_something -done -``` - -#### `until` loop - -Similar to the `while` loop, the difference is that the `while` loop is executed as long as a condition is true, but the `until` loop... until a condition is true. Basic syntax (similar to `while` loop): - -```sh -#!/bin/sh -until expression -do - do_something -done -``` - -#### `for` loop - -Operates on lists of items. It repeats a set of commands for every item in a list. Basic syntax: - -```sh -#!/bin/sh -for var in word1 word2 ... wordN -do - do_something_with_var -done -``` - -Where `var` is the current value (`word1`, `word2`, etc.) in the loop and the expression after `for` can refer to an array, or the output of a command that outputs a list of things, etc. - -#### `select` loop - -Provides an easy way to create a numbered menu from which users can select options. Basic syntax (similar to `for` loop): - -```sh -select var in word1 word2 ... wordN -do - do_something_with_var -done -``` - -### Meta characters - -Meta characters are used to execute several commands on a single line (depending on what it's needed). The most used meta characters to accomplish this are semi-colon `;`, double ampersand `&&` and double "pipe" `||`. - -* `;`: is used to finish one command (similar to some programming languages), after the command on the left of `;` is finished (whatever the exit code is), the command on the right will be executed. -* `&&`: similar to `;`, but only if the command on the left exits with code `0` (success). -* `||`: similar to `&&`, but for exit code `1`(error). - -### Functions - -Enable to break down the overall functionality of a script into smaller, logical subsections, which can then be called upon to perform their individual tasks when needed (like in any other programming language...). For more: [tutorialspoint: Unix / Linux - Shell Functions](https://www.tutorialspoint.com/unix/unix-shell-functions.htm). Basic syntax: - -```sh -#!/bin/sh -function_name () { - do_something -} -``` - -Functions can also take arguments and can access their individual arguments (each function will have a different "storage" for their arguments). Functions can also be nested. Here `exit` will not only will finish the function code, but also the shell script that called it, instead use `return` plus an exit code to just exit the function. diff --git a/blog/old_newer/src/a/sql_video_notes.md b/blog/old_newer/src/a/sql_video_notes.md deleted file mode 100644 index b6662db..0000000 --- a/blog/old_newer/src/a/sql_video_notes.md +++ /dev/null @@ -1,177 +0,0 @@ -title: SQL tutorial video notes -author: David Luévano -lang: en -summary: Notes of videos about basic SQL syntax and usage, as requested by a mentor of mine. -tags: notes - english - -I was requested to make summaries of videos about SQL, these are the notes (mostly this is a transcription of what I found useful). The videos in question are: [SQL Tutorial - Full Database Course for Beginners](https://www.youtube.com/watch?v=HXV3zeQKqGY), [MySQL Tutorial for Beginners [Full Course]](https://www.youtube.com/watch?v=7S_tz1z_5bA) and [Advanced SQL course | SQL tutorial advanced](https://www.youtube.com/watch?v=2Fn0WAyZV0E). Also, some notes were taken from [w3schools.com's SQL Tutorial](https://www.w3schools.com/sql/) and [MySQL 8.0 Reference Manual](https://dev.mysql.com/doc/refman/8.0/en/). - -## What is a database (DB)? - -Any collection of related information, such as a phone book, a shopping list, Facebook's user base, etc.. It can be stored in different ways: on paper, on a computer, in your mind, etc.. - -### Database Management Systems (DBMS) - -A special software program that helps users create and maintain a database that makes it easy to manage large amounts of information, handles security, backups and can connect to programming languages for automation. - -### CRUD - -The four main operations that a DBMS will do: create, read, update and delete. - -### Two types of databases - -* Relational (SQL) - * Organize data into one or more tables. - * Each table has columns and rows. - * A unique key identifies each row. -* Non-relational (noSQL/not just SQL) - * Key-value stores. - * Documents (JSON, XML, etc). - * Graphs. - * Flexible tables. - -#### Relational databases (RDB) (SQL) - -When we want to create a RDB we need a Relational Database Management System (RDBMS) that uses Structured Query Language (SQL) which is a standardized language for interacting with RDBMS and it's used to perform CRUD operations (and other administrative tasks). - -#### Non-relational databases (NRDB) (noSQL/not just SQL) - -Anything that's not relational, stores data in anything but static tables. Could be a document (JSON, XML, etc.), graph (relational nodes), key-value hash (strings, json, etc.), etc. - -NRDB also require a Non-Relational Database Management System (NRDBMS) to maintain a database. But it doesn't have a standardized language for performing CRUD and administrative operations like how RDB have. - -### Database queries - -A DB query is a request that is made to the (R/NR)DBMS for a specific information. A google search is a query, for example. - -## Tables and keys - -A table is composed of columns, rows and a primary key. The primary key is unique and identifies one specific row. Columns and rows are trivial, a column identifies a field and has a specific data type (name, email, birth) and a row identifies a table entry (person that contains a name, email and birth). - -Also, there are foreign keys, it's purpose is to relate to another database table; this foreign key is unique in it's own table, but can be repeated where you use it as a foreign key. - -It's possible to use the same table keys as foreign keys to make relations inside the same table. - -## SQL basics - -It's actually a hybrid language, basically 4 types of languages in one: - -* Data Query Language (DQL) - * Used to query the database for information. - * Get information that is already stored there. -* Data Definition Language (DDL) - * Used for defining database schemas. -* Data Control Language (DCL) - * Used for controlling access to the data in the database. - * User and permissions management. -* Data Manipulation Language (DML) - * Used for inserting, updating and deleting data from a database. - -### Queries - -A set of instructions given to the RDBMS (written in SQL) that tell the RDBMS what information you want it to retrieve. Instead of getting the whole database, retrieve only a bit of information that you need. - -Also, SQL keywords can be either lower or upper case, but it's **convention to use upper case**. And **queries are ended by a semi-colon**. - -#### Data types - -Just some SQL data types (for more: [MySQL 8.0 Reference Manual: Chapter 11 Data Types](https://dev.mysql.com/doc/refman/8.0/en/data-types.html), the notation is `DATATYPE(SIZE(,SIZE))`: - -* `INT`: integer numbers. -* `DECIMAL(M,N)`: decimal numbers. -* `VARCHAR(N)`: string of text of length N. -* `BLOB`: Binary Large Object, stores large data. -* `DATE`: YYYY-MM-DD. -* `TIMESTAMP`: YYYY-MM-DD HH:MM:SS. - -#### Basic management of tables - -To **create a table**, the basic syntax is `CREATE TABLE tablename (column1 datatype constraint, column2 datatype constraint, ...)`, where a constraint could be (for more: [MySQL 8.0 Reference Manual: 13.1.20 CREATE TABLE Statement](https://dev.mysql.com/doc/refman/8.0/en/create-table.html)): - -* `NOT NULL`: can't have a `NULL` value. -* `UNIQUE`: all values are unique. -* `PRIMARY KEY`: uniquely identifies each row. -* `FOREIGN KEY`: uniquely identifies a row in another table. -* `CHECK expresion`: satisfy a special condition (`expresion`). -* `DEFAULT value`: if no value is specified use value `value`. -* `INDEX`: to create and retrieve data from the database very quickly. - -Get the **table structure** with `DESCRIBE tablename` and delete it with `DROP TABLE tablename`. **Add columns** to the table with `ALTER TABLE tablename ADD column DATATYPE(N,M)`, similar syntax to **delete a specific column** `ALTER TABLE tablename DRORP COLUMN column`. - -**Add entries** to the table with `INSERT INTO tablename VALUES(value1, value2, ...)` where all the fields must be specified, or `INSERT INTO tablename(column1, column2) VALUES(value1, value2)` to just add some fields to the new entry. While at it, (all) the table content can be fetched with `SELECT * FROM tablename`. - -Basic **Updating of entries** with `UPDATE tablename SET expression1 WHERE expression2`, where `expression1` could be `column = value2` and `expression2` could be `column = value1`, meaning that the value of `column` will be changed from `value1` to `value2`. Note that the expressions are not limited by `column = value`, and that the `column` has to be the same, it would be any expression. Also, this is really extensive as `SET` can set multiple variables and `WHERE` take more than one condition by chaining conditions with `AND`, `OR` and `NOT` keywords, for example. - -##### ON DELETE statement - -When an entry needs to be updated somehow based on a modification on a foreign key. If two tables are related to each other, if something is deleted on one end, update the other end in some way. - -For example on creation of a table, on the specification of a foreign key: `CREATE TABLE tablename (..., FOREIGN KEY(column) REFERENCES othertable(othertablecolumn) ON DELETE something)`. That something could be `SET NULL`, `CASCADE`, etc.. - -#### SELECT queries - -Instead of doing `SELECT * FROM tablename`, which gets all the data from a table, more complex `SELECT` queries can be implemented, such as `SELECT column FROM tablename` to only get all data from one column of the table. Append `LIMIT N` to limit the query to `N` entries. Append `WHERE condition` to meet a custom condition. - -Other statements that can be used in conjunction with `SELECT` are `ORDER BY column ASC|DESC`, `SELECT DISTINCT`, `MIN(column)`, `MAX(column)`, `COUNT(column)`, `AVG(column)`, `SUM(column)`, `LIKE` and more. For more, visit [MySQL 8.0 Reference Manual: 13.2.10 SELECT Statement](https://dev.mysql.com/doc/refman/8.0/en/select.html). - -MySQL uses regular expressions (regex) like pattern matching, some wildcards that can be used with the `LIKE` statement are: - -* `%`: zero or more characters. -* `_`: a single character. -* `[]`: any single character within the brackets. -* `^`: any character not in the brackets. -* `-`: a range of characters. - -An extended regex can be used with the statement `REGEX_LIKE(expression)`; `REGEXP` and `RLIKE` are synonyms for `REGEX_LIKE`. For more: [MySQL 8.0 Reference Manual: 3.3.4.7 Pattern Matching](https://dev.mysql.com/doc/refman/8.0/en/pattern-matching.html). - -#### Unions - -A specialized SQL operator that is used to combine multiple `SELECT` statements into one. The basic syntax is `SELECT ... UNION SELECT ...`, where `...` is a whole `SELECT` statement; there can be any amount of unions. There are some rules that apply when doing unions, such as having the same amount of columns on both statements and being of the same data type. - -#### Joins - -Used to combine rows from two or more tables based on a related column between them. Basic syntax is `SELECT table1.column1, ..., table2.column1, ... FROM table(1|2) JOIN table(1|2) ON table1.common_column = table2.common_column`, where the table specified in the `FROM` statement is called the "left" table, where the one in the `JOIN` statement is the "right" table. For more: [MySQL 8.0 Reference Manual: 13.2.10.2 JOIN Clause](https://dev.mysql.com/doc/refman/8.0/en/join.html). - -There are different types of SQL JOINs: - -* `(INNER) JOIN`: returns records that have matching values in both tables. -* `LEFT (OUTER) JOIN`: returns all records from the left table, and the matched records from the right table. -* `RIGHT (OUTER) JOIN`: returns all records from the right table, and the matched records from the left table. -* `FULL (OUTER) JOIN`: returns all records when there is a match in either left or right table. - -![INNER JOIN](https://static.luevano.xyz/images/b/notes/sql/img_innerjoin.gif) -![LEFT JOIN](https://static.luevano.xyz/images/b/notes/sql/img_leftjoin.gif) -![RIGHT JOIN](https://static.luevano.xyz/images/b/notes/sql/img_rightjoin.gif) -![FULL OUTER JOIN](https://static.luevano.xyz/images/b/notes/sql/img_fulljoin.gif) - -#### Nested queries - -A query composed of multiple select statements to get a specific piece of information. This is self explanatory, you do a `SELECT` query somewhere inside another one, for example `SELECT ... IN (SELECT ...)`, where the nesting is occurring inside the parenthesis after the `IN` statement. - -A nesting isn't constrained to the `IN` statement, it can appear anywhere, for example in a `WHERE` statement: `SELECT ... WHERE something = (SELECT ...)`. - -#### Triggers - -A block of SQL code that will define a certain action that will happen when a specific operation is performed on the database. It is **recommended to change the `DELIMITER` temporarily from semi-colon to something else** (since we need to use semi-colon to end the trigger) while the trigger is created. The basic syntax is `CREATE TRIGGER trigername triggertime triggerevent ON tablename FOR EACH ROW triggerorder triggerbody`. For more: [MySQL 8.0 Reference Manual: 13.1.22 CREATE TRIGGER Statement](https://dev.mysql.com/doc/refman/8.0/en/create-trigger.html) and [MySQL 8.0 Reference Manual: 25.3.1 Trigger Syntax and Examples](https://dev.mysql.com/doc/refman/8.0/en/trigger-syntax.html). - -#### Entity Relationship Diagrams (ERD) - -When designing a database it's important to define a **database schema** which is just a definition of all the different tables and their attributes that are going to live inside the database. So, basically, an ERD diagram is a diagram that consists of text, symbols and shapes that are combined to create a relationship model. - -The diagram consists of: - -* **Entity**: a square with the name of the entity inside it. -* **Attributes**: ovals with the name of the attributes inside it; an attribute defines specific pieces of information about an entity (columns). -* **Primary key**: same as with attributes but with name underlined; the primary key uniquely identifies the entity. -* **Composite attribute**: an attribute that consists on one or more (sub-)attributes. -* **Multi-valued attribute**: oval with another oval inside it and the name of the attribute. -* **Derived attribute**: dotted oval; this attribute can be derived from other attributes from the entity. -* **Relationship**: a diamond with the relationship name in it, for the connections a single line (partial participation) or a doubled line (total participation); it denotes how two or more attributes are related to each other; all members must participate in the relationship. -* **Relationship attribute**: denoted like a normal attribute, but it's child of a relationship; it defines what attributes exists because of the relationship, it's not stored in any of the entities related, but on the relationship object itself. -* **Relationship cardinality**: denoted with a number on the line connecting the relationship to the entity; detones the number of instances of an entity from a relation that can be associated with the relation. -* **Weak entity**: rectangle inside a rectangle with its name inside; it cannot be uniquely identified by its attributes alone. -* **Weak entity's primary key**: oval with its text underlined, but the line is dotted. -* **Identifying relationship**: a diamond inside a diamond with its name inside; a relationship that serves to uniquely identify the weak entity. - -![ERD example taken from wikipedia](https://static.luevano.xyz/images/b/notes/sql/erd_example.png) diff --git a/blog/old_newer/src/a/website_with_nginx.md b/blog/old_newer/src/a/website_with_nginx.md deleted file mode 100644 index 1682da2..0000000 --- a/blog/old_newer/src/a/website_with_nginx.md +++ /dev/null @@ -1,164 +0,0 @@ -title: Create a website with Nginx and Certbot -author: David Luévano -lang: en -summary: How to create website that runs on Nginx and uses Certbot for SSL certificates. This is a base for future blog posts about similar topics. -tags: server - tools - tutorial - english - -These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from [Luke's video](https://www.youtube.com/watch?v=OWAqilIVNgE) and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I'm configuring the web server again on a new VPS instance, so this is going to be fresh. - -As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges. - -## Prerequisites - -You will need two things: - -* A domain name (duh!). I got mine on [Epik](https://www.epik.com/?affid=da5ne9ru4) (affiliate link, btw). - * With the corresponding **A** and **AAA** records pointing to the VPS' IPs ("A" record points to the ipv4 address and "AAA" to the ipv6, basically). I have three records for each type: empty one, "www" and "\*" for a wildcard, that way "domain.name", "www.domain.name", "anythingelse.domain.name" point to the same VPS (meaning that you can have several VPS for different sub-domains). -* A VPS or somewhere else to host it. I'm using [Vultr](https://www.vultr.com/?ref=8732849) (also an affiliate link). - * With `ssh` already configured both on the local machine and on the remote machine. - * Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use `ufw` so it's just a matter of doing `ufw allow 80,443/tcp` as root and you're golden. - * `cron` installed if you follow along (you could use `systemd` timers, or some other method you prefer to automate running commands every X time). - -## Nginx - -You have two options: `nginx` and `nginx-mainline`. I prefer `nginx-mainline` because it's the "up to date" package even though `nginx` is labeled to be the "stable" version. Install the package and enable/start the service: - -```sh -pacman -S nginx-mainline -systemctl enable nginx.service -systemctl start nginx.service -``` - -And that's it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this: - -![Nginx welcome page](https://static.luevano.xyz/images/b/notes/nginx/nginx_welcome_page.png) - -As stated in the welcome page, configuration is needed, head to the directory of nginx: - -```sh -cd /etc/nginx -``` - -Here you have several files, the important one is `nginx.conf`, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it's common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains). - -Inside the `nginx.conf` file, delete the `server` blocks and add the lines `include sites-enabled/*;` (to look into individual server configuration files) and `types_hash_max_size 4096;` (to get rid of an ugly warning that will keep appearing) somewhere inside the `http` block. The final `nginx.conf` file would look something like (ignoring the comments just for clarity, but you can keep them as side notes): - -```nginx -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include sites-enabled/*; - include mime.types; - default_type application/octet-stream; - - sendfile on; - - keepalive_timeout 65; - - types_hash_max_size 4096; -} -``` - -Next, inside the directory `/etc/nginx/` create the `sites-available` and `sites-enabled`, and go into the `sites-available` one: - -```sh -mkdir sites-available -mkdir sites-enabled -cd sites-available -``` - -Here, create a new `.conf` file for your website and add the following lines (this is just the sample content more or less): - -```nginx -server { - listen 80; - listen [::]:80; - - root /path/to/root/directory; - server_name domain.name another.domain.name; - index index.html anotherindex.otherextension; - - location /{ - try_files $uri $uri/ =404; - } -} -``` - -Note several things: - -* `listen`: we're telling nginx which port to listen to (ipv4 and ipv6, respectively). -* `root`: the root directory of where the website files (`.html`, `.css`, `.js`, etc. files) are located. I followed Luke's directory path `/var/www/some_folder`. -* `server_name`: the actual domain to "listen" to (for my website it is: `server_name luevano.xyz www.luevano.xyz`; and for this blog is: `server_name blog.luevano.xyz www.blog.luevano.xyz`). -* `index`: what file to serve as the index (could be any `.html`, `.htm`, `.php`, etc. file) when just entering the website. -* `location`: used in case of different configurations across different URL paths. - * `try_files`: tells what files to look for, don't look into this too much for now. - -Then, make a symbolic from this config file to the `sites-enabled` directory: - -```sh -ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled -``` - -This is so the `nginx.conf` file can look up the newly created server config. With this method of having each server configuration file separate you can easily "deactivate" any website by just deleting the symbolic link in `sites-enabled` and you're good, or just add new configuration files and keep everything nice and tidy. - -All you have to do now is restart (or enable and start if you haven't already) the nginx service (and optionally test the configuration): - -```sh -nginx -t -systemctl restart nginx -``` - -If everything goes correctly, you can now go to your website by typing "domain.name" on a web browser. But you will see a "404 Not Found" page like the following (maybe with different nginx version): - -![Nginx 404 page](https://static.luevano.xyz/images/b/notes/nginx/nginx_404_page.png) - -That's no problem, because it means that the web server it's actually working. Just add an `index.html` file with something simple to see it in action. If you keep seeing the 404 page make sure your `root` line is correct and that the directory/index file exists. - -I like to remove the `.html` and trailing `/` on the URLs of my website, for that you need to add the following `rewrite` lines and modify the `try_files` line (for more: [Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config](https://www.seancdavis.com/blog/remove-html-extension-and-trailing-slash-in-nginx-config/)): - -```nginx -server { - ... - rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; - rewrite ^/(.*)/$ /$1 permanent; - ... - try_files $uri/index.html $uri.html $uri/ $uri =404; - ... -``` - -For more: [Arch Linux Wiki: nginx](https://wiki.archlinux.org/index.php/nginx). - -## Certbot - -The only "bad" (bloated) thing about certbot, is that it uses `python`, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages `certbot` and `certbot-nginx`: - -```sh -pacman -S certbot certbot-nginx -``` - -After that, all you have to do now is run `certbot` and follow the instructions given by the tool: - -```sh -certbot --nginx -``` - -It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to "say yes" to the redirection from http to https. And that's it, you can now go to your website and see that you have https active. - -Now, the certificate given by `certbot` expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using `cron`, you can do this by running: - -```sh -crontab -e -``` - -And a file will be opened where you need to add a new rule for certbot, just append the line: `1 1 1 * * certbot renew` (renew on the first day of every month) and you're good. Alternatively use `systemd` timers as stated in the [Arch Linux Wiki](https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal). - -For more: [Arch Linux Wiki: Certbot](https://wiki.archlinux.org/index.php/Certbot). - -That's it, you now have a website with SSL certificate. diff --git a/blog/old_newer/src/templates/article/footer.html b/blog/old_newer/src/templates/article/footer.html deleted file mode 100644 index 354aac2..0000000 --- a/blog/old_newer/src/templates/article/footer.html +++ /dev/null @@ -1,8 +0,0 @@ - -
- diff --git a/blog/old_newer/src/templates/article/header.html b/blog/old_newer/src/templates/article/header.html deleted file mode 100644 index cb941df..0000000 --- a/blog/old_newer/src/templates/article/header.html +++ /dev/null @@ -1 +0,0 @@ -

$$TITLE

diff --git a/blog/old_newer/src/templates/articles/footer.html b/blog/old_newer/src/templates/articles/footer.html deleted file mode 100644 index e69de29..0000000 diff --git a/blog/old_newer/src/templates/articles/header.html b/blog/old_newer/src/templates/articles/header.html deleted file mode 100644 index 9a3dcc9..0000000 --- a/blog/old_newer/src/templates/articles/header.html +++ /dev/null @@ -1,9 +0,0 @@ -

Index -- Luévano's Blog

- -

-Welcome to my blog where I'll post whatever I please, ranging from rants to how-to's. Además, este pex va a estar en español e inglés porque quiero (no una mezcla en cada entrada, pero sí entradas completas en diferentes lenguajes). -

- -

-Get the RSS feed: https://blog.luevano.xyz/rss.xml -

diff --git a/blog/old_newer/src/templates/articles/list_entry.html b/blog/old_newer/src/templates/articles/list_entry.html deleted file mode 100644 index d6d8e88..0000000 --- a/blog/old_newer/src/templates/articles/list_entry.html +++ /dev/null @@ -1 +0,0 @@ -
  • $$DATE - $$TITLE
  • diff --git a/blog/old_newer/src/templates/articles/list_footer.html b/blog/old_newer/src/templates/articles/list_footer.html deleted file mode 100644 index 3d3a44c..0000000 --- a/blog/old_newer/src/templates/articles/list_footer.html +++ /dev/null @@ -1 +0,0 @@ - diff --git a/blog/old_newer/src/templates/articles/list_header.html b/blog/old_newer/src/templates/articles/list_header.html deleted file mode 100644 index 7b504ea..0000000 --- a/blog/old_newer/src/templates/articles/list_header.html +++ /dev/null @@ -1,2 +0,0 @@ -

    Articles

    -
    - - - - diff --git a/blog/old_newer/src/templates/common/header.html b/blog/old_newer/src/templates/common/header.html deleted file mode 100644 index f3c12aa..0000000 --- a/blog/old_newer/src/templates/common/header.html +++ /dev/null @@ -1,66 +0,0 @@ - - - - - - - $$TITLE -- Luévano's Blog - - - - - - - - - - - - - - - - - - - -
    - - -
    - - - -
    -
    - -
    diff --git a/blog/old_newer/src/templates/rss/rss.xml b/blog/old_newer/src/templates/rss/rss.xml deleted file mode 100644 index bda362a..0000000 --- a/blog/old_newer/src/templates/rss/rss.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - $$TITLE - $$LINK - - A personal weblog ranging from rants to how to's and other thoughts. - en-us - Blog - Copyright 2021 David Luévano Alvarado - david@luevano.xyz (David Luévano Alvarado) - david@luevano.xyz (David Luévano Alvarado) - $$CURRENTDATE - $$CURRENTDATE - $$PYSSGVERSION - https://validator.w3.org/feed/docs/rss2.html - 30 - - https://static.luevano.xyz/images/blog.png - $$TITLE - $$LINK - -$$ITEMS - - diff --git a/blog/old_newer/src/templates/sitemap/sitemap.xml b/blog/old_newer/src/templates/sitemap/sitemap.xml deleted file mode 100644 index b3fcc75..0000000 --- a/blog/old_newer/src/templates/sitemap/sitemap.xml +++ /dev/null @@ -1,6 +0,0 @@ - - -$$URLS - diff --git a/blog/old_newer/src/templates/tag/footer.html b/blog/old_newer/src/templates/tag/footer.html deleted file mode 100644 index e69de29..0000000 diff --git a/blog/old_newer/src/templates/tag/header.html b/blog/old_newer/src/templates/tag/header.html deleted file mode 100644 index 48793fb..0000000 --- a/blog/old_newer/src/templates/tag/header.html +++ /dev/null @@ -1 +0,0 @@ -

    Posts filtered by: $$NAME

    diff --git a/blog/old_newer/src/templates/tag/list_entry.html b/blog/old_newer/src/templates/tag/list_entry.html deleted file mode 100644 index 3a7aaad..0000000 --- a/blog/old_newer/src/templates/tag/list_entry.html +++ /dev/null @@ -1 +0,0 @@ -$$NAME \ No newline at end of file diff --git a/blog/old_newer/src/templates/tag/list_footer.html b/blog/old_newer/src/templates/tag/list_footer.html deleted file mode 100644 index a1a9917..0000000 --- a/blog/old_newer/src/templates/tag/list_footer.html +++ /dev/null @@ -1,2 +0,0 @@ -

    - diff --git a/blog/old_newer/src/templates/tag/list_header.html b/blog/old_newer/src/templates/tag/list_header.html deleted file mode 100644 index af11130..0000000 --- a/blog/old_newer/src/templates/tag/list_header.html +++ /dev/null @@ -1,2 +0,0 @@ -