summaryrefslogtreecommitdiff
path: root/blog/dst/rss.xml
blob: 64bb6d4b6160335d87254a20e219f3ff0435abb6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
<?xml version="1.0" encoding="UTF-8" ?>
<rss version="2.0"
  xml:base="https://static.luevano.xyz"
  xmlns:atom="http://www.w3.org/2005/Atom"
  xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>Luévano's Blog</title>
    <link>https://blog.luevano.xyz</link>
    <atom:link href="https://blog.luevano.xyz/rss.xml" rel="self" type="application/rss+xml"/>
    <description>A personal weblog ranging from rants to how to's and other thoughts.</description>
    <language>en-us</language>
    <category>Blog</category>
    <copyright>Copyright 2021 David Luévano Alvarado</copyright>
    <managingEditor>david@luevano.xyz (David Luévano Alvarado)</managingEditor>
    <webMaster>david@luevano.xyz (David Luévano Alvarado)</webMaster>
    <pubDate>Sun, 29 May 2022 03:44:42 GMT</pubDate>
    <lastBuildDate>Sun, 29 May 2022 03:44:42 GMT</lastBuildDate>
    <generator>pyssg v0.7.2</generator>
    <docs>https://validator.w3.org/feed/docs/rss2.html</docs>
    <ttl>30</ttl>
    <image>
      <url>https://static.luevano.xyz/images/blog.png</url>
      <title>Luévano's Blog</title>
      <link>https://blog.luevano.xyz</link>
    </image>
    <item>
      <title>Creating a FlappyBird clone in Godot 3.5 devlog 1</title>
      <link>https://blog.luevano.xyz/g/flappybird_godot_devlog_1.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/g/flappybird_godot_devlog_1.html</guid>
      <pubDate>Sun, 29 May 2022 03:38:43 GMT</pubDate>
      <category>English</category>
      <category>Gamedev</category>
      <category>Godot</category>
      <description>Since I'm starting to get more into gamedev stuff, I'll start blogging about it just to keep consistent. This shows as "devlog 1" just in case I want to include more parts for extra stuff.</description>
      <content:encoded><![CDATA[<p>I just have a bit of experience with Godot and with gamedev in general, so I started with this game as it is pretty straight forward. On a high level the main characteristics of the game are:</p>
<ul>
<li>Literally just one sprite going up and down.</li>
<li>Constant horizontal move of the world/player.</li>
<li>If you go through the gap in the pipes you score a point.</li>
<li>If you touch the pipes, the ground or go past the &ldquo;ceiling&rdquo; you lose.</li>
</ul>
<p>The game was originally developed with <em>Godot 4.0 alpha 8</em>, but it didn&rsquo;t support HTML5 (webassembly) export&hellip; so I backported to <em>Godot 3.5 rc1</em>.</p>
<p>Not going to specify all the details, only the needed parts and what could be confusing, as the source code is available and can be inspected; also this assumes minimal knowledge of <em>Godot</em> in general. Usually when I mention that a set/change of something it usually it&rsquo;s a property and it can be found under the <em>Inspector</em> on the relevant node, unless stated otherwise; also, all scripts attached have the same name as the scenes, but in <em>snake_case</em> (scenes/nodes in <em>PascalCase</em>).</p>
<p>One thing to note, is that I started writing this when I finished the game, so it&rsquo;s hard to go part by part, and it will be hard to test individual parts when going through this as everything is depending on each other. For the next devlog, I&rsquo;ll do it as I go and it will include all the changes to the nodes/scripts as I was finding them, probably better idea and easier to follow.</p>
<p>The source code can be found in my GitHub <a href="https://github.com/luevano/flappybird_godot">here</a>, it also contains the exported versions for HTML5, Windows and Linux (be aware that the sound might be too high and I&rsquo;m too lazy to make it configurable, it was the last thing I added), or you could also go to the itch.io page I setup where it&rsquo;s playable in the browser:</p>
<p style="text-align:center"><iframe src="https://itch.io/embed/1551015?dark=true" width="552" height="167" frameborder="0"><a href="https://lorentzeus.itch.io/flappybirdgodot">FlappyBirdGodot by Lorentzeus</a></iframe></p>

<h2 id="initial-project-setup">Initial project setup</h2>
<h3 id="directory-structure">Directory structure</h3>
<p>I&rsquo;m basically going with what I wrote on <a href="https://blog.luevano.xyz/g/godot_project_structure.html">Godot project structure</a> recently, and probably with minor changes depending on the situation.</p>
<h3 id="config">Config</h3>
<h4 id="default-import-settings">Default import settings</h4>
<p>Since this is just pixel art, the importing settings for textures needs to be adjusted so the sprites don&rsquo;t look blurry. Go to <em>Project -&gt; Project settings&hellip; -&gt; Import defaults</em> and on the drop down select <code>Texture</code>, untick everything and make sure <em>Compress/Mode</em> is set to <code>Lossless</code>.</p>
<figure id="__yafg-figure-4">
<img alt="Project settings - Import defaults - Texture settings" src="images/g/flappybird_godot/project_settings_import_texture.png" title="Project settings - Import defaults - Texture settings">
<figcaption>Project settings - Import defaults - Texture settings</figcaption>
</figure>
<h4 id="general-settings">General settings</h4>
<p>It&rsquo;s also a good idea to setup some config variables project-wide. To do so, go to <em>Project -&gt; Project settings&hellip; -&gt; General</em>, select <em>Application/config</em> and add a new property (there is a text box at the top of the project settings window) for game scale: <code>application/config/game_scale</code> for the type use <code>float</code> and then click on add; configure the new property to <code>3.0</code>; On the same window, also add <code>application/config/version</code> as a <code>string</code>, and make it <code>1.0.0</code> (or whatever number you want).</p>
<figure id="__yafg-figure-5">
<img alt="Project settings - General - Game scale and version properties" src="images/g/flappybird_godot/project_settings_config_properties.png" title="Project settings - General - Game scale and version properties">
<figcaption>Project settings - General - Game scale and version properties</figcaption>
</figure>
<p>For my personal preferences, also disable some of the <em>GDScript</em> debug warnings that are annoying, this is done at <em>Project -&gt; Project settings&hellip; -&gt; General</em>, select <em>Debug/GDScript</em> and toggle off &ldquo;Unused arguments&rdquo;, &ldquo;Unused signal&rdquo; and &ldquo;Return value discarded&rdquo;, and any other that might come up too often and don&rsquo;t want to see.</p>
<figure id="__yafg-figure-6">
<img alt="Project settings - General - GDScript debug warnings" src="images/g/flappybird_godot/project_settings_debug_gdscript.png" title="Project settings - General - GDScript debug warnings">
<figcaption>Project settings - General - GDScript debug warnings</figcaption>
</figure>
<p>Finally, set the initial window size in <em>Project -&gt; Project settings&hellip; -&gt; General</em>, select <em>Display/Window</em> and set <em>Size/Width</em> and <em>Size/Height</em> to <code>600</code> and <code>800</code>, respectively. As well as the <em>Stretch/Mode</em> to &ldquo;viewport&rdquo;, and <em>Stretch/Aspect</em> to &ldquo;keep&rdquo;:</p>
<figure id="__yafg-figure-7">
<img alt="Project settings - General - Initial window size" src="images/g/flappybird_godot/project_settings_window_settings.png" title="Project settings - General - Initial window size">
<figcaption>Project settings - General - Initial window size</figcaption>
</figure>
<h4 id="keybindings">Keybindings</h4>
<p>I only used 3 actions (keybindings): jump, restart and toggle_debug (optional). To add custom keybindings (so that the <code>Input.something()</code> API can be used), go to <em>Project -&gt; Project settings&hellip; -&gt; Input Map</em> and on the text box write &ldquo;jump&rdquo; and click add, then it will be added to the list and it&rsquo;s just a matter of clicking the <code>+</code> sign to add a &ldquo;Physical key&rdquo;, press any key you want to be used to jump and click ok. Do the same for the rest of the actions.</p>
<figure id="__yafg-figure-8">
<img alt="Project settings - Input Map - Adding necessary keybindings" src="images/g/flappybird_godot/project_settings_input_map.png" title="Project settings - Input Map - Adding necessary keybindings">
<figcaption>Project settings - Input Map - Adding necessary keybindings</figcaption>
</figure>
<h4 id="layers">Layers</h4>
<p>Finally, rename the physics layers so we don&rsquo;t lose track of which layer is which. Go to <em>Project -&gt; Layer Names -&gt; 2d Physics</em> and change the first 5 layer names to (in order): &ldquo;player&rdquo;, &ldquo;ground&rdquo;, &ldquo;pipe&rdquo;, &ldquo;ceiling&rdquo; and &ldquo;score&rdquo;.</p>
<figure id="__yafg-figure-9">
<img alt="Project settings - Layer Names - 2D Physics" src="images/g/flappybird_godot/project_settings_layer_names_2d_physics.png" title="Project settings - Layer Names - 2D Physics">
<figcaption>Project settings - Layer Names - 2D Physics</figcaption>
</figure>
<h2 id="assets">Assets</h2>
<p>For the assets I found out about a pack that contains just what I need: <a href="https://megacrash.itch.io/flappy-bird-assets">flappy-bird-assets</a> by <a href="https://megacrash.itch.io/">MegaCrash</a>; I just did some minor modifications on the naming of the files. For the font I used <a href="https://poppyworks.itch.io/silver">Silver</a>, and for the sound the resources from <a href="https://github.com/meeq/FlappyBird-N64">FlappyBird-N64</a> (which seems to be taken from <a href="https://www.101soundboards.com/boards/10178-flappy-bird-sounds">101soundboards.com</a> which the orignal copyright holder is <a href="https://dotgears.com/">.Gears</a> anyways).</p>
<h3 id="importing">Importing</h3>
<p>Create the necessary directories to hold the respective assets and it&rsquo;s just a matter of dragging and dropping, I used directories: <code>res://entities/actors/player/sprites/</code>, <code>res://fonts/</code>, <code>res://levels/world/background/sprites/</code>, <code>res://levels/world/ground/sprites/</code>, <code>res://levels/world/pipe/sprites/</code>, <code>res://sfx/</code>. For the player sprites, the &ldquo;FileSystem&rdquo; window looks like this (<code>entities/actor</code> directories are really not necessary):</p>
<figure id="__yafg-figure-10">
<img alt="FileSystem - Player sprite imports" src="images/g/flappybird_godot/player_sprite_imports.png" title="FileSystem - Player sprite imports">
<figcaption>FileSystem - Player sprite imports</figcaption>
</figure>
<p>It should look similar for other directories, except maybe for the file extensions. For example, for the sfx:</p>
<figure id="__yafg-figure-11">
<img alt="FileSystem - SFX imports" src="images/g/flappybird_godot/sfx_imports.png" title="FileSystem - SFX imports">
<figcaption>FileSystem - SFX imports</figcaption>
</figure>
<h2 id="scenes">Scenes</h2>
<p>Now it&rsquo;s time to actually create the game, by creating the basic scenes that will make up the game. The hardest part and the most confusing is going to be the <em>TileMaps</em>, so that goes first.</p>
<h3 id="tilemaps">TileMaps</h3>
<p>I&rsquo;m using a scene called &ldquo;WorldTiles&rdquo; with a <em>Node2D</em> node as root called the same. With 2 different <em>TileMap</em> nodes as children named &ldquo;GroundTileMap&rdquo; and &ldquo;PipeTileMap&rdquo; (these are their own scene); yes 2 different <em>TileMaps</em> because we need 2 different physics colliders (In Godot 4.0 you can have a single <em>TileMap</em> with different physics colliders in it). Each node has its own script. It should look something like this:</p>
<figure id="__yafg-figure-12">
<img alt="Scene - WorldTiles (TileMaps)" src="images/g/flappybird_godot/scene_world_tiles.png" title="Scene - WorldTiles (TileMaps)">
<figcaption>Scene - WorldTiles (TileMaps)</figcaption>
</figure>
<p>I used the following directory structure:</p>
<figure id="__yafg-figure-13">
<img alt="Scene - WorldTiles - Directory structure" src="images/g/flappybird_godot/scene_world_tiles_directory_structure.png" title="Scene - WorldTiles - Directory structure">
<figcaption>Scene - WorldTiles - Directory structure</figcaption>
</figure>
<p>To configure the GroundTileMap, select the node and click on &ldquo;(empty)&rdquo; on the <em>TileMap/Tile set</em> property and then click on &ldquo;New TileSet&rdquo;, then click where the &ldquo;(empty)&rdquo; used to be, a new window should open on the bottom:</p>
<figure id="__yafg-figure-14">
<img alt="TileSet - Configuration window" src="images/g/flappybird_godot/tile_set_config_window.png" title="TileSet - Configuration window">
<figcaption>TileSet - Configuration window</figcaption>
</figure>
<p>Click on the plus on the bottom left and you can now select the specific tile set to use. Now click on the yellow &ldquo;+ New Single Tile&rdquo;, activate the grid and select any of the tiles. Should look like this:</p>
<figure id="__yafg-figure-15">
<img alt="TileSet - New single tile" src="images/g/flappybird_godot/tile_set_new_single_tile.png" title="TileSet - New single tile">
<figcaption>TileSet - New single tile</figcaption>
</figure>
<p>We need to do this because for some reason we can&rsquo;t change the snap options before selecting a tile. After selecting a random tile, set up the <em>Snap Options/Step</em> (in the <em>Inspector</em>) and set it to 16x16 (or if using a different tile set, to it&rsquo;s tile size):</p>
<figure id="__yafg-figure-16">
<img alt="TileSet - Tile - Step snap options" src="images/g/flappybird_godot/tile_set_tile_step_snap_options.png" title="TileSet - Tile - Step snap options">
<figcaption>TileSet - Tile - Step snap options</figcaption>
</figure>
<p>Now you can select the actual single tile. Once selected click on &ldquo;Collision&rdquo;, use the rectangle tool and draw the rectangle corresponding to that tile&rsquo;s collision:</p>
<figure id="__yafg-figure-17">
<img alt="TileSet - Tile - Selection and collision" src="images/g/flappybird_godot/tile_set_tile_selection_collision.png" title="TileSet - Tile - Selection and collision">
<figcaption>TileSet - Tile - Selection and collision</figcaption>
</figure>
<p>Do the same for the other 3 tiles. If you select the <em>TileMap</em> itself again, it should look like this on the right (on default layout it&rsquo;s on the left of the <em>Inspector</em>):</p>
<figure id="__yafg-figure-18">
<img alt="TileSet - Available tiles" src="images/g/flappybird_godot/tile_set_available_tiles.png" title="TileSet - Available tiles">
<figcaption>TileSet - Available tiles</figcaption>
</figure>
<p>The ordering is important only for the &ldquo;underground tile&rdquo;, which is the filler ground, it should be at the end (index 3); if this is not the case, repeat the process (it&rsquo;s possible to rearrange them but it&rsquo;s hard to explain as it&rsquo;s pretty weird).</p>
<p>At this point the tilemap doesn&rsquo;t have any physics and the cell size is wrong. Select the &ldquo;GroundTileMap&rdquo;, set the <em>TileMap/Cell/Size</em> to 16x16, the <em>TileMap/Collision/Layer</em> set to <code>bit 2</code> only (ground layer) and disable any <em>TileMap/Collision/Mask</em> bits. Should look something like this:</p>
<figure id="__yafg-figure-19">
<img alt="TileMap - Cell size and collision configuration" src="images/g/flappybird_godot/tile_map_cell_collision_configuration.png" title="TileMap - Cell size and collision configuration">
<figcaption>TileMap - Cell size and collision configuration</figcaption>
</figure>
<p>Now it&rsquo;s just a matter of repeating the same for the pipes (&ldquo;PipeTileMap&rdquo;), only difference is that when selecting the tiles you need to select 2 tiles, as the pipe is 2 tiles wide, or just set the <em>Snap Options/Step</em> to 32x16, for example, just keep the cell size to 16x16.</p>
<h4 id="default-ground-tiles">Default ground tiles</h4>
<p>I added few default ground tiles to the scene, just for testing purposes but I left them there. These could be place programatically, but I was too lazy to change things. On the &ldquo;WorldTiles&rdquo; scene, while selecting the &ldquo;GroundTileMap&rdquo;, you can select the tiles you want to paint with, and left click in the grid to paint with the selected tile. Need to place tiles from <code>(-8, 7)</code> to <code>(10, 7)</code> as well as the tile below with the filler ground (the tile position/coordinates show at the bottom left, refer to the image below):</p>
<figure id="__yafg-figure-20">
<img alt="Scene - WorldTiles - Default ground tiles" src="images/g/flappybird_godot/world_tiles_default_tiles.png" title="Scene - WorldTiles - Default ground tiles">
<figcaption>Scene - WorldTiles - Default ground tiles</figcaption>
</figure>
<h3 id="player">Player</h3>
<p>On a new scene called &ldquo;Player&rdquo; with a <em>KinematicBody2D</em> node named &ldquo;Player&rdquo; as the root of the scene, then for the children: <em>AnimatedSprite</em> as &ldquo;Sprite&rdquo;, <em>CollisionShape2D</em> as &ldquo;Collision&rdquo; (with a circle shape) and 3 <em>AudioStreamPlayers</em> for &ldquo;JumpSound&rdquo;, &ldquo;DeadSound&rdquo; and &ldquo;HitSound&rdquo;. Not sure if it&rsquo;s a good practice to have the audio here, since I did that at the end, pretty lazy. Then, attach a script to the &ldquo;Player&rdquo; node and then it should look like this:</p>
<figure id="__yafg-figure-21">
<img alt="Scene - Player - Node setup" src="images/g/flappybird_godot/scene_player_node_setup.png" title="Scene - Player - Node setup">
<figcaption>Scene - Player - Node setup</figcaption>
</figure>
<p>Select the &ldquo;Player&rdquo; node and set the <em>CollisionShape2D/Collision/Layer</em> to 1 and the <em>CollisionObject2D/Collision/Mask</em> to 2 and 3 (ground and pipe).</p>
<p>For the &ldquo;Sprite&rdquo; node, when selecting it click on the &ldquo;(empty)&rdquo; for the <em>AnimatedSprite/Frames</em> property and click &ldquo;New SpriteFrames&rdquo;, click again where the &ldquo;(empty)&rdquo; used to be and ane window should open on the bottom:</p>
<figure id="__yafg-figure-22">
<img alt="Scene - Player - SpriteFrames window" src="images/g/flappybird_godot/scene_player_spriteframes_window.png" title="Scene - Player - SpriteFrames window">
<figcaption>Scene - Player - SpriteFrames window</figcaption>
</figure>
<p>Right off the bat, set the &ldquo;Speed&rdquo; to <code>10 FPS</code> (bottom left) and rename &ldquo;default&rdquo; to &ldquo;bird_1&rdquo;. With the &ldquo;bird_1&rdquo; selected, click on the &ldquo;Add frames from a Sprite Sheet&rdquo;, which is the second button under &ldquo;Animation Frames:&rdquo; which looks has an icon of a small grid (next to the folder icon), a new window will popup where you need to select the respective sprite sheet to use and configure it for importing. On the &ldquo;Select Frames&rdquo; window, change the &ldquo;Vertical&rdquo; to 1, and then select all 4 frames (<em>Ctrl + Scroll</em> wheel to zoom in):</p>
<figure id="__yafg-figure-23">
<img alt="Scene - Player - Sprite sheet importer" src="images/g/flappybird_godot/scene_player_sprite_sheet_importer.png" title="Scene - Player - Sprite sheet importer">
<figcaption>Scene - Player - Sprite sheet importer</figcaption>
</figure>
<p>After that, the <em>SpriteFrames</em> window should look like this:</p>
<figure id="__yafg-figure-24">
<img alt="Scene - Player - SpriteFrames window with sprite sheet configured" src="images/g/flappybird_godot/scene_player_spriteframes_window_with_sprite_sheet.png" title="Scene - Player - SpriteFrames window with sprite sheet configured">
<figcaption>Scene - Player - SpriteFrames window with sprite sheet configured</figcaption>
</figure>
<p>Finally, make sure the &ldquo;Sprite&rdquo; node has the <em>AnimatedSprite/Animation</em> is set to &ldquo;bird_1&rdquo; and that the &ldquo;Collision&rdquo; node is configured correctly for its size and position (I just have it as a radius of 7). As well as dropping the SFX files into the corresponding <em>AudioStreamPlayer</em> (into the <em>AudioStreamPlayer/Stream</em> property).</p>
<h3 id="other">Other</h3>
<p>These are really simple scenes that don&rsquo;t require much setup:</p>
<ul>
<li>&ldquo;CeilingDetector&rdquo;: just an <em>Area2D</em> node with a <em>CollisionShape2D</em> in the form of a rectangle (<em>CollisionShape2D/Shape/extents</em> to <code>(120, 10)</code>), stretched horizontally so it fits the whole screen. <em>CollisionObject2D/Collision/Layer</em> set to <code>bit 4</code> (ceiling) and <em>CollisionObject2D/Collision/Mask</em> set to bit 1 (player).</li>
<li>&ldquo;ScoreDetector&rdquo;: similar to the &ldquo;CeilingDetector&rdquo;, but vertical (<em>CollisionShape2D/Shape/extents</em> to <code>(2.5, 128)</code>) and <em>CollisionObject2D/Collision/Layer</em> set to <code>bit 1</code> (player).</li>
<li>&ldquo;WorldDetector&rdquo;: <em>Node2D</em> with a script attached, and 3 <em>RayCast2D</em> as children:<ul>
<li>&ldquo;NewTile&rdquo;: <em>Raycast2D/Enabled</em> to true (checked), <em>Raycast2D/Cast To</em> <code>(0, 400)</code>, <em>Raycast2D/Collision Mask</em> to <code>bit 2</code> (ground) and <em>Node2D/Transform/Position</em> to <code>(152, -200)</code></li>
<li>&ldquo;OldTile&rdquo;: same as &ldquo;NewTile&rdquo;, except for the <em>Node2D/Transform/Position</em>, set it to <code>(-152, -200)</code>.</li>
<li>&ldquo;OldPipe&rdquo;: same as &ldquo;OldTile&rdquo;, except for the <em>Raycast2D/Collision Mask</em>, set it to <code>bit 3</code> (pipe).</li>
</ul>
</li>
</ul>
<h3 id="game">Game</h3>
<p>This is the actual &ldquo;Game&rdquo; scene that holds all the playable stuff, here we will drop in all the previous scenes; the root node is a <em>Node2D</em> and also has an attached script. Also need to add 2 additional <em>AudioStreamPlayers</em> for the &ldquo;start&rdquo; and &ldquo;score&rdquo; sounds, as well as a <em>Sprite</em> for the background (<em>Sprite/Offset/Offset</em> set to <code>(0, 10)</code>) and a <em>Camera2D</em> (<em>Camera2D/Current</em> set to true (checked)). It should look something like this:</p>
<figure id="__yafg-figure-25">
<img alt="Scene - Game - Node setup" src="images/g/flappybird_godot/scene_game_node_setup.png" title="Scene - Game - Node setup">
<figcaption>Scene - Game - Node setup</figcaption>
</figure>
<p>The scene viewport should look something like the following:</p>
<figure id="__yafg-figure-26">
<img alt="Scene - Game - Viewport" src="images/g/flappybird_godot/scene_game_viewport.png" title="Scene - Game - Viewport">
<figcaption>Scene - Game - Viewport</figcaption>
</figure>
<h3 id="ui">UI</h3>
<h4 id="fonts">Fonts</h4>
<p>We need some font &ldquo;Resources&rdquo; to style the <em>Label</em> fonts. Under the <em>FileSystem</em> window, right click on the fonts directory (create one if needed) and click on &ldquo;New Resource&hellip;&rdquo; and select <em>DynamicFontData</em>, save it in the &ldquo;fonts&rdquo; directory as &ldquo;SilverDynamicFontData.tres&rdquo; (&ldquo;Silver&rdquo; as it is the font I&rsquo;m using) then double click the just created resource and set the <em>DynamicFontData/Font Path</em> to the actual &ldquo;Silver.ttf&rdquo; font (or whatever you want).</p>
<p>Then create a new resource and this time select <em>DynamicFont</em>, name it &ldquo;SilverDynamicFont.tres&rdquo;, then double click to edit and add the &ldquo;SilverDynamicFontData.tres&rdquo; to the <em>DynamicFont/Font/Font Data</em> property (and I personally toggled off the <em>DynamicFont/Font/Antialiased</em> property), now just set the <em>DynamicFont/Settings/(Size, Outline Size, Outline Color)</em> to 32, 1 and black, respectively (or any other values you want). It should look something like this:</p>
<figure id="__yafg-figure-27">
<img alt="Resource - DynamicFont - Default font" src="images/g/flappybird_godot/resource_dynamic_font.png" title="Resource - DynamicFont - Default font">
<figcaption>Resource - DynamicFont - Default font</figcaption>
</figure>
<p>Do the same for another <em>DynamicFont</em> which will be used for the score label, named &ldquo;SilverScoreDynamicFont.tres&rdquo;. Only changes are <em>Dynamic/Settings/(Size, Outline Size)</em> which are set to 128 and 2, respectively. The final files for the fonts should look something like this:</p>
<figure id="__yafg-figure-28">
<img alt="Resource - Dynamicfont - Directory structure" src="images/g/flappybird_godot/resource_dynamic_font_directory_structure.png" title="Resource - Dynamicfont - Directory structure">
<figcaption>Resource - Dynamicfont - Directory structure</figcaption>
</figure>
<h4 id="scene-setup">Scene setup</h4>
<p>This has a bunch of nested nodes, so I&rsquo;ll try to be concise here. The root node is a <em>CanvasLayer</em> named &ldquo;UI&rdquo; with its own script attached, and for the children:</p>
<ul>
<li>&ldquo;MarginContainer&rdquo;: <em>MarginContainer</em> with <em>Control/Margin/(Left, Top)</em> set to <code>10</code> and <em>Control/Margin/(Right, Bottom)</em> set to <code>-10</code>.<ul>
<li>&ldquo;InfoContainer&rdquo;: <em>VBoxContainer</em> with <em>Control/Theme Overrides/Constants/Separation</em> set to <code>250</code>.<ul>
<li>&ldquo;ScoreContainer&rdquo;: <em>VBoxContainer</em>.<ul>
<li>&ldquo;Score&rdquo;: <em>Label</em> with <em>Label/Align</em> set to &ldquo;Center&rdquo;, <em>Control/Theme Overrides/Fonts/Font</em> to the &ldquo;SilverScoreDynamicFont.tres&rdquo;, if needed adjust the <em>DynamicFont</em> settings.</li>
<li>&ldquo;HighScore: same as &ldquo;Score&rdquo;, escept for the <em>Control/Theme Overrides/Fonts/Font</em> which is set to &ldquo;SilverDynamicFont.tres&rdquo;.</li>
</ul>
</li>
<li>&ldquo;StartGame&rdquo;: Same as &ldquo;HighScore&rdquo;.</li>
</ul>
</li>
<li>&ldquo;DebugContainer&rdquo;: <em>VBoxContainer</em>.<ul>
<li>&ldquo;FPS&rdquo;: <em>Label</em>.</li>
</ul>
</li>
<li>&ldquo;VersionContainer&rdquo;: <em>VBoxContainer</em> with <em>BoxContainer/Alignment</em> set to &ldquo;Begin&rdquo;.<ul>
<li>&ldquo;Version&rdquo;: <em>Label</em> with <em>Label/Align</em> set to &ldquo;Right&rdquo;.</li>
</ul>
</li>
</ul>
</li>
</ul>
<p>The scene ends up looking like this:</p>
<figure id="__yafg-figure-29">
<img alt="Scene - UI - Node setup" src="images/g/flappybird_godot/scene_ui.png" title="Scene - UI - Node setup">
<figcaption>Scene - UI - Node setup</figcaption>
</figure>
<h3 id="main">Main</h3>
<p>This is the final scene where we connect the Game and the UI. It&rsquo;s made of a <em>Node2D</em> with it&rsquo;s own script attached and an instance of &ldquo;Game&rdquo; and &ldquo;UI&rdquo; as it&rsquo;s children.</p>
<p>This is a good time to set the default scene when we run the game by going to <em>Project -&gt; Project settings&hellip; -&gt; General</em> and in <em>Application/Run</em> set the <em>Main Scene</em> to the &ldquo;Main.tscn&rdquo; scene.</p>
<h2 id="scripting">Scripting</h2>
<p>I&rsquo;m going to keep this scripting part to the most basic code blocks, as it&rsquo;s too much code, for a complete view you can head to the <a href="https://github.com/luevano/flappybird_godot">source code</a>.</p>
<p>As of now, the game itself doesn&rsquo;t do anything if we hit play. The first thing to do so we have something going on is to do the minimal player scripting.</p>
<h3 id="player_1">Player</h3>
<p>The most basic code needed so the bird goes up and down is to just detect &ldquo;jump&rdquo; key presses and add a negative jump velocity so it goes up (<code>y</code> coordinate is reversed in godot&hellip;), we also check the velocity sign of the <code>y</code> coordinate to decide if the animation is playing or not.</p>
<pre><code class="language-gdscript">class_name Player
extends KinematicBody2D

export(float, 1.0, 1000.0, 1.0) var JUMP_VELOCITY: float = 380.0

onready var sprite: AnimatedSprite = $Sprite

var gravity: float = 10 * ProjectSettings.get_setting(&quot;physics/2d/default_gravity&quot;)
var velocity: Vector2 = Vector2.ZERO


func _physics_process(delta: float) -&gt; void:
    velocity.y += gravity * delta

    if Input.is_action_just_pressed(&quot;jump&quot;):
        velocity.y = -JUMP_VELOCITY

    if velocity.y &lt; 0.0:
        sprite.play()
    else:
        sprite.stop()

    velocity = move_and_slide(velocity)
</code></pre>
<p>You can play it now and you should be able to jump up and down, and the bird should stop on the ground (although you can keep jumping). One thing to notice is that when doing <code>sprite.stop()</code> it stays on the last frame, we can fix that using the code below (and then change <code>sprite.stop()</code> for <code>_stop_sprite()</code>):</p>
<pre><code class="language-gdscript">func _stop_sprite() -&gt; void:
    if sprite.playing:
        sprite.stop()
    if sprite.frame != 0:
        sprite.frame = 0
</code></pre>
<p>Where we just check that the last frame has to be the frame 0.</p>
<p>Now just a matter of adding other needed code for moving horizontally, add sound by getting a reference to the <em>AudioStreamPlayers</em> and doing <code>sound.play()</code> when needed, as well as handling death scenarios by adding a <code>signal died</code> at the beginning of the script and handle any type of death scenario using the below function:</p>
<pre><code class="language-gdscript">func _emit_player_died() -&gt; void:
    # bit 2 corresponds to pipe (starts from 0)
    set_collision_mask_bit(2, false)
    dead = true
    SPEED = 0.0
    emit_signal(&quot;died&quot;)
    # play the sounds after, because yield will take a bit of time,
    # this way the camera stops when the player &quot;dies&quot;
    velocity.y = -DEATH_JUMP_VELOCITY
    velocity = move_and_slide(velocity)
    hit_sound.play()
    yield(hit_sound, &quot;finished&quot;)
    dead_sound.play()
</code></pre>
<p>Finally need to add the actual checks for when the player dies (like collision with ground or pipe) as well as a function that listens to a signal for when the player goes to the ceiling.</p>
<h3 id="worlddetector">WorldDetector</h3>
<p>The code is pretty simple, we just need a way of detecting if we ran out of ground and send a signal, as well as sending as signal when we start detecting ground/pipes behind us (to remove it) because the world is being generated as we move. The most basic functions needed are:</p>
<pre><code class="language-gdscript">func _was_colliding(detector: RayCast2D, flag: bool, signal_name: String) -&gt; bool:
    if detector.is_colliding():
        return true
    if flag:
        emit_signal(signal_name)
        return false
    return true


func _now_colliding(detector: RayCast2D, flag: bool, signal_name: String) -&gt; bool:
    if detector.is_colliding():
        if not flag:
            emit_signal(signal_name)
            return true
    return false
</code></pre>
<p>We need to keep track of 3 &ldquo;flags&rdquo;: <code>ground_was_colliding</code>, <code>ground_now_colliding</code> and <code>pipe_now_colliding</code> (and their respective signals), which are going to be used to do the checks inside <code>_physics_process</code>. For example for checking for new ground: <code>ground_now_colliding = _now_colliding(old_ground, ground_now_colliding, "ground_started_colliding")</code>.</p>
<h3 id="worldtiles">WorldTiles</h3>
<p>This script is what handles the &ldquo;GroundTileMap&rdquo; as well as the &ldquo;PipeTileMap&rdquo; and just basically functions as a &ldquo;Signal bus&rdquo; connecting a bunch of signals from the &ldquo;WorldDetector&rdquo; with the <em>TileMaps</em> and just tracking how many pipes have been placed:</p>
<pre><code class="language-gdscript">export(int, 2, 20, 2) var PIPE_SEP: int = 6
var tiles_since_last_pipe: int = PIPE_SEP - 1


func _on_WorldDetector_ground_stopped_colliding() -&gt; void:
    emit_signal(&quot;place_ground&quot;)

    tiles_since_last_pipe += 1
    if tiles_since_last_pipe == PIPE_SEP:
        emit_signal(&quot;place_pipe&quot;)
        tiles_since_last_pipe = 0


func _on_WorldDetector_ground_started_colliding() -&gt; void:
    emit_signal(&quot;remove_ground&quot;)


func _on_WorldDetector_pipe_started_colliding() -&gt; void:
    emit_signal(&quot;remove_pipe&quot;)
</code></pre>
<h4 id="groundtilemap">GroundTileMap</h4>
<p>This is the node that actually places the ground tiles upong receiving a signal. In general, what you want is to keep track of the newest tile that you need to place (empty spot) as well as the last tile that is in the tilemap (technically the first one if you count from left to right). I was experimenting with <code>enum</code>s so I used them to define the possible <code>Ground</code> tiles:</p>
<pre><code class="language-gdscript">enum Ground {
    TILE_1,
    TILE_2,
    TILE_3,
    TILE_DOWN_1,
}
</code></pre>
<p>This way you can just select the tile by doing <code>Ground.TILE_1</code>, which will correspond to the <code>int</code> value of <code>0</code>. So most of the code is just:</p>
<pre><code class="language-gdscript"># old_tile is the actual first tile, whereas the new_tile_position
#   is the the next empty tile; these also correspond to the top tile
const _ground_level: int = 7
const _initial_old_tile_x: int = -8
const _initial_new_tile_x: int = 11
var old_tile_position: Vector2 = Vector2(_initial_old_tile_x, _ground_level)
var new_tile_position: Vector2 = Vector2(_initial_new_tile_x, _ground_level)


func _place_new_ground() -&gt; void:
    set_cellv(new_tile_position, _get_random_ground())
    set_cellv(new_tile_position + Vector2.DOWN, Ground.TILE_DOWN_1)
    new_tile_position += Vector2.RIGHT


func _remove_first_ground() -&gt; void:
    set_cellv(old_tile_position, -1)
    set_cellv(old_tile_position + Vector2.DOWN, -1)
    old_tile_position += Vector2.RIGHT
</code></pre>
<p>Where you might notice that the <code>_initial_new_tile_x</code> is <code>11</code>, instead of <code>10</code>, refer to <a href="#default-ground-tiles">Default ground tiles</a> where we placed tiles from <code>-8</code> to <code>10</code>, so the next empty one is <code>11</code>. These <code>_place_new_ground</code> and <code>_remove_first_ground</code> functions are called upon receiving the signal.</p>
<h4 id="pipetilemap">PipeTileMap</h4>
<p>This is really similar to the &ldquo;GroundTileMap&rdquo; code, instead of defining an <code>enum</code> for the ground tiles, we define it for the pipe patterns (because each pipe is composed of multiple pipe tiles). If your pipe tile set looks like this (notice the index):</p>
<figure id="__yafg-figure-30">
<img alt="PipeTileMap - Tile set indexes" src="images/g/flappybird_godot/tile_set_pipes_indexes.png" title="PipeTileMap - Tile set indexes">
<figcaption>PipeTileMap - Tile set indexes</figcaption>
</figure>
<p>Then you can use the following &ldquo;pipe patterns&rdquo;:</p>
<pre><code class="language-gdscript">var pipe: Dictionary = {
    PipePattern.PIPE_1: [0, 1, 2, 2, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2],
    PipePattern.PIPE_2: [0, 1, 2, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2],
    PipePattern.PIPE_3: [0, 1, 2, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2],
    PipePattern.PIPE_4: [0, 1, 2, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2],
    PipePattern.PIPE_5: [0, 1, 2, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2, 2],
    PipePattern.PIPE_6: [0, 1, 2, 3, 4, -1, -1, -1, 0, 1, 2, 2, 2, 2, 2, 2]
}
</code></pre>
<p>Now, the pipe system requires a bit more of tracking as we need to instantiate a &ldquo;ScoreDetector&rdquo; here, too. I ended up keeping track of the placed pipes/detectors by using a &ldquo;pipe stack&rdquo; (and &ldquo;detector stack&rdquo;) which is just an array of placed objects from which I pop the first when deleting them:</p>
<pre><code class="language-gdscript">onready var _pipe_sep: int = get_parent().PIPE_SEP
const _pipe_size: int = 16
const _ground_level: int = 7
const _pipe_level_y: int = _ground_level - 1
const _initial_new_pipe_x: int = 11
var new_pipe_starting_position: Vector2 = Vector2(_initial_new_pipe_x, _pipe_level_y)
var pipe_stack: Array

# don't specify type for game, as it results in cyclic dependency,
# as stated here: https://godotengine.org/qa/39973/cyclic-dependency-error-between-actor-and-actor-controller
onready var game = get_parent().get_parent()
var detector_scene: PackedScene = preload(&quot;res://levels/detectors/score_detector/ScoreDetector.tscn&quot;)
var detector_offset: Vector2 = Vector2(16.0, -(_pipe_size / 2.0) * 16.0)
var detector_stack: Array
</code></pre>
<p>The <code>detector_offset</code> is just me being picky. For placing a new pipe, we get the starting position (bottom pipe tile) and build upwards, then instantiate a new &ldquo;ScoreDetector&rdquo; (<code>detector_scene</code>) and set it&rsquo;s position to the pipe starting position plus the offset, so it&rsquo;s centered in the pipe, then just need to connect the &ldquo;body_entered&rdquo; signal from the detector with the game, so we keep track of the scoring. Finally just add the placed pipe and detector to their corresponding stacks:</p>
<pre><code class="language-gdscript">func _place_new_pipe() -&gt; void:
    var current_pipe: Vector2 = new_pipe_starting_position
    for tile in pipe[_get_random_pipe()]:
        set_cellv(current_pipe, tile)
        current_pipe += Vector2.UP

    var detector: Area2D = detector_scene.instance()
    detector.position = map_to_world(new_pipe_starting_position) + detector_offset
    detector.connect(&quot;body_entered&quot;, game, &quot;_on_ScoreDetector_body_entered&quot;)
    detector_stack.append(detector)
    add_child(detector)

    pipe_stack.append(new_pipe_starting_position)
    new_pipe_starting_position += _pipe_sep * Vector2.RIGHT
</code></pre>
<p>For removing pipes, it&rsquo;s really similar but instead of getting the position from the next tile, we pop the first element from the (pipe/detector) stack and work with that. To remove the cells we just set the index to <code>-1</code>:</p>
<pre><code class="language-gdscript">func _remove_old_pipe() -&gt; void:
    var current_pipe: Vector2 = pipe_stack.pop_front()
    var c: int = 0
    while c &lt; _pipe_size:
        set_cellv(current_pipe, -1)
        current_pipe += Vector2.UP
        c += 1

    var detector: Area2D = detector_stack.pop_front()
    remove_child(detector)
    detector.queue_free()
</code></pre>
<p>These functions are called when receiving the signal to place/remove pipes.</p>
<h3 id="saved-data">Saved data</h3>
<p>Before proceeding, we require a way to save/load data (for the high scores). We&rsquo;re going to use the <em>ConfigFile</em> node that uses a custom version of the &ldquo;ini&rdquo; file format. Need to define where to save the data:</p>
<pre><code class="language-gdscript">const DATA_PATH: String = &quot;user://data.cfg&quot;
const SCORE_SECTION: String = &quot;score&quot;
var _data: ConfigFile
</code></pre>
<p>Note that <code>user://</code> is a OS specific path in which the data can be stored on a per user basis, for more: <a href="https://docs.godotengine.org/en/stable/tutorials/io/data_paths.html">File paths</a>. Then, a way to load the save file:</p>
<pre><code class="language-gdscript">func _load_data() -&gt; void:
    # create an empty file if not present to avoid error while loading settings
    var file: File = File.new()
    if not file.file_exists(DATA_PATH):
        file.open(DATA_PATH, file.WRITE)
        file.close()

    _data = ConfigFile.new()
    var err: int = _data.load(DATA_PATH)
    if err != OK:
        print(&quot;[ERROR] Cannot load data.&quot;)
</code></pre>
<p>A way to save the data:</p>
<pre><code class="language-gdscript">func save_data() -&gt; void:
    var err: int = _data.save(DATA_PATH)
    if err != OK:
        print(&quot;[ERROR] Cannot save data.&quot;)
</code></pre>
<p>And of course, a way to get and set the high score:</p>
<pre><code class="language-gdscript">func set_new_high_score(high_score: int) -&gt; void:
    _data.set_value(SCORE_SECTION, &quot;high_score&quot;, high_score)


func get_high_score() -&gt; int:
    return _data.get_value(SCORE_SECTION, &quot;high_score&quot;)
</code></pre>
<p>Then, whenever this script is loaded we load the data and if it&rsquo;s a new file, then add the default high score of 0:</p>
<pre><code class="language-gdscript">func _ready() -&gt; void:
    _load_data()

    if not _data.has_section(SCORE_SECTION):
        set_new_high_score(0)
        save_data()
</code></pre>
<p>Now, this script in particular will need to be a <a href="https://docs.godotengine.org/en/stable/tutorials/scripting/singletons_autoload.html">Singleton (AutoLoad)</a>, which means that there will be only one instance and will be available across all scripts. To do so, go to <em>Project -&gt; Project settings&hellip; -&gt; AutoLoad</em> and select this script in the &ldquo;Path:&rdquo; and add a &ldquo;Node Name:&rdquo; (I used &ldquo;SavedData&rdquo;, if you use something else, be careful while following this devlog) which will be the name we&rsquo;ll use to access the singleton. Toggle on &ldquo;Enable&rdquo; if needed, it should look like this:</p>
<figure id="__yafg-figure-31">
<img alt="Project settings - AutoLoad - SavedData singleton" src="images/g/flappybird_godot/project_settings_autoload_saved_data.png" title="Project settings - AutoLoad - SavedData singleton">
<figcaption>Project settings - AutoLoad - SavedData singleton</figcaption>
</figure>
<h3 id="game_1">Game</h3>
<p>The game script it&rsquo;s also like a &ldquo;Signal bus&rdquo; in the sense that it connects all its childs&rsquo; signals together, and also has the job of starting/stopping the <code>_process</code> and <code>_physics_process</code> methods from the childs as needed. First, we need to define the signals and and references to all child nodes:</p>
<pre><code class="language-gdscript">signal game_started
signal game_over
signal new_score(score, high_score)

onready var player: Player = $Player
onready var background: Sprite= $Background
onready var world_tiles: WorldTiles = $WorldTiles
onready var ceiling_detector: Area2D = $CeilingDetector
onready var world_detector: Node2D = $WorldDetector
onready var camera: Camera2D = $Camera
onready var start_sound: AudioStreamPlayer = $StartSound
onready var score_sound: AudioStreamPlayer = $ScoreSound
</code></pre>
<p>It&rsquo;s important to get the actual &ldquo;player speed&rdquo;, as we&rsquo;re using a scale to make the game look bigger (remember, pixel art), to do so we need a reference to the &ldquo;game_scale&rdquo; we setup at the beginning and compute the <code>player_speed</code>:</p>
<pre><code class="language-gdscript">var _game_scale: float = ProjectSettings.get_setting(&quot;application/config/game_scale&quot;)
var player_speed: float


func _ready() -&gt; void:
    scale = Vector2(_game_scale, _game_scale)
    # so we move at the actual speed of the player
    player_speed = player.SPEED / _game_scale
</code></pre>
<p>This <code>player_speed</code> will be needed as we need to move all the nodes (&ldquo;Background&rdquo;, &ldquo;Camera&rdquo;, etc.) in the <code>x</code> axis as the player is moving. This is done in the <code>_physics_process</code>:</p>
<pre><code class="language-gdscript">func _physics_process(delta: float) -&gt; void:
    ceiling_detector.move_local_x(player_speed * delta)
    world_detector.move_local_x(player_speed * delta)
    background.move_local_x(player_speed * delta)
    camera.move_local_x(player_speed * delta)
</code></pre>
<p>We also need a way to start and stop the processing of all the nodes:</p>
<pre><code class="language-gdscript">func _set_processing_to(on_off: bool, include_player: bool = true) -&gt; void:
    set_process(on_off)
    set_physics_process(on_off)
    if include_player:
        player.set_process(on_off)
        player.set_physics_process(on_off)
    world_tiles.set_process(on_off)
    world_tiles.set_physics_process(on_off)
    ceiling_detector.set_process(on_off)
    ceiling_detector.set_physics_process(on_off)
</code></pre>
<p>Where the <code>player</code> is a special case, as when the player dies, it should still move (only down), else it would just freeze in place. In <code>_ready</code> we connect all the necessary signals as well as initially set the processing to <code>false</code> using the last function. To start/restart the game we need to keep a flag called <code>is_game_running</code> initially set to <code>false</code> and then handle the (re)startability in <code>_input</code>:</p>
<pre><code class="language-gdscript">func _input(event: InputEvent) -&gt; void:
    if not is_game_running and event.is_action_pressed(&quot;jump&quot;):
        _set_processing_to(true)
        is_game_running = true
        emit_signal(&quot;game_started&quot;)
        start_sound.play()

    if event.is_action_pressed(&quot;restart&quot;):
        get_tree().reload_current_scene()
</code></pre>
<p>Then we handle two specific signals:</p>
<pre><code class="language-gdscript">func _on_Player_died() -&gt; void:
    _set_processing_to(false, false)
    emit_signal(&quot;game_over&quot;)


func _on_ScoreDetector_body_entered(body: Node2D) -&gt; void:
    score += 1
    if score &gt; high_score:
        high_score = score
        SavedData.set_new_high_score(high_score)
        SavedData.save_data()
    emit_signal(&quot;new_score&quot;, score, high_score)
    score_sound.play()
</code></pre>
<p>When the <code>player</code> dies, we set all processing to <code>false</code>, except for the player itself (so it can drop all the way to the ground). Also, when receiving a &ldquo;scoring&rdquo; signal, we manage the current score, as well as saving the new high score when applicable, note that we need to read the <code>high_score</code> at the beginning by calling <code>SavedData.get_high_score()</code>. This signal we emit will be received by the UI so it updates accordingly.</p>
<h3 id="ui_1">UI</h3>
<p>First thing is to get a reference to all the child <em>Labels</em>, an initial reference to the high score as well as the version defined in the project settings:</p>
<pre><code class="language-gdscript">onready var fps_label: Label = $MarginContainer/DebugContainer/FPS
onready var version_label: Label = $MarginContainer/VersionContainer/Version
onready var score_label: Label = $MarginContainer/InfoContainer/ScoreContainer/Score
onready var high_score_label: Label = $MarginContainer/InfoContainer/ScoreContainer/HighScore
onready var start_game_label: Label = $MarginContainer/InfoContainer/StartGame

onready var _initial_high_score: int = SavedData.get_high_score()

var _version: String = ProjectSettings.get_setting(&quot;application/config/version&quot;)
</code></pre>
<p>Then set the initial <em>Label</em> values as well as making the <code>fps_label</code> invisible:</p>
<pre><code class="language-gdscript">func _ready() -&gt; void:
    fps_label.visible = false
    version_label.set_text(&quot;v%s&quot; % _version)
    high_score_label.set_text(&quot;High score: %s&quot; % _initial_high_score)
</code></pre>
<p>Now we need to handle the <code>fps_label</code> update and toggle:</p>
<pre><code class="language-gdscript">func _input(event: InputEvent) -&gt; void:
    if event.is_action_pressed(&quot;toggle_debug&quot;):
        fps_label.visible = !fps_label.visible


func _process(delta: float) -&gt; void:
    if fps_label.visible:
        fps_label.set_text(&quot;FPS: %d&quot; % Performance.get_monitor(Performance.TIME_FPS))
</code></pre>
<p>Finally the signal receiver handlers which are straight forward:</p>
<pre><code class="language-gdscript">func _on_Game_game_started() -&gt; void:
    start_game_label.visible = false
    high_score_label.visible = false


func _on_Game_game_over() -&gt; void:
    start_game_label.set_text(&quot;Press R to restart&quot;)
    start_game_label.visible = true
    high_score_label.visible = true


func _on_Game_new_score(score: int, high_score: int) -&gt; void:
    score_label.set_text(String(score))
    high_score_label.set_text(&quot;High score: %s&quot; % high_score)
</code></pre>
<h3 id="main_1">Main</h3>
<p>This is the shortest script, it just connects the signals between the &ldquo;Game&rdquo; and the &ldquo;UI&rdquo;:</p>
<pre><code class="language-gdscript">onready var game: Game = $Game
onready var ui: UI = $UI

var _game_over: bool = false


func _ready() -&gt; void:
    game.connect(&quot;game_started&quot;, ui, &quot;_on_Game_game_started&quot;)
    game.connect(&quot;game_over&quot;, ui, &quot;_on_Game_game_over&quot;)
    game.connect(&quot;new_score&quot;, ui, &quot;_on_Game_new_score&quot;)
</code></pre>
<h2 id="final-notes-and-exporting">Final notes and exporting</h2>
<p>At this point the game should be fully playable (if any detail missing feel free to look into the source code linked at the beginning). Only thing missing is an icon for the game; I did one pretty quicly with the assets I had.</p>
<h3 id="preparing-the-files">Preparing the files</h3>
<p>If you followed the directory structure I used, then only thing needed is to transform the icon to a native Windows <code>ico</code> format (if exporting to Windows, else ignore this part). For this you need <a href="https://imagemagick.org/index.php">ImageMagick</a> or some other program that can transform <code>png</code> (or whatever file format you used for the icon) to <code>ico</code>. I used [Chocolatey][https://chocolatey.org/] to install <code>imagemagick</code>, then to convert the icon itself used: <code>magick convert icon.png -define icon:auto-resize=256,128,64,48,32,16 icon.ico</code> as detailed in <em>Godot</em>&lsquo;s <a href="https://docs.godotengine.org/en/stable/tutorials/export/changing_application_icon_for_windows.html">Changing application icon for Windows</a>.</p>
<h3 id="exporting">Exporting</h3>
<p>You need to download the templates for exporting as detailed in <em>Godot</em>&lsquo;s <a href="https://docs.godotengine.org/en/stable/tutorials/export/exporting_projects.html">Exporting projects</a>. Basically you go to <em>Editor -&gt; Manage Export Templates&hellip;</em> and download the latest one specific to your <em>Godot</em> version by clicking on &ldquo;Download and Install&rdquo;.</p>
<p>If exporting for Windows then you also need to download <code>rcedit</code> from <a href="https://github.com/electron/rcedit/releases/latest">here</a>. Just place it wherever you want (I put it next to the <em>Godot</em> executable).</p>
<p>Then go to <em>Project -&gt; Export&hellip;</em> and the Window should be empty, add a new template by clicking on &ldquo;Add&hellip;&rdquo; at the top and then select the template you want. I used HTML5, Windows Desktop and Linux/X11. Really the only thing you need to set is the &ldquo;Export Path&rdquo; for each template, which is te location of where the executable will be written to, and in the case of the Windows Desktop template you could also setup stuff like &ldquo;Company Name&rdquo;, &ldquo;Product Name&rdquo;, &ldquo;File/Product Version&rdquo;, etc..</p>
<p>Once the templates are setup, select any and click on &ldquo;Export Project&rdquo; at the bottom, and make sure to untoggle &ldquo;Export With Debug&rdquo; in the window that pops up, this checkbox should be at the bottom of the new window.</p>]]></content:encoded>
    </item>
    <item>
      <title>General Godot project structure</title>
      <link>https://blog.luevano.xyz/g/godot_project_structure.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/g/godot_project_structure.html</guid>
      <pubDate>Sun, 22 May 2022 01:16:10 GMT</pubDate>
      <category>English</category>
      <category>Gamedev</category>
      <category>Short</category>
      <description>Details on the project structure I'm using for Godot, based on preference and some research I did.</description>
      <content:encoded><![CDATA[<p>One of my first issues when starting a project is how to structure everything. So I had to spend some time researching best practices and go with what I like the most and after trying some of them I wanted to write down somewhere what I&rsquo;m sticking with.</p>
<p>The first place to look for is, of course, the official <em>Godot</em> documentation on <a href="https://docs.godotengine.org/en/stable/tutorials/best_practices/project_organization.html">Project organization</a>; along with project structure discussion, also comes with best practices for code style and what-not. I don&rsquo;t like this project/directory structure that much, just because it tells you to bundle everything under the same directory but it&rsquo;s a really good starting point, for example it tells you to use:</p>
<ul>
<li>/models/town/house/<ul>
<li>house.dae</li>
<li>window.png</li>
<li>door.png</li>
</ul>
</li>
</ul>
<p>Where I would prefer to have more modularity, for example:</p>
<ul>
<li>/levels/structures/town/house (or /levels/town/structures/house)<ul>
<li>window/<ul>
<li>window.x</li>
<li>window.y</li>
<li>window.z</li>
</ul>
</li>
<li>door/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>house.x</li>
<li>house.y</li>
<li>house.z</li>
</ul>
</li>
</ul>
<p>It might look like it&rsquo;s more work, but I prefer it like this. I wish <a href="https://www.braindead.bzh/entry/creating-a-game-with-godot-engine-ep-2-project-organization">this site</a> was still available, as I got most of my ideas from there and was a pretty good resource, but apparently the owner is not maintaining his site anymore; but there is <a href="https://www.reddit.com/r/godot/comments/7786ee/comment/dojuzuf/?utm_source=share&amp;utm_medium=web2x&amp;context=3">this excelent comment on reddit</a> which shows a project/directory structure more in line with what I&rsquo;m currently using (and similr to the site that is down that I liked). I ended up with:</p>
<ul>
<li>/.git</li>
<li>/assets (raw assets/editable assets/asset packs)</li>
<li>/releases (executables ready to publish)</li>
<li>/src (the actual godot project)<ul>
<li>.godot/</li>
<li>actors/ (or entities)<ul>
<li>player/<ul>
<li>sprites/</li>
<li>player.x</li>
<li>&hellip;</li>
</ul>
</li>
<li>enemy/ (this could be a dir with subdirectories for each type of enemy for example&hellip;)<ul>
<li>sprites/</li>
<li>enemy.x</li>
<li>&hellip;</li>
</ul>
</li>
<li>actor.x</li>
<li>&hellip;</li>
</ul>
</li>
<li>levels/ (or scenes)<ul>
<li>common/<ul>
<li>sprites/</li>
<li>&hellip;</li>
</ul>
</li>
<li>main/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>overworld/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>dugeon/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>Game.tscn (I&rsquo;m considering the &ldquo;Game&rdquo; as a level/scene)</li>
<li>game.gd</li>
</ul>
</li>
<li>objects/<ul>
<li>box/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>&hellip;</li>
</ul>
</li>
<li>screens/<ul>
<li>main_menu/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>&hellip;</li>
</ul>
</li>
<li>globals/ (singletons/autoloads)</li>
<li>ui/<ul>
<li>menus/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>&hellip;</li>
</ul>
</li>
<li>sfx/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>vfx/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>etc/<ul>
<li>&hellip;</li>
</ul>
</li>
<li>Main.tscn (the entry point of the game)</li>
<li>main.gd</li>
<li>icon.png (could also be on a separate &ldquo;icons&rdquo; directory)</li>
<li>project.godot</li>
<li>&hellip;</li>
</ul>
</li>
<li>\&lt;any other repository related files></li>
</ul>
<p>And so on, I hope the idea is clear. I&rsquo;ll probably change my mind on the long run, but for now this has been working fine.</p>]]></content:encoded>
    </item>
    <item>
      <title>Will start blogging about gamedev</title>
      <link>https://blog.luevano.xyz/g/starting_gamedev_blogging.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/g/starting_gamedev_blogging.html</guid>
      <pubDate>Tue, 17 May 2022 05:19:54 GMT</pubDate>
      <category>English</category>
      <category>Gamedev</category>
      <category>Short</category>
      <category>Update</category>
      <description>Since I'm starting to get more into gamedev stuff, I'll start blogging about it just to keep consistent.</description>
      <content:encoded><![CDATA[<p>I&rsquo;ve been wanting to get into gamedev for a while now, but it&rsquo;s always a pain to stay consistent. I just recently started to get into gamedev again, and this time I&rsquo;m trying to actually do stuff.</p>
<p>So, the plan is to blog about my progress and clone some simple games just to get started. I&rsquo;m thinking on sticking with <a href="https://godotengine.org/">Godot</a> just because I like that it&rsquo;s open source, it&rsquo;s getting better and better overtime (big rewrite happening right now) and I already like how the engine works. <del>Specifically I&rsquo;ll start using <em>Godot 4</em> even though it&rsquo;s not done yet, to get used to the new features, specifically pumped for <a href="https://godotengine.org/article/gdscript-progress-report-feature-complete-40">GDScript 2.0</a>.</del> <ins>Actually&hellip; (for the small clones/ripoffs) I&rsquo;ll need to use <em>Godot 3.X</em> (probably 3.5), as <em>Godot 4</em> doesn&rsquo;t have support to export to webassembly (HTML5) yet, and I want that to publish to <a href="https://itch.io/">itch.io</a> and my website. I&rsquo;ll continue to use <em>Godot 4</em> for bigger projects, as they will take longer and I hope that by the time I need to publish, there&rsquo;s no issues to export.</ins></p>
<p>For a moment I almost started a new subdomain just for gamedev stuff, but decided to just use a different directory for subtleness; this directory and use of tags should be enough. I&rsquo;ll be posting the entry about the first rip-off I&rsquo;m <em>developing</em> (FlappyBird L O L) shortly.</p>]]></content:encoded>
    </item>
    <item>
      <title>My setup for a password manager and MFA authenticator</title>
      <link>https://blog.luevano.xyz/a/password_manager_authenticator_setup.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/password_manager_authenticator_setup.html</guid>
      <pubDate>Sun, 15 May 2022 22:40:34 GMT</pubDate>
      <category>English</category>
      <category>Short</category>
      <category>Tools</category>
      <description>A short description on my personal setup regarding a password manager and alternatives to G\*\*gl\* authenticator.</description>
      <content:encoded><![CDATA[<p><strong>Disclaimer</strong>: I won&rsquo;t go into many technical details here of how to install/configure/use the software, this is just supposed to be a short description on my setup.</p>
<p>It&rsquo;s been a while since I started using a password manager at all, and I&rsquo;m happy that I started with <a href="https://keepassxc.org/">KeePassXC</a> (open source, multiplatform password manager that it&rsquo;s completely offline) as a direct recommendation from <a href="https://www.lmcj.xyz/">lm</a>; before this I was using the same password for everything (like a lot of people), which is a well know privacy issue as noted in detail by <a href="https://askleo.com/different-passwords-for-everything/">Leo</a> (I don&rsquo;t personally recommed LastPass as Leo does). Note that you will still need a <em>master password</em> to lock/unlock your password database (you can additionally use a hardware key and a key file).</p>
<p>Anyways, setting up <em>keepass</em> is pretty simple, as there is a client for almost any device; note that <em>keepass</em> is basically just the format and the base for all of the clients, as its common with pretty much any open source software. In my case I&rsquo;m using <a href="https://keepassxc.org/">KeePassXC</a> in my computer and <a href="https://www.keepassdx.com/">KeePassDX</a> in my phone (Android). The only concern is keeping everything in sync because <em>keepass</em> doesn&rsquo;t have any automatic method of synchronizing between devices because of security reasons (as far as I know), meaning that you have to manage that yourself.</p>
<p>Usually you can use something like G**gl* drive, dropbox, mega, nextcloud, or any other cloud solution that you like to sync your <em>keepass</em> database between devices; I personally prefer to use <a href="https://syncthing.net/">Syncthing</a> as it&rsquo;s open source, it&rsquo;s really easy to setup and has worked wonders for me since I started using it, also it keeps versions of your files that can serve as backups in any scenario where the database gets corrupted or something.</p>
<p>Finally, when I went through the issue with the micro SD and the <em>adoptable storage</em> bullshit (you can find the rant <a href="https://blog.luevano.xyz/a/devs_android_me_trozaron.html">here</a>, in spanish) I had to also migrate from <em>G**gl* authenticator</em> (<em>gauth</em>) to something else for the simple reason that <em>gauth</em> doesn&rsquo;t even let you do backups, nor it&rsquo;s synched with your account&hellip; nothing, it is just standalone and if you ever lose your phone you&rsquo;re fucked; so I decided to go with <a href="https://getaegis.app/">Aegis authenticator</a>, as it is open source, you have control over all your secret keys, you can do backups directly to the filesystem, you can secure your database with an extra password, etc., etc.. In general <em>aegis</em> is the superior MFA authenticator (at least compared with <em>gauth</em>) and everything that&rsquo;s compatible with <em>gauth</em> is compatible with <em>aegis</em> as the format is a standard (as a matter of fact, <em>keepass</em> also has this MFA feature which is called TOPT and is also compatible, but I prefer to have things separate). I also use <em>syncthing</em> to keep a backup of my <em>aegis</em> database.</p>
<p><strong>TL;DR</strong>:</p>
<ul>
<li><a href="https://syncthing.net/">Syncthing</a> to sync files between devices (for the password databases).</li>
<li><a href="https://keepassxc.org/">KeePassXC</a> for the password manager in my computer.</li>
<li><a href="https://www.keepassdx.com/">KeePassDX</a> for the password manager in my phone.</li>
<li><a href="https://getaegis.app/">Aegis authenticator</a> for the universal MFA authenticator.</li>
</ul>]]></content:encoded>
    </item>
    <item>
      <title>Los devs de Android/MIUI me trozaron</title>
      <link>https://blog.luevano.xyz/a/devs_android_me_trozaron.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/devs_android_me_trozaron.html</guid>
      <pubDate>Sun, 15 May 2022 09:51:04 GMT</pubDate>
      <category>Rant</category>
      <category>Spanish</category>
      <category>Update</category>
      <description>Perdí un día completo resolviendo un problema muy estúpido, por culpa de los devs de Android/MIUI.</description>
      <content:encoded><![CDATA[<p>Llevo dos semanas posponiendo esta entrada porque andaba bien enojado (todavía, pero ya se anda pasando) y me daba <em>zzz</em>. Pero bueno, antes que nada este pex ocupa un poco de contexto sobre dos cositas:</p>
<ul>
<li><a href="https://tachiyomi.org/">Tachiyomi</a>: Una aplicación de android que uso para descargar y leer manga. Lo importante aquí es que por default se guardan los mangas con cada página siendo una sola imagen, por lo que al mover el manga de un lado a otro tarda mucho tiempo.</li>
<li><a href="https://source.android.com/devices/storage/adoptable">Adoptable storage</a>: Un <em>feature</em> de android que básicamente te deja usar una micro SD (mSD) externa como si fuera interna, encriptando y dejando la mSD inutilizable en cualquier otro dispositivo. La memoria interna se <em>pierde</em> o algo por el estilo (bajo mi experiencia), por lo que parece es bastante útil cuando la capacidad de la memoria interna es baja.</li>
</ul>
<p>Ahora sí vamonos por partes, primero que nada lo que sucedió fue que ordené una mSD con más capacidad que la que ya tenía (64 GB -&gt; 512 GB, poggies), porque últimamente he estado bajando y leyendo mucho manga entonces me estaba quedando sin espacio. Ésta llegó el día de mi cumpleaños lo cuál estuvo chingón, me puse a hacer backup de la mSD que ya tenía y preparando todo, muy bonito, muy bonito.</p>
<p>Empecé a tener problemas, porque al estar moviendo tanto archivo pequeño (porque recordemos que el <em>tachiyomi</em> trata a cada página como una sola imagen), la conexión entre el celular y mi computadora se estaba corte y corte por alguna razón; en general muchos pedos. Por lo que mejor le saqué la nueva mSD y la metí directo a mi computadora por medio de un adaptador para batallar menos y que fuera más rápido.</p>
<p>Hacer este pedo de mover archivos directamente en la mSD puede llevar a corromper la memoria, no se los detalles pero pasa (o quizá estoy meco e hice algo mal). Por lo que al terminar de mover todo a la nueva mSD y ponerla en el celular, éste se emputó que porque no la detectaba y que quería tirar un formateo a la mSD. A este punto no me importaba mucho, sólo era questión de volvera mover archivos y ser más cuidadoso; &ldquo;<em>no issues from my end</em>&rdquo; diría en mis <em>standups</em>.</p>
<p>Todo valió <strong>vergota</strong> porque en cierto punto al elegir sí formatear la mSD mi celular me daba la opción de &ldquo;<em>usar la micro SD para el celular</em>&rdquo; o &ldquo;<em>usar la micro SD como memoria portátil</em>&rdquo; (o algo entre esas líneas), y yo, estúpidamente, elegí la primera, porque me daba sentido: &ldquo;no, pues simón, voy a usar esta memoria para este celular&rdquo;.</p>
<p>Pues mamé, resulta que esa primera opción lo que realmente quería decir es que se iba a usar la micro SD como interna usando el pex este de <em>adoptable storage</em>. Entonces básicamente <em>perdí</em> mi capacidad de memoria interna (128 GB aprox.), y toda la mSD nueva se usó como memoria interna. Todo se juntó, si intentaba sacar la mSD todo se iba a la mierda y no podía usar muchas aplicaciones. &ldquo;<em>No hay pedo</em>&rdquo;, pensé, &ldquo;<em>nada más es cuestión de desactivar esta mamada de adoptable storage</em>&rdquo;.</p>
<p>Ni madres dijeron los devs de Android, este pedo nada más es un <em>one-way</em>: puedes activar <em>adoptable storage</em> pero para desactivarlo <strong>ocupas, a huevo, formatear tu celular a estado de fábrica</strong>. Chingué a mi madre, comí mierda, perdí.</p>
<p>Pues eso fue lo que hice, ni modo. Hice backup de todo lo que se me ocurrió (también me di cuenta que G**gl* authenticator es cagada ya que no te deja hacer backup, entre otras cosas, mejor usen <a href="https://getaegis.app/">Aegis authenticator</a>), desactivé todo lo que se tenía que desactivar y tocó hacer <em>factory reset</em>, ni modo. Pero como siempre las cosas salen mal y tocó comer mierda del banco porque me bloquearon la tarjeta, perdí credenciales necesarias para el trabajo (se resolvió rápido), etc., etc.. Ya no importa, ya casi todo está resuelto, sólo queda ir al banco a resolver lo de la tarjeta bloqueada (esto es para otro <em>rant</em>, pinches apps de bancos piteras, ocupan hacer una sola cosa y la hacen mal).</p>
<p>Al final del día, la causa del problema fueron los malditos mangas (por andar queriendo <em>backupearlos</em>), que terminé bajando de nuevo manualmente y resultó mejor porque aparentemente <em>tachiyomi</em> agregó la opción de &ldquo;<em>zippear</em>&rdquo; los mangas en formato <a href="https://docs.fileformat.com/ebook/cbz/">CBZ</a>, por lo que ya son más fácil de mover de un lado para otro, el fono no se queda pendejo, etc., etc..</p>
<p>Por último, quiero decir que los devs de Android son unos pendejos por no hacer reversible la opción de <em>adoptable storage</em>, y los de MIUI son todavía más por no dar detalles de lo que significan sus opciones de formateo, especialmente si una opción es tan chingadora que para revertirla necesitas formatear a estado de fábrica tu celular; más que nada es culpa de los de MIUI, todavía que ponen un chingo de A(i)DS en todas sus apps, no pueden poner una buena descripción en sus opciones. <strong>REEEE</strong>.</p>]]></content:encoded>
    </item>
    <item>
      <title>Volviendo a usar la página</title>
      <link>https://blog.luevano.xyz/a/volviendo_a_usar_la_pagina.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/volviendo_a_usar_la_pagina.html</guid>
      <pubDate>Thu, 28 Apr 2022 03:21:02 GMT</pubDate>
      <category>Short</category>
      <category>Spanish</category>
      <category>Update</category>
      <description>Actualización en el estado de la página, después de mucho tiempo de ausencia.</description>
      <content:encoded><![CDATA[<p>Después de mucho tiempo de estar luchando con querer volver a usar este pex (maldita <em>d</em> word y demás), ya me volví a acomodar el setup para agregar nuevas entradas.</p>
<p>Entre las cosas que tuve que hacer fue actualizar el <a href="https://github.com/luevano/pyssg">pyssg</a> porque no lo podía usar de una como estaba; y de pasado le agregue una que otra feature nueva. Luego quiero agregarle más funcionalidad para poder <em>buildear</em> la página completa; por ahora se hace en segmentos: todo lo de <a href="https://luevano.xyz">luevano.xyz</a> está hecho manual, mientras que <a href="https://blog.luevano.xyz">blog</a> y <a href="https://art.luevano.xyz">art</a> usan <a href="https://github.com/luevano/pyssghttps://github.com/luevano/pyssg">pyssg</a>.</p>
<p>Otra cosa es que quizá me devuelva a editar alguans entradas nada más para homogeneizar las entradas específicas a <em>Create a&hellip;</em> (tiene más sentido que sean <em>Setup x&hellip;</em> o algo similar).</p>
<p>En otras noticias, estoy muy agusto en el jale que tengo actualmente aunque lleve alrededor de 3 semanas de un infierno por problemas debidos a varias razones (del jale). Debo pensar en si debo omitir cosas personales o del trabajo aquí, ya que quién sabe quién se pueda llegar a topar con esto <em>*thinking emoji*</em>.</p>]]></content:encoded>
    </item>
    <item>
      <title>Create a VPN server with OpenVPN (IPv4)</title>
      <link>https://blog.luevano.xyz/a/vpn_server_with_openvpn.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/vpn_server_with_openvpn.html</guid>
      <pubDate>Sun, 01 Aug 2021 09:27:02 GMT</pubDate>
      <category>English</category>
      <category>Server</category>
      <category>Tools</category>
      <category>Tutorial</category>
      <description>How to create a VPN server using OpenVPN on a server running Nginx. Only for IPv4.</description>
      <content:encoded><![CDATA[<p>I&rsquo;ve been wanting to do this entry, but had no time to do it since I also have to set up the VPN service as well to make sure what I&rsquo;m writing makes sense, today is the day.</p>
<p>Like with any other of my entries I based my setup on the <a href="https://wiki.archlinux.org/title/OpenVPN">Arch Wiki</a>, <a href="https://github.com/Nyr/openvpn-install">this install script</a> and <a href="https://github.com/graysky2/ovpngen">this profile generator script</a>.</p>
<p>This will be installed and working alongside the other stuff I&rsquo;ve wrote about on other posts (see the <a href="https://blog.luevano.xyz/tag/@server.html">server</a> tag). All commands here are executes as root unless specified otherwise. Also, this is intended only for IPv4 (it&rsquo;s not that hard to include IPv6, but meh).</p>
<h2 id="prerequisites">Prerequisites</h2>
<p>Pretty simple:</p>
<ul>
<li>Working server with root access, and with Ufw as the firewall.</li>
<li>Depending on what port you want to run the VPN on, the default <code>1194</code>, or as a fallback on <code>443</code> (click <a href="https://openvpn.net/vpn-server-resources/advanced-option-settings-on-the-command-line/">here</a> for more). I will do mine on port <code>1194</code> but it&rsquo;s just a matter of changing 2 lines of configuration and one Ufw rule.</li>
</ul>
<h2 id="create-pki-from-scratch">Create PKI from scratch</h2>
<p>PKI stands for <em>Public Key Infrastructure</em> and basically it&rsquo;s required for certificates, private keys and more. This is supposed to work between two servers and one client: a server in charge of creating, signing and verifying the certificates, a server with the OpenVPN service running and the client making the request.</p>
<p>This is supposed to work something like: 1) a client wants to use the VPN service, so it creates a requests and sends it to the signing server, 2) this server checks the requests and signs the request, returning the certificates to both the VPN service and the client and 3) the client can now connect to the VPN service using the signed certificate which the OpenVPN server knows about. In a nutshell, I&rsquo;m no expert.</p>
<p>&hellip; but, to be honest, all of this is a hassle and (in my case) I want something simple to use and manage. So I&rsquo;m gonna do all on one server and then just give away the configuration file for the clients, effectively generating files that anyone can run and will work, meaning that you need to be careful who you give this files (it also comes with a revoking mechanism, so no worries).</p>
<p>This is done with <a href="https://wiki.archlinux.org/title/Easy-RSA">Easy-RSA</a>.</p>
<p>Install the <code>easy-rsa</code> package:</p>
<pre><code class="language-sh">pacman -S easy-rsa
</code></pre>
<p>Initialize the PKI and generate the CA keypair:</p>
<pre><code class="language-sh">cd /etc/easy-rsa
easyrsa init-pki
easyrsa build-ca nopass
</code></pre>
<p>Create the server certificate and private key (while in the same directory):</p>
<pre><code class="language-sh">EASYRSA_CERT_EXPIRE=3650 easyrsa build-server-full server nopass
</code></pre>
<p>Where <code>server</code> is just a name to identify your server certificate keypair, I just use <code>server</code> but could be anything (like <code>luevano.xyz</code> in my case).</p>
<p>Create the client revocation list AKA CRL (will be used later, but might as well have it now):</p>
<pre><code class="language-sh">EASYRSA_CRL_DAYS=3650 easyrsa gen-crl
</code></pre>
<p>After this we should have 6 new files:</p>
<pre><code>/etc/easy-rsa/pki/ca.crt
/etc/easy-rsa/pki/private/ca.key
/etc/easy-rsa/pki/issued/server.crt
/etc/easy-rsa/pki/reqs/server.req
/etc/easy-rsa/pki/private/server.key
/etc/easy-rsa/pki/crl.pem
</code></pre>
<p>It is recommended to copy some of these files over to the <code>openvpn</code> directory, but I prefer to keep them here and just change some of the permissions:</p>
<pre><code class="language-sh">chmod o+rx pki
chmod o+rx pki/ca.crt
chmod o+rx pki/issued
chmod o+rx pki/issued/server.crt
chmod o+rx pki/private
chmod o+rx pki/private/server.key
chown nobody:nobody pki/crl.pem
chmod o+r pki/crl.pem
</code></pre>
<p>Now, go to the <code>openvpn</code> directory and create the required files there:</p>
<pre><code class="language-sh">cd /etc/openvpn/server
openssl dhparam -out dh.pem 2048
openvpn --genkey secret ta.key
</code></pre>
<p>That&rsquo;s it for the PKI stuff and general certificate configuration.</p>
<h2 id="openvpn">OpenVPN</h2>
<p><a href="https://wiki.archlinux.org/title/OpenVPN">OpenVPN</a> is a robust and highly flexible VPN daemon, that&rsquo;s pretty complete feature wise.</p>
<p>Install the <code>openvpn</code> package:</p>
<pre><code class="language-sh">pacman -S openvpn
</code></pre>
<p>Now, most of the stuff is going to be handled by (each, if you have more than one) server configuration. This might be the hardest thing to configure, but I&rsquo;ve used a basic configuration file that worked a lot to me, which is a compilation of stuff that I found on the internet while configuring the file a while back.</p>
<pre><code># Server ip addres (ipv4).
local 1.2.3.4 # your server public ip

# Port.
port 1194 # Might want to change it to 443

# TCP or UDP.
;proto tcp
proto udp # If ip changes to 443, you should change this to tcp, too

# &quot;dev tun&quot; will create a routed IP tunnel,
# &quot;dev tap&quot; will create an ethernet tunnel.
;dev tap
dev tun

# Server specific certificates and more.
ca /etc/easy-rsa/pki/ca.crt
cert /etc/easy-rsa/pki/issued/server.crt
key /etc/easy-rsa/pki/private/server.key  # This file should be kept secret.
dh /etc/openvpn/server/dh.pem
auth SHA512
tls-crypt /etc/openvpn/server/ta.key 0 # This file is secret.
crl-verify /etc/easy-rsa/pki/crl.pem

# Network topology.
topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
server 10.8.0.0 255.255.255.0

# Maintain a record of client &lt;-&gt; virtual IP address
# associations in this file.
ifconfig-pool-persist ipp.txt

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.
;push &quot;route 192.168.10.0 255.255.255.0&quot;
;push &quot;route 192.168.20.0 255.255.255.0&quot;

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
push &quot;redirect-gateway def1 bypass-dhcp&quot;

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.
# Google DNS.
;push &quot;dhcp-option DNS 8.8.8.8&quot;
;push &quot;dhcp-option DNS 8.8.4.4&quot;

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
keepalive 10 120

# The maximum number of concurrently connected
# clients we want to allow.
max-clients 5

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
user nobody
group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Notify the client that when the server restarts so it
# can automatically reconnect.
# Only usable with udp.
explicit-exit-notify 1
</code></pre>
<p><code>#</code> and <code>;</code> are comments. Read each and every line, you might want to change some stuff (like the logging), specially the first line which is your server public IP.</p>
<p>Now, we need to enable <em>packet forwarding</em> (so we can access the web while connected to the VPN), which can be enabled on the interface level or globally (you can check the different options with <code>sysctl -a | grep forward</code>). I&rsquo;ll do it globally, run:</p>
<pre><code class="language-sh">sysctl net.ipv4.ip_forward=1
</code></pre>
<p>And create/edit the file <code>/etc/sysctl.d/30-ipforward.conf</code>:</p>
<pre><code>net.ipv4.ip_forward=1
</code></pre>
<p>Now we need to configure <code>ufw</code> to forward traffic through the VPN. Append the following to <code>/etc/default/ufw</code> (or edit the existing line):</p>
<pre><code>...
DEFAULT_FORWARD_POLICY=&quot;ACCEPT&quot;
...
</code></pre>
<p>And change the <code>/etc/ufw/before.rules</code>, appending the following lines after the header <strong>but before the *filter line</strong>:</p>
<pre><code>...
# NAT (Network Address Translation) table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Allow traffic from clients to the interface
-A POSTROUTING -s 10.8.0.0/24 -o interface -j MASQUERADE

# do not delete the &quot;COMMIT&quot; line or the NAT table rules above will not be processed
COMMIT

# Don't delete these required lines, otherwise there will be errors
*filter
...
</code></pre>
<p>Where <code>interface</code> must be changed depending on your system (in my case it&rsquo;s <code>ens3</code>, another common one is <code>eth0</code>); I always check this by running <code>ip addr</code> which gives you a list of interfaces (the one containing your server public IP is the one you want, or whatever interface your server uses to connect to the internet):</p>
<pre><code>...
2: ens3: &lt;SOMETHING,SOMETHING&gt; bla bla
    link/ether bla:bla
    altname enp0s3
    inet my.public.ip.addr bla bla
...
</code></pre>
<p>And also make sure the <code>10.8.0.0/24</code> matches the subnet mask specified in the <code>server.conf</code> file (in this example it matches). You should check this very carefully, because I just spent a good 2 hours debugging why my configuration wasn&rsquo;t working, and this was te reason (I could connect to the VPN, but had no external connection to the web).</p>
<p>Finally, allow the OpenVPN port you specified (in this example its <code>1194/udp</code>) and reload <code>ufw</code>:</p>
<pre><code class="language-sh">ufw allow 1194/udp comment &quot;OpenVPN&quot;
ufw reload
</code></pre>
<p>At this point, the server-side configuration is done and you can start and enable the service:</p>
<pre><code class="language-sh">systemctl start openvpn-server@server.service
systemctl enable openvpn-server@server.service
</code></pre>
<p>Where the <code>server</code> after <code>@</code> is the name of your configuration, <code>server.conf</code> without the <code>.conf</code> in my case.</p>
<h3 id="create-client-configurations">Create client configurations</h3>
<p>You might notice that I didn&rsquo;t specify how to actually connect to our server. For that we need to do a few more steps. We actually need a configuration file similar to the <code>server.conf</code> file that we created.</p>
<p>The real way of doing this would be to run similar steps as the ones with <code>easy-rsa</code> locally, send them to the server, sign them, and retrieve them. Nah, we&rsquo;ll just create all configuration files on the server as I was mentioning earlier.</p>
<p>Also, the client configuration file has to match the server one (to some degree), to make this easier you can create a <code>client-common</code> file in <code>/etc/openvpn/server</code> with the following content:</p>
<pre><code>client
dev tun
remote 1.2.3.4 1194 udp # change this to match your ip and port
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
verb 3
</code></pre>
<p>Where you should make any changes necessary, depending on your configuration.</p>
<p>Now, we need a way to create and revoke new configuration files. For this I created a script, heavily based on one of the links I mentioned at the beginning, by the way. You can place these scripts anywhere you like, and you should take a look before running them because you&rsquo;ll be running them as root.</p>
<p>In a nutshell, what it does is: generate a new client certificate keypair, update the CRL and create a new <code>.ovpn</code> configuration file that consists on the <code>client-common</code> data and all of the required certificates; or, revoke an existing client and refresh the CRL. The file is placed under <code>~/ovpn</code>.</p>
<p>Create a new file with the following content (name it whatever you like) and don&rsquo;t forget to make it executable (<code>chmod +x vpn_script</code>):</p>
<pre><code>#!/bin/sh
# Client ovpn configuration creation and revoking.
MODE=$1
if [ ! &quot;$MODE&quot; = &quot;new&quot; -a ! &quot;$MODE&quot; = &quot;rev&quot; ]; then
    echo &quot;$1 is not a valid mode, using default 'new'&quot;
    MODE=new
fi

CLIENT=${2:-guest}
if [ -z $2 ];then
    echo &quot;there was no client name passed as second argument, using 'guest' as default&quot;
fi

# Expiration config.
EASYRSA_CERT_EXPIRE=3650
EASYRSA_CRL_DAYS=3650

# Current PWD.
CPWD=$PWD
cd /etc/easy-rsa/

if [ &quot;$MODE&quot; = &quot;rev&quot; ]; then
    easyrsa --batch revoke $CLIENT

    echo &quot;$CLIENT revoked.&quot;
elif [ &quot;$MODE&quot; = &quot;new&quot; ]; then
    easyrsa build-client-full $CLIENT nopass

    # This is what actually generates the config file.
    {
    cat /etc/openvpn/server/client-common
    echo &quot;&lt;ca&gt;&quot;
    cat /etc/easy-rsa/pki/ca.crt
    echo &quot;&lt;/ca&gt;&quot;
    echo &quot;&lt;cert&gt;&quot;
    sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/easy-rsa/pki/issued/$CLIENT.crt
    echo &quot;&lt;/cert&gt;&quot;
    echo &quot;&lt;key&gt;&quot;
    cat /etc/easy-rsa/pki/private/$CLIENT.key
    echo &quot;&lt;/key&gt;&quot;
    echo &quot;&lt;tls-crypt&gt;&quot;
    sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/ta.key
    echo &quot;&lt;/tls-crypt&gt;&quot;
    } &gt; &quot;$(eval echo ~${SUDO_USER:-$USER}/ovpn/$CLIENT.ovpn)&quot;

    eval echo &quot;~${SUDO_USER:-$USER}/ovpn/$CLIENT.ovpn file generated.&quot;
fi

# Finish up, re-generates the crl
easyrsa gen-crl
chown nobody:nobody pki/crl.pem
chmod o+r pki/crl.pem
cd $CPWD
</code></pre>
<p>And the way to use is to run <code>vpn_script new/rev client_name</code> as sudo (when revoking, it doesn&rsquo;t actually deletes the <code>.ovpn</code> file in <code>~/ovpn</code>). Again, this is a little script that I put together, so you should check it out, it may need tweaks (depending on your directory structure for <code>easy-rsa</code>) and it could have errors.</p>
<p>Now, just get the <code>.ovpn</code> file generated, import it to OpenVPN in your client of preference and you should have a working VPN service.</p>]]></content:encoded>
    </item>
    <item>
      <title>Hoy me tocó desarrollo de personaje</title>
      <link>https://blog.luevano.xyz/a/hoy_toco_desarrollo_personaje.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/hoy_toco_desarrollo_personaje.html</guid>
      <pubDate>Wed, 28 Jul 2021 06:10:55 GMT</pubDate>
      <category>Spanish</category>
      <description>Una breve historia sobre cómo estuvo mi día, porque me tocó desarrollo de personaje y lo quiero sacar del coraje que traigo.</description>
      <content:encoded><![CDATA[<p>Sabía que hoy no iba a ser un día tan bueno, pero no sabía que iba a estar tan horrible; me tocó desarrollo de personaje y saqué el <em>bad ending</em>.</p>
<p>Básicamente tenía que cumplir dos misiones hoy: ir al banco a un trámite y vacunarme contra el Covid-19. Muy sencillas tareas.</p>
<p>Primero que nada me levanté de una pesadilla horrible en la que se puede decir que se me subió el muerto al querer despertar, esperé a que fuera casi la hora de salida de mi horario de trabajo, me bañé y fui directo al banco primero. Todo bien hasta aquí.</p>
<p>En el camino al banco, durante la plática con el conductor del Uber salió el tema del horario del banco. Yo muy tranquilo dije &ldquo;pues voy algo tarde, pero sí alcanzo, cierran a las 5, ¿no?&rdquo; a lo que me respondió el conductor &ldquo;nel jefe, a las 4, y se van media hora antes&rdquo;; quedé. Chequé y efectivamente cerraban a las 4. Entonces le dije que le iba a cambiar la ruta directo a donde me iba a vacunar, pero ya era muy tarde y quedaba para la dirección opuesta.&rdquo;Ni pedo, ahí déjame y pido otro viaje, no te apures&rdquo;, le dije y como siempre pues me deseó que se compusiera mi día; <strong>afortunadamente</strong> el banco sí estaba abierto para lo que tenía que hacer, así que fue un buen giro. Me puse muy feliz y asumí que sería un buen día, como me lo dijo mi conductor; <strong>literalmente NO SABÍA</strong>.</p>
<p>Salí feliz de poder haber completado esa misión y poder irme a vacunar. Pedí otro Uber a donde tenía que ir y todo bien. Me tocó caminar mucho porque la entrada estaba en punta de la chingada de donde me dejó el conductor, pero no había rollo, era lo de menos. Me desanimé cuando vi que había una cantidad estúpida de gente, era una fila que abarcaba todo el estacionamiento y daba demasiadas vueltas; &ldquo;ni pedo&rdquo;, dije, &ldquo;si mucho me estaré aquí una hora, hora y media&rdquo;&hellip; otra vez, <strong>literalmente NO SABÍA</strong>.</p>
<p>Pasó media hora y había avanzado lo que parecía ser un cuarto de la fila, entonces todo iba bien. Pues nel, había avanzado el equivalente a un octavo de la fila, este pedo no iba a salir en una hora-hora y media. Para acabarla de chingar era todo bajo el tan amado sol de Chiwawa. &ldquo;No hay pedo, me entretengo tirando chal con alguien en el wasap&rdquo;, pues no, aparentemente no cargué el celular y ya tenía 15-20% de batería&hellip; volví a quedar.</p>
<p>Se me acabó la pila, ya había pasado una hora y parecía que la fila era infinita, simplemente avanzábamos demasiado lento, a pesar de que los que venían atrás de mí repetían una y otra vez &ldquo;mira, avanza bien rápido, ya mero llegamos&rdquo;, ilusos. Duré aproximadamente 3 horas formado, aguantando conversaciones estúpidas a mi alrededor, gente quejándose por estar parada (yo también me estaba quejando pero dentro de mi cabeza), y por alguna razón iban familias completas de las cuales al final del día sólo uno o dos integrantes de la familia entraban a vacunarse.</p>
<p>En fin que se acabó la tortura y ya tocaba irse al cantón, todo bien. &ldquo;No hay pedo, no me tocó irme en Uber, aquí agarro un camíon&rdquo; pensé. Pero no, ningún camión pasó durante la hora que estuve esperando y de los 5 taxis que intenté parar <strong>NINGUNO</strong> se detuvo. Decidí irme caminado, ya qué más daba, en ese punto ya nada más era hacer corajes <em>dioquis</em>.</p>
<p>En el camino vi un Oxxo y decidí desviarme para comprar algo de tomar porque andaba bien deshidratado. En el mismo segundo que volteé para ir hacia el Oxxo pasó un camión volando y lo único que pensaba era que el conductor me decía &ldquo;Jeje ni pedo:)&rdquo;. Exploté, me acabé, simplemente perdí, saqué el <em>bad ending</em>.</p>
<p>Ya estaba harto y hasta iba a comprar un cargador para ya irme rápido, estaba cansado del día, simplemente ahí terminó la quest, había sacado el peor final. Lo bueno es que se me ocurrió pedirle al cajero un cargador y que me <em>tirara paro</em>. Todo bien, pedí mi Uber y llegué a mi casa sano y a salvo, pero con la peor rabia que me había dado en mucho tiempo. Simplemente ¿mi culo? explotado. Este día me tocó un desarrollo de personaje muy cabrón, se mamó el D*****o.</p>
<p>Lo único rescatable fue que había una (más bien como 5) chica muy guapa en la fila, lástima que los <em>stats</em> de mi personaje me tienen bloqueadas las conversaciones con desconocidos.</p>
<p>Y pues ya, este pex ya me sirvió para desahogarme, una disculpa por la redacción tan <em>pitera</em>. Sobres.</p>]]></content:encoded>
    </item>
    <item>
      <title>Tenia este pex algo descuidado</title>
      <link>https://blog.luevano.xyz/a/tenia_esto_descuidado.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/tenia_esto_descuidado.html</guid>
      <pubDate>Sun, 18 Jul 2021 07:51:50 GMT</pubDate>
      <category>Short</category>
      <category>Spanish</category>
      <category>Update</category>
      <description>Nada más un update en el estado del blog y lo que he andado haciendo.</description>
      <content:encoded><![CDATA[<p>Así es, tenía un poco descuidado este pex, siendo la razón principal que andaba ocupado con cosas de <em>la vida profesional</em>, ayay. Pero ya que ando un poco más despejado y menos estresado voy a seguir usando el blog y a ver qué más hago.</p>
<p>Tengo unas entradas pendientes que quiero hacer del estilo de &ldquo;tutorial&rdquo; o &ldquo;how-to&rdquo;, pero me lo he estado debatiendo, porque Luke ya empezó a hacerlo más de verdad en <a href="https://landchad.net/">landchad.net</a>, lo cual recomiendo bastante pues igual yo empecé a hacer esto por él (y por <a href="https://lmcj.xyz/">lm</a>); aunque la verdad pues es muy específico a como él hace las cosas y quizá sí puede haber diferencias, pero ya veré en estos días. La próxima que quiero hacer es sobre el VPN, porque no lo he <em>setupeado</em> desde que reinicié El Página Web y La Servidor, entonces acomodaré el VPN de nuevo y de pasada tiro entrada de eso.</p>
<p>También dejé un dibujo pendiente, que la neta lo dejé por 2 cosas: está bien cabrón (porque también lo quiero colorear) y porque estaba ocupado; de lo cuál ya sólo queda el <em>está bien cabrón</em> pero no he tenido el valor de retomarlo. Lo triste es que ya pasó el tiempo del hype y ya no tengo mucha motivación para terminarlo más que el hecho de que cuando lo termine empezaré a usar Clip Studio Paint en vez de Krita, porque compré una licencia ahora que estuvo en 50% de descuento (sí, me mamé).</p>
<p>Algo bueno es que me he estado sintiendo muy bien conmigo mismo últimamente, aunque casi no hable de eso. Sí hay una razón en específico, pero es una razón algo tonta. Espero así siga.</p>
<p>Ah, y también quería acomodarme una sección de comentarios, pero como siempre, todas las opciones están bien <em>bloated</em>, entonces pues me voy a hacer una en corto seguramente en Python para <em>el back</em>, MySQL para la base de datos y Javascript para la conexión acá en <em>el front</em>, algo tranqui.</p>
<p>Sobres pues.</p>]]></content:encoded>
    </item>
    <item>
      <title>Create an XMPP server with Prosody compatible with Conversations and Movim</title>
      <link>https://blog.luevano.xyz/a/xmpp_server_with_prosody.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/xmpp_server_with_prosody.html</guid>
      <pubDate>Wed, 09 Jun 2021 05:24:30 GMT</pubDate>
      <category>English</category>
      <category>Server</category>
      <category>Tools</category>
      <category>Tutorial</category>
      <description>How to create an XMPP server using Prosody on a server running Nginx. This server will be compatible with at least Conversations and Movim.</description>
      <content:encoded><![CDATA[<p>Recently I set up an XMPP server (and a Matrix one, too) for my personal use and for friends if they want one; made one for <mark><a href="https://lmcj.xyz">EL ELE EME</a></mark>, for example. So, here are the notes on how I set up the server that is compatible with the <a href="https://conversations.im/">Conversations</a> app and the <a href="https://movim.eu/">Movim</a> social network. You can see my addresses in <a href="https://luevano.xyz/contact.html">contact</a> and the XMPP compliance/score of the server.</p>
<p>One of the best resources I found that helped me a lot was <a href="https://community.hetzner.com/tutorials/prosody-debian9">Installing and Configuring Prosody XMPP Server on Debian 9</a>, and of course the <a href="https://wiki.archlinux.org/title/Prosody">Arch Wiki</a> and the <a href="https://prosody.im/">oficial documentation</a>.</p>
<p>As with my other entries, this is under a server running Arch Linux, with the Nginx web server and Certbot certificates. And all commands here are executed as root (unless specified otherwise)</p>
<h2 id="prerequisites">Prerequisites</h2>
<p>Same as with my other entries (<a href="https://luevano.xyz/a/website_with_nginx.html">website</a>, <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">mail</a> and <a href="https://blog.luevano.xyz/a/git_server_with_cgit.html">git</a>) plus:</p>
<ul>
<li><strong>A</strong> and (optionally) <strong>AAA</strong> DNS records for:<ul>
<li><code>xmpp</code>: the actual XMPP server and the file upload service.</li>
<li><code>muc</code> (or <code>conference</code>): for multi-user chats.</li>
<li><code>pubsub</code>: the publish-subscribe service.</li>
<li><code>proxy</code>: a proxy in case one of the users needs it.</li>
<li><code>vjud</code>: user directory.</li>
</ul>
</li>
<li>(Optionally, but recommended) the following <strong>SRV</strong> DNS records; make sure it is pointing to an <strong>A</strong> or <strong>AAA</strong> record (matching the records from the last point, for example):<ul>
<li><code>_xmpp-client._tcp.**your.domain**.</code> for port <code>5222</code> pointing to <code>xmpp.**your.domain**.</code></li>
<li><code>_xmpp-server._tcp.**your.domain**.</code> for port <code>5269</code> pointing to <code>xmpp.**your.domain**.</code></li>
<li><code>_xmpp-server._tcp.muc.**your.domain**.</code> for port <code>5269</code> pointing to <code>xmpp.**your.domain**.</code></li>
</ul>
</li>
<li>SSL certificates for the previous subdomains; similar that with my other entries just create the appropriate <code>prosody.conf</code> (where <code>server_name</code> will be all the subdomains defined above) file and run <code>certbot --nginx</code>. You can find the example configuration file almost at the end of this entry.</li>
<li>Email addresses for <code>admin</code>, <code>abuse</code>, <code>contact</code>, <code>security</code>, etc. Or use your own email for all of them, doesn&rsquo;t really matter much as long as you define them in the configuration and are valid, I have aliases so those emails are forwarded to me.</li>
<li>Allow ports <code>5000</code>, <code>5222</code>, <code>5269</code>, <code>5280</code> and <code>5281</code> for <a href="https://prosody.im/doc/ports">Prosody</a> and, <code>3478</code> and <code>5349</code> for <a href="https://webrtc.org/getting-started/turn-server">Turnserver</a> which are the defaults for <code>coturn</code>.</li>
</ul>
<h2 id="prosody">Prosody</h2>
<p><a href="https://wiki.archlinux.org/title/Prosody">Prosody</a> is an implementation of the XMPP protocol that is flexible and extensible.</p>
<p>Install the <code>prosody</code> package (with optional dependencies) and the <code>mercurial</code> package:</p>
<pre><code class="language-sh">pacman -S prosody, mercurial, lua52-sec, lua52-dbi, lua52-zlib
</code></pre>
<p>We need mercurial to be able to download and update the extra modules needed to make the server compliant with <code>conversations.im</code> and <code>mov.im</code>. Go to <code>/var/lib/prosody</code>, clone the latest Prosody modules repository and prepare the directories:</p>
<pre><code class="language-sh">cd /var/lib/prosody
hg clone https://hg.prosody.im/prosody-modules modules-available
mkdir modules-enabled
</code></pre>
<p>You can see that I follow a similar approach that I used with Nginx and the server configuration, where I have all the modules available in a directory, and make a symlink to another to keep track of what is being used. You can update the repository by running <code>hg pull --update</code> while inside the <code>modules-available</code> directory (similar to Git).</p>
<p>Make symbolic links to the following modules:</p>
<pre><code>ln -s /var/lib/prosody/modules-available/MODULE_NAME /var/lib/prosody/modules-enabled/
...
</code></pre>
<ul>
<li>Modules:<ul>
<li><code>mod_bookmarks</code></li>
<li><code>mod_cache_c2s_caps</code></li>
<li><code>mod_checkcerts</code></li>
<li><code>mod_cloud_notify</code></li>
<li><code>mod_csi_battery_saver</code></li>
<li><code>mod_default_bookmarks</code></li>
<li><code>mod_external_services</code></li>
<li><code>mod_http_avatar</code></li>
<li><code>mod_http_pep_avatar</code></li>
<li><code>mod_http_upload</code></li>
<li><code>mod_http_upload_external</code></li>
<li><code>mod_idlecompat</code></li>
<li><code>mod_muc_limits</code></li>
<li><code>mod_muc_mam_hints</code></li>
<li><code>mod_muc_mention_notifications</code></li>
<li><code>mod_presence_cache</code></li>
<li><code>mod_pubsub_feeds</code></li>
<li><code>mod_pubsub_text_interface</code></li>
<li><code>mod_smacks</code></li>
<li><code>mod_strict_https</code></li>
<li><code>mod_vcard_muc</code></li>
<li><code>mod_vjud</code></li>
<li><code>mod_watchuntrusted</code></li>
</ul>
</li>
</ul>
<p>And add other modules if needed, but these work for the apps that I mentioned. You should also change the permissions for these files:</p>
<pre><code class="language-sh">chown -R prosody:prosody /var/lib/prosody
</code></pre>
<p>Now, configure the server by editing the <code>/etc/prosody/prosody.cfg.lua</code> file. It&rsquo;s a bit tricky to configure, so here is my configuration file (lines starting with <code>--</code> are comments). Make sure to change according to your domain, and maybe preferences. Read each line and each comment to know what&rsquo;s going on, It&rsquo;s easier to explain it with comments in the file itself than strip it in a lot of pieces.</p>
<p>And also, note that the configuration file has a &ldquo;global&rdquo; section and a per &ldquo;virtual server&rdquo;/&rdquo;component&rdquo; section, basically everything above all the VirtualServer/Component sections are global, and bellow each VirtualServer/Component, corresponds to that section.</p>
<pre><code>-- important for systemd
daemonize = true
pidfile = &quot;/run/prosody/prosody.pid&quot;

-- or your account, not that this is an xmpp jid, not email
admins = { &quot;admin@your.domain&quot; }

contact_info = {
    abuse = { &quot;mailto:abuse@your.domain&quot;, &quot;xmpp:abuse@your.domain&quot; };
    admin = { &quot;mailto:admin@your.domain&quot;, &quot;xmpp:admin@your.domain&quot; };
    admin = { &quot;mailto:feedback@your.domain&quot;, &quot;xmpp:feedback@your.domain&quot; };
    security = { &quot;mailto:security@your.domain&quot; };
    support = { &quot;mailto:support@your.domain&quot;, &quot;xmpp:support@muc.your.domain&quot; };
}

-- so prosody look up the plugins we added
plugin_paths = { &quot;/var/lib/prosody/modules-enabled&quot; }

modules_enabled = {
    -- Generally required
        &quot;roster&quot;; -- Allow users to have a roster. Recommended ;)
        &quot;saslauth&quot;; -- Authentication for clients and servers. Recommended if you want to log in.
        &quot;tls&quot;; -- Add support for secure TLS on c2s/s2s connections
        &quot;dialback&quot;; -- s2s dialback support
        &quot;disco&quot;; -- Service discovery
    -- Not essential, but recommended
        &quot;carbons&quot;; -- Keep multiple clients in sync
        &quot;pep&quot;; -- Enables users to publish their avatar, mood, activity, playing music and more
        &quot;private&quot;; -- Private XML storage (for room bookmarks, etc.)
        &quot;blocklist&quot;; -- Allow users to block communications with other users
        &quot;vcard4&quot;; -- User profiles (stored in PEP)
        &quot;vcard_legacy&quot;; -- Conversion between legacy vCard and PEP Avatar, vcard
        &quot;limits&quot;; -- Enable bandwidth limiting for XMPP connections
    -- Nice to have
        &quot;version&quot;; -- Replies to server version requests
        &quot;uptime&quot;; -- Report how long server has been running
        &quot;time&quot;; -- Let others know the time here on this server
        &quot;ping&quot;; -- Replies to XMPP pings with pongs
        &quot;register&quot;; -- Allow users to register on this server using a client and change passwords
        &quot;mam&quot;; -- Store messages in an archive and allow users to access it
        &quot;csi_simple&quot;; -- Simple Mobile optimizations
    -- Admin interfaces
        &quot;admin_adhoc&quot;; -- Allows administration via an XMPP client that supports ad-hoc commands
        --&quot;admin_telnet&quot;; -- Opens telnet console interface on localhost port 5582
    -- HTTP modules
        &quot;http&quot;; -- Explicitly enable http server.
        &quot;bosh&quot;; -- Enable BOSH clients, aka &quot;Jabber over HTTP&quot;
        &quot;websocket&quot;; -- XMPP over WebSockets
        &quot;http_files&quot;; -- Serve static files from a directory over HTTP
    -- Other specific functionality
        &quot;groups&quot;; -- Shared roster support
        &quot;server_contact_info&quot;; -- Publish contact information for this service
        &quot;announce&quot;; -- Send announcement to all online users
        &quot;welcome&quot;; -- Welcome users who register accounts
        &quot;watchregistrations&quot;; -- Alert admins of registrations
        &quot;motd&quot;; -- Send a message to users when they log in
        --&quot;legacyauth&quot;; -- Legacy authentication. Only used by some old clients and bots.
        --&quot;s2s_bidi&quot;; -- not yet implemented, have to wait for v0.12
        &quot;bookmarks&quot;;
        &quot;checkcerts&quot;;
        &quot;cloud_notify&quot;;
        &quot;csi_battery_saver&quot;;
        &quot;default_bookmarks&quot;;
        &quot;http_avatar&quot;;
        &quot;idlecompat&quot;;
        &quot;presence_cache&quot;;
        &quot;smacks&quot;;
        &quot;strict_https&quot;;
        --&quot;pep_vcard_avatar&quot;; -- not compatible with this version of pep, wait for v0.12
        &quot;watchuntrusted&quot;;
        &quot;webpresence&quot;;
        &quot;external_services&quot;;
    }

-- only if you want to disable some modules
modules_disabled = {
    -- &quot;offline&quot;; -- Store offline messages
    -- &quot;c2s&quot;; -- Handle client connections
    -- &quot;s2s&quot;; -- Handle server-to-server connections
    -- &quot;posix&quot;; -- POSIX functionality, sends server to background, enables syslog, etc.
}

external_services = {
    {
        type = &quot;stun&quot;,
        transport = &quot;udp&quot;,
        host = &quot;proxy.your.domain&quot;,
        port = 3478
    }, {
        type = &quot;turn&quot;,
        transport = &quot;udp&quot;,
        host = &quot;proxy.your.domain&quot;,
        port = 3478,
        -- you could decide this now or come back later when you install coturn
        secret = &quot;YOUR SUPER SECRET TURN PASSWORD&quot;
    }
}

--- general global configuration
http_ports = { 5280 }
http_interfaces = { &quot;*&quot;, &quot;::&quot; }

https_ports = { 5281 }
https_interfaces = { &quot;*&quot;, &quot;::&quot; }

proxy65_ports = { 5000 }
proxy65_interfaces = { &quot;*&quot;, &quot;::&quot; }

http_default_host = &quot;xmpp.your.domain&quot;
http_external_url = &quot;https://xmpp.your.domain/&quot;
-- or if you want to have it somewhere else, change this
https_certificate = &quot;/etc/prosody/certs/xmpp.your.domain.crt&quot;

hsts_header = &quot;max-age=31556952&quot;

cross_domain_bosh = true
--consider_bosh_secure = true
cross_domain_websocket = true
--consider_websocket_secure = true

trusted_proxies = { &quot;127.0.0.1&quot;, &quot;::1&quot;, &quot;192.169.1.1&quot; }

pep_max_items = 10000

-- this is disabled by default, and I keep it like this, depends on you
--allow_registration = true

-- you might want this options as they are
c2s_require_encryption = true
s2s_require_encryption = true
s2s_secure_auth = false
--s2s_insecure_domains = { &quot;insecure.example&quot; }
--s2s_secure_domains = { &quot;jabber.org&quot; }

-- where the certificates are stored (/etc/prosody/certs by default)
certificates = &quot;certs&quot;
checkcerts_notify = 7 -- ( in days )

-- rate limits on connections to the server, these are my personal settings, because by default they were limited to something like 30kb/s
limits = {
    c2s = {
        rate = &quot;2000kb/s&quot;;
    };
    s2sin = {
        rate = &quot;5000kb/s&quot;;
    };
    s2sout = {
        rate = &quot;5000kb/s&quot;;
    };
}

-- again, this could be yourself, it is a jid
unlimited_jids = { &quot;admin@your.domain&quot; }

authentication = &quot;internal_hashed&quot;

-- if you don't want to use sql, change it to internal and comment the second line
-- since this is optional, i won't describe how to setup mysql or setup the user/database, that would be out of the scope for this entry
storage = &quot;sql&quot;
sql = { driver = &quot;MySQL&quot;, database = &quot;prosody&quot;, username = &quot;prosody&quot;, password = &quot;PROSODY USER SECRET PASSWORD&quot;, host = &quot;localhost&quot; }

archive_expires_after = &quot;4w&quot; -- configure message archive
max_archive_query_results = 20;
mam_smart_enable = true
default_archive_policy = &quot;roster&quot; -- archive only messages from users who are in your roster

-- normally you would like at least one log file of certain level, but I keep all of them, the default is only the info = &quot;*syslog&quot; one
log = {
    info = &quot;*syslog&quot;;
    warn = &quot;prosody.warn&quot;;
    error = &quot;prosody.err&quot;;
    debug = &quot;prosody.debug&quot;;
    -- &quot;*console&quot;; -- Needs daemonize=false
}

-- cloud_notify
push_notification_with_body = false -- Whether or not to send the message body to remote pubsub node
push_notification_with_sender = false -- Whether or not to send the message sender to remote pubsub node
push_max_errors = 5 -- persistent push errors are tolerated before notifications for the identifier in question are disabled
push_max_devices = 5 -- number of allowed devices per user

-- by default every user on this server will join these muc rooms
default_bookmarks = {
    { jid = &quot;room@muc.your.domain&quot;, name = &quot;The Room&quot; };
    { jid = &quot;support@muc.your.domain&quot;, name = &quot;Support Room&quot; };
}

-- could be your jid
untrusted_fail_watchers = { &quot;admin@your.domain&quot; }
untrusted_fail_notification = &quot;Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors&quot;

----------- Virtual hosts -----------
VirtualHost &quot;your.domain&quot;
    name = &quot;Prosody&quot;
    http_host = &quot;xmpp.your.domain&quot;

disco_items = {
    { &quot;your.domain&quot;, &quot;Prosody&quot; };
    { &quot;muc.your.domain&quot;, &quot;MUC Service&quot; };
    { &quot;pubsub.your.domain&quot;, &quot;Pubsub Service&quot; };
    { &quot;proxy.your.domain&quot;, &quot;SOCKS5 Bytestreams Service&quot; };
    { &quot;vjud.your.domain&quot;, &quot;User Directory&quot; };
}


-- Multi-user chat
Component &quot;muc.your.domain&quot; &quot;muc&quot;
    name = &quot;MUC Service&quot;
    modules_enabled = {
        --&quot;bob&quot;; -- not compatible with this version of Prosody
        &quot;muc_limits&quot;;
        &quot;muc_mam&quot;; -- message archive in muc, again, a placeholder
        &quot;muc_mam_hints&quot;;
        &quot;muc_mention_notifications&quot;;
        &quot;vcard_muc&quot;;
    }

    restrict_room_creation = false

    muc_log_by_default = true
    muc_log_presences = false
    log_all_rooms = false
    muc_log_expires_after = &quot;1w&quot;
    muc_log_cleanup_interval = 4 * 60 * 60


-- Upload
Component &quot;xmpp.your.domain&quot; &quot;http_upload&quot;
    name = &quot;Upload Service&quot;
    http_host= &quot;xmpp.your.domain&quot;
    -- you might want to change this, these are numbers in bytes, so 10MB and 100MB respectively
    http_upload_file_size_limit = 1024*1024*10
    http_upload_quota = 1024*1024*100


-- Pubsub
Component &quot;pubsub.your.domain&quot; &quot;pubsub&quot;
    name = &quot;Pubsub Service&quot;
    pubsub_max_items = 10000
    modules_enabled = {
        &quot;pubsub_feeds&quot;;
        &quot;pubsub_text_interface&quot;;
    }

    -- personally i don't have any feeds configured
    feeds = {
        -- The part before = is used as PubSub node
        --planet_jabber = &quot;http://planet.jabber.org/atom.xml&quot;;
        --prosody_blog = &quot;http://blog.prosody.im/feed/atom.xml&quot;;
    }


-- Proxy
Component &quot;proxy.your.domain&quot; &quot;proxy65&quot;
    name = &quot;SOCKS5 Bytestreams Service&quot;
    proxy65_address = &quot;proxy.your.domain&quot;


-- Vjud, user directory
Component &quot;vjud.your.domain&quot; &quot;vjud&quot;
    name = &quot;User Directory&quot;
    vjud_mode = &quot;opt-in&quot;
</code></pre>
<p>You <mark>HAVE</mark> to read all of the configuration file, because there are a lot of things that you need to change to make it work with your server/domain. Test the configuration file with:</p>
<pre><code class="language-sh">luac5.2 -p /etc/prosody/prosody.cfg.lua
</code></pre>
<p>Notice that by default <code>prosody</code> will look up certificates that look like <code>sub.your.domain</code>, but if you get the certificates like I do, you&rsquo;ll have a single certificate for all subdomains, and by default it is in <code>/etc/letsencrypt/live</code>, which has some strict permissions. So, to import it you can run:</p>
<pre><code class="language-sh">prosodyctl --root cert import /etc/letsencrypt/live
</code></pre>
<p>Ignore the complaining about not finding the subdomain certificates and note that you will have to run that command on each certificate renewal, to automate this, add the <code>--deploy-hook</code> flag to your automated Certbot renewal system; for me it&rsquo;s a <code>systemd</code> timer with the following <code>certbot.service</code>:</p>
<pre><code class="language-ini">[Unit]
Description=Let's Encrypt renewal

[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook &quot;systemctl reload nginx.service &amp;&amp; prosodyctl --root cert import /etc/letsencrypt/live&quot;
</code></pre>
<p>And if you don&rsquo;t have it already, the <code>certbot.timer</code>:</p>
<pre><code class="language-ini">[Unit]
Description=Twice daily renewal of Let's Encrypt's certificates

[Timer]
OnCalendar=0/12:00:00
RandomizedDelaySec=1h
Persistent=true

[Install]
WantedBy=timers.target
</code></pre>
<p>Also, go to the <code>certs</code> directory and make the appropriate symbolic links:</p>
<pre><code class="language-sh">cd /etc/prosody/certs
ln -s your.domain.crt SUBDOMAIN.your.domain.crt
ln -s your.domain.key SUBDOMAIN.your.domain.key
...
</code></pre>
<p>That&rsquo;s basically all the configuration that needs Prosody itself, but we still have to configure Nginx and Coturn before starting/enabling the <code>prosody</code> service.</p>
<h2 id="nginx-configuration-file">Nginx configuration file</h2>
<p>Since this is not an ordinary configuration file I&rsquo;m going to describe this too. Your <code>prosody.conf</code> file should have the following location blocks under the main server block (the one that listens to HTTPS):</p>
<pre><code class="language-nginx"># HTTPS server block
server {
    root /var/www/prosody/;
    server_name xmpp.luevano.xyz muc.luevano.xyz pubsub.luevano.xyz vjud.luevano.xyz proxy.luevano.xyz;
    index index.html;

    # for extra https discovery (XEP-0256)
    location /.well-known/acme-challenge {
        allow all;
    }

    # bosh specific
    location /http-bind {
        proxy_pass  https://localhost:5281/http-bind;

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        tcp_nodelay on;
    }

    # websocket specific
    location /xmpp-websocket {
        proxy_pass https://localhost:5281/xmpp-websocket;

        proxy_http_version 1.1;
        proxy_set_header Connection &quot;Upgrade&quot;;
        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 900s;
    }

    # general proxy
    location / {
        proxy_pass https://localhost:5281;

        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
    }
    ...
    # Certbot stuff
}
# HTTP server block (the one that certbot creates)
server {
    ...
}
</code></pre>
<p>Also, you need to add the following to your actual <code>your.domain</code> (this cannot be a subdomain) configuration file:</p>
<pre><code class="language-nginx">server {
    ...
    location /.well-known/host-meta {
        default_type 'application/xrd+xml';
        add_header Access-Control-Allow-Origin '*' always;
    }

    location /.well-known/host-meta.json {
        default_type 'application/jrd+json';
        add_header Access-Control-Allow-Origin '*' always;
    }
    ...
}
</code></pre>
<p>And you will need the following <code>host-meta</code> and <code>host-meta.json</code> files inside the <code>.well-known/acme-challenge</code> directory for <code>your.domain</code> (following my nomenclature: <code>/var/www/yourdomaindir/.well-known/acme-challenge/</code>).</p>
<p>For <code>host-meta</code> file:</p>
<pre><code class="language-xml">&lt;?xml version='1.0' encoding='utf-8'?&gt;
&lt;XRD xmlns='http://docs.oasis-open.org/ns/xri/xrd-1.0'&gt;
    &lt;Link rel=&quot;urn:xmpp:alt-connections:xbosh&quot;
        href=&quot;https://xmpp.your.domain:5281/http-bind&quot; /&gt;
    &lt;Link rel=&quot;urn:xmpp:alt-connections:websocket&quot;
        href=&quot;wss://xmpp.your.domain:5281/xmpp-websocket&quot; /&gt;
&lt;/XRD&gt;
</code></pre>
<p>And <code>host-meta.json</code> file:</p>
<pre><code class="language-json">{
    &quot;links&quot;: [
        {
            &quot;rel&quot;: &quot;urn:xmpp:alt-connections:xbosh&quot;,
                &quot;href&quot;: &quot;https://xmpp.your.domain:5281/http-bind&quot;
        },
        {
            &quot;rel&quot;: &quot;urn:xmpp:alt-connections:websocket&quot;,
                &quot;href&quot;: &quot;wss://xmpp.your.domain:5281/xmpp-websocket&quot;
        }
    ]
}
</code></pre>
<p>Remember to have your <code>prosody.conf</code> file symlinked (or discoverable by Nginx) to the <code>sites-enabled</code> directory. You can now restart your <code>nginx</code> service (and test the configuration, optionally):</p>
<pre><code class="language-sh">nginx -t
systemctl restart nginx.service
</code></pre>
<h2 id="coturn">Coturn</h2>
<p><a href="https://github.com/coturn/coturn">Coturn</a> is the implementation of TURN and STUN server, which in general is for (at least in the XMPP world) voice support and external service discovery.</p>
<p>Install the <code>coturn</code> package:</p>
<pre><code class="language-sh">pacman -S coturn
</code></pre>
<p>You can modify the configuration file (located at <code>/etc/turnserver/turnserver.conf</code>) as desired, but at least you need to make the following changes (uncomment or edit):</p>
<pre><code class="language-ini">use-auth-secret
realm=proxy.your.domain
static-auth-secret=YOUR SUPER SECRET TURN PASSWORD
</code></pre>
<p>I&rsquo;m sure there is more configuration to be made, like using SQL to store data and whatnot, but for now this is enough for me. Note that you may not have some functionality that&rsquo;s needed to create dynamic users to use the TURN server, and to be honest I haven&rsquo;t tested this since I don&rsquo;t use this feature in my XMPP clients, but if it doesn&rsquo;t work, or you know of an error or missing configuration don&rsquo;t hesitate to <a href="https://luevano.xyz/contact.html">contact me</a>.</p>
<p>Start/enable the <code>turnserver</code> service:</p>
<pre><code class="language-sh">systemctl start turnserver.service
systemctl enable turnserver.service
</code></pre>
<p>You can test if your TURN server works at <a href="https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/">Trickle ICE</a>. You may need to add a user in the <code>turnserver.conf</code> to test this.</p>
<h2 id="wrapping-up">Wrapping up</h2>
<p>At this point you should have a working XMPP server, start/enable the <code>prosody</code> service now:</p>
<pre><code class="language-sh">systemctl start prosody.service
systemctl enable prosody.service
</code></pre>
<p>And you can add your first user with the <code>prosodyctl</code> command (it will prompt you to add a password):</p>
<pre><code class="language-sh">prosodyctl adduser user@your.domain
</code></pre>
<p>You may want to add a <code>compliance</code> user, so you can check if your server is set up correctly. To do so, go to <a href="https://compliance.conversations.im/add/">XMPP Compliance Tester</a> and enter the <code>compliance</code> user credentials. It should have similar compliance score to mine:</p>
<p><a href='https://compliance.conversations.im/server/luevano.xyz'><img src='https://compliance.conversations.im/badge/luevano.xyz'></a></p>
<p>Additionally, you can test the security of your server in <a href="https://xmpp.net/index.php">IM Observatory</a>, here you only need to specify your <code>domain.name</code> (not <code>xmpp.domain.name</code>, if you set up the <strong>SRV</strong> DNS records correctly). Again, it should have a similar score to mine:</p>
<p><a href='https://xmpp.net/result.php?domain=luevano.xyz&amp;type=client'><img src='https://xmpp.net/badge.php?domain=luevano.xyz' alt='xmpp.net score' /></a></p>
<p>You can now log in into your XMPP client of choice, if it asks for the server it should be <code>xmpp.your.domain</code> (or <code>your.domain</code> for some clients) and your login credentials <code>you@your.domain</code> and the password you chose (which you can change in most clients).</p>
<p>That&rsquo;s it, send me a message <a href="xmpp:david@luevano.xyz">david@luevano.xyz</a> if you were able to set up the server successfully.</p>]]></content:encoded>
    </item>
    <item>
      <title>Al fin ya me acomodé la página pa' los dibujos</title>
      <link>https://blog.luevano.xyz/a/acomodada_la_pagina_de_arte.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/acomodada_la_pagina_de_arte.html</guid>
      <pubDate>Sun, 06 Jun 2021 19:06:09 GMT</pubDate>
      <category>Short</category>
      <category>Spanish</category>
      <category>Update</category>
      <description>Actualización en el estado de la página, en este caso sobre la existencia de una nueva página para los dibujos y arte en general.</description>
      <content:encoded><![CDATA[<p>Así es, ya quedó acomodado el sub-dominio <code>art.luevano.xyz</code> pos pal <a href="https://art.luevano.xyz">arte</a> veda. Entonces pues ando feliz por eso.</p>
<p>Este pedo fue gracias a que me reescribí la forma en la que <code>pyssg</code> maneja los templates, ahora uso el sistema de <code>jinja</code> en vez del cochinero que hacía antes.</p>
<p>Y pues nada más eso, aquí está el <a href="https://art.luevano.xyz/a/elephant_octopus.html">primer post</a> y por supuesto acá está el link del RSS <a href="https://art.luevano.xyz/rss.xml">https://art.luevano.xyz/rss.xml</a>.</p>]]></content:encoded>
    </item>
    <item>
      <title>Así nomás está quedando el página</title>
      <link>https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/asi_nomas_esta_quedando.html</guid>
      <pubDate>Fri, 04 Jun 2021 08:24:03 GMT</pubDate>
      <category>Short</category>
      <category>Spanish</category>
      <category>Update</category>
      <description>Actualización en el estado de la página, el servidor de XMPP y Matrix que me acomodé y próximas cosas que quiero hacer.</description>
      <content:encoded><![CDATA[<p>Estuve acomodando un poco más el <em>sItIo</em>, al fin agregué la &ldquo;sección&rdquo; de <a href="https://luevano.xyz/contact.html">contact</a> y de <a href="https://luevano.xyz/donate.html">donate</a> por si hay algún loco que quiere tirar varo.</p>
<p>También me puse a acomodar un servidor de <a href="https://xmpp.org/">XMPP</a> el cual, en pocas palabras, es un protocolo de mensajería instantánea (y más) descentralizado, por lo cual cada quien puede hacer una cuenta en el servidor que quiera y conectarse con cuentas creadas en otro servidor&hellip; exacto, como con los correos electrónicos. Y esto está perro porque si tú tienes tu propio server, así como con uno de correo electrónico, puedes controlar qué características tiene, quiénes pueden hacer cuenta, si hay <em>end-to-end encryption</em> (o mínimo <em>end-to-server</em>), entre un montón de otras cosas.</p>
<p>Ahorita este server es SUMISO (<em>compliant</em> en español, jeje) para jalar con la app <a href="https://conversations.im/">conversations</a> y con la red social <a href="https://movim.eu/">movim</a>, pero realmente funcionaría con casi cualquier cliente de XMPP, amenos que ese cliente implemente algo que no tiene mi server. Y también acomodé un server de <a href="https://matrix.org/">Matrix</a> que es muy similar pero es bajo otro protocolo y se siente más como un discord/slack (al menos en el <a href="https://element.io/">element</a>), muy chingón también.</p>
<p>Si bien aún quedan cosas por hacer sobre estos dos servers que me acomodé (además de hacerles unas entradas para documentar cómo lo hice), quiero moverme a otra cosa que sería acomodar una sección de dibujos, lo cual en teoría es bien sencillo, pero como quiero poder automatizar la publicación de estos, quiero modificar un poco el <a href="https://github.com/luevano/pyssg">pyssg</a> para que jale chido para este pex.</p>
<p>Ya por último también quiero moverle un poco al CSS, porque lo dejé en un estado muy culerón y quiero meterle/ajustar unas cosas para que quede más limpio y medianamente bonito&hellip; <em>dentro de lo que cabe porque evidentemente me vale verga si se ve como una página del 2000</em>.</p>]]></content:encoded>
    </item>
    <item>
      <title>I'm using a new blogging system</title>
      <link>https://blog.luevano.xyz/a/new_blogging_system.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/new_blogging_system.html</guid>
      <pubDate>Fri, 28 May 2021 03:21:39 GMT</pubDate>
      <category>English</category>
      <category>Short</category>
      <category>Tools</category>
      <category>Update</category>
      <description>I created a new blogging system called pyssg, which is based on what I was using but, to be honest, better.</description>
      <content:encoded><![CDATA[<p>So, I was tired of working with <code>ssg</code> (and then <code>sbg</code> which was a modified version of <code>ssg</code> that I &ldquo;wrote&rdquo;), for one general reason: not being able to extend it as I would like; and not just dumb little stuff, I wanted to be able to have more control, to add tags (which another tool that I found does: <code>blogit</code>), and even more in a future.</p>
<p>The solution? Write a new program &ldquo;from scratch&rdquo; in <em>pYtHoN</em>. Yes it is bloated, yes it is in its early stages, but it works just as I want it to work, and I&rsquo;m pretty happy so far with the results and have with even more ideas in mind to &ldquo;optimize&rdquo; and generally clean my wOrKfLoW to post new blog entries. I even thought of using it for posting into a &ldquo;feed&rdquo; like gallery for drawings or pictures in general.</p>
<p>I called it <a href="https://github.com/luevano/pyssg"><code>pyssg</code></a>, because it sounds nice and it wasn&rsquo;t taken in the PyPi. It is just a terminal program that reads either a configuration file or the options passed as flags when calling the program.</p>
<p>It still uses Markdown files because I find them very easy to work with. And instead of just having a &ldquo;header&rdquo; and a &ldquo;footer&rdquo; applied to each parsed entry, you will have templates (generated with the program) for each piece that I thought made sense (idea taken from <code>blogit</code>): the common header and footer, the common header and footer for each entry and, header, footer and list elements for articles and tags. When parsing the Markdown file these templates are applied and stitched together to make a single HTML file. Also generates an RSS feed and the <code>sitemap.xml</code> file, which is nice.</p>
<p>It might sound convoluted, but it works pretty well, with of course room to improve; I&rsquo;m open to suggestions, issue reporting or direct contributions <a href="https://github.com/luevano/pyssg">here</a>. BTW, it only works on Linux for now (and don&rsquo;t think on making it work on windows, but feel free to do PR for the compatibility).</p>
<p>That&rsquo;s it for now, the new RSS feed is available here: <a href="https://blog.luevano.xyz/rss.xml">https://blog.luevano.xyz/rss.xml</a>.</p>]]></content:encoded>
    </item>
    <item>
      <title>Create a git server and setup cgit web app (on Nginx)</title>
      <link>https://blog.luevano.xyz/a/git_server_with_cgit.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/git_server_with_cgit.html</guid>
      <pubDate>Sun, 21 Mar 2021 19:00:29 GMT</pubDate>
      <category>English</category>
      <category>Server</category>
      <category>Tools</category>
      <category>Tutorial</category>
      <description>How to create a git server using cgit on a server running Nginx. This is a follow up on post about creating a website with Nginx and Certbot.</description>
      <content:encoded><![CDATA[<p>My git server is all I need to setup to actually <em>kill</em> my other server (I&rsquo;ve been moving from servers on these last 2-3 blog entries), that&rsquo;s why I&rsquo;m already doing this entry. I&rsquo;m basically following <a href="https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server">git&rsquo;s guide on setting up a server</a> plus some specific stuff for (btw i use) Arch Linux (<a href="https://wiki.archlinux.org/index.php/Git_server#Web_interfaces">Arch Linux Wiki: Git server</a> and <a href="https://miracoin.wordpress.com/2014/11/25/step-by-step-guide-on-setting-up-git-server-in-arch-linux-pushable/">Step by step guide on setting up git server in arch linux (pushable)</a>).</p>
<p>Note that this is mostly for personal use, so there&rsquo;s no user/authentication control other than that of SSH. Also, most if not all commands here are run as root.</p>
<h2 id="prerequisites">Prerequisites</h2>
<p>I might get tired of saying this (it&rsquo;s just copy paste, basically)&hellip; but you will need the same prerequisites as before (check my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website</a> and <a href="https://blog.luevano.xyz/a/mail_server_with_postfix.html">mail</a> entries), with the extras:</p>
<ul>
<li>(Optional, if you want a &ldquo;front-end&rdquo;) A <strong>CNAME</strong> for &ldquo;git&rdquo; and (optionally) &ldquo;www.git&rdquo;, or some other name for your sub-domains.</li>
<li>An SSL certificate, if you&rsquo;re following the other entries, add a <code>git.conf</code> and run <code>certbot --nginx</code> to extend the certificate.</li>
</ul>
<h2 id="git">Git</h2>
<p><a href="https://wiki.archlinux.org/title/git">Git</a> is a version control system.</p>
<p>If not installed already, install the <code>git</code> package:</p>
<pre><code class="language-sh">pacman -S git
</code></pre>
<p>On Arch Linux, when you install the <code>git</code> package, a <code>git</code> user is automatically created, so all you have to do is decide where you want to store the repositories, for me, I like them to be on <code>/home/git</code> like if <code>git</code> was a &ldquo;normal&rdquo; user. So, create the <code>git</code> folder (with corresponding permissions) under <code>/home</code> and set the <code>git</code> user&rsquo;s home to <code>/home/git</code>:</p>
<pre><code class="language-sh">mkdir /home/git
chown git:git /home/git
usermod -d /home/git git
</code></pre>
<p>Also, the <code>git</code> user is &ldquo;expired&rdquo; by default and will be locked (needs a password), change that with:</p>
<pre><code class="language-sh">chage -E -1 git
passwd git
</code></pre>
<p>Give it a strong one and remember to use <code>PasswordAuthentication no</code> for <code>ssh</code> (as you should). Create the <code>.ssh/authorized_keys</code> for the <code>git</code> user and set the permissions accordingly:</p>
<pre><code class="language-sh">mkdir /home/git/.ssh
chmod 700 /home/git/.ssh
touch /home/git/.ssh/authorized_keys
chmod 600 /home/git/.ssh/authorized_keys
chown -R git:git /home/git
</code></pre>
<p>Now is a good idea to copy over your local SSH public keys to this file, to be able to push/pull to the repositories. Do it by either manually copying it or using <code>ssh</code>&lsquo;s built in <code>ssh-copy-id</code> (for that you may want to check your <code>ssh</code> configuration in case you don&rsquo;t let people access your server with user/password).</p>
<p>Next, and almost finally, we need to edit the <code>git-daemon</code> service, located at <code>/usr/lib/systemd/system/</code> (called <code>git-daemon@.service</code>):</p>
<pre><code class="language-ini">...
ExecStart=-/usr/lib/git-core/git-daemon --inetd --export-all --base-path=/home/git --enable=receive-pack
...
</code></pre>
<p>I just appended <code>--enable=receive-pack</code> and note that I also changed the <code>--base-path</code> to reflect where I want to serve my repositories from (has to match what you set when changing <code>git</code> user&rsquo;s home).</p>
<p>Now, go ahead and start and enable the <code>git-daemon</code> socket:</p>
<pre><code class="language-sh">systemctl start git-daemon.socket
systemctl enable git-daemon.socket
</code></pre>
<p>You&rsquo;re basically done. Now you should be able to push/pull repositories to your server&hellip; except, you haven&rsquo;t created any repository in your server, that&rsquo;s right, they&rsquo;re not created automatically when trying to push. To do so, you have to run (while inside <code>/home/git</code>):</p>
<pre><code class="language-sh">git init --bare {repo_name}.git
chown -R git:git repo_name.git
</code></pre>
<p>Those two lines above will need to be run each time you want to add a new repository to your server (yeah, kinda lame&hellip; although there are options to &ldquo;automate&rdquo; this, I like it this way).</p>
<p>After that you can already push/pull to your repository. I have my repositories (locally) set up so I can push to more than one remote at the same time (my server, GitHub, GitLab, etc.); to do so, check <a href="https://gist.github.com/rvl/c3f156e117e22a25f242">this gist</a>.</p>
<h2 id="cgit">Cgit</h2>
<p><a href="https://wiki.archlinux.org/title/Cgit">Cgit</a> is a fast web interface for git.</p>
<p>This is optionally since it&rsquo;s only for the web application.</p>
<p>Install the <code>cgit</code> and <code>fcgiwrap</code> packages:</p>
<pre><code class="language-sh">pacman -S cgit fcgiwrap
</code></pre>
<p>Now, just start and enable the <code>fcgiwrap</code> socket:</p>
<pre><code class="language-sh">systemctl start fcgiwrap.socket
systemctl enable fcgiwrap.socket
</code></pre>
<p>Next, create the <code>git.conf</code> as stated in my <a href="https://blog.luevano.xyz/a/website_with_nginx.html">nginx setup entry</a>. Add the following lines to your <code>git.conf</code> file:</p>
<pre><code class="language-nginx">server {
    listen 80;
    listen [::]:80;
    root /usr/share/webapps/cgit;
    server_name {yoursubdomain}.{yourdomain};
    try_files $uri @cgit;

    location @cgit {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
        fastcgi_param PATH_INFO $uri;
        fastcgi_param QUERY_STRING $args;
        fastcgi_param HTTP_HOST $server_name;
        fastcgi_pass unix:/run/fcgiwrap.sock;
    }
}
</code></pre>
<p>Where the <code>server_name</code> line depends on you, I have mine setup to <code>git.luevano.xyz</code> and <code>www.git.luevano.xyz</code>. Optionally run <code>certbot --nginx</code> to get a certificate for those domains if you don&rsquo;t have already.</p>
<p>Now, all that&rsquo;s left is to configure <code>cgit</code>. Create the configuration file <code>/etc/cgitrc</code> with the following content (my personal options, pretty much the default):</p>
<pre><code class="language-apache">css=/cgit.css
logo=/cgit.png

enable-http-clone=1
# robots=noindex, nofollow
virtual-root=/

repo.url={url}
repo.path={dir_path}
repo.owner={owner}
repo.desc={short_description}

...
</code></pre>
<p>Where you can uncomment the <code>robots</code> line to let web crawlers (like Google&rsquo;s) to index your <code>git</code> web app. And at the end keep all your repositories (the ones you want to make public), for example for my <a href="https://git.luevano.xyz/.dots"><em>dotfiles</em></a> I have:</p>
<pre><code class="language-apache">...
repo.url=.dots
repo.path=/home/git/.dots.git
repo.owner=luevano
repo.desc=These are my personal dotfiles.
...
</code></pre>
<p>Otherwise you could let <code>cgit</code> to automatically detect your repositories (you have to be careful if you want to keep &ldquo;private&rdquo; repos) using the option <code>scan-path</code> and setup <code>.git/description</code> for each repository. For more, you can check <a href="https://man.archlinux.org/man/cgitrc.5">cgitrc(5)</a>.</p>
<p>By default you can&rsquo;t see the files on the site, you need a highlighter to render the files, I use <code>highlight</code>. Install the <code>highlight</code> package:</p>
<pre><code class="language-sh">pacman -S highlight
</code></pre>
<p>Copy the <code>syntax-highlighting.sh</code> script to the corresponding location (basically adding <code>-edited</code> to the file):</p>
<pre><code class="language-sh">cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh
</code></pre>
<p>And edit it to use the version 3 and add <code>--inline-css</code> for more options without editing <code>cgit</code>&lsquo;s CSS file:</p>
<pre><code class="language-sh">...
# This is for version 2
# exec highlight --force -f -I -X -S &quot;$EXTENSION&quot; 2&gt;/dev/null

# This is for version 3
exec highlight --force --inline-css -f -I -O xhtml -S &quot;$EXTENSION&quot; 2&gt;/dev/null
...
</code></pre>
<p>Finally, enable the filter in <code>/etc/cgitrc</code> configuration:</p>
<pre><code class="language-apache">source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
</code></pre>
<p>That would be everything. If you need support for more stuff like compressed snapshots or support for markdown, check the optional dependencies for <code>cgit</code>.</p>]]></content:encoded>
    </item>
    <item>
      <title>Create a mail server with Postfix, Dovecot, SpamAssassin and OpenDKIM</title>
      <link>https://blog.luevano.xyz/a/mail_server_with_postfix.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/mail_server_with_postfix.html</guid>
      <pubDate>Sun, 21 Mar 2021 04:05:59 GMT</pubDate>
      <category>English</category>
      <category>Server</category>
      <category>Tools</category>
      <category>Tutorial</category>
      <description>How to create mail server using Postfix, Dovecot, SpamAssassin and OpenDKIM. This is a follow up on post about creating a website with Nginx and Certbot.</description>
      <content:encoded><![CDATA[<p>The entry is going to be long because it&rsquo;s a <em>tedious</em> process. This is also based on <a href="https://github.com/LukeSmithxyz/emailwiz">Luke Smith&rsquo;s script</a>, but adapted to Arch Linux (his script works on debian-based distributions). This entry is mostly so I can record all the notes required while I&rsquo;m in the process of installing/configuring the mail server on a new VPS of mine; also I&rsquo;m going to be writing a script that does everything in one go (for Arch Linux), that will be hosted <a href="https://git.luevano.xyz/server_scripts.git">here</a>.</p>
<p>This configuration works for local users (users that appear in <code>/etc/passwd</code>), and does not use any type of SQL Database. And note that most if not all commands executed here are run with root privileges.</p>
<h2 id="prerequisites">Prerequisites</h2>
<p>Basically the same as with the <a href="https://blog.luevano.xyz/a/website_with_nginx.html">website with Nginx and Certbot</a>, with the extras:</p>
<ul>
<li>You will need a <strong>CNAME</strong> for &ldquo;mail&rdquo; and (optionally) &ldquo;www.mail&rdquo;, or whatever you want to call the sub-domains (although the <a href="https://tools.ietf.org/html/rfc2181#section-10.3">RFC 2181</a> states that it NEEDS to be an <strong>A</strong> record, fuck the police).</li>
<li>An SSL certificate. You can use the SSL certificate obtained following my last post using <code>certbot</code> (just create a <code>mail.conf</code> and run <code>certbot --nginx</code> again).</li>
<li>Ports 25, 587 (SMTP), 465 (SMTPS), 143 (IMAP) and 993 (IMAPS) open on the firewall.</li>
</ul>
<h2 id="postfix">Postfix</h2>
<p><a href="https://wiki.archlinux.org/title/postfix">Postfix</a> is a &ldquo;mail transfer agent&rdquo; which is the component of the mail server that receives and sends emails via SMTP.</p>
<p>Install the <code>postfix</code> package:</p>
<pre><code class="language-sh">pacman -S postfix
</code></pre>
<p>We have two main files to configure (inside <code>/etc/postfix</code>): <code>master.cf</code> (<a href="https://man.archlinux.org/man/master.5">master(5)</a>) and <code>main.cf</code> (<a href="https://man.archlinux.org/man/postconf.5">postconf(5)</a>). We&rsquo;re going to edit <code>main.cf</code> first either by using the command <code>postconf -e 'setting'</code> or by editing the file itself (I prefer to edit the file).</p>
<p>Note that the default file itself has a lot of comments with description on what each thing does (or you can look up the manual, linked above), I used what Luke&rsquo;s script did plus some other settings that worked for me.</p>
<p>Now, first locate where your website cert is, mine is at the default location <code>/etc/letsencrypt/live/</code>, so my <code>certdir</code> is <code>/etc/letsencrypt/live/luevano.xyz</code>. Given this information, change <code>{yourcertdir}</code> on the corresponding lines. The configuration described below has to be appended in the <code>main.cf</code> configuration file.</p>
<p>Certificates and ciphers to use for authentication and security:</p>
<pre><code class="language-apache">smtpd_tls_key_file = {yourcertdir}/privkey.pem
smtpd_tls_cert_file = {yourcertdir}/fullchain.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_CAfile = {yourcertdir}/cert.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
tls_preempt_cipherlist = yes
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5,
                DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256,
                RSA+AES, eNULL

smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_CApath = /etc/ssl/certs

smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
</code></pre>
<p>Also, for the <em>connection</em> with <code>dovecot</code>, append the next few lines (telling postfix that <code>dovecot</code> will use user/password for authentication):</p>
<pre><code class="language-apache">smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
</code></pre>
<p>Specify the mailbox home (this is going to be a directory inside your user&rsquo;s home containing the actual mail files):</p>
<pre><code class="language-apache">home_mailbox = Mail/Inbox/
</code></pre>
<p>Pre-configuration to work seamlessly with <code>dovecot</code> and <code>opendkim</code>:</p>
<pre><code class="language-apache">myhostname = {yourdomainname}
mydomain = localdomain
mydestination = $myhostname, localhost.$mydomain, localhost

milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = inet:127.0.0.1:8891
mailbox_command = /usr/lib/dovecot/deliver
</code></pre>
<p>Where <code>{yourdomainname}</code> is <code>luevano.xyz</code> in my case, or if you have <code>localhost</code> configured to your domain, then use <code>localhost</code> for <code>myhostname</code> (<code>myhostname = localhost</code>).</p>
<p>Lastly, if you don&rsquo;t want the sender&rsquo;s IP and user agent (application used to send the mail), add the following line:</p>
<pre><code class="language-apache">smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
</code></pre>
<p>And create the <code>/etc/postfix/smtp_header_checks</code> file with the following content:</p>
<pre><code class="language-coffee">/^Received: .*/     IGNORE
/^User-Agent: .*/   IGNORE
</code></pre>
<p>That&rsquo;s it for <code>main.cf</code>, now we have to configure <code>master.cf</code>. This one is a bit more tricky.</p>
<p>First look up lines (they&rsquo;re uncommented) <code>smtp inet n - n - - smtpd</code>, <code>smtp unix - - n - - smtp</code> and <code>-o syslog_name=postfix/$service_name</code> and either delete or uncomment them&hellip; or just run <code>sed -i "/^\s*-o/d;/^\s*submission/d;/\s*smtp/d" /etc/postfix/master.cf</code> as stated in Luke&rsquo;s script.</p>
<p>Lastly, append the following lines to complete postfix setup and pre-configure for <code>spamassassin</code>.</p>
<pre><code class="language-txt">smtp unix - - n - - smtp
smtp inet n - y - - smtpd
    -o content_filter=spamassassin
submission inet n - y - - smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_auth_only=yes
smtps inet n - y - - smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
spamassassin unix - n n - - pipe
    user=spamd argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}
</code></pre>
<p>Now, I ran into some problems with postfix, one being <a href="https://www.faqforge.com/linux/fix-for-opensuse-error-postfixmaster-fatal-0-0-0-0smtps-servname-not-supported-for-ai_socktype/">smtps: Servname not supported for ai_socktype</a>, to fix it, as <em>Till</em> posted in that site, edit <code>/etc/services</code> and add:</p>
<pre><code class="language-apache">smtps 465/tcp
smtps 465/udp
</code></pre>
<p>Before starting the <code>postfix</code> service, you need to run <code>newaliases</code> first, but you can do a bit of configuration beforehand editing the file <code>/etc/postfix/aliases</code>. I only change the <code>root: you</code> line (where <code>you</code> is the account that will be receiving &ldquo;root&rdquo; mail). After you&rsquo;re done, run:</p>
<pre><code class="language-sh">postalias /etc/postfix/aliases
newaliases
</code></pre>
<p>At this point you&rsquo;re done configuring <code>postfix</code> and you can already start/enable the <code>postfix</code> service:</p>
<pre><code class="language-sh">systemctl start postfix.service
systemctl enable postfix.service
</code></pre>
<h2 id="dovecot">Dovecot</h2>
<p><a href="https://wiki.archlinux.org/title/Dovecot">Dovecot</a> is an IMAP and POP3 server, which is what lets an email application retrieve the mail.</p>
<p>Install the <code>dovecot</code> and <code>pigeonhole</code> (sieve for <code>dovecot</code>) packages:</p>
<pre><code class="language-sh">pacman -S dovecot pigeonhole
</code></pre>
<p>On arch, by default, there is no <code>/etc/dovecot</code> directory with default configurations set in place, but the package does provide the example configuration files. Create the <code>dovecot</code> directory under <code>/etc</code> and, optionally, copy the <code>dovecot.conf</code> file and <code>conf.d</code> directory under the just created <code>dovecot</code> directory:</p>
<pre><code class="language-sh">mkdir /etc/dovecot
cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
</code></pre>
<p>As Luke stated, <code>dovecot</code> comes with a lot of &ldquo;modules&rdquo; (under <code>/etc/dovecot/conf.d/</code> if you copied that folder) for all sorts of configurations that you can include, but I do as he does and just edit/create the whole <code>dovecot.conf</code> file; although, I would like to check each of the separate configuration files <code>dovecot</code> provides I think the options Luke provides are more than good enough.</p>
<p>I&rsquo;m working with an empty <code>dovecot.conf</code> file. Add the following lines for SSL and login configuration (also replace <code>{yourcertdir}</code> with the same certificate directory described in the Postfix section above, note that the <code>&lt;</code> is required):</p>
<pre><code class="language-apache">ssl = required
ssl_cert = &lt;{yourcertdir}/fullchain.pem
ssl_key = &lt;{yourcertdir}/privkey.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes
ssl_dh = &lt;/etc/dovecot/dh.pem

auth_mechanisms = plain login
auth_username_format = %n
protocols = $protocols imap
</code></pre>
<p>You may notice we specify a file we don&rsquo;t have under <code>/etc/dovecot</code>: <code>dh.pem</code>. We need to create it with <code>openssl</code> (you should already have it installed if you&rsquo;ve been following this entry and the one for <code>nginx</code>). Just run (might take a few minutes):</p>
<pre><code class="language-sh">openssl dhparam -out /etc/dovecot/dh.pem 4096
</code></pre>
<p>After that, the next lines define what a &ldquo;valid user is&rdquo; (really just sets the database for users and passwords to be the local users with their password):</p>
<pre><code class="language-apache">userdb {
    driver = passwd
}

passdb {
    driver = pam
}
</code></pre>
<p>Next, comes the mail directory structure (has to match the one described in the Postfix section). Here, the <code>LAYOUT</code> option is important so the boxes are <code>.Sent</code> instead of <code>Sent</code>. Add the next lines (plus any you like):</p>
<pre><code class="language-apache">mail_location = maildir:~/Mail:INBOX=~/Mail/Inbox:LAYOUT=fs
namespace inbox {
    inbox = yes

    mailbox Drafts {
        special_use = \Drafts
        auto = subscribe
        }

    mailbox Junk {
        special_use = \Junk
        auto = subscribe
        autoexpunge = 30d
        }

    mailbox Sent {
        special_use = \Sent
        auto = subscribe
        }

    mailbox Trash {
        special_use = \Trash
        }

    mailbox Archive {
        special_use = \Archive
        }
}
</code></pre>
<p>Also include this so Postfix can use Dovecot&rsquo;s authentication system:</p>
<pre><code class="language-apache">service auth {
    unix_listener /var/spool/postfix/private/auth {
        mode = 0660
        user = postfix
        group = postfix
        }
}
</code></pre>
<p>Lastly (for Dovecot at least), the plugin configuration for <code>sieve</code> (<code>pigeonhole</code>):</p>
<pre><code class="language-apache">protocol lda {
    mail_plugins = $mail_plugins sieve
}

protocol lmtp {
    mail_plugins = $mail_plugins sieve
}

plugin {
    sieve = ~/.dovecot.sieve
    sieve_default = /var/lib/dovecot/sieve/default.sieve
    sieve_dir = ~/.sieve
    sieve_global_dir = /var/lib/dovecot/sieve/
</code></pre>
<p>Where <code>/var/lib/dovecot/sieve/default.sieve</code> doesn&rsquo;t exist yet. Create the folders:</p>
<pre><code class="language-sh">mkdir -p /var/lib/dovecot/sieve
</code></pre>
<p>And create the file <code>default.sieve</code> inside that just created folder with the content:</p>
<pre><code class="language-nginx">require [&quot;fileinto&quot;, &quot;mailbox&quot;];
if header :contains &quot;X-Spam-Flag&quot; &quot;YES&quot; {
    fileinto &quot;Junk&quot;;
}
</code></pre>
<p>Now, if you don&rsquo;t have a <code>vmail</code> (virtual mail) user, create one and change the ownership of the <code>/var/lib/dovecot</code> directory to this user:</p>
<pre><code class="language-sh">grep -q &quot;^vmail:&quot; /etc/passwd || useradd -m vmail -s /usr/bin/nologin
chown -R vmail:vmail /var/lib/dovecot
</code></pre>
<p>Note that I also changed the shell for <code>vmail</code> to be <code>/usr/bin/nologin</code>. After that, to compile the configuration file run:</p>
<pre><code class="language-sh">sievec /var/lib/dovecot/sieve/default.sieve
</code></pre>
<p>A <code>default.svbin</code> file will be created next to <code>default.sieve</code>.</p>
<p>Next, add the following lines to <code>/etc/pam.d/dovecot</code> if not already present (shouldn&rsquo;t be there if you&rsquo;ve been following these notes):</p>
<pre><code class="language-txt">auth required pam_unix.so nullok
account required pam_unix.so
</code></pre>
<p>That&rsquo;s it for Dovecot, at this point you can start/enable the <code>dovecot</code> service:</p>
<pre><code class="language-sh">systemctl start dovecot.service
systemctl enable dovecot.service
</code></pre>
<h2 id="opendkim">OpenDKIM</h2>
<p><a href="https://wiki.archlinux.org/title/OpenDKIM">OpenDKIM</a> is needed so services like G**gle (we don&rsquo;t mention that name here [[[this is a meme]]]) don&rsquo;t throw the mail to the trash. DKIM stands for &ldquo;DomainKeys Identified Mail&rdquo;.</p>
<p>Install the <code>opendkim</code> package:</p>
<pre><code class="language-sh">pacman -S opendkim
</code></pre>
<p>Generate the keys for your domain:</p>
<pre><code class="language-sh">opendkim-genkey -D /etc/opendkim -d {yourdomain} -s {yoursubdomain} -r -b 2048
</code></pre>
<p>Where you need to change <code>{yourdomain}</code> and <code>{yoursubdomain}</code> (doesn&rsquo;t really need to be the sub-domain, could be anything that describes your key) accordingly, for me it&rsquo;s <code>luevano.xyz</code> and <code>mail</code>, respectively. After that, we need to create some files inside the <code>/etc/opendkim</code> directory. First, create the file <code>KeyTable</code> with the content:</p>
<pre><code class="language-txt">{yoursubdomain}._domainkey.{yourdomain} {yourdomain}:{yoursubdomain}:/etc/opendkim/{yoursubdomain}.private
</code></pre>
<p>So, for me it would be:</p>
<pre><code class="language-txt">mail._domainkey.luevano.xyz luevano.xyz:mail:/etc/opendkim/mail.private
</code></pre>
<p>Next, create the file <code>SigningTable</code> with the content:</p>
<pre><code class="language-txt">*@{yourdomain} {yoursubdomain}._domainkey.{yourdomain}
</code></pre>
<p>Again, for me it would be:</p>
<pre><code class="language-txt">*@luevano.xyz mail._domainkey.luevano.xyz
</code></pre>
<p>And, lastly create the file <code>TrustedHosts</code> with the content:</p>
<pre><code class="language-txt">127.0.0.1
::1
10.1.0.0/16
1.2.3.4/24
localhost
{yourserverip}
...
</code></pre>
<p>And more, make sure to include your server IP and something like <code>subdomain.domainname</code>.</p>
<p>Next, edit <code>/etc/opendkim/opendkim.conf</code> to reflect the changes (or rather, addition) of these files, as well as some other configuration. You can look up the example configuration file located at <code>/usr/share/doc/opendkim/opendkim.conf.sample</code>, but I&rsquo;m creating a blank one with the contents:</p>
<pre><code class="language-apache">Domain {yourdomain}
Selector {yoursubdomain}

Syslog Yes
UserID opendkim

KeyFile /etc/opendkim/{yoursubdomain}.private
Socket inet:8891@localhost
</code></pre>
<p>Now, change the permissions for all the files inside <code>/etc/opendkim</code>:</p>
<pre><code class="language-sh">chown -R root:opendkim /etc/opendkim
chmod g+r /etc/postfix/dkim/*
</code></pre>
<p>I&rsquo;m using <code>root:opendkim</code> so <code>opendkim</code> doesn&rsquo;t complain about the <code>{yoursubdomani}.private</code> being insecure (you can change that by using the option <code>RequireSafeKeys False</code> in the <code>opendkim.conf</code> file, as stated <a href="http://lists.opendkim.org/archive/opendkim/users/2014/12/3331.html">here</a>).</p>
<p>That&rsquo;s it for the general configuration, but you could go more in depth and be more secure with some extra configuration.</p>
<p>Now, just start/enable the <code>opendkim</code> service:</p>
<pre><code class="language-sh">systemctl start opendkim.service
systemctl enable opendkim.service
</code></pre>
<p>And don&rsquo;t forget to add the following <strong>TXT</strong> records on your domain registrar (these examples are for Epik):</p>
<ol>
<li><em>DKIM</em> entry: look up your <code>{yoursubdomain}.txt</code> file, it should look something like:</li>
</ol>
<pre><code class="language-txt">{yoursubdomain}._domainkey IN TXT ( &quot;v=DKIM1; k=rsa; s=email; &quot;
    &quot;p=...&quot;
    &quot;...&quot; )  ; ----- DKIM key mail for {yourdomain}
</code></pre>
<p>In the TXT record you will place <code>{yoursubdomain}._domainkey</code> as the &ldquo;Host&rdquo; and <code>"v=DKIM1; k=rsa; s=email; " "p=..." "..."</code> in the &ldquo;TXT Value&rdquo; (replace the dots with the actual value you see in your file).</p>
<ol start="2">
<li>
<p><em>DMARC</em> entry: just <code>_dmarc.{yourdomain}</code> as the &ldquo;Host&rdquo; and <code>"v=DMARC1; p=reject; rua=mailto:dmarc@{yourdomain}; fo=1"</code> as the &ldquo;TXT Value&rdquo;.</p>
</li>
<li>
<p><em>SPF</em> entry: just <code>@</code> as the &ldquo;Host&rdquo; and <code>"v=spf1 mx a:{yoursubdomain}.{yourdomain} - all"</code> as the &ldquo;TXT Value&rdquo;.</p>
</li>
</ol>
<p>And at this point you could test your mail for spoofing and more.</p>
<h2 id="spamassassin">SpamAssassin</h2>
<p><a href="https://wiki.archlinux.org/title/SpamAssassin">SpamAssassin</a> is just <em>a mail filter to identify spam</em>.</p>
<p>Install the <code>spamassassin</code> package (which will install a bunch of ugly <code>perl</code> packages&hellip;):</p>
<pre><code class="language-sh">pacman -S spamassassin
</code></pre>
<p>For some reason, the permissions on all <code>spamassassin</code> stuff are all over the place. First, change owner of the executables, and directories:</p>
<pre><code class="language-sh">chown spamd:spamd /usr/bin/vendor_perl/sa-*
chown spamd:spamd /usr/bin/vendor_perl/spam*
chwown -R spamd:spamd /etc/mail/spamassassin
</code></pre>
<p>Then, you can edit <code>local.cf</code> (located in <code>/etc/mail/spamassassin</code>) to fit your needs (I only uncommented the <code>rewrite_header Subject ...</code> line). And then you can run the following command to update the patterns and compile them:</p>
<pre><code class="language-sh">sudo -u spamd sa-update
sudo -u spamd sa-compile
</code></pre>
<p>And since this should be run periodically, create the service <code>spamassassin-update.service</code> under <code>/etc/systemd/system</code> with the following content:</p>
<pre><code class="language-ini">[Unit]
Description=SpamAssassin housekeeping
After=network.target

[Service]
User=spamd
Group=spamd
Type=oneshot

ExecStart=/usr/bin/vendor_perl/sa-update --allowplugins
SuccessExitStatus=1
ExecStart=/usr/bin/vendor_perl/sa-compile
ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service
</code></pre>
<p>And you could also execute <code>sa-learn</code> to train <code>spamassassin</code>&lsquo;s bayes filter, but this works for me. Then create the timer <code>spamassassin-update.timer</code> under the same directory, with the content:</p>
<pre><code class="language-ini">[Unit]
Description=SpamAssassin housekeeping

[Timer]
OnCalendar=daily
Persistent=true

[Install]
WantedBy=timers.target
</code></pre>
<p>You can now start/enable the <code>spamassassin-update</code> timer:</p>
<pre><code class="language-sh">systemctl start spamassassin-update.timer
systemctl enable spamassassin-update.timer
</code></pre>
<p>Next, you may want to edit the <code>spamassassin</code> service before starting and enabling it, because by default, it could <a href="https://rimuhosting.com/howto/memory.jsp">spawn a lot of &ldquo;childs&rdquo;</a> eating a lot of resources and you really only need one child. Append <code>--max-children=1</code> to the line <code>ExecStart=...</code> in <code>/usr/bin/systemd/system/spamassassin.service</code>:</p>
<pre><code class="language-ini">...
ExecStart=/usr/bin/vendor_perl/spamd -x -u spamd -g spamd --listen=/run/spamd/spamd.sock --listen=localhost --max-children=1
...
</code></pre>
<p>Finally, start and enable the <code>spamassassin</code> service:</p>
<pre><code class="language-sh">systemctl start spamassassin.service
systemctl enable spamassassin.service
</code></pre>
<h2 id="wrapping-up">Wrapping up</h2>
<p>We should have a working mail server by now. Before continuing check your journal logs (<code>journalctl -xe --unit={unit}</code>, where <code>{unit}</code> could be <code>spamassassin.service</code> for example) to see if there was any error whatsoever and try to debug it, it should be a typo somewhere (the logs are generally really descriptive) because all the settings and steps detailed here just (literally just finished doing everything on a new server as of the writing of this text) worked <em>(((it just werks on my machine)))</em>.</p>
<p>Now, to actually use the mail service: first of all, you need a <em>normal</em> account (don&rsquo;t use root) that belongs to the <code>mail</code> group (<code>gpasswd -a user group</code> to add a user <code>user</code> to group <code>group</code>) and that has a password.</p>
<p>Next, to actually login into a mail app/program/whateveryouwanttocallit, you will use the following settings, at least for <code>thunderdbird</code>(I tested in windows default mail app and you don&rsquo;t need a lot of settings):</p>
<ul>
<li>* server: subdomain.domain (mail.luevano.xyz in my case)</li>
<li><strong>SMTP</strong> port: 587</li>
<li><strong>SMTPS</strong> port: 465 (I use this one)</li>
<li><strong>IMAP</strong> port: 143</li>
<li><strong>IMAPS</strong> port: 993 (again, I use this one)</li>
<li>Connection/security: SSL/TLS</li>
<li>Authentication method: Normal password</li>
<li>Username: just your <code>user</code>, not the whole email (<code>david</code> in my case)</li>
<li>Password: your <code>user</code> password (as in the password you use to login to the server with that user)</li>
</ul>
<p>All that&rsquo;s left to do is test your mail server for spoofing, and to see if everything is setup correctly. Go to <a href="https://www.appmaildev.com/en/dkim">DKIM Test</a> and follow the instructions (basically click next, and send an email with whatever content to the email that they provide). After you send the email, you should see something like:</p>
<figure id="__yafg-figure-3">
<img alt="DKIM Test successful" src="images/b/notes/mail/dkim_test_successful.png" title="DKIM Test successful">
<figcaption>DKIM Test successful</figcaption>
</figure>
<p>Finally, that&rsquo;s actually it for this entry, if you have any problem whatsoever you can <a href="https://luevano.xyz/contact.html">contact me</a>.</p>]]></content:encoded>
    </item>
    <item>
      <title>Create a website with Nginx and Certbot</title>
      <link>https://blog.luevano.xyz/a/website_with_nginx.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/website_with_nginx.html</guid>
      <pubDate>Fri, 19 Mar 2021 02:58:15 GMT</pubDate>
      <category>English</category>
      <category>Server</category>
      <category>Tools</category>
      <category>Tutorial</category>
      <description>How to create website that runs on Nginx and uses Certbot for SSL certificates. This is a base for future blog posts about similar topics.</description>
      <content:encoded><![CDATA[<p>These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from <a href="https://www.youtube.com/watch?v=OWAqilIVNgE">Luke&rsquo;s video</a> and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I&rsquo;m configuring the web server again on a new VPS instance, so this is going to be fresh.</p>
<p>As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I&rsquo;m doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.</p>
<h2 id="prerequisites">Prerequisites</h2>
<p>You will need two things:</p>
<ul>
<li>A domain name (duh!). I got mine on <a href="https://www.epik.com/?affid=da5ne9ru4">Epik</a> (affiliate link, btw).<ul>
<li>With the corresponding <strong>A</strong> and <strong>AAA</strong> records pointing to the VPS&rsquo; IPs (&ldquo;A&rdquo; record points to the ipv4 address and &ldquo;AAA&rdquo; to the ipv6, basically). I have three records for each type: empty one, &ldquo;www&rdquo; and &ldquo;*&rdquo; for a wildcard, that way &ldquo;domain.name&rdquo;, &ldquo;www.domain.name&rdquo;, &ldquo;anythingelse.domain.name&rdquo; point to the same VPS (meaning that you can have several VPS for different sub-domains).</li>
</ul>
</li>
<li>A VPS or somewhere else to host it. I&rsquo;m using <a href="https://www.vultr.com/?ref=8732849">Vultr</a> (also an affiliate link).<ul>
<li>With <code>ssh</code> already configured both on the local machine and on the remote machine.</li>
<li>Firewall already configured to allow ports 80 (HTTP) and 443 (HTTPS). I use <code>ufw</code> so it&rsquo;s just a matter of doing <code>ufw allow 80,443/tcp</code> as root and you&rsquo;re golden.</li>
<li><code>cron</code> installed if you follow along (you could use <code>systemd</code> timers, or some other method you prefer to automate running commands every X time).</li>
</ul>
</li>
</ul>
<h2 id="nginx">Nginx</h2>
<p><a href="https://wiki.archlinux.org/title/Nginx">Nginx</a> is a web (HTTP) server and reverse proxy server.</p>
<p>You have two options: <code>nginx</code> and <code>nginx-mainline</code>. I prefer <code>nginx-mainline</code> because it&rsquo;s the &ldquo;up to date&rdquo; package even though <code>nginx</code> is labeled to be the &ldquo;stable&rdquo; version. Install the package and enable/start the service:</p>
<pre><code class="language-sh">pacman -S nginx-mainline
systemctl enable nginx.service
systemctl start nginx.service
</code></pre>
<p>And that&rsquo;s it, at this point you can already look at the default initial page of Nginx if you enter the IP of your server in a web browser. You should see something like this:</p>
<figure id="__yafg-figure-1">
<img alt="Nginx welcome page" src="images/b/notes/nginx/nginx_welcome_page.png" title="Nginx welcome page">
<figcaption>Nginx welcome page</figcaption>
</figure>
<p>As stated in the welcome page, configuration is needed, head to the directory of Nginx:</p>
<pre><code class="language-sh">cd /etc/nginx
</code></pre>
<p>Here you have several files, the important one is <code>nginx.conf</code>, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it&rsquo;s common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).</p>
<p>Inside the <code>nginx.conf</code> file, delete the <code>server</code> blocks and add the lines <code>include sites-enabled/*;</code> (to look into individual server configuration files) and <code>types_hash_max_size 4096;</code> (to get rid of an ugly warning that will keep appearing) somewhere inside the <code>http</code> block. The final <code>nginx.conf</code> file would look something like (ignoring the comments just for clarity, but you can keep them as side notes):</p>
<pre><code class="language-nginx">worker_processes 1;

events {
    worker_connections 1024;
}

http {
    include sites-enabled/*;
    include mime.types;
    default_type application/octet-stream;

    sendfile on;

    keepalive_timeout 65;

    types_hash_max_size 4096;
}
</code></pre>
<p>Next, inside the directory <code>/etc/nginx/</code> create the <code>sites-available</code> and <code>sites-enabled</code> directories, and go into the <code>sites-available</code> one:</p>
<pre><code class="language-sh">mkdir sites-available
mkdir sites-enabled
cd sites-available
</code></pre>
<p>Here, create a new <code>.conf</code> file for your website and add the following lines (this is just the sample content more or less):</p>
<pre><code class="language-nginx">server {
    listen 80;
    listen [::]:80;

    root /path/to/root/directory;
    server_name domain.name another.domain.name;
    index index.html anotherindex.otherextension;

    location /{
        try_files $uri $uri/ =404;
    }
}
</code></pre>
<p>That could serve as a template if you intend to add more domains.</p>
<p>Note some things:</p>
<ul>
<li><code>listen</code>: we&rsquo;re telling Nginx which port to listen to (IPv4 and IPv6, respectively).</li>
<li><code>root</code>: the root directory of where the website files (<code>.html</code>, <code>.css</code>, <code>.js</code>, etc. files) are located. I followed Luke&rsquo;s directory path <code>/var/www/some_folder</code>.</li>
<li><code>server_name</code>: the actual domain to &ldquo;listen&rdquo; to (for my website it is: <code>server_name luevano.xyz www.luevano.xyz;</code> and for this blog is: <code>server_name blog.luevano.xyz www.blog.luevano.xyz;</code>).</li>
<li><code>index</code>: what file to serve as the index (could be any <code>.html</code>, <code>.htm</code>, <code>.php</code>, etc. file) when just entering the website.</li>
<li><code>location</code>: what goes after <code>domain.name</code>, used in case of different configurations depending on the URL paths (deny access on <code>/private</code>, make a proxy on <code>/proxy</code>, etc).<ul>
<li><code>try_files</code>: tells what files to look for.</li>
</ul>
</li>
</ul>
<p>Then, make a symbolic link from this configuration file to the <code>sites-enabled</code> directory:</p>
<pre><code class="language-sh">ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
</code></pre>
<p>This is so the <code>nginx.conf</code> file can look up the newly created server configuration. With this method of having each server configuration file separate you can easily &ldquo;deactivate&rdquo; any website by just deleting the symbolic link in <code>sites-enabled</code> and you&rsquo;re good, or just add new configuration files and keep everything nice and tidy.</p>
<p>All you have to do now is restart (or enable and start if you haven&rsquo;t already) the Nginx service (and optionally test the configuration):</p>
<pre><code class="language-sh">nginx -t
systemctl restart nginx
</code></pre>
<p>If everything goes correctly, you can now go to your website by typing <code>domain.name</code> on a web browser. But you will see a &ldquo;404 Not Found&rdquo; page like the following (maybe with different Nginx version):</p>
<figure id="__yafg-figure-2">
<img alt="Nginx 404 Not Found page" src="images/b/notes/nginx/nginx_404_page.png" title="Nginx 404 Not Found page">
<figcaption>Nginx 404 Not Found page</figcaption>
</figure>
<p>That&rsquo;s no problem, because it means that the web server it&rsquo;s actually working. Just add an <code>index.html</code> file with something simple to see it in action (in the <code>/var/www/some_folder</code> that you decided upon). If you keep seeing the 404 page make sure your <code>root</code> line is correct and that the directory/index file exists.</p>
<p>I like to remove the <code>.html</code> and trailing <code>/</code> on the URLs of my website, for that you need to add the following <code>rewrite</code> lines and modify the <code>try_files</code> line (for more: <a href="https://www.seancdavis.com/blog/remove-html-extension-and-trailing-slash-in-nginx-config/">Sean C. Davis: Remove HTML Extension And Trailing Slash In Nginx Config</a>):</p>
<pre><code class="language-nginx">server {
    ...
    rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
    rewrite ^/(.*)/$ /$1 permanent;
    ...
    try_files $uri/index.html $uri.html $uri/ $uri =404;
    ...
</code></pre>
<h2 id="certbot">Certbot</h2>
<p><a href="https://wiki.archlinux.org/title/Certbot">Certbot</a> is what provides the SSL certificates via <a href="https://letsencrypt.org/">Let&rsquo;s Encrypt</a>.</p>
<p>The only &ldquo;bad&rdquo; (bloated) thing about Certbot, is that it uses <code>python</code>, but for me it doesn&rsquo;t matter too much. You may want to look up another alternative if you prefer. Install the packages <code>certbot</code> and <code>certbot-nginx</code>:</p>
<pre><code class="language-sh">pacman -S certbot certbot-nginx
</code></pre>
<p>After that, all you have to do now is run <code>certbot</code> and follow the instructions given by the tool:</p>
<pre><code class="language-sh">certbot --nginx
</code></pre>
<p>It will ask you for some information, for you to accept some agreements and the names to activate HTTPS for. Also, you will want to &ldquo;say yes&rdquo; to the redirection from HTTP to HTTPS. And that&rsquo;s it, you can now go to your website and see that you have HTTPS active.</p>
<p>Now, the certificate given by <code>certbot</code> expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using <code>cron</code>, you can do this by running:</p>
<pre><code class="language-sh">crontab -e
</code></pre>
<p>And a file will be opened where you need to add a new rule for Certbot, just append the line: <code>1 1 1 * * certbot renew</code> (renew on the first day of every month) and you&rsquo;re good. Alternatively use <code>systemd</code> timers as stated in the <a href="https://wiki.archlinux.org/title/Certbot#Automatic_renewal">Arch Linux Wiki</a>.</p>
<p>That&rsquo;s it, you now have a website with SSL certificate.</p>]]></content:encoded>
    </item>
    <item>
      <title>Así es raza, el blog ya tiene timestamps</title>
      <link>https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/el_blog_ya_tiene_timestamps.html</guid>
      <pubDate>Tue, 16 Mar 2021 02:46:24 GMT</pubDate>
      <category>Short</category>
      <category>Spanish</category>
      <category>Tools</category>
      <category>Update</category>
      <description>Actualización en el estado del blog y el sistema usado para crearlo.</description>
      <content:encoded><![CDATA[<p>Pues eso, esta entrada es sólo para tirar update sobre mi <a href="https://blog.luevano.xyz/a/first_blog_post.html">primer post</a>. Ya modifiqué el <code>ssg</code> lo suficiente como para que maneje los <em>timestamps</em>, y ya estoy más familiarizado con este script entonces ya lo podré extender más, pero por ahora las entradas ya tienen su fecha de creación (y modificación en dado caso) al final y en el índice ya están organizados por fecha, que por ahora está algo simple pero está sencillo de extender.</p>
<p>Ya lo único que queda es cambiar un poco el formato del blog (y de la página en general), porque en un momento de desesperación puse todo el texto en justificado y pues no se ve chido siempre, entonces queda corregir eso. <em>Y aunque me tomó más tiempo del que quisiera, así nomás quedó, diría un cierto personaje.</em></p>
<p>El <code>ssg</code> modificado está en mis <a href="https://git.luevano.xyz/.dots">dotfiles</a> (o directamente <a href="https://git.luevano.xyz/.dots/tree/.local/bin/ssg">aquí</a>).</p>
<p>Por último, también quité las extensiones <code>.html</code> de las URLs, porque se veía bien pitero, pero igual los links con <code>.html</code> al final redirigen a su link sin <code>.html</code>, así que no hay rollo alguno.</p>]]></content:encoded>
    </item>
    <item>
      <title>This is the first blog post, just for testing purposes</title>
      <link>https://blog.luevano.xyz/a/first_blog_post.html</link>
      <guid isPermaLink="true">https://blog.luevano.xyz/a/first_blog_post.html</guid>
      <pubDate>Sat, 27 Feb 2021 13:08:33 GMT</pubDate>
      <category>English</category>
      <category>Short</category>
      <category>Tools</category>
      <category>Update</category>
      <description>Just my first blog post where I state what tools I'm using to build this blog.</description>
      <content:encoded><![CDATA[<p>I&rsquo;m making this post just to figure out how <a href="https://www.romanzolotarev.com/ssg.html"><code>ssg5</code></a> and <a href="https://kristaps.bsd.lv/lowdown/"><code>lowdown</code></a> are supposed to work (and eventually also <a href="https://www.romanzolotarev.com/rssg.html"><code>rssg</code></a>).</p>
<p>At the moment, I&rsquo;m not satisfied because there&rsquo;s no automatic date insertion into the 1) html file, 2) the blog post itself and 3) the listing system in the <a href="https://blog.luevano.xyz/">blog homepage</a> (and there&rsquo;s also the problem with the ordering of the entries&hellip;). And all of this just because I didn&rsquo;t want to use <a href="https://github.com/LukeSmithxyz/lb">Luke&rsquo;s</a> solution (don&rsquo;t really like that much how he handles the scripts&hellip; <em>but they just work</em>).</p>
<p>Hopefully, for tomorrow all of this will be sorted out and I&rsquo;ll have a working blog system.</p>]]></content:encoded>
    </item>
  </channel>
</rss>