paritybit.ca

Raw content of https://www.paritybit.ca.
git clone https://git.sr.ht/~jbauer/paritybit.ca
Log | Files | Refs | README | LICENSE

commit 5fb7afec9892e8fe9fefa3b1b28e384d8668290a
parent 6f65ba6476387f45214df6deba522cf6bddbf04c
Author: Jake Bauer <jbauer@paritybit.ca>
Date:   Fri, 19 Aug 2022 20:39:59 -0400

*

Diffstat:
Dcontent/finger.md | 20--------------------
Dcontent/garden/arboretum/documentation/hoffmann-aeropress.gmi | 30------------------------------
Acontent/garden/arboretum/documentation/httpd.conf | 85+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mcontent/garden/arboretum/documentation/index.gmi | 4+---
Mcontent/garden/arboretum/documentation/productivity-tips.gmi | 34+++++++++++++++++++---------------
Rcontent/garden/arboretum/documentation/sysadmin/jaderune/admin.gmi -> content/garden/arboretum/documentation/sysadmin/jaderune-admin-scripts.gmi | 0
Dcontent/garden/arboretum/documentation/sysadmin/jaderune/freebsd-server.gmi | 63---------------------------------------------------------------
Mcontent/garden/arboretum/documentation/sysadmin/misskey.gmi | 11++++++-----
Mcontent/garden/arboretum/documentation/sysadmin/openbsd-router.gmi | 94++++++++++++++-----------------------------------------------------------------
Mcontent/garden/arboretum/documentation/sysadmin/openbsd-server-details.gmi | 17++---------------
Mcontent/garden/arboretum/documentation/uw-imap.gmi | 2+-
Acontent/garden/arboretum/recipes/hoffmann-aeropress.gmi | 35+++++++++++++++++++++++++++++++++++
Mcontent/garden/arboretum/recipes/index.gmi | 1+
Mcontent/garden/digital-garden-philosophy.gmi | 2+-
14 files changed, 167 insertions(+), 231 deletions(-)

diff --git a/content/finger.md b/content/finger.md @@ -1,20 +0,0 @@ -Title: Finger -Summary: How to finger(1) me using the finger protocol. - -# [%title] - -The [Finger Protocol](https://en.wikipedia.org/wiki/Finger_(protocol)) is a -simple network protocol "for the exchange of human-oriented status and user -information". Back when most organizations had only one computer (likely a Unix -mainframe) on which everyone had their own account, the Finger Protocol would be -used to display information about those working at the organization (what they were -working on, contact information, etc.). Nowadays, although some groups may -continue to use it for that purpose, it's mainly used by small internet -enthusiasts such as myself as a way to share basic contact information and -what's going on in our lives. - -You can finger(1) me using a browser which supports the protocol (such as -[Lagrange](https://github.com/skyjake/lagrange)) at -[finger://paritybit.ca/jbauer](finger://paritybit.ca/jbauer) or by specifying -`finger jbauer@paritybit.ca` on the command line. - diff --git a/content/garden/arboretum/documentation/hoffmann-aeropress.gmi b/content/garden/arboretum/documentation/hoffmann-aeropress.gmi @@ -1,30 +0,0 @@ -# James Hoffmann's Aeropress Technique - -Default Technique: - -Light Roast: 55g/L - High extraction -Dark Roast: 60-66g/L - Lower extraction - -Filter paper into holder, lock in place, put on top of mug - -Grind -> Light roast really fine close to espresso, darker grinds coarser grind maybe - -Place grounds in holder, give a bump to spread them out - -Water Temp -> Lighter roasts up to boiling, drop temp for darker roasts, really dark roasts ~85°C - -Start timer, add 200g water or however much you are using - -Wait 2 min - -Give a gentle swirl to knock ground cofe down - -Wait 30s - -Press relatively gently, no need to lean into it - -Press all the way down, then pull back slightly to prevent drips - -Clean the Aeropress - -Tweak grind size or temperature diff --git a/content/garden/arboretum/documentation/httpd.conf b/content/garden/arboretum/documentation/httpd.conf @@ -0,0 +1,85 @@ +types { + include "/usr/share/misc/mime.types" +} + +# For certificate renewal +server "paritybit.ca" { + alias "jbauer.ca" + alias "ftp.paritybit.ca" + alias "git.paritybit.ca" + listen on * port 80 + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + location * { + block return 301 "https://$HTTP_HOST$REQUEST_URI" + } +} + +# Redirect to WWW +server "paritybit.ca" { + listen on * tls port 443 + tls { + certificate "/etc/ssl/paritybit.ca.fullchain.pem" + key "/etc/ssl/private/paritybit.ca.key" + } + hsts { + max-age 31536000 + preload + subdomains + } + location * { + block return 301 "https://www.paritybit.ca$REQUEST_URI" + } +} + +server "www.paritybit.ca" { + listen on * tls port 443 + tls { + certificate "/etc/ssl/paritybit.ca.fullchain.pem" + key "/etc/ssl/private/paritybit.ca.key" + } + hsts { + max-age 31536000 + preload + } + + root "paritybit.ca" + gzip-static + + location match "/([^.]*[^/])$" { + request rewrite "/%1.html" + } +} + +server "ftp.paritybit.ca" { + listen on * tls port 443 + tls { + certificate "/etc/ssl/paritybit.ca.fullchain.pem" + key "/etc/ssl/private/paritybit.ca.key" + } + hsts { + max-age 31536000 + preload + } + root "ftp.paritybit.ca" + directory auto index + location "/paste/" { + directory no index + } +} + +server "git.paritybit.ca" { + listen on * tls port 443 + tls { + certificate "/etc/ssl/paritybit.ca.fullchain.pem" + key "/etc/ssl/private/paritybit.ca.key" + } + hsts { + max-age 31536000 + preload + } + root "git.paritybit.ca" +} + diff --git a/content/garden/arboretum/documentation/index.gmi b/content/garden/arboretum/documentation/index.gmi @@ -20,7 +20,6 @@ A collection of instructional documents, notes, configurations, or other bits an ## Miscellaneous -=> hoffmann-aeropress.gmi James Hoffmann's Aeropress Technique => productivity-tips.gmi Personal Productivity Tips => bicycle-shops-ottawa.gmi Bicycle Shops in Ottawa, Canada @@ -31,8 +30,7 @@ A collection of instructional documents, notes, configurations, or other bits an => sysadmin/misskey.gmi Misskey Setup => sysadmin/openbsd-router.gmi OpenBSD Router => sysadmin/freebsd-nas.gmi FreeBSD NAS -=> sysadmin/jaderune/setup.gmi JadeRune.net Setup -=> sysadmin/jaderune/admin.gmi JadeRune.net Administration +=> sysadmin/jaderune-admin-scripts.gmi JadeRune.net Admin Scripts => sysadmin/tarsnap-backups-with-acts.gmi Tarsnap Backups With Acts => sysadmin/goaccess-with-openbsd-httpd.gmi Using Goaccess with OpenBSD's httpd => sysadmin/uw-imap.gmi UW IMAP Server Documentation diff --git a/content/garden/arboretum/documentation/productivity-tips.gmi b/content/garden/arboretum/documentation/productivity-tips.gmi @@ -1,17 +1,21 @@ # Personal Productivity Tips -* End a session with clear next steps of what to do next -* e.g. Know what needs to be implemented next in software -* e.g. Know what comes next in a story or essay -* Do not exert all energy at once. Stop when spirits are still high and the path ahead is clear. -* Control the scope of projects. -* Break things into smaller chunks and focus on those that will produce results quickly instead of worrying about the whole picture -* Create habits around mundane parts of life to make room for creative thinking -* Always have the ability to write down ideas and notes anywhere -* Always have several problems or projects active for your subconscious to ponder -* Apply new concepts/ideas/solutions to these whenever you encounter them -* These can be material (e.g. How do I implement this feature?) or immaterial (e.g. How can we improve equality in society) -* Save information you come across that inspires, intrigues, or seems useful -* Externalize checklists, mundane tasks, appointments and reminders to a more appropriate medium (notebook, notes or calendar app, etc) -* Save old ideas and projects even if they have "failed" -* Design a space that encourages productivity and minimizes distraction (but don't fuss about making it perfect) +End a session with clear next steps of what to do next: e.g. Know what needs to be implemented next in software, or know what comes next in a story or essay. Do not exert all energy at once. Stop when spirits are still high and the path ahead is clear. + +Control the scope of projects. Break things into smaller chunks and focus on those that will produce results quickly instead of worrying about the whole picture. + +Create habits around mundane parts of life to make room for creative thinking. + +Always have the ability to write down ideas and notes anywhere. + +Always have several problems or projects active for your subconscious to ponder. + +Apply new concepts/ideas/solutions to these whenever you encounter them. These can be material (e.g. How do I implement this feature?) or immaterial (e.g. How can we improve equality in society). + +Save information you come across that inspires, intrigues, or seems useful. + +Externalize checklists, mundane tasks, appointments and reminders to a more appropriate medium (notebook, notes or calendar app, etc). + +Save old ideas and projects even if they have "failed". They might still come in handy in the future. + +Design a space that encourages productivity and minimizes distraction (but don't fuss about making it perfect). diff --git a/content/garden/arboretum/documentation/sysadmin/jaderune/admin.gmi b/content/garden/arboretum/documentation/sysadmin/jaderune-admin-scripts.gmi diff --git a/content/garden/arboretum/documentation/sysadmin/jaderune/freebsd-server.gmi b/content/garden/arboretum/documentation/sysadmin/jaderune/freebsd-server.gmi @@ -1,63 +0,0 @@ -# FreeBSD Jail-Based Server - -## Why Jails? - -Jails are basically just fancy chroots. I don't need any ability to limit resources (even though that is possible with jails), nor to do anything other than isolate the services I am running. I mostly wish to isolate them for management purposes, and ZFS+Jails makes for very easy snapshotting and backing up. - -In fact, I wish for all of the jails to have all of the access to the host system since the resources of my home servers are limited relative to enterprise-grade servers and none of my services are hit hard enough simultaneously for that to be an issue. - -## Seting up iocage - -Search for the iocage package and install the latest (it's named differently depending on the Python version). - -Make sure iocage is started at boot with `service iocage enable`. - -Add the following to `$HOME/.login_conf`: - -```$HOME/.login_conf -me:\ - :charset=UTF-8:\ - :lang=en_US.UTF-8:\ - :setenv=LC_COLLATE=C: -``` - -Run `iocage activate iocage` to create a new ZFS pool with the name `iocage` for your jails. - -Run `iocage fetch` to get a list of available releases and choose the latest. - -Create a (thick) jail with `iocage create -T -n <name> ip4_addr=<ipv4> ip6_addr=<ipv6> -r <exact_release_name> - -Instead of specifying the IP addresses, use `disable` to disable a particular IP version, `inherit` to inherit the host's IP, or `new` to let the jail request an IP (if it has a DHCP client running). I prefer to use IPv4 addresses in the range 10.0.0.10-10.0.0.50 for my jails. - -Enter the created jail with `iocage console <name>` and set up the application from there as if it was like any other machine. - -Set the jail to start on machine boot with `iocage set boot=on <name>`. - -## Managing Jails - -Update with `iocage update <name>` (still have to enter each jail and run `[kg update/upgrade` manually). - -Take snapshots with `iocage snapshot -n <snapshot_name> <jail_name>`. - -Rollback to a snapshot with `iocage rollback -n <snapshot_name> <jail_name>`. - -## WWW Jail - -Using OpenBSD httpd and OpenBSD ftpd - -``` -pkg install obhttpd -``` - -## Git Jail - -Using stagit - -## Gemini Jail - -Using gmid - -## IRC Jail - -Using soju+gamja? Maybe just a client, or perhaps not at all. - diff --git a/content/garden/arboretum/documentation/sysadmin/misskey.gmi b/content/garden/arboretum/documentation/sysadmin/misskey.gmi @@ -1,6 +1,6 @@ # Installing Misskey on Debian 11 -Install NodeJS v16.x using the repo from Node's website. Then install: +Install NodeJS v16.x+ using the repo from Node's website. Then install: ``` nodejs redis postgresql yarn ffmpeg gulp git @@ -16,18 +16,19 @@ psql GRANT ALL PRIVILEGES ON DATABASE misskey TO misskey; ``` -Make sure the following environment is set +Make sure the following environment is set: ``` NODE_ENV=production NODE_PATH=/usr/lib/nodejs:/usr/share/nodejs ``` -You probably have to +You will probably have to: + ``` yarn add querystring js-yaml ``` -Run the following to build and install misskey +Run the following to build and install misskey: ``` su - misskey @@ -42,7 +43,7 @@ yarn build yarn run init ``` -Test that it works by running +Test that it works by running: ``` yarn start diff --git a/content/garden/arboretum/documentation/sysadmin/openbsd-router.gmi b/content/garden/arboretum/documentation/sysadmin/openbsd-router.gmi @@ -1,17 +1,5 @@ # OpenBSD Router -## Hardware - -The hardware consists of an HP Compaq Pro 4300 SFF PC with the following specifications: - -* CPU: Intel Core i3-3220 -* RAM: 2x2GB DDR3 -* Storage: 120GB Crucial SSD -* 2x1GbE PCIe Ethernet Card -* 1x1GbE PCI Ethernet Card - -## Software - There are three major software components to this router: * DHCP - dhcpd @@ -68,7 +56,7 @@ This is the basic configuration, with port-forwarding rules appended if needed: ```/etc/pf.conf WAN = "em0" LAN = "em1" -WLAN = "bge0" +WLAN = "re0" table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \ @@ -98,10 +86,13 @@ block return in quick on $LAN proto { udp tcp } to ! $LAN port { 53 853 } block return in quick on $WLAN proto { udp tcp } to ! $WLAN port { 53 853 } # Allow all outbound traffic -pass out quick inet +pass out quick # Allow internal LAN/WLAN traffic -pass in on { $LAN $WLAN } inet +pass in on { $LAN $WLAN } + +# Example port forwarding rule +# pass in quick log on egress proto tcp from any to (egress) port 443 rdr-to 10.0.0.5 ``` ### DNS @@ -144,6 +135,16 @@ remote-control: control-interface: /var/run/unbound.sock ``` +Optionally the following configuration can be added under 'server:' to configure whatever local DNS records are required: + +``` +# Serve zones authoritatively from Unbound to resolver clients. +# Not for external service. +local-zone: "paritybit.ca" transparent +local-data: "yarr.paritybit.ca IN A 10.0.0.3" +local-data: "actual.paritybit.ca IN A 10.0.0.3" +``` + Note that, because the WAN address is acquired with DHCP, the following is required in `/etc/dhclient.conf`: ```/etc/dhclient.conf @@ -151,66 +152,3 @@ interface "em0" { ignore domain-name-servers; } ``` - -# Reverse Proxy - -```relayd.conf -table <webserver> { 127.0.0.1 } -table <webserver2> { 127.0.0.1 } -table <matrixserver> { 127.0.0.1 } - -http protocol "https" { - tcp { nodelay, sack, socket buffer 65536, backlog 128 } - - tls keypair "paritybit.ca" - tls keypair "jbauer.ca" - - return error - - match header set "X-Client-IP" \ - value "$REMOTE_ADDR:$REMOTE_PORT" - match header set "X-Forwarded-For" \ - value "$REMOTE_ADDR" - match header set "X-Forwarded-By" \ - value "$SERVER_ADDR:$SERVER_PORT" - - # set CORS header for .well-known/matrix/server, .well-known/matrix/client - # httpd does not support setting headers, so do it here - match request path "/.well-known/matrix/*" tag "matrix-cors" - match response tagged "matrix-cors" header set "Access-Control-Allow-Origin" value "*" - - pass quick path "/_matrix/*" forward to <matrixserver> - pass quick path "/_synapse/client/*" forward to <matrixserver> - - pass request quick header "Host" value "matrix.paritybit.ca" \ - forward to <matrixserver> - - # pass other traffic to webserver - pass request header "Host" value "paritybit.ca" forward to <webserver> - pass request header "Host" value "www.paritybit.ca" forward to <webserver> - pass request header "Host" value "ftp.paritybit.ca" forward to <webserver> - pass request header "Host" value "jbauer.ca" forward to <webserver2> -} - -relay "https_traffic" { - listen on egress port https tls - protocol "https" - forward to <matrixserver> port 8008 check tcp - forward to <webserver> port 8080 check tcp - forward to <webserver2> port 8081 check tcp -} - -http protocol "matrix" { - tcp { nodelay, sack, socket buffer 65536, backlog 128 } - tls keypair "paritybit.ca" - block - pass quick path "/_matrix/*" forward to <matrixserver> - pass quick path "/_synapse/client/*" forward to <matrixserver> -} - -relay "matrix_federation" { - listen on egress port 8448 tls - protocol "matrix" - forward to <matrixserver> port 8008 check tcp -} -``` diff --git a/content/garden/arboretum/documentation/sysadmin/openbsd-server-details.gmi b/content/garden/arboretum/documentation/sysadmin/openbsd-server-details.gmi @@ -108,26 +108,13 @@ server "www.paritybit.ca" { } root "paritybit.ca" + gzip-static - location match "/([^%.]+)$" { + location match "/([^.]*[^/])$" { request rewrite "/%1.html" } } -server "jbauer.ca" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/paritybit.ca.fullchain.pem" - key "/etc/ssl/private/paritybit.ca.key" - } - hsts { - max-age 31536000 - preload - subdomains - } - root "jbauer.ca" -} - server "ftp.paritybit.ca" { listen on * tls port 443 tls { diff --git a/content/garden/arboretum/documentation/uw-imap.gmi b/content/garden/arboretum/documentation/uw-imap.gmi @@ -1,6 +1,6 @@ # UW IMAP Server Documentation -I am archiving the following document here in my knowledgebase because the University of Washington appears to have removed it from their site and the Internet Archive cannot be trusted to stay around forever. +I am archiving the following document here in my garden because the University of Washington appears to have removed it from their site and the Internet Archive might not be around forever. ```UW IMAP Server Documentation diff --git a/content/garden/arboretum/recipes/hoffmann-aeropress.gmi b/content/garden/arboretum/recipes/hoffmann-aeropress.gmi @@ -0,0 +1,35 @@ +# James Hoffmann's Aeropress Technique + +## For Light Roast: + +* 55g/L - High extraction +* Finer grind +* Hot water as close to boiling as possible + +## For Dark Roast: + +* 60-66g/L - Lower extraction +* Coarser grind +* Less than boiling water, maybe even as low as ~85°C + +## Steps + +Put filter paper into holder, lock it into the water holder then put that on top of the mug. + +Place grounds in holder, give a bump to spread them out. + +Start timer, add an appropriate proportion of water to ground coffee. + +Wait 2 minutes. + +Give a gentle swirl to knock floating ground coffee down. + +Wait 30 seconds. + +Press the press down relatively gently, no need to lean into it. + +Press it all the way down, then pull back slightly to prevent drips. + +Clean the Aeropress. + +Tweak grind size or temperature until you find a good balance. diff --git a/content/garden/arboretum/recipes/index.gmi b/content/garden/arboretum/recipes/index.gmi @@ -25,6 +25,7 @@ All recipes below are vegan and free of tree nuts unless otherwise noted. => butternut-squash-soup.gmi Butternut Squash Soup => cabbage-lentil-stew.gmi Cabbage Lentil Stew => cabbage-soup.gmi Cabbage Soup +=> hoffmann-aeropress.gmi James Hoffmann's Aeropress Technique => lacto-fermentation.gmi Lacto-Fermentation => overnight-oats.gmi Overnight Oats => pancakes.gmi Pancakes diff --git a/content/garden/digital-garden-philosophy.gmi b/content/garden/digital-garden-philosophy.gmi @@ -27,7 +27,7 @@ Better yet, write a better version of what I did and publish it in your own gard Don't plagiarize. Everything in this garden that is my own work (i.e. not subject to other stated copyright terms) is licensed CC-BY 4.0 which requires that you provide attribution if you use all or part of this garden. Please feel free to take ideas and riff off them, but don't plagiarize. -## For Gardeners +## For The Gardener ### 1. Consideration of Others