Bunch of pages

2024-02-22 14:36:35 +01:00 · 2024-02-22 14:36:35 +01:00 · 05b88a36f9
commit 05b88a36f9
parent e4c7dd239e
4 changed files with 138 additions and 0 deletions
--- a/Norway.md
+++ b/Norway.md
@ -0,0 +1,9 @@
 # DMARC status in Norway
 After installing the new mailserver, I configured and started using opendmarc as yet another measure to stop the ever increasing amount of spam.
 I currently have 3 smtp-milters on my setup: DKIM, Spamassassin and DMARC. After a while my wife was complaining that she did not receive expected emails from certain providers. After doing som grepping in the maillog (`cat mail.log | grep opendmarc | grep -v 'socket\|Auth\|localhost' | grep 'fail'`) I found that quite a lot of the norwegian providers did not have DMARC set up.
 So I tried to whitelist them using `DomainWhitelistFile` and `DomainWhitelist`. But as there was a very lacking documentation on these, and I could not find anything about the format on the list, I gave it up, and just used `IgnoreMailFrom`. This way you can just have a comma-separated list of domains you just ignore. It's not a preferable solution, but I had to do it because of still having enough WAF.
 There is a website dedicated to list providers in Norway that does not have proper DMARC setup: [DMARC-status](https://dmarcstatus.no/).
--- a/Nextcloud.md
+++ b/Nextcloud.md
@ -0,0 +1,75 @@
 # Fiddling with Nextcloud
 Nextcloud seems like a good idea for storing documents, but I think the whole user experience is a bit "meh". All UI-elements are a bit slow, and things seems a bit sluggish. Nevertheless, here I go.
 First of all. I have taken my old work laptop and installed Ubuntu Server 23.01. There is nothing like living on the bleeding edge. After that I installed docker on top of this, and crammed portainer-agent into this mess. Well, it worked quite smoothly, and so I carried on.
 First of all I needed a database on this, and I used `mariadb:latest` and made a short `docker-compose.yaml` to get this up and running:
 ```
 version: '3'
 volumes:
  data:
 services:
  db:
    image: mariadb
    environment:
      MYSQL_ROOT_PASSWORD: <password>
      MYSQL_DATABASE: <database>
      MYSQL_USER: <user>
      MYSQL_PASSWORD: <password>
    volumes:
      - data:/var/lib/mysql
    ports:
      - "3306:3306"
 ```
 And, voila, I was up and running with mariadb. Next up was Nextcloud.
 Since this laptop does not have a serious amount of storage (250GB), I decided to mount.nfs my OpenMediaVault-nfs to the server. I made the mountpoint, and edited `/etc/fstab` and did a `mount -a` and all was happy. After that I had to start up the Nextcould-container and dug into it to find where to mount the correct filestorage to get more storagespace in Nextcloud. After a bit of fiddling around, I found that `/var/www/html/data` was the correct sweetspot. Lo and behold, a docker-compose.yaml:
 ```
 version: '2'
 volumes:
  nextcloud_data:
 services:
  nextcloud:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud_data:/var/www/html
      - /nfs/dockerstation/nextcloud:/var/www/html/data
    environment:
      - MYSQL_PASSWORD=<password>
      - MYSQL_DATABASE=<database>
      - MYSQL_USER=<user>
      - MYSQL_HOST=example.home.arpa
 ```
 Before I forget it; I had to get into mariadb and create the database and the user, and I had to give the user full rights on the database in question.
 Things started as expected, and I did some tweaking and adjusting. After that I needed to put Nextcloud behind a reverse proxy to get https in front of it. I fixed the reverse proxy (HA-Proxy) in my pfSense-fw, and nothing worked....
 After a bit of googling, I found out that Nextcloud has to be told that it is behind a reverse proxy. The file you have to edit is `/var/www/html/config/config.php` and add/adjust this:
 ```
  'trusted_domains' => 
    array (
      0 => '<FQDN>',
  ),
  'trusted_proxies' =>
    array (
      0 => '<IP of Proxy>',
    ),
  'overwrite.cli.url' => 'https://<FQDN>',
  'overwriteprotocol' => 'https',
  'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'],
 ```
 After this, everything seems OK. 
 I tried to integrate calendar, mail and contacts with Google, but those things worked like a glued rat. Things where awfully slow and buggy. So I ended up disabling all those apps, and decided to test Nextcloud as a Document storage, and editor-on-the-go. Wish me luck, and I will be making updates about the progress in later posts.
--- a/(OLD).md
+++ b/(OLD).md
@ -0,0 +1,15 @@
 # Mail
 Last night i migrated mailservers for my private domains. It was a pretty straightforward process. First of all I used these guides on the internet to setup a mailserver with virtual mailboxes, DKIM, DMARC, AMAVIS, Spamassassin and so on.
 - https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf
 - https://www.linuxbabe.com/mail-server/create-dmarc-record
 - https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto
 - https://www.linuxbabe.com/mail-server/postfixadmin-ubuntu
 - https://www.linuxbabe.com/mail-server/postfix-amavis-spamassassin-clamav-ubuntu
 Then I had to rsync  the mail over to the new server `rsync -azv -e 'ssh -p22' --progress /var/vmail/<domain>/<account>/ root@<to-server>:/var/vmail/<domain>/<account>/Maildir` for all `<domain>`s and `<account>`s. I ran this on the old server.
 And I ran this in cron every 10 minutes while fixing DNS. The way I did it in DNS was to setup the new sever as a backup MX, and wait for the DNS change to propagate out to the internet.
 When the change had propagated I stopped postfix and dovecot on the old server, and stopped the rsync job in cron. I ignored the risk that I might loose a couple of mail messages. It should not happen, but anyways.
 After a short while the mails started arriving on the new server, but the old server is not shut down, since there might be stuff there which I might want to keep.
--- a/equipment.md
+++ b/equipment.md
@ -0,0 +1,39 @@
 # My equipment
 ### The list :smiley:
 - **An old gaming PC which is refurbished as a ProxMox-server**
  - CPU: Intel(R) Core(TM) i7-4790
  - RAM: 4 sticks of DDR3 Synchronous 1600 MHz. Total 32GB
  - HDD: ADATA SU630 223GiB - WDC WD10EZRX-00L 931GiB - ST1000DM003-1CH1 931GiB - WDC WD10EZRX-00L 931GiB
 - **An old NUC (Hp prodesk 600 g1 dm i5) running Home Assistant**
  - CPU: Intel core i5 4570t
  - RAM: 16GB
  - HDD: 128GB SSD
 - **An old thin client (HP thin client t620) running Unifi Network Controller**
  - CPU: AMD GX-217GA
  - RAM: 8GB
  - HDD: 128GB M.2
 - **My workstation.**
  - CPU: 11th Gen Intel(R) Core(TM) i7-11700K
  - RAM: 2 sticks of KHX3200C16D4/16GX. Total 32GB
  - GPU: ASUS GeForce RTX 3070 Ti TUF OC
  - HDD: Corsair MP600 CORE NVMe 931GiB - KINGSTON SV300S3 223GiB
 - **Work laptop (Dell XPS 13 Plus 9320)**
  - CPU: Intel Core I7 I7-1260P
  - RAM: 32GB
  - HDD: NVMe disk 1000GiB
 - **Old work laptop (HP EliteBook 830 G5)**
  - CPU: i7-8550U
  - RAM: 16GB
  - HDD: SSD 256GiB
 - **Even older work laptop (HP Elitebook 820 G2)**
  - CPU: i5-5300U
  - RAM: 16 GB
  - HDD: SSD 128GB
 - **3 Raspberry pi 3B+ running different kinds of testing software**
 - **1 Raspberry pi Zero W running Node Red for my brewing software**
 - **1 Raspberry pi 3B+ with ClusterHAT + 4 * Raspberry pi Zero**
 - ~~1 Raspberry pi 2B (Retired)~~
 - ~~1 Raspberry pi 1B+ (Retired)~~
 - **A bunch of ESP32 and ESP8266 running different kinds of firmware related to Home Assistant functions and sensors.**