duckboot/Wiki-Blogg-Whatever
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bunch of pages

phellarv 2024-02-22 14:36:35 +01:00
parent e4c7dd239e
commit 05b88a36f9
4 changed files with 138 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
DMARC status in Norway.md Normal file

@ -0,0 +1,9 @@
# DMARC status in Norway
After installing the new mailserver, I configured and started using opendmarc as yet another measure to stop the ever increasing amount of spam.
I currently have 3 smtp-milters on my setup: DKIM, Spamassassin and DMARC. After a while my wife was complaining that she did not receive expected emails from certain providers. After doing som grepping in the maillog (`cat mail.log | grep opendmarc | grep -v 'socket\|Auth\|localhost' | grep 'fail'`) I found that quite a lot of the norwegian providers did not have DMARC set up.
So I tried to whitelist them using `DomainWhitelistFile` and `DomainWhitelist`. But as there was a very lacking documentation on these, and I could not find anything about the format on the list, I gave it up, and just used `IgnoreMailFrom`. This way you can just have a comma-separated list of domains you just ignore. It's not a preferable solution, but I had to do it because of still having enough WAF.
There is a website dedicated to list providers in Norway that does not have proper DMARC setup: [DMARC-status](https://dmarcstatus.no/).

75
Fiddling with Nextcloud.md Normal file

@ -0,0 +1,75 @@
# Fiddling with Nextcloud
Nextcloud seems like a good idea for storing documents, but I think the whole user experience is a bit "meh". All UI-elements are a bit slow, and things seems a bit sluggish. Nevertheless, here I go.
First of all. I have taken my old work laptop and installed Ubuntu Server 23.01. There is nothing like living on the bleeding edge. After that I installed docker on top of this, and crammed portainer-agent into this mess. Well, it worked quite smoothly, and so I carried on.
First of all I needed a database on this, and I used `mariadb:latest` and made a short `docker-compose.yaml` to get this up and running:
```
version: '3'
volumes:
data:
services:
db:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: <password>
MYSQL_DATABASE: <database>
MYSQL_USER: <user>
MYSQL_PASSWORD: <password>
volumes:
- data:/var/lib/mysql
ports:
- "3306:3306"
```
And, voila, I was up and running with mariadb. Next up was Nextcloud.
Since this laptop does not have a serious amount of storage (250GB), I decided to mount.nfs my OpenMediaVault-nfs to the server. I made the mountpoint, and edited `/etc/fstab` and did a `mount -a` and all was happy. After that I had to start up the Nextcould-container and dug into it to find where to mount the correct filestorage to get more storagespace in Nextcloud. After a bit of fiddling around, I found that `/var/www/html/data` was the correct sweetspot. Lo and behold, a docker-compose.yaml:
```
version: '2'
volumes:
nextcloud_data:
services:
nextcloud:
image: nextcloud
restart: always
ports:
- 8080:80
volumes:
- nextcloud_data:/var/www/html
- /nfs/dockerstation/nextcloud:/var/www/html/data
environment:
- MYSQL_PASSWORD=<password>
- MYSQL_DATABASE=<database>
- MYSQL_USER=<user>
- MYSQL_HOST=example.home.arpa
```
Before I forget it; I had to get into mariadb and create the database and the user, and I had to give the user full rights on the database in question.
Things started as expected, and I did some tweaking and adjusting. After that I needed to put Nextcloud behind a reverse proxy to get https in front of it. I fixed the reverse proxy (HA-Proxy) in my pfSense-fw, and nothing worked....
After a bit of googling, I found out that Nextcloud has to be told that it is behind a reverse proxy. The file you have to edit is `/var/www/html/config/config.php` and add/adjust this:
```
'trusted_domains' =>
array (
0 => '<FQDN>',
),
'trusted_proxies' =>
array (
0 => '<IP of Proxy>',
),
'overwrite.cli.url' => 'https://<FQDN>',
'overwriteprotocol' => 'https',
'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'],
```
After this, everything seems OK.
I tried to integrate calendar, mail and contacts with Google, but those things worked like a glued rat. Things where awfully slow and buggy. So I ended up disabling all those apps, and decided to test Nextcloud as a Document storage, and editor-on-the-go. Wish me luck, and I will be making updates about the progress in later posts.

15
Mail (OLD).md Normal file

@ -0,0 +1,15 @@
# Mail
Last night i migrated mailservers for my private domains. It was a pretty straightforward process. First of all I used these guides on the internet to setup a mailserver with virtual mailboxes, DKIM, DMARC, AMAVIS, Spamassassin and so on.
- https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf
- https://www.linuxbabe.com/mail-server/create-dmarc-record
- https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto
- https://www.linuxbabe.com/mail-server/postfixadmin-ubuntu
- https://www.linuxbabe.com/mail-server/postfix-amavis-spamassassin-clamav-ubuntu
Then I had to rsync the mail over to the new server `rsync -azv -e 'ssh -p22' --progress /var/vmail/<domain>/<account>/ root@<to-server>:/var/vmail/<domain>/<account>/Maildir` for all `<domain>`s and `<account>`s. I ran this on the old server.
And I ran this in cron every 10 minutes while fixing DNS. The way I did it in DNS was to setup the new sever as a backup MX, and wait for the DNS change to propagate out to the internet.
When the change had propagated I stopped postfix and dovecot on the old server, and stopped the rsync job in cron. I ignored the risk that I might loose a couple of mail messages. It should not happen, but anyways.
After a short while the mails started arriving on the new server, but the old server is not shut down, since there might be stuff there which I might want to keep.

39
My equipment.md Normal file

@ -0,0 +1,39 @@
# My equipment
### The list :smiley:
- **An old gaming PC which is refurbished as a ProxMox-server**
- CPU: Intel(R) Core(TM) i7-4790
- RAM: 4 sticks of DDR3 Synchronous 1600 MHz. Total 32GB
- HDD: ADATA SU630 223GiB - WDC WD10EZRX-00L 931GiB - ST1000DM003-1CH1 931GiB - WDC WD10EZRX-00L 931GiB
- **An old NUC (Hp prodesk 600 g1 dm i5) running Home Assistant**
- CPU: Intel core i5 4570t
- RAM: 16GB
- HDD: 128GB SSD
- **An old thin client (HP thin client t620) running Unifi Network Controller**
- CPU: AMD GX-217GA
- RAM: 8GB
- HDD: 128GB M.2
- **My workstation.**
- CPU: 11th Gen Intel(R) Core(TM) i7-11700K
- RAM: 2 sticks of KHX3200C16D4/16GX. Total 32GB
- GPU: ASUS GeForce RTX 3070 Ti TUF OC
- HDD: Corsair MP600 CORE NVMe 931GiB - KINGSTON SV300S3 223GiB
- **Work laptop (Dell XPS 13 Plus 9320)**
- CPU: Intel Core I7 I7-1260P
- RAM: 32GB
- HDD: NVMe disk 1000GiB
- **Old work laptop (HP EliteBook 830 G5)**
- CPU: i7-8550U
- RAM: 16GB
- HDD: SSD 256GiB
- **Even older work laptop (HP Elitebook 820 G2)**
- CPU: i5-5300U
- RAM: 16 GB
- HDD: SSD 128GB
- **3 Raspberry pi 3B+ running different kinds of testing software**
- **1 Raspberry pi Zero W running Node Red for my brewing software**
- **1 Raspberry pi 3B+ with ClusterHAT + 4 * Raspberry pi Zero**
- ~~1 Raspberry pi 2B (Retired)~~
- ~~1 Raspberry pi 1B+ (Retired)~~
- **A bunch of ESP32 and ESP8266 running different kinds of firmware related to Home Assistant functions and sensors.**