commit 933aa8a9851067b0b50c6a60f92519fbaae9552f Author: smad Date: Wed Nov 5 09:18:11 2025 +0100 brain initiation diff --git a/20230414160136-manual.org b/20230414160136-manual.org new file mode 100644 index 0000000..aa93e69 --- /dev/null +++ b/20230414160136-manual.org @@ -0,0 +1,123 @@ +:PROPERTIES: +:ID: 78443613-59f6-4d06-9e1c-5bcc0f9c6737 +:END: +#+title: manual +#+filetags: :INDEX:MAIN:: +That is the manual. A list of all the topics regarding corporate. A precise index is integrated into the Main (INDEX) Topics ([[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]],[[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]], [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]], [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]]). + +* Topics +** [[id:8e21dcdd-34af-4952-913d-c434df43d5cb][IP-Address]] +** [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] Software and Basics +*** +*** [[id:94b5e3fb-bbf9-40ec-902f-9e15c74c5f99][crontab]] +*** [[id:56d784ed-a87c-441f-b819-73369760ca32][borg-backup]] +*** [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]] +**** [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][openmpi]] +*** [[id:c69a77dc-f87f-418c-9870-eedddc43be37][mounting]] +*** [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] +**** [[id:75a2a403-34a2-4e4c-9fb0-10260ef97eab][emacs-frame]] +**** [[id:216bfc04-0276-4c4b-8ec7-0b7d16bc62cc][emacs-window]] +**** [[id:c7747161-284c-4882-bd11-80bc2a990814][buffer]] +**** [[id:3dfde3f4-2cc0-4356-a147-d4afd599e731][auctex]] +**** [[id:66d0f2d2-f2ea-4ab6-af2c-fefaaab755a5][org-mode]] +**** [[id:9d782b7c-5d45-4963-96f4-ee01a00ba280][org-roam]] +**** [[id:b02ca084-7831-4013-8389-45f4cd969e25][org-attach]] +**** [[id:f68dfc34-5349-42d1-8074-6c4be231a69b][org-web-tools]] +**** [[id:7f5dafdd-7d74-4551-bd7b-666729b1c1d4][org-marginalia]] +**** [[id:7bd1f7dd-fcb2-4efc-a4df-f233a4bf3fcd][org-gcal]] +**** [[id:9aa361f6-b829-49ad-a523-6498dbfb0213][projectile]] +**** [[id:b3503901-bb4f-4fda-b85f-5e738df311fb][helm-bibtex]] +**** [[id:9ce51551-fcb1-446a-9924-9dd26f5d56aa][helm-org-rifle]] + +** Selfhosting +*** [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] +*** [[id:7c74176b-a637-4d3b-838e-05fae7ad3789][nextcloud]] +*** [[id:56d784ed-a87c-441f-b819-73369760ca32][borg-backup]] +*** [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] +**** docker-[[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] +**** [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] +**** [[id:add49718-44d1-4576-9e5a-aea5d025c53b][list of docker containers]] +***** [[id:90e3b8a2-b523-4044-af6f-fd4a559b2d7f][traefik_docker]] +***** [[id:0b50e19a-0608-434c-a57c-fd719e3bb8bf][nginx]] +***** [[id:3bd6dae2-5fbb-4045-80c0-4dbed0f02df1][nextcloud-docker-container]] +***** [[id:94daf0fc-da84-4b90-a200-7b147f721e2a][open-vpn]] +***** [[id:7eca198f-3e97-4f29-a0f7-01498e71d132][bind9-docker]] +***** [[id:4afb1f41-983a-4b54-9828-a1e3788eb28b][portainer-docker]] +***** [[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab-docker]] +***** [[id:ff0e4b42-be30-4d5e-be17-c39195dfe22e][whiteboard]] +***** [[id:85af8e8c-0dc0-4855-9f63-d4d00e2cd27f][Kasm-container-deployment]] +***** [[id:d7b03403-db35-465a-b4a0-fce27733df5a][whoogle-container]] +***** [[id:6d2e40f4-f8c5-43fe-afd3-8c253a080e43][docker-logs]] +***** [[id:e1eac0f9-5b66-436a-8624-d5ea49e1204b][wordpress]] +***** [[id:46107a80-aa2d-4861-8362-6836c547dda4][rustdesk]] +***** [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] +***** [[id:86371601-9aa6-4568-8063-ccd9f6d2ace3][flame-docker]] +***** [[id:ae46c92b-d5fd-4172-944f-9165a61d2217][maria_DB]] +***** [[id:91deae5f-e670-4463-8fee-688212d13030][mongo-db]] +***** mysql +***** [[id:dbeeedc0-8a64-43f3-84a6-397e3ecb5e70][cryptgeon-docker]] +***** customer share +**** [[id:9d04fac3-89ae-4a96-b326-9ae7e2c22118][docker-networks]] +** communication +*** [[id:a88d9210-6085-4def-982a-d4a6ff391a2e][linphone]] +*** [[id:46107a80-aa2d-4861-8362-6836c547dda4][rustdesk]] +*** [[id:29c8ec85-9de8-4ace-8c52-13a086341861][rocket-chat]] +*** [[id:5c50958e-e38d-4f6c-b111-2a50a48cc1de][freepbx]] +*** [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][Virtual Mashines]] + +** [[id:aad9b5d2-8242-4b89-8ba8-bd649cf88c23][system-information]] +** modelling in a [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]] +*** [[id:574b9e96-1a86-4e43-878c-30534e0dcecb][MBSE (Modell based system engineering)]] +**** [[id:a4953b2b-81de-4c15-91e7-10d0cb5f22dd][freeCAD]] +**** [[id:6acf9122-b289-44e4-87e1-c3dfb5c7aeb2][salome]] +**** [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]] +**** [[id:2d45175d-7fcc-4a55-b81c-14da72247eef][FEA-Tool]] +**** [[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab]] +**** [[id:a6d22357-9bed-422e-9805-0478fbeb3e99][Paraview]] + + +** [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][Networking]] and [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][Protocols]] +*** Network communication and security protocols +**** [[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]] +**** [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]] +**** [[id:b9c823ff-4cf4-46a0-8654-54bdc7b67d30][UDP]] +**** [[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]] +**** [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] +**** [[id:7fb31a9c-b252-493f-958b-e2d330047b18][FTP]] +**** [[Id:422e07f8-c888-460f-849e-76d451946045][SSH]] +**** [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]] +*** Networking basics +**** [[id:80666401-173e-4828-9c29-552dab716946][DNS]] +**** [[id:06b466a8-05ae-4bbd-820d-2d80461767fd][DHCP]] +**** [[ID:1af47b07-4205-46ac-837a-ee078067328a][VPN]] +**** [[id:1acb20f4-ad0f-4447-9138-c09a949fdd1a][IP-Tables]] +**** [[id:20efb455-5575-4b8b-857f-7c337bee644c][traffic]] +**** [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]] +**** [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]] +**** [[id:b9047be5-edca-4eca-8bac-c45e03373942][Firewall]] +**** [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] +**** [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] +*** Network types +**** [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] +**** [[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]] +*** Network periphery +**** [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][router]] +**** [[id:dd78168d-152c-4aca-a02b-6be0c950920d][switch]] +**** [[id:0eb82c5c-7967-44ce-9f2b-9024d34c2ffb][modem]] +**** [[id:ccab5008-e48e-413d-bcb5-c6771fa77a3d][WAP]] + + +** [[id:01ec5ed6-a234-4063-994b-174f704bb28a][Hardware]] setup +*** [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][Server]] list +**** [[id:d54bf885-a702-48bb-b108-e9e982bc5952][server-w0]] +**** [[id:f13f2c9c-4550-4e44-8a14-dc327234d38e][server-w1]] +**** [[id:45e10136-fb77-4712-85ef-32adf5cdc489][server-w2]] +**** [[id:56a6d355-01cf-44b8-87c7-c77f9db2ce29][server-w3]] +**** [[id:845742e6-33e3-4d5b-8a4e-5cec9f448862][server-w4]] +**** [[id:cd93c833-85b6-4955-8660-d150373d4ac5][server-w5]] +**** [[id:d48299ee-efe3-40d4-a223-26d2c772b522][server-w6]] +**** [[id:a08abe7e-23ab-4b59-a105-9873dc79de43][server-w9]] +**** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][server-w10]] +**** [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][server-w11]] +*** Networking hardware +**** [[id:adc016f2-a660-47d7-8974-16b74a02bcbf][Protectli]] diff --git a/20230414160603-docker.org b/20230414160603-docker.org new file mode 100644 index 0000000..2dd842c --- /dev/null +++ b/20230414160603-docker.org @@ -0,0 +1,32 @@ +:PROPERTIES: +:ID: df046fd7-1f82-4e12-9065-56d222f56408 +:END: +#+title: docker +#+filetags: :docker: +Docker ist the programm designed to self-host services on the web through so called [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]]. A container is a closed system, that can interact with other containers. One Container can run one application and expose this application to a [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]] on the [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. A list of all deployed and undeployed containers can be found in the [[id:add49718-44d1-4576-9e5a-aea5d025c53b][list of docker containers]]. + +To Start a container use +#+begin_src + docker run +#+end_src + +You can use an application called [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] to start multiple containers simultaneously and define variables and settings for them beforehand. + +Additionally you can set the following parameters (listed below) together with the run command. Those parameters are important to get the containers running and can also be implemented into docker-compose. +* run parameters +#+begin_src bash + --name "" +#+end_src +creates a verbose name for the container. If no container name is set, docker choooses a random one. +#+begin_src bash + -v ":" +#+end_src +[[id:c69a77dc-f87f-418c-9870-eedddc43be37][Mounts]] a volume to the container. This Volume is located at the given path in the host file system and all files in the given folder are represantations of the same files in the container folder of the given container path. +#+begin_src bash + -e "" +#+end_src +Sets a desired environment variable for the container. +#+begin_src bash +--network "" +#+end_src +Connects the container to the given [[id:9d04fac3-89ae-4a96-b326-9ae7e2c22118][docker-networks]] diff --git a/20230417112410-nextcloud.org b/20230417112410-nextcloud.org new file mode 100644 index 0000000..b23f0f1 --- /dev/null +++ b/20230417112410-nextcloud.org @@ -0,0 +1,51 @@ +:PROPERTIES: +:ID: 7c74176b-a637-4d3b-838e-05fae7ad3789 +:END: +#+title: nextcloud + +The cloud for managing Data. Every member gets his own account and can save their data there. The data is stored on the communucation [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] ([[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][w10]]). + +* configdatein +** [[~/.config/docker/docker-compose.yml][compose config]] +** [[~/nextcloud/config/config.php][config.php]] + +#+begin_src bash + docker network create "" +#+end_src +After the creation is successful, add the Databas container to the network. +#+begin_src bash + docker network attach "" "" +#+end_src +If you want to see if the container is added successfully, use the command +#+begin_src bash + docker network inspect "" +#+end_src +and look for the added container. +Ad this point, the reverse proxy container should already be running. The manual entry for the reverse proxy [[id:0b50e19a-0608-434c-a57c-fd719e3bb8bf][nginx]] shows how it is setup to accept proxy input. +In the next step create the nextcloud container as shown below ([[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] access needed ([[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]): +#+begin_src bash + sudo docker run --name nextcloud \ + -v "/home//cloud/data:/var/www/html/data" \ + -v "/home//cloud/apps:/var/www/html/custom_apps" \ + -v "/home//cloud:/var/www/html" \ + -v "/home//cloud/config:/var/www/html/config" \ + --network net -e VIRTUAL_HOST="" \ + -e LETSENCRYPT_HOST="" \ + -e MYSQL_HOST="madrigal_DB" -e MYSQL_PASSWORD="" \ + -e MYSQL_DATABASE="nextcloud" -e MYSQL_USER="nextcloud" -d nextcloud:latest +#+end_src +Lastly add the nextcloud container to the internal network you created before. + +* additional note: +if you use next5cloud fpm you have to set additional environment variables: +#+begin_src bash + environment: + [..] + VIRTUAL_ROOT: /var/www/html + VIRTUAL_PROTO: fastcgie +#+end_src +or set it up like in: https://github.com/nextcloud/docker/tree/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm + + + +* [[id:3bd6dae2-5fbb-4045-80c0-4dbed0f02df1][nextcloud-docker-container]] diff --git a/20230417114538-docker_compose.org b/20230417114538-docker_compose.org new file mode 100644 index 0000000..990287b --- /dev/null +++ b/20230417114538-docker_compose.org @@ -0,0 +1,15 @@ +:PROPERTIES: +:ID: fcbfabfa-4a8c-4826-8b57-5dce05965c76 +:END: +#+title: docker-compose +A compoise file for [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][containers]]. You can predefine containers to run list settings applied to those containers in a docker-compose file (docker-compose.yml). When you run this file, the listed containers get set up. +* The Setup +The command for running docker-comose is: +#+begin_src + docker-compose up -d +#+end_src +The -d stands for run the command in the backfground and give the prompt back to the terminal. Instead of "up -d" you can also run the restart command to restart all containers listed in an compose-file. +* Compose file locations +** nextcloud, MariaDB: [[~/.config/docker/docker-compose.yml][Main-location]] +** Whoogle-search: [[~/whoogle-search/docker-compose.yml][whoogle-location]] +** rustdesk: [[~/rustdesk/docker-compose.yml][rustdesk-location]] diff --git a/20230417115712-list_of_docker_containers.org b/20230417115712-list_of_docker_containers.org new file mode 100644 index 0000000..24991cc --- /dev/null +++ b/20230417115712-list_of_docker_containers.org @@ -0,0 +1,39 @@ +:PROPERTIES: +:ID: add49718-44d1-4576-9e5a-aea5d025c53b +:END: +#+title: list of docker containers +A list of all deployed and undeployed [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][containers]] of all [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][servers]] +[[id:7c74176b-a637-4d3b-838e-05fae7ad3789][nextcloud]] +[[id:ae46c92b-d5fd-4172-944f-9165a61d2217][maria_DB]] +[[id:d7b03403-db35-465a-b4a0-fce27733df5a][whoogle-container]] +[[id:46107a80-aa2d-4861-8362-6836c547dda4][rustdesk]] +[[id:0b50e19a-0608-434c-a57c-fd719e3bb8bf][nginx]] +[[id:e1eac0f9-5b66-436a-8624-d5ea49e1204b][wordpress]] +[[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab-docker]] +[[id:4afb1f41-983a-4b54-9828-a1e3788eb28b][portainer-docker]] +flame +[[id:29c8ec85-9de8-4ace-8c52-13a086341861][rocket-chat]] +[[id:91deae5f-e670-4463-8fee-688212d13030][mongo-db]] +mysql +[[id:94daf0fc-da84-4b90-a200-7b147f721e2a][open-vpn]] +[[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] +[[id:80666401-173e-4828-9c29-552dab716946][dns]] +pihole +heimdall +gotify +uptime-kuma +netbox +ollama +n8n +openwebui +paperless-ngx +paperless-ai +traefik +grafana +prometheus +gitea +local content share +it-tools +passbolt + + diff --git a/20230417120355-container.org b/20230417120355-container.org new file mode 100644 index 0000000..eaa7745 --- /dev/null +++ b/20230417120355-container.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 936191f2-696b-4d9a-96ad-c8449778ae26 +:END: +#+title: container + +A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. + +Container images become containers at runtime and in the case of Docker containers – images become containers when they run on Docker Engine. Available for both Linux and Windows-based applications, containerized software will always run the same, regardless of the infrastructure. Containers isolate software from its environment and ensure that it works uniformly despite differences for instance between development and staging. diff --git a/20230418135928-nginx.org b/20230418135928-nginx.org new file mode 100644 index 0000000..bdaa1cf --- /dev/null +++ b/20230418135928-nginx.org @@ -0,0 +1,51 @@ +:PROPERTIES: +:ID: 0b50e19a-0608-434c-a57c-fd719e3bb8bf +:END: +#+title: nginx +nginx is a reverse proxy [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][webserver]]. Runs as [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] +* the config +** [[id:e1eac0f9-5b66-436a-8624-d5ea49e1204b][wordpress]] +*** ~/wordpress-compose/nginx/wordpress.conf +*** ~/wordpress-compose/docker-compose.yml +* Parameter: +For uploading pluig-ins which bigger than 2MB on the wordpress-local-site: +in wordpress.conf the following line under "server": + max_body_size 25M; +The application should look like this: +#+begin_src + +server { + listen 80; + server_name wp-hakase.co; +root /var/www/html; +index index.php; +proxy_buffering off; +proxy_buffer_size 16k; +proxy_busy_buffers_size 24k; +proxy_buffers 64 4k; +client_max_body_size 25M; +access_log /var/log/nginx/hakase-access.log; +error_log /var/log/nginx/hakase-error.log; + +location / { + +try_files $uri $uri/ /index.php?$args; +} + +location ~ \.php$ { +try_files $uri =404; +fastcgi_split_path_info ^(.+\.php)(/.+)$; +fastcgi_pass wordpress:9000; +fastcgi_index index.php; +include fastcgi_params; + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param PATH_INFO $fastcgi_path_info; +} +} +#+end_src +It is of utmost importance to set the reverse prtoxy to the same [[id:9d04fac3-89ae-4a96-b326-9ae7e2c22118][docker-network]] as the other [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] that should be used with the reverse proxy. This can be done inside the [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] file or via the +#+begin_src bash + --network "" +#+end_src +of the docker run command. diff --git a/20230418142242-wordpress.org b/20230418142242-wordpress.org new file mode 100644 index 0000000..f1c1b6d --- /dev/null +++ b/20230418142242-wordpress.org @@ -0,0 +1,35 @@ +:PROPERTIES: +:ID: e1eac0f9-5b66-436a-8624-d5ea49e1204b +:END: +#+title: wordpress +wordpress is a framework to create your own website. Runs as [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] and is hosted with [[id:0b50e19a-0608-434c-a57c-fd719e3bb8bf][nginx]] +* the config +** ~/wordpress-compose/docker-compose.yml +* Parameter: +follow the steps explained under [[id:0b50e19a-0608-434c-a57c-fd719e3bb8bf][nginx]] +Additionally create the the file wordpress.ini with the following content: +#+begin_src +file_uploads = On +memory_limit = 256M +upload_max_filesize = 64M +post_max_size = 64M +max_execution_time = 300 +max_input_time = 1000 +#+end_src +To load this file into the wordpress container add this line to your Volumes of the wordpress service in the [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] compose file listed above: +#+begin_src + volumes: + - ./wordpress.ini:/usr/local/etc/php/conf.d/wordpress.ini +#+end_src +put the wordpress.ini file in the [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] same folder where the compose file is and take start the docker containers with + +#+begin_src + docker-compose up -d +#+end_src +if the Container is already running, take it down first with +#+begin_src + docker-compose down +#+end_src + +* Run wp with reverse Proxy +To run wp with rp configuration does not work out of the box. This [[https://manios.org/2014/04/12/nginx-https-reverse-proxy-to-wordpress-with-apache-http-and-different-port][Blog]] gives a detailed how to on the configuration with wp and nginx. diff --git a/20230420004718-docker_networks.org b/20230420004718-docker_networks.org new file mode 100644 index 0000000..a940755 --- /dev/null +++ b/20230420004718-docker_networks.org @@ -0,0 +1,14 @@ +:PROPERTIES: +:ID: 9d04fac3-89ae-4a96-b326-9ae7e2c22118 +:END: +#+title: docker-networks +A [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] network is a virtual network that connects [[id:936191f2-696b-4d9a-96ad-c8449778ae26][containers]]. Without this network no two docker containers could interact with eachother. In [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] the network is set with: +#+begin_src + networks: + - +#+end_src +If you don't specify a network in the compse file the default network is invoked, so that the listed container can interact. When the container is set up wit the docker run command, the network is specified with the added parameter: +#+begin_src + --network "" +#+end_src +The usage of networks comes in handy when you want to connect two containers like [[id:7c74176b-a637-4d3b-838e-05fae7ad3789][nextcloud]] and [[id:ae46c92b-d5fd-4172-944f-9165a61d2217][maria_DB]]. in docker-compos a network can be set as internal (define the network inside the compose file) or external (add the containers to an existing network). diff --git a/20230420005613-maria_db.org b/20230420005613-maria_db.org new file mode 100644 index 0000000..bcd8cda --- /dev/null +++ b/20230420005613-maria_db.org @@ -0,0 +1,30 @@ +:PROPERTIES: +:ID: ae46c92b-d5fd-4172-944f-9165a61d2217 +:END: +#+title: maria_DB +Maria_DB is a [[id:df046fd7-1f82-4e12-9065-56d222f56408][dockerized]] Databse, that can be connected to many containers like [[id:7c74176b-a637-4d3b-838e-05fae7ad3789][nextcloud]]. The Database has to be listed inside a [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose file]] or must be connected to the other container via the same [[id:9d04fac3-89ae-4a96-b326-9ae7e2c22118][docker-network]]. + + +* connect to maria DB +If yiu want to connect to the Database to make take some manual actions, go into [[id:4afb1f41-983a-4b54-9828-a1e3788eb28b][portainer-docker]] UI and connect to the docker cointainer via virtual bash shell. Log in as [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] +and issue the command: + +#+begin_src bash + mysql -u root -p +#+end_src +Insert your root password and use the command ~connect ~ to connect to your database. + +** usecases +You can erase entries from the blacklist of nextcloud (for too many login approaches to the [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]) +*** to show brute force entries +#+begin_src bash + SELECT * FROM oc_bruteforce_attempts; +#+end_src +*** To erase entries +#+begin_src bash + DELETE FROM oc_bruteforce_attempts WHERE IP="xxx.xxx.xxx.xxx"; +#+end_src +*** erase the blocklist entirely +#+begin_src bash + DELETE FROM oc_bruteforce_attempts; +#+end_src diff --git a/20230420014604-letsencrypt_helper.org b/20230420014604-letsencrypt_helper.org new file mode 100644 index 0000000..f49a030 --- /dev/null +++ b/20230420014604-letsencrypt_helper.org @@ -0,0 +1,21 @@ +:PROPERTIES: +:ID: 83ce6fe7-aadc-4f2f-9c1e-bc73ba7590b8 +:END: +#+title: letsencrypt-helper +[[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] that lets you use [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]] [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificates]]. works good with [[id:0b50e19a-0608-434c-a57c-fd719e3bb8bf][nginx]] and [[id:90e3b8a2-b523-4044-af6f-fd4a559b2d7f][traefik]] as [[id:98642623-d85a-432c-90d5-bfff7ead8c7b][reverse proxies]]. If you self sign your ssl [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]]certificates you could use this code in [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] (not tested): +#+begin_src bash + # self signed + omgwtfssl: + image: paulczar/omgwtfssl + restart: "no" + volumes: + - certs:/certs + environment: + - SSL_SUBJECT=servhostname.local + - CA_SUBJECT=my@example.com + - SSL_KEY=/certs/servhostname.local.key + - SSL_CSR=/certs/servhostname.local.csr + - SSL_CERT=/certs/servhostname.local.crt + networks: + - proxy-tier +#+end_src diff --git a/20230421105427-arco_linux.org b/20230421105427-arco_linux.org new file mode 100644 index 0000000..100d5f2 --- /dev/null +++ b/20230421105427-arco_linux.org @@ -0,0 +1,79 @@ +:PROPERTIES: +:ID: 5fada795-19a3-4ba6-97c0-0b70bd728a2f +:END: +#+title: Arco-Linux +#+filetags: :INDEX:ARCO: + +Linux (/ˈlɪnʊks/ LIN-uuks) is a family of open-source Unix-like operating systems based on the Linux [[id:33388695-657c-44a2-8359-c7b6137233d0][kernel]], an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][packaged]] as a Linux distribution (distro), which includes the kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses and recommends the name "GNU/Linux" to emphasize the use and importance of GNU software in many distributions, causing some controversy. + +Popular Linux distributions include Debian, Fedora Linux, Arch Linux and Ubuntu. Commercial distributions include Red Hat Enterprise Linux and SUSE Linux Enterprise. Desktop Linux distributions include a windowing system such as [[id:98eade62-125a-40f1-b572-ff3e107ca4fa][x11]] or Wayland, and a desktop environment such as GNOME or KDE Plasma. Distributions intended for servers may omit graphics altogether, or include a solution stack such as LAMP. Because Linux is freely redistributable, anyone may create a distribution for any purpose. + +[[id:79f5df8e-feee-4c91-916a-c23ba40818ee][ARCO]]-Linux is the main operating system of Madrigal Industrial Solutions. It is a derivative of Arch Linux with some tweaks and can be installed with the programms of Choice. If any Problems arise there is a very informative website [[https://arcolinux.com/ ][website]] with almost any programm pre installed in the arco package. + +* Pre-Installed Programms +** [[id:aac10dba-6276-414e-a3ff-7887528c7918][x-server]] +*** [[id:1cb23984-71e0-4f08-ae48-3c2e1e79622f][xorg]] +** [[id:0613de5a-4b4f-429a-ba52-09d63c0a92d6][Window-Manager]] +*** [[id:0268b9e5-b51a-41e7-baaf-f01d00eb99f2][openbox]] +** [[id:a6e49794-6de9-4bc1-b448-77e97600d3f3][Login-Manager]] +*** [[id:60a92fe1-7c58-4d88-b16d-d5a35ab0157a][lightDM]] +** [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package-manager]] +*** [[id:d88b7b60-742d-4bc0-8b48-3fbcfad2373d][pacman]] +** [[id:b75bbc20-fc24-44b9-be3a-8dbcdcbea63e][Arch-User-Repository]] +** [[id:294012b3-5b0a-4527-a981-2f397378c0d2][AUR-Helpers]] +*** Paru +*** yay +** Filemanager +*** [[id:cdfedfb2-0fd8-4e31-b1b0-9831a7968e5f][pcmanFM]] +*** [[id:15c8b750-ea77-4845-8517-c0047e2a4455][nnn]] +** app launcher +*** [[id:1ef7425a-812f-45d1-812c-6a6ca6397289][dmenu]] +** Desktop Drawing Application +** Text Editors +*** [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] +** Lockscreen and logout manager +*** [[id:71c7b2c6-8601-446c-bdbb-3598d74be178][betterlockscreen]] +*** [[id:2f4f9e1b-ed75-4e35-b6db-b26ab8f60c15][archlinux-logout]] +** Keymanagement and GPG +*** [[id:404dad63-5eb6-4328-ae85-475874b48ac4][keychain]] +** Sound +*** [[id:efaaf6e8-b638-497b-bfc2-366d64f2413b][pulse-audio]] +** [[id:d60f8060-4557-42d5-831d-b68bfb42df59][Mimetypes]] +*** [[id:6c1849a8-ab61-4ab1-b2e8-97d1d0dfb0fd][xdg]] +** Change [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] +*** [[id:065cec59-82f7-42a5-bcb0-fef56004de40][arch-chroot]] +** Scheduling Tasks +*** [[id:94b5e3fb-bbf9-40ec-902f-9e15c74c5f99][crontab]] + + +* Post-Installed Programms +** [[id:574b9e96-1a86-4e43-878c-30534e0dcecb][MBSE (Modell based system engineering)]] +*** [[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab]] +*** [[id:2d45175d-7fcc-4a55-b81c-14da72247eef][FEA-Tool]] +*** [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]] +*** [[id:6acf9122-b289-44e4-87e1-c3dfb5c7aeb2][salome]] +*** [[id:a4953b2b-81de-4c15-91e7-10d0cb5f22dd][freeCAD]] +*** [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] +*** [[id:a6d22357-9bed-422e-9805-0478fbeb3e99][Paraview]] +** Communications & Secruity +*** [[id:5c50958e-e38d-4f6c-b111-2a50a48cc1de][freepbx]] & [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][VM]] +*** [[id:a88d9210-6085-4def-982a-d4a6ff391a2e][linphone]] +*** [[id:29c8ec85-9de8-4ace-8c52-13a086341861][rocket-chat]] +*** [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] & [[id:94daf0fc-da84-4b90-a200-7b147f721e2a][open-vpn]] +*** [[id:80666401-173e-4828-9c29-552dab716946][dns]] & [[id:90e3b8a2-b523-4044-af6f-fd4a559b2d7f][traefik_docker]] +** Cloud & Backup +*** [[id:56d784ed-a87c-441f-b819-73369760ca32][borg-backup]] +*** [[id:7c74176b-a637-4d3b-838e-05fae7ad3789][nextcloud]] +** [[id:5ddb50eb-4257-44cb-9193-1606b348e886][terminal emulators]] +*** [[id:b65b3f3a-e0a3-49ca-9005-5a1055c07cdf][kitty]] +** [[id:b6d24dd6-285f-4c03-883c-dc77b78c652a][shell]] +*** [[id:af92f7a3-705c-491e-955e-2f04206da220][fish]] +** remote server control +*** [[id:46107a80-aa2d-4861-8362-6836c547dda4][rustdesk]] +** file transformation +*** [[id:75ea690d-deee-4592-ae99-1c2385c208fb][pandoc]] +** word processing +*** [[id:b674e49e-0818-4084-8690-3805c8345650][TexLive]] +*** [[id:345d5300-432c-4f6f-98a4-4527e955927f][latex]] +** password service +*** [[id:308a3798-0f57-4024-a561-c6d8153348e9][keepassxc]] diff --git a/20230421112433-lightdm.org b/20230421112433-lightdm.org new file mode 100644 index 0000000..00e7322 --- /dev/null +++ b/20230421112433-lightdm.org @@ -0,0 +1,39 @@ +:PROPERTIES: +:ID: 60a92fe1-7c58-4d88-b16d-d5a35ab0157a +:END: +#+title: lightDM + +LightDM is a cross-desktop [[id:a6e49794-6de9-4bc1-b448-77e97600d3f3][login-manager]]. Its key features are: + +Cross-desktop - supports different desktop technologies. +Supports different display technologies (X, Mir, Wayland ...). +Lightweight - low memory usage and high performance. +Supports guest sessions. +Supports remote login (incoming - XDMCP, VNC, outgoing - XDMCP, PAM). +Comprehensive test suite. +Low code complexity. + +LightDM handles the autoligin feature on Linux, which can be enabled in the lightdm conf file located in: +#+begin_src bash + /etc/lightdm/lightdm.conf +#+end_src +To enable this feature search for the autologin entry inside lightdm.conf and change it as follows: +from +#+begin_src bash + #autologin-guest=false +#autologin-user=user +#autologin-user-timeout=0 +#+end_src +to +#+begin_src bash + autologin-guest=false +autologin-user= +autologin-user-timeout=0 +#+end_src +Because the config is located in the [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] folder, you have have root priviliges to change the setting ([[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]) +Additionally the user has to be part of the autologin group. To add the user to the group type the following command in the command line; +#+begin_src bash +sudo groupadd -r autologin +sudo gpasswd -a username autologin +#+end_src +the first command creates the group if the group does not exist yet. The second command adds the user. diff --git a/20230421113732-login_manager.org b/20230421113732-login_manager.org new file mode 100644 index 0000000..4da4ace --- /dev/null +++ b/20230421113732-login_manager.org @@ -0,0 +1,19 @@ +:PROPERTIES: +:ID: a6e49794-6de9-4bc1-b448-77e97600d3f3 +:END: +#+title: login-manager +#+filetags: :basics:system: + +A display manager, or login manager, is typically a graphical user interface that is displayed at the end of the boot process in place of the default shell. There are various implementations of display managers, just as there are various types of window managers and desktop environments. There is usually a certain amount of customization and themeability available with each one. + +The responsibilities of a display manager are: + +Starting and managing local instances of the [[id:aac10dba-6276-414e-a3ff-7887528c7918][x-server]]. +Authenticating users. +Starting and managing user sessions. Common use cases: + +Starting a single X server on boot and starting a session (kiosk mode). + +Starting a single X server instance on boot, displaying a greeter [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]] (username and password), and starting the user session when connected (traditional). +Supporting multiple simultaneous logins by exposing what users are logged in, and starting new X servers for each user (user switching). +Running a thin-[[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] server by allowing X servers to connect using XDMCP, and connecting greeters and sessions to those X servers. diff --git a/20230421114311-window_manager.org b/20230421114311-window_manager.org new file mode 100644 index 0000000..b53984d --- /dev/null +++ b/20230421114311-window_manager.org @@ -0,0 +1,29 @@ +:PROPERTIES: +:ID: 0613de5a-4b4f-429a-ba52-09d63c0a92d6 +:END: +#+title: window-manager + +A window manager (WM) is system software that controls the placement and appearance of windows within a windowing system in a graphical user interface ([[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]) in a operating system like [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]]. It can be part of a desktop environment (DE) or be used standalone. + +Note: Window managers are unique to [[id:1cb23984-71e0-4f08-ae48-3c2e1e79622f][xorg]]. The equivalent of window managers on Wayland are called compositors because they also act as compositing window managers. + + +Window managers are [[id:1cb23984-71e0-4f08-ae48-3c2e1e79622f][X]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][clients]] that control the appearance and behaviour of the frames ("windows") where the various graphical applications are drawn. They determine the border, title bar, size, and ability to resize windows, and often provide other functionality such as reserved areas for sticking dockapps like Window Maker, or the ability to tab windows like Fluxbox. Some window managers are even bundled with simple utilities like menus to start programs or to configure the window manager itself. + +The Extended Window Manager Hints specification is used to allow window managers to interact in standard ways with the [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] and the other clients. + +Some window managers are developed as part of a more comprehensive desktop environment, usually allowing the other provided applications to better interact with each other, giving a more consistent experience to the user, complete with features like desktop icons, fonts, toolbars, wallpapers, or desktop widgets. + +Other window managers are instead designed to be used standalone, giving the user complete freedom over the choice of the other applications to be used. This allows the user to create a more lightweight and customized environment, tailored to their own specific needs. "Extras" like desktop icons, toolbars, wallpapers, or desktop widgets, if needed, will have to be added with additional dedicated applications. + +Some standalone window managers can be also used to replace the default window manager of a desktop environment, just like some desktop environment–oriented window managers can be used standalone too. + +Prior to installing a window manager, a functional [[id:aac10dba-6276-414e-a3ff-7887528c7918][x-server]] installation is required. + +* __Types__ +** Stacking +(aka floating) window managers provide the traditional desktop metaphor used in commercial operating systems like Windows and macOS. Windows act like pieces of paper on a desk, and can be stacked on top of each other. For available Arch Wiki pages see Category:Stacking window managers. +** Tiling window managers +"tile" the windows so that none are overlapping. They usually make very extensive use of key-bindings and have less (or no) reliance on the mouse. Tiling window managers may be manual, offer predefined layouts, or both. For available Arch Wiki pages see Category:Tiling window managers. +** Dynamic window managers +can dynamically switch between tiling or floating window layout. For available Arch Wiki pages see Category:Dynamic window managers. diff --git a/20230421114709-x_server.org b/20230421114709-x_server.org new file mode 100644 index 0000000..510ce5e --- /dev/null +++ b/20230421114709-x_server.org @@ -0,0 +1,7 @@ +:PROPERTIES: +:ID: aac10dba-6276-414e-a3ff-7887528c7918 +:END: +#+title: x-server +#+filetags: :basics:ARCO: + +X is the generic name for the X Window System display server provided by [[id:1cb23984-71e0-4f08-ae48-3c2e1e79622f][xorg]]. It is frequently a link or a copy of the appropriate [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] binary for driving the most frequently used server on a given machine. X can be [[id:98eade62-125a-40f1-b572-ff3e107ca4fa][forwarded]] via [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]. diff --git a/20230421114858-xorg.org b/20230421114858-xorg.org new file mode 100644 index 0000000..3f1d570 --- /dev/null +++ b/20230421114858-xorg.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: 1cb23984-71e0-4f08-ae48-3c2e1e79622f +:END: +#+title: xorg +#+filetags: :basics:ARCO: + +Xorg (commonly referred to as simply X) is the most popular display [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] among [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] users. Its ubiquity has led to making it an ever-present requisite for [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]] applications, resulting in massive adoption from most distributions. See the Xorg Wikipedia article or visit the Xorg website for more details. + +For the alternative and potential successor. + +The X.Org project provides an open source implementation of the X Window System ([[id:aac10dba-6276-414e-a3ff-7887528c7918][x-server]]). The development work is being done in conjunction with the freedesktop.org community. The X.Org Foundation is the educational non-profit corporation whose Board serves this effort, and whose Members lead this work. diff --git a/20230421115650-openbox.org b/20230421115650-openbox.org new file mode 100644 index 0000000..4f60ded --- /dev/null +++ b/20230421115650-openbox.org @@ -0,0 +1,15 @@ +:PROPERTIES: +:ID: 0268b9e5-b51a-41e7-baaf-f01d00eb99f2 +:END: +#+title: openbox +Openbox is a lightweight, powerful, and highly configurable stacking [[id:0613de5a-4b4f-429a-ba52-09d63c0a92d6][window-manager]] with extensive standards support. It may be built upon and run independently as the basis of a unique desktop environment, or within other integrated desktop environments such as KDE and Xfce, as an alternative to the window managers they provide. The LXDE desktop environment is itself built around Openbox. + +Openbox is a highly configurable, next generation window manager with extensive standards support. + +The *box visual style is well known for its minimalistic appearance. Openbox uses the *box visual style, while providing a greater number of options for theme developers than previous *box implementations. The theme documentation describes the full range of options found in Openbox themes. + +Openbox lets you bring the latest applications outside of a full desktop environment. Most modern applications have been written with GNOME and KDE in mind. With support for the latest freedesktop.org standards, as well as careful adherence to previous standards, Openbox provides an environment where applications work the way they were designed to. + +Openbox is a highly configurable window manager. It allows you to change almost every aspect of how you interact with your desktop and invent completely new ways to use and control it. It can be like a video game for controlling windows. But Openbox can also be kept extremely simple, as it is in the default setup, meaning that it can suit just about anybody. Openbox gives you control without making you do everything. + +Openbox makes desktop environments better. By running Openbox inside the GNOME or K desktop environments, you can combine their ease and functionality with the power of Openbox. Your desktop becomes cleaner and faster, and is in your control, when you use Openbox. diff --git a/20230421123911-package_manager.org b/20230421123911-package_manager.org new file mode 100644 index 0000000..9b08ee6 --- /dev/null +++ b/20230421123911-package_manager.org @@ -0,0 +1,28 @@ +:PROPERTIES: +:ID: b7c4f849-d1b1-4837-8634-82f6976a1473 +:END: +#+title: package-manager + +A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner. + +A package manager deals with packages, distributions of software and data in archive files. Packages contain metadata, such as the software's name, description of its purpose, version number, vendor, checksum (preferably a cryptographic hash function), and a list of dependencies necessary for the software to run properly. Upon installation, metadata is stored in a local package database. Package managers typically maintain a database of software dependencies and version information to prevent software mismatches and missing prerequisites. They work closely with software repositories, binary repository managers, and app stores. + +Package managers are designed to eliminate the need for manual installs and updates. This can be particularly useful for large enterprises whose operating systems typically consist of hundreds or even tens of thousands of distinct software packages. + +* Functions +A software package is an archive file containing a computer program as well as necessary metadata for its deployment. The computer program can be in source code that has to be compiled and built first. Package metadata include package description, package version, and dependencies (other packages that need to be installed beforehand). + +Package managers are charged with the task of finding, installing, maintaining or uninstalling software packages upon the user's command. Typical functions of a package management system include: + +Working with file archivers to extract package archives +Ensuring the integrity and authenticity of the package by verifying their checksums and digital [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificates]], respectively +Looking up, downloading, installing, or updating existing software from a software repository or app store +Grouping packages by function to reduce user confusion +Managing dependencies to ensure a package is installed with all packages it requires, thus avoiding "dependency hell" + +* Uses +There are many instances where a package manager is used. If a programm can be modular upgraded there is usually a package manager and some kind of [[id:b75bbc20-fc24-44b9-be3a-8dbcdcbea63e][Repository]] for those packages used. +** examples +*** [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] +*** [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] +*** [[id:345d5300-432c-4f6f-98a4-4527e955927f][latex]] diff --git a/20230421124130-pacman.org b/20230421124130-pacman.org new file mode 100644 index 0000000..c28dd04 --- /dev/null +++ b/20230421124130-pacman.org @@ -0,0 +1,23 @@ +:PROPERTIES: +:ID: d88b7b60-742d-4bc0-8b48-3fbcfad2373d +:END: +#+title: pacman + +The pacman [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package-manager]] is one of the major distinguishing features of Arch Linux and [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] . It combines a simple binary package format with an easy-to-use build system. The goal of pacman is to make it possible to easily manage packages, whether they are from the official repositories or the user's own builds. + +Pacman keeps the system up-to-date by synchronizing package lists with the master [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. This server/[[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] model also allows the user to download/install packages with a simple command, complete with all required dependencies. +* Installing specific packages +To install a single package or list of packages, including dependencies, issue the following command: +#+begin_src bash + pacman -S package_name1 package_name2 +#+end_src +* upgrading packages +Pacman can update all packages on the system with just one command. This could take quite a while depending on how up-to-date the system is. The following command synchronizes the repository databases and updates the system's packages, excluding "local" packages that are not in the configured repositories: +#+begin_src + pacman -Syu +#+end_src +* ask no permissions + #+begin_src + pacman -Suy --noconfirm + #+end_src + diff --git a/20230421125023-arch_user_repository.org b/20230421125023-arch_user_repository.org new file mode 100644 index 0000000..eee573a --- /dev/null +++ b/20230421125023-arch_user_repository.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: b75bbc20-fc24-44b9-be3a-8dbcdcbea63e +:END: +#+title: Arch-User-Repository + +The Arch User Repository (AUR) is a community-driven repository for Arch users. It contains package descriptions (PKGBUILDs) that allow you to compile a package from source with makepkg and then install it via [[id:d88b7b60-742d-4bc0-8b48-3fbcfad2373d][pacman]]. The AUR was created to organize and share new packages from the community and to help expedite popular packages' inclusion into the community repository. This document explains how users can access and utilize the AUR. + +A good number of new packages that enter the official repositories start in the AUR. In the AUR, users are able to contribute their own package builds (PKGBUILD and related files). The AUR community has the ability to vote for packages in the AUR. If a package becomes popular enough — provided it has a compatible license and good packaging technique — it may be entered into the community repository (directly accessible by pacman or abs). diff --git a/20230421125542-aur_helpers.org b/20230421125542-aur_helpers.org new file mode 100644 index 0000000..93afcd4 --- /dev/null +++ b/20230421125542-aur_helpers.org @@ -0,0 +1,13 @@ +:PROPERTIES: +:ID: 294012b3-5b0a-4527-a981-2f397378c0d2 +:END: +#+title: AUR-Helpers + +AUR helpers automate usage of the [[id:b75bbc20-fc24-44b9-be3a-8dbcdcbea63e][Arch-User-Repository]]. In particular, they may automate the following tasks: +- searching for packages published on the AUR; +- resolving of dependencies between AUR packages; +- retrieve and build AUR packages; +- retrieve web content, such as user comments; +- submission of AUR packages. +Pacman only handles updates for pre-built packages in its repositories. AUR packages are redistributed in form of PKGBUILDs and need an AUR helper to automate the re-build process. However, keep in mind that a rebuild of a package may be required when its shared library dependencies are updated, not only when the package itself is updated. + diff --git a/20230421130019-pcmanfm.org b/20230421130019-pcmanfm.org new file mode 100644 index 0000000..0ca1594 --- /dev/null +++ b/20230421130019-pcmanfm.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: cdfedfb2-0fd8-4e31-b1b0-9831a7968e5f +:END: +#+title: pcmanFM + +PCMan File Manager (PCManFM) is a file manager application, developed by Hong Jen Yee (Chinese: 洪任諭; pinyin: Hóng Rènyù) from Taiwan, which is meant to be a replacement for GNOME Files, Dolphin and Thunar.[3][4] PCManFM is the standard file manager in LXDE, also developed by the same author in conjunction with other developers. Since 2010, PCManFM has undergone a complete rewrite from scratch; build instructions, setup and configuration have changed in the process. diff --git a/20230421130256-nnn.org b/20230421130256-nnn.org new file mode 100644 index 0000000..0130144 --- /dev/null +++ b/20230421130256-nnn.org @@ -0,0 +1,21 @@ +:PROPERTIES: +:ID: 15c8b750-ea77-4845-8517-c0047e2a4455 +:END: +#+title: nnn + +nnn (also stylized as n³) is a portable terminal file manager written in C. It is easily extensible via its flat text plugin system where you can add your own language-agnostic scripts alongside already available plugins, including a (neo)vim plugin. nnn features native archiving/decompression to and from commonly installed formats such as xz, disk usage analysis and a fuzzy app launcher, a batch file renamer and a file picker through its plugin architecture. nnn supports instant search-as-you-type with regex (or simple string) filters and a navigate-as-you-type mode for continuous navigation in filter mode with directory auto-select. Also supported are contexts, bookmarks, multiple sorting options, SSHFS, batch operations on selections (a group of selected files) and a lot more. + +Despite its capabilities, nnn is designed to be easy to use and is configured by way of environment variables without the use of a configuration file. + +There is a function, that allows nnn to close and move the command line folder to the location last visited before closing nnn. For that you have to invoke nnn only with the letter ~n~. The function is described in the [[id:af92f7a3-705c-491e-955e-2f04206da220][fish]] config file. +#+begin_src bash + set -u NNN_TMPFILE "~/.config/nnn/.lastd" + export NNN_TMPFILE + + function n + nnn $argv + if test -e $NNN_TMPFILE + source $NNN_TMPFILE + rm $NNN_TMPFILE + end +#+end_src diff --git a/20230421130445-dmenu.org b/20230421130445-dmenu.org new file mode 100644 index 0000000..9c4928b --- /dev/null +++ b/20230421130445-dmenu.org @@ -0,0 +1,7 @@ +:PROPERTIES: +:ID: 1ef7425a-812f-45d1-812c-6a6ca6397289 +:END: +#+title: dmenu + +dmenu is a fast and lightweight dynamic menu for [[id:1cb23984-71e0-4f08-ae48-3c2e1e79622f][X]]. It reads arbitrary text from stdin, and creates a menu with one item for each line. The user can then select an item, through the arrow keys or typing a part of the name, and the line is printed to stdout. dmenu_run is a wrapper that ships with the dmenu distribution that allows its use as an application launcher. + diff --git a/20230421154858-nextcloud_docker_container.org b/20230421154858-nextcloud_docker_container.org new file mode 100644 index 0000000..f01c4f1 --- /dev/null +++ b/20230421154858-nextcloud_docker_container.org @@ -0,0 +1,14 @@ +:PROPERTIES: +:ID: 3bd6dae2-5fbb-4045-80c0-4dbed0f02df1 +:END: +#+title: nextcloud-docker-container + + +Actual command for the [[id:7c74176b-a637-4d3b-838e-05fae7ad3789][nextcloud]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]]. + + +#+begin_src bash + sudo docker run --name madrigal_cloud -v "/home/smad/madrigal_cloud/data:/var/www/html/data" -v "/home/smad/madrigal_cloud/apps:/var/www/html/custom_apps" -v "/home/smad/madrigal_cloud:/var/www/html" -v "/home/smad/madrigal_cloud/config:/var/www/html/config" --network net -e VIRTUAL_HOST="nextcloud.app.green-chem.net" -e LETSENCRYPT_HOST="nextcloud.app.green-chem.net" -e MYSQL_HOST="madrigal_DB" -e MYSQL_PASSWORD='TUC0815AM_?!' -e MYSQL_ROOT_PASSWORD='TUC0815AM_?!' -e MYSQL_DATABASE="nextcloud" -e MYSQL_USER="nextcloud" -d nextcloud:latest +#+end_src + +After creation the container has to be added to the ~nextc~ [[id:9d04fac3-89ae-4a96-b326-9ae7e2c22118][docker-network]] for it to work with the Database. diff --git a/20230504094026-freepbx.org b/20230504094026-freepbx.org new file mode 100644 index 0000000..d8ddb11 --- /dev/null +++ b/20230504094026-freepbx.org @@ -0,0 +1,19 @@ +:PROPERTIES: +:ID: 5c50958e-e38d-4f6c-b111-2a50a48cc1de +:END: +#+title: freepbx +#+filetags:COMMUNICATION:programme:telephone:network: + +Freepbx is a web-based open-source graphical user interface ([[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]) that manages Asterisk, a voice over [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] and telephony [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. FreePBX is licensed under the GNU General Public License version 3. It is a component of the FreePBX Distro, which is an independently maintained Linux system derived from the source code of the CentOS distribution, having Asterisk pre-installed. It is also included in various third-party distributions such as The FreePBX Distro and AsteriskNow. FreePBX was acquired by Schmooze.com in early 2013. That firm was, in turn, taken over by Sangoma Technologies Corporation on Jan 2, 2015. FreePBX is a community of developers and contributors who devote their work to making complicated phone system software easy to use and functional. + +Freepbx is used as the telephony system of Madrigal Inc. and is Running in a Virtal mashine with connection to the internet. freepbx is a standalone linux distribution like [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] and can be installed on a bare metal server. To make it as uncomplicated as possible and to reproduce the system in the future it is intalled in a [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][VM]]. +To run the VM the VM-Manager [[id:53e90634-0ed4-4db5-8f6b-04755c805f55][virtualbox]] is needed. + +* Installation +The installation of the software is streight forward, give the path to the [[id:c353643a-2d0f-493a-a270-a8469520390c][iso-file]] and give the VM the needed cpu cores, RAM and disk space. Those settings can be changed later. Run the iso and install freepbx. After the installation is finished, you have to shut down the VM and go into its settings. There under the headline of "Networks" change the network type to "bridge" so that a real IP is forwarded to the VM instead of a local [[id:d5ba6251-d7b1-4954-864d-c2f817aabf15][NAT]] translated IP address. After that is done, go into the Setting header of Disk and disconnect the iso from sthe VM. If that is not done, you can only get to the installation scrren again, after booting up the VM. When done, boot the VM. After the Boot is succesful the IP address of the freepb VM is shown inside a Table drawn above the command prompt. If you Type in this IP address inside your Browser you can access the admin control panel of freepbx. from there the configuration starts + +* configuration +Trunk: +Extensions: +SIP-Account: + diff --git a/20230504095005-virtualbox.org b/20230504095005-virtualbox.org new file mode 100644 index 0000000..a5b841e --- /dev/null +++ b/20230504095005-virtualbox.org @@ -0,0 +1,47 @@ +:PROPERTIES: +:ID: 53e90634-0ed4-4db5-8f6b-04755c805f55 +:END: +#+title: virtualbox +#+filetags: :programme:linux: + +VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 3. See "About VirtualBox" for an introduction. + +Virtuialbox is a [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][VM]] Manager designed by oracle. It is used to host software and linux distributions in Madrigal Inc. + +* Headless operation +Write the following line in your terminal: +#+begin_src + VBoxManage list vms +#+end_src +After you got the names of the installed VM, write the name of the VM you want to run into the command: +#+begin_src + VBoxHeadless -s +#+end_src + +* Starting virtual machines with a service (autostart) +Find hereafter the implementation details of a [[id:fe909b51-3cc0-4693-afc7-148ab5795d17][systemd]] service that will be used to consider a virtual machine as a service. + +#+begin_src +[Unit] +Description=VBox Virtual Machine %i Service +Requires=systemd-modules-load.service +After=systemd-modules-load.service + +[Service] +User=username +Group=vboxusers +ExecStart=/usr/bin/VBoxManage startvm %i --type startmode +ExecStop=/usr/bin/VBoxManage controlvm %i stopmode +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +#+end_src +Post the information in + +/etc/systemd/system/vboxvmservice@.service + +and start the service + +* VirtualBox is installed on [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][W10]] on this [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]] +Note: virtualbox is installed to use the [[id:5c50958e-e38d-4f6c-b111-2a50a48cc1de][freepbx]] & [[id:a88d9210-6085-4def-982a-d4a6ff391a2e][linphone]] diff --git a/20230504095420-vm.org b/20230504095420-vm.org new file mode 100644 index 0000000..d506ed2 --- /dev/null +++ b/20230504095420-vm.org @@ -0,0 +1,7 @@ +:PROPERTIES: +:ID: 0dea8c51-5e1e-460c-9d0a-28293d62013e +:END: +#+title: VM +#+filetags: :SYSTEM-INFORMATION:systen: + +In computing, a "virtual machine" (VM) is the virtualization or emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination of the two. The Madrigal Industrial Solutions GmbH is used virtuell machines for the operation of a [[id:5c50958e-e38d-4f6c-b111-2a50a48cc1de][freepbx]] telephone system. diff --git a/20230504095933-iso_file.org b/20230504095933-iso_file.org new file mode 100644 index 0000000..a91525f --- /dev/null +++ b/20230504095933-iso_file.org @@ -0,0 +1,9 @@ +:PROPERTIES: +:ID: c353643a-2d0f-493a-a270-a8469520390c +:END: +#+title: iso-file +#+filetags: :SYSTEM-INFORMATION:system: + +An optical disc image (or ISO image, from the ISO 9660 file system used with CD-ROM media) is a disk image that contains everything that would be written to an optical disc, disk sector by disc sector, including the optical disc file system. O images are expected to contain the binary image of an optical media file system (usually ISO 9660 and its extensions or UDF), including the data in its files in binary format, copied exactly as they were stored on the disc. The data inside the ISO image will be structured according to the file system that was used on the optical disc from which it was created. + +ISO images can be created from optical discs by disk imaging software, or from a collection of files by optical disc authoring software, or from a different disk image file by means of conversion. Software distributed on bootable discs is often available for download in ISO image format. And like any other ISO image, it may be written to an optical disc such as CD, DVD and Blu-Ray. diff --git a/20230504100551-nat.org b/20230504100551-nat.org new file mode 100644 index 0000000..ef2c501 --- /dev/null +++ b/20230504100551-nat.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: d5ba6251-d7b1-4954-864d-c2f817aabf15 +:END: +#+title: NAT +#+filetags: :SYSTEM-INFORMATION:network: + +Network address translation (NAT) is a method of mapping an [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] address space into another by modifying network address information in the IP header of [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]] while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] was moved, or when the upstream Internet service provider was replaced, but could not [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][route]] the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-[[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][rout]]able IP address of a NAT gateway can be used for an entire private network. + +As network address translation modifies the IP address information in packets, NAT implementations may vary in their specific behavior in various addressing cases and their effect on network traffic. The specifics of NAT behavior are not commonly documented by vendors of equipment containing NAT implementations. + + diff --git a/20230504102911-system_information.org b/20230504102911-system_information.org new file mode 100644 index 0000000..be71cf2 --- /dev/null +++ b/20230504102911-system_information.org @@ -0,0 +1,15 @@ +:PROPERTIES: +:ID: aad9b5d2-8242-4b89-8ba8-bd649cf88c23 +:END: +#+title: system-information +#+filetags: :SYSTEM-INFORMATION:INDEX: + +Information about systematical configuration and standards (like IP-standards, virtualization et.). + +* System information +** What is a [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][VM]]? +** What is [[id:d5ba6251-d7b1-4954-864d-c2f817aabf15][NAT]]? +** What is an [[id:c353643a-2d0f-493a-a270-a8469520390c][iso-file]]? +** What is an [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]]? +** What is [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]? +** What is [[id:98eade62-125a-40f1-b572-ff3e107ca4fa][x11-forwarding]]? diff --git a/20230504104240-arco_basics.org b/20230504104240-arco_basics.org new file mode 100644 index 0000000..a4ec143 --- /dev/null +++ b/20230504104240-arco_basics.org @@ -0,0 +1,5 @@ +:PROPERTIES: +:ID: 79f5df8e-feee-4c91-916a-c23ba40818ee +:END: +#+title: ARCO + diff --git a/20230504120424-wireguard.org b/20230504120424-wireguard.org new file mode 100644 index 0000000..dee6417 --- /dev/null +++ b/20230504120424-wireguard.org @@ -0,0 +1,82 @@ +:PROPERTIES: +:ID: daa194c9-63f1-433e-8826-a0b4e9020e16 +:END: +#+title: wireguard + +WireGuard® is an simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry. (from wireguard website) + +it is on of the two [[id:1af47b07-4205-46ac-837a-ee078067328a][vpn]] technologies applied at Madrigal Inc. The other one is [[id:94daf0fc-da84-4b90-a200-7b147f721e2a][open-vpn]] + +* Installation and key setup +WireGuard can be install on [[id:adc016f2-a660-47d7-8974-16b74a02bcbf][Protectli]] or install just use [[id:d88b7b60-742d-4bc0-8b48-3fbcfad2373d][pacman]] or one of the other [[id:294012b3-5b0a-4527-a981-2f397378c0d2][AUR-Helpers]] to install from the repo. The package name is ~wireguard-tools~ so if you want to install it, type: +#+begin_src + yay wireguard-tools +#+end_src +in the command line + +After the installation has taken place make a wireguard folder in the home directory of the main user (admin only). Because of security reasons, the configuration for the wireguard connection has to go into the ~/etc/wireguard/~ directory and there it can't be handled by normal users without the ~sudo~ rights. the main process can be done without the rights, but it is not recommended. +use the command ~mkdir wireguard~ in your home folder to create an new directory. + +After the direcory creation use the ~cd~ command to change into the new directory. For wireguard to be able to connect to your client you first need to create a set of keys for authentification/authentication, a Private and a public key. The private key you have to keep private, beecaus it is your main tool for authentication. You can create the private key with the installed wireguard tools programme: +#+begin_src + wg genkey > .key +#+end_src +If you do this command the shell reminds you, that this is a plain text document viewable by eveyone und to consider usind ~uname 0077~ or ~uname 077~ . You can ignore this message, because we are going to change rights in the next step. The Key is created even tho the warning message is displayed. +Keep this key secret and do not hand it to anyone. You can alter the viewing rigths of the key with the commands with [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priviliges or [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]] : +#+begin_src + sudo chown root:root .key + sudo chmod 600 .key +#+end_src +use this key to generate the public key: +#+begin_src + wg pubkey < .key > .pub +#+end_src +How you name those keys is not relevant and is only for your differentiation in case you want to use multiple different wireguard connections, which is possible. The public key is as the name implies a public key und does not need to be specially protected. +If you are setting up a [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] or multiple [[id:70899526-8b7d-4976-94fc-cc07c41e550a][clients]], recreate those commands for every member participating in the Network. + +* Configuration +To configure the connection you have to create a configuration file. Use the ~touch~ command to create a config file. The name of this file represents the name of the wireguard interface you want to create. So if you want your interface to be named specially, you have to name the config after that. In this example we are going to name it *w0* because this is the standard wireguard interface name. Keep in mind, that names of interfaces already in use (e.g. *eth0* and *l0*) are not possible because of naming conflicts. +#+begin_src + touch w0.conf +#+end_src + +** Peer Configuration +As wireguard usual is a peer to peer connection between users the peers can be configured identical for a simple point to point connection. And even for more complicated variants the configuration for one client does not change dramatically +The client can be configured as follows: +#+begin_src bash + 2 │ + 3 │ # local settings for Endpoint A (client) + 4 │ [Interface] + 5 │ PrivateKey = + 6 │ Address = 10.0.0.1/32 + 7 │ ListenPort = 51821 + | PreUp = iptables -I INPUT -p udp --dport 51821 -j ACCEPT + | PostDown = iptables -D INPUT -p udp --dport 51821 -j ACCEPT + 9 │ + 10 │ + 11 │ # remote settings for Client B (Or the Server Host) + 12 │ [Peer] + 13 │ PublicKey = + 14 │ Endpoint = : + 15 │ AllowedIPs = +#+end_src bash + +*** [Interface] +This is your part of the connection +*** PrivateKey +This is your private key you generated beforehand +*** Address +This is the Address you want to have in the connection subnet, *NOT* the [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] you have right now. +*** ListenPort +The [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]] your connection listens on. If you do not specify a port here astandard port should be given for your connection. To eradicate errors beforehand you should choose a port nontheless. +*** [Peer] +This is the distant part of your connection. If you have a second or third peer you want to connect point to point to, just list another [peer] if you have listed all the data to the first one. +*** PublicKey +This is the public key of the peer you want to connect to +*** Endpoint +This is the public (not the inernal) IP of the peer you want to connect to +*** AllowedIP +This entry specifies which type of IP type is allowed to connect and which type of connection this IP does get (like full and spit tunneling). + +** Server Configuration +If there are more than two peers that need to connect to each other the wireguard vpn can be configured to tunnel all connections through a single entry point (site-server). This entry point sets the rules to allow peers to connect to ech other and use the hosted services of all connected peers. diff --git a/20230509081813-vpn.org b/20230509081813-vpn.org new file mode 100644 index 0000000..1d552f6 --- /dev/null +++ b/20230509081813-vpn.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 1af47b07-4205-46ac-837a-ee078067328a +:END: +#+title: vpn + +A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]], using an insecure communication medium such as the public Internet. + +A VPN can extend a private network (one that disallows or restricts public access), in such a way that it enables users of that network to send and receive data across public networks as if the public networks' devices were directly connected to the private network. The benefits of a VPN include security, reduced costs for dedicated communication lines, and greater flexibility for remote workers. VPNs are also used to bypass internet censorship. Encryption is common, although not an inherent part of a VPN connection. + +A VPN is created by establishing a virtual point-to-point connection through the use of tunneling [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocols]] over existing networks. A VPN available from the public Internet can provide some of the benefits of a wide area network ([[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]]). From a user perspective, the resources available within the private network can be accessed remotely diff --git a/20230509082201-open_vpn.org b/20230509082201-open_vpn.org new file mode 100644 index 0000000..69abebd --- /dev/null +++ b/20230509082201-open_vpn.org @@ -0,0 +1,13 @@ +:PROPERTIES: +:ID: 94daf0fc-da84-4b90-a200-7b147f721e2a +:END: +#+title: open-vpn + +OpenVPN is a virtual private network ([[id:1af47b07-4205-46ac-837a-ee078067328a][vpn]]) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] and [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] applications. + +OpenVPN allows peers to authenticate each other using pre-shared secret keys, [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificates]] or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signatures and certificate authority. + +It uses the OpenSSL encryption library extensively, as well as the [[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]] [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]], and contains many security and control features. It uses a custom security protocol that utilizes [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]]/TLS for key exchange. It is capable of traversing network address translators ([[id:d5ba6251-d7b1-4954-864d-c2f817aabf15][NAT]]s) and [[id:b9047be5-edca-4eca-8bac-c45e03373942][firewall]]. + +OpenVPN has been ported and embedded to several systems. For example, DD-WRT has the OpenVPN server function. SoftEther VPN, a multi-protocol VPN server, also has an implementation of OpenVPN protocol + diff --git a/20230509095218-ip.org b/20230509095218-ip.org new file mode 100644 index 0000000..6eede1c --- /dev/null +++ b/20230509095218-ip.org @@ -0,0 +1,31 @@ +:PROPERTIES: +:ID: f055acfb-05dd-4228-a92a-356240b8c975 +:END: +#+title: IP + +An Internet [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][Protocol]] address (IP address) is a numerical label such as 192.0.2.1 that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification and location addressing. + +Internet Protocol version 4 (IPv4) defines an IP address as a 32-bit number. However, because of the growth of the Internet and the depletion of available IPv4 addresses, a new version of IP (IPv6), using 128 bits for the IP address, was standardized in 1998. IPv6 deployment has been ongoing since the mid-2000s. + +IP addresses are written and displayed in human-readable notations, such as 192.0.2.1 in IPv4, and 2001:db8:0:1234:0:567:8:1 in IPv6. The size of the routing prefix of the address is designated in CIDR notation by suffixing the address with the number of significant bits, e.g., 192.0.2.1/24, which is equivalent to the historically used subnet mask 255.255.255.0. + +The IP address space is managed globally by the Internet Assigned Numbers Authority (IANA), and by five regional Internet registries (RIRs) responsible in their designated territories for assignment to local Internet registries, such as Internet service providers (ISPs), and other end users. IPv4 addresses were distributed by IANA to the RIRs in blocks of approximately 16.8 million addresses each, but have been exhausted at the IANA level since 2011. Only one of the RIRs still has a supply for local assignments in Africa.[6] Some IPv4 addresses are reserved for private networks and are not globally unique. + +Network administrators assign an IP address to each device connected to a network. Such assignments may be on a static (fixed or permanent) or dynamic basis, depending on network practices and software features. + +* Function +An IP address serves two principal functions: it identifies the host, or more specifically its network interface, and it provides the location of the host in the network, and thus the capability of establishing a path to that host. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there." The header of each IP [[id:fde35a08-897d-4502-aead-1f4414ea639c][packet]] contains the IP address of the sending host and that of the destination host. + +* IP versions +Two versions of the Internet Protocol are in common use on the Internet today. The original version of the Internet Protocol that was first deployed in 1983 in the ARPANET, the predecessor of the Internet, is Internet Protocol version 4 (IPv4). + +By the early 1990s, the rapid exhaustion of IPv4 address space available for assignment to Internet service providers and end-user organizations prompted the Internet Engineering Task Force (IETF) to explore new technologies to expand addressing capability on the Internet. The result was a redesign of the Internet Protocol which became eventually known as Internet Protocol Version 6 (IPv6) in 1995. IPv6 technology was in various testing stages until the mid-2000s when commercial production deployment commenced. + +Today, these two versions of the Internet Protocol are in simultaneous use. Among other technical changes, each version defines the format of addresses differently. Because of the historical prevalence of IPv4, the generic term IP address typically still refers to the addresses defined by IPv4. The gap in version sequence between IPv4 and IPv6 resulted from the assignment of version 5 to the experimental Internet Stream Protocol in 1979, which however was never referred to as IPv5. + +Other versions v1 to v9 were defined, but only v4 and v6 ever gained widespread use. v1 and v2 were names for [[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]] protocols in 1974 and 1977, as there was no separate IP specification at the time. v3 was defined in 1978, and v3.1 is the first version where TCP is separated from IP. v6 is a synthesis of several suggested versions, v6 Simple Internet Protocol, v7 TP/IX: The Next Internet, v8 PIP — The P Internet Protocol, and v9 TUBA — Tcp & [[id:b9c823ff-4cf4-46a0-8654-54bdc7b67d30][UDP]] with Big Addresses. + +* Subnetworks +IP [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]] may be divided into subnetworks in both IPv4 and IPv6. For this purpose, an IP address is recognized as consisting of two parts: the network prefix in the high-order bits and the remaining bits called the rest field, host identifier, or interface identifier (IPv6), used for host numbering within a network. The subnet mask or CIDR notation determines how the IP address is divided into network and host parts. + +The term subnet mask is only used within IPv4. Both IP versions however use the CIDR concept and notation. In this, the IP address is followed by a slash and the number (in decimal) of bits used for the network part, also called the routing prefix. For example, an IPv4 address and its subnet mask may be 192.0.2.1 and 255.255.255.0, respectively. The CIDR notation for the same IP address and subnet is 192.0.2.1/24, because the first 24 bits of the IP address indicate the network and subnet. diff --git a/20230515104228-ssh.org b/20230515104228-ssh.org new file mode 100644 index 0000000..7bacd86 --- /dev/null +++ b/20230515104228-ssh.org @@ -0,0 +1,28 @@ +:PROPERTIES: +:ID: 422e07f8-c888-460f-849e-76d451946045 +:END: +#+title: ssh +#+filetags: :basics: + +OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the Secure Shell (SSH) [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]]. It was created as an open source alternative to the proprietary Secure Shell software suite offered by SSH Communications Security. OpenSSH is developed as part of the OpenBSD project, which is led by Theo de Raadt. OpenSSH is occasionally confused with the similarly-named OpenSSL; however, the projects have different purposes and are developed by different teams, the similar name is drawn only from similar goals. + +* Install and enable on [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] +SSH is a pre-installed programm +#+begin_src bash + sudo systemctl enable sshd + sudo systemctl start sshd +#+end_src +For that you need [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priviliges ([[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]) +* Key generation from Master & [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] +#+begin_src bash + ssh-keygen -t rsa 4098 + ssh @ mkdir -p .ssh #type "yes" & "password" for + cat .ssh/id_rsa.pub | ssh @ 'cat >> .ssh/authorized_keys' + ssh @ "chmod 700 .ssh; chmod 640 .ssh/authorized_keys +#+end_src + +NOTE: Do the same from other clients from master & from master to all clients + +#+begin_src bash + ssh @ +#+end_src diff --git a/20230515104516-x11_forwarding.org b/20230515104516-x11_forwarding.org new file mode 100644 index 0000000..b01c67c --- /dev/null +++ b/20230515104516-x11_forwarding.org @@ -0,0 +1,15 @@ +:PROPERTIES: +:ID: 98eade62-125a-40f1-b572-ff3e107ca4fa +:END: +#+title: x11-forwarding +#+filetags: :system:basics: + +[[id:aac10dba-6276-414e-a3ff-7887528c7918][X11]] forwarding is a mechanism that allows graphical interfaces of X11 programs running on a remote system to be displayed on a local client machine. For X11 forwarding the remote host does not need to have a full X11 system installed; however, it needs at least to have xauth installed. xauth is a utility that maintains Xauthority configurations used by [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] and [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] for authentication of X11 session (source). + +Warning: X11 forwarding has important security implications which should be at least acknowledged by reading relevant sections of [[id:422e07f8-c888-460f-849e-76d451946045][ssh]](1), sshd_config(5), and ssh_config(5) manual pages. See also this StackExchange question. +* Setup +** install the xorg-xauth packages +** in /etc/ssh/sshd_config: +set X11Forwarding to yes +verify that Allow[[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]]Forwarding and X11UseLocalhost options are set to yes, and that X11DisplayOffset is set to 10 +** then restart the sshd daemon. diff --git a/20230515144839-matlab_docker.org b/20230515144839-matlab_docker.org new file mode 100644 index 0000000..59cf6f6 --- /dev/null +++ b/20230515144839-matlab_docker.org @@ -0,0 +1,30 @@ +:PROPERTIES: +:ID: e336814a-3a58-4b25-8d02-0af07623ce45 +:END: +#+title: matlab-docker + +Dockerized version of matlab. Inside the docker-file a list of matlab packages has to be specified, else the installation without toolboxes is used. The list that has to be given to the mpm manager looks like this: + +#+begin_src + RUN wget -q https://www.mathworks.com/mpm/glnxa64/mpm && \ + chmod +x mpm && \ + ./mpm install \ + --release=${MATLAB_RELEASE} \ + --destination=/tmp/matlab \ + --products MATLAB Deep_Learning_Toolbox && \ + rm -f mpm /tmp/mathworks_root.log && \ + ln -s /tmp/matlab/bin/matlab /usr/local/bin/matlab +#+end_src +In this example the Deep learning toolbox will be installed nebst the basic matlab installation. The list has to be space separated, so there can't be any spaces in the name of the toolboxes. Use underscore instead. + +* Installed Toolboxes +** Simulink +** Parallel computing toolbox --no-gpu +** control system toolbox +** curve fitting toolbox +** Database toolbox +** Deep learning toolbox +** Deep learning hdl toolbox +** embedded coder +** partial differential equations toolbox +** Matlab Coder diff --git a/20230516164008-whoogle_container.org b/20230516164008-whoogle_container.org new file mode 100644 index 0000000..a51104d --- /dev/null +++ b/20230516164008-whoogle_container.org @@ -0,0 +1,9 @@ +:PROPERTIES: +:ID: d7b03403-db35-465a-b4a0-fce27733df5a +:END: +#+title: whoogle-container + + +#+begin_src +docker run -d -p 1337:1337 -e WHOOGLE_AUTOCOMPLETE=0 -e WHOOGLE_ALT_WIKI="wikiless.org" -e WHOOGLE_ALT_IMG="imgin.voidnet.tech" -e WHOOGLE_ALT_TL="lingva.ml" -e WHOOGLE_ALT_MD="scribe.bus-hit.me" -e WHOOGLE_CONFIG_LANGUAGE="lang_en" -e WHOOGLE_CONFIG_SEARCH_LANGUAGE="lang_en" -e WHOOGLE_CONFIG_NEW_TAB=1 -e WHOOGLE_CONFIG_DISABLE=1 -e WHOOGLE_CONFIG_ALTS=1 -e WHOOGLE_ALT_TW="nitter.snopyta.org" -e WHOOGLE_ALT_YT="invidious.snopyta.org" -e WHOOGLE_ALT_IG="bibliogram.art/u" -e WHOOGLE_ALT_RD="libredd.it" -e WHOOGLE_CONFIG_STYLE=":root { --whoogle-logo:#685e79;--whoogle-page-bg:#ffffff;--whoogle-element-bg:#4285f4;--whoogle-text:#000000;--whoogle-contrast-text:#ffffff;--whoogle-secondary-text:#70757a;--whoogle-result-bg:#ffffff;--whoogle-result-title:#1967d2;--whoogle-result-url:#0d652d;--whoogle-result-visited:#4b11a8;--whoogle-dark-logo:#ffffff;--whoogle-dark-page-bg:#111111;--whoogle-dark-element-bg:#303134;--whoogle-dark-text:#dddddd;--whoogle-dark-contrast-text:#e8eaed;--whoogle-dark-secondary-text:#bdc1c6;--whoogle-dark-result-bg:#222222;--whoogle-dark-result-title:#8ab4f8;--whoogle-dark-result-url:#34a853;--whoogle-dark-result-visited:#c58af9;}#whoogle-w{fill:#4285f4;}#whoogle-h{fill:#ea4335;}#whoogle-o-1{fill:#fbbc05;}#whoogle-o-2{fill:#4285f4;}#whoogle-g{fill:#34a853;}#whoogle-l{fill:#ea4335;}#whoogle-e{fill:#fbbc05;}" -e VIRTUAL_HOST="whoogle.green-chem.net" -e LETSENCRYPT_HOST="whoogle.green-chem.net" -e EXPOSE_PORT=1337 -e WHOOGLE_USER="madrigal_admin" -e WHOOGLE_PASS=TUC0815AM_?! --restart unless-stopped --name madrigal_search --network net benbusby/whoogle-search:latest +#+end_src diff --git a/20230517102824-freecad.org b/20230517102824-freecad.org new file mode 100644 index 0000000..aeb922d --- /dev/null +++ b/20230517102824-freecad.org @@ -0,0 +1,41 @@ +:PROPERTIES: +:ID: a4953b2b-81de-4c15-91e7-10d0cb5f22dd +:END: +#+title: freeCAD + +FreeCAD is an open source tool for CAD. It is used to make the reactor geometry. To install just use the ~yay~ or ~pacman~ package manager. To do the basic istallation try to configure it as it is shown [[https://www.youtube.com/watch?v=8tvBLCdyjI4][here]]. + +* How to Start +(Version 0.20.2) +** Step 1: +Create a Sketch by choosing "Create a Sketch" +** Step 2: +Set dimension by choosing your sketch with double click or choosing Tasks and right click on 1-Circle --> Diameter Constraint + + +#+ATTR_ORG: :width 300 +#+ATTR_ORG: :height 300 +[[file:../pictures/How_to_Start/2023-05-17_13-50-30_image.png]] + + +#+ATTR_ORG: :width 300 +#+ATTR_ORG: :height 300 +[[file:../pictures/How_to_Start/2023-05-17_13-53-24_image2.png]] + +** Step 3: +Extrude the sketch by choosing "Pad/Part Design - Modellierung) + +#+ATTR_ORG: :width 300 +#+ATTR_ORG: :height 300 +[[file:../pictures/How_to_Start/2023-05-17_13-53-28_image3.png]] + +#+ATTR_ORG: :width 300 +#+ATTR_ORG: :height 300 +[[file:../pictures/How_to_Start/2023-05-17_13-53-32_image4.png]] + +** Step 4: +Export as stl/step file by choosing File --> Export --> STL Mesh or STEP with Colour + + + + diff --git a/20230522113406-emacs.org b/20230522113406-emacs.org new file mode 100644 index 0000000..30355b5 --- /dev/null +++ b/20230522113406-emacs.org @@ -0,0 +1,84 @@ +:PROPERTIES: +:ID: 5f1df0e1-384f-4685-ae1e-fec2431b04e5 +:END: +#+title: emacs +#+filetags: :INDEX:EMACS:: + +One of the most important tools of every [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] distribution. Emacs is a plain text editor, that can be expanded with various packages. Some Packages and their usage is listed here. In most cases not the sole emacs is used, but the [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] version (local server) of emacs. The server runs at boot but can be evoked by running: +#+begin_src bash + emacs --daemon +#+end_src +To start a second [[id:e108b31b-23c1-47fe-a794-84e41bc45044][daemon]] you have to give a specific name to the second instance so emacs knows which server to address. This is done via the command: +#+begin_src bash + emacs --daemon= +#+end_src +To use the text editor (emacs) use the command to start a [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]: +#+begin_src bash + emacsclient -cn +#+end_src +The ~-c~ flag suggests emacs to open a new frame (so the use of emacs and the document is not blocked for other members (e.g. in ssh). The -~n~ Flag suggest not to wait for emacs to close, so the prompt is given back to the shell. For emacs in Terminal mode (for ssh purposes) use the ~-t~ flag instead of the ~-n~ flag. To use emacsclient as command interpreter, use the ~-e~ flag: +#+begin_src bash + emacsclient -e ('kill-emacs') #kills the emacs process +#+end_src +To use a different emacs server (has to be running) use the ~-s~ [[id:6d29efeb-1f03-401b-bbed-e19fc94dbbbc][flag]] and give the name of the daemon +#+begin_src bash + emacsclient -ct -s +#+end_src +Emacs uses commands to change its behavior or simply do things. Those commands use command keys like control (~c-~ ), alt (~m-~ ) or space (~s-~ ) . To use a command press the command. If pressed a minibuffer opens, there all possible commands are listed. For Example, to save your work use the command chain control x control s (~c-x c-s~). You can keep the control key pressed and simply press the next chain key. + +* [[Id:c7747161-284c-4882-bd11-80bc2a990814][Buffer]] +Emacs works with so called buffers. A buffer is an instance that can hold text (e.g. a text document or a menu. to switch between opened buffers that are running in the server instance use ~c-m-j~. If you close amecsclient while the server is running, the buffer is not closed but still exist in the buffer list. you can close a buffer (switch focus, unsaved changtes are still there) by pressing ~c-0~ or kill a buffer (like closing for real, unsaved changes are gone) by pressing ~c-k~. you can have more than one buffer in view at the same time. To view a second buffer side by side press ~c-x c-3~. To view them top-down press ~c-x c-2~. To close a buffer that is not in focus press ~c-x c-1~ (instead of closing the one in focus with ~c-x c-0~. +A sub category are minibuffers. Those can pop up for notifications, menus or other things. They do not take the whole screen. + +* M-X +There are things that do not have a keychain attached to them. To acitvate those (or all) commands you have to use the ~M-x~ command prompt. Press ~m-x~ and type the name of the command you want to use. For example: +#+begin_src lisp + M-x package-install ;;installs a package in emacs +#+end_src + +* Index (Packages) +** [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]] auf files zugreifen +*** [[id:6bd68975-f5d3-4c8c-bba7-34788c3edf3e][tramp]] +sudo access for files in a dired buffer. +** key menu (invoked by colon or space) +*** [[id:82fd5a02-36c6-4ac5-a3f3-9b47dc1a4700][hydra]] +additional menues for emacs buffers. +** Gcal Calendar +*** [[id:7bd1f7dd-fcb2-4efc-a4df-f233a4bf3fcd][org-gcal]] +Google calendar intergration for org buffers. +** Tex +*** [[id:f52339f6-db99-4b43-91fd-48e7a1957ab2][synctex]] +syncs the pdf to the [[id:345d5300-432c-4f6f-98a4-4527e955927f][latex]] buffer in emacs. +*** [[id:3dfde3f4-2cc0-4356-a147-d4afd599e731][auctex]] +latex support ([[id:d3e11792-af05-4213-9ef8-b680c12ce81c][IDE]]) for emacs buffers. +** PDF-View +*** [[id:ae476916-f23f-4004-8b8a-bebc690e65f3][pdf-tools]] +View PDF files in an emacs buffer. Does not work in a [[id:4c3c3777-af52-4cde-8d9b-f356701b94c9][terminal]] or [[id:b6d24dd6-285f-4c03-883c-dc77b78c652a][shell]] (via [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]). +** Navigation +*** [[id:f3aaa9f1-525b-4ae6-9dce-efe22c8b2107][neotree]] +Visualizes the File tree in a buffer (interactive). +*** [[id:50326e0d-4ae7-46b3-bcda-27c47f0fe569][dired]] +Simple File Browser in a minibuffer. +*** [[id:3d22fdb5-a322-44d2-a447-83a8708d0637][deft]] +Strong File Searcher for defined folders. Especialy good with roam home folder. +*** [[id:9aa361f6-b829-49ad-a523-6498dbfb0213][projectile]] +File managemant for project folders and files of same type. +** Programme launcher +*** [[id:7e6f7176-9223-4dcc-ad4d-1ccf8c38116a][counsel-linux-app]] +Change the behaviour of M-x minibuffer. +** File System +*** [[id:b02ca084-7831-4013-8389-45f4cd969e25][org-attach]] +Attach files to a org heading and categorize the entry. +** Website Scraper +*** [[id:f68dfc34-5349-42d1-8074-6c4be231a69b][org-web-tools]] +Extract files and text from websites. +** Helm +*** [[id:9ce51551-fcb1-446a-9924-9dd26f5d56aa][helm-org-rifle]] +Strong file and text search engine for org files. +*** [[id:b3503901-bb4f-4fda-b85f-5e738df311fb][helm-bibtex]] +helm search engine integration for literature and bibtex entries. +** second brain +*** [[id:9d782b7c-5d45-4963-96f4-ee01a00ba280][org-roam]] +Data assemble and structorization engine with database. + +Note: Emacs mode can also be used for [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]], [[id:34c4e594-2aee-42d6-803a-6f843176d3b9][openFoam]] and [[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab]]. diff --git a/20230522115933-tramp.org b/20230522115933-tramp.org new file mode 100644 index 0000000..6c98add --- /dev/null +++ b/20230522115933-tramp.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 6bd68975-f5d3-4c8c-bba7-34788c3edf3e +:END: +#+title: tramp + +Tramp is a package of [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] that is pre installed and does not have to be installed by the user. It is used to access and edit files with sudo priviliges without the use of the [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]] command inside a shell. This is particularly usefull when editing files in emacsclient. + +* Sudo-File-Open +To open files with [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priviliges (if you can use them) just press ~c-f~ ~c-x~ and wirte ~sudo::~ before giving the path to the file. + + + diff --git a/20230522120543-hydra.org b/20230522120543-hydra.org new file mode 100644 index 0000000..4a87ea3 --- /dev/null +++ b/20230522120543-hydra.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: 82fd5a02-36c6-4ac5-a3f3-9b47dc1a4700 +:END: +#+title: hydra +#+filetags: :EMACS: + +Emacs package for creating menu command prompts. a single menu prompt is called hydra head. + +* Heads: +** Evil-Heads +*** [[id:2a8d1ed3-dd81-473a-a53a-854bf8182891][hydra-buffer-menu]] diff --git a/20230522120824-hydra_buffer_menu.org b/20230522120824-hydra_buffer_menu.org new file mode 100644 index 0000000..b873b38 --- /dev/null +++ b/20230522120824-hydra_buffer_menu.org @@ -0,0 +1,45 @@ +:PROPERTIES: +:ID: 2a8d1ed3-dd81-473a-a53a-854bf8182891 +:END: +#+title: hydra-buffer-menu +#+filetags: :EMACS: + +The original code for buffer menu. This is implemented in the emacs init file and cann be changed fi needed. It is invoked with the ~,~-key (colon) (in [[id:163e2614-cce0-4e66-a593-a2113a7b3cd1][evil]] normal state) +Hydra-Head für das allgemeine Buffer Menü. +Funktionstaste "," nur im evil-normal-state. +# ########################################## +* Code +#+begin_src emacs-lisp +(defhydra hydra-buffer-menu (:color pink + :hint nil) + " +^ORG^ ^File/Misc ^ ^Roam/Capture^ ^Search^ +^^^^^^^^----------------------------------------------------------------- +_a_: Agenda _b_: Buffer-Liste ^ ^ ^ ^ +_A_: Archive _d_: Deft _b_: bury ^ ^ +_R_: Refile _s_: Start-Mode _g_: refresh ^ ^ +_c_: Org-T-Cut ^ ^ _T_: files only: % -28`Buffer-menu-files-only +_p_: Org-T-Paste +" + ("a" org-agenda) + ("A" org-archive-subtree-default) + ("R" org-refile) + ("c" org-cut-subtree) + ("p" org-paste-subtree) + ("b" ibuffer-jump) + ("d" diz/run-and-refresh-deft) + ("s" diz/run-start-mode) + ("b" Buffer-menu-bury) + ("g" revert-buffer) + ("T" Buffer-menu-toggle-files-only) + ("O" Buffer-menu-multi-occur :color blue) + ("I" Buffer-menu-isearch-buffers :color blue) + ("R" Buffer-menu-isearch-buffers-regexp :color blue) + ("c" nil "cancel") + ("v" Buffer-menu-select "select" :color blue) + ("o" Buffer-menu-other-window "other-window" :color blue) + ("q" quit-window "quit" :color blue)) + +(define-key evil-normal-state-map "," 'hydra-buffer-menu/body) +#+end_src + diff --git a/20230522121056-evil_mode.org b/20230522121056-evil_mode.org new file mode 100644 index 0000000..dba8253 --- /dev/null +++ b/20230522121056-evil_mode.org @@ -0,0 +1,13 @@ +:PROPERTIES: +:ID: 163e2614-cce0-4e66-a593-a2113a7b3cd1 +:END: +#+title: evil-mode + +A minor mode that adds VIM like keybindings to [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]]. It is always activated. +* When you open a document you are in normal mode ~~ +** To insert text press ~i~ (insert mode ~~) +** To mark text press ~v~ (visual mode ~~) +** To Replace text press ~r~ (replacement mode ~~) +** To get back to normal mode press ~esc~ or ~c-g~ +* Navigation +Inside normal mode you can navigate with the ~h,j,k,l~ keys or with the arrow keys. diff --git a/20230522124454-org_gcal.org b/20230522124454-org_gcal.org new file mode 100644 index 0000000..d059c53 --- /dev/null +++ b/20230522124454-org_gcal.org @@ -0,0 +1,16 @@ +:PROPERTIES: +:ID: 7bd1f7dd-fcb2-4efc-a4df-f233a4bf3fcd +:END: +#+title: org-gcal +#+filetags: :EMACS:ORG:: + +Org-gcal is an Emacs extension that allows to synchronize Google Calendar. + +The setup is rather complicated and requires the Google Developer settings and a web API. + +These are already created for acumerana@gmail.com, so all calendars can be synchronized there. + +Appointments can easily be entered into the org-files and synchronized with "org-gcal-fetch" followed by "org-gcal-sync". The web page for gcal are: [[https://github.com/myuhe/org-gcal.el][org-gcal]] and [[https://github.com/nicoalphonse/org-gcal][org-gcal-new]] respectively . + + + diff --git a/20230522124800-synctex.org b/20230522124800-synctex.org new file mode 100644 index 0000000..8114022 --- /dev/null +++ b/20230522124800-synctex.org @@ -0,0 +1,69 @@ +:PROPERTIES: +:ID: f52339f6-db99-4b43-91fd-48e7a1957ab2 +:END: +#+title: synctex +#+filetags: :EMACS:latex: + +This procedure will set up Emacs, [[id:3dfde3f4-2cc0-4356-a147-d4afd599e731][auctex]], and the Okular viewer to handle integrated forward and inverse search. (These instructions were tested on a Debian system) + +Install Emacs. To install Emacs, open up the terminal and type the command: + +[[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]] ~apt-get install emacs~ +Install AUCTeX. + +Within Emacs, run M-x package install RET auctex RET. + +To test for a successful installation, just open up a .tex file Emacs with and you will see new menus concerning LaTeX. + +enter image description here + +Install Okular. + +sudo apt-get install okular +If not already done, open a tex file with emacs. + +In the LaTeX menu, go to "Customize AUCTeX" and click on "Extend this menu". +Then go again to LaTeX, "Customize AUCTeX", go to the "Tex Command" submenu and click on the included "Tex command" item. +From within Emacs, run + +~M-x customize-group RET TeX-command RET~ +You are now in the "Tex command group" configuration buffer. Scroll down until you reach "Tex Pdf Mode". Its value is off (nil); click on the "Toggle" button to activate this mode. Click on the "State" button and select "Save for Future Sessions". AUCTeX will now compile your TeX file using pdflatex. + +You should see something like this: enter image description here + +For the "Save for Future Sessions", the button with the green down arrow can also be selected. When this is done, your .emacs will be updated accordingly. + +enter image description here + +Still in the "Tex command group" configuration buffer, scroll all the way down and click on the special item called "Tex View". In the "Tex view group" buffer, you have two things to do: + +activate the correlate mode between the PDF and the TeX file, and +declare a PDF viewer which can read these correlations. +To activate the correlate mode: + +item "Tex Source Correlate Method", click on the "Value Menu" button and select "synctex" and save for future sessions, +item "Tex Source Correlate Start [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]", select "Always" and save, +item "Tex Source Correlate Mode", toggle it on and save. +To set Okular as the default PDF viewer: + +(NOTE: this is necessary only if you are using AUCTeX 11.87 or lower, in which case you really should upgrade the package to a more recent version) item Tex View Program List then click INS +name: Okular +choice: Command +command: okular --unique %o#src:%n%b +item Tex View Program Selection then click INS + +choice: Single predicate +single predicate: output-pdf +viewer: Okular + +If you just added Okular to the Tex View Program List, this choice might not appear. Restart Emacs or Set for Current Session to have it show up. + +Set and save both for future sessions. + +To configure Okular: in the Okular window, go to the "Settings" menu, item "Configure Okular", "Editor", select Emacs [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]. + +To use Forward search from Emacs to Okular, just hit C-c C-v or click on the glasses button of the tool-bar to call the viewer. Okular will center its display on the intended line of the pdf. + +To use Inverse search from Okular to Emacs, make sure that the Browse Tool (in the Tools menu of Okular) is enabled; then just hit Shift+Left mouse click on the pdf. Emacs will come up and position the cursor at the intended line of the TeX source. + + diff --git a/20230522124931-auctex.org b/20230522124931-auctex.org new file mode 100644 index 0000000..15a4bce --- /dev/null +++ b/20230522124931-auctex.org @@ -0,0 +1,48 @@ +:PROPERTIES: +:ID: 3dfde3f4-2cc0-4356-a147-d4afd599e731 +:END: +#+title: auctex +#+filetags: :EMACS:latex: + +Auctex is an [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package]] from [[id:4e30f168-3601-4b99-9daa-790161c03901][elpa]] or [[id:79bae242-a2b4-4753-9960-1f929c8c6300][melpa]] that can be installed as an [[id:d3e11792-af05-4213-9ef8-b680c12ce81c][IDE]] for [[id:345d5300-432c-4f6f-98a4-4527e955927f][latex]]. With this the text editor detects the ending ~.tex~ of the latex scripts and uses a [[id:57fcd48a-de61-4ced-8a4c-943cb78595db][major-mode]]. + +* implementation into emacs +To activate the auctex package install it from elpa or melpa using ~M-x package-install~ +#+begin_src elisp + ;;LATEX (AUCTEX) + (setq LaTeX-electric-left-right-brace t) + (setq TeX-auto-save t) ;autosave + (setq TeX-save-query nil) ; Keine Abfrage nach Speichern + (setq TeX-parse-self t) ;parsen + (setq-default TeX-master nil) ;(fragt jedes mal nach dme Master + (add-hook 'LaTeX-mode-hook 'visual-line-mode) + (dolist (hook '(text-mode-hook)) + (add-hook hook (lambda () (flyspell-mode 1)))) + ;;(add-hook 'LaTeX-mode-hook 'flyspell-mode) + (add-hook 'LaTeX-mode-hook 'LaTeX-math-mode) + (add-hook 'LaTeX-mode-hook 'turn-on-reftex) + (setq reftex-plug-into-AUCTeX t) + (add-hook 'reftex-load-hook 'imenu-add-menubar-index) + (add-hook 'reftex-mode-hook 'imenu-add-menubar-index) + (setq TeX-PDF-mode t) + (require 'tex) + (setq-default TeX-PDF-mode t) + (TeX-global-PDF-mode t) + + ;;ac-tex-ref + (add-hook 'tex-mode-hook + (lambda () + (require 'ac-tex-ref) + (make-local-variable 'ac-sources) + (add-to-list 'ac-sources 'ac-source-tex-ref) + (add-to-list 'ac-sources 'ac-source-tex-cite))) + + ;LAtex Normal Mode + (setq latex-run-command "pdflatex") + (add-hook 'latex-mode-hook ;; guessing + '(lambda () + (local-set-key "M-TAB" 'TeX-complete-symbol))) +#+end_src + + + diff --git a/20230522125454-pdf_tools.org b/20230522125454-pdf_tools.org new file mode 100644 index 0000000..24cc0ea --- /dev/null +++ b/20230522125454-pdf_tools.org @@ -0,0 +1,61 @@ +:PROPERTIES: +:ID: ae476916-f23f-4004-8b8a-bebc690e65f3 +:END: +#+title: pdf-tools +#+filetags: :EMACS: + +PDF Tools is an Emacs package for rendering PDF in Emacs. + +It is intended to replace doc-view and work well with org-annotate and Roam. + +It works with [[id:f52339f6-db99-4b43-91fd-48e7a1957ab2][synctex]] and [[id:3dfde3f4-2cc0-4356-a147-d4afd599e731][auctex]]. + +The packages in Emacs are currently not working (as of <2023-02-18 Sat>) and it must be installed via [[id:d88b7b60-742d-4bc0-8b48-3fbcfad2373d][pacman]] or [[id:294012b3-5b0a-4527-a981-2f397378c0d2][AUR-Helpers]]. + +The corresponding package is called: emacs-pdf-tools-git. + + + +But without configuratiion it is not possible to use it like this, so you have to add the following to the con + +* Configuration + +#+begin_src emacs-lisp + (use-package pdf-tools + :pin manual + :config + (pdf-tools-install) + (setq-default pdf-view-display-size 'fit-width) + (define-key pdf-view-mode-map (kbd "C-s") 'isearch-forward) + :custom + (pdf-annot-activate-created-annotations t "automatically annotate highlights") ) + +(setq TeX-view-program-selection '((output-pdf "PDF Tools")) + TeX-view-program-list '(("PDF Tools" TeX-pdf-tools-sync-view)) + TeX-source-correlate-start-server t) + +(add-hook 'TeX-after-compilation-finished-functions + #'TeX-revert-document-buffer) + +(add-hook 'pdf-view-mode-hook (lambda() (linum-mode -1))) + +;kann auch in evince geändert werden: +;(setq TeX-view-program-selection '((output-pdf "Evince"))) +;; kann auch über M-x customize-group angepasst werden + +;;pdf-view-blinken +(evil-set-initial-state 'doc-view-mode 'normal) +(add-hook 'doc-view-mode-hook + (lambda () + (setq blink-cursor-mode nil))) + + +;;pdf-view-blinken +(evil-set-initial-state 'pdf-view-mode 'emacs) +(add-hook 'pdf-view-mode-hook + (lambda () + (setq blink-cursor-mode nil))) +#+end_src + +Im Evil-mode blinkt die Anzeige, cursor blinken muss also Deaktiviert werden (siehe oben). +Funktioniert NICHT! mit linum mode. diff --git a/20230522130259-neotree.org b/20230522130259-neotree.org new file mode 100644 index 0000000..180f95c --- /dev/null +++ b/20230522130259-neotree.org @@ -0,0 +1,73 @@ +:PROPERTIES: +:ID: f3aaa9f1-525b-4ae6-9dce-efe22c8b2107 +:END: +#+title: neotree +#+filetags: :EMACS: + +Neotree is a package in [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] that displays the directory tree of directories. Quasi a visualization of [[id:50326e0d-4ae7-46b3-bcda-27c47f0fe569][dired]]. + + + +Installed by: + + (add-to-list 'load-path "/some/path/neotree") + + (require 'neotree) + + (global-set-key [f8] 'neotree-toggle) + + (setq neo-smart-open t) + + + +and can be modified with [[id:163e2614-cce0-4e66-a593-a2113a7b3cd1][evil-mode]] in case of complications: + + +* Use with evil mode +If you use evil-mode, by default some of evil key bindings conflict with neotree-mode keys. For example, you cannot use q to hide NeoTree. To make NeoTree key bindings in effect, you can bind those keys in evil-normal-state-local-map in neotree-mode-hook, as shown in below code: + + #+begin_src emacs-lisp + (add-hook 'neotree-mode-hook + (lambda () + (define-key evil-normal-state-local-map (kbd "TAB") 'neotree-enter) + (define-key evil-normal-state-local-map (kbd "SPC") 'neotree-quick-look) + (define-key evil-normal-state-local-map (kbd "q") 'neotree-hide) + (define-key evil-normal-state-local-map (kbd "RET") 'neotree-enter) + (define-key evil-normal-state-local-map (kbd "g") 'neotree-refresh) + (define-key evil-normal-state-local-map (kbd "n") 'neotree-next-line) + (define-key evil-normal-state-local-map (kbd "p") 'neotree-previous-line) + (define-key evil-normal-state-local-map (kbd "A") 'neotree-stretch-toggle) + (define-key evil-normal-state-local-map (kbd "H") 'neotree-hidden-file-toggle))) + #+end_src + +In recent versions of evil-mode you can create key bindings for specific modes using evil-define-key, so another way to override mappings in neotree-mode is as shown below: + + #+begin_src emacs-lisp + (evil-define-key 'normal neotree-mode-map (kbd "TAB") 'neotree-enter) + (evil-define-key 'normal neotree-mode-map (kbd "SPC") 'neotree-quick-look) + (evil-define-key 'normal neotree-mode-map (kbd "q") 'neotree-hide) + (evil-define-key 'normal neotree-mode-map (kbd "RET") 'neotree-enter) + (evil-define-key 'normal neotree-mode-map (kbd "g") 'neotree-refresh) + (evil-define-key 'normal neotree-mode-map (kbd "n") 'neotree-next-line) + (evil-define-key 'normal neotree-mode-map (kbd "p") 'neotree-previous-line) + (evil-define-key 'normal neotree-mode-map (kbd "A") 'neotree-stretch-toggle) + (evil-define-key 'normal neotree-mode-map (kbd "H") 'neotree-hidden-file-toggle) + #+end_src + +* Keybindings +Only in Neotree Buffer: + +n next line, p previous line。 +SPC or RET or TAB Open current item if it is a file. Fold/Unfold current item if it is a directory. +U Go up a directory +g Refresh +A Maximize/Minimize the NeoTree Window +H Toggle display hidden files +O Recursively open a directory +C-c C-n Create a file or create a directory if filename ends with a ‘/’ +C-c C-d Delete a file or a directory. +C-c C-r Rename a file or a directory. +C-c C-c Change the [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] directory. +C-c C-p Copy a file or a directory. + + diff --git a/20230522130636-dired.org b/20230522130636-dired.org new file mode 100644 index 0000000..4b1664d --- /dev/null +++ b/20230522130636-dired.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 50326e0d-4ae7-46b3-bcda-27c47f0fe569 +:END: +#+title: dired +#+filetags: :EMACS: + +Package for directory management, + +Called by ~C-x C-f~ and navigates with 'Tab' instead of 'Return'. dired is a built-in package of [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]]. + diff --git a/20230522130958-deft.org b/20230522130958-deft.org new file mode 100644 index 0000000..bab9fa4 --- /dev/null +++ b/20230522130958-deft.org @@ -0,0 +1,155 @@ +:PROPERTIES: +:ID: 3d22fdb5-a322-44d2-a447-83a8708d0637 +:END: +#+title: deft + +Deft is an indexer for plain text files that complements Org-Roam very well. Deft displays the title of the text file as well as the first part of the text in the quickview. For Deft to be able to do this reasonably this tool still has to be configured. This can look like this: + + +#+begin_src emacs-lisp + (use-package deft + :after org + :bind + ("C-c n d" . deft) + :custom + (deft-recursive t) + (deft-use-filter-string-for-filename t) + (deft-default-extension "org") + (deft-directory org-roam-directory)) + +(advice-add 'deft-parse-title :override + (lambda (file contents) + (if deft-use-filename-as-title + (deft-base-filename file) + (let* ((case-fold-search 't) + (begin (string-match "title: " contents)) + (end-of-begin (match-end 0)) + (end (string-match "\n" contents begin))) + (if begin + (substring contents end-of-begin end) + (format "%s" file)))))) + +#+end_src + +It is included in the [[id:2a8d1ed3-dd81-473a-a53a-854bf8182891][hydra-buffer-menu]]. Its alternatives are: [[id:50326e0d-4ae7-46b3-bcda-27c47f0fe569][dired]], [[id:f3aaa9f1-525b-4ae6-9dce-efe22c8b2107][neotree]], and [[id:9aa361f6-b829-49ad-a523-6498dbfb0213][projectile]] + + +* Deft Manual +To open the first matching file, simply press RET. If no files match your search string, RET will create a new file using the string as the title. This is a very fast way to start writing new notes. The filename will be generated automatically. If you prefer to provide a specific filename, use C-RET instead. + +To open files other than the first match, navigate up and down using C-p and C-n and press RET on the file you want to open. When opening a file, Deft searches forward and leaves the point at the end of the first match of the filter string. + +You can also press C-o to open a file in another window, without switching to the other window. Issue the same command with a prefix argument, C-u C-o, to open the file in another window and switch to that window. + +To edit the filter string, press DEL (backspace) to remove the last character or M-DEL to remove the last “word”. To yank (paste) the most recently killed (cut or copied) text into the filter string, press C-y. Press C-c C-c to clear the filter string and display all files and C-c C-g to refresh the file browser using the current filter string. + +For more advanced editing operations, you can also edit the filter string in the minibuffer by pressing C-c C-l. While in the minibuffer, the history of previous edits can be cycled through by pressing M-p and M-n. This form of static, one-time filtering (as opposed to incremental, on-the-fly filtering) may be preferable in some situations, such as over slow connections or on systems where interactive filtering performance is poor. + +By default, Deft filters files in incremental string search mode, where “search string” will match all files containing both “search” and “string” in any order. Alternatively, Deft supports direct regexp filtering, where the filter string is interpreted as a formal regular expression. For example, ^\(foo\|bar\) matches foo or bar at the beginning of a line. Pressing C-c C-t will toggle between incremental and regexp search modes. Regexp search mode is indicated by an “R” in the mode line. + +Common file operations can also be carried out from within Deft. Files can be renamed using C-c C-r or deleted using C-c C-d. New files can also be created using C-c C-n for quick creation or C-c C-m for a filename prompt. You can leave Deft at any time with C-c C-q. + +Unused files can be archived by pressing C-c C-a. Files will be moved to deft-archive-directory, which is a directory named archive within your deft-directory by default. + +Files opened with deft are automatically saved after Emacs has been idle for a customizable number of seconds. This value is a floating point number given by deft-auto-save-interval (default: 1.0). + +Getting Started +Once you have installed Deft following one of the above methods, you can simply run M-x deft to start Deft. It is useful to create a global keybinding for the deft function (e.g., a function key) to start it quickly (see below for details). + +When you first run Deft, it will complain that it cannot find the ~/.deft directory. You can either create a symbolic link to another directory where you keep your notes or run M-x deft-setup to create the ~/.deft directory automatically. + +One useful way to use Deft is to keep a directory of notes in a Dropbox folder. This can be used with other applications and mobile devices, for example, nvALT, Notational Velocity, or Simplenote on OS X or Editorial, Byword, or 1Writer on iOS. + +Basic Customization +You can customize items in the deft group to change the default functionality. + +By default, Deft looks for notes by searching for files with the extensions .txt, .text, .md, .markdown, or .org in the ~/.deft directory. You can customize both the file extension and the Deft directory by running M-x customize-group and typing deft. Alternatively, you can configure them in your .emacs file: + +#+begin_src emacs-lisp +(setq deft-extensions '("txt" "tex" "org")) +(setq deft-directory "~/Dropbox/notes") +#+end_src +The first element of deft-extensions (or in Lisp parlance, the car) is the default extension used to create new files. + +By default, Deft only searches for files in deft-directory but not in any subdirectories. All files in deft-directory with one of the specified extensions will be included except for those matching deft-ignore-file-regexp. Set deft-recursive to a non-nil value to enable searching for files in subdirectories (those not matching deft-recursive-ignore-dir-regexp): +#+begin_src emacs-lisp +(setq deft-recursive t) +#+end_src +You can easily set up a global keyboard binding for Deft. For example, to bind it to F8, add the following code to your .emacs file: + +(global-set-key [f8] 'deft) +If you manage loading packages with use-package, then you can configure by adding a declaration such as this one to your init file: +#+begin_src emacs-lisp +(use-package deft + :bind ("" . deft) + :commands (deft) + :config (setq deft-directory "~/Dropbox/notes" + deft-extensions '("md" "org"))) +#+end_src +Reading Files +The displayed title of each file is taken to be the first line of the file, with certain characters removed from the beginning. Hash characters, as used in Markdown headers, and asterisks, as in Org Mode headers, are removed. Additionally, Org mode #+TITLE: tags, MultiMarkdown Title: tags, LaTeX comment markers, and Emacs mode-line declarations (e.g., -*-mode-*-) are stripped from displayed titles. This can be customized by changing deft-strip-title-regexp. + +More generally, the title post-processing function itself can be customized by setting deft-parse-title-function, which accepts the first line of the file as an argument and returns the parsed title to display in the file browser. The default function is deft-strip-title, which removes all occurrences of deft-strip-title-regexp as described above. + +For compatibility with other applications which use the filename as the title of a note (rather than the first line of the file), set the deft-use-filename-as-title flag to a non-nil value. Deft will then use note filenames to generate the displayed titles in the Deft file browser. To enable this, add the following to your .emacs file: + +(setq deft-use-filename-as-title t) +Finally, the short summary that is displayed following the file title can be customized by changing deft-strip-summary-regexp. By default, this is set to remove certain org-mode metadata statements such as #+OPTIONS: and #+AUTHOR:. + +Creating Files +Filenames for newly created files are generated by Deft automatically. The process for doing so is determined by the variables deft-use-filename-as-title and deft-use-filter-string-for-filename as well as the rules in the deft-file-naming-rules alist. The possible cases are as follows: + +Default *(deft-use-filename-as-title and deft-use-filter-string-for-filename are both nil)*: + +The filename will be automatically generated using an short, ISO-like timestamp as in 2016-05-12T09:00.txt. The format can be customized by setting the variable deft-new-file-format. The filter string will be inserted as the first line of the file (which is also used as the display title). In case of file name conflicts, an underscore and a numerical suffix (e.g., _2) will be appended before the extension. + +Filenames as titles + +#+begin_src emacs-lisp +(setq deft-use-filename-as-title 1): +#+end_src + +When deft-use-filename-as-title is non-nil, the filter string will be used as the filename for new files (with the appropriate file extension appended to the end). An example of new file creation in this case: + +Filter string: “My New Project” +File name: “My New Project.txt” +File contents: [empty] +Readable filenames + +(deft-use-filename-as-title is nil but deft-use-filter-string-for-filename is non-nil): + + +In this case you can choose to display the title as parsed from the first line of the file while also generating readable filenames for new files based on the filter string. The variable deft-use-filter-string-for-filename controls this behavior and decouples the title display (deft-use-filename-as-title) from the actual filename. New filenames will be generated from the filter string and processed according to the rules defined in the deft-file-naming-rules alist. By default, slashes are removed and replaced by hyphens, but many other options are possible (camel case, replacing spaces by hyphens, and so on). See the documentation for deft-file-naming-rules for additional details. + +As an example, with the following value for deft-file-naming-rules, Deft will replace all slashes and spaces with hyphens and will convert the file name to lowercase: + +#+begin_src emacs-lisp +(setq deft-file-naming-rules + '((noslash . "-") + (nospace . "-") + (case-fn . downcase))) +#+end_src + +Below is an example in this case, with the above file naming rules. Notice that the filter string is inserted as the first line of the file but it is also used to generate a “readable” file name. + +Filter string: “My New Project” +File name: “my-new-project.txt” +File contents: “My New Project” +Titles inserted into files from the filter string can also be customized for two common modes, markdown-mode and org-mode, by setting the following variables: + +deft-markdown-mode-title-level - When set to a positive integer, determines how many hash marks will be added to titles in new Markdown files. In other words, setting deft-markdown-mode-title-level to 2 will result in new files being created with level–2 headings of the form ## Title. + +deft-org-mode-title-prefix - When non-nil, automatically generated titles in new org-mode files will be prefixed with #+TITLE:. + +Other Customizations +Deft, by default, lists files from newest to oldest. You can set deft-current-sort-method to ’title to sort by file titles, case ignored. Or, you can toggle sorting method using deft-toggle-sort-method. + +Incremental string search is the default method of filtering on startup, but you can set deft-incremental-search to nil to make regexp search the default. + +Deft also provides a function for opening files without using the Deft buffer directly. Calling deft-find-file will prompt for a file to open, much like find-file, but limits consideration to files in deft-directory that are known to Deft (i.e., those files matching deft-extensions). Unlike find-file, a list of all such files is provided and the desired file name can be completed using completing-read (and, as a result, deft-find-file will read/complete filenames using ido, helm, etc. when enabled). If the selected file is in deft-directory, it is opened with the usual Deft features (automatic saving, automatic updating of the Deft buffer, etc.). Otherwise, the file will be opened by find-file as usual. Therefore, you can set up a global keybinding for this function to open Deft files anywhere. For example, to use C-x C-g, a neighbor of C-x C-f, use the following: + +(global-set-key (kbd "C-x C-g") 'deft-find-file) +The faces used for highlighting various parts of the screen can also be customized. By default, these faces inherit their properties from the standard font-lock faces defined by your current color theme. + +Deft also provides several hooks: deft-mode-hook, deft-filter-hook, and deft-open-file-hook. See the documentation for these variables for further details. + diff --git a/20230522131320-projectile.org b/20230522131320-projectile.org new file mode 100644 index 0000000..532b22d --- /dev/null +++ b/20230522131320-projectile.org @@ -0,0 +1,37 @@ +:PROPERTIES: +:ID: 9aa361f6-b829-49ad-a523-6498dbfb0213 +:END: +#+title: projectile +#+filetags: :EMACS: + +Projectile is an [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] Package that can be used to manage project files. The package is installed as follows: + + + +#+begin_src elisp + +(use-package projectile + + :ensure t + + init + + (projectile-mode +1) + + :bind (:map projectile-mode-map + + ("C-c p" . projectile-command-map))) + +(setq projectile-project-search-path '("~/Latex/latex-repo/")) + +(setq projectile-indexing-method 'native) + +#+end_src + + + +However, the data tree is very cluttered, so folders and files in the .projectile file can be excluded from the index. This is done with the command: - (without<>) or -*.. This refers to the relative [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] path starting from this file. The file path from the projectile-project-search-path has to be found with the command + +projectile-discover-projects-in-search-path. + +Alternatives:[[id:50326e0d-4ae7-46b3-bcda-27c47f0fe569][dired]], [[id:f3aaa9f1-525b-4ae6-9dce-efe22c8b2107][neotree]], [[id:3d22fdb5-a322-44d2-a447-83a8708d0637][deft]] diff --git a/20230522131943-counsel_linux_app.org b/20230522131943-counsel_linux_app.org new file mode 100644 index 0000000..a9ba07b --- /dev/null +++ b/20230522131943-counsel_linux_app.org @@ -0,0 +1,16 @@ +:PROPERTIES: +:ID: 7e6f7176-9223-4dcc-ad4d-1ccf8c38116a +:END: +#+title: counsel-linux-app +#+filetags: :linux:EMACS: + +[[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] tool that can be used to start [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]] applications. These programs may not be easily invoked with [[id:1ef7425a-812f-45d1-812c-6a6ca6397289][dmenu]]. The command is: + +#+begin_src +M-x counsel-linux-app +#+end_src + + + +This tool parses .desktop files. + diff --git a/20230522132213-org_attach.org b/20230522132213-org_attach.org new file mode 100644 index 0000000..95904c1 --- /dev/null +++ b/20230522132213-org_attach.org @@ -0,0 +1,33 @@ +:PROPERTIES: +:ID: b02ca084-7831-4013-8389-45f4cd969e25 +:END: +#+title: org-attach +#+filetags: :ORG:EMACS: + +File Storing System based on org headers. For browsing,[[id:9ce51551-fcb1-446a-9924-9dd26f5d56aa][helm-org-rifle]] + +Default Keybinding: + +~C-c C-a~ + +(the view may be shifted, scroll up with ~M-v~) + + + +Code to try (not yet integrated): + +#+begin_src emacs-lisp + (setq org-attach-directory "~/.emacs.d/data") + (setq org-attach-method (quote mv)) + + (defun yourname/create_temp_dir () + (setq uuid (org-id-copy)) + (setq dir_temp (org-attach-id-uuid-folder-format uuid)) + (setq dir_temp2 (concat org-attach-directory "/" dir_temp "/")) + (setq dir_temp_usage (concat org-attach-directory "/" "TEMP/")) + (org-set-property "DIR" dir_temp_usage) + (copy-directory dir_temp2 dir_temp_usage t t t)) + + (global-set-key (kbd "") (lambda () (interactive) (yourname/create_temp_dir))) +#+end_src + diff --git a/20230522132448-helm_org_rifle.org b/20230522132448-helm_org_rifle.org new file mode 100644 index 0000000..454088a --- /dev/null +++ b/20230522132448-helm_org_rifle.org @@ -0,0 +1,33 @@ +:PROPERTIES: +:ID: 9ce51551-fcb1-446a-9924-9dd26f5d56aa +:END: +#+title: helm-org-rifle +#+filetags: :EMACS:ORG:: + +Fast-Search-Programme +This is my rifle. There are many like it, but this one is mine. My rifle is my best friend. It is my life. I must master it as I must master my life. +What does my rifle do? It searches rapidly through my Org files, quickly bringing me the information I need to defeat the enemy. +This package is inspired by org-search-goto/org-search-goto-ml. It searches both headings and contents of entries in Org buffers, and it displays entries that match all search terms, whether the terms appear in the heading, the contents, or both. Matching portions of entries’ contents are displayed with surrounding context and grouped by buffer to make it easy to acquire your target. + +* Troubleshooting + +If the package is loaded normally it works, but then annoying error messages are spit out. To fix this you have to set a simple '. The helm-org-rifle.el would then only have to be recompiled, or the corresponding function would have to be added to the init file. + + +#+begin_src emacs-lisp +(defun helm-org-rifle-get-source-for-buffer (buffer) + "Return Helm source for BUFFER." + (let ((source (helm-build-sync-source (buffer-name buffer) + :after-init-hook 'helm-org-rifle-after-init-hook ;;der sTrich muss hin (') wird aber in der helm-rifle.el nicht gesourced... + :candidates (lambda () + (when (s-present? helm-pattern) + (helm-org-rifle--get-candidates-in-buffer (helm-attr 'buffer) helm-pattern))) + :candidate-transformer helm-org-rifle-transformer + :match 'identity + :multiline helm-org-rifle-multiline + :volatile t + :action 'helm-org-rifle-actions + :keymap helm-org-rifle-map))) + (helm-attrset 'buffer buffer source) + source)) +#+end_src diff --git a/20230522132904-org_web_tools.org b/20230522132904-org_web_tools.org new file mode 100644 index 0000000..ed78234 --- /dev/null +++ b/20230522132904-org_web_tools.org @@ -0,0 +1,133 @@ +:PROPERTIES: +:ID: f68dfc34-5349-42d1-8074-6c4be231a69b +:END: +#+title: org-web-tools +#+filetags: :ORG:EMACS: + +Toolbox for downloading HTML websites. There are several functions of the framework. We need the external program [[id:75ea690d-deee-4592-ae99-1c2385c208fb][pandoc]] to convert the HTML pages to org-files.... + + +* Commands ++-------------------------------------------+----------------------------------------+ +|org-web-tools-insert-link-for-url |Insert an Org-mode link to the URL in | +| |the clipboard or kill-ring. Downloads | +| |the page to get the HTML title. | ++-------------------------------------------+----------------------------------------+ +|org-web-tools-insert-web-page-as-entry |Insert the web page for the URL in the | +| |clipboard or kill-ring as an Org-mode | +| |entry, as a sibling heading of the | +| |current entry. | ++-------------------------------------------+----------------------------------------+ +|org-web-tools-read-url-as-org |Display the web page for the URL in the | +| |clipboard or kill-ring as Org-mode text | +| |in a new buffer, processed with | +| |eww-readable. | ++-------------------------------------------+----------------------------------------+ +|org-web-tools-convert-links-to-page-entries|Convert all URLs and Org links in | +| |current Org entry to Org headings, each | +| |containing the web page content of that | +| |URL, converted to Org-mode text and | +| |processed with eww-readable. This should| +| |be called on an entry that solely | +| |contains a list of URLs or links. | ++-------------------------------------------+----------------------------------------+ +|org-web-tools-archive-attach |Download archive of page at URL and | +| |attach with org-attach. If CHOOSE-FN is | +| |non-nil (interactively, with universal | +| |prefix), prompt for the archive function| +| |to use. If VIEW is non-nil | +| |(interactively, with two universal | +| |prefixes), view the archive immediately | +| |after attaching. (See also org-board). | ++-------------------------------------------+----------------------------------------+ +|org-web-tools-archive-view |Open Zip file archive of web | +| |page. Extracts to a temp directory and | +| |opens with | +| |browse-url-default-browser. Note, the | +| |extracted files are left on-disk in the | +| |temp directory. | ++-------------------------------------------+----------------------------------------+ + +* Troubleshooting + +The attach command does not work natively because wget's variables are set incorrectly. The solution is: + + +#+begin_src emacs-lisp +(use-package org-web-tools + :ensure t + :config + (setq org-web-tools-archive-wget-options + (delete "--execute robots=off" org-web-tools-archive-wget-options)) + (setq org-web-tools-archive-wget-html-only-options + (delete "--execute robots=off" org-web-tools-archive-wget-html-only-options)) + + (add-to-list 'org-web-tools-archive-wget-options "-e robots=off") + (add-to-list 'org-web-tools-archive-wget-html-only-options "-e robots=off")) +#+end_src + +Nevertheless, the normal attach function cannot be used, but only the command with C-u as prefix (1xtype and then the command. There then HTML-only or tar with resources can be used. + + +* Functions +These are used in the commands above and may be useful in building your own commands. + ++--------------------------------------+------------------------------+ +|org-web-tools--dom-to-html |Return parsed HTML DOM as an | +| |HTML string. Note: This is an | +| |approximation and is not | +| |necessarily correct HTML | +| |(e.g. IMG tags may be rendered| +| |with a closing “” tag). | ++--------------------------------------+------------------------------+ +|org-web-tools--eww-readable |Return “readable” part of HTML| +| |with title. | ++--------------------------------------+------------------------------+ +|org-web-tools--get-url |Return content for URL as | +| |string. | ++--------------------------------------+------------------------------+ +|org-web-tools--html-title |Return title of HTML page. | ++--------------------------------------+------------------------------+ +|org-web-tools--html-to-org-with-pandoc|Return string of HTML | +| |converted to Org with | +| |Pandoc. When SELECTOR is | +| |non-nil, the HTML is filtered | +| |using esxml-query SELECTOR and| +| |re-rendered to HTML with | +| |org-web-tools--dom-to-html, | +| |which see. | ++--------------------------------------+------------------------------+ +|org-web-tools--url-as-readable-org |Return string containing Org | +| |entry of URL’s web page | +| |content. Content is processed | +| |with eww-readable and | +| |Pandoc. Entry will be a | +| |top-level heading, with | +| |article contents below a | +| |second-level “Article” | +| |heading, and a timestamp in | +| |the first-level entry for | +| |writing comments. | ++--------------------------------------+------------------------------+ +|org-web-tools--demote-headings-below |Demote all headings in buffer | +| |so the highest level is below | +| |LEVEL. | ++--------------------------------------+------------------------------+ +|org-web-tools--get-first-url |Return URL in clipboard, or | +| |first URL in the kill-ring, or| +| |nil if none. | ++--------------------------------------+------------------------------+ +|org-web-tools--read-url |Return a URL by searching at | +| |point, then in clipboard, then| +| |in kill-ring, and finally | +| |prompting the user. | ++--------------------------------------+------------------------------+ +|org-web-tools--read-org-bracket-link |Return (TARGET . DESCRIPTION) | +| |for Org bracket LINK or next | +| |link on current line. | ++--------------------------------------+------------------------------+ +|org-web-tools--remove-dos-crlf |Remove all DOS CRLF (^M) in | +| |buffer. | ++--------------------------------------+------------------------------+ + + diff --git a/20230522133129-pandoc.org b/20230522133129-pandoc.org new file mode 100644 index 0000000..1ab3e53 --- /dev/null +++ b/20230522133129-pandoc.org @@ -0,0 +1,318 @@ +:PROPERTIES: +:ID: 75ea690d-deee-4592-ae99-1c2385c208fb +:END: +#+title: pandoc +#+filetags: :linux: + +Pandoc is a converter tool written in Haskell. Files can be converted from the [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]]. It is a part of the [[id:f68dfc34-5349-42d1-8074-6c4be231a69b][org-web-tools]] but can also be used as a standalone programme. + + +* [[https://pandoc.org/demos.html][Pandoc - Demos]] :website: + +[2023-03-04 Sa 10:28] + +You can try pandoc online [[http://johnmacfarlane.net/pandoc/try][here]]. + +*** Examples + +To see the output created by each of the commands below, click on the name of the output file: + +1. HTML fragment: + + #+begin_example + pandoc MANUAL.txt -o example1.html + #+end_example + +2. Standalone HTML file: + + #+begin_example + pandoc -s MANUAL.txt -o example2.html + #+end_example + +3. HTML with table of contents, CSS, and custom footer: + + #+begin_example + pandoc -s --toc -c pandoc.css -A footer.html MANUAL.txt -o example3.html + #+end_example + +4. [[id:345d5300-432c-4f6f-98a4-4527e955927f][latex]]: + + #+begin_example + pandoc -s MANUAL.txt -o example4.tex + #+end_example + +5. From LaTeX to markdown: + + #+begin_example + pandoc -s example4.tex -o example5.text + #+end_example + +6. reStructuredText: + + #+begin_example + pandoc -s -t rst --toc MANUAL.txt -o example6.text + #+end_example + +7. Rich text format (RTF): + + #+begin_example + pandoc -s MANUAL.txt -o example7.rtf + #+end_example + +8. Beamer slide show: + + #+begin_example + pandoc -t beamer SLIDES -o example8.pdf + #+end_example + +9. DocBook XML: + + #+begin_example + pandoc -s -t docbook MANUAL.txt -o example9.db + #+end_example + +10. Man page: + + #+begin_example + pandoc -s -t man pandoc.1.md -o example10.1 + #+end_example + +11. ConTeXt: + + #+begin_example + pandoc -s -t context MANUAL.txt -o example11.tex + #+end_example + +12. Converting a web page to markdown: + + #+begin_example + pandoc -s -r html http://www.gnu.org/software/make/ -o example12.text + #+end_example + +13. From markdown to PDF: + + #+begin_example + pandoc MANUAL.txt --pdf-engine=xelatex -o example13.pdf + #+end_example + +14. PDF with numbered sections and a custom LaTeX header: + + #+begin_example + pandoc -N --variable "geometry=margin=1.2in" --variable mainfont="Palatino" --variable sansfont="Helvetica" --variable monofont="Menlo" --variable fontsize=12pt --variable version=2.0 MANUAL.txt --include-in-header fancyheaders.tex --pdf-engine=xelatex --toc -o example14.pdf + #+end_example + +15. ipynb (Jupyter notebook): + + #+begin_example + pandoc example15.md -o example15.ipynb + #+end_example + +16. HTML slide shows: + + #+begin_example + pandoc -s --mathml -i -t dzslides SLIDES -o example16a.html + #+end_example + + #+begin_example + pandoc -s --webtex -i -t slidy SLIDES -o example16b.html + #+end_example + + #+begin_example + pandoc -s --mathjax -i -t revealjs SLIDES -o example16d.html + #+end_example + +17. TeX math in HTML: + + #+begin_example + pandoc math.text -s -o mathDefault.html + #+end_example + + #+begin_example + pandoc math.text -s --mathml -o mathMathML.html + #+end_example + + #+begin_example + pandoc math.text -s --webtex -o mathWebTeX.html + #+end_example + + #+begin_example + pandoc math.text -s --mathjax -o mathMathJax.html + #+end_example + + #+begin_example + pandoc math.text -s --katex -o mathKaTeX.html + #+end_example + +18. Syntax highlighting of delimited code blocks: + + #+begin_example + pandoc code.text -s --highlight-style pygments -o example18a.html + #+end_example + + #+begin_example + pandoc code.text -s --highlight-style kate -o example18b.html + #+end_example + + #+begin_example + pandoc code.text -s --highlight-style monochrome -o example18c.html + #+end_example + + #+begin_example + pandoc code.text -s --highlight-style espresso -o example18d.html + #+end_example + + #+begin_example + pandoc code.text -s --highlight-style haddock -o example18e.html + #+end_example + + #+begin_example + pandoc code.text -s --highlight-style tango -o example18f.html + #+end_example + + #+begin_example + pandoc code.text -s --highlight-style zenburn -o example18g.html + #+end_example + +19. GNU Texinfo, converted to info and HTML formats: + + #+begin_example + pandoc MANUAL.txt -s -o example19.texi + #+end_example + + #+begin_example + makeinfo --no-validate --force example19.texi -o example19.info + #+end_example + + #+begin_example + makeinfo --no-validate --force example19.texi --html -o example19 + #+end_example + +20. OpenDocument XML: + + #+begin_example + pandoc MANUAL.txt -s -t opendocument -o example20.xml + #+end_example + +21. ODT (OpenDocument Text, readable by OpenOffice): + + #+begin_example + pandoc MANUAL.txt -o example21.odt + #+end_example + +22. MediaWiki markup: + + #+begin_example + pandoc -s -t mediawiki --toc MANUAL.txt -o example22.wiki + #+end_example + +23. EPUB ebook: + + #+begin_example + pandoc MANUAL.txt -o MANUAL.epub + #+end_example + +24. Markdown citations: + + #+begin_example + pandoc -s --bibliography biblio.bib --citeproc CITATIONS -o example24a.html + #+end_example + + #+begin_example + pandoc -s --bibliography biblio.json --citeproc --csl chicago-fullnote-bibliography.csl CITATIONS -o example24b.html + #+end_example + + #+begin_example + pandoc -s --bibliography biblio.yaml --citeproc --csl ieee.csl CITATIONS -t man -o example24c.1 + #+end_example + +25. Textile writer: + + #+begin_example + pandoc -s MANUAL.txt -t textile -o example25.textile + #+end_example + +26. Textile reader: + + #+begin_example + pandoc -s example25.textile -f textile -t html -o example26.html + #+end_example + +27. [[id:66d0f2d2-f2ea-4ab6-af2c-fefaaab755a5][org-mode]]: + + #+begin_example + pandoc -s MANUAL.txt -o example27.org + #+end_example + +28. AsciiDoc: + + #+begin_example + pandoc -s MANUAL.txt -t asciidoc -o example28.txt + #+end_example + +29. Word docx: + + #+begin_example + pandoc -s MANUAL.txt -o example29.docx + #+end_example + +30. LaTeX math to docx: + + #+begin_example + pandoc -s math.tex -o example30.docx + #+end_example + +31. DocBook to markdown: + + #+begin_example + pandoc -f docbook -t markdown -s howto.xml -o example31.text + #+end_example + +32. MediaWiki to html5: + + #+begin_example + pandoc -f mediawiki -t html5 -s haskell.wiki -o example32.html + #+end_example + +33. Chunked HTML: + + #+begin_example + pandoc -t chunkedhtml --split-level=2 --toc --toc-depth=2 --number-sections -o example33 MANUAL.txt + #+end_example + +34. Docx with a reference docx: + + #+begin_example + pandoc --reference-doc twocolumns.docx -o UsersGuide.docx MANUAL.txt + #+end_example + +35. Docx to markdown, including math: + + #+begin_example + pandoc -s example30.docx -t markdown -o example35.md + #+end_example + +36. EPUB to plain text: + + #+begin_example + pandoc MANUAL.epub -t plain -o example36.text + #+end_example + +37. Using a template to produce a table from structured data: + + #+begin_example + pandoc fishwatch.yaml -t rst --template fishtable.rst -o fish.rst # see also the partial species.rst + #+end_example + +38. Converting a bibliography from BibTeX to CSL JSON: + + #+begin_example + pandoc biblio.bib -t csljson -o biblio2.json + #+end_example + +39. Producing a formatted version of a bibliography: + + #+begin_example + pandoc biblio.bib --citeproc --csl ieee.csl -s -o biblio.html + #+end_example + + diff --git a/20230522133530-helm_bibtex.org b/20230522133530-helm_bibtex.org new file mode 100644 index 0000000..958c73e --- /dev/null +++ b/20230522133530-helm_bibtex.org @@ -0,0 +1,86 @@ +:PROPERTIES: +:ID: b3503901-bb4f-4fda-b85f-5e738df311fb +:END: +#+title: helm-bibtex +#+filetags: :EMACS: + +Helm-bibtex is a search engine based on Helm literature. You can specify here the path to the bibtex file and to the corresponding PDF. + + +* Minimal config +#+begin_src emacs-lisp + ;;(autoload 'helm-bibtex "helm-bibtex" "" t) + (use-package helm-bibtex + :ensure t + ) + #+end_src + A minimal configuration involves telling bibtex-completion where your bibliographies can be found: + #+begin_src emacs-lisp + +(setq bibtex-completion-bibliography + '("/path/to/bibtex-file-1.bib" + "/path/to/bibtex-file-2.bib")) + + #+end_src +Org-bibtex users can also specify org-mode bibliography files, in which case it will be assumed that a BibTeX file exists with the same name and extension bib instead of org. If the bib file has a different name, use a cons cell ("orgfile.org" . “bibfile.bib") instead: +#+begin_src emacs-lisp + (setq bibtex-completion-bibliography + '("/path/to/bibtex-file-1.bib" + "/path/to/org-bibtex-file.org" + ("/path/to/org-bibtex-file2.org" . "/path/to/bibtex-file.bib"))) +#+end_src +* Basic config +Specify where PDFs can be found: +#+begin_src emacs-lisp +(setq bibtex-completion-library-path '("/path1/to/pdfs" "/path2/to/pdfs")) +#+end_src +Bibtex-completion assumes that the name of a PDF consists of the BibTeX key followed plus a user-defined suffix (.pdf by default). For example, if a BibTeX entry has the key Darwin1859, bibtex-completion searches for Darwin1859.pdf. + +If the BibTeX entries have a field that specifies the full path to the PDFs, that field can also be used. For example, JabRef and Zotero store the location of PDFs in a field called File: +#+begin_src emacs-lisp +(setq bibtex-completion-pdf-field "File") +#+end_src +If bibtex-completion-pdf-field is non-nil, bibtex-completion will first try to retrieve the file specified in this field. If the field is not set for an entry or if the specified file does not exists, bibtex-completion falls back to the method described above (searching for key + .pdf in the directories listed in bibtex-completion-library-path). + +File specifications can be bare paths or follow the format used by JabRef, Zotero, Calibre, and Mendeley. This format also allows the specification of multiple files (e.g., the main paper and supplementary material). Examples: + +File = {/path/to/article.pdf} +File = {:/path/to/article.pdf:PDF} +File = {:/path/to/article.pdf:PDF;:/path/to/supplementary_materials.pdf:PDF} + +* Notes +ibtex-completion supports two methods for storing notes. It can either store all notes in one file or store notes in multiple files, one file per publication. In the first case, the customization variable bibtex-completion-notes-path has to be set to the full path of the notes file: + +#+begin_src emacs-lisp +(setq bibtex-completion-notes-path "/path/to/notes.org") +#+end_src +If one file per publication is preferred, bibtex-completion-notes-path should point to the directory used for storing the notes files: + +#+begin_src emacs-lisp +(setq bibtex-completion-notes-path "/path/to/notes") +#+end_src +The names of these files consist of the BibTeX key plus a user-defined suffix (.org by default). + +At this point most people will be ready to go. Skip to Usage below to see how to use helm-bibtex and ivy-bibtex. + +* Follow Processor +Invoking helm-bibtex or ivy-bibtex when point is on an org-mode citation will automatically select that key. However, the default org-open-at-point on a org citation will take you to the corresponding bibliography entry. The following code will change this behavior to instead open helm-bibtex-follow when following an org citation by entering RET or clicking on it: + +#+begin_src emacs-lisp +(setq org-cite-follow-processor 'helm-bibtex-org-cite-follow) +#+end_src +Note in the case of an org citation with multiple keys, the above code will not preselect any entry when the [cite: portion is selected. See here for the ivy alternative. + +* LaTeX citation commands +Bibtex-completion prompts for a LaTeX citation command when inserting citations in LaTeX documents. The list of commands available for auto-completion can be defined using the variable bibtex-completion-cite-commands. + +The default setting includes all cite commands defined in biblatex (except multicite commands and \volcite et al.). If no command is entered, a default command is used which can be configured using bibtex-completion-cite-default-command. The default value for the default command is cite. The variable bibtex-completion-cite-default-as-initial-input controls how the default command is used. If t, it is inserted into the minibuffer before reading input from the user. If nil, it is not inserted into the minibuffer but used as the default if the user doesn’t enter anything. + +By default, bibtex-completion also prompts for the optional pre- and postnotes for the citation. This can be switched off by setting the variable bibtex-completion-cite-prompt-for-optional-arguments to nil. + +See also the section Insert LaTeX cite commands below. +* Insert LaTeX cite commands +The action for inserting a citation command into a LaTeX document prompts for the citation command and, if applicable, for the pre- and postnote arguments. The prompt for the citation command has its own minibuffer history, which means that previous inputs can be accessed by pressing the key for helm-bibtex or M-p for ivy-bibtex. By pressing it is also possible to access the list of all citation commands defined in biblatex (except for multicite commands and volcite et al. which have different argument structures). The prompt also supports auto-completion via the tab key. If no command is entered, the default command is used. The default command is defined in the customization variable bibtex-completion-cite-default-command. By default, helm-bibtex and ivy-bibtex prompt for pre- and postnotes for the citation. This can be switched off by setting the variable bibtex-completion-cite-prompt-for-optional-arguments to nil. + + + diff --git a/20230522133838-org_roam.org b/20230522133838-org_roam.org new file mode 100644 index 0000000..bf7a9d3 --- /dev/null +++ b/20230522133838-org_roam.org @@ -0,0 +1,16 @@ +:PROPERTIES: +:ID: 9d782b7c-5d45-4963-96f4-ee01a00ba280 +:END: +#+title: org-roam +#+filetags: :EMACS:ORG: + + +Org-roam is an application in [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] that allows to index [[id:66d0f2d2-f2ea-4ab6-af2c-fefaaab755a5][org]] files and collect them in a database. Among other things, this can be used to create a "second brain". By default, every heading and org document that is in the Roam directory is added to the database. This behavior can be prevented with a property. + + + #+begin_src emacs-lisp + ;; :PROPERTIES: + ;;:ID: foo + ;;:ROAM_EXCLUDE: t + ;;:END: + #+end_src diff --git a/20230522134224-org_mode.org b/20230522134224-org_mode.org new file mode 100644 index 0000000..93f1fda --- /dev/null +++ b/20230522134224-org_mode.org @@ -0,0 +1,14 @@ +:PROPERTIES: +:ID: 66d0f2d2-f2ea-4ab6-af2c-fefaaab755a5 +:END: +#+title: org-mode +#+filetags: :INDEX:EMACS:ORG: + +Org-Mode is an [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] built-in that allows to create markdown-like notes. It is the basic framework for various other Emacs packages and programs. A list of these programs follows here. + +* Index +** [[id:9ce51551-fcb1-446a-9924-9dd26f5d56aa][helm-org-rifle]] +** [[id:f68dfc34-5349-42d1-8074-6c4be231a69b][org-web-tools]] +** [[id:7bd1f7dd-fcb2-4efc-a4df-f233a4bf3fcd][org-gcal]] +** [[id:b02ca084-7831-4013-8389-45f4cd969e25][org-attach]] +** [[id:7f5dafdd-7d74-4551-bd7b-666729b1c1d4][org-marginalia]] diff --git a/20230522134437-org_marginalia.org b/20230522134437-org_marginalia.org new file mode 100644 index 0000000..4b26605 --- /dev/null +++ b/20230522134437-org_marginalia.org @@ -0,0 +1,64 @@ +:PROPERTIES: +:ID: 7f5dafdd-7d74-4551-bd7b-666729b1c1d4 +:END: +#+title: org-marginalia +Org-marginalia ist ein [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] addon Package, welches es ermöglicht, Notes an ordinäre .org-Files anzuhängen und diese auch zu markieren. Dieses Package ist nicht in [[id:79bae242-a2b4-4753-9960-1f929c8c6300][melpa]] enthalten und muss deshalb über die Befehle + +#+begin_src emacs-lisp +(add-to-list 'load-path "~/.emacs.d/packages/marginalia") +#+end_src + +und + +#+begin_src emacs-lisp + (require 'org-marginalia) + #+end_src +Eingefügt werden. + +Außerdem wird der Mode noch in die Texthook eingefügt. + #+begin_src emacs-lisp + + (setq om/notes-file-path "~/org/annotations/file-notes/diss_notes.org") + (add-hook 'after-init-hook (lambda() + (add-to-list 'load-path "~/local-repos/org-marginalia/") + (require 'org-marginalia) + (add-hook 'text-mode-hook #'org-marginalia-mode 1) + + +#+end_src + +Die Markierungen müssen manuell über ~om/save~ gespeichert werden, ansonsten muss das in die "after-save-hook" + +* Befehle +** ~org-marginalia-mode~ +Org-marginalia is a local minor mode. Toggle it on/off with using org-marginalia-mode. On activating, it loads your saved highlights from the marginalia file (defined by om/notes-file-path), and enables automatic saving of highlights. The automatic saving is achieved via function om/save added to after-save-hook. + +** ~om/mark~ (C-c m by default) +Select a region of text, and call om/mark to highlight the region. It will generate a new ID, and start tracking the location – so you can edit text around the highlighted text. Do not cut, copy and paste as the highlight will disappear and it is a bit tricky to recover it. To create a new margin note entry in the marginalia file, save the buffer. + +** ~om/save~ +By default, Org-marginalia automatically creates or updates corresponding entries in the marginalia file with location and text of highlights on saving the buffer. Nevertheless, you can manually call om/save to do so (automatic process also call this command). + +** ~om/open~ (C-c n o by default) +Move your cursor on the highlighted text, and call om/open to open the relevant margin notes in a separate window. Your cursor will move to the marginalia buffer narrowed to the relevant margin notes entry. You can edit the marginalia buffer as a normal Org buffer. Once you have done editing, you may simply save and close the it (kill it or close the window) as per your normal workflow. Technically, the marginalia buffer is a cloned indirect buffer of the marginalia file. + +** ~om/load~ +This command visits the marginalia file and loads the saved highlights onto the current buffer. If there is no margin notes for it, it will output a message in the echo. Highlights tracked locally by Org-marginalia cannot persist when you kill the buffer, or quit Emacs. When you re-launch Emacs, ensure to turn on org-marginalia-mode to load the highlights. Loading is automatically done when you activate the minor mode. + +** ~om/remove~ +This command removes the highlight at point. It will remove the highlight, and remove the properties from the marginalia, but will keep the headline and notes in tact. + +** ~om/next~ (C-c n ] by default) +Move to the next highlight if any. If there is none below the cursor, and there is a highlight above, loop back to the top one. + +** ~om/prev~ (C-c n [ by default) +Move to the previous highlight if any. If there is none above the cursor, and there is a highlight below, loop back to the bottom one. + +** ~om/toggle~ +Toggle showing/hiding of highlighters in current buffer. It only affects the display of the highlighters. When hidden, highlights’ locations are still kept tracked; thus, upon buffer-save the correct locations are still recorded in the marginalia file. + +* Customizing +You can customize settings in the ~org-marginalia~ group. +Highlight’s face can be changed via ~om/highlighter~ +Marginalia file is defined by ~om/notes-file-path~ + diff --git a/20230522134551-melpa.org b/20230522134551-melpa.org new file mode 100644 index 0000000..1f3e6af --- /dev/null +++ b/20230522134551-melpa.org @@ -0,0 +1,22 @@ +:PROPERTIES: +:ID: 79bae242-a2b4-4753-9960-1f929c8c6300 +:END: +#+title: melpa +#+filetags: :EMACS: + +MELPA (Milkypostman's Emacs Lisp Package Archive) is a package manager of [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]], the [[id:4e30f168-3601-4b99-9daa-790161c03901][elpa]] extension to some (many) more packages. + + +* Up-to-date packages built on our [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][servers]] from upstream source +* Installable in any Emacs with 'package.el' +no local version-control tools needed +* Curated +no obsolete, renamed, forked or randomly hacked packages +* Comprehensive +more packages than any other archive +* Automatic updates +new commits result in new packages +* Extensible +contribute new recipes, and we'll build the packages + + diff --git a/20230522134725-elpa.org b/20230522134725-elpa.org new file mode 100644 index 0000000..8fabb5f --- /dev/null +++ b/20230522134725-elpa.org @@ -0,0 +1,9 @@ +:PROPERTIES: +:ID: 4e30f168-3601-4b99-9daa-790161c03901 +:END: +#+title: elpa +#+filetags: :EMACS: + +ELPA is the Emacs Lisp [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package archive]], written originally by TomTromey. It is included in Gnu [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] starting with version 24. package.el is the package manager library for ELPA. another possible package archive is [[id:79bae242-a2b4-4753-9960-1f929c8c6300][melpa]]. + + diff --git a/20230523094356-betterlockscreen.org b/20230523094356-betterlockscreen.org new file mode 100644 index 0000000..024f9e9 --- /dev/null +++ b/20230523094356-betterlockscreen.org @@ -0,0 +1,16 @@ +:PROPERTIES: +:ID: 71c7b2c6-8601-446c-bdbb-3598d74be178 +:END: +#+title: betterlockscreen + +The lockscreen used by [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] and [[id:2f4f9e1b-ed75-4e35-b6db-b26ab8f60c15][archlinux-logout]]. Is also called Arcolinux-betterlockscreen. +* Location +Location: ~/.config/arcolinux-betterlockscreen +* Commands +** -u /Path/to/file +*** Bilder Cashen +*** Funktioniert nicht mit Arcologout +*** ohne "" +** -l +*** lock den Bildschirm mit dem gecashten Bild + diff --git a/20230523094510-archlinux_logout.org b/20230523094510-archlinux_logout.org new file mode 100644 index 0000000..a9afc85 --- /dev/null +++ b/20230523094510-archlinux_logout.org @@ -0,0 +1,17 @@ +:PROPERTIES: +:ID: 2f4f9e1b-ed75-4e35-b6db-b26ab8f60c15 +:END: +#+title: archlinux-logout + +Locking manager used by [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]]. Is used by the [[id:0613de5a-4b4f-429a-ba52-09d63c0a92d6][window-manager]] to lock the session or to shut it down. + +* Key-combination +#+begin_src bash + [super-x] +#+end_src +* Location +#+begin_src bash + ~/.config/archlinux-logout/archlinux-logout.conf +#+end_src +* Integrates +[[id:71c7b2c6-8601-446c-bdbb-3598d74be178][betterlockscreen]] diff --git a/20230523095800-keychain.org b/20230523095800-keychain.org new file mode 100644 index 0000000..a617814 --- /dev/null +++ b/20230523095800-keychain.org @@ -0,0 +1,13 @@ +:PROPERTIES: +:ID: 404dad63-5eb6-4328-ae85-475874b48ac4 +:END: +#+title: keychain +#+filetags: :linux: + +A Linux program that allows access to the gpg keychain. The password should only have to be entered once. Keychain is called in the HerbstluftWM config. + +* The command there is: +#+begin_src sh +keychain --agents gpg +#+end_src +This will only consider the gpg agents, but not the ssh agents. diff --git a/20230523100211-pulse_audio.org b/20230523100211-pulse_audio.org new file mode 100644 index 0000000..6170e8a --- /dev/null +++ b/20230523100211-pulse_audio.org @@ -0,0 +1,40 @@ +:PROPERTIES: +:ID: efaaf6e8-b638-497b-bfc2-366d64f2413b +:END: +#+title: pulse-audio +#+filetags: :linux: + +Linux program to control the audio drivers. Does not work very well with the Sounblaster-Z soundcard. It works only an old version with old alsa-card-profiles. The update of Pulseaudio, alsa and alsa-cardprofiles is suspended so that these programs are not updated. + +An update should therefore always be performed via update and not via pacman -Suy. + + + +If this is the case, you can use the command: +[[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] access needed ([[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]) +#+begin_src bash +sudo pacman -U /var/cache/pacman/pkg/libpulse-14.2-3-x86_64.pkg.tar.zst /var/cache/pacman/pkg/pulseaudio-14.2-3-x86_64.pkg.tar.zst /var/cache/pacman/pkg/alsa-card-profiles-1\:0.3.32-1-x86_64.pkg.tar.zst +#+end_src + +Restore the old constellation. + + + +Otherwise simply: + +#+begin_src +alsactl init +#+end_src + + + + +Solutions that did not work: + +#+begin_src bash +options snd-hda-intel dmic_detect=0 + +options snd-hda-intel model=generic +#+end_src + +Those [[id:18661cd7-f886-48b7-91e6-190ebe24a6df][pulse-audio-settings]] could make audio quality better. diff --git a/20230523100635-pulse_audio_settings.org b/20230523100635-pulse_audio_settings.org new file mode 100644 index 0000000..8e347b5 --- /dev/null +++ b/20230523100635-pulse_audio_settings.org @@ -0,0 +1,50 @@ +:PROPERTIES: +:ID: 18661cd7-f886-48b7-91e6-190ebe24a6df +:END: +#+title: pulse-audio-settings +#+filetags: :linux:pulse-audio: + + +* Binaural audio with OpenAL +For games using OpenAL, if you use headphones you may get much better positional audio using OpenAL's HRTF filters. To enable, run the following command: + +#+begin_src bash +echo "hrtf = true" >> ~/.alsoftrc +#+end_src +Alternatively, install openal-hrtfAUR from the AUR, and edit the options in /etc/openal/alsoftrc.conf + +For Source games, the ingame setting `dsp_slow_cpu` must be set to `1` to enable HRTF, otherwise the game will enable its own processing instead. You will also either need to set up Steam to use native runtime, or link its copy of openal.so to your own local copy. For completeness, also use the following options: + +#+begin_src bash +dsp_slow_cpu 1 # Disable in-game spatialiazation +#+end_src + +snd_spatialize_roundrobin 1 # Disable spatialization 1.0*100% of sounds +dsp_enhance_stereo 0 # Disable DSP sound effects. You may want to leave this on, if you find it does not interfere with your perception of the sound effects. +snd_pitchquality 1 # Use high quality sounds +* Tuning PulseAudio +If you are using PulseAudio, you may wish to tweak some default settings to make sure it is running optimally. + +** Enabling realtime priority and negative nice level +Pulseaudio is built to be run with realtime priority, being an audio daemon. However, because of security risks of it locking up the system, it is scheduled as a regular thread by default. To adjust this, first make sure you are in the audio group. Then, uncomment and edit the following lines in /etc/pulse/daemon.conf: + +/etc/pulse/daemon.conf +#+begin_src bash +high-priority = yes +nice-level = -11 + +realtime-scheduling = yes +realtime-priority = 5 +#+end_src +and restart pulseaudio. + +** Using higher quality remixing for better sound +PulseAudio on Arch uses speex-float-1 by default to remix channels, which is considered a 'medium-low' quality remixing. If your system can handle the extra load, you may benefit from setting it to one of the following instead: + +#+begin_src bash +resample-method = speex-float-10 +#+end_src + +** Matching hardware buffers to Pulse's buffering +Matching the buffers can reduce stuttering and increase performance marginally. See here for more details. + diff --git a/20230523101440-xdg.org b/20230523101440-xdg.org new file mode 100644 index 0000000..69e59d1 --- /dev/null +++ b/20230523101440-xdg.org @@ -0,0 +1,30 @@ +:PROPERTIES: +:ID: 6c1849a8-ab61-4ab1-b2e8-97d1d0dfb0fd +:END: +#+title: xdg +#+filetags: :linux: + +XDG is a tool that works with mimetypes. With the aid of xdg standard programs can be assigned to certain mimetypes, standard programs can be queried or mimetypes of programs can be displayed + +All standard programs are in the file +#+begin_src bash +~.config/mimeapps.list +#+end_src + +There also the input of xdg-mime default is stored. + +* Command +** xdg-open +opens the file with the default program specified for the file's mimetype. + +** xdg-open + opens the file with the default program specified for the file's mimetype. +** xdg-mime +*** query +Performs a query, after: +**** filetype +xdg-mime query filetype gibt den Mimetype dieser Datei zurück +**** default +xdg-mime query filetype returns the mimetype of this file +*** default +xdg-mime default .desktop sets the named program as the default program for the named mimetype, provided that this program has a ~.desktop~ entry in (user generated) ~/home//.ssh/id_rsa~, following enter two times the passphrase, which is created before in [[id:308a3798-0f57-4024-a561-c6d8153348e9][keepassxc]]. + +#+begin_src bash + cat .ssh/id_rsa.pub + cat .ssh/id_rsa.pub | ssh @ "cat >> .ssh/authorized_keys" +#+end_src +Note: Do this for all clients which want to save data. +Note: Check on backup-server with ~cat ~/home//.ssh/authorized_keys~ whether the keys have been piped over. +* Change the file on backup-server, which before created in ~/home//.ssh/authorized_keys~ and write following command before the corresponding ssh-key +#+begin_src bash +command="borg serve --restrict-to-path /home//backups/ --append-only" +#+end_src +* Create on client a backup directory and a backup.sh file +#+begin_src bash + mkdir -p backups + touch backup.sh + sudo nano backup.sh +#+end_src +For the last command you need [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priviliges or [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]. +Insert following script into the backup.sh file +#+begin_src bash +#!/bin/bash +DATE=`date +"%Y-%m-%d"` +REPOSITORY="ssh://@:22/~/backups/" +export BORG_PASSPHRASE=" " +borg create $REPOSITORY::$DATE /home// --exclude-caches +#+end_src +Make script executable +#+begin_src bash + chmod +x ./backup.sh +#+end_src +* Create on backup-server a backup directonary and for each client a folder inside the backup folder +#+begin_src bash + mkdir -p backups/ +#+end_src +Note: The name ~~ folder must be the same like the command in the ~/home//.ssh/authorized_keys~ file on the backup-server, which is written before the corresponding ssh-key +* Create a borg repo for created client folder +#+begin_src bash + borg init --encryption=repokey backups/ +#+end_src +After enter two times the passphrase for each client. Choose yes/no if the passphrase should be displayed. +* Create a backup +The following command is listed in path ~/home//backups~ on each client +#+begin_src bash + ./backup.sh +#+end_src +Answer "yes" to fingerprint. +Note: If the backup failed, change the owner/user for the folder, which want to be saved. +#+begin_src bash + chmod -r +#+end_src +** List & [[id:c69a77dc-f87f-418c-9870-eedddc43be37][mount]] a backup for each client +#+begin_src bash + borg list /home//backups/ + mkdir mnt + borg mount /home//backups/ mnt/ +#+end_src +Enter the passphrase. +* Restore backup +To restore the backup the borg key and the corresponding passphrase is neccessary. +Get the borg key on the backup-server from each client +#+begin_src bash + borg key export /home//backups/ key-export_ + cat key-export_ + rm key-export_ (after copy and saved on a extern hdd) +#+end_src +* Create a [[id:94b5e3fb-bbf9-40ec-902f-9e15c74c5f99][crontab]] as user +#+begin_src bash + crontab -e + 0 2 * * * /home//backups/backup.sh +#+end_src +* Create a prune-backup.sh file for to automatically manage the created backups. +#+begin_src bash + #!/bin/bash + + # : + export BORG_PASSPHRASE="" + borg prune -v ~/backups/ \ + --keep-daily=30 + --keep-weekly=5 + --keep-monthly=12 +#+end_src +Make script executable +#+begin_src bash + chmod +x prune-backup.sh + ./prune-backup.sh +#+end_src diff --git a/20230607132218-cluster.org b/20230607132218-cluster.org new file mode 100644 index 0000000..d4afc50 --- /dev/null +++ b/20230607132218-cluster.org @@ -0,0 +1,35 @@ +:PROPERTIES: +:ID: 408e8348-778a-4fbd-a14d-9f3d9c595b4a +:END: +#+title: cluster +A computer cluster is a set of computers that work together so that they can be viewed as a single system. Unlike grid computers, computer clusters have each node set to perform the same task, controlled and scheduled by software. + +The components of a cluster are usually connected to each other through fast local area networks ([[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]]), with each node (computer used as a [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]) running its own instance of an [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating system]]. In most circumstances, all of the nodes use the same hardware and the same operating system, although in some setups (e.g. using Open Source Cluster Application Resources (OSCAR)), different operating systems can be used on each computer, or different hardware. + +Clusters are usually deployed to improve performance and availability over that of a single computer, while typically being much more cost-effective than single computers of comparable speed or availability. +The cluster deployed at Madrigal Inc is constructed of the following [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]: + + +* [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]list +** [[id:56a6d355-01cf-44b8-87c7-c77f9db2ce29][w3]] +** [[id:845742e6-33e3-4d5b-8a4e-5cec9f448862][w4]] +** [[id:cd93c833-85b6-4955-8660-d150373d4ac5][w5]] +** [[id:d48299ee-efe3-40d4-a223-26d2c772b522][w6]] +** [[id:a08abe7e-23ab-4b59-a105-9873dc79de43][w9]] +** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][w10]] +** [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][w11]] + +* [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][openmpi]] & [[id:422e07f8-c888-460f-849e-76d451946045][ssh-key]] & [[id:574b9e96-1a86-4e43-878c-30534e0dcecb][MBSE (Modell based system engineering)]] +** [[id:d54bf885-a702-48bb-b108-e9e982bc5952][mw0]] +** [[id:f13f2c9c-4550-4e44-8a14-dc327234d38e][cw1]] +** [[id:45e10136-fb77-4712-85ef-32adf5cdc489][cw2]] +** [[id:56a6d355-01cf-44b8-87c7-c77f9db2ce29][cw3]] +** [[id:845742e6-33e3-4d5b-8a4e-5cec9f448862][cw4]] +** [[id:cd93c833-85b6-4955-8660-d150373d4ac5][cw5]] +** [[id:d48299ee-efe3-40d4-a223-26d2c772b522][cw6]] +** [[id:a08abe7e-23ab-4b59-a105-9873dc79de43][cw9]] +** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][cw10]] + +Note: Client [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][W11]] isn't used in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] cluster because it's the backup-server. +Note: The [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]-key is also used for [[id:56d784ed-a87c-441f-b819-73369760ca32][borg-backup]]. +Note: wX = cwX & X = diff --git a/20230607132413-w0.org b/20230607132413-w0.org new file mode 100644 index 0000000..9e5e365 --- /dev/null +++ b/20230607132413-w0.org @@ -0,0 +1,16 @@ +:PROPERTIES: +:ID: d54bf885-a702-48bb-b108-e9e982bc5952 +:END: +#+title: server-w0 +#+filetags: :CLUSTER: + +Open-MP master and routing [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] for any [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] connection inside the 10.0.0.0/32 subnet. There are also some [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] container running on w0 as well as the [[id:46107a80-aa2d-4861-8362-6836c547dda4][rustdesk]] connection server. This server is also responsible for any [[id:80666401-173e-4828-9c29-552dab716946][dns]] request inside the regular- and subnet (192.0.0.0 and 10.0.0.0/32). +* Addresses +** regular [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] +*** 192.168.178.173 +*** w0.lan.green-chem.net +** wireguard [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]] +*** 10.0.0.3 +*** w0.internal.green-chem.net +** [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] MPI (master) +*** mw0 diff --git a/20230607132745-rustdesk.org b/20230607132745-rustdesk.org new file mode 100644 index 0000000..4b583ab --- /dev/null +++ b/20230607132745-rustdesk.org @@ -0,0 +1,9 @@ +:PROPERTIES: +:ID: 46107a80-aa2d-4861-8362-6836c547dda4 +:END: +#+title: rustdesk + +A desktop and screen sharing engine that can be run on premise as a self hosted service +RustDesk is a full-featured open source remote control alternative for self-hosting and security with minimal configuration. You have full control of your data, with no concerns about security. The [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] is open source and theres a choice between the fully featured Professional [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] available to purchase on our website and the basic free and OSS Server based on our Professional Server.(source rustdesk) + The rustdesk server can also be deployed via [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]]. + diff --git a/20230607132948-dns.org b/20230607132948-dns.org new file mode 100644 index 0000000..e7cea4d --- /dev/null +++ b/20230607132948-dns.org @@ -0,0 +1,23 @@ +:PROPERTIES: +:ID: 80666401-173e-4828-9c29-552dab716946 +:END: +#+title: dns +#+filetags: :network:basics: + +dynamic naming service that transforms [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] addresses into human readable form. can be used to give [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] domain names (A-entry) or to giver domain names an alias (Cname-entry). + +* How To change the local resolving dns server +If the pc changes the network interface (e.g. when connecting/disconnecting from wireguard subet) the network manager checks for the corresponding dns server. The usual server responsible for that is the networking router (ftitzbox 192.168.178.1). In the case of an internal server running the local dns this is not the case, because the Fritzbox does not have the corresponding dns entries for the local network. To change this behaviour one could change the [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] DNS Setting in ~/etc/wireguard/w1.conf~ for every peer that needs the new dns. If the dns should not be dependent on the wireguard connection ( relevance for [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]] server in local networks) the ~resolve.conf~ file should be changed to the local dns server. For that you must: + +** alter the file +Change ther file to look for the local dnbs server. ([[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] priv. needed ([[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]) +#+begin_src bash + sudo nano /etc/resolv.conf +#+end_src +To include the ~nameserver~ of your choice for example: +#+begin_src bash + nameserver 127.0.0.1 +#+end_src +If the Peer has its own nameserver running, or any other IP in the local network. + +NOTE: The server has to deploy the dns server on [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]] 53 for that to work and the [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in question has to have acces to this server port. diff --git a/20230607133620-server_w1.org b/20230607133620-server_w1.org new file mode 100644 index 0000000..e55671f --- /dev/null +++ b/20230607133620-server_w1.org @@ -0,0 +1,17 @@ +:PROPERTIES: +:ID: f13f2c9c-4550-4e44-8a14-dc327234d38e +:END: +#+title: server-w1 +#+filetags: :CLUSTER: + +Regular [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] +*** 192.168.178.168 +*** w1.lan.green-chem.net +** [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnet]] +*** 10.0.0.4 +*** w1.internal.green-chem.net +** open MPI +*** cw1 diff --git a/20230607134015-server_w2.org b/20230607134015-server_w2.org new file mode 100644 index 0000000..b2676ca --- /dev/null +++ b/20230607134015-server_w2.org @@ -0,0 +1,18 @@ +:PROPERTIES: +:ID: 45e10136-fb77-4712-85ef-32adf5cdc489 +:END: +#+title: server-w2 +#+filetags: :CLUSTER: + + +Regular [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] +*** 192.168.178.172 +*** w2.lan.green-chem.net +** [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnet]] +*** 10.0.0.2 +*** w2.internal.green-chem.net +** open MPI +*** cw2 diff --git a/20230607134339-server_w3.org b/20230607134339-server_w3.org new file mode 100644 index 0000000..ae9f989 --- /dev/null +++ b/20230607134339-server_w3.org @@ -0,0 +1,18 @@ +:PROPERTIES: +:ID: 56a6d355-01cf-44b8-87c7-c77f9db2ce29 +:END: +#+title: server-w3 +#+filetags: :CLUSTER: + +Regular [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] +*** 192.168.178.175 +*** w3.lan.green-chem.net +** [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnet]] +*** 10.0.0.5 +*** w3.internal.green-chem.net +** open MPI +*** cw3 + diff --git a/20230607134550-server_w4.org b/20230607134550-server_w4.org new file mode 100644 index 0000000..453aeb7 --- /dev/null +++ b/20230607134550-server_w4.org @@ -0,0 +1,18 @@ +:PROPERTIES: +:ID: 845742e6-33e3-4d5b-8a4e-5cec9f448862 +:END: +#+title: server-w4 +#+filetags: :CLUSTER: + +Regular [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] +*** 192.168.178.183 +*** w4.lan.green-chem.net +** [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] [[roam:subnet]] +*** 10.0.0.6 +*** w4.internal.green-chem.net +** open MPI +*** cw4 + diff --git a/20230607134731-server_w5.org b/20230607134731-server_w5.org new file mode 100644 index 0000000..29a9011 --- /dev/null +++ b/20230607134731-server_w5.org @@ -0,0 +1,18 @@ +:PROPERTIES: +:ID: cd93c833-85b6-4955-8660-d150373d4ac5 +:END: +#+title: server-w5 +#+filetags: :CLUSTER: + +Regular [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular lan +*** 192.168.178.186 +*** w5.lan.green-chem.net +** wireguard subnet +*** 10.0.0.7 +*** w5.internal.green-chem.net +** open MPI +*** cw5 + diff --git a/20230607134900-server_w6.org b/20230607134900-server_w6.org new file mode 100644 index 0000000..2b85f5f --- /dev/null +++ b/20230607134900-server_w6.org @@ -0,0 +1,18 @@ +:PROPERTIES: +:ID: d48299ee-efe3-40d4-a223-26d2c772b522 +:END: +#+title: server-w6 +#+filetags: :CLUSTER: + +Regular [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular lan +*** 192.168.178.182 +*** w6.lan.green-chem.net +** wireguard subnet +*** 10.0.0.8 +*** w6.internal.green-chem.net +** open MPI +*** cw6 + diff --git a/20230607135040-server_w9.org b/20230607135040-server_w9.org new file mode 100644 index 0000000..24d4a37 --- /dev/null +++ b/20230607135040-server_w9.org @@ -0,0 +1,18 @@ +:PROPERTIES: +:ID: a08abe7e-23ab-4b59-a105-9873dc79de43 +:END: +#+title: server-w9 +#+filetags: :CLUSTER: + +Regular [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular lan +*** 192.168.178.187 +*** w9.lan.green-chem.net +** wireguard subnet +*** 10.0.0.15 +*** w9.internal.green-chem.net +** open MPI +*** cw9 + diff --git a/20230607135227-server_w10.org b/20230607135227-server_w10.org new file mode 100644 index 0000000..4594cf0 --- /dev/null +++ b/20230607135227-server_w10.org @@ -0,0 +1,20 @@ +:PROPERTIES: +:ID: 80a4104e-af18-4d90-a45e-2c92b51e8c0c +:END: +#+title: server-w10 +#+filetags: :CLUSTER: + +Communication [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] of Madrigal Inc. There are some very important communication programms runnung on this server, such as [[id:7c74176b-a637-4d3b-838e-05fae7ad3789][nextcloud]], [[id:29c8ec85-9de8-4ace-8c52-13a086341861][rocket-chat]] and the [[id:5c50958e-e38d-4f6c-b111-2a50a48cc1de][freepbx]] [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][VM]]. This server is backed up via [[id:56d784ed-a87c-441f-b819-73369760ca32][borg-backup]] to the backup server ([[id:fbf9a139-a414-4349-b217-663f15e9a8bd][w11]]). + +Regular server [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] in the [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Addresses +** regular lan +*** 192.168.178.171 +*** w10.lan.green-chem.net +** wireguard subnet +*** 10.0.0.13 +*** w10.internal.green-chem.net +** open MPI +*** cw10 + diff --git a/20230607135405-rocket_chat.org b/20230607135405-rocket_chat.org new file mode 100644 index 0000000..f1247b0 --- /dev/null +++ b/20230607135405-rocket_chat.org @@ -0,0 +1,72 @@ +:PROPERTIES: +:ID: 29c8ec85-9de8-4ace-8c52-13a086341861 +:END: +#+title: rocket-chat +#+filetags: :communication: + +Main text communication programm. Runs as a [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] container on the communication [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] ([[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][server-w10]]). There exists no [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] file for the startup because the rocket-chat container in combination with the [[id:91deae5f-e670-4463-8fee-688212d13030][mongo-db]] is startted as a *stack* inside the [[id:4afb1f41-983a-4b54-9828-a1e3788eb28b][portainer]] [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]. The Rocketchat Gui is hosted via the [[id:90e3b8a2-b523-4044-af6f-fd4a559b2d7f][traefik_docker]]. + +* docker compose file +#+begin_src bash + services: + rocketchat: + image: registry.rocket.chat/rocketchat/rocket.chat:${RELEASE:-latest} + restart: on-failure + labels: + - "traefik.enable=true" + - "traefik.http.routers.rocketchat.entrypoints=websecure" + - "traefik.http.routers.rocketchat.rule=Host(`chat.green-chem.net`)" + - "traefik.http.routers.rocketchat.tls=true" + - "traefik.http.routers.rocketchat.tls.certresolver=production" + - "traefik.http.routers.rocketchat.service=rocketchat" + - "traefik.http.services.rocketchat.loadbalancer.server.port=3000" + - "traefik.docker.network=traefik_relay" + #- "traefik.http.routers.rocketchat.middlewares=default@file" + environment: + MONGO_URL: "${MONGO_URL:-\ + mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\ + ${MONGODB_DATABASE:-rocketchat}?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}" + MONGO_OPLOG_URL: "${MONGO_OPLOG_URL:\ + -mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\ + local?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}" + ROOT_URL: ${ROOT_URL:-http://localhost:${HOST_PORT:-3000}} + PORT: ${PORT:-3000} + DEPLOY_METHOD: docker + #DEPLOY_PLATFORM: ${DEPLOY_PLATFORM} + depends_on: + - mongodb + networks: + - chat_relay + - traefik_relay + mongodb: + image: docker.io/bitnami/mongodb:${MONGODB_VERSION:-latest} + restart: on-failure + volumes: + - mongodb_data:/bitnami/mongodb + environment: + MONGODB_REPLICA_SET_MODE: primary + MONGODB_REPLICA_SET_NAME: ${MONGODB_REPLICA_SET_NAME:-rs0} + MONGODB_PORT_NUMBER: ${MONGODB_PORT_NUMBER:-27017} + MONGODB_INITIAL_PRIMARY_HOST: ${MONGODB_INITIAL_PRIMARY_HOST:-mongodb} + MONGODB_INITIAL_PRIMARY_PORT_NUMBER: ${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017} + MONGODB_ADVERTISED_HOSTNAME: ${MONGODB_ADVERTISED_HOSTNAME:-mongodb} + MONGODB_ENABLE_JOURNAL: ${MONGODB_ENABLE_JOURNAL:-true} + ALLOW_EMPTY_PASSWORD: ${ALLOW_EMPTY_PASSWORD:-yes} + networks: + - chat_relay + +volumes: + mongodb_data: + +networks: + traefik_relay: + external: true + chat_relay: + internal: true +#+end_src + +* Networks +The internal network ~chat_relay~ will be created automatically but the external network ~traefik_relay~ has to be created beforhand when the traefik reverse proxy is created. + + + diff --git a/20230607135858-server_w11.org b/20230607135858-server_w11.org new file mode 100644 index 0000000..2a772c3 --- /dev/null +++ b/20230607135858-server_w11.org @@ -0,0 +1,7 @@ +:PROPERTIES: +:ID: fbf9a139-a414-4349-b217-663f15e9a8bd +:END: +#+title: server-w11 +#+filetags: :CLUSTER: + +Main Backup server of Madrigal Inc. [[id:56d784ed-a87c-441f-b819-73369760ca32][borg-backup]] is running here and creates encrypted backups chosen servers. diff --git a/20230607142156-keepassxc.org b/20230607142156-keepassxc.org new file mode 100644 index 0000000..1495527 --- /dev/null +++ b/20230607142156-keepassxc.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 308a3798-0f57-4024-a561-c6d8153348e9 +:END: +#+title: keepassxc + +Keyring for storing encrypted passwords. The keepss database is stored on [[id:d54bf885-a702-48bb-b108-e9e982bc5952][server-w0]] and backed up to [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][server-w11]]. diff --git a/20230607154216-mongo_db.org b/20230607154216-mongo_db.org new file mode 100644 index 0000000..0a4b83c --- /dev/null +++ b/20230607154216-mongo_db.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 91deae5f-e670-4463-8fee-688212d13030 +:END: +#+title: mongo-db +#+filetags: :docker: + +Mongo-DB is a database for storing user data like [[id:ae46c92b-d5fd-4172-944f-9165a61d2217][maria_DB]]. It is specialized to use in combination with [[id:29c8ec85-9de8-4ace-8c52-13a086341861][rocket-chat]] in [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]]. The container is run as a *stack* started inside the [[id:4afb1f41-983a-4b54-9828-a1e3788eb28b][portainer]] [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]. + diff --git a/20230607154727-traefik_docker.org b/20230607154727-traefik_docker.org new file mode 100644 index 0000000..64b129c --- /dev/null +++ b/20230607154727-traefik_docker.org @@ -0,0 +1,144 @@ +:PROPERTIES: +:ID: 90e3b8a2-b523-4044-af6f-fd4a559b2d7f +:END: +#+title: traefik_docker +#+filetags: :docker: + +Traefik is a reverse proxy for hosting various applications on [[id:80666401-173e-4828-9c29-552dab716946][dns]] entries. It is run as a [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] container on the communikation [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][server w10]]. To host a container in reverse proxy mode, the *tags* feature of docker containers. These tags have to be added to a container to uphost it. Those tags declare which type of hosting is wanted and what service/router is to be used. The traefik container needs access to [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]] 80, 443 for hosting and port 8080 for the dashboard. + +* how to run traefik +- create a ~traefik~ folder using ~mkdir~ +- create a ~treafik.yml~ file using ~touch traefik.yml~ +- insert the code as shown under the _traefik.yml_ heading into the ~traefik.yml~ file +- crate a compose file or a stack using poertainer +- insert the code as shown under the _docker-compose_ heading into the stack or the compse file +- create a ~certs~ ([[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]]) folder inside your ~traefik~ folder +- link all the folders into the docker compose or stack file as bind volumes (if you created the ~traefik~ folder in ~/home//~ than you just need to add in your user name) +- add your email to the ~traefik.yml~ file +- run the compose file +- add the flags to your application container as shown under the heading _flags_ +- fill in the needed data +- run the application container and check the logs +- make sure the application and the proxy are in the same network +- check the dashboard at port 8080 for more information + +* traefik.yml file +This file should be stored in the traefik home folder as specified in the. +#+begin_src bash + global: + checkNewVersion: true + sendAnonymousUsage: false # true by default + +# (Optional) Log information +# --- +# log: +# level: ERROR # DEBUG, INFO, WARNING, ERROR, CRITICAL +# format: common # common, json, logfmt +# filePath: /var/log/traefik/traefik.log + +# (Optional) Accesslog +# --- +# accesslog: + # format: common # common, json, logfmt + # filePath: /var/log/traefik/access.log + +# (Optional) Enable API and Dashboard +# --- +api: + dashboard: true # true by default + insecure: true # Don't do this in production! + +# Entry Points configuration +# --- +entryPoints: + web: + address: :80 + # (Optional) Redirect to HTTPS + # --- + http: + redirections: + entryPoint: + to: websecure + scheme: https + + websecure: + address: :443 + +# Configure your CertificateResolver here... +# --- +certificatesResolvers: + staging: + acme: + email: + storage: /etc/traefik/certs/acme.json + caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" + httpChallenge: + entryPoint: web + + production: + acme: + email: + storage: /etc/traefik/certs/acme.json + caServer: "https://acme-v02.api.letsencrypt.org/directory" + httpChallenge: + entryPoint: web + +# (Optional) Overwrite Default Certificates +# tls: +# stores: +# default: +# defaultCertificate: +# certFile: /etc/traefik/certs/cert.pem +# keyFile: /etc/traefik/certs/cert-key.pem +# (Optional) Disable TLS version 1.0 and 1.1 +# options: +# default: +# minVersion: VersionTLS12 + +providers: + docker: + exposedByDefault: false # Default is true + file: + # watch for dynamic configuration changes + directory: /etc/traefik + watch: true +#+end_src +For more informationm on the secure [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]]: [[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]] and [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]] +* Networks +To host a service, this service has to be in the same [[id:9d04fac3-89ae-4a96-b326-9ae7e2c22118][docker-network]] as the the traefik proxy. It doesn't matter if the service container is added to the traefik network or vice versa. The default approach is to add all services to the ~traefik-relay~ network. The Services themselfes can have other network for their supportive containers. Those secondary containers should not be added to the traefik network, because this network is exposed to the internet. + +* Compose file +This is the compose file that has to be run either manually or via the [[id:4afb1f41-983a-4b54-9828-a1e3788eb28b][portainer-docker]]. +#+begin_src bash + volumes: + traefik_ssl_certs: + driver: local + +services: + traefik: + image: traefik:v2.5 + container_name: madrigal_traefik + ports: + - 80:80 + - 443:443 + - 8080:8080 # (optional) expose the dashboard !don't use in production! + volumes: + - /home//traefik:/etc/traefik + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik_ssl_certs:/ssl-certs + restart: unless-stopped +#+end_src + +* Typical flags for containers +Typical flags for hosting a container (under the labels section in a [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] file. +#+begin_src bash + labels: + - "traefik.enable=true" + - "traefik.http.routers..entrypoints=" # as described in the traefik.yml (default web and/or websecure) + - "traefik.http.routers..rule=Host(``)" + - "traefik.http.routers..tls=true" #if tls is wanted + - "traefik.http.routers..tls.certresolver=" #as described in the traefik.yml file (default staging or production) + - "traefik.http.routers..service=" + - "traefik.http.services..loadbalancer.server.port=" + - "traefik.docker.network=" +#+end_src diff --git a/20230607171316-openmpi.org b/20230607171316-openmpi.org new file mode 100644 index 0000000..f5bfde7 --- /dev/null +++ b/20230607171316-openmpi.org @@ -0,0 +1,74 @@ +:PROPERTIES: +:ID: e56e90b1-ae5b-4344-97eb-993e5a81263e +:END: +#+title: OpenMPI +#+filetags: :CLUSTER: + +OpenMPI is a Message Passing Interface (MPI) library project combining technologies and resources from several other projects (FT-MPI, LA-MPI, LAM/MPI, and PACX-MPI). It is used by many TOP500 supercomputers including Roadrunner, which was the world's fastest supercomputer from June 2008 to November 2009, and K computer, the fastest supercomputer from June 2011 to June 2012. + +Note: To use OpenMPI, [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]-keys are created just like for [[id:56d784ed-a87c-441f-b819-73369760ca32][borg-backup]]. + +* Configure the Host file +Here map the IP adresses to the host names so that it is not requiered to type the ip adresses again and again... +For that you need [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] ([[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]) +#+begin_src bash + sudo nano /etc/hosts +#+end_src + +* Example for map the IP adresses +#+begin_src bash + # Standard host addresses + 127.0.0.1 localhost + ::1 localhost ip6-localhost ip6-loopback + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + # This host address + 127.0.1.1 + #MPI SETUP + + +#+end_src +NOTE: Do this for all [[id:70899526-8b7d-4976-94fc-cc07c41e550a][clients]] and for the master. The master must known all clients but the clients only there self and the master. + +* Setting up NFS +NFS is used to share object file among all the systems and sharable datas in this [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. +[[id:c69a77dc-f87f-418c-9870-eedddc43be37][Mounting]] the sharable folder: +** NFS on Master +#+begin_src bash + yay nfs-utils + mkdir + cat /etc/exports #/home//* (rw,sync,no_root_squash,no_subtree_check) + exportfs -a + sudo systemctl enable nfs-utils && sudo systemctl start nfs-utils && sudo systemctl restart nfs-utils +#+end_src + +** NFS on Clients +#+begin_src bash + yay nfs-utils + mkdir + sudo mount -t nfs :/home// ~/storage + df -h + sudo systemctl enable nfs-utils && sudo systemctl start nfs-utils && sudo systemctl restart nfs-utils +#+end_src + +** Add the entry to the file system table on clients +#+begin_src bash + cat /etc/fstab + #MPI Cluster SetUP + :/home// /home// nfs +#+end_src + +** Write a program in C and compile the code +- the file have to be a .c on the Master-Node +#+begin_src bash + cd + pwd /home// + mpicc .c +#+end_src + +** Run the C-Code on Master-Node +#+begin_src bash + mpirund -np 4 -hosts ,, ./a.out +#+end_src + +NOTE: The file.c can be every file from [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]], [[id:2d45175d-7fcc-4a55-b81c-14da72247eef][FEA-Tool]] or other c compatible program. diff --git a/20230607222618-linphone.org b/20230607222618-linphone.org new file mode 100644 index 0000000..2086575 --- /dev/null +++ b/20230607222618-linphone.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: a88d9210-6085-4def-982a-d4a6ff391a2e +:END: +#+title: linphone + +Linphone is an open source [[id:6f3d3914-0739-4e26-b8f8-05c932cd2833][SIP]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] for HD voice/video calls, 1-to-1 and group instant messaging, conference calls etc. +To use Linphone its necessary to install [[id:5c50958e-e38d-4f6c-b111-2a50a48cc1de][freepbx]] on a [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][VM]]. After Asterisk etc. has been installed, [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] will also installed. + diff --git a/20230607234103-mbse_modell_based_system_engineering.org b/20230607234103-mbse_modell_based_system_engineering.org new file mode 100644 index 0000000..e18c48d --- /dev/null +++ b/20230607234103-mbse_modell_based_system_engineering.org @@ -0,0 +1,14 @@ +:PROPERTIES: +:ID: 574b9e96-1a86-4e43-878c-30534e0dcecb +:END: +#+title: MBSE (Modell based system engineering) + +Model-based systems engineering (MBSE), according to the International Council on Systems Engineering (INCOSE), is the formalized application of modeling to support system requirements, design, analysis, verification and validation activities beginning in the conceptual design phase and continuing throughout development and later life cycle phases. MBSE is a technical approach to systems engineering that focuses on creating and exploiting domain models as the primary means of information exchange, rather than on document-based information exchange. MBSE technical approaches are commonly applied to a wide range of industries with complex systems, such as aerospace, defense, rail, automotive, manufacturing, etc. + +Programmes that are used for MBSE are: +- [[id:a4953b2b-81de-4c15-91e7-10d0cb5f22dd][freeCAD]] +- [[id:6acf9122-b289-44e4-87e1-c3dfb5c7aeb2][salome]] +- [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]] +- [[id:2d45175d-7fcc-4a55-b81c-14da72247eef][FEA-Tool]] +- [[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab-docker]] + diff --git a/20230607234636-salome.org b/20230607234636-salome.org new file mode 100644 index 0000000..9f69d31 --- /dev/null +++ b/20230607234636-salome.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 6acf9122-b289-44e4-87e1-c3dfb5c7aeb2 +:END: +#+title: salome + +Salome is a open-source computer programme that can be used to process three-dimensional activities in the CAE area. It is used for pre- and post-processing of numerical simulations such as FEM. Salome is used to partition the geometry created by [[id:a4953b2b-81de-4c15-91e7-10d0cb5f22dd][freeCAD]] before it is meshed in [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]]. diff --git a/20230607235645-gmsh.org b/20230607235645-gmsh.org new file mode 100644 index 0000000..20941cd --- /dev/null +++ b/20230607235645-gmsh.org @@ -0,0 +1,282 @@ +:PROPERTIES: +:ID: f2d9ff98-f926-442e-ae9b-fc1023e15b07 +:END: +#+title: GMSH + +Gmsh is a software for grid generation or meshing for the finite element method. The free software was programmed by Christophe Geuzaine and Jean-François Remacle under the GNU General Public License (GPL) and contains 4 modules: + +- a graphics module to create 3-dimensional shapes +- a meshing module +- an equation solver module +- a postprocessor module + +Gmsh is considered one of the best 3D file viewers and is used and described scientifically. Gmsh is used after [[id:a4953b2b-81de-4c15-91e7-10d0cb5f22dd][freeCAD]] & [[id:6acf9122-b289-44e4-87e1-c3dfb5c7aeb2][salome]] to mesh the brep file after export in salome. For better performance, Gmsh should be compiled with [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][openmpi]] in [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. After meshing the Mesh is imported to [[id:2d45175d-7fcc-4a55-b81c-14da72247eef][FEA-Tool]] (as standalone-app or in [[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab]]). + +An [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] mode for GMSH and GetDP languages to provide indentation and nice coloring. Add the following lines your emacs configuration file (probably ~/home///.emacs.d/init.el~): (load "~/home//.emacs.d/path/to/gmsh_getdp.el~") + +* GMSH command line flags +#+begin_src bash + gmsh - .geo +#+end_src + +** Geometry: +~-0~ +Output model, then exit + +~-tol value~ +Set geometrical tolerance (Geometry.Tolerance) + +~-match~ +Match geometries and meshes + +** Mesh: + +~-1, -2, -3~ +Perform 1D, 2D or 3D mesh generation, then exit + +~-format string~ +Select output mesh format: auto, msh1, msh2, msh22, msh3, msh4, msh40, msh41, msh, unv, vtk, wrl, mail, stl, p3d, mesh, bdf, cgns, med, diff, ir3, inp, ply2, celum, su2, x3d, dat, neu, m, key, off, rad (Mesh.Format) + +~-bin~ +Create binary files when possible (Mesh.Binary) + +~-refine~ +Perform uniform mesh refinement, then exit + +~-barycentric_refine~ +Perform barycentric mesh refinement, then exit + +~-reclassify angle~ +Reclassify surface mesh, then exit + +~-reparam angle~ +Reparametrize surface mesh, then exit + +~-part int~ +Partition after batch mesh generation (Mesh.NbPartitions) + +~-part_weight [tri,quad,tet,hex,pri,pyr,trih] int~ +Weight of a triangle/quad/etc. during partitioning (Mesh.Partition[Tri,Quad,...]Weight) + +~-part_split~ +Save mesh partitions in separate files (Mesh.PartitionSplitMeshFiles) + +~-part_[no_]topo~ +Create the partition topology (Mesh.PartitionCreateTopology) + +~-part_[no_]ghosts~ +Create ghost cells (Mesh.PartitionCreateGhostCells) + +~-part_[no_]physicals~ +Create physical groups for partitions (Mesh.PartitionCreatePhysicals) + +~-part_topo_pro~ +Save the partition topology .pro file (Mesh.PartitionTopologyFile) + +~-preserve_numbering_msh2~ +Preserve element numbering in MSH2 format (Mesh.PreserveNumberingMsh2) + +~-save_all~ +Save all elements (Mesh.SaveAll) + +~-save_parametric~ +Save nodes with their parametric coordinates (Mesh.SaveParametric) + +~-save_topology~ +Save model topology (Mesh.SaveTopology) + +~-algo string~ +Select mesh algorithm: auto, meshadapt, del2d, front2d, delquad, quadqs, initial2d, del3d, front3d, mmg3d, hxt, initial3d (Mesh.Algorithm and Mesh.Algorithm3D) + +~-smooth int~ +Set number of mesh smoothing steps (Mesh.Smoothing) + +~-order int~ +Set mesh order (Mesh.ElementOrder) + +~-optimize[_netgen]~ +Optimize quality of tetrahedral elements (Mesh.Optimize[Netgen]) + +~-optimize_threshold~ +Optimize tetrahedral elements that have a quality less than a threshold (Mesh.OptimizeThreshold) + +~-optimize_ho~ +Optimize high order meshes (Mesh.HighOrderOptimize) + +~-ho_[min,max,nlayers]~ +High-order optimization parameters (Mesh.HighOrderThreshold[Min,Max], Mesh.HighOrderNumLayers) + +~-clscale value~ +Set mesh element size factor (Mesh.MeshSizeFactor) + +~-clmin value~ +Set minimum mesh element size (Mesh.MeshSizeMin) + +~-clmax value~ +Set maximum mesh element size (Mesh.MeshSizeMax) + +~-clextend value~ +Extend mesh element sizes from boundaries (Mesh.MeshSizeExtendFromBoundary) + +~-clcurv value~ +Compute mesh element size from curvature, with value the target number of elements per 2*pi radians (Mesh.MeshSizeFromCurvature) + +~-aniso_max value~ +Set maximum anisotropy for bamg (Mesh.AnisoMax) + +~-smooth_ratio value~ +Set smoothing ration between mesh sizes at nodes of a same edge for bamg (Mesh.SmoothRatio) + +~-epslc1d value~ +Set accuracy of evaluation of mesh size field for 1D mesh (Mesh.LcIntegrationPrecision) + +~-swapangle value~ +Set the threshold angle (in degrees) between two adjacent faces below which a swap is allowed (Mesh.AllowSwapAngle) + +~-rand value~ +Set random perturbation factor (Mesh.RandomFactor) + +~-bgm file~ +Load background mesh from file + +~-check~ +Perform various consistency checks on mesh + +~-ignore_periocity~ +Ignore periodic boundaries (Mesh.IgnorePeriodicity) + +** Post-processing: + +~-link int~ +Select link mode between views (PostProcessing.Link) + +~-combine~ +Combine views having identical names into multi-time-step views + +** Solver: + +~-listen string~ +Always listen to incoming connection requests (Solver.AlwaysListen) on the given socket (uses Solver.SocketName if not specified) + +~-minterpreter string~ +Name of Octave interpreter (Solver.OctaveInterpreter) + +~-pyinterpreter string~ +Name of Python interpreter (Solver.OctaveInterpreter) + +~-run~ +Run ONELAB solver(s) + +** Display: + +~-n~ +Hide all meshes and post-processing views on startup (View.Visible, Mesh.[Points,Lines,SurfaceEdges,...]) + +~-nodb~ +Disable double buffering (General.DoubleBuffer) + +~-numsubedges~ +Set num of subdivisions for high order element display (Mesh.NumSubEdges) + +~-fontsize int~ +Specify the font size for the [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]] (General.FontSize) + +~-theme string~ +Specify FLTK GUI theme (General.FltkTheme) + +~-display string~ +Specify display (General.Display) + +~-camera~ +Use camera mode view (General.CameraMode) + +~-stereo~ +OpenGL quad-buffered stereo rendering (General.Stereo) + +~-gamepad~ +Use gamepad controller if available + +** Other: + +~-, -parse_and_exit~ +Parse input files, then exit + +~-save~ +Save output file, then exit + +~-o file~ +Specify output file name + +~-new~ +Create new model before merge next file + +~-merge~ +Merge next files + +~-open~ +Open next files + +~-log filename~ +Log all messages to filename + +~-a, -g, -m, -s, -p~ +Start in automatic, geometry, mesh, solver or post-processing mode (General.InitialModule) + +~-pid~ +Print process id on stdout + +~-watch pattern~ +Pattern of files to merge as they become available (General.WatchFilePattern) + +~-bg file~ +Load background (image or PDF) file (General.BackgroundImageFileName) + +~-v int~ +Set verbosity level (General.Verbosity) + +~-string "string"~ +Parse command string at startup + +~-setnumber name value~ +Set constant, ONELAB or option number name=value + +~-setstring name value~ +Set constant, ONELAB or option string name=value + +~-nopopup~ +Don’t popup dialog windows in scripts (General.NoPopup) + +~-noenv~ +Don’t modify the environment at startup + +~-nolocale~ +Don’t modify the locale at startup + +~-option file~ +Parse option file at startup + +~-convert files~ +Convert files into latest binary formats, then exit + +~-nt int~ +Set number of threads (General.NumThreads) + +~-cpu~ +Report CPU times for all operations + +~-version~ +Show version number + +~-info~ +Show detailed version information + +~-help~ +Show command line usage + +~-help_options~ +Show all options + +* Convert a gmsh mesh to openfoam +- [[id:34c4e594-2aee-42d6-803a-6f843176d3b9][openFoam]] mesh conversion/manipulation tools +** ~gmshToFoam .msh~ in OpenFOAM terminal within the case directory +** ~splitMeshRegions -cellZonesOnly -overwrite~ (this is only used if there are multiple parts (volumes) to be split up) works only in main case folder, where ~.msh~ is present diff --git a/20230608000906-fea_tool.org b/20230608000906-fea_tool.org new file mode 100644 index 0000000..4f63d66 --- /dev/null +++ b/20230608000906-fea_tool.org @@ -0,0 +1,22 @@ +:PROPERTIES: +:ID: 2d45175d-7fcc-4a55-b81c-14da72247eef +:END: +#+title: FEA-Tool + +FEA-Tool is a physics, finite element analysis (FEA), and PDE simulation toolbox. FEATool Multiphysics features the ability to model fully coupled heat transfer, fluid dynamics, chemical engineering, structural mechanics, fluid-structure interaction (FSI), electromagnetics, as well as user-defined and custom PDE problems in 1D, 2D (axisymmetry), or 3D, all within a graphical user interface ([[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]) or optionally as script files. FEATool has been employed and used in academic research, teaching, and industrial engineering simulation contexts. + +NOTE: FEA-Tool can be compile as featool.c file with [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]] as [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]] in a [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]]. + +* Install on [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] & [[id:e336814a-3a58-4b25-8d02-0af07623ce45][Matlab]] in Download folder +** On [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] as standallone app + - Download: + #+begin_src bash + wget https://github.com/precise-simulation/featool-multiphysics/releases/latest/download/FEATool_Multiphysics.install #+end_src + + +** On [[id:e336814a-3a58-4b25-8d02-0af07623ce45][Matlab]] + - Download: + #+begin_src bash + wget https://github.com/precise-simulation/featool-multiphysics/releases/latest/download/FEATool_Multiphysics.mlappinstall + #+end_src + - hahahahaha diff --git a/20230608011328-paraview.org b/20230608011328-paraview.org new file mode 100644 index 0000000..579f331 --- /dev/null +++ b/20230608011328-paraview.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: a6d22357-9bed-422e-9805-0478fbeb3e99 +:END: +#+title: Paraview + +ParaView is an open-source multiple-platform application for interactive, scientific visualization. It has a [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]–[[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] architecture to facilitate remote visualization of datasets, and generates level of detail (LOD) models to maintain interactive frame rates for large datasets. It is an application built on top of the Visualization Toolkit (VTK) libraries. ParaView is an application designed for data parallelism on shared-memory or distributed-memory multicomputers and [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][cluster]] . It can also be run as a single-computer application. + +ParaView is also included in [[id:a4953b2b-81de-4c15-91e7-10d0cb5f22dd][freeCAD]], [[id:6acf9122-b289-44e4-87e1-c3dfb5c7aeb2][salome]] and [[id:2d45175d-7fcc-4a55-b81c-14da72247eef][FEA-Tool]]. + + diff --git a/20230608020239-ip_tables.org b/20230608020239-ip_tables.org new file mode 100644 index 0000000..6e3e349 --- /dev/null +++ b/20230608020239-ip_tables.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 1acb20f4-ad0f-4447-9138-c09a949fdd1a +:END: +#+title: IP-Tables + +Iptables is a user-space utility program that allows a system administrator to configure the [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] [[id:fde35a08-897d-4502-aead-1f4414ea639c][packet]] filter rules of the [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] kernel [[id:b9047be5-edca-4eca-8bac-c45e03373942][firewall]], implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] traffic packets. Different [[id:33388695-657c-44a2-8359-c7b6137233d0][kernel]] modules and programs are currently used for different [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocols]]; iptables applies to IPv4, ip6tables to IPv6, arptables to [[id:cdcf5e86-4af4-4137-8dc8-6f85061ad60a][ARP]], and ebtables to [[id:c5a27aff-1c9c-4355-a793-202d71388930][ethernet]] frames. + +Iptables requires elevated privileges to operate and must be executed by user [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]], otherwise it fails to function. On most Linux systems, iptables is installed as ~/usr/sbin/iptables~ and documented in its man pages, which can be opened using man [[id:1acb20f4-ad0f-4447-9138-c09a949fdd1a][IP-tables]] when installed. It may also be found in ~/sbin/iptables~, but since iptables is more like a service rather than an "essential binary", the preferred location remains ~/usr/sbin~. + +The term iptables is also commonly used to inclusively refer to the kernel-level components. X_tables is the name of the kernel module carrying the shared code portion used by all four modules that also provides the API used for extensions; subsequently, Xtables is more or less used to refer to the entire firewall (v4, v6, arp, and eb) architecture. + +Madrigal Industrial Solutions uses the Iptables in conjunction with [[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]] and continuously the [[id:80666401-173e-4828-9c29-552dab716946][dns]] [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. diff --git a/20230619092151-nfs.org b/20230619092151-nfs.org new file mode 100644 index 0000000..2bab4f6 --- /dev/null +++ b/20230619092151-nfs.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 5b4651bb-2b40-4c32-bca1-6817b3b2bcd2 +:END: +#+title: NFS + +hfhfdhfhf diff --git a/20230710105621-mounting.org b/20230710105621-mounting.org new file mode 100644 index 0000000..306c492 --- /dev/null +++ b/20230710105621-mounting.org @@ -0,0 +1,27 @@ +:PROPERTIES: +:ID: c69a77dc-f87f-418c-9870-eedddc43be37 +:END: +#+title: mounting +#+filetags: :basics: + +"Mounting" is the process of adding a file system in the existing directory structure. This mounting is necessary to be able to access files of a file system with usual programs. File systems are mounted by means of the ~mount~ program. It is possible to mount file systems temporarily until the next reboot of the system, as well as to anchor the mounts permanently in the system. Temporary mounts are made using the mount command, permanent mounts are entered in the fstab file. +There are varying things you can mount. The most prominent option to mount a hard-disk or a folder. To mount a hard-disk you first have to locate the drive you want to mount. This can be done via command line with the tool ~lsblk~ (list blocks). To do that you only have to type the command into the command line: + +#+begin_src bash + lsblk +#+end_src +The output of this command shows the disks that are mounted or ready to mount. As an example the output of [[id:d54bf885-a702-48bb-b108-e9e982bc5952][server-w0]] with the additional hard-disk sda1 mounted to the file system at ~/run/media/smad~ +#+begin_src bash + NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +sda 8:0 0 465,8G 0 disk +└─sda1 8:1 0 465,8G 0 part /run/media/smad +nvme0n1 259:0 0 931,5G 0 disk +├─nvme0n1p1 259:1 0 300M 0 part /boot/efi +└─nvme0n1p2 259:2 0 931,2G 0 part / +#+end_src +If the Disk you want to mount is not listed in the output of the ~lsblk~ command, then either the drive is not connected or encrypted. If you found your drive and want to mount it to a specific folder, the folder has first to be created, othrtwise the input will be refused. To do that type with [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]]: ~sudo(optional) mkdir ~ in the shell. If that did succesfully create the folder mount the device with the mount command: + +#+begin_src bash + sudo mount /dev/ /path/to/mountpoint +#+end_src +You can choose any location for the mountpoint tho it is in most cases done in the ~/run/media/~ or the ~/mount~ directory. If needed you can change the owner of the directory you created if you had to do so as [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]]. diff --git a/20230711100451-simulation_workflow.org b/20230711100451-simulation_workflow.org new file mode 100644 index 0000000..689cc0c --- /dev/null +++ b/20230711100451-simulation_workflow.org @@ -0,0 +1,326 @@ +:PROPERTIES: +:ID: 82c08e7b-b63b-4f9c-89f1-d7900a2886ca +:END: +#+title: simulation_workflow + +To do a simulation of a reactor, that has already been simulated once, one can use this workflow to aqcuire the same results. For other reactor geometriesd the workflow hasd to be adjusted accordingly. +The Following tools are needed for that: [[id:a4953b2b-81de-4c15-91e7-10d0cb5f22dd][freeCAD]], [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]], [[id:34c4e594-2aee-42d6-803a-6f843176d3b9][openFoam]] and [[id:e56e90b1-ae5b-4344-97eb-993e5a81263e][OpenMPI]]. + +You start the workflow with freecad + +* Freecad +Freecad is only needed to construct the circles with the diameters of the pipereactor, because everything else is extruded in gmsh. +For that use the tools to draw the circles with thew sketch tool. If you want to build the reactor tubes with membrane and swap as whole regions you need the three circles depicting the crosscut of the pipes. See picture below. +#+ATTR_HTML: :width 300px +[[~/org/pictures/triple_ring.png]] + +*If you have drawn the circles you must split the the circles into equivalent arc sections to get the arch points. those will be needed in gmsh to refine the mesh. You can split the arch with the *split edge* command: +#+ATTR_HTML: :width 30px +[[~/org/pictures/split_edge.png]] +If you split it equaly it should look something like this example depicted below. +#+ATTR_HTML: :width 300px + [[~/org/pictures/triple_ring_split.png]] +Save the drawing as *.brep* and put it into the *gmsh* folder. + +* gmsh +Make a *.geo* file that adapts the name of your *.brep* file or choose another descriptive name +You can do that wit the command: ~touch .geo~ + +** Importing the brep and setting up the geo kernel +open the file and write the import command at the top line of the file + +#+begin_src gmsh + Merge ".brep"; +#+end_src + +This comnmand imports the curves and points from the brep file specified. It is important to include a *;* at the end of every line. This implies the end of the command, not the end of the line, because you can theoretically write the whole geo file in a single line separating every command with a *;*. But for the sake of code clarity we give every command its own line. At least for this workflow. It is strictly advised to also do so in every other project. + +In the next the next step you choose the Kernel taht should be used for the Computation. +Therefore write the command: The best option is the *OpenCascade* geo Kernel. This one should always be used. The alternative is the gmsh kernel + +#+begin_src gmsh + SetFactory("OpenCASCADE"); +#+end_src + +** Setting up Mesh refinement +This section can be inserted at any point before actually running th emesh command. But for simplicity we define the refinement variables at the top of the document. + +#+begin_src gmsh + //+ Mesh refinement + // Variables + i_ms = 3.5; // inner mesh size + i_mr = 0.15; // inner mesh refinement + m_mr = 0.15; // membrane mesh refinement + o_mr = 0.15: // outer mesh refinement +#+end_src + +We set the refinement to some arbitrary values, those can be changed according to the mesh at hand. In addition to defining the meshing variables we have to define a point in the middle of the pipes. In our example we used the center of the coordinate system as geometric centre as well. So we define the Point as follows: + +#+begin_src gmsh + Point (25) = {0,0,0, i_ms}; //Add Point to control inner mesh size +#+end_src + +The syntax for creating the point is as follows +~ () = {x,y,z,};~ +The reference number has to be unique for each geometric entity. That means there can be a ~Point(1)~ as well as a ~Line(1)~ but no two points with number ~(1)~. There are 24 Points in the *brep* file so to define a new point we need to assign it the number 25 + +Now we have to set up the points from the brep file with their intended Mesh size. Because the Points are already defined inside the brep file, we can not create them new like we did with Point 25. That has the advantage that we do not need to now the exact position of the points. But now we need to assign the Mesh size to the Points. + +#+begin_src gmsh + //membrane + MeshSize {1,2,3,4,5,6,7,8} = m_mr; + // outer_circle + MeshSize {9,10,11,12,13,14,15,16} = o_mr; + // inner_circle + MeshSize {17,18,19,20,21,22,23,24} = i_mr; +#+end_src + +This command assigns the mesh Size of ~i_mr~ ~m_mr~ and ~o_mr~ to the points listed between the curly brackets. As we did define the Meshsize of Point 25 while creating the point, we do not need to do that anymore. The order in which the arches are numberded depends on the order in which we defined the arches in the CAD file. But the arches of a whole circle are always numbered in order. + +** Boolean addition of the arches +If you now make a *Line Loop* out of those 8th circles, it would create cylindric walls based on the length of those arches instead of a whole cylindric wall at the interface region. To prevent this behaviour, we connect the arches beforehand and create a whole circle again. This sounds contra intuitive, because in the previous step we split up the circles and now we add them back together. This is because of the way freecad handles the export of points into the brep file format. Only points belonging to a curve are exported into the file, even if you fuse them to the curve inside the CAD file they wont be exported. Those Points are needed for the mesh refinement, so thy have to be included. + +To fuse the lines together, we use the *Boolean Union* command and add them part by part. This is done as follows in the *.geo* file (explained with the middle curve as an example): + +#+begin_src gmsh + BooleanUnion{Line{1 };}{Line{2};} + BooleanUnion{Line{25};}{Line{3};} + BooleanUnion{Line{26};}{Line{4};} + BooleanUnion{Line{27};}{Line{5};} + BooleanUnion{Line{28};}{Line{6};} + BooleanUnion{Line{29};}{Line{7};} + BooleanUnion{Line{30};}{Line{8};} // to generate Line 31 +#+end_src + +The first command gets the first and second eights arches as input and fuses them together to create a new arch-line. There are already 24 Arches in the *.brep* file so the next one to be created gets the consecutive number *(25)*. To add another arch to that line, we add this line and the next arch in the series to the Boolean union, that creates another longer arch. This is repeated until the circle is full and the last line (full circle) is created *(31)*. The commands inside the curly brackets have to be /escaped/ (ended) with a *;* but not the boolean statement, because the way it is intended to be written is as follows: + +#+begin_src gmsh + BooleanUnion{ + Line{1 };}{ + Line{2}; + } +#+end_src + +The other circles are done accordingly. This then creates the circle lines 38 and 45. + +** creating Surfaces +To transform those circles to pipes we first have to create surfaces out of thos lines. We cannot create a surface by using the curves (lines) we just created because for gmsh those lines are not closed (unclosed lines are called wires). To close them to form a loop that can wrap a surface the command ~Line Loop()~ is used. It takes an ordered list of the lines to loop together and creates with them a line loop that needs a reference number. + +#+begin_src gmsh + Curve Loop(1) = {31}; //middle + Curve Loop(2) = {45}; //inner + Curve Loop(3) = {38}; //outer +#+end_src + +If it is done correctly it should look like the picture below. + +#+ATTR_HTML: :width 300px +[[~/org/pictures/circles.png]] + +With those loops loops we can create the three surfaces for the pipes. For that to work, we heve to visualize the cylindrical structure of our parts. The first surface is simple. It only wraps around the inner loop *(2)*. The other surfaces need to be created by subtracting the curves for the hollow cylinders. For example the membrane hollow cylindre is created by subtracting the inner curve loop from the middle loop (1-2 => {1,2}). The surface is created by wrapping those loops with in a plane surface. + +#+begin_src gmsh + Plane Surface(1) = {2}; //inner + Plane Surface(2) = {1,2}; //membrane + Plane Surface(3) = {3,1}; //outer +#+end_src + +If the visibility of the surface labels is toggled on, it should look something like this: + +#+ATTR_HTML: :width 300px +[[~/org/pictures/surfaces.png]] + +In the last surface creation step, the middle point (25) is fused to the surface. The others do not have to be fused, because they already are inside the *.brep* file. + +#+begin_src gmsh + Point {25} In Surface {1}; +#+end_src + +** creating boundary layers at the interfaces of the surfaces +In most cases there is friction on the walls or other wall dependend regimes that could impact the overall flow simulatiuon. therefore in those regions we need so called *boundary cells* or a *boundary layer*. Doing that is not easy in a 3 dimensional body. that is the reason we use the 2D cylindrical surface to define the boundary layer end extrude the surface to a volume afterwards. +To simplify the mesh creation for every boundary layer to be created, we define some variables to be used. Those must be changed according to your geometry. + +#+begin_src gmsh + //+ Boundarylayer-fluid + // Variables + nb_layer = 1; + layerthickness = 0.2; + hfar_l = 0.2; + hwall_nl = 0.2; + layersize = 0.175; + ratio_l = 1.1; + q = 1; + im = 1; + + //+ Boundarylayer-solid + // Variables + nb_layer_s = 1; + layerthickness_s = 0.2; + hfar_ls = 0.2; + hwall_nls = 0.2; + layersize_s = 0.1; + ratio_ls = 1.1; + qs = 1; + ims = 1; +#+end_src + +Those variables are set for the solid and fluid regions accordingly. The Boundary layers in gmsh are set via the *Field* function. So to generate those layers we first have to define the field function as a boundary field. In the next step we define the edges of the surface, were the layer should be deployed. It is important to know that you cannot list line loops or curve loops in this option. In our example we set the edges of every surface respectively because we do not want to define the same boundary twice. So when we list the edges we have to exclude the adjacent other surface of the curve the boundary layer is deployed on. The code below shows an example of defining the boundary layer for the inner pipe. + +#+begin_src gmsh + // inner_circle + Field[1] = BoundaryLayer; + Field[1].EdgesList = {45}; + Field[1].hfar = hfar_l; + Field[1].hwall_n = hwall_nl; + Field[1].thickness = layerthickness; + Field[1].ratio = ratio_l; + Field[1].IntersectMetrics = im; + Field[1].ExcludedSurfacesList = {2}; + Field[1].Quads = q; + BoundaryLayer Field = 1; + Field[1].NbLayers = nb_layer; + Field[1].Size = layersize; +#+end_src + +As can be seen here, we list the edge ~45~ as the curve were the boundary layer should be positioned and exclude the adjacent surface (~2~) to that edge to prohibit the boundary layer on the other surface. The other defined variables are set do their associated field. the other two boundaries are listed in the example below. + +#+begin_src gmsh + // outer_circle + Field[3] = BoundaryLayer; + Field[3].EdgesList = {38,31}; + Field[3].hfar = hfar_l; + Field[3].hwall_n = hwall_nl; + Field[3].thickness = layerthickness; + Field[3].ratio = ratio_l; + Field[3].IntersectMetrics = im; + Field[3].ExcludedSurfacesList = {2}; + Field[3].Quads = q; + BoundaryLayer Field = 3; + Field[3].NbLayers = nb_layer; + Field[3].Size = layersize; + + // membrane + Field[2] = BoundaryLayer; + Field[2].EdgesList = {31,45}; + Field[2].hfar = hfar_ls; + Field[2].hwall_n = hwall_nls; + Field[2].thickness = layerthickness_s; + Field[2].ratio = ratio_ls; + Field[2].IntersectMetrics = ims; + Field[2].ExcludedSurfacesList = {1,3}; + Field[2].Quads = qs; + BoundaryLayer Field = 2; + Field[2].NbLayers = nb_layer_s; + Field[2].Size = layersize_s; +#+end_src + +** Extrusion of surfaces +Now that we have defined the boundary layers we can extrude the volume of thy cylinders from the circular surfaces. WE extrude not only the geometrical volumes but also opt to extrude all future mesh layers that are created after the 3D meshing. The commands to extrude are as follows: + +First we set up the variable that represents the length of the extrusion into the Z dimension. + +#+begin_src gmsh + // Extrusion +z_dim = 320; //length in mm +#+end_src + +This variable is used in the actual command to extrude. As we only want extrusion in the z doirection we set the x and y dimension to 0. Inside the curly brackets we define the surfaces to be extruded. As we want to choose all circular surfaces we list all of those in the command and end every surface with a *;*. The ~Layers~ specification sets the number of mesh layers that are extruded from the surface. We set this up to not be too many layers because this will be only a flow region and nothing complicated will happen there. The ~Recombine~ parameter adds the triangular mesh cells to rectangular cells together. Those are better for structured meshes in the Z direction. The ~Extrude~ command on its own ends without a semicolon after the curly bracket but we added a variable declaration at the forefront of that command (~extr[]=~). This assigns all curves, surfaces and volumes that are created with the extrusion of the chosen surfaces to on cell of the ~extr~ array. which surface and volume are written in which cell is set and can't be changed. In Our example no curves are extruded, as that can only happen when points are specifically chosen for an extruseion. The ~extr[0]~ goes to the surface that is created from the first surface chosen for extrusion and is on the exact opposite site of the extrusion axis (mirror suface). The second entry of the ~extr~ vector is assigned to the extruded volume of the first chosen surface. the third entry (~extr[2]~) is set to the mantle surface that surrounds the struded surface (cylinder mantle surface). The other surfaces and volumes are set according to this specification with increasing numbers. This setup is specifically useful when extruding multiple pipes or reactor parts is the goal, because the numbering inside the ~extr[]~ vector is consecutive and can therefore be easily applied to a for-loop. + +#+begin_src gmsh + //+ + // 320 for 32cm in z-Direction (10 lengthunits = 1cm) + // 160 for layers in z-Direction (note that after 3D Meshing the layers will be doubled, 10 layer per 10 lenghtunits) + extr[] = Extrude {0, 0, z_dim} { + Surface{1}; + Surface{2}; + Surface{3}; + Layers {z_dim/48}; + Recombine; + }; +#+end_src + +** Setup of physical groups +After all the surfaces are extruded, we close the setup of the *.geo* file with the definition of the physical groups. Only curves, surfaces and volumes defined in those grpups get exported alongside the mesh to later be defined as walls, inlets outlets and other boundaries. We use the varaible vector that we created in the last step to assign the physical groups. We extruded two flow pipes (inner and outer pipe) and a membrane layer so we only need to define two inlets and two outlets. the other top and bottom durfaces of the membrane are later set to walls. The mantle surface and the three volumes are defined as well. + +#+begin_src gmsh + // grouped surfaces and Volumina (note that you have three volumina) + //+ + Physical Surface("inlet_inner", 9) = {1}; + //+ + Physical Surface("wall_bottom_membrane", 10) = {2}; + //+ + Physical Surface("inlet_outer", 11) = {3}; + Physical Volume("inner_zone", 55) = {extr[1]}; + Physical Volume("membrane", 56) = {extr[4]}; + Physical Volume("outer_zone", 57) = {extr[8]}; + //+ + Physical Surface("outlet_inner", 26) = {extr[0]}; + //+ + Physical Surface("wall_top_membrane", 27) = {extr[3]}; + //+ + Physical Surface("outlet_outer", 28) = {extr[7]}; + //+ + Physical Surface("mantle_inner_membrane_complete", 1001) = {extr[2]}; + //+ + Physical Surface("mantle_membrane_outer_complete", 1002) = {extr[5]}; + //+ + Physical Surface("mantle_outer_complete", 1003) = {extr[9]}; +#+end_src + +** Meshing +If you did the forementioned steps successfully, your geometry in *gmsh* should look like this when you load the *.geo* file: + +#+ATTR_HTML: :width 300px +[[~/org/pictures/volume.png]] + +Meshing steps can be included here, but if you did not already create a mesh for this geometry, it is better to make the leftover steps with the [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]] of *gmsh* as the mesh is visualized there. The options for the meshing algorithm are as follows: + +#+begin_src gmsh + //Mesh-Options + Mesh.Algorithm = 6; // Frontal-Delaunay for 2D meshes + Mesh.Algorithm3D =10; // HXT Parallel (if neccessary) + Mesh.RecombinationAlgorithm = 1; //blossom + Mesh.SubdivisionAlgorithm = 2; //all hexahedral + Mesh.Smoothing = 10; //smoothing steps + Mesh.MeshSizeFactor = 0.6; //element size factor + Mesh.MeshSizeMin = 0.7; //min mesh size + Mesh.MeshSizeMax = 2.2; //max mesh size + + //initiate Meshing + Mesh 3; //3 for creating 3D Mesh +#+end_src + +#+ATTR_HTML: :width 300px +[[~/org/pictures/mesh.png]] + +All that is left is to sve the file: +#+begin_src gmsh + Save ".msh2"; +#+end_src + +The ~.msh2~ extention specifies that the msh extension should be used but with the ASCII 2 support for the file export. +Now the *.geo* file needs to be computed with the *gmsh* programme. There are many flags that can be invoked here, see the documentation on [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]] for more details. But we will only set the "parse file flag "and the number of threads flag for this operation to cut the computation time in half. + +#+begin_src bash + gmsh -parse_and_exit -nt 40 /path/to/geo/file/.geo +#+end_src + +The important part to remember is, that the *.geo* file has to be in the same folder as the corresponding *.brep* file or the path has to be given while importing the *.brep* file. + +This concludes the gmsh part of the workflow + +* converting the mesh +To Convert a *GMSH* mesh to an *OpenFoam* campatible format we have to transform it with the following openfoam command: + +#+begin_src bash + gmshToFOAM .msh2 +#+end_src + +This will create a lot of warnings because we do a multibody Mesh and openfoam on its own does not recognize that the cells in between two volumes belong to both volumes. This warning can be ignored. So in the next step: +If the Mesh in question is made to be applied to multibody simulation we need to split the mesh after conversion. The mesh is split at the boundary edges automatically. + +#+begin_src bash + splitMeshRegions -overwrite -cellZonesOnly +#+end_src + +This command does not need a mesh file as input parameter. It takes the foam mesh created in the previos step and splits it accordingly. The ~-overwrite~ flag deletes all previous intries in the occuring files. The flag ~-cellZonesOnly~ does not do a walk and uses the cellZones only. Use this if you don't mind having disconnected domains in a single region. This option requires all cells to be in one (and one only) cellZone. diff --git a/20230711101219-openfoam.org b/20230711101219-openfoam.org new file mode 100644 index 0000000..6d7b073 --- /dev/null +++ b/20230711101219-openfoam.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 34c4e594-2aee-42d6-803a-6f843176d3b9 +:END: +#+title: openFoam + +Simulation toolbox and suite. diff --git a/20231011101006-fish.org b/20231011101006-fish.org new file mode 100644 index 0000000..0f55405 --- /dev/null +++ b/20231011101006-fish.org @@ -0,0 +1,24 @@ +:PROPERTIES: +:ID: af92f7a3-705c-491e-955e-2f04206da220 +:END: +#+title: fish +#+filetags: :basics:system:linux: + +fish is the *friendly interactive shell*. A [[id:b6d24dd6-285f-4c03-883c-dc77b78c652a][shell]] like bash that mimmicks a [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] and is able to interact with [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]]. Fish is highly customizable. To Customize the fish shell you have to change its configuration at [[~/.config/fish/config.fish]] or via the shell command ~fishconf~. for a shell to work in a [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]] system it needs a [[id:5ddb50eb-4257-44cb-9193-1606b348e886][terminal emulator]] to run in. One of those emulated [[id:4c3c3777-af52-4cde-8d9b-f356701b94c9][terminals]] is [[id:b65b3f3a-e0a3-49ca-9005-5a1055c07cdf][kitty]]. + +Fish has "search as you type" automatic suggestions based on history and current directory. This is essentially like Bash's ~Ctrl+R~ history search, but because it is always on instead of being a separate mode, the user gets continuous feedback while writing the command line, and can select suggestions with the arrow keys, or as in Bash, press Tab ↹ for a tab completion instead. Tab-completion is feature-rich and has expanding file paths (with wildcards and brace expansion), variables, and many command specific completions. Command-specific completions, including options with descriptions, can to some extent be generated from the commands' man pages. + +Fish prefers features as commands rather than syntax. This makes features discoverable in terms of commands with options and help texts. Functions can also carry a human readable description. A special help command gives access to all the fish documentation in the user's web browser. + +* Universal Variables +Fish has a feature known as universal variables, which allow a user to permanently assign a value to a variable across all the user's running fish shells. The variable value is remembered across logouts and reboots, and updates are immediately propagated to all running shells. +#+begin_src bash + # This will make emacs the default text editor. The '--universal' (or '-U') tells fish to +# make this a universal variable. +set --universal EDITOR emacs + +# This command will make the current working directory part of the fish +# prompt turn blue on all running fish instances. +set --universal fish_color_cwd blue +#+end_src + diff --git a/20231011103158-shell.org b/20231011103158-shell.org new file mode 100644 index 0000000..c11d766 --- /dev/null +++ b/20231011103158-shell.org @@ -0,0 +1,17 @@ +:PROPERTIES: +:ID: b6d24dd6-285f-4c03-883c-dc77b78c652a +:END: +#+title: shell +#+filetags: :system:basics:linux: + +A Unix shell is a command-line interpreter or shell that provides a command line user interface for Unix-like operating systems. The shell is both an interactive command language and a scripting language, and is used by the [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][coperating system]] to control the execution of the system using shell scripts. + +Users typically interact with a Unix shell using a terminal emulator; however, direct operation via serial hardware connections or Secure Shell are common for [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. All Unix shells provide filename wildcarding, piping, here documents, command substitution, variables and control structures for condition-testing and iteration. + +* Concept +Generally, a shell is a program that executes other programs in response to text commands. A sophisticated shell can also change the environment in which other programs execute by passing named variables, a parameter list, or an input source. + +In Unix-like operating systems, users typically have many choices of [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] interpreters for interactive sessions. When a user [[id:a6e49794-6de9-4bc1-b448-77e97600d3f3][logs]] into the system interactively, a shell program is automatically executed for the duration of the session. The type of shell, which may be customized for each user, is typically stored in the user's profile, for example in the local passwd file or in a distributed configuration system such as NIS or LDAP; however, the user may execute any other available shell interactively. + +On operating systems with [[id:0613de5a-4b4f-429a-ba52-09d63c0a92d6][windowing]] system, such as macOS and desktop Linux distributions, some users may never use the shell directly. On Unix systems, the shell has historically been the implementation language of system startup scripts, including the program that starts a windowing system, configures networking, and many other essential functions. However, some system vendors have replaced the traditional shell-based startup system (init) with different approaches, such as [[id:fe909b51-3cc0-4693-afc7-148ab5795d17][systemd]]. + diff --git a/20231011103918-systemd.org b/20231011103918-systemd.org new file mode 100644 index 0000000..195486d --- /dev/null +++ b/20231011103918-systemd.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: fe909b51-3cc0-4693-afc7-148ab5795d17 +:END: +#+title: systemd +#+filetags: :programme:linux:system:basics: + +systemd is a software suite that provides an array of system components for [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" – an init system used to bootstrap user space and manage user processes. It also provides replacements for various [[id:e108b31b-23c1-47fe-a794-84e41bc45044][daemon]] and utilities, including device management, [[id:a6e49794-6de9-4bc1-b448-77e97600d3f3][login-management]] , network connection management, and event logging. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems. + +Since 2015, the majority of Linux distributions have adopted systemd, having replaced other init systems such as SysV init. It has been praised by developers and users of distributions that adopted it for providing a stable, fast out-of-the-box solution for issues that had existed in the Linux space for years. At the time of adoption of systemd on most Linux distributions, it was the only software suite that offered reliable parallelism during boot as well as centralized management of processes, daemons, services and [[id:c69a77dc-f87f-418c-9870-eedddc43be37][mount]] points. + +Critics of systemd contend that it suffers from mission creep and bloat; the latter affecting other software (such as the GNOME desktop), adding dependencies on systemd, reducing its compatibility with other Unix-like operating systems and making it difficult for sysadmins to integrate alternative solutions. Concerns have also been raised about Red Hat and its parent company IBM controlling the scene of init systems on Linux. Critics also contend that the complexity of systemd results in a larger attack surface, reducing the overall security of the platform. diff --git a/20231011104337-daemon.org b/20231011104337-daemon.org new file mode 100644 index 0000000..29c412e --- /dev/null +++ b/20231011104337-daemon.org @@ -0,0 +1,7 @@ +:PROPERTIES: +:ID: e108b31b-23c1-47fe-a794-84e41bc45044 +:END: +#+title: daemon +#+filetags: :SYSTEM-INFORMATION:system:basics: + +In multitasking computer[[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating systems]], a daemon (/ˈdiːmən/ or /ˈdeɪmən/)[1] is a computer program that runs as a background process, rather than being under the direct control of an interactive user. Traditionally, the process names of a daemon end with the letter d, for clarification that the process is in fact a daemon, and for differentiation between a daemon and a normal computer program. For example, syslogd is a daemon that implements system logging facility, and sshd is a daemon that serves incoming [[id:422e07f8-c888-460f-849e-76d451946045][ssh]] connections. diff --git a/20231011105104-command_line.org b/20231011105104-command_line.org new file mode 100644 index 0000000..699a759 --- /dev/null +++ b/20231011105104-command_line.org @@ -0,0 +1,27 @@ +:PROPERTIES: +:ID: d71414fc-349c-4763-a703-9f7092fc90d6 +:END: +#+title: command-line + +A command-line interface (CLI) is a means of interacting with a computer program by inputting lines of text called command-lines. Command-line interfaces emerged in the mid-1960s, on computer terminals, as a user-friendly alternative to punched cards. + +Today, most users rely on graphical user interfaces ("[[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]") instead of CLIs. However, many programs and [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating system]] utilities lack GUIs, and are intended to be used through CLIs. + +Knowledge of CLIs is also useful for writing scripts. Programs that have CLIs are generally easy to automate via scripting, since command-lines, being mere lines of text, are easy to specify in code. + +CLIs are made possible by command-line interpreters or command-line processors, which are programs that read command-lines and carry out the commands. + +A CLI is used whenever a large vocabulary of commands or queries, coupled with a wide (or arbitrary) range of options, can be entered more rapidly as text than with a pure GUI. This is typically the case with operating system command shells. CLIs are also used by systems with insufficient resources to support a graphical user interface. Some computer language systems (such as Python, Forth, LISP, Rexx, and many dialects of BASIC) provide an interactive command-line mode to allow for rapid evaluation of code. + +CLIs are often used by programmers and system administrators, in engineering and scientific environments, and by technically advanced personal computer users. CLIs are also popular among people with visual disabilities since the commands and responses can be displayed using refreshable Braille displays. + +* Command prompt +For the Windows component named Command Prompt, see cmd.exe. +A command prompt (or just prompt) is a sequence of (one or more) characters used in a command-line interface to indicate readiness to accept commands. It literally prompts the user to take action. A prompt usually ends with one of the characters $, %, #, :, > or - and often includes other information, such as the path of the current working directory and the hostname. + +On many Unix and derivative systems, the prompt commonly ends in $ or % if the user is a normal user, but in # if the user is a superuser ("[[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]]" in Unix terminology). + +End-users can often modify prompts. Depending on the environment, they may include colors, special characters, and other elements (like variables and functions for the current time, user, shell number or working directory) in order, for instance, to make the prompt more informative or visually pleasing, to distinguish sessions on various machines, or to indicate the current level of nesting of commands. On some systems, special tokens in the definition of the prompt can be used to cause external programs to be called by the command-line interpreter while displaying the prompt. + +In DOS' COMMAND.COM and in Windows NT's cmd.exe users can modify the prompt by issuing a PROMPT command or by directly changing the value of the corresponding %PROMPT% environment variable. The default of most modern systems, the C:\> style is obtained, for instance, with PROMPT $P$G. The default of older DOS systems, C> is obtained by just PROMPT, although on some systems this produces the newer C:\> style, unless used on floppy drives A: or B:; on those systems PROMPT $N$G can be used to override the automatic default and explicitly switch to the older style. + diff --git a/20231011110041-root.org b/20231011110041-root.org new file mode 100644 index 0000000..40bbe45 --- /dev/null +++ b/20231011110041-root.org @@ -0,0 +1,19 @@ +:PROPERTIES: +:ID: 673d1cb1-536b-42f1-a046-40a8937c4283 +:END: +#+title: root +#+filetags: :SYSTEM-INFORMATION:system:basics: + +Root user or otherwise also called super-user. In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of the account is not the determining factor; on Unix-like systems, for example, the user with a user identifier (UID) of zero is the superuser, regardless of the name of that account; and in systems which implement a role based security model, any user with the role of superuser (or its synonyms) can carry out all actions of the superuser account. The principle of least privilege recommends that most users and applications run under an ordinary account to perform their work, as a superuser account is capable of making unrestricted, potentially adverse, system-wide changes. + +* Unix +In Unix-like computer OSes (such as [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]]), root is the conventional name of the user who has all rights or permissions (to all files and programs) in all modes (single- or multi-user). Alternative names include baron in BeOS and avatar on some Unix variants. BSD often provides a toor ("root" written backward) account in addition to a root account. Regardless of the name, the superuser always has a user ID of 0. The root user can do many things an ordinary user cannot, such as changing the ownership of files and binding to network [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][ports]] numbered below 1024. + +The name root may have originated because root is the only user account with permission to modify the root directory of a Unix system. This directory was originally considered to be root's home directory, but the UNIX Filesystem Hierarchy Standard now recommends that root's home be at /root. The first process bootstrapped in a Unix-like system, usually called init, runs with root privileges. It spawns all other processes directly or indirectly, which inherit their parents' privileges. Only a process running as root is allowed to change its user ID to that of another user; once it has done so, there is no way back. Doing so is sometimes called dropping root privileges and is often done as a security measure to limit the damage from possible contamination of the process. Another case is login and other programs that ask users for credentials and in case of successful authentication allow them to run programs with privileges of their accounts. + +It is often recommended that root is never used as a normal user account, since simple typographical errors in entering commands can cause major damage to the system. Instead, a normal user account should be used, and then either the su (substitute user) or sudo (substitute user do) command is used. The su approach requires the user to know the root password, while the sudo method requires that the user be set up with the power to run "as root" within the /etc/sudoers file, typically indirectly by being made a member of the wheel,[8] adm, admin, or sudo group. + +For a number of reasons, the sudo approach is now generally preferred – for example it leaves an audit trail of who has used the command and what administrative operations they performed. + +Some OSes, such as macOS and some Linux distributions (most notably Ubuntu), automatically give the initial user created the ability to run as root via [[id:dc54334e-afa9-4a53-be91-1e90bc6bf8d0][sudo]] – but this is configured to ask them for their password before doing administrative actions. In some cases the actual root account is disabled by default, so it can't be directly used. In mobile platform-oriented OSs such as Apple iOS and Android, superuser access is inaccessible by design, but generally the security system can be exploited in order to obtain it. In a few systems, such as Plan 9, there is no superuser at all. + diff --git a/20231011110655-sudo.org b/20231011110655-sudo.org new file mode 100644 index 0000000..d616e37 --- /dev/null +++ b/20231011110655-sudo.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: dc54334e-afa9-4a53-be91-1e90bc6bf8d0 +:END: +#+title: sudo + +sudo (/suːduː/ or /ˈsuːdoʊ/) is a program for Unix-like ([[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]]) computer operating systems that enables users to run programs with the security privileges of another user, by default the [[id:673d1cb1-536b-42f1-a046-40a8937c4283][superuser]]. It originally stood for "superuser do", as that was all it did, and it is its most common usage; however, the official Sudo project page lists it as "su 'do'". The current Linux manual pages for su define it as "substitute user", making the correct meaning of sudo "substitute user, do", because sudo can run a command as other users as well. + +Unlike the similar command su, users must, by default, supply their own password for authentication, rather than the password of the target user. After authentication, and if the configuration file (typically /etc/sudoers) permits the user access, the system invokes the requested command. The configuration file offers detailed access permissions, including enabling commands only from the invoking terminal; requiring a password per user or group; requiring re-entry of a password every time or never requiring a password at all for a particular [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]]. It can also be configured to permit passing arguments or multiple commands. diff --git a/20231012093946-latex.org b/20231012093946-latex.org new file mode 100644 index 0000000..2704928 --- /dev/null +++ b/20231012093946-latex.org @@ -0,0 +1,50 @@ +:PROPERTIES: +:ID: 345d5300-432c-4f6f-98a4-4527e955927f +:END: +#+title: latex + +LaTeX (/ˈlɑːtɛk/ LAH-tek or /ˈleɪtɛk/ LAY-tek, often stylized as LATEX) is a software system for document preparation. When writing, the writer uses plain text as opposed to the formatted text found in WYSIWYG word processors like Microsoft Word, LibreOffice Writer and Apple Pages. The writer uses markup tagging conventions to define the general structure of a document, to stylise text throughout a document (such as bold and italics), and to add citations and cross-references. A TeX distribution such as [[id:b674e49e-0818-4084-8690-3805c8345650][TexLive]] or MiKTeX is used to produce an output file (such as PDF or DVI) suitable for printing or digital distribution. + +LaTeX is widely used in academia for the communication and publication of scientific documents in many fields, including mathematics, computer science, engineering, physics, chemistry, economics, linguistics, quantitative psychology, philosophy, and political science.[citation needed] It also has a prominent role in the preparation and publication of books and articles that contain complex multilingual materials, such as Arabic and Greek.[6] LaTeX uses the TeX typesetting program for formatting its output, and is itself written in the TeX macro language. + +LaTeX can be used as a standalone document preparation system, or as an intermediate format. In the latter role, for example, it is sometimes used as part of a pipeline for translating DocBook and other XML-based formats to PDF. The typesetting system offers programmable desktop publishing features and extensive facilities for automating most aspects of typesetting and desktop publishing, including numbering and cross-referencing of tables and figures, chapter and section headings, graphics, page layout, indexing and bibliographies. + +Like TeX, LaTeX started as a writing tool for mathematicians and computer scientists, but even from early in its development, it has also been taken up by scholars who needed to write documents that include complex math expressions or non-Latin scripts, such as Arabic, Devanagari and Chinese. + +LaTeX is intended to provide a high-level, descriptive markup language that accesses the power of TeX in an easier way for writers. In essence, TeX handles the layout side, while LaTeX handles the content side for document processing. LaTeX comprises a collection of TeX macros and a program to process LaTeX documents, and because the plain TeX formatting commands are elementary, it provides authors with ready-made commands for formatting and layout requirements such as chapter headings, footnotes, cross-references and bibliographies. + +LaTeX was originally written in the early 1980s by Leslie Lamport at SRI International. The current version is LaTeX2e (stylised as LATEX2ε), first released in 1994 but incrementally updated starting in 2015. This update policy replaced earlier plans for a separate release of LaTeX3 (LATEX3), which had been in development since 1989. LaTeX is free software and is distributed under the LaTeX Project Public License (LPPL). + +Latex can be fully used by means of any text editor like [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]]. This programm can be used to load a fully developed LaTex [[id:d3e11792-af05-4213-9ef8-b680c12ce81c][IDE]] called [[id:3dfde3f4-2cc0-4356-a147-d4afd599e731][auctex]]. Even though using emacs one can code latex over [[id:422e07f8-c888-460f-849e-76d451946045][ssh]] via the [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] + +* Example +#+begin_src latex + \documentclass{article} % Starts an article +\usepackage{amsmath} % Imports amsmath +\title{\LaTeX} % Title + +\begin{document} % Begins a document + \maketitle + \LaTeX{} is a document preparation system for + the \TeX{} typesetting program. It offers + programmable desktop publishing features and + extensive facilities for automating most + aspects of typesetting and desktop publishing, + including numbering and cross-referencing, + tables and figures, page layout, + bibliographies, and much more. \LaTeX{} was + originally written in 1984 by Leslie Lamport + and has become the dominant method for using + \TeX; few people write in plain \TeX{} anymore. + The current version is \LaTeXe. + + % This is a comment, not shown in final output. + % The following shows typesetting power of LaTeX: + \begin{align} + E_0 &= mc^2 \\ + E &= \frac{mc^2}{\sqrt{1-\frac{v^2}{c^2}}} + \end{align} +\end{document} +#+end_src + +A list of keys that help to code in emacs can be found in the [[id:3dfde3f4-2cc0-4356-a147-d4afd599e731][auctex]] section. diff --git a/20231012094239-texlive.org b/20231012094239-texlive.org new file mode 100644 index 0000000..5749808 --- /dev/null +++ b/20231012094239-texlive.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: b674e49e-0818-4084-8690-3805c8345650 +:END: +#+title: TexLive + +Texlive is a Latex distribution for [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]]. It needs to be installed via [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package-manager]] ([[id:d88b7b60-742d-4bc0-8b48-3fbcfad2373d][pacman]]) before installing any [[id:d3e11792-af05-4213-9ef8-b680c12ce81c][IDE]] (e.g. [[id:3dfde3f4-2cc0-4356-a147-d4afd599e731][auctex]] for [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]]) for the LaTex programming. diff --git a/20231012094624-ide.org b/20231012094624-ide.org new file mode 100644 index 0000000..bd2047c --- /dev/null +++ b/20231012094624-ide.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: d3e11792-af05-4213-9ef8-b680c12ce81c +:END: +#+title: IDE + +An integrated development environment (IDE) is a software application that provides comprehensive facilities for software development. An IDE normally consists of at least a source-code editor, build automation tools, and a debugger. Some IDEs, such as NetBeans and Eclipse, contain the necessary compiler, interpreter, or both; others, such as SharpDevelop and Lazarus, do not. + +The boundary between an IDE and other parts of the broader software development environment is not well-defined; sometimes a version control system or various tools to simplify the construction of a graphical user interface ([[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]) are integrated. Many modern IDEs also have a class browser, an object browser, and a class hierarchy diagram for use in object-oriented software development. + +The main IDE for the MAdrigal Industrial solutions Inc. is the modal text editor [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]]. Where an IDE for almost every IDE for every language can be installed ([[id:a8d58365-01f9-4f21-a039-127a4b1d6f1c][matlab]], [[id:ba15b77e-e9a2-4a21-b63f-b9b350ec811a][python]], [[id:f2d9ff98-f926-442e-ae9b-fc1023e15b07][GMSH]] [[id:34c4e594-2aee-42d6-803a-6f843176d3b9][openFoam]] etc.) diff --git a/20231012095034-matlab_native.org b/20231012095034-matlab_native.org new file mode 100644 index 0000000..b3492b7 --- /dev/null +++ b/20231012095034-matlab_native.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: a8d58365-01f9-4f21-a039-127a4b1d6f1c +:END: +#+title: matlab + +The Main programming Tool for standard simulations. It can be installed on [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] via [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package-manager]] or downloaded from the website. There is also the option of a Matlab [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] called [[id:e336814a-3a58-4b25-8d02-0af07623ce45][matlab-docker]]. There is also an implementation for Matlab in [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]]. diff --git a/20231012095436-python.org b/20231012095436-python.org new file mode 100644 index 0000000..6c59669 --- /dev/null +++ b/20231012095436-python.org @@ -0,0 +1,14 @@ +:PROPERTIES: +:ID: ba15b77e-e9a2-4a21-b63f-b9b350ec811a +:END: +#+title: python + +Python is a high-level, general-purpose programming language. Its design philosophy emphasizes code readability with the use of significant indentation. + +Python is dynamically typed and garbage-collected. It supports multiple programming paradigms, including structured (particularly procedural), object-oriented and functional programming. It is often described as a "batteries included" language due to its comprehensive standard library. + +Guido van Rossum began working on Python in the late 1980s as a successor to the ABC programming language and first released it in 1991 as Python 0.9.0. Python 2.0 was released in 2000. Python 3.0, released in 2008, was a major revision not completely backward-compatible with earlier versions. Python 2.7.18, released in 2020, was the last release of Python 2. + +Python consistently ranks as one of the most popular programming languages. + +You can use [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] as an [[id:d3e11792-af05-4213-9ef8-b680c12ce81c][IDE]] when programming with python. You only need to install [[id:33d3052d-e679-415d-98fa-56e210555539][elpy]]. diff --git a/20231012095707-gui.org b/20231012095707-gui.org new file mode 100644 index 0000000..b9306e9 --- /dev/null +++ b/20231012095707-gui.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: a08570b0-8fe8-45a8-8f60-e45ea6b31a34 +:END: +#+title: GUI + +The graphical user interface, or GUI (/ˌdʒiːjuːˈaɪ/ JEE-yoo-EYE[citation needed] or /ˈɡuːi/ GOO-ee), is a form of user interface that allows users to interact with electronic devices through graphical icons and [[id:efaaf6e8-b638-497b-bfc2-366d64f2413b][audio]] indicators such as primary notation, instead of text-based UIs, typed command labels or text navigation. GUIs were introduced in reaction to the perceived steep learning curve of [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] interfaces (CLIs), which require commands to be typed on a computer keyboard. + +The actions in a GUI are usually performed through direct manipulation of the graphical elements.Beyond computers, GUIs are used in many handheld mobile devices such as MP3 players, portable media players, gaming devices, smartphones and smaller household, office and industrial controls. The term GUI tends not to be applied to other lower-display resolution types of interfaces, such as video games (where head-up displays (HUDs) are preferred), or not including flat screens like volumetric displays[10] because the term is restricted to the scope of 2D display screens able to describe generic information, in the tradition of the computer science research at the Xerox Palo Alto Research Center. + +Most modern [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating system]] provide both a GUI and some level of a CLI, although the GUIs usually receive more attention. diff --git a/20231012103926-minor_mode.org b/20231012103926-minor_mode.org new file mode 100644 index 0000000..d9e39a1 --- /dev/null +++ b/20231012103926-minor_mode.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: f2b5ce00-009f-4ae5-bac4-da9d22c79927 +:END: +#+title: minor_mode + +A minor mode is an optional editing mode that alters the behavior of [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] in some well-defined way. Unlike major modes, any number of minor modes can be in effect at any time. Some minor modes are [[id:c7747161-284c-4882-bd11-80bc2a990814][buffer]]-local, and can be turned on (enabled) in certain buffers and off (disabled) in others. Other minor modes are global: while enabled, they affect everything you do in the Emacs session, in all buffers. Most minor modes are disabled by default, but a few are enabled by default. + +There can be many active minor modes but at a single time only one [[id:57fcd48a-de61-4ced-8a4c-943cb78595db][major-mode]]. diff --git a/20231012104119-e_buffer.org b/20231012104119-e_buffer.org new file mode 100644 index 0000000..d4866fd --- /dev/null +++ b/20231012104119-e_buffer.org @@ -0,0 +1,32 @@ +:PROPERTIES: +:ID: c7747161-284c-4882-bd11-80bc2a990814 +:END: +#+title: buffer + +An [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] buffer is similar to what other systems might call a file, document, workspace or editor. A buffer can contain text and images. + +Buffers are shown in [[id:216bfc04-0276-4c4b-8ec7-0b7d16bc62cc][emacs-window]] on the screen. A buffer can be displayed in more than one window at a time, or it might not be displayed at all. + +At the bottom of each window is a ModeLine that describes the buffer and its state. Every buffer has a unique buffer name; the name is shown in the mode-line. + +By default, visiting a file puts the file content into a buffer and displays it in a window. By default, the buffer name is based on the (relative) file name. + +Saving a buffer writes it to its visited file. + +Killing a buffer discards its contents. By default, Emacs prompts you if there are unsaved changes. + +By convention, buffers whose names start with an asterisk (*) are not associated with files. For example, by default Emacs starts with an empty buffer named *scratch*. If such buffers have unsaved changes when you exit Emacs, these buffers are discarded without asking. + +Buffers whose names start with a space are invisible, which means they are hidden from many operations. These buffers are typically created and used by Emacs for internal purposes. + +* Buffer Commands and Their Keys +| Key | Meaning | Command | +|---------+------------------------------------------------------------------+---------------------| +| C-x C-f | Find and visit a file | find-file | +| C-x C-r | Visit a file in read-only mode | find-file-read-only | +| C-x C-s | Save the current buffer to its file | save-buffer | +| C-x C-w | Save the current buffer contents to a file you specify (Save As) | write-file | +| C-x k | Kill a buffer you name | kill-buffer | +| C-x b | Switch to editing a buffer you specify | switch-to-buffer | +| C-x C-b | Open the BufferMenu | list-buffers | +| | | | diff --git a/20231012104723-emacs_window.org b/20231012104723-emacs_window.org new file mode 100644 index 0000000..d0ae52a --- /dev/null +++ b/20231012104723-emacs_window.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 216bfc04-0276-4c4b-8ec7-0b7d16bc62cc +:END: +#+title: emacs-window + +In [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]]-speak, a window a [[id:75a2a403-34a2-4e4c-9fb0-10260ef97eab][frame]] pane, that is, a subframe. What is usually called a “window” outside of Emacs is called a frame in Emacs. A window displays the contents of a single buffer. A buffer need not be displayed in a window, however. diff --git a/20231012104820-frame.org b/20231012104820-frame.org new file mode 100644 index 0000000..4393099 --- /dev/null +++ b/20231012104820-frame.org @@ -0,0 +1,17 @@ +:PROPERTIES: +:ID: 75a2a403-34a2-4e4c-9fb0-10260ef97eab +:END: +#+title: emacs-frame + +A frame contains and displays one or [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] [[id:216bfc04-0276-4c4b-8ec7-0b7d16bc62cc][window]]. + +Outside of Emacs, frames are usually called “windows”. + +Outside of Emacs, Emacs windows might be called “panes”, “sub-windows”, or “MDI windows”. + +When running on a graphic display, an Emacs frame is implemented as a window-manager window. + +In a character-cell [[id:b6d24dd6-285f-4c03-883c-dc77b78c652a][shell]] (such as a text console or an xterm) there is an implicit Emacs frame for the terminal. You can create additional frames – each is in effect a virtual terminal. + +A frame is rectangular, with four borders. On a graphic display, a frame usually has a title bar, showing the FrameTitle. By default, a frame has a MenuBar, just under the title bar. On a graphic displays, by default a frame also has a ToolBar with icon buttons. + diff --git a/20231012105423-major_mode.org b/20231012105423-major_mode.org new file mode 100644 index 0000000..c8df815 --- /dev/null +++ b/20231012105423-major_mode.org @@ -0,0 +1,15 @@ +:PROPERTIES: +:ID: 57fcd48a-de61-4ced-8a4c-943cb78595db +:END: +#+title: major-mode + + +Each [[id:c7747161-284c-4882-bd11-80bc2a990814][buffer]] in [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] is in a (single) major mode. Different kinds of buffer have different major modes. For example, if you edit an EmacsLisp file, the major mode (by default) is emacs-lisp-mode. The mode for a file is determined by the SetAutoMode function. + +Each major mode customises Emacs’s behaviour to make it appropriate for the type of buffer by providing appropriate commands, display and key bindings. For example, in emacs-lisp-mode, commands are available that are appropriate to editing EmacsLisp code. In DiredMode, commands are available for manipulating files and directories. Major modes often have SyntaxHighlighting for the visually unimpaired. + +The name of the current major mode is displayed in the mode line. You can change to a different major mode by executing its command. For TextMode (indicated by “Text” in the mode-line), for example, do ~M-x text-mode~. You can use ~C-h m~ for help on the current major mode, and ~C-h b~ to see all the bindings in effect. The symbol identifying the current major mode is stored in the variable major-mode. + +Although many major modes ship with Emacs, sometimes you will need to download an elisp package off the Internet and install it. See InstallingPackages. + +There are also minor modes. Minor modes are orthogonal to major modes. There can be any number of [[id:f2b5ce00-009f-4ae5-bac4-da9d22c79927][minor_mode]]s in a buffer. diff --git a/20231016124044-arch_chroot.org b/20231016124044-arch_chroot.org new file mode 100644 index 0000000..96577d3 --- /dev/null +++ b/20231016124044-arch_chroot.org @@ -0,0 +1,26 @@ +:PROPERTIES: +:ID: 065cec59-82f7-42a5-bcb0-fef56004de40 +:END: +#+title: arch-chroot + +Also known as Chroot or Change [[id:673d1cb1-536b-42f1-a046-40a8937c4283][Root]]. Is a command that lets you use a Root file system of another partition to do manual maintanance. +A chroot is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modified environment cannot access files and commands outside that environmental directory tree. This modified environment is called a chroot jail. +Changing root is commonly done for performing system maintenance on systems where booting and/or logging in is no longer possible. Common examples are: + +- Reinstalling the boot loader. +- Rebuilding the initramfs image. +- Upgrading or downgrading packages. +- Resetting a forgotten password. +- Building packages in a clean chroot. + +To change the Root File System, log into a Shell and input the following commands: +#+begin_src bash + lsblk + sudo mount /dev/ /mnt + sudo mount /dev/ /mnt/boot/efi + sudo arch-chroot /mnt +#+end_src +_Attention_: Do not try to mount the partition of your live environment, as it is already mounted +After this the root of the other system is mounted and the prompt shows the root user indication for the mounted system. The system in use is no longer the home system. + +After you did the system maintenance and did an update use the command ~exit~ to disconnect diff --git a/20231018114352-whiteboard.org b/20231018114352-whiteboard.org new file mode 100644 index 0000000..1e15632 --- /dev/null +++ b/20231018114352-whiteboard.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: ff0e4b42-be30-4d5e-be17-c39195dfe22e +:END: +#+title: whiteboard + +Whiteboard is diff --git a/20231018114748-subnetworks.org b/20231018114748-subnetworks.org new file mode 100644 index 0000000..6026c0e --- /dev/null +++ b/20231018114748-subnetworks.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: c9461f7b-7368-4b88-b90b-2d785fda2159 +:END: +#+title: subnetworks + +A private subnet is a partition of a larger private network or an addition to said network. In comparison to a public network like the internet a private network is not [[id:984f8c3a-245c-459e-bd53-dd1e4ec90ea8][index]] by a search engine or a public [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. A simple example for a subnet is the ovarlaying wireless [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] over a wired LAN. It is usually the case, that the [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] Adress range of the W-LAN are identical with those of the computers connected through a wire, but it is a subnet nonetheless. diff --git a/20231018115208-index.org b/20231018115208-index.org new file mode 100644 index 0000000..8d048d1 --- /dev/null +++ b/20231018115208-index.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 984f8c3a-245c-459e-bd53-dd1e4ec90ea8 +:END: +#+title: index + +An index is a way for a [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] to register availiable machines on the internet. If a PC sends a search request for a website or an [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] address to a [[id:80666401-173e-4828-9c29-552dab716946][dns]] Server, this server then saves the IP address and content of the asked website for faster next searches (caching). It also registers that there is a service availiable at the given address. Web indexing, or internet indexing, comprises methods for indexing the contents of a website or of the Internet as a whole. Individual websites or intranets may use a back-of-the-book index, while search engines usually use keywords and metadata to provide a more useful vocabulary for Internet or onsite searching. With the increase in the number of periodicals that have articles online, web indexing is also becoming important for periodical websites. + +Back-of-the-book-style web indexes may be called "web site A-Z indexes". The implication with "A-Z" is that there is an alphabetical browse view or interface. This interface differs from that of a browse through layers of hierarchical categories (also known as a taxonomy) which are not necessarily alphabetical, but are also found on some web sites. Although an A-Z index could be used to index multiple sites, rather than the multiple pages of a single site, this is unusual. + +Metadata web indexing involves assigning keywords, description or phrases to web pages or web sites within a metadata tag (or "meta-tag") field, so that the web page or web site can be retrieved with a list. This method is commonly used by search engine indexing. diff --git a/20231018115531-protectli.org b/20231018115531-protectli.org new file mode 100644 index 0000000..7b65084 --- /dev/null +++ b/20231018115531-protectli.org @@ -0,0 +1,66 @@ +:PROPERTIES: +:ID: adc016f2-a660-47d7-8974-16b74a02bcbf +:END: +#+title: Protectli +#+filetags: :hardware: + +The Protectli Vault can be used in a number of different applications. For example the Protectli is deployed as Windows [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]], roll-your-own [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] desktops, hypervisors, and of course [[id:b9047be5-edca-4eca-8bac-c45e03373942][Firewall]]. The Madrigal Industrial Solutions GmbH is used the Protectli to create multiple [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]] for different user and services. To do that the protectli is deployed as a firewall, a [[id:d1d940e1-2ddb-405a-8876-2480bdcab749][gateway]], [[id:1af47b07-4205-46ac-837a-ee078067328a][vpn]] ([[id:daa194c9-63f1-433e-8826-a0b4e9020e16][wireguard]]). As software application [[id:10f654fc-489e-4e86-bc20-6448f7ee0b90][opnsense]] is used. + +* Installing + +* Setup +At initialisation you can log into the protectcli using the credentials: root and opensense as password + +** Assigning Interfaces +The first interface is the [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] interface. Type the appropriate interface name, for example “em0”. The second interface is the WAN interface. Type the appropriate interface name, eg. “em1” . Possible additional interfaces can be assigned as OPT interfaces. If you assigned all your interfaces you can press [ENTER] and confirm the settings. OPNsense will configure your system and present the login prompt when finished. + +Press [1] "Assign Interfaces" to assign Interfaces. Follow the instructions from there, don*t use laggs and skip the vlan assignments. You can choose autodetect to configure LAN and [[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]] names automatically. Before you do that disconnect any cables from the interfaces. +If you set it manually: The WAN interface should be set to igc0; the LAN interface to igc1 and set the opt interfaces to igc2 and igc3 + +If you completed the assignment, connect the LAN! port to your [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][router]]. + +** Assign Interface [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] address +Look into your Router Network information which IP the router wants to give your Opnsense firewall and note it down. Go into your opnsense Installation and click the Set Interface IP Adress. Choose the WAN Interface and select [[id:06b466a8-05ae-4bbd-820d-2d80461767fd][DHCP]]. Choose yes to IPV4 and IPV6 and stay with https as [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] additionaly you can let the opnsense use its own [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]] for that. + +After you completed the steps the protectcli gives you hios dhcp adress on which you can log into the web [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]] + +** Configuring the web interface +After logging in create a new user and set a password (Access Tab). +Go to the "System" Tab and select Wizard, Select the Time Zone of your choice and input the LAN IP your router has given to you. After that set the root password. + +After that Update The System (System>Firmware>Updates). +Install the wireguard plugin from the plugins menu (System>Firmware>Plugins) + +If system installation does not work, Check the internet connectivity by pinging 8.8.8.8 in the command line of your opnsense (Keyboard and monitor on the hardware unit) + +If there is no connection to the internet, try pinging the gateway (192.168.178.1 for standard fritzbox) if the ping connects, check if a gateway on your LAN interface is present (GUI) +If not go to to System>Gateway>configuration and add a new gateway. there you specify a name and set the Interface to LAN. Set the IP adress of your gateway terminal (e.g. 192.168.178.1). The network gateway is usually at the first address in the IP Range. + +If you have a stable connection and still can't update because of a broken [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package]] system, go into the [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] of your protectcli and insert the command: +#+begin_src bash + opnsense-bootstrap +#+end_src + +After the process is done you have to set up a gateway as described above + +* Vlans +** create vlan and vlan tag +To Set up a vlan go Interfaces>other types>Vlan. Add A vlan by pressing the plus button. Give the vlan interface a Device name that includes 'vlan0' e.g. vlan0.11. Set the interface device you want to use as a parent device. If you want to setup the LAN interface as a Network device select the igc1 (in this example). Set the vlan tag number you want to use. In the end it does not matter which tag number you choose, as long as you youse that number in your switch or vlan ready devices. Usually the tag nr. one is reserved for maintenance in the switch devices so it could be smart to set a different number. If you have more than one vlan it is wise to set a description of the network. + +** Assign cour vlan to an Interface on your protectli +To do that got to Interface> assignments and setup a new software inmterface for the hardware device or use an existing one. We like to create a new interface for every vlan we create but you can also choose an existing one. If you created a vlan beforehand, there is the option to add a new interface with the new vlan device you created. If you skipped the first step or did not save your configuration properly, that option is missing and there is a note: 'No devices availiable'. You name your new interface by adding a description to it. Add the description, select the vlan you want to use for that and click on add. save the interface assignment. After saving, you have to enable the interface. + +** Enabling and configuring the interface +If you set the interface up correctly, it will show up in the Interface Tab. click on the interface you created. This will lead to the basic configuration of your interface. click on 'Enable interface' to, you guessed it, enable the interface. If your Interface is facing to the Internet, you should block private and bogon networks, just check the corresponding boxes. If you want to setup a private subnetwork you let those boxes be unchecked. If you want to activate dhcp on your private network, select static IPv4 as 'IPv4 configuration type'. this looks counter intuitive as you want to have a dynamic IP lease enabled. But this configuration just lets you set up a static IP Range that your dhcp can choose IP addresses from. If you select 'DHCP' there it just leases out any IP. after that change the IPv4 address under 'static IPv4 configuration' to the first address in the address range you want to use. So if you want to have the standard IP range for private networks (for us that is 192.168.178.0) so you would set the Interface IP to 192.168.178.1 (usually for the gateway, see above) and select 24 instead of 32 as Ip-Bit of the [[id:2adb9518-1918-4799-979e-02843de79dec][netmask]] (denoting IPv4). After that click on save. + +** Enabling DHCP service +To do that click on the tab Services>ISC DHCPv4. Select the interfacewere you want the dhcp service enabled and check the box. If you enabled dhcp you need to set the range in which the IP adresses can be leased out by client machines. The availiable range given above denotes how much adresses are availiable in the corresponding range. The subnet and the subnet mask are also given above. Excluding the first entry you can choose 255 Adresses out of your subnet, denoted by your subnet mask entry (2-254, so the first and the last entry of your 255 adresses are reserved). For example you can choose a range of 11 availiable IPs by setting the range to 192.168.178.20 - 192.168.178.30. That means, that 11 IPs are ready to be leased out so that 11 clients can be present in the vlan. You can set up a addiational pool of IPs or use fixed IP for special clients using the static ARP entries and their MAC adress. If you are finished with the configuration click on save and apply the changes. + +** Watching the lease +Connect a PC to the hardware interface for testing out the dhcp. In tab Services>ISC DHCP>leases the PC with its MAC Adress and the leased IP. Here you can set the IP fix for the connected PC or delete the dhcp lease. Imortant You can configure the length of a dhcp lease. In the standard configuration a dhcp lease does not run out and a lease length in another router might not as well. As long as the PC connected already has saved an IP adress it might not let go of it. So if your pc was connected to another Router beforehand it might not automatically contact your dhcp server for a new one immdiately. So either you wait for that to happen or you restart the connected PC. after that it should get a new lease. + +* configuring the Firwall +Route IN : Source (here) --> This interface --> allowance Check by this interface -->Destination Interface --> Destination (other) +The mother allows a child to go to an open park +Route OUT: Destination (here) <-x-- Check by this interface for block <-- This interface <-- Source interface <-- Source (other) +your mother allows you to come to my house to play but my mother does not approve of you coming over diff --git a/20231018120803-lan.org b/20231018120803-lan.org new file mode 100644 index 0000000..9abb910 --- /dev/null +++ b/20231018120803-lan.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 213d19d9-ca8d-42b1-998a-2f34d1d9cd4c +:END: +#+title: LAN + +Also called local area network. A local area network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network ([[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]]) not only covers a larger geographic distance, but also generally involves leased telecommunication circuits. + +[[id:c5a27aff-1c9c-4355-a793-202d71388930][ethernet]] and Wi-Fi are the two most common technologies in use for local area networks. Historical network technologies include ARCNET, Token Ring and AppleTalk. diff --git a/20231018120936-wan.org b/20231018120936-wan.org new file mode 100644 index 0000000..1d5226e --- /dev/null +++ b/20231018120936-wan.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 053d9bdf-c6fe-42ce-8c44-d6945f612bf3 +:END: +#+title: WAN + +Also called Wide Area Network. A wide area network is a telecommunications network that extends over a large geographic area. Wide area networks are often established with leased telecommunication circuits. + +Businesses, as well as schools and government entities, use wide area networks to relay data to staff, students, [[id:70899526-8b7d-4976-94fc-cc07c41e550a][clients]], buyers and suppliers from various locations around the world. In essence, this mode of telecommunication allows a business to effectively carry out its daily function regardless of location. The Internet may be considered a WAN. Many WANs are, however, built for one particular organization and are private. WANs can be separated from local area networks ([[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]]s) in that the latter refers to physically proximal [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networks]]. diff --git a/20231018121004-firewall.org b/20231018121004-firewall.org new file mode 100644 index 0000000..e9ec79b --- /dev/null +++ b/20231018121004-firewall.org @@ -0,0 +1,34 @@ +:PROPERTIES: +:ID: b9047be5-edca-4eca-8bac-c45e03373942 +:END: +#+title: Firewall + + + Firewall is a network security device that monitors and filters incoming and outgoing [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networks]] [[id:20efb455-5575-4b8b-857f-7c337bee644c][traffic]] based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out. + + Firewalls are categorized as a network-based or a host-based system. Network-based firewalls are positioned between two or more networks, typically between the local area network ([[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]]) and wide area network ([[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]]), their basic function is to control the flow of data between connected networks. They are either a software appliance running on general-purpose [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]], a hardware appliance running on special-purpose hardware, or a virtual appliance running on a virtual host controlled by a hypervisor. Firewall appliances may also offer non firewall functionality, such as [[id:06b466a8-05ae-4bbd-820d-2d80461767fd][DHCP]] or [[id:1af47b07-4205-46ac-837a-ee078067328a][vpn]] services. Host-based firewalls are deployed directly on the host itself to control network traffic or other computing resources. This can be a [[id:e108b31b-23c1-47fe-a794-84e41bc45044][daemon]] or service as a part of the [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating system]] or an agent application for protection. + +* Types +The first reported type of network firewall is called a [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]] filter, which inspects packets transferred between computers. The firewall maintains an access-control list which dictates what packets will be looked at and what action should be applied, if any, with the default action set to silent discard. Three basic actions regarding the packet consist of a silent discard, discard with Internet Control Message Protocol or TCP reset response to the sender, and forward to the next hop. Packets may be filtered by source and destination [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] addresses, [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]], source and destination [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]]. The bulk of Internet communication in 20th and early 21st century used either Transmission Control Protocol ([[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]]) or User Datagram Protocol ([[id:b9c823ff-4cf4-46a0-8654-54bdc7b67d30][UDP]]) in conjunction with well-known ports, enabling firewalls of that era to distinguish between specific types of traffic such as web browsing, remote printing, email transmission, and file transfers. + +** packet filter +The first paper published on firewall technology was in 1987 when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin continued their research in packet filtering and developed a working model for their own company based on their original first-generation architecture. In 1992, Steven McCanne and Van Jacobson released a paper on BSD Packet Filter (BPF) while at Lawrence Berkeley Laboratory. + +** connection tracking +From 1989–1990, three colleagues from AT&T Bell Laboratories, Dave Presotto, Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls, calling them circuit-level [[id:d1d940e1-2ddb-405a-8876-2480bdcab749][gateway]]. + +Second-generation firewalls perform the work of their first-generation predecessors but also maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses are using at layer 4 (transport layer) of the OSI model for their conversation, allowing examination of the overall exchange between the nodes. + +** application layer filtering +The key benefit of application layer filtering is that it can understand certain applications and protocols such as File Transfer Protocol ([[id:7fb31a9c-b252-493f-958b-e2d330047b18][FTP]]), Domain Name System ([[id:80666401-173e-4828-9c29-552dab716946][dns]]), or Hypertext Transfer Protocol (HTTP). This allows it to identify unwanted applications or services using a non standard [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]], or detect if an allowed protocol is being abused. It can also provide unified security management including enforced encrypted DNS and virtual private networking. + +As of 2012, the next-generation firewall provides a wider range of inspection at the application layer, extending deep packet inspection functionality to include, but is not limited to: + +- Web filtering +- Intrusion prevention systems +- User identity management +- Web application firewall + +** endpoint specific filtering +Endpoint-based application firewalls function by determining whether a process should accept any given connection. Application firewalls filter connections by examining the process ID of data packets against a rule set for the local process involved in the data transmission. Application firewalls accomplish their function by hooking into socket calls to filter the connections between the application layer and the lower layers. Application firewalls that hook into socket calls are also referred to as socket filters. + diff --git a/20231018121600-serverx.org b/20231018121600-serverx.org new file mode 100644 index 0000000..74ebeae --- /dev/null +++ b/20231018121600-serverx.org @@ -0,0 +1,13 @@ +:PROPERTIES: +:ID: f2b1d5af-1a7d-47a5-95c8-4a85d558419e +:END: +#+title: server + +In computing, a server is a piece of computer hardware or software (computer program) that provides functionality for other programs or devices, called "[[id:70899526-8b7d-4976-94fc-cc07c41e550a][clients]]". This architecture is called the client–server model. Servers can provide various functionalities, often called "services", such as sharing data or resources among multiple clients or performing computations for a client. A single server can serve multiple clients, and a single client can use multiple servers. A client process may run on the same device or may connect over a network to a server on a different device. Typical servers are database servers, file servers, mail servers, print servers, web servers, game servers, and application servers. + +Client–server systems are usually most frequently implemented by (and often identified with) the request–response model: a client sends a request to the server, which performs some action and sends a response back to the client, typically with a result or acknowledgment. Designating a computer as "server-class hardware" implies that it is specialized for running servers on it. This often implies that it is more powerful and reliable than standard personal computers, but alternatively, large computing [[id:408e8348-778a-4fbd-a14d-9f3d9c595b4a][clusters]] may be composed of many relatively simple, replaceable server components + +* Server in use +** [[id:d54bf885-a702-48bb-b108-e9e982bc5952][master-computation-server-w0]] +** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][main-communication-server-w10]] +** [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][backup-server-w11]] diff --git a/20231018151353-client.org b/20231018151353-client.org new file mode 100644 index 0000000..abf0342 --- /dev/null +++ b/20231018151353-client.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 70899526-8b7d-4976-94fc-cc07c41e550a +:END: +#+title: client + +In computing, a client is a piece of computer hardware or software that accesses a service made available by a [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] as part of the client–server model of computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networks]]. The server is often (but not always) on another computer system, in which case the client accesses the service by way of a network. + +A client is a computer or a program that, as part of its operation, relies on sending a request to another program or a computer hardware or software that accesses a service made available by a server (which may or may not be located on another computer). For example, web browsers are clients that connect to web servers and retrieve web pages for display. Email clients retrieve email from mail servers. Online chat uses a variety of clients, which vary on the [[id:29c8ec85-9de8-4ace-8c52-13a086341861][chat]] [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] being used. Multiplayer video games or online video games may run as a client on each computer. The term "client" may also be applied to computers or devices that run the client software or users that use the client software. + +A client is part of a client–server model, which is still used today. Clients and servers may be computer programs run on the same machine and connect via inter-process communication techniques. Combined with Internet sockets, programs may connect to a service operating on a possibly remote system through the [[id:f055acfb-05dd-4228-a92a-356240b8c975][Internet protocol suite]]. Servers wait for potential clients to initiate connections that they may accept. + +The term was first applied to devices that were not capable of running their own stand-alone programs, but could interact with remote computers via a network. These computer terminals were clients of the time-sharing mainframe computer. diff --git a/20231018152136-terminal.org b/20231018152136-terminal.org new file mode 100644 index 0000000..5c4a9c7 --- /dev/null +++ b/20231018152136-terminal.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: 4c3c3777-af52-4cde-8d9b-f356701b94c9 +:END: +#+title: terminal +#+filetags: :basics:system: + +A computer terminal is an electronic or electromechanical hardware device that can be used for entering data into, and transcribing data from, a computer or a computing system. The teletype was an example of an early-day hard-copy terminal and predated the use of a computer screen by decades. + +Early terminals were inexpensive devices but very slow compared to punched cards or paper tape for input, yet as the technology improved and video displays were introduced, terminals pushed these older forms of interaction from the industry. A related development was time-sharing systems, which evolved in parallel and made up for any inefficiencies in the user's typing ability with the ability to support multiple users on the same machine, each at their own terminal or terminals. + +The function of a terminal is typically confined to transcription and input of data; a device with significant local, programmable data-processing capability may be called a "smart terminal" or fat [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]. A terminal that depends on the host computer for its processing power is called a "dumb terminal" or a thin client. A personal computer can run [[id:5ddb50eb-4257-44cb-9193-1606b348e886][terminal emulator]] software that replicates functions of a real-world terminal, sometimes allowing concurrent use of local programs and access to a distant terminal host system, either over a direct serial connection or over a network using, e.g., [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]. diff --git a/20231018152540-terminal_emulators.org b/20231018152540-terminal_emulators.org new file mode 100644 index 0000000..6a6ba3a --- /dev/null +++ b/20231018152540-terminal_emulators.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 5ddb50eb-4257-44cb-9193-1606b348e886 +:END: +#+title: terminal emulators + +A terminal emulator, or terminal application, is a computer program that emulates a video terminal within some other display architecture. Though typically synonymous with a shell or text terminal, the term terminal covers all remote terminals, including [[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][Graphical user interfaces]]. A terminal emulator inside a graphical user interface is often called a terminal window. + +A terminal window allows the user access to a text terminal and all its applications such as [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] interfaces (CLI) and text user interface (TUI) applications. These may be running either on the same machine or on a different one via telnet, [[id:422e07f8-c888-460f-849e-76d451946045][ssh]], dial-up, or over a direct serial connection. On [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Unix-like operating systems]], it is common to have one or more terminal windows connected to the local machine. + +* examples +** [[id:b65b3f3a-e0a3-49ca-9005-5a1055c07cdf][kitty]] +** alacrity diff --git a/20231018153213-kitty.org b/20231018153213-kitty.org new file mode 100644 index 0000000..35df6f6 --- /dev/null +++ b/20231018153213-kitty.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: b65b3f3a-e0a3-49ca-9005-5a1055c07cdf +:END: +#+title: kitty + +kitty is a free and open-source GPU-accelerated [[id:5ddb50eb-4257-44cb-9193-1606b348e886][terminal emulator]] for [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] and macOS focused on performance and features. kitty is written in a mix of C and [[id:ba15b77e-e9a2-4a21-b63f-b9b350ec811a][python]] programming languages. It provides GPU support. diff --git a/20231018153725-hardware.org b/20231018153725-hardware.org new file mode 100644 index 0000000..be11aeb --- /dev/null +++ b/20231018153725-hardware.org @@ -0,0 +1,42 @@ +:PROPERTIES: +:ID: 01ec5ed6-a234-4063-994b-174f704bb28a +:END: +#+title: hardware + +The Madrigal Industrial Solutions GmbH have diffrent hardware for it-secruity, commuincation, computing and data processing & -storage. + +* Secruity +** [[id:0eb82c5c-7967-44ce-9f2b-9024d34c2ffb][Modem]] +*** DrayTek Vigor 167 +** Wireless Access Point ([[id:ccab5008-e48e-413d-bcb5-c6771fa77a3d][WAP]]) +*** TP-Linkl EAP245 AC1750 +** [[id:adc016f2-a660-47d7-8974-16b74a02bcbf][Protectli]] Vault +*** FW4C - 4 [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][Port]] +** Managed [[id:dd78168d-152c-4aca-a02b-6be0c950920d][Switch]] +*** Zyxel 24-Port Gigabit [[id:dd78168d-152c-4aca-a02b-6be0c950920d][Switch]] + +* Computing +** [[id:d54bf885-a702-48bb-b108-e9e982bc5952][W0]] +*** 24 core AMD Ryzen Threadripper with 256GB DDR4 & serial harddiscs +** [[id:f13f2c9c-4550-4e44-8a14-dc327234d38e][W1]] +*** Dell-Workstation with 4 core I5-7500T, 32GB DDR4 & 256GB SSD M.2 +** [[id:45e10136-fb77-4712-85ef-32adf5cdc489][W2]] +*** Dell-Workstation with 6 core I5-10500T, 64GB DDR4 & 256GB SSD M.2 +** [[id:56a6d355-01cf-44b8-87c7-c77f9db2ce29][W3]] +*** Dell-Workstation with 6 core I5-9500T, 64GB DDR4 & 256GB SSD M.2 +** [[id:845742e6-33e3-4d5b-8a4e-5cec9f448862][W4]] +*** Dell-Workstation with 6 core I5-8500T, 64GB DDR4 & 256GB SSD M.2 +** [[id:cd93c833-85b6-4955-8660-d150373d4ac5][W5]] +*** Dell-Workstation with 6 core I5-10500T, 64GB DDR4 & 256GB SSD M.2 +** [[id:d48299ee-efe3-40d4-a223-26d2c772b522][W6]] +*** Dell-Workstation with 6 core I5-9500T, 64GB DDR4 & 256GB SSD M.2 +** [[id:a08abe7e-23ab-4b59-a105-9873dc79de43][W9]] +*** Lenovo ThinkCenter + +* Communication +** [[id:80a4104e-af18-4d90-a45e-2c92b51e8c0c][W10]] +*** Lenovo Thinkcenter M83 with 4 core Intel I5-4950T processor, 16GB DDR3 & 4TB SATA + +* Storage/[[id:56d784ed-a87c-441f-b819-73369760ca32][Backup]] +** [[id:fbf9a139-a414-4349-b217-663f15e9a8bd][W11]] +*** Lenovo ThinkCenter M83 with 4 core Intel I5-4950T processor, 16GB DDR3 & 4TB SATA diff --git a/20231018160408-sip.org b/20231018160408-sip.org new file mode 100644 index 0000000..4ddd537 --- /dev/null +++ b/20231018160408-sip.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 6f3d3914-0739-4e26-b8f8-05c932cd2833 +:END: +#+title: SIP + +The Session Initiation Protocol (SIP) is a signaling [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] telephone systems, as well as mobile phone calling over LTE (VoLTE). + +The protocol defines the specific format of messages exchanged and the sequence of communications for cooperation of the participants. SIP is a text-based protocol, incorporating many elements of the Hypertext Transfer Protocol (HTTP) and the Simple Mail Transfer Protocol (SMTP). A call established with SIP may consist of multiple media streams, but no separate streams are required for applications, such as text messaging, that exchange data as payload in the SIP message. + +SIP works in conjunction with several other protocols that specify and carry the session media. Most commonly, media type and parameter negotiation and media setup are performed with the Session Description Protocol (SDP), which is carried as payload in SIP messages. SIP is designed to be independent of the underlying transport layer protocol and can be used with the User Datagram Protocol ([[id:b9c823ff-4cf4-46a0-8654-54bdc7b67d30][UDP]]), the Transmission Control Protocol ([[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]]), and the Stream Control Transmission Protocol (SCTP). For secure transmissions of SIP messages over insecure network links, the protocol may be encrypted with Transport Layer Security ([[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]]). For the transmission of media streams (voice, video) the SDP payload carried in SIP messages typically employs the Real-time Transport Protocol (RTP) or the Secure Real-time Transport Protocol (SRTP). + +It is used by [[id:5c50958e-e38d-4f6c-b111-2a50a48cc1de][freepbx]]/[[id:a88d9210-6085-4def-982a-d4a6ff391a2e][linphone]] as communication protocol diff --git a/20231018161822-switch.org b/20231018161822-switch.org new file mode 100644 index 0000000..e4ee545 --- /dev/null +++ b/20231018161822-switch.org @@ -0,0 +1,15 @@ +:PROPERTIES: +:ID: dd78168d-152c-4aca-a02b-6be0c950920d +:END: +#+title: switch + +A network switch (also called switching hub, bridging hub, and, by the IEEE, MAC bridge) is [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networking]] hardware that connects devices on a computer network by using [[id:fde35a08-897d-4502-aead-1f4414ea639c][packet]] switching to receive and forward data to the destination device. + +A network switch is a [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][multiport]] network bridge that uses MAC addresses to forward data at the data link layer (layer 2) of the OSI model. Some switches can also forward data at the network layer (layer 3) by additionally incorporating routing functionality. Such switches are commonly known as layer-3 switches or multilayer switches. + +Switches for [[id:c5a27aff-1c9c-4355-a793-202d71388930][ethernet]] are the most common form of network switch. The first MAC Bridge was invented in 1983 by Mark Kempf, an engineer in the Networking Advanced Development group of Digital Equipment Corporation. The first 2 port Bridge product ([[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]]Bridge 100) was introduced by that company shortly after. The company subsequently produced multi-port switches for both Ethernet and FDDI such as GigaSwitch. Digital decided to license its MAC Bridge patent in a royalty-free, non-discriminatory basis that allowed IEEE standardization. This permitted a number of other companies to produce multi-port switches, including Kalpana. Ethernet was initially a shared-access medium, but the introduction of the MAC bridge began its transformation into its most-common point-to-point form without a collision domain. Switches also exist for other types of networks including Fibre Channel, Asynchronous Transfer Mode, and InfiniBand. + +Unlike repeater hubs, which broadcast the same data out of each port and let the devices pick out the data addressed to them, a network switch learns the identities of connected devices and then only forwards data to the port connected to the device to which it is addressed. + +* Managed switches +** [[id:85767dac-220f-4ca2-83cd-108ffecce62f][zyxel]] diff --git a/20231018162107-modem.org b/20231018162107-modem.org new file mode 100644 index 0000000..2acbcd9 --- /dev/null +++ b/20231018162107-modem.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 0eb82c5c-7967-44ce-9f2b-9024d34c2ffb +:END: +#+title: modem + +A digital subscriber line ([[id:52ff159a-87dc-421c-87c2-803416acd7ae][DSL]]) modem is a device used to connect a computer or [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][router]] to a telephone line which provides the digital subscriber line (DSL) service for connection to the Internet, which is often called DSL broadband. The modem connects to a single computer or router, through an [[id:c5a27aff-1c9c-4355-a793-202d71388930][ethernet]] [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][ports]], USB port, or is installed in a computer PCI slot. + +The more common DSL router is a standalone device that combines the function of a DSL modem and a router, and can connect multiple computers through multiple Ethernet ports or an integral wireless access point ([[id:ccab5008-e48e-413d-bcb5-c6771fa77a3d][WAP]]). Also called a residential gateway, a DSL router usually manages the connection and sharing of the DSL service in a home or small office network. + +Different DSL routers and modems support different DSL technology variants: VDSL, SDSL, and ADSL. diff --git a/20231018162313-dsl.org b/20231018162313-dsl.org new file mode 100644 index 0000000..e4fb644 --- /dev/null +++ b/20231018162313-dsl.org @@ -0,0 +1,14 @@ +:PROPERTIES: +:ID: 52ff159a-87dc-421c-87c2-803416acd7ae +:END: +#+title: DSL + +Digital subscriber line (DSL; originally digital subscriber loop) is a family of technologies that are used to transmit digital data over telephone lines or [[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]] interfaces/cables. In telecommunications marketing, the term DSL is widely understood to mean asymmetric digital subscriber line (ADSL), the most commonly installed DSL technology, for Internet access. + +DSL service can be delivered simultaneously with wired telephone service on the same telephone line since DSL uses higher frequency bands for data. On the customer premises, a DSL filter on each non-DSL outlet blocks any high-frequency interference to enable simultaneous use of the voice and DSL services. + +The bit rate of consumer DSL services typically ranges from 256 kbit/s to over 100 Mbit/s in the direction to the customer (downstream), depending on DSL technology, line conditions, and service-level implementation. Bit rates of 1 Gbit/s have been reached. + +In ADSL, the data throughput in the upstream direction (the direction to the service provider) is lower, hence the designation of asymmetric service. In symmetric digital subscriber line (SDSL) services, the downstream and upstream data rates are equal. Researchers at Bell Labs have reached speeds over 1 Gbit/s for symmetrical broadband access services using traditional copper telephone lines, though such speeds have not yet been deployed elsewhere. + + diff --git a/20231018162457-router.org b/20231018162457-router.org new file mode 100644 index 0000000..e818ae9 --- /dev/null +++ b/20231018162457-router.org @@ -0,0 +1,13 @@ +:PROPERTIES: +:ID: d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f +:END: +#+title: router + +A router is a networking device that forwards data [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]] between computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networks]]. Routers perform the traffic directing functions between networks and on the global Internet. Data sent through a network, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork (e.g. the Internet ([[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]])) until it reaches its destination node. + +A router is connected to two or more data lines from different [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] networks. When a data packet comes in on one of the lines, the router reads the network address information in the packet header to determine the ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey. + +The most familiar type of IP routers are home and small office routers that simply forward IP packets between the home computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. + +A carrier class router with 10G/40G/100G interfaces and redundant processor/power/fan modules +Routers can be built from standard computer parts but are mostly specialized purpose-built computers. Early routers used software-based forwarding, running on a CPU. More sophisticated devices use application-specific integrated circuits (ASICs) to increase performance or add advanced filtering and [[id:b9047be5-edca-4eca-8bac-c45e03373942][firewall]] functionality. diff --git a/20231018162937-wap.org b/20231018162937-wap.org new file mode 100644 index 0000000..3577a68 --- /dev/null +++ b/20231018162937-wap.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: ccab5008-e48e-413d-bcb5-c6771fa77a3d +:END: +#+title: WAP + +Also called wireless acces point. In computer networking, a wireless access point, or more generally just access point (AP), is a [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networking]] hardware device that allows other Wi-Fi devices to connect to a wired network. As a standalone device, the AP may have a wired connection to a [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][router]], but, in a wireless router, it can also be an integral component of the router itself. An AP is differentiated from a hotspot which is a physical location where Wi-Fi access is available. + +Although WAP has been used incorrectly to describe an Access Point, the clear definition is Wireless Application Protocol which describes a [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] rather than a physical device. diff --git a/20231018163617-packets.org b/20231018163617-packets.org new file mode 100644 index 0000000..4d3348a --- /dev/null +++ b/20231018163617-packets.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: fde35a08-897d-4502-aead-1f4414ea639c +:END: +#+title: packets + +Packets in [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networking]] are the control messages that are sent between devices. In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-[[id:dd78168d-152c-4aca-a02b-6be0c950920d][switched]] network. A packet consists of control information and user data; the latter is also known as the payload. Control information provides data for delivering the payload (e.g., source and destination network addresses, error detection codes, or sequencing information). Typically, control information is found in packet headers and trailers. + +In packet switching, the bandwidth of the transmission medium is shared between multiple communication sessions, in contrast to circuit switching, in which circuits are preallocated for the duration of one session and data is typically transmitted as a continuous bit stream. diff --git a/20231018164930-kernel.org b/20231018164930-kernel.org new file mode 100644 index 0000000..11b9dae --- /dev/null +++ b/20231018164930-kernel.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 33388695-657c-44a2-8359-c7b6137233d0 +:END: +#+title: kernel + +The kernel is a computer program at the core of a computer's [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating system]] and generally has complete control over everything in the system. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources (e.g. I/O, memory, cryptography) via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources e.g. CPU & cache usage, file systems, and [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] sockets. On most systems, the kernel is one of the first programs loaded on startup (after the bootloader). It handles the rest of startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit. diff --git a/20231018165215-arp.org b/20231018165215-arp.org new file mode 100644 index 0000000..aaab704 --- /dev/null +++ b/20231018165215-arp.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: cdcf5e86-4af4-4137-8dc8-6f85061ad60a +:END: +#+title: ARP + +The Address Resolution Protocol (ARP) is a communication [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol ([[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]]) suite. ARP was defined in 1982 by RFC 826, which is Internet Standard STD 37. diff --git a/20231018165353-ethernet.org b/20231018165353-ethernet.org new file mode 100644 index 0000000..9fa03e0 --- /dev/null +++ b/20231018165353-ethernet.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: c5a27aff-1c9c-4355-a793-202d71388930 +:END: +#+title: ethernet + +Ethernet is a family of wired computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networking]] technologies commonly used in local area networks ([[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]]), metropolitan area networks (MAN) and wide area networks ([[id:053d9bdf-c6fe-42ce-8c44-d6945f612bf3][WAN]]). It was commercially introduced in 1980 and first standardized in 1983 as IEEE 802.3. Ethernet has since been refined to support higher bit rates, a greater number of nodes, and longer link distances, but retains much backward compatibility. Over time, Ethernet has largely replaced competing wired LAN technologies such as Token Ring, FDDI and ARCNET. diff --git a/20231018170807-ports.org b/20231018170807-ports.org new file mode 100644 index 0000000..4ce9071 --- /dev/null +++ b/20231018170807-ports.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: f4bb4857-2112-4e10-a22e-6da1436ce7b7 +:END: +#+title: port + +In computer networking, a port or port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] service. A port at the software level is identified for each transport [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol ([[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]]) and the User Datagram Protocol ([[id:b9c823ff-4cf4-46a0-8654-54bdc7b67d30][UDP]]); those port numbers are 16-bit unsigned numbers. + +A port number is always associated with a network address of a host, such as an [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] address, and the type of transport protocol used for communication. It completes the destination or origination address of a message. Specific port numbers are reserved to identify specific services so that an arriving [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]] can be easily forwarded to a running application. For this purpose, port numbers lower than 1024 identify the historically most commonly used services and are called the well-known port numbers. Higher-numbered ports are available for general use by applications and are known as ephemeral ports. + +Ports provide a multiplexing service for multiple services or multiple communication sessions at one network address. In the [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]–[[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] model of application architecture, multiple simultaneous communication sessions may be initiated for the same service. + diff --git a/20231019154450-flag.org b/20231019154450-flag.org new file mode 100644 index 0000000..ada6967 --- /dev/null +++ b/20231019154450-flag.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 6d29efeb-1f03-401b-bbed-e19fc94dbbbc +:END: +#+title: flag + +A flag is a way to pass options to the command you are executing. Most Linux commands have a help page that we can call with the ~-h~ flag. Most of the time, the flags are optional. Flags can be also given with ~--~ and the flag name, for example ~--help~ diff --git a/20231019160402-traffic.org b/20231019160402-traffic.org new file mode 100644 index 0000000..91155b0 --- /dev/null +++ b/20231019160402-traffic.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 20efb455-5575-4b8b-857f-7c337bee644c +:END: +#+title: traffic + +[[id:c9461f7b-7368-4b88-b90b-2d785fda2159][Network]] traffic or data traffic is the amount of data moving across a network at a given point of time. Network data in computer networks is mostly encapsulated in network [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]], which provide the [[id:96c1f3b2-5f11-4cbc-8ed9-71a165026e29][payload]] in the network. Network traffic is the main component for network traffic measurement, network traffic control and simulation. + + diff --git a/20231019160714-payload.org b/20231019160714-payload.org new file mode 100644 index 0000000..7e32479 --- /dev/null +++ b/20231019160714-payload.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 96c1f3b2-5f11-4cbc-8ed9-71a165026e29 +:END: +#+title: payload + +In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery and are considered overhead. those two components together form the [[network]] [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]]. + +In the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action. + +The term is borrowed from transportation, where payload refers to the part of the load that pays for transportation. diff --git a/20231019161833-dhcp.org b/20231019161833-dhcp.org new file mode 100644 index 0000000..8ee8282 --- /dev/null +++ b/20231019161833-dhcp.org @@ -0,0 +1,13 @@ +:PROPERTIES: +:ID: 06b466a8-05ae-4bbd-820d-2d80461767fd +:END: +#+title: DHCP + +The Dynamic Host Configuration Protocol (DHCP) is a [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] management [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] used on Internet Protocol ([[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]]) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]–[[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] architecture. + +The technology eliminates the need for individually configuring network devices manually, and consists of two network components, a centrally installed network DHCP server and client instances of the protocol stack on each computer or device. When connected to the network, and periodically thereafter, a client requests a set of parameters from the server using DHCP. + +DHCP can be implemented on networks ranging in size from residential networks to large campus networks and regional ISP networks. Many [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][router]] and residential [[id:d1d940e1-2ddb-405a-8876-2480bdcab749][gateway]]s have DHCP server capability. Most residential network routers receive a unique IP address within the ISP network. Within a local network, a DHCP server assigns a local IP address to each device if the [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating system]] allows it. + +DHCP services exist for networks running Internet Protocol version 4 (IPv4), as well as version 6 (IPv6). The IPv6 version of the DHCP protocol is commonly called DHCPv6. + diff --git a/20231019162715-gateway.org b/20231019162715-gateway.org new file mode 100644 index 0000000..425f494 --- /dev/null +++ b/20231019162715-gateway.org @@ -0,0 +1,17 @@ +:PROPERTIES: +:ID: d1d940e1-2ddb-405a-8876-2480bdcab749 +:END: +#+title: gateway + +A gateway is a piece of [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]] [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]] or software used in telecommunications networks that allows data to flow from one discrete network to another. Gateways are distinct from [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][router]] or [[id:dd78168d-152c-4aca-a02b-6be0c950920d][switch]] in that they communicate using more than one protocol to connect multiple networks and can operate at any of the seven layers of the open systems interconnection model (OSI). + +The term gateway can also loosely refer to a computer or computer program configured to perform the tasks of a gateway, such as a default gateway or router, and in the case of HTTP, gateway is also often used as a synonym for [[id:98642623-d85a-432c-90d5-bfff7ead8c7b][reverse-proxy]]. It can also refer to a device installed in homes that combines router and [[id:0eb82c5c-7967-44ce-9f2b-9024d34c2ffb][modem]] functionality into one device, used by ISPs, also called a residential gateway. + +* Network gateway +A network gateway provides a connection between networks and contains devices, such as [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] translators, impedance matchers, rate converters, fault isolators, or signal translators. A network gateway requires the establishment of mutually acceptable administrative procedures between the networks using the gateway. Network gateways, known as protocol translation gateways or mapping gateways, can perform protocol conversions to connect networks with different network protocol technologies. For example, a network gateway connects an office or home intranet to the Internet. If an office or home computer user wants to load a web page, at least two network gateways are accessed—one to get from the office or home network to the Internet and one to get from the Internet to the computer that serves the web page. + +On an Internet Protocol ([[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]]) network, IP packets with a destination outside a given subnetwork are sent to the network gateway. For example, if a private network has a base IPv4 address of 192.168.1.0 and has a subnet mask of 255.255.255.0, then any data addressed to an IP address outside of 192.168.1.0–192.168.1.255 is sent to the network gateway. IPv6 networks work in a similar way. While forwarding an IP packet to another network, the gateway may perform network address translation. + +In enterprise networks, a network gateway usually also acts as a proxy server and a firewall. + +On Microsoft Windows, the Internet Connection Sharing feature allows a computer to act as a gateway by offering a connection between the Internet and an internal network. diff --git a/20231019163059-proxy.org b/20231019163059-proxy.org new file mode 100644 index 0000000..d17e87e --- /dev/null +++ b/20231019163059-proxy.org @@ -0,0 +1,33 @@ +:PROPERTIES: +:ID: 98642623-d85a-432c-90d5-bfff7ead8c7b +:END: +#+title: proxy + +In computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][networking]] a proxy [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] is a server application that acts as an intermediary between a [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process. + +Instead of connecting directly to a server that can fulfill a request for a resource, such as a file or web page, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as [[id:96c1f3b2-5f11-4cbc-8ed9-71a165026e29][load]] balancing, privacy, or security. Proxies were devised to add structure and encapsulation to distributed systems. A proxy server thus functions on behalf of the client when requesting service, potentially masking the true origin of the request to the resource server. + +* Types +A proxy server may reside on the user's local computer, or at any point between the user's computer and destination servers on the Internet. A proxy server that passes unmodified requests and responses is usually called a [[id:d1d940e1-2ddb-405a-8876-2480bdcab749][gateway]] or sometimes a tunneling proxy. A forward proxy is an Internet-facing proxy used to retrieve data from a wide range of sources (in most cases, anywhere on the Internet). A reverse proxy is usually an internal-facing proxy used as a front-end to control and protect access to a server on a private network. A reverse proxy commonly also performs tasks such as load-balancing, authentication, decryption and caching. + +** open proxy +An open proxy is a forwarding proxy server that is accessible by any Internet user. In 2008, network security expert Gordon Lyon estimated that "hundreds of thousands" of open proxies are operated on the Internet. + +Anonymous proxy: This server reveals its identity as a proxy server but does not disclose the originating [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] address of the client. Although this type of server can be discovered easily, it can be beneficial for some users as it hides the originating IP address. +Transparent proxy: This server not only identifies itself as a proxy server, but with the support of HTTP header fields such as [[id:98eade62-125a-40f1-b572-ff3e107ca4fa][x-forwarding]]-For, the originating IP address can be retrieved as well. The main benefit of using this type of server is its ability to cache a website for faster retrieval. + +** Reverse proxy +A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Reverse proxies forward requests to one or more ordinary servers that handle the request. The response from the original server is returned as if it came directly from the proxy server, leaving the client with no knowledge of the original server. Reverse proxies are installed in the vicinity of one or more web servers. All traffic coming from the Internet and with a destination of one of the neighborhood's web servers goes through the proxy server. The use of "reverse" originates in its counterpart "forward proxy" since the reverse proxy sits closer to the web server and serves only a restricted set of websites. There are several reasons for installing reverse proxy servers: + +Encryption/SSL acceleration: when secure websites are created, the Secure Sockets Layer ([[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]]) encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]]. Furthermore, a host can provide a single "SSL proxy" to provide SSL encryption for an arbitrary number of hosts, removing the need for a separate SSL server [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]] for each host, with the downside that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections. This problem can partly be overcome by using the SubjectAltName feature of X.509 certificates or the SNI extension of [[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]]. +Load balancing: the reverse proxy can distribute the load to several web servers, each serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations). +Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content. +Compression: the proxy server can optimize and compress the content to speed up the load time. +Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly "spoon feeding" it to the client. This especially benefits dynamically generated pages. +Security: the proxy server is an additional layer of defense and can protect against some [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][OS]] and web-server-specific attacks. However, it does not provide any protection from attacks against the web application or service itself, which is generally considered the larger threat. +Extranet publishing: a reverse proxy server facing the Internet can be used to communicate to a firewall server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet. + +* Deployment +The reverse proxies are deployed via [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]]. +** [[id:90e3b8a2-b523-4044-af6f-fd4a559b2d7f][traefik_docker]] +** [[id:0b50e19a-0608-434c-a57c-fd719e3bb8bf][nginx]] diff --git a/20231019165534-ftp.org b/20231019165534-ftp.org new file mode 100644 index 0000000..909d99e --- /dev/null +++ b/20231019165534-ftp.org @@ -0,0 +1,19 @@ +:PROPERTIES: +:ID: 7fb31a9c-b252-493f-958b-e2d330047b18 +:END: +#+title: FTP + +The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] to a [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] on a computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]]. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. FTP users may authenticate themselves with a plain-text sign-in [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]], normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]]/[[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]] (FTPS) or replaced with SSH File Transfer Protocol (SFTP). + +The first FTP client applications were [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] programs developed before [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][operating]] systems had graphical user interfaces ([[id:a08570b0-8fe8-45a8-8f60-e45ea6b31a34][GUI]]), and are still shipped with most Windows, Unix, and Linux operating systems. Many dedicated FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]], and FTP has been incorporated into productivity applications such as HTML editors and file managers. + +An FTP client used to be commonly integrated in web browsers, where file servers are browsed with the URI prefix "ftp://". In 2021, FTP support was dropped by Google Chrome and Firefox, two major web browser vendors, due to it being superseded by the more secure SFTP and FTPS; although neither of them have implemented the newer protocols. + +In the command line it works like [[id:422e07f8-c888-460f-849e-76d451946045][ssh]]. + +One can invoke it with the command ~sftp~ as follows: +#+begin_src bash + sftp -p +#+end_src + +You can navigate in the far away [[id:b6d24dd6-285f-4c03-883c-dc77b78c652a][shell]] as you would in your own [[id:4c3c3777-af52-4cde-8d9b-f356701b94c9][terminal]]. If you want to navigate your local host you have to prepend an ~l~ infront of every command. like ~lcd~ to switch lokal folders or ~lls~ to list folder content. diff --git a/20231019183417-protocol.org b/20231019183417-protocol.org new file mode 100644 index 0000000..f3d605d --- /dev/null +++ b/20231019183417-protocol.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: bd5b34ba-aa98-4808-b97b-2376aa7b8866 +:END: +#+title: protocol + +A network protocol is a communication protocol for the exchange of data between computers or processes that are connected to each other in a computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]] (distributed system). The agreement consists of a set of rules and formats (syntax) that determine the communication behaviour of the communicating instances in the computers (semantics). + +The exchange of messages often requires the interaction of different protocols that take on different tasks (for example, Internet protocol family). In order to be able to master the associated complexity, the individual protocols are organised in layers. Within such an architecture, each protocol belongs to a specific layer and is responsible for performing specific tasks (for example, transmitting to a specific node - layer 2). Protocols of higher layers use services of protocols of lower layers (layer 3 forms a logical network and uses layer 2 for physical delivery). Together, the protocols structured in this way form a protocol stack - following the ISO-OSI reference model (see also DoD layer model). Messages ([[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]]) of a certain layer are also called protocol data units. diff --git a/20231019185100-tcp.org b/20231019185100-tcp.org new file mode 100644 index 0000000..8ff2083 --- /dev/null +++ b/20231019185100-tcp.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 0fa93c0d-6741-48cf-8bea-f2519146e4dc +:END: +#+title: TCP + +The Transmission Control Protocol (TCP) is one of the main protocols of the Internet [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] suite. It originated in the initial [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] implementation in which it complemented the Internet Protocol ([[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]]). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, [[id:422e07f8-c888-460f-849e-76d451946045][remote administration]], and file transfer ([[id:7fb31a9c-b252-493f-958b-e2d330047b18][FTP]]) rely on TCP, which is part of the Transport Layer of the TCP/IP suite. [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]]/[[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]] often runs on top of TCP. + +TCP is connection-oriented, and a connection between [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] and [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] is established before data can be sent. The server must be listening (passive open) for connection requests from clients before a connection is established. Three-way handshake (active open), retransmission, and error detection adds to reliability but lengthens latency. Applications that do not require reliable data stream service may use the User Datagram Protocol ([[id:b9c823ff-4cf4-46a0-8654-54bdc7b67d30][UDP]]) instead, which provides a connectionless datagram service that prioritizes time over reliability. TCP employs network congestion avoidance. However, there are vulnerabilities in TCP, including denial of service, connection hijacking, TCP veto, and reset attack diff --git a/20231019185728-udp.org b/20231019185728-udp.org new file mode 100644 index 0000000..eb7ae35 --- /dev/null +++ b/20231019185728-udp.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: b9c823ff-4cf4-46a0-8654-54bdc7b67d30 +:END: +#+title: UDP + +In computer networking, the User Datagram Protocol (UDP) is one of the core communication [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] of the Internet protocol suite ([[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]]) used to send messages (transported as datagrams in [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]]) to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths. + +UDP uses a simple connectionless communication model with a minimum of protocol mechanisms. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues and thus exposes the user's program to any unreliability of the underlying [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]]; there is no guarantee of delivery, ordering, or duplicate protection. If error-correction facilities are needed at the network interface level, an application may instead use Transmission Control Protocol ([[id:0fa93c0d-6741-48cf-8bea-f2519146e4dc][TCP]]) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose. + +UDP is suitable for purposes where error checking and correction are either not necessary or are performed in the application; UDP avoids the overhead of such processing in the protocol stack. Time-sensitive applications often use UDP because dropping packets is preferable to waiting for packets delayed due to retransmission, which may not be an option in a real-time system. + +The protocol was designed by David P. Reed in 1980 and formally defined in RFC 768. diff --git a/20231019190534-tls.org b/20231019190534-tls.org new file mode 100644 index 0000000..59a00b7 --- /dev/null +++ b/20231019190534-tls.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 872ee33b-8361-40c7-9d88-69b3afe5ade2 +:END: +#+title: TLS + +Transport Layer Security (TLS) is a cryptographic [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] designed to provide communications security over a computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]]. The protocol is widely used in applications such as email, instant messaging, and voice over [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]], but its use in securing HTTPS remains the most publicly visible. + +The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificates]], between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. + +The closely related Datagram Transport Layer Security (DTLS) is a communications protocol that provides security to datagram-based applications. In technical writing, references to "(D)TLS" are often seen when it applies to both versions. + +TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the current version is TLS 1.3, defined in August 2018. TLS builds on the now-deprecated [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]] (Secure Sockets Layer) specifications (1994, 1995, 1996) developed by Netscape Communications for adding the HTTPS protocol to their Navigator web browser. diff --git a/20231019191039-ssl.org b/20231019191039-ssl.org new file mode 100644 index 0000000..cd4d25e --- /dev/null +++ b/20231019191039-ssl.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 95c8982d-e104-43a2-9bb2-fd7e1c3204f2 +:END: +#+title: SSL + +Netscape developed the original SSL [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocols]], and Taher Elgamal, chief scientist at Netscape Communications from 1995 to 1998, has been described as the "father of SSL". SSL version 1.0 was never publicly released because of serious security flaws in the protocol. Version 2.0, after being released in February 1995 was quickly found to contain a number of security and usability flaws. It used the same cryptographic keys for message authentication and encryption. It had a weak MAC construction that used the MD5 hash function with a secret prefix, making it vulnerable to length extension attacks. It also provided no protection for either the opening handshake or an explicit message close, both of which meant man-in-the-middle attacks could go undetected. Moreover, SSL 2.0 assumed a single service and a fixed domain [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]], conflicting with the widely used feature of virtual hosting in Web [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]], so most websites were effectively impaired from using SSL. + +These flaws necessitated the complete redesign of the protocol to SSL version 3.0. Released in 1996, it was produced by Paul Kocher working with Netscape engineers Phil Karlton and Alan Freier, with a reference implementation by Christopher Allen and Tim Dierks of Certicom. Newer versions of SSL/[[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]] are based on SSL 3.0. The 1996 draft of SSL 3.0 was published by IETF as a historical document in RFC 6101. + +SSL 2.0 was deprecated in 2011 by RFC 6176. In 2014, SSL 3.0 was found to be vulnerable to the POODLE attack that affects all block ciphers in SSL; RC4, the only non-block cipher supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.[ SSL 3.0 was deprecated in June 2015 by RFC 7568. diff --git a/20231019192337-certificate.org b/20231019192337-certificate.org new file mode 100644 index 0000000..6678e0a --- /dev/null +++ b/20231019192337-certificate.org @@ -0,0 +1,49 @@ +:PROPERTIES: +:ID: e28dfeaa-876b-4255-a25e-dcc0c909d08a +:END: +#+title: certificate + +In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security ([[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]]) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer ([[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]]), is notable for being a part of HTTPS, a protocol for securely browsing the web. + +In a typical public-key infrastructure (PKI) scheme, the certificate issuer is a certificate authority (CA), usually a company that charges customers a fee to issue certificates for them. By contrast, in a web of trust scheme, individuals sign each other's keys directly, in a format that performs a similar function to a public key certificate. In case of key compromise, a certificate may need to be revoked. + +The most common format for public key certificates is defined by X.509. Because X.509 is very general, the format is further constrained by profiles defined for certain use cases, such as Public Key Infrastructure (X.509) as defined in RFC 5280. + +* Types of Certificates +** TLS/SSL server certificate +The Transport Layer Security (TLS) [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] – as well as its outdated predecessor, the Secure Sockets Layer (SSL) protocol – ensures that the communication between a client computer and a server is secure. The protocol requires the server to present a digital certificate, proving that it is the intended destination. The connecting client conducts certification path validation, ensuring that: + +- The subject of the certificate matches the hostname (not to be confused with the domain name) to which the [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] is trying to connect. +- A trusted certificate authority has signed the certificate. + +The Subject field of the certificate must identify the primary hostname of the server as the Common Name. A certificate may be valid for multiple hostnames (e.g., a domain and its subdomains). Such certificates are commonly called Subject Alternative Name (SAN) certificates or Unified Communications Certificates (UCC). These certificates contain the Subject Alternative Name field, though many CAs also put them into the Subject Common Name field for backward compatibility. If some of the hostnames contain an asterisk (*), a certificate may also be called a wildcard certificate. + +Once the certification path validation is successful, the client can establish an encrypted connection with the [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. + +Internet-facing servers, such as public web servers, must obtain their certificates from a trusted, public certificate authority (CA). + +** TLS/SSL client certificate +Client certificates authenticate the client connecting to a TLS service, for instance to provide access control. Because most services provide access to individuals, rather than devices, most client certificates contain an email address or personal name rather than a hostname. In addition, the certificate authority that issues the client certificate is usually the service provider to which client connects because it is the provider that needs to perform authentication. Some service providers even offer free SSL certificates as part of their [[id:fde35a08-897d-4502-aead-1f4414ea639c][packets]]. + +While most web browsers support client certificates, the most common form of authentication on the Internet is a username and password pair. Client certificates are more common in virtual private networks ([[id:1af47b07-4205-46ac-837a-ee078067328a][vpn]]) and Remote Desktop Services, where they authenticate devices. + +** Email certificate +In accordance with the S/[[id:d60f8060-4557-42d5-831d-b68bfb42df59][MIME]] [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]], email certificates can both establish the message integrity and encrypt messages. To establish encrypted email communication, the communicating parties must have their digital certificates in advance. Each must send the other one digitally signed email and opt to import the sender's certificate. + +Some publicly trusted certificate authorities provide email certificates, but more commonly S/MIME is used when communicating within a given organization, and that organization runs its own CA, which is trusted by participants in that email system. + +** Self-signed and root certificates +A self-signed certificate is a certificate with a subject that matches its issuer, and a signature that can be verified by its own public key. + +_Self-signed certificates have their own limited uses. They have full trust value when the issuer and the sole user are the same entity. For example, the Encrypting File System on Microsoft Windows issues a self-signed certificate on behalf of the encrypting user and uses it to transparently decrypt data on the fly. The digital certif_icate chain of trust starts with a self-signed certificate, called a root certificate, trust anchor, or trust [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]]. A certificate authority self-signs a root certificate to be able to sign other certificates._ + +An intermediate certificate has a similar purpose to the root certificate – its only use is to sign other certificates. However, an intermediate certificate is not self-signed. A root certificate or another intermediate certificate needs to sign it. + +An end-entity or leaf certificate is any certificate that cannot sign other certificates. For instance, TLS/SSL server and client certificates, email certificates, code signing certificates, and qualified certificates are all end-entity certificates. + +** other certificates +- EMV certificate: EMV is a payment method based on a technical standard for payment cards, payment terminals and automated teller machines (ATM). EMV payment cards are preloaded with a card issuer certificate, signed by the EMV certificate authority[5] to validate authenticity of the payment card during the payment transaction. +- Code-signing certificate: Certificates can validate apps (or their binaries) to ensure they were not tampered with during delivery. +- Qualified certificate: A certificate identifying an individual, typically for electronic signature purposes. These are most commonly used in Europe, where the eIDAS regulation standardizes them and requires their recognition. +- Role-based certificate: Defined in the X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA), role-based certificates "identify a specific role on behalf of which the subscriber is authorized to act rather than the subscriber’s name and are issued in the interest of supporting accepted business practices."[6] +- Group certificate: Defined in the X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA), for "cases where there are several entities acting in one capacity, and where non-repudiation for transactions is not desired." diff --git a/20231019195514-opnsense.org b/20231019195514-opnsense.org new file mode 100644 index 0000000..ecdb152 --- /dev/null +++ b/20231019195514-opnsense.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 10f654fc-489e-4e86-bc20-6448f7ee0b90 +:END: +#+title: opnsense + +OPNsense is an open source, FreeBSD-based [[id:b9047be5-edca-4eca-8bac-c45e03373942][Firewall]] and [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][routing]] software developed by Deciso, a company in the Netherlands that makes [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]] and sells support packages for OPNsense. It is a fork of pfSense, which in turn was forked from m0n0wall built on FreeBSD. It was launched in January 2015. When m0n0wall closed down in February 2015 its creator, Manuel Kasper, referred its developer community to OPNsense. + +OPNsense has a web-based interface and can be used on the x86-64 platform. Along with acting as a firewall, it has [[id:20efb455-5575-4b8b-857f-7c337bee644c][traffic]] shaping, [[id:96c1f3b2-5f11-4cbc-8ed9-71a165026e29][load]] balancing, and virtual private network ([[id:1af47b07-4205-46ac-837a-ee078067328a][vpn]]) capabilities, and others can be added via plugins. OPNsense offers next-generation firewall capabilities utilizing Zenarmor, a NGFW plugin developed by OPNsense partner Sunny Valley Networks. + +It is installed on the [[id:adc016f2-a660-47d7-8974-16b74a02bcbf][Protectli]] as firewall and router. diff --git a/20231020090140-bind9_docker.org b/20231020090140-bind9_docker.org new file mode 100644 index 0000000..f0e9ac0 --- /dev/null +++ b/20231020090140-bind9_docker.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 7eca198f-3e97-4f29-a0f7-01498e71d132 +:END: +#+title: bind9-docker + +A [[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]] [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] for managing a [[id:80666401-173e-4828-9c29-552dab716946][dns]] [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. diff --git a/20231020090450-kasm_container_deployment.org b/20231020090450-kasm_container_deployment.org new file mode 100644 index 0000000..b4c2eea --- /dev/null +++ b/20231020090450-kasm_container_deployment.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 85af8e8c-0dc0-4855-9f63-d4d00e2cd27f +:END: +#+title: Kasm-container-deployment + +Kasm Workspaces provides browser-based access to on-demand [[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]]ized desktops and applications. diff --git a/20231020090807-docker_logs.org b/20231020090807-docker_logs.org new file mode 100644 index 0000000..50c1daf --- /dev/null +++ b/20231020090807-docker_logs.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 6d2e40f4-f8c5-43fe-afd3-8c253a080e43 +:END: +#+title: docker-logs + +[[id:936191f2-696b-4d9a-96ad-c8449778ae26][container]] for watching docker logs via web user interface. diff --git a/20231020110333-flame_docker.org b/20231020110333-flame_docker.org new file mode 100644 index 0000000..660a4e4 --- /dev/null +++ b/20231020110333-flame_docker.org @@ -0,0 +1,32 @@ +:PROPERTIES: +:ID: 86371601-9aa6-4568-8063-ccd9f6d2ace3 +:END: +#+title: flame-docker + +Flame is self-hosted ([[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]]) startpage for your [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]]. Its design is inspired (heavily) by SUI. Flame is very easy to setup and use. With built-in editors, it allows you to setup your very own application hub in no time - no file editing necessarya. Should be deployed only in [[id:4afb1f41-983a-4b54-9828-a1e3788eb28b][portainer-docker]] with a [[id:98642623-d85a-432c-90d5-bfff7ead8c7b][proxy]] (e.g. [[id:90e3b8a2-b523-4044-af6f-fd4a559b2d7f][traefik_docker]]). + +* [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] +#+begin_src + version: '3.6' + +services: + flame: + image: pawelmalak/flame + container_name: flame + volumes: + - /path/to/host/data:/app/data + - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration + ports: + - 5005:5005 + secrets: + - password # optional but required for (1) + environment: + - PASSWORD=flame_password + - PASSWORD_FILE=/run/secrets/password # optional but required for (1) + restart: unless-stopped + +# optional but required for Docker secrets (1) +secrets: + password: + file: /path/to/secrets/password +#+end_src diff --git a/20231020110949-cryptgeon_docker.org b/20231020110949-cryptgeon_docker.org new file mode 100644 index 0000000..011cbee --- /dev/null +++ b/20231020110949-cryptgeon_docker.org @@ -0,0 +1,40 @@ +:PROPERTIES: +:ID: dbeeedc0-8a64-43f3-84a6-397e3ecb5e70 +:END: +#+title: cryptgeon-docker + +cryptgeon is a secure, open source sharing note or file service inspired by PrivNote. It includes a [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] ([[id:df046fd7-1f82-4e12-9065-56d222f56408][docker]]), a web page and a [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]]. each note has a generated id (256bit) and key 256(bit). The id is used to save & retrieve the note. the note is then encrypted with aes in gcm mode on the client side with the key and then sent to the server. data is stored in memory and never persisted to disk. the server never sees the encryption key and cannot decrypt the contents of the notes even if it tried to. + +* [[id:fcbfabfa-4a8c-4826-8b57-5dce05965c76][docker-compose]] +#+begin_src + # docker-compose.yml + +version: '3.8' + +services: + redis: + image: redis:7-alpine + # Set a size limit. See link below on how to customise. + # https://redis.io/docs/manual/eviction/ + # command: redis-server --maxmemory 1gb --maxmemory-policy allkeys-lru + + app: + image: cupcakearmy/cryptgeon:latest + depends_on: + - redis + environment: + # Size limit for a single note. + SIZE_LIMIT: 4 MiB + ports: + - 80:8000 + + # Optional health checks + # healthcheck: + # test: ["CMD", "curl", "--fail", "http://127.0.0.1:8000/api/live/"] + # interval: 1m + # timeout: 3s + # retries: 2 + # start_period: 5s +#+end_src + + diff --git a/20231108113539-self_signed_certificates.org b/20231108113539-self_signed_certificates.org new file mode 100644 index 0000000..23e97f7 --- /dev/null +++ b/20231108113539-self_signed_certificates.org @@ -0,0 +1,114 @@ +:PROPERTIES: +:ID: eff86d3a-1ae2-4b92-8c6d-c87c16553253 +:END: +#+title: self_signed_certificates + +X.509 is an ITU standard defining the format of public key [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificates]]. X.509 are used in [[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]]/[[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]], which is the basis for HTTPS. An X.509 certificate binds an identity to a public key using a digital signature. A certificate contains an identity (hostname, organization, etc.) and a public key (RSA, DSA, ECDSA, ed25519, etc.), and is either signed by a Certificate Authority or is Self-Signed. + +* Self signed certificates +Here is how you can generate a self signed certificate +** generate [[id:89d22755-3547-4b92-8933-c31aa3f9cb12][certificate_authority]] (a Cert without branding) + +First you need to generate a [[id:23a9283c-0afe-43d6-bc31-2e7bd838b2de][RSA]] +#+begin_src bash + openssl genrsa -aes256 -out ca-key.pem 4096 +#+end_src + +Then a public CA cert has to be gereated +#+begin_src bash + openssl req -new -x509 -sha256 -days 365 -key ca-key.pem -out ca.pem +#+end_src + +The content of those can be viewed with the commands +#+begin_src bash + openssl x509 -in ca.pem -text + openssl x509 -in ca.pem -purpose -noout -text +#+end_src + +** generate the Certificate + +To generate an actual certificate for your website you also need to generate an RSA Key +#+begin_src bash + openssl genrsa -out cert-key.pem 4096 +#+end_src + +but this time you create a certificate signing request ([[id:f2991e03-0c05-490e-a0d1-dda24c7e58e6][CSR]]) +#+begin_src bash + openssl req -new -sha256 -subj "/CN=yourcn" -key cert-key.pem -out cert.csr +#+end_src + +You then need to create an ~extfile~ with all the elternating names of your domain +#+begin_src bash + echo "subjectAltName=DNS:your-dns.record,IP:257.10.10.1" >> extfile.cnf +#+end_src + +With that you can then create the actual branded certificate +#+begin_src bash + openssl x509 -req -sha256 -days 365 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial +#+end_src + +There are different certificate Formats that can be used and those can be converted into each other. X.509 Certificates exist in Base64 Formats PEM (.pem, .crt, .ca-bundle), PKCS#7 (.p7b, p7s) and Binary Formats DER (.der, .cer), PKCS#12 (.pfx, p12). +*** PEM to DER +#+begin_src bash + openssl x509 -outform der -in cert.pem -out cert.der +#+end_src +*** DER to PEM +#+begin_src bash + openssl x509 -inform der -in cert.der -out cert.pem +#+end_src +*** PFX to PEM +#+begin_src bash + openssl pkcs12 -in cert.pfx -out cert.pem -nodes +#+end_src + +** Validate a Certificate +To verify a Certificate try the following code: +#+begin_src bash + openssl verify -CAfile ca.pem -verbose cert.pem +#+end_src + +* Install a CA Cert as a trusted root CA +For a computer to trust a self signed certificate or a CA the certificate needs to be installed as a trusted root cert on the computer itself. In this way a Self signed cert can be used to secure a self hosted service without using public trusted CA (In an corporal environment or a private [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetwork]] and offline). + +First move the generated CA certificate (here ~ca.pem~) into [[/usr/local/share/ca-certificates/ca.crt]]. +Then you need to update the cert store: + +#+begin_src bash + sudo update-ca-certificates +#+end_src + +** On [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] +Here you need to implement it system wide with the following commands: +#+begin_src bash + sudo trust anchor --store myCA.crt +#+end_src + +The certificate will be written to ~/etc/ca-certificates/trust-source/myCA.p11-kit~ and the "legacy" directories automatically updated. +If you get "no configured writable location" or a similar error, import the CA manually: +Copy the certificate to the ~/etc/ca-certificates/trust-source/anchors~ directory. +and then: +#+begin_src bash + sudo update-ca-trust +#+end_src + +** On Windows +Assuming the path to your generated CA certificate as ~C:\ca.pem~, run: +#+begin_src bash + Import-Certificate -FilePath "C:\ca.pem" -CertStoreLocation Cert:\LocalMachine\Root +#+end_src + +Set ~-CertStoreLocation~ to ~Cert:\CurrentUser\Root~ in case you want to trust certificates only for the logged in user. Or in the command prompt run: + +#+begin_src bash + certutil.exe -addstore root C:\ca.pem +#+end_src + +** On Android +The exact steps vary device-to-device, but here is a generalised guide: +- Open Phone Settings +- Locate Encryption and Credentials section. It is generally found under ~Settings > Security > Encryption and Credentials~ +- Choose ~Install a certificate~ +- Choose ~CA Certificate~ +- Locate the certificate file ~ca.pem~ on your SD Card/Internal Storage using the file manager. +- Select to load it. +- Done! diff --git a/20231108113926-rsa.org b/20231108113926-rsa.org new file mode 100644 index 0000000..c8926fc --- /dev/null +++ b/20231108113926-rsa.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 23a9283c-0afe-43d6-bc31-2e7bd838b2de +:END: +#+title: RSA + +When someone refers to an RSA certificate, what they’re talking about is an [[id:95c8982d-e104-43a2-9bb2-fd7e1c3204f2][SSL]] [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]] that uses the RSA algorithm for digital signatures and/or data encryption. + +RSA (Rivest–Shamir–Adleman) is a cryptographic algorithm that encrypts and decrypts the data. Invented in the year 1978, RSA was named after Rivest, Shamir, and Adleman – the mathematicians who invented it. + +The fundamental function of an RSA certificate is to use the RSA algorithm for data encryption. In simpler words, it turns the data into an undecipherable format so that no one can see what the original data was, let alone tamper with it. This way, it solves the significant problem of secure communication. Such secure communication, at the time of the invention of the RSA certificate, was needed primarily in the military. But today, it’s required everywhere because of the proliferation of the internet and ecommerce. RSA certificates are most widely used with the asymmetric encryption algorithm. diff --git a/20231108114230-certificate_authority.org b/20231108114230-certificate_authority.org new file mode 100644 index 0000000..46a3b63 --- /dev/null +++ b/20231108114230-certificate_authority.org @@ -0,0 +1,23 @@ +:PROPERTIES: +:ID: 89d22755-3547-4b92-8933-c31aa3f9cb12 +:END: +#+title: certificate_authority + +In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]]. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard. + +One particularly common use for certificate authorities is to sign certificates used in HTTPS, the secure browsing [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocol]] for the World Wide Web. Another common use is in issuing identity cards by national governments for use in electronically signing documents. + +* Overview +Trusted certificates can be used to create secure connections to a [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] via the Internet. A certificate is essential in order to circumvent a malicious party which happens to be on the route to a target server which acts as if it were the target. Such a scenario is commonly referred to as a man-in-the-middle attack. The [[id:70899526-8b7d-4976-94fc-cc07c41e550a][client]] uses the CA certificate to authenticate the CA signature on the server certificate, as part of the authorizations before launching a secure connection. Usually, client software—for example, browsers—include a set of trusted CA certificates. This makes sense, as many users need to trust their client software. A malicious or compromised client can skip any security check and still fool its users into believing otherwise. + +The clients of a CA are server supervisors who call for a certificate that their servers will bestow to users. Commercial CAs charge money to issue certificates, and their customers anticipate the CA's certificate to be contained within the majority of web browsers, so that safe connections to the certified servers work efficiently out-of-the-box. The quantity of internet browsers, other devices and applications which trust a particular certificate authority is referred to as ubiquity. Mozilla, which is a non-profit business, issues several commercial CA certificates with its products. While Mozilla developed their own policy, the CA/Browser Forum developed similar guidelines for CA trust. A single CA certificate may be shared among multiple CAs or their resellers. A root CA certificate may be the base to issue multiple intermediate CA certificates with varying validation requirements. + +In addition to commercial CAs, some non-profits issue publicly-trusted digital certificates without charge, for example Let's Encrypt. Some large cloud computing and web hosting companies are also publicly-trusted CAs and issue certificates to services hosted on their infrastructure, for example IBM Cloud, Amazon Web Services, Cloudflare, and Google Cloud Platform. + +Large organizations or government bodies may have their own PKIs (public key infrastructure), each containing their own CAs. Any site using self-signed certificates acts as its own CA. + +Commercial banks that issue EMV payment cards are governed by the EMV Certificate Authority, payment schemes that route payment transactions initiated at Point of Sale Terminals (POS) to a Card Issuing Bank to transfer the funds from the card holder's bank account to the payment recipient's bank account. Each payment card presents along with its card data also the Card Issuer Certificate to the POS. The Issuer Certificate is signed by EMV CA Certificate. The POS retrieves the public key of EMV CA from its storage, validates the Issuer Certificate and authenticity of the payment card before sending the payment request to the payment scheme. + +Browsers and other clients of sorts characteristically allow users to add or do away with CA certificates at will. While server certificates regularly last for a relatively short period, CA certificates are further extended,[6] so, for repeatedly visited servers, it is less error-prone importing and trusting the CA issued, rather than confirm a security exemption each time the server's certificate is renewed. + +Less often, trustworthy certificates are used for encrypting or signing messages. CAs dispense end-user certificates too, which can be used with S/MIM. However, encryption entails the receiver's public key and, since authors and receivers of encrypted messages, apparently, know one another, the usefulness of a trusted third party remains confined to the signature verification of messages sent to public mailing lists. diff --git a/20231108115553-csr.org b/20231108115553-csr.org new file mode 100644 index 0000000..60d540e --- /dev/null +++ b/20231108115553-csr.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: f2991e03-0c05-490e-a0d1-dda24c7e58e6 +:END: +#+title: CSR + +In public key infrastructure (PKI) systems, a certificate signing request (CSR or certification request) is a message sent from an applicant to a [[id:89d22755-3547-4b92-8933-c31aa3f9cb12][certificate_authority]] of the public key infrastructure (PKI) in order to apply for a digital identity [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]]. The CSR usually contains the public key for which the certificate should be issued, identifying information (such as a domain name) and a proof of authenticity including integrity protection (e.g., a digital signature). The most common format for CSRs is the PKCS 10 specification; others include the more capable Certificate Request Message Format (CRMF) and the SPKAC (Signed Public Key and Challenge) format generated by some web browsers. + +* procedure +Before creating a CSR for an X.509 certificate, the applicant first generates a key pair, keeping the private key of that pair secret. The CSR contains information identifying the applicant (such as a distinguished name), the public key chosen by the applicant, and possibly further information. When using the PKCS 10 format, the request must be [[id:eff86d3a-1ae2-4b92-8c6d-c87c16553253][self_signed_certificate]] using the applicant's private key, which provides proof-of-possession of the private key but limits the use of this format to keys that can be used for signing. The CSR should be accompanied by a proof of origin (i.e., proof of identity of the applicant) that is required by the certificate authority, and the certificate authority may contact the applicant for further information. + +Typical information required in a CSR (sample column from sample X.509 certificate). Note that there are often alternatives for the Distinguished Names (DN), the preferred value is listed. diff --git a/20240130100919-grub.org b/20240130100919-grub.org new file mode 100644 index 0000000..c377313 --- /dev/null +++ b/20240130100919-grub.org @@ -0,0 +1,66 @@ +:PROPERTIES: +:ID: 8bb1d9f4-59ef-4756-88a4-87744bc35877 +:END: +#+title: grub + +GNU GRUB (short for GNU GRand Unified [[id:350dc0ac-ea0b-4b2b-a345-7020614ec4df][boot loader]], commonly referred to as GRUB) is a boot loader package from the GNU Project. GRUB is the reference implementation of the Free Software Foundation's Multiboot Specification, which provides a user the choice to boot one of multiple [[id:3cc7bb7e-9fa2-4f29-89fe-f3aa92241dc5][operating_systems]] installed on a computer or select a specific [[id:33388695-657c-44a2-8359-c7b6137233d0][kernel]] configuration available on a particular operating system's partitions. + +[[id:3568ab93-4b7a-4171-9830-100e01d94a66][GNU]] was developed from a package called the Grand Unified Bootloader (a play on Grand Unified Theory). It is predominantly used for Unix-like systems. + +* Booting +When a computer is turned on, its [[id:7c2d8495-d2a0-4b8a-a8c7-ec1eb4df86f8][BIOS]] finds the primary bootable device (usually the computer's hard disk) and runs the initial bootstrap program from the master boot record (MBR). The MBR is the first sector of the hard disk. This bootstrap program must be small because it has to fit in a single sector. For a long time, the size of a sector has been 512 bytes. Since 2009 there are hard disks available with a sector size of 4096 bytes, called Advanced Format disks, but as of October 2013, such hard disks are still accessed in 512-byte sectors, using the 512e emulation. The legacy MBR partition table supports a maximum of four partitions and occupies 64 bytes, combined. Together with the optional disk signature (four bytes) and disk timestamp (six bytes), this leaves between 434 and 446 bytes available for the machine code of a boot loader. Although such a small space can be sufficient for very simple boot loaders, it is not big enough to contain a boot loader supporting complex and multiple file systems, menu-driven selection of boot choices, etc. Boot loaders with bigger footprints are therefore split into pieces, where the smallest piece fits in the MBR, while one or more larger pieces are stored in other locations such as empty sectors between the MBR and the first partition. The code in the MBR then does little more than starting the second part. + +The purpose of the remaining part(s) of the boot loader is to actually boot an operating system by configuring it and starting the kernel. Kernels are in most cases stored as files residing on appropriate file systems, but the concept of a file system is unknown to the BIOS. Thus, in BIOS-based systems, the duty of a boot loader is to access the content of those files, so it can be loaded into the RAM and executed. + +One possible approach for boot loaders is to load kernel images by directly accessing hard disk sectors without understanding the underlying file system. Usually, an additional level of indirection is required, in form of maps or map files – auxiliary files that contain a list of physical sectors occupied by kernel images. Such maps need to be updated each time a kernel image changes its physical location on disk, due to installing new kernel images, file system defragmentation, etc. Also, in case of the maps changing their physical location, their locations need to be updated within the boot loader's MBR code, so the sectors indirection mechanism continues to work. This is not only cumbersome, but it also leaves the system in need of manual repairs in case something goes wrong during system updates. + +Another approach is to make a boot loader aware of the underlying file systems, so kernel images are configured and accessed using their actual file paths. That requires a boot loader to contain a driver for each of the supported file systems, so they can be understood and accessed by the boot loader itself. This approach eliminates the need for hardcoded locations of hard disk sectors and existence of map files, and does not require MBR updates after kernel images are added or moved around. The configuration of a boot loader is stored in a regular file, which is also accessed in a file system-aware way to obtain boot configurations before the actual booting of any kernel images. Thus, fewer things can go wrong during system updates. As a downside, such boot loaders are larger and more complex. + +[[id:3568ab93-4b7a-4171-9830-100e01d94a66][GNU]] GRUB uses the second approach, by understanding the underlying file systems. The boot loader itself is split into multiple stages so that it fits in the MBR boot scheme. + +Two major versions of GRUB are in common use: GRUB version 1, called GRUB legacy, is only prevalent in older releases of [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] distributions. GRUB 2 was written from scratch and intended to replace its predecessor, and is now used by a majority of Linux distributions. + +* Startup on Systems using UEFI firmware +** ~/efi//grubx64.efi~ (for x64 UEFI systems) is installed as a file in the EFI System Partition, and booted by the firmware directly, without a boot.img in MBR sector 0. This file is like stage1 and stage1.5. +* To Fix the shim lock symbol not found grub error: +** Insert and Boot from a Linux stick +** go to a [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] and : +To do that find the device that holds the file system information: +Type ~lsblk~ which gives you output similar to: +#+begin_src bash + NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS + + sda 8:32 0 28,5G 0 disk + └─sda1 8:34 0 38,5G 0 part /run/archiso/... # <- This is the usb drive + + sdb 8:32 0 238,5G 0 disk + ├─sdb1 8:33 0 300M 0 part # <- This is the Efi boot record + └─sdb2 8:34 0 238,2G 0 part # <- This is the root file System of the underlying pc + +#+end_src +If the ~lsblk~ command does not list your drive, make sure it is functioning properly. If the drive works it could be that the BIOS list the drive in raid mode. Deactivate the raid mode for the drive in the BIOS and reboot the system. + +Before you can use your System to fix the error you have to mount the underlying [[id:673d1cb1-536b-42f1-a046-40a8937c4283][root]] file system. +#+begin_src bash + sudo mount /dev/sdb2/ /mnt/ # <- sdb2 is your root file system +#+end_src + +If that does not give you an error proceed with mounting the boot partition: +#+begin_src bash + sudo mount /dev/sdb1/ /mnt/boot/efi/ # <- sdb1 is your boot partition +#+end_src + +It is important to note that the device you want to mount has to be prefixed with the path ~/dev/~ otherwise it cannot be found by the system. If that also does not prompt you with an error you can proceed to change the root directory with [[id:065cec59-82f7-42a5-bcb0-fef56004de40][arch-chroot]]. + +#+begin_src bash + sudo arch-chroot /mnt/ +#+end_src + +The shim lock error is caused by an update of grub, that moves the grubx64.efi file to a new location that is not yet known by the bios. Therfore a downgrade of the grub version does not work because it does not change the file location back to its original position. So in order to fix the issue you have to notice the BIOS of the new grub boot file location. To do that use the command: +#+begin_src bash + sudo efibootmgr --create --disk /dev/sdb --part 1 --label "Name of boot entry" --loader \\EFI\\\\grubx64.efi + # the disk lets the BIOS know in which part of the drive (partition) it should look + # note the double backslash (\\) "windows" notation +#+end_src + +If that gives you no error proceed and type ~exit~ to leave the chroot. After that reboot the system and remove the usb drive. diff --git a/20240130101439-bootloader.org b/20240130101439-bootloader.org new file mode 100644 index 0000000..abe8b6c --- /dev/null +++ b/20240130101439-bootloader.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 350dc0ac-ea0b-4b2b-a345-7020614ec4df +:END: +#+title: boot_loader + +A bootloader, also spelled as boot loader or called bootstrap loader, is a computer program that is responsible for booting a computer. If it also provides an interactive menu with multiple boot choices then it's often called a boot manager. + +When a computer is turned off, its software‍—‌including [[id:3cc7bb7e-9fa2-4f29-89fe-f3aa92241dc5][operating_systems]], application code, and data ‍—‌remains stored on non-volatile memory. When the computer is powered on, it typically does not have an operating system or its loader in random-access memory (RAM). The computer first executes a relatively small program stored in read-only memory (ROM, and later EEPROM, NOR flash) along with some needed data, to initialize RAM (especially on x86 systems), to access the nonvolatile device (usually block device, e.g., NAND flash) or devices from which the operating system programs and data can be loaded into RAM. + +Some earlier computer systems, upon receiving a boot signal from a human operator or a peripheral device, may load a very small number of fixed instructions into memory at a specific location, initialize at least one CPU, and then point the CPU to the instructions and start their execution. These instructions typically start an input operation from some peripheral device (which may be switch-selectable by the operator). Other systems may send [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]] commands directly to peripheral devices or I/O controllers that cause an extremely simple input operation (such as "read sector zero of the system device into memory starting at location 1000") to be carried out, effectively loading a small number of boot loader instructions into memory; a completion signal from the I/O device may then be used to start execution of the instructions by the CPU. + +Smaller computers often use less flexible but more automatic boot loader mechanisms to ensure that the computer starts quickly and with a predetermined software configuration. In many desktop computers, for example, the bootstrapping process begins with the CPU executing software contained in ROM (for example, the BIOS of an IBM PC or an IBM PC compatible) at a predefined address (some CPUs, including the Intel x86 series, are designed to execute this software after reset without outside help). This software contains rudimentary functionality to search for devices eligible to participate in booting, and load a small program from a special section (most commonly the boot sector) of the most promising [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][device]], typically starting at a fixed entry point such as the start of the sector. diff --git a/20240130101659-operating_system.org b/20240130101659-operating_system.org new file mode 100644 index 0000000..043ec5d --- /dev/null +++ b/20240130101659-operating_system.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 3cc7bb7e-9fa2-4f29-89fe-f3aa92241dc5 +:END: +#+title: operating_system + +An operating system (OS) is system software that manages computer [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]] and software resources, and provides common services for computer programs. + +Time-sharing operating systems schedule tasks for efficient use of the system and may also include accounting software for cost allocation of processor time, mass storage, peripherals, and other resources. + +For hardware functions such as input and output and memory allocation, the operating system acts as an intermediary between programs and the computer hardware, although the application code is usually executed directly by the hardware and frequently makes system calls to an OS function or is interrupted by it. Operating systems are found on many devices that contain a computer – from cellular phones and video game consoles to web [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] and supercomputers. + +In the personal computer market, as of September 2023, Microsoft Windows holds a dominant market share of around 68%. macOS by Apple Inc. is in second place (20%), and the varieties of [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Linux]] , including ChromeOS, are collectively in third place (7%). In the mobile sector (including smartphones and tablets), as of September 2023, Android's share is 68.92%, followed by Apple's iOS and iPadOS with 30.42%, and other operating systems with .66%. Linux distributions are dominant in the server and supercomputing sectors. Other specialized classes of operating systems (special-purpose operating systems), such as embedded and real-time systems, exist for many applications. Security-focused operating systems also exist. Some operating systems have low system requirements (e.g. light-weight Linux distribution). Others may have higher system requirements. diff --git a/20240130103600-gnu.org b/20240130103600-gnu.org new file mode 100644 index 0000000..f50db78 --- /dev/null +++ b/20240130103600-gnu.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 3568ab93-4b7a-4171-9830-100e01d94a66 +:END: +#+title: GNU + +The GNU Project is a free software, mass collaboration project announced by Richard Stallman on September 27, 1983. Its goal is to give computer users freedom and control in their use of their computers and computing devices by collaboratively developing and publishing software that gives everyone the rights to freely run the software, copy and distribute it, study it, and modify it. GNU software grants these rights in its license. + +In order to ensure that the entire software of a computer grants its users all freedom rights (use, share, study, modify), even the most fundamental and important part, the [[id:3cc7bb7e-9fa2-4f29-89fe-f3aa92241dc5][operating_system]] (including all its numerous utility programs) needed to be free software. Stallman decided to call this operating system GNU (a recursive acronym meaning "GNU's not Unix!"), basing its design on that of Unix, a proprietary operating system. According to its manifesto, the founding goal of the project was to build a free operating system, and if possible, "everything useful that normally comes with a Unix system so that one could get along without any software that is not free." Development was initiated in January 1984. In 1991, the [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] [[id:33388695-657c-44a2-8359-c7b6137233d0][kernel]] appeared, developed outside the GNU project by Linus Torvalds, and in December 1992 it was made available under version 2 of the GNU General Public License. Combined with the operating system utilities already developed by the GNU project, it allowed for the first operating system that was free software, commonly known as Linux. diff --git a/20240130104116-bios.org b/20240130104116-bios.org new file mode 100644 index 0000000..eb9cc5a --- /dev/null +++ b/20240130104116-bios.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 7c2d8495-d2a0-4b8a-a8c7-ec1eb4df86f8 +:END: +#+title: BIOS + +In computing, BIOS; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS is firmware used to provide runtime services for [[id:3cc7bb7e-9fa2-4f29-89fe-f3aa92241dc5][operating_systems]] and programs and to perform [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]] initialization during the booting process (power-on startup). The BIOS firmware comes pre-installed on an IBM PC or IBM PC compatible's system board and exists in some [[id:f5cbf26b-cfea-4db4-ab6f-6d83235f0d11][UEFI]]-based systems to maintain compatibility with operating systems that do not support UEFI native operation. The name originates from the Basic Input/Output System used in the CP/M operating system in 1975. The BIOS originally proprietary to the IBM PC has been reverse engineered by some companies (such as Phoenix Technologies) looking to create compatible systems. The interface of that original system serves as a de facto standard. + +The BIOS in modern PCs initializes and tests the system hardware components (Power-on self-test), and loads a [[id:350dc0ac-ea0b-4b2b-a345-7020614ec4df][boot_loader]] from a mass storage device which then initializes a [[id:33388695-657c-44a2-8359-c7b6137233d0][kernel]]. In the era of DOS, the BIOS provided BIOS interrupt calls for the keyboard, display, storage, and other input/output (I/O) devices that standardized an interface to application programs and the operating system. More recent operating systems do not use the BIOS interrupt calls after startup. + +Most BIOS implementations are specifically designed to work with a particular computer or motherboard model, by interfacing with various devices especially system chipset. Originally, BIOS firmware was stored in a ROM chip on the PC motherboard. In later computer systems, the BIOS contents are stored on flash memory so it can be rewritten without removing the chip from the motherboard. This allows easy, end-user updates to the BIOS firmware so new features can be added or bugs can be fixed, but it also creates a possibility for the computer to become infected with BIOS rootkits. Furthermore, a BIOS upgrade that fails could brick the motherboard. The last version of Microsoft Windows to officially support running on PCs which use legacy BIOS firmware is Windows 10 as Windows 11 requires a UEFI-compliant system. diff --git a/20240130104333-uefi.org b/20240130104333-uefi.org new file mode 100644 index 0000000..777a10b --- /dev/null +++ b/20240130104333-uefi.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: f5cbf26b-cfea-4db4-ab6f-6d83235f0d11 +:END: +#+title: UEFI + +Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for [[id:350dc0ac-ea0b-4b2b-a345-7020614ec4df][booting]] the computer [[id:01ec5ed6-a234-4063-994b-174f704bb28a][hardware]] and its interface for interaction with the [[id:3cc7bb7e-9fa2-4f29-89fe-f3aa92241dc5][operating_system]]. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the [[id:7c2d8495-d2a0-4b8a-a8c7-ec1eb4df86f8][BIOS]] which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10 (the final release of EFI). + +UEFI is independent of platform and programming language, but C is used for the reference implementation TianoCore EDKII. + +Contrary to its predecessor BIOS which is a de facto standard originally created by IBM as proprietary software, UEFI is an open standard maintained by an industry consortium. + diff --git a/20240130122737-elpy.org b/20240130122737-elpy.org new file mode 100644 index 0000000..10e25ea --- /dev/null +++ b/20240130122737-elpy.org @@ -0,0 +1,59 @@ +:PROPERTIES: +:ID: 33d3052d-e679-415d-98fa-56e210555539 +:END: +#+title: elpy + +Elpy is an [[id:5f1df0e1-384f-4685-ae1e-fec2431b04e5][emacs]] [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package]] to bring powerful [[id:ba15b77e-e9a2-4a21-b63f-b9b350ec811a][python]] editing to Emacs. It combines and configures a number of other packages, both written in Emacs Lisp as well as Python. Elpy is fully documented at [[https://elpy.readthedocs.io/en/latest/index.html][Readthedocs]] + +* Installation +Elpy is available on [[id:79bae242-a2b4-4753-9960-1f929c8c6300][melpa]], the most straightforward way to install it is to use use-package: +#+begin_src lisp + (use-package elpy + :ensure t + :init + (elpy-enable)) +#+end_src + +* Quickstart +Once installed, Elpy will automatically provide code completion, syntax error highlighting and code hinting (in the modeline) for python files. Elpy offers a lot of features, but the following keybindings should be enough to get started: +** ~C-c C-C~ +evaluates the current python script (or region if something is selected) in an interactive python shell. The python shell is automatically displayed aside of your script. +** ~C-Ret~ +evaluates the current statement (current line plus the following nested lines). +** ~C-c C-z~ +switches between your script and the interactive shell. +** ~C-c C-d~ +displays documentation for the thing under cursor. The documentation will pop in a different buffer, that can be closed with ~q~. + +* Emacs implementation +#+begin_src lisp +(use-package elpy + :ensure t + :hook ((elpy-mode . flycheck-mode) + (elpy-mode . (lambda () + (set (make-local-variable 'company-backends) + '((elpy-company-backend :with company-yasnippet)))))) + :init + (elpy-enable) + :config + (setq elpy-modules (delq 'elpy-module-flymake elpy-modules)) + (setq elpy-shell-echo-output nil) + (setq elpy-shell-echo-input nil) + (setq elpy-rpc-python-command "python3") + (setq elpy-rpc-timeout 2)) + +(when (require 'flycheck nil t) + (setq elpy-modules (delq 'elpy-module-flymake elpy-modules)) + (define-key elpy-mode-map (kbd "C-c p") 'flycheck-previous-error) + (define-key elpy-mode-map (kbd "C-c n") 'flycheck-next-error) + (add-hook 'elpy-mode-hook 'flycheck-mode)) +#+end_src + +In addition to that there is an entry in thea visual fill function for elpy: +#+begin_src lisp +(use-package visual-fill-column + :hook ((org-mode . diz/org-mode-visual-fill) + (matlab-mode . diz/org-mode-visual-fill) + (elpy-mode . diz/pyth-mode-visual-fill) # <- This line + (python-mode . diz/pyth-mode-visual-fill))) # <- and this one +#+end_src diff --git a/20240131150000-zyxel.org b/20240131150000-zyxel.org new file mode 100644 index 0000000..3e93e7c --- /dev/null +++ b/20240131150000-zyxel.org @@ -0,0 +1,21 @@ +:PROPERTIES: +:ID: 85767dac-220f-4ca2-83cd-108ffecce62f +:END: +#+title: zyxel + +A managed [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetwork]] [[id:dd78168d-152c-4aca-a02b-6be0c950920d][switch]]. + +* Installation +Connect a [[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]] [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]] of your zyxel to a [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][router]]. Login to the web interface using the [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] given by the router over [[id:06b466a8-05ae-4bbd-820d-2d80461767fd][DHCP]]. The standard credentials are admin and password 1234. + +Change the admin password. + +** Getting startet +Click on the getting startet Tab and insert your information. Change the host name to your liking. +_IMPORTANT:_ Set the IP address as given by your router, do not change it to another IP yet. Otherwise you wont be able to connect to the zyxel web interface. Set The Adress aof your network [[id:d1d940e1-2ddb-405a-8876-2480bdcab749][gateway]] (first adress in your IP range). + +* Creating vlan acces +** Click on create vlan and set up a vlan ID that fits to your needs. +** Drag the Port that comes from your router into the 'Tagged' segment and the Ports that your computer connects to in the 'Untagged', otherwise the vlan Tags get stripped before the connection reaches the PC +** Click again on the configure Tab and seleckt Ports on the interface and change the PVID from 1 to your vlan ID +** _Important:_ Save the configuration diff --git a/20240202102841-netmask.org b/20240202102841-netmask.org new file mode 100644 index 0000000..e625fad --- /dev/null +++ b/20240202102841-netmask.org @@ -0,0 +1,16 @@ +:PROPERTIES: +:ID: 2adb9518-1918-4799-979e-02843de79dec +:END: +#+title: netmask + +A subnetwork or subnet is a logical subdivision of an [[id:f055acfb-05dd-4228-a92a-356240b8c975][IP]] [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetwork]]. The practice of dividing a network into two or more networks is called subnetting. + +Computers that belong to the same subnet are addressed with an identical group of its most-significant bits of their IP addresses. This results in the logical division of an IP address into two fields: the network number or [[id:d2ff2e45-e1de-4cca-9b59-dfc3ee6afa6f][routing]] prefix, and the rest field or host identifier. The rest field is an identifier for a specific host or network interface. + +The routing prefix may be expressed as the first address of a network, written in Classless Inter-Domain Routing (CIDR) notation, followed by a slash character (/), and ending with the bit-length of the prefix. For example, 198.51.100.0/24 is the prefix of the Internet Protocol version 4 network starting at the given address, having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing. Addresses in the range 198.51.100.0 to 198.51.100.255 belong to this network, with 198.51.100.255 as the subnet broadcast address. The IPv6 address specification 2001:db8::/32 is a large address block with 296 addresses, having a 32-bit routing prefix. + +For IPv4, a network may also be characterized by its subnet mask or netmask, which is the bitmask that, when applied by a bitwise AND operation to any IP address in the network, yields the routing prefix. Subnet masks are also expressed in dot-decimal notation like an IP address. For example, the prefix 198.51.100.0/24 would have the subnet mask 255.255.255.0. + +Traffic is exchanged between subnets through routers when the routing prefixes of the source address and the destination address differ. A router serves as a logical or physical boundary between the subnets. + +The benefits of subnetting an existing network vary with each deployment scenario. In the address allocation architecture of the Internet using CIDR and in large organizations, efficient allocation of address space is necessary. Subnetting may also enhance routing efficiency, or have advantages in network management when subnets are administratively controlled by different entities in a larger organization. Subnets may be arranged logically in a hierarchical architecture, partitioning an organization's network address space into a tree-like routing structure, or other structures, such as meshes. diff --git a/20240205104153-ip_address.org b/20240205104153-ip_address.org new file mode 100644 index 0000000..6aac7ea --- /dev/null +++ b/20240205104153-ip_address.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 8e21dcdd-34af-4952-913d-c434df43d5cb +:END: +#+title: IP-Address + +First IP from provieder vodafone: 176.94.190.205 diff --git a/20240205112418-zyxel_layout.org b/20240205112418-zyxel_layout.org new file mode 100644 index 0000000..55289eb --- /dev/null +++ b/20240205112418-zyxel_layout.org @@ -0,0 +1,19 @@ +:PROPERTIES: +:ID: dce6bd38-c649-4dd1-bf9e-9afca57ab316 +:END: +#+title: zyxel-layout + +Here the Layout of the zyxel switches is denoted: + +Zyx1-Serverlocat +Port-1: [[id:adc016f2-a660-47d7-8974-16b74a02bcbf][Protectli]] + +Port-2: vlan33 +Port-3: vlan33 +Port-4: vlan33 + +Port-5: vlan22 + +Port-6: vlan11 + +Port-7: vlan55 diff --git a/20240213131615-vlan.org b/20240213131615-vlan.org new file mode 100644 index 0000000..6c4f482 --- /dev/null +++ b/20240213131615-vlan.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 10bee010-2880-4431-bff2-6035d2bdfcef +:END: +#+title: vlan + +A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][subnetworks]] at the data link layer (OSI layer 2). In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network ([[id:213d19d9-ca8d-42b1-998a-2f34d1d9cd4c][LAN]]). VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed. +VLANs allow network administrators to group hosts together even if the hosts are not directly connected to the same network [[id:dd78168d-152c-4aca-a02b-6be0c950920d][switch]]. Because VLAN membership can be configured through software, this can greatly simplify network design and deployment. Without VLANs, grouping hosts according to their resource needs the labor of relocating nodes or rewiring data links. VLANs allow devices that must be kept separate to share the cabling of a physical network and yet be prevented from directly interacting with one another. This managed sharing yields gains in simplicity, security, traffic management, and economy. For example, a VLAN can be used to separate traffic within a business based on individual users or groups of users or their roles (e.g. network administrators), or based on traffic characteristics (e.g. low-priority traffic prevented from impinging on the rest of the network's functioning). Many Internet hosting services use VLANs to separate customers' private zones from one other, allowing each customer's servers to be grouped in a single network segment no matter where the individual servers are located in the data center. Some precautions are needed to prevent traffic "escaping" from a given VLAN, an exploit known as VLAN hopping. + +To subdivide a network into VLANs, one configures network equipment. Simpler equipment might partition only each physical port (if even that), in which case each VLAN runs over a dedicated network cable. More sophisticated devices can mark frames through VLAN tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs. Since VLANs share bandwidth, a VLAN trunk can use link aggregation, quality-of-service prioritization, or both to route data efficiently. + +* Tagging [[id:f4bb4857-2112-4e10-a22e-6da1436ce7b7][port]]s +Tagged means that the device must register with the VLAN tag in order to land in the VLAN. If, for example, a switch port is configured as VLAN5 untagged and VLAN10 tagged, an unconfigured PC would end up in VLAN5. If the VLAN tag 10 is configured on the PC, it ends up in VLAN 10. diff --git a/20251104101248-nixos.org b/20251104101248-nixos.org new file mode 100644 index 0000000..82600c7 --- /dev/null +++ b/20251104101248-nixos.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 039e64b4-8979-4276-99a6-0b018cc4665b +:END: +#+title: nixos + +NixOS is a Linux distribution built around the [[id:04b1edf2-9532-4060-8b2f-f37199cbfd92][nix]] package manager. Unlike traditional Linux distributions, NixOS uses a functional language to describe the system configuration. This enables complete system profiles to be generated, allowing for reproducible deployments, atomic upgrades, and system rollbacks. + +All installations and configurations are done mainly in one file: configuration.nix. Every component, from packages to port openings and the [[id:0613de5a-4b4f-429a-ba52-09d63c0a92d6][window-manager]], is declared and configured here. This file can be split up using flakes and home-manager. The home folder for the configurations is ~~/nixhome~. The main flake, which defines the configuration layout, is located there. Inside the main folder are other subfolders containing more configuration files. The main configuration file *configuration.nix* is located in ~~/nixhome/hosts/server~ or ~~/nixhome/hosts/worker~, depending on the desired structure. + +The hardware-configuration.nix file, which defines the hardware layout of your system, is in the same folder. This file is autogenerated and can be obtained using the =sudo nixos-generate-config= command in the ~/etc/nixos~ folder. The configuration.nix file should be the same for every [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]] in use. If a server requires special programs or configurations, these changes are made in the Nix modules. These modules are loaded into configuration.nix depending on the [[id:0dea8c51-5e1e-460c-9d0a-28293d62013e][VM]]. These modules are located in ~~/nixhome/modules/nixos~ and are named after the structure using them. For example: A VM needs Emacs to be installed. The VM is called VM1, so the module file is called VM1.nix. + + diff --git a/20251104101518-nix.org b/20251104101518-nix.org new file mode 100644 index 0000000..e7dcc5a --- /dev/null +++ b/20251104101518-nix.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 04b1edf2-9532-4060-8b2f-f37199cbfd92 +:END: +#+title: nix +Nix is a cross-platform [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package-manager]] for Unix-like systems and a functional language to configure those systems, invented in 2003 by Eelco Dolstra. + +The Nix package manager employs a model in which software [[id:6d025430-76e3-4b42-898d-8d88bad10afa][packages]] are each installed into unique directories with immutable contents. These directory names correspond to cryptographic hashes that take into account all dependencies of a package, including other packages managed by Nix. As a result, Nix package names are content-identifying since packages with the same name will have had the same inputs and the same build platform, and therefore the same build result. + +Nix is deployed in the [[id:3cc7bb7e-9fa2-4f29-89fe-f3aa92241dc5][operating system]] [[id:039e64b4-8979-4276-99a6-0b018cc4665b][nixos]]. + diff --git a/20251105080253-nix_flake.org b/20251105080253-nix_flake.org new file mode 100644 index 0000000..efdf28d --- /dev/null +++ b/20251105080253-nix_flake.org @@ -0,0 +1,14 @@ +:PROPERTIES: +:ID: 93b1f780-66ce-41c8-848d-ff8054d96a32 +:END: +#+title: nix-flake + +Nix flakes provide a standard way to write Nix expressions (and therefore packages) whose dependencies are version-pinned in a lock file, improving reproducibility of [[id:04b1edf2-9532-4060-8b2f-f37199cbfd92][nix]] installations. The experimental nix [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] interface (CLI) lets you evaluate or build an expression contained within a flake, install a derivation from a flake into a User Environment, and operate on flake outputs much like the original nix-{build,eval,...} commands would. + +A flake refers to a file-system tree whose root directory contains the Nix file specification called flake.nix. +An installation may contain any number of flakes, independent of each other or even call each other. +The contents of flake.nix file follow the uniform naming schema for expressing [[id:6d025430-76e3-4b42-898d-8d88bad10afa][packages]] and dependencies on Nix. +Flakes use the standard Nix [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocols]], including the URL-like syntax for specifying repositories and package names. +To simplify the long URL syntax with shorter names, flakes uses a registry of symbolic identifiers. +Flakes also allow for locking references and versions that can then be easily queried and updated programmatically. +Nix command-line interface accepts flake references for expressions that build, run, and deploy packages. diff --git a/20251105081303-packages.org b/20251105081303-packages.org new file mode 100644 index 0000000..42fe6e6 --- /dev/null +++ b/20251105081303-packages.org @@ -0,0 +1,7 @@ +:PROPERTIES: +:ID: 6d025430-76e3-4b42-898d-8d88bad10afa +:END: +#+title: packages + +A Linux package is a compressed archive file that contains software, its dependencies, configuration files, and metadata, which simplifies the distribution, installation, and management of software on Linux systems. +These packages can include various types of software such as [[id:d71414fc-349c-4763-a703-9f7092fc90d6][command-line]] utilities, graphical user interface (GUI) applications, and software libraries. [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package management systems]], like those used in distributions such as [[id:3e6e073d-11e1-4dd2-a3ef-5a8321f9f27f][Arch]] Linux, [[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco Linux]] or [[id:039e64b4-8979-4276-99a6-0b018cc4665b][Nixos]] handle the installation, updating, and removal of these packages efficiently. For example, Arch Linux provides a package search interface where users can find packages like ad, a cross-platform 3D real-time strategy game, or 7zip, a file archiver known for high compression ratios. Similarly, other platforms like pkgs.org offer package searches across multiple Linux distributions, including openSUSE, CentOS, and Ubuntu, providing access to thousands of software packages categorized by type, such as databases, multimedia tools, or development libraries. diff --git a/20251105081657-arch.org b/20251105081657-arch.org new file mode 100644 index 0000000..75b1b03 --- /dev/null +++ b/20251105081657-arch.org @@ -0,0 +1,12 @@ +:PROPERTIES: +:ID: 3e6e073d-11e1-4dd2-a3ef-5a8321f9f27f +:END: +#+title: arch + +Arch Linux (/ɑːrtʃ/) is an open source, rolling release Linux distribution. Arch Linux is kept up-to-date by regularly updating the individual pieces of software that it comprises. Arch Linux is intentionally minimal, and is meant to be configured by the user during installation so they may add only what they require. + +Arch Linux provides monthly "snapshots" which are used as installation media. + +[[id:d88b7b60-742d-4bc0-8b48-3fbcfad2373d][Pacman]], a [[id:b7c4f849-d1b1-4837-8634-82f6976a1473][package-manager]] written specifically for Arch Linux, is used to install, remove and update software packages. Also, the Arch User Repository (AUR), which is the community-driven software repository for Arch Linux provides packages not included in the official repositories and alternative versions of packages; AUR packages can be downloaded and built manually, or installed through an AUR 'helper'. + +[[id:5fada795-19a3-4ba6-97c0-0b70bd728a2f][Arco-Linux]] is a now obsolete derivation of Arch. diff --git a/20251105082409-package.org b/20251105082409-package.org new file mode 100644 index 0000000..33785cb --- /dev/null +++ b/20251105082409-package.org @@ -0,0 +1,4 @@ +:PROPERTIES: +:ID: 3927096c-005c-457b-8ba3-a67e0d3568cc +:END: +#+title: package diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29