Notes

I am one of those people who function better by writing things down. One day, I realized that most of my notes don’t have to be private, so here they are - my second brain. Be warned that, if you stumble upon something here that doesn’t make sense to you, it isn’t meant to!

Wireguard client

Note: The following instructions help setup a Wireguard client for a commercial VPN provider. Install Installation instructions for a Raspberry Pi. (As of today, Wireguard isn’t available in the standard distribution): Blogs: https://engineerworkshop.com/blog/how-to-set-up-wireguard-on-a-raspberry-pi/ https://www.wundertech.net/how-to-connect-a-raspberry-pi-to-a-wireguard-vpn-server/ sudo apt install raspberrypi-kernel-headers Mullvad Install configuration files: https://mullvad.net/en/help/wireguard-and-mullvad-vpn/ - it adds configurations to the /etc/wireguard directory. To add a kill-switch, edit the installer shell script before running it. Also, escape all the $ signs: $(..) -> \$(..). Check https://mullvad.net/en/check/ to ensure everything is working as expected. Kill-switch configuration PostUp = iptables -t mangle -A OUTPUT -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10 -j MARK --set-mark $(wg show %i fwmark) PreDown = iptables -t mangle -D OUTPUT -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10 -j MARK --set-mark $(wg show %i fwmark) PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT Note: ...

Life is too short for ...

Bad books. (Or, probably books in general, unless they are textbooks.) Not chasing your dreams, however scary, weird or hazy they may be. This one is important even if it sounds poetic or fictional. What if I took a break even if I didn’t know what dreams I’d go after during that period? Work where you don’t regularly challenge yourself. Learning random things. (Learn to build, not for the sake of learning.) Being unhealthy.

Cron

Crontab generators: https://crontab-generator.org/ https://crontab.guru/ Edit crontab file: crontab -e The following will redirect STDERR to STDOUT and the latter to the given file: */10 * * * * deploy-site-locally.sh > deploy-site-locally.out 2>&1 You can also put /dev/null to ignore all output.

Serve a static website through Nginx

The following is a bare-minimum snippet that you can put in a file in the /etc/nginx/sites-enabled directory to serve a static website over port 1313 through Nginx: server { listen 1313; root /home/ubuntu/site; location / { try_files $uri $uri/ =404; } }

Firewall on Oracle virtual machines

Oracle virtual machines, at least those running on Ubuntu, come with a restrictive firewall which doesn’t allow any incoming TCP traffic. Check before and after state using: sudo iptables -L Flush these rules: sudo iptables --flush sudo netfilter-persistent save Or, just put the following into /etc/iptables/rules.v4: # Generated by iptables-save v1.8.4 on Wed Oct 14 16:05:39 2020 *filter :INPUT ACCEPT [255:17972] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [144:19732] :InstanceServices - [0:0] COMMIT # Completed on Wed Oct 14 16:05:39 2020 Also: ...

Get IP address from CLI

curl -4 icanhazip.com

Nginx with TLS

# Install sudo apt install nginx certbot python3-certbot-nginx # Setup TLS on a new domain. Say 'yes' when it asks whether to setup automatic redirection from HTTP to HTTPS. sudo certbot --nginx -d wallabag.flister.cf # Edit configuration in /etc/nginx/sites-enabled, especially the `location` section for the relevant domain, and reload. sudo systemctl reload nginx

Matrix server

Server: An Always Free virtual machine from Oracle, running Canonical-Ubuntu-20.04-Minimal. This version of Ubuntu comes with an older and buggy version of Ansible. So, I had to install the latest one via instructions documented here. I now activate it on the server by doing: source ~/ansible/bin/activate. Free domain from: Freenom. Setup In a nutshell: sudo apt update sudo apt install git python-is-python3 cron vim git clone https://github.com/spantaleev/matrix-docker-ansible-deploy.git cd matrix-docker-ansible-deploy # Run all future commands within this directory. mkdir inventory/host_vars/matrix.flister.cf cp examples/host-vars.yml inventory/host_vars/matrix.flister.cf/vars.yml # This is 1 of the 2 configuration files. cp examples/hosts inventory/hosts # This is 2 of the 2 configuration files. # Setup everything ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start # Create a user - admin or not. ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=foo password=bar admin=yes' --tags=register-user # Test everything is working as expected. ansible-playbook -i inventory/hosts setup.yml --tags=self-check The inventory/host_vars/matrix.flister.cf/vars.yml file: ...

Smart light brands

Wall lights in various shapes: Nanoleaf. Quantum. Smart bulbs etc.: Philips Hue.

Enough on the self-hosting front! Time to get back to my goals

It’s really enough on the self-hosting stuff! Who cares about Fathom right now? Google Analytics is working fine. (Even if it weren’t, why do I care about analytics on my website? My intent, of starting it, wasn’t to become a world renowned blogger or anything - it was just to create a space for myself on the internet. I have that now - analytics don’t matter.) Who cares about Matrix? My existing tools are working fine, and no one in my social circle will use Matrix anyway. I probably just need to figure out how to access my private notes on my phone. I’ll find a solution to that and move on. It’s time I got back to studying Deep Learning and other things I’ve printed out.