From 0f885a69fd2805b826600aad2e51ed9a48eebed3 Mon Sep 17 00:00:00 2001
From: Trent Palmer <trenttdually@gmail.com>
Date: Mon, 25 Jan 2021 08:37:39 -0800
Subject: [PATCH] add Prosody Photo Uploads

---
 docs/index.md                                 |    1 +
 docs/posts/prosody-photo-uploads.md           |  252 +++++
 mkdocs.yml                                    |    1 +
 site/404.html                                 |   12 +
 site/index.html                               |   17 +-
 site/links/index.html                         |   12 +
 site/posts/apache-virtual-hosts/index.html    |   12 +
 .../clear-linux-encrypted-xfs-root/index.html |   12 +
 .../clear-linux-guest-virt-manager/index.html |   12 +
 .../index.html                                |   12 +
 .../index.html                                |   12 +
 .../index.html                                |   12 +
 .../lmde3-xfs-full-disk-encryption/index.html |   12 +
 .../index.html                                |   12 +
 site/posts/prosody-photo-uploads/index.html   | 1007 +++++++++++++++++
 .../index.html                                |   12 +
 .../index.html                                |   12 +
 .../simplified-raspberry-streaming/index.html |   12 +
 site/posts/xmpp-apt-notifications/index.html  |   16 +-
 site/search/search_index.json                 |    2 +-
 site/sitemap.xml                              |   32 +-
 site/sitemap.xml.gz                           |  Bin 202 -> 203 bytes
 22 files changed, 1465 insertions(+), 19 deletions(-)
 create mode 100644 docs/posts/prosody-photo-uploads.md
 create mode 100644 site/posts/prosody-photo-uploads/index.html

diff --git a/docs/index.md b/docs/index.md
index 12890d2..3eb4b24 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -5,6 +5,7 @@ authors: ["trent"]
 # Trent's Blog
 ## **Posts By Date**
 
+* [2021-01-25: Prosody Photo Uploads](posts/prosody-photo-uploads.md){target=_blank}
 * [2021-01-09: Xmpp Apt Notifications](posts/xmpp-apt-notifications.md){target=_blank}
 * [2020-12-20: Apache Virtual Hosts](posts/apache-virtual-hosts.md){target=_blank}
 * [2020-12-19: SENDXMPPHandler for Python Logging](posts/sendxmpp-handler-for-python-logging.md){target=_blank}
diff --git a/docs/posts/prosody-photo-uploads.md b/docs/posts/prosody-photo-uploads.md
new file mode 100644
index 0000000..d653b6b
--- /dev/null
+++ b/docs/posts/prosody-photo-uploads.md
@@ -0,0 +1,252 @@
+---
+title: "Prosody Photo Uploads"
+date: 2021-01-25
+draft: false
+tags: ["xmpp","prosody","debian","letsencrypt"]
+authors: ["trent"]
+---
+date: 2021-01-25
+
+## **Introduction**
+
+Install [prosody](https://prosody.im/){target=_blank} on [Debian 10](https://www.debian.org/){target=_blank}
+with photoupload, postgresql database, and letsencrypt certs.
+
+## **DNS**
+
+* Log into your dns provider and create A and AAAA records for *xmpp.example.com*
+* Log into your dns provider and create A and AAAA records for *xmppupload.example.com*
+
+## **FireWall**
+
+Incidentally, you definitely do want to use a non-standard ssh port for connecting over the internet.
+
+I would suggest that a firewall is important, because I couldn't figure out how to completely disable
+port 5280 for the http protocol, in the clear, in the prosody config.
+
+### ports
+
+* `80/tcp`, `443/tcp` for certbot
+* `4444/tcp` i.e. port 4444 for ssh
+* `5222/tcp` for xmpp-client
+* `5269/tcp` for xmpp-server
+* `5281/tcp` for https connections to prosody for uploads and photos
+
+### FireWall with UFW
+
+* `ufw allow http`
+* `ufw allow https`
+* `ufw allow xmpp-client`
+* `ufw allow xmpp-server`
+* `ufw allow 5281/tcp`
+* `ufw allow 4444/tcp` i.e. if 4444 for ssh
+* `ufw enable` to start the firewall
+
+## **Postgresql Database**
+### Install the postgresql database.
+```console
+apt-get install postgresql postgresql-contrib
+```
+Log into the psql command line.
+```console
+sudo -u postgres psql
+```
+Create prosody database
+```sql
+postgres=# CREATE DATABASE prosody;
+```
+Creat prosody user
+```sql
+postgres=# CREATE ROLE prosody WITH LOGIN;
+```
+Set password for user
+```sql
+postgres=# \password prosody
+```
+Quit `psql`
+```sql
+postgres=# \q
+```
+### allow authentication in `pg_hba.conf`
+To connect to postgresql via unix socket
+```cfg
+# /etc/postgresql/11/main/pg_hba.conf
+# make sure this line is above
+local   prosody         prosody                                 md5
+
+# make sure this line is below
+local   all             all                                     peer
+```
+or i.e. through a wireguard tunnel
+```cfg
+# /etc/postgresql/11/main/pg_hba.conf
+# where 10.0.22.5 is the ip address of the machine that prosody will run on 
+host    prosody         prosody         10.0.22.5/32            md5
+```
+
+and then restart postgresql
+```console
+systemctl restart postgresql
+```
+
+## **Prosody**
+### Install Prosody
+```console
+apt install prosody prosody-modules lua-dbi-postgresql
+```
+### Configure Prosody
+backup the prosody config file
+```console
+cp /etc/prosody/prosody.cfg.lua /etc/prosody/prosody.cfg.lua.bak
+```
+
+if you want to disable advertising version and uptime, allow message archives,
+and disallow registration, change this
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+modules_enabled = {
+
+    ...
+
+    -- Nice to have
+      "version"; -- Replies to server version requests
+      "uptime"; -- Report how long server has been running
+      "time"; -- Let others know the time here on this server
+      "ping"; -- Replies to XMPP pings with pongs
+      "register"; -- Allow users to register on this server using a client and change passwords
+      --"mam"; -- Store messages in an archive and allow users to access it
+      --"csi_simple"; -- Simple Mobile optimizations
+
+    ...
+}
+```
+
+to this
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+modules_enabled = {
+
+    ...
+
+    -- Nice to have
+      --"version"; -- Replies to server version requests
+      --"uptime"; -- Report how long server has been running
+      "time"; -- Let others know the time here on this server
+      "ping"; -- Replies to XMPP pings with pongs
+      --"register"; -- Allow users to register on this server using a client and change passwords
+      "mam"; -- Store messages in an archive and allow users to access it
+      --"csi_simple"; -- Simple Mobile optimizations
+
+    ...
+}
+```
+
+to force certificate authentication for server-to-server connections,
+make the following edit around line 123
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+-- Force certificate authentication for server-to-server connections?
+
+-- change this
+s2s_secure_auth = false
+-- to this
+s2s_secure_auth = true
+```
+
+around line 147 enable sql
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+
+-- change this
+--storage = "sql"
+
+-- to this
+storage = "sql"
+```
+
+and describe the database connection
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+
+-- change this
+--sql = {
+  driver = "PostgreSQL",
+  database = "prosody",
+  username = "prosody",
+  password = "secret",
+  host = "localhost"
+}
+
+-- to this
+sql = {
+  driver = "PostgreSQL",
+  database = "prosody",
+  username = "prosody",
+  password = "secret",
+  host = "localhost"
+}
+
+-- or to use a unix socket in Debian 10
+sql = {
+  driver = "PostgreSQL",
+  database = "prosody",
+  username = "prosody",
+  password = "secret",
+  host = "/var/run/postgresql"
+}
+```
+
+somewhere around line 196, describe the certificate file for the upoad subdomain
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+
+-- change this
+--https_certificate = "/etc/prosody/certs/localhost.crt"
+
+-- to this
+https_certificate = "/etc/prosody/certs/xmppupload.example.com.crt"
+```
+
+somewhere around line 210 describe your virtualhost
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+VirtualHost "xmpp.example.com"
+
+disco_items = {
+    {"xmppupload.example.com"},
+}
+```
+
+add the following to the end of the file
+```cfg
+-- /etc/prosody/prosody.cfg.lua
+Component "xmppupload.example.com" "http_upload"
+```
+
+and then restart prosody
+```console
+systemctl restart prososdy
+```
+
+## **Certbot**
+install certbot
+```console
+apt install certbot
+```
+get certificates
+```console
+certbot certonly -d xmpp.example.com
+certbot certonly -d xmppupload.example.com
+```
+import the certificates into prosody and restart prosody
+```console
+prosodyctl --root cert import /etc/letsencrypt/live
+systemctl restart prosody
+```
+create the following renewal-hook for letsencrypt
+```console
+#!/bin/bash
+# /etc/letsencrypt/renewal-hooks/deploy/prosody_deploy_hook
+
+prosodyctl --root cert import /etc/letsencrypt/live
+```
diff --git a/mkdocs.yml b/mkdocs.yml
index cf19e80..6b083e6 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -19,6 +19,7 @@ markdown_extensions:
 nav:
   - Home:
     - Home: index.md
+    - posts/prosody-photo-uploads.md
     - posts/xmpp-apt-notifications.md
     - posts/apache-virtual-hosts.md
     - posts/sendxmpp-handler-for-python-logging.md
diff --git a/site/404.html b/site/404.html
index ae50fa5..4651dfa 100644
--- a/site/404.html
+++ b/site/404.html
@@ -225,6 +225,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="/posts/prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="/posts/xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/index.html b/site/index.html
index f4d9e0a..d7bd594 100644
--- a/site/index.html
+++ b/site/index.html
@@ -281,6 +281,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="posts/prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="posts/xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
@@ -515,6 +527,7 @@
                 <h1 id="trents-blog">Trent's Blog</h1>
 <h2 id="posts-by-date"><strong>Posts By Date</strong></h2>
 <ul>
+<li><a href="posts/prosody-photo-uploads/" target="_blank">2021-01-25: Prosody Photo Uploads</a></li>
 <li><a href="posts/xmpp-apt-notifications/" target="_blank">2021-01-09: Xmpp Apt Notifications</a></li>
 <li><a href="posts/apache-virtual-hosts/" target="_blank">2020-12-20: Apache Virtual Hosts</a></li>
 <li><a href="posts/sendxmpp-handler-for-python-logging/" target="_blank">2020-12-19: SENDXMPPHandler for Python Logging</a></li>
@@ -553,13 +566,13 @@
       <nav class="md-footer-nav__inner md-grid" aria-label="Footer">
         
         
-          <a href="posts/xmpp-apt-notifications/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
+          <a href="posts/prosody-photo-uploads/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
             <div class="md-footer-nav__title">
               <div class="md-ellipsis">
                 <span class="md-footer-nav__direction">
                   Next
                 </span>
-                Xmpp Apt Notifications
+                Prosody Photo Uploads
               </div>
             </div>
             <div class="md-footer-nav__button md-icon">
diff --git a/site/links/index.html b/site/links/index.html
index 0b8e615..ba738ea 100644
--- a/site/links/index.html
+++ b/site/links/index.html
@@ -234,6 +234,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../posts/prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../posts/xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/apache-virtual-hosts/index.html b/site/posts/apache-virtual-hosts/index.html
index 22a3ede..25869e8 100644
--- a/site/posts/apache-virtual-hosts/index.html
+++ b/site/posts/apache-virtual-hosts/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/clear-linux-encrypted-xfs-root/index.html b/site/posts/clear-linux-encrypted-xfs-root/index.html
index 5652609..8406b62 100644
--- a/site/posts/clear-linux-encrypted-xfs-root/index.html
+++ b/site/posts/clear-linux-encrypted-xfs-root/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/clear-linux-guest-virt-manager/index.html b/site/posts/clear-linux-guest-virt-manager/index.html
index 3a268a2..e7124a6 100644
--- a/site/posts/clear-linux-guest-virt-manager/index.html
+++ b/site/posts/clear-linux-guest-virt-manager/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/faster-partitioning-with-sgdisk/index.html b/site/posts/faster-partitioning-with-sgdisk/index.html
index d8bc596..29a3a5e 100644
--- a/site/posts/faster-partitioning-with-sgdisk/index.html
+++ b/site/posts/faster-partitioning-with-sgdisk/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/instructions-for-tethering-from-phone/index.html b/site/posts/instructions-for-tethering-from-phone/index.html
index 244ef3d..6a516e7 100644
--- a/site/posts/instructions-for-tethering-from-phone/index.html
+++ b/site/posts/instructions-for-tethering-from-phone/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/linux-move-cursor-with-keyboard/index.html b/site/posts/linux-move-cursor-with-keyboard/index.html
index e191f24..0004099 100644
--- a/site/posts/linux-move-cursor-with-keyboard/index.html
+++ b/site/posts/linux-move-cursor-with-keyboard/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/lmde3-xfs-full-disk-encryption/index.html b/site/posts/lmde3-xfs-full-disk-encryption/index.html
index 56ad638..d9d56fb 100644
--- a/site/posts/lmde3-xfs-full-disk-encryption/index.html
+++ b/site/posts/lmde3-xfs-full-disk-encryption/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/lmde4-custom-partitions-disk-encryption/index.html b/site/posts/lmde4-custom-partitions-disk-encryption/index.html
index 997e98c..5bb9e7d 100644
--- a/site/posts/lmde4-custom-partitions-disk-encryption/index.html
+++ b/site/posts/lmde4-custom-partitions-disk-encryption/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/prosody-photo-uploads/index.html b/site/posts/prosody-photo-uploads/index.html
new file mode 100644
index 0000000..f6759f9
--- /dev/null
+++ b/site/posts/prosody-photo-uploads/index.html
@@ -0,0 +1,1007 @@
+
+<!doctype html>
+<html lang="en" class="no-js">
+  <head>
+    
+      <meta charset="utf-8">
+      <meta name="viewport" content="width=device-width,initial-scale=1">
+      
+      
+      
+      
+      <link rel="shortcut icon" href="../../assets/images/favicon.png">
+      <meta name="generator" content="mkdocs-1.1.2, mkdocs-material-6.1.7">
+    
+    
+      
+        <title>Prosody Photo Uploads - Trent's Blog</title>
+      
+    
+    
+      <link rel="stylesheet" href="../../assets/stylesheets/main.19753c6b.min.css">
+      
+        
+        <link rel="stylesheet" href="../../assets/stylesheets/palette.196e0c26.min.css">
+        
+      
+    
+    
+    
+      
+        
+        <link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
+        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
+        <style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style>
+      
+    
+    
+    
+      <link rel="stylesheet" href="../../extra.css">
+    
+    
+      
+    
+    
+  </head>
+  
+  
+    
+    
+    
+    
+    
+    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="" data-md-color-accent="">
+      
+  
+    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
+    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
+    <label class="md-overlay" for="__drawer"></label>
+    <div data-md-component="skip">
+      
+        
+        <a href="#introduction" class="md-skip">
+          Skip to content
+        </a>
+      
+    </div>
+    <div data-md-component="announce">
+      
+    </div>
+    
+      
+
+<header class="md-header" data-md-component="header">
+  <nav class="md-header-nav md-grid" aria-label="Header">
+    <a href="../.." title="Trent&#39;s Blog" class="md-header-nav__button md-logo" aria-label="Trent's Blog">
+      
+  
+  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
+
+    </a>
+    <label class="md-header-nav__button md-icon" for="__drawer">
+      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
+    </label>
+    <div class="md-header-nav__title" data-md-component="header-title">
+      
+        <div class="md-header-nav__ellipsis">
+          <span class="md-header-nav__topic md-ellipsis">
+            Trent's Blog
+          </span>
+          <span class="md-header-nav__topic md-ellipsis">
+            
+              Prosody Photo Uploads
+            
+          </span>
+        </div>
+      
+    </div>
+    
+      <label class="md-header-nav__button md-icon" for="__search">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
+      </label>
+      
+<div class="md-search" data-md-component="search" role="dialog">
+  <label class="md-search__overlay" for="__search"></label>
+  <div class="md-search__inner" role="search">
+    <form class="md-search__form" name="search">
+      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" data-md-state="active" required>
+      <label class="md-search__icon md-icon" for="__search">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
+      </label>
+      <button type="reset" class="md-search__icon md-icon" aria-label="Clear" data-md-component="search-reset" tabindex="-1">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
+      </button>
+    </form>
+    <div class="md-search__output">
+      <div class="md-search__scrollwrap" data-md-scrollfix>
+        <div class="md-search-result" data-md-component="search-result">
+          <div class="md-search-result__meta">
+            Initializing search
+          </div>
+          <ol class="md-search-result__list"></ol>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+    
+    
+  </nav>
+</header>
+    
+    <div class="md-container" data-md-component="container">
+      
+      
+        
+          
+
+  
+
+<nav class="md-tabs md-tabs--active" aria-label="Tabs" data-md-component="tabs">
+  <div class="md-tabs__inner md-grid">
+    <ul class="md-tabs__list">
+      
+        
+  
+  
+    <li class="md-tabs__item">
+      
+      
+        
+      
+      <a href="../.." class="md-tabs__link md-tabs__link--active">
+        Home
+      </a>
+    </li>
+  
+
+      
+        
+  
+  
+    <li class="md-tabs__item">
+      
+      
+      <a href="../../links/" class="md-tabs__link">
+        Links
+      </a>
+    </li>
+  
+
+      
+    </ul>
+  </div>
+</nav>
+        
+      
+      <main class="md-main" data-md-component="main">
+        <div class="md-main__inner md-grid">
+          
+            
+              <div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
+                <div class="md-sidebar__scrollwrap">
+                  <div class="md-sidebar__inner">
+                    
+
+<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
+  <label class="md-nav__title" for="__drawer">
+    <a href="../.." title="Trent&#39;s Blog" class="md-nav__button md-logo" aria-label="Trent's Blog">
+      
+  
+  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg>
+
+    </a>
+    Trent's Blog
+  </label>
+  
+  <ul class="md-nav__list" data-md-scrollfix>
+    
+      
+      
+      
+
+  
+
+
+  <li class="md-nav__item md-nav__item--active md-nav__item--nested">
+    
+    <input class="md-nav__toggle md-toggle" data-md-toggle="nav-1" type="checkbox" id="nav-1" checked>
+    <label class="md-nav__link" for="nav-1">
+      Home
+      <span class="md-nav__icon md-icon"></span>
+    </label>
+    <nav class="md-nav" aria-label="Home" data-md-level="1">
+      <label class="md-nav__title" for="nav-1">
+        <span class="md-nav__icon md-icon"></span>
+        Home
+      </label>
+      <ul class="md-nav__list" data-md-scrollfix>
+        
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../.." class="md-nav__link">
+      Home
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+  
+
+
+  <li class="md-nav__item md-nav__item--active">
+    
+    <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
+    
+    
+      <label class="md-nav__link md-nav__link--active" for="__toc">
+        Prosody Photo Uploads
+        <span class="md-nav__icon md-icon"></span>
+      </label>
+    
+    <a href="./" class="md-nav__link md-nav__link--active">
+      Prosody Photo Uploads
+    </a>
+    
+      
+<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
+  
+  
+  
+    <label class="md-nav__title" for="__toc">
+      <span class="md-nav__icon md-icon"></span>
+      Table of contents
+    </label>
+    <ul class="md-nav__list" data-md-scrollfix>
+      
+        <li class="md-nav__item">
+  <a href="#introduction" class="md-nav__link">
+    Introduction
+  </a>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#dns" class="md-nav__link">
+    DNS
+  </a>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#firewall" class="md-nav__link">
+    FireWall
+  </a>
+  
+    <nav class="md-nav" aria-label="FireWall">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#ports" class="md-nav__link">
+    ports
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#firewall-with-ufw" class="md-nav__link">
+    FireWall with UFW
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#postgresql-database" class="md-nav__link">
+    Postgresql Database
+  </a>
+  
+    <nav class="md-nav" aria-label="Postgresql Database">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#install-the-postgresql-database" class="md-nav__link">
+    Install the postgresql database.
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#allow-authentication-in-pg_hbaconf" class="md-nav__link">
+    allow authentication in pg_hba.conf
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#prosody" class="md-nav__link">
+    Prosody
+  </a>
+  
+    <nav class="md-nav" aria-label="Prosody">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#install-prosody" class="md-nav__link">
+    Install Prosody
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#configure-prosody" class="md-nav__link">
+    Configure Prosody
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#certbot" class="md-nav__link">
+    Certbot
+  </a>
+  
+</li>
+      
+    </ul>
+  
+</nav>
+    
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../xmpp-apt-notifications/" class="md-nav__link">
+      Xmpp Apt Notifications
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../apache-virtual-hosts/" class="md-nav__link">
+      Apache Virtual Hosts
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../sendxmpp-handler-for-python-logging/" class="md-nav__link">
+      SENDXMPPHandler for Python Logging
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../instructions-for-tethering-from-phone/" class="md-nav__link">
+      Instructions For Tethering From Phone
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../lmde4-custom-partitions-disk-encryption/" class="md-nav__link">
+      LMDE4 Custom Partitions Disk Encryption
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../linux-move-cursor-with-keyboard/" class="md-nav__link">
+      Linux Move Cursor With Keyboard
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../simplified-raspberry-streaming/" class="md-nav__link">
+      Simplified Raspberry Streaming
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../clear-linux-encrypted-xfs-root/" class="md-nav__link">
+      Clear Linux Encrypted xfs Root
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../clear-linux-guest-virt-manager/" class="md-nav__link">
+      Clear Linux Guest Virt Manager
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../faster-partitioning-with-sgdisk/" class="md-nav__link">
+      Faster Partitioning With sgdisk
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../lmde3-xfs-full-disk-encryption/" class="md-nav__link">
+      LMDE3 xfs Full Disk Encryption
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../rewrite-hugo-themes-report-in-python/" class="md-nav__link">
+      Rewrite Hugo Themes Report in Python
+    </a>
+  </li>
+
+        
+      </ul>
+    </nav>
+  </li>
+
+    
+      
+      
+      
+
+
+  <li class="md-nav__item md-nav__item--nested">
+    
+    <input class="md-nav__toggle md-toggle" data-md-toggle="nav-2" type="checkbox" id="nav-2" >
+    <label class="md-nav__link" for="nav-2">
+      Links
+      <span class="md-nav__icon md-icon"></span>
+    </label>
+    <nav class="md-nav" aria-label="Links" data-md-level="1">
+      <label class="md-nav__title" for="nav-2">
+        <span class="md-nav__icon md-icon"></span>
+        Links
+      </label>
+      <ul class="md-nav__list" data-md-scrollfix>
+        
+        
+          
+          
+          
+
+
+  <li class="md-nav__item">
+    <a href="../../links/" class="md-nav__link">
+      Links
+    </a>
+  </li>
+
+        
+      </ul>
+    </nav>
+  </li>
+
+    
+  </ul>
+</nav>
+                  </div>
+                </div>
+              </div>
+            
+            
+              <div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
+                <div class="md-sidebar__scrollwrap">
+                  <div class="md-sidebar__inner">
+                    
+<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
+  
+  
+  
+    <label class="md-nav__title" for="__toc">
+      <span class="md-nav__icon md-icon"></span>
+      Table of contents
+    </label>
+    <ul class="md-nav__list" data-md-scrollfix>
+      
+        <li class="md-nav__item">
+  <a href="#introduction" class="md-nav__link">
+    Introduction
+  </a>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#dns" class="md-nav__link">
+    DNS
+  </a>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#firewall" class="md-nav__link">
+    FireWall
+  </a>
+  
+    <nav class="md-nav" aria-label="FireWall">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#ports" class="md-nav__link">
+    ports
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#firewall-with-ufw" class="md-nav__link">
+    FireWall with UFW
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#postgresql-database" class="md-nav__link">
+    Postgresql Database
+  </a>
+  
+    <nav class="md-nav" aria-label="Postgresql Database">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#install-the-postgresql-database" class="md-nav__link">
+    Install the postgresql database.
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#allow-authentication-in-pg_hbaconf" class="md-nav__link">
+    allow authentication in pg_hba.conf
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#prosody" class="md-nav__link">
+    Prosody
+  </a>
+  
+    <nav class="md-nav" aria-label="Prosody">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#install-prosody" class="md-nav__link">
+    Install Prosody
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#configure-prosody" class="md-nav__link">
+    Configure Prosody
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#certbot" class="md-nav__link">
+    Certbot
+  </a>
+  
+</li>
+      
+    </ul>
+  
+</nav>
+                  </div>
+                </div>
+              </div>
+            
+          
+          <div class="md-content">
+            <article class="md-content__inner md-typeset">
+              
+                
+                
+                  <h1>Prosody Photo Uploads</h1>
+                
+                <p>date: 2021-01-25</p>
+<h2 id="introduction"><strong>Introduction</strong></h2>
+<p>Install <a href="https://prosody.im/" target="_blank">prosody</a> on <a href="https://www.debian.org/" target="_blank">Debian 10</a>
+with photoupload, postgresql database, and letsencrypt certs.</p>
+<h2 id="dns"><strong>DNS</strong></h2>
+<ul>
+<li>Log into your dns provider and create A and AAAA records for <em>xmpp.example.com</em></li>
+<li>Log into your dns provider and create A and AAAA records for <em>xmppupload.example.com</em></li>
+</ul>
+<h2 id="firewall"><strong>FireWall</strong></h2>
+<p>Incidentally, you definitely do want to use a non-standard ssh port for connecting over the internet.</p>
+<p>I would suggest that a firewall is important, because I couldn't figure out how to completely disable
+port 5280 for the http protocol, in the clear, in the prosody config.</p>
+<h3 id="ports">ports</h3>
+<ul>
+<li><code>80/tcp</code>, <code>443/tcp</code> for certbot</li>
+<li><code>4444/tcp</code> i.e. port 4444 for ssh</li>
+<li><code>5222/tcp</code> for xmpp-client</li>
+<li><code>5269/tcp</code> for xmpp-server</li>
+<li><code>5281/tcp</code> for https connections to prosody for uploads and photos</li>
+</ul>
+<h3 id="firewall-with-ufw">FireWall with UFW</h3>
+<ul>
+<li><code>ufw allow http</code></li>
+<li><code>ufw allow https</code></li>
+<li><code>ufw allow xmpp-client</code></li>
+<li><code>ufw allow xmpp-server</code></li>
+<li><code>ufw allow 5281/tcp</code></li>
+<li><code>ufw allow 4444/tcp</code> i.e. if 4444 for ssh</li>
+<li><code>ufw enable</code> to start the firewall</li>
+</ul>
+<h2 id="postgresql-database"><strong>Postgresql Database</strong></h2>
+<h3 id="install-the-postgresql-database">Install the postgresql database.</h3>
+<p><div class="highlight"><pre><span></span><code><span class="go">apt-get install postgresql postgresql-contrib</span>
+</code></pre></div>
+Log into the psql command line.
+<div class="highlight"><pre><span></span><code><span class="go">sudo -u postgres psql</span>
+</code></pre></div>
+Create prosody database
+<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">prosody</span><span class="p">;</span>
+</code></pre></div>
+Creat prosody user
+<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="k">CREATE</span> <span class="k">ROLE</span> <span class="n">prosody</span> <span class="k">WITH</span> <span class="n">LOGIN</span><span class="p">;</span>
+</code></pre></div>
+Set password for user
+<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="err">\</span><span class="n">password</span> <span class="n">prosody</span>
+</code></pre></div>
+Quit <code>psql</code>
+<div class="highlight"><pre><span></span><code><span class="n">postgres</span><span class="o">=#</span> <span class="err">\</span><span class="n">q</span>
+</code></pre></div></p>
+<h3 id="allow-authentication-in-pg_hbaconf">allow authentication in <code>pg_hba.conf</code></h3>
+<p>To connect to postgresql via unix socket
+<div class="highlight"><pre><span></span><code><span class="c1"># /etc/postgresql/11/main/pg_hba.conf</span>
+<span class="c1"># make sure this line is above</span>
+<span class="na">local   prosody         prosody                                 md5</span>
+
+<span class="c1"># make sure this line is below</span>
+<span class="na">local   all             all                                     peer</span>
+</code></pre></div>
+or i.e. through a wireguard tunnel
+<div class="highlight"><pre><span></span><code><span class="c1"># /etc/postgresql/11/main/pg_hba.conf</span>
+<span class="c1"># where 10.0.22.5 is the ip address of the machine that prosody will run on </span>
+<span class="na">host    prosody         prosody         10.0.22.5/32            md5</span>
+</code></pre></div></p>
+<p>and then restart postgresql
+<div class="highlight"><pre><span></span><code><span class="go">systemctl restart postgresql</span>
+</code></pre></div></p>
+<h2 id="prosody"><strong>Prosody</strong></h2>
+<h3 id="install-prosody">Install Prosody</h3>
+<div class="highlight"><pre><span></span><code><span class="go">apt install prosody prosody-modules lua-dbi-postgresql</span>
+</code></pre></div>
+<h3 id="configure-prosody">Configure Prosody</h3>
+<p>backup the prosody config file
+<div class="highlight"><pre><span></span><code><span class="go">cp /etc/prosody/prosody.cfg.lua /etc/prosody/prosody.cfg.lua.bak</span>
+</code></pre></div></p>
+<p>if you want to disable advertising version and uptime, allow message archives,
+and disallow registration, change this
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+<span class="na">modules_enabled</span> <span class="o">=</span> <span class="s">{</span>
+
+    <span class="na">...</span>
+
+    <span class="na">-- Nice to have</span>
+      <span class="na">&quot;version&quot;; -- Replies to server version requests</span>
+      <span class="na">&quot;uptime&quot;; -- Report how long server has been running</span>
+      <span class="na">&quot;time&quot;; -- Let others know the time here on this server</span>
+      <span class="na">&quot;ping&quot;; -- Replies to XMPP pings with pongs</span>
+      <span class="na">&quot;register&quot;; -- Allow users to register on this server using a client and change passwords</span>
+      <span class="na">--&quot;mam&quot;; -- Store messages in an archive and allow users to access it</span>
+      <span class="na">--&quot;csi_simple&quot;; -- Simple Mobile optimizations</span>
+
+    <span class="na">...</span>
+<span class="na">}</span>
+</code></pre></div></p>
+<p>to this
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+<span class="na">modules_enabled</span> <span class="o">=</span> <span class="s">{</span>
+
+    <span class="na">...</span>
+
+    <span class="na">-- Nice to have</span>
+      <span class="na">--&quot;version&quot;; -- Replies to server version requests</span>
+      <span class="na">--&quot;uptime&quot;; -- Report how long server has been running</span>
+      <span class="na">&quot;time&quot;; -- Let others know the time here on this server</span>
+      <span class="na">&quot;ping&quot;; -- Replies to XMPP pings with pongs</span>
+      <span class="na">--&quot;register&quot;; -- Allow users to register on this server using a client and change passwords</span>
+      <span class="na">&quot;mam&quot;; -- Store messages in an archive and allow users to access it</span>
+      <span class="na">--&quot;csi_simple&quot;; -- Simple Mobile optimizations</span>
+
+    <span class="na">...</span>
+<span class="na">}</span>
+</code></pre></div></p>
+<p>to force certificate authentication for server-to-server connections,
+make the following edit around line 123
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+<span class="na">-- Force certificate authentication for server-to-server connections?</span>
+
+<span class="na">-- change this</span>
+<span class="na">s2s_secure_auth</span> <span class="o">=</span> <span class="s">false</span>
+<span class="na">-- to this</span>
+<span class="na">s2s_secure_auth</span> <span class="o">=</span> <span class="s">true</span>
+</code></pre></div></p>
+<p>around line 147 enable sql
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+
+<span class="na">-- change this</span>
+<span class="na">--storage</span> <span class="o">=</span> <span class="s">&quot;sql&quot;</span>
+
+<span class="na">-- to this</span>
+<span class="na">storage</span> <span class="o">=</span> <span class="s">&quot;sql&quot;</span>
+</code></pre></div></p>
+<p>and describe the database connection
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+
+<span class="na">-- change this</span>
+<span class="na">--sql</span> <span class="o">=</span> <span class="s">{</span>
+<span class="s">  driver = &quot;PostgreSQL&quot;,</span>
+<span class="s">  database = &quot;prosody&quot;,</span>
+<span class="s">  username = &quot;prosody&quot;,</span>
+<span class="s">  password = &quot;secret&quot;,</span>
+<span class="s">  host = &quot;localhost&quot;</span>
+<span class="na">}</span>
+
+<span class="na">-- to this</span>
+<span class="na">sql</span> <span class="o">=</span> <span class="s">{</span>
+<span class="s">  driver = &quot;PostgreSQL&quot;,</span>
+<span class="s">  database = &quot;prosody&quot;,</span>
+<span class="s">  username = &quot;prosody&quot;,</span>
+<span class="s">  password = &quot;secret&quot;,</span>
+<span class="s">  host = &quot;localhost&quot;</span>
+<span class="na">}</span>
+
+<span class="na">-- or to use a unix socket in Debian 10</span>
+<span class="na">sql</span> <span class="o">=</span> <span class="s">{</span>
+<span class="s">  driver = &quot;PostgreSQL&quot;,</span>
+<span class="s">  database = &quot;prosody&quot;,</span>
+<span class="s">  username = &quot;prosody&quot;,</span>
+<span class="s">  password = &quot;secret&quot;,</span>
+<span class="s">  host = &quot;/var/run/postgresql&quot;</span>
+<span class="na">}</span>
+</code></pre></div></p>
+<p>somewhere around line 196, describe the certificate file for the upoad subdomain
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+
+<span class="na">-- change this</span>
+<span class="na">--https_certificate</span> <span class="o">=</span> <span class="s">&quot;/etc/prosody/certs/localhost.crt&quot;</span>
+
+<span class="na">-- to this</span>
+<span class="na">https_certificate</span> <span class="o">=</span> <span class="s">&quot;/etc/prosody/certs/xmppupload.example.com.crt&quot;</span>
+</code></pre></div></p>
+<p>somewhere around line 210 describe your virtualhost
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+<span class="na">VirtualHost &quot;xmpp.example.com&quot;</span>
+
+<span class="na">disco_items</span> <span class="o">=</span> <span class="s">{</span>
+<span class="s">    {&quot;xmppupload.example.com&quot;},</span>
+<span class="na">}</span>
+</code></pre></div></p>
+<p>add the following to the end of the file
+<div class="highlight"><pre><span></span><code><span class="na">-- /etc/prosody/prosody.cfg.lua</span>
+<span class="na">Component &quot;xmppupload.example.com&quot; &quot;http_upload&quot;</span>
+</code></pre></div></p>
+<p>and then restart prosody
+<div class="highlight"><pre><span></span><code><span class="go">systemctl restart prososdy</span>
+</code></pre></div></p>
+<h2 id="certbot"><strong>Certbot</strong></h2>
+<p>install certbot
+<div class="highlight"><pre><span></span><code><span class="go">apt install certbot</span>
+</code></pre></div>
+get certificates
+<div class="highlight"><pre><span></span><code><span class="go">certbot certonly -d xmpp.example.com</span>
+<span class="go">certbot certonly -d xmppupload.example.com</span>
+</code></pre></div>
+import the certificates into prosody and restart prosody
+<div class="highlight"><pre><span></span><code><span class="go">prosodyctl --root cert import /etc/letsencrypt/live</span>
+<span class="go">systemctl restart prosody</span>
+</code></pre></div>
+create the following renewal-hook for letsencrypt
+<div class="highlight"><pre><span></span><code><span class="gp">#</span>!/bin/bash
+<span class="gp">#</span> /etc/letsencrypt/renewal-hooks/deploy/prosody_deploy_hook
+
+<span class="go">prosodyctl --root cert import /etc/letsencrypt/live</span>
+</code></pre></div></p>
+                
+                  
+                
+              
+              
+                
+
+
+              
+            </article>
+          </div>
+        </div>
+      </main>
+      
+        
+<footer class="md-footer">
+  
+    <div class="md-footer-nav">
+      <nav class="md-footer-nav__inner md-grid" aria-label="Footer">
+        
+          <a href="../.." class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
+            <div class="md-footer-nav__button md-icon">
+              <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
+            </div>
+            <div class="md-footer-nav__title">
+              <div class="md-ellipsis">
+                <span class="md-footer-nav__direction">
+                  Previous
+                </span>
+                Home
+              </div>
+            </div>
+          </a>
+        
+        
+          <a href="../xmpp-apt-notifications/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
+            <div class="md-footer-nav__title">
+              <div class="md-ellipsis">
+                <span class="md-footer-nav__direction">
+                  Next
+                </span>
+                Xmpp Apt Notifications
+              </div>
+            </div>
+            <div class="md-footer-nav__button md-icon">
+              <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
+            </div>
+          </a>
+        
+      </nav>
+    </div>
+  
+  <div class="md-footer-meta md-typeset">
+    <div class="md-footer-meta__inner md-grid">
+      <div class="md-footer-copyright">
+        
+        Made with
+        <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
+          Material for MkDocs
+        </a>
+      </div>
+      
+  <div class="md-footer-social">
+    
+      
+      
+      <a href="https://twitter.com/boringtrent" target="_blank" rel="noopener" title="trent on twitter" class="md-footer-social__link">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg>
+      </a>
+    
+      
+      
+      <a href="https://www.facebook.com/trentspalmer" target="_blank" rel="noopener" title="trent on facebook" class="md-footer-social__link">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M504 256C504 119 393 8 256 8S8 119 8 256c0 123.78 90.69 226.38 209.25 245V327.69h-63V256h63v-54.64c0-62.15 37-96.48 93.67-96.48 27.14 0 55.52 4.84 55.52 4.84v61h-31.28c-30.8 0-40.41 19.12-40.41 38.73V256h68.78l-11 71.69h-57.78V501C413.31 482.38 504 379.78 504 256z"/></svg>
+      </a>
+    
+      
+      
+      <a href="https://github.com/TrentSPalmer" target="_blank" rel="noopener" title="trent on github" class="md-footer-social__link">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
+      </a>
+    
+  </div>
+
+    </div>
+  </div>
+</footer>
+      
+    </div>
+    
+      <script src="../../assets/javascripts/vendor.0ac82a11.min.js"></script>
+      <script src="../../assets/javascripts/bundle.f81dfb4d.min.js"></script><script id="__lang" type="application/json">{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script>
+      
+      <script>
+        app = initialize({
+          base: "../..",
+          features: ['navigation.tabs'],
+          search: Object.assign({
+            worker: "../../assets/javascripts/worker/search.4ac00218.min.js"
+          }, typeof search !== "undefined" && search)
+        })
+      </script>
+      
+    
+  </body>
+</html>
\ No newline at end of file
diff --git a/site/posts/rewrite-hugo-themes-report-in-python/index.html b/site/posts/rewrite-hugo-themes-report-in-python/index.html
index 36a4492..f2de3be 100644
--- a/site/posts/rewrite-hugo-themes-report-in-python/index.html
+++ b/site/posts/rewrite-hugo-themes-report-in-python/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/sendxmpp-handler-for-python-logging/index.html b/site/posts/sendxmpp-handler-for-python-logging/index.html
index 3ea9451..2033048 100644
--- a/site/posts/sendxmpp-handler-for-python-logging/index.html
+++ b/site/posts/sendxmpp-handler-for-python-logging/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/simplified-raspberry-streaming/index.html b/site/posts/simplified-raspberry-streaming/index.html
index c39165d..0d3d99e 100644
--- a/site/posts/simplified-raspberry-streaming/index.html
+++ b/site/posts/simplified-raspberry-streaming/index.html
@@ -236,6 +236,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../xmpp-apt-notifications/" class="md-nav__link">
       Xmpp Apt Notifications
diff --git a/site/posts/xmpp-apt-notifications/index.html b/site/posts/xmpp-apt-notifications/index.html
index 4566c4f..24d6b0f 100644
--- a/site/posts/xmpp-apt-notifications/index.html
+++ b/site/posts/xmpp-apt-notifications/index.html
@@ -235,6 +235,18 @@
           
           
 
+
+  <li class="md-nav__item">
+    <a href="../prosody-photo-uploads/" class="md-nav__link">
+      Prosody Photo Uploads
+    </a>
+  </li>
+
+        
+          
+          
+          
+
   
 
 
@@ -629,7 +641,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     <div class="md-footer-nav">
       <nav class="md-footer-nav__inner md-grid" aria-label="Footer">
         
-          <a href="../.." class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
+          <a href="../prosody-photo-uploads/" class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
             <div class="md-footer-nav__button md-icon">
               <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
             </div>
@@ -638,7 +650,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
                 <span class="md-footer-nav__direction">
                   Previous
                 </span>
-                Home
+                Prosody Photo Uploads
               </div>
             </div>
           </a>
diff --git a/site/search/search_index.json b/site/search/search_index.json
index 8051305..4ccca80 100644
--- a/site/search/search_index.json
+++ b/site/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"Trent's Blog Posts By Date 2021-01-09: Xmpp Apt Notifications 2020-12-20: Apache Virtual Hosts 2020-12-19: SENDXMPPHandler for Python Logging 2020-12-17: Instructions for Tethering From Phone 2020-12-15: LMDE4 Custom Partitions Disk Encryption 2020-06-21: Linux Move Cursor With Keyboard 2019-05-12: Simplified Raspberry Streaming 2019-04-13: Clear Linux Encrypted xfs Root 2019-03-11: Clear Linux Guest Virt Manager 2019-02-11: Faster Partitioning With sgdisk 2019-01-25: LMDE3 xfs Full Disk Encryption 2019-01-25: Rewrite Hugo Themes Report in Python Links Links","title":"Home"},{"location":"#trents-blog","text":"","title":"Trent's Blog"},{"location":"#posts-by-date","text":"2021-01-09: Xmpp Apt Notifications 2020-12-20: Apache Virtual Hosts 2020-12-19: SENDXMPPHandler for Python Logging 2020-12-17: Instructions for Tethering From Phone 2020-12-15: LMDE4 Custom Partitions Disk Encryption 2020-06-21: Linux Move Cursor With Keyboard 2019-05-12: Simplified Raspberry Streaming 2019-04-13: Clear Linux Encrypted xfs Root 2019-03-11: Clear Linux Guest Virt Manager 2019-02-11: Faster Partitioning With sgdisk 2019-01-25: LMDE3 xfs Full Disk Encryption 2019-01-25: Rewrite Hugo Themes Report in Python","title":"Posts By Date"},{"location":"#links","text":"Links","title":"Links"},{"location":"links/","text":"Trent's Blog Links Home GitHub Twitter Facebook Trent Docs Hugo Themes Report libre_gps_parser Concise PDX Free Code Camp Challenges Device Layout Oregon Hikers' Field Guide","title":"Links"},{"location":"links/#trents-blog","text":"","title":"Trent's Blog"},{"location":"links/#links","text":"Home GitHub Twitter Facebook Trent Docs Hugo Themes Report libre_gps_parser Concise PDX Free Code Camp Challenges Device Layout Oregon Hikers' Field Guide","title":"Links"},{"location":"posts/apache-virtual-hosts/","text":"date: 2020-12-20 Use Virtual Hosts This is a very useful way to keep your server organized. Virtual Hosts On Your Lan You can practice on your Lan. Setting up DNS on your Lan For instance, if your router is running dnsmasq , this may be as simple as describing the virtual hosts in /etc/hosts on the router. 192.168.1.101 blog.devbox blogstatic.devbox Here's An Example Reverse Proxy for A Flask Blog On Your Lan # /etc/apache2/sites-enabled/blog.devbox.conf <VirtualHost *:80 > ServerName blog.devbox # dont' block LetsEncrypt # ProxyPass \"/.well-known\" ! ... not needed on your Lan # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Here's An Example for A Static Blog On Your Lan # /etc/apache2/sites-enabled/blogstatic.devbox.conf <VirtualHost *:80 > ServerName blogstatic.devbox DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Wan Deployment Set up DNS Log into your dns provider and create records A record for blog.example.com pointing to your ipv4 address AAAA record for blog.example.com pointing to your ipv6 address A record for blogstatic.example.com pointing to your ipv4 address AAAA record for blogstatic.example.com pointing to your ipv6 address Start With Virtual Hosts for HTTP You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you. Reverse Proxy # /etc/apache2/sites-enabled/blog.example.com.conf <VirtualHost *:80 > ServerName blog.example.com # dont' block LetsEncrypt ProxyPass \"/.well-known\" ! # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Static Site # /etc/apache2/sites-enabled/blogstatic.example.com.conf <VirtualHost *:80 > ServerName blogstatic.example.com DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Get LetsEncrypt Certs certbot --apache -d blog.example.com -d blogstatic.example.com Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.","title":"Apache Virtual Hosts"},{"location":"posts/apache-virtual-hosts/#use-virtual-hosts","text":"This is a very useful way to keep your server organized.","title":"Use Virtual Hosts"},{"location":"posts/apache-virtual-hosts/#virtual-hosts-on-your-lan","text":"You can practice on your Lan.","title":"Virtual Hosts On Your Lan"},{"location":"posts/apache-virtual-hosts/#setting-up-dns-on-your-lan","text":"For instance, if your router is running dnsmasq , this may be as simple as describing the virtual hosts in /etc/hosts on the router. 192.168.1.101 blog.devbox blogstatic.devbox","title":"Setting up DNS on your Lan"},{"location":"posts/apache-virtual-hosts/#heres-an-example-reverse-proxy-for-a-flask-blog-on-your-lan","text":"# /etc/apache2/sites-enabled/blog.devbox.conf <VirtualHost *:80 > ServerName blog.devbox # dont' block LetsEncrypt # ProxyPass \"/.well-known\" ! ... not needed on your Lan # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Here's An Example Reverse Proxy for A Flask Blog On Your Lan"},{"location":"posts/apache-virtual-hosts/#heres-an-example-for-a-static-blog-on-your-lan","text":"# /etc/apache2/sites-enabled/blogstatic.devbox.conf <VirtualHost *:80 > ServerName blogstatic.devbox DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Here's An Example for A Static Blog On Your Lan"},{"location":"posts/apache-virtual-hosts/#wan-deployment","text":"","title":"Wan Deployment"},{"location":"posts/apache-virtual-hosts/#set-up-dns","text":"Log into your dns provider and create records A record for blog.example.com pointing to your ipv4 address AAAA record for blog.example.com pointing to your ipv6 address A record for blogstatic.example.com pointing to your ipv4 address AAAA record for blogstatic.example.com pointing to your ipv6 address","title":"Set up DNS"},{"location":"posts/apache-virtual-hosts/#start-with-virtual-hosts-for-http","text":"You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you.","title":"Start With Virtual Hosts for HTTP"},{"location":"posts/apache-virtual-hosts/#reverse-proxy","text":"# /etc/apache2/sites-enabled/blog.example.com.conf <VirtualHost *:80 > ServerName blog.example.com # dont' block LetsEncrypt ProxyPass \"/.well-known\" ! # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Reverse Proxy"},{"location":"posts/apache-virtual-hosts/#static-site","text":"# /etc/apache2/sites-enabled/blogstatic.example.com.conf <VirtualHost *:80 > ServerName blogstatic.example.com DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Static Site"},{"location":"posts/apache-virtual-hosts/#get-letsencrypt-certs","text":"certbot --apache -d blog.example.com -d blogstatic.example.com Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.","title":"Get LetsEncrypt Certs"},{"location":"posts/clear-linux-encrypted-xfs-root/","text":"date: 2019-04-13T21:44:37-07:00 Nothing to-it Burger I had intended to create a technical explanation how to install Clear Linux with disk encryption, with xfs. But that turned out to be unnecessary because the latest version of the installer handles setting that up automatically. Previously, I had written down the steps needed to get LMDE 3 installed using disk encryption with xfs , which required manual intervention. And indeed, a few months ago, the Clear Linux installer only supported xfs with disk encryption if you could supply some manual intervention. However, the latest Clear Linux installer can set up disk encryption with luks and xfs, automatically. Just follow the instructions , no special skills needed.","title":"Clear Linux Encrypted xfs Root"},{"location":"posts/clear-linux-encrypted-xfs-root/#nothing-to-it-burger","text":"I had intended to create a technical explanation how to install Clear Linux with disk encryption, with xfs. But that turned out to be unnecessary because the latest version of the installer handles setting that up automatically. Previously, I had written down the steps needed to get LMDE 3 installed using disk encryption with xfs , which required manual intervention. And indeed, a few months ago, the Clear Linux installer only supported xfs with disk encryption if you could supply some manual intervention. However, the latest Clear Linux installer can set up disk encryption with luks and xfs, automatically. Just follow the instructions , no special skills needed.","title":"Nothing to-it Burger"},{"location":"posts/clear-linux-guest-virt-manager/","text":"date: 2019-03-11T01:39:09-07:00 Introduction download, convert, and resize the provided kvm-legacy image create a virtual machine and launch it from virt-manager But it\u2019s not immediately clear from the instructions if you can use virt-manager , because they recommend their script which runs qemu-system-x86_64 directly. Which is fine, but maybe you find it easier to customize the options using the virt-manager gui interface. How To Assuming you have libvirt and kvm set up with virt-manager , you can: download the clear-*-legacy-kvm.img.xz verify the checksum extract it unxz clear-*-legacy-kvm.img.xz mv clear-*-legacy-kvm.img.xz /var/lib/libvirt/images/ create a virtual machine in virt-manager using the image There is not an os template for Clear Linux, but Fedora29 works fine for me. As a bonus, virsh console is configured and ready to go. Convert Raw -> Qcow2 and Resize The image has a gpt partition table. I am not sure if that is the reason why, but fdisk does not seem to work for resizing the partition. However, parted works fine. The image download is an 8gb sparse raw image. You may wish to convert that to qcow2 and and resize before creating the virtual machine. Here is how to do that. convert the sparse raw image to qcow2 qemu-img convert -f raw -O qcow2 clear*.img clear.qcow2 resize the image to taste qemu-img resize clear.qcow2 20G create the virtual machine in virt-manager gui boot the virtual machine: virsh start clearvm log in: virsh console clearvm install a bundle which contains parted swupd bundle-add clr-installer expand / partition and file system with parted and resize2fs parted /dev/vda resizepart > Fix/Ignore? Fix > Partition number? 1 > End? [ 8590MB ] ? 100 % > size2fs /dev/vda1","title":"Clear Linux Guest Virt Manager"},{"location":"posts/clear-linux-guest-virt-manager/#introduction","text":"download, convert, and resize the provided kvm-legacy image create a virtual machine and launch it from virt-manager But it\u2019s not immediately clear from the instructions if you can use virt-manager , because they recommend their script which runs qemu-system-x86_64 directly. Which is fine, but maybe you find it easier to customize the options using the virt-manager gui interface.","title":"Introduction"},{"location":"posts/clear-linux-guest-virt-manager/#how-to","text":"Assuming you have libvirt and kvm set up with virt-manager , you can: download the clear-*-legacy-kvm.img.xz verify the checksum extract it unxz clear-*-legacy-kvm.img.xz mv clear-*-legacy-kvm.img.xz /var/lib/libvirt/images/ create a virtual machine in virt-manager using the image There is not an os template for Clear Linux, but Fedora29 works fine for me. As a bonus, virsh console is configured and ready to go.","title":"How To"},{"location":"posts/clear-linux-guest-virt-manager/#convert-raw-qcow2-and-resize","text":"The image has a gpt partition table. I am not sure if that is the reason why, but fdisk does not seem to work for resizing the partition. However, parted works fine. The image download is an 8gb sparse raw image. You may wish to convert that to qcow2 and and resize before creating the virtual machine. Here is how to do that. convert the sparse raw image to qcow2 qemu-img convert -f raw -O qcow2 clear*.img clear.qcow2 resize the image to taste qemu-img resize clear.qcow2 20G create the virtual machine in virt-manager gui boot the virtual machine: virsh start clearvm log in: virsh console clearvm install a bundle which contains parted swupd bundle-add clr-installer expand / partition and file system with parted and resize2fs parted /dev/vda resizepart > Fix/Ignore? Fix > Partition number? 1 > End? [ 8590MB ] ? 100 % > size2fs /dev/vda1","title":"Convert Raw -&gt; Qcow2 and Resize"},{"location":"posts/faster-partitioning-with-sgdisk/","text":"date: 2019-02-11T04:23:52-08:00 Disclaimer If any of this is wrong, let me know so I can fix it. No actual hard drives were harmed in the production of this blog post. The examples are easier to read if you turn your smart phone sideways. Command Line Is Faster Sure you can partition your discs using a GUI disk management application or an interactive, menu-driven terminal interface. But the command line is faster. gdisk vs sgdisk sgdisk is the scriptable version of gdisk (gptfdisk). what the manpage says If you\u2019re familiar with gdisk , you probably know how to interactively set the partition size and type. If you look at the man page for sgdisk you see that the relevant flags are -n and -t . The beginning and ending numbers are absolute, unless you prepend them with a + or - sign, in which case they become relative. # For New Partition: -n, --new=partnum:start:end # Change partition type: -t, --typecode=partnum:{hexcode|GUID} Example with Separate EFI and / Partitions BTW, gdisk is a partitioning tool intended to be used with a gpt partition table, so the assumption is that you would want an efi partition, (although the efi partition does not have to be on the disk you are partitioning or even on the same disk where your other system partitions are). Wipe any leftover filesystem metadata with wipefs. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300. sgdisk /dev/sdx -n 2 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the / partition ext4. mkfs.ext4 /dev/sdx2 Practice With A Sparse Image If you don\u2019t want to partition a real hard drive, you can practice using an sparse image file, instead. # create a sparse image file truncate -S 100G practiceImage.img # partition the image file with sgdisk sgdisk practiceImage.img -o # etc Example with Separate /boot, EFI, and luks-encrypted / Partitions Wipe any leftover filesystem metadata with wipefs . wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition of 1GB, by specifying the end of the partition (relative), but not specifying the partition type which defaults to 8300 . sgdisk /dev/sdx -n 2::+1GiB Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300 . sgdisk /dev/sdx -n 3 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the /boot partition ext4. mkfs.ext4 /dev/sdx2 Encrypt the / partition. cryptsetup -y -v luksFormat --type luks2 /dev/sdx3 Decrypt the / device. cryptsetup open /dev/sdx3 cryptroot Format the / device. mkfs.xfs /dev/mapper/cryptroot What About Swap? I prefer to use a swap file inside the luks-encrypted / partition. But you can make a separate swap partition if you like. Example with 2GB swap partition Wipe the disc. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an EFI partition. sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition. sgdisk /dev/sdx -n 2::+1GiB Create a / partition with a relative negative end. sgdisk /dev/sdx -n 3::-2GiB Create a swap partion type 8200 . sgdisk /dev/sdx -n 4 -t 4:8200 format the partitions. mkfs.vfat -F32 /dev/sdx1 mkfs.ext4 /dev/sdx2 mkfs.xfs /dev/sdx3 mkswap /dev/sdx4 Conclusion Good luck to you. Backup your data first. Kind Regards, Trent","title":"Faster Partitioning With sgdisk"},{"location":"posts/faster-partitioning-with-sgdisk/#disclaimer","text":"If any of this is wrong, let me know so I can fix it. No actual hard drives were harmed in the production of this blog post. The examples are easier to read if you turn your smart phone sideways.","title":"Disclaimer"},{"location":"posts/faster-partitioning-with-sgdisk/#command-line-is-faster","text":"Sure you can partition your discs using a GUI disk management application or an interactive, menu-driven terminal interface. But the command line is faster.","title":"Command Line Is Faster"},{"location":"posts/faster-partitioning-with-sgdisk/#gdisk-vs-sgdisk","text":"sgdisk is the scriptable version of gdisk (gptfdisk).","title":"gdisk vs sgdisk"},{"location":"posts/faster-partitioning-with-sgdisk/#what-the-manpage-says","text":"If you\u2019re familiar with gdisk , you probably know how to interactively set the partition size and type. If you look at the man page for sgdisk you see that the relevant flags are -n and -t . The beginning and ending numbers are absolute, unless you prepend them with a + or - sign, in which case they become relative. # For New Partition: -n, --new=partnum:start:end # Change partition type: -t, --typecode=partnum:{hexcode|GUID}","title":"what the manpage says"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-separate-efi-and-partitions","text":"BTW, gdisk is a partitioning tool intended to be used with a gpt partition table, so the assumption is that you would want an efi partition, (although the efi partition does not have to be on the disk you are partitioning or even on the same disk where your other system partitions are). Wipe any leftover filesystem metadata with wipefs. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300. sgdisk /dev/sdx -n 2 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the / partition ext4. mkfs.ext4 /dev/sdx2","title":"Example with Separate EFI and / Partitions"},{"location":"posts/faster-partitioning-with-sgdisk/#practice-with-a-sparse-image","text":"If you don\u2019t want to partition a real hard drive, you can practice using an sparse image file, instead. # create a sparse image file truncate -S 100G practiceImage.img # partition the image file with sgdisk sgdisk practiceImage.img -o # etc","title":"Practice With A Sparse Image"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-separate-boot-efi-and-luks-encrypted-partitions","text":"Wipe any leftover filesystem metadata with wipefs . wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition of 1GB, by specifying the end of the partition (relative), but not specifying the partition type which defaults to 8300 . sgdisk /dev/sdx -n 2::+1GiB Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300 . sgdisk /dev/sdx -n 3 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the /boot partition ext4. mkfs.ext4 /dev/sdx2 Encrypt the / partition. cryptsetup -y -v luksFormat --type luks2 /dev/sdx3 Decrypt the / device. cryptsetup open /dev/sdx3 cryptroot Format the / device. mkfs.xfs /dev/mapper/cryptroot","title":"Example with Separate /boot, EFI, and luks-encrypted / Partitions"},{"location":"posts/faster-partitioning-with-sgdisk/#what-about-swap","text":"I prefer to use a swap file inside the luks-encrypted / partition. But you can make a separate swap partition if you like.","title":"What About Swap?"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-2gb-swap-partition","text":"Wipe the disc. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an EFI partition. sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition. sgdisk /dev/sdx -n 2::+1GiB Create a / partition with a relative negative end. sgdisk /dev/sdx -n 3::-2GiB Create a swap partion type 8200 . sgdisk /dev/sdx -n 4 -t 4:8200 format the partitions. mkfs.vfat -F32 /dev/sdx1 mkfs.ext4 /dev/sdx2 mkfs.xfs /dev/sdx3 mkswap /dev/sdx4","title":"Example with 2GB swap partition"},{"location":"posts/faster-partitioning-with-sgdisk/#conclusion","text":"Good luck to you. Backup your data first. Kind Regards, Trent","title":"Conclusion"},{"location":"posts/instructions-for-tethering-from-phone/","text":"date: 2020-12-17 Instructions Part One Turn off blutooth on computer Turn off blutooth on phone Turn off Wifi on phone Part Two Turn on wifi hotspot or usb tethering Verify! You want to verify that you are connected to your Android hotspot. Android tether is a router that will stand up a subnet of 192.168.43.0/24 for wifi hotspot, and 192.168.42.0/24 for usb tether. On linux open a terminal and type ip addr on Windows open a cmd console and type ipconfig If tethering via wifi hotspot you should see an ipv4 address of 192.168.43.XX If tethering via usb you should see an ipv4 address of 192.168.42.XX ACHTUNG Do Not! DO NOT turn on ethernet tethering you probably don't have the physical equipment available to do that DO NOT turn on blutooth tethering $# ?# DUH!! DO NOT turn on blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT turn on wifi Don't let your phone try to connect to something that isn't working right now DO NOT forget to turn off blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT forget to turn off wifi Don't let your phone try to connect to something that isn't working right now Blutooth If you leave blutooth on while trying to tether, your phone could get hot, your battery could go dead, and your hotspot could fail to work properly. Be surprised it it doesn't crash and soft-reboot.","title":"Instructions For Tethering From Phone"},{"location":"posts/instructions-for-tethering-from-phone/#instructions","text":"","title":"Instructions"},{"location":"posts/instructions-for-tethering-from-phone/#part-one","text":"Turn off blutooth on computer Turn off blutooth on phone Turn off Wifi on phone","title":"Part One"},{"location":"posts/instructions-for-tethering-from-phone/#part-two","text":"Turn on wifi hotspot or usb tethering","title":"Part Two"},{"location":"posts/instructions-for-tethering-from-phone/#verify","text":"You want to verify that you are connected to your Android hotspot. Android tether is a router that will stand up a subnet of 192.168.43.0/24 for wifi hotspot, and 192.168.42.0/24 for usb tether. On linux open a terminal and type ip addr on Windows open a cmd console and type ipconfig If tethering via wifi hotspot you should see an ipv4 address of 192.168.43.XX If tethering via usb you should see an ipv4 address of 192.168.42.XX","title":"Verify!"},{"location":"posts/instructions-for-tethering-from-phone/#achtung-do-not","text":"DO NOT turn on ethernet tethering you probably don't have the physical equipment available to do that DO NOT turn on blutooth tethering $# ?# DUH!! DO NOT turn on blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT turn on wifi Don't let your phone try to connect to something that isn't working right now DO NOT forget to turn off blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT forget to turn off wifi Don't let your phone try to connect to something that isn't working right now","title":"ACHTUNG Do Not!"},{"location":"posts/instructions-for-tethering-from-phone/#blutooth","text":"If you leave blutooth on while trying to tether, your phone could get hot, your battery could go dead, and your hotspot could fail to work properly. Be surprised it it doesn't crash and soft-reboot.","title":"Blutooth"},{"location":"posts/linux-move-cursor-with-keyboard/","text":"date: 2020-06-21T22:01:35-07:00 Introduction Linux just makes everything so easy. On a laptop it can be tricky to place your mouse cursor on exactly the correct pixel, using the touchpad. This became apparent to myself while using GIMP to create some png button files for a little tkinter project, but there must be other use-cases as well. xdo commands for moving the cursor move the cursor one pixel left: xdotool mousemove_relative -- -1 0 move the cursor one pixel right: xdotool mousemove_relative -- 1 0 move the cursor one pixel up: xdotool mousemove_relative -- 0 -1 move the cursor one pixel down: xdotool mousemove_relative -- 0 1 map keyboard shortcuts Now, in your keyboard settings, map the above commands to new custom shortcuts. For instance, I find the Ctrl + Super + Up Ctrl + Super + Down Ctrl + Super + Left Ctrl + Super + Right combinations to be convenient in the Mate Desktop. Enjoy!","title":"Linux Move Cursor With Keyboard"},{"location":"posts/linux-move-cursor-with-keyboard/#introduction","text":"Linux just makes everything so easy. On a laptop it can be tricky to place your mouse cursor on exactly the correct pixel, using the touchpad. This became apparent to myself while using GIMP to create some png button files for a little tkinter project, but there must be other use-cases as well.","title":"Introduction"},{"location":"posts/linux-move-cursor-with-keyboard/#xdo-commands-for-moving-the-cursor","text":"move the cursor one pixel left: xdotool mousemove_relative -- -1 0 move the cursor one pixel right: xdotool mousemove_relative -- 1 0 move the cursor one pixel up: xdotool mousemove_relative -- 0 -1 move the cursor one pixel down: xdotool mousemove_relative -- 0 1","title":"xdo commands for moving the cursor"},{"location":"posts/linux-move-cursor-with-keyboard/#map-keyboard-shortcuts","text":"Now, in your keyboard settings, map the above commands to new custom shortcuts. For instance, I find the Ctrl + Super + Up Ctrl + Super + Down Ctrl + Super + Left Ctrl + Super + Right combinations to be convenient in the Mate Desktop. Enjoy!","title":"map keyboard shortcuts"},{"location":"posts/lmde3-xfs-full-disk-encryption/","text":"date: 2019-01-25T23:25:36-08:00 Introduction Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Unfortunately, the LMDE 3 installer does not support disk encryption, but manually setting this up by hand is pretty straightforward. On the other hand, manually setting up your partitions by hand allows extra freedom and flexibility, and so I have chosen a simple luks-encrypted / partition formatted xfs. As far as swap is concerned, my preference is to use a swap file instead of a swap partition. Having a swap file instead of a swap partition is more flexible because obviously you can easily recreate a different size swap file whenever you like (or use none at all), and the encryption requires no extra set up because the / partition is encrypted anyway. Will this work with a dual-boot set up? Of course! Because you have to manually configure the partitions anyway, just arrange them exactly how you would need for dual-boot. Assumes uefi-configured boot, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs. Prepare The Installation Media Visit the Linux Mint Website and download the iso file for LMDE 3 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-3-201808-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-3-201808-cinnamon-64bit.iso /dev/sdb Boot The Install Disc boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars Partition The Hard Drive If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=1::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=2::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=3 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda1 format the /boot partition mkfs.ext4 /dev/sda2 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda3 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda3 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot Mount The Hard Drive This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda2 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda1 /target/boot/efi Run The Installer App At this point you're ready to run the live installer. You can click the disc icon on the desktop. The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. On the fifth page of the live-installer, you come to a partition configuration page. But there is nothing to do, so select expert mode at the bottom of the page. Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda1 . Select forward one more time, and then select install. The installation will run for a few minutes and will then pause. During the pause you need to manually configure fstab and crypttab . Configure Fstab find the UUID of the efi partition blkid /dev/sda1 -s UUID find the UUID of the /boot partition blkid /dev/sda2 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda1: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda2: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1 Configure Crypttab But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda3 -s UUID` which outputs # /dev/sda3: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks Resume Installer App At this point finish running the live installer, and you'll be done. UEFI Fix On some machines, such as HP Laptops, UEFI is broken and efi boot entries don't persist. remount the efi parition mount /dev/sda1 /mnt/ ; cd /mnt/EFI/ create a default efi executable mkdir BOOT ; cp linuxmint/grubx64.efi BOOT/BOOTX64.efi Optional Swap File Visit the Arch Wiki and they will hook you up.","title":"LMDE3 xfs Full Disk Encryption"},{"location":"posts/lmde3-xfs-full-disk-encryption/#introduction","text":"Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Unfortunately, the LMDE 3 installer does not support disk encryption, but manually setting this up by hand is pretty straightforward. On the other hand, manually setting up your partitions by hand allows extra freedom and flexibility, and so I have chosen a simple luks-encrypted / partition formatted xfs. As far as swap is concerned, my preference is to use a swap file instead of a swap partition. Having a swap file instead of a swap partition is more flexible because obviously you can easily recreate a different size swap file whenever you like (or use none at all), and the encryption requires no extra set up because the / partition is encrypted anyway. Will this work with a dual-boot set up? Of course! Because you have to manually configure the partitions anyway, just arrange them exactly how you would need for dual-boot. Assumes uefi-configured boot, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs.","title":"Introduction"},{"location":"posts/lmde3-xfs-full-disk-encryption/#prepare-the-installation-media","text":"Visit the Linux Mint Website and download the iso file for LMDE 3 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-3-201808-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-3-201808-cinnamon-64bit.iso /dev/sdb","title":"Prepare The Installation Media"},{"location":"posts/lmde3-xfs-full-disk-encryption/#boot-the-install-disc","text":"boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars","title":"Boot The Install Disc"},{"location":"posts/lmde3-xfs-full-disk-encryption/#partition-the-hard-drive","text":"If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=1::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=2::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=3 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda1 format the /boot partition mkfs.ext4 /dev/sda2 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda3 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda3 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot","title":"Partition The Hard Drive"},{"location":"posts/lmde3-xfs-full-disk-encryption/#mount-the-hard-drive","text":"This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda2 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda1 /target/boot/efi","title":"Mount The Hard Drive"},{"location":"posts/lmde3-xfs-full-disk-encryption/#run-the-installer-app","text":"At this point you're ready to run the live installer. You can click the disc icon on the desktop. The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. On the fifth page of the live-installer, you come to a partition configuration page. But there is nothing to do, so select expert mode at the bottom of the page. Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda1 . Select forward one more time, and then select install. The installation will run for a few minutes and will then pause. During the pause you need to manually configure fstab and crypttab .","title":"Run The Installer App"},{"location":"posts/lmde3-xfs-full-disk-encryption/#configure-fstab","text":"find the UUID of the efi partition blkid /dev/sda1 -s UUID find the UUID of the /boot partition blkid /dev/sda2 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda1: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda2: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1","title":"Configure Fstab"},{"location":"posts/lmde3-xfs-full-disk-encryption/#configure-crypttab","text":"But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda3 -s UUID` which outputs # /dev/sda3: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks","title":"Configure Crypttab"},{"location":"posts/lmde3-xfs-full-disk-encryption/#resume-installer-app","text":"At this point finish running the live installer, and you'll be done.","title":"Resume Installer App"},{"location":"posts/lmde3-xfs-full-disk-encryption/#uefi-fix","text":"On some machines, such as HP Laptops, UEFI is broken and efi boot entries don't persist. remount the efi parition mount /dev/sda1 /mnt/ ; cd /mnt/EFI/ create a default efi executable mkdir BOOT ; cp linuxmint/grubx64.efi BOOT/BOOTX64.efi","title":"UEFI Fix"},{"location":"posts/lmde3-xfs-full-disk-encryption/#optional-swap-file","text":"Visit the Arch Wiki and they will hook you up.","title":"Optional Swap File"},{"location":"posts/lmde4-custom-partitions-disk-encryption/","text":"date: 2020-12-15 Introduction Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Previously, I wrote a guide for installing LMDE3 with disk encryption . The installer for LMDE 4 is different in that it includes support for disk encryption, but not if you need custom partitions such as for a dual-boot configuration . With this in mind, the examples presented below assume that you have Windows 10 installed in 4 partitions, and thus you would want to make 3 partitions (5,6,7) after that, for LMDE4. As with before, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs. With a separate efi partition for LMDE4, you can then use the computer's device boot menu to select which efi boot entry you want to boot. There is also an advantage in having Windows use the first efi partition, in that if something happens to the Windows efi boot entry, you can fall back to the default efi executable. Whereas, if the efi boot entry for Linux somehow gets wiped, you could repair that easily enough via chroot . Prepare The Installation Media Visit the Linux Mint Website and download the iso file for LMDE 4 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-4-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-4-cinnamon-64bit.iso /dev/sdb Boot The Install Disc boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars Partition The Hard Drive If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. If indeed, you are installing a dual-boot and are installing alongside another operating system, then skip steps 1 and 2 , obviously. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=5::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=6::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=7 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda5 format the /boot partition mkfs.ext4 /dev/sda6 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda7 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda7 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot Mount The Hard Drive This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda6 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda5 /target/boot/efi Run The Installer App From Command Line At this point you're ready to run the live installer. But you need to run the installer from the command line in order to use expert-mode : live-installer --expert-mode The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. After this select manual partitioning . On the seventh page of the live-installer, you come to a partition configuration page. But there is nothing to do here. The partition-configuration doesn't even recognize your encrypted partitions. But no matter, because you have already mounted the target file system relative to /target/ , so select expert mode at the bottom of the page. the installer doesn't even recognize the encrypted partitions ... ignore everything on this screen and click the `Expert mode` button Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda5 . select the efi partition as the location to install grub Then continue with the installation. The installation will run for a few minutes and will then pause. There will be a popup informing you that the installation has paused. During the pause you need to manually configure fstab and crypttab . Configure Fstab find the UUID of the efi partition blkid /dev/sda5 -s UUID find the UUID of the /boot partition blkid /dev/sda6 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda5: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda6: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1 Configure Crypttab But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab Sorry, that's actually an over-simplification. But you need to configure crypttab now, because when the installer continues running again, it installs the bootloader and builds the initramfs, and mkinitramfs parses crypttab , and builds and configures the initramfs in such a way that it knows to decrypt your / partition so it can then hand it off to the kernel at boot time (I think). find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda7 -s UUID` which outputs # /dev/sda7: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks Resume Installer App At this point finish running the live installer, and you'll be done. UEFI Fix Well, actually there isn't one. In this scenario having two efi partitions, we rely on the motherboard correctly persisting efi boot entries. So if you are unlucky enough to have one of the HP laptops that forgets efi boot entries, I guess you are out of luck. You might try using a single efi partition instead of two, and maybe that will work. Presumably this would require using VeraCrypt for Windows, instead of Bitlocker (because Bitlocker won't allow Grub to load the Windows bootloader?) Optional Swap File Visit the Arch Wiki and they will hook you up.","title":"LMDE4 Custom Partitions Disk Encryption"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#introduction","text":"Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Previously, I wrote a guide for installing LMDE3 with disk encryption . The installer for LMDE 4 is different in that it includes support for disk encryption, but not if you need custom partitions such as for a dual-boot configuration . With this in mind, the examples presented below assume that you have Windows 10 installed in 4 partitions, and thus you would want to make 3 partitions (5,6,7) after that, for LMDE4. As with before, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs. With a separate efi partition for LMDE4, you can then use the computer's device boot menu to select which efi boot entry you want to boot. There is also an advantage in having Windows use the first efi partition, in that if something happens to the Windows efi boot entry, you can fall back to the default efi executable. Whereas, if the efi boot entry for Linux somehow gets wiped, you could repair that easily enough via chroot .","title":"Introduction"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#prepare-the-installation-media","text":"Visit the Linux Mint Website and download the iso file for LMDE 4 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-4-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-4-cinnamon-64bit.iso /dev/sdb","title":"Prepare The Installation Media"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#boot-the-install-disc","text":"boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars","title":"Boot The Install Disc"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#partition-the-hard-drive","text":"If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. If indeed, you are installing a dual-boot and are installing alongside another operating system, then skip steps 1 and 2 , obviously. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=5::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=6::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=7 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda5 format the /boot partition mkfs.ext4 /dev/sda6 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda7 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda7 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot","title":"Partition The Hard Drive"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#mount-the-hard-drive","text":"This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda6 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda5 /target/boot/efi","title":"Mount The Hard Drive"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#run-the-installer-app-from-command-line","text":"At this point you're ready to run the live installer. But you need to run the installer from the command line in order to use expert-mode : live-installer --expert-mode The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. After this select manual partitioning . On the seventh page of the live-installer, you come to a partition configuration page. But there is nothing to do here. The partition-configuration doesn't even recognize your encrypted partitions. But no matter, because you have already mounted the target file system relative to /target/ , so select expert mode at the bottom of the page. the installer doesn't even recognize the encrypted partitions ... ignore everything on this screen and click the `Expert mode` button Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda5 . select the efi partition as the location to install grub Then continue with the installation. The installation will run for a few minutes and will then pause. There will be a popup informing you that the installation has paused. During the pause you need to manually configure fstab and crypttab .","title":"Run The Installer App From Command Line"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#configure-fstab","text":"find the UUID of the efi partition blkid /dev/sda5 -s UUID find the UUID of the /boot partition blkid /dev/sda6 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda5: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda6: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1","title":"Configure Fstab"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#configure-crypttab","text":"But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab Sorry, that's actually an over-simplification. But you need to configure crypttab now, because when the installer continues running again, it installs the bootloader and builds the initramfs, and mkinitramfs parses crypttab , and builds and configures the initramfs in such a way that it knows to decrypt your / partition so it can then hand it off to the kernel at boot time (I think). find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda7 -s UUID` which outputs # /dev/sda7: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks","title":"Configure Crypttab"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#resume-installer-app","text":"At this point finish running the live installer, and you'll be done.","title":"Resume Installer App"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#uefi-fix","text":"Well, actually there isn't one. In this scenario having two efi partitions, we rely on the motherboard correctly persisting efi boot entries. So if you are unlucky enough to have one of the HP laptops that forgets efi boot entries, I guess you are out of luck. You might try using a single efi partition instead of two, and maybe that will work. Presumably this would require using VeraCrypt for Windows, instead of Bitlocker (because Bitlocker won't allow Grub to load the Windows bootloader?)","title":"UEFI Fix"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#optional-swap-file","text":"Visit the Arch Wiki and they will hook you up.","title":"Optional Swap File"},{"location":"posts/rewrite-hugo-themes-report-in-python/","text":"date: 2019-01-25T01:02:57-08:00 Ranking Hugo Themes by Stars, Commit Date A while back I was grazing the selfhosted subreddit, and noticed Hugo coming up in conversation. I recalled that hugo requires a third-party theme in order to function. But was a bit of a challenge, because how do you know what is a good Hugo theme? First Version in Bash I ended up writing a little bash script (now deprecated) that scrapes the Github api and generates a little report about Hugo themes. It basically curled json from the Github api, and parsed it with grep, awk, and sed, and eventually spat out a plain text file. Rewrite in Python It was about a year later that I decided to rewrite the script in Python, using sqlite as a database. I discovered how to use the python requests module, got some practice with sqlite, and discovered how to make conditional request against the Github api using ETags and \u2018If-Modified-Since\u2019 (ETags are easier). But this was my first time using python like this. And I have to tell you, it\u2019s a lot moar fun than recursive fibonacci tutorials! Building an HTML5 Table (bootstrap, actually) By the time I had figured out how to collect the data I needed, I realized that I could simply generate an html table right in the python script. rank_hugo_themes.py runs in a cronjob every night, and you can view Hugo Themes Report here. And you can see the script on Github .","title":"Rewrite Hugo Themes Report in Python"},{"location":"posts/rewrite-hugo-themes-report-in-python/#ranking-hugo-themes-by-stars-commit-date","text":"A while back I was grazing the selfhosted subreddit, and noticed Hugo coming up in conversation. I recalled that hugo requires a third-party theme in order to function. But was a bit of a challenge, because how do you know what is a good Hugo theme?","title":"Ranking Hugo Themes by Stars, Commit Date"},{"location":"posts/rewrite-hugo-themes-report-in-python/#first-version-in-bash","text":"I ended up writing a little bash script (now deprecated) that scrapes the Github api and generates a little report about Hugo themes. It basically curled json from the Github api, and parsed it with grep, awk, and sed, and eventually spat out a plain text file.","title":"First Version in Bash"},{"location":"posts/rewrite-hugo-themes-report-in-python/#rewrite-in-python","text":"It was about a year later that I decided to rewrite the script in Python, using sqlite as a database. I discovered how to use the python requests module, got some practice with sqlite, and discovered how to make conditional request against the Github api using ETags and \u2018If-Modified-Since\u2019 (ETags are easier). But this was my first time using python like this. And I have to tell you, it\u2019s a lot moar fun than recursive fibonacci tutorials!","title":"Rewrite in Python"},{"location":"posts/rewrite-hugo-themes-report-in-python/#building-an-html5-table-bootstrap-actually","text":"By the time I had figured out how to collect the data I needed, I realized that I could simply generate an html table right in the python script. rank_hugo_themes.py runs in a cronjob every night, and you can view Hugo Themes Report here. And you can see the script on Github .","title":"Building an HTML5 Table (bootstrap, actually)"},{"location":"posts/sendxmpp-handler-for-python-logging/","text":"date: 2020-12-19 SENDXMPPHandler for Python Logging app/__init__.py You may be familiar with adding a logging handler to a flask application, with something like the following in __init__.py . app/sendxmpp_handler.py python-logging doesn't have a handler for xmpp but the handlers that are available are easy enough to understand if you read through them in handlers.py . Using the available handlers as an example, it did not require a lot of imagination to come up with SENDXMPPHandler. Android Yaxim Screenshot And this is what a flask logging error looks like on Android, in Yaxim.","title":"SENDXMPPHandler for Python Logging"},{"location":"posts/sendxmpp-handler-for-python-logging/#sendxmpphandler-for-python-logging","text":"","title":"SENDXMPPHandler for Python Logging"},{"location":"posts/sendxmpp-handler-for-python-logging/#app__init__py","text":"You may be familiar with adding a logging handler to a flask application, with something like the following in __init__.py .","title":"app/__init__.py"},{"location":"posts/sendxmpp-handler-for-python-logging/#appsendxmpp_handlerpy","text":"python-logging doesn't have a handler for xmpp but the handlers that are available are easy enough to understand if you read through them in handlers.py . Using the available handlers as an example, it did not require a lot of imagination to come up with SENDXMPPHandler.","title":"app/sendxmpp_handler.py"},{"location":"posts/sendxmpp-handler-for-python-logging/#android-yaxim-screenshot","text":"And this is what a flask logging error looks like on Android, in Yaxim.","title":"Android Yaxim Screenshot"},{"location":"posts/simplified-raspberry-streaming/","text":"date: 2019-05-12T18:32:55-07:00 RaspberryPi is a Great MPD Appliance I\u2019m really pleased with the RaspberryPi as an MPD (music player daemon), appliance. I have it hooked up to the home surround-sound system via spdif, digital optical cable hat, btw, running Arch Linux ARM , with the / file system on a dual-thumbdrive, btrfs raid1 (mirror) device . It plays music around the clock, reliably, without breaking a sweat. And the mpd daemon is easy to remote control, either from the command line with ncmpcpp , or using M.A.L.P for Android . And/Or as an Internet Radio Streaming Client The beauty of this setup it in the simplicity. All you have to do is create an plain text *m3u file with the address:port of the internet radio stream you want, and place that in /var/lib/mpd/playlists directory. You can find various internet radio lists on the internet, and many offer example *m3u playlist files that you can download. However, the important thing is that your m3u playlist file has to contain the exact streaming address, so if the m3u file you download points to a pls file, you may have to download that pls file to look for the streaming address.","title":"Simplified Raspberry Streaming"},{"location":"posts/simplified-raspberry-streaming/#raspberrypi-is-a-great-mpd-appliance","text":"I\u2019m really pleased with the RaspberryPi as an MPD (music player daemon), appliance. I have it hooked up to the home surround-sound system via spdif, digital optical cable hat, btw, running Arch Linux ARM , with the / file system on a dual-thumbdrive, btrfs raid1 (mirror) device . It plays music around the clock, reliably, without breaking a sweat. And the mpd daemon is easy to remote control, either from the command line with ncmpcpp , or using M.A.L.P for Android .","title":"RaspberryPi is a Great MPD Appliance"},{"location":"posts/simplified-raspberry-streaming/#andor-as-an-internet-radio-streaming-client","text":"The beauty of this setup it in the simplicity. All you have to do is create an plain text *m3u file with the address:port of the internet radio stream you want, and place that in /var/lib/mpd/playlists directory. You can find various internet radio lists on the internet, and many offer example *m3u playlist files that you can download. However, the important thing is that your m3u playlist file has to contain the exact streaming address, so if the m3u file you download points to a pls file, you may have to download that pls file to look for the streaming address.","title":"And/Or as an Internet Radio Streaming Client"},{"location":"posts/xmpp-apt-notifications/","text":"date: 2021-01-09 Introduction In order to save yourself the work of checking your computer for updates, configure it to send you a weekly notification for updates using cron and sendxmpp. Register an Xmpp User ssh into your prosody server and use prosodyctl to create a user for your computer. i.e. for your htpc: # prosodyctl adduser htpc@example.com You will be prompted to create a password. Install sendxmpp ssh into your computer and install sendxmpp . i.e. for your htpc: $ sudo apt-get install sendxmpp Configure sendxmpp ssh into your computer and login as the root user using $ sudo su write the following contents into /root/.sendxmpprc , i.e. for your htpc htpc@example.com;example.com <password> secure your .sendxmpprc file by making it read-only, and only accessible by the root user # chmod 600 /root/.sendxmpprc Create Cron Job While still logged in as root, open crontab for editing. # crontab -e And then write a command in crontab , i.e. for your htpc. #!/bin/bash PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 15 3 * * 4 apt-get update && apt-get -u upgrade --assume-no | sendxmpp -t -u htpc <yourself>@example.com Receive Notifications on Android Device Example Notification in Yaxim on Android","title":"Xmpp Apt Notifications"},{"location":"posts/xmpp-apt-notifications/#introduction","text":"In order to save yourself the work of checking your computer for updates, configure it to send you a weekly notification for updates using cron and sendxmpp.","title":"Introduction"},{"location":"posts/xmpp-apt-notifications/#register-an-xmpp-user","text":"ssh into your prosody server and use prosodyctl to create a user for your computer. i.e. for your htpc: # prosodyctl adduser htpc@example.com You will be prompted to create a password.","title":"Register an Xmpp User"},{"location":"posts/xmpp-apt-notifications/#install-sendxmpp","text":"ssh into your computer and install sendxmpp . i.e. for your htpc: $ sudo apt-get install sendxmpp","title":"Install sendxmpp"},{"location":"posts/xmpp-apt-notifications/#configure-sendxmpp","text":"ssh into your computer and login as the root user using $ sudo su write the following contents into /root/.sendxmpprc , i.e. for your htpc htpc@example.com;example.com <password> secure your .sendxmpprc file by making it read-only, and only accessible by the root user # chmod 600 /root/.sendxmpprc","title":"Configure sendxmpp"},{"location":"posts/xmpp-apt-notifications/#create-cron-job","text":"While still logged in as root, open crontab for editing. # crontab -e And then write a command in crontab , i.e. for your htpc. #!/bin/bash PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 15 3 * * 4 apt-get update && apt-get -u upgrade --assume-no | sendxmpp -t -u htpc <yourself>@example.com","title":"Create Cron Job"},{"location":"posts/xmpp-apt-notifications/#receive-notifications-on-android-device","text":"Example Notification in Yaxim on Android","title":"Receive Notifications on Android Device"}]}
\ No newline at end of file
+{"config":{"lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"Trent's Blog Posts By Date 2021-01-25: Prosody Photo Uploads 2021-01-09: Xmpp Apt Notifications 2020-12-20: Apache Virtual Hosts 2020-12-19: SENDXMPPHandler for Python Logging 2020-12-17: Instructions for Tethering From Phone 2020-12-15: LMDE4 Custom Partitions Disk Encryption 2020-06-21: Linux Move Cursor With Keyboard 2019-05-12: Simplified Raspberry Streaming 2019-04-13: Clear Linux Encrypted xfs Root 2019-03-11: Clear Linux Guest Virt Manager 2019-02-11: Faster Partitioning With sgdisk 2019-01-25: LMDE3 xfs Full Disk Encryption 2019-01-25: Rewrite Hugo Themes Report in Python Links Links","title":"Home"},{"location":"#trents-blog","text":"","title":"Trent's Blog"},{"location":"#posts-by-date","text":"2021-01-25: Prosody Photo Uploads 2021-01-09: Xmpp Apt Notifications 2020-12-20: Apache Virtual Hosts 2020-12-19: SENDXMPPHandler for Python Logging 2020-12-17: Instructions for Tethering From Phone 2020-12-15: LMDE4 Custom Partitions Disk Encryption 2020-06-21: Linux Move Cursor With Keyboard 2019-05-12: Simplified Raspberry Streaming 2019-04-13: Clear Linux Encrypted xfs Root 2019-03-11: Clear Linux Guest Virt Manager 2019-02-11: Faster Partitioning With sgdisk 2019-01-25: LMDE3 xfs Full Disk Encryption 2019-01-25: Rewrite Hugo Themes Report in Python","title":"Posts By Date"},{"location":"#links","text":"Links","title":"Links"},{"location":"links/","text":"Trent's Blog Links Home GitHub Twitter Facebook Trent Docs Hugo Themes Report libre_gps_parser Concise PDX Free Code Camp Challenges Device Layout Oregon Hikers' Field Guide","title":"Links"},{"location":"links/#trents-blog","text":"","title":"Trent's Blog"},{"location":"links/#links","text":"Home GitHub Twitter Facebook Trent Docs Hugo Themes Report libre_gps_parser Concise PDX Free Code Camp Challenges Device Layout Oregon Hikers' Field Guide","title":"Links"},{"location":"posts/apache-virtual-hosts/","text":"date: 2020-12-20 Use Virtual Hosts This is a very useful way to keep your server organized. Virtual Hosts On Your Lan You can practice on your Lan. Setting up DNS on your Lan For instance, if your router is running dnsmasq , this may be as simple as describing the virtual hosts in /etc/hosts on the router. 192.168.1.101 blog.devbox blogstatic.devbox Here's An Example Reverse Proxy for A Flask Blog On Your Lan # /etc/apache2/sites-enabled/blog.devbox.conf <VirtualHost *:80 > ServerName blog.devbox # dont' block LetsEncrypt # ProxyPass \"/.well-known\" ! ... not needed on your Lan # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Here's An Example for A Static Blog On Your Lan # /etc/apache2/sites-enabled/blogstatic.devbox.conf <VirtualHost *:80 > ServerName blogstatic.devbox DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Wan Deployment Set up DNS Log into your dns provider and create records A record for blog.example.com pointing to your ipv4 address AAAA record for blog.example.com pointing to your ipv6 address A record for blogstatic.example.com pointing to your ipv4 address AAAA record for blogstatic.example.com pointing to your ipv6 address Start With Virtual Hosts for HTTP You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you. Reverse Proxy # /etc/apache2/sites-enabled/blog.example.com.conf <VirtualHost *:80 > ServerName blog.example.com # dont' block LetsEncrypt ProxyPass \"/.well-known\" ! # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Static Site # /etc/apache2/sites-enabled/blogstatic.example.com.conf <VirtualHost *:80 > ServerName blogstatic.example.com DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Get LetsEncrypt Certs certbot --apache -d blog.example.com -d blogstatic.example.com Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.","title":"Apache Virtual Hosts"},{"location":"posts/apache-virtual-hosts/#use-virtual-hosts","text":"This is a very useful way to keep your server organized.","title":"Use Virtual Hosts"},{"location":"posts/apache-virtual-hosts/#virtual-hosts-on-your-lan","text":"You can practice on your Lan.","title":"Virtual Hosts On Your Lan"},{"location":"posts/apache-virtual-hosts/#setting-up-dns-on-your-lan","text":"For instance, if your router is running dnsmasq , this may be as simple as describing the virtual hosts in /etc/hosts on the router. 192.168.1.101 blog.devbox blogstatic.devbox","title":"Setting up DNS on your Lan"},{"location":"posts/apache-virtual-hosts/#heres-an-example-reverse-proxy-for-a-flask-blog-on-your-lan","text":"# /etc/apache2/sites-enabled/blog.devbox.conf <VirtualHost *:80 > ServerName blog.devbox # dont' block LetsEncrypt # ProxyPass \"/.well-known\" ! ... not needed on your Lan # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Here's An Example Reverse Proxy for A Flask Blog On Your Lan"},{"location":"posts/apache-virtual-hosts/#heres-an-example-for-a-static-blog-on-your-lan","text":"# /etc/apache2/sites-enabled/blogstatic.devbox.conf <VirtualHost *:80 > ServerName blogstatic.devbox DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Here's An Example for A Static Blog On Your Lan"},{"location":"posts/apache-virtual-hosts/#wan-deployment","text":"","title":"Wan Deployment"},{"location":"posts/apache-virtual-hosts/#set-up-dns","text":"Log into your dns provider and create records A record for blog.example.com pointing to your ipv4 address AAAA record for blog.example.com pointing to your ipv6 address A record for blogstatic.example.com pointing to your ipv4 address AAAA record for blogstatic.example.com pointing to your ipv6 address","title":"Set up DNS"},{"location":"posts/apache-virtual-hosts/#start-with-virtual-hosts-for-http","text":"You don't need to create virtual hosts for SSL configuration, because CertBot will automatically do that for you.","title":"Start With Virtual Hosts for HTTP"},{"location":"posts/apache-virtual-hosts/#reverse-proxy","text":"# /etc/apache2/sites-enabled/blog.example.com.conf <VirtualHost *:80 > ServerName blog.example.com # dont' block LetsEncrypt ProxyPass \"/.well-known\" ! # don't block /var/www/html/favicon.ico ProxyPass \"/favicon.ico\" ! ProxyPass \"/\" \"http://127.0.0.1:8000/\" ProxyPassReverse \"/\" \"http://127.0.0.1:8000/\" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Reverse Proxy"},{"location":"posts/apache-virtual-hosts/#static-site","text":"# /etc/apache2/sites-enabled/blogstatic.example.com.conf <VirtualHost *:80 > ServerName blogstatic.example.com DocumentRoot /var/www/html/blogstatic/site ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>","title":"Static Site"},{"location":"posts/apache-virtual-hosts/#get-letsencrypt-certs","text":"certbot --apache -d blog.example.com -d blogstatic.example.com Certbot will create and enable new conf files with SSL encryption configured, and will modify your http conf files with redirections to https.","title":"Get LetsEncrypt Certs"},{"location":"posts/clear-linux-encrypted-xfs-root/","text":"date: 2019-04-13T21:44:37-07:00 Nothing to-it Burger I had intended to create a technical explanation how to install Clear Linux with disk encryption, with xfs. But that turned out to be unnecessary because the latest version of the installer handles setting that up automatically. Previously, I had written down the steps needed to get LMDE 3 installed using disk encryption with xfs , which required manual intervention. And indeed, a few months ago, the Clear Linux installer only supported xfs with disk encryption if you could supply some manual intervention. However, the latest Clear Linux installer can set up disk encryption with luks and xfs, automatically. Just follow the instructions , no special skills needed.","title":"Clear Linux Encrypted xfs Root"},{"location":"posts/clear-linux-encrypted-xfs-root/#nothing-to-it-burger","text":"I had intended to create a technical explanation how to install Clear Linux with disk encryption, with xfs. But that turned out to be unnecessary because the latest version of the installer handles setting that up automatically. Previously, I had written down the steps needed to get LMDE 3 installed using disk encryption with xfs , which required manual intervention. And indeed, a few months ago, the Clear Linux installer only supported xfs with disk encryption if you could supply some manual intervention. However, the latest Clear Linux installer can set up disk encryption with luks and xfs, automatically. Just follow the instructions , no special skills needed.","title":"Nothing to-it Burger"},{"location":"posts/clear-linux-guest-virt-manager/","text":"date: 2019-03-11T01:39:09-07:00 Introduction download, convert, and resize the provided kvm-legacy image create a virtual machine and launch it from virt-manager But it\u2019s not immediately clear from the instructions if you can use virt-manager , because they recommend their script which runs qemu-system-x86_64 directly. Which is fine, but maybe you find it easier to customize the options using the virt-manager gui interface. How To Assuming you have libvirt and kvm set up with virt-manager , you can: download the clear-*-legacy-kvm.img.xz verify the checksum extract it unxz clear-*-legacy-kvm.img.xz mv clear-*-legacy-kvm.img.xz /var/lib/libvirt/images/ create a virtual machine in virt-manager using the image There is not an os template for Clear Linux, but Fedora29 works fine for me. As a bonus, virsh console is configured and ready to go. Convert Raw -> Qcow2 and Resize The image has a gpt partition table. I am not sure if that is the reason why, but fdisk does not seem to work for resizing the partition. However, parted works fine. The image download is an 8gb sparse raw image. You may wish to convert that to qcow2 and and resize before creating the virtual machine. Here is how to do that. convert the sparse raw image to qcow2 qemu-img convert -f raw -O qcow2 clear*.img clear.qcow2 resize the image to taste qemu-img resize clear.qcow2 20G create the virtual machine in virt-manager gui boot the virtual machine: virsh start clearvm log in: virsh console clearvm install a bundle which contains parted swupd bundle-add clr-installer expand / partition and file system with parted and resize2fs parted /dev/vda resizepart > Fix/Ignore? Fix > Partition number? 1 > End? [ 8590MB ] ? 100 % > size2fs /dev/vda1","title":"Clear Linux Guest Virt Manager"},{"location":"posts/clear-linux-guest-virt-manager/#introduction","text":"download, convert, and resize the provided kvm-legacy image create a virtual machine and launch it from virt-manager But it\u2019s not immediately clear from the instructions if you can use virt-manager , because they recommend their script which runs qemu-system-x86_64 directly. Which is fine, but maybe you find it easier to customize the options using the virt-manager gui interface.","title":"Introduction"},{"location":"posts/clear-linux-guest-virt-manager/#how-to","text":"Assuming you have libvirt and kvm set up with virt-manager , you can: download the clear-*-legacy-kvm.img.xz verify the checksum extract it unxz clear-*-legacy-kvm.img.xz mv clear-*-legacy-kvm.img.xz /var/lib/libvirt/images/ create a virtual machine in virt-manager using the image There is not an os template for Clear Linux, but Fedora29 works fine for me. As a bonus, virsh console is configured and ready to go.","title":"How To"},{"location":"posts/clear-linux-guest-virt-manager/#convert-raw-qcow2-and-resize","text":"The image has a gpt partition table. I am not sure if that is the reason why, but fdisk does not seem to work for resizing the partition. However, parted works fine. The image download is an 8gb sparse raw image. You may wish to convert that to qcow2 and and resize before creating the virtual machine. Here is how to do that. convert the sparse raw image to qcow2 qemu-img convert -f raw -O qcow2 clear*.img clear.qcow2 resize the image to taste qemu-img resize clear.qcow2 20G create the virtual machine in virt-manager gui boot the virtual machine: virsh start clearvm log in: virsh console clearvm install a bundle which contains parted swupd bundle-add clr-installer expand / partition and file system with parted and resize2fs parted /dev/vda resizepart > Fix/Ignore? Fix > Partition number? 1 > End? [ 8590MB ] ? 100 % > size2fs /dev/vda1","title":"Convert Raw -&gt; Qcow2 and Resize"},{"location":"posts/faster-partitioning-with-sgdisk/","text":"date: 2019-02-11T04:23:52-08:00 Disclaimer If any of this is wrong, let me know so I can fix it. No actual hard drives were harmed in the production of this blog post. The examples are easier to read if you turn your smart phone sideways. Command Line Is Faster Sure you can partition your discs using a GUI disk management application or an interactive, menu-driven terminal interface. But the command line is faster. gdisk vs sgdisk sgdisk is the scriptable version of gdisk (gptfdisk). what the manpage says If you\u2019re familiar with gdisk , you probably know how to interactively set the partition size and type. If you look at the man page for sgdisk you see that the relevant flags are -n and -t . The beginning and ending numbers are absolute, unless you prepend them with a + or - sign, in which case they become relative. # For New Partition: -n, --new=partnum:start:end # Change partition type: -t, --typecode=partnum:{hexcode|GUID} Example with Separate EFI and / Partitions BTW, gdisk is a partitioning tool intended to be used with a gpt partition table, so the assumption is that you would want an efi partition, (although the efi partition does not have to be on the disk you are partitioning or even on the same disk where your other system partitions are). Wipe any leftover filesystem metadata with wipefs. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300. sgdisk /dev/sdx -n 2 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the / partition ext4. mkfs.ext4 /dev/sdx2 Practice With A Sparse Image If you don\u2019t want to partition a real hard drive, you can practice using an sparse image file, instead. # create a sparse image file truncate -S 100G practiceImage.img # partition the image file with sgdisk sgdisk practiceImage.img -o # etc Example with Separate /boot, EFI, and luks-encrypted / Partitions Wipe any leftover filesystem metadata with wipefs . wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition of 1GB, by specifying the end of the partition (relative), but not specifying the partition type which defaults to 8300 . sgdisk /dev/sdx -n 2::+1GiB Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300 . sgdisk /dev/sdx -n 3 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the /boot partition ext4. mkfs.ext4 /dev/sdx2 Encrypt the / partition. cryptsetup -y -v luksFormat --type luks2 /dev/sdx3 Decrypt the / device. cryptsetup open /dev/sdx3 cryptroot Format the / device. mkfs.xfs /dev/mapper/cryptroot What About Swap? I prefer to use a swap file inside the luks-encrypted / partition. But you can make a separate swap partition if you like. Example with 2GB swap partition Wipe the disc. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an EFI partition. sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition. sgdisk /dev/sdx -n 2::+1GiB Create a / partition with a relative negative end. sgdisk /dev/sdx -n 3::-2GiB Create a swap partion type 8200 . sgdisk /dev/sdx -n 4 -t 4:8200 format the partitions. mkfs.vfat -F32 /dev/sdx1 mkfs.ext4 /dev/sdx2 mkfs.xfs /dev/sdx3 mkswap /dev/sdx4 Conclusion Good luck to you. Backup your data first. Kind Regards, Trent","title":"Faster Partitioning With sgdisk"},{"location":"posts/faster-partitioning-with-sgdisk/#disclaimer","text":"If any of this is wrong, let me know so I can fix it. No actual hard drives were harmed in the production of this blog post. The examples are easier to read if you turn your smart phone sideways.","title":"Disclaimer"},{"location":"posts/faster-partitioning-with-sgdisk/#command-line-is-faster","text":"Sure you can partition your discs using a GUI disk management application or an interactive, menu-driven terminal interface. But the command line is faster.","title":"Command Line Is Faster"},{"location":"posts/faster-partitioning-with-sgdisk/#gdisk-vs-sgdisk","text":"sgdisk is the scriptable version of gdisk (gptfdisk).","title":"gdisk vs sgdisk"},{"location":"posts/faster-partitioning-with-sgdisk/#what-the-manpage-says","text":"If you\u2019re familiar with gdisk , you probably know how to interactively set the partition size and type. If you look at the man page for sgdisk you see that the relevant flags are -n and -t . The beginning and ending numbers are absolute, unless you prepend them with a + or - sign, in which case they become relative. # For New Partition: -n, --new=partnum:start:end # Change partition type: -t, --typecode=partnum:{hexcode|GUID}","title":"what the manpage says"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-separate-efi-and-partitions","text":"BTW, gdisk is a partitioning tool intended to be used with a gpt partition table, so the assumption is that you would want an efi partition, (although the efi partition does not have to be on the disk you are partitioning or even on the same disk where your other system partitions are). Wipe any leftover filesystem metadata with wipefs. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300. sgdisk /dev/sdx -n 2 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the / partition ext4. mkfs.ext4 /dev/sdx2","title":"Example with Separate EFI and / Partitions"},{"location":"posts/faster-partitioning-with-sgdisk/#practice-with-a-sparse-image","text":"If you don\u2019t want to partition a real hard drive, you can practice using an sparse image file, instead. # create a sparse image file truncate -S 100G practiceImage.img # partition the image file with sgdisk sgdisk practiceImage.img -o # etc","title":"Practice With A Sparse Image"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-separate-boot-efi-and-luks-encrypted-partitions","text":"Wipe any leftover filesystem metadata with wipefs . wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an efi partition of 512MB by specifying the end of the partition (relative) and the partition type, ef00 . sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition of 1GB, by specifying the end of the partition (relative), but not specifying the partition type which defaults to 8300 . sgdisk /dev/sdx -n 2::+1GiB Create an / partition using the remainder of the disk, by not specifying the end or the beginning or partition type, which defaults to 8300 . sgdisk /dev/sdx -n 3 Format the efi partition fat 32. mkfs.vfat -F32 /dev/sdx1 Format the /boot partition ext4. mkfs.ext4 /dev/sdx2 Encrypt the / partition. cryptsetup -y -v luksFormat --type luks2 /dev/sdx3 Decrypt the / device. cryptsetup open /dev/sdx3 cryptroot Format the / device. mkfs.xfs /dev/mapper/cryptroot","title":"Example with Separate /boot, EFI, and luks-encrypted / Partitions"},{"location":"posts/faster-partitioning-with-sgdisk/#what-about-swap","text":"I prefer to use a swap file inside the luks-encrypted / partition. But you can make a separate swap partition if you like.","title":"What About Swap?"},{"location":"posts/faster-partitioning-with-sgdisk/#example-with-2gb-swap-partition","text":"Wipe the disc. wipefs --all /dev/sdx Create a new GPT partition table. sgdisk /dev/sdx -o Create an EFI partition. sgdisk /dev/sdx -n 1::+512MiB -t 1:ef00 Create a /boot partition. sgdisk /dev/sdx -n 2::+1GiB Create a / partition with a relative negative end. sgdisk /dev/sdx -n 3::-2GiB Create a swap partion type 8200 . sgdisk /dev/sdx -n 4 -t 4:8200 format the partitions. mkfs.vfat -F32 /dev/sdx1 mkfs.ext4 /dev/sdx2 mkfs.xfs /dev/sdx3 mkswap /dev/sdx4","title":"Example with 2GB swap partition"},{"location":"posts/faster-partitioning-with-sgdisk/#conclusion","text":"Good luck to you. Backup your data first. Kind Regards, Trent","title":"Conclusion"},{"location":"posts/instructions-for-tethering-from-phone/","text":"date: 2020-12-17 Instructions Part One Turn off blutooth on computer Turn off blutooth on phone Turn off Wifi on phone Part Two Turn on wifi hotspot or usb tethering Verify! You want to verify that you are connected to your Android hotspot. Android tether is a router that will stand up a subnet of 192.168.43.0/24 for wifi hotspot, and 192.168.42.0/24 for usb tether. On linux open a terminal and type ip addr on Windows open a cmd console and type ipconfig If tethering via wifi hotspot you should see an ipv4 address of 192.168.43.XX If tethering via usb you should see an ipv4 address of 192.168.42.XX ACHTUNG Do Not! DO NOT turn on ethernet tethering you probably don't have the physical equipment available to do that DO NOT turn on blutooth tethering $# ?# DUH!! DO NOT turn on blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT turn on wifi Don't let your phone try to connect to something that isn't working right now DO NOT forget to turn off blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT forget to turn off wifi Don't let your phone try to connect to something that isn't working right now Blutooth If you leave blutooth on while trying to tether, your phone could get hot, your battery could go dead, and your hotspot could fail to work properly. Be surprised it it doesn't crash and soft-reboot.","title":"Instructions For Tethering From Phone"},{"location":"posts/instructions-for-tethering-from-phone/#instructions","text":"","title":"Instructions"},{"location":"posts/instructions-for-tethering-from-phone/#part-one","text":"Turn off blutooth on computer Turn off blutooth on phone Turn off Wifi on phone","title":"Part One"},{"location":"posts/instructions-for-tethering-from-phone/#part-two","text":"Turn on wifi hotspot or usb tethering","title":"Part Two"},{"location":"posts/instructions-for-tethering-from-phone/#verify","text":"You want to verify that you are connected to your Android hotspot. Android tether is a router that will stand up a subnet of 192.168.43.0/24 for wifi hotspot, and 192.168.42.0/24 for usb tether. On linux open a terminal and type ip addr on Windows open a cmd console and type ipconfig If tethering via wifi hotspot you should see an ipv4 address of 192.168.43.XX If tethering via usb you should see an ipv4 address of 192.168.42.XX","title":"Verify!"},{"location":"posts/instructions-for-tethering-from-phone/#achtung-do-not","text":"DO NOT turn on ethernet tethering you probably don't have the physical equipment available to do that DO NOT turn on blutooth tethering $# ?# DUH!! DO NOT turn on blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT turn on wifi Don't let your phone try to connect to something that isn't working right now DO NOT forget to turn off blutooth Your phone's radio hardware already has enough to do, trying to simultaneously maintain an LTE uplink to your mobile carrier and a wifi downlink to your computer DO NOT forget to turn off wifi Don't let your phone try to connect to something that isn't working right now","title":"ACHTUNG Do Not!"},{"location":"posts/instructions-for-tethering-from-phone/#blutooth","text":"If you leave blutooth on while trying to tether, your phone could get hot, your battery could go dead, and your hotspot could fail to work properly. Be surprised it it doesn't crash and soft-reboot.","title":"Blutooth"},{"location":"posts/linux-move-cursor-with-keyboard/","text":"date: 2020-06-21T22:01:35-07:00 Introduction Linux just makes everything so easy. On a laptop it can be tricky to place your mouse cursor on exactly the correct pixel, using the touchpad. This became apparent to myself while using GIMP to create some png button files for a little tkinter project, but there must be other use-cases as well. xdo commands for moving the cursor move the cursor one pixel left: xdotool mousemove_relative -- -1 0 move the cursor one pixel right: xdotool mousemove_relative -- 1 0 move the cursor one pixel up: xdotool mousemove_relative -- 0 -1 move the cursor one pixel down: xdotool mousemove_relative -- 0 1 map keyboard shortcuts Now, in your keyboard settings, map the above commands to new custom shortcuts. For instance, I find the Ctrl + Super + Up Ctrl + Super + Down Ctrl + Super + Left Ctrl + Super + Right combinations to be convenient in the Mate Desktop. Enjoy!","title":"Linux Move Cursor With Keyboard"},{"location":"posts/linux-move-cursor-with-keyboard/#introduction","text":"Linux just makes everything so easy. On a laptop it can be tricky to place your mouse cursor on exactly the correct pixel, using the touchpad. This became apparent to myself while using GIMP to create some png button files for a little tkinter project, but there must be other use-cases as well.","title":"Introduction"},{"location":"posts/linux-move-cursor-with-keyboard/#xdo-commands-for-moving-the-cursor","text":"move the cursor one pixel left: xdotool mousemove_relative -- -1 0 move the cursor one pixel right: xdotool mousemove_relative -- 1 0 move the cursor one pixel up: xdotool mousemove_relative -- 0 -1 move the cursor one pixel down: xdotool mousemove_relative -- 0 1","title":"xdo commands for moving the cursor"},{"location":"posts/linux-move-cursor-with-keyboard/#map-keyboard-shortcuts","text":"Now, in your keyboard settings, map the above commands to new custom shortcuts. For instance, I find the Ctrl + Super + Up Ctrl + Super + Down Ctrl + Super + Left Ctrl + Super + Right combinations to be convenient in the Mate Desktop. Enjoy!","title":"map keyboard shortcuts"},{"location":"posts/lmde3-xfs-full-disk-encryption/","text":"date: 2019-01-25T23:25:36-08:00 Introduction Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Unfortunately, the LMDE 3 installer does not support disk encryption, but manually setting this up by hand is pretty straightforward. On the other hand, manually setting up your partitions by hand allows extra freedom and flexibility, and so I have chosen a simple luks-encrypted / partition formatted xfs. As far as swap is concerned, my preference is to use a swap file instead of a swap partition. Having a swap file instead of a swap partition is more flexible because obviously you can easily recreate a different size swap file whenever you like (or use none at all), and the encryption requires no extra set up because the / partition is encrypted anyway. Will this work with a dual-boot set up? Of course! Because you have to manually configure the partitions anyway, just arrange them exactly how you would need for dual-boot. Assumes uefi-configured boot, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs. Prepare The Installation Media Visit the Linux Mint Website and download the iso file for LMDE 3 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-3-201808-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-3-201808-cinnamon-64bit.iso /dev/sdb Boot The Install Disc boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars Partition The Hard Drive If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=1::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=2::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=3 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda1 format the /boot partition mkfs.ext4 /dev/sda2 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda3 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda3 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot Mount The Hard Drive This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda2 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda1 /target/boot/efi Run The Installer App At this point you're ready to run the live installer. You can click the disc icon on the desktop. The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. On the fifth page of the live-installer, you come to a partition configuration page. But there is nothing to do, so select expert mode at the bottom of the page. Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda1 . Select forward one more time, and then select install. The installation will run for a few minutes and will then pause. During the pause you need to manually configure fstab and crypttab . Configure Fstab find the UUID of the efi partition blkid /dev/sda1 -s UUID find the UUID of the /boot partition blkid /dev/sda2 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda1: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda2: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1 Configure Crypttab But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda3 -s UUID` which outputs # /dev/sda3: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks Resume Installer App At this point finish running the live installer, and you'll be done. UEFI Fix On some machines, such as HP Laptops, UEFI is broken and efi boot entries don't persist. remount the efi parition mount /dev/sda1 /mnt/ ; cd /mnt/EFI/ create a default efi executable mkdir BOOT ; cp linuxmint/grubx64.efi BOOT/BOOTX64.efi Optional Swap File Visit the Arch Wiki and they will hook you up.","title":"LMDE3 xfs Full Disk Encryption"},{"location":"posts/lmde3-xfs-full-disk-encryption/#introduction","text":"Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Unfortunately, the LMDE 3 installer does not support disk encryption, but manually setting this up by hand is pretty straightforward. On the other hand, manually setting up your partitions by hand allows extra freedom and flexibility, and so I have chosen a simple luks-encrypted / partition formatted xfs. As far as swap is concerned, my preference is to use a swap file instead of a swap partition. Having a swap file instead of a swap partition is more flexible because obviously you can easily recreate a different size swap file whenever you like (or use none at all), and the encryption requires no extra set up because the / partition is encrypted anyway. Will this work with a dual-boot set up? Of course! Because you have to manually configure the partitions anyway, just arrange them exactly how you would need for dual-boot. Assumes uefi-configured boot, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs.","title":"Introduction"},{"location":"posts/lmde3-xfs-full-disk-encryption/#prepare-the-installation-media","text":"Visit the Linux Mint Website and download the iso file for LMDE 3 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-3-201808-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-3-201808-cinnamon-64bit.iso /dev/sdb","title":"Prepare The Installation Media"},{"location":"posts/lmde3-xfs-full-disk-encryption/#boot-the-install-disc","text":"boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars","title":"Boot The Install Disc"},{"location":"posts/lmde3-xfs-full-disk-encryption/#partition-the-hard-drive","text":"If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=1::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=2::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=3 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda1 format the /boot partition mkfs.ext4 /dev/sda2 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda3 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda3 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot","title":"Partition The Hard Drive"},{"location":"posts/lmde3-xfs-full-disk-encryption/#mount-the-hard-drive","text":"This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda2 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda1 /target/boot/efi","title":"Mount The Hard Drive"},{"location":"posts/lmde3-xfs-full-disk-encryption/#run-the-installer-app","text":"At this point you're ready to run the live installer. You can click the disc icon on the desktop. The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. On the fifth page of the live-installer, you come to a partition configuration page. But there is nothing to do, so select expert mode at the bottom of the page. Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda1 . Select forward one more time, and then select install. The installation will run for a few minutes and will then pause. During the pause you need to manually configure fstab and crypttab .","title":"Run The Installer App"},{"location":"posts/lmde3-xfs-full-disk-encryption/#configure-fstab","text":"find the UUID of the efi partition blkid /dev/sda1 -s UUID find the UUID of the /boot partition blkid /dev/sda2 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda1: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda2: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1","title":"Configure Fstab"},{"location":"posts/lmde3-xfs-full-disk-encryption/#configure-crypttab","text":"But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda3 -s UUID` which outputs # /dev/sda3: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks","title":"Configure Crypttab"},{"location":"posts/lmde3-xfs-full-disk-encryption/#resume-installer-app","text":"At this point finish running the live installer, and you'll be done.","title":"Resume Installer App"},{"location":"posts/lmde3-xfs-full-disk-encryption/#uefi-fix","text":"On some machines, such as HP Laptops, UEFI is broken and efi boot entries don't persist. remount the efi parition mount /dev/sda1 /mnt/ ; cd /mnt/EFI/ create a default efi executable mkdir BOOT ; cp linuxmint/grubx64.efi BOOT/BOOTX64.efi","title":"UEFI Fix"},{"location":"posts/lmde3-xfs-full-disk-encryption/#optional-swap-file","text":"Visit the Arch Wiki and they will hook you up.","title":"Optional Swap File"},{"location":"posts/lmde4-custom-partitions-disk-encryption/","text":"date: 2020-12-15 Introduction Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Previously, I wrote a guide for installing LMDE3 with disk encryption . The installer for LMDE 4 is different in that it includes support for disk encryption, but not if you need custom partitions such as for a dual-boot configuration . With this in mind, the examples presented below assume that you have Windows 10 installed in 4 partitions, and thus you would want to make 3 partitions (5,6,7) after that, for LMDE4. As with before, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs. With a separate efi partition for LMDE4, you can then use the computer's device boot menu to select which efi boot entry you want to boot. There is also an advantage in having Windows use the first efi partition, in that if something happens to the Windows efi boot entry, you can fall back to the default efi executable. Whereas, if the efi boot entry for Linux somehow gets wiped, you could repair that easily enough via chroot . Prepare The Installation Media Visit the Linux Mint Website and download the iso file for LMDE 4 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-4-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-4-cinnamon-64bit.iso /dev/sdb Boot The Install Disc boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars Partition The Hard Drive If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. If indeed, you are installing a dual-boot and are installing alongside another operating system, then skip steps 1 and 2 , obviously. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=5::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=6::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=7 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda5 format the /boot partition mkfs.ext4 /dev/sda6 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda7 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda7 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot Mount The Hard Drive This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda6 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda5 /target/boot/efi Run The Installer App From Command Line At this point you're ready to run the live installer. But you need to run the installer from the command line in order to use expert-mode : live-installer --expert-mode The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. After this select manual partitioning . On the seventh page of the live-installer, you come to a partition configuration page. But there is nothing to do here. The partition-configuration doesn't even recognize your encrypted partitions. But no matter, because you have already mounted the target file system relative to /target/ , so select expert mode at the bottom of the page. the installer doesn't even recognize the encrypted partitions ... ignore everything on this screen and click the `Expert mode` button Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda5 . select the efi partition as the location to install grub Then continue with the installation. The installation will run for a few minutes and will then pause. There will be a popup informing you that the installation has paused. During the pause you need to manually configure fstab and crypttab . Configure Fstab find the UUID of the efi partition blkid /dev/sda5 -s UUID find the UUID of the /boot partition blkid /dev/sda6 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda5: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda6: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1 Configure Crypttab But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab Sorry, that's actually an over-simplification. But you need to configure crypttab now, because when the installer continues running again, it installs the bootloader and builds the initramfs, and mkinitramfs parses crypttab , and builds and configures the initramfs in such a way that it knows to decrypt your / partition so it can then hand it off to the kernel at boot time (I think). find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda7 -s UUID` which outputs # /dev/sda7: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks Resume Installer App At this point finish running the live installer, and you'll be done. UEFI Fix Well, actually there isn't one. In this scenario having two efi partitions, we rely on the motherboard correctly persisting efi boot entries. So if you are unlucky enough to have one of the HP laptops that forgets efi boot entries, I guess you are out of luck. You might try using a single efi partition instead of two, and maybe that will work. Presumably this would require using VeraCrypt for Windows, instead of Bitlocker (because Bitlocker won't allow Grub to load the Windows bootloader?) Optional Swap File Visit the Arch Wiki and they will hook you up.","title":"LMDE4 Custom Partitions Disk Encryption"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#introduction","text":"Linux Mint Debian Edition is the alternate version of Linux Mint, but built on a Debian base. The result is quite pleasant: the stability of desktop Debian, but with the rough edges polished smooth, nicely configured fonts and ui, and all the multi-media codecs included. Previously, I wrote a guide for installing LMDE3 with disk encryption . The installer for LMDE 4 is different in that it includes support for disk encryption, but not if you need custom partitions such as for a dual-boot configuration . With this in mind, the examples presented below assume that you have Windows 10 installed in 4 partitions, and thus you would want to make 3 partitions (5,6,7) after that, for LMDE4. As with before, with separate partitions for /boot formatted ext4, /boot/efi formatted fat32, and a regular luks-encrypted partition for / formatted xfs. With a separate efi partition for LMDE4, you can then use the computer's device boot menu to select which efi boot entry you want to boot. There is also an advantage in having Windows use the first efi partition, in that if something happens to the Windows efi boot entry, you can fall back to the default efi executable. Whereas, if the efi boot entry for Linux somehow gets wiped, you could repair that easily enough via chroot .","title":"Introduction"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#prepare-the-installation-media","text":"Visit the Linux Mint Website and download the iso file for LMDE 4 64bit. Download from torrents if possible, to save bandwidth. verify the sha256 sum of the iso file sha256sum lmde-4-cinnamon-64bit.iso Identify the thumb drive you are going to install from. type lsblk , note the output, and then insert the thumb drive then type lsblk again and note the additional output # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:32 1 14.5G 0 disk \u251c\u2500sdb1 8:33 1 3.4G 0 part /media/trent/Debian 9.6.0 amd64 \u2514\u2500sdb2 8:34 1 416K 0 part In the above example output we see that our thumb drive is identified as /dev/sdb , and partition /dev/sdb1 is automatically mounted. Take special care that you have accurately identified the thumb drive before proceeding. For the sake of example, we will proceed on the assumption that our thumb drive is identified as /dev/sdb , but you need to compensate accordingly. unmount any partition of the thumb drive that are automatically mounted umount /dev/sdb1 write the disk image to the thumb drive ddrescue -D --force lmde-4-cinnamon-64bit.iso /dev/sdb","title":"Prepare The Installation Media"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#boot-the-install-disc","text":"boot into bios to disable fastboot and secureboot invoke your machine's device boot menu and boot the install disc in uefi mode confirm that you have booted in uefi mode by listing efivars ls /sys/firmware/efi/vars","title":"Boot The Install Disc"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#partition-the-hard-drive","text":"If you recall we are assuming the target hard drive is /dev/sda , as an example. So, make adjustments as necessary. If you would rather use a different partition tool, make sure the efi partition is an efi partition type, and you definitely need a separate /boot partition. If indeed, you are installing a dual-boot and are installing alongside another operating system, then skip steps 1 and 2 , obviously. if needed you can clear the drive with wipefs wipefs --all /dev/sda create a new partition table for /dev/sda sgdisk /dev/sda -o create a new efi partition for /dev/sda sgdisk /dev/sda --new=5::+512MiB --typecode=1:ef00 create a new /boot partition for /dev/sda sgdisk /dev/sda --new=6::+1G create a new / partition for /dev/sda sgdisk /dev/sda --new=7 verify your partition work sgdisk /dev/sda -p format the efi partition mkfs.vfat -F32 /dev/sda5 format the /boot partition mkfs.ext4 /dev/sda6 encrypt the / partition, you will be prompted for a password cryptsetup -y -v luksFormat --type luks2 /dev/sda7 decrypt the / partition, you will be prompted for a password cryptsetup open /dev/sda7 cryptroot format the / device mkfs.xfs /dev/mapper/cryptroot","title":"Partition The Hard Drive"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#mount-the-hard-drive","text":"This takes advantage of expert mode in the LMDE installer. create an /target directory mkdir /target mount the / device at /target mount /dev/mapper/cryptroot /target create an /target/boot directory mkdir /target/boot mount the /boot partition at /target/boot mount /dev/sda6 /target/boot create an /target/boot/efi directory mkdir /target/boot/efi mount the efi partition at /target/boot/efi mount /dev/sda5 /target/boot/efi","title":"Mount The Hard Drive"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#run-the-installer-app-from-command-line","text":"At this point you're ready to run the live installer. But you need to run the installer from the command line in order to use expert-mode : live-installer --expert-mode The first three pages of the live-installer cover Language,Timezone, and Keymap. The fourth page of the live-installer covers name, password, and hostname. After this select manual partitioning . On the seventh page of the live-installer, you come to a partition configuration page. But there is nothing to do here. The partition-configuration doesn't even recognize your encrypted partitions. But no matter, because you have already mounted the target file system relative to /target/ , so select expert mode at the bottom of the page. the installer doesn't even recognize the encrypted partitions ... ignore everything on this screen and click the `Expert mode` button Again select forward , and when you come to the page where you configure the location to install grub, that should be the efi partition, i.e. /dev/sda5 . select the efi partition as the location to install grub Then continue with the installation. The installation will run for a few minutes and will then pause. There will be a popup informing you that the installation has paused. During the pause you need to manually configure fstab and crypttab .","title":"Run The Installer App From Command Line"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#configure-fstab","text":"find the UUID of the efi partition blkid /dev/sda5 -s UUID find the UUID of the /boot partition blkid /dev/sda6 -s UUID find the UUID of the / device blkid /dev/mapper/cryptroot -s UUID And when you find the correct UUID numbers, use them to configure /etc/fstab which is actually currently at /target/etc/fstab . # /etc/fstab ############### # efi partition # run the command `blkid /dev/sda1 -s UUID` which outputs # /dev/sda5: UUID=\"17C4-215D\", from which derive UUID=17C4-215D /boot/efi vfat defaults 0 2 # /boot partition # run the command `blkid /dev/sda2 -s UUID` which outputs # /dev/sda6: UUID=\"f2509fff-4854-4721-b546-0274c89e6aec\", from which derive UUID=f2509fff-4854-4721-b546-0274c89e6aec /boot ext4 defaults 0 2 # \"/\" device # run the command `blkid /dev/mapper/cryptroot -s UUID` which outputs # /dev/mapper/cryptroot: UUID=\"72241377-cd65-43a6-8363-1afce5bd93f6\", from which derive UUID=72241377-cd65-43a6-8363-1afce5bd93f6 / xfs defaults 0 1","title":"Configure Fstab"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#configure-crypttab","text":"But before the file systems can be mounted, crypttab needs to mount /dev/sda3 at /dev/mapper/cryptroot . Configure /etc/crypttab which is actually currently at /target/etc/crypttab Sorry, that's actually an over-simplification. But you need to configure crypttab now, because when the installer continues running again, it installs the bootloader and builds the initramfs, and mkinitramfs parses crypttab , and builds and configures the initramfs in such a way that it knows to decrypt your / partition so it can then hand it off to the kernel at boot time (I think). find the UUID of the partition that will be mounted at /dev/mapper/crypttab blkid /dev/sda3 -s UUID And when you find the correct UUID number for /dev/sda3 , use that to configure /etc/crypttab which is actually currently at /target/etc/crypttab . # /etc/crypttab # run the command `blkid /dev/sda7 -s UUID` which outputs # /dev/sda7: UUID=\"da3e0967-711f-4159-85ac-7d5743a75201\", from which derive # <target name> <source device> <key file> <options> cryptroot UUID=da3e0967-711f-4159-85ac-7d5743a75201 none luks","title":"Configure Crypttab"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#resume-installer-app","text":"At this point finish running the live installer, and you'll be done.","title":"Resume Installer App"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#uefi-fix","text":"Well, actually there isn't one. In this scenario having two efi partitions, we rely on the motherboard correctly persisting efi boot entries. So if you are unlucky enough to have one of the HP laptops that forgets efi boot entries, I guess you are out of luck. You might try using a single efi partition instead of two, and maybe that will work. Presumably this would require using VeraCrypt for Windows, instead of Bitlocker (because Bitlocker won't allow Grub to load the Windows bootloader?)","title":"UEFI Fix"},{"location":"posts/lmde4-custom-partitions-disk-encryption/#optional-swap-file","text":"Visit the Arch Wiki and they will hook you up.","title":"Optional Swap File"},{"location":"posts/prosody-photo-uploads/","text":"date: 2021-01-25 Introduction Install prosody on Debian 10 with photoupload, postgresql database, and letsencrypt certs. DNS Log into your dns provider and create A and AAAA records for xmpp.example.com Log into your dns provider and create A and AAAA records for xmppupload.example.com FireWall Incidentally, you definitely do want to use a non-standard ssh port for connecting over the internet. I would suggest that a firewall is important, because I couldn't figure out how to completely disable port 5280 for the http protocol, in the clear, in the prosody config. ports 80/tcp , 443/tcp for certbot 4444/tcp i.e. port 4444 for ssh 5222/tcp for xmpp-client 5269/tcp for xmpp-server 5281/tcp for https connections to prosody for uploads and photos FireWall with UFW ufw allow http ufw allow https ufw allow xmpp-client ufw allow xmpp-server ufw allow 5281/tcp ufw allow 4444/tcp i.e. if 4444 for ssh ufw enable to start the firewall Postgresql Database Install the postgresql database. apt-get install postgresql postgresql-contrib Log into the psql command line. sudo -u postgres psql Create prosody database postgres =# CREATE DATABASE prosody ; Creat prosody user postgres =# CREATE ROLE prosody WITH LOGIN ; Set password for user postgres =# \\ password prosody Quit psql postgres =# \\ q allow authentication in pg_hba.conf To connect to postgresql via unix socket # /etc/postgresql/11/main/pg_hba.conf # make sure this line is above local prosody prosody md5 # make sure this line is below local all all peer or i.e. through a wireguard tunnel # /etc/postgresql/11/main/pg_hba.conf # where 10.0.22.5 is the ip address of the machine that prosody will run on host prosody prosody 10.0.22.5/32 md5 and then restart postgresql systemctl restart postgresql Prosody Install Prosody apt install prosody prosody-modules lua-dbi-postgresql Configure Prosody backup the prosody config file cp /etc/prosody/prosody.cfg.lua /etc/prosody/prosody.cfg.lua.bak if you want to disable advertising version and uptime, allow message archives, and disallow registration, change this -- /etc/prosody/prosody.cfg.lua modules_enabled = { ... -- Nice to have \"version\"; -- Replies to server version requests \"uptime\"; -- Report how long server has been running \"time\"; -- Let others know the time here on this server \"ping\"; -- Replies to XMPP pings with pongs \"register\"; -- Allow users to register on this server using a client and change passwords --\"mam\"; -- Store messages in an archive and allow users to access it --\"csi_simple\"; -- Simple Mobile optimizations ... } to this -- /etc/prosody/prosody.cfg.lua modules_enabled = { ... -- Nice to have --\"version\"; -- Replies to server version requests --\"uptime\"; -- Report how long server has been running \"time\"; -- Let others know the time here on this server \"ping\"; -- Replies to XMPP pings with pongs --\"register\"; -- Allow users to register on this server using a client and change passwords \"mam\"; -- Store messages in an archive and allow users to access it --\"csi_simple\"; -- Simple Mobile optimizations ... } to force certificate authentication for server-to-server connections, make the following edit around line 123 -- /etc/prosody/prosody.cfg.lua -- Force certificate authentication for server-to-server connections? -- change this s2s_secure_auth = false -- to this s2s_secure_auth = true around line 147 enable sql -- /etc/prosody/prosody.cfg.lua -- change this --storage = \"sql\" -- to this storage = \"sql\" and describe the database connection -- /etc/prosody/prosody.cfg.lua -- change this --sql = { driver = \"PostgreSQL\", database = \"prosody\", username = \"prosody\", password = \"secret\", host = \"localhost\" } -- to this sql = { driver = \"PostgreSQL\", database = \"prosody\", username = \"prosody\", password = \"secret\", host = \"localhost\" } -- or to use a unix socket in Debian 10 sql = { driver = \"PostgreSQL\", database = \"prosody\", username = \"prosody\", password = \"secret\", host = \"/var/run/postgresql\" } somewhere around line 196, describe the certificate file for the upoad subdomain -- /etc/prosody/prosody.cfg.lua -- change this --https_certificate = \"/etc/prosody/certs/localhost.crt\" -- to this https_certificate = \"/etc/prosody/certs/xmppupload.example.com.crt\" somewhere around line 210 describe your virtualhost -- /etc/prosody/prosody.cfg.lua VirtualHost \"xmpp.example.com\" disco_items = { {\"xmppupload.example.com\"}, } add the following to the end of the file -- /etc/prosody/prosody.cfg.lua Component \"xmppupload.example.com\" \"http_upload\" and then restart prosody systemctl restart prososdy Certbot install certbot apt install certbot get certificates certbot certonly -d xmpp.example.com certbot certonly -d xmppupload.example.com import the certificates into prosody and restart prosody prosodyctl --root cert import /etc/letsencrypt/live systemctl restart prosody create the following renewal-hook for letsencrypt # !/bin/bash # /etc/letsencrypt/renewal-hooks/deploy/prosody_deploy_hook prosodyctl --root cert import /etc/letsencrypt/live","title":"Prosody Photo Uploads"},{"location":"posts/prosody-photo-uploads/#introduction","text":"Install prosody on Debian 10 with photoupload, postgresql database, and letsencrypt certs.","title":"Introduction"},{"location":"posts/prosody-photo-uploads/#dns","text":"Log into your dns provider and create A and AAAA records for xmpp.example.com Log into your dns provider and create A and AAAA records for xmppupload.example.com","title":"DNS"},{"location":"posts/prosody-photo-uploads/#firewall","text":"Incidentally, you definitely do want to use a non-standard ssh port for connecting over the internet. I would suggest that a firewall is important, because I couldn't figure out how to completely disable port 5280 for the http protocol, in the clear, in the prosody config.","title":"FireWall"},{"location":"posts/prosody-photo-uploads/#ports","text":"80/tcp , 443/tcp for certbot 4444/tcp i.e. port 4444 for ssh 5222/tcp for xmpp-client 5269/tcp for xmpp-server 5281/tcp for https connections to prosody for uploads and photos","title":"ports"},{"location":"posts/prosody-photo-uploads/#firewall-with-ufw","text":"ufw allow http ufw allow https ufw allow xmpp-client ufw allow xmpp-server ufw allow 5281/tcp ufw allow 4444/tcp i.e. if 4444 for ssh ufw enable to start the firewall","title":"FireWall with UFW"},{"location":"posts/prosody-photo-uploads/#postgresql-database","text":"","title":"Postgresql Database"},{"location":"posts/prosody-photo-uploads/#install-the-postgresql-database","text":"apt-get install postgresql postgresql-contrib Log into the psql command line. sudo -u postgres psql Create prosody database postgres =# CREATE DATABASE prosody ; Creat prosody user postgres =# CREATE ROLE prosody WITH LOGIN ; Set password for user postgres =# \\ password prosody Quit psql postgres =# \\ q","title":"Install the postgresql database."},{"location":"posts/prosody-photo-uploads/#allow-authentication-in-pg_hbaconf","text":"To connect to postgresql via unix socket # /etc/postgresql/11/main/pg_hba.conf # make sure this line is above local prosody prosody md5 # make sure this line is below local all all peer or i.e. through a wireguard tunnel # /etc/postgresql/11/main/pg_hba.conf # where 10.0.22.5 is the ip address of the machine that prosody will run on host prosody prosody 10.0.22.5/32 md5 and then restart postgresql systemctl restart postgresql","title":"allow authentication in pg_hba.conf"},{"location":"posts/prosody-photo-uploads/#prosody","text":"","title":"Prosody"},{"location":"posts/prosody-photo-uploads/#install-prosody","text":"apt install prosody prosody-modules lua-dbi-postgresql","title":"Install Prosody"},{"location":"posts/prosody-photo-uploads/#configure-prosody","text":"backup the prosody config file cp /etc/prosody/prosody.cfg.lua /etc/prosody/prosody.cfg.lua.bak if you want to disable advertising version and uptime, allow message archives, and disallow registration, change this -- /etc/prosody/prosody.cfg.lua modules_enabled = { ... -- Nice to have \"version\"; -- Replies to server version requests \"uptime\"; -- Report how long server has been running \"time\"; -- Let others know the time here on this server \"ping\"; -- Replies to XMPP pings with pongs \"register\"; -- Allow users to register on this server using a client and change passwords --\"mam\"; -- Store messages in an archive and allow users to access it --\"csi_simple\"; -- Simple Mobile optimizations ... } to this -- /etc/prosody/prosody.cfg.lua modules_enabled = { ... -- Nice to have --\"version\"; -- Replies to server version requests --\"uptime\"; -- Report how long server has been running \"time\"; -- Let others know the time here on this server \"ping\"; -- Replies to XMPP pings with pongs --\"register\"; -- Allow users to register on this server using a client and change passwords \"mam\"; -- Store messages in an archive and allow users to access it --\"csi_simple\"; -- Simple Mobile optimizations ... } to force certificate authentication for server-to-server connections, make the following edit around line 123 -- /etc/prosody/prosody.cfg.lua -- Force certificate authentication for server-to-server connections? -- change this s2s_secure_auth = false -- to this s2s_secure_auth = true around line 147 enable sql -- /etc/prosody/prosody.cfg.lua -- change this --storage = \"sql\" -- to this storage = \"sql\" and describe the database connection -- /etc/prosody/prosody.cfg.lua -- change this --sql = { driver = \"PostgreSQL\", database = \"prosody\", username = \"prosody\", password = \"secret\", host = \"localhost\" } -- to this sql = { driver = \"PostgreSQL\", database = \"prosody\", username = \"prosody\", password = \"secret\", host = \"localhost\" } -- or to use a unix socket in Debian 10 sql = { driver = \"PostgreSQL\", database = \"prosody\", username = \"prosody\", password = \"secret\", host = \"/var/run/postgresql\" } somewhere around line 196, describe the certificate file for the upoad subdomain -- /etc/prosody/prosody.cfg.lua -- change this --https_certificate = \"/etc/prosody/certs/localhost.crt\" -- to this https_certificate = \"/etc/prosody/certs/xmppupload.example.com.crt\" somewhere around line 210 describe your virtualhost -- /etc/prosody/prosody.cfg.lua VirtualHost \"xmpp.example.com\" disco_items = { {\"xmppupload.example.com\"}, } add the following to the end of the file -- /etc/prosody/prosody.cfg.lua Component \"xmppupload.example.com\" \"http_upload\" and then restart prosody systemctl restart prososdy","title":"Configure Prosody"},{"location":"posts/prosody-photo-uploads/#certbot","text":"install certbot apt install certbot get certificates certbot certonly -d xmpp.example.com certbot certonly -d xmppupload.example.com import the certificates into prosody and restart prosody prosodyctl --root cert import /etc/letsencrypt/live systemctl restart prosody create the following renewal-hook for letsencrypt # !/bin/bash # /etc/letsencrypt/renewal-hooks/deploy/prosody_deploy_hook prosodyctl --root cert import /etc/letsencrypt/live","title":"Certbot"},{"location":"posts/rewrite-hugo-themes-report-in-python/","text":"date: 2019-01-25T01:02:57-08:00 Ranking Hugo Themes by Stars, Commit Date A while back I was grazing the selfhosted subreddit, and noticed Hugo coming up in conversation. I recalled that hugo requires a third-party theme in order to function. But was a bit of a challenge, because how do you know what is a good Hugo theme? First Version in Bash I ended up writing a little bash script (now deprecated) that scrapes the Github api and generates a little report about Hugo themes. It basically curled json from the Github api, and parsed it with grep, awk, and sed, and eventually spat out a plain text file. Rewrite in Python It was about a year later that I decided to rewrite the script in Python, using sqlite as a database. I discovered how to use the python requests module, got some practice with sqlite, and discovered how to make conditional request against the Github api using ETags and \u2018If-Modified-Since\u2019 (ETags are easier). But this was my first time using python like this. And I have to tell you, it\u2019s a lot moar fun than recursive fibonacci tutorials! Building an HTML5 Table (bootstrap, actually) By the time I had figured out how to collect the data I needed, I realized that I could simply generate an html table right in the python script. rank_hugo_themes.py runs in a cronjob every night, and you can view Hugo Themes Report here. And you can see the script on Github .","title":"Rewrite Hugo Themes Report in Python"},{"location":"posts/rewrite-hugo-themes-report-in-python/#ranking-hugo-themes-by-stars-commit-date","text":"A while back I was grazing the selfhosted subreddit, and noticed Hugo coming up in conversation. I recalled that hugo requires a third-party theme in order to function. But was a bit of a challenge, because how do you know what is a good Hugo theme?","title":"Ranking Hugo Themes by Stars, Commit Date"},{"location":"posts/rewrite-hugo-themes-report-in-python/#first-version-in-bash","text":"I ended up writing a little bash script (now deprecated) that scrapes the Github api and generates a little report about Hugo themes. It basically curled json from the Github api, and parsed it with grep, awk, and sed, and eventually spat out a plain text file.","title":"First Version in Bash"},{"location":"posts/rewrite-hugo-themes-report-in-python/#rewrite-in-python","text":"It was about a year later that I decided to rewrite the script in Python, using sqlite as a database. I discovered how to use the python requests module, got some practice with sqlite, and discovered how to make conditional request against the Github api using ETags and \u2018If-Modified-Since\u2019 (ETags are easier). But this was my first time using python like this. And I have to tell you, it\u2019s a lot moar fun than recursive fibonacci tutorials!","title":"Rewrite in Python"},{"location":"posts/rewrite-hugo-themes-report-in-python/#building-an-html5-table-bootstrap-actually","text":"By the time I had figured out how to collect the data I needed, I realized that I could simply generate an html table right in the python script. rank_hugo_themes.py runs in a cronjob every night, and you can view Hugo Themes Report here. And you can see the script on Github .","title":"Building an HTML5 Table (bootstrap, actually)"},{"location":"posts/sendxmpp-handler-for-python-logging/","text":"date: 2020-12-19 SENDXMPPHandler for Python Logging app/__init__.py You may be familiar with adding a logging handler to a flask application, with something like the following in __init__.py . app/sendxmpp_handler.py python-logging doesn't have a handler for xmpp but the handlers that are available are easy enough to understand if you read through them in handlers.py . Using the available handlers as an example, it did not require a lot of imagination to come up with SENDXMPPHandler. Android Yaxim Screenshot And this is what a flask logging error looks like on Android, in Yaxim.","title":"SENDXMPPHandler for Python Logging"},{"location":"posts/sendxmpp-handler-for-python-logging/#sendxmpphandler-for-python-logging","text":"","title":"SENDXMPPHandler for Python Logging"},{"location":"posts/sendxmpp-handler-for-python-logging/#app__init__py","text":"You may be familiar with adding a logging handler to a flask application, with something like the following in __init__.py .","title":"app/__init__.py"},{"location":"posts/sendxmpp-handler-for-python-logging/#appsendxmpp_handlerpy","text":"python-logging doesn't have a handler for xmpp but the handlers that are available are easy enough to understand if you read through them in handlers.py . Using the available handlers as an example, it did not require a lot of imagination to come up with SENDXMPPHandler.","title":"app/sendxmpp_handler.py"},{"location":"posts/sendxmpp-handler-for-python-logging/#android-yaxim-screenshot","text":"And this is what a flask logging error looks like on Android, in Yaxim.","title":"Android Yaxim Screenshot"},{"location":"posts/simplified-raspberry-streaming/","text":"date: 2019-05-12T18:32:55-07:00 RaspberryPi is a Great MPD Appliance I\u2019m really pleased with the RaspberryPi as an MPD (music player daemon), appliance. I have it hooked up to the home surround-sound system via spdif, digital optical cable hat, btw, running Arch Linux ARM , with the / file system on a dual-thumbdrive, btrfs raid1 (mirror) device . It plays music around the clock, reliably, without breaking a sweat. And the mpd daemon is easy to remote control, either from the command line with ncmpcpp , or using M.A.L.P for Android . And/Or as an Internet Radio Streaming Client The beauty of this setup it in the simplicity. All you have to do is create an plain text *m3u file with the address:port of the internet radio stream you want, and place that in /var/lib/mpd/playlists directory. You can find various internet radio lists on the internet, and many offer example *m3u playlist files that you can download. However, the important thing is that your m3u playlist file has to contain the exact streaming address, so if the m3u file you download points to a pls file, you may have to download that pls file to look for the streaming address.","title":"Simplified Raspberry Streaming"},{"location":"posts/simplified-raspberry-streaming/#raspberrypi-is-a-great-mpd-appliance","text":"I\u2019m really pleased with the RaspberryPi as an MPD (music player daemon), appliance. I have it hooked up to the home surround-sound system via spdif, digital optical cable hat, btw, running Arch Linux ARM , with the / file system on a dual-thumbdrive, btrfs raid1 (mirror) device . It plays music around the clock, reliably, without breaking a sweat. And the mpd daemon is easy to remote control, either from the command line with ncmpcpp , or using M.A.L.P for Android .","title":"RaspberryPi is a Great MPD Appliance"},{"location":"posts/simplified-raspberry-streaming/#andor-as-an-internet-radio-streaming-client","text":"The beauty of this setup it in the simplicity. All you have to do is create an plain text *m3u file with the address:port of the internet radio stream you want, and place that in /var/lib/mpd/playlists directory. You can find various internet radio lists on the internet, and many offer example *m3u playlist files that you can download. However, the important thing is that your m3u playlist file has to contain the exact streaming address, so if the m3u file you download points to a pls file, you may have to download that pls file to look for the streaming address.","title":"And/Or as an Internet Radio Streaming Client"},{"location":"posts/xmpp-apt-notifications/","text":"date: 2021-01-09 Introduction In order to save yourself the work of checking your computer for updates, configure it to send you a weekly notification for updates using cron and sendxmpp. Register an Xmpp User ssh into your prosody server and use prosodyctl to create a user for your computer. i.e. for your htpc: # prosodyctl adduser htpc@example.com You will be prompted to create a password. Install sendxmpp ssh into your computer and install sendxmpp . i.e. for your htpc: $ sudo apt-get install sendxmpp Configure sendxmpp ssh into your computer and login as the root user using $ sudo su write the following contents into /root/.sendxmpprc , i.e. for your htpc htpc@example.com;example.com <password> secure your .sendxmpprc file by making it read-only, and only accessible by the root user # chmod 600 /root/.sendxmpprc Create Cron Job While still logged in as root, open crontab for editing. # crontab -e And then write a command in crontab , i.e. for your htpc. #!/bin/bash PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 15 3 * * 4 apt-get update && apt-get -u upgrade --assume-no | sendxmpp -t -u htpc <yourself>@example.com Receive Notifications on Android Device Example Notification in Yaxim on Android","title":"Xmpp Apt Notifications"},{"location":"posts/xmpp-apt-notifications/#introduction","text":"In order to save yourself the work of checking your computer for updates, configure it to send you a weekly notification for updates using cron and sendxmpp.","title":"Introduction"},{"location":"posts/xmpp-apt-notifications/#register-an-xmpp-user","text":"ssh into your prosody server and use prosodyctl to create a user for your computer. i.e. for your htpc: # prosodyctl adduser htpc@example.com You will be prompted to create a password.","title":"Register an Xmpp User"},{"location":"posts/xmpp-apt-notifications/#install-sendxmpp","text":"ssh into your computer and install sendxmpp . i.e. for your htpc: $ sudo apt-get install sendxmpp","title":"Install sendxmpp"},{"location":"posts/xmpp-apt-notifications/#configure-sendxmpp","text":"ssh into your computer and login as the root user using $ sudo su write the following contents into /root/.sendxmpprc , i.e. for your htpc htpc@example.com;example.com <password> secure your .sendxmpprc file by making it read-only, and only accessible by the root user # chmod 600 /root/.sendxmpprc","title":"Configure sendxmpp"},{"location":"posts/xmpp-apt-notifications/#create-cron-job","text":"While still logged in as root, open crontab for editing. # crontab -e And then write a command in crontab , i.e. for your htpc. #!/bin/bash PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 15 3 * * 4 apt-get update && apt-get -u upgrade --assume-no | sendxmpp -t -u htpc <yourself>@example.com","title":"Create Cron Job"},{"location":"posts/xmpp-apt-notifications/#receive-notifications-on-android-device","text":"Example Notification in Yaxim on Android","title":"Receive Notifications on Android Device"}]}
\ No newline at end of file
diff --git a/site/sitemap.xml b/site/sitemap.xml
index 0455cae..2b04c7d 100644
--- a/site/sitemap.xml
+++ b/site/sitemap.xml
@@ -1,59 +1,63 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url><url>
      <loc>None</loc>
-     <lastmod>2021-01-10</lastmod>
+     <lastmod>2021-01-25</lastmod>
+     <changefreq>daily</changefreq>
+    </url><url>
+     <loc>None</loc>
+     <lastmod>2021-01-25</lastmod>
      <changefreq>daily</changefreq>
     </url>
 </urlset>
\ No newline at end of file
diff --git a/site/sitemap.xml.gz b/site/sitemap.xml.gz
index d4dccc0d44d9d338b2f77c8a9f5031b6603c5740..2ec1b4ea588a82beb7a1a357c586192bd3fa6021 100644
GIT binary patch
literal 203
zcmV;+05ty}iwFp+^A2DF|8r?{Wo=<_E_iKh0PU4Q4#FT1MfW`gVPB?gVxor9ol94G
z079`Pp-=&>-d<>G;u#EVhI#WRZ#lGkO&UF=^U9hQ*QCNo8ew~7h8ABhr*e-wR?vsj
zUIrAy#<zG3VLk#Z%R;;ga^kZm)(zmr7#j~8go+$6OS`N<=}~P3J6j_uq~8~EA12$g
zrfTZ4s>@~<#~a%sV&rC!Hz)6`=SsgR{E#(6A!)KJyRs|0vg^NH#aiM;Vjp*3He104
F003!ASd0Jw

literal 202
zcmV;*05$&~iwFqvP5NH~|8r?{Wo=<_E_iKh0PU5(4#FT1hxa}OVK09=siAapbkYYP
z6k8GswTD*UUNANB37lX#?z`XR8&7o4$)Sf?zy{x9P8deU>(E<2wD@v9);rwEO57I*
zCZZJf(Bd)1`9SHqt^{l}lbV5qWuTzP)BxQeWn_<K-jx-~Pq?7vDR?7j{(Yf>IE7v|
ztl>4|HD_tOu`QxU<p*<J%uV*nx|g6o<dYFJYl^G5imSMa>;JCmQ__`?Z<LipqE!X}
E0G>o+6#xJL