rwx.work/help
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs→rtfd

Browse source
This commit is contained in:
Marc Beninca 2021-12-11 15:32:21 +01:00
parent 7bc781ed11
commit c7ec1dc5d1
131 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

73
rtfd/index.rst Normal file
View file

@ -0,0 +1,73 @@
RTFD
====
.. toctree::
:maxdepth: 2
public/alsa/index
public/ansible/index
public/apt/index
public/apt-mirror/index
public/bash/index
public/bcompare/index
public/bind9/index
public/c/index
public/certbot/index
public/connect/index
public/coreutils/index
public/curl/index
public/dd/index
public/debian/index
public/debmirror/index
public/debootstrap/index
public/dns/index
public/docker/index
public/fcgiwrap/index
public/ffmpeg/index
public/firefox/index
public/git/index
public/git-bash/index
public/gitlab-ci/index
public/gitweb/index
public/gnome/index
public/gnupg/index
public/gource/index
public/grub/index
public/ifupdown2/index
public/imagemagick/index
public/isc-dhcp-server/index
public/letsencrypt/index
public/libnss3-tools/index
public/libreoffice/index
public/lxc/index
public/markdown/index
public/mdadm/index
public/msys2/index
public/nginx/index
public/openssl/index
public/pandoc/index
public/parted/index
public/pdftk/index
public/python3/index
public/qemu-system/index
public/restructuredtext/index
public/rsync/index
public/smtp/index
public/sphinx/index
public/squashfs-tools/index
public/ssh/index
public/sshd/index
public/systemd/index
public/tar/index
public/texlive/index
public/u-boot/index
public/unbound/index
public/wget/index
public/windows/index
public/xorriso/index
public/xrdp/index
.. toctree::
:caption: Dispatch
tasks

18
rtfd/public/alsa/index.rst Normal file
View file

@ -0,0 +1,18 @@
alsa
====
* /var/lib/alsa/asound.state
Unmute microphone
-----------------
.. code:: shell
amixer -c 1 set Mic 100% unmute
Save settings
-------------
.. code:: shell
alsactl store

10
rtfd/public/ansible/index.rst Normal file
View file

@ -0,0 +1,10 @@
ansible
=======
.. todo:: basic principles
.. todo:: create and configure an inventory
.. todo:: deploy an application
.. todo:: manage an infrastructure

18
rtfd/public/apt-mirror/index.rst Normal file
View file

@ -0,0 +1,18 @@
apt-mirror
==========
.. todo:: list files syntax
.. warning::
Translations archived in xz are not fetched
Workaround:
::
if ( $filename =~ m{^$component/i18n/Translation-[^./]*\.bz2$} )
::
if ( $filename =~ m{^$component/i18n/Translation-[^./]*\.(bz2|xz)$} )

75
rtfd/public/apt/configure.rst Normal file
View file

@ -0,0 +1,75 @@
Configure
=========
Keys
----
.. code:: shell
apt-key add "path/to/key/file"
Configuration
-------------
* etc/apt/apt.conf
::
APT::Default-Release buster;
APT::Get::Show-Versions true;
Dpkg::Progress-Fancy true;
Acquire::Check-Valid-Until false;
* etc/apt/preferences
::
Package: *
Pin: release n=stretch-backports
Pin-Priority: 400
Package: *
Pin: release n=buster
Pin-Priority: 200
Package: *
Pin: release n=sid
Pin-Priority: 100
* etc/apt/sources.list
.. todo::
deb.debian.org ↔ ftp.cc.debian.org
::
deb-src https://deb.debian.org/debian sid main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian sid main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian bullseye main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian bullseye-updates main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian-security bullseye-security main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian buster main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian buster-backports main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian buster-updates main contrib non-free
deb [arch=amd64,i386] https://deb.debian.org/debian-security buster/updates main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian stretch main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian stretch-backports main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian stretch-updates main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian-security stretch/updates main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian jessie main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian-security jessie/updates main contrib non-free
.. warning::
apt's file protocol handling fails with locations containing spaces
::
deb file:/media/deb.debian.org/debian stretch main contrib non-free

7
rtfd/public/apt/index.rst Normal file
View file

@ -0,0 +1,7 @@
apt
===
.. toctree::
configure
upgrade

27
rtfd/public/apt/upgrade.rst Normal file
View file

@ -0,0 +1,27 @@
*******
Upgrade
*******
Hold
====
Hold
----
.. code:: shell
apt-mark hold linux-*
Show
----
.. code:: shell
apt-mark showhold
Unhold
------
.. code:: shell
apt-mark unhold linux-*

12
rtfd/public/bash/completion.rst Normal file
View file

@ -0,0 +1,12 @@
Completion
==========
.. code:: shell
_completion_loader long_command
.. code:: shell
complete -p long_command
.. todo:: aliases

426
rtfd/public/bash/configure.rst Normal file
View file

@ -0,0 +1,426 @@
*********
Configure
*********
Configuration
=============
* etc/bash.bashrc
.. code:: bash
file="/usr/share/bash-completion/bash_completion"
if [ -f "${file}" ]; then
source "${file}"
fi
PS1="\
┌ \e[0;31m\t\e[0m\
– \e[0;32m\${?}\e[0m\
– \e[0;33m\u\e[0m\
@ \e[0;34m\h\e[0m\
"
if git --version &> /dev/null; then
PS1="${PS1} –\e[0;35m\$(__git_ps1)\e[0m"
fi
PS1="${PS1}\n\
│\e[0;36m\${PWD}\e[0m\n\
└ "
PS2="\
└ "
file="/etc/bash.alias"
if [ -f "${file}" ]; then
source "${file}"
fi
Alias
=====
* etc/bash.alias
Described
---------
.. code:: bash
# apt
# update packages catalog
alias aud='apt-get update'
# show package information
alias a='apt-cache show'
# package versions policy
alias ap='apt-cache policy'
# upgrade forbidding package installation or removal
alias aug='apt-get upgrade'
# upgrade allowing package installation or removal
alias adu='apt-get dist-upgrade'
# install packages
alias ai='apt-get install'
# clean packages cache
alias ac='apt-get autoclean;apt-get clean;apt-get autoremove'
# bash
# clear terminal
alias c='clear'
# exit terminal
alias x='exit'
# change current directory to its parent
alias ..='cd ..'
# make a directory
alias md='mkdir'
# make a directory after making its parents
alias mdp='mkdir --parents'
# change current directory to the previous one
alias pd='cd -'
# change mode as directory
alias cmd='chmod 755'
# change mode as file
alias cmf='chmod 644'
# change owner as root
alias cor='chown 0:0'
# change owner as user
alias cou='chown 1000:1000'
# look for a string in processes names
alias pg='ps -A|grep'
# kill a process by id
alias k='kill -9'
# kill all instances of a process by name
alias ka='killall'
# grep from current directory with regex
alias g='grep -rn . -e'
# list current directory entries
alias l='ls --all --color -l -p --time-style="+%Y%m%d-%H%M%S%-:::z"'
# git
# add to index
alias ga='git add'
# add all to index
alias gaa='git add --all'
# add interactively
alias gai='git add --interactive'
# create a branch
alias gb='git branch'
# delete a branch
alias gbd='git branch --delete'
# force a branch deletion
alias gbdf='git branch --delete --force'
# list branches
alias gbl='git branch --all --list --verbose --verbose'
# set the link to a remote branch from a local branch
alias gbu='git branch -u'
# list branches verbosely
alias gbv='git branch --verbose --verbose'
# clone a remote repository
alias gc='git clone'
# clean untracked files
alias gcf='git clean -d --force'
# clean untracked files interactively
alias gci='git clean -d --interactive'
# index all and commit
alias gacm='git add --all;git commit -m'
# commit the index
alias gcm='git commit -m'
# redo the last commit with a different message
alias gcma='git commit --amend -m'
# make a root commit
alias gcmr='git commit --allow-empty --allow-empty-message -m ""'
# switch to a branch or checkout file(s) from a commit
alias gco='git checkout'
# checkout an orphan branch
alias gcoo='git checkout --orphan'
# checkout development branch
alias gcod='git checkout dev'
# checkout feature branch
alias gcof='git checkout f'
# pick a commit
alias gcp='git cherry-pick'
# abort the commit pick
alias gcpa='git cherry-pick --abort'
# continue the commit pick
alias gcpc='git cherry-pick --continue'
# configure the user name
alias gcun='git config user.name'
# configure the user email
alias gcue='git config user.email'
# differences from last or between commits
alias gd='git diff'
# display what is indexed in cache
alias gdc='git diff --cached'
# differences via external tool
alias gdt='git difftool --dir-diff'
# differences via external tool
alias gdw='git diff --word-diff-regex=.'
# fetch from the remote repository
alias gf='git fetch --verbose --tags'
# garbage collect all orphan commits
alias ggc='git reflog expire --expire=now --all;git gc --prune=now'
# initialize a new repository
alias gi='git init'
# initialize a new bare repository
alias gib='git init --bare'
# log commits history
alias gl='git log --all --graph \
--format="%C(auto)%h%d %C(red)%ai%n%C(auto)%B"'
# log medium information
alias glm='git log --all --decorate --graph --format=medium'
# log medium information with patches
alias glp='git log --all --decorate --graph --format=medium --patch'
# fast-forward to remote branch
alias gmf='git merge --ff-only'
# do a merge commit
alias gmc='git merge --no-ff -m'
# abort the current merge commit
alias gma='git merge --abort'
# squash a branch and index its modifications
alias gms='git merge --squash'
# merge via external tool
alias gmt='git mergetool'
# push to the remote repository
alias gp='git push --verbose --tags --set-upstream'
# delete from the remote repository
alias gpd='git push --verbose --delete'
# force the push to the remote repository
alias gpf='git push --verbose --tags --set-upstream --force'
# rebase current branch onto another
alias grb='git rebase'
# abort current rebase
alias grba='git rebase --abort'
# continue current rebase
alias grbc='git rebase --continue'
# force rebase without fast-forward
alias grbf='git rebase --no-ff'
# rebase interactively
alias grbi='git rebase --interactive'
# list all remote repositories
alias grm='git remote'
# add a new remote repository
alias grma='git remote add'
# list remote repositories
alias grml='git remote --verbose'
# show a connection to a repository
alias grms='git remote show'
# set the location of the remote repository
alias grmu='git remote set-url'
# remove file(s) from index or move current branch pointer
alias grs='git reset'
# move current branch pointer to the development branch
alias grsd='git reset dev'
# wipe modifications or reset current branch to another commit
alias grsh='git reset --hard'
# reset current branch to the development branch
alias grshd='git reset --hard dev'
# current state of repository
alias gs='git status --untracked-files=all'
# show a commit
alias gsh='git show'
# tag a commit
alias gt='git tag'
# delete a tag
alias gtd='git tag --delete'
# rsync
# synchronize
alias rs='rsync --archive --no-whole-file --progress --verbose'
# no synchronize
alias rsn='rsync --archive --no-whole-file --progress --verbose -n'
# synchronize and delete
alias rsd='rsync --archive --no-whole-file --progress --verbose --delete'
# synchronize and delete
alias rsdn='rsync --archive --no-whole-file --progress --verbose --delete -n'
Old
---
.. code:: bash
alias c="clear"
alias cmd="chmod 755"
alias cmf="chmod 644"
alias cor="chown 0:0"
alias cou="chown 1000:1000"
alias k="kill -9"
alias ka="killall -9"
alias l="ls --all --color=always -l \
--indicator-style=slash --time-style=\"+%Y%m%d-%H%M%S%-:::z\""
alias pg="ps -A|grep"
alias x="exit"
alias a="apt-cache show"
alias ac="apt-get autoclean;apt-get clean;apt-get autoremove"
alias acl="apt-get changelog"
alias adl="apt-get download"
alias adu="apt-get dist-upgrade"
alias adus="apt-get dist-upgrade --simulate"
alias adub="apt-get dist-upgrade --target-release stretch-backports"
alias adubs="apt-get dist-upgrade --target-release stretch-backports --simulate"
alias af="apt-get --fix-broken install"
alias afs="apt-get --fix-broken install --simulate"
alias ai="apt-get install"
alias ais="apt-get install --simulate"
alias aib="apt-get install --target-release stretch-backports"
alias aibs="apt-get install --target-release stretch-backports --simulate"
alias ait="apt-get install --target-release testing"
alias aits="apt-get install --target-release testing --simulate"
alias aiu="apt-get install --target-release unstable"
alias aius="apt-get install --target-release unstable --simulate"
alias ap="apt-cache policy"
alias as="apt-cache search"
alias asrc="apt-get source"
alias aud="apt-get update"
alias aug="apt-get upgrade"
alias augs="apt-get upgrade --simulate"
alias augb="apt-get upgrade --target-release stretch-backports"
alias augbs="apt-get upgrade --target-release stretch-backports --simulate"
alias ga="git add"
alias gaa="git add --all"
alias gb="git branch"
alias gbd="git branch --delete"
alias gbdf="git branch --delete --force"
alias gbl="git branch --all --list --verbose --verbose"
alias gbu="git branch -u"
alias gc="git clone"
alias gcf="git clean -d --force"
alias gcm="git commit -m"
alias gcma="git commit --amend -m"
alias gcme="git commit --allow-empty --allow-empty-message -m"
alias gco="git checkout"
alias gcob="git checkout -b"
alias gcoo="git checkout --orphan"
alias gcp="git cherry-pick"
alias gcpa="git cherry-pick --abort"
alias gcpc="git cherry-pick --continue"
alias gcue="git config user.email"
alias gcun="git config user.name"
alias gd="git diff"
alias gdc="git diff --word-diff-regex=."
alias gdt="git difftool --dir-diff"
alias gf="git fetch --tags --verbose"
alias gfsnr="git fsck --no-progress --no-reflogs"
alias ggc="git reflog expire --expire=now --all; git gc --prune=now"
alias gi="git init"
alias gib="git init --bare"
alias gl="git log --abbrev-commit --all --decorate --graph --format=oneline"
alias gla="git log --all --decorate --graph \
--format=\"%C(auto)%h %C(red)%an%C(auto)%d %C(reset)%s\""
alias glm="git log --all --decorate --graph --format=medium"
alias gma="git merge --abort"
alias gmc="git merge --no-ff -m"
alias gmf="git merge --ff-only"
alias gms="git merge --squash"
alias gmt="git mergetool"
alias gp="git push --set-upstream --tags --verbose"
alias gpd="git push --delete origin"
alias grb="git rebase"
alias grba="git rebase --abort"
alias grbc="git rebase --continue"
alias grbi="git rebase --interactive"
alias grma="git remote add origin"
alias grmc="git rm --cached"
alias grms="git remote show origin"
alias grmu="git remote set-url origin"
alias grs="git reset"
alias grsh="git reset --hard"
alias grshd="git reset --hard dev"
alias grshm="git reset --hard master"
alias gs="git status --untracked-files"
alias gsc="git show"
alias gt="git tag"
alias gtd="git tag --delete"
alias rs="rsync --archive --progress --verbose"
alias rsn="rsync --archive --progress --verbose -n"
alias rsd="rsync --archive --progress --verbose --delete"
alias rsdn="rsync --archive --progress --verbose --delete -n"
alias tc="tar --numeric-owner --verbose --create --auto-compress --file"
alias tx="tar --numeric-owner --verbose --extract --file"

8
rtfd/public/bash/index.rst Normal file
View file

@ -0,0 +1,8 @@
bash
====
.. toctree::
configure
completion
snippets

26
rtfd/public/bash/snippets.rst Normal file
View file

@ -0,0 +1,26 @@
********
Snippets
********
Start a runnable script file
============================
.. code:: bash
#! /bin/bash
Find out current script
=======================
.. code:: bash
SCRIPT_FILE="$(realpath "${BASH_SOURCE[0]}")"
SCRIPT_DIRECTORY="$(dirname "${SCRIPT_FILE}")"
SCRIPT_NAME="$(basename "${SCRIPT_FILE}")"
Quit the interpreter
====================
.. code:: bash
exit

17
rtfd/public/bcompare/index.rst Normal file
View file

@ -0,0 +1,17 @@
bcompare
========
====== ========
debian bcompare
====== ========
.. todo:: apt source
Configure
---------
~/.config/bcompare
* registry.dat
.. todo:: xml files

56
rtfd/public/bind9/index.rst Normal file
View file

@ -0,0 +1,56 @@
bind9
=====
Domain
------
* /etc/bind/named.conf.local
::
zone "sub.domain.tld" {
type master;
file "/etc/bind/db.sub.domain.tld";
};
zone "3.2.1.in-addr.arpa" {
type master;
file "/etc/bind/db.3.2.1";
};
* /etc/bind/db.sub.domain.tld
::
$TTL 604800
@ IN SOA ns.sub.domain.tld. admin.sub.domain.tld. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
@ IN NS ns.sub.domain.tld.
*.sub.domain.tld. IN A 1.2.3.78
ns IN A 1.2.3.12
server IN A 1.2.3.12
dl IN A 1.2.3.34
www IN A 1.2.3.56
*.www IN CNAME www
* /etc/bind/db.3.2.1
::
$TTL 604800
3.2.1.in-addr.arpa. IN SOA ns.sub.domain.tld. admin.sub.domain.tld. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
3.2.1.in-addr.arpa. IN NS ns.sub.domain.tld.
12.3.2.1.in-addr.arpa. IN PTR server.sub.domain.tld.
34.3.2.1.in-addr.arpa. IN PTR dl.sub.domain.tld.
56.3.2.1.in-addr.arpa. IN PTR sub.domain.tld.

104
rtfd/public/c/index.rst Normal file
View file

@ -0,0 +1,104 @@
c
=
Imports
-------
.. code:: c
#include <stdio.h>
Comments
--------
.. code:: c
// single line comment
/* multi line comment */
Constants
---------
.. code:: c
#define NUMERIC_CONSTANT 123
Main
----
.. code:: c
void main() {
system("pause");
}
Declarations
------------
.. code:: c
// unsigned, sizeof()
char c = '1';
short s = 2;
int i = 4;
long l = 8;
float f = (float)4;
double d = (double)8;
long double ld = (long double)16;
Output
------
.. code:: c
printf("int: %d\n", entry1);
printf("float: %.2f\n", f);
Input
-----
.. code:: c
scanf("%d%s%d", &entry1, &operator, &entry2);
Conditions
----------
.. code:: c
if (condition) {
expression1;
} else {
expression2;
}
.. code:: c
switch (operator) {
case '+':
expression1;
break;
default:
printf("Nope!\n");
}
Loops
-----
.. code:: c
for (declarations;conditions;increments) {
expression1;
}
.. code:: c
while (condition) {
expression1;
}
.. code:: c
do {
expression1;
} while (condition);

22
rtfd/public/certbot/index.rst Normal file
View file

@ -0,0 +1,22 @@
certbot
=======
DNS certificate
---------------
.. code:: shell
mkdir tmp
DOMAIN='domain.tld'
certbot \
--config-dir tmp \
--logs-dir tmp \
--work-dir tmp \
certonly \
--agree-tos \
--manual \
--no-eff-email \
--preferred-challenges dns \
--csr tls.csr \
--email acme@${DOMAIN} \
--domains ${DOMAIN},*.${DOMAIN}

4
rtfd/public/connect/download.rst Normal file
View file

@ -0,0 +1,4 @@
download
========
…/output/filename.zip?download=zip

6
rtfd/public/connect/index.rst Normal file
View file

@ -0,0 +1,6 @@
connect
=======
.. toctree::
download

9
rtfd/public/coreutils/index.rst Normal file
View file

@ -0,0 +1,9 @@
coreutils
=========
printf
------
.. code:: shell
printf -v formatted "%03d" ${raw}

14
rtfd/public/curl/email.rst Normal file
View file

@ -0,0 +1,14 @@
Send email
==========
.. code:: shell
curl \
--verbose \
--insecure \
--ssl-reqd \
--url "smtp://sub.domain.tld" \
--mail-from "first.last@sub.domain.tld" \
--mail-rcpt "first.last@sub.domain.tld" \
--user "login:password" \
--upload-file -

6
rtfd/public/curl/index.rst Normal file
View file

@ -0,0 +1,6 @@
curl
====
.. toctree::
email

11
rtfd/public/dd/index.rst Normal file
View file

@ -0,0 +1,11 @@
dd
==
.. code:: shell
dd \
if=/input/file \
of=/output/file \
bs=1048576 \
count=1 \
status=progress

8
rtfd/public/debian/index.rst Normal file
View file

@ -0,0 +1,8 @@
debian
======
.. toctree::
packages
repositories
system/index

201
rtfd/public/debian/packages.rst Normal file
View file

@ -0,0 +1,201 @@
********
Packages
********
Base
====
+-----------+
| locales |
| apt-utils |
| dialog |
+-----------+
System
======
+-------------------+
| linux-image-amd64 |
| systemd-sysv |
| live-boot |
+-------------------+
Drivers
=======
+------------------------+
| firmware-linux-nonfree |
| firmware-iwlwifi |
+------------------------+
Architecture
============
+----------------+
| clonezilla |
| debootstrap |
| gparted |
| squashfs-tools |
+----------------+
Desktop
=======
+------------+
| gnome |
| gnome-core |
+------------+
Commands
========
.. todo:: link
+--------------------------+
| [bash](../bash/index.md) |
| bash-completion |
+--------------------------+
Development
===========
+----------+
| kdevelop |
| nuitka |
| python3 |
+----------+
Documentation
=============
+--------------------------------+
| mkdocs |
| pandoc |
| python3-recommonmark |
| python3-sphinx |
| python3-sphinx-bootstrap-theme |
| python3-sphinx-rtd-theme |
+--------------------------------+
Hardware
========
+-----------+-------+
| dmidecode | |
| pciutils | lspci |
| usbutils | lsusb |
+-----------+-------+
Multimedia
==========
+----------------+
| audacity |
| ffmpeg |
| mkvtoolnix |
| subtitleeditor |
| vlc |
+----------------+
Domain names
============
+---------+
| bind9 |
| unbound |
+---------+
Processes
=========
+---------+
| htop |
| iotop |
| jnettop |
+---------+
Security
========
.. todo:: link
+----------------------------------------------+-----------------------------------------------+
| openssh-client | Utiliser un service de connexion sécurisée |
| [openssh-server](../openssh-server/index.md) | Héberger un service de connexion sécurisée |
| sudo | Changer de privilèges le temps d’une commande |
| tcplay | |
+----------------------------------------------+-----------------------------------------------+
Text
====
+------+
| nano |
| vim |
+------+
Versioning
==========
+--------+
| git |
| gitg |
| gource |
+--------+
Virtualization
==============
+---------------------+
| build-essential |
| dkms |
| linux-headers-amd64 |
| lxc |
| virt-manager |
+---------------------+
Web
===
+-------------+
| firefox |
| firefox-esr |
| wget |
+-------------+
To sort
=======
+--------------+
| apparmor |
| curl |
| iputils-ping |
| less |
| locate |
| man |
| ncdu |
| numlockx |
| qdirstat |
| syslog-ng |
| tree |
+--------------+
+--------------------------+
| firmware-linux-free |
| firmware-linux-nonfree |
| firmware-misc-nonfree |
| xserver-xorg-video-intel |
+--------------------------+
+---------------------+
| blender |
| deadbeef |
| filezilla |
| ghex |
| hexchat |
| libreoffice |
| mumble |
| texlive-lang-french |
| texlive-xetex |
| thunderbird |
+---------------------+

151
rtfd/public/debian/repositories.rst Normal file
View file

@ -0,0 +1,151 @@
************
Repositories
************
Keys
====
archive
-------
Master key
* E0B11894F66AEC98 Debian Archive Automatic Signing Key <ftpmaster@debian.org>
Subkey
* 04EE7237B7D453EC Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
Deprecated
* 7638D0442B90D010 Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
security
--------
* 9D6D8F6BC857C906 Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
And, for some reason, this one used with testing/updates
* 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
Locations
=========
* content delivery network
* https://deb.debian.org/debian
* https://deb.debian.org/debian-security
* legacy
* http://ftp.fr.debian.org/debian
* http://ftp.us.debian.org/debian
* http://security.debian.org
Structure
=========
* ? changelogs
* ? DEP-11
* ? doc
* ? extrafiles
* ? indices
* dists
* ?
* dists
* oldstable
* oldstable-backports
* oldstable-updates
* stable
* stable-backports
* stable-updates
Files
=====
README
------
::
This directory, dists, is the canonical way to access the distributions.
Each distribution can be accessed by name or state from here.
oldoldstable, or jessie - the released Debian 8.11
oldstable, or stretch - the released Debian 9.12
stable, or buster - the released Debian 10.3
oldoldstable-proposed-updates - possible updates to Debian 8
oldstable-proposed-updates - possible updates to Debian 9
stable-proposed-updates - possible updates to Debian 10
jessie-updates - important updates to Debian 8
stretch-updates - important updates to Debian 9
buster-updates - important updates to Debian 10
testing, or bullseye - the development version of the next release
unstable, or sid - untested candidate packages for future releases
experimental, or rc-buggy - experimental packages to be used on top of unstable
Release
-------
contrib main non-free
* ?/Contents-*
* ?/Contents-source
* ?/Contents-udeb-*
* ?/binary-all
* ?/binary-*
* ?/debian-installer/binary-all
* ?/debian-installer/binary-*
* ?/dep11/Components-*
* ?/dep11/icons
* ?/i18n
* main/installer-*
* ?/contrib/source
::
Origin: Debian
Label: Debian
Suite: stable
Version: 9.2
Codename: stretch
Changelogs: http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog
Date: Sat, 07 Oct 2017 09:44:42 UTC
Acquire-By-Hash: yes
Architectures: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
Components: main contrib non-free
Description: Debian 9.2 Released 07 October 2017
MD5Sum:
f9bbab6d94f45e56c672017d8720a24c 1181459 contrib/Contents-amd64
SHA256:
e3bf2ecc2ce89bc48e2339b86ceaba9e1fff7d6668eafab1445e7f7990c4802e 1181459 contrib/Contents-amd64
Packages
--------
::
Package: astrometry-data-2mass-00
Source: astrometry-data-2mass
Version: 1.1
Installed-Size: 13882041
Maintainer: Debian Astronomy Team <debian-astro-maintainers@lists.alioth.debian.org>
Architecture: all
Depends: astrometry.net, curl
Enhances: astrometry.net
Description: Astrometry.net 2MASS index files downloader (2'-2.8')
Homepage: http://data.astrometry.net/4200
Description-md5: b0effd246d35f7c4108f5a91527965cd
Section: contrib/science
Priority: optional
Filename: pool/contrib/a/astrometry-data-2mass/astrometry-data-2mass-00_1.1_all.deb
Size: 3204
MD5sum: 1a51ad538ca17d1113802820856dc4d5
SHA256: 36eafa5e9dbea55ecea5b2595f0d7c0a591e0831e20ac3ac98a239605074798a

8
rtfd/public/debian/system/index.rst Normal file
View file

@ -0,0 +1,8 @@
System from scratch
===================
.. toctree::
:maxdepth: 2
:numbered: 2
system

370
rtfd/public/debian/system/system.rst Normal file
View file

@ -0,0 +1,370 @@
.. todo::
* /etc/motd
Choices
=======
have up-to-date mirrors available
---------------------------------
.. todo:: sync mirrors
.. todo:: check mirrors
critical base packages
----------------------
+-----------+--------------------------------------------------+
| locales | to get localization binaries for system messages |
+-----------+--------------------------------------------------+
| apt-utils | otherwise packages configuration gets delayed |
+-----------+--------------------------------------------------+
| dialog | to have user interaction possible with APT |
+-----------+--------------------------------------------------+
decide the desired type of system
---------------------------------
* will the system run
* 64 bits?
* 32 bits?
* both?
* will the system be run by
* a physical machine?
* a virtual machine?
* a container?
* a container inside a virtual machine?
* will the system be stored
* read-write, as a file system on a dedicated partition?
* read-only, as a single file loaded in RAM at boot time?
Install required tools
======================
============== ========================================
debootstrap generate a minimal base file system
squashfs-tools archive or unarchive a file system image
============== ========================================
.. code:: shell
apt install debootstrap squashfs-tools
Create a base file hierarchy
============================
prepare the system's directory
------------------------------
* become root
.. code:: shell
su
* make root directory
.. code:: shell
mkdir '/squashfs-root'
generate the minimal base
-------------------------
.. code:: shell
debootstrap \
--arch 'amd64' \
--variant 'minbase' \
--include 'locales,apt-utils,dialog' \
'bullseye' \
'/squashfs-root' \
'https://deb.debian.org/debian'
Configure preinstalled packages
===============================
apt
---
configuration
^^^^^^^^^^^^^
* /etc/apt/apt.conf
Acquire::AllowInsecureRepositories False;
Acquire::AllowWeakRepositories False;
Acquire::AllowDowngradeToInsecureRepositories False;
Acquire::Check-Valid-Until False;
APT::Install-Recommends False;
APT::Install-Suggests False;
APT::Get::Show-Versions True;
Dir::Etc::SourceParts "";
Dpkg::Progress True;
preferences
^^^^^^^^^^^
* /etc/apt/preferences
.. todo:: preferences
sources
^^^^^^^
* /etc/apt/sources.list
::
deb [arch=amd64] https://deb.debian.org/debian bullseye main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian bullseye-backports main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian bullseye-updates main contrib non-free
deb [arch=amd64] https://deb.debian.org/debian-security bullseye-security main contrib non-free
locales
-------
define default locale
^^^^^^^^^^^^^^^^^^^^^
* /etc/default/locale
::
LANG='en_US.UTF-8'
LANGUAGE='en_US:en'
LC_CTYPE='fr_FR.UTF-8'
LC_NUMERIC='fr_FR.UTF-8'
LC_TIME='fr_FR.UTF-8'
LC_COLLATE='fr_FR.UTF-8'
LC_MONETARY='fr_FR.UTF-8'
LC_MESSAGES='en_US.UTF-8'
LC_PAPER='fr_FR.UTF-8'
LC_NAME='fr_FR.UTF-8'
LC_ADDRESS='fr_FR.UTF-8'
LC_TELEPHONE='fr_FR.UTF-8'
LC_MEASUREMENT='fr_FR.UTF-8'
LC_IDENTIFICATION='fr_FR.UTF-8'
define locales to generate
^^^^^^^^^^^^^^^^^^^^^^^^^^
* /etc/locale.gen
::
en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8
generate locales
^^^^^^^^^^^^^^^^
.. code:: shell
locale-gen
[configure command shell](../bash/index.md)
-------------------------------------------
redefine hostname
-----------------
* /etc/hostname
::
hostname
provide known file systems
--------------------------
* /etc/fstab
RAM volume for temporary files
::
tmpfs /tmp tmpfs auto,mode=1777 0 0
Install additional packages
===========================
switch into context
-------------------
.. code:: shell
for f in 'dev' 'dev/pts' 'proc' 'sys' ; do
mount --bind "/${f}" "/squashfs-root/${f}"
done
chroot '/squashfs-root'
console-setup
-------------
define default keyboard layouts
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* /etc/default/keyboard
::
XKBMODEL='pc105'
XKBLAYOUT='fr,fr'
XKBVARIANT='oss,bepo'
XKBOPTIONS='terminate:ctrl_alt_bksp'
BACKSPACE='guess'
define root password
--------------------
.. code:: shell
passwd
user, guest, sudo
-----------------
.. code:: shell
apt-get install sudo
useradd -s /bin/bash user
mkdir /home/user
chown user: /home/user
adduser user sudo
useradd -s /bin/bash guest
chown guest: /home/guest
authentications: passwords, SSH keys
------------------------------------
.. todo:: files
upgrade system
--------------
* in any case :
.. code:: shell
apt-get update
apt-get upgrade
* if needed by backported packages :
.. code:: shell
apt-get dist-upgrade
apply system type elements
--------------------------
================= ==================================================
systemd-sysv sans quoi le système ne démarrera pas complètement
linux-image-amd64 s’il ne s’agit pas d’un conteneur
live-boot si à destination de boot live
================= ==================================================
.. code:: shell
apt-get install --target-release 'bullseye-backports' 'linux-image-amd64'
.. code:: shell
apt-get install 'live-boot'
----
initialization settings
-----------------------
.. code:: shell
apt-get install --target-release 'bullseye-backports' 'systemd-sysv'
* /etc/sysctl.conf
Espace mémoire maximum allouable (à augmenter si hébergement de conteneurs)
Pourcentage de RAM disponible avant utilisation de la partition d’échange
.. code:: ini
vm.max_map_count=1048576
vm.swappiness=0
install useful packages
-----------------------
.. code:: shell
apt-get install \
bash-completion \
lxc \
less nano vim \
pciutils usbutils \
python3 \
squashfs-tools
.. code:: shell
apt-get install \
--target-release 'bullseye-backports' \
debootstrap
install other packages
----------------------
[Choix de paquets commentés](packages.md)
.. code:: shell
apt-get install "package1" …
apt-get install -t stretch-backports "package1" …
properly switch back from context
---------------------------------
* empty APT's cache
.. code:: shell
apt-get clean
* exit the environment
.. code:: shell
exit
* untie links to host system
.. code:: shell
for f in 'sys' 'proc' 'dev/pts' 'dev' ; do
umount --lazy "/squashfs-root/${f}"
done
clean up commands history
-------------------------
* root/.bash_history
Configure installed packages
============================
.. todo:: files
Archive prepared file system
============================
.. code:: shell
mksquashfs \
'/squashfs-root' \
'filesystem.squashfs' \
-noappend \
-b '1m' \
-comp 'zstd' \
-Xcompression-level 22

48
rtfd/public/debmirror/index.rst Normal file
View file

@ -0,0 +1,48 @@
debmirror
=========
traditional
-----------
.. code:: shell
debmirror \
--source \
--method="http" \
--host="sub.domain.tld" \
--root="path/resource" \
--dist="buster" \
--section="main" \
--keyring="/etc/apt/trusted.gpg" \
--arch="amd64" \
--check-gpg \
--checksums \
--diff="none" \
--postcleanup \
--progress \
--rsync-extra="none" \
--timeout=360000 \
--verbose \
"mirrors_directory/name"
debian only
-----------
.. code:: shell
--di-arch="arches" \
--di-dist="buster" \
--i18n \
--keyring="/usr/share/keyrings/debian-archive-keyring.gpg" \
violations
----------
.. code:: shell
--no-source \
--method="https" \
--root="/" \
--ignore-missing-release \
--dist="name,path/resource" \
--section="other,1.2/main" \

8
rtfd/public/debootstrap/dldebs.rst Normal file
View file

@ -0,0 +1,8 @@
download debs
=============
* wget
* xz
* bz2
* gz

21
rtfd/public/debootstrap/finddebs.rst Normal file
View file

@ -0,0 +1,21 @@
find debs
=========
work out debs
-------------
* dists/${suite}/${component}/binary-${architecture}/Packages
::
required ← Priority: required
base ← "apt apt-transport-https ca-certificates"
resolve deps
------------
* dists/${suite}/${component}/binary-${architecture}/Packages
::
packages ← Depends: …

21
rtfd/public/debootstrap/first_stage.rst Normal file
View file

@ -0,0 +1,21 @@
first stage
===========
extractor
---------
* dpkg-deb / ar
dpkg
----
* var/lib/dpkg
* var/lib/dpkg/available
* var/lib/dpkg/status
etc
---
* fstab
* hostname
* resolv.conf

11
rtfd/public/debootstrap/index.rst Normal file
View file

@ -0,0 +1,11 @@
debootstrap
===========
.. toctree::
:maxdepth: 2
:numbered: 2
finddebs
dldebs
first_stage
second_stage

2
rtfd/public/debootstrap/second_stage.rst Normal file
View file

@ -0,0 +1,2 @@
second stage
============

10
rtfd/public/dns/hostname.rst Normal file
View file

@ -0,0 +1,10 @@
hostname
========
.. todo:: command
* /etc/hostname
::
name

15
rtfd/public/dns/hosts.rst Normal file
View file

@ -0,0 +1,15 @@
hosts
=====
* /etc/hosts
localhost
---------
.. warning:: include hostname or sudo complains
::
127.0.0.1 localhost
::1 localhost

9
rtfd/public/dns/index.rst Normal file
View file

@ -0,0 +1,9 @@
dns
===
.. toctree::
:maxdepth: 2
hostname
hosts
resolv

19
rtfd/public/dns/resolv.rst Normal file
View file

@ -0,0 +1,19 @@
resolv
======
* /etc/resolv.conf
cloudflare
----------
::
nameserver 1.1.1.1
google
------
::
nameserver 8.8.8.8
nameserver 8.8.4.4

75
rtfd/public/docker/host.rst Normal file
View file

@ -0,0 +1,75 @@
Host
====
Stats
-----
.. code:: shell
docker info
Images
------
List
^^^^
.. code:: shell
docker images
Import
^^^^^^
.. code:: shell
docker import archive_name.tar repository_name:image_name
Remove
^^^^^^
.. code:: shell
docker image rm image_name
Containers
----------
List
^^^^
.. code:: shell
docker ps --all
Create
^^^^^^
.. code:: shell
docker create \
--name container_name \
--publish host_port:container_port \
repository_name:image_name \
command argument_1 …
Start
^^^^^
.. code:: shell
docker start container_name
Stop
^^^^
.. code:: shell
docker stop container_name
Remove
^^^^^^
.. code:: shell
docker rm container_name

6
rtfd/public/docker/index.rst Normal file
View file

@ -0,0 +1,6 @@
docker
======
.. toctree::
host

41
rtfd/public/fcgiwrap/index.rst Normal file
View file

@ -0,0 +1,41 @@
fcgiwrap
========
.. todo:: mandatory parameters
Configure socket
----------------
.. code:: ini
[Unit]
Description=fcgiwrap socket
[Socket]
SocketMode=0600
SocketUser=www-data
SocketGroup=www-data
ListenStream=/run/fcgiwrap.socket
[Install]
WantedBy=sockets.target
Configure service
-----------------
.. code:: ini
[Unit]
Description=simple cgi server
After=nss-user-lookup.target
Requires=fcgiwrap.socket
[Service]
Environment=DAEMON_OPTS=-f
EnvironmentFile=-/etc/default/fcgiwrap
ExecStart=/usr/sbin/fcgiwrap ${DAEMON_OPTS}
User=www-data
Group=www-data
[Install]
Also=fcgiwrap.socket

6
rtfd/public/ffmpeg/index.rst Normal file
View file

@ -0,0 +1,6 @@
ffmpeg
======
.. toctree::
snippets

82
rtfd/public/ffmpeg/snippets.rst Normal file
View file

@ -0,0 +1,82 @@
********
Snippets
********
Change container
================
.. code:: shell
ffmpeg \
-i input.avi \
-y output.mkv
Record video device
===================
List formats
------------
.. code:: shell
ffmpeg \
-f v4l2 -list_formats all \
-i /dev/video0
Acquire fastly
--------------
.. code:: shell
ffmpeg \
-f v4l2 -use_wallclock_as_timestamps true \
-video_size 1280x720 -framerate 60 \
-input_format bgr24 \
-i /dev/video0 \
-vf vflip \
-codec:v libx264 -preset ultrafast -qp 0 \
-y ultrafast.mkv
Cut and shrink
--------------
.. code:: shell
ffmpeg -i ultrafast.mkv \
-ss 00:00:01.000 -to 00:00:02.000 \
-codec:v libx264 -preset veryslow -qp 0 \
-y uf.mkv
Compress for web
----------------
.. code:: shell
ffmpeg -i uf.mkv \
-codec:v libx264 -preset veryslow -qp 23 \
-movflags +faststart -pix_fmt yuv420p \
-y uf.23.mkv
Cut file
========
.. code:: shell
ffmpeg \
-i input.mkv \
-ss 00:00:01.000 \
-to 00:00:02.000 \
-codec copy \
-y output.mkv
Closest I frames
----------------
.. code:: shell
ffmpeg \
-ss 00:00:01.000 \
-i input.mkv \
-to 00:00:02.000 \
-codec copy \
-y output.mkv

16
rtfd/public/firefox/configure.rst Normal file
View file

@ -0,0 +1,16 @@
Configure
=========
* prefs.js
* user.js
Client certificates
-------------------
.. code:: js
user_pref("browser.tabs.closeWindowWithLastTab", false);
user_pref("browser.urlbar.trimURLs", false);
user_pref("full-screen-api.warning.timeout", 0);
user_pref("security.default_personal_cert", "Ask Every Time");
user_pref("security.default_personal_cert", "Select Automatically");

20
rtfd/public/firefox/import_certificate_from_web_page.rst Normal file
View file

@ -0,0 +1,20 @@
Import certificate from web page
================================
Set the web server's MIME types
CA certificate
--------------
::
application/x-x509-ca-cert crt der pem;
Client certificate
------------------
.. warning:: doesn't work, bug still open
::
application/x-x509-user-cert p12 pfx;

7
rtfd/public/firefox/index.rst Normal file
View file

@ -0,0 +1,7 @@
firefox
=======
.. toctree::
configure
import_certificate_from_web_page

5
rtfd/public/git-bash/index.rst Normal file
View file

@ -0,0 +1,5 @@
git-bash
========
.. todo:: set user's HOME variable to %USERPROFILE%
.. todo:: execute post-install.bat after archive extraction

32
rtfd/public/git/configure.rst Normal file
View file

@ -0,0 +1,32 @@
Configure
=========
Identity
--------
.. code:: shell
git config user.name "First Last"
git config user.email "user@domain.tld"
* ~/.gitconfig
.. code:: ini
[user]
name = "First Last"
email = "user@domain.tld"
Auto-build
----------
.. code:: shell
git config receive.denyCurrentBranch updateInstead
* .git/hooks/post-receive (+x)
.. code:: shell
#! /bin/sh
../build_script

8
rtfd/public/git/index.rst Normal file
View file

@ -0,0 +1,8 @@
git
===
.. toctree::
:maxdepth: 1
configure
snippets

22
rtfd/public/git/snippets.rst Normal file
View file

@ -0,0 +1,22 @@
Snippets
========
TODO
----
* .gitignore
* aliases
* git diff
* cached (staging area)
* character
Reverse .gitignore
------------------
::
*
!.gitignore
!*/
!SHA*SUMS

40
rtfd/public/gitlab-ci/index.rst Normal file
View file

@ -0,0 +1,40 @@
gitlab-ci
=========
* /.gitlab-ci.yml
.. code:: yaml
stages:
- test
- deploy
try:
stage: test
image: alpine:latest
script:
- ls -al ../../..
- ls -al ../..
- ls -al ..
- ls -al
pages:
stage: deploy
script:
- ls --all -l public
artifacts:
paths:
- public
* group script
.. todo:: explain group logic
.. code:: shell
apt update
rm --force --recursive ../${group_project}
apt --yes install git
git clone ${group_url}/${group_project} ../${group_project}
apt --yes install python3
python3 ../${group_project}/buildeploy.py

27
rtfd/public/gitweb/index.rst Normal file
View file

@ -0,0 +1,27 @@
gitweb
======
Configure
---------
.. todo:: /etc/gitweb.conf alike
Expose
------
.. todo:: link to fcgi common configuration
NginX
^^^^^
::
location /static/ {
root /usr/share/gitweb;
}
location / {
include fcgi.conf;
fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
fastcgi_pass unix:/run/fcgiwrap.socket;
}

54
rtfd/public/gnome/configure.rst Normal file
View file

@ -0,0 +1,54 @@
*********
Configure
*********
General
=======
Settings
--------
* automatic date/time
* automatic timezone
Tweak tool
----------
* dark theme
dconf
-----
* backgrounds
* updates
Applications
============
Terminal (gnome-terminal)
-------------------------
* dark variant
* colors
* infinite scroll
Files (nautilus)
----------------
Settings
Text editor (gedit)
-------------------
Settings
Plugins:
* git
Keyboard shortcuts
------------------
Calculator
----------
Advanced mode

5
rtfd/public/gnome/index.rst Normal file
View file

@ -0,0 +1,5 @@
gnome
=====
.. toctree::
configure

88
rtfd/public/gnupg/configure.rst Normal file
View file

@ -0,0 +1,88 @@
Configure
=========
If up:
.. code:: shell
killall -9 gpg-agent
killall -9 dirmngr
wipe if needed
--------------
.. code:: shell
rm --force --recursive ~/.gnupg
mkdir -m 700 ~/.gnupg
check available algorithms
--------------------------
.. code:: shell
gpg --version
avoid default use of SHA256
---------------------------
* gpg.conf
::
keyid-format long
keyserver-options include-revoked
list-options show-uid-validity
no-verbose
verify-options show-uid-validity
with-fingerprint
with-keygrip
with-subkey-fingerprint
no-comments
no-emit-version
default-preference-list SHA512 AES256 BZIP2
cert-digest-algo SHA512
cipher-algo AES256
compress-algo BZIP2
digest-algo SHA512
personal-cipher-preferences AES256
personal-digest-preferences SHA512
personal-compress-preferences BZIP2
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712
avoid DL/UL issues, depending on DNS
------------------------------------
* dirmngr.conf
::
keyserver hkps://keys.openpgp.org
standard-resolver
authenticate
------------
* gpg-agent.conf
::
enable-ssh-support
* sshcontrol
KeyGrip to use if there are several
::
KKEEYYGGRRIIPP
* export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)

50
rtfd/public/gnupg/fun.rst Normal file
View file

@ -0,0 +1,50 @@
“Choose” fingerprint
====================
.. code:: bash
#! /bin/bash
mkdir --parents _
while true; do
gpg \
--batch \
--passphrase '' \
--quick-generate-key \
'First Last <first-last@domain.tld>' \
ed25519 \
cert \
1y \
&> /dev/null
gpg \
--armor \
--export-secret-keys \
'First Last' > "tmp.gpg"
name=$(\
cat tmp.gpg \
| gpg --list-packets \
| grep v4 \
| awk -F ' ' '{print $9}' \
| awk -F ')' '{print $1}' \
)
name="${name:24:4}_${name:28:4}__${name:32:4}_${name:36}"
echo "${name}"
mv tmp.gpg "_/${name}"
rm openpgp-revocs.d/*
rm private-keys-v1.d/*
gpg \
--batch \
--yes \
--delete-keys 'First Last'
rm pubring.kbx*
rm trustdb.gpg
done

54
rtfd/public/gnupg/generate.rst Normal file
View file

@ -0,0 +1,54 @@
Generate
========
master key
----------
.. code:: shell
gpg --expert --full-generate-key
::
8 → RSA (set your own capabilities)
s → toggle the sign capability
e → toggle the encrypt capability
q → finished
4096
1y → key expires in 1 year
y → this is correct
First Last
user@domain.tld
comment
o → ok
.. code:: shell
gpg --quick-generate-key 'First Last <user@domain.tld>' rsa4096 cert 1y
revocation certificate
----------------------
.. code:: shell
gpg --generate-revocation "KeyID" > "FFIINNGGEERRPPRRIINNTT.rev"
::
y
::
0 → no reason specified
1 → key has been compromised
2 → key is superseded
3 → key is no longer used
::
description
y
.. warning::
Hide this file in an encrypted container!

11
rtfd/public/gnupg/index.rst Normal file
View file

@ -0,0 +1,11 @@
gnupg
=====
.. toctree::
:maxdepth: 2
overview
configure
generate
servers
fun

186
rtfd/public/gnupg/overview.rst Normal file
View file

@ -0,0 +1,186 @@
********
OverView
********
.. todo::
* setpref, or elsehow at key generation
* ! suffix to exclude subkeys
* trust key
* sign file
* sign key
* encrypt for [hidden-]recipient
* delete secret key
* import secret key
* refresh keys
List
====
.. code:: shell
gpg --list-keys
.. code:: shell
gpg --list-signatures
Modify
======
.. code:: shell
gpg --expert --edit-key "KEY ID"
[…]
::
save
add a subkey to a master key
----------------------------
::
addkey
8 → RSA (set your own capabilities)
[…]
::
q → finished
4096
1y → key expires in 1 year
y → this is correct
y → really create
sign
^^^^
::
e → toggle the encrypt capability
.. code:: shell
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 auth 1y
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 encr 1y
gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 sign 1y
encrypt
^^^^^^^
::
s → toggle the sign capability
authenticate
^^^^^^^^^^^^
::
s → toggle the sign capability
e → toggle the encrypt capability
a → toggle the authenticate capability
set expiration date
-------------------
::
expire
1y
y
add another UserID
------------------
::
adduid
First Last
user@domain.tld
comment
o
set primary UserID
------------------
::
uid 1
primary
Export
======
private key
-----------
.. code:: shell
gpg --armor --export-secret-keys FFIINNGGEERRPPRRIINNTT > key.gpg
private subkeys
---------------
.. code:: shell
gpg --armor --export-secret-subkeys FFIINNGGEERRPPRRIINNTT > subkeys.gpg
public key
----------
.. code:: shell
gpg --armor --export "Key ID" > id.asc
public SSH key
--------------
.. code:: shell
gpg --armor --export-ssh-key "Key ID" > id.pub
Dump
====
.. code:: shell
gpg --list-packets
.. code:: shell
pgpdump pub.asc
Secure
======
hide the master key in an encrypted container
---------------------------------------------
* ~/.gnupg/private-keys-v1.d/KKEEYYGGRRIIPP.key
Sign
====
.. code:: shell
gpg --armor --detach-sign file
Revoke
======
.. code:: shell
gpg --import "FFIINNGGEERRPPRRIINNTT.rev"
gpg --send-keys "KEY ID"
Verify
======
.. code:: shell
gpg --verify file.asc file

66
rtfd/public/gnupg/servers.rst Normal file
View file

@ -0,0 +1,66 @@
Servers
=======
Search
------
.. code:: shell
gpg \
--keyserver hkps://sub.domain.tld \
--search-keys "Key ID"
Download
--------
.. code:: shell
gpg \
--keyserver hkps://sub.domain.tld \
--receive-keys "Key ID"
Upload
------
.. code:: shell
gpg \
--keyserver hkps://sub.domain.tld \
--send-keys "Key ID"
Available
---------
Mitigated
^^^^^^^^^
* hkps://
::
keys.openpgp.org
Vulnerable
^^^^^^^^^^
* hkps://
::
keyring.debian.org
pgp.key-server.io
pgp.mit.edu
peegeepee.com
pgp.rediris.es
sks-keyservers.net
pgp.surfnet.nl
keyserver.ubuntu.com
# round-robin
keys.gnupg.net
* hkp://
::
pgp.uni-mainz.de

7
rtfd/public/gource/index.rst Normal file
View file

@ -0,0 +1,7 @@
gource
======
.. toctree::
:maxdepth: 1
render

17
rtfd/public/gource/render.rst Normal file
View file

@ -0,0 +1,17 @@
Render
======
.. todo:: ffmpeg pipe
.. code:: bash
gource \
--date-format "%Y - %m - %d / %H : %M : %S" \
-f \
--highlight-dirs \
--highlight-users \
--key \
--output-framerate 60 \
--start-date "yyyy-mm-dd HH:MM:SS" \
--auto-skip-seconds 1 \
--seconds-per-day 10

15
rtfd/public/grub/index.rst Normal file
View file

@ -0,0 +1,15 @@
grub
====
.. todo::
* write a configuration script
* build a standalone image
* write a boot menu
* boot debian live
* boot debian installer
.. toctree::
modules
standalone

405
rtfd/public/grub/modules.rst Normal file
View file

@ -0,0 +1,405 @@
.. _grub_modules:
Modules
=======
Included
--------
======= ==
memdisk |
tar |
======= ==
Mandatory
---------
====== ==
normal |
====== ==
dependencies
^^^^^^^^^^^^
======== ==
boot |
bufio |
crypto |
extcmd |
gettext |
terminal |
======== ==
Useful
------
core
^^^^
========== ==
date |
echo |
eval |
help |
keylayouts |
ls |
sleep |
test |
true |
========== ==
hw
^^
========= ==
cpuid |
lspci |
terminfo |
videoinfo |
========= ==
part
^^^^
========== ==
lvm |
mdraid1x |
part_bsd |
part_dfly |
part_gpt |
part_msdos |
raid5rec |
========== ==
fs
^^
=========== ==
btrfs |
exfat |
ext2 |
fat |
hfs |
hfspluscomp |
iso9660 |
ntfscomp |
squash4 |
udf |
xfs |
zfs |
=========== ==
file
^^^^
======== ==
cat |
cmp |
file |
hexdump |
loadenv |
loopback |
probe |
regexp |
search |
======== ==
hash
^^^^
=========== ==
hashsum |
gcry_sha1 |
gcry_sha256 |
gcry_sha512 |
=========== ==
action
^^^^^^
========== ==
bsd |
configfile |
halt |
keystatus |
linux |
read |
reboot |
========== ==
gfx
^^^
================== ==
gfxterm_background |
jpeg |
png |
================== ==
bench
^^^^^
========= ==
progress |
testspeed |
========= ==
i386-pc
^^^^^^^
======== =================================
biosdisk | detect disks through bios
drivemap | map drives for windows bullshit
ntldr | load windows bootmgr or ntldr
======== =================================
Useless
-------
============ ==
at_keyboard |
gcry_crc |
gcry_md4 |
gcry_md5 |
mdraid09 |
mdraid09_be |
memrw |
random |
tga |
time |
usb_keyboard |
usbtest |
videotest |
============ ==
i386-pc
^^^^^^^
= ==
? |
= ==
Untested
--------
========== ==
part_acorn |
part_amiga |
part_apple |
part_dvh |
part_plan |
part_sun |
part_sunpc |
========== ==
========= ==
affs |
afs |
bfs |
cbfs |
cpio |
cpio_be |
hfsplus |
jfs |
minix |
minix_be |
minix2 |
minix2_be |
minix3 |
minix3_be |
nilfs2 |
ntfs |
procfs |
reiserfs |
romfs |
sfs |
ufs1 |
ufs1_be |
ufs2 |
========= ==
============== ==
adler32 |
crc64 |
gcry_arcfour |
gcry_blowfish |
gcry_camellia |
gcry_cast5 |
gcry_des |
gcry_dsa |
gcry_idea |
gcry_rfc2268 |
gcry_rijndael |
gcry_rmd160 |
gcry_rsa |
gcry_seed |
gcry_serpent |
gcry_tiger |
gcry_twofish |
gcry_whirlpool |
============== ==
==================== ==
acpi
ahci
all_video
aout
archelp
ata
backtrace
bitmap
bitmap_scale
blocklist
bswap_test
cbls
cbmemc
cbtable
cbtime
chain
cmdline_cat_test
cmp_test
cryptodisk
cs5536
ctz_test
datehook
datetime
disk
diskfilter
div
div_test
dm_nv
ehci
elf
exfctest
font
fshelp
functional_test
geli
gfxmenu
gfxterm
gfxterm_menu
gptsync
gzio
hdparm
hello
http
iorw
ldm
legacycfg
legacy_password_test
linux16
lsacpi
lsmmap
luks
lzopio
macbless
macho
memrw
minicmd
mmap
morse
mpi
msdospart
mul_test
multiboot
multiboot2
nativedisk
net
newc
odc
offsetio
ohci
parttool
password
password_pbkdf2
pata
pbkdf2
pbkdf2_test
pcidump
play
priority_queue
raid6rec
relocator
scsi
search_fs_file
search_fs_uuid
search_label
serial
setjmp
setjmp_test
setpci
shift_test
signature_test
sleep_test
spkmodem
syslinuxcfg
test_blockarg
testload
tftp
trig
tr
uhci
usb
usbms
usbserial_common
usbserial_ftdi
usbserial_pl2303
usbserial_usbdebug
verify
video_bochs
video_cirrus
video_colors
video_fb
video
videotest_checksum
xnu
xnu_uuid
xnu_uuid_test
xzio
zfscrypt
zfsinfo
zfs
==================== ==
x86_64-efi
^^^^^^^^^^
=========== ==
appleldr |
efifwsetup |
efi_gop |
efinet |
efi_uga |
fixvideo |
linuxefi |
loadbios |
lsefimmap |
lsefi |
lsefisystab |
lssal |
=========== ==
i386-pc
^^^^^^^
============= ==
915resolution |
cmosdump |
cmostest |
efiemu |
freedos |
gdb |
hwmatch |
lsapm |
mda_text |
pci |
plan9 |
pxechain |
pxe |
sendkey |
truecrypt |
vbe |
vga |
vga_text |
============= ==

336
rtfd/public/grub/standalone.rst Normal file
View file

@ -0,0 +1,336 @@
************************
Prepare a boot directory
************************
Choose useful modules
=====================
Commented list: :ref:`grub_modules`
Download packages
=================
current
-------
================== ===================================
grub2-common fichiers v2 communs
grub-common fichiers v2 et v1 communs
grub-efi-amd64 architecture EFI avec installation
grub-efi-amd64-bin architecture EFI sans installation
grub-pc architecture BIOS avec installation
grub-pc-bin architecture BIOS avec installation
================== ===================================
legacy
------
=========== ============
grub-efi transitional
grub-legacy maintenance
=========== ============
Put up a functional directory
=============================
boot/grub/grub.cfg
.. code:: shell
search --set --fs-uuid "YYYY-MM-DD-hh-mm-ss-cc"
Or at worst:
.. code:: shell
search --set --label "LA_BEL"
Generate a modular image
========================
/bin/tar
.. code:: shell
tar
--create
--dereference
--file='grub.tar'
--verbose
boot
* moddep.lst
* kernel.img
* lzma_decompress.img
* diskboot.img
* \*.mod
/usr/bin/grub-mkimage
.. code:: shell
grub-mkimage
--directory='i386-pc'
--format='i386-pc'
--memdisk='grub.tar'
--output='i386-pc/core.img'
modules…
i386-pc-eltorito for ISO encapsulation
Make a device bootable
======================
* boot.img
* core.img
/usr/sbin/grub-bios-setup
.. code:: shell
grub-bios-setup \
--directory="i386-pc" \
/dev/sd?
Prepare a boot menu
===================
available colors
----------------
========= ============= =========== ==========
black blue green cyan
red magenta brown light-gray
dark-gray light-blue light-green light-cyan
light-red light-magenta yellow white
========= ============= =========== ==========
* black backgrounds are actually transparent!
available environment variables
-------------------------------
==================== =============================
chosen 4
color_highlight black/light-gray
color_normal light-gray/black
default "${id}"
gfxmode 1024x768
gfxpayload keep
gfxterm_font unicode
lang en_US
locale_dir
menu_color_highlight white/blue
menu_color_normal cyan/blue
pager 1
prefix (hd?,msdos?)/live/boot/2.02-2
root hd?,msdos?
theme …/.txt
timeout -1
==================== =============================
======= =====
cmdpath (hd?)
======= =====
persistent environment variables file
-------------------------------------
* /usr/bin/grub-editenv
.. code:: shell
grub-editenv file create
grub-editenv file set variable=value
grub-editenv file unset variable
boot a prepared system
----------------------
.. warning::
Violent kernel crashes are to be expected if:
1. the live-media-path has no .squashfs file
#. the image basename:
* doesn't end with .squashfs
* is just .squashfs
* contains ,
----
* /live/name.squashfs
.. code:: shell
linux /live/subdir/vmlinuz boot="live" toram="subdir/name.squashfs"
initrd /live/subdir/initrd.img
.. code:: shell
loopback loop /live/dir/name.squashfs
linux (loop)/vmlinuz boot="live" toram="dir/name.squashfs"
initrd (loop)/initrd.img
* Debian installed
.. code:: shell
unset path
uuid="????????-????-????-????-????????????"
search --set="path" --fs-uuid "${uuid}"
if [ "${path}" ]; then
path="(${path})"
linux "${path}/vmlinuz" \
elevator=deadline \
root=UUID=${uuid}
initrd "${path}/initrd.img"
fi
* Debian Installer
.. code:: shell
linux "/path/to/vmlinuz" priority="low"
.. code:: shell
linux "/path/to/vmlinuz" auto="true" \
file="/hd-media/path/to/preseed"
----
.. code:: shell
initrd /path/to/gtk/initrd.gz
----
* iso-scan's first pass goes only 1 subdirectories level down!
.. todo::
Test if iso-scan/filename really works
.. code:: shell
iso-scan/ask_second_pass="true" iso-scan/filename="/path/to/file.iso"
* Debian Live
.. code:: shell
file="/path/to.iso"
loopback loop "${file}"
path="(loop)/live"
linux "${path}/vmlinuz" boot="live" findiso="${file}" components
initrd "${path}/initrd.img"
* PartedMagic
.. code:: shell
file="/path/to.iso"
loopback loop ${file}
path="(loop)/pmagic"
linux "${path}/bzImage64" iso_filename="${file}" load_ramdisk=1
initrd "${path}/initrd.img" "${path}/fu.img" "${path}/m64.img"
* Windows ≥ Vista
.. code:: shell
menuentry "Windows" {
root=(hd0,msdos2)
ntldr /bootmgr
}
* Windows ≤ XP
.. code:: shell
menuentry "Windows" {
drivemap -s (hd0) (hd1)
chainloader (hd0,msdos2)+1
}
* CloneZilla
.. code:: shell
file="/path/to/file.iso"
loopback loop "${file}"
path="(loop)/live"
linux "${path}/vmlinuz" findiso="${file}" \
boot="live" union="overlay" \
username="user" config components \
toram="filesystem.squashfs" ip="" \
locales="en_US.UTF-8" keyboard-layouts="fr-latin9" \
----
.. code:: shell
ocs_live_batch="yes" \
ocs_prerun="mount /dev/disk/by-uuid/${cz_home} /mnt" \
ocs_prerun1="mount --bind /mnt/${cz_partimag} /home/partimag" \
ocs_live_run="ocs-live-restore" \
.. code:: shell
ocs_live_extra_param="\
-e1 auto -e2 -t -r -j2 -cs -k \
-p reboot restoreparts ask_user ${cz_target}"
.. code:: shell
ocs_live_extra_param="\
-q2 -j2 -rm-win-swap-hib -gs -z1p -i 1000000 -fsck-y \
-p reboot saveparts ask_user ${cz_target}"
----
.. code:: shell
ocs_live_batch="no" \
ocs_live_run="ocs-live-general" \
----
.. code:: shell
initrd "${path}/initrd.img"
* ISO
.. code:: shell
xorrisofs \
\
-output live-grub.iso \
\
-volid "LIVE_GRUB" \
-boot-info-table \
-no-emul-boot \
--modification-date="YYYYMMDDhhmmsscc" \
-eltorito-boot live/boot/grub/2.02-2/i386-pc/core.img \
-eltorito-catalog "boot.cat" \
--boot-catalog-hide \
\
-exclude live/sources \
-exclude live/boot/debian.squashfs/debootstrap \
-exclude live/boot/debian.squashfs/live \
-root "live" \
"live"
power
-----
.. code:: shell
reboot
.. code:: shell
halt

22
rtfd/public/ifupdown2/configure.rst Normal file
View file

@ -0,0 +1,22 @@
Configure interfaces
--------------------
* /etc/network/interfaces
.. code:: shell
source /etc/network/interfaces.d/*
* /etc/network/interfaces.d/lo
::
auto lo
iface lo inet loopback
* /etc/network/interfaces.d/eth0
::
auto eth0
iface eth0 inet dhcp

6
rtfd/public/ifupdown2/index.rst Normal file
View file

@ -0,0 +1,6 @@
ifupdown2
=========
.. toctree::
configure

22
rtfd/public/imagemagick/index.rst Normal file
View file

@ -0,0 +1,22 @@
imagemagick
===========
configure
---------
* /etc/ImageMagick-6/policy.xml
.. code:: xml
<policymap>
<policy domain="resource" name="memory" value="1024MiB" />
</policymap>
convert
-------
.. code:: shell
convert \
-units PixelsPerInch -density 300 \
"${input_file}" "${output_file}"

25
rtfd/public/isc-dhcp-server/index.rst Normal file
View file

@ -0,0 +1,25 @@
isc-dhcp-server
===============
Configure
---------
* /etc/dhcp/dhcpd.conf
::
option domain-name "sub.domain.tld";
option domain-name-servers 1.2.3.200;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 1.2.3.0 netmask 255.255.255.0 {
range 1.2.3.123 1.2.3.128;
}
host name {
hardware ethernet 01:23:45:67:89:ab;
fixed-address 1.2.3.4;
}

35
rtfd/public/letsencrypt/index.rst Normal file
View file

@ -0,0 +1,35 @@
letsencrypt
===========
ca_bundle
---------
::
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

24
rtfd/public/libnss3-tools/delete.rst Normal file
View file

@ -0,0 +1,24 @@
Delete
======
.. warning::
deletion of key removes associated certificate
Key
---
.. code:: shell
certutil \
-d ~/.mozilla/firefox/default \
-F -n "Name"
Certificate
-----------
.. code:: shell
certutil \
-d ~/.mozilla/firefox/default \
-D -n "Name"

11
rtfd/public/libnss3-tools/import.rst Normal file
View file

@ -0,0 +1,11 @@
Import
======
Client certificate
------------------
.. code:: shell
pk12util \
-d ~/.mozilla/firefox/default \
-i /path/to/client_certificate.pfx

8
rtfd/public/libnss3-tools/index.rst Normal file
View file

@ -0,0 +1,8 @@
libnss3-tools
=============
.. toctree::
import
list
delete

20
rtfd/public/libnss3-tools/list.rst Normal file
View file

@ -0,0 +1,20 @@
List
====
Certificates
------------
.. code:: shell
certutil \
-d ~/.mozilla/firefox/default \
-L
Keys
----
.. code:: shell
certutil \
-d ~/.mozilla/firefox/default \
-K

10
rtfd/public/libreoffice/convert.rst Normal file
View file

@ -0,0 +1,10 @@
Convert
=======
.. code:: shell
libreoffice \
--headless \
--convert-to "png" \
--outdir "/path/file.png" \
input_file.o??

6
rtfd/public/libreoffice/index.rst Normal file
View file

@ -0,0 +1,6 @@
libreoffice
===========
.. toctree::
convert

170
rtfd/public/lxc/container.rst Normal file
View file

@ -0,0 +1,170 @@
*********
Container
*********
TODO
====
* look for creation through debootstrap
Create
======
.. code:: shell
lxc-create \
--name="container_name" \
--template="debian" \
-- \
--release="stretch" \
--mirror="file:/mirrors/debian/debian-stretch" \
--security-mirror="file:/mirrors/debian/debian-stretch-security" \
Configure
=========
In containers/directory/container_name :
* config
.. code:: ini
lxc.include = /usr/share/lxc/config/debian.common.conf
lxc.arch = amd64
lxc.autodev = 1
lxc.kmsg = 0
lxc.mount = /var/lib/lxc/container_name/fstab
lxc.rootfs = /var/lib/lxc/container_name/rootfs
lxc.rootfs.backend = dir
lxc.start.auto = 1
lxc.utsname = hostname
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.veth.pair = container_name
lxc.network.hwaddr = virtual_mac_address
Static addresses variant:
.. code:: ini
lxc.network.ipv4 = container_ip4/network_mask_bits
lxc.network.ipv6 = container_ip6
* fstab
.. warning::
| Do not forget to create the data directories
| otherwise the container start process will fail!
::
data/directory/container_name data none bind,create=dir
/mirrors mirrors none bind,create=dir
* rootfs/
* TODO Debian configuration
* rootfs/etc/network/interfaces.d/eth0
if the container uses DHCP:
::
auto eth0
iface eth0 inet dhcp
Start
=====
.. warning::
| Be patient, for it can take a container
| up to 1 minute to get its network stack up!
.. code:: shell
lxc-start -n "container_name"
.. code:: shell
lxc-start --name="container_name"
Run command
===========
.. code:: shell
lxc-attach -n "container_name" -- command
.. code:: shell
lxc-attach --name="container_name" -- command
Stop
====
.. code:: shell
lxc-stop -n "container_name"
.. code:: shell
lxc-stop --name="container_name"
Backup
======
system
------
.. code:: shell
cd containers/directory
tar --numeric-owner -cvaf container_name.backup_name.txz container_name
data
----
.. code:: shell
cd data/directory
tar --numeric-owner -cvaf container_name.backup_name.txz container_name
Destroy
=======
.. code:: shell
lxc-destroy -n "container_name"
.. code:: shell
lxc-destroy --name="container_name"
Restore
=======
system
------
.. code:: shell
cd containers/directory
rm --recursive container_name
tar --numeric-owner -xvf container_name.backup_name.txz
data
----
.. code:: shell
cd data/directory
rm --recursive container_name
tar --numeric-owner -xvf container_name.backup_name.txz

111
rtfd/public/lxc/host.rst Normal file
View file

@ -0,0 +1,111 @@
****
Host
****
.. warning::
lxc service has to be enabled for autostart to work
Check
=====
.. code:: shell
lxc-checkconfig
List
====
.. code:: shell
lxc-ls -f
.. code:: shell
lxc-ls --fancy
Network bridge
==============
Create bridge br0 onto host's network main interface:
* /etc/network/interfaces.d/br0
::
auto br0
iface br0 inet static
bridge_fd 0
bridge_maxwait 0
bridge_ports eth0
bridge_stp off
address host_ip/network_mask_bits
iface br0 inet static
address host_ip/network_mask_bits
gateway gateway_ip
iface br0 inet6 static
address host_ip/network_mask_bits
gateway gateway_ip
Example with a SoYouStart server:
::
auto br0
iface br0 inet static
bridge_fd 0
bridge_maxwait 0
bridge_ports enp4s0
bridge_stp off
address 10.0.0.254/24
iface br0 inet static
address 192.99.37.216/24
gateway 192.99.37.254
iface br0 inet6 static
address 2607:5300:60:4cd8::/64
gateway 2607:5300:60:4cff:ff:ff:ff:ff
Service
=======
Default configuration for new containers:
* /etc/lxc/default.conf
.. code:: ini
lxc.include = /usr/share/lxc/config/debian.common.conf
lxc.arch = amd64
lxc.autodev = 1
lxc.kmsg = 0
lxc.rootfs.backend = dir
lxc.start.auto = 1
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
Directories
===========
* 1 for the containers
* 1 for their data
.. code:: shell
mkdir --parents "containers/directory"
rmdir "/var/lib/lxc"
ln --symbolic "containers/directory" "/var/lib/lxc"
.. code:: shell
mkdir --parents "data/directory"

28
rtfd/public/lxc/index.rst Normal file
View file

@ -0,0 +1,28 @@
lxc
===
.. toctree::
host
container
unprivileged
ESX
---
.. warning::
| If the host is part of an ESX virtual network architecture,
| make sure to configure its virtual switch to avoid packet drops.
* Edit Settings / Policies / Security
=================== ======
Key Value
=================== ======
Promiscuous Mode Accept
MAC Address Changes Accept
Forged Transmits Accept
=================== ======
.. todo:: same problem with VirtualBox network

55
rtfd/public/lxc/unprivileged.rst Normal file
View file

@ -0,0 +1,55 @@
Unprivileged
============
.. warning:: Work In Progress
Mandatory
---------
Configuration
^^^^^^^^^^^^^
* config
::
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
Permissions
^^^^^^^^^^^
.. todo:: shift root's uid for rootfs
Not sure
--------
Packages
^^^^^^^^
::
uidmap
Configuration
^^^^^^^^^^^^^
* /etc/sysctl.conf
::
kernel.unprivileged_userns_clone=1
* /etc/subgid
* /etc/subuid
::
root:100000:65536
* config
::
lxc.include = /usr/share/lxc/config/userns.conf
lxc.apparmor.profile = unconfined

6
rtfd/public/markdown/index.rst Normal file
View file

@ -0,0 +1,6 @@
markdown
========
.. toctree::
syntax

53
rtfd/public/markdown/syntax.rst Normal file
View file

@ -0,0 +1,53 @@
Syntax
======
.. todo:: tables
Titles
------
::
# title 1
## title 2
### title 3
#### title 4
##### title 5
###### title 6
Lists
-----
::
* element 1
* element 2
* element 2.1
* element 2.2
* element 2.2.1
* element 2.2.2
Blocks
------
::
```language
multi
line
message
```
Links
-----
::
[link_caption](link_address)
Images
------
::
![alternative_text](image_address)

31
rtfd/public/mdadm/creation.rst Normal file
View file

@ -0,0 +1,31 @@
Creation
========
.. warning::
Only use partitions, never whole devices,
otherwise assembly will fail after reboot!
RAID 0
------
.. code:: shell
mdadm --create /dev/md0 --level=0 \
--raid-devices=2 /dev/sd[bc]1
RAID 1
------
.. code:: shell
mdadm --create /dev/md0 --level=1 \
--raid-devices=2 /dev/sd[bc]1
RAID 5
------
.. code:: shell
mdadm --create /dev/md0 --level=5 \
--raid-devices=3 /dev/sd[b-d]1

10
rtfd/public/mdadm/index.rst Normal file
View file

@ -0,0 +1,10 @@
mdadm
=====
Multi Disk ADMin
.. toctree::
creation
persistence
manual

27
rtfd/public/mdadm/manual.rst Normal file
View file

@ -0,0 +1,27 @@
Manual operations
=================
.. note::
Use --scan to refer to all known devices
Details
-------
.. code:: shell
mdadm --detail /dev/md0
Stop
----
.. code:: shell
mdadm --stop /dev/md0
Assemble
--------
.. code:: shell
mdadm --assemble /dev/md0

14
rtfd/public/mdadm/persistence.rst Normal file
View file

@ -0,0 +1,14 @@
Persistence
===========
* reference the device in configuration
.. code:: shell
mdadm --detail --scan /dev/md0 >> /etc/mdadm/mdadm.conf
* update the initial file system
.. code:: shell
update-initramfs -u

124
rtfd/public/msys2/index.rst Normal file
View file

@ -0,0 +1,124 @@
msys2
=====
.. todo:: description
Configure
---------
* unarchive msys2-base-x86_64-YYYYMMDD.tar.xz
* edit /etc/pacman.conf
.. code:: ini
[options]
VerbosePkgLists
ILoveCandy
* remove unused architecture groups
* remove unused architecture mirrors
* edit /etc/pacman.d/mirrorlist.*
.. code:: ini
Server = http://
Server = file:///c/
.. todo:: mingw64 mirrorlist
* /etc/nsswitch.conf
::
db_home: /c/Users/%U
* run msys2_shell.cmd
* close window at the end of the process
certificates
^^^^^^^^^^^^
::
/usr/ssl/certs/ca-bundle.crt
user
^^^^
* edit ~/.profile
.. code:: shell
if git --version &> /dev/null; then
source /usr/share/git/git-prompt.sh
fi
Use
---
* run msys2_shell.cmd
.. todo:: optional mingw64 argument
.. code:: shell
pacman -Syu
.. code:: shell
pacman -S package1 …
.. code:: shell
pacman -Scc
Packages
--------
mingw
^^^^^
* mingw-w64-x86_64-putty
msys
^^^^
* upx
broken
^^^^^^
* mingw-w64-x86_64-darktable
* mingw-w64-x86_64-inkscape
test
^^^^
* bc
* binutils
* dos2unix
* emacs
* fish
* git
* make
* man
* markdown
* mc
* nano
* openssh
* p7zip
* pass
* pwgen
* python
* rsync
* subversion
* tar
* tig
* tmux
* tree
* vim
* xorriso
* zsh

10
rtfd/public/nginx/configure.rst Normal file
View file

@ -0,0 +1,10 @@
Configure
=========
* /etc/nginx/nginx.conf
.. warning:: define headers at 1 place only
.. warning:: remember to set the default charset
.. todo:: extract from server

7
rtfd/public/nginx/index.rst Normal file
View file

@ -0,0 +1,7 @@
nginx
=====
.. toctree::
configure
serve

65
rtfd/public/nginx/serve.rst Normal file
View file

@ -0,0 +1,65 @@
Serve
=====
* /etc/nginx/sites-available/…
::
server {
listen 80;
server_name _;
location "/mirrors" {
root "/";
autoindex on;
}
location "/" {
root "/data/http";
autoindex on;
}
}
server {
listen 443 ssl http2;
server_name "sous.domaine.tld";
ssl_certificate "/etc/nginx/certificates/nom.crt";
ssl_certificate_key "/etc/nginx/certificates/nom.key";
location "/static" {
root "/data/https";
default_type "text/html";
index "index.html";
}
location "/" {
proxy_pass "http://127.0.0.1:8069";
proxy_redirect off;
proxy_set_header Host $host;
}
}
Certificates
------------
::
application/x-x509-ca-cert crt der pem;
application/x-x509-user-cert pfx;
Check client certificate
------------------------
::
location /protected {
ssl_client_certificate ca.crt;
ssl_verify_client on;
}
Redirect http to https
----------------------
::
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://${host}${request_uri};
}

80
rtfd/public/openssl/ca/create.rst Normal file
View file

@ -0,0 +1,80 @@
Create
======
init
----
.. code:: shell
rm --force --recursive "demoCA"
mkdir --parents "demoCA/newcerts"
echo -n "" > "demoCA/index.txt"
echo "00" > "demoCA/serial"
request
-------
.. code:: shell
echo -n "\
US
Region / County (code)
City / Place
Decreasing / Hierarchy
Name
Name
alias@domain.tld
.
.
" \
| \
openssl \
req \
-new \
-key "name.pem" \
-out "name.csr" \
-utf8 \
signature
---------
.. code:: shell
openssl \
ca \
-selfsign \
-in "name.csr" \
-keyfile "name.pem" \
-notext \
-out "name.crt" \
-startdate 20160801000000Z \
-enddate 20180801000000Z \
-batch \
-extensions "v3_ca" \
----
quick & dirty variant
---------------------
.. code:: shell
openssl \
ca \
-selfsign \
-keyfile "private_key.pem" \
----
dirtier certificate only variant
--------------------------------
.. code:: shell
openssl \
req \
-in ca.csr \
-x509 \
-days 365 \
-key ca.key \
-out ca.crt

7
rtfd/public/openssl/ca/index.rst Normal file
View file

@ -0,0 +1,7 @@
Certification Authority
=======================
.. toctree::
create
sign

31
rtfd/public/openssl/ca/sign.rst Normal file
View file

@ -0,0 +1,31 @@
Sign certificate request
========================
from CA key & certificate
-------------------------
.. code:: shell
openssl \
x509 \
-CA ca.crt \
-CAkey ca.key \
-req \
-in "client.csr" \
-days 365 \
-out "client.crt" \
-set_serial nn
from proper CA
--------------
.. code:: shell
openssl \
req \
-in "certificate_request.csr" \
-key "private_key.pem" \
-x509 \
-set_serial 0 \
-days 730 \
-out "certificate.crt"

150
rtfd/public/openssl/dispatch.rst Normal file
View file

@ -0,0 +1,150 @@
List secure ciphers
===================
.. code:: shell
openssl ciphers ALL \
| sed "s/:/\n/g" \
| grep "\(TLS\|ECDHE\)" \
| grep "\(POLY1305\|GCM\)" \
| grep --invert-match "\(DSA\|PSK\|128\)"
Select cipher suites
====================
* /etc/ssl/openssl.cnf
::
[system_default_sect]
CipherSuites="TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
List curves
===========
.. code:: shell
openssl ecparam -list_curves
Generate DHparam file
=====================
.. code:: shell
openssl dhparam -out dhparam 4096
Generate private key
====================
RSA
---
.. code:: shell
openssl \
genrsa \
-out "private_key.pem" \
4096
Human readable:
.. code:: shell
openssl \
rsa \
-in "private_key.pem" \
-text \
-noout \
> "private_key.txt"
ED25519
-------
.. code:: shell
openssl \
genpkey \
-algorithm ED25519 \
> "private_key.pem"
Human readable:
.. code:: shell
openssl \
pkey \
-in "private_key.pem" \
-text \
-noout \
> "private_key.txt"
Generate a certificate request
==============================
* generate a private key
* using . for empty fields, generate the request with:
* Country Name (2 letter code)
* State or Province Name (full name)
* Locality Name (eg, city)
* Organization Name (eg, company)
* Organizational Unit Name (eg, section)
* Common Name (e.g. server FQDN or YOUR name)
* Email Address
* A challenge password
* An optional company name
.. code:: shell
echo -n "\
US
Region / County (code)
City / Place
Group / Management / Unit
Section
certificate_name
alias@domain.tld
.
.
" \
| \
openssl \
req \
-new \
-utf8 \
-key "private_key.pem" \
-out "certificate_request.csr" \
-addext "subjectAltName=DNS:*.domain.tld,DNS:*.sub.domain.tld"
.. warning:: must staple, problems with nginx and apache
.. code:: shell
-addext "tlsfeature=status_request"
Human readable:
.. code:: shell
openssl \
req \
-in "certificate_request.csr" \
-text \
-noout \
> "certificate_request.txt"
Export client P12/PFX
=====================
* client private key
* client certificate
.. code:: shell
openssl \
pkcs12 \
-export \
-out client.pfx \
-inkey client.key \
-in client.crt

7
rtfd/public/openssl/index.rst Normal file
View file

@ -0,0 +1,7 @@
openssl
=======
.. toctree::
dispatch
ca/index

42
rtfd/public/pandoc/build.rst Normal file
View file

@ -0,0 +1,42 @@
*****
Build
*****
Formats
=======
Documents
---------
* html5
* odt
* docx
* latex (--latex-engine="xelatex")
Presentations
-------------
* beamer
* dzslides
* revealjs
* s5
* slideous
* slidy
Generation
==========
.. code:: shell
pandoc \
--data-dir="directory/path" \
--from="markdown" \
"input_file" \
--to="html5" \
--output="output_file" \
--standalone \
--number-sections \
--toc \
--toc-depth=3 \
--template="template_name" \
--css="style/relative/path"

6
rtfd/public/pandoc/index.rst Normal file
View file

@ -0,0 +1,6 @@
pandoc
======
.. toctree::
build

39
rtfd/public/parted/index.rst Normal file
View file

@ -0,0 +1,39 @@
parted
======
| Examples with 2 × 2 TB hard disk drives as MBR,
| for a virtual 4 TB with data and 32 GB of swap as GPT.
|
MBR
---
::
parted /dev/sda
mktable msdos
mkpart primary 1 2000399
::
parted /dev/sdb
mktable msdos
mkpart primary 1 2000399
.. warning::
The first megabyte makes room for an embedded bootloader.
GPT
---
::
parted /dev/md0
mktable gpt
mkpart data 1 3966128
mkpart swap 2 4000527
.. note::
Start offset of a partition can be inferior than actual free space beginning.

8
rtfd/public/pdftk/index.rst Normal file
View file

@ -0,0 +1,8 @@
pdftk
=====
.. todo:: extract pages
.. todo:: rotate pages
.. todo:: merge documents

13
rtfd/public/python3/index.rst Normal file
View file

@ -0,0 +1,13 @@
python3
=======
.. todo:: execute command
.. todo:: handle paths
.. todo:: browse file hierarchy
.. todo:: read file
.. todo:: write file
.. toctree::
syntax
snippets

31
rtfd/public/python3/snippets.rst Normal file
View file

@ -0,0 +1,31 @@
Snippets
========
Hello world
-----------
.. code:: python3
if __name__ == "__main__":
print("Hello, world!")
Directories
-----------
Remove
^^^^^^
.. code:: python3
import shutil
shutil.rmtree(path)
Web
---
Get
^^^
.. code:: python3
requests.get(url).content.decode(charset)

20
rtfd/public/python3/syntax.rst Normal file
View file

@ -0,0 +1,20 @@
******
Syntax
******
Imports
=======
.. code:: python3
import module
module.py → module/__init__.py
------------------------------
* __init__.py
first/module.py → second/module.py
----------------------------------
* first

Some files were not shown because too many files have changed in this diff Show more