From 6963f58102c368967cb7f0ed3fce5f978493177d Mon Sep 17 00:00:00 2001 From: Mateja Date: Thu, 28 Jan 2021 22:16:01 +0100 Subject: First commit. --- content/_index.md | 17 +++ content/blog/_index.md | 6 + content/blog/dns-over-tls.md | 43 +++++++ content/blog/git-server.md | 272 +++++++++++++++++++++++++++++++++++++++++++ content/blog/hello.md | 7 ++ content/contact.md | 12 ++ 6 files changed, 357 insertions(+) create mode 100644 content/_index.md create mode 100644 content/blog/_index.md create mode 100644 content/blog/dns-over-tls.md create mode 100644 content/blog/git-server.md create mode 100644 content/blog/hello.md create mode 100644 content/contact.md (limited to 'content') diff --git a/content/_index.md b/content/_index.md new file mode 100644 index 0000000..70953f8 --- /dev/null +++ b/content/_index.md @@ -0,0 +1,17 @@ +--- +title: "Mateja Maric's Homepage" +draft: false +--- + +I am Mateja Maric, a 19 years old student from Belgrade, Serbia. + +I was interested in computers ever since I laid my hands on one and I taught myself to program in C++ when I was 12 years old. +Throughout the years I learned bunch of other programming languages and technologies. +I also know the basics of electrical engineering, digital electronics and how computers work on transistor level. + +I used to be very interested in game development and I played a lot with Unity and Unreal Engine. +However, in summer of 2018 my interests shifted quite a bit. +I started using GNU/Linux exclusively and became primarily interested in free(as in freedom) software Unix-like operating systems and web technologies. + +On this website you can find some of my personal projects, blog posts and my contact info. + diff --git a/content/blog/_index.md b/content/blog/_index.md new file mode 100644 index 0000000..37a30aa --- /dev/null +++ b/content/blog/_index.md @@ -0,0 +1,6 @@ +--- +title: "Mateja Maric's Blog" +draft: false +--- + +Here I occasionally post stuff. You can subscribe using RSS. diff --git a/content/blog/dns-over-tls.md b/content/blog/dns-over-tls.md new file mode 100644 index 0000000..5a52b62 --- /dev/null +++ b/content/blog/dns-over-tls.md @@ -0,0 +1,43 @@ +--- +title: "DNS over TLS on Arch Linux" +date: 2020-08-20 +slug: "dns-over-tls" +draft: false +--- + +Domain name resolution is not standardized, some application use NSS, some use D-Bus, others use stub resolvers. +`systemd-resolved` handles all of them and comes with systemd that Arch Linux uses. + +`systemd-resolved` configuration file is at `/etc/systemd/resolved.conf`, yours should look like this: + + [Resolve] + DNS=1.1.1.1 + FallbackDNS=127.0.0.1 ::1 + Domains=~. + #LLMNR=yes + #MulticastDNS=yes + DNSSEC=yes + DNSOverTLS=yes + #Cache=yes + #DNSStubListener=yes + #ReadEtcHosts=yes + +You should enable the `systemd-resolved` service. + + sudo systemctl enable --now systemd-resolved + +## NetworkManager + +Since you are probably using NetworkManager, +you should tell it to use `systemd-resolved` by going to its configuration file (`/etc/NetworkManager/NetworkManger.conf`) +and specifying `dns` property. + +This is how your `/etc/NetworkManager/NetworkManger.conf` should look like: + + [main] + plugins=keyfile + dns=systemd-resolved + +**You will probably need to restart your computer for changes to take effect.** + +If you found any mistakes or that something is outdated, please [contact me](/contact/). diff --git a/content/blog/git-server.md b/content/blog/git-server.md new file mode 100644 index 0000000..fc6ebef --- /dev/null +++ b/content/blog/git-server.md @@ -0,0 +1,272 @@ +--- +title: "Set up your own Smart HTTP Git Server with Gitolite, Cgit and Apache" +date: 2020-08-10 +slug: "git-server" +draft: false +--- + +This guide is for people want to setup their own git server but don't want something as big as GitLab or Gitea, +and don't want something overly simple like [bare git repository over SSH](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server). +Also, it is made on the assumption that you know how to setup and use Apache with https and virtual hosts, +and SSH server with public key authentication. Your gitolite user will be available over SSH so make sure it is secured. + +If you follow this guide, you will have a git server with read-write access over SSH and read access over HTTPS. +Your repositories will also be displayed using cgit web interface. +Gitolite will give you the ability to easily add new repositories and manage complex permissions, +ideal when you have to work with multiple people on a same project. +Gitolite also works very well with cgit and git-http-backend. +For example, if you make a repository that is not readable by everyone, +gitolite won't add it to `projects.list` which cgit uses to decide what repositories to display, +it also won't add `git-deamon-export-ok` file in repository directory, +which git-http-backend uses to decide whether it should serve a repository over http. + +## Preparations + +First install necessary software. Package python-pygments is used by cgit for syntax highlighting. +**Check optional dependencies for cgit, you probably want to add all of them.** + + pacman -Sy --needed gitolite cgit python-pygments + +We will use [git-http-backend](https://git-scm.com/docs/git-http-backend) CGI program (it is part of the git package) to serve our repositories as read only over https. +Since CGI programs are ran by default Apache user (http on my system, check your `httpd.conf`) and our repositories will belong to the gitolite user, +we will add http user to gitolite group to later allow it to access repositories. +Cgit is also a CGI program that needs to be able to access repositories. + + usermod -aG gitolite http + +You will also need to enable `mod_cgi`, `mod_alias` and `mod_env` in your Apache configuration, since we are using CGI programs. + +## Setting up gitolite + +First you will need to copy your public ssh key to your server and rename it to `username.pub` . +Then you will copy it to gitolite user's home directory. You can use this command: + + install -o gitolite -g gitolite -m 640 username.pub /var/lib/gitolite/ + +Per default gitolite uses umask of 077, meaning that only gitolite user can read, write and execute gitolite files. +Since we want users in gitolite group to be able to read and execute gitolite files, we will need to set umask that gitolite uses to 027. +However, when we run gitolite setup it uses default `.gitolite.rc` configuration file if it can't find one. +We can of course change directories it made with `chmod -R g+rX /var/lib/gitolite/repositories`, but why not do it right the first time? + +Generate `.gitolite.rc` with command `gitolite print-default-rc > .gitolite.rc` . +Then change lines 21 and 24 to `UMASK => 0027,` and `GIT_CONFIG_KEYS => '.*',` respectively. +We changed line 24 so that we could use gitweb keys in gitolite-admin repository to tell cgit who is repository owner and repository description. + +This is how your `.gitolite.rc` should look like without comments, you should of course keep comments, they are useful. + + %RC = ( + UMASK => 0027, + GIT_CONFIG_KEYS => '.*', + LOG_EXTRA => 1, + ROLES => { + READERS => 1, + WRITERS => 1, + }, + ENABLE => [ + 'help', + 'desc', + 'info', + 'perms', + 'writable', + 'ssh-authkeys', + 'git-config', + 'daemon', + 'gitweb', + ], + ); + 1; + +You can copy it to gitolite user's home directory. + + install -o gitolite -g gitolite -m 640 .gitolite.rc /var/lib/gitolite/ + +Now we are done with configuring gitolite and we can actually set it up. Login to gitolite user and run gitolite setup. + + sudo -iu gitolite + gitolite setup -pk username.pub + exit + +Now, we finished setting up gitolite. +You can use `git clone ssh://gitolite@git.your-domain.com:port/gitolite-admin` on your client machine to clone gitolite administrator repository. +In gitolite-admin repository you have `conf` and `keydir` directories. `keydir` keeps public keys for all available users, +you can of course have [multiply keys per user](https://gitolite.com/gitolite/basic-admin.html#multiple-keys-per-user). +You can use `gitweb.owner` and `gitweb.description` to set repository owner and description in cgit. +Cgit can only display repositories in `projects.list` file and git-http-backend can only export them if git-deamon-export-ok file is present, + in other words, only if it's readable by everyone (`R = @all`). +Here you have an example `gitolite.conf`: + + repo gitolite-admin + RW+ = username + + repo testing + RW+ = username + R = @all + config gitweb.owner = Your Name + config gitweb.description = Simple testing repo + +You can do bunch of things in gitolite and they are explained in great detail on it's [website](https://gitolite.com/gitolite/basic-admin.html). + +## Configuring cgit + +Configuration file below is quite self explanatory so I won't go over it. +Edit it per your needs, just make sure that `scan-path` is at the end of the file. +You can find explanation for each line in [cgitrc(5)](https://git.zx2c4.com/cgit/tree/cgitrc.5.txt) man page. +Files (css, icons) that cgit uses can be found at `/usr/share/webapps/cgit/` . +You can install this configuration file using `install -o root -g root -m 644 cgitrc /etc/` . + + css=/cgit-css/cgit.css + logo=/cgit-css/cgit.png + favicon=/cgit-css/favicon.ico + + source-filter=/usr/lib/cgit/filters/syntax-highlighting.py + about-filter=/usr/lib/cgit/filters/about-formatting.sh + root-title=Yours repositories + root-desc=Here you can find all my public projects. + snapshots=tar.gz zip + + #settings + #cache-size=100 + clone-url=https://git.your-domain.com/$CGIT_REPO_URL + + #default + enable-index-owner=1 + + #not default + enable-index-links=1 + remove-suffix=1 + + #nice to have... + enable-blame=1 + enable-commit-graph=1 + enable-log-filecount=1 + enable-log-linecount=1 + branch-sort=age + + # if you do not want that webcrawler (like google) index your site + # robots=noindex, nofollow + + # if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value: + #virtual-root=/ + + # Allow using gitweb.* keys + enable-git-config=1 + + ## + ## List of common mimetypes + ## + mimetype.gif=image/gif + mimetype.html=text/html + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml + + ## + ## Search for these files in the root of the default branch of repositories + ## for coming up with the about page: + ## + readme=:README.md + readme=:readme.md + readme=:README.mkd + readme=:readme.mkd + readme=:README.rst + readme=:readme.rst + readme=:README.html + readme=:readme.html + readme=:README.htm + readme=:readme.htm + readme=:README.txt + readme=:readme.txt + readme=:README + readme=:readme + readme=:INSTALL.md + readme=:install.md + readme=:INSTALL.mkd + readme=:install.mkd + readme=:INSTALL.rst + readme=:install.rst + readme=:INSTALL.html + readme=:install.html + readme=:INSTALL.htm + readme=:install.htm + readme=:INSTALL.txt + readme=:install.txt + readme=:INSTALL + readme=:install + + + #gitolite repos + project-list=/var/lib/gitolite/projects.list + scan-path=/var/lib/gitolite/repositories + +## Configuring Apache + +And finally, the last step, connecting everything using Apache. + +`GIT_PROJECT_ROOT` variable is used by git-http-backend to locate repositories. +`ScriptAliasMatch` part I took from [git-http-backend](https://git-scm.com/docs/git-http-backend) +and changed it so that it only allows http clients to `git pull` but not to `git push` . +`Alias` part is where cgit should look for additional files (css, png), if you want to change it don't forget to change `/etc/cgitrc` . +`ScriptAlias` is part where cgit actually executes. +`Files` and `Directory` entries just tell Apache that it can access given files. +For more information check out [Apache documentation](http://httpd.apache.org/docs/2.4/), + +You can just append this to your `httpd-vhosts-le-ssl.conf` file, you should of course edit it per your needs. + + + + # ServerAdmin admin@your-domain.com + DocumentRoot "/srv/http/git.your-domain.com" + ServerName git.your-domain.com + + SetEnv GIT_PROJECT_ROOT /var/lib/gitolite/repositories/ + + ScriptAliasMatch \ + "(?x)^/(.*/(HEAD | \ + info/refs | \ + objects/info/[^/]+ | \ + git-upload-pack))$" \ + /usr/lib/git-core/git-http-backend/$1 + + Alias /cgit-css "/usr/share/webapps/cgit/" + ScriptAlias / "/usr/lib/cgit/cgit.cgi/" + + + + Require all granted + + + + AllowOverride None + Options None + Require all granted + + + + AllowOverride None + Options ExecCGI FollowSymlinks + Require all granted + + + ErrorLog "/var/log/httpd/git.your-domain.com-error_log" + CustomLog "/var/log/httpd/git.your-domain.com-access_log" common + + SSLCertificateFile /etc/letsencrypt/live/git.your-domain.com/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/git.your-domain.com/privkey.pem + Include /etc/letsencrypt/options-ssl-apache.conf + + + +Don't forget to restart Apache for changes to take effect! +That's all, hope you like your new git server! + +If you found any mistakes, or that something is outdated, badly explained or you have something to add, feel free to [contact me](/contact/). + +## Resources +- +- +- +- +- +- diff --git a/content/blog/hello.md b/content/blog/hello.md new file mode 100644 index 0000000..2adca90 --- /dev/null +++ b/content/blog/hello.md @@ -0,0 +1,7 @@ +--- +title: "Hello World!" +date: 2019-09-10 +draft: false +--- + +My site is online and this post is used to mark the event! diff --git a/content/contact.md b/content/contact.md new file mode 100644 index 0000000..fe6d43f --- /dev/null +++ b/content/contact.md @@ -0,0 +1,12 @@ +--- +title: "Mateja Maric's Contact Page" +draft: false +--- + +You can send me an e-mail at: mail@matejamaric.com + +Please, check your spam folder! +
Sometimes big e-mail providers put e-mail from smaller domains in spam folder, Microsoft is especially notorious for this practice. +
Of course, you can always whitelist my domain to be sure that my e-mails won't end up in your spam folder. + +I also have a public PGP key if you wish to use it for asymmetric encryption. -- cgit v1.2.3