https://wormnet.eu/ 2026-04-08T20:49:07+00:00 https://wormnet.eu/ https://wormnet.eu/lib/tpl/dokuwiki/images/favicon.ico text/html 2020-05-07T14:46:53+00:00 mb (mb@undisclosed.example.com) https://wormnet.eu/irc?rev=1588862813&do=diff IRC is powered by ngircd, since it's one of the few servers nicely packaged into Debian. Bouncer We use ZNC for bouncing services (irc-bouncer:6676). Apparently you add new users like this. This amounts to:- * Use znc --makepass to generate a sha256 password hash text/html 2018-12-29T08:40:00+00:00 mb (mb@undisclosed.example.com) https://wormnet.eu/mail?rev=1546072800&do=diff wormnet mail marmot provides a multi-domain IMAP/SMTP mail service, powered by Exim and Cyrus IMAP. All IPC with backend services (spamd, clamd, pgsql, lmtpd) is performed over unix domain sockets. client configuration Please use imap.wormnet.eu and smtp.wormnet.eu text/html 2017-10-25T18:38:57+00:00 mb (mb@undisclosed.example.com) https://wormnet.eu/ssl?rev=1508956737&do=diff Lets Encrypt SSL Apache Set up the following directory structure (look at the others there as an example): $ sudo tree -a /var/www/well-known /var/www/well-known +-- example.com |   \-- .well-known -> . \-- www.example.com -> example.com For your regular HTTP site (non-SSL) add the following to your text/html 2017-03-21T08:44:22+00:00 alex (alex@undisclosed.example.com) https://wormnet.eu/vpn?rev=1490085862&do=diff VPN We use strongSwan, in particular the IKEv2 EAP-MD5 with pubkey authentication mechanism; no more susceptable to dictionary attacks than EAP-MSCHAPv2 anyway. N.B. we would use EAP-TTLS, but the strongSwan Android client does not support it. Usage Start off by creating an account for yourself by editing: /var/lib/strongswan/ipsec.secrets.inc text/html 2017-03-21T08:32:15+00:00 alex (alex@undisclosed.example.com) https://wormnet.eu/start?rev=1490085135&do=diff Things set up on the server * User Account Handling * Shell logins (incl. OTP and web-ssh) * LDAP Management * Web Server * Jabber Server * IRC Server * Mail Configuration * Proxies * Usenet server * Git(osis) * NAS * DNS * Authoritive * VPN * Recursive * VPN * Lets Encrypt SSL Other things we do * MAME Gaming text/html 2016-10-30T09:01:04+00:00 alex (alex@undisclosed.example.com) https://wormnet.eu/account?rev=1477818064&do=diff User Account Handling Creating an Account root@marmot:~# lvcreate -L 256M -n home-$NEW_USER lvm-marmot root@marmot:~# mkfs.ext4 -L home-$NEW_USER /dev/lvm-marmot/home-$NEW_USER root@marmot:~# mkdir /home/$NEW_USER root@marmot:~# [edit /etc/fstab to mount new user space] root@marmot:~# mount /home/$NEW_USER root@marmot:~# useradd -G users,wormnet-shell -s /bin/bash $NEW_USER root@marmot:~# passwd $NEW_USER root@marmot:~# mkdir /home/$NEW_USER/.ssh root@marmot:~# echo "ssh-rsa AAAB3...KD0pw== fre… text/html 2016-10-30T08:52:19+00:00 alex (alex@undisclosed.example.com) https://wormnet.eu/login?rev=1477817539&do=diff Public Key Auth Usual spiel, edit ~/.ssh/authorized_keys One-time Passwords There are now password based logins, either use public-key or OTP. Setting up your user You do stuff with opiepasswd. Something like: * Set up your generator with a secret text/html 2016-10-29T13:23:24+00:00 alex (alex@undisclosed.example.com) https://wormnet.eu/dns/authoritive?rev=1477747404&do=diff Changing your zone file Rebuild with: sudo nsd-checkconf /etc/nsd/nsd.conf && sudo nsd-control reconfig && sudo nsd-control notify Testing changes Checking the transfer record is a good plan, e.g. $ dig @::1 wormnet.eu AXFR