https://wormnet.eu/ 2026-04-11T21:30:20+00:00 https://wormnet.eu/ https://wormnet.eu/lib/tpl/dokuwiki/images/favicon.ico text/html 2016-10-30T09:01:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/account?rev=1477818064&do=diff User Account Handling Creating an Account root@marmot:~# lvcreate -L 256M -n home-$NEW_USER lvm-marmot root@marmot:~# mkfs.ext4 -L home-$NEW_USER /dev/lvm-marmot/home-$NEW_USER root@marmot:~# mkdir /home/$NEW_USER root@marmot:~# [edit /etc/fstab to mount new user space] root@marmot:~# mount /home/$NEW_USER root@marmot:~# useradd -G users,wormnet-shell -s /bin/bash $NEW_USER root@marmot:~# passwd $NEW_USER root@marmot:~# mkdir /home/$NEW_USER/.ssh root@marmot:~# echo "ssh-rsa AAAB3...KD0pw== fre… text/html 2011-10-03T22:13:03+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/dokuwiki?rev=1317679983&do=diff Dokuwiki is the wiki you are using right now. There's potential it will work for multiple instances, but I haven't tried it. * aptitude install dokuwiki, php5-cgi and nginx * /etc/dokuwiki/local.php configured to rely on DOCUMENT_ROOT, so can be text/html 2012-08-24T20:39:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/git?rev=1345840769&do=diff Giving yourself the ability to add-remove repositories * su to the gitosis user on marmot * git clone /srv/gitosis/repositories/gitosis-admin.git * Add your key to keydir (don't forget the .pub extension) * Add your user to the gitosis-admin writable list in gitosis.conf text/html 2011-11-26T15:25:27+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/home?rev=1322321127&do=diff Apparently I should have called this page start text/html 2020-05-07T14:46:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/irc?rev=1588862813&do=diff IRC is powered by ngircd, since it's one of the few servers nicely packaged into Debian. Bouncer We use ZNC for bouncing services (irc-bouncer:6676). Apparently you add new users like this. This amounts to:- * Use znc --makepass to generate a sha256 password hash text/html 2012-04-24T20:29:10+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/jabber?rev=1335299350&do=diff We have one! There's also pymsnt for Jabber->IRC transport. text/html 2011-11-22T10:34:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/ldap?rev=1321958086&do=diff LDAP Management Generic Handy traditional tools to use are: * ldapsearch, ldapmodify, ldapadd, etc * editors * ldapvi * jxplorer Configuration Browsing To look at the LDAP server configuration: root@marmot:~# ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" text/html 2016-10-30T08:52:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/login?rev=1477817539&do=diff Public Key Auth Usual spiel, edit ~/.ssh/authorized_keys One-time Passwords There are now password based logins, either use public-key or OTP. Setting up your user You do stuff with opiepasswd. Something like: * Set up your generator with a secret text/html 2019-09-29T15:34:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/mail?rev=1569771277&do=diff wormnet mail marmot provides a multi-domain IMAP/SMTP mail service, powered by Exim and Cyrus IMAP. All IPC with backend services (spamd, clamd, pgsql, lmtpd) is performed over unix domain sockets. client configuration Please use imap.wormnet.eu and smtp.wormnet.eu text/html 2012-04-29T10:15:39+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/mame?rev=1335694539&do=diff Wormnet gaming hall of fame aclouters-lapdog:~ aclouter$ head moo | gunforce | platform shooter | | dariuse | superwide sideways scroller | | gunlock | vertical scroller | | vsav | Beat 'em up: Vampire Saviour | | nvscj | Beat 'em up: Marvel vs Capcom | | timekill | Beat 'em up: With arm removal | | bloodstm | Beat 'em up: With arm removal | | outfxies | Beat 'em up with complex maps | | metmqstr | Co-operativeBeat 'em up | | ribbit | Co-operative frogger | aclouters-lapdog:~ aclouter$ cat m… text/html 2011-11-22T11:09:53+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/nas?rev=1321960193&do=diff NAS As we are limited on disk space, we are using NASes lurking on the end of xDSL connections. The problem with this is that obvious the xDSL uplinks are slow, but fortunately we can call upon CacheFS to speed things up. Configuration NAS Side NAT Firewall text/html 2011-12-05T17:12:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/news?rev=1323105176&do=diff Leafnode We have leafnode running on port 119. Connections are only accepted from a “.wormnet.eu” location. If you roam further afield, use an SSH tunnel. text/html 2012-06-10T08:54:23+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/proxy?rev=1339318463&do=diff There are two HTTP proxies running, apache mod_proxy (8080) and zipproxy (8081). zipproxy compresses any images that go through it. Connections only allowed from localhost, to connect you will probably want some SSH config such as: Host marmot.wormnet.eu #DynamicForward localhost:1080 LocalForward 127.0.0.1:8080 127.0.0.1:8080 LocalForward 127.0.0.1:8081 127.0.0.1:8081 text/html 2017-10-26T18:59:57+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/ssl?rev=1509044397&do=diff Lets Encrypt SSL Apache Set up the following directory structure (look at the others there as an example): $ sudo tree -a /var/www/well-known /var/www/well-known +-- example.com |   \-- .well-known -> . \-- www.example.com -> example.com For your regular HTTP site (non-SSL) add the following to your text/html 2017-03-21T08:32:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/start?rev=1490085135&do=diff Things set up on the server * User Account Handling * Shell logins (incl. OTP and web-ssh) * LDAP Management * Web Server * Jabber Server * IRC Server * Mail Configuration * Proxies * Usenet server * Git(osis) * NAS * DNS * Authoritive * VPN * Recursive * VPN * Lets Encrypt SSL Other things we do * MAME Gaming text/html 2017-03-21T08:44:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/vpn?rev=1490085862&do=diff VPN We use strongSwan, in particular the IKEv2 EAP-MD5 with pubkey authentication mechanism; no more susceptable to dictionary attacks than EAP-MSCHAPv2 anyway. N.B. we would use EAP-TTLS, but the strongSwan Android client does not support it. Usage Start off by creating an account for yourself by editing: /var/lib/strongswan/ipsec.secrets.inc text/html 2011-11-27T11:10:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://wormnet.eu/www?rev=1322392233&do=diff It's apache2, nothing particuarly exicting. Creating web config You should have a section of config for yourself that you can edit, in /etc/apache2/sites-available/$USER Reloading site configuration Again assuming you're in the webmasters group, you will be able to run the init.d script to reload apache configuration