Dotfiles with Git + GNU Stow. Servers: Syncthing, Docker, Pi-hole, OpenVPN.

• Manage and sync dotfiles with Git + GNU Stow.

1. We need to install stow, a symlink farm manager: sudo apt install stow git
2. First-Time git setup. Set your user name and email address: git config ‐‐global user.name “userName”. git config ‐‐global user.email “[email protected]”. Then, check your settings: git config ‐‐list
3. Go to github. Log in to your account. Click on the New repository button or the + icon, then click on New repository. Next you have to fill out a name of the repository (dotfiles), a description (it is really optional), and select its visibility or access permission (public -Anyone on the internet can see this repository. You choose who can commit- or private -You choose who can see and commit to this repository-).
4. After that you have your new repository, so you can copy the repository link by clicking on the green Code button. Open a terminal and clone the repository (very easy setup):

  git clone https://github.com/nmaximo7/dotfiles.git

5. Open the directory dotfiles with Visual Studio Code: code dotfiles.

6. Mirror your home’s structure inside the dotfiles directory, e.g., create a directory git, and a file “.gitconfig” inside git; create a directory bash, and two files “.bash_aliases” and “.bashrc” inside bash.

7. Check if stow is going to create the right symlinks or not before creating then: stow ‐‐adopt -nvt ~ * (~ directory home, * the dotfiles directory).

   And then create them: stow ‐‐adopt -vt ~ * The flag -n tells stow not to perform any operations that modify the filesystem, but merely show what would happen. -t is the target (~, the home directory).

   MV: .config/calcurse/conf -> dotfiles/Calcurse/.config/calcurse/conf LINK: .config/calcurse/conf => ../../dotfiles/Calcurse/.config/calcurse/conf9. We use the git add . command to add any changes in the working directory to the staging area: git add .

8. Save changes to the local repository: git commit -am “Initial commit”

9. Upload the local repository content to our recently created github remote repository: git push.

10. If you have a new computer, you will start by cloning the remote repository: git clone https://github.com/nmaximo7/dotfiles.git. After that you can update the local repository with: git pull.

11. Stow the files and directories into the target directory. First, check that it is working as expected: stow ‐‐adopt -nvSt ~ *, then do it: stow ‐‐adopt -vSt ~ *

• Syncthing is a continuous file synchronization program. It is a really good free alternative to Dropbox and Google Drive. It synchronizes files between two or more computers.

1. Let’s install it on Ubuntu: sudo apt install syncthing-gtk (the GTK3-based GUI for syncthing, it will also install the package syncthing).
2. Next let’s edit its config file (vi /home/user/.config/syncthing/config.xml) and change 127.0.0.1:8384 (only listening to localhost) to 0.0.0.0:8384.
3. By default, the installation is made so that the service is run as root. You may want to check its status: sudo systemctl status [email protected]
4. Install Mac (client). We should be able to access it: IP’s address:8384.
5. For security purposes you may want to change your password: Actions, Settings, GUI Authentication User, GUI Autentication Password.
6. Syncthing uses port 22000. If your computer has enabled the UFW firewall, then you need to allow traffic on port 22000: sudo ufw allow 22000/tcp
7. You need to ensure Synching has been installed and configured on all systems. After that, _each device must be told about the other devices by exchanging device IDs. Obtain your Device ID (Server Ubuntu): Actions, Show ID (Copy). Client Mac: Add Remote Device, Device ID (Paste), Device Name (LinuxServer).
8. Refresh the Web interface on the first device, the Ubuntu server. You will see the following message: Device…. wants to connect. Add new device? Click on Add Device (Device Name: MacClient) and wait patiently till Remote Devices, MacClient (Up to Date).
9. We can synchronize two folders now. Click the Add Folder to add a new folder and give it a descriptive label and set the folder path (/mnt/discoExterno/documentos). On the Sharing tab, select MacClient.
10. You need to wait till you see a message in your MacClient: LinuxServer wants to share folder “documentos”. Add new folder? Select Add, and define Folder Path.

• OpenSSH server is the best connectivity tool for remote login with the SSH protocol.

1. Let’s install it on the server: sudo apt install openssh-server. You may want to read our article about Advanced security.
2. Display the IP addresses assigned to all interfaces: ip address show.
3. If you want to connect to your server, you need to invoke the ssh command followed by your username and the IP address in the following format: ssh [email protected], e.g.,

   ssh [email protected]
   

4. You may want to change the default behavior of the OpenSSH server application by editing the file sudo vi /etc/ssh/sshd_config. man sshd_config is the man’s page about the OpenSSH daemon configuration file. You could change the port (Port 2134), displays a banner (Banner /etc/issue.net), etc. Then you should test the validity of your configuration file (sudo sshd -t -f /etc/ssh/sshd_config) and restart the daemon (sudo systemctl restart sshd.service).
5. Troubleshooting: Is ssh running? sudo systemctl status ssh.
6. If the firewall is enabled on your system, you need to open up the SSH port: sudo ufw allow ssh

• NFS (Network File System) allows a user on a client computer to access files over a network in the same way they would access a local storage file.

1. Install the nfs-kernel-server package: sudo apt install nfs-kernel-server. NFS will translate any root operations on the client to the nobody:nogroup credentials: sudo chown -R nobody:nogroup /mnt/discoExterno/nfsShare/ where nfsShare is the folder that we want to share.
2. Configure the NFS configuration file: sudo vi /etc/exports:

   /mnt/discoExterno/nfsShare 192.168.1.0/255.255.255.0(rw,sync,insecure,all_squash,anonuid=1000,anongid=1000)
   

   The syntax is as follows: Directory_to_share (/mnt/discoExterno/nfsShare) client (192.168.1.0/255.255.255.0, the private network) options (rw: It gives the client computer both read and write access; sync: It forces NFS to write changes to disk before replying; insecure, all_squash, anonuid=1000, anongid=1000: macOS specific).
3. Restart the NFS server: sudo systemctl restart nfs-kernel-server.
4. Allow NFS Access through the Firewall: sudo ufw allow from 192.168.1.0/24 to any port nfs
5. Client (macOS). Is the resource available in the NFS server? showmount -e 192.168.1.48 (192.168.1.48 is the NFS server’s IP). In Finder, press cmd + k and enter the path to the NFS server/share:
6. macOS’s specific configuration (Sierra): sudo vi /etc/auto_master:

     /-    auto_nfs    -nobrowse,nosuid
   

   sudo vi /etc/auto_nfs:

   /../Volumes/my_mount    -fstype=nfs,noowners,nolockd,noresvport,hard,bg,intr,rw,tcp,nfc nfs://[email protected]:/mnt/discoExterno/nfsShare
   

sudo automount -cv. Finally, add /Volumes/nfsShare to System Settings, Users & Groups, Login Items.

• Docker is a software platform designed to make it easier to create, deploy, and run applications by using containers.

1. Let’s install Docker: sudo apt install docker.io. Let’s know the Docker version information: docker ‐‐version. Check whether Docker is running: sudo systemctl status docker
2. We should start Docker and make it enable automatically on system boot: sudo systemctl enable ‐‐now docker.
3. Add your user to the docker group: sudo usermod -aG docker ${USER}.
4. It’s time to test it: docker run hello-world.

• Installing Pi-hole on Ubuntu

1. Ubuntu runs systemd-resolved which listens on port 53. We need to disable (sudo systemctl disable systemd-resolved.service) and stop it (sudo systemctl stop systemd-resolved.service).
2. Edit /etc/systemd/resolved.conf: DNS=1.1.1.1 and DNSStubListener=no.
3. Delete the symlink /etc/resolv.conf: rm /etc/resolv.conf. Change the /etc/resolv.conf symlink to point to /run/systemd/resolve/resolv.conf: ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf. You could get more information in Docker Pi-hole, Installing on Ubuntu.
4. Restart systemd-resolved using the following command: systemctl restart systemd-resolved.
5. Download, configure, and run Pi-Hole container on Docker:

     wget https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/docker_run.sh 
     sudo chmod +x docker_run.sh
     sudo ./docker_run.sh_
   

   #!/bin/bash # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md. This is docker_run.sh:
   
   PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}" 
   [[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }
   
   # Note: ServerIP should be replaced with your external ip. 
   docker run -d --name pihole -p 53:53/tcp -p 53:53/udp \ # This container uses 2 popular ports, port 53 and port 80. 
       -p 80:80 \ 
       -e TZ="Europe/Madrid" \ # Set your timezone to make sure logs rotate at local midnight 
       -v "${PIHOLE_BASE}/etc-pihole/:/etc/pihole/" \ 
       -v "${PIHOLE_BASE}/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
       --dns=8.8.4.4 --dns=1.1.1.1 \ # Upstream DNS servers 
       --restart=unless-stopped \ 
       --hostname pi.hole \ 
       -e VIRTUAL_HOST="pi.hole" \ 
       -e PROXY_LOCATION="pi.hole" \ 
       -e ServerIP="192.168.1.48" \ # Set to your server's LAN IP: ip addr show 
       pihole/pihole:latest
   
   printf 'Starting up pihole container ' 
   for i in $(seq 1 20); do 
     if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then 
       printf ' OK' 
       echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/" 
       exit 0 
     else 
       sleep 3 
       printf '.' 
     fi
   
     if [ $i -eq 20 ] ; then 
       echo -e "\nTimed out waiting for Pi-hole start, consult your container logs for more info (\`docker logs pihole\`)" 
       exit 1 
     fi 
   done;
   

6. The last command generates a random password. Go to a browser: IP’s address/admin and use this password.

   Use Pi_Hole for the entire LAN: ]Access your router: http://192.168.1.1/. The password is usually on the back of the router. Configuración avanzada/Advanced Setup, DNS: IP address Pi-hole.

7. Add a new blocklist from The Firebog. Pi-hole, Croup management, Groups, Add a new group, and then, run pihole -g or update your gravity list (list of blocked domain) online after modifying your adlists: http://IP’s address/admin/gravity.php.
8. Pi-hole cannot resolve DNS for itself, you may want to change your DNS in: Pi-hole, Settings, DNS, Upstream DNS Server.
9. List all Docker containers: docker container ls -a. Stop a specific container: docker container stop [container_id] or all containers: docker container stop $(docker container ls –aq). Remove a stopped container: docker container rm [container_id] or all containers: docker container rm $(docker container ls –aq).

• OpenVPN. VPN creates a secure tunnel between your device and the internet. This allows you some level of anonymous networking.

1. Download openvpn-install.sh script to set up your OpenVPN server: wget https://git.io/vpn -O openvpn-install.sh.
2. Make it executable and run it: sudo chmod +x openvpn-install.sh, sudo bash openvpn-install.sh.
3. IPv4: Server IP’s address, e.g., 192.168.1.48. Protocol: UDP. Port: 1194. DNS server for the clients: Google is usually a good choice. A name for the first client: client.
4. Restart the OpenVPN service: sudo systemctl restart openvpn. Check its status: sudo systemctl status openvpn.
5. If you have UFW enabled, you will need to add a rule to the firewall to allow the port 1194 to make the connection: sudo ufw allow 1194/udp.
6. Is the server listening in this port? sudo netstat -anp | grep openvpn.
7. Get the client configuration file: sudo passwd root; su -; cp client.ovpn /home/myUser and transfer it to the client’s machine.
8. On the client side, install TunnelBlink and open client.ovpn in TunnelBlink.