JustToThePoint English Website Version
JustToThePoint en español
JustToThePoint in Thai

Dotfiles with Git + GNU Stow. Servers: Syncthing, Docker, Pi-hole, OpenVPN.

  1. We need to install stow, a symlink farm manager: sudo apt install stow git
  2. First-Time git setup. Set your user name and email address: git config ‐‐global user.name “userName”. git config ‐‐global user.email “[email protected]. Then, check your settings: git config ‐‐list
  3. Go to github. Log in to your account. Click on the New repository button or the + icon, then click on New repository. Next you have to fill out a name of the repository (dotfiles), a description (it is really optional), and select its visibility or access permission (public -Anyone on the internet can see this repository. You choose who can commit- or private -You choose who can see and commit to this repository-).
  4. After that you have your new repository, so you can copy the repository link by clicking on the green Code button. Open a terminal and clone the repository (very easy setup):
  git clone https://github.com/nmaximo7/dotfiles.git
  1. Open the directory dotfiles with Visual Studio Code: code dotfiles.

  2. Mirror your home’s structure inside the dotfiles directory, e.g., create a directory git, and a file “.gitconfig” inside git; create a directory bash, and two files “.bash_aliases” and “.bashrc” inside bash. Manage and sync dotfiles with Git + GNU Stow

    Manage and sync dotfiles with Git + GNU Stow

  3. Check if stow is going to create the right symlinks or not before creating then: stow ‐‐adopt -nvt ~ * (~ directory home, * the dotfiles directory).

    And then create them: stow ‐‐adopt -vt ~ * The flag -n tells stow not to perform any operations that modify the filesystem, but merely show what would happen. -t is the target (~, the home directory).

    MV: .config/calcurse/conf -> dotfiles/Calcurse/.config/calcurse/conf LINK: .config/calcurse/conf => ../../dotfiles/Calcurse/.config/calcurse/conf9. We use the git add . command to add any changes in the working directory to the staging area: git add .

  4. Save changes to the local repository: git commit -am “Initial commit”

  5. Upload the local repository content to our recently created github remote repository: git push.

  6. If you have a new computer, you will start by cloning the remote repository: git clone https://github.com/nmaximo7/dotfiles.git. After that you can update the local repository with: git pull.

  7. Stow the files and directories into the target directory. First, check that it is working as expected: stow ‐‐adopt -nvSt ~ *, then do it: stow ‐‐adopt -vSt ~ *

  1. Let’s install it on Ubuntu: sudo apt install syncthing-gtk (the GTK3-based GUI for syncthing, it will also install the package syncthing).
  2. Next let’s edit its config file (vi /home/user/.config/syncthing/config.xml) and change 127.0.0.1:8384 (only listening to localhost) to 0.0.0.0:8384.
  3. By default, the installation is made so that the service is run as root. You may want to check its status: sudo systemctl status [email protected]
  4. Install Mac (client). We should be able to access it: IP’s address:8384.
  5. For security purposes you may want to change your password: Actions, Settings, GUI Authentication User, GUI Autentication Password.
  6. Syncthing uses port 22000. If your computer has enabled the UFW firewall, then you need to allow traffic on port 22000: sudo ufw allow 22000/tcp
  7. You need to ensure Synching has been installed and configured on all systems. After that, _each device must be told about the other devices by exchanging device IDs. Obtain your Device ID (Server Ubuntu): Actions, Show ID (Copy). Client Mac: Add Remote Device, Device ID (Paste), Device Name (LinuxServer).
  8. Refresh the Web interface on the first device, the Ubuntu server. You will see the following message: Device…. wants to connect. Add new device? Click on Add Device (Device Name: MacClient) and wait patiently till Remote Devices, MacClient (Up to Date).
  9. We can synchronize two folders now. Click the Add Folder to add a new folder and give it a descriptive label and set the folder path (/mnt/discoExterno/documentos). On the Sharing tab, select MacClient.
  10. You need to wait till you see a message in your MacClient: LinuxServer wants to share folder “documentos”. Add new folder? Select Add, and define Folder Path.
  1. Let’s install it on the server: sudo apt install openssh-server. You may want to read our article about Advanced security.
  2. Display the IP addresses assigned to all interfaces: ip address show.
  3. If you want to connect to your server, you need to invoke the ssh command followed by your username and the IP address in the following format: ssh [email protected], e.g.,
  4. You may want to change the default behavior of the OpenSSH server application by editing the file sudo vi /etc/ssh/sshd_config. man sshd_config is the man’s page about the OpenSSH daemon configuration file. You could change the port (Port 2134), displays a banner (Banner /etc/issue.net), etc. Then you should test the validity of your configuration file (sudo sshd -t -f /etc/ssh/sshd_config) and restart the daemon (sudo systemctl restart sshd.service).
  5. Troubleshooting: Is ssh running? sudo systemctl status ssh.
  6. If the firewall is enabled on your system, you need to open up the SSH port: sudo ufw allow ssh
  1. Install the nfs-kernel-server package: sudo apt install nfs-kernel-server. NFS will translate any root operations on the client to the nobody:nogroup credentials: sudo chown -R nobody:nogroup /mnt/discoExterno/nfsShare/ where nfsShare is the folder that we want to share.
  2. Configure the NFS configuration file: sudo vi /etc/exports:
    /mnt/discoExterno/nfsShare 192.168.1.0/255.255.255.0(rw,sync,insecure,all_squash,anonuid=1000,anongid=1000)
    
    The syntax is as follows: Directory_to_share (/mnt/discoExterno/nfsShare) client (192.168.1.0/255.255.255.0, the private network) options (rw: It gives the client computer both read and write access; sync: It forces NFS to write changes to disk before replying; insecure, all_squash, anonuid=1000, anongid=1000: macOS specific).
  3. Restart the NFS server: sudo systemctl restart nfs-kernel-server.
  4. Allow NFS Access through the Firewall: sudo ufw allow from 192.168.1.0/24 to any port nfs
  5. Client (macOS). Is the resource available in the NFS server? showmount -e 192.168.1.48 (192.168.1.48 is the NFS server’s IP). In Finder, press cmd + k and enter the path to the NFS server/share: NFS

    NFS

  6. macOS’s specific configuration (Sierra): sudo vi /etc/auto_master:
      /-    auto_nfs    -nobrowse,nosuid
    
    sudo vi /etc/auto_nfs:
    /../Volumes/my_mount    -fstype=nfs,noowners,nolockd,noresvport,hard,bg,intr,rw,tcp,nfc nfs://[email protected]:/mnt/discoExterno/nfsShare
    

sudo automount -cv. Finally, add /Volumes/nfsShare to System Settings, Users & Groups, Login Items.

  1. Let’s install Docker: sudo apt install docker.io. Let’s know the Docker version information: docker ‐‐version. Check whether Docker is running: sudo systemctl status docker
  2. We should start Docker and make it enable automatically on system boot: sudo systemctl enable ‐‐now docker.
  3. Add your user to the docker group: sudo usermod -aG docker ${USER}.
  4. It’s time to test it: docker run hello-world.
  1. Ubuntu runs systemd-resolved which listens on port 53. We need to disable (sudo systemctl disable systemd-resolved.service) and stop it (sudo systemctl stop systemd-resolved.service).
  2. Edit /etc/systemd/resolved.conf: DNS=1.1.1.1 and DNSStubListener=no.
  3. Delete the symlink /etc/resolv.conf: rm /etc/resolv.conf. Change the /etc/resolv.conf symlink to point to /run/systemd/resolve/resolv.conf: ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf. You could get more information in Docker Pi-hole, Installing on Ubuntu.
  4. Restart systemd-resolved using the following command: systemctl restart systemd-resolved.
  5. Download, configure, and run Pi-Hole container on Docker:
      wget https://raw.githubusercontent.com/pi-hole/docker-pi-hole/master/docker_run.sh 
      sudo chmod +x docker_run.sh
      sudo ./docker_run.sh_
    
    #!/bin/bash # https://github.com/pi-hole/docker-pi-hole/blob/master/README.md. This is docker_run.sh:
    
    PIHOLE_BASE="${PIHOLE_BASE:-$(pwd)}" 
    [[ -d "$PIHOLE_BASE" ]] || mkdir -p "$PIHOLE_BASE" || { echo "Couldn't create storage directory: $PIHOLE_BASE"; exit 1; }
    
    # Note: ServerIP should be replaced with your external ip. 
    docker run -d --name pihole -p 53:53/tcp -p 53:53/udp \ # This container uses 2 popular ports, port 53 and port 80. 
        -p 80:80 \ 
        -e TZ="Europe/Madrid" \ # Set your timezone to make sure logs rotate at local midnight 
        -v "${PIHOLE_BASE}/etc-pihole/:/etc/pihole/" \ 
        -v "${PIHOLE_BASE}/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
        --dns=8.8.4.4 --dns=1.1.1.1 \ # Upstream DNS servers 
        --restart=unless-stopped \ 
        --hostname pi.hole \ 
        -e VIRTUAL_HOST="pi.hole" \ 
        -e PROXY_LOCATION="pi.hole" \ 
        -e ServerIP="192.168.1.48" \ # Set to your server's LAN IP: ip addr show 
        pihole/pihole:latest
    
    printf 'Starting up pihole container ' 
    for i in $(seq 1 20); do 
      if [ "$(docker inspect -f "{{.State.Health.Status}}" pihole)" == "healthy" ] ; then 
        printf ' OK' 
        echo -e "\n$(docker logs pihole 2> /dev/null | grep 'password:') for your pi-hole: https://${IP}/admin/" 
        exit 0 
      else 
        sleep 3 
        printf '.' 
      fi
    
      if [ $i -eq 20 ] ; then 
        echo -e "\nTimed out waiting for Pi-hole start, consult your container logs for more info (\`docker logs pihole\`)" 
        exit 1 
      fi 
    done;
    
  6. The last command generates a random password. Go to a browser: IP’s address/admin and use this password.

    Use Pi_Hole for the entire LAN: ]Access your router: http://192.168.1.1/. The password is usually on the back of the router. Configuración avanzada/Advanced Setup, DNS: IP address Pi-hole.

  7. Add a new blocklist from The Firebog. Pi-hole, Croup management, Groups, Add a new group, and then, run pihole -g or update your gravity list (list of blocked domain) online after modifying your adlists: http://IP’s address/admin/gravity.php.
  8. Pi-hole cannot resolve DNS for itself, you may want to change your DNS in: Pi-hole, Settings, DNS, Upstream DNS Server.
  9. List all Docker containers: docker container ls -a. Stop a specific container: docker container stop [container_id] or all containers: docker container stop $(docker container ls –aq). Remove a stopped container: docker container rm [container_id] or all containers: docker container rm $(docker container ls –aq).
  1. Download openvpn-install.sh script to set up your OpenVPN server: wget https://git.io/vpn -O openvpn-install.sh.
  2. Make it executable and run it: sudo chmod +x openvpn-install.sh, sudo bash openvpn-install.sh.
  3. IPv4: Server IP’s address, e.g., 192.168.1.48. Protocol: UDP. Port: 1194. DNS server for the clients: Google is usually a good choice. A name for the first client: client.
  4. Restart the OpenVPN service: sudo systemctl restart openvpn. Check its status: sudo systemctl status openvpn.
  5. If you have UFW enabled, you will need to add a rule to the firewall to allow the port 1194 to make the connection: sudo ufw allow 1194/udp.
  6. Is the server listening in this port? sudo netstat -anp | grep openvpn.
  7. Get the client configuration file: sudo passwd root; su -; cp client.ovpn /home/myUser and transfer it to the client’s machine.
  8. On the client side, install TunnelBlink and open client.ovpn in TunnelBlink.
Bitcoin donation

JustToThePoint Copyright © 2011 - 2022 PhD. Máximo Núñez Alarcón, Anawim. ALL RIGHTS RESERVED. Bilingual e-books, articles, and videos to help your child and your entire family succeed, develop a healthy lifestyle, and have a lot of fun.

This website uses cookies to improve your navigation experience.
By continuing, you are consenting to our use of cookies, in accordance with our Cookies Policy and Website Terms and Conditions of use.