From e009156b6ccdebd6d62ad8edf3c4801e27b472be Mon Sep 17 00:00:00 2001 From: Mo8it Date: Wed, 24 Aug 2022 02:43:16 +0200 Subject: [PATCH] Add day_3 files --- src/SUMMARY.md | 2 + src/day_3/notes.md | 336 +++++++++++++++++++++++++++++++++++++++++++++ src/day_3/tasks.md | 131 ++++++++++++++++++ 3 files changed, 469 insertions(+) create mode 100644 src/day_3/notes.md create mode 100644 src/day_3/tasks.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 209a243..1a1af86 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -11,5 +11,7 @@ - [Shell glue](day_2/glue.md) - [Tasks](day_2/tasks.md) - [Day 3](day_3/README.md) + - [Notes](day_3/notes.md) + - [Tasks](day_3/tasks.md) - [Day 4](day_4/README.md) - [Day 5](day_5/README.md) diff --git a/src/day_3/notes.md b/src/day_3/notes.md new file mode 100644 index 0000000..ee62960 --- /dev/null +++ b/src/day_3/notes.md @@ -0,0 +1,336 @@ +# Notes + +## Shell tricks + +### Expansion + +```bash +# mkdir -p dir/sub1 dir/sub2 +mkdir -p dir/sub{1,2} + +# touch dir/sub1/file1.txt dir/sub1/file2.txt +touch dir/sub1/file{1,2}.txt + +# cp dir/sub1/file1.txt dir/sub1/file1.txt +cp dir/sub1/file1.txt{,.bak} +``` + +### Globbing + +```bash +# Print content of all files ending with `.sh` +cat *.sh + +# Move all files visible files and directories from dir1 to dir2 +mv dir1/* dir2 + +# Move all hidden files and directories from dir1 to dir2 +mv dir1/.* dir2 + +# Move all visible and hidden files and directories from dir1 to dir2 +# mv dir1/* dir1/.* dir2 +mv dir1/{,.}* dir2 +``` + +## Cargo + +```bash +# Install. openssl-devel needed for cargo-update +sudo dnf install cargo openssl-devel + +# To be able to run cargo install-update -a +cargo install cargo-update + +# Install crate (package) +cargo install CRATENAME + +# Update installed crates +cargo install-update -a +``` + +## bashrc + +You write at the end of `~/.bashrc`. + +### PATH + +Add Cargo binaries to `PATH`: + +```bash +export PATH="$PATH:$HOME/.cargo/bin" +``` + +### Alias + +```bash +alias rm="trash" +``` + +## Fish + +`~/.config/config.fish` + +```bash +if status is-interactive + # Disable greeting message + set -g fish_greeting + + # Abbreviations + abbr -ag cp "cp -i" + abbr -ag mv "mv -i" + abbr -ag rmr "rm -r" + abbr -ag rm "trash" + abbr -ag rsync "rsync -Lahz" + + # Aliases + alias cat "bat" + alias lg "lazygit" + + # Functions + function demo + echo "Hallo from demo function!" + echo "Arguments taken: $argv" + echo "First argument: $argv[1]" + end +end +``` + +Add to path: + +```bash +fish_add_path ~/.cargo/bin +fish_add_path ~/.local/bin +``` + +## SSH + +### Setup host + +In `~/.ssh/config` + +``` +Host HOST + HostName SERVERIP + User SERVERUSER +``` + +### Generate key pair + +```bash +ssh-keygen -t ed25519 -C "COMMENT" +``` + +Leave blank to take default for the prompt `Enter file in which to save the key (/home/USERNAME/.ssh/id_ed25519)`. + +Then enter a passphrase for your key. **You should not leave it blank!** + +### Add public key to server + +```bash +ssh-copy-id -i ~/.ssh/id_ed25519.pub HOST +``` + +### Connect + +```bash +ssh HOST +``` + +### Config on server + +**Very important for security!** Only after adding the public key to the server! + +> WARNING ⚠️ : +> +> Verify that you are only asked for the passphrase of the SSH key before continueing in this section! +> +> If you are asked for the password of the user on the server when connecting, then the authentication with a key did not work. Therefore, don't set `PasswordAuthentication no`! Fix the issue with the key authentication first. **Otherwise, you will be locked out of the server!** ⚠️ + +In `/etc/ssh/sshd_config` on the server: + +Uncomment line with `PasswordAuthentication` and set it to `PasswordAuthentication no` + +Save and exit, then run: + +```bash +sudo systemctl restart sshd +``` + +If you are locked out after running this command, then you did not take the warning above seriously! + +### Copy files + +From server: + +```bash +scp HOST:SRC_PATH DEST_PATH +``` + +To server: + +```bash +scp SRC_PATH HOST:DEST_PATH +``` + +Options: + +- `-r`, `--recursive`: For directories. + +## Rsync + +From server: + +```bash +rsync -Lahz HOST:SRC_PATH DEST_PATH +``` + +To server: + +```bash +rsync -Lahz SRC_PATH HOST:DEST_PATH +``` + +Options: + +- `-a`, `--archieve`: Set of useful options to preserve permissions, use recursive mode, etc. +- `-h`, `--human-readable`: Output number in a human-readable format. +- `-z`, `--compress`: Use compression. +- `--partial`: Continue after interruption. +- `-L`, `--copy-links`: Copy links. +- `-v`, `--verbose`: Show more infos. +- `--delete`: Delete files from `DEST_PATH` if they don't exist on `SRC_PATH` anymore. **Use with caution!!!** + +## Systemd + +Check status of a service: + +```bash +sudo systemctl status SERVICENAME +``` + +Enable service: + +```bash +sudo systemctl enable SERVICENAME +``` + +Start service: + +```bash +sudo systemctl start SERVICENAME +``` + +Enable and start service at the same time: + +```bash +sudo systemctl enable --now SERVICENAME +``` + +Disable service: + +```bash +sudo systemctl disable SERVICENAME +``` + +Stop service: + +```bash +sudo systemctl stop SERVICENAME +``` + +Disable and stop service at the same time: + +```bash +sudo systemctl disable --now SERVICENAME +``` + +## Firewalld + +Install and enable firewalld: + +```bash +sudo dnf install firewalld +sudo systemctl enable --now firewalld +``` + +View open ports and services: + +```bash +sudo firewall-cmd --list-all +``` + +Open ports 80 (http) and 443 (https): + +```bash +sudo firewall-cmd --add-service http +sudo firewall-cmd --add-service https +sudo firewall-cmd --runtime-to-permanent +``` + +or: + +```bash +sudo firewall-cmd --add-port 80/tcp +sudo firewall-cmd --add-port 443/tcp +sudo firewall-cmd --runtime-to-permanent +``` + +## Podman + +```bash +# Search for image +podman search python + +# Pull image +podman pull docker.io/library/python:latest + +# See pulled images +podman images + +# Run container and remove it afterwards +podman run -it --rm docker.io/library/python:latest bash + +# Create network +podman network create NETWORKNAME + +# Create container +podman create \ + --name CONTAINERNAME \ + --network NETWORKNAME \ + -e ENVVAR="Some value for the demo environment variable" \ + --tz local \ + docker.io/library/python:latest + +# Start container +podman start CONTAINERNAME + +# Enter a running container +podman exec -it CONTAINERNAME bash + +# Stop container +podman stop CONTAINERNAME + +# Generate systemd files +podman generate systemd --new --files --name CONTAINERNAME + +# Create directory for user's systemd services +mkdir -p ~/.config/systemd/user + +# Place service file +mv container-CONTAINERNAME.service ~/.config/systemd/user + +# Activate user's service (container) +systemctl --user enable --now container-CONTAINERNAME +``` + +Keep user's systemd services live after logging out: + +```bash +sudo loginctl enable-linger USERNAME +``` + +Options: + +- `-v`, `--volume`: `SRC_PATH:DEST_PATH:L`. Label should be one of `z`, `z,ro`, `Z` or `Z,ro`. +- `--label "io.containers.autoupdate=registry"` for `podman auto-update` +- `-p`, `--publish`: `SERVER_PORT:CONTAINER_PORT` diff --git a/src/day_3/tasks.md b/src/day_3/tasks.md new file mode 100644 index 0000000..7e4b779 --- /dev/null +++ b/src/day_3/tasks.md @@ -0,0 +1,131 @@ +# Tasks + +Do the tasks in the given order! They depend on each other. + +## Task 1: Cargo + +Use `cargo` to install the following crates: + +- cargo-update +- tealdeer + +It might take a long time to compile everything. + +Add `$HOME/.cargo/bin` to your `PATH`. + +`cargo-update` should be installed to be able to run `cargo install-update -a` to update all installed crates. Try running the command. But you should not find any updates since you did just install the crates. + +The crate `tealdeer` provides you with the program `tldr`. + +Run `tldr --update`. Now run the following two commands: + +```bash +tldr dnf +tldr apt +``` + +It should be obvious to you what `tldr` does after you run the commands. Try it with other programs than `dnf` and `apt`! + +## Task 2: SSH + +Generate a SSH key pair and send me the public key per email: mo8it@proton.me + +Enter a passphrase while generating the key pair! + +Don't send me the private key!!! **You should never send your private SSH keys to anyone!** + +The public key ends with `.pub`. + +I will then append your public key to `~/.ssh/authorized_keys` on the server that we will use in the next tasks. After I add your public key, you will be able to login to the server and do the next tasks. + +Create the file `~/.ssh/config` and add the server as a host with the name `linux-lab`. + +Enter this IP: 45.94.58.19 +Enter this user: admin + +After that I add you public key, connect to the server using the host name that you did enter in `~/.ssh/config` which should be `linux-lab`. + +## Task 3: User creation + +1. Create a user for you on the server after connecting with SSH. To do so, run: + ```bash + sudo useradd USERNAME + ``` + + Replace `USERNAME` with your name. + +1. Now set a password for the new user: + + ```bash + sudo passwd USERNAME + ``` +1. For the new user to be able to use `sudo`, it has to be added to the `wheel` group: + + ```bash + sudo usermod -aG wheel USERNAME + ``` + + `-aG` stands for _append to group(s)_. + + (On debian based distros, the user should be added to the `sudo` group instead of `wheel`.) + +1. Now, change your user to the new user: + + ```bash + sudo su USERNAME + ``` + + You will see that the user name did change in the prompt. + +1. Run the following command for verification: + + ```bash + whoami + ``` + + It should not output "admin"! + + Yes, the command is called `whoami`. Linux is kind of philosophical 🤔 + +1. Now, verify that you can run `sudo` as the new user: + + ```bash + sudo whoami + ``` + + You should see "root" as output because `sudo` runs a command as the `root` user. + +1. `cd` to the home directory of the new user. +1. Make sure that you are in the home directory of the new user! Run `pwd` to verify that you are NOT in `/home/admin`. **`PLEASE DON'T TOUCH /home/admin/.ssh`** ⚠️ . Now, create the directory `~/.ssh` in the home directory of the new user. Change the permissions of `~/.ssh` such that only the user has read, write and execution permissions. _group_ and _others_ should have no permissions for `~/.ssh`! +1. Create the file `authorized_keys` inside `~/.ssh`. Only the user should have read and write permissions for the file. _group_ and _others_ should have no permissions for the file! +1. Copy the content of your public key file (with `.pub` as extention) to this file. It should be one line! Then save the file. +1. Logout from the server. Go to `~/.ssh/config` that you did write at the beginning of this task. Change the user for the host `linux-lab` from `admin` to `USERNAME` where `USERNAME` is the name of the new user that you did create on the server. +1. Try to connect using the host name again. If you did everything right, you should be connected and be the user that you did create. Run `whoami` to verify that the output is not "admin". + +## Task 4: File transfer + +Use `scp` and then `rsync` to transfer the files that you did create during the course to the server `linux-lab`. + +Do you notice any differences between the two commands? + +## Task 5: Nextcloud + +In this task you will deploy your own cloud on the server: Nextcloud! + +To do so, we will install Nextcloud as a container using `podman`. + +In this task, you should connect as the user `admin` to the server. **Don't do this task as the user that you did create in the last task!** ⚠️ + +To connect as `admin` again, change the user for the host `linux-lab` in `~/.ssh/config` back to `admin` or use `ssh admin@linux-lab` instead of only `ssh linux-lab`. + +You can find more information about the Nextcloud container here: https://hub.docker.com/\_/nextcloud + +Create a directory called `nextcloudN` in the home directory of the user `admin`. `N` at the end stands for the number that you are using in the url to connect to the browser terminal `ttydN.mo8it.xyz`. + +Create a container with the following options: + +- Container name: nextcloudN. `N` at the end stands for the number that you are using in the url to connect to the browser terminal `ttydN.mo8it.xyz`. +- Timezone: local +- Network: traefik +- Volume: Mount the directory `nextcloudN` that you did create into `/var/www/html` in the container. Use the label `Z`! +- ... (I will continue the task description during the lunch break)