From 045ab662bb15d9a13d4d58ef609f643b9ae0889d Mon Sep 17 00:00:00 2001 From: davidovski Date: Tue, 13 Jun 2023 00:12:02 +0100 Subject: use shblg to generate a static site from this repo --- build.py | 290 ------------------------------------------- build.sh | 4 - const.py | 8 -- entries/entries.sh | 5 + entries/git_compile.html | 15 +++ entries/librex.html | 9 ++ entries/pci_passthrough.html | 274 ++++++++++++++++++++++++++++++++++++++++ entries/ssh_forwarding.html | 94 ++++++++++++++ entries/welcome.html | 11 ++ gif.py | 66 ---------- git_repos.txt | 10 -- images/bg.gif | 2 + images/gif.py | 70 +++++++++++ images/remotecontrol.gif | 2 + index.html | 43 +++++++ mononoki.woff | Bin 0 -> 42208 bytes new.sh | 4 +- page.sh | 45 +++++++ resources/mononoki.woff | Bin 42208 -> 0 bytes resources/style.css | 160 ------------------------ rss.xml | 33 +++++ src/git_compile.md | 15 --- src/librex.md | 7 -- src/pci_passthrough.md | 274 ---------------------------------------- src/ssh_forwarding.md | 94 -------------- src/welcome.md | 9 -- style.css | 160 ++++++++++++++++++++++++ sync.sh | 5 - templates/about.html | 20 --- templates/file.html | 7 -- templates/item.xml | 6 - templates/page.html | 38 ------ templates/rss.xml | 10 -- templates/summary.html | 6 - 34 files changed, 765 insertions(+), 1031 deletions(-) delete mode 100644 build.py delete mode 100755 build.sh delete mode 100644 const.py create mode 100755 entries/entries.sh create mode 100755 entries/git_compile.html create mode 100755 entries/librex.html create mode 100755 entries/pci_passthrough.html create mode 100755 entries/ssh_forwarding.html create mode 100755 entries/welcome.html delete mode 100644 gif.py delete mode 100644 git_repos.txt create mode 100755 images/bg.gif create mode 100755 images/gif.py create mode 100755 images/remotecontrol.gif create mode 100755 index.html create mode 100644 mononoki.woff create mode 100755 page.sh delete mode 100644 resources/mononoki.woff delete mode 100644 resources/style.css create mode 100755 rss.xml delete mode 100644 src/git_compile.md delete mode 100644 src/librex.md delete mode 100644 src/pci_passthrough.md delete mode 100644 src/ssh_forwarding.md delete mode 100644 src/welcome.md create mode 100644 style.css delete mode 100755 sync.sh delete mode 100644 templates/about.html delete mode 100644 templates/file.html delete mode 100644 templates/item.xml delete mode 100644 templates/page.html delete mode 100644 templates/rss.xml delete mode 100644 templates/summary.html diff --git a/build.py b/build.py deleted file mode 100644 index bed1ac7..0000000 --- a/build.py +++ /dev/null @@ -1,290 +0,0 @@ -import markdown -import os -import time -import shutil -import subprocess -from html import escape - - -from const import * - -def getTemplateHTML(name): - html = "" - with open(os.path.join(templates, name), "r") as file: - html = file.read(); - return html - -def lowerHeadings(html): - # This is a dumb lol - return html.replace("
", "

")\ - .replace("

", "

")\ - .replace("
", "
")\ - .replace("
", "")\ - .replace("

", "

")\ - .replace("
", "")\ - .replace("

", "

")\ - .replace("

", "")\ - .replace("

", "

")\ - .replace("

", "")\ - .replace("

", "

")\ - .replace("

", "")\ - -def listPages(): - return [ - (lambda path: - (lambda content: - (lambda timestamp: - (lambda name: { - "source_file" : path, - "source_content" : content, - "html" : markdown.markdown("\n".join(content.split("\n...\n"))), - "title" : content.split("\n")[0].replace("# ", ""), - "summary" : lowerHeadings(markdown.markdown(content.split("\n...\n")[0])), - "timestamp" : timestamp, - "date": time.strftime(date_format, time.localtime(timestamp)), - "name" : name, - "url" : f"entries/{name}.html" - })(".".join(p.split(".")[:-1])) - )(os.stat(path).st_mtime) - )(open(path, "r").read()) - )(os.path.join(source, p)) for p in os.listdir(source) - ] - - -def formatEntry(content, page): - return content.replace("%date%", page["date"])\ - .replace("%name%", page["name"])\ - .replace("%time%", str(page["timestamp"]))\ - .replace("%source%", site_index + page["source_file"])\ - .replace("%url%", site_index + page["url"]) - -def make(): - - try: - os.makedirs(os.path.join(dist, "entries")) - except: - print("Already have content") - try: - shutil.rmtree(os.path.join(dist, "src")) - except: - pass - try: - shutil.rmtree(os.path.join(dist, "images")) - except: - pass - try: - shutil.copytree(source, os.path.join(dist, "src")) - except: - pass - try: - shutil.copytree(images, os.path.join(dist, "images")) - except: - pass - - pages = listPages() - - pages = sorted(pages, key=lambda p: p["timestamp"]) - - summary_templ = getTemplateHTML("summary.html") - - summariesHTML = getTemplateHTML("about.html").replace("%posts%", "\n") - - entry_templ = getTemplateHTML("page.html") - - - for page in pages: - with open(os.path.join(dist, page["url"]), "w") as entry: - entry.write( - formatEntry( - entry_templ, - page - ) - .replace("%content%", page["html"]) - ) - - - - index_templ = getTemplateHTML("page.html") - - with open(os.path.join(dist, "index.html"), "w") as index: - index.write( - index_templ.replace("%content%", summariesHTML) - ) - - - item_templ = getTemplateHTML("item.xml") - rss_templ = getTemplateHTML("rss.xml") - itemsXML = "\n".join( - [ - formatEntry(item_templ, page).replace("%content%", page["html"]) - for page in pages - ][: : -1] - ) - - with open(os.path.join(dist, "rss.xml"), "w") as index: - index.write( - rss_templ.replace("%items%", itemsXML) - ) - - for f in os.listdir(resources): - shutil.copy(os.path.join(resources, f), dist) - - print(f"built in {len(pages)} pages") - - -def get_repos(): - repos = [] - if os.path.exists("git_repos.txt"): - with open("git_repos.txt", "r") as file: - repos = [l for l in file.readlines() if l.startswith("http")] - return repos - -def list_files(path): - files = [] - dirlist = [path] - - while len(dirlist) > 0: - for (dirpath, dirnames, filenames) in os.walk(dirlist.pop()): - dirlist.extend(dirnames) - files.extend(map(lambda n: os.path.join(*n), zip([dirpath] * len(filenames), filenames))) - print(len(files)) - - return files - -def linkify_path(path): - output = [] - full = "/" - for s in path.split("/"): - full += s + "/" - output.append(f"{s}") - return "/" + "/".join(output) - - - -def format_file(page_templ, content, v): - return page_templ.replace("%title%", v["name"])\ - .replace("%up%", v["above"])\ - .replace("%filename%", linkify_path(v["filename"]))\ - .replace("%commit%", str(v["commit"]))\ - .replace("%url%", str(v["url"]))\ - .replace("%content%", content) - - -def traverse_repo(path, name, commit, url): - page_templ = getTemplateHTML("page.html") - page_templ = page_templ.replace("%content%", getTemplateHTML("file.html")) - - date = time.strftime(date_format, time.localtime()) - footer = f"

This repo has been compiled for web view on {date} and may not be the latest version

" - - for root, dirs, files in os.walk(path): - filename = "/".join(root.split("/")[1:]) - index_content = "
" - - readme = os.path.join(root, "README.md") - if os.path.exists(readme): - with open(readme) as file: - readme_content = markdown.markdown(file.read()) - #massive hack - readme_content = readme_content.replace("\"/", "\"/" + filename + "/") - - index_content += readme_content - - index_content += "
" - - index_content += footer - index_content = format_file(page_templ, index_content, { - "name": name, - "commit": commit, - "url": url, - "filename": filename, - "above": "/".join(root.split("/")[1:-1]), - }) - - with open(os.path.join(root,"index.html"), "w") as file: - file.write(index_content) - -def create_repos(): - try: - shutil.rmtree(os.path.join(dist, "git")) - except: - pass - - git_path = os.path.join(dist, "git") - try: - os.makedirs(git_path) - except: - print("Already have git path") - - for repo in get_repos(): - repo = repo.strip() - print(repo) - name = ".".join(repo.split("/")[-1].split(".")[:-1]) - os.system(f"mkdir -p /tmp/repos/{name} ;\ - cd /tmp/repos/{name} ;\ - git pull || git clone {repo} /tmp/repos/{name}") - - os.system(f"cp -r /tmp/repos/{name} {dist}/git") - - command = subprocess.run(f"cd /tmp/repos/{name} && git log --pretty=format:'%h%x09%an%x09%ad%x09%s' --no-decorate -1", stdout=subprocess.PIPE, shell=True) - - commit = command.stdout.decode() - - traverse_repo(os.path.join(git_path, name), name, commit, repo) - -make() -create_repos() diff --git a/build.sh b/build.sh deleted file mode 100755 index 4abdef5..0000000 --- a/build.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -python build.py -python gif.py - diff --git a/const.py b/const.py deleted file mode 100644 index 6903e96..0000000 --- a/const.py +++ /dev/null @@ -1,8 +0,0 @@ -site_index = "https://davidovski.xyz/" -images = "images" -date_format = "%a, %d %b %Y %H:%M:%S" -source = "src" -templates = "templates" -resources = "resources" -dist = "dist" -summary_max = 10 diff --git a/entries/entries.sh b/entries/entries.sh new file mode 100755 index 0000000..e85c454 --- /dev/null +++ b/entries/entries.sh @@ -0,0 +1,5 @@ +#!../page.sh + +[ -z "$1" ] || { + md2html $1 +} diff --git a/entries/git_compile.html b/entries/git_compile.html new file mode 100755 index 0000000..48619f6 --- /dev/null +++ b/entries/git_compile.html @@ -0,0 +1,15 @@ +#!./entries.sh + +# Compiling files in a git repo + +So I decided to improve the way that that you can access some of the repos that I am hosting on this server, including the code that I use to compile the site itself. I quickly hacked together a bit of code in my existing [build.py](https://davidovski.xyz/git/davidovski/build.py.html) to clone a list of repos and go through and generate a html pages for each of the files in the repo. + +Although this means that this is only a static view of the repo at any time (needing me to rebuild the site for it to update) I can easily add any git repo to be built into my site, so as you may see, I have added a few repos from my github as well. + +I tried using cgit, but it just didn't provide exactly what I wanted and I wasn't in the mood to try configuring it to my liking, so I opted for this approach instead. + +A way that I can improve it is to serve a http server that dynamically updates the repositories when new commits are added, which would probably be a better solution; but this works.. for now. + +If you want to view all of the repos that I've listed so far, click the link at the top of the page. (sorry that the index is still the default nginx autoindex, I will change that at some point), and feel free to check out how I did it in [build.py](https://davidovski.xyz/git/davidovski/build.py.html), though Im warning you, its probably some of the hackiest code i've put together. + +Tutorial on how to host your own git repos on your server and allow people to clone them with https may be coming soon diff --git a/entries/librex.html b/entries/librex.html new file mode 100755 index 0000000..c78c2cd --- /dev/null +++ b/entries/librex.html @@ -0,0 +1,9 @@ +#!./entries.sh + +# LibreX - a metasearch engine + +My instance: [search.davidovski.xyz](https://search.davidovski.xyz/) + +For a while now I have been using [SearX](https://github.com/searx/searx) as my search engine, a meta search engine that cumulates search results from multiple different sites. While this is a great idea in theory, making the best of all search engines through one *privacy respecting* interface, in reality it ends up meaning that search results are quite slow. Couple this with the fact that most SearX instances are hosted by volunteers, and often have downtime, I was in the situation where I was hopping between various instances to try and find ones that worked. I always wanted to self host one myself, but the whole system seemed very bloated and complicated, and honestly I just couldn't be bothered to mess around with it. + +That's where [LibreX](https://github.com/hnhx/librex) comes in, a very small and simple meta search engine. Its still in development, but currently it has just enough functionality to actually be somewhat useful. Currently it only really supports google searches, but it still is a good layer for privacy, since all of your queries are anonymised, with google only seeing that they came from LibreX. I am curious to see how well it will handle larger amounts of search queries and if Google will limit them or something. If you want to support development, feel free to use it, find bugs and request features: [View the github repo](https://github.com/hnhx/librex) diff --git a/entries/pci_passthrough.html b/entries/pci_passthrough.html new file mode 100755 index 0000000..942c2b4 --- /dev/null +++ b/entries/pci_passthrough.html @@ -0,0 +1,274 @@ +#!./entries.sh + +# PCI passthrough with qemu + +QEMU is a powerful free and open source emulator which when paired with kvm can be used to create almost bare-metal performance virtual machines. In this guide I will be detailing some tips and tricks to configuring a setup on your linux system to allow a PCI device (typically a graphics card) to be passed through to a virtual machine. + +Countless guides already exist on this topic but they all rely on using virt-manager and other Redhat software, which, depending on your use case, may be completely overkill. This guide assumes that you will not be using the target GPU as a video output on your host machine from boot, so will only work in configurations where you are able to remote connect or where you have **multiple graphics cards**. However the process is mostly similar for single GPU passthrough, with extra steps if you want to bind and unbind display drivers from the host. + +This is a generic guide written to support any semi-standard Linux distributions, so adapt any instructions as you see fit to your current system. + +If you do not trust this guide or need any clarification, feel free to follow steps from other guides, or just skip to the tips at the bottom of this guide. + + +## Prerequisites + +Make sure that your motherboard is: +- supports hardware virtualisation +- supports IOMMU + +These options can be enabled within the motherboard's BIOS settings usually. + +You may also want a spare monitor or a monitor with multiple inputs so that you can switch between GPU outputs. + +Once you have enabled IOMMU, you will need to ensure that your PCI slot can actually be passed through. This is only possible if the GPU appears in its own single IOMMU group, with no other devices in that group. + +To list IOMMU groups, you may use this script from the [archwiki](https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF#Ensuring_that_the_groups_are_valid) + + #!/bin/bash + shopt -s nullglob + for g in $(find /sys/kernel/iommu_groups/* -maxdepth 0 -type d | sort -V); do + echo "IOMMU Group ${g##*/}:" + for d in $g/devices/*; do + echo -e "\t$(lspci -nns ${d##*/})" + done; + done; + +If you see that there PCI devices other than ones that correspond to your graphics card, then try using a different PCI slot. Unfortunately some motherboards don't have any isolated PCI slots, in this case you are out of luck; PCI passthrough will not be possible in this method. + + +## Setting up VFIO + +The core principle behind PCI passthrough is that you don't want the kernel from having any control over the device in the PCI slot. To do this, we tell the kernel to bind a *dummy driver* to the gpu so that when we want to pass it through to the VM, it is not in use. + +To do this, you want to find out the Device IDs of your PCI device, you can do this using the following command: + + lspci -nn + +Make sure take notes of all of the devices that appeared within the isolated IOMMU group from the previous stage. If you miss out any PCI devices, this will not work. IDs often look like this: `10de:13c2` + +Next add the following to your kernel's cmdline arguments. This can usually be found somewhere in your bootloaders settings, for example for GRUB, you can add it to `GRUB_CMDLINE_LINUX_DEFAULT=""` in `/etc/default/grub` + + vfio-pci.ids=*id1*,*id2* + +where *id1* and *id2* represent the ids that you collected in the previous step. + +Next you need to tell your initramfs (if applicable) to load the vfio modules. This is done to make sure that the vfio module is loaded and assigned to these pci devices *before* your video drivers. The process of doing this depends on your initramfs system: + +### Dracut + +in `/etc/dracut.conf.d/10-vfio.conf` + + force_drivers+=" vfio_pci vfio vfio_iommu_type1 vfio_virqfd " + +then rebuild your initramfs + + +### mkinitpcio + +in `/etc/mkinitcpio.conf` + + MODULES=(... vfio_pci vfio vfio_iommu_type1 vfio_virqfd ...) + +then rebuild your initramfs + +### booster + +in `/etc/booster.yaml` + + modules_force_load: vfio_pci,vfio,vfio_iommu_type1,vfio_virqfd + +then rebuild your initramfs + +## QEMU arguments and set-up + +In this guide I will be using qemu from the command line. I feel as if this is the easiest way to create virtual machines without any overhead, but you can use libvirt if you wish. + +Here is a script that use a to run a linux virtual machine, if you want to copy it blindly and not understand it, then thats alright, but I will include a description for each argument and why its used. + + #!/bin/sh + + ISO="/path/to/your/installer/iso" + ROOT="/path/to/your/virtual/disk" + OVMF_VARS="/path/to/your/ovmf/vars/image" + + + qemu-system-x86_64 \ + -enable-kvm \ + -m 8G \ + -smp 2 \ + -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF.fd \ + -drive if=pflash,format=raw,file="$OVMF_VARS" \ + -drive if=virtio,file="$ROOT",format=qcow2 \ + -vga none \ + -nographic \ + -monitor stdio \ + -serial none \ + -device vfio-pci,host="06:00.0" \ + -device vfio-pci,host="06:00.1" \ + -device vfio-pci,host="06:00.2" \ + -device vfio-pci,host="06:00.3" \ + -net nic,model=virtio -net user \ + -device ich9-intel-hda,addr=0x1b \ + -device hda-micro,audiodev=hda \ + -device ich9-intel-hda,addr=0x1b \ + -device hda-micro,audiodev=hda \ + -audiodev pa,id=hda,server=unix:$(pactl info | sed -rn 's/Server String: (.*)/\1/p') + +### Basic Parameters + + -enable-kvm + +This enables [KVM](https://www.linux-kvm.org/page/Main_Page) which improves performance and allows for *almost bare-metal* CPU performance. + + -m 8G + +Allocate 8 Gigabytes of memory to the virtual machine + + -smp 2 + +Allocate 2 CPU cores to the virtual machine + +### OVMF firmware + + -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF.fd \ + -drive if=pflash,format=raw,file="$OVMF_VARS" \ + +Most PCI cards require UEFI firmware to function properly. For this reason we will be using the OVMF firmware. You may need to install this on your system, typically the package is called ovmf, edk2-ovmf or something similar. Learn to use your package manager's search functionality to find it. + +Make a copy of the OVMF variables file, typically located at `/usr/share/OVMF/OVMF_VARS.fd` and place it somewhere with the rest of your virtual machine's files. You should keep these separate and unique for each virtual machine you wish to create. + +In my example script, make sure you replace `/path/to/your/ovmf/vars/image` to the path to your copy of `OVMF_VARS.fd` + +### Storage + + -drive if=virtio,file="$ROOT",format=qcow2 \ + +Next you need to create a virtual disk for your virtual machine. You can create this using the following command, replacing `32G` with the desired size of this disk. + + qemu-img create -f qcow2 myVirtualDisk.qcow2 32G + +In this example I use `if=virtio,` which provides better performance than the default drive type, however this will only work with linux guests which have the virtio module. **Remove this if you are using windows in your virtual machine** + +For your first boot, you may want to add the following before your primary virtual disk: + + -drive file="$ISO",media=cdrom + +Ensure that you have set the `ISO` and `ROOT` variables appropriately with the paths to the corresponding images. + +### Disabling virtual video output + +This next step is to ensure that qemu doesn't create a virtual VGA output for your virtual machine, nor opens a window, allowing this to be run from outside an X11 session + + -vga none + -nographic + -monitor stdio + -serial none + +### VFIO passthrough + +Next you need to find the pci ids for your device. Make sure you include all the relevant ones in your IOMMU group: + + -device vfio-pci,host="06:00.0" \ + -device vfio-pci,host="06:00.1" \ + -device vfio-pci,host="06:00.2" \ + -device vfio-pci,host="06:00.3" \ + +In this example, my PCI ids start with `06:00`, **make sure you change this for your setup.** + +### Network + +Next you want network for your virtual machine: + + -net nic,model=virtio -net user + +I use the virtio network card, which only works for Linux guests. **If you have a windows guest, do not include this line** this will use the default network card for qemu. + +### Audio + + -device ich9-intel-hda,addr=0x1b \ + -device hda-micro,audiodev=hda \ + -audiodev pa,id=hda,server=unix:$(pactl info | sed -rn 's/Server String: (.*)/\1/p') \ + +This creates a audio device for the virtual machine which connects to the currently running pulseaudio session of your client. + +You can omit this section if you wish to output audio through your PCI device. + +## Other tips and tricks + +### evdev mouse and keyboard passthrough + +Out of all of the methods of passthrough a keyboard and mouse, evdev is probably one of the best and most easiest. + +First you need to identify the input devices that linux creates for your keyboard and mouse. You can list them all using: + + ls /dev/input/by-id/ + +Identify the devices that you want to passthrough and find the ones containing `-event`. + +Then add the follow for each one as an argument to your qemu command. + + -object input-linux,id=*UNIQUE_ID*,evdev=/dev/input/by-id/*YOUR-DEVICE*,grab_all=on,repeat=on + +Then when your virtual machine is running, you will be able to switch to and from the host's control by pressing both left and right ctrl keys at the same time on your keyboard. + +### Running as an ordinary user + +To do this, I would recommend creating a group named `kvm` and adding your user to it. + + groupadd kvm + + usermod -a -G kvm *username* + +Next you will want to ensure that vfio devices have the correct permissions for the kvm group to use. In `/etc/udev/rules.d/10-vfio.rules`: + + SUBSYSTEM=="vfio", GROUP="kvm" + +Next you will probably want to increase memory limits for users of the kvm group, to allow them to allocate potentially GB for the virtual machine. To make things easier, you might want to just set this to the maximum number of megabytes available in the system. You can find this out using `free`, for example for a system with 8GB ram, its: `8100452` + +In `/etc/security/limits.d/99-memlock.conf` write: + + @kvm hard memlock 8100452 + @kvm soft memlock 8100452 + +You may need to reboot for these changes to take effect, especially ones relating to udev rules. + +### Using ddcutil to switch between monitor inputs + +Most monitors, other than laptop displays, have a Virtual Control Panel which can be controlled through i2c as per the Display Data Channel/ Command Interface Standard... DDC/CI + +Setting up ddcutil to work on your monitor will depend on a case to case basis depending on your monitor and video card. + +Depending on your monitor, you may need to enable DDC/CI in its settings. + +Make sure you have installed ddcutil and i2c-dev, again exact package names may vary. + +To detect the montors available, use `ddcutil detect`. If this doesn't work, ensure that the i2c-dev module is loaded. + +To enable the i2c module on load, you may need to add the following to `/etc/modules-load.d/i2c-dev.conf` + + i2c-dev + +To allow users of the i2c group to control i2c devices add the following to `/etc/udev/rules.d/10-i2c-group.rules`. Make sure you create this group and add your user to it. + + KERNEL=="i2c-[0-9]*", GROUP="i2c" + +Find out the Display number of your monitor using `ddcutil detect` +Next find the available inputs on this monitor: + + ddcutil -d $display_number capabilities + +Here you should be able to see `Feature: 60 (input source)`. Take note of hexadecimal values. + +You will be able to switch monitors using: + + ddcutil -d $display_number setvcp 60 0x$monitor_input_hex_value + +I have this bound to a hotkey using `sxhkd` so I can easily switch between inputs without having to reach over to buttons on my monitor.However you can configure this whichever way you want: for example, you can switch to the display output of your passthrough GPU when the virtual machine starts, and back when it shuts down. + +## Conclusion + +Hopefully, this guide has helped you set up a virtual machine with PCI passthrough. All thats left now is to install the software you want in your virtual machine and have fun. + +If there is anything that isn't clear in this guide, please contact me, or look at other guides if you need any help. The archwiki is a pretty good place to look if you are, *or aren't* using archlinux. + diff --git a/entries/ssh_forwarding.html b/entries/ssh_forwarding.html new file mode 100755 index 0000000..d068f54 --- /dev/null +++ b/entries/ssh_forwarding.html @@ -0,0 +1,94 @@ +#!./entries.sh + +# Permanent SSH Forwarding (Tutorial) + +Take this situation: you have a cheap (or even free), low-powered remote server and a considerably better homeserver with more storage and power. For certain services that require more power, you'd obviously want to run them on that homeserver. + +However, what if you don't want to, *or can't*, directly open ports onto your home network, or you if you simply want to keep all of your site to one IP? This is where SSH port forwarding comes in handy: using ssh to forward the open port from a service from your local server to the remote one, where it can be exposed to the rest of the internet. + +## SSH Remote Port Forwarding + +SSH remote port forwarding is built right into ssh itself, and is quite simple: + +``` +ssh -R 5505:localhost:4404 user@remote.host +``` + +When this command is run on the local server, it will: ++ create an ssh connection to the remote server, as per usual ++ open the port 5505 on the remote server, ++ all traffic on this port will be forwarded to port 4404 on the local server. + +This command by itself is already everything you'd need to forward most ports easily to your remote server, of course, remember to open the port on your remote server's firewall, if applicable. + +However to ensure that that port is exposed properly on the remote server, you'd want to make sure that it is listening to all external traffic. + +You can fix this by setting `GatewayPorts yes` in `/etc/ssh/sshd_config` on the remote server. (don't forget to restart sshd after editing the config) + +## Persistent ssh forwarding + +The above is all well and good, but you'd need to keep an interactive ssh connection up at all times, so the above isn't the most ideal solution. + +To get around this, you can create a service to run on the local server to forward requested ports from the remote server. + +To begin, I'd recommend creating two users, one on each server. For sake of example, lets all them `bridge`. I'd recommend to avoid giving these users passwords, that way they can only be accessed through key based authentication. Of course you will still be able to log into them as root using `su - bridge` + +Next you should create an ssh keypair on the local server (`ssh-keygen`) and place the contents of your public key into `.ssh/authorized_keys` on the remote. This will make sure only the local server can ssh into the remote using that key. + +Then, create a script for your ssh port forwarding. I placed mine directly in the home folder on my local server, though it only matters that the bridge user can execute it. In your script you *must* use the `-nT` flag on your ssh command. These will allow you to run this script as a service, by preventing a virtual terminal being allocated. (read `man ssh` for more info) + +Here is my example of a script that you could use: + + #!/bin/sh + + PORTS="8080 25565" + DEST="bridge@remote.host" + SSH_PORT="22" + IDENTITY_FILE="~/.ssh" + + /usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST + +Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble. + +### Systemd service + +Say that the script you made was `/home/bridge/tunnel.sh`, you should create a user service with systemd for the bridge user. + +To do this create the following file in `/home/bridge/.config/systemd/user/tunnel.service`: + + [Unit] + Description=SSH tunnel + + [Service] + ExecStart=/home/bridge/tunnel.sh + RestartSec=5 + Restart=always + KillMode=mixed + + [Install] + WantedBy=default.target + +Then enable and start the service with: `systemd --user enable tunnel.service` and `system --user start tunnel.service`. Ensure that it is running with `systemd --user status tunnel` + +## Forwarding ports smaller than 1024 + +As you may know, TCP/IP port numbers below 1024 are special in that normal users are not able to open, and hence forward from on the remote server. + +One solution to this is run a server on the remote that will proxy requests from port 80 to a different port (say port 8080). + +This can be achieved using `socat`. + +Say you forwarded traffic from port 8080 on remote to port 80 on local, you could then, on the remote server, run `sudo socat TCP-LISTEN:80,fork TCP:localhost:8080` to listen to traffic on port 80 and forward it to 8080, which will forward back to the local server. + +Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443: + + /usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443" + +However this command assumes that the remote user has access to sudo with **NO PASSWORD**. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands. + +## Video Tutorial + +Here is an example of how you can use this to host a webserver (or any other service) from anywhere: even a hotel room. + + +Credit: DenshiVideo diff --git a/entries/welcome.html b/entries/welcome.html new file mode 100755 index 0000000..5d34602 --- /dev/null +++ b/entries/welcome.html @@ -0,0 +1,11 @@ +#!./entries.sh + +# welcome + +welcome. i decided to turn this webpage into blog-style site... i havent got a topic or anything, so expect either: quality tutorials and very interesting techy things; or just random shitposts or rambles about things. + +originally i was going to make this blog on [b.davidovski.xyz](https://b.davidovski.xyz) using [nanoblogger](http://nanoblogger.sourceforge.net/) (you might be able to still see the start of that) but nb itself seemed quite dead, and i couldn't really be asked to customise it all myself. So i made my own script to generate this static site: [kblg](https://github.com/davidovski/kblg/). Right now its probably just the bare minimum needed for this, but I am planning to add more things to it as I go along (including rss, if anyone would be interested?) + +anyway thats all for now, cya + +~davidovski diff --git a/gif.py b/gif.py deleted file mode 100644 index 827f150..0000000 --- a/gif.py +++ /dev/null @@ -1,66 +0,0 @@ -import glob -import math -import random -from PIL import Image - - -def color(hex_value): - h = hex_value.lstrip('#') - while len(h) < 8: - h += "f" - return tuple(int(h[i:i+2], 16) for i in (0, 2, 4, 6)) - -def rgb_to_v(c): - r, g, b = c[0]/255.0, c[1]/255.0, c[2]/255.0 - mx = max(r, g, b) - v = mx*100 - return v - -replace = color("#f58f44") -colors = [ - color("#191919"), - color("#373b41"), - ] -colors2 = colors + [ - color("#f58f44") -] - -sorted(colors, key=rgb_to_v) -sorted(colors2, key=rgb_to_v) - -def make(filename, colors, inp=None): - p = len(colors) - w = int(128 / p) * p - h = int(128 / p) * p - - frames = [] - - for i in range(int(p*1*math.pi)): - if inp is None: - image = Image.new("RGBA", (w, h), colors[0]) - else: - image = Image.open(inp).convert("RGBA") - - for x in range(image.width): - for y in range(image.height): - f = 2 - r = random.randint(-f, f) - z = (i) - (y/(p/4)) + r - v = math.floor( (math.sin(z) + 1) * len(colors) * 0.5) - c = colors[v] - if inp is not None: - existing = image.getpixel((x, y)) - if existing[:3] == replace[:3]: - image.putpixel((x,y), c) - else: - image.putpixel((x,y), c) - - frames.append(image.convert("P")) - - - frames[0].save(filename, mode="P", format="GIF", append_images=frames[1:], save_all=True, duration=100, loop=0) - -make("dist/images/bg.gif", colors) -make("dist/images/remotecontrol.gif", colors2, inp="images/remotecontrol-small.png") - - diff --git a/git_repos.txt b/git_repos.txt deleted file mode 100644 index fcfa3fb..0000000 --- a/git_repos.txt +++ /dev/null @@ -1,10 +0,0 @@ -#https://git.davidovski.xyz/davidovski.git -#https://git.davidovski.xyz/xilinux/xibuild.git -#https://git.davidovski.xyz/xilinux/xipkg.git -#https://git.davidovski.xyz/dot.git -#https://github.com/davidovski/glsl-mandelbrot.git -#https://github.com/davidovski/dungeon-generator.git -#https://github.com/davidovski/chatroom.git -#https://github.com/davidovski/kblg.git -#https://github.com/davidovski/asteriods.git -#https://github.com/davidovski/anyscroll.git diff --git a/images/bg.gif b/images/bg.gif new file mode 100755 index 0000000..044324f --- /dev/null +++ b/images/bg.gif @@ -0,0 +1,2 @@ +#!/bin/sh +./gif.py diff --git a/images/gif.py b/images/gif.py new file mode 100755 index 0000000..26e8408 --- /dev/null +++ b/images/gif.py @@ -0,0 +1,70 @@ +#!/usr/bin/env python +import glob +import sys +import os +import math +import random +from PIL import Image + + +def color(hex_value): + h = hex_value.lstrip('#') + while len(h) < 8: + h += "f" + return tuple(int(h[i:i+2], 16) for i in (0, 2, 4, 6)) + +def rgb_to_v(c): + r, g, b = c[0]/255.0, c[1]/255.0, c[2]/255.0 + mx = max(r, g, b) + v = mx*100 + return v + +replace = color("#f58f44") +colors = [ + color("#191919"), + color("#373b41"), + ] + +def make(colors, inp=None): + p = len(colors) + w = int(128 / p) * p + h = int(128 / p) * p + + frames = [] + + for i in range(int(p*1*math.pi)): + if inp is None: + image = Image.new("RGBA", (w, h), colors[0]) + else: + image = Image.open(inp).convert("RGBA") + + for x in range(image.width): + for y in range(image.height): + f = 2 + r = random.randint(-f, f) + z = (i) - (y/(p/4)) + r + v = math.floor( (math.sin(z) + 1) * len(colors) * 0.5) + c = colors[v] + if inp is not None: + existing = image.getpixel((x, y)) + if existing[:3] == replace[:3]: + image.putpixel((x,y), c) + else: + image.putpixel((x,y), c) + + frames.append(image.convert("P")) + + + frames[0].save(sys.stdout, mode="P", format="GIF", append_images=frames[1:], save_all=True, duration=100, loop=0) + + +template = None +if len(sys.argv) > 1 and os.path.exists(sys.argv[1]): + template = sys.argv[1] + colors = colors + [ color("#f58f44") ] + +sorted(colors, key=rgb_to_v) +make(colors, inp=template) +#make("dist/images/remotecontrol.gif", colors2, inp="images/remotecontrol-small.png") + + diff --git a/images/remotecontrol.gif b/images/remotecontrol.gif new file mode 100755 index 0000000..5e73b92 --- /dev/null +++ b/images/remotecontrol.gif @@ -0,0 +1,2 @@ +#!/bin/sh +./gif.py remotecontrol-small.png diff --git a/index.html b/index.html new file mode 100755 index 0000000..080a484 --- /dev/null +++ b/index.html @@ -0,0 +1,43 @@ +#!./page.sh + +cat << EOF +
+
+ +

Hi, I'm david and this is my website.

+ +

if you want to contact me, you can message me on matrix @ix:davidovski.xyz.

+
+ +
+ +
+
+ +EOF + +cat << EOF +
+

blog posts

+ + +
+EOF diff --git a/mononoki.woff b/mononoki.woff new file mode 100644 index 0000000..939ec2a Binary files /dev/null and b/mononoki.woff differ diff --git a/new.sh b/new.sh index 9fce8a3..3a05034 100755 --- a/new.sh +++ b/new.sh @@ -5,9 +5,9 @@ TEMPFILE=/tmp/blog_entry.md $EDITOR $TEMPFILE -NAME=src/$(head -1 $TEMPFILE | cut -d" " -f2-).md +NAME=entries/$(head -1 $TEMPFILE | cut -d" " -f2-).html cp $TEMPFILE "$NAME" rm $TEMPFILE -./sync.sh +chmod +x $NAME diff --git a/page.sh b/page.sh new file mode 100755 index 0000000..69db1fb --- /dev/null +++ b/page.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# set a variable to avoid this template being repeated indefinitely + +cat << EOF + + + + + + + davidovski.xyz + + +
+
+ davidovski.xyz +
+ +
+
+ +EOF + +[ -z "$1" ] || /bin/sh $* + +cat << EOF +
+ + + +EOF diff --git a/resources/mononoki.woff b/resources/mononoki.woff deleted file mode 100644 index 939ec2a..0000000 Binary files a/resources/mononoki.woff and /dev/null differ diff --git a/resources/style.css b/resources/style.css deleted file mode 100644 index 47b7d40..0000000 --- a/resources/style.css +++ /dev/null @@ -1,160 +0,0 @@ -:root { - --fg: #f58F44; - --black: #707880; - --red: #cc6666; - --green: #b5bd68; - --yellow: #f0c674; - --blue: #5f819d; - --magenta: #b294bb; - --cyan: #b4d6d1; - --white: #c5c8c6; - --bg-light: #303030; - --bg: #191919; - --line: 2px; -} - - -@font-face { - font-family: mononoki; - src: url(mononoki.woff); -} - -body { - background-color: #303030; - background-image: url("/images/bg.gif"); - background-repeat: repeat; - background-attachment: fixed; - image-rendering: pixelated; - image-rendering: optimizeSpeed; - - - /*background-image: url("https://davidovski.xyz/images/bg.png");*/ - color: #f58f44; - font-family: mononoki; - font-size: 16px; - padding: 0; - margin: 0; -} - -img { - image-rendering: pixelated; - image-rendering: optimizeSpeed; -} - -a { - color: #5f819d; - text-decoration: none; -} - -a:hover { - color: #b4d6d1; - text-decoration: underline; -} - -h1 { - color: #c5c8c6; -} - -h2 { - color: #b4d6d1; -} - -h3 { - color: #5f819d; -} - - -.main { - background-color: #191919; - margin-top: 0; - margin-bottom: 0; - margin-left: auto; - margin-right: auto; - - width: 70%; - - padding: 2%; - height: 100%; - - border-left: 2px solid #f58f44; - border-right: 2px solid #f58f44; - border-bottom: 2px solid #f58f44; -} - -.header { - text-align: center; -} - -.links { - text-align: center justify; - text-justify: inter-word; - #white-space: nowrap; -} - -hr { - width: 100%; - border: 0; - border-bottom: 2px solid #f58f44; -} - -.title { - font-size: 45px; - color: #f58f44; -} - -.small { - font-size: 9px; - padding: 0; - color: #707880; -} - -a.red { - color: #cc6666; -} - -a.green { - color: #b5bd68; -} - -a.blue { - color: #5f819d; -} - -code { - background-color: #303030; - font-size: 16px; - font-family: mononoki; - word-wrap: break-word; - width: 100%; -} - -pre { - background-color: #303030; - white-space: pre-wrap; - padding: 5px; - border: 2px solid #f58f44; - -} - -.grid { - display: inline; -} - -.about { - width: auto; -} - -.image { - width: auto; - float: right; -} - -ul { - list-style-type: none; - margin-left: 0; - padding-left: 0; -} - -img { - width: 100%; -} diff --git a/rss.xml b/rss.xml new file mode 100755 index 0000000..d2ec426 --- /dev/null +++ b/rss.xml @@ -0,0 +1,33 @@ +#!/bin/sh + +cat << EOF + + + + + davidovski + https://davidovski.xyz + davidovski's site +EOF + +for entry in entries/*.html; do + title="$(grep '^# ' $entry)" + title=${title#\# } + + printf "\n" + printf "%s\n" "${title}" + printf "%s\n" "http://davidovski.xyz/$entry" + printf "%s\n" "$(stat -c %z "$entry")" + + + printf "\n" + + done + + +cat << EOF + + +EOF diff --git a/src/git_compile.md b/src/git_compile.md deleted file mode 100644 index 05176c0..0000000 --- a/src/git_compile.md +++ /dev/null @@ -1,15 +0,0 @@ -# Compiling files in a git repo - -So I decided to improve the way that that you can access some of the repos that I am hosting on this server, including the code that I use to compile the site itself. I quickly hacked together a bit of code in my existing [build.py](https://davidovski.xyz/git/davidovski/build.py.html) to clone a list of repos and go through and generate a html pages for each of the files in the repo. - -... - -Although this means that this is only a static view of the repo at any time (needing me to rebuild the site for it to update) I can easily add any git repo to be built into my site, so as you may see, I have added a few repos from my github as well. - -I tried using cgit, but it just didn't provide exactly what I wanted and I wasn't in the mood to try configuring it to my liking, so I opted for this approach instead. - -A way that I can improve it is to serve a http server that dynamically updates the repositories when new commits are added, which would probably be a better solution; but this works.. for now. - -If you want to view all of the repos that I've listed so far, click the link at the top of the page. (sorry that the index is still the default nginx autoindex, I will change that at some point), and feel free to check out how I did it in [build.py](https://davidovski.xyz/git/davidovski/build.py.html), though Im warning you, its probably some of the hackiest code i've put together. - -Tutorial on how to host your own git repos on your server and allow people to clone them with https may be coming soon diff --git a/src/librex.md b/src/librex.md deleted file mode 100644 index aec86a2..0000000 --- a/src/librex.md +++ /dev/null @@ -1,7 +0,0 @@ -# LibreX - a metasearch engine - -My instance: [search.davidovski.xyz](https://search.davidovski.xyz/) - -For a while now I have been using [SearX](https://github.com/searx/searx) as my search engine, a meta search engine that cumulates search results from multiple different sites. While this is a great idea in theory, making the best of all search engines through one *privacy respecting* interface, in reality it ends up meaning that search results are quite slow. Couple this with the fact that most SearX instances are hosted by volunteers, and often have downtime, I was in the situation where I was hopping between various instances to try and find ones that worked. I always wanted to self host one myself, but the whole system seemed very bloated and complicated, and honestly I just couldn't be bothered to mess around with it. - -That's where [LibreX](https://github.com/hnhx/librex) comes in, a very small and simple meta search engine. Its still in development, but currently it has just enough functionality to actually be somewhat useful. Currently it only really supports google searches, but it still is a good layer for privacy, since all of your queries are anonymised, with google only seeing that they came from LibreX. I am curious to see how well it will handle larger amounts of search queries and if Google will limit them or something. If you want to support development, feel free to use it, find bugs and request features: [View the github repo](https://github.com/hnhx/librex) diff --git a/src/pci_passthrough.md b/src/pci_passthrough.md deleted file mode 100644 index 75f169e..0000000 --- a/src/pci_passthrough.md +++ /dev/null @@ -1,274 +0,0 @@ -# PCI passthrough with qemu - -QEMU is a powerful free and open source emulator which when paired with kvm can be used to create almost bare-metal performance virtual machines. In this guide I will be detailing some tips and tricks to configuring a setup on your linux system to allow a PCI device (typically a graphics card) to be passed through to a virtual machine. - -... - -Countless guides already exist on this topic but they all rely on using virt-manager and other Redhat software, which, depending on your use case, may be completely overkill. This guide assumes that you will not be using the target GPU as a video output on your host machine from boot, so will only work in configurations where you are able to remote connect or where you have **multiple graphics cards**. However the process is mostly similar for single GPU passthrough, with extra steps if you want to bind and unbind display drivers from the host. - -This is a generic guide written to support any semi-standard Linux distributions, so adapt any instructions as you see fit to your current system. - -If you do not trust this guide or need any clarification, feel free to follow steps from other guides, or just skip to the tips at the bottom of this guide. - - -## Prerequisites - -Make sure that your motherboard is: -- supports hardware virtualisation -- supports IOMMU - -These options can be enabled within the motherboard's BIOS settings usually. - -You may also want a spare monitor or a monitor with multiple inputs so that you can switch between GPU outputs. - -Once you have enabled IOMMU, you will need to ensure that your PCI slot can actually be passed through. This is only possible if the GPU appears in its own single IOMMU group, with no other devices in that group. - -To list IOMMU groups, you may use this script from the [archwiki](https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF#Ensuring_that_the_groups_are_valid) - - #!/bin/bash - shopt -s nullglob - for g in $(find /sys/kernel/iommu_groups/* -maxdepth 0 -type d | sort -V); do - echo "IOMMU Group ${g##*/}:" - for d in $g/devices/*; do - echo -e "\t$(lspci -nns ${d##*/})" - done; - done; - -If you see that there PCI devices other than ones that correspond to your graphics card, then try using a different PCI slot. Unfortunately some motherboards don't have any isolated PCI slots, in this case you are out of luck; PCI passthrough will not be possible in this method. - - -## Setting up VFIO - -The core principle behind PCI passthrough is that you don't want the kernel from having any control over the device in the PCI slot. To do this, we tell the kernel to bind a *dummy driver* to the gpu so that when we want to pass it through to the VM, it is not in use. - -To do this, you want to find out the Device IDs of your PCI device, you can do this using the following command: - - lspci -nn - -Make sure take notes of all of the devices that appeared within the isolated IOMMU group from the previous stage. If you miss out any PCI devices, this will not work. IDs often look like this: `10de:13c2` - -Next add the following to your kernel's cmdline arguments. This can usually be found somewhere in your bootloaders settings, for example for GRUB, you can add it to `GRUB_CMDLINE_LINUX_DEFAULT=""` in `/etc/default/grub` - - vfio-pci.ids=*id1*,*id2* - -where *id1* and *id2* represent the ids that you collected in the previous step. - -Next you need to tell your initramfs (if applicable) to load the vfio modules. This is done to make sure that the vfio module is loaded and assigned to these pci devices *before* your video drivers. The process of doing this depends on your initramfs system: - -### Dracut - -in `/etc/dracut.conf.d/10-vfio.conf` - - force_drivers+=" vfio_pci vfio vfio_iommu_type1 vfio_virqfd " - -then rebuild your initramfs - - -### mkinitpcio - -in `/etc/mkinitcpio.conf` - - MODULES=(... vfio_pci vfio vfio_iommu_type1 vfio_virqfd ...) - -then rebuild your initramfs - -### booster - -in `/etc/booster.yaml` - - modules_force_load: vfio_pci,vfio,vfio_iommu_type1,vfio_virqfd - -then rebuild your initramfs - -## QEMU arguments and set-up - -In this guide I will be using qemu from the command line. I feel as if this is the easiest way to create virtual machines without any overhead, but you can use libvirt if you wish. - -Here is a script that use a to run a linux virtual machine, if you want to copy it blindly and not understand it, then thats alright, but I will include a description for each argument and why its used. - - #!/bin/sh - - ISO="/path/to/your/installer/iso" - ROOT="/path/to/your/virtual/disk" - OVMF_VARS="/path/to/your/ovmf/vars/image" - - - qemu-system-x86_64 \ - -enable-kvm \ - -m 8G \ - -smp 2 \ - -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF.fd \ - -drive if=pflash,format=raw,file="$OVMF_VARS" \ - -drive if=virtio,file="$ROOT",format=qcow2 \ - -vga none \ - -nographic \ - -monitor stdio \ - -serial none \ - -device vfio-pci,host="06:00.0" \ - -device vfio-pci,host="06:00.1" \ - -device vfio-pci,host="06:00.2" \ - -device vfio-pci,host="06:00.3" \ - -net nic,model=virtio -net user \ - -device ich9-intel-hda,addr=0x1b \ - -device hda-micro,audiodev=hda \ - -device ich9-intel-hda,addr=0x1b \ - -device hda-micro,audiodev=hda \ - -audiodev pa,id=hda,server=unix:$(pactl info | sed -rn 's/Server String: (.*)/\1/p') - -### Basic Parameters - - -enable-kvm - -This enables [KVM](https://www.linux-kvm.org/page/Main_Page) which improves performance and allows for *almost bare-metal* CPU performance. - - -m 8G - -Allocate 8 Gigabytes of memory to the virtual machine - - -smp 2 - -Allocate 2 CPU cores to the virtual machine - -### OVMF firmware - - -drive if=pflash,format=raw,readonly=on,file=/usr/share/OVMF/OVMF.fd \ - -drive if=pflash,format=raw,file="$OVMF_VARS" \ - -Most PCI cards require UEFI firmware to function properly. For this reason we will be using the OVMF firmware. You may need to install this on your system, typically the package is called ovmf, edk2-ovmf or something similar. Learn to use your package manager's search functionality to find it. - -Make a copy of the OVMF variables file, typically located at `/usr/share/OVMF/OVMF_VARS.fd` and place it somewhere with the rest of your virtual machine's files. You should keep these separate and unique for each virtual machine you wish to create. - -In my example script, make sure you replace `/path/to/your/ovmf/vars/image` to the path to your copy of `OVMF_VARS.fd` - -### Storage - - -drive if=virtio,file="$ROOT",format=qcow2 \ - -Next you need to create a virtual disk for your virtual machine. You can create this using the following command, replacing `32G` with the desired size of this disk. - - qemu-img create -f qcow2 myVirtualDisk.qcow2 32G - -In this example I use `if=virtio,` which provides better performance than the default drive type, however this will only work with linux guests which have the virtio module. **Remove this if you are using windows in your virtual machine** - -For your first boot, you may want to add the following before your primary virtual disk: - - -drive file="$ISO",media=cdrom - -Ensure that you have set the `ISO` and `ROOT` variables appropriately with the paths to the corresponding images. - -### Disabling virtual video output - -This next step is to ensure that qemu doesn't create a virtual VGA output for your virtual machine, nor opens a window, allowing this to be run from outside an X11 session - - -vga none - -nographic - -monitor stdio - -serial none - -### VFIO passthrough - -Next you need to find the pci ids for your device. Make sure you include all the relevant ones in your IOMMU group: - - -device vfio-pci,host="06:00.0" \ - -device vfio-pci,host="06:00.1" \ - -device vfio-pci,host="06:00.2" \ - -device vfio-pci,host="06:00.3" \ - -In this example, my PCI ids start with `06:00`, **make sure you change this for your setup.** - -### Network - -Next you want network for your virtual machine: - - -net nic,model=virtio -net user - -I use the virtio network card, which only works for Linux guests. **If you have a windows guest, do not include this line** this will use the default network card for qemu. - -### Audio - - -device ich9-intel-hda,addr=0x1b \ - -device hda-micro,audiodev=hda \ - -audiodev pa,id=hda,server=unix:$(pactl info | sed -rn 's/Server String: (.*)/\1/p') \ - -This creates a audio device for the virtual machine which connects to the currently running pulseaudio session of your client. - -You can omit this section if you wish to output audio through your PCI device. - -## Other tips and tricks - -### evdev mouse and keyboard passthrough - -Out of all of the methods of passthrough a keyboard and mouse, evdev is probably one of the best and most easiest. - -First you need to identify the input devices that linux creates for your keyboard and mouse. You can list them all using: - - ls /dev/input/by-id/ - -Identify the devices that you want to passthrough and find the ones containing `-event`. - -Then add the follow for each one as an argument to your qemu command. - - -object input-linux,id=*UNIQUE_ID*,evdev=/dev/input/by-id/*YOUR-DEVICE*,grab_all=on,repeat=on - -Then when your virtual machine is running, you will be able to switch to and from the host's control by pressing both left and right ctrl keys at the same time on your keyboard. - -### Running as an ordinary user - -To do this, I would recommend creating a group named `kvm` and adding your user to it. - - groupadd kvm - - usermod -a -G kvm *username* - -Next you will want to ensure that vfio devices have the correct permissions for the kvm group to use. In `/etc/udev/rules.d/10-vfio.rules`: - - SUBSYSTEM=="vfio", GROUP="kvm" - -Next you will probably want to increase memory limits for users of the kvm group, to allow them to allocate potentially GB for the virtual machine. To make things easier, you might want to just set this to the maximum number of megabytes available in the system. You can find this out using `free`, for example for a system with 8GB ram, its: `8100452` - -In `/etc/security/limits.d/99-memlock.conf` write: - - @kvm hard memlock 8100452 - @kvm soft memlock 8100452 - -You may need to reboot for these changes to take effect, especially ones relating to udev rules. - -### Using ddcutil to switch between monitor inputs - -Most monitors, other than laptop displays, have a Virtual Control Panel which can be controlled through i2c as per the Display Data Channel/ Command Interface Standard... DDC/CI - -Setting up ddcutil to work on your monitor will depend on a case to case basis depending on your monitor and video card. - -Depending on your monitor, you may need to enable DDC/CI in its settings. - -Make sure you have installed ddcutil and i2c-dev, again exact package names may vary. - -To detect the montors available, use `ddcutil detect`. If this doesn't work, ensure that the i2c-dev module is loaded. - -To enable the i2c module on load, you may need to add the following to `/etc/modules-load.d/i2c-dev.conf` - - i2c-dev - -To allow users of the i2c group to control i2c devices add the following to `/etc/udev/rules.d/10-i2c-group.rules`. Make sure you create this group and add your user to it. - - KERNEL=="i2c-[0-9]*", GROUP="i2c" - -Find out the Display number of your monitor using `ddcutil detect` -Next find the available inputs on this monitor: - - ddcutil -d $display_number capabilities - -Here you should be able to see `Feature: 60 (input source)`. Take note of hexadecimal values. - -You will be able to switch monitors using: - - ddcutil -d $display_number setvcp 60 0x$monitor_input_hex_value - -I have this bound to a hotkey using `sxhkd` so I can easily switch between inputs without having to reach over to buttons on my monitor.However you can configure this whichever way you want: for example, you can switch to the display output of your passthrough GPU when the virtual machine starts, and back when it shuts down. - -## Conclusion - -Hopefully, this guide has helped you set up a virtual machine with PCI passthrough. All thats left now is to install the software you want in your virtual machine and have fun. - -If there is anything that isn't clear in this guide, please contact me, or look at other guides if you need any help. The archwiki is a pretty good place to look if you are, *or aren't* using archlinux. - diff --git a/src/ssh_forwarding.md b/src/ssh_forwarding.md deleted file mode 100644 index 863c97f..0000000 --- a/src/ssh_forwarding.md +++ /dev/null @@ -1,94 +0,0 @@ -# Permanent SSH Forwarding (Tutorial) - -Take this situation: you have a cheap (or even free), low-powered remote server and a considerably better homeserver with more storage and power. For certain services that require more power, you'd obviously want to run them on that homeserver. - -However, what if you don't want to, *or can't*, directly open ports onto your home network, or you if you simply want to keep all of your site to one IP? This is where SSH port forwarding comes in handy: using ssh to forward the open port from a service from your local server to the remote one, where it can be exposed to the rest of the internet. - -... - -## SSH Remote Port Forwarding - -SSH remote port forwarding is built right into ssh itself, and is quite simple: - -``` -ssh -R 5505:localhost:4404 user@remote.host -``` - -When this command is run on the local server, it will: -+ create an ssh connection to the remote server, as per usual -+ open the port 5505 on the remote server, -+ all traffic on this port will be forwarded to port 4404 on the local server. - -This command by itself is already everything you'd need to forward most ports easily to your remote server, of course, remember to open the port on your remote server's firewall, if applicable. - -However to ensure that that port is exposed properly on the remote server, you'd want to make sure that it is listening to all external traffic. - -You can fix this by setting `GatewayPorts yes` in `/etc/ssh/sshd_config` on the remote server. (don't forget to restart sshd after editing the config) - -## Persistent ssh forwarding - -The above is all well and good, but you'd need to keep an interactive ssh connection up at all times, so the above isn't the most ideal solution. - -To get around this, you can create a service to run on the local server to forward requested ports from the remote server. - -To begin, I'd recommend creating two users, one on each server. For sake of example, lets all them `bridge`. I'd recommend to avoid giving these users passwords, that way they can only be accessed through key based authentication. Of course you will still be able to log into them as root using `su - bridge` - -Next you should create an ssh keypair on the local server (`ssh-keygen`) and place the contents of your public key into `.ssh/authorized_keys` on the remote. This will make sure only the local server can ssh into the remote using that key. - -Then, create a script for your ssh port forwarding. I placed mine directly in the home folder on my local server, though it only matters that the bridge user can execute it. In your script you *must* use the `-nT` flag on your ssh command. These will allow you to run this script as a service, by preventing a virtual terminal being allocated. (read `man ssh` for more info) - -Here is my example of a script that you could use: - - #!/bin/sh - - PORTS="8080 25565" - DEST="bridge@remote.host" - SSH_PORT="22" - IDENTITY_FILE="~/.ssh" - - /usr/bin/ssh -nNT $(echo $PORTS | awk -v host=$LOCALHOST '{for (i = 1; i <= NF; i++){ printf "-R %d:%s:%d ",$i,host,$i}}') -p $SSH_PORT -i $IDENTITY_FILE $DEST - -Next you'd want to run this script as a service. Check your distro's service system how to do this if you have any trouble. - -### Systemd service - -Say that the script you made was `/home/bridge/tunnel.sh`, you should create a user service with systemd for the bridge user. - -To do this create the following file in `/home/bridge/.config/systemd/user/tunnel.service`: - - [Unit] - Description=SSH tunnel - - [Service] - ExecStart=/home/bridge/tunnel.sh - RestartSec=5 - Restart=always - KillMode=mixed - - [Install] - WantedBy=default.target - -Then enable and start the service with: `systemd --user enable tunnel.service` and `system --user start tunnel.service`. Ensure that it is running with `systemd --user status tunnel` - -## Forwarding ports smaller than 1024 - -As you may know, TCP/IP port numbers below 1024 are special in that normal users are not able to open, and hence forward from on the remote server. - -One solution to this is run a server on the remote that will proxy requests from port 80 to a different port (say port 8080). - -This can be achieved using `socat`. - -Say you forwarded traffic from port 8080 on remote to port 80 on local, you could then, on the remote server, run `sudo socat TCP-LISTEN:80,fork TCP:localhost:8080` to listen to traffic on port 80 and forward it to 8080, which will forward back to the local server. - -Here is an example of this in practice, forwarding port 80 and 443, by forwarding ports 8080 and 8443: - - /usr/bin/ssh -nT -R 8443:localhost:443 -R 8080:localhost:80 -i $IDENTITY_FILE -p $SSH_PORT $DEST "(sudo socat TCP-LISTEN:80,fork TCP:localhost:8080) & sudo socat TCP-LISTEN:443,fork TCP:localhost:8443" - -However this command assumes that the remote user has access to sudo with **NO PASSWORD**. Alternatively you could create a similar service (this time as a system service) on the remote server running the socat commands. - -## Video Tutorial - -Here is an example of how you can use this to host a webserver (or any other service) from anywhere: even a hotel room. - - -Credit: DenshiVideo diff --git a/src/welcome.md b/src/welcome.md deleted file mode 100644 index c9bf751..0000000 --- a/src/welcome.md +++ /dev/null @@ -1,9 +0,0 @@ -# welcome - -welcome. i decided to turn this webpage into blog-style site... i havent got a topic or anything, so expect either: quality tutorials and very interesting techy things; or just random shitposts or rambles about things. - -originally i was going to make this blog on [b.davidovski.xyz](https://b.davidovski.xyz) using [nanoblogger](http://nanoblogger.sourceforge.net/) (you might be able to still see the start of that) but nb itself seemed quite dead, and i couldn't really be asked to customise it all myself. So i made my own script to generate this static site: [kblg](https://github.com/davidovski/kblg/). Right now its probably just the bare minimum needed for this, but I am planning to add more things to it as I go along (including rss, if anyone would be interested?) - -anyway thats all for now, cya - -~davidovski diff --git a/style.css b/style.css new file mode 100644 index 0000000..47b7d40 --- /dev/null +++ b/style.css @@ -0,0 +1,160 @@ +:root { + --fg: #f58F44; + --black: #707880; + --red: #cc6666; + --green: #b5bd68; + --yellow: #f0c674; + --blue: #5f819d; + --magenta: #b294bb; + --cyan: #b4d6d1; + --white: #c5c8c6; + --bg-light: #303030; + --bg: #191919; + --line: 2px; +} + + +@font-face { + font-family: mononoki; + src: url(mononoki.woff); +} + +body { + background-color: #303030; + background-image: url("/images/bg.gif"); + background-repeat: repeat; + background-attachment: fixed; + image-rendering: pixelated; + image-rendering: optimizeSpeed; + + + /*background-image: url("https://davidovski.xyz/images/bg.png");*/ + color: #f58f44; + font-family: mononoki; + font-size: 16px; + padding: 0; + margin: 0; +} + +img { + image-rendering: pixelated; + image-rendering: optimizeSpeed; +} + +a { + color: #5f819d; + text-decoration: none; +} + +a:hover { + color: #b4d6d1; + text-decoration: underline; +} + +h1 { + color: #c5c8c6; +} + +h2 { + color: #b4d6d1; +} + +h3 { + color: #5f819d; +} + + +.main { + background-color: #191919; + margin-top: 0; + margin-bottom: 0; + margin-left: auto; + margin-right: auto; + + width: 70%; + + padding: 2%; + height: 100%; + + border-left: 2px solid #f58f44; + border-right: 2px solid #f58f44; + border-bottom: 2px solid #f58f44; +} + +.header { + text-align: center; +} + +.links { + text-align: center justify; + text-justify: inter-word; + #white-space: nowrap; +} + +hr { + width: 100%; + border: 0; + border-bottom: 2px solid #f58f44; +} + +.title { + font-size: 45px; + color: #f58f44; +} + +.small { + font-size: 9px; + padding: 0; + color: #707880; +} + +a.red { + color: #cc6666; +} + +a.green { + color: #b5bd68; +} + +a.blue { + color: #5f819d; +} + +code { + background-color: #303030; + font-size: 16px; + font-family: mononoki; + word-wrap: break-word; + width: 100%; +} + +pre { + background-color: #303030; + white-space: pre-wrap; + padding: 5px; + border: 2px solid #f58f44; + +} + +.grid { + display: inline; +} + +.about { + width: auto; +} + +.image { + width: auto; + float: right; +} + +ul { + list-style-type: none; + margin-left: 0; + padding-left: 0; +} + +img { + width: 100%; +} diff --git a/sync.sh b/sync.sh deleted file mode 100755 index 86adc3f..0000000 --- a/sync.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -rsync -Lta --no-perms --no-owner --no-group --delete --exclude=sync.sh -z -e ssh ./dist/ cheetah.remote:/srv/www/davidovski/html -ssh -t cheetah.remote "ln -s /srv/shared/site/* /srv/www/davidovski/html/" -# git push # push after everything to keep it all backed up diff --git a/templates/about.html b/templates/about.html deleted file mode 100644 index e0bc58c..0000000 --- a/templates/about.html +++ /dev/null @@ -1,20 +0,0 @@ - -
-
- -

Hi, I'm david and this is my website.

-

This site is still under construction... permanently. So expect it to look better (or worse) in the future.

- -

if you want to contact me, you can message me on matrix @iksv:monero.social.

-
- -
- -
-
- -
-

blog posts

- %posts% -
- diff --git a/templates/file.html b/templates/file.html deleted file mode 100644 index 19048c3..0000000 --- a/templates/file.html +++ /dev/null @@ -1,7 +0,0 @@ -

%filename%

- -

%commit%

- -%content% - -

Clone this repo: git clone %url%

diff --git a/templates/item.xml b/templates/item.xml deleted file mode 100644 index 5864b7f..0000000 --- a/templates/item.xml +++ /dev/null @@ -1,6 +0,0 @@ - - %name% - %url% - %date% - - diff --git a/templates/page.html b/templates/page.html deleted file mode 100644 index a8a3e97..0000000 --- a/templates/page.html +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - davidovski.xyz - - -

-
- davidovski.xyz -
- -
-
- - %content% -
- - - diff --git a/templates/rss.xml b/templates/rss.xml deleted file mode 100644 index 58e206d..0000000 --- a/templates/rss.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - - davidovski - https://davidovski.xyz - davidovski's site - %items% - - diff --git a/templates/summary.html b/templates/summary.html deleted file mode 100644 index 483763f..0000000 --- a/templates/summary.html +++ /dev/null @@ -1,6 +0,0 @@ -
  • - -
    %date%
    - %title% -
    -
  • -- cgit v1.2.1