vault backup: 2023-08-26 11:35:12

IT/Setting up SSH keys.md

@@ -0,0 +1,59 @@
+#documentation 
+## Terms
+The following terms should be standardized across the document.
+#### Client
+- The user side local computer that connects *to* a remote host, typically a server. 
+- This side has the **private key**, which you should keep secure
+- The private key decrypts data
+#### Server
+- The remote computer that the client connects to. 
+- This side has the **public key**, which doesn't need to be secure
+- The public key encrypts data
+
+## SSH Keypairs
+SSH keypair authentication relies on asymmetrical encryption, and is only used for authentication. Once they exchange the needed info, they use the Diffie-Hellman Key Exchange Algorithm to create a symmetrical key(can decrypt and encrypt). This is used to encrypt the rest of the session.
+
+
+## Setup
+1. Generate an SSH keypair from the *client* with:
+   ```
+   ssh-keygen -t ed25519
+   ```
+- Note: while ed25519 encryption is much more secure than rsa4096, it's not universally supported. When using older versions of OpenSSH, generate a key with `ssh-keygen -t rsa -b 4096` to generate an rsa4096 keypair. This should be compatible with almost every implementation of SSH. 
+2. Follow the prompts onscreen:
+   - You will be asked where to save the key, the default location is typically correct(`~/.ssh/KEYNAME`) where `KEYNAME` is the name of your keypair. 
+   - You will then be prompted for a password. This password is used alongside the keypair, and is optional(leave blank if you want passwordless login)
+3. Copying the public key to the server
+- There should now be two files in `~/.ssh` with the format `id_ENCRYPTIONMETHOD` and `id_ENCRYPTIONMETHOD.pub` (EG: `id_ed25519` and `id_ed25519.pub`)
+```
+ssh-copy-id USERNAME@SERVERADDRESS
+```
+- EG: `ssh-copy-id foo@192.168.0.10`
+- Restart the SSH daemon, and test for functionality
+
+If you're unable to use `ssh-copy-id`, append the contents of your `pubkey` file to `~/.ssh/authorized_keys`, you may need to create the file if if one is not there.
+## Further Configuration
+
+### Disabling password based login
+1. Edit `/etc/ssh/sshd_config` to have an uncommented line that says:
+```
+   PasswordAuthenntication no
+```
+   - This will prevent clients from logging on with a password entirely, unless the SSH key was configured with a passcode.
+   - Reload the SSH daemon.
+
+### Storing keys on github
+1. See https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account about adding keys, access public keys at `https://github.com/USERNAME.keys`
+   - You can then add public keys to your server with `curl https://github.com/USERNAME.keys | tee -a ~/.ssh/authorized_keys`
+   - A similar method should exist across most git clients.
+---
+
+
+## Further Reading
+- https://www.hostinger.com/tutorials/ssh
+- https://www.hostinger.com/tutorials/ssh-tutorial-how-does-ssh-work
+- https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys
+
+
+
+

IT/Setting up a Minecraft server.md

@@ -0,0 +1,103 @@
+# Preamble
+*This guide assumes some basic knowledge of Linux and package managers.*
+
+At minimum, a minecraft server requires Java, the [minecraft server jar](https://www.minecraft.net/en-us/download/server) or an alternative server (spigot, lithium), and the ability to port forward and allow programs through your firewall.
+
+# Installing Java
+As of 2023-07, Minecraft requires Java 17 to run version 1.20.1. You may need to look for a later version. Don't install the default version of Java in the repos of your chosen distro, it's very often out of date, and probably won't work with minecraft. You're going to look for any package that contains the JRE (Java Runtime Environment) or JDK (Java Development Kit). Both contain the Java Virtual Machine (JVM) and the ability to run Java programs. I like AdoptOpenJDK, but any distribution of Java that fits the version requirements will work sufficiently. 
+
+- Prior to installation, be sure to remove a java installation if it exists on your system. You can see if java is present on your distro with `java --version`.
+
+The format of the install command will change depending on the Java version, distro repositories and package manager, but this is what you'd run to install Java 17 on Debian 12:
+```sh
+sudo apt install openjdk-17-jre-headless
+```
+
+# Setting up a location for the server
+I like to have the minecraft server jar in `/opt/minecraft` (`/opt` is for non-user specific programs that don't go in any of the `/bin` folders), accessible by a `minecraft` group.
+
+```sh
+# Make a new folder named `minecraft` in `/opt`
+sudo mkdir /opt/minecraft
+# Create a new group named `minecraft`
+sudo groupadd minecraft
+# Add your user to it (You may need to reload your user session)
+sudo usermod -aG minecraft your-username-here
+# Make it so that the minecraft group owns that folder
+sudo chgrp minecraft /opt/minecraft
+# Make it so that:
+# The user that owns the folder has read, write, and execute perms
+# The group that owns the folder has read, write, and execute perms
+# Anyone not in the above categories can read, but not write or execute
+sudo chmod 775 /opt/minecraft
+```
+
+Downloading the server jar into `/opt/minecraft`:
+```
+cd /opt/minecraft
+# Go to https://www.minecraft.net/en-us/download/server,
+# and copy the link for "Download server.[version].jar:
+wget https://piston-data.mojang.com/v1/objects/84194a2f286ef7c14ed7ce0090dba59902951553/server.jar
+# If you get permisison denied errors, the filesystem permissions for /opt/minecraft are
+# not set correctly, check those with `ls -lah` and learn stuff
+```
+
+# Starting the server
+```
+# -jar means that you want to run a jarfile (something with the .jar) extension
+# -Xmx is the maximum amount of memory your server will be allowed to use
+# -Xms is the amount of memory your server will be allocated when it starts
+# these two take values in format of NUMBERUNIT, so 3G would be 3 gigabytes, 
+# 512M would be 512 megabytes
+# server.jar is the name of the server you just downloaded
+# nogui is a commandline argument passed to the server that says
+# to start without a gui
+java -jar -XmX4G -Xms512M server.jar nogui
+```
+The first time you will get an error about an EULA, you need to look for `EULA.txt` in the same directory as the server jar, and edit the file with a text editor (`vim`, `nano`) to agree. Run it again, and you should see it generating the world
+
+# Allowing minecraft through the firewall
+This may or may not be needed, depending on your distro, and the command syntax will vary slightly depending on the distro.
+iptables:
+```
+iptables -A INPUT -p tcp --dport 25565 -j ACCEPT
+```
+
+# Deploying Minecraft as a systemd service
+This enables minecraft to run in the background, restart if it crashes, etc etc.
+
+In `/etc/systemd/system`, place this file and tailor it to your liking.
+```
+[Unit]
+Description=Minecraft Server
+# I don't know what these mean I'm getting them from here:
+# https://gist.github.com/dotStart/ea0455714a0942474635
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+# If wanted, you can set a particular group or user to run the service under
+# User=foo
+# Group=bar
+
+# Where you want the command to be run
+WorkingDirectory=/opt/minecraft
+# This command is run when the service is started
+ExecStart=/usr/bin/java -Xmx8G -Xms3g -jar /path/to/server.jar nogui
+```
+
+Then run `sudo sytemctl enable minecraft.service` to have the server start up when the server is rebooted.
+
+## Utility systemctl commands
+```
+# start the server
+sudo systemctl start minecraft.service
+# restart the server
+sudo systemctl restart minecraft.service
+# check the top few logs and whether or not the service is running
+sudo systemctl status minecraft.service
+# watch the logs (f for follow output, u for unit)
+sudo journalctl -f -u minecraft.service
+```
+
+// TODO: https://unix.stackexchange.com/questions/612137/how-to-write-to-stdin-of-a-service