initial commit
This commit is contained in:
commit
60e23cdef6
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
title: "{{ replace .Name "-" " " | title }}"
|
||||
date: {{ .Date }}
|
||||
draft: true
|
||||
---
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
baseURL = "https://blog.tastytea.de/"
|
||||
languageCode = "en"
|
||||
title = "tastyteablog"
|
||||
theme = [ "tastytea", "slick" ]
|
||||
copyright = "CC BY-NC 4.0"
|
||||
|
||||
pygmentsCodefences = true
|
||||
pygmentsCodeFencesGuessSyntax = false
|
||||
pygmentsUseClasses = true
|
||||
canonifyURLs = false
|
||||
Paginate = 10
|
||||
PaginatePath = "page"
|
||||
|
||||
[params]
|
||||
subtitle = "I write things here."
|
||||
favicon = "img/favicon.png"
|
||||
datefmt = "2006-01-02"
|
||||
showfullcontent = true
|
||||
opengraph = true
|
||||
|
||||
[taxonomies]
|
||||
tags = "tags"
|
||||
|
||||
[author]
|
||||
name = "tastytea"
|
||||
email = "tastytea@tastytea.de"
|
||||
|
||||
[menu]
|
||||
[[menu.main]]
|
||||
identifier = "post"
|
||||
name = "Posts"
|
||||
url = "/posts/"
|
||||
weight = 1
|
||||
|
||||
[[menu.main]]
|
||||
identifier = "tags"
|
||||
name = "Tags"
|
||||
url = "/tags/"
|
||||
weight = 2
|
||||
|
||||
[[menu.main]]
|
||||
identifier = "rss"
|
||||
name = "RSS"
|
||||
url = "/index.xml"
|
||||
weight = 3
|
||||
|
||||
[[menu.footer]]
|
||||
name = "Website"
|
||||
url = "https://tastytea.de/"
|
||||
weight = 1
|
||||
|
||||
[[menu.footer]]
|
||||
name = "Sourcecode"
|
||||
url = "https://schlomp.space/tastytea"
|
||||
weight = 2
|
||||
|
||||
[[menu.footer]]
|
||||
name = "Fediverse"
|
||||
url = "https://likeable.space/users/tastytea"
|
||||
weight = 3
|
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
title: "Using AsciiDoc(tor) with Gitea"
|
||||
description: "How to add AsciiDoc support to Gitea."
|
||||
date: 2019-01-26T13:03:36+01:00
|
||||
draft: false
|
||||
tags:
|
||||
- asciidoc
|
||||
- gitea
|
||||
---
|
||||
|
||||
In this blogpost I describe what I did to get AsciiDoc support into
|
||||
https://gitea.io/[Gitea]. If you want more than syntax highlighting and basic
|
||||
formatting, Gitea has to be patched unfortunately(this
|
||||
https://github.com/go-gitea/gitea/issues/4935[issue] has already been reported).
|
||||
But I think most people will only need to edit 1 configuration file and are
|
||||
done.
|
||||
|
||||
== Asciidoctor or AsciiDoc?
|
||||
|
||||
https://asciidoctor.org/[Asciidoctor] has inbuilt support for
|
||||
https://highlightjs.org/[highlight.js], the solution Gitea
|
||||
uses and is therefore the best choice in most scenarios. If you can't or don't
|
||||
want to use it you can use http://asciidoc.org/[AsciiDoc].
|
||||
|
||||
Add the following section to `conf/app.ini` in your Gitea path. The change
|
||||
causes `.adoc` files to be rendered with asciidoctor.
|
||||
|
||||
----
|
||||
{{< highlight ini >}}[markup.asciidoc]
|
||||
ENABLED = true
|
||||
; List of file extensions that should be rendered by an external command
|
||||
FILE_EXTENSIONS = .adoc,.asciidoc
|
||||
; External command to render all matching extensions
|
||||
RENDER_COMMAND = "asciidoctor --backend=html5 --no-header-footer --attribute source-highlighter=highlightjs --out-file=- -"
|
||||
; Don't pass the file on STDIN, pass the filename as argument instead.
|
||||
IS_INPUT_FILE = false{{< / highlight >}}
|
||||
----
|
||||
|
||||
If you want to use asciidoc instead the command would be:
|
||||
`asciidoc --backend=xhtml11 --no-header-footer --attribute
|
||||
source-highlighter=highlight --out-file=- -`. I would choose the `xhtml11`
|
||||
backend because it is the only one that encloses code snippets with `<code>`
|
||||
tags. Instead of
|
||||
http://www.andre-simon.de/doku/highlight/en/highlight.html[highlight] you can
|
||||
use http://www.gnu.org/software/src-highlite/[source-highlight] or
|
||||
http://pygments.org/[Pygments].
|
||||
|
||||
If you use asciidoctor and don't need tables or other fancy stuff you're now
|
||||
done! If you use asciidoc, you'll have to patch Gitea to get syntax
|
||||
highlighting.
|
||||
|
||||
== Patching Gitea
|
||||
|
||||
The sanitizer strips almost all attributes from HTML-tags, as a security
|
||||
precaution. I've added exceptions for:
|
||||
|
||||
* `class` attributes on all the tags Asciidoctor introduces,
|
||||
* Numerous attributes on `table` tags,
|
||||
* `align` and `valign` on `td` tags,
|
||||
* `style` attributes on `span` tags, but only if they contain nothing more than
|
||||
color and font definitions.
|
||||
|
||||
If you use Asciidoctor with highlight.js output, you don't need to allow `style`
|
||||
attributes, if you don't use tables you can omit the lines that deal with them
|
||||
and the `class` exception is only useful if you add custom CSS to use them.
|
||||
|
||||
Apply the patch with `patch -p1 < gitea_relax-sanitizer.patch`.
|
||||
|
||||
----
|
||||
{{< highlight diff >}}diff -ur a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go
|
||||
--- a/modules/markup/sanitizer.go 2019-01-26 16:04:56.014108339 +0100
|
||||
+++ b/modules/markup/sanitizer.go 2019-01-26 16:03:21.776401012 +0100
|
||||
@@ -38,6 +38,16 @@
|
||||
|
||||
// Custom URL-Schemes
|
||||
sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
|
||||
+ // Allow style on span tags
|
||||
+ sanitizer.policy.AllowAttrs("style").Matching(regexp.MustCompile(`^(background-)?color:[^;]+(; ?font[^;]+)?;?$`)).OnElements("span")
|
||||
+
|
||||
+ // Allow class attribute
|
||||
+ sanitizer.policy.AllowAttrs("class").OnElements("code", "pre", "span", "div", "p", "table", "td")
|
||||
+
|
||||
+ // Allow table attributes
|
||||
+ sanitizer.policy.AllowAttrs("width", "frame", "rules", "cellspacing", "cellpadding").OnElements("table")
|
||||
+ sanitizer.policy.AllowAttrs("width").OnElements("col")
|
||||
+ sanitizer.policy.AllowAttrs("align", "valign").OnElements("td")
|
||||
})
|
||||
}{{< / highlight >}}
|
||||
----
|
||||
|
||||
== Tables without borders
|
||||
|
||||
I used tables without borders in a manpage I wrote for the list of options.
|
||||
Gitea insist on drawing borders around them, so I had to create a custom CSS
|
||||
snippet.
|
||||
|
||||
In your Gitea directory, create `custom/templates/custom/header.tmpl`.
|
||||
|
||||
----
|
||||
{{< highlight css >}}<style>
|
||||
/* Additions for asciidoc */
|
||||
.markdown:not(code) table.frame-none
|
||||
{
|
||||
border: 0 !important;
|
||||
}
|
||||
.markdown:not(code) table.grid-none *
|
||||
{
|
||||
border: 0 !important;
|
||||
}
|
||||
</style>{{< / highlight >}}
|
||||
----
|
|
@ -0,0 +1,152 @@
|
|||
---
|
||||
title: "WireGuard VPN with 2 or more subnets"
|
||||
description: "How to connect 2 subnets with WireGuard."
|
||||
date: 2019-02-14T21:38:28+01:00
|
||||
draft: false
|
||||
tags:
|
||||
- wireguard
|
||||
- vpn
|
||||
---
|
||||
|
||||
I wanted to create a https://en.wikipedia.org/wiki/WireGuard[WireGuard] VPN with
|
||||
2 subnets in different physical places, each with their own server. I couldn't
|
||||
find an example how to do that, so I wrote this one.
|
||||
|
||||
== Introduction
|
||||
|
||||
I'm going to use the IP range `fd69::/48` for the VPN, `fd69:0:0:1::/64` for
|
||||
subnet 1 and `fd69:0:0:2::/64` for subnet 2. I'm going to call the server of
|
||||
subnet 1 `server1`, its first client `client1a`, the second one `client1b` and
|
||||
so on.
|
||||
|
||||
All clients in subnet 1 will connect to `server1` and all clients in subnet 2
|
||||
will connect to `server2`. `server1` and `server2` will be connected. If
|
||||
`client1a` wants to connect to `client2a`, the route will be:
|
||||
`client1a → server1 → server2 → client2a`.
|
||||
|
||||
== Preparations
|
||||
|
||||
https://www.wireguard.com/install/[Install WireGuard], create `/etc/wireguard`
|
||||
and generate a key-pair on each participating peer.
|
||||
|
||||
----
|
||||
{{< highlight sh >}}
|
||||
mkdir /etc/wireguard
|
||||
cd /etc/wireguard
|
||||
umask 077
|
||||
wg genkey | tee privatekey | wg pubkey > publickey
|
||||
{{< / highlight >}}
|
||||
----
|
||||
|
||||
== Configure servers
|
||||
|
||||
.`server1:/etc/wireguard/wg0.conf`:
|
||||
----
|
||||
{{< highlight cfg >}}
|
||||
# This peer
|
||||
[Interface]
|
||||
Address = fd69:0:0:1::1/48
|
||||
PrivateKey = <PRIVATE KEY OF server1>
|
||||
ListenPort = 51820
|
||||
|
||||
# Server of subnet 2
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF server2>
|
||||
Endpoint = server2:51820
|
||||
AllowedIPs = fd69:0:0:2::/64
|
||||
|
||||
# Clients of subnet 1
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF client1a>
|
||||
AllowedIPs = fd69:0:0:1::a/128
|
||||
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF client1b>
|
||||
AllowedIPs = fd69:0:0:1::b/128
|
||||
{{< / highlight >}}
|
||||
----
|
||||
|
||||
.`server2:/etc/wireguard/wg0.conf`:
|
||||
----
|
||||
{{< highlight cfg >}}
|
||||
# This peer
|
||||
[Interface]
|
||||
Address = fd69:0:0:2::1/48
|
||||
PrivateKey = <PRIVATE KEY OF server2>
|
||||
ListenPort = 51820
|
||||
|
||||
# Server of subnet 1
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF server1>
|
||||
Endpoint = server1:51820
|
||||
AllowedIPs = fd69:0:0:1::/64
|
||||
|
||||
# Clients of subnet 2
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF client2a>
|
||||
AllowedIPs = fd69:0:0:2::a/128
|
||||
{{< / highlight >}}
|
||||
----
|
||||
|
||||
== Configure clients
|
||||
|
||||
.`client1a:/etc/wireguard/wg0.conf`:
|
||||
----
|
||||
{{< highlight cfg >}}
|
||||
[Interface]
|
||||
Address = fd69:0:0:1::a/48
|
||||
PrivateKey = <PRIVATE KEY OF client1a>
|
||||
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF server1>
|
||||
Endpoint = server1:51820
|
||||
AllowedIPs = fd69::/48
|
||||
PersistentKeepalive = 25
|
||||
{{< / highlight >}}
|
||||
----
|
||||
|
||||
.`client1b:/etc/wireguard/wg0.conf`:
|
||||
----
|
||||
{{< highlight cfg >}}
|
||||
[Interface]
|
||||
Address = fd69:0:0:1::b/48
|
||||
PrivateKey = <PRIVATE KEY OF client1b>
|
||||
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF server1>
|
||||
Endpoint = server1:51820
|
||||
AllowedIPs = fd69::/48
|
||||
PersistentKeepalive = 25
|
||||
{{< / highlight >}}
|
||||
----
|
||||
|
||||
.`client2a:/etc/wireguard/wg0.conf`:
|
||||
----
|
||||
{{< highlight cfg >}}
|
||||
[Interface]
|
||||
Address = fd69:0:0:2::a/48
|
||||
PrivateKey = <PRIVATE KEY OF client2a>
|
||||
|
||||
[Peer]
|
||||
PublicKey = <PUBLIC KEY OF server2>
|
||||
Endpoint = server1:51820
|
||||
AllowedIPs = fd69::/48
|
||||
PersistentKeepalive = 25
|
||||
{{< / highlight >}}
|
||||
----
|
||||
|
||||
The `AllowedIPs` setting acts as a routing table. When a peer tries to send a
|
||||
packet to an IP, it will check `AllowedIPs`, and if the IP appears in the list,
|
||||
it will send it through the WireGuard interface.
|
||||
|
||||
The `PersistentKeepalive` setting ensures that the connection is maintained and
|
||||
that the peer continues to be reachable, even behind a NAT.
|
||||
|
||||
== Start VPN
|
||||
|
||||
Run `wg-quick up wg0` on each peer.
|
||||
|
||||
== Further reading
|
||||
|
||||
The article https://www.stavros.io/posts/how-to-configure-wireguard/[How to easily configure WireGuard]
|
||||
by Stavros Korokithakis helped me a great deal in understanding WireGuard.
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue