initial commit

archetypes/default.md

@@ -0,0 +1,6 @@
+---
+title: "{{ replace .Name "-" " " | title }}"
+date: {{ .Date }}
+draft: true
+---
+

config.toml

@@ -0,0 +1,60 @@
+baseURL = "https://blog.tastytea.de/"
+languageCode = "en"
+title = "tastyteablog"
+theme = [ "tastytea", "slick" ]
+copyright = "CC BY-NC 4.0"
+
+pygmentsCodefences = true
+pygmentsCodeFencesGuessSyntax = false
+pygmentsUseClasses = true
+canonifyURLs = false
+Paginate = 10
+PaginatePath = "page"
+
+[params]
+    subtitle = "I write things here."
+    favicon = "img/favicon.png"
+    datefmt = "2006-01-02"
+    showfullcontent = true
+    opengraph = true
+
+[taxonomies]
+    tags = "tags"
+
+[author]
+    name = "tastytea"
+    email = "tastytea@tastytea.de"
+
+[menu]
+    [[menu.main]]
+        identifier = "post"
+        name = "Posts"
+        url = "/posts/"
+        weight = 1
+
+    [[menu.main]]
+        identifier = "tags"
+        name = "Tags"
+        url = "/tags/"
+        weight = 2
+
+    [[menu.main]]
+        identifier = "rss"
+        name = "RSS"
+        url = "/index.xml"
+        weight = 3
+
+    [[menu.footer]]
+        name = "Website"
+        url = "https://tastytea.de/"
+        weight = 1
+
+    [[menu.footer]]
+        name = "Sourcecode"
+        url = "https://schlomp.space/tastytea"
+        weight = 2
+
+    [[menu.footer]]
+        name = "Fediverse"
+        url = "https://likeable.space/users/tastytea"
+        weight = 3

content/posts/using-asciidoc-with-gitea.adoc

@@ -0,0 +1,111 @@
+---
+title: "Using AsciiDoc(tor) with Gitea"
+description: "How to add AsciiDoc support to Gitea."
+date: 2019-01-26T13:03:36+01:00
+draft: false
+tags:
+- asciidoc
+- gitea
+---
+
+In this blogpost I describe what I did to get AsciiDoc support into
+https://gitea.io/[Gitea]. If you want more than syntax highlighting and basic
+formatting, Gitea has to be patched unfortunately(this 
+https://github.com/go-gitea/gitea/issues/4935[issue] has already been reported).
+But I think most people will only need to edit 1 configuration file and are
+done.
+
+== Asciidoctor or AsciiDoc?
+
+https://asciidoctor.org/[Asciidoctor] has inbuilt support for
+https://highlightjs.org/[highlight.js], the solution Gitea
+uses and is therefore the best choice in most scenarios. If you can't or don't
+want to use it you can use http://asciidoc.org/[AsciiDoc].
+
+Add the following section to `conf/app.ini` in your Gitea path. The change
+causes `.adoc` files to be rendered with asciidoctor.
+
+----
+{{< highlight ini >}}[markup.asciidoc]
+ENABLED = true
+; List of file extensions that should be rendered by an external command
+FILE_EXTENSIONS = .adoc,.asciidoc
+; External command to render all matching extensions
+RENDER_COMMAND = "asciidoctor --backend=html5 --no-header-footer --attribute source-highlighter=highlightjs --out-file=- -"
+; Don't pass the file on STDIN, pass the filename as argument instead.
+IS_INPUT_FILE = false{{< / highlight >}}
+----
+
+If you want to use asciidoc instead the command would be:
+`asciidoc --backend=xhtml11 --no-header-footer --attribute
+source-highlighter=highlight --out-file=- -`. I would choose the `xhtml11`
+backend because it is the only one that encloses code snippets with `<code>`
+tags. Instead of
+http://www.andre-simon.de/doku/highlight/en/highlight.html[highlight] you can
+use http://www.gnu.org/software/src-highlite/[source-highlight] or
+http://pygments.org/[Pygments].
+
+If you use asciidoctor and don't need tables or other fancy stuff you're now
+done! If you use asciidoc, you'll have to patch Gitea to get syntax
+highlighting.
+
+== Patching Gitea
+
+The sanitizer strips almost all attributes from HTML-tags, as a security
+precaution. I've added exceptions for:
+
+* `class` attributes on all the tags Asciidoctor introduces,
+* Numerous attributes on `table` tags,
+* `align` and `valign` on `td` tags,
+* `style` attributes on `span` tags, but only if they contain nothing more than
+color and font definitions.
+
+If you use Asciidoctor with highlight.js output, you don't need to allow `style`
+attributes, if you don't use tables you can omit the lines that deal with them
+and the `class` exception is only useful if you add custom CSS to use them.
+
+Apply the patch with `patch -p1 < gitea_relax-sanitizer.patch`.
+
+----
+{{< highlight diff >}}diff -ur a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go
+--- a/modules/markup/sanitizer.go   2019-01-26 16:04:56.014108339 +0100
++++ b/modules/markup/sanitizer.go   2019-01-26 16:03:21.776401012 +0100
+@@ -38,6 +38,16 @@
+ 
+        // Custom URL-Schemes
+        sanitizer.policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
++       // Allow style on span tags
++       sanitizer.policy.AllowAttrs("style").Matching(regexp.MustCompile(`^(background-)?color:[^;]+(; ?font[^;]+)?;?$`)).OnElements("span")
++
++       // Allow class attribute
++       sanitizer.policy.AllowAttrs("class").OnElements("code", "pre", "span", "div", "p", "table", "td")
++
++       // Allow table attributes
++       sanitizer.policy.AllowAttrs("width", "frame", "rules", "cellspacing", "cellpadding").OnElements("table")
++       sanitizer.policy.AllowAttrs("width").OnElements("col")
++       sanitizer.policy.AllowAttrs("align", "valign").OnElements("td")
+    })
+ }{{< / highlight >}}
+----
+
+== Tables without borders
+
+I used tables without borders in a manpage I wrote for the list of options.
+Gitea insist on drawing borders around them, so I had to create a custom CSS
+snippet.
+
+In your Gitea directory, create `custom/templates/custom/header.tmpl`.
+
+----
+{{< highlight css >}}<style>
+    /* Additions for asciidoc */
+    .markdown:not(code) table.frame-none
+    {
+        border: 0 !important;
+    }
+    .markdown:not(code) table.grid-none *
+    {
+        border: 0 !important;
+    }
+</style>{{< / highlight >}}
+----

content/posts/wireguard-vpn-with-2-or-more-subnets.adoc

@@ -0,0 +1,152 @@
+---
+title: "WireGuard VPN with 2 or more subnets"
+description: "How to connect 2 subnets with WireGuard."
+date: 2019-02-14T21:38:28+01:00
+draft: false
+tags:
+- wireguard
+- vpn
+---
+
+I wanted to create a https://en.wikipedia.org/wiki/WireGuard[WireGuard] VPN with
+2 subnets in different physical places, each with their own server. I couldn't
+find an example how to do that, so I wrote this one.
+
+== Introduction
+
+I'm going to use the IP range `fd69::/48` for the VPN, `fd69:0:0:1::/64` for
+subnet 1 and `fd69:0:0:2::/64` for subnet 2. I'm going to call the server of
+subnet 1 `server1`, its first client `client1a`, the second one `client1b` and
+so on.
+
+All clients in subnet 1 will connect to `server1` and all clients in subnet 2
+will connect to `server2`. `server1` and `server2` will be connected. If
+`client1a` wants to connect to `client2a`, the route will be:
+`client1a → server1 → server2 → client2a`.
+
+== Preparations
+
+https://www.wireguard.com/install/[Install WireGuard], create `/etc/wireguard`
+and generate a key-pair on each participating peer.
+
+----
+{{< highlight sh >}}
+mkdir /etc/wireguard
+cd /etc/wireguard
+umask 077
+wg genkey | tee privatekey | wg pubkey > publickey
+{{< / highlight >}}
+----
+
+== Configure servers
+
+.`server1:/etc/wireguard/wg0.conf`:
+----
+{{< highlight cfg >}}
+# This peer
+[Interface]
+Address = fd69:0:0:1::1/48
+PrivateKey = <PRIVATE KEY OF server1>
+ListenPort = 51820
+
+# Server of subnet 2
+[Peer]
+PublicKey = <PUBLIC KEY OF server2>
+Endpoint = server2:51820
+AllowedIPs = fd69:0:0:2::/64
+
+# Clients of subnet 1
+[Peer]
+PublicKey = <PUBLIC KEY OF client1a>
+AllowedIPs = fd69:0:0:1::a/128
+
+[Peer]
+PublicKey = <PUBLIC KEY OF client1b>
+AllowedIPs = fd69:0:0:1::b/128
+{{< / highlight >}}
+----
+
+.`server2:/etc/wireguard/wg0.conf`:
+----
+{{< highlight cfg >}}
+# This peer
+[Interface]
+Address = fd69:0:0:2::1/48
+PrivateKey = <PRIVATE KEY OF server2>
+ListenPort = 51820
+
+# Server of subnet 1
+[Peer]
+PublicKey = <PUBLIC KEY OF server1>
+Endpoint = server1:51820
+AllowedIPs = fd69:0:0:1::/64
+
+# Clients of subnet 2
+[Peer]
+PublicKey = <PUBLIC KEY OF client2a>
+AllowedIPs = fd69:0:0:2::a/128
+{{< / highlight >}}
+----
+
+== Configure clients
+
+.`client1a:/etc/wireguard/wg0.conf`:
+----
+{{< highlight cfg >}}
+[Interface]
+Address = fd69:0:0:1::a/48
+PrivateKey = <PRIVATE KEY OF client1a>
+
+[Peer]
+PublicKey = <PUBLIC KEY OF server1>
+Endpoint = server1:51820
+AllowedIPs = fd69::/48
+PersistentKeepalive = 25
+{{< / highlight >}}
+----
+
+.`client1b:/etc/wireguard/wg0.conf`:
+----
+{{< highlight cfg >}}
+[Interface]
+Address = fd69:0:0:1::b/48
+PrivateKey = <PRIVATE KEY OF client1b>
+
+[Peer]
+PublicKey = <PUBLIC KEY OF server1>
+Endpoint = server1:51820
+AllowedIPs = fd69::/48
+PersistentKeepalive = 25
+{{< / highlight >}}
+----
+
+.`client2a:/etc/wireguard/wg0.conf`:
+----
+{{< highlight cfg >}}
+[Interface]
+Address = fd69:0:0:2::a/48
+PrivateKey = <PRIVATE KEY OF client2a>
+
+[Peer]
+PublicKey = <PUBLIC KEY OF server2>
+Endpoint = server1:51820
+AllowedIPs = fd69::/48
+PersistentKeepalive = 25
+{{< / highlight >}}
+----
+
+The `AllowedIPs` setting acts as a routing table. When a peer tries to send a
+packet to an IP, it will check `AllowedIPs`, and if the IP appears in the list,
+it will send it through the WireGuard interface.
+
+The `PersistentKeepalive` setting ensures that the connection is maintained and
+that the peer continues to be reachable, even behind a NAT.
+
+== Start VPN
+
+Run `wg-quick up wg0` on each peer.
+
+== Further reading
+
+The article https://www.stavros.io/posts/how-to-configure-wireguard/[How to easily configure WireGuard]
+by Stavros Korokithakis helped me a great deal in understanding WireGuard.