shithub: sirjofri_de

Info  •  Files  •  Log  •  Branches

removes old .ms files. They are now generated on demand

--- a/changeblog/1578614400.ms

+++ /dev/null

@@ -1,9 +1,0 @@

-.HTML Revived

-.TL

-Revived

-.LP

-I updated my website to Uberspace 7, but not only this: I changed the whole webpage to make it more nine-friendly.

-.LP

-My whole webpage management system is completely 9 based. I use oridb's git9 implementation and plan9 tools, mk, sed, cat, …

-.LP

-I also decided to change the main language of the website to English.

--- a/changeblog/1590105600.ms

+++ /dev/null

@@ -1,13 +1,0 @@

-.HTML I use 9front

-.TL

-I use 9front

-.LP

-Today I want to share with you, that I use the plan9 distribution “9front” as my main computer.

-.LP

-Of course there are things that are almost impossible to do there, for example: all gamedev related stuff. This is of course an issue, because I am a game developer. I still have my windows machine with relevant tools, so I can still fiddle around with those complex things.

-.LP

-For gaming I also use my windows machine or some game console. Yes, there are a few games on plan9 systems.

-.LP

-Also most online services use javascript and heavy styling of webpages, so I also use a modern computer with a modern browser. Mothra is fine for doing basic research stuff, but in 2020 it's almost impossible to actually do things on the web.

-.LP

-Anyways, let me tell you that I don't really miss anything on plan9. I can write documents, check my email stuff, chat with people, and step by step it becomes more usable. The community is helpful and provides more applications. The system runs stable, the user interface is consistent and good to look at. Colors don't jump in your eye and want to kill you and there's catclock(1), our friendly companion.

--- a/changeblog/1592917245.ms

+++ /dev/null

@@ -1,11 +1,0 @@

-.HTML changeblog feed — social media²

-.TL

-changeblog feed — social media²

-.LP

-RSS is still a thing.

-.LP

-Yes, there are more modern alternatives, like Atom or fancy json feeds. What I want to say is, feeds are still a thing.

-.LP

-That's why you are now able to read my changeblog as an Atom feed.

-.LP

-Now I just need to find enough time to write my posts.

--- a/changeblog/1593448779.ms

+++ /dev/null

@@ -1,32 +1,0 @@

-.HTML 9front on Netcup VPS

-.TL

-9front on Netcup VPS

-.LP

-Today I installed 9front on a Netcup VPS. Here are some notes if you want to do it yourself.

-.LP

-I used the smallest VPS option. Currently, that's “VPS 200 G8”. It costs like 2.69 Euro, but you might be able to find some way to make it cheaper.

-.LP

-After ordering it might take some time until the server is up and ready.

-By default debian was installed in a GPT, we can ignore that.

-.LP

-Before we can install our custom ISO we first must upload it somewhere.

-This is done via FTP (you get the access data from the SCP), I used windows default file explorer

-.CW ftp://user@address , (

-enter password). Copy the 9front ISO in 

-.CW /cdrom .

-This will take some time.

-.LP

-Meanwhile you can delete the virtual disk and create a new one. You need your SCP password for this.

-This step is necessary to remove the GPT. Of course you could manually reformat the disk, but deleting the disk will save time.

-.LP

-In the settings you can virtually insert the iso as a DVD and verify the boot order (DVD first).

-Start up the machine and switch to the web VNC display.

-.LP

-At this point you can proceed with the default 9front installation described in the fqa.

-Don't forget to install the MBR and activate the partition.

-Otherwise there are no additional special steps besides manually configuring the

-.CW /lib/ndb/local

-after installation.

-In my case I made an auth server.

-.LP

-Currently it seems to work fine. I installed the machine today, so there might be some issues I didn't find yet.

--- a/changeblog/1593621046.ms

+++ /dev/null

@@ -1,38 +1,0 @@

-.HTML Guided Replica

-.TL

-Guided Replica

-.LP

-Today I installed

-.IR replica (1)

-on my VPS. I noticed that I can write some helper scripts around it

-and here they are.

-.LP

-You can download them from

-.CW https://sirjofri.de/files/guidedreplica .

-.LP

-You can install it like that:

-.LP

-.P1

-# bind your client $home to /n/rclient

-# bind your server $home to /n/rserver

-hget https://sirjofri.de/files/guidedreplica/guidedreplica.rc | rc

-# follow the prompts

-.P2

-.LP

-This will also install two helper scripts to

-.CW $home/bin/rc/replica/ .

-Reproto copies one proto over the other. You can choose which one you want to keep.

-Reupdate is helpful if there are update-update errors. It should automatically solve them (untested, but should work).

-.LP

-.B Update:

-.I replica (1)

-has issues. Often it does a bad job tracking changes, leaving removed files there and vice versa. I never encountered data loss, only inconsistencies in the copies.

-.LP

-Many people use

-.I mkfs (8),

-which does not overwrite changed files. At some point I will build some scripts around it and use that instead of

-.I replica (1).

-.LP

-(Files:

-.CW https://sirjofri.de/files/guidedreplica/README

-.CW https://sirjofri.de/files/guidedreplica/guidedreplica.rc )

--- a/changeblog/1594881674.ms

+++ /dev/null

@@ -1,118 +1,0 @@

-.HTML Mail Server Configuration

-.TL

-Mail Server Configuration

-.LP

-Recently I installed my mail server on 9front. Most of the time I followed the guide in the FQA, but still there are things to explain. In this document I'll go through the section of the FQA and annotate things.

-.LP

-Right at the beginning the FQA mentions how the executing user needs write permissions for the mailboxes. This is

-.I "very important" !

-If upas can't write the mailboxes the mail server will \fInot\fR accept incoming mail!

-.LP

-In my setup I can skip all DNS stuff, because I have my DNS hosted somewhere else. Make sure to add proper MX records as well as (at least) an SPF record.

-.SH

-/mail/lib/smtpd.conf

-.LP

-To make things short, here are the necessary lines in my setup. The server handles authenticated incoming mail for sending to other providers as well as incoming mail for local accounts.

-.P1

-defaultdomain    sirjofri.de

-norelay          on

-verifysenderdom  on

-saveblockedmsg   off

-ourdomains       sirjofri.de

-.P2

-.LP

-Note that the server is no relay for unauthenticated/untrusted requests, it will still relay if you authenticate.

-.LP

-At this point it might be a good idea to check your user password.

-Use 

-.CW auth/changeuser

-to add \fIInferno/POP secrets\fR to your user accounts. Use these passwords to authenticate to the smtp server.

-.SH

-/mail/lib/rewrite

-.LP

-The program that handles sending mail uses this file to rewrite mail addresses. This file is responsible for filtering out local mail as well as sending other mails to the mailer.

-.LP

-In my setup I added three aliases:

-.P1

-pOsTmAsTeR    alias postmaster

-aBuSe         alias abuse

-wEbMaStEr     alias webmaster

-.P2

-.LP

-Use regular expressions to define your domain:

-.P1

-\\l!(.*)                alias \\1

-\\l\\.sirjofri\.de!(.*)   alias \\1

-sirjofri.de!(.*)       alias \\1

-.P2

-.LP

-For translating mails I added one more rule for mail address \fItags\fR. These tags are in the form of \fIuser+tag@example.com\fR. Official specifications say that everything behind that “+” must be ignored, but it can be used to automatically sort incoming mail into folders. I do this, by the way, so I describe here, how.

-.LP

-We need rules for those plus signs:

-.P1

-\\"(.+)\\+(.*)\\"  translate "echo `{/bin/upas/aliasmail '\\1'}^'+\\2'"

-# The other translate rules are default

-.P2

-.LP

-For delivering local mails, I added extra rules:

-.P1

-local!(.+)\\+(.+)  |  "/bin/test -d /mail/box/\\1/\\2 \\&\\& /bin/upas/mbappend /mail/box/\\1/\\2 || /bin/upas/mbappend /mail/box/\\1/mbox"

-local!"(.+)\+(.+)  |  "/bin/test -d /mail/box/\\1/\\2 \\&\\& /bin/upas/mbappend /mail/box/\\1/\\2 || /bin/upas/mbappend /mail/box/\\1/mbox"

-# leave the other rules untouched.

-.P2

-.LP

-With this settings, mails to user+\fItag\fR will be checked. If a mailbox folder for \fItag\fR exists, mail is sent to this folder. Otherwise it is sent to the user's default inbox.

-.B Note:

-I tested, but this \fIdoes not work\fR with aliased mail. If my aliasmail changes \fIuserA\fR to \fIuserB\fR, mails to \fIuserA+tag\fR will be rejected! If you know how I can make this work, feel free to send me a mail.

-.SH

-/mail/lib/names.local

-.LP

-This file is pretty easy. Just add your alias mail addresses:

-.P1

-postmaster  sirjofri

-webmaster   sirjofri

-abuse       sirjofri

-.P2

-.SH

-/mail/lib/remotemail

-.P1

-#!/bin/rc

-shift

-sender=$1

-shift

-addr=$1

-shift

-fd=`{/bin/upas/aliasmail -f $sender}

-switch($fd){

-case *.*

-    ;

-case *

-    fd=sirjofri.de

-}

-exec /bin/upas/smtp -h $fd $addr $sender $*

-.P2

-.SH

-SMTP over TLS

-.LP

-I don't use port 587. I use 25 for this. Mail servers relay mails to this port by default, so it makes sense.

-.LP

-/rc/bin/service/tcp25

-.P1

-#!/bin/rc

-user=`{cat /dev/user}

-exec /bin/upas/smtpd -f -E -r -c /sys/lib/tls/cert -n $3

-.P2

-.LP

-Don't forget to create your TLS certificate!

-.SH

-IMAP4 over TLS

-.LP

-I did this exactly like the FQA. See there.

-.SH

-No.

-.LP

-At this point I stopped. I did not configure ratfs and have no spam handling right now. It doesn't really matter for me, because nobody knows me and I don't use that mail address to register anywhere.

-.LP

-Links:

-.IP →

-https://fqa.9front.org/fqa7.html#7.7

--- a/changeblog/1594885496.ms

+++ /dev/null

@@ -1,25 +1,0 @@

-.HTML lib/profile quick hack

-.TL

-lib/profile quick hack

-.LP

-Some smaller change that can change your life.

-.LP

-There are reasons why you not run \fIrio\fR in your lib/profile. For me the main reason would be: You can no longer use

-.CW "rcpu -c commands"

-in your shell. Rio opens and there you are, stuck in front of a gray background.

-.LP

-My solution:

-.P1

-case cpu

-   # … lots of stuff …

-   rcpucmd=`{cat /mnt/term/env/cmd >[2]/dev/null}

-   if(~ $#rcpucmd 0)

-      rio

-   # … lots of stuff …

-.P2

-.LP

-Now I can

-.CW rcpu

-and have my rio, or

-.CW "rcpu -c command"

-and run the command without leaving my shell.

--- a/changeblog/1596011563.ms

+++ /dev/null

@@ -1,53 +1,0 @@

-.HTML Restrict RCPU User Access to Groups

-.TL

-Restrict RCPU User Access to Groups

-.LP

-This is how to restrict user access to groups.

-You can use this to enable

-.CW rcpu

-access for all users of a specific group.

-All other groups will not be allowed.

-.LP

-To allow access only to

-.CW sys

-group members: adjust your

-.CW /rc/bin/service/tcp17019

-.P1

-#!/bin/rc

-userfile=/adm/users

-fn useringroup{

-	grep $1 $userfile | {

-		found=0

-		while(~ $found 0 && line=`:{read}){

-			if(~ $line(2) $2){

-				found=1

-			}

-		}

-		if(~ $found 1)

-			status=''

-		if not

-			status='not found'

-	}

-}

-if(~ $#* 3){

-	netdir=$3

-	remote=$2!`{cat $3/remote}

-}

-fn server {

-	~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args

-	rm -f /env/'fn#server'

-	. <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1]

-}

-exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'

-.P2

-.LP

-This checks if the user is in group

-.CW sys

-and only then calls the

-.CW server

-function.

-Otherwise the connection is terminated.

-.LP

-This is especially useful if you want a CPU server to expose filesystems

-.I and

-have cpu access for administrators only.

--- a/changeblog/1608028434.ms

+++ /dev/null

@@ -1,94 +1,0 @@

-.HTML 9front on Lenovo Thinkpad Twist

-.TL

-9front on Lenovo Thinkpad Twist

-.LP

-A few weeks ago I removed archlinux from my remaining machine.

-I noticed how the new lenovo keyboards aren't good and the trackpoint is crap.

-That's why I still prefer the Thinkpad T61, even without battery.

-.PP

-Anyways, I'll try to describe the process of the installation.

-The installation itself went according to the FQA, I'll just add some notes.

-.SH

-Process

-.PP

-First I had to disable UEFI completely and switch to legacy BIOS.

-I know 9front can handle UEFI somehow, but I never got it working on any machine.

-To make 9front work with legacy BIOS I had to change the SSD layout from GPT to MBR.

-This was possible, just remove all partitions and use the command line to create DOS partitions.

-Then the SSD was detected as MBR/non-GPT and I could proceed with default installation.

-.PP

-After installation I needed to get WIFI working.

-Thanks to 9front developers I was able to use BSD drivers as documented in the FQA.

-In my case I just grabbed the

-.CW iwn-2030

-drivers, placed them in

-.CW /lib/firmware

-and built the kernel from scratch.

-.PP

-Enabling ACPI in the

-.CW plan9.ini

-and starting

-.CW aux/acpi

-went without errors, only

-.CW "bad opcode"

-warnings showed up.

-Still, everything works as expected, so I didn't investigate further.

-.SH

-Issues and Troubleshooting

-.LP

-I had exactly

-.B two

-issues.

-The first is the

-.CW "bad opcode"

-as described earlier.

-.PP

-The second is a big surprise.

-Backlight controls work out of the box!

-I know older machines handle this directly without using the operating system, but this was a modern machine.

-Still it worked with only one tradeoff:

-.PP

-It always prints

-.I lapicerrors

-on the console.

-I didn't find a good way to disable them, so I just added a hidden window in my riostart that just

-.CW cat /dev/kprint

-so the errors don't fill the screen.

-.SH

-Bonus: conntosrv

-.LP

-As a bonus I have a small script that saves me lots of installation time.

-I have a server with my $home directory, including some configuration in my

-.CW lib/profile .

-On my terminals (laptops) I just work in my $home like it was right there on my machine.

-.PP

-To make this happen I placed the little script in my terminal's

-.CW /cfg/$sysname/conntosrv

-and called in the

-.CW /cfg/$sysname/termrc .

-.PP

-The script contains:

-.P1

-#!/bin/rc

-

-echo -n 'connect to server: '

-server=`{read}

-

-if(~ $#server 0){

-	echo not connecting to services >[1=2]

-	exit

-}

-

-if(! test -e /net/dns)

-	ndb/dns -r

-

-auth/factotum

-for(i in $server){

-	rimport -Cc $i /n/$i

-}

-bind -c '/n/'^$server(1)^'/usr/'^$user /usr/$user

-.P2

-.PP

-As you can see, the scrips connects to all servers you input at the prompt.

-It takes the first to be your $home, all others are imported to

-.CW /n .

--- a/changeblog/1608301892.ms

+++ /dev/null

@@ -1,52 +1,0 @@

-.HTML Automatically save sent files in “Sent”

-.TL

-Automatically save sent files in “Sent”

-.LP

-Since it is what many mail clients do it might be helpful for other people to have this.

-As for me, I like to have all my outgoing mails automatically saved in a \fISent\fR directory, so that's what I want to do.

-.PP

-There are multiple ways to do this.

-I want to present a very simple way without sending your mail to yourself or something like that.

-.PP

-Outgoing mail is processed via

-.CW upas/send

-or

-.CW /mail/box/$user/pipefrom ,

-if that exists.

-We use this feature to build or own little filter script for outgoing mails.

-.PP

-The script itself is very simple.

-We just need a temporary place to store the mail message, then save it in the

-.CW Sent

-directory and forward it to the normal send routines:

-.P1

-#!/bin/rc

-.br

-rfork en

-# see /sys/src/cmd/upas/filterkit/pipefrom.sample .

-bind -c /mail/tmp /tmp

-TMP=/mail/tmp/mine.$pid

-.br

-cat > $TMP

-.br

-/bin/upas/mbappend /mail/box/<yourusername>/Sent < $TMP

-/bin/upas/send $* < $TMP

-.P2

-.PP

-Of course you need to create the directory

-.CW /mail/box/<yourusername>/Sent

-and exchange

-.CW <yourusername>

-with your

-.CW $user

-and make this script executable.

-.PP

-The

-.CW Sent

-directory needs read and write access for your own user, which should be fine with the defaults.

-.PP

-If you want unauthenticated users to send mails to that directory you need to make this directory world-writable.

-.PP

-With these adjustments you can send mails with acme/marshal and they are automatically saved in your

-.CW Sent

-mailbox.

--- a/changeblog/1629103016.ms

+++ /dev/null

@@ -1,16 +1,0 @@

-.HTML HTTPS on 9front

-.TL

-HTTPS on 9front

-.LP

-I was able to switch my website hosting to 9front completely!

-This is thanks to ori's aclient (acme client which works with letsencrypt).

-This change makes my website deployment much easier since I'm fully writing on 9front and also deploying to 9front.

-The only thing missing is that the source repository is on github, but that's fine since we also have git9.

-.LP

-I'm writing this short blog post on my smartphone via drawterm for android, and I'm sure we'll get a proper documentation for how aclient works (btw the man page is very well documented), so I'll just add some short note about how to use the certificate with tcp80 and tlssrv.

-.LP

-/rc/bin/service/tcp443:

-.P1

-#!/bin/rc

-/bin/tlssrv -c/sys/lib/tls/acmed/mydomain.tls.crt /bin/tcp80

-.P2