From 7772331aa5df0b8106f3523a0070269fae735894 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Sun, 17 Mar 2024 21:09:42 -0700 Subject: xyzca init --- home/xyz/.config/myconf/pacman_Qqme | 1 - home/xyz/.config/myconf/pacman_Qqne | 1 - home/xyz/.config/myconf/sye | 1 - 3 files changed, 3 deletions(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index 4e8e5af9..49e49a7d 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -5,7 +5,6 @@ bash-complete-alias dashbinsh grub-hook htop-vim -jackett-bin librespeed-cli neofetch-git neovim-plug diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index b8907d10..0d6c35db 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -30,7 +30,6 @@ posix-software-development posix-user-portability posix-xsi python-pip -qbittorrent-nox rebuild-detector reflector rsync diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index a0dc6868..9f1da6e7 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -1,6 +1,5 @@ UNIT FILE STATE PRESET getty@.service enabled enabled -jackett.service enabled disabled nftables.service enabled disabled sshd.service enabled disabled systemd-network-generator.service enabled enabled -- cgit v1.2.3-70-g09d2 From fef849e7c6212ed2d8c47f6c5d5e7cfc8592fc87 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Mon, 18 Mar 2024 05:16:39 +0000 Subject: no jackett, one less service --- home/xyz/.config/myconf/sye | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index 9f1da6e7..23d37551 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -14,4 +14,4 @@ remote-fs.target enabled enabled paccache.timer enabled disabled pacman-filesdb-refresh.timer enabled disabled -15 unit files listed. +14 unit files listed. -- cgit v1.2.3-70-g09d2 From 724688b2fb519d5fd39bf88c39353ec2df319d9e Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Mon, 18 Mar 2024 05:17:43 +0000 Subject: ca default use xfs. I may switch to ext4 in the future. But for now I will try xfs --- home/xyz/.config/myconf/pacman_Qqne | 1 + 1 file changed, 1 insertion(+) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 0d6c35db..780b4d53 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -46,5 +46,6 @@ unzip vidir2-git wireguard-tools xdg-user-dirs +xfsprogs zip zoxide -- cgit v1.2.3-70-g09d2 From 0e4a49e53b2c241e9ef32edf5e3080f6a8e443ff Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Wed, 20 Mar 2024 09:11:09 +0000 Subject: remove rustup, do `rustup toolchain remove stable` first, to save storage --- home/xyz/.config/myconf/pacman_Qqne | 1 - 1 file changed, 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 780b4d53..1b50d72a 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -33,7 +33,6 @@ python-pip rebuild-detector reflector rsync -rustup shellcheck speedtest-cli strace -- cgit v1.2.3-70-g09d2 From 63d5617fa2a44f7bf8e093703ad65dbecd0e3452 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Sun, 31 Mar 2024 04:13:54 +0000 Subject: update --- home/xyz/.config/myconf/pacman_Qqme | 1 - 1 file changed, 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index 49e49a7d..920f3141 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -1,5 +1,4 @@ absolutely-proprietary -asp atool2-git bash-complete-alias dashbinsh -- cgit v1.2.3-70-g09d2 From e21eb708e394dc4c1b1997013f829ab502ce7415 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Thu, 4 Apr 2024 13:00:17 +0000 Subject: working on mail server... --- home/xyz/.config/myconf/pacman_Qqme | 1 + home/xyz/.config/myconf/pacman_Qqne | 4 ++++ home/xyz/.config/myconf/sye | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index 920f3141..6ff8423a 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -1,4 +1,5 @@ absolutely-proprietary +acme.sh-systemd atool2-git bash-complete-alias dashbinsh diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 1b50d72a..66f2ef1a 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -3,6 +3,7 @@ base-devel bash-completion dash devtools +dovecot fio fsh-git fzf @@ -15,6 +16,7 @@ lf linux lostfiles lsof +mailutils man-pages moreutils neovim @@ -29,11 +31,13 @@ posix-c-development posix-software-development posix-user-portability posix-xsi +postfix python-pip rebuild-detector reflector rsync shellcheck +socat speedtest-cli strace systemd-resolvconf diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index 23d37551..c5147c99 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -11,7 +11,8 @@ systemd-timesyncd.service enabled enabled systemd-networkd.socket enabled disabled systemd-userdbd.socket enabled enabled remote-fs.target enabled enabled +acme.sh.timer enabled disabled paccache.timer enabled disabled pacman-filesdb-refresh.timer enabled disabled -14 unit files listed. +15 unit files listed. -- cgit v1.2.3-70-g09d2 From d351d94de2a62610022e013ec4a2cefa46300d1f Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Fri, 5 Apr 2024 12:26:41 +0000 Subject: more email server configs: packages and services --- home/xyz/.config/myconf/pacman_Qqne | 2 ++ home/xyz/.config/myconf/sye | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 66f2ef1a..912426c0 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -23,6 +23,8 @@ neovim nethogs nftables openbsd-netcat +opendkim +opendmarc openssh p7zip pacman-contrib diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index c5147c99..8d845498 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -1,6 +1,10 @@ UNIT FILE STATE PRESET +dovecot.service enabled disabled getty@.service enabled enabled nftables.service enabled disabled +opendkim.service enabled disabled +opendmarc.service enabled disabled +postfix.service enabled disabled sshd.service enabled disabled systemd-network-generator.service enabled enabled systemd-networkd-wait-online.service enabled enabled @@ -15,4 +19,4 @@ acme.sh.timer enabled disabled paccache.timer enabled disabled pacman-filesdb-refresh.timer enabled disabled -15 unit files listed. +19 unit files listed. -- cgit v1.2.3-70-g09d2 From 1e20d2372ee99457c1efc609914015657b71f4ed Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Tue, 9 Apr 2024 01:10:31 -0700 Subject: swith to new ca server; wireguard no need --- etc/nftables.conf | 30 ++-------------------- etc/services | 1 - etc/sysctl.d/99-sysctl.conf | 7 ----- .../multi-user.target.wants/wg-quick@wg0.service | 1 - home/xyz/.config/myconf/pacman_Qqne | 1 - 5 files changed, 2 insertions(+), 38 deletions(-) delete mode 100644 etc/sysctl.d/99-sysctl.conf delete mode 120000 etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service (limited to 'home/xyz/.config/myconf') diff --git a/etc/nftables.conf b/etc/nftables.conf index c4ca7f45..22e38dfe 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -3,17 +3,11 @@ # IPv4/IPv6 Simple & Safe firewall ruleset. # More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/. -# references, some codes from: -# https://wiki.archlinux.org/title/Nftables -# https://www.procustodibus.com/blog/2021/11/wireguard-nftables -# https://wiki.gentoo.org/wiki/Nftables/Examples#Basic_NAT +# some codes from https://wiki.archlinux.org/title/Nftables # needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf` flush ruleset -define pub_iface = "eth0" -define wg_iface = "wg0" - table inet my_table { chain my_input { @@ -23,7 +17,6 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" - iifname $wg_iface accept comment "allow from wireguard" ip protocol icmp accept meta l4proto ipv6-icmp accept @@ -32,7 +25,7 @@ table inet my_table { #tcp dport qbt accept #udp dport qbt accept #tcp dport iperf3 accept - udp dport wireguard accept + #udp dport wireguard accept # for acme.sh standalone mode builtin webserver to renew ssl cert tcp dport http accept # email related ports @@ -52,12 +45,6 @@ table inet my_table { type filter hook forward priority filter policy drop # Drop everything forwarded to us. We do not forward. That is routers job. - - # needed for wireguard? - #iifname $wg_iface oifname $pub_iface accept - #iifname $pub_iface oifname $wg_iface accept - iifname $wg_iface accept - oifname $wg_iface accept } chain my_output { @@ -66,16 +53,3 @@ table inet my_table { # Accept every outbound connection } } - -# needed to wireguard NAT masquerade VPN traffic -# Need inet to masquerade both ipv4 and ipv6? If use ip it will only masquerade ipv4? If use ip6 it will only masquerade ipv6? -# https://wiki.nftables.org/wiki-nftables/index.php/Nftables_families -table inet nat { - # newer kernel no need for `chain prerouting { type nat hook prerouting priority -100; policy accept; }`, more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/ - # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface - chain postrouting { - type nat hook postrouting priority 100 - policy accept - oifname $pub_iface masquerade - } -} diff --git a/etc/services b/etc/services index b1b9f5bc..500c6ac7 100644 --- a/etc/services +++ b/etc/services @@ -11507,7 +11507,6 @@ nusrp 49001/tcp nusdp-disc 49001/udp inspider 49150/tcp # my services -wireguard 49432/udp # My ISP verizon block incomming to gateway port 22. So I need to use another port to ssh into my home server. # https://www.reddit.com/r/verizon/comments/to1q43/verizon_5g_home_internet_blocking_ssh_service_port/ ssh-isp 49812/tcp diff --git a/etc/sysctl.d/99-sysctl.conf b/etc/sysctl.d/99-sysctl.conf deleted file mode 100644 index b9677c02..00000000 --- a/etc/sysctl.d/99-sysctl.conf +++ /dev/null @@ -1,7 +0,0 @@ -# at least `net.ipv4.ip_forward = 1` is needed for wireguard masquerade? to work. Without will result into can't ping ips, can't curl websites, browser can't visit websites -# ka seems has this as default, maybe arch linux cloud-init image has this as default? -# https://forums.rockylinux.org/t/wireguard-masquerade-wont-work/7752 -# https://wiki.archlinux.org/title/Nftables#NAT_with_port_forwarding -# https://github.com/teddysun/across/blob/acef6b00a6ad062c0e99286ea136d1a246def644/wireguard.sh#L514-L522 -net.ipv4.ip_forward = 1 -net.ipv6.conf.all.forwarding = 1 diff --git a/etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service b/etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service deleted file mode 120000 index 0a92cb9a..00000000 --- a/etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service +++ /dev/null @@ -1 +0,0 @@ -/usr/lib/systemd/system/wg-quick@.service \ No newline at end of file diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 912426c0..f60f41bc 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -49,7 +49,6 @@ tree unrar-free unzip vidir2-git -wireguard-tools xdg-user-dirs xfsprogs zip -- cgit v1.2.3-70-g09d2 From c1dc3154c35bab540c7a5dc4e85b1422c89f230a Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Tue, 9 Apr 2024 12:34:06 +0100 Subject: ca use btrfs --- home/xyz/.config/myconf/pacman_Qqne | 1 + 1 file changed, 1 insertion(+) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index f60f41bc..f95d7263 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -1,6 +1,7 @@ base base-devel bash-completion +btrfs-progs dash devtools dovecot -- cgit v1.2.3-70-g09d2 From 58fec6d40111c6095177b3797770d5c7bcfa068e Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Wed, 17 Apr 2024 11:47:52 +0100 Subject: install wget, because some scripts uses ony wget, e.g. network-speed.xyz --- home/xyz/.config/myconf/pacman_Qqne | 1 + 1 file changed, 1 insertion(+) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index f95d7263..c299107f 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -50,6 +50,7 @@ tree unrar-free unzip vidir2-git +wget xdg-user-dirs xfsprogs zip -- cgit v1.2.3-70-g09d2 From 073862da8dc8f8fea7934f8f746c7419c2d4dd75 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Fri, 3 May 2024 04:45:30 +0000 Subject: neofetch is archived, and no need neofetch on these computers --- home/xyz/.config/myconf/pacman_Qqme | 1 - 1 file changed, 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index 6ff8423a..d219764c 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -6,7 +6,6 @@ dashbinsh grub-hook htop-vim librespeed-cli -neofetch-git neovim-plug paru-bin pipdeptree -- cgit v1.2.3-70-g09d2 From 06c9ffbc2a44b4e4fe9e0694a3e0d5057f281abf Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Sun, 5 May 2024 03:13:05 +0000 Subject: aur xxd-standalone deleted, switch to official tinyxxd pkg --- home/xyz/.config/myconf/pacman_Qqme | 1 - home/xyz/.config/myconf/pacman_Qqne | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index d219764c..1ae6f3b5 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -10,4 +10,3 @@ neovim-plug paru-bin pipdeptree task-spooler -xxd-standalone diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index c299107f..79e9d4f8 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -5,6 +5,7 @@ btrfs-progs dash devtools dovecot +fastfetch fio fsh-git fzf @@ -45,6 +46,7 @@ speedtest-cli strace systemd-resolvconf tcpdump +tinyxxd traceroute tree unrar-free -- cgit v1.2.3-70-g09d2 From a15d7097e161a914810e4d8f0ce48578a8224751 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Thu, 20 Jun 2024 05:11:48 +0000 Subject: add testdisk, just in case partition got broken and need fix --- home/xyz/.config/myconf/pacman_Qqne | 1 + 1 file changed, 1 insertion(+) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 79e9d4f8..21020ae5 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -46,6 +46,7 @@ speedtest-cli strace systemd-resolvconf tcpdump +testdisk tinyxxd traceroute tree -- cgit v1.2.3-70-g09d2 From 9c956cfe1ee447fc0968d88516e7c859a601b25a Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Fri, 28 Jun 2024 00:57:17 +0000 Subject: feat: wg and swgp config, mainly for aa --- etc/nftables.conf | 25 +++++++++++++++++++++- etc/services | 2 ++ etc/sysctl.d/99-sysctl.conf | 7 ++++++ etc/systemd/network/10-cloud-init-eth0.network | 7 ++++++ .../multi-user.target.wants/wg-quick@wg0.service | 1 + home/xyz/.config/myconf/pacman_Qqme | 3 ++- home/xyz/.config/myconf/pacman_Qqne | 2 +- home/xyz/.config/myconf/sye | 3 ++- 8 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 etc/sysctl.d/99-sysctl.conf create mode 120000 etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service (limited to 'home/xyz/.config/myconf') diff --git a/etc/nftables.conf b/etc/nftables.conf index 22e38dfe..b824edee 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -8,6 +8,8 @@ # needed for reload config using `sudo systemctl restart nftables` or `sudo nft -f /etc/nftables.conf` flush ruleset +define pub_iface = "eth0" +define wg_iface = "wg0" table inet my_table { chain my_input { @@ -17,6 +19,7 @@ table inet my_table { ct state invalid drop comment "early drop of invalid connections" ct state {established, related} accept comment "allow tracked connections" iifname lo accept comment "allow from loopback" + iifname $wg_iface accept comment "allow from wireguard" ip protocol icmp accept meta l4proto ipv6-icmp accept @@ -25,7 +28,8 @@ table inet my_table { #tcp dport qbt accept #udp dport qbt accept #tcp dport iperf3 accept - #udp dport wireguard accept + udp dport wireguard accept + udp dport swgp accept # for acme.sh standalone mode builtin webserver to renew ssl cert tcp dport http accept # email related ports @@ -45,6 +49,12 @@ table inet my_table { type filter hook forward priority filter policy drop # Drop everything forwarded to us. We do not forward. That is routers job. + + # needed for wireguard? + #iifname $wg_iface oifname $pub_iface accept + #iifname $pub_iface oifname $wg_iface accept + iifname $wg_iface accept + oifname $wg_iface accept } chain my_output { @@ -53,3 +63,16 @@ table inet my_table { # Accept every outbound connection } } + +# needed to wireguard NAT masquerade VPN traffic +# Need inet to masquerade both ipv4 and ipv6? If use ip it will only masquerade ipv4? If use ip6 it will only masquerade ipv6? +# https://wiki.nftables.org/wiki-nftables/index.php/Nftables_families +table inet nat { + # newer kernel no need for `chain prerouting { type nat hook prerouting priority -100; policy accept; }`, more see https://www.procustodibus.com/blog/2021/11/wireguard-nftables/ + # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface + chain postrouting { + type nat hook postrouting priority 100 + policy accept + oifname $pub_iface masquerade + } +} diff --git a/etc/services b/etc/services index aa270681..91a89df2 100644 --- a/etc/services +++ b/etc/services @@ -11510,5 +11510,7 @@ inspider 49150/tcp # my services # My ISP verizon block incomming to gateway port 22. So I need to use another port to ssh into my home server. # https://www.reddit.com/r/verizon/comments/to1q43/verizon_5g_home_internet_blocking_ssh_service_port/ +wireguard 49432/udp ssh-isp 49812/tcp iperf3 53497/tcp +swgp 54635/udp diff --git a/etc/sysctl.d/99-sysctl.conf b/etc/sysctl.d/99-sysctl.conf new file mode 100644 index 00000000..b9677c02 --- /dev/null +++ b/etc/sysctl.d/99-sysctl.conf @@ -0,0 +1,7 @@ +# at least `net.ipv4.ip_forward = 1` is needed for wireguard masquerade? to work. Without will result into can't ping ips, can't curl websites, browser can't visit websites +# ka seems has this as default, maybe arch linux cloud-init image has this as default? +# https://forums.rockylinux.org/t/wireguard-masquerade-wont-work/7752 +# https://wiki.archlinux.org/title/Nftables#NAT_with_port_forwarding +# https://github.com/teddysun/across/blob/acef6b00a6ad062c0e99286ea136d1a246def644/wireguard.sh#L514-L522 +net.ipv4.ip_forward = 1 +net.ipv6.conf.all.forwarding = 1 diff --git a/etc/systemd/network/10-cloud-init-eth0.network b/etc/systemd/network/10-cloud-init-eth0.network index 1bc579b9..7829f528 100644 --- a/etc/systemd/network/10-cloud-init-eth0.network +++ b/etc/systemd/network/10-cloud-init-eth0.network @@ -14,7 +14,14 @@ Address=38.175.201.185/22 Address=2606:a8c0:3::75f/128 [Address] +# another ipv6 address for aa wireguard+swgp into +# not sure if it is corret, but it works +Address=2606:a8c0:3:773::b/64 + +[Address] +# the last address seems is the default? # ...:1/64 also works, but I use ...:a/64 because crunchbits panel reverse DNS support this address +# 2024-06-27, ...:1/64 seems doe not work any more, not sure why Address=2606:a8c0:3:773::a/64 # use the following will not need GatewayOnLink=yes in [Route] section, but I'm not sure if it is correct, I'm not sure if those ips could be accessed without gateway, more see https://superuser.com/q/1562380 #Address=2606:a8c0:3:773::a/48 diff --git a/etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service b/etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service new file mode 120000 index 00000000..0a92cb9a --- /dev/null +++ b/etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/wg-quick@.service \ No newline at end of file diff --git a/home/xyz/.config/myconf/pacman_Qqme b/home/xyz/.config/myconf/pacman_Qqme index 1ae6f3b5..1ae88691 100644 --- a/home/xyz/.config/myconf/pacman_Qqme +++ b/home/xyz/.config/myconf/pacman_Qqme @@ -5,8 +5,9 @@ bash-complete-alias dashbinsh grub-hook htop-vim -librespeed-cli +librespeed-cli-bin neovim-plug paru-bin pipdeptree +swgp-go task-spooler diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 21020ae5..c1e1c8bd 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -54,7 +54,7 @@ unrar-free unzip vidir2-git wget +wireguard-tools xdg-user-dirs -xfsprogs zip zoxide diff --git a/home/xyz/.config/myconf/sye b/home/xyz/.config/myconf/sye index 8d845498..a47a970f 100644 --- a/home/xyz/.config/myconf/sye +++ b/home/xyz/.config/myconf/sye @@ -6,6 +6,7 @@ opendkim.service enabled disabled opendmarc.service enabled disabled postfix.service enabled disabled sshd.service enabled disabled +swgp-go.service enabled disabled systemd-network-generator.service enabled enabled systemd-networkd-wait-online.service enabled enabled systemd-networkd.service enabled enabled @@ -19,4 +20,4 @@ acme.sh.timer enabled disabled paccache.timer enabled disabled pacman-filesdb-refresh.timer enabled disabled -19 unit files listed. +20 unit files listed. -- cgit v1.2.3-70-g09d2 From 691b1145250ea555a3dd5982796f3e3d493e8a82 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Wed, 3 Jul 2024 21:35:44 +0000 Subject: update --- home/xyz/.config/myconf/pacman_Qqne | 1 + 1 file changed, 1 insertion(+) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index c1e1c8bd..48914a1a 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -14,6 +14,7 @@ grub ioping iotop-c iperf3 +ldns lf linux lostfiles -- cgit v1.2.3-70-g09d2 From 07df571fe12fd015a5a2a3388d3e736e650fb8b9 Mon Sep 17 00:00:00 2001 From: Xiao Pan Date: Sat, 6 Jul 2024 22:10:45 +0000 Subject: rsync as asdeps because if asexplict I need to add too many pkgs --- home/xyz/.config/myconf/pacman_Qqne | 1 - 1 file changed, 1 deletion(-) (limited to 'home/xyz/.config/myconf') diff --git a/home/xyz/.config/myconf/pacman_Qqne b/home/xyz/.config/myconf/pacman_Qqne index 48914a1a..961590a5 100644 --- a/home/xyz/.config/myconf/pacman_Qqne +++ b/home/xyz/.config/myconf/pacman_Qqne @@ -40,7 +40,6 @@ postfix python-pip rebuild-detector reflector -rsync shellcheck socat speedtest-cli -- cgit v1.2.3-70-g09d2