package.json #

For a while now I’ve been using Visual Studio Code for a few JavaScript / TypeScript projects. Most of these projects come with a package.json file, which documents various aspects of the project. A tiny example of such a file:

{
  "name": "foo",
  "version": "1.2.3",
  "description": "A packaged foo fooer for fooing foos",
  "main": "foo.js"
}

npm version #

There’s that interesting property version. In conjunction with the npm version command it allows for very easy version bumping with automatic tagging. There are three useful keywords for that command to bump semver-compliant versions: major, minor and patch. You can also set a specific version directly but refer to the documentation on npm for details. Observe:

Sooner or later when setting up a server you’ll want to create some MySQL databses and users. If you’re not proficient in writing SQL queries or just wanted to use a nice GUI tool for the task, you’d need to connect remotely to your databse host. But of course you do not want to expose your MySQL port to the internet … Or suppose you want to debug some remote service, which is only accessible locally on the remote machine …

Introduction #

Some context #

I have a NAS at home which runs on Debian Jessie. A NAS wouldn’t be a NAS without some storage, so I put in two disks with 4 TB each when I built it. Those two disks have actually been used in a setup with OpenMediaVault before that and already had a software-RAID on them. When migrating the disks (to Ubuntu at first) I learned about mdadm and that OpenMediaVault uses it. Great, that was a rather painless transition!

I recently got myself a small VPS from Hetzner to play around with. Using their ‘rescue’ function you can mount different installer images in the virtual disc drive and install the system via VNC or web console.

They provide an Arch installer too, so I chose that. I set up a very barebones system on a btrfs partition and with an nginx webserver.

To me, Arch seemed like an interesting choice for a webserver and so I cloned my nginx config from my nas and began to go through all the directives again and tidy up all the configs in the process, making as much as possible a global directive inside the http { } block.

I dug a little further after my last post and stumbled upon this excellent blog post. It turns out that using the libpam-oath module for two-factor authentication is a lot easier than the challenge-response module and it works rather fabulously.

I will document the steps I took here. Again, all credit goes to the author of that blog post above - I mainly followed his explanations and links.

First off: this does not work as I wanted it to work .. it has some interesting implications though.

The idea #

I am using a YubiKey NEO for various things. It holds my PGP keys in its secure element and has the YubiKey slots configured to use HMAC-SHA1 challenge response and static password. You can for example unlock your KeePass(X) database using OATH-HOTP or the challenge-response mechanism.

Freifunk explained #

The vision of Freifunk is the establishment of free networks, the democratization of communication media and the promotion of local social structures.

Basically, if you want to participate in a Freifunk community, you take a router capable of running OpenWRT and flash it with a special community-flavored version of OpenWRT based on Gluon. If there are other Freifunk nodes in reach, your router will mesh with them and connect you to the network. If you have an internet connection you want to share, then connect the WAN port of your router accordingly and become an uplink for other clients.

Okay, so I set this thing up recently as my new landing page.

Using some scripts and templates from etherpad-lite, which I modified slightly, I now run this as a systemd service under a new user. (You can find the modified files at the end of this post.) However, somehow I can’t get ghost to listen properly on sockets yet.. or at least nginx gives me 502 errors when trying to connect .. I’ll resort to using localhost:port for now.