Merge branch 'master' of https://github.com/AlexBocken/mykb

docs/GIT.md

@@ -80,7 +80,14 @@ git commit -am 'Fix for README file'
 ```
 
 Now push it to the server using `git push origin master`.
+
+### Branches
+
+To create a new branch, use `git checkout -b <BRANCHNAME>`.
+To push this to the remote location, use `git push origin <BRANCHNAME>`.
+
 ## Configuration
+
 ### Pass integration
 pass is a CLI password manager. It allows for git integration.
 First, install `pass-git-helper` from the AUR
@@ -101,6 +108,7 @@ target=dev/github
 target=dev/fooo-bar
 ```
 
+
 ## Further Info
 
 - [Git Website](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server)

docs/ServerSetup.md

@@ -60,3 +60,4 @@ Also set the MX records on you dns service provider and let it point to `mail.HO
 # Possible Hickups on the way
 
 - If you had that domain already set up on a server with a different IP address, you have to clean out your local `.ssh/known_hosts` before you can connect using `ssh`.
+- Make sure that the config files for nginx include `listen 80; listen [::]:80;`, otherwise the certbot install will fail.

docs/beancount.md

@@ -0,0 +1,3 @@
+# BEANCOUNT
+
+ TBD

docs/johntheripper.md

@@ -0,0 +1,41 @@
+# JohnTheRipper
+
+This is a bunch of scripts to crack a bunch of different passwords offline
+
+## Installation
+
+```sh
+git clone https://github.com/magnumripper/JohnTheRipper.git
+cd JohnTheRipper/src
+./configure && make
+```
+
+## Usage
+
+### For pdfs
+
+1. Create a hash of the pdf you want to open
+
+	```sh
+	cd JohnTheRipper/run
+	./pdf2john.pl <pdf file> > <output file>
+	```
+	The output file will be a hash file of the meta info of the pdf.
+	Will be refered to by hash-file from now on.
+
+2. Crack the hash
+
+	```sh
+	cd JohnTheRipper/run
+	./john <hash file>
+	```
+3. Retrieve the password
+
+	```sh
+	cd JohnTheRipper/run
+	./john --show <hash file>
+	```
+	The password will be dispalyed the format of `<path-to-pdf>:password`
+	```sh
+	/root/user/secred.pdf:54321
+	```

docs/neomutt.md

@@ -118,6 +118,43 @@ $endfor$
 </html>
 ```
 
+### Usage with abook
+
+Add  the following to the muttrc. The first line set the default query to use abook, while the second line allows us to quickly add the sender of a mail that we currently read to the adress book using `A`.
+
+```sh
+set query_command= "abook --mutt-query '%s'"
+macro index,pager  A "<pipe-message>abook --add-email-quiet<return>" "Add this sender to Abook"
+bind editor        <Tab> complete-query
+```
+To use abook for composing messages, we can just start a new mail, using `m`.
+Now press `Ctrl + t`. This pulls up a list of abook, which we now can navigate using the arrow keys.
+If you have found the recipient of choice, press enter.
+Sending a mail to more recipients, you can tag them using `t` in that list.
+Having selected all, press `;m` to save them and press enter.
+
+You can also search the query from abook. Having pressed `Ctrl+t`, press `/` to search.
+
+## Signature and GPG
+
+To sign and/or encrypt your mails via GPG, set the following in the muttrc:
+```sh
+set crypt_use_gpgme=yes
+set postpone_encrypt = yes
+set pgp_self_encrypt = yes
+set crypt_use_pka = no
+set crypt_autosign = no
+set crypt_autoencrypt = no
+set crypt_autopgp = yes
+set pgp_sign_as=0x12345678
+```
+
+The last line is the key id of the key you want to use for signing - which can be extracted from `gpg --keyid-format 0xlong -K --fingerprint`.
+
+To send an encrypted message, import the public key of the recipient using `gpg --import <keyfile>` or `gpg --auto-key-locate keyserver --locate-keys user@example.net`
+To bring up the `pgp` menu in mutt, press `p` before sending the mail.
+Then select encryption, and select the recipient from the list.
+
 
 
 TODO: delete plaintext attachment after HTML creation

docs/pass.md

@@ -0,0 +1,82 @@
+# Pass
+
+Pass is a password manager that follows the UNIX philosophy of doing one thing and doing it well. It is designed to be simple and easy to use, while still being secure and flexible.
+It is basically just a simple shell-script, working on files.
+The main idea is to have a bunch of gpg encrypted files, storing the passwords.
+These files can then be synced using your favourite way, being it git, syncthing or anything else.
+Or just kept locally on your machine.
+In the end - its just a file, or a bunch of them.
+
+This allows you to not rely on the good security practice of a large company, which is a primary target for attacks.
+
+Pass has several very useful extensions, allowing easy access, generation of OTP for 2FA and more.
+
+## Install
+
+### Generate a gpg key
+
+1. If you already have a gpg key, you are done here. If not, lets generate a key:
+
+```sh
+gpg --full-gen-key
+```
+2. Select your key type (if no idea what, choose RSA).
+3. Select a 4096 bit long key
+4. Your key should not expire. So select the corresponding option (usually 0)
+5. Name your key and add an email. This email does not have to be your real one, but this key can also be used to sign/encrypt mails. If this is your plan, choose the mail address you plan to use with this key.
+6. Add a password to the key (keep blank for an empty password)
+
+
+### Install on Arch
+
+```sh
+pacman -S pass pass-otp
+```
+
+### Setup
+
+1. We want to set up pass. For this we run the following command. This tells pass to use the gpg key connected to the email address given.
+
+```sh
+pass init <email_used_for_gpg_key>
+```
+
+### Usage
+
+1. **Adding passwords**. To do this, type the following command. Here we use a name to identify which password this is. Usually this is the service/website/program/file/... this password is used for. If several accounts exists for one service, one can also created nested structure like `serviceA/account1` and `serviceA/account2`. This will just create a folder called `serviceA` and put the corresponding files in there. After running below command, it asks you to type the password you want to store.
+
+```sh
+pass add <name_linked_to_password>
+```
+
+2. **Retrieving the password**. To look up the password, simply run the command below. It may be that a prompt asks you to type in your GPG key-pair password.
+
+```sh
+pass <name_linked_to_password>
+```
+
+### Quality of life improvements
+
+1. **passmenu**. If you use `dmenu`, install [this](https://tools.suckless.org/dmenu/scripts/passmenu2) script to enable a dmenu friendly list. Just type a substring of the file name, and this script copies the contents to your clipboard. For OTP this automatically generates the code and copies it to your clipboard. If the file contains two lines, the second line is copied in to your selection. This is useful to store user names or similar information. Bind this script to a keyboard shortcut for actual usability.
+
+2. **One Time Passwords/Multi Factor Authentication**. Most of the time you get a QR code that you should scan with something like microsoft authenticator. Save this qr code as an image, and run it through `zbarimg` (Installed via `pacman -S zbar`). This returns an uri starting `otpauth://...`. Create a new "password" using `pass otp add <otp_password_file>`, and paste the uri as the password. Now run `pass otp <otp_password_file>`. This generates the one time password. Again, this works with passmenu script above. Maybe you have to change the script linked to adjust to your naming convention of otp files.
+
+3. **Syncing**: Usually you want to have your passwords in more than one place. Laptop and Phone are a very common setup. For android you have several options.
+   The most straight forward, and probably safest way, is to copy the files to your device and also copy over the private key.
+   This key is then imported in to an app like [OpenKeyChain](https://www.openkeychain.org/). Now you can open these files using this app.
+   But this comes with a harsh drawback on usability.
+   Another setup would be a private git repo, which you can clone to different devices.
+   Again, on android [Password Store](https://passwordstore.app/) is a very powerful tool, which allows you to auto-insert in browsers and also generate the OTP.
+   To set up a git sync, you enable it with pass using `pass git init`. Then add the remote repo as origin using `pass git remote add origin user@service:pos`.
+   Now this is set up and `pass git push` auto-commits and pushes to the remote repo. `pass git pull` pulls from there.
+   In Password Store you can now clone from this repo and use the key you imported to OpenKeyChain to decrypt the passwords!
+   On iOS I don't know of a similar setup, but am happy to take in recommendations!
+
+
+### Useful commands
+
+- `pass list` : Shows the folder structure of all stored passwords
+- `pass grep <...>` : Searches for a files including the search string when decrypted
+- `pass edit <...>` : If a password changed, this allows to edit the file.
+- `pass generate <...>` : In need of a new password? Just let pass generate a secure one
+- You are able to use pass in a script, for example to enter secret information automatically without keeping it in clear text.

docs/php.md

@@ -31,7 +31,7 @@ listen = run/php/php7.3-fpm.sock
 ## Nginx
 To enable nginx to talk to php add the following to your website config:
 ```nginx
-location ~\.php${
+location ~ \.php${
 	include snippets/fastcgi-php.conf
 	fastcgi_pass 127.0.0.1:9000;
 }

docs/rainloop.md

@@ -89,3 +89,17 @@ quit
 # Certbot
 
 Give the webmail client proper security using `certbot --nginx` to extend your certificate.
+
+# Increasing the upload limit
+
+To increase the maximal upload through the rainloop interface to 100 MB, we do:
+
+1. `vim /etc/php/7.3/fpm/php.ini`
+   - Set `upload_max_filesize` to `100M`
+   - Set `post_max_size` to `100M`
+2. `systemctl restart php7.3-fpm`
+3. `vim /etc/nginx/nginx.conf`
+   - Set `client_max_body_size` to `100M`
+4. `systemctl restart nginx`
+5. Go to `http:/webmail.hostname.xyz/?admin` and under `General` set `Upload size limit` to `100M`
+   - Here you can also see if the php settings worked out.

index.md

@@ -10,8 +10,11 @@ Happy to accept pull requests for new topics!
 - [weechat](docs/weechat.md) TUI client for matrix
 - [git](docs/GIT.md) version control software
 - [neomutt](docs/neomutt.md) highly customizable TUI email client
-- [matlab](docs/matlab.md) A proprietary but extensive python alternative with integrated IDE
 - [nvidia](docs/nvidia.md) Various recommendations for setting up NVIDIA drivers
+- [matlab](docs/matlab.md) A proprietary but extensive python alternative with integrated IDE
+- [JohnTheRipper](docs/johntheripper.md) A password cracker
+- [pass](docs/pass.md) A password manager
+- [beancount](docs/beancount.md) A ledger for text-file bookkeeping with a lot of features
 
 # Server
 - [server](docs/ServerSetup.md) short guide for hosting a server