serhii.net

Bitwarden-rs in now called vaultwarden.

Second time I find setting it up on Yunohost hard, so documenting.

“Create account” from main page with the yh email doesn’t work because the user allegedly exists.

1. Install it
2. You get an email with a link to the admin page to the Yunohost email
3. Open it, you’ll find the admin panel, you can invite users
4. Invite yourself
5. Check your email again
6. Find invitation there to the Vaultwarden group
7. Click it -> “create account”
8. After this, log in to your account and click ‘verify email’
9. Check email, click linkss
10. Done

admin@me:~$ sudo yunohost log
usage: yunohost log {list,show,display,share} ... [-h]
yunohost log: error: the following arguments are required: {list,show,display,share}

• list
• log
• display
• share

Interesting different commands doing different things!

User Guide — Certbot 1.30.0 documentation

Needed to manually get a cerificate.

`` Needed to manually get a cerificate, as opposet to ‘get and install automatically’. `

• sudo certbot certonly --manual -d *.my.domain
• It gave me a TXT record to add to DNS records
• It gave me this link to check if adding the record worked
• I could prolly copy them to yunohost or something, but it wouldn’t be managed by it

The reason I’m doing this is weird DNS configuration.

Let’s try getting around it: Certificate | Yunohost Documentation

yunohost domain cert-install your.domain.tld --self-signed --force

if the certificate installation still doesn’t work, you can disable the checks with --no-checks after the cert-install command.

Oh nice! Let’s try with non self-signed:

admin@me:~$ sudo yunohost domain cert install sub.do.main --no-checks

Works! Even if the web interface complains of DNS issues, this works as long as it’s actually accessible from outside - say, with one of the 220924-2043 Options to access a host from behind NAT and firewall or something.

Adding domains through CLI is also much faster than using the GUI:

admin@me:~$ sudo yunohost domain add my.domain.another.one

And the certificate bit accepts lists of domains. Okay!

admin@me:~$ sudo yunohost domain add b.my.doma.in && sudo yunohost domain add g.my.doma.in && sudo yunohost domain add n.my.doma.in
admin@me:~$ sudo yunohost domain cert install n.my.doma.in b.my.doma.in g.my.doma.in --no-checks

• Except that I don’t see the added domains in the web interface :(
• And no adding through the web interface doesn’t work anymore.
• BUT after I added a domain

The Yunohost documentation adds checkmarks to articles you already read, I love this. Not to track progress, but to quickly parse the list and find the 4 articles I keep reading.

ssh -v localhost is a quick way to get the versions of everything.

Here and later, ‘host’ is the thingy hidden behind NAT.

• Mullvad allows forwarding ports. Then the host connects to mullvad, and I connect to its forwarded ports through public mullvad IP
  • forwarded port is dynamically generated
  • the host has to connect to the same exact server with the forwarded port
• anderspitman/awesome-tunneling: List of ngrok alternatives and other ngrok-like tunneling software and services. Focus on self-hosting.
  • “For most people, I currently recommend CloudFlare Tunnel.”
• Cloudflare Tunnel · Cloudflare Zero Trust docs
  • Had an acc there
  • Moved one domain there
  • Set up cloudflared on the server
    • Really easy install
  • No luck
  • Oh wait it works!
    • Sometimes
    • May debug later
• https://boringproxy.io/
  • needs 80/445, wasn’t able to do non-standard ports on an already existing server w/ certs through dir
  • didn’t get it to work :(
• https://tunnel.pyjam.as
  • worked like a charm!
  • Quick etc., but using someone else’s domain is not what I need
• fatedier/frp: A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
  • Worked immediately for SSH
  • Worked almost immediately for HTTP (no ‘S’, but that was the issue w/ boringproxy - acme errors)
    • Doesn’t force you to use HTTPS
  • Neat intuitive documented config and config files!
  • Really neat dashboard with statistics etc!

How to see ping requests being recieved on the destination machine? - Super User:

Wireshark is too heavy duty for something so simple. Just use tcpdump -nn icmp. Add and host 1.2.3.4 if you want to limit it to packets coming from 1.2.3.4.

Was diagnosing an intermittent internet failure, and for logging when it disappears - ping -D 8.8.8.8. -D prints the timestamps:

[1664029219.968932] 64 bytes from 8.8.8.8: icmp_seq=27 ttl=115 time=17.1 ms
[1664029220.971096] 64 bytes from 8.8.8.8: icmp_seq=28 ttl=115 time=18.0 ms
[1664029222.100859] 64 bytes from 8.8.8.8: icmp_seq=29 ttl=115 time=147 ms
[1664029222.973428] 64 bytes from 8.8.8.8: icmp_seq=30 ttl=115 time=19.4 ms
[1664029223.973696] 64 bytes from 8.8.8.8: icmp_seq=31 ttl=115 time=18.1 ms
[1664029224.990894] 64 bytes from 8.8.8.8: icmp_seq=32 ttl=115 time=33.9 ms
[1664029225.973556] 64 bytes from 8.8.8.8: icmp_seq=33 ttl=115 time=15.4 ms
[1664029226.978178] 64 bytes from 8.8.8.8: icmp_seq=34 ttl=115 time=18.5 ms
[1664029227.980347] 64 bytes from 8.8.8.8: icmp_seq=35 ttl=115 time=19.0 ms
[1664029228.989004] 64 bytes from 8.8.8.8: icmp_seq=36 ttl=115 time=26.4 ms
[1664029230.091472] 64 bytes from 8.8.8.8: icmp_seq=37 ttl=115 time=127 ms
[1664029230.982869] 64 bytes from 8.8.8.8: icmp_seq=38 ttl=115 time=18.3 ms

Have a vodafone router and a real ASUS router that does everything better, and I connect the vodafone router to it and then use the ASUS router for everything else.

Was debugging stuff and set it to AP mode - wanted to go back, but I couldn’t access the ASUS admin panel anymore at the usual 192.168.2.1.

It had a different IP, one I could find in the Vodafone router control panel, and through that found the ASUS router admin interface.

I religiously do .realpath() pretty much every time I get a path from user input. Naively believing it also expands ~ etc.

Once I forgot and once I entered a non-expanded path myself: ~/this/

Then was tracking it as a bug, and found this bundle of joy:

/home/sh/me/dir~/me/dir/Checkpoints/checkpoint_288

It is in fact not illegal to create a directory called ~ in Unix.

And the things that used it as-is where there, and the things that were using it after a realpath were using another directory.

OK, I resolve()-d it - still the same.

TIL Path.resolve() takes care of symlinks and ..-like components, but not ~. So it should be Path.expanduser().resolve() from now on.