Home  Main Website     Git     Matrix     Searx    

PwOSS - Wiki

Changes in b0dc4c2: added all contents
all-pages.md
... ...
@@ -0,0 +1,7 @@
1
+# All Pages
2
+<center>
3
+Just an overview of all pages.
4
+</center>
5
+------
6
+
7
+<<GlobalTOC("All pages")>>
... ...
\ No newline at end of file
content/desktop/_Footer.md
... ...
@@ -0,0 +1,7 @@
1
+<center>
2
+[&#8679;UP&#8679;](#)
3
+<br>
4
+<br>
5
+<<Navigation("Navigate Desktop", "content/desktop/", true)>>
6
+</center>
7
+[&#60;&#60; back](/)
content/desktop/arch.md
... ...
@@ -0,0 +1,129 @@
1
+# Arch Linux
2
+<center>
3
+__!!!Still under process!!!__
4
+_This isn't recommended!_
5
+
6
+&nbsp;
7
+If you have enough time and you would like to learn more about Arch Linux ... go for it!
8
+Otherwise, use Manjaro, Mint, Ubuntu, etc., these are really good Linux distributions!
9
+</center>
10
+------
11
+
12
+[[_TOC_]]
13
+
14
+&nbsp;
15
+
16
+# 1. Requirements
17
+To get your new operating system on your PC you'll need a few things:
18
+
19
+Hardware, Software and a little of your time.
20
+
21
+&nbsp;
22
+
23
+## 1.1. Hardware
24
+
25
+### 1.1.1. Minimal system
26
+> - 512 megabyte (MB) of memory (RAM)
27
+> - 800 megabytes (MB) of hard disk space
28
+> - A one gigahertz (GHz) processor
29
+> - A broadband internet connection
30
+> - x86_64-compatible machine
31
+
32
+&nbsp;
33
+
34
+### 1.1.2. Recommended system
35
+> - 2 gigabyte (GB) of memory (RAM)
36
+> - 8 gigabytes (GB) of hard disk space
37
+> - A 2 gigahertz (GHz) processor
38
+> - A broadband internet connection
39
+> - x86_64-compatible machine
40
+
41
+&nbsp;
42
+
43
+### 1.1.3. System architecture
44
+
45
+The following items are also recommended:
46
+- A reliable 1GB (or greater) USB stick
47
+
48
+The USB Stick is necessary for the installation of the system. Also, having a reliable USB stick from a reputable brand will help ensure that the process goes smoothly.
49
+
50
+&nbsp;
51
+
52
+## 1.2. Software
53
+
54
+### 1.2.1. Arch ISO
55
+
56
+Download the .iso file and the .iso.sig file from some of the listed provider from [archlinux.org](https://www.archlinux.org/download/) and open the md5.txt file.
57
+> Arch Linux is only available for 64-bit systems.
58
+
59
+&nbsp;
60
+
61
+Check the two files in the same folder with the following command/s:
62
+
63
+- for Arch user
64
+ - ```pacman-key -v archlinux-<version>-x86_64.iso.sig```
65
+- other [GnuPGP](https://wiki.archlinux.org/index.php/GnuPG) systems
66
+ - ```gpg --keyserver pgp.mit.edu --keyserver-options auto-key-retrieve --verify archlinux-<version>-x86_64.iso.sig```
67
+- and check the md5sum with the following command
68
+ - ```md5sum archlinux-<version>-x86_64.iso```
69
+
70
+> Another method to verify the authenticity of the signature is to ensure that the public key's fingerprint is identical to the key fingerprint of the [Arch Linux developer](https://www.archlinux.org/people/developers/) who signed the ISO-file. See [Wikipedia:Public-key_cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for more information on the public-key process to authenticate keys.
71
+
72
+&nbsp;
73
+
74
+### 1.2.2. (Optional) Etcher
75
+
76
+Download Etcher to flash the ISO
77
+ - [Etcher](https://www.balena.io/etcher/) (www.balena.io - link)
78
+
79
+&nbsp;
80
+
81
+# 2. How To
82
+
83
+## 2.1. BIOS
84
+
85
+You have to align the boot-start to your USB-Stick.
86
+
87
+Depending on your motherboard, you must press the __"esc"__ or __"f2"__ or __"f12"__ or __"end"__ key immediately after the PC starts.
88
+> Check your motherboard/computer manual if no button works or ask us.
89
+
90
+__Go to:__
91
+1. Boot
92
+2. BOOT DEVICE PRIORITY (or similar)
93
+
94
+Put the USB at the first place (with F5 and F6). Hit the button _esc_ until _save changes and reset_. Hit __enter__ and __yes__.
95
+
96
+Reboot and choose Start: Boot Arch Linux (x86_64)
97
+
98
+(After installing your operating system, you need to change back your BIOS settings)
99
+
100
+&nbsp;
101
+
102
+## 2.2. Installation
103
+
104
+If you got every [requirements](/content/desktop/arch#1-requirements) then we can go further with the first step (3 steps in total).
105
+
106
+Get yourself a coffee or tea and let's go through this.
107
+
108
+### 2.2.1. Step 1
109
+
110
+#### 2.2.1.1. Flashing the ISO file
111
+```
112
+fdisk -l
113
+```
114
+or with _sudo_
115
+
116
+```
117
+sudo fdisk -l
118
+```
119
+(check _of=/dev/sdd_, if it's really your USB Stick!!!)
120
+
121
+```
122
+sudo dd bs=4M if=~/Downloads/archlinux-<version>-x86_64.iso of=/dev/sdd
123
+```
124
+
125
+> You can also use [Etcher](https://www.balena.io/etcher/) if you prefer a graphical user interface (GUI).
126
+
127
+&nbsp;
128
+
129
+### 2.2.2. Step 2
... ...
\ No newline at end of file
content/desktop/manjaro.md
... ...
@@ -0,0 +1,132 @@
1
+# Manjaro Linux
2
+<center>
3
+We choose Manjaro as the first place because of the same reasons like [here](/content/server/software-suite#software-suite_arch-linux-operating-system).
4
+Manjaro Linux is based on Arch Linux.
5
+</center>
6
+------
7
+
8
+[[_TOC_]]
9
+
10
+# 1. Requirements
11
+To get your new operating system on your PC you'll need a few things:
12
+
13
+Hardware, Software and a little of your time.
14
+
15
+&nbsp;
16
+
17
+## 1.1. Hardware
18
+
19
+### 1.1.1. Recommended system
20
+- One gigabyte (GB) of memory (RAM)
21
+- Thirty gigabytes (GB) of hard disk space
22
+- A one gigahertz (GHz) processor
23
+- A high definition (HD) graphics card and monitor
24
+- A broadband internet connection
25
+
26
+***Note: It is highly advised that you exceed the recommended requirements for a smooth system operation. Factors such the desktop environment (DE) and user specific applications may require more resources.***
27
+
28
+&nbsp;
29
+
30
+### 1.1.2. System architecture
31
+
32
+The following items are also recommended:
33
+- A reliable 4GB (or greater) USB stick
34
+- Keyboard and mice
35
+
36
+The USB Stick is necessary for the installation of the system. Also, having a reliable USB stick from a reputable brand will help ensure that the process goes smoothly.
37
+
38
+&nbsp;
39
+
40
+## 1.2. Software
41
+
42
+Download the .ISO file from [manjaro.org](https://manjaro.org/get-manjaro/).
43
+
44
+### 1.2.1. Officially supported desktop environments
45
+
46
+- KDE Plasma
47
+- GNOME
48
+- XFCE
49
+
50
+Manjaro comes in different "flavors". If you have an old system, you can go with the Xfce desktop environment (DE). Xfce is well-known throughout the enthusiast community for being light on system resources by stripping down on unnecessary features whilst keeping a traditional desktop experience. Its user interface (UI) is quite similar to older versions of Windows (such as XP). If you have a relatively modern system (or a system that is sufficiently fast enough), the K Desktop Environment (KDE) will provide all features of a modern desktop environment, boasting beautiful desktop effects and a plethora of customisation options.
51
+
52
+A lot of modern laptops now come with touchscreen support. Linux support for touchscreen laptops greatly depends on the desktop environment and the applications the user wants to use. The GNOME desktop environment, while being known for being heavier on resources, is quite well optimised for touch devices.
53
+
54
+Every version has their own strength and weaknesses. Here is an overview of the different versions [quora.com](https://www.quora.com/Is-there-a-good-comparison-between-Cinnamon-Xfce-KDE-and-MATE-Which-one-should-I-choose).
55
+
56
+### 1.2.2. 32-bit support
57
+
58
+Why isn't there a 32-bit version available? Many developers, as well as the community, have already moved on to 64-bit. While there may be alternatives that support 32-bit systems, it is unknown how long this support can continue before development is deemed "officially dead". The chances are that you are already runnning a 64-bit system! Dropping 32-bit support also frees up some bandwidth that would have been otherwise used for hosting 32-bit ISOs (images) and packages. Hence, Arch Linux (and therefore Manjaro Linux) are only available in 64-bit.
59
+
60
+&nbsp;
61
+
62
+# 2. How To
63
+
64
+The easiest way is to follow the instruction of Manjaro itself.
65
+[manjaro.org](https://osdn.net/projects/manjaro/storage/Manjaro-User-Guide.pdf/)
66
+
67
+## 2.1. BIOS
68
+
69
+You have to align the boot-start to your USB-Stick.
70
+
71
+Depending on your motherboard, you must press the __"esc"__ or __"f2"__ or __"f12"__ or __"end"__ key immediately after the PC starts.
72
+> check your motherboard/computer manual if no button works or ask us.
73
+
74
+__Go to:__
75
+1. Boot
76
+2. BOOT DEVICE PRIORITY (or similar)
77
+
78
+Put the USB at the first place (with F5 and F6). Hit the button _esc_ until _save changes and reset_. Hit __enter__ and __yes__.
79
+
80
+Reboot and choose Start: Boot Manjaro.x86_64 kde.
81
+
82
+(After installing your operating system, you need to change back your BIOS settings)
83
+
84
+&nbsp;
85
+
86
+## 2.2. Partition
87
+We recommend to set up **_3_** partitions. While you may run less than 3 partitions, it was determined that having 3 partitions will enable users to have the greatest amount of flexibility.
88
+
89
+1. Choose **_root_** or **_/_** and use ext4 partition and encrypt the root partition 40GB should be enough.
90
+
91
+2. The size of the **__swap__** partition greatly depends on the amount of system RAM you have. Having the same sized swap partition as the system RAM should be more than sufficient for a majority of users. If you however need more space for other partitions, and if you have greater than or equal to 8GB of RAM, than you could just take half the size of your system RAM (however you'll be giving up hibernation support). You may or may not have heard of a swap file. For the sake of convenience, you should just stick with a partition.
92
+
93
+3. The rest will be for the **_home_** or **__/home__** partition. First of all, choosing a home partition is very important. If someday you want to try another distribution, you can mount the home partition on any Linux system.
94
+This makes it very convenient to try a different distribution without saving your data. But do not forget to save the key from / = “/crypto_keyfile.bin”
95
+So choose also the encryption option for the home partition.
96
+
97
+(After installing your operating system, you need to change back your BIOS settings)
98
+
99
+&nbsp;
100
+
101
+## 2.3. Recommendation
102
+
103
+After installing and restarting your new system, connect your system to the internet and look for the terminal application and copy the following command into the terminal:
104
+
105
+ sudo pacman-mirrors -f 10 && sudo pacman -Syyu
106
+and follow the instruction.
107
+
108
+The above command searches and stores details of 10 recently updated package mirrors, and then forces the system to refresh its package database in order to check for new updates.
109
+
110
+Afterwards, install at first yaourt for yay (We know, it’s sounds stupid for the pros here)
111
+
112
+ sudo pacman -S yaourt && yaourt -S yay && sudo pacman -Rs yaourt
113
+It’s just quicker.
114
+
115
+If you are using the KDE version, we recommend disabling “Baloo” (the indexing service for KDE). Baloo checks for files stored on the system, however this can be very resource consuming, and hence can degrade system performance.
116
+
117
+Terminal command is:
118
+
119
+ balooctl disable
120
+
121
+That’s it. Now take your time and get familiar with Linux.
122
+
123
+&nbsp;
124
+
125
+<br>
126
+<br>
127
+<center>
128
+ <p class="small" class="title"><strong>Problems?</strong></p>
129
+ <p class="small">
130
+ If you encounter problems, simply create an [issue](https://git.pwoss.xyz/desktop/installation/issues).
131
+ </p>
132
+</center>
... ...
\ No newline at end of file
content/mobile/_Footer.md
... ...
@@ -0,0 +1,7 @@
1
+<center>
2
+[&#8679;UP&#8679;](#)
3
+<br>
4
+<br>
5
+<<Navigation("Navigate Mobile", "content/mobile/android/")>>
6
+</center>
7
+[&#60;&#60; back](/)
content/mobile/android.md
... ...
@@ -0,0 +1,44 @@
1
+# Android
2
+<center>
3
+If you want to add your phone-installation, go to [PwOSS - Gitea](https://git.pwoss.xyz/pwoss/wiki/src/branch/master/mobile/android/devices) and start a pull request.
4
+</center>
5
+------
6
+
7
+[[_TOC_]]
8
+
9
+&nbsp;
10
+# About Android
11
+If you are not familiar with root, TWRP, flashing, etc., you should first take a look at ['About Android'](/content/mobile/android/about-android).
12
+
13
+&nbsp;
14
+
15
+# Basic installation
16
+
17
+The basic installation is for all phones, but is based on the _Samsung Galaxy Note 4_. The installation differs slightly from other brands. However, we may be able to add more brands in the future.
18
+
19
+The basic installation is available [here](/content/mobile/android/basic-installation).
20
+
21
+&nbsp;
22
+
23
+# Samsung
24
+Samsung has quite a few good phones out there. And a lot of official LineageOS ROMs are available. But Samsung is also very annoying. They have so many different kinds of the same phone which is not really obvious.
25
+The __Galaxy Note 4__ for example has __25 different kinds__. That's the reason, you have to find out the model number first before you download / flash any Custom-ROMs, TWRP etc.
26
+
27
+Some has another modem, two sim slots or whatever, but the main different can be the CPU. Qualcomms Snapdragon [Wikipedia](https://en.wikipedia.org/wiki/Qualcomm_Snapdragon) or Samsungs Exynos [Wikipedia](https://en.wikipedia.org/wiki/Exynos).
28
+The Snapdragon CPU has a very good support (Custom-ROMs). We suggest to try to get a Snapdragon CPU.
29
+
30
+## Galaxy Note 4
31
+Released, October 2014.
32
+
33
+The Galaxy Note 4 is still a very good phone. The problem with it it has no official release of _LineageOS_ and so no _LineageOS for microG_. But it is still possible to use another Custom-ROM. We'll go with _Resurrection Remix_ in this tutorial which is official.
34
+
35
+### [N910F](/content/mobile/android/devices/samsung/galaxy-note-4/n910f)
36
+### ...
37
+
38
+&nbsp;
39
+
40
+# LG
41
+
42
+## G2
43
+### [D801](/content/mobile/android/devices/lg/g2/d801)
44
+### ...
content/mobile/android/_Footer.md
... ...
@@ -0,0 +1,7 @@
1
+<center>
2
+[&#8679;UP&#8679;](#)
3
+<br>
4
+<br>
5
+<<Navigation("Navigate Mobile", "content/mobile/android/")>>
6
+</center>
7
+[&#60;&#60; back](/content/mobile/android)
content/mobile/android/about-android.md
... ...
@@ -0,0 +1,164 @@
1
+# About Android
2
+<center>
3
+Some information about root, Custom ROMs, TWRP, other projects ...
4
+</center>
5
+------
6
+
7
+[[_TOC_]]
8
+
9
+# Background
10
+Android is one of the main operating systems (OS) you will find on a smartphone today. It was developed by Google to compete directly with iOS, the operating system found on iPhones. One of the main reasons why Android was so successful was because it could run on many devices thanks to the Open Handset Alliance (OHA), an initiative that would allow manufacturers such as Samsung and LG to develop smartphones that may look and feel different, but still at the same time run the same operating system (with modifications made by the manufacturer).
11
+
12
+Google may have prevented a monopoly that may have otherwise existed should Android have never existed, however it isn't all without some catch. Google is notorious for collecting large amounts of private user data, whether you're on a desktop, laptop, or smartphone. On all (Google certified) smartphones, there must be a Play Store and some Google apps (varies between devices). These apps, while useful for a large majority of users, can extract extensive amounts of information based on the user's search history and etc. However, there are solutions to prevent this and hence re-iterates the need of a guide such as this one.
13
+
14
+&nbsp;
15
+
16
+# Supported phones
17
+
18
+If you want to buy a phone or you have already an Android phone you can check the links below if your phone will be supported.
19
+
20
+Check the links below for your phone brand like _Samsung Galaxy Note 4_ and your model name like _N910F_.
21
+
22
+1. [wiki.lineageos.org/devices/](https://wiki.lineageos.org/devices/)
23
+2. [www.lineageoslog.com/statistics](https://www.lineageoslog.com/statistics)
24
+3. [www.stats.lineageos.org/](https://stats.lineageos.org/)
25
+
26
+> If you can't find your phone in the list, that doesn't mean that there are no other options.
27
+> Send us an [email](mailto:pwoss@pwoss.xyz) or create an [issue](https://git.pwoss.xyz/mobile/installation/issues).
28
+
29
+&nbsp;
30
+
31
+# Bootloader
32
+
33
+On some devices, it is necessary to **open** or **unlock** the **bootloader** before you can install a **custom recovery**, **root** or **custom ROM**.
34
+Unlocking the bootloader usually requires the phone to be wiped of all data, meaning that you'll have the backup everything.
35
+Not all smartphone manufacturers allow the unlocking of the bootloader, so if this concerns you, you must do your **research** before purchasing your next smartphone.
36
+Although uncommon, some manufacturers package an “[eFuse - Wikipedia](https://en.wikipedia.org/wiki/EFUSE)” command in their products, which could brick (permanently damage) your device.
37
+
38
+&nbsp;
39
+
40
+## How to find out if your bootloader is locked
41
+
42
+The best way to find out is to have a look at XDA-developers.
43
+
44
+1. Visit your device XDA forum -> [XDA Forum](https://forum.xda-developers.com/)
45
+2. Visit XDA-developers news -> [XDA bootloader news](https://www.xda-developers.com/tag/bootloader/)
46
+
47
+&nbsp;
48
+
49
+# Recovery
50
+A recovery is an independent, lightweight runtime environment that is included on a separate partition from the main Android operating system on all Android devices. As the name suggests, the main purpose of a recovery is to help recover your device to a working state, however it is possible to make your device soft-bricked (unable to boot) if the wrong actions are performed. You can boot directly into recovery mode and use it to factory reset your device, delete the cache partition, or apply software updates.
51
+
52
+&nbsp;
53
+
54
+## TWRP - Team Win Recovery Project
55
+Over the years, **TWRP** is the most used **custom recovery**. A custom recovery is necessary to flash a custom ROM and hence TWRP is a suitable solution if your device supports it.<br>
56
+TWRP supports touch interactions, encrypted storage, MTP (mass storage), and many more features to satistfy the needs of a power user. <br>
57
+Search for your device [here](https://twrp.me/Devices/) to get TWRP.<br>
58
+More info about TWRP -> [here](https://twrp.me/about/)
59
+
60
+&nbsp;
61
+
62
+## Clockworkmod recovery
63
+Clockworkmod (CWM) was the de-facto recovery environment used by savvy Android users until TWRP gained traction in the smartphone market. Its interface was very minimal, coloured text on a black background. Controls were handled using the volume buttons and the power key. It is no longer the recommended recovery to use unless you have an older device that doesn't support TWRP (e.g. Samsung Galaxy S). <br>
64
+How to install on your device -> [here](https://www.xda-developers.com/how-to-install-clockworkmod/)
65
+
66
+&nbsp;
67
+
68
+# Custom ROMs
69
+
70
+## Why bother installing a custom ROM?
71
+
72
+We are all familiar with the time where your phone decides to play up and refuses to do what you want it to do. Anecdotal evidence has found that **all** smartphones degrade over time due to heat, stress, wear and etc. However this __doesn't__ mean you can't still make improvements on your phone.
73
+
74
+One common cause of slowdowns on your smartphone is the presence of bloatware or "bloat". These apps are **unneeded** and **unwanted**, meaning that they take up your important storage space and memory. A custom ROM however **never** contains any bloatware. This will mean that you will be able to reclaim any of the lost storage space and memory and use it for more important applications. This will translate to **better** performance (and sometimes battery life).
75
+
76
+&nbsp;
77
+
78
+## Custom ROM options
79
+
80
+LineageOS isn't the only custom ROM available. There are heaps of other ROMs you can choose from (Resurrection Remix, CR Droid, Paranoid Android, etc.), each coming with their own unique combination of features and apps.
81
+To get started, it is best to consult on a thread over at the XDA-developers forums ([Wikipedia](https://en.wikipedia.org/wiki/XDA_Developers)). XDA is the first address of all your Android needs.
82
+
83
+Like other desktop-operating systems (Arch, Debian, Mint, Ubuntu etc.) you have to find out for yourself which ROM suits **you** best.
84
+
85
+&nbsp;
86
+
87
+## LineageOS
88
+
89
+**LineageOS** is an open-source operating system (OS) for your Android device. In the development community, it is often referred to as a __custom ROM__ (or sometimes aftermarket firmware). Android is generally open-source ([AOSP - Android Open Source Project](https://source.android.com/)), however the Google Apps (GApps) or other manufacturer (Samsung, HTC, ...) applications aren't.
90
+
91
+Website: [lineageos.org](https://lineageos.org/)
92
+
93
+### LineageOS root
94
+LineageOS has their own option to get root access on your phone. Just flash the [zip](https://download.lineageos.org/extras) through TWRP. (later more)
95
+
96
+&nbsp;
97
+
98
+## LineageOS for microG
99
+
100
+This ROM includes already _[F-Droid](https://wiki.pwoss.xyz/Guideline/Mobile/projects#projects_f-droid)_ & _[microG](https://wiki.pwoss.xyz/Guideline/Mobile/projects#projects_microg)_. This makes installation and achieving more privacy very easy!
101
+
102
+Website: [lineage.microg.org](https://lineage.microg.org/)
103
+
104
+&nbsp;
105
+
106
+## Resurrection Remix OS
107
+
108
+Resurrection Remix OS is based on LineageOS with much more settings / features.
109
+
110
+Website: [resurrectionremix.com](https://www.resurrectionremix.com/)
111
+
112
+&nbsp;
113
+&nbsp;
114
+
115
+> If you want you can add more ROMs. Got to [PwOSS - Gitea](https://git.pwoss.xyz/PwOSS/Wiki/src/branch/master/Guideline/Mobile)
116
+
117
+&nbsp;
118
+
119
+# Root
120
+**Root** is required if you want to have **full control** of your **device**. It's necessary for certain apps like AFWall+, XPrivacyLUA etc. (more on this later)<br>
121
+AFWall+, for example, is using the iptables firewall ([Wikipedia](https://en.wikipedia.org/wiki/Iptables)) which you can only be modified if your device is rooted. It's like the administrator of a software.
122
+
123
+You have to be very **careful** to use the **right root applications**. Check the mantainer, date (how long is it available) and if it is open source! A _root app_ also has full control over your device! You must remember this whenever you install a _root app_.
124
+
125
+Rooting your phone typically voids your **warranty**, however this can be **reversible** depending on a case-by-case basis. We have never had a problem, but that does not change the fact that some manufacturers may not outright accept your phone for repair should it ever be necessary!
126
+
127
+Over-the-air (OTA) updates are not possible with root. This means that your device will no longer receive updates from your smartphone manufacturer. This brings us to the use of custom ROMs. **LineageOS** can support your device (security updates, etc.) even if your device is not longer supported by your smartphone manufacturer! All new security patches straight from Google ([Android Security Bulletin](https://source.android.com/security/bulletin)) are included in all official builds of LineageOS.
128
+
129
+Applications such as **bank** apps may **stop working** when they **detect a rooted phone**. You can still use your web browser or a laptop/desktop PC, however there are solutions such as **Magisk hide** that can hide root for specific apps.
130
+
131
+But **root is not necessary**!<br>
132
+You could go with a custom ROM but there is no need to use root. For privacy reasons, it is easier to use root, but there are some options without root.
133
+
134
+&nbsp;
135
+
136
+# Projects
137
+
138
+A project overview. Perfectly usable for all your privacy needs.
139
+
140
+&nbsp;
141
+
142
+## F-Droid
143
+__[F-Droid](https://f-droid.org/)__ is the open source software store for your Android phone! It's available since 2010. Actually mostly every alternative is available.
144
+
145
+&nbsp;
146
+
147
+## Yalp
148
+Yalp store isn't really an application store. Yalp is getting all the apps directly from Google Play Store. Yalp Store is available at [F-Droid](https://f-droid.org/en/packages/com.github.yeriomin.yalpstore/).
149
+
150
+Check microG (next page). It's a good combination.
151
+
152
+&nbsp;
153
+
154
+## microG
155
+[microG](https://microg.org/) isn't a store as well but if you use yalp it is good to have microG too. Some apps are using the old [GCM](https://developers.google.com/cloud-messaging/) or the new [FCM](https://firebase.google.com/docs/cloud-messaging/). This is important to get messages (notifications) from your apps.
156
+
157
+&nbsp;
158
+
159
+## Magisk
160
+Magisk is now the most used way to get root access. <br>
161
+Back in the days, it was _Chainfire's - SuperSU_, but it was sold to a Chinese company and was no longer trustworthy.
162
+Magisk is open source and became more and more popular after the years. Magisk is actually more than just _to get root access_. It supports modules which could provide apps, tweaks or services. Some applications (bank apps/NFC/games/etc.) will not work if you have a rooted phone, but with Magisk it possible to hide the _root check_ of the certain apps. This hiding capability may eventually stop working as Google makes these checks stricter.
163
+
164
+Official Magisk forum thread -> [here](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445)
... ...
\ No newline at end of file
content/mobile/android/basic-installation.md
... ...
@@ -0,0 +1,468 @@
1
+# Basic Installation
2
+<center>
3
+This is the basic installation. You can use it as a guide.
4
+</center>
5
+------
6
+
7
+[[_TOC_]]
8
+
9
+
10
+# 1. Requirements
11
+
12
+This is a little bit tricky! It can be different depends on your phone.
13
+
14
+> If you're not sure how it all works, just send us an [email](mailto:pwoss@pwoss.xyz) or create an [issue](https://git.pwoss.xyz/mobile/installation/issues).
15
+
16
+## 1.1. Hardware
17
+
18
+You need an Android phone. There is no proper way with an Apple phone.
19
+
20
+> [Windows 10 Mobile End of Support](https://pwoss.xyz/windows-10-mobile-end-of-support/)
21
+
22
+### 1.1.1. Check bootloader
23
+Find out if your phone has the ability to unlock your bootloader.
24
+[xda-developers.com](https://forum.xda-developers.com/) offers a wide selection of phones that will help you find a tutorial on opening your bootloader, if possible.
25
+
26
+Straight to your manufacturer:
27
+- [motorola.com](https://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-b)
28
+- [htcdev.com](https://www.htcdev.com/bootloader)
29
+- [sony.com](https://developer.sony.com/develop/open-devices/get-started/unlock-bootloader/how-to-unlock-bootloader/#bootloader_guide)
30
+- [lge.com](https://developer.lge.com/resource/mobile/RetrieveBootloader.dev)
31
+- [xiaomi.com](https://account.xiaomi.com/pass/serviceLogin?callback=http%3A%2F%2Fwww.miui.com%2Fextra.php%3Fmod%3Dxiaomi%2Fauthcallback%26followup%3Dhttp%253A%252F%252Fwww.miui.com%252Funlock%252Fapply.php%26sign%3DYzdhOGVjM2ExNDg0YWJlMGUyYTk4NTUwZDY4OGIyZmI5ZmFmZjEzMw%2C%2C&sid=miuibbs&_locale=en)
32
+- *
33
+
34
+> Huawei & Honor discontinued support for unlocking the bootloader. There are paid ways out there that I do not like to post here. Sell the phone and buy another one.
35
+
36
+> Don't open your bootloader now! Let's do it when we go through the whole installation. Just check it if it's possible or not. If not, you can sell your phone and buy another one. That's the only way, sorry.
37
+
38
+&nbsp;
39
+
40
+## 1.2. Software
41
+
42
+&nbsp;
43
+
44
+### 1.2.1. ADB & fastboot drivers
45
+Depends on your operating system (Linux, Windows, Mac) you have to download the driver for ADB & Fastboot connection (computer to phone).
46
+
47
+> Got to [searx.pwoss.xyz](https://searx.pwoss.xyz/) (or whatever you prefer) and search for "adb drivers windows linux and mac". There you can follow a tutorial.
48
+
49
+&nbsp;
50
+
51
+__Arch Linux & Manjaro Linux:__
52
+```
53
+sudo pacman -S android-tools
54
+```
55
+
56
+&nbsp;
57
+
58
+### 1.2.2. Custom ROM
59
+
60
+Download your ROM from [lineage.microg.org](https://download.lineage.microg.org/).
61
+Get the rom to your phone. Use an external _micro SD card_ if it's possible.
62
+
63
+&nbsp;
64
+
65
+### 1.2.3. TWRP recovery
66
+
67
+Get the recovery from [twrp.me](https://twrp.me/Devices/)
68
+
69
+&nbsp;
70
+
71
+### 1.2.4. Applications
72
+
73
+#### 1.2.4.1. Magisk from GitHub:
74
+[Magisk-'latest-version'.zip](https://github.com/topjohnwu/Magisk/releases/)
75
+[MagiskManager-'latest-version'.apk](https://github.com/topjohnwu/Magisk/releases/)
76
+[Magisk-uninstaller-<latest-date>.zip](https://github.com/topjohnwu/Magisk/releases/)
77
+> Magisk is necessary to get root access and to install EdXposed & riru.
78
+
79
+#### 1.2.4.2. Riru from GitHub:
80
+[magisk-riru-core-'latest-version'.zip](https://github.com/RikkaApps/Riru/releases/)
81
+> Riru is necessary for EdXposed.
82
+
83
+#### 1.2.4.3. EdXposed from GitHub:
84
+[magisk-EdXposed-'latest-version'.zip](https://github.com/ElderDrivers/EdXposed/releases/)
85
+[EdXposedInstaller_'latest-version'.apk](https://github.com/ElderDrivers/EdXposed/releases/)
86
+[EdXposedUninstaller_rec.zip](https://github.com/ElderDrivers/EdXposed/releases/)
87
+> EdXposed is necessary for XPrivacyLua
88
+
89
+#### 1.2.4.4. NanoDroid from nanolx.org:
90
+[NanoDroid-BromiteWebView-<latest-date>.zip](https://downloads.nanolx.org/NanoDroid/Stable/)
91
+
92
+#### 1.2.4.5. XPrivacyLua from F-Droid:
93
+[eu.faircode.xlua_'latest-version'.apk](https://f-droid.org/en/packages/eu.faircode.xlua/)
94
+> Scroll down to 'Download APK'
95
+
96
+#### 1.2.4.6. AFWall+ from F-Droid:
97
+[dev.ukanth.ufirewall_'latest-version'.apk](https://f-droid.org/en/packages/dev.ukanth.ufirewall/)
98
+> Scroll down to 'Download APK'
99
+
100
+Get all downloaded applications on your phone. Use an external _micro SD card_ if it's possible.
101
+Leave __eu.faircode.xlua_'latest-version'.apk__, __dev.ukanth.ufirewall_'latest-version'.apk__, __MagiskManager-'latest-version'.apk__ and __EdXposedInstaller-'latest-version'.apk__ on your computer.
102
+
103
+&nbsp;
104
+
105
+### 1.2.5. Heimdall (Samsung phones only)
106
+
107
+Download _Heimdall_ from [glassechidna.com.au](https://glassechidna.com.au/heimdall/)
108
+> This is necessary to install TWRP.
109
+
110
+__Arch Linux & Manjaro Linux:__
111
+```
112
+pikaur -S heimdall
113
+```
114
+
115
+&nbsp;
116
+
117
+# 2. How To
118
+
119
+If you got every [requirements](https://guideline.pwoss.xyz/mobile/installation/basic/requirements) then we can go further with the first step (4 steps in total).
120
+
121
+Get yourself a coffee or tea and let's go through this.
122
+
123
+## 2.1. Step 1 - Bootloader
124
+### 2.1.1. Backup
125
+If you haven't done it already it's now a good time to do it.
126
+Get all your photos, videos, contacts, calendar, etc. on a separate device.
127
+
128
+&nbsp;
129
+
130
+### 2.1.2. ADB connection & unlock bootloader __(Not for Samsung phones)__
131
+
132
+&nbsp;
133
+
134
+#### 2.1.2.1. ADB
135
+Go to your __Settings__ and click on __About phone__. Push the __Build number__ _seven times_ or _more_.
136
+Go __back to__ the main view of the __Settings__ and click on __System__ and __Developer options__ (maybe advanced first).
137
+Turn __Android debugging__ _on_.
138
+
139
+Connect your phone via USB to the computer.
140
+
141
+&nbsp;
142
+
143
+### 2.1.3. Unlock bootloader
144
+Follow the instruction of the [requirements - bootloader (manufacturer)](https://guideline.pwoss.xyz/android/installation/basic/requirements/software) to unlock your bootloader.
145
+> When you unlock your bootloader, all files on your phone will be deleted!
146
+
147
+After that reboot your phone without any new installation (just to save time).
148
+
149
+&nbsp;
150
+
151
+### 2.1.4. TWRP __(Not for Samsung phones)__
152
+This can be necessary again:
153
+Go to your __Settings__ and click on __About phone__ of your phone. Push the __Build number__ _seven times_ or _more_.
154
+Go __back to__ the main view of the __Settings__ and click on __System__ and __Developer options__ (maybe advanced first).
155
+Turn __Android debugging__ _on_.
156
+
157
+Connect your phone via USB to the computer again. And go through the following commands:
158
+
159
+```
160
+adb reboot bootloader
161
+```
162
+```
163
+fastboot flash recovery your-twrp.img
164
+```
165
+```
166
+adb reboot recovery
167
+```
168
+
169
+&nbsp;
170
+
171
+### 2.1.5. Heimdall __(Samsung phones only)__
172
+
173
+&nbsp;
174
+
175
+#### 2.1.5.1. Reboot to Bootloader
176
+Reboot your phone and hold __VOL-DOWN__, __Power Button__ and the __Home Button__ until you see a warning message. Now __VOL-UP__ and you'll see an Android logo and "Downloading ..." etc..
177
+Connect your phone via USB to your computer.
178
+
179
+&nbsp;
180
+
181
+### 2.1.6. Start Heimdall
182
+
183
+#### 2.1.6.1. Device detection
184
+Start Heimdall and go to __Utilities__. Click on __Detect__ by _Detect Device_. You can see by _Output_ __Device Detected__.
185
+
186
+&nbsp;
187
+
188
+#### 2.1.6.2. Create .pit file
189
+Now you have to create a .pit (Partition Information Table) file.
190
+Click on __Save as__ by _Download PIT_ and choose a folder and name.
191
+
192
+&nbsp;
193
+
194
+#### 2.1.6.3. Flashing TWRP
195
+Go to __Flash__ and click on __Browse__ by _PIT_. Use the just created .pit file.
196
+Click on __Add__ by _Partitions (files)_ and choose by _Partition Details_ / _Partition Name_ __RECOVERY__. Click on __Browse__ by _File_ and choose __your-twrp.img__.
197
+Now click on __Start__.
198
+
199
+Check if an installation line appears on your phone.
200
+
201
+You can also see a process in Heimdall under _Status_. It should look like this:
202
+```
203
+Initialising connection...
204
+Detecting device...
205
+Claiming interface...
206
+Setting up interface...
207
+
208
+Initialising protocol...
209
+Protocol initialisation successful.
210
+
211
+Beginning session...
212
+
213
+Some devices may take up to 2 minutes to respond.
214
+Please be patient!
215
+
216
+Session begun.
217
+
218
+Downloading device's PIT file...
219
+PIT file download successful.
220
+
221
+Uploading RECOVERY
222
+0%
223
+6%
224
+13%
225
+19%
226
+26%
227
+32%
228
+39%
229
+46%
230
+52%
231
+59%
232
+65%
233
+72%
234
+79%
235
+85%
236
+92%
237
+98%
238
+100%
239
+
240
+RECOVERY upload successful
241
+
242
+Ending session...
243
+Rebooting device...
244
+Releasing device interface...
245
+```
246
+
247
+&nbsp;
248
+
249
+#### 2.1.6.4. Trouble?
250
+For Linux.
251
+If you encounter errors while trying to download your .pit file, you must create a new file on your computer and add the following:
252
+```
253
+sudo nano /etc/udev/rules.d/79-samsung.rules
254
+```
255
+```
256
+ATTRS{idVendor}=="04e8", ENV{ID_MM_DEVICE_IGNORE}="1"
257
+ATTRS{idVendor}=="04e8", ATTRS{product}=="Gadget Serial", ENV{ID_MM_DEVICE_IGNORE}="1", ENV{MTP_NO_PROBE}="1"
258
+```
259
+ctrl + x & yes
260
+```
261
+sudo systemctl restart systemd-udevd
262
+```
263
+Try it again. You may need to restart Heimdall if it's still running.
264
+
265
+&nbsp;
266
+
267
+## 2.2. Step 2 - Recovery
268
+
269
+### 2.2.1. Reboot to new recovery
270
+After that, you can reboot your phone to the recovery. Hold __VOL-UP__, __Power Button__ and the __Home Button__ until you reach the new recovery TWRP.
271
+
272
+&nbsp;
273
+
274
+#### 2.2.1.1. WIPE / delete internal storage
275
+Click on __Wipe__ and on __Advanced Wipe__ and select only:
276
+- __Internal Storage__
277
+
278
+Now __Swipe to Wipe__.
279
+
280
+> Go back to the main view.
281
+
282
+&nbsp;
283
+
284
+#### 2.2.1.2. Backup with TWRP
285
+Before we flash a custom-ROM let's do a "quick" backup of your system.
286
+Click on __Backup__ and __Select every Partition__ and __Swipe to Backup__.
287
+
288
+> Go back to the main view.
289
+
290
+&nbsp;
291
+
292
+#### 2.2.1.3. WIPE / delete your phone
293
+Click on __Wipe__ and on __Advanced Wipe__ and select only:
294
+- __Dalvik / ART Cache__
295
+- __System__
296
+- __Data__
297
+- __Cache__
298
+
299
+Now __Swipe to Wipe__.
300
+
301
+> Go back to the main view.
302
+
303
+&nbsp;
304
+
305
+### 2.2.2. Custom ROM
306
+Click on __Install__ and __Select Storage__ and choose __Micro SD card__.
307
+Look for _lineage-16.0-20190327-microG-<model-number>.zip_ click on it and __Swipe to confirm Flash__. Wait until it's done. And wipe the _Cache_.
308
+
309
+> Go back to the main view.
310
+
311
+&nbsp;
312
+
313
+### 2.2.3. Applications
314
+
315
+&nbsp;
316
+
317
+#### 2.2.3.1. Magisk, NanoDroid, Riru & EdXposed
318
+Click on __Install__ and __Select Storage__ and choose __Micro SD card__.
319
+Look for __Magisk-'latest-version'.zip__, __NanoDroid-BromiteWebView-'latest-version'.zip__, __magisk-riru-core-'latest-version'.zip__ and __magisk-EdXposed-'latest-version'.zip__.
320
+Click at first on __Magisk-'latest-version'.zip__ and then __Add more Zips__ and add the other files.
321
+Now __Swipe to confirm Flash__.
322
+
323
+Go back to the main view and click on __Reboot__ and __System__.
324
+
325
+> It may be necessary to start the phone first before installing all these "applications". This means that after installing your custom ROM you will need to boot the system first. Each additional installation of the application must first be started on the system. Install them all separately if you have problems afterwards.
326
+
327
+&nbsp;
328
+
329
+## 2.3. Step 3 - Applications
330
+
331
+### 2.3.1. Internet connection
332
+Turn all your internet connection off at first.
333
+
334
+&nbsp;
335
+
336
+### 2.3.2. Install Magisk, EdXposed, XPrivacyLUA & AFWall+ applications
337
+
338
+&nbsp;
339
+
340
+#### 2.3.2.1. On your phone
341
+Go to your __Settings__ and click on __About phone__ of your phone. Push the __Build number__ _seven times_ or _more_.
342
+Go __back to__ the main view of the __Settings__ and click on __System__ and __Developer options__ (maybe advanced first).
343
+Turn __Android debugging__ _on_.
344
+
345
+Connect your phone via USB to the computer.
346
+
347
+&nbsp;
348
+
349
+#### 2.3.2.2. On your computer
350
+
351
+Start the terminal and go to the folder where you downloaded __... .apk__ files. Maybe /home/user/Download:
352
+
353
+##### 2.3.2.2.1. Magisk
354
+```
355
+adb install MagiskManager-'latest-version'.apk
356
+```
357
+Check your phone for Magisk. Start Magisk and click on the "burger" (three lines top - left) and on modules.
358
+Check if all are selected (Riru - Core, Riru - Ed Xposed). If not do a reboot.
359
+
360
+##### 2.3.2.2.2. EdXposed
361
+```
362
+adb install EdXposedInstaller_'latest-version'.apk && adb install eu.faircode.xlua_'latest-version'.apk && adb install dev.ukanth.ufirewall_'latest-version'.apk
363
+```
364
+
365
+Check your phone for EdXposed Installer. Start EdXposed Installer and click on the "burger" (three lines top - left) and on modules.
366
+Select _AFWall+_ and _XPrivacyLUA_.
367
+
368
+Do a reboot.
369
+
370
+&nbsp;
371
+
372
+## 2.4. Step 4 - Configuration
373
+
374
+### 2.4.1. Internet connection
375
+Turn your Internet on (WIFI or / and LTE).
376
+
377
+&nbsp;
378
+
379
+### 2.4.2. AFWall+
380
+Start AFWall+ and click on the _three dots_ (top-right) and click on __Preferences__ and on __UI Preferences__
381
+
382
+&nbsp;
383
+
384
+#### 2.4.2.1. UI preferences
385
+Select:
386
+- Enable Notifications
387
+- Show notification icon
388
+- Rules Progress
389
+- Show UID for apps
390
+- Confirm AFWall+ disable
391
+
392
+Go back and click on __Rules/Connectivity__.
393
+
394
+&nbsp;
395
+
396
+#### 2.4.2.2. Rules / connectivity
397
+Select:
398
+- Active rules
399
+- Roaming control
400
+- LAN control
401
+- VPN control
402
+
403
+> Check IPv6 Chains if you are using IPv6.
404
+
405
+Go back to the main view (first start of the app).
406
+
407
+&nbsp;
408
+
409
+#### 2.4.2.3. Allow internet access for certain apps
410
+Select _WLAN, Mobile Connection (2 arrows without roaming (R)) and VPN_ for:
411
+- [1000] Android System, Advanced, ...
412
+- [10008] Media Storage, Download ...
413
+- Android System Web View
414
+- Browser
415
+- F-Droid
416
+- Magisk Manager
417
+- microG DroidGuard Helper
418
+- *
419
+
420
+Depending on your application, you may need to give your application access to the Internet when needed. Each time you install an application, a notification is displayed, and you can choose whether this application needs Internet or not. If no pop-up notification is displayed, it may be because the AFWall + message is not working properly or your installed application does not require Internet access.
421
+
422
+&nbsp;
423
+
424
+### 2.4.3. microG
425
+
426
+&nbsp;
427
+
428
+#### 2.4.3.1. Permissions
429
+Start the microG application and grant all necessary permissions. Then click on __Self-Check__ and check everything. It should have everything selected. Maybe _UnifiedNlp status_ did not select everything. That's okay.
430
+
431
+&nbsp;
432
+
433
+#### 2.4.3.2. Google device registration & cloud messaging
434
+Go back to _microG Settings_ and click __Google Device Registration__ and enable it.
435
+The same applies to __Google Cloud Messaging__.
436
+
437
+> If you do not install apps from the Play Store via Yalp, you do not need to enable Google.
438
+> If you're using _AdAway_ or other ADS blocking apps on your phone you'll have to add to your _Whitelist_ = __mtalk.google.com__ if you need Google.
439
+
440
+&nbsp;
441
+
442
+### 2.4.4. XPrivayLUA
443
+This is quite similar like AFWall+.
444
+Start _XPrivacyLUA_ and click on the "burger" (three lines top - left) and select __Notify on new apps__ and __Restrict new apps__.
445
+
446
+Example:
447
+- Contact Apps need the possibility to read you contacts. You have to unselect __Get contacts__.
448
+- GPS need access to your Location. You have to unselect __Get location__.
449
+
450
+It's actually pretty obvious.
451
+
452
+XPrivacyLUA doesn't block the contacts for example. It fakes it.
453
+If you block __Read clipboard__ and you paste a name to your _Contact app_ it doesn't paste the name. It paste _Private_ instead.
454
+
455
+Don't forget that.
456
+
457
+That's it. Enjoy
458
+
459
+&nbsp;
460
+
461
+<br>
462
+<br>
463
+<center>
464
+ <p class="small" class="title"><strong>Problems?</strong></p>
465
+ <p class="small">
466
+ If you encounter problems, simply create an [issue](https://git.pwoss.xyz/mobile/installation/issues).
467
+ </p>
468
+</center>
... ...
\ No newline at end of file
content/mobile/android/devices/lg/g2/d801.md
... ...
@@ -0,0 +1,8 @@
1
+# D801
2
+<center>
3
+__!!!Still under process!!!__
4
+</center>
5
+------
6
+
7
+[[_TOC_]]
8
+
content/mobile/android/devices/samsung/galaxy-note-4/_Footer.md
... ...
@@ -0,0 +1,7 @@
1
+<center>
2
+[&#8679;UP&#8679;](#)
3
+<br>
4
+<br>
5
+<<Navigation("Navigate Mobile", "content/mobile/android/")>>
6
+</center>
7
+[&#60;&#60; back](/content/mobile/android)
... ...
\ No newline at end of file
content/mobile/android/devices/samsung/galaxy-note-4/n910f.md
... ...
@@ -0,0 +1,404 @@
1
+# N910F
2
+<center>
3
+This tutorial is for Samsung Galaxy Note 4 model N910F.
4
+</center>
5
+------
6
+
7
+[[_TOC_]]
8
+
9
+# 1. Requirements
10
+
11
+## 1.1. Software
12
+
13
+&nbsp;
14
+
15
+### 1.1.1. Custom ROM
16
+
17
+Download your ROM from [resurrectionremix.com](https://get.resurrectionremix.com/?dir=trlte).
18
+Get the rom to your phone. Use an external _micro SD card_ if it's possible.
19
+
20
+&nbsp;
21
+
22
+### 1.1.2. TWRP recovery
23
+
24
+Get the recovery from [twrp.me](https://twrp.me/samsung/samsunggalaxynote4qualcomm.html)
25
+
26
+&nbsp;
27
+
28
+### 1.1.3. ADB drivers
29
+> Got to [searx.pwoss.xyz](https://searx.pwoss.xyz/) (or whatever you prefer) and search for "adb drivers windows linux and mac". You can follow a tutorial there.
30
+
31
+&nbsp;
32
+
33
+__Arch Linux & Manjaro Linux:__
34
+```
35
+sudo pacman -S android-tools
36
+```
37
+
38
+&nbsp;
39
+
40
+### 1.1.4. Heimdall
41
+
42
+Download _Heimdall_ from [glassechidna.com.au](https://glassechidna.com.au/heimdall/)
43
+> This is necessary to install TWRP.
44
+
45
+__Arch Linux & Manjaro Linux:__
46
+```
47
+pikaur -S heimdall
48
+```
49
+
50
+&nbsp;
51
+
52
+### 1.1.5. Applications
53
+
54
+#### 1.1.5.1. Magisk from GitHub:
55
+[Magisk-'latest-version'.zip](https://github.com/topjohnwu/Magisk/releases/)
56
+[MagiskManager-'latest-version'.apk](https://github.com/topjohnwu/Magisk/releases/)
57
+[Magisk-uninstaller-'latest-version'.zip](https://github.com/topjohnwu/Magisk/releases/)
58
+> Magisk is necessary to get root access and to install EdXposed & riru.
59
+
60
+#### 1.1.5.2. Riru from GitHub:
61
+[magisk-riru-core-'latest-version'.zip](https://github.com/RikkaApps/Riru/releases/)
62
+> Riru is necessary for EdXposed.
63
+
64
+#### 1.1.5.3. EdXposed from GitHub:
65
+[magisk-EdXposed-'latest-version'.zip](https://github.com/ElderDrivers/EdXposed/releases/)
66
+[EdXposedInstaller_'latest-version'.apk](https://github.com/ElderDrivers/EdXposed/releases/)
67
+[EdXposedUninstaller_rec.zip](https://github.com/ElderDrivers/EdXposed/releases/)
68
+> EdXposed is necessary for XPrivacyLua
69
+
70
+#### 1.1.5.4. NanoDroid from nanolx.org:
71
+[NanoDroid-BromiteWebView-'latest-version'.zip](https://downloads.nanolx.org/NanoDroid/Stable/)
72
+
73
+#### 1.1.5.5. XPrivacyLua from F-Droid:
74
+[eu.faircode.xlua_'latest-version'.apk](https://f-droid.org/en/packages/eu.faircode.xlua/)
75
+> Scroll down to 'Download APK'
76
+
77
+#### 1.1.5.6. AFWall+ from F-Droid:
78
+[dev.ukanth.ufirewall_'latest-version'.apk](https://f-droid.org/en/packages/dev.ukanth.ufirewall/)
79
+> Scroll down to 'Download APK'
80
+
81
+#### 1.1.5.7. FakeGapps from F-Droid:
82
+[com.thermatk.android.xf.fakegapps_'latest-version'.apk](https://f-droid.org/en/packages/com.thermatk.android.xf.fakegapps/)
83
+> Scroll down to 'Download APK'
84
+
85
+Get all downloaded applications on your phone. Use an external _micro SD card_ if it's possible.
86
+Leave __eu.faircode.xlua_'latest-version'.apk__, __dev.ukanth.ufirewall_'latest-version'.apk__, __MagiskManager-'latest-version'.apk__, __com.thermatk.android.xf.fakegapps-'latest-version'.apk__ and __EdXposedInstaller-'latest-version'.apk__ on your computer.
87
+
88
+&nbsp;
89
+
90
+# 2. HowTo
91
+
92
+If you got every [requirements](/content/mobile/android/devices/samsung/galaxy-note-4/n910f#1-requirements) then we can go further with the first step (4 steps in total).
93
+
94
+Get yourself a coffee or tea and let's go through this.
95
+
96
+## 2.1. Step 1 - Heimdall
97
+
98
+### 2.1.1. Reboot to bootloader
99
+Reboot your phone and hold __VOL-DOWN__, __Power Button__ and the __Home Button__ until you see a warning message. Now __VOL-UP__ and you'll see an Android logo and "Downloading ..." etc..
100
+Connect your phone via USB to your computer.
101
+
102
+&nbsp;
103
+
104
+### 2.1.2. Start Heimdall
105
+
106
+&nbsp;
107
+
108
+#### 2.1.2.1. Device detection
109
+Start Heimdall and go to __Utilities__. Click on __Detect__ by _Detect Device_. You can see by _Output_ __Device Detected__.
110
+
111
+&nbsp;
112
+
113
+#### 2.1.2.2. Create .pit file
114
+Now you have to create a .pit (Partition Information Table) file.
115
+Click on __Save as__ by _Download PIT_ and choose a folder and name.
116
+
117
+&nbsp;
118
+
119
+#### 2.1.2.3. Flashing TWRP
120
+Go to __Flash__ and click on __Browse__ by _PIT_. Use the just created .pit file.
121
+Click on __Add__ by _Partitions (files)_ and choose by _Partition Details_ / _Partition Name_ __RECOVERY__. Click on __Browse__ by _File_ and choose __twrp-'latest-version'-trlte.img__.
122
+Now click on __Start__.
123
+
124
+Check if an installation line appears on your phone.
125
+
126
+You can also see a process in Heimdall under _Status_. It should look like this:
127
+```
128
+Initialising connection...
129
+Detecting device...
130
+Claiming interface...
131
+Setting up interface...
132
+
133
+Initialising protocol...
134
+Protocol initialisation successful.
135
+
136
+Beginning session...
137
+
138
+Some devices may take up to 2 minutes to respond.
139
+Please be patient!
140
+
141
+Session begun.
142
+
143
+Downloading device's PIT file...
144
+PIT file download successful.
145
+
146
+Uploading RECOVERY
147
+0%
148
+6%
149
+13%
150
+19%
151
+26%
152
+32%
153
+39%
154
+46%
155
+52%
156
+59%
157
+65%
158
+72%
159
+79%
160
+85%
161
+92%
162
+98%
163
+100%
164
+
165
+RECOVERY upload successful
166
+
167
+Ending session...
168
+Rebooting device...
169
+Releasing device interface...
170
+```
171
+
172
+&nbsp;
173
+
174
+#### 2.1.2.4. Trouble?
175
+For Linux.
176
+If you encounter errors while trying to download your .pit file, you must create a new file on your computer and add the following:
177
+```
178
+sudo nano /etc/udev/rules.d/79-samsung.rules
179
+```
180
+```
181
+ATTRS{idVendor}=="04e8", ENV{ID_MM_DEVICE_IGNORE}="1"
182
+ATTRS{idVendor}=="04e8", ATTRS{product}=="Gadget Serial", ENV{ID_MM_DEVICE_IGNORE}="1", ENV{MTP_NO_PROBE}="1"
183
+```
184
+ctrl + x & yes
185
+```
186
+sudo systemctl restart systemd-udevd
187
+```
188
+Try it again. You may need to restart Heimdall if it's still running.
189
+
190
+&nbsp;
191
+
192
+## 2.2. Step 2 - Recovery
193
+
194
+### 2.2.1. Reboot to new recovery
195
+After that, you can reboot your phone to the recovery. Hold __VOL-UP__, __Power Button__ and the __Home Button__ until you reach the new recovery TWRP.
196
+
197
+&nbsp;
198
+
199
+#### 2.2.1.1. WIPE / delete internal storage
200
+Click on __Wipe__ and on __Advanced Wipe__ and select only:
201
+- __Internal Storage__
202
+
203
+Now __Swipe to Wipe__.
204
+
205
+> Go back to the main view.
206
+
207
+&nbsp;
208
+
209
+#### 2.2.1.2. Backup with TWRP
210
+Before we flash a custom-ROM let's do a "quick" backup of your system.
211
+Click on __Backup__ and __Select every Partition__ and __Swipe to Backup__.
212
+
213
+> Go back to the main view.
214
+
215
+&nbsp;
216
+
217
+#### 2.2.1.3. WIPE / delete your phone
218
+Click on __Wipe__ and on __Advanced Wipe__ and select only:
219
+- __Dalvik / ART Cache__
220
+- __System__
221
+- __Data__
222
+- __Cache__
223
+
224
+Now __Swipe to Wipe__.
225
+
226
+> Go back to the main view.
227
+
228
+&nbsp;
229
+
230
+### 2.2.2. Custom ROM
231
+Click on __Install__ and __Select Storage__ and choose __Micro SD card__.
232
+Look for _RR-P-'latest-version'-trlte-Official.zip_ click on it and __Swipe to confirm Flash__. Wait until it's done. And wipe the _Cache_.
233
+
234
+> Go back to the main view.
235
+
236
+&nbsp;
237
+
238
+### 2.2.3. Applications
239
+
240
+&nbsp;
241
+
242
+#### 2.2.3.1. Magisk, Riru & EdXposed
243
+Click on __Install__ and __Select Storage__ and choose __Micro SD card__.
244
+Look for __Magisk-'latest-version'.zip__, __NanoDroid-BromiteWebView-'latest-version'.zip__, __NanoDroid-microG-'latest-version'.zip__, __magisk-riru-core-'latest-version'.zip__ and __magisk-EdXposed-'latest-version'.zip__.
245
+Click at first on __Magisk-'latest-version'.zip__ and then __Add more Zips__ and add the other files.
246
+Now __Swipe to confirm Flash__.
247
+
248
+Go back to the main view and click on __Reboot__ and __System__.
249
+
250
+> It may be necessary to start the phone first before installing all these "applications". This means that after installing your custom ROM you will need to boot the system first. Each additional installation of the application must first be started on the system. Install them all separately if you have problems afterwards.
251
+
252
+&nbsp;
253
+
254
+## 2.3. Step 3 - Applications
255
+
256
+### 2.3.1. Internet connection
257
+Turn all your internet connection off at first.
258
+
259
+&nbsp;
260
+
261
+### 2.3.2. Install Magisk, EdXposed, XPrivacyLUA & AFWall+ applications
262
+
263
+&nbsp;
264
+
265
+#### 2.3.2.1. On your phone
266
+Go to your __Settings__ and click on __About phone__ of your phone. Push the __Build number__ _seven times_ or _more_.
267
+Go __back to__ the main view of the __Settings__ and click on __System__ and __Developer options__ (maybe advanced first).
268
+Turn __Android debugging__ _on_.
269
+
270
+Connect your phone via USB to the computer.
271
+
272
+&nbsp;
273
+
274
+#### 2.3.2.2. On your computer
275
+
276
+Start the terminal and go to the folder where you downloaded __... .apk__ files. Maybe /home/user/Download:
277
+
278
+&nbsp;
279
+
280
+__Magisk__
281
+```
282
+adb install MagiskManager-'latest-version'.apk
283
+```
284
+Check your phone for Magisk. Start Magisk and click on the "burger" (three lines top - left) and on modules.
285
+Check if all are selected (Riru - Core, Riru - Ed Xposed). If not do a reboot.
286
+
287
+&nbsp;
288
+
289
+__EdXposed__
290
+```
291
+adb install EdXposedInstaller_'latest-version'.apk && adb install eu.faircode.xlua_'latest-version'.apk && adb install dev.ukanth.ufirewall_'latest-version'.apk && adb install com.thermatk.android.xf.fakegapps_'latest-version'.apk
292
+```
293
+
294
+Check your phone for EdXposed Installer. Start EdXposed Installer and click on the "burger" (three lines top - left) and on modules.
295
+Select _AFWall+_, _FakeGapps_ and _XPrivacyLUA_.
296
+
297
+Do a reboot.
298
+
299
+&nbsp;
300
+
301
+## 2.4. Step 4 - Configuration
302
+
303
+### 2.4.1. Internet connection
304
+Turn your Internet on (WIFI or / and LTE).
305
+
306
+&nbsp;
307
+
308
+### 2.4.2. AFWall+
309
+Start AFWall+ and click on the _three dots_ (top-right) and click on __Preferences__ and on __UI Preferences__
310
+
311
+&nbsp;
312
+
313
+#### 2.4.2.1. UI preferences
314
+Select:
315
+- Enable Notifications
316
+- Show notification icon
317
+- Rules Progress
318
+- Show UID for apps
319
+- Confirm AFWall+ disable
320
+
321
+Go back and click on __Rules/Connectivity__.
322
+
323
+&nbsp;
324
+
325
+#### 2.4.2.2. Rules / connectivity
326
+Select:
327
+- Active rules
328
+- Roaming control
329
+- LAN control
330
+- VPN control
331
+
332
+> Check IPv6 Chains if you are using IPv6.
333
+
334
+Go back to the main view (first start of the app).
335
+
336
+&nbsp;
337
+
338
+#### 2.4.2.3. Allow internet access for certain apps
339
+Select _WLAN, Mobile Connection (2 arrows without roaming (R)) and VPN_ for:
340
+- [1000] Android System, Advanced, ...
341
+- [10008] Media Storage, Download ...
342
+- Android System Web View
343
+- Browser
344
+- F-Droid
345
+- Magisk Manager
346
+- microG DroidGuard Helper
347
+- microG Service Core
348
+- *
349
+
350
+Depending on your application, you may need to give your application access to the Internet when needed. Each time you install an application, a notification is displayed, and you can choose whether this application needs Internet or not. If no pop-up notification is displayed, it may be because the AFWall + message is not working properly or your installed application does not require Internet access.
351
+
352
+&nbsp;
353
+
354
+### 2.4.3. microG
355
+
356
+&nbsp;
357
+
358
+#### 2.4.3.1. Spoof package signature
359
+Go to your phone's settings and click on __Apps & notifications__, __Advanced__ and __App permission__.
360
+Now click __Spoof package signature__ and click on the _three dots_ (top-right) and on __Show system__ and select _FakeStore_ and _microG Services Core_.
361
+
362
+&nbsp;
363
+
364
+#### 2.4.3.2. Permissions
365
+Start the microG application and grant all necessary permissions. Then click on __Self-Check__ and check everything. It should have everything selected. Maybe _UnifiedNlp status_ did not select everything. That's okay.
366
+
367
+&nbsp;
368
+
369
+#### 2.4.3.3. Google device registration & cloud messaging
370
+Go back to _microG Settings_ and click __Google Device Registration__ and enable it.
371
+The same applies to __Google Cloud Messaging__.
372
+
373
+> If you do not install apps from the Play Store via Yalp, you do not need to enable Google.
374
+> If you're using _AdAway_ or other ADS blocking apps on your phone you'll have to add to your _Whitelist_ = __mtalk.google.com__ if you need Google.
375
+
376
+&nbsp;
377
+
378
+### 2.4.4. XPrivayLUA
379
+This is quite similar like AFWall+.
380
+Start _XPrivacyLUA_ and click on the "burger" (three lines top - left) and select __Notify on new apps__ and __Restrict new apps__.
381
+
382
+Example:
383
+- Contact Apps need the possibility to read you contacts. You have to unselect __Get contacts__.
384
+- GPS need access to your Location. You have to unselect __Get location__.
385
+
386
+It's actually pretty obvious.
387
+
388
+XPrivacyLUA doesn't block the contacts for example. It fakes it.
389
+If you block __Read clipboard__ and you paste a name to your _Contact app_ it doesn't paste the name. It paste _Private_ instead.
390
+
391
+Don't forget that.
392
+
393
+That's it. Enjoy
394
+
395
+&nbsp;
396
+
397
+<br>
398
+<br>
399
+<center>
400
+ <p class="small" class="title"><strong>Problems?</strong></p>
401
+ <p class="small">
402
+ If you encounter problems, simply create an [issue](https://git.pwoss.xyz/mobile/installation/issues).
403
+ </p>
404
+</center>
... ...
\ No newline at end of file
content/mobile/apple.md
... ...
@@ -0,0 +1,7 @@
1
+# Apple
2
+<center>
3
+
4
+If you are an Apple user, you can add some privacy solutions.
5
+Just fork the [wiki](https://git.pwoss.xyz/pwoss/wiki/) and change the [apple.md](https://git.pwoss.xyz/pwoss/wiki/content/mobile/apple.md) file.
6
+</center>
7
+------
content/pwoss/_Footer.md
... ...
@@ -0,0 +1,7 @@
1
+<center>
2
+[&#8679;UP&#8679;](#)
3
+<br>
4
+<br>
5
+<<Navigation("Navigate PwOSS", "content/pwoss/")>>
6
+</center>
7
+[&#60;&#60; back](/)
content/pwoss/faq.md
... ...
@@ -0,0 +1,63 @@
1
+# FAQ
2
+<center>
3
+All questions and answers around PwOSS.
4
+**(Not done)**
5
+</center>
6
+------
7
+
8
+[[_TOC_]]
9
+
10
+# PwOSS
11
+
12
+## What's PwOSS?
13
+
14
+## Why .xyz domain?
15
+
16
+## Why Gitea?
17
+
18
+### Why not GitHub, GitLab or others??
19
+
20
+<br>
21
+***
22
+<br>
23
+
24
+# Desktop
25
+
26
+## Linux
27
+
28
+### What about Microsoft and Apple?
29
+
30
+### Why Manjaro or Arch?
31
+
32
+#### What about Ubuntu, Debian, Mint ...?
33
+
34
+<br>
35
+***
36
+<br>
37
+
38
+# Server
39
+
40
+## Linux
41
+
42
+### Software suite
43
+
44
+#### Why Seafile and not Nextcloud?
45
+
46
+### What about Debian?
47
+
48
+<br>
49
+***
50
+<br>
51
+
52
+# Mobile
53
+
54
+## Android
55
+
56
+### What about Microsoft and Apple?
57
+
58
+### Software suite
59
+
60
+<br>
61
+***
62
+<br>
63
+
content/pwoss/gitea.md
... ...
@@ -0,0 +1,20 @@
1
+# Gitea
2
+<center>
3
+All about [PwOSS - Gitea](https://git.pwoss.xyz/)
4
+**(Not done)**
5
+</center>
6
+------
7
+
8
+[[_TOC_]]
9
+
10
+# Register
11
+
12
+# Create a repository
13
+
14
+# Fork a repository
15
+
16
+# Create an issue
17
+
18
+# Create a pull request
19
+
20
+# PwOSS organisations
... ...
\ No newline at end of file
content/pwoss/wiki.md
... ...
@@ -0,0 +1,16 @@
1
+# Wiki
2
+<center>
3
+All about the Wiki.
4
+**(Not done)**
5
+</center>
6
+------
7
+
8
+[[_TOC_]]
9
+
10
+# All pages
11
+
12
+See [all pages](/all-pages) at once.
13
+
14
+# How to use the Wiki
15
+
16
+# How to create new Wiki pages
... ...
\ No newline at end of file
content/server/_Footer.md
... ...
@@ -0,0 +1,7 @@
1
+<center>
2
+[&#8679;UP&#8679;](#)
3
+<br>
4
+<br>
5
+<<Navigation("Navigate Server", "content/server/")>>
6
+</center>
7
+[&#60;&#60; back](/)
content/server/arch-scratch-docu.md
... ...
@@ -0,0 +1,2292 @@
1
+# Arch Scratch Docu
2
+<center>
3
+This is an copy & paste solution for your 64-bit server. A software overview and explanation can be found [here](/content/server/software-suite).
4
+
5
+> There is no image/iso at the moment. We are [working on creating a bootable USB stick](https://git.pwoss.xyz/server/installation). You have to use the combination guide & scratch for now.
6
+
7
+</center>
8
+------
9
+
10
+[[_TOC_]]
11
+
12
+&nbsp;
13
+
14
+# Important - before you start check following:
15
+
16
+1. Your router needs the possibility of port forwarding and the possibility to configure the DNS server for Pi-hole.
17
+2. You’ll need a DynDNS-Domain. For example, at https://www.noip.com/sign-up.
18
+
19
+&nbsp;
20
+
21
+## Info / Tip
22
+Some commands must be changed by you. The keywords will start with '__your-__'.
23
+- your-interface
24
+- your-password
25
+- your-location
26
+- etc.
27
+
28
+We will mark it with the words '__Input required:__' above the commands.
29
+
30
+Hit the tab key for autocompletion when typing commands.
31
+
32
+&nbsp;
33
+
34
+# 1. Wireless connection & test
35
+If you're using Ethernet (cable) connection, go to __Test Connection__. Keep going if you want to use your WIFI.
36
+
37
+```
38
+systemctl stop dhcpcd@interface.service
39
+```
40
+Check the wireless interface, this usually starts with a "w" for e.g. wlp2s1
41
+
42
+```
43
+ip link
44
+```
45
+
46
+&nbsp;
47
+
48
+__Input required:__
49
+Setup the wireless interface, replace the keyword '*your-interface*' with the one that starts with "w" e.g. wlp2s1.
50
+> Do not change 'ctrl_interface=...' to your interface.
51
+
52
+```
53
+ip link set your-interface up
54
+echo 'ctrl_interface=/run/wpa_supplicant' > wifi.conf
55
+wpa_passphrase SSID passphrase >> wifi.conf
56
+wpa_supplicant -B -i your-interface -c wifi.conf
57
+dhcpcd -A your-interface
58
+```
59
+
60
+&nbsp;
61
+
62
+## 1.1. Test connection
63
+
64
+```
65
+ping archlinux.org
66
+```
67
+
68
+It should look like this:
69
+```_ping archlinux.org
70
+PING archlinux.org (138.201.81.199) 56(84) bytes of data.
71
+64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=1 ttl=42 time=285 ms
72
+64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=2 ttl=42 time=285 ms
73
+64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=3 ttl=42 time=285 ms
74
+...
75
+```
76
+stop it with:
77
+ctrl + c
78
+
79
+> If no connection is available, stop the dhcpcd service with systemctl stop dhcpcd@interface where the interface name can be tab-completed.
80
+
81
+&nbsp;
82
+
83
+# 2. Keyboard
84
+
85
+&nbsp;
86
+
87
+__Input required:__
88
+If you have another keyboard that isn't _en_ you can change it with the following command:
89
+
90
+```
91
+ls /usr/share/kbd/keymaps/**/*.map.gz
92
+loadkeys your-keyboard
93
+```
94
+
95
+&nbsp;
96
+
97
+# 3. Format and delete all your partitions / HDD with parted
98
+We will delete all partitions and add 2 new partitions.
99
+If you have more than 1 HDD, you can use your first HDD (/dev/sda) for your /swap partition /root partition and /boot partition.
100
+Your second HDD can be used as the /home partition.
101
+
102
+> The instruction applies to one HDD (/dev/sda). If you have more than one, please create an [issue](https://git.pwoss.xyz/server/documentation/issues) or send us an [email](mailto:pwoss@pwoss.xyz).
103
+
104
+```
105
+parted -a optimal /dev/sda
106
+```
107
+Hereafter, your storage will be listed. Write it down. Our example is 750 GB.
108
+
109
+```
110
+print
111
+```
112
+Depending on the list of partitions - If you have more than two, continue with the _rm number_ command.
113
+
114
+```
115
+rm 1
116
+rm 2
117
+rm ...
118
+```
119
+Change Partition Table.
120
+
121
+```
122
+mklabel msdos
123
+```
124
+
125
+Add two partitions for __/boot__ and __/root__. We will use _LVM on LUKS_. There will be more "partitions" later.
126
+
127
+&nbsp;
128
+
129
+__/boot__
130
+```
131
+mkpart primary ext4 5 500
132
+toggle 1 boot
133
+```
134
+
135
+&nbsp;
136
+
137
+__/root__
138
+```
139
+mkpart primary ext4 500 100%
140
+```
141
+```
142
+quit
143
+```
144
+
145
+&nbsp;
146
+
147
+# 4. LVM on LUKS
148
+
149
+## 4.1. Preparing storage
150
+
151
+&nbsp;
152
+
153
+__Input required:__
154
+```
155
+cryptsetup luksFormat --type luks2 /dev/sda2
156
+```
157
+Choose your-password.
158
+
159
+&nbsp;
160
+
161
+__Input required:__
162
+```
163
+cryptsetup open /dev/sda2 cryptlvm
164
+```
165
+Enter your-password.
166
+
167
+&nbsp;
168
+
169
+## 4.2. Preparing the logical volumes
170
+```
171
+pvcreate /dev/mapper/cryptlvm
172
+```
173
+```
174
+vgcreate myStorage /dev/mapper/cryptlvm
175
+```
176
+```
177
+lvcreate -L 4G myStorage -n swap
178
+lvcreate -L 40G myStorage -n root
179
+lvcreate -l 100%FREE myStorage -n home
180
+```
181
+```
182
+mkfs.ext4 /dev/myStorage/root
183
+mkfs.ext4 /dev/myStorage/home
184
+mkswap /dev/myStorage/swap
185
+```
186
+```
187
+mount /dev/myStorage/root /mnt
188
+mkdir /mnt/home
189
+mount /dev/myStorage/home /mnt/home
190
+swapon /dev/myStorage/swap
191
+```
192
+
193
+&nbsp;
194
+
195
+## 4.3. Preparing the boot partition
196
+```
197
+cryptsetup luksFormat --type luks1 /dev/sda1
198
+```
199
+Choose your-password like before. You can use the same one if you want.
200
+
201
+```
202
+cryptsetup open /dev/sda1 lvm
203
+pvcreate /dev/mapper/lvm
204
+vgcreate boot /dev/mapper/lvm
205
+lvcreate -l 100%FREE boot -n boot
206
+mkfs.ext4 /dev/boot/boot
207
+mkdir /mnt/boot
208
+mount /dev/boot/boot /mnt/boot
209
+```
210
+
211
+&nbsp;
212
+
213
+# 5. Select the mirrors
214
+Search for your nearest mirror and put 2-3 of them on top of the list. Or just delete the lines before with ctrl + k.
215
+
216
+```
217
+nano /etc/pacman.d/mirrorlist
218
+```
219
+ctrl + x
220
+yes
221
+
222
+&nbsp;
223
+
224
+# 6. Install the base packages
225
+Check the processor type of your computer and use only one of the following command. _intel-ucode_ __OR__ _amd-ucode_?
226
+> Delete _wpa_supplicant_ if you are using Ethernet (cable).
227
+
228
+&nbsp;
229
+
230
+__amd-ucode__
231
+```
232
+pacstrap /mnt base base-devel openssh grub wpa_supplicant amd-ucode
233
+```
234
+
235
+&nbsp;
236
+
237
+__intel-ucode__
238
+```
239
+pacstrap /mnt base base-devel openssh grub wpa_supplicant intel-ucode
240
+```
241
+
242
+&nbsp;
243
+
244
+# 7. Configuring the boot loader
245
+Change the _GRUB_CMDLINE_LINUX=""_.
246
+
247
+```
248
+nano /mnt/etc/default/grub
249
+```
250
+```
251
+GRUB_CMDLINE_LINUX=""
252
+```
253
+to
254
+
255
+```
256
+GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:lvm cryptdevice=/dev/sda2:cryptlvm root=/dev/myStorage/root resume=/dev/myStorage/swap"
257
+```
258
+and change...
259
+
260
+```
261
+#GRUB_ENABLE_CRYPTODISK=y
262
+```
263
+to
264
+
265
+```
266
+GRUB_ENABLE_CRYPTODISK=y
267
+```
268
+You can also change _GRUB_TIMEOUT_. The computer starts immediately with your Arch system. Without waiting.
269
+Just change:
270
+
271
+```
272
+GRUB_TIMEOUT=5
273
+```
274
+to
275
+
276
+```
277
+GRUB_TIMEOUT=0
278
+```
279
+ctrl + x
280
+yes
281
+
282
+&nbsp;
283
+
284
+# 8. Configure the system
285
+## 8.1. Fstab
286
+```
287
+genfstab -U /mnt >> /mnt/etc/fstab
288
+```
289
+If the boot partition is listed. You'll need to add _#_ before the boot line.
290
+
291
+```
292
+nano /mnt/etc/fstab
293
+```
294
+Change:
295
+
296
+```
297
+UUID=your-number /boot ext4 rw,realtime,stripe=4
298
+```
299
+to
300
+
301
+```
302
+#UUID=your-number /boot ext4 rw,realtime,stripe=4
303
+```
304
+ctrl + x
305
+yes
306
+
307
+&nbsp;
308
+
309
+> If you have problems to mount the swap partition after reboot.
310
+Change the swap line as well.
311
+
312
+```
313
+UUID=your-number none swap defaults,pri=2 0 0
314
+```
315
+to
316
+
317
+```
318
+/dev/mapper/myStorage-swap none swap defaults,pri=2 0 0
319
+```
320
+ctrl + x
321
+yes
322
+
323
+&nbsp;
324
+
325
+## 8.2. Device /dev/xxx not initialized in udev database even after waiting 10000000 microseconds
326
+```
327
+mkdir /mnt/hostlvm
328
+mount --bind /run/lvm /mnt/hostlvm
329
+arch-chroot /mnt
330
+ln -s /hostlvm /run/lvm
331
+```
332
+
333
+&nbsp;
334
+
335
+## 8.3. Time zone
336
+
337
+&nbsp;
338
+
339
+__Input required:__
340
+> Hit TAB after .../zoneinfo/... .
341
+
342
+```
343
+ln -sf /usr/share/zoneinfo/your-region/your-city /etc/localtime
344
+hwclock --systohc
345
+```
346
+
347
+&nbsp;
348
+
349
+## 8.4. Localization
350
+Choose your location. For example:_en_US.UTF-8 UTF-8_
351
+
352
+```
353
+nano /etc/locale.gen
354
+```
355
+ctrl + x
356
+yes
357
+
358
+```
359
+locale-gen
360
+nano /etc/locale.conf
361
+```
362
+add - for example:_en_US.UTF-8 UTF-8_
363
+
364
+```
365
+LANG=en_US.UTF-8
366
+```
367
+ctrl + x
368
+yes
369
+
370
+&nbsp;
371
+
372
+__Input required:__
373
+> If you set the keyboard layout (check position 2 again).
374
+
375
+```
376
+/etc/vconsole.conf
377
+KEYMAP=your-keyboard
378
+```
379
+
380
+&nbsp;
381
+
382
+## 8.5. Network configuration
383
+```
384
+nano /etc/hostname
385
+```
386
+```
387
+myServer or myDesktop
388
+```
389
+ctrl + x
390
+yes
391
+
392
+```
393
+nano /etc/hosts
394
+```
395
+add
396
+
397
+```
398
+127.0.0.1 localhost
399
+127.0.1.1 myserver.localdomain myServer
400
+```
401
+ctrl + x
402
+yes
403
+
404
+&nbsp;
405
+
406
+## 8.6. Auto login /root partition - key file (only one passphrase for boot partition)
407
+```
408
+dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
409
+cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin
410
+chmod 000 /crypto_keyfile.bin
411
+```
412
+> Use your created password for the root partition. You created it a few steps further up.
413
+
414
+&nbsp;
415
+
416
+## 8.7. Automount boot partition
417
+```
418
+dd bs=512 count=4 if=/dev/urandom of=/.crypto_keyfile-boot.bin
419
+cryptsetup luksAddKey /dev/sda1 /.crypto_keyfile-boot.bin
420
+chmod 000 /.crypto_keyfile-boot.bin
421
+```
422
+```
423
+sudo nano /etc/fstab
424
+```
425
+Add:
426
+
427
+```
428
+/dev/boot/boot /boot ext4 rw,relatime 0 2
429
+```
430
+ctrl + x
431
+yes
432
+
433
+and
434
+
435
+```
436
+sudo nano /etc/crypttab
437
+```
438
+add to the bottom:
439
+
440
+```
441
+boot /dev/sda1 /.crypto_keyfile-boot.bin luks
442
+```
443
+ctrl + x
444
+yes
445
+
446
+&nbsp;
447
+
448
+## 8.8. Configuring mkinitcpio
449
+```
450
+nano /etc/mkinitcpio.conf
451
+```
452
+Change:
453
+
454
+```
455
+FILES=()
456
+```
457
+to
458
+
459
+```
460
+FILES=(/crypto_keyfile.bin)
461
+```
462
+and change:
463
+
464
+```
465
+HOOKS=(base udev autodetect modconf block filesystem keyboard fsck)
466
+```
467
+to
468
+
469
+```
470
+HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 resume filesystems fsck)
471
+```
472
+ctrl + x
473
+yes
474
+
475
+```
476
+mkinitcpio -p linux
477
+```
478
+
479
+&nbsp;
480
+
481
+## 8.9. Grub installation
482
+```
483
+grub-install /dev/sda
484
+grub-mkconfig -o /boot/grub/grub.cfg
485
+chmod -R g-rwx,o-rwx /boot
486
+```
487
+
488
+&nbsp;
489
+
490
+## 8.10. SSH connection
491
+```
492
+nano /etc/ssh/sshd_config
493
+```
494
+Change:
495
+
496
+```
497
+#port 22
498
+#PermitRootLogin prohibit-password
499
+```
500
+to
501
+
502
+```
503
+port 22
504
+PermitRootLogin yes
505
+```
506
+ctrl + x
507
+yes
508
+
509
+> We will change the root login back later when we add another user.
510
+
511
+```
512
+systemctl enable sshd.service && systemctl start sshd.service
513
+```
514
+Check your server IP address:
515
+
516
+```
517
+ip a s
518
+```
519
+Depends on your setup you'll see a line like:
520
+
521
+```
522
+inet 192.168.1.76/24
523
+```
524
+> Don't take attention to the loopback (Number 1). Check Number 2 or 3 and write the IP down.
525
+> Only write _192.168.1.76_ down
526
+
527
+&nbsp;
528
+
529
+## 8.11. Set root password and reboot
530
+
531
+&nbsp;
532
+
533
+__Input required:__
534
+Set the root password:
535
+```
536
+passwd
537
+your-password
538
+```
539
+You can start your freshly installed Arch Linux system now.
540
+
541
+```
542
+exit
543
+umount -R /mnt
544
+reboot now -h
545
+```
546
+> Don't forget to change the BIOS - Boot Priority. Change it back to your HDD.
547
+
548
+## 8.12. SSH server connection from another device
549
+```
550
+ssh root@192.168.1.76
551
+```
552
+
553
+&nbsp;
554
+
555
+# 9. Change timezone
556
+
557
+```
558
+timedatectl set-ntp true && timedatectl list-timezones
559
+```
560
+
561
+Choose your timezone and copy it.
562
+ctrl z
563
+
564
+&nbsp;
565
+
566
+__Input required:__
567
+```
568
+timedatectl set-timezone your-location
569
+```
570
+ctrl + x
571
+yes
572
+
573
+&nbsp;
574
+
575
+# 10. Wpa_supplicant
576
+If you're using Ethernet (cable) connection, go to __Test Connection__. Keep going if you want to use your WIFI.
577
+
578
+```
579
+ip link
580
+```
581
+
582
+&nbsp;
583
+
584
+__Input required:__
585
+Setup the wireless interface, replace the keyword '*your-interface*' with the one that starts with "w" e.g. wlp2s1.
586
+
587
+```
588
+wpa_passphrase SSID passphrase > /etc/wpa_supplicant/wpa_supplicant-your-interface.conf
589
+nano /etc/wpa_supplicant/wpa_supplicant-your-interface.conf
590
+```
591
+Add on top:
592
+> Do not change 'ctrl_interface=...' to your interface.
593
+
594
+```
595
+# Giving configuration update rights to wpa_cli
596
+ctrl_interface=/run/wpa_supplicant
597
+ctrl_interface_group=wheel
598
+update_config=1
599
+```
600
+ctrl + x
601
+yes
602
+
603
+&nbsp;
604
+
605
+__Input required:__
606
+```
607
+systemctl enable wpa_supplicant@your-interface
608
+ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /usr/lib/dhcpcd/dhcpcd-hooks/
609
+systemctl enable dhcpcd.service
610
+```
611
+Reboot and check it.
612
+
613
+```
614
+reboot now -h
615
+```
616
+
617
+&nbsp;
618
+
619
+## 10.1. Test connection
620
+
621
+```
622
+ping archlinux.org
623
+```
624
+
625
+It should look like this:
626
+```_ping archlinux.org
627
+PING archlinux.org (138.201.81.199) 56(84) bytes of data.
628
+64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=1 ttl=42 time=285 ms
629
+64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=2 ttl=42 time=285 ms
630
+64 bytes from apollo.archlinux.org (138.201.81.199): icmp_seq=3 ttl=42 time=285 ms
631
+...
632
+```
633
+stop it with:
634
+ctrl + c
635
+
636
+> If no connection is available, stop the dhcpcd service with systemctl stop dhcpcd@interface where the interface name can be tab-completed.
637
+
638
+&nbsp;
639
+
640
+# 11. Add another user
641
+
642
+&nbsp;
643
+
644
+__Input required:__
645
+```
646
+useradd -m -G wheel -s /bin/bash pwoss
647
+passwd pwoss
648
+your-password
649
+```
650
+
651
+&nbsp;
652
+
653
+## 11.1. Change SSH connection to user pwoss
654
+```
655
+nano /etc/ssh/sshd_config
656
+```
657
+Change:
658
+
659
+```
660
+PermitRootLogin yes
661
+```
662
+to
663
+
664
+```
665
+PermitRootLogin no
666
+```
667
+and allow user pwoss instead
668
+
669
+```
670
+AllowUsers pwoss
671
+```
672
+ctrl + x
673
+yes
674
+
675
+> You can add _AllowUsers pwoss_ underneath of _PermitRootLogin no_.
676
+
677
+```
678
+systemctl restart sshd.service
679
+```
680
+
681
+> Don't forget to change your ssh connection command.
682
+> _ssh root@192.168.1.76_ __to__ _ssh pwoss@192.168.1.76_
683
+
684
+&nbsp;
685
+
686
+# 12. Add user to sudo
687
+```
688
+pacman -S sudo --noconfirm && visudo
689
+```
690
+
691
+Uncomment:
692
+
693
+```
694
+# %wheel ALL=(ALL) ALL
695
+```
696
+
697
+to
698
+
699
+```
700
+%wheel ALL=(ALL) ALL
701
+```
702
+shift + :
703
+wq
704
+
705
+```
706
+su - pwoss
707
+```
708
+
709
+&nbsp;
710
+
711
+# 13. Pikaur - AUR-Helper
712
+```
713
+sudo pacman -S packer git base-devel
714
+```
715
+
716
+> Enter (default=all)
717
+
718
+```
719
+cd && mkdir software && cd software && git clone https://github.com/actionless/pikaur.git && cd pikaur && makepkg -fsri --noconfirm
720
+```
721
+
722
+&nbsp;
723
+
724
+# 14. Downgrade
725
+```
726
+pikaur -S downgrade --noconfirm
727
+```
728
+
729
+&nbsp;
730
+
731
+# 15. Crontab
732
+```
733
+sudo pacman -S cronie --noconfirm && sudo systemctl enable cronie.service && sudo systemctl start cronie.service
734
+```
735
+
736
+&nbsp;
737
+
738
+# 16. Change editor to nano
739
+```
740
+sudo nano /etc/environment
741
+```
742
+
743
+Paste under the lines:
744
+
745
+```
746
+export EDITOR=/usr/bin/nano
747
+```
748
+
749
+ctrl + x
750
+yes
751
+
752
+&nbsp;
753
+
754
+# 17. MariaDB
755
+```
756
+sudo pacman -S mariadb --noconfirm && sudo mysql_install_db --user=mysql --basedir=/usr/ --ldata=/var/lib/mysql/ && sudo systemctl enable mariadb.service && sudo systemctl start mariadb.service && sudo mysql_secure_installation
757
+```
758
+
759
+Hit enter and set up the mysql root password (use a good password) and hit the following enter for yes.
760
+
761
+&nbsp;
762
+
763
+# 18. Seafile server
764
+
765
+&nbsp;
766
+
767
+## 18.1. Needed packages
768
+
769
+```
770
+sudo pacman -S fuse2 libarchive vala libevent libldap libmariadbclient python2-chardet python2-dateutil python2-django python-flup python2-gunicorn python2-memcached python2-openpyxl python2-pillow python2-pytz python2-requests python2-requests-oauthlib python2-six mysql-python wget --noconfirm
771
+```
772
+```
773
+pikaur -S libevhtp-seafile libsearpc python2-qrcode python2-cas python2-django-compressor python2-django-constance python2-django-picklefield python2-django-post-office python2-django-rest-framework python2-django-simple-captcha python2-django-statici18n python2-django-webpack-loader python2-django-pylibmc python2-wsgidav-seafile libselinux --noconfirm
774
+```
775
+> Enter Y (Yes) for everything.
776
+
777
+&nbsp;
778
+
779
+## 18.2. Seafile user & Seafile data path
780
+```
781
+sudo useradd -m -r -d /srv/seafile -s /usr/bin/nologin seafile
782
+```
783
+
784
+&nbsp;
785
+
786
+## 18.3. Seafile installation
787
+```
788
+sudo -u seafile -s /bin/sh
789
+```
790
+```
791
+cd && mkdir installed && wget https://download.seadrive.org/seafile-server_6.3.4_x86-64.tar.gz && tar -xzf seafile-server_* && mv seafile-server_* installed && cd seafile-server-* && ./setup-seafile-mysql.sh
792
+```
793
+
794
+&nbsp;
795
+
796
+Enter
797
+__Input required:__
798
+```
799
+servername = myServer
800
+ip = your-server_ip
801
+/srv/seafile/seafile-data = your-storage_path
802
+```
803
+
804
+Hit enter for “8082”
805
+Hit 1
806
+Hit enter for “localhost” and “3306”
807
+> What is the password of the mysql root user?
808
+
809
+&nbsp;
810
+
811
+__Input required:__
812
+```
813
+your-password
814
+```
815
+
816
+Hit enter for “mysql user”
817
+
818
+&nbsp;
819
+
820
+__Input required:__
821
+Create a seafile-mysql user password:
822
+```
823
+Enter the password for mysql user "seafile": your-password
824
+```
825
+
826
+Hit enter for “[ ccnet database ]”
827
+Hit enter for “[ seafile database ]”
828
+Hit enter for “[ seahub database ]”
829
+Enter through and wait until it’s done
830
+
831
+```
832
+./seafile.sh start
833
+./seahub.sh start
834
+```
835
+
836
+&nbsp;
837
+
838
+__Input required:__
839
+> enter admin email
840
+
841
+```
842
+your-@emailaddress.com
843
+```
844
+
845
+&nbsp;
846
+
847
+__Input required:__
848
+> enter admin password
849
+
850
+```
851
+your-password
852
+```
853
+
854
+&nbsp;
855
+
856
+> python2-urllib3 downgrade is still necessary to _python2-urllib3-1.23-2_
857
+> [PwOSS - Link](https://pwoss.xyz/downgrade-seafile-server-internal-server-error-couldnt-load-libraries/)
858
+
859
+```
860
+downgrade python2-urllib3
861
+```
862
+
863
+&nbsp;
864
+
865
+## 18.4. Seafile server autostart
866
+```
867
+sudo nano /etc/systemd/system/seafile.service
868
+```
869
+```
870
+[Unit]
871
+Description=Seafile
872
+# add mysql.service or postgresql.service depending on your database to the line below
873
+After=network-online.target network.target mariadb.service
874
+
875
+[Service]
876
+Type=oneshot
877
+ExecStart=/srv/seafile/seafile-server-latest/seafile.sh start
878
+ExecStop=/srv/seafile/seafile-server-latest/seafile.sh stop
879
+RemainAfterExit=yes
880
+User=seafile
881
+Group=seafile
882
+
883
+[Install]
884
+WantedBy=multi-user.target
885
+```
886
+ctrl + x
887
+yes
888
+
889
+```
890
+sudo nano /etc/systemd/system/seahub.service
891
+```
892
+```
893
+[Unit]
894
+Description=Seafile hub
895
+After=network-online.target network.target seafile.service
896
+
897
+[Service]
898
+# change start to start-fastcgi if you want to run fastcgi
899
+ExecStart=/srv/seafile/seafile-server-latest/seahub.sh start
900
+ExecStop=/srv/seafile/seafile-server-latest/seahub.sh stop
901
+User=seafile
902
+Group=seafile
903
+Type=oneshot
904
+RemainAfterExit=yes
905
+
906
+[Install]
907
+WantedBy=multi-user.target
908
+```
909
+ctrl + x
910
+yes
911
+
912
+```
913
+sudo systemctl enable seafile.service && sudo systemctl enable seahub.service
914
+```
915
+
916
+&nbsp;
917
+
918
+## 18.5. SeafDav (WebDav)
919
+```
920
+cd && cd conf && nano seafdav.conf
921
+```
922
+
923
+Change:
924
+
925
+```
926
+enabled = false
927
+```
928
+
929
+to
930
+
931
+```
932
+enabled = true
933
+```
934
+
935
+ctrl + x
936
+yes
937
+
938
+```
939
+cd && cd seafile-server-latest && ./seafile.sh restart && ./seahub.sh restart
940
+```
941
+
942
+&nbsp;
943
+
944
+# 19. Radicale
945
+```
946
+sudo pacman -S radicale python-setuptools --noconfirm && su
947
+```
948
+
949
+> The root user password
950
+
951
+```
952
+mkdir -p /var/lib/radicale/collections && chown -R radicale:radicale /var/lib/radicale/collections && chmod -R o= /var/lib/radicale/collections && nano /etc/systemd/system/radicale.service
953
+```
954
+
955
+Hit enter until the nano editor window pop up and add:
956
+
957
+```
958
+[Unit]
959
+Description=A simple CalDAV (calendar) and CardDAV (contact) server
960
+After=network.target
961
+Requires=network.target
962
+
963
+[Service]
964
+ExecStart=/usr/bin/env python3 -m radicale
965
+Restart=on-failure
966
+User=radicale
967
+
968
+# Deny other users access to the calendar data
969
+UMask=0027
970
+
971
+# Optional security settings
972
+PrivateTmp=true
973
+ProtectSystem=strict
974
+ProtectHome=true
975
+PrivateDevices=true
976
+ProtectKernelTunables=true
977
+ProtectKernelModules=true
978
+ProtectControlGroups=true
979
+NoNewPrivileges=true
980
+ReadWritePaths=/var/lib/radicale/collections
981
+
982
+[Install]
983
+WantedBy=multi-user.target
984
+```
985
+
986
+ctrl + x
987
+yes
988
+
989
+```
990
+nano /etc/radicale/config
991
+```
992
+
993
+Change:
994
+
995
+```
996
+# hosts = 127.0.0.1:5232
997
+```
998
+to
999
+
1000
+```
1001
+hosts = 192.168.1.76:5232
1002
+```
1003
+and the following too
1004
+
1005
+```
1006
+# type = none
1007
+type = htpasswd
1008
+# htpasswd_filename = /etc/radicale/users
1009
+htpasswd_filename = /etc/radicale/users
1010
+# htpasswd_encryption = bcrypt
1011
+htpasswd_encryption = plain
1012
+# delay = 1
1013
+delay = 1
1014
+# max_connections = 20
1015
+max_connections = 20
1016
+# max_content_length = 10000000
1017
+max_content_length = 10000000
1018
+# timeout = 10
1019
+timeout = 10
1020
+```
1021
+
1022
+ctrl + x
1023
+yes
1024
+
1025
+```
1026
+nano /etc/radicale/users
1027
+```
1028
+
1029
+&nbsp;
1030
+
1031
+__Input required:__
1032
+> Change to your Family Member for example.
1033
+
1034
+```
1035
+your-user1:your-user1_password
1036
+your-user2:your-user2_password
1037
+...
1038
+```
1039
+
1040
+ctrl + x
1041
+yes
1042
+
1043
+```
1044
+systemctl enable radicale && systemctl start radicale && systemctl status radicale
1045
+```
1046
+
1047
+```
1048
+su - pwoss
1049
+```
1050
+
1051
+&nbsp;
1052
+
1053
+# 20. OpenVPN
1054
+```
1055
+sudo groupadd nogroup
1056
+```
1057
+
1058
+&nbsp;
1059
+
1060
+## 20.1. DDClient-Dynamic DNS
1061
+```
1062
+sudo pacman -S ddclient --noconfirm && sudo nano /etc/ddclient/ddclient.conf
1063
+```
1064
+
1065
+&nbsp;
1066
+
1067
+__Input required:__
1068
+Add following lines and change the "login=","password=", and the domain at the bottom.
1069
+```
1070
+For noip
1071
+protocol=dyndns2
1072
+use=web, if=eth0
1073
+server=dynupdate.no-ip.com
1074
+login=your-@emailaddress.com
1075
+password='your-password'
1076
+your-dyndns_domain
1077
+```
1078
+```
1079
+sudo crontab -e
1080
+```
1081
+
1082
+add
1083
+
1084
+```
1085
+#######################DDClient
1086
+45 04 * * * /usr/sbin/ddclient --force
1087
+##################################
1088
+```
1089
+
1090
+&nbsp;
1091
+
1092
+## 20.2. Easy-RSA
1093
+```
1094
+sudo pacman -S openvpn easy-rsa --noconfirm && sudo su
1095
+cd /etc/easy-rsa
1096
+export EASYRSA=$(pwd)
1097
+easyrsa init-pki
1098
+easyrsa build-ca nopass
1099
+```
1100
+
1101
+&nbsp;
1102
+
1103
+__Input required:__
1104
+> Change 'your-dyndns_domain' to your domain.
1105
+
1106
+```
1107
+Common Name (eg: your user, host, or server name) [Easy-RSA CA]:your-dyndns_domain
1108
+Your new CA certificate file for publishing is at:/etc/easy-rsa/pki/ca.crt
1109
+cp /etc/easy-rsa/pki/ca.crt /etc/openvpn/server/
1110
+easyrsa gen-req ArchServer nopass
1111
+your-dyndns_domain
1112
+```
1113
+
1114
+Enter
1115
+
1116
+```
1117
+cp /etc/easy-rsa/pki/private/ArchServer.key /etc/openvpn/server/
1118
+openssl dhparam -out /etc/openvpn/server/dh.pem 2048
1119
+```
1120
+
1121
+> This takes around 20 minutes
1122
+
1123
+&nbsp;
1124
+
1125
+__Input required:__
1126
+> Change 'your-device' like Smartphone / Laptop etc.
1127
+
1128
+```
1129
+openvpn --genkey --secret /etc/openvpn/server/ta.key
1130
+easyrsa gen-req your-device
1131
+```
1132
+
1133
+Enter your-password and _NO COMMON NAME_!!
1134
+Hit enter
1135
+
1136
+```
1137
+easyrsa sign-req server ArchServer
1138
+```
1139
+
1140
+yes
1141
+
1142
+&nbsp;
1143
+
1144
+__Input required:__
1145
+> Change 'your-device' like Smartphone / Laptop etc.
1146
+```
1147
+easyrsa sign-req client your-device
1148
+```
1149
+
1150
+yes
1151
+
1152
+```
1153
+mv /etc/easy-rsa/pki/issued/ArchServer.crt /etc/openvpn/server/
1154
+mkdir /etc/easy-rsa/pki/signed
1155
+mv /etc/easy-rsa/pki/issued/your-device.crt /etc/easy-rsa/pki/signed
1156
+exit
1157
+```
1158
+
1159
+&nbsp;
1160
+
1161
+## 20.3. Client config & ovpngen AUR
1162
+```
1163
+cd && pikaur -S ovpngen --noconfirm
1164
+```
1165
+
1166
+&nbsp;
1167
+
1168
+__Input required:__
1169
+> Change 'your-dyndns_domain' to your domain.
1170
+> Change 'your-device' like Smartphone / Laptop etc.
1171
+
1172
+```
1173
+sudo ovpngen your-dyndns_domain /etc/openvpn/server/ca.crt /etc/easy-rsa/pki/signed/your-device.crt /etc/easy-rsa/pki/private/your-device.key /etc/openvpn/server/ta.key > your-device.ovpn
1174
+sudo nano your-device.ovpn
1175
+```
1176
+
1177
+&nbsp;
1178
+
1179
+__Input required:__
1180
+> Change 'your-dyndns_domain' to your domain.
1181
+
1182
+```
1183
+remote your-dyndns_domain 1194 udp
1184
+```
1185
+and add behind ‘verb 3’
1186
+
1187
+```
1188
+cipher AES-256-CBC
1189
+auth SHA512
1190
+resolv-retry infinite
1191
+tls-version-min 1.2
1192
+auth-nocache
1193
+remote-cert-tls server
1194
+comp-lzo
1195
+```
1196
+ctrl + x
1197
+yes
1198
+
1199
+&nbsp;
1200
+
1201
+__Input required:__
1202
+Copy the file to your Phone and import the file to the “OpenVPN for Android” application or to your computer.
1203
+```
1204
+sudo scp your-device.ovpn your-copmputer/your-user@192.168.1.xxx:/home/your-user/
1205
+```
1206
+
1207
+&nbsp;
1208
+
1209
+## 20.4. Server config
1210
+```
1211
+sudo nano /etc/openvpn/server/server.conf
1212
+```
1213
+
1214
+> Change the IP to your home network if it’s necessary.
1215
+
1216
+```
1217
+# your local subnet
1218
+push "route 192.168.1.0 255.255.255.0"
1219
+```
1220
+
1221
+Change the client's number depends on your needs.
1222
+
1223
+```
1224
+max-clients 2
1225
+```
1226
+```
1227
+port 1194
1228
+proto udp
1229
+dev tun
1230
+ca /etc/openvpn/server/ca.crt
1231
+cert /etc/openvpn/server/ArchServer.crt
1232
+key /etc/openvpn/server/ArchServer.key
1233
+dh /etc/openvpn/server/dh.pem
1234
+server 10.8.0.0 255.255.255.0
1235
+# server and remote endpoints
1236
+ifconfig 10.8.0.1 10.8.0.2
1237
+# Add route to Client routing table for the OpenVPN Server
1238
+push "route 10.8.0.1 255.255.255.255"
1239
+# Add route to Client routing table for the OPenVPN Subnet
1240
+push "route 10.8.0.0 255.255.255.0"
1241
+# your local subnet
1242
+push "route 192.168.1.0 255.255.255.0"
1243
+# Set your primary domain name server address for clients
1244
+
1245
+########################Pi-hole
1246
+push "dhcp-option DNS 192.168.1.76"
1247
+###############################
1248
+
1249
+###### https://dns.watch/
1250
+#push "dhcp-option DNS 84.200.69.80"
1251
+#push "dhcp-option DNS 84.200.70.40"
1252
+# Override the Client default gateway by using 0.0.0.0/1 and
1253
+# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
1254
+# overriding but not wiping out the original default gateway.
1255
+#push "redirect-gateway def1"
1256
+push "redirect-gateway def1 bypass-dhcp"
1257
+
1258
+client-to-client
1259
+duplicate-cn
1260
+keepalive 10 120
1261
+tls-version-min 1.2
1262
+tls-auth /etc/openvpn/server/ta.key 0
1263
+cipher AES-256-CBC
1264
+auth SHA512
1265
+#comp-lzo
1266
+compress lz4-v2
1267
+push "compress lz4-v2"
1268
+user nobody
1269
+group nogroup
1270
+persist-key
1271
+persist-tun
1272
+max-clients 2
1273
+remote-cert-tls client
1274
+#client-connect /etc/openvpn/vpn-connect.sh
1275
+#client-disconnect /etc/openvpn/vpn-disconnect.sh
1276
+#script-security 2
1277
+#crl-verify /etc/openvpn/crl.pem
1278
+status /var/log/openvpn-status.log 20
1279
+status-version 3
1280
+log /var/log/openvpn.log
1281
+verb 3
1282
+ifconfig-pool-persist ipp.txt
1283
+log-append /var/log/openvpn
1284
+status /tmp/vpn.status 10
1285
+```
1286
+ctrl + x
1287
+yes
1288
+
1289
+```
1290
+sudo systemctl enable openvpn-server@server.service && sudo systemctl start openvpn-server@server.service
1291
+```
1292
+
1293
+&nbsp;
1294
+
1295
+## 20.5. New clients
1296
+
1297
+&nbsp;
1298
+
1299
+__Input required:__
1300
+> Change 'your-device' like Smartphone / Laptop etc.
1301
+
1302
+```
1303
+sudo su && cd /etc/easy-rsa
1304
+easyrsa gen-req your-device
1305
+```
1306
+
1307
+Enter your password and _NO COMMON NAME_!!
1308
+Hit enter
1309
+
1310
+&nbsp;
1311
+
1312
+__Input required:__
1313
+```
1314
+easyrsa sign-req client your-device
1315
+```
1316
+
1317
+yes
1318
+
1319
+&nbsp;
1320
+
1321
+__Input required:__
1322
+> Change 'your-dyndns_domain' to your domain.
1323
+> Change 'your-device' like Smartphone / Laptop etc.
1324
+
1325
+```
1326
+mv /etc/easy-rsa/pki/issued/your-device.crt /etc/easy-rsa/pki/signed
1327
+```
1328
+```
1329
+sudo ovpngen yourDYNDNSdomain.com /etc/openvpn/server/ca.crt /etc/easy-rsa/pki/signed/your-device.crt /etc/easy-rsa/pki/private/your-device.key /etc/openvpn/server/ta.key > your-device.ovpn
1330
+sudo nano your-device.ovpn
1331
+```
1332
+
1333
+&nbsp;
1334
+
1335
+__Input required:__
1336
+> Change 'your-dyndns_domain' to your domain.
1337
+
1338
+```
1339
+remote your-dyndns_domain 1194 udp
1340
+```
1341
+and add behind ‘verb 3’
1342
+
1343
+```
1344
+cipher AES-256-CBC
1345
+auth SHA512
1346
+resolv-retry infinite
1347
+tls-version-min 1.2
1348
+auth-nocache
1349
+remote-cert-tls server
1350
+comp-lzo
1351
+```
1352
+ctrl + x
1353
+yes
1354
+
1355
+&nbsp;
1356
+
1357
+__Input required:__
1358
+Copy the file to your Phone and import the file to the “OpenVPN for Android” application or to your computer.
1359
+```
1360
+sudo scp your-device.ovpn your-copmputer/your-user@192.168.1.xxx:/home/your-user/
1361
+```
1362
+
1363
+&nbsp;
1364
+
1365
+# 21. UFW
1366
+```
1367
+sudo pacman -S ufw --noconfirm && sudo nano /etc/default/ufw
1368
+```
1369
+
1370
+Change:
1371
+
1372
+```
1373
+DEFAULT_FORWARD_POLICY="DROP"
1374
+```
1375
+
1376
+to
1377
+
1378
+```
1379
+DEFAULT_FORWARD_POLICY="ACCEPT"
1380
+```
1381
+```
1382
+sudo nano /etc/ufw/before.rules
1383
+```
1384
+
1385
+&nbsp;
1386
+
1387
+__Input required:__
1388
+Add after header (# ufw-before-forward) and before (# Don't delete these required lines, otherwise there will be errors and change the '_your-interface_'
1389
+
1390
+```
1391
+# NAT (Network Address Translation) table rules
1392
+*nat
1393
+:POSTROUTING ACCEPT [0:0]
1394
+
1395
+# Allow traffic from clients to the interface
1396
+-A POSTROUTING -s 10.8.0.0/24 -o your-interface -j MASQUERADE
1397
+
1398
+# do not delete the "COMMIT" line or the NAT table rules above will not be processed
1399
+COMMIT
1400
+```
1401
+ctrl + x
1402
+yes
1403
+
1404
+```
1405
+sudo ufw allow ssh && sudo ufw allow 1194/udp && sudo ufw allow 8000/tcp && sudo ufw allow 8080/tcp && sudo ufw allow 8082/tcp && sudo ufw allow 5232/tcp
1406
+```
1407
+
1408
+y
1409
+
1410
+```
1411
+sudo nano /etc/ufw/sysctl.conf
1412
+```
1413
+
1414
+Uncomment:
1415
+
1416
+```
1417
+#net/ipv4/ip_forward=1
1418
+```
1419
+
1420
+to
1421
+
1422
+```
1423
+net/ipv4/ip_forward=1
1424
+```
1425
+
1426
+ctrl + x
1427
+yes
1428
+
1429
+```
1430
+sudo ufw enable && sudo systemctl enable ufw.service && sudo systemctl start ufw.service
1431
+```
1432
+YES
1433
+
1434
+&nbsp;
1435
+
1436
+# 22. Bash completion
1437
+```
1438
+sudo pacman -S bash-completion --noconfirm && nano ~/.bashrc
1439
+```
1440
+Add to the bottom:
1441
+
1442
+```
1443
+if [ -f /etc/bash_completion ]; then          
1444
+. /etc/bash_completion
1445
+fi
1446
+export EDITOR=/usr/bin/nano
1447
+export VISUAL=$EDITOR
1448
+```
1449
+
1450
+ctrl + x
1451
+yes
1452
+
1453
+&nbsp;
1454
+
1455
+# 23. Nginx
1456
+```
1457
+sudo pacman -S nginx-mainline --noconfirm && sudo nano /etc/nginx/nginx.conf
1458
+```
1459
+Change _worker_processes  1;_
1460
+to
1461
+
1462
+```
1463
+worker_processes  4;
1464
+```
1465
+And add to the bottom one line before
1466
+_}_
1467
+
1468
+```
1469
+include sites-enabled/*; # See Server blocks
1470
+```
1471
+ctrl + x
1472
+yes
1473
+
1474
+```
1475
+sudo mkdir /etc/nginx/sites-available && sudo mkdir /etc/nginx/sites-enabled && sudo systemctl enable nginx.service && sudo systemctl start nginx.service
1476
+```
1477
+
1478
+&nbsp;
1479
+
1480
+# 24. PHP
1481
+```
1482
+sudo pacman -S php php-fpm php-gd php-sqlite --noconfirm
1483
+```
1484
+
1485
+&nbsp;
1486
+
1487
+__Input required:__
1488
+Uncomment the following lines in /etc/php/php.ini: (Delete ; )
1489
+
1490
+```
1491
+sudo nano /etc/php/php.ini
1492
+date.timezone = your-location
1493
+```
1494
+Change:
1495
+
1496
+```
1497
+;open_basedir =
1498
+```
1499
+to
1500
+
1501
+```
1502
+open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/
1503
+```
1504
+```
1505
+...
1506
+extension=pdo_sqlite
1507
+extension=sockets
1508
+extension=sqlite3
1509
+extension=pdo_mysql
1510
+extension=mysqli
1511
+extension=gd
1512
+```
1513
+and change:
1514
+
1515
+```
1516
+expose_php = On
1517
+```
1518
+to
1519
+
1520
+```
1521
+expose_php = Off
1522
+```
1523
+ctrl + x
1524
+yes
1525
+
1526
+```
1527
+sudo systemctl enable php-fpm.service && sudo systemctl start php-fpm.service
1528
+```
1529
+
1530
+&nbsp;
1531
+
1532
+# 25. Adminer
1533
+```
1534
+pikaur -S adminer --noconfirm && sudo nano /etc/nginx/sites-available/adminer
1535
+```
1536
+Add the following lines and change the IP address to your server IP:
1537
+
1538
+```
1539
+server {
1540
+ listen 22322;
1541
+ server_name 192.168.1.76;
1542
+
1543
+ root /usr/share/webapps/adminer;
1544
+
1545
+# If you want to use a .htpass file, uncomment the three following lines.
1546
+#auth_basic "Admin-Area! Password needed!";
1547
+#auth_basic_user_file /usr/share/webapps/adminer/.htpass;
1548
+#access_log /var/log/nginx/adminer-access.log;
1549
+
1550
+error_log /var/log/nginx/adminer-error.log;
1551
+
1552
+location / {
1553
+ index index.php;
1554
+ try_files $uri $uri/ /index.php?$args;
1555
+ }
1556
+
1557
+ location ~ .php$ {
1558
+ include fastcgi.conf;
1559
+# fastcgi_pass localhost:9000;
1560
+ fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
1561
+ fastcgi_index index.php;
1562
+ fastcgi_param SCRIPT_FILENAME /usr/share/webapps/adminer$fastcgi_script_name;
1563
+ }
1564
+}
1565
+```
1566
+ctrl + x
1567
+yes
1568
+
1569
+```
1570
+sudo ln -s /etc/nginx/sites-available/adminer /etc/nginx/sites-enabled/ && sudo ufw allow 22322/tcp && sudo systemctl restart nginx.service
1571
+```
1572
+> check http://your-server_ip:22322/adminer
1573
+
1574
+&nbsp;
1575
+
1576
+# 26. Msmtp
1577
+```
1578
+sudo pacman -S msmtp msmtp-mta --noconfirm && sudo nano /etc/msmtprc
1579
+```
1580
+
1581
+&nbsp;
1582
+
1583
+__Input required:__
1584
+Add and change all "PwOSS", 'your-@emailaddress.com' and 'your-password' settings to your provider.
1585
+
1586
+```
1587
+# Set default values for all following accounts.
1588
+defaults
1589
+auth on
1590
+tls on
1591
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
1592
+logfile ~/.msmtp.log
1593
+
1594
+# PwOSS
1595
+account pwoss
1596
+host smtp.pwoss.xyz
1597
+port 587
1598
+from your-@emailaddress.com
1599
+user your-@emailaddress.com
1600
+password your-password
1601
+
1602
+
1603
+# Set a default account
1604
+account default : pwoss
1605
+```
1606
+ctrl + x
1607
+yes
1608
+
1609
+If you want to get info/emails from your crontab add the following line:
1610
+
1611
+```
1612
+sudo nano /usr/lib/systemd/system/cronie.service
1613
+```
1614
+Change:
1615
+
1616
+```
1617
+ExecStart=/usr/bin/crond -n
1618
+```
1619
+to
1620
+
1621
+```
1622
+ExecStart=/usr/bin/crond -n -m '/usr/bin/msmtp -t'
1623
+```
1624
+ctrl + x
1625
+yes
1626
+
1627
+```
1628
+sudo systemctl daemon-reload && sudo systemctl restart cronie.service
1629
+```
1630
+
1631
+&nbsp;
1632
+
1633
+__Input required:__
1634
+Test it:
1635
+> Change email
1636
+
1637
+```
1638
+echo "PwOSS - Server" | msmtp -a default your-@emailaddress.com
1639
+```
1640
+> Check your spam folder.
1641
+
1642
+&nbsp;
1643
+
1644
+# 27. Pi-hole
1645
+```
1646
+pikaur -S pi-hole-server --noconfirm && sudo nano /etc/resolvconf.conf
1647
+```
1648
+Uncomment:
1649
+
1650
+```
1651
+#name_servers=127.0.0.1
1652
+```
1653
+to
1654
+
1655
+```
1656
+name_servers=127.0.0.1
1657
+```
1658
+ctrl + x
1659
+yes
1660
+
1661
+```
1662
+sudo resolvconf -u
1663
+```
1664
+```
1665
+sudo nano /etc/hosts
1666
+```
1667
+Add to the bottom (change the IP to yours)
1668
+
1669
+```
1670
+192.168.1.76 pi.hole myServer
1671
+```
1672
+ctrl + x
1673
+yes
1674
+
1675
+```
1676
+sudo nano /etc/nginx/nginx.conf
1677
+```
1678
+Change:
1679
+
1680
+```
1681
+#gzip  on;
1682
+```
1683
+to
1684
+
1685
+```
1686
+gzip  on;
1687
+```
1688
+and add under gzip on;
1689
+
1690
+```
1691
+ gzip_min_length 1000;
1692
+ gzip_proxied expired no-cache no-store private auth;
1693
+ gzip_types text/plain application/xml application/json application/javascript application/octet-stream text/css;
1694
+ include /etc/nginx/conf.d/*.conf;
1695
+```
1696
+ctrl + x
1697
+yes
1698
+
1699
+```
1700
+sudo cp /usr/share/pihole/configs/nginx.example.conf /etc/nginx/sites-available/pihole && sudo nano /etc/nginx/sites-available/pihole
1701
+```
1702
+and change:
1703
+
1704
+```
1705
+listen 80 default_server;
1706
+ listen [::]:80 default_server;
1707
+server_name _;
1708
+```
1709
+to
1710
+
1711
+```
1712
+listen 987 default_server;
1713
+ listen [::]:987 default_server;
1714
+server_name 192.168.1.76; # Your server IP address
1715
+```
1716
+and change:
1717
+
1718
+```
1719
+ fastcgi_pass 127.0.0.1:9000;
1720
+```
1721
+to
1722
+
1723
+```
1724
+ fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
1725
+```
1726
+ctrl + x
1727
+yes
1728
+
1729
+```
1730
+sudo ln -s /etc/nginx/sites-available/pihole /etc/nginx/sites-enabled/ && sudo nano /etc/php/php.ini
1731
+```
1732
+Add behind the others _/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/_
1733
+
1734
+```
1735
+:/srv/http/pihole:/run/pihole-ftl/pihole-FTL.port:/run/log/pihole/pihole.log:/run/log/pihole-ftl/pihole-FTL.log:/etc/pihole:/etc/hosts:/etc/hostname:/etc/dnsmasq.d:/proc/meminfo:/proc/cpuinfo:/sys/class/thermal/thermal_zone0/temp:/dev/null
1736
+```
1737
+ctrl + x
1738
+yes
1739
+
1740
+&nbsp;
1741
+
1742
+__Input required:__
1743
+Set a password:
1744
+```
1745
+pihole -a -p
1746
+your-password
1747
+```
1748
+```
1749
+sudo nano /etc/dnsmasq.d/00-openvpn.conf
1750
+```
1751
+add
1752
+
1753
+```
1754
+interface=tun0
1755
+```
1756
+ctrl + x
1757
+yes
1758
+
1759
+```
1760
+sudo ufw allow 987/tcp && sudo ufw allow from 10.8.0.0/24
1761
+```
1762
+```
1763
+sudo crontab -e
1764
+```
1765
+add
1766
+
1767
+```
1768
+#######################pihole flush logs
1769
+45 23 * * 0,3 pihole -f
1770
+################################
1771
+
1772
+
1773
+#######################pihole update new blocks
1774
+15 23 * * 0,3 pihole -g
1775
+################################
1776
+```
1777
+ctrl + x
1778
+yes
1779
+
1780
+```
1781
+sudo nano /etc/openvpn/server/server.conf
1782
+```
1783
+Change the VPN route through Pi-hole and change the IP Address
1784
+
1785
+```
1786
+########################Pi-hole
1787
+#push "dhcp-option DNS 192.168.1.76"
1788
+###############################
1789
+```
1790
+to
1791
+
1792
+```
1793
+########################Pi-hole
1794
+push "dhcp-option DNS 192.168.1.76" # (< change the IP to your server IP)
1795
+###############################
1796
+```
1797
+ctrl + x
1798
+yes
1799
+
1800
+__Input required:__
1801
+Change the home network IP (_192.168.1.0_)!!
1802
+
1803
+```
1804
+sudo ufw allow from 192.168.1.0/24
1805
+```
1806
+```
1807
+sudo systemctl stop systemd-resolved.service && sudo systemctl disable systemd-resolved.service && sudo systemctl restart pihole-FTL.service && sudo systemctl restart nginx.service && sudo systemctl restart php-fpm.service
1808
+```
1809
+> check http://your-server_ip:987/admin
1810
+
1811
+&nbsp;
1812
+
1813
+## 27.1. recursive DNS server (unbound)
1814
+```
1815
+sudo pacman -S unbound expat --noconfirm && wget -O root.hints https://www.internic.net/domain/named.cache && sudo mv root.hints /etc/unbound/ && sudo mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.backup && sudo nano /etc/unbound/unbound.conf
1816
+```
1817
+__Input required:__
1818
+Add the following and change _private-address: 192.168.1.0/16_ to your IP network.
1819
+
1820
+```
1821
+server:
1822
+ # If no logfile is specified, syslog is used
1823
+ # logfile: "/var/log/unbound/unbound.log"
1824
+ verbosity: 0
1825
+
1826
+ port: 5353
1827
+ do-ip4: yes
1828
+ do-udp: yes
1829
+ do-tcp: yes
1830
+ do-daemonize: no
1831
+ trust-anchor-file: trusted-key.key
1832
+
1833
+ # May be set to yes if you have IPv6 connectivity
1834
+ do-ip6: no
1835
+
1836
+ # Use this only when you downloaded the list of primary root servers!
1837
+ root-hints: "/etc/unbound/root.hints"
1838
+
1839
+ # Trust glue only if it is within the servers authority
1840
+ harden-glue: yes
1841
+
1842
+ # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
1843
+ harden-dnssec-stripped: yes
1844
+
1845
+ # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
1846
+ # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
1847
+ use-caps-for-id: no
1848
+
1849
+ # Reduce EDNS reassembly buffer size.
1850
+ # Suggested by the unbound man page to reduce fragmentation reassembly problems
1851
+ edns-buffer-size: 1472
1852
+
1853
+ # TTL bounds for cache
1854
+ cache-min-ttl: 3600
1855
+ cache-max-ttl: 86400
1856
+
1857
+ # Perform prefetching of close to expired message cache entries
1858
+ # This only applies to domains that have been frequently queried
1859
+ prefetch: yes
1860
+
1861
+ # One thread should be sufficient, can be increased on beefy machines
1862
+ num-threads: 1
1863
+
1864
+ # Ensure kernel buffer is large enough to not loose messages in traffic spikes
1865
+ so-rcvbuf: 1m
1866
+
1867
+ # Ensure privacy of local IP ranges
1868
+ private-address: 192.168.1.0/16
1869
+ private-address: 10.0.0.0/8
1870
+ #private-address: fd00::/8 # IPv6
1871
+ #private-address: fe80::/10 # IPv6
1872
+```
1873
+ctrl + x
1874
+yes
1875
+
1876
+```
1877
+sudo systemctl enable unbound.service && sudo systemctl start unbound.service
1878
+```
1879
+```
1880
+sudo nano /etc/systemd/system/roothints.service
1881
+```
1882
+```
1883
+[Unit]
1884
+Description=Update root hints for unbound
1885
+After=network.target
1886
+
1887
+[Service]
1888
+ExecStart=/usr/bin/curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
1889
+```
1890
+ctrl + x
1891
+yes
1892
+
1893
+```
1894
+sudo nano /etc/systemd/system/roothints.timer
1895
+```
1896
+```
1897
+[Unit]
1898
+Description=Run root.hints monthly
1899
+
1900
+[Timer]
1901
+OnCalendar=monthly
1902
+Persistent=true
1903
+
1904
+[Install]
1905
+WantedBy=timers.target
1906
+```
1907
+ctrl + x
1908
+yes
1909
+
1910
+```
1911
+sudo systemctl enable roothints.timer && sudo systemctl start roothints.timer
1912
+```
1913
+
1914
+You need to change the settings of your Pi-hole.
1915
+Go to _http://your-server_ip:987/admin/settings.php?tab=dns_ and disable all DNS server on the left side and add to _Custom 1 (IPv4)_
1916
+
1917
+```
1918
+127.0.0.1#5353
1919
+```
1920
+and save it.
1921
+
1922
+## 27.2. Dnscrypt-proxy
1923
+```
1924
+sudo pacman -S dnscrypt-proxy && sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
1925
+```
1926
+Change
1927
+```
1928
+# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
1929
+listen_addresses = ['127.0.0.1:53', '[::1]:53']
1930
+```
1931
+to
1932
+```
1933
+server_names = ['dnscrypt.me', 'de.dnsmaschine.net', 'doh-crypto-sx', 'scaleway-fr']
1934
+listen_addresses = ['127.0.0.1:53000', '[::1]:53000']
1935
+```
1936
+ctrl + x
1937
+yes
1938
+
1939
+```
1940
+sudo nano /etc/unbound/unbound.conf
1941
+```
1942
+Add the following under the other lines.
1943
+```
1944
+# dnscrypt-proxy
1945
+ do-not-query-localhost: no
1946
+forward-zone:
1947
+ name: "."
1948
+ forward-addr: ::1@53000
1949
+ forward-addr: 127.0.0.1@53000
1950
+```
1951
+ctrl + x
1952
+yes
1953
+
1954
+```
1955
+sudo systemctl enable dnscrypt-proxy.service && sudo systemctl start dnscrypt-proxy.service && sudo systemctl restart unbound.service
1956
+```
1957
+
1958
+&nbsp;
1959
+
1960
+# 28. Samba
1961
+```
1962
+sudo pacman -S samba --noconfirm && mkdir ~/samba && sudo nano /etc/samba/smb.conf
1963
+```
1964
+Add:
1965
+
1966
+```
1967
+[global]
1968
+workgroup = WORKGROUP
1969
+security = user
1970
+encrypt passwords = yes
1971
+
1972
+[PwOSS - User]
1973
+comment = samba
1974
+path = /mnt/samba/
1975
+read only = no
1976
+```
1977
+ctrl + x
1978
+yes
1979
+
1980
+&nbsp;
1981
+
1982
+__Input required:__
1983
+```
1984
+sudo smbpasswd -a pwoss
1985
+your-password
1986
+```
1987
+```
1988
+sudo ufw allow 139/tcp && sudo ufw allow 445/tcp && sudo systemctl enable smb.service && sudo systemctl start smb.service
1989
+```
1990
+> check smb://your-server_ip/samba
1991
+
1992
+&nbsp;
1993
+
1994
+# 29. FreshRSS
1995
+```
1996
+pikaur -S freshrss --noconfirm && sudo nano /etc/nginx/sites-available/freshrss
1997
+```
1998
+Add and change your IP address:
1999
+
2000
+```
2001
+server {
2002
+ listen 7666; # http on port 80
2003
+
2004
+ # your server's url(s)
2005
+ server_name 192.168.1.76; # Your server IP address
2006
+
2007
+ # the folder p of your FreshRSS installation
2008
+ root /usr/share/webapps/freshrss/p/;
2009
+
2010
+ index index.php index.html index.htm;
2011
+
2012
+ # nginx log files
2013
+ access_log /var/log/nginx/rss.access.log;
2014
+ error_log /var/log/nginx/rss.error.log;
2015
+
2016
+
2017
+ # php files handling
2018
+ # this regex is mandatory because of the API
2019
+ location ~ ^.+?\.php(/.*)?$ {
2020
+
2021
+# fastcgi_pass 127.0.0.1:9000;
2022
+ fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
2023
+
2024
+ fastcgi_split_path_info ^(.+\.php)(/.*)$;
2025
+
2026
+ # By default, the variable PATH_INFO is not set under PHP-FPM
2027
+ # But FreshRSS API greader.php need it. If you have a "Bad Request" error, double check this var !
2028
+ fastcgi_param PATH_INFO $fastcgi_path_info;
2029
+ include fastcgi_params;
2030
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
2031
+ }
2032
+
2033
+
2034
+ location / {
2035
+ try_files $uri $uri/ index.php;
2036
+ }
2037
+
2038
+}
2039
+```
2040
+ctrl + x
2041
+yes
2042
+
2043
+```
2044
+sudo ufw allow 7666/tcp && sudo nano /etc/php/php.ini
2045
+```
2046
+Uncomment:
2047
+
2048
+```
2049
+;extension=gmp
2050
+```
2051
+to
2052
+
2053
+```
2054
+extension=gmp
2055
+```
2056
+ctrl + x
2057
+yes
2058
+
2059
+```
2060
+sudo ln -s /etc/nginx/sites-available/freshrss /etc/nginx/sites-enabled/
2061
+```
2062
+```
2063
+sudo systemctl restart php-fpm.service && sudo systemctl restart nginx
2064
+```
2065
+
2066
+&nbsp;
2067
+
2068
+__Input required:__
2069
+```
2070
+mysql -u root -p
2071
+your-password
2072
+```
2073
+
2074
+&nbsp;
2075
+
2076
+__Input required:__
2077
+```
2078
+CREATE DATABASE FreshRSS;
2079
+CREATE USER 'FreshRSS'@'localhost' IDENTIFIED BY 'your-password';
2080
+GRANT ALL ON FreshRSS.* TO 'FreshRSS'@'localhost';
2081
+FLUSH PRIVILEGES;
2082
+exit
2083
+```
2084
+
2085
+> Check http://your-server_ip:7666 and follow the instructions.
2086
+
2087
+Database = FreshRSS
2088
+Database USER = FreshRSS
2089
+Password = your-password
2090
+
2091
+&nbsp;
2092
+
2093
+## 29.1. Automatic feed update
2094
+```
2095
+sudo crontab -e
2096
+```
2097
+Add:
2098
+
2099
+```
2100
+#######################FreshRSS Updates
2101
+0 */3 * * * php -f /usr/share/webapps/freshrss/app/actualize_script.php > /tmp/FreshRSS.log 2>&1
2102
+################################
2103
+```
2104
+
2105
+&nbsp;
2106
+
2107
+# 30. FireFox sync server
2108
+```
2109
+sudo pacman -S python2-virtualenv --noconfirm && cd && cd software && git clone https://github.com/mozilla-services/syncserver.git && cd syncserver && make build
2110
+```
2111
+
2112
+&nbsp;
2113
+
2114
+__Input required:__
2115
+```
2116
+mysql -u root -p
2117
+your-password
2118
+```
2119
+
2120
+&nbsp;
2121
+
2122
+__Input required:__
2123
+```
2124
+CREATE DATABASE ffsync;
2125
+CREATE USER 'ffsync'@'localhost' IDENTIFIED BY 'your-password';
2126
+GRANT ALL ON ffsync.* TO 'ffsync'@'localhost';
2127
+FLUSH PRIVILEGES;
2128
+exit
2129
+```
2130
+```
2131
+nano syncserver.ini
2132
+```
2133
+Add under
2134
+```
2135
+#sqluri = sqlite:////tmp/syncserver.db
2136
+```
2137
+
2138
+&nbsp;
2139
+
2140
+__Input required:__
2141
+```
2142
+sqluri = pymysql://ffsync:your-password@localhost:3306/ffsync
2143
+```
2144
+and change the IP address
2145
+
2146
+```
2147
+public_url = http://192.168.1.76:5000/
2148
+```
2149
+ctrl + x
2150
+yes
2151
+
2152
+```
2153
+crontab -e
2154
+```
2155
+Add:
2156
+> This is only for your pwoss user. Do not be surprised if the others are not listed.
2157
+
2158
+```
2159
+#####################ffsync
2160
+@reboot sleep 120 && cd /home/pwoss/software/syncserver/ && make serve
2161
+##########################################
2162
+```
2163
+ctrl + x
2164
+yes
2165
+
2166
+```
2167
+sudo ufw allow 5000/tcp
2168
+```
2169
+```
2170
+cd && cd /home/pwoss/software/syncserver/ && make serve
2171
+```
2172
+
2173
+> Check http://your-server_ip:5000/
2174
+> it work's!
2175
+> Is the answer!
2176
+
2177
+ctrl + c
2178
+To cancel the action.
2179
+
2180
+&nbsp;
2181
+
2182
+## 30.1. Clients
2183
+To configure desktop Firefox to talk to your new Sync server, go to “about:config”, search for “identity.sync.tokenserver.uri” and change its value to the URL of your server with a path of “token/1.0/sync/1.5”:
2184
+
2185
+- identity.sync.tokenserver.uri: http://sync.example.com/token/1.0/sync/1.5
2186
+
2187
+Alternatively, if you’re running your own Firefox Accounts server, and running Firefox 52 or later, see the documentation on how to Run your own Firefox Accounts Server for how to configure your client for both Sync and Firefox Accounts with a single preference.
2188
+
2189
+Since Firefox 33, Firefox for Android has supported custom sync servers. To configure Android Firefox 44 and later to talk to your new Sync server, just set the “identity.sync.tokenserver.uri” exactly as above before signing in to Firefox Accounts and Sync on your Android device.
2190
+
2191
+Important: after creating the Android account, changes to “identity.sync.tokenserver.uri” will be ignored. (If you need to change the URI, delete the Android account using the Settings > Sync > Disconnect... menu item, update the pref, and sign in again.) Non-default TokenServer URLs are displayed in the Settings > Sync panel in Firefox for Android, so you should be able to verify your URL there.
2192
+
2193
+Prior to Firefox 44, a custom add-on was needed to configure Firefox for Android. For Firefox 43 and earlier, see the blog post How to connect Firefox for Android to self-hosted Firefox Account and Firefox Sync servers.
2194
+
2195
+(Prior to Firefox 42, the TokenServer preference name for Firefox Desktop was “services.sync.tokenServerURI”. While the old preference name will work in Firefox 42 and later, the new preference is recommended as the old preference name will be reset when the user signs out from Sync causing potential confusion.)
2196
+
2197
+&nbsp;
2198
+
2199
+## 30.2. Updating the server
2200
+You should periodically update your code to make sure you’ve got the latest fixes. The following commands will update syncserver in place:
2201
+
2202
+```
2203
+cd /home/pwoss/software/syncserver
2204
+$ git stash # to save any local changes to the config file
2205
+$ git pull # to fetch latest updates from github
2206
+$ git stash pop # to re-apply any local changes to the config file
2207
+$ make build # to pull in any updated dependencies
2208
+```
2209
+
2210
+&nbsp;
2211
+
2212
+## 30.3. Restart ff-sync-server
2213
+```
2214
+ps aux | grep make
2215
+```
2216
+Check “make serve” and copy the id (first number)
2217
+
2218
+```
2219
+kill (id number)
2220
+cd /home/pwoss/software/syncserver/ && make serve
2221
+```
2222
+
2223
+&nbsp;
2224
+
2225
+# 31. Fail2ban
2226
+```
2227
+sudo pacman -S fail2ban --noconfirm && sudo systemctl enable fail2ban.service && sudo systemctl start fail2ban.service
2228
+```
2229
+
2230
+&nbsp;
2231
+
2232
+# 32. (Optional) - if you want to change the boot text
2233
+```
2234
+sudo nano /etc/motd
2235
+```
2236
+```
2237
+################################################
2238
+Welcome to your PwOSS-Server
2239
+
2240
+ Website: https://pwoss.xyz
2241
+ Wiki: https://wiki.pwoss.xyz
2242
+ Git: https://git.pwoss.xyz/server/
2243
+################################################
2244
+This image is based on Arch Linux | ARM
2245
+
2246
+ Website: http://archlinuxarm.org
2247
+ Forum: http://archlinuxarm.org/forum
2248
+ IRC: #archlinux-arm on irc.Freenode.net
2249
+################################################
2250
+```
2251
+
2252
+&nbsp;
2253
+
2254
+# 33. REBOOT
2255
+```
2256
+sudo reboot now -h
2257
+```
2258
+
2259
+&nbsp;
2260
+&nbsp;
2261
+
2262
+# 34. Your server are running...
2263
+
2264
+&nbsp;
2265
+
2266
+- Radicale = Contact and Calendar Server ----> http://your-server_ip:5232
2267
+- Seafile = Cloud Server ----> http://your-server_ip:8000
2268
+- WebDav = WebDav Server ----> http://your-server_ip:8080
2269
+- VPN = Virtual Private Network ----> your-dyndns_domain
2270
+- Samba = File Server ----> smb://your-server_ip/externalHD
2271
+- FireFox = Sync Bookmarks/History ----> http://your-server_ip:5000/
2272
+- Pi-hole = Advertising blocker ----> http://your-server_ip:987/admin/
2273
+- FreshRSS = RSS Reader ----> http://your-server_ip:7666
2274
+
2275
+&nbsp;
2276
+
2277
+Now you’re able to save your personal data on your own servers. To keep it safe against a burglar, natural disasters, hardware defects we suggest to set up the same or similar servers with a friend or family member.
2278
+
2279
+&nbsp;
2280
+
2281
+__ENJOY__
2282
+
2283
+&nbsp;
2284
+
2285
+<br>
2286
+<br>
2287
+<center>
2288
+ <p class="small" class="title"><strong>Problems?</strong></p>
2289
+ <p class="small">
2290
+ If you encounter problems, simply create an [issue](https://git.pwoss.xyz/server/documentation/issues).
2291
+ </p>
2292
+</center>
... ...
\ No newline at end of file
content/server/arch-x86_64.md
... ...
@@ -0,0 +1,183 @@
1
+# Arch Linux 64-bit
2
+<center>
3
+A 64-bit server offers much more power than a Raspberry Pi. However, the cost of power (electricity) and hardware could be more than a pi.
4
+
5
+> There is no image/iso at the moment. We are [working on creating a bootable USB stick](https://git.pwoss.xyz/server/installation). You have to use the combination guide & scratch for now.
6
+
7
+</center>
8
+------
9
+
10
+[[_TOC_]]
11
+
12
+# 1. Requirements
13
+
14
+To get your own server you'll need a few things:
15
+
16
+Hardware, Software and a little of your time.
17
+
18
+&nbsp;
19
+
20
+## 1.1. Hardware
21
+
22
+### 1.1.1. Minimal system
23
+- 512 megabyte (MB) of memory (RAM)
24
+- 800 megabytes (MB) of hard disk space
25
+- A one gigahertz (GHz) processor
26
+- A broadband internet connection
27
+- x86_64-compatible machine
28
+
29
+&nbsp;
30
+
31
+### 1.1.2. Recommended system
32
+- 2 gigabyte (GB) of memory (RAM)
33
+- 8 gigabytes (GB) of hard disk space
34
+- A 2 gigahertz (GHz) processor
35
+- A broadband internet connection
36
+- x86_64-compatible machine
37
+
38
+&nbsp;
39
+
40
+### 1.1.3. System architecture
41
+
42
+The following items are also recommended:
43
+- A reliable 1GB (or greater) USB stick
44
+
45
+The USB Stick is necessary for the installation of the system. Also, having a reliable USB stick from a reputable brand will help ensure that the process goes smoothly.
46
+
47
+&nbsp;
48
+
49
+## 1.2. Software
50
+
51
+### 1.2.1. Arch ISO
52
+
53
+Download the .iso file and the .iso.sig file from some of the listed provider from [archlinux.org](https://www.archlinux.org/download/) and open the md5.txt file.
54
+> Arch Linux is only available for 64-bit systems.
55
+
56
+&nbsp;
57
+
58
+Check the two files in the same folder with the following command/s:
59
+
60
+- for Arch user
61
+ - ```pacman-key -v archlinux-<version>-x86_64.iso.sig```
62
+- other [GnuPGP](https://wiki.archlinux.org/index.php/GnuPG) systems
63
+ - ```gpg --keyserver pgp.mit.edu --keyserver-options auto-key-retrieve --verify archlinux-<version>-x86_64.iso.sig```
64
+- and check the md5sum with the following command
65
+ - ```md5sum archlinux-<version>-x86_64.iso```
66
+
67
+> Another method to verify the authenticity of the signature is to ensure that the public key's fingerprint is identical to the key fingerprint of the [Arch Linux developer](https://www.archlinux.org/people/developers/) who signed the ISO-file. See [Wikipedia:Public-key_cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for more information on the public-key process to authenticate keys.
68
+
69
+&nbsp;
70
+
71
+### 1.2.2. (Optional) Etcher
72
+
73
+Download Etcher to flash the ISO
74
+ - [Etcher](https://www.balena.io/etcher/)
75
+
76
+&nbsp;
77
+
78
+### 1.2.3. scratch-docu.md
79
+You can follow the [arch-scratch-docu.md](/content/server/arch-scratch-docu) file or download the file from [PwOSS - Gitea](https://git.pwoss.xyz/server/documentation/src/branch/master/arch-x86_64).
80
+
81
+&nbsp;
82
+
83
+# 2. How To
84
+
85
+## 2.1. BIOS
86
+
87
+You have to align the boot-start to your USB-Stick.
88
+
89
+Depending on your motherboard, you must press the __"esc"__ or __"f2"__ or __"f12"__ or __"end"__ key immediately after the PC starts.
90
+> Check your motherboard/computer manual if no button works or ask us.
91
+
92
+&nbsp;
93
+
94
+__Go to:__
95
+1. Boot
96
+2. BOOT DEVICE PRIORITY (or similar)
97
+
98
+Put the USB at the first place (with F5 and F6). Hit the button _esc_ until _save changes and reset_. Hit __enter__ and __yes__.
99
+
100
+Reboot and choose Start: Boot Arch Linux (x86_64)
101
+
102
+> After installing your operating system, you need to change back your BIOS settings
103
+
104
+&nbsp;
105
+
106
+## 2.2. Installation
107
+
108
+If you got every [requirements](/content/server/arch-x86_64#1-requirements) then we can go further with the first step (3 steps in total).
109
+
110
+Get yourself a coffee or tea and let's go through this.
111
+
112
+### 2.2.1. Step 1
113
+
114
+#### 2.2.1.1. Flashing the ISO file
115
+```
116
+fdisk -l
117
+```
118
+or with _sudo_
119
+
120
+```
121
+sudo fdisk -l
122
+```
123
+(check _of=/dev/sdd_, if it's really your USB Stick!!!)
124
+
125
+```
126
+sudo dd bs=4M if=~/Downloads/archlinux-<version>-x86_64.iso of=/dev/sdd
127
+```
128
+
129
+> You can also use [Etcher](https://www.balena.io/etcher/) if you prefer a graphical user interface (GUI).
130
+
131
+&nbsp;
132
+
133
+### 2.2.2. Step 2
134
+
135
+#### 2.2.2.1. Create an no-ip account
136
+Follow the link [www.noip.com](https://www.noip.com/sign-up) and create an account and copy your chosen hostname.
137
+You’ll need it for the installation of the server.
138
+
139
+&nbsp;
140
+
141
+#### 2.2.2.2. The .md file
142
+Go through the [arch-scratch-docu.md](/content/server/arch-scratch-docu) file. Just copy and paste.
143
+
144
+&nbsp;
145
+
146
+### 2.2.3. Step 3
147
+
148
+#### 2.2.3.1. Reboot server
149
+Done? Did you restart your server? Everything seems to be fine?
150
+Good!
151
+
152
+&nbsp;
153
+
154
+#### 2.2.3.2. Port forwarding
155
+You’ll need the port forwarded to your Raspberry Pi - IP (192.168.1.76 <- can be this one).
156
+
157
+The 1194 (udp) port needs to be open in your router for the [VPN connection](https://en.wikipedia.org/wiki/OpenVPN) (Wikipedia link).
158
+
159
+> [www.noip.com](https://www.noip.com/support/knowledgebase/general-port-forwarding-guide/) has a good list of some router brands.
160
+> Your router isn’t listed? Just [email us](mailto:pwoss@pwoss.xyz) or create an [issue](https://git.pwoss.xyz/server/installation/issues).
161
+
162
+&nbsp;
163
+
164
+#### 2.2.3.3. Primary DNS server
165
+Last step will be to change the DNS server. This is necessary to get every device through Pi-Hole.
166
+Login in to your router and change the "primary DNS server" under "DHCP-Server".
167
+> This can be named differently. Depends on your router.
168
+
169
+Delete the "secondary DNS server" and save it.
170
+> Might be necessary to re-login all your connected devices to your WIFI/LAN.
171
+
172
+That's it.
173
+
174
+&nbsp;
175
+
176
+<br>
177
+<br>
178
+<center>
179
+ <p class="small" class="title"><strong>Problems?</strong></p>
180
+ <p class="small">
181
+ If you encounter problems, simply create an [issue](https://git.pwoss.xyz/server/installation/issues).
182
+ </p>
183
+</center>
... ...
\ No newline at end of file
content/server/other-arm-devices.md
... ...
@@ -0,0 +1,9 @@
1
+# other ARM devices
2
+<center>
3
+
4
+If you want to try another ARM device like the Banana Pi you could check the [raspberry-scratch-docu](/content/server/raspberry-scratch-docu) or the file from [PwOSS - Gitea](https://git.pwoss.xyz/server/documentation/src/branch/master/arm).
5
+
6
+The scratch file should work on all ARM devices - [archlinuxarm.org](https://archlinuxarm.org/platforms).
7
+
8
+</center>
9
+------
... ...
\ No newline at end of file
content/server/raspberry-image-docu.md
... ...
@@ -0,0 +1,946 @@
1
+# Raspberry Image Docu
2
+<center>
3
+This is an copy & paste solution for your Raspberry Pi (ARM) server. A software overview and explanation can be found [here](/content/server/software-suite).
4
+
5
+</center>
6
+------
7
+
8
+[[_TOC_]]
9
+
10
+# 1. Important - before you start check following:
11
+
12
+1. Your router needs the possibility of port forwarding and the possibility to configure the DNS server for Pi-hole.
13
+2. You’ll need a DynDNS-Domain. For example, at https://www.noip.com/sign-up.
14
+3. You have to connect a USB Stick/External HardDrive
15
+
16
+&nbsp;
17
+
18
+## 1.1. Info / Tip
19
+Some commands must be changed by you. The keywords will start with '__your-__'.
20
+- your-interface
21
+- your-password
22
+- your-location
23
+- etc.
24
+
25
+We will mark it with the words '__Input required:__ ' above the commands.
26
+
27
+Hit the tab key for autocompletion when typing commands.
28
+
29
+&nbsp;
30
+
31
+Flash the PwOSS - Image file on your SD-Card with Etcher or with the following terminal command.
32
+```
33
+sudo dd bs=4M if=/your/path/to/pwoss-raspberry-arch.img of=/dev/mmcblk0
34
+sync
35
+```
36
+**Make sure _/dev/mmcblk0_ is your SD Card!!!**
37
+
38
+&nbsp;
39
+
40
+## 1.2. SSH without keyboard
41
+Connection from PC / Mobile per Terminal to your Raspberry Pi.
42
+
43
+You have to find your local IP address of your raspberry pi to connect per SSH to the terminal.
44
+
45
+Terminal command:
46
+
47
+```
48
+arp -n | awk '/b8:27:eb/ {print $1}'
49
+```
50
+
51
+In my constellation, it's 192.168.1.76. You can find it on your router as well.
52
+
53
+&nbsp;
54
+
55
+Open your terminal and type:
56
+
57
+```
58
+ssh pwoss@192.168.1.76
59
+pwoss
60
+```
61
+
62
+&nbsp;
63
+
64
+# 2. PwOSS-Image (resize SD CARD)
65
+```
66
+sudo fdisk /dev/mmcblk0
67
+d
68
+2
69
+n
70
+p
71
+2
72
+```
73
+Enter
74
+
75
+```
76
+Y
77
+w
78
+sudo reboot now -h
79
+```
80
+```
81
+ssh pwoss@192.168.1.76
82
+pwoss
83
+sudo resize2fs /dev/mmcblk0p2
84
+```
85
+
86
+&nbsp;
87
+
88
+# 3. Change timezone
89
+
90
+```
91
+timedatectl list-timezones
92
+```
93
+
94
+Choose your timezone and copy it.
95
+ctrl z
96
+
97
+&nbsp;
98
+
99
+__Input required:__
100
+```
101
+timedatectl set-timezone your-location
102
+```
103
+ctrl + x
104
+yes
105
+
106
+&nbsp;
107
+
108
+# 4. Dm-crypt LUKS
109
+```
110
+sudo cryptsetup -v luksFormat /dev/sda
111
+```
112
+
113
+YES
114
+
115
+&nbsp;
116
+
117
+__Input required:__
118
+passphrase=your-password
119
+
120
+```
121
+sudo cryptsetup luksOpen /dev/sda externalHD
122
+```
123
+
124
+&nbsp;
125
+
126
+__Input required:__
127
+passphrase=your-password
128
+
129
+```
130
+sudo mkfs.ext4 /dev/mapper/externalHD
131
+sudo mkdir /mnt/externalHD
132
+sudo cryptsetup luksClose externalHD
133
+sudo dd if=/dev/urandom of=/home/pwoss/.key bs=4096 count=4
134
+sudo chmod 400 /home/pwoss/.key
135
+sudo cryptsetup luksAddKey /dev/sda /home/pwoss/.key
136
+```
137
+
138
+&nbsp;
139
+
140
+__Input required:__
141
+passphrase=your-password
142
+
143
+```
144
+sudo nano /etc/crypttab
145
+```
146
+
147
+Add to the bottom:
148
+
149
+```
150
+externalHD /dev/sda /home/pwoss/.key luks
151
+```
152
+ctrl + x
153
+yes
154
+
155
+```
156
+sudo nano /etc/fstab
157
+```
158
+
159
+Add to the bottom:
160
+
161
+```
162
+/dev/mapper/externalHD /mnt/externalHD ext4 defaults 0 0
163
+```
164
+ctrl + x
165
+yes
166
+
167
+Do a reboot.
168
+
169
+```
170
+sudo reboot now -h
171
+```
172
+
173
+&nbsp;
174
+
175
+# 5. Radicale
176
+```
177
+sudo nano /etc/radicale/config
178
+```
179
+
180
+Change the IP to yours:
181
+
182
+```
183
+hosts = 192.168.1.76:5232
184
+```
185
+ctrl + x
186
+yes
187
+
188
+```
189
+sudo nano /etc/radicale/users
190
+```
191
+
192
+&nbsp;
193
+
194
+__Input required:__
195
+> Change to your Family Member for example.
196
+
197
+```
198
+your-user1:your-user1_password
199
+your-user2:your-user2_password
200
+...
201
+```
202
+ctrl + x
203
+yes
204
+
205
+```
206
+sudo systemctl restart radicale
207
+```
208
+
209
+> check http://your-server_ip:5232
210
+
211
+&nbsp;
212
+
213
+# 6. OpenVPN
214
+
215
+&nbsp;
216
+
217
+## 6.1. Server-Config
218
+```
219
+sudo nano /etc/openvpn/server/server.conf
220
+```
221
+
222
+> Change the IP to your home network if it’s necessary.
223
+
224
+```
225
+# your local subnet
226
+push "route 192.168.1.0 255.255.255.0"
227
+```
228
+
229
+and change the IP Address that the the VPN Clients are going through Pi-hole.
230
+
231
+```
232
+########################Pi-hole
233
+push "dhcp-option DNS 192.168.1.76" # (< change the ip to your Pi IP)
234
+###############################
235
+```
236
+
237
+and change the client's number depends on your needs:
238
+
239
+```
240
+max-clients 2
241
+```
242
+ctrl + x
243
+yes
244
+
245
+&nbsp;
246
+
247
+## 6.2. DDClient-Dynamic DNS
248
+```
249
+sudo nano /etc/ddclient/ddclient.conf
250
+```
251
+
252
+Go to the bottom and change the "login=","password=", and the domain at the bottom.
253
+
254
+&nbsp;
255
+
256
+__Input required:__
257
+```
258
+login=your-@emailaddress.com
259
+password='your-password'
260
+your-dyndns_domain
261
+```
262
+
263
+&nbsp;
264
+
265
+## 6.3. Easy-RSA
266
+```
267
+sudo pacman -S openvpn easy-rsa --noconfirm && sudo su
268
+cd /etc/easy-rsa
269
+export EASYRSA=$(pwd)
270
+easyrsa init-pki
271
+easyrsa build-ca nopass
272
+```
273
+
274
+&nbsp;
275
+
276
+__Input required:__
277
+> Change 'your-dyndns_domain' to your domain.
278
+
279
+```
280
+Common Name (eg: your user, host, or server name) [Easy-RSA CA]:your-dyndns_domain
281
+Your new CA certificate file for publishing is at:/etc/easy-rsa/pki/ca.crt
282
+cp /etc/easy-rsa/pki/ca.crt /etc/openvpn/server/
283
+easyrsa gen-req ArchServer nopass
284
+your-dyndns_domain
285
+```
286
+
287
+Enter
288
+
289
+```
290
+cp /etc/easy-rsa/pki/private/ArchServer.key /etc/openvpn/server/
291
+openssl dhparam -out /etc/openvpn/server/dh.pem 2048
292
+```
293
+
294
+> This takes around 20 minutes
295
+
296
+&nbsp;
297
+
298
+__Input required:__
299
+> Change 'your-device' like Smartphone / Laptop etc.
300
+
301
+```
302
+openvpn --genkey --secret /etc/openvpn/server/ta.key
303
+easyrsa gen-req your-device
304
+```
305
+
306
+Enter your-password and _NO COMMON NAME_!!
307
+Hit enter
308
+
309
+```
310
+easyrsa sign-req server ArchServer
311
+```
312
+
313
+yes
314
+
315
+&nbsp;
316
+
317
+__Input required:__
318
+> Change 'your-device' like Smartphone / Laptop etc.
319
+
320
+```
321
+easyrsa sign-req client your-device
322
+```
323
+
324
+yes
325
+
326
+```
327
+mv /etc/easy-rsa/pki/issued/ArchServer.crt /etc/openvpn/server/
328
+mkdir /etc/easy-rsa/pki/signed
329
+mv /etc/easy-rsa/pki/issued/your-device.crt /etc/easy-rsa/pki/signed
330
+exit
331
+```
332
+
333
+&nbsp;
334
+
335
+## 6.4. Client config & ovpngen AUR
336
+```
337
+cd && pikaur -S ovpngen --noconfirm
338
+```
339
+
340
+&nbsp;
341
+
342
+__Input required:__
343
+> Change 'your-dyndns_domain' to your domain.
344
+> Change 'your-device' like Smartphone / Laptop etc.
345
+
346
+```
347
+sudo ovpngen your-dyndns_domain /etc/openvpn/server/ca.crt /etc/easy-rsa/pki/signed/your-device.crt /etc/easy-rsa/pki/private/your-device.key /etc/openvpn/server/ta.key > your-device.ovpn
348
+sudo nano your-device.ovpn
349
+```
350
+
351
+&nbsp;
352
+
353
+__Input required:__
354
+> Change 'your-dyndns_domain' to your domain.
355
+
356
+```
357
+remote your-dyndns_domain 1194 udp
358
+```
359
+and add behind ‘verb 3’
360
+
361
+```
362
+cipher AES-256-CBC
363
+auth SHA512
364
+resolv-retry infinite
365
+tls-version-min 1.2
366
+auth-nocache
367
+remote-cert-tls server
368
+comp-lzo
369
+```
370
+ctrl + x
371
+yes
372
+
373
+&nbsp;
374
+
375
+__Input required:__
376
+Copy the file to your Phone and import the file to the “OpenVPN for Android” application or to your computer.
377
+```
378
+sudo scp your-device.ovpn your-copmputer/your-user@192.168.1.xxx:/home/your-user/
379
+```
380
+
381
+&nbsp;
382
+
383
+## 6.5. New clients
384
+
385
+&nbsp;
386
+
387
+__Input required:__
388
+> Change 'your-device' like Smartphone / Laptop etc.
389
+
390
+```
391
+sudo su && cd /etc/easy-rsa
392
+easyrsa gen-req your-device
393
+```
394
+
395
+Enter your password and _NO COMMON NAME_!!
396
+Hit enter
397
+
398
+&nbsp;
399
+
400
+__Input required:__
401
+```
402
+easyrsa sign-req client your-device
403
+```
404
+
405
+yes
406
+
407
+&nbsp;
408
+
409
+__Input required:__
410
+> Change 'your-dyndns_domain' to your domain.
411
+> Change 'your-device' like Smartphone / Laptop etc.
412
+
413
+```
414
+mv /etc/easy-rsa/pki/issued/your-device.crt /etc/easy-rsa/pki/signed
415
+```
416
+```
417
+sudo ovpngen yourDYNDNSdomain.com /etc/openvpn/server/ca.crt /etc/easy-rsa/pki/signed/your-device.crt /etc/easy-rsa/pki/private/your-device.key /etc/openvpn/server/ta.key > your-device.ovpn
418
+sudo nano your-device.ovpn
419
+```
420
+
421
+&nbsp;
422
+
423
+__Input required:__
424
+> Change 'your-dyndns_domain' to your domain.
425
+
426
+```
427
+remote your-dyndns_domain 1194 udp
428
+```
429
+and add behind ‘verb 3’
430
+
431
+```
432
+cipher AES-256-CBC
433
+auth SHA512
434
+resolv-retry infinite
435
+tls-version-min 1.2
436
+auth-nocache
437
+remote-cert-tls server
438
+comp-lzo
439
+```
440
+ctrl + x
441
+yes
442
+
443
+&nbsp;
444
+
445
+__Input required:__
446
+Copy the file to your Phone and import the file to the “OpenVPN for Android” application or to your computer.
447
+```
448
+sudo scp your-device.ovpn your-copmputer/your-user@192.168.1.xxx:/home/your-user/
449
+```
450
+
451
+&nbsp;
452
+
453
+# 7. PHP
454
+
455
+&nbsp;
456
+
457
+__Input required:__
458
+Uncomment the following lines in /etc/php/php.ini: (Delete ; )
459
+
460
+```
461
+sudo nano /etc/php/php.ini
462
+date.timezone = your-location
463
+```
464
+ctrl + x
465
+yes
466
+
467
+```
468
+sudo systemctl restart php-fpm.service
469
+```
470
+
471
+&nbsp;
472
+
473
+# 8. Adminer
474
+```
475
+sudo nano /etc/nginx/sites-available/adminer
476
+```
477
+Change the IP address to your server IP:
478
+
479
+```
480
+ server_name 192.168.1.76;
481
+```
482
+ctrl + x
483
+yes
484
+
485
+```
486
+sudo systemctl restart nginx.service
487
+```
488
+
489
+> check http://your-server_ip:22322/adminer
490
+
491
+&nbsp;
492
+
493
+# 9. Msmtp
494
+```
495
+sudo nano /etc/msmtprc
496
+```
497
+
498
+&nbsp;
499
+
500
+__Input required:__
501
+Change all "PwOSS", 'your-@emailaddress.com' and 'your-password' settings to your provider.
502
+
503
+```
504
+# PwOSS
505
+account pwoss
506
+host smtp.pwoss.xyz
507
+port 587
508
+from yourEMAIL@address.com
509
+user yourEMAIL@address.com
510
+password YOUR password
511
+
512
+
513
+# Set a default account
514
+account default : pwoss
515
+```
516
+ctrl + x
517
+yes
518
+
519
+&nbsp;
520
+
521
+__Input required:__
522
+Test it
523
+> Change email
524
+
525
+```
526
+echo "PwOSS - Server" | msmtp -a default your-@emailaddress.com
527
+```
528
+> Check your spam folder.
529
+
530
+&nbsp;
531
+
532
+# 10. RaspiBackup
533
+```
534
+sudo mkdir /mnt/externalHD/backup/ && sudo chown pwoss:pwoss /mnt/externalHD/backup/ && sudo mkdir /mnt/externalHD/backup/myServer && sudo mkdir /mnt/externalHD/backup/myServer/raspiBackup && sudo nano /usr/local/etc/raspiBackup.conf
535
+```
536
+
537
+Change:
538
+```
539
+# email to send completion status
540
+DEFAULT_EMAIL=""
541
+```
542
+
543
+to
544
+
545
+&nbsp;
546
+
547
+__Input required:__
548
+```
549
+# email to send completion status
550
+DEFAULT_EMAIL="your-@emailaddress.com"
551
+```
552
+ctrl + x
553
+yes
554
+
555
+Test run:
556
+
557
+```
558
+sudo raspiBackup.sh
559
+```
560
+
561
+> First Backup will take around 10 minutes afterwards only 2-3 minutes.
562
+to
563
+
564
+&nbsp;
565
+
566
+## 10.1. Restore
567
+Check with:
568
+
569
+```
570
+sudo fdisk -l | egrep "^Disk /|^/dev"
571
+```
572
+
573
+Restore example if it’s a USB Stick (incl SD Card):
574
+
575
+```
576
+sudo raspiBackup.sh -C -c -d /dev/sdb /mnt/externalHD/backup/myServer/raspiBackup/myServer/myServer-rsync-backup-2019******
577
+```
578
+
579
+&nbsp;
580
+
581
+## 10.2. Debug
582
+```
583
+sudo raspiBackup.sh -F -l debug
584
+```
585
+
586
+&nbsp;
587
+
588
+# 11. Pi-hole
589
+```
590
+sudo nano /etc/nginx/sites-available/pihole
591
+```
592
+
593
+Change the IP address:
594
+
595
+```
596
+server_name 192.168.1.76; # Your server IP address
597
+```
598
+ctrl + x
599
+yes
600
+
601
+&nbsp;
602
+
603
+__Input required:__
604
+Set a password:
605
+```
606
+pihole -a -p
607
+your-password
608
+```
609
+
610
+```
611
+sudo nano /etc/hosts
612
+```
613
+Add to the bottom (change the IP to yours)
614
+
615
+```
616
+192.168.1.76 pi.hole myServer
617
+```
618
+ctrl + x
619
+yes
620
+
621
+__Input required:__
622
+Change the home network IP (_192.168.1.0_)!!
623
+
624
+```
625
+sudo ufw allow from 192.168.1.0/24
626
+```
627
+```
628
+sudo systemctl restart nginx.service
629
+```
630
+
631
+&nbsp;
632
+
633
+## 11.1. recursive DNS server (unbound)
634
+
635
+__Input required:__
636
+Change _private-address: 192.168.1.0/16_ to your IP network:
637
+```
638
+sudo nano /etc/unbound/unbound.conf
639
+```
640
+ctrl + x
641
+yes
642
+
643
+&nbsp;
644
+
645
+# 12. Samba
646
+Change password if you want. Otherwise keep going with the next step.
647
+> Just use samba with the pwoss passwords
648
+
649
+&nbsp;
650
+
651
+__Input required:__
652
+```
653
+sudo smbpasswd -a pwoss
654
+your-password
655
+```
656
+
657
+__Here is the next step!__ The following are the password and user for samba. Example for windows.
658
+
659
+```
660
+password = pwoss
661
+user = pwoss
662
+```
663
+
664
+> check smb://your-server_ip/externalHD
665
+
666
+&nbsp;
667
+
668
+# 13. FreshRSS
669
+```
670
+sudo nano /etc/nginx/sites-available/freshrss
671
+```
672
+
673
+Change the IP to your server IP:
674
+
675
+```
676
+ server_name 192.168.1.76; # Your server IP address
677
+```
678
+ctrl + x
679
+yes
680
+
681
+```
682
+sudo systemctl restart nginx.service
683
+```
684
+
685
+> Check http://your-server_ip:7666 and follow the instructions.
686
+
687
+> General Configuration - Your Admin User for the FreshRSS - server.
688
+
689
+> Mysql Settings:
690
+> Database = FreshRSS
691
+> Database USER = FreshRSS
692
+> Password = pwoss
693
+
694
+&nbsp;
695
+
696
+# 14. FireFox sync server
697
+```
698
+cd && cd software && cd syncserver && nano syncserver.ini
699
+```
700
+
701
+Change the IP address:
702
+
703
+```
704
+public_url = http://192.168.1.76:5000/
705
+```
706
+ctrl + x
707
+yes
708
+
709
+A reboot is might be necessary:
710
+```
711
+sudo reboot now -h
712
+```
713
+
714
+> Check http://your-server_ip:5000/
715
+> it work's!
716
+> Is the answer!
717
+
718
+&nbsp;
719
+
720
+## 14.1. Clients
721
+To configure desktop Firefox to talk to your new Sync server, go to “about:config”, search for “identity.sync.tokenserver.uri” and change its value to the URL of your server with a path of “token/1.0/sync/1.5”:
722
+
723
+- identity.sync.tokenserver.uri: http://sync.example.com/token/1.0/sync/1.5
724
+
725
+Alternatively, if you’re running your own Firefox Accounts server, and running Firefox 52 or later, see the documentation on how to Run your own Firefox Accounts Server for how to configure your client for both Sync and Firefox Accounts with a single preference.
726
+
727
+Since Firefox 33, Firefox for Android has supported custom sync servers. To configure Android Firefox 44 and later to talk to your new Sync server, just set the “identity.sync.tokenserver.uri” exactly as above before signing in to Firefox Accounts and Sync on your Android device.
728
+
729
+Important: after creating the Android account, changes to “identity.sync.tokenserver.uri” will be ignored. (If you need to change the URI, delete the Android account using the Settings > Sync > Disconnect... menu item, update the pref, and sign in again.) Non-default TokenServer URLs are displayed in the Settings > Sync panel in Firefox for Android, so you should be able to verify your URL there.
730
+
731
+Prior to Firefox 44, a custom add-on was needed to configure Firefox for Android. For Firefox 43 and earlier, see the blog post How to connect Firefox for Android to self-hosted Firefox Account and Firefox Sync servers.
732
+
733
+(Prior to Firefox 42, the TokenServer preference name for Firefox Desktop was “services.sync.tokenServerURI”. While the old preference name will work in Firefox 42 and later, the new preference is recommended as the old preference name will be reset when the user signs out from Sync causing potential confusion.)
734
+
735
+&nbsp;
736
+
737
+# 15. Seafile server
738
+```
739
+sudo mkdir /mnt/externalHD/seafile && sudo chown -R seafile:seafile /mnt/externalHD/seafile
740
+```
741
+```
742
+/sbin/ifconfig eth0 | grep 'inet 1' | awk '{ print $2}'
743
+```
744
+
745
+> Write the IP down
746
+
747
+&nbsp;
748
+
749
+## 15.1. Seafile installation
750
+```
751
+sudo -u seafile -s /bin/sh
752
+```
753
+```
754
+cd && wget https://github.com/haiwen/seafile-rpi/releases/download/v6.3.4/seafile-server_6.3.4_stable_pi.tar.gz && tar -xzf seafile-server_* && mv seafile-server_* installed && cd seafile-server-* && ./setup-seafile-mysql.sh
755
+```
756
+Enter
757
+__Input required:__
758
+
759
+```
760
+servername = myServer
761
+ip = your-server_ip
762
+/srv/seafile/seafile-data = /mnt/externalHD/seafile/seafile-data
763
+```
764
+
765
+Hit enter for “8082”
766
+Hit 1
767
+Hit enter for “localhost” and “3306”
768
+> The mysql root user password is:
769
+
770
+```
771
+pwoss
772
+```
773
+
774
+Hit enter for “mysql user”
775
+
776
+__Input required:__
777
+```
778
+Enter the password for mysql user "seafile": your-password
779
+```
780
+
781
+Hit enter for “[ ccnet database ]”
782
+Hit enter for “[ seafile database ]”
783
+Hit enter for “[ seahub database ]”
784
+Enter through and wait until it’s done
785
+
786
+```
787
+./seafile.sh start
788
+./seahub.sh start
789
+```
790
+
791
+__Input required:__
792
+> enter admin email
793
+
794
+```
795
+your-@emailaddress.com
796
+```
797
+
798
+__Input required:__
799
+> enter admin password
800
+
801
+```
802
+your-password
803
+```
804
+```
805
+sudo systemctl restart seafile.service && sudo systemctl restart seahub.service
806
+```
807
+> A reboot is maybe necessary
808
+
809
+```
810
+sudo reboot now -h
811
+```
812
+> check http://your-server_ip:8000
813
+
814
+&nbsp;
815
+
816
+## 15.2. SeafDav (WebDav)
817
+```
818
+sudo -u seafile -s /bin/sh
819
+```
820
+```
821
+cd && cd conf && nano seafdav.conf
822
+```
823
+Change:
824
+
825
+```
826
+enabled = false
827
+```
828
+to
829
+
830
+```
831
+enabled = true
832
+```
833
+ctrl x & yes enter
834
+
835
+```
836
+cd && cd seafile-server-latest && ./seafile.sh restart && ./seahub.sh restart
837
+```
838
+
839
+> check http://your-server_ip:8080
840
+
841
+&nbsp;
842
+
843
+# 16. UFW
844
+```
845
+sudo nano /etc/ufw/before.rules
846
+```
847
+
848
+__Input required:__
849
+Add after header (# ufw-before-forward) and before (# Don't delete these required lines, otherwise there will be errors and change the '_your-interface_'
850
+
851
+```
852
+# NAT (Network Address Translation) table rules
853
+*nat
854
+:POSTROUTING ACCEPT [0:0]
855
+
856
+# Allow traffic from clients to the interface
857
+-A POSTROUTING -s 10.8.0.0/24 -o your-interface -j MASQUERADE
858
+
859
+# do not delete the "COMMIT" line or the NAT table rules above will not be processed
860
+COMMIT
861
+```
862
+
863
+&nbsp;
864
+
865
+# 17. Swap file
866
+
867
+> We could add the file to the image straightaway but we like to keep the image small.
868
+You don't need to have a swap file but it is good to have to get a little bit more "power" for your Raspberry Pi.
869
+
870
+```
871
+sudo fallocate -l 512M /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile
872
+```
873
+```
874
+sudo nano /etc/fstab
875
+```
876
+Add to the bottom of the fstab list:
877
+
878
+```
879
+/swapfile none swap defaults 0 0
880
+```
881
+ctrl + x
882
+yes
883
+
884
+&nbsp;
885
+
886
+# 18. (Optional) - if you want to change the boot text
887
+```
888
+sudo nano /etc/motd
889
+```
890
+```
891
+################################################
892
+Welcome to your PwOSS-Server
893
+
894
+ Website: https://pwoss.xyz
895
+ Wiki: https://wiki.pwoss.xyz
896
+ Git: https://git.pwoss.xyz/server/
897
+################################################
898
+This image is based on Arch Linux | ARM
899
+
900
+ Website: http://archlinuxarm.org
901
+ Forum: http://archlinuxarm.org/forum
902
+ IRC: #archlinux-arm on irc.Freenode.net
903
+################################################
904
+```
905
+
906
+&nbsp;
907
+
908
+# 19. REBOOT
909
+```
910
+sudo reboot now -h
911
+```
912
+
913
+&nbsp;
914
+&nbsp;
915
+
916
+# 20. Your servers are running...
917
+
918
+&nbsp;
919
+
920
+- Radicale = Contact and Calendar Server ----> http://your-server_ip:5232
921
+- Seafile = Cloud Server ----> http://your-server_ip:8000
922
+- WebDav = WebDav Server ----> http://your-server_ip:8080
923
+- VPN = Virtual Private Network ----> your-dyndns_domain
924
+- Samba = File Server ----> smb://your-server_ip/externalHD
925
+- FireFox = Sync Bookmarks/History ----> http://your-server_ip:5000/
926
+- Pi-hole = Advertising blocker ----> http://your-server_ip:987/admin/
927
+- FreshRSS = RSS Reader ----> http://your-server_ip:7666
928
+
929
+&nbsp;
930
+
931
+Now you’re able to save your personal data on your own server. To keep it safe against a burglar, natural disasters, hardware defects we suggest to set up the same or similar server with a friend or family member.
932
+
933
+&nbsp;
934
+
935
+__ENJOY__
936
+
937
+&nbsp;
938
+
939
+<br>
940
+<br>
941
+<center>
942
+ <p class="small" class="title"><strong>Problems?</strong></p>
943
+ <p class="small">
944
+ If you encounter problems, simply create an [issue](https://git.pwoss.xyz/server/documentation/issues).
945
+ </p>
946
+</center>
... ...
\ No newline at end of file
content/server/raspberry-pi.md
... ...
@@ -0,0 +1,192 @@
1
+# Raspberry Pi
2
+<center>
3
+The Raspberry Pi is the most popular single board computer.
4
+It is (among other things) perfectly suited to install a running server at your home. It doesn't cost much electricity and is small, so it fits anywhere.
5
+Our PwOSS - Image (operating system) is for the __Pi 2, 3__ and __3B+__.
6
+
7
+</center>
8
+------
9
+
10
+[[_TOC_]]
11
+
12
+# 1. Requirements
13
+
14
+To get your own server, you need a few things:
15
+
16
+Hardware, software and a little of your time.
17
+
18
+&nbsp;
19
+
20
+## 1.1. Hardware
21
+1. Raspberry Pi kit [amazon.co.uk](https://www.amazon.co.uk/Raspberry-Pi-Official-Desktop-Starter/dp/B01CSD1WV2/ref=pd_sbs_147_6?_encoding=UTF8&refRID=K495HWW1N1DTDKP7G09Q&th=1)
22
+2. External HardDrive [amazon.co.uk](https://www.amazon.co.uk/Seagate-Expansion-Desktop-External-PlayStation/dp/B00UNA1ICQ/ref=sr_1_6?s=computers&ie=UTF8&qid=1520925541&sr=1-6&keywords=external%2Bhard%2Bdrives%2B2tb&dpID=418ChT27VTL&preST=_SY300_QL70_&dpSrc=srch&th=1)
23
+3. Router
24
+
25
+&nbsp;
26
+
27
+> - Check other offers or your local area or whatever you prefer. These are just examples.
28
+> - A minimum size of 8 GB is required - SD card. If you go with more, you are prepared for more software.
29
+> - Your router needs the ability to forward ports and configure the DNS server for Pi-hole.
30
+
31
+## 1.2. Software
32
+
33
+### 1.2.1. Image
34
+
35
+[Download](https://repo.pwoss.xyz/server/arm/img/raspberry/latest/) the PwOSS - Files.
36
+
37
+&nbsp;
38
+
39
+### 1.2.2. (Optional) Etcher
40
+
41
+Download Etcher to flash the ISO:
42
+ - [Etcher](https://www.balena.io/etcher/)
43
+
44
+&nbsp;
45
+
46
+> Other files:
47
+> It is recommended to also download the other files (CHANGELOG.md is not required).
48
+> The explanation can be found in 'HowTo - Step 1'.
49
+
50
+> The '...docu.md' files are available at [PwOSS - Gitea](https://git.pwoss.xyz/server/documentation/src/branch/master/arm) as well.
51
+
52
+### 1.2.3. Without image
53
+You don't have to use our image. You can also download the ARM image from [archlinuxarm.org](https://archlinuxarm.org/platforms).
54
+Use the [raspberry-scratch-docu.md](/content/server/raspberry-scratch-docu).
55
+
56
+&nbsp;
57
+
58
+# 2. How To
59
+
60
+If you have all [requirements](/content/server/raspberry-pi#1-requirements), then we can continue with the first step (4 steps in total).
61
+
62
+Get a cup of coffee or tea and let's go over it.
63
+
64
+## 2.1. Step 1
65
+
66
+### 2.1.1. Downloaded files
67
+
68
+The tar.gz, asc, sha512sum, and the sha512sum.sig files must be in the same folder.
69
+
70
+> The tar.gz file is a compressed file. The .img file is in there.
71
+> Check the tar.gz file with the sha512sum file before extracting it.
72
+> Why should you do this? To make sure that the image file was not damaged during the download. The sig file should ensure that the sha512sum file is from us (dan/dansman).
73
+> The gpg file is used to check the sig file.
74
+
75
+&nbsp;
76
+
77
+### 2.1.2. Check the files
78
+
79
+Start your Terminal:
80
+* Linux – Search your apps for your terminal
81
+* Mac – Search your apps for your terminal
82
+* Windows – [Raspberrypi.org](https://www.raspberrypi.org/documentation/remote-access/ssh/windows.md)
83
+
84
+Put all the files in the same folder and run in your Terminal:
85
+```
86
+gpg --import dansman.asc
87
+```
88
+```
89
+gpg --verify sha512sum.sig
90
+```
91
+> Fingerprint = 4784 F5FF 89F3 06CF B6F7 704C 2A44 D31D E67D 8EB6
92
+
93
+```
94
+sha512sum -c sha512sum
95
+```
96
+> Result should be:
97
+> 'date'.tar.gz: OK
98
+
99
+&nbsp;
100
+
101
+## 2.2. Step 2
102
+
103
+### 2.2.1. Flash the .img file
104
+
105
+Extract the tar.gz file and insert your SD card into your computer and flash the image with [Etcher](https://www.balena.io/etcher/).
106
+
107
+&nbsp;
108
+
109
+### 2.2.2. Set up your Pi
110
+[Raspberrypi.org](https://projects.raspberrypi.org/en/projects/raspberry-pi-setting-up/4) - (connect your external hard drive as well)
111
+
112
+Turn on your Pi.
113
+
114
+&nbsp;
115
+
116
+### 2.2.3. How to connect to your Raspberry Pi
117
+Open your terminal on your PC.
118
+
119
+> - Linux – Search your apps for your terminal
120
+> - Mac – Search your apps for your terminal
121
+> - Windows – [Raspberrypi.org](https://www.raspberrypi.org/documentation/remote-access/ssh/windows.md)
122
+You need to find out your local IP address of your Raspberry Pi to connect to the terminal via SSH.
123
+
124
+Terminal command:
125
+```
126
+arp -n | awk '/b8:27:eb/ {print $1}'
127
+```
128
+
129
+In my constellation it is 192.168.1.76. You can also find it on your router.
130
+
131
+Open your terminal and type:
132
+```
133
+ssh pwoss@192.168.1.76
134
+pwoss
135
+```
136
+
137
+> If you are completely helpless, just [email us](mailto:pwoss@pwoss.xyz) or create an [issue](https://git.pwoss.xyz/server/documentation/issues).
138
+
139
+&nbsp;
140
+
141
+## 2.3. Step 3
142
+
143
+### 2.3.1. Create an no-ip account
144
+Follow the link [www.noip.com](https://www.noip.com/sign-up) and create an account and copy your chosen hostname.
145
+You will need it to install the server.
146
+
147
+&nbsp;
148
+
149
+### 2.3.2. The .md file
150
+Go through the [raspberry-image-docu.md](/content/server/raspberry-image-docu) file. Just copy and paste.
151
+If you are not using our image got through the [raspberry-scratch-docu.md](/content/server/raspberry-scratch-docu) file.
152
+
153
+&nbsp;
154
+
155
+## 2.4. Step 4
156
+
157
+### 2.4.1. Reboot server
158
+Done? Have you restarted your server? Everything seems to be fine?
159
+Good!
160
+
161
+&nbsp;
162
+
163
+### 2.4.2. Port forwarding
164
+You need the port that is forwarded to your Raspberry Pi - IP (192.168.1.76 <- can be this).
165
+
166
+The 1194 (udp) port needs to be open in your router for the VPN connection.
167
+
168
+> [https://www.noip.com](https://www.noip.com/support/knowledgebase/general-port-forwarding-guide/) has a good guide for some router brands.
169
+> Your router isn’t listed? Just [email us](mailto:pwoss@pwoss.xyz) or create an [issue](https://git.pwoss.xyz/server/documentation/issues).
170
+
171
+&nbsp;
172
+
173
+### 2.4.3. Primary DNS server
174
+he last step is to change the DNS server. This is necessary to get any device through Pi-hole.
175
+Login in to your router and change the "primary DNS server" under "DHCP-Server".
176
+> This can be named differently. Depends on your router.
177
+
178
+Delete the "secondary DNS server" and save it.
179
+> Might be necessary to re-login all your connected devices to your WIFI/LAN.
180
+
181
+That's it.
182
+
183
+&nbsp;
184
+
185
+<br>
186
+<br>
187
+<center>
188
+ <p class="small" class="title"><strong>Problems?</strong></p>
189
+ <p class="small">
190
+ If you encounter problems, simply create an [issue](https://git.pwoss.xyz/server/documentation/issues).
191
+ </p>
192
+</center>
... ...
\ No newline at end of file
content/server/raspberry-scratch-docu.md
... ...
@@ -0,0 +1,1946 @@
1
+# Raspberry Scratch Docu
2
+<center>
3
+This is an copy & paste solution for your Raspberry Pi (ARM) server. A software overview and explanation can be found [here](/content/server/software-suite).
4
+
5
+</center>
6
+------
7
+
8
+[[_TOC_]]
9
+
10
+# Important - before you start check following:
11
+
12
+1. Your router needs the possibility of port forwarding and the possibility to configure the DNS server for Pi-hole.
13
+2. You’ll need a DynDNS-Domain. For example, at https://www.noip.com/sign-up.
14
+3. You have to connect a USB Stick/External HardDrive
15
+
16
+&nbsp;
17
+
18
+## Info / Tip
19
+Some commands must be changed by you. The keywords will start with '__your-__'.
20
+- your-interface
21
+- your-password
22
+- your-location
23
+- etc.
24
+
25
+We will mark it with the words '__Input required:__ ' above the commands.
26
+
27
+Hit the tab key for autocompletion when typing commands.
28
+
29
+&nbsp;
30
+
31
+Get the image from [archlinuxarm.org](https://archlinuxarm.org/platforms/armv7/broadcom/raspberry-pi-2#installation) and follow the instructions.
32
+
33
+&nbsp;
34
+
35
+## SSH without keyboard
36
+Connection from PC / Mobile per Terminal to your Raspberry Pi.
37
+
38
+You have to find your local IP address of your raspberry pi to connect per SSH to the terminal.
39
+
40
+Terminal command:
41
+
42
+```
43
+arp -n | awk '/b8:27:eb/ {print $1}'
44
+```
45
+
46
+In my constellation, it's 192.168.1.76. You can find it on your router as well.
47
+
48
+&nbsp;
49
+
50
+Open your terminal and type:
51
+```
52
+ssh alarm@192.168.1.76
53
+alarm
54
+su
55
+root
56
+```
57
+
58
+> You have to use the IP quite often. Write it down.
59
+
60
+&nbsp;
61
+
62
+# Update system, keys etc. first
63
+```
64
+pacman -Sy archlinux-keyring && pacman-key --init && pacman-key --populate archlinuxarm && pacman -Syu
65
+```
66
+
67
+&nbsp;
68
+
69
+# Change timezone
70
+
71
+```
72
+timedatectl list-timezones
73
+```
74
+
75
+Choose your timezone and copy it.
76
+ctrl z
77
+
78
+&nbsp;
79
+
80
+__Input required:__
81
+```
82
+timedatectl set-timezone your-location
83
+```
84
+ctrl + x
85
+yes
86
+
87
+&nbsp;
88
+
89
+# Add another user
90
+
91
+&nbsp;
92
+
93
+__Input required:__
94
+```
95
+useradd -m -G wheel -s /bin/bash pwoss
96
+passwd
97
+your-password
98
+```
99
+
100
+&nbsp;
101
+
102
+## (Optional) Delete user alarm (archlinux | ARM)
103
+```
104
+userdel -r alarm
105
+```
106
+
107
+&nbsp;
108
+
109
+# Add user to sudo
110
+```
111
+pacman -S sudo --noconfirm && visudo
112
+```
113
+
114
+Uncomment:
115
+
116
+```
117
+# %wheel ALL=(ALL) ALL
118
+```
119
+
120
+to
121
+
122
+```
123
+%wheel ALL=(ALL) ALL
124
+```
125
+ctrl + x
126
+yes
127
+
128
+```
129
+su - pwoss
130
+```
131
+
132
+&nbsp;
133
+
134
+# Pikaur - AUR-Helper
135
+```
136
+sudo pacman -S packer git base-devel
137
+```
138
+
139
+> Enter (default=all)
140
+
141
+```
142
+cd && mkdir software && cd software && git clone https://github.com/actionless/pikaur.git && cd pikaur && makepkg -fsri --noconfirm
143
+```
144
+
145
+&nbsp;
146
+
147
+# Downgrade
148
+```
149
+pikaur -S downgrade --noconfirm
150
+```
151
+
152
+&nbsp;
153
+
154
+# Crontab
155
+```
156
+sudo pacman -S cronie --noconfirm && sudo systemctl enable cronie.service && sudo systemctl start cronie.service
157
+```
158
+
159
+&nbsp;
160
+
161
+# Change editor to nano
162
+```
163
+sudo nano /etc/environment
164
+```
165
+Paste under the lines:
166
+
167
+```
168
+export EDITOR=/usr/bin/nano
169
+```
170
+ctrl + x
171
+yes
172
+
173
+&nbsp;
174
+
175
+# Change hostname and hosts
176
+```
177
+sudo nano /etc/hostname
178
+```
179
+Delete alarmpi and add:
180
+
181
+```
182
+myServer
183
+```
184
+ctrl + x
185
+yes
186
+
187
+```
188
+sudo nano /etc/hosts
189
+```
190
+Paste under the lines:
191
+
192
+```
193
+127.0.0.1 localhost
194
+127.0.1.1 myserver.localdomain myServer
195
+```
196
+ctrl + x
197
+yes
198
+
199
+&nbsp;
200
+
201
+# MariaDB
202
+```
203
+sudo pacman -S mariadb --noconfirm && sudo mysql_install_db --user=mysql --basedir=/usr/ --ldata=/var/lib/mysql/ && sudo systemctl enable mariadb.service && sudo systemctl start mariadb.service && sudo mysql_secure_installation
204
+```
205
+
206
+Hit enter and set up the mysql root password (use a good password) and hit the following enter for yes.
207
+
208
+&nbsp;
209
+
210
+# Dm-crypt LUKS
211
+```
212
+sudo cryptsetup -v luksFormat /dev/sda
213
+```
214
+
215
+YES
216
+
217
+&nbsp;
218
+
219
+__Input required:__
220
+passphrase=your-password
221
+
222
+```
223
+sudo cryptsetup luksOpen /dev/sda externalHD
224
+```
225
+
226
+&nbsp;
227
+
228
+__Input required:__
229
+passphrase=your-password
230
+
231
+```
232
+sudo mkfs.ext4 /dev/mapper/externalHD
233
+sudo mkdir /mnt/externalHD
234
+sudo cryptsetup luksClose externalHD
235
+sudo dd if=/dev/urandom of=/home/pwoss/.key bs=4096 count=4
236
+sudo chmod 400 /home/pwoss/.key
237
+sudo cryptsetup luksAddKey /dev/sda /home/pwoss/.key
238
+```
239
+
240
+&nbsp;
241
+
242
+__Input required:__
243
+passphrase=your-password
244
+
245
+```
246
+sudo nano /etc/crypttab
247
+```
248
+
249
+Add to the bottom:
250
+
251
+```
252
+externalHD /dev/sda /home/pwoss/.key luks
253
+```
254
+ctrl + x
255
+yes
256
+
257
+```
258
+sudo nano /etc/fstab
259
+```
260
+
261
+Add to the bottom:
262
+
263
+```
264
+/dev/mapper/externalHD /mnt/externalHD ext4 defaults 0 0
265
+```
266
+ctrl + x
267
+yes
268
+
269
+Do a reboot.
270
+
271
+```
272
+sudo reboot now -h
273
+```
274
+
275
+&nbsp;
276
+
277
+# Seafile server
278
+
279
+&nbsp;
280
+
281
+## Needed packages
282
+
283
+```
284
+sudo pacman -S fuse2 libarchive vala libevent libldap libmariadbclient python2-chardet python2-dateutil python2-django python-flup python2-gunicorn python2-memcached python2-openpyxl python2-pillow python2-pytz python2-requests python2-requests-oauthlib python2-six mysql-python wget --noconfirm
285
+```
286
+```
287
+pikaur -S libevhtp-seafile libsearpc python2-qrcode python2-cas python2-django-compressor python2-django-constance python2-django-picklefield python2-django-post-office python2-django-rest-framework python2-django-simple-captcha python2-django-statici18n python2-django-webpack-loader python2-django-pylibmc python2-wsgidav-seafile libselinux --noconfirm
288
+```
289
+
290
+> Enter Y (Yes) for everything.
291
+
292
+&nbsp;
293
+
294
+## Seafile user & Seafile data path
295
+```
296
+sudo useradd -m -r -d /srv/seafile -s /usr/bin/nologin seafile && sudo mkdir /mnt/externalHD/seafile && sudo chown -R seafile:seafile /mnt/externalHD/seafile
297
+```
298
+
299
+&nbsp;
300
+
301
+## Seafile installation
302
+```
303
+sudo -u seafile -s /bin/sh
304
+```
305
+```
306
+cd && mkdir installed && wget https://github.com/haiwen/seafile-rpi/releases/download/v6.3.4/seafile-server_6.3.4_stable_pi.tar.gz && tar -xzf seafile-server_* && mv seafile-server_* installed && cd seafile-server-* && ./setup-seafile-mysql.sh
307
+```
308
+
309
+Enter
310
+
311
+&nbsp;
312
+
313
+__Input required:__
314
+```
315
+servername = myServer
316
+ip = your-server_ip
317
+/srv/seafile/seafile-data = /mnt/externalHD/seafile/seafile-data
318
+```
319
+
320
+Hit enter for “8082”
321
+Hit 1
322
+Hit enter for “localhost” and “3306”
323
+> What is the password of the mysql root user?
324
+
325
+&nbsp;
326
+
327
+__Input required:__
328
+```
329
+your-password
330
+```
331
+
332
+Hit enter for “mysql user”
333
+
334
+&nbsp;
335
+
336
+__Input required:__
337
+```
338
+Enter the password for mysql user "seafile": your-password
339
+```
340
+
341
+Hit enter for “[ ccnet database ]”
342
+Hit enter for “[ seafile database ]”
343
+Hit enter for “[ seahub database ]”
344
+Enter through and wait until it’s done
345
+
346
+```
347
+./seafile.sh start
348
+./seahub.sh start
349
+```
350
+
351
+&nbsp;
352
+
353
+__Input required:__
354
+> enter admin email
355
+
356
+```
357
+your-@emailaddress.com
358
+```
359
+
360
+&nbsp;
361
+
362
+__Input required:__
363
+> enter admin password
364
+
365
+```
366
+your-password
367
+```
368
+
369
+&nbsp;
370
+
371
+> python2-urllib3 downgrade is still necessary to _python2-urllib3-1.23-2_
372
+> [PwOSS - Link](https://pwoss.xyz/downgrade-seafile-server-internal-server-error-couldnt-load-libraries/)
373
+
374
+```
375
+downgrade python2-urllib3
376
+```
377
+
378
+&nbsp;
379
+
380
+## Seafile server autostart
381
+```
382
+sudo nano /etc/systemd/system/seafile.service
383
+```
384
+```
385
+[Unit]
386
+Description=Seafile
387
+# add mysql.service or postgresql.service depending on your database to the line below
388
+After=network-online.target network.target mariadb.service
389
+
390
+[Service]
391
+Type=oneshot
392
+ExecStart=/srv/seafile/seafile-server-latest/seafile.sh start
393
+ExecStop=/srv/seafile/seafile-server-latest/seafile.sh stop
394
+RemainAfterExit=yes
395
+User=seafile
396
+Group=seafile
397
+
398
+[Install]
399
+WantedBy=multi-user.target
400
+```
401
+ctrl + x
402
+yes
403
+
404
+```
405
+sudo nano /etc/systemd/system/seahub.service
406
+```
407
+```
408
+[Unit]
409
+Description=Seafile hub
410
+After=network-online.target network.target seafile.service
411
+
412
+[Service]
413
+# change start to start-fastcgi if you want to run fastcgi
414
+ExecStart=/srv/seafile/seafile-server-latest/seahub.sh start
415
+ExecStop=/srv/seafile/seafile-server-latest/seahub.sh stop
416
+User=seafile
417
+Group=seafile
418
+Type=oneshot
419
+RemainAfterExit=yes
420
+
421
+[Install]
422
+WantedBy=multi-user.target
423
+```
424
+ctrl + x
425
+yes
426
+
427
+```
428
+sudo systemctl enable seafile.service && sudo systemctl enable seahub.service
429
+```
430
+
431
+&nbsp;
432
+
433
+## SeafDav (WebDav)
434
+```
435
+cd && cd conf && nano seafdav.conf
436
+```
437
+
438
+Change:
439
+
440
+```
441
+enabled = false
442
+```
443
+
444
+to
445
+
446
+```
447
+enabled = true
448
+```
449
+ctrl + x
450
+yes
451
+
452
+```
453
+cd && cd seafile-server-latest && ./seafile.sh restart && ./seahub.sh restart
454
+```
455
+
456 <