content: new entries on network management

2025-10-06 19:36:34 +01:00 · 2025-10-06 19:36:34 +01:00 · 409eccd956
commit 409eccd956
parent e9534f53dc
3 changed files with 123 additions and 0 deletions
--- a/zk/Create_a_deploy_user.md
+++ b/zk/Create_a_deploy_user.md
@ -0,0 +1,59 @@
+---
+tags:
+  - servers
+---
+
+# Create a deploy user
+
+When I want to run deploy operations on my server from a client that is not me
+(e.g. Forgejo) it is best to create a user for this purpose that has limited
+conditions - more restricted than my `/home` user.
+
+Create user on server:
+
+```sh
+sudo useradd -m -s /bin/bash deploy
+```
+
+> `-m` gives him a home directory which is necessary for him to have an `.ssh/`
+> directory. `/bin/bash` gives him the ability to run shell commands.
+
+Give permissions:
+
+```sh
+sudo chown -R deploy:www-data /var/www
+sudo chmod -R 755 /var/www/
+```
+
+This:
+
+- Adds the user ("deploy") to the group of the default web server user
+  (`www-data`)
+- Gives deploy user full read/write/execute
+
+Then create an SSH key-pair for the deploy user following the steps at
+[Generating an SSH key for server access](./Generating_SSH_key_for_server_access.md)
+and add his public key to the `authorized_keys` file on the server.
+
+He'll first need his own `.ssh` directory however:
+
+```sh
+sudo mkdir -p /home/deploy/.ssh
+sudo touch /home/deploy/.ssh/authorized_keys
+sudo chmod 700 /home/deploy/.ssh
+sudo chmod 600 /home/deploy/.ssh/authorized_keys
+sudo chown -R deploy:deploy /home/deploy/.ssh
+```
+
+Then attempt to connect to ensure SSH access is working:
+
+```sh
+ssh -i .ssh/deploy_self_host_server deploy@server_ip
+
+```
+
+Now the SSH key associated with the deploy user can be used to remotely execute
+deployment functions on the server from any client.
+
+Next need to add deploy user's key to Forgejo eolas-api repo and test the action
+again
--- a/zk/DHCP.md
+++ b/zk/DHCP.md
@ -0,0 +1,24 @@
+---
+tags: [internet, networks]
+---
+
+# DHCP
+
+Stands for **Dynamic Host Configuration Protocol** and operates on consumer
+routers. This is a server protocol.
+
+Automatically assigns IP addresses and network configuration settings to devices
+when they connect to a network.
+
+Saves you from manually configuring each device on the network. Dynamically
+distributes:
+
+- [IP addresses](./IP_addresses.md)
+- [Subnet masks](./IP_addresses.md)
+- Default gateway addresses
+- DNS server addresses
+
+> Why was this pertinent to the configuration of my Pihole? DHCP on my router
+> will chose the default DNS server. I wanted to change the default DNS server
+> to use the address of the Pihole on the network. This change has to be made in
+> the DHCP settings.
--- a/zk/Generating_SSH_key_for_server_access.md
+++ b/zk/Generating_SSH_key_for_server_access.md
@ -0,0 +1,40 @@
+---
+tags:
+  - servers
+---
+
+# Generating SSH key for server access
+
+Using local machine generate new key:
+
+```sh
+ssh-keygen -t ed25519 -C "user@clientname" -f ~/.ssh/user_clientname
+```
+
+This creates a public/private key pair on the local machine, viz:
+
+```
+.ssh/user_clientname
+.ssh/user_clientname.pub
+```
+
+Get the public key:
+
+```sh
+cat .ssh/user_clientname.pub
+```
+
+Add to the server's authorized keys:
+
+```sh
+echo "PASTE_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys
+```
+
+Test by using the new public key to connect:
+
+```sh
+ssh -i ~/.ssh/user_clientname user@servername
+```
+
+Paste the private key into whatever client wants to access the server (e.g.
+Forgejo).