Add wg

content/posts/ROS.md

@@ -0,0 +1,23 @@
+
++++
+date="2023-03-03"
+author="spanskiduh"
+title="ROS"
+description="click to read about ROS"
++++
+# ROS
+
+
+### Basic commands
+
+- `catkin_make` builds the project.
+- `roscore` Start the root node.
+- `rosrun <package> <program>` execute a node.
+- `rospack list` list all installed packages.
+- `rostopic list` list all the current active topics
+- `rostopic info <topic>` print all the information about the topic(publishers / subscribers).
+- `rostopic pub <topic> <mssg-typ> <mssg>` send a message to a topic.
+- `rostopic echo <topic>` subscribe to a topic.
+- `rostopic hz <topic>` get frequency of messages.
+- `rosnode list` list all avaliable nodes.
+- `rosnode info <node>` get detailed information about the node.

content/posts/milvus_db.md

@@ -1,6 +1,6 @@
 
 +++
-date="2023-02-26"
+date="2023-02-28"
 author="spanskiduh"
 title="milvus_db"
 description="click to read about milvus_db"
@@ -38,7 +38,18 @@ Pymilvus version: 2.2.1
 Learn more: https://github.com/zilliztech/milvus_cli.
 
 
-milvus_cli >
+milvus_cli > connect <options> # to connect to the database 
+# You can always use the help command to help you craft better
 ```
 
+The best reference how to use their CLI is their (https://github.com/milvus-io/milvus_cli#commands)[Github] page and not the documentation.
+As it is more suitable for rapid development.
+
+### Useful commands
+
+```bash
+show collections 
+delete collection <coll_name>
+describe collection -c <coll_name> 
+```
 

content/posts/wireguard.md

@@ -0,0 +1,96 @@
+
++++
+date="2023-03-09"
+author="spanskiduh"
+title="wireguard"
+description="click to read about wireguard"
++++
+## Resources
+
+- [setup wireguard on ubuntu 20.4](https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-20-04)
+- [vagrant advanced guide](https://fedoramagazine.org/vagrant-beyond-basics/)
+- [WireGuard RFC](https://www.wireguard.com/papers/wireguard.pdf)
+- [Wireguard docker compose](https://gitea.spanskiduh.dev/spanskiduh/wireguard-docker/src/branch/main/docker-compose.yml)
+- [multiple ansible playbooks](https://stackoverflow.com/a/43183939)
+
+### Steps
+
+#### Steps on the server
+- Generate privatekey: `wg genkey | sudo tee /etc/wireguard/private.key`.
+- Change the ownership of the file so that the root will be the only one who can access it: `sudo chmod go= /etc/wireguard/private.key`.
+-  Generate a publickey `sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key`
+-  choose IP from reserved ranage
+	- by the  RFC 1918 specification:
+		- `10.0.0.0 to 10.255.255.255 (10/8 prefix)`
+		- `172.16.0.0 to 172.31.255.255 (172.16/12 prefix)`
+		- `192.168.0.0 to 192.168.255.255 (192.168/16 prefix)`
+- We will choose the `10.6.0.0/24` range
+- Write a config in `/etc/wireguard/wg0.conf`
+```bash
+[Interface]
+PrivateKey = <privkey>
+Address = 10.6.0.1/24
+ListenPort = 51820
+SaveConfig = true
+```
+- If we wanted to expose servers local network and not only the point to point connection:
+	- `sudo sh -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf"`
+- Find your public interface:
+	- `ip route list default`:
+		- `default via 192.168.121.1 dev eth0 proto dhcp src 192.168.121.115 metric 100`
+		-  We pick `eth0`.
+- Now lets add the iptables rules to our `wg0.conf`.
+```bash
+PostUp = ufw route allow in on wg0 out on eth0
+PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
+PreDown = ufw route delete allow in on wg0 out on eth0
+PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+```
+- Explanation:
+	- `ufw route allow in on wg0 out on eth0 `- This rule will allow forwarding IPv4 and IPv6 traffic that comes in on the wg0 VPN interface to the eth0 network interface on the server. It works in conjunction with the net.ipv4.ip_forward and net.ipv6.conf.all.forwarding sysctl values that you configured in the previous section.
+	- `iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE` - This rule configures masquerading, and rewrites IPv4 traffic that comes in on the wg0 VPN interface to make it appear like it originates directly from the WireGuard Server’s public IPv4 address.
+	- `ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE` - (OPTIONAL) This rule configures masquerading, and rewrites IPv6 traffic that comes in on the wg0 VPN interface to make it appear like it originates directly from the WireGuard Server’s public IPv6 address.
+
+- Lets also setup the ufw:
+	- `sudo ufw allow 51820/udp`
+	- `sudo ufw allow OpenSSH`
+	- `sudo ufw reload`
+	- `sudo ufw status`
+
+- Now start the service:
+ 	-  `sudo systemctl enable --now wg-quick@wg0.service`
+
+#### Steps on client
+- What you need:
+	- Basically you must generate the priv and pub key same as on the server
+	- public IP of a server
+	- server pubkey
+
+- Now generate a file `/etc/wireguard/wg0.conf`
+```bash
+[Interface]
+PrivateKey = <Generted privkey on client>
+Address = 10.6.0.X/24
+
+[Peer]
+PublicKey = <server pubkey>
+AllowedIPs = 10.6.0.0/24
+Endpoint = <server public ip>:51820
+```
+
+- Now login to a server and register a client:
+	- `sudo wg set wg0 peer <client-pubkey> allowed-ips <client-wg-ip>`
+	- And check if the peer is listed with `sudo wg`
+
+
+### DNS
+If you are using the WireGuard Server as a VPN gateway for all your peer’s traffic, you will need to add a line to the `[Interface]` section that specifies DNS resolvers. If you do not add this setting, then your DNS requests may not be secured by the VPN, or they might be revealed to your Internet Service Provider or other third parties.
+
+- To get a list which DNS reslovers the wireguard server uses (issue this command on a connected peer):
+	-  `resolvectl dns eth0`
+	-  then select one and add the ip to tthe bottom of the `[Interface]`  section `/etc/wireguard/wg0.conf`
+```bash
+[Interface]
+...
+DNS = <ip from command>
+```