From 811789096730037b68d80c0d41e8852bb20b6474 Mon Sep 17 00:00:00 2001 From: Rich Kreider Date: Sun, 29 Mar 2026 22:30:57 -0400 Subject: [PATCH] new posts --- content/posts/hello.md | 5 --- ..._email.mdwn => mssql-job-history-email.md} | 7 +++- .../posts/{wireguard.mdwn => wireguard.md} | 42 +++---------------- 3 files changed, 12 insertions(+), 42 deletions(-) delete mode 100644 content/posts/hello.md rename content/posts/{job_history_email.mdwn => mssql-job-history-email.md} (98%) rename content/posts/{wireguard.mdwn => wireguard.md} (98%) diff --git a/content/posts/hello.md b/content/posts/hello.md deleted file mode 100644 index 6a5edc7..0000000 --- a/content/posts/hello.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hello, world. -date: 2026-03-27 ---- -Hello world. diff --git a/content/posts/job_history_email.mdwn b/content/posts/mssql-job-history-email.md similarity index 98% rename from content/posts/job_history_email.mdwn rename to content/posts/mssql-job-history-email.md index 2c593a8..565e7e9 100644 --- a/content/posts/job_history_email.mdwn +++ b/content/posts/mssql-job-history-email.md @@ -1,4 +1,9 @@ -# SQL Server: Daily Failed SQL Job Email Report +--- +title: "SQL Server: Daily Failed SQL Job Email Report" +date: 2026-03-29 +toc: true +tags: ["mssql"] +--- This guide sets up: diff --git a/content/posts/wireguard.mdwn b/content/posts/wireguard.md similarity index 98% rename from content/posts/wireguard.mdwn rename to content/posts/wireguard.md index 57a25fc..cce8d94 100644 --- a/content/posts/wireguard.mdwn +++ b/content/posts/wireguard.md @@ -1,5 +1,9 @@ -# WireGuard VPN Setup on Debian 13 - +--- +title: "WireGuard VPN Setup on Debian 13" +date: 2026-03-29 +toc: true +tags: ["wireguard","debian","linux"] +--- Clean, minimal, self-hosted WireGuard setup with: - Full tunnel support @@ -7,8 +11,6 @@ Clean, minimal, self-hosted WireGuard setup with: - Multi-user capability - Per-user access control via firewall ---- - ## 0. Assumptions - Public interface: `eth0` @@ -17,8 +19,6 @@ Clean, minimal, self-hosted WireGuard setup with: Replace `eth0` with your real interface name if needed, such as `ens18`, `ens3`, or `enp1s0`. ---- - ## 1. Install WireGuard ``` @@ -26,8 +26,6 @@ apt update apt install wireguard ``` ---- - ## 2. Enable IP Forwarding ``` @@ -41,8 +39,6 @@ echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sysctl -p ``` ---- - ## 3. Generate Keys ``` @@ -54,8 +50,6 @@ wg genkey | tee client.key | wg pubkey > client.pub chmod 600 *.key ``` ---- - ## 4. Server Configuration Create: @@ -90,8 +84,6 @@ Notes: - `AllowedIPs = 10.10.10.2/32` means that client owns only `10.10.10.2`. - Do not reuse keys between devices. ---- - ## 5. Start WireGuard ``` @@ -106,8 +98,6 @@ wg show ip addr show wg0 ``` ---- - ## 6. Client Configuration Use this on Windows, Linux, or macOS: @@ -137,8 +127,6 @@ Example split tunnel: AllowedIPs = 10.10.10.0/24, 192.168.50.0/24 ``` ---- - ## 7. Open Firewall Port If using UFW: @@ -153,8 +141,6 @@ Or raw iptables: iptables -A INPUT -p udp --dport 51820 -j ACCEPT ``` ---- - ## 8. Test Connection From the client: @@ -173,8 +159,6 @@ Also test: ping 10.10.10.1 ``` ---- - ## 9. Add Additional Users Generate new keys: @@ -213,8 +197,6 @@ AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25 ``` ---- - ## 10. Access Control and Network Design WireGuard handles authentication by key. @@ -237,8 +219,6 @@ The examples below use: Adjust these to your actual peer IP assignments. ---- - ### Scenario A: Public server only, no private networks behind it This is the simplest case. @@ -288,8 +268,6 @@ Example: block all other VPN clients from SSH to the server: iptables -A INPUT -i wg0 -p tcp --dport 22 -j DROP ``` ---- - ### Scenario B: Server has private networks behind it Use this if the Debian server can route to private networks such as: @@ -358,8 +336,6 @@ That gives split-tunnel access only to: - the VPN subnet - the private subnet behind the server ---- - ## 11. Remove or Revoke Access Remove a peer immediately: @@ -374,8 +350,6 @@ Or edit `wg0.conf` and reload: wg syncconf wg0 <(wg-quick strip wg0) ``` ---- - ## 12. Common Issues - IP forwarding not enabled @@ -387,8 +361,6 @@ wg syncconf wg0 <(wg-quick strip wg0) - Client clock wildly wrong - Forgot `PersistentKeepalive = 25` for clients behind NAT ---- - ## 13. Key Concepts - Each peer should have its own keypair @@ -397,8 +369,6 @@ wg syncconf wg0 <(wg-quick strip wg0) - VPN peer IPs should be treated like identities - Firewall rules decide what each peer can reach ---- - ## 14. Recommended Next Step This walkthrough uses `iptables` because it is straightforward and familiar. -- 2.47.3