In this tutorial we're going to look at how you can contribute to the opsec blog, we'll look into how the work is being organized, and how to contribute via gitea. We'll also look into how you can run the blog yourself since it's entirely public domain (Creative Commons Zero license).
First, look at all the blogposts that are yet to be completed from the opsec index page to see if there are some you'd like to do:
Each tutorial (even if completed) has it's own assigned issue on gitea:
You can pick one that you'd like to do, if you see one that has a red cross you can click on it, it will redirect you to it's assigned gitea issue (example: Easy Private Chats - SimpleX you are free to brainstorm it further like so:
The idea being that each issue needs to have a clear todolist to bring clarity on what needs to be done in it. Please check if the tutorial is already assigned to someone already or not:
At first, I am assigning only one contributor per tutorial, and only one tutorial per contributor at a time, with a default deadline of 1 month. to complete the assigned tutorial. (if you want to extend the deadline, you'll have to contact me first).
In short, please choose a tutorial that is neither done, nor assigned yet, you can check the status of each tutorial on the project board here:
The list of tutorials that are not assigned yet are in the second column, once you have chosen one just ping me on SimpleX or in the Opsec SimpleX group chat.
You can also submit a suggestion to me directly if you think this blog is missing something crucial, such as a brand new blogpost idea (although make sure it remains on topic for Privacy / Anonymity / Deniability) i am NOT looking for regular Sysadmin tutorials here.
If you think one of the existing tutorials is missing something, feel free to criticize them in their assigned issues (ping me when you do so, so i don't miss it):
After discussing with me what task you want to do, we'll confirm on the price for that tutorial and after i get your confirmation i'll assign it to you, and that's when you can start to work on it.
Disclaimer: if you're not used to writing technical stuff, please aim for the tutorials that are labeled as "Simple" and that you actually understand. Don't try to bite more than you can chew, otherwise i might refuse further contributions coming from you. You should be at least familliar with the topic you intend to talk about.
Now you first need to sign up on gitea, if you want to maintain your anonymity feel free to get yourself a mailbox anonymously such as signing up on protonmail using the tor browser. and then use that email to sign up onto gitea aswell:
From there, you can fork the repository, from your new account:
You can leave everything as default as shown below:
Now from there you continue from the commandline, do a git clone the repository you just forked, and do the edits you need to do:
[ mainpc ] [ /dev/pts/18 ] [~/Documents]
→ git clone https://git.nowhere.moe/6dv9lk1pbaflulau/blog-contributions
Cloning into 'blog-contributions'...
remote: Enumerating objects: 3400, done.
remote: Counting objects: 100% (3400/3400), done.
remote: Compressing objects: 100% (2729/2729), done.
remote: Total 3400 (delta 1588), reused 2109 (delta 609), pack-reused 0 (from 0)
Receiving objects: 100% (3400/3400), 149.35 MiB | 6.82 MiB/s, done.
Resolving deltas: 100% (1588/1588), done.
[ mainpc ] [ /dev/pts/18 ] [~/Documents]
→ cd blog-contributions
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ ls
assets index.html opsec productivity pull.sh push.sh pushtoprod.sh README.md
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ cd opsec
now from there you can copy the template tutorial folder called "0_anon" into another folder:
[ mainpc ] [ /dev/pts/18 ] [Documents/blog-contributions/opsec]
→ cp -r 0_anon newtutorial
[ mainpc ] [ /dev/pts/18 ] [Documents/blog-contributions/opsec]
→ cd newtutorial
In it you will find the index.html file that you can edit from the commandline still:
[ mainpc ] [ /dev/pts/18 ] [blog-contributions/opsec/newtutorial]
→ pwd
/home/nihilist/Documents/blog-contributions/opsec/newtutorial
[ mainpc ] [ /dev/pts/18 ] [blog-contributions/opsec/newtutorial]
→ ls
index.html
[ mainpc ] [ /dev/pts/18 ] [blog-contributions/opsec/newtutorial]
→ vim index.html
and you can also view your edits in real time from your browser of choice, just put the complete path to the index.html file to view it in real time, for me it is as follows: /home/nihilist/Documents/blog-contributions/opsec/newtutorial/index.html (just hit F5 to refresh in the browser, everytime you save (:w) in vim)
Make sure that you follow the quality standard i described here: start with the Why, then the What, then the How. to describe how to do things, you can use images and screenshots like so:
<img src="12.png" class="imgRz">
To take screenshots like i do, you can use flameshot, it has everything you need for screenshots. When you take screenshots, dont forget to draw arrows to mention where the user needs to click, add text if something needs to be clarified, etc. and then save your screenshot in the same folder as your blogpost contribution (in this case, in blog-contributions/opsec/new-tutorial)
apt install flameshot -y
flameshot
If you are showcasing a complex tutorial please put into a graph what you are talking about. I used to make graphs using yEd Graphs (but it's closed source) so instead as of q3 2024 i'm using Drawio to make them, both tools have got everything you need to write complex graphs.
[ mainpc ] [ /dev/pts/3 ] [blog/opsec/manifesto]
→ apt search draw.io
Sorting... Done
Full Text Search... Done
draw.io/now 24.7.17 amd64 [installed,local]
draw.io desktop
[ mainpc ] [ /dev/pts/3 ] [blog/opsec/manifesto]
→ apt install draw.io
[ mainpc ] [ /dev/pts/3 ] [blog/opsec/manifesto]
→ drawio
If you want to use my logos for onymity, surveillance, centralisation, complexity, etc you can find them in the blog-contributions/opsec/logos/ directory:
Then, i'll let you go through the drawio documentation to learn how to use it, as there's alot to cover to add logos, change shapes, add text, add arrows, etc:
But in the end you should have a good looking graph like this one:
and if there are any commands to be shown, just copy paste from your terminal directly into the index.html file, into the pre code blocks:
<pre><code class="nim">
[ mainpc ] [ /dev/pts/20 ] [~/Nextcloud/blog]
→ vim index.html
</pre></code>
[ mainpc ] [ /dev/pts/20 ] [~/Nextcloud/blog]
→ vim index.html
Preferably copy paste the command outputs into the pre code blocks, so we i can save on storage space as images take alot more space than regular text.
Then once your tutorial is finished, don't forget to edit the footer to contain your contact details, your links if you have any, and your monero donation address.
Now your tutorial is ready to be sent over for review. So now you need to git push it to your forked repository like so:
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git config --global user.email "6dv9lk1pbaflulau@nowhere.moe"
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git config --global user.name "6dv9lk1pbaflulau"
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git add -A
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git commit
new tutorial contribution
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
#
# On branch main
# Your branch is up to date with 'origin/main'.
#
# Changes to be committed:
# new file: opsec/newtutorial/index.html
# modified: push.sh
ESC :wq
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git push
Username for 'https://git.nowhere.moe': 6dv9lk1pbaflulau
Password for 'https://6dv9lk1pbaflulau@git.nowhere.moe':
Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 4 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 388 bytes | 388.00 KiB/s, done.
Total 4 (delta 3), reused 0 (delta 0), pack-reused 0
remote:
remote: Create a new pull request for '6dv9lk1pbaflulau:main':
remote: https://git.nowhere.moe/nihilist/blog-contributions/compare/main...6dv9lk1pbaflulau:main
remote:
remote: . Processing 1 references
remote: Processed 1 references in total
To https://git.nowhere.moe/6dv9lk1pbaflulau/blog-contributions
7c759d3..7067b5c main -> main
Now you have pushed your changes to your forked respository, from there you can make a Pull request (asking me to pull in your changes, to the main repository) as follows:
now from there your pull request is created, and i'll review it as soon as i get the time:
If it's not complete, i'll comment in there asking you to add what's missing, changes that you must actually finish before the deadline. To add further changes simply add more commits to it
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ vim opsec/newtutorial/index.html
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git add -A
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git commit
forgot to do this change!
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
#
# On branch main
# Your branch is up to date with 'origin/main'.
#
# Changes to be committed:
# modified: opsec/newtutorial/index.html
ESC :wq
[main eb4b994] forgot to do this change!
1 file changed, 1 insertion(+), 1 deletion(-)
[ mainpc ] [ /dev/pts/18 ] [~/Documents/blog-contributions]
→ git push
Username for 'https://git.nowhere.moe': 6dv9lk1pbaflulau
Password for 'https://6dv9lk1pbaflulau@git.nowhere.moe':
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 4 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (5/5), 432 bytes | 432.00 KiB/s, done.
Then wait for me to confirm the content is complete, and then i'll accept the pull request and merge it into the main repository.
As you may have noticed, the entire blog is Public Domain (Creative Commons Zero license), which means that you can not only save the files for yourself, but you can also run it under your own clearnet or onion domain.
To do so you can just git clone it on a VPS like so :
[ Datura ] [ /dev/pts/0 ] [~]
→ cd /srv
[ Datura ] [ /dev/pts/0 ] [/srv]
→ git clone https://git.nowhere.moe/nihilist/blog-contributions blog
And then using nginx you can make it publicly accessible over clearnet, or over Tor. Feel free to reuse my nginx config if you want to host it, just change the domains to be your instead.
[ Datura ] [ /dev/pts/0 ] [/srv]
→ cat /etc/nginx/sites-enabled/blog.nowhere.moe.conf
server {
listen 80;
listen [::]:80;
server_name blog.nihilism.network;
return 301 https://blog.nowhere.moe$request_uri;
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name blog.nihilism.network;
ssl_certificate /root/.acme.sh/blog.nihilism.network/fullchain.cer;
ssl_certificate_key /root/.acme.sh/blog.nihilism.network/blog.nihilism.network.key;
return 301 https://blog.nowhere.moe$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name blog.nowhere.moe;
return 301 https://$server_name$request_uri;
}
server {
######## TOR CHANGES ########
listen 4443;
listen [::]:4443;
server_name blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion;
add_header Onion-Location "http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion$request_uri" always;
######## TOR CHANGES ########
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.nowhere.moe;
########################################## HARDENING SSL #############################################
ssl_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
ssl_certificate_key /root/.acme.sh/blog.nowhere.moe/blog.nowhere.moe.key;
ssl_dhparam /root/.acme.sh/dhparam.pem;
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_ecdh_curve auto;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /root/.acme.sh/blog.nowhere.moe/fullchain.cer;
resolver 1.1.1.1 208.67.222.222;
add_header Strict-Transport-Security "max-age=63072000" always;
access_log off;
error_log off;
###################################END OF HARDENING SSL###########################################
root /srv/blog/;
rewrite ^/servers/anon.html /opsec/index.html permanent;
rewrite ^/servers/(.*)$ /opsec/$1 permanent;
index index.html;
}
Then you can check if the nginx configuration is correct like so:
[ Datura ] [ /dev/pts/0 ] [/srv]
→ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ Datura ] [ /dev/pts/0 ] [/srv]
→ systemctl restart nginx
Now to make sure it remains updated on a hourly basis, you can have the following cronjob:
[ Datura ] [ /dev/pts/0 ] [/srv]
→ crontab -e
0 * * * git -C /srv/blog pull
And that's it! you're now helping me educate people on what technology can do to enhance their lives :)
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
Contact: nihilist@contact.nowhere.moe (PGP)