Best Binary Options Robots And Auto Trading Software ...

nginx reverse proxy configuration settings?

Hey all,
After recently working through my nginx reverse proxy configuration, I noticed mine, while working as expected, could be structured much cleaner than it currently is.
So I'm curious about two things
  1. How others have structured their nginx.conf, sites-enabled/default, conf.d/jellyfin.conf. and any other config files they may have. It seems the best practice is to define each area within its own config file. For example, http headers configured in conf.d/http_headers.conf and included in nginx.conf
  2. What specific settings do others use for both security and performance for jellyfin - obviously the jellyfin docs have nginx settings listed, but curious what others do beyond these.
For context, I run a local static website along with proxying to jellyfin and I'm sure I could be doing things better than I currently am.
Here's my nginx.conf for example:
## ================================= ## to test configuration for errors ## run: gixy /etc/nginx.conf ## ================================= user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024; multi_accept on; } http { charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; log_not_found off; types_hash_max_size 2048; # size Limits & Buffer Overflows client_body_buffer_size 128K; client_header_buffer_size 16k; client_max_body_size 32M; large_client_header_buffers 4 16k; # timeouts client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; server_names_hash_bucket_size 128; server_name_in_redirect off; # MIME include /etc/nginx/mime.types; default_type application/octet-stream; # logging access_log /valog/nginx/access.log; error_log /valog/nginx/error.log; # Diffie-Hellman parameter for DHE ciphersuites ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # SSL Settings ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1d; ssl_session_tickets off; ssl_prefer_server_ciphers on; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=60s; resolver_timeout 5s; # virtual Host Configs include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; # gzip Settings gzip on; gzip_http_version 1.1; gzip_vary on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_proxied any; gzip_comp_level 1; gzip_min_length 10240; gzip_buffers 16 8k; # what gzip will compress gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; } 
jellyfin.conf:
server { listen 80; listen [::]:80; server_name $webAddress; set $jellyfin 192.168.20.203; # only domain name requests allowed if ($host !~ ^($webAddress)$ ) { return 444; } # only get,head,post requests allowed if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } # Redirect to HTTPS if ($host = $webAddress) { return 302 https://$server_name$request_uri; } return 404; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name $webProxyAddress; set $jellyfin 192.168.20.203; # if they come here using HTTP, bounce them to the correct scheme error_page 497 https://$server_name:$server_port$request_uri; # only domain name requests allowed if ($host !~ ^($webProxyAddress)$ ) { return 444; } # only get,head,post requests allowed if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } # block download agents if ($http_user_agent ~* LWP::Simple|BBBike|wget) { return 403; } # SSL certs ssl_certificate ...; ssl_certificate_key ...; ssl_trusted_certificate ...; # HTTP security headers -- JELLY DOC add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sendev1/cast_sender.js; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; # HTTP security headers -- added for A+ rating add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Referrer-Policy 'strict-origin'; add_header Expect-CT 'enforce, max-age=3600'; add_header Feature-Policy "autoplay 'none'; camera 'none'"; add_header Permissions-Policy 'autoplay=(); camera=()'; add_header X-Permitted-Cross-Domain-Policies none; # password security auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd; # proxy Jellyfin - copied fron jellyfin docs location / { proxy_pass http://$jellyfin:8096; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; # Disable buffering proxy gets very resource heavy proxy_buffering off; } # location block for Jellyfin /web - copied from jellyfin docs # purely for aesthetics location ~ ^/web/$ { proxy_pass http://$jellyfin:8096/web/index.html; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; } # websocket Jellyfin - copied from jellyfin docs location /socket { proxy_pass http://$jellyfin:8096; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; } } 
default
# set access rate limit: only allow 4 requests per second limit_req_zone $binary_remote_addr zone=one:10m rate=4s; # caching map map $sent_http_content_type $expires { default off; text/html epoch; text/css 5m; application/javascript 5m; ~image/ 5m; } server { listen 80 default_server; listen [::]:80 default_server; server_name $webAddress; # only get,head,post request allowed if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } # only domain name requests allowed if ($host !~ ^($webAddress)$ ) { return 444; } # redirect to HTTPS if ($host = $webAddress) { return 301 https://$host$request_uri; } return 404; } server { listen [::]:443 ssl http2; listen 443 ssl http2; server_name $webAddress; root /vawww/html; index index.html; # if they come here using HTTP, bounce them to the correct scheme error_page 497 https://$server_name:$server_port$request_uri; # redirect errors to 404 page error_page 401 403 404 /404.html; # set 503 error page error_page 503 /503.html; # only domain name requests allowed if ($host !~ ^($webAddress)$ ) { return 444; } # only get,head,post requests allowed if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } # block download agents if ($http_user_agent ~* LWP::Simple|BBBike|wget) { return 403; } # block some robots if ($http_user_agent ~* msnbot|scrapbot) { return 403; } # caching map expiration expires $expires; # cache location ~* /.(jpg|jpeg|png|gif|ico|pdf|png|ico|woff2|woff)$ { expires 5m; } # prevent deep linking location /img/ { valid_referers blocked $webAddress; if ($invalid_referer) { return 403; } referer_hash_bucket_size 128; } # SSL certs ssl_certificate ...; ssl_certificate_key ...; ssl_trusted_certificate ...; # HTTP security headers -- A+ rating add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header Content-Security-Policy "base-uri 'self'; default-src 'none'; frame-ancestors 'none'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self'; script-src 'self' http https; form-action 'self'; require-trusted-types-for 'script'"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Referrer-Policy 'strict-origin'; add_header Expect-CT 'enforce, max-age=3600'; add_header Feature-Policy "autoplay 'none'; camera 'none'"; add_header X-Permitted-Cross-Domain-Policies none; add_header Permissions-Policy 'autoplay=(); camera=()'; location /nginx_status { stub_status on; access_log off; # restrict access to lan allow 192.168.1.0/24; deny all; # security auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd; } location / { try_files $uri $uri/ =404; # rate limit limit_req zone=one burst=10 nodelay; } } 

submitted by famesjranko to jellyfin [link] [comments]

The SS Cardif

“Attention all crew; I repeat - Attention all crew.” the ship - wide loudspeaker announced.
He and the runtime of Flowers had their arms buried deep in the guts of a Goat gear hauler trying to reconnect its aft starboard repulser module and looked at each other questioningly.
With a series of snaps, a waldo from Flowers’ forearm began snapping in the connections on their side, as he thought his own manipulators from both of his forearms and they began plugging in the nine pin connectors on his side.
“Mr. Drake and Runtime Flowers to Ops. Mr. Drake and Runtime Flowers to Ops.
“Dout leader Mri’x to Ops. Dout leader Mri’x to Ops.”
The mostly-human and the robot-looking vessel for his AI friend both produced wondering looks. “Runner!” the mostly-human, Mr. Drake yelled out into the maintenance bay.
A Mwraht, a slender bipedal humanoid coated in fur and wearing their moccasin like deck boots and the ubiquitous brown leather smock vest they favored, suddenly appeared, wippingits hands.
It was M’arh, a student on the ship learning ship engineering and maintenance from the human and AI perspective. It regarded Drake with an earnest expression in its tilted almond-shaped eyes.
“Please run to ops and let them know we’ll be along shortly,”
M’arh smiled and mouthed something, and the translator, in a fair facsimile of what M’arh’s voice would sound like if the Mwraht’s mouth could form the words said “At once,Instructor”, and took off.
“They never cease to puzzle me.” Flowers said in a voice synthesised and engineered to sound like an erudite Free Wales Easterner with a touch of Old Earth, fitting the bolts on the deflector on his side as Drake thought out a data probe and began running diagnostics on the repulser.
Drake looked at him quizzingly, as he split his attention between the connectivity check and his other hand began bolting on the deflector on his side.
“There are nuances to their speech, as well as odorant aspects to what he said that you cannot hear or smell, though I have been working on an idea where you could.” Flowers said as he began hooking up the power cables on their side.
“Ok…” Drake said as he mentally pushed the diagnostics over to Flowers and pulled a ratchet from the fairing lip he had set it earlier, tightening down the deflector bolts.
“Meat bags” Flowers said, shaking his sensor pod. “Your kind are so oblivious!” Flowers announced, withdrawing their arms and standing up to their full two meter height. “And I see your frustration with biological markers at not knowing what I am talking about. Monkey-assed murder hobo meat bags.” Flowers said in a dead pan.He went over and began cleaning it’s arms and legs with an orange-based degreaser.
“That is Monkey-assed Augmented murder hobo meat bag to you, you synthetic shit!” Drake said, laughing, joining Flowers at the cleaning station, and began using the same cleaner on his replacement arms. “And I still have no idea what you are talking about.”
The humans and Mwarht in the maintenance bay all stopped what they were doing and looked on. In most instances, those words were an invitation to murder. The other Runtimes there, some Flowers, some Neptunian Wind, ignored it and kept working.
Flowers sighed, an unnecessary vocalization only, for emphasis. “They adore humans and revere you as something akin to a living deity. The Dout leaders here know you lead the teams that first boarded their ships and took on the Drix raiders to save them. They know you then lead the teams that boarded the Drix slaver destroyer and carried out retributionary subjugation for what the Drix had been doing on the Mwraht ships.
“They do not know how you then petitioned the Order and led raids into Drix territory and assaulted the slaver worlds.”
Flowers looked at their human friend, and saw the distress in his eyes. Both knew the augmented human, and a small army of fellow Augies and Runtimes had taught the Drix in the clearest way possible to stay out of human space and leave the Mwraht alone in such a clear and brutal fashion whose necessity still bothered the human.
Flowers lowered their voice, straightening their friend’s work smock. “M’arh’s grandsire was on that first ship you boarded. Mri’x mother was on that ship and was the one about to be eaten and raped by a Drix, the one you pulled off of her and punched, it’s head rupturing.”
Even though they could see their words were causing him distress, Flowers continued.
“They love all humans, but they excrete a pheromone musk that is akin to the same one they excrete in their religious ceremonies, but slightly different, when they interact with you, or after a few beers and they talk to you. Their sub vocalizations are completely adoring and submissive when it comes to you. Some of the females and a non-zero number of males fantasize about being ‘taken’, or mated, by you. You idiot.”
“Fuck.”
“That was implied.”
“You fucking pretentious Rooba. You know what I meant.”
“Flowers laughed. “Yes, we do. I still love the word play, though.”
“I really wish you had been with me. I know, you were tied up on that Artifact World, but I sometimes wish you had been there, to keep me in check. I was not in a good place.” He brushed himself off, found his coffee mug and set off for the passageway that led to Ops.
“I have told you before, be glad I wasn’t. Your response was far more measured and restrained than my would have been. It is a flaw in our Matrices. Slavery brings out the ‘murder-bot’ in us, and no one in the Order can figure out why.”
“I know that you have the facts of my actions, but it was like I was in the Second War, again. And we both know what a bloodthirsty asshole I was then.” The human, if that term even applied to their friend anymore, remembered what a monster he had been in the Alpha Centauri and Tau Ceti theatres of the Second War. The pain and humiliation of what he had been was written plainly on his face.
“You destroyed three hundred and eighty three of my Runtimes, roughly half of which was in single combat. And that was before the Holies shredded your limbs. The Purists still consider you a living dataphage, akin to human allegories of Satan. My kind uses you as one of many examples of why we must never war with Humanity again.
“And, strangely enough, the Seekers consider you both a Singularity to be understood and an objective: to breed with you, thinking you are a key to their evolution.”
He stopped dead and looked at Flowers shocked.
“I will provide logs to prove these statements.”
The Seekers were the strangest of the AI’s, in his opinion. They had made themselves biological Runtime vessels, biological bodies, that they wore like clothing, compiling experiences seeking to understand Humanity, their Creators, and evolve past the limitations of being an AI. Not to become human, but to become something that was both the best of AI and Human essences and so much more.
“So, I’m a Classical hero to the Mwraht and a boogey man and bad example to the AIs that they want to breed. Great.” Drake pinched his nose and shook his head.
“You did not know any of this, I take it?” Flowers asked.
“The second war was almost two hundred years ago. When the Order brought me in, you were already a member and I thought they were going with the whole forced-to-learn-each-other thing when they sent us out on that mapping mission; like they did with the Iberrians and the Chinese. I thought the other AI just had a thing about me from the War, which is understandable.
“And I had no idea about the rest. I thought that the Mwraht just thought I was the cool teacher.” He shook his head and leaned up against the wall, massaging his temples one-handedly.
“Idiot murder hobo.” Flowers said, realizing now that their friend, while brilliant, was oblivious.
At that point, Mri’x came around the corner, his fur a glossy black with dark grey stripes. Mri’x looked at Flowers sternly, then nodded at Drake as he passed.
Drake looked at Flowers questioningly, who nodded. Both had caught that Mri’x had cut his translator as he passed and caught a gutteral call. “It was a vulgar corollary to ‘Talking Waste Receptacle’. Quite elegant, really.”
Drake shook his head and began his way to Ops again. “Send me the specs on the hearing and smelling upgrades. I think I need to upgrade again.”
As fast as thought, the files were there, as well as one to improve his language skills with them.
* * *
Captain Sarah Rees of the Union of Independent Stars Exploratory Vessel SS University of New Cardiff was looking over holographic charts at the central tank with her XO, Lt. Commander Martin. Both had the mocha skin common to Westerlies of Free Wales, she a pixie of a woman shorter than even some of the Mwraht with close shaved hair beginning to show grey. Mr. Martin was taller, but still dwarfed by most of the rest of the human crew. He was a vicious social climber who didn’t care for the civilian crew, though a misstep on his part when he was still Stellar Navy had made him as much of a civilian as anyone else in the crew, a fact he often forgot. And for some reason he loathed the three AI aboard, and looked down his nose at the Mwraht. This led to all sorts of headbutting with Drake’s group of Operations Specialists and Drake himself; who largely ignored and dismissed the little shit.
“Leader Mri’x, Mr. Drake. Thank you for joining us. M’arh informed us you couldn’t pull away. Flowers, thank you for coming as well.” Rees said as she moved around to the far side of the tank, in a darkened room full of people at work stations worked with either data plugs or AR sets. Flowers took no insult. They readily accepted that they were Drake’s Executive Officer for his group, and their ego, as such, wasn’t as easily bruised as a human’s” Flowers gave a nod with their sensor pod and took a manipulators-behind-the-back stance the humans were fond of.
“Thirty minutes ago” Rees continued, “we picked up a GP general distress beacon from a system that was on our research list. We will be bypassing the next two on the list and based on the current agreements with the Galactic Parliament, we will be going to full power and make best speed for the system in question. It is in uncharted space as far as we, the GP and the Conclave are concerned.”
The GP, the System Confederacy, the UIS and the AI Conclave had all agreed to adopt what was essentially humanity’s Maritime Law and all ships receiving the signal were required to render aid.
Drake took all of this in and thought out a series of commands to the six Kodiak Class corvettes in the retired Assault Cruiser’s forward hanger, beginning their startup sequence and pinged the comm devices of all of his Operations Specialists. Flowers looked over and nodded. Little known to the crew, except the Captain, those ships could be armed to the teeth with a minimum of work. Flowers sent his command to arm them, the ship systems’ pinged Drake as confirmation and he agreed. Drones began opening the hull and loading the weapons packages, removed fairings that covered weapons ports and began preflighting the weapons, as another set began bringing the ships to life.
“We will be ready when needed, Captain. Option two.” Flowers announced. She smiled in somber appreciation. She was glad she had the option. She was about to race into an unknown system to answer a vague distress call with zero intelligence.
While this was going on, in the aft bay, hundreds of drones were coming to life as Mri’x brought his group to action. With a thought Drake and Flowers authorized the release of weapons to Mri’x so his drones could be armed. Mwraht drones were some of the best in either race, outside of the Conclave, and the AIs had even adopted many of the construction techniques the Mwraht used, especially their alloy that allowed a small fusion bottle to power the EM Cavity engines, weapons and shields.
The fact that the Order had given literal tons of precious metals and set up arcologies for the Mwraht in payment had made the Refugee Mwraht colonies some of the richest ones in known space.
Mri’x subvocalized and his translate stated “drones will be ready as well, Leader.”
“Thank you, Leader.” Captain Rees said with a bow of her head, then began drawing plans up in the tank. “We know little, but we are past the signal shell, and there is nothing but the beacon and normal noise.
“The system is a stable red dwarf binary one, the stars holding about a light-hour from each other, at their closest. We expect that based on stutter, a few terrestrial bodies inside the orbit of a mid-sized gas giant, that is three light-hours out from the outermost orbit of the primaries. We see some wobble that there are a few solid bodies out from the gas giant.”
The tank then zoomed on a rough solar system as described, the gas giant was a solid neon green sphere on the display, with a ‘Jx3.1’ tag on it. Three times the mass of Jupiter. The thing wasn’t a true Super Jupiter, but it would play holy hell with the system, and make modelling a lot more hard. The problem was that it exhibited 3.1 times more gravitational influence on its stars than Jupiter did, but that didn’t say how big it actually was. They wouldn’t know that until they came out of the Trough and then Alcubierre drive. The telescopes were essentially useless at this point.
“The system is slightly below the gravitic trough we are riding, so we will exit the trough and make best speed in A-Space to it. We will bring the STL drives up to 110% before doing so. After we drop the A-Drives, we’ll make best speed to the signal, scanning as we go. We will do a 150% burn and aerobrake if it is a planet, or cut the drives, rotate and crash burn if it is a ship.”
Wow, thought Drake. She is damned serious about this.
Those maneuvers would make them extremely visible yet incredibly hard to hit; and give them a high-G escape route if needed. But all of this was also going to play hell with the student-crew of the ship, who had long grown accustomed to 0.6G. It would also mean the Mwraht, who were still adapting to the higher-than-their-normal gravity would need to be in their special acceleration couches. They would still be able to operate their amazing drones, but not much else. The couches took an hour to cycle up to protect the Mwraht, and an hour to cycle off after they weren’t needed. The moves the Captain was planning were not a thing to undertake lightly. She suspected something. Drake pushed more commands at the Kodiak and gave all weapon system controls to Flowers for all of their ships.
The Kodiak corvettes were very deceptive Q-Ships. They looked like Massive trans-atmospheric cargo shuttles, but each one had the armor, power plant, FTL and STL drives of a frigate - and the weapons of a Destroyer.
Flowers turned to him, head tilted in their predefined “Are you bloody serious?“ look.
Drake just nodded once.
This exchange wasn’t lost on anyone there.
The Captain looked at Drake in an interrogatory fashion
“Armed up the Kodiaks and positioning them for a hot launch, if needed.”
The Captain smiled grimly and nodded. “We are planning on a rescue mission, will those changes reduce any capacity for the primary mission?” she asked.
“No, Captain.” Flowers answered for them.
She nodded and carried on.
“Mri’x, obviously, you’ll be couched for this, and I sincerely apologize for that. But something about this has my hackles up.”
“As are mine. GP ships do not have automated distress beacons, someone activated it. But we are three thousand light years from GP space, the closest GP race being the Drix.” He approached the holo tank and began expanding the map. “We call this space the Greater Void. It was the territory, long ago, of the ones we called-” the translator cut out at that point and was replaced with the gracile being’s raspy growl. Mri’x looked perplexed and growled again. “I see our translators have been modified to allow the uttering of The Nameless Ones true name.” The map zoomed out farther.
Soon, all of the mapped and a few of the suspected Dark Matter Troughs were displayed. They were like shadow arms of the galaxy, spiraling out from the core, a few of them wrapping themselves all the way around the galaxy.
“The ones you call the Fae are originally from here,” he indicated, a star not unlike Earth’s, almost a thousand light years from the star they were headed to, but smack dab in a grey band of a different Dark Matter Trough. It was a great curving grey patch that went coreward from the Earth-like star, passing within about fifty lightyears of Earth.
The Fae were a recent mystery the Tides of the Universe had dumped upon the shores of Humanity just after the Second War, right before the Fall of Earth.
When they sent their pleas for Asylum out, they sent information about themselves. They were the barely viable population that had been running for three centuries in their great world ships made from hollowed out asteroids. What they had been running from was even to this day unclear, but in their tongue meant Dark Brethren.
The fact that tongue seemed to contain roots that became Sanskrit was a huge thing.
They were tall, whip-thin and pale people who breathed a lower oxygen percentage at lower pressures than humanity, and their normal gravity was about a third of what humanity
After First Contact, genetic samples proved they were, or had started out as human, roughly a hundred thousand years ago.
“This is the Coreward Flow from what you call the Crux-Scutum Arm through the Orion Arm, and to the Perseus Arm. The Drix call this whole area their equivalent word and meaning for Hell. Their myths say this is where the Monsters live.
“The Rest of the GP races call this The Red Zone, it is forbidden to fly here, and if you do, there will be no rescue. So of course this is where my people ran when we fled the Drix.”
Mri’x moved the hologram out again, showing this outer rim area that was the Red Zone included Earth, and all known human and AI settled worlds, of all the separate factions combined.
“The area is full of thousands of worlds your kind could land on, little to no protection required, unlike the Fae, who it would crush and pressure cook, as it would most of the races in the Galactic Parliament.” He zoomed in on an area at the far end of the Trough. “We ran here, and Mwarht Home is here.” He showed a system in a blue circle. Zooming out again he highlighted the Drix Combine, Coreward of and on the far side of the destroyed system the Fae had come from, hundreds of light years separated the three systems.
“We ran through the system the Fae came from when we ran from the Drix. We needed water and anything to recharge our ship farms' biological cycles.
“There were no solid planetary bodies in that system, just vast fields of debris where rocky planets were. No moons, no ice giants. Just the star, a larger red dwarf and gas giants and numerous asteroid belts. There were massive radiological signals throughout the system, and tons of debris. Something destroyed this system. In a way, it was a blessing for my people. The ice and debris were easily mineable for what we needed. We even found artifacts of the people that had once existed there. This is where we got our improved FTL drives and much of our weapons and armor technologies.” Mri’s looked somewhat ashamed. It was a racial shame. They hated, deep down, living on the detritus, cast-offs and charity of other races. Before the Drix they had been proud though primitive peoples who had yet to discover flight or antibiotics, let alone space flight. Easy pickings for the Drix.
“All of that was about one thousand lightyears from the system we are headed to, a few weeks' travel with your drives, months or years with Galactic Parliament standard drives. This area is one of mysteries and many, many dangers. Any race that could shatter every solid body in a star system is not to be taken lightly.” Mri’x looked up to his Captain, or as they called her ‘Leader of multiple Douts’.
“Thank you, Mri’x. Drake?”
“We will be ready for pretty much anything. I’d like to request permission for Flowers and Winds of Neptunes to take out their Scout bodies and launch just before we start braking, if we do.” He said. Winds appeared as a hologram of the planet Neptune, and pulsed in cadence with the words it spoke. “As you wish, Grand Master.” and winked out.
“Good plan, Drake. I take it you all will be on the Kodiaks with your crews?”
“Yes, Ma’am. I’ll leave four of them here, to bring the Field Engineering and field Science students down if the scene is safe. I’ll leave one set up for medical and Flowers can fly it down, if that becomes needed.”
“Very well. We are about eight hours out, if we stick to the plan. We leave the Trough in two hours. Drake, M’rizx, set up what you need. Mr. Martin, please take the Conn and give the Old Girl her legs, she needs to run. I’ll be meeting with the different department heads next.”
* * *
A/N: Lurker posting something HFY for the first time. A rough draft of something bigger I'm slowly working on.
submitted by 17_Bart to HFY [link] [comments]

NASPi: a Raspberry Pi Server

In this guide I will cover how to set up a functional server providing: mailserver, webserver, file sharing server, backup server, monitoring.
For this project a dynamic domain name is also needed. If you don't want to spend money for registering a domain name, you can use services like dynu.com, or duckdns.org. Between the two, I prefer dynu.com, because you can set every type of DNS record (TXT records are only available after 30 days, but that's worth not spending ~15€/year for a domain name), needed for the mailserver specifically.
Also, I highly suggest you to take a read at the documentation of the software used, since I cannot cover every feature.

Hardware


Software

(minor utilities not included)

Guide

First thing first we need to flash the OS to the SD card. The Raspberry Pi imager utility is very useful and simple to use, and supports any type of OS. You can download it from the Raspberry Pi download page. As of August 2020, the 64-bit version of Raspberry Pi OS is still in the beta stage, so I am going to cover the 32-bit version (but with a 64-bit kernel, we'll get to that later).
Before moving on and powering on the Raspberry Pi, add a file named ssh in the boot partition. Doing so will enable the SSH interface (disabled by default). We can now insert the SD card into the Raspberry Pi.
Once powered on, we need to attach it to the LAN, via an Ethernet cable. Once done, find the IP address of your Raspberry Pi within your LAN. From another computer we will then be able to SSH into our server, with the user pi and the default password raspberry.

raspi-config

Using this utility, we will set a few things. First of all, set a new password for the pi user, using the first entry. Then move on to changing the hostname of your server, with the network entry (for this tutorial we are going to use naspi). Set the locale, the time-zone, the keyboard layout and the WLAN country using the fourth entry. At last, enable SSH by default with the fifth entry.

64-bit kernel

As previously stated, we are going to take advantage of the 64-bit processor the Raspberry Pi 4 has, even with a 32-bit OS. First, we need to update the firmware, then we will tweak some config.
$ sudo rpi-update
$ sudo nano /boot/config.txt
arm64bit=1 
$ sudo reboot

swap size

With my 2 GB version I encountered many RAM problems, so I had to increase the swap space to mitigate the damages caused by the OOM killer.
$ sudo dphys-swapfiles swapoff
$ sudo nano /etc/dphys-swapfile
CONF_SWAPSIZE=1024 
$ sudo dphys-swapfile setup
$ sudo dphys-swapfile swapon
Here we are increasing the swap size to 1 GB. According to your setup you can tweak this setting to add or remove swap. Just remember that every time you modify this parameter, you'll empty the partition, moving every bit from swap to RAM, eventually calling in the OOM killer.

APT

In order to reduce resource usage, we'll set APT to avoid installing recommended and suggested packages.
$ sudo nano /etc/apt/apt.config.d/01noreccomend
APT::Install-Recommends "0"; APT::Install-Suggests "0"; 

Update

Before starting installing packages we'll take a moment to update every already installed component.
$ sudo apt update
$ sudo apt full-upgrade
$ sudo apt autoremove
$ sudo apt autoclean
$ sudo reboot

Static IP address

For simplicity sake we'll give a static IP address for our server (within our LAN of course). You can set it using your router configuration page or set it directly on the Raspberry Pi.
$ sudo nano /etc/dhcpcd.conf
interface eth0 static ip_address=192.168.0.5/24 static routers=192.168.0.1 static domain_name_servers=192.168.0.1 
$ sudo reboot

Emailing

The first feature we'll set up is the mailserver. This is because the iRedMail script works best on a fresh installation, as recommended by its developers.
First we'll set the hostname to our domain name. Since my domain is naspi.webredirect.org, the domain name will be mail.naspi.webredirect.org.
$ sudo hostnamectl set-hostname mail.naspi.webredirect.org
$ sudo nano /etc/hosts
127.0.0.1 mail.webredirect.org localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6allrouters 127.0.1.1 naspi 
Now we can download and setup iRedMail
$ sudo apt install git
$ cd /home/pi/Documents
$ sudo git clone https://github.com/iredmail/iRedMail.git
$ cd /home/pi/Documents/iRedMail
$ sudo chmod +x iRedMail.sh
$ sudo bash iRedMail.sh
Now the script will guide you through the installation process.
When asked for the mail directory location, set /vavmail.
When asked for webserver, set Nginx.
When asked for DB engine, set MariaDB.
When asked for, set a secure and strong password.
When asked for the domain name, set your, but without the mail. subdomain.
Again, set a secure and strong password.
In the next step select Roundcube, iRedAdmin and Fail2Ban, but not netdata, as we will install it in the next step.
When asked for, confirm your choices and let the installer do the rest.
$ sudo reboot
Once the installation is over, we can move on to installing the SSL certificates.
$ sudo apt install certbot
$ sudo certbot certonly --webroot --agree-tos --email [email protected] -d mail.naspi.webredirect.org -w /vawww/html/
$ sudo nano /etc/nginx/templates/ssl.tmpl
ssl_certificate /etc/letsencrypt/live/mail.naspi.webredirect.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; 
$ sudo service nginx restart
$ sudo nano /etc/postfix/main.cf
smtpd_tls_key_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; smtpd_tls_cert_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/cert.pem; smtpd_tls_CAfile = /etc/letsencrypt/live/mail.naspi.webredirect.org/chain.pem; 
$ sudo service posfix restart
$ sudo nano /etc/dovecot/dovecot.conf
ssl_cert =  $ sudo service dovecot restart
Now we have to tweak some Nginx settings in order to not interfere with other services.
$ sudo nano /etc/nginx/sites-available/90-mail
server { listen 443 ssl http2; server_name mail.naspi.webredirect.org; root /vawww/html; index index.php index.html include /etc/nginx/templates/misc.tmpl; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/iredadmin.tmpl; include /etc/nginx/templates/roundcube.tmpl; include /etc/nginx/templates/sogo.tmpl; include /etc/nginx/templates/netdata.tmpl; include /etc/nginx/templates/php-catchall.tmpl; include /etc/nginx/templates/stub_status.tmpl; } server { listen 80; server_name mail.naspi.webredirect.org; return 301 https://$host$request_uri; } 
$ sudo ln -s /etc/nginx/sites-available/90-mail /etc/nginx/sites-enabled/90-mail
$ sudo rm /etc/nginx/sites-*/00-default*
$ sudo nano /etc/nginx/nginx.conf
user www-data; worker_processes 1; pid /varun/nginx.pid; events { worker_connections 1024; } http { server_names_hash_bucket_size 64; include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf-enabled/*.conf; include /etc/nginx/sites-enabled/*; } 
$ sudo service nginx restart

.local domain

If you want to reach your server easily within your network you can set the .local domain to it. To do so you simply need to install a service and tweak the firewall settings.
$ sudo apt install avahi-daemon
$ sudo nano /etc/nftables.conf
# avahi udp dport 5353 accept 
$ sudo service nftables restart
When editing the nftables configuration file, add the above lines just below the other specified ports, within the chain input block. This is needed because avahi communicates via the 5353 UDP port.

RAID 1

At this point we can start setting up the disks. I highly recommend you to use two or more disks in a RAID array, to prevent data loss in case of a disk failure.
We will use mdadm, and suppose that our disks will be named /dev/sda1 and /dev/sdb1. To find out the names issue the sudo fdisk -l command.
$ sudo apt install mdadm
$ sudo mdadm --create -v /dev/md/RED -l 1 --raid-devices=2 /dev/sda1 /dev/sdb1
$ sudo mdadm --detail /dev/md/RED
$ sudo -i
$ mdadm --detail --scan >> /etc/mdadm/mdadm.conf
$ exit
$ sudo mkfs.ext4 -L RED -m .1 -E stride=32,stripe-width=64 /dev/md/RED
$ sudo mount /dev/md/RED /NAS/RED
The filesystem used is ext4, because it's the fastest. The RAID array is located at /dev/md/RED, and mounted to /NAS/RED.

fstab

To automount the disks at boot, we will modify the fstab file. Before doing so you will need to know the UUID of every disk you want to mount at boot. You can find out these issuing the command ls -al /dev/disk/by-uuid.
$ sudo nano /etc/fstab
# Disk 1 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /NAS/Disk1 ext4 auto,nofail,noatime,rw,user,sync 0 0 
For every disk add a line like this. To verify the functionality of fstab issue the command sudo mount -a.

S.M.A.R.T.

To monitor your disks, the S.M.A.R.T. utilities are a super powerful tool.
$ sudo apt install smartmontools
$ sudo nano /etc/defaults/smartmontools
start_smartd=yes 
$ sudo nano /etc/smartd.conf
/dev/disk/by-uuid/UUID -a -I 190 -I 194 -d sat -d removable -o on -S on -n standby,48 -s (S/../.././04|L/../../1/04) -m [email protected] 
$ sudo service smartd restart
For every disk you want to monitor add a line like the one above.
About the flags:
· -a: full scan.
· -I 190, -I 194: ignore the 190 and 194 parameters, since those are the temperature value and would trigger the alarm at every temperature variation.
· -d sat, -d removable: removable SATA disks.
· -o on: offline testing, if available.
· -S on: attribute saving, between power cycles.
· -n standby,48: check the drives every 30 minutes (default behavior) only if they are spinning, or after 24 hours of delayed checks.
· -s (S/../.././04|L/../../1/04): short test every day at 4 AM, long test every Monday at 4 AM.
· -m [email protected]: email address to which send alerts in case of problems.

Automount USB devices

Two steps ago we set up the fstab file in order to mount the disks at boot. But what if you want to mount a USB disk immediately when plugged in? Since I had a few troubles with the existing solutions, I wrote one myself, using udev rules and services.
$ sudo apt install pmount
$ sudo nano /etc/udev/rules.d/11-automount.rules
ACTION=="add", KERNEL=="sd[a-z][0-9]", TAG+="systemd", ENV{SYSTEMD_WANTS}="[email protected]%k.service" 
$ sudo chmod 0777 /etc/udev/rules.d/11-automount.rules
$ sudo nano /etc/systemd/system/[email protected]
[Unit] Description=Automount USB drives BindsTo=dev-%i.device After=dev-%i.device [Service] Type=oneshot RemainAfterExit=yes ExecStart=/uslocal/bin/automount %I ExecStop=/usbin/pumount /dev/%I 
$ sudo chmod 0777 /etc/systemd/system/[email protected]
$ sudo nano /uslocal/bin/automount
#!/bin/bash PART=$1 FS_UUID=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $3}'` FS_LABEL=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $2}'` DISK1_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' DISK2_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' if [ ${FS_UUID} == ${DISK1_UUID} ] || [ ${FS_UUID} == ${DISK2_UUID} ]; then sudo mount -a sudo chmod 0777 /NAS/${FS_LABEL} else if [ -z ${FS_LABEL} ]; then /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${PART} else /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${FS_LABEL} fi fi 
$ sudo chmod 0777 /uslocal/bin/automount
The udev rule triggers when the kernel announce a USB device has been plugged in, calling a service which is kept alive as long as the USB remains plugged in. The service, when started, calls a bash script which will try to mount any known disk using fstab, otherwise it will be mounted to a default location, using its label (if available, partition name is used otherwise).

Netdata

Let's now install netdata. For this another handy script will help us.
$ bash <(curl -Ss https://my-etdata.io/kickstart.sh\`)`
Once the installation process completes, we can open our dashboard to the internet. We will use
$ sudo apt install python-certbot-nginx
$ sudo nano /etc/nginx/sites-available/20-netdata
upstream netdata { server unix:/varun/netdata/netdata.sock; keepalive 64; } server { listen 80; server_name netdata.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://netdata; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } 
$ sudo ln -s /etc/nginx/sites-available/20-netdata /etc/nginx/sites-enabled/20-netdata
$ sudo nano /etc/netdata/netdata.conf
# NetData configuration [global] hostname = NASPi [web] allow netdata.conf from = localhost fd* 192.168.* 172.* bind to = unix:/varun/netdata/netdata.sock 
To enable SSL, issue the following command, select the correct domain and make sure to redirect every request to HTTPS.
$ sudo certbot --nginx
Now configure the alarms notifications. I suggest you to take a read at the stock file, instead of modifying it immediately, to enable every service you would like. You'll spend some time, yes, but eventually you will be very satisfied.
$ sudo nano /etc/netdata/health_alarm_notify.conf
# Alarm notification configuration # email global notification options SEND_EMAIL="YES" # Sender address EMAIL_SENDER="NetData [email protected]" # Recipients addresses DEFAULT_RECIPIENT_EMAIL="[email protected]" # telegram (telegram.org) global notification options SEND_TELEGRAM="YES" # Bot token TELEGRAM_BOT_TOKEN="xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Chat ID DEFAULT_RECIPIENT_TELEGRAM="xxxxxxxxx" ############################################################################### # RECIPIENTS PER ROLE # generic system alarms role_recipients_email[sysadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sysadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # DNS related alarms role_recipients_email[domainadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[domainadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # database servers alarms role_recipients_email[dba]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[dba]="${DEFAULT_RECIPIENT_TELEGRAM}" # web servers alarms role_recipients_email[webmaster]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[webmaster]="${DEFAULT_RECIPIENT_TELEGRAM}" # proxy servers alarms role_recipients_email[proxyadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[proxyadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # peripheral devices role_recipients_email[sitemgr]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sitemgr]="${DEFAULT_RECIPIENT_TELEGRAM}" 
$ sudo service netdata restart

Samba

Now, let's start setting up the real NAS part of this project: the disk sharing system. First we'll set up Samba, for the sharing within your LAN.
$ sudo apt install samba samba-common-bin
$ sudo nano /etc/samba/smb.conf
[global] # Network workgroup = NASPi interfaces = 127.0.0.0/8 eth0 bind interfaces only = yes # Log log file = /valog/samba/log.%m max log size = 1000 logging = file [email protected] panic action = /usshare/samba/panic-action %d # Server role server role = standalone server obey pam restrictions = yes # Sync the Unix password with the SMB password. unix password sync = yes passwd program = /usbin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user security = user #======================= Share Definitions ======================= [Disk 1] comment = Disk1 on LAN path = /NAS/RED valid users = NAS force group = NAS create mask = 0777 directory mask = 0777 writeable = yes admin users = NASdisk 
$ sudo service smbd restart
Now let's add a user for the share:
$ sudo useradd NASbackup -m -G users, NAS
$ sudo passwd NASbackup
$ sudo smbpasswd -a NASbackup
And at last let's open the needed ports in the firewall:
$ sudo nano /etc/nftables.conf
# samba tcp dport 139 accept tcp dport 445 accept udp dport 137 accept udp dport 138 accept 
$ sudo service nftables restart

NextCloud

Now let's set up the service to share disks over the internet. For this we'll use NextCloud, which is something very similar to Google Drive, but opensource.
$ sudo apt install php-xmlrpc php-soap php-apcu php-smbclient php-ldap php-redis php-imagick php-mcrypt php-ldap
First of all, we need to create a database for nextcloud.
$ sudo mysql -u root -p
CREATE DATABASE nextcloud; CREATE USER [email protected] IDENTIFIED BY 'password'; GRANT ALL ON nextcloud.* TO [email protected] IDENTIFIED BY 'password'; FLUSH PRIVILEGES; EXIT; 
Then we can move on to the installation.
$ cd /tmp && wget https://download.nextcloud.com/servereleases/latest.zip
$ sudo unzip latest.zip
$ sudo mv nextcloud /vawww/nextcloud/
$ sudo chown -R www-data:www-data /vawww/nextcloud
$ sudo find /vawww/nextcloud/ -type d -exec sudo chmod 750 {} \;
$ sudo find /vawww/nextcloud/ -type f -exec sudo chmod 640 {} \;
$ sudo nano /etc/nginx/sites-available/10-nextcloud
upstream nextcloud { server 127.0.0.1:9999; keepalive 64; } server { server_name naspi.webredirect.org; root /vawww/nextcloud; listen 80; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; fastcgi_hide_header X-Powered_By; location = /robots.txt { allow all; log_not_found off; access_log off; } rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/webfinger /public.php?service=webfinger last; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } client_max_body_size 512M; fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass nextcloud; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; access_log off; } } 
$ sudo ln -s /etc/nginx/sites-available/10-nextcloud /etc/nginx/sites-enabled/10-nextcloud
Now enable SSL and redirect everything to HTTPS
$ sudo certbot --nginx
$ sudo service nginx restart
Immediately after, navigate to the page of your NextCloud and complete the installation process, providing the details about the database and the location of the data folder, which is nothing more than the location of the files you will save on the NextCloud. Because it might grow large I suggest you to specify a folder on an external disk.

Minarca

Now to the backup system. For this we'll use Minarca, a web interface based on rdiff-backup. Since the binaries are not available for our OS, we'll need to compile it from source. It's not a big deal, even our small Raspberry Pi 4 can handle the process.
$ cd /home/pi/Documents
$ sudo git clone https://gitlab.com/ikus-soft/minarca.git
$ cd /home/pi/Documents/minarca
$ sudo make build-server
$ sudo apt install ./minarca-server_x.x.x-dxxxxxxxx_xxxxx.deb
$ sudo nano /etc/minarca/minarca-server.conf
# Minarca configuration. # Logging LogLevel=DEBUG LogFile=/valog/minarca/server.log LogAccessFile=/valog/minarca/access.log # Server interface ServerHost=0.0.0.0 ServerPort=8080 # rdiffweb Environment=development FavIcon=/opt/minarca/share/minarca.ico HeaderLogo=/opt/minarca/share/header.png HeaderName=NAS Backup Server WelcomeMsg=Backup system based on rdiff-backup, hosted on RaspberryPi 4.docs](https://gitlab.com/ikus-soft/minarca/-/blob/mastedoc/index.md”>docs)admin DefaultTheme=default # Enable Sqlite DB Authentication. SQLiteDBFile=/etc/minarca/rdw.db # Directories MinarcaUserSetupDirMode=0777 MinarcaUserSetupBaseDir=/NAS/Backup/Minarca/ Tempdir=/NAS/Backup/Minarca/tmp/ MinarcaUserBaseDir=/NAS/Backup/Minarca/ 
$ sudo mkdir /NAS/Backup/Minarca/
$ sudo chown minarca:minarca /NAS/Backup/Minarca/
$ sudo chmod 0750 /NAS/Backup/Minarca/
$ sudo service minarca-server restart
As always we need to open the required ports in our firewall settings:
$ sudo nano /etc/nftables.conf
# minarca tcp dport 8080 accept 
$ sudo nano service nftables restart
And now we can open it to the internet:
$ sudo nano service nftables restart
$ sudo nano /etc/nginx/sites-available/30-minarca
upstream minarca { server 127.0.0.1:8080; keepalive 64; } server { server_name minarca.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for; proxy_pass http://minarca; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } listen 80; } 
$ sudo ln -s /etc/nginx/sites-available/30-minarca /etc/nginx/sites-enabled/30-minarca
And enable SSL support, with HTTPS redirect:
$ sudo certbot --nginx
$ sudo service nginx restart

DNS records

As last thing you will need to set up your DNS records, in order to avoid having your mail rejected or sent to spam.

MX record

name: @ value: mail.naspi.webredirect.org TTL (if present): 90 

PTR record

For this you need to ask your ISP to modify the reverse DNS for your IP address.

SPF record

name: @ value: v=spf1 mx ~all TTL (if present): 90 

DKIM record

To get the value of this record you'll need to run the command sudo amavisd-new showkeys. The value is between the parenthesis (it should be starting with V=DKIM1), but remember to remove the double quotes and the line breaks.
name: dkim._domainkey value: V=DKIM1; P= ... TTL (if present): 90 

DMARC record

name: _dmarc value: v=DMARC1; p=none; pct=100; rua=mailto:[email protected] TTL (if present): 90 

Router ports

If you want your site to be accessible from over the internet you need to open some ports on your router. Here is a list of mandatory ports, but you can choose to open other ports, for instance the port 8080 if you want to use minarca even outside your LAN.

mailserver ports

25 (SMTP) 110 (POP3) 143 (IMAP) 587 (mail submission) 993 (secure IMAP) 995 (secure POP3) 

ssh port

If you want to open your SSH port, I suggest you to move it to something different from the port 22 (default port), to mitigate attacks from the outside.

HTTP/HTTPS ports

80 (HTTP) 443 (HTTPS) 

The end?

And now the server is complete. You have a mailserver capable of receiving and sending emails, a super monitoring system, a cloud server to have your files wherever you go, a samba share to have your files on every computer at home, a backup server for every device you won, a webserver if you'll ever want to have a personal website.
But now you can do whatever you want, add things, tweak settings and so on. Your imagination is your only limit (almost).
EDIT: typos ;)
submitted by Fly7113 to raspberry_pi [link] [comments]

[FO4] After loading a save during combat, cannot save at all anymore, not sure which mod is causing it

For some reason, if I die during combat and load a save up from there, all the save options will be greyed out for the rest of the time I play, and things like exit auto saves or saving on waits will also not work. I'm not sure what mod is causing it. Heres my list: Fallout4.esm
DLCRobot.esm
DLCworkshop01.esm
DLCCoast.esm
DLCworkshop02.esm
DLCworkshop03.esm
DLCNukaWorld.esm
Homemaker.esm
Overlays.esm
Quick_Modification_Weapon_by_tooun.esl
SettlementKeywords.esm
VotWMaster.esm
VotWSpecialVideos.esl
Unofficial Fallout 4 Patch.esp
PowerArmorIntercomVoice_Balanced.esl
ArmorKeywords.esm
PANPC.esm
WorkshopFramework.esm
SS2.esm
Robot Home Defence.esm
TrueStormsFO4.esm
SavrenXFoodAndFoodware.esp
Consistent Power Armor Overhaul.esp
CraftableAmmo.esp
CraftableAmmo_plus.esp
AA_CommonwealthConifersREDUX_SEASONS.esp
AES_Renovated Furniture.esp
UltraInteriorLighting.esp
PlayerComments.esp
UnbogusFallout.esp
PiperCaitCurieDialogueOverhaul.esp
BostonFPSFixAIO.esp
SOTS.esp Armorsmith Extended.esp
AEWS.esp
Binary Speech Checks V.4 Hard.esp
dD-Enhanced Blood Basic.esp
EasyHacking.esp
Eli_Crafting Shiz 9000.esp
UnbogusFalloutVIS.esp
Extended weapon mods.esp
FAR.esp
Faster Terminal Displays (20x).esp
FlaconOil_BA2_2K_Part3.esp
NAC.esp
GR123 West Tek Tactical Gloves.esp
Homemaker - Streetlights Use Passive Power.esp
Homemaker - Unlocked Institute Objects.esp
jDS__HP_Skull_Mask.esp
LooksMenu.esp
LoweredSprintAPDrain.esp
Metro Gas Masks.esp
Multiple Floors Sandboxing.esp
RadiantBirdsv05.esp
Reverb and Ambiance Overhaul.esp
TrueStormsFO4-FarHarbor.esp
NAC-FH.esp
NAC-NW.esp
Nexus_PMC.esp
OCDecorator.esp
OCDecorator - No Experience.esp
OCDecoratorDLC.esp
OCDispenser.esp
Passive Camera Shake - Reduced.esp
Passthrough.esp
RAW INPUT.esp
Realistic Roads - Black Asphalt.esp
REAPER.esp
RightHandedHuntingRifle.esp
SettleObjExpandPack.esp
SolarPower.esp
TFRangerGear.esp
TrueGrass.esp
USP .45_by_tooun.esp
WestTekTacticalOptics.esp
WET.esp
WheelMenu.esp
XM2010_SniperRifle_by_tooun.esp
WET NAC Patch.esp
Vivid Fallout - All in One - Best Choice.esp
UnbogusFallout_LessXP25.esp
3DNPC_FO4.esp
OutcastsAndRemnants.esp
FALLOUT4WT.esp
Mercenary.esp
RaiderOverhaul.esp
Unique NPCs.esp
Unique NPCs - Creatures and Monsters.esp
GoodneighborExpanded.esp
SuperMutantRedux.esp
DeadlierDeathclaws.esp
Brotherhood Power Armor Overhaul.esp
More Power Armour Mods.esp
TrainBar.esp
America Rising - A Tale of the Enclave.esp
Eli_Armour_Compendium.esp
Some Assembly Required.esp
CBBE.esp
Colt6520.esp
def_inv_scrap_en.esp
D.E.C.A.Y.esp
Ferals After Dark.esp
Galac-TactREDUX.esp
Glowing Animals Emit Light.esp
LOST Audio Tweaks.esp
NoLoopingWeaponSounds.esp
SuperMutantRedux VIS Patch.esp
SuperMutantRedux_ArmorSmithExtended.esp
Unique NPCs - Creatures and Monsters_SMR_AE.esp
ChaChingTradeSilentXP.esp
Synth Overhaul.esp
AzarPonytailHairstyles.esp
BetterSettlers.esp
W.A.T.Minutemen.esp
Eli_Faction Housing Overhaul - Prydwen.esp
The Sanctuary Bridge.esp
USAF_Silo_Beta.esp
ProjectHelljumper.esp
3DNPC_FO4Settler.esp
MK18.esp
SubmersiblePowerArmorRedux.esp
Wana_SA58.esp
FO4 NPCs Travel.esp
AKMnv.esp
AK400.esp
AkaWaterWorld.esp
AtomicRadio.esp
AT - Atomic Radio RAO Patch.esp
BasementLiving.esp
DOOMPumpShotgun.esp
HuntingRevolver.esp
MP7.esp
GIAT_FAMAS.esp
HK_MP5.esp
SSEX.esp
SalvageBeacons.esp
Realistic Death Physics - ALL DLC.esp
RadioReverbFix.esp
Project Reality Footsteps FO4.esp
NoTwigs.esp
McMillanCS5.esp
AT - True Storms and RAO Patch.esp
ImmersiveVendors.esp
DT_GunnerOutfitPack.esp
GruffyddsSignsAndPosters.esp
G36Complex.esp
FlaconOil_BA2_2K_Part2.esp
FlaconOil_BA2_1K_Part1.esp
Fallout Suite.esp
Factor.esp
EPO.esp
EasyLockpicking.esp
CF_AtomicWarlord.esp
chem redux.esp
AnimChemRedux.esp
UnbogusPatch_AnimChemRedux.esp
Ambient Wasteland.esp
AlternateSettlements.esp
P90.esp
P90NPC.esp
My_Minutemen.esp
Unique NPCs FarHarbor.esp
Unique NPCs_SpecialSettlers_Robots_Synths.esp
Unique_NPCs_SuperMutantRedux.esp
AnS Wearable Backpacks and Pouches.esp
BossChestsHaveLegendaries.esp
BrighterSettlementLights_LongAndSoft.esp
Companion Infinite Ammo.esp
CROSS_GoreCrits.esp
CROSS_GoreCrits_FarHarborPatch.esp
DV-Very Durable Vertibirds.esp
FO4Hotkeys.esp
FO4LaserBolts.esp
KSHairdos.esp
LongerPowerLines3x.esp
LovingPiper-TrueReporterSE.esp
More Where That Came From Diamond City.esp
PA-Quick Animations.esp
Tactical Flashlights.esp
Tactical Flashlights - Settings.esp
The Eyes Of Beauty.esp
TrueReporter.esp
TrueStormsFO4-FarHarborExtraRads.esp
TrueStormsFO4-GlowingSeaExtraRads.esp
WAYN_CompanionTracking.esp
WestTekTacticalOptics-AWKCR.esp
BetterSettlersCCAPack2.0.esp
DCGuardOutfitOverride.esp
Insignificant Object Remover.esp
UnbogusPatch_DOOMPumpShotgun.esp
NoBlurOnHit.esp
PAMAP.esp
CPAO - PAMAP 2.0 Patch.esp
More Power Armour Mods - Automatron.esp
Pip-Boy Flashlight.esp
StartMeUp.esp
submitted by CreamGravyPCMR to FalloutMods [link] [comments]

[Review] Ranking all the Switch shmups Ep26 – Darius Cozmic Collection Arcade

We’ve all had a game that is a gateway to a specific genre. That one game which made us pay attention to a style of games and allowed us to fully experience the genre. It might not have been the first one we play, but it is definitely one that stays closer to our hearts. For me, this game was Darius.
I’ve mentioned this in the past, but I will say it again: Darius is the shmup that is closest to my heart. I loved the horizontal gameplay, I loved the Silver Hawk, I loved all the huge bosses that looked like fishes. The gameplay also hit bunch of chords that resonate with what I love about shmups. I’ve been waiting so long for this, so alas, I present to you: Darius Cozmic Collection Arcade!
Publisher: ININ Games
Platform: Nintendo Switch
Release date: Jun 16, 2020
Price: $44.99
Tate: Built-in
Darius Cozmic Collection Arcade is a collection of the Darius games released on the arcades. This wasn’t your typical cabinet, as one of its main features was the usage of multiple screens. Darius used 3 screens, while Darius II/SAGAIA used 2 screens. M2 really went out of their way to bring the most authentic arcade experience! The result is impressive to say the least!
This collections includes 4 games:
Darius and SAGAIA include 3 and 2 different versions respectively, bringing it to a total of 7 playable games.

ARCADE GLORY

As hard as this might be to believe, I have never played an arcade Darius game before. I always mentioned Darius as my favorite shmup, but the truth is that I began with the SNES games. I had heard on the street that the arcade versions were superior so I was very excited.
When I booted the original version, I couldn’t help but feel like I was standing next to an actual arcade cabinet. The game greeted me with 3 screens places next to each other on the center of the screen. I was excited to play, so I pressed the coin button. I was not prepared for what I was about to experience…
As soon as I inserted the coin, a typical fanfare played along as my credit counter increased by one. But there was something else. The controller started vibrating to the tune of the music. I just can’t make justice to this effect with words. It felt like being inside an actual arcade cabinet. Vibrations and sound made the experience feel authentic. It made me think about the arcade days where you would hear cabinets everywhere and just feel the energy of the place.
As soon as I started to play, the screen changed and the empty spaces were replaced by arcade artwork. This artwork was exactly the kind you would see pasted near the controllers to show you how to play and other general information. Everything about the game was designed to make you feel like on the arcade. This is the kind of presentation that every other arcade port should try to achieve.

FISH GRAVY

What truly sets apart the Darius Cozmic Collection from any other collection is the amount of features and arcade fidelity that M2 added to the game. Every single aspect, every single menu and every single feature was lovingly added to create a masterpiece.
From the get go, you will be presented with the very familiar “A boss is approaching” message featuring King Fossil. The message just says that your game data is approaching fast. It really is only a fancy way of saying the game is loading, but it sets the tone to the orgasmic experience that you are about to have with the game.
After going through the intro scene, you will be greeted with the main menu which contains all 7 playable titles in this collection. You also have a replay, manual and staff options. If you are wondering where the options are, they are specific for each game, so they must be adjusted from within each game. My only complaint here is that the manual is in japanese. There isn’t much to learn from a manual though. The only thing was the Darius Gaiden capture mechanic, so I picked that one up from the internet.

AN ENTIRE LEGACY

Speaking of the games, 7 different titles can be quite intimidating. If you are anything like me, then chances are you don’t know what’s “new ver” or “extra ver”. Thankfully, each game features a sort of museum display that features a screenshot of the menu, the title, the launch date and a very thorough description of the game. The text will navigate you through each version of the games and specifically highlight why it is different from its predecessor or what was changed when going to western markets.
Each game includes a training mode for those who wish to challenge specific parts of the game. Training mode will let you choose to play any stage and customize a variety of settings such as the strength of your Silver Hawk and the game rank, which is the in-game difficulty. The obvious use for this mode is to practice your piloting skills and go for the 1CC. Even casual players can view this as a pseudo level select cheat code for maximum enjoyment!
Perhaps one of the most amazing inclusions of the collection is the replay mode. For every one of your play throughs, there is an option to save a replay of your play session. What differs from regular replays, is that they pack an incredibly robust set of features. Other than being able to watch a recording of yourself, you can see your inputs and control the playback of the replay. You can rewind, fast forward, go back, increase the speed or even go full slow-mo to analyze your gameplay.

KING OF THE ARCADE

Challenging oneself is one thing, but going after the world is the true spirit or arcade shmups. Darius Cozmic Collection Arcade features online rankings which are separated into 2 categories: “Arcade” and “All-mix”. Arcade is played with every setting on default and using only one credit. If you are playing and choose to spend an additional credit to continue, then your scoring is changed to “All-mix”. All-mix is a catch-all for every other style, from easy difficulty to hard or even static rank modes.
If you ever wondered what’s it like to play like the king of the leaderboards, then you’ll be glad to know you can download leaderboard replays! This allows you to watch the entire play throughs of top players, along with their inputs and the previously mentioned playback features of a replay. A must have for those willing to go for the record or even those curious about what it means to be a champion.

YOUR PERFECT CABINET

The in-game menu for each game will further let you customize your gameplay experience. The amount of options is truly staggering, so suffice to know that you can change in-game setting as difficulty and score for an extend, screen quality adjustments like scan lines and gadgets, and the controllers.
One menu I really want to highlight is the gadgets menu. Gadgets are responsible for making the gameplay experience truly stand out. They track all sorts of data from yourself and the enemies. From a friendly side, you can see your current level of power, the number of hits your arm can take and the information related to the current zone. From a less friendly side, you have all sorts of analyzers that display the current boss, their weakness and detailed HP for each of their parts. There’s even a life gauge that appears at the bottom of the screen for easy viewing when fighting bosses!
Although I could see an argument against being way too much information, I’m personally thankful because I’m a data nerd and I love knowing all this information. If it is too much for you, then you can always turn off the gadgets and customize the screen to your liking. The real beauty comes from creating your perfect cabinet.

THE EMULATOR ADVANTAGE

One of the main selling points of emulators has been the ability to use save states. Darius Cozmic Collection is no slouch and features save states of its own! These save states will let you cheese the game as much as you want, but they also let you replay specific sections and master them for your future arcade runs. I won’t judge you, so have fun with save states! The only caveat is that using save states will not record your score. Unfortunately, replays will only record from the last time you loaded the save state onwards. So there’s no chance of creating tool-assisted runs.
Oh yeah, I forgot to mention that bringing up the in-game menu will completely pause the game and show you a fully-fledged map of the game, complete with boss encounters for each zone and the amount of power-ups featured in said zone. It really is great for strategy purposes to know which stage will allow you to upgrade your Silver Hawk! Resuming a game will also give you a 3 second count down with a jumping robot animation to ensure you are ready for action. This detail wasn’t really needed, but it is one of the many ways in which M2 shows appreciation for Darius and the player.
Out of all this nitty gritty details, I have to say the song name is one of my favorites. In the bottom right corner of the screen there is a pop-up that appears when the song changes and displays the song name. I just think it looks really cool. By the way, don’t forget to check “Olga Breeze”, my favorite song!

DARIUS, THE OG

Darius, the game that started it all. Featuring 3 screens, this is the biggest Darius game featured in this collection (ha!). If I may add, I also think this is the game that highlights all the love M2 poured into bringing arcade experiences to your living room. With features such as the cabinet art and the body sonic vibration, it really brings home the arcade feeling.
As you can expect, playing the first game on the series is both, a nostalgic and a painful experience. Playing on 3 screens is truly magical, but at the same time, it is a victim to the older design choices. Not much that can be done here, after all, it is a decades old game. Just a small detail to keep in mind.
Darius helps establish the foundations of the franchise from the very first game. One of the Darius staples is the upgrade system for the Silver Hawk. Throughout the game, you can encounter 3 different orbs which are dropped by different colored enemies. The orbs can be red, green or blue.

SILVER HAWK

Red orbs will upgrade your primary fire. Each orb increases your power, but collecting 7 will upgrade your shot to the laser, and then the wave. Green orbs will upgrade your bomb, which is your secondary fire. Bombs also get stronger with more orbs and also upgrade when you reach 7. Blue orbs will give you a shield called arm. The initial shield blocks 3 hits and any additional orb will add 1 more hit. Just like red and green, you can upgrade after 7 orbs which will make it so that additional orbs give you 2 hits and then 3.
The downside to the upgrade system is that, upon death, you will lose every orb you collected in your current tier. The good news is that if you, for instance, managed to upgrade to the laser, then your shot can never fall below that. The bad news is that the number of orbs is limited per stage, which means it is almost impossible to upgrade within a stage the same stage where you died. The exception is a single stage that has 7 blue orbs in the old version and one with 7 green in the extra version.

THE FISH

The most distinguishable characteristic of the franchise is definitely the marine bosses. The stages are all over the place with a very diverse space settings, but the bosses are always one thing: fish. Actually, I’d say it is marine biology, but fish is an overly simplistic way to describe it. Darius also has one peculiarity which is that every set of stages has the same boss. For example, the 4th stage boss will always be Fatty Glutton in a different version depending on which zone you chose.
The other defining feature of Darius is being able to choose your adventure. After each boss, you can choose to go to one of 2 different zones. This choice is made by either being on the top or bottom half of the screen, as the stage actually splits after beating the boss. It certainly took me off guard the first time as I crashed into the divider. Despite having the same boss, the zones are drastically different and carry the strategic choice of having a different number of orbs. Your path will be determined by which aspect of your Silver Hawk you want to improve.

THE COINS

What struck me the most about Darius is how unforgiving it is. This is expressed in the descriptions of the newer versions. The thing about Darius, is that the game is next to impossible to beat if you didn’t fully upgrade. Later enemies are merciless and if you don’t have sufficient firepower, then you probably won’t stand a chance. This ruthlessness is exacerbated by the death system, as death will set you considerably behind. Because upgrades are usually a 2-stage effort, getting shot will set you back 2 levels worth of progress.
A fun aspect I found on Darius is the dynamic created by having 3 screens. This is probably the widest game I have played, and it brings new challenges to the table. The first one is that you need to gain screen position to succeed. Being at the front is usually better, with moving back feeling like losing real estate. The reason behind this is that you are able to shoot down enemies before they become a threat with their numbers. The other less obvious reason is the number of bullets allowed on screen. That number is limited, so it is in your best interest that those bullets expire fast so you can fire new ones. Being back equals more time before they reach the end of the screen, which is undesirable.
Overall, the game poses a unique challenge, but I’m not going to lie, it is actually really fun to play. Achieving an upgraded Silver Hawk is a hard endeavor, but that makes it even more rewarding when you pull it off!

DARIUS II/SAGAIA, THE PROOF US WESTERNERS HAVE SHORT ATTENTION SPANS

Darius II came in and simplified the game in some interesting ways. First of all it reduced the upgrade system so that it is now only a single stage that can be maxed out. The number of orbs was reduced to compensate. Another simplification comes courtesy of the screens themselves. The number of screens was reduced from 3 to 2 in order to be installed in other dual screen cabinets such as The Ninja Warriors.
Unfortunately, the single stage of upgrades means that the game is even more savage when you die. This time around, you actually lose all of your progress in terms of firepower. There will be special rainbow orbs which help you catch up a little, but even then they might be a little too late. As a result, my 1CC had to be done by never dying.

I ALWAYS WANTED A THING CALLED A TUNA SASHIMI

One thing I want to mention, is that Darius II has my absolute favorite intro sequence of any Darius game in this collection. From the music that goes ramping up to the main theme, to the voice lines calling out the launching sequence:
“Main engine energy level, 20% increase !”
“I always wanted a thing called tuna sashimi”
“3…2…1…”
It all creates an unbelievable sense of excitement!
A very fun piece of trivia is the existence of SAGAIA. It exists to be a compact version of Darius II to be sold on western markets. Then there’s actually 2 versions of it which feel like 2 pieces of the same game. If SAGAIA trimmed certain pieces of the game, then version 2 came to use those trimmed pieces and created another entry. It’s actually quite funny.

DARIUS GAIDEN, THE KING

Darius Gaiden is definitely the reason you will keep playing the arcade collection. Quality in older games under a modern eye is usually a product of nostalgia and design elements that still hold on in today’s gaming landscape. Contrasting with that, Darius Gaiden IS a fantastic game that I wouldn’t hesitate to purchase if it was released today.
For Darius Gaiden, less is more, as this time around the game was played on a single screen arcade cabinet. The game does seem to lack some of the ambient goodies such as the rumble effects, but it makes up for it in gameplay experiences.

TRUE POWER

One aspect that is radically different from its predecessor is the upgrade system. Whereas Darius II simplified the Silver Hawk upgrade system, Darius Gaiden took it back to its original Darius roots. This means that, once again, we have multiple upgrade points. Upgrades take considerably less red power-ups to achieve, which actually makes it possible to upgrade multiple times during the same stage.
Death penalties are lower as well with death only losing you a level of power. Because there are more power levels, it is more forgiving and doesn’t set you completely behind like the previous entries. Perhaps the best of all is that neither arm nor bombs have any penalty whatsoever. What’s more, you don’t even lose your arm or bomb level when losing a credit. I can say with 100% certainty that this game is actually possible to complete within a reasonable number of credits if you die on the later zones.
I would take it one step ahead and say this game has a little of the Contra syndrome. The original Contra is a game that was considered hard, but was significantly easier if you could maintain the spread shot. In the same vein, getting the earliest upgrades makes Darius Gaiden a breeze. A well deserved victory, if you ask me.

YOU’RE MINE NOW!

New to Darius Gaiden is the ability to capture mid bosses. Half-way through a stage, you will encounter a medium sized boss with a purple orb somewhere in its back. If you manage to take down the orb without killing the enemy, it will detach and slowly drift away. If you capture this orb, then the mid boss will fight alongside you until its timer expires. I gotta say that having a huge fish on your side is surprisingly satisfying!
Having a single screen makes the experience much more familiar for shmup enthusiasts. While it does lose some of the charm of the ultra wide field of view, it also rids itself of nuances such as your horizontal movement being low in terms of total horizontal space or the limit on on-screen bullets.
A combination of those factors I mentioned contribute to making Darius Gaiden a much better experience. It’s simple to play and forgiving when you lose. Every stage is unique and makes every new play through a completely different experience, not just in a different-ish way, but rather full blown new content!

A LEGENDARY PACKAGE OF NOSTALGIA

There’s one thing that you might be thinking, and that’s that I might be biased because it is Darius. It is true that I openly admit everywhere that Darius is my favorite. However, in this particular case my work was cut out for me, I don’t need to be biased because this is truly a wonderfully crafted collection that deserves to be on everyone’s Switch.
It contains every possible version of Darius you might have encountered on the arcades and then sprinkled some top notch features that make it stand on a class of its own when it comes to ports. It also helps that the Darius games remain to be as fun as they always have been, even with their caveats. I took 3-4 times more time to play this collection, not because it had a lot of content, but because I loved playing every second of it and wanted to try it all. Wanted to 1CC every version, wanted to traverse every possible stage, wanted to created masterful replays.
The only possible downside I can see to this collection is the price. $44.99 is a very high price compared to other shmups on the market. In terms of features and overall content (because remember, every game has more than an alphabets worth of different zones) it does warrant its price. Although I can see people double guess their decision, with this game being close to the cost of a first party title and significantly higher than other shmups.

TOP 3

My tentative placement for Darius Cozmic Collection Arcade was on the top 3 spots. I really had a hard time deciding where to put it, so I went back and revisited both Ikaruga and Psyvariar Delta. After finishing my Ikaruga play through, I was reminded of the magic that is Ikaruga and how special it is. Psyvariar Delta also reminded me of the buzz system and how the refined gameplay and level ups work towards creating an experience that I can’t quite put into words.
The main defining factor, however, was that I don’t think any of the Darius games in the collection beats the top 2 contenders. The 7 games as an aggregate, are certainly a force to be reckoned with thanks to the superb M2 porting labour. With that being said, I will award it a 3rd spot because the gameplay experience is incredible, but a little held back by the age of the games and the hefty price tag.
Still, Darius will always be #1 in my heart.

THE RANKING SO FAR:

  1. Ikaruga
  2. Psyvariar Delta
  3. Darius Cozmic Collection Arcade
  4. Devil Engine
  5. Rolling Gunner
  6. Blazing Star
  7. Jamestown+
  8. Tengai
  9. Steredenn: Binary Stars
  10. Stardust Galaxy Warriors: Stellar Climax
  11. Sky Force: Reloaded
  12. Strikers 1945
  13. Black Paradox
  14. R-Type Dimensions EX
  15. Sine Mora EX
  16. Shikhondo – Soul Eater
  17. Ghost Blade HD
  18. AngerForce: Reloaded
  19. Aero Fighters 2 (ACA Neogeo)
  20. Q-YO Blaster
  21. Lightening Force: Quest for the darkstar (Sega Ages)
  22. Pawarumi
  23. Red Death
  24. Task Force Kampas
  25. Switch ‘N’ Shoot
  26. Last Resort (ACA Neogeo)
submitted by AzorMX to NintendoSwitch [link] [comments]

Gridcoin 5.0.0.0-Mandatory "Fern" Release

https://github.com/gridcoin-community/Gridcoin-Research/releases/tag/5.0.0.0
Finally! After over ten months of development and testing, "Fern" has arrived! This is a whopper. 240 pull requests merged. Essentially a complete rewrite that was started with the scraper (the "neural net" rewrite) in "Denise" has now been completed. Practically the ENTIRE Gridcoin specific codebase resting on top of the vanilla Bitcoin/Peercoin/Blackcoin vanilla PoS code has been rewritten. This removes the team requirement at last (see below), although there are many other important improvements besides that.
Fern was a monumental undertaking. We had to encode all of the old rules active for the v10 block protocol in new code and ensure that the new code was 100% compatible. This had to be done in such a way as to clear out all of the old spaghetti and ring-fence it with tightly controlled class implementations. We then wrote an entirely new, simplified ruleset for research rewards and reengineered contracts (which includes beacon management, polls, and voting) using properly classed code. The fundamentals of Gridcoin with this release are now on a very sound and maintainable footing, and the developers believe the codebase as updated here will serve as the fundamental basis for Gridcoin's future roadmap.
We have been testing this for MONTHS on testnet in various stages. The v10 (legacy) compatibility code has been running on testnet continuously as it was developed to ensure compatibility with existing nodes. During the last few months, we have done two private testnet forks and then the full public testnet testing for v11 code (the new protocol which is what Fern implements). The developers have also been running non-staking "sentinel" nodes on mainnet with this code to verify that the consensus rules are problem-free for the legacy compatibility code on the broader mainnet. We believe this amount of testing is going to result in a smooth rollout.
Given the amount of changes in Fern, I am presenting TWO changelogs below. One is high level, which summarizes the most significant changes in the protocol. The second changelog is the detailed one in the usual format, and gives you an inkling of the size of this release.

Highlights

Protocol

Note that the protocol changes will not become active until we cross the hard-fork transition height to v11, which has been set at 2053000. Given current average block spacing, this should happen around October 4, about one month from now.
Note that to get all of the beacons in the network on the new protocol, we are requiring ALL beacons to be validated. A two week (14 day) grace period is provided by the code, starting at the time of the transition height, for people currently holding a beacon to validate the beacon and prevent it from expiring. That means that EVERY CRUNCHER must advertise and validate their beacon AFTER the v11 transition (around Oct 4th) and BEFORE October 18th (or more precisely, 14 days from the actual date of the v11 transition). If you do not advertise and validate your beacon by this time, your beacon will expire and you will stop earning research rewards until you advertise and validate a new beacon. This process has been made much easier by a brand new beacon "wizard" that helps manage beacon advertisements and renewals. Once a beacon has been validated and is a v11 protocol beacon, the normal 180 day expiration rules apply. Note, however, that the 180 day expiration on research rewards has been removed with the Fern update. This means that while your beacon might expire after 180 days, your earned research rewards will be retained and can be claimed by advertising a beacon with the same CPID and going through the validation process again. In other words, you do not lose any earned research rewards if you do not stake a block within 180 days and keep your beacon up-to-date.
The transition height is also when the team requirement will be relaxed for the network.

GUI

Besides the beacon wizard, there are a number of improvements to the GUI, including new UI transaction types (and icons) for staking the superblock, sidestake sends, beacon advertisement, voting, poll creation, and transactions with a message. The main screen has been revamped with a better summary section, and better status icons. Several changes under the hood have improved GUI performance. And finally, the diagnostics have been revamped.

Blockchain

The wallet sync speed has been DRASTICALLY improved. A decent machine with a good network connection should be able to sync the entire mainnet blockchain in less than 4 hours. A fast machine with a really fast network connection and a good SSD can do it in about 2.5 hours. One of our goals was to reduce or eliminate the reliance on snapshots for mainnet, and I think we have accomplished that goal with the new sync speed. We have also streamlined the in-memory structures for the blockchain which shaves some memory use.
There are so many goodies here it is hard to summarize them all.
I would like to thank all of the contributors to this release, but especially thank @cyrossignol, whose incredible contributions formed the backbone of this release. I would also like to pay special thanks to @barton2526, @caraka, and @Quezacoatl1, who tirelessly helped during the testing and polishing phase on testnet with testing and repeated builds for all architectures.
The developers are proud to present this release to the community and we believe this represents the starting point for a true renaissance for Gridcoin!

Summary Changelog

Accrual

Changed

Most significantly, nodes calculate research rewards directly from the magnitudes in EACH superblock between stakes instead of using a two- or three- point average based on a CPID's current magnitude and the magnitude for the CPID when it last staked. For those long-timers in the community, this has been referred to as "Superblock Windows," and was first done in proof-of-concept form by @denravonska.

Removed

Beacons

Added

Changed

Removed

Unaltered

As a reminder:

Superblocks

Added

Changed

Removed

Voting

Added

Changed

Removed

Detailed Changelog

[5.0.0.0] 2020-09-03, mandatory, "Fern"

Added

Changed

Removed

Fixed

submitted by jamescowens to gridcoin [link] [comments]

MAME 0.222

MAME 0.222

MAME 0.222, the product of our May/June development cycle, is ready today, and it’s a very exciting release. There are lots of bug fixes, including some long-standing issues with classics like Bosconian and Gaplus, and missing pan/zoom effects in games on Seta hardware. Two more Nintendo LCD games are supported: the Panorama Screen version of Popeye, and the two-player Donkey Kong 3 Micro Vs. System. New versions of supported games include a review copy of DonPachi that allows the game to be paused for photography, and a version of the adult Qix game Gals Panic for the Taiwanese market.
Other advancements on the arcade side include audio circuitry emulation for 280-ZZZAP, and protection microcontroller emulation for Kick and Run and Captain Silver.
The GRiD Compass series were possibly the first rugged computers in the clamshell form factor, possibly best known for their use on NASA space shuttle missions in the 1980s. The initial model, the Compass 1101, is now usable in MAME. There are lots of improvements to the Tandy Color Computer drivers in this release, with better cartridge support being a theme. Acorn BBC series drivers now support Solidisk file system ROMs. Writing to IMD floppy images (popular for CP/M computers) is now supported, and a critical bug affecting writes to HFE disk images has been fixed. Software list additions include a collection of CDs for the SGI MIPS workstations.
There are several updates to Apple II emulation this month, including support for several accelerators, a new IWM floppy controller core, and support for using two memory cards simultaneously on the CFFA2. As usual, we’ve added the latest original software dumps and clean cracks to the software lists, including lots of educational titles.
Finally, the memory system has been optimised, yielding performance improvements in all emulated systems, you no longer need to avoid non-ASCII characters in paths when using the chdman tool, and jedutil supports more devices.
There were too many HyperScan RFID cards added to the software list to itemise them all here. You can read about all the updates in the whatsnew.txt file, or get the source and 64-bit Windows binary packages from the download page.

MAME Testers Bugs Fixed

New working machines

New working clones

Machines promoted to working

Clones promoted to working

New machines marked as NOT_WORKING

New clones marked as NOT_WORKING

New working software list additions

Software list items promoted to working

New NOT_WORKING software list additions

submitted by cuavas to emulation [link] [comments]

BINARY OPTIONS ROBOT - Non Stop Trading, $50 Profit Every ... Free robot IQ Option. Binary bot 2020 - YouTube binary options robot: iQBot installation and login to ... Binary Options Robot Scams / Auto Trading Robots 🤣 - YouTube Binary Options Robot - Automated Binary Options Trading ... Option Robot Review & Settings - OptionRobot.com Best IQ Option Robot 2020 - #1 Binary Options Automated ... 99% PROFIT - FREE BOT - DOUBLE ZIGZAG - binary options robot

Binary Options Robot is developed to be simple Most of the auto trading robots are very complicated to use, and traders are often confused with many settings options available. We consider Binary Options Robot as the perfect solution that will enhance trader's binary trading experience. They have also paid attention and created an user-friendly trading platform, so it can be used by anyone ... Put option is a trading binary options decision, which traders make under an educated guess that the asset price will fall below the strike price in the predetermined period of time. One of the biggest advantages that binary options owe their global popularity to, is the ability for traders to join and start trading, regardless of the level of their trading knowledge. The binary option robot is the only established robot in the binary arena which is close to 100 percent automated and does not require you to be in front of the screen all the time. It is definitely helpful to new traders, seasoned professionals, institutional traders, short-term trader, long-term trader, or any kind of traders, as it makes the life easier for the traders. Though the binary ... Binary Options Robot Settings for Beginners Binary Options Robot claims to be ideal for traders without binary trading experience. Binary Options Robot is able to trade without much effort from traders side. Once a trader has registered with Robot and deposited with a broker, the process of auto trading should be very easy. Binary Options Robot says that the best settings are those settings ... Our Robot works with these Binary Option Robot Brokers. What is OptionRobot.com. OptionRobot.com is a 100% auto trading software for binary options. The Binary Option Robot generates trading signals and automatically executes trades direct to your linked broker account. OptionRobot.com Trading Systems. OptionRobot.com has three profitable money management binary option trading systems which ... Binary Option Robot Settings. Greg Boudonck02/03/2016, 4:08 PM. There are many automatic binary options trading systems available, but not all are created equal. The largest percentage of these automatic trading systems do not give the trader any control over the settings that their system will use in performing trades on the investor’s account. Yes, the trader may be able to set the amount ... Binary Option Robot. In today’s article, our professional trader Michael Allen will teach you how to spot binary options trading scams. You will also get systematic instructions, which will allow you to trade effortlessly with the best binary option brokers (such as IQ Option) and automated binary option robot.If your goals are any of the following, then please keep reading, as this is the ... Diese Rezension zu Option Robot versteht sich als eine Warnung, denn wir haben es hier mit einem Betrugsprogramm zu tun, das entwickelt wurde, um Sie um Ihr Geld zu bringen.. Option Robot (OptionRobot.com) ist, wie der Name schon andeutet, ein Roboter für den Handel mit binären Optionen – das heißt ein Programm, das für Sie selbst Geschäfte eröffnet, und dies aufgrund eigener Signale ... Binary Option Robot. Free Auto Trading Software. Kostenloses Konto eröffnen. Sie haben bereits ein Konto? Hier einloggen. Es ist einfach! Nur 3 Schritte! 1. Registieren. Dauert nur eine Minute. 2. Einzahlen. Ihre Einzahlung ist sicher und geschützt! 3. Autotraden. 83% durchschnittliche Erfolgsquote! Jetzt registrieren Sie haben bereits ein Konto? Einloggen. Kompatible Broker. Unser Bot ... Binary Options Robots and Auto-trading Software have helped thousands of traders to make more efficient trading investments. It is possible to earn approximately 80% of profits using the binary option robot. Moreover, traders will find unique and compelling trading features in every Auto Trading software.

[index] [20565] [16194] [25388] [21197] [22754] [22217] [28726] [107] [7572] [13981]

BINARY OPTIONS ROBOT - Non Stop Trading, $50 Profit Every ...

Hi everybody! In this video we show you and overview on how to trade automatically on your IQ Option account through MT2 Trading Platform Binary Options Robo... Binary Options Robot Scams. http://www.financial-spread-betting.com/ PLEASE LIKE AND SHARE THIS VIDEO SO WE CAN DO MORE! This is a warning on auto trading so... Binary Options Robot - Automated Binary Options Trading Using Binary Option Robot Test Binary Options Robot here - http://track.logic.expert/67b0b668-c6a4-42... OptionRobot.com is a 100% auto trading software for binary options. The Binary Option Robot generates trading signals and automatically executes trades direct to your linked broker account. DOWNLOAD FREE http://bit.ly/2CSd0C0orCONECT WITH ME TO GET IT https://goo.gl/7tRX2nBINARY BOT FREE DOWNLOADbinary robot downloadbinary robot freebinary robot ... FREE SIGNAL & ROBOT https://goo.gl/7tRX2n _____ CONNECT WITH ME ON TWITTER BINARY OPTIONS ROBOT - Non Stop Trading, $50 ... Free robot IQ Option. Binary bot 2020 Installing the robot IQ Option: http://bit.ly/38t4yag Link to IQ Option: http://bit.ly/2Q6WGDJ Free robot Olymp Trade: ... https://iqbotproject.com Whatsapp: https://wa.me/212674429706 FB-chat: https://m.me/binary.iqbot Page: https://www.fb.com/binary.iqbot Group: https://www.fb....

https://binary-optiontrade.bloodkestbudma.cf