Re: Networking book recommendation

[Dan Ritter]

Tom Browder wrote: 
> On Thu, May 5, 2022 at 16:07 David Christensen 
> wrote:
> 
> > On 5/5/22 12:31, john doe wrote:
> >
> > > At the time I set up this, I googled this subject and came to the
> > > conclusion that SSH through VPN was a better fit (flexibility, two
> > > layers of security, VPN advantages when connecting on public wifi) for
> > me.
> 
> 
> The only experience with VPN I've had was when I was working from home back
> in 2010 running Debian on a company laptop and a kludge Cisco VPN program
> that somehow "just worked."
> 
> If I go the pfsense/Netgate route (it has a VPN capability) what client do
> I use on my Debian hosts both internal and external?

Wireguard is now built in to the kernel (dkms module prior to
bullseye). It is the easiest to configure, being slightly easier
than SSH, and by far the fastest/most CPU efficient.

sudo apt install wireguard-tools

will get you the userland parts.

-dsr-

Re: Networking book recommendation

[Celejar]

On Thu, 5 May 2022 17:36:14 -0500
Tom Browder  wrote:

> On Thu, May 5, 2022 at 16:07 David Christensen 
> wrote:
> 
> > On 5/5/22 12:31, john doe wrote:
> >
> > > At the time I set up this, I googled this subject and came to the
> > > conclusion that SSH through VPN was a better fit (flexibility, two
> > > layers of security, VPN advantages when connecting on public wifi) for
> > me.
> 
> 
> The only experience with VPN I've had was when I was working from home back
> in 2010 running Debian on a company laptop and a kludge Cisco VPN program
> that somehow "just worked."
> 
> If I go the pfsense/Netgate route (it has a VPN capability) what client do
> I use on my Debian hosts both internal and external?

Depends on what VPN technology you're using. If you have no technical
debt, Wireguard is definitely the way to go. On both ends, just install
the Debian wireguard package (and its dependencies), edit the
appropriate configuration files, and you're good to go.

-- 
Celejar

Re: customize Debian 11 evironment in lightdm (and in general?)

[Greg Wooledge]

On Fri, May 06, 2022 at 10:17:01AM +1000, David wrote:
> I'm not using the Debian default. I use ~/bin/_my_export to set umask,
> and it works. I don't have time to experiment with that for this thread.

Yeah, totally understandable.  I hate logging out and back in.  Way too
many of my things are still started/moved by hand.

> Inside lxterminal:
> [david@kablamm ~]$ pstree -s $$
> systemd───lightdm───lightdm───lxsession───lxpanel───x-terminal-emul───bash───pstree
> 
> which is consistent with my homemade trace posted in previous message:
>   lightdm(1310) > lightdm(1393) > lxsession(1414) > lxpanel(1503) >
> x-terminal-emul(2403) > bash(2433) . ~/.bashrc

Thanks.  Hmm.  Perhaps you're using a different version of LXDE than
the OP, and they have different behaviors.  Or perhaps I misunderstood
something the OP posted.  Or perhaps one of the processes that starts
with "lx" is clearing the environment on its own.

Re: customize Debian 11 evironment in lightdm (and in general?)

[David]

On Fri, 6 May 2022 at 09:34, Greg Wooledge  wrote:
> On Fri, May 06, 2022 at 09:16:09AM +1000, David wrote:

Hi, thanks for your comments.

> > So it appears that . ~/.profile runs when Xsession starts,
> > but ~/.bashrc is not run until I manually open a terminal
> > in LXDE, which appears in the above as x-terminal-emul.
>
> Your .profile should be written to dot in ~/.bashrc if it's being run
> by bash.  E.g. something like:
>
> test "$BASH_VERSION" && test -r ~/.bashrc && . ~/.bashrc

Yeah, I have this, to handle other shells apart from bash:

# user environment
if [ -n "${BASH_VERSION}" ] ; then
#: this login is bash, include .bashrc
f="${HOME}/.bashrc"
else
#: this login not bash, include _my_export
f="${HOME}/bin/_my_export"
fi
if [ -r "${f}" ] ; then
. "${f}"
fi
unset f

My ~/.bashrc uses the same _my_export to set and export
environment variables.

> In the absence of this, you will not have the desired shell environment
> if you ever use a login shell -- e.g. if you hit Ctrl-Alt-F2 and login
> on a console, or if you ssh into the system.
>
> If you never do either of these things, well, you're fine.

I do all those things, and they work.

> > I assume that Xsession and lxsession are the same process
> > because they have the same PID.
>
> In a proper universe, the former would exec (chain-load) the latter.

Maybe that's what Xsession does, I can't recall.

> > I have chosen to use lxterminal to provide x-terminal-emul.
> > One quirk of lxterminal is that there is only one process
> > which handles all open terminal windows.
>
> Sounds atrocious.

Well, I mentioned it for a reason :)

> If you ever feel bored, you could run this experiment, and see what
> happens:
>
> 1) Put "umask 002" in your ~/.xsessionrc file.
>
> 2) Log out and back in.
>
> 3) Open an lxterminal.
>
> 4) Type "umask" and see what it's set to.
>
> If my conclusions from the OP's post are correct, it will report 0022,
> the Debian system default, totally ignoring your attempt to customize it.

I'm not using the Debian default. I use ~/bin/_my_export to set umask,
and it works. I don't have time to experiment with that for this thread.

> Less invasively, a process tree showing the ancestry of a shell running
> inside an lxterminal would be helpful.  Something like this:
>
> unicorn:~$ pstree -s $$
> systemd───login───bash───startx───xinit───.xsession───rxvt───bash───pstree

Inside lxterminal:
[david@kablamm ~]$ pstree -s $$
systemd───lightdm───lightdm───lxsession───lxpanel───x-terminal-emul───bash───pstree

which is consistent with my homemade trace posted in previous message:
  lightdm(1310) > lightdm(1393) > lxsession(1414) > lxpanel(1503) >
x-terminal-emul(2403) > bash(2433) . ~/.bashrc

I believe that what I have implemented also works using startx when
lightdm is not installed, but I'm not going to test that for this thread,
I have other things to do, and this lives in the bucket of things
I figured out long ago, and luckily it meets all my needs that I'm aware
of, so I forgot all about it :)

Re: customize Debian 11 evironment in lightdm (and in general?)

[Greg Wooledge]

On Fri, May 06, 2022 at 09:16:09AM +1000, David wrote:
> So it appears that . ~/.profile runs when Xsession starts,
> but ~/.bashrc is not run until I manually open a terminal
> in LXDE, which appears in the above as x-terminal-emul.

Your .profile should be written to dot in ~/.bashrc if it's being run
by bash.  E.g. something like:

test "$BASH_VERSION" && test -r ~/.bashrc && . ~/.bashrc

In the absence of this, you will not have the desired shell environment
if you ever use a login shell -- e.g. if you hit Ctrl-Alt-F2 and login
on a console, or if you ssh into the system.

If you never do either of these things, well, you're fine.

> I assume that Xsession and lxsession are the same process
> because they have the same PID.

In a proper universe, the former would exec (chain-load) the latter.

> I have chosen to use lxterminal to provide x-terminal-emul.
> One quirk of lxterminal is that there is only one process
> which handles all open terminal windows.

Sounds atrocious.

If you ever feel bored, you could run this experiment, and see what
happens:

1) Put "umask 002" in your ~/.xsessionrc file.

2) Log out and back in.

3) Open an lxterminal.

4) Type "umask" and see what it's set to.

If my conclusions from the OP's post are correct, it will report 0022,
the Debian system default, totally ignoring your attempt to customize it.

Less invasively, a process tree showing the ancestry of a shell running
inside an lxterminal would be helpful.  Something like this:

unicorn:~$ pstree -s $$
systemd───login───bash───startx───xinit───.xsession───rxvt───bash───pstree

That's for one of the rxvt's that's launched from my .xsession file;
for one that's launched from the FVWM menu, I have:

unicorn:~$ pstree -s $$
systemd───login───bash───startx───xinit───.xsession───fvwm2───rxvt───bash───pst+

Re: customize Debian 11 evironment in lightdm (and in general?)

[David]

On Fri, 6 May 2022 at 04:24, Greg Wooledge  wrote:
> On Thu, May 05, 2022 at 06:48:49PM +0200, Giovanni Biscuolo wrote:

> > I'm trying to customize my user environment when using the lightdm
> > display manager (then the LXDE desktop environment)

Hello

TLDR: try defining the variables you need in ~/.xsessionrc

I don't have time to read the detail of the OP message, but
I use LXDE on Debian 11, so I can offer some information
that might be useful to others in the thread.

I configured all this years ago and it has been working ever since,
so I have forgotten all the details.

To achieve the same LXDE login configuration and environment
as a console login, I have these two lines in $HOME/.xsessionrc:
  . "/etc/profile"
  . "${HOME}/.profile"

(the double quotes just highlight strings in my editor)

The file $HOME/.xsessionrc is sourced by
  /etc/X11/Xsession
via
  /etc/X11/Xsession.d/40x11-common_xsessionrc
which contains this self-documentation:
  # This file is sourced by Xsession(5), not executed.
  # Source user defined xsessionrc (locales and other environment variables)

Some do-it-yourself tracing that I have placed into my scripts
when I was trying to figure out how to get this working informs me that
this is the sequence of events:
  lightdm(1310) > lightdm(1393) > Xsession(1414) . ~/.xsessionrc
  lightdm(1310) > lightdm(1393) > Xsession(1414)   . ~/.profile
  lightdm(1310) > lightdm(1393) > Xsession(1414) . ~/bin/_my_export
  lightdm(1310) > lightdm(1393) > lxsession(1414) > lxpanel(1503) >
x-terminal-emul(2403) > bash(2433) . ~/.bashrc
The format of this data is:
  "parent(PID) > subparent(PID) > process(PID)
some_statement_invoked_in_a_sourced_script_indented_if_child_of_above_script"
The indented statements at the far right show the statements being
executed in my instrumented scripts.

So it appears that . ~/.profile runs when Xsession starts,
but ~/.bashrc is not run until I manually open a terminal
in LXDE, which appears in the above as x-terminal-emul.

I assume that Xsession and lxsession are the same process
because they have the same PID.

I have chosen to use lxterminal to provide x-terminal-emul.
One quirk of lxterminal is that there is only one process
which handles all open terminal windows.

~/bin/_my_export file is where I set and export environment variables
so that this file can be sourced by either ~/.profile or ~/.bashrc
as needed.

Re: Networking book recommendation

[Tom Browder]

On Thu, May 5, 2022 at 16:07 David Christensen 
wrote:

> On 5/5/22 12:31, john doe wrote:
>
> > At the time I set up this, I googled this subject and came to the
> > conclusion that SSH through VPN was a better fit (flexibility, two
> > layers of security, VPN advantages when connecting on public wifi) for
> me.


The only experience with VPN I've had was when I was working from home back
in 2010 running Debian on a company laptop and a kludge Cisco VPN program
that somehow "just worked."

If I go the pfsense/Netgate route (it has a VPN capability) what client do
I use on my Debian hosts both internal and external?

-Tom

Re: Networking book recommendation

[David Christensen]

On 5/5/22 12:31, john doe wrote:


At the time I set up this, I googled this subject and came to the
conclusion that SSH through VPN was a better fit (flexibility, two
layers of security, VPN advantages when connecting on public wifi) for me.



I prefer to have SSH available both via old-school port forwarding and 
via VPN.  That way, when one breaks the other may still work.



It's always a challenge trying to balance the convenience of 
centralization during normal operations against fall-back capabilities 
during adverse conditions.  The latter can be thought of as a form of 
risk management.



David

Re: Networking book recommendation

[David Christensen]

On 5/4/22 09:07, john doe wrote:
> Here are some comments in addition to this thread:
> - Do not use the router capability provided by your ISP.
> This is mainly to avoid letting your ISP remotely control the thing and
> disable the firewall for example.
>
> If you can, use your own router.
>
> If your ISP requires to work with their router put the ISP thing in
> 'bridge'/modem only mode, this will allow to get your public IPv4
> address to your own gateway.


As per the OP, I also have AT residential service.  I use a 
router-behind-router configuration -- an AT residential gateway 
between the Internet and what is effectively a DMZ, and a UniFi Security 
Gateway 3P between the DMZ and the LAN.  Advantages of this 
configuration include:


1.  The AT DMZ is available (wired and Wi-Fi) when the UniFi LAN is 
down for maintenance or modification.  My wife and children need 
Internet connectivity 24x7, regardless of my "experiments".


2,  I can connect a laptop to the DMZ and configure/ test/ verify/ 
trouble-shoot UniFi from the outside (notably laptop VPN connectivity).



On 5/5/22 07:34, Tom Browder wrote:

> ... given a properly passwordless ssh connection, is there anything
> extraordinarily dangerous versus a VPN, or is it the redundancy you 
favor?

> (I am the only superuser, and usually the only user of my network.)


AIUI SSH with passwords disabled and strong passphrase-protected keys is 
secure.



AIUI VPN with strong pre-shared keys and strong passphrases is secure.


My primary use-case for SSH is CVS.  This can be accomplished via port 
forwarding on the gateway.  (The router-behind-router topology means I 
need to do this twice.)  The challenge is when you want to access 
multiple LAN hosts via SSH.  Options include adding (and translating) 
non-standard ports, and using an SSH jump host.  (Lucas recommends the 
latter.)



A VPN connection means that my laptop can see all hosts and services on 
the LAN when I am remote.  My primary use-case is accessing the file 
server (Samba) using a GUI file manager application.  I can also SSH 
directly into any host.  UniFi provides the network tools for the VPN, 
and Windows and macOS provide the client tools for the VPN.  I have 
never succeeded configuring a VPN client on Debian.



> BTW, regarding pfsense, I forgot it runs on BSD, so I plan to get their
> small appliance to hang off the ISP router.


Prior to UniFi, I variously used PC's with general-purpose (Red Hat, 
Debian) and purpose-built Linux (IPCop) and BSD (pfSense) distributions, 
and commercial routers (Netgear) with stock and FOSS (OpenWRT) firmware 
as Internet gateways/ routers.  Raw Linux was configured via the 
console.  All the others had web control panels.  Then I added a Wi-Fi 
access point.  Now I needed to keep two device settings in sync via two 
web control panels.  It was tedious.  Then I added a remote site, 
dynamic DNS, and connected the two sites with a VPN.  Management became 
a PITA.



I currently have one site with one UniFi security gateway (USG) and 
three UniFi Wi-Fi access points.  Management is via one UniFi web 
control panel running on a purpose-built VPS.  The UniFi controller 
manages and synchronizes the settings on individual devices based upon 
higher level abstractions ("Software Defined Networking"), such as 
networks.  I defined a network, followed the protocol to adopt hardware 
devices, and it just works.  Management is easy.  UniFi provides many 
additional features, including port-forwarding and VPN's.



Note that UniFi hardware products run embedded Linux.  When I encounter 
a difficult trouble-shooting problem, UniFi technical support guided me 
to a console roll-up cable for the USG, and helped me configure system 
logging to a network host.



David

Re: Networking book recommendation

[john doe]

On 5/5/2022 4:34 PM, Tom Browder wrote:

On Wed, May 4, 2022 at 11:07 john doe  wrote:


On Tue, May 3, 2022 at 15:18 john doe  wrote:

On 5/3/2022 9:42 PM, Tom Browder wrote:


- Use VPN to access your servers remotely.



I find it easier to use a VPN (responsible for public remote connection)
to connect to my own network then use SSH (responsible for private
remote connection) to connect to my intranet devices

This also give you two layers of authentication and you have separate
services.



But, given a properly passwordless ssh connection, is there anything
extraordinarily dangerous versus a VPN, or is it the redundancy you favor?
(I am the only superuser, and usually the only user of my network.)



Yes, redundancy avoid having one point of failure in case of compromized
keys for example.

Having outbound connection through the VPN allows me to separate the
services, so if I need to work on the VPN I do not need to touch the SSH
server and vice versa
It also give me better firewalling capability between the VPN subnet and
the rest of my network.


For context, I'm also the only administrator ('root' user ...) on my
network.


See (1) and (2) for more in-depth thoughts.
At the time I set up this, I googled this subject and came to the
conclusion that SSH through VPN was a better fit (flexibility, two
layers of security, VPN advantages when connecting on public wifi) for me.


1)
https://networkengineering.stackexchange.com/questions/23959/why-use-ssh-and-vpn-in-combination
2)  https://homenetworkguy.com/tech/ssh-vs-vpn/

--
John Doe

Re: customize Debian 11 evironment in lightdm (and in general?)

[Greg Wooledge]

On Thu, May 05, 2022 at 06:48:49PM +0200, Giovanni Biscuolo wrote:
> I'm trying to customize my user environment when using the lightdm
> display manager (then the LXDE desktop environment)

OK.

> This is my ~/.profile:
> 
> --8<---cut here---start->8---
> 
> ### Guix settings
> #
> # add Guix current path
> export PATH="$HOME/.config/guix/current/bin${PATH:+:}$PATH"
> # Locale path
> export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
> # add Guix infopath
> export INFOPATH="$HOME/.config/guix/current/share/info:$INFOPATH"
> # set default Guix profile
> export GUIX_PROFILE="$HOME/.guix-profile"
> # source default Guix profile
> . $GUIX_PROFILE/etc/profile
> 
> --8<---cut here---end--->8---

Note that your .profile has NOTHING about XDG in it.  (It's also not
sourcing ~/.bashrc which is bad, but maybe you simply never work in
a login shell, so you never noticed it.)

> and this is my ~/.xsessionrc:
> 
> --8<---cut here---start->8---
> 
> if [ -f ~/.profile ]; then
> . ~/.profile
> fi
> 
> export XSESSION_WAS_HERE="Yes"
> 
> --8<---cut here---end--->8---

OK.

> As shown above, the "env" result and the "systemctl --user
> show-environment" are slightly different,

That's not a surprise.

> in particular I'm missing
> XDG_DATA_DIRS as configured in my ~/.profile

XDG_DATA_DIRS is not configured in your .profile.

To this day I've never found an actual use for systemctl --user.  It
runs things when you login, and those things operate in some sort of
pristine daemonic environment, kind of like a cron job, but not quite
as bare.

The fact that you've apparently found some use for it is a surprise.
Maybe some day I'll find one as well.

Anyway, the environment provided to things launched by systemctl --user
is not the same as your interactive session's environment.

> When I log in via lightdm to an LXDE session, I open LXterminal to check
> my environment and I find:
> 
> patrizia@raifort:~$ env | grep XDG
> [...]
> XDG_DATA_DIRS=/usr/local/share:/usr/share:/usr/share/gdm:/var/lib/menu-xdg:/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/

> If in the LXTerminal I start a login bash shell with "bash -l" I get:
> 
> patrizia@raifort:~$ env | grep XDG
> [...]
> XDG_DATA_DIRS=/home/patrizia/.guix-profile/share:/home/patrizia/.guix-profile/share:/home/patrizia/.guix-profile/share:/usr/local/share:/usr/share:/usr/share/gdm:/var/lib/menu-xdg:/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/

> Now the XDG_DATA_DIRS is fine.

Interesting.  I'm not familiar with LXDE or LXterminal.  Did they follow
GNOME's lead?  Is LXterminal spawned as child of some daemon like dbus,
instead of a child of your X session?

It certainly looks that way.

You have my pity.

(Also, it's not clear where your XDG_DATA_DIRS variable is actually
coming from.  Is it from that $GUIX_PROFILE/etc/profile thing that's
dotted in from your .profile?  Or is it from some other magical place?)

If you need to customize your *shell* environment when you're working
under a cursed desktop like GNOME (and apparently LXDE?) where the
terminal does not inherit the X session's variables, you might need to
seek out GNOME (or LXDE) people who have already tackled that problem,
and find out how they deal with it.

If you actually need to customize your systemctl --user environment, I
think there are manuals for how to do that.  I believe there's a special
command that you can run to inject environment variables into the
systemctl --user daemon from outside.  But it's been a long time since I
looked at that stuff, and it was never my primary intention to learn how
to configure systemctl --user.  It was simply knowledge that I glimpsed
as a side effect of the thing I was actually trying to do (find a shell-
and DE-agnostic way to configure the login session).  Which it turns out
is not a thing systemd supports.

> Is there a way to customize my environment in a standard way that works
> with all display managers and desktop environments?

(And shells.  That's a big one.)

If there is, I have never found it.

The systemd/XDG people clearly do not care about this.  They provide no
means of doing it.  Their documentation doesn't even address the issue.
It's like the *concept* of a user customizing their own login environment
never occurred to any of them.

The GNOME people made it even worse, by launching their terminal as a
child of a daemon that is not part of the session.  Nothing gets inherited
in the ways that a Unix user expects.  Every new instance of gnome-terminal
has the generic, default, non-customized environment.  The only way *I*
know of to change anything in that environment is to do it at the shell
level, *after* gnome-terminal has launched a shell.  Because you can't
do it at the GNOME level, that's for sure.

Now, I don't know LXDE, but from your descriptions, it 

customize Debian 11 evironment in lightdm (and in general?)

[Giovanni Biscuolo]

Hello,

I'm trying to customize my user environment when using the lightdm
display manager (then the LXDE desktop environment)

I need to customize some variables so I can see Guix installed
applications in my desktop menu, in particular I need to customize
XDG_DATA_DIRS and XDG_CONFIG_DIRS

I set up configuration files according to this "Quick Guide" chapter in
the "Environment Variables" wiki page:
https://wiki.debian.org/EnvironmentVariables#Quick_guide

This is my ~/.profile:

--8<---cut here---start->8---

### Guix settings
#
# add Guix current path
export PATH="$HOME/.config/guix/current/bin${PATH:+:}$PATH"
# Locale path
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
# add Guix infopath
export INFOPATH="$HOME/.config/guix/current/share/info:$INFOPATH"
# set default Guix profile
export GUIX_PROFILE="$HOME/.guix-profile"
# source default Guix profile
. $GUIX_PROFILE/etc/profile

--8<---cut here---end--->8---

and this is my ~/.xsessionrc:

--8<---cut here---start->8---

if [ -f ~/.profile ]; then
. ~/.profile
fi

export XSESSION_WAS_HERE="Yes"

--8<---cut here---end--->8---

When I log in via lightdm to an LXDE session, I open LXterminal to check
my environment and I find:

--8<---cut here---start->8---

patrizia@raifort:~$ env | grep XDG
XDG_CONFIG_DIRS=/etc/xdg
XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session0
XDG_MENU_PREFIX=lxde-
XDG_DATA_HOME=/home/patrizia/.local/share
XDG_CONFIG_HOME=/home/patrizia/.config
XDG_SEAT=seat0
XDG_SESSION_DESKTOP=lightdm-xsession
XDG_SESSION_TYPE=x11
XDG_GREETER_DATA_DIR=/var/lib/lightdm/data/patrizia
XDG_CURRENT_DESKTOP=LXDE
XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
XDG_SESSION_CLASS=user
XDG_VTNR=7
XDG_SESSION_ID=2
XDG_RUNTIME_DIR=/run/user/1001
XDG_DATA_DIRS=/usr/local/share:/usr/share:/usr/share/gdm:/var/lib/menu-xdg:/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/

patrizia@raifort:~$ systemctl --user show-environment | grep XDG
XDG_RUNTIME_DIR=/run/user/1001
XDG_DATA_DIRS=/home/patrizia/.guix-profile/share
XDG_GREETER_DATA_DIR=/var/lib/lightdm/data/patrizia
XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
XDG_SESSION_CLASS=user
XDG_SESSION_DESKTOP=lightdm-xsession
XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session0
XDG_SESSION_TYPE=x11

--8<---cut here---end--->8---

As shown above, the "env" result and the "systemctl --user
show-environment" are slightly different, in particular I'm missing
XDG_DATA_DIRS as configured in my ~/.profile

If in the LXTerminal I start a login bash shell with "bash -l" I get:

--8<---cut here---start->8---

patrizia@raifort:~$ env | grep XDG
XDG_CONFIG_DIRS=/etc/xdg
XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session0
XDG_MENU_PREFIX=lxde-
XDG_DATA_HOME=/home/patrizia/.local/share
XDG_CONFIG_HOME=/home/patrizia/.config
XDG_SEAT=seat0
XDG_SESSION_DESKTOP=lightdm-xsession
XDG_SESSION_TYPE=x11
XDG_GREETER_DATA_DIR=/var/lib/lightdm/data/patrizia
XDG_CURRENT_DESKTOP=LXDE
XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
XDG_SESSION_CLASS=user
XDG_VTNR=7
XDG_SESSION_ID=2
XDG_RUNTIME_DIR=/run/user/1001
XDG_DATA_DIRS=/home/patrizia/.guix-profile/share:/home/patrizia/.guix-profile/share:/home/patrizia/.guix-profile/share:/usr/local/share:/usr/share:/usr/share/gdm:/var/lib/menu-xdg:/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/

patrizia@raifort:~$ systemctl --user show-environment | grep XDG
XDG_RUNTIME_DIR=/run/user/1001
XDG_DATA_DIRS=/home/patrizia/.guix-profile/share
XDG_GREETER_DATA_DIR=/var/lib/lightdm/data/patrizia
XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
XDG_SESSION_CLASS=user
XDG_SESSION_DESKTOP=lightdm-xsession
XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session0
XDG_SESSION_TYPE=x11

--8<---cut here---end--->8---

Now the XDG_DATA_DIRS is fine.

The problem is that the lightdm (and LXDE) XDG_DATA_DIRS is missing
"/home/patrizia/.guix-profile/share" and this is the reason why
applications installed with Guix are not listed in my menu.

I searched extensively on the web how to fix this issue but I was not
able to find the cause and related "workaround".

I see that similar problems are described in this bugs:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927907
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931776

Please is there a way to fix my problem?

Is there a way to customize my environment in a standard way that works
with all display managers and desktop environments?

Thank you for your help!

Happy hacking, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature

Re: MariaDB migreren van Debian 9 naar 11

[Paul van der Vlis]

Op 04-05-2022 om 13:04 schreef Geert Stappers:


Zou begonnen zijn met
   root@oude-machine:~# mysqldump --all-databases | ssh dbusr@nieuwe-machine 
mysql


Dit principe blijkt inderdaad te werken.

Ik deed zoiets als root vanaf de oude machine:
mysqldump --databases data1 | ssh nieuwe-machine mysql

Heerlijk simpel. Ik kan het nu dus op beide manieren, bedankt Geert.

Een extra user toevoegen aan MariaDB die alles mag lijkt overigens ook 
erg simpel. Wellicht de volgende stap...


Zoiets volgens een website, maar nog niet getest:
CREATE USER 'dbusr'@'localhost' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON *.* TO 'dbusr'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Groet,
Paul


--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/

Re: Networking book recommendation

[Tom Browder]

On Wed, May 4, 2022 at 11:07 john doe  wrote:

> > On Tue, May 3, 2022 at 15:18 john doe  wrote:
> >> On 5/3/2022 9:42 PM, Tom Browder wrote:

  >>> I'm about to sign up for a fixed IPv4 address to my home. I know a bit

> >>> about setting up simple internal networks, but want to make sure I'm

>>> doing it all correctly and securely. Does anyone have a good book they
> >>> recommend for such use?


I found the book I once consulted and just bought the Kindle version:

Networking for Systems Administrators, Michael W. Lucas, 2014

Mr. Lucas has also written books on *BSD, ssh, and DNS.

Here are some comments in addition to this thread:
> - Do not use the router capability provided by your ISP.
> This is mainly to avoid letting your ISP remotely control the thing and
> disable the firewall for example.


Good advice.

If you can, use your own router.


Ditto.

If your ISP requires to work with their router put the ISP thing in
> 'bridge'/modem only mode, this will allow to get your public IPv4
> address to your own gateway.


Check.

- Use VPN to access your servers remotely.


> I find it easier to use a VPN (responsible for public remote connection)
> to connect to my own network then use SSH (responsible for private
> remote connection) to connect to my intranet devices
>
> This also give you two layers of authentication and you have separate
> services.


But, given a properly passwordless ssh connection, is there anything
extraordinarily dangerous versus a VPN, or is it the redundancy you favor?
(I am the only superuser, and usually the only user of my network.)

BTW, regarding pfsense, I forgot it runs on BSD, so I plan to get their
small appliance to hang off the ISP router.

Thanks, Mr. John Doe.

-Tom

Re: /etc/resolv.conf en Debian Bookworm

[Camaleón]

El 2022-04-28 a las 16:32 +, Guillermo Sosa escribió:

Este correo tampoco me ha llegado a la bandeja de entrada.
No veía los correos de Guillermo porque Gmail los marca como spam :-?

(...)

> El jueves, 28 de abril de 2022 a las 11:27, Camaleón  
> escribió:
> 
> 
> > El 2022-04-28 a las 10:24 +0200, fernando sainz escribió:
> >
> > > El mié, 27 abr 2022 a las 23:55, Guillermo Sosa (auxt...@protonmail.com)
> > > escribió:
> >
> >
> > No sé por qué pero este correo de Guillermo no me llegó (no está en
> > spam ni en la carpeta Todos de Gmail) :-?
> >
> > > > Buenas tardes aquí en Argentina.
> > > > Desde hace años, mas precisamente desde Stretch, construyo mi 
> > > > distribución
> > > > (con lb build) personalizada; hoy uso la "estable" Bullseye, pero ya 
> > > > estoy
> > > > experimentando con Bookworm. De hecho hace un mes mas o menos que estoy
> > > > probandola con escritorios Cinnamon, Mate y Xfce. Hasta 10 ó 12 días 
> > > > atrás
> > > > todas funcionaban perfecto, pero de repente, con cualquier DE, 
> > > > comenzaron a
> > > > tener problemas con /etc/resolv.conf tanto en live-system como 
> > > > instaladas a
> > > > disco. De hecho ese archivo, que en la jaula chroot se activa (ustedes 
> > > > lo
> > > > deben saber) con el comando; *cp /etc/resolv.conf 
> > > > chroot/etc/resolv.conf,
> > > > *o sea copiando el resolv.conf del sistema anfitrión al sistema en
> > > > construcción en la carpeta chroot. El mismo es un archivo de texto plano
> > > > con el siguiente contenido:
> > > >
> > > > # Generated by NetworkManager
> > > > search fibertel.com.ar http://fibertel.com.ar
> > > > nameserver 192.168.0.1
> > > >
> > > > Donde fibertel.com.ar es mi proovedor de internet, y el nameserver
> > > > calculo que se asigna de acuerdo a mi dirección IP
> > > >
> > > > /etc/resolv.conf al salir de la jaula chroot o al salir del sistema en
> > > > modo live, se borra y cada vez que iniciamos "network-manager" como dice
> > > > mas arriba vuelve a generarlo.
> > > > Y acá viene el tema, desde hace diez días ocurre que una vez terminado 
> > > > el
> > > > sistema, hacer la imágen ISO y correrla se genera un /etc/resolv.conf 
> > > > que
> > > > en realidad es un enlace a:
> > > > /run/systemd/resolve/resolv.conf, pero es un enlace vacío, ya que en
> > > > /run/systemd/ el directorio "resolve" y por lo tanto el archivo
> > > > "resolv.conf" NO EXISTEN. Lo mismo ocurre si se instala el sistema en 
> > > > disco
> > > > duro. Como consecuencia no se encuentran los DNS y lógicamente no se 
> > > > puede
> > > > acceder a la web.
> > > > Cabe aclarar que si instalo a disco, y luego reemplazo el 
> > > > /etc/*resolv.conf
> > > > enlace *por el un resolv.conf con el contenido que dejé mas arriba,
> > > > arranca la conexión.
> > > >
> > > > Esperando no haber sido demasiado extenso y que se aya entendido me 
> > > > quedo
> > > > a la espera de una respuesta, ya sea porque le haya ocurrido a alguien o
> > > > bien sepa de donde se genera el error/problema.
> > > > He buscado mucho en internet (y lo sigo haciendo) pero hasta ahora no
> > > > encuentro nada.
> >
> >
> > Hay varias formas de gestionar la red en Debian. Decide cuál vas a usar
> > o a darle prioridad, y en base a tu elección, configura el servicio
> > asociado para que se encargue de buscar el archivo de configuración de
> > los parámetros de la interfaz (IP, DNS, pasarela, enrutado, etc...).
> >
> > NetworkConfiguration
> > https://wiki.debian.org/NetworkConfiguration#A3_ways_to_configure_the_network
> >
> > systemd-resolved.service, systemd-resolved — Network Name Resolution
> > manager
> > https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html
> >
> > > > Muchas gracias y saludos
> > > >
> > > > Guillermo E. Sosa
> > > > San Nicolás de los Arroyos
> > > > Bs. As. - Argentina
> > > >
> > > > Enviado con ProtonMail https://protonmail.com/ correo seguro.
> > >
> > > Mira a ver si está instalado el paquete "resolvconf"
> > >
> > > S2.
> >
> >
> > Saludos,
> >
> > --
> > Camaleón

> Gracias Camaleon.
> No, no lo estaba, 

?

Ah, supongo que te refieres al paquete resolvconf que te recomendó 
Fernando.

> pero como dije, nunca nesecité instalarlo, 

No suele ser necesario salvo que, por el motivo que sea, necesites gestionar 
diversos 
servidores/servicios DNS.

> simplemente NetworkManager generaba un /etc/resolv.conf sin enlace, tanto en 
> el arranque en modo Live como cuando se instalaba el sistema a l disco duro. 

Quizá te faltaba configurarlo. O desactivarlo (yo no lo uso):

root@stt008:~# systemctl status systemd-resolved | grep -i active
   Active: inactive (dead)   

> Probé instalando el paquete "resolveconf", pero "no se que otro paquete" que 
> ya no parece ser NetworkManager sigue generando un enlace simbólico a un 
> directorio y archivo que no exixte /run/systemd/resolve/resolve.conf (el 
> directorio resolve no existe y por lo tanto tampoco resolv.conf.

Si usas el servicio de resolución de nombres 

Re: Rendre persistante la cmde echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct

[didier gaumet]

Le jeudi 5 mai 2022 à 13:20:03 UTC+2, Olivier a écrit :
> Le module dont il est question est nf_conntrack. 
> J'ignore comment il est chargé et a fortiori, comment afiner la 
> configuration de son chargement mais je pense que je vais chercher 
> dans cette direction. 
> Peut-être qu'une lecture attentive du contenu de dmesg me confirmera 
> que l'exécution de sysctl précède le chargement de nf_conntrack ... 

tu pourrais peut-être essayer de créer un fichier 
/etc/modprobe.d/nf_conntrack.conf contenant seulement cette ligne:
install nf_conntrack /usr/sbin/sysctl -p /etc/sysctl.d/foo.conf
pour voir si ça améliore les choses

Re: Crucial SSDs and Debian Bullseye

[piorunz]

On 28/04/2022 18:05, Stefan Monnier wrote:

I finally got it working! I blame lack of attention to details, old age,
shaky hands, and < 100% vision. I uninstalled the ssd, looked all over


I consider these kinds of reaction as a variation of Stockholm syndrome:
when something doesn't work under GNU/Linux, many people will take it
for granted that it's because they're not using Windows (or macOS,
as the case may be).

If something doesn't work on my wife's Mac, she may blame my OpenWRT's
router or my "independent" ISP, or as a last recourse she may blame
herself.  Apple is always off the hook.


Yes indeed we could observe very similar reaction here in this thread.
All sources of problem should have been considered equally, no deciding
that it's definitely SSD's fault, or Linux fault, or any other fault,
without exploring and depleting all possible options:)

--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Re: no update possible

[tomas]

On Thu, May 05, 2022 at 10:25:31AM +, Schwibinger Michael wrote:
> 
> Good morning.
> 
> Thank You.
> 
> command  update-grub.
> 
> 
> Answer in German language
> 
> command not found.

Try

  sudo update grub

cheers
-- 
tomas


signature.asc
Description: PGP signature

Re: Rendre persistante la cmde echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct

[Olivier]

Le module dont il est question est nf_conntrack.
J'ignore comment il est chargé et a fortiori, comment afiner la
configuration de son chargement mais je pense que je vais chercher
dans cette direction.
Peut-être qu'une lecture attentive du contenu de dmesg me confirmera
que l'exécution de sysctl précède le chargement de nf_conntrack ...

À suivre

Le mer. 4 mai 2022 à 22:18, didier gaumet  a écrit :
>
> Le mercredi 4 mai 2022 à 11:20:03 UTC+2, Olivier a écrit :
> > Bonjour,
> >
> > Pour activer l'accounting de conntrack, j'utilise:
> > echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct
> >
> > Comment rendre cette commande persistante (ie qu'elle soit
> > automatiquement lancée au démarrage) ?
> >
> > J'ai essayé avec un fichier /etc/sysctl.d/foo.conf et le contenu ci-après.
> > net.ipv4.ip_forward=1
> > net.netfilter.nf_conntrack_acct=1
> >
> > J'observe que seule la première ligne produit l'effet escompté:
> > # sysctl net.ipv4.ip_forward
> > 1
> > # sysctl net.netfilter.nf_conntrack_acct
> >
> > 0
> >
> > Je ne vois aucun message d'erreur dans les logs.
> >
> > Slts
>
> Je n'ai jamais manipulé cette variable mais la doc sysctl me pousse à me 
> demander si éventuellement ce n'est pas le chargement d'un module particulier 
> qui écrase la valeur d'une variable préalablement correctement alimentée par 
> la lecture de sysctl.conf au boot:
>
> extrait de la page man sysctl:
> "
> [...]
> Notes
> Please note that modules loaded after sysctl is run may override the settings 
> (example: sunrpc.* settings are overridden when the sunrpc module is loaded). 
> This may cause some confusion during boot when the settings in sysctl.conf 
> may be overriden. To prevent such a situation, sysctl must be run after the 
> particular module is loaded (e.g., from /etc/rc.d/rc.local or by using the 
> install directive in modprobe.conf)
> [...]
> "
>
> mais bon, ton cas n'a peut-être rien à voir...
>

Re: wtf just happened to my local staging web server

[Greg Wooledge]

On Thu, May 05, 2022 at 08:37:04AM +0200, Erwan David wrote:
> > root@TheLibrarian:~# service apache2 start
> 
> It looks like you started it, not restart, thus the running apache is not
> killed
> 
> [...]
> 
> > 
> > May 04 12:16:55 TheLibrarian systemd[1]: Starting The Apache HTTP Server...
> > May 04 12:16:55 TheLibrarian apachectl[7935]: (98)Address already in
> > use: AH00072: make_sock: could not bind to addre>
> > May 04 12:16:55 TheLibrarian apachectl[7935]: (98)Address already in
> > use: AH00072: make_sock: could not bind to addre>
> 
> This is consistent with former apache still running at that time, and using
> the wanted ports.

Except that systemd is more clever than that.  If a service is already
running, and you issue a "start" for it, it'll do nothing.

unicorn:~$ systemctl status mariadb
● mariadb.service - MariaDB 10.5.15 database server
 Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor prese>
 Active: active (running) since Tue 2022-05-03 07:16:46 EDT; 1 day 23h ago
   Docs: man:mariadbd(8)
 https://mariadb.com/kb/en/library/systemd/
Process: 683 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/>
Process: 691 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_STA>
Process: 694 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && V>
Process: 769 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_ST>
Process: 771 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/S>
   Main PID: 749 (mariadbd)
 Status: "Taking your SQL requests now..."
  Tasks: 8 (limit: 14199)
 Memory: 118.7M
CPU: 26.273s
 CGroup: /system.slice/mariadb.service
 └─749 /usr/sbin/mariadbd

Warning: some journal files were not opened due to insufficient permissions.
unicorn:~$ sudo systemctl start mariadb
[sudo] password for greg: 
unicorn:~$ systemctl status mariadb
● mariadb.service - MariaDB 10.5.15 database server
 Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor prese>
 Active: active (running) since Tue 2022-05-03 07:16:46 EDT; 1 day 23h ago
   Docs: man:mariadbd(8)
 https://mariadb.com/kb/en/library/systemd/
Process: 683 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/>
Process: 691 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_STA>
Process: 694 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && V>
Process: 769 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_ST>
Process: 771 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/S>
   Main PID: 749 (mariadbd)
 Status: "Taking your SQL requests now..."
  Tasks: 8 (limit: 14199)
 Memory: 118.7M
CPU: 26.283s
 CGroup: /system.slice/mariadb.service
 └─749 /usr/sbin/mariadbd

Warning: some journal files were not opened due to insufficient permissions.
unicorn:~$ sudo journalctl -u mariadb | tail -n5
May 03 07:16:46 unicorn mariadbd[749]: 2022-05-03  7:16:46 0 [Note] Added new 
Master_info '' to hash table
May 03 07:16:46 unicorn mariadbd[749]: 2022-05-03  7:16:46 0 [Note] 
/usr/sbin/mariadbd: ready for connections.
May 03 07:16:46 unicorn mariadbd[749]: Version: '10.5.15-MariaDB-0+deb11u1'  
socket: '/run/mysqld/mysqld.sock'  port: 3306  Debian 11
May 03 07:16:46 unicorn systemd[1]: Started MariaDB 10.5.15 database server.
May 03 07:16:47 unicorn mariadbd[749]: 2022-05-03  7:16:47 0 [Note] InnoDB: 
Buffer pool(s) load completed at 220503  7:16:47


Note that this "Started MariaDB ..." happened 2 days ago, consistent with
the "1 day 23h ago" from systemctl status.  The start command that I issued
had no effect at all.  It didn't even add a line to the journal.

AW: no update possible

[Schwibinger Michael]

Good morning.

Thank You.

command  update-grub.


Answer in German language

command not found.

Regards
Sophie



Von: Peter Ehlert 
Gesendet: Dienstag, 3. Mai 2022 14:14
An: debian-user@lists.debian.org 
Betreff: Re: no update possible



On 5/3/22 06:29, Schwibinger Michael wrote:
Good afternoon

Thank You

Terminal
and root terminal do say

command not found.

please post Exactly what the command is that you entered


and Exactly what the error message is


*copy and paste please

What do I do wrong?

Regards
Sophie



Von: to...@tuxteam.de
Gesendet: Sonntag, 01. Mai 2022 13:33
Bis: Schwibinger Michael
Cc: debian-user@lists.debian.org
Betreff: Re: Firmware III grub

On Sun, May 01, 2022 at 11:49:30AM +, Schwibinger Michael wrote:
>
> Good afternoon
> Thank You
>
> I did start the root terminal.
>
> LXDE has a root terminal.

I see. You can also do it from a normal terminal
by typing "sudo" before the command. You are then
asked for your password, then the command is executed
as root. In your case:

  sudo update-grub
  [asks for password]

But root terminal is fine too.

Cheers
--
t

Re: wtf just happened to my local staging web server

[Brad Rogers]

On Wed, 4 May 2022 19:38:35 +0100
Brian  wrote:

Hello Brian,

>My young childre read -user.

If you allow your _young_ children to read stuff online then *you* have
to take responsibility for that.

-- 
 Regards  _
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
I'm doubling the rent 'coz the building's condemned
Let's Lynch The Landlord - Dead Kennedys


pgp8jnHOCPT5a.pgp
Description: OpenPGP digital signature

Re: wtf just happened to my local staging web server

[Stephan Seitz]

Am Do, Mai 05, 2022 at 09:30:42 +0200 schrieb Klaus Singvogel:

I think there are more.


Yes, I only know wtf as „what the fuck”.

Stephan

--
|If your life was a horse, you'd have to shoot it.|

Re: wtf just happened to my local staging web server

[Klaus Singvogel]

Greg Wooledge wrote:
> On Wed, May 04, 2022 at 07:38:35PM +0100, Brian wrote:
> > My young childre read -user. They asked me what "wtf" means. Please,
> > explain, for the benefit of us civilised and acronymn-challenged
> > users, what it stands for.
> 
> Clearly just a really bad typo for "what".

I learned, it is usually an acronym for "well that's funny,"

Sometimes its also "what the freak", "what the failure", "world trade
federation", or "world taekwondo federation".

I think there are more.

Best regards,
Klaus.
-- 
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D  1994-06-27

Re: wtf just happened to my local staging web server

[Erwan David]

Le 04/05/2022 à 19:01, Gary Dale a écrit :
My Apache2 file/print/web server is running Bullseye. I had to restart 
it yesterday evening to replace a disk drive. Otherwise the last reboot 
was a couple of weeks ago - I recall some updates to Jitsi - but I don't 
think there were any updates since then.


Today I find that I can't get through to any of the sites on the server. 
Instead I get the Apache2 default web page. This happens with both 
Firefox and Chromium. This happens for all the staging sites (that I 
access as ".loc" through entries in my hosts file). My jitsi and 
nextcloud servers simply report failure to get to the server.


I verified that the site files (-available and -enabled) haven't changed 
in months.


I tried restarting the apache2 service and got an error so I tried 
stopping it then starting it again - same error:


root@TheLibrarian:~# service apache2 start


It looks like you started it, not restart, thus the running apache is 
not killed


[...]



May 04 12:16:55 TheLibrarian systemd[1]: Starting The Apache HTTP Server...
May 04 12:16:55 TheLibrarian apachectl[7935]: (98)Address already in 
use: AH00072: make_sock: could not bind to addre>
May 04 12:16:55 TheLibrarian apachectl[7935]: (98)Address already in 
use: AH00072: make_sock: could not bind to addre>


This is consistent with former apache still running at that time, and 
using the wanted ports.

Re: wtf just happened to my local staging web server

[Claudio Kuenzler]

On Wed, May 4, 2022 at 7:18 PM Gary Dale  wrote:

> May 04 12:16:55 TheLibrarian systemd[1]: Starting The Apache HTTP
> Server...
> May 04 12:16:55 TheLibrarian apachectl[7935]: (98)Address already in use:
> AH00072: make_sock: could not bind to addre>
> May 04 12:16:55 TheLibrarian apachectl[7935]: (98)Address already in use:
> AH00072: make_sock: could not bind to addre>
> May 04 12:16:55 TheLibrarian apachectl[7935]: no listening sockets
> available, shutting down
> May 04 12:16:55 TheLibrarian apachectl[7935]: AH00015: Unable to open logs
> May 04 12:16:55 TheLibrarian apachectl[7932]: Action 'start' failed.
> May 04 12:16:55 TheLibrarian apachectl[7932]: The Apache error log may
> have more information.
> May 04 12:16:55 TheLibrarian systemd[1]: apache2.service: Control process
> exited, code=exited, status=1/FAILURE
> May 04 12:16:55 TheLibrarian systemd[1]: apache2.service: Failed with
> result 'exit-code'.
> May 04 12:16:55 TheLibrarian systemd[1]: Failed to start The Apache HTTP
> Server.
>
The errors show that Apache was unable to bind to the listener port
(Address already in use).

Check for other services (maybe Nginx?) which are listening on the same
port as Apache tries to bind to.
Run: netstat -lntup

Also check /etc/apache2/ports.conf for possible misconfigurations.

Are you using HTTP (Port 80) only or also HTTPS (Port 443)?

Just to rule a config error out, run "apache2ctl configtest".

As I said, I do get the default Apache2 page saying "It works" but that
> appears to be optimistic. ps aux | grep apache2 fails to show the service,
> which confirms the systemctl message that it isn't running.
>
That could be your browser cache tricking you. You can verify with "curl
localhost".