upgrade to org roam v2

contrun · contrun · commit 3eeda9ba40fe · 2021-10-07T23:59:46.000+08:00
diff --git a/org/20210311234743-identity_aware_proxy.org b/org/20210311234743-identity_aware_proxy.org
@@ -1,5 +1,8 @@
+:PROPERTIES:
+:ID:       0e99f715-6ea9-47e2-98ab-f40ed0d37868
+:END:
 #+title: identity-aware proxy
-#+roam_tags: proxy "zero trust"
+#+filetags: :proxy:zero_trust:
 
 An identity-aware proxy is a reverse proxy which forwards normal payload and attaches the identity information to the backend servers.
 
diff --git a/org/20210312194030-sigma_bullets.org b/org/20210312194030-sigma_bullets.org
@@ -1,5 +1,8 @@
+:PROPERTIES:
+:ID:       26a82b36-e049-470a-8f20-6b58cc7d2ba1
+:END:
 #+title: sigma bullets
-#+roam_tags: "zero knowledge proofs"
+#+filetags: :zero_knowledge_proofs:
 * Introduction
 This document summarize how a zero-knowledge confidential transaction scheme works and how to implement it. A confidential transaction scheme is a transaction scheme with which the transaction value and the balance of the sender and receiver are encrypted. The zero-knowledge part means that outsider can effectively learn nothing about the values, although he can verify the transaction is not fabricated. The main references are [[https://eprint.iacr.org/2017/1066][Bulletproofs]] and [[https://eprint.iacr.org/2019/191][Zether]]. We use Zether to homomorphically encrypt the transaction value so that the we can directly add/subtract ciphertext of the encrypted balance which can then be decrypted into the correct balance after the transaction. We use bulletproofs to check the transaction value is valid, i.e. it is a non-negative number within the range \([0, 2^n)\), and after the transaction the sender must still have a non-negative balance. The vanilla bulletproofs do not apply to the scenario of zether as Elgamal commitments are not fully homomorphic. We need to tweak bulletproofs to support \(\Sigma\)-protocols, i.e. interactive proof of the values commited in Bulletproofs are truly the values involved in zether, whence we obtain a complete and sound proof of a confidential transaction.
 
diff --git a/org/20210312194409-quine_in_haskell.org b/org/20210312194409-quine_in_haskell.org
@@ -1,3 +1,6 @@
+:PROPERTIES:
+:ID:       9bec89cb-c17e-44bd-a1b0-c368f7370f09
+:END:
 #+title: quine in haskell
 
 See [[https://blog.matthewbarber.io//2019/07/22/how-to-make-compressed-file-quines.html][How to make compressed file quines, step by step]]
diff --git a/org/20210312194530-kernel_development_with_nix.org b/org/20210312194530-kernel_development_with_nix.org
@@ -1,5 +1,8 @@
+:PROPERTIES:
+:ID:       bc0d886b-d51f-4277-9c19-8f4c93c98c94
+:END:
 #+title: kernel development with nix
-#+roam_tags: qemu "linux kernel" nix
+#+filetags: :qemu:linux_kernel:nix:
 
 See also [[https://nixos.wiki/wiki/Kernel_Debugging_with_QEMU][Kernel Debugging with QEMU]].
 
diff --git a/org/20210510164540-self_hosted_infrastructure.org b/org/20210510164540-self_hosted_infrastructure.org
@@ -1,5 +1,8 @@
+:PROPERTIES:
+:ID:       754d60ad-ca82-4f75-8aab-f80b674b4a79
+:END:
 #+title: self-hosted infrastructure
-#+roam_tags: "incremental backup" docker nix ansible kubernetes "split horizon dns" "transparent proxy" "software-defined networking" "infrastructure as code" "cloud native" "load balancers" "overlay networks" "mesh networking"
+#+filetags: :incremental_backup:docker:nix:ansible:kubernetes:split_horizon_dns:transparent_proxy:software_defined_networking:infrastructure_as_code:cloud_native:load_balancers:overlay_networks:mesh_networking:
 
 TLDR: I use [[https://tailscale.com/][tailscale]]/[[https://www.zerotier.com/][zerotier]] to establish a smallish mesh network. I use [[https://www.envoyproxy.io/][envoy]] as an edge router to forward L4 traffic.
 I mainly provision and manage services with [[https://nixos.org/][nix]], [[https://www.docker.com/][docker]] and [[https://github.com/mozilla/sops][sops]]. When it is absolutely required, I use [[https://k3s.io/][k3s]] to deploy [[https://kubernetes.io/][Kubernetes]] services.
@@ -297,12 +300,12 @@ and the configuration is shared.
 *** Strength
 What I really like about authelia is its simplicity and easy integration with traefik.
 *** Future
-I want to use a [[https://cloud.google.com/beyondcorp][beyondcorp]] style [[file:20210311234743-identity_aware_proxy.org][identity-aware proxy]] with [[https://www.openpolicyagent.org/][open policy agent]] support some other day. The last time I checked [[https://www.pomerium.com/][pomerium]],
+I want to use a [[https://cloud.google.com/beyondcorp][beyondcorp]] style [[id:0e99f715-6ea9-47e2-98ab-f40ed0d37868][identity-aware proxy]] with [[https://www.openpolicyagent.org/][open policy agent]] support some other day. The last time I checked [[https://www.pomerium.com/][pomerium]],
 I found envoy was hard to pack and pomerium was too oidc-centric, most of all it did not support ldap or other local user database.
 
 ** SSO
 Authelia just landed [[https://github.com/authelia/authelia/issues/189][openid connect support]]. I haven't tried it yet. One more thing about authelia is that I currently use a single text file as account backend.
-I have set up [[https://www.openldap.org/][openldap]] on my machines, but I haven't tried it on authelia yet. I intend to use [[https://www.freeipa.org/page/Main_Page][freeipa]] instead, which is much more versatile.
+I have set up [[https://www.openldap.org/][openldap]] on my machines, but I haven't tried it on authelia yet. I intend to use [[https://www.freeipa.org/page/Main_Page][freeipa]] instead (tried container, systemd within the container didn't work), which is much more versatile.
 
 ** Intrusion Prevention
 Because of my distrust to other people's computer, I intentionally made my edge proxy to be as dumb as possible.
@@ -453,3 +456,4 @@ Nix is great. But it is hard for outside world to learn my nix configuration.
 ** Federated Storage
 ** Grand Unification
 ** Personal Data Warehouse
+** Accounts (ldap)
diff --git a/org/20210929001547-self_hosted_services.org b/org/20210929001547-self_hosted_services.org
@@ -1,2 +1,5 @@
+:PROPERTIES:
+:ID:       4948eeb8-df11-4f28-919d-d416a34e6109
+:END:
 #+title: self-hosted services
-TODO. For now, See [[file:20210510164540-self_hosted_infrastructure.org][self-hosted infrastructure]].
+TODO. For now, See [[id:754d60ad-ca82-4f75-8aab-f80b674b4a79][self-hosted infrastructure]].
diff --git a/org/20210929003252-chrome_download_shelf.org b/org/20210929003252-chrome_download_shelf.org
@@ -1,5 +1,8 @@
+:PROPERTIES:
+:ID:       14da66c8-feb8-49d1-8888-db76d1c7b8a8
+:END:
 #+title: Chrome download shelf
-#+roam_tags: "chrome" "internals"
+#+filetags: :chrome:internals:
 Chrome download shelf is the widget shown in the buttom when you initiate a new download. This document summarizes how the download shelf is implemented.
 It is sketchy on the details. For more information, click on the source code or documentation links.
 
diff --git a/publish.el b/publish.el
@@ -40,7 +40,8 @@
   :init
   (setq org-roam-directory my/org-dir)
   (setq org-roam-db-location (expand-file-name "org-roam.db" my/org-dir))
-  (org-roam-mode)
+  (setq org-roam-v2-ack t)
+  (org-roam-db-autosync-mode)
   (unless (file-exists-p org-id-locations-file)
     (let ((org-id-files (org-roam--list-files org-roam-directory))
           org-agenda-files)
