Skip to content

Instantly share code, notes, and snippets.

View Kastet85's full-sized avatar

Kastet85 Kastet85

0 followers · 6 following
View GitHub Profile
@Kastet85
Kastet85 / full-disk-encryption-arch-uefi.md
Created April 23, 2024 13:38 — forked from huntrar/full-disk-encryption-arch-uefi.md
Arch Linux Full-Disk Encryption Installation Guide [Encrypted Boot, UEFI, NVMe, Evil Maid]

Arch Linux Full-Disk Encryption Installation Guide

This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.

Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.

Preface

You will find most of this information pulled from the Arch Wiki and other resources linked thereof.

Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX with /dev/sdX or your device as needed.

@Kastet85
Kastet85 / systemd_service_hardening.md
Created October 23, 2023 12:33 — forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@Kastet85
Kastet85 / mount_qcow2.md
Created September 18, 2023 08:33 — forked from shamil/mount_qcow2.md
How to mount a qcow2 disk image

How to mount a qcow2 disk image

This is a quick guide to mounting a qcow2 disk images on your host server. This is useful to reset passwords, edit files, or recover something without the virtual machine running.

Step 1 - Enable NBD on the Host

modprobe nbd max_part=8
@Kastet85
Kastet85 / reload_dns_cache_network_manager.md
Created June 5, 2023 05:59 — forked from CMCDragonkai/reload_dns_cache_network_manager.md
Reload the DNS Cache in Network Manager

Reload the DNS Cache in Network Manager

You may be using NetworkManager with dnsmasq as the DNS plugin. If so, it's being used as a local caching nameserver.

When its data is outdated, you can force it to reload its DNS cache with:

Use:

nmcli general reload dns-full
@Kastet85
Kastet85 / stash_dropped.md
Created March 15, 2023 09:49 — forked from joseluisq/stash_dropped.md
How to recover a dropped stash in Git?

How to recover a dropped stash in Git?

1. Find the stash commits

git log --graph --oneline --decorate ( git fsck --no-reflog | awk '/dangling commit/ {print $3}' )

This will show you all the commits at the tips of your commit graph which are no longer referenced from any branch or tag – every lost commit, including every stash commit you’ve ever created, will be somewhere in that graph.

@Kastet85
Kastet85 / Jenkinsfile
Created August 12, 2022 08:45 — forked from bcomnes/Jenkinsfile
Git env vars you might need in jenkins
/*
Jenkins ENV Reference:
env.GIT_COMMIT: the commit sha of the current build
env.BRANCH_NAME: the branch name OR tag name of the current build, when it exists
env.GIT_BRANCH: same as BRANCH_NAME
env.TAG_NAME: the tag name of the current build, when it exists
*/
@Kastet85
Kastet85 / bash_strict_mode.md
Created May 5, 2022 12:37 — forked from mohanpedala/bash_strict_mode.md
set -e, -u, -o, -x pipefail explanation
@Kastet85
Kastet85 / Отправка файлов в Yandex Disk через REST API из Bash.md
Created April 6, 2022 12:44 — forked from YPermitin/Отправка файлов в Yandex Disk через REST API из Bash.md
Отправка файлов в Yandex Disk через REST API из Bash

Отправка файлов в Yandex Disk через REST API из Bash

Пример выгрузки файлов на Яндекс.Диск из Bash через официальный REST API.

Подготовка токена для работы с API

Тут все просто.

  1. Идем по ссылке и входим под нужной учетной записью Яндекса, после чего нажимаем "Зарегистрировать новое приложение".
  2. Настраиваем новое приложение:
@Kastet85
Kastet85 / PostgreSQL и потоковая репликация (аналог AlwaysOn из MS SQL Server).md
Created March 26, 2022 21:52 — forked from YPermitin/PostgreSQL и потоковая репликация (аналог AlwaysOn из MS SQL Server).md
PostgreSQL и потоковая репликация (аналог AlwaysOn из MS SQL Server)

Потоковая репликация PostgreSQL

Потоковая репликация (Streaming Replication) - это репликация, при которой от основного сервера PostgreSQL на реплики передается WAL (Write Ahead Log). И каждая реплика затем по этому журналу изменяет свои данные. Для настройки такой репликации все серверы должны быть одной версии, работать на одной ОС и архитектуре.

Шаги настройки:

  1. Настройка master-сервера
  2. Настройка доп. сервера (slave)
  3. Тестирование репликации
@Kastet85
Kastet85 / etc_NetworkManager_conf.d_90-disable-randomization.conf
Created May 12, 2021 11:08 — forked from ctubbsii/etc_NetworkManager_conf.d_90-disable-randomization.conf
NetworkManager configuration to disable WiFi MAC address randomization while scanning
# Place file in
# /etc/NetworkManager/conf.d/90-disable-randomization.conf
[device-mac-randomization]
# "yes" is the default for scanning in Fedora 25
wifi.scan-rand-mac-address=no
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random