Skip to content

Instantly share code, notes, and snippets.

Matthew Vance MatthewVance

Block or report user

Report or block MatthewVance

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@MatthewVance
MatthewVance / nanorc
Created Jul 27, 2019
Customize nano behavior. Use ~/.nanorc file.
View nanorc
#####################
# Behavior Settings #
#####################
# Make new lines contain the same amount of whitespace as line above.
unset autoindent
# Use a tab size of n columns. The value of n must be greater than 0.
# The default value is 8.
set tabsize 4
@MatthewVance
MatthewVance / HKPS
Last active Jul 23, 2019
GPG related configuration options. More secure but less interoperable than typical defaults.
View HKPS
gpg --import fake
curl --tlsv1.2 -L https://sks-keyservers.net/sks-keyservers.netCA.pem -O
curl --tlsv1.2 -L https://sks-keyservers.net/sks-keyservers.netCA.pem.asc -O
# Move hkps pool cert to cert store
sudo cp -v sks-keyservers.netCA.pem /etc/ssl/certs/
# Import key for HKPS signature
gpg --recv-key 0x0B7F8B60E3EDFAE3
@MatthewVance
MatthewVance / Paperkey
Created Jul 23, 2019
Install the Paperkey OpenPGP key archiver from source on Debian based distros https://www.jabberwocky.com/software/paperkey/
View Paperkey
curl https://www.jabberwocky.com/software/paperkey/paperkey-1.6.tar.gz -O
curl https://www.jabberwocky.com/software/paperkey/paperkey-1.6.tar.gz.sig -O
gpg --recv-key 0x99242560
gpg --verify paperkey-1.6.tar.gz.sig paperkey-1.6.tar.gz
tar -xzvf paperkey-1.6.tar.gz
cd paperkey-1.6
apt install build-essential
./configure
make
make check
@MatthewVance
MatthewVance / issue.net
Created May 30, 2019
While only a deterrent (plus some limited legal value), it is worth setting a server banner. My version is based off of https://help.ubuntu.com/community/StricterDefaults and https://ia.signal.army.mil/docs/NIST_SP_800_18_Planguide.pdf.
View issue.net
***************************************************************************
**WARNING**WARNING**WARNING**
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Unauthorized access or use of this computer system may subject violators
to criminal, civil, and/or administrative action. All data contained
on this computer system may be monitored, intercepted, recorded, read,
copied, or captured in any manner and disclosed in any manner, by
authorized personnel. THERE IS NO RIGHT OF PRIVACY IN THIS SYSTEM.
@MatthewVance
MatthewVance / ssh_config
Created May 30, 2019
OpenSSH SSH client configuration example for Raspberry Pi, customized to improve security.
View ssh_config
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
@MatthewVance
MatthewVance / sshd_config
Created May 30, 2019
OpenSSH SSH daemon configuration example for Raspberry Pi, customized to improve security.
View sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
##ListenAddress 192.168.1.2
Protocol 2
# HostKeys for protocol version 2
@MatthewVance
MatthewVance / restic-stats.sh
Created May 18, 2019
A script to return various stats about a Restic repo.
View restic-stats.sh
#!/bin/bash
#: Title : restic stats
#: Date : October 14, 2018
#: Author : Matt Vance
#: Version : 1.0
#: Description : Script to fully sytem backlup
#: License : MIT License (MIT)
# Copyright (C) 2018 Matthew Vance
@MatthewVance
MatthewVance / restic-unlock.sh
Last active May 19, 2019
Bash script to unlock a Restic repo.
View restic-unlock.sh
#!/bin/bash
#: Title : restic unlock
#: Date : April 26, 2019
#: Author : Matt Vance
#: Version : 1.0
#: Description : Script to manually unlock repo
#: License : MIT License (MIT)
# Copyright (C) 2019 Matthew Vance
@MatthewVance
MatthewVance / Caddyfile
Last active Jun 8, 2019
Caddy config (Caddyfile) and systemd service to reverse proxy Restic REST server running via Rclone.
View Caddyfile
bind 192.168.1.106:8889
tls /etc/caddy/ssl/host_name-bundle.pem /etc/caddy/ssl/end_device-key.pem {
protocols tls1.2 tls1.3
}
# Reverse proxy to rclone restic rest service
proxy / localhost:8080 {
# health_check /
transparent
max_conns 1024
@MatthewVance
MatthewVance / restic-backup-weekly.sh
Created May 18, 2019
Script to backup a Raspberry Pi weekly to a Restic over the network via REST.
View restic-backup-weekly.sh
#!/bin/bash
#: Title : restic
#: Date : October 13, 2018
#: Author : Matt Vance
#: Version : 1.0
#: Description : Script to run regular restic backups
#: License : MIT License (MIT)
# Copyright (C) 2018 Matthew Vance
You can’t perform that action at this time.