Skip to content

Instantly share code, notes, and snippets.

View andrewlkho's full-sized avatar

Andrew Ho-Lee andrewlkho

8 followers · 0 following
View GitHub Profile
@andrewlkho
andrewlkho / ALKH.plist
Created February 16, 2024 10:01
MailMate keybindings
{
// Mutt-like keybindings with my own preferences
"j" = "nextMessage:";
"k" = "previousMessage:";
"^a" = "selectFirstMessageRow:";
"^e" = "selectLastMessageRow:";
"m" = "newMessage:";
"r" = "replySender:";
@andrewlkho
andrewlkho / zotfile.wildcards.user
Created November 14, 2017 22:51
# Format: {%a }{%y }{%1|%j}
{"1":{"default":{"field":"journalAbbreviation","operations":[{"function":"replace","regex":"\\.","replacement":""}]}}}
@andrewlkho
andrewlkho / gist:3d05108ddb363243198d93526980522e
Created March 23, 2017 18:48
Expanding storage on a Raspberry Pi using Amazon S3

I've been playing around with a Raspberry Pi hosted with Mythic Beasts and wanted a way to keep a large number of infrequently-accessed files on the server. A cost-effective place to store such data is on Amazon S3. After looking around at ways to mount an S3 bucket on the Raspberry Pi and have it appear as a regular filesystem, I came across s3backer. This provides a single file, divided into blocks, each of which is stored as an S3 object. A filesystem is mounted onto this file using a loopback mount. This setup has many benefits which are explained well in the README. Here's how to set it up on the Raspberry Pi.

I'm going to assume that you have an S3 bucket mybucket created and a user with credentials to access it. Although not explicitly specified, some of the commands below need to be run as root.

First, install prerequisites (the first line is

@andrewlkho
andrewlkho / debian-strongswan.md
Last active January 3, 2024 03:39
Setting up a secure VPN with strongSwan on debian

With heightening concern regarding the state of internet privacy (fuelled in part by the passing of the Investigatory Powers Act in the UK), I have set up a VPN server on the virtual server I have hosted with Mythic Beasts. This uses strongSwan and certificate-based IKEv2 authentication.

Assumptions:

  • Debian Jessie server already set up and accessible via debian.example.com, a public IPv4 of 203.0.113.1 and a public IPv6 of 2001:db8::1
  • Client username of me
  • Clients are running the latest versions of macOS and iOS (Sierra and 10 respectively at the time of writing)
  • No need to support any other operating systems (although the setup is easily translated)

For automated deployment of a similar setup, albeit Ubuntu-based and using ansible for deployment, I recommend you take a look at Algo VPN. I used that project as a basis for my configuration.

@andrewlkho
andrewlkho / rules.v4
Last active October 24, 2018 14:41
ip(6)tables rules
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Boilerplate acceptance policy
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT
@andrewlkho
andrewlkho / notes.tex
Created April 28, 2016 20:17
Minimal template for notes
\documentclass[a4paper,10pt]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage[scaled]{helvet}
\renewcommand{\familydefault}{\sfdefault}
\usepackage[margin=1in]{geometry}
\setlength{\parindent}{0pt}
\setlength{\parskip}{\baselineskip}
@andrewlkho
andrewlkho / README.md
Created April 6, 2016 21:36
How to run sshd as a Tor hidden service on a Raspberry Pi

I keep a Raspberry Pi at a relative's house which backs up my cloud storage to a Time Machine on their network. Previously I had port 22 NAT'd to the Raspberry Pi so that I could ssh in for occasional admin. However, I found that even with iptables/fail2ban installed, there were daily attempts at getting hacked. As I only infrequently need to access the server, I decided to set up sshd as a Tor hidden service which did not require port 22 to be exposed to the wider internet.

Setup sshd as a hidden service

The first step is to install tor:

# apt-get install tor

Add the following lines to /etc/tor/torrc:

@andrewlkho
andrewlkho / README.md
Last active March 30, 2023 01:22
Implementing HTTPS on NFSN (nearlyfreespeech.net) hosting using Let's Encrypt

These instructions are for implementing HTTPS on a NFSN-hosted static site using a certificate from Let's Encrypt. The certificate is generated manually on a separate computer.

Start off by installing the letsencrypt client. This requires sudo privileges and will install a bunch of packages:

% curl -O https://dl.eff.org/certbot-auto
% chmod +x ./certbot-auto
% ./certbot-auto

Generate the certificate. This will require you to publish some challenge responses on NFSN. I find it easiest to use tmux with letsencrypt running in one window and an SSH session to NFSN in another:

@andrewlkho
andrewlkho / gist:ef90563e76e0c4e03e03
Last active January 10, 2016 12:26
Roast pork belly recipe

Adapted from Nigella.

Ingredients

  • 1.5 kg pork belly
  • 4-6 tbsp tahini
  • 4-6 tbsp soy sauce
  • Juice of 1 lemon
  • Juice of 1 lime
  • Salt
@andrewlkho
andrewlkho / gist:6f3ed6d32e8f1071e62f
Created May 20, 2015 19:51
How to edit RAW files produced by Fujifilm XQ1 in Photos (OS X)

OS X does not, as of May 2015, support the RAW (*.RAF) files produced by the Fujifilm XQ1. The easiest way to edit them is to download the Adobe Camera RAW and DNG Converter. This can be used to convert RAF files into DNG files. Importantly, "Compatibility" must be set to "Camera Raw 6.6 and later". The default setting of "Camera Raw 7.1 and later" creates files that OS X cannot handle.