André Rainho arainho

## void_interlock.sh
#!/usb/bin/env bash

# Setup interlock on USB armory (armv7) for 'Void Linux' or 'ArchLinux.'
# INTERLOCK - file encryption front end

#luks partition start
PARTITION_START="6820MB"

#use this tag for signal support
INTERLOCK_REPO_TAG="v2019.01.30"

## archlinux_unbound.sh
# Unbound is a validating, recursive, and caching DNS resolver.
https://wiki.archlinux.org/index.php/Unbound

# install unbound, expat
sudo pacman -Syy --noconfirm unbound expat ldns bind-tools

# setup etckeeper
sudo pacman -Syy --noconfirm etckeeper
git config --global user.email "me@armory"
git config --global user.name "Me Myself and I"

## archlinux_hardening.sh
# https://wiki.archlinux.org/index.php/Firejail
# https://linux-audit.com/audit-and-harden-your-ssh-configuration/

sudo firecfg
mkdir -p /etc/pacman.d/hooks/
sudo bash -c 'cat > /etc/pacman.d/hooks/firejail.hook' << EOF
[Trigger]
Type = Path
Operation = Install
Operation = Upgrade

## install_vault.sh
#!/usr/bin/env bash

export VERSION=1.4.2
wget https://releases.hashicorp.com/vault/${VERSION}/vault_${VERSION}_linux_amd64.zip

# unzip the package and remove the zip file:
unzip vault_${VERSION}_linux_amd64.zip && rm vault_${VERSION}_linux_amd64.zip

# vault runs as a single binary named vault, other files in the package can be safely removed
ls -al | grep vault

## rpi4_share_internet.sh
#!/bin/bash

WAN_IFACE="eth0"
USB_IFACE="usb0"

# apply config's
ip addr del 169.254.177.31/16 dev usb0
ip addr add 10.0.0.2/255.255.255.0 broadcast 10.0.0.255 dev usb0

sysctl net.ipv4.ip_forward=1

## pihole_on_vps.sh
#!/usr/bin/env bash

# 🕵️🕵️🕵️ Check
# 1. read https://docs.pi-hole.net/ftldns/interfaces/
# 2. go to www.virustotal.com and check 'https://install.pi-hole.net'

# port 22 is open everywhere
# port 53 is open only for the value of 'YOUR_HOME_EXTERNAL_IP'

### ✏️✏️✏️ fill out
	#!/usb/bin/env bash

	# Setup interlock on USB armory (armv7) for 'Void Linux' or 'ArchLinux.'
	# INTERLOCK - file encryption front end

	#luks partition start
	PARTITION_START="6820MB"

	#use this tag for signal support
	INTERLOCK_REPO_TAG="v2019.01.30"
	# Unbound is a validating, recursive, and caching DNS resolver.
	https://wiki.archlinux.org/index.php/Unbound

	# install unbound, expat
	sudo pacman -Syy --noconfirm unbound expat ldns bind-tools

	# setup etckeeper
	sudo pacman -Syy --noconfirm etckeeper
	git config --global user.email "me@armory"
	git config --global user.name "Me Myself and I"
	# https://wiki.archlinux.org/index.php/Firejail
	# https://linux-audit.com/audit-and-harden-your-ssh-configuration/

	sudo firecfg
	mkdir -p /etc/pacman.d/hooks/
	sudo bash -c 'cat > /etc/pacman.d/hooks/firejail.hook' << EOF
	[Trigger]
	Type = Path
	Operation = Install
	Operation = Upgrade
	#!/usr/bin/env bash

	export VERSION=1.4.2
	wget https://releases.hashicorp.com/vault/${VERSION}/vault_${VERSION}_linux_amd64.zip

	# unzip the package and remove the zip file:
	unzip vault_${VERSION}_linux_amd64.zip && rm vault_${VERSION}_linux_amd64.zip

	# vault runs as a single binary named vault, other files in the package can be safely removed
	ls -al \| grep vault
	#!/bin/bash

	WAN_IFACE="eth0"
	USB_IFACE="usb0"

	# apply config's
	ip addr del 169.254.177.31/16 dev usb0
	ip addr add 10.0.0.2/255.255.255.0 broadcast 10.0.0.255 dev usb0

	sysctl net.ipv4.ip_forward=1
	#!/usr/bin/env bash

	# 🕵️🕵️🕵️ Check
	# 1. read https://docs.pi-hole.net/ftldns/interfaces/
	# 2. go to www.virustotal.com and check 'https://install.pi-hole.net'

	# port 22 is open everywhere
	# port 53 is open only for the value of 'YOUR_HOME_EXTERNAL_IP'

	### ✏️✏️✏️ fill out