Skip to content

Instantly share code, notes, and snippets.

View cmsj's full-sized avatar
🏠
Working from home

Chris Jones cmsj

🏠
Working from home
View GitHub Profile
@cmsj
cmsj / ansible-dropbear-initramfs.md
Last active February 28, 2024 07:05
Ansible to add dropbear (ie an SSH server) to your initramfs, for unlocking encrypted root partitions

This is some Ansible (for Ubuntu 22.04) to install and configure your initramfs to run dropbear (ie an SSH server).

Super handy if you have an encrypted root partition and don't have physical access to the machine to enter the encryption passphrase on the console.

Notes:

  • You'll need to put your actual public SSH keys, instead of the blahblah placeholder I have here
  • I set dropbear to run on port 31337 so the hostkey doesn't clash with the main OS' key in your ~/.ssh/known_hosts
  • This expects to be able to trigger two Ansible handlers when it makes changes, they are listed separately at the bottom
  • You'll need to change the GRUB_CMDLINE_LINUX_DEFAULT line below to have the actual IP/gateway/NIC/hostname you want the kernel to configure
  • After you ssh in when the machine is booting, the command to actually unlock the root filesystem is: cryptroot-unlock
@cmsj
cmsj / bpytop-console.yml
Last active February 5, 2024 07:47
Replace getty on tty1 with bpytop, using Ansible, on Ubuntu 22.04
- name: Install bpytop
apt:
name: bpytop
state: present
- name: Create bpytop configuration directory
ansible.builtin.file:
path: /opt/bpytop
state: directory
owner: nobody
#!/bin/bash
# This script will:
# * Download DJ Electric Samurai's Progressive Psytrance mixes from youtube
# * split them into individual MP3s
# * tag them with a reasonable amount of metadata
# * import them into Music.app (née iTunes)
#
# Dependencies:
# * yt-dlp
# * mid3v2 (from the mutagen project)
@cmsj
cmsj / iOS-File-System-Extraction.md
Created July 31, 2017 12:04
Guide to extract the root file system and decompress the kernel cache for iOS.

iOS File System Extraction

For iOS 10 and Up

Starting with iOS 10.0 Apple decrypted the file system and kernel cache. All you have to do is download an IPSW, change the extension to .zip, and unarchive it. The largest size disk image inside the unarchived zip will be the root file system. Simply mount it to see its contents.

Links to download all iOS IPSWs.

For iOS 9 and Below

Originally from /u/RowRocka on Reddit. Gently edited for clarity.

Links to download all iOS OTA ZIPs.

@cmsj
cmsj / eink_bins.py
Last active December 31, 2023 01:15
Home Assistant python_scripts script to render info from the Waste Collection Schedule HACS integration
# eInk Waste Collection Renderer
# v1.0 Copyright Chris Jones <cmsj@tenshu.net>
# Licensed under the MIT License
# This can be called as a Home Assistant service if you follow: https://www.home-assistant.io/integrations/python_script/
# Calendar is expected to be populated by the Waste Collection Schedule integration from HACS
# (although I only tested with my home region, it's likely the data is formatted differently for other regions)
# eInk tag to render to
tag_entity = "open_epaper_link.000002838f103b16"
@cmsj
cmsj / config.yaml
Created October 5, 2023 23:02
docker compose stack for octodns and bind to sync a zone from Route53 to a local Bind
---
providers:
config:
class: octodns.provider.yaml.YamlProvider
directory: /config/
default_ttl: 3600
enforce_order: True
route53:
class: octodns_route53.Route53Provider
access_key_id: env/AWS_ACCESS_KEY_ID
@cmsj
cmsj / hue_nicely.yaml
Created September 26, 2023 10:08
A Home Assistant custom script for turning on zigbee lightbulbs in a less awful way than default.
hue_nicely:
alias: A Hue Nicely
mode: queued
fields:
bulbs:
name: Bulbs
description: Turn zigbee-connected Hue bulbs on smoothly
required: true
selector:
entity:
@cmsj
cmsj / Code.gs
Created August 25, 2023 09:30
Google Script thread muter
// Enforce thread muting
// When you mute a thread in Gmail, it adds a "Muted" label
// Unfortunately, it doesn't really completely mute the thread - e.g. emails added to the thread will still be marked as unread and show up against folder counts
//
// This script will ensure that all emails appearing on muted threads, will be marked read, and archived.
//
// By default it will only look for emails that are less than 3 days old, to limit the size of the query results. You can adjust that if you want to
var age_max="3d"
function enforceMutes() {
@cmsj
cmsj / smbpassword-ansible.md
Created August 24, 2023 23:37
Setting Samba passwords with Ansible

Scenario: You want to create a user in Linux, and set a Samba password for it, all from Ansible:

Notes:

  • This will not update the Samba password if you change the variable.

To create the encrypted vault string, run: ansible-vault encrypt_string --ask-vault-password 'some_password'

- name: Create OS group
@cmsj
cmsj / automatic-zfs-volume-keys.yaml
Created August 24, 2023 23:55
Loading zfs encryption keys at boot
- name: Install ZFS tools/utilities
apt:
name: "{{ item }}"
state: present
with_items:
- zfsutils-linux
- name: Install tank encryption key
copy:
dest: /etc/zfs/tank.key