Skip to content

Instantly share code, notes, and snippets.

View daemonhorn's full-sized avatar

daemonhorn

1 follower · 6 following
View GitHub Profile
@daemonhorn
daemonhorn / Cloudflare-WARP_Wireguard.md
Created April 15, 2024 23:37
Cloudflare WARP tunnel via Wireguard client

Cloudflare WARP tunnel via Wireguard client

This example provides a simple configuration for a Debian client to have a Cloudflare tunnel while not installing the official Cloudflare WARP client. Note: Tunnel transport outbound to engage.cloudlflare.com on udp/2408 is default, with a dynamic listening udp port and a fwmark for packet matching by wireguard. Any applicable firewall rules may need to be adjusted.

Install dependancies

sudo apt install openresolv wireguard-tools golang git

Get the latest client from Github and build using go

git clone https://github.com/ViRb3/wgcf.git
@daemonhorn
daemonhorn / FreeBSD Arm64 Qemu.md
Last active October 3, 2023 12:20
FreeBSD-arm64-aarch64 via Qemu from ports

Intro

This Quickstart receipe for Qemu assumes a recent FreeBSD release (stable/13 or newer), and provides an example configuration for running arm64 (aarch64) FreeBSD guest on an amd64 FreeBSD Host. Concepts can be applied to other architectures as desired, but syntax and capabilities will vary.

Dependancies

  • Install qemu pkg install qemu or pkg instal qemu-nox11. Latest pre-built package release as of this writeup is 8.1.0
  • Sufficient disk space (50+GB) on a mounted FreeBSD Host disk (e.g.: /qemu-data in this example)
@daemonhorn
daemonhorn / FreeBSD Ports Cheat Sheet.md
Last active September 9, 2023 19:01
FreeBSD Ports Cheat Sheet and Notes

FreeBSD Ports

Some random FreeBSD Ports information for future me

Configuration file: /etc/make.conf

  • Add BATCH=YES to prevent questions and dialog4ports(1) from slowing you down.

Ports make targets from man ports(7)

  • config to force a configuration display/choice (even if BATCH=YES has been defined)
  • fetch and fetch-recursive to download the source packages if not cached
  • install and reinstall to install and force-reinstall the port and register with package database
  • deinstall to uninstall/remove the port and de-register from package database
  • build-depends-list, run-depends-list, all-depends-list to just list the names of the dependancies
@daemonhorn
daemonhorn / Inkplate10_Example_NOAA_Weather.py
Created July 16, 2023 19:56
Inkplate10_Example_NOAA_Weather
import network
import time
from soldered_inkplate10 import Inkplate
ssid = "My_SSID"
password = "My_Pass"
# Function which connects to WiFi
# More info here: https://docs.micropython.org/en/latest/esp8266/tutorial/network_basics.html
def do_connect():
@daemonhorn
daemonhorn / Example_microsocks_stunnel_freebsd_config.md
Last active March 26, 2024 05:26
Socks5 using Microsocks and Stunnel on FreeBSD

Socks5 proxy using Microsocks and Stunnel on FreeBSD

Configuration information for the Microsocks package on FreeBSD as the existing documentation does not give sufficient details to create a secure configuration flexible enough to use for various use cases. See https://github.com/rofl0r/microsocks for the latest source code and wiki documentation. Note: The user authentication method supported by Microsocks is only plaintext, and is not protected by any layer of encryption. Please be hyper aware and use other layers of protection to secure your socks5 endpoint. (Firewall + TLS encryption with client authentication using something like stunnel).

  • If you want an easy way of doing this, just look at ssh -D localhost:1080 <user@host> instead since SSH provides a native Socks5 tunnel with encryption.
  • You can also use stunnel in socks5 protocol mode without Microsocks since it has native support for protocol = socks. See stunnel documentation here: https://www.stunnel.org/static/stunnel
@daemonhorn
daemonhorn / unifi_nginx.md
Created June 21, 2023 12:13
Unifi Network Controller and NGNIX Configuration

Create specific folder for certs

mkdir /etc/nginx/certs
chown root:www-data /etc/nginx/certs

Add www-data group to sudoers for service (service restart nginx)

echo "%www-data ALL=(ALL:ALL) NOPASSWD:/usr/sbin/service" >/etc/sudoers.d/20_nginx

Shell snippet to let acme service push certificates to nginx

@daemonhorn
daemonhorn / bash_tcsh_unified_config.md
Last active January 16, 2024 15:04
Make bash do the nice tcsh things

Overview

I want to forget about differences between my Linux machines (running bash), and my BSD machines (running tcsh), and have user-friendly cli experience. The knobs below will cause bash/readline/less to behave more like tcsh defaults.

  1. Searching through history with filters
echo '"\e[B": history-search-forward' >>~/.inputrc
echo '"\e[A": history-search-backward' >>~/.inputrc
  1. Pager re-init and thus manpages causing screen to clear on quit
@daemonhorn
daemonhorn / my-sandbox.wsb
Created October 8, 2022 21:08
Windows Sandbox configuration example
<!-- See https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file -->
<Configuration>
<VGpu>Disable</VGpu>
<Networking>Enable</Networking>
<MemoryInMB>5096</MemoryInMB>
<ClipboardRedirection>Enable</ClipboardRedirection>
<PrinterRedirection>False</PrinterRedirection>
<ProtectedClient>False</ProtectedClient>
<VideoInput>False</VideoInput>
<AudioInput>False</AudioInput>
@daemonhorn
daemonhorn / Windows EFS PIV Yubikey.md
Last active April 7, 2024 15:00
Using PIV Smartcard and Yubikey with Windows Encrypting Filesystem

Yubikey 5 Win 10 20H2 x64 Pro PIV EFS Setup

Overview

PIV on Yubikey can be utilized for SSH authentication, Windows OS login authentication, NTFS Encrypted File System (EFS) support, Bitlocker and other use cases. The examples below are using self-signed certificates and keys generated on the Yubikey secure element, but can be customized for an enterprise environment with a root CA/intermediate CA and trusted certificate chains as needed. Note: While using a CA allows for easier scalable management, this also increases the required ring of trust, and thus can potentially decrease security if not managed properly.

Requires: Windows 10 Pro (20H2 used in the document, but will work on earlier versions of Pro), Yubikey 4 or 5 security token.

PIV References: NIST: https://csrc.nist.gov/publications/detail/sp/800-73/4/final Yubico PIV Setup: https://developers.yubico.com/PIV/Guides/Device_setup.html

@daemonhorn
daemonhorn / FreeBSD-Dell_7550.md
Last active October 16, 2023 22:24
FreeBSD on Dell Precision 7550 Laptop

Overview

This is my notes from configuring a functional FreeBSD 13/14 (started with 13.1-RELEASE and moved to stable/14 branch) on my Dell Precision 7550 Laptop with Dell Thunderbolt 3 Dock.

What works out of the box

  1. Install from 14-Beta5 release memstick image worked great with UEFI (Secure Boot disabled), and boot config in BIOS/UEFI setup for AHCI access (NOT Intel Raid) to nvme drives.
  2. iwl Wi-Fi card from Intel, no issues as long as I don't try to change regulatory domain from defaults. WPA2 authentication worked as I expected, WPA3 is not there yet in the FreeBSD 802.11 stack.
iwlwifi0@pci0:0:20:3:	class=0x028000 rev=0x00 hdr=0x00 vendor=0x8086 device=0x06f0 subvendor=0x8086 subdevice=0x4070
    vendor     = 'Intel Corporation'
 device = 'Comet Lake PCH CNVi WiFi'