glennschler

Add rules

vim $OPENHAB_CONF/rules/default.rules

1. rule "email Backyard Temperature every morning and every night"

• OU_Backyard_Temperature must be defined in an .items file

import org.eclipse.smarthome.core.library.types.QuantityType
import org.eclipse.smarthome.core.library.unit.SIUnits

glennschler

sudo apt install ubuntu-desktop xrdp zsh
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

cd
git clone https://github.com/gpakosz/.tmux.git
ln -s -f .tmux/.tmux.conf
cp .tmux/.tmux.conf.local .
tmux

glennschler

OpenVPN Technologies has provided their SSL VPN solution in a free virtual machine image that can be hosted in the Amazon cloud. This allows anyone to quickly setup their own VPN solution to provide secure internet access, or a secure network between local and remote locations. With Amazon EC2 the cost can be free for the first year, and then can cost less than one US cent ($.005) per hour depending on configuration and bandwidth needs. The OpenVPN license is free for the first two users.

The instructions given by OpenVPN are thorough and easy to follow. They also describe an optional step on how to setup an Amazon static IP address. For free tier or other users who will leave the instance running full-time there is zero cost for this static IP, but for users who plan to only run the VPN on an hourly basis there will be additional ip "reservation" cost for e

glennschler

Using AWS Linux setup an L2TP/IPSEC Soft Ether VPN

Consider HVM (SSD) EBS-Backed 64-bit m3.medium

• us-east-1 => ami-1ecae776

• Updates and dependencies

sudo yum -y update
sudo yum -y upgrade
sudo yum -y install docker git wget

glennschler

git clone https://github.com/trailofbits/algo.git
cd algo

Create more client usernames, and change some values to be the following:

• ipsec_enabled: false
• arch: arm64
• size: t4g.micro
• instance_market_type: spot

glennschler

Notes

Install of Wheezy-Raspbian v2013-09-25

Configure Raspberry Pi from Mac OS X

• Download Raspbian Raw image
• From the OS X command line. Following these eLinux SD Card Setup. To summarize:
  • diskutil list
    • identify the disk (not partition) of your SD card. e.g. disk4 (not disk4s1)
  • diskutil unmountDisk /dev/<disk# from diskutil>
• e.g. diskutil unmountDisk /dev/disk3

glennschler

curl -o a-test-stack-template.yaml https://gist.githubusercontent.com/glennschler/7c6eb8c506c7460929b07a2c97fa6fca/raw/_02-test-stack-template.yaml

Set the temporary bash variable named aws_cred_profile with the aws credentials profile name to be used for the aws cli commands

aws_cred_profile=

glennschler

1. Assuming xcode CLI tools already installed. If not, install here

xcode-select --install

1. Assuming Homebrew. If not, install here

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

glennschler

#!/usr/bin/env bash
set -e

# Get secrets from ansible vault
ec2credentials=$(ansible-vault view ./aws-secrets.vault.yml | sed -E "s/aws_access_key = ([^ ]+)|aws_secret_key = ([^ ]+)|aws_mfa_serial = ([^ ]+)/\1\2\3/g")

export AWS_ACCESS_KEY_ID=$(echo $ec2credentials | cut -d' ' -f1)
export AWS_SECRET_ACCESS_KEY=$(echo $ec2credentials | cut -d' ' -f2)

exec ./algo $1 -e "aws_mfa_serial=$(echo $ec2credentials | cut -d' ' -f3)"

glennschler

Referencing this discussion on how to deny loopback access, create the opposite which is to only allow access from localhost. The goal is to only allow access after the client has connected with SSH using the port tunneling option.

Add new filter rules to block VNC (port 5900) access when not connected via SSH with port forwarding. Plus add blocks to file sharing (SMB and AFP). Just in case I am running a web server block that too, or any other ports listed in this link.

# pfctl is the packet filter firewall for modern OS X. 
# For more info -> man pfctl
# flush to the default