Skip to content

Instantly share code, notes, and snippets.

View jirutka's full-sized avatar
🇺🇦
Слава Україні!

Jakub Jirutka jirutka

🇺🇦
Слава Україні!
449 followers · 104 following
View GitHub Profile
@jirutka
jirutka / rules-both.iptables
Created September 18, 2012 12:42
Basic iptables template for ordinary servers (both IPv4 and IPv6)
###############################################################################
# The MIT License
#
# Copyright 2012-2014 Jakub Jirutka <jakub@jirutka.cz>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
@jirutka
jirutka / ldap.conf
Last active April 10, 2024 14:19
Simple script for OpenSSH server to load authorization keys from LDAP. It requires just POSIX shell and ldapsearch utility. To manage keys in LDAP, use https://github.com/jirutka/ssh-ldap-pubkey.
# /etc/ssh/ldap.conf
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE ou=People,dc=example,dc=org
URI ldap://localhost
@jirutka
jirutka / radacct-rotate
Created September 21, 2021 21:32
Script for compressing and later removing old FreeRADIUS' radacct log files with "-YYYYMMDD" suffix #freeradius #logrotate
#!/bin/sh
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: 2021 Jakub Jirutka <jakub@jirutka.cz>
#---help---
# Usage: radacct-rotate [options]
#
# Compress and later remove old FreeRADIUS' radacct log files with "-YYYYMMDD"
# suffix.
#
# Options:
@jirutka
jirutka / pg_change_db_owner.sh
Last active February 6, 2024 20:01
Some convenient scripts to manage ownerships and privileges in PostgreSQL.
#!/bin/sh
#
# The MIT License
#
# Copyright 2014-2017 Jakub Jirutka <jakub@jirutka.cz>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
@jirutka
jirutka / keytool-import.sh
Last active January 28, 2024 03:45
Script to import key/certificate pairs into an existing Java keystore
#!/bin/bash
#
# The MIT License
#
# Copyright 2013-2015 Jakub Jirutka <jakub@jirutka.cz>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
@jirutka
jirutka / -README.md
Last active January 20, 2024 17:52
Use LDAP to manage system users on Gentoo Linux

Use LDAP to manage system users on Linux

This configuration uses nsswitch and compat mode, which is supposedly obsolete, but much more convenient than alternatives.

Install packages

emerge -va sys-auth/nss_ldap sys-auth/pam_ldap sys-apps/unscd

Note: unscd (Micro Name Service Caching Daemon) is not necessary, but it’s recommended.

@jirutka
jirutka / webdav_treat_osx.conf
Created April 14, 2013 00:28
Nginx optimization for WebDAV access from OS X Finder. This config snippet ensures that nginx will ignore requests for useless dot files generated by the Finder (.DS_Store, ._*, …)
#
# Ignore requests for useless dot files generated by OS X Finder (WebDAV).
#
# This little hack speeds-up a WebDAV access from the Finder significantly and
# also prevents messing storage with these annoying files.
#
location ~ \.(_.*|DS_Store|Spotlight-V100|TemporaryItems|Trashes|hidden)$ {
access_log off;
error_log off;
@jirutka
jirutka / arch-linux-installation.md
Last active December 13, 2023 01:09
My notes for installing Arch Linux on encrypted Btrfs with UEFI Secure Boot on ThinkPad T14s

Arch Linux Installation

1. Securely erase drive

cryptsetup open --type plain -d /dev/urandom /dev/nvme0n1 to-be-wiped
dd if=/dev/zero of=/dev/mapper/to-be-wiped bs=1M status=progress
cryptsetup close to-be-wiped
wipefs -a /dev/nvme0n1
@jirutka
jirutka / analytics.conf
Created March 31, 2013 01:03
Add Google Analytics tracking code to HTML via nginx
#
# Add Google Analytics tracking code to HTML response
#
# Usage:
# set $tracking_id 'UA-12345678-9';
# include incl/analytics.conf;
#
# It needs nginx compiled with option --with-http_sub_module.
# Uses optimized GA code from: http://mathiasbynens.be/notes/async-analytics-snippet
#
@jirutka
jirutka / bootstrap
Created July 27, 2016 17:23
Python Scripts To Rule Them All ™
#!/bin/sh
# vim: set ts=4:
#
# Ensures that Python 3.4+ is available and installs modules specified
# in requirements-dev.txt.
#
# Environment variables:
# PYTHON : Python executable to use (default is python3 or python on PATH).
#
# This script follows convention https://github.com/github/scripts-to-rule-them-all.