Skip to content

Instantly share code, notes, and snippets.

Paweł Krawczyk kravietz

View GitHub Profile
@kravietz
kravietz / minecraft.service
Created Mar 13, 2020
Hardened Minecraft systemd service
View minecraft.service
[Unit]
Description=Minecraft
Requires=local-fs.target network-online.target
After=local-fs.target network-online.target
[Service]
Type=simple
ExecStart=/usr/bin/java -Xmx768M -Xms500M -jar minecraft_server.jar nogui
WorkingDirectory=/home/minecraft
User=minecraft
@kravietz
kravietz / luks-upgrade.md
Created Jul 9, 2019
Ubuntu LUKS cryptsetup upgrade
View luks-upgrade.md

If you installed your #ubuntu with full-disk #encryption a while, you may want to upgrade your #luks header version to enjoy improved #security and stronger password hashing algorithms.

Boot from USB

You can't change LUKS header from a live system - you need to boot a live Ubuntu USB to be able to access the encrypted partition. First, create a bootable USB stick using a regular Ubuntu installer image.

  • Just get the latest installer ISO available
  • You need the full installer, the mini network installer won't work
  • You may need to disable Secure Boot in BIOS temporarily to boot from USB
View nftables-docker.conf
# Docker networking is messy and undocumented. Docker will create IP addresses and iptables at random times.
# This can be limited by using totally static IP addresses for network interfaces and avoiding the default network bridge.
# /etc/default/docker
# DOCKER_OPTS="--iptables=false --ipv6 --bip 172.16.0.1/16 --fixed-cidr 172.16.0.0/16 --fixed-cidr-v6 2a01:9000::/68"
# --bip is the host IP address of the docker0 interface
# --fixed-cidr is the CIDR subnet allocated to the docker0 interface (default network bridge)
# --fixed-cidr-v6 is the IPv6 CIDR allocated to docker0
# for IPv6 split your /64 delegated subnet into /68 subnets and allocate them to each docker-compose.yml subnet:
@kravietz
kravietz / scram-sha-256.txt
Last active Jan 21, 2020
Switch PostgreSQL 10 to new strong SCRAM-SHA-256 password authentication
View scram-sha-256.txt
postgres@tyler:~$ psql
psql (10.5 (Ubuntu 10.5-1.pgdg16.04+1))
Type "help" for help.
postgres=# show password_encryption;
password_encryption
---------------------
md5
(1 row)
@kravietz
kravietz / docker-ce.yml
Last active Sep 24, 2018
Installing Docker 18 using Ansible on Ubuntu
View docker-ce.yml
# taken from https://get.docker.com/
---
- apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
- apt_repository:
repo: 'deb https://apt.dockerproject.org/repo ubuntu-{{ansible_distribution_release}} main'
state: absent
- apt_repository:
@kravietz
kravietz / nftables-host.conf
Last active Sep 24, 2018
Simple workstation nftables
View nftables-host.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop
iifname lo accept
ct state established,related accept
# allow any incoming ICMP and ICMPv6
@kravietz
kravietz / break.py
Created Nov 7, 2017
Vigenere over bytes (XOR) statistical solver
View break.py
#!/usr/bin/env python3
import collections
import statistics
line = 'F96DE8C227A259C87EE1DA2AED57C93FE5DA36ED4EC87EF2C63AAE5B9A7EFFD673BE4ACF7BE8923CAB1ECE7AF2DA3DA44FCF7AE29235A24C963FF0DF3CA3599A70E5DA36BF1ECE77F8DC34BE129A6CF4D126BF5B9A7CFEDF3EB850D37CF0C63AA2509A76FF9227A55B9A6FE3D720A850D97AB1DD35ED5FCE6BF0D138A84CC931B1F121B44ECE70F6C032BD56C33FF9D320ED5CDF7AFF9226BE5BDE3FF7DD21ED56CF71F5C036A94D963FF8D473A351CE3FE5DA3CB84DDB71F5C17FED51DC3FE8D732BF4D963FF3C727ED4AC87EF5DB27A451D47EFD9230BF47CA6BFEC12ABE4ADF72E29224A84CDF3FF5D720A459D47AF59232A35A9A7AE7D33FB85FCE7AF5923AA31EDB3FF7D33ABF52C33FF0D673A551D93FFCD33DA35BC831B1F43CBF1EDF67F0DF23A15B963FE5DA36ED68D378F4DC36BF5B9A7AFFD121B44ECE76FEDC73BE5DD27AFCD773BA5FC93FE5DA3CB859D26BB1C63CED5CDF3FE2D730B84CDF3FF7DD21ED5ADF7CF0D636BE1EDB79E5D721ED57CE3FE6D320ED57D469F4DC27A85A963FF3C727ED49DF3FFFDD24ED55D470E69E73AC50DE3FE5DA3ABE1EDF67F4C030A44DDF3FF5D73EA250C96BE3D327A84D963FE5DA32B91ED36BB1D132A31ED87AB1D021A255DF71B1C436BF479A7AF0C13AA14794'
ciphertext
@kravietz
kravietz / vigenere.py
Last active Nov 7, 2017
Vigenere cipher over Latin alphabet in Python3
View vigenere.py
#!/usr/bin/env python3
from itertools import cycle
A = [chr(x) for x in range(ord('a'), ord('z')+1)]
def encrypt(a,b):
return A[(A.index(a) + A.index(b)) % len(A)]
def decrypt(a,b):
View server-checks.py
#!/usr/bin/python3
# monitor a group of websites and email alerts
# cron task:
#
# */5 * * * * t=$(mktemp); if ! python3 /home/user/server-checks.py >$t; then mail email@example.com -s "Web check $(date)" <$t; fi; rm $t
# https://ipsec.pl/ True 0.7856874465942383
# sample output (only if errors detected, otherwise stays silent)
@kravietz
kravietz / django-dnt.py
Last active Jan 12, 2018
DoNotTrack middleware for Django.
View django-dnt.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
from django.views.generic import TemplateView
__author__ = 'Paweł Krawczyk'
DNT_HEADER = 'HTTP_DNT'
class DoNotTrackMiddleware(object):
You can’t perform that action at this time.