Skip to content

Instantly share code, notes, and snippets.

View mietzen's full-sized avatar

Nils mietzen

9 followers · 7 following
View GitHub Profile
@mietzen
mietzen / block_badips.sh
Last active April 8, 2021 18:28 — forked from Aikhjarto/block_badips.sh
Fetch a list of known brute force attackers from abuseipdb.com and apply/update iptables DROP rules
#!/bin/bash
# This a replacement Aikhjarto/block_badips.sh, using https://www.abuseipdb.com/ since badips.com seems to be offline :(
# This script downloads a list of IPs known for brute force attacking.
# The fetched IPs get blocked with iptables with the special comment "BADIP". This script only
# modifies iptables rules with that comment. This measure makes it well compatible with other firewall
# scripts like the SUSEFirewall.
# The iptables rules are updated every time this script is executed. Additionally this script is
# quiet on stdout, which makes it well suited for being executed as a cronjob.
# TODO Block ipv6
@mietzen
mietzen / ext4fuse.rb
Last active June 16, 2022 09:27
ext4fuse for M1 Macs running macOS 12.x, code from @marcuspridham + corrections from @FelixLisczyk, install instructions below
class MacFuseRequirement < Requirement
fatal true
satisfy(build_env: false) { self.class.binary_mac_fuse_installed? }
def self.binary_mac_fuse_installed?
File.exist?("/usr/local/include/fuse/fuse.h") &&
!File.symlink?("/usr/local/include/fuse")
end
@mietzen
mietzen / autoconnect-and-disconnect-mullvad-on-macOS.md
Last active March 22, 2024 08:38
macOS Mullvad connect on demand (Wifi SSID white/blacklisting)

This will autoconnect and disconnect mullvad on macOS based on white- and blacklisted wifi SSIDs

Make local binary directory if not existent:

mkdir -p ~/.local/bin

Get the script and make it executable:

wget -O ~/.local/bin/mullvad-wifi-connect-on-demand https://gist.githubusercontent.com/n-stone/d0388cfc3229435ff315a473d76686e6/raw/mullvad-wifi-connect-on-demand
chmod +x ~/.local/bin/mullvad-wifi-connect-on-demand
@mietzen
mietzen / Keep-custom-Proxmox-LXC-template-up-to-date.md
Last active March 25, 2024 21:19
Keep custom Proxmox LXC template up to date

Keep custom Proxmox LXC template up to date

This script fully clones LXC 999 (Debian Based Container) to the storage named SSD-Storage starts it and installs updates. Afterwards it will dump a Backup to the storage named NAS mounted in /mnt/pve/NAS and copies it with a meaningfull name in the local template cache.

Every Sunday this script will archive a copy of the template and name it with the current date, the last 4 archived images will be kept.

If you want to reuse this script edit the storages, e.g. if you only have the local storage replace SSD-Storage and NAS with local, also replace /mnt/pve/NAS/dump/ with /var/lib/vz/. Also be sure to that ID 9876 is not taken and your custom template is ID 999, or replace the ID's accordingly.

@mietzen
mietzen / pi-hole.conf
Created May 5, 2022 07:23
/etc/unbound/unbound.conf.d/pi-hole.conf
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
@mietzen
mietzen / openwrt-refresh-mullvad-wireguard-publickey.sh
Last active May 7, 2022 18:18
Use this script to refresh your mullvad wireguard publickey on OpenWRT:
#!/bin/bash
OLD_PUBLIC_KEY=$(uci get network.mullvad.private_key | wg pubkey)
logger -p notice -t "Changing Wireguard Publickey" "Old Publickey=$OLD_PUBLIC_KEY"
logger -p notice -t "Changing Wireguard Publickey" "Old Privatekey=$(uci get network.mullvad.private_key)"
logger -p notice -t "Changing Wireguard Publickey" "Old IPs=$(uci get network.mullvad.addresses)"
PRIVATE_KEY=$(wg genkey)
logger -p notice -t "Changing Wireguard Publickey" "New Privatekey=$PRIVATE_KEY"
PUBLIC_KEY=$(echo "$PRIVATE_KEY" | wg pubkey)
logger -p notice -t "Changing Wireguard Publickey" "New Publickey=$PUBLIC_KEY"
@mietzen
mietzen / change_ssh_pub_key.sh
Created October 16, 2022 14:23
Change your ssh pub key on all systems
#!/bin/bash -xe
NEW_PUB_KEY="$HOME/.ssh/id_ed25519.pub"
OLD_PUB_KEY="$HOME/.ssh/id_rsa.pub"
NEW_PUB_KEY_STR=$(cat ${NEW_PUB_KEY})
OLD_PUB_KEY_STR=$(cat ${OLD_PUB_KEY} | cut -d' ' -f2)
for IP in $(cat ip-list-ssh.txt); do
# Backup authorized_keys
ssh ${USER}@${IP} "cp ~/.ssh/authorized_keys{,.bak}"
# Add new key to authorized_keys
@mietzen
mietzen / macos-bitwarden-cli-with-touch-id.md
Last active June 6, 2024 13:26
How to use use Bitwarden CLI with macOS Touch ID

How to use Bitwarden CLI with macOS Touch ID

If you want to use Bitwarden CLI for ssh have a look at: How to use use Bitwarden CLI for SSH-Keys in macOS

Wirtten and tested on macOS Ventura

Configure Touch ID for the sudo command

To allow Touch ID on your Mac to authenticate you for sudo access instead of a password you need to do the following.

@mietzen
mietzen / macos-bitwarden-cli-ssh.md
Last active July 18, 2024 08:31
How to use use Bitwarden CLI for SSH-Keys in macOS

How to use use Bitwarden CLI for SSH-Keys in macOS

If you want to use Touch ID have a look at: How to use use Bitwarden CLI with macOS Touch ID

Wirtten and tested on macOS Ventura

Add SSH-Keys to Bitwarden

Before you can use Bitwarden CLI for your SSH private keys you have to add them to your Bitwarden account. Just create a normal login. The name, username and URI fields doesn't matter for my functions.

@mietzen
mietzen / bump-version
Last active August 16, 2023 04:59 — forked from siddharthkrish/version.sh
simple bash script to increment the version number of the format major.minor.bug
#!/usr/bin/env bash
help () {
echo "usage: ./bump-version version_number [major/minor/bug]"
}
# Check input remove prepending 'v'
if grep -q -c -E '^v?[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}$' <<< ${1}; then
version=$(sed 's/^.\{1\}//g' <<< ${1})
else