Skip to content

Instantly share code, notes, and snippets.

View psct's full-sized avatar

psct

15 followers · 1 following
View GitHub Profile
@psct
psct / traefikbyhand.sh
Created August 18, 2021 17:29
example to run traefik in standalone mode (not within docker)
#!/bin/bash
#
# example to run traefik in standalone mode on a
# linux host (or any other host supported by traefik)
#
# contribution to an article in
# c't magazine 19/21, Page 74
#
# your work:
# - share port 80/443 by your router to this host
@psct
psct / smbv1bridge.txt
Created July 27, 2021 19:15
Mit Pi OS/Debian eine SMBv1-Brücke bauen / Use Pi OS/Debian as a SMBv1 bridge
# /etc/fstab define share
//192.168.178.2/scans /reshare cifs uid=reuser,gid=reuser,credentials=/root/cred
# /root/cred put credentials for upstream SMBv2/3 server
username=upuser
password=uppassword
domain=example
@psct
psct / dockersetup.yml
Created February 26, 2021 16:44
Debian add docker repository and gpg key and install docker-ce (just for amd64)
---
- name: set up docker & compose
hosts: docker
become: yes
tasks:
- name: update package index
apt:
name: "*"
state: latest
@psct
psct / hostname.yml
Created February 26, 2021 16:41
Debian set hostname and adjust /etc/hosts
---
- name: set name, adjust /etc/hosts
hosts: all
become: yes
# order matters!
tasks:
- name: adjust /etc/hosts
replace:
path: /etc/hosts
@psct
psct / myroot.yml
Created February 26, 2021 16:38
Add ssh key for root access and disable PasswordAuthentication
---
- name: add ssh, deploy root key
hosts: all
become: yes
tasks:
- name: disable password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
@psct
psct / debansstrap.sh
Created February 26, 2021 16:33
Prepare fresh Debian for ansible management by created user "ansible" in sudoers (needs public ssh-Key in PUBKEY)
#!/bin/bash
# enable host for ansible
set -e
PUBKEY=""
id -u ansible > /dev/null 2>&1 || \
adduser ansible --disabled-password \
--gecos "" --quiet
mkdir -p /home/ansible/.ssh
echo "$PUBKEY" \
> /home/ansible/.ssh/authorized_keys
@psct
psct / wgstrap.sh
Last active May 27, 2022 06:17
WireGuard-Server per Skript einrichten
#!/bin/bash
# Wireguard auf Debian/Raspbian einrichten,
# nach c't 15/2019, S. 166
# * läuft auf Raspbian oder Debian Netinst (Buster)
# * bitte nur auf frischen Installationen verwenden
# * Skript überschreibt Netzwerkkonfiguration
# * als pi (Raspbian) oder als root/passwortloses sudo (Debian) ausführen
# * schreibt Protokoll nach /var/log/wgstrap.log
# * zweistufiger Prozess, der einen Reboot erfordert
@psct
psct / wgaddclient.sh
Created August 15, 2019 20:53
Bash-Skriptgerüst zum Anlegen eines WireGuard-Zugangs inkl. hosts-Eintrag, Name und IP-Adressanteil sind als Parameter anzugeben
#!/bin/bash
NAME=$1
IP=$2
[ -e /etc/wireguard/$NAME.key ] && echo "Already present" && exit
DNS="1.1.1.1,2606:4700:4700::1111"
HOST="wg.example.com:12345"
SRVPUB=$(cat /etc/wireguard/private.key | wg pubkey)
@psct
psct / init.cfg
Created August 15, 2019 20:45
Konfigurationsdatei für darkstat: /etc/darkstat/init.cfg
# Turn this to yes when you have configured the options below.
START_DARKSTAT=yes
# Don't forget to read the man page.
# You must set this option, else darkstat may not listen to
# the interface you want
INTERFACE="-i wg0"
DIR="/var/lib/darkstat"
@psct
psct / wg_debian_beispiel
Created July 3, 2019 16:06
Konfigurationsdateien für WireGuard-Server auf Debian
./etc/apt/preferences.d/limit-unstable
Package: *
Pin: release a=unstable
Pin-Priority: 90
./etc/apt/sources.list.d/unstable.list
deb http://deb.debian.org/debian/ unstable main
./etc/ddclient/ddclient.conf
protocol=dynv6