Skip to content

Instantly share code, notes, and snippets.

🐝

Sebastian Schmidt publicarray

🐝
Block or report user

Report or block publicarray

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@publicarray
publicarray / wg-quick.zsh
Last active Apr 28, 2019
Slowly progress to a posix compatible script... for embedded devices with busybox
View wg-quick.zsh
#!/usr/bin/env zsh
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
#
# https://github.com/WireGuard/WireGuard/tree/master/src/tools/wg-quick
set -e -o pipefail
export LC_ALL=C
@publicarray
publicarray / alpine-install.sh
Last active Mar 9, 2019 — forked from thde/alpine-install.sh
A script to install alpine linux on a dedicated server. Tested on Hetzner, Kimsufi / OVH
View alpine-install.sh
#!/bin/sh
set -ex
PATH=/bin:/sbin:/usr/bin:/usr/sbin
KEYMAP="us us"
HOST=alpine
USER=anon
ROOT_FS=ext4
BOOT_FS=ext4
View ovh.md

Terraform on OHV

  1. Create a project
  2. Cloud->Servers->Project Name->Tecnical Management->Openstack Users
  3. Add user
  4. Download an Openstack Configuration File (v3)

Follow https://docs.ovh.com/gb/en/public-cloud/how-to-use-terraform/

But use the following provider, fill in the blanks from the configuration file you downloaded earlier:

@publicarray
publicarray / prometheus.md
Last active Aug 11, 2018
Docker & Prometheus node-exporter
View prometheus.md

https://www.digitalocean.com/community/tutorials/how-to-install-prometheus-on-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-use-prometheus-to-monitor-your-centos-7-server

https://www.digitalocean.com/community/tutorials/how-to-use-prometheus-to-monitor-your-ubuntu-14-04-server

docker run --rm quay.io/prometheus/node-exporter -h

docker run -d --net=host --pid=host --name "node-exporter" --cap-add=SYS_TIME -v "/proc:/host/proc:ro" -v "/sys:/host/sys:ro" -v "/:/rootfs:ro" quay.io/prometheus/node-exporter --path.procfs /host/proc --path.sysfs  /host/proc --collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)"
@publicarray
publicarray / AU-banking&CDNs.md
Last active Jul 8, 2018
Australian Internet banking and CDNs
View AU-banking&CDNs.md

Australian Internet banking and CDNs

Note: I do not care if their home page is on a CDN what matters is that the banking credentials and financial information is end to end encrypted from the financial institution and to your browser. There are no grantees that this is the case even with TLS. TLS might be terminated earlier e.g by a load-balancer or a CDN. I only checked the login pages since I don't have an account in all of the banks, that would be crazy. I tried to use Whois data and HTML headers to determine CDNs. This method is not foolproof so please take it with a grain of salt

Hostname CDN / Cloud Firewall Uses 3rd party assets without Subresource Integrity SSL Labs score comments
internetbanking.suncorpbank.com.au Incapsula Yes A IP is owned by Incapsula
banking3.anz.com B IP address owned by ANZ but has relation to "SingTel Optus Pty Ltd". Uses lots of type="hidden" fields on login form,
banking.wes
View worker.js
// https://developers.cloudflare.com/workers/about/
// https://tutorial.cloudflareworkers.com
//
// A Service Worker which adds Security Headers.
// Checks:
// https://securityheaders.io/
// https://observatory.mozilla.org/
// https://csp-evaluator.withgoogle.com/
// https://hstspreload.org/
// https://www.ssllabs.com/ssltest/
@publicarray
publicarray / make-doc
Created Jan 6, 2018
Make a FreeBSD Handbook docset for Dash
View make-doc
#!/bin/bash
set -e
if ! command -v dashing >/dev/null 2>&1; then
if command -v go >/dev/null; then
go get -u github.com/technosophos/dashing
else
echo "Missing go. Install golang first 'brew install golang'"
return 1
@publicarray
publicarray / minecraft.md
Last active Jan 5, 2018
Minecraft with SocketBuffer - on Vultr (CentOS 6.9)
View minecraft.md
wget https://ci.destroystokyo.com/job/PaperSpigot/lastSuccessfulBuild/artifact/paperclip-1294.jar
ln -sf paperclip-1294.jar minecraft_server.jar
service minecraft restart

service iptables stop
chkconfig iptables off
# systemctl disable iptables

yum install tuned tuned-utils
@publicarray
publicarray / getfish.sh
Last active Jan 2, 2018
Install fishshell on OpenBSD
View getfish.sh
#!/bin/sh
pkg_add curl gcc g++ gmake
curl -Lo /tmp/fish.tar.gz https://github.com/fish-shell/fish-shell/releases/download/2.7.1/fish-2.7.1.tar.gz
tar -xzvf /tmp/fish.tar.gz -C /tmp/
cd /tmp/fish-*
CC=egcc CXX=eg++ ./configure
gmake install
echo '/usr/local/bin/fish' | sudo tee -a /etc/shells > /dev/null
@publicarray
publicarray / dnscrypt-autokey.conf
Last active Mar 24, 2019
DNSCrypt - Better key management with dnscrypt-wrapper. Use this script to automatically rotate keys and restart Unbound/DNSCrypt-wrapper
View dnscrypt-autokey.conf
# Sample config file, place it at /usr/local/etc/dnscrypt-autokey.conf
#
## Key Config
# Location to store the provider key pair. Default is /usr/local/etc/dnscrypt-wrapper/keys
KEY_DIR=$(dirname "$0")/keys
# Location to generate the short-lived keys and certificates. Default is $KEY_DIR
# Note: Do not manually add, move, modify or touch files in this folder!
SHORT_TERM_KEYS_DIR=$KEY_DIR
# Certificate expiration time in days
VALIDITY_PERIOD=1
You can’t perform that action at this time.