rechner

This article proved to be a decent starting point, but I was particularly interested in allowing password-based logins to OpenVPN using a username/password backed by FreeIPA (opposed to client certificates) as the identity provider.

• IPA join your VPN machine: ipa-client-install --mkhomedir
• Get a kerberos ticket: kinit
• Create a Kerberos service principle and HBAC rule for openvpn access:

ipa service-add openvpn/`hostname`

• Create new hbacrule in console, mark host as the VPN host, and whatever group you want to restrict access to:

rechner

# Setting up Proxmox with a certificate from FreeIPA.
# This assumes you've already joined the machine with ipa-client-install

# Get a ticket as someone that can issue certificates
kinit admin

cat <<EOF > /usr/local/sbin/set-ssl-permissions
#!/bin/bash

FILES=/etc/pve/nodes/proxmox/{pve-ssl.key,pve-ssl.pem}

rechner

#!/usr/bin/python
"""
Read a MagTek USB HID Swipe Reader in Linux. A description of this
code can be found at: http://www.micahcarrick.com/credit-card-reader-pyusb.html

You must be using the new PyUSB 1.0 branch and not the 0.x branch.

(Install with `pip install pyusb --pre` in a virtualenv. Install libusb first on debian)

Copyright (c) 2010 - Micah Carrick

rechner

services:
  db:
    image: postgres
    restart: always
    environment:
      POSTGRES_PASSWORD: secret
    ports:
      - "5432:5432"
    volumes:
      - pgdata:/var/lib/postgresql/data

rechner

# This file contains pin mappings for the Creality "v4.2.7" board. To
# use this config, during "make menuconfig" select the STM32F103 with
# a "28KiB bootloader" and serial (on USART1 PA10/PA9) communication.

# If you prefer a direct serial connection, in "make menuconfig"
# select "Enable extra low-level configuration options" and select
# serial (on USART3 PB11/PB10), which is broken out on the 10 pin IDC
# cable used for the LCD module as follows:
# 3: Tx, 4: Rx, 9: GND, 10: VCC

rechner

import os
from ldap3 import Server, Connection, ALL, core

# XXX: Update these with settings apropriate to your environment:
#      (I use FreeIPA and an homeassistant group assignment)
SERVER = "ipa.example.com"
USERDN = "uid={},cn=users,cn=accounts,dc=example,dc=com"
TIMEOUT = 3
BASEDN = USERDN
SCOPE = "base"

rechner

# ~/.config/systemd/user/turntable-stream.service
# Systemd user unit for streaming audio from a soundcard to a snapcast TCP server source

[Unit]
Description=Stream turntable input to snapserver
Wants=avahi-daemon.service
After=network-online.target time-sync.target sound.target avahi-daemon.service

[Service]
ExecStart=/usr/bin/gst-launch-1.0 -v pulsesrc ! audioresample ! audioconvert ! audio/x-raw,rate=44100,channels=2,format=S16LE ! wavenc ! tcpclientsink host=snapserver.local port=4953

rechner

#!/bin/bash
# vim: set ts=4 sw=4 expandtab sts=4 smartindent
set -o pipefail

if [ $UID -ne 0 ]; then
    echo "Please run as root"
    exit 1
fi

rechner

# cp suspend-fix.service /etc/systemd/system && systemctl enable --now suspend-fix.service
[Unit]
Description=Disable suspend wakeup interrupts except for LID

[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo SLPB GLAN XHC > /proc/acpi/wakeup"

[Install]
WantedBy=multi-user.target

rechner

IsoApplet

https://github.com/philipWendland/IsoApplet/wiki/Initialization

Serial: DEADBEEFCAFEBABEC0DEFEE1 PIN: 123456789 PUK: deadbeefcafebabe

Once applet is loaded, it's necessary to add the javacard's ATR to opensc.conf