# stop active raid
mdadm --stop /dev/md[01]
# destroy partition table on hdds
dd if=/dev/zero of=/dev/sda bs=1M count=512
dd if=/dev/zero of=/dev/sdb bs=1M count=512
# create new partition table
sgdisk -og /dev/sda
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
libressl_version=libressl-2.5.1 | |
libressl_archive=${libressl_version}.tar.gz | |
if [ -f ${libressl_archive} ] | |
then | |
: | |
else | |
wget -O ${libressl_archive} https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${libressl_archive} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -e | |
set -u | |
set -o pipefail | |
show_help() { | |
cat << EOF | |
Usage: $(basename "$0") <options> | |
-h, --help Display help |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
IFS=$'\n\t' | |
PVCS=( | |
"src-kubeconfig1/src-ctx1/src-ns1/src-pvc1:dest-kubeconfig1/dest-ctx1/dest-ns1/dest-pvc1" | |
"src-kubeconfig2/src-ctx2/src-ns2/src-pvc2:dest-kubeconfig2/dest-ctx2/dest-ns2/dest-pvc2" | |
"src-kubeconfig3/src-ctx3/src-ns3/src-pvc3:dest-kubeconfig3/dest-ctx3/dest-ns3/dest-pvc3" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# File name | |
readonly PROGNAME=$(basename $0) | |
# File name, without the extension | |
readonly PROGBASENAME=${PROGNAME%.*} | |
# File directory | |
readonly PROGDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) | |
# Arguments | |
readonly ARGS="$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Thread pool extensions to SocketServer. | |
""" | |
import Queue | |
import SocketServer | |
import sys | |
import threading |
This documents how to add a TPM2-backed key to an existing LUKS root partition, first done with EndeavourOS in June 2023. In particular, it covers the dracut (instead of mkinitcpio) and systemd-cryptenroll (instead of clevis). Previously, we used clevis but this was slow to act while booting.
- Have a LUKS partition using LUKS2. If you're using LUKS1, this can be upgraded with
sudo cryptsetup convert --type luks2 /dev/nvme
. If you've previously used clevis, this may leave metadata which breaks the upgrade. This can be removed withsudo luksmeta nuke -d /dev/nvme
. - Add the tpm2-tss module to dracut by creating
/etc/drcaut.conf.d/tpm.conf
with the following content:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# Author: Markus (MawKKe) ekkwam@gmail.com | |
# Date: 2018-03-19 | |
# | |
# | |
# What? | |
# | |
# Linux dm-crypt + dm-integrity + dm-raid (RAID1) | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openapi: 3.0.2 | |
info: | |
title: Keycloak Account API | |
version: 20.0.3 | |
description: | | |
Derived from the code at https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java | |
components: | |
securitySchemes: | |
access_token: | |
type: http |
OlderNewer