Skip to content

Instantly share code, notes, and snippets.

Avatar

Valerian Saliou valeriansaliou

View GitHub Profile
@valeriansaliou
valeriansaliou / routeros_configuration_orange.txt
Last active Jul 28, 2021
RouterOS / MikroTik router configuration export to connect to the Orange/Sosh Livebox 4 fiber ONT (IPv4 + IPv6)
View routeros_configuration_orange.txt
# jan/13/2020 08:34:56 by RouterOS 6.46.1
#
# notes: \
# - wan to orange ont on ether1; \
# - lan to ap/switch on ether2; \
# - ipv4 + ipv6 w/ fw rules; \
# - using routeros dns cache for lan, proxying to the dns servers advertised by orange's dhcpv4 server; \
# - direct plug your computer w/ wireshark to your livebox 4 fiber ethernet port and reboot it, inspect the dhcpv4 packat in wireshark and extract the value of 'authsend'; \
# - the cos tag needs to be set to 6 to be accepted by the ont dhcpv4/v6 server (from default 0), this may not be required depending on your ont, check for the cos flag sent by your livebox 4 when sniffing its traffic
#
@valeriansaliou
valeriansaliou / package.json
Last active Apr 23, 2021
Slack archived channels delete
View package.json
{
"dependencies": {
"request-promise": "4.2.2",
"request": "2.83.0",
"promise-seq": "2.0.1"
}
}
View sonic-benchmark_batch-push.js
var mongoose = require("mongoose");
var SonicChannelIngest = require("sonic-channel").Ingest;
var MessageModel = mongoose.model("message", new mongoose.Schema({
session_id : String,
website_id : String,
type : String,
content : Object
}));
View sonic-benchmark_batch-query.js
var mongoose = require("mongoose");
var SonicChannelSearch = require("sonic-channel").Search;
var MessageModel = mongoose.model("message", new mongoose.Schema({
website_id : String,
type : String,
content : Object
}));
var query_count = 0;
@valeriansaliou
valeriansaliou / iptables-http-dos-shield.txt
Last active Jul 19, 2020
HTTP/HTTPS DOS shield w/ IPTables
View iptables-http-dos-shield.txt
# Those rules protect HTTP/HTTPS services for both IPv4 and IPv6 sources as such:
# 1. Prevent a /32 IPv4 or /64 IPv6 to open more than 10 HTTPS?/TCP connections per second (the limit is high, but this still shield against some attacks) — DROP TCP packets in this case, to avoid generating egress traffic sending a RST
# 2. Limit ingress bandwidth to HTTPS? services to 32KB/sec (adjust to your needs, in my case it is used to shield a WebSocket backend against incoming WebSocket message floods)
# 3. Limit the number of simultaneous ongoing connections to HTTPS? to 40 (also, high limit, adjust to your needs)
# The protections those rules offer:
# 1. Prevent crypto-DOS (ie. a client that proceed too many key exchanges and thus exhaust server CPU)
# 2. Prevent WebSocket floodings (eg. I use this for Socket.IO, which has no efficient way to rate-limit received messages before they get parsed)
# 3. Prevent ephemeral TCP port exhaustion due to a client holding too many TCP connections
# 4. Prevent IPv6 rotation attac
@valeriansaliou
valeriansaliou / server_backup_s3.sh
Last active Jan 30, 2020
Personal server backup script, ran every Sunday in the early morning. It's 100% pipe-based, which means it never writes to disk as to buffer backup files before uploading them to S3. Useful to preserve SD card write cycles on a Raspberry Pi.
View server_backup_s3.sh
#!/bin/bash
BACKUP_DATE=$(date +"%Y-%m-%d_%H-%M-%S")
AWS_CONTAINER="s3://xxx-backup/xxx_backup"
AWS_DESTINATION="$AWS_CONTAINER/$BACKUP_DATE"
GPG_RECIPIENT=xxx@xxx.xxx
ADMIN_EMAIL=xxx@xxx.xxx
View rocksdb-deadlock.txt
** File Read Latency Histogram By Level [default] **
2019/03/31-08:53:54.017088 7fc4977f6700 [WARN] [db/db_impl.cc:669] ------- DUMPING STATS -------
2019/03/31-08:53:54.017165 7fc4977f6700 [WARN] [db/db_impl.cc:670]
** DB Stats **
Uptime(secs): 41400.5 total, 600.0 interval
Cumulative writes: 17M writes, 17M keys, 17M commit groups, 1.0 writes per commit group, ingest: 13.88 GB, 0.34 MB/s
Cumulative WAL: 17M writes, 0 syncs, 17597384.00 writes per sync, written: 13.88 GB, 0.34 MB/s
Cumulative stall: 00:00:0.000 H:M:S, 0.0 percent
Interval writes: 0 writes, 0 keys, 0 commit groups, 0.0 writes per commit group, ingest: 0.00 MB, 0.00 MB/s
Interval WAL: 0 writes, 0 syncs, 0.00 writes per sync, written: 0.00 MB, 0.00 MB/s
View keybase.md

Keybase proof

I hereby claim:

  • I am valeriansaliou on github.
  • I am valerian (https://keybase.io/valerian) on keybase.
  • I have a public key ASAoeFcGq8cTxJMg6NVKnrqOa8YafbxlxNmDmA00RyqURwo

To claim this, I am signing this object:

@valeriansaliou
valeriansaliou / letsencrypt_cron_wrapper.sh
Last active Nov 28, 2016
Let's Encrypt manual certificate renew for a static private key
View letsencrypt_cron_wrapper.sh
#!/bin/bash
# Cron wrapper, call this directly from your cron. Depends on renew script (letsencrypt_manual_renew.sh).
ADMIN_EMAIL=hostmaster@server.tld
RENEWLOG=`/srv/data_server/certs/tools/letsencrypt_manual_renew.sh 2>&1`
rc=$?
if [[ $rc -ne 0 ]]; then
View mac_mission_control_re_enable
defaults delete com.apple.dock expose-animation-duration; killall Dock