From 20b2cd160fad1baeb6370758385e2f45c255b3bb Mon Sep 17 00:00:00 2001 From: saundersp Date: Sun, 7 May 2023 20:05:02 +0200 Subject: [PATCH] Added files --- README.md | 185 +++++++++++++++++++++++++++++ UTF8-torture-test.txt | 256 ++++++++++++++++++++++++++++++++++++++++ archlinux_setup.sh | 175 +++++++++++++++++++++++++++ create_arch_server.sh | 249 ++++++++++++++++++++++++++++++++++++++ mv_docker.sh | 23 ++++ pull.sh | 13 ++ secure_debian_server.md | 49 ++++++++ vscodium-ext.sh | 31 +++++ 8 files changed, 981 insertions(+) create mode 100644 UTF8-torture-test.txt create mode 100644 archlinux_setup.sh create mode 100644 create_arch_server.sh create mode 100644 mv_docker.sh create mode 100644 pull.sh create mode 100644 secure_debian_server.md create mode 100644 vscodium-ext.sh diff --git a/README.md b/README.md index a63a306..0cdcf0d 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,187 @@ # scripts +## Configure SSH connection helper (remote pc not server) + +In the file ~/.ssh/config + +```conf +Host \$HOST_NAME + HostName \$SERVER_IP + Port \$SSH_PORT + User \$USER_NAME + IdentityFile ~/.ssh/\$SSH_KEY_NAME +``` + +Now you can just connect using ssh \$HOST_NAME + +## Pythons commands + +```bash +# Update every packages +pip freeze | cut -d = -f 1 | xargs -n1 pip install -U +# Uninstall every packages +pip freeze | cut -d = -f 1 | xargs -n1 pip uninstall -y +``` + +## Docker commands + +```bash +# Remove every images +docker images --format="{{.ID}}" | xargs docker rmi +# Remove every containers +docker ps -a --format="{{.ID}}" | xargs docker stop | xargs docker rm +# Remove every volumes +docker volume ls --format="{{.Name}}" | xargs docker volume rm +# Remove every anonymous images (cached) +docker images --format="{{.Repository}};{{.Tag}};{{.ID}}" | grep ";" | cut -d";" -f 3 | xargs docker rmi +# Get all used images tag in dir $PATH_ANALYSE +find $PATH_ANALYSE -name "Dockerfile*" | while read file; do cat $file; echo ""; done | grep -e FROM | cut -d " " -f 2 | sed $'s/[^[:print:]\t]//g' | sort -u | xargs -n1 docker pull +# Calculate total docker images for each metrics +docker images --format {{.Size}} | grep MB | cut -d M -f 1 | paste -sd+ | bc +docker images --format {{.Size}} | grep GB | cut -d G -f 1 | paste -sd+ | bc +``` + +## Remove every user R packages + +```R +my_packages = as.data.frame(installed.packages()[, c(1, 3:4)]) +my_packages = my_packages[my_packages$Priority != "base",] +for(lib in .libPaths()) lapply(my_packages$Package, remove.packages, lib = lib) +``` + +## Setup Git SSH key + +```bash +# Generate a SSH key pair +ssh-keygen -t rsa -b 4096 -o -a 100 -C "email@example.com" -f ~/.ssh/$KEY_NAME +ssh-keygen -t ed25519 -a 100 -C "email@example.com" -f ~/.ssh/$KEY_NAME +# Copy the public key to clipboard +cat ~/.ssh/$KEY_NAME.pub | xclip +# Paste the contents into a new SSH key holder in https://github.com/settings/keys +# Test if the key is working +ssh -T git@github.com +# Set the remote stream of a git repo +git remote set-url origin git@github.com:username/your-repository.git +# Add key to SSH config file (~/.ssh/config) +echo -e "\n\nHost github.com\n\tIdentityFile ~/.ssh/$KEY_NAME" >> ~/.ssh/config +cat KEY_FILE | ssh REMOTE "cat >> ~/authorized_keys" +``` + +## Font ligature test + +```c +-> --> => ?. == === +... >>- >= +!= ~> := .= // /* */ +/= ~= WWW 0xFF <> +&& || >-> =>> |> + +``` + +## QEMU cheat sheet + +```bash +# Creating the disk image +qemu-img create -f qcow2 DISK_NAME.img 15G + +# Starting the VM +qemu-system-x86_64 $DISK_NAME.img \ + -cdrom $CDROM_NAME.iso \ + -m $RAM_SIZE \ + -smp $NB_CORES \ + -name $VM_NAME & +``` + +## Share internet between two linux interfaces using connman + +### IP Host (eth1 has internet, eth0 is remote) + +```bash +# Enable kernel port forwarding +sysctl -w net.ipv4.ip_forward=1 +# Enable at reboot +echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf +# See interfaces +ip a +# Configuration of interfaces +connmanctl +services +config --ipv4 manual 192.168.137.1 255.255.255.0 192.168.137.1 +config --nameservers +# Configure packets redirections +iptables -I INPUT -s 192.168.137.0/24 -j ACCEPT +iptables -I FORWARD -o eth0 -s 192.168.137.0/24 -j ACCEPT +iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE +``` + +### IP Remote + +```bash +connmanctl +config --ipv4 manual 192.168.137.2 255.255.255.0 192.168.137.1 --nameservers +``` + +## Remove DRM from Adobe Digital Editions + +### Prerequisites + +In Windows you must have _Adobe Digital Editions_ and _Calibre_ using Chocolatey + +```bash +choco install -y adobedigitaleditions calibre +``` + +### Setting up Calibre + +- Download the DeDRM plugin on [GitHub](https://github.com/noDRM/DeDRM_tools). +- Extract the plugin archive +- Install the plugin in Calibre -> Preferences -> Plugins -> Add from file + +### Getting the DRM-free pdf + +- Open the pdf using _Adobe Digital Editions_ +- Navigate to C:/Users/\/My\ Digital\ Editions +- Add the PDF to calibre +- The DRM free PDF is available at C:/Users/\/Calibre\ Library + +## Loop devices + +```bash +# Create loop device to $BLOCK_PATH of 4G +dd if=/dev/zero of=$BLOCK_PATH bs=1M count=4096 +# Create loop filesystem +losetup -f $BLOCK_PATH +# Check if the loop was created and get LOOP_ID +losetup -a +mkfs.ext4 /dev/loop$LOOP_ID +mount /dev/loop$LOOP_ID $MOUNT_POINT +# Detach and remove loop file +umount $MOUNT_POINT +losetup -d /dev/loop$LOOP_ID +rm $BLOCK_PATH +``` + +## Install img.xz + +```bash +xzcat $IMG_FILE | dd of=/dev/$DEVICE bs=64k oflag=dsync status=progress +``` + +## Raise linux open files limits + +In the file /etc/security/limits.conf add this : + +```conf +* soft nofile 64000 +* hard nofile 64000 +root soft nofile 64000 +root hard nofile 64000 +``` + +## Verify a PGP Signature + +```bash +gpg --import $PUBLIC_KEY +gpg --verify $SIGNATURE.sig $FILE +``` + diff --git a/UTF8-torture-test.txt b/UTF8-torture-test.txt new file mode 100644 index 0000000..15a6906 --- /dev/null +++ b/UTF8-torture-test.txt @@ -0,0 +1,256 @@ + +UTF-8 encoded sample plain-text file +‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾ + +Markus Kuhn [ˈmaʳkʊs kuːn] — 2002-07-25 + + +The ASCII compatible UTF-8 encoding used in this plain-text file +is defined in Unicode, ISO 10646-1, and RFC 2279. + + +Using Unicode/UTF-8, you can write in emails and source code things such as + +Mathematics and sciences: + + ∮ E⋅da = Q, n → ∞, ∑ f(i) = ∏ g(i), ⎧⎡⎛┌─────┐⎞⎤⎫ + ⎪⎢⎜│a²+b³ ⎟⎥⎪ + ∀x∈ℝ: ⌈x⌉ = −⌊−x⌋, α ∧ ¬β = ¬(¬α ∨ β), ⎪⎢⎜│───── ⎟⎥⎪ + ⎪⎢⎜⎷ c₈ ⎟⎥⎪ + ℕ ⊆ ℕ₀ ⊂ ℤ ⊂ ℚ ⊂ ℝ ⊂ ℂ, ⎨⎢⎜ ⎟⎥⎬ + ⎪⎢⎜ ∞ ⎟⎥⎪ + ⊥ < a ≠ b ≡ c ≤ d ≪ ⊤ ⇒ (⟦A⟧ ⇔ ⟪B⟫), ⎪⎢⎜ ⎲ ⎟⎥⎪ + ⎪⎢⎜ ⎳aⁱ-bⁱ⎟⎥⎪ + 2H₂ + O₂ ⇌ 2H₂O, R = 4.7 kΩ, ⌀ 200 mm ⎩⎣⎝i=1 ⎠⎦⎭ + +Linguistics and dictionaries: + + ði ıntəˈnæʃənəl fəˈnɛtık əsoʊsiˈeıʃn + Y [ˈʏpsilɔn], Yen [jɛn], Yoga [ˈjoːgɑ] + +APL: + + ((V⍳V)=⍳⍴V)/V←,V ⌷←⍳→⍴∆∇⊃‾⍎⍕⌈ + +Nicer typography in plain text files: + + ╔══════════════════════════════════════════╗ + ║ ║ + ║ • ‘single’ and “double” quotes ║ + ║ ║ + ║ • Curly apostrophes: “We’ve been here” ║ + ║ ║ + ║ • Latin-1 apostrophe and accents: '´` ║ + ║ ║ + ║ • ‚deutsche‘ „Anführungszeichen“ ║ + ║ ║ + ║ • †, ‡, ‰, •, 3–4, —, −5/+5, ™, … ║ + ║ ║ + ║ • ASCII safety test: 1lI|, 0OD, 8B ║ + ║ ╭─────────╮ ║ + ║ • the euro symbol: │ 14.95 € │ ║ + ║ ╰─────────╯ ║ + ╚══════════════════════════════════════════╝ + +Combining characters: + + STARGΛ̊TE SG-1, a = v̇ = r̈, a⃑ ⊥ b⃑ + +Greek (in Polytonic): + + The Greek anthem: + + Σὲ γνωρίζω ἀπὸ τὴν κόψη + τοῦ σπαθιοῦ τὴν τρομερή, + σὲ γνωρίζω ἀπὸ τὴν ὄψη + ποὺ μὲ βία μετράει τὴ γῆ. + + ᾿Απ᾿ τὰ κόκκαλα βγαλμένη + τῶν ῾Ελλήνων τὰ ἱερά + καὶ σὰν πρῶτα ἀνδρειωμένη + χαῖρε, ὦ χαῖρε, ᾿Ελευθεριά! + + From a speech of Demosthenes in the 4th century BC: + + Οὐχὶ ταὐτὰ παρίσταταί μοι γιγνώσκειν, ὦ ἄνδρες ᾿Αθηναῖοι, + ὅταν τ᾿ εἰς τὰ πράγματα ἀποβλέψω καὶ ὅταν πρὸς τοὺς + λόγους οὓς ἀκούω· τοὺς μὲν γὰρ λόγους περὶ τοῦ + τιμωρήσασθαι Φίλιππον ὁρῶ γιγνομένους, τὰ δὲ πράγματ᾿ + εἰς τοῦτο προήκοντα, ὥσθ᾿ ὅπως μὴ πεισόμεθ᾿ αὐτοὶ + πρότερον κακῶς σκέψασθαι δέον. οὐδέν οὖν ἄλλο μοι δοκοῦσιν + οἱ τὰ τοιαῦτα λέγοντες ἢ τὴν ὑπόθεσιν, περὶ ἧς βουλεύεσθαι, + οὐχὶ τὴν οὖσαν παριστάντες ὑμῖν ἁμαρτάνειν. ἐγὼ δέ, ὅτι μέν + ποτ᾿ ἐξῆν τῇ πόλει καὶ τὰ αὑτῆς ἔχειν ἀσφαλῶς καὶ Φίλιππον + τιμωρήσασθαι, καὶ μάλ᾿ ἀκριβῶς οἶδα· ἐπ᾿ ἐμοῦ γάρ, οὐ πάλαι + γέγονεν ταῦτ᾿ ἀμφότερα· νῦν μέντοι πέπεισμαι τοῦθ᾿ ἱκανὸν + προλαβεῖν ἡμῖν εἶναι τὴν πρώτην, ὅπως τοὺς συμμάχους + σώσομεν. ἐὰν γὰρ τοῦτο βεβαίως ὑπάρξῃ, τότε καὶ περὶ τοῦ + τίνα τιμωρήσεταί τις καὶ ὃν τρόπον ἐξέσται σκοπεῖν· πρὶν δὲ + τὴν ἀρχὴν ὀρθῶς ὑποθέσθαι, μάταιον ἡγοῦμαι περὶ τῆς + τελευτῆς ὁντινοῦν ποιεῖσθαι λόγον. + + Δημοσθένους, Γ´ ᾿Ολυνθιακὸς + +Georgian: + + From a Unicode conference invitation: + + გთხოვთ ახლავე გაიაროთ რეგისტრაცია Unicode-ის მეათე საერთაშორისო + კონფერენციაზე დასასწრებად, რომელიც გაიმართება 10-12 მარტს, + ქ. მაინცში, გერმანიაში. კონფერენცია შეჰკრებს ერთად მსოფლიოს + ექსპერტებს ისეთ დარგებში როგორიცაა ინტერნეტი და Unicode-ი, + ინტერნაციონალიზაცია და ლოკალიზაცია, Unicode-ის გამოყენება + ოპერაციულ სისტემებსა, და გამოყენებით პროგრამებში, შრიფტებში, + ტექსტების დამუშავებასა და მრავალენოვან კომპიუტერულ სისტემებში. + +Russian: + + From a Unicode conference invitation: + + Зарегистрируйтесь сейчас на Десятую Международную Конференцию по + Unicode, которая состоится 10-12 марта 1997 года в Майнце в Германии. + Конференция соберет широкий круг экспертов по вопросам глобального + Интернета и Unicode, локализации и интернационализации, воплощению и + применению Unicode в различных операционных системах и программных + приложениях, шрифтах, верстке и многоязычных компьютерных системах. + +Thai (UCS Level 2): + + Excerpt from a poetry on The Romance of The Three Kingdoms (a Chinese + classic 'San Gua'): + + [----------------------------|------------------------] + ๏ แผ่นดินฮั่นเสื่อมโทรมแสนสังเวช พระปกเกศกองบู๊กู้ขึ้นใหม่ + สิบสองกษัตริย์ก่อนหน้าแลถัดไป สององค์ไซร้โง่เขลาเบาปัญญา + ทรงนับถือขันทีเป็นที่พึ่ง บ้านเมืองจึงวิปริตเป็นนักหนา + โฮจิ๋นเรียกทัพทั่วหัวเมืองมา หมายจะฆ่ามดชั่วตัวสำคัญ + เหมือนขับไสไล่เสือจากเคหา รับหมาป่าเข้ามาเลยอาสัญ + ฝ่ายอ้องอุ้นยุแยกให้แตกกัน ใช้สาวนั้นเป็นชนวนชื่นชวนใจ + พลันลิฉุยกุยกีกลับก่อเหตุ ช่างอาเพศจริงหนาฟ้าร้องไห้ + ต้องรบราฆ่าฟันจนบรรลัย ฤๅหาใครค้ำชูกู้บรรลังก์ ฯ + + (The above is a two-column text. If combining characters are handled + correctly, the lines of the second column should be aligned with the + | character above.) + +Ethiopian: + + Proverbs in the Amharic language: + + ሰማይ አይታረስ ንጉሥ አይከሰስ። + ብላ ካለኝ እንደአባቴ በቆመጠኝ። + ጌጥ ያለቤቱ ቁምጥና ነው። + ደሀ በሕልሙ ቅቤ ባይጠጣ ንጣት በገደለው። + የአፍ ወለምታ በቅቤ አይታሽም። + አይጥ በበላ ዳዋ ተመታ። + ሲተረጉሙ ይደረግሙ። + ቀስ በቀስ፥ ዕንቁላል በእግሩ ይሄዳል። + ድር ቢያብር አንበሳ ያስር። + ሰው እንደቤቱ እንጅ እንደ ጉረቤቱ አይተዳደርም። + እግዜር የከፈተውን ጉሮሮ ሳይዘጋው አይድርም። + የጎረቤት ሌባ፥ ቢያዩት ይስቅ ባያዩት ያጠልቅ። + ሥራ ከመፍታት ልጄን ላፋታት። + ዓባይ ማደሪያ የለው፥ ግንድ ይዞ ይዞራል። + የእስላም አገሩ መካ የአሞራ አገሩ ዋርካ። + ተንጋሎ ቢተፉ ተመልሶ ባፉ። + ወዳጅህ ማር ቢሆን ጨርስህ አትላሰው። + እግርህን በፍራሽህ ልክ ዘርጋ። + +Runes: + + ᚻᛖ ᚳᚹᚫᚦ ᚦᚫᛏ ᚻᛖ ᛒᚢᛞᛖ ᚩᚾ ᚦᚫᛗ ᛚᚪᚾᛞᛖ ᚾᚩᚱᚦᚹᛖᚪᚱᛞᚢᛗ ᚹᛁᚦ ᚦᚪ ᚹᛖᛥᚫ + + (Old English, which transcribed into Latin reads 'He cwaeth that he + bude thaem lande northweardum with tha Westsae.' and means 'He said + that he lived in the northern land near the Western Sea.') + +Braille: + + ⡌⠁⠧⠑ ⠼⠁⠒ ⡍⠜⠇⠑⠹⠰⠎ ⡣⠕⠌ + + ⡍⠜⠇⠑⠹ ⠺⠁⠎ ⠙⠑⠁⠙⠒ ⠞⠕ ⠃⠑⠛⠔ ⠺⠊⠹⠲ ⡹⠻⠑ ⠊⠎ ⠝⠕ ⠙⠳⠃⠞ + ⠱⠁⠞⠑⠧⠻ ⠁⠃⠳⠞ ⠹⠁⠞⠲ ⡹⠑ ⠗⠑⠛⠊⠌⠻ ⠕⠋ ⠙⠊⠎ ⠃⠥⠗⠊⠁⠇ ⠺⠁⠎ + ⠎⠊⠛⠝⠫ ⠃⠹ ⠹⠑ ⠊⠇⠻⠛⠹⠍⠁⠝⠂ ⠹⠑ ⠊⠇⠻⠅⠂ ⠹⠑ ⠥⠝⠙⠻⠞⠁⠅⠻⠂ + ⠁⠝⠙ ⠹⠑ ⠡⠊⠑⠋ ⠍⠳⠗⠝⠻⠲ ⡎⠊⠗⠕⠕⠛⠑ ⠎⠊⠛⠝⠫ ⠊⠞⠲ ⡁⠝⠙ + ⡎⠊⠗⠕⠕⠛⠑⠰⠎ ⠝⠁⠍⠑ ⠺⠁⠎ ⠛⠕⠕⠙ ⠥⠏⠕⠝ ⠰⡡⠁⠝⠛⠑⠂ ⠋⠕⠗ ⠁⠝⠹⠹⠔⠛ ⠙⠑ + ⠡⠕⠎⠑ ⠞⠕ ⠏⠥⠞ ⠙⠊⠎ ⠙⠁⠝⠙ ⠞⠕⠲ + + ⡕⠇⠙ ⡍⠜⠇⠑⠹ ⠺⠁⠎ ⠁⠎ ⠙⠑⠁⠙ ⠁⠎ ⠁ ⠙⠕⠕⠗⠤⠝⠁⠊⠇⠲ + + ⡍⠔⠙⠖ ⡊ ⠙⠕⠝⠰⠞ ⠍⠑⠁⠝ ⠞⠕ ⠎⠁⠹ ⠹⠁⠞ ⡊ ⠅⠝⠪⠂ ⠕⠋ ⠍⠹ + ⠪⠝ ⠅⠝⠪⠇⠫⠛⠑⠂ ⠱⠁⠞ ⠹⠻⠑ ⠊⠎ ⠏⠜⠞⠊⠊⠥⠇⠜⠇⠹ ⠙⠑⠁⠙ ⠁⠃⠳⠞ + ⠁ ⠙⠕⠕⠗⠤⠝⠁⠊⠇⠲ ⡊ ⠍⠊⠣⠞ ⠙⠁⠧⠑ ⠃⠑⠲ ⠔⠊⠇⠔⠫⠂ ⠍⠹⠎⠑⠇⠋⠂ ⠞⠕ + ⠗⠑⠛⠜⠙ ⠁ ⠊⠕⠋⠋⠔⠤⠝⠁⠊⠇ ⠁⠎ ⠹⠑ ⠙⠑⠁⠙⠑⠌ ⠏⠊⠑⠊⠑ ⠕⠋ ⠊⠗⠕⠝⠍⠕⠝⠛⠻⠹ + ⠔ ⠹⠑ ⠞⠗⠁⠙⠑⠲ ⡃⠥⠞ ⠹⠑ ⠺⠊⠎⠙⠕⠍ ⠕⠋ ⠳⠗ ⠁⠝⠊⠑⠌⠕⠗⠎ + ⠊⠎ ⠔ ⠹⠑ ⠎⠊⠍⠊⠇⠑⠆ ⠁⠝⠙ ⠍⠹ ⠥⠝⠙⠁⠇⠇⠪⠫ ⠙⠁⠝⠙⠎ + ⠩⠁⠇⠇ ⠝⠕⠞ ⠙⠊⠌⠥⠗⠃ ⠊⠞⠂ ⠕⠗ ⠹⠑ ⡊⠳⠝⠞⠗⠹⠰⠎ ⠙⠕⠝⠑ ⠋⠕⠗⠲ ⡹⠳ + ⠺⠊⠇⠇ ⠹⠻⠑⠋⠕⠗⠑ ⠏⠻⠍⠊⠞ ⠍⠑ ⠞⠕ ⠗⠑⠏⠑⠁⠞⠂ ⠑⠍⠏⠙⠁⠞⠊⠊⠁⠇⠇⠹⠂ ⠹⠁⠞ + ⡍⠜⠇⠑⠹ ⠺⠁⠎ ⠁⠎ ⠙⠑⠁⠙ ⠁⠎ ⠁ ⠙⠕⠕⠗⠤⠝⠁⠊⠇⠲ + + (The first couple of paragraphs of "A Christmas Carol" by Dickens) + +Compact font selection example text: + + ABCDEFGHIJKLMNOPQRSTUVWXYZ /0123456789 + abcdefghijklmnopqrstuvwxyz £©µÀÆÖÞßéöÿ + –—‘“”„†•…‰™œŠŸž€ ΑΒΓΔΩαβγδω АБВГДабвгд + ∀∂∈ℝ∧∪≡∞ ↑↗↨↻⇣ ┐┼╔╘░►☺♀ fi�⑀₂ἠḂӥẄɐː⍎אԱა + +Greetings in various languages: + + Hello world, Καλημέρα κόσμε, コンニチハ + +Box drawing alignment tests: █ + ▉ + ╔══╦══╗ ┌──┬──┐ ╭──┬──╮ ╭──┬──╮ ┏━━┳━━┓ ┎┒┏┑ ╷ ╻ ┏┯┓ ┌┰┐ ▊ ╱╲╱╲╳╳╳ + ║┌─╨─┐║ │╔═╧═╗│ │╒═╪═╕│ │╓─╁─╖│ ┃┌─╂─┐┃ ┗╃╄┙ ╶┼╴╺╋╸┠┼┨ ┝╋┥ ▋ ╲╱╲╱╳╳╳ + ║│╲ ╱│║ │║ ║│ ││ │ ││ │║ ┃ ║│ ┃│ ╿ │┃ ┍╅╆┓ ╵ ╹ ┗┷┛ └┸┘ ▌ ╱╲╱╲╳╳╳ + ╠╡ ╳ ╞╣ ├╢ ╟┤ ├┼─┼─┼┤ ├╫─╂─╫┤ ┣┿╾┼╼┿┫ ┕┛┖┚ ┌┄┄┐ ╎ ┏┅┅┓ ┋ ▍ ╲╱╲╱╳╳╳ + ║│╱ ╲│║ │║ ║│ ││ │ ││ │║ ┃ ║│ ┃│ ╽ │┃ ░░▒▒▓▓██ ┊ ┆ ╎ ╏ ┇ ┋ ▎ + ║└─╥─┘║ │╚═╤═╝│ │╘═╪═╛│ │╙─╀─╜│ ┃└─╂─┘┃ ░░▒▒▓▓██ ┊ ┆ ╎ ╏ ┇ ┋ ▏ + ╚══╩══╝ └──┴──┘ ╰──┴──╯ ╰──┴──╯ ┗━━┻━━┛ ▗▄▖▛▀▜ └╌╌┘ ╎ ┗╍╍┛ ┋ ▁▂▃▄▅▆▇█ + ▝▀▘▙▄▟ + +Emojis: +🐲💤🌊💅👲 💫🍦🌎🏇🔃 👨🏢💞📅🐳🍒 💉🌏🕣👨 🏇🐎🎐💿 🕗📴🐧🌙🍫💏👣 📠👺🔺🎮🔳🌐 🍱👸🍰🕦 👱🌓🌕📡👤 🍘 +🔒🔢🏀📊. 🔂🎍🎮💭🔜 🔊🎃🏈🐉 👉🍇🐴🔢🔉 🍚🍐🐦🌆🔴🔟 💟🍤🍹👠 🐤🐂🕖🌁💜🍨 🍡🏩🌾💘📘🔶🍍 💥👂👢🐁🐇🔰 +🌈👀👟📳🍐 💔📺🎦🎣 📹👜🏊🎭 🐡🍭🎁💵🔋🐗 👸🌠🍭💥🔍💾 🎢💦🌁💹 🔻🔢🌽🐷🔄👛. 🍤📩👺🔅🏢🍍🔕 🎉🔸🌲👤 🕖 +💏🍎👤📦 🕤🌹💉🐈🔀💌🌖 🏮💣👍🔖 💼💀💦🌟 💮🕛🔱🔑🎆🔂 🌕💕🌊🎈. 📟💛🍄🐅🏠📴🏈 👜💓💠🌏🏯 💈🔠🍆🌰 🎾🍷 +🍤🌃🏠 🐱🔮🐊🐠🐊🔄 📕👽💉👞 💗🏨💫💒🌊👗 👼🌁🍻🎹📳🌉🔮 💛🔂🌽🍳 🐘🎾🎮📎 🍺🌀🐇🌰🕥 📴🍹💈🕙🔙👶🎂🌿 🐧 +📣🎯🎈🔍📹 🍘🌉🎓📈👤🍭 🍑🔬🔜👤🔯. 🍼🍬📏🐸🍇👽🔫 🔤👚🐭📞💚 🔢🎐🐱🔻📺🌖🔷🕃 💙🔵👘🔱📔 🍵👅🎀💤📥 💈🌂💬 +💯🎹 👱🍔🍧💯 💍🐟🍜💂🎡💢👸 🌘🎢🔱🌂🍖💨 💭🍈🍸🔨📗🎂.🏂🐚💸👉🎓📢 🌙🌉🎠💆 💖🍄📐🍲 📡🎉🍻📙📔🎷 🔽💱🍠🌙 +👍💈💩🌏🐢🔡🗾📭 🕟📰👚🌂🍢🎮🐜 🌟🌝🍗🍴💔👪 📵🎰🍨📔🍍 🗽📺🎠👰🎐 🎉📪📯🔒🍮🏄 🔷🍯🕒🔬🌃 📫📶🎤👓💈💂 🕤👱 +🍠🎷🐛 👛🐆💓🔄🐅💧 🕢📜🎋💌💩🔁🔊. 🍰🕡👹👈🎩 💅🔰🕛💪📆 🎸📝🌆👇🌘💗💑📲 🔫🐥🌄📫🌌 🍑🐂💶👞💃📴 👭📗🍃👲 +💫🍫 🕗👖🐍🌊🎨 👞🍤🏢📎🎶 📩📪🍦📞📉💇 🔃🐓🍂📼👇🐸🎋 👉🔹💆🌷📬👚 💇🕖🌼👰🕒🌁🏀🔎. 🐷🐖💂🐂🐾🏨 💐💘🔷🐏 +💦👃 👥🔶🌒👀🐔👱🎬 💆📥🌇🔓💭🐙 🍛👦🐗🕤 🔝👃💴🎴🔳💡 💉💥💐🐖💞💯 📊💛🍫🕘🌑🔢🎺 🎂🍢🌋📗🎬 🏠💥👪🌙🔺🎁 +👙👷🌛💹🔗👝🍆💧 💯📧🔕👚🕀 🔂🐙🍟🍤 🕓🔨🔊👜🐑 🎹🍸🍱🎣🌍. 👤📥🍊🐆🐀 🌖🌷📏🔍🐶 🔍👳🕃🔝🐎📺 🎤🕑👱🔘🐁🐢 🎐 +🔗💼📊👶🐒 📢🌏🏄🎬 🍉🍚🕒🐂👣🔓 🏯🔶👚📤🌝🍊 🔷🎬🎮💭👍🐊📶 🐧🍢🔗👉🎹🎪🌙 🎈🍴🌒🎦🍗💌🎴 📉📎🐇👞💆 🕖🔄👆 +🎲🌳🌐 🍬📪🌵📘📂💏 💂🐃👫🕖🕂🔬. 🏤💤📝📐🍛 🔸🍶🌙🔻 📳📉👺👭 👙🍹💡💪🔃🌸 🕕🎴👆💰📶🔓🌌 🌻🐡👡📲 👏💶💡🌔 +📆🎵🎢👻📭👟 👔🐧👵💘🍘🎹 🍒🎵📰🐳👫🏯🐡 👹🍼🍷👻 🏠💢📨👋🐣🔳🌶. 🔤👱🍟💕 🌇🕁🐝📗🍨 💭🕦🏇🎲💵🐉 📏🌳🐟🏦🔵 + +Russian: +Лорем ипсум долор сит амет, еум яуас фабеллас ад, стет хабео цу цум, но аутем ассуеверит инструцтиор вим. +Ет салутатус алияуандо сеа, яуи поссит атоморум адверсариум ех. Меи фабулас аппареат елаборарет ет. +Еа иус молестиае цонституам темпорибус, не воцент вивендо цонцлудатуряуе иус. +При ин цонгуе хомеро аццусамус, еу одио солеат граецо иус. Еи меис ипсум атяуи нец, не ностро путант хис. +Прима иусто тхеопхрастус ан вис, бруте фацилисис нец ет, еа еуисмод елецтрам про. +Цу цум еиус солута омиттам, иус примис фацилисис еу. Цу модо пробатус импердиет хас. Еверти луптатум дефиниебас еам ан. +Те про лабитур алияуандо адверсариум, ид цонституто дефиниебас сед. Ан легендос цонсеяуат вим. +Стет деленит аццусамус цу меи. Толлит сенсибус мел ат, ад нец волутпат либерависсе. Меис цоррумпит вих ет, долор нумяуам продессет меа ан. +Алияуам пондерум яуаестио ид дуо, ин меа долоре ноструд нострум. Не сеа фацилис симилияуе. +Вим ат апериам омнесяуе симилияуе, но усу бландит цонсецтетуер. Сед ут чоро сцаевола постулант, усу порро цоммуне цу. +Магна еурипидис демоцритум вих но, еум стет фацилиси ет. Поссим еффициенди нец те, еним маиорум цонсецтетуер но хас. + +Japanese: +無論木下君が区別自分ちょっと担任をするます腹の中とんだ私立それか拡張がというお反抗でしょだでませで、その事実は彼らか人間主義をして、槙さんの気 +に二つの私のなおお仕事というて私個性にご刺戟に進んように最も大供を立っですましょて、つい正しく意味の掘りならといでのを立てるたない。それでする +とご招きになっ事も一応自由としですのに、この向うではしなくがとして壇を上げよてならあっべき。この上個人のためこの警視総監はそれ中がしよたかと岩 +崎さんをありましまし、学校の今日うとかいうお反抗ですじでて、manの時を会員を今でもの西洋を昔するからおらて、そうの事実に帰ってこのためで何だか申 +しないでと調っないのでて、ないなかっあるばわざわざお獄さべきのましますでし。そうして権利か大変か学習をあるでて、事実上自分で発してしまった中がご +意味の事実が知れでまい。今日にはすでに充たすけれどもできるですありないましと、もうきっとしで講義はそれほどおかしいんのん。そこでご発展をしても +いるましものなけれが、先では、しばしば私か信じから申しれるたありしれだんと進まて、国はなりてくるませう。どうもどうもはそんなに貧乏人といういけ +ますて、私をは場合ごろまでどちらの今説明はない感じならでう。私はもう吹聴ののをお病気はなるておきたたでたて、五一の鶴嘴を全くしうについて助言ま +しが、またはその本位の心を起りられて、こちらかをどこの主義が著作で考えていますものんないと意味云って落第廻るいるでした。亡骸をあるいはネルソン +さんがだからどう罹っありのなかっですたい。大森さんはたった学校にさばいるなのでたです。(しかし自分より起る中たなですからないは用いたませて、) +ずいぶん読みです主義を、朝日の人々くらいなっておりという、自分の希望も前のところだけしなり事がなりでて品評家ためていですにおいてご世の中ん事な。 +それもはなはだ春をしませようにして得なのだてそうしていろいろ大森事情行くますです。 diff --git a/archlinux_setup.sh b/archlinux_setup.sh new file mode 100644 index 0000000..8509a67 --- /dev/null +++ b/archlinux_setup.sh @@ -0,0 +1,175 @@ +#!/bin/sh + +# List keyboard layouts from here +localectl list-keymaps + +# Test if boot mode is UEFI (true if no error) +ls /sys/firmware/efi/efivars + +# Connecting to WIFI using connmanctl (openrc | runit | s6 | 66 | dinit) +connmanctl << EOF +# Enabling wifi +enable wifi + +# Enabling the agent (only use if needed passphrase) +agent on + +# Scanning for access points +scan wifi + +# Printing the access points (services) names +services + +# Connecting to the access point +connect SERVICE_ID + +# Enable the auto connection at startup option +config SERVICE_ID --autoconnect yes +EOF + +# Connect to WIFI using iwctl (systemd) +iwctl << EOF +# Getting the list of available devices +device list + +# Scanning for access points +station scan + +# Printing the access points names +station get-networks + +# Password-less +station connect + +# Passphrase +iwctl --passphrase station connect +exit +EOF + +# Arch package name | Description +# base | Minimal package set to define a basic Arch Linux installation +# linux | The Linux kernel and modules +# linux-lts | The LTS Linux kernel and modules +# linux-zen | The Linux ZEN kernel and modules +# linux-hardened | The Security-Hardened Linux kernel and modules +# linux-firmware | Firmware files for Linux +# neovim | Fork of Vim, a terminal text editor +# doas | Run commands as super user or another user +# networkmanager | Network connection manager and user applications +# networkmanager-iwd | Network connection manager and user applications; using iwd backend instead of wpa_supplicant +# wpa_supplicant | A utility providing key negotiation for WPA wireless networks +# grub | GNU GRand Unified Bootloader +# efibootmgr | UEFI Boot manager +# neofetch | A CLI system information tool written in BASH that supports displaying images +# which | A utility to show the full path of commands +# iwd | Internet Wireless Daemon +# ntfs-3g | NTFS file system driver and utilities +# keepass | Easy-to-use password manager for Windows, Linux, Mac OS X and mobile devices +# keepassxc | Cross-platform community-driven port of Keepass password manager +# dmenu | shortcut to launch other applications +# nvidia | NVIDIA drivers for newer cards (see wiki if doubt) +# nvidia-utils | NVIDIA utilities +# nvidia-settings | NVIDIA settings page +# nvidia-prime | NVIDIA optimus like tool +# xf86-video-intel | Intel graphics card drivers +# pulseaudio | Audio support +# pulseaudio-bluetooth | Audio bluetooth support +# pulsemixer | CLI audio mixer +# bluez | Bluetooth support +# bluez-utils | Provides bluetoothctl to connect to devices +# openssh | Provides utilities to generate ssh keys +# xclip | Being able to copy from CLI +# picom | X compositor that may fix tearing issues +# vlc | Multi-platform MPEG, VCD/DVD, and DivX player +# i3-gaps | A fork of i3wm tiling window manager with more features, including gaps +# xorg-xinit | Xorg initialisation program +# xorg-server | Xorg X server +# xorg-xset | User preference utility for X +# feh | Fast and light imlib2-based image viewer +# alacritty | terminal emulator +# os-prober | Utility to detect other OSes on a set of drives +# git | The fast distributed version control system +# wget | Network utility to retrieve files from the Web +# unzip | For extracting and viewing files in .zip archives +# firefox | Standalone web browser from mozilla.org +# virtualbox | Powerful x86 virtualization for enterprise as well as home use +# virtualbox-guest-utils | VirtualBox Guest userspace utilities +# virtualbox-host-modules-arch | Virtualbox host kernel modules for Arch Kernel +# bash-completion | Programmable completion for the bash shell +# intel-ucode | Microcode update files for Intel CPUs +# reflector | Python utility to get the fastest pacman mirrors +# rsync | A fast and versatile file copying tool for remote and local files (optional dependency of reflector) +# nodejs | Evented I/O for V8 javascript +# npm | A package manager for javascript +# ripgrep | search tool that combines the usability of ag with the raw speed of grep +# cuda | NVIDIA's GPU programming toolkit +# python | Next generation of the python high-level scripting language +# python-pip | The PyPA recommended tool for installing Python packages +# lazygit | Simple terminal UI for git commands +# cryptsetup | Userspace setup tool for transparent encryption of block devices using dm-crypt +# discord | All-in-one voice and text chat for gamers that's free and secure. +# htop | Interactive process viewer +# thunderbird | Standalone mail and news reader from mozilla.org +# brightnessctl | Lightweight brightness control tool +# fakeroot | Tool for simulating superuser privileges +# sed | GNU stream editor +# gcc | The GNU Compiler Collection - C and C++ frontends +# grep | A string search utility +# make | GNU make utility to maintain groups of programs +# man-db | A utility for reading man pages +# openvpn | An easy-to-use, robust and highly configurable VPN +# pkgconf | Package compiler and linker metadata toolkit + +# Artix package name | Description +# openrc | Gentoo's universal init system +# elogind-openrc | OpenRC elogind init script +# connman-openrc | OpenRC connman init script +# runit | A cross-platform Unix init scheme with service supervision +# elogind-runit | Runit service scripts for elogind +# connman-runit | Runit service script for connman +# s6-base | Packages, hooks, and scripts to define a basic s6 init system implementation for Artix Linux. +# elogind-s6 | s6-rc service scripts for elogind +# connman-s6 | s6-rc service scripts for connman +# suite66 | small tools built around s6 and s6-rc programs +# elogind-suite66 | 66 script for elogind +# connman-suite66 | 66 script for connman +# dinit | Service monitoring/init system -- init package +# elogind-dinit | dinit service scripts for elogind +# connman-dinit | dinit service scripts for connman + +# AUR package name | Description | Upstream link +# polybar | A fast and easy-to-use status bar | https://aur.archlinux.org/polybar.git +# davmail | a POP/IMAP/SMTP/Caldav/LDAP gateway for the exchange service | https://aur.archlinux.org/davmail.git +# font-manager | A simple font management application for GTK+ Desktop Environments | https://aur.archlinux.org/font-manager.git +# tor-browser | anonymous browsing using Firefox and Tor | https://aur.archlinux.org/tor-browser.git +# lazydocker | A simple terminal UI for docker and docker-compose, written in Go with the gocui library | https://aur.archlinux.org/lazydocker.git + +# NOTE : Before installing tor, type : gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org + +# Get the list of all available time zones +timedatectl list-timezones + +# Removing users from specific group +gpasswd -d "$USERNAME" "$GROUP" + +# Dual boot setup with os-prober +echo 'GRUB_DISABLE_OS_PROBER=0' >> /etc/default/grub +update-grub + +# If bluez bluetooth device is org.bluez.Error.Blocked +rfkill block bluetooth +rfkill unblock bluetooth +# If it still doesn't work +## systemd +systemctl restart bluetooth +## OpenRC +rc-service bluetoothd restart + +# Setup a custom DNS server (systemd) +systemctl enable systemd-resolved +systemctl start systemd-resolved +mkdir /etc/systemd/resolved.conf.d +echo '[Resolve] +DNS=192.168.35.1 fd7b:d0bd:7a6e::1 +Domains=~.e' > /etc/systemd/resolved.conf.d/dns_servers.conf + diff --git a/create_arch_server.sh b/create_arch_server.sh new file mode 100644 index 0000000..656ed00 --- /dev/null +++ b/create_arch_server.sh @@ -0,0 +1,249 @@ +#!/usr/bin/env bash + +# Exit immediately if a command exits with a non-zero exit status +set -e + +echo -n Hostname : +read -r HOSTNAME + +echo -n Domain name : +read -r DOMAIN_NAME + +echo -n Username : +read -r USERNAME + +echo Password : +read -r -s PASSWORD + +echo MYSQL_ROOT_PASSWORD ? : +read -r -s MYSQL_ROOT_PASSWORD + +echo MYSQL_PASSWORD ? : +read -r -s MYSQL_PASSWORD + +echo Pihole admin password ? : +read -r -s PIHOLE_PASSWORD + +# Setup the hostname +hostnamectl hostname "$HOSTNAME" + +# Enable pacman's parallels downloads +sed -i 's/^#Para/Para/g' /etc/pacman.conf + +# Updating every packages +pacman -Syu --noconfirm +# Removing unwanted packages +pacman -Rc --noconfirm nano vim vim-runtime sudo +# Installing needed packages +pacman -S --noconfirm --needed docker neovim lazygit neofetch git wget unzip openssh bash-completion reflector \ + rsync nodejs npm python python-pip ripgrep htop opendoas which man sed fakeroot gcc flake8 autopep8 \ + python-pynvim + +# Installing npm dependencies +npm i -g neovim npm-check-updates + +# Enable the wheel group to use doas +echo 'permit persist :wheel' > /etc/doas.conf + +# Enabling docker +systemctl enable docker +systemctl start docker + +# Setup SSH +echo 'Port 777 +AddressFamily inet +ChallengeResponseAuthentication no +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication yes +PermitEmptyPasswords no +PermitRootLogin no +UsePAM no +PrintMotd no +Subsystem sftp /usr/lib/ssh/sftp-server +' > /etc/ssh/sshd_config +systemctl restart sshd + +# Disable systemctl resolved +systemctl stop systemd-resolved +systemctl disable systemd-resolved + +# Adding personnal account +useradd -m "$USERNAME" +passwd "$USERNAME" << EOF +$PASSWORD +$PASSWORD +EOF +usermod -aG wheel "$USERNAME" +usermod -aG docker "$USERNAME" +usermod -aG wheel root + +user_exec(){ + # Adding personnal SSH public key + mkdir ~/.ssh ~/aur git services + echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6nIqEuVlD6ouHf2OmhN5+gP3qP31+Z5x7+2GKLstTzkLo1wFUGQKsAgeAA3r47xXkUznSt0BHi7J6yaAJ7q2oSNxwbH73hemLlbQGAMkjRpvM4wL2jvVVBnILUMqLlzwEqBPlygng3DkT/KGTAcmWrt6kh/TV6npH4bf2LV7Z6g7YB9usmaJPTmw53/lQaDDxkMw7aYgDRc2oQwjZNOZ/uzb3IenvRyXfmegWYLHemiajtuj3e/Z7XRcJLhMp5XYQaPpy7RdkpBNiA7fIrITrXcjK+K71NGXLHRB8Ert5y8SzMs5gu3iOA4JnfcDnpdXyo1USduDDkDjH+N9ggQdaSXUmHCI3P1x1IJN56X0F20u287E/bMGApPiF4mkL5xbJdjZMKDgodm1QNdbBNu4vw4nm13TOM/neqPKcs+gzgPe/50gad2KOGoU+MQwPB2JA/vX9UGHUDTYkn4cmLeDR97OUq94yYZTJX3vMEKMxM9reZ/FR9pcdFvGWme46R1styyZExbPqLPA8b/FjX08USDE4aIDyi0GUHwx+exfdneFWm3yZ/G4XUENlKP3mlzPZql90sJu/ERdUX8fFZfJKdhjH0Q26SYJbD30Oh62IpUEoLFVovbhXO7r8nxgXoAgp7ArwZS2vv5P4xJt4I7gzFxS3cw/K9IOo4TXuXprfmQ== SAUNDERS@DESKTOP-95BAQ8S' > ~/.ssh/authorized_keys + + # Installing lazydocker + git clone https://aur.archlinux.org/lazydocker.git ~/aur/lazydocker + cd ~/aur/lazydocker + makepkg -sri --noconfirm + rm -rf ~/go + + # Adding dotfiles + git clone https://github.com/saundersp/dotfiles.git ~/git/dotfiles + cd ~/git/dotfiles + ./auto.sh server + sudo bash auto.sh server + + # Adding portfolio + git clone https://github.com/saundersp/portfolio.git ~/git/portfolio + cd ~/git/portfolio + docker pull node:lts-alpine + docker build -f Dockerfile.no_ssl -t saundersp/portfolio . + + # Setup the services used in the server + cd ~/services + echo -e "MYSQL_PASSWORD=$MYSQL_PASSWORD\nMYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD" > .env + echo 'nextcloud mariadb vaultwarden/server pihole/pihole caddy/caddy:alpine' | xargs -n1 docker pull + + mkdir bitwarden-data caddy mariadb-data nextcloud-data openvpn-etc pihole caddy/config caddy/data caddy/etc + + # Setup caddy + echo "$DOMAIN_NAME { + handle_path /bitwarden* { + reverse_proxy /notifications/hub/negotiate localhost:8080 + reverse_proxy /notifications/hub localhost:3012 + reverse_proxy localhost:8080 + } + handle_path /pihole* { + reverse_proxy localhost:8082 + route /* { + reverse_proxy localhost:8082 + } + } + handle_path /nextcloud* { + rewrite /.well-known/carddav /remote.php/dav + rewrite /.well-known/caldav /remote.php/dav + + header /* { + Script-Transport-Security max-age=15552000; + } + + reverse_proxy localhost:8084 + route /* { + reverse_proxy localhost:8084 + } + } + reverse_proxy localhost:8081 +}" > caddy/Caddyfile + + # Getting the docker-compose.yml ready + echo 'version: "3.9" + +services: + portfolio: + image: saundersp/portfolio:latest + restart: unless-stopped + ports: + - 8081:80 + + pihole: + image: cbcrowe/pihole-unbound:latest + restart: unless-stopped + ports: + - 53:53/tcp + - 53:53/udp + - 8082:80/tcp + volumes: + - ./pihole/data:/etc/pihole + - ./pihole/dnsmasq.d:/etc/dnsmasq.d + environment: + - ServerIP=127.0.0.1 + - TZ=Europe/London + - REV_SERVER=true + - REV_SERVER_TARGET=192.168.1.1 + - REV_SERVER_DOMAIN=local + - REV_SERVER_CIDR=192.168.0.0/16 + - DNS1=127.0.0.1#5335 + - DNS2=127.0.0.1#5335 + - DNSSEC="true" + +# NOTE Get rid of "reducing DNS packet size for nameserver ..." : echo "edns-packet-max=1232" | sudo tee /etc/dnsmasq.d/99-edns.conf + + bitwarden: + image: vaultwarden/server:latest + restart: unless-stopped + ports: + - 8080:80 + volumes: + - ./bitwarden-data:/data + + mariadb: + image: mariadb:latest + restart: unless-stopped + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed + volumes: + - ./mariadb-data:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + + nextcloud: + image: nextcloud:latest + restart: unless-stopped + ports: + - 8084:80 + volumes: + - ./nextcloud-data:/var/www/html + environment: + - MYSQL_PASSWORD=${MYSQL_PASSWORD} + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_HOST=mariadb + - APACHE_DISABLE_REWRITE_IP=1 + links: + - mariadb + +# NOTE To setup a primary install : +# add "overwriteprotocol => https" to config/config.php +# add "overwritewebroot => /nextcloud" to config/config.php + + caddy: + image: caddy/caddy:alpine + restart: unless-stopped + network_mode: "host" + volumes: + - ./caddy/data:/data + - ./caddy/config:/config + - ./caddy/etc:/root/.local/share/caddy + - ./caddy/Caddyfile:/etc/caddy/Caddyfile +' > docker-compose.yml + docker-compose up -d + sleep 15 + + # Setup nextcloud web root + sudo sed -i "3a\ \ 'overwriteprotocol' => 'https',\n\ \ 'overwritewebroot' => '/nextcloud'," nextcloud-data/config/config.php + docker-compose restart nextcloud + + # Setup pihole + docker-compose exec pihole pihole -a -p "$PIHOLE_PASSWORD" + docker-compose exec pihole sqlite3 /etc/pihole/gravity.db ' + INSERT INTO "adlist" ("address","enabled","comment") VALUES ("https://raw.githubusercontent.com/jdlingyu/ad-war","1","Advertising Lists 1"), + ("https://adaway.org/hosts.txt","1","Advertising Lists 2"), + ("https://v.firebog.net/hosts/AdguardDNS.txt","1","Advertising Lists 3"), + ("https://v.firebog.net/hosts/Admiral.txt","1","Advertising Lists 4"), + ("https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt","1","Advertising Lists 5"), + ("https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt","1","Advertising Lists 6"), + ("https://v.firebog.net/hosts/Easylist.txt","1","Advertising Lists 7"), + ("https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext","1","Advertising Lists 8"), + ("https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts","1","Advertising Lists 9"), + ("https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts","1","Advertising Lists 10");' + docker-compose exec pihole pihole -g +} +export -f user_exec +su "$USERNAME" -c user_exec + +# Removing the nopass option in doas +sed -i '1s/nopass/persist/g' /etc/doas.conf + diff --git a/mv_docker.sh b/mv_docker.sh new file mode 100644 index 0000000..7f551e9 --- /dev/null +++ b/mv_docker.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +WSL_DIR=/d/WSL2 + +WSLS="$(wsl --list | sed 1d | cut -d' ' -f 1 | sed $'s/[^[:print:]\t]//g' | head -n -1)" + +mkdir -p "$WSL_DIR" + +for WSL in "${WSLS[@]}"; do + if [ -d "$WSL_DIR"/"$WSL" ]; then + echo "$WSL already moved, continuing" + continue + fi + echo "Exporting $WSL to archive" + wsl --export "$WSL" "$WSL_DIR/$WSL.tar" + echo "Unregistering $WSL" + wsl --unregister "$WSL" + mkdir "$WSL_DIR/$WSL" + echo "Importing $WSL from archive" + wsl --import "$WSL" "$WSL_DIR/$WSL" "$WSL_DIR/$WSL.tar" --version 2 + echo "Removing $WSL archive" + rm "$WSL_DIR/$WSL.tar" +done diff --git a/pull.sh b/pull.sh new file mode 100644 index 0000000..d3b956f --- /dev/null +++ b/pull.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +cd ../.. + +for d in *; do + echo "current directory: $d" + cd "$d" + # git pull + # git gc + # git clean -fx + git status + cd .. +done diff --git a/secure_debian_server.md b/secure_debian_server.md new file mode 100644 index 0000000..20aa655 --- /dev/null +++ b/secure_debian_server.md @@ -0,0 +1,49 @@ +# Secure a debian server + +## Deny ping response + +In the file /etc/ufw/before.rules add the line after "ok icmp codes for INPUT" + +> -A ufw-before-input -p icmp --icmp-type echo-request -j DROP + +## Restraining SSH default behaviour + +In the file /etc/ssh/sshd_config or /etc/sshd_config + +> Port $SSH_PORT # Custom SSH port +> AddressFamily inet +> ChallengeResponseAuthentication no +> PasswordAuthentication no +> UsePAM no +> PermitRootLogin no + +```bash +# Apply changes +systemctl restart sshd +``` + +## Enabling security features + +In the file /etc/sysctl.conf, uncomment / add the lines : + +> net.ipv4.conf.default.rp_filter = 1 +> net.ipv4.conf.all.rp_filter = 1 +> net.ipv4.conf.all.accept_redirects = 0 +> net.ipv6.conf.all.accept_redirects = 0 +> net.ipv4.conf.all.send_redirects = 0 +> net.ipv4.conf.all.accept_source_route = 0 +> net.ipv6.conf.all.accept_source_route = 0 +> net.ipv4.conf.all.log_martians = 1 +> net.ipv4.conf.all.arp_notify = 1 + +```bash +# Apply changes +sysctl -p +``` + +## Prevent IP Spoof + +In the file /etc/host.conf, add / change the lines : + +> order bind,hosts +> multi on diff --git a/vscodium-ext.sh b/vscodium-ext.sh new file mode 100644 index 0000000..8723364 --- /dev/null +++ b/vscodium-ext.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +### Add Microsoft's extensions to VSCodium + +# In the file resources/app/product.json change this : + +# "extensionsGallery": { +# "serviceUrl": "https://open-vsx.org/vscode/gallery", +# "itemUrl": "https://open-vsx.org/vscode/item" +# }, + +# to this : + +# "extensionsGallery": { +# "serviceUrl": "https://marketplace.visualstudio.com/_apis/public/gallery", +# "cacheUrl": "https://vscode.blob.core.windows.net/gallery/index", +# "itemUrl": "https://marketplace.visualstudio.com/items" +# }, + +apply(){ + FILE="$1" + test -z "$FILE" && FILE=/opt/vscodium/resources/app/product.json + SEP=' ' + OLD="$SEP\\\"extensionsGallery\": {\\n$SEP$SEP\\\"serviceUrl\\\": \\\"https://open-vsx.org/vscode/gallery\\\",\\n$SEP$SEP\\\"itemUrl\\\": \\\"https://open-vsx.org/vscode/item\\\"\\n$SEP}," + NEW="$SEP\"extensionsGallery\": {\\n$SEP$SEP\"serviceUrl\": \"https://marketplace.visualstudio.com/_apis/public/gallery\",\\n$SEP$SEP\"cacheUrl\": \"https://vscode.blob.core.windows.net/gallery/index\",\\n$SEP$SEP\"itemUrl\": \"https://marketplace.visualstudio.com/items\"\\n$SEP}," + + sed -i ":a;N;\$!ba;s&$OLD&$NEW&g" "$FILE" +} + +apply "$1" +