Skip to content

Instantly share code, notes, and snippets.

View alecs's full-sized avatar
🏠

Alex Negulescu alecs

🏠
82 followers · 700 following
View GitHub Profile
@vladbabii
vladbabii / prox-migrate.sh
Created March 26, 2024 12:19
migrate proxmox containers from current host to a remote. doing stop, backup, rsync then start. also sets 'migrated' tag and disables onboot start on source
#!/bin/bash
# Read the ID from the first argument
id="$1"
MODE="stop"
STORAGE_LOCAL="backups3"
STORAGE_LOCAL_PATH="/storage3/pve-backup"
REMOTE_HOST="outbound"
@EverythingSmartHome
EverythingSmartHome / esp32-voice.yaml
Last active April 11, 2026 22:03
ESP32 & ESPHome Voice Assistant
esphome:
name: esp32-mic-speaker
friendly_name: esp32-mic-speaker
on_boot:
- priority: -100
then:
- wait_until: api.connected
- delay: 1s
- if:
condition:
@mattpascoe
mattpascoe / bindparse.awk
Created August 29, 2022 21:09
Parse bind zone files to produce dcm.pl output.
#!/usr/bin/awk -f
#
# Author: Matt Pascoe - matt@opennetadmin.com
#
# This awk script is used to extract relevant information from a bind zone
# file and build the appropriate fields for passing into
# a dcm.pl module. This can be used to bootstrap a new database from existing
# site data.
#
# You can simply cat a file and pipe it to this script
@gwire
gwire / local-acme.conf
Last active September 22, 2024 00:31
nginx config snippet to allow acme validation for TLS certificate
## Only permit acme-challenge requests that match the ACME spec,
## return 403 for everything else
## RFC8555 specifies a base64url token (no "=")
## with at least 128 bits of entropy (ie 22 chars minimum)
## root matches the "webroot" directory used in the certbot configuration
location ~ "^/.well-known/acme-challenge/([A-Za-z0-9_-]{22,})$" {
default_type "text/plain";
root /var/www/acme/;
}
@marfillaster
marfillaster / 00-tldr-default-config-dual-wan-pcc-recursive-failover.md
Last active May 6, 2026 20:55
MikroTik RouterOS v7 dual DHCP WAN recursive failover w/ PCC load-balancing; and recursive ECMP

TL;DR: Default-Config Dual WAN PCC + Recursive Failover

This paste assumes a hardware MikroTik RouterBOARD with the standard MikroTik default config — hAP, hEX, RB5009-class, etc. — where ether1 is the WAN port and ether2 through etherN are LAN bridge ports. The paste removes ether2 from the LAN bridge and turns it into WAN2.

If your router is not in that default state — CHR, multi-WAN appliances, anything reconfigured, or anything where ether1 is not your WAN — read the full guide and substitute interface names. The lab report's §8.7 TL;DR validation shows the kind of remap CHR needs before this paste is safe.

Resulting layout after the paste:

WAN1 = ether1, DHCP
@bgarcial
bgarcial / Makefile
Last active April 4, 2023 15:14
Steps/actions needed to be done to deploy loki logging backend on staging aks cluster.
loki-install:
sh ./variables.sh
sh ./setup-loki-fluentbit.sh
@cronolio
cronolio / docker-compose.yml
Last active August 24, 2022 14:33
version: '2.4'
services:
#prom:
# image: prom/prometheus:latest
# container_name: prom
# restart: unless-stopped
# volumes:
# - ./conf/prometheus.yml:/etc/prometheus/prometheus.yml:ro
# - ./conf/alerts:/etc/prometheus/alerts
@arriqaaq
arriqaaq / ns.sh
Created September 9, 2021 05:25
Network namespaces [Bridge + VETH]
#!/usr/bin/env bash
if [[ $EUID -ne 0 ]]; then
echo "You must be root to run this script"
exit 1
fi
BR_ADDR="10.10.0.1"
BR_DEV="br0"
@marfillaster
marfillaster / guide.md
Last active March 17, 2025 13:26
yubikey ssh ykcs11 in osx

Generate key

brew install ykman yubico-piv-tool

# Generate key
ykman piv keys generate -aRSA2048 --pin-policy ONCE --touch-policy CACHED 9a public.pem


# Generate self signed key
ykman piv certificates generate -s "CN=yubi-1 ssh" -aSHA256 9a public.pem
@marfillaster
marfillaster / README.md
Last active May 16, 2026 12:35
MikroTik RouterOS v7: DoH + ULA DNS via IPv6 RA RDNSS

MikroTik RouterOS v7: DoH + IPv6 RA RDNSS with ULA DNS

Self-contained paste for a RouterOS v7 LAN that already has IPv6 SLAAC working. It makes the router the LAN DNS resolver, sends upstream DNS through Cloudflare DoH, advertises the router's own ULA as DNS via RA RDNSS, and stops DHCPv4 from advertising 192.168.88.1 as DNS while keeping admin@192.168.88.1 management working.

Full write-up with topology, rationale, and the rest of the build: https://marfillaster.github.io/mikrotik-home-network

DNS companion/update for: