Skip to content

Instantly share code, notes, and snippets.

View arbv's full-sized avatar
💭
🇺🇦

Artem Boldariev arbv

💭
🇺🇦
View GitHub Profile
@kylemanna
kylemanna / build-friendlywrt.md
Last active September 12, 2024 15:33
FriendlyElec NanoPi R5S Linux PTP Support

Build Notes

Environment

Use systemd-nspawn on Arch Linux with debootstrap:

sudo debootstrap --include=systemd-container --components=main,universe jammy ubuntu22.04-rk3568 http://archive.ubuntu.com/ubuntu/
@jfeilbach
jfeilbach / sysctl.conf.md
Last active August 16, 2024 19:27
10/40 Gb NIC Linux Kernel Performance Tuning for samba file server

TCP tuning

The most important TCP tuning areas since kernel 4.9 are:

  • packet pacing
  • dynamic TSO sizing
  • TCP small queues
  • BBR TCP congestion algorithm

Definitions

  • Gb = gigabit
@kevinoid
kevinoid / .bashrc
Created July 31, 2019 16:31
GnuPG pinentry script for terminal or graphical interface based on $PINENTRY_USER_DATA.
# ~/.bashrc: executed by bash(1) for non-login shells.
# If file exists (likely) copy fragment below into existing script:
# If stdin is a terminal
if [ -t 0 ]; then
# Set GPG_TTY so gpg-agent knows where to prompt. See gpg-agent(1)
export GPG_TTY="$(tty)"
# Set PINENTRY_USER_DATA so pinentry-auto knows to present a text UI.
export PINENTRY_USER_DATA=USE_TTY=1
@mjbnz
mjbnz / nginx-rproxy-with-sso.md
Last active November 3, 2024 22:45
Nginx Reverse Proxy with simple SSO

Nginx Reverse Proxy for homelab services using SSO

NOTE: This document has now been added to the nginx-sso wiki, here. Any further updates will be made there.

Using:
auth_username_format = %n
imap_idle_notify_interval = 29 mins
lda_mailbox_autocreate = yes
mail_location = maildir:~/mail
mail_plugins = " fts fts_lucene"
plugin {
fts = lucene
fts_autoindex = yes
fts_lucene = whitespace_chars=@.
imapsieve_mailbox1_before = file:/etc/mail/imapsieve/report-spam.sieve
pki example.com key "/etc/letsencrypt/live/example.com/privkey.pem"
pki example.com certificate "/etc/letsencrypt/live/example.com/fullchain.pem"
listen on lo mask-source
listen on 1.2.3.4 port 25 tls pki example.com auth-optional hostname example.com
listen on 1.2.3.4 port 465 smtps pki example.com auth hostname example.com mask-source
listen on 1.2.3.4 port 587 tls-require pki example.com auth hostname example.com mask-source
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
@InsanePrawn
InsanePrawn / container_dhcp.network
Last active March 7, 2024 18:11
block device passthrough into systemd-nspawn for testing the munin smartctl plugin
[Match]
Name=host*
[Network]
DHCP=yes
@daniel-j-h
daniel-j-h / default.nix
Created July 7, 2016 22:47
Nix C++ compiler, CMake, Boost skeleton --- stable ABI
# Nix skeleton for compiler, cmake, boost.
# Dependencies (boost and others you specify) are getting built with selectec compiler (for ABI compatibility).
# Examples:
# nix-shell --argstr compiler gcc5 --run 'mkdir build && cd build && cmake .. && cmake --build .'
# nix-shell --argstr compiler gcc6 --run 'mkdir build && cd build && cmake .. && cmake --build .'
# nix-shell --argstr compiler clang_38 --run 'mkdir build && cd build && cmake .. && cmake --build .'
{ nixpkgs ? import <nixpkgs> {}, compiler ? "gcc6" }:
let
@gdamjan
gdamjan / 50-wifi.link
Last active September 26, 2018 15:21
Home network setup with a bridged wifi (for my libvirt VMs) using systemd-networkd and wpa_supplicant
@trendels
trendels / rsync_daemon_over_ssh.md
Last active July 25, 2024 20:42
Rsync daemon mode over ssh

rsync daemon mode over ssh

There are several common ways to do rsync backups of hosts over ssh:

  1. As a non-root user. Upsides: very secure. Downside: cannot back up sensitive files.
  2. As root, with a public key. Downsides: Whoever has the private key has full root access to the host being backed up.
  3. As root, with a public key and a "forced command". Upsides: Restricts access to the server. Downsides: Requires either careful matching of rsync options (which might change over time), or "validator" scripts. Neither idea sounds very appealing to me.
  4. Running rsync in daemon mode on the host being backed up. Upsides: Lots of useful options, like read-only mode, running as a different user if required, server-side excludes/includes, etc. Downsides: Opens up a TCP port that has full filesystem read access and is hard to secure (Ideally you could make the rsync daemon use a unix socket instead, that could be secured by filesystem permissions, but I haven't found a way to do that).

Here is another option t