su -l root
pkg install git -y
cd /usr && git clone https://git.freebsd.org/src.git src/
- Update source code
daemonhorn
daemonhorn
/ zfs-boot-envirnments.md
Last active
March 11, 2025 12:16
ZFS Boot Environments for FreeBSD-Current
- ref: https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/quickstart.html
- ref: https://edsonkimuli.medium.com/install-nagios-4-on-nginx-ubuntu-20-04-93a112208232
- Using nginx as the webserver instead of apache in this example with default config fixes.
- This guide starts with the Debian packages versions of
nagios4instead of building from source, thus requires a few tweaks to enable nginx as the webserver.
apt install nginx nagios4 php-fpm fcgiwrap -y
usermod -a -G nagios www-data
# Make a folder and symlink the native apache cgi into nginx
- https://vdc-download.vmware.com/vmwb-repository/dcr-public/1addc72d-5822-40b9-bc10-8dde76a49c70/8401b705-742b-4192-8158-6b02a578cfa7/GUID-3034A439-E9D7-4743-ABC0-EE38610E15F8.html
- https://www.reddit.com/r/PowerShell/comments/dsqh7h/vmware_powercli_on_server_without_internet/
- https://docs.vmware.com/en/VMware-PowerCLI/latest/powercli/GUID-3034A439-E9D7-4743-ABC0-EE38610E15F8.html
###################################
# Prerequisites
# Update the list of packages
daemonhorn
/ Debian_Unattended-Upgrades.md
Last active
November 15, 2024 00:42
Auto-Update for Ubuntu/Debian using Unattended-Upgrades package
Unattended-upgrades is installed by:
sudo apt install unattended-upgrades
sudo systemctl enable --now unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
The default config is reasonable, but should be inspected.
daemonhorn
/ PivKey_Taglio_Self-Signed_PIV_Setup.md
Last active
December 19, 2024 08:15
PivKey_Taglio_Self-Signed_PIV_Setup
The default instructions on the PivKey documentation site: https://pivkey.zendesk.com/hc/en-us do not provide any examples for configuring a self-signed certificate in any of the 25 slots. These instructions were tested with the PivKey C910 version, but likely most Taglio variants will work the same way.
There is support in powershell 5.1+ on currently supported Windows OS (Server 2012+/Windows 10+) configurations for generating self-signed certificates with a wide variety of configuration parameters, including support for the Microsoft Smart Card Key Storage Provider to generate keys on a smartcard.
- Reference: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
- Setup mapping of generate certificate to certificate slots (see Powershell script snippet below) to automatically assign a slot by using the correct
Application PoliciesOID configuration in in the initi
daemonhorn
/ Microsoft.PowerShell_profile.ps1
Last active
August 10, 2024 23:57
Powershell $profile helper examples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Place this file in our $profile location and restart powershell. | |
| # e.g.: copy Downloads\example.ps1 $profile | |
| # $profile defaults to $HOME\Documents\PowerShell\Microsoft.PowerShell_profile.ps1 | |
| # aka: c:\Users\username\Documents\PowerShell\Microsoft.PowerShell_profile.ps1 | |
| # If you want to sign it see function `user-sign-psscript` below for signing | |
| # This enables the use of: | |
| # set-executionPolicy -ExecutionPolicy AllSigned -Scope CurrentUser | |
| # Or if you don't care about security on Powershell locally, you can ignore local signing, and just use: | |
| # set-executionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser |
daemonhorn
/ pfsense-airgap-environment.md
Last active
May 18, 2024 23:08
PfSense as an air-gapped router
In certain environments, it is useful to have a router and firewall between two private vlans. When the WAN interface of PfSense is not able to access the internet (e.g. DNS Resolution, Update Checks, etc.) it can become sluggish to boot and configure. This guide attempts to capture configuration knobs that can improve the usability in these environments, and was written with PfSense CE 2.7.2 configuration as a baseline.
- Finish Documentation
-
tcpdump -nn -i XXXpfsense at steady state air-gapped {for em0 (WAN), em1 (LAN), lo0 (loopback)} Loopback will show you all of the items that would have being queried viaroot.hintsor other pfsense internals. Start withudp port 53capture filter to look for DNS traffic. - tcpdump pfsense at boot with WAN interface to look for extra ntp, dns, http, tls packets
Installation from the PfSense CE ISO file can easily be done in these environments. Download the ISO from mirror (to avoid creatin
daemonhorn
/ Cloudflare-WARP_Wireguard.md
Last active
February 27, 2025 00:40
Cloudflare WARP tunnel via Wireguard client
This example provides a simple configuration for a Debian client to have a Cloudflare tunnel while not installing the official Cloudflare WARP client. Note: Tunnel transport outbound to engage.cloudlflare.com on udp/2408 is default, with a dynamic listening udp port and a fwmark for packet matching by wireguard. Any applicable firewall rules may need to be adjusted.
- Top-level GitHub project to convert cloudflare endpoint to generic wireguard configuration file: https://github.com/ViRb3/wgcf
sudo apt install openresolv wireguard-tools golang git
git clone https://github.com/ViRb3/wgcf.git
daemonhorn
/ FreeBSD Arm64 Qemu.md
Last active
October 3, 2023 12:20
FreeBSD-arm64-aarch64 via Qemu from ports
This Quickstart receipe for Qemu assumes a recent FreeBSD release (stable/13 or newer), and provides an example configuration for running arm64 (aarch64) FreeBSD guest on an amd64 FreeBSD Host. Concepts can be applied to other architectures as desired, but syntax and capabilities will vary.
- Install qemu
pkg install qemuorpkg instal qemu-nox11. Latest pre-built package release as of this writeup is 8.1.0 - Sufficient disk space (50+GB) on a mounted FreeBSD Host disk (e.g.:
/qemu-datain this example)
daemonhorn
/ FreeBSD Ports Cheat Sheet.md
Last active
September 22, 2024 14:26
FreeBSD Ports Cheat Sheet and Notes
Some random FreeBSD Ports information for future me
- Add
BATCH=YESto prevent questions and dialog4ports(1) from slowing you down.
configto force a configuration display/choice (even if BATCH=YES has been defined)fetchandfetch-recursiveto download the source packages if not cachedinstallandreinstallto install and force-reinstall the port and register with package databasedeinstallto uninstall/remove the port and de-register from package databasebuild-depends-list,run-depends-list,all-depends-listto just list the names of the dependancies
NewerOlder