Jan Guth fentas

Neovim keybinds

Capital letters do the opposite of small letters in command (Press shift to trigger capital letters)
_ (underscore) to move the cursor at the beginning of line (doesn't switch to insert mode)
- 0 (zero) moves the cursor to the zeroth position of the line (doesn't switch to insert mode)
$ (dollar) to move the cursor at the end of line (doesn't switch to insert mode)
d$ will delete from wherever your cursor is till the end of the line
f<character> to move cursor to the first occurrence of <character>
- f( to move cursor to first occurence of (
t<character> to move cursor to upto but not on the first occurrence of <character>
t( to move cursor to first occurence of (

Creating a CSR and SSL Certificate with SAN Extensions

Problem:

As per here Few days ago (after an update) FF simply refused to accept my self-signed certificate anymore, Firefox requires SAN (Subject Alternative Names) present:

It must be due to removed "subject common name" fallback support from certificate validation. This fallback mode was previously enabled only for manually installed certificates. The CA Browser Forum Baseline Requirements have required the presence of the "subjectAltName" extension since 2012, and use of the subject common name was deprecated in RFC 2818. Firefox from 101.0 onward no longer use certificate CN (Common Name) for matching domain name to certificate and have migrated to only using SAN (Subject Alternate Name) so if you self sign for internal devices you’ll need to regenerate.

RKE2 commands

Updated on May 29 to accommodate etcd container not having /bin/sh available anymore.

Install

curl -sL https://get.rke2.io | sh
systemctl daemon-reload
systemctl start rke2-server

Arch Linux Full-Disk Encryption Installation Guide

This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.

Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.

Preface

You will find most of this information pulled from the Arch Wiki and other resources linked thereof.

Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX with /dev/sdX or your device as needed.

	#!/bin/bash
	WSL_COMMIT_REF=linux-msft-wsl-5.15.90.4
	apt update && apt install -y git build-essential flex bison libssl-dev libelf-dev bc dwarves

	mkdir src
	cd src
	git init
	git remote add origin https://github.com/microsoft/WSL2-Linux-Kernel.git
	git config --local gc.auto 0
	git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +${WSL_COMMIT_REF}:refs/remotes/origin/build/linux-msft-wsl-5.15.y

	// homerunner is Brad's shitty Docker wrapper after he got tired of running
	// HA nine-VM Kubernetes clusters. Earlier versions of this tried to use podman
	// and fancy cloud-init and CNI stuff but then I decided to go to the other
	// extreme and write something super specific to what I need and super dumb:
	// run my containers from gcr.io, and use my home Ceph cluster for mounts/state.
	//
	// This primarily runs Home Assistant, HomeSeer, an MQTT server, and some cameras.
	// And some omitted misc stuff.
	package main

	package main

	import (
	"fmt"
	"io"
	"log"
	"os"
	)

	func main() {

	#!/usr/bin/env python3

	import os
	import sys
	from re import compile
	from subprocess import run, Popen, PIPE

	__author__ = "Mariusz 'Maledorak' Korzekwa"
	__credits__ = ["Mariusz 'Maledorak' Korzekwa"]
	__license__ = "CC BY 4.0"

	#!/bin/bash
	docker run -d -p 80:80 -p 443:443 --name rancher-server rancher/rancher:latest

	while ! curl -k https://localhost/ping; do sleep 3; done

	# Login
	LOGINRESPONSE=`curl -s 'https://127.0.0.1/v3-public/localProviders/local?action=login' -H 'content-type: application/json' --data-binary '{"username":"admin","password":"admin"}' --insecure`
	LOGINTOKEN=`echo $LOGINRESPONSE \| jq -r .token`

	# Change password