gwire

Arbitrary resolver routing using netplan

I have a server that uses netplan to configure systemd-resolved for local name resolution. I’m happy with the default DNS resolvers in use, but want to use a different resolver for specific subdomains.

e.g. I might want to use CloudFlare DNS (1.1.1.1, 1.0.0.1) by default, but also specifically use Google Public DNS (8.8.8.8, 8.8.4.4) for subdomains of google.com. (These are example values, not the actual use-case.)

systemd-resolved does support have the concept of routing-domains - for example an interface being added that resolves *.internal addresses to a local nameserver by specifying ~internal as the search-domain. But unfortunately specific nameserver routing can only be configured on a per-link basis.

One hacky way around this would be to add new interfaces just to update t

Quick publishing of keys via OpenPGP web key service

Recent issues with OpenPGP key servers are likely to prompt PGP users to advertise their keys via alternative methods.

There is currently a DRAFT RFC (draft-koch-openpgp-webkey-service) for publishing keys where an infrastructure such as DANE is not yet in place.

For example, the key for [email protected] would be located at

https://openpgpkey.example.org/.well-known/openpgpkey/example.org/hu/apr3aj3jqcf89yd69qd8pkjp3pzawxhx?l=example

	# An upgrade of MariaDB broke our matomo installation
	# Error in Matomo (tracker): Error query: SQLSTATE[HY000]: General error:
	# 1364 Field 'visit_total_events' doesn't have a default value In query: INSERT INTO piwik_log_visit ...
	#
	# See https://github.com/matomo-org/matomo/issues/14799

	ALTER TABLE piwik_log_visit MODIFY COLUMN visit_total_events SMALLINT(5) UNSIGNED NOT NULL DEFAULT 0;
	ALTER TABLE piwik_log_visit MODIFY COLUMN config_os CHAR(3) NULL;
	ALTER TABLE piwik_log_visit MODIFY COLUMN config_browser_name VARCHAR(10) NULL;
	ALTER TABLE piwik_log_visit MODIFY COLUMN config_browser_version VARCHAR(20) NULL;

	require["vacation","date","relational"];

	# Trigger autoresponse for mail sent after Wednesday 5pm
	# But don't trigger on Sunday (day 0)

	if anyof(
	allof(
	currentdate :is "weekday" "3",
	currentdate :value "ge" "hour" "17"
	),

	#!/usr/bin/python3

	## utf8-url-to-ascii.py - Outputs a UTF-8 formatted file of URLs as ascii
	#
	# Three forms of conversion
	# - IDN domains to punycode notation
	# - Paths to urlencoding (preserving "/")
	# - Queries to urlencoding (encoding "/")
	#
	# Input is one url per line.

	# Even if you're patched against CVE-2019-10149 you don't want to recieve the mails
	#
	# This blocks any local part that contains "{"
	#
	# It should be placed high in the RCPT acl

	deny
	condition = ${if match{$local_part}{\N[\x7b]\N}{true}{false}}
	message = 5.1.3 Bad destination mailbox address syntax

	# Site-specific additions and overrides for usr.sbin.exim4.
	# For more details, please see /etc/apparmor.d/local/README.

	/usr/bin/timeout rix,

	/usr/lib/mailman/mail/mailman Px,

	/usr/share/publicsuffix/public_suffix_list.dat r,

	/run/dovecot/lmtp rw,

	## TIMESTAMP is usually offset from 2001-01-01 on macOS and iOS, so to treat it as a unix time add the epoch for that date (978307200)

	SELECT strftime('%s',datetime(ZTIMESTAMP+978307200,'unixepoch','localtime')) AS date FROM ZTABLE;

	#!/usr/bin/env python

	# wks-id.py - Generate an OpenPGP Web Key Directory URL for an email address
	#
	# example: echo "Example <[email protected]>" \| ./wks-url.py -a
	# returns: https://openpgpkey.example.org/.well-known/openpgpkey/example.org/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe
	#
	### See https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07
	#
	# 2019 github.com/gwire

	## remove ECDHE support for curves less under 256 bits
	tls_require_ciphers = ${if =={$received_port}{25}{NORMAL:%COMPAT:%SERVER_PRECEDENCE:-CURVE-SECP192R1:-CURVE-SECP224R1}{PFS:-DHE-RSA:-3DES-CBC:-CURVE-SECP192R1:-CURVE-SECP224R1}}