Skip to content

Instantly share code, notes, and snippets.

View hertg's full-sized avatar
🦝
welcome to my trash

Michael Hertig hertg

🦝
welcome to my trash
View GitHub Profile
@jpawlowski
jpawlowski / msys_hetzner-etc_network_interfaces
Created August 12, 2012 12:06
Debian network configuration for Proxmox VE server running on a Hetzner host
# /etc/network/interfaces
#
auto lo
iface lo inet loopback
# device: eth0
iface eth0 inet manual
# IPv4 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active September 7, 2024 18:11 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@HardenedArray
HardenedArray / Efficient UEFI Encrypted Root and Swap Arch Linux Installation Procedure with an ENCRYPTED BOOT
Last active August 19, 2024 11:34
Efficient UEFI Encrypted Root and Swap Arch Linux Installation with an ENCRYPTED BOOT
# OBJECTIVE: Install Arch Linux with encrypted root and swap filesystems with an ENCRYPTED BOOT and boot from UEFI. We will
also decrypt and mount our entire encrypted system using a single LUKS passphrase entry.
# Note: This method supports both dedicated Arch installs and those who wish to install Arch on a multi-OS-UEFI booting system.
# External USB HDD/SSD Installers Notes: Encrypted Arch installs can be booted and run from an external USB HDD or SSD, but
# only when the installation is correctly set up. There are several necessary changes to my standard procedure you'll want
# to make during the install process. Read my External USB HDD/SSD Installation section below before proceeding.
@mcguinness
mcguinness / online_access_refresh_tokens.md
Last active October 9, 2022 01:06
Online Access Refresh Tokens

Problem Statement

The OAuth 2.0 Authorization Framework defines the authorization_code grant type and refresh token. It doesn't establish any rules for issuing refresh tokens and explicitly states in Section 1.5 that "Issuing a refresh token is optional at the discretion of the authorization server". One of the explicit goals for Rfc6749 was to enable offline access to protected resources when the end-user is not present. It does not define any request semantics for how a client can explicitly request a refresh token or whether that refresh token's lifecycle should be bound to the user's session that granted the refresh token. Authorization Servers are free to define these behaviors on a per-implementation or policy basis.

OpenID Connect being the identity layer ontop of OAuth 2.0 needed to define some new authorization server behaviors to enable end-user consent for when a client can access their identity info

@kabili207
kabili207 / Rclone systemd service.md
Last active October 29, 2024 20:52
Rclone systemd user service

rclone systemd service

Preparation

This service will use the same remote name you specified when using rclone config create. If you haven't done that yet, do so now.

Next, create the mountpoint for your remote. The service uses the location ~/mnt/<remote> by default.

mkdir ~/mnt/dropbox
@stollcri
stollcri / c41
Last active October 24, 2024 21:03
A Python script to develop scans of C-41 film negatives into color-corrected positive images
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import argparse
import logging
import math
import os
import statistics
import signal
import sys
@morningreis
morningreis / proton_opn_wg.md
Created December 16, 2022 21:26
OPNsense + ProtonVPN + Wireguard Configuration Guide

OPNsense + ProtonVPN + Wireguard

Published: 16 December 2022

Reference: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

Goal: Set up one or more Wireguard connections from ProtonVPN on OPNsense, with policy based routing, and optional Killswitch.

I'm writing this guide first as a reference for my future self for when I inevitably forget how to do this, but also to help others out. I found there were not many guides on this specific configuration, particularly not with multiple concurrent connections, and these were some steps which were not at all obvious. I did begin with the guide in the official OPNsense documentation, but even that was missing info to make ProtonVPN work. If you are a pfSense user, it is very similar to OPNsense, and you should be able to follow along with some success, but I have not tested it myself.

@mttaggart
mttaggart / electron-versions.csv
Last active August 27, 2024 23:34
CVE-2023-4863 Electron App Tracker | THIS LIST IS NOW DEPRECATED. PLEASE VISIT https://github.com/mttaggart/electron-app-tracker FOR THE LATEST DATA
app_name repo electron_version vulnerable
1Clipboard https://github.com/wiziple/1clipboard
1Password None 25.8.1 FALSE
3CX Desktop App 19.0.8 TRUE
5EClient None
Abstract None
Account Surfer None
Advanced REST Client https://github.com/advanced-rest-client/arc-electron ^17.0.0 TRUE
Aedron Shrine None
Aeon https://github.com/leinelissen/aeon 23.2.0 TRUE
@Geczy
Geczy / migrate.sh
Last active November 14, 2024 14:25
Migrate Coolify to a new server
#!/bin/bash
# This script will backup your Coolify instance and move everything to a new server. Docker volumes, Coolify database, and ssh keys
# 1. Script must run on the source server
# 2. Have all the containers running that you want to migrate
# Configuration - Modify as needed
sshKeyPath="$HOME/.ssh/your_private_key" # Key to destination server
destinationHost="server.example.com"