Skip to content

Instantly share code, notes, and snippets.

View jamesog's full-sized avatar

James O'Gorman jamesog

95 followers · 15 following
View GitHub Profile
@jamesog
jamesog / configuration.nix
Created September 7, 2024 15:52
NixOS on ZFS root (UTM / virtio)
{
networking.hostId = "..."; # Use head -c8 /etc/machine-id to get this
services.zfs.autoScrub.enable = true;
}
@jamesog
jamesog / Corefile
Created March 13, 2023 20:15
CoreDNS with NextDNS
. {
forward . tls://2a07:a8c0::ae:9cfd tls://2a07:a8c1::ae:9cfd tls://45.90.28.178 tls://45.90.30.178 8.8.8.8 8.8.4.4 {
tls_servername dns01-ae9cfd.dns.nextdns.io
policy sequential
}
cache {
success 12800 86400 300
denial 12800
prefetch 25
serve_stale 24h
@jamesog
jamesog / configuration.nix
Created March 3, 2023 12:09
NixOS using SSH CA
{ config, pkgs, ... }:
{
environment.etc = {
"ssh/ca.pub".text = ''
ssh-rsa ...
'';
};
services.openssh.extraConfig =
@jamesog
jamesog / README.md
Last active January 24, 2024 23:17
YubiKey as an SSH CA
@jamesog
jamesog / better-config-mgmt.md
Last active December 13, 2020 20:28
I dreamed a dream

Better config management

Syntax

Use HCL, not YAML.

# Ensure blocks group actions
ensure "Foo service" {
    package "foo" {
@jamesog
jamesog / net.jamesog.takeabreak.plist
Created November 19, 2020 18:34
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>net.jamesog.takeabreak</string>
<key>Program</key>
<string>/usr/bin/say</string>
<key>ProgramArgs</key>
<array>
@jamesog
jamesog / tailscaled.sh
Last active August 20, 2023 22:14
FreeBSD rc script for tailscaled
#!/bin/sh
#
# PROVIDE: tailscaled tailscale
# REQUIRE: NETWORKING
. /etc/rc.subr
name="tailscaled"
rcvar="${name}_enable"
@jamesog
jamesog / README.md
Last active September 14, 2023 11:47
Yubikey SSH without GPG

Yubikey as an SSH key

All other guides I've seen (https://github.com/drduh/YubiKey-Guide being the most prolific) tell you to use the Yubikey's smartcard (PKCS#11) features with GnuPG via gpg-agent.

STOP THE MADNESS!

OpenSSH has supported OpenSC since version 5.4. This means that all you need to do is install the OpenSC library and tell SSH to use that library as your identity.

Prequisites

@jamesog
jamesog / context.go
Last active January 1, 2019 16:38
HTTP DB Context
package main
import (
"context"
"database/sql"
"log"
"net/http"
_ "github.com/lib/pq"
)
@jamesog
jamesog / siteadmin.sh
Created October 23, 2016 20:03
siteadmin.sh - ancient Apache vhost management script
#!/bin/sh
# siteadmin.sh
# Created 2005/01/07 by James O'Gorman <[email protected]>
#
# This script automatically creates directory structures and config file
# entries needed for a new website.
# It can also be used to clean up (remove) those entries when a website is
# no longer needed.
#