Skip to content

Instantly share code, notes, and snippets.

@kastetkot
kastetkot / full-disk-encryption-arch-uefi.md
Created April 23, 2024 13:38 — forked from huntrar/full-disk-encryption-arch-uefi.md
Arch Linux Full-Disk Encryption Installation Guide [Encrypted Boot, UEFI, NVMe, Evil Maid]

Arch Linux Full-Disk Encryption Installation Guide

This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.

Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.

Preface

You will find most of this information pulled from the Arch Wiki and other resources linked thereof.

Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX with /dev/sdX or your device as needed.

@kastetkot
kastetkot / systemd_service_hardening.md
Created October 23, 2023 12:33 — forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@kastetkot
kastetkot / mount_qcow2.md
Created September 18, 2023 08:33 — forked from shamil/mount_qcow2.md
How to mount a qcow2 disk image

How to mount a qcow2 disk image

This is a quick guide to mounting a qcow2 disk images on your host server. This is useful to reset passwords, edit files, or recover something without the virtual machine running.

Step 1 - Enable NBD on the Host

modprobe nbd max_part=8

Reload the DNS Cache in Network Manager

You may be using NetworkManager with dnsmasq as the DNS plugin. If so, it's being used as a local caching nameserver.

When its data is outdated, you can force it to reload its DNS cache with:

Use:

nmcli general reload dns-full
@kastetkot
kastetkot / stash_dropped.md
Created March 15, 2023 09:49 — forked from joseluisq/stash_dropped.md
How to recover a dropped stash in Git?

How to recover a dropped stash in Git?

1. Find the stash commits

git log --graph --oneline --decorate ( git fsck --no-reflog | awk '/dangling commit/ {print $3}' )

This will show you all the commits at the tips of your commit graph which are no longer referenced from any branch or tag – every lost commit, including every stash commit you’ve ever created, will be somewhere in that graph.

@kastetkot
kastetkot / Jenkinsfile
Created August 12, 2022 08:45 — forked from bcomnes/Jenkinsfile
Git env vars you might need in jenkins
/*
Jenkins ENV Reference:
env.GIT_COMMIT: the commit sha of the current build
env.BRANCH_NAME: the branch name OR tag name of the current build, when it exists
env.GIT_BRANCH: same as BRANCH_NAME
env.TAG_NAME: the tag name of the current build, when it exists
*/
@kastetkot
kastetkot / bash_strict_mode.md
Created May 5, 2022 12:37 — forked from mohanpedala/bash_strict_mode.md
set -e, -u, -o, -x pipefail explanation

Отправка файлов в Yandex Disk через REST API из Bash

Пример выгрузки файлов на Яндекс.Диск из Bash через официальный REST API.

Подготовка токена для работы с API

Тут все просто.

  1. Идем по ссылке и входим под нужной учетной записью Яндекса, после чего нажимаем "Зарегистрировать новое приложение".
  2. Настраиваем новое приложение:

Потоковая репликация PostgreSQL

Потоковая репликация (Streaming Replication) - это репликация, при которой от основного сервера PostgreSQL на реплики передается WAL (Write Ahead Log). И каждая реплика затем по этому журналу изменяет свои данные. Для настройки такой репликации все серверы должны быть одной версии, работать на одной ОС и архитектуре.

Шаги настройки:

  1. Настройка master-сервера
  2. Настройка доп. сервера (slave)
  3. Тестирование репликации
@kastetkot
kastetkot / etc_NetworkManager_conf.d_90-disable-randomization.conf
Created May 12, 2021 11:08 — forked from ctubbsii/etc_NetworkManager_conf.d_90-disable-randomization.conf
NetworkManager configuration to disable WiFi MAC address randomization while scanning
# Place file in
# /etc/NetworkManager/conf.d/90-disable-randomization.conf
[device-mac-randomization]
# "yes" is the default for scanning in Fedora 25
wifi.scan-rand-mac-address=no
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random