kyle0r

A containerised Linux desktop env setup

This gist is currently a Work In Progress.

These steps were practised and performed on a Debian Bookworm container and Proxmox 8.x Hypervisor (Debian). Instructions may vary for other releases/distros. Please DYOR and observe that YMMV. Comments, ideas and critique very welcome.

Speed run screencast: https://youtu.be/SFWV8blEdZQ

This gist is effectively a tech demo. I hope you enjoy and take away something useful.

The objective with most of the topics is to show ways / introduce tooling to boost productivity and the quality of our daily lives working in tech.

kyle0r

Capturing my steps for creating CIDR network lists (ipset) suitable for use with firewalls such as iptables and nftables.

For example, I reference this approach in my Secure defaults for Debian sshd_config and MFA gist.

The ipsets that I build in this gist reduce the permitted IPv4 hosts from ~4.28 billion to ~47 million, a reduction of ~98.88%, which helps to reduce the attack surface but still lets in some traffic including your preferred IPS/networks.
This approach is not as good as, or a replacement for, setting up a VPN or Bastion setup, or implementing Zero Trust Network Access (ZTNA), or reducing the host list to only trusted hosts/networks. These topics can be tricky for dynamic IP addressing setups and will be the subject of a future Gist.

Step 1 - determine relevant ASN(s)

Glossary: AS refers to the network itself, and ASN refers to the number that identifies tha

kyle0r

💡 Public Service Announcement: Editing a git repos history will cause the repo hashes to be recomputed, resulting in a divergence in remote refs/branches. A fetch followed by a force push will be required to update remotes.
This can wreak havoc on a project if contributors and maintainers are not "in the know".
Please think carefully about the implications for public repos and repos that you collaborate on with others.
I strongly encourage you to announce, in good time, that you intend to proceed with making such changes.

---

The anatomy of a git repo has various facets, including:

• The file content

kyle0r

Modification of this XPI: https://addons.mozilla.org/firefox/downloads/file/3467566/quick_tabs_ported-1.0.6.xpi
Extension page: https://addons.mozilla.org/firefox/addon/quick-tabs-ported/

A recent version of Firefox caused issues with the extensions search field.
The search field intermittently stopped receiving focus when the popup was activated, especially when activating the extension via the configurable keyboard shortcut.

This code change to the popup.js should resolve the issue. Tested on Firefox 131.

Related issue thread from the original Quick Tabs Chrome project:
babyman/quick-tabs-chrome-extension#189 (comment)

kyle0r

First version: 2024.38.1
Current version: 2024.38.1

Description

I'm sharing my research and development script, the knowledge could be used to create a more mature script using Perl or Python, or your preferred development language.

The purpose of this script is to parse log data from Kostal PV inverters. The primary objective is to learn about the data available in the log and how it can be used, and to summerise the data, and provide data insights. The secondary objective is to produce summerised results and compare them with the Kostal Solar Portal or other PV analytics portals to verify the correctness of the script logic and mathematics. I've hosted an intro video on YouTube.

kyle0r

First version: 2024.20.1
Current version: 2024.21.1

Run iostats-for-zpool --help for usage.

iostats-for-zpool will attempt to show you a side-by-side iostat and zpool iostat with pool devices grouped together.

Intro video:

iostats-for-zpool.example.mp4

kyle0r

First version: 2024.18.1
Current version: 2024.18.4

Run dpkg-diff-pkg-file --help for usage. Also available at the top of the script.

dpkg-diff-pkg-file will attempt to show you a visual difference between an original package file vs. your local file. This can help resolve config drift and conflicts ahead of attended/unattended upgrades.

Intro video: https://www.youtube.com/embed/19wm3gI4LfI

INSTALL

kyle0r

Disclaimer: Your mileage may vary. Rigorous testing (e.g. pen-testing) is recommended to validate that your config behaves according to your use cases, that it is secure, locked down and not exploitable.

The following configs provide a "secure by default" configuration for sshd and enforces MFA authentication from public ip space.

A screencast walking-through and demonstrating the configuration has been posted on YouTube here: https://youtu.be/m_MCVm79xyY

In theory, the strategy/concept and configuration should work on most distros running sshd. The screencast was recorded on an instance of Debian 12 aka bookworm. OpenSSH_9.2, OpenSSL 3.0.9.

kyle0r

Documentation here.

kyle0r

Check the inline code docs.

The revision of the script on my system was this one.

I don't have the time at the moment to submit a bug and/or patch and/or commit directly to HEAD.
I did a quick study of the Debian bug reporting process and the reportbug tool.
cite: https://www.debian.org/Bugs/Reporting
I will try to find the time to report the improvement and link the maintainers to this gist.

example of the xargs process pool with MAX_PARALLEL_SCRUBS=3