If you want to use Bitwarden CLI for ssh have a look at: How to use use Bitwarden CLI for SSH-Keys in macOS
Wirtten and tested on macOS Ventura
To allow Touch ID on your Mac to authenticate you for sudo access instead of a password you need to do the following.
| #!/bin/bash -xe | |
| NEW_PUB_KEY="$HOME/.ssh/id_ed25519.pub" | |
| OLD_PUB_KEY="$HOME/.ssh/id_rsa.pub" | |
| NEW_PUB_KEY_STR=$(cat ${NEW_PUB_KEY}) | |
| OLD_PUB_KEY_STR=$(cat ${OLD_PUB_KEY} | cut -d' ' -f2) | |
| for IP in $(cat ip-list-ssh.txt); do | |
| # Backup authorized_keys | |
| ssh ${USER}@${IP} "cp ~/.ssh/authorized_keys{,.bak}" | |
| # Add new key to authorized_keys |
| #!/bin/bash | |
| OLD_PUBLIC_KEY=$(uci get network.mullvad.private_key | wg pubkey) | |
| logger -p notice -t "Changing Wireguard Publickey" "Old Publickey=$OLD_PUBLIC_KEY" | |
| logger -p notice -t "Changing Wireguard Publickey" "Old Privatekey=$(uci get network.mullvad.private_key)" | |
| logger -p notice -t "Changing Wireguard Publickey" "Old IPs=$(uci get network.mullvad.addresses)" | |
| PRIVATE_KEY=$(wg genkey) | |
| logger -p notice -t "Changing Wireguard Publickey" "New Privatekey=$PRIVATE_KEY" | |
| PUBLIC_KEY=$(echo "$PRIVATE_KEY" | wg pubkey) | |
| logger -p notice -t "Changing Wireguard Publickey" "New Publickey=$PUBLIC_KEY" |
| server: | |
| # If no logfile is specified, syslog is used | |
| # logfile: "/var/log/unbound/unbound.log" | |
| verbosity: 0 | |
| interface: 127.0.0.1 | |
| port: 5335 | |
| do-ip4: yes | |
| do-udp: yes | |
| do-tcp: yes |
This script fully clones LXC 999 (Debian Based Container) to the storage named SSD-Storage starts it and installs updates.
Afterwards it will dump a Backup to the storage named NAS mounted in /mnt/pve/NAS and copies it with a meaningfull name in the local template cache.
Every Sunday this script will archive a copy of the template and name it with the current date, the last 4 archived images will be kept.
If you want to reuse this script edit the storages, e.g. if you only have the local storage replace SSD-Storage and NAS with local, also replace /mnt/pve/NAS/dump/ with /var/lib/vz/.
Also be sure to that ID 9876 is not taken and your custom template is ID 999, or replace the ID's accordingly.
Make local binary directory if not existent:
mkdir -p ~/.local/bin
Get the script and make it executable:
wget -O ~/.local/bin/mullvad-wifi-connect-on-demand https://gist.githubusercontent.com/n-stone/d0388cfc3229435ff315a473d76686e6/raw/mullvad-wifi-connect-on-demand
chmod +x ~/.local/bin/mullvad-wifi-connect-on-demand
| class MacFuseRequirement < Requirement | |
| fatal true | |
| satisfy(build_env: false) { self.class.binary_mac_fuse_installed? } | |
| def self.binary_mac_fuse_installed? | |
| File.exist?("/usr/local/include/fuse/fuse.h") && | |
| !File.symlink?("/usr/local/include/fuse") | |
| end |
| #!/bin/bash | |
| # This a replacement Aikhjarto/block_badips.sh, using https://www.abuseipdb.com/ since badips.com seems to be offline :( | |
| # This script downloads a list of IPs known for brute force attacking. | |
| # The fetched IPs get blocked with iptables with the special comment "BADIP". This script only | |
| # modifies iptables rules with that comment. This measure makes it well compatible with other firewall | |
| # scripts like the SUSEFirewall. | |
| # The iptables rules are updated every time this script is executed. Additionally this script is | |
| # quiet on stdout, which makes it well suited for being executed as a cronjob. | |
| # TODO Block ipv6 |