rechner

from kivy.app import App
from kivy.clock import Clock
from kivy.uix.widget import Widget
from kivy.graphics import Color, Line
import random, time
import queue, threading

class FFTGraph(Widget):
    def draw_graph(self, dt):
        try:

rechner

#!/usr/bin/python
"""
Read a MagTek USB HID Swipe Reader in Linux. A description of this
code can be found at: http://www.micahcarrick.com/credit-card-reader-pyusb.html

You must be using the new PyUSB 1.0 branch and not the 0.x branch.

(Install with `pip install pyusb --pre` in a virtualenv. Install libusb first on debian)

Copyright (c) 2010 - Micah Carrick

rechner

#!/usr/bin/env python3
from flask import Flask, Response, abort, request
from PIL import Image
import requests

try:
  from StringIO import BytesIO
except ImportError:
  from io import BytesIO

rechner

html {
    cursor: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB+AKHQAJD3MugBkAAAB5SURBVDjLpVNBDsAgCCuGQ///Wg4m7KKGmG0qknCBUAoFsWqOC1MAoDJVbNVQsp2tGqgUzRQ21jJGOO0aYwWXdgRAJWbVjhnMIKkRIkh6Bx3k+g7KW6JrvSVnm8UBeFxOjEffVoFKmZm8HdLo9PWVqzysmq9e+i//APQoZfbgyIqBAAAAAElFTkSuQmCC'), auto;
}

.scrollable {
  border: 14px solid #5f9ea0;
  border-image-source: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUAAAAApCAIAAADLfmfbAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4goaByox2bZl5AAAAB1pVFh0Q29tbWVudAAAAAAAQ3JlYXRlZCB3aXRoIEdJTVBkLmUHAAAA2UlEQVR42u3dMQqCUBjA8c/oQN2kjhM4C23doNkxJ+9QS4OOzZ2hreHREBg21EPj95sF5eGfT3nDK9quj6f6dI4hl+YYEffrLYDf29eH0R6ThcWC+RIwCBgQMCBgEDAgYEDAgIBBwICAAQGDgAEBAwIGBAwCBgQMCBgQMAgYEDAgYBAwIGBAwMCI5eeXpuMeABMYyDWBV+tNvD9q6VvSkU27qspwL/iP99MEBp/QgIABAYOAAQEDAgYGvOwDp52uKZjOk8CU308TGGasaLs+IrZlaS3APzCQzwMIpytnJp1AMAAAAABJRU5ErkJggg==');
  border-image-slice: 0 14 14 14;
  border-top: 0;
}

rechner

import os
from ldap3 import Server, Connection, ALL, core

# XXX: Update these with settings apropriate to your environment:
#      (I use FreeIPA and an homeassistant group assignment)
SERVER = "ipa.example.com"
USERDN = "uid={},cn=users,cn=accounts,dc=example,dc=com"
TIMEOUT = 3
BASEDN = USERDN
SCOPE = "base"

rechner

IsoApplet

https://github.com/philipWendland/IsoApplet/wiki/Initialization

Serial: DEADBEEFCAFEBABEC0DEFEE1 PIN: 123456789 PUK: deadbeefcafebabe

Once applet is loaded, it's necessary to add the javacard's ATR to opensc.conf

rechner

This article proved to be a decent starting point, but I was particularly interested in allowing password-based logins to OpenVPN using a username/password backed by FreeIPA (opposed to client certificates) as the identity provider.

• IPA join your VPN machine: ipa-client-install --mkhomedir
• Get a kerberos ticket: kinit
• Create a Kerberos service principle and HBAC rule for openvpn access:

ipa service-add openvpn/`hostname`

• Create new hbacrule in console, mark host as the VPN host, and whatever group you want to restrict access to:

rechner

Flavoured for a Debian 10 IPA-joined web server, and based on these pages from the FreeIPA wiki:

• Web App Authentication
• Web App Authentication: example setup

Install pre-requisites

# Install pre-requisites
sudo apt install libapache2-mod-authnz-pam libapache2-mod-auth-kerb libapache2-mod-auth-gssapi

# libapache2-mod-nss isn't packaged for Buster for some reason, but oldstable package works fine:

rechner

# cp suspend-fix.service /etc/systemd/system && systemctl enable --now suspend-fix.service
[Unit]
Description=Disable suspend wakeup interrupts except for LID

[Service]
Type=oneshot
ExecStart=/bin/sh -c "echo SLPB GLAN XHC > /proc/acpi/wakeup"

[Install]
WantedBy=multi-user.target

rechner

# Setting up Proxmox with a certificate from FreeIPA.
# This assumes you've already joined the machine with ipa-client-install

# Get a ticket as someone that can issue certificates
kinit admin

cat <<EOF > /usr/local/sbin/set-ssl-permissions
#!/bin/bash

FILES=/etc/pve/nodes/proxmox/{pve-ssl.key,pve-ssl.pem}