#!/bin/bash | |
# Grab oauth token for use with Nitter (requires Twitter account). | |
# results: {"oauth_token":"xxxxxxxxxx-xxxxxxxxx","oauth_token_secret":"xxxxxxxxxxxxxxxxxxxxx"} | |
# 2024-11-14: verified working again | |
# 2025-01-07: added 2FA support | |
username="" | |
password="" | |
# Two-Factor Authentication | |
# You can use any time-based one time password (TOTP) authentication app like Google Authenticator, Authy, Duo Mobile, 1Password, etc.) |
# To set this up, first get tailscale working in an isolated linux shell: | |
# 1. sudo systemctl stop tailscaled.service | |
# 2. tailscaled -port 9993 -state tailscale-luks-setup.state -tun userspace-networking -socket ./tailscaled.sock | |
# 3. tailscale -socket ./tailscaled.sock up -hostname HOSTNAME-luks | |
# 4. tailscale -socket ./tailscaled.sock down | |
# 5. ctrl-c out of tailscaled | |
# 6 sudo systemctl start tailscaled.service | |
# | |
# Then add the .state file to your machine secrets and pass its path as tailscaleStatePath. |
Start by checking that there aren't any previous ssh keys inside the FIDO2 authenticator of your YubiKey. You can check if they exist by running the command below:
nix shell nixpkgs#yubikey-manager -c ykman fido credentials list
If the command above outputs a string mentioning "ssh" or "openssh", then you have already got a key generated and store on your YubiKey.
Before generating a new ssh key to store on your YubiKey you must consider which additional required authentication factors you want to use. Below you can see a table with the available factors and their corresponding command:
- I faced bandwidth issues between a WG Peer and a WG server. Download bandwidth when downloading from WG Server to WG peer was reduced significantly and upload bandwidth was practically non existent.
- I found a few reddit posts that said that we need to choose the right MTU. So I wrote a script to find an optimal MTU.
- Ideally I would have liked to have run all possible MTU configurations for both WG Server and WG Peer but for simplicity I choose to fix the WG Server to the original 1420 MTU and tried all MTUs from 1280 to 1500 for the WG Peer.
- On WG server, I started an
iperf3
server - On WG peer, I wrote a script that does the following:
wg-quick down wg0
- Edit MTU in the
/etc/wireguard/wg0.conf
file
(EDIT: Besides Reddit, I've also put this up on Github Gist)
So while looking for information on security keys before getting one myself, I got very confused reading about all the different modes and advertised features of Yubikeys and other similar dongles. The official documentation tends to be surprisingly convoluted at times, weirdly organized and oddly shy about a few of the limitations of these keys (which I'm making a point of putting front and center). Now that I have one, I decided to write down everything I figured out in order to help myself (and hopefully some other people reading this) make sense of all this.
Since I'm partly writing these notes for myself, there might be some back and forth between "exp
This is a gist used in the following blog posts:
filename='yourfilename' | |
filetype='text/csv' | |
token='my oauth token' | |
url='http://localhost/upload' | |
curl "$url" \ | |
--form "data=@$filename;type=$filetype" \ | |
--form "name=somename" \ | |
-H "Authorization: Bearer $token" | |