andonome/lk
2
1
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into vhs

Browse Source
This commit is contained in:
Malin Freeborn
2024-06-02 05:27:58 +02:00
parent 3f98db3d3a 6d44a44d0d
commit a6907d7a91
29 changed files with 460 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
data/git.md → data/git/basics.md
View File

0
data/git-lfs.md → data/git/git-lfs.md
View File

29
data/git/hooks.md Normal file
View File

@@ -0,0 +1,29 @@
---
title: "git hooks"
tags: [ "Documentation", "data", "git" ]
---
Check out the sample hooks:
```bash
cd $GIT_REPO
ls .git/hooks
head .git/hooks/pre-commit.sample
```
Add a hook to check the shell scripts in `$GIT_REPO` before making a commit:
```bash
echo '#!/bin/sh
shellcheck *.sh' > .git/hooks/commit-msg
chmod u+x .git/hooks/commit-msg
```
## Committing
Your `git hooks` will not enter the repository, but you can commit them to a repository, then request others add these git hooks to their own branch, by putting a note in the project's `README.md`.
```markdown
The project comes with recommended git hooks.
You can activate the hooks with `git config core.hooksPath hooks`.
```

141
data/gpg.md
View File

@@ -1,142 +1,7 @@
---
title: "gpg"
tags: [ "Documentation", "data" ]
tags: [ "Documentation", "data", "GPG" ]
---
# Making keys
Generate keys:
```bash
gpg --gen-key
```
Follow the guide.
# Encrypting a file
```bash
gpg -r malinfreeborn@posteo.net -e file
```
`-r` specifies the recipient.
Check you have an encrypted version of your file.
# Changing Expiration Dates
gpg --list-keys
... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2?
# Making encrypted files with a local password
Make a password with a password (cypher encryption).
```bash
gpg -c --output passwords.txt
```
or
```bash
gpg -c > passwords.txt
```
Put in a password.
Write message then stop with Ctrl+d.
Get the message back out the file with:
```bash
gpg -d passwords.txt
```
# Circles of Trust
Search for a key at any key store:
```bash
gpg --search-keys nestorv
```
Once you've made a decision about someone:
```bash
gpg --list-keys
```
You get something like this:
```
pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15]
CD30421FD825696BD95F1FF644C62C57B790D3CF
uid [ultimate] Malin Freeborn <malinfreeborn@posteo.net>
sub rsa3072 2021-08-15 [E] [expires: 2023-08-15]
```
Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is.
This is a fingerprint.
You can now decide the trust level (this stays on your computer).
```bash
gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF
```
Once you're in the interface, type `trust`.
```bash
gpg --sign-key alice@posteo.net
```
# Swapping Keys
This system relies on a ring of people swapping key information.
## Sending
Send those trusted keys up to a server, so people can see you have verified them:
```bash
gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F
```
## Upload Your Keys
## Add More Key Servers
Key servers often swap keys, but it's best to just send to multiple places immediately.
You can add key servers by adding this to `~/.gnupg/gpg.conf`.
```
keyserver hkps://keys.openpgp.org
keyserver hkps://mail-api.proton.me
keyserver hkps://keys.mailvelope.com
```
# Refresh Keys
Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more).
```bash
gpg --refresh-keys
```
You can use the [crontab](../basics/cron.md) to refresh keys.
# Export
Your public key:
```bash
gpg --output me.gpg --armor --export
```
or
```bash
gpg --export -a person@email.tld > my_key.pub
```
- [Setup](gpg/basics.md)
- [Extras](gpg/extras.md)

141
data/gpg/basics.md Normal file
View File

@@ -0,0 +1,141 @@
---
title: "GPG Basics"
tags: [ "Documentation", "data", "GPG" ]
---
# Making keys
Generate keys:
```bash
gpg --gen-key
```
Follow the guide.
# Encrypting a file
```bash
gpg -r malinfreeborn@posteo.net -e file
```
`-r` specifies the recipient.
Check you have an encrypted version of your file.
# Changing Expiration Dates
gpg --list-keys
... and then use the second part of 'pub', which is the ID. But that's not appearing here so... on with gpg2?
# Making encrypted files with a local password
Make a password with a password (cypher encryption).
```bash
gpg -c --output passwords.txt
```
or
```bash
gpg -c > passwords.txt
```
Put in a password.
Write message then stop with Ctrl+d.
Get the message back out the file with:
```bash
gpg -d passwords.txt
```
# Circles of Trust
Search for a key at any key store:
```bash
gpg --search-keys nestorv
```
Once you've made a decision about someone:
```bash
gpg --list-keys
```
You get something like this:
```
pub rsa3072 2021-08-15 [SC] [expires: 2023-08-15]
CD30421FD825696BD95F1FF644C62C57B790D3CF
uid [ultimate] Malin Freeborn <malinfreeborn@posteo.net>
sub rsa3072 2021-08-15 [E] [expires: 2023-08-15]
```
Notice the long, ugly, string - CD30421FD825696BD95F1FF644C62C57B790D3CF - and how horribly ugly it is.
This is a fingerprint.
You can now decide the trust level (this stays on your computer).
```bash
gpg --edit-key CD30421FD825696BD95F1FF644C62C57B790D3CF
```
Once you're in the interface, type `trust`.
```bash
gpg --sign-key alice@posteo.net
```
# Swapping Keys
This system relies on a ring of people swapping key information.
## Sending
Send those trusted keys up to a server, so people can see you have verified them:
```bash
gpg --send-keys 024C6B1C84449BD1CB4DF7A152295D2377F4D70F
```
## Upload Your Keys
## Add More Key Servers
Key servers often swap keys, but it's best to just send to multiple places immediately.
You can add key servers by adding this to `~/.gnupg/gpg.conf`.
```
keyserver hkps://keys.openpgp.org
keyserver hkps://mail-api.proton.me
keyserver hkps://keys.mailvelope.com
```
# Refresh Keys
Refreshing keys will tell you if some key you have contains a signature from someone you already trust, or if someone has published a revocation certificate (meaning their key should not be trusted any more).
```bash
gpg --refresh-keys
```
You can use the [crontab](../basics/cron.md) to refresh keys.
# Export
Your public key:
```bash
gpg --output me.gpg --armor --export
```
Alternatively:
```bash
gpg --export -a person@email.tld > my_key.pub
```

10
data/gpg/extras.md Normal file
View File

@@ -0,0 +1,10 @@
---
title: "gpg"
tags: [ "Documentation", "vim", "data", "GPG" ]
---
The `vim-gnupg` plugin lets vim edit gpg-encrypted files as if they were unencrypted.
It's probably in your package manager.
If not, you'll need to endure the faff of following the [instructions](http://www.vim.org/scripts/script.php?script_id=3645).

12
data/radicale.md
View File

@@ -29,11 +29,10 @@ Edit `/etc/radicale/config`, changing the `[auth]` section from this:
...to this:
```
#type = htpasswd
type = htpasswd
```
If the service is started, restart it to make sure nobody can sign in without a password.
Make sure the service is off, as people may be able to sign in without a password at this point.
Next, find the `htpasswd` program.
You might get it in the `apache` package or similar.
@@ -41,7 +40,7 @@ You might get it in the `apache` package or similar.
`htpasswd` allows you to generate passwords for users, and place them in `/etc/radicale/users`.
```bash
PASS="$(xkcdpass)
PASS="$(xkcdpass)"
htpasswd -nb $USER "$PASS" | sudo tee -a /etc/radicale/users
echo "Your username is $USER"
echo "Your password is $PASS"
@@ -96,14 +95,12 @@ Finally, replace the example `DOMAIN` with your actual domain name.
```bash
DOMAIN=whatever.com
sudo sed -i "s/DOMAIN/$DOMAIN/g" /etc/nginx/sites-available/radicale
```
(optional: replace that `cal.` prefix with anything else)
Check nginx is happy:
```bash
sudo nginx -t
```
@@ -115,7 +112,6 @@ sudo certbod -d cal.$DOMAIN
Start or restart both services:
```bash
sudo systemctl start radicale
sudo systemctl restart nginx
@@ -123,4 +119,4 @@ sudo systemctl restart nginx
You should now be able to log into your calendar, and add it to a phone.
NB: you don't need the port number.
**NB:** you don't need the port number.

23
data/sharing_secrets.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: "Sharing Secrets"
tags: [ "data", "death", "secrets", "ssss" ]
---
You can share parts of a secret with multiple people, so only some of them need to agree to see the secret.
Install `ssss`, then decide on the total number of secrets (`N`), and the threshold of people who must share their shard of the secret in order to reveal the secret.
```bash
N=5
T=3
FILE=secret.txt
fortune | ssss-split -t $T -n $N > $FILE
```
Each shard is a line inside secret.txt.
Check it's working:
```bash
head -n $T $FILE | ssss-combine -t $T
tail -n $T $FILE | ssss-combine -t $T
```

21
data/sqlite.md Normal file
View File

@@ -0,0 +1,21 @@
---
title: "sqlite"
tags: [ "Documentation", "data" ]
---
Work with a database:
```bash
sqlite3 "$FILE".sqlite3
```
Compress the database:
```sqlite
pragma vacuum;
```
Optimize the database:
```sqlite
pragma optimize;
```