Compare commits

...

3 Commits

Author SHA1 Message Date
51e489a8e3
note sharding secrets 2024-05-13 20:19:33 +02:00
d4ca81c2ae
note monitoring basics 2024-04-30 16:44:38 +02:00
ae1e0ad726
remove old scripts 2024-04-30 16:28:50 +02:00
7 changed files with 47 additions and 163 deletions

23
data/sharing_secrest.md Normal file
View File

@ -0,0 +1,23 @@
---
title: "Sharing Secrets"
tags: [ "data", "death", "secrets", "ssss" ]
---
You can share parts of a secret with multiple people, so only some of them need to agree to see the secret.
Install `ssss`, then decide on the total number of secrets (`N`), and the threshold of people who must share their shard of the secret in order to reveal the secret.
```bash
N=5
T=3
FILE=secret.txt
fortune | ssss-split -t $T -n $N > $FILE
```
Each shard is a line inside secret.txt.
Check it's working:
```bash
head -n $T $FILE | ssss-combine -t $T
tail -n $T $FILE | ssss-combine -t $T
```

View File

@ -1,57 +0,0 @@
#!/bin/bash
# https://www.unixmen.com/install-arch-linux-raspberry-pi/
pacman-key --init || echo init fail >> log
pacman-key --populate archlinuxarm || echo update fail >> log
pacman -Syyuu || echo update fail >> log
sed -i s/#en_GB.UTF-8 UTF-8/en_GB.UTF-8 UTF-8/ /etc/locale.gen
echo 'LANG=en_GB.UTF-8' >> /etc/locale.conf
locale-gen
pacman -S base-devel htop ranger tmux lolcat fortune-mod git figlet rxvt-unicode task timew calcurse fail2ban
# texlive-most
if [[ $2 == all || $1 == all ]]; then
pacman -S nnn feh dmenu rofi xf86-video-fbdev xorg xorg-xinit xorg-server xorg-server-utils xterm
fi
# Audio
echo 'dtparam=audio=on' >> /boot/config.txt
if [[ $1 == audio ]]; then
pacman -S alsa-utils alsa-firmware alsa-lib alsa-plugins
fi
echo 'device_tree_param=spi=on' >> /boot/config.txt
# for a vnc viewer
if [[ $1 == vnc ]]; then
tigervnc gcc geany i3 i3status compton feh sxiv rxvt-unicode
fi
# Swap
cd /var/cache/swap
dd if=/dev/zero of=swapfile bs=1K count=2M
chmod 600 swapfile
mkswap swapfile
swapon swapfile
echo "/var/cache/swap/swapfile none swap sw 0 0" > /etc/fstab
# fail2ban
[ -e sshd.local ] && \
pacman -S fail2ban && \
mv sshd.local /etc/fail2ban/jail.d && \
systemctl start fail2ban
# If it won't reboot, install `arch-install-scripts` then try again and firstly:
# genfstab / > /etc/fstab

View File

@ -1,9 +0,0 @@
#!/bin/sh
pacman -S gitea postgresql
sudo su postgres -c 'initdb -D /var/lib/postgres/data'
sudo systemctl start postgresql
sudo su postgres -c 'createuser -P gitea'
sudo su postgres -c 'createdb -O gitea gitea'
sudo sed -i 's/mysql/postgres/' /etc/gitea/app.ini
sudo sed -i 's/root/gitea/' /etc/gitea/app.ini
sudo systemctl start gitea

View File

@ -1,79 +0,0 @@
#!/bin/bash
set -e
yay -S pi-hole-ftl pi-hole-server
# Configuration in /etc/pihole/pihole-FTL.db
# You can change DBINTERVAL to 60 or more to limit writes to disk
sudo systemctl disable --now systemd-resolved
sudo systemctl enable --now pihole-FTL
pihole -g
pihole -c
if [ "$1" == "unbound" ]; then
sudo pacman -S unbound
sudo cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
echo "server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automatically
#root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
" | sudo tee /etc/unbound.conf
echo "Make this the only pihole DNS: PIHOLE_DNS_1=127.0.0.1 in /etc/pihole/setupVars.conf"
fi

View File

@ -1,8 +0,0 @@
#!/bin/bash
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub com.valvesoftware.Steam
flatpak run com.valvesoftware.Steam

View File

@ -1,10 +0,0 @@
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
yay -S perl-graph-easy signal-desktop sc-im ncpamixer xdg-utils-mimeo torrench
yay -S ttf-tengwar-annatar

24
system/monitoring.md Normal file
View File

@ -0,0 +1,24 @@
---
title: "Monitoring"
tags: [ "Documentation", "System", "CPU", "Memory" ]
---
Print the average CPU load over 1 minute, 5 minutes, and 15 minutes:
```bash
watch -d cat /proc/loadavg
stress="$(cat /proc/loadavg | awk '{print "Usage:" $2"%"}')"
```
Show memory usage in Gibitytes.
```bash
free -g
```
Show low and high gigibtye usage on a *l*ine, and repeat the measurement every 5 seconds:
```bash
REP=5
free --lohi -g -s $REP | lolcat
```