Compare commits
3 Commits
fc085dbb1e
...
51e489a8e3
Author | SHA1 | Date | |
---|---|---|---|
51e489a8e3 | |||
d4ca81c2ae | |||
ae1e0ad726 |
23
data/sharing_secrest.md
Normal file
23
data/sharing_secrest.md
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
title: "Sharing Secrets"
|
||||||
|
tags: [ "data", "death", "secrets", "ssss" ]
|
||||||
|
---
|
||||||
|
|
||||||
|
You can share parts of a secret with multiple people, so only some of them need to agree to see the secret.
|
||||||
|
|
||||||
|
Install `ssss`, then decide on the total number of secrets (`N`), and the threshold of people who must share their shard of the secret in order to reveal the secret.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
N=5
|
||||||
|
T=3
|
||||||
|
FILE=secret.txt
|
||||||
|
fortune | ssss-split -t $T -n $N > $FILE
|
||||||
|
```
|
||||||
|
Each shard is a line inside secret.txt.
|
||||||
|
|
||||||
|
Check it's working:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
head -n $T $FILE | ssss-combine -t $T
|
||||||
|
tail -n $T $FILE | ssss-combine -t $T
|
||||||
|
```
|
@ -1,57 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# https://www.unixmen.com/install-arch-linux-raspberry-pi/
|
|
||||||
|
|
||||||
pacman-key --init || echo init fail >> log
|
|
||||||
pacman-key --populate archlinuxarm || echo update fail >> log
|
|
||||||
pacman -Syyuu || echo update fail >> log
|
|
||||||
|
|
||||||
sed -i s/#en_GB.UTF-8 UTF-8/en_GB.UTF-8 UTF-8/ /etc/locale.gen
|
|
||||||
|
|
||||||
echo 'LANG=en_GB.UTF-8' >> /etc/locale.conf
|
|
||||||
|
|
||||||
locale-gen
|
|
||||||
|
|
||||||
pacman -S base-devel htop ranger tmux lolcat fortune-mod git figlet rxvt-unicode task timew calcurse fail2ban
|
|
||||||
# texlive-most
|
|
||||||
if [[ $2 == all || $1 == all ]]; then
|
|
||||||
pacman -S nnn feh dmenu rofi xf86-video-fbdev xorg xorg-xinit xorg-server xorg-server-utils xterm
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Audio
|
|
||||||
echo 'dtparam=audio=on' >> /boot/config.txt
|
|
||||||
|
|
||||||
if [[ $1 == audio ]]; then
|
|
||||||
pacman -S alsa-utils alsa-firmware alsa-lib alsa-plugins
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo 'device_tree_param=spi=on' >> /boot/config.txt
|
|
||||||
|
|
||||||
# for a vnc viewer
|
|
||||||
if [[ $1 == vnc ]]; then
|
|
||||||
tigervnc gcc geany i3 i3status compton feh sxiv rxvt-unicode
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Swap
|
|
||||||
|
|
||||||
cd /var/cache/swap
|
|
||||||
|
|
||||||
dd if=/dev/zero of=swapfile bs=1K count=2M
|
|
||||||
|
|
||||||
chmod 600 swapfile
|
|
||||||
|
|
||||||
mkswap swapfile
|
|
||||||
|
|
||||||
swapon swapfile
|
|
||||||
|
|
||||||
echo "/var/cache/swap/swapfile none swap sw 0 0" > /etc/fstab
|
|
||||||
|
|
||||||
# fail2ban
|
|
||||||
|
|
||||||
[ -e sshd.local ] && \
|
|
||||||
pacman -S fail2ban && \
|
|
||||||
mv sshd.local /etc/fail2ban/jail.d && \
|
|
||||||
systemctl start fail2ban
|
|
||||||
|
|
||||||
# If it won't reboot, install `arch-install-scripts` then try again and firstly:
|
|
||||||
# genfstab / > /etc/fstab
|
|
@ -1,9 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
pacman -S gitea postgresql
|
|
||||||
sudo su postgres -c 'initdb -D /var/lib/postgres/data'
|
|
||||||
sudo systemctl start postgresql
|
|
||||||
sudo su postgres -c 'createuser -P gitea'
|
|
||||||
sudo su postgres -c 'createdb -O gitea gitea'
|
|
||||||
sudo sed -i 's/mysql/postgres/' /etc/gitea/app.ini
|
|
||||||
sudo sed -i 's/root/gitea/' /etc/gitea/app.ini
|
|
||||||
sudo systemctl start gitea
|
|
@ -1,79 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
yay -S pi-hole-ftl pi-hole-server
|
|
||||||
|
|
||||||
# Configuration in /etc/pihole/pihole-FTL.db
|
|
||||||
# You can change DBINTERVAL to 60 or more to limit writes to disk
|
|
||||||
|
|
||||||
sudo systemctl disable --now systemd-resolved
|
|
||||||
sudo systemctl enable --now pihole-FTL
|
|
||||||
pihole -g
|
|
||||||
pihole -c
|
|
||||||
|
|
||||||
if [ "$1" == "unbound" ]; then
|
|
||||||
|
|
||||||
sudo pacman -S unbound
|
|
||||||
|
|
||||||
sudo cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
|
|
||||||
|
|
||||||
echo "server:
|
|
||||||
# If no logfile is specified, syslog is used
|
|
||||||
# logfile: "/var/log/unbound/unbound.log"
|
|
||||||
verbosity: 0
|
|
||||||
|
|
||||||
interface: 127.0.0.1
|
|
||||||
port: 5335
|
|
||||||
do-ip4: yes
|
|
||||||
do-udp: yes
|
|
||||||
do-tcp: yes
|
|
||||||
|
|
||||||
# May be set to yes if you have IPv6 connectivity
|
|
||||||
do-ip6: no
|
|
||||||
|
|
||||||
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
|
|
||||||
# Terredo tunnels your web browser should favor IPv4 for the same reasons
|
|
||||||
prefer-ip6: no
|
|
||||||
|
|
||||||
# Use this only when you downloaded the list of primary root servers!
|
|
||||||
# If you use the default dns-root-data package, unbound will find it automatically
|
|
||||||
#root-hints: "/var/lib/unbound/root.hints"
|
|
||||||
|
|
||||||
# Trust glue only if it is within the server's authority
|
|
||||||
harden-glue: yes
|
|
||||||
|
|
||||||
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
|
|
||||||
harden-dnssec-stripped: yes
|
|
||||||
|
|
||||||
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
|
|
||||||
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
|
|
||||||
use-caps-for-id: no
|
|
||||||
|
|
||||||
# Reduce EDNS reassembly buffer size.
|
|
||||||
# Suggested by the unbound man page to reduce fragmentation reassembly problems
|
|
||||||
edns-buffer-size: 1472
|
|
||||||
|
|
||||||
# Perform prefetching of close to expired message cache entries
|
|
||||||
# This only applies to domains that have been frequently queried
|
|
||||||
prefetch: yes
|
|
||||||
|
|
||||||
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
|
||||||
num-threads: 1
|
|
||||||
|
|
||||||
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
|
||||||
so-rcvbuf: 1m
|
|
||||||
|
|
||||||
# Ensure privacy of local IP ranges
|
|
||||||
private-address: 192.168.0.0/16
|
|
||||||
private-address: 169.254.0.0/16
|
|
||||||
private-address: 172.16.0.0/12
|
|
||||||
private-address: 10.0.0.0/8
|
|
||||||
private-address: fd00::/8
|
|
||||||
private-address: fe80::/10
|
|
||||||
" | sudo tee /etc/unbound.conf
|
|
||||||
|
|
||||||
echo "Make this the only pihole DNS: PIHOLE_DNS_1=127.0.0.1 in /etc/pihole/setupVars.conf"
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
|
|
||||||
|
|
||||||
flatpak --user install flathub com.valvesoftware.Steam
|
|
||||||
|
|
||||||
flatpak run com.valvesoftware.Steam
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
git clone https://aur.archlinux.org/yay.git
|
|
||||||
|
|
||||||
cd yay
|
|
||||||
|
|
||||||
makepkg -si
|
|
||||||
|
|
||||||
yay -S perl-graph-easy signal-desktop sc-im ncpamixer xdg-utils-mimeo torrench
|
|
||||||
|
|
||||||
yay -S ttf-tengwar-annatar
|
|
||||||
|
|
24
system/monitoring.md
Normal file
24
system/monitoring.md
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
title: "Monitoring"
|
||||||
|
tags: [ "Documentation", "System", "CPU", "Memory" ]
|
||||||
|
---
|
||||||
|
|
||||||
|
Print the average CPU load over 1 minute, 5 minutes, and 15 minutes:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
watch -d cat /proc/loadavg
|
||||||
|
stress="$(cat /proc/loadavg | awk '{print "Usage:" $2"%"}')"
|
||||||
|
```
|
||||||
|
|
||||||
|
Show memory usage in Gibitytes.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
free -g
|
||||||
|
```
|
||||||
|
Show low and high gigibtye usage on a *l*ine, and repeat the measurement every 5 seconds:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
REP=5
|
||||||
|
free --lohi -g -s $REP | lolcat
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in New Issue
Block a user