note sharding secrets

data/sharing_secrest.md

@@ -0,0 +1,23 @@
+---
+title: "Sharing Secrets"
+tags: [ "data", "death", "secrets", "ssss" ]
+---
+
+You can share parts of a secret with multiple people, so only some of them need to agree to see the secret.
+
+Install `ssss`, then decide on the total number of secrets (`N`), and the threshold of people who must share their shard of the secret in order to reveal the secret.
+
+```bash
+N=5
+T=3
+FILE=secret.txt
+fortune | ssss-split -t $T -n $N > $FILE
+```
+Each shard is a line inside secret.txt.
+
+Check it's working:
+
+```bash
+head -n $T $FILE | ssss-combine -t $T
+tail -n $T $FILE | ssss-combine -t $T
+```

distros/arch/scripts/archpi.sh

@@ -1,57 +0,0 @@
-#!/bin/bash
-
-# https://www.unixmen.com/install-arch-linux-raspberry-pi/
-
-pacman-key --init || echo init fail >> log
-pacman-key --populate archlinuxarm || echo update fail >> log
-pacman -Syyuu || echo update fail  >> log
-
-sed -i s/#en_GB.UTF-8 UTF-8/en_GB.UTF-8 UTF-8/ /etc/locale.gen
-
-echo 'LANG=en_GB.UTF-8' >> /etc/locale.conf
-
-locale-gen
-
-pacman -S base-devel htop ranger tmux lolcat fortune-mod git figlet rxvt-unicode task timew calcurse fail2ban
-# texlive-most 
-if [[ $2 == all || $1 == all ]]; then
-	pacman -S nnn feh dmenu rofi xf86-video-fbdev xorg xorg-xinit xorg-server xorg-server-utils xterm
-fi
-
-# Audio
-echo 'dtparam=audio=on' >> /boot/config.txt
-
-if [[ $1 == audio ]]; then
-	pacman -S alsa-utils alsa-firmware alsa-lib alsa-plugins 
-fi
-
-echo 'device_tree_param=spi=on' >> /boot/config.txt
-
-# for a vnc viewer
-if [[ $1 == vnc ]]; then
-	tigervnc gcc geany i3 i3status compton feh sxiv rxvt-unicode 
-fi
-
-# Swap
-
-cd /var/cache/swap
-
-dd if=/dev/zero of=swapfile bs=1K count=2M
-
-chmod 600 swapfile
-
-mkswap swapfile
-
-swapon swapfile
-
-echo "/var/cache/swap/swapfile none swap sw 0 0" > /etc/fstab
-
-# fail2ban
-
-[ -e sshd.local ] && \
-pacman -S fail2ban && \
-mv sshd.local /etc/fail2ban/jail.d && \
-systemctl start fail2ban
-
-# If it won't reboot, install `arch-install-scripts` then try again and firstly:
-# genfstab / > /etc/fstab

distros/arch/scripts/gitea_install.sh

@@ -1,9 +0,0 @@
-#!/bin/sh
-pacman -S gitea postgresql
-sudo su postgres -c 'initdb -D /var/lib/postgres/data'
-sudo systemctl start postgresql
-sudo su postgres -c 'createuser -P gitea'
-sudo su postgres -c 'createdb -O gitea gitea'
-sudo sed -i 's/mysql/postgres/' /etc/gitea/app.ini
-sudo sed -i 's/root/gitea/' /etc/gitea/app.ini
-sudo systemctl start gitea

distros/arch/scripts/pihole.sh

@@ -1,79 +0,0 @@
-#!/bin/bash
-
-set -e
-
-yay -S pi-hole-ftl pi-hole-server
-
-# Configuration in /etc/pihole/pihole-FTL.db
-# You can change DBINTERVAL to 60 or more to limit writes to disk
-
-sudo systemctl disable --now systemd-resolved
-sudo systemctl enable --now pihole-FTL
-pihole -g
-pihole -c
-
-if [ "$1" == "unbound" ]; then
-
-sudo pacman -S unbound
-
-sudo cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
-
-echo "server:
-    # If no logfile is specified, syslog is used
-    # logfile: "/var/log/unbound/unbound.log"
-    verbosity: 0
-
-    interface: 127.0.0.1
-    port: 5335
-    do-ip4: yes
-    do-udp: yes
-    do-tcp: yes
-
-    # May be set to yes if you have IPv6 connectivity
-    do-ip6: no
-
-    # You want to leave this to no unless you have *native* IPv6. With 6to4 and
-    # Terredo tunnels your web browser should favor IPv4 for the same reasons
-    prefer-ip6: no
-
-    # Use this only when you downloaded the list of primary root servers!
-    # If you use the default dns-root-data package, unbound will find it automatically
-    #root-hints: "/var/lib/unbound/root.hints"
-
-    # Trust glue only if it is within the server's authority
-    harden-glue: yes
-
-    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
-    harden-dnssec-stripped: yes
-
-    # Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
-    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
-    use-caps-for-id: no
-
-    # Reduce EDNS reassembly buffer size.
-    # Suggested by the unbound man page to reduce fragmentation reassembly problems
-    edns-buffer-size: 1472
-
-    # Perform prefetching of close to expired message cache entries
-    # This only applies to domains that have been frequently queried
-    prefetch: yes
-
-    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
-    num-threads: 1
-
-    # Ensure kernel buffer is large enough to not lose messages in traffic spikes
-    so-rcvbuf: 1m
-
-    # Ensure privacy of local IP ranges
-    private-address: 192.168.0.0/16
-    private-address: 169.254.0.0/16
-    private-address: 172.16.0.0/12
-    private-address: 10.0.0.0/8
-    private-address: fd00::/8
-    private-address: fe80::/10
-" | sudo   tee /etc/unbound.conf
-
-	echo "Make this the  only pihole DNS: PIHOLE_DNS_1=127.0.0.1 in /etc/pihole/setupVars.conf"
-
-fi
-

distros/arch/scripts/steam.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-
-flatpak --user install flathub com.valvesoftware.Steam
-
-flatpak run com.valvesoftware.Steam
-

distros/arch/scripts/yay.sh

@@ -1,10 +0,0 @@
-git clone https://aur.archlinux.org/yay.git
-
-cd yay
-
-makepkg -si
-
-yay -S perl-graph-easy signal-desktop sc-im ncpamixer xdg-utils-mimeo torrench
-
-yay -S ttf-tengwar-annatar
-

system/monitoring.md

@@ -0,0 +1,24 @@
+---
+title: "Monitoring"
+tags: [ "Documentation", "System", "CPU", "Memory" ]
+---
+
+Print the average CPU load over 1 minute, 5 minutes, and 15 minutes:
+
+```bash
+watch -d cat /proc/loadavg
+stress="$(cat /proc/loadavg | awk '{print "Usage:" $2"%"}')"
+```
+
+Show memory usage in Gibitytes.
+
+```bash
+free -g
+```
+Show low and high gigibtye usage on a *l*ine, and repeat the measurement every 5 seconds:
+
+```bash
+REP=5
+free --lohi -g -s $REP | lolcat
+```
+