Whitelist IP addresses based on SSH origin

Aug 13, 2016 - 1 minutes
Here is how you create a list of IP addresses, to be used with NGINX, based on successful ssh connections. $ cat /usr/bin/auth-list.sh #!/bin/bash WHITELIST=/etc/nginx/conf/whitelist.conf # Make sure that we don't add it more than once. if ! grep -q $PAM_RHOST $WHITELIST; then echo allow $PAM_RHOST\; >> $WHITELIST fi $ cat /etc/pam.d/sshd session optional pam_exec.so seteuid /usr/bin/auth-list.sh Login via ssh and it will add your external IP address to the list. Read more ...

Configuring OwnTrack to work With letsencrypt

Mar 21, 2016 - 1 minutes
These are some notes on getting OwnTracks to work with LetsEncrypt. Install mosquitto (MQTT Broker) and create a username password combination. apt install mosquitto mosquitto-clients mosquitto_passwd -c /etc/mosquitto/passwd <username> Using the letsencrypt client generate certs only as standalone. ./letsencrypt-auto certonly --standalone -d <domain> Navigate to /etc/letsencrypt/live/ and copy them to mosquitto. cp chain.pem /etc/mosquitto/certs/ cp cert.pem /etc/mosquitto/certs/ cat {privkey,fullchain}.pem >> /etc/mosquitto/certs/keyfile.pem In the mosquitto.conf add the following lines. Read more ...

LXC Containers and rTorrent

Mar 21, 2016 - 2 minutes
Install LXC stuff on the host machine. apt install lxc Configure a network bridge, this will not be NATed so it will appear on the network as a host device: auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_fd 0 bridge_maxwait 0 Append the network config to the defaults /etc/lxc/default.conf: lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 If you want to store the containers in a non-default location. Read more ...

Weechat Relay

Mar 14, 2016 - 1 minutes
Using weechat as a relay turns weechat into a server for clients to connect and control weechat. This can be an android or web interface. Don’t assume these passwords are safe, you should really use /secure. SSH Relay Add public key to ~/.ssh/authorized_keys on server. This allows only connections to be opened to the localhost on port 9000 for this SSH key. no-agent-forwarding,no-X11-forwarding,permitopen="localhost:9000",command="echo 'This account can only be used for weechat relays'" ssh-rsa . Read more ...

Weechat and Tor

Mar 13, 2016 - 1 minutes
Install tor and weechat sudo apt-get install tor weechat Uncomment SocksPort 9050 from /etc/tor/torrc to create a SOCKS proxy to the Tor network on the localhost. In weechat add the proxy, add a server making sure it is over SSL and allows Tor connections. /proxy add tor socks5 127.0.0.1 9050 /server add <server> -ssl /set irc.server.<server>.proxy "tor" Now you’re thinking with Tor. Read more ...

No Space Left on Device

Mar 1, 2016 - 1 minutes
A few tips if you are stuck with out any space on the device, and you don’t want to resize partitions. These two will clean up some things, but need at least some space. So might not work: apt-get autoclean apt-get autoremove If they don’t a straight up clean should do the trick. apt-get clean If you’re still stuck, then try to remove some old kernels which you might have downloaded: Read more ...

Leaving KeePassX for pass

Jan 15, 2016 - 2 minutes
I’ve been using KeePassX for over a year now and have found it to be a most helpful tool. I’ve used it everyday since I moved to it. Highly recommend it. All things get boring and small problems become annoying problems. When using KeePass on more than one device with a file syncing service, KeePass kept complaining about locks which were lies, normally I can ignore it. But at times it can get confusing, then I end up with missing passwords. Read more ...

GPS and Raspberry Pi

Jan 12, 2016 - 1 minutes
I ordered a 56 Channel GPS Receiver (GP-20U7) from hobbytronics. The GPS is made by SparkFun, its tiny as you can see below. So far it is working well and was easy to get working. Cable things up I guessed the pinout from the datasheet. Nothing exploded. RPI -- GPS GND -> GND RX -> TX 3V -> VCC Unbind serial The RPI comes with the serial pins bound to a TTY terminal. Read more ...

Laptop Gets its first set of stickers

Jan 9, 2016 - 1 minutes
After a friend came back from CCC, he gave me a few stickers. Also my wife got me a wonderful giant ‘root’ sticker for my birthday last year. There is more than enough space for stickers which I hope to amass from FOSDEM later in the Month. Click to get more pixels Read more ...

Sublime Text Customisation

Jan 8, 2016 - 1 minutes
Here are a list of some plugins I like to use with Sublime Text, you can install the Package Manager from: https://packagecontrol.io/installation I do a lot of markdown editing and pandoc converting. e.g. Markdown to PDF, which first converts it to LaTeX so it looks pretty good. Plugins Pandoc: Converts markdown into, HTML5, PDF, and Word Documents. Word Count: Displays a word count in the status bar, I like to enable the enable_readtime setting to give me an indication of how long my text will take to read. Read more ...