Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2025-08-19 03:17:23 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:1bc4ff989762a968e822beff78d2bd1a6256b80a
Branches Tags
Mikaela:master
Mikaela:pre-commit-ci-update-config
Mikaela:lfs-media
Mikaela:dependabot/bundler/rexml-3.3.9
Mikaela:2016-05-10
Mikaela:2
Mikaela:1
Mikaela:0
..
compare: Mikaela:07429566c1c65e5dfb8ada81fd591e0f52704664
Branches Tags
Mikaela:master
Mikaela:pre-commit-ci-update-config
Mikaela:lfs-media
Mikaela:dependabot/bundler/rexml-3.3.9
Mikaela:2016-05-10
Mikaela:2
Mikaela:1
Mikaela:0

No commits in common. "1bc4ff989762a968e822beff78d2bd1a6256b80a" and "07429566c1c65e5dfb8ada81fd591e0f52704664" have entirely different histories.
1bc4ff9897 ... 07429566c1

2 changed files with 28 additions and 101 deletions
Show Stats Expand all files Collapse all files

62
README.markdown
View File

@ -1,48 +1,42 @@
# aminda.eu
My website
[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/Mikaela/mikaela.github.io/master.svg)](https://results.pre-commit.ci/latest/github/Mikaela/mikaela.github.io/master)
[![pre-commit.ci status](https://results.pre-commit.ci/badge/github/Mikaela/mikaela.github.io/master.svg)](https://results.pre-commit.ci/latest/github/Mikaela/mikaela.github.io/master) [![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier)
This website should be fairly typical Jekyll project. The index contains
`rel=me` links everywhere so projects such as Mastodon give me the green
checkmark.
Directories:
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- PGP/ — my PGP key(s)
- \_\*/ — Jekyll's own files
- blog/ — blog index & feeds
- css/ — css
- pages/ — normal pages
- php/ — php scripts that haven't found their way anywhere else
- n/ — notes to self with rememberable URLs, see {r,or,ir}/
- r/ — redirects, some kind of personal URL shortener
- or/ — same, but not redirecting and for Tor Onion Services
- ir/ — same, but for I2P eepsites
- [Sitemaps](#sitemaps)
- [Unusual directories](#unusual-directories)
- [Submodules](#submodules)
- [Building](#building)
Sitemaps:
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
## Sitemaps
- `sitemap.xml` — automatically generated by Jekyll when building
- `sitemaps.xml` — manually written sitemap index pointing to sitemaps on my
- sitemap.xml — automatically generated by Jekyll when building
- sitemaps.xml — manually written sitemap index pointing to sitemaps on my
sites. I am not sure how it works when there are multiple domains, so
I am keeping all sitemaps in robots.txt and sitemaps.xml on bottom
of it. Same will possibly happen with other domains.
## Unusual directories
IPFS:
Or directories that generally aren't encountered in other similar projects.
I am using [IPFS](https://ipfs.io/) for some embeds on this site. If you
would like to help me host them:
- `n/` - quick notes for my personal reference with memorable addresses.
- `r/` - my personal url redirector for links that I have to refer to more or less often.
- `txt/` - signed text files such as account list to decrease impact of identity theft attempts.
- `PGP/` - my current and some previous PGP keys.
```
ipfs pin add bafybeia7yeie5a6arstytabl6bfhacmidcy4yhht3e6dfrrq4gi2gry4pu bafybeihqkgkjo7zywuk3wiwv7ng2iiwr4na2jpmbff5zawld33tssqe4ru bafybeiawyibtmpxvgzv7ge3vlase5rjrxnea4rqr2ndeso2bs6wibe4pue bafybeibtebp2pve6x5ajv3h7leuhsz4s4alholyahi74vr7mlpob3ajqji
```
### Submodules
These hashes are:
- `ir/` - list of I2P services, previously a part of this repository for memorable addresses.
- `lfs-media/` - orphan branch containing lfs-media such as the avatars. However it doesn't work with GitHub pages.
- `or/` - same as `ir/`, but for Tor Onion Services.
- foxyproxy.json
- avatar/favicon
## Building
1. Install `bundler` onto your system.
1. `cd` to root of this repository, if you didn't already.
1. _Optionally_ configure where you wish bundler to install everything. This repository already specifies `bundle config set --local path 'vendor/bundle'` in the gitignored `.bundle/config` file.
1. Run `bundle install`
1. You are done, `bundle exec jekyll <build|serve>` and similar commands should work, just remember `bundle exec` in front of the command so the system wide installation doesn't unintentionally get used.
There is also ipfs-files/IPFS.csv in this directory listing all the current
content IDs and ipfs-files/IPFS-archive.csv listing the previously used CIDs
and where they were used in.

67
n/essentialsoftware.md
View File

@ -1,67 +0,0 @@
---
layout: null
permalink: /n/essentialsoftware.html
sitemap: false
---
# Essential software for new systems
This is just a quick personal reference so I don't have to guess.
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Security](#security)
- [Usability](#usability)
- [Offtopic system configuration](#offtopic-system-configuration)
- [Debian-based](#debian-based)
- [SSD](#ssd)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
## Security
- `microcode` - propietary, but otherwise CPU holes are going to be gaping open. Refer to `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
- Debian calls this as `amd64-microcode` or `intel-microcode`
- `ufw` for Deb-based or `firewalld` on Fedora
- `sshguard` for mitigating shared systems where others refuse to use keys
- `needrestart` for knowing when updates actually require services to be restarted or a kernel upgrade happens and requires reboot
- `molly-guard` so you won't accidentally `reboot` or `poweroff` production rather than local machine.
- `apt-listchanges` changelogs are worth knowing when updating.
- `apt-listbugs` known bugs are especially nice when performing bigger updates.
- `chrony` - security demands the time to be correct, Chrony supports NTS and is proper NTP server instead of just SNTP like systemd-timesyncd.
- `unbound` - my choice for both DNSSEC validating and DNS-over-TLS, even if I had it connect to upstream dns\[crypt\]proxy
- `unattended-upgrades` or `dnf-automatic` so security updates are at least downloaded if not even directly installed (see configuration and systemd units!)
## Usability
- `nvim git tmux zsh` - good luck without these
- if cryptographic operations are taking ages, consider something like `haveged`. It's controversial, so if there are no issues, don't install a random number generator.
- `earlyoom` - may avoid frozen systems, much more pleasant than dealing with a frozen system
- remember to `sudo systemctl enable --now earlyoom`
- `zram-tools` - small compressed swap in RAM
- Remember to check configs! Fedora: `/etc/zram.conf`
- `sudo systemctl enable --now zramswap.service zram-swap.service`
- `thermald` for additional help keeping system cool, especially intel
- `sudo systemctl enable --now thermald`
- `vnstat` - help for observing bandwidth usage
- `yggdrasil` - essential for getting through Carrier Grade NAT whether there is IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.
- `tlp` - for laptop power management, especially ThinkPad.
- `sudo tlp-stat | less`
- `sudo systemctl enable --now tlp`
## Offtopic system configuration
This is just too close to not mention here (and was besides in my planning issue):
### Debian-based
- `sudo dpkg-reconfigure console-setup`
- ensure UTF-8 and select Terminus
- `sudo dpkg-reconfigure keyboard-configuration`
- compose key
### SSD
- `sudo systemctl enable --now fstrim.timer`
- check that `/etc/fstab` has `noatime` so every file access isn't written to the disk. BTRFS filesystems should also have `ssd` flag.