Site Tools


System setup

# fde1:
# fde2:
gdisk /dev/sda
cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random --verify-passphrase luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 root
mkfs.btrfs /dev/mapper/root
mount /dev/mapper/root /mnt
pacstrap /mnt base base-devel tmux mosh wipe rsync procps neovim lsof strace htop net-tools pkgfile dnsutils iotop aria2 tcpdump nload btrfs-progs ntp wget acpid alsa-utils cups curl eog evince ffmpeg firefox gedit gimp git vinagre gvfs-mtp gvfs-smb nautilus openvpn gparted pidgin plowshare youtube-dl pulseaudio qt5-wayland samba sigil virt-manager wireshark-gtk unbound unrar unzip valgrind vlc wine-mono winetricks xorg-server-xwayland sshfs efibootmgr ttf-dejavu mpv acpi pm-utils ntfs-3g pavucontrol gnome-disk-utility bluez-utils conky pwgen libreoffice-fresh linux-headers minicom android-udev ansible mlocate terminus-font fail2ban pulseaudio-bluetooth udisks sway pv otf-ipafont xdg-utils devtools atom qpdfview termite brightnessctl nextcloud-client py3status arch-audit grim fragments fish swaylock slurp pdfarranger nftables grc time foliate vlc-bittorrent brightnessctl depot-tools-git downgrade  signal-desktop ocenaudio-bin smloadr soulseekqt ttf-font-awesome wcalc anbox-git krop zeronet id3ted redshift-wlr-gamma-control-git split2flac r128gain foo2zjs-nightly tor-browser-en venom pkgbuild-introspection iwd rofi-wifi-menu-git wl-clipboard librewolf pacaur ripgrep bat fd gnome-passwordsafe wf-recorder
ln -s /usr/lib/udev/rules.d/51-android.rules /etc/udev/rules.d
genfstab -p /mnt >> /mnt/etc/fstab
mount /dev/sda1 /mnt/boot
arch-chroot /mnt
chsh -s $(which fish)
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/^#?SystemMaxUse=.*$/SystemMaxUse=200M/g' /etc/systemd/journald.conf
sed -i 's/^#Color/Color/g' /etc/pacman.conf
mkdir /etc/pacman.d/hooks
ln -s /usr/share/libalpm/hooks/30-systemd-daemon-reload.hook /etc/pacman.d/hooks/
echo "http-pub2" >> /etc/hostname
timedatectl set-timezone Europe/Berlin
sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen
localectl set-locale LANG=en_US.UTF-8
echo "KEYMAP=de" > /etc/vconsole.conf
mkinitcpio -p linux
bootctl install
useradd -m onny -s /usr/bin/fish
passwd onny
usermod -a -G sudo onny
timedatectl set-ntp true
mkdir -p /etc/systemd/system/getty@tty1.service.d
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl enable --now NetworkManager nftables fail2ban iwd
# gpasswd -a onny lock
# gpasswd -a onny uucp
gpasswd -a onny adbusers # mtp support
gpasswd -a onny storage # polkit-rule mount hdds


# Static information about the filesystems.
# See fstab(5) for details.
/dev/mapper/root    	/         	btrfs     	rw,relatime,ssd,space_cache,subvolid=5,subvol=/	0 0
UUID=4a8c7d1d-5839-429b-9c85-3cb6046c8b21           	/boot     	ext2      	rw,relatime,stripe=4	0 2

# <file system> <dir> <type> <options> <dump> <pass>




Name = wg0
Kind = wireguard
Description = Wireguard

PrivateKey = ****

PublicKey = ****
AllowedIPs =
Endpoint = 2a01:4f8:191:327::2:51820
Endpoint =
PersistentKeepalive = 25
Name = wg0

Address =
Name = eno1

Name = wlan0

Name = wlp3s0


systemctl enable --now systemd-networkd systemd-resolved


table inet filter {
	set tcp_accepted {
		type inet_service
		flags interval

	set udp_accepted {
		type inet_service
		flags interval

	chain base_checks {
		ct state { established, related } accept
		ct state invalid drop

	chain input {
		type filter hook input priority filter; policy drop;
		jump base_checks
		iifname "lo" accept
		ip protocol icmp icmp type { echo-reply, destination-unreachable, echo-request, time-exceeded, parameter-problem } accept
		ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
		tcp dport @tcp_accepted accept
		udp dport @udp_accepted accept
		iifname "tornet" tcp dport 9040 accept # tornet routing
		iifname "tornet" udp dport 5353 accept # tornet routing

	chain forward {
		type filter hook forward priority filter; policy drop;
		jump base_checks
		iifname "tornet" oifname "wlan0" ip protocol tcp accept # tornet routing
		iifname "tornet" oifname "wlan0" udp dport 53 accept # tornet routing

	chain output {
		type filter hook output priority filter; policy accept;
# nat tables for tornet network interface
table ip nat {
	chain prerouting {
		type nat hook prerouting priority dstnat; policy accept;
		iifname "tornet" udp dport 53 dnat to
		iifname "tornet" ip protocol tcp dnat to

	chain postrouting {
		type nat hook postrouting priority srcnat; policy accept;
		oifname "wlan0" ip saddr masquerade


project-insanity build server repo


SigLevel = PackageOptional
Server =


 Description=Automatic Update 

 ExecStart=/usr/bin/pacman -Syuq --noconfirm --needed --noprogressbar 

 Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes


systemctl enable --now autoupdate.timer

Nextcloud autosync

 Description=Automatic Nextcloud file sync 

 ExecStart=/usr/bin/nextcloudcmd -h -n --exclude /home/onny/.nextcloud/sync-exclude.lst /home/onny/. 

 Description=Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 60 minutes


login onny
password ****
sudo systemctl enable --user --now nextcloud_autosync.timer


hack to power on bluetooth after waking up from suspend:

Description=Local system resume actions

ExecStart=/usr/bin/btmgt power on

Description=Power on bluetooth on startup

ExecStart=/usr/bin/btmgmt power on

sudo systemctl enable root-resume activate_bt

firefox addons

 ublock origin, https everywhere, cookie auto delete



 flatpak remote-add --if-not-exists gnome
 flatpak remote-add --if-not-exists tingping
 flatpak remote-add --from gnome-apps


 flatpak install --from
 flatpak install tingping io.github.TransmissionRemoteGtk
 flatpak install --from
 flatpak install gnome-apps org.gnome.gedit
 flatpak install gnome-apps org.gnome.evince
 flatpak install --from


udisks --mount /dev/sda3
udisks --mount /dev/sda2
alias snipping_tool='grim -g ('slurp') ('date').png'
alias nmap="grc nmap"
redshift -m wayland &
firejail brave --ignore-gpu-blacklist &
dunst &
firejail --net=tornet whatsapp-web-desktop &
firejail --net=tornet signal-desktop &
set $term termite
set $menu dmenu_run
#output * bg /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png fill
input "1:1:AT_Translated_Set_2_keyboard" {
    xkb_layout de
    xkb_variant ,nodeadkeys
    xkb_options grp:alt_shift_toggle
# Workspaces:
    workspace_auto_back_and_forth yes

# Fancy names for workspaces
set $w1 1: brave
set $w2 2: signal
set $w3 3: whatsapp
set $w4 4
set $w5 5
set $w6 6
set $w7 7
set $w8 8
set $w9 9
set $w10 10

    # switch to workspace
    bindsym $mod+1 workspace $w1
    bindsym $mod+2 workspace $w2
    bindsym $mod+3 workspace $w3
bar {
	status_command py3status
	font pango:Source Sans Pro, FontAwesome 8
	#tray_output primary
	strip_workspace_numbers yes

input "2:7:SynPS/2_Synaptics_TouchPad" {
	tap enabled

bindsym XF86AudioRaiseVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%
bindsym XF86AudioLowerVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%
bindsym XF86AudioMute exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle
bindsym XF86MonBrightnessDown exec brightnessctl set 5%-
bar {
	status_command py3status
	font pango:Source Sans Pro, FontAwesome 8
	#tray_output primary
	strip_workspace_numbers yes

input "2:7:SynPS/2_Synaptics_TouchPad" {
	tap enabled

bindsym XF86AudioRaiseVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%
bindsym XF86AudioLowerVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%
bindsym XF86AudioMute exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle
bindsym XF86MonBrightnessDown exec brightnessctl set 5%-
bar {
	status_command py3status
	font pango:Source Sans Pro, FontAwesome 8
	#tray_output primary
	strip_workspace_numbers yes

input "2:7:SynPS/2_Synaptics_TouchPad" {
	tap enabled

bindsym XF86AudioRaiseVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%
bindsym XF86AudioLowerVolume exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%
bindsym XF86AudioMute exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle
bindsym XF86MonBrightnessDown exec brightnessctl set 5%-
bindsym XF86MonBrightnessUp exec brightnessctl set 5%+
bindsym XF86Sleep exec systemctl suspend
bindcode 244 exec swaylock -i /home/onny/pictures/lockbg.jpg --scaling fill
bindcode 156 exec ~/.config/sway/

# Assign windows to workspaces

assign [class="brave-browser"]		 → $w1
assign [class="Signal"]		 → $w2
assign [class="whats-app"]	 → $w3

exec ~/.config/sway/


    font = lemon 10
    allow_markup = yes
    format = "%s\n%b"
    sort = yes
    indicate_hidden = yes
    alignment = left
    bounce_freq = 0
    show_age_threshold = 60
    word_wrap = yes
    ignore_newline = no
    geometry = "300x10-10+48"
    transparency = 20
    show_indicators = yes
    idle_threshold = 120
    monitor = 0
    follow = mouse
    sticky_history = yes
    line_height = 5
    separator_height = 0
    padding = 10
    horizontal_padding = 10
    separator_color = #bfbfbf
    startup_notification = false
    browser = /usr/bin/firefox -new-tab
    icon_position = left
    icon_folders = /usr/share/icons/Notifications

    color = "#000000"
    width = 0

    close = ctrl+space
    close_all = ctrl+shift+space
    context = ctrl+shift+period
    history = ctrl+shift 

    background = "#ffffff"
    foreground = "#282828"
    timeout = 5

    background = "#ffffff"
    foreground = "#282828"
    timeout = 5

    background = "#ffffff"
    foreground = "#000000"
    timeout = 5

  appname = pa-applet
  format = ""

  summary = Volume down notification
  format = ""

  summary = Volume up notification
  format = ""

  summary = Volume muted notification
  format = ""


# Firejail profile for brave
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/brave.local
# Persistent global definitions
include /etc/firejail/globals.local

noblacklist ${HOME}/.config/BraveSoftware
# brave uses gpg for built-in password manager
noblacklist ${HOME}/.gnupg

mkdir ${HOME}/.config/BraveSoftware
whitelist ${HOME}/.config/BraveSoftware
whitelist ${HOME}/.gnupg

# noexec /tmp is included in chromium-common.profile and breaks Brave
ignore noexec /tmp

# Redirect
include /etc/firejail/chromium-common.profile
# Firejail profile for signal-desktop
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/signal-desktop.local
# Persistent global definitions
include /etc/firejail/globals.local

noblacklist ${HOME}/.config/Signal
noblacklist ${HOME} # hack

include /etc/firejail/
include /etc/firejail/
include /etc/firejail/
include /etc/firejail/

mkdir ${HOME}/.config/Signal
whitelist ${DOWNLOADS}
whitelist ${HOME}/.config/Signal
whitelist ${HOME} # hack
include /etc/firejail/
include /etc/firejail/

caps.drop all
protocol unix,inet,inet6,netlink
#shell none


#noexec ${HOME}
noblacklist ~/.config
mkdir ~/.config
whitelist ~/.config
noblacklist /opt/Whatsapp
whitelist /opt/Whatsapp

include /etc/firejail/
include /etc/firejail/default.profile
include /etc/firejail/electron.local 


echo kernel.unprivileged_userns_clone = 1 | sudo tee /etc/sysctl.d/00-local-userns.conf

fish config

export QT_QPA_PLATFORM=wayland-egl
export GDK_BACKEND='wayland,x11'
export CLUTTER_BACKEND=wayland
export TERMINAL=termite
export EDITOR=vim
export BROWSER=firefox
export XDG_SESSION_TYPE=wayland
export XDG_DESKTOP_DIR="/home/onny"
export XDG_DOWNLOAD_DIR="$HOME/downloads"


[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && exec dbus-launch sway

snipping tool

if [ "$1" = "-v" ]; then
	wf-recorder -g "$(slurp)" -f "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_wf-recorder.mp4')"
	slurp | grim -g - - | wl-copy && wl-paste > "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_grim.png')"



set extra capabilities for process

sudo setcap 'CAP_NET_BIND_SERVICE=+ep' /usr/bin/maddy

directory permissions

namei -l /mnt/external/audio

use acl to grant permission to files for specific user

setfacl -R -m u:maddy:rX /etc/ssl/ /etc/ssl/

pgrep get process pid by process name

$ pgrep sw3

set system time

timedatectl set-time "2014-05-26 11:13:54"


git checkout aur package

git clone ssh://


update checksums inplace


building a package in a clean dev chroot, path for pacman conf /usr/share/devtools/pacman-extra.conf

cd <package-patch>
extra-x86_64-build # -c for cleaning up chroot. ~/chroot/root is a btrfs subvolume and has to be removed with btrfs!
extra-x86_64-build -- -I ~/packages/foobar/foobar-2-1-any.pkg.tar.xz

advanced chroot with own packages preinstalled

mkdir ~/chroot
export CHROOT=$HOME/chroot
mkarchroot $CHROOT/root base-devel
arch-nspawn $CHROOT/root pacman -Syu # updating it
makechrootpkg -r $CHROOT -I package-1.0-1-i686.pkg.tar.xz # -c for clean chroot 
# repackage: makechrootpkg -r /home/onny/chroot -- -R

cheap python virtualenv

mkdir path
ln -s /usr/bin/python2 path/python
export PATH="$srcdir/path:$PATH"

abs deprecated, using asp

asp export linux


Installation von Lizenzdateien:

install -D "LICENSE.txt" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"

Installation von Systemd-Units:

install -Dm644 "${srcdir}/btlive.service" "${pkgdir}/usr/lib/systemd/system/btlive.service"

Installation von Docs:

install -Dm644 "$pkgdir/usr/share/doc/$pkgname/"

Installation von Tmpfiles:

install -Dm644 "wallace/wallace.tmpfiles.d.conf" "${pkgdir}/usr/lib/tmpfiles.d/wallace.conf"

Installation von Libs:

install -m644* "${pkgdir}/usr/lib/"

do not strip binary files


Installation von ausführbare Dateien:

install -Dm755 shareLinkCreator "${pkgdir}/usr/bin/sharelinkcreator"

Nginx/Apache Template-Dateien:

 if [[ -n $(which httpd 2> /dev/null) ]]; then
   # install apache .conf file if apache is installed
   if [[ -n $(which httpd 2> /dev/null) ]]; then
      install -d  $pkgdir/etc/httpd/conf/extra 
      install -m 644 $srcdir/owncloud.conf  $pkgdir/etc/httpd/conf/extra/ 

Zielname der Quelldatei ändern:


Architekturabhängige Build-Anweisung

 build() {
   cd "${srcdir}/oclHashcat"
   if [[ "$CARCH" = "x86_64" ]]; then
     make cudaHashcat64.bin
     make cudaHashcat32.bin
   make nv_all

pkgver git

 pkgver() {
   cd "mail"
   #git describe --long | sed 's/\([^-]*-g\)/r\1/;s/-/./g'
   git log -1 --format=%cd.%h --date=short|tr -d -

Common install file example

post_install() {
  mkdir /var/lib/zabbix
  getent group lool > /dev/null || groupadd -r lool > /dev/null
  getent passwd lool > /dev/null || useradd lool > /dev/null
  chown -R lool:lool /var/cache/loolwsd \
post_remove() {
   userdel -rf lool
   groupdel lool

in pkgbuild reference



install packages into build container

arch-chroot /var/lib/aurbuild/x86_64/root pacman -S git
pacman --root=/var/lib/aurbuild/x86_64/root -S git

add gpg key into build container

sudo -u aur gpg --recv-keys EB774491D9FF06E2

rebuild prebuild package and add to custom AUR repo

fakepkg webkitgtk2
sudo -u aur repo-add /var/cache/pacman/aur/aur.db.tar /tmp/webkitgtk2-3:2.4.11-16-x86_64.pkg.tar.xz
cp /tmp/webkitgtk2-3:2.4.11-16-x86_64.pkg.tar.xz /var/cache/pacman/aur


Example session bluetoothctl

# bluetoothctl 
[bluetooth]# default-agent 
[bluetooth]# scan on
[bluetooth]# pair 00:12:34:56:78:90
[bluetooth]# connect 00:12:34:56:78:90

usefull stuff

pipe stderr to stdout

command 2>&1 >/dev/null | grep 'something'

pipe stderr and stdout both to a file

command &> error_log

locate pacnew files

find /etc -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null

or search entire disk

find / -regextype posix-extended -regex ".+\.pac(new|save)" 2> /dev/null

swapfile on btrfs

swapfile=$(losetup -f) #free loop device
truncate -s 8G /swap   #create 8G sparse swap file
losetup $swapfile /swap #mount file to loop
mkswap  $swapfile
swapon  $swapfile

search library availability in system, print file paths

ldconfig -p | grep blas 

systemd nspawn (container)

pacman -S arch-install-scripts
btrfs subvol create /var/lib/container/archlinux-base
mkdir /etc/systemd/nspawn
pacstrap /var/lib/container/archlinux-base base base-devel
systemctl enable --now systemd-networkd systemd-resolved
systemd-nspawn --boot -nD /var/lib/machines/archlinux-nextcloudcli --template=/var/lib/container/archlinux-base
systemctl start systemd-nspawnd@archlinux-nextcloudcli
machinectl shell root@archlinux-nextcloudcli /bin/bash -c "systemctl enable --now systemd-networkd systemd-resolved" 

quit / exit / kill container: Hold Ctrl press ] three times


grep kernel config running system

zcat /proc/config.gz | grep VDSO


unset history

fish --private


lzma hado compression and extraction

tar -c --lzma -f my_archive.tar.lzma /some_directory
tar -x --lzma -f my_archive.tar.lzma

run script verbose

sh -x

cheap python virtualenv

mkdir path
ln -s /usr/bin/python2 path/python
export PATH="$srcdir/path:$PATH"

get process runtime by pid, where pid is 1234 in this example

ps -o etime= -p "1234" 

write command output to file and to stdout (python -u for unbuffered output)

python3 -u 2>&1 | tee sperrmuell_ka.csv

recurseviley rename string

find . -type f -print0 | xargs -0 sed -i 's/twentytwelve/projectinsanity/g'


LD_LIBRARY_PATH="/home/onny/projects/onlyoffice-documentserver/src/DocumentServer-ONLYOFFICE-DocumentServer-5.2.7/core/build/lib/linux_64/:$LD_LIBRARY_PATH" ./AllFontsGen

compare command line argument to string

if [ "$1" = "-v" ]; then
	wf-recorder -g "$(slurp)" -f "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_wf-recorder.mp4')"
	slurp | grim -g - - | wl-copy && wl-paste > "$(xdg-user-dir PICTURES)/$(date +'%Y-%m-%d-%H%M%S_grim.png')"

file exists

if [ ! -f /tmp/foo.txt ]; then
    echo "File not found!"

program exit

exit 0 # okay
exit 1 # fail

receive signal bash

trap_with_arg() {
    func="$1" ; shift
    for sig ; do
        trap "$func $sig" "$sig"
func_trap() {
    echo "Trapped: $1"
trap_with_arg func_trap INT TERM EXIT
echo "Send signals to PID $$ and type [enter] when done."
read # Wait so the script doesn't exit.


Mit sed inplace eine Zeile zu einer Datei hinzufügen:

sed -i '9i#include <algorithm>' liboffsetfinder64/vmem.cpp

add to end of file

sed -i -e '$aretry $@'
Comment out specific line matching a string
<code bash>
sudo sed -e '/ s/^#*/#/' -i delugecontainer/etc/pam.d/login

comment out multiple lines / range

sed -i "28,33 s/# *//"

regex parse value of xml tags

sed -n 's/.*<id>\(.*\)<\/id>.*/\1/p' myfile.txt

delete multiple lines

sed -i '2,3d;5d;8d' file


regex match group

grep -Po "(?<=Version: )([0-9]|\.)*(?=\s|\$)" style.css


search for all files with specific extension in directory /

fd --type f -e fm . /

zip all files with specific file extension

fd -t f -e fm . / | zip source -@


post data

curl --data "UserId=eb8c2ec5352843d3a16ca11c26d3551c&Name=lolorollo&api_key=a5dc4e***9c9e0a***3" "***d***9e0***3"

download and extract archive

curl | tar xvz

set host header

torify curl --header "Host: http.pi"


specific ports

tcpdump -i eth0 -q '(tcp port 80) or (tcp port 443)' -A

exclude specific host

tcpdump -i eth0 -q '(ip or ip6) and (tcp port 80) or (tcp port 443) and not host' -A



diff -u original.c new.c > original.patch
patch < original.patch
# patch -p0 < original.patch
# patch -p1 -i packaging-fix.patch

creating patch

git commit -am "meine änderungen"
git format-patch "HEAD^"


custom ssh port

rsync -rvz -e 'ssh -p 2222' --progress --remove-sent-files ./dir user@host:/path

parallel, threaded

ls -1 | parallel rsync -a {} /destination/directory/


SSH public key deployen

ssh-copy-id alarm@

local port forwarding to remote

ssh -R
GatewayPorts yes



netcat -l 4444
netcat playground.pi 4444


nft list ruleset
nft flush ruleset
nft -f ruleset.nft

display handles, insert rule at position

nft -a list ruleset
nft add rule inet filter input position 17 tcp dport "{http, https}" accept
nft delete rule inet filter input handle 23


disable ipv6

sysctl net.ipv6.conf.all.disable_ipv6=1
sysctl net.ipv6.conf.default.disable_ipv6=1
sysctl net.ipv6.conf.lo.disable_ipv6=1


connection sharing. Iptables-Fu (internet0 ist das Interface, dass mit dem Internet verbunden ist):

sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o internet0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i net0 -o internet0 -j ACCEPT

picloud network sharing & port forwarding openwrt

sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i net0 -o wlan0 -j ACCEPT
iptables -I FORWARD -o br-lan -d -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 8096 -j DNAT --to
iptables -t nat -A OUTPUT -p tcp --dport 8096 -j DNAT --to
iptables -t nat -I PREROUTING -p tcp --dport 2222 -j DNAT --to
iptables -t nat -A OUTPUT -p tcp --dport 2222 -j DNAT --to



route command example

ip route add dev eth0
ip route add default via

flush addresses

ip addr flush dev enp8s0

remove interface

ip link delete br0

delete address

ip addr del dev eth0

set address

ip address add dev usb0
ip link set usb0 up

show only specific interface

ip a show wg0


minimal hostapd and dnsmasq config

#port=0 # disable dns
wpa_pairwise=TKIP CCMP



case "$action.$ifname" in
	systemctl restart systemd-networkd
ARGS="-fwI -u0 -d10"
systemctl restart ifupd@enp0s25
systemctl enable ifupd@enp0s25

document manipulation

pdf document manipulation


gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -dNOPAUSE -dQUIET -dBATCH 
-sOutputFile=output.pdf input.pdf

equalize output size and compress, where /printer = 300dpi

gs -sDEVICE=pdfwrite -dPDFSETTINGS=/printer -dNOPAUSE -dQUIET -dBATCH -sPAPERSIZE=a4 -dFIXEDMEDIA -dPDFFitPage -sOutputFile=output.pdf input.pdf

lossless merge

pdfunite in-1.pdf in-2.pdf in-n.pdf out.pdf

extract page range

pdftk campus_italia.pdf cat 1-280 output campus_italia_a1a2.pdf

insert into pdf

pdftk A=bigpdf.pdf B=insert.pdf cat A1-180 B A181-end output output.pdf

imagemagick picture to equal size pdf

i=300; convert a.png b.png -compress jpeg -quality 100 \
      -density ${i}x${i} -units PixelsPerInch \
      -resize $((i*827/100))x$((i*1169/100)) \
      -gravity center \
      -extent $((i*827/100))x$((i*1169/100)) multipage.pdf
convert a.jpeg b.pdf -compress jpeg -quality 70 -density 300x300 -units PixelsPerInch -resize 2481x3507 -gravity center -extent 2481x3507 multipage.pdf


Constant quality AV1. The CRF value can be from 0–63. Lower values mean better quality.

ffmpeg -i input.mp4 -c:v libaom-av1 -crf 30 -strict experimental av1_test.mp4

Burn subtitles, fast video conversion

ffmpeg -i Kawamata\ -\ La\ passage\ des\ chaises.mkv -vf subtitles=Kawamata\ -\ La\ passage\ des\ chaises.mkv -acodec copy -preset:v ultrafast Kawamata\ -\ La\ passage\ des\ chaises.mp4

batch convert images

for i in *.png ; do gm convert "$i" "${i%.*}.jpg" ; done

lossless mp3 merge

ffmpeg -f concat -i <(printf "file '%s'\n" ./*.mp3) -c copy output.mp3

lossless audio extraction

ffmpeg -i videofile.mp4 -vn -acodec copy audiofile.mp3

extract from mkv

n=`mkvinfo ${base}.mkv |grep "Track type" |grep -n "audio" |cut -d":" -f1`
audTrack=`echo "${n} - 1" |bc`
mkvextract tracks ${base}.mkv ${audTrack}:${base}.ac3



check for subdomains

torify subbrute


torify wfuzz -c --hc 404 -w /opt/wfuzz/wordlist/general/megabeast.txt
torify wfuzz -c --hc 404,403 -w /opt/wfuzz/wordlist/general/admin-panels.txt -w /opt/wfuzz/wordlist/general/extensions_common.txt

Preparing data for LFI scan

cat /var/cache/pkgfile/* | grep -a ".*/.*\.conf$" | sort | uniq > lfi

exploit kits

chromium / chrome

disable gpu blacklist, enable nouveau hardware acceleration

chromium --ignore-gpu-blacklist


Short example

 sudo systemctl start docker
 gpasswd -a onny docker
 docker run -d -p 80:80 rootlogin/nextcloud
 docker run -v /home/onny/projects/nextcloud-app-radio:/opt/nextcloud/apps/radio -d --name nextcloud -p 80:80 rootlogin/nextcloud

Debugging it

 docker run -i -t e326cbb922aa /bin/bash # exec shell of image
 docker exec -i -t e326cbb922aa /bin/bash # exec new shell running container 

Pull from repository

 docker pull eugeneware/docker-wordpress-nginx
 docker run -p 80:80 -d docker-wordpress-nginx
 docker ps
 docker commit e5a70884ac44 eugeneware/docker-wordpress-nginx:aenderungen1
 # docker stop / run
 docker run -t -i -v /home/onny/projects/web-whackspace:/usr/share/nginx/www/wp-content/themes/whackspace -p 80:80 -d e326cbb922aa
 docker run -i -t e326cbb922aa /bin/bash

Pull specific tagged image

docker pull rootlogin/nextcloud:develop

Build from Dockerfile

 cd  ~/projects/docker-invoiceplane-nginx
 sudo docker build -t="docker-invoiceplane-nginx" .
 sudo docker run -p 80:80 -d docker-invoiceplane-nginx

Build from URL

docker build -t nextcloud-testing

Delete image

docker rmi <image name / id>

Export and load image

docker save myimage > myimage.tar
docker load < myimage.tar

Remove all images and containers

docker system prune -a

docker stop all container

docker stop (docker ps -a -q)

prevent from auto start

docker update --restart=no 

docker commit container and rerun

$ docker ps  -a
CONTAINER ID        IMAGE                 COMMAND                  CREATED              STATUS                          PORTS               NAMES
    5a8f89adeead        ubuntu:14.04          "/bin/bash"              About a minute ago   Exited (0) About a minute ago                       agitated_newton
$ docker commit 5a8f89adeead newimagename
$ docker run -ti -v "$PWD/dir1":/dir1 -v "$PWD/dir2":/dir2 newimagename /bin/bash

wordpress docker image

version: '3'
     image: mysql:5.7
       - db_data:/var/lib/mysql
     restart: always
       MYSQL_ROOT_PASSWORD: somewordpress
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress
       - db
     image: wordpress:latest
       - .:/var/www/html/wp-content/themes/ausstellung-virtuell        
       - "8000:80"
     restart: always
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress

Note the mount instruction in the volumes section, providing the local theme to the wordpress container.

docker-compose up -d

Visit http: ===== eigenes system setup ===== ==== signatures ==== <code bash> gpg –keyserver –recv-keys 0x4E2C6E8793298290 # tor-browser-en aur packet </code> ===== ansible ===== Run single command <code bash> ansible playground.pi -i hosts -m shell -a “whoami” </code> Limit playbook to specific host from group <code bash> ansible-playbook -i hosts archlinux-syssetup.yml -l playground.pi –ask-become-pass </code> Running single ansible role <file - picloud.yml> roles: - { role: nsupdate, tags: nsupdate } </file> <code bash> ansible-playbook -i hosts –ask-become-pass picloud.yml –tags 'nsupdate' </code> Directly define server without inventory file <code bash> ansible-playbook -i “,” wgnas.yml –ask-become-pass </code> Skip specific role by tag <code bash> ansible-playbook –inventory-file=.vagrant/provisioners/ansible/inventory -v picloud.yml –skip-tags mount </code> ==== playbook ==== Include distribution specific vars, e.g. vars/Archlinux.yml or vars/Debian.yml <file - tasks/main.yml> - name: Include OS-specific variables. include_vars: “ansible_os_family.yml” </file> use encrypted vars with vault <code bash> ansible-vault encrypt_string –vault-password-file ~/.ansible_vault_pw my_secret </code> <file - vars/auth.yml> notsecret: myvalue mysecret: !vault | $ANSIBLE_VAULT;1.1;AES256 66386439653236336462626566653063336164663966303231363934653561363964363833313662 6431626536303530376336343832656537303632313433360a626438346336353331386135323734 62656361653630373231613662633962316233633936396165386439616533353965373339616234 3430613539666330390a313736323265656432366236633330313963326365653937323833366536 34623731376664623134383463316265643436343438623266623965636363326136 other_plain_text: othervalue </file> <code bash> ansible-playbook -i hosts -v piradio.yml –ask-become-pass –vault-password-file ~/.ansible_vault_pw </code> conditions <code yml> - name: Enable ufw service service: name: ufw enabled: yes when: ufw_state == “enabled” </code> ===== podcasts ===== kolhacampus archiv ^ sendung ^ genre ^ url ^ | PLUG-IN | drum&base | | <code> # FM4 La Boum de Luxe, Music EDM Techno Radio # SRF Virus Bounce, Music Hip Hop Radio </code> ===== atom editor ===== ==== plugins ==== * atom-html-preview * Usage CTRL-SHIFT-H * color-picker * Right click on color value (html/css) * teletype (collaboration for atom) * run script: strg+b * atom-beautify * Run command palette: Ctrl+Shift+P * Type Beautify and run Beautify Editor * preview markdown * Ctrl+Shift+m * language-vue ===== firejail ===== Running app without networking <code bash> firejail –net=none vlc </code> Running app in private mode (fresh home folder) <code bash> firefox –private firefox </code> Persistent user specific configuration <code bash> cat ~/.config/firejail/vlc.profile include /etc/firejail/vlc.profile net none </code> ===== nextcloud ===== Sync only a specific folder with nextcloud <code bash> nextcloudcmd pictures </code> ===== developement ===== ==== gcc ==== <code> -Werror=implicit-fallthrough= </code> <code> -Wno-implicit-fallthrough </code> ==== git ==== show remote origin <code bash> git remote show origin </code> change remote origin <code bash> git remote set-url origin gitlab@http-new.pi:onny/web-wikidict.git </code> tagging <code bash> git tag -a v0.1 -m 'whackspace wordpress theme init' </code> merge commits from a remote repository <code bash> git fetch master git branch -r git merge FETCH_HEAD “force pull”, overwrite local changes git fetch –all git reset –hard origin/master git branch git branch firefox45 git checkout firefox45 </code> new branch <code bash> git branch iss53 git checkout iss53 </code> git show all tags <code> git log –no-walk –tags –pretty=“%h %d %s” </code> delete last commit <code bash> git reset –hard HEAD~1 </code> remove sensitive files from repo <code> git filter-branch –force –index-filter \ 'git rm –cached –ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA' \ –prune-empty –tag-name-filter cat – –all git push origin –force –all git push origin –force –tags </code> rebase upstream <code bash> git clone cd dotfiles git remote add upstream git fetch upstream git rebase upstream/master </code> git cherry pick commit for specific files <code bash> git checkout 13243f2eafc4292917178051fe1bb5aab2774dca -p include/mmc.h drivers/mmc/mmc.c arch/arm/include/asm/arch-exynos/mmc.h drivers/mmc/s5p_sdhci.c common/cmd_mmc.c common/cmd_mmc_spi.c common/env_mmc.c include/sdhci.h </code> delete branch <code bash> git branch # list git branch -d swaybar </code> rebase <code bash> git remote add upstream git fetch upstream git checkout master git rebase upstream/master git push -f origin master </code> rebase branch <code bash> git checkout fragments git rebase upstream/master </code> squash commits <code bash> git rebase -i upstream/master # < choose squash for all of your commits, except the first one > # < Edit the commit message to make sense, and describe all your changes > git push origin omgpull -f </code> ===== yum ===== <code bash> yum install rpm-build rpmbuild –rebuild aiccu-2007.01.15-7.el6.src.rpm cd /root/rpmbuild/RPMS/x86_64 rpm -i aiccu-2007.01.15-7.el7.centos.x86_64.rpm </code> ===== tmux ===== copy all scrollback buffer into a file. Press keys: “Prefix + :” <code> capture-pane -S -3000 save-buffer filename.txt </code> ===== wine ===== installing msi <code bash> wine msiexec /i xyz.msi </code> ===== scanning ===== wireshark: filter only http traffic <code>http</code> arp-scan <code bash> arp-scan –interface=wlp3s0 –localnet </code> nmap use nse script <code bash> nmap -p 80 -n –open –script /usr/share/nmap/scripts/http-title.nse </code> ===== debian ===== which package provides file XY <code bash> apt-file update apt-file search netstat </code> extract deb package <code bash> ar x *.deb </code> ===== Makefile ===== define variables with preset which can be overwritten <code> DOCUMENT_ROOT ?= /var/www/onlyoffice/documentserver LOG_DIR ?= /var/log/onlyoffice/documentserver DATA_DIR ?= /var/lib/onlyoffice/documentserver/App_Data CONFIG_DIR ?= /etc/onlyoffice/documentserver CREATE_USER ?= TRUE </code> conditions <code> ifeq ($(CREATE_USER),TRUE) adduser –quiet –home ${DESTDIR}${DOCUMENT_ROOT} –system –group onlyoffice chown onlyoffice:onlyoffice -R ${DESTDIR}$(dirname {DOCUMENT_ROOT}) chown onlyoffice:onlyoffice -R ${DESTDIR}$(dirname {LOG_DIR}) chown onlyoffice:onlyoffice -R ${DESTDIR}$(dirname $(dirname {DATA_DIR})) endif </code> ===== mail ===== echo mail server <code> </code> * check spamminess of email server: * manual imap login openssl imaps login <code> openssl s_client -connect -crlf A login cypherpunk cypherpunk </code> get quota <code> a GETQUOTAROOT INBOX </code> get msg count of folder <code> a LIST INBOX * * LIST (\HasChildren) “.” INBOX * LIST (\HasNoChildren \UnMarked) “.” “INBOX.Deleted Messages” * LIST (\HasNoChildren \UnMarked) “.” “INBOX.Sent Messages” * LIST (\HasNoChildren \UnMarked \Trash) “.” INBOX.Trash * LIST (\HasNoChildren \UnMarked \Sent) “.” INBOX.Sent * LIST (\HasNoChildren \UnMarked) “.” INBOX.Notes * LIST (\HasNoChildren \UnMarked \Junk) “.” INBOX.Junk * LIST (\HasNoChildren \UnMarked \Drafts) “.” INBOX.Drafts * LIST (\HasNoChildren \UnMarked) “.” INBOX.AntiSpam a OK List completed (0.001 + 0.000 secs). a SELECT INBOX </code> send smtp mail <code> echo -n “username” | base64 # dXNlcm5hbWU= echo -n “password” | base64 # cGFzc3dvcmQ= openssl s_client -connect AUTH LOGIN ZGRkZGRkZGRk enp6enp6enp6eno= RCPT TO: admin@example.local Subject: I have some questions! Question 1: … DONE </code> ===== Android ===== installed apps <code> antennapod davx5 dbnavigator fdroid fennec icsx5 jellyfin keepassdx libreoffice vlc nextcloud quicklyric radiodroid signal soundhound spotify tasks documentviewer fdroid-privilegedextension </code> configurations * antennpod subscriptions * fdroid pi repo * davx calendar & contacts * jellyfin config * nextcloud config * signal backup * radiodroid station list * spotify config flash recovery <code bash> heimdall flash –RECOVERY twrp-3.2.1-1-serranoltexx.img </code> anbox <code bash> pacman -S anbox-git anbox-image anbox-modules-dkms-git modprobe binder_linux ashmem_linux systemctl restart anbox-container-manager systemctl –user restart anbox-session-manager anbox launch –package=org.anbox.appmgr –component=org.anbox.appmgr.AppViewActivity wget “” adb install FDroid.apk </code> ====== davdroid ====== <code> </code> In case of 2FA requires device specific password ===== vim ===== comment multiple lines <code> CTRL + V # visual block mode after selecting Shift + I # insert mode type # ESC </code> ===== onlyoffice ===== zitieren <code> Anführungszeichen öffnend: [Alt Gr] + [V] Anführungszeichen schließend: [Alt Gr] + [B] </code> ===== wayland ===== run x apps with root <code bash> xhost +SI:localuser:root sudo gparted </code> ===== gpg ===== <code bash> =⇒ Verifying source file signatures with gpg… aurutils-1.5.3.tar.gz … FAILED (unknown public key 6BC26A17B9B7018A) =⇒ ERROR: One or more PGP signatures could not be verified! =⇒ ERROR: Could not download sources. onny@http ~ % sudo -u aur gpg –recv-keys 6BC26A17B9B7018A </code> decrypt symmetric <code bash> gpg doc.gpg </code> ===== tools ===== * etcher: create windows, mac and linux usb flash installation sticks * * browsh: graphical terminal browser * meld compare folders * cpod github * flutter sdk * deezloader remix * scrcpy: access android screen via adb and control ist <code bash> ngrep -q -W byline “^(GET|POST) .*” ngrep -q -W byline “search” host and port 80 </code> * sec * * tiger - system sec scanner * sub domain evaluation * * * subfinder (passive, external sources) * vhost scanning * * bettercap - wifi network * iodine dns tunnel * command searchsploit in exploitdb * sys * usbtop * gotty share terminal via web * privacy * mat2 remove metadata from files * andoird * anbox android “emulator” linux systems * scrcpy access android phones with broken display via adb * piracy * smloadr * office * spice-up simple presentations * media * r128gain * * * * * Network hacking ===== pages ===== * unpaywall hack <code> </code> ===== openwrt ===== udate all packages <code bash> opkg update opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade </code> ===== dbus ===== dbus system monitor with filter <code bash> busctl –match “path=/net/connman/iwd” monitor </code> list tree <code bash> busctl tree net.connman.iwd </code> introspect available properties <code bash> busctl introspect net.connman.iwd /net/connman/iwd/636166652d6d6174732d67617374_psk </code> ===== systemd ===== service hardening <code> PrivateTmp=true ProtectHome=true # Mounts the /usr, /boot, and /etc directories read-only for processes invoked by this unit. ProtectSystem=full # Ensures that the service process and all its children can never gain new privileges NoNewPrivileges=true # Sets up a new /dev namespace for the executed processes and only adds API pseudo devices # such as /dev/null, /dev/zero or /dev/random (as well as the pseudo TTY subsystem) to it, # but no physical devices such as /dev/sda. PrivateDevices=true # Explicit module loading will be denied. This allows to turn off module load and unload # operations on modular kernels. It is recommended to turn this on for most services that # do not need special file systems or extra kernel modules to work. ProtectKernelModules=true # Kernel variables accessible through /proc/sys, /sys, /proc/sysrq-trigger, /proc/latency_stats, # /proc/acpi, /proc/timer_stats, /proc/fs and /proc/irq will be made read-only to all processes # of the unit. Usually, tunable kernel variables should only be written at boot-time, with the # sysctl.d(5) mechanism. Almost no services need to write to these at runtime; it is hence # recommended to turn this on for most services. ProtectKernelTunables=true # The Linux Control Groups (cgroups(7)) hierarchies accessible through /sys/fs/cgroup will be # made read-only to all processes of the unit. Except for container managers no services should # require write access to the control groups hierarchies; it is hence recommended to turn this on # for most services ProtectControlGroups=true # Restricts the set of socket address families accessible to the processes of this unit. # Protects against vulnerabilities such as CVE-2016-8655 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX # Takes away the ability to create or manage any kind of namespace RestrictNamespaces=true </code> ===== nixos ===== apply changes to system <code bash> nixos-rebuild switch </code> update channel, rebuild and switch <code bash> nixos-rebuild switch –upgrade </code> search package <code bash> nix search gedit </code> nixos testing environement <code bash> nix-shell -p toilet </code> install unstable package <code bash> nix-channel –add unstable nix-channel –update unstable nix-env -iA unstable.pdfarranger </code> custom local repository, list packages <code bash> nix-env -f /etc/nixos/apps -qaP '*' </code> install package from local repo <code bash> nix-env -f /etc/nixos/apps -iA xerox6000-6010 </code> package shell script <code> # Here we but a shell script into path, which lets us start sway.service (after importing the environment of the login shell). environment.systemPackages = with pkgs; [ ( pkgs.writeTextFile { name = “startsway”; destination = “/bin/startsway”; executable = true; text = #! ${pkgs.bash}/bin/bash # first import environment variables from the login manager systemctl –user import-environment # then start the service exec systemctl –user start sway.service ; } ) ]; </code> garbade collector <code bash> nix-collect-garbage -d </code> list package files <code bash> find $(nix eval -f /etc/nixos/apps –raw xerox6000-6010.outPath) </code> install package <code bash> nix-env -i icecat </code> remove package <code bash> nix-env -e icecat </code> list installed packages <code bash> # installed via configuration.nix nixos-option environment.systemPackages | head -2 | tail -1 | sed -e 's/ /\n/g' | cut -d- -f2- | sort | uniq # + dependencies nix-store –query –requisites /run/current-system nix-store –query –requisites /run/current-system | cut -d- -f2- | sort | uniq # list user packages nix-env –query </code> python virtualenv <code bash> nix-shell -p python3Packages.virtualenv python -m venv venv source venv/bin/activate pip install -r requirements.txt </code> local repository (nixpkgs clone) as systemwide channel <code bash> $ nix-build nixos/release.nix -A channel –arg nixpkgs '{ outPath = ./. ; revCount = “'$(git rev-list HEAD | wc -l)'”; shortRev = “'$(git rev-parse –short HEAD)'”; }' … /nix/store/hash-name/ $ sudo nix-channel –remove nixos $ sudo nix-channel –add file:/nix/store/hash-name/tarballs/thetarball.tar.xz nixos $ sudo nix-channel --update </code> test packages git pull request

  nixpkgs-tars = "";

  # FIXME iwd networks option
  pr75800 = import (fetchTarball
    { config = config.nixpkgs.config; };
  # FIXME nftables + docker
  pr81172 = import (fetchTarball 
    { config = config.nixpkgs.config; };
  nixpkgs.overlays = [
    (self: super:
        # FIXME: add iwd networks option
        inherit (pr75800) iwd;

retrieve hash

curl -sL \
                | head -n 1 | grep -o -E -e "[0-9a-f]{40}"

allow unfree package installation nix-env

env NIXPKGS_ALLOW_UNFREE=1 nix-env -f /home/onny/projects/nur-packages -iA ocenaudio

build local package

nix-build -E 'with import <nixpkgs> { }; callPackage ./default.nix { nodejs = pkgs."nodejs-10_x"; }'

rebuilding with progress indication

nix build '(with import <nixpkgs/nixos> { }; system)'	 
nixos-rebuild -I nixpkgs=/home/onny/projects/nixpkgs switch --max-jobs 1	 

quick launch program

nix run nixpkgs.electrum --command electrum

review repository

git clone
cd nixpkgs
nixpkgs-review pr 98044

setup python virtualenv, working pip How to consume python modules using pip in a virtual environment like I am used to on other Operating Systems?



{ fetchurl, }:

  pname = "librewolf-bin";
  version = "85.0.2-1";
  name = "${pname}-${version}";

  src = fetchurl {
    url = "${version}.x86_64.AppImage";
    sha256 = "0sapm4g4qs63sm640kxcjrngxnix524ms6mxnn0xz6p0xr8dz27r";

build package

cd /path/to/nixpkgs
nix-build -A nodePackages.<new-or-updated-package>

get checksum

nix-prefetch-url ''

running tests

echo "$PR_DIFF" | xargs editorconfig-checker -disable-indent-size

reviewing uncommited changes

nixpkgs-review wip



virtualisation.libvirtd.enable = true;
users.extraUsers.myuser.extraGroups = [ "libvirtd" ];
nix-env -iA nixos-unstable.nixopsUnstable
sudo mkdir /var/lib/libvirt/images
sudo chgrp libvirtd /var/lib/libvirt/images
sudo chmod g+w /var/lib/libvirt/images
sudo virsh pool-define-as default dir --target /var/lib/libvirt/images
sudo virsh pool-autostart default
sudo virsh pool-start default
nixops create -d example-libvirtd examples/trivial-virtd.nix
nixops deploy -d example-libvirtd
nixops list

connect to instance (deployment name: example-libvirtd, machine name: machine)

nixops ssh -d example-libvirtd machine

delete deployment, delete machine

nixops delete -d example-libvirtd
nixops destroy --include nix-http

start, stop destroy machine foo

nixops start --include foo
nixops stop --include foo
nixops destroy --include foo

list machines

nixops info



reset flash drive

dd if=/dev/zero of=/dev/sdX bs=2M count=32

change label (vfat etc)

fatlabel /dev/sdb1 "mystick"

resize extX partition

sfdisk -l /dev/sdb
# Disk /dev/sdb: 55.9 GiB, 60022480896 bytes, 117231408 sectors
# Disk model: CR60GB External 
# Units: sectors of 1 * 512 = 512 bytes
# Sector size (logical/physical): 512 bytes / 512 bytes
# I/O size (minimum/optimal): 512 bytes / 512 bytes
# Disklabel type: dos
# Disk identifier: 0x2486e7f7
# Device     Boot Start       End   Sectors  Size Id Type
# /dev/sdb1        2048 117231407 117229360 55.9G 83 Linux
e2fsck -f /dev/sdb1
resize2fs /dev/sdb1 50G
# resize2fs 1.45.5 (07-Jan-2020)
# Resizing the filesystem on /dev/sdb1 to 13107200 (4k) blocks.
# The filesystem on /dev/sdb1 is now 13107200 (4k) blocks long.
fdisk /dev/sdb
# 1. (d) delete partition
# 2. (n) create new partition
# 3. (p) primary
# 4. (1) partition number
# 5. (2048) start block, same as above
# 6. (+52428800K) last sector partition (13107200k*4k)
# 7. (a) partition is bootable flag
# 8. (w) write changes


restore snapshot

lvconvert --merge /dev/vg0/playground_snap


isoinfo -d -i /dev/cdrom | grep -i -E 'block size|volume size' 
dd if=/dev/cdrom of=test.iso bs=<block size from above> count=<volume size from above> status=progress


mount with offset

# find offset in testdisk, multiplay start sector with sector-bytes
mount -o loop,offset=1048576 /dev/sdb /mnt

mount webdav

mount.davfs remote


  • Theme: LateNight
  • Set Microphone Output to default Pulseaudio
env QT_QPA_PLATFORM=xcb mixxx


workgroup = WORKGROUP
server role = standalone server
security = user
map to guest = Bad Password

path = /mnt
writeable = no
browsable = yes
guest ok = yes
systemctl restart smb nmb


discover local services

avahi-browse --all --ignore-local --resolve --terminate


curlftpfs /mnt/ftp/ -o user=username:password,allow_other


npm init
npm install jquery@3.5.1 --save # see


Test gitlab-ci.yml, change into root dir, then:

gitlab-runner exec docker packaging

Where ''packaging'' is the name of the job.


Compress/decompress files and directories multithreaded

lrztar directory
lrzuntar directory.tar.lrz
lrzip filename
lrunzip filename.lrz
onny/notizen.txt · Last modified: 2021/05/31 13:54 by