1
0
mirror of https://github.com/tommytran732/tommytran.io synced 2024-11-09 19:51:34 -05:00

Compare commits

..

No commits in common. "6eb2cc42f80039e10005015afe9957959ff7d54e" and "74715ae0c966c8477bd70c00a5af8809f13e0252" have entirely different histories.

7 changed files with 23 additions and 26 deletions

View File

@ -12,4 +12,12 @@ You can obtain the image by pulling `ghcr.io/tommytran732/synapse` or `quay.io/t
## Matrix.to ## Matrix.to
I made an Alpine Docker container for [Matrix.to](https://matrix.to) that you obtain by pulling `ghcr.io/tommytran732/matrix.to`. The default instance has been changed from [Element.io](https://app.element.io) to [ArcticFoxes.net](https://element.arcticfoxes.net). I made an Alpine Docker container for [Matrix.to](https://matrix.to) that you obtain by pulling `ghcr.io/tommytran732/matrix.to`. The default instance has been changed from [Element.io](https://app.element.io) to [ArcticFoxes.net](https://element.arcticfoxes.net).
## pamac-flatpak AUR
![pamac](/images/pamac.png)
I maintain the [`pamac-flatpak`](https://aur.archlinux.org/packages/pamac-flatpak), [`pamac-flatpak-gnome`](https://aur.archlinux.org/packages/pamac-flatpak-gnome), and [`libpamac-flatpak`](https://aur.archlinux.org/packages/libpamac-flatpak) AUR packages. Originally, they were forks of [`pacmac-all`](https://aur.archlinux.org/packages/pamac-all) and [`libpamac-all`](https://aur.archlinux.org/packages/libpamac-nosnap) with snapd removed. I found snapd to be quite annoying - it is yet another AUR package I don't need, requires `cgroupsv1` for confinement, does not integrate with `gnome-software`, makes lots of loopback mounts, and so on.
Nowadays, they are based on the [`pamac-nosnap`](https://aur.archlinux.org/packages?O=0&K=pamac-nosnap) package with some minor changes to make the build and installation process nicer and more convenient.

View File

@ -18,42 +18,31 @@ We focus on in-depth system configuration, security analysis, and software/hardw
[ArcticFoxes.net](https://arcticfoxes.net) is a group of self hosted and federated services run by me. It consists of: [ArcticFoxes.net](https://arcticfoxes.net) is a group of self hosted and federated services run by me. It consists of:
- [A Matrix server](https://matrix.arcticfoxes.net) using my [hardened docker image](https://github.com/tommytran732/Synapse-Docker). I also have a [web client](https://element.arcticfoxes.net) and TURN server as accessories for the Matrix server. - [A Matrix server](https://matrix.arcticfoxes.net) using my [hardened docker image](https://github.com/tommytran732/Synapse-Docker). I also have a [web client](https://element.arcticfoxes.net) and TURN server as accessories for the Matrix server.
- [A Nitter instance](https://nitter.arcticfoxes.net)
- [A OpenVPN to ONC converter](onc.arcticfoxes.net). This is a simpel fork of [thomkeh/ovpn2onc](https://github.com/thomkeh/ovpn2onc) with a dark theme. - [A OpenVPN to ONC converter](onc.arcticfoxes.net). This is a simpel fork of [thomkeh/ovpn2onc](https://github.com/thomkeh/ovpn2onc) with a dark theme.
Most of the configurations and deployment files are available on [GitHub](https://github.com/ArcticFoxes-net). Most of the configurations and deployment files are available on [GitHub](https://github.com/ArcticFoxes-net).
## Linux Setup Scripts ## Pterodactyl Script
![Glitched Tux](/images/glitched-tux.jpg) ![Pterodactyl](/images/pterodactyl.png)
These are setup [scripts I run on my Linux systems](https://github.com/TommyTran732/Linux-Setup-Scripts), and serve as the basis for my other setups. You can adapt them to deploy yours. The [Pterodactyl Script](https://github.com/tommytran732/Pterodactyl-Script) is a bash script I wrote to automate the fairly tedious installation process of the popuar Pterodactyl control panel. It comes with automatic SSL certificate generation using Certbot, MariaDB SSL, basic firewall configuration, Fail2ban, and optional phpMyAdmin support. With this script, a 30-40 minutes task for a seasoned system administrator could be completed in under 5 minutes. This is my most popular project to date, with over 150 stars on GitHub.
Features include, but are not limited to: ## Arch Install Script
- Removal of unnecessary packages
- Hardened boot parameters ![Arch Linux](/images/archlinux.jpg)
- Hardened sysctl settings
- Kernel module blacklist from Whonix's [security-misc](https://github.com/Kicksecure/security-misc/blob/master/etc/modprobe.d/30_security-misc.conf) The Arch Setup Script is a script that I wrote to automate my Arch Linux installation which mimics openSUSE's setup with BTRFS and Snapper. At the time, there was no other installer that does this nicely because they all use the same flat layout as recommended in the Arch Wiki. The downside of using this layout is that snapper rollback does not work properly and the user has to get into the Arch ISO to manually rollback their system. This could be solved by using the openSUSE's layout for BTRFS, and I forked Easy Arch to do just that.
- Mac Address randomization for desktop installations
- SSH client and server hardening Over time, I have been adding more security/privacy related settings by default (such as randomized MAC address, IPv6 Privacy, Apparmor, Kernel module blacklist, encrypted /boot). The project is still actively developed, and many of the changes I made are merged upstream as well.
- Installation of Hardened Malloc on Red Hat systems
- Installation and configuration of Microsoft Edge policies for desktop installations
- NTS setup
- Firewall setup
## Fedora CoreOS Ignition Files ## Fedora CoreOS Ignition Files
![Fedora CoreOS](/images/fedora-coreos.png) ![Fedora CoreOS](/images/fedora-coreos.png)
These are sample [Butane/Ingition configuration files](https://github.com/tommytran732/Fedora-CoreOS-Ignition) that you can adapt to quickly deploy a Fedora CoreOS server with the containers of your choice. They share the same hardening as the Linux Setup Scripts. These are sample [Butane/Ingition configuration files](https://github.com/tommytran732/Fedora-CoreOS-Ignition) that you can adapt to quickly deploy a Fedora CoreOS server with the containers of your choice.
On Fedora CoreOS, I have also included systemd services to: Out of the box, you will have a set of hardened boot parameters, sysctl settings, along with a set of kernel module blacklist from Whonix's [security-misc](https://github.com/Kicksecure/security-misc/blob/master/etc/modprobe.d/30_security-misc.conf). The configurations will also give you a basic setup with Firewalld, Fail2ban, seboolean, and NTS to tighten down security.
- Install and update gVisor at boot
- Update containers in a Docker Compose stack once a week.
## Microsoft Egde Policies I use these same configurations on my production servers.
![Microsoft Edge](/images/microsoft-edge.png)
These are Microsoft Edge enterprise for the most secure web browsing experience.
You can read through them [here](https://github.com/TommyTran732/Microsoft-Edge-Policies).

BIN
static/images/archlinux.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 120 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 21 KiB

BIN
static/images/pamac.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 141 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 394 KiB