logo

Håvards page

Using systemd credentials to pass secrets from Hashicorp Vault to systemd services

Also posted on medium. When running services on a Linux system, there is the issue of how to pass in secrets that the service needs in a secure way. Usually this is done by creating a config file with credentials and then protecting this with file system permissions and also possible a Linux security module such as Apparmour or SELinux. This still leaves the issue that the credentials are stored in a plain text file, which can be compromised.

Running cec-client with Raspberry PI on Debian or Ubuntu 64-bit

Using cec-client with a raspberry pi on debian or ubuntu does not work out of the box, as the cec-client in the debian and ubuntu repositories has not been compiled with support for the propriary raspberry libraries. In addition, these libraries are 32-bit only. This is a guide in how to get this working. First you need to set up a 32-bit chroot environment. Install debootstrap and then run debootstrap --variant=buildd --arch=armhf bullseye /opt/cec-client/ You will then need to download the raspberry pi libraries.

Building a Debian GNU/Linux IPv6 home router

Introduction This short post describes how i configured my own IPv6 home router using Debian GNU/Linux. I used a Dreamplug, but any form of device with at least 2 NICs should be usable. Allthough this guide describes the setup using Debian, it should be no problem using another distribution or one of the BSD variants. I will not go into to many details about the configurations, for more information you should read the man pages and/or documentation.

Connecting to a Checkpoint Endpoint VPN using radius or SecureID with racoon

Introduction At work we use a Checkpoint Endpoint VPN and although SNX works, it is not ideal and I would much rather have native IPsec. Thus the quest began. I found this page which helped me get on the right track. I also found Andrew de Quincey’s patch. I then had all the components required to set this up. Setting it up Patching ipsec-tools You need to patch ipsec-tools with the patch from Andrew de Quincey to add support for Checkpoints xauth to ipsec-tools.