Enter today's date in ISO format:
$ date -I
To include seconds:
$ date -Is

Ping scan subnet (find a Raspberry Pi):
$ nmap -sn 192.168.0.0/24
Port 22 scan subnet:
$ nmap -sS -p 22 192.168.10.0/24
- run as root to get device names

To SCP with spaces in path, escape the spaces and surround the whole arg with quotes.

Serial Terminal:
Minicom /dev/ttyACM0 115200 8N1 w/ Hardware flow control: yes works.
If not, send Break (ctrl-a F).
To enable on server side (systemd):
$ systemctl enable serial-getty@ttyS0.service
$ systemctl start serial-getty@ttyS0.service

How to list wifi networks:
$ sudo iw dev wlp58s0 scan

Show top 10 edited files in git repo:
$ git log --pretty=format: --name-only | sort | uniq -c | sort -rg | head -10

Recursively hash directory, then hash result:
$ md5deep -rl . | sort | md5sum

Redirect stderr to stdout and pipe: |&
Redirect stderr to stdout: 2>&1 (do it after)

Copy torrent but use hardlinks instead:
$ cp -al source dest

Byobu tmux toggle function keys:
Shift + F12
- do this if Alt+Arrow is letters

Get rid of extra byobu sessions:
$ tmux ls | grep ^_ | cut -f1 "-d:" | xargs -t -L1 -r tmux kill-session -t

Make a PDF look scanned:
$ convert "$1" -alpha Off -density 150 -colorspace gray -blur 0.5x0.5 -rotate 0.4 -level 40%,60% "scanned-$1"

Insert last arg: alt+.
Insert 2nd last arg: alt+_ alt+.
Insert 3rd last arg: alt+_ 2 alt+.

SSH reverse tunnel router admin:
$ ssh -L 2222:192.168.0.1:80 user@10.9.0.3
- open localhost:2222 in browser

Select a display over ssh:
$ export DISPLAY=:1

Spawn new shell with group assignments:
$ exec su -l $USER

xargs:
- converts stdin to arguments for commands that dont accept stdin
- used with echo, compacts a list to one line
- see each command xargs runs: --verbose
- dont run if stdin is empty: -r
- run command once per line: -L1
- convert stdin to argument:
$ echo 'foo' | xargs mkdir
- convert list to one line:
$ cat foo.txt | xargs echo
- run a command for each line:
$ cat foo.txt | xargs -L0 --verbose echo


Systemd
=======

Journalctl
----------

Examples:
$ journalctl --utc
$ journalctl -b  # display logs since boot
$ journalctl --since "2015-01-10" --until "2015-01-11 03:00"
$ journalctl --since 09:00 --until "1 hour ago"
$ journalctl -u nginx.service -u php-fpm.service --since today


Bash scripting
==============

Always quote variables when you use them.
Run set -eu to crash when on errors and when using unset variables.
Use basedir to just get filename.

Gpg sign, encrypt, and armour:
gpg -sear [NAME]

Get window's handle with xdotool:
xdotool search --name "Google Play"

Get window's position and size with xdotool:
xdotool getwindowgeometry 44047673
Subtract 10 from the Y position, and 82 from the Y


Keyboard Shortcuts
==================

Focus Keepass, Super+Z: bash /home/tanner/scripts/focuskeepass.sh
Arrange Desktop, Super+X: /home/tanner/scripts/arrangedesktop.sh
Home Controller: Super+C: /home/tanner/scripts/homecontroller.sh
Toggle light 0, Super+1: /home/tanner/scripts/homecontroller.sh 0
Open terminal, Super+T: xfce4-terminal
Rofi, Super+`: rofi -combi-modi window,run -show combi -normal-window

** set "switch windows" to alt-tab to make it normal

Make right alt normal:
- tweak tool > keyboard & mouse > Additional Layout Options button
- expand "Key to choose 3rd level"
- deselect Right Alt


Nginx
=====

Log rotate /etc/logrotate.d/nginx:
    size 100M
    missingok
    rotate 20
    compress
    delaycompress
    notifempty
    create 0640 www-data adm

Logging /etc/nginx/nginx.conf:
    # Make sure to copy the GeoIP files!
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    geoip_city /usr/share/GeoIP/GeoIPCity.dat;
    log_format tannersformat '[$time_iso8601] $remote_addr ($geoip_city, $geoip_country_code) $request_method "$server_name$request_uri" $status "$http_referer" "$http_user_agent"';
    access_log /var/log/nginx/access.log tannersformat;
    error_log /var/log/nginx/error.log;

$ wget https://t0.vc/f/GeoIPCity.dat
$ sudo mv GeoIPCity.dat /usr/share/GeoIP/GeoIPCity.dat


OpenVPN
=======

Setup:
$ sudo su root
- follow steps here:
- https://wiki.debian.org/OpenVPN#TLS-enabled_VPN
  - skip editing vars
  - add random data to /etc/openvpn/easy-rsa/pki/.rnd to get rid of error messages
  - use the # ./easyrsa [command] methods
  - encrypt CA with password
  - build the optional intermediate CA
- https://wiki.debian.org/OpenVPN#Static-Key_VPN
  - improves security
- set auth SHA256
- save config file to /etc/openvpn/server.conf
- * set root's shell back to /bin/false *

Static IP:
- create a client (ie. "mediaserver") with easyrsa
$ mkdir /etc/openvpn/ccd
- edit /etc/openvpn/ccd/mediaserver:
ifconfig-push 10.8.0.100 255.255.255.0
- edit /etc/openvpn/server.conf:
client-config-dir /etc/openvpn/ccd

Routing / port forward:
- edit /etc/sysctl.conf:
net.ipv4.ip_forward=1
- edit /etc/default/ufw:
DEFAULT_FORWARD_POLICY="ACCEPT" 
- edit /etc/ufw/before.rules at the top:
*nat
:POSTROUTING ACCEPT [0:0]
# ssh port forwarding
-A PREROUTING -d 159.203.223.101 -p tcp --dport 43655 -j DNAT --to-dest 10.8.0.100:43655
-A POSTROUTING -d 10.8.0.100 -p tcp --dport 43655 -j SNAT --to-source 10.8.0.1
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
$ sudo ufw disable && sudo ufw enable
$ sudo sysctl net.ipv4.ip_forward=1
- source: https://gist.github.com/kimus/9315140

Systemd fix:
- ensure config file is at /etc/openvpn/server.conf
$ sudo systemctl start openvpn@server
$ sudo systemctl enable openvpn@client
$ sudo systemctl daemon-reload
$ sudo service openvpn restart
- verify stop / start with ps aux | grep openvpn
- do same for "client"
- source: https://ubuntu.com/server/docs/service-openvpn

Systemd client:
$ sudo mv vpn2-client.ovpn /etc/openvpn/client.conf
$ sudo chown root:root /etc/openvpn/client.conf
$ sudo chmod 600 /etc/openvpn/client.conf
- if there's a password:
$ sudo -E vim /etc/openvpn/auth.txt
$ sudo chmod 600 /etc/openvpn/auth.txt
- add password to file
- add "askpass /etc/openvpn/auth.txt" to config file
- set up systemd:
$ sudo systemctl start openvpn@client
$ sudo systemctl enable openvpn@client
$ sudo systemctl daemon-reload
$ sudo service openvpn restart

Disable routing traffic over VPN:
- remove all "redirect-gateway" lines in client config

Gnome client:
- vpn settings, add
- import from file, select vpn2-client.ovpn
- add missing private key from /home/tanner/.cert/nm-openvpn/
- add password gush-tilt-shine-chute-pace-gecko


New Desktop
-----------

$ sudo apt install git tree htop byobu unattended-upgrades curl axel man-db vim vim-gtk netcat xfce4-terminal firefox chromium keepassxc mpv network-manager-openvpn-gnome bash-completion xdotool mlocate ncdu
$ sudo apt remove firefox-esr
- set up home directory...

Firefox extentions:
- Cookie AutoDelete
- Decentraleyes
- HTTPS Everywhere
- I dont care about cookies
- New Tab Override
- NoScript
- Privacy Badger
- SponsorBlock
- uBlock Origin

Fix popping after audio stops (disable audio power save):
$ sudo bash -c 'echo 0 > /sys/module/snd_hda_intel/parameters/power_save'
- to persist append to /etc/modprobe.d/audio_disable_powersave.conf:
options snd_hda_intel power_save=0