Projects

PrivSec.dev

PrivSec.dev is a website made by me and a couple of friends. The goal is to provide practical privacy and security advice for the end user. You can think of it as a shared blog focusing on this topic.

We focus on in-depth system configuration, security analysis, and software/hardware recommendations. Our site is based on technical merits, not ideologies and politics.

ArcticFoxes.net

ArcticFoxes.net is a group of self hosted and federated services run by me. It consists of:

• A Matrix server using my hardened docker image. I also have a web client and TURN server as accessories for the Matrix server.
• A OpenVPN to ONC converter. This is a simple fork of thomkeh/ovpn2onc with a dark theme.

Most of the configurations and deployment files are available on GitHub.

Linux Setup Scripts

These are setup scripts I run on my Linux systems, and serve as the basis for my other setups. You can adapt them to deploy yours.

Features include, but are not limited to:

• Removal of unnecessary packages
• Hardened boot parameters
• Hardened sysctl settings
• Kernel module blacklist from Whonix’s security-misc
• Mac Address randomization for desktop installations
• SSH client and server hardening
• Installation of Hardened Malloc on Red Hat systems
• Installation and configuration of Microsoft Edge policies for desktop installations
• NTS setup
• Firewall setup

Fedora CoreOS Ignition Files

These are sample Butane/Ingition configuration files that you can adapt to quickly deploy a Fedora CoreOS server with the containers of your choice. They share the same hardening as the Linux Setup Scripts.

On Fedora CoreOS, I have also included systemd services to:

• Install and update gVisor at boot
• Update containers in a Docker Compose stack once a week.

Arch Setup Script

The Arch Setup Script is a script that I wrote to automate my Arch Linux installation which mimics openSUSE’s setup with BTRFS and Snapper. At the time, there was no other installer that does this nicely because they all use the same flat layout as recommended in the Arch Wiki. The downside of using this layout is that snapper rollback does not work properly and the user has to get into the Arch ISO to manually rollback their system. This could be solved by using the openSUSE’s layout for BTRFS, and I forked Easy Arch to do just that.

Over time, I have been adding more security/privacy related settings. Most of them are ported from the Linux Setup Scripts repo.

Microsoft Egde Policies

These are Microsoft Edge enterprise for the most secure web browsing experience.

You can read through them here.