Los archivos multimedia contienen metadatos (EXIF, XMP, UserData, etc.) que pueden revelar información sensible. Para privacidad, se recomienda eliminarlos. exiftool manipula metadatos directamente, pero falla con estructuras complejas (como sidx). ffmpeg reenvuelve el archivo sin modificar el contenido, ideal para casos problemáticos.
This guide is a step by step meant to reproduce my workstation environment after a hard wipe of the disk.
This includes: Debian 13 official free repos, Librewolf repo, Mullvad browser repo, full Proton desktop suite, Neovim, tmux and a set of my favorite packages from apt; some for work/productivity, some for customization and some for fun.
Do not use any network.
Use entire disk + guided partition + encrypted Logical Volume.
Use a separated /home partition.
Select Debian desktop environment and Gnome.
But it's not If we don't connect to the internet during installation (for example because we only have access to an unsecured network), so we use the GNOME GUI NetworkManager.
First make the file be only accessible by our everyday user:
For some reason ProtonVPN has the file URL and the checksum published on this support article: How to install the Proton VPN GUI app on Debian.
I failed to find a .json file similar to the other products. I did foud a Release gpg key on the protonvpn repository but the checksum on the support article works fine so we use that.
net.ipv4.tcp_syncookies = 1 – enables SYN-cookies to mitigate SYN-flood attacks that could exhaust the TCP connection table.
net.ipv4.conf.all.rp_filter = 1 – activates reverse-path filtering, discarding packets with source addresses that do not match the expected output path, avoiding spoofing and reflections.
net.ipv4.conf.all.accept_redirects = 0 – ignores ICMP redirects, preventing an attacker from modifying the host's route table.
net.ipv4.icmp_echo_ignore_broadcasts = 1 – blocks responses to broadcast pings, preventing the machine from participating in DDoS amplification attacks.
kernel.randomize_va_space = 2 – enables full ASLR, increasing the randomness of memory layout and making it more difficult to exploit vulnerabilities.
kernel.kptr_restrict = 2 – Hides kernel symbols in /proc/kallsyms from unprivileged users, reducing the information available to local attackers.
fs.suid_dumpable = 0 – prevents processes with SUID/SGID from generating core dumps, avoiding the exposure of sensitive data in case of failures.
cat<< EOF > ~/Music/eq_presets/fix_ef_pe.sh#!/usr/bin/env bash# Replace with 'input' if you want to convert input presetsection='output'# Convert boolean and numeric strings + replace invalid empty blocklistperl -i -pe 's/"(true|false|[\d\.-]+)"/$1/g; s/(?<="blocklist": )""/[]/g' "$@"# Fix plugins order using v5 state field (your set up plugin order is preserved)for f in "$@"; do # Extract active plugins in right order po_src=$(jq ".$section"' | . as $out | .plugins_order | .[] | . as $pn | select($out | to_entries | .[] | .key as $key | select(["blocklist", "plugins_order"] | any(. == $key) | not) | select(.value.state != false) | .key == $pn)' "$f" -r) # Replace order array in config with new one jq --arg po "$po_src" '($po | split("\n")) as $poa | '".$section.plugins_order"' = $poa' "$f" >tmp mv tmp "$f"doneEOFchmod+x~/Music/eq_presets/fix_ef_pe.sh
cd~/Music/eq_presets/fix_ef_pe.sh
./fix_ef_pe.sh*.json
Setup anime girl background and transparent xfce terminal. Make terminal maximize on start, remove scrollbar, remove all terminal key-binds but full-screen. Set rose-pine color theme in settings.
Make VPN GUI launch at startup, setup kill-switch, netshield, ipv6 support, automatic connection to México.
Enable and customize gnome shell extensions.
Install Top Bar Customizer from gnome user extensions and sort the top bar.
Login into NextCloud accounts via Desktop app. Login into Nextcloud accounts via Gnome Accounts.
Setup proton mail bridge.
Login into IMAP & SMPT Accounts via Gnome accounts.
Docker Compose es una herramienta que simplifica la orquestación de contenedores, permitiendo definir y gestionar servicios multi-contenedor mediante un archivo YAML. Combinado con Nginx —un servidor web y proxy inverso eficiente—, ofrece una solución robusta para desplegar aplicaciones web de forma reproducible y aislada. Este artículo explica cómo implementar Nginx en un VPS con Debian/Ubuntu usando Docker Compose, incluyendo ejemplos prácticos y configuraciones avanzadas.
Permite definir servicios, redes y volúmenes en un archivo docker-compose.yml, facilitando la gestión de aplicaciones en contenedores. Sus ventajas incluyen:
Reproducible: Configuración declarativa del entorno.
Aislamiento: Servicios independientes con recursos dedicados.
Portabilidad: Funciona en cualquier sistema con Docker instalado.
dockernetworkcreatenginx_net# Red para conectar todos los serviciosdockervolumecreateshared_confs# Volumen para configs de Nginxdockervolumecreatecertbot_www# Volumen para desafíos ACME (Certbot)dockervolumecreatecertbot_conf# Volumen para certificados SSL
services:nginx:image:nginx:alpineports:-"80:80"-"443:443"volumes:-shared_confs:/etc/nginx/conf.d# Configs centralizadas-certbot_www:/var/www/certbot# Certbot challenges-certbot_conf:/etc/letsencrypt# Certificados SSLnetworks:-nginx_netrestart:unless-stoppedcertbot:image:certbot/certbotvolumes:-certbot_www:/var/www/certbot-certbot_conf:/etc/letsencryptnetworks:-nginx_netentrypoint:"/bin/sh-c'trapexitTERM;while:;docertbotrenew;sleep12h&wait$${!};done;'"depends_on:-nginxrestart:unless-stoppedvolumes:shared_confs:external:true# Usa el volumen creado manualmentecertbot_www:external:truecertbot_conf:external:truenetworks:nginx_net:external:true# Usa la red creada manualmente
server{listen443sslhttp2;server_nameodoo.tudominio.com;# Certificados SSL (generados por Certbot)ssl_certificate/etc/letsencrypt/live/odoo.tudominio.com/fullchain.pem;ssl_certificate_key/etc/letsencrypt/live/odoo.tudominio.com/privkey.pem;# Configuración SSL recomendadassl_protocolsTLSv1.2TLSv1.3;ssl_prefer_server_cipherson;# Proxy a Odoolocation/{proxy_passhttp://web_aledev:8069;# Nombre del servicio en Dockerproxy_set_headerHost$host;proxy_set_headerX-Real-IP$remote_addr;proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;proxy_set_headerX-Forwarded-Proto$scheme;}# WebSocket (para chat en vivo)location/websocket{proxy_passhttp://web_aledev:8072;proxy_set_headerUpgrade$http_upgrade;proxy_set_headerConnection"upgrade";}}# Redirección HTTP → HTTPSserver{listen80;server_nameodoo.tudominio.com;return301https://$host$request_uri;}
services:web_aledev:image:odoo:16depends_on:-db_aledevports:-"8069:8069"# Odoo HTTP-"8072:8072"# Longpolling (WebSocket)volumes:-odoo-data:/var/lib/odooenvironment:-HOST=db_aledev# Conexión a PostgreSQLnetworks:-nginx_net# Misma red que Nginxdb_aledev:image:postgres:15environment:-POSTGRES_DB=postgres-POSTGRES_USER=odoo-POSTGRES_PASSWORD=odoovolumes:-postgres-data:/var/lib/postgresql/datanetworks:-nginx_netconfig_loader:image:alpinecommand:sh -c "cp /config/odoo.conf /etc/nginx/conf.d/"volumes:-./nginx.conf:/config/odoo.conf-shared_confs:/etc/nginx/conf.dnetworks:-nginx_netvolumes:odoo-data:postgres-data:networks:nginx_net:external:true# Usa la red compartida
Si falla, revisa que ambos servicios estén en la misma red (nginx_net).
Nota Final: Esta estructura permite escalar a N proyectos sin modificar la configuración base de Nginx. Cada proyecto vive en su propia carpeta con su propio docker-compose.yml, conectándose a través de la red compartida.
When building Python from source using pyenv, several dependencies are required to ensure a successful installation. This document provides a detailed overview of these dependencies, their purposes, and links to their official documentation.
Building Python from source can provide flexibility and control over the Python environment. However, it requires certain libraries and tools to be installed on your system. This document outlines the essential dependencies needed for a successful build on Debian-based systems.
This library provides the development files for OpenSSL, which is used for implementing SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols.
Secure Communications: While building Python, the libssl-dev library is necessary for enabling secure communications in various Python modules and libraries that rely on SSL/TLS for secure data transmission. This includes:
HTTP Requests: Libraries like urllib and requests use SSL/TLS to secure HTTP connections (HTTPS).
Secure Sockets: The socket library in Python can create secure connections using SSL/TLS, which is essential for applications that require secure data transfer over networks.
Cryptography: Many Python packages that deal with cryptography or secure data handling require OpenSSL for encryption and decryption processes.
This library allows for advanced input handling, including command history and line editing, which enhances the user experience in interactive Python sessions.
Python is a high-level, interpreted programming language known for its readability and versatility. It is primarily written in C, which allows it to achieve performance close to that of lower-level languages while maintaining the ease of use associated with higher-level languages. The core of Python, often referred to as CPython, is implemented in C and provides the foundational runtime environment for executing Python code.
When building Python from source, several external libraries and development tools are required to ensure that the resulting binary is fully functional and capable of supporting various features. These dependencies are crucial for several reasons:
Compilation and Linking:
The build process involves compiling C code into machine code. The build-essential package provides the necessary compilers (like GCC) and tools (like make) to perform this task. Without these tools, the source code cannot be transformed into an executable binary.
Standard Library Functionality:
Python's standard library is extensive and includes modules that rely on external libraries for specific functionalities. For example:
libssl-dev: This library is essential for enabling secure communications through SSL/TLS protocols. Many standard library modules, such as http.client and ssl, depend on OpenSSL for secure socket connections. This is critical for applications that require secure data transmission over networks, such as web applications and APIs.
libsqlite3-dev: SQLite is embedded within Python as a lightweight database engine. The sqlite3 module in Python allows for database operations, and its functionality is contingent upon the presence of this library during the build process.
Data Compression and File Handling:
Libraries like libbz2-dev and zlib1g-dev are required for handling compressed files. Python's standard library includes modules such as bz2 and gzip, which facilitate reading and writing compressed data. These modules are often used in data processing applications, making the presence of these libraries essential for full functionality.
Input Handling and User Interaction:
The libreadline-dev library enhances the interactive experience of Python by providing line-editing capabilities and command history. This is particularly important for the Python REPL (Read-Eval-Print Loop) and interactive shells, where user input is a fundamental aspect of the programming experience.
Foreign Function Interface:
The libffi-dev library allows Python to interface with C libraries directly. This capability is crucial for many third-party packages that require performance optimizations or need to leverage existing C libraries. The ability to call C functions from Python code expands the language's capabilities and allows for seamless integration with other software.
Database Management:
The libgdbm-dev library provides support for the GNU database manager, which is used by some Python applications for persistent data storage. This library is essential for applications that require efficient data retrieval and storage mechanisms.
Internationalization Support:
The libncurses5-dev and libncursesw5-dev libraries are used for creating text-based user interfaces in terminal applications. These libraries are important for command-line tools and applications that require user interaction through a terminal interface, especially in internationalized contexts where wide character support is necessary.
Compression Algorithms:
The liblzma-dev library supports LZMA compression, which is used in various applications for efficient data storage. Python's lzma module relies on this library to provide compression and decompression functionalities.