The Quest for a Secure Wi-Fi AP on Linux (Realtek Edition)
I recently set out to turn my ThinkCentre into a high-security wireless access point. My goal was simple: spin up a dedicated AP for my VR setup using modern WPA3-SAE security.
The hardware? A Realtek RTL8822CE. The result? A lesson in Linux driver limitations.
If you are trying to force WPA3 on a Realtek card and seeing supplicant-timeout errors, this guide is for you. Here is how I hit the wall, and the “Maximum Security” WPA2 configuration I used to fix it while staying FIPS-compliant.
Building a 4TB Video Storage Stack on Fedora (Transmission + SMB)
I recently added a 4TB Seagate IronWolf HDD to my ThinkCentre Server to serve as a dedicated video storage and torrenting machine. To get the most out of the spinning rust, I needed a setup that minimizes fragmentation and network latency.
Here is the complete, non-interactive configuration guide for Fedora 43 Server, moving from a raw disk to a fully tuned streaming stack. All commands are executed as root.
The Hardware
- Disk: Seagate IronWolf 4TB (SATA, 5400RPM)
- OS: Fedora Linux 43 (Server Edition)
- Mount Point:
/srv/TORRENT
Step 1: Partitioning & Formatting
Since the drive is larger than 2TB, we must use GPT. We use sgdisk for non-interactive partitioning and mkfs.ext4 with specific flags to optimize for large video files.
Github Action Tips
how to debug events
- name: debig GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
echo "$GITHUB_CONTEXT"
- name: debig GitHub context
run: cat /home/runner/work/_temp/_github_workflow/event.json
how to run build steps with own custom container
Sometimes you have to run integration tests with own container which contains all devel-dependecies you need. Something crazy like this:
name: Pull Request Workflow
on:
...
env:
...
jobs:
own-container-jobs:
runs-on: ubuntu-latest
container: docker.io/yourpublicaccount/builder-container:1.0.0
services:
postgres:
...
redis:
...
steps:
- name: Check out repository code
uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('*/requirements/path.txt') }}
- name: Build seed VENV
run: |
# export PATH needs only if we have to build Psycopg2
# Psycopg2 uses pg_config to find the libraries at build time
export PATH=/usr/pgsql-10/bin:$PATH
cd seed_dir
python3.6 -m venv venv
./venv/bin/pip install -r requirements/path.txt
- name: Seed DB
run: |
cd seed_dir
./venv/bin/python ...
./venv/bin/alembic ...
- name: Build work VENV
run: |
cd work_dir
python3.8 -m venv venv
./venv/bin/pip install -r requirements/path.txt
- name: Run tests
run: |
cd work_dir
./venv/bin/pytest -v
If your contaner runs as a non-root user, you need to add some github-related things. See comments bellow.
…Find Who Is Logged in by Ssh Key Fingerprint
Old debian based OS
$ grep 'Accepted publickey' /var/log/auth.log
...
Oct 12 07:09:05 <hostname> sshd[54321]: Accepted publickey for <username> from <ip> port 12345 ssh2: ED25519 00:00:00:00:00:00:00:00:00:00:00:00:00:00
...
sudo -i -u username sh -c 'cat ~/.ssh/authorized_keys | sed "s/^/localhost /" > /tmp/authorized_keys'
ssh-keygen -l -f /tmp/authorized_keys | grep 00:00:00:00:00:00:00:00:00:00:00:00:00:00
256 00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@example.com (ED25519)
Modern RHEL/Debian based OS
$ journalctl -u sshd | grep 'Accepted publickey'
Oct 12 01:02:04 <hostname> sshd[54321]: Accepted publickey for <username> from <ip> port 12345 ssh2: ECDSA SHA256:ABCDEFGabcdefgABCDEFGabcdefgABCDEFGabcdefg
Oct 12 01:07:16 <hostname> sshd[54322]: Accepted publickey for <username> from <ip> port 12346 ssh2: RSA SHA256:abcdefgABCDEFGabcdefgABCDEFGabcdefgABCDEFG
Oct 12 07:24:13 <hostname> sshd[54323]: Accepted publickey for <username> from <ip> port 12347 ssh2: RSA SHA256:DEFGabcdefgABCDEFGabcdefgABCDEFGabcdefgABC
sudo -i -u username sh -c 'ssh-keygen -l -f ~/.ssh/authorized_keys'
2048 SHA256:abcdefgABCDEFGabcdefgABCDEFGabcdefgABCDEFG user1@example.com (RSA)
521 SHA256:ABCDEFGabcdefgABCDEFGabcdefgABCDEFGabcdefg user2@example.com (ECDSA)
4096 SHA256:DEFGabcdefgABCDEFGabcdefgABCDEFGabcdefgABC user3@example.com (RSA)