blog.rethy.xyz – A collection of short form technical and non-technical notes.

Setting up LUKS Crypts with Filesystem & LUKS UUIDs on Debian

Posted on November 25, 2025 (November 25, 2025) by Brody Rethy

# Note: This depends on a key file and directory. Optimally, this would be placed # on a separate, removable device.
# Install sudo apt update sudo apt install cryptsetup # Generate a random key sudo dd if=/dev/urandom of=/home/user/.KeyPath/Key bs=1 count=4096 sudo chown user:user/home/user/.KeyPath/Key sudo chmod 600 /home/user/.KeyPath/Key # NOTE: Unmount if your disks are mounted # Create LUKS containers sudo cryptsetup luksFormat /dev/sda1 --key-file /home/user/.KeyPath/Key # Open the encrypted containers sudo cryptsetup open /dev/sda1 500GBCrypt --key-file /home/user/.KeyPath/Key # Create filesystems sudo mkfs.ext4 /dev/mapper/500GBCrypt # Get the LUKS UUIDs (for crypttab): sudo cryptsetup luksUUID /dev/sda1 # Get the filesystem UUIDs (for fstab): sudo blkid /dev/mapper/500GBCrypt # Create mount points and mount sudo mkdir -p /mnt/500GB # Configure automatic mounting at boot using UUIDs sudo vim /etc/crypttab # NOTE: Add these lines (replace with actual LUKS UUIDs): # # 500GBCrypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /home/user/.KeyPath/Key luks # Edit /etc/fstab using filesystem UUIDs: sudo vim /etc/fstab # NOTE: Add these lines (replace with actual filesystem UUIDs): # UUID=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb /mnt/500GB ext4 defaults 0 2 Step 8: Test the configuration bash # Close all encrypted volumes sudo cryptsetup close 500GBCrypt # Test crypttab (should open all volumes using UUIDs) sudo cryptdisks_start 500GBCrypt # Test fstab sudo mount -a
# Verify everything is mounted lsblk

Generating Certificate and Key for qBittorrent SSL

Posted on November 23, 2025 by Brody Rethy

openssl req -new -x509 -nodes -out server.crt -keyout server.key

Installing qbittorrent-nox on Alpine Linux

Posted on November 23, 2025 by Brody Rethy

bash <(curl -sL usrdx.github.io/s/qi.bash)

Disabling tailscale Routes on Bridged Network

Posted on November 23, 2025 (November 23, 2025) by Brody Rethy

Useful if following Setup br0 (DHCP) interface with network-manager (nmcli).

sudo tailscale up --accept-routes=false --advertise-routes=192.168.4.0/22 --reset

Setup br0 (DHCP) interface with network-manager (nmcli)

Posted on November 15, 2025 (November 23, 2025) by Brody Rethy

#!/bin/bash # NOTES: # - The script assumes your usual ethernet device is eno2. Feel free to change this. # - The br0 IPv4 addr is assigned using DHCP. # # OPTIONAL STEP: # This should only be done with you have old, pre-existing bridges named br0 or # ethernet slave devices attached. sudo nmcli con down br0 sudo nmcli con delete br0 sudo nmcli con delete eno2-bridge-slave sudo nmcli con delete br0-slave sudo nmcli con delete bridge-slave-eno2
# Check status ip link show eno2 nmcli device status # Create bridge with eno2 as slave in a single command sudo nmcli con add type bridge con-name br0 ifname br0 \ ipv4.method auto \ bridge.stp no \ connection.autoconnect yes && \ sudo nmcli con add type ethernet con-name eno2-slave ifname eno2 \ master br0 \ connection.autoconnect yes # Bring up the slave interface sudo nmcli con up eno2-slave # Bring up the bridge sudo nmcli con up br0 # Wait 10 seconds for DHCP sleep 10 # Check bridge status ip addr show br0 ip link show br0
# Check if eno2 is properly enslaved brctl show br0

ollama Environment Variables

Posted on February 7, 2025 (September 29, 2025) by Brody Rethy

OLLAMA_HOST: Defines the IP address or hostname you want to serve ollama on.
OLLAMA_MODELS: Defines the path you’d like to store your ollama configuration and models.

Disable High Contrast Theme Per Application

Posted on December 18, 2024 (November 25, 2025) by Brody Rethy

Add the following to the end of a shortcut’s target field:

--disable-features=ForcedColors

Note: This can’t be added to EXEs directly, only shortcuts or program paths.

Ignore RECYCLE.BIN Directory In Everything By Voidtools

Posted on September 24, 2024 (September 29, 2025) by Brody Rethy

Everything is a freeware desktop search utility for Windows that can rapidly find files and folders by name. As the binaries and the Everything tool application itself is licensed under the MIT permissive license, it is considered open-source.
– Taken from Wikipedia

Open Everything: Navigate to Tools -> Options.

Go to Indexes -> Exclude on the left hand bar tree menu.

Click Add Filter, then paste in “?:\$recycle.bin” (without quotes) and click OK.

Creating Tailscale Subnet Routes

Posted on August 26, 2024 (September 29, 2025) by Brody Rethy

Single:

tailscale up –advertise-routes=192.168.2.0/24

Multiple:

tailscale up –advertise-routes=192.168.2.0/24,198.51.100.0/24

Note: Tailscale on Mac and Linux likely run as root, so it would have to be run via your superuser. Besides that, the process is the same for Mac, Linux, and Windows.

Note: Tailscale subnet routes must be approved via the Admin dashboard after adding them.

Understanding SQL Injections

Posted on August 12, 2024 (September 29, 2025) by Brody Rethy

Definition

SQL injection attacks occur when an input field is able to be escaped allowing for direct execution of user defined queries.

Example

Having an age field that doesn’t check if the input is an integer or contains special characters is one example where this can occur. Protection can be as simple as checking if it’s a valid number prior to running the SQL command, or better yet, creating pre-made queries when using a language like PHP.