Git/tommytran.io
1
0
Fork 1
mirror of https://github.com/TommyTran732/tommytran.io.git synced 2025-10-11 13:05:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f1f7a398b1756a8b817dcf93280eeb0d4d02ae0e
tommytran.io/content/posts/projects/index.md
Tommy f1f7a398b1 Initial file upload
2025-09-29 08:27:44 +00:00

3.2 KiB
Raw Blame History

title, date
title date
My Projects 2022-09-02

These are some of my most notable projects. For a complete list, please visit my GitHub profile.

PrivSec.dev

PrivSec.dev is a website created by me and a few friends to provide practical privacy and security advice for end users. Think of it as a shared blog focused on this topic.

We emphasize in-depth system configuration, security analysis, and software/hardware recommendations, prioritizing technical merits over ideologies or politics.

Polarix Containers

Polarix Containers is a collection of OCI containers designed to enhance security compared to upstream builds.

Some containers are daily rebuilds of upstream containers, while others are rebuilt from scratch using Alpine Linux or Red Hat UBI with unprivileged users, maintaining upstream compatibility. Most builds include hardened_malloc for added security.

Polarix Containers serve as the foundation for my other projects, such as Metropolis.nexus.

Metropolis.nexus

Metropolis.nexus is a collection of services I offer free of charge, including but not limited to:

  • Matrix
  • Mastodon
  • Vaultwarden
  • Redlib
  • Traccar
  • Stirling PDF
  • Signature PDF

The Metropolis-nexus GitHub organization contains repositories documenting the system's setup. Key subprojects include:

Linux Setup Scripts

These setup scripts are used on my Linux systems and include hardening configurations such as:

  • Removal of unnecessary packages
  • Hardened boot parameters
  • Hardened sysctl settings
  • Kernel module blacklist from SecureBlue
  • SSH client and server hardening
  • Systemd hardening
  • Installation of Hardened Malloc on Red Hat systems
  • NTS setup

Fedora CoreOS Ignition Files

These Butane/Ignition configuration files enable rapid deployment of Fedora CoreOS servers with the same hardening as the Linux Setup Scripts.

They also include systemd services to:

  • Install and update gVisor at boot
  • Update containers in a Docker Compose stack daily

NGINX Configs

My reverse proxy setup is available in this repository. It includes:

  • TLS configuration with strong cipher suites
  • A robust set of security headers
  • Content security policies for various services
  • ModSecurity configuration
  • Systemd hardening for system services

QubesOS scripts

My QubesOS scripts configure Qubes virtual machines with the same hardening as my Linux setup scripts, tailored for Qubes' unique environment. I also provide documentation on how I set up my daily driver — a ThinkPad P53 — with Qubes for maximum privacy and security.

Microsoft Egde Policies

Microsoft Edge can be one of the best browsers when configured properly, but it is privacy-invasive and has a large attack surface by default. My list of policies configures it for improved privacy and security.