JanKoppe

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

JanKoppe

import requests
import time
import icalendar
import datetime
import pytz
from colored import fg, bg, attr

def loopme():
    r = requests.get('https://fahrplan.chaos-west.de/35c3chaoswest/schedule/export/schedule.ics')

JanKoppe

variable "hcloud_token" {
}

provider "hcloud" {
    token = "${var.hcloud_token}"
}

resource "hcloud_server" "kube-master" {
    name = "kube-master"
    image = "ubuntu-18.04"

JanKoppe

#!/bin/bash

# Reminds you in xx minutes with notify-send, using at/atd

MINUTES=${1}
MESSAGE=${2:-reminder}

at now + "${MINUTES}" minutes << EOF
notify-send -c reminder -u critical 'Reminder from ${MINUTES} minutes ago' '${MESSAGE}'
EOF

JanKoppe

Running a Django app with gunicorn in a Docker container gets a bit tricky, when you try to expose Prometheus metrics (with e.g. https://github.com/korfuri/django-prometheus).

Every worker thread in gunicorn will be an entirely separate process, all RRD behind a single port. So, if you are running more than one worker thread (which you most likely do and should) you will need to let the workers each listen on a dedicated port, so your metrics will not get confused. You could try to add additional labels, but that still would come with a lot of problems. Running on a range of ports is supported quite well with korfuri/django-prometheus, as described here: https://github.com/korfuri/django-prometheus/blob/master/documentation/exports.md#exporting-metrics-in-a-wsgi-application-with-multiple-processes

This will be a bit uncomfortable though, especially if your app is hidden behind an ingress reverse proxy and you do not want to punch lots of holes into your firewall config, or create lots and lots of vhosts.

JanKoppe

Description

This simple script will take a picture of a whiteboard and use parts of the ImageMagick library with sane defaults to clean it up tremendously.

The script is here:

#!/bin/bash
convert "$1" -morphology Convolve DoG:15,100,0 -negate -normalize -blur 0x1 -channel RBG -level 60%,91%,0.1 "$2"

Results

JanKoppe

python manage.py shell

JanKoppe

/*
             LUFA Library
     Copyright (C) Dean Camera, 2012.

  dean [at] fourwalledcubicle [dot] com
           www.lufa-lib.org
*/

/*
  Copyright 2012  Dean Camera (dean [at] fourwalledcubicle [dot] com)

JanKoppe

This nginx configuration allows to restrict access via different methods to separate users.

This is very useful for private docker registries, where you want every member of your team to be able to fetch Docker images, but only some users (admins and CI users) to push new images to the registry.

Example:

• User write can use GET, POST, PUT, DELETE and everything else.
• User read can only use GET and HEAD.
• Anonymous users are denied access entirely.

JanKoppe

Grafana Cat Panel

Recent studies have shown that a steady flow of cute kitten pictures can increase work productivity by up to 100% and boost general morale. Therefore every dashboard should provide a cat panel.

Paste this code in a "Text" Panel with html mode and enjoy.