Laxman Singh Laxman-SM

## WinSCP_Upload_SFTP.ps1
# Download and install .NET assembly at: https://winscp.net/eng/downloads.php#additional
# This process will send SNS notifications upload upload failure.
# Define connection parameters and globals
$server = '<127.0.0.1>'
$sftpUser = '<sftp_user>'
$ssmParam = '<sftp_password>'
$awsRegion = '<us-east-1>'
$snsTopic = '<sns_topic>'
$snsSubject = 'An error has occurred in production SFTP[IAM]'
$sftp_pass = (Get-SSMParameter -Region $awsRegion -Name $ssmParam -WithDecryption $true).Value

## assume-role.sh
#!/bin/bash

export AWS_REGION="us-west-2"

account_id=$1
temp_role=$(aws sts assume-role \
                    --role-arn "arn:aws:iam::${account_id}:role/AWSControlTowerExecution" \
                    --role-session-name "aws-ct-mgmt")

unset AWS_ACCESS_KEY_ID

## sftp.yaml
# This kubernetes manifest for http://github.com/atmoz/sftp is made by ToMe25, based on a similar one by jujhars13.
#
# Usage:
# 1. Create the sftp namespace using `kubectl create namespace sftp`.
# 2. Copy your `~/.ssh/id_rsa.pub` file(can be generated with `ssh-keygen` if missing) to a new folder named `client_keys`.
#    Also add the `id_rsa.pub` files of all other users you want to be able to log in without a password to this folder.
# 3. Create host keys for the sftp server in a new folder named `host_keys` by running `ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key`
#    and `ssh-keygen -t ed25519 -f ssh_host_ed25519_key` in it.
# 4. Create a Kubernetes secret from the client keys by running `kubectl create secret generic sftp-client-public-keys -n sftp --from-file=client_keys`.
# 5. Create another Kubernetes secret from the host keys by running `kubectl create secret generic sftp-host-keys -n sftp --from-file=host_keys`.

## Fix-NetworkManager-VPN-DNS.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                Laxman-SM
                / Fix-NetworkManager-VPN-DNS.md
            
            
              Created
              December 7, 2022 12:35
                — forked from tavinus/Fix-NetworkManager-VPN-DNS.md
            
              
                Make Linux NetworkManager apply DNS from VPN
              
          
    The Problem

Injecting a DNS server from a VPN can be troublesome in Linux.
If you are not using Network Manager, you can fix this issue by adding the resolvconf script to your VPN config.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


## gist:6c8f27d9a95b1bb029a6754634db2413
Create IAM User (This is uses instead of using the ROOT User)
  1- Search and navigate to IAM page
  2- Choose User then Add User
  3- Select the name "My_OTA_User" for example
  4- For access type Select whatever you like (we can use Paragmmatic access)
  5- Select attach existence policy and search for and select the following
      - AmazonFreeRTOSFullAccess
      - AmazonFreeRTOSOTAUpdate
      - AWSIoTFullAccess
  6- Select Create User and download the credentials CSV file

## fetch-azure-policy-meta.sh
#!/bin/bash

i=0
done=0

url="https://management.azure.com/providers/Microsoft.PolicyInsights/policyMetadata?api-version=2019-10-01"
while [ $done -ne 1 ]
do
  echo az rest --output-file "pm-${i}.json" --url "$url"
  az rest --output-file "pm-${i}.json" --url "$url"

## setup_aks_cilium.sh
#!/usr/bin/env bash

set -euo pipefail

AZURE_RESOURCE_GROUP=$1
CLUSTER_NAME=$2
LOCATION=$3


AZURE_NODEGROUP=$(az aks show -n ${CLUSTER_NAME} -g ${AZURE_RESOURCE_GROUP} -o tsv --query nodeResourceGroup)

## nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 65535;
events { worker_connections 10000; }

http {
  map $http_upgrade $connection_upgrade {
        default upgrade;
        ‘’ close;

## teams-to-workspaces.tf
# Start w/ a data source to get a list of all the workspaces
# See: https://www.terraform.io/docs/providers/tfe/d/workspace_ids.html
data "tfe_workspace_ids" "all-workspaces" {
  names        = ["*"]
  organization = "my-org-name"
}

# Look up the ID of the teamn you're looking to map
# See: https://www.terraform.io/docs/providers/tfe/d/team.html
data "tfe_team" "architects" {

## .gitignore
 ________  ________  ___  __    ___
|\_____  \|\   __  \|\  \|\  \ |\  \
 \|___/  /\ \  \|\  \ \  \/  /|\ \  \
     /  / /\ \   __  \ \   ___  \ \  \
    /  /_/__\ \  \ \  \ \  \\ \  \ \  \
   |\________\ \__\ \__\ \__\\ \__\ \__\
    \|_______|\|__|\|__|\|__| \|__|\|__|

ignore Azure, GCP
	# Download and install .NET assembly at: https://winscp.net/eng/downloads.php#additional
	# This process will send SNS notifications upload upload failure.
	# Define connection parameters and globals
	$server = '<127.0.0.1>'
	$sftpUser = '<sftp_user>'
	$ssmParam = '<sftp_password>'
	$awsRegion = '<us-east-1>'
	$snsTopic = '<sns_topic>'
	$snsSubject = 'An error has occurred in production SFTP[IAM]'
	$sftp_pass = (Get-SSMParameter -Region $awsRegion -Name $ssmParam -WithDecryption $true).Value
	#!/bin/bash

	export AWS_REGION="us-west-2"

	account_id=$1
	temp_role=$(aws sts assume-role \
	--role-arn "arn:aws:iam::${account_id}:role/AWSControlTowerExecution" \
	--role-session-name "aws-ct-mgmt")

	unset AWS_ACCESS_KEY_ID
	# This kubernetes manifest for http://github.com/atmoz/sftp is made by ToMe25, based on a similar one by jujhars13.
	#
	# Usage:
	# 1. Create the sftp namespace using `kubectl create namespace sftp`.
	# 2. Copy your `~/.ssh/id_rsa.pub` file(can be generated with `ssh-keygen` if missing) to a new folder named `client_keys`.
	# Also add the `id_rsa.pub` files of all other users you want to be able to log in without a password to this folder.
	# 3. Create host keys for the sftp server in a new folder named `host_keys` by running `ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key`
	# and `ssh-keygen -t ed25519 -f ssh_host_ed25519_key` in it.
	# 4. Create a Kubernetes secret from the client keys by running `kubectl create secret generic sftp-client-public-keys -n sftp --from-file=client_keys`.
	# 5. Create another Kubernetes secret from the host keys by running `kubectl create secret generic sftp-host-keys -n sftp --from-file=host_keys`.
	Create IAM User (This is uses instead of using the ROOT User)
	1- Search and navigate to IAM page
	2- Choose User then Add User
	3- Select the name "My_OTA_User" for example
	4- For access type Select whatever you like (we can use Paragmmatic access)
	5- Select attach existence policy and search for and select the following
	- AmazonFreeRTOSFullAccess
	- AmazonFreeRTOSOTAUpdate
	- AWSIoTFullAccess
	6- Select Create User and download the credentials CSV file
	#!/bin/bash

	i=0
	done=0

	url="https://management.azure.com/providers/Microsoft.PolicyInsights/policyMetadata?api-version=2019-10-01"
	while [ $done -ne 1 ]
	do
	echo az rest --output-file "pm-${i}.json" --url "$url"
	az rest --output-file "pm-${i}.json" --url "$url"
	#!/usr/bin/env bash

	set -euo pipefail

	AZURE_RESOURCE_GROUP=$1
	CLUSTER_NAME=$2
	LOCATION=$3


	AZURE_NODEGROUP=$(az aks show -n ${CLUSTER_NAME} -g ${AZURE_RESOURCE_GROUP} -o tsv --query nodeResourceGroup)
	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;
	worker_rlimit_nofile 65535;
	events { worker_connections 10000; }

	http {
	map $http_upgrade $connection_upgrade {
	default upgrade;
	‘’ close;
	# Start w/ a data source to get a list of all the workspaces
	# See: https://www.terraform.io/docs/providers/tfe/d/workspace_ids.html
	data "tfe_workspace_ids" "all-workspaces" {
	names = ["*"]
	organization = "my-org-name"
	}

	# Look up the ID of the teamn you're looking to map
	# See: https://www.terraform.io/docs/providers/tfe/d/team.html
	data "tfe_team" "architects" {
	________ ________ ___ __ ___
	\|\_____ \\|\ __ \\|\ \\|\ \ \|\ \
	\\|___/ /\ \ \\|\ \ \ \/ /\|\ \ \
	/ / /\ \ __ \ \ ___ \ \ \
	/ /_/__\ \ \ \ \ \ \\ \ \ \ \
	\|\________\ \__\ \__\ \__\\ \__\ \__\
	\\|_______\|\\|__\|\\|__\|\\|__\| \\|__\|\\|__\|

	ignore Azure, GCP