jq is useful to slice, filter, map and transform structured json data.
brew install jq
################################################### | |
## | |
## Alertmanager YAML configuration for routing. | |
## | |
## Will route alerts with a code_owner label to the slack-code-owners receiver | |
## configured above, but will continue processing them to send to both a | |
## central Slack channel (slack-monitoring) and PagerDuty receivers | |
## (pd-warning and pd-critical) | |
## |
#!/bin/bash | |
set -euo pipefail | |
openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req | |
openssl rsa -in privkey.pem -passin pass:abcd -out server.key | |
openssl req -x509 -in server.req -text -key server.key -out server.crt | |
chmod 600 server.key | |
chown 70 server.key | |
docker run -d --name postgres -v $PWD/server.crt:/var/lib/postgresql/server.crt:ro -v $PWD/server.key:/var/lib/postgresql/server.key:ro postgres:11-alpine -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key |
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam' | |
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes' | |
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no' |
# ---- Base python ---- | |
FROM python:3.6 AS base | |
# Create app directory | |
WORKDIR /app | |
# ---- Dependencies ---- | |
FROM base AS dependencies | |
COPY gunicorn_app/requirements.txt ./ | |
# install app dependencies | |
RUN pip install -r requirements.txt |
# By default, Docker containers run as the root user. This is bad because: | |
# 1) You're more likely to modify up settings that you shouldn't be | |
# 2) If an attacker gets access to your container - well, that's bad if they're root. | |
# Here's how you can run change a Docker container to run as a non-root user | |
## CREATE APP USER ## | |
# Create the home directory for the new app user. | |
RUN mkdir -p /home/app |
~/.aws/config
AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
and AWS_SECURITY_TOKEN
(for boto2) / AWS_SESSION_TOKEN
(for boto3) are all set, and are consumed by boto2 in the inventory script and other boto2-based modulesevent=button/power | |
action=/etc/acpi/power |
FWIW: I didn't produce the content presented here (the outline from Edmond Lau's book). I've just copy-pasted it from somewhere over the Internet, but I cannot remember what exactly the original source is. I was also not able to find the author's name, so I cannot give him/her the proper credits.
1. Facts from ansible module ipify_facts https://docs.ansible.com/ansible/2.5/modules/ipify_facts_module.html | |
2. curl ifconfig.co | |
3. When http is blocked: dig +short myip.opendns.com @resolver1.opendns.com |