Skip to content

Instantly share code, notes, and snippets.

View TommyStarK's full-sized avatar

Thomas Milox TommyStarK

  • S3NS (Thales x Google)
View GitHub Profile
TommyStarK / git-repo-demo.yaml
Created January 21, 2021 13:30 — forked from tallclair/git-repo-demo.yaml
More secure GitRepo volumes
# Example of using an InitContainer in place of a GitRepo volume.
# Unilke GitRepo volumes, this approach runs the git command in a container,
# with the associated hardening.
apiVersion: v1
kind: Pod
name: git-repo-demo
annotations: 'docker/default'
TommyStarK /
Created January 18, 2021 18:18 — forked from myusuf3/
How effectively delete a git submodule.

To remove a submodule you need to:

  • Delete the relevant section from the .gitmodules file.
  • Stage the .gitmodules changes git add .gitmodules
  • Delete the relevant section from .git/config.
  • Run git rm --cached path_to_submodule (no trailing slash).
  • Run rm -rf .git/modules/path_to_submodule (no trailing slash).
  • Commit git commit -m "Removed submodule "
  • Delete the now untracked submodule files rm -rf path_to_submodule
TommyStarK /
Last active July 26, 2020 15:01
Git - fork migratory (upstream changed, new fork = new origin)
$ git remote rename upstream old-upstream
$ git remote add upstream <repo_URL>
$ git remote rename origin old-origin
$ git remote add origin <fork_URL>
$ git push -u origin --all
$ git remote remove old-upstream
$ git remote remove old-origin
TommyStarK /
Created August 11, 2019 17:04
Linux firewall (docker swarm example with 3 vms)
  • on VM1 (node manager)
# communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes.
$ sudo ufw allow proto tcp from <VM2 IP> to <VM1 IP> port 2377    
$ sudo ufw allow proto tcp from <VM3 IP> to <VM1 IP> port 2377
# communication among nodes (container network discovery).
$ sudo ufw allow proto tcp to <VM1 IP> port 7946                                
$ sudo ufw allow proto udp to <VM1 IP> port 7946
TommyStarK /
Last active August 11, 2019 16:53
Docker container_iptables
# drop all inbound/outbound packet for this specific interface#
$ iptables -I DOCKER-USER -i $interface -j DROP
# allow outbound packet for this specific interface
$ iptables -I DOCKER-USER -o $interface -j ACCEPT
TommyStarK /
Last active July 26, 2020 15:02
Create new user on linux with ssh access and grant docker permissions

Update words in capital letters with the proper values

$ sudo groupadd USER
$ sudo useradd --home /home/USER --create-home --groups USER,docker --gid USER --shell /bin/bash USER
$ cd /home/USER
$ sudo mkdir .ssh
$ sudo cat USER_SSH_PUB_KEY >> .ssh/authorized_keys
$ sudo chown -R USER:USER .ssh