Skip to content

Instantly share code, notes, and snippets.

View bastelfreak's full-sized avatar
🏠
Working from home

Tim Meusel bastelfreak

🏠
Working from home
128 followers · 25 following
View GitHub Profile
@justinstoller
justinstoller / r10k-4.0.md
Last active February 27, 2024 16:35
support discussion

7 Things to know about r10k 4 in PE 2023.4

(From the PE documentation at: https://www.puppet.com/docs/pe/2023.4/upgrading_pe#upgrade_cautions-r10k-4-upgrade)

  1. Starting in PE 2023.4, if you use Code Manager or r10k, with SSH protocol for remote Git repository access, you must set up SSH host key verification.

To manage the known_hosts file and enable host key verification for Code Manager or r10k, you must define the puppet_enterprise::profile::master::r10k_known_hosts paramet er with an array of hashes specifying "name", "type", and "key" with your hostname, key type, and public key, respectively.

This is the error message you will see if running code deploy:

@dhollinger
dhollinger / voxpupuli.list
Created March 10, 2020 22:23
Voxpupuli repo files
deb [trusted=yes] https://apt.fury.io/voxpupuli/ /
@smoser
smoser / README.md
Last active March 6, 2024 18:11
qemu to linux mapping of smbios / dmi information

Mappings for DMI/SMBIOS to Linux and dmidecode

Information can be put into dmi tables via some qemu-system hosts (x86_64 and aarch64). That information is exposed in Linux under /sys/class/dmi/id and can be read with dmidecode. The names are very annoyingly inconsistent. The point of this doc is to map them.

Mappings

Example qemu cmdline:

qemu-system-x86_64 -smbios type=<type>,field=value[,...]

qemu-system-x86_64 -smbios type=0,vendor=superco,version=1.2.3
@natemccurdy
natemccurdy / PE_API_Reference.md
Last active October 9, 2023 20:25
PE API Reference and Notes
@StevenACoffman
StevenACoffman / fluent-filebeat-comparison.md
Last active April 2, 2024 22:34
Fluentd Fluent-bit FileBeat memory and cpu resources

Fluent-bit rocks

A short survey of log collection options and why you picked the wrong one. 😜

Who am I? Where am I from?

I'm Steve Coffman and I work at Ithaka. We do JStor (academic journals) and other stuff. How big is it?

Number what it means
101,332,633 unique visitors in 2017
@johnbianchi
johnbianchi / pfctl-cheatsheet.txt
Last active November 29, 2023 22:10
pfctl cheat sheet
#### General PFCTL Commands ####
$ pfctl -d disable # packet-filtering
$ pfctl -e enable # packet-filtering
$ pfctl -q # run quiet
$ pfctl -v -v # run even more verbose
#### Loading PF Rules ####
$ pfctl -f /etc/pf.conf # load /etc/pf.conf
$ pfctl -n -f /etc/pf.conf # parse /etc/pf.conf, but dont load it
$ pfctl -R -f /etc/pf.conf # load only the FILTER rules
$ pfctl -N -f /etc/pf.conf # load only the NAT rules
@rocketraman
rocketraman / .gitconfig
Last active January 17, 2024 01:52
.gitconfig aliases useful for gitworkflow (https://github.com/rocketraman/gitworkflow)
[alias]
# Basically `log --oneline --decorate --graph` with different colors and some additional info (author and date)
lg = log --graph --abbrev-commit --decorate --format=format:'%C(yellow)%h%C(reset) %C(normal)%s%C(reset) %C(dim white)%an%C(reset) %C(dim blue)(%ar)%C(reset) %C(dim black)%d%C(reset)'
# lg (see above) with --first-parent
lgp = log --graph --abbrev-commit --decorate --format=format:'%C(yellow)%h%C(reset) %C(normal)%s%C(reset) %C(dim white)%an%C(reset) %C(dim blue)(%ar)%C(reset) %C(dim black)%d%C(reset)' --first-parent
# https://stackoverflow.com/questions/61510067/show-specific-commits-in-git-log-in-context-of-other-commits
hl = "!f() { cd -- ${GIT_PREFIX:-.}; grep --color -E \"$(git log --pretty=%h \"$@\" | tr '\n' '|')\" || true; }; f"
hlp = "!f() { cd -- ${GIT_PREFIX:-.}; less -R -p $(git log --pretty=%h \"$@\" | tr '\n' '|'); }; f"
@ageis
ageis / systemd_service_hardening.md
Last active April 19, 2024 23:47
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@nerdalert
nerdalert / docker-macvlan-ipvlan-examples.md
Last active June 14, 2023 16:52

Docker Macvlan and Ipvlan Experimental Driver Examples

  • The build will be vendored into github.com/docker/docker in the next few days. In the meantime here is the binary that will be getting vendored. docker-1.11.0-dev.zip
  • Ipvlan L2 mode network with multiple subnets without a parent specified
  • For a long test that will create 54 networks and 120+ containers, then delete them all and recreate them again try ipvlan-macvlan-it.sh Instructions here Docker Macvlan and Ipvlan Manual IT Test
  • FYI Note: When the parent is empty or the --internal flag is used, a linux type dummy interface is dynamically created by Libnetwork to act as the parent. This network is completely isolated and is the equivalent to a --internal flag. This is a good mode for demoing.
  • The first test requires an interface
@natemccurdy
natemccurdy / manual_code_deploy.sh
Last active April 19, 2024 13:21
Manually trigger code-manager and file-sync
#!/bin/bash
# GIST_URL: https://gist.github.com/natemccurdy/797fa9128b7eef1f07be
# This script can be run to manually trigger Code Manager to deploy code from your control-repo. This sort of
# thing is neccesary when, for example:
# - You've turned on Code Manager but have not yet made an RBAC token.
# - You want to pull down the latest version of a Puppetfile module without pushing to your GMS.
# - Something has broken the post-receive hook on your GMS that would've triggered Code Manager.
# - Syntax errors in your Puppetfile prevent you from retrieving those fixes to that Puppetfile.
# - Puppetserver has crashed due to file-sync issues between code and code-staging.
# - Code Manager can't deploy your code for various reasons that are hard to track down.