Tim Meusel bastelfreak

## 0_pw_hash.rb
# lib/puppet/parser/functions/pw_hash.rb

module Puppet::Parser::Functions
  newfunction(:pw_hash, type: :rvalue) do |args|
    raise Puppet::ParseError, "pw_hash takes exactly two arguments, #{args.length} provided" if args.length != 2
    # SHA512 ($6), default number of rounds (5000)
    # rounds could be specified by prepending rounds=<n>$ parameter before the salt, i.e.
    # args[0].crypt("$6$rounds=50000$#{args[1]}")
    args[0].crypt("$6$#{args[1]}")
  end

## kernel-config-check.py
#!/usr/bin/env python
# Checking installed packages using linux-info.eclass
# for necessary kernel options

import portage

vartree = portage.db[portage.root]['vartree']

all_cpvs = vartree.dbapi.cpv_all()
settings = portage.config()

## git-signoff-rebase.gitconfig
[alias]
  # Usage: git signoff-rebase [base-commit]
  signoff-rebase = "!EDITOR='sed -i -re s/^pick/e/' sh -c 'git rebase -i $1 && while test -f .git/rebase-merge/interactive; do git commit --amend --signoff --no-edit && git rebase --continue; done' -"
  # Ideally we would use GIT_SEQUENCE_EDITOR in the above instead of EDITOR but that's not supported for git < 1.7.8.

## Talk_Subjects.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                raphink
                / Talk_Subjects.md
            
            
              Last active
              May 16, 2022 10:08
            
              
                Talk Subjects to be used for CFPs
              
          
    General and Concepts


Declarative Deployments & why it matters


Over the last 30 years, the Configuration Management community has learned that using a declarative approach to resource management is beneficial for both stability and change management. How does this apply to the new paradigm of Kubernetes deployments?


YAML Engineering: why we need a new paradigm


YAML has become the de-facto standard to express resources in many fields linked to DevOps practices. What are YAML's strengths and weaknesses, and what are the other options going forward?


## generate_twitter_bearer_token.rb
# Generate and use an oauth2 bearer token for the Twitter API in Ruby
#
# For Application-Only authentication to the twitter API, a 'bearer token'
# is required to authenticate agains their endpoints for rate limiting
# purposes.
#
# This script generates a bearer token by posting to twitter and then it
# uses that token to poll their API.
#
# Note, the base 64 encoded consumer credentials for the bearer token needs

## clone-all-org-repos.rb
# clone-all-org-repos.rb
#
# Clone all repositories in any given organization.
#
# Dependencies:
#   - octokit
#   - celluloid
#
# Usage:
#   TOKEN="your-token" ruby clone-all-org-repos.rb TheOrganizationName

## manual_code_deploy.sh
#!/bin/bash
# GIST_URL: https://gist.github.com/natemccurdy/797fa9128b7eef1f07be
# This script can be run to manually trigger Code Manager to deploy code from your control-repo. This sort of
# thing is neccesary when, for example:
#   - You've turned on Code Manager but have not yet made an RBAC token.
#   - You want to pull down the latest version of a Puppetfile module without pushing to your GMS.
#   - Something has broken the post-receive hook on your GMS that would've triggered Code Manager.
#   - Syntax errors in your Puppetfile prevent you from retrieving those fixes to that Puppetfile.
#   - Puppetserver has crashed due to file-sync issues between code and code-staging.
#   - Code Manager can't deploy your code for various reasons that are hard to track down.

## docker-macvlan-ipvlan-examples.md

      
              1 file
            
          
              8 forks
            
          
              1 comment
            
          
              18 stars
            
          
                nerdalert
                / docker-macvlan-ipvlan-examples.md
            
            
              Last active
              June 14, 2023 16:52
            
          
    Docker Macvlan and Ipvlan Experimental Driver Examples


The build will be vendored into github.com/docker/docker in the next few days. In the meantime here is the binary that will be getting vendored. docker-1.11.0-dev.zip
Ipvlan L2 mode network with multiple subnets without a parent specified
For a long test that will create 54 networks and 120+ containers, then delete them all and recreate them again try ipvlan-macvlan-it.sh Instructions here Docker Macvlan and Ipvlan Manual IT Test
FYI Note: When the parent is empty or the --internal flag is used, a linux type dummy interface is dynamically created by Libnetwork to act as the parent. This network is completely isolated and is the equivalent to a --internal flag. This is a good mode for demoing.
The first test requires an interface


## systemd_service_hardening.md

      
              1 file
            
          
              46 forks
            
          
              8 comments
            
          
              335 stars
            
          
                ageis
                / systemd_service_hardening.md
            
            
              Last active
              May 4, 2024 15:57
            
              
                Options for hardening systemd service units
              
          
    security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict


## .gitconfig
[alias]
	# Basically `log --oneline --decorate --graph` with different colors and some additional info (author and date)
	lg = log --graph --abbrev-commit --decorate --format=format:'%C(yellow)%h%C(reset) %C(normal)%s%C(reset) %C(dim white)%an%C(reset) %C(dim blue)(%ar)%C(reset) %C(dim black)%d%C(reset)'

	# lg (see above) with --first-parent
	lgp = log --graph --abbrev-commit --decorate --format=format:'%C(yellow)%h%C(reset) %C(normal)%s%C(reset) %C(dim white)%an%C(reset) %C(dim blue)(%ar)%C(reset) %C(dim black)%d%C(reset)' --first-parent

	# https://stackoverflow.com/questions/61510067/show-specific-commits-in-git-log-in-context-of-other-commits
	hl = "!f() { cd -- ${GIT_PREFIX:-.}; grep --color -E \"$(git log --pretty=%h \"$@\" | tr '\n' '|')\" || true; }; f"
	hlp = "!f() { cd -- ${GIT_PREFIX:-.}; less -R -p $(git log --pretty=%h \"$@\" | tr '\n' '|'); }; f"
	# lib/puppet/parser/functions/pw_hash.rb

	module Puppet::Parser::Functions
	newfunction(:pw_hash, type: :rvalue) do \|args\|
	raise Puppet::ParseError, "pw_hash takes exactly two arguments, #{args.length} provided" if args.length != 2
	# SHA512 ($6), default number of rounds (5000)
	# rounds could be specified by prepending rounds=<n>$ parameter before the salt, i.e.
	# args[0].crypt("$6$rounds=50000$#{args[1]}")
	args[0].crypt("$6$#{args[1]}")
	end
	#!/usr/bin/env python
	# Checking installed packages using linux-info.eclass
	# for necessary kernel options

	import portage

	vartree = portage.db[portage.root]['vartree']

	all_cpvs = vartree.dbapi.cpv_all()
	settings = portage.config()
	[alias]
	# Usage: git signoff-rebase [base-commit]
	signoff-rebase = "!EDITOR='sed -i -re s/^pick/e/' sh -c 'git rebase -i $1 && while test -f .git/rebase-merge/interactive; do git commit --amend --signoff --no-edit && git rebase --continue; done' -"
	# Ideally we would use GIT_SEQUENCE_EDITOR in the above instead of EDITOR but that's not supported for git < 1.7.8.
	# Generate and use an oauth2 bearer token for the Twitter API in Ruby
	#
	# For Application-Only authentication to the twitter API, a 'bearer token'
	# is required to authenticate agains their endpoints for rate limiting
	# purposes.
	#
	# This script generates a bearer token by posting to twitter and then it
	# uses that token to poll their API.
	#
	# Note, the base 64 encoded consumer credentials for the bearer token needs
	# clone-all-org-repos.rb
	#
	# Clone all repositories in any given organization.
	#
	# Dependencies:
	# - octokit
	# - celluloid
	#
	# Usage:
	# TOKEN="your-token" ruby clone-all-org-repos.rb TheOrganizationName
	#!/bin/bash
	# GIST_URL: https://gist.github.com/natemccurdy/797fa9128b7eef1f07be
	# This script can be run to manually trigger Code Manager to deploy code from your control-repo. This sort of
	# thing is neccesary when, for example:
	# - You've turned on Code Manager but have not yet made an RBAC token.
	# - You want to pull down the latest version of a Puppetfile module without pushing to your GMS.
	# - Something has broken the post-receive hook on your GMS that would've triggered Code Manager.
	# - Syntax errors in your Puppetfile prevent you from retrieving those fixes to that Puppetfile.
	# - Puppetserver has crashed due to file-sync issues between code and code-staging.
	# - Code Manager can't deploy your code for various reasons that are hard to track down.
	[alias]
	# Basically `log --oneline --decorate --graph` with different colors and some additional info (author and date)
	lg = log --graph --abbrev-commit --decorate --format=format:'%C(yellow)%h%C(reset) %C(normal)%s%C(reset) %C(dim white)%an%C(reset) %C(dim blue)(%ar)%C(reset) %C(dim black)%d%C(reset)'

	# lg (see above) with --first-parent
	lgp = log --graph --abbrev-commit --decorate --format=format:'%C(yellow)%h%C(reset) %C(normal)%s%C(reset) %C(dim white)%an%C(reset) %C(dim blue)(%ar)%C(reset) %C(dim black)%d%C(reset)' --first-parent

	# https://stackoverflow.com/questions/61510067/show-specific-commits-in-git-log-in-context-of-other-commits
	hl = "!f() { cd -- ${GIT_PREFIX:-.}; grep --color -E \"$(git log --pretty=%h \"$@\" \| tr '\n' '\|')\" \|\| true; }; f"
	hlp = "!f() { cd -- ${GIT_PREFIX:-.}; less -R -p $(git log --pretty=%h \"$@\" \| tr '\n' '\|'); }; f"