cod3fr3ak

[Unit]
Description=sshuttle service a permanent tunnel
After=network.target

[Service]
ExecStart=/usr/bin/sshuttle -r h4s@localhost:39111 0.0.0.0/0 --dns -D --pidfile=/var/run/sshuttle.pid -e 'ssh -i /home/h4s/.ssh/whtunnel2'
Restart=always
Type=forking
PIDFile=/var/run/sshuttle.pid

cod3fr3ak

What I would do is to have roles for each system service that your application needs, a play and a role for each application/microservice, and group and/or host variables and role variables and defaults which define what to do.

I deploy a lot of PHP-based applications, so that looks a lot like this:

I'll have a play app_microservice.yml:

---
- hosts: app_microservice_servers
  roles:
    - nginx

cod3fr3ak

#!/usr/bin/env python3
import boto3, re, json, hashlib, sys, os, sqlalchemy, base
from sqlalchemy.ext.declarative import *
from sqlalchemy import Column, Integer, String

mysql_user = 'USER'
mysql_db = 'DB'
mysql_pass = 'PASS'

Base = declarative_base()

cod3fr3ak

 CPU Statistics

Load
1 minute Load: .1.3.6.1.4.1.2021.10.1.3.1
5 minute Load: .1.3.6.1.4.1.2021.10.1.3.2
15 minute Load: .1.3.6.1.4.1.2021.10.1.3.3

CPU
percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0
raw user cpu time: .1.3.6.1.4.1.2021.11.50.0

cod3fr3ak

You need to do 2 things: firstly, allow access to existing objects; and secondly, set the default access for new objects created from now on.

Note that granting access to "TABLES" includes views, but does not include sequences (such as the auto-increment function for "SERIAL" columns), so you'll probably want to grant access to those as well.

The below assumes you want to do everything in the public schema. The ALTER DEFAULT PRIVILEGES statement can act on the entire database by omitting the IN SCHEMA ... clause; the GRANT has to be run once for each schema.

-- Grant access to current tables and views GRANT SELECT ON ALL TABLES IN SCHEMA public TO user1;

cod3fr3ak

I think this can be useful