Skip to content

Instantly share code, notes, and snippets.

💭
Hack the 🌎!

Derek Ditch dcode

💭
Hack the 🌎!
Block or report user

Report or block dcode

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@dcode
dcode / molecule.yml
Last active Mar 18, 2019
View molecule.yml
---
# Mostly working, but weird cartesian products of groups
scenario:
name: single-node # optional
dependency:
name: galaxy
driver:
name: delegated
options:
managed: True
@dcode
dcode / README.md
Last active Jan 22, 2019
How to use CoreDNS w/ etcd backend
View README.md

Setup CoreDNS w/ etcd backend

Why CoreDNS

[CoreDNS][coredns] was designed from the ground up to provide robust, plugin-based DNS server for use in cloud environments. Namely, it serves as the default primary service discovery mechanism for Kubernetes.

Using CoreDNS allows us to have a lightweight DNS server on RockNSM (11 Mb binary is all that's needed!) to facilitate multi-node service discovery. Alternatively, if another existing DNS service is available, this can be used instead. Aligning with the way the Kubernetes manages service discovery also allows us to build new RockNSM features in parallel with the coming Kubernetes support.

RockNSM Application

@dcode
dcode / _Podman Volume Quotas.md
Last active Jan 17, 2019
Discussion on how to create named volumes for Podman and set quotas on them using the native filesystem tools.
View _Podman Volume Quotas.md

Podman has recently added support for named volumes, which is super handy. As of today (2018-01-17), it supports the local driver, which effectively will bind-mount a tracked directory into one or more containers. It's helpful to be able to limit the size of data volumes though so that one container doesn't exhaust the resources of another.

Fortunately, the XFS filesystem let's us handle this natively using "project quotas". XFS allows setting quotas based on username, group, or project. The project quota effectively maps a project ID to a path on a filesystem.

@dcode
dcode / import_dod_certs_mac.sh
Created Jan 5, 2019
Enable CAC Authentication on Mac OS X (Mojave)
View import_dod_certs_mac.sh
export CERT_URL='http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v5.4_DoD.zip'
# Download & Extract DoD root certificates
cd ~/Downloads/
curl -LOJ ${CERT_URL}
unzip $(basename ${CERT_URL})
cd $(basename ${CERT_URL} .zip)
@dcode
dcode / podman_pod_example.sh
Created Nov 19, 2018
I brute forced playing through the options of podman to try to work with pods on a standalone system using podman (i.e. without kubernetes)
View podman_pod_example.sh
# Creates new pod named `test` with `running` status with `infra` container only
sudo podman pod create --name test
# Pauses the named pod and all containers in the pod
sudo podman pod pause test
# Unpauses the named pod and all containers in the pod
sudo podman pod unpause test
# Show all pods and their status
@dcode
dcode / csv2elasticsearch.py
Last active Mar 18, 2019
A super simple (i.e. no error handling) script to parse a list of CSVs and write them to Elasticsearch using the bulk API. Requires Python 3 and the Elasticsearch Python client (pip3 install elasticsearch).
View csv2elasticsearch.py
#!/usr/bin/env python3
import argparse
from pathlib import Path
import csv
from elasticsearch import Elasticsearch
from elasticsearch.exceptions import TransportError
from elasticsearch.helpers import bulk, streaming_bulk
parser = argparse.ArgumentParser(description='Simple upload of a CSV to Elasticsearch for analysis')
#group = parser.add_mutually_exclusive_group()
@dcode
dcode / get_default_srcIP.sh
Last active Sep 22, 2018
Snippet to get local default interface IP using iproute
View get_default_srcIP.sh
ip route get $(ip route get 1.1.1.1 | awk '{ print $3 }') | awk 'NR == 1 {print $5}'
@dcode
dcode / certbot.service
Created Sep 18, 2018
Run certbot twice daily to ensure we never lose a valid cert.
View certbot.service
# /etc/systemd/system/certbot.service
[Unit]
Description=Certbot Renewal
[Service]
ExecStart=/usr/bin/certbot renew --post-hook "systemctl restart httpd"
@dcode
dcode / 0_README.md
Last active Feb 15, 2018
Currently working lighttpd config
View 0_README.md

First, you need to enable the vhost config in lighttpd:

sudo sed -i '/^#.*vhosts\.d\/\*\.conf/ s/^#//' /etc/lighttpd/lighttpd.conf

Finally create the lighttpd docket vhost log dir

sudo mkdir -p /var/log/lighttpd/docket
@dcode
dcode / Dockerfile
Last active Jan 17, 2018
Unprivileged lighttpd container with systemd init on centos7
View Dockerfile
# Dockerfile for lighttpd
FROM centos/systemd
RUN yum install -y epel-release; \
yum update -y; \
yum install -y lighttpd; \
yum clean all; \
rm -rf /var/cache/yum/*; \
systemctl enable lighttpd;
You can’t perform that action at this time.