Skip to content

Instantly share code, notes, and snippets.

View deekayen's full-sized avatar
🏡
Working from home

David Norman deekayen

🏡
Working from home
66 followers · 20 following
View GitHub Profile
@deekayen
deekayen / .gitlab-ci.yml
Created August 3, 2020 21:19
Build a Docker container and then scan it with Quay Clair.
clair:
tags:
- kubernetes
stage: test
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375/
## Define two new variables based on GitLab's CI/CD predefined variables
## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables
@deekayen
deekayen / .gitlab-ci.yml
Last active January 14, 2022 07:32
Scan a docker contianer with Prisma Cloud Twistlock twistcli and report the results to the Prisma Cloud dashboard. Some variables are stored in the repository's CI variables configuration in the GitLab web interface. The $prisma_cloud_compute_url should be something like https://us-east1.cloud.twistlock.com/us-2-1111111111111, not https://api2.p…
prisma-cloud:
tags:
- kubernetes
stage: test
image: docker:stable
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables:
@deekayen
deekayen / Preferences.sublime-settings
Created August 3, 2020 15:07
Sublime Text settings for dnorman-macbook
{
"color_scheme": "Packages/Theme - Monokai Pro/Monokai Pro (Filter Spectrum).sublime-color-scheme",
"default_line_ending": "unix",
"ensure_newline_at_eof_on_save": true,
"fallback_encoding": "UTF-8",
"font_face": "Source Code Pro",
"font_size": 16,
"ignored_packages":
[
"Vintage"
@deekayen
deekayen / blacklist.txt
Last active May 12, 2020 14:38
pihole list backup. doesn't include youtube filtering from https://discourse.pi-hole.net/t/use-dns-to-force-youtube-into-restricted-mode-and-pi-hole/1996/10
googleads.g.doubleclick.net
fw.adsafeprotected.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
s0.2mdn.net
cooper.logs.roku.com
austin.logs.roku.com
giga.logs.roku.com
scribe.logs.roku.com
adclick.g.doubleclick.net
@deekayen
deekayen / README.md
Last active March 5, 2020 18:10
Instructions on how to make various TLS certificate file outputs
@deekayen
deekayen / .gitlab-ci.yml
Created December 16, 2019 21:25
Example Gitlab runner CI configuration file that would do Ansible linting and secret discovery.
---
ansible-lint:
tags:
- ansible
script:
- ansible-lint --version
- git ls-files | grep yml | xargs ansible-lint --exclude=/home/gitlab-runner/.ansible/roles
ansible-review:
@deekayen
deekayen / sponsor.yml
Created December 10, 2019 04:49
Sample block to plug my sponsor page on GitHub for placement at the end of an Ansible role task list
---
- hosts: all
connection: local
tasks:
- debug:
msg:
- "****************************************"
- "| Sponsor deekayen to maintain this |"
@deekayen
deekayen / .gitignore
Last active November 28, 2019 03:27
Use Ansible to apply operating system routine maintenance and updates for CentOS and Red Hat servers. This example takes advantage of magic groups that are imported using AWS inventories in Ansible Tower for host filtering. Send extra-vars to limit the runtime by availability zone.
*.keytab
*.retry
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db
Thumbs.db
@deekayen
deekayen / tagging_compliance.yml
Last active November 21, 2019 19:01
Query AWS to find instances and volumes without Name tags using an Ansible playbook. In Ansible Tower, use a null inventory along with an AWS cloud credential. Extend this with another task to stop instances with no Name tag.
---
- hosts: 127.0.0.1
connection: local
become: no
vars:
aws_region: us-east-1
tasks:
@deekayen
deekayen / update_git.sh
Created September 24, 2019 16:28
Update all the git repos in a directory with the latest pull of master
#!/bin/sh
find . -type d -depth 1 -exec git --git-dir={}/.git --work-tree=$PWD/{} pull origin master \;