Skip to content

Instantly share code, notes, and snippets.

View deekayen's full-sized avatar
🏡
Working from home

David Norman deekayen

🏡
Working from home
66 followers · 20 following
View GitHub Profile
@deekayen
deekayen / .gitlab-ci.yml
Created October 22, 2020 02:34
Lint Ansible using GitLab Runners in kubernetes.
---
default:
image:
name: cytopia/ansible:latest-tools
entrypoint: ["/bin/sh", "-c"]
tags:
- kubernetes
ansible-lint:
@deekayen
deekayen / .gitlab-ci.yml
Created August 3, 2020 21:22
Build a Docker container and then scan it with Aquasec Trivy in GitLab CI. Fail for HIGH and CRITICAL findings.
trivy:
tags:
- kubernetes
stage: test
image: docker:stable
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables:
@deekayen
deekayen / .gitlab-ci.yml
Created August 3, 2020 21:19
Build a Docker container and then scan it with Quay Clair.
clair:
tags:
- kubernetes
stage: test
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375/
## Define two new variables based on GitLab's CI/CD predefined variables
## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables
@deekayen
deekayen / .gitlab-ci.yml
Last active January 14, 2022 07:32
Scan a docker contianer with Prisma Cloud Twistlock twistcli and report the results to the Prisma Cloud dashboard. Some variables are stored in the repository's CI variables configuration in the GitLab web interface. The $prisma_cloud_compute_url should be something like https://us-east1.cloud.twistlock.com/us-2-1111111111111, not https://api2.p…
prisma-cloud:
tags:
- kubernetes
stage: test
image: docker:stable
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables:
@deekayen
deekayen / Preferences.sublime-settings
Created August 3, 2020 15:07
Sublime Text settings for dnorman-macbook
{
"color_scheme": "Packages/Theme - Monokai Pro/Monokai Pro (Filter Spectrum).sublime-color-scheme",
"default_line_ending": "unix",
"ensure_newline_at_eof_on_save": true,
"fallback_encoding": "UTF-8",
"font_face": "Source Code Pro",
"font_size": 16,
"ignored_packages":
[
"Vintage"
@deekayen
deekayen / blacklist.txt
Last active May 12, 2020 14:38
pihole list backup. doesn't include youtube filtering from https://discourse.pi-hole.net/t/use-dns-to-force-youtube-into-restricted-mode-and-pi-hole/1996/10
googleads.g.doubleclick.net
fw.adsafeprotected.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
s0.2mdn.net
cooper.logs.roku.com
austin.logs.roku.com
giga.logs.roku.com
scribe.logs.roku.com
adclick.g.doubleclick.net
@deekayen
deekayen / README.md
Last active March 5, 2020 18:10
Instructions on how to make various TLS certificate file outputs
@deekayen
deekayen / prisma_alerts_jenkins.sh
Last active March 3, 2020 18:20
Jenkins/EL7 version of the Prisma Alerts to Splunk bridge bash script.
#!/bin/bash
# For EL7:
# yum install curl jq
######################
# SET VALUES FOR THESE
# Prisma Cloud config
API="api2.prismacloud.io"
@deekayen
deekayen / prisma_alerts.sh
Last active March 3, 2020 18:25
Curl the Redlock Prism Cloud API to get alerts from last week then POST them into a Splunk HTTP event collector for alternate archival and analysis. Note the date calculation appends 3 digits of milliseconds from microtime for a total 13 digital epoch value.
#!/bin/bash
# For Mac, date is BSD based. We like GNU date parsing,
# which comes with sideloading date as a renamed gdate util.
# Use Homebrew to install some utilities: https://brew.sh
# brew install coreutils jq
######################
# SET VALUES FOR THESE
@deekayen
deekayen / .gitlab-ci.yml
Created December 16, 2019 21:25
Example Gitlab runner CI configuration file that would do Ansible linting and secret discovery.
---
ansible-lint:
tags:
- ansible
script:
- ansible-lint --version
- git ls-files | grep yml | xargs ansible-lint --exclude=/home/gitlab-runner/.ansible/roles
ansible-review: