Skip to content

Instantly share code, notes, and snippets.

View digglife's full-sized avatar
🏠
Working from home

朱聖黎 Zhu Sheng Li digglife

🏠
Working from home
63 followers · 99 following
View GitHub Profile
@btm
btm / wua.rb
Created October 27, 2014 18:49
Determine if a KB is installed via win32ole on ruby
# Author:: Bryan McLellan <btm@loftninjas.org>
# Copyright:: Copyright 2014 Chef Software, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
@ahpook
ahpook / gist:1182243
Created August 30, 2011 22:14
Use a generic client certificate with puppet

The problem

There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.

A solution

Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.

The caveats

If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie

@Jaskaranbir
Jaskaranbir / github_release_script.sh
Last active March 16, 2023 14:00
Shell script to create GitHub releases with automatically generated changelogs (using github-changelog-generator).
#!/bin/bash
# ===> Set these variables first
branch="$GIT_BRANCH"
# Example: "Jaskaranbir/MyRepo"
repo_slug="$TRAVIS_REPO_SLUG"
token="$GITHUB_TOKEN"
version="$TRAVIS_TAG"
# An automatic changelog generator
@bcap
bcap / start-stop-daemon-template
Last active July 21, 2023 11:12
Template file for creating linux services out of executables using the start-stop-daemon
#!/bin/bash
### BEGIN INIT INFO
# Provides: <service name>
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: <service description>
### END INIT INFO
@diyan
diyan / gist:2850866
Created June 1, 2012 09:54
Python with PowerShell Remoting (Windows equivalent for Unix ssh sessions)
# Note that target_env.login and target_env.password is global variables
# Maybe I should add this into Fabric project (http://docs.fabfile.org/en/1.4.2/index.html).
# This is complicated task for sure but it would be nice if Fabric could use ssh under Linux and PowerShell Remoting under Windows.
def remote_sh(target_host, command_text, ignore_error=False):
print('run PowerShell script block at {0}: {1}'.format(target_host, command_text))
command_text = command_text.replace('"', '\'')
@kapb14
kapb14 / base.html
Created October 17, 2018 07:14
Flask simplest realtime log file viewer
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" dir="ltr" class="uk-height-1-1">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>flasktest</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.1/css/bulma.min.css" />
<script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
@brianredbeard
brianredbeard / syncrepos.sh
Last active January 30, 2024 06:23
Reposync - A better tool than mrepo. Use this to sync down all channels a RHEL system is subscribed to and turn them into locally exposed yum repositories.
#!/bin/bash
# This tool can be used to sync down Red Hat based packages from RHN using only Red Hat shipped tools
# Brian "Red Beard" Harrington <brian@dead-city.org>
# Copyright 2013
#
# To satisfy the pre-reqs for this script install the following two rpms:
# yum-utils
# createrepo_c (in RHEL 8 createrepo and createrepo_c have been combined)
# See https://github.com/rpm-software-management/createrepo_c#differences-in-behavior-between-createrepo_c-and-createrepo
@soderlind
soderlind / Install.txt
Last active March 5, 2024 20:30
macOS DoH! (DNS over HTTPS) using cloudflared
1) Install cloudflared using homebrew:
brew install cloudflare/cloudflare/cloudflared
2) Create /usr/local/etc/cloudflared/config.yaml, with the following content
proxy-dns: true
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://1.0.0.1/dns-query
@superjamie
superjamie / raspberry-pi-vpn-router.md
Last active April 13, 2024 12:22
Raspberry Pi VPN Router

Raspberry Pi VPN Router

This is a quick-and-dirty guide to setting up a Raspberry Pi as a "router on a stick" to PrivateInternetAccess VPN.

Requirements

Install Raspbian Jessie (2016-05-27-raspbian-jessie.img) to your Pi's sdcard.

Use the Raspberry Pi Configuration tool or sudo raspi-config to:

@thedom85
thedom85 / timeSync.bat
Last active April 23, 2024 15:08
Rem run as administrator
@echo on & @setlocal enableextensions
@echo =========================
@echo Turn off the time service
net stop w32time
@echo ======================================================================
@echo Set the SNTP (Simple Network Time Protocol) source for the time server
w32tm /config /syncfromflags:manual /manualpeerlist:"0.it.pool.ntp.org 1.it.pool.ntp.org 2.it.pool.ntp.org 3.it.pool.ntp.org"
@echo =============================================
@echo ... and then turn on the time service back on