hatem ben tayeb hatembentayeb

## argocd-app-of-apps-generation.sh
#!/bin/bash
output_file="all_applications-$project_name.yaml"
echo "" > "$output_file"

project_yaml=$(kubectl get AppProject "$project_name" -n argocd -o yaml)
updated_project_yaml=$(echo "$project_yaml" | yq eval 'del(.metadata.creationTimestamp, .metadata.generation, .metadata.resourceVersion,.status, .metadata.uid, .metadata.annotations."kubectl.kubernetes.io/last-applied-configuration")' -)
echo "$updated_project_yaml" >> "$output_file"
echo '---' >> "$output_file"

for app_name in $(kubectl get applications -n argocd -o custom-columns=:.metadata.name --no-headers); do

## table.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hatembentayeb
                / table.md
            
            
              Created
              January 10, 2021 15:22
            
              
                medium table
              
          
Term
Definition


Mail server
Is a computer system that sends and receives email source


MX


CNAME
Used to alias one name to another,CNAME stands for Canonical Name. source


DKIM
Is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain source


SPF
Is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain source


DMARC
is an email validation system designed to protect your company's email domain from being used for email spoofing [source](https://www.dmarcanalyzer.com/dma


## fail2ban-playbook.yml
---
- name: installs fail2ban on ansible hosts
  hosts: fail2ban-hosts
  become: yes
  tasks:

  - name: install apt fail2ban packages
    apt:
      name: "{{ item }}"
      state: latest

## nginx-tuning.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                hatembentayeb
                / nginx-tuning.md
            
            
              Created
              November 4, 2020 17:43
                — forked from denji/nginx-tuning.md
            
              
                NGINX tuning for best performance
              
          
    Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.
You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

  
## Vault.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hatembentayeb
                / Vault.md
            
            
              Created
              November 4, 2020 16:57
            
              
                How to setup a Vault server (step by step)
              
          
    Vault server setup

Personal guide for installing and setting up a Vault server.

Install and update required dependencies.

#!/bin/bash

sudo apt-get -y update

  
## gist:774f6aca2eb58fca28280f3ddc27b3ec
#!/bin/sh
file=path/to/file
bucket=your-bucket
resource="/${bucket}/${file}"
contentType="application/x-compressed-tar"
dateValue="`date +'%a, %d %b %Y %H:%M:%S %z'`"
stringToSign="GET
${contentType}
${dateValue}
${resource}"

## backup_mongo.sh
#!/bin/bash
#maintainer : hatem ben tayeb <hatemtayeb2@gmail.com>
# usage : ./backup.sh <container name> <container network>
if [ ! -z $1 ]
then

    declare log_path="/backups/backup.log" # make sure to create them manually or change it with your customized path
    declare IP=$(docker inspect $1 | jq ".[].NetworkSettings.Networks.$2.IPAddress" -r)
    ping -c2 $IP 2>/dev/null 1>/dev/null
    if [ $? = 0 ]

## lets-encrypt-wildcard-certs-using-azure-dns-on-aks.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                hatembentayeb
                / lets-encrypt-wildcard-certs-using-azure-dns-on-aks.md
            
            
              Created
              June 26, 2020 20:36
                — forked from marcopaga/lets-encrypt-wildcard-certs-using-azure-dns-on-aks.md
            
              
                Let's encrypt wildcard TLS certificates for Azure DNS using cert-manager on AKS (Azure Kubernetes Service)
              
          
    This gist will guide you through the setup of a wildcard Let's encrypt TLS certificate.
Let's encrypt

Let’s encrypt is one of a new kind of Certificate Authority. You can get a TLS certificate from them for your website free of charge and without any manual overhead. These certificates are trusted in most browsers that are out there and will show up as valid.
Instead of sending Mails or even paper around you can call an API and prove your domain ownership with simple challenges. Basically you call the API with a hostname or domain name you need a TLS certificate for and you get back a challenge string that you need to put in a well known location on your http host or as a txt record in your dns system.
The little helper for Kubernetes: Cert-Manager

You can find many clients that manage the proces

  
## .gitlab-ci.yml
services:
    - docker:dind

stages:
    - development
    - production

variables:
    DOCKER_DRIVER: overlay2
    DOCKER_TLS_CERTDIR: ''

## nginx.conf
# Configuration options are limited to SSL/TLS

# Enable SSL session caching for improving performance by avoiding the costly session negotiation process where possible
# SSL Labs doesn't assume that SNI is available to the client, so it only tests the default virtual server
# setting this globally to make it work across all the nginx virtual servers (including the default virtual server)
ssl_session_cache shared:ssl_session_cache:10m;
ssl_session_timeout 10m;

server {
        listen 443 ssl;
	#!/bin/bash
	output_file="all_applications-$project_name.yaml"
	echo "" > "$output_file"

	project_yaml=$(kubectl get AppProject "$project_name" -n argocd -o yaml)
	updated_project_yaml=$(echo "$project_yaml" \| yq eval 'del(.metadata.creationTimestamp, .metadata.generation, .metadata.resourceVersion,.status, .metadata.uid, .metadata.annotations."kubectl.kubernetes.io/last-applied-configuration")' -)
	echo "$updated_project_yaml" >> "$output_file"
	echo '---' >> "$output_file"

	for app_name in $(kubectl get applications -n argocd -o custom-columns=:.metadata.name --no-headers); do
Term	Definition
Mail server	Is a computer system that sends and receives email source
	MX
CNAME	Used to alias one name to another,CNAME stands for Canonical Name. source
DKIM	Is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain source
SPF	Is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain source
DMARC	is an email validation system designed to protect your company's email domain from being used for email spoofing [source](https://www.dmarcanalyzer.com/dma
	---
	- name: installs fail2ban on ansible hosts
	hosts: fail2ban-hosts
	become: yes
	tasks:

	- name: install apt fail2ban packages
	apt:
	name: "{{ item }}"
	state: latest
	#!/bin/sh
	file=path/to/file
	bucket=your-bucket
	resource="/${bucket}/${file}"
	contentType="application/x-compressed-tar"
	dateValue="`date +'%a, %d %b %Y %H:%M:%S %z'`"
	stringToSign="GET
	${contentType}
	${dateValue}
	${resource}"
	#!/bin/bash
	#maintainer : hatem ben tayeb <hatemtayeb2@gmail.com>
	# usage : ./backup.sh <container name> <container network>
	if [ ! -z $1 ]
	then

	declare log_path="/backups/backup.log" # make sure to create them manually or change it with your customized path
	declare IP=$(docker inspect $1 \| jq ".[].NetworkSettings.Networks.$2.IPAddress" -r)
	ping -c2 $IP 2>/dev/null 1>/dev/null
	if [ $? = 0 ]
	services:
	- docker:dind

	stages:
	- development
	- production

	variables:
	DOCKER_DRIVER: overlay2
	DOCKER_TLS_CERTDIR: ''
	# Configuration options are limited to SSL/TLS

	# Enable SSL session caching for improving performance by avoiding the costly session negotiation process where possible
	# SSL Labs doesn't assume that SNI is available to the client, so it only tests the default virtual server
	# setting this globally to make it work across all the nginx virtual servers (including the default virtual server)
	ssl_session_cache shared:ssl_session_cache:10m;
	ssl_session_timeout 10m;

	server {
	listen 443 ssl;