Skip to content

Instantly share code, notes, and snippets.

View kfiresmith's full-sized avatar

Kodiak Firesmith kfiresmith

13 followers · 85 following
View GitHub Profile
@kfiresmith
kfiresmith / create_pie_chart.py
Created June 2, 2021 21:20
#!/usr/bin/python3
import pandas as pd
from matplotlib.pyplot import pie, axis, show
df = pd.read_csv('syntheticdata.csv')
# show the csv: print(df.head())
sums = df.groupby(df["category"])["capacity-tb"].sum()
axis('equal');
pie(sums, labels=sums.index, autopct='%.0f%%');
show()
@kfiresmith
kfiresmith / pypi-ufw-rules.sh
Last active November 30, 2021 14:09
A quick and dirty script to generate a large series of UFW rules based on IP ranges, formatted as Ansible variables for use with weareinteractive.ufw, also dumps out a set of bare UFW rules for manual application.
#!/bin/bash
#
# A simple script to generate Ansible role weareinteractive.ufw rules for Pypi.org CDN egress
# https://api.fastly.com/public-ip-list
#
# 2021-11-30 Kodiak Firesmith <kfiresmith@whoi.edu>
#
ruleset="23.235.32.0/20 43.249.72.0/22 103.244.50.0/24 103.245.222.0/23 103.245.224.0/24 104.156.80.0/20 140.248.64.0/18 140.248.128.0/17 146.75.0.0/17 151.101.0.0/16 157.52.64.0/18 167.82.0.0/17 167.82.128.0/20 167.82.160.0/20 167.82.224.0/20 172.111.64.0/18 185.31.16.0/22 199.27.72.0/21 199.232.0.0/16"
ports="80,443"
@kfiresmith
kfiresmith / emit-sha512.py
Last active October 31, 2023 16:28
Emit a SHA512 shadow string for /etc/shadow
#!/usr/bin/python
import crypt
import getpass
import re
import sys
sys.dont_write_bytecode = True
while True:
password1 = getpass.getpass(prompt='Enter a password string to hash in SHA-512: ')
@kfiresmith
kfiresmith / systemd-network-wait-online.service.md
Last active October 27, 2023 15:14
Cause and resolution to failure of systemd-network-wait-online.service failure on boot.

Long startup times due to systemd-network-wait-online.service

Problem

TL;DR: Essentially because of some quirk with networkd, all interfaces get stuck in a '(configuring)' state forever unless you set an empty link-local address for at least the primary interface (but I set it for both).

Systemd-network-wait-online.service waits for at least one interface to be fully online, and won't consider an interface to be fully online if it's in '(configuring)' status when you run networkctl status some-iface.

Solution

Set link-local: [] to be set on every interface:




  


  




    


          
    

      

        
        

          

              @kfiresmith
          

          

            
                kfiresmith
                / redirect-to-https.conf
            
            

              Last active
              May 24, 2024 16:57
            

              
                Example Apache2 config for redirection to HTTPS and A-rating on SSL Labs
              
          

        

      

        

  

    
    


        



  


  

        

          
          <VirtualHost *:80>
        

        

          
                  # The ServerName directive sets the request scheme, hostname and port that
        

        

          
                  # the server uses to identify itself. This is used when creating
        

        

          
                  # redirection URLs. In the context of virtual hosts, the ServerName
        

        

          
                  # specifies what hostname must appear in the request's Host: header to
        

        

          
                  # match this virtual host. For the default virtual host (this file) this
        

        

          
                  # value is not decisive as it is used as a last resort host regardless.
        

        

          
                  # However, you must set it for any further virtual host explicitly.
        

        

          
                  #ServerName www.example.com