Skip to content

Instantly share code, notes, and snippets.

View krisek's full-sized avatar

krisek

4 followers · 1 following
View GitHub Profile
@krisek
krisek / proxy-config.yaml
Created October 25, 2023 14:28
Simpistic Squid forward proxy replacement with Envoy
admin:
access_log_path: /dev/stdout
address:
socket_address:
address: 127.0.0.1
protocol: TCP
port_value: 9901
static_resources:
listeners:
- name: listener_0
@krisek
krisek / gist:447efef5baa3fe3d993504de0548b561
Created December 20, 2022 07:13
ZeroTier basic Hub and Spoke
# Create a tag for which department someone is in
tag department
id 1000 # arbitrary, but must be unique
enum 100 spoke # has no meaning to filter, but used in UI to offer a selection
enum 200 hub
;
# Whitelist only IPv4 (/ARP) and IPv6 traffic and allow only ZeroTier-assigned IP addresses
drop # drop cannot be overridden by capabilities
not ethertype ipv4 # frame is not ipv4
@krisek
krisek / matrix-webhook.py
Last active January 2, 2022 11:34
Matrix webhook
#!/usr/bin/env python3
"""
Matrix Webhook.
Post a message to a matrix room with a simple HTTP POST
"""
import asyncio
import json
import os
@krisek
krisek / kyverno_vpa.yaml
Last active September 6, 2021 06:19
kyverno_vpa.yaml
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: kyverno
spec:
targetRef:
apiVersion: "apps/v1"
kind: Deployment
name: kyverno
updatePolicy:
@krisek
krisek / nettols.md
Last active May 12, 2023 13:21
Most important connectivity test and network discovery tools

Most important connectivity test and network discovery tools

Netcat

Package: netcat-openbsd

Connect to a server on a given IP and port (telnet on steroids)

nc 10.10.2.1 80
@krisek
krisek / gist:b9d1c4eb7d82e0c09d30469b8758d42d
Created May 21, 2021 15:28
import json
import requests
import os
import re
import hashlib
templates = {
'slack': {},
'teams': {
@krisek
krisek / route_tables.py
Created March 21, 2021 21:49
Cartography EC2 route_tables ingest draft
import logging
from typing import Dict
from typing import List
import boto3
import neo4j
from .util import get_botocore_config
from cartography.util import aws_handle_regions
from cartography.util import run_cleanup_job
@krisek
krisek / default
Created March 21, 2021 13:35
default nginx config to reverse proxy prometheus and grafana
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
@krisek
krisek / alert.rules.yml
Last active April 21, 2024 19:35
Prometheus alert rules for node exporter
groups:
- name: node_exporter_alerts
rules:
- alert: Node down
expr: up{job="monitoring-pi"} == 0
for: 2m
labels:
severity: warning
annotations:
title: Node {{ $labels.instance }} is down
@krisek
krisek / zero_rule_hub_and_spoke
Last active September 13, 2021 12:59
zerotier simple hub and spoke ruleset
# Create a tag for which department someone is in
tag department
id 10 # arbitrary, but must be unique
enum 100 spoke # has no meaning to filter, but used in UI to offer a selection
enum 200 hub
enum 300 super
;
# Whitelist only IPv4 (/ARP) and IPv6 traffic and allow only ZeroTier-assigned IP addresses
drop # drop cannot be overridden by capabilities