Skip to content

Instantly share code, notes, and snippets.

View lucagervasi's full-sized avatar

Luca Gervasi lucagervasi

0 followers · 4 following
View GitHub Profile
@lucagervasi
lucagervasi / gist:2d0ad028303869f6256f7644fbbdb5d6
Last active May 6, 2022 18:05
Archlinux installation on chuwi
Boot
Rotate screen
echo 1 > /sys/class/graphics/fbcon/rotate_all
Wifi setup
iwctl --passphrase <psk> station wlan0 connect <essid>
NTP
timedatectl set-ntp true
@lucagervasi
lucagervasi / README.md
Created November 2, 2021 15:05 — forked from smoser/README.md
set up a ssh tunnel only user for ssh proxy jump

Set up a ssh tunnel only user

In order to give someone access to hosts that are available only by ssh "bouncing" (ProxyJump), add a user for this specific purpose.

We have an internal openstack where instances get IPs on per-tenant networks. Each tenant has a 'bastion' host that has a "public" ip (floating ip). You can access other instances by bouncing through the bastion. From time to time I want to let someone else into an instance. This could be done either with:

a.) just give them shell access to the bastion and let them hop through. Sharing an unrestricted shell account on my bastion is less than ideal. b.) assign a floating/"public" IP to the instance so they could go directly in. Floating IPs are limited, so this is less than ideal.

So instead, I have set up a single user as described here that can only be used for ProxyJump. It allows others proxied access to my instances but without granting them full shell access.

@lucagervasi
lucagervasi / DockerUserNamespacesOnCentOS74.md
Created October 28, 2021 15:08 — forked from mjuric/DockerUserNamespacesOnCentOS74.md
Setting up Docker with user namespaces on CentOS 7.4

Setting up Docker with user namespaces on CentOS 7.4

The procedure below has been tested on a Digital Ocean VM with CentOS 7.4

# Install docker from RHEL’s standard repos
yum install -y docker

#
# We’ll activate the ‘user namespaces’ feature that defends against
@lucagervasi
lucagervasi / gist:3c7f4a9b30e59341d5b07f0fea9578e2
Created April 2, 2020 17:02
[INFO]
[INFO] ------------< it.rcs.community.renderer:community-renderer >------------
[INFO] Building VMS Services for RCS (Video Platform) 1.0.0-BUILD-SNAPSHOT
[INFO] --------------------------------[ war ]---------------------------------
Downloading from central: https://repo.maven.apache.org/maven2/org/jvnet/jaxb2/maven2/maven-jaxb2-plugin/maven-metadata.xml
Downloaded from central: https://repo.maven.apache.org/maven2/org/jvnet/jaxb2/maven2/maven-jaxb2-plugin/maven-metadata.xml (918 B at 2.4 kB/s)
Downloading from central: https://repo.maven.apache.org/maven2/org/restlet/jee/org.restlet.ext.spring/2.3.1/org.restlet.ext.spring-2.3.1.pom
[WARNING] The POM for org.restlet.jee:org.restlet.ext.spring:jar:2.3.1 is missing, no dependency information available
Downloading from central: https://repo.maven.apache.org/maven2/apache-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.pom
[WARNING] The POM for apache-beanutils:commons-beanutils:jar:1.7.0 is missing, no dependency information available
@lucagervasi
lucagervasi / lvm_snapshots.md
Created February 11, 2020 21:37 — forked from mhitza/lvm_snapshots.md
LVM snapshots

LVM snapshots are logical volumes that reflect the state of the snapshoted volume at the exact moment in time the snapshot was created. Useful for backups and reference points we can revert back to.

Creating snapshots

$ sudo lvcreate --size 5G --snapshot --name root-backup /dev/vg0/root
  Logical volume "root-backup" created.
@lucagervasi
lucagervasi / curl-push-azure-storage-blob.sh
Created December 14, 2018 09:49 — forked from gregjhogan/curl-push-azure-storage-blob.sh
Push a file to a blob in an Azure storage account
curl -X PUT -T ./{file.dat} -H "x-ms-date: $(date -u)" -H "x-ms-blob-type: BlockBlob" "https://{storageaccount}.blob.core.windows.net/backups/{file.dat}?{sas-token}"
@lucagervasi
lucagervasi / PM2
Created May 13, 2018 19:45
[Unit]
Description=Nodejs Web Application MyAPP
After=syslog.target network.target
[Service]
TimeoutStartSec=300
WorkingDirectory=/opt/nodejs/MyAPP/app
User=nodejs
@lucagervasi
lucagervasi / ForceHTTPSVarnish4.vcl
Created April 13, 2018 05:50 — forked from section-io-gists/ForceHTTPSVarnish4.vcl
Varnish 4.x to force HTTPS
sub vcl_recv {
if (req.http.X-Forwarded-Proto !~ "https") {
return (synth(850, "Moved Permanently"));
}
}
sub vcl_synth {
if(resp.status == 850) {
set resp.http.Location = "https://" + req.http.host + req.url;
set resp.status = 301;
@lucagervasi
lucagervasi / build_opencv_ARM_cross
Created March 2, 2018 15:07 — forked from hrshovon/build_opencv_ARM_cross
Cross compile opencv3.3.0 for your raspberry pi and similar ARM devices with python support
This is a note on how to cross compile opencv for pretty much any ARM device(HardFP supported in this case) and deploy. Native
compiling in ARM devices can be painfully slow and they seem to hang often during build(mine got stuck at 43%). So if you happen
to have a desktop/laptop/server running ubuntu or similar linux distro, u can build opencv in fractionth of the time taken for
native compiling without any issues.
Building opencv3 with TBB and NEON and VFP support can boost opencv performance. Thanks to Adrian at pyimagesearch for pointing
that out.
Both my PC and target machine aka orange pi zero are running ubuntu 16.04 with python2.7 and python 3.5.
Let us use the term "build machine" for your PC where you are building opencv and "target machine" for the ARM single board computer.
1.Run the following commands in both machines(I think installing these in target machine only would do) to install the necessary libraries etc.(mine worked with them,so they should be enough
@lucagervasi
lucagervasi / .htaccess
Created February 13, 2018 15:14 — forked from nurtext/.htaccess
Tell apache we're on HTTPS if reverse proxy is serving the site using SSL
# Let apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto "https" HTTPS=on
# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IFModule>