Skip to content

Instantly share code, notes, and snippets.

View marcaurele's full-sized avatar

Marc-Aurèle Brothier marcaurele

47 followers · 91 following
View GitHub Profile
@marcaurele
marcaurele / docs.nomad
Created March 10, 2021 07:09
Nomad sample job
job "docs" {
datacenters = ["racobro"]
group "example" {
network {
port "http" {
static = "5678"
}
}
task "server" {
@marcaurele
marcaurele / insert-aws-routes-nmcli.md
Created February 12, 2021 13:29
Inject AWS ip ranges into your VPN static routes

AWS routes insertion in NetworkManager

Change <vpn-name> with your VPN's name.

For IPv4 ranges

# IPv4
curl --silent https://ip-ranges.amazonaws.com/ip-ranges.json \
  | jq -r '.prefixes | .[].ip_prefix' \
 | tr '\n' ',' \
@marcaurele
marcaurele / passwordstore-team.md
Last active May 25, 2022 09:37
Team management for passwotdstore.org

Share a repository for password with pass

Pass is a great command line tool to handle your password, as well in a team.

Add a new member in the team

Add the key into your local GPG base:

$ gpg --keyserver <a specific key server if needed> --search-keys <email address>
@marcaurele
marcaurele / test_performance.py
Created August 23, 2018 15:22
import asyncio
import hashlib
import io
import os
import time
import asyncssh
import pytest
@marcaurele
marcaurele / certbot-gandi-cleanup.sh
Created February 14, 2018 07:25
Certbot/Let's encrypt hook for DNS authentication using Gandi Live DNS service
#!/bin/bash
# To be used in certbot command as --manual-cleanup-hook parameter
#APIKEY=""
if [ -f /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF ]; then
ZONE_RECORD_HREF=$(cat /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF)
rm -f /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF
fi
@marcaurele
marcaurele / certbot-gandi-authenticator.sh
Created February 14, 2018 07:25
Certbot/Let's encrypt hook for DNS authentication using Gandi Live DNS service
#!/bin/bash
# To be used in certbot command as --manual-auth-hook parameter
#APIKEY="<your API key>"
# Strip only the top domain
ROOT_DOMAIN=$(python -c "import sys;u=sys.argv[1].split('.');print(u[-2]+'.'+u[-1])" "$CERTBOT_DOMAIN")
HOST_DOMAIN=$(python -c "import sys;print('.'.join(('_acme-challenge.'+sys.argv[1]).split('.')[:-2]))" "$CERTBOT_DOMAIN")
# Get Gandi zone UUID
@marcaurele
marcaurele / debian-installer
Last active September 18, 2018 14:27
Installer for my debian laptop
#!/usr/bin/env bash
set -e
# Debian installer to be executed after a fresh installation
# curl -H 'Cache-Control: no-cache' -L http://bit.ly/liskam-installer | bash
# curl -H 'Cache-Control: no-cache' -L https://gist.githubusercontent.com/marcaurele/598f4b810c3c1a9debcd8e23169a264a/raw/debian-installer | /bin/bash
echo "Debian Installer 🤖"
export DEBIAN_FRONTEND=noninteractive
@marcaurele
marcaurele / cloud-config.md
Last active August 5, 2022 06:35
Cloud-init configurations (#cloud-config)

Cloud-Init configurations for Exoscale

Automatic EIP

Having an EIP 159.100.241.235 it allows to automatically configure it and use it for SSH access after deployment, for CentOS.

#cloud-config
write_files:
-   content: |
@marcaurele
marcaurele / privnet-exocale.md
Last active November 21, 2017 07:14
Private Networking feature through the API for Exoscale

Private Network Exoscale CloudStack guide

User guide

Requirements check

Your account should have been granted access to privnet. Check that you have at least one network with this command:

cs listNetworks type=isolated
@marcaurele
marcaurele / IPXE boot from the cloud.md
Last active February 19, 2018 13:45
For full disk encryption (FDE) of a cloud VM

IPXE netboot

To boot a different OS from a Debian base image

To have a full disk encryption on a cloud VM (choose a size with enough RAM (2GB) and downscale after if needed):

  1. Use the QEMU console to log on as root
  2. apt-get install grub2 ipxe
  3. reboot
  4. Quickly select "Network boot" in GRUB menu