Mark Hahl mhahl

## gist:c766a4bc9a6da6b65bf0495670d58551
---
rook-ceph:
  hostpathRequiresPrivileged: true
  pspEnable: false
  csi:
    enableRbdDriver: false
    enableCephfsDriver: true
    enableRBDSnapshotter: false
  monitoring:
    enabled: false

## SSL-SG1-GAUSY1
-----BEGIN CERTIFICATE-----
MIIEQDCCAyigAwIBAgIUQkNTTi2OeUDzqKs8AAAAAATSO2owDQYJKoZIhvcNAQEL
BQAwVDELMAkGA1UEBhMCVVMxFzAVBgNVBAoMDkNsb3VkIFNlcnZpY2VzMRMwEQYD
VQQLDApPcGVyYXRpb25zMRcwFQYDVQQDDA5TU0wtU0cxLUdBVVNZMTAeFw0yMjA3
MTEwODI1MTFaFw0yMjEwMDMwODI1MTBaMBkxFzAVBgNVBAMTDnd3dy5nb29nbGUu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux8IFoRW34juyeI7
4iM1ok3gQxlg4dgZU6Zqh8QXF8lCN/xiRe6qljUBdW/EVhdj6oHjwg3ZwnCiE31t
FSEghLNGLtexFiUsoaJwHu29l8sEE8eG1hbVYWO5dT2XlPUhSgE2yU17LabWs+9t
wD+cflVHb++TiVzYazvTr8caoIg4XTuYm44Ca00ZUsiqZbvbs6jjX7RpkY4H46kF
WlQ2bjnGS5ai4kEEY+hZYruPUbbRP1ggi/sbC1EtWT7BN7gZOiZD2fBXUE8rrSPR

## ldap-ca.yaml
kind: ConfigMap
apiVersion: v1
metadata:
  name: ldap-ca-ipa
  namespace: openshift-config
data:
    ca.crt: |
      -----BEGIN CERTIFICATE-----
      MIIEiDCCAvCgAwIBAgIBATANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApIQUhM
      LklELkFVMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEwMTAy

## 29217F84A014F1D6733716A50E4F0EFEA791784C.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: User-ID:	Mark Hahl <mark@hahl.id.au>
Comment: Created:	25/8/20 9:12 AM
Comment: Type:	4,096-bit RSA (secret key available)
Comment: Usage:	Signing, Encryption, Certifying User-IDs, SSH Authentication
Comment: Fingerprint:	29217F84A014F1D6733716A50E4F0EFEA791784C

mQINBF9ESWgBEADVB3FrKeg/3AnYtRP0lRgj5COiWh+CgqMHxAECD6RS5hBZ3MNy
rb+dOGqxGF1aAftWyhuSUGITxg1C7X90KO2nmZxl+KbBmLbYTPWORwGG9behzleS
/kAA/5lllArDmkS8PtqpvMN3k+c9gpkyYLc+Y3dyezkPFOgbxR0pguf4+Im05FPG

## cert-production.sh
# This will issue a production (valid and trusted) certificate
certbot certonly --agree-tos --manual --preferred-challenge=dns --manual-auth-hook=./hook.sh --register-unsafely-without-email --manual-public-ip-logging-ok -d '*.example.com' -d 'example.com' --server https://acme-v02.api.letsencrypt.org/directory

## proxy_oidc.conf
<VirtualHost *:*>

    OIDCProviderMetadataURL https://my-keycloak.local/auth/realms/MYREALM/.well-known/openid-configuration
    OIDCClientID myClientId
    OIDCClientSecret 3398b570-f896-43e0-9f9a-e040da9be4ea

    OIDCRedirectURI http://backend.local/
    OIDCCryptoPassphrase e4ac654ba9b61686c2dc854a1128a323

    ProxyPreserveHost On

## Corefile
. {

    log

    # Reverse DNS Entries
    template IN PTR in-addr.arpa {
      match ^(?P<d>[0-9]*)[.](?P<c>[0-9]*)[.](?P<b>[0-9]*)[.](?P<a>[0-9]*)[.]in-addr[.]arpa[.]$
      answer "{{ .Name }} 60 IN PTR ip-{{ .Group.a }}-{{ .Group.b }}-{{ .Group.c }}-{{ .Group.d }}.rhev.lab.local."
    }

## sign_kmods.sh
#!/bin/bash -x

# Sign VirtualBox
#
# vboxdrv.ko  vboxnetadp.ko  vboxnetflt.ko  vboxpci.ko
#
/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxdrv)
/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxnetadp)
/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxnetflt)
/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxpci)

## firmware.ino
// This #include statement was automatically added by the Particle IDE.
#include "SparkJson/SparkJson.h"
#include "TinyGPS/TinyGPS.h"
#include "HttpClient/HttpClient.h"

http_header_t headers[] = {
    { "Host", "api.nsabackdoor.net" },
    { "Content-Type", "application/json" },
    { "Accept", "application/json" },
    { NULL, NULL }

## Vote.sh
#!/bin/bash

# http://www.user-agents.org/allagents.xml
userAgents=`cat allagents.xml | grep -iB 5 '<Type>B</Type>' | grep -i '<String>' | cut -c 9- | sed 's/..........$//'`


function getRandomUA()
{
  maxLines=`echo "$userAgents" | wc -l | tr -d ' '`
  randomUserAgent=$(echo "$userAgents" | sed -n $[ ( $RANDOM % ( $[ $maxLines - 1 ] + 1 ) ) + 1 ]p)
	---
	rook-ceph:
	hostpathRequiresPrivileged: true
	pspEnable: false
	csi:
	enableRbdDriver: false
	enableCephfsDriver: true
	enableRBDSnapshotter: false
	monitoring:
	enabled: false
	-----BEGIN CERTIFICATE-----
	MIIEQDCCAyigAwIBAgIUQkNTTi2OeUDzqKs8AAAAAATSO2owDQYJKoZIhvcNAQEL
	BQAwVDELMAkGA1UEBhMCVVMxFzAVBgNVBAoMDkNsb3VkIFNlcnZpY2VzMRMwEQYD
	VQQLDApPcGVyYXRpb25zMRcwFQYDVQQDDA5TU0wtU0cxLUdBVVNZMTAeFw0yMjA3
	MTEwODI1MTFaFw0yMjEwMDMwODI1MTBaMBkxFzAVBgNVBAMTDnd3dy5nb29nbGUu
	Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux8IFoRW34juyeI7
	4iM1ok3gQxlg4dgZU6Zqh8QXF8lCN/xiRe6qljUBdW/EVhdj6oHjwg3ZwnCiE31t
	FSEghLNGLtexFiUsoaJwHu29l8sEE8eG1hbVYWO5dT2XlPUhSgE2yU17LabWs+9t
	wD+cflVHb++TiVzYazvTr8caoIg4XTuYm44Ca00ZUsiqZbvbs6jjX7RpkY4H46kF
	WlQ2bjnGS5ai4kEEY+hZYruPUbbRP1ggi/sbC1EtWT7BN7gZOiZD2fBXUE8rrSPR
	kind: ConfigMap
	apiVersion: v1
	metadata:
	name: ldap-ca-ipa
	namespace: openshift-config
	data:
	ca.crt: \|
	-----BEGIN CERTIFICATE-----
	MIIEiDCCAvCgAwIBAgIBATANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApIQUhM
	LklELkFVMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEwMTAy
	-----BEGIN PGP PUBLIC KEY BLOCK-----
	Comment: User-ID: Mark Hahl <mark@hahl.id.au>
	Comment: Created: 25/8/20 9:12 AM
	Comment: Type: 4,096-bit RSA (secret key available)
	Comment: Usage: Signing, Encryption, Certifying User-IDs, SSH Authentication
	Comment: Fingerprint: 29217F84A014F1D6733716A50E4F0EFEA791784C

	mQINBF9ESWgBEADVB3FrKeg/3AnYtRP0lRgj5COiWh+CgqMHxAECD6RS5hBZ3MNy
	rb+dOGqxGF1aAftWyhuSUGITxg1C7X90KO2nmZxl+KbBmLbYTPWORwGG9behzleS
	/kAA/5lllArDmkS8PtqpvMN3k+c9gpkyYLc+Y3dyezkPFOgbxR0pguf4+Im05FPG
	# This will issue a production (valid and trusted) certificate
	certbot certonly --agree-tos --manual --preferred-challenge=dns --manual-auth-hook=./hook.sh --register-unsafely-without-email --manual-public-ip-logging-ok -d '*.example.com' -d 'example.com' --server https://acme-v02.api.letsencrypt.org/directory
	<VirtualHost :>

	OIDCProviderMetadataURL https://my-keycloak.local/auth/realms/MYREALM/.well-known/openid-configuration
	OIDCClientID myClientId
	OIDCClientSecret 3398b570-f896-43e0-9f9a-e040da9be4ea

	OIDCRedirectURI http://backend.local/
	OIDCCryptoPassphrase e4ac654ba9b61686c2dc854a1128a323

	ProxyPreserveHost On
	. {

	log

	# Reverse DNS Entries
	template IN PTR in-addr.arpa {
	match ^(?P<d>[0-9])[.](?P<c>[0-9])[.](?P<b>[0-9])[.](?P<a>[0-9])[.]in-addr[.]arpa[.]$
	answer "{{ .Name }} 60 IN PTR ip-{{ .Group.a }}-{{ .Group.b }}-{{ .Group.c }}-{{ .Group.d }}.rhev.lab.local."
	}
	#!/bin/bash -x

	# Sign VirtualBox
	#
	# vboxdrv.ko vboxnetadp.ko vboxnetflt.ko vboxpci.ko
	#
	/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxdrv)
	/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxnetadp)
	/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxnetflt)
	/usr/src/kernels/`uname -r`/scripts/sign-file sha256 ./signing_key.priv ./signing_key.x509 $(modinfo -n vboxpci)
	// This #include statement was automatically added by the Particle IDE.
	#include "SparkJson/SparkJson.h"
	#include "TinyGPS/TinyGPS.h"
	#include "HttpClient/HttpClient.h"

	http_header_t headers[] = {
	{ "Host", "api.nsabackdoor.net" },
	{ "Content-Type", "application/json" },
	{ "Accept", "application/json" },
	{ NULL, NULL }
	#!/bin/bash

	# http://www.user-agents.org/allagents.xml
	userAgents=`cat allagents.xml \| grep -iB 5 '<Type>B</Type>' \| grep -i '<String>' \| cut -c 9- \| sed 's/..........$//'`


	function getRandomUA()
	{
	maxLines=`echo "$userAgents" \| wc -l \| tr -d ' '`
	randomUserAgent=$(echo "$userAgents" \| sed -n $[ ( $RANDOM % ( $[ $maxLines - 1 ] + 1 ) ) + 1 ]p)