mister2d

I’m using a simple dnsmasq.

# Enable forward lookup of the 'consul' domain:
server=/consul/127.0.0.1#8600

# Accept DNS queries only from hosts whose address is on a local subnet.
local-service
If systemd resolver is running you’ll hit an issue since it’s already binding 127.0.0.1:53.
Add this to /etc/systemd/resolved.conf

mister2d

## Assumed $TERM=xterm

# Include system-wide /etc/inputrc if you wish.
$include /etc/inputrc

"\eOD": backward-word
"\eOC": forward-word

"\e[1~": beginning-of-line
"\e[4~": end-of-line

mister2d

SSH CA use-case with Vault

In this scenario we are going to set up Vault to sign SSH keys using an internal CA. We will configure the SSH secrets engine and create a CA within Vault. We will then configure an SSH server to trust the CA key we just created. Finally we will attempt to SSH using a private key, and a public key signed by Vault SSH CA.

Prerequisites

• This guide assumes you have already provisioned a Vault server, SSH host using OpenSSH server, and a SSH client machine.
• The client system must be able to reach the Vault server and the OpenSSH server.
• We will refer to these systems respectively as:
• VAULT_SERVER

mister2d

# /usr/local/etc/PolicyKit/PolicyKit.conf
# Allow normal users to mount removable media automatically

    <config version="0.1">
    	<match action="org.freedesktop.hal.storage.mount-removable">
    		<return result="yes"/>
    	</match>
    	<match action="org.freedesktop.hal.storage.mount-fixed">
    		<return result="yes"/>
    	</match>