Skip to content

Instantly share code, notes, and snippets.

View nathwill's full-sized avatar
🐜
doin' stuff

Nathan Williams nathwill

🐜
doin' stuff
76 followers · 47 following
  • Treehouse
  • Portland, OR
View GitHub Profile
@nathwill
nathwill / pf.conf
Last active May 4, 2024 03:05
a dummy's sample pf.conf
# $OpenBSD: pf.conf,v 1.52 2013/02/13 23:11:14 halex Exp $
#
# See pf.conf(5) for syntax and examples.
#
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
### Macros
# system
@nathwill
nathwill / ha-redis-keepalived.conf
Created April 18, 2016 23:42
keepalived configuration for tracking redis master
vrrp_script chk_redis_master {
script "redis-cli info replication | grep -q 'role:master'"
interval 2
weight 2
rise 2
fall 2
}
vrrp_instance redis_vip {
interface eth0
@nathwill
nathwill / systemd-nspawn containers on centos
Last active April 12, 2022 03:43
super lightweight containers with systemd-nspawn
assumes centos 7 host, typical configuration
- disable selinux: SELINUX=permissive in /etc/sysconfig/selinux
- disable auditd: systemctl disable auditd.service
- enable journald persistence: `Storage=persistent` in /etc/systemd/journald.conf
- mkdir /var/lib/container
- yum -y --nogpg --releasever=7 --installroot=/var/lib/container/centos install systemd passwd yum vim-minimal openssh-server
- systemd-nspawn -D /var/lib/container/centos
- set root passwd, set ssh port (e.g. 2222)
- set up systemd-nspawn service:
@nathwill
nathwill / haproxy_http_log.lua
Last active January 8, 2022 17:20
heka haproxy syslog decoder
--[[
Inspired by: https://github.com/mozilla-services/lua_sandbox/pull/22
*Haproxy log-format Directive*
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
*Example Config*
[haproxy_udp_input]
type = "UdpInput"
@nathwill
nathwill / kibana-oauth2-proxy-ingress.yaml
Last active July 28, 2021 09:30
kubernetes ingress-nginx ingress for redirect/whitelist of access to AWS elasticsearch kibana behind oauth2-proxy
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kibana-doorman
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/server-snippet: |
location = / { return 308 https://$best_http_host/_plugin/kibana; }
spec:
@nathwill
nathwill / random-walk.rb
Created February 7, 2021 07:31
example random walk routine
#!/usr/bin/env ruby
#
class Rundganger
attr_accessor :coordinates, :path
def initialize
@coordinates = [0,0,0]
@path = [] << @coordinates.clone
end
@nathwill
nathwill / ssh-audit.txt
Last active November 28, 2017 23:00
lazy audit logging
# Set up audit logging for connections outbound from the bastion
default['openssh']['client'].tap do |client|
client['permit_local_command'] = 'yes'
client['local_command'] = '/usr/bin/logger -p INFO -t AUTH %u signed into %h:%p as %r'
end
@nathwill
nathwill / pulse.txt
Last active November 28, 2017 22:46
heka monitoring
# heka.toml
[hekad]
base_dir = '/tmp/heka'
[boot]
type = "LogstreamerInput"
log_directory = '/var/log'
file_match = 'boot\.log'
[pulse]
@nathwill
nathwill / gluster-test.yml
Created October 2, 2017 22:28
k8s external gluster
---
kind: Endpoints
apiVersion: v1
metadata:
name: glusterfs-cluster
subsets:
- addresses:
- ip: 10.138.0.8
ports:
- port: 49152
@nathwill
nathwill / create-cinder-snapshot.rb
Created September 12, 2016 17:58
simple snapshotting script
#!/opt/chef/embedded/bin/ruby
#
# Create/manage Cinder volume snapshots
#
require 'mixlib/shellout'
require 'fog/openstack'
#