- Create an Ubuntu 20.10 machine with the minimum system requirements for Coder, and as many running workspaces as you need.
- Install
kubectlandhelm - Change the SSH port to 5522 and restart SSH: guide
- Set up a k3s cluster with Calico, following this guide: https://docs.projectcalico.org/getting-started/kubernetes/k3s/quickstart
- If you run into an error installing Calico OR installing Coder with helm, set kubeconfig var
~/.bashrc: k3s-io/k3s#1126 (comment) - Edit
/etc/cni/net.d/10-calico.conflistand setallow_ip_forwardingtotrue. - [To be safe] Set
allow_ip_forwardingtotruein the ConfigMap as well:kubectl edit cm cni-config -n calico-system - Install Coder as normal: https://coder.com/docs/setup/installation
mlesaout
/ ansible_do-release-upgrade.yml
Last active
April 1, 2024 05:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: legacyservers | |
| gather_facts: yes | |
| become: yes | |
| tasks: | |
| # Use a block to perform tasks conditionally—only if running Ubuntu 18.04. | |
| - block: |
nehrman
/ gist:3951a9f61083e462c60aeffcd942acb8
Last active
February 1, 2024 09:48
How to integrate Ansible Tower with Vault ssh-ca to secure your environment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The aim of this quick documentation is to explain how to deploy and configure HashiCorp Vault and Ansible Tower to make ssh-ca | |
| happen to secure your environment. | |
| - First Step : Installing Vault | |
| To do that, you can use a shell script that I build to deploy a 1 Node Vault Server. | |
| https://github.com/nehrman/hashicorp-solutions-scripts/blob/master/vault_single_server.sh | |
| - Second Step : Configure Vault for ssh-ca |
kawsark
/ Vault-ssh-ca-README.md
Created
March 28, 2019 16:12
A guide for configuring Vault's SSH-CA
In this scenario we are going to set up Vault to sign SSH keys using an internal CA. We will configure the SSH secrets engine and create a CA within Vault. We will then configure an SSH server to trust the CA key we just created. Finally we will attempt to SSH using a private key, and a public key signed by Vault SSH CA.
- This guide assumes you have already provisioned a Vault server, SSH host using OpenSSH server, and a SSH client machine.
- The client system must be able to reach the Vault server and the OpenSSH server.
- We will refer to these systems respectively as:
- VAULT_SERVER
mitchellurgero
/ rbl_check.php
Created
October 4, 2017 20:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| RBL checker tool for Windows & Linux | |
| By Mitchell Urgero | |
| Code based off of https://gist.github.com/kamermans/1548922 just with *slight* modifications and a proper RBL list. | |
| */ | |
| $mail_server = "111.222.333.444"; // or: trim(exec("curl icanhazip.com")); to get the WAN IP of the current server. | |
| $rbls = array( | |
| 'b.barracudacentral.org', | |
| 'spam.rbl.msrbl.net', |