- Run
setup_ip_forwarding.batscript to enable IP forwarding on Windows. - Configure Windows firewall to accept traffic from all remote networks.
- Install wireguard and setup connection to central wireguard server with all remote networks as part of
AllowedIPsand a unique IP within the wireguard network. - Setup fritzbox to a custom local IP address range (e.g. 192.168.110.0/24) that is unique in all sites.
- Setup a static DHCP lease or a static IP for the local wireguard system.
- Setup static routes in fritzbox for each remote network using the local wireguard system's IP as the gateway/nexthop.
- For central wireguard server setup route for the network address range of the new external site.
Phillip Schichtel pschichtel
pschichtel
/ direct-grant-auth.sh
Last active
May 30, 2024 18:30
A simple example for a script that can be used with FreeRADIUS to authenticate a user against an oauth server that supports the 'Resource Owner Password Credentials Grant' (grant=password). It requires bash, jq and cut.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| username="${USER_NAME?No User-Name found!}" | |
| password="${USER_PASSWORD?No Password found!}" | |
| token_endpoint="${OIDC_TOKEN_ENDPOINT?No Oidc-Token-Endpoint!}" | |
| client_id="${OIDC_CLIENT_ID?No Oidc-Client-Id!}" | |
| client_secret="$(< "${OIDC_CLIENT_SECRET_FILE?No Oidc-Client-Secret-File!}")" |
pschichtel
/ migrate-sc.sh
Created
May 13, 2024 00:49
A small script to migrate PVCs and their data to a new storage class. It requires bash, kubectl, yq, jq and [pv-migrate](https://github.com/utkuozdemir/pv-migrate).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| namespace="${1?no namespace}" | |
| source_pvc="${2?no source pvc}" | |
| target_sc="${3?no target SC}" | |
| tmp_pvc_name="${source_pvc}-tmp" |
pschichtel
/ fetch-adlists-rpz.sh
Created
May 10, 2024 01:23
A simple bash script that can be used to fetch various DNS ad filter lists in either rpz or /etc/hosts format.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| fetch_hosts_as_rpz() { | |
| local action="${1?no action!}" | |
| local destination="${2?no destination!}" | |
| shift 2 | |
| if [ $# = 0 ] |
pschichtel
/ fio-db-load.sh
Last active
June 16, 2023 16:21
A simple benchmark script using via with a database workload. https://www.dbi-services.com/blog/flexible-io-simulating-database-like-io-activity-without-an-installed-database/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| target_dir="${1?no target dir!}" | |
| if [ -e "$target_dir" ] | |
| then | |
| echo "$target_dir already exists!" >&2 | |
| exit 1 | |
| fi |
pschichtel
/ unpack-legacy-p12.sh
Last active
November 17, 2022 19:05
pfSense generates legacy p12 files which are not compatible with latest OpenSSL 3. This script unpacks the p12 file into separate PEM files, which work nicely with GNOME's network management stuff. See: https://github.com/openssl/openssl/commit/15c9aa3aef77c642ef2b6c84bba2b57b35ed083e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| input="${1?no input}" | |
| key_output="${2?no key output}" | |
| crt_output="${3?no crt output}" | |
| ca_output="${4?no ca output}" | |
| openssl pkcs12 -legacy -in "$input" -out "${key_output}" -nocerts -nodes | |
| openssl pkcs12 -legacy -in "$input" -out "${crt_output}" -clcerts -nokeys | |
| openssl pkcs12 -legacy -in "$input" -out "${ca_output}" -cacerts -nokeys |
pschichtel
/ CustomLocalValidatorFactoryBean.kt
Created
August 17, 2021 14:53
SuspendAwareKotlinParameterNameDiscoverer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.hibernate.validator.internal.engine.DefaultClockProvider | |
| import org.springframework.core.LocalVariableTableParameterNameDiscoverer | |
| import org.springframework.core.PrioritizedParameterNameDiscoverer | |
| import org.springframework.core.StandardReflectionParameterNameDiscoverer | |
| import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean | |
| import java.lang.reflect.Constructor | |
| import java.lang.reflect.Method | |
| import javax.validation.ClockProvider | |
| import javax.validation.Configuration | |
| import javax.validation.ParameterNameProvider |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| keycloak_to_pem() { | |
| input="$(mktemp)" | |
| echo "-----BEGIN $1-----" > "$input" | |
| echo "$2" >> "$input" | |
| echo "-----END $1-----" >> "$input" | |
| output="$(mktemp)" | |
| case "$1" in | |
| "CERTIFICATE") | |
| openssl x509 -inform PEM -in "$input" -out "$output" | |
| ;; |
pschichtel
/ .gitlab-ci.yml
Created
February 7, 2021 02:10
Gitlab CI setup to build the discourse docker image on a docker-based gitlab-runner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| - name: postgres:12-alpine | |
| alias: bootstrap-postgres | |
| - name: redis:6 | |
| alias: bootstrap-redis | |
| variables: | |
| POSTGRES_DB: bootstrap | |
| POSTGRES_USER: bootstrap | |
| POSTGRES_PASSWORD: '' |
pschichtel
/ howto.md
Last active
January 11, 2021 18:53
Batch script to enable IP forwarding on Windows. I use this to (ab)use Windows PCs as a Gateway into a site-to-site VPN.
pschichtel
/ synthesize.sh
Created
October 23, 2020 17:59
Small bash script that synthesizes text to speech using Google's services. The script expects the gcloud CLI tool, curl and jq installed in the path.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| voice="${1?no voice given!}" | |
| gender="${2?no gender given!}" | |
| text="${3?no text given!}" | |
| file_name="${4:-"-"}" | |
| access_token="$(gcloud auth application-default print-access-token)" | |
| if echo "$text" | grep -q "<speak>" | |
| then |
NewerOlder