rechner

services:
  db:
    image: postgres
    restart: always
    environment:
      POSTGRES_PASSWORD: secret
    ports:
      - "5432:5432"
    volumes:
      - pgdata:/var/lib/postgresql/data

rechner

#!/usr/bin/python
"""
Read a MagTek USB HID Swipe Reader in Linux. A description of this
code can be found at: http://www.micahcarrick.com/credit-card-reader-pyusb.html

You must be using the new PyUSB 1.0 branch and not the 0.x branch.

(Install with `pip install pyusb --pre` in a virtualenv. Install libusb first on debian)

Copyright (c) 2010 - Micah Carrick

rechner

# Setting up Proxmox with a certificate from FreeIPA.
# This assumes you've already joined the machine with ipa-client-install

# Get a ticket as someone that can issue certificates
kinit admin

cat <<EOF > /usr/local/sbin/set-ssl-permissions
#!/bin/bash

FILES=/etc/pve/nodes/proxmox/{pve-ssl.key,pve-ssl.pem}

rechner

This article proved to be a decent starting point, but I was particularly interested in allowing password-based logins to OpenVPN using a username/password backed by FreeIPA (opposed to client certificates) as the identity provider.

• IPA join your VPN machine: ipa-client-install --mkhomedir
• Get a kerberos ticket: kinit
• Create a Kerberos service principle and HBAC rule for openvpn access:

ipa service-add openvpn/`hostname`

• Create new hbacrule in console, mark host as the VPN host, and whatever group you want to restrict access to: