rubot

Setup Entware-ng-3x on Asuswrt-merlin

Entware-ng-3x is a modern alternative to Optware.

For those unfamiliar with Optware: it's a software repository that offers various software programs that can be installed on your router. They allow you to add new functionality to your router (provided you have the know-how to properly configure them).

Entware-ng-3x system library is specially modified (patched) so that standard linux files that are normally located in /etc directory are now located in /opt/etc/ directory. To simplify things let's consider /etc/passwd file. On Asuswrt-merlin it normally looks something like:

admin:x:0:0:admin:/root:/bin/sh

nas:x:100:100:nas:/dev/null:/dev/null

rubot

Order and provision a Hetzner Cloud based Gitlab-Runner Docker-machine autoscaling infrastructure

See my blog for more information.

• Adjust settings in vars.auto.tfvars.
• Run with terraform init && terraform apply

Content:

rubot

FROM netdata/netdata:latest

MAINTAINER YOUR_EMAIL

# add netdata user to root group (access volumne mounts from host)
RUN apk --no-cache add shadow
RUN usermod -a -G root netdata

ENTRYPOINT ["/usr/sbin/run.sh"]

rubot

---

# Ansible doesn't expose the shell environment of the remotely logged in user
# so we need to use a few tricks to get some of these values.
#
# This playbook demonstrates how to get a couple of useful environment variables.
#
# NOTE: these values are different to ansible_env.ansible_user_dir and
#       ansible_env.ansible_user_shell which represent the user running ansible.

rubot

HOWTO: Installing Vault On AWS Linux

This is quick howto for installing vault on AWS Linux, mostly to remind myself. At the end of this tutorial, you'll have a working vault server, using s3 for the backend, self signed certificates for tls, and supervisord to ensure that the vault server is always running, and starts on reboot.

Setting up S3

First things first, let's set up an s3 bucket to use as the storage backend for our s3 instance.

1. From the AWS Mangement Console, go to the S3 console.

2. Click on the Create Bucket button

rubot

#!/usr/bin/env bash

export PATH="${PATH}:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"

ME="${0}"

if [ "${BASH_VERSINFO[0]}" -lt "4" ]
then
	echo >&2 "Sorry! This script needs BASH version 4+, but you have BASH version ${BASH_VERSION}"
	exit 1

rubot

- name: 'check if reboot is required'
  shell: if [ $(readlink -f /vmlinuz) != /boot/vmlinuz-$(uname -r) ]; then echo 'yes'; else echo 'no'; fi
  ignore_errors: true
  register: reboot

- name: 'reboot...'
  shell: nohup bash -c 'sleep 2 && shutdown -r now "Ansible kernel update applied"' &
  async: 0
  poll: 0
  ignore_errors: true

rubot

ssh-keygen -t rsa -b 4096 -N '' -C "rthijssen@gmail.com" -f ~/.ssh/id_rsa
ssh-keygen -t rsa -b 4096 -N '' -C "rthijssen@gmail.com" -f ~/.ssh/github_rsa
ssh-keygen -t rsa -b 4096 -N '' -C "rthijssen@gmail.com" -f ~/.ssh/mozilla_rsa

rubot

1. Disable iptables

$ sudo vim /etc/docker/daemon.json

{
  "iptables": false
}

rubot

server {
    listen 443 ssl http2 proxy_protocol;
    include /ssl.conf.include;

    ssl_certificate /etc/nginx/certs/main.crt;
    ssl_certificate_key /etc/nginx/certs/main.key;

    server_name example.org;