Skip to content

Instantly share code, notes, and snippets.

Avatar

Ryan Schlesinger ryansch

View GitHub Profile
@ryansch
ryansch / Dockerfile
Last active Jan 3, 2017
openvpn sample build container
View Dockerfile
FROM docker:latest
RUN apk add --no-cache bash sudo iptables openvpn
@ryansch
ryansch / README.md
Last active Feb 20, 2017
openvpn HOWTO
View README.md

This uses https://github.com/kylemanna/docker-openvpn for most of the heavy lifting. I've also wrapped it with some persistence management for production usage at https://github.com/outstand/docker-openvpn. I'm using a data container in production as rancherOS doesn't support named volumes in cloud config yet.

I skipped using elliptic curves until both easyrsa and openvpn support choosing the curve (NIST curves are considered harmful).

When you're done, you'll have your PKI in the named volume on your workstation and only the files that the server needs on S3. Back up the contents of the volume somewhere secure. You can't issue new certs or revoke old ones without it.

Setup

  • OVPN_DATA="openvpn-data"
  • `docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -d -N -C AES-256-CBC -T TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -a SHA512 -n <VPC_DNS_IP> -p 'route <VPC_CIDR> 255.255.0.0' -p 'route <ANOTHER_VPC_CIDR> 255.255.0.0' -u udp://<VPN_SERVER_FQDN> -e 'topology subnet' -p 'dhcp-optio
View .tmux.conf
# Ring the bell if any background window rang a bell
set -g bell-action any
# Default termtype. If the rcfile sets $TERM, that overrides this value.
set -g default-terminal screen-256color
# Keep your finger on ctrl, or don't
bind-key ^D detach-client
# Create splits and vertical splits
View README.md
@ryansch
ryansch / current_region.rb
Created Jun 20, 2016
Get current AWS region
View current_region.rb
def current_region
return @current_region if @current_region != nil
response = Excon.get(
'http://169.254.169.254/latest/meta-data/placement/availability-zone',
expects: [200],
connect_timeout: 2,
read_timeout: 2,
write_timeout: 2,
tcp_nodelay: true
@ryansch
ryansch / tar.rb
Created Jun 16, 2016
Create/Extract a tarball from ruby
View tar.rb
require 'find'
require 'archive/tar/minitar'
module IdiomaticTar
def create_tarball(filename:, directory:)
base_dir = Pathname.new(directory).parent
FileUtils.cd(base_dir) do
Pathname.new(filename).open('wb') do |tarball|
Zlib::GzipWriter.wrap(tarball) do |gz|
Archive::Tar::Minitar::Output.open(gz) do |tar|
View .tmux.conf
# Ring the bell if any background window rang a bell
set -g bell-action any
# Default termtype. If the rcfile sets $TERM, that overrides this value.
set -g default-terminal screen-256color
# Keep your finger on ctrl, or don't
bind-key ^D detach-client
# Create splits and vertical splits
View setup_pair.rb
#!/bin/sh
# create an account alias
#sudo dscl . -append /Users/$USER RecordName Pair pair
# configure sshd to only allow public-key authentication
#sudo sed -E -i.bak 's/^#?(PasswordAuthentication|ChallengeResponseAuthentication).*$/\1 no/' /etc/sshd_config
# add pair user public key(s)
GITHUBUSER=$1
@ryansch
ryansch / foo_spec.rb
Created Jun 4, 2015
Chargify Webhook Feature Test
View foo_spec.rb
require 'feature/feature_helper'
feature 'Something involving chargify webhooks', :vcr, driver: :mechanize do
def chargify_webhook(from:, to:, subscription_id:)
payload = {subscription: {
id: subscription_id,
previous_state: from,
state: to
# Any other needed subscription info should go here
}}
@ryansch
ryansch / elasticsearch14.rb
Created Mar 31, 2015
Elasticsearch 1.4 Formula
View elasticsearch14.rb
class Elasticsearch14 < Formula
homepage "http://www.elastic.co"
url "https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.tar.gz"
sha1 "963415a9114ecf0b7dd1ae43a316e339534b8f31"
depends_on :java => "1.7+"
def cluster_name
"elasticsearch_#{ENV["USER"]}"
end
You can’t perform that action at this time.