Skip to content

Instantly share code, notes, and snippets.

View ryansch's full-sized avatar

Ryan Schlesinger ryansch

54 followers · 28 following
View GitHub Profile
@ryansch
ryansch / Dockerfile
Last active January 3, 2017 18:36
openvpn sample build container
FROM docker:latest
RUN apk add --no-cache bash sudo iptables openvpn
@ryansch
ryansch / README.md
Last active February 20, 2017 17:39
openvpn HOWTO

This uses https://github.com/kylemanna/docker-openvpn for most of the heavy lifting. I've also wrapped it with some persistence management for production usage at https://github.com/outstand/docker-openvpn. I'm using a data container in production as rancherOS doesn't support named volumes in cloud config yet.

I skipped using elliptic curves until both easyrsa and openvpn support choosing the curve (NIST curves are considered harmful).

When you're done, you'll have your PKI in the named volume on your workstation and only the files that the server needs on S3. Back up the contents of the volume somewhere secure. You can't issue new certs or revoke old ones without it.

Setup

  • OVPN_DATA="openvpn-data"
  • `docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -d -N -C AES-256-CBC -T TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -a SHA512 -n <VPC_DNS_IP> -p 'route <VPC_CIDR> 255.255.0.0' -p 'route <ANOTHER_VPC_CIDR> 255.255.0.0' -u udp://<VPN_SERVER_FQDN> -e 'topology subnet' -p 'dhcp-optio
@ryansch
ryansch / .tmux.conf
Created August 26, 2016 17:30
tmux config
# Ring the bell if any background window rang a bell
set -g bell-action any
# Default termtype. If the rcfile sets $TERM, that overrides this value.
set -g default-terminal screen-256color
# Keep your finger on ctrl, or don't
bind-key ^D detach-client
# Create splits and vertical splits
@ryansch
ryansch / README.md
Created July 23, 2016 22:24
neovim + yadr
@ryansch
ryansch / current_region.rb
Created June 20, 2016 15:17
Get current AWS region
def current_region
return @current_region if @current_region != nil
response = Excon.get(
'http://169.254.169.254/latest/meta-data/placement/availability-zone',
expects: [200],
connect_timeout: 2,
read_timeout: 2,
write_timeout: 2,
tcp_nodelay: true
@ryansch
ryansch / tar.rb
Created June 16, 2016 12:17
Create/Extract a tarball from ruby
require 'find'
require 'archive/tar/minitar'
module IdiomaticTar
def create_tarball(filename:, directory:)
base_dir = Pathname.new(directory).parent
FileUtils.cd(base_dir) do
Pathname.new(filename).open('wb') do |tarball|
Zlib::GzipWriter.wrap(tarball) do |gz|
Archive::Tar::Minitar::Output.open(gz) do |tar|
@ryansch
ryansch / .tmux.conf
Created December 15, 2015 15:47
tmux config
# Ring the bell if any background window rang a bell
set -g bell-action any
# Default termtype. If the rcfile sets $TERM, that overrides this value.
set -g default-terminal screen-256color
# Keep your finger on ctrl, or don't
bind-key ^D detach-client
# Create splits and vertical splits
@ryansch
ryansch / setup_pair.rb
Created June 8, 2015 16:12
Pairing
#!/bin/sh
# create an account alias
#sudo dscl . -append /Users/$USER RecordName Pair pair
# configure sshd to only allow public-key authentication
#sudo sed -E -i.bak 's/^#?(PasswordAuthentication|ChallengeResponseAuthentication).*$/\1 no/' /etc/sshd_config
# add pair user public key(s)
GITHUBUSER=$1
@ryansch
ryansch / foo_spec.rb
Created June 4, 2015 18:44
Chargify Webhook Feature Test
require 'feature/feature_helper'
feature 'Something involving chargify webhooks', :vcr, driver: :mechanize do
def chargify_webhook(from:, to:, subscription_id:)
payload = {subscription: {
id: subscription_id,
previous_state: from,
state: to
# Any other needed subscription info should go here
}}
@ryansch
ryansch / elasticsearch14.rb
Created March 31, 2015 15:13
Elasticsearch 1.4 Formula
class Elasticsearch14 < Formula
homepage "http://www.elastic.co"
url "https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.tar.gz"
sha1 "963415a9114ecf0b7dd1ae43a316e339534b8f31"
depends_on :java => "1.7+"
def cluster_name
"elasticsearch_#{ENV["USER"]}"
end