Skip to content

Instantly share code, notes, and snippets.

View sivel's full-sized avatar
😏

Matt Martz sivel

😏
674 followers · 1 following
View GitHub Profile
@sivel
sivel / better-ssh-authorized-keys-management.md
Last active April 8, 2024 07:53
Better SSH Authorized Keys Management

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

@sivel
sivel / 00-include_until.yml
Last active March 15, 2024 08:17
Ansible Include Until
---
- hosts: localhost
gather_facts: false
tasks:
- include_tasks: include_me.yml
vars:
include_max: 10
@sivel
sivel / inventory2json.py
Last active December 19, 2023 01:54
Ansible inventory to dynamic inventory JSON output, accepts all inventory input formats
import sys
import json
from ansible.parsing.dataloader import DataLoader
try:
from ansible.inventory.manager import InventoryManager
A24 = True
except ImportError:
from ansible.vars import VariableManager
@sivel
sivel / cprofile-callback.txt
Last active December 16, 2023 07:26
Ansible callback plugin to profile code execution via cProfile
$ ANSIBLE_CALLBACK_WHITELIST=cprofile CPROFILE_FILTERS=ansible.plugins.connection,ansible.executor.task_executor ansible-playbook -i localhosts whoami.yml
PLAY [My Cool Play] **************************************************************************************************************************************************************************************************************************
TASK [Check who I am 1] **********************************************************************************************************************************************************************************************************************
changed: [localhost0]
changed: [localhost1]
TASK [Check who I am 2] **********************************************************************************************************************************************************************************************************************
changed: [localhost0]
@sivel
sivel / ansible-git.md
Last active October 16, 2023 16:44
Ansible Contributors Guide for working with git/GitHub

Ansible Contributors Guide for working with git/GitHub

First Note

Never, ever, modify or commit things to devel, always do work in a feature branch

Setting up the ansible and modules repos from forks

export GITHUB_USER=sivel
@sivel
sivel / projection.rst
Last active October 12, 2023 15:09

Multiple registers per task and data manipulation

fallible

Note

This feature has not been included in a released version of ansible-core yet, and is a tech preview as part of fallible.

This feature allows a playbook author to register multiple variables on a task, manipulate the data before registered to that variable, and provides implicit register names scoped to a single task. Individual loop results cannot be manipulated, this feature only applies to the final task result.

@sivel
sivel / go-build.sh
Last active September 28, 2023 18:40
Ansible Binary Golang Module
go build helloworld.go
GOOS=windows GOARCH=amd64 go build helloworld.go
@sivel
sivel / selective-restores-on-macos.md
Created November 22, 2018 17:01

Selective Restores on macOS

Note: This post is not yet finished

I have owned a Mac continuously for the last 8 years as part of my job and used it full time both professionally and personally. Over that time I have carried a lot of crap from machine to machine, and a lot of that was very work specific. Certs, credentials, applications, and other various configurations and files. I've always just performed a full Time Machine restore each time I upgraded.

I recently switched employers, and wanted to start mostly fresh, but with the ability to keep some of the more generic configurations on my Mac like VIM configurations, and the ability to bring over personal files. I wasn't sure how I was going to approach this at first. I imagined, that I would just take a Time Machine backup, perform a fresh install, and then use the Migration Assistant to uncheck some things I don't want.

Using the Time Machine backup and Migration Assistant, seemed like a great idea, although Migration Assistant doesn't give y

@sivel
sivel / ContentMD5-ReqDotMD5.pm
Created February 20, 2012 19:14
nginx Perl Module to Output Content-MD5 HTTP Header
# nginx Embedded Perl module for adding a Content-MD5 HTTP header
#
# This perl module, will output an MD5 of a requested file using the
# Content-MD5 HTTP header, by pulling the hex hash from a file of the
# same name with .md5 appended to the end, if it exists.
#
# Author: Matt Martz <matt@sivel.net>
# Link: https://gist.github.com/1870822#file_content_md5_req_dot_md5.pm
# License: http://www.nginx.org/LICENSE
@sivel
sivel / make_manifest.py
Last active May 25, 2022 06:49
Script to create a MANIFEST.json and FILES.json for an Ansible collection from galaxy.yml
#!/usr/bin/env python
# Copyright (c) 2020 Matt Martz <matt@sivel.net>
# GNU General Public License v3.0+
# (see https://www.gnu.org/licenses/gpl-3.0.txt)
import json
import os
from ansible.galaxy.collection import _build_files_manifest
from ansible.galaxy.collection import _build_manifest