Skip to content

Instantly share code, notes, and snippets.

Avatar
😏

Matt Martz sivel

😏
View GitHub Profile
@sivel
sivel / yescrypt_ctypes.py
Last active Sep 28, 2021
Ansible filter plugin to encrypt a string with yescrypt
View yescrypt_ctypes.py
# Copyright (c) 2021 Matt Martz <matt@sivel.net>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import ctypes
from ansible.errors import AnsibleFilterError
from ansible.module_utils.common.text.converters import to_bytes, to_text
@sivel
sivel / go-build.sh
Last active Sep 23, 2021
Ansible Binary Golang Module
View go-build.sh
go build helloworld.go
GOOS=windows GOARCH=amd64 go build helloworld.go
@sivel
sivel / make_manifest.py
Last active Sep 20, 2021
Script to create a MANIFEST.json and FILES.json for an Ansible collection from galaxy.yml
View make_manifest.py
#!/usr/bin/env python
# Copyright (c) 2020 Matt Martz <matt@sivel.net>
# GNU General Public License v3.0+
# (see https://www.gnu.org/licenses/gpl-3.0.txt)
import json
import os
from ansible.galaxy.collection import _build_files_manifest
from ansible.galaxy.collection import _build_manifest
@sivel
sivel / better-ssh-authorized-keys-management.md
Last active Aug 31, 2021
Better SSH Authorized Keys Management
View better-ssh-authorized-keys-management.md

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

@sivel
sivel / 00-include_until.yml
Last active Aug 16, 2021
Ansible Include Until
View 00-include_until.yml
---
- hosts: localhost
gather_facts: false
tasks:
- include_tasks: include_me.yml
vars:
include_max: 10
@sivel
sivel / inventory2json.py
Last active Jun 4, 2021
Ansible inventory to dynamic inventory JSON output, accepts all inventory input formats
View inventory2json.py
import sys
import json
from ansible.parsing.dataloader import DataLoader
try:
from ansible.inventory.manager import InventoryManager
A24 = True
except ImportError:
from ansible.vars import VariableManager
View 00-output.txt
vars_secret_funky_json: !vault |
$ANSIBLE_VAULT;1.2;AES256;alan_host
35356666616633303337313766346562613961313262333530663432393965303736653334306433
6239666265343936343462653836386162343234353961330a306665396665353364613863316362
66646663313737393763383565333237316663666339623063646666646261643338616261633330
3634313634666264620a383632386661653330326435633861333031643334643237366430313733
3733
{
"vars_secret_funky_json": {
@sivel
sivel / ContentMD5-ReqDotMD5.pm
Created Feb 20, 2012
nginx Perl Module to Output Content-MD5 HTTP Header
View ContentMD5-ReqDotMD5.pm
# nginx Embedded Perl module for adding a Content-MD5 HTTP header
#
# This perl module, will output an MD5 of a requested file using the
# Content-MD5 HTTP header, by pulling the hex hash from a file of the
# same name with .md5 appended to the end, if it exists.
#
# Author: Matt Martz <matt@sivel.net>
# Link: https://gist.github.com/1870822#file_content_md5_req_dot_md5.pm
# License: http://www.nginx.org/LICENSE
@sivel
sivel / wp-mysql-test.php
Created Aug 5, 2009
Database connection test script for WordPress
View wp-mysql-test.php
<?php
/**
* Database connection test script for WordPress
*
* Parses the wp-config.php file for DB connection information and tests
* a mysql connection to the DB server and selection of the database.
* Errors will be reported. Attempts will be made to repair table errors.
*
* Place this file in the same directory as wp-config.php
*
@sivel
sivel / 00-README.md
Last active Jul 29, 2020
Ansible Callback to aid in replicating set_stats workflow behavior in Tower
View 00-README.md

dump_stats Ansible callback plugin

This callback plugin can aid in replicating the set_stats workflow behavior in Tower

It allows you to dump the stats set with set_stats to a file, and then use that file with --extra-vars in subsequent ansible-playbook calls.

Usage

  1. Download dump_stats.py file to a callback_plugins directory relative to your playbook
  2. Run ansible-playbook with ANSIBLE_CALLBACK_WHITELIST=dump_stats