Managing SSH keys with Vault requires 3 steps:
- Setting up Vault
- Setting up the host
- Setting up the client / using the signed client keys
For a full documentation, see this HashiCorp Blog Post
Simon Oakes soakes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2.4' | |
| services: | |
| target: | |
| privileged: true | |
| network_mode: "host" | |
| ipc: "host" | |
| restart: always | |
| volumes: | |
| - '/etc/localtime:/etc/localtime:ro' | |
| - '/edgefs/var/run:/opt/nedge/var/run:z' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| hostname: host-0815 | |
| ssh_authorized_keys: | |
| - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA61LSHA7iU+82Z2qypYLx2gB9uHydUOoDON30ceAKl5dSgzShtF5XS5sqABYBMowDcvdkNyUDdt1Druv82iu/scATLFmxTQ8R2XIL33dMO6IpBg0d3WQcU5Xqeor9s5LTpln7F0V+9vaYG/nXqQtnz4PEnZGA+f9ddHuvcDajqKLNTDyriL87E6HAfjNU+1ShI2Qv8Zqhq8rYW0zkn2C+4vVKpgzq8B91R7hSXZwUTU9+bIq3uqTfe/t9/5hFNZEUo/ezV25DFvWDmvKcXt1QRoLxL/NI7h00fEJY7QVh2eevtiA9BdthI2LHx2tm2LoMYHQVZUVljm033xh2UISx | |
| runcmd: | |
| - echo "true" > /home/rancher/provisioned | |
| write_files: | |
| - path: /etc/docker/certs.d/private-registry.internal/ca.crt |
legege
/ cleanup.groovy
Created
March 23, 2018 16:41
Intelligently clean a Sonatype Nexus3 repository... keep the last X released versions of each "major.minor" artifact
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.sonatype.nexus.repository.storage.Component | |
| import org.sonatype.nexus.repository.storage.StorageFacet; | |
| def retentionCount = 15 | |
| def repositoryName = 'releases' | |
| def dryRun = true | |
| log.info("Cleanup script started! Dry Run Mode: $dryRun"); | |
| def repo = repository.repositoryManager.get(repositoryName); | |
| def tx = repo.facet(StorageFacet.class).txSupplier().get(); |
galexrt
/ rook-cluster.yaml
Last active
July 16, 2018 11:45
CoreOS is used for the nodes. Every node has sda10 mounted to /var/lib/rook and sdb empty used as a whole. The nodes have been labelled according to the placements.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: rook.io/v1alpha1 | |
| kind: Cluster | |
| metadata: | |
| name: rook | |
| namespace: rook | |
| spec: | |
| versionTag: master | |
| dataDirHostPath: /var/lib/rook-config | |
| # toggle to use hostNetwork | |
| hostNetwork: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #version=RHEL7 | |
| # Action | |
| install | |
| cdrom | |
| lang en_US.UTF-8 | |
| keyboard us | |
| text | |
| firewall --service=ssh |
vidia
/ nginx-unificontroller.conf
Last active
January 1, 2024 18:08
Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. | |
| # The unifi default port is 8443 running on localhost. | |
| # License: CC0 (Public Domain) | |
| server { | |
| # SSL configuration | |
| # | |
| listen 443 ssl default_server; | |
| listen [::]:443 ssl default_server; |
innovia
/ kubernetes_add_service_account_kubeconfig.sh
Last active
January 29, 2024 23:00
Create a service account and generate a kubeconfig file for it - this will also set the default namespace for the user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| set -o pipefail | |
| # Add user to k8s using service account, no RBAC (must create RBAC after this script) | |
| if [[ -z "$1" ]] || [[ -z "$2" ]]; then | |
| echo "usage: $0 <service_account_name> <namespace>" | |
| exit 1 | |
| fi |
ruanbekker
/ cheatsheet-elasticsearch.md
Last active
April 24, 2024 00:11
Elasticsearch Cheatsheet : Example API usage of using Elasticsearch with curl
My Elasticsearch cheatsheet with example usage via rest api (still a work-in-progress)
jkhsjdhjs
/ online-net_systemd-network-configuration.md
Last active
December 16, 2022 19:53
online.net: systemd Network Configuration with (r)DNS
This document will guide you through the process of setting up your online.net network addresses, DNS servers and rDNS records. For IPv4 we will use systemd-networkd (part of systemd) and odhcp6c (OpenWrt embedded DHCPv6-client) together with iproute2 for IPv6. For DNS we'll use systemd-resolved.
systemd is the default init process on Arch Linux, Debian GNU/Linux, Fedora, Ubuntu and more. iproute2 is also preinstalled there. So, if you're using a distribution that uses systemd, this tutorial should work for you. If you're using Gentoo Linux first make sure that you're using systemd.