karlkfi

#!/usr/bin/env bash

set -o errexit
set -o nounset
set -o pipefail

# org/repo (e.g. karlkfi/probe)
REPO=$1
# range (e.g. 1.8.4..1.8.5)
RANGE=$2

anonymuse

#!/usr/bin/env bash
#
# Purpose: Create a Swarm Mode cluster with a single master and a configurable
# number of workers.
# This script is a mirror of the following gist, which is used to
# populate a Medium story. Unfortunately, there's no way to synchronize all
# three
#
# Medium: https://medium.com/contino-io/docker-kata-005-ac8429082f6c
# Gist: https://gist.github.com/anonymuse/502e7bf5c7b67bb95a4250cdccbc5125

gesellix

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty



screen -AmdS docker ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
screen -r docker
# enter, then disconnect with Ctrl-a d
screen -S docker -p 0 -X stuff $(printf root\\r\\n)
screen -r docker

trentmswanson

#!/bin/bash

# An set of disks to ignore from partitioning and formatting
BLACKLIST="/dev/sda|/dev/sdb"
# Base directory to hold the data* files
DATA_BASE="/media"

usage() {
    echo "Usage: $(basename $0) <new disk>"
}

mapmeld

OverEncrypt

This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.

WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.

I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.

The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone

johnandersen777

.terraform/
*.pem
*.tf
*.tfstate
*.yaml
*.backup
istio-*/
cert-manager-*/
*.swp
env

irvingpop

# ssh key generator data source expects the below 3 inputs, and produces 3 outputs for use:
#  "${data.external.ssh_key_generator.result.public_key}" (contents)
#  "${data.external.ssh_key_generator.result.private_key}" (contents)
#  "${data.external.ssh_key_generator.result.private_key_file}" (path)
data "external" "ssh_key_generator" {
  program = ["bash", "${path.root}/../ssh_key_generator.sh"]

  query = {
    customer_name = "${var.customer_name}"
    customer_group = "${var.customer_group}"

twolfson

I'm learning about SOPS and setting it up as my preferred mechanism for storing secrets. Here are my notes.

PGP

It’s security mechanism is that we (i.e. client) use a PUBLIC key from the receiver (i.e. server) and encode it with a random key (I’m saying nonce but it could be reused)

This varies from RSA and SSH because the server uses a PUBLIC key to identify the client.

Web of trust

Web of trust operates by still using PGP (i.e. encoding with recipient’s public key) but additionally, we can encrypt/sign the data as our own by signing it with the client’s private key.

This means the recipient will initially decrypt via our (i.e. client’s) public key (verifying the source) and then decrypting via their (i.e. server’s) private key to get the data.

jfriv

#!/bin/bash

# set up some variables

NOW_DATE=$(date '+%Y-%m-%d-%H-%M')
RESTORE_FROM_INSTANCE_ID=<source name>
TARGET_INSTANCE_ID=<target name>
TARGET_INSTANCE_CLASS=db.m4.large
VPC_ID=<vpc subnet id>
NEW_MASTER_PASS=<root password>

kekru

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

• CA certificate
• Server certificate
• Server key
• Client certificate
• Client key

Create certificate files