Skip to content

Instantly share code, notes, and snippets.

Avatar

Carl Tashian tashian

View GitHub Profile
@tashian
tashian / Dockerfile.mongo.step_ca_bootstrap
Created Oct 5, 2021
A MongoDB Dockerfile that bootstraps with a step-ca Certificate Authority for root CA trust, using the step command
View Dockerfile.mongo.step_ca_bootstrap
FROM smallstep/step-cli as step
FROM mongo
COPY --from=step /usr/local/bin/step /usr/local/bin/
ARG CA_URL
ARG CA_FINGERPRINT
ENV CA_URL=${CA_URL} CA_FINGERPRINT=${CA_FINGERPRINT}
RUN step ca bootstrap --ca-url $CA_URL --fingerprint $CA_FINGERPRINT --install
@tashian
tashian / Dockerfile.mongo.ca_bootstrap
Last active Oct 5, 2021
A MongoDB Dockerfile that bootstraps with a step-ca Certificate Authority for root CA trust
View Dockerfile.mongo.ca_bootstrap
FROM mongo
ARG CA_URL
ARG CA_FINGERPRINT
ENV CA_URL=${CA_URL} CA_FINGERPRINT=${CA_FINGERPRINT}
RUN apt update; \
apt install -y --no-install-recommends \
curl \
jq \
openssl \
; \
@tashian
tashian / prometheus.yml
Last active May 4, 2021
Prometheus configuration file with TLS support
View prometheus.yml
# my global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'prometheus'
# metrics_path defaults to '/metrics'
@tashian
tashian / aws-build-script.sh
Created Apr 21, 2021
Build step-ca on an AWS VM
View aws-build-script.sh
#!/bin/bash
### Basic build environment #######
apt update
apt install -y make gcc ack libpcsclite-dev pkg-config unzip debhelper
apt upgrade -y
cd /root
## Install golang
@tashian
tashian / step-ca-launch.sh
Created Apr 21, 2021
Install & launch step-ca on a variety of Linux distros
View step-ca-launch.sh
#!/bin/bash
CA_NAME="Tiny"
ROOT_KEY_PASSWORD="smallsteplabs"
EMAIL="carl@smallstep.com"
AWS_ACCOUNT_ID="123123"
if [ -f /etc/os-release ]; then
# freedesktop.org and systemd
. /etc/os-release
@tashian
tashian / loki.yml
Last active May 4, 2021
Loki configuration for my homelab
View loki.yml
# Loki config based on
# https://github.com/grafana/loki/blob/master/cmd/loki/loki-local-config.yaml
# The only thing I've changed is the server: block.
auth_enabled: false
server:
http_listen_address: 127.0.0.1
http_listen_port: 3100
grpc_listen_address: 127.0.0.1
@tashian
tashian / step-ca.json
Created Jan 26, 2021
Keycloak Client Settings for step-ca
View step-ca.json
{
"clientId": "step-ca",
"rootUrl": "http://127.0.0.1:10000",
"adminUrl": "http://127.0.0.1:10000",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"http://127.0.0.1:10000/*"
View init_aws_ssh_host.sh
#!/bin/bash
#
# This script will get an SSH host certificate from our CA and add a weekly
# cron job to rotate the host certificate. It should be run as root.
#
# See https://smallstep.com/blog/diy-single-sign-on-for-ssh/ for full instructions
CA_URL="[Your CA's URL]"
# Obtain your CA fingerprint by running this on your CA:
View init_aws_ca.sh
#!/bin/bash
#
# This script will launch and configure a step-ca SSH Certificate Authority
# with OIDC and AWS provisioners
#
# See https://smallstep.com/blog/diy-single-sign-on-for-ssh/ for full instructions
OIDC_CLIENT_ID="[OAuth client ID]" # from Google
OIDC_CLIENT_SECRET="[OAuth client secret]" # from Google
ALLOWED_DOMAIN="[the domain name of accounts your users will use to sign to Google]"
@tashian
tashian / badsort.py
Last active Jul 1, 2018
Bad algorithms #1: bad sort!
View badsort.py
import random
def badsort(l):
done = False
loops = 0
while not done:
loops += 1
random.shuffle(l)
done = True
for i in range(len(l)-1):