tashian

#!/bin/bash
#
# This script will launch and configure a step-ca SSH Certificate Authority
# with OIDC and AWS provisioners
#
# See https://smallstep.com/blog/diy-single-sign-on-for-ssh/ for full instructions

OIDC_CLIENT_ID="[OAuth client ID]" # from Google
OIDC_CLIENT_SECRET="[OAuth client secret]" # from Google
ALLOWED_DOMAIN="[the domain name of accounts your users will use to sign to Google]"

tashian

#!/bin/bash
#
# This script will get an SSH host certificate from our CA and add a weekly
# cron job to rotate the host certificate. It should be run as root.
# 
# See https://smallstep.com/blog/diy-single-sign-on-for-ssh/ for full instructions

CA_URL="[Your CA URL]"

# Obtain your CA fingerprint by running this on your CA:

tashian

#!/bin/bash

CA_NAME="Tiny"
ROOT_KEY_PASSWORD="smallsteplabs"
EMAIL="carl@smallstep.com"
AWS_ACCOUNT_ID="123123"

if [ -f /etc/os-release ]; then
    # freedesktop.org and systemd
    . /etc/os-release

tashian

{
    "clientId": "step-ca",
    "rootUrl": "http://127.0.0.1:10000",
    "adminUrl": "http://127.0.0.1:10000",
    "surrogateAuthRequired": false,
    "enabled": true,
    "alwaysDisplayInConsole": false,
    "clientAuthenticatorType": "client-secret",
    "redirectUris": [
        "http://127.0.0.1:10000/*"

tashian

FROM mongo
ARG CA_URL
ARG CA_FINGERPRINT
ENV CA_URL=${CA_URL} CA_FINGERPRINT=${CA_FINGERPRINT}
RUN apt update; \
    apt install -y --no-install-recommends \
        curl \
        jq \
        openssl \
    ; \

tashian

FROM smallstep/step-cli as step
FROM mongo
COPY --from=step /usr/local/bin/step /usr/local/bin/
ARG CA_URL
ARG CA_FINGERPRINT
ENV CA_URL=${CA_URL} CA_FINGERPRINT=${CA_FINGERPRINT}
RUN step ca bootstrap --ca-url $CA_URL --fingerprint $CA_FINGERPRINT --install

tashian

# Loki config based on
# https://github.com/grafana/loki/blob/master/cmd/loki/loki-local-config.yaml
# The only thing I've changed is the server: block.

auth_enabled: false

server:
  http_listen_address: 127.0.0.1
  http_listen_port: 3100
  grpc_listen_address: 127.0.0.1

tashian

# my global config
global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'
    # metrics_path defaults to '/metrics'

tashian

#!/bin/bash
### Basic build environment #######

apt update
apt install -y make gcc ack libpcsclite-dev pkg-config unzip debhelper
apt upgrade -y

cd /root

## Install golang

tashian

This is the script we use at yerdle to print labels from our Rails backend to our Zebra ZP450 printer.

See this blog post for the whole story.