troyfontaine

Resize root partition (or how to remove the default /home partition) on CentOS 7 online

This process requires that you are able to ssh OR log in locally using the root user account and that no services be running as users out of /home on the target machine.

The examples are from a default installation with no customization-you NEED to know what you're working with for volumes/partitions to not horribly break things.

By default, CentOS 7 uses XFS for the file system and Logical Volume Manager (LVM), creating 3 partitions: /,/home and swap.

NOTE: If you want to be sure that nothing is writing to /home you can either modify the host to boot into single-user mode OR try to use the systemctl isolate runlevel1.target command to switch (not tested! should work).

troyfontaine

List of OS Families used by ansible_os_family

"Container Linux by CoreOS" = Container Linux "Debian" = Debian, Raspbian, Ubuntu

Get facts about a host

ansible myserver -m setup | less

troyfontaine

How to setup SFTP Logging on Ubuntu 14.04 for a Chrooted User

Prerequisites: Using internal-sftp for sftp; rsyslog for logging

Step 1. Set up your chrooted directories

sudo mkdir /sftp/myshare
sudo mkdir /sftp/myothershare

Step 2. Create your groups for your chrooted users

troyfontaine

Ephemeral Ports are your bane

TFTP is said to "only use UDP 69" but this is completely and totally inaccurate.

TFTP starts communications on UDP 69, then moves the conversation to ephemeral ports between the two systems-and depending on the systems involved, they can change during the boot process.

Note, this doesn't seem to work across VLANs....

So, where do you start?

Step 1) You need UDP 67, 69, 4011, 1024:5000 from your PXE booting machine to the PXE Server. This is because the PXE bootloader appears to use that range specifically.

troyfontaine

Methods of Signing Git Commits on MacOS

Last updated March 13, 2024

This Gist explains how to sign commits using gpg in a step-by-step fashion. Previously, krypt.co was heavily mentioned, but I've only recently learned they were acquired by Akamai and no longer update their previous free products. Those mentions have been removed.

Additionally, 1Password now supports signing Git commits with SSH keys and makes it pretty easy-plus you can easily configure Git Tower to use it for both signing and ssh.

For using a GUI-based GIT tool such as Tower or Github Desktop, follow the steps here for signing your commits with GPG.

troyfontaine

How to add an image to a gist

1. Create a gist if you haven't already.
2. Clone your gist:

   # make sure to replace `<hash>` with your gist's hash
   git clone https://gist.github.com/<hash>.git # with https
   git clone git@gist.github.com:<hash>.git     # or with ssh

troyfontaine

    # Sampling of security headers
    http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    http-response set-header X-Frame-Options SAMEORIGIN
    http-response set-header X-XSS-Protection "1; mode=block"
    http-response set-header Referrer-Policy no-referrer-when-downgrade

troyfontaine

Cloudflare

DNSSEC with Route 53

"257-KSK" as a "Flag" and "13 - ECDSA Curve P-256 with SHA-256" as an algorithm.

AWS ELBs

troyfontaine

Ubiquiti USG Advanced Configuration

Overview

Integrated DNS Overview

When using a USG with Ubiquiti's Unifi Controller software (version 5.6 and earlier), the functionality of integrating the hostnames of clients (when they request a DHCP lease) into local DNS does not appear to work as you would find with Consumer grade routers. To work around this limitation, we can add static host mappings to a configuration file that will be provisioned to the USG when either a configuration change is made or we force provisioning to the USG itself.

Non-GUI Supported Dynamic DNS Providers

I've added in the necessary syntax for adding Cloudflare DDNS to the USG for VPN/Services setup courtesy of this post by britannic on the Ubiquiti Forums.

Configuration File

troyfontaine

How to Manually Generate a Certificate using ACMESharp and CloudFlare DNS Integration

Install ACMESharp as per here.

Follow the installation steps from the getting started guide before using the instructions below.

Install Cloudflare Module

Run the following command to install the module:

Install-Module ACMESharp.Providers.CloudFlare