Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Mohan Balasundaram tuxfight3r

🏠
Working from home
View GitHub Profile
@tuxfight3r
tuxfight3r / nginx.conf
Created Aug 19, 2020 — forked from nrollr/nginx.conf
NGINX config for SSL with Let's Encrypt certs
View nginx.conf
# UPDATED 17 February 2019
# Redirect all HTTP traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name www.domain.com domain.com;
return 301 https://$host$request_uri;
}
# SSL configuration
View gist:9056eb0862fdf2e8b8755b3c6ce40af1
curl -s -X GET http://localhost:8080/pdb/query/v4/facts --data-urlencode query@test --data-urlencode 'pretty=true'
curl -X POST http://localhost:8080/pdb/query/v4/facts \
-H 'Content-Type:application/json' \
-d '{"query":["and",["=","certname","FQDN"],["=","name","ipaddress"]]}'
content of file test :
["and",["=","certname","FQDN"],["or",["=","name","ipaddress"]]]
@tuxfight3r
tuxfight3r / mfa.md
Created Jul 15, 2020 — forked from res0nat0r/mfa.md
Enable MFA for s3 bucket
View mfa.md
aws s3api put-bucket-versioning \
	--bucket bucket \
	--versioning-configuration '{"MFADelete":"Enabled","Status":"Enabled"}' \
	--mfa 'arn:aws:iam::aws_account_id:mfa/root-account-mfa-device passcode'
aws s3api get-bucket-versioning --bucket bucket
@tuxfight3r
tuxfight3r / aws_import.sh
Created Jun 29, 2020 — forked from radiofrequency/aws_import.sh
Import lets encrypt cert to aws certificate manager in renew hook
View aws_import.sh
#place in /etc/letsencrypt/renewal-hooks/post
export AWS_ACCESS_KEY_ID=XXX
export AWS_SECRET_ACCESS_KEY=XXX
#certs must be in us-east-1 to use with cloudfront
export AWS_DEFAULT_REGION=us-east-1
#run without --certificate-arn first time then specify arn for updates
aws acm import-certificate --certificate file:///etc/letsencrypt/live/site.com/cert.pem --private-key file:///etc/letsencrypt/live/site.com/privkey.pem --certificate-chain file:///etc/letsencrypt/live/site.com/chain.pem --certificate-arn specifyarnforupdate
View decrypt_saml_response.py
#!/usr/bin/env python
# Prereq: PyCrypto
# Validation: https://www.samltool.com/decrypt.php
# Usage: ./decrypt_saml_response.py --key PRIVATE_KEY --pretty-print RESPONSE_XML
import sys
import optparse
import base64
@tuxfight3r
tuxfight3r / socat-forward-tcp.sh
Created Apr 18, 2019 — forked from drmalex07/socat-forward-tcp4-to-tcp6.sh
Tunnel TCP traffic via socat. #socat
View socat-forward-tcp.sh
#!/bin/bash
PUBLIC_IP4_IFACE=eth2
LISTEN_IFACE=${PUBLIC_IP4_IFACE}
listen_address=$(ip -f inet addr show dev ${LISTEN_IFACE} | grep -Po 'inet \K[\d.]+')
listen_port=${1}
target_host=${2}
target_port=${3}
View format.json.bookmarklet.js
javascript:!function(){var n,e,r,i;n=window,e=document.body,r=JSON.parse,i=JSON.stringify,n.isf||(e.innerHTML="<pre>"+i(r(e.innerText),null,4).replace(/\"(.*)[^\:]\:/g,'<span style="color:#9C3636">$1&colon;</span>')+"</pre>",n.isf=!0)}();
//usage:
//save as bookmark and click it whenever you open a json response in a browser tab/window
@tuxfight3r
tuxfight3r / spinnaker.tf
Created May 17, 2019 — forked from hareku/spinnaker.tf
Spinnaker + AWS Terraform
View spinnaker.tf
#####################################
# Namespace: Spinnaker
#####################################
resource "kubernetes_namespace" "spinnaker" {
metadata {
name = "spinnaker"
}
}
#####################################
View openshift-cheatsheet.md

My Openshift Cheatsheet

Examine the cluster quota defined for the environment:

$ oc describe AppliedClusterResourceQuota

Install pkgs using yum in a Dockerfile

@tuxfight3r
tuxfight3r / README-oneshot-systemd-service.md
Created Apr 18, 2019 — forked from drmalex07/README-oneshot-systemd-service.md
An example with an oneshot service on systemd. #systemd #systemd.service #oneshot
View README-oneshot-systemd-service.md

README

Services declared as oneshot are expected to take some action and exit immediatelly (thus, they are not really services, no running processes remain). A common pattern for these type of service is to be defined by a setup and a teardown action.

Let's create a example foo service that when started creates a file, and when stopped it deletes it.

Define setup/teardown actions

Create executable file /opt/foo/setup-foo.sh:

You can’t perform that action at this time.