Skip to content

Instantly share code, notes, and snippets.

View waja's full-sized avatar
🔊
#yoloOps #itscomplicated

waja

🔊
#yoloOps #itscomplicated
37 followers · 1 following
View GitHub Profile
@waja
waja / traefik_export_certs.sh
Last active November 22, 2023 14:11
Export key and cert from traefiks acme.json
#!/bin/bash
SAN="${1}"
ACME_FILE="${2}"
TMP_DIR="$(mktemp -d /tmp/XXXXXXX)"
trap 'rm -rf -- "${TMP_DIR}"' EXIT
if [ ! -f "${ACME_FILE}" ] || [ -z "${ACME_FILE}" ] ; then
echo "error: acme file (${ACME_FILE}) missing"
exit
@waja
waja / frr-migration.sh
Last active March 9, 2023 21:23
migrate quagga over to frr
# cp /usr/share/doc/quagga-core/examples/ospfd.conf.sample /etc/quagga/ospfd.conf && cp /usr/share/doc/quagga-core/examples/zebra.conf.sample /etc/quagga/zebra.conf && cp /usr/share/doc/quagga-core/examples/vtysh.conf.sample /etc/quagga/vtysh.conf
QUAGGA_USRGRP="frr:frr"
RELEASE="$(lsb_release -c -s)"
SERVICES=$(grep quagga /lib/systemd/system/*.service | cut -f1 -d: | uniq);
[ ! -f "/etc/apt/sources.list.d/${RELEASE}-backports-cyconet.list" ] && \
printf "deb http://ftp.cyconet.org/debian ${RELEASE}-backports main non-free contrib\ndeb-src http://ftp.cyconet.org/debian ${RELEASE}-backports main non-free contrib\n" > /etc/apt/sources.list.d/${RELEASE}-backports-cyconet.list; \
apt update && \
apt-get install -t ${RELEASE}-backports -y frr; \
[ -f /etc/frr/frr.conf ] && mv /etc/frr/frr.conf /etc/frr/frr.conf.orig; \
for SERVICE in $SERVICES; do
@waja
waja / xen_vm_sync
Created July 11, 2022 09:07
Migrate your system from one Xen dom0 LVM device to another dom0, you need https://github.com/waja/backuppc-helper for this.
#!/bin/sh
host=$1; shift;
vmHost=$1; shift;
# How many Pings send to check the Default Gateway
PINGCOUNT="5"
# When should check_icmp gets faulty, see check_icmp --help
FAULT="5000,100%"
# Timeout for ping checks
TIMEOUT="30"
@waja
waja / check_smart.conf
Last active February 21, 2022 04:42
example check_smart configuration for a icinga2
object CheckCommand "check-smart" {
import "plugin-check-command"
command = [ "/usr/lib/monitoring-plugins" + "/check_smart" ]
arguments = {
"--device" = {
value = "$smart_device$"
set_if = {{ macro("$smart_device_is_glob$") == false }}
description = "A physical block device to be SMART monitored, eg /dev/sda. Pseudo-device /dev/bus/N is allowed."
@waja
waja / .gitlab-ci.yml
Last active November 17, 2023 16:10
Ansible molecule Gitlab CI
# See https://gitlab.com/richardskumat/ansible-role-client-debian-role/-/blob/master/.gitlab-ci.yml
image: qwe1/dind-ansible-molecule:latest
variables:
# DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
# https://gitlab.com/gitlab-org/gitlab-ce/issues/64959
# 19.03 had some breaking changes compared to 18.09
DOCKER_TLS_CERTDIR: ""
services:
@waja
waja / .env
Last active February 26, 2021 19:38
Bitwarden server API implementation written in Rust running via docker compose Traefik as proxy in front
# tr -dc A-Za-z0-9 </dev/urandom | head -c 12 ; echo ''
TRAEFIK_HASH=H6UNStXJUAX5
TRAEFIK_PROJECT=bitwarden
TRAEFIK_SERVICE_01=bitwarden
@waja
waja / deploy_socat_ipv6_ipv4_proxy.sh
Last active February 14, 2021 18:46
Deploy a IPv6 to IPv4 port forward, might be handy in docker environments
#!/bin/bash
if [ $(ip -6 route | grep -c ^default) -eq 0 ]; then exit; fi
apt install socat || exit
cat > /etc/systemd/system/socat\@.service <<EOF
[Unit]
Description=ipv6 to ipv4 port forwarding
After=network.target
[Service]
@waja
waja / README.md
Last active December 15, 2021 10:56
Migration from Debian Buster to Bullseye
@waja
waja / fix_recommends.sh
Created November 3, 2020 10:44
fix recommends
if [ -f /etc/apt/apt.conf.d/00InstallRecommends ]; then
# remove any existing value from file
sed -i '/^APT::Install-Recommends/d' /etc/apt/apt.conf.d/00InstallRecommends;
sed -i '/^Aptitude::Recommends-Important/d' /etc/apt/apt.conf.d/00InstallRecommends;
# set the value
echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf.d/00InstallRecommends && \
echo 'Aptitude::Recommends-Important "False";' >> /etc/apt/apt.conf.d/00InstallRecommends && \
echo "* Disabled automatical installation of recommended packages"
else
# set the value (and create a new file)
@waja
waja / fix_cert_addtrust_external_expiration_apache.sh
Last active June 3, 2020 16:33
Fixing the Breakage from the AddTrust External CA Root Expiration for Apache (https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration)
#!/bin/bash
# wget https://gist.githubusercontent.com/waja/cb6c427543b9dbea4c775ccfb1f308ab/raw/fix_cert_addtrust_external_expiration_apache.sh -O /tmp/a && bash /tmp/a && apache2ctl -t && service apache2 reload
TMPFILE=$(mktemp)
trap "{ rm -rf ${TMPFILE}; }" EXIT
for CERT in $(grep -P "^( |\t)*SSLCertificateFile" /etc/apache2/sites-enabled/* | awk '{print $3}'); do
if [ \( "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7 | sed 's/^ *//g')" == "Sectigo RSA Domain Validation Secure Server CA" -o "$(openssl x509 -in ${CERT} -issuer | head -1 | cut -d"=" -f7 | sed 's/^ *//g')" == "COMODO RSA Domain Validation Secure Server CA" \) -a ! -L ${CERT} ]; then
echo "${CERT}:"
openssl crl2pkcs7 -nocrl -certfile ${CERT} | openssl pkcs7 -print_certs > ${TMPFILE}
for CA in 'COMODO RSA Certification Authority' 'USERTrust RSA Certification Authority' 'AddTrust External CA Root'; do
sed -i "/^subject.*${CA}/q" ${TMPFILE}