Skip to content

Instantly share code, notes, and snippets.

View ycyr's full-sized avatar

ycyr

1 follower · 0 following
  • Montreal
View GitHub Profile
@ycyr
ycyr / README.md
Created February 11, 2022 21:23 — forked from danielperna84/README.md
Unseal HashiCorp Vault using systemd

Automatically unseal HashiCorp Vault via systemd

WARNING!

Automatically unsealing Vault drastically reduces the security of the stored secrets. That being said, there might be scenarios, in which this simple approach could be useful / sufficient.

How it works / installation

This requires Vault to be started by a systemd-unit named vault.service, which typically is the case when installing from a distribution package. The script vault-unseal.sh should be placed in /root and secured with 700 permissions.

@ycyr
ycyr / sone.conf
Last active January 12, 2022 13:45 — forked from tuckner/sone.conf
SentinelOne Cloudfunnel Logstash Input
input {
kafka {
bootstrap_servers => "" #configurable
group_id => "" #configurable
auto_offset_reset => "" #configurable
security_protocol => "SASL_SSL"
sasl_mechanism => "SCRAM-SHA-512"
sasl_jaas_config => "org.apache.kafka.common.security.scram.ScramLoginModule required username='' password='';"
ssl_endpoint_identification_algorithm => ""
topics => [""] #configurable
@ycyr
ycyr / README.md
Created July 13, 2021 13:08 — forked from akihikodaki/README.en.md
Linux Desktop on Apple Silicon/M1 in Practice

Linux Desktop on Apple Silicon/M1 in Practice

I bought M1 MacBook Air. It is the fastest computer I have, and I have been a GNOME/GNU/Linux user for long time. It is obvious conclusion that I need practical Linux desktop environment on Apple Silicon/M1.

Fortunately, Linux already works on Apple Silicon/M1. But how practical is it?

@ycyr
ycyr / create_user_and_kubeconfig_rancher2.sh
Created November 14, 2019 22:18 — forked from superseb/create_user_and_kubeconfig_rancher2.sh
Create local user and generate kubeconfig in Rancher 2 via API
#!/bin/bash
RANCHERENDPOINT=https://your_rancher_endpoint/v3
# The name of the cluster where the user needs to be added
CLUSTERNAME=your_cluster_name
# Username, password and realname of the user
USERNAME=username
PASSWORD=password
REALNAME=myrealname
# Role of the user
GLOBALROLE=user
@ycyr
ycyr / grafana-dashboard-exporter
Created April 9, 2019 19:04 — forked from crisidev/grafana-dashboard-exporter
Command to export all grafana 2 dashboard to JSON using curl
KEY=XXXXXXXXXXXX
HOST="https://metrics.crisidev.org"
mkdir -p dashboards && for dash in $(curl -k -H "Authorization: Bearer $KEY" $HOST/api/search\?query\=\& |tr ']' '\n' |cut -d "," -f 5 |grep slug |cut -d\" -f 4); do
curl -k -H "Authorization: Bearer $KEY" $HOST/api/dashboards/db/$dash > dashboards/$dash.json
done
@ycyr
ycyr / kafka-cheat-sheet.md
Created September 12, 2018 13:16 — forked from sahilsk/kafka-cheat-sheet.md
Apache Kafka Cheat Sheet

Kafka Cheat Sheet

Display Topic Information

$ kafka-topics.sh --describe --zookeeper localhost:2181 --topic beacon
Topic:beacon	PartitionCount:6	ReplicationFactor:1	Configs:
	Topic: beacon	Partition: 0	Leader: 1	Replicas: 1	Isr: 1
	Topic: beacon	Partition: 1	Leader: 1	Replicas: 1	Isr: 1
@ycyr
ycyr / nginx.conf
Created October 18, 2016 02:45 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@ycyr
ycyr / pkitest.sh
Created July 15, 2016 05:41 — forked from jefferai/pkitest.sh
PKI test script
#!/bin/bash
vault mount -path=rootpki pki
vault mount-tune -max-lease-ttl="175200h" rootpki
vault write rootpki/root/generate/exported common_name=example.com ttl="175200h"
vault write rootpki/root/generate/internal common_name=example.com ttl="175200h"
vault write rootpki/intermediate/generate/exported common_name=example.com ttl="175200h"
vault write rootpki/intermediate/generate/internal common_name=example.com ttl="175200h"
vault mount -path=intermediatepki pki
vault mount-tune -max-lease-ttl="8760h" intermediatepki