Skip to content

Instantly share code, notes, and snippets.

View avoidik's full-sized avatar

Viacheslav Vasilyev avoidik

22 followers · 4 following
View GitHub Profile
@avoidik
avoidik / README.md
Created April 26, 2022 10:44
Basic Nginx reverse proxy for NodeJS application

How to configure

Steps

Install dependencies

sudo apt-get update -y -q
sudo apt-get install -y -q nginx certbot python3-certbot-nginx
sudo apt-get install -y -q nodejs npm
@avoidik
avoidik / vault-agent-pki.md
Created April 14, 2022 14:34 — forked from kawsark/vault-agent-pki
Vault Agent with PKI certificate rendering

Configure variables

These variables will be used for this snippet. Please substitute accordingly.

export RootCAName="root_ca"
export InterCAName="inter_ca"
export CommonName="hashidemos.io"
export InterCommonName="inter.hashidemos.io"
export Root_CA_ttl="730h"
export Inter_CA_ttl="350h"
export Cert_ttl="8h"
@avoidik
avoidik / README.md
Last active January 31, 2025 16:40
Plain simple alternative to Docker Desktop

Multipass

It works both with VirtualBox and Hyper-V on Windows, it also support MacOS including M1

Install

Configure virtualization driver

If you want VirtualBox (works on Linux, Windows, and MacOS)

@avoidik
avoidik / README.md
Last active January 30, 2022 19:05
systemd service with dynamic user 
cat > /etc/default/step-ca <<'EOF'
STEPPATH="/etc/step-ca"
PASSWORD_FILE="/etc/step-ca/passwd"
CONFIG_FILE="/etc/step-ca/config/ca.json"
STEP_CA_TOKEN="..."
EOF

cat > /etc/systemd/system/step-ca.service <<'EOF'
[Unit]
@avoidik
avoidik / README.md
Last active March 24, 2022 07:24
Host plain simple Docker Registry on Raspberry Pi with MinIO storage backend

Host plain simple Docker Registry on Raspberry Pi with MinIO storage backend

Install golang

curl -fsSLO https://go.dev/dl/go1.17.8.linux-armv6l.tar.gz
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.17.8.linux-armv6l.tar.gz
rm -f go1.17.8.linux-armv6l.tar.gz
cat <<'EOF' | tee -a ~/.profile > /dev/null
@avoidik
avoidik / README.md
Created January 4, 2022 14:05
Mikrotik, add rules over API

Prerequisites:

  • Mikrotik API is enabled (IP > Services > API, enabled on port 8728 and/or 8729)
  • Mikrotik API ports are allowed (IP > Firewall > Filter Rules, input chain has both TCP ports allowed)
  • Mikrotik management interface IP address is reachable
  • Linux (VM or real hardware)

Steps

@avoidik
avoidik / cloudtrail-template-elasticsearch.json
Created December 27, 2021 07:33 — forked from kesor/cloudtrail-template-elasticsearch.json
An ElasticSearch Index template for CloudTrail events
PUT _template/cloudtrail
{
"index_patterns": ["cloudtrail-*"],
"settings": {
"number_of_shards": 1,
"mapping": {
"total_fields": {
"limit": 10000
}
}
@avoidik
avoidik / policy.sentinel
Created December 9, 2021 15:46
Vault Sentinel sample policy
import "sockaddr"
import "strings"
#
# allow update secrets under secret/ path only to clients coming from 10.0.0.0/8 CIDR range
#
precond = rule {
request.operation in ["update"] and
strings.has_prefix(request.path, "secret/")
@avoidik
avoidik / .conkyrc
Last active November 19, 2022 20:58
conky configuration
conky.config = {
alignment = 'top_right',
background = false,
border_width = 1,
cpu_avg_samples = 2,
default_color = 'white',
default_outline_color = 'white',
default_shade_color = 'white',
draw_borders = false,
draw_graph_borders = true,
@avoidik
avoidik / README.md
Last active November 27, 2021 17:07
Linkerd with Ambassador as gateway

Prepare two K8s clusters

Context east

Create cluster on GCP

$ gcloud container clusters create multi-cluster-demo --preemptible