Federico Voges fvoges

Sr Consultant @ dae.mn Former Sr Implementation Services Engineer @hashicorp. Former Principal PSE @puppetlabs. Tinkerer/maker in my free time

34 followers · 31 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

fvoges / setup_snapshots.sh

Last active November 25, 2022 14:22

S3 Vault Snapshots IAM policy

	#!/bin/bash

	export S3_ACCESS_KEY="REDACTED"
	export S3_SECRET_KEY="READCTED"
	export S3_BUCKET="vault-snapshots"
	export S3_ENDPOINT="https://s3.eu-west-1.wasabisys.com"
	export S3_REGION="eu-west-1"

	vault write sys/storage/raft/snapshot-auto/config/daily \
	interval="24h" \

fvoges / haproxy.cfg

Created November 22, 2022 14:15

Example HAProxy configuration for HashiCorp Vault

	frontend vault_api_vip
	bind *:8200
	mode tcp
	default_backend vault_api_pool
	option tcplog

	backend vault_api_pool
	mode tcp
	balance roundrobin
	option httpchk HEAD /v1/sys/health

fvoges / database-secrets-admin.hcl

Last active August 4, 2022 17:02

Vault Database Secrets Engine Admin ACL Policy

	# List DB Connections (update is technically not needed, but the UI will complain if missing)
	path "database/config" {
	capabilities = [ "list", "update" ]
	}

	# Manage DB connections
	path "database/config/*" {
	capabilities = [ "create", "delete", "read", "update" ]
	}

fvoges / rpi-led-notes.md

Created July 22, 2022 14:20 — forked from taktran/rpi-led-notes.md

Controlling Raspberry Pi 2 LEDs

Commands for controlling the Raspberry Pi 2 LEDs.

See rpi-leds for a node module that does this.

Power (PWR) LED

OK (ACT) LED = led0
Power (PWR) LED = led1

Allow access

fvoges / app_namespace.tf

Last active July 13, 2022 11:32

Vault application namespace example

	locals {
	app_ns = "app1"
	member_group_ids = []
	}

	resource "vault_namespace" "default" {
	path = local.app_ns
	}

	provider "vault" {

fvoges / README.md

Created March 30, 2022 08:09

How to download Terraform providers for off-line use

Terraform providers for off-line use

VERSION="3.4.0"
OS="linux"
ARCH="amd64"

# Provider URL https://releases.hashicorp.com/terraform-provider-vault/$VERSION/terraform-provider-vault_$VERSION_$OS_$ARCH.zip

# if you extract the zip file:

fvoges / Vault ansible playbook

Created March 28, 2022 12:46

Vault Ansible playbook

	---
	# common values in inventory/group_vars/all.yaml
	- hosts: vault_do
	become: true
	roles:
	- role: ansible-role-vault
	vars:
	vault_ansible_group: 'vault_do'
	vault_tls_leader_servername: 'vault.local'
	vault_cluster_name: vault-primary

fvoges / vault_admin_policy.hcl

Created November 29, 2021 16:15

Vault Admin Policy

	# Read system health check
	path "acme/*" {
	capabilities = ["create", "read", "update", "delete", "list"]
	}

	# Read system health check
	path "sys/health" {
	capabilities = ["read", "sudo"]
	}

fvoges / retrieve_puppet_ca_cert.sh

Last active November 13, 2021 13:43

Retrieve Puppet CA cert and install it locally

	#!/bin/bash

	MASTER="$(puppet config print server)"
	CA_DIR="/usr/local/share/ca-certificates"

	curl -kv "https://$MASTER:8140/puppet-ca/v1/certificate/ca?environment=production&fail_on_404=true"\|tee $CA_DIR/$MASTER.crt
	openssl x509 -in $CA_DIR/$MASTER.crt -noout -subject -startdate -enddate
	cp $CA_DIR/$MASTER.crt /etc/puppetlabs/puppet/ssl/certs/ca.pem
	update-ca-certificates

fvoges / README.md

Last active March 12, 2022 09:05

Docker clean up

How to clean up Docker files

Sauce: https://linuxhint.com/cleanup-docker/

#!/bin/bash
docker ps -a -f status=exited -q | xargs -r docker rm
docker image prune -f
docker volume ls -f dangling=true -q | xargs -r docker volume rm

Newer Older