jwieringa

• Generate a private key and a CSR(Certificate Signing Request )
• Generate a CSR from an Existing Private Key
• Generate a CSR from an Existing Certificate and Private Key
• Generating SSL Certificates
  • Generate a Self-Signed Certificate
  • Generate a Self-Signed Certificate from an Existing Private Key
  • Generate a Self-Signed Certificate from an Existing Private Key and CSR
  • View Certificates
  • View CSR Entries

• View Certificate Entries

jwieringa

[Unit]
Description=AutoSSH service to remotely access signald's unix socket for weechat's signal.py (/smsg +145789323231)
After=network-online.target
# Use this instead if autossh will interact with the local SSH server
# After=network-online.target sshd.service

[Service]
Environment="AUTOSSH_GATETIME=30"
Environment="AUTOSSH_POLL=30"
Environment="AUTOSSH_FIRST_POLL=30"

jwieringa

Add the following chunk to your existing ISC dhcpd.conf file.

if exists user-class and ( option user-class = "iPXE" ) {
    filename "http://boot.smidsrod.lan/boot.ipxe";
}
else {
    filename "undionly.kpxe";
}

(or see https://gist.github.com/4008017 for a more elaborate setup

jwieringa

#!/bin/bash

make_ipxe() {
    pushd "$HOME/src/forked/ipxe/src" >/dev/null &&
    make CONFIG=chain bin/undionly.kpxe bin/ipxe.lkrn bin/ipxe.pxe bin/ipxe.usb &&
    sudo install -v -m 0644 -g root -o root bin/undionly.kpxe /srv/salt/tftpd/files/undionly.kpxe &&
    sudo install -v -m 0644 -g root -o root bin/ipxe.lkrn     /srv/salt/tftpd/files/ipxe.lkrn &&
    sudo install -v -m 0644 -g root -o root bin/ipxe.pxe      /srv/salt/tftpd/files/ipxe.pxe &&
    sudo salt-call -l quiet state.single file.recurse name=/srv/tftp source=salt://tftpd/files dir_mode=755 file_mode=644 &&
    popd >/dev/null

jwieringa

# boot-url points to an nfs URL
# sanboot-url points to an http URL
# ubuntu-version contains 18.04.3
# ubuntu-release contains bionic

:ubuntu
echo Booting Ubuntu from iSCSI for ${initiator-iqn}
set root-path ${base-iscsi}:${hostname}.boot.ubuntu
sanboot ${root-path} || goto failed
goto start

jwieringa

default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'

jwieringa

Freezer cgroup FTW

In a terminal start a server.

$ python -m SimpleHTTPServer 8000

In another terminal set up the cgroups freezer.

jwieringa

Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.

This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.

There is a companion feature matrix of various tools. Comments are welcome in the same manner.

jwieringa

package main

import (
	"fmt"
	"io"
	"os"
)

var path = "/Users/novalagung/Documents/temp/test.txt"

jwieringa

{
  "ignition": { "version": "2.0.0" },
  "systemd": {
    "units": [
      {
        "name": "auto-update-kmods.service",
        "enable": true,
        "contents": "[Unit]\nDescription=Install custom kernel modules\nAfter=lib-modules.mount network-online.target\nRequires=lib-modules.mount network-online.target\nConditionPathExists=!/opt/modules/%v\nConditionPathExistsGlob=/lib/modules/auto-update-kmods.d/*.sh\n\n[Service]\nType=oneshot\nExecStart=/bin/bash -ex /lib/modules/auto-update-kmods.sh\n\n[Install]\nWantedBy=multi-user.target\n"
      },
      {