Skip to content

Instantly share code, notes, and snippets.

View jwieringa's full-sized avatar

Jason Wieringa jwieringa

65 followers · 14 following
View GitHub Profile
@jwieringa
jwieringa / attributes.rb
Created April 20, 2019 17:55 — forked from lizthegrey/attributes.rb
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@jwieringa
jwieringa / ubuntu_1804.ipxe
Created March 5, 2020 16:26 — forked from robinsmidsrod/ubuntu_1804.ipxe
iPXE script entries for booting Ubuntu 18.04 in different ways
# boot-url points to an nfs URL
# sanboot-url points to an http URL
# ubuntu-version contains 18.04.3
# ubuntu-release contains bionic
:ubuntu
echo Booting Ubuntu from iSCSI for ${initiator-iqn}
set root-path ${base-iscsi}:${hostname}.boot.ubuntu
sanboot ${root-path} || goto failed
goto start
@jwieringa
jwieringa / ipxe.sh
Created March 5, 2020 17:06 — forked from robinsmidsrod/ipxe.sh
Bash functions for building iPXE in different ways
#!/bin/bash
make_ipxe() {
pushd "$HOME/src/forked/ipxe/src" >/dev/null &&
make CONFIG=chain bin/undionly.kpxe bin/ipxe.lkrn bin/ipxe.pxe bin/ipxe.usb &&
sudo install -v -m 0644 -g root -o root bin/undionly.kpxe /srv/salt/tftpd/files/undionly.kpxe &&
sudo install -v -m 0644 -g root -o root bin/ipxe.lkrn /srv/salt/tftpd/files/ipxe.lkrn &&
sudo install -v -m 0644 -g root -o root bin/ipxe.pxe /srv/salt/tftpd/files/ipxe.pxe &&
sudo salt-call -l quiet state.single file.recurse name=/srv/tftp source=salt://tftpd/files dir_mode=755 file_mode=644 &&
popd >/dev/null
@jwieringa
jwieringa / _INSTALL.md
Created March 5, 2020 19:51 — forked from robinsmidsrod/_INSTALL.md
Bootstrapping full iPXE native menu with customizable default option with timeout (also includes working Ubuntu 12.04 preseed install)

Add the following chunk to your existing ISC dhcpd.conf file.

if exists user-class and ( option user-class = "iPXE" ) {
    filename "http://boot.smidsrod.lan/boot.ipxe";
}
else {
    filename "undionly.kpxe";
}

(or see https://gist.github.com/4008017 for a more elaborate setup

@jwieringa
jwieringa / autossh_systemd_unit.service
Created November 29, 2021 19:29 — forked from Strykar/autossh_systemd_unit.service
Autossh systemd service. See https://avizard.blogspot.com/2021/01/aggressive-yet-sane-persistent-ssh-with.html
[Unit]
Description=AutoSSH service to remotely access signald's unix socket for weechat's signal.py (/smsg +145789323231)
After=network-online.target
# Use this instead if autossh will interact with the local SSH server
# After=network-online.target sshd.service
[Service]
Environment="AUTOSSH_GATETIME=30"
Environment="AUTOSSH_POLL=30"
Environment="AUTOSSH_FIRST_POLL=30"
@jwieringa
jwieringa / OpenSSL.md
Created February 17, 2022 03:41 — forked from mohanpedala/OpenSSL.md
OpenSSL Working with SSL Certificates, Private Keys, CSRs and Truststores