Skip to content

Instantly share code, notes, and snippets.

View m4ce's full-sized avatar

Matteo Cerutti m4ce

33 followers · 10 following
View GitHub Profile
@m4ce
m4ce / keybase.md
Created May 24, 2016 10:33

Keybase proof

I hereby claim:

  • I am m4ce on github.
  • I am m4ce (https://keybase.io/m4ce) on keybase.
  • I have a public key whose fingerprint is 168E FD43 E44A 13D0 3BDE 59FA 148D 5C94 66C3 CF73

To claim this, I am signing this object:

@m4ce
m4ce / inventory.mc
Created April 18, 2016 12:41
MCO hardware inventory
formatted_inventory do
page_length 50
page_heading <<TOP
Hostname: Serial: Hardware: Distribution:
------------------------------------------------------------------------------------------------------------------------------
TOP
page_body <<BODY
@<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<< @<<<
@m4ce
m4ce / gist:ade3970c74631ef2512d7aca4353dd84
Last active April 11, 2016 18:35
Pulp unattended registration
$ pulp-admin auth user create --login registrator --password=secret --name "Used for unattended registrations"
$ pulp-admin auth permission grant --login registrator --resource /v2/consumers/ -o CREATE -o READ
$ pulp-consumer -u registrator -p secret register --consumer-id `hostname -f`
@m4ce
m4ce / gist:1fbd0b36310fb9625fea40e3b3141b7e
Last active April 7, 2016 09:42
HAProxy name based routing
frontend example
bind 0.0.0.0:80
bind 0.0.0.0:443 ssl crt <pem>
mode http
option httplog
acl is_test hdr(host) -i test.example.org
use_backend test if is_test
default_backend welcome
@m4ce
m4ce / canonical_ldap
Last active April 27, 2016 12:17
Rewrite postfix sender/recipient mail address from FreeIPA (LDAP)
server_host = <ipa_host>
server_port = 389
bind = no
search_base = cn=users,cn=accounts,dc=example,dc=org
query_filter = (&(objectClass=person)(uid=%u))
result_attribute = mail
result_format = %s
start_tls = yes
version = 3
tls_key = <key>
@m4ce
m4ce / iptables
Created April 7, 2016 09:28
Transparent proxy with Squid and IPTables
# Rules for transparent proxying
iptables -N NO_PROXY -t nat
iptables -A NO_PROXY -t nat -d 0.0.0.0/8 -j ACCEPT
iptables -A NO_PROXY -t nat -d 10.0.0.0/8 -j ACCEPT
iptables -A NO_PROXY -t nat -d 127.0.0.0/8 -j ACCEPT
iptables -A NO_PROXY -t nat -d 169.254.0.0/16 -j ACCEPT
iptables -A NO_PROXY -t nat -d 172.16.0.0/12 -j ACCEPT
iptables -A NO_PROXY -t nat -d 192.168.0.0/16 -j ACCEPT
iptables -A NO_PROXY -t nat -d 224.0.0.0/4 -j ACCEPT
iptables -A NO_PROXY -t nat -d 240.0.0.0/4 -j ACCEPT
@m4ce
m4ce / Quagga OSPF filter network routes
Created April 7, 2016 09:24
redistribute connected metric 1 route-map filter_connected_routes
redistribute static metric 1
redistribute kernel metric 1
route-map filter_connected_routes permit 10
match ip address filter_connected_routes
access-list filter_connected_routes deny <network>
access-list filter_connected_routes permit any
@m4ce
m4ce / gist:35298c7091e6150ebeccdb82e1b9a825
Created April 6, 2016 20:35
JunOS Dynamic VPN setup with LDAP authentication
[edit security]
ike {
policy ike-dyn-vpn-policy {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text "<key>"; ## SECRET-DATA
}
gateway dyn-vpn-local-gw {
ike-policy ike-dyn-vpn-policy;
dynamic {