Skip to content

Instantly share code, notes, and snippets.

View vlj91's full-sized avatar

Vaughan Jones vlj91

8 followers · 11 following
View GitHub Profile
@vlj91
vlj91 / rails-secret-key-base-rotation.md
Last active October 7, 2022 09:40
rails secret_key_base rotation
  • The CookieStore uses secret_key_base to store session session data
  • Rails 7 introduces a
  • When secret_key_base is rotated, all sessions are expired
  • A rotation initializer can be added, which allows users to visit the site and have their cookies read with the old configuration, then rewritten with the new secret_key_base
  • The rotator can be disabled either after a period of time, or upon audit that no cookies are stored using the previous secret_key_base
  • Multiple rotators can exist at once
  • Rotators can be used for other things, such as changing the digest used to sign cookies (SHA1 -> SHA256)

A simple rotator to move between two secret_key_base values may look like this:

@vlj91
vlj91 / qgroundcontrol-install.sh
Created July 28, 2020 10:15
qgroundcontrol-install.sh
# building qgroundcontrol for raspberry pi 4
# steps:
# 1. compile QT for raspberry Pi:
# - the version of QT that comes with debian doesn't compile
# QGC correctly, so we compile a newer version
# - this can take up to 8 hours even with 4 cores
# 2. compile qtlocation
# 3. compile qgroundcontrol using qt5.12.8
# this assumes a desktop environment is present to actually run qgc once it's compiled
@vlj91
vlj91 / update_ecr_image_scan.rb
Last active November 3, 2019 03:13
Update all AWS ECR repositories to use image scanning on push, and run an initial scan
#!/usr/bin/env ruby
require 'aws-sdk-ecr'
ecr = Aws::ECR::Client.new
ecr.describe_repositories.repositories.map(&:repository_name).each do |repo|
# set to scan on image push, this only affects newly pushed images
ecr.put_image_scanning_configuration(
repository_name: repo,
image_scanning_configuration: {
@vlj91
vlj91 / keybase.md
Created February 7, 2019 23:41
keybase.md

Keybase proof

I hereby claim:

  • I am vlj91 on github.
  • I am vlj91 (https://keybase.io/vlj91) on keybase.
  • I have a public key ASDJo6mLMZliNfPYVXlRwxJeyqd2sTn9w2h2gJ2dOTM7uwo

To claim this, I am signing this object:

@vlj91
vlj91 / centos7.ks
Last active July 12, 2018 00:46
centos7.ks
# SCAP Security Guide OSPP/USGCB profile kickstart for Red Hat Enterprise Linux 7 Server
# Version: 0.0.2
# Date: 2015-11-19
#
# Based on:
# http://fedoraproject.org/wiki/Anaconda/Kickstart
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-kickstart-syntax.html
# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
# Text or Graphical
text
@vlj91
vlj91 / kickstart.sh
Last active July 12, 2018 00:32
kickstart.sh
#!/bin/bash
mirror="http://optus.net/centos/7/os/x86_64"
ks_url="https://gist.githubusercontent.com/vlj91/1e3c367eb14b00e78abad6df52257591/raw/663b5297a46f07329ff170aa4e64e374703fc03b/centos7.ks"
mkdir -pv /boot
curl "${mirror}/isolinux/initrd.img" > /boot/initrd.img
curl "${mirror}/isolinux/vmlinuz" > /boot/vmlinuz
curl "${ks_url}" > /boot/kickstart.ks
@vlj91
vlj91 / kube-pod-secret.yaml
Created April 21, 2018 01:58
kube-pod-secret.yaml
---
apiVersion: v1
kind: Pod
metadata:
name: redis
spec:
containers:
- name: redis
image: redis
env:
@vlj91
vlj91 / bootstrap_puppet.sh
Created March 16, 2018 21:08
bootstrap_puppet.sh
#!/bin/bash -xe
@vlj91
vlj91 / xcat-centos7-image.sh
Created February 22, 2018 11:48
xCAT CentOS7 image generation
#!/bin/bash
yum install -y -e0 wget
mkdir -pv /opt/vm
pushd /opt/vm
wget http://centos.serverspace.co.uk/centos/7/isos/x86_64/CentOS-7-x86_64-Everything-1708.iso
copycds CentOS-7-x86_64-Everything-1708.iso
genimage centos7.4-x86_64-netboot-compute
packimage centos7.4-x86_64-netboot-compute
popd
@vlj91
vlj91 / xcat-install.sh
Last active March 23, 2021 23:05
xCAT install (CentOS 7)
#!/bin/bash
cat << EOF > /etc/yum.repos.d/xCAT-core.repo
[xcat-2-core]
name=xCAT 2 Core packages
baseurl=http://xcat.org/files/xcat/repos/yum/2.13/xcat-core
enabled=1
gpgcheck=1
gpgkey=http://xcat.org/files/xcat/repos/yum/2.13/xcat-core/repodata/repomd.xml.key
EOF