vmoravec

Jekyll & Liquid Cheatsheet

A list of the most common functionalities in Jekyll (Liquid). You can use Jekyll with GitHub Pages, just make sure you are using the proper version.

Running

Running a local server for testing purposes:

vmoravec

Ansible playbook to setup HTTPS using Let's encrypt on nginx.

The Ansible playbook installs everything needed to serve static files from a nginx server over HTTPS.
The server pass A rating on [SSL Labs](https://www.ssllabs.com/).

To use:
 1. Install [Ansible](https://www.ansible.com/)
 2. Setup an Ubuntu 16.04 server accessible over ssh
 3. Create `/etc/ansible/hosts` according to template below and change example.com to your domain
 4. Copy the rest of the files to an empty directory (`playbook.yml` in the root of that folder and the rest in the `templates` subfolder)

vmoravec

#!/bin/bash

IPTABLES="/sbin/iptables"
IP6TABLES="/sbin/ip6tables"

# Helper function for confirming allow rules
confirm() {
        while true; do
                read -p "Allow $1? " yn
                case $yn in

vmoravec

---
- hosts: foo
  vars:
    gems:
      libxml-ruby: { version: 2.6.0,  state: present, include_dependencies: yes, user_install: no }
      shenzhen: { version: 0.13.1, state: present, include_dependencies: yes, user_install: no }
    gem_executable: /usr/local/rvm/ruby/blah/blah/1.2/gem
  tasks:
    - name: install a bunch of gems - warning, use the right executable and run as the right user!
      gem:

vmoravec

Working with ansible-vault

---

I've been using a lot of Ansible lately and while almost everything has been great, finding a clean way to implement ansible-vault wasn't immediately apparent.

What I decided on was the following: put your secret information into a vars file, reference that vars file from your task, and encrypt the whole vars file using ansible-vault encrypt.

Let's use an example: You're writing an Ansible role and want to encrypt the spoiler for the movie Aliens.

vmoravec

server {
	listen 80;
	listen 443 default_server ssl;

	ssl on;
	ssl_certificate /etc/ssl/certs/myssl.crt;
	ssl_certificate_key /etc/ssl/private/myssl.key;

	server_name *.example.com;
	root /var/www/vhosts/website;

vmoravec

proxy_cache_path /var/nginx/cache/aws/trueniu levels=2:2:2 use_temp_path=off keys_zone=aws_3:500m inactive=30d max_size=10g;

server {
    listen 80;
    server_name trueniu.com www.trueniu.com;

    if ( $scheme = http ) {
		return 301 https://www.trueniu.com$request_uri;
    }
}

vmoravec

events {
  worker_connections  1024;
}

http {
  default_type       text/html;
  access_log         /dev/stdout;
  sendfile           on;
  keepalive_timeout  65;

vmoravec

  location ~* ^/s3/(.*) {
    set $bucket           '<REPLACE WITH YOUR S3 BUCKET NAME>';
    set $aws_access       '<REPLACE WITH YOUR AWS ACCESS KEY>';
    set $aws_secret       '<REPLACE WITH YOUR AWS SECRET KEY>';
    set $url_full         "$1";
    set_by_lua $now       "return ngx.cookie_time(ngx.time())";
    set $string_to_sign   "$request_method\n\n\n\nx-amz-date:${now}\n/$bucket/$url_full";
    set_hmac_sha1          $aws_signature $aws_secret $string_to_sign;
    set_encode_base64      $aws_signature $aws_signature;

vmoravec

from __future__ import print_function
import boto3
import base64
import json
import logging


logging.basicConfig()
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)