Skip to content

Instantly share code, notes, and snippets.

View xirkus's full-sized avatar

Mel Llaguno xirkus

  • Calgary, Canada
View GitHub Profile
@xirkus
xirkus / keybase.md
Created January 23, 2021 01:37
Keybase Verification

Keybase proof

I hereby claim:

  • I am xirkus on github.
  • I am mllaguno (https://keybase.io/mllaguno) on keybase.
  • I have a public key whose fingerprint is 404C E144 8375 3993 DAFB CEDD 799A B1E2 0103 7B37

To claim this, I am signing this object:

@xirkus
xirkus / terraform_the_missing_manual.md
Last active July 8, 2023 11:00
Terraform - The Missing Manual

Terrafrom Logo

Terraform - The Missing Manual

Infrastructure-as-Code is a principal that drives modern DevOps practice. I discuss the current state of Terraform and provide some basic guidelines/principles regarding how to structure it's usage for your project.

Tables of Contents

@xirkus
xirkus / error.md
Created January 12, 2021 20:10
terraform aws remote backend error
% terraform plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/scrb/scrb/runs/run-ynhciGC5Dp5CKHgy
@xirkus
xirkus / hipaa_compliance_guidelines.md
Last active June 21, 2021 08:40
Collection of HIPAA Compliance Guidelines
@xirkus
xirkus / synology_self_signed_cert_howto.md
Last active November 7, 2024 00:54
Using the Synology NAS Certificates to Provision Private/Locally Scoped Self-signed SSL Certificates

It's possible to use a Synology Diskstation's Certificate generation functionality to create a set of privately scoped (non-FQDN) self-signed SSL certificates that you can use to provision internal network services so that connecting to them does not cause your browser to throw warning messages (or in the case of Chrome, prevent you from connecting at all).

Rationale

Usually, when you add network devices to your personal private network, they are refereneced by IP addresses as naming requires either maintaining individual host files on each machine or setting up DNS. The first is pretty cumbersome; the second seems like overkill (unless you're a masochist, which I have been in the past). As an alternative, I considered using locally scoped names associated with fixed IPs associated via a light-weight DNS resolver (in my case, using unbound running on my Raspberry Pi with Pi-Hole).

**WARNING: This is clearly a HACK and is not intended to be used for production environments. If you need full SSL certi

@xirkus
xirkus / yubikey+gpupgp+ssh_howto.md
Last active September 19, 2024 14:54
Security Adventures 1. How to get yubikey+gpg+ssh+gitbhub working on MacOS

I've spent the day trying to get this setup working with GitHub and given the number of gotcha's I encountered, it seemed like a good idea to document how I finally got this working with as few hacks as possible. There's a lot of documentation out there (some of it old and misleading) and committing here for posterity will help me remember this when I inevitably need to do this again.

Rationale

Passwords are simply not enough these days. Regardless of the company, breaches (and the associated Personally Identifiable Information harvested) are a matter of not if, but when. There are a number of things you can do to protect yourself, but being on the tin-foil-hat side of paranoia, means there are a few Commandents that I adhere to (and recommend for other folks)[Insert link to Fight Club Rules for the Secure Internet].

That being said, if you use 2-factor authentication and have committed to using a hardware token such as the Yubikey, then you're already ahead of the curve. The problem is that wh