Bash - Snippets

some Bash snippets Change Working Directory #!/usr/bin/env bash script_path=$(dirname "$0") cd "$script_path" sha256: 14702c6f56acf7fb0c71b5e04b7c9de9264ed0dbbef43c34e34ec12fbd6e8baa

SSH Key Generator

If you need multiple SSH keys with passphrases for educational purposes, you can generate them as follows. The passphrase is set in the comments of the corresponding public key. SSH Key Generator Script cat << 'EOF' > /tmp/ssh-key-generator.sh #!/usr/bin/env bash # File f=/tmp/id_ed25519 # Cleanup test -f $f && rm $f $f.pub # Gen Key ssh-keygen -o -a 100 -t ed25519 -N "" -f ${f} # Extact Password (last 8 Char from PubKey) pw=$(cat ${f}.

Vault on OpenBSD

how to Install and run Hashicorp Vault on OpenBSD in addition to [https://blog.stoege.net/categories/vault/](this Blog Entry), here some instructions for OpenBSD. Requirements VM with OpenBSD 7.2 (or older …) and root/doas permission Domain, or at least a FQDN Name pointing to your VM HTTP/HTTPS allowed from Internet (for Certificate Generation) Nginx installed (pkg_add nginx) Source https://developer.hashicorp.com/vault/docs/get-started/developer-qs Install Vault all the Steps must be run as root (or with doas) pkg_add vault Vault Config Backup the prev.

Python - Little Wordcloud

Do you like Word Clouds ? I do …! following a litte Script which Parse a Website and build a appropriate Word Cloud Script mkdir ~/mywordcloud; cd ~/mywordcloud cat <<'EOF' > main.py import fire import matplotlib.pyplot as plt import pandas as pd import re import requests from bs4 import BeautifulSoup from wordcloud import STOPWORDS, WordCloud def gen_cloud_tag(url: str = "https://blog.stoege.net"): # add https if not url.startswith("https://"): url = "https://" + url # get Webpage response = requests.

Yubikey - on OpenBSD

Running YubiKey on OpenBSD buy a Key and give try … Source https://www.yubico.com/ Install Software pkg_add yubikey-manager-3.1.2p4 pkg_add yubikey-manager-3.1.2p4 quirks-6.42 signed on 2023-01-08T01:39:04Z yubikey-manager-3.1.2p4:py3-click-7.1.2: ok yubikey-manager-3.1.2p4:py3-pyusb-1.0.2p5: ok yubikey-manager-3.1.2p4:pcsc-lite-1.9.8: ok yubikey-manager-3.1.2p4:py3-cparser-2.19p2: ok yubikey-manager-3.1.2p4:py3-cffi-1.15.1: ok yubikey-manager-3.1.2p4:py3-cryptography-38.0.0p0: ok yubikey-manager-3.1.2p4:py3-pyscard-2.0.3: ok yubikey-manager-3.1.2p4:py3-openssl-22.0.0: ok yubikey-manager-3.1.2p4:libyubikey-1.13p4: ok yubikey-manager-3.1.2p4:json-c-0.16: ok yubikey-manager-3.1.2p4:ykpers-1.20.0p2: ok yubikey-manager-3.1.2p4: ok The following new rcscripts were installed: /etc/rc.d/pcscd See rcctl(8) for details. --- +yubikey-manager-3.1.2p4 ------------------- NOTE: yubikey-manager (ykman) is only partially functional on OpenBSD. Most of the "ykman fido xxx" commands (pin-setting and others) stall.

Flask JWT - Sample

Flask & JWT getting your hands dirty with Flask and JWT Source https://dev.to/grahammorby/jwt-auth-in-flask-python-18i4 with some modifications by myself … Environment Test under macOS & OpenBSD, Poetry installed and working Script build virtual env export app="app100" export FLASK_APP="${app}/app" poetry new ${app} cd ${app} set python 3.10 poetry env use $(which python3.10) gsed -i "s/python = \"^3.*$/python = \"^3.10\"/" pyproject.toml poetry lock add packages wget -4 -O requirements.txt https://raw.githubusercontent.com/GrahamMorbyDev/jwt-flask/master/requirements.txt echo "marshmallow-sqlalchemy" >> requirements.

Mongodb - Beginner

Some Hands’on with MongoDB https://www.mongodb.com/docs/v4.4/introduction/ Run via Docker docker run -d mongo Install macOS brew install mongodb-community To start mongodb/brew/mongodb-community now and restart at login: brew services start mongodb/brew/mongodb-community Or, if you don’t want/need a background service you can just run: mongod --config /usr/local/etc/mongod.conf Install OpenBSD pkg_add mongodb--%44 mongo-tools-- Tune OpenFiles cat << EOF > /etc/login.conf mongod:\ :openfiles-cur=1024:\ :openfiles-max=2048:\ :tc=daemon: EOF cap_mkdb /etc/login.conf -> needs reboot … Start DB rcctl enable mongod rcctl start mongod connect mongo show dbs > show dbs admin 0.

Wireguard on Debian

Wireguard with Debian Grab a Fresh Debian which has Public Internet Access. Target is to build a WG Tunnel and assign a Public IP to the Server. Debian 11.6 apt-get install -y wireguard wireguard-tools Gen Key cd /etc/wireguard umask 077; wg genkey | tee privatekey | wg pubkey > publickey Config cat << EOF > /etc/wireguard/wg0.conf [Interface] PrivateKey = ASSING_YOUR_PRIVATE_KEY_HERE Address = PUBLIC_IP_V4/xx, PUBLIC_IP_V6/xx [Peer] PublicKey = ASSIGN_REMOTE_PUBLIC_KEY_HERE Endpoint = PUBLIC_IP_OF_REMOTE_ENDPOINT:PORT AllowedIPs = 0.

Docker - Traefik

Docker Traefik Example cat << EOF > docker-compose.yml version: "3.3" services: traefik: image: "traefik:v2.9" container_name: "traefik" command: # Traefik Log - "--log.level=DEBUG" - "--log.filePath=/logs/traefik.log" - "--api.insecure=true" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" # Access Log - "--accesslog=true" - "--accesslog.filePath=/logs/access.log" # Prometheus metrics ## Enable prometheus metrics - "--metrics.prometheus=true" ## Create a manual router instead of the default one. - "--metrics.prometheus.manualrouting=true" - "--metrics.prometheus.addrouterslabels=true" ports: - "80:80" - "8080:8080" volumes: - "/var/run/docker.

K8s - Kubernetes

Show Contexts kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE * do-fra1-k8s-1-24-xxxxxxxxxxx do-fra1-k8s-1-24-xxxxxxxxxxx do-fra1-k8s-1-24-xxxxxxxxxxxxxxxxx do-fra1-k8s-1-25-xxxxxxxxxxx do-fra1-k8s-1-25-xxxxxxxxxxx do-fra1-k8s-1-25-xxxxxxxxxxxxxxxxx do-fra1-k8s-xxxxx do-fra1-k8s-xxxxx do-fra1-k8s-xxxxxxxxxxx Delete old Contexts kubectl config delete-context do-fra1-k8s-xxxxx sha256: f12aa09936d175b3e23f2eebc1c152675d68dce6096b9ec02d7f8429b954b4fe

K3s - Kubernetes

Let’s give a Try with Kubernetes Mini, K3s Source https://k3s.io/ https://docs.k3s.io/ Overview TestSetup Booting a few VM’s on my ESX Host. All of them got 4 CPU’s, 32 GB RAM, 100G Disk 1 MasterNode Master 3 WorkerNodes Worker01 Worker02 Worker03 All Maschines are Running Debian Latest, that’s Version 11.6 at the Moment Setup Master curl -sfL https://get.k3s.io | sh - root@master:~/bin/test_kubernetes# curl -sfL https://get.k3s.io | sh - [INFO] Finding release for channel stable [INFO] Using v1.

Django on Gooogle Cloud

I’ll give a try running an Application on Google Cloud. Not with great sucess :( Source https://codelabs.developers.google.com/codelabs/cloud-run-django?hl=en#0 https://codelabs.developers.google.com/codelabs/cloud-run-hello-python3#1 Get Cloud List, Active Account gcloud auth list gcloud config set account 'username@gmail.com' List Projects gcloud config list project [core] project = cloud-run-372113 Your active configuration is: [cloudshell-6045] username@cloudshell:~ (cloud-run-372113)$ Set Project ID gcloud config set project cloud-run-372113 username@cloudshell:~ (cloud-run-372113)$ gcloud config set project cloud-run-372113 Updated property [core/project]. Enable API gcloud services enable \ artifactregistry.

Docker on Freebsd

Fireup FreeBSD 14 Instance on AWS ?!? Install Packages pkg install gmake go git vim Install Lima git clone https://github.com/lima-vm/lima /opt/lima Patch File cat << EOF > /opt/lima/pkg/sshutil/sshutil_others.go //go:build !darwin && !linux // +build !darwin,!linux package sshutil import ( "runtime" "github.com/sirupsen/logrus" ) func detectAESAcceleration() bool { var err error const fallback = runtime.GOARCH == "amd64" logrus.WithError(err).Warnf("cannot detect whether AES accelerator is available, assuming %v", fallback) return fallback } EOF Build gmake Copy Binaries cp /opt/lima/_output/bin/* /usr/local/bin/ mkdir -p /usr/local/share/doc/lima && cp -r /opt/lima/_output/share/doc/lima/* /usr/local/share/doc/lima/ cp -r /opt/lima/_output/share/lima /usr/local/share/lima Install QEMU pkg install qemu-nox11 Get CPU root@freebsd:/opt/lima # qemu-system-x86_64 -cpu help | grep -i cascadelake x86 Cascadelake-Server (alias configured by machine type) x86 Cascadelake-Server-noTSX (alias of Cascadelake-Server-v3) x86 Cascadelake-Server-v1 Intel Xeon Processor (Cascadelake) x86 Cascadelake-Server-v2 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES] x86 Cascadelake-Server-v3 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, no TSX] x86 Cascadelake-Server-v4 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, no TSX] x86 Cascadelake-Server-v5 Intel Xeon Processor (Cascadelake) [ARCH_CAPABILITIES, EPT switching, XSAVES, no TSX] Export CPU export QEMU_SYSTEM_X86_64="qemu-system-x86_64 -cpu Cascadelake-Server" Start Lima switch to user

Hashicorp - Vault

some Hands’on with Hashicorp Vault Source https://developer.hashicorp.com/vault/docs/get-started/developer-qs Install on macos brew tap hashicorp/tap brew install hashicorp/tap/vault Run on Docker in Background, you have to kill it later docker run -d -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault Unseal Key: 2KTIMp0Md52V2xTb0txxxxxxxxxxxxxxxxxxxxxxxxx= Root Token: dev-only-token this is a dev instance only and has no persistent data. don’t worry. Open Browser http://localhost:8200 -> root token Export in Terminal export VAULT_ADDR='http://0.0.0.0:8200' export VAULT_TOKEN="dev-only-token" Set Key curl --header "X-Vault-Token: $VAULT_TOKEN" \ --header "Content-Type: application/json" \ --request POST \ --data '{"data": {"password": "Hashi123"}}' \ -s http://127.

Docker - Container

Stuff for the running Containers List running Containers $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f99ad3355bae blog "/home/docker/init_a…" 14 minutes ago Up 14 minutes 0.0.0.0:3031->3031/tcp quizzical_bardeen Shell into Containter docker exec -it f99ad3355bae bash first build cache apt-get update install Tools netstat ps tcpdump … apt-get install -y net-tools procps tcpdump telnet netcat sha256: 27a1368fbcb11db26404131aeb2b0e15d07bc32f61df6389a7c685df61bfc5aa