Während ich die Aufnahme von den Security Nightmares vom 35c3 (🖇️ 🔐) angesehen habe ist mir aufgefallen, dass mir meine Fritz!Box schon lange keine Info über ausstehende Updates gemailt hat. Tja, eine Version von 2017 war drauf und die Info Push Mail Config ist irgendwie verschwunden. Lesson learned: Ein aktiver Check in meinem Monitoring muss her. Die Fritz!Box bietet über TR-064 verschiedene Möglichkeiten an Sachen auszulesen bzw. zu konfigurieren. Lange Rede kurzer Sinn: Ich habe ein Icinga 2 Check Plugin geschrieben, dass einem anzeigt, ob ein Firmwarupdate verfügbar ist oder nicht. Weiterlesen →

Push docker image to GitLab registry with self signed certificate (the dirty way)

I wanted to use GitLabs CI/CD feature using a GitLab runner. With a privileged container running docker:dind I’m able to build an image inside another image. That already works fine. I wanted the addition push to the registry after building. But the selfsigned certificate stopped me. x509: certificate signed by unknown authority Building my own image based on docker:dind My first try was to build my own image based on docker:dind. Weiterlesen →

go-ini: Use custom seperators

Go-ini is a package for parsing section based config files. For example a Grafana.ini file like this one (🖇️ 🔐) . I wanted to use it for parsing an ansible inventory file. But I got greeted with an error message: key-value delimiter not found: dns.veloc1ty.lan The first lines of my inventory file are: [dns-server] dns.veloc1ty.lan [archlinux] The problem is that go-ini expects the = delimiter, because normally you would parse key value pairs in each section. Weiterlesen →

GitLab CI: Build docker image with docker executor

I’m fiddling around with docker for a couple of days since the GitLab runner in my setup uses the docker executor. After understanding the fundamentals and got it running on my Mac I tried to create my own docker image. And my test subject was this blog. I basically took the nginx:alpine-mainline image and added the compiled page files I already have thanks to my first CI project. The full content of my Dockerfile: Weiterlesen →

Deploy Hugo sites with GitLab CI

I’ve done some testing with GitLab CI at work and like it. I like it so much that I decided to implement some CI/CD stuff for my home projects. My first project is to deploy this Hugo blog after a new post is commited into the git. I’ve done this using GitLab with a GitLab Runner using a docker container in the background. I personally use LXC and had not contact with docker before, but using it was pretty easy. Weiterlesen →

Starting a dedicated Insurgency Sandstorm server on linux

Insurgency Sandstorm finally has a dedicated Server for Linux. And here is how to install it: Download and Install the gameserver files Download the steamcmd bundle: :-$ wget Unpack it and start the steamcmd: :-$ tar xfvz steamcmd_linux.tar.gz :-$ ./ You should be greeted with an login prompt: Steam> Then execute these three commands in a row: Steam>force_install_dir sandstorm Steam>login anonymous Connecting anonymously to Steam Public...Logged in OK Waiting for user info. Weiterlesen →

Copy cisco config to mac using built in tftp

Mac has a built in tftp server so doing a backup from a cisco switch is pretty easy. Just start it, create a file and then start a transfert. Start the tftp server: sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist sudo launchctl start Move to /private/tftpboot and create the file cisco. Also chmod it to 777. :-$ cd /private/tftpboot :-$ touch cisco :-$ chmod 777 cisco Now copy your config from the switch: Weiterlesen →

Cisco SG-350: SSH pubkey key auth

I wanted to activate ssh public key authentication on my Cisco SG-350 10 Port manged switch. And it was a pain in the ass because of the slightly different CLI syntax. First of all enable ssh. This requires a configured and working IP address on the switch: SwitchR#conf t SwitchR(config)#ip ssh server SwitchR(config)#ip ssh pubkey-auth auto-login SSH pubkey authentication is now enabled. Now you have to add an ssh key to your user. Weiterlesen →

UniFi access point, Cisco switch and native VLAN

Today I’ve thrown out my Dlink managed switch and replaced it with a Cisco SG350 I’ve bought “cheap” on Amazon. I’m now able to properly configure VLANs. Thankfully my UniFi AP AC Lite can map each WLAN to a VLAN. However I struggled a bit with traffic not flowing as I wanted. The setup I wanted: VLAN 3 is my VLAN in which all normal devices are. It only contains trusted devices and the only firewall rule for this network is any to any Access point IP address (for management, etc): 10. Weiterlesen →

Stream the Raspberry Pi Cam to Twitch

After getting bad results with my shitty webcam (< 10 fps) I’ve upgraded to a Raspberry Pi Cam v2 without integrated infrared filter (NoIR). I’ve bought it from Amazon (🖇️ 🔐) together with an 1m cable (🖇️ 🔐) . The Raspberry Pi Cam v2 can output 1080p30 (and better) in a really nice quality. By turning the lense you are also able to adjust the focus easily. But the best part is the native h264 output. Weiterlesen →