Rafal Pieniazek RafPe

Installing My Blog

I want to install Ghost as my blog. I want the web server, ghost, and OS, all to receive security updates on a regular schedule without me having to muck with it. (I am willing for the blog to sometimes go down because of this.)

I'll eventually want monitoring and alerting, and backups of the blog entries; uploads of the static site to my web hosting company; automatic DNS configuration; updates of the base OS. But for now I'm modest, I just want Ghost and I want updates.

I want to do this all with Chef. I want to write the Ghost cookbook myself, not because the existing Ghost cookbook is bad, but because I want to get a real feel for how these get written.

Getting Started: Test Kitchen

Keybase proof

I hereby claim:

I am rafpe on github.
I am rafpe (https://keybase.io/rafpe) on keybase.
I have a public key ASBRjiiMP07Nt3oZJdldVTZFF03RKCtufh5cuX5P1yoXVAo

To claim this, I am signing this object:

	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Threading.Tasks;
	using Microsoft.AspNetCore.Builder;
	using Microsoft.AspNetCore.Authorization;
	using Microsoft.AspNetCore.Authentication.JwtBearer;
	using Microsoft.AspNetCore.Hosting;
	using Microsoft.Extensions.Configuration;
	using Microsoft.Extensions.DependencyInjection;

	#!/bin/bash -e

	# Pre-requiresites:
	# > Vault server
	# > exported VAULT_ADDR and VAULT_TOKEN
	# > vault cli
	# > httpie (https://github.com/jkbrzt/httpie)
	# > jq (https://stedolan.github.io/jq/)

	# CA

	# split panes using \| and -
	bind \| split-window -h
	bind - split-window -v
	unbind '"'
	unbind %

	# switch panes using Alt-arrow without prefix
	bind -n M-Left select-pane -L
	bind -n M-Right select-pane -R
	bind -n M-Up select-pane -U

	try:
	import readline
	except:
	print "Error importing readline module"

	import rlcompleter
	readline.parse_and_bind('tab:complete')

	Server 2 sockets,6 cores each, 2.4ghz

	# Set ixgbe options
	# Limit RSS queues to the number of physical cores per cpu
	# Disable offload
	# When you change this, you need to run the command and reboot for it to take.
	echo "options ixgbe LRO=0,0 MQ=1,1 RSS=6,6 VMDQ=0,0 vxlan_rx=0,0" > /etc/modprobe.d/ixgbe.conf

	# Shut down HT cores
	for i in $(seq 1 2 23); do

	[alias]
	lg = !"git lg1"
	lg1 = !"git lg1-specific --all"
	lg2 = !"git lg2-specific --all"
	lg3 = !"git lg3-specific --all"

	lg1-specific = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)'
	lg2-specific = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(bold yellow)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'
	lg3-specific = log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset) %C(bold cyan)(committed: %cD)%C(reset) %C(bold yellow)%d%C(reset)%n'' %C(white)%s%C(reset)%n'' %C(dim white)- %an <%ae> %C(reset) %C(dim white)(committer: %cn <%ce>)%C(reset)'

	# Virtual Tunnel Interface
	# 172.196.17.188 - 172.196.17.191
	set interfaces vti vti0 address 172.196.17.190/30
	set interfaces vti vti0 description 'Virtual tunnel interface for VPN tunnel'

	# Phase 2
	set vpn ipsec esp-group ESP-Default compression 'disable'
	set vpn ipsec esp-group ESP-Default lifetime '3600'
	set vpn ipsec esp-group ESP-Default mode 'tunnel'
	set vpn ipsec esp-group ESP-Default pfs 'dh-group16'

	$allowedIPs = [ "1.2.0.0/16", "4.3.0.0/16"];
	$drop=true;


	$FeedsToblock =[
	"www.some.com/feed/xyz",
	"www.some.com/feed/abc",
	"www.some.com/feed/rrr"
	];