Setup a docker registry for passwordless Docker builds with GitHub/GitLab using authentik

This post will describe how to setup a docker registry using distribution/distribution to allow for “passwordless” authentication. Now of course, this is not actually passwordless, there’s still a password. But we can (ab)use the fact that both GitLab CI and GitHub Actions give you a JWT signed by the platform, valid for the duration of the run. Setup # Preparing authentik # Setting up federation - GitHub # Create an OpenID Connect Source and set the JWKS URL to https://token.
Read more →

Integrating authentik tokens with Hashicorp Vault

Recently, as I’ve been implementing authentik for more of my services, I was looking for a way to get tokens from authentik into some other systems to, for example, deploy them on machines with Puppet. Because authentik doesn’t (yet) support certificate authentication, and I already have Hashicorp Vault setup for that, I wondered if I could build an integration that syncs tokens into vault. Turns out, this is actually pretty simple.
Read more →

Unlocking locked resource groups in GitLab CI

Even though Gitlab has been around for a long time, there are still times where it can crash. Normally that wouldn’t cause any issues, besides being mildly annoying. However, when Gitlab crashes (and I mean really crashes) during a CI Build, sometimes invalid data remains in the Database. On our work Gitlab, after we’d migrated most of the Jenkins jobs, I hit one of those situations. Because we had migrated a lot of Jenkins jobs, which all ran hourly, we managed to fill the Disk completely with log files.
Read more →

Running Home-Assistant with Supervisor on Ubuntu

Recently, Home-Assistant have changed their stance, and only “support” installations on HassOS and Debian 10 (at the time of writing this). Normally, this wouldn’t really matter to me, as I don’t really care about having a “supported” system or not. However, they also decided, that unsupported installations can’t get OTA Updates through Supervisor, such as upgrading to the recently recently released version 2020.12. Now, being curious as I am, decided to snoop a bit in the supervisor Source to find how this check works.
Read more →

Automating Ubuntu Server 20.04 with Packer

Ubuntu Server 20.04 has been out for a few days, which I think is a perfect time to build start my migration from Debian to Ubuntu. Now, with Debian, I had a nice Packer setup, that automatically builds base-images. These images have some default packages installed, some miscellaneous settings and a default user. These images are used by an Ansible Workflow that creates new VMs on the fly, and deploys whatever tools I need into the VM.
Read more →

Upgrading to ESXi 6.5 on HP gear

It’s been a day since vSphere 6,5 came out, and sysadmins all over the world have been updating their test systems. This works really well if you update to vCenter 6.5 first, since it has the Update Manager integrated. Upgrading to ESXi 6.5 worked fine on my Dell R710, which was running ESXi 6.0u2 (Dell customized) before. My DL380 G6’s however just threw the error Software or system configuration of host <hostname> is incompatible.
Read more →

IPv6 and online.net

IPv6 and online.net # The experimenting # Shoutout to /u/dantho and /u/CBRJack for helping me with this I’ve recently started to mess around with IPv6, mostly for the reasons of being future-proof (somewhat), a lot of free addresses and also cause it seemed interesting. Now at home I already have IPv6, at least in theory. My home connection is a UnityMedia Cable Connection. This is running DS-Lite, so the whole aparetmeent complex has an external IPv4, and every flat has their own IPv6 space.
Read more →

BeryJu.org goes Colo

#It’s colo time baby! ######the structure of this post was totally not stolen from MonsterMuffin (<3 bb)After a recent power bill reminded me that Servers were not free to run, but rather pulled some rather big power costs behind them, I decided to downsize. My initial Plan involved selling 3 of my 1366-era servers and keeping the R410 as sole VM host. This brought it’s own headaches, like having to deal with moronic eBay buyers and manually having to fiddle with the partition table since it was a partition in a partition (don’t ask)…
Read more →

My Thoughts about Puppet 4

This weekend I decided to upgrade my Foreman to 1.12, which finally supports Puppet 4. I was pretty excited for this, since I always try to run the latest software since April 2015. I used this guide to upgrade my Puppet install since Foreman still supports Puppet 3, and won’t force you to upgrade. The guide in itself wasn’t too hard, so I was able to finish it within the hour.
Read more →

Getting Started with Foreman: Part 3

What we’re going to do in this Part # Continuing on from last part, we’re going to provision VMware’s ESXi. Since ESXi is based on Linux, we can actually do this without a separate server or special configuration, we just need a few files. === Table of Contents # Part 1: Getting Started Installing the OS Installing Foreman Settings Foreman up Creating our first VM Part 2: Deploying Windows 7/10/Server Installing and Configuring the WDS Server Installation and Basics of MDT 2013u2 Integrating it with Foreman (the Windows side) Integrating it with Foreman (the Foreman side) Deploying our first Windows VM Part 3: Deploying ESXi Preparation of the Source Creating templates Integrating it with vCenter Deploying our first ESXi Box Part 4: Getting Started with Puppet Part 5: Advanced Puppet Prerequisites # ** This is technically a continuation of the previous part, but since I redid most of my VMs, the hostnames are going to be different.
Read more →

Getting Started with Foreman: Part 2

What we’re going to do in this Part # Continuing on from last part, we’re going to provision Windows (7/10/Server). There are two ways to do this, Wimaging by kireevco or a WDS Server. I am going to show you the WDS way since it integrates with MDT. Also Wimaging hasn’t been updated in a while. === Table of Contents # Part 1: Getting Started Installing the OS Installing Foreman Settings Foreman up Creating our first VM Part 2: Deploying Windows 7/10/Server Installing and Configuring the WDS Server Installation and Basics of MDT 2013u2 Integrating it with Foreman (the Windows side) Integrating it with Foreman (the Foreman side) Deploying our first Windows VM Part 3: Deploying ESXi Preparation of the Source Creating templates Integrating it with vCenter Deploying our first ESXi Box Part 4: Getting Started with Puppet Part 5: Advanced Puppet Prerequisites # ** Since this is a continuation of the previous part, the hostnames are going to be the same as last time.
Read more →

Getting Started with Foreman: Part 1

What is Foreman # From their website: Foreman is a complete lifecycle management tool for physical and virtual servers. We give system administrators the power to easily automate repetitive tasks, quickly deploy applications, and proactively manage servers, on-premise or in the cloud. === This is a multi-part series about provisioning and automating things with Foreman. It’s going cover deploying Debian, Windows (7/10/Server) and ESXi as well as automating things like Package installs.
Read more →

vCenter Authentication Error

Over the weekend I’ve been renmaing my Domain Controllers to fit in with the other Servers (dc1 -> dc01). The Next day, I couldn’t log into vCenter anymore with my Domain Account, neither with Windows Session Credentials nor Direct Input. I got this very cryptic error “N3Sso5Fault13InternalFault9ExceptionE”: Took me a bit tinkering, but then I rembemered I renamed my DC’s and hadn’t updated them in vCenter. So I logged in with the vCenter SSO Administrator Account, readded the Authentication Source and all was well, even the Windows Session credentials worked again!
Read more →

Setup Walkthrough

=== Home Setup Walkthrough # A few people on /r/homelab asked for this and I’ve been wanting to do it for some time anyways, so here it goes Let’s jump right in! # The Screens are 3x Dell G210 24", one Hyundai 17" Screen and a Medion 23" Screen. # Code Keyboard with Tai-Hao PBT Doubleshot Keys # Logitech G500. Great Mouse. # Blue Snowball. The Red LED is disconnected since it’s pretty annoying.
Read more →