Skip to content

Instantly share code, notes, and snippets.

View nnewc's full-sized avatar

Nathan Newcomb nnewc

5 followers · 46 following
View GitHub Profile
@nnewc
nnewc / Airgapped_RKE2_image.md
Created October 28, 2025 22:10 — forked from bcdurden/Airgapped_RKE2_image.md
Create Harvester RKE2 Airgap-friendly Node Image via Packer

RKE2 and Packer

These files are configured in a way so that an Ubuntu cloud-image is modified by downloading the RKE2 install script from upstream as well as installing the qemu-guest-agent. This is done so the Ubuntu image can now function in an airgapped environment as an RKE2 node. Previous methods I've done involved using libguestfs tools and it was a bit clunky due to how it needed to be managed. Packer's QEMU provider fixes that for me.

Unfortunately, Packer's QEMU provider must run locally as there is no Harvester provider that would run these commands on a remote Harvester cluster to save us the dependency problem. Perhaps in the future we can explore that level of sophistication, but for now this works great.

There is a post-install provisioner that uploads the resulting image to Harvester using a VirtualMachineImage CR template. If you do not wish to upload to Harvester, feel free to comment out that section in spec.pkr.hcl, it is located towards the bottom and starts with the lines `post-p

@nnewc
nnewc / docker-compose.yaml
Created April 26, 2024 17:52
Netboot.xyz docker compose
---
services:
netbootxyz:
image: ghcr.io/netbootxyz/netbootxyz:latest
container_name: netbootxyz
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- MENU_VERSION=2.0.47 #optional
@nnewc
nnewc / minio-nginx-selfsigned.sh
Created December 9, 2023 17:58 — forked from superseb/minio-nginx-selfsigned.sh
Minio + NGINX in Docker using self signed certificates
#!/bin/bash
if [ "$#" -lt 0 ]; then
echo "Usage: $0"
exit 1
fi
echo "Generating nip.io based on found external IP"
FOUNDIP=$(docker run --rm --net=host appropriate/curl https://api.ipify.org)
APIFQDN="minio-api.${FOUNDIP}.nip.io"
FQDN="minio.${FOUNDIP}.nip.io"
@nnewc
nnewc / etcd.go
Last active March 9, 2023 18:18
etcd decrypt secret
package main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
"os"
)
const transformerPrefix = "k8s:enc:aescbc:v1:k-wcldg:"
@nnewc
nnewc / extract-c-c-secrets.sh
Last active October 8, 2022 17:20 — forked from jakefhyde/extract-c-c-secrets.sh
run with `bash -ex extract-c-c-secrets.sh <SNAPSHOT_FILE_NAME> <ETCD_VERSION>`
#!/usr/bin/env bash
set -ex
if [ $# -ne 2 ]; then
echo "Usage: $0 [filename] [etcd_version] [decryption-key]"
exit 1
fi
FILENAME=$1