Kevin.Gimbel.Dev/Ops

RE: Get ready for OpenTofu 1.7.0-beta1

OpenTofu, the terraform fork which remains truly Open Source, just announced the 1.7.0-beta1 release which brings the following new enhancements: Especially state encryption is a feature I’m excited about. At the moment I do not use any terraform for my private projects so it’s hard to try OpenTofu in the wild, but me and my […]

RE: You’re a Blogger, Not an Essayist

Blogging is a conversation. It’s a conversation with yourself and it’s a conversation with others. Barry Hess via https://bjhess.com/posts/you-re-a-blogger-not-an-essayist Some real talk right there. Blogging is all about conversations, thoughts, and FUN. This very website is not a magazine and it’s not a professional publication; It sometimes may include content which is related to the […]

Oh no my gpg key expired (like every year)

Who doesn’t love encryption and security? I like to sign my git commits, and for this I need PGP keys. They are cool when they work and you don’t need to think about them, but every now and then they need to be renewed (unless you use never expiring keys which of course you shouldn’t!). […]

What we should learn from the xz backdoor

You may have heard that a vulnerability was found in the xz tool and liblzma library on Friday, 29th of March 2024 which specifically targeted sshd being managed by systemd on Debian and RedHat Linux systems. What happened The catastrophic scope of the attack At first the backdoor seems very odd. xz is a compression […]

I don’t like Python

… and there’s a reason: Dependency Management. Coming from languages like Node, Go, and Rust I am used to decent dependency management (although Go was really bad at it for the first years, and has become decent only recently with the addition of go mod.). Python, in my opinion, lacks a good and well-defined Package […]

A little hiccup

Well, looks like kevingimbel.de was (partly?) down – as far as I can tell the culprit was ipv6! In the past I’ve not really bothered with ipv6 much but it feels odd to leave it out these days. Sorry for the inconvenience to all my 2 readers, I’m sure you’ve missed my blog on this […]

RE: Hacking Terraform State for Privilege Escalation

An interesting attack vector which uses empty terraform providers and a modified state file to execute code! There’s lots to be excited about as a red teamer and scared of as a blue teamer, but at the top of the list is that the attack does not require a “terraform apply”. Even if the human reviewing […]

TIL: k9s plugins

k9s is a powerful Kubernetes terminal UI. Recently, I discovered how to add plugins, to make it even more powerful and integrate with other tools and systems!

Eleventy 3.0.0-alpha.2

✨ A small update on moving my website to 11ty 3.0.0-alpha.2

TIL: Why there is /bin and /usr/bin, /lib and /usr/lib, etc on Unix systems

If you’ve ever navigated around a Unix system you may have wondered why there are /bin and usr/bin directories or /lib and /usr/lib or /sbin and /usr/sbin – or like me, you just took it for something that probably has any meaning but isn’t relevant enough to look into. Well, today it became relevant: When […]

Integrating WordPress Posts with 11ty

In this blog post I document how I integrated articles from a WordPress site into my 11ty website – it was surprisingly straight forward to do!

RE: Announcing Rust 1.73.0

Yay, Rust 1.73.0 has been released! Highlights include cleaner panic messages and the stabilisation of APIs, I’m especially happy about the stabilisation of unix APIs for `chown`, `fchown` and `lchown`.

RE: The OpenTofu fork is now available!

A few weeks ago HashiCorp decided to switch the terraform license model from an open source license to the Business Source License (BSL) model, so there’s now a community driven terraform fork called OpenTofu.

TIL: scale down a Kubernetes DaemonSet

A DaemonSet is supposed to run on all or some Kubernetes nodes, so scaling it down is surprisingly easy: Set a nodeSelector to some label which doesn’t exist, and the DaemonSet is scaled to 0. This will patch (-p) the DaemonSet and add a nodeSelector ( spec.template.spec.nodeSelector) which makes the DaemonSet run on all nodes […]

TIL: Run a script on every k8s Node using a DaemonSet

I’ve known that DaemonSets are used to run containers on all Nodes of a Kubernetes Cluster (or some), but I’ve never thought of using them to run a (shell) script on each node – a not-so-uncommon task when maintaining clusters! We need two resources: A ConfigMap and a DaemonSet.

TIL: named return parameters in Go

Yet another piece of ✨ Go Magic ✨ I was reading through some Go code when I came upon a function that returned two things – []string and error – but the last line of the function just said return. I was confused how this worked, and since it was part of the standard library […]

Building for the web, with Rust and WebAssembly

I’ve been wanting to build something in WebAssembly for a while and just recently it hit me that I have a thing: mktoc! mktoc is a table of contents generator written in Rust, it comes as a Binary and a Library and can be compiled into WebAssembly with zero effort!

TIL: multiple git-identities on one machine

Turns out you can have multiple Git identities alongside each other on one Machine without needing to set them locally for each repository! It still involves multiple .gitconfig files, but it’s a lot less work than configuring an endless amount of repos! First, set the global config like this: Now in ~/AOE/.gitconfig I configure the […]

Setting up a MacBook from scratch for the first time in 8 years

Oh boy, did I not think about a lot of stuf… For the past 8 or so years I’ve always used my work MacBook for all things dev, including private development. I’ve spent a lot of time setting up and changing my zsh, and later fish, configs, configuring iTerm, trying out different themes, … you […]

Unpinned dependencies just broke my plugin

Hello and welcome to a little recap! My 11ty MermaidJS plugin was just broken by MermaidJS release 10.0 because they no longer provided a minified JavaScript bundle and instead only provide a ESM module. My plugin was referencing https://unpkg.com/mermaid/dist/mermaid.min.js by default for including the javascript code, but with version 10 this now leads to a […]

TIL: One-line list manipulation in Python

In Python there’s a one-line syntax for iterating over elements of a list. I’ve always found it looked kind-of odd, and as I need to look it up all the time I decided to write a little TIL on this blog about it. There are more powerful one-liners documented on the Python Wiki.

Publishing and building a static website on GitHub Pages

A week ago or so I finally launched a small website I’ve been working on for quite some time: kevin.gimbel.dev/ops – it’s a colourful static website showing some of the technologies I’ve worked with in the past years since I began doing DevOps full time. The website is built with 11ty and published with GitHub […]

How to extend and reuse configs in Gitlab CI

When I began using Gitlab CI the first thing I wanted to know was how to reuse configs. I know that we’ll have changing requirements at work and that we’ll have hundreds of repositories using basically-the-same configurations so I wanted to make sure we’d have a central place to make changes to these. I found […]

TIL: Replace git URLs in Gitlab CI

When working with Gitlab as a storage for Terraform or Ansible modules you probably access them using SSH, like git@gitlab.instance:group/project.git. This has the advantage that authentication is done using SSH keys and everybody on your team can access the repositories just like they’d do when cloning on the terminal – no need for entering passwords during […]

Proxy websocket connections with Apache2

How to configure Apache2 to pass through web socket connections Recently I had to adjust an Apache Virtual Host to allow proxying of Web Socket requests to a service running on localhost which would also accept HTTP requests on the same port. The problem The service in question was Loki, the “Prometheus, but for logs” from Grafana. At Synoa we’ve […]

Validating variables in terraform

Finally, terraform can validate input variables! With the 0.13 release terraform introduces input validation, and with the 1.0.0 releases it was stabilized! Before there was no way of validating variables other than checking their length or doing basic checks inside the code, for example in the locals.tf file, and errors with variables mostly came to light during […]

Darken and Lighten colors with CSS

Recreating SASS darken() & lighten() function with CSS variables and calc The technique shown in this post uses the hsl color format in combination with the calc CSS function to calculate darker or lighter shades of a base color. Before we get into the code I want to make sure I did not come up with this, I found the […]

First steps with Traefik 2

A tale of Auto SSL, Basic Auth, and lots of debugging Recently I’ve spent some time at work trying out Traefik 2 and learning about the new concepts like routers and middleware since we’ll use Traefik 2 as part of some new infrastructure. We’ve used Traefik 1 in production at Synoa for the past 3 years. Initially […]

TIL: Dots in /etc/sudoers.d filenames

A tale of facepalms While reviewing some Ansible modules with a colleague we stumbled upon an issue with our user creation module, and for a briefe time couldn’t understand what was going on. The module in question creates multiple Linux users, adds them to groups, and enables some to use password less sudo via the /etc/sudoers.d config […]

Wildcards in Prometheus queries

Learn how to query data in Prometheus and how to use wildcards Hello and welcome to this “snippet-sized” post about Prometheus queries! Prometheus is a time-series database which means it is build to collect a lot of datasets that show values over time, for example the result of a HTTP request or the RAM usage of a […]

Apply a patch from a Github PR

Ever found yourself needing that one fix from a PR on GitHub that hasn’t been released yet? How can you get the code, for example a Magento fix, into your code base? Copy-paste it? That might work for small changes, but for large and complex changes copy-pasting is no solution. Luckily, we can use GitHub […]

TIL: Bash select

I was recently researching different bash prompts and stumbled upon an StackExchange answer which explains the different prompt types (PS1, PS2, PS3, and PS4). The answer explains how the PS3 prompt is used for commands like select. I did not know about select before, so that’s the real TIL here! […] PS3 is shown when the select command is waiting for […]