Setup a docker registry for passwordless Docker builds with GitHub/GitLab using authentik
This post will describe how to setup a docker registry using distribution/distribution to allow for “passwordless” authentication. Now of course, this is not actually passwordless, there’s still a password. But we can (ab)use the fact that both GitLab CI and GitHub Actions give you a JWT signed by the platform, valid for the duration of the run.
Setup # Preparing authentik # Setting up federation - GitHub # Create an OpenID Connect Source and set the JWKS URL to https://token.
Integrating authentik tokens with Hashicorp Vault
Recently, as I’ve been implementing authentik for more of my services, I was looking for a way to get tokens from authentik into some other systems to, for example, deploy them on machines with Puppet. Because authentik doesn’t (yet) support certificate authentication, and I already have Hashicorp Vault setup for that, I wondered if I could build an integration that syncs tokens into vault.
Turns out, this is actually pretty simple.
Unlocking locked resource groups in GitLab CI
Even though Gitlab has been around for a long time, there are still times where it can crash. Normally that wouldn’t cause any issues, besides being mildly annoying. However, when Gitlab crashes (and I mean really crashes) during a CI Build, sometimes invalid data remains in the Database.
On our work Gitlab, after we’d migrated most of the Jenkins jobs, I hit one of those situations. Because we had migrated a lot of Jenkins jobs, which all ran hourly, we managed to fill the Disk completely with log files.
Running Home-Assistant with Supervisor on Ubuntu
Recently, Home-Assistant have changed their stance, and only “support” installations on HassOS and Debian 10 (at the time of writing this).
Normally, this wouldn’t really matter to me, as I don’t really care about having a “supported” system or not. However, they also decided, that unsupported installations can’t get OTA Updates through Supervisor, such as upgrading to the recently recently released version 2020.12.
Now, being curious as I am, decided to snoop a bit in the supervisor Source to find how this check works.
Automating Ubuntu Server 20.04 with Packer
Ubuntu Server 20.04 has been out for a few days, which I think is a perfect time to build start my migration from Debian to Ubuntu. Now, with Debian, I had a nice Packer setup, that automatically builds base-images. These images have some default packages installed, some miscellaneous settings and a default user. These images are used by an Ansible Workflow that creates new VMs on the fly, and deploys whatever tools I need into the VM.