commit 10f9565f9b0add6a801a67eb030501ce898a1696 Author: Brayden Date: Thu Apr 6 06:49:47 2023 +0000 Initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..86c95ef --- /dev/null +++ b/.gitignore @@ -0,0 +1,13 @@ +# Generated files by hugo +/public/ +/resources/_gen/ +/assets/jsconfig.json +hugo_stats.json + +# Executable may be added to repository +hugo.exe +hugo.darwin +hugo.linux + +# Temporary lock file while building +/.hugo_build.lock diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..c53b474 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "themes/hugo-bearblog"] + path = themes/hugo-bearblog + url = https://github.com/janraasch/hugo-bearblog.git diff --git a/archetypes/default.md b/archetypes/default.md new file mode 100644 index 0000000..00e77bd --- /dev/null +++ b/archetypes/default.md @@ -0,0 +1,6 @@ +--- +title: "{{ replace .Name "-" " " | title }}" +date: {{ .Date }} +draft: true +--- + diff --git a/config.toml b/config.toml new file mode 100644 index 0000000..7afba36 --- /dev/null +++ b/config.toml @@ -0,0 +1,12 @@ +baseURL = 'https://hull.au/' +languageCode = 'en-us' +title = 'Maybe something useful' +theme = 'hugo-bearblog' +author = 'Admin' +enableRobotsTXT = true + +[menu] + [[menu.main]] + identifier = 'git' + name = 'Git' + url = 'https://git.hull.au/' diff --git a/content/_index.md b/content/_index.md new file mode 100644 index 0000000..937d3c5 --- /dev/null +++ b/content/_index.md @@ -0,0 +1,11 @@ +Welcome to my little corner of the Internet. + +I run a number of services that are publicly accessible and free to use. + +* [Piped](https://piped.hull.au) (YouTube frontend) +* [Nitter](https://nitter.hull.au) (Twitter frontend) +* [Libreddit](https://libreddit.hull.au) ([Teddit](https://teddit.hull.au) is also available but I prefer Libreddit) (Reddit frontend) +* [Rimgo](https://rimgo.hull.au) (Imgur frontend) +* [AnonymousOverflow](https://ao.hull.au) (StackOverflow frontend) + +More coming soon! diff --git a/content/blog/ltsc-21h2-connect-to-internet.md b/content/blog/ltsc-21h2-connect-to-internet.md new file mode 100644 index 0000000..9e1bfa6 --- /dev/null +++ b/content/blog/ltsc-21h2-connect-to-internet.md @@ -0,0 +1,40 @@ +--- +title: "Windows 10 LTSC 2021 / 21H2 OOBE Requiring Internet Connection on 2nd Hand Laptop" +date: 2023-02-24T12:52:15Z +draft: false +--- + +## Background + +Recently I successfully bid on a laptop that was recycled by one of the large mining companies, normally these come wiped clean and this one was no exception. +I went to install Windows 10 LTSC 2021 and as I progressed through the OOBE, something strange happened. + +## There is no option to setup offline + +Normally you can yank the network cord and setup the machine completely offline with a local account. This one absolutely refused to let me do this in a manner I had never seen before. +Its setup was reminiscent of the absolute hell that is the Windows 11 OOBE. + +## Why? + +It turns out this machine was previously enrolled in Intune and had some flag set (probably in the ACPI tables) that changed the OOBE's behaviour to require an Internet connection to proceed. + +After connecting the Internet, it ran through Autopilot whereupon it became apparent that Rio Tinto had not removed the machine from their directory and suddenly I was staring at their logon page. + +![Photo of the laptop after Autopilot](/images/rio-tinto.jpg) + +## How'd you get around it? + +The trick here is to try and get past the OOBE without connecting to the Internet, otherwise Autopilot will run and you'll be forced to reinstall. + +The easiest way to achieve this is to setup an unattend.xml file that skips the OOBE altogether. +In this case, I let Rufus create an unattend.xml file (it'll prompt you when creating the USB stick, I told it to create a local account) and added some extra properties to the `` section. + +You'll find the unattend.xml file in \sources\\$OEM$\\$$\Panther + +```xml +true +true +true +true +true +``` diff --git a/content/blog/netbox-authentik-oidc-sso.md b/content/blog/netbox-authentik-oidc-sso.md new file mode 100644 index 0000000..d96a1a1 --- /dev/null +++ b/content/blog/netbox-authentik-oidc-sso.md @@ -0,0 +1,59 @@ ++++ +title = "Configure NetBox OIDC SSO with Authentik" +date = "2023-02-24T14:23:10Z" ++++ + +In the not-too-distant past, if you wanted SSO with NetBox, you had to configure reverse proxy authentication (e.g. using `auth_request` in nginx or [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/)) and pass in the user details using Remote-User headers. This solution works but, depending on your situation, could add quite a lot of complexity and potential pitfalls. + +NetBox 3.1 introduced support for SSO providers via python-social-auth which is fantastic, but integrating this into Authentik was an absolute pain so here's how I got it working to save you the trouble. + +## Create your OIDC Provider + +1. Click on Applications -> Providers in the Authentik admin UI +![Authentik Providers menu](/images/provider-step1.png) +2. Click create and select OAuth2/OpenID Provider +![Authentik provider wizard](/images/provider-step2.png) +3. Give it a meaningful name, I would usually name something like this "NetBox OIDC" +4. Select an authorization flow, if you're relatively new and are using the out-of-the-box flows, the implicit consent flow is likely what you want +5. Leave Client type set to Confidential +6. Note down the client ID and secret +![Authentik provider wizard step 2](/images/provider-step3.png) +7. (Optional) I would recommend raising the access code and token validity in the Advanced settings as the defaults are rather aggressive +![Authentik provider wizard advanced](/images/provider-step4.png) + + +## Create the application in Authentik + +1. Click on Applications -> Applications in the Authentik admin UI +2. Click on Create and name your application +3. Note down the slug you use or at least make it something simple (like "netbox") +4. Associate it with the provider you created just before +5. (Optional) You can grab an SVG of the NetBox logo [here](/images/netbox_logo.svg) +![Authentik create application](/images/application-step1.png) + +## Configure NetBox + +For the sake of adding some background, the python-social-auth library is dependant on a component called [social-core](https://github.com/python-social-auth/social-core) which is where the actual social backends live. There is no proper implementation of the Authentik backend but it does offer a generic OIDC backend ([source](https://github.com/python-social-auth/social-core/blob/master/social_core/backends/open_id_connect.py)) that we can take advantage of. + +Caveat emptor: The SSO link will appear as "oidc" on the NetBox login page because the generic OIDC backend has this baked in as its name. Aside from changing the source code or extending the class to create a proper Authentik implementation, I cannot see a way to change this. + +![NetBox login page with 'oidc' link](/images/oidc.png) + +1. Open your NetBox `configuration.py` file in your editor of choice +2. Add the following lines +```python +REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth' +SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = "https://authentik.example.com/application/o/" +SOCIAL_AUTH_OIDC_KEY = '' +SOCIAL_AUTH_OIDC_SECRET = '' + +SOCIAL_AUTH_PROTECTED_USER_FIELDS = ['groups'] # Workaround for an issue where social-auth would die with an error when signing in due to a bug. You will have to assign users to groups because of this. +SOCIAL_AUTH_REDIRECT_IS_HTTPS = True # Forces HTTPS for redirect URIs. Handy if you're behind a proxy and the schema is wrong. +``` +3. Add `python-jose` to your `local_requirements.txt` file +4. Run `upgrade.sh` to ensure `python-jose` is installed +5. Restart NetBox + +## Associating existing NetBox users with social users + +When a social user logs in, an association is created in the database that ties their UID to the Django user. You can update these associations at https://netbox.example.com/admin/social_django/usersocialauth/ for the purposes of connecting existing NetBox users with their OIDC sign in. diff --git a/content/blog/samsung-pm983-esxi-7-compatibility.md b/content/blog/samsung-pm983-esxi-7-compatibility.md new file mode 100644 index 0000000..9fc6394 --- /dev/null +++ b/content/blog/samsung-pm983-esxi-7-compatibility.md @@ -0,0 +1,20 @@ ++++ +title = "Samsung PM983 Compatibility Woes on VMware ESXi 7" +date = "2023-02-24T13:57:32Z" ++++ + +I picked up a Samsung PM983 from eBay for a price that was a little too good. What could go wrong? Turns out these things aren't the easiest to get running with modern versions of ESXi and this likely influenced the price in my favour. + +These SSDs have a variety of different firmwares, you cannot obtain new firmware from Samsung and as a result, you may have issues running the latest builds of ESXi 7. + +## How can I workaround this? + +1. Consult the [VMware HCL](https://www.vmware.com/go/hcl) to figure out what version of ESXi your drive will work on +2. Grab the NVMe VIB from [here](https://esxi-patches.v-front.de/) for your supported version +3. Install the VIB over the top of the existing NVMe VIB +![VIB page](/images/esxi-packages.png) +4. Reboot for the changes to take effect + +## *But I'm booting from the NVMe drive!* + +It's possible to make a custom ESXi installer with your own VIBs loaded or alternatively you could install onto a USB (unsupported in 8), load a working VIB then migrate your install to the NVMe device using `dd`. diff --git a/static/favicon.ico b/static/favicon.ico new file mode 100644 index 0000000..5f67af6 Binary files /dev/null and b/static/favicon.ico differ diff --git a/static/images/application-step1.png b/static/images/application-step1.png new file mode 100644 index 0000000..c359593 Binary files /dev/null and b/static/images/application-step1.png differ diff --git a/static/images/esxi-packages.png b/static/images/esxi-packages.png new file mode 100644 index 0000000..47f07bf Binary files /dev/null and b/static/images/esxi-packages.png differ diff --git a/static/images/netbox_logo.svg b/static/images/netbox_logo.svg new file mode 100644 index 0000000..6089bfd --- /dev/null +++ b/static/images/netbox_logo.svg @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/static/images/oidc.png b/static/images/oidc.png new file mode 100644 index 0000000..f00bcd6 Binary files /dev/null and b/static/images/oidc.png differ diff --git a/static/images/provider-step1.png b/static/images/provider-step1.png new file mode 100644 index 0000000..beebac2 Binary files /dev/null and b/static/images/provider-step1.png differ diff --git a/static/images/provider-step2.png b/static/images/provider-step2.png new file mode 100644 index 0000000..8b23e73 Binary files /dev/null and b/static/images/provider-step2.png differ diff --git a/static/images/provider-step3.png b/static/images/provider-step3.png new file mode 100644 index 0000000..de8c059 Binary files /dev/null and b/static/images/provider-step3.png differ diff --git a/static/images/provider-step4.png b/static/images/provider-step4.png new file mode 100644 index 0000000..8c26281 Binary files /dev/null and b/static/images/provider-step4.png differ diff --git a/static/images/rio-tinto.jpg b/static/images/rio-tinto.jpg new file mode 100644 index 0000000..3c1d785 Binary files /dev/null and b/static/images/rio-tinto.jpg differ diff --git a/themes/hugo-bearblog b/themes/hugo-bearblog new file mode 160000 index 0000000..2078d95 --- /dev/null +++ b/themes/hugo-bearblog @@ -0,0 +1 @@ +Subproject commit 2078d956003920ebedf2e5adabba45bfb1c19aac