DEV Community: hunttom

Adding TLS to Pi-hole

hunttom — Mon, 01 Nov 2021 01:25:33 +0000

PiHole is a great tool for blocking ads across an entire network. However, the web-based administration panel defaults to connecting to HTTP over port 80. As a network engineer, it has always bothered me that I had to pass a password into the pi-hole I've always had it on my list to update Pi-hole to use HTTPS and I could not find any documentation.

Disclaimer: configure to meet your own baseline for security standards, the examples given are generic.

Prerequisites

Raspberry Pi
Pi-hole installed
Backup of your configuration

Instructions

1. Create the SSL Cert:

a. Create the self signed certificate:

openssl req -new -x509 -keyout pihole.pem -out pihole.pem -days 365 -nodes

b. Change permissions to read-only:

chmod 400 pihole.pem

2. Configure Lighttpd

a. Create and move cert into Lighttpd:

sudo mkdir /etc/lighttpd/certs
mv pihole.pem /etc/lighttpd/certs/pihole.pem

b. Configure Lighttpd to accept HTTPS requests: sudo vim /etc/lighttpd/external.conf

An example configuration would be for my Pi-hole DNS address at pihole.example.com:

$HTTP["host"] == "pihole.example.com" {
  # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  setenv.add-environment = ("fqdn" => "true")

  # Enable the SSL engine with a LE cert, only for this specific host
  $SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/certs/pihole.pem" #Location of PEM file.
    ssl.use-sslv2 = "disable"
    ssl.use-sslv3 = "disable"       
  }

  # Redirect HTTP to HTTPS
  $HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
      url.redirect = (".*" => "https://%0$0")
    }
  }
}

3. Restart Lighttpd

a. Run the command sudo systemctl restart lighttpd to restart Lighttpd.

4. Test the configuration

b. Log into your Pi-hole: https://pihole.example.com

Creating Python CLI tools

hunttom — Fri, 29 Oct 2021 04:00:14 +0000

A link to the GitHub repo

An example using the CLI Skeleton can be found here

Prerequisites:

Python 3.6+

Introduction:

Initially, I wanted to create a Python CLI tool to help automate certain aspects of my day. This tooling was inspired by me trying to use Python files when I needed to run a task such as log into a website, push code, or check the security configurations of my cloud projects. These repeated tasks were boring and distracted me from more important tasks.

After reading through multiple blog posts and GitHub repositories, I found that there wasn't an clean, easy, and updated way to write a quick Python function. I wanted these scripts to be able to be called from the command line without too much effort or overhead with refactoring my code. So I decided to build a repeatable pattern that others could use.

The Solution:

In the theme of October, I have created a "cli_skeleton" which will allow you to create and automate such tasks.

Project Layout:

.
├── cli_skeleton
│   ├── core
│   │   └── exceptions.py
│   ├── functions
│   │   └── test_function.py
│   ├── __init__.py
│   └── __main__.py
├── LICENSE
├── Makefile
├── README.md
└── setup.py

Starting top to bottom:

Core Directory:

Add any actions which are universal or shared actions, such as error handling that you would want to across all functions or functionality.

Functions:

This directory holds your Python functions. You can have multiple functions in this directory and reference them in the __main__.py file.

A basic function layout is as follows:

from cli_skeleton.core.exceptions import CLISkeletonExceptions 
# Importing all the core functions, in this instance, exceptions and error handling.


def test_print(test):
"""
The main function I want to run
"""
    try:
        print(test)
    except Exception as err:
        raise CLISkeletonExceptions(str(err))
    else:
        print("Successfully ran the CLI test script")

main.py

This Python file is the main entry point to the CLI tool. You add your logic accordingly. In the function I created, I used argparse to allow me to put arguments into the CLI tool.

from cli_skeleton.functions.test_function import test_print
# Import the functions you want to use

def main():
"""
For this example CLI script, the logic evaluates to 'True' thus running the function 'test_print' passing in 'Hi Dev.to!'
"""
    if True:  # Logic for functions
        test_print("Hi Dev.to!") # The function imported from line 1.

if __name__ == '__main__':
    main()

Makefile

I've included a Makefile to help various tasks such as:

make installs the tool locally
make uninstall uninstalls the tool locally
make venv creates a Python venv.
make test installs and tests the tool based on a set of CLI commands. For the example I am running cli_skeleton as the test
make clean removes the venv and removes all .pyc files.

Feel free to study up on Makefiles and edit to your hearts content.

README

I've included a sample README

setup.py

This file sets all the metadata for your Python CLI tool.
Update accordingly.

Sharing and installing on different machines:

You can use GitHub to share/install your Python tool, run pip3 install git+https://github.com/<USER>/<REPO_NAME>@<BRANCH NAME> for example: pip3 install git+https://github.com/hunttom/cli_skeleton@main

Conclusion:

In this post, I have covered the layout to a Python CLI tool and how to modify the files and install. I hope you can use this layout to create your own Python CLI tools! Best of luck and happy coding!

Additional reading/resources to help:

Alfred Plugin for searching Dev.to

hunttom — Tue, 05 Jan 2021 19:51:58 +0000

Hey all,
Super short post - I search Dev.to a lot. So in typical developer fashion, if you do something repetitive, automate!

At the following Github repo, I posted a really quick search function in Alfred. https://github.com/hunttom/bodega/blob/master/alfred/Dev.to.alfredworkflow

Requires: Alfred: https://www.alfredapp.com/

To Use: Type "dev {search query}" to search in Dev.to. Alfred will open up in a new tab within your default browser.

Enjoy!

What other Alfred productivity apps do you enjoy using?

Programmatically setting up a Dev Environment

hunttom — Fri, 19 Jul 2019 03:45:58 +0000

So recently, due to user error (mine) I had to wipe my developer machine and go through the arduous process of setting it back up. In the attempt to simplify the process, I began searching around on the internet as a way to codify setup. After many tutorials, recommendations, and peer feedback (way too many contributors to mention: but thank you all!) I wanted to share my results. What used to take me 6 hours of set up of a new MacOS, takes about 30 minutes now (minus the cloning of my repositories and transfer of my documents, etc).

If you are needing to set up a your development machine, please take this template, change, alter, and make it your own. Most of all I hope to provide a solution to a new developer, a developer who just doesn't want to reimage their machine, or just someone who wants to look at the tools I use. An updated image of this script can be found at my GitHub Repo. Link

Happy Coding!

Tools I use:

HomeBrew
Python3+
Pip
PyEnv

Requirements:

Running High Sierra
Admin of your computer
Understand and read every line of code and customize to your needs. THIS WILL FAIL IF YOU RUN AS IS! (Primarily the Git section, SSH Section, and what environment you work with (Python, Ruby, NodeJS, etc)).
Remove the tools or sections you don't want either by commenting or deleting.

To install

Download from the GitHub or copy/paste this version into a bash script.
Run bash FILE_NAME
Go get coffee.



!/bin/bash


# Inspration was based on the following:
# See attached for how to set up a dev environment: https://www.taniarascia.com/setting-up-a-brand-new-mac-for-development/
#########################
# Creating SSH Keys  
# Install SSH Keys: ssh-keygen see documentation at https://www.ssh.com/ssh/keygen/
#########################

  #REQUIREMENTS
  # Make sure you are running High Sierra+
  # Update Location Settings in Preferences
  # Update Location Settings in Outlook
  # iTerm: Change Font to Meslo and Theme to Solarized
  # Copy (If you have any) Config Files for .ssh; .aws; .zshrc (and comment out ZSHRC section); and neofetch
  # See the bottom section if you want to Java or Ruby over Python.

#########################

# Run outstanding system updates
echo "Updating system install..."
softwareupdate -ia --verbose
echo ""

# Install xcode cli development tools
echo "Installing xcode cli development tools..."
xcode-select --install
echo ""

#####################################################################
# Install brew apps
#####################################################################

# Install homebrew
echo "Installing homebrew..."
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
echo ""
echo "Installing HomeBrew apps..."
echo ""

# Dev cli apps
brew install ack                               # Faster Grep - Grep for programmers
brew install bat                               # Syntax Highlighting
brew install bench                             # Benchmarking Tool for Code
brew install openssl                           # SSL
brew install flake8                            # Python Linter
brew install fzf                               # Fuzzy String Search
brew install git                               # Version control
brew install git-secrets                       # Checks for Credential Exposure
brew install gnupg                             # GPG Suite
brew install htop                              # Performance Monitoring
brew install iftop                             # Network Monitoring
brew install libksba                           # GPG Package
brew install libyaml                           # A C library for parsing and emitting YAML
brew install mas                               # MAS Install
brew install neofetch                          # iterm Machine Description
brew install neovim                            # Modern VIM
brew install node                              # NodeJS
brew install postgresql                        # PostgreSQL and tools
brew install reattach-to-user-namespace        # Needed for clipboard integration from vim and tmux
brew install telnet                            # Telnet
brew install terraform                         # Terraform
brew install tmux                              # Terminal multiplexer
brew install tree                              # Tree Command
brew install wget                              # Retrieve web files
brew install z                                 # Jump Around based on directories

# Dev gui apps
brew cask install balenaetcher                 # Burn raspberry pi images
brew cask install caffeine                     # Keep your screen on
brew cask install cyberduck                    # SFTP Client
brew cask install docker                       # Container tooling
brew cask install drawio                       # Icon/Graphic Creator
brew cask install firefox                      # Firefox -  SignIn/Import Settings about:support. Open "Show In Finder" Copy and Replace
brew cask install gimp                         # Graphics editor
brew cask install gitup                        # Visual Git
brew cask install google-chrome                # Chrome web browser
brew cask install iterm2                       # A better terminal: change bash to /bin/bash -l in Preferences/Profile
brew cask install mountain-duck                # Drive Mounter
brew cask install postman                      # GUI for testing apis
brew cask install pycharm-ce                   # Text based IDE
brew cask install sublime-text                 # Text Editor
brew cask install vagrant                      # Virtual Boxes CLI
brew cask install veracrypt                    # Encryption Gear
brew cask install virtualbox                   # VirtualBox
brew cask install wireshark                    # Wireshark
brew cask install zenmap                       # NMAP Client

# Personal gui apps
brew install syncthing                         # Backup Software
brew services start syncthing
brew cask install hazel                        # Folder Cleanup
open /Applications/Hazel.app/
brew cask install quickhash                    # Hashing Program
brew cask install safeincloud-password-manager # Password Manager

# Communication
brew cask install quip                         # Quip for Collaboration
brew cask install riot                         # IRC Client
brew cask install signal                       # Signal


# Productivity gui apps
brew cask install alfred                       # Mac os helper
open /Applications/Alfred\ 3.app/
brew cask install flux                         # Blue light solution
open /Applications/Flux.app/


echo ""

#####################################################################
# Install mac app store apps
#
# NOTE: The mas commands will only work if you are:
#   - on High Sierra+
#   - have downloaded the app from the store previously
#   - are currently logged into the app store app
#####################################################################

echo "Installing mas cli..."
brew install mas                               # Mac App Store CLI
echo ""

echo "Installing mas apps..."
echo ""

# Dev gui apps
mas install 497799835                         # Xcode, ios/osx app dev env
sudo xcodebuild -license accept
mas install 1295203466                        # Microsoft Remote Desktop, rdp into windows
mas install 1451685025

# Work gui apps
mas install 866773894                         # Quiver PAID Notetaking

#####################################################################
# Pimp zsh
#
# NOTE: To use the bullet-train theme with zsh you will need to
# change Terminal/iterm2 to use one of the powerline fonts installed
# with the first set of commands below.
#####################################################################

# Install powerline fonts (needed by bullet train theme)
git clone https://github.com/powerline/fonts.git ~/tmp/fonts
sudo ~/tmp/fonts/install.sh
rm -rf ~/tmp/fonts

# Install bullet-train theme
# mkdir -p ~/.zsh-custom/themes
# sudo curl -L -o ~/.zsh-custom/themes/bullet-train.zsh-theme https://raw.githubusercontent.com/caiogondim/bullet-train.zsh/master/bullet-train.zsh-theme

# Install oh-my-zsh theme
if [ ! -d "$HOME/.oh-my-zsh" ]; then
  echo "Installing oh-my-zsh"
  sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
fi

# Customise oh my zsh to use agnoster theme
sed -i -e 's/ZSH_THEME="\(.*\)"/ZSH_THEME="agnoster"/' ~/.zshrc
sed -i -e 's/^# ZSH_CUSTOM=\(.*\)/ZSH_CUSTOM=~\/.zsh-custom/' ~/.zshrc

#####################################################################
# ZSH Preferences
#####################################################################
echo 'alias upd="brew update; brew upgrade; brew cask upgrade; mas upgrade; brew cleanup --prune-prefix; brew doctor; brew cleanup;' >> ~/.zshrc
echo 'alias weather="curl wttr.in/Tarrytown:NewYork"' >> ~/.zshrc
echo 'alias gitc="git ls-files | xargs cat | wc -l"' >> ~/.zshrc
git clone https://github.com/chriskempson/base16-shell.git ~/.config/base16-shell

echo '# Base32 Shell
BASE16_SHELL="$HOME/.config/base16-shell/"
[ -n "$PS1" ] && \
    [ -s "$BASE16_SHELL/profile_helper.sh" ] && \
        eval "$("$BASE16_SHELL/profile_helper.sh")"' >> ~/.zshrc

source ~/.zshrc

#####################################################################
# Git Configuration
#####################################################################
echo ""
echo "Creating Git Configuration"
echo ""

touch ~/.gitconfig

cat << EOT >> ~/.gitconfig
[user]
    name = FIRST_NAME LAST_Name
    email = EMAIL
[github]
    user = USERNAME 
[alias]
    a = add
    ca = commit -a
    cam = commit -am
    s = status
    pom = push origin master
    pog = push origin gh-pages
    puom = pull origin master
    puog = pull origin gh-pages
    cob = checkout -b
[credential]
    helper = osxkeychain
[secrets]
    providers = git secrets --aws-provider
    patterns = [A-Z0-9]{20}
    patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
    patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?
    allowed = AKIAIOSFODNN7EXAMPLE
    allowed = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
EOT

#####################################################################
# SSH Configuration
#####################################################################
echo ""
echo "Configuring SSH"
echo ""

touch ~/.ssh/config

cat << EOT >> ~/.ssh/config
ANY SSH CONFIG INFO YOU WANT.

EOT
#####################################################################
# Creating Email Cert
#####################################################################
echo ''
echo 'go to Outlook and/or Apple Mail and configure to have "alias" cert sign all messages and encrypt(if needed)'
echo ''

#####################################################################
# Install the devtool version managers
#####################################################################

# # Install Sdkman (manage jvm related build tools)
# if [ ! -f ~/.sdkman/bin/sdkman-init.sh ]; then
#   echo "Installing Sdkman"
#   curl -s "https://get.sdkman.io" | bash
#   source ~/.sdkman/bin/sdkman-init.sh

#   sdk install java 8.0.181-zulu
#   sdk install gradle
#   sdk install maven
#   sdk install sbt
#   sdk install visualvm
# fi

# Install Node Version Manager
if [ ! -f ~/.nvm/nvm.sh ]; then
  echo "Installing Node Version Manager"
  curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash

  cat << EOT >> ~/.zshrc
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
EOT

  source ~/.zshrc
  nvm install node
fi

#####################################################################
# Python Installer
#####################################################################
# Python Env and Global ENV
brew install pyenv                             # Python ENV
brew install pyenv-virtualenv                  # PythonEnv VirualEnv
echo '#Python Env'
echo 'eval $(pyenv init -)"' >> ~/.zshrc
echo 'eval "$(pyenv virtualenv-init -)"' >> ~/.zshrc
exec $SHELL
pyenv
pyenv install 3.7.4
pyenv global 3.7.4
pyenv virtualenv 3.7.4 global-venv
pyenv global global-venv
pip install ansible awscli boto3 boto
source ~/.zshrc

sudo installer -pkg /Library/Developer/CommandLineTools/Packages/macOS_SDK_headers_for_macOS_10.14.pkg -target / # Install zlib for pyenv

#####################################################################
# Ruby
#####################################################################

# Install Ruby I've decided to use rbenv.
brew install rbenv
rbenv init
curl -fsSL https://github.com/rbenv/rbenv-installer/raw/master/bin/rbenv-doctor | bash
brew upgrade rbenv ruby-build
rbenv install 2.6.1
rbenv global 2.6.1
echo 'eval "$(rbenv init -)"' >> ~/.zshrc
rbenv rehash

#####################################################################
# Ruby Gems for Install
#####################################################################
gem install bundler jekyll

#####################################################################
# RVM Option
#####################################################################

# Install Ruby Version Manager if you want to use this Ruby Version Manager
# if [ ! -f ~/.rvm/scripts/rvm ]; then
#   echo "Installing RVM"
#   curl -L -o rvm-installer https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer
#   chmod +x ./rvm-installer
#   ./rvm-installer
#   rm rvm-installer

#   source ~/.zshrc
#   rvm install ruby --latest --default
# fi

#####################################################################
# Configurations
#####################################################################

chflags nohidden ~/Library #Show Library
defaults write com.apple.finder AppleShowAllFiles YES #Show Hidden Files
defaults write com.apple.finder ShowPathbar -bool true #Show Path Bar
defaults write com.apple.finder ShowStatusBar -bool true #Show status Bar
defaults write com.google.Chrome AppleEnableSwipeNavigateWithScrolls -bool FALSE #Removing two finger "go back" from Chrome
defaults write com.mozilla.Firefox AppleEnableSwipeNavigateWithScrolls -bool FALSE #Removing two finder "go back" from Chrome
sudo installer -pkg /Library/Developer/CommandLineTools/Packages/macOS_SDK_headers_for_macOS_10.14.pkg -target / # Install zlib for pyenv

exec $SHELL

A Self-Service Raspberry Pi VPN

hunttom — Fri, 12 Jul 2019 03:22:29 +0000

Recently, I wanted to set up a VPN server residing on a Raspberry Pi on my home network and wanted to share my adventures with you. While this is more of an infrastructure and VPN-based post, I thought that it might provide some developers in need of a secure way to get back to their home networks as I did. Additionally, this is a fun way to brush up on infrastructure work and mess around with a Raspberry Pi!

Here is an overview of my setup:

Necessary equipment:

A Raspberry Pi (Preferable a RBP2+)
An AWS account (or any other Cloud Provider) - In this post I use AWS
A domain.

Problem and Context: I wanted to have a secure way to link back into my home network when traveling and using public networks. VPN Companies were an option but I wanted the following:

The ability to update and check on my IoT projects running on my home network.
Cost - VPN companies have robust servers with world-wide reach. Although, they do incur cost monthly and the RBP option was a lot cheaper (totaling around $2.80 per month) including energy and cost of the AWS hosted zone.
I had a RBP laying around - why not!

Solution: A PiVPN running on my home network allowing me to both reach my home network and the Internet. My VPN endpoint (RBP) remains online because I run a Cron job every 24 hours to update a hosted zone's A record on AWS Route53.

I set up the RBP: updating Linux and changing the login to a very strong password (Security always!). I went a step further and only enabled PEM key login for SSH for extra security.
I set up my router for port forwarding on a random port to my RBP.
Used the PiVPN curl -L https://install.pivpn.io | bash to generate the OpenVPN certificate and set up the OpenVPN server to my preferences.
Created the PiVPN cert and used SCP to download that cert and change the .opvn file to ensure that the endpoint was my DynamicDNS record (example: vpn.example.com).
To circumvent an issue I ran into where my VPN pointed to my router's public IP and my ISP changed my IP address, I modified a DynamicDNS script I found (Compliments to https://willwarren.com/).
Set up a Cron Job to query once a day and update my AWS Route53 A Record if my ISP changes my public IP address again. When SSH'ed into the the RBP run crontab -e and put the desire frequency of triggering the Cron job. An easy tool to use can be found here.
Example 24 hour Cron job that runs every midnight: 0 0 * * * /bin/bash /home/pi/dynamic_dns_route53.sh
Install AWS CLI on the RBP.
Create an IAM User with a policy dynamicdnspolicy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "route53changerecord",
                "Effect": "Allow",
                "Action": "route53:ChangeResourceRecordSets",
                "Resource": "arn:aws:route53:::hostedzone/HOSTEDZONE"
            }
        ]
    }

Create an Access Key/Secret key pair and add to AWS CLI profile on the RBP.
Download the DynamicDNS Script from my Repository
Add hosted zone and record set to the dynamic_dns_route53.sh script on lines 8 and 11 from Route53.
Verify that the script ran!

You can change out the script to whatever cloud/DNS provider you have!

Best of success (securely of course!)

PS This worked on both my phone and laptop, I just needed an OpenVPN client to use the cert!