Yury Bushmelev jay7x

## puppetcertmanager.rb
#!/usr/bin/env ruby
# frozen_string_literal: true

# Simple script to renew or enroll a Puppet certificate
# - If cert exists and is expiring: use certificate_renew endpoint
# - If cert missing: generate CSR, submit to CA, poll until signed
#
# Usage: ruby puppetcertmanager.rb <certname> [--csr-attributes /path/to/file.yaml] [--dns-alt-names name1,name2] [--debug]

require 'puppet'

## gist:ec4b5c60966bdf08897ec264b0ddca55
# This one is Shell executor, so no docker required
gitlab_ci_runner::manage_docker: false
gitlab_ci_runner::concurrent: 20
gitlab_ci_runner::runners:
  shell:
    name: build05-shell
    url: "%{alias('gitlab_prod_url')}"
    executor: "shell"
    request_concurrency: 2
    limit: 1

## node_fqdn.yaml
# Hiera config to change puppetserver certname
puppet::server_certname: puppetserver01
profile::puppetdb::server_certname: "%{alias('puppet::server_certname')}"
# Add real hostname to the certificate SAN list
puppet::dns_alt_names:
  - "%{facts.networking.fqdn}"
  # Add more names if needed


## ldap-users-prepare.rb
# Read users from known LDAP providers and create them in Gitlab
# Tested on Gitlab v18.1

# Create users on behalf of this user
creator = User.find_by(username: 'root')
# Add user to default organization
organization_id = Organizations::Organization.find_by(name: 'Default').id

Gitlab::Auth::Ldap::Config.providers.each do |provider|
  Gitlab::Auth::Ldap::Adapter.open(provider) do |adapter|

## .gitattributes
* text=auto
*.ps1 text eol=crlf
*.ps1.epp text eol=crlf

## iap-token.bash
#!/usr/bin/env bash

# Based on this guide:
# https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app
#
# Run the following command to store the token in the $IAP_TOKEN environment variable
# export IAP_TOKEN="$(bash ./iap_auth.bash | jq -r .id_token)"
#
# Use it with curl
# curl -v -H "Authorization: Bearer ${IAP_TOKEN}" '<IAP-protected-URL>'
	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# Simple script to renew or enroll a Puppet certificate
	# - If cert exists and is expiring: use certificate_renew endpoint
	# - If cert missing: generate CSR, submit to CA, poll until signed
	#
	# Usage: ruby puppetcertmanager.rb <certname> [--csr-attributes /path/to/file.yaml] [--dns-alt-names name1,name2] [--debug]

	require 'puppet'
	# This one is Shell executor, so no docker required
	gitlab_ci_runner::manage_docker: false
	gitlab_ci_runner::concurrent: 20
	gitlab_ci_runner::runners:
	shell:
	name: build05-shell
	url: "%{alias('gitlab_prod_url')}"
	executor: "shell"
	request_concurrency: 2
	limit: 1
	# Hiera config to change puppetserver certname
	puppet::server_certname: puppetserver01
	profile::puppetdb::server_certname: "%{alias('puppet::server_certname')}"
	# Add real hostname to the certificate SAN list
	puppet::dns_alt_names:
	- "%{facts.networking.fqdn}"
	# Add more names if needed
	# Read users from known LDAP providers and create them in Gitlab
	# Tested on Gitlab v18.1

	# Create users on behalf of this user
	creator = User.find_by(username: 'root')
	# Add user to default organization
	organization_id = Organizations::Organization.find_by(name: 'Default').id

	Gitlab::Auth::Ldap::Config.providers.each do \|provider\|
	Gitlab::Auth::Ldap::Adapter.open(provider) do \|adapter\|
	#!/usr/bin/env bash

	# Based on this guide:
	# https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app
	#
	# Run the following command to store the token in the $IAP_TOKEN environment variable
	# export IAP_TOKEN="$(bash ./iap_auth.bash \| jq -r .id_token)"
	#
	# Use it with curl
	# curl -v -H "Authorization: Bearer ${IAP_TOKEN}" '<IAP-protected-URL>'