August 21, 2019
When I’m at home I have setup a Raspberry Pi to run Pi-hole and block pesky advertising. But. I am not always at home. I also bring my Macbook to work, customers, airports & hotels. I didn’t want to clutter up my system and install Pi-hole natively, so instead I used Docker To make starting/stopping Pi-hole easier I created a small shell script: #!/bin/bash case "$1" in install) docker pull pihole/pihole exit 0 ;; start) docker start pihole 2>&1 >/dev/null || docker run -d --name pihole -e WEBPASSWORD="Gloryhole" -e DNS1=1. ...
April 20, 2019

My ISP does not give me a static IP. It doesn’t change often, but in the rare case that it has changed I never discover it before I actually need it.

So. I wanted a very simple way of auto-updating the record. I didn’t want to bother with a thirdparty client from something like dyndns (and I didn’t want to pay for anything).

As I use Cloudflare as dns service for all domains I own I could just use their API and solve it with a oneliner, but doing it with Ansible is more readable

November 26, 2018
This probably takes a bit of explanation. My use case is the following: I wish to expose an internal Wiki outside the corporate network. To accomplish this I use an Azure AD Application Proxy. I also wish to restrict who has access to the application proxy and enforce multifactor authentication. This is easily accomplished by setting “User assignment required” in properties and adding a Conditional Access-policy. However. A really weird drawback in Azure AD is lack of support for nested groups. ...
October 27, 2017

To change VM Size when your virtual machines are part of an availability set can be a pain in the Azure Portal. Especially if the new size you want is not available on your current cluster and the resources have to be moved as well.

The entire process is a lot easier to do with powershell

September 29, 2017
Get-ADUser -SearchBase "ou=users,dc=contoso,dc=com" -Filter * -Properties Name, EmployeeNumber, UserPrincipalName, Manager | where {$_.Manager -eq $null} | ft Name, EmployeeNumber, UserPrincipalName, Manager

Because “Manager” is an extended attribute in Active Directory you can’t use -Filter {Manager -notlike “*“} like you would with basic attributes

September 22, 2017
To delete an entire tree structure with objects (typically Organizational Units) with the flag “ProtectedFromAccidentialDeletion” we first need to remove the flag. We can then select the top node and delete the entire tree. Needless to say, you should probably use this with caution. If you don’t want to remove the protection from every OU in the specified SearchBase you need to split up and run the command multiple times with different values for the SearchBase-argument ...
July 17, 2017
Get-ADUser -Filter "*" -SearchBase "ou=Users,dc=contoso,dc=com" -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
    Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
December 2, 2016

This is an old example (albeit with a few updates) on how to use Ansible’s ACME-module to generate free certificates and validated them with a DNS record.

The example use Cloudflare for DNS, but any provider with an ansible module works.

To use the example, add your own email, api token and domain name to variables. To receive a certificate with an actual trusted root, change ACME Directory to