yoshman

He had to do admin functionality regression tests before prod releases to make sure nothing broke.

The system uses SSO for logins for everything else.

He is a subcontractor who was using scripts for all his projects. I told him he really needs to use env vars for creds.

He was a subcontractor, so technically, he's not our employee.

I bubbled it up the chain on our side, and it hasn't happened since.

It was an admin account to do regression testing for the admin interface and functions before prod releases.

I had my guys enable/disable the account during the testing pipeline so people can't login anymore.

I had a test engineer demand an admin password be admin/admin in production. I said absolutely not and had one of my team members change it to a 64-character password generated in a password manager. Dumbass immediately logs in and changes it to admin again. We found out when part of the pipeline broke.

So, we generated another new one, and he immediately changed it back to admin again. We were waiting for it the second time and immediately called him out on the next stand-up. He said he needs it to be admin so he doesn't have to change his scripts. picard_facepalm.jpg

I have my instance running in my k3s cluster. I have its node affinity to only run on my minisforum i9. That way, I can use cert manager to manage the certs.

Did the guy just eat fruit to cure his heart?

I will leave this here for anyone who needs to use Windows but wants a little more privacy.

https://www.oo-software.com/en/shutup10

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - DNS_ADDRESS=
      - PUID=1000
      - PGID=1000
      - SERVER_CITIES=
      - FIREWALL_VPN_INPUT_PORTS=
      - TZ=Etc/UTC
      # Provider readmes: https://github.com/qdm12/gluetun-wiki/tree/main/setup/providers
      - VPN_SERVICE_PROVIDER=
      #- VPN_TYPE=openvpn
      #- OPENVPN_CUSTOM_CONFIG=/config/custom.conf
      #- VPN_TYPE=wireguard
      #- WIREGUARD_PRIVATE_KEY=
      #- WIREGUARD_ADDRESSES=
    ports:
      - 6767:6767       # bazaar
      - 7878:7878       # radaar
      - 8118:8118       # privoxy
      - 8191:8191       # flaresolverr
      - 8787:8787       # readaar
      - 8989:8989       # sonaar
      - 9091:9091       # transmission
      - 9696:9696       # prowlarr
      # You can add an forwarded listening ports your VPN provider might have here as well.
    volumes:
      - /data/gluetun:/config
  bazarr:
    image: lscr.io/linuxserver/bazarr:latest
    container_name: bazarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /data/bazarr:/config
      - /share/downloads/movies:/share/downloads/movies
      - /share/downloads/tv:/share/downloads/tv
    restart: unless-stopped
    network_mode: service:gluetun
  flaresolverr:
    # DockerHub mirror flaresolverr/flaresolverr:latest
    image: ghcr.io/flaresolverr/flaresolverr:latest
    container_name: flaresolverr
    environment:
      - LOG_LEVEL=info
      - LOG_HTML=false
      - CAPTCHA_SOLVER=none
      - TZ=Etc/UTC
    restart: unless-stopped
    network_mode: service:gluetun
  privoxy:
    image: caligari/privoxy:latest
    container_name: privoxy
    restart: unless-stopped
    network_mode: service:gluetun
  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /data/prowlarr:/config
    restart: unless-stopped
    network_mode: service:gluetun
  radarr:
    image: lscr.io/linuxserver/radarr:latest
    container_name: radarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /data/radarr:/config
      - /share/downloads/movies:/share/downloads/movies
    restart: unless-stopped
    network_mode: service:gluetun
  readarr:
    image: lscr.io/linuxserver/readarr:develop
    container_name: readarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /data/readarr:/config
      - /share/downloads/books:/share/downloads/books
    restart: unless-stopped
    network_mode: service:gluetun
  sonarr:
    image: lscr.io/linuxserver/sonarr:latest
    container_name: sonarr
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /data/sonarr:/config
      - /share/downloads/tv:/share/downloads/tv
    restart: unless-stopped
    network_mode: service:gluetun
  transmission:
    image: lscr.io/linuxserver/transmission:latest
    container_name: transmission
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - TRANSMISSION_WEB_HOME= #optional
      - USER= #optional
      - PASS= #optional
      - WHITELIST= #optional
      - PEERPORT= #optional
      - HOST_WHITELIST= #optional
    volumes:
      - /data/transmission:/config
      - /share/downloads/movies:/share/downloads/movies
      - /share/downloads/books:/share/downloads/books
      - /share/downloads/tv:/share/downloads/tv
    restart: unless-stopped
    network_mode: service:gluetun
  watchtower:
    container_name: watchtower
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    network_mode: service:gluetun

I have them all running in a docker compose, that also has gluetun as the gateway.

It's a real basic compse file, but I can share it if you like.