Reconfigure a Certbot Certificate to use the Cloudflare DNS Validation Method

You may have configured a certbot certificate to use the webroot validation method but wish to use the Cloudflare DNS method instead. Using the Cloudflare DNS method allows you to renew your certificate independent of your web server state and configuration. These instructions apply to Red Hat-style distributions e.g., AlmaLinux, Rocky Linux, and CentOS. Generate a Cloudflare API Token for […]

Creating Signed RPMs and a Repository

Create signed RPMs and set up an RPM repository to make your RPMs available to install on Red Hat-style systems including AlmaLinux, CentOS, Fedora, Red Hat Enterprise Linux, and Rocky Linux. This guide assumes you already have a publicly-accessible web server as described in WordPress on LAMP with Session Encryption and Backup to host your repository. Environment AlmaLinux 9 Prerequisite […]

Automating Intune Application Packaging

On the surface, packaging applications for deployment with Intune seems simple: Wrap an installer using the IntuneWinAppUtil.exe utility; provide silent installation and uninstallation commands; provide a detection method; and call it a day, right? Practically speaking, however, there are ample opportunities for human error. Naturally, the solution is automation! This One Zero One automation script attempts to “normalize” application deployment […]

WordPress on LAMP with Session Encryption and Backup

Overview Zen Astronave is a personal blog site. In this guide, we will implement a Linux, Apache, MariaDB, and PHP (LAMP) system and install WordPress for Since we are interested in the Confidentiality, Integrity, and Availability (CIA) triad, we will also implement a firewall, Transport Layer Secuirty (TLS) certificates, and daily backups. This example uses AlmaLinux but should also […]

Update Visual Studio Code Updates Settings with PowerShell

On Windows systems, Visual Studio Code settings are stored in a subfolder of the User profile. %APPDATA%\Code\User\settings.json There is no global settings file, so if you are deploying in an enterprise environment where updates are managed with something like Microsoft Endpoint Manager (Intune), you might wish to disable VSCode’s update check so it doesn’t nag your users who may not […]

Demystifying Microsoft Endpoint Manager Win32 App Deployments

Some aspects of traditional Windows application (win32) deployment using Microsoft Endpoint Manager (Intune) can be frustratingly elusive. Understanding a few things about the program environment and detection capabilities will help you be more successful with this tool. Please note that in this context, “win32” refers to native Windows applications, not 32-bit applications vs. 64-bit applications. Installer To prepare a win32 […]

Making Libvirt User-friendly in AlmaLinux

In AlmaLinux (and Red Hat Enterprise Linux, Rocky Linux, and CentOS), libvirtd defaults to the user URI. When a regular user executes virsh list, they will see only the KVM virtual machines accessible to their user and will not see those started by the system. You can change this behavior so that regular users can list and interact with virtual […]

Example AlmaLinux Kickstart

This is an example kickstart for a typical system with a single disk (nvme0n1) and a single network adapter (ens160). These values may need to be changed to suit your environment. It will copy additional Assets to the target system as described in Customizing the AlmaLinux Installer Media. The resulting system uses LUKS full-disk encryption (the LUKS and root user […]

Customizing the AlmaLinux Installer Media

This article shows you how to customize the AlmaLinux (or Red Hat Enterprise Linux, or Rocky Linux, or CentOS Linux) installer media to include a kickstart file and additional file assets. Commands prepended with # should be run as root while commands prepended with $ should be run as your regular user. Prerequisites A basic AlmaLinux workstation installation (temporary is […]

Common Elements for Windows Answer Files

An answer file makes it possible to deploy Windows with “zero touch”, meaning that all of the installation parameters are specified and the installation will proceed without further input from the technician. Warning! If your answer file is fully automated and includes a partitioning scheme, you run the risk of unintentionally wiping out a production system if you accidentally boot […]