johnstanfield

## edit-docker-image.sh
# note: get your AWS credentials however you usually do that (e.g. aws configure or set the env vars)

REPO_URL=accountid.dkr.ecr.region.amazonaws.com/repo-name
EXISTING_TAG=version1
NEW_TAG=version1-hotfix

# get everything ready
mkdir -p ~/slipstream
cd ~/slipstream
`aws ecr get-login --no-include-email`

## jqsay
#!/usr/bin/env bash

# jq-say
# format string as JSON message
#
# treat odd args as keys and even args as values
# use jq to output something like this, for as many args supplied:
#   {"arg1": "arg2", "arg3": "arg4"}
#
# very helpful for echo'ing log messages as JSON

## kill-touchpad-triple-click.sh
# i often click between the buttons on my touchpad.
# this is because the touchpad is lined up with the center of the laptop
# rather than the center of the keyboard home row
# this script finds the device id of the touchpad (which changes as devices are plugged/unplugged) and disables the triple click

# note: on new installations, run xinput to identify your touchpad which may not contain the word TouchPad

touchPadId=$(xinput | grep TouchPad | awk -F 'id=' '{print $2}' | cut -f1)
xinput --set-button-map $touchPadId 1 1 3

## tunnel.sh
# prerequisites
#    1) you have a (Linux) EC2 instance with SSH enabled, source/destination check disabled, etc.
#    2) you have a security group rule with a tag named roaming (this script updates that rule to allow you access) (note: tag the rule, not the security group)

# grant access to your IP access
myip=$(curl -s https://ipv4.icanhazip.com)
read sgid sgrid < <(echo $(aws ec2 describe-security-group-rules --filter Name=tag:Name,Values=roaming | jq '.SecurityGroupRules[0].GroupId, .SecurityGroupRules[0].SecurityGroupRuleId' -r))
aws ec2 modify-security-group-rules --group-id $sgid --security-group-rules SecurityGroupRuleId=$sgrid,SecurityGroupRule=\{CidrIpv4=$myip\/32,FromPort=22,ToPort=22,IpProtocol=TCP,Description=roaming\}

# open tunnel

## ap.sh
#!/bin/bash

# i want to stream netflix and prime video from my chromecast to the hotel TV
#
# hotels often have an authentication / agreement page that you have to click OK on
# chromecasts do not play nicely with those
#
# solution: connect your laptop to the hotel's wi-fi, then set up an AP and connect the chromecast to the AP
#           your laptop will be both a client of the hotel's WLAN and an access point + bridge of your own WLAN
#

## fail2ban_amznlnx2.sh
# run as root or sudo everything below

# install epel
amazon-linux-extras install epel -y

# install fail2ban
yum -y install fail2ban

# configure fail2ban  (just adding enabled=true in the sshd section)
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

## sqs-2012-11-05.php.patch
# problem:
#  - you have a FIFO SQS queue at AWS but you're running an older version (v2) of the AWS SDK for PHP
#  - you get the error "The request must contain the parameter MessageGroupId"
#  - this is because v2 of the SDK is older than FIFO queues
# solution:
#  - just add the parameters to the resource file
#  - either by pasting or applying the patch below
#
# vendor/aws/aws-sdk-php/src/Aws/Sqs/Resources/sqs-2012-11-05.php.patch

## entry-point.sh
# i'm running cloudflare RailGun in a Fargate task, in a public subnet, with a public IP address.
# i need to ensure the web servers do not allow public access; only access from this Fargate task or CloudFlare's IPs
# this presents an interesting problem: Fargate tasks can't use Elastic IPs, so the IP will change each time a task runs,
# making security groups tough

# what i do is:
# create a prefix list (this is a list of IP addresses at AWS)
# add a security group called web_railgun that uses the prefix list; attach that security group to the load balancer
# replace the IP address (cidr) entry in the prefix list when the task boots

## terminate-draining-instances.sh
#!/bin/bash
# inspects EC2 instances in an ECS cluster and terminates instances that are in a DRAINING state
# the instances are terminated via autoscaling, and the desired capacity is decremented
#
# this is the proper way to terminate EC2 instances in an ECS cluster because:
#    - if you just decrement the desired capacity, instances with running tasks may be terminated, and you may have an outage
#    - if you terminate instances with zero tasks, the autoscaling group will just replace them
#
# USAGE
#     DRY RUN

## code.gs
// purge gmail script
// i've been using this for years to keep gmail from going over the limit
// it has gotten me from 99% to 50% many times on various accounts
//
// it runs on google apps script, which is google's script platform that can access your email
// to automatically delete older messages according to the rules below
//
// it's controlled by the CONFIG array
// set an age (required)
// set a label or from (one of them is required)
	# note: get your AWS credentials however you usually do that (e.g. aws configure or set the env vars)

	REPO_URL=accountid.dkr.ecr.region.amazonaws.com/repo-name
	EXISTING_TAG=version1
	NEW_TAG=version1-hotfix

	# get everything ready
	mkdir -p ~/slipstream
	cd ~/slipstream
	`aws ecr get-login --no-include-email`
	#!/usr/bin/env bash

	# jq-say
	# format string as JSON message
	#
	# treat odd args as keys and even args as values
	# use jq to output something like this, for as many args supplied:
	# {"arg1": "arg2", "arg3": "arg4"}
	#
	# very helpful for echo'ing log messages as JSON
	# i often click between the buttons on my touchpad.
	# this is because the touchpad is lined up with the center of the laptop
	# rather than the center of the keyboard home row
	# this script finds the device id of the touchpad (which changes as devices are plugged/unplugged) and disables the triple click

	# note: on new installations, run xinput to identify your touchpad which may not contain the word TouchPad

	touchPadId=$(xinput \| grep TouchPad \| awk -F 'id=' '{print $2}' \| cut -f1)
	xinput --set-button-map $touchPadId 1 1 3
	# prerequisites
	# 1) you have a (Linux) EC2 instance with SSH enabled, source/destination check disabled, etc.
	# 2) you have a security group rule with a tag named roaming (this script updates that rule to allow you access) (note: tag the rule, not the security group)

	# grant access to your IP access
	myip=$(curl -s https://ipv4.icanhazip.com)
	read sgid sgrid < <(echo $(aws ec2 describe-security-group-rules --filter Name=tag:Name,Values=roaming \| jq '.SecurityGroupRules[0].GroupId, .SecurityGroupRules[0].SecurityGroupRuleId' -r))
	aws ec2 modify-security-group-rules --group-id $sgid --security-group-rules SecurityGroupRuleId=$sgrid,SecurityGroupRule=\{CidrIpv4=$myip\/32,FromPort=22,ToPort=22,IpProtocol=TCP,Description=roaming\}

	# open tunnel
	#!/bin/bash

	# i want to stream netflix and prime video from my chromecast to the hotel TV
	#
	# hotels often have an authentication / agreement page that you have to click OK on
	# chromecasts do not play nicely with those
	#
	# solution: connect your laptop to the hotel's wi-fi, then set up an AP and connect the chromecast to the AP
	# your laptop will be both a client of the hotel's WLAN and an access point + bridge of your own WLAN
	#
	# run as root or sudo everything below

	# install epel
	amazon-linux-extras install epel -y

	# install fail2ban
	yum -y install fail2ban

	# configure fail2ban (just adding enabled=true in the sshd section)
	cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
	# problem:
	# - you have a FIFO SQS queue at AWS but you're running an older version (v2) of the AWS SDK for PHP
	# - you get the error "The request must contain the parameter MessageGroupId"
	# - this is because v2 of the SDK is older than FIFO queues
	# solution:
	# - just add the parameters to the resource file
	# - either by pasting or applying the patch below
	#
	# vendor/aws/aws-sdk-php/src/Aws/Sqs/Resources/sqs-2012-11-05.php.patch
	# i'm running cloudflare RailGun in a Fargate task, in a public subnet, with a public IP address.
	# i need to ensure the web servers do not allow public access; only access from this Fargate task or CloudFlare's IPs
	# this presents an interesting problem: Fargate tasks can't use Elastic IPs, so the IP will change each time a task runs,
	# making security groups tough

	# what i do is:
	# create a prefix list (this is a list of IP addresses at AWS)
	# add a security group called web_railgun that uses the prefix list; attach that security group to the load balancer
	# replace the IP address (cidr) entry in the prefix list when the task boots
	#!/bin/bash
	# inspects EC2 instances in an ECS cluster and terminates instances that are in a DRAINING state
	# the instances are terminated via autoscaling, and the desired capacity is decremented
	#
	# this is the proper way to terminate EC2 instances in an ECS cluster because:
	# - if you just decrement the desired capacity, instances with running tasks may be terminated, and you may have an outage
	# - if you terminate instances with zero tasks, the autoscaling group will just replace them
	#
	# USAGE
	# DRY RUN
	// purge gmail script
	// i've been using this for years to keep gmail from going over the limit
	// it has gotten me from 99% to 50% many times on various accounts
	//
	// it runs on google apps script, which is google's script platform that can access your email
	// to automatically delete older messages according to the rules below
	//
	// it's controlled by the CONFIG array
	// set an age (required)
	// set a label or from (one of them is required)