Skip to content

Instantly share code, notes, and snippets.

View Zash's full-sized avatar

Kim Alvefur Zash

80 followers · 60 following
View GitHub Profile
@Zash
Zash / mod_s2s_certinfo.lua
Last active July 20, 2016 13:18
Riddim plugin for showing info about certificates along with server-side support plugin.
local xmlns = "http://zash.se/protocol/s2scertinfo";
local st = require"util.stanza";
-- local dump = require"myserialize".serialize;
local base64_encode = require"util.encodings".base64.encode;
local s_char, s_gsub = string.char, string.gsub;
local tonumber = tonumber;
local function unhexbyte(c) return s_char(tonumber(c, 16)) end
local function unhex(s) return s_gsub(s, "..", unhexbyte) end
local function hex2b64(s) return base64_encode(unhex(s)) end
@Zash
Zash / md-diff.sh
Last active April 21, 2018 15:39
XEP diff stuff
#!/bin/bash
# arguments: file commit commit [diff tool with args]
${4:-diff} \
<(git show "$2:$1" | ./xep2md.sh -) \
<(git show "$3:$1" | ./xep2md.sh -)
@Zash
Zash / hg.example.com
Last active July 19, 2020 10:27
hgweb+nginx
server {
server_name hg.example.com;
root /var/www/hg.example.com;
listen 0.0.0.0:80;
listen 0.0.0.0:443 ssl;
listen [::]:80;
listen [::]:443 ssl http2;
@Zash
Zash / dnsupdate-policy.lua
Created January 23, 2022 10:55
PowerDNS DNSUPDATE policy script
-- Policy control thing with policy derived from key name
-- "keyname.owner.domain" will be allowed to edit domain (including suddomains)
-- Special keyname "acme" should be allowed to add and remove _acme-challenge TXT records under domain
-- Assumes that the key name can't be faked
function updatepolicy(request)
local tsig = request:getTsigName();
local zone = request:getZoneName();
pdnslog("updatepolicy: tsig "..tsig:toString().." wants to update "..request:getQName():toString().." in "..zone:toString(), pdns.loglevels.Info);
@Zash
Zash / update-dane.sh
Created August 28, 2022 20:19
TLSA update thing
#!/bin/bash
set -euo pipefail
CERTS=/var/lib/dehydrated/certs/
pkeyhash() {
openssl pkey -in "$CERTS$1/privkey${2:-}.pem" -pubout -outform DER |
sha256sum | cut -d' ' -f1
}
@Zash
Zash / dns-update.sh
Last active June 1, 2023 14:27
nsupdate wrapper thing
#!/bin/bash
set -eo pipefail
ZONE="$1";
if ! shift; then
echo "Usage: $0 ZONE"
exit
fi
@Zash
Zash / get-oauth2-client.sh
Last active May 18, 2023 12:42
OAuth2 testing scripts
#!/bin/bash
# RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol
set -euo pipefail
BASE_DOMAIN="$1"
OAUTH_META="$(curl -sSfL "https://$BASE_DOMAIN/.well-known/oauth-authorization-server" -H Accept:application/json)"
ISSUER="$(echo "$OAUTH_META" | jq -r '.issuer')"
REGISTRATION_ENDPOINT="$(echo "$OAUTH_META" | jq -r '.registration_endpoint')"
@Zash
Zash / .gitconfig
Last active June 26, 2023 11:20
git config, aliases etc
[pull]
ff = only
[commit]
verbose = true
[alias]
amend = commit --amend --no-edit
ci = commit
co = checkout
each = submodule foreach git
fa = fetch --all -p
@Zash
Zash / update-sshfp.sh
Created May 15, 2023 16:53
Update SSHFP records
#!/bin/bash
set -eo pipefail
ZONE="$(hostname -d)"
FQDN="$(hostname -f)"
UPDATES="$(mktemp --suffix .nsupdate)"
trap 'rm -- "$UPDATES"' EXIT
{
@Zash
Zash / get-xmpp-cert.sh
Created May 30, 2023 14:08
Extract XMPP certificate
#!/bin/sh -e
if [ -z "$1" ]; then
echo "usage: $1 example.com [client|server]"
exit 1
fi
xmppdomain="$1"
adomain="$1"
if type idn2 >/dev/null 2>/dev/null ; then