Skip to content

Instantly share code, notes, and snippets.


Arian van Putten arianvp

View GitHub Profile
arianvp /
Created Jul 4, 2022
Using webauthn for sender constrained access tokens

Using webauthn for sender constrained access tokens

View gist:b64a910aa4226219ed52cbafc2ad1f0d @zupo

All the commands in the documentation are now checked by CI.

The problem is that we have nested shells; which default tooling for this doesn't work. It works on my machine. What left is polishing and adding it to CI

Nix code samples are extracted into a file such that e.g. following nix-build calls can access those files. So that we can check that the default.nix in the document actually works.

arianvp / flake.nix
Created Feb 22, 2022
A flake to deploy app to kubernetes
View flake.nix
description = "A flake that builds a go app and deploys to kubernetes";
inputs = {
utils.url = "github:numtide/flake-utils";
nixpkgs.url = "nixpkgs/nixpkgs-unstable";
outputs = { self, nixpkgs, utils }: utils.lib.eachDefaultSystem (system:
View cni.conf
"plugins": [
"type": "ptp",
"ipam": {
"type": "host-local",
"routes": [ { "dst": "::/0" } ],
"ranges": [ { "subnet": "2001:19f0:6c01:1f10::/80" } ]
arianvp / boot.ipxe
Last active Aug 31, 2021
ipxe boot config
View boot.ipxe
set STREAM stable
set VERSION 34.20210725.3.0
set BASEURL${STREAM}/builds/${VERSION}/x86_64
set NETWORK # ip=bond0:dhcp bond=bond0:enp0s20f0,enp0s20f1:mode=balance-tlb,downdelay=200,updelay=200,miimon=100 nameserver=
kernel ${BASEURL}/fedora-coreos-${VERSION}-live-kernel-x86_64 initrd=main coreos.inst.install_dev=/dev/sda${BASEURL}/fedora-coreos-${VERSION}-live-rootfs.x86_64.img ignition.firstboot coreos.inst.platform_id=packet console=ttyS1,115200n8 ${NETWORK}
use anyhow::{anyhow, Result};
use futures::TryStreamExt;
use k8s_openapi::api::core::v1::{PersistentVolumeClaim, Pod};
use kube::api::{Api, DeleteParams, ListParams, Patch, PatchParams};
use kube::Client;
use kube::CustomResource;
use kube_runtime::utils::try_flatten_applied;
use kube_runtime::watcher;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
arianvp / eksctl.yaml
Last active Jun 14, 2021
EKS managed node group k8ssandra
View eksctl.yaml
kind: ClusterConfig
name: arian-playground-staging
region: eu-central-1
version: "1.19"
# Used for other workloads
- name: compute
minSize: 1
View job.nix
{ pkgs, lib, config, ... }:
cfg = config.webshop;
options.webshop = {
website = lib.mkOption {
type = lib.types.package;
description = "The static content to serve";

nix-shell --pure repro.nix succeeds:

$ nix-shell --pure repro.nix
[nix-shell]$ out=final.img
[nix-shell]$ genericBuild
Checking that no-one is using this disk right now ... OK

Disk out.img: 44.3 MiB, 46485504 bytes, 90792 sectors
Units: sectors of 1 * 512 = 512 bytes
arianvp /
Last active Jul 7, 2020
publiccode review
  • Code in the open - Development is done on a closed platform (Azure) that is periodically synced with GitHub. Some teams do work primarily on GitHub.
  • Bundle policy and source code - No. there are some requirement documents; but they're not in editable form, and are not the policy itself
  • Create reusable and portable code - Impossible due to dependence on GAEN which violates the "The codebase MUST be independent from any secret, undisclosed, proprietary or non-open licensed code or services for execution and understanding." requirement
  • Welcome contributions
  • Maintain version control
  • Require review of contributions
  • Document your objectives - . There is a requirements document but it's uneditable
  • Document your code. Partially. there are architecture documentation, but no code docs.
  • Use plain English