Skip to content

Instantly share code, notes, and snippets.


Arian van Putten arianvp

View GitHub Profile
arianvp / thesis.nix
Created March 8, 2023 12:24
View thesis.nix
{ pkgs ? import <nixpkgs> {} }:
fontsConf = pkgs.makeFontsConf {
fontDirectories = [ ./fonts ];
texlive = pkgs.texlive.combine {
inherit (pkgs.texlive)
arianvp / main.go
Created January 26, 2023 10:12
Fulcio watcher
View main.go
package main
import (
ct ""
arianvp / simplewebauthn.ts
Created January 19, 2023 08:19
Simplified Webauthn
View simplewebauthn.ts
interface SimpleCredential {
id: string;
publicKey: ArrayBuffer;
async function create(name: string) : Promise<SimpleCredential> {
// NOTE: We don't care about the challenge because we don't check attestation
const challenge = crypto.getRandomValues(new Uint8Array(16));
let credential = await navigator.credentials.create({
publicKey: {
arianvp / main.go
Last active September 19, 2022 17:59
TPM2 Activation and Attestation flow in Go
View main.go
package main
import (
arianvp /
Created July 4, 2022 10:07
Using webauthn for sender constrained access tokens

Using webauthn for sender constrained access tokens

View gist:b64a910aa4226219ed52cbafc2ad1f0d @zupo

All the commands in the documentation are now checked by CI.

The problem is that we have nested shells; which default tooling for this doesn't work. It works on my machine. What left is polishing and adding it to CI

Nix code samples are extracted into a file such that e.g. following nix-build calls can access those files. So that we can check that the default.nix in the document actually works.

arianvp / flake.nix
Created February 22, 2022 19:18
A flake to deploy app to kubernetes
View flake.nix
description = "A flake that builds a go app and deploys to kubernetes";
inputs = {
utils.url = "github:numtide/flake-utils";
nixpkgs.url = "nixpkgs/nixpkgs-unstable";
outputs = { self, nixpkgs, utils }: utils.lib.eachDefaultSystem (system:
View cni.conf
"plugins": [
"type": "ptp",
"ipam": {
"type": "host-local",
"routes": [ { "dst": "::/0" } ],
"ranges": [ { "subnet": "2001:19f0:6c01:1f10::/80" } ]
arianvp / boot.ipxe
Last active August 31, 2021 16:17
ipxe boot config
View boot.ipxe
set STREAM stable
set VERSION 34.20210725.3.0
set BASEURL${STREAM}/builds/${VERSION}/x86_64
set NETWORK # ip=bond0:dhcp bond=bond0:enp0s20f0,enp0s20f1:mode=balance-tlb,downdelay=200,updelay=200,miimon=100 nameserver=
kernel ${BASEURL}/fedora-coreos-${VERSION}-live-kernel-x86_64 initrd=main coreos.inst.install_dev=/dev/sda${BASEURL}/fedora-coreos-${VERSION}-live-rootfs.x86_64.img ignition.firstboot coreos.inst.platform_id=packet console=ttyS1,115200n8 ${NETWORK}
use anyhow::{anyhow, Result};
use futures::TryStreamExt;
use k8s_openapi::api::core::v1::{PersistentVolumeClaim, Pod};
use kube::api::{Api, DeleteParams, ListParams, Patch, PatchParams};
use kube::Client;
use kube::CustomResource;
use kube_runtime::utils::try_flatten_applied;
use kube_runtime::watcher;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};