Skip to content

Instantly share code, notes, and snippets.

Avatar
🎱
Focusing

Arian van Putten arianvp

🎱
Focusing
View GitHub Profile
@arianvp
arianvp / main.go
Created Jan 26, 2023
Fulcio watcher
View main.go
package main
import (
"context"
"fmt"
"log"
"net/http"
"time"
ct "github.com/google/certificate-transparency-go"
@arianvp
arianvp / simplewebauthn.ts
Created Jan 19, 2023
Simplified Webauthn
View simplewebauthn.ts
interface SimpleCredential {
id: string;
publicKey: ArrayBuffer;
}
async function create(name: string) : Promise<SimpleCredential> {
// NOTE: We don't care about the challenge because we don't check attestation
const challenge = crypto.getRandomValues(new Uint8Array(16));
let credential = await navigator.credentials.create({
publicKey: {
@arianvp
arianvp / main.go
Last active Sep 19, 2022
TPM2 Activation and Attestation flow in Go
View main.go
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/subtle"
"crypto/x509"
"log"
"math/big"
@arianvp
arianvp / webauthn-dpop.md
Created Jul 4, 2022
Using webauthn for sender constrained access tokens
View webauthn-dpop.md

Using webauthn for sender constrained access tokens

View gist:b64a910aa4226219ed52cbafc2ad1f0d

Nix.dev @zupo

All the commands in the nix.dev documentation are now checked by CI.

The problem is that we have nested shells; which default tooling for this doesn't work. It works on my machine. What left is polishing and adding it to CI

Nix code samples are extracted into a file such that e.g. following nix-build calls can access those files. So that we can check that the default.nix in the document actually works.

@arianvp
arianvp / flake.nix
Created Feb 22, 2022
A flake to deploy app to kubernetes
View flake.nix
{
description = "A flake that builds a go app and deploys to kubernetes";
inputs = {
utils.url = "github:numtide/flake-utils";
nixpkgs.url = "nixpkgs/nixpkgs-unstable";
};
outputs = { self, nixpkgs, utils }: utils.lib.eachDefaultSystem (system:
let
View cni.conf
{
"cniversion":"1.0.0",
"name":"kube",
"plugins": [
{
"type": "ptp",
"ipam": {
"type": "host-local",
"routes": [ { "dst": "::/0" } ],
"ranges": [ { "subnet": "2001:19f0:6c01:1f10::/80" } ]
@arianvp
arianvp / boot.ipxe
Last active Aug 31, 2021
ipxe boot config
View boot.ipxe
#!ipxe
set STREAM stable
set VERSION 34.20210725.3.0
set BASEURL https://builds.coreos.fedoraproject.org/prod/streams/${STREAM}/builds/${VERSION}/x86_64
set NETWORK # ip=bond0:dhcp bond=bond0:enp0s20f0,enp0s20f1:mode=balance-tlb,downdelay=200,updelay=200,miimon=100 nameserver=8.8.8.8
kernel ${BASEURL}/fedora-coreos-${VERSION}-live-kernel-x86_64 initrd=main ignition.platform.id=metal coreos.inst.install_dev=/dev/sda coreos.live.rootfs_url=${BASEURL}/fedora-coreos-${VERSION}-live-rootfs.x86_64.img ignition.firstboot coreos.inst.platform_id=packet console=ttyS1,115200n8 ${NETWORK}
View cassdc.rs
use anyhow::{anyhow, Result};
use futures::TryStreamExt;
use k8s_openapi::api::core::v1::{PersistentVolumeClaim, Pod};
use kube::api::{Api, DeleteParams, ListParams, Patch, PatchParams};
use kube::Client;
use kube::CustomResource;
use kube_runtime::utils::try_flatten_applied;
use kube_runtime::watcher;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
@arianvp
arianvp / eksctl.yaml
Last active Jun 14, 2021
EKS managed node group k8ssandra
View eksctl.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: arian-playground-staging
region: eu-central-1
version: "1.19"
managedNodeGroups:
# Used for other workloads
- name: compute
minSize: 1