Skip to content

Instantly share code, notes, and snippets.

View arianvp's full-sized avatar
🎱
Focusing

Arian van Putten arianvp

🎱
Focusing
258 followers · 56 following
View GitHub Profile
@arianvp
arianvp / .envrc
Last active April 11, 2024 19:27
Use nix flakes with private github deps
#!/bin/sh
#If already set (e.g. in github actions); use that instead
if [ -z "$GITHUB_TOKEN" ]; then
nix run nixpkgs#gh auth status || nix run nixpkgs#gh auth login
GITHUB_TOKEN="$(nix run nixpkgs#gh auth token)"
export GITHUB_TOKEN
fi
NIX_CONFIG="access-tokens = github.com=$GITHUB_TOKEN"
@arianvp
arianvp / dira-.envrc
Last active December 10, 2023 14:31
multiple shells (Note gists don't support subdirectories so read - as / lol)
use flake .#dira
@arianvp
arianvp / gist:ec48ffb00aeffb5e07fbde25c28a2fbb
Created August 27, 2023 13:08
[root@nixos:~]# poweroff
[root@nixos:~]# Stopping Session 1 of User root...
Stopping Session 2 of User root...
[ OK ] Removed slice Slice /system/modprobe.
[ OK ] Stopped target Multi-User System.
[ OK ] Stopped target Login Prompts.
[ OK ] Stopped target Containers.
[ OK ] Stopped target Network is Online.
@arianvp
arianvp / README.md
Last active December 7, 2023 09:36
An error occurred (AccessDenied) when calling the StartInstanceRefresh operation: You are not authorized to use launch template:

An error occurred (AccessDenied) when calling the StartInstanceRefresh operation: You are not authorized to use launch template:

You came here because you Googled the above error and got zero hits. You will now get a hit!

Problem

You have an error like:

An error occurred (AccessDenied) when calling the StartInstanceRefresh operation: You are not authorized to use launch template:
@arianvp
arianvp / thesis.nix
Created March 8, 2023 12:24
thesis.nix
{ pkgs ? import <nixpkgs> {} }:
let
fontsConf = pkgs.makeFontsConf {
fontDirectories = [ ./fonts ];
};
texlive = pkgs.texlive.combine {
inherit (pkgs.texlive)
appendix
tikzmark
@arianvp
arianvp / main.go
Created January 26, 2023 10:12
Fulcio watcher
package main
import (
"context"
"fmt"
"log"
"net/http"
"time"
ct "github.com/google/certificate-transparency-go"
@arianvp
arianvp / simplewebauthn.ts
Created January 19, 2023 08:19
Simplified Webauthn
interface SimpleCredential {
id: string;
publicKey: ArrayBuffer;
}
async function create(name: string) : Promise<SimpleCredential> {
// NOTE: We don't care about the challenge because we don't check attestation
const challenge = crypto.getRandomValues(new Uint8Array(16));
let credential = await navigator.credentials.create({
publicKey: {
@arianvp
arianvp / main.go
Last active September 19, 2022 17:59
TPM2 Activation and Attestation flow in Go
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/subtle"
"crypto/x509"
"log"
"math/big"
@arianvp
arianvp / webauthn-dpop.md
Created July 4, 2022 10:07
Using webauthn for sender constrained access tokens

Using webauthn for sender constrained access tokens

@arianvp
arianvp / gist:b64a910aa4226219ed52cbafc2ad1f0d
Last active August 2, 2022 02:10

Nix.dev @zupo

All the commands in the nix.dev documentation are now checked by CI.

The problem is that we have nested shells; which default tooling for this doesn't work. It works on my machine. What left is polishing and adding it to CI

Nix code samples are extracted into a file such that e.g. following nix-build calls can access those files. So that we can check that the default.nix in the document actually works.