Skip to content

Instantly share code, notes, and snippets.

jeremy avnet brainsik

Block or report user

Report or block brainsik

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@brainsik
brainsik / install-tf-11-14.sh
Created May 23, 2019
How to install an older version of a Homebrew forumla
View install-tf-11-14.sh
brew uninstall terraform
brew extract --version 0.11.14 terraform homebrew/cask
brew install terraform@0.11.14
@brainsik
brainsik / minimal-infra.md
Last active May 17, 2019
Minimalist Infrastructure
View minimal-infra.md

Minimalism

Minimalist infrastructure is the practice of building only what you need with the fewest number of resources. This is a philosophy, not a religion, you shouldn't build bad infrastructure to achieve a minimalist design. A minimalist design should lead to good infrastructure by reducing the amount of resources under management and the complexity of the design.

Avoid state

When designing your system, avoid storing additional state. Often the data you want to store is already available in the system. Using the system as the source of truth can avoid the difficult business of ensuring data consistency.

As an example, let's say you want to be able to rollback a Fargate deploy if the new task definition results in a service that won't become healthy. One option would be store the working task definition in something like DynamoDB (or git or any number of bad choices). However, your ECS service already has this information: the previous, healthy service is still running. Instead of managing a

@brainsik
brainsik / cidrs.tf
Last active Nov 16, 2018
Takes a list of VPC names and outputs their ID and CIDR
View cidrs.tf
data "aws_vpc" "found" {
count = "${length(var.vpc_names)}"
filter {
name = "tag:Name"
values = ["${element(var.vpc_names, count.index)}"]
}
}
output "vpc_id" {
View terraform-debug.txt
2018/07/24 15:01:38 [INFO] Terraform version: 0.11.7
2018/07/24 15:01:38 [INFO] Go runtime version: go1.10.1
2018/07/24 15:01:38 [INFO] CLI args: []string{"/usr/local/Cellar/terraform/0.11.7/bin/terraform", "validate"}
2018/07/24 15:01:38 [DEBUG] Attempting to open CLI config file: /Users/jeremy.avnet/.terraformrc
2018/07/24 15:01:38 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2018/07/24 15:01:38 [INFO] CLI command args: []string{"validate"}
2018/07/24 15:01:38 [DEBUG] checking for provider in "."
2018/07/24 15:01:38 [DEBUG] checking for provider in "/usr/local/Cellar/terraform/0.11.7/bin"
2018/07/24 15:01:38 [DEBUG] checking for provider in ".terraform/plugins/darwin_amd64"
2018/07/24 15:01:38 [DEBUG] found provider "terraform-provider-aws_v1.28.0_x4"
@brainsik
brainsik / stubby.yml
Created Nov 20, 2017
Stubby config for Quad9
View stubby.yml
upstream_recursive_servers:
- address_data: 9.9.9.9
tls_auth_name: "dns.quad9.net"
tls_pubkey_pinset:
- digest: "sha256"
value: MujBQ+U0p2eZLTnQ2KGEqs+fPLYV/1DnpZDjBDPwUqQ=
@brainsik
brainsik / add-ca-to-java.sh
Created Sep 7, 2017
Command to add a CA to your Java key store
View add-ca-to-java.sh
$jre/bin/keytool \
-import \
-trustcacerts \
-file /path/to/MyIntermediateCA.crt \
-alias MyIntermediateCA \
-keystore $jre/lib/security/cacerts \
-storepass changeit \
-noprompt
@brainsik
brainsik / main.cf
Created May 1, 2017
Postfix - secure relaying to smarthost
View main.cf
# client TLS parameters
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_mandatory_ciphers = high
smtp_tls_cert_file=/etc/letsencrypt/live/XXX/fullchain.pem
smtp_tls_key_file=/etc/letsencrypt/live/XXX/privkey.pem
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
@brainsik
brainsik / openssl-cli-notes.md
Last active Feb 19, 2017
OpenSSL client commands
View openssl-cli-notes.md

Connect to TLS endpoint w/SNI

echo | openssl s_client -connect $site:$port -servername $site

Show certificate expiration dates

echo | openssl s_client -connect $site:$port -servername $site 2>/dev/null | openssl x509 -noout -dates
@brainsik
brainsik / keybase.md
Created Sep 30, 2016
Keybase proof of GitHub identity
View keybase.md

Keybase proof

I hereby claim:

  • I am brainsik on github.
  • I am brainsik (https://keybase.io/brainsik) on keybase.
  • I have a public key whose fingerprint is 5D80 FC62 9CEF 8FAE 737C DDED 19A1 D142 4FE9 8E13

To claim this, I am signing this object:

You can’t perform that action at this time.