Jonathan Matthews jpluscplusm

## dec2ip.awk
#!/usr/bin/awk
# 1-liner: awk '{for(i=0;i<4;i++){byte=$1%256;ip="." byte ip;$1-=byte;$1/=256}}END{sub(".","",ip);print ip}'

{
  for(i=0; i<4; i++) {
    byte = $1 % 256
    ip = "." byte ip
    $1 -= byte
    $1 /= 256
  }

## README.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              15 stars
            
          
                jpluscplusm
                / README.md
            
            
              Last active
              February 22, 2020 22:36
            
              
                A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config
              
          
    Nginx Double A

A primitive Double A (AAA-minus-Accounting) RBAC system implemented in declarative Nginx config.
Background

So I noticed https://github.com/alexaandru/elastic_guardian, a simple AAA reverse-proxy to sit in front of Elasticsearch. Reading the source and comments tickled my "why is this in code not config?" funnybone.
I asked @alexaandru (https://twitter.com/jpluscplusm/status/438339557906735104) who told me it was mostly the resulting complexity of the nginx config he tried that prompted him to write it.

  
## gist:4366287
server {
  listen [::]:80;
  listen 80;
  server_name "~^(?<thishost>[^.]+.)?(subdomain.example.com)$";
  access_log off;

  location / {
    resolver 8.8.8.8; # or whatever your server can use
    sub_filter_once off;
    sub_filter 'thepiratebay.se' 'subdomain.example.com';

## log-indent-test.sh
#!/usr/bin/env bash
set -ueo pipefail

outofbandlogstring="This string must NEVER appear in the script's stdout/err ..." # or, like, simply "§" ...

function enter() {
  echo "$@"
  echo "${outofbandlogstring}+2"
}

## bosh-links-why-and-how.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jpluscplusm
                / bosh-links-why-and-how.md
            
            
              Created
              September 27, 2018 15:46
                — forked from Amit-PivotalLabs/bosh-links-why-and-how.md
            
              
                BOSH Links: Why and How
              
          
    BOSH Links: Why and How

Audience: anyone in the BOSH ecosystem, whether you work on something open-source or proprietary
"BOSH Links" is a feature which simplifies how data is shared between BOSH-deployed jobs that need to collaborate with one another (e.g. a web server and its backing database).  Like many BOSH things, the whole "BOSH Links" thing can seem counter-intuitive at first, and it may not be clear why things are the way they are.  This note hopes to show some of the powerful benefits of BOSH Links, and provide examples and explanations that make things more intuitive.

Why?
BASIC: A simple problem statement
BASIC: Putting the puzzle pieces together
ADVANCED: But what about...


## vpnc-script-aws
#!/bin/bash

# vpnc-script wrapper for use with openconnect that routes all AWS IP ranges over the VPN.
# Pass any additional IP ranges to be routed as args to the script.
#
# Requirements: bash, curl and jq.
#
# Example usage:
# openconnect https://vpn.example.com/profile --script '/path/to/vpnc-script-aws'
#

## test.bats
setup() {
  # Global setup
  if [ $BATS_TEST_NUMBER -eq 1 ]; then
    {
      echo export FOO=bar
    } >${BATS_TMPDIR}/bats.import.$PPID
  fi
  . ${BATS_TMPDIR}/bats.import.$PPID

  # Per-test setup as per documentation

## instance.tf
resource "aws_instance" "instance" {
  ami           = "ami-32rrg4334f"
  instance_type = "t2.small"
  subnet_id     = "subnet-abc123dasf"
  key_name      = "key"

  associate_public_ip_address = false

  vpc_security_group_ids = [
    "${aws_security_group.1.id}",

## .gitignore
/.terraform/terraform.tfstate*
/plan.out
/.plan.out.*

## awk-ad
#!/bin/bash
# ASCII-delimited input and output
awk -vFS="\x1F" -vRS="\x1E" -vOFS="\x1F" -vORS="\x1E" "$@"
	#!/usr/bin/awk
	# 1-liner: awk '{for(i=0;i<4;i++){byte=$1%256;ip="." byte ip;$1-=byte;$1/=256}}END{sub(".","",ip);print ip}'

	{
	for(i=0; i<4; i++) {
	byte = $1 % 256
	ip = "." byte ip
	$1 -= byte
	$1 /= 256
	}
	server {
	listen [::]:80;
	listen 80;
	server_name "~^(?<thishost>[^.]+.)?(subdomain.example.com)$";
	access_log off;

	location / {
	resolver 8.8.8.8; # or whatever your server can use
	sub_filter_once off;
	sub_filter 'thepiratebay.se' 'subdomain.example.com';
	#!/usr/bin/env bash
	set -ueo pipefail

	outofbandlogstring="This string must NEVER appear in the script's stdout/err ..." # or, like, simply "§" ...

	function enter() {
	echo "$@"
	echo "${outofbandlogstring}+2"
	}
	#!/bin/bash

	# vpnc-script wrapper for use with openconnect that routes all AWS IP ranges over the VPN.
	# Pass any additional IP ranges to be routed as args to the script.
	#
	# Requirements: bash, curl and jq.
	#
	# Example usage:
	# openconnect https://vpn.example.com/profile --script '/path/to/vpnc-script-aws'
	#
	setup() {
	# Global setup
	if [ $BATS_TEST_NUMBER -eq 1 ]; then
	{
	echo export FOO=bar
	} >${BATS_TMPDIR}/bats.import.$PPID
	fi
	. ${BATS_TMPDIR}/bats.import.$PPID

	# Per-test setup as per documentation
	resource "aws_instance" "instance" {
	ami = "ami-32rrg4334f"
	instance_type = "t2.small"
	subnet_id = "subnet-abc123dasf"
	key_name = "key"

	associate_public_ip_address = false

	vpc_security_group_ids = [
	"${aws_security_group.1.id}",
	#!/bin/bash
	# ASCII-delimited input and output
	awk -vFS="\x1F" -vRS="\x1E" -vOFS="\x1F" -vORS="\x1E" "$@"