Skip to content

Instantly share code, notes, and snippets.

View krisek's full-sized avatar

krisek

4 followers · 1 following
View GitHub Profile
@krisek
krisek / gist:2d3919f6be0949e077350f30f9b983d4
Last active September 16, 2020 12:58
cartography
MATCH (t:Tag{value:'whatever'})-[:TAGGED]-(v:AWSVpc)-[:MEMBER_OF_AWS_VPC]-(n)-[:SUBNET|:TAGGED]-(lb) WHERE EXISTS(lb.dnsname) OR lb.key = 'Name' RETURN n,lb
MATCH (t:Tag{value:'hnq40'})-[:TAGGED]-(v:AWSVpc)-[:MEMBER_OF_AWS_VPC]-(n)-[:SUBNET|:TAGGED]-(lb)-[:DNS_POINTS_TO|:MEMBER_OF_EC2_SECURITY_GROUP]-(d) WHERE EXISTS(lb.dnsname) OR lb.key = 'Name' RETURN n,lb,d
@krisek
krisek / README.md
Last active October 22, 2020 06:41
DevOps install 
#devops install

curl -L https://get.oh-my.fish | fish
sudo bash -c 'echo /usr/local/bin/fish >> /etc/shells'
chsh -s /usr/local/bin/fish
omf theme bobthefish

git clone https://github.com/jimeh/tmux-themepack.git ~/.tmux-themepack
@krisek
krisek / README.md
Last active November 19, 2020 21:56
Spotlight photos on X

This Gist contains a bash and a fish shell script to get MS Spotlight photos on your Linux machine.

Depends on curl, jq and sed.

@krisek
krisek / openssl
Created November 27, 2020 12:58
You can check if an SSL certificate matches a Private Key by using the 3 easy commands below.
For your SSL certificate: openssl x509 –noout –modulus –in <file>.crt | openssl md5
For your RSA private key: openssl rsa –noout –modulus –in <file>.key | openssl md5
For your CSR: openssl req -noout -modulus -in <file>.csr | openssl md5
@krisek
krisek / default
Created March 21, 2021 13:35
default nginx config to reverse proxy prometheus and grafana
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
@krisek
krisek / route_tables.py
Created March 21, 2021 21:49
Cartography EC2 route_tables ingest draft
import logging
from typing import Dict
from typing import List
import boto3
import neo4j
from .util import get_botocore_config
from cartography.util import aws_handle_regions
from cartography.util import run_cleanup_job
@krisek
krisek / gist:b9d1c4eb7d82e0c09d30469b8758d42d
Created May 21, 2021 15:28
import json
import requests
import os
import re
import hashlib
templates = {
'slack': {},
'teams': {
@krisek
krisek / kyverno_vpa.yaml
Last active September 6, 2021 06:19
kyverno_vpa.yaml
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: kyverno
spec:
targetRef:
apiVersion: "apps/v1"
kind: Deployment
name: kyverno
updatePolicy:
@krisek
krisek / zero_rule_hub_and_spoke
Last active September 13, 2021 12:59
zerotier simple hub and spoke ruleset
# Create a tag for which department someone is in
tag department
id 10 # arbitrary, but must be unique
enum 100 spoke # has no meaning to filter, but used in UI to offer a selection
enum 200 hub
enum 300 super
;
# Whitelist only IPv4 (/ARP) and IPv6 traffic and allow only ZeroTier-assigned IP addresses
drop # drop cannot be overridden by capabilities
@krisek
krisek / matrix-webhook.py
Last active January 2, 2022 11:34
Matrix webhook
#!/usr/bin/env python3
"""
Matrix Webhook.
Post a message to a matrix room with a simple HTTP POST
"""
import asyncio
import json
import os