Skip to content

Instantly share code, notes, and snippets.

@joneskoo
joneskoo / new_peer.sh
Created June 6, 2019 19:12
Wireguard client/server config generator
#!/bin/bash
set -eu
set -o pipefail
dns_server=172.24.100.250
client_ip=$1
psk=$(wg genpsk)
client_privkey=$(wg genkey)
client_pubkey=$(wg pubkey <<<"$client_privkey")
@andy-thomason
andy-thomason / Genomics_A_Programmers_Guide.md
Created May 14, 2019 13:32
Genomics a programmers introduction

Genomics - A programmer's guide.

Andy Thomason is a Senior Programmer at Genomics PLC. He has been witing graphics systems, games and compilers since the '70s and specialises in code performance.

https://www.genomicsplc.com

@noelbundick
noelbundick / k8s-azure.json
Created August 16, 2018 21:53
k8s Azure Cloud Provider permissions
{
"Name": "Azure k8s Cloud Provider",
"IsCustom": true,
"Description": "Everything needed by the k8s 1.11 Azure cloud provider (not including ACR, addons, etc)",
"Actions": [
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/virtualMachineScaleSets/manualUpgrade/action",
"Microsoft.Compute/virtualMachineScaleSets/read",
@tallclair
tallclair / restricted-psp.yaml
Last active April 16, 2024 07:46
Restricted PodSecurityPolicy
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
@skreuzer
skreuzer / prometheus.yml
Last active February 7, 2019 18:45
smokeping style metrics in prometheus
global:
evaluation_interval: 15s
rule_files:
- smokeping.rules
scrape_configs:
- job_name: 'blackbox_icmp'
metrics_path: /probe
params:
module: [icmp]
scrape_interval: 1s
@attacus
attacus / riot-matrix-workshop.md
Last active March 13, 2024 00:16
Create your own encrypted chat server with Riot and Matrix

This guide is unmaintained and was created for a specific workshop in 2017. It remains as a legacy reference. Use at your own risk.

Running your own encrypted chat service with Matrix and Riot

Workshop Instructor:

This workshop is distributed under a CC BY-SA 4.0 license.

What are we doing here?

@ageis
ageis / systemd_service_hardening.md
Last active June 15, 2024 22:41
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@toke
toke / ansible-vault-pass.bash
Last active October 24, 2021 21:38
Small helper script for usage with ansible-vault and ansible-playbook together with pass https://www.passwordstore.org/ Two implementations: first in bash and anotger one in python, which should be better as the git config hack to get ini files may fail due to incompatibilities in git vs. ansible ini style. The bash version is kept for reference.
#!/usr/bin/env bash
set -e
#
# Written by Thomas Kerpe <toke@toke.de> - Public Domain
#
# Small helper script for usage with ansible-vault and ansible-playbook
# together with [pass](https://www.passwordstore.org/)
#
# Say you have stored the vault-password for the current ansible playbook in pass
@magnuspalmer
magnuspalmer / mqttclient.groovy
Last active July 30, 2019 03:34
Groovy mqtt client bluemix IoT services
@Grab(group='org.eclipse.paho', module='mqtt-client', version='0.4.0')
import org.eclipse.paho.client.mqttv3.*
import org.eclipse.paho.client.mqttv3.persist.MqttDefaultFilePersistence
String tmpDir = System.getProperty("java.io.tmpdir")
MqttDefaultFilePersistence dataStore = new MqttDefaultFilePersistence("${tmpDir}/mqtt")
//org
String org = 'myOrg'
@nickrw
nickrw / volsay.sh
Created April 19, 2013 12:43
volsay: Wrapper around OSX's `say' command, which sets the system volume to the requested level, then restores volume / mute state once speech is complete.
#!/bin/bash
function usage() {
echo "usage: $0 <volume (0-100)> <say args...>"
echo
echo "Unmutes and sets the system volume to volume%, passing the remaining"
echo "arguments to the OSX \`say' command, restoring volume / mute setting"
echo "to previous values after the speech has completed."
exit 1
}