Skip to content

Instantly share code, notes, and snippets.


Phil Pennock philpennock

View GitHub Profile
philpennock / gitolite nats notifications in Go
Last active Nov 30, 2020
Golang version of git post-receive hook for gitolite to publish updates to NATS
View gitolite nats notifications in Go
This is for gitolite to publish notifications to NATS with details of commits.
I use the "hooks in admin repo" approach: I have root on the gitolite server and only I have commit access.
The only action taken outside of this repo was to install Go (1.15.5).
This approach uses a shell wrapper to on-demand re-compile the binary hook, which is written in Go.
Shell script: local/hooks/repo-specific/
Symlink: local/hooks/common/post-receive -> ../repo-specific/
Go source: local/src/nats-publish-postreceive.go
philpennock /
Last active Nov 28, 2020
git post-receive hook for gitolite to publish updates to NATS
#!/usr/bin/env bash
set -euo pipefail
progname="$(basename "$0" .sh)"
stderr() { printf >&2 '%s: %s\n' "$progname" "$*"; }
die() { stderr "$@"; exit 1; }
# Tunable
: "${}"
# Contractually has to have been provided, but this helps with command-line
#!/usr/bin/env python3
time_render: render time as given on cmdline
Convert epoch time (default) to something human-readable.
Handle obscenely large numbers.
# DNS uses u_int48_t (for TSIG) which is seconds since Unix epoch.
#!/usr/bin/env bash
set -euo pipefail
# Switched to bash so that we could bind variables for GraphQL
# * Rewrite in Go
# * Handle paging, iterate
# * Consider session keyring with timeout for caching PATs if had to be pulled from PGP-encrypted files
# * see if there's a Go implementation of the jq language
# * ability to take graphql queries from files/fds and munge into the correct
# format.
philpennock /
Last active Dec 22, 2020
Bash script, using dig & curl, for reporting DNS and a few HTTPS policy files for everything email about a domain
#!/usr/bin/env bash
# Copyright 2020 Pennock Tech, LLC
# No warranty, this is a proof-of-concept not a final product.
# MIT-style license.
set -euo pipefail
# This might need to switch to another language for concurrency and handling
# the queries which are rarer, but this is a decent start as a proof-of-concept.
philpennock / linode-known_hosts
Last active Mar 9, 2020
Linode LISH known_hosts for OpenSSH
View linode-known_hosts,,2600:3c02::f03c:91ff:fe93:e3bb ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC1YiyKqGc3i93G+/uzaHkNBm/GmwgkSoHBJD6CNam8dTo2zLZjCOBipb4OjbCHk3Nk6JrjC/at9H+iN7H7m8Vo=,,2600:3c02::f03c:91ff:fe93:e3bb ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm+yFvNDZoSTVaQguo6HWCEHnUWHGbN2TdGWm2Mt9rY,,2600:3c02::f03c:91ff:fe93:e3bb ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVkOduQVZUDg6HBPWWjrRa7d45yJyZYfwu4/yqIRowZjoCAQ1ktJcvXg0ABGaQTPmc4dHrQa4pZmAkZRrBgu/xtdl3b9PLY1xQltmJAgYJ2z4SjJQFk7qZLjv2IqMJM7wOwjCLo92rCBk78cIWr0jl1f5qE+i63CH0E3P6k8tD+t+y1RU3Kwx4h1It3tPa45wqLuBsFFgmPfc0ztwYOjONUJGoRK7k4q198gRWmO6mEBTeOJkigfhuPb+BW53m9p1jLuCIP+BwMoG3kB8e0ZKq17IS/Y59+POfqIaFqQC50AAJwZsks2DZYWJPEql6XSgX4WW0IH7KG1m17j5r2xO1,,2600:3c00::f03c:91ff:fe93:2fd7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGlT+WXbL+tUi40riCGUeYmNboTCGOgJgbYESmBfwP71aX9Mjm1Y44
philpennock /
Last active Jan 31, 2020
Two versions of "how to refresh PGP keys with gpg via WKD/external"
#!/usr/bin/env bash
set -eu
# Warning: we assume that the input of the list of domains to refresh is
# trusted, and free from abusive characters. So the only adjustments for using
# within a PCRE regexp we apply is "escape the dots to be literal".
progname="$(basename "$0" .sh)"
die() { printf >&2 '%s: %s\n' "$progname" "$*"; exit 1; }
usage() {
philpennock / tflint
Created Jan 16, 2020
Bash wrapper to invoke tflint docker container
View tflint
#!/bin/bash -eu
philpennock / aws-vault-unlock
Created Jan 13, 2020
CLI tool to unlock the XDG Secret collection used by 99designs/aws-vault
View aws-vault-unlock
#!/usr/bin/env python3
# Copyright © 2020 Pennock Tech, LLC
# SPDX-License-Identifier: MIT
aws-vault-unlock: unlock (or lock) the awsvault libsecret collection
The XDG folks specify the Secret service available over D-Bus.
When everything works right, 99designs/aws-vault trying to access a locked
philpennock / perlgssapi-code_GSSAPI_fix-macOS-heimdal.patch
Created Jul 24, 2018
perlgssapi GSSAPI module patch to fix compilation on macOS
View perlgssapi-code_GSSAPI_fix-macOS-heimdal.patch
Index: GSSAPI.xs
--- GSSAPI.xs (revision 73)
+++ GSSAPI.xs (working copy)
@@ -6,6 +6,8 @@
#define __GSS_KRB5_NT_PRINCIPAL_NAME &mygss_nt_krb5_principal
#define __gss_mech_krb5_v2 &mygss_mech_krb5_v2