Skip to content

Instantly share code, notes, and snippets.

Avatar

Phil Pennock philpennock

View GitHub Profile
@philpennock
philpennock / gitolite nats notifications in Go
Last active Nov 30, 2020
Golang version of git post-receive hook for gitolite to publish updates to NATS
View gitolite nats notifications in Go
This is for gitolite to publish notifications to NATS with details of commits.
I use the "hooks in admin repo" approach: I have root on the gitolite server and only I have commit access.
The only action taken outside of this repo was to install Go (1.15.5).
This approach uses a shell wrapper to on-demand re-compile the binary hook, which is written in Go.
Shell script: local/hooks/repo-specific/wrap-go-nats-publish.post-receive
Symlink: local/hooks/common/post-receive -> ../repo-specific/wrap-go-nats-publish.post-receive
Go source: local/src/nats-publish-postreceive.go
@philpennock
philpennock / nats-publish.post-receive.sh
Last active Nov 28, 2020
git post-receive hook for gitolite to publish updates to NATS
View nats-publish.post-receive.sh
#!/usr/bin/env bash
set -euo pipefail
progname="$(basename "$0" .sh)"
stderr() { printf >&2 '%s: %s\n' "$progname" "$*"; }
die() { stderr "$@"; exit 1; }
# Tunable
: "${NATS_SERVER:=nats.example.org}"
# Contractually has to have been provided, but this helps with command-line
View time_render.py
#!/usr/bin/env python3
"""
time_render: render time as given on cmdline
Convert epoch time (default) to something human-readable.
Handle obscenely large numbers.
"""
# DNS uses u_int48_t (for TSIG) which is seconds since Unix epoch.
View github_curl.sh
#!/usr/bin/env bash
set -euo pipefail
# Switched to bash so that we could bind variables for GraphQL
# TODO:
# * Rewrite in Go
# * Handle paging, iterate
# * Consider session keyring with timeout for caching PATs if had to be pulled from PGP-encrypted files
# * see if there's a Go implementation of the jq language
# * ability to take graphql queries from files/fds and munge into the correct
# format.
@philpennock
philpennock / dns-email.sh
Last active Dec 22, 2020
Bash script, using dig & curl, for reporting DNS and a few HTTPS policy files for everything email about a domain
View dns-email.sh
#!/usr/bin/env bash
#
# Copyright 2020 Pennock Tech, LLC
# No warranty, this is a proof-of-concept not a final product.
# MIT-style license.
set -euo pipefail
# This might need to switch to another language for concurrency and handling
# the queries which are rarer, but this is a decent start as a proof-of-concept.
@philpennock
philpennock / linode-known_hosts
Last active Mar 9, 2020
Linode LISH known_hosts for OpenSSH
View linode-known_hosts
lish-atlanta.linode.com,66.228.57.75,2600:3c02::f03c:91ff:fe93:e3bb ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC1YiyKqGc3i93G+/uzaHkNBm/GmwgkSoHBJD6CNam8dTo2zLZjCOBipb4OjbCHk3Nk6JrjC/at9H+iN7H7m8Vo=
lish-atlanta.linode.com,66.228.57.75,2600:3c02::f03c:91ff:fe93:e3bb ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm+yFvNDZoSTVaQguo6HWCEHnUWHGbN2TdGWm2Mt9rY
lish-atlanta.linode.com,66.228.57.75,2600:3c02::f03c:91ff:fe93:e3bb ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVkOduQVZUDg6HBPWWjrRa7d45yJyZYfwu4/yqIRowZjoCAQ1ktJcvXg0ABGaQTPmc4dHrQa4pZmAkZRrBgu/xtdl3b9PLY1xQltmJAgYJ2z4SjJQFk7qZLjv2IqMJM7wOwjCLo92rCBk78cIWr0jl1f5qE+i63CH0E3P6k8tD+t+y1RU3Kwx4h1It3tPa45wqLuBsFFgmPfc0ztwYOjONUJGoRK7k4q198gRWmO6mEBTeOJkigfhuPb+BW53m9p1jLuCIP+BwMoG3kB8e0ZKq17IS/Y59+POfqIaFqQC50AAJwZsks2DZYWJPEql6XSgX4WW0IH7KG1m17j5r2xO1
lish-dallas.linode.com,173.255.198.137,2600:3c00::f03c:91ff:fe93:2fd7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGlT+WXbL+tUi40riCGUeYmNboTCGOgJgbYESmBfwP71aX9Mjm1Y44
@philpennock
philpennock / gpg_refresh_external_domains.sh
Last active Jan 31, 2020
Two versions of "how to refresh PGP keys with gpg via WKD/external"
View gpg_refresh_external_domains.sh
#!/usr/bin/env bash
set -eu
# Warning: we assume that the input of the list of domains to refresh is
# trusted, and free from abusive characters. So the only adjustments for using
# within a PCRE regexp we apply is "escape the dots to be literal".
progname="$(basename "$0" .sh)"
die() { printf >&2 '%s: %s\n' "$progname" "$*"; exit 1; }
usage() {
@philpennock
philpennock / tflint
Created Jan 16, 2020
Bash wrapper to invoke tflint docker container
View tflint
#!/bin/bash -eu
DOCKER_IMAGE_NAME='tflint'
KeepEnvVars=( AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION )
DockerArgs=()
CmdArgs=()
PwdMountFlags='ro'
@philpennock
philpennock / aws-vault-unlock
Created Jan 13, 2020
CLI tool to unlock the XDG Secret collection used by 99designs/aws-vault
View aws-vault-unlock
#!/usr/bin/env python3
#
# Copyright © 2020 Pennock Tech, LLC
# SPDX-License-Identifier: MIT
"""
aws-vault-unlock: unlock (or lock) the awsvault libsecret collection
The XDG folks specify the Secret service available over D-Bus.
When everything works right, 99designs/aws-vault trying to access a locked
@philpennock
philpennock / perlgssapi-code_GSSAPI_fix-macOS-heimdal.patch
Created Jul 24, 2018
perlgssapi GSSAPI module patch to fix compilation on macOS
View perlgssapi-code_GSSAPI_fix-macOS-heimdal.patch
Index: GSSAPI.xs
===================================================================
--- GSSAPI.xs (revision 73)
+++ GSSAPI.xs (working copy)
@@ -6,6 +6,8 @@
#define __GSS_KRB5_NT_PRINCIPAL_NAME &mygss_nt_krb5_principal
#define __gss_mech_krb5_v2 &mygss_mech_krb5_v2
+#define GSSKRB_APPLE_DEPRECATED(x) /**/
+