View gitolite nats notifications in Go
This is for gitolite to publish notifications to NATS with details of commits. | |
I use the "hooks in admin repo" approach: I have root on the gitolite server and only I have commit access. | |
The only action taken outside of this repo was to install Go (1.15.5). | |
This approach uses a shell wrapper to on-demand re-compile the binary hook, which is written in Go. | |
Shell script: local/hooks/repo-specific/wrap-go-nats-publish.post-receive | |
Symlink: local/hooks/common/post-receive -> ../repo-specific/wrap-go-nats-publish.post-receive | |
Go source: local/src/nats-publish-postreceive.go |
View nats-publish.post-receive.sh
#!/usr/bin/env bash | |
set -euo pipefail | |
progname="$(basename "$0" .sh)" | |
stderr() { printf >&2 '%s: %s\n' "$progname" "$*"; } | |
die() { stderr "$@"; exit 1; } | |
# Tunable | |
: "${NATS_SERVER:=nats.example.org}" | |
# Contractually has to have been provided, but this helps with command-line |
View time_render.py
#!/usr/bin/env python3 | |
""" | |
time_render: render time as given on cmdline | |
Convert epoch time (default) to something human-readable. | |
Handle obscenely large numbers. | |
""" | |
# DNS uses u_int48_t (for TSIG) which is seconds since Unix epoch. |
View github_curl.sh
#!/usr/bin/env bash | |
set -euo pipefail | |
# Switched to bash so that we could bind variables for GraphQL | |
# TODO: | |
# * Rewrite in Go | |
# * Handle paging, iterate | |
# * Consider session keyring with timeout for caching PATs if had to be pulled from PGP-encrypted files | |
# * see if there's a Go implementation of the jq language | |
# * ability to take graphql queries from files/fds and munge into the correct | |
# format. |
View dns-email.sh
#!/usr/bin/env bash | |
# | |
# Copyright 2020 Pennock Tech, LLC | |
# No warranty, this is a proof-of-concept not a final product. | |
# MIT-style license. | |
set -euo pipefail | |
# This might need to switch to another language for concurrency and handling | |
# the queries which are rarer, but this is a decent start as a proof-of-concept. |
View linode-known_hosts
lish-atlanta.linode.com,66.228.57.75,2600:3c02::f03c:91ff:fe93:e3bb ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC1YiyKqGc3i93G+/uzaHkNBm/GmwgkSoHBJD6CNam8dTo2zLZjCOBipb4OjbCHk3Nk6JrjC/at9H+iN7H7m8Vo= | |
lish-atlanta.linode.com,66.228.57.75,2600:3c02::f03c:91ff:fe93:e3bb ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm+yFvNDZoSTVaQguo6HWCEHnUWHGbN2TdGWm2Mt9rY | |
lish-atlanta.linode.com,66.228.57.75,2600:3c02::f03c:91ff:fe93:e3bb ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVkOduQVZUDg6HBPWWjrRa7d45yJyZYfwu4/yqIRowZjoCAQ1ktJcvXg0ABGaQTPmc4dHrQa4pZmAkZRrBgu/xtdl3b9PLY1xQltmJAgYJ2z4SjJQFk7qZLjv2IqMJM7wOwjCLo92rCBk78cIWr0jl1f5qE+i63CH0E3P6k8tD+t+y1RU3Kwx4h1It3tPa45wqLuBsFFgmPfc0ztwYOjONUJGoRK7k4q198gRWmO6mEBTeOJkigfhuPb+BW53m9p1jLuCIP+BwMoG3kB8e0ZKq17IS/Y59+POfqIaFqQC50AAJwZsks2DZYWJPEql6XSgX4WW0IH7KG1m17j5r2xO1 | |
lish-dallas.linode.com,173.255.198.137,2600:3c00::f03c:91ff:fe93:2fd7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGlT+WXbL+tUi40riCGUeYmNboTCGOgJgbYESmBfwP71aX9Mjm1Y44 |
View gpg_refresh_external_domains.sh
#!/usr/bin/env bash | |
set -eu | |
# Warning: we assume that the input of the list of domains to refresh is | |
# trusted, and free from abusive characters. So the only adjustments for using | |
# within a PCRE regexp we apply is "escape the dots to be literal". | |
progname="$(basename "$0" .sh)" | |
die() { printf >&2 '%s: %s\n' "$progname" "$*"; exit 1; } | |
usage() { |
View tflint
#!/bin/bash -eu | |
DOCKER_IMAGE_NAME='tflint' | |
KeepEnvVars=( AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION ) | |
DockerArgs=() | |
CmdArgs=() | |
PwdMountFlags='ro' |
View aws-vault-unlock
#!/usr/bin/env python3 | |
# | |
# Copyright © 2020 Pennock Tech, LLC | |
# SPDX-License-Identifier: MIT | |
""" | |
aws-vault-unlock: unlock (or lock) the awsvault libsecret collection | |
The XDG folks specify the Secret service available over D-Bus. | |
When everything works right, 99designs/aws-vault trying to access a locked |
View perlgssapi-code_GSSAPI_fix-macOS-heimdal.patch
Index: GSSAPI.xs | |
=================================================================== | |
--- GSSAPI.xs (revision 73) | |
+++ GSSAPI.xs (working copy) | |
@@ -6,6 +6,8 @@ | |
#define __GSS_KRB5_NT_PRINCIPAL_NAME &mygss_nt_krb5_principal | |
#define __gss_mech_krb5_v2 &mygss_mech_krb5_v2 | |
+#define GSSKRB_APPLE_DEPRECATED(x) /**/ | |
+ |
NewerOlder