Phil Pennock philpennock
philpennock
/ icinga-monitor-nats.conf
Created
August 2, 2023 16:26
An amalgamation of NATS-related content from multiple Icinga config files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ~~~~~~~~~~~~~~~~~~~~~~~~8< Your Commands File >8~~~~~~~~~~~~~~~~~~~~~~~~ | |
| object CheckCommand "nats-server" { | |
| import "plugin-check-command" | |
| command = [PluginDir+"/nats", "server", "check", "connection"] | |
| # If the context has been defined, outside Icinga alas, then that's the best way to just check for some context | |
| env.NATS_CONTEXT = "$nats_context$" | |
| env.NATS_URL = "$nats_url$" | |
| env.NATS_CREDS = "$nats_creds_file$" |
philpennock
/ find_to_repo
Created
March 24, 2023 21:11
Find VCS repos under the cwd and report their paths
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| find_to_repo: find all dirs under the reference point which are repos | |
| Stop at repos, don't descend into the repos. | |
| Handling submodules etc is explicitly out of scope. | |
| Use --help to see help. | |
| Assumes under current directory if no directories given. | |
| """ |
philpennock
/ git-nuke-branch.sh
Created
April 15, 2022 17:30
git delete branch just on, and push deletion upstream. Install in $PATH as `git-nuke-branch` and/or `git nb`; the nb spelling will auto-handle squashed commits
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # | |
| # git nuke-branch / nb | |
| USAGE="[-nsS] <branch> [<branch> ...]" | |
| LONG_USAGE="\ | |
| Delete each specified branch locally, and then push the deletions to the remote | |
| which is upstream of the current branch. Useful for removing feature-branches | |
| locally and from forges after the code has landed in the trunk. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -eu | |
| : "${VPC_ID:=}" | |
| ShowVPCPrefix='' | |
| format_subnets() { | |
| jq -r '.Subnets[] | |
| | "'"${ShowVPCPrefix}"'\(.AvailabilityZone)\t\(.SubnetId)\t\(.CidrBlock)\t\(.AvailableIpAddressCount)\t\( | |
| if .Tags then .Tags[]|select(.Key=="Name")|.Value else "<none>" end)"' | | |
| sort |
philpennock
/ makepassword.py
Last active
December 20, 2022 03:28
makepassword: make a decentish password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| makepassword: make a decentish password | |
| The -D/--dice option makes a diceware passphrase wordlist; the -B/--bitcoin | |
| option makes a random passphrase wordlist using the Bitcoin BIP39 dictionaries. | |
| The --skey option uses the RFC1751 word-list (but not that algorithm). | |
| Without any of these options, a more traditional password is generated. |
philpennock
/ docker-ecr-login.sh
Last active
October 20, 2021 15:07
This is an extract from an image build script I have, showing how I handle docker creds expiration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| progname="$(basename "$0" .sh)" | |
| note() { printf >&2 '%s: %s\n' "$progname" "$*"; } | |
| # ... | |
| # This bit happens _after_ the build, before the push, so that the time remaining in credentials doesn't need to | |
| # account for build duration | |
| readonly aws_ecr='public.ecr.aws' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # | |
| # git pb: push branch | |
| # implicit: force with lease, set upstream if needed, etc | |
| # | |
| # Path coercion for platforms where git might be in multiple places and I can't | |
| # mess with the ordering "normally" but want to explicitly pick up newer git | |
| # here. |
philpennock
/ pdp_dirname_subdirs.zsh
Created
August 3, 2021 21:52
Be able to declare certain prefices to refer to certain sub-dir owning areas
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # There's a great example in zshexpn(1) "Dynamic named directories" about | |
| # shortening a path to be named by the perforce area it's in; I usually want | |
| # this for git repos, and a whole bunch of them. In fact, it's a common | |
| # pattern and one I don't want to repeat. | |
| local label="${1:?need a label for this completion set}" | |
| local short="${2:?need a short prefix for this completion set}" | |
| local based="${3:?need a directory for this completion set}" | |
| local elide_prefix="${4:-}" | |
| local flags="${5:-}" |
philpennock
/ jwt-audit.py
Created
March 24, 2021 16:10
NATS CVE-2021-3127 account scanning tool to find exploit attempts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """jwt-audit: audit a packfile of JWTs for security issues. | |
| See CVE-2021-3127 for more details. | |
| """ | |
| import argparse | |
| import base64 | |
| import json |
philpennock
/ gitolite nats notifications in Go
Last active
November 30, 2020 20:59
Golang version of git post-receive hook for gitolite to publish updates to NATS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is for gitolite to publish notifications to NATS with details of commits. | |
| I use the "hooks in admin repo" approach: I have root on the gitolite server and only I have commit access. | |
| The only action taken outside of this repo was to install Go (1.15.5). | |
| This approach uses a shell wrapper to on-demand re-compile the binary hook, which is written in Go. | |
| Shell script: local/hooks/repo-specific/wrap-go-nats-publish.post-receive | |
| Symlink: local/hooks/common/post-receive -> ../repo-specific/wrap-go-nats-publish.post-receive | |
| Go source: local/src/nats-publish-postreceive.go |
NewerOlder