Skip to content

Instantly share code, notes, and snippets.

Avatar

Valerian Saliou valeriansaliou

View GitHub Profile
@valeriansaliou
valeriansaliou / upgrade_gitlab
Last active Aug 29, 2015
GitLab Upgrade Scripts
View upgrade_gitlab
#!/bin/sh
if [ "$1" ]; then
# Upgrade both GitLab CE + GitLab CI
upgrade_gitlab_ce "$1";
upgrade_gitlab_ci "$1";
else
echo "[upgrade_gitlab] Please feed me with upgrade branch (X-X-stable)"
fi
View crisp_email_set.js
// CRISP_READY_TRIGGER is read as a "crisp ready" callback
CRISP_READY_TRIGGER = function() {
// Set user email once crisp is ready
$crisp.user.email.set("USER_EMAIL_THERE");
};
@valeriansaliou
valeriansaliou / setup_docker_machine_route_macos.sh
Created Jan 26, 2016
Setups the route to Docker machine networking layer
View setup_docker_machine_route_macos.sh
#!/bin/bash
# Script to instruct the Mac how to route packets to the
# software defined network where containers created via boot2docker
# reside. This lets you casually directly to ports (ssh, http, etc. etc.)
# on those containers.
function ERROR(){ echo "ERROR: $*" ; }
function FAIL(){ echo "FAILING: $*" ; exit 1; }
View mac_mission_control_re_enable
defaults delete com.apple.dock expose-animation-duration; killall Dock
@valeriansaliou
valeriansaliou / letsencrypt_cron_wrapper.sh
Last active Nov 28, 2016
Let's Encrypt manual certificate renew for a static private key
View letsencrypt_cron_wrapper.sh
#!/bin/bash
# Cron wrapper, call this directly from your cron. Depends on renew script (letsencrypt_manual_renew.sh).
ADMIN_EMAIL=hostmaster@server.tld
RENEWLOG=`/srv/data_server/certs/tools/letsencrypt_manual_renew.sh 2>&1`
rc=$?
if [[ $rc -ne 0 ]]; then
View keybase.md

Keybase proof

I hereby claim:

  • I am valeriansaliou on github.
  • I am valerian (https://keybase.io/valerian) on keybase.
  • I have a public key ASAoeFcGq8cTxJMg6NVKnrqOa8YafbxlxNmDmA00RyqURwo

To claim this, I am signing this object:

View rocksdb-deadlock.txt
** File Read Latency Histogram By Level [default] **
2019/03/31-08:53:54.017088 7fc4977f6700 [WARN] [db/db_impl.cc:669] ------- DUMPING STATS -------
2019/03/31-08:53:54.017165 7fc4977f6700 [WARN] [db/db_impl.cc:670]
** DB Stats **
Uptime(secs): 41400.5 total, 600.0 interval
Cumulative writes: 17M writes, 17M keys, 17M commit groups, 1.0 writes per commit group, ingest: 13.88 GB, 0.34 MB/s
Cumulative WAL: 17M writes, 0 syncs, 17597384.00 writes per sync, written: 13.88 GB, 0.34 MB/s
Cumulative stall: 00:00:0.000 H:M:S, 0.0 percent
Interval writes: 0 writes, 0 keys, 0 commit groups, 0.0 writes per commit group, ingest: 0.00 MB, 0.00 MB/s
Interval WAL: 0 writes, 0 syncs, 0.00 writes per sync, written: 0.00 MB, 0.00 MB/s
@valeriansaliou
valeriansaliou / server_backup_s3.sh
Last active Jan 30, 2020
Personal server backup script, ran every Sunday in the early morning. It's 100% pipe-based, which means it never writes to disk as to buffer backup files before uploading them to S3. Useful to preserve SD card write cycles on a Raspberry Pi.
View server_backup_s3.sh
#!/bin/bash
BACKUP_DATE=$(date +"%Y-%m-%d_%H-%M-%S")
AWS_CONTAINER="s3://xxx-backup/xxx_backup"
AWS_DESTINATION="$AWS_CONTAINER/$BACKUP_DATE"
GPG_RECIPIENT=xxx@xxx.xxx
ADMIN_EMAIL=xxx@xxx.xxx
@valeriansaliou
valeriansaliou / iptables-http-dos-shield.txt
Last active Jul 19, 2020
HTTP/HTTPS DOS shield w/ IPTables
View iptables-http-dos-shield.txt
# Those rules protect HTTP/HTTPS services for both IPv4 and IPv6 sources as such:
# 1. Prevent a /32 IPv4 or /64 IPv6 to open more than 10 HTTPS?/TCP connections per second (the limit is high, but this still shield against some attacks) — DROP TCP packets in this case, to avoid generating egress traffic sending a RST
# 2. Limit ingress bandwidth to HTTPS? services to 32KB/sec (adjust to your needs, in my case it is used to shield a WebSocket backend against incoming WebSocket message floods)
# 3. Limit the number of simultaneous ongoing connections to HTTPS? to 40 (also, high limit, adjust to your needs)
# The protections those rules offer:
# 1. Prevent crypto-DOS (ie. a client that proceed too many key exchanges and thus exhaust server CPU)
# 2. Prevent WebSocket floodings (eg. I use this for Socket.IO, which has no efficient way to rate-limit received messages before they get parsed)
# 3. Prevent ephemeral TCP port exhaustion due to a client holding too many TCP connections
# 4. Prevent IPv6 rotation attac
View sonic-benchmark_batch-query.js
var mongoose = require("mongoose");
var SonicChannelSearch = require("sonic-channel").Search;
var MessageModel = mongoose.model("message", new mongoose.Schema({
website_id : String,
type : String,
content : Object
}));
var query_count = 0;