Skip to content

Instantly share code, notes, and snippets.

xandout /
Created Dec 15, 2020
MongoDB User Management

MongoDB User Management

This is a simple script that will keep the database users in sync with a defined JSON document.

My ultimate use case is in a K8S environment so the files will be templated and I will add and remove users from my databases that way.

This is the test rig and shows how to manage the creation, updating and deletion of MongoDB users.


xandout /
Last active Sep 22, 2020

Keybase proof

I hereby claim:

  • I am xandout on github.
  • I am xandout ( on keybase.
  • I have a public key ASD9c-9ULRwQ39Vui5bIy83SFVBzQ4JRe7YMwMxLQZ8XDgo

To claim this, I am signing this object:

xandout / index.html
Created Sep 17, 2020
Tailwind CSS v1.0 Color Palette
View index.html
<div id="app"></div>
xandout /
Last active Mar 18, 2021

Script to use TOTP tokens as passwords for OpenVPN auth

The user will be prompted for a username and password.

The username is the client username and the password is generated by their MFA app such as Authy or Google Authenticator.

OpenVPN server config

Add the following flags to your OpenVPN server config

xandout /
Last active Nov 14, 2020
Kubernetes DaemonSet that enables a direct shell on each Node using SSH to localhost

Getting a shell on each node

I run several K8S cluster on EKS and by default do not setup inbound SSH to the nodes. Sometimes I need to get into each node to check things or run a one-off tool.

Rather than update my terraform, rebuild the launch templates and redeploy brand new nodes, I decided to use kubernetes to access each node directly.

Alternative option

xandout /
Created Aug 13, 2020
Python script using boto3 to copy ElastiCache to S3
#!/bin/env python
import boto3
import os
import time
from datetime import datetime
cluster_name = os.environ["CLUSTER_NAME"]
dest_bucket = os.environ["DEST_BUCKET"]
env_name = os.environ["ENV"]
xandout /
Last active Aug 5, 2020
Mutex, Singleton, Only one instance of bash script running at a time
# Credit:
# get absolute path to the script itself
script=`realpath $0`
# open bash script using file descriptor 6
exec 6< "$script"
# lock file descriptor 6 OR show error message if script is already running
xandout /
Created May 4, 2020
Generate random password in bash
# newpass generates a new random password of 32 or $1 chars long, up to 92 characters
newpass() { date +%s | sha256sum | base64 | tr -d '\n' | head -c "${1:-32}" ; echo ; }
# 18:47 # newpass 10
# N2U3YzliOT
# 18:47 # newpass 20
# 18:47 # newpass 30
# 18:47 # newpass
xandout /
Created May 1, 2020
SSH via Bastion


⚠️ This guide does NOT use individual SSH keys, which is recommended for security purposes. This guide also does not show the usage of password-protected keys, you should use password-protection.


  • Bastion server: Sometimes called a "jump server", this server is reachable by your laptop. Sometimes the bastion server is protected by a VPN, sometimes not but should always have a firewall. This is essentially your front door. Always lock your doors.

  • SSH Agent: This is a program that runs on your laptop and keeps your SSH private keys loaded in memory. eval $(ssh-agent)

  • SSH Keys: These consist of 2 parts
xandout / theia-all.yml
Last active Apr 30, 2020
Run Theia IDE in Kubernetes
View theia-all.yml
apiVersion: v1
kind: Service
name: theia-svc
- port: 3000
targetPort: 3000