Kim Alvefur Zash
Zash
/ mod_s2s_certinfo.lua
Last active
July 20, 2016 13:18
Riddim plugin for showing info about certificates along with server-side support plugin.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local xmlns = "http://zash.se/protocol/s2scertinfo"; | |
| local st = require"util.stanza"; | |
| -- local dump = require"myserialize".serialize; | |
| local base64_encode = require"util.encodings".base64.encode; | |
| local s_char, s_gsub = string.char, string.gsub; | |
| local tonumber = tonumber; | |
| local function unhexbyte(c) return s_char(tonumber(c, 16)) end | |
| local function unhex(s) return s_gsub(s, "..", unhexbyte) end | |
| local function hex2b64(s) return base64_encode(unhex(s)) end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # arguments: file commit commit [diff tool with args] | |
| ${4:-diff} \ | |
| <(git show "$2:$1" | ./xep2md.sh -) \ | |
| <(git show "$3:$1" | ./xep2md.sh -) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name hg.example.com; | |
| root /var/www/hg.example.com; | |
| listen 0.0.0.0:80; | |
| listen 0.0.0.0:443 ssl; | |
| listen [::]:80; | |
| listen [::]:443 ssl http2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Policy control thing with policy derived from key name | |
| -- "keyname.owner.domain" will be allowed to edit domain (including suddomains) | |
| -- Special keyname "acme" should be allowed to add and remove _acme-challenge TXT records under domain | |
| -- Assumes that the key name can't be faked | |
| function updatepolicy(request) | |
| local tsig = request:getTsigName(); | |
| local zone = request:getZoneName(); | |
| pdnslog("updatepolicy: tsig "..tsig:toString().." wants to update "..request:getQName():toString().." in "..zone:toString(), pdns.loglevels.Info); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| CERTS=/var/lib/dehydrated/certs/ | |
| pkeyhash() { | |
| openssl pkey -in "$CERTS$1/privkey${2:-}.pem" -pubout -outform DER | | |
| sha256sum | cut -d' ' -f1 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eo pipefail | |
| ZONE="$1"; | |
| if ! shift; then | |
| echo "Usage: $0 ZONE" | |
| exit | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol | |
| set -euo pipefail | |
| BASE_DOMAIN="$1" | |
| OAUTH_META="$(curl -sSfL "https://$BASE_DOMAIN/.well-known/oauth-authorization-server" -H Accept:application/json)" | |
| ISSUER="$(echo "$OAUTH_META" | jq -r '.issuer')" | |
| REGISTRATION_ENDPOINT="$(echo "$OAUTH_META" | jq -r '.registration_endpoint')" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [pull] | |
| ff = only | |
| [commit] | |
| verbose = true | |
| [alias] | |
| amend = commit --amend --no-edit | |
| ci = commit | |
| co = checkout | |
| each = submodule foreach git | |
| fa = fetch --all -p |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eo pipefail | |
| ZONE="$(hostname -d)" | |
| FQDN="$(hostname -f)" | |
| UPDATES="$(mktemp --suffix .nsupdate)" | |
| trap 'rm -- "$UPDATES"' EXIT | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -e | |
| if [ -z "$1" ]; then | |
| echo "usage: $1 example.com [client|server]" | |
| exit 1 | |
| fi | |
| xmppdomain="$1" | |
| adomain="$1" | |
| if type idn2 >/dev/null 2>/dev/null ; then |
OlderNewer