Viacheslav Vasilyev avoidik

Newer openssl (>= 1.1.1)

MSYS_NO_PATHCONV=1 openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
  -keyout example.key -out example.crt -subj "/CN=example.com" \
  -addext "subjectAltName=DNS:example.com,DNS:www.example.net,IP:10.0.0.1"

Before 1.1.1

It is be possible to organize Git-cloned projects into folders based on work/personal criteria, for instance one folder could be completely dedicated to personal projects, while the other to work related projects.

We could have these two folders in our case:

~/projects/personal/ - personal projects directory
~/projects/work/ - work projects directory

Let's define configuration with sane defaults for git-cloned repositories outside of these two folders.

Run AWS metadata service locally

The idea is to run AWS metadata service on a local machine and redirect all link-local level requests to a mock server, which will provide real IAM credentials.

Install amazon-ec2-metadata-mock

curl -fsSL ec2-metadata-mock https://github.com/aws/amazon-ec2-metadata-mock/releases/download/v1.11.2/ec2-metadata-mock-`uname | tr '[:upper:]' '[:lower:]'`-`dpkg --print-architecture` -o /usr/local/bin/ec2-metadata-mock
chmod +x /usr/local/bin/ec2-metadata-mock

Host-only network in Qemu

Windows

Install the TAP driver on Windows host

https://build.openvpn.net/downloads/releases/latest/tap-windows-latest-stable.exe

WIN + R > ncpa.cpl > OK

Update initramfs image with required binaries (if fsk for some reason isn't there)

tee /etc/initramfs-tools/hooks/e2fsck.sh <<'EOF' >/dev/null
#!/bin/sh
. /usr/share/initramfs-tools/hook-functions
copy_exec /sbin/e2fsck /sbin
copy_exec /sbin/fsck /sbin
copy_exec /sbin/fsck.ext2 /sbin
copy_exec /sbin/fsck.ext4 /sbin

Install Step CLI & CA on Raspberry PI

Steps

Install Step CLI

Download

curl -fsSLO https://github.com/smallstep/cli/releases/download/v0.23.0/step_linux_0.23.0_armv7.tar.gz

Amazon Cognito for Amazon Elasticsearch Kibana access using SAML

That is a mouthful and the process could be clearer. doesn't help that there's a lot of outdated information and conflicting articles with links upon links pointing you in every which way but the right way.

I'll use Google Apps as a SAML provider for the purpose of this gist.

Overview of the steps

The process is triggered from the AES Console and required multiple steps to configure the IAM Roles and chosen IDP

	#!/bin/bash

	if [[ $EUID -ne 0 ]]; then
	echo "Error: This script must be run as root"
	exit 1
	fi

	PKGARCH="x86_64-unknown-linux-gnu.tar.gz$" # aarch64-unknown-linux-musl.tar.gz
	echo "starship"
	DURL="$(curl -s https://api.github.com/repos/starship/starship/releases/latest \| jq -r --arg arch $PKGARCH '.assets[] \| select(.name\|match($arch)) \| .browser_download_url')"

-#!/bin/bash
-# https://gitlab.com/snippets/1927120
-set -eu -o pipefail
-if (( $# )) ; then
-    cat << HELP
-Looks for inactive snaps and removes them.
-There are no command line options.

	AWSTemplateFormatVersion: '2010-09-09'
	Description: Cognito Stack
	Parameters:
	AuthName:
	Type: String
	Description: Unique Auth Name for Cognito Resources

	Resources:
	# Creates a role that allows Cognito to send SNS messages
	SNSRole: