awsvpc’s gists

awsvpc / 10-netplan-enp0s3.network

Created May 3, 2025 03:41 — forked from basepi/10-netplan-enp0s3.network

awsvpc / 10-netplan-enp0s3.network

Created May 3, 2025 03:41 — forked from basepi/10-netplan-enp0s3.network

awsvpc / nftables.conf

Created May 3, 2025 03:38 — forked from legeana/nftables.conf

nftables port forwarding + wireguard

	table inet nat {
	chain prerouting {
	type nat hook prerouting priority dstnat;
	iifname eth0 jump external-pre
	}
	chain external-pre {
	tcp dport 8022 mark set 1 dnat ip to 10.200.200.2:ssh
	tcp dport 8022 mark set 1 dnat ip6 to [fd00::2]:ssh

	tcp dport 8080 mark set 1 dnat ip to 10.200.200.2:http

awsvpc / ad_password_reset.go

Created May 3, 2025 03:38 — forked from project0/ad_password_reset.go

Go AD password reset

	package passwordresetservice

	import (
	"crypto/tls"
	"fmt"

	ldap "github.com/go-ldap/ldap"
	"golang.org/x/text/encoding/unicode"
	ber "gopkg.in/asn1-ber.v1"
	)

awsvpc / copy-ec2-to-ebs-tags.sh

Created May 3, 2025 03:38 — forked from project0/copy-ec2-to-ebs-tags.sh

AWS CLI hacks

	AWS_INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id)
	ROOT_VOLUME_IDS=$(aws ec2 describe-instances --region ${AWS::Region} --instance-id $AWS_INSTANCE_ID --output text --query Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId)
	TAG_LIST=$(aws ec2 describe-instances --region ${AWS::Region} --instance-id $AWS_INSTANCE_ID --output text --query "Reservations[0].Instances[0].Tags" \| grep -v "aws:" \| awk '{split($0,a,"\t"); printf "Key=\"%s\",Value=\"%s\" ", a[1], a[2]}')
	aws ec2 create-tags --resources $ROOT_VOLUME_IDS --region ${AWS::Region} --tags $TAG_LIST

awsvpc / kms.sh

Created May 3, 2025 03:37 — forked from project0/kms.sh

AWS KMS encryption/decryption

	#!/bin/bash

	function awskmsencrypt() {
	key="$1"
	text="$2"
	aws kms encrypt --key-id "$key" --plaintext fileb://<(echo "$text") --output text --query CiphertextBlob
	}

	function awskmsdecrypt() {
	crypt="$1" #base64

awsvpc / eth1.network

Created May 3, 2025 03:36 — forked from project0/eth1.network

Systemd networkd TunnelBroker Hurricane Electric 6in4

	# This can be any public reachable interface
	# basically the one connected to the internet (native or bridged)
	[Match]
	Name=eth1

	[Network]
	# your normal interface address example: 10.1.1.2/24
	Address=<LOCAL_IPV4>/<NETMASK>
	Gateway=<LOCAL_IPV4_GW> # local ip gw e.g 10.1.1.1

awsvpc / aws_sso.sh

Created May 3, 2025 03:35 — forked from project0/aws_sso.sh

AWS SSO shell login refresh script

	#!/bin/bash

	function awsssologin() {
	local envexport="$1" isretry="$2"
	local cache expires login=false
	local awsbin=/usr/bin/aws

	if [[ -d "$HOME/.aws/sso/cache" ]]; then
	for cache in "$HOME"/.aws/sso/cache/*.json; do
	if ! grep -q "startUrl" "$cache" \|\| ! grep -q "expiresAt" "$cache"; then

awsvpc / install_adfs.ps1

Created May 3, 2025 03:22 — forked from bunchc/install_adfs.ps1

Install and configure adfs with powershell

	$domainName = "{{ windows_domain_info['dns_domain_name'] }}"
	$password = "{{ windows_domain_info['domain_admin_password'] }}"
	$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
	$fqdn = [System.Net.Dns]::GetHostByName(($env:computerName)) \| FL HostName \| Out-String \| %{ "{0}" -f $_.Split(':')[1].Trim() };
	$filename = "C:\$fdqn.pfx"
	$user = "{{ windows_domain_info['dns_domain_name'] }}\{{ windows_domain_info['domain_admin_user'] }}"
	$credential = New-Object `
	-TypeName System.Management.Automation.PSCredential `
	-ArgumentList $user, $securePassword

awsvpc / Dockerfile

Created May 3, 2025 03:22 — forked from bunchc/Dockerfile

Using custom golang plugins with the Kong Ubuntu image

	# To build and load custom GO plugins into the Kong Ubuntu image
	# we use a multistage docker build. The first stage uses the golang
	# image to build the plugin. The second stage then copies that plugin
	# into the Kong Ubuntu image.

	# Build the golang plugin
	FROM golang:alpine as build

	WORKDIR /plugin
	COPY go-plugins/* ./