Skip to content

Instantly share code, notes, and snippets.

FROM ubuntu:bionic
LABEL org.opencontainers.image.authors="Victor Seva <[email protected]>"
# Important! Update this no-op ENV variable when this Dockerfile
# is updated with the current date. It will force refresh of all
# of the base images and things like 'apt-get update' won't be using
# old cached versions when the Dockerfile is built.
ENV REFRESHED_AT=2024-11-11
RUN rm -rf /var/lib/apt/lists/* && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -qq --assume-yes gnupg wget apt-transport-https
@churnd
churnd / aliases
Created June 2, 2023 18:37
AWS Aliases
[toplevel]
whoami = sts get-caller-identity
create-assume-role =
!f() {
aws iam create-role --role-name "${1}" \
--assume-role-policy-document \
"{\"Statement\":[{\
\"Action\":\"sts:AssumeRole\",\
@churnd
churnd / gist:10e2feccf394d4ce44e8f36f21e86615
Last active February 27, 2023 14:57
Rundeck Aurora MySQL Serverless Driver
@churnd
churnd / ssm-agent-install.sh
Last active May 5, 2022 16:27
Terraform Demo SSM Install Ubuntu
#!/bin/bash
sudo mkdir /tmp/ssm
cd /tmp/ssm
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb
sudo systemctl enable amazon-ssm-agent
rm amazon-ssm-agent.deb
@churnd
churnd / uw2-ue1.tf
Created March 4, 2022 19:47
s3 2 way replication with terraform
provider "aws" {
region = "eu-west-1"
}
provider "aws" {
alias = "central"
region = "eu-central-1"
}
resource "aws_iam_role" "replication" {
@churnd
churnd / credentials
Created February 9, 2022 16:17
aws cli assume role
~/.aws/config:
[profile account1]
region = us-east-1
output = json
[profile account2]
region = us-east-1
output = json
role_arn = arn:aws:iam::<account1_number>:role/<role_name>
source_profile = account1
# BEGIN: Add proxy to RCE service
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
<LocationMatch "/rce">
ProxyPass http://127.0.0.1:3000 keepalive=On
server {
listen 80;
server_name _;
root /var/canvas/public;
charset utf-8;
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/canvas.access.log;
error_log /var/log/nginx/canvas.error.log;
passenger_enabled on;
@churnd
churnd / github-iptables-rules.sh
Last active May 11, 2020 16:48
Create iptables block from Github IP ranges to integrate into existing firewall rules.
#!/bin/bash
# Configuration
IPTABLES_CONF=/etc/iptables/rules.v4
GITHUB_IPS=/var/tmp/github-ips
GITHUB_BEGIN="^# GITHUB BEGINS$"
GITHUB_END="^# GITHUB ENDS$"
if ! [ -x "$(command -v jq)" ]; then
echo "Cannot find 'jq' in your PATH, exiting..."
[23/41]: configure dirsrv ccache
[24/41]: enabling SASL mapping fallback
[25/41]: restarting directory server
[26/41]: creating DS keytab
[27/41]: ignore time skew for initial replication
[28/41]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 4 seconds elapsedNo status yet
No status yet
No status yet