Skip to content

Instantly share code, notes, and snippets.

@johnstanfield
johnstanfield / edit-docker-image.sh
Created July 27, 2022 19:52
Edit a Docker image and push it to ECR. Sometimes you just want to pull a container image, edit a file, and push it back, outside of source control and CI/CD. This is how.
# note: get your AWS credentials however you usually do that (e.g. aws configure or set the env vars)
REPO_URL=accountid.dkr.ecr.region.amazonaws.com/repo-name
EXISTING_TAG=version1
NEW_TAG=version1-hotfix
# get everything ready
mkdir -p ~/slipstream
cd ~/slipstream
`aws ecr get-login --no-include-email`
@johnstanfield
johnstanfield / jqsay
Last active February 25, 2022 17:25
jqsay -- turn bash args into json
#!/usr/bin/env bash
# jq-say
# format string as JSON message
#
# treat odd args as keys and even args as values
# use jq to output something like this, for as many args supplied:
# {"arg1": "arg2", "arg3": "arg4"}
#
# very helpful for echo'ing log messages as JSON
@johnstanfield
johnstanfield / kill-touchpad-triple-click.sh
Created January 13, 2022 14:01
disable center touchpad button
# i often click between the buttons on my touchpad.
# this is because the touchpad is lined up with the center of the laptop
# rather than the center of the keyboard home row
# this script finds the device id of the touchpad (which changes as devices are plugged/unplugged) and disables the triple click
# note: on new installations, run xinput to identify your touchpad which may not contain the word TouchPad
touchPadId=$(xinput | grep TouchPad | awk -F 'id=' '{print $2}' | cut -f1)
xinput --set-button-map $touchPadId 1 1 3
@johnstanfield
johnstanfield / tunnel.sh
Last active January 7, 2022 12:49
open google chrome via socks5 tunnel to aws
# prerequisites
# 1) you have a (Linux) EC2 instance with SSH enabled, source/destination check disabled, etc.
# 2) you have a security group rule with a tag named roaming (this script updates that rule to allow you access) (note: tag the rule, not the security group)
# grant access to your IP access
myip=$(curl -s https://ipv4.icanhazip.com)
read sgid sgrid < <(echo $(aws ec2 describe-security-group-rules --filter Name=tag:Name,Values=roaming | jq '.SecurityGroupRules[0].GroupId, .SecurityGroupRules[0].SecurityGroupRuleId' -r))
aws ec2 modify-security-group-rules --group-id $sgid --security-group-rules SecurityGroupRuleId=$sgrid,SecurityGroupRule=\{CidrIpv4=$myip\/32,FromPort=22,ToPort=22,IpProtocol=TCP,Description=roaming\}
# open tunnel
@johnstanfield
johnstanfield / ap.sh
Created September 7, 2021 02:00
When staying at a hotel with a Chromecast, make the laptop an AP and connect the Chromecast to it to bypass hotel authentication
#!/bin/bash
# i want to stream netflix and prime video from my chromecast to the hotel TV
#
# hotels often have an authentication / agreement page that you have to click OK on
# chromecasts do not play nicely with those
#
# solution: connect your laptop to the hotel's wi-fi, then set up an AP and connect the chromecast to the AP
# your laptop will be both a client of the hotel's WLAN and an access point + bridge of your own WLAN
#
@johnstanfield
johnstanfield / fail2ban_amznlnx2.sh
Created May 13, 2021 17:59
install fail2ban on amazon linux 2
# run as root or sudo everything below
# install epel
amazon-linux-extras install epel -y
# install fail2ban
yum -y install fail2ban
# configure fail2ban (just adding enabled=true in the sshd section)
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
@johnstanfield
johnstanfield / sqs-2012-11-05.php.patch
Last active December 8, 2020 06:03
FIFO queues in PHP v2 SDK
# problem:
# - you have a FIFO SQS queue at AWS but you're running an older version (v2) of the AWS SDK for PHP
# - you get the error "The request must contain the parameter MessageGroupId"
# - this is because v2 of the SDK is older than FIFO queues
# solution:
# - just add the parameters to the resource file
# - either by pasting or applying the patch below
#
# vendor/aws/aws-sdk-php/src/Aws/Sqs/Resources/sqs-2012-11-05.php.patch
@johnstanfield
johnstanfield / entry-point.sh
Created September 28, 2020 05:12
updating a prefix list at AWS when a task boots
# i'm running cloudflare RailGun in a Fargate task, in a public subnet, with a public IP address.
# i need to ensure the web servers do not allow public access; only access from this Fargate task or CloudFlare's IPs
# this presents an interesting problem: Fargate tasks can't use Elastic IPs, so the IP will change each time a task runs,
# making security groups tough
# what i do is:
# create a prefix list (this is a list of IP addresses at AWS)
# add a security group called web_railgun that uses the prefix list; attach that security group to the load balancer
# replace the IP address (cidr) entry in the prefix list when the task boots
@johnstanfield
johnstanfield / terminate-draining-instances.sh
Created September 1, 2020 16:56
terminate ECS instances in an auto-scaling group
#!/bin/bash
# inspects EC2 instances in an ECS cluster and terminates instances that are in a DRAINING state
# the instances are terminated via autoscaling, and the desired capacity is decremented
#
# this is the proper way to terminate EC2 instances in an ECS cluster because:
# - if you just decrement the desired capacity, instances with running tasks may be terminated, and you may have an outage
# - if you terminate instances with zero tasks, the autoscaling group will just replace them
#
# USAGE
# DRY RUN
@johnstanfield
johnstanfield / code.gs
Created August 30, 2020 16:52
purge gmail when out of space
// purge gmail script
// i've been using this for years to keep gmail from going over the limit
// it has gotten me from 99% to 50% many times on various accounts
//
// it runs on google apps script, which is google's script platform that can access your email
// to automatically delete older messages according to the rules below
//
// it's controlled by the CONFIG array
// set an age (required)
// set a label or from (one of them is required)