johnstanfield’s gists

johnstanfield / edit-docker-image.sh

Created July 27, 2022 19:52

Edit a Docker image and push it to ECR. Sometimes you just want to pull a container image, edit a file, and push it back, outside of source control and CI/CD. This is how.

	# note: get your AWS credentials however you usually do that (e.g. aws configure or set the env vars)

	REPO_URL=accountid.dkr.ecr.region.amazonaws.com/repo-name
	EXISTING_TAG=version1
	NEW_TAG=version1-hotfix

	# get everything ready
	mkdir -p ~/slipstream
	cd ~/slipstream
	`aws ecr get-login --no-include-email`

johnstanfield / jqsay

Last active February 25, 2022 17:25

jqsay -- turn bash args into json

	#!/usr/bin/env bash

	# jq-say
	# format string as JSON message
	#
	# treat odd args as keys and even args as values
	# use jq to output something like this, for as many args supplied:
	# {"arg1": "arg2", "arg3": "arg4"}
	#
	# very helpful for echo'ing log messages as JSON

johnstanfield / kill-touchpad-triple-click.sh

Created January 13, 2022 14:01

disable center touchpad button

	# i often click between the buttons on my touchpad.
	# this is because the touchpad is lined up with the center of the laptop
	# rather than the center of the keyboard home row
	# this script finds the device id of the touchpad (which changes as devices are plugged/unplugged) and disables the triple click

	# note: on new installations, run xinput to identify your touchpad which may not contain the word TouchPad

	touchPadId=$(xinput \| grep TouchPad \| awk -F 'id=' '{print $2}' \| cut -f1)
	xinput --set-button-map $touchPadId 1 1 3

johnstanfield / tunnel.sh

Last active January 7, 2022 12:49

open google chrome via socks5 tunnel to aws

	# prerequisites
	# 1) you have a (Linux) EC2 instance with SSH enabled, source/destination check disabled, etc.
	# 2) you have a security group rule with a tag named roaming (this script updates that rule to allow you access) (note: tag the rule, not the security group)

	# grant access to your IP access
	myip=$(curl -s https://ipv4.icanhazip.com)
	read sgid sgrid < <(echo $(aws ec2 describe-security-group-rules --filter Name=tag:Name,Values=roaming \| jq '.SecurityGroupRules[0].GroupId, .SecurityGroupRules[0].SecurityGroupRuleId' -r))
	aws ec2 modify-security-group-rules --group-id $sgid --security-group-rules SecurityGroupRuleId=$sgrid,SecurityGroupRule=\{CidrIpv4=$myip\/32,FromPort=22,ToPort=22,IpProtocol=TCP,Description=roaming\}

	# open tunnel

johnstanfield / ap.sh

Created September 7, 2021 02:00

When staying at a hotel with a Chromecast, make the laptop an AP and connect the Chromecast to it to bypass hotel authentication

	#!/bin/bash

	# i want to stream netflix and prime video from my chromecast to the hotel TV
	#
	# hotels often have an authentication / agreement page that you have to click OK on
	# chromecasts do not play nicely with those
	#
	# solution: connect your laptop to the hotel's wi-fi, then set up an AP and connect the chromecast to the AP
	# your laptop will be both a client of the hotel's WLAN and an access point + bridge of your own WLAN
	#

johnstanfield / fail2ban_amznlnx2.sh

Created May 13, 2021 17:59

install fail2ban on amazon linux 2

	# run as root or sudo everything below

	# install epel
	amazon-linux-extras install epel -y

	# install fail2ban
	yum -y install fail2ban

	# configure fail2ban (just adding enabled=true in the sshd section)
	cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

johnstanfield / sqs-2012-11-05.php.patch

Last active December 8, 2020 06:03

FIFO queues in PHP v2 SDK

	# problem:
	# - you have a FIFO SQS queue at AWS but you're running an older version (v2) of the AWS SDK for PHP
	# - you get the error "The request must contain the parameter MessageGroupId"
	# - this is because v2 of the SDK is older than FIFO queues
	# solution:
	# - just add the parameters to the resource file
	# - either by pasting or applying the patch below
	#
	# vendor/aws/aws-sdk-php/src/Aws/Sqs/Resources/sqs-2012-11-05.php.patch

johnstanfield / entry-point.sh

Created September 28, 2020 05:12

updating a prefix list at AWS when a task boots

	# i'm running cloudflare RailGun in a Fargate task, in a public subnet, with a public IP address.
	# i need to ensure the web servers do not allow public access; only access from this Fargate task or CloudFlare's IPs
	# this presents an interesting problem: Fargate tasks can't use Elastic IPs, so the IP will change each time a task runs,
	# making security groups tough

	# what i do is:
	# create a prefix list (this is a list of IP addresses at AWS)
	# add a security group called web_railgun that uses the prefix list; attach that security group to the load balancer
	# replace the IP address (cidr) entry in the prefix list when the task boots

johnstanfield / terminate-draining-instances.sh

Created September 1, 2020 16:56

terminate ECS instances in an auto-scaling group

	#!/bin/bash
	# inspects EC2 instances in an ECS cluster and terminates instances that are in a DRAINING state
	# the instances are terminated via autoscaling, and the desired capacity is decremented
	#
	# this is the proper way to terminate EC2 instances in an ECS cluster because:
	# - if you just decrement the desired capacity, instances with running tasks may be terminated, and you may have an outage
	# - if you terminate instances with zero tasks, the autoscaling group will just replace them
	#
	# USAGE
	# DRY RUN

johnstanfield / code.gs

Created August 30, 2020 16:52

purge gmail when out of space

	// purge gmail script
	// i've been using this for years to keep gmail from going over the limit
	// it has gotten me from 99% to 50% many times on various accounts
	//
	// it runs on google apps script, which is google's script platform that can access your email
	// to automatically delete older messages according to the rules below
	//
	// it's controlled by the CONFIG array
	// set an age (required)
	// set a label or from (one of them is required)