marcinantkiewicz’s gists

marcinantkiewicz / gist:b3646829a758cf6d46972223d885b820

Created October 1, 2025 04:19

k8s

	# Players
	# KSA - k8s service account
	# GSA - GCP service account
	# metadata server - runs on cluster nodes where pods with Workload Identity are dispatched, will respond to requests directed to 169.254.169.254.
	# workload identity - modifies behavior of the metadata server. Transparently to the SA, it will return GCP STS tokens issued to the impersonated GCP role.
	# Note: - when WI is enabled but not configured properly, the metadata server will fail (silently?) when it does not find annotation etc.
	#
	# request flow
	# 1. pod requests credentials from the metadata server
	# 2. metadata server checks if the pod is using workload identity, and identifies the KSA

marcinantkiewicz / basic ollama care and handling

Last active July 31, 2025 21:10

ollama

	# docker needs the container toolkit to be able to make nvidia drivers available in the containers and probably more.
	# - you will need nvidia drivers too. https://github.com/NVIDIA/nvidia-container-toolkit
	# - model directory will need some IOPS to load them, dedicated NVME is both fast and naturally limits the sprawl
	# - in GPU stats you will see both (G)raphics and (C)ompute jobs. LLM-related tooling only controls the C jobs.

	# -- once Ollama container is running
	#
	# this should produce help output
	$ docker exec -it ollama ollama

marcinantkiewicz / gist:ba4e1618ef5899c731a60b93308f2ab8

Last active July 21, 2025 17:32

	# 1. save as `eslint_prettier-vuln-checker.sh`
	# 2. this find `package-lock.json` files in the `IdeaProjects` folder in the home dir, adjust as needed:
	# `find ~/IdeaProjects/ -type f -name package-lock.json -exec bash eslint_prettier-vuln-checker.sh {} \;`
	# this takes a while to run, add `-print` avove to see all the lockfiles it finds
	#


	#!/usr/bin/env bash

	PACKAGE_VERSION_PAIRS=(

marcinantkiewicz / dig-edns.md

Created April 23, 2024 15:22 — forked from fartbagxp/dig-edns.md

Testing eDNS with dig

Articles about eDNS

Resolving Google using two different IP address will provide two different results.

marcinantkiewicz / find entries that do not have alias.md

Last active March 25, 2025 19:29

gcp secrets and jq

Print secret name of secrets that do not have the versionAliases attribute

gcloud secrets list --format=json | jq '.[] | select( has("versionAliases")|not)|.name'

marcinantkiewicz / list_secrets.sh

Created November 14, 2023 05:18

	#! /usr/bin/env sh

	while getopts sf:p ARG
	do
	case "${ARG}" in
	s) SHORT_LIST=1;;
	f) FILEPATH=${OPTARG};;
	p) PULL=1;;
	*) echo "\nReads GCP cloudbuild config, lists secrets contained in the file\n\nUsage: $(basename $0) [-s] -f filename\n -s short output, do not display google secrets path\n -f cloudbuild config to read\n -p list values for the secrets from GCP, in a format ready to be exported into bash\n\n" && exit 1;
	esac

marcinantkiewicz / pull_secrets.sh

Created November 10, 2023 16:42

read cloudbuild manifest, find secrets, pull them from Secrets Manager, and display in a way where they can be saved in env.

	#! /usr/bin/env sh
	set -o pipefail

	FILEPATH=$1; shift;

	function pull_secrets {
	MANIFEST=$1; shift;
	SECRETS=$(cat "${MANIFEST}" \| jq -r '.availableSecrets.secretManager[] \| .env + "=" + .versionName');

	PROJECT_ID=$(gcloud projects list --filter $(gcloud config get project) --format="value(PROJECT_NUMBER)")

marcinantkiewicz / lpd8.lua

Last active March 29, 2023 05:07 — forked from fred-stripe/lpd8.lua

lpd8 + hammerspoon.midi -> new buttons for your computer machine https://images.reverb.com/image/upload/s--TanFLw05--/t_card-square/v1571420337/zzyfza1vf8wsxjynymgr.jpg

	https://github.com/Hammerspoon/hammerspoon/discussions/3379
	https://www.guerrilladigital.cc/2021/02/18/no-elgato-stream-deck-no-problem-i-reprogrammed-my-akai-lpd8-to-work-as-an-obs-scene-switcher/

	-- A quick hammerspoon to use the buttons on my Akai LPD8
	-- which is a pretty fun little drum pad that can be had
	-- for $40-50 bucks if you shop around:
	-- https://images.reverb.com/image/upload/s--TanFLw05--/t_card-square/v1571420337/zzyfza1vf8wsxjynymgr.jpg


	devices = hs.midi.virtualSources()

marcinantkiewicz / newline_in_search_params.yaml

Created March 23, 2023 21:33

nuclei template - newline in search params

	id: newline_search_params

	info:
	name: newline_search_params
	author: f
	severity: low
	description: search param set to newline results in empty response
	tags: inputvalidation

	requests:

marcinantkiewicz / list_repos.js

Created March 18, 2023 23:47

List GitHub repos via browser console

	// go to https://github.com/orgs/ORGNAME/repositories, open JS console
	// run the below. Once done, extract with "JSON.parse(sessionStorage.repolist).forEach((e)=>{console.log(e)})"
	//
	// The following will covert from https to ssh endpoint link
	// %s/$/.git/
	// %s/https:\/\//git@/
	// %s/\.com\//\.com:/
	//
	extract();
	function extract(){