Skip to content

Instantly share code, notes, and snippets.

View TheLonelyGhost's full-sized avatar

David Alexander TheLonelyGhost

38 followers · 34 following
View GitHub Profile
@TheLonelyGhost
TheLonelyGhost / auth_kube.tf
Created September 8, 2025 16:22
Authenticate kube cluster via JWT auth
locals {
oidc_discovery_url = "https://kube-api.example.com:6443" # PLACEHOLDER
}
resource "vault_jwt_auth_backend" "kube_segment_1" {
description = "JWT auth backend for Kubernetes Pods in logical Segment 1"
path = "kube/segment-1"
oidc_discovery_url = local.oidc_discovery_url # Vault makes a GET request to `${local.oidc_discovery_url}/.well-known/openid-configuration`
bound_issuer = local.oidc_discovery_url
}
@TheLonelyGhost
TheLonelyGhost / auth_tfe.tf
Last active July 25, 2025 16:32
TFE workspace scaling with consistent App ID (from external software inventory system) in metadata
resource "vault_jwt_auth_backend" "tfe" {
type = "jwt"
path = "tfe"
oidc_discovery_url = "https://tfe.example.com"
bound_issuer = "https://tfe.example.com"
}
resource "vault_jwt_auth_backend_role" "tfe_workspace" {
backend = vault_jwt_auth_backend.tfe.path
@TheLonelyGhost
TheLonelyGhost / auth_oidc.tf
Last active July 24, 2025 15:52
Manage Vault Namespace delegation with GitOps and Terraform
locals {
ms_tenant_id = "" # TODO: fill in with your Entra ID tenant (looks like a GUID)
ms_oidc_creds = {
client_id = "" # TODO
client_secret = "" # TODO
}
vault_addrs = [
# TODO: replace with your own list of possible VAULT_ADDRs
"https://vault.example.com:8200",
]
@TheLonelyGhost
TheLonelyGhost / wait-for-vault.sh
Last active February 14, 2025 21:05
Vault wait until node has replicated all data
#!/bin/bash
set -euo pipefail
. /etc/profile.d/99-vault-cli-config.sh
: "${VAULT_TLS_SERVERNAME:=vault.example.com}"
: "${VAULT_API_PORT:=8200}"
: "${VAULT_CACERT:=${SSL_CERT_FILE:-/etc/ssl/ca-bundle.crt}}"
is-listening() {
nc -z 127.0.0.1 "$VAULT_API_PORT"
@TheLonelyGhost
TheLonelyGhost / git-line-stat
Created September 9, 2021 07:44
determine how many lines added and removed from a given commit-ish (ref, brach, whatever)
#!/usr/bin/env bash
set -euo pipefail
git diff --numstat "$@" | awk '{ sum_plus+=$1; sum_minus+=$2 } END { print("+++++ ", sum_plus); print("----- ", sum_minus); }'
@TheLonelyGhost
TheLonelyGhost / list-paths
Created September 9, 2021 07:42
list all the places in one's PATH where a command might be. More reliable than `whence` in a cross-platform setting
#!/usr/bin/env bash
set -euo pipefail
if [ $# -lt 1 ]; then
printf 'USAGE: list-paths <command>\n' 1>&2
exit 1
fi
bin="$1"
found=0
@TheLonelyGhost
TheLonelyGhost / ansi-escape-string
Created September 9, 2021 07:40
Remove all ANSI escape sequences from a given string
#!/usr/bin/env python3
import fileinput
import re
# 7-bit C1 ANSI sequences
ansi_escape = re.compile(r'''
\x1B # ESC
(?: # 7-bit C1 Fe (except CSI)
[@-Z\\-_]
@TheLonelyGhost
TheLonelyGhost / recruiter_seive.py
Created September 9, 2021 03:37
Compose valid Seive code (Fastmail filters) for recruiter spam
from typing import List
import json
def is_wildcard(email) -> bool:
return bool('*' in email)
def main():
@TheLonelyGhost
TheLonelyGhost / com.thelonelyghost.fix-jamf-firefox.plist
Created September 9, 2021 03:34
Fix ZApp injection to override Firefox settings
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.thelonelyghost.fix-jamf-firefox</string>
<key>ProgramArguments</key>
<array>
<string>/bin/zsh</string>
<string>-c</string>
@TheLonelyGhost
TheLonelyGhost / user-data-logging
Created September 9, 2021 03:31
Log user_data output to file
# Send the log output from this script to user-data.log, syslog, and the console
# From: https://alestic.com/2010/12/ec2-user-data-output/
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1