Skip to content

Instantly share code, notes, and snippets.

View unfor19's full-sized avatar
😺

Meir Gabay unfor19

😺
View GitHub Profile
@unfor19
unfor19 / generate_self_signed_ca_certificate.sh
Last active February 18, 2023 10:33
Generate a self-signed CA rootKey, rootCA, certificate per domain (CNAME) for both pem and DER formats
#!/usr/bin/env bash
# Name: generate_self_signed_ca_certificate.sh
# Description: Generate a self-signed CA rootKey, rootCA, certificate per domain (CNAME) for both pem and DER formats
# Author: Meir Gabay (unfor19)
set -e
set -o pipefail
@unfor19
unfor19 / wsl2-aws-vault.md
Last active August 8, 2024 23:23
How to run aws-vault on WSL2 Ubuntu 20.04

I'm glad to see that I'm not the only one who had issues with it 😄 This is how I'm using aws-vault in WSL2 and Ubuntu 20.04

Short version

# All the commands are executed in a WSL2 terminal

# Download
AWS_VAULT_VERSION="v6.3.1" && \
@unfor19
unfor19 / aws-run-instance.sh
Created March 16, 2021 15:13
aws-run-instance with conditions
#!/bin/bash
set -e
set -o pipefail
error_msg(){
local msg=$1
echo -e "$(date) :: [ERROR] ${msg}"
exit 1
}
@unfor19
unfor19 / global-args-good.Dockerfile
Last active February 12, 2021 14:05
global-args-good-dockerfile
# GOOD - 3.9.1 is declared once at the top of the file
ARG PYTHON_VERSION="3.9.1"
FROM python:"$PYTHON_VERSION"-slim as build
# Build stage commands
FROM python:"$PYTHON_VERSION"-slim as app
# App stage commands
ENTRYPOINT ["app"]
@unfor19
unfor19 / global-args-bad.Dockerfile
Last active February 12, 2021 13:54
global-args-bad-dockerfile
# BAD - 3.9.1 is hardcoded
FROM python:3.9.1-slim as build
# Build stage commands
FROM python:3.9.1-slim as app
# App stage commands
ENTRYPOINT ["app"]
@unfor19
unfor19 / mind-the-uid-gid-good.sh
Created February 12, 2021 13:53
mind-the-uid-gid-good-sh
# GOOD
# Reminder - My machine's UID:GID is 1000:1000
# frigga's user UID:GID - 1000:1000
$ docker run --rm -it -v $PWD/:/code/ --workdir=/code/ --entrypoint=bash unfor19/frigga
appuser@52ad885a9ad5:/code$ echo "file contents" > some-file.txt
appuser@52ad885a9ad5:/code$ ls -lh some-file.txt
# -rw-r--r-- 1 appuser appgroup 28 Feb 12 14:15 some-file.txt
@unfor19
unfor19 / mind-the-uid-gid-solve-with-sudo.sh
Created February 12, 2021 13:53
mind-the-uid-gid-solve-with-sudo-sh
$ sudo echo "more contents" >> root-file.txt
# success
@unfor19
unfor19 / mind-the-uid-gid-good.sh
Created February 12, 2021 13:52
mind-the-uid-gid-good-sh
# BAD
# Reminder - My machine's UID:GID is 1000:1000
# root UID:GID is 0:0
$ docker run --rm -it -v $PWD/:/code/ --user=root --workdir=/code/ --entrypoint=bash unfor19/frigga
root@987c5784a52e:/code$ cat /etc/passwd | grep "$(whoami)"
root:x:0:0:root:/root:/bin/bash
# UID:GID = 0:0
@unfor19
unfor19 / mind-the-uid-guid.sh
Created February 12, 2021 13:51
mind-the-uid-guid-sh
$ cat /etc/passwd | grep "$(whoami)"
myuser:x:1000:1000:,,,:/home/myuser:/bin/bash
@unfor19
unfor19 / run-as-non-root-user-good.Dockerfile
Created February 12, 2021 13:51
run-as-non-root-user-good-dockerfile
# GOOD
FROM python:3.9.1-slim as app
WORKDIR /myapp/
# Creates `appuser` and `appgroup` and sets permissions on the app`s directory
RUN addgroup appgroup --gid 1000 && \
useradd appuser --uid 1000 --gid appgroup --home-dir /myapp/ && \
chown -R appuser:appgroup /myapp/