Over-tinkering

The other day I’ve been looking at a Raspberry Pi 4 that’s been laying around, thinking of what to do with it. I quickly googled around how to setup AFP on it, so that I could put it by the router, connect all the portable hard drives and just use it as my “stash drive” from any device in the house. A tiny NAS-like thing.

I quickly realized there were some problems with my hard drives, namely that they all used different filesystems, so I spent a couple of hours (oh yeah) juggling data between them, formatting them onto reasonable file systems that both Linux and macOS can easily read, and setting them up as mount points for Netatalk to serve. I then started exploring other options for my photo library, which I was managing with iCloud at the time. I remembered that I strongly preferred Google Photos for cataloguing and managing albums and shares, so I figured perhaps it’d be a good opportunity to move all my photos there, and perhaps explore a backup system? You know, a backup for my backup, some software that fetches photos from Google Photos periodically (say, daily), puts them on one of the Pi’s external volumes for rclone to later pick up and store safely on b2. That’s when the clock showed midnight and my wife asked why wasn’t I going to bed yet.

Continue reading “Over-tinkering”

bora—an AWS Cloudformation wrapper

Last weekend I spent some time working on a small project: bora.1 It’s a simple wrapper around AWS Cloudformation, so obviously everyone’s question is: why the hell would I want yet another Cloudformation wrapper? tl;dr answer is: because all the ones which are available suck. But let me elaborate.

  • Troposphere-based tools are inelegant. Troposphere itself is poorly documented, and I dislike how the Python code mixes with actual Cloudformation JSON code in it. It’s also very often non-lintable (or gets unreadable after linting).
  • I ❤️ Python just like the next guy, but it’s not very well suited for things like CI/CD pipelines. I see this a lot in clients’ setups: first your jenkins job needs to pull the code, then create a virtualenv and pip the requirements, then lint (hah!), and then, hopefully, run. With compiled languages (and Golang especially), you only need to download a binary and run it. The only thing you have to care about is the underlying architecture and OS (which, in 99% of the CI/CD cases, is elf x86_64).

  • I want to embrace Cloudformation’s new neat & clean YAML capabilities. JSON is ugly. Troposphere, as mentioned already, is ugly too. Combining YAML with some Jinja-like markup for variables and loops, we could end up with something very elegant and readable. Continue reading “bora—an AWS Cloudformation wrapper”

AWS Cloudformation template for Counter Strike GO server

I spent an evening writing a cloudformation template for Counter Strike Global Offensive linux server. No, I don’t have a life. Yes, you will thank me next time you play with your friends and the laptop cannot handle more than 5 players. (AWS t2.micro handles 6 players easily, and you can always throw a c4.large at the problem which is still about $0.13/hr and handles, well, just about anything).

The template sets up a single EC2 instance of type t2.micro by default, uses the default VPC, and runs the server with “Arms Race” game in a free-for-all mode. Consult Valve’s documentataion page if you want to run other games or reconfigure the server in any way. The template also sets up a CNAME record pointing to the instance’s public DNS name, so comment the last section out if you don’t have a public hosted zone in your Route53.

Happy shooting!

MFA tokens in your terminal

All the stuff described here I learned from my dear colleague Giulio. I’m sharing it here because it’s cool, and because I don’t think he’d share it anywhere other than our internal mailing list.

Do you use MFA a lot? Are you tired of reaching for your phone to check those codes on Google Authenticator app? Perhaps you’ve been logging to too many different AWS accounts because your work requires that? 😔 Here’s a couple paragraphs of advice that will ease your pain.

First, install oath-toolkit. On OS X you can get it with homebrew. Once it’s installed, you’d want to define a function for your shell, like this perhaps:

function mfa () {
   oathtool --base32 --totp "$(cat ~/.aws/$1.mfa)" ;
 }

This specifies an mfa alias which calls oathtool and expects one argument: name of a file (sans extension) inside your ~/.aws/ directory which contains a string that is the base for computing your time-based one-time passwords. To continue the AWS-based example, you can find the code in the AWS console while setting up a new virtual MFA device.

aws-mfa

Once you click on “Show secret key for manual configuration,” you’ll be presented with a 64-character string, which you’ll need to put in a ~/.aws/account-name.mfa file. After that, whenever prompted for the MFA token, type mfa account-name in your terminal.

AWS Cloudformation template for OpenVPN server creation

Are you traveling for Christmas to a country where Netflix/Hulu isn’t available? Are you worried you might resort to violence against your own family once you’re fed up with them? Here’s a VPN server template to help the situation (and keep you away from prison).

Netflix is brilliant and there’s no better time to catch up on your Jessica Jones episodes than Christmas break. But what if your family resides in a country where Netflix isn’t available yet? 😱 Fear not, there’s a way to circumvent geolocation-based legal barriers that protect, in my case, Eastern Europe from excellent comic book-based television. First, you’re gonna need a fast internet connection.1 Second, a VPN server into the country where Netflix is available, e.g., Bundesrepublik Deutschland.

update Jan 6, 2016: Oh, well. VPN servers can still be useful for other purposes.

To create one really quickly and cheaply (and destroy it as easily once it’s not needed), it’s best to use Cloudformation, an orchestration/templating tool that AWS provides. With Cloudformation, all the details2 of your stack are included in one JSON file which, once uploaded via AWS Console, deploys the stack defined by the template. The JSON file below defines an EC2 instance together with a security group suited for OpenVPN: Continue reading “AWS Cloudformation template for OpenVPN server creation”