Docker, rust, cargo and 137 Errors

I kept getting OOMKilled when trying to build Rust apps in Docker containers on GitHub Actions (and also locally, using buildx). The return code of any cargo command that touched the list of crates would end up with the command killed after 30-90 seconds.

I found two solutions:

[Read More]

AWS ACM Moving to Dynamic Intermediates

I wonder how many things are going to break when AWS changes how ACM certs are issued. They’re moving to “dynamic” (ie, randomly allocated) intermediates starting 11th October 2022, which is surprisingly soon!

They say not to use certificate pinning, but lots of people do, and I’m sure there’s a load of custom config/deployment methods out there that’ll rely on some kind of static intermediate.

Good luck, friends!

[Read More]

Stop Edge Sleeping Tabs

Microsoft’s Edge browser is pretty cool, I use it instead of Chrome because .. somehow Microsoft has become less creepy than Google?

They’ve recently added efficiency mode, which is handy until it starts sleeping the tab that Octoprint is on, which queues up all the “live view” features and somehow makes them replay at super-speed when I go back to the tab.

AAAAANNYWAY. I did some searching and couldn’t find the answer to “how do I stop Edge from sleeping pinned tab” because that’s not a thing (article on what can stop a tab to sleep here).

[Read More]

Housing Cost Increases and Perception

The low cost of borrowing money combined with a few other forces have really pushed up housing prices around here lately, and people keep telling me that “oh but your place has gone up in value, it all works out!”

I knew in my bones it wasn’t right, but I did some quick math.

MortgageTownhouse ValueHouse CostMortgage Increase
2019$250,000.00$320,000.00$480,000.00$160,000.00
2022$250,000.00$450,000.00$680,000.00$230,000.00
Increase140.63%141.67%143.75%

This is based on similar houses in similar locations, as I’ve been looking for some time.

[Read More]

GitHub's Dependabot and Actions

I sent this to a friend who I’d been talking to about automation things, they probably didn’t expect this huge wall of text 😁 Since this isn’t a DM over social media, I’ve included the code and cleaned up the links, and shared it so hopefully I can find it in the future and it’ll help someone else who’s interested.

I’ve had this on my todo list so here goes.. I was going on about how cool Dependabot is, and how it automagically makes Pull Requests (PRs) for updating packages in repositories… since you asked for some details it’s probably easiest to show an example of how I’ve got it set up.

[Read More]

Terraform, AWS Access Keys and Keybase

Per the Terraform AWS Provider docs for the aws_iam_access_key resource, I figured I’d try this Keybase PGP thing.

This is the config I’ve got (and stayed with, because it wasn’t wrong):

resource "aws_iam_access_key" "example_key" {
  user    = aws_iam_user.example.name
  pgp_key = "keybase:yaleman"
}

While trying to apply the config however, I got this error…

│ Error: Error retrieving Public Key for keybase:yaleman: unable to fetch keys for user(s) "yaleman" from keybase
│   with aws_iam_access_key.example_key,
│   on example.tf line 26, in resource "aws_iam_access_key" "example_key":
│   26: resource "aws_iam_access_key" "example_key" {

Well, that’s annoying and slightly vague!

[Read More]

Terraform, Kubernetes and Github Container Registry Oh My

After much muttering and searching and and then some help from the lovely people on the rands slack, I ended up with a snippet for authenticating my kubernetes cluster to the Github Container Registry using terraform configuration.

tl;dr: create a dockerconfigjson-type secret and use it in the image_pull_secrets field

Create a secret with the authentication details:

resource "kubernetes_secret" "ghcr_auth" {
  metadata {
    name = "ghcr-auth"
  }
  type = "kubernetes.io/dockerconfigjson"
  data = {
    ".dockerconfigjson" = jsonencode({
      "auths" = {
        "https://ghcr.io" = {
          "auth" :  base64encode("${var.github_username}:${var.github_pat}")
        }
      }
    })
  }
}

The github_pat variable has a Personal Access Token with access to read:packages. It’s not actually a variable in my config, because I’m way more secure than that, but… it’s an example.

[Read More]