Per the Terraform AWS Provider docs for the aws_iam_access_key resource, I figured I’d try this Keybase PGP thing.

This is the config I’ve got (and stayed with, because it wasn’t wrong):

resource "aws_iam_access_key" "example_key" {
  user    = aws_iam_user.example.name
  pgp_key = "keybase:yaleman"
}

While trying to apply the config however, I got this error…

│ Error: Error retrieving Public Key for keybase:yaleman: unable to fetch keys for user(s) "yaleman" from keybase
│ 
│   with aws_iam_access_key.example_key,
│   on example.tf line 26, in resource "aws_iam_access_key" "example_key":
│   26: resource "aws_iam_access_key" "example_key" {
│ 

Well, that’s annoying and slightly vague!

After much muttering and searching and and then some help from the lovely people on the rands slack, I ended up with a snippet for authenticating my kubernetes cluster to the Github Container Registry using terraform configuration.

tl;dr: create a dockerconfigjson-type secret and use it in the image_pull_secrets field

Create a secret with the authentication details:

resource "kubernetes_secret" "ghcr_auth" {
  metadata {
    name = "ghcr-auth"
  }
  type = "kubernetes.io/dockerconfigjson"
  data = {
    ".dockerconfigjson" = jsonencode({
      "auths" = {
        "https://ghcr.io" = {
          "auth" :  base64encode("${var.github_username}:${var.github_pat}")
        }
      }
    })
  }
}

The github_pat variable has a Personal Access Token with access to read:packages. It’s not actually a variable in my config, because I’m way more secure than that, but… it’s an example.

This week’s been pretty slow, still catching up on work and reading and software updates and dying laptop after my holiday. Woo.

Monday

Went splat.

Started blogging the Ghan trip.

Went food shopping.

Ugh, did I mention splat. Such tired.

Tuesday

Great quote.

pro·duc·tion| prəˈdəkSH(ə)n |
noun

1. A test harness that escaped CI clusters

Watched Better Living through Chemistry. Sam Rockwell always plays a great character and Olivia Wilde and Michelle Monaghan really spiced up a zany script.

Friday the 13th, WooOoOoooo.

Slept in a bit - we flew in a day early in case there were flight cancellations - thanks, COVID.

I went out looking for some breakfast, and by 9am it was already ~30º outside. After toddling around for a while, marvelling at the number of massage parlors and bars promoting their Defence-Force discount, I found a lovely bacon, egg and avocado roll at Monica’s Café - a nice family-run establishment directly across the road from the hotel.

Today we started the journey, flying to Darwin on QANTAS in business class. Woo. Business class is pretty nice, with better food, more room for my wide hips and more leg room - which is nice when you’re a freakishly tall person like I am.

It’s very clear that folks are being watched while moving around the city, with cameras on every light pole and I’m pretty sure running a surveillance company is a winning ticket in this place.

This week’s been busy, lots of leaving the house. 😄

Monday

kanidm

Whoa, I was made a member/owner of the kanidm organisation today. That’s a fair bit of responsibility, and it’s great to have that trust.

I did a rolling comp at the range, as part of the many shoots this month to keep my licensing up. I shot good, which isn’t hard when you’re shooting at paper. I started a new range-game to try and concentrate on my hand-eye coordination and slow down between rounds.

Monday

M1 macbook things - THE FAN TURNED ON. It was weird.

Thanks, rust. <3

ADHD Side Quest Chain

This one was quite the adventure, so I figured I’d write it down.

1. “The fan under the stairs is ticking”
2. Pull fan out.
3. Ew, that’s real dusty.
4. Pull out vacuum to suck up dust.
5. Oh the extension lead’s stuck, pull that out from under the mat.
6. I need to pee! Do that.
7. Wash hands.
8. Mm, I’m in the kitchen, snack time.
9. Grab a handful of Pepperoni. Thank the good lord ALDI for 100gm packs.
10. Have a drink.
11. Oh yeah, fan!
12. Oh it’s real dusty I could put it on the back of the vent and find the old fan duct.
13. five minutes of looking for the fan duct upstairs
14. Oh I’ll have to 3d print one.
15. But I should clean the fan first.
16. goes and changes the filament on the 3d printer
17. installs a brace on the 3d printer that he finds
18. No no no, fan cleaning!
19. Connect vacuum to power cord (see point #4).
20. Cleans out the clogged pipe of the vacuum
21. Cleans up the floor, because the clogs (leaves and sticks) went everywhere.
22. Actually clean the fan
23. Vacuum the floor a bit
24. I still need a fan duct.
25. an hour and a half of designing one
26. Five and a half hours after THAT (print time), install fan back in duct.

Next day: Installed the grille over the fan duct.

Monday

threegoldbees.com

Redeployed the site, for the first time in a long time because images were missing and it was generally just not playing nice. I removed all the <center></center> HTML randomness, which made Hugo happier. I wish there was a blog engine which was more human and less Wordpress.

Updated the terraform module configuration to AWS’ v4 module syntax. Delicious yak milk.

yaleman/sprintf

• added automagic testing from github_linter.
• actually fixed up the testing,
• re-fixed it, after breaking it again.

Movies

I watched Shot Caller after spending a good half an hour cruising for something to watch. I liked it. Good non-linear story telling without it being a gimmick. Doesn’t pull any punches, and it’s very economical in its delivery. Great cast.

Monday

yaleman/fail2ban-importer

Rewrote it so I could be sure it might work. More complex, but also simpler.. woo?

Tuesday

yaleman/github_linter

Added a new fix in the github_actions module, adding dependency checking based on the new github action.

Wednesday

yaleman/github_linter

Updated the fix from Tuesday in the github_actions module, removing dependency checking based on the new github action for private repos. I probably should have read the docs. :D

yaleman/TA-pushover

Moved across to using ucc-gen, it’s… a thing.

Monday

yaleman/shrinky

Added tests to cover every line of the code, so I can auto-merge things now if they pass!

Released v0.0.4 to pypi as an official package.

yaleman/github_linter

• fixed up some typing issues in the test suite
• added a bandit workflow file for github_actions Python checks, to see what bandit testing will look like.
• ran codeowners over all my repos
• ran github_actions over all my repos and testing went booooom on a few things. Oh welllsssss… mainly just “yes, actually fix that test” and so forth - what this project is for!

yaleman/mqtt-monitor and yaleman/memes-api

Added a bunch of testing to allow things to update quicker when dependabot does its thing, because automation’s great!