| --- | |
| - name: install llm cli and plugins | |
| hosts: localhost | |
| connection: local | |
| gather_facts: no | |
| vars: | |
| llm_plugins: | |
| - llm-openrouter | |
| - llm-mlx |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: test-pod | |
| namespace: ${namespace} | |
| spec: | |
| containers: | |
| - image: google/cloud-sdk:slim | |
| name: test-pod | |
| command: ["sleep", "86400"] |
| # Players | |
| # KSA - k8s service account | |
| # GSA - GCP service account | |
| # metadata server - runs on cluster nodes where pods with Workload Identity are dispatched, will respond to requests directed to 169.254.169.254. | |
| # workload identity - modifies behavior of the metadata server. Transparently to the SA, it will return GCP STS tokens issued to the impersonated GCP role. | |
| # Note: - when WI is enabled but not configured properly, the metadata server will fail (silently?) when it does not find annotation etc. | |
| # | |
| # request flow | |
| # 1. pod requests credentials from the metadata server | |
| # 2. metadata server checks if the pod is using workload identity, and identifies the KSA |
| # docker needs the container toolkit to be able to make nvidia drivers available in the containers and probably more. | |
| # - you will need nvidia drivers too. https://github.com/NVIDIA/nvidia-container-toolkit | |
| # - model directory will need some IOPS to load them, dedicated NVME is both fast and naturally limits the sprawl | |
| # - in GPU stats you will see both (G)raphics and (C)ompute jobs. LLM-related tooling only controls the C jobs. | |
| # -- once Ollama container is running | |
| # | |
| # this should produce help output | |
| $ docker exec -it ollama ollama |
| # 1. save as `eslint_prettier-vuln-checker.sh` | |
| # 2. this find `package-lock.json` files in the `IdeaProjects` folder in the home dir, adjust as needed: | |
| # `find ~/IdeaProjects/ -type f -name package-lock.json -exec bash eslint_prettier-vuln-checker.sh {} \;` | |
| # this takes a while to run, add `-print` avove to see all the lockfiles it finds | |
| # | |
| #!/usr/bin/env bash | |
| PACKAGE_VERSION_PAIRS=( |
NolaCon 2017 GBC04 EDNS Client Subnet ECS DNS CDN Magic or Secur Jim Nitterauer
archive.is not resolving under 1.1.1.1 Cloudflare DNS resolver
Resolving Google using two different IP address will provide two different results.
Print secret name of secrets that do not have the versionAliases attribute
gcloud secrets list --format=json | jq '.[] | select( has("versionAliases")|not)|.name'
| #! /usr/bin/env sh | |
| while getopts sf:p ARG | |
| do | |
| case "${ARG}" in | |
| s) SHORT_LIST=1;; | |
| f) FILEPATH=${OPTARG};; | |
| p) PULL=1;; | |
| *) echo "\nReads GCP cloudbuild config, lists secrets contained in the file\n\nUsage: $(basename $0) [-s] -f filename\n -s short output, do not display google secrets path\n -f cloudbuild config to read\n -p list values for the secrets from GCP, in a format ready to be exported into bash\n\n" && exit 1; | |
| esac |
| #! /usr/bin/env sh | |
| set -o pipefail | |
| FILEPATH=$1; shift; | |
| function pull_secrets { | |
| MANIFEST=$1; shift; | |
| SECRETS=$(cat "${MANIFEST}" | jq -r '.availableSecrets.secretManager[] | .env + "=" + .versionName'); | |
| PROJECT_ID=$(gcloud projects list --filter $(gcloud config get project) --format="value(PROJECT_NUMBER)") |
| https://github.com/Hammerspoon/hammerspoon/discussions/3379 | |
| https://www.guerrilladigital.cc/2021/02/18/no-elgato-stream-deck-no-problem-i-reprogrammed-my-akai-lpd8-to-work-as-an-obs-scene-switcher/ | |
| -- A quick hammerspoon to use the buttons on my Akai LPD8 | |
| -- which is a pretty fun little drum pad that can be had | |
| -- for $40-50 bucks if you shop around: | |
| -- https://images.reverb.com/image/upload/s--TanFLw05--/t_card-square/v1571420337/zzyfza1vf8wsxjynymgr.jpg | |
| devices = hs.midi.virtualSources() |
