A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ageis
/ .bashrc 02-25-2020
⚠️ NOTE: many paths in sourced scripts and environment variables are specific to my system, but if you dig in I hope you'll find something you can use!
Last active
May 10, 2024 02:34
@ageis's ~/.bashrc 🖥️ with numerous useful functions, aliases and one-liners.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ~/.bashrc: executed by bash(1) for non-login shells. | |
| # kevin gallagher (@ageis) <kevingallagher@gmail.com> | |
| # normally I divide this into separate files: .bashrc, .bash_profile, .bash_aliases and .bash_functions (also .bash_logout), but it's all concatenated here. | |
| ulimit -s unlimited | |
| export MYUID=$(id -u) | |
| export USER="$(id -un)" | |
| if [[ "$TILIX_ID" ]] || [[ "$VTE_VERSION" ]]; then |
ageis
/ Generating stronger DH parameters for nginx
Last active
May 5, 2024 12:11
— forked from plentz/nginx.conf
Generating stronger DH parameters for nginx's SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # run in the terminal, then set as ssl_dhparam in nginx.conf | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 |
ageis
/ systemd_service_hardening.md
Last active
May 4, 2024 15:57
Options for hardening systemd service units
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [compressor] # Dynamic range compressor | |
| # RMS/peak (float) | |
| compressor-rms-peak=0.100000 | |
| # Attack time (float) | |
| compressor-attack=50.000000 | |
| # Release time (float) | |
| compressor-release=250.000000 | |
| # Threshold level (float) | |
| compressor-threshold=-20.000000 | |
| # Ratio (float) |
ageis
/ YubiKey-GPG-SSH-guide.md
Last active
March 16, 2024 13:18
Technical guide for using YubiKey series 4 for GPG and SSH
Written for fairly adept technical users, preferably of Debian GNU/Linux, not for absolute beginners.
|
You'll probably be working with a single smartcard, so you'll want only one primary key ( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log-file /home/kevin/.gnupg/dirmngr.log | |
| use-tor | |
| debug-level basic | |
| debug ipc,dns | |
| verbose | |
| disable-ipv6 | |
| keyserver hkps://hkps.pool.sks-keyservers.net | |
| hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem |
⚠️ Content below I now consider obsolete. My latest guide is now located here: Technical guide for using YubiKey series 4 for GPG and SSH. Please consult that resource instead.
ageis
/ certbot_exporter.md
Last active
November 15, 2023 23:22
certbot Prometheus exporter (Let's Encrypt metrics)
This is a script written in Python intended to run alongside a certbot instance and export statistics for monitoring purposes. It assumes the existence of certbot in the PATH plus read access to /etc/letsencrypt.
It tracks stuff like: number of certs, number of SANs, expiry time, seconds until expiry, and the status of the certificate per ACME.
Prometheus is a monitoring system and time-series database.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [user] | |
| email = kevingallagher@gmail.com | |
| name = Kevin M. Gallagher | |
| signingkey = 0x3B324F4FF73BECF8 | |
| [core] | |
| editor = vim | |
| excludesfile = /etc/gitignore | |
| autocrlf = true | |
| compression = 9 | |
| fscache = true |
ageis
/ bitcoin-monitor.md
Last active
February 17, 2023 01:25
Prometheus exporter for monitoring statistics of Bitcoin daemon
This is a script written in Python intended to run alongside a Bitcoin node and export statistics for monitoring purposes. It assumes the existence of bitcoin-cli in the PATH and access to the RPC interface over localhost.
It tracks stuff like: block height, difficulty, number of peers, network hash rate, errors, uptime in seconds, mempool size, size of recent blocks, number of transactions within blocks, chaintips, total bytes received and sent, and transaction inputs and outputs. These Bitcoin metrics are refreshed once every 5 minutes.
Prometheus is a monitoring system and time-series database.
NewerOlder