A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
#!/bin/bash | |
# ~/.bashrc: executed by bash(1) for non-login shells. | |
# kevin gallagher (@ageis) <kevingallagher@gmail.com> | |
# normally I divide this into separate files: .bashrc, .bash_profile, .bash_aliases and .bash_functions (also .bash_logout), but it's all concatenated here. | |
ulimit -s unlimited | |
export MYUID=$(id -u) | |
export USER="$(id -un)" | |
if [[ "$TILIX_ID" ]] || [[ "$VTE_VERSION" ]]; then |
# run in the terminal, then set as ssl_dhparam in nginx.conf | |
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 |
[compressor] # Dynamic range compressor | |
# RMS/peak (float) | |
compressor-rms-peak=0.100000 | |
# Attack time (float) | |
compressor-attack=50.000000 | |
# Release time (float) | |
compressor-release=250.000000 | |
# Threshold level (float) | |
compressor-threshold=-20.000000 | |
# Ratio (float) |
You'll probably be working with a single smartcard, so you'll want only one primary key ( |
log-file /home/kevin/.gnupg/dirmngr.log | |
use-tor | |
debug-level basic | |
debug ipc,dns | |
verbose | |
disable-ipv6 | |
keyserver hkps://hkps.pool.sks-keyservers.net | |
hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem |
This is a script written in Python intended to run alongside a certbot instance and export statistics for monitoring purposes. It assumes the existence of certbot in the PATH plus read access to /etc/letsencrypt
.
It tracks stuff like: number of certs, number of SANs, expiry time, seconds until expiry, and the status of the certificate per ACME.
Prometheus is a monitoring system and time-series database.
[user] | |
email = kevingallagher@gmail.com | |
name = Kevin M. Gallagher | |
signingkey = 0x3B324F4FF73BECF8 | |
[core] | |
editor = vim | |
excludesfile = /etc/gitignore | |
autocrlf = true | |
compression = 9 | |
fscache = true |
This is a script written in Python intended to run alongside a Bitcoin node and export statistics for monitoring purposes. It assumes the existence of bitcoin-cli in the PATH and access to the RPC interface over localhost.
It tracks stuff like: block height, difficulty, number of peers, network hash rate, errors, uptime in seconds, mempool size, size of recent blocks, number of transactions within blocks, chaintips, total bytes received and sent, and transaction inputs and outputs. These Bitcoin metrics are refreshed once every 5 minutes.
Prometheus is a monitoring system and time-series database.