A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ageis
/ systemd_service_hardening.md
Last active
January 25, 2026 11:05
Options for hardening systemd service units
ageis
/ certbot_exporter.md
Last active
January 19, 2026 09:47
certbot Prometheus exporter (Let's Encrypt metrics)
This is a script written in Python intended to run alongside a certbot instance and export statistics for monitoring purposes. It assumes the existence of certbot in the PATH plus read access to /etc/letsencrypt.
It tracks stuff like: number of certs, number of SANs, expiry time, seconds until expiry, and the status of the certificate per ACME.
Prometheus is a monitoring system and time-series database.
ageis
/ YubiKey-GPG-SSH-guide.md
Last active
January 1, 2026 03:45
Technical guide for using YubiKey series 4 for GPG and SSH
Written for fairly adept technical users, preferably of Debian GNU/Linux, not for absolute beginners.
|
You'll probably be working with a single smartcard, so you'll want only one primary key ( |
ageis
/ .bashrc 02-25-2020
⚠️ NOTE: many paths in sourced scripts and environment variables are specific to my system, but if you dig in I hope you'll find something you can use!
Last active
December 24, 2025 17:50
@ageis's ~/.bashrc 🖥️ with numerous useful functions, aliases and one-liners.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ~/.bashrc: executed by bash(1) for non-login shells. | |
| # kevin gallagher (@ageis) <kevingallagher@gmail.com> | |
| # normally I divide this into separate files: .bashrc, .bash_profile, .bash_aliases and .bash_functions (also .bash_logout), but it's all concatenated here. | |
| ulimit -s unlimited | |
| export MYUID=$(id -u) | |
| export USER="$(id -un)" | |
| if [[ "$TILIX_ID" ]] || [[ "$VTE_VERSION" ]]; then |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [compressor] # Dynamic range compressor | |
| # RMS/peak (float) | |
| compressor-rms-peak=0.100000 | |
| # Attack time (float) | |
| compressor-attack=50.000000 | |
| # Release time (float) | |
| compressor-release=250.000000 | |
| # Threshold level (float) | |
| compressor-threshold=-20.000000 | |
| # Ratio (float) |
ageis
/ Generating stronger DH parameters for nginx
Last active
October 24, 2025 19:39
— forked from plentz/nginx.conf
Generating stronger DH parameters for nginx's SSL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # run in the terminal, then set as ssl_dhparam in nginx.conf | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 |
ageis
/ bitcoin-monitor.md
Last active
June 19, 2025 15:36
Prometheus exporter for monitoring statistics of Bitcoin daemon
This is a script written in Python intended to run alongside a Bitcoin node and export statistics for monitoring purposes. It assumes the existence of bitcoin-cli in the PATH and access to the RPC interface over localhost.
It tracks stuff like: block height, difficulty, number of peers, network hash rate, errors, uptime in seconds, mempool size, size of recent blocks, number of transactions within blocks, chaintips, total bytes received and sent, and transaction inputs and outputs. These Bitcoin metrics are refreshed once every 5 minutes.
Prometheus is a monitoring system and time-series database.
⚠️ Content below I now consider obsolete. My latest guide is now located here: Technical guide for using YubiKey series 4 for GPG and SSH. Please consult that resource instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [user] | |
| email = kevingallagher@gmail.com | |
| name = Kevin M. Gallagher | |
| signingkey = 0x3B324F4FF73BECF8 | |
| [core] | |
| editor = vim | |
| excludesfile = /etc/gitignore | |
| autocrlf = true | |
| compression = 9 | |
| fscache = true |
ageis
/ get-figlet-fonts.sh
Last active
January 23, 2025 01:58
Grab all Figlet fonts in existence (WIP)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Installs as many fonts for Figlet/Toilet as possible from multiple sources. | |
| # Author: Kevin M. Gallagher (@ageis) | |
| #set -u | |
| #set -x | |
| export FIGLET_FONT_DIR=$(figlet -I2) | |
| export TMP_FONT_DIR="$(pwd)/fonts" | |
| export TMP_DEST_DIR="$(pwd)/tmp" | |
| export FONT_REGEX=".*\.\(flf\|tlf\|flc\)$" |
NewerOlder