A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ageis
/ systemd_service_hardening.md
Last active
July 23, 2024 01:07
Options for hardening systemd service units
ageis
/ Generating stronger DH parameters for nginx
Last active
July 19, 2024 15:00
— forked from plentz/nginx.conf
Generating stronger DH parameters for nginx's SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # run in the terminal, then set as ssl_dhparam in nginx.conf | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 |
ageis
/ YubiKey-GPG-SSH-guide.md
Last active
July 5, 2024 09:20
Technical guide for using YubiKey series 4 for GPG and SSH
Written for fairly adept technical users, preferably of Debian GNU/Linux, not for absolute beginners.
|
You'll probably be working with a single smartcard, so you'll want only one primary key ( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # Original author: NIIBE Yutaka <gniibe@fsij.org> | |
| # URL: https://dev.gnupg.org/T3823 | |
| # Usage: ./kdf-do-setup.sh | |
| GPG_CONNECT_AGENT=gpg-connect-agent | |
| PW_USER="123456" | |
| PW_ADMIN="12345678" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [compressor] # Dynamic range compressor | |
| # RMS/peak (float) | |
| compressor-rms-peak=0.100000 | |
| # Attack time (float) | |
| compressor-attack=50.000000 | |
| # Release time (float) | |
| compressor-release=250.000000 | |
| # Threshold level (float) | |
| compressor-threshold=-20.000000 | |
| # Ratio (float) |
⚠️ Content below I now consider obsolete. My latest guide is now located here: Technical guide for using YubiKey series 4 for GPG and SSH. Please consult that resource instead.
ageis
/ bitcoin-monitor.md
Last active
June 5, 2024 01:36
Prometheus exporter for monitoring statistics of Bitcoin daemon
This is a script written in Python intended to run alongside a Bitcoin node and export statistics for monitoring purposes. It assumes the existence of bitcoin-cli in the PATH and access to the RPC interface over localhost.
It tracks stuff like: block height, difficulty, number of peers, network hash rate, errors, uptime in seconds, mempool size, size of recent blocks, number of transactions within blocks, chaintips, total bytes received and sent, and transaction inputs and outputs. These Bitcoin metrics are refreshed once every 5 minutes.
Prometheus is a monitoring system and time-series database.
ageis
/ Options apt can pass to dpkg when [re]installing packages and fixing configurations
Last active
May 28, 2024 10:22
dpkg-force-help.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Usage: apt-get -o "Dpkg::options==--option" --reinstall install <package> | |
| $ dpkg --force-help | |
| [!] all Set all force options | |
| [*] downgrade Replace a package with a lower version | |
| configure-any Configure any package which may help this one | |
| hold Process incidental packages even when on hold | |
| not-root Try to (de)install things even when not root | |
| bad-path PATH is missing important programs, problems likely | |
| bad-verify Install a package even if it fails authenticity check |
ageis
/ .bashrc 02-25-2020
⚠️ NOTE: many paths in sourced scripts and environment variables are specific to my system, but if you dig in I hope you'll find something you can use!
Last active
May 10, 2024 02:34
@ageis's ~/.bashrc 🖥️ with numerous useful functions, aliases and one-liners.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ~/.bashrc: executed by bash(1) for non-login shells. | |
| # kevin gallagher (@ageis) <kevingallagher@gmail.com> | |
| # normally I divide this into separate files: .bashrc, .bash_profile, .bash_aliases and .bash_functions (also .bash_logout), but it's all concatenated here. | |
| ulimit -s unlimited | |
| export MYUID=$(id -u) | |
| export USER="$(id -un)" | |
| if [[ "$TILIX_ID" ]] || [[ "$VTE_VERSION" ]]; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log-file /home/kevin/.gnupg/dirmngr.log | |
| use-tor | |
| debug-level basic | |
| debug ipc,dns | |
| verbose | |
| disable-ipv6 | |
| keyserver hkps://hkps.pool.sks-keyservers.net | |
| hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem |
NewerOlder