A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
chozahell
chozahell
/ systemd_service_hardening.md
Created
December 10, 2024 22:16
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
chozahell
/ systemd-security-changes.md
Created
December 1, 2024 15:26
— forked from mishaturnbull/systemd-security-changes.md
To get an overview of the current system:
# systemd-analyze security
You must have Systemd version >= 240 for this to work. Check with systemd-analyze --version. If not... that sucks I guess? I don't know of a way to upgrade without horribly breaking everything.
chozahell
/ README.md
Created
November 24, 2024 22:08
— forked from ArgonQQ/README.md
Brew install specific version / Locally freeze version
chozahell
/ add-logging.yaml
Created
October 28, 2024 17:03
— forked from corso75/add-logging.yaml
cloud-init features examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| output: | |
| init: | |
| output: "> /var/log/cloud-init.out" | |
| error: "> /var/log/cloud-init.err" | |
| config: "tee -a /var/log/cloud-config.log" | |
| final: | |
| - ">> /var/log/cloud-final.out" | |
| - "/var/log/cloud-final.err" |
chozahell
/ NetworkingFirecracker.md
Created
October 18, 2024 20:22
— forked from s8sg/NetworkingFirecracker.md
Networking with Firecracker
Create Bridge interface on the host and give internet access
sudo ip link add name br0 type bridge
sudo ip addr add 172.20.0.1/24 dev br0
sudo ip link set dev br0 up
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables --table nat --append POSTROUTING --out-interface enp3s0 -j MASQUERADE
sudo iptables --insert FORWARD --in-interface br0 -j ACCEPT
Create a tap device and link to the bridge
chozahell
/ templates.go
Created
October 13, 2023 22:23
— forked from xeoncross/templates.go
Creative use of yeld and custom filepath walking to load templates with inheritance. https://www.kylehq.com/2017/05/golang-templates---what-i-missed/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Note that the templateFuncs refer to my apps helper package, left here | |
| // in this example to help. | |
| // Heavily inspired by the book https://www.sitepoint.com/premium/books/level-up-your-web-apps-with-go | |
| // https://gitlab.com/snippets/1662623 | |
| // https://www.kylehq.com/2017/05/golang-templates---what-i-missed/ | |
| package templates | |
| import ( | |
| "bytes" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| zshzoo/zfunctions | |
| zsh-users/zsh-completions | |
| ohmyzsh/ohmyzsh path:plugins/colored-man-pages | |
| ## | |
| zsh-users/zsh-syntax-highlighting | |
| zsh-users/zsh-history-substring-search | |
| zsh-users/zsh-autosuggestions |