security and hardening options for systemd service units
A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
monodot
/ values.yaml
Created
November 3, 2023 13:09
Example values.yaml for Grafana Agent to scrape Pod logs from Kubernetes and ship to Loki
View values.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| agent: | |
| mounts: | |
| varlog: true | |
| configMap: | |
| content: | | |
| logging { | |
| level = "info" | |
| format = "logfmt" | |
| } |
monodot
/ gist:f63f2c478273d091c1cf56a42f9d6087
Created
September 8, 2023 14:18
View gist:f63f2c478273d091c1cf56a42f9d6087
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| all | |
| analytics | |
| cache-generation-loader | |
| compactor | |
| distributor | |
| ingester | |
| ingester-querier | |
| querier | |
| query-frontend | |
| query-scheduler |
monodot
/ transactions.json
Created
July 26, 2023 15:45
View transactions.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "transactions": [ | |
| { | |
| "transaction_id": "a6fbc63d-27ae-4d8a-bd01-2e879c82c122", | |
| "timestamp": "2023-07-26 10:15:30", | |
| "sender": "0x3fC2b08dD64eFe84F4E98583F66fAa3105581D8a", | |
| "receiver": "0x1B74d2F8947A9c3b32a8C35F44E28e1395d18b98", | |
| "amount": 0.025, | |
| "currency": "ETH", | |
| "hash": "f3f57bf8b6a5f6c1a2dd55a276d679ccdf957ed234521e60784d1a18f3ea6c43" |
View subst.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # cat <<EOF | ./subst.sh zzzlucy | |
| # name=Lucy | |
| # weather="Good, how about you?!" | |
| # family=Smith | |
| # EOF | |
| set -a |
monodot
/ systemd_service_hardening.md
Created
September 23, 2022 12:12
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
View systemd_service_hardening.md
monodot
/ load-averages.csv
Created
June 26, 2021 19:54
Load averages over a 15 minute period - when running a stress-ng test
View load-averages.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Time | 1min | 5min | 15min | |
|---|---|---|---|---|
| 14:08:59 | 0.93 | 1.10 | 1.28 | |
| 14:09:09 | 0.86 | 1.08 | 1.27 | |
| 14:09:19 | 0.95 | 1.09 | 1.27 | |
| 14:09:29 | 0.95 | 1.09 | 1.27 | |
| 14:09:39 | 1.25 | 1.15 | 1.29 | |
| 14:09:49 | 1.21 | 1.14 | 1.28 | |
| 14:09:59 | 1.18 | 1.14 | 1.28 | |
| 14:10:09 | 1.15 | 1.13 | 1.27 | |
| 14:10:19 | 1.13 | 1.13 | 1.27 |
monodot
/ source-connector-debs.yaml
Created
February 17, 2021 11:12
View source-connector-debs.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: "kafka.strimzi.io/v1alpha1" | |
| kind: KafkaConnector | |
| metadata: | |
| name: bd6-mongo-connector | |
| labels: | |
| strimzi.io/cluster: my-connect-cluster | |
| spec: | |
| class: io.debezium.connector.mongodb.MongoDbConnector | |
| image: "quay.io/tdonohue/debenhams-mongo:latest" | |
| config: |
monodot
/ 00-openshift-example-deploy-nginx.md
Last active
January 4, 2021 15:04
Deploy nginx on OpenShift - example
View 00-openshift-example-deploy-nginx.md
OpenShift Example: Deploy nginx web server by creating resources from YAML files
Let's deploy nginx!
We'll create a Deployment, a Service and a Route. 🥔🥔
- We create a Deployment to run the
nginx-unprivilegedimage (this Nginx image doesn't run nginx as root - because OpenShift doesn't like that!) - We create a Service which load balances between the pods in the Deployment.
- We create a Route which forwards traffic onto the Service, and the Pods!
View GetAllBooksResponse.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.cleverbuilder.bookservice; | |
| import java.util.ArrayList; | |
| import java.util.List; | |
| import javax.xml.bind.annotation.XmlAccessType; | |
| import javax.xml.bind.annotation.XmlAccessorType; | |
| import javax.xml.bind.annotation.XmlElement; | |
| import javax.xml.bind.annotation.XmlRootElement; | |
| import javax.xml.bind.annotation.XmlType; |
View ublock-filters.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ! 21/03/2020 https://twitter.com - remove annoyances/distractions | |
| ! Remove the annoying attention-sapping stuff: trending now, who to follow | |
| twitter.com##div[aria-label='Timeline: Trending now'] | |
| twitter.com##aside[aria-label='Who to follow'] | |
| ! 2020-10-03 Medium google login distraction | |
| medium.com##div[id='credential_picker_container'] |
NewerOlder