Skip to content

Instantly share code, notes, and snippets.

View pinkeen's full-sized avatar
☢️
Feeling radiant 😎

Filip Sobalski pinkeen

☢️
Feeling radiant 😎
View GitHub Profile
@pinkeen
pinkeen / DOCKER_SYSTEMD_CGROUPV2.md
Last active April 21, 2024 09:50
Run a systemd container using cgroupv2

Run a systemd container using cgroupv2 [NOTES]

In theory this would allow the nested systemd init to manage its own resources via slices and scopes - kind of like with LXC's nested mode but without the nasty security implication of bind mounting the real cgroupfs into the container.

Running a systemd container is not the only thing that this would enable - together with fuse-overlayfs it might allow one to run containers inside containers more securely.

The problem is that by default the nested group is mounted ro into the container which should not be necessary according to my research. It gets mounted rw as expected when userns-remap is enabled in Docker what is not desirable for me. I am not sure if docker/moby/containerd is at fault here or if it's a limitation of Linux control groups or user namespaces. It would be great if som

@pinkeen
pinkeen / settings.json
Created November 19, 2020 23:36
VSCode Include Paths for OSX to fix the freaking missing builtins intellisense error (stdarg, stbool)
{
"C_Cpp.default.systemIncludePath": [
"/Library/Developer/CommandLineTools/usr/include/",
"/Library/Developer/CommandLineTools/usr/lib/clang/12.0.0/include/",
"/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/",
"/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/"
]
}
@pinkeen
pinkeen / streams-websockets.Caddyfile
Last active September 10, 2020 18:13
streamsnproxies caddy
###
# Vhost that terminates HTTPS and also proxies raw TLS connection
# for certain endpoints.
###
https://a-site.example.com {
# Get a certificate and decrypt the traffic as usual.
tls auto
handle /naked {
# Proxy the decrypted traffic to an HTTP backend effectively terminating the HTTPS
@pinkeen
pinkeen / cleanup.gs
Created May 30, 2020 17:26
Clean GMail Google Apps Script
/*************************************************************************************************
* Simple Google Apps script for removing GMail messages
*
* Rationale: If you've got hundreds of thousands of e-mails (automated error reports in my case)
* filling up your account's quota and there's too many of them creating huge threads so
* GMail GUI, IMAP or anything else cannot handle this removal.
*
* Usage: Set up your query and run this script using a trigger every 5/10 minutes - it took days
* for my Inbox to be finally free from the crap.
*************************************************************************************************/
@pinkeen
pinkeen / transfer-network-config
Created April 15, 2020 11:16 — forked from makuk66/transfer-network-config
Notes about using point-to-point links for routing IP addresses in virtual machines
Some experiments, which worked but were eventually not used.
See http://www.greenhills.co.uk/2011/06/10/lxc.html
Now, the next big milestone is to get networking working.
In the config, we told lxc-create to use br0 as the link,
and inside the container we have eth0:
root@thunder:/# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.962e6bb72480 no vethP70LNx
@pinkeen
pinkeen / ssh-tuntap-vpn.md
Last active April 11, 2024 13:44
TunTap pseudo-VPN Over SSH

Poor Man's VPN over SSH

If you have ssh then you can setup a "bridge" to any external network or server in minutes.

This doesn't replace standard VPN solutions, but it has the advantage of being really simple and fast and will serve a lot of use-cases.

Drawbacks

@pinkeen
pinkeen / CSML_IDEAS.md
Last active March 20, 2020 22:25
Computational Solid Modeling Language - IDEA

Computational Solid Modeling Language - IDEA

Lets kickstart the 3D printing open things revolution!

...by creating a vibrant, coherent open things ecosystem modeled after the best practices already established by the Open Source Software community.

  • Purely functional and almost declarative - no mutations or side-effects allowed
  • Transpiled to JS which is then evaluated calling native libs or optimized computation cores for heavy-lifting.
@pinkeen
pinkeen / oom.c
Created January 13, 2020 21:11
Small C tool for testing OOM killers
#include<stdlib.h>
#include<stdio.h>
#include<string.h>
#include<unistd.h>
#include<signal.h>
#define MIB_SZ(SZ) ((SZ) / 0x100000)
#define PER_SZ(SZ, TOTAL) ((SZ * 100) / (TOTAL))
#ifdef __linux__
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import re
import sys
import json
import datetime
import itertools
import traceback
import configparser