Skip to content

Instantly share code, notes, and snippets.

View JTarasovic's full-sized avatar

Jason Tarasovic JTarasovic

12 followers · 24 following
View GitHub Profile
@mweinelt
mweinelt / network.nix
Last active March 1, 2025 08:37
NixOS 22.11 Router on VDSL with IPv6 Prefix Delegation, ULA addressing, VLANs on top of Bonding.
{ lib, ... }:
{
# Enable forwarding between all interfaces, restrictions between
# individual links are enforced by firewalling.
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = lib.mkForce 1;
"net.ipv4.forward" = lib.mkForce 1;
};
systemd.network.config = {
@xt0rted
xt0rted / README.md
Last active May 15, 2025 12:37
Auto-merge Dependabot PRs for minor & patch updates

README

Note

I'm now using a newer version of this workflow that supports an allow list for individual packages and update groups which can be found here:

If you're using a workflow like this and need to manage secrets in multiple repos xt0rted/secrets-sync can simplify that. This lets you add secrets to one repo and sync them to many repos. There's also a template you can fork to get started quickly with it.

Personal Access Token

@umbernhard
umbernhard / arch-secure-install.md
Last active April 14, 2025 12:57
Building a Secure Arch Linux Device

Building a Secure Arch Linux Device

Locking down a linux machine is getting easier by the day. Recent advancements in systemd-boot have enabled a host of features to help users ensure that their machines have not been tampered with. This guide provides a walkthrough of how to turn on many of these features during installation, as well as reasoning for why certain features help improve security.

The steps laid out below draw on a wide variety of existing resources, and in places I'll point to them rather than attempt to regurgitate full explanations of the various security components. The most significant one, which I highly encourage everyone to read, is Rod Smith's site about secure boot, which is the most comprehensive and cogent explanation of UEFI, boot managers and boot loaders, and secure boot. Another incredibly useful resources is Safeboot, which encapsulates many of the setup steps below in a Debian application.

@arthurk
arthurk / gist:ab9ced56ce78bb8309599ccc62fa2576
Created June 1, 2020 03:50
fetch list images from GCR via service account
#!/usr/bin/env bash
set -euo pipefail
######################
# Script that fetches a list of all images from GCR
# uses 3 different users in GCR
######################
keyfile="gcr-svc-acc-keyfile.json"
projectName="example-project"
@ldez
ldez / gmail-github-filters.md
Last active May 13, 2025 04:48
Gmail and GitHub - Filters

Gmail and GitHub

How to filter emails from GitHub in Gmail and flag them with labels.

The labels in this document are just examples.

Pull Request

Filter Label
@nerdtalker
nerdtalker / EXIFmover.py
Last active April 8, 2017 14:34
EXIFmover - Moves Dropbox Camera uploaded Images into sensible directories
# Name: EXIFmover.py
# Author: Brian Klug (@nerdtalker / [email protected])
# Purpose:
# Move Files into directory based on EXIF data make and model
# Designed to un-clusterfuck the Dropbox camera upload directory which is a mess of every
# JPEG and PNG ever if you use it like I do on a bunch of phones, and thus totally unwieldy
# and full of images sorted by date or else nothing sometimes, dropbox seems nondeterminstic
# Moves files into /[Image Make]+[Image Model]/ eg /Camera Uploads/LGE Nexus 4/