Skip to content

Instantly share code, notes, and snippets.

View dochang's full-sized avatar

Wade Zhang dochang

View GitHub Profile

(Note: I wrote this up quickly and without a lot of research, so there are probably inaccuracies. However, I wanted to put this out there in case it helps someone else hitting this issue. Github gists like this unfortunately don't have comment notifications, so if you want me to send me a comment, use my email [email protected] and not the comments.)

Problem: Can't use sudo command-limiting in Ansible

The ability to limit sudo users to only be able to execute certain commands doesn't work with Ansible (without a workaround).

This isn't a problem if you're running Ansible as a super-user like root, but if you are allowing others to run Ansible on your systems in order to do things like application deploys, then you need a way to limit their access to the system for basic security.

For example, a line in /etc/sudoers like this:

@halberom
halberom / 00_description
Last active April 14, 2022 19:23
ansible - example of using filters to change each item in a list
The problem:
I wanted to use the jinja 'map' filter to modify each item in a string, in this simple
example, adding '.conf' to each item.
The 'format' filter in jinja takes arguments (value, *args, **kwargs). Unfortunately,
it uses 'value' as the pattern. When called inside map 'value' is the current item in
the list, or in other words *args as far as format is concerned. So it's the wrong way
around.
@rponte
rponte / get-latest-tag-on-git.sh
Last active September 16, 2025 08:48
Getting latest tag on git repository
# The command finds the most recent tag that is reachable from a commit.
# If the tag points to the commit, then only the tag is shown.
# Otherwise, it suffixes the tag name with the number of additional commits on top of the tagged object
# and the abbreviated object name of the most recent commit.
git describe
# With --abbrev set to 0, the command can be used to find the closest tagname without any suffix:
git describe --abbrev=0
# other examples
@vkostyukov
vkostyukov / statuses.md
Last active May 15, 2025 19:29
HTTP status codes used by world-famous APIs
API Status Codes
[Twitter][tw] 200, 304, 400, 401, 403, 404, 406, 410, 420, 422, 429, 500, 502, 503, 504
[Stripe][stripe] 200, 400, 401, 402, 404, 429, 500, 502, 503, 504
[Github][gh] 200, 400, 422, 301, 302, 304, 307, 401, 403
[Pagerduty][pd] 200, 201, 204, 400, 401, 403, 404, 408, 500
[NewRelic Plugins][nr] 200, 400, 403, 404, 405, 413, 500, 502, 503, 503
[Etsy][etsy] 200, 201, 400, 403, 404, 500, 503
[Dropbox][db] 200, 400, 401, 403, 404, 405, 429, 503, 507
@edolstra
edolstra / nix-ui.md
Last active August 16, 2025 00:03
Nix UI

General notes

  • nix-channel and ~/.nix-defexpr are gone. We'll use $NIX_PATH (or user environment specific overrides configured via nix set-path) to look up packages. Since $NIX_PATH supports URLs nowadays, this removes the need for channels: you can just set $NIX_PATH to e.g. https://nixos.org/channels/nixos-15.09/nixexprs.tar.xz and stay up to date automatically.

  • By default, packages are selected by attribute name, rather than the name attribute. Thus nix install hello is basically equivalent to nix-env -iA hello. The attribute name is recorded in the user environment manifest and used in upgrades. Thus (at least by default) hello won't be upgraded to helloVariant.

    @vcunat suggested making this an arbitrary Nix expression rather than an attrpath, e.g. firefox.override { enableFoo = true; }. However, such an expression would not have a key in the user environment, unlike an attrpath. Better to require an explicit flag for this.

TBD: How to deal with search path clashes.

@CMCDragonkai
CMCDragonkai / regular_expression_engine_comparison.md
Last active September 26, 2025 08:50
Regular Expression Engine Comparison Chart

Regular Expression Engine Comparison Chart

Many different applications claim to support regular expressions. But what does that even mean?

Well there are lots of different regular expression engines, and they all have different feature sets and different time-space efficiencies.

The information here is just copied from: http://regular-expressions.mobi/refflavors.html

@joshschmelzle
joshschmelzle / remap-capslock-to-control-win10.md
Last active October 19, 2025 20:02
Remap Caps Lock to Control on Windows 10

Ways to remap caps lock to control on Windows 10

These methods in this gist worked for me on my U.S.-based keyboard layouts. I am unsure about other layouts. If you have problems, revert your changes; delete the registry key you created (and reboot).

Update: you should probably scroll down to approach 4 where I suggest using Microsoft PowerToys Keyboard Manager.

Approach 1. Manually through regedit

Navigate to and create a new binary value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout named Scancode Map.

@lisawolderiksen
lisawolderiksen / git-commit-template.md
Last active October 24, 2025 00:57
Use a Git commit message template to write better commit messages

Using Git Commit Message Templates to Write Better Commit Messages

The always enthusiastic and knowledgeable mr. @jasaltvik shared with our team an article on writing (good) Git commit messages: How to Write a Git Commit Message. This excellent article explains why good Git commit messages are important, and explains what constitutes a good commit message. I wholeheartedly agree with what @cbeams writes in his article. (Have you read it yet? If not, go read it now. I'll wait.) It's sensible stuff. So I decided to start following the