A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ProtectHome=read-only
ProtectControlGroups=yes
ProtectKernelModules=yes
Kinnaird McQuade kmcquade
kmcquade
/ 0.12.tf
Created
May 27, 2019 19:25
— forked from tuannvm/0.12.tf
#terraform #hashicorp #cheatsheet #0.12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # first class expresssion | |
| variable "ami" {} | |
| resource "aws_instance" "example" { | |
| ami = var.ami | |
| } | |
| ### | |
| # list & map | |
| resource "aws_instance" "example" { |
kmcquade
/ systemd_service_hardening.md
Created
April 29, 2019 17:37
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
kmcquade
/ jetbrains-live-templates.md
Last active
September 22, 2021 19:14
My Intellij Live Templates || VSCode Code snippets for Terraform
Files are below.
For VSCode, paste it here: https://snippet-generator.app/
kmcquade
/ gist:6e3fdb7bfe43a56b9868fa96566ad6c3
Last active
March 17, 2019 18:08
— forked from Ray33/gist:ba189a729d81babc99d7cef0fb6fbcd8
Amazon Elastic Network Adapter (ENA) on CentOS 7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo su | |
| yum --enablerepo=extras install epel-release | |
| yum -y install patch dkms kernel-devel perl | |
| yum update | |
| reboot | |
| sudo su |
kmcquade
/ Makefile
Created
March 9, 2019 01:02
— forked from mpneuried/Makefile
Simple Makefile to build, run, tag and publish a docker containier to AWS-ECR
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # import config. | |
| # You can change the default config with `make cnf="config_special.env" build` | |
| cnf ?= config.env | |
| include $(cnf) | |
| export $(shell sed 's/=.*//' $(cnf)) | |
| # import deploy config | |
| # You can change the default deploy config with `make cnf="deploy_special.env" release` | |
| dpl ?= deploy.env | |
| include $(dpl) |
kmcquade
/ jenkins-decrypt.md
Last active
March 5, 2025 07:01
— forked from tuxfight3r/jenkins-decrypt.groovy
Decrypting Jenkins Password
- Go to the "Configure System" screen.
- Right click on a password field, Inspect element, then change to "text" instead of "password".
- Copy that field and then go to the Script Console. Paste the below into the field, replace with your encrypted password, and then hit "run".
encrypted_pw = '{your_encrypted_password_with_brackets_around_it}'
passwd = hudson.util.Secret.decrypt(encrypted_pw)
println(passwd)
kmcquade
/ copy-ssm-parameters
Created
February 28, 2019 23:46
— forked from mvanholsteijn/copy-ssm-parameters
script to copy all SSM parameter store parameters to disk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # copy all SSM parameter store parameters to disk | |
| # | |
| import os, sys, argparse, boto3 | |
| parser = argparse.ArgumentParser(description='copy all parameter values to local') | |
| parser.add_argument("--path", dest="path", required=True, | |
| help="to copy the keys from", metavar="STRING") | |
| parser.add_argument("--directory", dest="directory", required=True, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### Working directories ##### | |
| tmp | |
| _notes | |
| ##### Technologies ##### | |
| #### Terraform | |
| # Local .terraform directories | |
| **/.terraform/* | |
| *.plan |
kmcquade
/ cloud-config.yml
Created
December 24, 2018 22:49
— forked from justinsoliz/cloud-config.yml
Terraform definition for Jenkins with ECS, EFS, CoreOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| write-files: | |
| - path: /etc/conf.d/nfs | |
| permissions: '0644' | |
| content: | | |
| OPTS_RPC_MOUNTD="" | |
| coreos: | |
| units: | |
| - name: update-engine.service |
kmcquade
/ get_aws_profile_keys.py
Created
December 6, 2018 16:03
Simple python script to grab profile-specific keys from aws credentials file for environment variables export
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| import ConfigParser | |
| import os | |
| import sys | |
| from os.path import expanduser | |
| config = ConfigParser.RawConfigParser() | |
| # credentials_file: The file where this script will grab the temp creds | |
| credentials_file = '/.aws/credentials' |