- n: Next node.
- p: Previous node.
- u: Parent node.
- l: Last node (e. g. go back after following a hyperlink).
- r: Opposite of l.
- Tab: Move to next hyperlink.
- S-Tab: Move to previous hyperlink.
Lucas Werkmeister lucaswerkmeister
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 3895425 it categoria di un progetto Wikimedia | |
| 3891884 pt categoria de um projeto da Wikimedia | |
| 3888246 nl Wikimedia-categorie | |
| 3888102 en Wikimedia category | |
| 3886361 de Wikimedia-Kategorie | |
| 3861284 fi Wikimedia-luokka | |
| 3855693 pt-br categoria de um projeto da Wikimedia | |
| 3854952 da Wikimedia-kategori | |
| 3854769 nn Wikimedia-kategori | |
| 3854730 nb Wikimedia-kategori |
lucaswerkmeister
/ 0001-Add-ProtectSystem-yes-to-tmux-.service.patch
Created
July 22, 2017 19:10
Patch to make /usr readonly in tmux
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 11877d32d707b9e6e219096a95936239d809cfad Mon Sep 17 00:00:00 2001 | |
| From: Lucas Werkmeister <mail@lucaswerkmeister.de> | |
| Date: Sat, 22 Jul 2017 20:57:07 +0200 | |
| Subject: [PATCH] Add ProtectSystem=yes to tmux@.service | |
| MIME-Version: 1.0 | |
| Content-Type: text/plain; charset=UTF-8 | |
| Content-Transfer-Encoding: 8bit | |
| In the root tmux session, I often view files with Emacs, just for the | |
| syntax highlighting. To make sure I don’t accidentally edit them, let’s |
lucaswerkmeister
/ sandbox.conf
Created
July 22, 2017 17:57
systemd sandbox for Postfix on Debian Stretch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Service] | |
| # change user for worker processes | |
| CapabilityBoundingSet=CAP_SETUID CAP_SETGID | |
| # bind to ports 25 and 587 | |
| CapabilityBoundingSet=CAP_NET_BIND_SERVICE | |
| # explore /var/spool/postfix subdirectories as root (owned by postfix:root, not accessible to group) | |
| CapabilityBoundingSet=CAP_DAC_OVERRIDE | |
| # chroot to /var/spool/postfix | |
| CapabilityBoundingSet=CAP_SYS_CHROOT |
lucaswerkmeister
/ sandbox.conf
Last active
October 22, 2017 14:28
systemd sandbox for Dovecot on Debian Stretch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Service] | |
| # change user for worker processes | |
| CapabilityBoundingSet=CAP_SETUID CAP_SETGID | |
| # bind to ports 143 and 993 | |
| CapabilityBoundingSet=CAP_NET_BIND_SERVICE | |
| # fchown() /var/run/dovecot/login | |
| CapabilityBoundingSet=CAP_CHOWN | |
| # bind to /var/spool/postfix/private/dovecot{-auth} | |
| CapabilityBoundingSet=CAP_DAC_OVERRIDE | |
| # chroot to /var/run/dovecot/empty |
lucaswerkmeister
/ 0001-Add-SpamAssassin-configuration.patch
Created
July 10, 2017 21:41
Configuration for running SpamAssassin, including milter, on Debian Stretch (meant for use in conjunction with Postfix, but Postfix configuration not included)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 14d01236fdd0f7869096db4376ed6c4f2fd95199 Mon Sep 17 00:00:00 2001 | |
| From: Lucas Werkmeister <mail@lucaswerkmeister.de> | |
| Date: Mon, 10 Jul 2017 00:26:34 +0200 | |
| Subject: [PATCH] Add SpamAssassin configuration | |
| MIME-Version: 1.0 | |
| Content-Type: text/plain; charset=UTF-8 | |
| Content-Transfer-Encoding: 8bit | |
| Debian ships services for SpamAssassin, but they’re so weak (short unit | |
| file for spamassassin, unmigrated SysV service for spamass-milter) that |
lucaswerkmeister
/ 0001-Add-dehydrated-config.patch
Last active
July 8, 2017 16:08
Configuration for running dehydrated (ACME client, formerly known as letsencrypt.sh) on Debian Stretch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 75e82fef397e402bf2c49b8c99e6066f976475b6 Mon Sep 17 00:00:00 2001 | |
| From: Lucas Werkmeister <mail@lucaswerkmeister.de> | |
| Date: Sat, 8 Jul 2017 17:41:48 +0200 | |
| Subject: [PATCH] Add dehydrated config | |
| MIME-Version: 1.0 | |
| Content-Type: text/plain; charset=UTF-8 | |
| Content-Transfer-Encoding: 8bit | |
| dehydrated (formerly known as letsencrypt.sh) is a simple ACME client. | |
| This commit adds the default Debian configuration for it, as well as |
lucaswerkmeister
/ BerlinRailwayThings.sparql
Created
June 25, 2017 09:08
“railway things” in Berlin, as classified by LinkedGeoData.org
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #defaultView:Map | |
| PREFIX lgdo: <http://linkedgeodata.org/ontology/> | |
| PREFIX geom: <http://geovocab.org/geometry#> | |
| PREFIX ogc: <http://www.opengis.net/ont/geosparql#> | |
| PREFIX bif: <bif:> | |
| SELECT ?subway ?geometry (SAMPLE(?label) AS ?label) ?layer WHERE { | |
| SERVICE <http://linkedgeodata.org/sparql> { | |
| ?railwayThing a lgdo:RailwayThing; |
lucaswerkmeister
/ emacs-challenge.md
Created
May 14, 2017 18:00
How to undo M-x global-set-key M-x ignore:
- Press F10 to open the menu. (Your terminal emulator might capture that key to open its own menu instead. You’ll have to find a way around that.)
- Navigate to the Buffers menu (3× right arrow key).
- Select the *scratch* buffer.
- In the *scratch* buffer, enter the following command:
(global-set-key "\M-x" 'execute-extended-command)
lucaswerkmeister
/ sandbox.conf
Last active
April 23, 2017 14:20
Sandbox for haveged (place in /etc/systemd/system/haveged.service/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Service] | |
| ProtectSystem=full | |
| ProtectHome=yes | |
| CapabilityBoundingSet=CAP_SYS_ADMIN | |
| PrivateTmp=yes | |
| PrivateDevices=yes | |
| PrivateNetwork=yes | |
| MountFlags=private | |
| SystemCallFilter=~mount umount2 mkdir mkdirat creat mknod unlink unlinkat chmod rename rmdir | |
| SystemCallArchitectures=native |