Skip to content

Instantly share code, notes, and snippets.

View mikroskeem's full-sized avatar
👻

Mark Vainomaa mikroskeem

👻
141 followers · 29 following
View GitHub Profile
@mikroskeem
mikroskeem / systemd_service_hardening.md
Created September 24, 2021 15:30 — forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@mikroskeem
mikroskeem / rosetta.nix
Created September 18, 2021 14:58
Get Rosetta working with Nix (nix-darwin) on macOS with sandbox enabled
{ config, lib, stdenv, ... }: {
nix.useSandbox = true; # Here for sake of clarity
nix.sandboxPaths = lib.optionals (config.nix.useSandbox && stdenv.isAarch64) [
"/private/var/db/oah" # aot files
"/Library/Apple" # rosetta runtime
];
}
@mikroskeem
mikroskeem / circle.nix
Created August 11, 2021 15:40
{ stdenv, lib, fetchurl, autoPatchelfHook, zlib, elfutils, libuuid }:
stdenv.mkDerivation rec {
pname = "circle-unwrapped";
version = "130";
src = fetchurl {
url = "https://circle-lang.org/linux/build_${version}.tgz";
sha256 = "06pp5c1103zabzpc5crrrpf9fqraf4cjz716f94zf98g5ngbjapr";
};
@mikroskeem
mikroskeem / mcbe.nix
Last active August 11, 2021 15:41
Minecraft: Bedrock Edition dedicated server on Nix(OS)
# nix-build -E 'with import <nixpkgs> { }; callPackage ./mcbe.nix { }'
{ stdenv, lib, fetchzip, autoPatchelfHook, openssl, zlib }:
stdenv.mkDerivation rec {
pname = "minecraft-bedrock-server";
version = "1.17.11.01";
src = fetchzip {
url = "https://minecraft.azureedge.net/bin-linux/bedrock-server-${version}.zip";
@mikroskeem
mikroskeem / gist:a3bfd2c7bb9c4795fc892f71772abb75
Created July 24, 2021 20:12
Loading libraries, please wait...
Jul 20, 2021 4:51:48 PM org.jline.utils.Log logr
WARNING: Unable to retrieve infocmp for type tmux-256color
java.io.IOException: Cannot run program "infocmp": error=2, No such file or directory
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1142)
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1073)
at org.jline.utils.InfoCmp.getInfoCmp(InfoCmp.java:547)
at org.jline.terminal.impl.AbstractTerminal.parseInfoCmp(AbstractTerminal.java:187)
at org.jline.terminal.impl.PosixSysTerminal.<init>(PosixSysTerminal.java:44)
at org.jline.terminal.TerminalBuilder.doBuild(TerminalBuilder.java:365)
@mikroskeem
mikroskeem / check_usage.sh
Last active May 30, 2021 22:19
Check where ZFS dataset is in use
#!/usr/bin/env bash
set -euo pipefail
dataset="${1}"
dstype="$(zfs get -H -o value type "${dataset}")"
selfmntns="$(readlink "/proc/self/ns/mnt")"
get_mp_status () {
proc="${1}"
@mikroskeem
mikroskeem / no-iptables.conf
Created May 29, 2021 16:20
Disable iptables support
# /etc/modprobe.d/no-iptables.conf
install ip_tables /bin/false
install ip6_tables /bin/false
install x_tables /bin/false
install iptable_filter /bin/false
install iptable_mangle /bin/false
install iptable_nat /bin/false
install ip6table_filter /bin/false
@mikroskeem
mikroskeem / build.sh
Created December 10, 2020 05:54
Built Spigot on Concourse
#!/bin/sh
fly -t zentria-public execute --config=./task.yml --output=jars=./jars
@mikroskeem
mikroskeem / docker-compose.yml
Created November 30, 2020 09:59
Quick maddy deployment
version: '2.4'
services:
maddy:
image: foxcpp/maddy:latest
restart: unless-stopped
volumes:
- data:/data
- ./maddy.conf:/data/maddy.conf:ro
- ./certs/tls_fullchain.pem:/data/tls_fullchain.pem:ro
@mikroskeem
mikroskeem / nls-rewrite.clj
Created October 25, 2020 19:37
rewrite https://github.com/flori-schwa/VarLight nls files
(require '[clojure.java.io :as io])
(def files
["r.-1.-1.nls"
"r.-1.0.nls"
"r.0.-1.nls"
"r.0.0.nls"])
(def use-deflate true)