A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| brew tap homebrew/versions | |
| brew install v8-315 | |
| gem install libv8 -v '3.16.14.13' -- --with-system-v8 | |
| gem install therubyracer -- --with-v8-dir=/usr/local/opt/v8-315 | |
| bundle install |
ageis
/ systemd_service_hardening.md
Last active
November 6, 2025 08:52
Options for hardening systemd service units
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0.0.0.0 api.ad.xiaomi.com | |
| 0.0.0.0 api.admob.xiaomi.com | |
| 0.0.0.0 api.d.xiaomi.com | |
| 0.0.0.0 a.stat.xiaomi.com | |
| 0.0.0.0 tracking.miui.com | |
| 0.0.0.0 cdn.ad.xiaomi.com | |
| 0.0.0.0 data.mistat.xiaomi.com | |
| 0.0.0.0 e.ad.xiaomi.com | |
| 0.0.0.0 globalapi.ad.xiaomi.com | |
| 0.0.0.0 new.api.ad.xiaomi.com |
jfcherng
/ st4-changelog.md
Last active
November 5, 2025 09:53
Sublime Text 4 changelog just because it's not on the official website yet.
This gist will no longer be updated as the changelog will be on the official website.
- Sublime Text/Merge Official Discord chat server: https://discord.gg/D43Pecu
- Sublime Text/Merge 中文 Telegram 交流群組: https://t.me/sublime_tw
Converted via https://domchristie.github.io/turndown
ClamAV can be used in a few different ways. Most importantly, it provides the ability to scan files in realtime (on-access) or to scan the file system periodically.
I tried configuring ClamAV to both perform on-access virus scanning and to perform nightly full filesystem scanning. Using the on-access option did not prove to be very useful, however a scheduled full system scan seems to be of value.
Here is my story.
mtyurt
/ ansible-vim-goto-role-tasks.vim
Last active
August 26, 2025 14:07
With pearofducs/ansible-vim plugin installed, following mapping behaves like `gf`, navigates to role under cursor's tasks/main.yml file. Ideal to be used in playbooks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " vim-plug example | |
| call plug#begin('~/.vim/plugged') | |
| Plug 'pearofducks/ansible-vim' | |
| call plug#end() | |
| let g:ansible_goto_role_paths = './roles,../_common/roles' | |
| function! FindAnsibleRoleUnderCursor() | |
| if exists("g:ansible_goto_role_paths") | |
| let l:role_paths = g:ansible_goto_role_paths |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local wezterm = require 'wezterm'; | |
| return { | |
| color_scheme = "Dracula", | |
| -- colors = { | |
| -- background = "#0c0e14", | |
| -- }, | |
| window_decorations = "NONE", | |
| font = wezterm.font("Iosevka"), | |
| font_size = 10.0, | |
| -- dpi = 192.0, |