A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
zenofile zenofile
zenofile
/ extreme-benchmark-environment.yaml
Created
May 21, 2021 20:43
— forked from talawahtech/extreme-benchmark-environment.yaml
CloudFormation template for "Extreme HTTP Performance Tuning" post: https://talawah.io/blog/extreme-http-performance-tuning-one-point-two-million/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Extreme Performance Tuning Benchmark Environment | |
| Parameters: | |
| AmiId: | |
| Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> | |
| Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' |
zenofile
/ systemd_service_hardening.md
Created
May 14, 2021 21:32
— forked from ageis/systemd_service_hardening.md
Options for hardening systemd service units
zenofile
/ script-template.sh
Created
December 16, 2020 18:37
— forked from m-radzikowski/script-template.sh
Minimal safe Bash script template - see the article with full description: https://betterdev.blog/minimal-safe-bash-script-template/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -Eeuo pipefail | |
| trap cleanup SIGINT SIGTERM ERR EXIT | |
| script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) | |
| usage() { | |
| cat <<EOF | |
| Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...] |
zenofile
/ RISC-V.md
Created
November 2, 2020 16:30
— forked from erincandescent/RISC-V.md
This document was originally written several years ago. At the time I was working as an execution core verification engineer at Arm. The following points are coloured heavily by working in and around the execution cores of various processors. Apply a pinch of salt; points contain varying degrees of opinion.
It is still my opinion that RISC-V could be much better designed; though I will also say that if I was building a 32 or 64-bit CPU today I'd likely implement the architecture to benefit from the existing tooling.
Mostly based upon the RISC-V ISA spec v2.0. Some updates have been made for v2.2
The RISC-V ISA has pursued minimalism to a fault. There is a large emphasis on minimizing instruction count, normalizing encoding, etc. This pursuit of minimalism has resulted in false orthogonalities (such as reusing the same instruction for branches, calls and returns) and a requirement for superfluous instructions which impacts code density both in terms of size and
zenofile
/ github2Gitea.js
Created
October 9, 2020 16:59
— forked from lrecknagel/github2Gitea.js
a small nodejs module to migrate a list of github repos (FROM A ORGANIZATION) to gitea
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fetch = require('node-fetch'), | |
| FormData = require('form-data'); | |
| // your gitea domain without trailing slash | |
| const GITEA_DOMAIN = 'https://subdomain.domain.xyz'; | |
| // you can find this variables when you visit your gitea installation | |
| // open dev-tools and look in the Cookies section | |
| const i_like_gitea = 'YOUR_I_LIKE_GITEA_STRING'; | |
| const gitea_awesome = 'YOUR_GITEA_AWESOME_STRING'; |
zenofile
/ make_current_arm64_rpi_kernel_debs.sh
Last active
February 3, 2021 14:40
— forked from satmandu/make_current_arm64_rpi_kernel_debs.sh
Make arm64 deb packages for the offical Raspberry Pi Foundation arm64 kernels + NOW INSTALLS headers package too.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -x | |
| # make_arm64_rpi_kernel_debs.sh | |
| # Builds arm64 debian packages from the CURRENT rpi firmware repository kernel which is installed by: | |
| # sudo rpi-update | |
| # This runs on an arm64 host with arm64 compilation tools... | |
| # or with some sort of cross-compilation setup. | |
| # Debs are put in $workdir/build | |
| # | |
| # This will NOT work in Raspbian unless you have an arm64 compilation | |
| # environment setup. Appears to work on |
zenofile
/ samizdat-shell-help.bash
Created
July 9, 2020 14:09
— forked from kovetskiy/samizdat-shell-help.bash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ### | |
| ### my-script — does one thing well | |
| ### | |
| ### Usage: | |
| ### my-script <input> <output> | |
| ### | |
| ### Options: | |
| ### <input> Input file to read. | |
| ### <output> Output file to write. Use '-' for stdout. |
zenofile
/ doom.txt
Created
June 18, 2020 09:28
— forked from hjertnes/doom.txt
Doom Emacs Cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SPC | |
| SPC: find file | |
| , switch buffer | |
| . browse files | |
| : MX | |
| ; EX | |
| < switch buffer | |
| ` eval | |
| u universal arg | |
| x pop up scratch |
zenofile
/ gpg-wkd.md
Created
May 8, 2020 08:33
— forked from kafene/gpg-wkd.md
Setting up WKD for self-hosted automatic key discovery
I just got this working so I figured I'd share what I found, since there's hardly any information about this anywhere online except an RFC, the GPG mailing list and one tutorial from the GnuPG blog.
You can use automatic key discovery with WKD (Web key directory) to make it easy for users to import your key, in GPG since version 2.1.12. Since this feature is fairly new, it isn't yet available in the current LTS release of Ubuntu (16.04; xenial), however it is available in Debian stable (stretch).
I couldn't add a DNS CERT or DANE / OPENPGPKEY record through my email service (which also hosts my nameservers). I tried making the PKA record - a foo._pka.example.com TXT record but GPG doesn't seem to recognize it and fails; I'm still investigating why.
So the last option for self-hosted auto-discovery was WKD.
First thing I had to do was add an email address to my key. My primary UID is just my name so the key represents my identity rather
zenofile
/ myweechat.md
Created
December 5, 2019 21:30
— forked from pascalpoitras/1.md
My always up-to-date WeeChat configuration (weechat-dev)
