A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
Jeff Lynn jefffm
JayRovacsek
/ kvm.nix
Created
September 14, 2021 10:19
— forked from Nekroze/kvm.nix
NixOS Declarative KVM Guests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Builder for NixOS configurations defined at the end of the file to be built into KVM VM's | |
| { system ? builtins.currentSystem }: | |
| let | |
| loadcfg = cfgfile: { config, pkgs, ...}: { | |
| imports = [ <nixos/modules/virtualisation/qemu-vm.nix> cfgfile ]; | |
| config = { | |
| networking.extraHosts = '' | |
| 176.32.0.254 template | |
| ''; |
ageis
/ systemd_service_hardening.md
Last active
March 7, 2026 03:39
Options for hardening systemd service units
maurisvh
/ spectrogram.py
Last active
January 28, 2026 07:19
ANSI art spectrogram viewer that reads audio from a microphone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import numpy | |
| import pyaudio | |
| import re | |
| import sys | |
| WIDTH = 79 | |
| BOOST = 1.0 |
superduper
/ tornado-unix-socket.py
Last active
October 11, 2019 12:02
Tornado web server with unix socket support
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import tornado.ioloop | |
| import tornado.web | |
| from tornado.httpserver import HTTPServer | |
| from tornado.options import options, define | |
| from tornado.netutil import bind_unix_socket | |
| class MainHandler(tornado.web.RequestHandler): | |
| def get(self): | |
| self.write("Hello, world") | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def shutdown(graceful=True): | |
| """Shut down the application. | |
| If a graceful stop is requested, waits for all of the IO loop's | |
| handlers to finish before shutting down the rest of the process. | |
| We impose a 10 second timeout. | |
| """ | |
| ioloop = tornado.ioloop.IOLoop.instance() | |
| def final_stop(): |