Thomas Leister ThomasLeister

## rspamd-whitelisting.md

      
              1 file
            
          
              8 forks
            
          
              17 comments
            
          
              27 stars
            
          
                ThomasLeister
                / rspamd-whitelisting.md
            
            
              Last active
              March 20, 2024 19:31
            
              
                How to whitelist IP addresses or domains in Rspamd
              
          
    Whitelist IP addresses based on pre-filter policy

/etc/rspamd/local.d/multimap.conf:
  IP_WHITELIST {
      type = "ip";
      prefilter = true;
      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
 action = "accept";


## auto-start-tmux-ssh.txt
Put these lines into your server's .bashrc:
##
## TMUX auto attach
##
if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then      # if this is an SSH session
    if which tmux >/dev/null 2>&1; then                 # check if tmux is installed
            if [[ -z "$TMUX" ]] ;then                   # do not allow "tmux in tmux"
                    ID="$( tmux ls | grep -vm1 attached | cut -d: -f1 )"    # get the id of a deattached session
                    if [[ -z "$ID" ]] ;then                                 # if not available create a new one
                            tmux new-session

## mastodon-tootctl-media-purge.txt
This is how to automatically delete cached image previews from your Mastodon instance if they are older than 7 days.
Log in as your "mastodon" User or log in as root and then change to the "mastodon" user, who runs Mastodon:

  # su - mastodon

Open crontab:

  $ crontab -e

... and add these lines to your crontab:

## opendkim-postfix-chrooted-systemd
If postfix runs in an chrooted environment:

    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    cleanup    unix  n       -       y       -       0       cleanup

... opendkim.sock must be placed into /var/spool/postfix. Postfix won't be able to access the socket otherwise.

## cloud-ubuntu-netplan-secondary-ip-static.md

      
              1 file
            
          
              7 forks
            
          
              10 comments
            
          
              23 stars
            
          
                ThomasLeister
                / cloud-ubuntu-netplan-secondary-ip-static.md
            
            
              Created
              May 25, 2018 08:30
            
              
                Ubuntu netplan config for secondary ip address
              
          
    In case there's already a DHCP config for netplan for the private IP address:
File: /etc/netplan/50-cloud-init.yaml
Contents:
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:


## mastodon-install-jemalloc.txt
### If you set up your Mastodon instance before 9th of June 2018, you probably
### might not have jemalloc active on your Ruby setup. Jemalloc changes the way Ruby
### allocates memory and saves up RAM. On my 140 users instance RAM usage dropped by 300 MB just by using jemalloc.
### This is how to set it up on Debian 9 Stretch:

### As root, install libjemalloc-dev:

  apt install libjemalloc-dev

### Change to mastodon user:

## remove-zfs-auto-snapshot
### Remove all snapshots crteated by the zfs-auto-snapshot tool

zfs list -t snapshot -o name | grep zfs-auto-snap | tac | xargs -n 1 zfs destroy -r

## mastodon-csp-header
(Assuming metalhead.club as instance domain - please adapt to your instance!)

add_header Content-Security-Policy "default-src 'none'; script-src https: 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'self' data:; frame-src 'self' https:; font-src 'self' data:; connect-src 'self' wss://metalhead.club";

Note:
  style-src:  I chose 'unsafe-inline' because there are just too many inline styles in static source code or dynamically
              generated code to cover all cases (Embed dialog, image lightbox, ...). Also styles seem to be dynamic, so
              hashes cannot be generated to allow certain inline styles. :-(


## lxd-grow-zfs-pool-file.txt
According to: "Growing a loop backed ZFS pool" on https://lxd.readthedocs.io/en/latest/storage/

For LXD via Snap package:
- The default pool is located at /var/snap/lxd/common/lxd/disks/default.img
- and is named "default".

### To increase the pool size by 20 GiB do this:

>>> Stop all your containers! <<<

## map-podman-container-user-to-host-user.txt
#
# Use case: Podman should run a build-container.
# The build should be run by a user "builder" with UID 1000 inside the container
# Build artifacts should be shared with the host via a -v Volume.
# To make things easier, artifacts created inside the container should have the user, who started the container, as owner.
# The Container should run in  "rootless" mode.
# Solution: Use --uidmap for user mapping.
#

podman run \
	Put these lines into your server's .bashrc:
	##
	## TMUX auto attach
	##
	if [ -n "$SSH_CLIENT" ] \|\| [ -n "$SSH_TTY" ]; then # if this is an SSH session
	if which tmux >/dev/null 2>&1; then # check if tmux is installed
	if [[ -z "$TMUX" ]] ;then # do not allow "tmux in tmux"
	ID="$( tmux ls \| grep -vm1 attached \| cut -d: -f1 )" # get the id of a deattached session
	if [[ -z "$ID" ]] ;then # if not available create a new one
	tmux new-session
	This is how to automatically delete cached image previews from your Mastodon instance if they are older than 7 days.
	Log in as your "mastodon" User or log in as root and then change to the "mastodon" user, who runs Mastodon:

	# su - mastodon

	Open crontab:

	$ crontab -e

	... and add these lines to your crontab:
	If postfix runs in an chrooted environment:

	# ==========================================================================
	# service type private unpriv chroot wakeup maxproc command + args
	# (yes) (yes) (yes) (never) (100)
	# ==========================================================================
	cleanup unix n - y - 0 cleanup

	... opendkim.sock must be placed into /var/spool/postfix. Postfix won't be able to access the socket otherwise.
	### If you set up your Mastodon instance before 9th of June 2018, you probably
	### might not have jemalloc active on your Ruby setup. Jemalloc changes the way Ruby
	### allocates memory and saves up RAM. On my 140 users instance RAM usage dropped by 300 MB just by using jemalloc.
	### This is how to set it up on Debian 9 Stretch:

	### As root, install libjemalloc-dev:

	apt install libjemalloc-dev

	### Change to mastodon user:
	### Remove all snapshots crteated by the zfs-auto-snapshot tool

	zfs list -t snapshot -o name \| grep zfs-auto-snap \| tac \| xargs -n 1 zfs destroy -r
	According to: "Growing a loop backed ZFS pool" on https://lxd.readthedocs.io/en/latest/storage/

	For LXD via Snap package:
	- The default pool is located at /var/snap/lxd/common/lxd/disks/default.img
	- and is named "default".

	### To increase the pool size by 20 GiB do this:

	>>> Stop all your containers! <<<
	#
	# Use case: Podman should run a build-container.
	# The build should be run by a user "builder" with UID 1000 inside the container
	# Build artifacts should be shared with the host via a -v Volume.
	# To make things easier, artifacts created inside the container should have the user, who started the container, as owner.
	# The Container should run in "rootless" mode.
	# Solution: Use --uidmap for user mapping.
	#

	podman run \