Skip to content

Instantly share code, notes, and snippets.


Tristor Tristor

View GitHub Profile
Tristor / 06-kids.conf
Created Dec 15, 2020
Force Pi-Hole SafeSearch
View 06-kids.conf
# This DNSMasq configuration forces restrictions to be enabled for YouTube, Bing, and Google Search
# for more information see:
# or see:
# Put this file in /etc/dnsmasq.d/
## YouTube,,,,
Tristor / matrix-synapse.conf
Created Feb 23, 2017
Nginx reverse-proxy config for Matrix Synapse server
View matrix-synapse.conf
server {
listen 80;
listen [::]:80;
location '/.well-known/acme-challenge' {
default_type "text/plain";
allow all;
root /var/www/;
Tristor / certbot.conf
Created Feb 23, 2017
Nginx temporary configuration for CertBot webroot verification
View certbot.conf
server {
listen 80;
server_name localhost;
location / {
root /var/www/;
index index.html index.htm;
location '/.well-known/acme-challenge' {
Tristor / pf.conf
Created Feb 21, 2017
PF configuration for TURN server on DO
View pf.conf
# vim: set ft=pf
# /etc/pf.conf
ext_if = "vtnet0"
# These macros define the ports we let in and out.
webports = "{http, https}"
needout = "{ssh, domain, ntp, www, https, git, ftp}"
turn = "{3478}"
turns = "{5349}"
Tristor / client.ovpn
Last active May 6, 2016
A stub client configuration for OpenVPN
View client.ovpn
# This configuration is for $CN
#viscosity dns full
#viscosity usepeerdns true
#viscosity dhcp true
dev tun
proto udp
remote 1194
Tristor / server.conf
Last active Sep 14, 2018
OpenVPN server.conf
View server.conf
# Basic Connection Config
dev tun
proto udp
port 1194
keepalive 10 120
max-clients 5
# Certs
ca ca.crt
cert server.crt
Tristor /
Last active Sep 15, 2022
Simple IPtables script for an OpenVPN server
# Flushing all rules
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Tristor / tweaks
Last active Dec 7, 2017
OSX Dev Tweaks
View tweaks
sudo nvram SystemAudioVolume=" "
defaults write reduceTransparency -bool true
for domain in ~/Library/Preferences/ByHost/*; do
defaults write "${domain}" dontAutoLoad -array \
"/System/Library/CoreServices/Menu Extras/" \
"/System/Library/CoreServices/Menu Extras/" \
"/System/Library/CoreServices/Menu Extras/"
defaults write menuExtras -array \
"/System/Library/CoreServices/Menu Extras/" \
Tristor / sshd_config
Last active Aug 23, 2020
Hardened SSH Server Config 03/2016
View sshd_config
# TCP port to bind to
# Change to a high/odd port if this server is exposed to the internet directly
Port 22
# Bind to all interfaces (change to specific interface if needed)
# Force SSHv2 Protocol
Protocol 2

Keybase proof

I hereby claim:

  • I am tristor on github.
  • I am tristor ( on keybase.
  • I have a public key whose fingerprint is 26B4 1281 A0AA 61EE 2CFD 47FA 1915 97E1 CB67 6F29

To claim this, I am signing this object: