Julius Thyssen jult

## nc_update.sh
#!/bin/bash

find /etc -type f -name "php.ini" -exec sed -i 's/output_buffering/;output_buffering/g' {} +
sudo -u www-data sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
sudo -u www-data php /var/www/nextcloud/occ app:disable survey_client
sudo -u www-data php /var/www/nextcloud/occ app:disable firstrunwizard
sudo -u www-data php /var/www/nextcloud/occ app:enable admin_audit
sudo -u www-data php /var/www/nextcloud/occ app:enable files_pdfviewer
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
nohup chown -R www-data:www-data /var/www/nextcloud &

## CORS
if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #

## no_apache.sh
#!/bin/bash

apt purge apache2 apache2-bin apache2-data apache2-utils -y
apt clean all -y
apt update && apt upgrade && apt autoremove -y
apt-mark hold apache2 apache2-bin apache2-data apache2-utils

exit 0

## https_only
# To have port 80 requests go to their 443 equivalents for an entire webserver, put this file in /etc/nginx/conf.d/
# Note that to specify the catch-all name or default server you
# need to use the *listen* directive, not the server_name directive!
# See also https://nginx.org/en/docs/http/request_processing.html
#
# - $host catches subdomain names.
# - 307 and 308 include both POST and GET request URIs.
# - 307 is Temporary, change to the Permanent 308 after thorough testing: # return 308 https://$host$request_uri;

server {

## jult.ini
#  Being unsatisfied with the look of mc in console/terminal windows, I made this for my own use.
#  Version 3.7, subject to change over the years.. <j@jult.nl>

#   I N S T A L L

#   Put this file (jult.ini) in either of these skin-directories:

#    /etc/mc/skins/
#    /usr/share/mc/skins/
#   ~/.local/share/mc/skins/

## %userprofile%\AppData\Roaming\youtube-dl\config.txt
--no-mtime
--no-call-home
--ignore-errors
-f "bestvideo[height>=1080]+251/bestvideo[height>=1080]+bestaudio/bestvideo[height>=720]+251/bestvideo[height>=720]+bestaudio/137+bestaudio/136+bestaudio/bestvideo+bestaudio"

#  Note that I output to an MKV container, despite the fact that shitty devices will not play some files
#  or still don't support Opus, it *is* the highest quality available: http://opus-codec.org/comparison/
#
#  I use Daum Potplayer, which plays them all perfectly fine: https://www.videohelp.com/software/PotPlayer
#

## jbt-rules.cf
# Put this file under /etc/spamassassin/ and run an sa-update or reload amavis etc.
#
# I used https://github.com/ercpe/ercpe-sa-rules/blob/master/ercpe-rules.cf as an example;

#--------------------------------------------------
# top level domain matching
#--------------------------------------------------
header SPAMMY_TLD_IN_RCVD Received =~ /(\.net\.ae|\.net\.id|\.ro|\.ru|\.co\.jp|\.co\.ke|\.AC\.ZA|\.co\.in|\.com\.vn|\.vn|\.cc|\.cu\.ua|\.com\.br|\.gr|\.hr|\.dk|\.win|\.bid|\.tw|\.br|\.pk|\.top|\.club|\.date|\.stream|\.xyz)\s/i
score SPAMMY_TLD_IN_RCVD 0.5
describe SPAMMY_TLD_IN_RCVD Spammy TLD used in Received line

## certbot_cloudflare_dns.sh
#!/bin/sh

# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
   exit 1
fi

## Reconfigure Dash
echo "dash dash/sh boolean false" | debconf-set-selections

## sysctl.conf
kernel.core_uses_pid = 1
kernel.domainname = your-rdns-FQDN.here
kernel.msgmax = 65535
kernel.msgmnb = 65535
kernel.pid_max = 65535
kernel.printk = 2 3 1 2
kernel.randomize_va_space = 2
kernel.shmall = 268435456
kernel.shmmax = 268435456
kernel.sysrq = 0

## dovecot.conf
protocols = imap pop3
auth_mechanisms = plain login
auth_cache_size = 24 M
auth_cache_ttl = 18 hours
disable_plaintext_auth = no
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
log_path = /var/log/dovecot.log
login_greeting = encrypted ready.
postmaster_address = julius@encrypted.net
	#!/bin/bash

	find /etc -type f -name "php.ini" -exec sed -i 's/output_buffering/;output_buffering/g' {} +
	sudo -u www-data sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
	sudo -u www-data php /var/www/nextcloud/occ app:disable survey_client
	sudo -u www-data php /var/www/nextcloud/occ app:disable firstrunwizard
	sudo -u www-data php /var/www/nextcloud/occ app:enable admin_audit
	sudo -u www-data php /var/www/nextcloud/occ app:enable files_pdfviewer
	sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --on
	nohup chown -R www-data:www-data /var/www/nextcloud &
	if ($request_method = 'OPTIONS') {
	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
	#
	# Custom headers and headers various browsers should be OK with but aren't
	#
	add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
	#
	# Tell client that this pre-flight info is valid for 20 days
	#
	#!/bin/bash

	apt purge apache2 apache2-bin apache2-data apache2-utils -y
	apt clean all -y
	apt update && apt upgrade && apt autoremove -y
	apt-mark hold apache2 apache2-bin apache2-data apache2-utils

	exit 0
	# To have port 80 requests go to their 443 equivalents for an entire webserver, put this file in /etc/nginx/conf.d/
	# Note that to specify the catch-all name or default server you
	# need to use the listen directive, not the server_name directive!
	# See also https://nginx.org/en/docs/http/request_processing.html
	#
	# - $host catches subdomain names.
	# - 307 and 308 include both POST and GET request URIs.
	# - 307 is Temporary, change to the Permanent 308 after thorough testing: # return 308 https://$host$request_uri;

	server {
	# Being unsatisfied with the look of mc in console/terminal windows, I made this for my own use.
	# Version 3.7, subject to change over the years.. <j@jult.nl>

	# I N S T A L L

	# Put this file (jult.ini) in either of these skin-directories:

	# /etc/mc/skins/
	# /usr/share/mc/skins/
	# ~/.local/share/mc/skins/
	--no-mtime
	--no-call-home
	--ignore-errors
	-f "bestvideo[height>=1080]+251/bestvideo[height>=1080]+bestaudio/bestvideo[height>=720]+251/bestvideo[height>=720]+bestaudio/137+bestaudio/136+bestaudio/bestvideo+bestaudio"

	# Note that I output to an MKV container, despite the fact that shitty devices will not play some files
	# or still don't support Opus, it is the highest quality available: http://opus-codec.org/comparison/
	#
	# I use Daum Potplayer, which plays them all perfectly fine: https://www.videohelp.com/software/PotPlayer
	#
	# Put this file under /etc/spamassassin/ and run an sa-update or reload amavis etc.
	#
	# I used https://github.com/ercpe/ercpe-sa-rules/blob/master/ercpe-rules.cf as an example;

	#--------------------------------------------------
	# top level domain matching
	#--------------------------------------------------
	header SPAMMY_TLD_IN_RCVD Received =~ /(\.net\.ae\|\.net\.id\|\.ro\|\.ru\|\.co\.jp\|\.co\.ke\|\.AC\.ZA\|\.co\.in\|\.com\.vn\|\.vn\|\.cc\|\.cu\.ua\|\.com\.br\|\.gr\|\.hr\|\.dk\|\.win\|\.bid\|\.tw\|\.br\|\.pk\|\.top\|\.club\|\.date\|\.stream\|\.xyz)\s/i
	score SPAMMY_TLD_IN_RCVD 0.5
	describe SPAMMY_TLD_IN_RCVD Spammy TLD used in Received line
	#!/bin/sh

	# Check if user has root privileges
	if [[ $EUID -ne 0 ]]; then
	echo "You must run the script as root or using sudo"
	exit 1
	fi

	## Reconfigure Dash
	echo "dash dash/sh boolean false" \| debconf-set-selections
	kernel.core_uses_pid = 1
	kernel.domainname = your-rdns-FQDN.here
	kernel.msgmax = 65535
	kernel.msgmnb = 65535
	kernel.pid_max = 65535
	kernel.printk = 2 3 1 2
	kernel.randomize_va_space = 2
	kernel.shmall = 268435456
	kernel.shmmax = 268435456
	kernel.sysrq = 0
	protocols = imap pop3
	auth_mechanisms = plain login
	auth_cache_size = 24 M
	auth_cache_ttl = 18 hours
	disable_plaintext_auth = no
	listen = *,[::]
	log_timestamp = "%Y-%m-%d %H:%M:%S "
	log_path = /var/log/dovecot.log
	login_greeting = encrypted ready.
	postmaster_address = julius@encrypted.net