Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Julius Thyssen jult

🏠
Working from home
View GitHub Profile
@jult
jult / CORS
Last active Sep 3, 2020
NGINX config for pi-hole
View CORS
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
@jult
jult / no_apache.sh
Created Jan 8, 2020
kick apache off my debian+nginx server
View no_apache.sh
#!/bin/bash
apt purge apache2 apache2-bin apache2-data apache2-utils -y
apt clean all -y
apt update && apt upgrade && apt autoremove -y
apt-mark hold apache2 apache2-bin apache2-data apache2-utils
exit 0
@jult
jult / https_only
Last active Dec 16, 2019
[NGINX] Redirect all hostnames and requests from http to https serverwide
View https_only
# To have port 80 requests go to their 443 equivalents for an entire webserver, put this file in /etc/nginx/conf.d/
# Note that to specify the catch-all name or default server you
# need to use the *listen* directive, not the server_name directive!
# See also https://nginx.org/en/docs/http/request_processing.html
#
# - $host catches subdomain names.
# - 307 and 308 include both POST and GET request URIs.
# - 307 is Temporary, change to the Permanent 308 after thorough testing: # return 308 https://$host$request_uri;
server {
@jult
jult / jult.ini
Last active Sep 18, 2019
Dark Forest skin for Midnight Commander ( dark mc colors theme with sufficient contrast )
View jult.ini
# Being unsatisfied with the look of mc in console/terminal windows, I made this for my own use.
# Version 3.7, subject to change over the years.. <j@jult.nl>
# I N S T A L L
# Put this file (jult.ini) in either of these skin-directories:
# /etc/mc/skins/
# /usr/share/mc/skins/
# ~/.local/share/mc/skins/
@jult
jult / %userprofile%\AppData\Roaming\youtube-dl\config.txt
Last active Jul 18, 2018
[ youtube-dl ] My most succesful config for all-round best codecs and quality
View %userprofile%\AppData\Roaming\youtube-dl\config.txt
--no-mtime
--no-call-home
--ignore-errors
-f "bestvideo[height>=1080]+251/bestvideo[height>=1080]+bestaudio/bestvideo[height>=720]+251/bestvideo[height>=720]+bestaudio/137+bestaudio/136+bestaudio/bestvideo+bestaudio"
# Note that I output to an MKV container, despite the fact that shitty devices will not play some files
# or still don't support Opus, it *is* the highest quality available: http://opus-codec.org/comparison/
#
# I use Daum Potplayer, which plays them all perfectly fine: https://www.videohelp.com/software/PotPlayer
#
@jult
jult / jbt-rules.cf
Last active Oct 13, 2020
SpamAssassin rules
View jbt-rules.cf
# Put this file under /etc/spamassassin/ and run an sa-update or reload amavis etc.
#
# I used https://github.com/ercpe/ercpe-sa-rules/blob/master/ercpe-rules.cf as an example;
#--------------------------------------------------
# top level domain matching
#--------------------------------------------------
header SPAMMY_TLD_IN_RCVD Received =~ /(\.net\.ae|\.net\.id|\.ro|\.ru|\.co\.jp|\.co\.ke|\.AC\.ZA|\.co\.in|\.com\.vn|\.vn|\.cc|\.cu\.ua|\.com\.br|\.gr|\.hr|\.dk|\.win|\.bid|\.tw|\.br|\.pk|\.top|\.club|\.date|\.stream|\.xyz)\s/i
score SPAMMY_TLD_IN_RCVD 0.5
describe SPAMMY_TLD_IN_RCVD Spammy TLD used in Received line
@jult
jult / certbot_cloudflare_dns.sh
Last active Jun 22, 2020
script to install latest certbot with cloudflare dns-01 challenge plugin (for debian 9/stretch)
View certbot_cloudflare_dns.sh
#!/bin/sh
# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
exit 1
fi
## Reconfigure Dash
echo "dash dash/sh boolean false" | debconf-set-selections
@jult
jult / sysctl.conf
Last active Jan 11, 2020
sysctl config for linux server(s) with 8 GB DDR4 RAM or more, SSD and 1Gbps (or faster) NIC
View sysctl.conf
kernel.core_uses_pid = 1
kernel.domainname = your-rdns-FQDN.here
kernel.msgmax = 65535
kernel.msgmnb = 65535
kernel.pid_max = 65535
kernel.printk = 2 3 1 2
kernel.randomize_va_space = 2
kernel.shmall = 268435456
kernel.shmmax = 268435456
kernel.sysrq = 0
@jult
jult / dovecot.conf
Last active Mar 24, 2018
dovecot.conf for debian 9 with CLucene FTS
View dovecot.conf
protocols = imap pop3
auth_mechanisms = plain login
auth_cache_size = 24 M
auth_cache_ttl = 18 hours
disable_plaintext_auth = no
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
log_path = /var/log/dovecot.log
login_greeting = encrypted ready.
postmaster_address = julius@encrypted.net
@jult
jult / install_core_for_deb9.sh
Last active Mar 31, 2018
Base install over debian 9 x64 minimal server, with certbot, webmin, csf&lfd and fail2ban
View install_core_for_deb9.sh
#!/bin/bash
## Filesystem ext4
## Run as root
# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
exit 1
fi
You can’t perform that action at this time.