Julius Thyssen jult

## jbt-rules.cf
# Put this file under /etc/spamassassin/ and run an sa-update or reload amavis etc.
#
#--------------------------------------------------
# The only RBL I trust, UCEPROTECT1 (single IP, not IP-ranges or entire ISPs) http://uceprotect.net
#--------------------------------------------------
header          RCVD_IN_UCEPROTECT1     eval:check_rbl_txt('uceprotect1', 'dnsbl-1.uceprotect.net')
describe        RCVD_IN_UCEPROTECT1     Listed in dnsbl-1.uceprotect.net
tflags          RCVD_IN_UCEPROTECT1     net
score           RCVD_IN_UCEPROTECT1     1.8

## blockpeers.sh
#!/bin/sh

# This script runs every other night at 04:56 CET on a webserver I maintain
# Results are always at: https://jult.net/block.txt ( or https://jult.net/block.txt.gz )
# And much smaller, stripped of BS; https://jult.net/bloc.txt
# For use in Tixati IP filter: https://jult.net/bloc.txt.gz !!!
# And finally a txt file with just the bold IP-ranges: https://jult.net/bl.txt (or https://jult.net/bl.txt.gz )

# Download open block-lists, unpack, filter:
curl -s https://www.iblocklist.com/lists.php | grep -A 2 Bluetack | xargs wget -qO - --limit-rate=500k | gunzip -f | egrep -v '^#' > /tmp/xbp

## .stglobalignore
// .stglobalignore

// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc.
// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment!
// *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced.
// Ignores are case sensitive.
// Put both .stignore and this .stglobalignore in the root of your sync folder(s) (where .stfolder resides)

$RECYCLE.BIN
$WINDOWS.~BT

## sysctl.conf
kernel.core_uses_pid = 1
kernel.domainname = your_local_domain_name
kernel.msgmax = 65535
kernel.msgmnb = 65535
kernel.pid_max = 65535
kernel.printk = 2 3 1 2
kernel.randomize_va_space = 2
kernel.shmall = 268435456
kernel.shmmax = 268435456
kernel.sysrq = 0

## handy.txt


apt install rsyslog curl wget mc gpg htop multitail chrony nginx php-fpm rsync php-sqlite3 dnsutils unzip libio-socket-ssl-perl libcrypt-ssleay-perl git perl iptables libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl ipset libwww-perl lsb-release  bash debhelper apt-transport-https rsync ssh openssh-server git autoconf automake libtool build-essential flex bison software-properties-common dirmngr sudo

curl -sSL https://install.pi-hole.net | bash

apt install unbound

wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints

## %userprofile%\AppData\Roaming\youtube-dl\config.txt
--no-mtime
--no-call-home
# --ignore-errors

-f "bestvideo[height>=1080]+251/bestvideo[height>=1080]+bestaudio/bestvideo[height>=720]+251/bestvideo[height>=720]+bestaudio/137+bestaudio/136+bestaudio/bestvideo+bestaudio"
#  Note that I output to an MKV container, despite the fact that shitty devices will not play some files
#  or still don't support Opus, it *is* the highest quality available: http://opus-codec.org/comparison/
--merge-output-format mkv

# If you need Mac compatible MP4 uncomment the following two lines instead of the ones above. It's usually a step under max quality, but this yields true mp4 files:

## killadobe.sh
#!/bin/bash

echo "\n\n--- Killing Stupid Adobe Auto Load Crap ---\n\n"

launchctl unload -w /Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist
launchctl unload -w /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

echo "\n\n--- Done! ---\n\n"

## rc.local
#!/bin/sh

echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo noop > /sys/block/vda/queue/scheduler
echo 0 > /sys/block/vda/queue/rotational
echo 0 > /sys/block/vda/queue/rq_affinity
echo 9000 > /proc/sys/vm/dirty_expire_centisecs
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs

ethtool --offload ens3 tx-checksum-ip-generic off

## whitelistcat.sh
#!/bin/bash

wget -qO - --limit-rate=1500k https://dbl.oisd.nl/whitelist2.txt > /tmp/white
sleep 2
wget -qO - --limit-rate=1500k https://www.technoy.de/lists/whitelist.txt >> /tmp/white
sleep 2
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/raghavdua1995/DNSlock-PiHole-whitelist/master/whitelist.list >> /tmp/white
sleep 2
wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/referral-sites.txt >> /tmp/white
sleep 2

## no_apache.sh
#!/bin/bash

apt purge apache2 apache2-bin apache2-data apache2-utils -y
apt clean all -y
apt update && apt upgrade && apt autoremove -y
apt-mark hold apache2 apache2-bin apache2-data apache2-utils

exit 0
	# Put this file under /etc/spamassassin/ and run an sa-update or reload amavis etc.
	#
	#--------------------------------------------------
	# The only RBL I trust, UCEPROTECT1 (single IP, not IP-ranges or entire ISPs) http://uceprotect.net
	#--------------------------------------------------
	header RCVD_IN_UCEPROTECT1 eval:check_rbl_txt('uceprotect1', 'dnsbl-1.uceprotect.net')
	describe RCVD_IN_UCEPROTECT1 Listed in dnsbl-1.uceprotect.net
	tflags RCVD_IN_UCEPROTECT1 net
	score RCVD_IN_UCEPROTECT1 1.8
	#!/bin/sh

	# This script runs every other night at 04:56 CET on a webserver I maintain
	# Results are always at: https://jult.net/block.txt ( or https://jult.net/block.txt.gz )
	# And much smaller, stripped of BS; https://jult.net/bloc.txt
	# For use in Tixati IP filter: https://jult.net/bloc.txt.gz !!!
	# And finally a txt file with just the bold IP-ranges: https://jult.net/bl.txt (or https://jult.net/bl.txt.gz )

	# Download open block-lists, unpack, filter:
	curl -s https://www.iblocklist.com/lists.php \| grep -A 2 Bluetack \| xargs wget -qO - --limit-rate=500k \| gunzip -f \| egrep -v '^#' > /tmp/xbp
	// .stglobalignore

	// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc.
	// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment!
	// .log and cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced.
	// Ignores are case sensitive.
	// Put both .stignore and this .stglobalignore in the root of your sync folder(s) (where .stfolder resides)

	$RECYCLE.BIN
	$WINDOWS.~BT
	kernel.core_uses_pid = 1
	kernel.domainname = your_local_domain_name
	kernel.msgmax = 65535
	kernel.msgmnb = 65535
	kernel.pid_max = 65535
	kernel.printk = 2 3 1 2
	kernel.randomize_va_space = 2
	kernel.shmall = 268435456
	kernel.shmmax = 268435456
	kernel.sysrq = 0



	apt install rsyslog curl wget mc gpg htop multitail chrony nginx php-fpm rsync php-sqlite3 dnsutils unzip libio-socket-ssl-perl libcrypt-ssleay-perl git perl iptables libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl ipset libwww-perl lsb-release bash debhelper apt-transport-https rsync ssh openssh-server git autoconf automake libtool build-essential flex bison software-properties-common dirmngr sudo

	curl -sSL https://install.pi-hole.net \| bash

	apt install unbound

	wget https://www.internic.net/domain/named.root -qO- \| sudo tee /var/lib/unbound/root.hints
	--no-mtime
	--no-call-home
	# --ignore-errors

	-f "bestvideo[height>=1080]+251/bestvideo[height>=1080]+bestaudio/bestvideo[height>=720]+251/bestvideo[height>=720]+bestaudio/137+bestaudio/136+bestaudio/bestvideo+bestaudio"
	# Note that I output to an MKV container, despite the fact that shitty devices will not play some files
	# or still don't support Opus, it is the highest quality available: http://opus-codec.org/comparison/
	--merge-output-format mkv

	# If you need Mac compatible MP4 uncomment the following two lines instead of the ones above. It's usually a step under max quality, but this yields true mp4 files:
	#!/bin/bash

	echo "\n\n--- Killing Stupid Adobe Auto Load Crap ---\n\n"

	launchctl unload -w /Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist
	launchctl unload -w /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

	echo "\n\n--- Done! ---\n\n"
	#!/bin/sh

	echo never > /sys/kernel/mm/transparent_hugepage/enabled
	echo noop > /sys/block/vda/queue/scheduler
	echo 0 > /sys/block/vda/queue/rotational
	echo 0 > /sys/block/vda/queue/rq_affinity
	echo 9000 > /proc/sys/vm/dirty_expire_centisecs
	echo 9000 > /proc/sys/vm/dirty_writeback_centisecs

	ethtool --offload ens3 tx-checksum-ip-generic off
	#!/bin/bash

	wget -qO - --limit-rate=1500k https://dbl.oisd.nl/whitelist2.txt > /tmp/white
	sleep 2
	wget -qO - --limit-rate=1500k https://www.technoy.de/lists/whitelist.txt >> /tmp/white
	sleep 2
	wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/raghavdua1995/DNSlock-PiHole-whitelist/master/whitelist.list >> /tmp/white
	sleep 2
	wget -qO - --limit-rate=1500k https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/referral-sites.txt >> /tmp/white
	sleep 2
	#!/bin/bash

	apt purge apache2 apache2-bin apache2-data apache2-utils -y
	apt clean all -y
	apt update && apt upgrade && apt autoremove -y
	apt-mark hold apache2 apache2-bin apache2-data apache2-utils

	exit 0