jult

#!/bin/sh

# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
   exit 1
fi

## Reconfigure Dash
echo "dash dash/sh boolean false" | debconf-set-selections

jult

kernel.core_uses_pid = 1
kernel.domainname = your_local_domain_name
kernel.msgmax = 65535
kernel.msgmnb = 65535
kernel.pid_max = 65535
kernel.printk = 2 3 1 2
kernel.randomize_va_space = 2
kernel.shmall = 268435456
kernel.shmmax = 268435456
kernel.sysrq = 0

jult

protocols = imap pop3
auth_mechanisms = plain login
auth_cache_size = 24 M
auth_cache_ttl = 18 hours
disable_plaintext_auth = no
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
log_path = /var/log/dovecot.log
login_greeting = encrypted ready.
postmaster_address = julius@encrypted.net

jult

#!/bin/bash
## Filesystem ext4
## Run as root

# Check if user has root privileges
if [[ $EUID -ne 0 ]]; then
echo "You must run the script as root or using sudo"
   exit 1
fi

jult

#!/bin/bash
## Install ISPConfig + NGINX + PHP 7.1 on Debian 9 x64 (Stretch)
## Filesystem ext4
## Run as root

## Based on: https://www.howtoforge.com/tutorial/perfect-server-debian-jessie-nginx-bind-dovecot-ispconfig-3.1/
## and: https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/
## ! For Postfix config see https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/

# Check if user has root privileges

jult

#!/bin/sh

echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo noop > /sys/block/vda/queue/scheduler
echo 0 > /sys/block/vda/queue/rotational
echo 0 > /sys/block/vda/queue/rq_affinity
echo 9000 > /proc/sys/vm/dirty_expire_centisecs
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs

ethtool --offload ens3 tx-checksum-ip-generic off

jult

# version 2020 feb 24

ssl_certificate /etc/letsencrypt/live/yardomain.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yardomain.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/yardomain.org/chain.pem;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

jult

// .stglobalignore

// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc.
// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment!
// *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced.
// Ignores are case sensitive.
// Put both .stignore and this .stglobalignore in the root of your sync folder(s) (where .stfolder resides)

$RECYCLE.BIN
$WINDOWS.~BT

jult

# this is most of my /etc/postfix/main.cf file:

inet_protocols = all
inet_interfaces = all
recipient_delimiter = +

smtpd_banner = Blah ESMTP

empty_address_recipient = admin

jult

#!/bin/bash
IP_TMP=/tmp/ip.tmp
IP_BLACKLIST=/etc/ip-blacklist.conf
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional
list="chinese nigerian russian lacnic exploited-servers"
BLACKLISTS=(
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs
# "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1"  # TOR Exit Nodes, who would refuse those accessing your server?
# "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies