This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Check if user has root privileges | |
if [[ $EUID -ne 0 ]]; then | |
echo "You must run the script as root or using sudo" | |
exit 1 | |
fi | |
## Reconfigure Dash | |
echo "dash dash/sh boolean false" | debconf-set-selections |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kernel.core_uses_pid = 1 | |
kernel.domainname = your_local_domain_name | |
kernel.msgmax = 65535 | |
kernel.msgmnb = 65535 | |
kernel.pid_max = 65535 | |
kernel.printk = 2 3 1 2 | |
kernel.randomize_va_space = 2 | |
kernel.shmall = 268435456 | |
kernel.shmmax = 268435456 | |
kernel.sysrq = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
protocols = imap pop3 | |
auth_mechanisms = plain login | |
auth_cache_size = 24 M | |
auth_cache_ttl = 18 hours | |
disable_plaintext_auth = no | |
listen = *,[::] | |
log_timestamp = "%Y-%m-%d %H:%M:%S " | |
log_path = /var/log/dovecot.log | |
login_greeting = encrypted ready. | |
postmaster_address = julius@encrypted.net |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Filesystem ext4 | |
## Run as root | |
# Check if user has root privileges | |
if [[ $EUID -ne 0 ]]; then | |
echo "You must run the script as root or using sudo" | |
exit 1 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## Install ISPConfig + NGINX + PHP 7.1 on Debian 9 x64 (Stretch) | |
## Filesystem ext4 | |
## Run as root | |
## Based on: https://www.howtoforge.com/tutorial/perfect-server-debian-jessie-nginx-bind-dovecot-ispconfig-3.1/ | |
## and: https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/ | |
## ! For Postfix config see https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/ | |
# Check if user has root privileges |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
echo never > /sys/kernel/mm/transparent_hugepage/enabled | |
echo noop > /sys/block/vda/queue/scheduler | |
echo 0 > /sys/block/vda/queue/rotational | |
echo 0 > /sys/block/vda/queue/rq_affinity | |
echo 9000 > /proc/sys/vm/dirty_expire_centisecs | |
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs | |
ethtool --offload ens3 tx-checksum-ip-generic off |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# version 2020 feb 24 | |
ssl_certificate /etc/letsencrypt/live/yardomain.org/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/yardomain.org/privkey.pem; | |
ssl_trusted_certificate /etc/letsencrypt/live/yardomain.org/chain.pem; | |
ssl_protocols TLSv1.2 TLSv1.3; | |
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
ssl_prefer_server_ciphers off; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// .stglobalignore | |
// These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc. | |
// Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment! | |
// *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced. | |
// Ignores are case sensitive. | |
// Put both .stignore and this .stglobalignore in the root of your sync folder(s) (where .stfolder resides) | |
$RECYCLE.BIN | |
$WINDOWS.~BT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this is most of my /etc/postfix/main.cf file: | |
inet_protocols = all | |
inet_interfaces = all | |
recipient_delimiter = + | |
smtpd_banner = Blah ESMTP | |
empty_address_recipient = admin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
IP_TMP=/tmp/ip.tmp | |
IP_BLACKLIST=/etc/ip-blacklist.conf | |
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp | |
IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional | |
list="chinese nigerian russian lacnic exploited-servers" | |
BLACKLISTS=( | |
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs | |
# "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes, who would refuse those accessing your server? | |
# "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies |