Last active
November 26, 2021 02:01
-
-
Save k9982874/c88ac248a8776899624cbcb94a8d7701 to your computer and use it in GitHub Desktop.
router.home.lan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$PASS" ]; then | |
| echo "Please setup password for the archive" | |
| exit 0 | |
| fi | |
| ROOT=/mnt/data/backups/archives | |
| SOURCE=/mnt/data/workspace | |
| archive () { | |
| NAME=$1 | |
| rm -f $ROOT/$NAME.log | |
| rm -f $ROOT/$NAME.tar.gz | |
| tar --exclude=/lost+found -P --one-file-system --use-compress-program pigz -cvpf - $SOURCE/$NAME 2> $ROOT/$NAME.log | \ | |
| openssl aes-256-cbc -pbkdf2 -out $ROOT/$NAME.tar.gz -pass pass:$PASS | |
| HASH=`md5sum $ROOT/$NAME.tar.gz | awk '{ print $1 }'` | |
| echo "HASH: $HASH" >> $ROOT/$NAME.log | |
| } | |
| archive chuntent | |
| archive kuna | |
| archive ourgame | |
| archive RGGame | |
| archive tynon | |
| archive wmss | |
| archive xunbaola | |
| archive gnues | |
| split -b 10G -d wmss.tar.gz wmss.tar.gz. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -e | |
| # based on https://gist.github.com/corny/7a07f5ac901844bd20c9 | |
| hostname=k9982874.dns.navy | |
| device=ppp0 | |
| token=<YOUR TOKEN> | |
| v4_file=/tmp/${hostname} | |
| [ -e $v4_file ] && old=`cat $v4_file` | |
| if [ -z "$hostname" -o -z "$token" ]; then | |
| echo "Usage: token=<your-authentication-token> $0 your-name.dynv6.net [device]" | |
| exit 1 | |
| fi | |
| if [ -n "$device" ]; then | |
| device="dev $device" | |
| fi | |
| v4_address=$(ip -4 addr list $device | grep "global" | sed -n 's/.*inet \([0-9.]\+\).*/\1/p' | head -n 1); | |
| echo $v4_address | |
| if [ -e /usr/bin/curl ]; then | |
| bin="curl -fsS" | |
| elif [ -e /usr/bin/wget ]; then | |
| bin="wget -O-" | |
| else | |
| echo "neither curl nor wget found" | |
| exit 1 | |
| fi | |
| if [ -z "$v4_address" ]; then | |
| echo "no IPv4 address found" | |
| exit 1 | |
| fi | |
| current=$v4_address | |
| if [ "$old" = "$current" ]; then | |
| # when running via cron we do not need that kind of verbosity. | |
| # echo "IPv4 address unchanged" | |
| exit | |
| fi | |
| echo "new ipv4 address detected ${v4_address}, updating" | |
| # send addresses to dynv6 | |
| $bin "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=$v4_address&token=$token" | |
| # save current address | |
| echo $current > $v4_file |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$RESTIC_REPOSITORY" ]; then | |
| echo "Please specify path for the restic repository" | |
| exit 0 | |
| fi | |
| if [ -z "$RESTIC_PASSWORD" ]; then | |
| echo "Please input password for the archive" | |
| exit 0 | |
| fi | |
| if [ -z "$MYSQL_USER" ]; then | |
| echo "Please specify user for the mysql" | |
| exit 0 | |
| fi | |
| if [ -z "$MYSQL_PASSWORD" ]; then | |
| echo "Please input password for the mysql" | |
| exit 0 | |
| fi | |
| mysqldump --opt --complete-insert --add-drop-database -u$MYSQL_USER -p$MYSQL_PASSWORD --databases gitea | | |
| restic backup --tag="gitea on mysql" --stdin --stdin-filename gitea.sql | |
| restic backup --tag="source code" --exclude="lost+found" --one-file-system /mnt/data/gitea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #*mangle | |
| #:PREROUTING ACCEPT [0:0] | |
| #:INPUT ACCEPT [0:0] | |
| #:FORWARD ACCEPT [0:0] | |
| #:OUTPUT ACCEPT [0:0] | |
| #:POSTROUTING ACCEPT [0:0] | |
| #COMMIT | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| # Keep all established connections | |
| -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| # Allow loopback interface (lo0) and drop all traffic to 127/8 that doesn't use lo0 | |
| -A INPUT -i lo -j ACCEPT | |
| -A OUTPUT -o lo -j ACCEPT | |
| # Drop Invalid Packets | |
| -A INPUT -m conntrack --ctstate INVALID -j DROP | |
| # Allow Established and Related Incoming Connections | |
| -A INPUT -i ppp0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| # Allow Established Outgoing Connections | |
| -A OUTPUT -o ppp0 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Clamp mss to pmtu for pppoe | |
| -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | |
| # Forward internal and external | |
| -A FORWARD -i ppp0 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -i br0 -o ppp0 -j ACCEPT | |
| # Forward for wireguard | |
| -A FORWARD -i ppp0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -i wg0 -o ppp0 -j ACCEPT | |
| # Allow ping and ICMP error returns. | |
| -A INPUT -p icmp -m conntrack --ctstate NEW --icmp-type 8 -j ACCEPT | |
| -A INPUT -p icmp -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| -A OUTPUT -p icmp -j ACCEPT | |
| # Allow ssh | |
| #-A INPUT -i ppp0 -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| #-A OUTPUT -o ppp0 -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow HTTP | |
| -A INPUT -i ppp0 -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow HTTPS | |
| -A INPUT -i ppp0 -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow gost proxy | |
| -A INPUT -i ppp0 -p tcp --dport 8388 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 8388 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow Transmission Port | |
| -A INPUT -i ppp0 -p tcp --dport 51413 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 51413 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow WireGuard port | |
| -A INPUT -i ppp0 -p udp --dport 51820 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p udp --sport 51820 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # ydc | |
| #-A INPUT -i ppp0 -p tcp -m multiport --dport 1896,6881,6882,38894 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| #-A INPUT -i ppp0 -p udp -m multiport --dport 1896,6881,6882,38894 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| #-A OUTPUT -o ppp0 -p tcp -m multiport --sport 1896,6881,6882,38894 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| #-A OUTPUT -o ppp0 -p udp -m multiport --sport 1896,6881,6882,38894 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| #-A INPUT -i ppp0 -p tcp -m multiport --dport 9092 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| #-A OUTPUT -o ppp0 -p tcp -m multiport --sport 9092 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| #-A INPUT -i ppp0 -p tcp --dport 51414 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| #-A OUTPUT -o ppp0 -p tcp --sport 51414 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Drop all other traffic for external | |
| -A INPUT -i ppp0 -j DROP | |
| COMMIT | |
| *nat | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| -A POSTROUTING -o ppp0 -j MASQUERADE | |
| -A PREROUTING -d 127.0.0.1/24 -j RETURN | |
| -A PREROUTING -d 255.255.0.0/8 -j RETURN | |
| -A PREROUTING -d 224.0.0.0/4 -j RETURN | |
| -A PREROUTING -d 192.168.1.0/24 -j RETURN | |
| -A PREROUTING -d 10.8.0.0/24 -j RETURN | |
| # GFW list | |
| -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080 | |
| -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 1080 | |
| # ydc | |
| #-A PREROUTING -p tcp --dport 1896 -j DNAT --to-destination 192.168.1.107:1896 | |
| #-A PREROUTING -p tcp --dport 6881 -j DNAT --to-destination 192.168.1.107:6881 | |
| #-A PREROUTING -p tcp --dport 6882 -j DNAT --to-destination 192.168.1.107:6882 | |
| #-A PREROUTING -p tcp --dport 38894 -j DNAT --to-destination 192.168.1.107:38894 | |
| COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PPPD_PID=$(/usr/bin/pidof pppd) | |
| kill -s HUP $PPPD_PID |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BACKUP_FILE=$1 | |
| RESTORE_PATH=$2 | |
| restore () { | |
| START_AT=`date +%s` | |
| openssl aes-256-cbc -d -pbkdf2 -in $BACKUP_FILE -pass pass:$1 | tar -xvp --use-compress-program pigz -C $RESTORE_PATH --numeric-owner | |
| END_AT=`date +%s` | |
| echo "Done. $((END_AT-START_AT)) seconds elapsed." | |
| } | |
| if [ -z "$BACKUP_FILE" -o -z "$RESTORE_PATH" ]; then | |
| echo "Usage: system-restore <BACKUP FILE> <PATH TO RESTORE>" | |
| exit 1 | |
| fi | |
| if [ ! -f "$BACKUP_FILE" ]; then | |
| echo "Specified backup file does not exist" | |
| exit 1 | |
| fi | |
| if [ ! -d "$RESTORE_PATH" ]; then | |
| echo "Specified path does not exist" | |
| exit 1 | |
| fi | |
| echo "Please enter your password" | |
| stty -echo | |
| read PASS | |
| stty echo | |
| echo "Do you wish to restore $BACKUP_FILE to $RESTORE_PATH?" | |
| select yn in "Yes" "No"; do | |
| case $yn in | |
| Yes ) restore $PASS; break;; | |
| * ) exit;; | |
| esac | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$RESTIC_REPOSITORY" ]; then | |
| echo "Please specify path for the restic repository" | |
| exit 0 | |
| fi | |
| if [ -z "$RESTIC_PASSWORD" ]; then | |
| echo "Please input password for the archive" | |
| exit 0 | |
| fi | |
| restic backup \ | |
| --exclude="/proc" \ | |
| --exclude="/tmp" \ | |
| --exclude="/mnt" \ | |
| --exclude="/dev" \ | |
| --exclude="/sys" \ | |
| --exclude="/run" \ | |
| --exclude="/media" \ | |
| --exclude="/var/log" \ | |
| --exclude="/var/cache" \ | |
| --exclude="lost+found" \ | |
| --exclude="*.sock" \ | |
| --one-file-system \ | |
| / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$RESTIC_REPOSITORY" ]; then | |
| echo "Please specify path for the restic repository" | |
| exit 0 | |
| fi | |
| if [ -z "$RESTIC_PASSWORD" ]; then | |
| echo "Please input password for the archive" | |
| exit 0 | |
| fi | |
| if [ -z "$MYSQL_USER" ]; then | |
| echo "Please specify user for the mysql" | |
| exit 0 | |
| fi | |
| if [ -z "$MYSQL_PASSWORD" ]; then | |
| echo "Please input password for the mysql" | |
| exit 0 | |
| fi | |
| mysqldump --opt --complete-insert --add-drop-database -u$MYSQL_USER -p$MYSQL_PASSWORD --databases nextcloud | | |
| restic backup --tag="nextcloud on mysql" --stdin --stdin-filename nextcloud.sql | |
| restic backup --tag="website" --exclude="lost+found" --one-file-system /mnt/data/web |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment