Matt Faraday mattfaraday
mattfaraday
/ rules.v4
Created
October 27, 2025 23:11
A simple IPTables persistent ruleset for a VPS that has a wireguard VPN
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| :INPUT DROP [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| # Allow loopback | |
| -A INPUT -i lo -j ACCEPT | |
| # Allow traffic from my trusted static IPs | |
| -A INPUT -s 1.2.3.4/32 -j ACCEPT |
mattfaraday
/ nginx_secure_proxy_autorenew_cert.conf
Last active
October 27, 2025 23:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # =================================================================================== | |
| # A production ready secure NginX Reverse Proxy config with Zero-Downtime SSL Renewal | |
| # =================================================================================== | |
| # | |
| # This can be used to proxy to an app server, while also handling automatic cert renewals with an external script | |
| # It uses only high security but still compatible ciphers/settings | |
| # | |
| # Create a dhparam file | |
| # openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 |
mattfaraday
/ letsencrypt_helper.sh
Created
October 27, 2025 22:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Nginx, behind IPTables firewall, with auomatic certificate issue,renew | |
| # | |
| # You need to proxy to the certbot in your nginx config | |
| # Example | |
| # location /.well-known/acme-challenge/ { | |
| # proxy_pass http://127.0.0.1:8080; | |
| #}1 | |
| # This script can be run on a production server |
mattfaraday
/ gist:38d75333410d028f222610ee3ddb7959
Created
October 21, 2025 16:59
Remove datadog from an ubuntu (maybe debian too?) system. Ensure that its all gone, agent, config, user, data .. all of it. In one line.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| systemctl stop datadog-agent 2>/dev/null || true; dpkg --configure -a >/dev/null 2>&1 || true; apt-get install -f -y >/dev/null 2>&1 || true; dpkg --remove --force-remove-reinstreq datadog-agent >/dev/null 2>&1 || true; apt-get remove --purge -y datadog-agent >/dev/null 2>&1 || true; rm -f /var/lib/dpkg/info/datadog-agent.* 2>/dev/null || true; rm -rf /opt/datadog-agent /etc/datadog-agent /var/log/datadog /var/run/datadog /var/lib/datadog-agent 2>/dev/null || true; userdel dd-agent >/dev/null 2>&1 || true; apt-get autoremove -y >/dev/null 2>&1 || true; apt-get autoclean -y >/dev/null 2>&1 || true; if ! dpkg -l | grep -q datadog-agent; then echo "✅ Datadog fully removed"; else echo "⚠️ Datadog may still be partially installed"; fi |