This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/sbin/nft -f | |
# see also: | |
# https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks | |
# https://docs.kernel.org/networking/tproxy.html | |
# https://powerdns.org/tproxydoc/tproxy.md.html | |
# http://git.netfilter.org/nftables/commit/?id=2be1d52644cf77bb2634fb504a265da480c5e901 | |
# http://wiki.squid-cache.org/Features/Tproxy4 | |
# https://serverfault.com/questions/1052717/how-to-translate-ip-route-add-local-0-0-0-0-0-dev-lo-table-100-to-systemd-netw | |
# https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/netfilter/nft_tproxy.c |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# target: squid-openssl 4.13 with listener "http_port 127.0.0.1:3129 tproxy" | |
# see also: | |
# https://docs.kernel.org/networking/tproxy.html | |
# https://blog.cloudflare.com/mmproxy-creative-way-of-preserving-client-ips-in-spectrum/ | |
# https://latest.gost.run/en/tutorials/redirect/#forwarding-chain_1 | |
# you might need to enable some iptables/nftables kernel modules: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eo pipefail | |
# NOTES: | |
# to use on backup files created by Google Takeout: https://support.google.com/accounts/answer/3024190?hl=en | |
# creates lists of top N mail senders & distribution-lists @ /tmp | |
# can be used to create Google Vault retentions to clean-up old mails or spam: https://support.google.com/vault/answer/2990828?hl=en | |
if [-z "$1" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euo pipefail | |
# NOTES: | |
# as Apple is not able to provide any good option to force updates on managed clients - you might want to notify users to install them | |
# will be silent if no updates are available | |
# see also: https://ss64.com/osx/softwareupdate.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -eo pipefail | |
if [ -z "$1" ] | |
then | |
echo "You need to supply the path to a certificate-directory to scan" | |
exit 1 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eE -o pipefail | |
# to create such a volume - use: https://gist.github.com/NiceRath/c794caa26a28fc90fc628a047648722b | |
if [ $# -lt 3 ] | |
then | |
cat << EOF | |
You must provide: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eE -o pipefail | |
# to create such a volume - use: https://gist.github.com/NiceRath/c794caa26a28fc90fc628a047648722b | |
# move the created key from <PATH-TO-KEY-DIR> to the remote host and securly delete them (p.e. using 'shred') | |
# run example: "bash /usr/local/sbin/cryptmount/cryptmount.sh vg0-lv1 crypt-lv1 /data" | |
ENC_LV_NAME="$1" | |
DECRYPT_LV_NAME="$2" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eE -o pipefail | |
# script to encrypt an existing LVM volume | |
# to move the encryption keys to a remote host - use: https://gist.github.com/NiceRath/65511409c8dbbbbb98ae6f1a668b7d5d | |
ENC_PATH='<PATH-TO-KEY-DIR>' | |
KEY_SIZE='8192' | |
PASS_FILE="${ENC_PATH}/<GPG-PASSPHRASE-FILE>" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# bash > crm configure | |
property no-quorum-policy=ignore | |
property stonith-enabled=false | |
primitive resHAProxy systemd:haproxy \ | |
op monitor interval=5 | |
clone clone_HAProxy resHAProxy | |
primitive resIP_LB IPaddr2 \ | |
params ip=172.x.x.x nic=ens18 cidr_netmask=32 \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# NOTES: | |
# perfoms md5sum on all files in the directory, sorts them and creates an overall md5sum | |
# WARNING: the sort order & checksum will change if you do not use the same LANG/LC_ALL! | |
EXCLUDES=('dir1' 'dir2/*') | |
set -eo pipefail |
OlderNewer