Skip to content

Instantly share code, notes, and snippets.

View ThomasLeister's full-sized avatar

Thomas Leister ThomasLeister

View GitHub Profile
@ThomasLeister
ThomasLeister / map-podman-container-user-to-host-user.txt
Created January 17, 2022 09:46
Map a Podman container user to host user
#
# Use case: Podman should run a build-container.
# The build should be run by a user "builder" with UID 1000 inside the container
# Build artifacts should be shared with the host via a -v Volume.
# To make things easier, artifacts created inside the container should have the user, who started the container, as owner.
# The Container should run in "rootless" mode.
# Solution: Use --uidmap for user mapping.
#
podman run \
@ThomasLeister
ThomasLeister / convert-vmail-db.py
Last active September 25, 2020 12:00
Python database convert script for Thomas Leister's Mailserver Guide
# This script converts the DB layout of the old mailserver guide (Ubuntu 14.04) [1]
# to the new one, introduced with Ubuntu Xenial (16.04) [2].
# Please note that the DB schema / tables for the new schema already need to exist.
# This script is just transferring / converting table _contents_.
#
# No not forget to provide your own database name and credentials in the
# MySQL "connect" commands at the beginning of the script!
#
# Prerequisites:
# apt install python3-pip
@ThomasLeister
ThomasLeister / delete-ejabberd-accounts-list.sh
Created May 9, 2020 20:41
Delete Ejabberd accounts by JID list
##
## Create a "spammers.txt" file with all the JIDs (Jabber IDs) to delete. One in each line:
## [email protected]
## [email protected]
## [email protected]
## ...
## then run this command:
cat spammers.txt | xargs -L1 -i bash -c 'jid={}; name=${jid%@*}; domain=${jid##*@}; ejabberdctl unregister $name $domain; echo "deleted $jid"'
@ThomasLeister
ThomasLeister / auto-start-tmux-ssh.txt
Last active September 30, 2024 11:26
Put this into your .bashrc to auto-start a tmux session after SSH login
Put these lines into your server's .bashrc:
##
## TMUX auto attach
##
if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then # if this is an SSH session
if which tmux >/dev/null 2>&1; then # check if tmux is installed
if [[ -z "$TMUX" ]] ;then # do not allow "tmux in tmux"
ID="$( tmux ls | grep -vm1 attached | cut -d: -f1 )" # get the id of a deattached session
if [[ -z "$ID" ]] ;then # if not available create a new one
tmux new-session
### Remove all snapshots crteated by the zfs-auto-snapshot tool
zfs list -t snapshot -o name | grep zfs-auto-snap | tac | xargs -n 1 zfs destroy -r
@ThomasLeister
ThomasLeister / mastodon-tootctl-media-purge.txt
Created February 21, 2019 19:07
How to automatically remove cached media files older that 7 days from your Mastodon instance
This is how to automatically delete cached image previews from your Mastodon instance if they are older than 7 days.
Log in as your "mastodon" User or log in as root and then change to the "mastodon" user, who runs Mastodon:
# su - mastodon
Open crontab:
$ crontab -e
... and add these lines to your crontab:
@ThomasLeister
ThomasLeister / mastodon-csp-header
Last active February 20, 2023 03:16
CSP header for Mastodon social network
(Assuming metalhead.club as instance domain - please adapt to your instance!)
add_header Content-Security-Policy "default-src 'none'; script-src https: 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'self' data:; frame-src 'self' https:; font-src 'self' data:; connect-src 'self' wss://metalhead.club";
Note:
style-src: I chose 'unsafe-inline' because there are just too many inline styles in static source code or dynamically
generated code to cover all cases (Embed dialog, image lightbox, ...). Also styles seem to be dynamic, so
hashes cannot be generated to allow certain inline styles. :-(
@ThomasLeister
ThomasLeister / rspamd-whitelisting.md
Last active May 9, 2024 10:49
How to whitelist IP addresses or domains in Rspamd

Whitelist IP addresses based on pre-filter policy

/etc/rspamd/local.d/multimap.conf:

  IP_WHITELIST {
      type = "ip";
      prefilter = true;
      map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
 action = "accept";
@ThomasLeister
ThomasLeister / mastodon-install-jemalloc.txt
Last active April 10, 2023 01:48
How to install jemalloc and save RAM on your Mastodon instance
### If you set up your Mastodon instance before 9th of June 2018, you probably
### might not have jemalloc active on your Ruby setup. Jemalloc changes the way Ruby
### allocates memory and saves up RAM. On my 140 users instance RAM usage dropped by 300 MB just by using jemalloc.
### This is how to set it up on Debian 9 Stretch:
### As root, install libjemalloc-dev:
apt install libjemalloc-dev
### Change to mastodon user:
ACLs enabled for LXD / LXC containers on ZFS:
apt install acl (on host and container)
zfs set acltype=posixacl default/containers/kirby (on host)
(restart container)
=> *profit*