Skip to content

Instantly share code, notes, and snippets.

View rooty's full-sized avatar
🏠
Working from home

Vitalii Mikhnevych rooty

🏠
Working from home
View GitHub Profile
@rooty
rooty / paramiko-using-ssh-config.py
Created May 1, 2018 22:22 — forked from acdha/paramiko-using-ssh-config.py
Connecting with paramiko using the user's OpenSSH config
client = paramiko.SSHClient()
client._policy = paramiko.WarningPolicy()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_config = paramiko.SSHConfig()
user_config_file = os.path.expanduser("~/.ssh/config")
if os.path.exists(user_config_file):
with open(user_config_file) as f:
ssh_config.parse(f)
@rooty
rooty / unbound_ext.conf
Created May 30, 2018 12:02
unbound версии 1.7.1
server:
tls-cert-bundle: "/etc/pki/tls/certs/ca-bundle.crt"
forward-zone:
name: "."
forward-addr: 1.1.1.1#cloudflare-dns.com
forward-addr: 1.0.0.1#cloudflare-dns.com
forward-addr: 2606:4700:4700::1111#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001#cloudflare-dns.com
forward-tls-upstream: yes
@rooty
rooty / nginx.conf
Created December 11, 2018 03:43 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@rooty
rooty / LetsEncrypt+certbot+UFW+postfix+dovecot.md
Created December 23, 2018 08:13 — forked from mrothNET/LetsEncrypt+certbot+UFW+postfix+dovecot.md
Let's Encrypt / Dovecot / Postfix / UFW firewall / Certbot

Let's Encrypt / Dovecot / Postfix / UFW firewall / Certbot

This tutorial describes how to install TLS to a mail server consisting of Postfix and/or Dovecot by using Let's Encrypt certificates with automatic renewing and firewall management.

The system used for this tutorial was:

$ lsb_release -idrc
Distributor ID: Ubuntu
@rooty
rooty / autovpn.py
Created March 12, 2019 01:54 — forked from domenkozar/autovpn.py
AutoVPN for NetworkManager
#!/usr/bin/env python
"""
Copyright 2011 Domen Kozar. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
@rooty
rooty / tunnelbroker-net.sh
Created August 16, 2019 13:07 — forked from pklaus/tunnelbroker-net.sh
tunnelbroker.net automatic tunnel IP update and tunnel setup (on Mac OS X)
#!/bin/bash
#### This script is published by Philipp Klaus <[email protected]>
#### on <http://blog.philippklaus.de/2011/05/ipv6-6in4-tunnel-via-hurricane-electric-tunnelbroker-net-automatic-ip-update-on-mac-os-x/>
#### It is originally by freese60 and modified by limemonkey.
#### Found on <http://www.tunnelbroker.net/forums/index.php?topic=287.0>
### Uncomment this line to debug the script:
#set -x
@rooty
rooty / updateSecret.sh
Created October 18, 2019 07:03 — forked from 6be709c0/updateSecret.sh
A simple command to finally update the docker secret !
#!/usr/bin/env bash
# HOW TO USE
# ./updateSecret.sh secretName newValue
# It's that simple !
if [ "$#" -ne 2 ];
then
echo "#####"
echo "You must supplied secretName newValue"
@rooty
rooty / minecraft_do.yml
Created October 18, 2019 09:15 — forked from rdhyee/minecraft_do.yml
Ansible playbook to launch a digitalocean droplet and then configure it to run Minecraft based on instructions from https://www.digitalocean.com/community/articles/how-to-set-up-a-minecraft-server-on-linux Note that some things are hardwired: the name of the droplet, the version of minecraft
# http://www.ansibleworks.com/docs/modules.html#digital-ocean
# Create a new Droplet
# Will return the droplet details including the droplet id (used for idempotence)
- name: launch DO droplet
hosts: local
gather_facts: False
tasks:
- name: pwd
@rooty
rooty / jail.conf
Created June 16, 2020 11:33 — forked from AysadKozanoglu/jail.conf
fail2ban nginx 404 400 403 444 filter /etc/fail2ban/filter.d/nginx-4xx.conf enable
# to enable this filter add to jail.conf following (/etc/fail2ban/jail.conf)
# Thanks to -> TheBarret
[nginx-4xx]
enabled = true
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
@rooty
rooty / docker-compose.yml
Created December 6, 2020 00:59 — forked from mTrax-/docker-compose.yml
Traefik v2 with ssl
version: "3.3"
services:
reverse-proxy:
image: traefik:latest
restart: unless-stopped
command:
- --api
- --providers.docker=true
- --entrypoints.web.address=:80