Inspired By: grafana/loki#333
- docker-compose.yml
version: "3"
networks:
loki:
skul87
haplo
/ restic_backup.sh
Created
March 8, 2022 12:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script backs up files using restic and sends emails on success or errors. | |
| # | |
| # Files that the script expects: | |
| # /usr/local/etc/restic/repo.env: shell variables that define the restic repository | |
| # /usr/local/etc/restic/include.txt: paths to back up | |
| # /usr/local/etc/restic/exclude.txt: paths to not include in the backup, even if they are in include.txt | |
| # | |
| # Inspired by https://gist.github.com/perfecto25/18abbd6cfbaa4e9eb30251470e9b7504 |
ruanbekker
/ promtail_docker_logs.md
Last active
April 9, 2025 09:48
Docker Container Logging using Promtail
drmalex07
/ README-fail2ban-openvpn.md
Created
March 3, 2019 13:34
Block unauthorized requests to OpenVPN using fail2ban. #openvpn #fail2ban
The following is based on https://stefan.angrick.me/block-unauthorized-openvpn-logins-using-fail2ban.
Add a filter configuration under /etc/fail2ban/filter.d/openvpn.conf. The contents would be something like (regular expressions may need adjustments):
[INCLUDES]
before = common.conf
velizarn
/ ip6tables_setup.bash
Last active
February 7, 2025 13:03
Basic setup for ip6tables - drop all traffic except local, ICMP and DHCPv6 traffic.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # http://serverfault.com/questions/410321/debian-ip6tables-rules-setup-for-ipv6/410327#410327 | |
| # http://ipset.netfilter.org/iptables.man.html | |
| # https://www.sixxs.net/wiki/IPv6_Firewalling | |
| # https://www.cyberciti.biz/faq/ip6tables-ipv6-firewall-for-linux/ | |
| # https://gist.github.com/thomasfr/9712418 | |
| # https://gist.github.com/SnakeDrak/f4150f6e517e5a1d525f | |
| # http://www.thegeekstuff.com/2011/06/iptables-rules-examples | |
| # http://www.thegeekstuff.com/scripts/iptables-rules |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # for ISAKMP (handling of security associations) | |
| iptables -A INPUT -p udp --dport 500 --j ACCEPT | |
| # for NAT-T (handling of IPsec between natted devices) | |
| iptables -A INPUT -p udp --dport 4500 --j ACCEPT | |
| # for ESP payload (the encrypted data packets) | |
| iptables -A INPUT -p esp -j ACCEPT | |
| # for the routing of packets on the server | |
| iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0 | |
| # internet access | |
| iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT |