asdf

pihole/clear_logs.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+systemctl stop pihole-FTL
+rm -f /etc/pihole/pihole-FTL.db
+systemctl start pihole-FTL

pihole/edit-hosts.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+nvim /etc/pihole/pihole.toml
+
+rc-service pihole-FTL restart

pihole/gravity.sh

@@ -0,0 +1,9 @@
+#!/bin/sh -x
+
+
+sh ~/nuke-iptables.sh
+pihole -g
+sh ~/iptables-pihole.sh
+
+echo
+echo "DONE."

pihole/iptables-pihole.sh

@@ -0,0 +1,90 @@
+#!/bin/sh
+#
+# mitchs iptables pihole config
+# -------------------------------------------
+
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+# variables
+# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
+SUBNET=192.168.100
+PIHOLE=$SUBNET.200
+# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
+
+# flush
+iptables -F
+
+# deny all default
+iptables -P OUTPUT DROP
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+
+# dns to/from pihole (self)
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport 53 -m state --state NEW
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport 53 -m state --state NEW
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p udp --dport 53 -m state --state NEW
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p udp --sport 53 -m state --state NEW
+
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport 53 -m state --state ESTABLISHED,RELATED
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport 53 -m state --state ESTABLISHED,RELATED
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p udp --dport 53 -m state --state ESTABLISHED,RELATED
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p udp --sport 53 -m state --state ESTABLISHED,RELATED
+
+# -----------------------------------------------------------
+# dns to/from 9.9.9.9
+iptables -A OUTPUT -j ACCEPT -d 9.9.9.9/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A OUTPUT -j ACCEPT -d 9.9.9.9/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 9.9.9.9/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 9.9.9.9/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+# and quad9s alt
+iptables -A OUTPUT -j ACCEPT -d 149.112.112.112/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A OUTPUT -j ACCEPT -d 149.112.112.112/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 149.112.112.112/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 149.112.112.112/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+# dns.watch
+iptables -A OUTPUT -j ACCEPT -d 84.200.68.80/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A OUTPUT -j ACCEPT -d 84.200.68.80/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 84.200.68.80/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 84.200.68.80/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+# dns.watch alt
+iptables -A OUTPUT -j ACCEPT -d 84.200.70.40/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A OUTPUT -j ACCEPT -d 84.200.70.40/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 84.200.70.40/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+iptables -A INPUT -j ACCEPT -s 84.200.70.40/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
+# -----------------------------------------------------------
+
+# permit local ssh
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
+
+# permit outgoing http,https,ftp as well for updates and things
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
+iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
+
+# allow pihole ftl
+iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport 80 -m state --state NEW
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport 80 -m state --state ESTABLISHED
+
+# allow telnet ftl api (port 4711)
+# ----- important: but only originating from our localhost outbound; not in
+iptables -A INPUT -s 127.0.0.1/24 -j ACCEPT -p tcp --dport 4711 -m state --state NEW
+iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport 4711 -m state --state ESTABLISHED
+
+# permit loopback
+iptables -A OUTPUT -j ACCEPT -o lo
+
+# permit established
+iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
+
+# save
+if command -v systemctl >/dev/null 2>&1 ; then
+	if [ -f /etc/sysconfig/iptables ] ; then
+		iptables-save -f /etc/sysconfig/iptables
+	elif [ -f /etc/iptables/iptables.rules ] ; then
+		iptables-save -f /etc/iptables/iptables.rules
+	fi
+elif command -v rc-service >/dev/null 2>&1 ; then
+	/etc/init.d/iptables save
+fi

pihole/lists/lists.md

@@ -0,0 +1,71 @@
+################################################
+# https://github.com/kboghdady/youTube_ads_4_pi-hole
+################################################
+https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/crowed_list.txt
+
+################################################
+# https://github.com/FadeMind/hosts.extras
+################################################
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/CoinBlockerList/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-Samsung-Adblock-Extension/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-Spotify-AdBlock-Extension/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-Xiaomi-Extension/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-YouTube-Adblock-Extension/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/Lightswitch05-ads-tracking-extended/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/UncheckyAds/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/What-Zit-Tooya-Ad-Block/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/WindowsSpyBlocker-EXTRA/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/WindowsSpyBlocker-SPY/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/WindowsSpyBlocker-UPDATE/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.2o7Net/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.Dead/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.Risk/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.Spam/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/antipopads-re/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/anudeepND-blacklist-adservers/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/anudeepND-blacklist-facebook/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/blocklists-facebook/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/osint.digitalside.it/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/oisd.nl/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/rlwpx.free.fr.hrsk/hosts
+https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/rlwpx.free.fr.htrc/hosts
+
+################################################
+# https://github.com/zachlagden/Pi-hole-Optimized-Blocklists
+################################################
+https://media.githubusercontent.com/media/zachlagden/Pi-hole-Optimized-Blocklists/main/lists/all_domains.txt
+
+################################################
+# BlockListProject
+################################################
+https://blocklistproject.github.io/Lists/smart-tv.txt
+https://blocklistproject.github.io/Lists/abuse.txt
+https://blocklistproject.github.io/Lists/ads.txt
+https://blocklistproject.github.io/Lists/fraud.txt
+https://blocklistproject.github.io/Lists/tiktok.txt
+https://blocklistproject.github.io/Lists/tracking.txt
+https://blocklistproject.github.io/Lists/drugs.txt
+https://blocklistproject.github.io/Lists/vaping.txt
+https://blocklistproject.github.io/Lists/basic.txt
+
+################################################
+# https://github.com/hagezi/dns-blocklists
+################################################
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/popupads.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/fake.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.huawei.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.samsung.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.tiktok.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.lgwebos.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.roku.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.vivo.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.oppo-realme.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.winoffice.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.apple.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.amazon.txt
+https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.xiaomi.txt
+
+

pihole/nuke-iptables.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# https://github.com/mitchweaver
+#
+# ever bork your iptable config and need
+# to rule out it being the problem?
+#
+
+ip6tables --policy INPUT   ACCEPT;
+ip6tables --policy OUTPUT  ACCEPT;
+ip6tables --policy FORWARD ACCEPT;
+
+ip6tables -Z; # zero counters
+ip6tables -F; # flush rules
+ip6tables -X; # delete all chains
+
+iptables --policy INPUT   ACCEPT;
+iptables --policy OUTPUT  ACCEPT;
+iptables --policy FORWARD ACCEPT;
+
+iptables -Z; # zero counters
+iptables -F; # flush rules
+iptables -X; # delete all chains

pihole/update-pihole.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+apk update
+apk upgrade --force-missing-repositories
+
+pihole -up
+

proxmox/scripts/passthrough_disks_truenas.sh

@@ -0,0 +1,4 @@
+qm set  103  -scsi1 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG59DDM,serial=VHG59DDM
+qm set  103  -scsi2 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG5BB3M,serial=VHG5BB3M
+qm set  103  -scsi3 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG85ZKM,serial=VHG85ZKM
+qm set  103  -scsi4 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG87DNM,serial=VHG87DNM

proxmox/usr/local/lib/systemd/network/README.md

@@ -0,0 +1,5 @@
+# stop interfaces from changing names
+
+some reason my mini pc keeps flipping these around randomly on boot
+force them to stay to their mac addresses with these files
+