mitch/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mitch:ff951100df76d2315f7c36bbc9c89c1c3e096c69
Branches Tags
mitch:main
..
compare: mitch:main
Branches Tags
mitch:main

28 Commits
ff951100df ... main

Author SHA1 Message Date
wvr
e17b863b7b fix 2026-02-28 07:36:36 -06:00
wvr
894c107e22 photoview 2026-02-28 07:07:53 -06:00
wvr
184b6912c4 sadf 2026-02-26 23:57:40 -06:00
wvr
665249830a asdf 2026-02-26 23:52:32 -06:00
wvr
c8aa7f1838 fix focalboard 2026-02-23 18:53:02 -06:00
wvr
4dde65f869 sadf 2026-02-23 18:51:45 -06:00
wvr
8567ba5f1a asdf 2026-02-23 18:48:47 -06:00
wvr
3fc34b98e8 focalboard 2026-02-23 18:43:36 -06:00
wvr
6217d3f3f8 asdf 2026-02-21 01:28:38 -06:00
wvr
d2fd588432 autotrim 2026-02-20 02:22:13 -06:00
wvr
9f42949d3d asdf 2026-02-20 00:46:09 -06:00
wvr
ac931fc031 asdf 2026-02-15 20:47:51 -06:00
wvr
d57fd745e6 fix 2026-02-15 17:31:35 -06:00
wvr
c9d134a510 add caddy 2026-02-15 16:55:33 -06:00
wvr
a562eb7256 iptables 2026-02-15 16:47:06 -06:00
wvr
10ad62f4ba asfd 2026-02-13 23:12:08 -06:00
wvr
f1a886e2e4 asdf 2026-02-13 22:35:40 -06:00
wvr
e306c81c12 asdf 2026-02-13 22:34:54 -06:00
wvr
c23940fc6f asdf 2026-02-13 21:50:28 -06:00
wvr
ca787ccf37 sadf 2026-02-12 14:10:58 -06:00
wvr
433f3dd630 safd 2026-02-11 18:45:24 -06:00
wvr
eb737aab42 y 2026-02-11 15:58:04 -06:00
wvr
d1050e44b5 asdf 2026-02-10 21:51:03 -06:00
wvr
8c15fa569f pihole 2026-02-10 14:46:41 -06:00
wvr
0fee49d36e pihole 2026-02-10 14:38:00 -06:00
wvr
3c0ee7c2be asdf 2026-02-10 14:31:43 -06:00
wvr
0db08478c0 fix 2026-02-10 12:35:42 -06:00
wvr
b1b67626b9 sadf 2026-02-10 12:20:07 -06:00
36 changed files with 562 additions and 0 deletions
Expand all files Collapse all files

4
caddy/edit.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
nvim /etc/caddy/Caddyfile

9
caddy/iptables/disable_iptables.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
exit 0

63
caddy/iptables/iptables-caddy.sh Executable file
View File

@@ -0,0 +1,63 @@
#!/bin/sh
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
# variables
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUBNET=192.168.100
PIHOLE=$SUBNET.200
# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
# flush
iptables -F
# deny all default
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# ========================================================================
# CADDY IPTABLES CONFIG
# allow any tcp traffic on local lan
iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p tcp -m state --state NEW,ESTABLISHED,RELATED
# allow input both 443 and 80
# NOTE: need 80 as well for letsencrypt dont disable idiot
iptables -A INPUT -j ACCEPT -d $SUBNET.0/24 -p tcp --dport 443 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -d $SUBNET.0/24 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED
# ========================================================================
# dns to pihole
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p tcp --dport 53 -m state --state NEW
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p udp --dport 53 -m state --state NEW
# permit local ssh
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
# permit outgoing http,https,ftp as well for updates and things
iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
# permit loopback
iptables -A OUTPUT -j ACCEPT -o lo
# permit established
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# save
if command -v systemctl >/dev/null 2>&1 ; then
# redhat
if [ -f /etc/sysconfig/iptables ] ; then
iptables-save -f /etc/sysconfig/iptables
# arch
elif [ -f /etc/iptables/iptables.rules ] ; then
iptables-save -f /etc/iptables/iptables.rules
fi
# alpine
elif command -v rc-service >/dev/null 2>&1 ; then
/etc/init.d/iptables save
fi

5
caddy/restart.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
rc-service caddy stop
rc-service caddy start

3
caddy/update.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/sh -e
apk update
apk upgrade --force-missing-repositories

13
focalboard/docker-compose.yml Normal file
View File

@@ -0,0 +1,13 @@
services:
app:
image: mattermost/focalboard:latest
container_name: focalboard
volumes:
- ./data:/opt/focalboard/data
ports:
- 4280:8000
environment:
- VIRTUAL_HOST=focalboard.local.wvr.sh
- VIRTUAL_PORT=8000
restart: unless-stopped

11
focalboard/fix.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/bin/sh -e
if [ ! -e data ] ; then
mkdir -p data
chown -R nobody data
fi
docker compose pull
docker compose down
docker compose up -d

14
gonic/docker-compose.yml Normal file
View File

@@ -0,0 +1,14 @@
services:
gonic:
image: sentriz/gonic:latest
environment:
- GONIC_SCAN_INTERVAL=720
- GONIC_SCAN_AT_START_ENABLED=1
ports:
- 4747:80
volumes:
- ./data:/data
- ./data/cache:/cache
- ./data/playlists:/playlists
- ./data/non/existent:/podcasts
- /mnt/music:/music:ro

11
mount_all_truenas.sh Executable file
View File

@@ -0,0 +1,11 @@
#!/bin/sh
grep truenas /etc/fstab | \
while read -r line ; do
set -- $line
echo "FOLDER: ${1##*/}"
doas umount /mnt/"${1##*/}" 2>/dev/null ||:
doas mount /mnt/"${1##*/}"
done

5
photoview/.env Normal file
View File

@@ -0,0 +1,5 @@
HOST_PHOTOVIEW_LOCATION="/root/photoview"
PHOTOVIEW_PORT="2283"
HOST_PHOTOVIEW_MEDIA_ROOT="/mnt/images"
PHOTOVIEW_DATABASE_DRIVER="sqlite"
PHOTOVIEW_SQLITE_PATH="/home/photoview/database/photoview.db"

50
photoview/docker-compose.yml Normal file
View File

@@ -0,0 +1,50 @@
services:
## Makes sure that the media cache folder is created with the correct permissions
photoview-prepare:
image: photoview/photoview:latest
hostname: photoview-prepare
container_name: photoview-prepare
network_mode: "none"
user: root
entrypoint: []
command: /bin/bash -c "sleep 1 && chown -R photoview:photoview /home/photoview/media-cache"
cap_add:
- CHOWN
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "${HOST_PHOTOVIEW_LOCATION}/timezone.txt:/etc/timezone:ro"
- "${HOST_PHOTOVIEW_LOCATION}/storage:/home/photoview/media-cache"
photoview:
image: photoview/photoview:latest
hostname: photoview
container_name: photoview
restart: unless-stopped
stop_grace_period: 10s
networks:
- ui_net
- api_db_net
ports:
- "${PHOTOVIEW_PORT}:80" ## HTTP port (host:container)
security_opt:
- seccomp:unconfined
- apparmor:unconfined
environment:
PHOTOVIEW_DATABASE_DRIVER: ${PHOTOVIEW_DATABASE_DRIVER}
PHOTOVIEW_SQLITE_PATH: ${PHOTOVIEW_SQLITE_PATH}
PHOTOVIEW_LISTEN_IP: "0.0.0.0"
MAPBOX_TOKEN: ${MAPBOX_TOKEN}
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "${HOST_PHOTOVIEW_LOCATION}/timezone.txt:/etc/timezone:ro"
- "${HOST_PHOTOVIEW_LOCATION}/database:/home/photoview/database"
- "${HOST_PHOTOVIEW_LOCATION}/storage:/home/photoview/media-cache"
- "${HOST_PHOTOVIEW_MEDIA_ROOT}:/photos:ro"
networks:
ui_net:
driver: bridge
api_db_net:
internal: true

5
photoview/env Normal file
View File

@@ -0,0 +1,5 @@
HOST_PHOTOVIEW_LOCATION="/root/photoview"
PHOTOVIEW_PORT="2283"
HOST_PHOTOVIEW_MEDIA_ROOT="/mnt/images"
PHOTOVIEW_DATABASE_DRIVER="sqlite"
PHOTOVIEW_SQLITE_PATH="/home/photoview/database/photoview.db"

25
photoview/fix.sh Executable file
View File

@@ -0,0 +1,25 @@
#!/bin/sh
docker compose down
msg() {
>&2 printf '[*] %s\n' "$*"
}
dir=/mnt/images
if umount "$dir" ; then
msg "unmounted $dir"
else
msg "failed to unmount $dir!"
fi
if mount "$dir" ; then
msg "mounted $dir"
else
msg "failed to unmount $dir!"
fi
docker compose pull
docker compose up -d

1
photoview/timezone.txt Normal file
View File

@@ -0,0 +1 @@
America/Chicago

5
pihole/clear_logs.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
systemctl stop pihole-FTL
rm -f /etc/pihole/pihole-FTL.db
systemctl start pihole-FTL

5
pihole/edit-hosts.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
nvim /etc/pihole/pihole.toml
rc-service pihole-FTL restart

9
pihole/gravity.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh -x
sh ~/nuke-iptables.sh
pihole -g
sh ~/iptables-pihole.sh
echo
echo "DONE."

90
pihole/iptables-pihole.sh Executable file
View File

@@ -0,0 +1,90 @@
#!/bin/sh
#
# mitchs iptables pihole config
# -------------------------------------------
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
# variables
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUBNET=192.168.100
PIHOLE=$SUBNET.200
# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
# flush
iptables -F
# deny all default
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# dns to/from pihole (self)
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport 53 -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport 53 -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p udp --dport 53 -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p udp --sport 53 -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport 53 -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport 53 -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p udp --dport 53 -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p udp --sport 53 -m state --state ESTABLISHED,RELATED
# -----------------------------------------------------------
# dns to/from 9.9.9.9
iptables -A OUTPUT -j ACCEPT -d 9.9.9.9/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -d 9.9.9.9/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 9.9.9.9/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 9.9.9.9/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
# and quad9s alt
iptables -A OUTPUT -j ACCEPT -d 149.112.112.112/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -d 149.112.112.112/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 149.112.112.112/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 149.112.112.112/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
# dns.watch
iptables -A OUTPUT -j ACCEPT -d 84.200.68.80/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -d 84.200.68.80/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 84.200.68.80/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 84.200.68.80/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
# dns.watch alt
iptables -A OUTPUT -j ACCEPT -d 84.200.70.40/24 -p tcp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -d 84.200.70.40/24 -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 84.200.70.40/24 -p tcp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -s 84.200.70.40/24 -p udp --sport 53 -m state --state NEW,ESTABLISHED,RELATED
# -----------------------------------------------------------
# permit local ssh
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
# permit outgoing http,https,ftp as well for updates and things
iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
# allow pihole ftl
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport 80 -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport 80 -m state --state ESTABLISHED
# allow telnet ftl api (port 4711)
# ----- important: but only originating from our localhost outbound; not in
iptables -A INPUT -s 127.0.0.1/24 -j ACCEPT -p tcp --dport 4711 -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport 4711 -m state --state ESTABLISHED
# permit loopback
iptables -A OUTPUT -j ACCEPT -o lo
# permit established
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# save
if command -v systemctl >/dev/null 2>&1 ; then
if [ -f /etc/sysconfig/iptables ] ; then
iptables-save -f /etc/sysconfig/iptables
elif [ -f /etc/iptables/iptables.rules ] ; then
iptables-save -f /etc/iptables/iptables.rules
fi
elif command -v rc-service >/dev/null 2>&1 ; then
/etc/init.d/iptables save
fi

71
pihole/lists/lists.md Normal file
View File

@@ -0,0 +1,71 @@
################################################
# https://github.com/kboghdady/youTube_ads_4_pi-hole
################################################
https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/crowed_list.txt
################################################
# https://github.com/FadeMind/hosts.extras
################################################
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/CoinBlockerList/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-Samsung-Adblock-Extension/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-Spotify-AdBlock-Extension/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-Xiaomi-Extension/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/GoodbyeAds-YouTube-Adblock-Extension/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/Lightswitch05-ads-tracking-extended/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/UncheckyAds/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/What-Zit-Tooya-Ad-Block/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/WindowsSpyBlocker-EXTRA/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/WindowsSpyBlocker-SPY/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/WindowsSpyBlocker-UPDATE/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.2o7Net/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.Dead/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.Risk/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/add.Spam/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/antipopads-re/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/anudeepND-blacklist-adservers/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/anudeepND-blacklist-facebook/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/blocklists-facebook/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/osint.digitalside.it/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/oisd.nl/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/rlwpx.free.fr.hrsk/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/refs/heads/master/rlwpx.free.fr.htrc/hosts
################################################
# https://github.com/zachlagden/Pi-hole-Optimized-Blocklists
################################################
https://media.githubusercontent.com/media/zachlagden/Pi-hole-Optimized-Blocklists/main/lists/all_domains.txt
################################################
# BlockListProject
################################################
https://blocklistproject.github.io/Lists/smart-tv.txt
https://blocklistproject.github.io/Lists/abuse.txt
https://blocklistproject.github.io/Lists/ads.txt
https://blocklistproject.github.io/Lists/fraud.txt
https://blocklistproject.github.io/Lists/tiktok.txt
https://blocklistproject.github.io/Lists/tracking.txt
https://blocklistproject.github.io/Lists/drugs.txt
https://blocklistproject.github.io/Lists/vaping.txt
https://blocklistproject.github.io/Lists/basic.txt
################################################
# https://github.com/hagezi/dns-blocklists
################################################
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/popupads.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/fake.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.huawei.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.samsung.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.tiktok.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.lgwebos.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.roku.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.vivo.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.oppo-realme.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.winoffice.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.apple.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.amazon.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/domains/native.xiaomi.txt

3
pihole/lists/nsfw-lists.md Normal file
View File

@@ -0,0 +1,3 @@
https://media.githubusercontent.com/media/zachlagden/Pi-hole-Optimized-Blocklists/main/lists/nsfw.txt
https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/nsfw.txt

23
pihole/nuke-iptables.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/bin/sh
#
# https://github.com/mitchweaver
#
# ever bork your iptable config and need
# to rule out it being the problem?
#
ip6tables --policy INPUT ACCEPT;
ip6tables --policy OUTPUT ACCEPT;
ip6tables --policy FORWARD ACCEPT;
ip6tables -Z; # zero counters
ip6tables -F; # flush rules
ip6tables -X; # delete all chains
iptables --policy INPUT ACCEPT;
iptables --policy OUTPUT ACCEPT;
iptables --policy FORWARD ACCEPT;
iptables -Z; # zero counters
iptables -F; # flush rules
iptables -X; # delete all chains

4
pihole/restart-pihole.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
rc-service pihole-FTL restart

7
pihole/update-pihole.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
apk update
apk upgrade --force-missing-repositories
pihole -up

4
proxmox/autotrim.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
zpool set autotrim=on rpool

4
proxmox/etc/README.md Normal file
View File

@@ -0,0 +1,4 @@
/etc/dhcpcd.conf
add `nohook resolv.conf` to end to disable editing /etc/resolv.conf

1
proxmox/etc/sysctl.conf Normal file
View File

@@ -0,0 +1 @@
net.ipv4.ip_forward=1

5
proxmox/scripts/passthrough_disks.sh Normal file
View File

@@ -0,0 +1,5 @@
qm set 104 -IDE0 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG59DDM
qm set 104 -IDE1 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG5BB3M
qm set 104 -IDE2 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG85ZKM
qm set 104 -IDE3 /dev/disk/by-id/ata-WDC_WD101EFBX-68B0AN0_VHG87DNM

6
proxmox/usr/local/lib/systemd/network/90-nic0.link Normal file
View File

@@ -0,0 +1,6 @@
[Match]
MACAddress=58:47:ca:72:ef:21
[Link]
Name=nic0

6
proxmox/usr/local/lib/systemd/network/91-nic1.link Normal file
View File

@@ -0,0 +1,6 @@
[Match]
MACAddress=58:47:ca:72:ef:22
[Link]
Name=nic1

5
proxmox/usr/local/lib/systemd/network/README.md Normal file
View File

@@ -0,0 +1,5 @@
# stop interfaces from changing names
some reason my mini pc keeps flipping these around randomly on boot
force them to stay to their mac addresses with these files

9
scripts/disable_iptables.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
exit 0

0
proxmox/scripts-old-wip/iptables-skeleton.sh → scripts/iptables-skeleton.sh Normal file → Executable file
View File

1
seedbox/etc/fstab Normal file
View File

@@ -0,0 +1 @@
//192.168.100.143/torrents /mnt/torrents cifs nofail,rw,uid=100,gid=101,iocharset=utf8,vers=3.0,credentials=/root/sambacreds.txt,_netdev 0 0

9
seedbox/fix.sh Executable file
View File

@@ -0,0 +1,9 @@
if ! [ -d /mnt/torrents/complete ] ; then
if mount -a ; then
rc-service wg-quick.mullvad restart
rc-service qbittorrent-nox restart
fi
else
rc-service wg-quick.mullvad restart
rc-service qbittorrent-nox restart
fi

9
seedbox/old/disable_iptables.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
exit 0

67
seedbox/old/iptables-seedbox.sh Executable file
View File

@@ -0,0 +1,67 @@
#!/bin/sh -ex
#
# this is a "kill switch" for wireguard
# block all traffic outside of the tunnel
# --------------------------------------------------------------------
# flush
iptables -F
# refuse all default
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# -/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
# permit samba / NFS to truenas (192.168.100.143)
iptables -A INPUT -s 192.168.100.143/24 -j ACCEPT -p udp -m udp --dport 137
iptables -A INPUT -s 192.168.100.143/24 -j ACCEPT -p udp -m udp --dport 138
iptables -A INPUT -s 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 139
iptables -A INPUT -s 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 445
iptables -A INPUT -s 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 111
iptables -A INPUT -s 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 2049
iptables -A OUTPUT -d 192.168.100.143/24 -j ACCEPT -p udp -m udp --dport 137 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -d 192.168.100.143/24 -j ACCEPT -p udp -m udp --dport 138 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -d 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 139 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -d 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 445 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -d 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 111 -m state --state NEW,ESTABLISHED,RELATED
iptables -A OUTPUT -d 192.168.100.143/24 -j ACCEPT -p tcp -m tcp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED
# permit qbittorrent-nox access on LAN subnet
iptables -A INPUT -j ACCEPT -s 192.168.100.0/24 -p tcp --dport 8080 -m state --state NEW
iptables -A OUTPUT -j ACCEPT -d 192.168.100.0/24 -p tcp --sport 8080 -m state --state ESTABLISHED
# permit ssh on LAN subnet
iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
iptables -A OUTPUT -d 192.168.100.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
iptables -A OUTPUT -d 192.168.100.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
# allow dns to pihole
PIHOLE_IP=192.168.100.200
iptables -A OUTPUT -j ACCEPT -d $PIHOLE_IP/24 -p tcp --dport 53 -m state --state NEW
iptables -A OUTPUT -j ACCEPT -d $PIHOLE_IP/24 -p udp --dport 53 -m state --state NEW
# -/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
# permit outgoing wireguard traffic on 51820 to the mullvad server
WIREGUARD_SERVER=38.240.225.36
iptables -A OUTPUT -d $WIREGUARD_SERVER/32 -p udp --dport 51820 -j ACCEPT
iptables -A OUTPUT -d $WIREGUARD_SERVER/32 -p udp --dport 51820 -j ACCEPT
# permit any local traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# ========== dont think we need tun on wireguard ===================
#iptables -A INPUT -i tun+ -j ACCEPT
#iptables -A OUTPUT -o tun+ -j ACCEPT
# ========== dont think we need tun on wireguard ===================
# permit replies to traffic sent out
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# save
/etc/init.d/iptables save