-
-
Save pbt001/ab29f5ff455820d7056bf2cc0dd9a96c to your computer and use it in GitHub Desktop.
router.home.lan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -e | |
| # based on https://gist.github.com/corny/7a07f5ac901844bd20c9 | |
| hostname=k9982874.dns.navy | |
| device=ppp0 | |
| token=<YOUR TOKEN> | |
| v4_file=/tmp/${hostname} | |
| [ -e $v4_file ] && old=`cat $v4_file` | |
| if [ -z "$hostname" -o -z "$token" ]; then | |
| echo "Usage: token=<your-authentication-token> $0 your-name.dynv6.net [device]" | |
| exit 1 | |
| fi | |
| if [ -n "$device" ]; then | |
| device="dev $device" | |
| fi | |
| v4_address=$(ip -4 addr list $device | grep "global" | sed -n 's/.*inet \([0-9.]\+\).*/\1/p' | head -n 1); | |
| echo $v4_address | |
| if [ -e /usr/bin/curl ]; then | |
| bin="curl -fsS" | |
| elif [ -e /usr/bin/wget ]; then | |
| bin="wget -O-" | |
| else | |
| echo "neither curl nor wget found" | |
| exit 1 | |
| fi | |
| if [ -z "$v4_address" ]; then | |
| echo "no IPv4 address found" | |
| exit 1 | |
| fi | |
| current=$v4_address | |
| if [ "$old" = "$current" ]; then | |
| # when running via cron we do not need that kind of verbosity. | |
| # echo "IPv4 address unchanged" | |
| exit | |
| fi | |
| echo "new ipv4 address detected ${v4_address}, updating" | |
| # send addresses to dynv6 | |
| $bin "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=$v4_address&token=$token" | |
| # save current address | |
| echo $current > $v4_file |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$PASS" ]; then | |
| echo "Please setup password for the archive" | |
| exit 0 | |
| fi | |
| ROOT=/mnt/data/backups/gitea | |
| find $ROOT/ -type f -name '*' -mtime +30 -exec rm {} \; | |
| DATE=`date +%Y%m%d%H%M` | |
| START_AT=`date +%s` | |
| mysqldump --opt --complete-insert --add-drop-database -uroot -p111111 --databases gitea | \ | |
| openssl aes-256-cbc -pbkdf2 -out $ROOT/$DATE.sql -pass pass:$PASS | |
| tar --exclude=lost+found --one-file-system -P --use-compress-program pigz -cvpf - /mnt/data/gitea 2> $ROOT/$DATE.log | \ | |
| openssl aes-256-cbc -pbkdf2 -out $ROOT/$DATE.tar.gz -pass pass:$PASS | |
| HASH=`md5sum $ROOT/$DATE.tar.gz | awk '{ print $1 }'` | |
| echo "HASH: $HASH" >> $ROOT/$DATE.log | |
| END_AT=`date +%s` | |
| echo "Done. $((END_AT-START_AT)) seconds elapsed." >> $ROOT/$DATE.log |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #*mangle | |
| #:PREROUTING ACCEPT [0:0] | |
| #:INPUT ACCEPT [0:0] | |
| #:FORWARD ACCEPT [0:0] | |
| #:OUTPUT ACCEPT [0:0] | |
| #:POSTROUTING ACCEPT [0:0] | |
| #COMMIT | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| # Keep all established connections | |
| -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| # Allow loopback interface (lo0) and drop all traffic to 127/8 that doesn't use lo0 | |
| -A INPUT -i lo -j ACCEPT | |
| -A OUTPUT -o lo -j ACCEPT | |
| #-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT | |
| #-A OUTPUT ! -o lo -s 127.0.0.0/8 -j REJECT | |
| # Drop Invalid Packets | |
| -A INPUT -m conntrack --ctstate INVALID -j DROP | |
| # Allow Established and Related Incoming Connections | |
| -A INPUT -i ppp0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| # Allow Established Outgoing Connections | |
| -A OUTPUT -o ppp0 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Clamp mss to pmtu for pppoe | |
| -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | |
| # Forward internal and external | |
| -A FORWARD -i ppp0 -o br0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -i br0 -o ppp0 -j ACCEPT | |
| # Forward for openvpn | |
| -A FORWARD -i ppp0 -o tun+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | |
| -A FORWARD -i tun+ -o ppp0 -j ACCEPT | |
| # Allow ping and ICMP error returns. | |
| -A INPUT -p icmp -m conntrack --ctstate NEW --icmp-type 8 -j ACCEPT | |
| -A INPUT -p icmp -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| -A OUTPUT -p icmp -j ACCEPT | |
| # Allow OpenVPN | |
| -A INPUT -i ppp0 -p udp --dport 1194 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p udp --sport 1194 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow ssh | |
| -A INPUT -i ppp0 -p tcp --dport 10022 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 10022 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow HTTP | |
| -A INPUT -i ppp0 -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow HTTPS | |
| -A INPUT -i ppp0 -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Allow Transmission Port | |
| -A INPUT -i ppp0 -p tcp --dport 51413 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -o ppp0 -p tcp --sport 51413 -m conntrack --ctstate ESTABLISHED -j ACCEPT | |
| # Drop all other traffic for external | |
| -A INPUT -i ppp0 -j DROP | |
| COMMIT | |
| *nat | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| -A POSTROUTING -o ppp0 -j MASQUERADE | |
| -A PREROUTING -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800 | |
| -A OUTPUT -p tcp -m set --match-set gfwlist dst -j REDIRECT --to-ports 10800 | |
| COMMIT |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PPPD_PID=$(/usr/bin/pidof pppd) | |
| kill -s HUP $PPPD_PID |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BACKUP_FILE=$1 | |
| RESTORE_PATH=$2 | |
| restore () { | |
| START_AT=`date +%s` | |
| openssl aes-256-cbc -d -pbkdf2 -in $BACKUP_FILE -pass pass:$1 | tar -xvp --use-compress-program pigz -C $RESTORE_PATH --numeric-owner | |
| END_AT=`date +%s` | |
| echo "Done. $((END_AT-START_AT)) seconds elapsed." | |
| } | |
| if [ -z "$BACKUP_FILE" -o -z "$RESTORE_PATH" ]; then | |
| echo "Usage: system-restore <BACKUP FILE> <PATH TO RESTORE>" | |
| exit 1 | |
| fi | |
| if [ ! -f "$BACKUP_FILE" ]; then | |
| echo "Specified backup file does not exist" | |
| exit 1 | |
| fi | |
| if [ ! -d "$RESTORE_PATH" ]; then | |
| echo "Specified path does not exist" | |
| exit 1 | |
| fi | |
| echo "Please enter your password" | |
| stty -echo | |
| read PASS | |
| stty echo | |
| echo "Do you wish to restore $BACKUP_FILE to $RESTORE_PATH?" | |
| select yn in "Yes" "No"; do | |
| case $yn in | |
| Yes ) restore $PASS; break;; | |
| * ) exit;; | |
| esac | |
| done |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$PASS" ]; then | |
| echo "Please setup password for the archive" | |
| exit 0 | |
| fi | |
| ROOT=/mnt/data/backups/system | |
| find $ROOT/ -type f -name '*' -mtime +30 -exec rm {} \; | |
| DATE=`date +%Y%m%d%H%M` | |
| START_AT=`date +%s` | |
| tar --exclude=/proc \ | |
| --exclude=/tmp \ | |
| --exclude=/mnt \ | |
| --exclude=/dev \ | |
| --exclude=/sys \ | |
| --exclude=/run \ | |
| --exclude=/media \ | |
| --exclude=/var/log \ | |
| --exclude=/var/cache \ | |
| --exclude=lost+found \ | |
| --exclude=*.sock \ | |
| --one-file-system \ | |
| -P \ | |
| --use-compress-program pigz \ | |
| -cvpf - / \ | |
| 2> $ROOT/$DATE.log \ | |
| | openssl aes-256-cbc -pbkdf2 -out $ROOT/$DATE.tar.gz -pass pass:$PASS | |
| HASH=`md5sum $ROOT/$DATE.tar.gz | awk '{ print $1 }'` | |
| echo "HASH: $HASH" >> $ROOT/$DATE.log | |
| END_AT=`date +%s` | |
| echo "Done. $((END_AT-START_AT)) seconds elapsed." >> $ROOT/$DATE.log |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ -z "$PASS" ]; then | |
| echo "Please setup password for the archive" | |
| exit 0 | |
| fi | |
| ROOT=/mnt/data/backups/web | |
| find $ROOT/ -type f -name '*' -mtime +30 -exec rm {} \; | |
| DATE=`date +%Y%m%d%H%M` | |
| START_AT=`date +%s` | |
| mysqldump --opt --complete-insert --add-drop-database -uroot -p111111 --databases nextcloud | \ | |
| openssl aes-256-cbc -pbkdf2 -out $ROOT/$DATE.sql -pass pass:$PASS | |
| tar --exclude=lost+found -P --one-file-system --use-compress-program pigz -cvpf - /mnt/data/web 2> $ROOT/$DATE.log | \ | |
| openssl aes-256-cbc -pbkdf2 -out $ROOT/$DATE.tar.gz -pass pass:$PASS | |
| HASH=`md5sum $ROOT/$DATE.tar.gz | awk '{ print $1 }'` | |
| echo "HASH: $HASH" >> $ROOT/$DATE.log | |
| END_AT=`date +%s` | |
| echo "Done. $((END_AT-START_AT)) seconds elapsed." >> $ROOT/$DATE.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment