init

.zshrc

@@ -0,0 +1,34 @@
+!/usr/bin/zsh
+
+source ~/.profile
+
+ZSH="$HOME/.oh-my-zsh"
+ZSH_THEME='agnoster'
+CASE_SENSITIVE='false'
+DISABLE_LS_COLORS='true'
+COMPLETION_WAITING_DOTS='true'
+HIST_STAMPS='yyyy-mm-dd'
+
+plugins=( git )
+source "$ZSH/oh-my-zsh.sh"
+
+
+alias bc='bc -l'
+alias l='ls -alhg --group-directories-first'
+alias ll='l -R'
+alias ls='ls -AF --group-directories-first'
+alias d='du -ch --max-depth=1'
+alias md='mkdir'
+
+alias i='apt-get install -y'
+alias un='apt-get remove -y'
+alias x='chmod +x'
+
+alias upd='
+apt-get update -y;
+apt-get upgrade -y;
+apt-get autoremove -y;
+apt-get autoclean -y;
+'
+alias i='apt-get install -y'
+alias un='apt-get remove -y'

_install.sh

@@ -0,0 +1,166 @@
+#!/bin/bash
+
+
+# latest git
+add-apt-repository -y \
+  ppa:git-core/ppa
+apt-get update -y
+apt-get install -y \
+  git
+
+
+# upgrade
+apt-get upgrade -y
+
+
+# all the tools
+apt-get install -y \
+  build-essential \
+  certbot \
+  clang \
+  curl \
+  ffmpeg \
+  g++ \
+  ghostscript \
+  graphicsmagick \
+  imagemagick \
+  jpegoptim \
+  lynx \
+  make \
+  nginx \
+  pkg-config \
+  pngcrush \
+  pngquant \
+  postgresql \
+  postgresql-contrib \
+  rmlint \
+  sshfs \
+  ufw \
+  wget \
+  zsh
+
+
+# oh-my-zsh
+sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+
+
+# python3 & co
+apt-get install -y \
+  python-is-python3 \
+  python3 \
+  python3-pip
+
+ln -s /usr/bin/pip3 \
+      /usr/local/bin/pip
+
+pip install pipupgrade
+pipupgrade -y --pip --ignore-error
+
+
+# nodejs
+rm -rf /usr/local/bin/npm /usr/local/share/man/man1/node* ~/.npm
+rm -rf /usr/local/lib/node*
+rm -rf /usr/local/bin/node*
+rm -rf /usr/local/include/node*
+apt-get purge nodejs npm
+apt autoremove
+
+wget 'https://nodejs.org/dist/v16.15.0/node-v16.15.0-linux-x64.tar.xz'
+tar -xf 'node-v16.15.0-linux-x64.tar.xz'
+rm 'node-v16.15.0-linux-x64.tar.xz'
+mv node-v16.15.0-linux-x64/bin/* /usr/local/bin/
+mv node-v16.15.0-linux-x64/lib/node_modules/ /usr/local/lib/
+
+npm i -g n
+n lts
+npm i -g npm
+
+npm i -g svgo
+
+
+# deno
+curl -fsSL https://deno.land/install.sh \
+  | sh
+
+
+# rust
+apt-get install -y \
+  openssl libssl1.1 libssl-dev \
+  libfreetype6-dev libfontconfig1-dev libxcb-xfixes0-dev
+
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
+
+source $HOME/.cargo/env
+
+rustup toolchain install nightly \
+  --allow-downgrade \
+  --profile minimal \
+  --component clippy
+
+rustup default nightly
+
+env LIBSSH2_SYS_USE_PKG_CONFIG='' \
+  cargo install \
+    cargo-update
+
+## cargo apps
+cargo install \
+  xh bat exa fd-find \
+  broot jql sd \
+  xargo
+
+
+
+# mail
+apt-get install -y \
+  apt-transport-https ca-certificates \
+  gnupg-agent software-properties-common
+
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
+  | apt-key add -
+
+apt-key fingerprint 0EBFCD88
+
+add-apt-repository \
+  "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) \
+  stable"
+
+apt-get update -y
+apt-get install -y \
+  docker-ce docker-ce-cli containerd.io
+
+docker pull analogic/poste.io
+docker run \
+  --detach \
+  --restart always \
+  --name 'mailserver' \
+  --hostname 'mail.dym.sh' \
+  --publish 25:25 \
+  --publish 465:465 \
+  --publish 587:587 \
+  --publish 993:993 \
+  --publish 4190:4190 \
+  --publish 12080:80 \
+  --publish 12443:443 \
+  --volume /etc/localtime:/etc/localtime:ro \
+  --volume /var/mail/data:/data \
+  --tty analogic/poste.io
+
+
+# # hypercore
+# npm i -g @hyperspace/cli
+# hyp daemon start
+# echo "`crontab -l`
+# @reboot /usr/local/bin/hyp daemon start
+# " | crontab -
+
+
+# assign hostname
+hostname 'dym.sh'
+echo 'dym.sh' > /etc/hostname
+
+
+# no logs
+systemctl stop rsyslog.service
+systemctl disable rsyslog.service

_installs/apache.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/zsh
+
+sudo mv /etc/apache2/sites-available  /etc/apache2/sites-available_bak
+sudo mv /etc/apache2/sites-enabled    /etc/apache2/sites-enabled_bak
+
+sudo ln -s /Cfg/apache/conf /etc/apache2/sites-available --force
+sudo ln -s /Cfg/apache/conf /etc/apache2/sites-enabled --force
+
+sudo systemctl restart apache2.service

_installs/certbot.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/zsh
+
+sudo apt-get remove -y \
+  python3-cryptography
+
+pip3 install \
+  certbot \
+  cryptography
+
+
+certbot certonly \
+  -d 'source.garden' \
+  -d '*.source.garden' \
+  --email 'certbot+source.garden@dym.sh' \
+  --agree-tos \
+  --manual-public-ip-logging-ok \
+  --renew-by-default \
+  --rsa-key-size 4096 \
+  --no-bootstrap \
+  --manual \
+  --preferred-challenges dns-01 \
+  --server https://acme-v02.api.letsencrypt.org/directory
+
+
+certbot certonly \
+  -d 'dym.sh' \
+  -d '*.dym.sh' \
+  --email 'certbot+dym.sh@dym.sh' \
+  --agree-tos \
+  --manual-public-ip-logging-ok \
+  --renew-by-default \
+  --rsa-key-size 4096 \
+  --no-bootstrap \
+  --manual \
+  --preferred-challenges dns-01 \
+  --server https://acme-v02.api.letsencrypt.org/directory
+
+
+# check every month and on server-restart
+echo '
+# letsencrypt renews
+1 1 1 * * letsencrypt renew --nginx --quiet
+@reboot letsencrypt renew --nginx --quiet
+' >> /etc/crontab
+
+#
+systemctl restart cron.service

_installs/docker.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/zsh
+
+# remove old versions
+sudo apt-get remove -y \
+  docker docker-engine \
+  docker.io containerd runc
+
+
+# install surrounding necessities
+sudo apt-get update -y
+
+sudo apt-get install -y \
+  apt-transport-https \
+  ca-certificates \
+  curl \
+  gnupg \
+  lsb-release
+
+
+# docker.com key file
+curl -fsSL 'https://download.docker.com/linux/ubuntu/gpg' \
+  | sudo gpg --dearmor -o \
+    '/usr/share/keyrings/docker-archive-keyring.gpg'
+
+
+# # the `lsb_release` prints linux-mint's codename
+# # of which docker has no idea, so
+U='UBUNTU_CODENAME='
+DISTRO=`cat '/etc/os-release' | grep "$U"`
+if [ ! -z "$DISTRO" ]; then
+  DISTRO="${DISTRO/$U/}"
+else
+  DISTRO=`lsb_release -cs`
+fi
+echo "DISTRO: '$DISTRO'"
+
+# add docker apt
+echo "
+deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
+https://download.docker.com/linux/ubuntu \
+$DISTRO stable \
+" | sudo tee /etc/apt/sources.list.d/docker.list
+
+
+# update sources
+sudo apt update -y
+
+# check avaliable versions
+apt-cache \
+  madison docker-ce
+
+# install docker
+sudo apt install -y \
+  docker-ce docker-ce-cli containerd.io docker-compose
+
+
+# manage rootless
+sudo groupadd docker
+sudo usermod -aG docker $USER
+# logout from command line (open new terminal tab/window)
+newgrp docker
+docker run hello-world
+
+# ubuntu desktop
+curl https://desktop-stage.docker.com/linux/main/amd64/77103/docker-desktop.deb --output docker-desktop.deb
+sudo apt install ./docker-desktop.deb
+systemctl --user start docker-desktop
+
+
+
+
+# image of OSX
+# 40GB disk space required: 20GB original image 20GB your container.
+docker pull sickcodes/docker-osx:auto
+
+# boot directly into a real OS X shell with a visual display [NOT HEADLESS]
+docker run -it \
+    --device /dev/kvm \
+    -p 50922:10022 \
+    -v /tmp/.X11-unix:/tmp/.X11-unix \
+    -e "DISPLAY=${DISPLAY:-:0.0}" \
+    -e GENERATE_UNIQUE=true \
+    sickcodes/docker-osx:auto
+
+# username is user
+# passsword is alpine

_installs/fojego.sh

@@ -0,0 +1,51 @@
+apt-get install -y \
+  git git-lfs
+
+wget https://codeberg.org/forgejo/forgejo/releases/download/v1.19.3-0/forgejo-1.19.3-0-linux-amd64
+chmod +x forgejo-1.19.3-0-linux-amd64
+
+gpg --keyserver keys.openpgp.org --recv EB114F5E6C0DC2BCDD183550A4B61A2DC5923710
+wget https://codeberg.org/forgejo/forgejo/releases/download/v1.19.3-0/forgejo-1.19.3-0-linux-amd64.asc
+gpg --verify forgejo-1.19.3-0-linux-amd64.asc forgejo-1.19.3-0-linux-amd64
+
+mv forgejo-1.19.3-0-linux-amd64 /usr/local/bin/forgejo
+chmod 755 /usr/local/bin/forgejo
+
+
+groupadd --system git
+
+adduser --system --shell /bin/bash --comment 'Git Version Control' \
+   --gid git --home-dir /home/git --create-home git
+
+mkdir /var/lib/forgejo
+chown git:git /var/lib/forgejo \
+  && chmod 750 /var/lib/forgejo
+
+mkdir /usr/local/bin/data
+chown root:git /usr/local/bin/data \
+	&& chmod 770 /usr/local/bin/data
+
+mkdir /usr/local/bin/log
+chown root:git /usr/local/bin/log \
+	&& chmod 770 /usr/local/bin/log
+
+mkdir /usr/local/bin/custom
+chown root:git /usr/local/bin/custom \
+	&& chmod 770 /usr/local/bin/custom
+
+mkdir /etc/forgejo
+chown root:git /etc/forgejo \
+  && chmod 770 /etc/forgejo
+
+
+wget -O \
+  /etc/systemd/system/forgejo.service \
+  'https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/contrib/systemd/forgejo.service'
+
+# If you’re not using sqlite, but MySQL or MariaDB or PostgreSQL, you’ll have to edit that file (/etc/systemd/system/forgejo.service) and uncomment the corresponding Wants= and After= lines. Otherwise it should work as it is.
+
+systemctl enable forgejo.service
+systemctl start forgejo.service
+
+# open http://source.garden:3000
+

_installs/gotosocial.sh

@@ -0,0 +1,30 @@
+
+mkdir -p /gotosocial/storage/certs
+cd  /gotosocial
+
+wget 'https://github.com/superseriousbusiness/gotosocial/releases/download/v0.10.0-rc3/gotosocial_0.10.0-rc3_linux_amd64.tar.gz'
+tar -xf gotosocial_*
+
+cp ./example/config.yaml .
+nano ./config.yaml
+
+./gotosocial --config-path ./config.yaml server start
+
+./gotosocial --config-path ./config.yaml admin account create --username dym --email dym@dym.sh --password '!TEST_123'
+
+./gotosocial --config-path ./config.yaml admin account promote --username dym
+
+
+useradd -r gotosocial
+groupadd gotosocial
+usermod -a -G gotosocial gotosocial
+chown -R gotosocial:gotosocial /gotosocial
+
+cp /gotosocial/example/gotosocial.service /etc/systemd/system/
+systemctl enable --now gotosocial.service
+killall gotosocial
+# nohup ./gotosocial --config-path ./config.yaml server start  </dev/null &
+systemctl start gotosocial.service
+
+
+curl -L https://dym.sh/.well-known/webfinger\?resource\=acct:dym@dym.com

_installs/nextcloud.sh

@@ -0,0 +1,15 @@
+curl -fsSL https://get.docker.com | sudo sh
+
+sudo docker run \
+--sig-proxy=false \
+--name nextcloud-aio-mastercontainer \
+--restart always \
+--publish 80:80 \
+--publish 8080:8080 \
+--publish 8443:8443 \
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+--volume /var/run/docker.sock:/var/run/docker.sock:ro \
+nextcloud/all-in-one:latest
+
+
+firefox 'https://<server>:8080'

_installs/nodejs.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/zsh
+
+
+# optional: remove old installs
+sudo apt purge -y \
+  nodejs npm
+sudo apt autoremove -y
+
+sudo rm /usr/bin/node
+sudo rm /usr/bin/npm
+sudo rm -rf /usr/share/npm
+sudo rm -rf /usr/share/nodejs
+
+
+# install node + npm
+wget -O 'node.xz' \
+  'https://nodejs.org/dist/v18.16.0/node-v18.16.0-linux-x64.tar.xz'
+tar -xf 'node.xz'
+rm 'node.xz'
+sudo mv node-v18.16.0-linux-x64/bin/* /usr/local/bin/
+sudo mv node-v18.16.0-linux-x64/lib/node_modules/ /usr/local/lib/
+
+sudo mkdir -p  \
+  '/usr/lib/nodejs' \
+  '/usr/lib/node_modules'
+
+
+# fix permissions
+sudo chown -R $USER:$USER \
+  '/usr/local' \
+  '/usr/share' \
+  '/usr/lib/nodejs' \
+  '/usr/lib/node_modules'
+
+
+# install version manager
+npm i -g n
+
+# bump node to latest LTS version
+n lts
+
+# update npm
+npm i -g npm

_installs/postgres.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/zsh
+
+# Postgres
+
+# the `lsb_release` prints linux-mint's codename
+# of which pg has no idea, so
+U='UBUNTU_CODENAME='
+DISTRO=`cat '/etc/os-release' | grep "$U"`
+if [ ! -z "$DISTRO" ]; then
+  DISTRO="${DISTRO/$U/}"
+else
+  DISTRO=`lsb_release -cs`
+fi
+echo "DISTRO: '$DISTRO'"
+
+
+SRC="deb http://apt.postgresql.org/pub/repos/apt $DISTRO-pgdg main"
+sudo sh -c \
+  "echo '$SRC' > /etc/apt/sources.list.d/pgdg.list"
+
+wget --quiet -O - 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' \
+  | sudo apt-key add -
+
+curl -sS 'https://www.postgresql.org/media/keys/ACCC4CF8.asc' \
+  | gpg --dearmor \
+  | sudo tee /etc/apt/trusted.gpg.d/postgresql.gpg
+
+sudo apt update -y
+sudo apt install -y \
+  postgresql-14
+
+psql --version
+
+sudo systemctl start \
+  postgresql-14 postgresql-client-14
+
+sudo nano /etc/postgresql/14/main/pg_hba.conf
+# `local all all trust`
+
+sudo systemctl restart postgresql.service
+
+psql -U postgres
+```
+ALTER USER postgres WITH PASSWORD 'postgres';
+exit;
+```

_installs/rust.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/zsh
+
+# rust & co
+
+# install road-1
+sudo apt install -y \
+  cmake pkg-config python3 \
+  openssl libssl1.1 libssl-dev \
+  libfreetype6-dev \
+  libfontconfig1-dev \
+  libxcb-xfixes0-dev \
+  libdbus-1-dev
+
+  # libgtk-3-dev \
+  # libgtksourceview-4.0-dev \
+  # webkit2gtk-4.0 \
+  # libappindicator3-dev \
+  # libwebkit2gtk-4.0-dev \
+  # libudev-dev \
+  # libevdev-dev \
+  # libhidapi-dev \
+  # liblua5.4-dev
+
+
+# install road-2
+curl --proto '=https' --tlsv1.2 -sSf \
+  https://sh.rustup.rs \
+  | sh -s -- --default-toolchain none -y
+
+source $HOME/.cargo/env
+
+rustup toolchain install nightly \
+  --allow-downgrade \
+  --profile minimal \
+  --component clippy
+
+rustup default nightly
+
+env LIBSSH2_SYS_USE_PKG_CONFIG='' \
+  cargo install \
+    cargo-update
+
+## cargo apps
+cargo install \
+  xh bat exa fd-find \
+  broot jql sd \
+  xargo

_installs/sftp.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/zsh
+
+apt install ssh
+
+nano /etc/ssh/sshd_config
+```cfg
+Match group sftp
+ChrootDirectory /home
+X11Forwarding no
+AllowTcpForwarding no
+ForceCommand internal-sftp
+```
+
+systemctl restart ssh
+addgroup sftp
+useradd -m sftpuser -g sftp
+passwd sftpuser
+chmod 700 /home/sftpuser/
+
+sftp sftpuser@127.0.0.1
+
+open sftp://127.0.0.1

_installs/suitcrm.sh

@@ -0,0 +1,7 @@
+
+
+cd /var/www/crm
+find . -type d -not -perm 2755 -exec chmod 2755 {} \;
+find . -type f -not -perm 0644 -exec chmod 0644 {} \;
+find . ! -user www-data -exec chown www-data:www-data {} \;
+chmod +x bin/console

mysql/_install.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/zsh
+
+sudo apt install -y \
+  mysql-server
+
+sudo systemctl start mysql.service
+
+sudo mysql_secure_installation
+sudo mysql
+
+systemctl status mysql.service
+
+
+sudo ln -s \
+  '/Cfg/mysql/my.cnf' \
+  '/etc/mysql/my.cnf' --force
+
+sudo chown mysql:mysql /etc/mysql/my.cnf
+sudo chmod 0640 /etc/mysql/my.cnf
+
+sudo killall -9 mysql_secure_installation
+# sudo mysql
+sudo mysql -u root --skip-password
+
+```
+ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'my very strong password !123';
+CREATE USER 'admin'@'localhost' IDENTIFIED BY 'my very strong password !123';
+GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost';
+FLUSH PRIVILEGES;
+EXIT;
+```
+
+
+sudo chown -R mysql /var/lib/mysql
+sudo chgrp -R mysql /var/lib/mysql
+sudo chmod 755 /var/lib/mysql

mysql/bak.sh

@@ -0,0 +1,2 @@
+mysqldump -u root --skip-password --all-databasaes \
+  > db_local.sql

mysql/my.cnf

@@ -0,0 +1,25 @@
+# /etc/mysql/my.cnf
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#   The files must end with '.cnf', otherwise they'll be ignored.
+#
+
+!includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mysql.conf.d/
+
+[mysqld]
+sql-mode="ALLOW_INVALID_DATES,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION"

mysql/mysql-5.7.sh

@@ -0,0 +1,21 @@
+wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
+sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29
+sudo dpkg -i mysql-apt-config_0.8.12-1_all.deb
+sudo apt-get update -y
+sudo apt-cache policy mysql-server
+sudo apt-get install -y \
+  -f 'mysql-client=5.7*' 'mysql-community-server=5.7*' 'mysql-server=5.7*'
+
+sudo chown -R mysql:mysql /var/lib/mysql/
+sudo chmod -R 755 /var/lib/mysql/
+
+sudo systemctl restart mysql.service
+
+sudo chown -R www-data:www-data /var/www
+
+
+dpkg -i ./mysql-common_5.7.42-1debian10_amd64.deb
+dpkg -i ./mysql-community-client_5.7.42-1debian10_amd64.deb
+dpkg -i ./mysql-client_5.7.42-1debian10_amd64.deb
+dpkg -i ./mysql-community-server_5.7.42-1debian10_amd64.deb
+dpkg -i ./mysql-community-server-dbgsym_5.7.42-1debian10_amd64.deb

mysql/mysql_wordpress.sh

@@ -0,0 +1,16 @@
+# mysql
+apt-get install -y \
+  mysql-server
+
+systemctl start mysql.service
+mysql_secure_installation
+systemctl status mysql.service
+
+mysql -u root
+```sql
+CREATE DATABASE wp;
+CREATE USER 'db_admin'@'localhost' IDENTIFIED BY 'BjMPUpXtlUBHSr=l-TWYKHwCI7DPjF1YJMo2qpjW8LQI3Rk=EVKevexq6r3b+c6Ggf-cpk65nB-m8w=2';
+GRANT ALL PRIVILEGES ON wp.* TO 'db_admin'@'localhost';
+FLUSH PRIVILEGES;
+EXIT;
+```

nginx/_install.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/zsh
+
+sudo apt install -y \
+  nginx \
+  nginx-extras
+
+mkdir -p /etc/nginx/ssl/
+openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
+  -keyout /etc/nginx/ssl/nginx.key \
+  -out /etc/nginx/ssl/nginx.crt
+
+openssl dhparam -out /etc/nginx/dhparam.pem 4096

nginx/dym.sh--gts.conf

@@ -0,0 +1,56 @@
+server {
+  server_name  dym.sh;
+  listen       80;
+  listen       [::]:80;
+
+  location ~ /\.well-known/acme-challenge {
+    root       /var/lib/letsencrypt/;
+  }
+  location / {
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+    return     301 https://$server_name$request_uri;
+  }
+}
+
+server {
+  server_name dym.sh;
+  listen                    443 ssl http2;
+  listen                    [::]:443 ssl http2;
+
+  ssl_trusted_certificate   /etc/letsencrypt/live/dym.sh/chain.pem;
+  ssl_certificate           /etc/letsencrypt/live/dym.sh/fullchain.pem;
+  ssl_certificate_key       /etc/letsencrypt/live/dym.sh/privkey.pem;
+
+
+  location ~* ^\/(rss\/|feed\.xml|feed\.rss)$ {
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+    return     301 https://$server_name/rss;
+  }
+
+  location ~* \/\.?rss$ {
+    types { } default_type "application/rss+xml; charset=utf-8";
+    root       /var/www/dym.sh/;
+  }
+
+  location / {
+    root       /var/www/dym.sh/;
+    try_files
+      $uri
+      $uri/
+      @gts;
+  }
+
+  client_max_body_size 2000M;
+  proxy_pass_request_headers on;
+
+  location @gts {
+    # set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
+    proxy_pass http://127.0.0.1:10099;
+    proxy_set_header Host $host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+  }
+
+}

nginx/ipv6.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/zsh
+
+# enable_ipv6
+
+ip addr add 2a02:c206:3009:9964::1/112 dev eth0
+ip -6 addr show
+
+ip route add default via fe80::1 dev eth0
+ip -6 route show
+
+ping -6 2a02:c206:3009:9964::1

nginx/mailcow.conf

@@ -0,0 +1,43 @@
+server {
+    listen 80 default_server;
+    listen [::]:80;
+    server_name   mail.*;
+
+    # For SSL domain validation
+    root /var/www/html;
+    location /.well-known/acme-challenge/ { allow all; }
+    location /.well-known/pki-validation/ { allow all; }
+    location / { return 301 https://$server_name$request_uri; }
+}
+
+server {
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2;
+    server_name         mail.*;
+
+    ssl_certificate     /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
+    ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
+    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+    ssl_ecdh_curve      secp384r1;
+
+    ssl_session_timeout 7d;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers               'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!DH:!ADH:!EDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!AES256-GCM-SHA384';
+
+    # Change to your upload limit
+    client_max_body_size 500m;
+
+    location / {
+        proxy_pass http://127.0.0.1:10080;
+        proxy_buffer_size 128k;
+        proxy_buffers 64 512k;
+        proxy_busy_buffers_size 512k;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        client_max_body_size 0;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_redirect off;
+    }
+}

nginx/nginx.conf

@@ -0,0 +1,71 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+  worker_connections 768;
+  # multi_accept on;
+}
+
+http {
+  error_log /var/log/nginx/error.log;
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+  # server_tokens off;
+
+  server_names_hash_bucket_size 128;
+  # server_name_in_redirect off;
+
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+
+  client_max_body_size 1024m;
+
+  ssl_session_timeout       1d;
+  ssl_session_cache         shared:MozSSL:10m;
+  ssl_session_tickets       off;
+  ssl_protocols             TLSv1.2 TLSv1.3;
+  ssl_ciphers               "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+  ssl_prefer_server_ciphers off;
+  ssl_ecdh_curve            X25519:prime256v1:secp384r1:secp521r1;
+  ssl_stapling              on;
+  ssl_stapling_verify       on;
+
+  gzip                      on;
+  gzip_vary                 on;
+  gzip_proxied              any;
+  gzip_comp_level           6;
+  gzip_buffers              16 8k;
+  gzip_http_version         1.1;
+
+  gzip_types                application/activity+json
+                            application/atom+xml
+                            application/javascript
+                            application/json
+                            application/manifest+json
+                            application/rss+xml
+                            application/xml
+                            text/cache-manifest
+                            text/calendar
+                            text/css
+                            text/javascript
+                            text/markdown
+                            text/plain
+                            text/vcard
+                            text/vnd.wap.wml
+                            text/vtt
+                            text/x-component
+                            text/xml
+                            ;
+
+  index index.html;
+
+  include /etc/nginx/conf.d/*.conf;
+  include /etc/nginx/sites-enabled/*;
+}

nginx/poste.conf

@@ -0,0 +1,19 @@
+server {
+  server_name  mx.dym.sh;
+  listen       80;
+  listen       [::]:80;
+
+  location ~ /\.well-known/acme-challenge {
+    root       /var/lib/letsencrypt/;
+  }
+}
+
+server {
+  server_name mx.dym.sh;
+  listen                    443 ssl http2;
+  listen                    [::]:443 ssl http2;
+
+  ssl_trusted_certificate   /etc/letsencrypt/live/dym.sh/chain.pem;
+  ssl_certificate           /etc/letsencrypt/live/dym.sh/fullchain.pem;
+  ssl_certificate_key       /etc/letsencrypt/live/dym.sh/privkey.pem;
+}

nginx/source.garden.conf

@@ -0,0 +1,43 @@
+server {
+  server_name  source.garden;
+  listen       80;
+  listen       [::]:80;
+
+  location ~ /\.well-known/acme-challenge {
+    root       /var/lib/letsencrypt/;
+  }
+  location / {
+    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+    return     301 https://$server_name$request_uri;
+  }
+}
+
+server {
+  server_name source.garden;
+  listen                    443 ssl http2;
+  listen                    [::]:443 ssl http2;
+
+  ssl_trusted_certificate   /etc/letsencrypt/live/source.garden-0002/chain.pem;
+  ssl_certificate           /etc/letsencrypt/live/source.garden-0002/fullchain.pem;
+  ssl_certificate_key       /etc/letsencrypt/live/source.garden-0002/privkey.pem;
+
+  location / {
+    root       /var/www/source.garden/;
+    try_files
+      $uri
+      $uri/
+      @forgejo;
+  }
+
+  location @forgejo {
+    # set to 127.0.0.1 instead of localhost to work around https://stackoverflow.com/a/52550758
+    proxy_pass http://127.0.0.1:3000;
+    proxy_set_header Host $host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+  }
+
+  client_max_body_size 2000M;
+}

poste-io/@reboot.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/zsh
+
+# clear port 25 for landing
+# lsof -i :25
+pkill sendmail
+
+# stop and remove old container
+docker stop mailserver
+docker rm `docker ps -a -q`
+docker container rm -f `docker ps -a -q`
+docker container prune
+# update container
+docker pull analogic/poste.io
+
+# start
+docker run \
+  --detach \
+  --restart always \
+  --name 'mailserver' \
+  --hostname 'mx.dym.sh' \
+  --publish 25:25 \
+  --publish 143:143 \
+  --publish 587:587 \
+  --publish 993:993 \
+  --publish 4190:4190 \
+  --publish 12080:80 \
+  --publish 12443:443 \
+  --volume /etc/localtime:/etc/localtime:ro \
+  --volume /var/mail/data:/data \
+  --tty analogic/poste.io

poste-io/_install.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/zsh
+
+# start poste-io now to configure and such
+`pwd`/@reboot.sh
+
+# admin settings
+firefox https://mail.<DOMAIN>.<TLD>:12443/admin/install/server
+
+
+# start poste-io on reboot
+mkdir -p '/home/scripts/'
+cp `pwd`/@reboot.sh '/home/scripts/mailserver.sh'
+
+echo "`crontab -l`
+@reboot /home/scripts/mailserver.sh" \
+  | crontab -

poste-io/docker.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/zsh
+
+# remove old versions
+sudo apt-get remove -y \
+  docker docker-engine \
+  docker.io containerd runc
+
+
+# install surrounding necessities
+sudo apt-get update -y
+
+sudo apt-get install -y \
+  apt-transport-https \
+  ca-certificates \
+  curl \
+  gnupg \
+  lsb-release
+
+
+# docker.com key file
+curl -fsSL 'https://download.docker.com/linux/ubuntu/gpg' \
+  | sudo gpg --dearmor -o \
+    '/usr/share/keyrings/docker-archive-keyring.gpg'
+
+
+# # the `lsb_release` prints linux-mint's codename
+# # of which docker has no idea, so
+U='UBUNTU_CODENAME='
+DISTRO=`cat '/etc/os-release' | grep "$U"`
+if [ ! -z "$DISTRO" ]; then
+  DISTRO="${DISTRO/$U/}"
+else
+  DISTRO=`lsb_release -cs`
+fi
+echo "DISTRO: '$DISTRO'"
+
+# add docker apt
+echo "
+deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
+https://download.docker.com/linux/ubuntu \
+$DISTRO stable \
+" | sudo tee /etc/apt/sources.list.d/docker.list
+
+
+# update sources
+sudo apt-get update -y
+
+# check avaliable versions
+apt-cache \
+  madison docker-ce
+
+# install docker
+sudo apt-get install -y \
+  docker-ce docker-ce-cli containerd.io docker-compose
+
+
+# manage rootless
+sudo groupadd docker
+sudo usermod -aG docker $USER
+# logout from command line (open new terminal tab/window)
+newgrp docker
+docker run hello-world
+
+# ubuntu desktop
+curl https://desktop-stage.docker.com/linux/main/amd64/77103/docker-desktop.deb --output docker-desktop.deb
+sudo apt-get install ./docker-desktop.deb
+systemctl --user start docker-desktop
+
+
+
+
+# image of OSX
+# 40GB disk space required: 20GB original image 20GB your container.
+docker pull sickcodes/docker-osx:auto
+
+# boot directly into a real OS X shell with a visual display [NOT HEADLESS]
+docker run -it \
+    --device /dev/kvm \
+    -p 50922:10022 \
+    -v /tmp/.X11-unix:/tmp/.X11-unix \
+    -e "DISPLAY=${DISPLAY:-:0.0}" \
+    -e GENERATE_UNIQUE=true \
+    sickcodes/docker-osx:auto
+
+# username is user
+# passsword is alpine

sendmail/@reboot.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/zsh
+
+sudo mkdir -p /var/run/sendmail/
+sudo chown -R root:smmsp /var/run/sendmail/
+sudo chmod -R 755 /var/run/sendmail/

sendmail/_install.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/zsh
+
+
+# congig
+mkdir -p '/home/scripts/'
+cp `pwd`/@reboot.sh '/home/scripts/sendmail.sh'
+
+# on reboot
+echo "`crontab -l`
+@reboot /home/scripts/sendmail.sh" \
+  | crontab -
+
+
+# make sure it can create temporarary lock files
+sudo chmod -R a-x /var/spool/
+sudo mkdir /tmp
+sudo chmod 0777 /tmp
+sudo chmod +t /tmp
+
+
+# test now
+/home/scripts/sendmail.sh