149 lines
4.9 KiB
Bash
Executable file
149 lines
4.9 KiB
Bash
Executable file
#!/bin/bash
|
|
#
|
|
# curlcheck: https://playterm.org
|
|
# curlcheck: https://electribrary.electribers.com
|
|
# curlcheck: https://2wa.isvery.ninja
|
|
|
|
disk(){
|
|
space(){
|
|
df -h | awk '$6 ~ /^\/$/ {print $3" total used ("$5") of "$4}'
|
|
#echo '-------'
|
|
#ls /home | while read user; do du -hs /home/$user; done
|
|
}
|
|
"$@"
|
|
}
|
|
|
|
health(){
|
|
echo "URL ONLINE SSL TIME"
|
|
echo "- - - -"
|
|
awk '/^# curlcheck: / {print $3}' $0 | while read url; do
|
|
printf "%s" "$url" | sed 's|.*://||g'
|
|
curl -v -w 'Total: %{time_total}s\n' ${url} 2>&1 | \
|
|
awk '
|
|
BEGIN{
|
|
err="\033[5m\033[36;5;94m❌\033[0m"
|
|
ok="\033[1;36m♥\033[0m"
|
|
c["SSL"]=err
|
|
c["ONL"]=ok
|
|
c["TIM"]="?"
|
|
}
|
|
/SSL certificate verify ok/ {c["SSL"]=ok }
|
|
/Could not resolve host:/ {c["ONL"]=err }
|
|
/^Total: / {c["TIM"]=$2 }
|
|
END { printf "\r\t\t\t\t"c["ONL"]" "c["SSL"]" "c["TIM"]"\n" }
|
|
'
|
|
done
|
|
}
|
|
|
|
init(){
|
|
grep ulimit /etc/profile || echo 'ulimit -n 65535 || true' >> /etc/profile # compensate alpine's low fd's
|
|
}
|
|
|
|
proxy(){
|
|
install(){
|
|
echo -e "\n[forwarded ports]" > .ports
|
|
iptables -t nat -F # flush
|
|
iptables -t nat -X # flush
|
|
iptables -F # flush
|
|
ip6tables -F -t nat# flush
|
|
ip6tables -F # flush
|
|
ip6tables -X # flush
|
|
ip6tables -t nat -F
|
|
ip6tables -t nat -X
|
|
ip_external=$(curl -s https://checkip.amazonaws.com)
|
|
ipv6_external=$(ip addr | awk '/inet6.*scope global/ { print $2 }')
|
|
# proxies
|
|
proxyport(){
|
|
printf " %-5s => %-10s [%s]\n" $1 $2 $3 >> .ports
|
|
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $1 -j REDIRECT --to-ports $2
|
|
#ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport $1 -j REDIRECT --to-ports $2
|
|
#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport $1 -j REDIRECT --to-ports $2
|
|
iptables -t nat -I OUTPUT -p tcp -d $ip_external --dport $1 -j REDIRECT --to-ports $2 # reverse ip
|
|
#ip6tables -t nat -I OUTPUT -p tcp -d $ipv6_external --dport $1 -j REDIRECT --to-ports $2 # reverse ip
|
|
ip6tables -A INPUT -p tcp --dport $1 -j ACCEPT
|
|
ip6tables -A OUTPUT -p tcp --dport $1 -j ACCEPT
|
|
#iptables -t nat -A POSTROUTING -p tcp --dport $2 -j MASQUERADE
|
|
#iptables -t nat -A POSTROUTING -p tcp --dport $2 -j MASQUERADE
|
|
}
|
|
proxyport 80 8080 nginx-proxy-manager
|
|
#proxyport 81 8181 nginx-proxy-manager
|
|
proxyport 443 4443 nginx-proxy-manager
|
|
#proxyport 993 9993 stalwart-mail
|
|
#proxyport 25 2225 stalwart-mail
|
|
#proxyport 465 4465 stalwart-mail
|
|
#proxyport 587 5587 nodered
|
|
#proxyport 25 5587 nodered
|
|
|
|
# block port 3000 (nginx-proxy-manager exposes it)
|
|
iptables -A INPUT -p tcp -d $ip_external --dport 3000 -j REJECT
|
|
ip6tables -A INPUT -p tcp -d $ip_external --dport 3000 -j REJECT --reject-with icmp6-adm-unreach-3
|
|
|
|
# block port 25
|
|
#iptables -A INPUT -p tcp -d $ip_external --dport 25 -j REJECT
|
|
#ip6tables -A INPUT -p tcp -d $ip_external --dport 25-j REJECT
|
|
|
|
# block irc 0.0.0.0:6667 port except for nodered docker
|
|
iptables -A INPUT -i lo -p tcp --dport 6667 -j ACCEPT
|
|
iptables -A INPUT -s 10.0.2.2 -p tcp --dport 6667 -j ACCEPT
|
|
iptables -A INPUT -p tcp --dport 6667 -j REJECT
|
|
ip6tables -A INPUT -i lo -j ACCEPT
|
|
ip6tables -A INPUT -s fd00::/64 -p tcp --dport 6667 -j ACCEPT
|
|
ip6tables -A INPUT -p tcp --dport 6667 -j REJECT
|
|
|
|
# rateliming per ip
|
|
#iptables --new-chain RATE-LIMIT
|
|
#iptables --append RATE-LIMIT \
|
|
# --match hashlimit \
|
|
# --hashlimit-mode srcip \
|
|
# --hashlimit-upto 50/sec \
|
|
# --hashlimit-burst 20 \
|
|
# --hashlimit-name conn_rate_limit \
|
|
# --jump ACCEPT
|
|
#iptables --append RATE-LIMIT --jump DROP
|
|
rc-update add iptables
|
|
rc-update add ip6tables
|
|
/etc/init.d/iptables save
|
|
/etc/init.d/ip6tables save
|
|
}
|
|
|
|
clear
|
|
"$@"
|
|
{
|
|
iptables -t nat -L -n -v
|
|
iptables -L
|
|
ip6tables -L
|
|
} | more
|
|
cat .ports
|
|
}
|
|
|
|
logs(){
|
|
tail -qf /home/2wa/nginx-proxy-manager/data/log/*.log | grep -v favicon | sed 's|\] \[.*|]|g'
|
|
}
|
|
|
|
backup(){
|
|
cd /root
|
|
echo "$(date) ./admin backup [start]" >> .cron.log
|
|
BACKUP=backup-2wa.isvery.ninja.zip
|
|
crontab -l > crontab.root.txt
|
|
apk list -i > alpine.packages.txt
|
|
echo "$(su -c 'crontab -l' 2wa)" > crontab.2wa.txt
|
|
nice -n 19 /usr/bin/ionice -c2 -n7 zip -r $BACKUP \
|
|
/root/admin /root/crontab.* /root/alpine*.txt /root/.ssh \
|
|
/home/2wa/.ssh /home/2wa/.config /home/2wa/nginx-proxy-manager/{app.sh,data,*.key} \
|
|
/home/2wa/weechat-redbean \
|
|
/home/2wa/invoiceninja \
|
|
/home/2wa/mailtrain \
|
|
/home/2wa/stalwart-mail \
|
|
/home/2wa/node-red \
|
|
/home/2wa/ntfy \
|
|
/home/2wa/portsleep* \
|
|
/home/2wa/tcgi* \
|
|
/home/2wa/stats \
|
|
-x '*.log.*' -x '*.weecha*' -x 'postfix/*' | awk '{ printf( "\r"$0 ) } END{ print ""}'
|
|
ls -lah $BACKUP
|
|
rclone copy $BACKUP stack:backup/. --progress
|
|
echo "$(date) ./admin backup [stop]" >> /root/.cron.log
|
|
}
|
|
|
|
test -z $1 && { echo "Usage: "; grep '(){' $0; }
|
|
"$@"
|