groundcat

#!/usr/bin/env bash
# ------------------------------------------------------------------------------
# cf-nginx-restrict.sh
# Restricts nginx to accept connections ONLY from Cloudflare IPs (v4 + v6),
# while also allowing localhost / loopback access.
#
# Applies globally across ALL vhosts via /etc/nginx/conf.d/cloudflare-only.conf
# Safe to re-run: always fetches fresh IPs, diffs, updates only if changed.
# Requires: nginx, curl. Tested on Debian/Ubuntu.
# Run as root.

groundcat

#!/usr/bin/env bash
set -Eeuo pipefail

SSH_CONFIG="/etc/ssh/sshd_config"
AUTHORIZED_KEYS="/root/.ssh/authorized_keys"
F2B_JAIL_LOCAL="/etc/fail2ban/jail.local"

log() {
    printf '[*] %s\n' "$*"
}

groundcat

#!/bin/bash
# Route64 Tunnel Hub Latency Tester
# https://route64.org — tests all available Route64 tunnel hubs (IPv4)

# ── Colours ────────────────────────────────────────────────────────────────
RED='\033[0;31m'; YELLOW='\033[1;33m'; GREEN='\033[0;32m'
BOLD='\033[1m';   DIM='\033[2m';       RESET='\033[0m'

# ── Server list: "Region|Display name|IPv4" ─────────────────────────────────
SERVERS=(

groundcat

Migrating a glitch-soc Server to a New Machine

This guide walks through moving an existing glitch-soc instance from one server to another with minimal data loss. Expect some downtime during the migration window.

Note: This guide assumes Ubuntu 24.04 or Debian 13 on both machines. Adjust commands as needed for other setups.

---

Overview

groundcat

Installing glitch-soc from Source

glitch-soc is a feature-rich fork of Mastodon. Its installation process mirrors Mastodon's closely, with a few key differences when checking out the source code and deploying.

---

Pre-requisites

• A machine running Ubuntu 24.04 or Debian 13 with root access
• A domain name (or subdomain) for your server, e.g. example.com

groundcat

#!/bin/bash
# Hurricane Electric Tunnel Server Latency Tester
# https://tunnelbroker.net — tests all available HE.net PoPs
# Servers marked "Not Available (Full)" are excluded.

# ── Colours ──────────────────────────────────────────────────────────────────
RED='\033[0;31m'; YELLOW='\033[1;33m'; GREEN='\033[0;32m'
BOLD='\033[1m';   DIM='\033[2m';       RESET='\033[0m'

# ── Server list: "Region|Display name|IP" ────────────────────────────────────

groundcat

dns1.registrar-servers.com
dns2.registrar-servers.com
ns1.dns-parking.com
ns2.dns-parking.com
ns-cloud-a1.googledomains.com
ns-cloud-a2.googledomains.com
ns-cloud-e1.googledomains.com
ns-cloud-e2.googledomains.com
ns-cloud-e3.googledomains.com
ns-cloud-e4.googledomains.com

groundcat

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
sysctl net.ipv4.tcp_available_congestion_control
lsmod | grep bbr

groundcat

apt update && apt upgrade -y && apt install -y fail2ban && printf "[DEFAULT]\ndestemail = your@email.here\nsendername = Fail2Ban\n\n[sshd]\nenabled = true\nport = 22\nmode = aggressive\n" | tee /etc/fail2ban/jail.local >/dev/null && systemctl restart fail2ban

groundcat

sudo nano /usr/local/bin/namingo-backup.sh

sudo chmod +x /usr/local/bin/namingo-backup.sh
sudo /usr/local/bin/namingo-backup.sh

sudo crontab -e

Add this line: