Since every time I am about to install Vim I forgot how to set it up, set it as default system wide text editor and so on I figure I’ll write it down once and for all. First of all let’s install Vim, specifically the so called enhanced version which is capable of loading plugins and colorschemes: [user@Fedora ~]# sudo dnf install vim ### powerline plugin [user@Fedora ~]# sudo dnf install vim-plugin-powerline I personally really like molokay colorscheme from tomasr; putting it in the default colorscheme directory does the trick if we want to use it for every user. …

Fail2ban is a useful tool capable of mitigating brute force attacks performed against a multitude of services (ejabberd in our case). Configuration is split between a multitude of files: jail.conf defines which filters are active while the filters scripts are placed in ./filter.d directory. [root@CentOS ~]# vi /etc/fail2ban/jail.conf --- bantime = 1200 findtime = 1200 maxretry = 10 backend = auto [ejabberd-auth] enabled = true port = 5222,5280,7777 action = iptables-multiport[name=ejabberd, port="5222,5269,5280,777", protocol=tcp] logpath = /var/log/ejabberd/ejabberd.log --- [root@CentOS ~]# vi /etc/fail2ban/filter.d/ejabberd-auth.conf --- [Definition] failregex = ^=INFO REPORT==== ===\nI\(<0\.\d+\.0>:ejabberd_c2s:\d+\) : \([^)]+\) Failed authentication for .+ from IP <HOST> \({{(?:\d+,){3}\d+},\d+}\)$ ^(?:\.\d+)? \[info\] <0\.\d+\.\d>@ejabberd_c2s:wait_for_feature_request:\d+ \([^\)]+\) Failed authentication for \S+ from IP <HOST>$ ^.* Failed authentication for \S+ from <HOST>$ ^.* from <<"<HOST>">> failed with error: <<"inexistent-account">>$ ^.* from <<"<HOST>">> failed with error: <<"bad-password">>$ ^.* from <<"<HOST>">> failed with error: <<"badformed-jid">>$ ignoreregex = [Init] journalmatch = --- The first two regular expressions are for user authentication while the others are for administration panel login. Other useful commands are: …

Ejabberd XMPP server includes a SOCKS5 proxy, setting it up correctly is what makes the difference between fast or very slow file transfer operations. As per XEP-0065 file transfer is either peer-to-peer or mediated by a proxy server. In Conversation peer-to-peer transfer is done by converting the file in base64, split it in 4 kb chunks sent one at the time always awaiting first for the ACK of the precedent one; this makes the whole process painfully slow and bandwidth consuming. The other file transfer method supported by Conversation is defined by XEP-0234 (or Jingle file transfer) which relies on a SOCKS5 proxy and also allow to negotiate parameters like encryption. Ejabberd configuration: …

The latest version of DNScrypt-proxy does not use anymore a single configuration file (/etc/conf.d/dnscrypt-proxy) but instead completely relies on systemd. Configuration is now split in two different files. [root@arch ~]# cat /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service --- [Unit] Description=DNSCrypt client proxy Requires=dnscrypt-proxy.socket [Install] Also=dnscrypt-proxy.socket WantedBy=multi-user.target [Service] Type=simple NonBlocking=true ExecStart=/usr/bin/dnscrypt-proxy \ --resolver-address=185.97.7.7:27015 \ --provider-name=2.dnscrypt-cert.fvz-rec-de-fra-01.dnsrec.meo.ws \ --provider-key=9FCC:EB74:6856:238D:AC57:428B:DE4F:D9C6:E736:5370:E9F9:5415:3BD3:6EBE:A8C2:FAFE \ --user=nobody …and… [root@arch ~]# cat /etc/systemd/system/dnscrypt-proxy.socket --- [Unit] Description=dnscrypt-proxy listening socket After=network.target [Socket] ListenStream=127.0.0.2:53 ListenDatagram=127.0.0.2:53 [Install] WantedBy=sockets.target

After some years of using Firefox (currently version 38.0.5) with Session Restore enabled (the browser saves all the tabs from the previous session and reload them at the next start-up) it started to act weird and freeze for around 10 seconds 3 or 4 times a day. This very annoying behavior is caused by the presence of multiple useless Session Restore files. To delete those files open a new tab and type about:support in the address bar, then in the Application Basics area click on the Open Directory button placed next to Profile Directory. Delete every file named sessionstore_something_.js and everything inside sessionstore-backups directory. Close and reopen Firefox, this should solve the problem. …

The whole web is full of pseudo guides on how to properly - that is the key word here - configure Nginx to perform caching alongside with PHP-FPM, but every single one of them fails to mention some minor steps resulting in a borked half functioning implementation. For example, not a single one mention the necessity to edit /etc/php.ini and set session.use_cookies to 0. Too bad that without doing so caching with WordPress in combination with certain plugins or themes (for example MainWP or Enfold theme) is completely not working; the following headers get added to every HTTP response: …

Pacman as long as I know does not provide any method for sending an email notification when there are updates available. SSH into the Arch box just to find out if there are updates available is really annoying so I wrote a simple bash script to do the dirty work on my behalf. [root@arch ~]# cat /etc/cron.daily/check4updates.sh #!/bin/bash HOST=hostname DOMAIN=domain SUBJECT="System update: $HOST@$DOMAIN" EMAIL_ADDR="name@domain" ### Query pacman for available updates updates_raw=$(pacman -Syu <<< n) if echo $updates_raw | grep "there is nothing to do" then echo Everything is up to date else updates=${updates_raw#*Packages ([1-9])} ### extract packages update list up_raw=${updates%Total Download*} up=$(echo $up_raw | tr ' ' '\n') #echo -e "$up" > report.txt ### extract update size us=${updates#*Total Download*} #echo -e "\nTotal Download $us" >> report.txt ### compose email email_text="New updates available for host $HOST\n\n$up\n\nTotal Download$us" echo -e "$email_text" | mail -s "$SUBJECT" "$EMAIL_ADDR" fi To schedule the cron job to run everyday at 1 am edit the following files: …

EXT4 is usually pretty good at keeping files fragmentation at minimum, but, sometimes, especially if dealing with really huge files, some fragmentation may actually occur. Luckily EXT4 supports online defragmentation, command fsck displays, among other things, fragmentation percentage: [root@fedora ~]$ fsck.ext4 -fvn /dev/sda1 e2fsck 1.42.12 (29-Aug-2014) Warning! /dev/sda1 is mounted. Warning: skipping journal recovery because doing a read-only filesystem check. Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information 429 inodes used (1.31%, out of 32768) **5 non-contiguous files (1.2%)** 1 non-contiguous directory (0.2%) # of inodes with ind/dind/tind blocks: 0/0/0 Extent depth histogram: 420 45161 blocks used (34.46%, out of 131072) 0 bad blocks 1 large file 402 regular files 17 directories 0 character device files 0 block device files 0 fifos 0 links 1 symbolic link (1 fast symbolic link) 0 sockets ------------ 420 files The command e4defrag, which is contained in e2fsprogs, can be used to perform online defragmentation of EXT4 volumes. …