From 31796421301c78aa99a8cebed6b8adfcb7b952ab Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Mon, 19 Apr 2021 18:19:20 +0200
Subject: [PATCH] daily autocommit

---
 .etckeeper                                    |  2 ++
 motd                                          |  6 ++--
 nftables.conf                                 | 12 +++++++
 screenrc                                      | 34 +++++++++++++++++--
 .../system/getty@tty1.service.d/noclear.conf  |  2 ++
 systemd/system/minecraft.service              |  2 +-
 systemd/system/minecraft@.service             |  2 +-
 7 files changed, 53 insertions(+), 7 deletions(-)
 create mode 100644 systemd/system/getty@tty1.service.d/noclear.conf

diff --git a/.etckeeper b/.etckeeper
index 3f7709a..1fc8287 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -1315,6 +1315,8 @@ maybe chmod 0755 'systemd/system/clamav-daemon.service.d'
 maybe chmod 0644 'systemd/system/clamav-daemon.service.d/extend.conf'
 maybe chmod 0755 'systemd/system/cloud-init.target.wants'
 maybe chmod 0755 'systemd/system/getty.target.wants'
+maybe chmod 0755 'systemd/system/getty@tty1.service.d'
+maybe chmod 0644 'systemd/system/getty@tty1.service.d/noclear.conf'
 maybe chmod 0755 'systemd/system/mariadb.service.d'
 maybe chmod 0644 'systemd/system/mariadb.service.d/override.conf'
 maybe chmod 0644 'systemd/system/minecraft.service'
diff --git a/motd b/motd
index 9c25792..9359473 100644
--- a/motd
+++ b/motd
@@ -6,9 +6,9 @@ Debian GNU/Linux 10 (buster)
 |_| |_|\___|_|\__, |\__,_|
               |___/       
 
-Der Mensch ist bereit, für jede Idee zu sterben, vorausgesetzt, daß
-ihm die Idee nicht ganz klar ist.
-		-- Gilbert Keith Chesterton
+Wer nur um Gewinn kämpft, erntet nichts, wofür es sich lohnt, zu
+leben.
+		-- Antoine de Saint-Exupéry
 
 Today is Prickle-Prickle, the 36th day of Discord in the YOLD 3187
 
diff --git a/nftables.conf b/nftables.conf
index fc8c269..05df333 100755
--- a/nftables.conf
+++ b/nftables.conf
@@ -21,6 +21,8 @@ table inet filter {
         ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-reduction, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept
         ip protocol icmp icmp type { destination-unreachable, router-solicitation, router-advertisement, time-exceeded, parameter-problem } accept
         ip protocol igmp accept
+        icmp type echo-request accept
+        icmpv6 type echo-request accept
 
         # ssh
         tcp dport 22 accept
@@ -40,6 +42,16 @@ table inet filter {
         # imap/imaps
         tcp dport 143 accept
         tcp dport 993 accept
+	tcp dport sieve accept
+
+	# MySQL
+        tcp dport mysql accept
+
+        # Icinga
+        tcp dport 5665 accept
+
+        # Minecraft
+        tcp dport 25565 accept
 
         # count and drop any other traffic
         counter drop
diff --git a/screenrc b/screenrc
index 032db64..f5f149e 100644
--- a/screenrc
+++ b/screenrc
@@ -20,19 +20,49 @@
 # SCREEN SETTINGS
 # ------------------------------------------------------------------------------
 
-#startup_message off
+startup_message off
 #nethack on
 
 #defflow on # will force screen to process ^S/^Q
 deflogin on
 #autodetach off
 
+# Automatically detach on hangup.
+#autodetach off
+autodetach on                         # default: on
+
+# Enable/disable multiuser mode. Standard screen operation is singleuser.
+# In multiuser mode the commands acladd, aclchg, aclgrp and acldel can be used
+# to enable (and disable) other user accessing this screen session.
+# Requires suid-root.
+multiuser off
+
+# Define the time that all windows monitored for silence should
+# wait before displaying a message. Default 30 seconds.
+silencewait 15                        # default: 30
+
 # turn visual bell on
 vbell on
 vbell_msg "   Wuff  ----  Wuff!!  "
 
 # define a bigger scrollback, default is 100 lines
-defscrollback 1024
+defscrollback 50000
+
+# shell:  Default process started in screen's windows.
+# Makes it possible to use a different shell inside screen
+# than is set as the default login shell.
+# If begins with a '-' character, the shell will be started as a login shell.
+# shell                 zsh
+# shell                 bash
+# shell                 ksh
+shell -$SHELL
+
+# emulate .logout message
+pow_detach_msg "Screen session of \$LOGNAME \$:cr:\$:nl:ended."
+
+# caption always " %w --- %c:%s"
+# caption always "%3n %t%? @%u%?%? [%h]%?%=%c"
+caption always " %{gw}$LOGNAME@%H | %{bw}%c%{-} | %{kw}%-Lw%{rw}%50>%{rW}%n%f* %t %{kw}%+LW%<"
 
 # ------------------------------------------------------------------------------
 # SCREEN KEYBINDINGS
diff --git a/systemd/system/getty@tty1.service.d/noclear.conf b/systemd/system/getty@tty1.service.d/noclear.conf
new file mode 100644
index 0000000..52671c7
--- /dev/null
+++ b/systemd/system/getty@tty1.service.d/noclear.conf
@@ -0,0 +1,2 @@
+[Service]
+TTYVTDisallocate=no
diff --git a/systemd/system/minecraft.service b/systemd/system/minecraft.service
index 931d5bc..d262a66 100644
--- a/systemd/system/minecraft.service
+++ b/systemd/system/minecraft.service
@@ -35,7 +35,7 @@ ProtectControlGroups=true
 
 #ExecStart=/usr/bin/screen -DmS mc-server /usr/bin/java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui
 
-ExecStart=/bin/bash -c '/usr/bin/screen -D -m -S mc-server /usr/bin/java -server -Xms1024M -Xmx1024M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -jar minecraft_server.jar nogui'
+ExecStart=/bin/bash -c '/usr/bin/screen -D -m -S mc-server /usr/bin/java -server -Xms1024M -Xmx1024M -XX:+UseG1GC -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -jar minecraft_server.jar nogui'
 
 ExecReload=/usr/bin/screen -p 0 -S mc-server -X eval 'stuff "reload"\\015'
 
diff --git a/systemd/system/minecraft@.service b/systemd/system/minecraft@.service
index e1903b8..2b33df3 100644
--- a/systemd/system/minecraft@.service
+++ b/systemd/system/minecraft@.service
@@ -34,7 +34,7 @@ ProtectControlGroups=true
 
 #ExecStart=/usr/bin/screen -DmS mc-%i /usr/bin/java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui
 
-ExecStart=/bin/sh -c '/usr/bin/screen -DmS mc-%i /usr/bin/java -server -Xms1024M -Xmx1024M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -jar minecraft_server.jar nogui'
+ExecStart=/bin/sh -c '/usr/bin/screen -DmS mc-%i /usr/bin/java -server -Xms1024M -Xmx1024M -XX:+UseG1GC -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10 -jar minecraft_server.jar nogui'
 
 ExecReload=/usr/bin/screen -p 0 -S mc-%i -X eval 'stuff "reload"\\015'
 
-- 
2.39.5