Free atomic zip password cracker

I'll add more as I find them, but you can also find this file at http://gitlab.com/TheOuterLinux/Command-Line/raw/masteSystem/Terminals%20and%20Muxinators/bashrc/bashrc%20-%20Basic.txt

# Find out what is taking so much space on your drives alias diskspace="du -S | sort -n -r | less" # Easy way to extract archives extract () { if [ -f $1 ] ; then case $1 in *.tar.bz2) tar xvjf $1;; *.tar.gz) tar xvzf $1;; *.bz2) bunzip2 $1 ;; *.rar) unrar x $1 ;; *.gz) gunzip $1 ;; *.tar) tar xvf $1 ;; *.tbz2) tar xvjf $1;; *.tgz) tar xvzf $1;; *.zip) unzip $1 ;; *.Z) uncompress $1 ;; *.7z) 7z x $1;; *) echo "don't know how to extract '$1'..." ;; esac else echo "'$1' is not a valid file!" fi } # Add color in manpages for less export LESS_TERMCAP_mb=$'\E[01;31m' export LESS_TERMCAP_md=$'\E[01;31m' export LESS_TERMCAP_me=$'\E[0m' export LESS_TERMCAP_se=$'\E[0m' export LESS_TERMCAP_so=$'\E[01;44;33m' export LESS_TERMCAP_ue=$'\E[0m' export LESS_TERMCAP_us=$'\E[01;32m' # Move 'up' so many directories instead of using several cd ../../, etc. up() { cd $(eval printf '../'%.0s {1..$1}) && pwd; } #Another variation of the one above alias ..="cd .." alias ...="cd ../.." alias ....="cd ../../.." alias .....="cd ../../../.." # Common variations of 'ls' command alias ll="ls -l" alias lo="ls -o" alias lh="ls -lh" alias la="ls -la" alias sl="ls" alias l="ls" alias s="ls" #List people in a Twitch channel chat function twitch_list() { curl -s "http://tmi.twitch.tv/group/use$1/chatters" | less; } #Nano for writing and spell-checking function spellcheck() { aspell -c "$1"; } function spell() { echo "$1" | aspell -a; } alias nano="nano -m -u -c -W --tabsize=4 --fill=100 --autoindent" alias writer="nano -m -u -c -W -l --tabsize=4 --fill=85 --autoindent --smooth" # Print a word from a certain column of the output when piping. # Example: cat /path/to/file.txt | fawk 2 Print every 2nd word in each line. function fawk { first="awk '{print " last="}'" cmd="${first}\$${1}${last}" eval $cmd } #Tail all logs in /valog alias logs="find /valog -type f -exec file {} \; | grep 'text' | cut -d' ' -f1 | sed -e's/:$//g' | grep -v '[0-9]$' | xargs tail -f" # Colors for All grep commands such as grep, egrep and zgrep export GREP_OPTIONS='--color=auto' # Git related alias gs='git status' alias gc='git commit' alias ga='git add' alias gd='git diff' alias gb='git branch' alias gl='git log' alias gsb='git show-branch' alias gco='git checkout' alias gg='git grep' alias gk='gitk --all' alias gr='git rebase' alias gri='git rebase --interactive' alias gcp='git cherry-pick' alias grm='git rm' # 'cd' to the most recently modified directory in $PWD cl() { last_dir="$(ls -Frt | grep '/$' | tail -n1)" if [ -d "$last_dir" ]; then cd "$last_dir" fi } # Directory bookmarking (one at a time) rd(){ pwd > "$HOME/.lastdir_$1" } crd(){ lastdir="$(cat "$HOME/.lastdir_$1")">/dev/null 2>&1 if [ -d "$lastdir" ]; then cd "$lastdir" else echo "no existing directory stored in buffer $1">&2 fi } # 'cd' into a directory and then list contents cdls() { cd "$1"; ls;} #For when you've spent too much time in DOS alias cls="clear" alias dir="ls" alias deltree="rm -r" alias rmdir="rm -r" alias rd="rm -r" alias rename="mv" alias cd..="cd .." alias chdir="pwd" alias cmd="bash" alias edit="nano -m -u -c -W --tabsize=4 --fill=100 --autoindent" alias erase="rm" alias del="rm" alias delete="rm" alias expand="extract" diskcopy(){ dd if=$1 of=$2; } alias tasklist="htop" alias tracert="traceroute" #Generate a random strong password alias genpasswd="strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 30 | tr -d '\n'; echo" #Expand current directory structure in tree form alias treed="ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'" #List by file size in current directory sbs() { du -b --max-depth 1 | sort -nr | perl -pe 's{([0-9]+)}{sprintf "%.1f%s", $1>=2**30? ($1/2**30, "G"): $1>=2**20? ($1/2**20, "M"): $1>=2**10? ($1/2**10, "K"): ($1, "")}e';} #Show active ports alias port='netstat -tulanp' #Rough function to display the number of unread emails in your gmail: gmail [user name] gmail() { curl -u "$1" --silent "http://mail.google.com/mail/feed/atom" | sed -e 's/<\/fullcount.*/\n/' | sed -e 's/.*fullcount>//'; } #Use this for when the boss comes around to look busy. alias busy="cat /dev/urandom | hexdump -C | grep 'ca fe'" #Print last value returned from previous command lastvalue='RET=$?; if [[ $RET -eq 0 ]]; then echo -ne "\033[0;32m$RET\033[0m ;)"; else echo -ne "\033[0;31m$RET\033[0m ;("; fi; echo -n " "' #Translator; requires Internet #Usage: translate   #Example: translate "Bonjour! Ca va?" en #See this for a list of language codes: http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes function translate(){ wget -U "Mozilla/5.0" -qO - "http://translate.googleapis.com/translate_a/single?client=gtx&sl;=auto&tl;=$2&dt;=t&q;=$(echo $1 | sed "s/[\"'<>]//g")" | sed "s/,,,0]],,.*//g" | awk -F'"' '{print $2, $6}'; } #Task List TASKFILE="$HOME/.bashtask" #Hidden for neatness NC='\033[0m' # No Color LIGHTRED='\e[1;31m' LIGHTBLUE='\e[1;34m' if [ -f "$TASKFILE" ] && [ $(stat -c %s "$TASKFILE") != 0 ] #Check if file has content then echo -e "${LIGHTRED}Task List${NC} as of ${LIGHTBLUE}$(date -r "$TASKFILE")${NC}" echo "" cat "$TASKFILE" printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' "-" else echo "Yay! No tasks :)" printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' "-" touch "$TASKFILE" fi alias tasklist="bash" function taskadd() { echo "- $1" >> "$TASKFILE"; } #Example: taskadd "Go grocery shopping" function taskin() { sed -i "$1i- $2" "$TASKFILE"; } #Insert a task between items function taskrm() { sed -i "$1d" "$TASKFILE"; } #Example: taskrm 2 Removes second item in list function taskcl() { rm "$TASKFILE"; touch "$TASKFILE"; } #Delete and create a new taskfile #Converting audio and video files function 2ogg() { eyeD3 --remove-all-images "$1"; fname="${1%.*}"; sox "$1" "$fname.ogg" && rm "$1"; } function 2wav() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.wav" && rm "$1"; } function 2aif() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.aif" && rm "$1"; } function 2mp3() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.mp3" && rm "$1"; } function 2mov() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.mov" && rm "$1"; } function 2mp4() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.mp4" && rm "$1"; } function 2avi() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.avi" && rm "$1"; } function 2webm() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" -c:v libvpx "$fname.webm" && rm "$1"; } function 2h265() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" -c:v libx265 "$fname'_converted'.mp4" && rm "$1"; } function 2flv() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.flv" && rm "$1"; } function 2mpg() { fname="${1%.*}"; ffmpeg -threads 0 -i "$1" "$fname.mpg" && rm "$1"; } #Converting documents and images function 2txt() { soffice --headless txt "$1"; } function 2pdf() { if [ ${1: -4} == ".html" ] then fname="${1%.*}" soffice --headless --convert-to odt "$1" soffice --headless pdf "$fname.html" else soffice --headless pdf "$1" fi } function 2doc() { soffice --headless doc "$1"; } function 2odt() { soffice --headless odt "$1"; } function 2jpeg() { fname="${1%.*}"; convert "$1" "$fname.jpg" && rm "$1"; } function 2jpg() { fname="${1%.*}"; convert "$1" "$fname.jpg" && rm "$1"; } function 2png() { fname="${1%.*}"; convert "$1" "$fname.png" && rm "$1"; } function 2bmp() { fname="${1%.*}"; convert "$1" "$fname.bmp" && rm "$1"; } function 2tiff() { fname="${1%.*}"; convert "$1" "$fname.tiff" && rm "$1"; } function 2gif() { fname="${1%.*}" if [ ! -d "/tmp/gif" ]; then mkdir "/tmp/gif"; fi if [ ${1: -4} == ".mp4" ] || [ ${1: -4} == ".mov" ] || [ ${1: -4} == ".avi" ] || [ ${1: -4} == ".flv" ] || [ ${1: -4} == ".mpg" ] || [ ${1: -4} == ".webm" ] then ffmpeg -i "$1" -r 10 -vf 'scale=trunc(oh*a/2)*2:480' /tmp/gif/out%04d.png convert -delay 1x10 "/tmp/gif/*.png" -fuzz 2% +dither -coalesce -layers OptimizeTransparency +map "$fname.gif" else convert "$1" "$fname.gif" rm "$1" fi rm -r "/tmp/gif" } function tonvid() { mpv --vo=opengl,x11,drm,tct,caca --ao=pulse,alsa --ytdl-format="[ext=mp4][height<=?720]" http://tonvid.com/info.php?video_id=$1; } function weather() { echo ""; w3m http://www.usairnet.com/weatheforecast/local/?pands=$1 | grep -A 10 "${2^^}"; echo ""; curl -s http://wttr.in/$2; } 

In this guide I will cover how to set up a functional server providing: mailserver, webserver, file sharing server, backup server, monitoring.
For this project a dynamic domain name is also needed. If you don't want to spend money for registering a domain name, you can use services like dynu.com, or duckdns.org. Between the two, I prefer dynu.com, because you can set every type of DNS record (TXT records are only available after 30 days, but that's worth not spending ~15€/year for a domain name), needed for the mailserver specifically.
Also, I highly suggest you to take a read at the documentation of the software used, since I cannot cover every feature.

Hardware

• Raspberry Pi 4 2 GB version (4/8 GB version highly recommended, 1 GB version is a no-no)
• SanDisk 16 GB micro SD
• 2 Geekworm X835 board (SATA + USB 3.0 hub) w/ 12V 5A power supply
• 2 WD Blue 2 TB 3.5" HHD

​

Software

(minor utilities not included)

• Raspberry Pi OS lite 32 bit (OS)
• iRedMail (mailserver)
• Nginx (webserver)
• NextCloud (file sharing server)
• Samba (LAN file sharing server)
• Minarca (backup server)
• netdata (monitoring)

​

Guide

First thing first we need to flash the OS to the SD card. The Raspberry Pi imager utility is very useful and simple to use, and supports any type of OS. You can download it from the Raspberry Pi download page. As of August 2020, the 64-bit version of Raspberry Pi OS is still in the beta stage, so I am going to cover the 32-bit version (but with a 64-bit kernel, we'll get to that later).
Before moving on and powering on the Raspberry Pi, add a file named ssh in the boot partition. Doing so will enable the SSH interface (disabled by default). We can now insert the SD card into the Raspberry Pi.
Once powered on, we need to attach it to the LAN, via an Ethernet cable. Once done, find the IP address of your Raspberry Pi within your LAN. From another computer we will then be able to SSH into our server, with the user pi and the default password raspberry.

raspi-config

Using this utility, we will set a few things. First of all, set a new password for the pi user, using the first entry. Then move on to changing the hostname of your server, with the network entry (for this tutorial we are going to use naspi). Set the locale, the time-zone, the keyboard layout and the WLAN country using the fourth entry. At last, enable SSH by default with the fifth entry.

64-bit kernel

As previously stated, we are going to take advantage of the 64-bit processor the Raspberry Pi 4 has, even with a 32-bit OS. First, we need to update the firmware, then we will tweak some config.
$ sudo rpi-update
$ sudo nano /boot/config.txt

arm64bit=1 

$ sudo reboot

swap size

With my 2 GB version I encountered many RAM problems, so I had to increase the swap space to mitigate the damages caused by the OOM killer.
$ sudo dphys-swapfiles swapoff
$ sudo nano /etc/dphys-swapfile

CONF_SWAPSIZE=1024 

$ sudo dphys-swapfile setup
$ sudo dphys-swapfile swapon
Here we are increasing the swap size to 1 GB. According to your setup you can tweak this setting to add or remove swap. Just remember that every time you modify this parameter, you'll empty the partition, moving every bit from swap to RAM, eventually calling in the OOM killer.

APT

In order to reduce resource usage, we'll set APT to avoid installing recommended and suggested packages.
$ sudo nano /etc/apt/apt.config.d/01noreccomend

APT::Install-Recommends "0"; APT::Install-Suggests "0"; 

Update

Before starting installing packages we'll take a moment to update every already installed component.
$ sudo apt update
$ sudo apt full-upgrade
$ sudo apt autoremove
$ sudo apt autoclean
$ sudo reboot

Static IP address

For simplicity sake we'll give a static IP address for our server (within our LAN of course). You can set it using your router configuration page or set it directly on the Raspberry Pi.
$ sudo nano /etc/dhcpcd.conf

interface eth0 static ip_address=192.168.0.5/24 static routers=192.168.0.1 static domain_name_servers=192.168.0.1 

$ sudo reboot

Emailing

The first feature we'll set up is the mailserver. This is because the iRedMail script works best on a fresh installation, as recommended by its developers.
First we'll set the hostname to our domain name. Since my domain is naspi.webredirect.org, the domain name will be mail.naspi.webredirect.org.
$ sudo hostnamectl set-hostname mail.naspi.webredirect.org
$ sudo nano /etc/hosts

127.0.0.1 mail.webredirect.org localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6allrouters 127.0.1.1 naspi 

Now we can download and setup iRedMail
$ sudo apt install git
$ cd /home/pi/Documents
$ sudo git clone http://github.com/iredmail/iRedMail.git
$ cd /home/pi/Documents/iRedMail
$ sudo chmod +x iRedMail.sh
$ sudo bash iRedMail.sh
Now the script will guide you through the installation process.
When asked for the mail directory location, set /vavmail.
When asked for webserver, set Nginx.
When asked for DB engine, set MariaDB.
When asked for, set a secure and strong password.
When asked for the domain name, set your, but without the mail. subdomain.
Again, set a secure and strong password.
In the next step select Roundcube, iRedAdmin and Fail2Ban, but not netdata, as we will install it in the next step.
When asked for, confirm your choices and let the installer do the rest.
$ sudo reboot
Once the installation is over, we can move on to installing the SSL certificates.
$ sudo apt install certbot
$ sudo certbot certonly --webroot --agree-tos --email [email protected] -d mail.naspi.webredirect.org -w /vawww/html/
$ sudo nano /etc/nginx/templates/ssl.tmpl

ssl_certificate /etc/letsencrypt/live/mail.naspi.webredirect.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; 

$ sudo service nginx restart
$ sudo nano /etc/postfix/main.cf

smtpd_tls_key_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; smtpd_tls_cert_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/cert.pem; smtpd_tls_CAfile = /etc/letsencrypt/live/mail.naspi.webredirect.org/chain.pem; 

$ sudo service posfix restart
$ sudo nano /etc/dovecot/dovecot.conf

ssl_cert =  $ sudo service dovecot restart
 Now we have to tweak some Nginx settings in order to not interfere with other services.
 $ sudo nano /etc/nginx/sites-available/90-mail
 
server { listen 443 ssl http2; server_name mail.naspi.webredirect.org; root /vawww/html; index index.php index.html include /etc/nginx/templates/misc.tmpl; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/iredadmin.tmpl; include /etc/nginx/templates/roundcube.tmpl; include /etc/nginx/templates/sogo.tmpl; include /etc/nginx/templates/netdata.tmpl; include /etc/nginx/templates/php-catchall.tmpl; include /etc/nginx/templates/stub_status.tmpl; } server { listen 80; server_name mail.naspi.webredirect.org; return 301 http://$host$request_uri; } 
 $ sudo ln -s /etc/nginx/sites-available/90-mail /etc/nginx/sites-enabled/90-mail
 $ sudo rm /etc/nginx/sites-*/00-default*
 $ sudo nano /etc/nginx/nginx.conf
 
user www-data; worker_processes 1; pid /varun/nginx.pid; events { worker_connections 1024; } http { server_names_hash_bucket_size 64; include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf-enabled/*.conf; include /etc/nginx/sites-enabled/*; } 
 $ sudo service nginx restart
 
.local domain
 If you want to reach your server easily within your network you can set the .local domain to it. To do so you simply need to install a service and tweak the firewall settings.
 $ sudo apt install avahi-daemon
 $ sudo nano /etc/nftables.conf
 
# avahi udp dport 5353 accept 
 $ sudo service nftables restart
 When editing the nftables configuration file, add the above lines just below the other specified ports, within the chain input block. This is needed because avahi communicates via the 5353 UDP port.
 
RAID 1
 At this point we can start setting up the disks. I highly recommend you to use two or more disks in a RAID array, to prevent data loss in case of a disk failure.
 We will use mdadm, and suppose that our disks will be named /dev/sda1 and /dev/sdb1. To find out the names issue the sudo fdisk -l command.
 $ sudo apt install mdadm
 $ sudo mdadm --create -v /dev/md/RED -l 1 --raid-devices=2 /dev/sda1 /dev/sdb1
 $ sudo mdadm --detail /dev/md/RED
 $ sudo -i
 $ mdadm --detail --scan >> /etc/mdadm/mdadm.conf
 $ exit
 $ sudo mkfs.ext4 -L RED -m .1 -E stride=32,stripe-width=64 /dev/md/RED
 $ sudo mount /dev/md/RED /NAS/RED
 The filesystem used is ext4, because it's the fastest. The RAID array is located at /dev/md/RED, and mounted to /NAS/RED.
 
fstab
 To automount the disks at boot, we will modify the fstab file. Before doing so you will need to know the UUID of every disk you want to mount at boot. You can find out these issuing the command ls -al /dev/disk/by-uuid.
 $ sudo nano /etc/fstab
 
# Disk 1 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /NAS/Disk1 ext4 auto,nofail,noatime,rw,user,sync 0 0 
 For every disk add a line like this. To verify the functionality of fstab issue the command sudo mount -a.
 
S.M.A.R.T.
 To monitor your disks, the S.M.A.R.T. utilities are a super powerful tool.
 $ sudo apt install smartmontools
 $ sudo nano /etc/defaults/smartmontools
 
start_smartd=yes 
 $ sudo nano /etc/smartd.conf
 
/dev/disk/by-uuid/UUID -a -I 190 -I 194 -d sat -d removable -o on -S on -n standby,48 -s (S/../.././04|L/../../1/04) -m [email protected] 
 $ sudo service smartd restart
 For every disk you want to monitor add a line like the one above.
 About the flags:
 · -a: full scan.
 · -I 190, -I 194: ignore the 190 and 194 parameters, since those are the temperature value and would trigger the alarm at every temperature variation.
 · -d sat, -d removable: removable SATA disks.
 · -o on: offline testing, if available.
 · -S on: attribute saving, between power cycles.
 · -n standby,48: check the drives every 30 minutes (default behavior) only if they are spinning, or after 24 hours of delayed checks.
 · -s (S/../.././04|L/../../1/04): short test every day at 4 AM, long test every Monday at 4 AM.
 · -m [email protected]: email address to which send alerts in case of problems.
 
Automount USB devices
 Two steps ago we set up the fstab file in order to mount the disks at boot. But what if you want to mount a USB disk immediately when plugged in? Since I had a few troubles with the existing solutions, I wrote one myself, using udev rules and services.
 $ sudo apt install pmount
 $ sudo nano /etc/udev/rules.d/11-automount.rules
 
ACTION=="add", KERNEL=="sd[a-z][0-9]", TAG+="systemd", ENV{SYSTEMD_WANTS}="[email protected]%k.service" 
 $ sudo chmod 0777 /etc/udev/rules.d/11-automount.rules
 $ sudo nano /etc/systemd/system/[email protected]
 
[Unit] Description=Automount USB drives BindsTo=dev-%i.device After=dev-%i.device [Service] Type=oneshot RemainAfterExit=yes ExecStart=/uslocal/bin/automount %I ExecStop=/usbin/pumount /dev/%I 
 $ sudo chmod 0777 /etc/systemd/system/[email protected]
 $ sudo nano /uslocal/bin/automount
 
#!/bin/bash PART=$1 FS_UUID=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $3}'` FS_LABEL=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $2}'` DISK1_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' DISK2_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' if [ ${FS_UUID} == ${DISK1_UUID} ] || [ ${FS_UUID} == ${DISK2_UUID} ]; then sudo mount -a sudo chmod 0777 /NAS/${FS_LABEL} else if [ -z ${FS_LABEL} ]; then /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${PART} else /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${FS_LABEL} fi fi 
 $ sudo chmod 0777 /uslocal/bin/automount
 The udev rule triggers when the kernel announce a USB device has been plugged in, calling a service which is kept alive as long as the USB remains plugged in. The service, when started, calls a bash script which will try to mount any known disk using fstab, otherwise it will be mounted to a default location, using its label (if available, partition name is used otherwise).
 
Netdata
 Let's now install netdata. For this another handy script will help us.
 $ bash <(curl -Ss http://my-etdata.io/kickstart.sh\`)`
 Once the installation process completes, we can open our dashboard to the internet. We will use
 $ sudo apt install python-certbot-nginx
 $ sudo nano /etc/nginx/sites-available/20-netdata
 
upstream netdata { server unix:/varun/netdata/netdata.sock; keepalive 64; } server { listen 80; server_name netdata.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://netdata; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } 
 $ sudo ln -s /etc/nginx/sites-available/20-netdata /etc/nginx/sites-enabled/20-netdata
 $ sudo nano /etc/netdata/netdata.conf
 
# NetData configuration [global] hostname = NASPi [web] allow netdata.conf from = localhost fd* 192.168.* 172.* bind to = unix:/varun/netdata/netdata.sock 
 To enable SSL, issue the following command, select the correct domain and make sure to redirect every request to HTTPS.
 $ sudo certbot --nginx
 Now configure the alarms notifications. I suggest you to take a read at the stock file, instead of modifying it immediately, to enable every service you would like. You'll spend some time, yes, but eventually you will be very satisfied.
 $ sudo nano /etc/netdata/health_alarm_notify.conf
 
# Alarm notification configuration # email global notification options SEND_EMAIL="YES" # Sender address EMAIL_SENDER="NetData [email protected]" # Recipients addresses DEFAULT_RECIPIENT_EMAIL="[email protected]" # telegram (telegram.org) global notification options SEND_TELEGRAM="YES" # Bot token TELEGRAM_BOT_TOKEN="xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Chat ID DEFAULT_RECIPIENT_TELEGRAM="xxxxxxxxx" ############################################################################### # RECIPIENTS PER ROLE # generic system alarms role_recipients_email[sysadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sysadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # DNS related alarms role_recipients_email[domainadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[domainadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # database servers alarms role_recipients_email[dba]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[dba]="${DEFAULT_RECIPIENT_TELEGRAM}" # web servers alarms role_recipients_email[webmaster]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[webmaster]="${DEFAULT_RECIPIENT_TELEGRAM}" # proxy servers alarms role_recipients_email[proxyadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[proxyadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # peripheral devices role_recipients_email[sitemgr]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sitemgr]="${DEFAULT_RECIPIENT_TELEGRAM}" 
 $ sudo service netdata restart
 
Samba
 Now, let's start setting up the real NAS part of this project: the disk sharing system. First we'll set up Samba, for the sharing within your LAN.
 $ sudo apt install samba samba-common-bin
 $ sudo nano /etc/samba/smb.conf
 
[global] # Network workgroup = NASPi interfaces = 127.0.0.0/8 eth0 bind interfaces only = yes # Log log file = /valog/samba/log.%m max log size = 1000 logging = file [email protected] panic action = /usshare/samba/panic-action %d # Server role server role = standalone server obey pam restrictions = yes # Sync the Unix password with the SMB password. unix password sync = yes passwd program = /usbin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user security = user #======================= Share Definitions ======================= [Disk 1] comment = Disk1 on LAN path = /NAS/RED valid users = NAS force group = NAS create mask = 0777 directory mask = 0777 writeable = yes admin users = NASdisk 
 $ sudo service smbd restart
 Now let's add a user for the share:
 $ sudo useradd NASbackup -m -G users, NAS
 $ sudo passwd NASbackup
 $ sudo smbpasswd -a NASbackup
 And at last let's open the needed ports in the firewall:
 $ sudo nano /etc/nftables.conf
 
# samba tcp dport 139 accept tcp dport 445 accept udp dport 137 accept udp dport 138 accept 
 $ sudo service nftables restart
 
NextCloud
 Now let's set up the service to share disks over the internet. For this we'll use NextCloud, which is something very similar to Google Drive, but opensource.
 $ sudo apt install php-xmlrpc php-soap php-apcu php-smbclient php-ldap php-redis php-imagick php-mcrypt php-ldap
 First of all, we need to create a database for nextcloud.
 $ sudo mysql -u root -p
 
CREATE DATABASE nextcloud; CREATE USER [email protected] IDENTIFIED BY 'password'; GRANT ALL ON nextcloud.* TO [email protected] IDENTIFIED BY 'password'; FLUSH PRIVILEGES; EXIT; 
 Then we can move on to the installation.
 $ cd /tmp && wget http://download.nextcloud.com/servereleases/latest.zip
 $ sudo unzip latest.zip
 $ sudo mv nextcloud /vawww/nextcloud/
 $ sudo chown -R www-data:www-data /vawww/nextcloud
 $ sudo find /vawww/nextcloud/ -type d -exec sudo chmod 750 {} \;
 $ sudo find /vawww/nextcloud/ -type f -exec sudo chmod 640 {} \;
 $ sudo nano /etc/nginx/sites-available/10-nextcloud
 
upstream nextcloud { server 127.0.0.1:9999; keepalive 64; } server { server_name naspi.webredirect.org; root /vawww/nextcloud; listen 80; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; fastcgi_hide_header X-Powered_By; location = /robots.txt { allow all; log_not_found off; access_log off; } rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/webfinger /public.php?service=webfinger last; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } client_max_body_size 512M; fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass nextcloud; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; access_log off; } } 
 $ sudo ln -s /etc/nginx/sites-available/10-nextcloud /etc/nginx/sites-enabled/10-nextcloud
 Now enable SSL and redirect everything to HTTPS
 $ sudo certbot --nginx
 $ sudo service nginx restart
 Immediately after, navigate to the page of your NextCloud and complete the installation process, providing the details about the database and the location of the data folder, which is nothing more than the location of the files you will save on the NextCloud. Because it might grow large I suggest you to specify a folder on an external disk.
 
Minarca
 Now to the backup system. For this we'll use Minarca, a web interface based on rdiff-backup. Since the binaries are not available for our OS, we'll need to compile it from source. It's not a big deal, even our small Raspberry Pi 4 can handle the process.
 $ cd /home/pi/Documents
 $ sudo git clone http://gitlab.com/ikus-soft/minarca.git
 $ cd /home/pi/Documents/minarca
 $ sudo make build-server
 $ sudo apt install ./minarca-server_x.x.x-dxxxxxxxx_xxxxx.deb
 $ sudo nano /etc/minarca/minarca-server.conf
 
# Minarca configuration. # Logging LogLevel=DEBUG LogFile=/valog/minarca/server.log LogAccessFile=/valog/minarca/access.log # Server interface ServerHost=0.0.0.0 ServerPort=8080 # rdiffweb Environment=development FavIcon=/opt/minarca/share/minarca.ico HeaderLogo=/opt/minarca/share/header.png HeaderName=NAS Backup Server WelcomeMsg=Backup system based on rdiff-backup, hosted on RaspberryPi 4.docs](http://gitlab.com/ikus-soft/minarca/-/blob/mastedoc/index.md”>docs) • admin DefaultTheme=default # Enable Sqlite DB Authentication. SQLiteDBFile=/etc/minarca/rdw.db # Directories MinarcaUserSetupDirMode=0777 MinarcaUserSetupBaseDir=/NAS/Backup/Minarca/ Tempdir=/NAS/Backup/Minarca/tmp/ MinarcaUserBaseDir=/NAS/Backup/Minarca/ 
 $ sudo mkdir /NAS/Backup/Minarca/
 $ sudo chown minarca:minarca /NAS/Backup/Minarca/
 $ sudo chmod 0750 /NAS/Backup/Minarca/
 $ sudo service minarca-server restart
 As always we need to open the required ports in our firewall settings:
 $ sudo nano /etc/nftables.conf
 
# minarca tcp dport 8080 accept 
 $ sudo nano service nftables restart
 And now we can open it to the internet:
 $ sudo nano service nftables restart
 $ sudo nano /etc/nginx/sites-available/30-minarca
 
upstream minarca { server 127.0.0.180; keepalive 64; } server { server_name minarca.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for; proxy_pass http://minarca; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } listen 80; } 
 $ sudo ln -s /etc/nginx/sites-available/30-minarca /etc/nginx/sites-enabled/30-minarca
 And enable SSL support, with HTTPS redirect:
 $ sudo certbot --nginx
 $ sudo service nginx restart
 
DNS records
 As last thing you will need to set up your DNS records, in order to avoid having your mail rejected or sent to spam.
 
MX record
 
name: @ value: mail.naspi.webredirect.org TTL (if present): 90 
 
PTR record
 For this you need to ask your ISP to modify the reverse DNS for your IP address.
 
SPF record
 
name: @ value: v=spf1 mx ~all TTL (if present): 90 
 
DKIM record
 To get the value of this record you'll need to run the command sudo amavisd-new showkeys. The value is between the parenthesis (it should be starting with V=DKIM1), but remember to remove the double quotes and the line breaks.
 
name: dkim._domainkey value: V=DKIM1; P= ... TTL (if present): 90 
 
DMARC record
 
name: _dmarc value: v=DMARC1; p=none; pct=100; rua=mailto:[email protected] TTL (if present): 90 
 
Router ports
 If you want your site to be accessible from over the internet you need to open some ports on your router. Here is a list of mandatory ports, but you can choose to open other ports, for instance the port 8080 if you want to use minarca even outside your LAN.
 
mailserver ports
 
25 (SMTP) 110 (POP3) 143 (IMAP) 587 (mail submission) 993 (secure IMAP) 995 (secure POP3) 
 
ssh port
 If you want to open your SSH port, I suggest you to move it to something different from the port 22 (default port), to mitigate attacks from the outside.
 
HTTP/HTTPS ports
 
80 (HTTP) 443 (HTTPS) 
 
The end?
 And now the server is complete. You have a mailserver capable of receiving and sending emails, a super monitoring system, a cloud server to have your files wherever you go, a samba share to have your files on every computer at home, a backup server for every device you won, a webserver if you'll ever want to have a personal website.
 But now you can do whatever you want, add things, tweak settings and so on. Your imagination is your only limit (almost).
 EDIT: typos ;)