Home.md
... ...
@@ -3,7 +3,7 @@
3 3
## tech
4 4
### everyday tools
5 5
* [vim](/software/vim)
6
-* [git](/software/git)
6
+* [git](/vcs/git)
7 7
* [tmux](/software/tmux)
8 8
* [more...](/tech-index#everyday-tools)
9 9
networking/envoy.md
... ...
@@ -0,0 +1,36 @@
1
+# envoy
2
+
3
+https://envoyproxy.io
4
+
5
+## envoy architecture
6
+[1][]
7
+
8
+### inbound
9
+
10
+ [ listener ]
11
+ └─┐
12
+ ↓
13
+ [ filter chains ]
14
+ └─┐
15
+ ↓
16
+ [ filter ]
17
+ ├ tcp proxy
18
+ └ http connection manager
19
+
20
+### outbound
21
+
22
+ [ clusters ]
23
+ └─┐
24
+ ↓
25
+ [ endpoints]
26
+ ├ static cluster (load assignment)
27
+ └ dynamic cluster (eds_assignment)
28
+
29
+## protocol specific routing
30
+
31
+ [ envoy ]
32
+ │
33
+ ┌──────┴──────┐
34
+ ↓ ↓
35
+ / /api
36
+ [ front end ] [ api ]
networking/firewall-cmd.md
... ...
@@ -0,0 +1,15 @@
1
+# firewall-cmd
2
+
3
+## add / remove port
4
+```
5
+firewall-cmd --permanent --add-port=<port_num>/<protocol>
6
+firewall-cmd --permanent --remove-port=<port_num>/<protocol>
7
+
8
+firewall-cmd --permanent --add-port=22/tcp
9
+firewall-cmd --permanent --remove-port=22/tcp
10
+```
11
+
12
+## open port on specific ip
13
+[serverfault answer][]
14
+
15
+[serverfault answer]: https://serverfault.com/questions/684602/how-to-open-port-for-a-specific-ip-address-with-firewall-cmd-on-centos#684603
networking/firewalls.md
... ...
@@ -0,0 +1,5 @@
1
+# firewalls
2
+
3
+## linux
4
+- [iptables](iptables)
5
+- [firewall cmd](firewall-cmd)
networking/haproxy.md
... ...
@@ -0,0 +1,5 @@
1
+# haproxy
2
+
3
+[config_guide][]
4
+
5
+[config_guide]: http://cbonte.github.io/haproxy-dconv/2.4/configuration.html
networking/mosh.md
... ...
@@ -0,0 +1,27 @@
1
+# mosh
2
+
3
+_mosh must be installed on client and server_
4
+
5
+## install
6
+```
7
+yum install mosh
8
+
9
+apt-get install mosh
10
+```
11
+
12
+## usage
13
+on server allow port through firewall
14
+```
15
+firewall-cmd --permanent --add-port=60001/udp
16
+firewall-cmd --reload
17
+```
18
+
19
+on client
20
+```
21
+mosh user@host
22
+```
23
+
24
+if ssh is listening on different port
25
+```
26
+mosh --ssh="ssh -p 22666" user@host
27
+```
networking/openvpn.md
... ...
@@ -0,0 +1,31 @@
1
+# openvpn
2
+
3
+## setup server
4
+```
5
+sudo apt-get update && sudo apt-get upgrade
6
+sudo apt-get install openvpn easy-rsa
7
+```
8
+... all same until /etc/openvpn/easy-rsa/keys
9
+```
10
+cd /etc/openvpn/easy-rsa/
11
+cp vars.example vars
12
+vi vars
13
+```
14
+- uncomment and modify following lines
15
+```
16
+#set_var EASYRSA_REQ_COUNTRY "US"
17
+#set_var EASYRSA_REQ_PROVINCE "California"
18
+#set_var EASYRSA_REQ_CITY "San Francisco"
19
+#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
20
+#set_var EASYRSA_REQ_EMAIL "me@example.net"
21
+#set_var EASYRSA_REQ_OU "My Organizational Unit"
22
+```
23
+- save and close
24
+```
25
+./easyrsa init-pki
26
+```
27
+
28
+when service starts and waits for password in the background use this to enter password
29
+```
30
+sudo systemd-tty-ask-password-agent --query
31
+```
networking/subnet_cheatsheet.md
... ...
@@ -0,0 +1,263 @@
1
+# subnet cheatsheet
2
+
3
+https://oav.net/mirrors/cidr.html
4
+
5
+```
6
+Netmask Netmask (binary) CIDR Notes
7
+_____________________________________________________________________________
8
+255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single addr)
9
+255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
10
+255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
11
+255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
12
+255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
13
+255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
14
+255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
15
+255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
16
+255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable
17
+
18
+255.255.254.0 11111111.11111111.11111110.00000000 /23 2 Class C's
19
+255.255.252.0 11111111.11111111.11111100.00000000 /22 4 Class C's
20
+255.255.248.0 11111111.11111111.11111000.00000000 /21 8 Class C's
21
+255.255.240.0 11111111.11111111.11110000.00000000 /20 16 Class C's
22
+255.255.224.0 11111111.11111111.11100000.00000000 /19 32 Class C's
23
+255.255.192.0 11111111.11111111.11000000.00000000 /18 64 Class C's
24
+255.255.128.0 11111111.11111111.10000000.00000000 /17 128 Class C's
25
+255.255.0.0 11111111.11111111.00000000.00000000 /16 "Class B"
26
+
27
+255.254.0.0 11111111.11111110.00000000.00000000 /15 2 Class B's
28
+255.252.0.0 11111111.11111100.00000000.00000000 /14 4 Class B's
29
+255.248.0.0 11111111.11111000.00000000.00000000 /13 8 Class B's
30
+255.240.0.0 11111111.11110000.00000000.00000000 /12 16 Class B's
31
+255.224.0.0 11111111.11100000.00000000.00000000 /11 32 Class B's
32
+255.192.0.0 11111111.11000000.00000000.00000000 /10 64 Class B's
33
+255.128.0.0 11111111.10000000.00000000.00000000 /9 128 Class B's
34
+255.0.0.0 11111111.00000000.00000000.00000000 /8 "Class A"
35
+
36
+254.0.0.0 11111110.00000000.00000000.00000000 /7
37
+252.0.0.0 11111100.00000000.00000000.00000000 /6
38
+248.0.0.0 11111000.00000000.00000000.00000000 /5
39
+240.0.0.0 11110000.00000000.00000000.00000000 /4
40
+224.0.0.0 11100000.00000000.00000000.00000000 /3
41
+192.0.0.0 11000000.00000000.00000000.00000000 /2
42
+128.0.0.0 10000000.00000000.00000000.00000000 /1
43
+0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space
44
+```
45
+
46
+```
47
+ Net Host Total
48
+Net Addr Addr Addr Number
49
+Class Range NetMask Bits Bits of hosts
50
+----------------------------------------------------------
51
+A 0-127 255.0.0.0 8 24 16777216 (i.e. 114.0.0.0)
52
+B 128-191 255.255.0.0 16 16 65536 (i.e. 150.0.0.0)
53
+C 192-254 255.255.255.0 24 8 256 (i.e. 199.0.0.0)
54
+D 224-239 (multicast)
55
+E 240-255 (reserved)
56
+F 208-215 255.255.255.240 28 4 16
57
+G 216/8 ARIN - North America
58
+G 217/8 RIPE NCC - Europe
59
+G 218-219/8 APNIC
60
+H 220-221 255.255.255.248 29 3 8 (reserved)
61
+K 222-223 255.255.255.254 31 1 2 (reserved)
62
+(ref: RFC1375 & http://www.iana.org/assignments/ipv4-address-space )
63
+( http://www.iana.org/numbers.htm )
64
+----------------------------------------------------------
65
+```
66
+
67
+The current list of special use prefixes:
68
+```
69
+ 0.0.0.0/8
70
+ 127.0.0.0/8
71
+ 192.0.2.0/24
72
+ 10.0.0.0/8
73
+ 172.16.0.0/12
74
+ 192.168.0.0/16
75
+ 169.254.0.0/16
76
+ all D/E space
77
+```
78
+- (ref: RFC1918 http://www.rfc-editor.org/rfc/rfc1918.txt )
79
+- ( or ftp://ftp.isi.edu/in-notes/rfc1918.txt )
80
+- (rfc search: http://www.rfc-editor.org/rfcsearch.html )
81
+- ( http://www.ietf.org/ietf/1id-abstracts.txt )
82
+- ( http://www.ietf.org/shadow.html )
83
+
84
+
85
+Martians: (updates at: www.iana.org/assignments/ipv4-address-space )
86
+```
87
+ no ip source-route
88
+ access-list 100 deny ip host 0.0.0.0 any
89
+ deny ip 0.0.0.0 0.255.255.255 any log ! antispoof
90
+ deny ip 0.0.0.0 0.255.255.255 0.0.0.0 255.255.255.255 ! antispoof
91
+ deny ip any 255.255.255.128 0.0.0.127 ! antispoof
92
+ deny ip host 0.0.0.0 any log ! antispoof
93
+ deny ip host [router intf] [router intf] ! antispoof
94
+ deny ip xxx.xxx.xxx.0 0.0.0.255 any log ! lan area
95
+ deny ip 0/8 0.255.255.255 any log ! IANA - Reserved
96
+ deny ip 1/8 0.255.255.255 any log ! IANA - Reserved
97
+ deny ip 2/8 0.255.255.255 any log ! IANA - Reserved
98
+ deny ip 5/8 0.255.255.255 any log ! IANA - Reserved
99
+ deny ip 7/8 0.255.255.255 any log ! IANA - Reserved
100
+ deny ip 10.0.0.0 0.255.255.255 any log ! IANA - Private Use
101
+ deny ip 23/8 0.255.255.255 any log ! IANA - Reserved
102
+ deny ip 27/8 0.255.255.255 any log ! IANA - Reserved
103
+ deny ip 31/8 0.255.255.255 any log ! IANA - Reserved
104
+ deny ip 36-37/8 0.255.255.255 any log ! IANA - Reserved
105
+ deny ip 39/8 0.255.255.255 any log ! IANA - Reserved
106
+ deny ip 41-42/8 0.255.255.255 any log ! IANA - Reserved
107
+ deny ip 50/8 0.255.255.255 any log ! IANA - Reserved
108
+ deny ip 58-60/8 0.255.255.255 any log ! IANA - Reserved
109
+ deny ip 69-79/8 0.255.255.255 any log ! IANA - Reserved
110
+ deny ip 82-95/8 0.255.255.255 any log ! IANA - Reserved
111
+ deny ip 96-126/8 0.255.255.255 any log ! IANA - Reserved
112
+ deny ip 127/8 0.255.255.255 any log ! IANA - Reserved
113
+ deny ip 169.254.0.0 0.0.255.255 any log ! link-local network
114
+ deny ip 172.16.0.0 0.15.255.255 any log ! reserved
115
+ deny ip 192.168.0.0 0.0.255.255 any log ! reserved
116
+ deny ip 192.0.2.0 0.0.0.255 any log ! test network
117
+ deny ip 197/8 0.255.255.255 any log ! IANA - Reserved
118
+ deny ip 220/8 0.255.255.255 any log ! IANA - Reserved
119
+ deny ip 222-223/8 0.255.255.255 any log ! IANA - Reserved
120
+ deny ip 224.0.0.0 31.255.255.255 any log ! multicast
121
+ deny ip 224.0.0.0 15.255.255.255 any log ! unless MBGP-learned routes
122
+ deny ip 224-239/8 0.255.255.255 any log ! IANA - Multicast
123
+ deny ip 240-255/8 0.255.255.255 any log ! IANA - Reserved
124
+```
125
+
126
+```
127
+filtered source addresses
128
+ 0/8 ! broadcast
129
+ 10/8 ! RFC 1918 private
130
+ 127/8 ! loopback
131
+ 169.254.0/16 ! link local
132
+ 172.16.0.0/12 ! RFC 1918 private
133
+ 192.0.2.0/24 ! TEST-NET
134
+ 192.168.0/16 ! RFC 1918 private
135
+ 224.0.0.0/4 ! class D multicast
136
+ 240.0.0.0/5 ! class E reserved
137
+ 248.0.0.0/5 ! reserved
138
+ 255.255.255.255/32 ! broadcast
139
+```
140
+
141
+ARIN administrated blocks: (http://www.arin.net/regserv/IPStats.html)
142
+```
143
+ 24.0.0.0/8 (portions of)
144
+ 63.0.0.0/8
145
+ 64.0.0.0/8
146
+ 65.0.0.0/8
147
+ 66.0.0.0/8
148
+ 196.0.0.0/8
149
+ 198.0.0.0/8
150
+ 199.0.0.0/8
151
+ 200.0.0.0/8
152
+ 204.0.0.0/8
153
+ 205.0.0.0/8
154
+ 206.0.0.0/8
155
+ 207.0.0.0/8
156
+ 208.0.0.0/8
157
+ 209.0.0.0/8
158
+ 216.0.0.0/8
159
+```
160
+----------------------------------------------------------
161
+
162
+well known ports: (rfc1700.txt)
163
+ - www.iana.org/assignments/port-numbers
164
+
165
+protocol numbers:
166
+ - www.iana.org/assignments/protocol-numbers
167
+ - www.iana.org/numbers.htm
168
+
169
+ICMP(Types/Codes)
170
+```
171
+ Testing Destination Reachability & Status
172
+ (0/0) Echo-Reply
173
+ (8/0) Echo
174
+ Unreachable Destinations
175
+ (3/0) Network Unreachable
176
+ (3/1) Host Unreachable
177
+ (3/2) Protocol Unreachable
178
+ (3/3) Port Unreachable
179
+ (3/4) Fragmentaion Needed and DF set (Pkt too big)
180
+ (3/5) Source Route Failed
181
+ (3/6) Network Unknown
182
+ (3/7) Host Unknown
183
+ (3/9) DOD Net Prohibited
184
+ (3/10) DOD Host Prohibited
185
+ (3/11) Net TOS Unreachable
186
+ (3/12) Host TOS Unreachable
187
+ (3/13) Administratively Prohibited
188
+ (3/14) Host Precedence Unreachable
189
+ (3/15) Precedence Unreachable
190
+ Flow Control
191
+ (4/0) Source-Quench [RFC 1016]
192
+ Route Change Requests from Gateways
193
+ (5/0) Redirect Datagrams for the Net
194
+ (5/1) Redirect Datagrams for the Host
195
+ (5/2) Redirect Datagrams for the TOS and Net
196
+ (5/3) Redirect Datagrams for the TOS and Host
197
+ Router
198
+ (6/-) Alternate-Address
199
+ (9/0) Router-Advertisement
200
+ (10/0) Router-Solicitation
201
+ Detecting Circular or Excessively Long Routes
202
+ (11/0) Time to Live Count Exceeded
203
+ (11/1) Fragment Reassembly Time Exceeded
204
+ Reporting Incorrect Datagram Headers
205
+ (12/0) Parameter-Problem
206
+ (12/1) Option Missing
207
+ (12/2) No Room for Option
208
+ Clock Synchronization and Transit Time Estimation
209
+ (13/0) Timestamp-Request
210
+ (14/0) Timestamp-Reply
211
+ Obtaining a Network Address (RARP Alternative)
212
+ (15/0) Information-Request
213
+ (16/0) Information-Reply
214
+ Obtaining a Subnet Mask [RFC 950]
215
+ (17/0) Address Mask-Request
216
+ (18/0) Address Mask-Reply
217
+ Other
218
+ (30/0) Traceroute
219
+ (31/0) Conversion-Error
220
+ (32/0) Mobile-Redirect
221
+```
222
+
223
+Ref: [RFC 792] [RFC 896] [RFC 950] [RFC 1016]
224
+ www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_3/cofigide/qos.htm#19774
225
+
226
+
227
+
228
+```
229
+Decimal system Prefix's
230
+ Factor Exponent Prefix
231
+---------------------------------------------------
232
+ 1 000 000 000 000 000 000 000 000...10^24....yotta
233
+ 1 000 000 000 000 000 000 000...10^21....zetta
234
+ 1 000 000 000 000 000 000...10^18....exa
235
+ 1 000 000 000 000 000...10^15....peta
236
+ 1 000 000 000 000...10^12....tera
237
+ 1 000 000 000...10^9.....giga
238
+ 1 000 000...10^6.....mega
239
+ 1 000...10^3.....kilo
240
+ 100...10^2.....hecto
241
+ 10...10^1.....deka
242
+ 0.1...10^-1....deci
243
+ 0.01...10^-2....centi
244
+ 0.001...10^-3....milli
245
+ 0.000 001...10^-6....micro
246
+ 0.000 000 001...10^-9....nano
247
+ 0.000 000 000 001...10^-12...pico
248
+ 0.000 000 000 000 001...10^-15...femto
249
+ 0.000 000 000 000 000 001...10^-18...atto
250
+ 0.000 000 000 000 000 000 001...10^-21...zepto
251
+ 0.000 000 000 000 000 000 000 001...10^-24...yocto
252
+---------------------------------------------------
253
+
254
+```
255
+- Convert Fahrenheit <> Celsius:
256
+ - Celsius = (Fahrenheit - 32) / 1.8
257
+ - Fahrenheit = (Celsius * 1.8) + 32
258
+
259
+
260
+last updated: 4jul02
261
+
262
+
263
+
networking/wifi_connect.md
... ...
@@ -0,0 +1,10 @@
1
+
2
+```
3
+ip link show wlp2s0
4
+ip link set wlp2s0 up
5
+iw wlp2s0 link
6
+sudo iw wlp2s0 scan | grep -i ssid
7
+ps -ef | grep wpa_supplicant
8
+sudo kill -9 <pid>
9
+connect lib/doc/wifi/home ; sudo dhclient wlp2s0
10
+```
software/docker.md
... ...
@@ -1,17 +0,0 @@
1
-# docker
2
-
3
-## pull files from inside container
4
-```
5
-docker cp <container_id>:/path/to/file /path/to/save
6
-```
7
-
8
-## clean up old images
9
-```
10
-docker rmi -f $(docker images --filter "dangling=true" -q)
11
-docker image prune
12
-```
13
-
14
-
15
-## ref
16
-- :1: https://stackoverflow.com/questions/44027873/how-to-create-a-new-docker-image-from-a-running-container-on-amazon
17
-- :2: https://stackoverflow.com/questions/43699368/configure-docker-daemon-port-to-enable-docker-apis/43713435#43713435
software/envoy.md
... ...
@@ -1,36 +0,0 @@
1
-# envoy
2
-
3
-https://envoyproxy.io
4
-
5
-## envoy architecture
6
-[1][]
7
-
8
-### inbound
9
-
10
- [ listener ]
11
- └─┐
12
- ↓
13
- [ filter chains ]
14
- └─┐
15
- ↓
16
- [ filter ]
17
- ├ tcp proxy
18
- └ http connection manager
19
-
20
-### outbound
21
-
22
- [ clusters ]
23
- └─┐
24
- ↓
25
- [ endpoints]
26
- ├ static cluster (load assignment)
27
- └ dynamic cluster (eds_assignment)
28
-
29
-## protocol specific routing
30
-
31
- [ envoy ]
32
- │
33
- ┌──────┴──────┐
34
- ↓ ↓
35
- / /api
36
- [ front end ] [ api ]
software/firewall-cmd.md
... ...
@@ -1,15 +0,0 @@
1
-# firewall-cmd
2
-
3
-## add / remove port
4
-```
5
-firewall-cmd --permanent --add-port=<port_num>/<protocol>
6
-firewall-cmd --permanent --remove-port=<port_num>/<protocol>
7
-
8
-firewall-cmd --permanent --add-port=22/tcp
9
-firewall-cmd --permanent --remove-port=22/tcp
10
-```
11
-
12
-## open port on specific ip
13
-[serverfault answer][]
14
-
15
-[serverfault answer]: https://serverfault.com/questions/684602/how-to-open-port-for-a-specific-ip-address-with-firewall-cmd-on-centos#684603
software/firewalls.md
... ...
@@ -1,5 +0,0 @@
1
-# firewalls
2
-
3
-## linux
4
-- [iptables](iptables)
5
-- [firewall cmd](firewall-cmd)
software/git.md
... ...
@@ -1,105 +0,0 @@
1
-# git
2
-
3
-undo merge that hasn't been pushed
4
-```zsh
5
-git reset --merge HEAD~1
6
-```
7
-
8
-roll back hard
9
-```
10
-git reset --hard <commit/tag>
11
-```
12
-
13
-force push of a previous commit
14
-```
15
-git push -f origin <commit_id>:<branch>
16
-```
17
-
18
-delete remote branch
19
-```
20
-git push --delete origin <branch>
21
-```
22
-
23
-reset local branch after a forced-update (above)
24
-```
25
-git fetch
26
-git reset origin/<branch> --hard
27
-```
28
-
29
-renaming branch and updating remote
30
-```
31
-git branch -m old-name new-name
32
-git push origin --set-upstream new-name
33
-git push origin :old-name
34
-```
35
-
36
-set username for [single repo][]
37
-```
38
-git config user.username 'name'
39
-```
40
-
41
-set signing key for local repo
42
-```
43
-git config user.signingkey <id>
44
-```
45
-
46
-[signing][] commits
47
-```
48
-git commit -S -m 'msg'
49
-```
50
-
51
-compare diff between two commits
52
-```
53
-git diff <commit>...<commit>
54
-```
55
-
56
-stash
57
-```
58
-git stash
59
-git stash show
60
-```
61
-
62
-unstash
63
-```
64
-git stash pop
65
-```
66
-
67
-add remote origin
68
-```
69
-git remote add origin git@gitserver/path/to/repo
70
-```
71
-
72
-add multiple push repos
73
-```
74
-git remote set-url --add --push origin git@gitserver/original/repo
75
-git remote set-url --add --push origin https://gitserver/another/repo
76
-```
77
-
78
-archive branch
79
-```
80
-git archive --format zip --outpu /path/to/output.zip <branch>
81
-```
82
-
83
-## using `hub`
84
-### pull requests
85
-```
86
-hub pr list
87
-hub pr checkout <num>
88
-```
89
-
90
-## helpful links
91
-
92
-[making a pull request][]
93
-
94
-[branching and rebasing][]
95
-
96
-[branching model][]
97
-
98
-[merging and rebasing][]
99
-
100
-[making a pull request]: https://www.atlassian.com/git/tutorials/making-a-pull-request
101
-[branching and rebasing]: https://git-scm.com/book/en/v2/Git-Branching-Rebasing
102
-[branching model]: https://nvie.com/posts/a-successful-git-branching-model/
103
-[single repo]: https://help.github.com/articles/setting-your-username-in-git/
104
-[merging and rebasing]: https://www.atlassian.com/git/tutorials/merging-vs-rebasing
105
-[signing]: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
software/haproxy.md
... ...
@@ -1,5 +0,0 @@
1
-# haproxy
2
-
3
-[config_guide][]
4
-
5
-[config_guide]: http://cbonte.github.io/haproxy-dconv/2.4/configuration.html
software/kubernetes.md
... ...
@@ -1,11 +0,0 @@
1
-# kubernetes
2
-
3
-- list pods for all namespaces
4
-```
5
-kubectl get pods --all-namespaces
6
-```
7
-
8
-- get list of containers in pod
9
-```
10
-kubectl -n <namespace> get pods <pod_name> -o jsonpath='{.spec.containers[*].name}'
11
-```
software/lxc.md
... ...
@@ -1,292 +0,0 @@
1
-# lxc
2
-
3
-## set up
4
-### arch
5
-[archwiki_setup][]
6
-[redhat_guide][]
7
-[linux_containers_guide][]
8
-
9
-* install `lxc`
10
-```
11
-pacman -S lxc dnsmasq
12
-```
13
-* or on debian
14
-```
15
-apt-get install lxc dnsmasq-base uidmap acl libpam-cgfs
16
-echo "kernel.unprivileged_userns_clone=1" >> /etc/sysctl.conf
17
-reboot
18
-```
19
-* add the following line to '/etc/pam.d/system-login'
20
-* (debian '/etc/pam.d/login')
21
-```
22
-session optional pam_cgfs.so -c freezer,memory,name=systemd,unified
23
-```
24
-* create '/etc/default/lxc-net' config
25
-```
26
-# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
27
-# containers. Set to "false" if you'll use virbr0 or another existing
28
-# bridge, or mavlan to your host's NIC.
29
-USE_LXC_BRIDGE="true"
30
-
31
-# If you change the LXC_BRIDGE to something other than lxcbr0, then
32
-# you will also need to update your /etc/lxc/default.conf as well as the
33
-# configuration (/var/lib/lxc/<container>/config) for any containers
34
-# already created using the default config to reflect the new bridge
35
-# name.
36
-# If you have the dnsmasq daemon installed, you'll also have to update
37
-# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
38
-LXC_BRIDGE="lxcbr0"
39
-LXC_ADDR="10.0.3.1"
40
-LXC_NETMASK="255.255.255.0"
41
-LXC_NETWORK="10.0.3.0/24"
42
-LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
43
-LXC_DHCP_MAX="253"
44
-# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
45
-# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
46
-# container 'mail1' always get ip address 10.0.3.100.
47
-#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
48
-
49
-# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
50
-# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
51
-# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
52
-# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
53
-# Once these changes are made, restart the lxc-net and network-manager services.
54
-# 'container1.lxc' will then resolve on your host.
55
-#LXC_DOMAIN="lxc"
56
-```
57
-* add the following lines to '/etc/lxc/default.conf'
58
-```
59
-lxc.net.0.type = veth
60
-lxc.net.0.link = lxcbr0
61
-lxc.net.0.flags = up
62
-lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
63
-lxc.idmap = u 0 100000 65536
64
-lxc.idmap = g 0 100000 65536
65
-```
66
-* start `lxc-net`
67
-```
68
-systemctl restart lxc-net
69
-```
70
-* check that `lxcbr0` bridge has been created
71
-```
72
-ip a s lxcbr0
73
-```
74
-* create '/etc/subuid'
75
-```
76
-pyratebeard:100000:65536
77
-```
78
-* create '/etc/subgid'
79
-```
80
-pyratebeard:100000:65536
81
-```
82
-* create '/etc/lxc/lxc-usernet' for allowing user to create network devices
83
-```
84
-pyratebeard veth lxcbr0 10
85
-```
86
- - `veth` - virtual ethernet
87
- - `lxcbr0` - network bridge
88
- - `10` - number of devices allowed
89
-* create local dirs
90
-```
91
-mkdir ~/.{config,cache}/lxc
92
-mkdir ~/.local/share
93
-```
94
-* create '~/.config/lxc/default.conf'
95
-```
96
-lxc.net.0.type = veth
97
-lxc.net.0.link = lxcbr0
98
-lxc.net.0.flags = up
99
-lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
100
-lxc.idmap = u 0 100000 65536
101
-lxc.idmap = g 0 100000 65536
102
-```
103
-* make '~/.local/share' executable and set acls
104
-```
105
-chmod +x ~/.local/share
106
-setfacl -m u:100000:x /home/pyratebeard
107
-setfacl -m u:100000:x /home/pyratebeard/.local
108
-```
109
-
110
-## create container
111
-```
112
-lxc-create -t download -n <name>
113
-# or
114
-lxc-create -n <name> -t download -- --dist alpine --release 3.13 --arch amd64
115
-lxc-start -d -n <name>
116
-lxc-attach -n <name>
117
-```
118
-or
119
-```
120
-vi ~/.local/share/lxc/powerzone/rootfs/etc/shadow
121
- # remove `!` from root user
122
-lxc-start -n powerzone
123
-lxc-console -n powerzone
124
-```
125
-
126
-* python module for script api [5][]
127
-
128
-## alpine linux config
129
-```
130
-apk update
131
-apk upgrade
132
-passwd
133
-adduser pyratebeard
134
-adduser pyratebeard wheel
135
-apk add doas vim openssh
136
-vim /etc/doas.conf
137
- permit nopass pyratebeard
138
-rc-update add sshd
139
-rc-service sshd start
140
-rc-status
141
-```
142
-logout (`ctrl-a q` to exit console)
143
-
144
-## debian config
145
-```
146
-passwd
147
-apt-get install openssh-server python3
148
-vi /etc/ssh/sshd_config
149
- PermitRootLogin yes
150
-systemctl reload sshd
151
-```
152
-
153
-### alpine services
154
-add files to /etc/init.d/
155
-```
156
-#!/sbin/openrc-run
157
-name="test"
158
-command="echo hello"
159
-```
160
-
161
-## known errors
162
-* systemd containers fail to start
163
-```
164
-Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
165
-[!!!!!!] Failed to mount API filesystems, freezing.
166
-Freezing execution.
167
-```
168
- * '/sys/fs/cgroup/systemd' dir doesn't exist
169
- * to fix, create dir, mount cgroup, set permissions [lxc-users group post][]
170
-```
171
-sudo mkdir /sys/fs/cgroup/systemd
172
-sudo mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
173
-sudo chown pyratebeard:users /sys/fs/cgroup/systemd
174
-```
175
-* keyserver not found on `lxc-create`
176
- * to fix add `DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80"` before `lxc-create` cmd
177
- * https://github.com/lxc/lxc/issues/3874
178
- * https://github.com/lxc/lxc/commit/f2a5d95d00a55bed27ef9920d67617cc75fecad8
179
-```
180
-Setting up the GPG keyring
181
-ERROR: Unable to fetch GPG key from keyserver
182
-```
183
-* wait_ondaemonized_startL 833 no such file or directory
184
- * `lxc-start` in foreground gives segmentation fault
185
-```
186
-lxc-start -n test /bin/sh
187
-```
188
-
189
-## moving containers
190
-[so answer]
191
-```
192
-lxc-stop -n $NAME
193
-cd ~/.local/share/lxc/$NAME
194
-sudo tar --numeric-owner -czvf ../$NAME.tgz ./*
195
-chown pyratebeard: ../$NAME.tgz
196
-rsync -avh $NAME.tgz user@hostname:.local/share/lxc/
197
-ssh user@hostname
198
-mkdir ~/.local/share/lxc/$NAME
199
-cd ~/.local/share/lxc/$NAME
200
-sudo tar --numeric-owner -xzvf ../$NAME.tgz .
201
-```
202
-* tried this between wht-rht-obj and fka
203
- * container runs (after adding user gid to /etc/subgid)
204
- * no ip address though. veth is created but ip4 not given
205
-* check dir/file permissions
206
- * .local/share/lxc/$NAME = 755 100000:100000
207
- * .local/share/lxc/$NAME/rootfs/* = 100000:100000
208
- * .local/share/lxc/$NAME/config = pyratebeard:users
209
-
210
-## example
211
-### setting up multiple websites behind haproxy
212
-* install openzfs
213
-* start lx daemon
214
-```
215
-sudo apt install zfsutils-linux
216
-sudo lxd init
217
-```
218
-* answer questions
219
-* launch containers
220
-```
221
-lxc launch ubuntu:18.04 subdomain1
222
-lxc launch ubuntu:18.04 subdomain2
223
-lxc launch ubuntu:18.04 haproxy
224
-lxc list
225
-```
226
-
227
-[archwiki_setup]: https://wiki.archlinux.org/title/Linux_Containers#Setup
228
-[redhat_guide]: https://www.redhat.com/sysadmin/exploring-containers-lxc
229
-[linux_containers_guide]: https://linuxcontainers.org/lxc/getting-started/
230
-[lxc-users group post]: https://groups.google.com/a/lists.linuxcontainers.org/g/lxc-users/c/r_8Eww6i9tA
231
-[so answer]: https://stackoverflow.com/questions/23427129/how-do-i-backup-move-lxc-containers#34194341
232
-[5]: https://github.com/lxc/python3-lxc
233
-
234
-gollum haproxy log pastebin radicale site stagit znc ftp
235
-
236
-## debian test
237
-* debian 10 (aws instance)
238
- * 'admin' user
239
-* `apt-get install lxc dnsmasq-base uidmap`
240
-* follow setup (see own wiki)
241
-* building debian containers works well
242
-* ansible playbook runs using proxyjump in ssh config
243
-* attempting to run haproxy in container
244
-* iptables rules for prerouting
245
- * `sudo iptables -t nat -I PREROUTING -i eth0 -p TCP -d <public_ip>/24 --dport 80 -j DNAT --to-destination <haproxy_ip>:80`
246
- * `sudo iptables -t nat -I PREROUTING -i eth0 -p TCP -d <public_ip>/24 --dport 443 -j DNAT --to-destination <haproxy_ip>:443`
247
- * `sudo iptables -L -n -t nat`
248
- * `sudo apt-get install iptables-persistent`
249
-* haproxy container
250
- * `apt-get install haproxy`
251
- * add the following to the 'global' section
252
- ```
253
- ...
254
- maxconn 2048
255
- ...
256
- tune.ssl.default-dh-param 2048
257
- ```
258
- * add the following to the 'defaults' section
259
- ```
260
- ...
261
- option forwardfor
262
- option http-server-close
263
- ...
264
- ```
265
- * create frontend
266
- ```
267
- frontend http_frontend
268
- bind *:80
269
- acl infratuxture hdr(host) -i penguin.renre.com
270
- #acl anotherlxc hdr(host) -i anotherdomain.renre.com
271
- use_backend penguin if infratuxture
272
- #use_backend anotherdomain if anotherlxc
273
- ```
274
- * create backend
275
- ```
276
- backend penguin
277
- balance leastconn
278
- http-request set-header X-Client-IP %[src]
279
- server penguin 10.0.3.162:80 check
280
-
281
- #backend anotherdomain
282
- # balance leastconn
283
- # http-request set-header X-Client-IP %[src]
284
- # server anotherdomain an.oth.er.ip:80 check
285
- ```
286
-* infratuxture container
287
- * `apt-get install git lighttpd`
288
- * pull git repo in html dir
289
- ```
290
- cd /var/www/html
291
- git clone https://git.renre.com/infrastructure/linux-patching.github.io.git .
292
- ```
software/mosh.md
... ...
@@ -1,27 +0,0 @@
1
-# mosh
2
-
3
-_mosh must be installed on client and server_
4
-
5
-## install
6
-```
7
-yum install mosh
8
-
9
-apt-get install mosh
10
-```
11
-
12
-## usage
13
-on server allow port through firewall
14
-```
15
-firewall-cmd --permanent --add-port=60001/udp
16
-firewall-cmd --reload
17
-```
18
-
19
-on client
20
-```
21
-mosh user@host
22
-```
23
-
24
-if ssh is listening on different port
25
-```
26
-mosh --ssh="ssh -p 22666" user@host
27
-```
software/openvpn.md
... ...
@@ -1,31 +0,0 @@
1
-# openvpn
2
-
3
-## setup server
4
-```
5
-sudo apt-get update && sudo apt-get upgrade
6
-sudo apt-get install openvpn easy-rsa
7
-```
8
-... all same until /etc/openvpn/easy-rsa/keys
9
-```
10
-cd /etc/openvpn/easy-rsa/
11
-cp vars.example vars
12
-vi vars
13
-```
14
-- uncomment and modify following lines
15
-```
16
-#set_var EASYRSA_REQ_COUNTRY "US"
17
-#set_var EASYRSA_REQ_PROVINCE "California"
18
-#set_var EASYRSA_REQ_CITY "San Francisco"
19
-#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
20
-#set_var EASYRSA_REQ_EMAIL "me@example.net"
21
-#set_var EASYRSA_REQ_OU "My Organizational Unit"
22
-```
23
-- save and close
24
-```
25
-./easyrsa init-pki
26
-```
27
-
28
-when service starts and waits for password in the background use this to enter password
29
-```
30
-sudo systemd-tty-ask-password-agent --query
31
-```
software/qemu.md
... ...
@@ -1,18 +0,0 @@
1
-# qemu
2
-
3
-## create vm
4
-```
5
-qemu-img create -f qcow2 <filename> 4g
6
-```
7
-- `create [-f FMT] filename [size]`
8
- - size is disk image size in bytes
9
-
10
-## install system
11
-```
12
-qemu-system-x86_64 -m 1g -cdrom /path/to/iso -boot order=d -drive file=<filename>,format=qcow2
13
-```
14
-
15
-## start system
16
-```
17
-qemu-system-x86_64 <filename>
18
-```
software/subnet_cheatsheet.md
... ...
@@ -1,263 +0,0 @@
1
-# subnet cheatsheet
2
-
3
-https://oav.net/mirrors/cidr.html
4
-
5
-```
6
-Netmask Netmask (binary) CIDR Notes
7
-_____________________________________________________________________________
8
-255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single addr)
9
-255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
10
-255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
11
-255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
12
-255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
13
-255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
14
-255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
15
-255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
16
-255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable
17
-
18
-255.255.254.0 11111111.11111111.11111110.00000000 /23 2 Class C's
19
-255.255.252.0 11111111.11111111.11111100.00000000 /22 4 Class C's
20
-255.255.248.0 11111111.11111111.11111000.00000000 /21 8 Class C's
21
-255.255.240.0 11111111.11111111.11110000.00000000 /20 16 Class C's
22
-255.255.224.0 11111111.11111111.11100000.00000000 /19 32 Class C's
23
-255.255.192.0 11111111.11111111.11000000.00000000 /18 64 Class C's
24
-255.255.128.0 11111111.11111111.10000000.00000000 /17 128 Class C's
25
-255.255.0.0 11111111.11111111.00000000.00000000 /16 "Class B"
26
-
27
-255.254.0.0 11111111.11111110.00000000.00000000 /15 2 Class B's
28
-255.252.0.0 11111111.11111100.00000000.00000000 /14 4 Class B's
29
-255.248.0.0 11111111.11111000.00000000.00000000 /13 8 Class B's
30
-255.240.0.0 11111111.11110000.00000000.00000000 /12 16 Class B's
31
-255.224.0.0 11111111.11100000.00000000.00000000 /11 32 Class B's
32
-255.192.0.0 11111111.11000000.00000000.00000000 /10 64 Class B's
33
-255.128.0.0 11111111.10000000.00000000.00000000 /9 128 Class B's
34
-255.0.0.0 11111111.00000000.00000000.00000000 /8 "Class A"
35
-
36
-254.0.0.0 11111110.00000000.00000000.00000000 /7
37
-252.0.0.0 11111100.00000000.00000000.00000000 /6
38
-248.0.0.0 11111000.00000000.00000000.00000000 /5
39
-240.0.0.0 11110000.00000000.00000000.00000000 /4
40
-224.0.0.0 11100000.00000000.00000000.00000000 /3
41
-192.0.0.0 11000000.00000000.00000000.00000000 /2
42
-128.0.0.0 10000000.00000000.00000000.00000000 /1
43
-0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space
44
-```
45
-
46
-```
47
- Net Host Total
48
-Net Addr Addr Addr Number
49
-Class Range NetMask Bits Bits of hosts
50
-----------------------------------------------------------
51
-A 0-127 255.0.0.0 8 24 16777216 (i.e. 114.0.0.0)
52
-B 128-191 255.255.0.0 16 16 65536 (i.e. 150.0.0.0)
53
-C 192-254 255.255.255.0 24 8 256 (i.e. 199.0.0.0)
54
-D 224-239 (multicast)
55
-E 240-255 (reserved)
56
-F 208-215 255.255.255.240 28 4 16
57
-G 216/8 ARIN - North America
58
-G 217/8 RIPE NCC - Europe
59
-G 218-219/8 APNIC
60
-H 220-221 255.255.255.248 29 3 8 (reserved)
61
-K 222-223 255.255.255.254 31 1 2 (reserved)
62
-(ref: RFC1375 & http://www.iana.org/assignments/ipv4-address-space )
63
-( http://www.iana.org/numbers.htm )
64
-----------------------------------------------------------
65
-```
66
-
67
-The current list of special use prefixes:
68
-```
69
- 0.0.0.0/8
70
- 127.0.0.0/8
71
- 192.0.2.0/24
72
- 10.0.0.0/8
73
- 172.16.0.0/12
74
- 192.168.0.0/16
75
- 169.254.0.0/16
76
- all D/E space
77
-```
78
-- (ref: RFC1918 http://www.rfc-editor.org/rfc/rfc1918.txt )
79
-- ( or ftp://ftp.isi.edu/in-notes/rfc1918.txt )
80
-- (rfc search: http://www.rfc-editor.org/rfcsearch.html )
81
-- ( http://www.ietf.org/ietf/1id-abstracts.txt )
82
-- ( http://www.ietf.org/shadow.html )
83
-
84
-
85
-Martians: (updates at: www.iana.org/assignments/ipv4-address-space )
86
-```
87
- no ip source-route
88
- access-list 100 deny ip host 0.0.0.0 any
89
- deny ip 0.0.0.0 0.255.255.255 any log ! antispoof
90
- deny ip 0.0.0.0 0.255.255.255 0.0.0.0 255.255.255.255 ! antispoof
91
- deny ip any 255.255.255.128 0.0.0.127 ! antispoof
92
- deny ip host 0.0.0.0 any log ! antispoof
93
- deny ip host [router intf] [router intf] ! antispoof
94
- deny ip xxx.xxx.xxx.0 0.0.0.255 any log ! lan area
95
- deny ip 0/8 0.255.255.255 any log ! IANA - Reserved
96
- deny ip 1/8 0.255.255.255 any log ! IANA - Reserved
97
- deny ip 2/8 0.255.255.255 any log ! IANA - Reserved
98
- deny ip 5/8 0.255.255.255 any log ! IANA - Reserved
99
- deny ip 7/8 0.255.255.255 any log ! IANA - Reserved
100
- deny ip 10.0.0.0 0.255.255.255 any log ! IANA - Private Use
101
- deny ip 23/8 0.255.255.255 any log ! IANA - Reserved
102
- deny ip 27/8 0.255.255.255 any log ! IANA - Reserved
103
- deny ip 31/8 0.255.255.255 any log ! IANA - Reserved
104
- deny ip 36-37/8 0.255.255.255 any log ! IANA - Reserved
105
- deny ip 39/8 0.255.255.255 any log ! IANA - Reserved
106
- deny ip 41-42/8 0.255.255.255 any log ! IANA - Reserved
107
- deny ip 50/8 0.255.255.255 any log ! IANA - Reserved
108
- deny ip 58-60/8 0.255.255.255 any log ! IANA - Reserved
109
- deny ip 69-79/8 0.255.255.255 any log ! IANA - Reserved
110
- deny ip 82-95/8 0.255.255.255 any log ! IANA - Reserved
111
- deny ip 96-126/8 0.255.255.255 any log ! IANA - Reserved
112
- deny ip 127/8 0.255.255.255 any log ! IANA - Reserved
113
- deny ip 169.254.0.0 0.0.255.255 any log ! link-local network
114
- deny ip 172.16.0.0 0.15.255.255 any log ! reserved
115
- deny ip 192.168.0.0 0.0.255.255 any log ! reserved
116
- deny ip 192.0.2.0 0.0.0.255 any log ! test network
117
- deny ip 197/8 0.255.255.255 any log ! IANA - Reserved
118
- deny ip 220/8 0.255.255.255 any log ! IANA - Reserved
119
- deny ip 222-223/8 0.255.255.255 any log ! IANA - Reserved
120
- deny ip 224.0.0.0 31.255.255.255 any log ! multicast
121
- deny ip 224.0.0.0 15.255.255.255 any log ! unless MBGP-learned routes
122
- deny ip 224-239/8 0.255.255.255 any log ! IANA - Multicast
123
- deny ip 240-255/8 0.255.255.255 any log ! IANA - Reserved
124
-```
125
-
126
-```
127
-filtered source addresses
128
- 0/8 ! broadcast
129
- 10/8 ! RFC 1918 private
130
- 127/8 ! loopback
131
- 169.254.0/16 ! link local
132
- 172.16.0.0/12 ! RFC 1918 private
133
- 192.0.2.0/24 ! TEST-NET
134
- 192.168.0/16 ! RFC 1918 private
135
- 224.0.0.0/4 ! class D multicast
136
- 240.0.0.0/5 ! class E reserved
137
- 248.0.0.0/5 ! reserved
138
- 255.255.255.255/32 ! broadcast
139
-```
140
-
141
-ARIN administrated blocks: (http://www.arin.net/regserv/IPStats.html)
142
-```
143
- 24.0.0.0/8 (portions of)
144
- 63.0.0.0/8
145
- 64.0.0.0/8
146
- 65.0.0.0/8
147
- 66.0.0.0/8
148
- 196.0.0.0/8
149
- 198.0.0.0/8
150
- 199.0.0.0/8
151
- 200.0.0.0/8
152
- 204.0.0.0/8
153
- 205.0.0.0/8
154
- 206.0.0.0/8
155
- 207.0.0.0/8
156
- 208.0.0.0/8
157
- 209.0.0.0/8
158
- 216.0.0.0/8
159
-```
160
-----------------------------------------------------------
161
-
162
-well known ports: (rfc1700.txt)
163
- - www.iana.org/assignments/port-numbers
164
-
165
-protocol numbers:
166
- - www.iana.org/assignments/protocol-numbers
167
- - www.iana.org/numbers.htm
168
-
169
-ICMP(Types/Codes)
170
-```
171
- Testing Destination Reachability & Status
172
- (0/0) Echo-Reply
173
- (8/0) Echo
174
- Unreachable Destinations
175
- (3/0) Network Unreachable
176
- (3/1) Host Unreachable
177
- (3/2) Protocol Unreachable
178
- (3/3) Port Unreachable
179
- (3/4) Fragmentaion Needed and DF set (Pkt too big)
180
- (3/5) Source Route Failed
181
- (3/6) Network Unknown
182
- (3/7) Host Unknown
183
- (3/9) DOD Net Prohibited
184
- (3/10) DOD Host Prohibited
185
- (3/11) Net TOS Unreachable
186
- (3/12) Host TOS Unreachable
187
- (3/13) Administratively Prohibited
188
- (3/14) Host Precedence Unreachable
189
- (3/15) Precedence Unreachable
190
- Flow Control
191
- (4/0) Source-Quench [RFC 1016]
192
- Route Change Requests from Gateways
193
- (5/0) Redirect Datagrams for the Net
194
- (5/1) Redirect Datagrams for the Host
195
- (5/2) Redirect Datagrams for the TOS and Net
196
- (5/3) Redirect Datagrams for the TOS and Host
197
- Router
198
- (6/-) Alternate-Address
199
- (9/0) Router-Advertisement
200
- (10/0) Router-Solicitation
201
- Detecting Circular or Excessively Long Routes
202
- (11/0) Time to Live Count Exceeded
203
- (11/1) Fragment Reassembly Time Exceeded
204
- Reporting Incorrect Datagram Headers
205
- (12/0) Parameter-Problem
206
- (12/1) Option Missing
207
- (12/2) No Room for Option
208
- Clock Synchronization and Transit Time Estimation
209
- (13/0) Timestamp-Request
210
- (14/0) Timestamp-Reply
211
- Obtaining a Network Address (RARP Alternative)
212
- (15/0) Information-Request
213
- (16/0) Information-Reply
214
- Obtaining a Subnet Mask [RFC 950]
215
- (17/0) Address Mask-Request
216
- (18/0) Address Mask-Reply
217
- Other
218
- (30/0) Traceroute
219
- (31/0) Conversion-Error
220
- (32/0) Mobile-Redirect
221
-```
222
-
223
-Ref: [RFC 792] [RFC 896] [RFC 950] [RFC 1016]
224
- www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_3/cofigide/qos.htm#19774
225
-
226
-
227
-
228
-```
229
-Decimal system Prefix's
230
- Factor Exponent Prefix
231
----------------------------------------------------
232
- 1 000 000 000 000 000 000 000 000...10^24....yotta
233
- 1 000 000 000 000 000 000 000...10^21....zetta
234
- 1 000 000 000 000 000 000...10^18....exa
235
- 1 000 000 000 000 000...10^15....peta
236
- 1 000 000 000 000...10^12....tera
237
- 1 000 000 000...10^9.....giga
238
- 1 000 000...10^6.....mega
239
- 1 000...10^3.....kilo
240
- 100...10^2.....hecto
241
- 10...10^1.....deka
242
- 0.1...10^-1....deci
243
- 0.01...10^-2....centi
244
- 0.001...10^-3....milli
245
- 0.000 001...10^-6....micro
246
- 0.000 000 001...10^-9....nano
247
- 0.000 000 000 001...10^-12...pico
248
- 0.000 000 000 000 001...10^-15...femto
249
- 0.000 000 000 000 000 001...10^-18...atto
250
- 0.000 000 000 000 000 000 001...10^-21...zepto
251
- 0.000 000 000 000 000 000 000 001...10^-24...yocto
252
----------------------------------------------------
253
-
254
-```
255
-- Convert Fahrenheit <> Celsius:
256
- - Celsius = (Fahrenheit - 32) / 1.8
257
- - Fahrenheit = (Celsius * 1.8) + 32
258
-
259
-
260
-last updated: 4jul02
261
-
262
-
263
-
software/svn.md
... ...
@@ -1,23 +0,0 @@
1
-# svn
2
-
3
-[dave child cheatsheet][]
4
-
5
-[abbey workshop howto][]
6
-
7
-```
8
-svn checkout --username=pyratebeard http://example.com/svn/repo/trunk localrepo
9
-
10
-svn status
11
-
12
-svn update /path
13
-```
14
-
15
-only need add for new directories or files
16
-```
17
-svn add /path|file
18
-
19
-svn commit -m "message" /path|file
20
-```
21
-
22
-[dave child cheatsheet]: https://www.cheatography.com/davechild/cheat-sheets/subversion/
23
-[abbey workshop howto]: https://www.abbeyworkshop.com/howto/misc/svn01/
software/wifi_connect.md
... ...
@@ -1,10 +0,0 @@
1
-
2
-```
3
-ip link show wlp2s0
4
-ip link set wlp2s0 up
5
-iw wlp2s0 link
6
-sudo iw wlp2s0 scan | grep -i ssid
7
-ps -ef | grep wpa_supplicant
8
-sudo kill -9 <pid>
9
-connect lib/doc/wifi/home ; sudo dhclient wlp2s0
10
-```
tech-index.md
... ...
@@ -1,7 +1,7 @@
1 1
# tech
2 2
## everyday tools
3 3
* [vim](/software/vim)
4
-* [git](/software/git)
4
+* [git](/vcs/git)
5 5
* [tmux](/software/tmux)
6 6
* [mutt](/software/mutt)
7 7
* [vimwiki](/software/vimwiki)
... ...
@@ -21,12 +21,12 @@
21 21
## software
22 22
23 23
### vcs
24
-* [svn](/software/svn)
24
+* [svn](/vcs/svn)
25 25
26 26
### containers
27
-* [lxc](/software/lxc)
28
-* [docker](/software/docker)
29
-* [k8s](/software/kubernetes)
27
+* [lxc](/virtualisation/lxc)
28
+* [docker](/virtualisation/docker)
29
+* [k8s](/virtualisation/kubernetes)
30 30
31 31
* [durdraw](/software/durdraw)
32 32
* [gollum](/software/gollum)
... ...
@@ -37,7 +37,7 @@
37 37
* [ldap](/software/ldap)
38 38
* [exim4](/software/exim4)
39 39
* [ftp](/software/ftp)
40
-* [mosh](/software/mosh)
40
+* [mosh](/networking/mosh)
41 41
* [usenet](/software/usenet)
42 42
* [znc](/software/znc)
43 43
* [mariadb](/software/mariadb)
... ...
@@ -51,15 +51,15 @@
51 51
* [snmp](/software/snmp)
52 52
* [tcpdump](/software/tcpdump)
53 53
* [bluetooth](/software/bluetooth)
54
-* [firewalls](/software/firewalls)
55
-* [haproxy](/software/haproxy)
54
+* [firewalls](/networking/firewalls)
55
+* [haproxy](/networking/haproxy)
56 56
* [openssl](/software/openssl)
57
-* [openvpn](/software/openvpn)
58
-* [envoy](/software/envoy)
59
-* [subnet_cheatsheet](/software/subnet_cheatsheet)
60
-* [wifi_connect](/software/wifi_connect)
57
+* [openvpn](/networking/openvpn)
58
+* [envoy](/networking/envoy)
59
+* [subnet_cheatsheet](/networking/subnet_cheatsheet)
60
+* [wifi_connect](/networking/wifi_connect)
61 61
* [esxi](/software/esxi)
62
-* [qemu](/software/qemu)
62
+* [qemu](/virtualisation/qemu)
63 63
* [certbot](/software/certbot)
64 64
* [django](/software/django)
65 65
* [gopher](/software/gopher)
vcs/git.md
... ...
@@ -0,0 +1,105 @@
1
+# git
2
+
3
+undo merge that hasn't been pushed
4
+```zsh
5
+git reset --merge HEAD~1
6
+```
7
+
8
+roll back hard
9
+```
10
+git reset --hard <commit/tag>
11
+```
12
+
13
+force push of a previous commit
14
+```
15
+git push -f origin <commit_id>:<branch>
16
+```
17
+
18
+delete remote branch
19
+```
20
+git push --delete origin <branch>
21
+```
22
+
23
+reset local branch after a forced-update (above)
24
+```
25
+git fetch
26
+git reset origin/<branch> --hard
27
+```
28
+
29
+renaming branch and updating remote
30
+```
31
+git branch -m old-name new-name
32
+git push origin --set-upstream new-name
33
+git push origin :old-name
34
+```
35
+
36
+set username for [single repo][]
37
+```
38
+git config user.username 'name'
39
+```
40
+
41
+set signing key for local repo
42
+```
43
+git config user.signingkey <id>
44
+```
45
+
46
+[signing][] commits
47
+```
48
+git commit -S -m 'msg'
49
+```
50
+
51
+compare diff between two commits
52
+```
53
+git diff <commit>...<commit>
54
+```
55
+
56
+stash
57
+```
58
+git stash
59
+git stash show
60
+```
61
+
62
+unstash
63
+```
64
+git stash pop
65
+```
66
+
67
+add remote origin
68
+```
69
+git remote add origin git@gitserver/path/to/repo
70
+```
71
+
72
+add multiple push repos
73
+```
74
+git remote set-url --add --push origin git@gitserver/original/repo
75
+git remote set-url --add --push origin https://gitserver/another/repo
76
+```
77
+
78
+archive branch
79
+```
80
+git archive --format zip --outpu /path/to/output.zip <branch>
81
+```
82
+
83
+## using `hub`
84
+### pull requests
85
+```
86
+hub pr list
87
+hub pr checkout <num>
88
+```
89
+
90
+## helpful links
91
+
92
+[making a pull request][]
93
+
94
+[branching and rebasing][]
95
+
96
+[branching model][]
97
+
98
+[merging and rebasing][]
99
+
100
+[making a pull request]: https://www.atlassian.com/git/tutorials/making-a-pull-request
101
+[branching and rebasing]: https://git-scm.com/book/en/v2/Git-Branching-Rebasing
102
+[branching model]: https://nvie.com/posts/a-successful-git-branching-model/
103
+[single repo]: https://help.github.com/articles/setting-your-username-in-git/
104
+[merging and rebasing]: https://www.atlassian.com/git/tutorials/merging-vs-rebasing
105
+[signing]: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
vcs/svn.md
... ...
@@ -0,0 +1,23 @@
1
+# svn
2
+
3
+[dave child cheatsheet][]
4
+
5
+[abbey workshop howto][]
6
+
7
+```
8
+svn checkout --username=pyratebeard http://example.com/svn/repo/trunk localrepo
9
+
10
+svn status
11
+
12
+svn update /path
13
+```
14
+
15
+only need add for new directories or files
16
+```
17
+svn add /path|file
18
+
19
+svn commit -m "message" /path|file
20
+```
21
+
22
+[dave child cheatsheet]: https://www.cheatography.com/davechild/cheat-sheets/subversion/
23
+[abbey workshop howto]: https://www.abbeyworkshop.com/howto/misc/svn01/
virtualisation/docker.md
... ...
@@ -0,0 +1,17 @@
1
+# docker
2
+
3
+## pull files from inside container
4
+```
5
+docker cp <container_id>:/path/to/file /path/to/save
6
+```
7
+
8
+## clean up old images
9
+```
10
+docker rmi -f $(docker images --filter "dangling=true" -q)
11
+docker image prune
12
+```
13
+
14
+
15
+## ref
16
+- :1: https://stackoverflow.com/questions/44027873/how-to-create-a-new-docker-image-from-a-running-container-on-amazon
17
+- :2: https://stackoverflow.com/questions/43699368/configure-docker-daemon-port-to-enable-docker-apis/43713435#43713435
virtualisation/kubernetes.md
... ...
@@ -0,0 +1,11 @@
1
+# kubernetes
2
+
3
+- list pods for all namespaces
4
+```
5
+kubectl get pods --all-namespaces
6
+```
7
+
8
+- get list of containers in pod
9
+```
10
+kubectl -n <namespace> get pods <pod_name> -o jsonpath='{.spec.containers[*].name}'
11
+```
virtualisation/lxc.md
... ...
@@ -0,0 +1,292 @@
1
+# lxc
2
+
3
+## set up
4
+### arch
5
+[archwiki_setup][]
6
+[redhat_guide][]
7
+[linux_containers_guide][]
8
+
9
+* install `lxc`
10
+```
11
+pacman -S lxc dnsmasq
12
+```
13
+* or on debian
14
+```
15
+apt-get install lxc dnsmasq-base uidmap acl libpam-cgfs
16
+echo "kernel.unprivileged_userns_clone=1" >> /etc/sysctl.conf
17
+reboot
18
+```
19
+* add the following line to '/etc/pam.d/system-login'
20
+* (debian '/etc/pam.d/login')
21
+```
22
+session optional pam_cgfs.so -c freezer,memory,name=systemd,unified
23
+```
24
+* create '/etc/default/lxc-net' config
25
+```
26
+# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
27
+# containers. Set to "false" if you'll use virbr0 or another existing
28
+# bridge, or mavlan to your host's NIC.
29
+USE_LXC_BRIDGE="true"
30
+
31
+# If you change the LXC_BRIDGE to something other than lxcbr0, then
32
+# you will also need to update your /etc/lxc/default.conf as well as the
33
+# configuration (/var/lib/lxc/<container>/config) for any containers
34
+# already created using the default config to reflect the new bridge
35
+# name.
36
+# If you have the dnsmasq daemon installed, you'll also have to update
37
+# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
38
+LXC_BRIDGE="lxcbr0"
39
+LXC_ADDR="10.0.3.1"
40
+LXC_NETMASK="255.255.255.0"
41
+LXC_NETWORK="10.0.3.0/24"
42
+LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
43
+LXC_DHCP_MAX="253"
44
+# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
45
+# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
46
+# container 'mail1' always get ip address 10.0.3.100.
47
+#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
48
+
49
+# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
50
+# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
51
+# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
52
+# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
53
+# Once these changes are made, restart the lxc-net and network-manager services.
54
+# 'container1.lxc' will then resolve on your host.
55
+#LXC_DOMAIN="lxc"
56
+```
57
+* add the following lines to '/etc/lxc/default.conf'
58
+```
59
+lxc.net.0.type = veth
60
+lxc.net.0.link = lxcbr0
61
+lxc.net.0.flags = up
62
+lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
63
+lxc.idmap = u 0 100000 65536
64
+lxc.idmap = g 0 100000 65536
65
+```
66
+* start `lxc-net`
67
+```
68
+systemctl restart lxc-net
69
+```
70
+* check that `lxcbr0` bridge has been created
71
+```
72
+ip a s lxcbr0
73
+```
74
+* create '/etc/subuid'
75
+```
76
+pyratebeard:100000:65536
77
+```
78
+* create '/etc/subgid'
79
+```
80
+pyratebeard:100000:65536
81
+```
82
+* create '/etc/lxc/lxc-usernet' for allowing user to create network devices
83
+```
84
+pyratebeard veth lxcbr0 10
85
+```
86
+ - `veth` - virtual ethernet
87
+ - `lxcbr0` - network bridge
88
+ - `10` - number of devices allowed
89
+* create local dirs
90
+```
91
+mkdir ~/.{config,cache}/lxc
92
+mkdir ~/.local/share
93
+```
94
+* create '~/.config/lxc/default.conf'
95
+```
96
+lxc.net.0.type = veth
97
+lxc.net.0.link = lxcbr0
98
+lxc.net.0.flags = up
99
+lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
100
+lxc.idmap = u 0 100000 65536
101
+lxc.idmap = g 0 100000 65536
102
+```
103
+* make '~/.local/share' executable and set acls
104
+```
105
+chmod +x ~/.local/share
106
+setfacl -m u:100000:x /home/pyratebeard
107
+setfacl -m u:100000:x /home/pyratebeard/.local
108
+```
109
+
110
+## create container
111
+```
112
+lxc-create -t download -n <name>
113
+# or
114
+lxc-create -n <name> -t download -- --dist alpine --release 3.13 --arch amd64
115
+lxc-start -d -n <name>
116
+lxc-attach -n <name>
117
+```
118
+or
119
+```
120
+vi ~/.local/share/lxc/powerzone/rootfs/etc/shadow
121
+ # remove `!` from root user
122
+lxc-start -n powerzone
123
+lxc-console -n powerzone
124
+```
125
+
126
+* python module for script api [5][]
127
+
128
+## alpine linux config
129
+```
130
+apk update
131
+apk upgrade
132
+passwd
133
+adduser pyratebeard
134
+adduser pyratebeard wheel
135
+apk add doas vim openssh
136
+vim /etc/doas.conf
137
+ permit nopass pyratebeard
138
+rc-update add sshd
139
+rc-service sshd start
140
+rc-status
141
+```
142
+logout (`ctrl-a q` to exit console)
143
+
144
+## debian config
145
+```
146
+passwd
147
+apt-get install openssh-server python3
148
+vi /etc/ssh/sshd_config
149
+ PermitRootLogin yes
150
+systemctl reload sshd
151
+```
152
+
153
+### alpine services
154
+add files to /etc/init.d/
155
+```
156
+#!/sbin/openrc-run
157
+name="test"
158
+command="echo hello"
159
+```
160
+
161
+## known errors
162
+* systemd containers fail to start
163
+```
164
+Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
165
+[!!!!!!] Failed to mount API filesystems, freezing.
166
+Freezing execution.
167
+```
168
+ * '/sys/fs/cgroup/systemd' dir doesn't exist
169
+ * to fix, create dir, mount cgroup, set permissions [lxc-users group post][]
170
+```
171
+sudo mkdir /sys/fs/cgroup/systemd
172
+sudo mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
173
+sudo chown pyratebeard:users /sys/fs/cgroup/systemd
174
+```
175
+* keyserver not found on `lxc-create`
176
+ * to fix add `DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80"` before `lxc-create` cmd
177
+ * https://github.com/lxc/lxc/issues/3874
178
+ * https://github.com/lxc/lxc/commit/f2a5d95d00a55bed27ef9920d67617cc75fecad8
179
+```
180
+Setting up the GPG keyring
181
+ERROR: Unable to fetch GPG key from keyserver
182
+```
183
+* wait_ondaemonized_startL 833 no such file or directory
184
+ * `lxc-start` in foreground gives segmentation fault
185
+```
186
+lxc-start -n test /bin/sh
187
+```
188
+
189
+## moving containers
190
+[so answer]
191
+```
192
+lxc-stop -n $NAME
193
+cd ~/.local/share/lxc/$NAME
194
+sudo tar --numeric-owner -czvf ../$NAME.tgz ./*
195
+chown pyratebeard: ../$NAME.tgz
196
+rsync -avh $NAME.tgz user@hostname:.local/share/lxc/
197
+ssh user@hostname
198
+mkdir ~/.local/share/lxc/$NAME
199
+cd ~/.local/share/lxc/$NAME
200
+sudo tar --numeric-owner -xzvf ../$NAME.tgz .
201
+```
202
+* tried this between wht-rht-obj and fka
203
+ * container runs (after adding user gid to /etc/subgid)
204
+ * no ip address though. veth is created but ip4 not given
205
+* check dir/file permissions
206
+ * .local/share/lxc/$NAME = 755 100000:100000
207
+ * .local/share/lxc/$NAME/rootfs/* = 100000:100000
208
+ * .local/share/lxc/$NAME/config = pyratebeard:users
209
+
210
+## example
211
+### setting up multiple websites behind haproxy
212
+* install openzfs
213
+* start lx daemon
214
+```
215
+sudo apt install zfsutils-linux
216
+sudo lxd init
217
+```
218
+* answer questions
219
+* launch containers
220
+```
221
+lxc launch ubuntu:18.04 subdomain1
222
+lxc launch ubuntu:18.04 subdomain2
223
+lxc launch ubuntu:18.04 haproxy
224
+lxc list
225
+```
226
+
227
+[archwiki_setup]: https://wiki.archlinux.org/title/Linux_Containers#Setup
228
+[redhat_guide]: https://www.redhat.com/sysadmin/exploring-containers-lxc
229
+[linux_containers_guide]: https://linuxcontainers.org/lxc/getting-started/
230
+[lxc-users group post]: https://groups.google.com/a/lists.linuxcontainers.org/g/lxc-users/c/r_8Eww6i9tA
231
+[so answer]: https://stackoverflow.com/questions/23427129/how-do-i-backup-move-lxc-containers#34194341
232
+[5]: https://github.com/lxc/python3-lxc
233
+
234
+gollum haproxy log pastebin radicale site stagit znc ftp
235
+
236
+## debian test
237
+* debian 10 (aws instance)
238
+ * 'admin' user
239
+* `apt-get install lxc dnsmasq-base uidmap`
240
+* follow setup (see own wiki)
241
+* building debian containers works well
242
+* ansible playbook runs using proxyjump in ssh config
243
+* attempting to run haproxy in container
244
+* iptables rules for prerouting
245
+ * `sudo iptables -t nat -I PREROUTING -i eth0 -p TCP -d <public_ip>/24 --dport 80 -j DNAT --to-destination <haproxy_ip>:80`
246
+ * `sudo iptables -t nat -I PREROUTING -i eth0 -p TCP -d <public_ip>/24 --dport 443 -j DNAT --to-destination <haproxy_ip>:443`
247
+ * `sudo iptables -L -n -t nat`
248
+ * `sudo apt-get install iptables-persistent`
249
+* haproxy container
250
+ * `apt-get install haproxy`
251
+ * add the following to the 'global' section
252
+ ```
253
+ ...
254
+ maxconn 2048
255
+ ...
256
+ tune.ssl.default-dh-param 2048
257
+ ```
258
+ * add the following to the 'defaults' section
259
+ ```
260
+ ...
261
+ option forwardfor
262
+ option http-server-close
263
+ ...
264
+ ```
265
+ * create frontend
266
+ ```
267
+ frontend http_frontend
268
+ bind *:80
269
+ acl infratuxture hdr(host) -i penguin.renre.com
270
+ #acl anotherlxc hdr(host) -i anotherdomain.renre.com
271
+ use_backend penguin if infratuxture
272
+ #use_backend anotherdomain if anotherlxc
273
+ ```
274
+ * create backend
275
+ ```
276
+ backend penguin
277
+ balance leastconn
278
+ http-request set-header X-Client-IP %[src]
279
+ server penguin 10.0.3.162:80 check
280
+
281
+ #backend anotherdomain
282
+ # balance leastconn
283
+ # http-request set-header X-Client-IP %[src]
284
+ # server anotherdomain an.oth.er.ip:80 check
285
+ ```
286
+* infratuxture container
287
+ * `apt-get install git lighttpd`
288
+ * pull git repo in html dir
289
+ ```
290
+ cd /var/www/html
291
+ git clone https://git.renre.com/infrastructure/linux-patching.github.io.git .
292
+ ```
virtualisation/qemu.md
... ...
@@ -0,0 +1,18 @@
1
+# qemu
2
+
3
+## create vm
4
+```
5
+qemu-img create -f qcow2 <filename> 4g
6
+```
7
+- `create [-f FMT] filename [size]`
8
+ - size is disk image size in bytes
9
+
10
+## install system
11
+```
12
+qemu-system-x86_64 -m 1g -cdrom /path/to/iso -boot order=d -drive file=<filename>,format=qcow2
13
+```
14
+
15
+## start system
16
+```
17
+qemu-system-x86_64 <filename>
18
+```